Blog Entry: 3/25/2006 4:24:57 PM
Hi Chris
Unfortunately the bl**dy server was down and unavailable for 17 hrs so I couldnt even get to see what the settings were!
It is on, the relevant users appear to have all rights for the data/tempstats folder.
I'm guessing you're going to suggest turning it off and see if the problem still appears.
Colin
, "do you know a way around the BinaryRead problem with ASPProtect?"
Let me rephrase:
Do you know a way in which ASPProtect can be modified to get around the BinaryRead problem?
Thanks,
Michelle
,
I see what your saying.. its just hard to troubleshoot something when a lot of changes have been made.
Did you test things before you started modifying the code ?
If its SQL server it is very important that the database was created with the provided SQL scripts., I would like to create a login form on the home page which will not be password protected to the site for members so that they can login right from the home page and not a password protected page like many sites have. And every portal I have seen.
Plus the login form looks really pretty and proffesional on the home page  ...
I can't find anything in the documentation that says how to do this or if it's even possible. Everything I have found says to password protect a page and then direct them there which isn't what I would like to do.
Here is the code of the login page which is an asp include file on the main page:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>
<body>
<td><img src="images/a026.jpg" alt="" width="187" height="21"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><table width="180" border="0" cellpadding="0" cellspacing="0" bgcolor="#AAAAAA">
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="178" height="1"></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
<td bgcolor="#FFFFFF"><form name="form_login" method="post" action="">
<table width="100%" border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="53%"><input name="textfield" type="text" class="style-01" value="username"></td>
<td width="47%"><a href="#" class="link-02">Forgot pass?</a> </td>
</tr>
<tr>
<td><input name="textfield2" type="text" class="style-01" value="password"></td>
<td><a href="#" class="link-02">Not registered?</a> </td>
</tr>
</table>
</form></td>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
</tr>
<tr>
<td colspan="3"><a href="#"><img src="images/a027.jpg" alt="" width="180" height="15" border="0"></a></td>
</tr>
</table></td>
</tr>
</table></td>
</body>
</html>
Does anybody know what values I would put in the form to send the correct login to AspProtect. And, if I would have to add any extra includes or code to it.
TIA  , [QUOTE=afifm]
I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
End If
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>
</head>
<body>
My Protected stuff here
</body>
</html>
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
Thanks,
Mo
[/QUOTE]
I just added couple of lines and it works fine
If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then
' Session("PasswordAccess") = "Yes"
SearchFlag = true
End If , That carrot doesn't really exist in the file, so I'm not sure.
I did download and place the ASPTEST file in www.drsweisberg.com/asptest and when I try to load the 2 pages it fails to load. I have another site on the same server and I uploaded the same exact set of files and the asp pages load. www.klarman.com/asptest
http://www.drsweisberg.com/asptest/server_info.asp
http://www.klarman.com/asptest/server_info.asp
This is how I set the connection:
ConnectionString = "DBQ=D:\clients\rklarman\klarman\asptest\_database\asptest.m db;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
ConnectionString = "DBQ=D:\clients\rklarman\drsweisberg\asptest\_database\aspte st.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp" , It's seems to work fine after renaming the file, rebuilding the application, and editing the web.config file to point to login.aspx. It looks like I can use your fine product and thanks again for the help. It was unusually easy. Merry Christmas… , The album ID thing is completely normal and by design. Once an ID in the database is used it can not be used again. That is how autonumber fields in a database work.
As far as not being able to delete images... Are you by chance using ASP.NET to show dynamic thumbnails... Because if you are you must turn that feature off and wait 20 minutes or so (maybe more) before you will be able to delete any of the images. It is because the current version of the ASP.NET script used to make the thumbnails locks the images on the server temporarily anytime it creates a thumbnail.
It is a known issue... and there is no fix at the moment other than what I told you above. cwilliams38324.744525463, Excellent 
Thanks, the DESC addition did the trick!
- Jason , Please Note : ASPProtect v7.x has a new feature called groups that is much more powerful than access levels. Access Levels were left in the product primarily for existing customers that upgrade to the new version so they do not need to make a lot of changes to their site if they were using Access Levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default.
In the "check_user_inc.asp" that comes in the root of this system Access Levels work as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive. cwilliams38403.6781481481, Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings? , thanks!, See, and that's what I thought. What's interesting is that if I call either an aspx page or an asp page in the iframe tag, it asks me if I want to open the page, it doesn't display it. I'm using IE6 so there's not problem with the support for the tag.
I'll keep looking to find out what's going on. I think the iframe method might work best.
JDooley , Something very strange is happening. Some users can't see the classified ads in their browser. This is specific to the user's computer, and they can check other computers and see it fine.
In each case, the user is using windows explorer 6.0 browser with windows xp.
they can't see the ads listed on the ads page, but they can see the categories.
also, they can't see the place ad link on some pages.
Do you think that their browser is blocking the javascript for the mouseover message?
thanks. , What application you talking about ? I'll assume ASPProtect. In the future please specify what application you are talking about.
ASPProtect 7 already has protection that is quite effective. The no concurrent login feature which will not let the same username under a different ip log in at the same time. Meaning if someone gives out their info they will screw themslves over because eventually they won't be able to log in. Only one unique ip at a time can log in so even of 100 people know the info it won't really do anyone much good except the lucky one that logged in 1st and stayed logged in. The username/password will eventually become more and more useless as more and people know it.
In addition to that is is a good idea to monitor the daily logs and single out a user you see logging in a lot. The more ips you see for that user the more chance it is multiple people logging in and you should take action. , Okay Chris, I wold like to get rid of the encryption then if it's not too much trouble.
I have no option of running the production server against an ms access db, since the db needs to be online and accessible from another system. , Christopher,
Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.
Darrell , Actually, as far the "aspprotectnet.dll" file goes it makes sense because of the following.
The "aspprotectlicense.dll" is something we do not provide the source code for. We also do not compile it in "debug" mode because you not want dll's running in "debug" mode in a production environment and we also do not want that dll in debug mode because of reverse engineering reasons.
Now, that being said that DLL is no different than any other 3rd party dll "so to speak" that you would use in a project. Many of which will not be in debug mode and you will also not have the source for.
"Microsoft.Data.Odbc.dll" being an example
Regardless, there must be a way to do what your trying to do. I am just not sure at the moment. It is nothing anyone has brought up before and I personally have never had any issues like that when I work on the application so I am just not sure.
It probably has something to do with the way you set up your project., ok, It appears there was a flag problem. When reading it into SQL Server, it converted the True/False in Access to 1/0 in SQL Server.
, Please Note : Users with the option pack a new feature called groups that is much more powerful than access levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default and also info on an alternate scenario we have provided.
In the "check_user_inc.asp" that comes in the root of this system Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
The "check_user_inc.asp" included in the "extras" directory is an example of changing the access level checking code
to work differently. In that "check_user_inc.asp" Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 2
Level 3 has Access to - Level 3
Level 4 has Access to - Level 4
Level 5 has Access to - Level 5
Level 6 has Access to - Level 6
Level 7 has Access to - Level 7
Level 8 has Access to - Level 8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
If you get creative you can create some interesting access level checking scenarios.
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive. cwilliams38114.6506712963, ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the image in 2 ways.
- We use Javascript right click disabling code that works in both IE and Firefox.
- We stream the image via a special password protected ".asp" page and use an image tag to call it. This hides the true location of the file. You can therefore keep your images out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the img tag html source they can not tell where the file came from. Doing all of this allows you to offer certain images only to people that are logged in.
All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.
For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.
Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41 , (User Search & Contact Mod) for ASPProtect Version 7.x
This will allow an individual user to search for other users as well as email or call them.
Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.
Directions:
Back up your existing ASPProtect installation.
copy "search.asp" into your "users" folder
2006-03-10_143253_User_Search_Contact_Mod.zip
Direct your users there. They will have to be logged in to view the page.
WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.
, If you need to know how to enable them on your test server.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1
, yup. that is correct... they can't log in so they can't see any pages you protect
its the nature of forms based authetication , Are you reffering to the number of the left of the users name in admin.
I thought it was a counter at first but that number only displays the number of albums they have set up. , Greetings:
I am doing the initial set-up and have run into a problem. Everything has gone smoothly up to and including pulling up the get_me_in.asp page. When I enter the "PasswordEncryptionKey", nothing happens. The page just sits there without doing anything and the browser says it's opening the page, but never does. I have tried entering the value with and without the double-quotes. The value is the correct one from the config_inc.asp file. I did a copy paste from the file twice to insure I transferred it correctly.
I am running Windows 2000 server.
What now?
Warren , recent activity infomation is temporary and mantains itself per application start up.. when the web application restarts for whatever reason the info is reset
a reboot, an iisreset on the server, application pool restarts, etc etc
this is done because if that info was saved in the database your database would get huge real quick
logfiles however do not do that and are permanent , Thanks.
Nick , I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.
That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.
see this article...
80040211
http://www.aspfaq.com/show.asp?id=2026
Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.
If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc , 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., Just copy the files over. have permissions set on any folders that need it, and edit the data connection so it's valid for the new server. Once you get logged to the admin area go update all the settings so any urls are valid.
really its no different than a new installation so just follow those directions but use your existing files.
There is no domain pointing involved...
As logn as the old stuff is not accesible on the live internet you don't need another license.
As for my installation fee of 25. That is only for new installations. I charge more for something like that as there may be compications such as custom changes to the code that I would have to deal with. Customers often custimize the login and users area.. etc etc .. and there may be hardcoded urls and what not to worry about changing.
LASTLY, I noticed all your other posts are in the ASPProtect 7 area so the installaton process for that is a bit different than for Version 6 so what I said above is not quite the same process. Please make sure you post in the correct area when asking questions. , on that particular page check the session variables manually (not using the include)
that way you are keeping the login access checking to an absolute minimum, elminating any form processing from the login procedure, and keeping the upload script happy
like so
<%
If Not InStr(Session("Groups"),"*1*") Then
' do whatever
End If
%>
you could response.write something followed by a response.end
or you might even want to response.redirect them to some other page that using the "check_user_inc.asp" where they can log in
And if you are going to be using a free asp upload script use this one as it is probably the best pure code upload solution available as far as performance goes.
http://www.freeaspupload.net
, maybe this is the issue...
do you realize that the descriptive name you give a group is not always going to be the same ID in the database ? The two are not related.
Perhaps what you named Group 1 is really group ID 3
You can tell for sure by generating protection code for group 1 and see what ID it tells you to use..
You also need to remember that you are testing this with different users and it is really easy to get confused so you need specifically log off using the log off page to ensure session info from the previous login doesn't show up and cause confusion when you log in with a different user... etc etc
in addition to logging off that way you may also want clear the session and application info via the code at the bottom of my article
http://www.powerasp.com/content/new/displaying-session-and-a pplication-variables.asp
and do that in between any user you log in as , I had not rebooted after installing the Jet driver updates, so I tried that and the asptest page worked fine, and said that all the tests were successful and that the data connection was setup correctly. I then installed aspprotect again, but with the same results. I cannot log-in from the get_me_in.asp page. It still says that it is opening the page, but does not respons for an indefinite period. The asptest page is in the same directory.
I have looked for alternate databases for this product on your site, but I cannot seem to find them. ,  Hi, we purched ASP Protect a few months back and had it installed on our hosting company under a "temporary" domain name -- cidrasensors.com
We are now about ready to switch this development site over to production and I need to change the domain from cidrasensors.com to cidra.com
My hosting company wants us to create a new accounting and re-set everyting up.
So...based on this, I have a few questions for you:
1. Do I need to re-install the software? or can I copy from one account to the other?
2. Assuming I can copy the software to the new account - are there changes that will need to be made to point to the new domain?
3. If I decide I wanted to keep the first account alive for development purposes (never turn on the website domain to the public) - would I need to have a seperate ASP Protect license?
4. If I decided to ask you to do the transfer for us - is that covered in the $20 Installation fee I saw on the web?
, Well you can put a link on all your pages that links to the login page?
modify the code in the login page so the return page is members.aspx or
whatever you need and thats it?
I dont see your point? probably because I understand how the program works and your not 100% up to speed on how it works.
, when did you puchase/download the application? you may have old code., Access Database Password
By default all of the Access Databases we give out have a default password of "temp"
The Default username that and Access database uses is "Admin" but you should not be concerned with that except in your connection strings.
The default password for the Access Database can only be changed using Microsoft Access to do so. If you have security concerns it would make sense to change the password. The help system built into Microsoft Access best explains how to do that. cwilliams38403.6820833333, How to bring up the Code Generators
Simply go to the zones screen.
Select a Zone from the list.
Check the "Show Banner Code" option.
Click on "Display Banners in Selected Zone" ,
Timecard Entry: 3/25/2006 4:24:57 PM
Meet w/Peggy about project deadlines., met with Ron to discuss the big things we did NOT want to get rid of...IE modem EQ and cards, and other hardware that I knew Randy for sure wanted to hang onto. The rest he was going to speak to their prespective owners, PC Bundle flyer, working on getting stuff straigthend around in office worked on getting stuff ready for tommorw, talked with ed on what he needed for tommorw., checking and responding to emails, misc admin, email, call backs, Went to make a crossover cable that I need for the routers that I need to flash, Meet with St. Lawrence Chamber, Prepare for CREG Closing
, steady, Various Phone duties.., cdgraphics, Callbacks on expired accounts. , Tush, worked on gary's computer, Email/Voice Mail/Time Cards/Newsgroups, meeting with JCJDC to go over what the customer wanted for services and his plans for his DS3 drop from the ATM network , Print out hacker log, Just to Watertown., E-Mail, Voice-Mail, Setup, called rich from msi and frank from sourcetechnology to get quotes on dsp cards and for cisco equipment for syracuse and albany expansions. , Marketing and waiting for MBO meeting, morning check-in: check and reply to e-mail, printed and reviewed invoices; reviewed customer paperwork; cancellations for nonpayment; answered phone, client e-mail, Marble., Thanksgiving Paid Day Off, General, Contacted LOPsided productions RE doing video testimonials for SoftMLS., Busy up till 9, had a long phone call too.,
|
