Blog Entry: 3/25/2006 4:34:55 PM
If you are having trouble setting up a simple data connection ASPTest is a great learning tool.
You can download it from the www.CJWSoft.com website near the bottom. cwilliams38087.5457060185, (User Search & Contact Mod) for ASPProtect Version 7.x
This will allow an individual user to search for other users as well as email or call them.
Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.
Directions:
Back up your existing ASPProtect installation.
copy "search.asp" into your "users" folder
2006-03-10_143253_User_Search_Contact_Mod.zip
Direct your users there. They will have to be logged in to view the page.
WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.
,
I am a little confused here. I am in the process of understand how this all works, mainly the email portions as I am running this through a home server (Windows XP). I have tried test emails, but they are not going threw. I ran the server_info.asp and it is telling me that I do have CDONTS installed, version 2.8. Then I tried running, the test_mailer_component.asp. This page is telling me it is not installed. This process lead me to start looking at my components for my IIS. Everything appears to be there.
Any ideas, where I should go next. It appears the CDONTS code is in every page that it needs to be in, and it appears that I have it installed, but there is a disconnect between the two..
, Please Note : ASPProtect v7.x has a new feature called groups that is much more powerful than access levels. Access Levels were left in the product primarily for existing customers that upgrade to the new version so they do not need to make a lot of changes to their site if they were using Access Levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default.
In the "check_user_inc.asp" that comes in the root of this system Access Levels work as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive.
cwilliams38403.6781481481, humm.. their FAQ is interesting...it looks like some sort of .NET configuration issue regarding security policies like you mentioned
Thats one of the big problems with hosting .NET. Some hosting companies just do do some oddball things. ASPProtect.NET works under default conditions but when hosts go around locking things down to the max there is bound to be trouble. This is the 1st I have heard of this.
Now, ASPProtect.NET does use the "System.Data.OleDb" and "System.Data.Odbc" which your host says they block because they require full trust.
All I can really say at the moment is go with a hosting company like www.alentus.com or www.maximumasp.com that does not restrict your .NET abilities so much.
In the meantime I am going to ask John Evans what he thinks about this.
, no the "expected path" is something that gets generated for you if you have parent paths enabled. to help you fill things in correctly...
basically if parent paths are enabled it shows you what the path should be for each path field on the settings page... if parent paths are disabled there will be nothing to the right of expected path for technical reasons (lack of being able to do a "../../" to figure out the paths more or less)
in that case there is a file called "expected_paths" in the data folder that you can run to tell you the expected path info
, that information is actually not helpful in determining whether parent paths is enabled or not.
You should really ask your hosting company or better yet try doing a server side include to page one directory up and see if you get an error.
example
<!--#include file = "../myfile.asp"-->
cwilliams38302.6484259259, Not the way it ships. You would have to add that functionality by editing the source code and database., who knows, thanks for your input, I am further than I was when I started talking to you!, Christopher
Found this but I dont really know what to do with it or even if its the right thing.
<%
'=========================================================== ==================='
' Application: Utiity Function
' Author: ; John Gardner
' Date: & nbsp; 20th December 2004
' Description: Used to check the validity of a postcode
' QueryString: None
' Version: V1.0
' Required routines: &nb sp; None
'----------------------------------------------------------- -------------------'
function Check_Postcode (byRef strPostcode)
' This routine checks the value of the form element specified by the parameter
' for a valid postcode.
' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf
' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.
Dim strPostcodeRegExp(2) ' holds the regular expressions for valid postcodes
Dim intCount &nbs p; ' For loop counter
Dim strPostcodeCopy ' Copy of postcode
' Variables used to hold regular expression object
Dim objRegExp, objMatches, objMatch
' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Expression for postcodes: ANA NAA, and AANA NAA
strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Exception for the special postcode GIR 0AA
strPostcodeRegExp(2) = "^(gir)(0aa)$"
' Copy the parameter and convert into lowercase
strPostcodeCopy = Lcase(strPostCode)
' Assume we're not going to find a valid postcode
Check_Postcode = false
' Strip out spaces
strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
Check_Postcode = False
Set objRegExp = New RegExp
' Check the string against valid types of post codes
For intCount = 0 to Ubound(strPostCodeRegExp)
' Check next pattern in list
objRegExp.Pattern = strPostcodeRegExp(intCount)
If objRegExp.Test (strPostcodeCopy) Then
' Post code found. Ensure input parameter is in correct format.
Set objMatches = objRegExp.Execute (strPostcodeCopy)
Set objMatch = objMatches(0)
strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " & Ucase (objMatch.subMatches (1))
' Show that we have found the postcode
Check_Postcode = True
End if
Next
' Ensure that the uppercase postcode gets returned if valid
If Check_Postcode Then strPostcode = strPostcodeCopy
End Function
%>
regards
John
, yup. that is correct... they can't log in so they can't see any pages you protect
its the nature of forms based authetication
, Same here. Thinking it might be server load or the bandwidth to the server.
Thanks for checking!
Lance
, Hi Chris,
I've got a page with a form that includes an input field with
'type="file"' for uploading an image. The page posts back to
itself to save the info to the database and run the code necessary to
upload and resize the image.
I need to limit this page to a group. So like usual, at the top of the page I put:
<% GROUPACCESS = "1" %>
<!--#INCLUDE FILE="../check_user_inc.asp"-->
This gives me the error: "Cannot call BinaryRead after using Request.Form collection"
I have used ASPUpload and SA-FileUP before and know that this is caused
by the components having their own .form collection. This script
is using "Pure ASP File Upload" from DMXZone for the upload which I'm
not familiar with.
So...my question is, do you know a way around the BinaryRead problem wtih ASPProtect?
Thanks,
Michelle
P.S. PLEASE don't send me to DMXZone for help....they've got notoriously bad support!
, I am in process of upgrading from v6 to v7. I have made database changes, can connect to database and get in to Administration area just fine. However when I go to create a new user I get the following error
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/password_admin/save.asp, line 227
Thanks
, I have noticed that during the file import, that some of the pictures get messed up. I can import aroun 150 pictures into different albums, say 3 albums with 50 each.
I have noticed however that some of the get messed up. What is happening is...the thumbnail will be correct, but after you click it the picture that shows up is one form a different album.
Any cure for this?
, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks
, Its not a known issue.. I would try the original code before you made any changes and see if it still happens to you.
It seems to be working fine here for me in amy test web.
I am going to look into some more in the meantime.cwilliams38341.7166782407, Thought this would be easy. A few more pointers should get the database connection to work:
1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so?
2)We have other files in there for other server applications, does that mean we’re stuck using DSN’s or is the file independent of that control dialog?
3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?
What else are we missing?
, Humm, Did you change something in a bad way? Thats my guess.
I need more information on what is going on because by default it does not do that ?
The only possible way I can think of that could cause that is if you changed things around too much and the config_inc.asp file is getting run/included twice on that page your logging in to.
Also, when you sign in "where" ? What page ?
cwilliams38456.0906712963, If I also password protect the pricelist pages then someone will have to login twice.
nobody should have to log in twice... ?
session variables keep track of access... once your in - your in and you can browse to and from any password protected pages you like
If it is making you log in each time then cookies are most likely disabled.. session variables requires cookies being on to work.. cookies being on is a requirement of aspprotect and is how Formed Based Authentication works..
let me know if that is the issue there...
you shouldnt have to be logging in more than once per session
Thats the whole point of the application...
, ok... lets forget about all this redirecting business for a minute
when I go to "GP01.asp" directly via your web site I get a big nasty error that says this
Microsoft VBScript compilation error '800a0411'
Name redefined
/protect/config_inc.asp, line 15
Dim Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^
then when I look at what you did in that file I see why
you have this code which is totally wrong because you cannot include the password protection file twice
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<% GROUPACCESS = "*1*" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
Just wanted to say how much I like the program! I hunted for days and finally purchased a Perl based product. After several days of goofing with it I gave up. ASPPhoto worked right on first install!!!!
I logged in myself to my website, and I tried to log in to another with same username and password. But I was able to log in again.
It was supposed to block me from logging in, but it let me to log in.
there has got to be some configurations I must have missed.
Could you instruct me on this Concurrrent login so mine works as well...
I have written asp.net application pages- obviously i knew what viewstate was, or else when they made a mistake on that page it would not have saved their filled in info. Same thing for after they submitted, when they hit the back button their info would be gone.
For someone who wrote this software it seems you are not able to do simple things. Im begining to think you didn't write it. The only reason no one else asked this many questions is possibly because they didnt NEED the functions i am TRYING to do.
I know how the log boxes work. Esp. reg ASP... they all allow you to enter your username and password and then when you hit submit it gets verified and transfers you to your destination. ASP.NET has that capability also.. i didn't purchase a program to go and have to re-write it in visual studio. It would take me longer to re-write YOUR code than it would to have LEARNED ASP.NET and made MY OWN.
The program seems to have some great complex features, however, your not able to incorporate this easy login from a diff. page function... fishy
, "I can login for the first time."no, its part the concurrent login checking system.
currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)
when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over
BTW.. I dont know what is going on But I keep getting all these returned emails. My forum is sending you emails and they are coming back as undeliverable saying your storage space is exceeded on your server.
how about translating the error to english..
Looks to me off hand that it would have something to do with the SQL server itself not being run in an english lcid/format and causing some sort of date issue.
I would also suggest you start off with a brand new blank SQL ASPBanner database and make sure that works before you attemp t to import any data into it.
, from the import page in the admin area.Just as an FYI, I found the problem. FP2003 has an "Optimize" feature that removes so called not needed spaces and comments from the pages. It also completely screws up .ASP code.
I turned off the optimization feature and all the pages I was having problems with worked. However, I would still recommend not using it too!
, Awesome -thanks - I'll give it a try , 
