Blog Entry: 3/25/2006 4:31:46 PM
Your actually confusing me with the whole "joe bloe" thing and user access. I just do not get what you are trying to tell me. Perhaps you can explain in a less confusing way. Your just not technically explaining it andand thats what I need to know to possibly help.
As for the subweb thing you just can not do that. Subwebs have their own sets of application and session variables. An ASPProtect installation and any pages you protect with it are required to be in the same "application" in IIS. Sicne subwebs have their own "applications" in IIS that won't work. It is the nature of "forms based authentication" A sub web is alo considered by our licensing to be a seperate web site and ASPProtect is licensed per web site.
As for breaking pages.. you really shouldnt be editing any pages in the admin area as you will break them unles you are very good with ASP. (does not sound like you are..no offense meant at all)
Pages in the "users" folder are less complex and it is usually ok to edit them carefully.
http://www.powerasp.com/content/hintstips/common_sense.asp
Pages of your own that you password protect can still be edited in your usualy way though without effecting anything.
Truth is if you back things up before you start editing how can you go wrong ? That's how you learn.
, Yeah, its a win2k server.
Im up and running now (my guess is ASP wasnt installed, but he did not say), but am not having luck with any of the email. I contacted my host to see what is available and have yet to hear back. Do you generally recommend people to run CDOSYS?
Ive been reading through the docs, and the users and protection seems to be pretty straightforward. Nice!
The only other real question I have (and cant find in the docs) is how to remove the self registration option all togehter. My client wants to add its users manually, and not give the option for them to sign up themselves. Do I just find any remove any code that references it?
,
question 2 is answered best here
http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal
Ok, got it. Didn't know if there was something already set up for this that I was missing.
>>I should also mention that the paypals scenarios used in ASPProtect can not be tested using PayPal's sandbox.
Ok. Thanks.
>>Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts) then you can log into the other and refund the transctions and of
course it makes sense to use low amount like 1 cent and what not.
Yeah, been messing around with
that. Got everything going except the return page which I can't
do until the site is live. 
>>Also, I'd love to see what you came up with with the
integration. I have been working on it here as well and took it in a
different direction as I plan to sell directions for it as an add-on
for aspprotect.
Ok. Will email you with a username and password for access to the site once it's live.
Sounds like a great add-on for ASPProtect!
Thanks!
Michelle
, Yup everything looks ok - but why no error?
This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...
What would cause it to 'think' it is doing the task yet still fail?
, Chris:
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help.
, It's probably something I could do for you as a custom project if you are interesting in paying to have that work done, but it is probably not something that will be added to this version of aspbanner as it is in my opinion a feature more suited for a more expensive software package.
It is also difficult to get ASP code to do things on it's own. Scheduling something to run on the server or some other clever scenario is necessary and that usually means it would be unique to each persons setup.
http://www.cjwsoft.com/custom_work.asp
, Not sure what you mean about the path to the IIS files being
wierd...what else should it be? The wf directory is the root of
the aspprotect stuff for this project.
I assume the permissions need to be read, write at least. I was
looking at the permissions dialog from a file explorer and I see a web
sharing tab and a security tab. I look at the security tab but I
am not really sure which type of user I am looking for to add and give
permissions to so that I can get it right. Maybe that is not the
right place to set the permissions....
Sorry to be "windows challenged" but I am not super familliar with all
the different places to set various permissions for OS vs. IIS. I
looked in the "Internet Services Manager" and browsed to the logfiles
directory and looked at its permissions...is that the place to set
things up? I see a "directory" and "Directory security"
tabs...which is the important one? I made sure "write" was
checked and went to the directory security tab and enabled anonomous
access....still no logs are showing up. Restarted server a bunch of
times to make sure it took the permission settings. I logged in
and out correctly and incorrectly to see if a log would be generated
but no luck.
The physical path to the logfiles directory is set correctly in the setup tab in aspprotect... sorry to still be baffled.
How do I know if the filesystem object is disabled on the server?? I can copy and paste things in there...
Thanks!!
, I agree -- don't use the code as is. I provided it only as an idea for a work-around if your ASPProtect users with Internet Explorer complain about the Page Expired message.
I did not test it to be sure the parms coming into the target page (which would be part of the URL when bookmarking) are properly preserved. It would be easy to make sure they are preserved, but I am not sure the code in the example does that. I also customized the code with my own page header and footer.
I have the Option Pack but the site does not need it yet so I haven't applied it. I don't expect many problems re-applying my few lines of modifications.
The IE behavior is not a big deal if you provide an explicit login page, since users would have less interest in paging back to that. In my case, I simply gave a link to a protected part of the site, and when they take that link, they instead get the login form if they aren't logged on. Once they log on, they get their desired content page, to which they sometimes want to page back later on.
From searching the Microsoft Knowledge Base and other sources, I could not find a way (using HTML) to turn off IE's behavior of refusing to quietly reload a page containing form data. Netscape does not do this. So my IE workaround is to ensure my target page does not contain the login form. It does not solve the cause of the problem, but in this case it gets rid of the Page Expired error message for my IE users.
I also purchased ASPProtect for another site, and I'm using that "out of the box" unmodified. I'm very pleased with ASPProtect's functionality and the fact that it works completely without the need to customize. However, I've found it is very easy to customize if I want to.
Jim
Puli Club of America
, I have narrowed it down. The ../ for includes will not work with .asp files but will work in .shtml files.
any ideas?
, While I originally thought the login form on a non-protected page idea may be similar in setup to how our Classic ASP version of ASPProtect works I could not have been more incorrect. Truth is I forgot that it works a lot differently.
ASP.NET Web forms are meant to post to themselves and there is thing called the viewstate. (google it.. its a hidden variable the server creates in the form code that is required when the form posts back to itself.. and hold all sorts of information the server uses) Doing what you are asking about means disabling the viewstate and that can have big consequences and break certain things.
Basically you cant just put a form on a non-protected page and post to a protected page if the viewstate is enabled. Disabling it can break certain web controls like data grids .etc etc.. and can also have an effect on how the session is managed at the site and sometimes disabling it is not possible depending on what is going on cause you need it.
I am still doing research on the whole thing, but it looks to me like doing that is going to have a tradeoff of some sort.
That does not mean this isn't possible somehow. I am still researching and I am also going to see what John Evans thinks.
I told you .NET was complicated.
As for your other question that is something you have to sort out on your own by editing the code and recompiling it based on your custom project needs. It is not something I can help you with. , Along with being able to set an expiry date or number of impressions, is it possible to add another option for a banner to be "non-expiring"?
With our current ad software (which we are transferring all data from to ASPBanner), we run banners for both paid advertisers, and for our own services. The banners relating to our own services, we would like to set to "non-expiring" so they appear all the time. , here is a thread that may help you if this is what you were getting at
http://support.cjwsoft.com/code/moreinfo389-1.htm
, I dont know. Perhaps a fresh installation in a new folder would be a good idea as well if possible..
for troubleshooting sake..
, Christopher
Thanks for a speedy reply. This is what I have used most recently...
ListingsConnectionString = "DSN=longreach;UID=lradmin;PWD=skipper;"
DatabaseType = "SQL"
but that throws an error of:
[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified
I have private messaged you my SQL server IP address. I am a fast learner with ASP (I think!) but some things really catch me out!
, ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the image in 2 ways.
- We use Javascript right click disabling code that works in both IE and Firefox.
- We stream the image via a special password protected ".asp" page and use an image tag to call it. This hides the true location of the file. You can therefore keep your images out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the img tag html source they can not tell where the file came from. Doing all of this allows you to offer certain images only to people that are logged in.
All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.
For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.
Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41
, Attached is a SQL script to create the ASPProtect Database with the Option Pack Changes already applied. This lets you create the database in one step and you wont have to make the option pack changes as they are already there.
This only applies to people using MSSQL and doing a new installation.
This scripts are run via SQL Enterprise Manager.
You make a new database then run this script on it in query manager.
2004-06-14_180056_aspprotect_w_option_pack.zip cwilliams38152.7522569444, A very common and extremely bothersome error encountered when running ASP apps that connect to a database is the "80004005" error. It comes in many varieties.
These articles cover it.
(an article I wrote)
http://www.powerasp.com/content/hintstips/permissions.asp
(more articles)
http://www.aspfaq.com/show.asp?id=2009
http://support.microsoft.com/default.aspx?scid=kb;en-us;3065 18
http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=115
http://www.macromedia.com/support/ultradev/ts/documents/8004 005_cannot_open_unknown.htm
cwilliams38102.4447222222, I just moved servers and now my "code" ads are giving me errors...
"google_ad_width" is undefined.
I have tried adding the width and height... taking it out.. all the basic stuff.
Any ideas?
TIA 
, I guess i am not being clear as to what i am trying to do. As far as the event thing... lets hold off on that for now. It seems Chris has answered my question and i am on my own for that one...
As far as the log in goes: I went to that site you mentioned;www.CafePress.com to see if they had what i was talking about. and they do. Notice on the bottom of the page it says "sign in to your account"
I want that option on my home page where users can sign in to go to their account. It will either take them to a page where they can update their info, or it will take them to a protected page. Pretty much instead of posting a link on the site to say... click here to go to members.aspx and have it return an "access denied" the user can enter their info from the main page and be automatically re-directed to that members.aspx page.
I know how the viewstate works and i also know what that returnURL thing does..pretty self-explanitory.
Hopefully that makes things easier. I just want a user to log in from the homepage and be redirected to either a protected page or their account page...
(as does that cafepress website)
, sure, there are reasons AOL would block the email.. it might think it is spam or it might not like the fact that fact that a cdonts generated email has no MX records because it can not..
for more on MX records read my CDOSYS article
http://www.powerasp.com/content/new/sending_email_cdosys.asp
as far as the emails not being sent because notifications are off. I was not aware of that and will try to look into it.. Version 6 is no longer worked on but if I can find the time I will check that out
, We would like to use some of the variables from the user account in our web pages after they log in (something like, 'hello <user>"), but for professional printout reports using company name and user.
Could you offer some help as to what variable string we use to print that information on logged in pages?
By the way, the program is working great!!!
cwilliams38446.6302083333, any asp code that accesses an access database, writes to text files, or allows for picture uploading will need permissions set on certain directories
every application out there is going to need permissions set at some point
its just a fact.. and if your hosting company does not give you a way to manage permissions or have it done when you ask they do not know what they are doing and they are not supporting your asp hosting needs
see my article for more info on the whole process
http://support.cjwsoft.com/code/moreinfo136-1.htm
the part newar the bottom talks about hosting companies
, Not a problem. Have a good time at your wedding.
thanks!
, sometimes those emails take a bit... all depend on wht you are using to send them and whether a pickup directory is involved
as for the other I do not know.. PM me the site details I can look
if it is a 2003 server parent paths must of course be enabled.. its a requirement of aspclassifieds
, When a new user adds themselves to the db thru the registration page, no user id is assigned in the User_id field. I can't access the page on-line due to an user_id related error on the page. I must use access itself and add the user id. After that, everything works as expected.
What have I done?
, Yea.. that error is totally because the asp pages are looking for fields in the database that are not there.. and causing a nasty loop.
if using the option pack you must go over the directions very carefully...
Make sure everything works step by step..
After upgrading to option pack code you either need to upgrade the database from the base system or use the newer database provided with the option pack.
Then.. you want to test every function of the groups.. if pages act slow and seem odd... especially the groups page and edit users page..
Then your not using a valid database. Either you didnt upgrade the old one, are not using the new one, or your connecting to an older verison by accident and not realizing it.
That's pretty much it...
cwilliams38300.5555671296, Chris,
When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.
All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.
I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP. I hope I expained the situation well enough.
, It really means just what it says. Your connection string is just not valid and the sql server speicifed can not be reached. The username and password could also be invalid. Since you already had a database set up you should use the same username and password you have always been using. You also need to use the same database name you have always been using. Without actually knowing more and seeing what you are doing it is pretty hard to tell you anymore than that.
The directions and sql scripts given are for setting up a new sql database. Applying them to an existing sql database requires a slightly different approach. Modificiations to the SQL scripts elimintating references to the usernames/password/database we suggest in the scripts is also a good idea.
A data connection is a low level as it gets. Until you get that working you are really not even touching any of the code in the ASPListings application.
If you want I have no problem going into your sql server and web and setting up for you correctly.
cwilliams38301.7362037037, Most likely it is no longer supported on the web server. The web host probably moved you site to a windows 2003 server which does not support cdonts or they stopped running the IIS SMTP server.
You usualy wont get an error..
it is also possible that cdonts is boned up as it is pretty flaky and that tends to happen. For example sometimes the emails it is suppost to send get caught up in the smtp pickup directory and never get sent out until the server is rebooted.
You should really ask the hosting company why cdonts has stopped working. It definetly has nothing to do with the code if it has been working all that time. If CDONTS still is supportd tell them you emails are in limbo. Ask them to look and see if a bunch of ".eml" files are stuck in the stmp pickup directly and if so to please reboot the server.
lastly:
cdonts has been deprecated and now everyone uses cdosys.
see my article
http://www.powerasp.com/content/new/sending_email_cdosys.asp
, also.. you could try chaning your connection string to set the current language to english like in this example..
BannerConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspbanner;User Id=aspbanneruser;Password=temp;Current
Language=English;"
I do not know if that actually works but from what I have been researching it looks valid and it may solve your problem.
Also: The value may need to be Current Language=us_english
You'll have to try them, Have you thought about language file so users dont have to go into the code to put it in their language??
, How can i get to this to register someone in the database only after the Paypal payment has been accepted. I was testing it out to see if it makes it to my Paypal account (which it did just fine) then I closed Paypal before paying. I logged in as the administrator and looked at the member list and the account was created anyway. How can I stop this from being created until "only" after the Paypal payment has been "approved"?
What if this person never comes back to "try again"? Now the username he used (and is inactive) is not available for anyone else to use. And it takes up database space.
I am using the Paypal (non-subscription)
Thanks in advance,
scottyFlasher
, btw: who is this hosting company anyway ?
and did they give you access to a control panel that lets you manage your site ? sometimes that is where you manage those permissions if their interface supports it
lastly, are frontpage extensions installed in your web so it can be connected to via frontpage ?
, I disagree...
It would be 20 hours + of conversion and testing. Maybe more.
Like I said, I converted a version fo ASPBanner once to work with MYSQL. It took forever to change all the code (2 weeks of messing around) and get it working. There were also a lot of issues with null values in the database, ado update code that had to be rewritten, cursor type issues, recordcounts not working, etc etc that had to be sorted out. There was a ton of situations where things seemed to be working but later on I noticed there were minor bugs to deal with. It was a lot of work.
ASP Photo Gallery has a ton of asp pages. It is a much larger app then ASPBanner. If you convert it to work with mysql I highly doubt you could have it running well with less than 20+ hours of work. I wrote the app and it would at least take me that long and there would still be bugs at that point.
If you think you could your not used to my style of coding and don't realize exactly how much stuff needs to be rewritten.
Granted, you could get some of the basics running off mysql in a few hours or less but there is just so much little stuff that would give you trouble.
cwilliams38243.9065277778, Sorry, I forgot about that when I got hung up on the install problem.
I'll tackle your explanation now to see if I can get it working. Since I already bought the software I'll keep my fingers crossed.
Thanks
, Upgrade from V6 to v7.x with an MSACCESS DATABASE
1st of all, backup your existing ASPProtect files and database before performing this upgrade. Please be really careful while performing this upgrade. Version 7.x is a highly advanced application compared to any previous versions. CJWSoft under no circumstances is responsible if you lose information or have website downtime.
BOTTOM LINE: (PERFORM THIS UPGRADE AT YOUR OWN RISK)
To do this upgrade you're going to need to have the Microsoft Access Application.
To work with an Access .mdb file it can not be newer than the version of Microsoft Access you are running.
That being said, on with the upgrade..
Open you're existing Acccess Database up in Microsoft Access..
You should see this something like this.
By right clicking on then choosing rename
Rename "Users" to "ASPP_Users"
Rename "Groups" to "ASPP_Groups"
If you do not have a "Groups" table do not worry about it right now.
Now right click and DELETE the Config Table.
Yes, delete it..
You should now see this. (with or without the "Groups" table)
Now, right click on "ASPP_Users" and go into design view.
It should look like this.
Rename the "Password" field to "Old_Password"
Be sure to spell it perfectly using the Underscore
It will look like this.
Now scroll down to the bottom a bit It should look like this.
Now..
If you have a "Groups" Field... leave it alone
If you do not have a "Groups" Field add one and make it a memo field.
Now, we are going to add a few more new fields.
Add a field called "Redirection_URL" make it a "text" field with 150 field size
Add a field called "PayPal_Subscriber_ID" make it a "text" field with 100 field size
Add a field called "Newsletter" and make it a yes/no field
Add a field called "Password" and make it a "text" field with 100 field size
It should now look like this.
(you do not need to worry about the field descriptions.. that part is optional and only seen when working on the database)
Now close that window and save the changes..
Your now going to open up another Access Database while still leaving the one you have on your screen open. You going to open up one of the new databases that came with v7.x. This database has some info we are simply going to copy and paste.
You'll want to open it and put it side by side on your desktop like so.
(the old database is on the left.. the new one is on the right)
Now, for the fun part.
On the new database to the right.. right click on the "ASPP_Config" table and pick "Copy"
Then move your mouse over to the old database on the left. Right click in the open white area and click "paste"
It will ask you for a database name. Type in "ASPP_Config"
Leave "Structure and Data" checked and hit OK
Your old database on the left should now have a nice new "ASPP_Config" table.
OK, now for the "ASPP_Groups" table
If you already have a "ASPP_Groups" table in your old database you are done.
If you do not have one your going to copy and paste the table from the New Database to your old database just like we just did with the "ASPP_config" table.
Your old database should now look like this.
Now, you are done upgrading your database from within Microsoft Access.
The existing passwords still have to be encrytped and moved from the "Old_Password" to the "Password" field
To that we have a special page we run in the application that will take care of that.
So, for now... go install the application, but using the database we just created.
Follow these instructions for the most part...
http://support.cjwsoft.com/forum/forum_posts.asp?TID=181& ; ;PN=1
When you get to the part where you finally get into the admin area and need to make an admin account you will notice that your existing user database is there but none of the users have passwords if you look at them in the edit screen.
That is normal. Simply do what the instructions say and create and admin account using a username that does not exist..
Then log off... then back in as that new admin account. If that works you are ready to convert the passwords.
This part is very easy.
You want to run a special page via the browser.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
Replacing the part in blue with your website info.
Once you get the page running you will see a login prompt and one form field just like before with the "get_me_in.asp" page
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see a page telling you to click here to encrypt the passwords and copy them over.
So do what it says... dont click more than once and wait.
Eventually it should say it is finished. So go log in to the admin area of the system using the new admin account.
Now edit some users but dont save... you want to see if the passwords are showing up. If they are the conversion worked. If you see nothing or a garbled mess it did not work and you made a mistake during this whole process.
If things went well backup and delete the conversion file below.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
You do not need it anymore.
Once you are positive every thing is running smoothly and everyone's passwords are ok you can go in and delete the "Old_Password" field as well.
If things didnt go well.. try again from scratch and go slowly.
If they still dont go well get ahold of us for help.
We are here to help, but if you really want us to we can be hired to do the conversion.
, Thank you!!
Yippee!
Laura
, If things are not perfect there will be no log files and no errors.. it can only be one of these things really
http://support.cjwsoft.com/code/moreinfo313-2.htm
You may also want to make your the filesystem on the server is working and not disabled by norton script blocking or anything random like that. Testing the filesystem object is best done by writing a simple text file to a folder. Plenty of examples of doing that can be found at www.aspin.com
Recent activity is temporary and admin activity in the admin area is not tracked. If your application in IIS has reset or there has been no activity in the users area or in pages you protected there will be nothing there. The busier your site the more chance something will be there. For example usually our online demo has something there except right after 4am when my server does an iisreset.
, Well I have the web hosting tech looking into the memory issues at this point. Unfortunately I don't have another machine to be able to run the asp on that would run it correctly so that I can just publish it over.
, You can also try setting asphttp's user agent property to some browser version like in this example. It might stop that info from showing up when it fetches a page from the server.
<%
Dim BanObj1Http
Set BanObj1Http = Server.CreateObject("AspHTTP.Conn")
BanObj1Http.UserAgent = "Mozilla Compatible (MS IE 3.01 WinNT)"
BanObj1Http.Url = " http://banserver.powerasp.com/aspbanner/aspbanner_inc.asp?Ba nnerZone=1"
Response.Write BanObj1Http.GetURL
set BanObj1Http = nothing
%>
Also... I dont know if these values below will work but I got them from looking at my nt logs.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
And here is more info on the asphttp component and it's settings.
http://www.serverobjects.com/comp/asphttp3.htm
cwilliams38248.6481365741,
Timecard Entry: 3/25/2006 4:31:46 PM
vermont internet: layout and content development, billing - printing invoices, preparing money for Clayton., Study ASP and ADO, made a minor update on who's who section on mccadam.com web site, Normal overnight TS duties., Power FSBO, Driving up to Hogansburg. Miles=100, call Mike B. at KSP to update on status, Attempted to remove the antenna stand but there weren't any tools. I attempted the wireless card again. Updated the reports and helped Heike on a few items about them with something she has to do. Gave the cancels to Jodi, E-Mail, Voice-Mail, Packup, Revise 507 RSD Lease, Thanksgiving, daily reports, worked on some routing issuses...... removed a bunch of static routes fixed some problems with rip., SoftMLS2 AT HOME... Working on all those changes and fixes, worked on some sql stuff, Online - Excel class, MS Tech Support re: MMC, CANCELLATION REFUNDS AND POSTED CC CANCELS, Customer has problem w/being billed for consultation. Looking up invoice and finding what I spoke w/him about on time card., web billing, a user with no dial tone. a few general calls, follow up from meeting with Dave, invoices, Troubleshooting problem with NS1. Personal and business web pages show old data.......discovered pages were never moved from NS0. Pointed www.imcnet.net back to ns0 until we can safely move them, Looking over database Lisa sent from dynoport. Contacting forever broadcasting so they can review public events calendar before making it live on site. Cannot access site on bills machine. Finding IP address., finished up with dave, Review Governing Board resolutions, MEETING WITH THE C-21 PEOPLE IN FULTON TO EVALUATE OLD MLS SYSTEM, callbacks from voiemail. checked emails, taking signups, quality check signups,answering phone, incident report, cc report, invoice cancellations. ,
