Blog Entry: 3/25/2006 1:47:52 PM
I am having problems with a password a user wants to use. He wants HANNAH. When he (or I) try to log in with his username and password, I get a syntax error -
Syntax error in string in query expression '(Username = 'changedforsecurity') AND (Password = ' éG'.
pathOnComputer../1protect/check_user_inc.asp, line 114
I've obviously changed the username and the server path in the info above for security.
I have not messed with the encryption.
What is it that the system doesn't like in the word HANNAH as a password? I would just change his password for him but this guy has enough trouble just turning the computer on! Confusing him with a new password would take weeks to set him straight.
Thanks,
Mick
, That is by design and how it is designed to function.
There is no easy way to do what you are asking about.
Can it be done ?, sure!!
But it is a lot of custom coding to sort it all out and not something we support.
If I were you I would simply edit the login box screen to show some hyperlinks and options should a person need to use them. ,
All fixed... I changed the remote server from localhost.omegaphibeta.net or whatever it said there to localhost
I sent a test email to myself and got it no problem
the error you were getting was email component related , the reason being is because when I do installs I do not touch any of your existing content. I only install the base application and make sure everything in it working correctly and also that the example protected pages are working. I do not integrate it with your existing site or edit any of your existing web content. That is up to you
sorry about that, but it would be way too time consuming and editing people's existing pages is a good way to cause a lot of headaches for me and the customer if something goes wrong. Not only that but everyone uses the system differently and it wouldnt make sense for me to be the one doing that based on access levels, groups.. etc etc which will all be custom to how you want things set up.
more on installation policies here.
http://www.cjwsoft.com/installation_service.asp
, That helped very much. Thank you. Hope you enjoyed your dinner., That would be great.
I am sure you know that many virus that are sent via email have the same property. (double extension). The code can be executed even though Windows identifies them as simple text files etc.
Thanks again
, I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=49& PN=1
Jeromy, You should have access to that page.
, >>1. What is telling paypal to return the info to the ipn.asp page for
processing? Is that something I have to set up in my paypal
account?
Nevermind on this question. I found the notify_url variable. :-\
Thanks,
Michelle
, Sorry, not really.. not without a lot of changes to the code.
the recent activity info recycles.. it is not meant to be day by day
My suggestion there would be to look at both the log files and the user activty screens...
, I am trying to import a file, and I get this error:
Microsoft VBScript compilation error '800a03f9'
Expected 'Then'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
-----------------------------^
Any suggestions on how to fix it?
Thank you.
, Is the user ID case sensetive? In my case I use the user email as the login ID.,
I have a quick question...when a user signs up I have a drop down menu for Company name and they have a choice of branch selections. Everything works fine but when the info is saved in the database there is some sort of conversion to lower-case...?
Original drop list selection:
Winston Salem, NC - (XXX/XXX) - original
In the database (access), some letters are lowercased now...why? anything to do with the period, , or - ?
Winston Salem, Nc - (xxx/xxx) - what is saved
, If it stopped working it has nothing to do with the ASP code. YIf could have stopped for any number of reasons as hosts often change email server requirements and info. You need to go over the email settings. Of course make sure you and the person you are sending to have valid email addresses and try different methods/settings until you get emailing to work again.
Testing it by sending emails off from the users screen.. in each email type in what you are trying at that time so you know what worked if emails make it through. Also, be sure to check junk filters when testing to make sure the emails are not being put in any of those.
That's what I would do. CDOSYS is always your best bet for sending emails as it has so many options and all new server support it. , Ahhh, I see it, thanks that was the ticket.
, This first one may be an obvious one, but is it only .asp files that I can protect as in no HTML files.
Can the program be set to protect my whole https directory contents (though the answer to the last question may have bearing here - there are html files as well as .asp in there) as in http://secure.mydomain.com
Thanks in advance
, ITS WORKING
...I have earned a beer (dont tell anyone im underage) 
, Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properlly.
The way to cure it are as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
, far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything
once thing to be careful about
If you log in.. then log off... then go back to a page and do a refresh... you may in fact be reposting the username and password from before.. thus logging yourself right back in
Perhaps not.. all depends on what your doing... but it is something to be careful of when testing
cwilliams38341.7390509259, Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111, I have written asp.net application pages- obviously i knew what viewstate was, or else when they made a mistake on that page it would not have saved their filled in info. Same thing for after they submitted, when they hit the back button their info would be gone.
For someone who wrote this software it seems you are not able to do simple things. Im begining to think you didn't write it. The only reason no one else asked this many questions is possibly because they didnt NEED the functions i am TRYING to do.
I know how the log boxes work. Esp. reg ASP... they all allow you to enter your username and password and then when you hit submit it gets verified and transfers you to your destination. ASP.NET has that capability also.. i didn't purchase a program to go and have to re-write it in visual studio. It would take me longer to re-write YOUR code than it would to have LEARNED ASP.NET and made MY OWN.
The program seems to have some great complex features, however, your not able to incorporate this easy login from a diff. page function... fishy
, Is there any way to make the ads in ASPClassifieds end on a day of the week. I would like all of my ads to end on Sunday night and was wondering if there was a way to automatically do that in the database??
Thanks
Dave
, Chris,
I have had a couple of users log out of the system as they are supposed to, move to another computer and not be allowed to login because of "they are currently logged in using another IP address" when in fact they logged off properly. Is there anything that they should be doing differently?
Thanks,
Jess
, Javascript Popup/Pop Under Generator
Until I have time to make one I suggest using the one on the banmanpro support site as it is pretty nice.
Just dont use option 2 on that page as that is specific to banmanpro
http://www.banmanpro.com/support/popupgenerator.asp
cwilliams38291.614849537, Hi,
I basically explained how I thought that might work here where I went over everything I could think of and suggested you download the free version and see if you could get it working
http://support.cjwsoft.com/code/moreinfo488-1.htm
The part about using the alternate scenario involving querystring info from a url.
I have never done anything like that and that is why I told you what I knew and suggested you try it with the free version...
, you actually dont touch any of those
UploadDirectory = CmdGetConfiguration("UploadDirectory")
They get set from the config table in the database which gets edited in the admin area.
so...
I am talking about the settings area in the admin area of the applicaton.
Every setting there is descibed in detail. You get there and change serttings there via the web browser and by logging in as the admin.
Log in to the online demo as admin and check out the settings area if you are confused.
http://www.aspphotogallery.com/demo_pro.asp
,
Hello,
I want to create a user for my manager. This user should be able to see
all statistics (Reports) and all (Banners). But, he should not be able
to edit anything.
How can I create the type of user described above?
Best regards,
Mohammad Al-Mohsin
, Okay, I'm going nuts trying to find that settings screen.
I've got a dedicated server that I connect to using "Remote Desktop
Connection" so it looks like a regular Windows desktop. It's running
Windows Server 2003.
There's a program called "IIS Manager" but I've looked at all the
options for all the different sections and I don't find anything that
looks even remotely like that screen. And, of course, Windows
Help is no help at all.
What program do I run to get to that configuration screen?
Thanks,
Robert Gidley
, Hi there,
Well, that is why we added the PayPal subscription pack where all of that is taken care of and customers get put under a recurring billing cycle.
The more people you get to pay that way the less you have to do.
We also have routines for the two other supported payment methods so people can look up their account and add time to it whether it is active/expired or not.
Other than that, yes it is something you need to sort out on your own based on how you want to run your system. You have the source code and the sky is the limit on how you want handle all of that. You send out an email to users about to expire. Whether they come back to the site/look up their account and add more time to it is up to them. I really just do not see any way ASPProtect could handle that whole process automatically.
As for batch changing to users in the database. We give you the source code and we also use an open database structure. You can run any query you want on the database whether with ASP code or directly in your database using the tools that come with it, You can write any code you like to do whatever you like to the database. You can even tie other systems and code into the database via OBDC and manipulate data. The sky is the limit like I said. I also don't really see how batch changes to the database relates to individual users paying again for access or not especially since we include payment pages were a users can look up their accounts and pay for and add more time to it automatically ? At least not regarding the payment routine we provide support for.
ASPProtect can not handle everything every person would need to do. It is meant as a solid starting point for any project, but there are going to be times when more functionality will need to be added by the customer based on their specific needs.
, Password Retrieval System
I'm trying to setup the email functionality and have the following settings:
Email_Component : CDOSYS (Using Remote Server)
Mail Remote Server: the smtp server in my Outlook account
Use SMTP Authentication: Checked
SMTPUsername: the email address in my Outlook account
SMTPPassword: the password in my Outlook account
Email Notification: sales@tradersreports.com
But I get this when I send the request for via missing password info.
CDO.Message.1
error '80040213'
The transport failed to connect to the server.
/aspprotect/scripts/emailing_subs_inc.asp, line 174
This is running on Windows 2000 server.
Any ideas?
Warren
, Haven't gotten to it yet. I do know there are a few customers using it to edit the app and said it was not all that different. Maybe they will chime in with some tips., Hi,
Actually that is not a feature at this time. Only the admin can add an image for user. If you look at the code for that you could adapt it for individual user use fairly easily provided you are decent with ASP.
That feature will probably be added some day, but there was no time to add it to into the current version and I can not give you a time on when it will be added. The complicated part is making some sort of approval process in case a user adds something undesirable and also limited file sizes which is hard to do without somesort of 3rd party uplaod component being involved.
, Yes, that worked... 
, I downloaded the skins, ftp'd them to the skins folder and can see them in the list of available skins. No matter which one I try to apply it keeps solid_color_black.
Al
, Then, you would have to add those users to the aspprotect user database. You would do so using the built in import/export features of msaccess and being very carteful about it. It is not a process we support and the technique used would be unique to any situation. Its basic database work though but still you have to be able to do it.
ASPProtect uses its own user database and you have to use that database. ASPPortect can not authenticate users using some other existing database.
Does that make sense ?, not sure, I havent used 2005 yet
seems like the process should be fairly similar.. you'll have to figure it out
I am going to order a copy of it., Does emailing work under the simplest scenario ? (directly from the users screen)
Thats the way to test it..
All that error means is whatever reason the settings you have chosen are not working. It could be the server. It could be what you chosen. (and yes I realize your pop info from outlook should probably work with the settings you chose)
Whenever I do installs I often have to try 3-5 different emailing scenarios before I come across one that works.
Each time making some changes and sending out test emails from the users screen until I get somewhere. Often time getting a working example of how your Hosting Company wants you to send email from ASP is the info to get your hands on. (what method and settings)
In this case they may have blocked the usee of a remote server and want you to use some other settings for sending email from asp. A lot of times they put that info in their help system.
If I were you I would start by trying the other two CDOSYS options for starters, and then try the remote server option again but using "localhost" as the server, if none of those work consult your host for example code and settings to send email from asp. If you still have no luck I can help for sure.
Realize too when testing the emails may take a bit to arrive. A delay of sorts. Best to type in a quick note about which method you are trying in the email text. That way when you finally get one delivered you'll know which method worked.
, 1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another? I am asking because there is only one table in the DB, and it is the "Users" table. So I am presuming that there must be other databases that are linked to the DB. Is this correct?
2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software? I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of.
, did you read what this thread says about that session variable for groups not be created by default
you have to add code so it sgets created before you can check it... this thread talks about that, After turning off the friendly errors, here is the detail.
Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/users/register.asp, line 16
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
ANSWER:
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&K W=Disallowed+Parent+Path+
lancem38310.6408101852, I just installed ASPProtect on my site. The instructions were definately on the target. Very very good instructions.
But... Isn't there always a but ???
I needed to setup my site with MS SQL and it is hosted so I don't have Enterprise Manager. I tried the web based Enterprise Manager and any other one I could find. But, I kept getting errors when trying to use the SQL Script.
I finally had to go back to my work where we do have the licenses and get an SQL Admin to use Enterprise Manager to run the script and it worked finally.
I don't know if this is a common problem ??? But, maybe you would want to look at the SQL Server script or make a different version that would work with the Web Based SQL manager.
Thanks
,
Timecard Entry: 3/25/2006 1:47:52 PM
Misc. - CPH, Ken Mills, Vermont, DSL, etc., Working on pc bundle site, setup DEC 3000 for SWNS, went and had another key made for renters, sorted todays mail, soft auto program and new updates - need pricing - talk with chris williams, web site - Black Lake Ruiver valley club- hosting and design in janueary, LABOR DAY, check voice mail, email, Installed MapInfo Server & Developer on my computer at home - went through the tutorials. Couldn't get the server to work?#$%^, All phones were busy, did modem checks., check e-mail, TIMECARDS, Scott and I got any information we could get our hands on as far as ndm goes together and started to get ready for testing., teched phone calls, Checking and responding to e-mails., write content for ticc website, Trouble shoot psahome mail server for Matt, incoming phone calls, Soft Router docs., graphics dev division mtg, Read emails- tried to assemble information which was requested in email, soup at my desk-hot, Lunch, emails and voicemails, Had a meeting in Steve's office to discuss some issues, Publish & test latest additions to wwnytv.net, General, Policies meeting, St. Lawrence Radiology - Kareta - Signing several contracts., Upload Manager - Adding features to get manager ready for Clayton Chamber (image alingment controls). Added more options and combined all features that different clients have requested into one package.
, Checked the Total Controls (5000 and 2360).,
