Blog Entry: 3/25/2006 4:46:46 PM
check permissions for the user you are connecting to the SQL database.
http://support.cjwsoft.com/code/moreinfo122-1.htm
That user may not have permission to make new data
Also, check all field and table settings manually by comparing them to the SQL creation script we provide. You may very well be missing auto increment and primary keys which would make adding new data not work.
It is most likely one of those two things. , One problem that is appearing is that in the admin section, in the users.aspx page, only one user is showing up when there are in fact 9 users. Also, when I click the edit user or email icon, the page does not go to the edit screen, it remains on the same page.
Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile. It could be due to the fact that the rest of the project is in C#. Or it could be due to some other factor in ASP Protect. ,
no, you cannot unless you plan to write a lot of custom code.
That is why the option pack has groups which eliminate the need to use access levels because groups can do everything access levels can and more.
There is an article here regarding that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=32& PN=1
cwilliams38303.5555439815, IFRAME is just an client side html thing...
has nothing to do with .NET
will work with any page extension or server side technology
As you see from that compatibilty chart I posted a link to.
Nearly every modern browser supports it.
cwilliams38155.4462847222, I am getting the same error looking at the previous post, I looked in settings and my Registration-URL is pointing at the correct location.
Is there any other thoughts on this issue
Thank you!
Matt2112 , when I go to that url is seems fairly fast and somewhat normal.. even when I try to log in it pops right back up asking for login info again..
I would check to make sure you are not running anything that might be effecting your web browsing.. software firewalls.. ad blockers.. script blockers... norton internet security.. zone alarm... anything like that
they can all effect a lot of things regarding how web browsers act. , humm, I see your using the lite version which is technically not supported.
I know you were responding to an existing thread but I really would rather you have posted this in the ASPProtect Lite area or at least mentioned what version you are using. Usually there are big differences in the versions and it helps me help you if I know what is going on.
Regardless, the code for this feature is actually the same and I just tested a fresh install of the lite version and it stored that verify url perfectly and all worked as it should in the verification email.
All I can think of is that you can try manually editing the "users/add_new_account.asp" file.
This part
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & vbCrLf & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Would need your verify URL hardcoded into it which would pretty much guarantee it would get put in the email.
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & "http://localhost/aspprotectlite/users/v.asp" & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Of course change the url to be valid for your setup.
Still, the fact that this isn't working means there is something wrong with your installation. It would probably be a good idea to erase everything, do an iisreset, and re-install the application in a different directory... immediatly log and go to the settings page, carefully set everything and save it... then register as a new user and see what happens.
There is no reason that variable shouldn't get set. I mean I tested it just now with a fresh install of the version you are using and not only that... 1000's of people have been using that same code for over a year in the full version and no one has had this problem except the guy who started this thread who never populated the value.
My guess is still a problem with your "IIS application" for that web. It is not doing it's thing for some reason. When the settings page is saved and application variable gets set telling the config file to reload the variables as it doesn't do it every time to conserve resources.
If that isn't getting triggered and that variable isn't getting set who knows what else isn't getting set and it's not pratical going around hardcoding 15 important variables., How to set a new users expiration date.
You'll need to edit the "users/add_new_account.asp" with a text editor.
Find this section..
<%
CmdAddUser.Fields("ValidateEmailCode") = ValidateEmailCode
CmdAddUser.Fields("Access_Level") = ""
' PUT YOUR CODE HERE
CmdAdduser.Update
ID = CmdAdduser("ID")
CmdAdduser.Close
Set CmdAdduser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
%>
You'll want to add code like this right between the Acccess_Level and Updates section
CmdAddUser.Fields("Expiration_Date") = Date + 60
That will give take todays date and add 60 days to it.
You can of course do whatever you want here.
Actually, any database value for the user can be set during registration.
You can also change the default Access_Level to whatever you like. cwilliams38403.6828587963, probably.. better than what we are accomplishing here LOL
or if you like send me the import file and your encrpytion key and I will try it out here and see what happens
either way PM me any sensitive info if any
, also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815, Now that I really think about it.. instead of logging that info to a text file and worrying about folder permissions you could probably just save the post info into an application variable during the paypal ipn.asp post like so
For Each Item In Request.Form
formdata = formdata & vbCrLf & Item & "=" & Request.Form(Item) & vbCrLf
Next
Application("PayPalPost") = formdata & " - " & NOW
then anytime you wanted to see if that info was there or when it happened you could make a simple asp page in your site to display the results like so
<%
Response.Write "(" & Application("PayPalPost") & ")"
%>
cwilliams38421.6747453704, Great Thank you!
As of thus far the program is working rather nicely.
I am very impressed :) , I was able to get it all figured out. Thanks a lot for your help, I really appreciate it. I ended up copying the database with the password to the directory and used the user/password connection code and it works great. I believe it was related to that but I cannot be sure. Thanks again! , That was wrong of me but not what I meant. It seems as soon as I purchase something like this it doesn't work right and it can't be altered to work with what I have. The support ends up sucking or being none. Listen I’ve gone thru you're product and it's wonderful and does exactly what you say it does so that's a relief. Sorry about my ignorance with .NET but I’m from an ASP world and it's a lot different. You can see what I’m trying to protect here http://www.hotmixxent.com:8087/default.aspx. The final site after testing will be http://mxais.sfmx.org/default.aspx. Again thanks for the support on Christmas Sunday, that’s defiantly beyond the call and I appreciate it a lot. , I downloaded v7 3/7/2005
I entered a password that was supposed to be all caps with only first letter caps.
it is odd, if I go to other user and enter wrong password that does not come up. it apprpriately goes to a screen that says Access Denied.
thx , The links to view that info are on the main users screen of the admin area.
Down below...
They wont show up unless you have that stuff enabled in the settings screen as well.
, The application is only intended for use with $ the way it comes.
Use of other currencies is not supported.
(this is noted on the product page)
However, it can probably be used fairly easily with UK customers.
You'll probably want to look into setting the currency to UK in the code generated for the PayPal buttons which is in "view_item.asp". There is probably a hidden form variable you add to it to specify the currency. PayPal's shopping cart documentation and help system would have more info on that.
Doing a search real quick there I came up with this.
<input type="hidden" name="currency_code" value="GBP">
Then you may also want to change the LCID settings for the web site to UK. (I think)
To do that edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 2057 There may also be hard coded dollar signs in the code that you will need to change to whatever.. If after you do the above to steps you see then you'll know where to change them based on the named of the page you on.
It is quite possible that simply changing the LCID will take care of everything, but I am not sure.
Those are the tips I can give you. , Our webhost set the permissions, but the error is still there, so that is obviously not the problem. We now have both our webhost and our asp support technician trying to figure out the problem and everyone is stumped. Can you please provide us with the following information to help us out:
1) what is the name of the file that sets the connection string?
2) what is the name of the file, if it is different from above, that sets the password of the database?
thanks , I disagree...
It would be 20 hours + of conversion and testing. Maybe more.
Like I said, I converted a version fo ASPBanner once to work with MYSQL. It took forever to change all the code (2 weeks of messing around) and get it working. There were also a lot of issues with null values in the database, ado update code that had to be rewritten, cursor type issues, recordcounts not working, etc etc that had to be sorted out. There was a ton of situations where things seemed to be working but later on I noticed there were minor bugs to deal with. It was a lot of work.
ASP Photo Gallery has a ton of asp pages. It is a much larger app then ASPBanner. If you convert it to work with mysql I highly doubt you could have it running well with less than 20+ hours of work. I wrote the app and it would at least take me that long and there would still be bugs at that point.
If you think you could your not used to my style of coding and don't realize exactly how much stuff needs to be rewritten.
Granted, you could get some of the basics running off mysql in a few hours or less but there is just so much little stuff that would give you trouble. cwilliams38243.9065277778, works fine now , The sql script creates aspgalleryuser
dataconn_inc.asp out of the box indicates aspgallery as the user.
GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspgallery;User Id=aspgallery;Password=temp;" , I get this error, Any ideas?
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.
/guestbook/save.asp, line 109 , You not getting a blank page.. you getting an error. You just can't see it because it appears you edited the page background to black.
error '80040211'
/aspprotect/scripts/emailing_subs_inc.asp, line 174 , Okay, I'm going nuts trying to find that settings screen.
I've got a dedicated server that I connect to using "Remote Desktop
Connection" so it looks like a regular Windows desktop. It's running
Windows Server 2003.
There's a program called "IIS Manager" but I've looked at all the
options for all the different sections and I don't find anything that
looks even remotely like that screen. And, of course, Windows
Help is no help at all.
What program do I run to get to that configuration screen?
Thanks,
Robert Gidley
, Nope,
No changes to any scripts - just a response.write added to Email_Password.asp to print out the SQL.
Sure - here's the address.
www.omegaphibeta.net/aspprotect/users/Email_Password.asp
-Toni
P.S. E-mail address to look for is serena_5@hotmail.com , You really can not do something like that. You can not use client side code to change a server side session variable.
To make changes server side a form must be submitted or a link clicked on to another page. Then you can do whatever you like but you cant have an onlci event update a session variable like that.
Though I am not sure of exactly what you are trying to do I think you'll need to go about things a little differently.
, I am running Windows 2000 server. I do believe asp.net IS installed as I have the .NET 1.1 framework installed.
Funny about the bounce backs. I am at about 10% of my limit, which I control as I am the network admin. I'll check into that. , well, you should probably be backing up the SQL database on a regular basis. That is between you and hosting company. If they let you connect via SQL Enterprise Manager you can do backups on your own.
As far as the aspprotect files and folders go back them up somewhere, and then only worry about backing them up again if you change some of the files.
That's really all there is to it. None of the ASPProtect files change on their own except the generated log files that you may or may not care about backing up.
I mean the important thing is the Database, and then of course any your own .asp pages that you protected as well as any custimizations you made to the users area or your site... , Yes, thats cool.. post it here for sure.
Also, the way you allowed for your search engine is clever and probably was the easiest way to go.
You could do the same thing with the IP. Much easieri than the way I was thinking of doing it.
, Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properlly.
The way to cure it are as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
, You may be interested in this. I just put it together real quick like.
http://support.cjwsoft.com/code/code_info.asp?TID=454&PN =1&TPN=1 , People who have the option pack have a new feature called groups.
Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customers older protection code.
A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.
Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.
For example..
You make 8 groups and assign users to them accordingly
Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any one of those groups would have access..
Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 2-8 would have access..
Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 3-8 would have access.. cwilliams38114.800775463, Excellent 
Thanks, the DESC addition did the trick!
- Jason , been working on this for about 5 hours today.. I think I found the problem and it involves a vbNullChar that the encryption process is creating only during login attempts
it then messes up during ASPProtect authentication because it blows up the SQL Statement to the database
like I mentioned before the chances off this happening are slim but possible as two people so far have been able to create the situation
I seem to have the HANNAH password working now using your encrption key
I need a little bit more time to clean up the files I have been working on. Then I will give you new "check_user_inc.asp" and "check_admin_inc.asp" files to try out , Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, You edit the web.config file that came with ASPProtect.NET.
You find this tag
<customErrors mode="RemoteOnly" />
you change it to this
<customErrors mode="Off" />
If you have a different web.config file in your root I suggest you make sure the tag is set to off there as well for troubleshooting sake
If done correctly you will get a detailed error
It's basic low level ASP.NET stuff really and does not have anything specific to do with ASPProtect.NET.
You also need to make sure your web is set up correctly for ASP.NET and that the correct web.config's are firing..etc etc
cwilliams38454.4368055556,
I was told by my ISP to use localhost and it should work and it does not. It does not require authentication to send e-mails.
Any other ideas?
Thanks , I post new ads , can view it in admin area
but when go to first page no ads show
all categories show (0)
How solve this problem ?
PS: I set default auto approved ads ,
I'm having another problem-hopefully it's a quick fix.
it tries to go to a page: default.aspx
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested Url: /default.aspx
When i log in as admin from the aspprotectadmin/default.aspx that works fine...
where should the user be sent when they log in? Am i supposed to specify that or is it automatic? Why isnt it working for me? I dont believe i changed any settings that correspond to that either , The default database password is "temp"
This is noted in the docs. You can also see the current password by looking at your connection string. cwilliams38176.7913888889,
Timecard Entry: 3/25/2006 4:46:46 PM
Watertown Daily Times. Fixing error in boys & girls basketball player rosters. Added feature for selecting starting positions and deleteing players from roster., designs for Vermont Internet portal site, billing issues i.e. cancels, sign ups, account changes. Lots of seasonal customers reactivating., Carol - setting up TICC in QB, General, TI Comm Team, CHR conference call re: ASRs, *Agfa NDT, meet with Bell Atlantic Engineers to go over fiber and our new room ... , JEFFLEWIS MEDIATION GRAPHICAL WORK ON ALL IMAGES, CROPPING, STROKING OUTLINES, ETC. NEW COLOR FOR LOGO.. CLIENT CHANGED COLORS ON NAVIGATION AND ORDER OF BUTTONS PLUS BUTTONS RENAMED.. NEW INFO ADDED IN DIFFERENT SECTIONS, BOOKMARKS MADE ON DIFFERENT PAGES (ONLY BILL 4 HOURS TOTAL TODAY) SALES UNDERESTIMATED JOB, go to IMCNet equipment room to troubleshoot and reset modem pools, WHITES LUMBER CHANGE ALL NAVIGATION TO POINT TO ABOUT US PAGE.., Helped Anthony - i think he's getting it - i saw a lightbulb go off in his head., Team Meeting, stuff at the end of the day, organize for the morning., Looking for drivers for an Osprey video capture card used for a streaming server on Windows 2000., PARTY RENTALS TYPING IN CONTENT, phone conferenced with Amy Barton and Kelly Mashaw at Allied Coop re: their site, questions and changes she'd like (alliedcoop.com, non-billable), after one of todays email
I thought I should practice
with wsftp, got MLS database done, worked on catalog request form "problems" on AlexBay.com site for Amy, web billing, catch up on emails, request reports, complete reports, get domains etc set up., MTG W FRED, St. Lawrence County - Database of existing listings conversion to Access., helped one customer with problems with netscape. also helped another that was having netowrk problems. did some radlogs, Staff meeting, home-work on Coldwell Proposal, tariff, not busy at all. had a signup, Daily reports, prep for meeting,
| 
