Blog Entry: 3/25/2006 1:50:15 PM
Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.
If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames
personally though I think that would be a somewhat goofy setup to have going on
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?
As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .
Really, the best thing to do is expirment and see how things behave.
, yes, PM me the encryption and cookie keys if you don't mind.
I can add it to my combinations that cause trouble.
it might help me to figure this problem out.
,
Editing the look of the login page.
In this version editing the look of the login page is very easy.
You can make this login page look exactly like you web site if you like.
You want to edit the "scripts/login_form_inc.asp" file.
It can be edited with any editor as long as the existing bits of server side code in it and the login form remain in tact.
The best thing to do is back it up before you start editing it.
Then if you goof it up you can revert back to the original.
If you edit this page with FrontPage enable the "show all" feature.
Its the little PIE sign in your icons. It will show the server side code as yellow things on the screen so you know where they are and can be careful not to delete them.
see screenshot
cwilliams38448.8132638889, We would like to use some of the variables from the user account in our web pages after they log in (something like, 'hello <user>"), but for professional printout reports using company name and user.
Could you offer some help as to what variable string we use to print that information on logged in pages?
By the way, the program is working great!!!
cwilliams38446.6302083333, I have no idea to be honest, I just like the way it looks 
Good deal on the remote install, just dont pull the old "hangman" move
shutdown the machine on yourself around 4AM. Otherwise you be getting
in the car and going for a drive LOL
, Actually, your whole site is like that.
http://www.bones.myftpsite.net/rfamilystuff/
You should definetly fix that..
I can't help ya with it though. You'll have to figure it out.
I know ya can do it...
later
cwilliams38394.7738657407, 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
Before you even start please read this thread and do what it says.
If any errors show up it is important you see the real error instead of a useless HTTP 500 internal server error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1
Once doing that make sure to use Internet Explorer as you follow along with these directions.
Now, unzip your installation zip file that you downloaded from CJWSoft.
Use a program like winzip and be sure you have it set up to unzip the directories as well. You can also use windows xp's built in folder compression tools to unzip the archive.
When you unzip the application you should have all of the following folders and files. (more or less, it depends on the version)
Now, you can copy all of these files into the root of your website or if you like you can make a folder called "aspprotect" and put all of these folders and files in that folder. Either way it really does not matter.
Now, contact your web hosting company and instruct them that you need permissions set on the data folder that you copied into your website. This folder and all of its child folders need modify permissions set on it for the anonymous webserver account. It is very important that they set the permissions correctly and on all the child folders as well.
Here are some threads on exactly how these permissions are set.
If you run your own server or are developing locally you can do this yourself. If not most likely you need to put in a request to your hosting company as you CAN NOT set these permissions via Frontpage or FTP.
Windows 2003 Server and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=136& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1
Windows XP Pro and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=56& PN=1
Once permissions are set.. run this page via your web browser
http://www.mysite.com/data/setup_info.asp
Replacing the part in blue with your website info.
When this page is run it will report back a screen like so:
Now, take the connection string info it shows you.
Edit the "dataconn_inc.asp" file in the root of the ASPProtect system and use that data connection information. It should be valid for the server.
If you are using MSSQL server instead of Access please see the SQL database creation directions as you will need to create the MSSQL database and use a special connection string for that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=160& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1
Now, take the CookieEncryptionKey and PasswordEncryptionKey info that it gives you and enter it into the "config_inc.asp" file in the root of the ASPProtect system. These will be the unique keys that your encryption will be based off of.
Ok...
The files have been copied to your website, the permissions are set on the data folder, and the database connection is ready.
Now.. run this page
http://www.mysite.com/password_admin/get_me_in.asp
Replacing the part in blue with your website info.
This is a special page we use to get into the system for the 1st time.
If you get a nasty error when you run that page similar to this.
Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
Then parent paths are disabled on the webserver and you need to do an extra step to deal with that. Follow this link.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=162& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1&TPN=1
If you get any other variery of "80004005" error then there is a problem with your data connection.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1
Those errors are usualy related to database folder permissions or an imcorrect physical path to the database file specified though they can mean a lot of things.
Once you get the page running you will see a login prompt and one form field
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see the admin area of ASPProtect.
Now that you are in the system you need to create an admin account.
Click on "ADD NEW USER".. fill out the info and add a user.
You really only need to fill out (first name,last name,email,username,and password)
Now save that user.
You should see a new user listed in the admin area. Click on Edit user to the left of the new account. On the edit screen check the "admin" checkbox and save the user.
You just created an Admin account.
Now click on the "log off" button on the top menu and click yes to log off.
Now close the browser. Then run this URL
http://www.mysite.com/password_admin/default.asp
Replacing the part in blue with your website info.
You should now be able to in to the admin area of the system using the new admin account you created.
You are now ready to go to the settings page so click on the settings tab in the menu. There are a lot of options and paths that need to be set on this page. Every setting is described in detail on this page. You need to go through the page and set things up properly. Anytime the page asks for a path to a url or file the page will auto generate what should be the path to use. (expected path) If your server has parent paths disabled a few of those auto generated paths will not show up. If that is the case run this url from your server and it should tell you the paths to use for those settings.
http://www.mysite.com/data/expected_paths.asp
Replacing the part in blue with your website info.
Once your all done and the system seems to be running fine you should go back and delete the following pages as they are no longer needed and pose a potential security risk.
http://www.mysite.com/data/setup_info.asp
http://www.mysite.com/data/expected_paths.asp
http://www.mysite.com/password_admin/get_me_in.asp
You should back up the original zip archive you got from CJWSoft in case you ever need those files again.
VERY IMPORTANT: The user passwords from now on will be encrypted using the "PasswordEncryptionKey" you specified in the "config_inc.asp" file.
If you ever change that key all of your passwords will be invalid and you can not get them back unless you know the key and put it back, so plan on never changing that key unless you really know what your doing and know how to decrypt/re-encrypt the passwords using a new key. (something we do not cover at the moment but probably will when we have time to make a tutorial)
, I finally spoke with someone who knew what I was asking for and they set the rights and all is fine.
Thanks for your help. Wish all business' had customer support like here
, the txt file is only lke 624 kb...so I'm not sure, What other information do you have ?
Details are very important.
Info on situations where it works... like OS, browser version.. etc etc
Info on situations where it does not work... same stuff
size of the PDF files ?
server info ?
Maybe protect a page and offer a PDF file so myself and some of the forum users can try it and report back what happens.
Also, Many people zip up PDF files when letting people download them as browsers can act pretty odd at times with them. Perhaps that is an option.
, Sorry, I can not provide a date.. I am last person that is organized enough to give any sort of release date on anything.
Could be next week, could be 2 years from now. I made two add-ons this week and they came out of no where. I had no plans to make them. etc etc.. they just happened.
If I told you 2 months from now I know it would not be done and you would be disappopinted so I am not saying anything. I will say if it turns out to be anything complex it will not be a free mod or it will be a feature of a new version., Hello,
As I have my site hosted by a web hosting company (1and1.com), I want to make sure the ASP Photo Gallery software runs correctly before I buy. I am not sure about whether or not they support parent paths because I can find nothing in the online faqs. But, I have two other ASP apps (Forum and News from Web Wiz) running on the site, both connecting to Access databases. I remember having problems initially setting these up because I kept trying to use paths like ../db/wwforum.mdb like I would normally do when referencing images or pages in other folders.
Anyway, here are the database connection strings for the two apps. The first is for the Forum, which is at /forum/common.asp connecting to a database in /db/wwForum.mdb. The second is for the News, at /news/common.asp accessing /db/news.mdb.
'Virtual path to database
strDbPathAndName = Server.MapPath("/db/wwForum.mdb")
'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("/db/news.mdb")
Thanks for your help, hopefully I'll be setting up my new galleries this weekend!
- Jason
, thats not good.. its a web server configuration issue of some sorts ?
post is a common method for forms.. if it is not supported it is something you should ask the server admins about.
Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?
ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
http://support.cjwsoft.com/code/moreinfo165-1.htm
My guess is your web server is running Apache Unix or something like that.
, After a user edit his information (name, email, etc), the session variables are not updated. In the user_area.asp
page, I "Response.Write" all the session variables, and they are still
showing the old information. I tried refreshing the page but to no
avail. The only way to update the display is to log off and login again.
please help.
, re-edit the banner to ensure your change was saved..
if it has been written to the database thats good.. if not it is a data connection issue most likely..
if it did get saved... though it usually should not take time to apply it make take up to an hour for the change to take effect in the actual banner rotation.. give it a little time, alternate databases are right here.. the documentation clearly links to this, its really not difficult to find
http://support.cjwsoft.com/code/moreinfo164-1.htm, How do I customize the validation email that is sent to users when they first register?, Hello,
no default setting for something like that... what your thinking about doing is on the right track I'd say
, Send email to users that are soon to expire:
What Format should be used for dates and does international friendly dates affect the date as used by the reminder ?
Am having serious problems with renewal notices and expiration dates.
All member sign ups are for 1 yr., yet new members are being sent
renewal notices.
Does Paypal use a different date system or has does
Paypal have nothing to do with Subscription dates?
, The Double DIM needs to be removed for this code to work properly.
<%
Dim BannerZone, BannerConnectionString, BannerDatabaseType, ConnBannerSystem
Dim CmdCheckUser, CmdGetConfiguration, App_Name, Config_SQL, BodyTag, BanDataConn
Dim CmdBannerTemp, CmdGetZones, ZoneString, ZoneArray, ZoneIndex, CmdUpdateWaiting
Dim CmdUpdateExpired, CmdRetrieveImpLimitedAds, CmdRetrieveImpressions
Dim CmdUpdateImpHit, CmdRetrieveAds, CycleBannerTotal, CycleList, NewCycleList
Dim Dim LoopBanner, CycleLoop, CycleListArray, CycleListArrayIndex, BannerCycleData
Dim Banner_Array, CurrentBanner, NewCycleListArray, Banner_Array2, LocationIndex
Dim Stop_Processing, Keep_Processing, CmdUpdateStats
%>
, ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.Data.Odbc.OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. |
Stack Trace:
[OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.]
Microsoft.Data.Odbc.OdbcConnection.HandleError(IntPtr hHandle, SQL_HANDLE hType, RETCODE retcode) +27
Microsoft.Data.Odbc.OdbcCommand.ExecuteReaderObject(CommandB ehavior behavior, String method) +838
Microsoft.Data.Odbc.OdbcCommand.ExecuteNonQuery() +80
aspprotectnet.aspprotectlogin.Login_Click(Object sender, EventArgs e) +2284
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEven tHandler.RaisePostBackEvent(String eventArgument) +57
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain() +1292
|
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
I am getting this error message when trying to log in as admin or registering a new user. I am using Windows Server 2003 and it is a DOMAIN CONTROLLER.
I have read that there is NO ASPNET account for a domain controller. In its place is the IIS_WPG account. I have given this account and the IUSR account FULL CONTROL.
STILL GETTING AN ERROR. ANY SUGGESTIONS???
, Just got back 10 minutes ago..
Missed plane yesterday because of traffic and the flight today was 3 hours plus 4 hours of driving
The fact that you are using Server 2003 is not relevant. I am very familiar with it and all my sites run on it.
The ASPNET account will be there by default once the .NET framework is installed. It won’t just show up in the list, you have to search for it like my article mentions.
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp
That error really means exactly what it says. You have to give that account permissions correctly. , Cool.
Well I'm in the middle of uploading the txt file and it's about half way done and sitting there...so I'm keeping my fingers crossed.
, You cannot use server mappath in the connecting string of the application. If you want to know why read my article.
http://www.powerasp.com/content/hintstips/physical-path.asp
Make your connecting string just like in my example.. do not use the oledb connection string either as it will cause other problems.
If you need to find out the path to the mdb file you can use server.mappath to get that info but do not put server mappath in the connecting string. See my article again.
then if the database folder has proper permissions and the path to the mdb file is valid it will work... otherwise you get useless errors, its really that simple.
You also may want to download ASPTest from www.cjwsoft.com it is designed to show a person how to setup a working data connection., Your assumption was incorrect.... the login count has nothing to do with that. The login count only has one purpose and that is to limit the amount of times a user can log in if you want to do that.
Logging in for the 1st time means the time at which they 1st login and their session at the site is created... If there session ends and they come back and login they will get redirected because it will be the 1st time again.
Forms Based Authentication is all about sessions and session variables.
If you only want them redirected somewhere based on the login count that is something you have to work out and check on your own. It's very doable.
Seems like now I should have explained that better but I never thought anyone would think it meant what you thought., Two things you can do to test..
make sure there is at least one ".log" file in that directory.. then if you go to the log file screen and it does not show up in the list the physical path you are using is just not correct
remember the physcial path must contain a drive letter (sometimes a network path starting with // is ok if they have it setup as a network drive)
the other thing you can do is use this script to try and write a simple text file in the directory
http://www.devasp.com/samples/writetofile.asp
That will show you if permissions are correct
, Yeah, its working great witht he Access database. Now I just need to get it all set up. I like how the config file is set up with all the comments, it really helped allieviate the 40k thumbnails,
.
One quick question though, and I haven't looked through all the code yet... Is there a quick way to have pic_window.asp open full screen by default? I just want to minimize having to either scroll through, or maximize, the screen
Thanks!!!
- Jason
, I assume you mean 500 pixels wide
no.. because you cant reliably tell a pictures image width without an image resizing component to look it up.. asp can not do things like that on its own
serverobjects has a free component called "imagesize" that can do it as well but you need access to the server to install the component
http://www.serverobjects.com/products.htm
so if you cant do that with regular asp code you definetly can not stop the upload proces because the picture is too wide..
heck, that would be nearly imposible to do regardless.. even with the best 3rd party components at your disposal
even with an image resizing component you would have to allow the upload.. then check the pixel width.. then delete it.. tell the user what is going on...etc etc .. all a very complicated process
, I would look on the pictures folder on the server and see what is there for pictures. Also, when you see a broken X on the site right click and see where it is trying to get the picture from and what the pictures name should be.
I would also be sure to clear out your temporary internet files in IE. clost and restart all browsers..
maybe show me the site ? so I can see this happening ?
cwilliams38348.9748726852, I have just started to move my sites to a new dedicated Windows 2003 box. I have parent paths enabled, SSI turned on but I still can't get ../ to work with server side includes. Everything I read online says that I need to turn on parent paths but again, they are already turned on.
The hosting company where the server is located can't tell me anything, they just say that that is the way it is with Windows 2003. I don't buy it!
Can anyone tell me anything on this issue to help enable the ../ for serverside includes?
, The application automatically generates all the code for you for each method of calling banners. It does this on the zones screen.
If you are using flash it also possible that the actualy flash file is what is causing things to slow up.
It really all depends... it could also be server resource related
using sql server or access.. ? etc etc
all important details
cwilliams38362.6615972222, This is the 1st time anyone has ever told me they had any issues with the import process so I need more detailed information.
What upload component/method are you using ?
Are you using an image resizing component ?
Have permissions been set on the import folder ?
And lastly..
Can I see this happening ?
If not please put it on a live server where I can troubleshoot it for you.
Like we say on our site.
In some cases in order to receive proper tech support your application will be need to be installed on a live server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine. We also may require access to your server in order to troubleshoot any issues.
cwilliams38394.7298263889, Just an update,,,
the permission were all correct.... i left it and tried from my pc at work and it works fine... so i dont know what hahhpened.... thansk for your quick response
regards
Domenic
Sydney, Australia
, Which page should a user see next after completing a Paypal transaction? Where do I set that?
Nick
, Not sure because of the nature of the javascript method
for starters tighten up the html around the banner call
change
<tr>
<td width="460" height="60" align="center" valign="middle" class="imagead">
<!------- ASPBanner Ad code ------------->
<script language="JavaScript">
var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.nababaseball.com/aspbannernet/aspbanner/injectban ner.aspx?BannerZone=1&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script >
</td>
to
<tr>
<td width="460" height="60" align="center" valign="middle" class="imagead">
<script language="JavaScript">
var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.nababaseball.com/aspbannernet/aspbanner/injectban ner.aspx?BannerZone=1&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script >
</td>
If that doesn't help I would suggest using the ASP 3.0 version of ASPBanner. It can serve banners to a any type of page extension and it runs just as well as the .NET version. There is a new iframe method for calling banners that you can try instead of the javascript. The iframe method is explained in the ASPBanner Unlimited section of the forum.
cwilliams38150.6443634259, Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
, If I also password protect the pricelist pages then someone will have to login twice.
nobody should have to log in twice... ?
session variables keep track of access... once your in - your in and you can browse to and from any password protected pages you like
If it is making you log in each time then cookies are most likely disabled.. session variables requires cookies being on to work.. cookies being on is a requirement of aspprotect and is how Formed Based Authentication works..
let me know if that is the issue there...
you shouldnt have to be logging in more than once per session
Thats the whole point of the application...
, Also, I notice you are using iframes to load the banners. That is probably your issue more than anything. That browser probably does not handle them well.
Possibly try other methods of displaying the banners and see what happens. The XML parser is usually one the best methods to try as it will output just your banner code straight into your html. , it is an email server/setting issue most likely
your email server probably requires outgoing authentication or something like that and that is why internal emails can be sent to but nothing else
its something along those lines
this will help you see the real error instead of the generic 500
http://support.cjwsoft.com/code/moreinfo11-1.htm
, Could be a mod I guess - it would be nice to have an option on the admin settings page to lock down access of all pages and redirect to a specified "lockdown" page upon attempted login.
If I'm updating the large files on the server and someone attempts a download, they'll get a partial ZIP file or an error.
,
Timecard Entry: 3/25/2006 1:50:15 PM
Checked some of the expireds. , go over changes for web si with tom- basta, snyder, genealogical services, whites lumber/
Widreick services- kelly sign up for bess/ , hosting billing, 3 miles back to office, Working with lisa from nnybe trying to help her figure out how to edit new web site, Developed power point for WAN jobs including Wireless, W2's, insurance and other paper work in Clayton, tech support supv. helped techs, dsl stuff, emails, callbacks and follow ups, voice mail, no dial up issues, ask us a questions, we had password server go down a few times called andy and got back up little after 10pm asked nate and joanna to stay on for a few and they did. All happened from about 8pm to 10+ pm ., maintenance work on Linux servers at Community bank building, Checked all issues, e-mail, radlog., added ftp login for ogdensburgny.com web site, Watertown- Clayton, prepare for GYMO demo, **worked on Agency Ideas. got error checking stuff involved (password, and username) with redirects. also got most things to store in database, Jim Snook, lunch, Backing up servers. Entering in domains. Figuring out how to do domain fowarding., Traveled to Pepsi plant in Ogd., logins / email setups /voice mail, Reading and responding to emails, assisting IMC Consultants and creg systems resolve their ISDN dial up problems since the storm.....I must have talked to at least 10 different business customers about getting connected again...all they need to do was reboot their computer/router, techsupport supervisor duties, steady tonight, qlight, dial up issues, radlog, ask us a questions, voice mail, callbacks expired users, new user callbacks. Emails and follow ups. caught things up well , Weekly Report, payroll, HELP PETER FROM CFM FOODS WITH FRONTPAGE ACCESS PROBLEMS, ATM / font errors -, CRispen found some further refinements to the presentation graphics that needed to be addressed., answered tech related calls. checked and called on rad log, online issues, and voice mail., Lowville # has been down since
yesterday sometime, but no one
bothered to send a msg to the techs., Did my routine checks that I normally perform in the morning. ,
