Blog Entry: 3/25/2006 4:48:47 PM
Good Evening,
I have been trying to log into my site using the protected pages comments you have in support. I have copied the code in the ASPprotect 7 guide.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
and pasted it in my page, set the the IIS to open this page and the page will not open it and the page will not open and the error is
Error Type:
Active Server Pages, ASP 0126 (0x80004005)
The include file 'check_user_inc.asp' was not found.
/olem/reldt/introduction.asp, line 3
When I remove the two lines of code everything goes normally.
I have aspprotect in its own directory in the website. I have read the installation several times and I am afraid I am missing something blatently obvious so I really appreciate you thoughts.
I am presently using redirects. I like not haveing to use them as your comments have suggested. I have pulled all that code from the pages I desire to protect during this test.
I have three test users in my database - 1 administrator
Any suggestions?
Thanks and best regards
, MSACCESS or SQL server ?,
Chris -
I am encountering a problem with items showing up. When I click on a category and then select an item to view I get
THIS ITEM IS NO LONGER ACTIVE
DO NOT CONTACT THIS USER AS THIS ITEM HAS BEEN TURNED OFF
OR THE USER HAS SOLD THE ITEM.
I have verified the item has the item_active check. For giggles, I even unchecked with the same results.
Thoughts? , Sorry about earlier post in wrong area-
I have followed instructions to set up access levels (adding the
<% CHECKFOR = "4" %> for user level 4 for instance.) The database is connecting properly and the basic check for login is taking place, but it seems that all users have access to all levels no matter what is on the database; i.e I set up a test page with "checkfor=4" and all users have access to it, even those with lower leve access.
Any ideas?
Thanks , That was it - Thanks!, download the free version...
check out this tutorial...
http://support.cjwsoft.com/code/moreinfo169-1.htm
If your application can post to the page and provide all the form variables needed to log in it may work out for you..
You'll have to try it out... all the form variables needed are in that login form example.
Basically you'd be posting to a protected (.asp) page..
and providing the following for the most part.. how your app creates it post data is on your end...
<input type="hidden" name="Status" value="Checkem">
<input type="text" name="Username" value="Yourusername">
<input type="Password" name="Password" value="YourPassword">
As an alternate scenario...
Now, by default the "check_user_inc.asp" file is looking for posted form data... for security reasons it is not looking for querystring info..
If you change this bit of code in that file
from
Username = Replace(Request.Form("Username"),"'","''")
Password = Request.Form("Password")
to
Username = Replace(Request("Username"),"'","''")
Password = Request("Password")
It will then grab either form or querystring data...
Meaning you wouldn't necessary have to create a true post to the page with form data. You could just access the page via a querysting like so
http://www.mysite.com/somepage.asp?Status=Checkem&Userna me=Yourusername&Password=Yourpassword
Of course that introduces security risks as the username and password would be passed in plain text over the net
Another option is...
You can also make a copy of the "check_user_inc.asp" page called whatever with those modifications just to use in pages you need your little application to post to... thus reducing the security concerns a a bit as the rest of yoru site could still have its pages protected under the normal scenario.
I hope this answers your question... I havent really ever tried any of this but that is how I think it would work... ,
Hi Chris,
Alright. We figured out how to work with both C# and VB, by creating a separate VB web project in VStudio, and then passing the aspprotectnet.dll to the C# project.
Ok. I have another question:
How can our code determine the identity and user_id of the currently logged in user:
Is it Session["User_ID"].ToString() and Session["Username"].ToString()?
thank you
, I had both ASP Listings & Classified on the same website. The categories seem to be getting mixed up. I removed ASP Classified but classfieds categories is still appearing in the student of ASP Listing.
How do I fix this?
Thanks , Actually it would because you would just count records for that user that are also active
and yes, users cant delete albums.. they can only turn them off which really means the albums lose their active status
only the admin can truly delete an album the way the code is
(that's just the way I did it for some reason.. I don't remember why) cwilliams38433.0343865741,
I can no longer send e-mails to my configured accounts through aspbanner. It was working for over a year and now it stopped.
At one point I was using CDONTS_Installed but since I moved to a new Windows 2003 server I was told by my ISP that either one of these will work
but neither one works. Can some one assist?
JMAIL_Installed
ASPEMAIL_Installed , humm, I dont know then..
If you want PM me your site info and I will go in and troubleshoot.
Frontpage or frontpage access, either way
and also the site URL ,
If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.
<center>
<table border="0" width="400" height="200" bgcolor="#000000">
<tr>
<td bgcolor="#F4F4F4">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<div align="center">
<center>
<table border="0" bgcolor="#C0C0C0">
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<p> <input type="submit" value="Login"></p>
</center>
</div>
</form>
</td>
</tr>
</table>
</center>
, I assume so you can clean up users that register, but then never pay ?, I've downloaded this neat little app, but I'm having troubles understanding what I should be using. Cassinni or IIS, can you help? I've tried to look at the help, but it is very vague on what to use in each situation.
Any help is appreciated.
Cheers , Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.
In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.
Redirecting example..
This page will redirect admins or level 4 users to a certain page and anyone else to
another page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Admin") = "True" or Session("Access_Level") = "4" Then
Response.Redirect("sompage.asp")
Else
Response.Redirect("someotherpage.asp")
End If
%>
Redirecting example..
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
another page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Access_Level") = "1" Then
Response.Redirect("level1.asp")
ElseIf Session("Access_Level") = "2" Then
Response.Redirect("level2.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
Redirecting example..
This page will redirect user "PistolPete" to a certain page.
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("Username") = "PistolPete" Then
Response.Redirect("somedirectory/somepage.asp")
End If
%>
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
<%
If Session("Username") <> "PistolPete" Then
Response.Write("You do not have access to this page.")
Response.End
End If
%>
etc etc etc.... these code snippets should point you in the right direction...
, Yes, that was it! I had not created the banner for that zone yet. Once I did it came up fine. Do I win the Bonehead of the Year award?
I am just implementing the product, and I deleted the included zones instead of renaming them. That is why it is up to 6. I am migrating banners from my current system before I implement the code onto my pages.
If I may, I'd like to ask another question. I use rotation on all pages of my site except for the home page, where the banners are all smaller and static - an advertiser can expect their banner to always be in the same spot on the page.
I am currently hard coding this via html, but then I do not have the ability to collect stats on home page banner clicks, so I want to use ASPBanner. My question is, can I do this without creating a seperate zone for each banner? In other words, is there a way to modify the html code (that works just fine) so that in addition to indicating the zone, it can indicate the specific banner I want to appear? I would then paste the code in each cell of the table, and alter the banner #. If I do this with just the zone, I expect that the page will randomize the position of each banner across the page. You can see what I'm talking about by clicking here: http://www.PoconoCommuter.com/
Thanks for your help! , Sorry, not really.. not without a lot of changes to the code.
the recent activity info recycles.. it is not meant to be day by day
My suggestion there would be to look at both the log files and the user activty screens...
, I'm using version 6 upgrade and recently some of the users complained that their passwords are no longer working. I was able to replicate the problem as I also experienced the same thing with my account.
Once I reset the password thru e-mail (Forgotten your password?), I am able to login but it fails later. This is weird as I have an identical copy of the code running flawlessly  on my test server.
The only change which I made to the original downloadable code is by adding password encryption using Base 64 encryption.
Any ideas what might be the problem  , well, I think John just told you what the deal is. He knows more about ASP.NET than anyone else I know.
If you are going to run a non-standard setup then you are going to have big problems like you are having. , My client has a list of 13,000 members that
have already been assigned ID's and passwords with a
homegrown system.
When doing a bulk import, will we be able to retain the userid and password or will a new id be assigned during the bulk load?
Thanks in advance for your help.
, its one or the other... you cant protect upload.asp at the same time if upload.asp is included in another page..
I mean sure you can protect upload.asp from running when another page calls it by password protecting the page calling it.
And sure you can protect upload.asp by itself if it also runs all by itself. But you can not include the "check_user_inc.asp" more than once in any order of execution scenario. That includes pages being included.
Generally anytime a page is included in another that included page is not meant to run by itself and wouldn't produce any outcome if run by itself so this would never be an issue.
if you don't want "upload.asp" to ever be run by itself in that scenario put it somewhere in your web site that is not web browser accessible.
I would also suggest you look into using Virtual includes. It will save you a lot of time figuring out this sort of thing "../../../../../" becuase once you figure out the virtual include path you can use the same server side include from any directory level.
http://www.powerasp.com/content/code-snippets/includes.asp
, Did you ever figure out the process for VS2005?,
I am having difficulty properly securing pdf's using 7.x
I used the example file and have been able to secure images and word
docs, but the pdf's give users the error "There was an error opening
this document. The file cannot be found."
The kicker -- it works fine on my computer, just not anyone else's. I
put a link up to the same file without any security and that works on
everyone's computer. The word file links and redirects work too. I've
tried my log-in on other computers, then attempting to download the pdf
and that doesn't work.
The client wants a site where users must register before downloading
pdf's. They should be able to view all the pages without registering.
I don't know what I'm doing wrong. But I can't complete the site until this issue is resolved.
Help appreciated.
, I really can not support it because you made that modification and it probably directly relates to the issue your having.
There are many issues that can be caused when dealing with encryption. Sometimes the encrpted passwords can end up with problematic characters. etc etc Maybe the users are changing there passwords to ones that do that... after you fix them.. Its hard to say
I know as I had to sort things like out when I designed version 7 which has built in encrpytion.
It could be anything really.. since you made changes like you sorta need to figure out what is backfiring. There has to be a reason.
Chris , actually I just went to it again and it was somewhat slow coming up this time..
perhaps you have some issues with the sql database.
it should be instant.. like this one I run on my server
http://banserver.powerasp.com/aspbanner/
I suppose it could also have something to do with sql server resources but its hard to say..
cwilliams38319.7859722222, 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , I am an experienced ASP developer. Can you tell me whether this would be a very involved process, or whether it is pretty straightforward? I don't yet have a merchant account, so I am not yet familiar with any aspect of accepting credit cards online.
Thanks. , upgrade pricing is here
http://www.aspbanner.com/purchase_unlimited_v8.1_classic_upg rade.asp
what is different
http://www.aspbanner.com/v8_notes.asp
the changes to make it work with MySQL were vast to say the least
more on that from an old thread
http://support.cjwsoft.com/code/code_info.asp?TID=37&PN= 1&TPN=1
just please remember use of MySQL is just not supported
http://www.aspbanner.com/mysql.htm
I can assure you it works well as I have people using it
, Well, you cant have a login box on the home page when using ASPProtect.NET.. there is no way to make that work. I tried all day to come up with something and it is not going to happen. I suggest you make a login button and link it directly to the protected page you want them to start on. The redirect or link them whereever from there. Either that or write your own forms based authentication solution that works exactly the way you want it to or edit the code accordingly since you have the source. It is not a feature we advertise for the product regardless. It works the way it works. , I checked through the code and could not find anything as well.
However, I do think it may be related somehow to the code as I get the messages popping up in the error log only after I have edited a banner.
If there is nothing obvious, I may just set my error log to filter and automatically delete this type of error. Not something I prefer to do.
Thanks for the quick response.
Otherwise the program is working very well and I'm happy with it.
, you actually dont touch any of those
UploadDirectory = CmdGetConfiguration("UploadDirectory")
They get set from the config table in the database which gets edited in the admin area.
so...
I am talking about the settings area in the admin area of the applicaton.
Every setting there is descibed in detail. You get there and change serttings there via the web browser and by logging in as the admin.
Log in to the online demo as admin and check out the settings area if you are confused.
http://www.aspphotogallery.com/demo_pro.asp
, Okay, so I copied the txt file into the export file and tried the import users option and it timed out on me as well.
Would it be easier to figure out if you were able to look at the iis server? , YAY! I FOUND A BUG IN MY TESTING!!! Do I get a cool t-shirt or a coupon for Ben & Jerry's Ice Cream? 
Hehehe... seriously, thanks for digging deeper and spotting the error.
You got some mad skillz and some excellent service, Mr. Cwilliams!
, ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the image in 2 ways.
- We use Javascript right click disabling code that works in both IE and Firefox.
- We stream the image via a special password protected ".asp" page and use an image tag to call it. This hides the true location of the file. You can therefore keep your images out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the img tag html source they can not tell where the file came from. Doing all of this allows you to offer certain images only to people that are logged in.
All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.
For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.
Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41 , Oh, to clarify the above. We did not change any columns in your [Users] database or any other table., ok.. Chris.. I am now kicking myself in the butt. In the setting section, I had to redirect certain urls and directories to the right spot. I forgot that I renamed the root folder.
Thank you, thus far for your continued help. It is greatly appreciate.
, I have sent an registration email (as test) to both a yahoo account and also my own email server and in both cases I get the same issue, all else is working great. I am sure its somthing simple, perhaps I am over looking somthing else. the site url is www.rochestertek.us/asp/users/register.asp if this helps
Again thanks. , Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.
In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.
' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30
Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.
, It is common when testing a site that this happens because of the nature of session variables.
Admins have access to EVERYTHING so it is very important when testing different user accounts that you specifically log out... and then close every single browser window before logging in as a different user. This is to ensure session info from the previous user does not overlap in any areas.
(The session variable for admin access being the main one)
Under normal circumstances a user would not log in with many different accounts on the same computer this this would only be a problem for a developer who is testing.
So make sure you go to the to log-off page and log off.. then close all browser windows.. then test another user.
If all this is not the case then something else is going on and I will need more information. I pretty much know the level checking code for ASPProtect Version 6 is correct as there has been no reason to change any of it in over a year. I would have heard reports of problems with it. , ahhh ok.. I was going to wait till morning to answer this one..
glad ya figured it out
,
Timecard Entry: 3/25/2006 4:48:47 PM
Lunch, lunch, email, voicemail, call backs,,sale sheets for mls, softauto, softmarin, softvendor, readied money for Clayton, checked customer records in imail, filed customer records, finalized and submitted Staples order, met with Jim Meola of Service Master, trained with Jodi, continued organization of cc authorizations, answered phone - signups, cancels, changes, Introducing Anthony Pope to the Watertown Staff & giving him a quick tour of the Watn building., Researching setting up ATM for DSL and subinterfaces, research prices for U-Haul for VT trip, Pauls voicemail and emails to him with messages, lunch, Rather busy, probably because Heike didn't come in., emails, voice mails, struggling with frontpage to upload the map graphic (this is not billable). Finally restarted and it went through smoothly., Worked with Dave foster and Howard to get a temp site up for TICC, worked on budgets with Michele(my computer tied up all afternoon with virus scan), research Flash technology, java training, Spoke to Dick Fulton about his LAN problems, spoke to Gail Christiansen about her Wan Problems, dispatched Ed on the the Problem, spoke to Ed about wireless on SAM keep home and the reach of that service on Washington street, Sent out DSL contract for iested business in Canton- Spoke to Cathy about messed up MLS coupon for Internet access/dsl , Reading and responding to voice mails and emails, Neighborhood markets, On phone w/Realtor.com about setting up contracts for us to upload data from slcmls.com, wstarmls.com, and cortlandmls.com., CERTOWERS.COM INPUTING PICTURES AND TEXT, Working on phone because of server problems at Fishercast. Setting up their domain and forwarding mail,web issues., TICC workorders to timetracking; review VT invoices, review USA1Net A/P, depr entry, firmware upgrade to existing router for installation in Plattsburgh, TICC team meeting, Costguard phone call & e-mails, ti.com admin - then i puked & went home! (thanks Andrea!), drop off info at watertown office, Lunch, Meeting w/ Paul & Errol RE softMLS., Reading and responding to emails and proofing corporate partners' site manual,
|
