Blog Entry: 3/25/2006 4:52:46 PM
I believe I'm having trouble with Domain masking in that it appears to affect the ASP Photo Gallery login screen.
My address is forwarded and masked by my domain "company" (in this case: Godaddy.com). It is forwarded to a Win2000 Server running at my static home IP.
From outside of my network, the website appears to work fine...even the default.asp page works to the point of the login page. After entering a login and password - you hit the login button and the page simply reloads only with all of the header and footer information removed.
I found that by eliminating the domain masking feature at the domain company, the problem gets eliminated and the entrie site works fine.
Has anyone else run into this problem? I'm guessing it's the way the domain name is held in the browser cache but I'm not sure how to resolve it so that the ASPPhotoGallery scripts and pointers work correctly.
Eric
epeterson38365.6397569444, question 2 is answered best here
http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal
Ok, got it. Didn't know if there was something already set up for this that I was missing.
>>I should also mention that the paypals scenarios used in ASPProtect can not be tested using PayPal's sandbox.
Ok. Thanks.
>>Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts) then you can log into the other and refund the transctions and of
course it makes sense to use low amount like 1 cent and what not.
Yeah, been messing around with
that. Got everything going except the return page which I can't
do until the site is live. 
>>Also, I'd love to see what you came up with with the
integration. I have been working on it here as well and took it in a
different direction as I plan to sell directions for it as an add-on
for aspprotect.
Ok. Will email you with a username and password for access to the site once it's live.
Sounds like a great add-on for ASPProtect!
Thanks!
Michelle
,
Oh, I just remembered something..
It's been a while since I did this... :)
Nevermind what I said above as that is a different sort of "debug"
When you want to debug like your talking about find this section in the "web.config"
<compilation defaultLanguage="vb" debug="false" />
change it to this
<compilation defaultLanguage="vb" debug="true" />
When you run the code in a production environment change it back though
More Info
http://support.microsoft.com/default.aspx?scid=kb;EN-US;3061 56
, gotcha...thanks. , The application automatically generates all the code for you for each method of calling banners. It does this on the zones screen.
If you are using flash it also possible that the actualy flash file is what is causing things to slow up.
It really all depends... it could also be server resource related
using sql server or access.. ? etc etc
all important details cwilliams38362.6615972222, nice. I love learning at least 1 thing every day, Christopher,
Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software. , (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , To hopefully wrap this thread up...
This user showed me his site and things were working for me as they should.
We came to the conlusion that the weird behavior he was experiencing was because he was using AutoComplete in Internet Explorer....
It was automatically filling in the fields with his username/password that he had autocomplete save.
So it was a web browser usage issue.. not the code. cwilliams38165.5102546296, ok,
IE and firefox do some things differently.
It could very well have to do with MIME types set on the server for your website. pdf probably isnt set as a mime type which can cause issues with file streaming situations.
Mime types are either set in the IIS console for your web site under the http headers tab or you can try setting the content-type header to 'application/pdf' right on the asp page the does the streaming
see this article which shows how to do that
http://psacake.com/web/gj.asp
'Specify a MIME type such as "text/html", "image/gif" or "application/pdf"
Response.contenttype = "application/pdf"
'Useful in cases for unknown file types
You would want to put the code that sets the contentype as close to the top of the asp page doing the streaming as possible. , i was only kidding!! , 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., well, for now you have to watch the logs. What your talking about would take up a lot of server resources and database space to keep track of. Maybe some day, but no plans at the moment., If I also password protect the pricelist pages then someone will have to login twice.
nobody should have to log in twice... ?
session variables keep track of access... once your in - your in and you can browse to and from any password protected pages you like
If it is making you log in each time then cookies are most likely disabled.. session variables requires cookies being on to work.. cookies being on is a requirement of aspprotect and is how Formed Based Authentication works..
let me know if that is the issue there...
you shouldnt have to be logging in more than once per session
Thats the whole point of the application... , Then you should have current enough code.
If you PM me the encryption key you are using and the plain text password for this user I can see if I can reproduce the error and come up with a fix.
I believe you found one of the rare examples where the encryption creates a strange character that messes up things. Sometimes those characters are not even visable.
Changing the password should solve the problem in the meantime., I have activated both activity and log files. The directories exist on my server and don't give any errors.
When I check the activity tab, some times there are a number of items in it. Other times, there is only my login info. From what I can see, it is supposed to show the last 50 items of activity at all times. Am I missing something?
Also, when I click on the log file tab, there is no file or information to see. Is there something I need to do beyond activating it in the settings area and making sure the directory has write permissions?
Thanks. , This first one may be an obvious one, but is it only .asp files that I can protect as in no HTML files.
Can the program be set to protect my whole https directory contents (though the answer to the last question may have bearing here - there are html files as well as .asp in there) as in http://secure.mydomain.com
Thanks in advance , When I designed the system I never really intended people to type in long descriptions for pictures
and if they did I assumed they would use the enter key once in while..
but I guess people dont do that
This thread is along the same lines and shows what someone else did about this..
http://support.cjwsoft.com/code/moreinfo99-1.htm
though they are talking about a different page its the same issue , Those access levels are not used and are nothing to worry about. They are left over from the ASPProtect core which I used for the users area of ASPBanner.
I am not sure what you did but its not a none, Unless I know more I can not make any guesses what happened. I would make sure in the database that the user is active and the expiration date field for them if there is one is empty, sure (XP PRO), see my article on that
http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp
,
Chris,
I'm setting up the subscription locally so I can't test it out until I
put the site live. I have a question in how the paypal
subscription works.
1. What is telling paypal to return the info to the ipn.asp page for
processing? Is that something I have to set up in my paypal
account?
2. I'd like to use Paypal's
auto return. I assume the return page would be ipn.asp?
Would I just need to add a redirect to the login page at the end
of the appropriate txn_type if/then statement?
Thanks,
Michelle
P.S. I did finish the integration of the webwizforum with
ASPProtect. Thanks for the great headstart on that! Will be
putting everything live in a couple weeks.
, I assume you mean 500 pixels wide
no.. because you cant reliably tell a pictures image width without an image resizing component to look it up.. asp can not do things like that on its own
serverobjects has a free component called "imagesize" that can do it as well but you need access to the server to install the component
http://www.serverobjects.com/products.htm
so if you cant do that with regular asp code you definetly can not stop the upload proces because the picture is too wide..
heck, that would be nearly imposible to do regardless.. even with the best 3rd party components at your disposal
even with an image resizing component you would have to allow the upload.. then check the pixel width.. then delete it.. tell the user what is going on...etc etc .. all a very complicated process
, This relates to a part of the new documentation that wasn't ready yet.
I just made a thread about it though.
Here you go.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=198& ; ;PN=1&TPN=1 cwilliams38419.5353587963, I'm using ASPimage and have the maximum width set to 320 in the settings. Also using SAFileUP ver. 4.0.
Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.
Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.
Suggestions? lancem38326.9070486111, I just took a look and that is definetly what happened.
It has nothing to do with the registration process as far as I can see.
Just running this page triggers it and I know it does not do that the way it comes.
http://www.myvirtualtutor.com/aspprotect/users/user_area.asp
Please back up what you changed and put the user area back the way it came..
If error still happens then I can help you.. It it works fine with the default files from the zip archive then you messed something up in the code.
You have to be really careful when working with ASP code.
Also: just in case you did this. " you should not be password protecting any files in the users area that are already there " the users area does it's own thing and there is no reason to be doing anything like that to the files that are already there. You can do whatever you like to files you add on your own. cwilliams38456.0957060185, Now that I really think about it.. instead of logging that info to a text file and worrying about folder permissions you could probably just save the post info into an application variable during the paypal ipn.asp post like so
For Each Item In Request.Form
formdata = formdata & vbCrLf & Item & "=" & Request.Form(Item) & vbCrLf
Next
Application("PayPalPost") = formdata & " - " & NOW
then anytime you wanted to see if that info was there or when it happened you could make a simple asp page in your site to display the results like so
<%
Response.Write "(" & Application("PayPalPost") & ")"
%>
cwilliams38421.6747453704, Just to let you know that i figured out my problem. I had to modify the connection in the email code and get the correct path from my provider.
I hope you enjoyed your vacation.
Thank you
Adam , Totally 100% depends on what you are doing.. you certainly can't be renaming any fields unless you plan on editing a lot of code that references them. Adding new fields is nothing to worry about.
Also, you really should post a question like this under the forum section for the application you are referring to as well as specify exactly what changes you are talking about. For example I don't even know what application you are referring to.
I sell about 8 applications., Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111, I have noticed that during the file import, that some of the pictures get messed up. I can import aroun 150 pictures into different albums, say 3 albums with 50 each.
I have noticed however that some of the get messed up. What is happening is...the thumbnail will be correct, but after you click it the picture that shows up is one form a different album.
Any cure for this? , No problem. I get it now.
I added a Session Variable for "Counter". Then wrote an If statement around that. When the user logs on for the first time they see a window pop, after that the normal start page.
Thanks
, like I said you made changes to something to cause that...
users/user_area.asp
runs fine the way it ships "it is one of things I tested earlier when I looked at your installation for you"
If you want I'll go look via FTP and tell you what is wrong cwilliams38456.1069212963, No can do. In both cases there is an icon that says "Not uploaded". I click in it and nothing happens. There is no link to upload. Am I missing something?
By the way, I appreciate and am impressed with your rapid response. Thanks.
, (customer replied aug-sep 2005)
OK, you have old code then... I will send you some updated files that you can try.. let me know here if it solves the problem. , Thanks
It wasn't a complaint. I just bought it last night and installed it today. But, I must have missed the part about requiring Enterprise Manager for installing it on SQL.
If you want it the link to the Web Based SQL Manager is : http://www.aspenterprisemanager.com/ which is free and the Trialware that I tried is EMS SQL Manager.
Maybe that will help a little in not requiring that people have an MS SQL license to access their hosted MS SQL to install the software.
Thanks
, Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
, Haven't gotten to it yet. I do know there are a few customers using it to edit the app and said it was not all that different. Maybe they will chime in with some tips., Access Database Password
By default all of the Access Databases we give out have a default password of "temp"
The Default username that and Access database uses is "Admin" but you should not be concerned with that except in your connection strings.
The default password for the Access Database can only be changed using Microsoft Access to do so. If you have security concerns it would make sense to change the password. The help system built into Microsoft Access best explains how to do that. cwilliams38403.6820833333, who knows, thanks for your input, I am further than I was when I started talking to you!, That carrot doesn't really exist in the file, so I'm not sure.
I did download and place the ASPTEST file in www.drsweisberg.com/asptest and when I try to load the 2 pages it fails to load. I have another site on the same server and I uploaded the same exact set of files and the asp pages load. www.klarman.com/asptest
http://www.drsweisberg.com/asptest/server_info.asp
http://www.klarman.com/asptest/server_info.asp
This is how I set the connection:
ConnectionString = "DBQ=D:\clients\rklarman\klarman\asptest\_database\asptest.m db;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
ConnectionString = "DBQ=D:\clients\rklarman\drsweisberg\asptest\_database\aspte st.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp" ,
Timecard Entry: 3/25/2006 4:52:46 PM
Costguard training, payroll, lunch, 2 hours billable to Aldi foods... Had to modify their code some more for www.aldifoods.com and the store search.
Made all changes they requested and talked to Philip Kane on the phone to confirm that they were what he wanted.
Modified searches to show store hours amonung other misc changes with how things were being displayed., voicemail, email, call backs , misc, Developers Staff meeting, Emerald stuff from Jackie etc, Billing system setup, Project Tracking System, Had Steve help me out on the global code for the rotating ads, Drive to Clayton, Answered phones... I got busy right about when Bob came in. busy most of the morning., Folded inserts and unjammed the folder too many times., TRAVEL TO WATERTOWN MEETINGS- NO MILES, weekly cancel review started, lunch, Installed phone line, worked with new techs, labeled the whole phone system in the comm room, worked on sex. harassment statement, wdt to print newsletter, and iPhone., The Moose, lunch, Starting looking at and buidling routines for nnymls database because we have to conver it this friday... , Took tech calls, checked AUAQ, DUI, RAD, and Voice mail. Called user back due to DUI. VERY Slow. , Daily crystal reports and typing up a guideline sheet for future people to do the reports, Research a fix for mail problem on Kenny, travel time to sackets harbor, checking DNS resolve for www.imcnet.net to ensure it was working correctly, talked with the eo from utica and also the re co op from herkimer following up with weds appts. Also worked with chris w on softmlslite, Working on Cortland changes.. I have a huge list of things we are changing..some of which are very time consuming, Discussed scheduling for NOC center and on call with Darrell, talked with Drew and Harry about running lines between the building....Harry explained what would be needed to do the job, 3- people and extension ladder and a set of radios to do it right since we would have to pull from multiple areas. We decided to try and reuse 2 existing run if possible, Timecard approval,
| 
