Blog Entry: 3/25/2006 4:30:15 PM
The protection code for my group3 is:
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * GP03 * ) -->
<% GROUPACCESS = "3" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->
btw - sorry but I am using v7
and thanks for the assistance , I have narrowed it down. The ../ for includes will not work with .asp files but will work in .shtml files.
any ideas? ,
As an update to this thread I fixed the "upload_post.asp" page quite some time ago but forgot to post the updated file here.
So here it is.
2005-09-16_165913_upload_post.zip , Okay, this also shows at the bottom of the import/export page
I've got the IUSR account with modify permissions on this data folder as well. Is the "this directory needs change permission" line just a general reminder?
Files are being stored in "D:\missourirealtor.org\members\aspprotect\data\export\\"
This directory needs change permissions for the anonymouse webserver account.
Those permissions can only be set by your hosting company.
These features will not work without those permissions being set.
, I am sending you a PM with the new download url
see instructions above for what to do with it, I purchased two site licenses for ASP Protect a while back and am now trying to implement the application.
The connection to the database is fine, because it recognizes the user and displays the user name. However, there must be a problem with the permission because I get the DNS error information from the On Error in the check_user_inc.asp file.
I set the permissions on my PC as you indicated, both on the folder and the database file. But get the error and cannot access the database to view or modify. I also uploaded the file to my web server and set the permissions as well, but get the same problem.
You mention on your forum that it is not the code, but I don't understand if the code is correct and if it finds the database and the permissions have been set as you indicate, why doesn't the code work? , Humm.. that should have worked fine
why are you getting a "OLE DB" error I wonder ?
I need more information.
Database being used and version ?
Server OS Version?
Connection String being used ?
etc etc , Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO , We are using this photo gallery to manage galeries of all the prodcut
lines we carry, we have no use for users to be able to sign up so i hid
that part of the pages, what i am wondering is how can i hide the rest
of the navigational links and still be able to get logged in to
admin. Here is a link to the unfinished demo site.
http://www.scs-cases.com/photogallery/
, After turning off the friendly errors, here is the detail.
Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/users/register.asp, line 16
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
ANSWER:
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&K W=Disallowed+Parent+Path+ lancem38310.6408101852, Regarding installation in a subfolder
Though this should be common sense and ASP.NET 101 "so to speak" One thing not mentioned in the docs..
If you do not install ASPProtect.NET in the true root of a web there a key in the web config you must adjust.
it looks like this
<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />
The way it comes it is valid for a root installation..
lets say you installed the application in folder called.
"aspprotectnet"
the key would change to this
<forms name=".aspprotect~net" loginUrl="/aspprotectnet/aspprotectlogin.aspx" protection="All" timeout="60" path="/" /> cwilliams38454.3830439815, Those access levels are not used and are nothing to worry about. They are left over from the ASPProtect core which I used for the users area of ASPBanner.
I am not sure what you did but its not a none, Unless I know more I can not make any guesses what happened. I would make sure in the database that the user is active and the expiration date field for them if there is one is empty, Version 8.1 can work with MySQL
http://www.aspbanner.com/aspbanunlimited_v8.asp
It is just not supported at all.
The standard version can not work with MySQL.
There were a lot of changes to make the new version work with it and I really only did ift because I have a couple friends with busy sites that could only use MySQL.
It sounds like your site is way too busy for using an access database as you mentioned. , it might.. I might be wrong though as I guess that could still be an issue with access not being able to keep up.. and then the xml parser just isnt getting the page it is requesting in time, All fixed... I changed the remote server from localhost.omegaphibeta.net or whatever it said there to localhost
I sent a test email to myself and got it no problem
the error you were getting was email component related , how would anyone recommend i go about setting a different expiration date for each group a user may belong to?, We have no add-ons for anything but accepting payments through paypal and 2checkout... if you want to accept payments through some other setup you have make a payment directory addon and write code to do it based on the system you are using..
We provide the ASP source code so that is doable for someone that is good with ASP. If not then it won't be doable.
, Hi, lets start with about when did you purchase and download the application so I know what version of the code you have., Hope the wedding went well. I have one this weekend.
I was successful at performing an upload. The free upload software was either not configure properly (probably) or not working. I downloaded the trial version of softartisan's upload (which is like over $300) and it started working.
Can more than one photo be uploaded at one time (like a whole folder full of photos) or does each have to be done individually? , Just wanted to let you know that after modifying the remote host string in the email pages and getting the correct connection from my server, everything is running fine.
I hope you enjoyed your vacation.
thank you
adam , so you are using the subscriptions signup directory right ?
"paypal_signup2" ?
1st.. I would check that the xml parser is working.
It is required for making the post back to paypal.
It is installed on windows 2000 and 2003 and XP by default.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=134& ; ; ; ; ; ;PN=1
Then I would check the actual form page to paypal to make sure it is generating a valid IPN url as a hidden form value. It's the payment page you actually click on that actually takes you to paypal. For the subscription signup system that page is called "paypal1.asp"
You'll want to go through the process starting with the default.asp of the signup folder untill you get to that page. Then you want to look at the html source of that page in Internet Explorer. Your looking for something like this in the source code and you want to make sure it is valid.
<input type="hidden" name="notify_url" value=http://www.mysite.com/aspprotect/paypal_sub_signup/ipn.asp>
It also has to a url on the internet that paypals server can see. It can not be a local url for your machine. Also: If it is not valid we can try hard coding it.
If all of these things are good I'll have to take a look. I have some text file logging I can do when paypal hits your IPN url that can tell us if it is actually hitting that page like it is supposed to. And I can test the system for you by making some 1 cent payments using my own paypal account until we find out what is going wrong.
cwilliams38421.5686921296, So do I just replace the four folders that came with aspprotect with the four (in my case domain directory) folders in the patch or just move the files?, That did the trick. Once again a quick very helpfull reply.
Thanks. , Once you have the LANGUAGE = VBSCRIPT and Checkfor = 1 on your page,
you'll have it secured. I've got over 1600 pages secured in such a
manner, thanks to ASPProtect!
, sounds like the data/export folde does not have permissions, Hello,
I need to see if this is possible. I want to create a browsing system such that, the user selects a Province from a drop down list on the main page. Based the selection, the username of all the users in that province will be shown. Then the user can click on a specific username and his/her portfolio (photo album) will be displayed.
is this possible? If so, How can I do this, please help.
Thanks
Sean cwilliams38420.518275463, That would not happen unless you added a target to the login form or you're code had a base target set.
Like so..
<base target="_blank">
I would really need more detailed information. It's nothing the system does the way it ships under normal circumstances. For example you shouldn't see that behavior in any of the example protected ".asp" pages
that is unless you have something odd going on with your browser settings or you made changes to the login form or code around it causing it. (or you are using frames and dont have some of the targets and what not set correctly)
My guess is that it has to be something you added or did, but I really need to know more to offer more than that.
cwilliams38419.7687152778, All fixed and working
Thanks , That was wrong of me but not what I meant. It seems as soon as I purchase something like this it doesn't work right and it can't be altered to work with what I have. The support ends up sucking or being none. Listen I’ve gone thru you're product and it's wonderful and does exactly what you say it does so that's a relief. Sorry about my ignorance with .NET but I’m from an ASP world and it's a lot different. You can see what I’m trying to protect here http://www.hotmixxent.com:8087/default.aspx. The final site after testing will be http://mxais.sfmx.org/default.aspx. Again thanks for the support on Christmas Sunday, that’s defiantly beyond the call and I appreciate it a lot. , yes, dont worry about that. It is not checkking permissions just explaining things.
and dont worry about the extra slash it seems to be adding at the end of the path. That is normal. I guess I need to fix that so it does not add that extra slash., Yes worked fine
thanks , I just finished implementing the V7 product on our site and someone made mention that on the profile form where you are asked all your personal and user information there are 2 fields for passwords. The first field uses masking to hide the password as you type it, where the second shows it in clear text.
Now we know that the only people able to see the password are the user and the administrator, but it is playing mind games with my users as they think there is a problem with the application. I am not a programmer (however, learning ASP slowly now!) and am not sure if you did this on purpose or if it is a bug?
If it was done on purpose, can you advise how I can make the confirm password field masked as well to eliminate the unfounded questions!
Thanks , First pass through, I don't see anything changed in the groups section of the check_user asp file. the logoff asp wasn't touched.
I noticed the demo online (on this site) only has pages protected with access levels; you say it works fine with groups also? , Different Versions of the Access Database
Below is a zip file with many alternate versions of the Access Database provided to help with installation and general usage.
2005-02-20_155310_ASPProtect_Database_Versions.zip
ASPProtect.mdb is saved as an Access97 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2000 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2002-2003 database (password "temp")
ASPProtect_access2002_no_password.mdb is saved as and Access 2002-2003 database with no password set on it
Try to use the newest version as server odbc drivers sometimes have to use the newest version for everything to work correctly. No password version is provided because sometimes there are issues connecting to a database with a password set on it.
Default username for access databases is of course "admin" but you really dont use that except in the data connection information. cwilliams38403.6840277778, I am a little confused here. I am in the process of understand how this all works, mainly the email portions as I am running this through a home server (Windows XP). I have tried test emails, but they are not going threw. I ran the server_info.asp and it is telling me that I do have CDONTS installed, version 2.8. Then I tried running, the test_mailer_component.asp. This page is telling me it is not installed. This process lead me to start looking at my components for my IIS. Everything appears to be there.
Any ideas, where I should go next. It appears the CDONTS code is in every page that it needs to be in, and it appears that I have it installed, but there is a disconnect between the two..
, Whenever you are running software that can block scripts from certain things you are going to have issues like this.
I imagine many complex asp scripts you will download will do things like this as well.
A highly doubt it is anything to worry about regarding people that use your site.
ASP code delivers standard html to the browser... nothing weird goes on as far as that goes.
This system has been sold for 6 years and this is just not something to worry about. Trust me.. though you may want to tone down black ice so it doesn't give you issues as it tries to block various things.
If I were you I would do some google searches on black ice and issues with it blocking asp scripts.. etc etc
Now, if you are running black ice right on the server that a whole other story and something you as a server admin need to decide what to do about. I doubt that is the case as black ice is not probably suitable for a commercial webserver but I just thought I would throw that out there. , Hi. Chris. I'm not a programmer of any sorts, so I am not comfortable plugging in the changes you suggested and not knowing for sure if it will "break something somewhere else". If the programmer tells me "you have been warned", its a pretty good sign its a no win situation. If you don't know, theres no way i can know.
I saw in the code where you mentioned the changes. I don't see where it mentions the last name is required either, but the bottom line is it does require it it the actual new user form.
Thanks anyway Chris. I'll figure something out.
-john
, actually, looks like its 8.95 a month now for a pretty slick plan
http://www.alentus.com/hosting/valueplan.asp, Hi there,
Just bought ASPProtect 7.0 last week and just got around to installing it. I've gotten through the installation and am now trying to test the (Forgot Password) functionality.
I get the following error when I type in the e-mail (or in some cases the username) and Post the form.
Error was [11004] Valid name, no data record of requested type
I know that the add user functionality is pointing to the correct database (I see the additional rows via SQL Enterprise Manager) and that the e-mail address I am looking for is in the SQL database.
Any ideas? Any other information you need?
Thanks,
Toni
, ok,
IE and firefox do some things differently.
It could very well have to do with MIME types set on the server for your website. pdf probably isnt set as a mime type which can cause issues with file streaming situations.
Mime types are either set in the IIS console for your web site under the http headers tab or you can try setting the content-type header to 'application/pdf' right on the asp page the does the streaming
see this article which shows how to do that
http://psacake.com/web/gj.asp
'Specify a MIME type such as "text/html", "image/gif" or "application/pdf"
Response.contenttype = "application/pdf"
'Useful in cases for unknown file types
You would want to put the code that sets the contentype as close to the top of the asp page doing the streaming as possible. ,
Timecard Entry: 3/25/2006 4:30:15 PM
Checked online issues and some radlog as well. Everything was caught up, tech support supervisor, helped techs, emonitor. calls to NOC, dial up issues, ask us a questions, voice mail, emails, qlight... new users, callbacks on expired users, steady night.. , Met with Bethany about the co Brochures the Promo tracking, the Vermont Conference, Credit memo's w/ Andrea, check and reply to e-mail (office), timecards/payroll, Survey for Dragon and Benwar to hit the Y, Various activities, mostly the Power point, working the budget and meeting with Jeff on his budget. A efew meetings with employees about goals/MBOs., Trying to find brackets by stopping to Radio Shack with Ed, Metal Man, McQuade and now making some phone calls to find someone that carries them., **Agency Ideas - made some progress with NT auth, SoftMLS objectives meeting, Comm Svc - FD Budget, Not too bad. Not so much busy but more angry customers about problems that aren't even ours. , Bell Atlantic Billing, Customer Billing, Misc Billing reviews, and helping Paul/Jim w/ info they needed for big RFQ., finished up NOC log page, Travel to work, Batching, and aswering phones. , took a break while logged on before I left., Trying to buy Photoshop 6 updates. Had to get card info from Michele, then tried to purchase online and card was declined. Called Staples, but they don't have it in stock. Went back online and bought just two copies (all that would fit on the card). Had to set up buying accounts....long story, Traveled to ogdensburg for the Channel Partner meeting ( I was the driver) 45 miles, Very Busy morning . Taking payments, ans phones and applications. Worked with Mary and Darrell, work IB Soap issues, SoftMLS mtg, more of same as in a.m., recp., e-mails,switchboard,Emerald, watertown office- nextcom- get infof or web site, lunch, travel time back to watertown, Lunch, Excel lesson #7, clean up and trouble shooting router, Budgets,
|
