Blog Entry: 3/25/2006 4:22:43 PM
ok, It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.
Regardless,
If an account isn't listed you have to add it.
Click (add-advanced-find now) and it will list off all the user accounts on the machine
You can also click (add-advanced) and simply type in the account name or part of it.
Some more tips:
If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.
You can also go to computer management in your server's administrative tools and view all of the accounts and groups there under "Local Users and Groups".
cwilliams38417.7186689815,
Chris,
When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.
All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.
I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP. I hope I expained the situation well enough.
, I have ASPPhotoGallery installed. Everything has been working great for some time. Suddenly, for no apparent reason, I am not getting the "Hits" incremented when a user opens an album. It works when an administrator is logged on. Does not for any anonymous users. Everything else seems to work fine. Again, this used to work. Any ideas. , that really does not make any sense...
I dont know what else to tell you as this really shouldn't be anything too difficult to sort out...
redirection based on criteria is not something aspprotect does by default... I try to help a bit... I've shown everyone how to do it in this thread...I know plenty of people doing it... I've done it myself... I know it works
let me ask you this... are you using ASPProtect 6 with the Option Pack ?
I assume you must be or you would not have the Groups feature ?
And you asked this question in the ASPProtect 6 section.
but then maybe your using 7.. I do not know
this should all work the same either way
, question 2 is answered best here
http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal
I should also mention that the paypal scenarios used in ASPProtect can not be tested using PayPal's sandbox. Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts)
then you can log into the other and refund the transctions and of course it makes sense to use low amount like 1 cent and what not.
Also, I'd love to see what you came up with with the integration. I have been working on it here as well and took it in a different direction as I plan to sell directions for it as an add-on for aspprotect. I have it all working here but so far I dont see an easy way to let other people do it as I had to change things in both systems in a lot of places. Utimately if done under a SQL environment triggers should be used at the database level and that is another consideration.
, ok, now were getting somewhere
I didn't know you imported from another system,
chances are you are missing field information that an ASPProtect user requires.
Start off from scratch with a new aspprotect database... create a new user and look at the info that gets entered by default for every field in the database
make sure when you import a user that you mimic it all
dont import directly using access because the passwords will not get converted to encrypted versions of themselves correctly.. and the whole process will be usesless as no passwords will be correct
Use the import feature built into ASPProtect.. because it is smart enough to take the clear text passwords and encrypt them accordingly
if you want to know a correctly formatted import file needs to look like make one and check it out
do one user at a time and make sure you can log in to an example protected page till you get it right...
once you get that working do them all
Thats really the best advice I can give you. , Great Thank you!
As of thus far the program is working rather nicely.
I am very impressed :)
, that would probably work...
any ".aspx" page can grab that data after someone logs in..
Session("Username")
Session("User_ID")
etc etc
anything you see set in the "aspprotectlogin.aspx.vb" file will be there
any data not set there would have to be added and then the project recomplied so that data gets saved...
, [QUOTE=cwilliams]
Every application we sell that has a password on the database uses "temp"
Also, the password is in the connection string in the dataconn_inc.asp file.
After all, the ASP code needs to know the password just like anyone that wants to open the database would.
[/QUOTE]
That i have, my question revolves around the all the users and passwords that I in that database. I need to be able to export that list to word for a mail merge list, but when I do the passwords show up encrypted. I need to be able to get an unencypted list.
thanks
, Aspprotect issue
I need the ability to allow users to view url links on a page, based on the
group(s) they are a member of. If the user is the member of one group (group 1 in the following example) the code works fine.
<% If Session("GROUPS") = "*1*" then %> "view link #1"
However, if the user is a member of more than one group (let's say 1 & 5), I cannot make the code work.
I have tried various versions of wildcards, nothing seems to get me there.
I fairly new at ASP, and I am sure I'm missing something simple.
Any help would be appreciated.
, ok, Its not a known issue.. I would try the original code before you made any changes and see if it still happens to you.
It seems to be working fine here for me in amy test web.
I am going to look into some more in the meantime.cwilliams38341.7166782407, Hi,
I don't see any good reason to rename any of those files.
Changing them though may involve changes to the code recompiling, etc etc... it is not something I support.
, We would like to use some of the variables from the user account in our web pages after they log in (something like, 'hello <user>"), but for professional printout reports using company name and user.
Could you offer some help as to what variable string we use to print that information on logged in pages?
By the way, the program is working great!!!
cwilliams38446.6302083333, its no different than linking to an image or another page. you have to adjust the path to the include file based on what directory you are in.. or you get an error
This is noted in the admin area on the code generator page which also gives you 2 examples of ways of calling the server side include. (Virtual or File include)
These threads below are also full of info. I found them by doing a quick search and they should help you out as well.
http://support.cjwsoft.com/code/code_info.asp?TID=349&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=303&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=236&KW =The+include+file , I am having difficulties importing new Users.
I have exported the existing list and then copied in the additional users and save the file as text (tab delimited) in Exel.
When I go to import the file (browse then upload) I get the following error:
Microsoft VBScript compilation error '800a03f9'
Expected 'Then'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.
All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.
Any assistance would be appreciated.
Thanks
, I didn't know about it. I will try to check it out some more this week.
, lmao ... ya that has never happend to me before....
, I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.
Regardless,
What you want to do... logging them in under https and then having them continue though the site under http is not possible.
It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.
In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).
Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.
If you want them logging in under SSL you need to keep them under SSL.
That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.
, It is common when testing a site that this happens because of the nature of session variables.
Admins have access to EVERYTHING so it is very important when testing different user accounts that you specifically log out... and then close every single browser window before logging in as a different user. This is to ensure session info from the previous user does not overlap in any areas.
(The session variable for admin access being the main one)
Under normal circumstances a user would not log in with many different accounts on the same computer this this would only be a problem for a developer who is testing.
So make sure you go to the to log-off page and log off.. then close all browser windows.. then test another user.
If all this is not the case then something else is going on and I will need more information. I pretty much know the level checking code for ASPProtect Version 6 is correct as there has been no reason to change any of it in over a year. I would have heard reports of problems with it. , Microsoft has a free version of SQL server 2000 than you can run on a development machine.
http://www.microsoft.com/downloads/details.aspx?FamilyID=413 744d1-a0bc-479f-bafa-e4b278eb9147&DisplayLang=en
This is really the same thing as the MSDN version of SQL server that comes with Visual Studio
It is limited in two ways.
No single database can exceed 2 gigabytes in size. However, each Desktop Engine server instance can contain many databases, each of which can be up to 2 gigabytes in size. Each computer can host up to sixteen instances of Desktop Engine.
Performance will rapidly decline when more than five simultaneous users use the database engine at the same time. With five users or less Desktop Engine will operate with full SQL Server speed.
After you install this your going to need a way to connect to your sql server as well as a way to run queires on it.
I suggest either install the client tools off any SQL 2000 Installation Disc (giving you enterprise manager and query manager)
or use the FREE SQL Server Web Data Administrator which will do amost everything you will need to do. It is really very slick
http://support.cjwsoft.com/forum/forum_posts.asp?TID=127& ; ; ;PN=1
Then you have a pretty sweet setup for testing and developing locally using SQL server.
If you are wondering why someone with a real SQL Server 2000 cd wouldn't just install the real SQL server locally it is because the server part will usually not install on XP Pro or non server versions of windows for licensing reasons. (at least every SQL 2000 CD I have is like that regardless of whether it is standard or enterprise) But the client side tools on the cd are invaluable so I just install the Desktop Version of SQL along with the client side tools and everything works great.
, Could be a mod I guess - it would be nice to have an option on the admin settings page to lock down access of all pages and redirect to a specified "lockdown" page upon attempted login.
If I'm updating the large files on the server and someone attempts a download, they'll get a partial ZIP file or an error.
, Has any one used the aspmail function to send emails from within your site? If so what did you use as the AspMail_Host string in the connections database?
thank you
, Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO
, its that server, it's way underpowered when it comes to running dynamic code and databases.. and that other app is probably stealing all the leftover odbc resources..... did you try doing the import on another machine running ASP? Thats the way to go.. I am afraid I won't be much help at the moment.. I am battling with a crashed system and a lot of lost data, Haven't gotten to it yet. I do know there are a few customers using it to edit the app and said it was not all that different. Maybe they will chime in with some tips., My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work. I've tried many different options - here are two that are the closest - but have issues:
1. If I use the settings:
email component: aspemail
Mail remote server: my internal server name
*no smtp authentication
email mail notification - my email address on my internal server
***I get the following results:
I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.
2. If i try to change the setting to use the Hosting Website email server - I get the following results: I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.
**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.
, While my host says the permissions are now correct....its still trying to download the setup ASP file instead of executing it.
I really need to get this application working asap too. I noticed the purchasing page said that install came free.....so any help would reaallly be great.
re
, Hello,
My guess your having trouble setting up a system dsn because the database has a password set on it. Your hosting company most likely sets up DSNs without using the advanced tab which is where the authentication information goes. Or they have some sort of web interface for the customers to use that doesn’t allow setting up that information.System DSN’s are actually difficult to set up correctly when the database has a password on it. There is of course a password on the database for security reasons so if someone ever downloads it somehow they will not get your information.
System DSN’s are not the way to go regardless as you will see mentioned at our support site.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=9&P N=1
You really should try setting up a DSN-less connection. It is the best way to go. They are easier to set up, perform better, and are less load on the server. Any host that wants it customers to use system dsn’s is not on the ball as far as server performance and server resource conservation goes. They are really asking for trouble down the road.
All you need to do to make dsn-less connection is the following.
Get permissions set for the folder the database is in (by your host)… then figure out the physical path on the server to the database by using server.mappath or you simply ask your host for the info.
An article I wrote on using server.mappath
http://www.powerasp.com/content/hintstips/physical-path.asp
Then your connection string will look something like this.. (of course you edit the path to match what server.mappath tells you. And you make sure the database name is correct)
ListingsConnectionString = "DBQ=C:\Inetpub\wwwroot\asplistings\_database\asplistings_ac cess2000.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
Another option would be to simply remove the password from the database using MSACCESS.. then try to connect to it using a System DSN without the password. If your host is storing the databases outside of your web in the root of the server then removing the password on the database is not that bad of a thing to do as there is no way anyone will be able to dload it from your site. Of course there is a still a performace loss when using a system dsn with an Access Database
cwilliams38145.8540509259, You might just learn something and actually get your project finished before 2010 
your over there hacking away on your virus infested WaReZ machine
LOL thanks for the good laugh-- i guess its time to do some reading and making my own mods to the program..
btw i never insulted cafrepress.. not sure where you got that from- just advised that what they have is exactly what i want to have done. How much for your service?
, I Dont know... it shouldnt do anything like that.
if it ever asks to download a aspx or asp page its generally a server configuration issue not related to the actual code
provided you arent trying to grab the injectbanner page through an iframe call which is only for use with the javascript method of calling banners
, I think this addresses your question
http://support.cjwsoft.com/code/moreinfo144-1.htm
, really all depends on the sql connection string you are using and the names of your sql user you are using...
you really havent described very much..
I'd double check all of it.. something is wrong
cwilliams38325.8892824074, [QUOTE=afifm]
I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
End If
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>
</head>
<body>
My Protected stuff here
</body>
</html>
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
Thanks,
Mo
[/QUOTE]
I just added couple of lines and it works fine
If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then
' Session("PasswordAccess") = "Yes"
SearchFlag = true
End If
, An email I just received from eastcoastguy.. to keep this thread up to date
Your quick reply was greatly appreciated... I removed the password and was able to use a DSN...I will look into a DSN-less connection later..once i get this working !
Cheers
eastcoastguy
cwilliams38146.6165509259, Dear Support Team
I have read and Installed your v8 banner software
exactly as explained on XP pro which contains other asp working app.
I have problems with the " Application " and " Session" in your scripts
things that make the iis fall dead.
also in the file asp _unlimited_config.asp
you have exlained that every thing must be kept without the "" marks.
well i get http 500 error cause of it.
Please advise
Thanks
Ran
, I have been using this solution for over a year now and think its great, however I recently logged on to add a banner and when I clciked on the link that opens a window, displaying all the gifs in the directory../images/banners/, now images showed up, however they do exist in that directory.
I recently upgraded my computer and am now using windows XP...could that be the problem?
Thanks
,
 |
Don't want to install the application ?
Having trouble doing it ?
Don't think you can ? |
No problem, have us install it for you.
PLEASE READ ALL OF THIS
Installation service is generally available Mon - Fri during the hours of 10 am - 7 pm EST.
We may very well be around to do installs at other times but we do not guarantee that.
To do an install we generally need FrontPage Explorer or FTP access to your site.
We also need a way to set permissions on any necessary directories, etc etc.
To do a SQL Server install we need to access your SQL server via Enterprise Manager.
Some installs may require access to other things not mentioned.
The server must be a properly set up NT/2000/2003 server running IIS 4-6 for ASP 3.0 applications.
(with support for ASP scripts and database connectivity.) Parent Paths must be enabled on the server.
Please Note:
These ASP scripts do not run under Chillisoft ASP. That means they do not run under Unix, Linux, Apache, etc etc.
We do not install our applications on free ASP Hosting solutions. Why, because they are more trouble than they are worth. Free hosts like that are usually zero help if we need something changed. There is a reason they are free.
We install the software in it's base configuration. We make sure it is running correctly. If you break the installation you will have to pay to have it fixed. We do not integrate it with your existing site or edit any of your existing web content. That is up to you. Installation fees are non refundable as is the digital source code we sell. When you purchase anything from us you agree to this.
We do not do installs for IPNFulfill and Color Sequence Protection as they are simple scripts and do not even use a database.. We also do not install the IPN Support Pack as it is just a folder you copy into your web and some configuration files that you must decide how to configure based on your needs and your PayPal account info.
|
Installation Service Pricing
Any CJWSoft ASP 3.0 application
(Access Database Installation) |
25.00 |
 |
Any CJWSoft ASP 3.0 application
(SQL Database Installation) |
40.00 |
|
Contact us if you have any questions.cwilliams38165.5615277778, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296,
Timecard Entry: 3/25/2006 4:22:43 PM
deposit, take to bank, pull invoices, Research Gisco invoice for Supplies, postage, cell phone entries 1/00-9/00; Walker POT04005 - match to multiple invoices , Fed Ex $45.78 & MCI $1604.55 invoices; , NCN - Making requested changes/fixes. Added news/sports, weather pages and admin areas to configure them. Changed ordering of banner ads. Fixed input fields for netscape. Changed date-stamp from jscript to asp (works with all browsers)., *Troubleshoot Index Server for Agfa Medical, E-Mail ... cant go a day without i guess., worked on creating a way for work order numbers to be created on Work Request System (internal billable), Re: Ogdensburg POP engineering w/ Ed, Randy, and Howard, Posted the Watertown $ and taking it to Jackie, TAF coupons and special promo coupons, steady, techcalls Radlog, Watching the NOC, Carefully reveiwed steps taken to produce menu rollovers, but cannot find error in script. Front Page's include is not working correctly and the menu works in preview by itself but not on the default page. , Crown Point to Watertown - 200 miles, Also checked rad log.
NOTE: Grubbage for IMC-net was down., Review iNex user's guide, carrying in letter heads, email/voicemail for Paul, fixed the copier for downstairs-needed paper, Logins Vermont / Gisco reload overtime...., Finishing up incident emailing website, Apple tech call for G3 Monitor, Review Allen employement contract, Watertown to Clayton, Time spent throughout day taking care of odering CSU and cancelling old orders for Jim Gilbert., Court appearance, Lions Club Millenium Raffle web site - add to hot links, research, training.....working with TIITC site.....will go live very soon, Gernal Tech Duties: phone, email, rad log, online, and expiring users., read and responded to emails, WDT Sports Pix, tech supv duties radlog, open incidents, callbacks, voice mail online issues (none) good night...,
