Blog Entry: 3/25/2006 4:50:15 PM
Yup, thats the problem I was having. I can get it to work if I don't do through the dl stream, but otherwise it prompts to save or open it instead of loading it in the browser.
I did read the change on making the content public instead of private so I think that will work for know...
, I am still a little confused... one thing I would like to mention is that the passwords in the aspprotect database are encrypted... meaning you cant just add a password to the user database by hand because it wont be the encrypted value and wont work.
It is something the application takes care of when you add a user via the web based interface.
You can however still add users manaully or with careful import/exporting... but you will have to use the existing password conversion technique which is covered at the end of our upgrade instructions in these forums.
http://support.cjwsoft.com/code/moreinfo174-1.htm
Basically you want to add a field to the "ASPP_Users" table called "Old_Password" and that is where you enter the password in plain text. Then after you are finished adding users to the database manually you do this.
You want to run a special page via the browser.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
Which will convert the passwords to the encrypted value for you.
See the bottom of this thread for all the info on that.
http://support.cjwsoft.com/code/moreinfo174-1.htm
,
Ok.. glad you got it working., humm, I am curious
If these people are employees and sales reps why are are you using expiration dates at all ? and why the renewing issues... etc etc
I am sure there is a reason but you did not explain.
it might help me to better understand and possibly think about new features for new versions in the future., Hi,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
, sounds like the data/export folde does not have permissions, If you would like me to, I also have no problem going into your machine real quick via remote access and setting permissions / putting the right connecting string in there for you.
I need to go in as an administator though to set the permissions.
, That is by design and how it is designed to function.
There is no easy way to do what you are asking about.
Can it be done ?, sure!!
But it is a lot of custom coding to sort it all out and not something we support.
If I were you I would simply edit the login box screen to show some hyperlinks and options should a person need to use them. , Hi,
I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.
I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?
Thanks
S
eeye38447.0388541667, ok thanks, (customer replied aug-sep 2005)
OK, you have old code then... I will send you some updated files that you can try.. let me know here if it solves the problem. , Here is an example of a query I made in MSACCESS that deletes all users that belong to Group ID of 3. I used the graphical query designer in MSACCESS to do this. Took a few minutes.
DELETE
FROM ASPP_Users
WHERE (((InStr([ASPP_Users]![Groups],"*3*"))>"0"));
Because of the way groups are stored in the Groups fields you have to use the InStr function to determine if the user is part of a particular group
We are deleting all users that of Group ID of 1 so we look for *3* in this example
The SQL statement for a MSSQL database may be slightly different but the general Idea is the same
The SQL statment used in an ".asp" page will be very similar as well.
SQL Statements are the TRUE POWER of working with databases. They are something everyone should learn to work with because they allow you to do some very powerful things., Its not on their end. Using ASP alone you really won't be able to send more than around 300-400 individuals emails at a time before things will time out. Its just that ASP is not an efficient way of sending email and it never will be.
You really should look into worldcast like I mentioned before.
http://www.fairlogic.com/worldcast/
Then just export the email list from the database into worldcast and send out the newsletters.
You will get much better results and perfect newsletters and it really only takes a little bit longer to do each time once you figure it out. That is how I send out my PowerASP and CJWSoft newsletters and it works perfectly every time.
, how di I change the currency dollar sign to gdp pound sign ?
I need all my tranactions in gdp puund sterling to use on paypal
regards
simon
, Dear Support Team
I have read and Installed your v8 banner software
exactly as explained on XP pro which contains other asp working app.
I have problems with the " Application " and " Session" in your scripts
things that make the iis fall dead.
also in the file asp _unlimited_config.asp
you have exlained that every thing must be kept without the "" marks.
well i get http 500 error cause of it.
Please advise
Thanks
Ran
, Yea.. that error is totally because the asp pages are looking for fields in the database that are not there.. and causing a nasty loop.
if using the option pack you must go over the directions very carefully...
Make sure everything works step by step..
After upgrading to option pack code you either need to upgrade the database from the base system or use the newer database provided with the option pack.
Then.. you want to test every function of the groups.. if pages act slow and seem odd... especially the groups page and edit users page..
Then your not using a valid database. Either you didnt upgrade the old one, are not using the new one, or your connecting to an older verison by accident and not realizing it.
That's pretty much it...
cwilliams38300.5555671296, Need to clarify something..
Your talking about the page where a new user registers right ?
Your not talking about adding a new user from the admin area ?
Either way under no circumstances do I see anything like you are saying happening nor has any other ASPProtect user ever mentioned this probem.
I am going to need to see your site and see this happening. It just makes no sense the way you are describing it.
Also. did you edit the registration page code in any way. If so please revert back to an original copy to ensure this is not some sort of problem introduced by editing the code.
cwilliams38164.8115046296, How to bring up the Code Generators
Simply go to the zones screen.
Select a Zone from the list.
Check the "Show Banner Code" option.
Click on "Display Banners in Selected Zone"
, Hi,
I have just one quick question, I know this works with Paypal but does this work with Merchant Account?
How difficult it is to make it workable with Merchant account? I appreciate your answer.
Thanks.
, Please be more specific. What hit count are we talking about ?
User Logging ? Albums ? Something else ?
Please descriube the situation in detail. There are really no settings for any sort of hit count.
, Chris,
When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.
All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.
I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP. I hope I expained the situation well enough.
, Here is the complete page with the error message:
============================================================ ===
Unspecified error
This means there is most likely a problem with the "ConnectionString" info that you specified.
If you are using a DSN-Less Connection with MSACCESS.
Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.
ConnectionString = "DBQ=C:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"
If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.
If you are using a System DSN
It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.
============================================================ ===
I am the only one on the site since I just transferred the files and in the testing phase. It is using an MSAccess DB
,
Ok, set up a new web.config in root, with just the suggested code.
that worked to get this....
Configuration Error
Description: An
error occurred during the processing of a configuration file required
to service this request. Please review the specific error details below
and modify your configuration file appropriately.
Parser Error Message: It
is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.
Source Error:
Line 409:
Line 410:
Line 411: <authentication mode="Forms">
Line 412:
Line 413: <!-- DO NOT CHANGE UNLESS INSTRUCTED TO DO SO -->
|
Source File: D:\hshome~aspnetprotect\web.config Line: 411
any ideas?
Andy
, Yeah sorry you are right. It works for me
http://www.rottys.net/gallery/default.asp?CatLevel=2&Cat 1_ID=5
, I dont know about the unspecified errors. I really need more detailed information. (Since it has been working fine for quite a long time you might want to consider installaing the application from scracth again and see if you still get errors)
As for the log in not persiting. Did you by chance turn off cookies in your browser ? They are required for forms based authentication to function. Otherwise, yes you would need to log in to each and every page as you moved around.
cwilliams38414.6054166667, (User Photo Upload Mod) for ASPProtect Version 7.x
This will allow an individual user to upload a user picture instead of just the admin.
Notes: This is a down and dirty mod. The user upload code was copied from the admin area and there are no safeguards. Meaning there is no limit on the file size a user uploads and there is no confirmation process in case something they upload is inappropriate. etc etc etc
If you want that you will have to work on that on your own.
Directions:
Back up your existing ASPProtect installation.
copy these files into your "users" folder
2006-01-24_111305_User_Upload_Mod.zip
, Excellent.
Payment now taken in £.
Pasted <input type="hidden" name="currency_code" value="GDP"> into
paypal_signup/paypal2.asp
Thanks Folks.
, No luck...this is the message
Return To Import / Export Screen.
Active Server Pages
error 'ASP 0113'
Script timed out
/members/aspprotect/password_admin/upload_post.asp
The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools.
, humm
expiration dates in the aspprotect system are not used at all when using paypal subscriptions.. all date handling is done on their end actually
and they of course send notices from their system to the user regarding their subscription and when it renews,cancels, etc etc
so I am pretty sure any errors with that would have more to do with the info you used for the subscription setup and possibly any paypal settings associated with it
its hard to say at this point
The smart thing to do I think.. would be to sign up someone using another PayPal account (your allowed 2)... and while doing it be very careful about the subscription setup data.. and then as soon as the subscription is created review all the info in the paypal system and see if the length of the subscription / expiration.. etc etc in the paypal system info looks right..
at least then you can begin to troubleshoot what is going on...
, Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO
, "do you know a way around the BinaryRead problem with ASPProtect?"
Let me rephrase:
Do you know a way in which ASPProtect can be modified to get around the BinaryRead problem?
Thanks,
Michelle
, not sure, I havent used 2005 yet
seems like the process should be fairly similar.. you'll have to figure it out
I am going to order a copy of it., sure (XP PRO), see my article on that
http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp
, ok, that does not work but that still is not enough to help me troubleshoot.
I'll probably need to look around in your admin area and check things out in order to figure anything out.
I will also need to see the protection code you put on that page exactly as it appears.
PM (private message) the admin usersname/password to me if that is ok with you and I will check it out
it's really the only way I can help with an issue like this. I have to make sure you didn't do something wrong and then go from there , that is because passwords in the import/export files are encrypted.. if you make one of your own you need to use the rc4 function in the "config_inc.asp" to encrpyt your passwords just like the aspprotect system does (requires knowledge of vbscript and integration into your export system)
now, there is a way around this
if you want to import a file you made with clear text passwords edit "import.asp" beforehand and change
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = UserArray2(5)
to
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = RC4(UserArray2(5), PasswordEncryptionKey)
that way it should convert your clear text passwords to encrypted while it does the import
this post also addresses this but in the reverse scenario
http://support.cjwsoft.com/code/code_info.asp?TID=261&PN =1&TPN=1
I hope this helps you because I really do have to leave the office like right now. Very late for a dinner meeting.
I should be back on the computer later tonight or tommoro morning
, New question...
When someone edits their personal information, such as address, is there any way to set it so that someone in the office can receive an e-mail noting the changes?
Thanks.
, (Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Instructions:
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<tr>
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<td valign="top">
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
newsletter ?</font></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
</td>
</tr>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
End IF
End If
End If
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
else
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
End If
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Response.End
End If
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
, I down loaded your latest ASPProtect.NET_v1.4 and now when i try to get in the admin area it won't let me in. The admin box is selected in the database under the admin user and i can update my user information (password and Address, not username). Is there something that was changed on this version or is it more likely user error on my part? What do you think i should try first?, Hello:
When using the Mass Mail feature and selecting the Users to ‘Active’ and the Access Level I want to send to the system will still send e-mails to the ‘Inactive’ users from the same Access Level.
In other words it sends to everyone in the Access Level regardless if you choose “Active” only.
Any ideas to correct?
Thanks,
-Ricardo
, Hi,
I wanted to see if you had any suggestions for converting from Access to SQL sever database. I attempted this earlier today performing the following steps.
1) Create SQL Tables using Enterprise Manager / SQL Scripts
2) Use DTS to move all of the existing table data to the sql tables.
3) Update dataconn_inc.asp to use SQL and the required connection string.
When these steps were complete I was able to login to ASPProtect as an admin and search / find both groups and users. However, any attempt to edit or create users resulted in a "the page ... had a problem ... " type problem. It seems that I can read from the db fine but and getting errors writing to the tables. The user id that is being used to connect to the db is the [dbo].
Any additional hints for this procedure?
Thanks
Darrell
,
Timecard Entry: 3/25/2006 4:50:15 PM
Phone calls came in waves..., Send Channel Partner Information to three new potential partners, *TaskForce: ColligoNet Development - User Object & Template Object Modification, Watertown to Clayton - 24 miles, 40 Miles - Gouveneur - Potsdam, worked on a better way of putting the reports online, add Garlocks to Hotlinks..., answered emails, read/responded to email, Configure BackupExec, Demoing PS 5.5 w/ Steve..., Review status of St. Lawrence Chamber and Watertown School District sites, Charts for Monday, helped one that couldn't surf. had an email problem, FAIRGROUNDS -PICTURES TAKEN -SET UP MEETING WITH LEO, TIITC DB Proj., WSTAR press conference, Read my XML book at home, on line and rad log, modem checks, stuffing envelopes and sealing, E-Mail, Voice-Mail, Packup, lunch, use vacation time..., Talked to Terri about the lack of work for her to do. Suggested she talk to Tim about taking on any of Melody's stuff., Went to Watertown for 401K meeting., TOWN OF CLAYTON FINISHING INPUTING INFORMATION AND WORKING WITH JASON ON CREATING GRAPHICS, Talked to Tim about the status of things and solutions for some things that are troubling me. , working on email and details for darrell for tommorow, Interview with Penny Collette., Switchboard, billing calls, emails, E-mail,
