Blog Entry: 3/25/2006 4:38:20 PM
you have to do it like I show above... your not specifying the field name to be searched in the instr function so what you just showed me will not do anything
You also should not have the > 0 stuff in the function because it is testing the result of the function.
You have to do it just like I showed , No, because ASPProtect.NET is licensed per and only runs in One website (one iis application)
That error however probably has more to do with parent paths being disabled on the server.,
Great suggestion, routing the banner click through an intermediate page before the destination. We use Deepmetrix LiveSTATS.xsp V7 and I should be able to configure a filter to capture the stats of the intermediate page.
Thanks for the help!
Lance
, Will purchasing an additional license resolve the issue which will allow another installation or is this a function of the application that it can only protect one site per server?, You may be interested in this. I just put it together real quick like.
http://support.cjwsoft.com/code/code_info.asp?TID=454&PN =1&TPN=1 , Chris,
Thanks for the reply. It all makes sense.
I have gone with your first option but here is the problem:
I have moved the password protected page from the detail page with the
querystring to the straight .asp page. This obviously fixes the
previous error.
Once someone has logged in they are then presented with a list of links
to the previously protected pricelist detail pages (example -
"somepage.asp?ID=3""). They are then able to access the pricelists.
The problem is that if someone copies the pricelist URL they are then
able to pass it on to someone else and bypass the password protection.
If I also password protect the pricelist pages then someone will have to login twice.
Is there some code that i can add that will simply check that they have
logged in otherwise kick them back out to the protected .asp page.
All code in your documentation tends to open the login page regardless of whether you have previously logged in.
Thanks,
Stuart
,
I am not entirely sure how one configures
the system to assign a user to a specific group. For example, let say I
have created two groups A and B, and I have pages protected by the code
generated in the admin area for groups A and B. I know I can assign access
to these groups in the admin area.
However, it is not clear to me how I do it automatically
through the registration process.
, Humm, I can see all those pages loading just fine at both domains so you got me pretty confused at this point as you just said they didnt load.
regardless, the data connection tests are failing with both of them.
so let me ask you again how are you setting permissions on the database folders?
, You do not say something like that in a support forum for a legitimate software product. I don't think piracy is funny in the least bit. It is something I deal with every day with my own software. If you want to joke about it please do it someplace else. If you are downloading things via p2p do not talk about here. I don't want to know about it period., Send email to users that are soon to expire:
What Format should be used for dates and does international friendly dates affect the date as used by the reminder ?
Am having serious problems with renewal notices and expiration dates.
All member sign ups are for 1 yr., yet new members are being sent
renewal notices.
Does Paypal use a different date system or has does
Paypal have nothing to do with Subscription dates?
, humm, I see your using the lite version which is technically not supported.
I know you were responding to an existing thread but I really would rather you have posted this in the ASPProtect Lite area or at least mentioned what version you are using. Usually there are big differences in the versions and it helps me help you if I know what is going on.
Regardless, the code for this feature is actually the same and I just tested a fresh install of the lite version and it stored that verify url perfectly and all worked as it should in the verification email.
All I can think of is that you can try manually editing the "users/add_new_account.asp" file.
This part
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & vbCrLf & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Would need your verify URL hardcoded into it which would pretty much guarantee it would get put in the email.
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & "http://localhost/aspprotectlite/users/v.asp" & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Of course change the url to be valid for your setup.
Still, the fact that this isn't working means there is something wrong with your installation. It would probably be a good idea to erase everything, do an iisreset, and re-install the application in a different directory... immediatly log and go to the settings page, carefully set everything and save it... then register as a new user and see what happens.
There is no reason that variable shouldn't get set. I mean I tested it just now with a fresh install of the version you are using and not only that... 1000's of people have been using that same code for over a year in the full version and no one has had this problem except the guy who started this thread who never populated the value.
My guess is still a problem with your "IIS application" for that web. It is not doing it's thing for some reason. When the settings page is saved and application variable gets set telling the config file to reload the variables as it doesn't do it every time to conserve resources.
If that isn't getting triggered and that variable isn't getting set who knows what else isn't getting set and it's not pratical going around hardcoding 15 important variables., All of the fields with the expected paths show the correct file structure, so now I've put them in them in the boxes
, A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.
Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.
Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them
In addition to the settings above each table has one field that is a primary key with an auto increment of one
In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.
The SQL column settings for each one of the primary key fields must be set as follows
In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.
cwilliams38325.7405092593, ya, thats basically what I was gonna do..
BTW.. if that other app is going crazy with an access database it could be the cause of all the slowdown with ASPProtect... what happens there is it is using so much database driver time that it robs other things that also access a database... so basically ASPProtect isn't asking its database for much but your other application and database are cripping that part of the system and causing it to run like crapola
If your other app is using a system dsn try changing it to use a dsn-less connection... it might actually help
, A question. Does this apply to all areas of the application. I have recently uploaded 50 photes. But when I look at the site from the url, I have X where the picture should be. Now, if I look at it though the localhost, I see the pictures perfectly.
, Than you 
I'm happy after changing to XML parser for two of the ads. Later I'll change the other codes to XML, never to use iframe again!
, OK, I updated the server with the SP 8 Jet updates and this had no effect.
Then I loaded the asptest file and put in the correct path. The results were:
Failed: Database could not be connected to....
Error reported from server:
Error source: Microsoft OLE DB Provider for ODBC Drivers
Error number: -2147467259
Error description: [Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x784 Thread 0x854 DBC 0x2101014 Jet'.
, Thanks and glad that fixed it.
You can review this software at http://www.aspin.com/func/review?id=4952510
That being said, ASPIN has a lot of problems with anonymous reviews so if you can please sign up with them and post an Authentic review as they carry a lot more weight. Authentic reviews involve responding to their validation email so when doing so use a real email address that you regularly check.
And sorry I made you use the forums, but as you can see this is exactly the sort of thread that will help someone else later on.. and that is why I require people to use the forums now instead of just email support. That way the conversations are out in the open where they can help everyone instead of buried in my outlook where no one will ever see them. And of course if information is sensitive you can always do a Private Message as you did earlier.
It is all about creating a knowlegebase of valuable information.
, This has not been officially released yet, but it is ready.
Here is the overview...
http://www.aspprotect.com/demo3/paypal_signup2/overview.asp
And the Code for the IPN Subscription Pack is 30.00.
http://www.aspprotect.com/ipn_subscription_support_pack.asp
A few people are using it and say it works very well.
Like the IPN Single Purchase System it is a separate directory you copy into the web site. One change must be made to your database so it’s pretty easy to get working.
Though I am not guaranteeing this you should be able to accept Single IPN payments and IPN Subscriptions at the same time without the two bothering each other. I haven’t tested it but one customer is doing it and said it is working fine. It just involves manually specifying the IPN URL for one of the systems so it overrides the default IPN URL on your paypal settings. (As each system needs its own IPN URL) Its easy to do… just a form field you would add to the subscription form. I already looked it up. See below.
Specifying Your Notification URL
If you only need to receive your IPNs at a single URL, you can enter that URL in the Preferences section of your Profile. If you would like to receive payment notifications for different payments at different URLs (i.e. if you need to separate payments made to different websites you run), you can manually pass the IPN URL with each payment by including it in that payment’s HTML code. Use the notify_url field to pass this information. The notify_url for a specific payment will be saved, and any subsequent updates to that payment (e.g. cleared eCheck) will be sent to that notify_url. When you pass a notify_url in your HTML code, it will override any preferences you set in your Profile.
Anyway.. the Code for the IPN Subscription Pack is 30.00.
http://www.aspprotect.com/ipn_subscription_support_pack.asp
cwilliams38342.8775578704, 5 Computers in an office, random hardware and operating systems. Some wireless some wired - all the same ISP connection.
Some users do not see the PLACE A NEW AD hyperlink. How can this be hidden? There is no conditional statement yet some see it and others don't.
To make this problem even more confusing if I take an image and put the place_new_ad.asp hyperlink on that image the users don't even see that image any longer.
How can this be resolved?
, Hi,
Its just not enough information to go on. I need more details on what is going on. There are a lot of configuration settings in these applications. I really do not know what to make of that screen shot.
My 1st guess is that if you cannot delete a picture that the picture folder does not have delete permissions ??
I also need to mention that I am not sure what this has to do with ASPImage ?
, Yup, thats the problem I was having. I can get it to work if I don't do through the dl stream, but otherwise it prompts to save or open it instead of loading it in the browser.
I did read the change on making the content public instead of private so I think that will work for know...
, ok... glad ya figured it out.
Yes.. for ASP server side code to run the page extension must be ".asp". I was gonna mention that but I guess I just didnt think anyone would do that.
no offense.. not everyone works with this stuff every day..
, Hi all,
I have the photo gallery set up at www.kashabowieoutposts.com/gallery
It's great - love to work with it.
But I've never been able to get those with just User permissions to be able to upload... Only an administrator is successful in uploading. This was no problem in the past, but now this client would like to give their guests a means to share their pictures on their site - so now I have to figure out the bug...
... this is the error I keep getting...
Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard.
------- anyone else experienced this?
Many thanks all!!
Doug
, well, I think John just told you what the deal is. He knows more about ASP.NET than anyone else I know.
If you are going to run a non-standard setup then you are going to have big problems like you are having. , ok, that does not work but that still is not enough to help me troubleshoot.
I'll probably need to look around in your admin area and check things out in order to figure anything out.
I will also need to see the protection code you put on that page exactly as it appears.
PM (private message) the admin usersname/password to me if that is ok with you and I will check it out
it's really the only way I can help with an issue like this. I have to make sure you didn't do something wrong and then go from there , The path is correct for the logfile directory. This is still not working.
, Chris:
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help.
, I assume that if I am using this product, search engines such as Google cannot access and index my content. Can somebody confirm that; I want to be 100% sure.
In case it matters, I am using a basic, cheap ISP setup where my site is on a shared server.
Thanks in advance.
, It appears there was a flag problem. When reading it into SQL Server, it converted the True/False in Access to 1/0 in SQL Server.
, as I look at your installation more I notice that you are using MSSQl as the database type.
chances are that is the source of these problems. Fields in the sql database are most likely not all set correctly
it is very important that the sql tables and fields are set up exactly as described and that the sql script we provide runs without error
http://support.cjwsoft.com/code/moreinfo160-1.htm
if you create the sql database other than the way we tell you to or the sql script doesn't do its job setting all the field types/constraints/primary keys/etc..... for some reason .. then weird things like this can happen
at this time this is my best guess as to what is going on
I would examing the sql script we provide and compare the information set in it for each field and table to your existing SQL database to see if everything got set correctly.. I would start by checking these fields 1st of all as they are very important.... (username,password,expiration_date,admin,active)
in the meantime testing the ASPProtect system with an Access database will prove that all the ASP code is working as it is supposed to if you are interested in doing that
, I've downloaded this neat little app, but I'm having troubles understanding what I should be using. Cassinni or IIS, can you help? I've tried to look at the help, but it is very vague on what to use in each situation.
Any help is appreciated.
Cheers
, What application you talking about ? I'll assume ASPProtect. In the future please specify what application you are talking about.
ASPProtect 7 already has protection that is quite effective. The no concurrent login feature which will not let the same username under a different ip log in at the same time. Meaning if someone gives out their info they will screw themslves over because eventually they won't be able to log in. Only one unique ip at a time can log in so even of 100 people know the info it won't really do anyone much good except the lucky one that logged in 1st and stayed logged in. The username/password will eventually become more and more useless as more and people know it.
In addition to that is is a good idea to monitor the daily logs and single out a user you see logging in a lot. The more ips you see for that user the more chance it is multiple people logging in and you should take action. , Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?,
I am successfully using ASP protect on our site. I have one question:
The file Check_user_inc.asp looks a bit bland as I can't seem to use the sites Dreamweaver template. If I apply a template to this page, it is duplicated on other pages with this template.
How can I apply a template to this page?
Thanks
Clark
, Hello,
It is very possible (just basic ASP and database accessing techniques)
It is just not the sort of thing I support in the forums as it is a customization related.
Even for me something like that would take 1-3 hours of coding time. Basically, it is just not something I could just explain to you real quick.
You might want to pick up a good book on ASP or check out some of the great resources out there. http://support.cjwsoft.com/forum/forum_topics.asp?FID=17
Doing stuff like this is relatively easy, but can be time consuming work.
In the future please use a more descriptive topic for yours posts "I need help" is not exactly helpful to anyone else searching through the forums . I therefore renamed your post accordingly.
I really try to keep the forums organized and clean. That's all.
Thanks
cwilliams38420.5234490741, Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.
If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames
personally though I think that would be a somewhat goofy setup to have going on
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?
As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .
Really, the best thing to do is expirment and see how things behave.
, also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ????
I think you getting all confused about dsn's and what they really are.
A system dsn gets created via the ODBC control panel and gets listed there. A system dsn is nothing more than a registry entry telling information about where the database is an how to connect to it. Then every time code accesses the database it has to do a registry lookup. The whole process adds a lot of delays, causes very poor performance and is unnecessary.
A dsn-less connection simply connects directly to the database by specifying the driver being used, where the database is, and some other information like the password if there is one.
To get aspprotect or any other ASP application using a database all you have to do is make sure the database folder has correct permissions and then make a connection string like so. (with the correct info for your directory structure of course)
DBQ=c:\inetpub\wwwroot\aspprotect_6\data\database\ASPProtect _access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp
If you are wondering Access databases always use the same username.
So, basically if permissions are set correctly and the directory is valid it will work.
It is really that simple. 99% of the time when people have problems it is one or the other.
That being said, don't worry about the odbc control panel and what is listed there for connections. All we really care about is that odbc drivers are installed and somewhat current.
One last thign for reference: even if you do make a system dsn the database folder still needs the correct permissions.
