I'm getting this error when I try to login:

 Active Server Pages error 'ASP 0131'

Disallowed Parent Path

/gallery/users/login.asp, line 19

The Include file '..dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

If the physical path isnt right and the permissions are not right it just plain will not work. You will not get an error.

If the filesystem object is disabled on the webserver it will not work either.
Something has to be wrong.

Please start a new thread when the topic changes.. thanks

It helps to keep the forums organized for other users in the future.

Change the action of the form to the page you want them to log into.
Make sure the page you send them to is protected by the "check_user_inc.asp" file.

<center>
  <table border="0" width="400" height="200" bgcolor="#000000">
    <tr>
      <td bgcolor="#F4F4F4">
        <form method="POST" action="memberarea.asp">
          <input type="hidden" name="Status" value="Checkem">
          <p align="center"><font face="Arial">ASPProtect Login</font></p>
          <div align="center">
             <center>
             <table border="0" bgcolor="#C0C0C0">
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
                 <td><input type="text" name="Username" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
                 <td><input type="Password" name="Password" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
                   me signed in on this computer unless I log off.</font></td>
               </tr>
             </table>
             </center>
          </div>
          <div align="center">
             <center>
             <p>&nbsp;<input type="submit" value="Login"></p>
             </center>
          </div>
       
        </form>
      </td>
    </tr>
  </table>
  </center>

Hi,

Sorry, but the way the system works you can not call an individual banner like that. It just not something the system was meant to do.

If you wanted a specific banner to show up at all times you would have to make an individual banner and a zone just for that.

After looking at your site since you have so many banners there I dont know if that is the greatest option for you. It would also put a lot of stress of the Version 7 software because it is not really meant to call so many banners zones at one time on one page.

If you could live with tracking clicks on the home page but not displays I would suggest making banners for the home page in one zone. Then hard coding the banner images into your homepage like you already do but linking to the tracking part of aspbanner instead of where they would usually link to. That way you could at least track clicks and there owuld be no performance issues.

for example.. one of the images might link to
http://www.poconocommuter.com/aspbanner/banner_redirect.asp? Banner_ID=4

which would track clicks for you.. and then send then wherever they are supposed to go

Good Morning - I am receiving an Http 500 internal server error when I go to add a new user via the register.asp page.   the url when the error appears is: .../users/add_new_account.asp

I think the error has to do with my email component setting - becuase it works fine otherwise.

I have the email component setting set to CDOSYS (using remote server) with the mail.remote.server set to email.cidra.com - email address set to webmaster@cidra.com

Note: I receive the email notification and the user does get added.

Can you help please? Shirley

UPDATE...I just figured out that it only errors when the email address I use for the user is NOT from cidra.com -- Any idea why?

Hello,

It is very possible (just basic ASP and database accessing techniques)
It is just not the sort of thing I support in the forums as it is a customization related.

Even for me something like that would take 1-3 hours of coding time. Basically, it is just not something I could just explain to you real quick.

You might want to pick up a good book on ASP or check out some of the great resources out there. http://support.cjwsoft.com/forum/forum_topics.asp?FID=17

Doing stuff like this is relatively easy, but can be time consuming work.


In the future please use a more descriptive topic for yours posts "I need help" is not exactly helpful to anyone else searching through the forums . I therefore renamed your post accordingly.

I really try to keep the forums organized and clean. That's all.

Thanks

I'm using version 6 upgrade and recently some of the users complained that their passwords are no longer working. I was able to replicate the problem as I also experienced the same thing with my account.

Once I reset the password thru e-mail (Forgotten your password?), I am able to login but it fails later. This is weird as I have an identical copy of the code running flawlessly  on my test server.

The only change which I made to the original downloadable code is by adding password encryption using Base 64 encryption.

Any ideas what might be the problem

Hello,

My guess your having trouble setting up a system dsn because the database has a password set on it. Your hosting company most likely sets up DSNs without using the advanced tab which is where the authentication information goes. Or they have some sort of web interface for the customers to use that doesn’t allow setting up that information.System DSN’s are actually difficult to set up correctly when the database has a password on it. There is of course a password on the database for security reasons so if someone ever downloads it somehow they will not get your information.

System DSN’s are not the way to go regardless as you will see mentioned at our support site.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=9&P N=1

You really should try setting up a DSN-less connection. It is the best way to go. They are easier to set up, perform better, and are less load on the server. Any host that wants it customers to use system dsn’s is not on the ball as far as server performance and server resource conservation goes. They are really asking for trouble down the road.

All you need to do to make dsn-less connection is the following.

Get permissions set for the folder the database is in (by your host)… then figure out the physical path on the server to the database by using server.mappath or you simply ask your host for the info.

An article I wrote on using server.mappath

http://www.powerasp.com/content/hintstips/physical-path.asp

Then your connection string will look something like this.. (of course you edit the path to match what server.mappath tells you. And you make sure the database name is correct)

ListingsConnectionString = "DBQ=C:\Inetpub\wwwroot\asplistings\_database\asplistings_ac cess2000.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Another option would be to simply remove the password from the database using MSACCESS.. then try to connect to it using a System DSN without the password. If your host is storing the databases outside of your web in the root of the server then removing the password on the database is not that bad of a thing to do as there is no way anyone will be able to dload it from your site. Of course there is a still a performace loss when using a system dsn with an Access Database

ok, that probably means the physical path you have set for the logfile directory (in the admin settings area) is not correc t

the error pretty much means just what it says

Actually it would because you would just count records for that user that are also active

and yes, users cant delete albums.. they can only turn them off which really means the albums lose their active status

only the admin can truly delete an album the way the code is
(that's just the way I did it for some reason.. I don't remember why)

well, assuming that function works and is vbscript not vb
(if it is vb code it may need some conversion work)

anyway

in "users/add_new_account.asp"

you would put the code for that function anywhere in the page.. it does not matter where as long as it is in code tags <% %>

then.. right under this part of the same page

If Zipcode_Postal_Code_Required = True Then
 If  Zipcode_Postal_Code = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Zipcode_Postal_Code.\n\n")
 End IF
End If

add this

If Check_Postcode(Zipcode_Postal_Code) <> True Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Valid Zipcode_Postal_Code.\n\n")
End If

No guarantees but that is the gist of it

someone has to do something other than me.. i've given up

if i give u the username/pw can you set this up on the network solutions host and ask them to set whatever permissions are needed?

cant do it anymore....

Hi Chris,

I tried changing using Notepad in the config_inc.asp

from:

If  Application("SERVER_SOFTWARE") = "" Then
 Application("SERVER_SOFTWARE") = Request.ServerVariables("SERVER_SOFTWARE")
End If

To

Application("SERVER_SOFTWARE") = "iis/6"

and the albums still do not show up under the categories

Rhona (rookie)

Hello,

If you are using ASPProtect Version 7 it is possible because version 7 supports html emailing. In any other version it would require some custom coding to add html email support. You would have to sort it out by experimenting and editing the emailing code. All the email methods have documentation on the web in some form or another showing how to send html emails.

Also,
sometimes depending on the email component being used and the email client reading the email a link in a text based email will get hyperlinked automatically. For example outlook usually will do that, but it doesn't always in other situations.

Lastly, we have special upgrade pricing should anyone want to upgrade to ASPProtect Version 7. It really has a ton of great features.

Best Regards,

Chris Williams
www.CJWSoft.com

That did the trick. Once again a quick very helpfull reply.

Thanks.

humm, those are some very big images to be starting off with but I am not sure that would cause a problem under the importing scenario

what width are you having the system resize them to ?

What happens when you upload a image manually (one a t a time)

Also, try the import process out with some pictures no bigger than say 1024 and lets see what happens

Permissions and Folder Locations

By default and to keep things clean we store everything in folder called "data"

That folder then has it in 4 sub folders

database (where the .mdb and temporary .ldb files are handled)
export (where the aspprotect export files are saved)
logfiles (where the aspprotect logfiles are saved)
user_pics (where the user pictures are saved)

Doing it this way makes it very easy for a system administrator to right click on one folder and set permissions for that folder and all of it's child folders.

Now, that being said.. you do not have to use these folders.

For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.

You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.

We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs.

Hi,

Actually that is not a feature at this time. Only the admin can add an image for user. If you look at the code for that you could adapt it for individual user use fairly easily provided you are decent with ASP.

That feature will probably be added some day, but there was no time to add it to into the current version and I can not give you a time on when it will be added. The complicated part is making some sort of approval process in case a user adds something undesirable and also limited file sizes which is hard to do without somesort of 3rd party uplaod component being involved.

ok, here is what is going on

you are password protecting an ".asp" page that requires querystring info to run correctly   (example - "somepage.asp?ID=3"")

that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out

this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact

it was a nice feature never intended to handle any situations other than what I just described...

now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info

that more than anything is what is going on..  browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...

To avoid all of this...

One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)

Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.

Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc

So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.

I hope this makes some sense to you.. it is very hard to try and explain

right..

I had to open up the permissions to get it to work.  I now have to go back and uncheck each one for directory listing.. :)

How to set a new users expiration date.

You'll need to edit the "users/add_new_account.asp" with a text editor.

Find this section..

<%
CmdAddUser.Fields("ValidateEmailCode") = ValidateEmailCode
CmdAddUser.Fields("Access_Level") = "4"
' PUT YOUR CODE HERE
CmdAdduser.Update
ID = CmdAdduser("ID")
CmdAdduser.Close
Set CmdAdduser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
%>

You'll want to add code like this right between the Acccess_Level  and Updates section

CmdAddUser.Fields("Expiration_Date") = Date + 60

That will give take todays date and add 60 days to it.
You can of course do whatever you want here.

Actually, any database value for the user can be set during registration.

You can also change the default Access_Level to whatever you like.

humm

expiration dates in the aspprotect system are not used at all when using paypal subscriptions.. all date handling is done on their end actually

and they of course send notices from their system to the user regarding their subscription and when it renews,cancels, etc etc

so I am pretty sure any errors with that would have more to do with the info you used for the subscription setup and possibly any paypal settings associated with it

its hard to say at this point

The smart thing to do I think.. would be to sign up someone using another PayPal account (your allowed 2)... and while doing it be very careful about the subscription setup data.. and then as soon as the subscription is created review all the info in the paypal system and see if the length of the subscription / expiration.. etc etc in the paypal system info looks right..

at least then you can begin to troubleshoot what is going on...

you dont want to use the virtual smtp virtual server method... you want to use a real remote email server with valid MX records..

ultimately though after all that is going is it is out of the hands of the asp code and it becomes issues other then the code sending the email... regarding to whether or not emails get blocked by certain organizations

For example:
I have many aol users sign up for various systems I have running without issue. I use CDOSYS with my own server mail.cjwsoft.com which has proper MX records set up.

I would also try to determine the difference between blocking and spam/junk email filtering. It is impoirtant to truly know what is going on.
Sometimes adding more information to the body of the emails going out will eliminate the junk mail filters from gettings the emails.

Then you have the various open relay lists that places like AOL use. If your email server or IP sending the email is on those lists for spamming you do not stand a chance. That is all out of the hands of the ASP code.

Login failed for user 'aspgallery'.

Okay, shouldn't this be trying to use aspgalleryuser?

Lance

If they changed the paths they moved the site.

That means permissions for the database folder must be set again.

If permissions are not set and you are not using the correct new path info then you will still get errors.

Those errors the server reports back and quite generic and do no mean exactly what they say. They just mean everything is not perfect.

And everything just has to be perfect..

when you get back to work.. your   "redirect.asp" needs the password include file at the top of it.. or that wont work either..

and of course those pages you send people to all need to be repaired

yes. what you are talking about has to do with norton ad blocking software.. it blocks images or paths that have the word "ad" in them.. and you see red x's where images should be on web sites.. usually

it is different then what this thread initially mentions which has to do with a code/server issue with the application variables.

The "forgot your password" feature is not sending passwords to users when they put in their emails.

Any suggestions?

Thanks