Blog Entry: 3/25/2006 4:53:15 PM
Hi - I am a recent user of your software. I administer it for the owner. I probably missed something in your forums somewhere - but I'd like to know how to stop the software from sending an "accept registration" e-mail (after they fill out the registration page) from going out so fast - usually within minutes. I'd like to know how to defer the message for 24 hours, more or less, so that our company can go over the registration details and decide whether to allow the person registering to actually have access to our protected website pages. The program is working very well and we are excited about it. So far, no problems (knock on wood!).
Thanks so much for your help!
, Actually, your whole site is like that.
http://www.bones.myftpsite.net/rfamilystuff/
You should definetly fix that..
I can't help ya with it though. You'll have to figure it out.
I know ya can do it...
later
cwilliams38394.7738657407,
Thank you! I thought that is what had to be done, just didn't want to miss out on a short cut if there was one. Thanks again, Ok, for starters what is the real error ? Please read this.
http://support.cjwsoft.com/code/moreinfo11-1.htm
2nd I always recommend using CDOSYS before any other email component. All servers have it running by default and ASPProtect supports some a html editor if you use that component. I would give that a try as well. It's the best emailing option.
, that information is actually not helpful in determining whether parent paths is enabled or not.
You should really ask your hosting company or better yet try doing a server side include to page one directory up and see if you get an error.
example
<!--#include file = "../myfile.asp"-->
cwilliams38302.6484259259, When did you download the ASPProtect Version 7 zip file ?
what did you enter as a wrong password to make that happen ?
does it it do it when other wrong passwords are entered ?
cwilliams38452.722037037, The PayPal feature that is in ASPClassifieds has always been labeled as experimental and has never been supported as the documentation says. About a year ago I stopped even mentioning the feature on the product pages or in the live demo because I didn't like how it worked and I decided I would just market the application as a free based classifieds. It’s just not something I can support or talk about. To work really well it really needs to be coded to use PayPal IPN and a credit system. Where ads and various extra features cost so many credits and people have to buy credits before they can post any ads.
That’s about all I can tell you. It's just not something I support.
, ok, that does not work but that still is not enough to help me troubleshoot.
I'll probably need to look around in your admin area and check things out in order to figure anything out.
I will also need to see the protection code you put on that page exactly as it appears.
PM (private message) the admin usersname/password to me if that is ok with you and I will check it out
it's really the only way I can help with an issue like this. I have to make sure you didn't do something wrong and then go from there , The problem with that is when a user deletes an album, the album record does not get deleted from the DB, so counting all the records would return the accurate result. :(
Any hints?
eeye38433.0290740741,
I am successfully using ASP protect on our site. I have one question:
The file Check_user_inc.asp looks a bit bland as I can't seem to use the sites Dreamweaver template. If I apply a template to this page, it is duplicated on other pages with this template.
How can I apply a template to this page?
Thanks
Clark
, I have run into the same problem with streaming pdfs to the browser
using the stream_download.asp example, but only when selecting the
option to open the file directly into the browser (after it's streamed
back) as opposed to saving it and then opening it (which works fine in
Firefox and IE). Then I ran across this Microsoft support article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q2 97822
It got me thinking that maybe a header needs to be included in
stream_download.asp that tells the browser to specifically cache the
file. Adding this suddenly got everything working
Response.CacheControl = "Public"
right after this line in the code
Response.ContentType = "application/octet-stream"
My asp is limited, but this seems to work at least for pdf
documents. Can someone confirm this? The other question I
have is if this is a solution, should the CacheControl be set to public
or private. Not sure on what the implications are.
Firefox by the way seems to open or save and open the file without
this, so you are right that the implementation between the browsers is
certainly different.
Tom
, Thanks.
clark
, I see what your saying.. its just hard to troubleshoot something when a lot of changes have been made.
Did you test things before you started modifying the code ?
If its SQL server it is very important that the database was created with the provided SQL scripts., So do I just replace the four folders that came with aspprotect with the four (in my case domain directory) folders in the patch or just move the files?, check the connection string in the dataconn_inc.asp file. If using MSAccess it will show the location. If using SQL Server it will show the SQL Server details in which case there is no physical database file., one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.
perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation
, UPDATE: read whole thread..
Version has been delayed
These are my personal notes on the new version of ASP Photo Gallery that should be out sometime in May/June 2004. Please ingore any typos.
This version may be more expensive than the current pro version as this is a major re-write and there will be a ton of new features.
Regardless, special pricing will be offerered to existing users.
If you see any features not listed that you think would be nice please post them here. We will of course consider them.
ASP Photo Gallery Version 4
------------------------------------------------------------ --------------------------------------------
Finished Improvements:
new setup page makes setting up the data connection easier than ever
it attempts to determine the possible data paths and makes suggestions for what to try
when you finally get the data connection working it gives you a link to the admin area of the application
so you can get started using the application
all database table names can be specified in the config_inc.asp file for advanced users that they may need
to change the table names in the database.. helpful for sql installation where one sql database must be
shared by many applications
new data folder is the only folder that needs permissions set
before multiple folders needed permissions
now everything can be put in this folder... database,logfiles,configuration files,picture upload folders...
eventually all cjwsoft applications will do this allowing multiple cjwsoft applications to use that same folder
therefore making it easier than ever to setup more applications without asking your host to set more permissions
new text based config file makes it easier to add new options to the program without making changes to
the database structure... therefore the need for the configuration table in the database has been eliminated
this also reduces system resources needed to load the config data for each page because it eliminates calls to the
database for config data
added voice effects for data connection page, intro users page, and settings page
made it so ratings color was an option (red or blue)
fixed minor bug that wasn't showing fixed category heights when that was selected and am image wasn't originally sized that way during initial upload
changed logfiles dates so they always show up in the proper order 09 vs 9
added config option to change bit query value to 1 or -1
default it to 1.... this is a technical thing
added the extra options currently in the config file to the settings page so people do not have to manually edit that
file any longer...
added new persits email option and authentication options to the settings page
added new CDOSYS emailing option
added support for dundas emailer
added support for ASPSMARTMAIL
fixed word filter so if it is empty it doesn't mess up
also make editing it part of the main settings
made email functions include file and edited all page that email to use it
added css/style sheet support and removed a lot of the old font tags
seperated the settings page into sections because it was too big and confusing
added ability for text watermarking when using the ASPImage component
made the picture upload error message no longer mention browsers that do not support picture uploading
as that is confusing people... and the problem is never that anymore
Made the ASPImage test page delete the bar graph before creating it so if it is already there they will
not think it is working
added crystal ball feature to admin users screen... shows additional user info when you hold the mouse over it
Made search function highlight search word in results.
Made the search function search the image description text files as well
Eliminated the guestbook directory as there was no need for the guestbook to be in it's own directory. This also simplified the menu.asp file as the guestbook section could be removed.
------------------------------------------------------------ --------------------------------------------
Possible Improvements:
eventually make new and much better directions/documentation... html based for multiple reasons
Eliminate the need for parent paths to be enabled on the web server.
(THIS MAY NOT BE POSSIBLE)
Many hosting companies disabled parent paths and will not enable them for their users.
On Windows 2003 Server Parent Paths are disabled by default.
make it so users ability to upload pics can be optionally disabled
possibly make some of the special functions in the extras folder built in to the admin area
Make the category picture uploader smarter because of the jpg gif issue when reuploading cat icons
A jpg loaded over a gif.. doesn't delete the old gif graphic and vice versa
Reduce number of ".asp" pages in general.
Use more functions for redundant tasks.
Optimize all instances of the old filefound function which is using more resources than are necessary
option.explicit the entire application and get all the variables dimmed once and for all
possibly incorporate the new category system I am working on which allows for unlimited categories and levels
also simplifies the heck out of the pages that call the categories
possibly add some cool image manipulation functions such as rotation for the various image components supported
possibly add the ability to move pictures around in an album. and maybe between albums
I must also remember to move the ratings and desc as well for that image.
possibly add the ability to make individual pictures require approval
possibly add the streaming image ability (asp page called from image tag) I came up with as an option for
people that can use it. this will better secure images in password protected albums and also possibly make
it so images can only be viewed from certain urls.. and maybe make an interface for a list of allowed urls
improve the .net support to also resize the larger images.. currently it does not
possibly add a feature to store 3 versions of images uploaded
thumbnail, medium res, and high res/original
this will appeal to professionals or people that may want to sell prints
storing a large version will be optional
possible support for multimedia content other than gif and jpg images
fix... url to link to.. problem on control pics page when both a jpg and a gif are present... which also relates to a another slight
bug that needs to be taken care of
make interface in admin to listen to installed midi files
and also to upload / delete them
possibly make per album guestbook... or call it something else like disussion or comments
add option to store the images orginal name in the images description area during upload
may be helpful to people that name their images in a somewhat descriptive way
change approval settings so they work on a per user basis
eliminate access levels from edit user screen and get rid of the level 4 stuff mentioned
possibly add a per user option for individual pic approval as well if I get that feature implemented
add support for the ibulc bulk upload client that I recently discovered
it is very cool
cwilliams38325.8264583333, The only other thing I can think of if you are not getting any errors.
Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.
You can do a simple test to tell if it is...
Make a simple ".asp" page in the same folder.
Put only this code in it.
<% Response.Write ("ASP is executing") %>
then run the page via the web browser thru the server..
If the text prints out ASP is running... if you don't see anything it is not
cwilliams38229.5820486111, still.. its got to be somthing along those lines.. I have seen times when even dbo didnt have full rights to a particular database so permissions should always be manually checked..
The import data routine is most likely the source of the trouble
For troubleshooting sake I would create a fresh installation from scratch using the sql script we provide and a new SQL user. Then see if that works. If it does then try to import your data into that.
There are no other things I can think of doing. Sometimes you just have to start with a clean slate. , well, I was curious myself so I just tried it.
Good news is it worked just as I thought.
Only problem is your changing things to allow authentication info to be passed over the net in a url. If you can live with the security implications then it will work. I mean a sniffer could see that and end up knowing the username and password.. not likely but just putting that out there.
Of course now that I think about it unless you are running under SSL (https://) when you log in normally that info is in the post info anyway and possible to get at.. course not right out in the open like when you put it in the url and less likely to be noticed.
As long as your not doing it to access critical areas like the admin pages... and you monitor the log files once in a while it's probably nothing to worry about.
, Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..
Same thing happens... certain passwords just do not work.
So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.
Here is an example.. see the screenshot below.
Username "admin" password "petepetepete"
The top query done in Enterprise Manager is valid and shows the user.
The bottom query is also valid but it does not show the user.
And that is exactly what is happening from the ASP codes point of view.
Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.
It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.
I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.
One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.
It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.
Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.
Your call..
, Upgrade from V6 to v7.x with an MSACCESS DATABASE
1st of all, backup your existing ASPProtect files and database before performing this upgrade. Please be really careful while performing this upgrade. Version 7.x is a highly advanced application compared to any previous versions. CJWSoft under no circumstances is responsible if you lose information or have website downtime.
BOTTOM LINE: (PERFORM THIS UPGRADE AT YOUR OWN RISK)
To do this upgrade you're going to need to have the Microsoft Access Application.
To work with an Access .mdb file it can not be newer than the version of Microsoft Access you are running.
That being said, on with the upgrade..
Open you're existing Acccess Database up in Microsoft Access..
You should see this something like this.
By right clicking on then choosing rename
Rename "Users" to "ASPP_Users"
Rename "Groups" to "ASPP_Groups"
If you do not have a "Groups" table do not worry about it right now.
Now right click and DELETE the Config Table.
Yes, delete it..
You should now see this. (with or without the "Groups" table)
Now, right click on "ASPP_Users" and go into design view.
It should look like this.
Rename the "Password" field to "Old_Password"
Be sure to spell it perfectly using the Underscore
It will look like this.
Now scroll down to the bottom a bit It should look like this.
Now..
If you have a "Groups" Field... leave it alone
If you do not have a "Groups" Field add one and make it a memo field.
Now, we are going to add a few more new fields.
Add a field called "Redirection_URL" make it a "text" field with 150 field size
Add a field called "PayPal_Subscriber_ID" make it a "text" field with 100 field size
Add a field called "Newsletter" and make it a yes/no field
Add a field called "Password" and make it a "text" field with 100 field size
It should now look like this.
(you do not need to worry about the field descriptions.. that part is optional and only seen when working on the database)
Now close that window and save the changes..
Your now going to open up another Access Database while still leaving the one you have on your screen open. You going to open up one of the new databases that came with v7.x. This database has some info we are simply going to copy and paste.
You'll want to open it and put it side by side on your desktop like so.
(the old database is on the left.. the new one is on the right)
Now, for the fun part.
On the new database to the right.. right click on the "ASPP_Config" table and pick "Copy"
Then move your mouse over to the old database on the left. Right click in the open white area and click "paste"
It will ask you for a database name. Type in "ASPP_Config"
Leave "Structure and Data" checked and hit OK
Your old database on the left should now have a nice new "ASPP_Config" table.
OK, now for the "ASPP_Groups" table
If you already have a "ASPP_Groups" table in your old database you are done.
If you do not have one your going to copy and paste the table from the New Database to your old database just like we just did with the "ASPP_config" table.
Your old database should now look like this.
Now, you are done upgrading your database from within Microsoft Access.
The existing passwords still have to be encrytped and moved from the "Old_Password" to the "Password" field
To that we have a special page we run in the application that will take care of that.
So, for now... go install the application, but using the database we just created.
Follow these instructions for the most part...
http://support.cjwsoft.com/forum/forum_posts.asp?TID=181& ; ;PN=1
When you get to the part where you finally get into the admin area and need to make an admin account you will notice that your existing user database is there but none of the users have passwords if you look at them in the edit screen.
That is normal. Simply do what the instructions say and create and admin account using a username that does not exist..
Then log off... then back in as that new admin account. If that works you are ready to convert the passwords.
This part is very easy.
You want to run a special page via the browser.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
Replacing the part in blue with your website info.
Once you get the page running you will see a login prompt and one form field just like before with the "get_me_in.asp" page
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see a page telling you to click here to encrypt the passwords and copy them over.
So do what it says... dont click more than once and wait.
Eventually it should say it is finished. So go log in to the admin area of the system using the new admin account.
Now edit some users but dont save... you want to see if the passwords are showing up. If they are the conversion worked. If you see nothing or a garbled mess it did not work and you made a mistake during this whole process.
If things went well backup and delete the conversion file below.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
You do not need it anymore.
Once you are positive every thing is running smoothly and everyone's passwords are ok you can go in and delete the "Old_Password" field as well.
If things didnt go well.. try again from scratch and go slowly.
If they still dont go well get ahold of us for help.
We are here to help, but if you really want us to we can be hired to do the conversion.
, sorry for the confusion. I completely forgot about that flag setup, and how different it is between the two databases., An email I just received from eastcoastguy.. to keep this thread up to date
Installed latest verison Doesn't seem to have corrected problem. Still with same message. I wonder if deleting this user and putting him back in might help. I have not however tried any other user names and passwords.
, Will purchasing an additional license resolve the issue which will allow another installation or is this a function of the application that it can only protect one site per server?, Its not on their end. Using ASP alone you really won't be able to send more than around 300-400 individuals emails at a time before things will time out. Its just that ASP is not an efficient way of sending email and it never will be.
You really should look into worldcast like I mentioned before.
http://www.fairlogic.com/worldcast/
Then just export the email list from the database into worldcast and send out the newsletters.
You will get much better results and perfect newsletters and it really only takes a little bit longer to do each time once you figure it out. That is how I send out my PowerASP and CJWSoft newsletters and it works perfectly every time.
, I really do not know.. maybe it is a conflict with something else..
I run many instances of aspbanner on my servers and I have every item to log enabled for my iis log files... my stats server software which reads those log files (livestats and smarterstats) have never reported any 404 errors related to (aspbanner/those images)...
I do not know what is happening in your situation..
sorry.
, I am having an issue with the Thumbnailing process. My host does not support ASPImage so I have to use something called asp thumbnailer which is similar to ASPImage. I am trying to modify the Dundas upload to automatically reduce the images to create thumbnails. I ripped out the asp image code and replaced with the bottom. The main issue I believe is grabbing the image files. I am not sure how to name the actual image file that is already uploaded by the dundas upload. the code is below:
The peices in red are where the issue is I believe. What you see below is my attempt to identify the exact image and then rename it tthumbnail. My optimal solution would be to take the picture, resize it and rename it exactly what it was named before.
you summed it up perfectly... everything you said really
As for the banner software custimizations.. you could just make another folder with a modified admin area (little tweaks here and there so the person logged in only controls their own banners) You'd probably want to add an approval process so nothing they did went live unless you really really trust them. That wouldn't be that hard either.
I always planned to do it someday but I just never have time.
Just having the database with members does not protect the page. You need to add the appropriate code to every page you want to restrict access to.
Can you incorporate a secure log in within the scripting. I would like the account information to be secure without having to have the whole site using running through a secure (https://) path. If this is possible, the scripting is perfect!
, Details are very important.
Info on situations where it works... like OS, browser version.. etc etc
Info on situations where it does not work... same stuff
size of the PDF files ?
server info ?
Maybe protect a page and offer a PDF file so myself and some of the forum users can try it and report back what happens.
Also, Many people zip up PDF files when letting people download them as browsers can act pretty odd at times with them. Perhaps that is an option.
, nice idea. id be interested to see your modifications for ideas, the permission were all correct.... i left it and tried from my pc at work and it works fine... so i dont know what hahhpened.... thansk for your quick response
also.. the log out page shouldnt really need this
but you can try adding this to it where all the other ones are set to nothing..
The way ASPProtect ships it is designed to either be in http:// the whole time or https:// the whole time.... (there curently is no solution from me allowing going from one to the other)
sorry
, it probably means the page you are trying to protect is (not in an iis application or not in the same iis application) which it needs to beI believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
