Blog Entry: 3/25/2006 4:28:40 PM
Now, back in the dark ages we had to use the command prompt to setup the MySQL database and all that fun stuff. I am not going to show you that method.
What happened was 100 different 3rd party companies developed interfaces to work with the MySQL server visually. Within the past year MySQL actually released its own little GUI for doing just that so I am going to show you how to do things using that.
Let's download and install it.
Go here
http://www.mysql.com/products/tools/
and download Windows (x86) MySQL Administrator
(1.1 is the most current version at the time of this article)
Installing that is a no-brainer as well. Just stick to the defaults and it will do its thing.
Now that it is finished.. run MySQL Administrator from your start menu.
It will ask for your "root" password that we entered when we set up the server.
Hit OK
You should see this if your MySQL server is runnign and you entered the correct password.
Now select the Catalogs Icon on the right.. go down to the Schemata section.. right click in the lower white area and choose Create New Schema
It will look like this
Essentially this is your database name. I am going to call my database "aspbanner"
Hit ok
Your now have a new database with nothing in it. We now need to run the MySQL database creation scripts that I provide which will create the Tables and Fields needed.
The easiest way when using the MySQL Administrator is to select the Restore icon on the left.
The choose "Open Backup File" in the lower right corner.. Browse to the "aspbanner_mysql.sql" file we provide. You can also download that file here. 2006-03-14_164927_MySQL_Script.zip
Once you select that file choose open...
Now, it is very important you choose the database you created earlier. Also known as Target Schema.. in this case I choose "aspbanner"
Now hit "Start Restore"
Ok, now the database has Tables and Fields
Click on the Catalogs Icon on the left and then select aspbanner from the schemata area in the lower left
You'll see we now have tables in the aspbanner database, Can you be more specific on the javascript I should look for? Can it be combined with ASPBanner?,
Did you do what that thread said so you see a more detailed error ?
Can I see the site and look around.. ?
I just am not sure what is going on from what you are explaining ?
If so private message me with the admin account details and tell me what to do to reproduce the error. ,  Hi, we purched ASP Protect a few months back and had it installed on our hosting company under a "temporary" domain name -- cidrasensors.com
We are now about ready to switch this development site over to production and I need to change the domain from cidrasensors.com to cidra.com
My hosting company wants us to create a new accounting and re-set everyting up.
So...based on this, I have a few questions for you:
1. Do I need to re-install the software? or can I copy from one account to the other?
2. Assuming I can copy the software to the new account - are there changes that will need to be made to point to the new domain?
3. If I decide I wanted to keep the first account alive for development purposes (never turn on the website domain to the public) - would I need to have a seperate ASP Protect license?
4. If I decided to ask you to do the transfer for us - is that covered in the $20 Installation fee I saw on the web?
, (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , ok.. glad it is doing it's thing, It's custimization work. and just not something I can support.
Basically it is basic ASP/Database work.
Something you kind of need to figure out on your own. It's not difficult work for a good asp coder but there is no easy way and it is time comsuming.
I wouldn't use the custom fields though. I would make your own.
It's simpler that way.
cwilliams38437.0929282407, check the action for the button in the code... its probably not posting back the the right page which should the same page it is...
I bet ya it is posting to guestbook2 which is the wrong directory... an old mistake I forgot to correct... cwilliams38310.6540046296, Is there anyway to limit the number of Albums each user can make? , I assume that if I am using this product, search engines such as Google cannot access and index my content. Can somebody confirm that; I want to be 100% sure.
In case it matters, I am using a basic, cheap ISP setup where my site is on a shared server.
Thanks in advance. , Hi,
How do you know permissions are ok in that folder ?
Please tell me more on how they were set.
Please read through my article on how they are set correctly.
http://support.cjwsoft.com/code/moreinfo136-1.htm
Often times they are not set correctly or people thingk they set them somehow but in fact did not do it the correct way.
I would also suggest using the "test_physical_path.asp" page in the "extras" folder to verify if the path you are using to the database mdb file is in fact correct. That page should work whether permissions are set or not. At least then you will know if the path is correct or not and you can go from there. , Hello Chris:
Yes I'm using the Option Pack.
-Ricardo , well, I think John just told you what the deal is. He knows more about ASP.NET than anyone else I know.
If you are going to run a non-standard setup then you are going to have big problems like you are having. , When I designed the system I never really intended people to type in long descriptions for pictures
and if they did I assumed they would use the enter key once in while..
but I guess people dont do that
This thread is along the same lines and shows what someone else did about this..
http://support.cjwsoft.com/code/moreinfo99-1.htm
though they are talking about a different page its the same issue , Not to be pushy, but how's the new version progressing?
I'm hoping these features will be in it:
- possibly add the ability to move pictures around in an album. and maybe between albums, I must also remember to move the ratings and desc as well for that image.
- possibly add a feature to store 3 versions of images uploaded
thumbnail, medium res, and high res/original
-
add option to store the images orginal name in the images description area during upload
may be helpful to people that name their images in a somewhat descriptive way
-
add support for the ibulc bulk upload client that I recently discovered
If you could use a beta tester, I'm still just setting up my site and would be willing to run a beta.
Thanks
Al , Could be a mod I guess - it would be nice to have an option on the admin settings page to lock down access of all pages and redirect to a specified "lockdown" page upon attempted login.
If I'm updating the large files on the server and someone attempts a download, they'll get a partial ZIP file or an error.
, as far as sql goes if you follow the instructions with give for setting up a new database you shouldnt have any issues and permissions should be already set. because we handle that in the sql script we give you.. "its a good thing to look at and it is pretty easy to understand what is going on""
however using another account could cause permissions issues.."yes, even sa" basically the username your using needs datareader and datawriter permissions to all tables used by the photo gallery system and you probably have to go specifically set them usin ght e security tab for your database in enterprise manager. This is more of SQL server 101 than anything to do with the Photo Gallery Code so I am not going to get into it too deeply, but that is definetly the issue. Permissions...
cwilliams38303.6065740741, Then, you would have to add those users to the aspprotect user database. You would do so using the built in import/export features of msaccess and being very carteful about it. It is not a process we support and the technique used would be unique to any situation. Its basic database work though but still you have to be able to do it.
ASPProtect uses its own user database and you have to use that database. ASPPortect can not authenticate users using some other existing database.
Does that make sense ?, ok, thats a new one... I need some sort of error to go on..
No error ever ? It must eventually show something ? , I disagree...
It would be 20 hours + of conversion and testing. Maybe more.
Like I said, I converted a version fo ASPBanner once to work with MYSQL. It took forever to change all the code (2 weeks of messing around) and get it working. There were also a lot of issues with null values in the database, ado update code that had to be rewritten, cursor type issues, recordcounts not working, etc etc that had to be sorted out. There was a ton of situations where things seemed to be working but later on I noticed there were minor bugs to deal with. It was a lot of work.
ASP Photo Gallery has a ton of asp pages. It is a much larger app then ASPBanner. If you convert it to work with mysql I highly doubt you could have it running well with less than 20+ hours of work. I wrote the app and it would at least take me that long and there would still be bugs at that point.
If you think you could your not used to my style of coding and don't realize exactly how much stuff needs to be rewritten.
Granted, you could get some of the basics running off mysql in a few hours or less but there is just so much little stuff that would give you trouble. cwilliams38243.9065277778, Nope,
No changes to any scripts - just a response.write added to Email_Password.asp to print out the SQL.
Sure - here's the address.
www.omegaphibeta.net/aspprotect/users/Email_Password.asp
-Toni
P.S. E-mail address to look for is serena_5@hotmail.com , Have you thought about language file so users dont have to go into the code to put it in their language?? , There is no way I'm going to spend hundreds of dollars for a thumbnail creation program. Mine is a family web site and all out of my pocket.
Is there any free products that work with Gallery that will create the thumbnails? If not can I create them on my own and link them to the pics? There are tons of Perl based freebies out there.
Steve , Having a quality professionally set up ASP.NET server that is going to support your needs is CRITICAL whether it is yours or someone elses. Them saying they will not set permissions is useless. Quite honestly Network Solutions is a joke when it comes to ASP.NET hosting. They are all about CHEAP MASS HOSTING and that is not where you go when you plan on running complex ASP.NET applications. What good is ASP.NET hosting if you can not permissions set on folders you need it for? A lot of people run ASPProtect.NET and their hosts set permissions for them without issue. We made one folder that they could click on and set all permissions at once easily. If they truly knew anything they would understand that and set permissions for you in a heartbeart. You have to have a correctly set up server or a hosting company that is serious about your ASP hosting needs.
I mean you come to us with this mess of a situation, we tell you its a bad setup. We tell you to rebuild the server correctly or make a new one. Now instead of doing that you come to us with another mess of a situation. Now you act all frustrated because you have spent so much time on this. How the heck do you think we learned everything we know ? Do you think we have never spent weeks on a problem or stayed up for 4 nights in a row without sleep. That is how you learn and it is called experience. I have no sympathy for someone that complains about how long something took because I am right there with the best of them and I have paid my dues.
Have you by chance read all of this thread below because despite what you keep telling me you are totally falling into this category.
http://support.cjwsoft.com/code/moreinfo234-1.htm
Granted you may not be "Joe Coder" but you are definetly "that guy" who doesn't really know what is going on with ASP.NET. "that guy" who sets up his own server and knows enough to be dangerous. You definetly have enough sense/basic skills to dig around and read articles and try things but when you are on the wrong track that only helps out so much.
Also: I really was pretty tired when I got home last night, but now that I really think about what you did with that webserver/domain controller is about the worst moves possible when it comes to IIS hosting setups.. That is just SO BAD !! Now, don't think that I haven't done some REAL stupid things in the past. John too, like the time 5 or so years back when thought he could make a Windows XP Pro webserver for serious non development use . Anyway, that is how you learn. I suggest you get your server running correctly (not a domain controller) or you get a real host like www.alentus.com for your asp hosting needs. I mean you can get an account for like 10.00 a month and end all these headaches right now. I even know one of the head techs there as well as the general manager. Their ASP and ASP.NET support is 2nd to none.
You may not like what I have to say, (hell, I can pretty much guarantee you won't) but I tell it like it is and in the long run you will be better off for it.. We spent a ton of time developing the .NET version of this product and we sell it way less than it is worth especially since we provide source code. It is an awesome product, but if the server isn't truly and correctly supporting ASP.NET or they host will not set permissions than it is out of our hands. As far as I am concerned anything else is a waste of everyone's time. I am not going to play that game. Quite frankly, you need to get your stuff together. Nothing you have come up with so far has anything to do with a bug with ASPProtect.NET. Everything has been server related.
QUALITY HOSTING !!!
PROFESSIONALY AND CORRECTLY SET UP SERVER !!!
THERE IS NO SUBSTITUTE !!! , and did you response.write that session value to see if it holds anything to ensure it is being set , [QUOTE=afifm]
I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
End If
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>
</head>
<body>
My Protected stuff here
</body>
</html>
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
Thanks,
Mo
[/QUOTE]
I just added couple of lines and it works fine
If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then
' Session("PasswordAccess") = "Yes"
SearchFlag = true
End If , All can say right now is take a break and get away from it for a bit. All your going to do is stress yourself out more if you keep working on it.
There is probably a way to make it work but it may require days of fiddling around and reading articles and trying things and even then you may not get it working AND THEN ITS JUST A BAD IDEA ANYWAY. Like John says you are better off running it on a server that is not a domain controller. , The application is only intended for use with $ the way it comes.
Use of other currencies is not supported.
(this is noted on the product page)
However, it can probably be used fairly easily with UK customers.
You'll probably want to look into setting the currency to UK in the code generated for the PayPal buttons which is in "view_item.asp". There is probably a hidden form variable you add to it to specify the currency. PayPal's shopping cart documentation and help system would have more info on that.
Doing a search real quick there I came up with this.
<input type="hidden" name="currency_code" value="GBP">
Then you may also want to change the LCID settings for the web site to UK. (I think)
To do that edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 2057 There may also be hard coded dollar signs in the code that you will need to change to whatever.. If after you do the above to steps you see then you'll know where to change them based on the named of the page you on.
It is quite possible that simply changing the LCID will take care of everything, but I am not sure.
Those are the tips I can give you. , Chris, I'm having problems getting this to work. When I plug in the redirect URL and then try to load the web page, the Flash ad never loads successfully - just its black background in the 468 x 60 space. Here's an example of what I'm seeing:
http://www.innovationtools.com/Articles/ArticleHeadlines.asp
Just keep refreshing the page until the black rectangle appears. And here is the code I've loaded for this flash ad:
<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase=" http://active.macromedia.com/flash2/cabs/swflash.cab#version =4,0,0,0" ID=banner WIDTH="468" HEIGHT="60">
<PARAM NAME=movie VALUE=" http://www.innovationtools.com/aspbanner/aspbanner/banner_re direct.asp?Banner_ID=25">
<PARAM NAME=quality VALUE=high>
<PARAM NAME=bgcolor VALUE=#000000>
<embed src=" http://www.innovationtools.com/aspbanner/aspbanner/images/ba nners/mindmatters_innovation3.swf "
quality="high" bgcolor="#3CBDCD" WIDTH="468" HEIGHT="60" TYPE="application/x-shockwave-flash" PLUGINSPAGE=" http://www.macromedia.com/shockwave/download/index.cgi?P1_Pr od_Version=ShockwaveFlash">
</OBJECT>
What am I doing wrong? By the way, I'm using the standard version of ASPBanner. Not sure of the version, but it dates from about 2002. , Here is an example of a query I made in MSACCESS that deletes all users that belong to Group ID of 3. I used the graphical query designer in MSACCESS to do this. Took a few minutes.
DELETE
FROM ASPP_Users
WHERE (((InStr([ASPP_Users]![Groups],"*3*"))>"0"));
Because of the way groups are stored in the Groups fields you have to use the InStr function to determine if the user is part of a particular group
We are deleting all users that of Group ID of 1 so we look for *3* in this example
The SQL statement for a MSSQL database may be slightly different but the general Idea is the same
The SQL statment used in an ".asp" page will be very similar as well.
SQL Statements are the TRUE POWER of working with databases. They are something everyone should learn to work with because they allow you to do some very powerful things., ok... lets forget about all this redirecting business for a minute
when I go to "GP01.asp" directly via your web site I get a big nasty error that says this
Microsoft VBScript compilation error '800a0411'
Name redefined
/protect/config_inc.asp, line 15 Dim Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^
then when I look at what you did in that file I see why
you have this code which is totally wrong because you cannot include the password protection file twice <%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<% GROUPACCESS = "*1*" %> <!--#INCLUDE FILE="check_user_inc.asp"-->
it should be <%@ LANGUAGE="VBSCRIPT" %>
<% GROUPACCESS = "*1*" %>
<!--#INCLUDE FILE="check_user_inc.asp"--> and that is probably the root of this entire problem.. the redirection was working...
but you were sending them to invalid pages with errors
all those pages are wrong... if you dont see the real error above see this http://support.cjwsoft.com/code/moreinfo11-1.htm
if you look over the aspprotect 7 installation instructions that is the very 1st thing I tell people to do
hopefully this is the info you need to continue and get some work done , I have set up a user to be redirected to a different page when logging in for the first time.
I assumed this function would count the number of times a user has logged in. When the login count was greater than 1, the user would be taken to the default.asp
This isn't happening. The user is always redirected. The user login count in the database is now 9.
What am I missing?
, Wondering what might be causing a long delay to display the login screen? This does seem to be intermittent. Could be server/ISP related? Have experienced enough times to justify posting this question.
I can count up to 20 seconds after clicking on the link. After login all other selections zip right along without problem.
http://gibsoncity.us/aspbanner/
Thanks, Lance lancem38319.6117939815, For some odd reason, the the export path has two backslashes (\\) at the end, thus generating an error each time I try to export. For example
C:\path\website\protect\data\export\\
This appears toward the bottom of the import_export_manager.asp page and is called by =ExportDirectory.
I checked under settings tab, no path ends with a "\". Any idea where else I need to look?
Nick
, When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
Thanks
, Running in parallel for testing is actually a smart way to do it, but the truth is you don't use anything from version 6 except the upgraded database (we have a tutorial on how to upgrade the database)
Version 7 was a drastic change /rewrite to all of the asp files that come with the application. So you will be starting out with fresh version 7 ".asp" files and folders... You will also find that once you get version 7 running that editing certain things like the look of the users area and the login screens is much easier to do.
That being said any of your own ".asp" pages that you protect use the same protection code they always did, so there will be no drastic changes needed there when you do finalize the upgrade.
If using MSACCESS as the database I suggest installing the application somewhere in your web and using a fresh ASPProtect 7 database. Once you are familiar with the setup and everything is working fine. Attempt the database conversion and when your done stick your converted database in there and see if everything is ok.
Also, if you already purchased the application download the latest version before doing the install. It's the same download URL. If you don't have it email me and I can hook you up. I have added some new features and fixed a couple minor things since it's release.
So far the feedback on version 7 has been awesome.. cwilliams38414.0133680556, You might just learn something and actually get your project finished before 2010 
your over there hacking away on your virus infested WaReZ machine
LOL thanks for the good laugh-- i guess its time to do some reading and making my own mods to the program..
btw i never insulted cafrepress.. not sure where you got that from- just advised that what they have is exactly what i want to have done. How much for your service? , I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.
Regardless,
What you want to do... logging them in under https and then having them continue though the site under http is not possible.
It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.
In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).
Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.
If you want them logging in under SSL you need to keep them under SSL.
That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own. , I just took a look and that is definetly what happened.
It has nothing to do with the registration process as far as I can see.
Just running this page triggers it and I know it does not do that the way it comes.
http://www.myvirtualtutor.com/aspprotect/users/user_area.asp
Please back up what you changed and put the user area back the way it came..
If error still happens then I can help you.. It it works fine with the default files from the zip archive then you messed something up in the code.
You have to be really careful when working with ASP code.
Also: just in case you did this. " you should not be password protecting any files in the users area that are already there " the users area does it's own thing and there is no reason to be doing anything like that to the files that are already there. You can do whatever you like to files you add on your own. cwilliams38456.0957060185,
Timecard Entry: 3/25/2006 4:28:40 PM
find and download Apache binary for PEPSI linux box, Posted acct and did a detail of checks and cash for deposit. Customer inquiries and ans phones., meet w/Adam re: 24DD development status, proposal for fairview lodge and golden Anchor, TICC & HB deposits, Travel to TaskForce, Tech Test
Filing & Copies., entered bills, Made powerpoint background templates for Crispin for SoftGrades for print and presentation. , Forever Broadcasting - Making requested changes to classichitsz93.com. Making contest entries display with a starting and ending date range., working on channel partners site, Setup website - saintmichaelsplayhouse, Setting up fastenmate.com to send a copy to Chris Bogenschutz each time an order has been placed., downloaded printer driver, installed (w/help from Dave), TICC team meeting, Glenn Curry - wanted info on who to call to have a domain hosted by GiSCO. Gave him Amy's extension., Herald Bldg Pics, E-Mails
, Setup nnyrcha.org, Play w/ Zip Drive (oh, and MANUALLY added some items to my schedule)., Enter po, Verizon analysis, Remove an entry from database on bckings.com for Jeff, Doctor in the PM, Filled out yellow pages contract, sent out alled Wendy anne, Drive to Carthage (40 miles), Opened bills and entered them to QB, Work w/ Andy on the phone as to on-site preventative maintenance done at Dr.'s in Ogdensburg for St. Lawrence Radiology, front office and jodies office, Working on new domain setups. Working on problems with domains., visit with the lowville chamber droped off new color brochures., steady,
| 
