Blog Entry: 3/25/2006 4:52:11 PM
(Password_Email_Confirmation_Mod) for ASPProtect Version 7.x
This will change the basic registration pages so that the email address and password entered must be confirmed when signing up. This eliminates the auto generated password during signup.
Some may prefer it working this way.
Directions:
Back up your existing ASPProtect installation.
Copy the two new files into your "users" folder
"register.asp"
"add_new_account.asp"
2005-12-01_182201_Password_Email_Confirmation_Mod.zip
, This server is sitting in my den on a DSL circuit, so I don't have a hosting company. The install for Windows 2000 server is with default settings for all components installed.
I am not sure what you are referring to when you say:
"Does emailing work under the simplest scenario ? (directly from the users screen"
What user screen?
What settings are you referring to that I may have chosen?
,
I'll try to help when I get back tues night,, see the contact page for info on where I am .
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry
, one more problem I see...
I think your login box on the main page is missing the hidden form variable
http://support.cjwsoft.com/code/moreinfo169-1.htm, 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , Ok, I was not aware of this domain controller issue as I have never had a customer have their web server set up that way. It is not a common situation under commercial hosting, thats for sure.
http://support.microsoft.com/default.aspx?scid=kb;en-us;3151 58
seems it was some sort of bug that was corrected in the the 1.1 .NET framework involving no ASPNET account being created. seems there are lots of work arounds involving making new accounts and editing machine config files. I found quite a few google articles as well.
http://www.kbalertz.com/kb_315158.aspx
http://www.15seconds.com/issue/030115.htm
I actually should have said "the framework installed" not "asp.net"
So, in the meantime I am asking John Evans what he thinks about this and I am going to ask you what version of the framework you have installed ? ASP.NET Framework 2.0 is the newest and you definetely should be running at least version 1.1 and probably should upgrade to 2.0.
I do not know why other ASP.NET code you have works ok. Your other code may not be using the odbc driver dll the same way ASPProtect.NET does. There are lots of possible reasons. At the end of the day I think the basic issue here is still a low level configuration/permissions issue and it can be corrected from what I am reading. It just may require a bit of trial and error regarding local and domain accounts and editing the machine config files... etc etc
, Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..
Same thing happens... certain passwords just do not work.
So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.
Here is an example.. see the screenshot below.
Username "admin" password "petepetepete"
The top query done in Enterprise Manager is valid and shows the user.
The bottom query is also valid but it does not show the user.
And that is exactly what is happening from the ASP codes point of view.
Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.
It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.
I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.
One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.
It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.
Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.
Your call..
, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks
, humm.. can I possibly see this happening ?
any changes to that part of the code ?
, Hi,
I really look forward to installing V7...
I would like to test V7 by copying my existing V6 to a NEW directory,
including the database with new connection, and using this duplicate to
do an upgrade for TESTING PURPOSES ONLY before commiting to upgrading
the main system.
Should this cause any problem?
Tx,
Leon
, I had a question about user registration and how it works, mainly because I am having a problem.
When a user registers, with the email verification setting, I am assuming that there is supposed to be a new record created in the USERS table in the database. What could cause this not to happen?
Actually, in testing further I found that with the setting at Auto, Manual, or email, the record is not added to the table. And, if I am logged in as admin, the Add User button does not do anything.
I can however edit and delete user records...
Hmmm, adding a Category yields the same thing. And loggin in as a non-admin user still displays some of the menu items for admin, but then gives a page can not be found error if you click on one (ie, approve).
This looks like a db issue to me, I will have to try this with access and on a test server...
Any thoughts?
- Jason
cwilliams38303.8507291667,
it has been 3 days since I logged myself in under Admin, and all the user information on the User Activiy screen seemed to be gone.
is there any specific length of period it refreshes its user information??
, All can say right now is take a break and get away from it for a bit. All your going to do is stress yourself out more if you keep working on it.
There is probably a way to make it work but it may require days of fiddling around and reading articles and trying things and even then you may not get it working AND THEN ITS JUST A BAD IDEA ANYWAY. Like John says you are better off running it on a server that is not a domain controller.
, It's real easy actually if ya sniff around the source code.
ASP is so easy to (work with/edit) even if you dont know any code.
edit "save.asp" with a text editor
change
If Request("First_Name") = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a First Name.\n\n")
End If
to
If Request("Company_Name") = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a Company Name.\n\n")
End If
From looking at that save code I dont see where Last_Name was required. The only name I saw required was a 1st name.
Also.. making the First_Name not required may break something somwhere else. I dont think it will but it might. You are warned.
cwilliams38326.5102662037, look in the "check_user_inc.asp" file
try editing this part by hard coding the body info you want to use
Response.Write("<BODY" & Application("BodyTagInfo") & ">")
I would also suggest reviewing the generated source code in the web browser and examining the html to figure out exactly where the body tag info you dont want is coming from
, who knows, thanks for your input, I am further than I was when I started talking to you!, If we wanted to user groups, is the "Access Level" in the User setup the same ID as what the group access would be? Ex. If John had Access Level 4 and the page specified <% GROUPACCESS = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
I'm asking because there is no Group Access Level in the user setup. Thanks
, Riiiiiiiiiiiiiiiiiiiiiiiight.
Even though I have a big disclaimer that the account is totally
worthless without someone paying to activate it, the new IDs keep
coming, about 3 a day.
, Thanks.
Nick
, I've got an ecommerce module that's running on it that uses access for the db. Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.
So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?
, OK.. I went with using ASPEMAIL. The above did not seem to work. No worries though, where there is a will (with options) there is a way.
cwilliams38394.7265162037, Trying to make sense of this. I am still confused. In the file config_inc.asp. I found the setting for "uploaddirectory". That entry looks like this [UploadDirectory = CmdGetConfiguration("UploadDirectory")]. I assume there is a config file where the value of upload directory is located.
The settings in the config_inc.asp file have not been changed. they are set to the way it was delivered. Is there a document that gives instructions as to what and where the config settings are to be changes?
, All of the fields with the expected paths show the correct file structure, so now I've put them in them in the boxes
, Perfect. Thanks buddy :)
eeye38433.0629976852, Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO
, Wonderful! Does it matter if I move the aspbanner logo, as long
as I keep it on the page? Or does it need to stay front and center?
Laura
, It probably is. You would have to look at the paypal documentation for IPN and see what needs to be changed in the form code.
You can get all that info from PayPal's website.
There are tons of variables and options you can use with all of their code.
They have detailed PDF files full of information on all of them.
cwilliams38459.9550925926, as far as sql goes if you follow the instructions with give for setting up a new database you shouldnt have any issues and permissions should be already set. because we handle that in the sql script we give you.. "its a good thing to look at and it is pretty easy to understand what is going on""
however using another account could cause permissions issues.."yes, even sa" basically the username your using needs datareader and datawriter permissions to all tables used by the photo gallery system and you probably have to go specifically set them usin ght e security tab for your database in enterprise manager. This is more of SQL server 101 than anything to do with the Photo Gallery Code so I am not going to get into it too deeply, but that is definetly the issue. Permissions...
cwilliams38303.6065740741, Thanks dude, I'll figure it out. I've been ripping apart pieces
of the code to get it. I'm in the process of pulling some things
out to make functions that do specific tasks based on your code.
I actually had a lot of luck yesterday with it.
, You are right.
I have SQL server.
From August to today I have used a very simple login system and now I come back to you for better.
I can insert, edit, delete users but it happens what I mentioned in my first message.
, Thanks for the install. After many hours I finally got part of the
system working. I can log in and log out as a user. My problem is I
want the pages
accesses by Members ONly. The database will contain the names of
the members and only they are allowed access, and no one else. I
tried Joe Blow to log in and it worked, the only thing is Joe was not
in the database and he should have been locked out and a page come us
saying something like "you are not a registered user, please complete
the membership application" and then link back to the root web,
application page.
I am also afraid of breaking the codes you provided thus far. I also
want the password protected pages in a sub-web of the root web.
This may sound like elementary stuff, but this newbie is having
constant trouble. I am also referencing books on ASP and Access
and VB and still come up with a dead end. Search the net and come up
with a few codes which are described as something I am looking for, but
dont want to add any thing like that for fear of breaking the whole
thing.
Any suggestions?
, I have ASPProtect up and running and I was able to log in with little to now problem after following all of the directions.
I imported my data base of users (approx 5300) into the access db, and now it times out just letting me log in.
I've got full access to the web server to make any changes on that end that I need.
any ideas?
, how about translating the error to english..
Looks to me off hand that it would have something to do with the SQL server itself not being run in an english lcid/format and causing some sort of date issue.
I would also suggest you start off with a brand new blank SQL ASPBanner database and make sure that works before you attemp t to import any data into it.
, Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properly.
The way to cure it is as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
If this happens a lot it is a server issue, not ASPBanner's fault.
cwilliams38415.0978935185, Thanks, I figured that out!
I managed to get the gallery running, minimally, on the test server, so now on to the real thing.
Thank you!
- Jason
, maybe this is the issue...
do you realize that the descriptive name you give a group is not always going to be the same ID in the database ? The two are not related.
Perhaps what you named Group 1 is really group ID 3
You can tell for sure by generating protection code for group 1 and see what ID it tells you to use..
You also need to remember that you are testing this with different users and it is really easy to get confused so you need specifically log off using the log off page to ensure session info from the previous login doesn't show up and cause confusion when you log in with a different user... etc etc
in addition to logging off that way you may also want clear the session and application info via the code at the bottom of my article
http://www.powerasp.com/content/new/displaying-session-and-a pplication-variables.asp
and do that in between any user you log in as
, humm.. their FAQ is interesting...it looks like some sort of .NET configuration issue regarding security policies like you mentioned
Thats one of the big problems with hosting .NET. Some hosting companies just do do some oddball things. ASPProtect.NET works under default conditions but when hosts go around locking things down to the max there is bound to be trouble. This is the 1st I have heard of this.
Now, ASPProtect.NET does use the "System.Data.OleDb" and "System.Data.Odbc" which your host says they block because they require full trust.
All I can really say at the moment is go with a hosting company like www.alentus.com or www.maximumasp.com that does not restrict your .NET abilities so much.
In the meantime I am going to ask John Evans what he thinks about this.
, The webpage header for CJWSoft states "Web Development for Win NT/2000 servers" - a little dated cause it works just fine on 2003 too, right? :), Just wanted to say how much I like the program! I hunted for days and finally purchased a Perl based product. After several days of goofing with it I gave up. ASPPhoto worked right on first install!!!!
Way to go!
, works fine now
,
Timecard Entry: 3/25/2006 4:52:11 PM
Travel to TaskForce - 7 Miles, Met w/Tim, go over work order to sign off on, Converting cnymn.com to new server , phones still busy, To Potsdam - 70 miles, worked on the numbers.txt file for Jim with all the new access numbers, TECH sup duties. Mantained radlog, callbacks, voicemail, online issues, ask us a question, assisted techs with issues., Paul and his schedule and Norm and the phones and where everyone will be sitting, FOLLOWED UP WITH BROOKLYN AND 6 OTHER BOARDS., Finished cleaning and studied more on A+ course and also read magazines from table. Very slow., i work hard, More NOC, lunch, ATM Burlignton Randy, Ed, Jeff W. , Helping Bill locate problem in his Soft Vendor project, Bayer (meeting), HTML research, worked on softMLS brochure; endured several time-consuming PC crashes, Driving back to Watertown., Creating a new write-up on how to perform the reports, go over training for upload manager/get info from Clayton, Trained Giselle and helped out Elaine, Heike and Chris when needed. Felt like a supervisor. I enjoyed it a lot, lunch, Shred papers, Riding with Matt back to Clayton., MEET WITH CHRIS PALERMO RE:SOFT PUBLISHER, Talked to a few customers, vaccumed and wiped down the monitors., bell contracts to ticc contracts, Checked online issues that were already taken care of. Took calls because it was busy. ,
