Blog Entry: 3/25/2006 4:27:26 PM
Hi there,
Just bought ASPProtect 7.0 last week and just got around to installing it. I've gotten through the installation and am now trying to test the (Forgot Password) functionality.
I get the following error when I type in the e-mail (or in some cases the username) and Post the form.
Error was [11004] Valid name, no data record of requested type
I know that the add user functionality is pointing to the correct database (I see the additional rows via SQL Enterprise Manager) and that the e-mail address I am looking for is in the SQL database.
Any ideas? Any other information you need?
Thanks,
Toni
, ok,
when you say "we have set up to use the Subscription services exclusively for all new members "
I am sorry to have to ask this again but what does that mean exactly ?
how was that accomplished ?
The reason I say this is because when a subscription is created by a user through the normal channels.. meaning they went to the paypal subscription directory and either started a new account or found their old one to start a subscription with.. either way the PayPal Subscripber ID that paypal assigns is added to the database for that user and the expiration date is set to null.
Now, that being said the function that sends expiration emails to users will NEVER send an expiration to a user that has info in their PayPal Subscriber Field in the database. I just double checked that.
So that is where I am confused ? How did all these users get set up to use subscriptions and not have the PayPal Subscriber ID field popluated in the database ?
Seems to me the only way this could happen is if you set some stuff up manually and the PayPal Subscriber ID for each user never got put in the database. That and the expiration date didnt get set to null.
Again, I am sorry to keep asking this but it just seems to me that something else must be going on that I am not clear on regarding how you upgraded these people to use subscriptions.
In the end I think the answer may be to manually make sure each old user now using subscriptions has their PayPal Subscription ID set in the database as well as their expiration date from before set to null. ,
Your users with Internet Explorer may have received the "Page Expired" error. For ASPProtect users, it happens when the user is not logged on and tries to invoke the target page. check_user_inc.asp puts up the login form, and IE sees it as part of the target page. Any later attempt to Back up and reload from cache gives the errror.
My solution was, after successful login, instead of falling through the bottom of check_user_inc.asp and running the target page, I issue a re-direct to reload the target page. I also added META tags on the dynamic login form to say no-cache and expire now, so the re-direct really does reload the target page. This time, of course, check_user_inc.asp does not need to put up the login form, and the new target page in cache contains no form at all. So, IE will not give a Page Expired error when Backing up to it later.
Netscape, and I gather other browsers, do not behave the same way, so I limited the solution to IE. Also, the solution only works if the target page has no form of its own.
I'm uploading my customized version of check_user_inc.asp that contains this solution. (In it, I also used the Javascript focus method to place the "cursor" in the Username field when the login form loads.)
2004-11-22_050940_check_user_inc.zip cwilliams38313.494537037, It's seems to work fine after renaming the file, rebuilding the application, and editing the web.config file to point to login.aspx. It looks like I can use your fine product and thanks again for the help. It was unusually easy. Merry Christmas… , Probably not... javascript calling complex javascript is not a good thing and is often a problem.
I would try one of the other methods such as the xml parser if possible. , Can we get access to the source project files for ASPProtect.net since we'd like to put in some of our own branding on the pages and not everything can be done in HTML.
Thanks , Has this been resolved ?, gotcha...thanks. , A mod like this would improve tracking by leaps and bounds.
Do you think this addon would be availalbe anytime in the near future? If/when this feature or mod becomes availalbe, it certainly would be ideal if some script was made to import all the log file data. , Why all the pages at the directory .../password_admin/ are very slow to open online? vaghelis38300.5280208333, Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS? , as an update... it is now possible to use Website Payments Pro with classic ASP..
However, you basically need to own/run your own server because of certificate signing and special things that must be installed on it. The certificates you have to generate requires your paypal username and password so it's definetly not something hosts are going to do for people.
So... this still isn't plausible at this time..., ok, Excellent.
Payment now taken in £.
Pasted <input type="hidden" name="currency_code" value="GDP"> into
paypal_signup/paypal2.asp
Thanks Folks.
, Testing for XML Parser Support
the microsoft xml parser is generally installed by default on all new server setups..
It allows ASP code to make calls to other pages anywhere on the new as well as a lot of other handy things..
download and run this ".asp" page to verfiy that it is installed and be sure it is available for you to use
2004-12-10_132620_test_xmlparser.zip
Make sure you run it from your web server through the web browser cwilliams38331.5621180556, Hi,
First and foremost, a great product. I downloaded it last night and it took little effort to get it up and running 
.....now a little question...
Has the software/code been tried out on a Mysql db and if so did it work?
The reason I ask is that my website is very busy (1.5million page views per month avg) and I'm considering converting the ASPBanner Access db to a Mysql one to help handle the traffic. For every page view one banner impression is being made which means that the Access db is under a bit of pressure
This afternoon there were 1012 simultanious users on the website and it froze with an error message displaying where the banner should have been (I didn't quite catch the message but something to do with the banner script timing out). I'm not sure if the Access db had something to do with it but it seemed too coincidental. Rebooting the server cured the problem but obviously kicked off the visistors as well
At present there's 668 online and no problems so I'll have to monitor it to see how it goes but if anyone can answer the Mysql question I'd be grateful
Thanks,
Dave , Humm, I can see all those pages loading just fine at both domains so you got me pretty confused at this point as you just said they didnt load.
regardless, the data connection tests are failing with both of them.
so let me ask you again how are you setting permissions on the database folders? , If you have messed up the admin account or forgotten the admin password you generally should open up the database manually and add a new account or see what the old account is.
In version 7 however you have another option. Go through the installation instructions again. Specifically the part where you use the "get_me_in.asp" page to get back into the admin area by pasting in the password encrpytion keye you are using from your config file. , Chris,
D'oh! How completely obvious! 
I got it now. (In Step 4, by the way, you need to click on the web site, not the directory. The directory has its own Properties menu, which is competely different than the Properties menu for the web site.)
Thanks for the fast response!
Robert
, It is not something I did when I wrote the emailing sub routines. You would have to edit the email sub routine for CDONTS and add something to it most likely. The email sub routines are in the "scripts" folder in the "emailing_subs_inc.asp" file.
I am not sure you can do that when using CDONTS though I think you can do it with CDOSYS. You would have to do some research and edit the code like I mentioned.
, Its not a known issue.. I would try the original code before you made any changes and see if it still happens to you.
It seems to be working fine here for me in amy test web.
I am going to look into some more in the meantime.cwilliams38341.7166782407, Hi Chris
Unfortunately the bl**dy server was down and unavailable for 17 hrs so I couldnt even get to see what the settings were!
It is on, the relevant users appear to have all rights for the data/tempstats folder.
I'm guessing you're going to suggest turning it off and see if the problem still appears.
Colin
, Thanks dude, I'll figure it out. I've been ripping apart pieces
of the code to get it. I'm in the process of pulling some things
out to make functions that do specific tasks based on your code.
I actually had a lot of luck yesterday with it.
, I purchased two site licenses for ASP Protect a while back and am now trying to implement the application.
The connection to the database is fine, because it recognizes the user and displays the user name. However, there must be a problem with the permission because I get the DNS error information from the On Error in the check_user_inc.asp file.
I set the permissions on my PC as you indicated, both on the folder and the database file. But get the error and cannot access the database to view or modify. I also uploaded the file to my web server and set the permissions as well, but get the same problem.
You mention on your forum that it is not the code, but I don't understand if the code is correct and if it finds the database and the permissions have been set as you indicate, why doesn't the code work? , Okay Chris, I wold like to get rid of the encryption then if it's not too much trouble.
I have no option of running the production server against an ms access db, since the db needs to be online and accessible from another system. , I downloaded v7 3/7/2005
I entered a password that was supposed to be all caps with only first letter caps.
it is odd, if I go to other user and enter wrong password that does not come up. it apprpriately goes to a screen that says Access Denied.
thx , 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., Encountered another issue. When entering a user name correct but the wrong password get the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '(Username = 'ROBERT') AND (Password = 'Z£$'.
/check_user_inc.asp, line 115
Did I do something else wrong?!
Thanks , on that particular page check the session variables manually (not using the include)
that way you are keeping the login access checking to an absolute minimum, elminating any form processing from the login procedure, and keeping the upload script happy
like so
<%
If Not InStr(Session("Groups"),"*1*") Then
' do whatever
End If
%>
you could response.write something followed by a response.end
or you might even want to response.redirect them to some other page that using the "check_user_inc.asp" where they can log in
And if you are going to be using a free asp upload script use this one as it is probably the best pure code upload solution available as far as performance goes.
http://www.freeaspupload.net
, Because employees and sales reps might leave or go to work at competitors without our knowledge and we can't have them get an perm account so we need to implement some sort of expiry and then review their account with them., How to set a new users expiration date.
You'll need to edit the "users/add_new_account.asp" with a text editor.
Find this section..
<%
CmdAddUser.Fields("ValidateEmailCode") = ValidateEmailCode
CmdAddUser.Fields("Access_Level") = "4"
' PUT YOUR CODE HERE
CmdAdduser.Update
ID = CmdAdduser("ID")
CmdAdduser.Close
Set CmdAdduser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
%>
You'll want to add code like this right between the Acccess_Level and Updates section
CmdAddUser.Fields("Expiration_Date") = Date + 60
That will give take todays date and add 60 days to it.
You can of course do whatever you want here.
Actually, any database value for the user can be set during registration.
You can also change the default Access_Level to whatever you like.
cwilliams38088.4986689815, I assumed when it said "expected path" that it understand that was the default and unless I wanted it in a different directory I could leave that blank. I'm checking on it now., ConnectionString = "DBQ=C:\TradersReportsCom\aspprotect\data\database\ASPProtec t_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
I have already set the folder permissions as indicated in the documentation. , you basically have to edit the html in the links in the various pages and remove them... some are in includes files
use a text editor and be causious / back things up before you remove links so you can revert back , Thank you for the response to my question. In the mean time if I can figure any workaround I will post it here. , Hello,
It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.
I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.
But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file , ok.. There are various spots that call the end_date variable. That is why I am asking. Then incorporating it into the forms that have been developed, made me wonder.
, I just installed ASPProtect on my site. The instructions were definately on the target. Very very good instructions.
But... Isn't there always a but ??? 
I needed to setup my site with MS SQL and it is hosted so I don't have Enterprise Manager. I tried the web based Enterprise Manager and any other one I could find. But, I kept getting errors when trying to use the SQL Script.
I finally had to go back to my work where we do have the licenses and get an SQL Admin to use Enterprise Manager to run the script and it worked finally.
I don't know if this is a common problem ??? But, maybe you would want to look at the SQL Server script or make a different version that would work with the Web Based SQL manager.
Thanks , no, its part the concurrent login checking system.
currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)
when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over
sorry
as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional. , Thanks for the information. We added the name manually instead of using the App_Name variable.,
Timecard Entry: 3/25/2006 4:27:26 PM
enter bills, lunch, Minutes, Worked with Security Codes, receiving, Went to Alex Bay with KV to set up display and room at Riveredge for Breakfast meeting., everydaydad/infolease, BARTER-finalize designs for Burlington P&R site, chow, Driving to UCPA in Canton. Miles = 65, Switchboard, billing calls, authenticator on 779-2360 down, radius4 down, deposit, enter, to bank, supplies @ Big M, BYOWS - Step 2 - Adding paging options for unlimited templates, display 6 thumbviews per page, forward & backword buttons, etc., batching and answering phone, billing issues, *CommArts, folded and mailed on a small amount of invoices., Mary and cathy did the rest this morining. , Marketing, mailer, PO's, emails, filing, Online emails and online issues, watn city school district, Lafargeville Central - Adding new student. Preping db for next quarter., Read and respond to Email, Lunch, Traveled to the site and got the equipment setup while speaking with Lyle, training at Nortel, Did some modem checks, **Agency Ideas, Randy called me and asked me to help him make the homepage run a little faster because he is really busy and really needed dome help. So... we discussed optimizations and things I could check and I started doing them.
We are doing this because the home page loads really slow and this is a mini priority because its makes us look bad.
changed users in global from 400 to 1200
This efftects how often the code fetches the news info and event data... etc etc
knocked out bunch of redundant tables
which ended up getting rid of about 7k of html code
not a lot of loss in k's but in actually much less table code for the browsers to interpret
page seems to be ok (even with jason) so I put it up
still have more to do... page seems to load about 7 seconds faster now on a 28.8 modem.... will try to think of some more things to do to it to make it faster but... there really isn't much more I can see that can be done... except for reducing the amount of text which isn;t really an option., checked and replied to email.,
|
