ok, here is what is going on

you are password protecting an ".asp" page that requires querystring info to run correctly   (example - "somepage.asp?ID=3"")

that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out

this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact

it was a nice feature never intended to handle any situations other than what I just described...

now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info

that more than anything is what is going on..  browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...

To avoid all of this...

One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)

Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.

Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc

So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.

I hope this makes some sense to you.. it is very hard to try and explain

If you are using version 6 CDOSYS is not supported. That is one reason why version 7 came out. If you want to rewrite the code to work with CDOSYS in version 6 that is something you need to sort out on your own as I do not support custimization to the code.

The album ID thing is completely normal and by design. Once an ID in the database is used it can not be used again. That is how autonumber fields in a database work.

As far as not being able to delete images... Are you by chance using ASP.NET to show dynamic thumbnails... Because if you are you must turn that feature off and wait 20 minutes or so (maybe more) before you will be able to delete any of the images. It is because the current version of the ASP.NET script used to make the thumbnails locks the images on the server temporarily anytime it creates a thumbnail.

It is a known issue... and there is no fix at the moment other than what I told you above.

I'm getting this error when I try to login:

 Active Server Pages error 'ASP 0131'

Disallowed Parent Path

/gallery/users/login.asp, line 19

The Include file '..dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.

perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation

Hi,

I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.

I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?

Thanks

S

Christopher

Found this but I dont really know what to do with it or even if its the right thing.

<%
'=========================================================== ==================='

' Application:     Utiity Function
' Author:          ; John Gardner
' Date:         & nbsp;  20th December 2004
' Description:     Used to check the validity of a postcode
' QueryString:     None
' Version:         V1.0

' Required routines:        &nb sp; None
                    
'----------------------------------------------------------- -------------------'

function Check_Postcode (byRef strPostcode)

' This routine checks the value of the form element specified by the parameter
' for a valid postcode.

' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf

' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.

  Dim strPostcodeRegExp(2)   ' holds the regular expressions for valid postcodes
  Dim intCount        &nbs p;      ' For loop counter
  Dim strPostcodeCopy        ' Copy of postcode
 
  ' Variables used to hold regular expression object  
  Dim objRegExp, objMatches, objMatch
 
  ' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
  strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"

  ' Expression for postcodes: ANA NAA, and AANA  NAA
  strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
 
  ' Exception for the special postcode GIR 0AA
  strPostcodeRegExp(2) = "^(gir)(0aa)$"

  ' Copy the parameter and convert into lowercase
  strPostcodeCopy = Lcase(strPostCode)
 
  ' Assume we're not going to find a valid postcode
  Check_Postcode = false
 
  ' Strip out spaces
  strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
  Check_Postcode = False
 
  Set objRegExp = New RegExp
 
  ' Check the string against valid types of post codes
  For intCount = 0 to Ubound(strPostCodeRegExp)
 
    ' Check next pattern in list
    objRegExp.Pattern =  strPostcodeRegExp(intCount)
    If objRegExp.Test (strPostcodeCopy) Then
   
      ' Post code found. Ensure input parameter is in correct format.
      Set objMatches = objRegExp.Execute (strPostcodeCopy)
      Set objMatch = objMatches(0)
      strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " &  Ucase (objMatch.subMatches (1))
     
      ' Show that we have found the postcode
      Check_Postcode = True
    End if
  Next
 
  ' Ensure that the uppercase postcode gets returned if valid
  If Check_Postcode Then strPostcode = strPostcodeCopy
 
End Function
%>

regards

John

I will actually explain how to set access_levels and/or groups...

in "users/add_new_account.asp"

I just installed the software, but I can't find any place where I can see when users logged in, can someone please tell me where I can do this?

Thanks

is that lindsey lohan and her fake boobs as ur avatar?

I am installing IIS and all of its glory on the other computer now... gotta love remote desktop (the pc is at work  )

Our knowledge base which is hosted at a remote location is protected by ASPProtect Full Version 6. I would like to allow our employee to access the knowledge base from within our internal network unchallenged. Is there a way which I can modify the code "check_user_inc.asp" to allow any one coming from say 10.1.X.X to access the site unchallenged?

Thanks,

Mo

sorry, I am guilty of being very tired and didnt read your message fully.

I know this forum area is called "database connection issues" but it is only meant for generic issues.

Issues specific to a particular application need to go in that applications area in the forum. It keeps the forums more organized and helps other people fnd help later on.

So please post in the correct area.
I will answer this question soon. I have to do something 1st though.

no, that system only works with ASP.NET code.

Currently it can not possibly work with classic asp.
PayPal made it a nightmare to use and work with.

Special things regarding the signing of digital certificates also need to be installed on the web server so if it isn't your server your also out of luck.

Now, we can connect to the MySQL database with ASPBanner using the following connection string if we like.

"driver={MySQL ODBC 3.51 Driver};server=localhost;port=3306;uid=root;pwd=temp;databas e=aspbanner;option=16386"

But we really do not want to connect to the aspbanner MySQL database using the "root" account

So, lets make an account to use..

In MySQL Administrator select "User Administration"

Down below you will see the user "root"

Right click on "root" and select "Add new user"



Type in a New MySQL Username and Password

I am going to call my new user "aspbanneruser"

Hit the Schema Privileges" tab



In this case since I am using the root account to manage my MySQL system I am just going to give this new user account what it needs to use the aspbanner database.. you may want to apply more permissions to the new account, that is up to you.. I am giving the new user (select, insert, update, delete, execute) So I right click on the aspbanner and then bring over the permissions I need for it.. and hit apply changes down in the bottom right.

We can now connect to the aspbanner MySQL database using this new account like so.

"driver={MySQL ODBC 3.51 Driver};server=localhost;port=3306;uid=aspbanneruser;pwd=tem p;databas e=aspbanner;option=16386"

------------------------------------------------------------ -----
article still in the process of being written (3/14/06)

The conversion of a char data type to a datetime data type resulted in an out-of-range datetime value.

banner_redirect.asp, line 36

Database - MS SQL Server.

This issue came up once before and when I investigated I could find no error in the html that aspprotect generates and those files do exist where they are supposed to. We concluded it was a parsing error from the log file system.

There just really isn't anything I can do about it. I spent a week trying to figure it out. It is just the log parser screwing up under certain circumstances where there is no reason anything is wrong. They have trouble dealing with some of the complex URL/querystrings that the ASPProtect admin area uses. They think there is a 404 eror when there isn't... etc etc

That would not happen unless you added a target to the login form or you're code had a base target set.

Like so..

<base target="_blank">

I would really need more detailed information. It's nothing the system does the way it ships under normal circumstances. For example you shouldn't see that behavior in any of the example protected ".asp" pages

that is unless you have something odd going on with your browser settings or you made changes to the login form or code around it causing it. (or you are using frames and dont have some of the targets and what not set correctly)

My guess is that it has to be something you added or did, but I really need to know more to offer more than that.

The Read-only attribute i was referring to is at the windows explorer level when looking at the folder properties under the general tab. 

ASPNET and IUSR have full access to the _database folder as you suggested - Yet still I get the permission error noted above.

Something very strange is happening.  Some users can't see the classified ads in their browser.  This is specific to the user's computer, and they can check other computers and see it fine.

In each case, the user is using windows explorer 6.0 browser with windows xp.

they can't see the ads listed on the ads page, but they can see the categories.

also, they can't see the place ad link on some pages.

Do you think that their browser is blocking the javascript for the mouseover message?

thanks.

I have sent an registration email (as test) to both a yahoo account and also my own email server and in both cases I get the same issue, all else is working great. I am sure its somthing simple, perhaps I am over looking somthing else. the site url is www.rochestertek.us/asp/users/register.asp if this helps

Again thanks.

in the version you have changing it is not something we covered

I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes

Terribly sorry, but we are not software-technical.  So can you please tell us exactly which folder the database would be in.

Thanks in advance.

Hi. Chris.  I'm not a programmer of any sorts, so I am not comfortable plugging in the changes you suggested and not knowing for sure if it will "break something somewhere else".  If the programmer tells me "you have been warned", its a pretty good sign its a no win situation. If you don't know, theres no way i can know.

I saw in the code where you mentioned the changes. I don't see where it mentions the last name is required either, but the bottom line is it does require it it the actual new user form.

Thanks anyway Chris. I'll figure something out.

-john

Here are three known bugs and their fixes...

If you have any of these symptoms these fixes will most likely take care of them.
If you don't have a symptom do not make any changes as you most likely have an updated copy of the application.

Technically if you bought that app on or after April 27th 2004 these bugs should all have been corrected.

Description Fix

(no descriptions showing in pop up window)

Edit pic_window.asp with a text editor

Change

Set f=fs.OpenTextFile(Server.MapPath("pictures/Album_ID_" & Album_ID & ".txt"), 1)

To

Set f=fs.OpenTextFile(Server.MapPath("../pictures/Album_ID_" & Album_ID & ".txt"), 1)

Slideshow Fix…

(last image in slideshow it not showing)

In slideshow.asp

Change

<% For PicArrayIndex = 0 To Ubound(PicArray) - 1 %>

To

<% For PicArrayIndex = 0 To Ubound(PicArray) %>

Add To Favorites fix

(add to favorites feature doesn’t work at all)

Edit "album_uppermenu_inc.asp" in the scripts folder

Change

<a href="users/favorite_albums.asp?Album_ID=<% =Album_ID %>"><img border="0" src="<% =application("skinpath") %>add_to_favorites.gif"></a>

To

<a href="users/favorite_albums.asp?Album_ID=<% =Album_ID %>&Action=Add_To_Favorites"><img border="0" src="<% =application("skinpath") %>add_to_favorites.gif"></a>

OK, I updated the server with the SP 8 Jet updates and this had no effect.

Then I loaded the asptest file and put in the correct path. The results were:

Failed: Database could not be connected to....

Error reported from server:
Error source: Microsoft OLE DB Provider for ODBC Drivers
Error number: -2147467259
Error description: [Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x784 Thread 0x854 DBC 0x2101014 Jet'.

Well, thats not normal.
(it should work just like our online demo does)

Do you have everything turned on in the settings ?

Uploading needs to be enabled and you also have to pick a valid upload method.

I downloaded v7 3/7/2005

I entered a password that was supposed to be all caps with only first letter caps. 

it is odd, if I go to other user and enter wrong password that does not come up.  it apprpriately goes to a screen that says Access Denied.

thx

Chris.

After I had you install ASPProtect I added the ASP protecting code to the top of my home page:

<%@ LANGUAGE="VBSCRIPT" %>

<% CHECKFOR = "1" %>
<!--#INCLUDE FILE="../../check_user_inc.asp"-->

Then I made my index.html page my login page buy using the script "Login form on a non protected page" on that I changed <form method="POST" action="memberarea.asp"> to <form method="POST" action="home.html">. 

When I try to log on to that page I get en error page HTTP Error 405 - The HTTP verb used to access this page is not allowed. Internet Information Services (IIS). I checked with my hosting company GoDaddy.com and they informed me that due to the fact that they do not have ASPProtect instaled on there systems they can not support it.  In recent conversations you told me that you have customers that do use godaddy and you products. 

Can you please tell me what I can do to get this working?

Thank you for your time and help.