Blog Entry: 3/25/2006 4:58:27 PM
Well. fontpage publishing is evil. That you have found out.
Do not use it. It usually wont work right when running asp code locally and also at the server because of differences with the paths and virtual directory structure. etc etc etc
You can definetly use frontpage to connect to the web site live and drag and drop files into it/edit them... but the sooner you stop using the publishing feature the better off you will be.
, Come on the threats are not necessary- i got the point the first time you said it.. i thought i made a friend thru this and felt comfortable to say something like that... i am not a big online chatter just do the web stuff as a hobby... i am a network / computer hardware guy (yet i work for a mortgage co. go figure...),
I am using ASPProtect's password program, which has been very successful, for managing over 1,500 military veterans' memberships at http://www.vspa.com. What I am trying to do now is utilize the "Groups" code, as generated by the Admin page, to prevent members with expired accounts (and non-members) from accessing restricted "members only" .ASP pages they may have bookmarked, or found via web search. The code generated and used is as follows:
<%@ LANGUAGE="VBSCRIPT" %>
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * ADMIN * Member Current * Member Life * Officer/Staff * ) -->
<% GROUPACCESS = "10,12,14,19" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->
The above is placed over the <html><head> statements on the page.
When I am logged in the code works perfectly! When I log off and try the URL again, the page appears in its entirety but with a Login box for Username and Login Password at the top of the page. You may view the problem at: http://www.vspa.com/aspprotect/vspa-password-enter.asp .
What I would like to have happen is expired members and non-members would be sent (or Redirected) to a Login page. I do not want the Login password box to merely be inserted above the page that I am trying to keep them from visiting.
Don Poss,
VSPA Webmaster
, Yes, as long as each installation is in in it's own web site.
(or at least in it's own application in IIS)
Meaning you could have 5 directories in your site each with the app installed as long as each directory got set as an application in IIS.
Remember, a license must purchased for each running install except for development reasons on local machines.
cwilliams38400.5162384259, The default database password is "temp"
This is noted in the docs. You can also see the current password by looking at your connection string.
cwilliams38176.7913888889, Flash files cannot track clicks unless you edit the original flash file to link to the aspbanner system redirect URL.. feeding it the correct ID of the banner.
When that link is clicked on it will then track the click and redirect the user to the “link url” specified for that banner.
The system actually generates the necessary ASPBanner URL for you. That link is shown on the banner edit screen.(you must save the banner at least once and come back to that screen to see the link though)
Really the best way to show it is with an example as seen below.
Basically the flash banner file "powerasp.swf" highlighted in green needs to be edited to link to the banner redirect url which is highlighted in red.... the banner redirect url will then track the click and ultimately send the user to the Link_URL highligthed in blue.
All banners systems work this way when it comes to flash files.
It’s the nature of flash and the web browser,
The flash source code must be edited to link to the redirect url in the ASPBanner system. There is no possible way any banner system can track a flash click unless the flash file links to the banner system 1st.... because that click is handled by Flash and the web browser.
In some cases if you do have the original source file for the flash banner then you are out of luck as far as tracking clicks goes.
On a side note... if you create flash banners the way this article says you can actually feed a .swf flash file a link for it to click to. Instead of it being hardcoded.
http://www.macromedia.com/resources/richmedia/tracking/desig ners_guide/index.html
This is really the way everyone should design their flash banners from now on because the url it links to can be easily changed at any time without editing the flash file source code.
cwilliams38325.740162037, It works. Thanks Chris.
, I swapped a few emails with CJW regarding support for ASPMail.
This application works with this software. I host my site with a
private hosting company named 'Intermedia.net' and this is what I had
to do to make this application work.
1 - Change email settings to 'SASMTPMail' installed
2 - Find all instances of the following code:
If ASPMail_Installed = true then
&nbs p; Set Mailer =
Server.CreateObject("SMTPsvg.Mailer")
Else
&nbs p; Set Mailer =
Server.CreateObject("SoftArtisans.SMTPMail")
End If
Change this code to simply:
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
3 - that was about it. The files that I needed to change are:
/users/email_password.asp
/users/add_new_account.asp
/gallery_admin/approve_album.asp
/email_friend.asp
I believe that's all i needed to change. Any questions I'd be
happy to try to help out. [CJW -- for some reason i needed a
restart on the server, it's all good now
http://www.iphotosite.com/galleryapp/default.asp. I'll be putting
in a redirect for that location/domain later today.
Kurt Tietjen
, I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.
So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?
Or is there another way..?
I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.
, Ohhh...
I was thinking it worked like this; A user goes to that page and logs in.. and from there they can then browse the site and do what they want..
So in order for it to work i need to edit a page say... members.aspx (i assume it needs to be an asp.net page) and in the header put that protect code and when a user accesses it, it will prompt them for their un and pw and then if correct will allow them to view the page... and likewise if they are still logged in will be able to use the page?
If that is how to works as i mentioned above thats great...
I understand the redirect principle...but say i have a log in box on the main page... you know like most pages have a user log in on the left hand side... i wanted to do that. But i cant obviously protect the main home page or else normal users will not be able to view it without logging in or registering
, My Admin user got corupted, and I need to reset the password and user, what is the defualt password for this database, as I do not think I have changes this (hopefully) as of yet.
Regards,
Paul
, I have added two users in different group access but none of them can login to the pages
, ok, glad it is working, Your SQL statement to the database is the key.
You want to change the sortby hyperlink on that page so that it will in turn change the dynamic sql statement to sort the way you want
Find
?SORTBY=Date_Created
change it to
?SORTBY=Date_Created+ASC
or maybe
?SORTBY=Date_Created+DESC
One of them is the default anyway, but I cant remember which is which off hand so just try them both till you get the desired result
near the top you can also change the default sortby when thet page is loaded
SORTBY = Request("SORTBY")
If SORTBY = "" Then
SORTBY = "Name"
End If
there you would use a space though.. not a "+" sign when adding the ASC or DESC
The + sign is only used in the hyperlinks because it means a space for browsers that can't deal with spaces in links
cwilliams38406.6011458333, I'am in the process of modifing registration and tieing in paypal. When I get live I will send you a link. Thanks for help.
John
, download the free version...
check out this tutorial...
http://support.cjwsoft.com/code/moreinfo169-1.htm
If your application can post to the page and provide all the form variables needed to log in it may work out for you..
You'll have to try it out... all the form variables needed are in that login form example.
Basically you'd be posting to a protected (.asp) page..
and providing the following for the most part.. how your app creates it post data is on your end...
<input type="hidden" name="Status" value="Checkem">
<input type="text" name="Username" value="Yourusername">
<input type="Password" name="Password" value="YourPassword">
As an alternate scenario...
Now, by default the "check_user_inc.asp" file is looking for posted form data... for security reasons it is not looking for querystring info..
If you change this bit of code in that file
from
Username = Replace(Request.Form("Username"),"'","''")
Password = Request.Form("Password")
to
Username = Replace(Request("Username"),"'","''")
Password = Request("Password")
It will then grab either form or querystring data...
Meaning you wouldn't necessary have to create a true post to the page with form data. You could just access the page via a querysting like so
http://www.mysite.com/somepage.asp?Status=Checkem&Userna me=Yourusername&Password=Yourpassword
Of course that introduces security risks as the username and password would be passed in plain text over the net
Another option is...
You can also make a copy of the "check_user_inc.asp" page called whatever with those modifications just to use in pages you need your little application to post to... thus reducing the security concerns a a bit as the rest of yoru site could still have its pages protected under the normal scenario.
I hope this answers your question... I havent really ever tried any of this but that is how I think it would work... , Is there any way to extend the limit multiple login feature to a certain number instead all or none? In other words, i need to have a user be able to use the same login for x number of people. My customers are institutions and want to be able to have a single login for however many users they purchase for.
, ya, thats basically what I was gonna do..
BTW.. if that other app is going crazy with an access database it could be the cause of all the slowdown with ASPProtect... what happens there is it is using so much database driver time that it robs other things that also access a database... so basically ASPProtect isn't asking its database for much but your other application and database are cripping that part of the system and causing it to run like crapola
If your other app is using a system dsn try changing it to use a dsn-less connection... it might actually help
, I will actually explain how to set access_levels and/or groups...
in "users/add_new_account.asp"
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
or
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*"
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
*1*,*5*,*9*
that user would be a member of groups 1,5, and 9
, does emailing work at the simplest level.. ??
meaning does a user get an email when you send an email from the admin users screen ?
if emails are not sending it could very well be the setting you have chosen for emails in the settings.
the best thing to do is keep trying to send an email there and try different emails settings until you get something that works... even when I do installs for people I often have to try a lot of various things before I get emails to send.. like picking different components and trying different things for the email server address because what they tell me is often wrong
also, sometimes emails get sent but depending on where they go they may get deleted as spam.. aol, hotmail, msn, and yahoo are famous for that , When I attempt to upload, it appears that the image uploads. I get a "Original Image Size 0 X 0 pixels"
they don't appear in the web pages, any thoughts? I am using VBscript to upload, my host has safileup but I am unable to use it in this script, thanks for any help
http://mcintoshcounty.org/real_estate/extras/server_info.asp
here's the site link
Never mind, had the path to the image folder screwed up
, All of the fields with the expected paths show the correct file structure, so now I've put them in them in the boxes
, OK, so I misread the instructions. Wouldn't have been the first time
that happened... but I just had an account get created, guy then
paid, and... no activation. I had to go in the next day and do that by
hand. What should I do to look for troubleshooting on the issue? I've
got all the default directories set up and all the files where they
should be. What next?
,
The reason is obvious, the file is called aspprotectlogin.aspx. It is self advertising for your product which is against the law for me to do on a government support website such as mine. Every other login system I have come across uses the login.aspx file. If I can’t change it I will file with the credit card company and return your product. I do like your product and hope to stay one of your customers. I will let you know, thanks for your help.
, OK, thanks.
Nick
, Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?, Thanks for the install. After many hours I finally got part of the
system working. I can log in and log out as a user. My problem is I
want the pages
accesses by Members ONly. The database will contain the names of
the members and only they are allowed access, and no one else. I
tried Joe Blow to log in and it worked, the only thing is Joe was not
in the database and he should have been locked out and a page come us
saying something like "you are not a registered user, please complete
the membership application" and then link back to the root web,
application page.
I am also afraid of breaking the codes you provided thus far. I also
want the password protected pages in a sub-web of the root web.
This may sound like elementary stuff, but this newbie is having
constant trouble. I am also referencing books on ASP and Access
and VB and still come up with a dead end. Search the net and come up
with a few codes which are described as something I am looking for, but
dont want to add any thing like that for fear of breaking the whole
thing.
Any suggestions?
, I am not talking about image resizing. I need to know if it is possible to limit the upload to images where their height or width is less than 500 PIX. , I had both ASP Listings & Classified on the same website. The categories seem to be getting mixed up. I removed ASP Classified but classfieds categories is still appearing in the student of ASP Listing.
How do I fix this?
Thanks
, That's because when the page rebuilds, it uses the default number of
users per page setting. You'd have to modify that default setting to
have it do things differently. I used to have mine set to 500
users, until I got past 300... then it wasn't fun to show all users on
the page anymore. I now like 10 per page and searching for
specific users as needed.
But that's me. If you hack a COPY of your default.asp file (with the
original backed up as above), you can get the value set to one you
prefer.
If you want me to find the value, post and I'll look for it later on.
If you want to find it yourself, happy hunting! Just be sure to have a
backup in case you do the wrongest thing possible in your haxxoring.
, I will give you permission to move it since you asked., I get the following message when trying to look up the sysdiag.aspx and the default.aspx files. Why? I have followed all the install instructions.
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration> |
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration> |
cwilliams38454.4276388889, We have no add-ons for anything but accepting payments through paypal and 2checkout... if you want to accept payments through some other setup you have make a payment directory addon and write code to do it based on the system you are using..
We provide the ASP source code so that is doable for someone that is good with ASP. If not then it won't be doable.
, Login failed for user 'aspgallery'.
Okay, shouldn't this be trying to use aspgalleryuser?
Lance
cwilliams38325.8848263889, That is actually normal and supposed to be like that.
You have the current version.
ASPVendor is a VERY simple application meant to work with PayPal shopping cart that runs on their server. It is based off the ASPClassifieds core code. There is only one version and highly doubt there will ever be another., One last thing..
This is bad
http://www.bones.myftpsite.net/rfamilystuff/pictures/
there are .asp files in there people can run that you dont want people running..
u should delete the asp files in there or turn off directory listing...
take care,
CJW
, Sorry Chris,
It didn't fix it. Looks like I had the current code. I bought the system in mid-April. The version says 3-10-2005.
I do know that in the database, the password shows as " éG" but in the error code, it shows as " éG". The square character is missing.
Thanks,
Mick
Edit: well heck. It skips the square box here too. The password in the database puts a square box in front of the éG
, When I add a user, I can not activat it.
It sends me back to log on and will now allow me to log in as admin???
I can restart the APP and log in as Admin, but the user I added
is still not activated??
My system will also not allow me to set the Stay Loged in FLag.
It just ignores it....
, It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.
Regardless,
If an account isn't listed you have to add it.
Click (add-advanced-find now) and it will list off all the user accounts on the machine
You can also click (add-advanced) and simply type in the account name or part of it.
Some more tips:
If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.
You can also go to computer management in your server's administrative tools and view all of the accounts and groups there under "Local Users and Groups".
cwilliams38417.7186689815, Hi,
Sorry, but if ".asp" pages download instead of run on a server then that means ASP is not working on the server and is not configured correctly. That is about as low level as it gets and it is really the hosting companie's responsibilty to sort that one out.
It is totally a system admininister's job to make sure that sort of thing is working. If this place supports ASP they really need to fix that for you. There really is nothing I can do for you until ".asp" pages at least run.
As for the Free install... that is no problem. Of course you need to get the hosting company to fix the web before I can be of any help. There is more to that problem then permissions.
For starters I would make a simple ".asp" page with hardly anything it (even some simple html text is fine) and ask them why it is downloading instead of executing and to please fix things.
,
Timecard Entry: 3/25/2006 4:58:28 PM
training in Ottawa Nortel for 3285 Pass Port, Installed Pantone color swatches for FreeHand, Pagemaker and Photoshop from the Pantone Survival Kit ., Cleaned, monitored all areas of tech support. Extended account and e-mailed. Took in one call. Police arrived due to alarm going off in Brownell Abstract. Police accidentally touched our alarm off. STAT called and cleared them with PW., dial up issues, radlog, , fix isdn server problem, had to reload isdn server code and reconfigure two boxes. as a result of seth., Continued to get the admin pages to properly submit to a SQL database. We finished the Item, Category and Base Units pages. We got the display of those pages to properly work. , ribbon cutting, open house, Nortel CBT 3400, McNally's, Driving back to Watertown., busy, callbacks, rad log, phinneys web site design, softmls. broome cty, travel back from canton, Paul, Howard, return emails and voicemail, Called expiring users and updated the churn report., enter deposit, take to bank, Finished security update on NS2, working on inventory admin on Deferiet (programming, deferietpaper.com, billable), Lunch w/ Client, Ken Mills, and then Ken and Gigabytes (Channel Partner), checked modems at IMC-Net., MBOs Budget Goals, invoice cancellatins, answering phones,taking sign ups, , switchboards calls , SoftMLS2 Bob Nelson changes still, Signed up a good friend of mine, changed password for customer and deleted 299 e-mail messages from her account per her request., Check on outlook upgrades from day before, read asp book,
