Blog Entry: 3/25/2006 4:51:24 PM
That would not happen unless you added a target to the login form or you're code had a base target set.
Like so..
<base target="_blank">
I would really need more detailed information. It's nothing the system does the way it ships under normal circumstances. For example you shouldn't see that behavior in any of the example protected ".asp" pages
that is unless you have something odd going on with your browser settings or you made changes to the login form or code around it causing it. (or you are using frames and dont have some of the targets and what not set correctly)
My guess is that it has to be something you added or did, but I really need to know more to offer more than that.
cwilliams38419.7687152778, After taking another look at this and trying your suggestions without success, it appears that in Windows 2003 server it is nearly impossible to remove the READ ONLY attribute from the _database folder. I'm wonder if this could the cause?
Thanks
,
now. I just went to that url and this is the error I see which shows me there is a character in the source code that shouldnt be there which is causing the page to halt.
Looks like a "carrot".
Microsoft VBScript compilation error '800a0400'
Expected statement
D:\CLIENTS\RKLARMAN\DRSWEISBERG\PASSWORD_ADMIN\../dataconn_i nc.asp, line 18
<%
^
, No luck...this is the message
Return To Import / Export Screen.
Active Server Pages
error 'ASP 0113'
Script timed out
/members/aspprotect/password_admin/upload_post.asp
The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools.
, You do not say something like that in a support forum for a legitimate software product. I don't think piracy is funny in the least bit. It is something I deal with every day with my own software. If you want to joke about it please do it someplace else. If you are downloading things via p2p do not talk about here. I don't want to know about it period., sometimes those emails take a bit... all depend on wht you are using to send them and whether a pickup directory is involved
as for the other I do not know.. PM me the site details I can look
if it is a 2003 server parent paths must of course be enabled.. its a requirement of aspclassifieds
, Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.
Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.
, One problem that is appearing is that in the admin section, in the users.aspx page, only one user is showing up when there are in fact 9 users. Also, when I click the edit user or email icon, the page does not go to the edit screen, it remains on the same page.
Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile. It could be due to the fact that the rest of the project is in C#. Or it could be due to some other factor in ASP Protect.
, More Info on Simple File Sharing
http://www.practicallynetworked.com/sharing/xp/filesharing.h tm
http://www.theeldergeek.com/quick_guide_to_simple_file_shari ng.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;3040 40
, (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , I already gave execute permissions to the stored procedures and that
cleared up the first error, but the second one I still can't figure out., Also, I notice you are using iframes to load the banners. That is probably your issue more than anything. That browser probably does not handle them well.
Possibly try other methods of displaying the banners and see what happens. The XML parser is usually one the best methods to try as it will output just your banner code straight into your html. , aspprotect does not use a global.asa file
I would start by looking there and seeing what is going on ... with line 33
I dont see how it could be related to aspprotect in any way
Global.asa files fire on their own and what they do depends on what code is put in them, I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database.
How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'?
cwilliams38417.7773032407,
I have switched to Alentus and have the permissions set correctly and Parent paths turned on. I cannot figure out how to connect to the database. Should I have the database in the aspprotect/data/database folder, or in the data folder that Alentus has in my root directory? once that is determined, how do I decide what the path to that database is? I have tried many things, but this is what the setup page tells me to enter in the data_conn file DBQ=D:\Websites\www.mysite.com\aspprotect\data\database\ASPP rotect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp
Thank You
, Thanks for the install. After many hours I finally got part of the
system working. I can log in and log out as a user. My problem is I
want the pages
accesses by Members ONly. The database will contain the names of
the members and only they are allowed access, and no one else. I
tried Joe Blow to log in and it worked, the only thing is Joe was not
in the database and he should have been locked out and a page come us
saying something like "you are not a registered user, please complete
the membership application" and then link back to the root web,
application page.
I am also afraid of breaking the codes you provided thus far. I also
want the password protected pages in a sub-web of the root web.
This may sound like elementary stuff, but this newbie is having
constant trouble. I am also referencing books on ASP and Access
and VB and still come up with a dead end. Search the net and come up
with a few codes which are described as something I am looking for, but
dont want to add any thing like that for fear of breaking the whole
thing.
Any suggestions?
, Just an update,,,
the permission were all correct.... i left it and tried from my pc at work and it works fine... so i dont know what hahhpened.... thansk for your quick response
regards
Domenic
Sydney, Australia
, I did a sign up.. your verify URL is not saved/set in the application variables.
try saving the admin settings page again.. or reboot the server so the settings get reloaded
if you can make sure the web is it's own application in IIS
if it is your server do and "iisreset" from the command prompt
if all else fails you got iis application issues with the site... wait till tommoro to see if the setting gets loaded
, You edit the web.config file that came with ASPProtect.NET.
You find this tag
<customErrors mode="RemoteOnly" />
you change it to this
<customErrors mode="Off" />
If you have a different web.config file in your root I suggest you make sure the tag is set to off there as well for troubleshooting sake
If done correctly you will get a detailed error
It's basic low level ASP.NET stuff really and does not have anything specific to do with ASPProtect.NET.
You also need to make sure your web is set up correctly for ASP.NET and that the correct web.config's are firing..etc etc
cwilliams38454.4368055556, In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.
cwilliams38306.6367708333, Making progress. I have made the appropriate settings and now I have the option to upload. When I upload, I get the following message:
"Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard"
I am using IE6 XP SP2. I also am using DUNDAS UPLOAD, ASPIMAGE.
I think I set permissions correctly bot not positive. I have given all auth to everyone for the database etc.
,
ok "ace45",
I just spent a bunch of time in your setup using SQL server and I didnt have a single issue. It all seems to be working perfectly to me.
I got into the system using the "get_me_in.asp" page like the instructions say to to.. then I deleted those two users you had there.
I created a new user called "admin".. then I edited that user to make him an admin.
I have logged off and back on as that user a bunch of times without issue.
admin
test
is the user info..
I just didnt see any problems whatsoever???
I also took the liberty of going into the settings page and setting all that up for you as well so all the url paths are right now and emailing from the application works.
I am going to wait an hour or so and try to log in a few more times but it honestly seems to be running perfectly to me. , hi,
Sounds like permissions.. the text file that the config file data is not being written to.
open the file "data/config/aspbanner_unlimited_config.asp" with a text editor and see if your values are getting saved.. if they are not its permissions to that folder and file as far as not saving config settings goes.
You may also want to check out "data/show_path_info.asp" which if run from the browser has info on manual/alternate setup scenarios.. as far as what directories you put things in and also editing the config file manually.
lastly make sure the filesystem object is not disabled by something like norton script blovking or something similar which can also cause trouble regarding writing to text files.
,
I have been using ASPBanner for a while and am very pleased with it. Congratulations on a good product.
Only one feature is missing that would really help me and this is being able to display banners dependent on some condition (/aspbanner/aspbanner_inc.asp?BannerZone=6&condition=xxx ).
I think this would be a good idea as it would allow users to present adverts based on different criteria; for example; specific country/region related ads, ads based on time of day, ads based on user preferences, etc.
To achieve this I was thinking of adding a field to the database so that I can enter a set of comma delimited conditions for which the banner can be displayed.
I have looked through some of the asp code with the intention of seeing how easy it would be to implement the functionality. Not knowing the code however, I think that modifying it myself would be risky as I may inadvertently change things, which would have a negative effect.
Would adding this type of functionality in ASPBanner be of interest to you. If not, can you let me have your opinion as to whether this would be relatively simple change for me to do myself or would it be too risky and I should give up the idea. Any guidance or feedback would be appreciated.
, as far as sql goes if you follow the instructions with give for setting up a new database you shouldnt have any issues and permissions should be already set. because we handle that in the sql script we give you.. "its a good thing to look at and it is pretty easy to understand what is going on""
however using another account could cause permissions issues.."yes, even sa" basically the username your using needs datareader and datawriter permissions to all tables used by the photo gallery system and you probably have to go specifically set them usin ght e security tab for your database in enterprise manager. This is more of SQL server 101 than anything to do with the Photo Gallery Code so I am not going to get into it too deeply, but that is definetly the issue. Permissions...
cwilliams38303.6065740741, Hi,
I am investigating the possibility of purchasing above script having spent some hours trying to integrate various free banner rotators into my Invision portal.
What attracts me to your script is that it has 6 ways to call banners. I am an inexperienced webmaster with only a smatterring of knowledge about ASP. Will ASP Banner be able to integrate with my portal?
Many thanks
David van der Want
, If we wanted to user groups, is the "Access Level" in the User setup the same ID as what the group access would be? Ex. If John had Access Level 4 and the page specified <% GROUPACCESS = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
I'm asking because there is no Group Access Level in the user setup. Thanks
, MSACCESS 2000
server: windows
option pack: yes (after the install I have this problems with groups and edit users )
host permissions: yes
MESSAGGE:
Active Server Pages error 'ASP0113' Script time out/password_admin/groups.asp The maximum amount of the time for a script to execute was exceeded. ...
vaghelis38300.5484143519, I have been having some display issues with the .NET version of ASPBanner. I set the size of the image, and I set the size of the banner and there is still white space above and below the image. I am not using a text link below the banner, so I have it set to blank.
Here is a link to my page.
http://www.nababaseball.com
Two of the three banners in the rotation on the main page have non-white backgrounds so it's easy to see the issue I'm talking about.
Is there a way to tighten up the formatting so that the image fits onto the page in the size specified?
JDooley
, OK, so I misread the instructions. Wouldn't have been the first time
that happened... but I just had an account get created, guy then
paid, and... no activation. I had to go in the next day and do that by
hand. What should I do to look for troubleshooting on the issue? I've
got all the default directories set up and all the files where they
should be. What next?
, Yes worked fine
thanks
, Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings?
, Personally, I think that is something you should work into your existing site code or something you should handle on your own.
It's basic site maintenance issues.. and something every webmaster must deal with on an individual basis. If you are going to upload a new version of some large file of course you should go disable wherever people are dloading it from and then wait/re upload/turn things back on.. etc etc
It is not going to be a feature of ASPProtect and I don't see why it should be. If you want to have some sort of global site is temporaily down thing you should have a common server side include on all your pages right after the password protection include file. In that include file you could easily stop site access with a response.end and also show a message.
Or you should disable a file download page manually on a file to file basis.
Really, big busy sites that have their sh*t together use versions of files for a reason. Every new upload is a slightly new version revision and has a slightly different file name They do this partially to eliminate the problem your talking about and also because that is the way it should be done. Nothing gets uploaded over itself ever. Even if there is a mistake in a file they upload a new revision and document it in the revision/changes file. And of course they dont show users a link to a new file revisions until it is uploaded.
, Hi,
1. Two months ago, we have set up to use the Subscription services exclusively for all new members and renews. and removed the regular payment service, a carry-over from v6.
2. Many from the "pre-subscription" service have yet to expire, thus have a populated expiry field.
3. With a 10 month bridge before we get all the members onto the Subscription service the "Send email to users that are soon to expire."
is used to remind these.
3. When members RENEW using the subscription service, the Expiry Field is not Nulled and they become targets for future reminders although they have renewed as Subscribers.
XYZ signed up on Nov. 05 2004, we send him a reminder in Oct 2005 and he renews as a SUBSCRIBER. His expiry date field is not nulled and he will keep getting notices although he has paid for another year.
Hope this is clearer... Thanks
, Is the user ID case sensetive? In my case I use the user email as the login ID., perhaps the filesystem object is disabled on the server ?
or some sort of script blocking is running and causing a problem ?
other than that I can take a look if you put it up on a live server.
, Chris -
I am encountering a problem with items showing up. When I click on a category and then select an item to view I get
THIS ITEM IS NO LONGER ACTIVE
DO NOT CONTACT THIS USER AS THIS ITEM HAS BEEN TURNED OFF
OR THE USER HAS SOLD THE ITEM.
I have verified the item has the item_active check. For giggles, I even unchecked with the same results.
Thoughts?
, If you are using version 6 CDOSYS is not supported. That is one reason why version 7 came out. If you want to rewrite the code to work with CDOSYS in version 6 that is something you need to sort out on your own as I do not support custimization to the code.
, It is common when testing a site that this happens because of the nature of session variables.
Admins have access to EVERYTHING so it is very important when testing different user accounts that you specifically log out... and then close every single browser window before logging in as a different user. This is to ensure session info from the previous user does not overlap in any areas.
(The session variable for admin access being the main one)
Under normal circumstances a user would not log in with many different accounts on the same computer this this would only be a problem for a developer who is testing.
So make sure you go to the to log-off page and log off.. then close all browser windows.. then test another user.
If all this is not the case then something else is going on and I will need more information. I pretty much know the level checking code for ASPProtect Version 6 is correct as there has been no reason to change any of it in over a year. I would have heard reports of problems with it. , Regarding hosting companies..
Now.. obviously if you are hosting on someone elses server you may not be able to set permissions like this.
Ultimately, if you are hosting somewhere and ASP and Database connectivity is part of your hosting plan. It is the hosting company's responsibility to set these permissions for you when asked or to give you a special interface to do so on your own. If they are not helping you do this then maybe it is time to get a hosting company that is serious about your ASP Hosting Needs.
Also... JUST TO BE PERFECTLY CLEAR
The permissions we are talking about cannot be set via FTP or Frontpage access to your web site. They must be set like shown above or via a special interface meant to set the permissions correctly. For all you people out there messing with the permissions you see in FTP and Frontpage.. you are wasting your time and possibly creating problems in your web.
All ASP scripts that communicate with an Access Database, Upload Pictures, Modify Text files.... are going to need these permissions set in some way or another. We have no control over that fact.
cwilliams38360.69125,
Timecard Entry: 3/25/2006 4:51:24 PM
Gisco disability insurance report, voicemail, email call backs, dynoport, debbie pond, elliott realty mustard seed, Design of CommArts (Do not bill, fixed price), Help Dave and Chris with computer problems, randd, mail, organize, time cards, lunch, met with jeff-lewis mediation for content, Back to Clayton, Watertown to Clayton - 24 miles, Demo-ing timecard system changes to Howard, finished payroll and emailed to carol, Return call to Broadcast Center, steady morning. Darryl is off today. , research general web site design, Checked voicemails. All taken care of. , phones, radlog, callbacks, dial up issues, email, timecard., lunch, had a brief lunch, mmm pizza, very busy, meeting with everyone to go over next quarter focus, Designing a network diagram for Beth Conlon and for WO, so Beth can present quote to customer. Had to research prices and discuss w/ beth a little and talk about circuit pricing, since they have changed., lunch, had one call about billing. had one about email, met with Lisa re: her meeting with Hacketts and changes/additions they wish to make to their site, Register domain for Riverside Speedway, tried to get a modem working, team meeting, met with ken mills and jg to review co-marketing idea for burlington., read and sent emails, lunch,
