Blog Entry: 3/25/2006 4:30:48 PM
Thanks.
clark
, You have old code I think.
It's probably because his password used with your encryption key by chance creates a single quote and messes up the database query
A notice went out about this. I will PM you the latest download with the updated files.
,
Dear Support Team
I have read and Installed your v8 banner software
exactly as explained on XP pro which contains other asp working app.
I have problems with the " Application " and " Session" in your scripts
things that make the iis fall dead.
also in the file asp _unlimited_config.asp
you have exlained that every thing must be kept without the "" marks.
well i get http 500 error cause of it.
Please advise
Thanks
Ran
, Oh yes...I've changed the time a script is allowed to run before timing out from 90 seconds to 180 seconds on the aspprotect folder., It should be released sometime late May 2004 or early June 2004 but no gurantees as I am pretty busy right now with some projects.
There will be upgrade instructions and it should be a fairly easy upgrade.
, Come on the threats are not necessary- i got the point the first time you said it.. i thought i made a friend thru this and felt comfortable to say something like that... i am not a big online chatter just do the web stuff as a hobby... i am a network / computer hardware guy (yet i work for a mortgage co. go figure...), I checked the option pack code as well and it looks correct.
I tested it and it acted as it should.
You can see it in active at the live demo
http://www.aspprotect.com/demo3/demo.asp
admin
test
go the the admin area.. you will notice 3 users with level 4 access
1 of them is inactive
then go to the mass email area and pick active and level 4
it will say it is sending email to 2 users which is correct
then go to mass email again and pick level 4 and inactive
it will say it is sending email to 1 user which is correct
choose any status and access level 4 and it will send email to 3 users which is correct
When you do this please realize you can not choose a group as well.
That will cause a problem because you can not choose a group and an access level at the same time.
Anyway... perhaps you can private message or use the contact us form and and let me take a look at your system. Since I can't reproduce the behavior that is the only way we might figure this out.
cwilliams38104.690787037, if you just see code then you do not have ASP and Web Server setup correctly.. Basic IIS Server Setup stuff and not something I cover, but there is plenty of info out there.
http://www.aspfaq.com/show.asp?id=2084
http://www.codefixer.com/tutorials/installation.asp
http://www.webwizguide.com/asp/tutorials/installing_iis_winX P_pro.asp
http://www.w3schools.com/asp/asp_intro.asp
, The company that hosts our business web site has been impossible to deal with in assisting me in getting asp protect to work. Getting the rights set correctly took 6 days and then getting parent paths enabled has been impossible. There last response was simply this:
The includes were changed so that if your server does not support "parent paths"
' and the "../" that you could easily change a few files like this and make the
' includes virtual includes instead of file includes. We didnt make them virtual
' includes by default because depending on where in your site you put the application
' the virtual include path would be different. They are also much different on a local
' development server than they would be on your real server
'
' Here are some examples of what you might change these includes to
'
' If you put the aspprotect folder in the root of your domain at your server
' example: www.mydomain.com/aspprotect
' then you would probably use
'
' #INCLUDE VIRTUAL="/aspprotect/dataconn_inc.asp"
' #INCLUDE VIRTUAL="/aspprotect/config_inc.asp"
' #INCLUDE VIRTUAL="/aspprotect/scripts/emailing_subs_inc.asp"
'
' Or if you didnt use the aspprotect folder and just put the contents of it in the root
' of your domain
' then you would probably use
'
' #INCLUDE VIRTUAL="/dataconn_inc.asp"
' #INCLUDE VIRTUAL="/config_inc.asp"
' #INCLUDE VIRTUAL="/scripts/emailing_subs_inc.asp"
'
' It really all depends on what works for your situation
' If you want more information on server side includes read this article at PowerASP
'
' http://www.powerasp.com/content/code-snippets/includes.asp
I am assuming that they will not enable parent paths and I need to modify some code. I do not know asp. WHere do I modify the code for a server that will not enable parent paths?
Thanks,
D
, You are NEVER supposed to move any files, especially that one. Of course that is going to break a lot of things.
Please put it back the way it was.
You change the path of the include file when you call it, never the location of the include file., Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
, A nice addition for the listing script would be if the script would allow a "featured ad" or ads that would appear on the default page. , Chris,
D'oh! How completely obvious! 
I got it now. (In Step 4, by the way, you need to click on the web site, not the directory. The directory has its own Properties menu, which is competely different than the Properties menu for the web site.)
Thanks for the fast response!
Robert
, I hear ya.. problem is it just does not fit into the banner rotation logic.
I know it sounds like a simple thing, but it is not because ASPBanner does it's rotation logic in a totolly unique way that no other system I know of does. It basically does everything in memory.
I just don't see anyway to do add what you are asking about without totolly re-writing how it works. The system would have to rely totally on complex (SQL queries / stored procedures) to do the banner rotation like every other poorly performing system out there.
It's really hard to explain, but I just no way I see to add it to the high performance application variable banner logic. If I changed the system to not use those application variables there would be a tremendous performance loss because the database would be doing about 90% more work than it currently does.
As I have said before sacrificing performance is just not something I am willing to do.
http://support.cjwsoft.com/code/moreinfo144-1.htm
I built ASPBanner for performance and speed and that has always been it's main intention.
I leave the bloated features to the competition. If I lose sales because of it that is just unfortunate. I want the best performing system. The system I can be proud of. The system that can handle millions of impressions per day under a MSSQL or MYSQL installation and not even flinch. That is what ASPBanner is all about.
The other thing is pricing. The price is kept low partically because the feature set is low.
Maybe someday there will be a version with more features and less performace. I really do not know. Right now it's just not something I plan on doing.
, also, just to show you what happens when a user creates a subscription this is the code. you can see in red where the subscrition is is set and also where the exp date is set to null
If txn_type = "subscr_signup" Then
Set ConnPasswords = Server.CreateObject("ADODB.Connection")
Set CmdEditUser = Server.CreateObject("ADODB.Recordset")
ConnPasswords.Open ConnectionString
SQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (User_ID = " & User_ID & ")"
CmdEditUser.Open SQL, ConnPasswords, 1, 3
CmdEditUser.Fields("Active") = "1"
CmdEditUser.Fields("Validated") = "1"
CmdEditUser.Fields("PayPal_Subscriber_ID") = subscr_id
CmdEditUser.Fields("Notes") = "Successful PayPal Subscription Signup on " & Date
CmdEditUser.Fields("Expiration_Date") = Null
If Access_Level <> "" Then
CmdEditUser.Fields("Access_Level") = Access_Level
End If
If Groups <> "" Then
CmdEditUser.Fields("Groups") = Trim(Groups)
End If
CmdEditUser.Update
CmdEditUser.Close
Set CmdEditUser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
End If , Hello,
If you are using ASPProtect Version 7 it is possible because version 7 supports html emailing. In any other version it would require some custom coding to add html email support. You would have to sort it out by experimenting and editing the emailing code. All the email methods have documentation on the web in some form or another showing how to send html emails.
Also,
sometimes depending on the email component being used and the email client reading the email a link in a text based email will get hyperlinked automatically. For example outlook usually will do that, but it doesn't always in other situations.
Lastly, we have special upgrade pricing should anyone want to upgrade to ASPProtect Version 7. It really has a ton of great features.
Best Regards,
Chris Williams
www.CJWSoft.com
cwilliams38415.6414236111, Hello,
You'll need to find a validation function to test for it.
Either server side or right in the form via client side javascript.
I dont have any experience with validating zip codes here much less UK.
Google it would be my best advice.. or maybe find some free app written in UK format and see how they did it.
Good Luck..
And if ya find anything post it here if ya like
cwilliams38381.5607638889, (User Photo Upload Mod) for ASPProtect Version 7.x
This will allow an individual user to upload a user picture instead of just the admin.
Notes: This is a down and dirty mod. The user upload code was copied from the admin area and there are no safeguards. Meaning there is no limit on the file size a user uploads and there is no confirmation process in case something they upload is inappropriate. etc etc etc
If you want that you will have to work on that on your own.
Directions:
Back up your existing ASPProtect installation.
copy these files into your "users" folder
2006-01-24_111305_User_Upload_Mod.zip
, The Pop-Up Javascript Date Pickers will only show up of your server's regional settings are set to one of two lCID values.
1033 which is English - United States
mm/dd/yyyy date format
or
2057 which is English - United Kingdom
dd/mm/yyyy date format
Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.
This setting can however be easily overwritten when using the ASPBanner system.
Edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 1033
or
Session.LCID = 2057
depending on what date format you are looking to use
Save the file and go edit a banner. The date pickers should be there now.
cwilliams38325.7403125, Thanks for that. The upload size is just as effective and possibly a better solution to maintain server space.
What about individual gallery permissions. So only 1 member can post in only 1 gallery. I have a forum of 500 plus members so if they want to add a gallery than setting a permission would be idea for each gallery.
, When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
Thanks
, It's not normal at all. My guess you accidently edited the code in a bad way.
(thats the same code the every guestbook in every application I sell uses including ASPGuest which gets downloaded for free about 50 times a day)
No one has ever said it acted funny.
I would do a default installation with the original code somewhere and see if the problem occurs. If it does I can take a look.
In the meantime I wouldn't be running that as it is probably using up massive processor time because of whatever is wrong with it.
cwilliams38454.954212963,
ok "ace45",
I just spent a bunch of time in your setup using SQL server and I didnt have a single issue. It all seems to be working perfectly to me.
I got into the system using the "get_me_in.asp" page like the instructions say to to.. then I deleted those two users you had there.
I created a new user called "admin".. then I edited that user to make him an admin.
I have logged off and back on as that user a bunch of times without issue.
admin
test
is the user info..
I just didnt see any problems whatsoever???
I also took the liberty of going into the settings page and setting all that up for you as well so all the url paths are right now and emailing from the application works.
I am going to wait an hour or so and try to log in a few more times but it honestly seems to be running perfectly to me. , (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , But can you guess as to why the following might be happening:
1) The password is still "temp", and we verified that by checking dataconn_inc.asp ; 2) People are able to place new ads, etc. ; 3) We then download the DB. Sometimes we are able to open up the DB just downloaded with the password "temp", but only see the USERS table. At other times, we cannot open the same DB with any password, and get a "password not valid" message even when using the password "temp".
So what can the problem be?
, Hello Chris:
Let me run some more test if it's working on your end it should be on mine? I have made some custom updates to the code but no in that area.
Thanks,
-Ricardo
, Well, I assumed I'd be able to tweak this thing but it is all so intertwined it doesn't pay to mess with any of the files. Hence, I'm going to have buy a different system only a week or two after buying the unlimited version here.
As I leave I want to give you some impressions here. While the system is low-cost, the 99 dollar version is missing a few pieces that I think would bring the value to 99. It is one thing to talk about the speed/performance, but to a degree that's hard to measure, and to anyone with web advertising on their site, performance will always run second to potential site income.
It definitely needs a user interface and registration for advertisers, and it definitely needs a single variables file for changing the hundreds of variables for which there is no control. I had to search on my own just to change the look and feel.
Lack of multi-zone support is a serious drawback. I would submit that anyone with a serious website needs it, and will gladly pay you 139 over 99 for just that one feature.
Take them or leave them, they are just suggestions.
, maybe this is the issue...
do you realize that the descriptive name you give a group is not always going to be the same ID in the database ? The two are not related.
Perhaps what you named Group 1 is really group ID 3
You can tell for sure by generating protection code for group 1 and see what ID it tells you to use..
You also need to remember that you are testing this with different users and it is really easy to get confused so you need specifically log off using the log off page to ensure session info from the previous login doesn't show up and cause confusion when you log in with a different user... etc etc
in addition to logging off that way you may also want clear the session and application info via the code at the bottom of my article
http://www.powerasp.com/content/new/displaying-session-and-a pplication-variables.asp
and do that in between any user you log in as
,
I am successfully using ASP protect on our site. I have one question:
The file Check_user_inc.asp looks a bit bland as I can't seem to use the sites Dreamweaver template. If I apply a template to this page, it is duplicated on other pages with this template.
How can I apply a template to this page?
Thanks
Clark
, thats a new one... I need some sort of error to go on..
No error ever ? It must eventually show something ?
, Humm, Did you change something in a bad way? Thats my guess.
I need more information on what is going on because by default it does not do that ?
The only possible way I can think of that could cause that is if you changed things around too much and the config_inc.asp file is getting run/included twice on that page your logging in to.
Also, when you sign in "where" ? What page ?
cwilliams38456.0906712963, in the version you have changing it is not something we covered
I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
, I wasnt talking about the date for a banner ad.. I was talking about the date field in the database for a USER if there is one (I dont remember if that app had date fields for user or not and I am not at a computer to take a look)
If you do not know how to directly open up and edit the database then yes you should just make a new user, The way the application works is one separate installation and database is required for each (IIS Application).... not only is it a licensing thing but it is also the nature of (forms based authentication) because every application in IIS has it's own set of application and session variables and they can not be shared with other various IIS applications.
That being said if you plan to run a separate install for each web/IIS application buying new licenses is fine
If you want to run one installation and database and share that with other web.IIS applications it is not technically possible.
Each web/IIS application requires a seperate install of ASPProtect.NET, that is good news... good guess on my part I guess
anyway, try this for your latest issue.
http://support.cjwsoft.com/code/code_info.asp?TID=340&KW =%2D1, well, ultimately it comes down to this and this is stated in the footer of every page in the cjwsoft family of websites.
"In some cases in order to receive proper tech support your application will be need to be installed on a live professionaly setup server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine."
and if you have some sort of weird timeout going on on your local machine and cant even give me a detailed error message there is just no way I can possibly troubleshoot it... I told you what to check and thats really all I can do... all my applications run on XP. As a matter of fact I do all my development on XP boxes.
It could be any numbers of things... odbc drivers, versions of vbscript... other software on the pc interfering such as antivirus script blockers like norton... all sorts of issues can pop up on personal machines running xp
If you put this up on a live professionally setup web server I can help you. On your local machine there is only so much I can suggest. , Please forgive my question in advance, I'm sure I've overlooked the answer somewhere obvious. I'm sorry!
I'm wondering if it is possible to customize the appearance of the
banner stats login page or the admin pages. I'd really like the
banner stats pages to look more like my own site or at least have my
logo on there or something like that so that my advertisers can see
that it is my site when checking their stats. However, I want to
do this without violating copyright, etc.
Can someone point me in the right direction or shut down my hope?
Thanks!
Laura
, No can do. In both cases there is an icon that says "Not uploaded". I click in it and nothing happens. There is no link to upload. Am I missing something?
By the way, I appreciate and am impressed with your rapid response. Thanks.
, To hopefully wrap this thread up...
This user showed me his site and things were working for me as they should.
We came to the conlusion that the weird behavior he was experiencing was because he was using AutoComplete in Internet Explorer....
It was automatically filling in the fields with his username/password that he had autocomplete save.
So it was a web browser usage issue.. not the code.
cwilliams38165.5102546296, Humm, its hard to explain but I am not sure that is a good way to be testing that. I hear what you are saying but I am not sure that really means anything. Whatever is going on its some sort of client side issue with the browser and the meta refreshing over a very long period of time during which there really is no user doing anything at the site. ,
Timecard Entry: 3/25/2006 4:30:48 PM
Downstairs discussing chamber sites w/Kelly., 600 Miles : WI - PA, Getting information from Jeff to go to Ogdensburg to fix a printer at Pepsi, Took a break to get a bite to eat., work order 99-7-23
Search engine registration for Scholastic Structures., Tried to find some sample code for a new project that was given to me by Steve. It is for the MLS site and being able to rotate the banner ads. , Ended up taking 3 more calls before I left. Just a crazy day overall. Nothing in one area or one problem. All types of different problems from all types of different areas. , Meeting with Jeff and Ed about Sci Tech center and what Ed wanted us to do at the Y, E-MAIL,ETC., email, Review Time Sheets and Schedule, Took in 1 call, very easy problem., meeting with Samaritan concerning ATM network agreement, Calls to Lance Evans of nnymls.com about touring Gisco and about Comp Book pulls. Emailed Chris Williams and Crispin about book pull. Emailed Howard about tour., email voicemail for Paul, Network Performance - Ken Mills, to Malone, unbreak of radius4 from the Clayton office (where's my home circuit?, rrrgh), E-Mail, Newton Quote Walker, Setup Training Bell At'l - Manhattan, Email/Voice Mail/Newsgroups, Duties: Invoice cancellations, cc report, callbacks from voice mails, checking billing emails. answering phones. , call ppl about problems respond to emails call ppl back. Called logicalnet again about lowville.. they got ticket in.. called ba / times about albany circuit, they are sending someone out to fix problem., E-Mail, Voice-Mail, Setup, timecards, 25 Miles : Clayton - Watertown, Checked for online issues, finished putting thumbnails of MLS pages up on MLS Help page, Installed the konica on Beth C., Peggy, and Kelly V.'s computers., Finishing up PO's and orders from Dell, Meeting with team to put together current weekly status report to send to Andrea,
