Blog Entry: 3/25/2006 4:32:44 PM
I log all 404 errors on my site and since installing ASPBanner, I get a lot of the following error:
/aspbanner/edit_banner.asp?Banner_ID=11&User_ID=1 contains a broken link:
/aspbanner/right1.gif
ID changes and there are various missing links. Some missing links include:
/aspbanner/drop2.gif
/aspbanner/left1.gif
/aspbanner/right2.gif
etc.
While not critical, these are filling up my error logs and it takes time for me to sort through them. , ok, here is what is going on
you are password protecting an ".asp" page that requires querystring info to run correctly (example - "somepage.asp?ID=3"")
that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out
this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact
it was a nice feature never intended to handle any situations other than what I just described...
now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info
that more than anything is what is going on.. browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...
To avoid all of this...
One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)
Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.
Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc
So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.
I hope this makes some sense to you.. it is very hard to try and explain ,
MODS are NOT SUPPORTED.. questions about them will not be answered in the support forums. If you want to use a MOD you are considered an advanced user and will need to sort out any issues that may or may not come up.
MODS are used at your own risk and may or may not require certain basic coding skills. , Using "Email Authentication" as a registration option you cannot do that. There is no possible way I know of to have a delay on the authentication email like that. Also that method is not intended to involve any sort of manual registration like what you are doing.
Because you want to review people manually you need to change to registration process to "manual" and then send the email out manually from the users screen after making a user active. , I really need more information..
SQL or Access database ?
If Access are you using the newest version of the .mdb file
Is this a new item ?
Show me your connection string ?
perhaps the url to the site as well so I can look around?
things like that that will help me troubleshoot.
If any info is sensative send me a PM..
, it probably means the page you are trying to protect is (not in an iis application or not in the same iis application) which it needs to be
for a situation like using ASPProtect you really want your root of your virtual directory set up as one big application in IIS. (after you inquired about it your hosting company probably went and set the ASPProtect folder as an application in IIS which means any pages you protect need to be in there as well. (truth is they should have had your entire web starting from the root set as one in the 1st place..... its standard practice for any experienced hosting company) cwilliams38456.9306828704, well, like I said.. I am leaving in about 5 minutes for the wedding.
If you put this up on a live server that I can connect to I will look at it tommoro for you. I have told you everything I could possibly tell you so I dont think your going to figure it out based on the things you have told me so far.
Only other thing I can think of is make sure your not running anything goofy on that server 2003 box. Norton Antivirus script blocking... various ad blockers.. anti spyware applications... etc etc... They can cause problems as well. , Christopher,
I can empathize. It can be a real pain to stablize a server and fend off hack attacks.
As for beta testing, I was referring to once you get to the point where you're ready to release it to the public whether it's this month, next month, etc.
Good Luck!
Al ,
Flash files cannot track clicks unless you edit the original flash file to link to the aspbanner system redirect URL.. feeding it the correct ID of the banner.
When that link is clicked on it will then track the click and redirect the user to the “link url” specified for that banner.
The system actually generates the necessary ASPBanner URL for you. That link is shown on the banner edit screen.(you must save the banner at least once and come back to that screen to see the link though)
Really the best way to show it is with an example as seen below.
Basically the flash banner file "powerasp.swf" highlighted in green needs to be edited to link to the banner redirect url which is highlighted in red.... the banner redirect url will then track the click and ultimately send the user to the Link_URL highligthed in blue.
All banners systems work this way when it comes to flash files.
It’s the nature of flash and the web browser,
The flash source code must be edited to link to the redirect url in the ASPBanner system. There is no possible way any banner system can track a flash click unless the flash file links to the banner system 1st.... because that click is handled by Flash and the web browser.
In some cases if you do have the original source file for the flash banner then you are out of luck as far as tracking clicks goes.
On a side note... if you create flash banners the way this article says you can actually feed a .swf flash file a link for it to click to. Instead of it being hardcoded.
http://www.macromedia.com/resources/richmedia/tracking/desig ners_guide/index.html
This is really the way everyone should design their flash banners from now on because the url it links to can be easily changed at any time without editing the flash file source code. cwilliams38085.095150463, Really awesome, thanks..
If possible please be sure to respond to the email they send so the review ends up authenticated
, The Pop-Up Javascript Date Pickers will only show up of your server's regional settings are set to one of two lCID values.
1033 which is English - United States
mm/dd/yyyy date format
or
2057 which is English - United Kingdom
dd/mm/yyyy date format
Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.
This setting can however be easily overwritten when using the ASPBanner system.
Edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 1033
or
Session.LCID = 2057
depending on what date format you are looking to use
Save the file and go edit a banner. The date pickers should be there now. cwilliams38325.7403125, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks , Got it working.  Had purchased a long time ago and forgot about needing to run the userreg.exe. All is well and thanks for the follow up.
Lance , I assume you mean 500 pixels wide
no.. because you cant reliably tell a pictures image width without an image resizing component to look it up.. asp can not do things like that on its own
serverobjects has a free component called "imagesize" that can do it as well but you need access to the server to install the component
http://www.serverobjects.com/products.htm
so if you cant do that with regular asp code you definetly can not stop the upload proces because the picture is too wide..
heck, that would be nearly imposible to do regardless.. even with the best 3rd party components at your disposal
even with an image resizing component you would have to allow the upload.. then check the pixel width.. then delete it.. tell the user what is going on...etc etc .. all a very complicated process
, Personally, I think that is something you should work into your existing site code or something you should handle on your own.
It's basic site maintenance issues.. and something every webmaster must deal with on an individual basis. If you are going to upload a new version of some large file of course you should go disable wherever people are dloading it from and then wait/re upload/turn things back on.. etc etc
It is not going to be a feature of ASPProtect and I don't see why it should be. If you want to have some sort of global site is temporaily down thing you should have a common server side include on all your pages right after the password protection include file. In that include file you could easily stop site access with a response.end and also show a message.
Or you should disable a file download page manually on a file to file basis.
Really, big busy sites that have their sh*t together use versions of files for a reason. Every new upload is a slightly new version revision and has a slightly different file name They do this partially to eliminate the problem your talking about and also because that is the way it should be done. Nothing gets uploaded over itself ever. Even if there is a mistake in a file they upload a new revision and document it in the revision/changes file. And of course they dont show users a link to a new file revisions until it is uploaded.
, Thanks Chris.
Your solution worked! , Hi,
I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working. , if you are talking about IPN subscriptions and how they work paypal has detailed manauls on their site.. if you are talking about asp.net in general there are probably a lot of good books..
the reason I said look at the aspprotect 7 code is cause the applications and database are very similar and the same techniques will apply for the most part as far as how the ipn subscription posts from paypal talk to the database and what happens during the various post events.. etc etc etc , either that or send me your encyrption keys and the exact password entered that causes the problem and I will try to reproduce the behavior here, You need to make sure you created the SQL database using the SQL scripts we provide and that no errors occur whatsoever. That is extremely important. You must use our SQL creation scripts.
Then, when you create the user you need to go back to that user and make sure you check the admin account and save that user again. (many times when setting up a system for someone I find myself forgetting that step and then I have to go back in and check the admin box for the user I created.)
And of course create the user from the ASPProtect admin area web interface. Do not add the user to the database manually because you will have no way to enter the password correct as it is encrypted. And do not change the encryption key after making the user/.
It would also be wise to check the SQL server database at every step to make sure the user info gets created and that all the field info looks correct for the most part.
You also want to be sure to specify SQL as the database type side the connection string info as the SQL directions go over
a remote sql server should not an issue.
thats really all I can think of right now , thats not good.. its a web server configuration issue of some sorts ?
post is a common method for forms.. if it is not supported it is something you should ask the server admins about.
Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?
ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
http://support.cjwsoft.com/code/moreinfo165-1.htm
My guess is your web server is running Apache Unix or something like that. , i downloaded the latest version. i also downloaded the sql script provided and ran in sql query analyser to create the tables.
After that i ran a special page to intially get into the system,
then setup a new user, then make them an admin,
and after that i logged out and again when i try to login iam not able to login. When i check the ASpp_User table I noticed that the values in the fields "Login_limit" and "Active" in the ASPP_Users table in the SQL changed to NULL and 0. But if the value are Nulls or 0 it means it's not active and it's not allowing me to login.
Pls advice
, Just to let you know that i figured out my problem. I had to modify the connection in the email code and get the correct path from my provider.
I hope you enjoyed your vacation.
Thank you
Adam , at some point I can do the users in mass correct using the import feature in aspprotect right?, Hi,
Ok, well... you have a lot of stuff going on there.
More importantly than that.. you cant even log into the admin area using the admin account. There is something majorly wrong with the installation.
I also notice you havent even saved any path settings in the settings page of the admin area. I am looking that over now and filling in the missing info. That information needs to be populated. , Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings? , Hi,
That is not enough to go on. I need details in order to help. , New Version 8.1 Released
Whats new..
http://www.aspbanner.com/v8_notes.asp
Upgrade Instructions...
Upgrade at your own risk. Though we try new versions are not always perfect due to minor bugs we may miss.
Back up your old setup so you can revert back if necessary..!!!
Save your data connection string info in a text file so you have it.
You can get that by viewing the system info page in the admin area.
Carefully copy all the ".asp" files from the new version to the old.
Your going to want all the .asp files in the aspbanner folder.
Your going to want all the .asp files in the aspbanner/scripts folder
Copy the aspbanner/images folder because there are some new images
Be sure to also copy the "data/config" folder files.folders as well as a lot of that is new including the actual config file. If you dont get the new config file copied in there you will have problems later on with some of the new features.
Be sure to create a new folder in the "data" folder called "tempstats"
Make sure it has proper permissions if you plan on using the delayed stats feature as the stats gets temporarily stored there.
Go back to the area where you originally setup the data connection and do that again...
From the web browser run the following URL
http://yoursite/data/config/aspbanner_unlimited.asp
Replace "yoursite" with the proper url info relevant to your web site location.
When run via the web server that page will ask for a password. By default it is "temp". You should change it later on for security reasons. That page tells you how.
Now... moving on..
There were no changes to the database except for SQL Server users so you can use your existing database.
SQL Server users that want to use the new stored procedures feature (it's optional) will need to update their SQL database with the stored procedures.
Scripts to do that are provided.
ALSO: I have been running this new version using SQL Server Stored Procedure mode for a 1 week on a special banner server that serves banners to many of my own sites. I have also been using the new Delayed Stats feature.
All I can say is it is running like a champ and the SQL server is using less memory than it ever did before.
cwilliams38291.7372800926, IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ; ; ; ; ; ; ; ; ; ; ;PN=1
The 2Checkout Support Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement 2Checkout Payments with ASPProtect. You must be using version 2 of the 2checkout system. They are phasing out version 1 regardless so everyone will be using version 2 very soon if they are not already.
THIS IS NOT INTENDED OR DESIGNED TO USE 2CHECKOUT SUBSCRIPTIONS. (see bottom of this thread for more info on that)
This Support Pack basically gives you an additional signup and registration directory "2checkout_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup in general. New users can register in this directory and pay for membership at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and buy additional membership time online. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via 2Checkout your system is updated and they will have access.
The 2checkout pack is NEW.. and was released on March 19, 2005. If you don't have it and would like it please just ask.
To start using this edit the "2checkout_signup/2checkout_config_inc.asp" file
You will be entering your 2Checkout Account number in that file as well as the URL you want a user to go to after payment. It is all commented in that file. (There is also a testing variable you can set to True if you want to do testing without real charges being applied)
After editing that file run this page.
http://www.mysite.com/2checkout_signup/show_postback_path.asp
Replacing the part in blue with your website info.
It will report back that postback url you need to use in the 2checkout system.
Log into your 2checkout version 2 account and under the "look & feel section" enter that postback url for both the "Approved URL" and the "Pending URL"
Trust me: You want the URL there for a pending URL because the 2Checkout system is quite random and 95% of the payments that come in go to the pending URL and end up being legitimate sales. (at least for me they do)
Now make sure the Direct Return option on that page is on as well.
If set to Yes buyers will be immediately directed to your URLs below once they click the
Complete Order button. If set to No the buyers will have to click a button to return
to your URLs below. |
|
|
Save that page... and leave 2checkout.
|
Now, delete this page from your ASPProtect setup.
http://www.mysite.com/2checkout_signup/show_postback_path.asp
It's a minor security risk and is no longer needed needed.
The basic setup is finished. All you have to now is set up payments options the way you want them.
Changing Payment Options
In the "2checkout1.asp" file there are form options set up.
They look like this and you can have as many as you like.
<option selected value="30,9.95,3,">30 Days, 9.95</option>
In this option... A user has the option to purchase 30 days for $9.95 and he will be set to Access Level 3 when payment in completed.
Here is how it works.
The value setting (red) is essentially and array that can be made up 4 elements separated by comma's
They must be separated by a comma and there can be no spaces. In this example the 4th value was not used but the last comma must still be there. If you didn't want to set an access level and left out the "3" there would 2 commas at the end. etc etc
Basically there must always be 3 commas but you only have to set the 1st 2 values which are days and price.
days,price,access level,groups
The 1st value is the amount of days.
The 2nd value is the price for the amount of days.
The 3rd value is the access level you want to user assigned to.
The 4th option is the groups you want the user assigned to. (see PayPal subscription thread for examples of specifying group info)
Now, the label for the option in (blue) can say whatever you like. , Christopher,
Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software. , That worked...but when I tried importing the test user, the password was imported in an add formated...like it was encrypted, and I can't log in using the User ID that I imported., Ok.. glad you got it working., maybe this is the issue...
do you realize that the descriptive name you give a group is not always going to be the same ID in the database ? The two are not related.
Perhaps what you named Group 1 is really group ID 3
You can tell for sure by generating protection code for group 1 and see what ID it tells you to use..
You also need to remember that you are testing this with different users and it is really easy to get confused so you need specifically log off using the log off page to ensure session info from the previous login doesn't show up and cause confusion when you log in with a different user... etc etc
in addition to logging off that way you may also want clear the session and application info via the code at the bottom of my article
http://www.powerasp.com/content/new/displaying-session-and-a pplication-variables.asp
and do that in between any user you log in as , See, and that's what I thought. What's interesting is that if I call either an aspx page or an asp page in the iframe tag, it asks me if I want to open the page, it doesn't display it. I'm using IE6 so there's not problem with the support for the tag.
I'll keep looking to find out what's going on. I think the iframe method might work best.
JDooley , Our login works great, variables even help determine menu options. When user logs on, however, it opens in a new page. Is there a setting somewhere that sets whether you can open in a new or existing page?
Also, when you log off , If you are developing using Windows 2003 Server and running the NTFS file system setting proper permissions on a folder in your website is done like so.
using "my computer" browse to the folder in your web that you need to set permissions on.
Right click on that folder and then choose the "security" tab.
Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.
You can also give permissions to the everyone account and accomplish the same thing.
Other things to note:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"
In some cases you may want to go into the advanced tab and check both checkboxes shown in order to make sure the permissions you need get set. It really all depends on the situation.
cwilliams38342.7343981481, Please Note : Users with the option pack a new feature called groups that is much more powerful than access levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default and also info on an alternate scenario we have provided.
In the "check_user_inc.asp" that comes in the root of this system Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
The "check_user_inc.asp" included in the "extras" directory is an example of changing the access level checking code
to work differently. In that "check_user_inc.asp" Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 2
Level 3 has Access to - Level 3
Level 4 has Access to - Level 4
Level 5 has Access to - Level 5
Level 6 has Access to - Level 6
Level 7 has Access to - Level 7
Level 8 has Access to - Level 8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
If you get creative you can create some interesting access level checking scenarios.
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive. cwilliams38114.6506712963, say ?
How do you like LiveSTATS.xsp V7 ?
Looks pretty sweet but the pricing is just too much for me to justify as I am very happy with smarterstats and I host a lot of sites now.
I used to use Livestats 5 back in the day when we had a 50 domain license where I worked and hosted my sites. I liked it a lot then I tried the version 6.2 that they had for a while and hated it. Version 5 still runs well on 2003 server but it has such outdated search engine information that it isnt worth using. cwilliams38324.8862847222, I didn't think that was it, but just to prove, I just viewed the same album from 2 different IP's. It did not increment the "hits". , Hi, I haven't heard anything from you.
Has this issue been resolved ?
Thanks ,
Timecard Entry: 3/25/2006 4:32:44 PM
Posted accounts and did a detail of check and cash for a bank deposit. Credit card authorizations, ans. phone, customer inquiries, and worked on my porblem children., general tech support... fishercast went down and i called beth to take care of it.. , talk to Tim and Kris, phone calls, email, Henderson research, work on forecasts for equipment, Herald Bldg - Furniture Peggy, Wireless survey in Canton, Took some tech calls when the que light was on.... checked modems, went over to IMCNET to reset modems... also played with a computer that Randy gave to Dani and I. Steady day today., supervisor training as well as i stayed after per ron at the office to make sure issues are addressed, dial up issues, radlog, ask us a questions, voice mail, follow ups, tech issues, emails, dsl sign ups, q light and calls exculated from techs.... , Potsdam to Wat'n = 60mi (I hate construction and school buses), Reset modems, and filled out modem maintenance log., Easy calls concerning e-mail.
Signed up customer. Outside doors locked and secured, Receiving & organized key system, USA1net status meetings, LEARNING FLASH 4, called a few expired users on radlog. did a dial up issue, Order School directory for New York State, worked on getting the radius servers switched over. Took Acer server 330 from syracuse imcnet and setup and tested as a radius server, once confirmed to work fixed a problem with memory and ecc worked then to rotate the old two radius servers trying not to kill user logins. The one acer 330 seems to be handling requests alot better than the two radius solution before., Fixing Mail Queue, printed timecards, Rearch on ISP-Plant, Lucent for the conversant phone system, ICQ Dave Foster about work, and did timesheets., Busy. , Figuring out space upstair and where individuals are going to move to, bank, phone calls,etc, Checked Radlog and also checked the online issues, Printed Thumbnail pages for review of ads, found 8 images to be converted from RGB to CMYK,found approx. 36 images with no links, not sure if this will cause a printing problem or not, reaffirmed to Shelly that we needed photos for ads that Glundel used , exhibit, tear down, pack up , switchboard, e-mails, billing calls, Customer has problem w/being billed for consultation. Looking up invoice and finding what I spoke w/him about on time card.,
|
