Disallowed Parent Path

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory. 

When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.

If it is not enabled on you server you will have to ask your host to enable parent paths for your website.

This is what the settings screen looks like on an XP Machine

Additional Information:

It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.

Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.

Hosting companies should if they are serious about hosting ASP.


If they won't your only option is to go through all the code and convert the file includes to virtual includes.

http://www.powerasp.com/content/code-snippets/includes.asp

The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)

Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc

Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.

In my opinion virtual includes are pretty useless for commercial web based applications...  Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.

For example...

The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->

But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this

<!--#include virtual = "/somedirectory/somefile.asp"-->

I believe what happened is we received the older copy of ASP Banner iwht our purchase of ASP Protect and were notified of a free update to download aspbanner_unlimited_v8.2_feb_26_2005.zip which we did, and that's the one i recently put on our site.

  Sounds from your reply that something technical is going on to the point where I will have to hire one of our Web consutants to dissect for us.  We'll try again and track our issues and send another request for information when we can show you a specific example of what is happening.  I'll be in touch.

Not really.  The way I thought activity would work is that I would always see the last 50 users.  Not sure what controls that and why I wasn't seeing it, but it sounds like it is an IIS thing and since my site is not all that busy, it will not show the users if some process has reset the numbers.  Not a big deal.

As for the log files, I think it is related to my other question regarding the export directory.  I have the ISP looking into things at thier end to see if they are doing anything that could cause the directories to disappear.

Thanks,

Dave

When a user 1st signs up a proper case function is run on certain fields.
This is only once on user signup and never done in the admin area.

It's goal is to keep things entered in Proper Case,

so if someone enters "chris williams" it becomes "Chris Williams"

It's not perfect but it helps a lot to keep the data clean and more consistent. Since it only happens during registration those values can be changed later by the admin or the user if someone wants to.

The function is only applied to the fields that it makes sense to apply it to.... 
In your case adding a drop down menu means you want exactly what is in your drop down to appear so you wouldn't want it happening.

That being said, it is really easy to remove this situation from any field it is happening to during registration.

So edit "users/add_new_account.asp" with a text editor

find

CmdAddUser.Fields("Company_Name") = PCase(Company_Name)

and change it to

CmdAddUser.Fields("Company_Name") = Company_Name

That is all that is needed to made the change

When did you download the ASPProtect Version 7 zip file ?

what did you enter as a wrong password to make that happen ?

does it it do it when other wrong passwords are entered ?

It does not matter what directory name the ASPProtect files and folders are in but you cant go moving around critical file and folders like it appears you did nor is there any reason to.

All that is is saying is that the users folder, the password_admin folder, the scripts folder, the check_user_inc.asp file, and all the other files and folders that come with the system can be in any directory name as a whole.... but that doesn't mean you can go messing around with the files and folders in that directory.

I assure you 100's of users do not use "aspprotect" as the main folder name and they have no issues doing so.

Regardless, you need to explain in much clearer detail exactly what you did and what paths you used and what is where.  At this point I really do not know what is you did as your post was not clear to me.

You should also check that you have entered correct path info in the admin settings page area. The register page is one of the paths that geths set there.

I really do not know.. maybe it is a conflict with something else..

I run many instances of aspbanner on my servers and I have every item to log enabled for my iis log files... my stats server software which reads those log files (livestats and smarterstats) have never reported any 404 errors related to (aspbanner/those images)...

I do not know what is happening in your situation..

sorry.

Regarding installation in a subfolder

Though this should be common sense and ASP.NET 101 "so to speak" One thing not mentioned in the docs..


If you do not install ASPProtect.NET in the true root of a web there a key in the web config you must adjust.

it looks like this

<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

The way it comes it is valid for a root installation..

lets say you installed the application in folder called.
"aspprotectnet"

the key would change to this

<forms name=".aspprotect~net" loginUrl="/aspprotectnet/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

Has anyone used the aspmail function to send and recieve emails from within your forms? If so what string did you use in the aspmail_host field in the connections database.

thank you
adam

I am running Windows 2000 server. I do believe asp.net IS installed as I have the .NET 1.1 framework installed.

Funny about the bounce backs. I am at about 10% of my limit, which I control as I am the network admin. I'll check into that.

it's ok

one step at a time and at each step testing things.. then when you mess something up you can figure it out a lot easier

no, its part the concurrent login checking system.

currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)

when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over

sorry

as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional.

Thank you so so much! I went to the admin area and changed the email component from CDOSYS (using remote server) to CDOSYS (using port 25 forwarding) and all is working great now!

Again, thanks!

Ya, you must have tried to upgrade from a really really old version like you said which wouldnt really work out because those instructions are specifically for upgrading a version 6 database to version 7.

That line error you had was looking for the User_ID field and I bet the version you had was so old that you didnt have a field named that as a few years ago the field "ID" got renamed to "User_ID"

As for all the cool stuff... yup there is a lot of cool stuff in this version... glad ya like it so far

When using this code:

<!------- ASPBanner Ad code ------------->
<script language="JavaScript"> var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.poconocommuter.com/aspbanner/injectbanner.asp?Ban nerZone=6&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script& gt;
<!--------- End ASPBanner Ad code --------------->

I receive an error that jscode is undefined. The banner will not display.

Any ideas how to fix this?

you password protect an asp page in your site "where that is is up to you"

http://support.cjwsoft.com/code/moreinfo171-1.htm

then you link them there from your own pages

thats all there is to it

is that what you are asking?

Additionally...any page you password protect automatically becomes a login page... where you want to start and where you send them after or before login is something you have to handle on your own

Any pages you pasword protect will prompt the user for login info if they are not yet logged in that is.

Then once logged in it returns them to the same page they are showing the page content as it would normally appear.

Chris,

Yesterday when I would access the get_me_in page with the password key, I was then taken to the default login page.  It did not give me the option to create a user. 

Today, when I entered the password key into the get_me_in page, I was taken right to the create user page.  So, yes the problem has been resolved.  I have no idea why though.

1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another?  I am asking because there is only one table in the DB, and it is the "Users" table.  So I am presuming that there must be other databases that are linked to the DB.  Is this correct? 

2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software?  I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of. 

DONE IT

DON'T WORRY!

DON'T ASK HOW, BUT NOW IT WORKS!!

THANK YOU IF IT WAS YOU, OR THANK YOU GOD IF IT WAS ME!!!

What about browser caching ? It can happen easily especially if you update pictures over one another.

emtpy out the temp files of ie (take a while usually).. close all ie windows and go back..

Otherwise I need detailed info on the problem. What you told me is not enough to troubleshoot. There are so many factors like what image  image rezie component you are using, the size of the pictures before conversion, server resources, what your doing regarding 3 albums.... etc etc

I have imported 100 pics at a time into an album on a fast server with no issues. Thats using any of the image resizing components.

If an album is new what your describing should never happen. Again, it think what your seeing is browser caching playing tricks on you. We have anticaching things in place so thumbnails never do that but not for the large images.

I'lll try to look at it this weekend. I have to leave the office now.

There must be something wrong with the last build of the code. I dont think that upload export file thing is a feature too many people use or I would have heard of this sooner.

For now just upload you export files to the export folder manually using ftp or frontpage explorer and you can accomplish the same thing.

Humm, Did you change something in a bad way? Thats my guess.

I need more information on what is going on because by default it does not do that ?

The only possible way I can think of that could cause that is if you changed things around too much and the config_inc.asp file is getting run/included twice on that page your logging in to.

Also, when you sign in "where" ? What page ?

Hi,

I am investigating the possibility of purchasing above script having spent some hours trying to integrate various free banner rotators into my Invision portal.

What attracts me to your script is that it has 6 ways to call banners. I am an inexperienced webmaster with only a smatterring of knowledge about ASP. Will ASP Banner be able to integrate with my portal?

Many thanks

David van der Want

Okay, this also shows at the bottom of the import/export page

I've got the IUSR account with modify permissions on this data folder as well.  Is the "this directory needs change permission" line just a general reminder?

Files are being stored in "D:\missourirealtor.org\members\aspprotect\data\export\\"

This directory needs change permissions for the anonymouse webserver account.
Those permissions can only be set by your hosting company.
These features will not work without those permissions being set.

ahhh ok.. I was going to wait till morning to answer this one..

glad ya figured it out