Blog Entry: 3/25/2006 4:24:08 PM
Ok, have contacted the web hosts. Thank you for your help so far
Regards
Andy
, Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111,
Hi,
Actually that is not a feature at this time. Only the admin can add an image for user. If you look at the code for that you could adapt it for individual user use fairly easily provided you are decent with ASP.
That feature will probably be added some day, but there was no time to add it to into the current version and I can not give you a time on when it will be added. The complicated part is making some sort of approval process in case a user adds something undesirable and also limited file sizes which is hard to do without somesort of 3rd party uplaod component being involved.
, If you are using an ACCESS Database try to avoid using a system DSN. They are much slower because they go through ODBC which then uses the Jet Drivers to access the database. They also have to do a registry lookup.
ttp://www.4guysfromrolla.com/webtech/070399-1.shtml
http://www.powerasp.com/content/database/dsn_vs_dnsless.asp
It's funny because in the 4guys article they ask the question..
"Hmmmm... so who was right, Microsoft or Wrox?"
I'll tell you who was right and who said it 1st. It was me and I said it on my old powerasp.com site before anyone else ever did.
I found it out on my own by experimenting when I was the Systems Analyst for an large ISP. We we had web servers that were not running well. I didn't read about this solution anywhere because no one was talking about it at the time. Microsoft said use System DSN's so everyone just took their word for it.
I took a lot of heat for saying that back in the day but over time everyone started saying it.
, I just told you a lot of different things to try... and I doubt you have tried them in the time since I mentioned them
, I am trying to import a database into my list of registered
users. When I go the import_export_manager.asp page most of the
content is missing. All that appears is the first 2 lines of text
and a box. The rest of the page is blank. I have tried this
under 5 different browsers on 3 different machines and on 2 operating
systems. I also ftp'd the original .asp file with no success. Any
clues?
, Is there anyway to limit the number of Albums each user can make?
, check permissions for the user you are connecting to the SQL database.
http://support.cjwsoft.com/code/moreinfo122-1.htm
That user may not have permission to make new data
Also, check all field and table settings manually by comparing them to the SQL creation script we provide. You may very well be missing auto increment and primary keys which would make adding new data not work.
It is most likely one of those two things.
, how di I change the currency dollar sign to gdp pound sign ?
I need all my tranactions in gdp puund sterling to use on paypal
regards
simon
, User Information
After a user logs in there are variables that you can always access.
They can be used to check various things or to display information
dynamically based on who has logged into the system.
Session("PasswordAccess")
Session("Access_Level")
Session("Admin")
Session("Active")
Session("Expiration_Date")
Session("User_ID")
Session("Groups")
Session("Redirection_URL")
Session("Password")
Session("Username")
Session("First_Name")
Session("Last_Name")
Session("Company_Name")
Session("Email")
Session("Address")
Session("City")
Session("State_Province")
Session("Zipcode_Postal_Code")
Session("Phone")
Session("Custom1")
Session("Custom2")
Session("Custom3")
Session("Custom4")
Session("Custom5")
Session("Custom6")
You can display them on a page at any time using Response.Write like so
<% Response.Write(Session("FIRST_NAME")) %>
or like this
<% = Session("LAST_NAME") %>
cwilliams38419.533900463, Hello,
If you see that when doing a view source then that code is not running.
I will need to go into your site and look as something is very wrong on a low level and I have no more ideas.
PM or email me the info and I will figure out what is going on.
I'll need ftp or frontpage access to the site.
I'll also need to know the urls for the asprotect system as well as the page you are trying to protect.
CJW
cwilliams38229.7996064815, You are not supposed to use "../" with a virtual include
Thats goes against what a virtual include is and makes no sense.
When using a virtual include you give the path as if accessing from the root of the main web / virtual directory
I find it very hard to believe it ever worked like that and if it ever did it was wrong.
cwilliams38434.6703356481, lmao ... ya that has never happend to me before....
,
|
These Settings:
Picture upload feature settings. |
| Use_Picture_Upload |
< = value=True name=Use_Picture_Upload> Check this if you will be using the picture uploading feature. |
| UploadDirectory |
< size=60 value=C:\Inetpub\virtuals\aspphotogallery.com\Web\demo\pictu res name=UploadDirectory>
Example: "C:\Inetpub\wwwroot\ASPPhotoGallery\pictures"
Ask your server admin if you are not sure.
This directory needs proper permissions for the SAFILEUP component or the VBSCRIPT solution to work correctly. It basically needs to same permissions as the database directory would need when using Microsoft Access. |
| PictureURL |
< size=60 value=http://www.aspphotogallery.com/demo/pictures name=PictureURL>
Example: "http://p600laptop/ASPPhotoGallery/pictures"
This is the web URL of the the upload directory specified above. |
| Use_SAFILEUP_Upload |
< = value=SAUP name=Upload_Solution>
This option will enable file uploads using a component called SAFILEUP which is high end upload component available from www.softartisans.com. It is far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_ASPUPLOAD_Upload |
< = value=ASPUPLOAD name=Upload_Solution>
This option will enable file uploads using a component called ASPUPLOAD which is high end upload component available from www.persits.com. It is also far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_DUNDAS_Upload |
< = value=DUNDAS name=Upload_Solution>
This option will enable file uploads using a (FREE) component called DUNDAS UPLOAD which is a high end upload component available from www.dundas.com. It is also far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_VBSCRIPT_Upload |
< = value= name=Upload_Solution>
This option will enable file uploads using a pure VBSCRIPT solution. It requires VBSCRIPT version 5 or higher to be installed on the server. The solution usually works fine, but has been reported to cause memory leaks on XP machines. |
, To finalize this thread.. a target was added to the form by the customer by accident thus causing the situation, Ok i am having an issue with my other comp. I have spent ANOTHER 3 hours researching this one.... it WONT START THE IIS SERVICE!!!
I get this error:
The service did not respond to the start or control request in a timely fashion
ANYWAY---
I decided to use one of my client's hosts; which happens to be Network Solutions.
ANYWAY again-
I uploaded the whole thing there and they advised me they cannot do the explicit permissions on that _database folder. This is what they said: I would also would like to point out that ASP.NET applications and permissions do not extend to any other folder, other than the root, (/htdocs/), and the bin, (/htdocs/bin/) folders. Sub-directories and folder after bin and htdocs will not have ASP.NET permission (read or write).
If you could move or reconfigure your application to save all your code behind, include and dll files onto the root or bin folder, your application could work or possibly run as you would expect. Please have this done and retest your application. If and when you get a different problem or another error after doing so, please let us know, and we shall be happy to help you troubleshoot any problems that you may have.
There is a 'create database option' where i can create a database..create a dsnname, user name, password and have to specify the database file name. Once i do this i need to place the database file (aspprotectnet2002.mdb) in the /db folder within the root. I also tried this and made the appropriate change in the web.config but it STILL DOES NOT WORK. I AM PULLING MY HAIROUT WHY WONT ANYTHING WORK.
ALL THE FILES ON ON THE ROOT OF THE WEB HOST. I PULLED THE FILES OUT OF THE _DATABASE FOLDER AND DUMPED THEM ON THE ROOT. I CHANGED THAT ON THE WEB.CONFIG BUT ITS STILL LOOKING FOR SOME .XML FILE IN THAT _DATABASE FOLDER.
I'VE BEEN TRYING EVERYTHING AND IT SEEMS THAT I CANT USE THIS SOFTWARE FOR THE LIFE OF ME
, >>1. What is telling paypal to return the info to the ipn.asp page for
processing? Is that something I have to set up in my paypal
account?
Nevermind on this question. I found the notify_url variable. :-\
Thanks,
Michelle
, yes, like it says it is expirimental
turn it off.. the banner system will run just as fast for the most part
or leave it on and an occasional user will see a permission denied error where a banner will be, Its a great idea. I didnt really check the counter until the album started working. Its a great concept though., someone has to do something other than me.. i've given up
if i give u the username/pw can you set this up on the network solutions host and ask them to set whatever permissions are needed?
cant do it anymore....
, its part of how the skins load.. regardless you got bigger problems here..
I am beginning to wonder if you unzipped the download correctly because I see things in folders they should not be in...
you should have ended up with a bunch of folders and files...
It you just ended up with a ton of files in one directory you did not unzip the zip file correctly... if so check your zip program settings.. I mean that error is because it is looking for a file in the skins folder that isn't there and it should be there
better yet, unzip the downloaded zip file using windows xp built in unzipping features which will do it correctly...
, Ok.. glad you got it working., okay thanks, Need to clarify something..
Your talking about the page where a new user registers right ?
Your not talking about adding a new user from the admin area ?
Either way under no circumstances do I see anything like you are saying happening nor has any other ASPProtect user ever mentioned this probem.
I am going to need to see your site and see this happening. It just makes no sense the way you are describing it.
Also. did you edit the registration page code in any way. If so please revert back to an original copy to ensure this is not some sort of problem introduced by editing the code.
cwilliams38164.8115046296, Looks great. I can't wait until this will be released. Will there also be an easy way to migrate my current version ?
Hans
, All fixed... I changed the remote server from localhost.omegaphibeta.net or whatever it said there to localhost
I sent a test email to myself and got it no problem
the error you were getting was email component related , If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure the page you send them to is protected by the "check_user_inc.asp" file.
<center>
<table border="0" width="400" height="200" bgcolor="#000000">
<tr>
<td bgcolor="#F4F4F4">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<div align="center">
<center>
<table border="0" bgcolor="#C0C0C0">
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<p> <input type="submit" value="Login"></p>
</center>
</div>
</form>
</td>
</tr>
</table>
</center>
cwilliams38411.453912037, 1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another? I am asking because there is only one table in the DB, and it is the "Users" table. So I am presuming that there must be other databases that are linked to the DB. Is this correct?
2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software? I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of.
, Hi,
I have just one quick question, I know this works with Paypal but does this work with Merchant Account?
How difficult it is to make it workable with Merchant account? I appreciate your answer.
Thanks.
, humm, yea thats a data connection error..
really not related to the asp code in the application for the most part.
that is low level
If using MSACCESS
I would make sure permissions are set correctly on the database folder (not just the database file itself)
I would make sure your using at least a 2000 version of the database. 2003-2003 format being better..
I would make sure the server has up to date mdac/odbc drivers.. (that is really the server admins responsibility)
As for permissions there are articles in our forums about exactly how they need to be set. Improper permissions can cause a ton of random errors like that.
cwilliams38414.6528240741, Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.
Thanks!
Rhona (rookie)
, Hi
I downloaded the .chm format installation documentation but when I open it I get the index but can't see any of the pages so am a bit stuck.
, Just having the database with members does not protect the page. You need to add the appropriate code to every page you want to restrict access to.
You need to click on the Groups tab in Admin.
Click on Generate PW protection code.
Click on the basic button if you don't want to include levels or groups or choose a level or group(s) and click the appropriate button.
Paste the code that's generated into the top of an ASP page in code view.
Is that what you're looking for?
Michelle
, I just installed ASPProtect on my site. The instructions were definately on the target. Very very good instructions.
But... Isn't there always a but ??? 
I needed to setup my site with MS SQL and it is hosted so I don't have Enterprise Manager. I tried the web based Enterprise Manager and any other one I could find. But, I kept getting errors when trying to use the SQL Script.
I finally had to go back to my work where we do have the licenses and get an SQL Admin to use Enterprise Manager to run the script and it worked finally.
I don't know if this is a common problem ??? But, maybe you would want to look at the SQL Server script or make a different version that would work with the Web Based SQL manager.
Thanks
, does emailing work at the simplest level.. ??
meaning does a user get an email when you send an email from the admin users screen ?
if emails are not sending it could very well be the setting you have chosen for emails in the settings.
the best thing to do is keep trying to send an email there and try different emails settings until you get something that works... even when I do installs for people I often have to try a lot of various things before I get emails to send.. like picking different components and trying different things for the email server address because what they tell me is often wrong
also, sometimes emails get sent but depending on where they go they may get deleted as spam.. aol, hotmail, msn, and yahoo are famous for that , Christopher,
Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software.
, ASPProtect v7 comes with working example code of protecting a file download.
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the file download by only allowing a logged in user to download it. The special ".asp" page we use the stream the file is password protected. It also hides the true location of the file so you can keep your files out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the html source they can not tell where the file really came from and they can only download if they are logged in and you offered them the link to the file.
For the file download protection examples to work you may need to edit some values
in the stream_download.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "download file name" from the download_link.asp file which is an example of how make a download link to the streamed download.
Lastly, we provide a working example. Now, you obviously may need to customize it to fit your needs. Please realize you are going to have to make special download links in your .asp pages and not only should you only show those links to people with appropriate access to download the files, but you should also protect the streaming download page accordingly as well as far as level, groups, and particular users. What I am saying is which files a particular user is allowed to download is not automatically handled by ASPProtect in any way. We give you all the tools to provide protected downloads to logged in users, but if you have complex needs you’re probably going to need to come up with a system that works for you. It's not really difficult because we did all the complicated stuff, but its something you have to sort out.
Perhaps someday in the future ASPProtect will have an interface to upload files and associate them with certain users. But at the moment it does not.
,
I just added this line to the paypal1.asp
page
<input type="hidden" name="currency_code"
value="CAD">
and it worked. Clearly other values can be entered for other currencies.
Everything was listed in this manual https://www.paypal.com/en_US/pdf/subscriptions.pdf.
Cheers
Roy
, I have accessed the "get_me_in.asp" page and entered the password encryption key. Once I entered it, I was taken to the ASPProtect Admin Area Login. It does not give me the option to create a new user as is described in the general installation documentation. How do I access the program now?, I had never noticed this before, but a customer sent me email to say that they had set up their aspclassifieds profile such that they be contacted by email and not by phone.
However, in their ad, their phone number still appears. The lines in view_ad.asp that check for True values for the Contact_Via_Email and Contact_Via_Phone before displaying that information seem to always evaluate to True, regardless of their setting in the database.
I'm using an Access2000 DB for this. When I open the DB in access, I see the checkboxes correctly unchecked for phone and checked for email. However, if I do a quick test to display the retrieved values in the view_ad.asp (<%=contact_via_phone%> <%=contact_via_email%> they both display True.
What gives? I have had nightmares with Access and its weird handling of true/false 0/1 yes/no fields, but this is driving me nuts.
,
Timecard Entry: 3/25/2006 4:24:08 PM
DMS Translations, travel back to watertown, timecards to take home to do, work on domains work that needed to be called some domain customers. , teched calls and author was not accepting passwords and it didn't go red, lunch- wasn't feeling well, went home, Meet with Paul Barton and Errol Flynn, on the phone with Bell looking for a ETA to return to service.......after a little waiting got 8PM......not good, Billing for Chris N, phone calls, More changes to ccbrmls.com....Jan Murray keeps finding things that she'd like changed., incoming calls, call backs, Extracting closed info from Niagara system., see above, setting up a network connection the conference room for Jim....he didn't have a viable network cable......then tells me he has his wireless working anyways, gogisco, Project Status Tracking System, getting/loading MS Office 2000 --looking for MS Project.....no luck, Timberview.com: changing graphic of trail map, per Johnny. BILLABLE (work order number?), ST. LAWRENCE COUNTY, assisted Robbie with tech support question, Started printing finished files, Trouble shoot server errors - John Janesik, Meet with Crispin re: cortland changesw, billing spreadsheet for designers/programmers, collected materials for Dave, Watching Randy configure a CiSCO 3600 router., meeting with concrete taylor- info for web site, PARENTS FLYING INTO SYRACUSE, Working with getting pdf creater to work on cma's from SoftMLS, Spent a lot of time on phone w/ Sithe Energies and Jim Crowley, faxing paperwork for them and faxing to Cortel. Database Design here and there.,
