Blog Entry: 3/25/2006 4:32:47 PM
maybe this is the issue...
do you realize that the descriptive name you give a group is not always going to be the same ID in the database ? The two are not related.
Perhaps what you named Group 1 is really group ID 3
You can tell for sure by generating protection code for group 1 and see what ID it tells you to use..
You also need to remember that you are testing this with different users and it is really easy to get confused so you need specifically log off using the log off page to ensure session info from the previous login doesn't show up and cause confusion when you log in with a different user... etc etc
in addition to logging off that way you may also want clear the session and application info via the code at the bottom of my article
http://www.powerasp.com/content/new/displaying-session-and-a pplication-variables.asp
and do that in between any user you log in as , Chris -
Long time no talk, which is a good thing. I have purchased another product from you, ASPVendor. I am running into an issues.
When I try and remove the image through the image manager, it does not remove it. Screen shot attached.
2005-10-19_194248_image_upload.zip
Thanks ,
Thanks, I'll take a look.
Nick , I just purchased the software and it looks great however, I have been fighting for 4 hours trying to get a protected page to do what it is supposed to.
I was trying the examples you provided and they worked fine, then I would use the code at the top of my pages with no luck.
When I installed the software, I used an FTP package as I have found lately that anything with a database gets all messed up when I publish with FP.
On a whim, I took the page I was publishing in FP and published the same page with my FTP program. It worked! What I can't figure out is what FP does to the files to screw them up so they won't function. Is there a setting in FP that I have to change to get it to work? The files look the same, but they are different sizes when I overwrite them with FTP.
Any ideas? I don't want to have to publish my entire site with FTP as it is a FP template site.
Thanks,
Dave , Guess who!
I have a user/client who can't access stats. Even when I give them a
new username, I get the message that their username has expired.
In the notes of the account it says "Level 1 access" and I can't
figure out what that is and where it is edited or set or even what it
means. Seems like I must have hit something somewhere that goofed
up this account. I could just delete the account/user and set it
back up but I'm worried I'd just make this same mistake later and
figured I'd get the info on it. Any ideas?
TIA! (So far, I'm VERY happy with this product)
Laura
, well, I was curious myself so I just tried it.
Good news is it worked just as I thought.
Only problem is your changing things to allow authentication info to be passed over the net in a url. If you can live with the security implications then it will work. I mean a sniffer could see that and end up knowing the username and password.. not likely but just putting that out there.
Of course now that I think about it unless you are running under SSL (https://) when you log in normally that info is in the post info anyway and possible to get at.. course not right out in the open like when you put it in the url and less likely to be noticed.
As long as your not doing it to access critical areas like the admin pages... and you monitor the log files once in a while it's probably nothing to worry about. , Hello,
What is the difference between the paypal_sub_signup and the paypal_signup directories? Also, I know it depends, but what directories and files can I delete from my web server if I am not using them? I copied the entire set of files that came with the program over to the webserver and I am concerned that there is too much out there.
Jess cwilliams38446.6304050926, Just checked XML Parsing with your file. Got a clean bill of health on that: It's working.
Got the right code for the location of the ipn.asp in my paypal1.asp, from http:// all the way to .asp.
I think since everything is set up properly from the looks of things,
I'll wait and see. If I get another one who flubs things, then I'll
start the testing of the account. But if it goes through just fine,
then maybe the Internet just hiccoughed on the first guy... thanks
again!
, pretty clever...
If anyone is interested in what the Mod function actually does this article explains it nicely. They even use it for the same purpose in the examples.
http://www.asp101.com/articles/steven/mod/default.asp cwilliams38210.6791898148, sure (XP PRO), see my article on that
http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp
, Parent Paths ?
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1
, That's exactly what it was.
The site owner couldn't see their own ads because Norton was blocking anything with the word ad in it.
On another note: I changed the word 'ad' to 'listing' and got it to show even with Norton.
, I have a customer who is asking the following:
... could you make a link from it to our website and is there a way to see what traffic goes from us to them. They are going to pay a commission on sales, however I need to be able to track who views their site...
Wishful thinking or could you add code to track their IP address and display in the report section? Not sure that would be enough to satisfy this request. Suggestions?
Thanks, Lance , If you bought ASPBanner Unlimited Version 7.3 Before August/10/2004 this file needs to be updated.
It fixes a bug where the JavaScript method is not properlly closing an html Image tag. It can cause other hyperlinks on your web page to link to the same place the banner links to. This does not always happen but this fix is the way the code should be so it is best to update it.
Copy this file into your ASPBanner folder over the existing file of the same name.
2004-08-10_125304_injectbanner.zip cwilliams38209.5378009259, its that server, it's way underpowered when it comes to running dynamic code and databases.. and that other app is probably stealing all the leftover odbc resources..... did you try doing the import on another machine running ASP? Thats the way to go.. I am afraid I won't be much help at the moment.. I am battling with a crashed system and a lot of lost data, If you need to know how to enable them on your test server.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1
, My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work. I've tried many different options - here are two that are the closest - but have issues:
1. If I use the settings:
email component: aspemail
Mail remote server: my internal server name
*no smtp authentication
email mail notification - my email address on my internal server
***I get the following results:
I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.
2. If i try to change the setting to use the Hosting Website email server - I get the following results: I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.
**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.
, ((TITLE EDITED BY ADMIN))
it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.
Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...
, Not sure how to response.write the session variable, I have never heard of such a thing...
If the settings are enabled for the web it should work.
That is, as long as your include file syntax is valid.
I run my own windows 2003 server (you are on it now) so I should know
for troubleshooting
try a very very simple example... like a file in a folder.. with a server side include to a file under it
and see if that works
use real simple asp files with nothing crazy in them... and an include like this
<!--#include file = "../myfile.asp"--> cwilliams38434.5388773148, It is common when testing a site that this happens because of the nature of session variables.
Admins have access to EVERYTHING so it is very important when testing different user accounts that you specifically log out... and then close every single browser window before logging in as a different user. This is to ensure session info from the previous user does not overlap in any areas.
(The session variable for admin access being the main one)
Under normal circumstances a user would not log in with many different accounts on the same computer this this would only be a problem for a developer who is testing.
So make sure you go to the to log-off page and log off.. then close all browser windows.. then test another user.
If all this is not the case then something else is going on and I will need more information. I pretty much know the level checking code for ASPProtect Version 6 is correct as there has been no reason to change any of it in over a year. I would have heard reports of problems with it. , A question. Does this apply to all areas of the application. I have recently uploaded 50 photes. But when I look at the site from the url, I have X where the picture should be. Now, if I look at it though the localhost, I see the pictures perfectly.
, Thanks Chris.
Your solution worked! , Probably not... javascript calling complex javascript is not a good thing and is often a problem.
I would try one of the other methods such as the xml parser if possible. , Hello,
Again, enspecified error are not very helpful.
An error usually tells you at least a line number and page or something.
Please read this as it might help do tell me more.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1
As for only happening once in a while. It could be a lot of things.
Version being used (when did you purchase.. what name/email was it under and I can look) ?
What banner method being used?
Access or MSSQL ?
How busy the site is ?
Server Resources ? cwilliams38414.6114930556, This post unfortutely needs to be here because this application has been the biggest pain in the neck for me you could possibly imagine. This is not because of problems with the application, but because of people's general lack of knowlegde regarding ASP.NET. This post totally voices my stance on what sort of knowledge you need to have and also the fact that I am not going to support anything but general installation on a correctly and professionaly set up live server.
ASPProtect.NET is a great application but using ASP.NET requires a lot more basic knowledge than using classic ASP and there are a lot of basic low level ASP.NET things that need to be set up correctly for an application like ASPProtect.NET to run. These are things I do not cover because you should know the ASP.NET basics when using an application as complex as this. It's just that I don't have time to nor should I have to teach people the basics of ASP.NET. I don't charge nearly enough for ASPProtect.NET to offer that kind of support.
So, I will say it one more time. ASPProtect.NET is targeted towards experienced Visual Studio.NET developers that know how to work with Code Behind VB.NET and are familiar with basic ASP concepts such as IIS application settings, the .NET framework, the aspnet_client folder, and the basics of the web.config file. If you are using ASP.NET for whatever reason you need to know about these things. The best way is to get some good books and do set up ASP.NET on a local development machine so you can start learning.
If you are one of the ASP.NET challenged let me say this as well.
Stick with Classic ASP. ASP.NET is a step in the wrong direction for the average user which I like to refer to as "Joe Coder". Classic ASP is very powerful and easy to pick up. ASP.NET is not easy to pick up and never will be for a lot of people. In my opinion it’s actually the wrong technology to use for anyone other than big corporations who need extreme scalability in their applications or for the hobbyist or object oriented programmer who just wants to use the latest and greatest. Ask yourself if you really want to deal with compiling Code Behind code each time you make changes to your web site as opposed to just editing some files in notepad real quick like you can do with classic ASP ? Do you have the money to purchase and use Visual Studio.NET or are you going to struggle with compiling all your ASP.NET pages using a command line compiler and a batch file ? Yes, you can build ASP.NET code that isn't code behind but why even bother if that is the case because your missing the point of ASP.NET if you do that and missing out on a lot of powerful new features and concepts.
When I do custom projects for bigger clients I usually end up using ASP.NET because they want to go that way and understand the time and money involved. When I do any of my own projects I use Classic ASP because the truth is you can still make some rockin busy scalable web sites with Classic ASP just like you can still make great web sites with CGI, PP, Cold Fusion.. etc etc. Look around the web because a lot of the biggest sites out there still use those scripting technologies and their stuff runs very well. ASP.NET is a lot of hype and although some things about it are plain awesome it is an environment best suited for real object oriented programmers, not the weekend code warriors.
The other thing to keep in mind about classic ASP is the shear abundance of applications and scripts available for it. ASP.NET can be expensive for that reason alone as there still is a shortage of good time tested applications out there and what is out there is always priced a lot higher.
In addition to that half of the ASP.NET applications out there are just half baked poorly converted versions of their Classic ASP counterparts. Is that the kind of thing you want to sink twice the money into or would you rather have something that runs well and has been tweaked year after year into a rock solid product?
To make things worse a lot of the hosting companies out there offering ASP.NET hosting are severely limiting the basic abilities of ASP.NET because of various security concerns. This means if you go with a Host that does that 75% of the asp.net stuff out there won't run on the hosted server. Isn't that wonderful ?
Now, Let's make things even worse. So far every time Microsoft has released a new version of ASP.NET a lot of things from the previous version have stopped working and needed to be modified to work correctly. Is that really something you will have the time, resources, and energy to deal with.
You may ask "but is classic ASP going to be around 5 years from now?" Though you never really know until the new version of windows server ships I say "Hell Yes" it will be. According to my sources at Port80 Software who work very closely with the folks at Microsoft (as well as many other sources out there) it will almost certainly be in Longhorn which is the next version of Windows Server. Longhorn probably won't come out until 2007 and will be popular for 3-4 years after that. The version of windows server after that will most likely support Classic ASP as well and if it doesn't I am sure there will be a way to make ASP run on it. If you really look around a lot of hosting companies are still running Windows Server 2000 which is 5 years old at the moment. The bottom line is Classic ASP helped put Microsoft web technologies on the map. Microsoft can not simply drop it because if they do they give up a dominate market share to the scripting competition being PHP, CGI, Cold Fusion.. etc etc PHP for instance a huge installed base on many platforms which are essentially free. ASP.NET can not compete with that in any way and not supporting Classic ASP would put microsoft in a bad position.
Take it from me. If you are a weekend code warrior/script kiddie. You'll be a lot happier sticking with classic ASP. You will also have save a lot of money and you can still have great web sites. There are tons of great applications out there in ASP and ASP still is and always will be the easiest scripting language to work with and learn. Better yet look around on sites like www.4guysfromrolla.com and see if you actually understand any of the latest articles. If it looks like Greek to you that is yet another sign that you should stick to classic ASP.
Personally, I will be focusing just as much time and effort on ASP.NET as I will on Classic ASP in the years to come for a few reasons.
- Because I sell software I obviously need to convert/re-write most of my appIications to work with ASP.NET. My living may eventually depend on it.
- Because I love using the latest technologies I want to continue to develop using ASP.NET.
- Because I do many custom projects for various clients using ASP.NET is a must.
- Because in some cases using ASP.NET over classic ASP makes total sense.
Just don't fall for the HYPE folks. I am one of the few established developers out there that has a set of Balls and is willing to put the truth out there and see past the bullsh*t. If you go ASP.NET do it because you seriosuly think you need the power and scalabilty and money and time is not an issue or because you are a hobbiest and object oriented programmer who likes working with and has time to work with the latest and greatest web scripting technolgies out there. I truly believe that so far ASP.NET is as much a success as it is a failure. I am sure some of you out there know what I mean by that.
All this being said you should also realize that ASPProtect.NET is a little different than your average ASP.NET application because it uses a lot of advanced ASP.NET techniques and you essentially use it to password protect your existing scripts meaning you need to integrate your stuff with our stuff in a sense. If you just go buy some random ASP.NET application like a classifieds system or storefront it is probably just going to run on it's own an therefore will be a lot easier to set up and deal with.
Here are some links you folks should read as well.
http://rtfm.atrax.co.uk/infinitemonkeys/articles/asp/905.asp
http://www.itnewsgroups.net/group/microsoft.public.inetserve r.asp.general/topic2074.aspx
http://support.microsoft.com/default.aspx?scid=fh;%5Bln%5D;L ifeWin
Chris Willians
http://www.cjwsoft.com/about.asp , LOL , Yes, you are right.
We have now tested it using the DSN less connection with Access 2002 and it works fine. We have also tested it again with a DSN using 2002 and this also seems to work.
The comment about speed is a consideration although I have not noticed any differences. ( we only have a few database entries at this time).
Thanks for your help , I posted this in the wrong forum. Sorry.
I have installed ASPProtect on a client's website and I have been
notified that some of their customers have been unable to login to the
protected pages.
On testing it seems that the issues seem to be related to how cookies are being stored by IE 6.
ASPProtect is being used to protect particular template files within a
Content Mangement System. 90% of the time it is working fine but on the
odd occassion particular cutomers are unabe to login.
After quite a bit of testing I have managed to find the scenario in
which it starts to have problems and was hoping you may be able to
provide a solution.
If a customer enters the wrong password, then reenters the correct
username and password, they receive a message "template can not be
found" from the Content Management System. This message is generated
when a url is entered that contains a link to a template file that does
not exist. In this case the template does exist. If I remove the
ASPProtect code the page opens without error.
Everytime they re-enter the details they receive the same message.
If they close down the browser and then reenter the correct details in some instances the page will open correctly.
More often than not, they have to delete cookies and temporary files
and close the browser. This seems to fix the problem again for
most users. For users who's web access is heavily cached by an internal
server, even this does not work.
Have you come across this problem before and can you suggest a remedy.
If you can email me privately I can give you the URL and access codes.
Thanks,
Stuart
, Can you please elaborate on this? I have a flash banner that is on my site. All of the info is in the code banner section. In the banner link section, I have nothing. Do I need to actually edit the swf file with redirect URL? How do I edit the swf file? Once that is edited, do I put the URL of the site in the Link URL space? Thanks. , I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=49& PN=1
Jeromy, You should have access to that page. , Hello,
It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.
I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.
But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file , BTW.. I dont know what is going on But I keep getting all these returned emails. My forum is sending you emails and they are coming back as undeliverable saying your storage space is exceeded on your server.
Could not deliver message to the following recipient(s):
Failed Recipient: steve.gould@apawood.org
Reason: Remote host said: 552 Requested mail action aborted: exceeded storage allocation
-- The header and top 20 lines of the message follows --
Received: from server.powerasp.com [209.23.108.41] by mail.cjwsoft.com with SMTP;
Thu, 28 Apr 2005 15:34:44 -0400
From: "CJWSoft Support Info" <sales@cjwsoft.com>
To: steve.gould@apawood.org
Subject: CJWSoft Support Info : Thumbnail creation
Date: Thu, 28 Apr 2005 15:34:44 -0400
MIME-Version: 1.0
Content-Type: text/html
Hi srgould41,<br /><br />A message has been posted in the info area on CJWSoft Support Info that you asked us to keep an eye on.<br /><br />To view and/or reply to the info then click on the link below : -<br /><a href="http://support.cjwsoft.com/code/code_info.asp?TID=249& amp;TPN=1">http://support.cjwsoft.com/code/code_info.asp? TID=249&TPN=1</a><br /><br />If you no-longer wish to recieve email notification for this Info or Infor Area click on the link below : -<br /><a href="http://support.cjwsoft.com/code/email_notify.asp?TID=2 49&FID=4&M=Unsubscribe">http://support.cjwsoft.co m/code/email_notify.asp?TID=249&FID=4&M=Unsubscribe& lt;/a><br /><br /><hr /><br /><b>Information Area:</b> ASP Photo Gallery Pro Version<br /><b>Info:</b> Thumbnail creation<br /><b>By:</b> cwilliams<br /><br /><P>trust me, they (serverobjects) does not check.. as a matter of fact they havent answered support emails for about 3 years. All they do is sell that crap and forget the customer. But the stuff does work well and always has. (that guy took all the money he made/makes from those components and took off to Jamaica or something sitting on the beach drinking margaritas)<BR><BR>regardless,<BR>ASP just cant resize pictures on it's own. <BR>It' just not possible. You need a 3rd Party component.<BR><BR>There isn't much to say about the ASP.NET thing.<BR><BR>If your server has ASP.NET installed (meaning you can run aspx pages on your server and the ASP.NET framework is installed) and running you just pick that option in the config file and ASP Photo Gallery will use ASP.NET to make dynamic thumbnails for you.<BR><BR>To run ASP.NET it must be a 2000 or 2003 server.</P>
, Chris,
Well some good news ! This from my hosting company this morning...
"
I'd say that the vendor is right so I've submitted a work order to
create the *****.com/aspnetprotect directory as an application.
If there are any other directories for which this needs to be done,
please let us know. This particular task always needs to be performed
by our staff.
If you need to follow up on this job with one of our on-line or phone
technicians, you can reference ticket id 11860.
With regards "
Thanks for your help thus far
Andy
cwilliams38455.5654513889,
Ok, set up a new web.config in root, with just the suggested code.
that worked to get this....
Configuration Error
Description: An
error occurred during the processing of a configuration file required
to service this request. Please review the specific error details below
and modify your configuration file appropriately.
Parser Error Message: It
is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.
Source Error:
Line 409:
Line 410:
Line 411: <authentication mode="Forms">
Line 412:
Line 413: <!-- DO NOT CHANGE UNLESS INSTRUCTED TO DO SO -->
|
Source File: D:\hshome~aspnetprotect\web.config Line: 411
any ideas?
Andy
, Yeah, its a win2k server.
Im up and running now (my guess is ASP wasnt installed, but he did not say), but am not having luck with any of the email. I contacted my host to see what is available and have yet to hear back. Do you generally recommend people to run CDOSYS?
Ive been reading through the docs, and the users and protection seems to be pretty straightforward. Nice!
The only other real question I have (and cant find in the docs) is how to remove the self registration option all togehter. My client wants to add its users manually, and not give the option for them to sign up themselves. Do I just find any remove any code that references it? , it's ok
one step at a time and at each step testing things.. then when you mess something up you can figure it out a lot easier cwilliams38456.1106018519, I did not set that variable in the IPN code that aspprotect uses. It is optional.
You will want to download PayPal's IPN documentation and see what the variable is called and then add it to the IPN form code if you want to use it.
it will be a hidden form variable (one line of code added to) paypal2.asp, I am in process of upgrading from v6 to v7. I have made database changes, can connect to database and get in to Administration area just fine. However when I go to create a new user I get the following error
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/password_admin/save.asp, line 227
Thanks
, ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the image in 2 ways.
- We use Javascript right click disabling code that works in both IE and Firefox.
- We stream the image via a special password protected ".asp" page and use an image tag to call it. This hides the true location of the file. You can therefore keep your images out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the img tag html source they can not tell where the file came from. Doing all of this allows you to offer certain images only to people that are logged in.
All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.
For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.
Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41 ,
Timecard Entry: 3/25/2006 4:32:47 PM
teched phone calls, researching and writing list of desired team embers for design department, Update and correct time card , Picked up mail and opened. Posted accts and customer inquiries., PO with Seth , Melody billing for TICC and totalled reimbursement for Tim for numbers, Created Photoshop file of the SoftMarine logo for Tom to use on the Demo site, McCadam.com: updating pictures on site. Billable., Off Site, Jetstream, Fixing new calendar component so it returns weekday name of day selected or queried., Sales and Marketing meeting, Teal's, Optimized all the animated banners on the homepage and also removed a bunch od things that Paul and I talked about removing to make it load faster. Ended up getting rid of a lot of about 30K more of graphics which should help out a lot., put a disclaimer on the GiSCO home page about the decomissioned 0100 numbers for Ron D., make sure modems are working correctly, Travel to Watertown and preparation for FariPoint Carrier meeting, Excel lesson #9, Clayton to Watertown, tech support supervisor duties, voicemail, radlog, dial up issues, ask us a question, callbacks, follow ups, emails, q-light, helping techs with issues, dsl sign ups, Building x-mas party. Answering phone, doing customer service still. , Check voice mail/ email- send info to tom
Dynopost- probnlem with storefront- talk with Peggy, and send email to tim to fix probelm
send info to tim for chris cross, Reimbursements, Cancellations , Mileage, E-mail, Worked on the Bundle site adding the package and description fields. Did some other modifications on it as well. , Time card, Modem Log & mail review & NOC, Began list of Press Release People, meet with migel berger , CostGuard Training, sign ups, info, entering new accounts, Go over meeting info with Amy and look on Internet ideas for the site,
|
