(Password Expiration Mod) for ASPProtect Version 7.x

This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)


 
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.

Purchase Page

Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.

This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.

There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.


Directions:
Back up your existing ASPProtect installation.

Add two new fields to the "ASPP_Users" table in your database.

For an MSAccess Database

Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)

For a MSSQL Database

Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)

once that is done

Copy all the new ".asp" pages into your site.


Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file

It needs to be the full URL to to the "change_password/default.asp" file


Now edit the "change_password/processchange.asp" file

There are 3 variables you can edit.

PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8

The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.

The other two values should be obvious.

That's it...

Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file

Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. 

You can mix and match banner calling methods all you want.
Try it and see what happens.

However, the only method that is going to work on non ".asp" pages is the javascript or the new iframe method listed in the support forums.

You can't unless you plan on editiing and custimizing the code.

The application is only designed to have one kind of admin and that kind has full access to the admin area.

You can of course give any user access to stats for their banners via the bannerstats page.

That is how it works. There are no other levels of admin access.

its a text file   you just edit it with notepad..  if ya mess it up ya put an original copy back in

no biggie either way

jump in there..

I just showed ya exactly what to change.. its a no brainer man
This is simple source code. It's meant to be edited and hacked.

The only reason I warn you is so you can't blame me later on if it effects something

I am just trying to help

If ya dont like that solution why not just use periods for the first name field.. or a dash or something... then nobody will really see it

or maybe store the company name in the first_name field

seems like clever things to try without changing the code..

good luck...

ok, I am home.. missed flight.. just got home an hour ago.

lets see.. I really need more info...

For starters are you using the delayed stats feature ? that is expirmental and could cause that problem

While attempting the database connection test, I receive the following error:

Server Error in '/' Application.

---

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Security error.] aspprotectnet.DBConnectTest.Page_Load(Object sender, EventArgs e) +0 System.Web.UI.Control.OnLoad(EventArgs e) +67 System.Web.UI.Control.LoadRecursive() +35 System.Web.UI.Page.ProcessRequestMain() +2112 System.Web.UI.Page.ProcessRequest() +218 System.Web.UI.Page.ProcessRequest(HttpContext context) +18 System.Web.CallHandlerExecutionStep.System.Web.HttpApplicati on+IExecutionStep.Execute() +179 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

Hi,

I don't see any good reason to rename any of those files.

Changing them though may involve changes to the code recompiling, etc etc... it is not something I support.

I have been able to successfully edit some text colors, but there seems to be one page that wont change the text color. Inside the users/ folder, the login.asp page, i cant seem to change the text color from ffffff to 000000 so it can be read on my background color. Every page in the script is correct but this one.

Thanks.

ya, thats basically what I was gonna do..

BTW.. if that other app is going crazy with an access database it could be the cause of all the slowdown with ASPProtect... what happens there is it is using so much database driver time that it robs other things that also access a database... so basically ASPProtect isn't asking its database for much but your other application and database are cripping that part of the system and causing it to run like crapola

If your other app is using a system dsn try changing it to use a dsn-less connection... it might actually help

check the action for the button in the code... its probably not posting back the the right page which should the same page it is...

I bet ya it is posting to guestbook2 which is the wrong directory... an old mistake I forgot to correct...

Sorry, I forgot about that when I got hung up on the install problem.

 I'll tackle your explanation now to see if I can get it working. Since I already bought the software I'll keep my fingers crossed.

Thanks

Hello,

My guess your having trouble setting up a system dsn because the database has a password set on it. Your hosting company most likely sets up DSNs without using the advanced tab which is where the authentication information goes. Or they have some sort of web interface for the customers to use that doesn’t allow setting up that information.System DSN’s are actually difficult to set up correctly when the database has a password on it. There is of course a password on the database for security reasons so if someone ever downloads it somehow they will not get your information.

System DSN’s are not the way to go regardless as you will see mentioned at our support site.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=9&P N=1

You really should try setting up a DSN-less connection. It is the best way to go. They are easier to set up, perform better, and are less load on the server. Any host that wants it customers to use system dsn’s is not on the ball as far as server performance and server resource conservation goes. They are really asking for trouble down the road.

All you need to do to make dsn-less connection is the following.

Get permissions set for the folder the database is in (by your host)… then figure out the physical path on the server to the database by using server.mappath or you simply ask your host for the info.

An article I wrote on using server.mappath

http://www.powerasp.com/content/hintstips/physical-path.asp

Then your connection string will look something like this.. (of course you edit the path to match what server.mappath tells you. And you make sure the database name is correct)

ListingsConnectionString = "DBQ=C:\Inetpub\wwwroot\asplistings\_database\asplistings_ac cess2000.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Another option would be to simply remove the password from the database using MSACCESS.. then try to connect to it using a System DSN without the password. If your host is storing the databases outside of your web in the root of the server then removing the password on the database is not that bad of a thing to do as there is no way anyone will be able to dload it from your site. Of course there is a still a performace loss when using a system dsn with an Access Database

If you have an album with more than 96 pictures, the spacing in the tables can become incorrect, with pictures touching each other. (This program is not designed to handle more than 96 pictures due to server speed, but it can handle more than 96 with minor changes to the code.) Also, after 96 pictures, the pictures will not have 6 on a line, but rather 6 on a line up to 96 pictures and then the rest of the pictures on one line next to each other extending to the right of the screen endlessly. To fix this, I simply edited the ASP code using the following loop. It can be a perminent fix, because I used the maxpicsperalbum variable to define the spacing.

<%
Dim SixInterval
For SixInterval = 2 to maxpicsperalbum
 SixInterval = SixInterval + 5
%>
 <% If PicIndex = SixInterval THEN %> 
  </tr>
  <tr>
 <% End If %>
<% Next %>

Then, the following code must be commented out:

<% If PicIndex = 6 or PicIndex = 12 or PicIndex = 18 or PicIndex = 24 or PicIndex = 30 or PicIndex = 36 or PicIndex = 42 or PicIndex = 48 or PicIndex = 54 or PicIndex = 60 or PicIndex = 66 or PicIndex = 72 or PicIndex = 78 or PicIndex = 84 or PicIndex = 90 or PicIndex = 96 Then %>
 </tr>
 <tr>
<% End If %>

This code can be found in scripts/view_album_style*STYLE NUMBER*_inc.asp . (STYLE NUMBER depending on which style you are using (found in config file))

This change in code will enter a new table row after each 6th picture. You can have more or less than 6 pictures per line depending on the width of your files and preference by changing  changing the number 5 in this line of code: SixInterval = SixInterval + 5

If you have any questions, JPortnoy@Checkernet.com

It's probably something I could do for you as a custom project if you are interesting in paying to have that work done, but it is probably not something that will be added to this version of aspbanner as it is in my opinion a feature more suited for a more expensive software package.

It is also difficult to get ASP code to do things on it's own. Scheduling something to run on the server or some other clever scenario is necessary and that usually means it would be unique to each persons setup.

http://www.cjwsoft.com/custom_work.asp

UPDATE..

Installed a new rack mount 1u server this week.

3.2 ghz hyperthreading 1 mb l2 cache prescott cpu
2 gb pf pc3200 kingston memory
SATA Raid.. (2) 120 gb drives running hardware raid 1

It is a supermicro 1u server case and server motherboard.
The hard drives are SATA 150 120 gb 7200 rpm Diamondmax Maxtors

All high end server type stuff... It's a very powerful server and has been running great all week. 500+ hours uptime so far.

Running Windows 2003 Server Enterprise
SQL 2000 Enterprise SP3
SmarterMail
SmarterStats
Windows DNS
ZipEnable (which I am reviewing for them)
ServerMask (which I am reviewing for them)
A ton of ASP Components which I have purchased over the years.

So that means I can now focus my attention on creating software again instead of being a system admin. (Due to these server issues over the past few months I am now back to godly status as far as windows system administration goes.. not to mention I am now back up to speed on the latest processors and hardware)

So, getting back to ASP Photo Gallery...

I spent about 20 more hours this week on the new version of ASP Photo Gallery Pro.. I have another 40 or more to put into it as I have a lot I want to do.

I think it will be ready within the next three weeks. I know a lot of you have been waiting for something.

I am successfully using ASP protect on our site. I have one question:

The file Check_user_inc.asp looks a bit bland as I can't seem to use the sites Dreamweaver template. If I apply a template to this page, it is duplicated on other pages with this template.

How can I apply a template to this page?

Thanks

Clark

really all depends on the sql connection string you are using and the names of your sql user you are using...

you really havent described very much..

I'd double check all of it.. something is wrong

Our knowledge base which is hosted at a remote location is protected by ASPProtect Full Version 6. I would like to allow our employee to access the knowledge base from within our internal network unchallenged. Is there a way which I can modify the code "check_user_inc.asp" to allow any one coming from say 10.1.X.X to access the site unchallenged?

Thanks,

Mo

Gotcha.

Can you set an expiration date on a subscription?

Thanks,

Jess

I installed the ASPProtect.NET project no problem.  I am using VS.NET 2003 on Windows XP SP2 (and fully patched).  I am able to build the project successfully, however I cannot debug the project.  I get an error "Unable to start debugging on the web server. The project is not configured to be debugged."  The web app runs fine just browsing to it.

I know this is an isolated problem particular to this project.  I have MANY other .NET projects that I can debug without any problems.  I have tried going into IIS and turn on the debugging for server-side script debugging and making sure my IIS application setting were configured correctly.

Can anyone shed any light on this at all?  Christopher, is there any reason I should not be able to debug this?  (i.e. the aspprotectlicense.dll)

Thanks,

K

Its not on their end. Using ASP alone you really won't be able to send more than around 300-400 individuals emails at a time before things will time out. Its just that ASP is not an efficient way of sending email and it never will be.

You really should look into worldcast like I mentioned before.
http://www.fairlogic.com/worldcast/

Then just export the email list from the database into worldcast and send out the newsletters.

You will get much better results and perfect newsletters and it really only takes a little bit longer to do each time once you figure it out. That is how I send out my PowerASP and CJWSoft newsletters and it works perfectly every time.

ya, that firewall could mess that up.

just edit which ever style include you are using
(with a text editor)

it will be one of these depending on your settings.. and they are located in the "scripts" directory

view_album_style1_inc.asp
view_album_style2_inc.asp
view_album_style3_inc.asp

find this section of code and remove the part in red


If Last_Counter_IP <> Request.ServerVariables("REMOTE_ADDR") Then
 
 Set CmdUpdateCounter = Server.CreateObject("ADODB.Recordset")
 cmdTemp.CommandText = "SELECT " & tbl_label_albums & ".* FROM " & tbl_label_albums & " WHERE (Album_ID = " & Album_ID & ")"
 cmdTemp.CommandType = 1
 Set cmdTemp.ActiveConnection = ConnGallery
 CmdUpdateCounter.Open cmdTemp, , 1, 3
 
 CmdUpdateCounter.Fields("Album_Counter") = (Album_Counter + 1)
 CmdUpdateCounter.Fields("Last_Counter_IP") = Request.ServerVariables("REMOTE_ADDR")
 
 CmdUpdateCounter.Update
 CmdUpdateCounter.Close
 
 Album_Counter = Album_Counter + 1
 
End If

http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal

>>I should also mention that the paypals scenarios used in ASPProtect can not be tested using PayPal's sandbox.

>>Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts) then you can log into the other and refund the transctions and of course it makes sense to use low amount like 1 cent and what not.

Yeah, been messing around with that.  Got everything going except the return page which I can't do until the site is live. 

>>Also, I'd love to see what you came up with with the integration. I have been working on it here as well and took it in a different direction as I plan to sell directions for it as an add-on for aspprotect.

Ok.  Will email you with a username and password for access to the site once it's live. 

Sounds like a great add-on for ASPProtect!

Christopher

Found this but I dont really know what to do with it or even if its the right thing.

<%
'=========================================================== ==================='

' Application:     Utiity Function
' Author:          ; John Gardner
' Date:         & nbsp;  20th December 2004
' Description:     Used to check the validity of a postcode
' QueryString:     None
' Version:         V1.0

' Required routines:        &nb sp; None
                    
'----------------------------------------------------------- -------------------'

function Check_Postcode (byRef strPostcode)

' This routine checks the value of the form element specified by the parameter
' for a valid postcode.

' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf

' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.

  Dim strPostcodeRegExp(2)   ' holds the regular expressions for valid postcodes
  Dim intCount        &nbs p;      ' For loop counter
  Dim strPostcodeCopy        ' Copy of postcode
 
  ' Variables used to hold regular expression object  
  Dim objRegExp, objMatches, objMatch
 
  ' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
  strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"

  ' Expression for postcodes: ANA NAA, and AANA  NAA
  strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
 
  ' Exception for the special postcode GIR 0AA
  strPostcodeRegExp(2) = "^(gir)(0aa)$"

  ' Copy the parameter and convert into lowercase
  strPostcodeCopy = Lcase(strPostCode)
 
  ' Assume we're not going to find a valid postcode
  Check_Postcode = false
 
  ' Strip out spaces
  strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
  Check_Postcode = False
 
  Set objRegExp = New RegExp
 
  ' Check the string against valid types of post codes
  For intCount = 0 to Ubound(strPostCodeRegExp)
 
    ' Check next pattern in list
    objRegExp.Pattern =  strPostcodeRegExp(intCount)
    If objRegExp.Test (strPostcodeCopy) Then
   
      ' Post code found. Ensure input parameter is in correct format.
      Set objMatches = objRegExp.Execute (strPostcodeCopy)
      Set objMatch = objMatches(0)
      strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " &  Ucase (objMatch.subMatches (1))
     
      ' Show that we have found the postcode
      Check_Postcode = True
    End if
  Next
 
  ' Ensure that the uppercase postcode gets returned if valid
  If Check_Postcode Then strPostcode = strPostcodeCopy
 
End Function
%>

regards

John

Sorry, there is not any documentation on that.. it is basic asp/database work and customization like that is not supported. I recommended looking at what is already there and using that as a guide to produce more fields. etc etc

False alarm. Dumb user alert (both the classifieds customer and me).

When I test fixes, I need to be looking at the right Ad_ID to get correct results

I have noticed that during the file import, that some of the pictures get messed up.  I can import aroun 150 pictures into different albums, say 3 albums with 50 each.

I have noticed however that some of the get messed up.  What is happening is...the thumbnail will be correct, but after you click it the picture that shows up is one form a different album.

Any cure for this?

all I can say is try other things...  like

mail.yoursite.com

or

smtp.yoursite.com

etc etc etc

replacing yoursite with the name of your domain of course


the settings for sending email via ASP are no different then the settings you would use in outlook or something... except sometimes on the server level localhost works as the email server because they set it up to allow that

and of course those 3rd party emailing components need to actually be installed on the server

I Dont know... it shouldnt do anything like that.

if it ever asks to download a aspx or asp page its generally a server configuration issue not related to the actual code

provided you arent trying to grab the injectbanner page through an iframe call which is only for use with the javascript method of calling banners

My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work.   I've tried many different options - here are two that are the closest - but have issues:

1. If I use the settings:

email component: aspemail

Mail remote server: my internal server name

*no smtp authentication

email mail notification - my email address on my internal server

***I get the following results:

       I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.

2. If i try to change the setting to use the Hosting Website email server - I get the following results:  I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.

**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.

Please forgive any ignorance on my part.

Using the live demo, it seems that with the banner software my advertisers would only have access to reports, but no ability to upload banners, specify keyword triggers or zones, what have you. Is this correct?

The other thing I couldn't quite figure out, assuming I had a categorized directory on my site, is this system configurable to display different banners based on category? Perhaps through keyword triggers?

Thank you in advance for any assistance.

Our home page is not showing up gives this error:

Active Server Pages error 'ASP 0126'

Include file not found

/Default.asp, line 246

The include file 'elib/articles/home_feature1.asp' was not found.

you basically have to edit the html in the links in the various pages and remove them... some are in includes files

use a text editor and be causious / back things up before you remove links so you can revert back