Blog Entry: 3/25/2006 4:46:04 PM
There are several pages on my website that a user may go to that are not protected (e.g. home page). If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?
, I appreciate the offer to beta test... but its really more a matter of me getting it ready..
I have a lot done.. but a lot of things are hard coded to only work on my machine and some things have not been sorted out. Giving it to someone else to test would be a waste of time at this point as I they probably couldn’t even run it.
Lately the reason this project has fallen behind has all to do with my main webserver where I collocate.
1st it got compromised (we think by certain competitors who are always up to no good)... then windows 2003 server which I decided to go with on the new server gave me random problems... then the Cisco hardware firewall was acting up and making the sites run slow....then SQL server attacks on port 1433 from Korea when I took the firewall down....and as of the last few days I think the server just needs a new power supply. I swear for the last 2 months I have spent more time administrating my servers than working on code. Yesterday it was locking up every 30 minutes. There have been a lot of days like that and it takes up all my time until I get it situated. Especially since its over 100 miles to the collocation center. The APC unit I installed that allows me to remotely cut the power to hard reboot is a life saver.
Fun... I tell ya... and expensive.. (hardware, software, lost sales, and time) I am pretty much completely broke at the moment. It has been a very expensive few months.
But I like running my own servers... I run dns servers, email servers, sql servers, web servers.. I do it all. It's keeps me in touch with the latest software/hardware. Regardless , my servers ran well for years and they will again.
anyway.. hopefully I can actually get a new version of the photo gallery out before the month is over. It will probably be the last classic asp version. The version after that will most likely be ASP.net.
cwilliams38295.6248032407,
Different Versions of the Access Database
Below is a zip file with many alternate versions of the Access Database provided to help with installation and general usage.
2005-02-20_155310_ASPProtect_Database_Versions.zip
ASPProtect.mdb is saved as an Access97 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2000 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2002-2003 database (password "temp")
ASPProtect_access2002_no_password.mdb is saved as and Access 2002-2003 database with no password set on it
Try to use the newest version as server odbc drivers sometimes have to use the newest version for everything to work correctly. No password version is provided because sometimes there are issues connecting to a database with a password set on it.
Default username for access databases is of course "admin" but you really dont use that except in the data connection information.
cwilliams38403.6840277778, Not really sure how to do this.... i think you know what i am looking to do.. is there anyway you can show me or create that solution for me? It would prob. take you minutes as its been taking me hours 
, that wont work the way you did it because groups are not stored like like.
groups are stored "*1*"
or "*1*,*9,*"
so if you test for them you must do so using the InStr function of vbscript
example:
If InStr(Session("Groups"),"*1*") Then
' do whatever
End If
also.. as for the session variable
it should be Session("Groups")
And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved
Session("Groups") = CmdCheckUser("Groups")
If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value
, http://gibsoncity.info/guestbook/default.asp
Reports 65-messages, however after the first 10 are displayed and you click on the More Messages button, I get the Page cannot be found error.
, This user has notified me that the issue has been resolved based on what I told him., as an update... it is now possible to use Website Payments Pro with classic ASP..
However, you basically need to own/run your own server because of certificate signing and special things that must be installed on it. The certificates you have to generate requires your paypal username and password so it's definetly not something hosts are going to do for people.
So... this still isn't plausible at this time..., Hi,
First and foremost, a great product. I downloaded it last night and it took little effort to get it up and running 
.....now a little question...
Has the software/code been tried out on a Mysql db and if so did it work?
The reason I ask is that my website is very busy (1.5million page views per month avg) and I'm considering converting the ASPBanner Access db to a Mysql one to help handle the traffic. For every page view one banner impression is being made which means that the Access db is under a bit of pressure
This afternoon there were 1012 simultanious users on the website and it froze with an error message displaying where the banner should have been (I didn't quite catch the message but something to do with the banner script timing out). I'm not sure if the Access db had something to do with it but it seemed too coincidental. Rebooting the server cured the problem but obviously kicked off the visistors as well
At present there's 668 online and no problems so I'll have to monitor it to see how it goes but if anyone can answer the Mysql question I'd be grateful
Thanks,
Dave
, Hi,
I wanted to see if you had any suggestions for converting from Access to SQL sever database. I attempted this earlier today performing the following steps.
1) Create SQL Tables using Enterprise Manager / SQL Scripts
2) Use DTS to move all of the existing table data to the sql tables.
3) Update dataconn_inc.asp to use SQL and the required connection string.
When these steps were complete I was able to login to ASPProtect as an admin and search / find both groups and users. However, any attempt to edit or create users resulted in a "the page ... had a problem ... " type problem. It seems that I can read from the db fine but and getting errors writing to the tables. The user id that is being used to connect to the db is the [dbo].
Any additional hints for this procedure?
Thanks
Darrell
, re-edit the banner to ensure your change was saved..
if it has been written to the database thats good.. if not it is a data connection issue most likely..
if it did get saved... though it usually should not take time to apply it make take up to an hour for the change to take effect in the actual banner rotation.. give it a little time, Thanks for your rapid responses, your support is excellent!
It may be best that I stick with html then. You mention that is stresses the Version 7 software, would the unlimited version perform any differently if I use multiple zones?
Also, if I do go with a single zone, would either program be able to make sure each banner is unique, or would there by duplicates for each page view?
Sorry to post so many questions in one day.
, I just finished implementing the V7 product on our site and someone made mention that on the profile form where you are asked all your personal and user information there are 2 fields for passwords. The first field uses masking to hide the password as you type it, where the second shows it in clear text.
Now we know that the only people able to see the password are the user and the administrator, but it is playing mind games with my users as they think there is a problem with the application. I am not a programmer (however, learning ASP slowly now!) and am not sure if you did this on purpose or if it is a bug?
If it was done on purpose, can you advise how I can make the confirm password field masked as well to eliminate the unfounded questions!
Thanks
, (Password_Email_Confirmation_Mod) for ASPProtect Version 7.x
This will change the basic registration pages so that the email address and password entered must be confirmed when signing up. This eliminates the auto generated password during signup.
Some may prefer it working this way.
Directions:
Back up your existing ASPProtect installation.
Copy the two new files into your "users" folder
"register.asp"
"add_new_account.asp"
2005-12-01_182201_Password_Email_Confirmation_Mod.zip
, Sorry, you cannot, that is how it works and that is how it has to work for reasons I am not going to try to explain as it is pretty technical. (it works the same way even when not using paypal and using email authentication... nearly every registration system out there does it that way under an email authentication scenario or a PayPal IPN thing.)
Basically, if you are concerned about it you need to periodically manually check for accounts that were never activated and delete them. Maybe when I get some time some day I will make a little interface to help find those and clean them up at once.
, new version is still not finshed as of the end of the year... I am not going to release it until I feel it is ready., This is what it says in that thread I pointed you to
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.
I really dont see what is confusing about it. I think I explained it all in detail in that thread.
, humm, I dont know.
If you want me too I would be glad to go into your web site and troubleshoot. If so PM me the info I need and I will take a look and see if I can figure it out.
CJW
, I am trying to protect and ASP page written in Javascript. The first part of the page goes:
<%@LANGUAGE="JAVASCRIPT"%>
<!--#include file="../Connections/connWINGAP.asp" -->
When I insert the aspprotect code it looks like this:
<%@LANGUAGE="JAVASCRIPT"%>
<!--#INCLUDE VIRTUAL="/GIS/WCGIS/GISProtect/check_user_inc.asp"-->
<!--#include file="../Connections/connWINGAP.asp" -->
and I get this error:
Microsoft JScript compilation error '800a03f7'
Unterminated string constant
/GIS/WCGIS/GISProtect/check_user_inc.asp, line 2
I think I understand that your code is written in VBscript and that is why it is not working. If this is the case, how can I switch to VB to execute your stuff then switch back?
Thanks,
Jess
, Those access levels are not used and are nothing to worry about. They are left over from the ASPProtect core which I used for the users area of ASPBanner.
I am not sure what you did but its not a none, Unless I know more I can not make any guesses what happened. I would make sure in the database that the user is active and the expiration date field for them if there is one is empty, I am trying to set up ASP protect 6 and have a problem that when a new user registers their email is not transferred to the database.
I can see the rest of their entries both in the database and in the admin/edit form but not the email.
Any ideas?
, Christopher,
Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.
Darrell
, LOL
, It turns out that I never enabled ASP.net on the site. After doing that the skins work much better. I'll have to poke around and see what other functionality is now available.
Thanks!
Al
, It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.
Regardless,
If an account isn't listed you have to add it.
Click (add-advanced-find now) and it will list off all the user accounts on the machine
You can also click (add-advanced) and simply type in the account name or part of it.
Some more tips:
If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.
You can also go to computer management in your server's administrative tools and view all of the accounts and groups there under "Local Users and Groups".
cwilliams38417.7186689815, I am getting the same error looking at the previous post, I looked in settings and my Registration-URL is pointing at the correct location.
Is there any other thoughts on this issue
Thank you!
Matt2112
, Are you aware ASP can run on any machine running win95/95,2000,xp pro, 2003. You really should test all asp code locally before running it on live servers but anyway... that is your deal
I am not sure if memory alone will be enough for that server but it could help. I saw a decent amount of free memory when I looked. Its just about an 8-10 year old system on every aspect (processer,OS,Hard drives, memory etc etc) and not only that something is tasking the heck out of the resources left over for asp database access. Something is just wrong. I don't know what it is but I am pretty sure it is not aspprotect. I got rid of my last nt 4 server about 4-5 years ago but the application always ran great on NT and I still have some customers using NT 4. Not many though.
if you email me the import file and the encryption keys you are using I will make a database for you.. just zip it up and send it to chris-cjwsoft.com
replace - with @ , Thanks very much for the quick reply.
That sets my mind at ease 
I was just worried if users would see warnings in their firewall software too.
I realize that the admin would have to have to go through some errors...
And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.
Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...
Thanks
, pretty clever...
If anyone is interested in what the Mod function actually does this article explains it nicely. They even use it for the same purpose in the examples.
http://www.asp101.com/articles/steven/mod/default.asp
cwilliams38210.6791898148, Sorry you feel that way, not my intention. I'm not threatening anything. I was very happy you responded when did so there no reason for any bad feelings. I like your product as I said before and have no problems with it. Sorry again, that was not my intention. Merry Christmas…
, Hello,
I need some help with the following code. Please look at the area in red. I need to be able to set someting up to where the variable eval1 (a yes/no field in my database) is set to false after the associated link is pressed.
Thank you
="vbscript" %>
<!--#INCLUDE virtual="/irp/check_user_inc.asp"-->
<html>
<head>
<title>Administrator Evaluations</title>
<style>
<!--
div.MsoNormal
{mso-style-parent:"";
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";
margin-left:0in; margin-right:0in; margin-top:0in}
-->
</style>
</head>
<body background="../images/1.gif" bgcolor="#C0B59A" vlink="#FF0000" alink="#FF0000" link="#0000FF">
<p><map name="FPMap1">
<area href="http://www.utb.edu/" shape="rect" coords="627, 66, 670, 81"></map>
<span lang="en-us"> & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp;
</span>
<img border="0" src="https://blue.utb.edu/irp/Inst-Research&Plan.jpg" usemap="#FPMap1" width="675" height="82"><br>
</p>
<h2 align="center"><span lang="en-us">Administrator Evaluations</span></h2>
<p align="center"> </p>
<p align="left"><span lang="en-us"> <b>Welcome, </b> </span> <b> <% Response.Write(Session("FIRST_NAME")) %>
</b>
</p>
<p align="left"><b><span lang="en-us">On this page, you will see a list of names
that represent the persons that you will be evaluating this year.
Please click on a name to select that persons evaluation form. Once you have completed
and submitted that persons evaluation, you will be returned back to this page to
continue with the next person on your list. Once you have completed all your
evaluations, you can log off the system using the link below.</span></b></p>
<p align="left"><b><span lang="en-us">Please note: Only <u>1</u> submission per
person will be accepted, any additional submissions will not be accepted.</span></b></p>
<p align="left"><span lang="en-us"><b>If you have any questions please feel free
to contact us at the number below.</b></span></p>
<hr color="#FF9933" width="80%" size="3">
<p align="center"><span lang="en-us"><b>Please click on a name below to begin
the evaluation process.</b></span></p>
<div align="center">
<table>
<%If Session("Link1_Name") <> "" Then %>
<table border="1" width="28%" id="table1" bordercolor="#000080">
<tr><td bgcolor="#FFFFCC" style="float: left"> <b><span lang="en-us"> <a href="https://<% Response.Write(Session("Link1"))%>" onclick="<%=Session("eval1")="true"%>;return true" </href> <font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link1_Name"))%>< /span></font></a></span> </td>
</tr>
<%End If%>
<%If Session("Link2_Name") <> "" Then %>
<table border="1" width="28%" id="table1" bordercolor="#000080">
<tr>
<td bgcolor="#FFFFCC" style="float: left"> <b><span lang="en-us"> <a href="https://<% Response.Write(Session("Link2"))%>" </href><font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link2_Name"))%>< /span></font></a></span></td>
</tr>
<%End If%>
<%If Session("Link3_Name") <> "" Then %>
<table border="1" width="28%" id="table1" bordercolor="#000080">
<tr>
<td bgcolor="#FFFFCC" style="float: left"> <b><span lang="en-us"> <a href="https://<% Response.Write(Session("Link3"))%>" </href><font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link3_Name"))%>< /span></font></a></span></td>
</tr>
<%End If%>
POST EDITED / SOME CODE REMOVED TO KEEP IT SHORTER ..
This went to Link3_Name
</table>
<p> </p>
<p><span lang="en-us"><b>If you have completed all your evaluations and wish to
log out please click <a href="log_off.asp">here.</a></b></span> </p>
<p> </div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="80%" noshade color="#ff9933" align="center"></div>
<p align="center" style="text-align:center"><b>Institutional Research and Planning
<br>
Tandy 270<br>
80 Fort Brown<br>
Brownsville, TX 78520</b></p>
<p align="center" style="text-align:center"><b>Phone: 956-544-8816 &nbs p; &nbs p;
Fax: 956-983-7652<br>
E-Mail:
<a style="color: blue; text-decoration: underline; text-underline: single" href="mailto:iresearch@utb.edu?subject=Administrators%20Evaluation">
iresearch@utb.edu</a></b></p>
, The sql script creates aspgalleryuser
dataconn_inc.asp out of the box indicates aspgallery as the user.
GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspgallery;User Id=aspgallery;Password=temp;"
, Chris, that fixed it. Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.
Suggestion for future release. Create an option to email the admin when a message is posted. If this code already exists please advise.
Thanks, Lance
, The PayPal feature that is in ASPClassifieds has always been labeled as experimental and has never been supported as the documentation says. About a year ago I stopped even mentioning the feature on the product pages or in the live demo because I didn't like how it worked and I decided I would just market the application as a free based classifieds. It’s just not something I can support or talk about. To work really well it really needs to be coded to use PayPal IPN and a credit system. Where ads and various extra features cost so many credits and people have to buy credits before they can post any ads.
That’s about all I can tell you. It's just not something I support.
,
I encountered a problem that I haven't been able to solve.
I'm trying to get .pdf files to byte serve (page-by-page load in the browser)
but unable to do so. I've narrowed it down to stream download file where it
creates the header object. I haven't made any success with the changes I've
tried. Any help would be very nice.
This maybe useful:
http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/act/htm/actml_ref_href.asp
, Christopher,
I can empathize. It can be a real pain to stablize a server and fend off hack attacks.
As for beta testing, I was referring to once you get to the point where you're ready to release it to the public whether it's this month, next month, etc.
Good Luck!
Al
, The "forgot your password" feature is not sending passwords to users when they put in their emails.
Any suggestions?
Thanks
, Some users have reported an error during the registration process.
Here is what I believe is happening.
When you register you get sent a validation email that has a link in it that looks something like this.
http://support.cjwsoft.com/forum//activate.asp?ID=testAD3AD2 97BC
That link can only be clicked on once which will activate your account.
If you somehow run that link more than once you will get a message telling you there was an error.
I think some people are double clicking on the link they get sent and running it more than once.... or clicking on it again after registration is complete. It probably happens very fast so they never see the success screen.
Either way, if you can login to the forum nothing is wrong and you are already activated.
