Blog Entry: 3/25/2006 4:30:30 PM
Got it. Thanks Chris!
Michelle
, I have been working on this all night long. I have been reading every possible article. I have created an ODBC connection on the server.. which i have never done before? Still nothing. I looked at the machine.config file... i read about impersonating whatever the hell that is... I am really stressed out. I have the 1.1 framework installed.
I read about dsn and dsn-less connections. Is there another way i can connect to the database? Without using a username and pw maybe?
,
You are right.
I have SQL server.
From August to today I have used a very simple login system and now I come back to you for better.
I can insert, edit, delete users but it happens what I mentioned in my first message.
, Actually it is my own server (retired email server from my employer). I will check out the documentation again. I DID read that part, but didn't understand it enough. I'll dig deeper. Also my box has 2 CPU's, hence the $125 for ASPImage..., Actually, as far the "aspprotectnet.dll" file goes it makes sense because of the following.
The "aspprotectlicense.dll" is something we do not provide the source code for. We also do not compile it in "debug" mode because you not want dll's running in "debug" mode in a production environment and we also do not want that dll in debug mode because of reverse engineering reasons.
Now, that being said that DLL is no different than any other 3rd party dll "so to speak" that you would use in a project. Many of which will not be in debug mode and you will also not have the source for.
"Microsoft.Data.Odbc.dll" being an example
Regardless, there must be a way to do what your trying to do. I am just not sure at the moment. It is nothing anyone has brought up before and I personally have never had any issues like that when I work on the application so I am just not sure.
It probably has something to do with the way you set up your project., Has this been resolved ?, OK. If no return page is set, do they end up on a PayPal confirmation page and have to navigate back to my site by going Back or typing the web address?
Nick , Hi,
We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working. , My Admin user got corupted, and I need to reset the password and user, what is the defualt password for this database, as I do not think I have changes this (hopefully) as of yet.
Regards,
Paul , Hi,
I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working. , nice idea. id be interested to see your modifications for ideas, one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.
perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation
, Dear Support Team
I have read and Installed your v8 banner software
exactly as explained on XP pro which contains other asp working app.
I have problems with the " Application " and " Session" in your scripts
things that make the iis fall dead.
also in the file asp _unlimited_config.asp
you have exlained that every thing must be kept without the "" marks.
well i get http 500 error cause of it.
Please advise
Thanks
Ran
, Now that I really think about it.. instead of logging that info to a text file and worrying about folder permissions you could probably just save the post info into an application variable during the paypal ipn.asp post like so
For Each Item In Request.Form
formdata = formdata & vbCrLf & Item & "=" & Request.Form(Item) & vbCrLf
Next
Application("PayPalPost") = formdata & " - " & NOW
then anytime you wanted to see if that info was there or when it happened you could make a simple asp page in your site to display the results like so
<%
Response.Write "(" & Application("PayPalPost") & ")"
%>
cwilliams38421.6747453704, also, just to show you what happens when a user creates a subscription this is the code. you can see in red where the subscrition is is set and also where the exp date is set to null
If txn_type = "subscr_signup" Then
Set ConnPasswords = Server.CreateObject("ADODB.Connection")
Set CmdEditUser = Server.CreateObject("ADODB.Recordset")
ConnPasswords.Open ConnectionString
SQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (User_ID = " & User_ID & ")"
CmdEditUser.Open SQL, ConnPasswords, 1, 3
CmdEditUser.Fields("Active") = "1"
CmdEditUser.Fields("Validated") = "1"
CmdEditUser.Fields("PayPal_Subscriber_ID") = subscr_id
CmdEditUser.Fields("Notes") = "Successful PayPal Subscription Signup on " & Date
CmdEditUser.Fields("Expiration_Date") = Null
If Access_Level <> "" Then
CmdEditUser.Fields("Access_Level") = Access_Level
End If
If Groups <> "" Then
CmdEditUser.Fields("Groups") = Trim(Groups)
End If
CmdEditUser.Update
CmdEditUser.Close
Set CmdEditUser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
End If , (Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Instructions:
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<tr>
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<td valign="top">
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
newsletter ?</font></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
</td>
</tr>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
End IF
End If
End If
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
else
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
End If
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Response.End
End If
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
 , I am getting the same error looking at the previous post, I looked in settings and my Registration-URL is pointing at the correct location.
Is there any other thoughts on this issue
Thank you!
Matt2112 , In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it. cwilliams38306.6367708333, User Registration
The "users" folder allows users to sign themselves up and edit there accounts as well as retrieve lost passwords..
In the settings tab of the ASPProtect admin area there are options for which fields are used and which are mandatory when a user signs up. The only validation the system performs by default is checking for mandatory status. If you want to add more validation so reduce the chances of input errors that is up to you.
You can add additional server side validation by doing server side checks on the save pages... you can also make the field sizes larger in the database if you think you need to. You'll need to be good with ASP to do this.
Always backup your files before making changes to them so that you can revert back to a working copy if you mess something up. ,
|
These Settings:
Picture upload feature settings. |
| Use_Picture_Upload |
< = value=True name=Use_Picture_Upload> Check this if you will be using the picture uploading feature. |
| UploadDirectory |
< size=60 value=C:\Inetpub\virtuals\aspphotogallery.com\Web\demo\pictu res name=UploadDirectory>
Example: "C:\Inetpub\wwwroot\ASPPhotoGallery\pictures"
Ask your server admin if you are not sure.
This directory needs proper permissions for the SAFILEUP component or the VBSCRIPT solution to work correctly. It basically needs to same permissions as the database directory would need when using Microsoft Access. |
| PictureURL |
< size=60 value=http://www.aspphotogallery.com/demo/pictures name=PictureURL>
Example: "http://p600laptop/ASPPhotoGallery/pictures"
This is the web URL of the the upload directory specified above. |
| Use_SAFILEUP_Upload |
< = value=SAUP name=Upload_Solution>
This option will enable file uploads using a component called SAFILEUP which is high end upload component available from www.softartisans.com. It is far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_ASPUPLOAD_Upload |
< = value=ASPUPLOAD name=Upload_Solution>
This option will enable file uploads using a component called ASPUPLOAD which is high end upload component available from www.persits.com. It is also far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_DUNDAS_Upload |
< = value=DUNDAS name=Upload_Solution>
This option will enable file uploads using a (FREE) component called DUNDAS UPLOAD which is a high end upload component available from www.dundas.com. It is also far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_VBSCRIPT_Upload |
< = value= name=Upload_Solution>
This option will enable file uploads using a pure VBSCRIPT solution. It requires VBSCRIPT version 5 or higher to be installed on the server. The solution usually works fine, but has been reported to cause memory leaks on XP machines. | , the txt file is only lke 624 kb...so I'm not sure, just leave the databse where it is, use the connection string generated for you and most importantly... put in a request with alentus for permissions to be set
tell them "D:\Websites\www.mysite.com\aspprotect\data" and all of its child folders need change permissions (r,w,x,d) set so aspprotect can do its thing
until the permissions are set that connection string can not work
this is all noted in the installation docs... , Chris:
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help. , - I am using the original files that came with the software.
- The software ads items to the database flawlessly.
- ASPImage works great.
- When I try to remove an ad or an image it says it's been removed.
- The ad does not show up on the site anymore.
- BUT, when looking at the sql database the ad is still listed there.
Why is the software not deleting the columns from the database and the images from folder?
Note: My other tables for other projects, in the database, allow me to delete them. , its no different than linking to an image or another page. you have to adjust the path to the include file based on what directory you are in.. or you get an error
This is noted in the admin area on the code generator page which also gives you 2 examples of ways of calling the server side include. (Virtual or File include)
These threads below are also full of info. I found them by doing a quick search and they should help you out as well.
http://support.cjwsoft.com/code/code_info.asp?TID=349&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=303&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=236&KW =The+include+file , Have tried doing that but same error...
, Hi - I am a recent user of your software. I administer it for the owner. I probably missed something in your forums somewhere - but I'd like to know how to stop the software from sending an "accept registration" e-mail (after they fill out the registration page) from going out so fast - usually within minutes. I'd like to know how to defer the message for 24 hours, more or less, so that our company can go over the registration details and decide whether to allow the person registering to actually have access to our protected website pages. The program is working very well and we are excited about it. So far, no problems (knock on wood!).
Thanks so much for your help! , We can't seem to find the purchase emails for this install of ASPProtect.
It would have been in May 2004 for NetOptions LLC or CareerMatrix.com
We noticed it should have been v6 of ASPProtect.
Can you resend the download links? , Seems as though changing the mail settings to "remote email server" did the trick.
, Yes, that worked...  , ALL FIXED.. tested with real paypal accounts and a live system
works perfectly
THIS FIX IS ONLY FOR PAYPAL SUBSCRIPTIONS
Download this file "ipn.asp" and put it in the "paypal_sub_signup" folder
2005-03-10_164645_aspprotect_subscription_fix.zip
Basically somehow an older version of the this file was in the original download archive.
I am VERY SORRY
Anyone who purchased ASPProtect 7 before March 11, 2005 should download this fix.
cwilliams38421.7018055556, if you are talking about IPN subscriptions and how they work paypal has detailed manauls on their site.. if you are talking about asp.net in general there are probably a lot of good books..
the reason I said look at the aspprotect 7 code is cause the applications and database are very similar and the same techniques will apply for the most part as far as how the ipn subscription posts from paypal talk to the database and what happens during the various post events.. etc etc etc , The protection code for my group3 is:
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * GP03 * ) -->
<% GROUPACCESS = "3" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->
btw - sorry but I am using v7
and thanks for the assistance , well, ultimately it comes down to this and this is stated in the footer of every page in the cjwsoft family of websites.
"In some cases in order to receive proper tech support your application will be need to be installed on a live professionaly setup server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine."
and if you have some sort of weird timeout going on on your local machine and cant even give me a detailed error message there is just no way I can possibly troubleshoot it... I told you what to check and thats really all I can do... all my applications run on XP. As a matter of fact I do all my development on XP boxes.
It could be any numbers of things... odbc drivers, versions of vbscript... other software on the pc interfering such as antivirus script blockers like norton... all sorts of issues can pop up on personal machines running xp
If you put this up on a live professionally setup web server I can help you. On your local machine there is only so much I can suggest. , No, Unfortunately.
I have seen your messages.
I have not edited the code at all.
Tomorrow I will install the sql database again from your script as I
did before and I will try again. I will send all the details.
Thank you again.
, Thanks very much for the quick reply.
That sets my mind at ease 
I was just worried if users would see warnings in their firewall software too.
I realize that the admin would have to have to go through some errors...
And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.
Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...
Thanks , Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO , If you are having trouble setting up a simple data connection ASPTest is a great learning tool.
You can download it from the www.CJWSoft.com website near the bottom. cwilliams38087.5457060185, Our webhost changed converted all sites from c: to d:, and without us doing anything else, our customers now get the following error message when trying to access our Classifieds site:
***********
Microsoft][ODBC Microsoft Access Driver] Not a valid password.
This means there is most likely a problem with the "ConnectionString" info that you specified.
If you are using a DSN-Less Connection with MSACCESS.
Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.
ConnectionString = "DBQ=D:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"
If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.
If you are using a System DSN
It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.
************************************************************ *********************
We did everything the web host asked us to do, that is, changed all references to the C drive to new references to the D drive, but the error is still there. We also never changed any passwords (as far as we can remember). Can someone please tell us where to look (also which file might tell us what the correct password is in case it has in fact been changed.
Scaramouche38306.4845833333, Aspprotect issue
I need the ability to allow users to view url links on a page, based on the
group(s) they are a member of. If the user is the member of one group (group 1 in the following example) the code works fine.
<% If Session("GROUPS") = "*1*" then %> "view link #1"
However, if the user is a member of more than one group (let's say 1 & 5), I cannot make the code work.
I have tried various versions of wildcards, nothing seems to get me there.
I fairly new at ASP, and I am sure I'm missing something simple.
Any help would be appreciated.
,
Timecard Entry: 3/25/2006 4:30:30 PM
Times - Basketball input form, travel from Customer site back to Watertown 70 miles, timecards and payroll, updated tasks, Mel-chart of accounts / Tara-PO's / Don-911 & ACM BA letters, Sat in the NOC room. 1:30 pm McGrann Paper's ISDN line went down. Called Tammie to have her reset the cisco. She called back in after that and talked to Andy., Ans. Vm and worked on the MBOS, finished payroll and emailed it -worked on fax the press release for Nic, will have to resend some in am, expirementing with new FLASH, TICC Team Meeting, DMS-500 CBT, Costguard training, to watertown, Meeting with Phil and Mary on next step to take with Softmls or Development Process, Timecards, EveryDayDad, email, Also checked email. ns1 was down at 11 according to an email from ipsentry., *Energy Initiatives: add content, create new content area for the site: re-develop navigation system at Criag Kieny's request, meet with Jeff Jacobs, traveled to herkimer to meet with there listing service ., At watertown office with Steve checking new server configuration., technical support supervisor, qlight, emonitor, voice mail, emails, follow ups, ask us a questions, dial up issues, radlog, open incidents, new users. steady am , Training- Citec seminar and Booth, check voice mail/email
send hosting agreement and letter to dean richards and cleansmith.com
make chanes for breese cheverolet
go over infomration with dave and tim and jason for proposal
, Builing setup file for uninstall for a customer. Gathering data for Total Controls. Re-installing Total Control Manager, getting it to reset modems., Did some cleaning, checked all activities, practiced typing and started the stress test. Did the first initial 30 questions. Confusing to do., do tracking for weekly csr report
get work order for in soaop - go over with Tom
Terry- carthage federal savings bank- frontpage and other info
!3 States- web Site info- make changes upload to website and seraach engine registration
Daves Pool- infoe for web site- make changes- design done by Chris nicholas
Lori- take a ollok at web site at \Party Rentals Plus
Defereeit Paper- go with proosal- changes info- send good copy wo Defereit paper
Space Age Poos- fax info to Paul
give new listrings for links
, slow night, Accounts Receivable calls. Talking to customer, Michele, Tim, trying to collect and get invoice info, etc.,
|
