Blog Entry: 3/25/2006 4:33:18 PM
You can't unless you plan on editiing and custimizing the code.
The application is only designed to have one kind of admin and that kind has full access to the admin area.
You can of course give any user access to stats for their banners via the bannerstats page.
That is how it works. There are no other levels of admin access.
, Message :
I purchased the V8 of the software yesterday. It is running on a 2000 Server with a MSSQL database. It is installed and I get the successful connection to database screen but when I click to enter the admin. console I continually get:
"Connection string not saved in (data/config/aspbanner_unlimited_config.asp) file.
Most likey the data folder does not have proper permissions set on it.
That folder and all of the folders within it need (R,W,X,D) Permissions set for the anonymous webserver account.
These permissions can generally only be set by your hosting company."
I can save the string manually by hitting the button and I have checked that I have granted the proper access permissions. Any suggestions?
Ken,
I'm having another problem-hopefully it's a quick fix.
it tries to go to a page: default.aspx
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested Url: /default.aspx
When i log in as admin from the aspprotectadmin/default.aspx that works fine...
where should the user be sent when they log in? Am i supposed to specify that or is it automatic? Why isnt it working for me? I dont believe i changed any settings that correspond to that either
, like I mentioned are you by chance running something like Norton Antivirus Script Blocking ?? That can cause timeouts and all sorts of problems with ASP as can other software like it. , I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
End If
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>
</head>
<body>
My Protected stuff here
</body>
</html>
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
Thanks,
Mo
, I think this addresses your question
http://support.cjwsoft.com/code/moreinfo144-1.htm
, What am i supposed to do now... i do have another member server that is not a domain controller-
However, i have like 5 websites running on this domain controller already. I have thought about this before how its a HUGE security risk but it will take too long to configure everything on the other computer :(
, Unfortunatley, I dont have an easy answer for you. It is certainly doable but adjusting the code so people assigned to certain groups get specific expiration dates means a lot of code work and time. It would probably even take me a long time to figure out.
The fact that users can belong to more than one group also greatly complicats the whole idea.
You can certainly assign an expiration level when someone signs up. That is easy and explained in the forums. , You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp
You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.
If it is 2 directories down it should probably look different..
example:) "../../checkuser_inc.asp"
It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.
Also..
The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.
Lasty…. If you are logged in at the time
Whether your current session at the site is still active… or you have the cookie set to remember you.
Well, nothing will happen… cause your already logged in and you will just see the page as normal.
Perhaps things are working and you just don’t understand that part ?
You need to go to the log off page.. log off… then close all instances of the web browser windows..
Then come back to the site… then see if it prompts you to log in.
cwilliams38228.9837152778, When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
Thanks
,
Hi Chris,
Alright. We figured out how to work with both C# and VB, by creating a separate VB web project in VStudio, and then passing the aspprotectnet.dll to the C# project.
Ok. I have another question:
How can our code determine the identity and user_id of the currently logged in user:
Is it Session["User_ID"].ToString() and Session["Username"].ToString()?
thank you
, The version of aspbanner you have should not matter.
What you are doing here is wrong.
<PARAM NAME=movie VALUE=" http://www.innovationtools.com/aspbanner/aspbanner/banner_re direct.asp?Banner_ID=25">
PARAM NAME=movie is supposed to link to your ".swf" file.
And thats why all you see is black.
I don't think you quite understood all of that information fully.
Your ".swf" files needs to be coded in FLASH to link to the aspbanner redirect url. You don't change that flash calling code like that.
The ".swf" file links to the aspbanner redirect url which tracks the click and then redirects the user to the Link URL
You basically need to code your ".swf" flash file to go to that aspbanner URL or code your flash file so it can take a parameter for the url it clicks to (like the macromedia article talks about. This has to be done when editing the flash file in the flash editor before the file is saved.
If you dont have access to the original ".swf" to edit it and re-save it.. your out of luck as far as tracking clicks goes
, The path is correct for the logfile directory. This is still not working.
, yea.. keep us posted... thats weird, so you are using the subscriptions signup directory right ?
"paypal_signup2" ?
1st.. I would check that the xml parser is working.
It is required for making the post back to paypal.
It is installed on windows 2000 and 2003 and XP by default.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=134& ; ; ; ; ; ;PN=1
Then I would check the actual form page to paypal to make sure it is generating a valid IPN url as a hidden form value. It's the payment page you actually click on that actually takes you to paypal. For the subscription signup system that page is called "paypal1.asp"
You'll want to go through the process starting with the default.asp of the signup folder untill you get to that page. Then you want to look at the html source of that page in Internet Explorer. Your looking for something like this in the source code and you want to make sure it is valid.
<input type="hidden" name="notify_url" value=http://www.mysite.com/aspprotect/paypal_sub_signup/ipn.asp>
It also has to a url on the internet that paypals server can see. It can not be a local url for your machine. Also: If it is not valid we can try hard coding it.
If all of these things are good I'll have to take a look. I have some text file logging I can do when paypal hits your IPN url that can tell us if it is actually hitting that page like it is supposed to. And I can test the system for you by making some 1 cent payments using my own paypal account until we find out what is going wrong.
cwilliams38421.5686921296, Hi there, I am not exactly what you mean when you say "moved some of the include files to user"
are you saying you are moving files around ? I am not sure what you mean there.
but.. the parent path issue is described in detail here
http://support.cjwsoft.com/code/moreinfo5-1.htm
Having is enabled is actually a requirment of the photo gallery application as stated on the web site
http://www.aspphotogallery.com/aspgallery_pro.asp
You can certainly still use the apllication but as that article says you will need to change any file includes to virtual includes so they will work with parent paths disabled
, Along with being able to set an expiry date or number of impressions, is it possible to add another option for a banner to be "non-expiring"?
With our current ad software (which we are transferring all data from to ASPBanner), we run banners for both paid advertisers, and for our own services. The banners relating to our own services, we would like to set to "non-expiring" so they appear all the time. , no, there is not not.
If you wanted to to that you would have to add some code to check their album count in the database and not allow them to make a new album if they were at the limit.
cwilliams38433.0233680556, thanks.. it was not taken as a complaint.
I just wanted to explain
When you said you tried using the web version of sql manager. Did you use the microsoft one I link to here "just curious"
http://support.cjwsoft.com/code/moreinfo127-1.htm
, No worries
then..
is there any way I can get rid of those information shown on User activity screen, so I can at least know who logged in current day?
thank you in advance
, 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , ahhh ok.. I was going to wait till morning to answer this one..
glad ya figured it out
, Chris: You are right about a little extra coding to make it work. I am still learning .ASP coding, so I did a little web searching and used IF THEN statments to confirm a member logged in with a valid Access Code. If valid, the protected page executes, with the Member's Name and Access Level on a single line at the top of that page. Looks sharp! If not logged in, or a non member (who found the page via Google), I used a Redirect to send s/he to a login page with optional links as you suggested (http://www.vspa.com/aspprotect/vspa-password-failed.asp) . I couldn't get it to work when using Group Access, but I am sure that is just because I am a novice at .ASP (I will post that example when I figure it out). Meanwhile, here's the code I used that works:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="dataconn_inc.asp"-->
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!--#INCLUDE FILE="config_inc.asp"-->
<% =Session("First_Name") %> <% =Session("Last_Name") %>:
<%
If Session("Access_Level") = "6" Then
Response.Write "VSPA Active Member Access Level 6"
End If
If Session("Access_Level") = "7" Then
Response.Write "VSPA Life Member Access Level 7"
End If
If Session("Access_Level") = "8" Then
Response.Write "VSPA Officer/Staff Access Level 8"
End If
If Session("Access_Level") < "6" Then
Response.Write "Access Level 1-6 NOT AUTHORIZED RESTRICTED AREA ACCESS"
Response.Redirect("vspa-password-failed.asp")
End If
%><!-- http://www.vspa.com/aspprotect/vspa-password-enter.asp -->
<!-- *** End ASPProtect Code *** -->
<html>
<head>
, It's not normal at all. My guess you accidently edited the code in a bad way.
(thats the same code the every guestbook in every application I sell uses including ASPGuest which gets downloaded for free about 50 times a day)
No one has ever said it acted funny.
I would do a default installation with the original code somewhere and see if the problem occurs. If it does I can take a look.
In the meantime I wouldn't be running that as it is probably using up massive processor time because of whatever is wrong with it.
cwilliams38454.954212963, I have run into the same problem with streaming pdfs to the browser
using the stream_download.asp example, but only when selecting the
option to open the file directly into the browser (after it's streamed
back) as opposed to saving it and then opening it (which works fine in
Firefox and IE). Then I ran across this Microsoft support article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q2 97822
It got me thinking that maybe a header needs to be included in
stream_download.asp that tells the browser to specifically cache the
file. Adding this suddenly got everything working
Response.CacheControl = "Public"
right after this line in the code
Response.ContentType = "application/octet-stream"
My asp is limited, but this seems to work at least for pdf
documents. Can someone confirm this? The other question I
have is if this is a solution, should the CacheControl be set to public
or private. Not sure on what the implications are.
Firefox by the way seems to open or save and open the file without
this, so you are right that the implementation between the browsers is
certainly different.
Tom
, After understanding how the count works i checked the IP in the db. They are all set to the same IP (my web server) no matter what ip is doing the viewing. This is probably due to my ISA2004 firewall that is posting the ip address of the web server with each log on. So, can you help me with where the code would be to modify so the db does not get updated? I risk the refresh problem, don't think it is an issue with me.
Thanks,
, its in this thread.. you use the InStr function
http://support.cjwsoft.com/code/code_info.asp?TID=17&KW= instr
Please use a little bit more descriptive subject the next time you post. "question" does not tell much to someone looking through threads.. and I like to keep things clean and organized in the forums
I edited it for you this time..
thx , When I add a user, I can not activat it.
What do you have the registration type set to in the settings ?
They wont be activated automatically unless you have "automatically" selected ?
It sends me back to log on and will now allow me to log in as admin???
I am not quite sure I understand ? Seems to me like that would be normal because you can always log in as the admin at any time. If you cant log in as the user you just signed up as that could be for a couple reasons relating to the registration type you have slected in the settings. There are 3 types all epxlained in the settings screen. Some require manual activation byt the admin, some involve a registration email.. etc etc
I can restart the APP and log in as Admin, but the user I added
is still not activated??
How and why are you restarting the applicaton ? Please explain what your doing there.
My system will also not allow me to set the Stay Loged in FLag.
It just ignores it....
As I told you in an email earlier cookies must be enabled for authentication to work. You mentioned now you can not log off ? I am not sure I know what you mean by that. I assume you know to close all browser windows when testing things like this and I assume you know you have specifically log off and confim it in order to remove the remember me cookie and have to log in again when you return to the site.
, sure, there are reasons AOL would block the email.. it might think it is spam or it might not like the fact that fact that a cdonts generated email has no MX records because it can not..
for more on MX records read my CDOSYS article
http://www.powerasp.com/content/new/sending_email_cdosys.asp
as far as the emails not being sent because notifications are off. I was not aware of that and will try to look into it.. Version 6 is no longer worked on but if I can find the time I will check that out
, New Power Supply and a new (CPU Fan/Heat Sink) seemed to do the the trick. She's running like a champ now...
Hopefully it keeps doing so. Only time will tell.
It she's stable I can get back to designing some new software.
cwilliams38296.9772800926, Hello,
I do not really understand what you mean?
There are no country and city lists in ASPClassifieds.
cwilliams38391.0301388889, Will do!
, who knows, thanks for your input, I am further than I was when I started talking to you!, Chris,
Yesterday when I would access the get_me_in page with the password key, I was then taken to the default login page. It did not give me the option to create a user.
Today, when I entered the password key into the get_me_in page, I was taken right to the create user page. So, yes the problem has been resolved. I have no idea why though.
, just leave the databse where it is, use the connection string generated for you and most importantly... put in a request with alentus for permissions to be set
tell them "D:\Websites\www.mysite.com\aspprotect\data" and all of its child folders need change permissions (r,w,x,d) set so aspprotect can do its thing
until the permissions are set that connection string can not work
this is all noted in the installation docs...
, no worries from me. As with most software projects, i tweak the
heck out of them and then have to make a big decision about whether or
not i even want/need to upgrade.I recently upgraded my ASPclassifieds from MS Access to SQL. The application launches, I can browse existing catagories, etc. but when I try clicking on the login, guestbook, register or accessing the classifieds_admin, I get the HTTP 500 - Internal server error. Guessing this must be a folder or file permission issue? Have tried changing IUSR permissions but nothing helps.
Please advise.
Thanks, lancem
, 
