Blog Entry: 3/25/2006 4:42:23 PM
I have written asp.net application pages- obviously i knew what viewstate was, or else when they made a mistake on that page it would not have saved their filled in info. Same thing for after they submitted, when they hit the back button their info would be gone.
For someone who wrote this software it seems you are not able to do simple things. Im begining to think you didn't write it. The only reason no one else asked this many questions is possibly because they didnt NEED the functions i am TRYING to do.
I know how the log boxes work. Esp. reg ASP... they all allow you to enter your username and password and then when you hit submit it gets verified and transfers you to your destination. ASP.NET has that capability also.. i didn't purchase a program to go and have to re-write it in visual studio. It would take me longer to re-write YOUR code than it would to have LEARNED ASP.NET and made MY OWN.
The program seems to have some great complex features, however, your not able to incorporate this easy login from a diff. page function... fishy
, If you need to know how to enable them on your test server.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1
,
that is good news... good guess on my part I guess
anyway, try this for your latest issue.
http://support.cjwsoft.com/code/code_info.asp?TID=340&KW =%2D1, ummm.. ok.. Then this doesnt make sense. On two out of the three machines I have in house here, the images do not show up. They only show up on the server machine. I am using the constant url on all three machines. www.rfamilystuff.com Does it show up on your?
, When did you download the ASPProtect Version 7 zip file ?
what did you enter as a wrong password to make that happen ?
does it it do it when other wrong passwords are entered ?
cwilliams38452.722037037, Chris,
2Checkout.com has added to their required cart parameters:
https://www.2checkout.com/documentation/newparameters.html
Do you have a version of 2checkout2.asp that will support these?
Thanks,
Nick
, yea.. keep us posted... thats weird, If the physical path isnt right and the permissions are not right it just plain will not work. You will not get an error.
If the filesystem object is disabled on the webserver it will not work either.
Something has to be wrong.
Please start a new thread when the topic changes.. thanks
It helps to keep the forums organized for other users in the future.
cwilliams38454.6146180556, Christopher,
Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.
Darrell
, thats actually just the xml parser component barfing out on you.. it can't handle the load of being called so much on that server
you might want to try some of the other methods of calling banners, You can't do that. ASPProtect 7 does not work with ASP.NET.
It is a classic ASP application. As the web site states it can only be used to protect ".asp" pages written using vbscript.
ASP and ASP.net are completely different animals.
Thats why we have a .NET version.
http://www.aspprotect.com/more_info_net.asp
, Hi, I am wondering if I can redirect users with "GROUPACCESS"
just like access levelS. I tried to redirect using both "Groups"
and "GROUPACCESS" example below:
<%
If Session("GROUPACCESS") = "1" Then
Response.Redirect("group1.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
I could only get the Access_Level to actually redirect. Is
this something the option pack supports? If so, any words of
advice?
, ok, well that should not be a problem then.. its meant to be able to be put in a folder like that.. just make sure the folder is not a subweb or anything like that... meaning dont set the folder up to have its own application in IIS. Just use a regular folder of course that is part of the root iis application.
Perhaps you just didnt edit the paths in the settings like I mentioned., When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
Thanks
, OK, thanks.
Nick
, I'll give it a shot within the next day or so. I'm busy with a few other things right now. You're right about just saving a copy before I start. It can't really hurt anything.
Thanks Chris. I'll let you know how it turns out.
-john
, Thanks for that. The upload size is just as effective and possibly a better solution to maintain server space.
What about individual gallery permissions. So only 1 member can post in only 1 gallery. I have a forum of 500 plus members so if they want to add a gallery than setting a permission would be idea for each gallery.
, Hello,
for an admin..
you view albums for a user.. make a new album... then click manage pictures
for a regular user you log in.. go to user user area.. create an album..then click on manage your albums
, OK, I updated the server with the SP 8 Jet updates and this had no effect.
Then I loaded the asptest file and put in the correct path. The results were:
Failed: Database could not be connected to....
Error reported from server:
Error source: Microsoft OLE DB Provider for ODBC Drivers
Error number: -2147467259
Error description: [Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x784 Thread 0x854 DBC 0x2101014 Jet'.
, It works. Thanks Chris.
, Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.
In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.
' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30
Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.
, I have a need for more than the current number of custom fields currently available in the registration form. Is there a documented method of adding additional fields or am I not able to do so?
Thanks,
Dave
, It sounds like permissions... to the database folder specifically
they are not correct
It could also be that your odbc drivers are very new and you are not using a new enough version of the access Database. I recommened using the 2002-2003 verison of MSACCESS
Now.. if using a SQL Server Database permissions to certain tables are handled in enterpise manager
cwilliams38303.5892708333, (Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Instructions:
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<tr>
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<td valign="top">
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
newsletter ?</font></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
</td>
</tr>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
End IF
End If
End If
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
else
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
End If
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Response.End
End If
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
, well, you should probably be backing up the SQL database on a regular basis. That is between you and hosting company. If they let you connect via SQL Enterprise Manager you can do backups on your own.
As far as the aspprotect files and folders go back them up somewhere, and then only worry about backing them up again if you change some of the files.
That's really all there is to it. None of the ASPProtect files change on their own except the generated log files that you may or may not care about backing up.
I mean the important thing is the Database, and then of course any your own .asp pages that you protected as well as any custimizations you made to the users area or your site...
, Did you do what that thread said so you see a more detailed error ?
Can I see the site and look around.. ?
I just am not sure what is going on from what you are explaining ?
If so private message me with the admin account details and tell me what to do to reproduce the error. ,
If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.
<center>
<table border="0" width="400" height="200" bgcolor="#000000">
<tr>
<td bgcolor="#F4F4F4">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<div align="center">
<center>
<table border="0" bgcolor="#C0C0C0">
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<p> <input type="submit" value="Login"></p>
</center>
</div>
</form>
</td>
</tr>
</table>
</center>
, I'll try to help when I get back tues night,, see the contact page for info on where I am
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry
, I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.
Regardless,
What you want to do... logging them in under https and then having them continue though the site under http is not possible.
It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.
In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).
Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.
If you want them logging in under SSL you need to keep them under SSL.
That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.
, Hi, Its just a generic error that really doesn't mean much of anything except that something wrong with your data connection.
http://support.cjwsoft.com/code/moreinfo27-1.htm
could be invalid permissions on the database folder... could be any number of things
when setting up your connection I suggest going dsn-less.
http://support.cjwsoft.com/code/moreinfo9-1.htm
It is better/faster and also a lot easier to set up.
, like I said you made changes to something to cause that...
users/user_area.asp
runs fine the way it ships "it is one of things I tested earlier when I looked at your installation for you"
If you want I'll go look via FTP and tell you what is wrong
cwilliams38456.1069212963, I am using VS 2005, when i go to new project in visual basic folder asp.net web application is not there..
Can i add it somehow?
, well, ultimately it comes down to this and this is stated in the footer of every page in the cjwsoft family of websites.
"In some cases in order to receive proper tech support your application will be need to be installed on a live professionaly setup server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine."
and if you have some sort of weird timeout going on on your local machine and cant even give me a detailed error message there is just no way I can possibly troubleshoot it... I told you what to check and thats really all I can do... all my applications run on XP. As a matter of fact I do all my development on XP boxes.
It could be any numbers of things... odbc drivers, versions of vbscript... other software on the pc interfering such as antivirus script blockers like norton... all sorts of issues can pop up on personal machines running xp
If you put this up on a live professionally setup web server I can help you. On your local machine there is only so much I can suggest. , I have noticed that during the file import, that some of the pictures get messed up. I can import aroun 150 pictures into different albums, say 3 albums with 50 each.
I have noticed however that some of the get messed up. What is happening is...the thumbnail will be correct, but after you click it the picture that shows up is one form a different album.
Any cure for this?
, Chris,
Well some good news
! This from my hosting company this morning...
"
I'd say that the vendor is right so I've submitted a work order to
create the *****.com/aspnetprotect directory as an application.
If there are any other directories for which this needs to be done,
please let us know. This particular task always needs to be performed
by our staff.
If you need to follow up on this job with one of our on-line or phone
technicians, you can reference ticket id 11860.
With regards
"
Thanks for your help thus far
Andy
cwilliams38455.5654513889, Okay, this also shows at the bottom of the import/export page
I've got the IUSR account with modify permissions on this data folder as well. Is the "this directory needs change permission" line just a general reminder?
Files are being stored in "D:\missourirealtor.org\members\aspprotect\data\export\\"
This directory needs change permissions for the anonymouse webserver account.
Those permissions can only be set by your hosting company.
These features will not work without those permissions being set.
, also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ????
Ya, you must have tried to upgrade from a really really old version like you said which wouldnt really work out because those instructions are specifically for upgrading a version 6 database to version 7.
That line error you had was looking for the User_ID field and I bet the version you had was so old that you didnt have a field named that as a few years ago the field "ID" got renamed to "User_ID"
As for all the cool stuff... yup there is a lot of cool stuff in this version... glad ya like it so far
