Blog Entry: 3/25/2006 4:57:47 PM
It should be released sometime late May 2004 or early June 2004 but no gurantees as I am pretty busy right now with some projects.
There will be upgrade instructions and it should be a fairly easy upgrade.
, SQL server hotel ehh ? Humm that sounds bad whatever that is ?
Is that a real term or just something you named it cause they have like a zillion people using that SQL server? I have never heard of that name ?,
After turning off the friendly errors, here is the detail.
Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/users/register.asp, line 16
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
ANSWER:
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&K W=Disallowed+Parent+Path+
lancem38310.6408101852, how would anyone recommend i go about setting a different expiration date for each group a user may belong to?, well, I think John just told you what the deal is. He knows more about ASP.NET than anyone else I know.
If you are going to run a non-standard setup then you are going to have big problems like you are having. , you password protect an asp page in your site "where that is is up to you"
http://support.cjwsoft.com/code/moreinfo171-1.htm
then you link them there from your own pages
thats all there is to it
is that what you are asking?
Additionally...any page you password protect automatically becomes a login page... where you want to start and where you send them after or before login is something you have to handle on your own
Any pages you pasword protect will prompt the user for login info if they are not yet logged in that is.
Then once logged in it returns them to the same page they are showing the page content as it would normally appear.
cwilliams38455.7128356481, If you have found out that parent paths are disabled on the web server you can still use the application.
Before you continue.
If it is your server consider enabling parent paths to solve the problem.
If it is not your server consider asking them to enable parent paths for your web site to solve the problem.
If that is not possible please download this zip file.
2005-02-20_150703_aspprotect_v7.x_alternate_include_file_pat hs.zip
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.
The zip file contains the following folders and files.
Below is the contents of the readme.txt file which explains everything.
The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.
(parent paths enabled) - This is the way the application comes.
The files in this folder have FILE server side includes containing "../" information. While these includes will work when the applicaion in is any location of a website they will not work if parent paths are disabled on the web server. Generally you will want to use these on your xp development machine. You can of course use them on your real server if parent paths are enabled. Parent Paths are now disabled on II6 by default and some hosting company will not enable them.
(domain root)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in the root of your web domain. For example if your domain was called "www.somedomain.com" the following aspprotect files and folders would end up like this
"http://www.somedomain.com/check_user_inc.asp"
"http://www.somedomain.com/password_admin"
"http://www.somedomain.com/users"
(domain directory)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in a directory called "aspprotect" in the root of your web domain. For example if your domain was called "www.somedomain.com" the
following aspprotect files and folders would end up like this
"http://www.somedomain.com/aspprotect/check_user_inc.asp"
"http://www.somedomain.com/aspprotect/password_admin"
"http://www.somedomain.com/aspprotect/users"
You can change the name of the "aspprotect" directory but you will will have to edit the includes in the files.
Lastly, if you are on a local machine and insist on using the VIRTUAL INCLUDES you would also use the (domain directory files) even though you dont have a domain on your local machine most likely
For example if your site was installed like so.
"http://localhost/aspprotect/check_user_inc.asp"
"http://localhost/aspprotect/password_admin"
"http://localhost/aspprotect/users"
cwilliams38403.6836342593, I just made a new admin account and I still can not log in using it ?
Did you by chance edit the code by adding LCID info or something like that ? Something is just very wrong.
The simple example protected pages can not even be logged into ?
, Umm, if your using MSACCESS your using MSACCESS
SQL server has nothing to do with it.
, Ok...thanks., works fine now
, I am sure its permissions as well, but I don't have that much access to the hosted server...lol.
I will use access for now, since it works fine, and try to talk with the hosting people later.
Thanks!
, Hi,
1. Two months ago, we have set up to use the Subscription services exclusively for all new members and renews. and removed the regular payment service, a carry-over from v6.
2. Many from the "pre-subscription" service have yet to expire, thus have a populated expiry field.
3. With a 10 month bridge before we get all the members onto the Subscription service the "Send email to users that are soon to expire."
is used to remind these.
3. When members RENEW using the subscription service, the Expiry Field is not Nulled and they become targets for future reminders although they have renewed as Subscribers.
XYZ signed up on Nov. 05 2004, we send him a reminder in Oct 2005 and he renews as a SUBSCRIBER. His expiry date field is not nulled and he will keep getting notices although he has paid for another year.
Hope this is clearer... Thanks
, I wasnt talking about the date for a banner ad.. I was talking about the date field in the database for a USER if there is one (I dont remember if that app had date fields for user or not and I am not at a computer to take a look)
If you do not know how to directly open up and edit the database then yes you should just make a new user, at this point I would say install a fresh untouched copy in the web in a different directory and lets see if it acts weird from scratch.. the we can go from there.. I dont know what is going on
, Hi,
In my search for a product to administer my banners I came across ASPBanner. In my site:
http://www.lovenest.co.il I have 3 locations for banners:
In the top section a big banner and a small banner
At the bottom a serie of 5 banners.
My question: is it possible to place a list of banners (let's say 8 banners) and randomally pull 5 banners each time the page loads?
If yes please explain in detail.
Thanks.
, Chris,
I understand. I set it to a lower number that will hopefully be a good balance for the user. I am simply AMAZED at what your software does and I thank you for all you have done.
Jess
, you dont want to use the virtual smtp virtual server method... you want to use a real remote email server with valid MX records..
ultimately though after all that is going is it is out of the hands of the asp code and it becomes issues other then the code sending the email... regarding to whether or not emails get blocked by certain organizations
For example:
I have many aol users sign up for various systems I have running without issue. I use CDOSYS with my own server mail.cjwsoft.com which has proper MX records set up.
I would also try to determine the difference between blocking and spam/junk email filtering. It is impoirtant to truly know what is going on.
Sometimes adding more information to the body of the emails going out will eliminate the junk mail filters from gettings the emails.
Then you have the various open relay lists that places like AOL use. If your email server or IP sending the email is on those lists for spamming you do not stand a chance. That is all out of the hands of the ASP code.
, There was nothing wrong with the server configuration. It turned out that the problem was that I disabled the email notification of new user registrations that I continually receive. That appears to disable the authorization email to new users as well.
One other issue. It appears that AOL email addressee's are not getting the authorization email. Does AOL have any blocks to CDONT generated emails?
, I checked the option pack code as well and it looks correct.
I tested it and it acted as it should.
You can see it in active at the live demo
http://www.aspprotect.com/demo3/demo.asp
admin
test
go the the admin area.. you will notice 3 users with level 4 access
1 of them is inactive
then go to the mass email area and pick active and level 4
it will say it is sending email to 2 users which is correct
then go to mass email again and pick level 4 and inactive
it will say it is sending email to 1 user which is correct
choose any status and access level 4 and it will send email to 3 users which is correct
When you do this please realize you can not choose a group as well.
That will cause a problem because you can not choose a group and an access level at the same time.
Anyway... perhaps you can private message or use the contact us form and and let me take a look at your system. Since I can't reproduce the behavior that is the only way we might figure this out.
cwilliams38104.690787037, Is there an easy way to make this work with reoccurring a monthly or yearly subscription?
, The links to view that info are on the main users screen of the admin area.
Down below...
They wont show up unless you have that stuff enabled in the settings screen as well.
,
I was told by my ISP to use localhost and it should work and it does not. It does not require authentication to send e-mails.
Any other ideas?
Thanks
, You can't do that. ASPProtect 7 does not work with ASP.NET.
It is a classic ASP application. As the web site states it can only be used to protect ".asp" pages written using vbscript.
ASP and ASP.net are completely different animals.
Thats why we have a .NET version.
http://www.aspprotect.com/more_info_net.asp
, Is there a way to set various members to upload a limit of photos. So, one member can only upload 5 photos in 1 album and another can upload 30 photos in 2 albums. Even if you just set a permission for the number of uploads for each member.
Thank you
, Chris,
Thanks for the reply. It all makes sense.
I have gone with your first option but here is the problem:
I have moved the password protected page from the detail page with the
querystring to the straight .asp page. This obviously fixes the
previous error.
Once someone has logged in they are then presented with a list of links
to the previously protected pricelist detail pages (example -
"somepage.asp?ID=3""). They are then able to access the pricelists.
The problem is that if someone copies the pricelist URL they are then
able to pass it on to someone else and bypass the password protection.
If I also password protect the pricelist pages then someone will have to login twice.
Is there some code that i can add that will simply check that they have
logged in otherwise kick them back out to the protected .asp page.
All code in your documentation tends to open the login page regardless of whether you have previously logged in.
Thanks,
Stuart
, If we wanted to user groups, is the "Access Level" in the User setup the same ID as what the group access would be? Ex. If John had Access Level 4 and the page specified <% GROUPACCESS = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
I'm asking because there is no Group Access Level in the user setup. Thanks
, I am sending you a PM with the new download url
see instructions above for what to do with it, You should not have single quotes around the "-1" because Album_Active is not a string field in the database. It's true/false or bit field in the database depending on the database you are using (MSSQL or ACCESS)
I'd do it a little more like this I think.
SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = 1"
I took out the parentheses as well since I dont believe they are needed in a simple case like this
but is hard to say unless your the one testing it... my version might have a mistake as I am a little rusty with my SQL at the moment
also: in case your wondering...
depending on the situation and the odbc drivers the 1 and -1 should work either way but sometimes it's picky and you have to do it one way or the other
cwilliams38433.0564930556, I'll send you something..
, Its a great idea. I didnt really check the counter until the album started working. Its a great concept though., (User Search & Contact Mod) for ASPProtect Version 7.x
This will allow an individual user to search for other users as well as email or call them.
Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.
Directions:
Back up your existing ASPProtect installation.
copy "search.asp" into your "users" folder
2006-03-10_143253_User_Search_Contact_Mod.zip
Direct your users there. They will have to be logged in to view the page.
WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.
, You not getting a blank page.. you getting an error. You just can't see it because it appears you edited the page background to black.
error '80040211'
/aspprotect/scripts/emailing_subs_inc.asp, line 174
, Hi Chris
Unfortunately the bl**dy server was down and unavailable for 17 hrs so I couldnt even get to see what the settings were!
It is on, the relevant users appear to have all rights for the data/tempstats folder.
I'm guessing you're going to suggest turning it off and see if the problem still appears.
Colin
, The only major usability issue I've found to date is multi-zone banners. Cloning is helpful to a point, but then if you have a change to that banner, you have to make the change 6 times or what have you. I think, even at the expense of speed, multi-zone capability for a single banner would be excellent addition. Of course, that supposes I haven't just missed it and it's already there.
cwilliams38453.6665509259, ok, well that should not be a problem then.. its meant to be able to be put in a folder like that.. just make sure the folder is not a subweb or anything like that... meaning dont set the folder up to have its own application in IIS. Just use a regular folder of course that is part of the root iis application.
Perhaps you just didnt edit the paths in the settings like I mentioned., ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/aspprotect/password_admin/default.asp, line 287
I'm doing an upgrade from an OOOOOOOOOOLD version (not sure if it was 6 or not) and it read my database OK prior to adding a new user. Now I get this error message. I was able to run the password encryption function OK, but I still get this error when I try to view the password_admin stuff. I can log in via the "get_me_in" asp page just fine, but I get the above error.
If I try to log in with my admin account, I get
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/aspprotect/password_admin/check_admin_inc.asp, line 166
*****
OK, my question is this... if I retype all the info from the old DB into a brand new one, never before used, that would work, right? I only have 108 users, so that's about an hour of work. Or is there a 5-minute fix that I can try? I've done some messing around that got nowhere and returned all edited files to their original state, with the exceptions of the ones calling the DB location.
I'll start the C&P process and await your reply... 
On a side note, I really love the new format and am excited about the new features. I'm not married to upgrading the DB and if copy and paste is faster (I just need first name, last name, username, password, email, and expiration date), then I'm using v.7 that much faster.
cwilliams38457.6090509259, Riiiiiiiiiiiiiiiiiiiiiiiight.
Even though I have a big disclaimer that the account is totally
worthless without someone paying to activate it, the new IDs keep
coming, about 3 a day.
, Whenever you are running software that can block scripts from certain things you are going to have issues like this.
I imagine many complex asp scripts you will download will do things like this as well.
A highly doubt it is anything to worry about regarding people that use your site.
ASP code delivers standard html to the browser... nothing weird goes on as far as that goes.
This system has been sold for 6 years and this is just not something to worry about. Trust me.. though you may want to tone down black ice so it doesn't give you issues as it tries to block various things.
If I were you I would do some google searches on black ice and issues with it blocking asp scripts.. etc etc
Now, if you are running black ice right on the server that a whole other story and something you as a server admin need to decide what to do about. I doubt that is the case as black ice is not probably suitable for a commercial webserver but I just thought I would throw that out there.
, ((TITLE EDITED BY ADMIN))
it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.
Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...
,
Timecard Entry: 3/25/2006 4:57:47 PM
Daily routine, phones, email, radlog, dial up issues., noc...pretty quiet....knock on wood.., Boys and Girls Expo, Lookup DSL Orders, for Status, Company Brochure, Answered phones... pretty dead, meeting with Jeff Woods, vermont internet: layout and content development, Worked on a customers computer, installed IE5 and OE on it. Old computer, was really slow installing and running, but it works now., Posted accounts and did a detail of check and did a detail of check and cash for a bank deposit. Credit card authorization, ans. phone, coupon referrals, and customer inquiries., email, system logs, check on ns1, mpts1, cartman, return calls, Thanksgiving holiday, Was at seminar in Syracuse with Linda. , training, John Janesik re: dialup access, emails and voicemail upon my return-Called Nextcom and talked to Kyle about moving the rest of the phones to watertown, tried to reach STAT to be sure that they programed the upstairs at the Brownell building., Also checked email and online reports., Ate, syracuse business fair, timecards, Printed timecards,gave out paychecks, Talked with Steve about a project that I will be doing tomorrow with Tara that he will help me get started on. Continued to read in my ASP book and I sent an email to Paul again about my school project, Track down IP address conflicts, PERSONAL TIME, Talked to Steve about Build Yer Own Web Site, NNY Builders Exchange site, and my concerns over the demands on Crispin's time., Answered 2 voice mails, Calling new users, busy rush at 11...go to bed people, Co Design,
