Blog Entry: 3/25/2006 4:39:22 PM
(Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , at some point I can do the users in mass correct using the import feature in aspprotect right?,
oh, its timing out during the import ??
I didnt know that. I thought you said it was timing out after when you tried to log in.
That changes everything...
Let me start again cause I think I know the problem., I have been having some display issues with the .NET version of ASPBanner. I set the size of the image, and I set the size of the banner and there is still white space above and below the image. I am not using a text link below the banner, so I have it set to blank.
Here is a link to my page.
http://www.nababaseball.com
Two of the three banners in the rotation on the main page have non-white backgrounds so it's easy to see the issue I'm talking about.
Is there a way to tighten up the formatting so that the image fits onto the page in the size specified?
JDooley , I have been using this solution for over a year now and think its great, however I recently logged on to add a banner and when I clciked on the link that opens a window, displaying all the gifs in the directory../images/banners/, now images showed up, however they do exist in that directory.
I recently upgraded my computer and am now using windows XP...could that be the problem?
Thanks
, Hi,
Ok, well... you have a lot of stuff going on there.
More importantly than that.. you cant even log into the admin area using the admin account. There is something majorly wrong with the installation.
I also notice you havent even saved any path settings in the settings page of the admin area. I am looking that over now and filling in the missing info. That information needs to be populated. , How do I change the character length for the description field? , Your assumption was incorrect.... the login count has nothing to do with that. The login count only has one purpose and that is to limit the amount of times a user can log in if you want to do that.
Logging in for the 1st time means the time at which they 1st login and their session at the site is created... If there session ends and they come back and login they will get redirected because it will be the 1st time again.
Forms Based Authentication is all about sessions and session variables.
If you only want them redirected somewhere based on the login count that is something you have to work out and check on your own. It's very doable.
Seems like now I should have explained that better but I never thought anyone would think it meant what you thought., thanks!! the file took care of the extra slash. I also fixed the problem by modifying the permissions.
dazed , hi,
no.., not unless you come up with some clever way to handle it on your own
http://support.cjwsoft.com/code/code_info.asp?TID=369&KW =https
read 2nd to last post
The way ASPProtect ships it is designed to either be in http:// the whole time or https:// the whole time.... (there curently is no solution from me allowing going from one to the other)
sorry
, Are you reffering to the number of the left of the users name in admin.
I thought it was a counter at first but that number only displays the number of albums they have set up. , thats a new one... I need some sort of error to go on..
No error ever ? It must eventually show something ? , With ASPVendor you must use the SQL scripts we provide with the SQL Version to create the SQL database or else fields will not get set correctly.
I wish you would have told me you were using SQL server. It's important details like that that allow me to help and troubleshoot. , Will do!
, Hi,
ok, I am a bit confused... you make it sound like as if you are running a different version than you were when you ordered this a couple/few weeks back... that confuses me because you were able to log in to the admin area of aspprotect.net before? weren't you ?
there have been no changes to the download or the version in quite some time ?
I guess I need more information to make any sort of guess at this point. I do not know enough., yes, usernames and passwords are both case sensitive. It increases security. , I do not really know a lot about but it is basically code that lets you specify however many number of images and links... and then display a certain number of them at once.
You'd have to search google for it.. there are 1000 of sites that offer free javascript code and that is where you find scripts like that.
You could certainly set up all the images and links for each banner in aspbanner but if you used them with code like that you be limited to tracking clicks on banners. Tracking page impressions would not be possible because the javascript would be handling what images get displayed at any given time. Basically each link for each image would be going through aspbanners tracking url feeding it the banner id and therefore tracking the click and sending the user to the desirec URL.
Regardless, it is not something I would support. You would have to sort it out as it is nothing ASPBanner was designed to do and not something I want to deal with because client side javascript code is not something I am NOT very good with. , Sounds crazy. I recently took over this web site and all IT duties. User today said member area was not working. All pages would not display. After restoring some files I got the members area partially working. But I cannot find where the database sits. I am able to get in and view users in the admin are and log in as a member. Thanks., Hi,
I am just wondering if anyone else has had this problem. Even though the guestbook is empty, it takes just about 20 to 30 seconds for the guestbook/default.asp lto oad. Is this normal has anyone else has had this problem.
Thanks , I've encountered another problem. When i edit the link for existing banners and save it, the banner reverts to the old link instead of the new one.
The directory where the the database is located to rwed so the permissions is not a problem.
Any advice?
Thanks
, lmao ... ya that has never happend to me before.... , Thank you.... yes it does
Is there a limit in the number of Zones you can have in the database.
thanking you , the sql databse is the same.. the sql script is the same for any version
as the site says they are essentially the same app with very minor changes... if you are trying to share the same sql database with both it's not gonna happen because the table names are the same
truthfully:
that app runs nealry as well with msaccess as it does with sql so I wouldnt get too excited about running it withe sql. You will not see any benefits unless you have a ton of simultaneus (sp) users. cwilliams38312.1125115741,
I pull that crap on myself once and a while... or my
favorite is leaving a bootable CD in the drive and then wondering why the heck
the OS doesn’t come back up. I pretty much promised myself back in 2002 that I
would never mess with anything minor after 10PM. For whatever reason I always
start messing around trying to "fix" something and end up sorry...
Granted if it’s an emergency I am all for it, but I get dresses in advance
anticipating the practically inevitable drive down to the datacenter.
Good luck with that, I am sure you will be much better off
in the long run.
, no the "expected path" is something that gets generated for you if you have parent paths enabled. to help you fill things in correctly...
basically if parent paths are enabled it shows you what the path should be for each path field on the settings page... if parent paths are disabled there will be nothing to the right of expected path for technical reasons (lack of being able to do a "../../" to figure out the paths more or less)
in that case there is a file called "expected_paths" in the data folder that you can run to tell you the expected path info
, re-edit the banner to ensure your change was saved..
if it has been written to the database thats good.. if not it is a data connection issue most likely..
if it did get saved... though it usually should not take time to apply it make take up to an hour for the change to take effect in the actual banner rotation.. give it a little time, hi,
Sounds like permissions.. the text file that the config file data is not being written to.
open the file "data/config/aspbanner_unlimited_config.asp" with a text editor and see if your values are getting saved.. if they are not its permissions to that folder and file as far as not saving config settings goes.
You may also want to check out "data/show_path_info.asp" which if run from the browser has info on manual/alternate setup scenarios.. as far as what directories you put things in and also editing the config file manually.
lastly make sure the filesystem object is not disabled by something like norton script blovking or something similar which can also cause trouble regarding writing to text files.
, if it is your own XP machine there is no reason you should edit that config file manually.
simply set permissions on the data folder and all the folders in it and the application will write to the config files on its own... if you are having problems chances are you are not setting permissions correctly.. please read all of this
http://support.cjwsoft.com/code/moreinfo56-1.htm
if is not an XP machine (your post was confusing and I am not sure) then this is an article for 2003 server
http://support.cjwsoft.com/code/moreinfo136-1.htm
Most importantly whats the real error ? error 500 does not help figure out anything
http://support.cjwsoft.com/code/moreinfo11-1.htm
lastly make sure you go into iis and make that web its own application , It's seems to work fine after renaming the file, rebuilding the application, and editing the web.config file to point to login.aspx. It looks like I can use your fine product and thanks again for the help. It was unusually easy. Merry Christmas… , I just told you a lot of different things to try... and I doubt you have tried them in the time since I mentioned them , we ended up resolving it...
the physical path being used was invalid, Hi Chris
I've just recently purchased ASPBanner and have been testing out serving multiple Tradedoubler code using the IFRAME method. I have four types of banner on the same page refreshing every 15 seconds. (this will change on the live site)
I've been leaving the IE page up for x hours and coming back to find between 1-3 of the banners has stopped and in place is an "internal error".
BannerZone=3&Refresh=15|40|800a0046|Permission_denied 80
I thought it may have been the SQL permissions from one of your other messages so I gave the banner user the DataReader and DataWriter permissions.
Its still happening and around the same time in the logs theres a couple of file not found errors.
BannerZone=2&Refresh=15|23|800a0035|File_not_found 80 - 80.65.240.159
BannerZone=4&Refresh=15|25|800a0035|File_not_found 80 - 80.65.240.159
BannerZone=1&Refresh=15|25|800a0035|File_not_found 80 - 80.65.240.159
Any ideas? I'm hoping its not the server as there is currently only 2 sites on it and this is pretty much the only traffic.
Thanks
Colin , do you have the url path to the registration page set correctly in the settings cause not having it there would do that ? , in the version you have changing it is not something we covered
I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
, Hi there, I am not exactly what you mean when you say "moved some of the include files to user"
are you saying you are moving files around ? I am not sure what you mean there.
but.. the parent path issue is described in detail here
http://support.cjwsoft.com/code/moreinfo5-1.htm
Having is enabled is actually a requirment of the photo gallery application as stated on the web site
http://www.aspphotogallery.com/aspgallery_pro.asp
You can certainly still use the apllication but as that article says you will need to change any file includes to virtual includes so they will work with parent paths disabled
, Oh also, I tried to run the asp on my machine (win XP) and unless I'm missing something fairly obvious, I cannot get it to run correctly...when previewing it, I see all the code instead of what I should be seeing., Glad it is working.. for anyone reading this the customer bascially did this
http://support.cjwsoft.com/forum/forum_posts.asp?TID=36& PN=1
That being said asp photo gallery actually has a few more places that send email that you going to need to modify as well. Off hand the reply to album, admin massemail, admin send email,and postcard features come to mind possibly as 3 of them.
using a multiple file search and replace utility like ReplaceEm would be the easy way to do all of this in one step and find all the instances
http://www.orbit.org/replace/
cwilliams38420.4424537037, I'm using ASPimage and have the maximum width set to 320 in the settings. Also using SAFileUP ver. 4.0.
Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.
Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.
Suggestions? lancem38326.9070486111,
Thanks for the quick reply.
I will consider editing the code. , that is because passwords in the import/export files are encrypted.. if you make one of your own you need to use the rc4 function in the "config_inc.asp" to encrpyt your passwords just like the aspprotect system does (requires knowledge of vbscript and integration into your export system)
now, there is a way around this
if you want to import a file you made with clear text passwords edit "import.asp" beforehand and change
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = UserArray2(5)
to
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = RC4(UserArray2(5), PasswordEncryptionKey)
that way it should convert your clear text passwords to encrypted while it does the import
this post also addresses this but in the reverse scenario
http://support.cjwsoft.com/code/code_info.asp?TID=261&PN =1&TPN=1
I hope this helps you because I really do have to leave the office like right now. Very late for a dinner meeting.
I should be back on the computer later tonight or tommoro morning ,
Timecard Entry: 3/25/2006 4:39:22 PM
Excel lesson #7, Wtn to A-Bay, Pretty busy... the calls started coming in around 5 or so when the circuts filled up... kept up as much as possible., meet with beth, bob nelson, chris williams about new softmls, evening NOC detail, phone calls, emails for current wireless and WAN projects, SunRise Training, Bell RTAS - Manhattan, Otsego-Delaware seminar in Cooperstown, Lunch, working on new tech support firewall router with DHCP, Webmin, SSH, SSL, IPMASQ, LPD, Worked on Callback sheets., Steady morning Duties:quality checking sign ups, cancellations, reports, answering phone, callnacks from voicemail , checked email. , tibait.com - tried everything to get it to create thumbnails on the fly. It's just not working!, Business Fair, slower now radlog, phones, Emails, Tasks, Inform Randy, pickup Rental, ILEC Handbok-Paul, company picnic at Wescott's Beach, phone calls, email, continue to help Bill with Sam Keep test, Working on site for web sales and networking for website management, email, phone calls, technical support supervisor duties. helped techs with issues, maintained and managed --- qlight, radlog, new user call backs, expired user call backs, dial up issues, ask us a questions, voice mail, emails, emonitor, NOC calls, follow ups on noc and customers, customer calls in, calls made out to the customer, radlog, open incidents...., Helping move, put together desks, etc. for new front office., had some email problems. had some modem problems, Setting up Server for use with CostGuard demo, Worked on dis-assembling that desk and moving it., quick sub, prepare additional sample process documentation for Jeff Wood, GoGisco.Net - Removing html lines between upload component listings. Making ''left'' the default alignment on all pages., I e-mailed users about AUQ and DUI for the last 1/2 hour, since it had slowed down. ,
|
