Blog Entry: 3/25/2006 1:35:46 PM
ok, aspprotect does not use a global.asa file
I would start by looking there and seeing what is going on ... with line 33
I dont see how it could be related to aspprotect in any way
Global.asa files fire on their own and what they do depends on what code is put in them,
Thanks for your rapid responses, your support is excellent!
It may be best that I stick with html then. You mention that is stresses the Version 7 software, would the unlimited version perform any differently if I use multiple zones?
Also, if I do go with a single zone, would either program be able to make sure each banner is unique, or would there by duplicates for each page view?
Sorry to post so many questions in one day. , In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it. cwilliams38306.6367708333, IT worked just as cwilliams said. I did see the IP address being stored in the table but it didn't dawn on me that it was tied in to the view count, I tried it from a different IP address and it worked great .
Good coding Christopher
Thanks
John , Actually it is my own server (retired email server from my employer). I will check out the documentation again. I DID read that part, but didn't understand it enough. I'll dig deeper. Also my box has 2 CPU's, hence the $125 for ASPImage..., Protecting ASP Pages
To protect a page without using the Access_Level or Groups feature simply add this code to the top of that page.
Put this under the <%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.
The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp
Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in.
An example of doing this is provided in the "default.asp" file included in the root of the Password System.
Look at the source code with a text editor to see the working code. It is quite simple.
Protecting ASP Pages Using Access Levels
To protect a page using the Access Level feature simply add this code to the top of that page.
You simply specify the Access Level before the include file is called. In this example we are protecting the page with Access Level 4.
Put this under the <%@ LANGUAGE="VBSCRIPT" %>
<% CHECKFOR = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.
The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp
Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in as a Level 4 user.
Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System.
Look at the source code of the ASP pages in that folder with a text editor to see the working code. Again, It is quite simple to follow.
Protecting ASP Pages Using Groups
Please see the code generators in the admin are for the code to do that. cwilliams38403.6864351852, Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO , Glad it is working.. for anyone reading this the customer bascially did this
http://support.cjwsoft.com/forum/forum_posts.asp?TID=36& PN=1
That being said asp photo gallery actually has a few more places that send email that you going to need to modify as well. Off hand the reply to album, admin massemail, admin send email,and postcard features come to mind possibly as 3 of them.
using a multiple file search and replace utility like ReplaceEm would be the easy way to do all of this in one step and find all the instances
http://www.orbit.org/replace/
cwilliams38420.4424537037, Perfect. Thanks buddy :) eeye38433.0629976852, Are you reffering to the number of the left of the users name in admin.
I thought it was a counter at first but that number only displays the number of albums they have set up. , Right, I've done that. My concern is that it will time out again while I'm trying to import the file.
The import/export manager does not show up under the users tab when I log in normally. I have to pull up the page in frontpage and then preview it a browser to get it to show. , Parent Paths ?
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1
, I think I've got it to work somewhat. I modified the 2checkout1 & 2 asp file to use and pass Product_id. It now identifies the product correctly. I'm good fo now. Thanks for the info though.
-Jason , yes, any page you want protected needs to be edited..
You can probably have a login box on a non protected page. Just copy the generated source html form code for the login box of a protected page. Then put it on your non-protected page, but change the action to the page you want them to log in to.
In other words go to a protected page. See the login box, view the html browser source and use that to make your login form on the main page.
I have not tried it with .NET but I am pretty sure you can do it since it pretty much works the same as the classic asp version of ASPProtect.
try it.. see if it works.. If I have time tommoro I will test it out., So do I just replace the four folders that came with aspprotect with the four (in my case domain directory) folders in the patch or just move the files?, I purchased the photo upload software and it all works fine, except when I
try to click the categories I've created on the home page they don't show
any of the albums I've created and designated as that category. I went to
one of the example sites at http://www.minnessota.com/users/
place_new_album.asp?CatAdValue=
and it works fine. When you click Photos(40) it takes you to the 40
photos. I'm sure it's some setting I missed or something simple. Could
you email me back soon and let me know what to do/try? Thanks. ,
grrrrrr
As far as the users thing... my fault that was setup wrong in the settings of the admin login page.
but still dont have a solution for what im trying to do , I have multiple zone banners displayed on a single page using the AspHTTP Component Method.
However, in IE 6.x and NS 7.x each banner has some text displayed before it similar to:
HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Fri, 17 Sep 2004 07:15:12 GMT MicrosoftOfficeWebServer: 5.0_Pub Connection: Keep-Alive Content-Length: 229 Content-Type: text/html Set-Cookie: ASPSESSIONIDAASSDQBA=HAICCGCANEBEPANCDHLHJJGC; path=/ Cache-control: private
This text does not appear when using Netscape 4.x cwilliams38325.741099537, Permissions and Folder Locations
By default and to keep things clean we store everything in folder called "data"
That folder then has it in 4 sub folders
database (where the .mdb and temporary .ldb files are handled)
export (where the aspprotect export files are saved)
logfiles (where the aspprotect logfiles are saved)
user_pics (where the user pictures are saved)
Doing it this way makes it very easy for a system administrator to right click on one folder and set permissions for that folder and all of it's child folders.
Now, that being said.. you do not have to use these folders.
For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.
You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.
We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs. cwilliams38403.6837962963, It a generic error that means something is wrong with your data connection.
http://support.cjwsoft.com/code/moreinfo27-1.htm
http://support.cjwsoft.com/code/moreinfo136-1.htm
, I checked the SQL table and had 1 banner with no zone ID. I added it in
directly through the SQL interface and now it seems to be ok., Hi, I have not gotten anything from you about it.
click on the PM button below and send it that way through the forums.
Thanks , You cant do it from initial lohin, but you can do it from the time of registration signup.
http://support.cjwsoft.com/code/moreinfo170-1.htm
As for the emailing thing it is most likely an email sending issue more than a code problem. For example spam filters incorrectly grabiing those emails or something of that nature..
Best thing to do is try different things for emailing options until you get something that works. I suggest using CDOSYS with a real email server and using a valid email account for yourself at that email domain. SMTP authentication if necessary. This will ensure the emails sent have valid MX records and dont get treated as spam.
, Hi,
I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.
I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?
Thanks
S eeye38447.0388541667, I have been using this solution for over a year now and think its great, however I recently logged on to add a banner and when I clciked on the link that opens a window, displaying all the gifs in the directory../images/banners/, now images showed up, however they do exist in that directory.
I recently upgraded my computer and am now using windows XP...could that be the problem?
Thanks
, [QUOTE=cwilliams]
It should be released sometime late May 2004 or early June 2004 but no gurantees as I am pretty busy right now with some projects.
There will be upgrade instructions and it should be a fairly easy upgrade.
[/QUOTE]
Like I said no guarantee... I have a lot of things going on... it might not even be finished till the end of July... customers will always be able to get it for the difference in price
You have the version listed on the site when you purchassed it.
Version 3.0 cwilliams38167.6469328704, There are 8 Access Levels by default.. they work like this.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=166& ; ; ;PN=1
Access Levels exist in ASPProtect Version 7 for backward compatibilty for customers using previous versions.
Truth is Groups are the replacement for Access Levels and they are much more powerful and flexible. You can also make as many of them as you want in the admin area.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=167& ; ; ;PN=1
On a side note:
We also coded ASPProtect Version 7 so there could technically be as many access levels as you wanted. It's not supported but if you really wanted more Access Levels you would carefully add more Access Levels to the drop down choices when you edit a user. "edit.asp"
I don't know why anyone would want to use Access Levels however when they can use Groups.
cwilliams38433.5546875, One problem that is appearing is that in the admin section, in the users.aspx page, only one user is showing up when there are in fact 9 users. Also, when I click the edit user or email icon, the page does not go to the edit screen, it remains on the same page.
Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile. It could be due to the fact that the rest of the project is in C#. Or it could be due to some other factor in ASP Protect. , that erorr in no way means what it says.. it is just a generic error because something failed.
if you want to PM me info on how to get into your site and I will take a look.. I don't think it is something that can be figured out otherwise especially when you are not telling much about what is going on. There are a lot of factors and settings that are relevant. , You can also try setting asphttp's user agent property to some browser version like in this example. It might stop that info from showing up when it fetches a page from the server.
<%
Dim BanObj1Http
Set BanObj1Http = Server.CreateObject("AspHTTP.Conn")
BanObj1Http.UserAgent = "Mozilla Compatible (MS IE 3.01 WinNT)"
BanObj1Http.Url = " http://banserver.powerasp.com/aspbanner/aspbanner_inc.asp?Ba nnerZone=1"
Response.Write BanObj1Http.GetURL
set BanObj1Http = nothing
%>
Also... I dont know if these values below will work but I got them from looking at my nt logs.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
And here is more info on the asphttp component and it's settings.
http://www.serverobjects.com/comp/asphttp3.htm cwilliams38248.6481365741, I downloaded v7 3/7/2005
I entered a password that was supposed to be all caps with only first letter caps.
it is odd, if I go to other user and enter wrong password that does not come up. it apprpriately goes to a screen that says Access Denied.
thx , Just as an FYI, I found the problem. FP2003 has an "Optimize" feature that removes so called not needed spaces and comments from the pages. It also completely screws up .ASP code.
I turned off the optimization feature and all the pages I was having problems with worked. However, I would still recommend not using it too! , the following error message appears, but only when attempting to log off. all other parts of the program seem to be working.
[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0xa04 Thread 0xa38 DBC 0x21ff024 Jet'.
, The pages in the ASProtect Full version that have emailing code in them are as follows.
password_admin/email_user.asp
password_admin/send_mass_email.asp
users/add_new_account.asp
users/email_password.asp , Understood.... can you point me to a place where there are other methods of calling banners? Do you mean not use Flash? I am new to this and will need some pushing over the cliff!
Thanks
Dave , You not getting a blank page.. you getting an error. You just can't see it because it appears you edited the page background to black.
error '80040211'
/aspprotect/scripts/emailing_subs_inc.asp, line 174 , Makes sense to me. I used the ASPProtect_access2002.mdb supplied.
(I am using 2003). Only added more names and other personal info
to it for test. Uploaded the amended db with FTP. This did not
restrict someone not listed in db from logging in.
Would each individuals' information need to be added to the code in
order to have it check the database first to find out if the person is
authorized to view?
Part of the problem is I dont know which ASP page or script links the
db to the rest of the web, or how one page relates or links to the
other.
Sometimes I wonder if problems I encounter originate with the server.
Thanks for patience.
, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296, If you have messed up the admin account or forgotten the admin password you generally should open up the database manually and add a new account or see what the old account is.
In version 7 however you have another option. Go through the installation instructions again. Specifically the part where you use the "get_me_in.asp" page to get back into the admin area by pasting in the password encrpytion keye you are using from your config file. ,
Timecard Entry: 3/25/2006 1:35:46 PM
Took a new signup. Customer ended up calling back 5 minutes later because they needed more help, Trouble shoot FPSE for agency ideas, Checked Email & Voice Mails.
Printed Daily Modem / Backbone Reports.
Reviewed & Printed Schedules.
Reproduced electronic copy of TIC comparison (6 pages). , Flash for River Road Partners, trying to figure out fishercast ISDN problem... all set, Long talk w/ Nancy @ Cortland about Expired listings on Hotsheet and the "Quick Search" option, Meeting with Paul, Mark G., and Chris W., Telephone conference with Paul Barton and River Road Partners, s/w jean on getting conduit agreement in email - to get from james slavin and will forward upon receipt. s/w carol on new century electric - wrote po's. s/w p. klopp-received fax. original exhibit from peg sent to george and copy filed. po's approved for nortel and supplies. po for new century revised signed and sent to clayton. email to ct and mb on ryder po - waiting for invoice. messages. updates to tasks for meeting and emailed., Meet w/Peggy about project deadlines., Working on SOftMLS2 CMA and also export files for Pocketrealestate invloving the Palmpilot, Email and VM, to Staples, Manning NOC. Resetting open modems. Busying out a card on total control for a complete reset of the card., Reset microcom modems., everydaydad.com: identify and troubleshoot site admin problems/process for Paul Currier, Clayton to Wtn office., answering techs emails and company email (Lisa and Amy domain questions), shasta, lunch, travel back to clayton, MEET WITH Paul
, company picnic at Wescotts Beach, Billing calls, switchboard, Talked to Chris W about his work on realtor.com uploads for Catt Co and ODMLS, entered A/P invoices, sorted and opened the mail, po for seth, lunch, lunch, **OVERTIME APPROVED BY JIM***
Had a couple calls... got a save on an expiring user that called in. Checked dial up issues and responded to a customer's email that was sent to me.,
|
