Blog Entry: 3/25/2006 4:30:08 PM
Hi -
We are trying to set up ASPProtect 7 so that the user is redirected to a specific web page based on their group membership.
For example, immediately upon successful login:
Group 1 members are directed to page A
Group 2 members are directed to page B
Group 3 members are directed to page C
Users will only ever belong to one group.
We tried to use the Redirect_URL feature but it causes the browser to loop.
Could you let us know exactly how to do this. We are not ASP programmers and need to work from an example.
Thanks!
, After turning off the friendly errors, here is the detail.
Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/users/register.asp, line 16
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
ANSWER:
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&K W=Disallowed+Parent+Path+
lancem38310.6408101852,
Bingo! that did it. Somehow the data must have gotten corrupted.
Hopefully that will do for me. Seems like everything is humming along and looks great!
Thanks again,
Laura
, Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, Access Database Password
By default all of the Access Databases we give out have a default password of "temp"
The Default username that and Access database uses is "Admin" but you should not be concerned with that except in your connection strings.
The default password for the Access Database can only be changed using Microsoft Access to do so. If you have security concerns it would make sense to change the password. The help system built into Microsoft Access best explains how to do that.
cwilliams38403.6820833333, Hi - When I try the mass email feature, I get an error that says:
ODBC Microsoft access driver) too few parameters expected 1
/aspprotect/password/admin/send_mass_email.asp line 280
Oddly...this feature works fine when I use the original admin user that you setup.
But I setup another one with my username and password (not test) - because I was afraid anything with "test" could get deleted.
Any ideas on why the new admin userid would not work? Note: I have not change any code from the original installation.
, You really should just look at the documentation that came with the application. It tells you everything you need to know.
it is in the docs folder in html format.. it is also linked to from the aspclassifieds website
http://www.aspclassifieds.com/demo/docs/
, People who have the option pack have a new feature called groups.
Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customers older protection code.
A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.
Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.
For example..
You make 8 groups and assign users to them accordingly
Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any one of those groups would have access..
Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 2-8 would have access..
Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 3-8 would have access..
cwilliams38114.800775463, Here is what I have in settings.
| ServerSoftware |
Microsoft-IIS/6.0 |
| ServerName |
www.107threnegades.com |
| ServerProtocol |
HTTP/1.1 |
| PathInfo |
/gallery/gallery_admin |
| PathTranslated |
d:\hosting\arisky1\gallery\gallery_admin |
|
|
| FILE SYSTEM OBJECT |
Installed |
| ADODB (ActiveX Data Object) |
Version: 1.2 Installed |
| CDONTS |
Version: 2.80 Installed |
| SMTPMail |
Not Installed |
| JMail |
Not Installed |
| AspEmail |
Not Installed |
| AspMail |
Not Installed |
| SAFILEUP |
Not Installed |
| Dundas Upload |
Not Installed |
| ASPImage |
Not Installed |
| AspJpeg |
Version: 1.4.0.1 Installed |
| ImgWriter |
Not Installed |
|
|
| Script Engine |
|
| Type |
VBScript |
| Version |
5.6 |
| Build |
8515 |
I do not even see ASPUpload listed but when I run the test_asp_components.asp from the extras/more_component_info folder, it shows that it is installed.
, No rush, I have it out on the internet, but have not gone live with the site yet.
Thanks for responding,
Enjoy your well deserved break
, Okay, so I copied the txt file into the export file and tried the import users option and it timed out on me as well.
Would it be easier to figure out if you were able to look at the iis server?
, There was nothing wrong with the server configuration. It turned out that the problem was that I disabled the email notification of new user registrations that I continually receive. That appears to disable the authorization email to new users as well.
One other issue. It appears that AOL email addressee's are not getting the authorization email. Does AOL have any blocks to CDONT generated emails?
, I have tried everything to get your CJWSoft code working..I purchased the auto listings software and I am stumped, and actually you stumped my hosting provider, my database is stored in the database directory on the root.
I have even tried your ASPtest and still cannot connect. My have connected other databases without an issue on this same host, I have named a DNS Auto for my database and ponted to that in my code but get the following error you see at http://www.burkesauto.com and even when i try you test script found here at http://www.burkesauto.com/asptest.asp .
cwilliams38145.8522800926, You have old code I think.
It's probably because his password used with your encryption key by chance creates a single quote and messes up the database query
A notice went out about this. I will PM you the latest download with the updated files.
, lets get back to using the forum and not the pm's please only use the PM's for sensative information. its too hard for me to keep track of all of this as well as help everything else when I got an inbox full of pm's
Ok, so you say no paypal subscription info is being put in the database at all.
I know we have a bunch of people using the paypal subscription code with no issues so I know it works but obviously you got something wrong.
It could be a few things.
Did you enable IPN in the paypal system and put in a postback url like my directions say ?
Are you sure you are not getting paypal single payments and paypal subscriptions mixed up ?
Are the paypal links you made for paypal subscriptions in the correct format like are directions state ? That is critical and another example of something important that you have not shown me.
Did you populate all settings correctly for our paypal subscription code ?
This includes a correct and valid postback url because if that is not right paypal cant communicate with the aspprotect system and no info will get posted back from them at all.
You say your upgrade went well but if you did all all field names perfectly there could be issues with that.
There is just way too much for me to figure out under free support with the info you keep providing me.
I dont think we are going to get anywhere unless I go into your system and spend a considerable amount of time checking everything out. That is not something I do under normal support so if you are interested it is going to involve a fee paid via paypal. It's probably going to take me a while to check everything out and I need you to be 100% sure IPM is enabled in your PayPal account. If you are not sure how to turn it on search their help system as they have plenty of documentation on the process.
, ok, that is what you are suppose to do... not having that path info set can cause all sorts of trouble., no, that only applies to random pictures and stats..
The issues you are talking about usually relate to issues created by switching back and forth between a local install and a live server install and not being careful about changing the paths in the settings depending on where you are running it from.
For example.. it trying to use a url at the server level that is only valid when you are running it locally
cwilliams38394.7554976852, I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database.
How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'?
cwilliams38417.7773032407, Christopher,
Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.
Darrell
, I'll give it a shot within the next day or so. I'm busy with a few other things right now. You're right about just saving a copy before I start. It can't really hurt anything.
Thanks Chris. I'll let you know how it turns out.
-john
, Hi Chris,
Thank you for your prompt response.
Our current project requires alot of customization.
Yes, the error is probably a data problem and not due to your code, because we needed to make modifications to the database. But that's why debugging would be helpful.
Basically our intent to modify the asp protect code stems from the fact that our client doesn’t want certain fields to be recorded or to appear: address, city, state, zip etc…
We are happy to be able to modify the HTML, but we also want to modify some other default behavior, such as which page opens when the "cancel" button is hit in the editaccountinfo.aspx page.
, You are not supposed to use "../" with a virtual include
Thats goes against what a virtual include is and makes no sense.
When using a virtual include you give the path as if accessing from the root of the main web / virtual directory
I find it very hard to believe it ever worked like that and if it ever did it was wrong.
cwilliams38434.6703356481, ok, well that should not be a problem then.. its meant to be able to be put in a folder like that.. just make sure the folder is not a subweb or anything like that... meaning dont set the folder up to have its own application in IIS. Just use a regular folder of course that is part of the root iis application.
Perhaps you just didnt edit the paths in the settings like I mentioned., yes, like macnap says.... you have to protect your ".asp" pages the way the directions tell you to...
and like in the "example" protected pages we provide
or they will not be protected and nothing will happen as far as ASPProtect goes
I guess I just didnt understand what you were talking about
, Ok I used the following for the sql string.. is this correct?
SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE (User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = '-1'" & ")"
, You cannot use server mappath in the connecting string of the application. If you want to know why read my article.
http://www.powerasp.com/content/hintstips/physical-path.asp
Make your connecting string just like in my example.. do not use the oledb connection string either as it will cause other problems.
If you need to find out the path to the mdb file you can use server.mappath to get that info but do not put server mappath in the connecting string. See my article again.
then if the database folder has proper permissions and the path to the mdb file is valid it will work... otherwise you get useless errors, its really that simple.
You also may want to download ASPTest from www.cjwsoft.com it is designed to show a person how to setup a working data connection., Than you 
I'm happy after changing to XML parser for two of the ads. Later I'll change the other codes to XML, never to use iframe again!
, Sorry Chris,
It didn't fix it. Looks like I had the current code. I bought the system in mid-April. The version says 3-10-2005.
I do know that in the database, the password shows as " éG" but in the error code, it shows as " éG". The square character is missing.
Thanks,
Mick
Edit: well heck. It skips the square box here too. The password in the database puts a square box in front of the éG
,
|
These Settings:
Picture upload feature settings. |
| Use_Picture_Upload |
< = value=True name=Use_Picture_Upload> Check this if you will be using the picture uploading feature. |
| UploadDirectory |
< size=60 value=C:\Inetpub\virtuals\aspphotogallery.com\Web\demo\pictu res name=UploadDirectory>
Example: "C:\Inetpub\wwwroot\ASPPhotoGallery\pictures"
Ask your server admin if you are not sure.
This directory needs proper permissions for the SAFILEUP component or the VBSCRIPT solution to work correctly. It basically needs to same permissions as the database directory would need when using Microsoft Access. |
| PictureURL |
< size=60 value=http://www.aspphotogallery.com/demo/pictures name=PictureURL>
Example: "http://p600laptop/ASPPhotoGallery/pictures"
This is the web URL of the the upload directory specified above. |
| Use_SAFILEUP_Upload |
< = value=SAUP name=Upload_Solution>
This option will enable file uploads using a component called SAFILEUP which is high end upload component available from www.softartisans.com. It is far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_ASPUPLOAD_Upload |
< = value=ASPUPLOAD name=Upload_Solution>
This option will enable file uploads using a component called ASPUPLOAD which is high end upload component available from www.persits.com. It is also far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_DUNDAS_Upload |
< = value=DUNDAS name=Upload_Solution>
This option will enable file uploads using a (FREE) component called DUNDAS UPLOAD which is a high end upload component available from www.dundas.com. It is also far superior in performance and reliability compared to the VBSCRIPT file upload solution.It is highly recommended for a busy site. If you enable this component and do not have it installed on your web server you will cause an error. |
| Use_VBSCRIPT_Upload |
< = value= name=Upload_Solution>
This option will enable file uploads using a pure VBSCRIPT solution. It requires VBSCRIPT version 5 or higher to be installed on the server. The solution usually works fine, but has been reported to cause memory leaks on XP machines. |
, Hey, I thought I'd share this tip with the ASPProtect community...
If you'd like to remove, modify, or add fields to the "Users" view in
the password_admin default.asp page, it's really easy to do. Well, at
least it was for me. I'm using an MS Access database, by the way.
For me, I don't need "Company" info, but I do need last access and # of
times accessed displayed. Therefore, I had to change the default page
in three areas:
In /password_admin/default.asp, go to about line 185 or so, where you see stuff like:
[code]<td valign="bottom"><font face="Arial" color="#000000"
size
="2"><b>First Name& lt;/b> </font></td> [/code]
OK, those are the column headings. Each one corresponds to a column
from your USERS table in your database. There are two more areas to
consider, both of which appear immediately after this section.
The next section has statements that look like this:
[code]<td valign="bottom"><a href="<% =THISPAGE
%>?SORTBY=First_Name+ASC&MyPageSize=<% =MyPageSize
%>&Keyword=<% =Server.URLEncode(Keyword)%>"><img
border="0" src="../images/sort_ascending.gif" Alt="Sort
Ascending"></a><a href="<% =THISPAGE
%>?SORTBY=First_Name+DESC&MyPageSize=<% =MyPageSize
%>&Keyword=<% =Server.URLEncode(Keyword)%>"><img
border="0" src="../images/sort_descending.gif" Alt="Sort
Descending"></a></td>[/code]
See the "First_Name" items? The first is for an ascending sort, the
second for a descending. This particular line corresponds to the code
snippet immediately above it. But all this does is handle the sorting.
For the actual data, look lower for this stuff:
[code] <td bgcolor="<% = Cellbgcolor
%>"><font face="Arial" size="1"> <%=
CmdListUsers("First_Name")
%& gt; </font></td> [/code]
It's a good ways down, so don't be impatient if you don't see it in 10
lines from the end of the last mentioned section. This stuff handles
the display of the data from the database (where else ya gonna get
data, anyway?)...
Now, to remove a field, you need to find the three sets that go with
that data. The ascending/descending sort is potentially the trickiest,
because it's the longest set of data and can take a number of lines.
Just clear it from the start td to the end /td and you'll be fine.
To *add* a field, copy and paste the code from an existing field and
modify it. In the first one, the column title, you can type whatever
you want to describe your info. Nobody but you and your admins will see
it. For the next two sections, though, you need to get the correct
column heading from the USERS table and use that to correct the lines
in the copied code you pasted in.
For example, when I added a column to show the number of times a user
logged in, I copied the above snippets and pasted them in where I felt
the column I needed should be. Then, in the first one, I changed "First
Name" to "Logins". In the ascending/descending snippet, I changed
First_Name to Counter. Same for the last snippet.
The result? A new column, showing the number of logins my users were successful with.
Of course, before you experiment, back up your existing default.asp file, JUST IN CASE.
Have fun!
, That is actually normal and supposed to be like that.
You have the current version.
ASPVendor is a VERY simple application meant to work with PayPal shopping cart that runs on their server. It is based off the ASPClassifieds core code. There is only one version and highly doubt there will ever be another., I have noticed that during the file import, that some of the pictures get messed up. I can import aroun 150 pictures into different albums, say 3 albums with 50 each.
I have noticed however that some of the get messed up. What is happening is...the thumbnail will be correct, but after you click it the picture that shows up is one form a different album.
Any cure for this?
, (FREE) Nov 23 2005 Update Files
If you purchased ASPProtect Version 7.x before Nov 23 2005 then you can download these Update Files.
(These are non-critical updates.. only update if you want the described changes below)
These updates do the following..
- Make the Tabs in the Admin area move up and down as you navigate around so they look more like tabs used in a file cabinet.
- Updates the import/export process so the tab delimited text files created now store the passwords in plain text instead of encrypted. I have been thinking about this one for a while now and I think it is better this way as it was confusing a lot of people. If can also kill the whole process if by chance the encrypted output of a password contains a line break of sorts. There is no way to deal with that scenario so this is way the import/export process is going to work from now on. This also means you should be VERY carfeful about leaving export files lying around as they will have the passwords in them.
- Updates the "expected_paths.asp" in the data folder because the paths it was generating had an extra "data/" in it.
- Updates the users page so it will not show the import/export link if you have not entered a path for the export files in the settings.
- Adds an Activity Tab if using the Activity Tracking features instead of the links it used to put on the users page that most people didn't see.
To install these just copy them in over the old files.
Now of course back up your existing files so can revert back if there is a problem or you do not like the changes. If you made any custom changes to any of your pages use your head and realize that copying these in over your existing files will overide any custom changes you made. (that is your business, I am just warning you)
2005-11-23_163025_ASPProtect_v7_11-23-2005_update.zip
, I have set up a user to be redirected to a different page when logging in for the first time.
I assumed this function would count the number of times a user has logged in. When the login count was greater than 1, the user would be taken to the default.asp
This isn't happening. The user is always redirected. The user login count in the database is now 9.
What am I missing?
, You would have to carefully edit the asp code in the "add_new_account.asp" file. It you look that file over with a text editor it is pretty easy to see where the text to edit is. Just make sure you edit it in the section for the email component you are using. Back the file up before you make any changes to it so you can revert back if you mess anything up., I am brought to a logon page in which I cannot access the page. This must be due to the check_user_inc.asp include. Without the include I get a blank page.
, I get this error, Any ideas?
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.
/guestbook/save.asp, line 109
, Whenever you are running software that can block scripts from certain things you are going to have issues like this.
I imagine many complex asp scripts you will download will do things like this as well.
A highly doubt it is anything to worry about regarding people that use your site.
ASP code delivers standard html to the browser... nothing weird goes on as far as that goes.
This system has been sold for 6 years and this is just not something to worry about. Trust me.. though you may want to tone down black ice so it doesn't give you issues as it tries to block various things.
If I were you I would do some google searches on black ice and issues with it blocking asp scripts.. etc etc
Now, if you are running black ice right on the server that a whole other story and something you as a server admin need to decide what to do about. I doubt that is the case as black ice is not probably suitable for a commercial webserver but I just thought I would throw that out there.
, you dont want to use the virtual smtp virtual server method... you want to use a real remote email server with valid MX records..
ultimately though after all that is going is it is out of the hands of the asp code and it becomes issues other then the code sending the email... regarding to whether or not emails get blocked by certain organizations
For example:
I have many aol users sign up for various systems I have running without issue. I use CDOSYS with my own server mail.cjwsoft.com which has proper MX records set up.
I would also try to determine the difference between blocking and spam/junk email filtering. It is impoirtant to truly know what is going on.
Sometimes adding more information to the body of the emails going out will eliminate the junk mail filters from gettings the emails.
Then you have the various open relay lists that places like AOL use. If your email server or IP sending the email is on those lists for spamming you do not stand a chance. That is all out of the hands of the ASP code.
, Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS?
,
Timecard Entry: 3/25/2006 4:30:09 PM
Realrockfm.com: Added Jock bios (had to type quite a bit), deleted old playlist and concert information, scanned jock photo and created a portrait for site., BARTER: Burligton P&R site design research/W3C 4.0 standard research, Lunch, EWmail, Phone, Checked my emails again and responded to a few. , calling ppl finding out status of projects. getting info together, had a couple people with general connection problems. a user that couldnt' surf, research/admin, apex army, koytte computers to verify meeting- answer mail, daily reports, lunch well coffee down by the river, TI Comm Team Mtg, more modem problems. checked a lot of settings
, finished spreadsheet for payroll and emailed it to Carol, Special cleaning detail VIP got 8:30 mtg, 661245-66246, Went to the bank to make the deposit and tax checks, Finish TICC payroll, Downstairs discussing Neighborhoodsupermarkets.com w/Amy, Backtobasicspetfood.com w/Lisa, and dynamic framesets for thousandislands.com w/Tom, check voice mail/email
Space age pools - set up meeting- Gambles- create work order for secure form
Jermiah Graves-set up storefront and proposla infomationParty Renatls- spoek with Loir- delete some info - Jefereson countty teachers center- will opay for hosting
Leo Coleman- left message , gave to lisa
, start 107568 end 107578, team meeting, Traffic Reports, phones, still busy, Spent most of the day Getting CORTLAND mls numbers and pictured renumbered the way they wanted... this was really difficult and I eventually figured out ways to do it.
OSTEGO DELEWARE people are here and I waited around to help them and meet with them.. and then nobody would let me talk to them... AND THEN STEVE and a bunch of them leave me here and go eat lunch without me..., Managers mtg. at CREG Systems, get po's and work orders for dns and tch stuff... , Calling people back. Answering e-mails. Answering tech questions., helped another user with modem problems. Had a billing problem, check voice mail- confirm screen with Linda from Watertown chamber
,
