Blog Entry: 3/25/2006 4:55:49 PM
I dont know about your error on line 6 when uploading..
as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.
I really need more information and possibly acess to the system to do some troubleshooting...
This is anot a feature anyone has ever had an issue like this with.
, Need to clarify something..
Your talking about the page where a new user registers right ?
Your not talking about adding a new user from the admin area ?
Either way under no circumstances do I see anything like you are saying happening nor has any other ASPProtect user ever mentioned this probem.
I am going to need to see your site and see this happening. It just makes no sense the way you are describing it.
Also. did you edit the registration page code in any way. If so please revert back to an original copy to ensure this is not some sort of problem introduced by editing the code.
cwilliams38164.8115046296,
ok, so from your PM Iknow you are using SQL server with IIS5.
You say you created the SQL database using the provided scripts and that is good.
What is going on may just be a weird odbc issue that sometimes happens on IIS5 when using SQL server and I have an idea on how to remedy it.
Edit the "config_inc.asp" with notepad.
Change
If Application("SERVER_SOFTWARE") = "" Then
Application("SERVER_SOFTWARE") = Request.ServerVariables("SERVER_SOFTWARE")
End If
To
Application("SERVER_SOFTWARE") = "iis/6"
And lets see if that helps the situation.
it will change some SQL String query values in the application from "-1" to "1"
either should always work but under certain scenariois only one or the other works, I have been using the AspHttp Component method for displaying my ads along with the google adsense code. However, in the last few days my site was taking too long to load, so I replaced the AspHttp component, with Javascript method. The site was back to speed. But now, the Google Adsense banners do not show up. Is there a solution for that? Can the Javascript show Adsense banners also? Because they do show the Flash banners., The login page sends the user to redirect.asp (which is as follows)
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If InStr(Session("Groups"),"*1*") Then
Response.Redirect("gp01.asp")
End If
%>
<%
If InStr(Session("Groups"),"*2*") Then
Response.Redirect("gp02.asp")
End If
%>
I am not being redirected to gp02.asp if I am a member of group2. Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)
Thanks in advance.
, You really can not do something like that. You can not use client side code to change a server side session variable.
To make changes server side a form must be submitted or a link clicked on to another page. Then you can do whatever you like but you cant have an onlci event update a session variable like that.
Though I am not sure of exactly what you are trying to do I think you'll need to go about things a little differently.
, you actually dont touch any of those
UploadDirectory = CmdGetConfiguration("UploadDirectory")
They get set from the config table in the database which gets edited in the admin area.
so...
I am talking about the settings area in the admin area of the applicaton.
Every setting there is descibed in detail. You get there and change serttings there via the web browser and by logging in as the admin.
Log in to the online demo as admin and check out the settings area if you are confused.
http://www.aspphotogallery.com/demo_pro.asp
, from the import page in the admin area.
The import/export file must be tab delimited with no text qualifiers. The 1st row containing field names and the following each being a new user. To create your own import file it must be in this exact format. To find out what field names and their order are simply create an export file using ASPProtect and take a look at it. You can also import that text file into MSACCESS. , I am having problems accessing the admin site at the following URL:
http://www.drsweisberg.com/password_admin/default.asp
It brings up the login page, but when I enter the admin/test, it times out. The DB is the copy with no password and it resides in a directory on the same server hosting the site but it is not in a folder viewable by web users. This is how the dataconn_inc.asp is set:
<%
'*** Below are the only two settings you need to edit in this file
ConnectionString = "DSN=drweisberg;Driver={Microsoft Access Driver (*.mdb)}"
DatabaseType = "MSACCESS"
%>
The ODBC is setup and the IUSR has read/write/modify permissions.
Any help would be greatly appreciated.
, hi,
no.., not unless you come up with some clever way to handle it on your own
http://support.cjwsoft.com/code/code_info.asp?TID=369&KW =https
read 2nd to last post
The way ASPProtect ships it is designed to either be in http:// the whole time or https:// the whole time.... (there curently is no solution from me allowing going from one to the other)
sorry
, Oh, to clarify the above. We did not change any columns in your [Users] database or any other table.,
I have been using ASPBanner for a while and am very pleased with it. Congratulations on a good product.
Only one feature is missing that would really help me and this is being able to display banners dependent on some condition (/aspbanner/aspbanner_inc.asp?BannerZone=6&condition=xxx ).
I think this would be a good idea as it would allow users to present adverts based on different criteria; for example; specific country/region related ads, ads based on time of day, ads based on user preferences, etc.
To achieve this I was thinking of adding a field to the database so that I can enter a set of comma delimited conditions for which the banner can be displayed.
I have looked through some of the asp code with the intention of seeing how easy it would be to implement the functionality. Not knowing the code however, I think that modifying it myself would be risky as I may inadvertently change things, which would have a negative effect.
Would adding this type of functionality in ASPBanner be of interest to you. If not, can you let me have your opinion as to whether this would be relatively simple change for me to do myself or would it be too risky and I should give up the idea. Any guidance or feedback would be appreciated.
, Please be aware folks..
This file is not provided by CJWSoft. Though this may work very well use of it is not supported in any way. We have not tested it.
This user is not using the option pack so this file will not be compatible with anyone using that because it does not have support for groups and some of the other new features.
Regardless..we appretiate users sharing ideas and solutions that they have come up with.
cwilliams38313.499837963, I am running Windows 2000 server. I do believe asp.net IS installed as I have the .NET 1.1 framework installed.
Funny about the bounce backs. I am at about 10% of my limit, which I control as I am the network admin. I'll check into that.
, You are NEVER supposed to move any files, especially that one. Of course that is going to break a lot of things.
Please put it back the way it was.
You change the path of the include file when you call it, never the location of the include file., I believe I'm having trouble with Domain masking in that it appears to affect the ASP Photo Gallery login screen.
My address is forwarded and masked by my domain "company" (in this case: Godaddy.com). It is forwarded to a Win2000 Server running at my static home IP.
From outside of my network, the website appears to work fine...even the default.asp page works to the point of the login page. After entering a login and password - you hit the login button and the page simply reloads only with all of the header and footer information removed.
I found that by eliminating the domain masking feature at the domain company, the problem gets eliminated and the entrie site works fine.
Has anyone else run into this problem? I'm guessing it's the way the domain name is held in the browser cache but I'm not sure how to resolve it so that the ASPPhotoGallery scripts and pointers work correctly.
Eric
epeterson38365.6397569444, In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.
cwilliams38306.6367708333, Yes, you are right. That was the problem. Sorry 
Cheers
Roy
, Attached is a SQL script to create the ASPProtect Database with the Option Pack Changes already applied. This lets you create the database in one step and you wont have to make the option pack changes as they are already there.
This only applies to people using MSSQL and doing a new installation.
This scripts are run via SQL Enterprise Manager.
You make a new database then run this script on it in query manager.
2004-06-14_180056_aspprotect_w_option_pack.zip cwilliams38152.7522569444, Thank you.... yes it does
Is there a limit in the number of Zones you can have in the database.
thanking you
, Here is what I have in settings.
| ServerSoftware |
Microsoft-IIS/6.0 |
| ServerName |
www.107threnegades.com |
| ServerProtocol |
HTTP/1.1 |
| PathInfo |
/gallery/gallery_admin |
| PathTranslated |
d:\hosting\arisky1\gallery\gallery_admin |
|
|
| FILE SYSTEM OBJECT |
Installed |
| ADODB (ActiveX Data Object) |
Version: 1.2 Installed |
| CDONTS |
Version: 2.80 Installed |
| SMTPMail |
Not Installed |
| JMail |
Not Installed |
| AspEmail |
Not Installed |
| AspMail |
Not Installed |
| SAFILEUP |
Not Installed |
| Dundas Upload |
Not Installed |
| ASPImage |
Not Installed |
| AspJpeg |
Version: 1.4.0.1 Installed |
| ImgWriter |
Not Installed |
|
|
| Script Engine |
|
| Type |
VBScript |
| Version |
5.6 |
| Build |
8515 |
I do not even see ASPUpload listed but when I run the test_asp_components.asp from the extras/more_component_info folder, it shows that it is installed.
, Thanks very much for the quick reply.
That sets my mind at ease 
I was just worried if users would see warnings in their firewall software too.
I realize that the admin would have to have to go through some errors...
And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.
Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...
Thanks
, did you fix it because I see all the pictures just fine ?
http://mcintoshcounty.org/real_estate/view_item.asp?Ad_ID=1
, What other information do you have ?
Details are very important.
Info on situations where it works... like OS, browser version.. etc etc
Info on situations where it does not work... same stuff
size of the PDF files ?
server info ?
Maybe protect a page and offer a PDF file so myself and some of the forum users can try it and report back what happens.
Also, Many people zip up PDF files when letting people download them as browsers can act pretty odd at times with them. Perhaps that is an option.
, Chris,
Thanks for the reply. It all makes sense.
I have gone with your first option but here is the problem:
I have moved the password protected page from the detail page with the
querystring to the straight .asp page. This obviously fixes the
previous error.
Once someone has logged in they are then presented with a list of links
to the previously protected pricelist detail pages (example -
"somepage.asp?ID=3""). They are then able to access the pricelists.
The problem is that if someone copies the pricelist URL they are then
able to pass it on to someone else and bypass the password protection.
If I also password protect the pricelist pages then someone will have to login twice.
Is there some code that i can add that will simply check that they have
logged in otherwise kick them back out to the protected .asp page.
All code in your documentation tends to open the login page regardless of whether you have previously logged in.
Thanks,
Stuart
, New Features added to 7.x
- Entire application gone through and updated.
- New graphics, new look and feel
Passwords and Cookies are now encrypted using separate keys individual to each customer install.
- Groups Feature... powerful way to protect pages based on group access
- Ability to upload a picture for each user.
- New printable profile user screen.
- Supports 13 email components as well as outgoing authentication for a few of the email components
- New Lockout option. "However many" try’s to login and you are locked out for a certain amount of time.
- PayPal signup routines for both single payments and subscriptions integrated into the application. Everything is handled automatically. Charging for membership couldn't be easier.
- New Newsletter Feature allows you to send newsletters to those subscribed.
- New ability to Email users soon to expire
- HTML emailing for people using CDOSYS. This includes an inline html editor so you can send out some really professional looking emails.
- Ability to redirect a user anywhere on 1st login
- Option to turn off Login Remember Me Feature
- Login Form now very easy to edit
- All paths for places that need permissions can be easily changed.
- Works with Parent Paths Disabled on the web server.
- Company Name is now an optional field
- Handy javascript popup date selectors
- All date functions now internationl date friendly
- Password conversion routine to upgrade existing users to the password encryption
- Import / Export of user database built in
- Protection Code Generators
- Notes Feature. Javascript Popup on users screen that allows you to quickly see information without going to their edit screen
- Mass email users incuding ability to send them usernames and passwords all at one time.
- Option to not allow concurrent logins by the same username
- Optional feature to keep track of recent users that have logged in as well as allow you to view the information.
- Optional feature to keep track of recent users that have logged in, what pages they accessed, and when, as well as allow you to view the information.
- Ability to protect other files types other than just protecting the viewing of the ".asp" pages. We provide working example code showing you how to protect images and file downloads in your protected ".asp" pages. You can protect nearly any type of file from downloading and viewing. (gif, bmp, jpg, zip, exe, pdf, rar, mp3,etc..)
cwilliams38413.5933680556, No worries
then..
is there any way I can get rid of those information shown on User activity screen, so I can at least know who logged in current day?
thank you in advance
, This user has notified me that the issue has been resolved based on what I told him., I have connected to countless DB's using my own applications written in dreamweaver and have tested them on my own server and also my web facing one. BUT this seems to be different. no matter what I try I still get this error.
[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x440 Thread 0x6b0 DBC 0x1f995bc Jet'.
On both a windows 2000 server and also a windows 2003 server. Also using both DSN and DSN less connection and oledb.
Any help would be greatly apprectiated.
Thanks
, This is what it says in that thread I pointed you to
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.
I really dont see what is confusing about it. I think I explained it all in detail in that thread.
, Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, ok.
sorry then..
I just had a series of fraudulant orders this past week including today and the whole thing has me on edge. (foreign people getting my code for free and doing who knows what with it) When you mentioned calling the cc company it pushed all the right buttons.
Merry Christmas, where is your site ? I'll taka a look
, An email I just received from eastcoastguy.. to keep this thread up to date
Your quick reply was greatly appreciated... I removed the password and was able to use a DSN...I will look into a DSN-less connection later..once i get this working !
Cheers
eastcoastguy
cwilliams38146.6165509259, ok, 1st we need to rule out the #1 reason people sometimes think that is not working.
Is is set up never to allow the same IP to increment the count more than once in a row so when testing it is real easy to think the count isn't working because unless you can change your ip you can not increment the count more than once per album
It's a poor mans spam abuse type of deal..
For the most part it will keep some Joker from hitting refresh 100 times and inflating the count of an album.
Do you think that is possible what is happening ?
Also, here is an older thread about the same issue?
http://support.cjwsoft.com/code/moreinfo54-2.htm
, Christopher,
I have a follow-up to this question.
Is there a way to get the photo descriptions to save with actual spaces instead of the HTML space code all of the time?
I know that is does this if you hit Enter while typing a description, because it creates a 'br' tag. The main reason I am asking is because if the user does not enter a line break, the description is saved a single long string and the pic_window.asp page is generated with one long description which makes the page very wide.
I tried to get around this by changing the description style in pic_window.asp to reflect a value like 50% or 200 pixels, and I have tried putting it into a table with a fixed width, but there is no effect.
Thanks!
- Jason
, I'm getting errors when clicking the Update Config Button in the System Info page and when clicking the log files button.
I'm not sure if it's a permission thing or not. ASPNET and IUSR both have modify access to the _database folder and childs, yet I'm still getting the error:
Access to the path "D:\Inetpub\wwwroot\aspprotectnet\_database\xsd\aspprotectne t_config.xml" is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path "D:\Inetpub\wwwroot\_database\xsd\aspprotectnet_config.xml" is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Any ideas?
Thanks
, Hi Chris,
Thanks for the answer. No, I am not using Paypal since these are employees and sales reps. I guess i'm on my own on this one. :)
Thanks
Sylvain
, I posted this in the wrong forum. Sorry.
I have installed ASPProtect on a client's website and I have been
notified that some of their customers have been unable to login to the
protected pages.
On testing it seems that the issues seem to be related to how cookies are being stored by IE 6.
ASPProtect is being used to protect particular template files within a
Content Mangement System. 90% of the time it is working fine but on the
odd occassion particular cutomers are unabe to login.
After quite a bit of testing I have managed to find the scenario in
which it starts to have problems and was hoping you may be able to
provide a solution.
If a customer enters the wrong password, then reenters the correct
username and password, they receive a message "template can not be
found" from the Content Management System. This message is generated
when a url is entered that contains a link to a template file that does
not exist. In this case the template does exist. If I remove the
ASPProtect code the page opens without error.
Everytime they re-enter the details they receive the same message.
If they close down the browser and then reenter the correct details in some instances the page will open correctly.
More often than not, they have to delete cookies and temporary files
and close the browser. This seems to fix the problem again for
most users. For users who's web access is heavily cached by an internal
server, even this does not work.
Have you come across this problem before and can you suggest a remedy.
If you can email me privately I can give you the URL and access codes.
Thanks,
Stuart
, thx for posting this..
Just a few notes... more than 100 pictures specified in the config file is not supported. You are of course on your own if you specify more than 100
Also, technically the post above should say more than 102 pictures... "I think" as you wont need more html cell code until then..
The loop in the code is probably how I should have done it in the 1st place but I was in a hurry to get this finished and I also never expected/wanted anyone to specify more than 100 pics per album.
Lastly.. depending on what style you are using in the config file the code above may not work as some of the styles do not use cells but line breaks instead.. At least from what I remember.
cwilliams38306.7506481481,
Timecard Entry: 3/25/2006 4:55:49 PM
Lunch
, Vermont, setup www.doggsultans.com on the servers, lunch, radlog, dial up issues, phones, BARTER: research W3C development standards for Burlington P&R web site development, Reset Modem Pool, Working with Drew to finish up his spreadsheet for site surveys, setup office, Answering phones., CostGuard Training, Researching the IP's that are assigned for the wireless setups, inventory list and finishing the article from earlier, BARTER: preliminary designs for Burlington P&R site (Photoshop), Posted accounts and did a detail of cash and checks for a bank deposit. Credit card authorizations, couponn referrals, DSL contracts, customer inquiries, and ans. phone., Company Brochure
, lunch, meeting with harry going over all the issues with the switch installation and other stuff associated with signing off for switch, Prep for meeting at 1:00pm, Talking to Steve, Errol, Crispin about the state of softmls. Printed out SoftMLS billing info for Errol and Nic., reconcile CAI account, contact Company w/ info, lunch, train, Comp day - Birth of Dakota Day Gilbert, training on deposits and customer/vendor balances with Melody, trvel to jcc for user group, cfm food- left another message
beverly clark- left message
bestwestern - beth- domian info- fax info
leo coleman- left message
minfelt buidling supply- info for web site
, radlog and callbacks, Working on a network diagram for new setup of servers., Email/VoiceMail/Newsgroups, did radlogs and callbacks also was pretty steady and took tech calls...,
