Blog Entry: 3/25/2006 4:49:22 PM
When a new user adds themselves to the db thru the registration page, no user id is assigned in the User_id field. I can't access the page on-line due to an user_id related error on the page. I must use access itself and add the user id. After that, everything works as expected.
What have I done?
, on that particular page check the session variables manually (not using the include)
that way you are keeping the login access checking to an absolute minimum, elminating any form processing from the login procedure, and keeping the upload script happy
like so
<%
If Not InStr(Session("Groups"),"*1*") Then
' do whatever
End If
%>
you could response.write something followed by a response.end
or you might even want to response.redirect them to some other page that using the "check_user_inc.asp" where they can log in
And if you are going to be using a free asp upload script use this one as it is probably the best pure code upload solution available as far as performance goes.
http://www.freeaspupload.net
,
ya, that firewall could mess that up.
just edit which ever style include you are using
(with a text editor)
it will be one of these depending on your settings.. and they are located in the "scripts" directory
view_album_style1_inc.asp
view_album_style2_inc.asp
view_album_style3_inc.asp
find this section of code and remove the part in red
If Last_Counter_IP <> Request.ServerVariables("REMOTE_ADDR") Then
Set CmdUpdateCounter = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "SELECT " & tbl_label_albums & ".* FROM " & tbl_label_albums & " WHERE (Album_ID = " & Album_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnGallery
CmdUpdateCounter.Open cmdTemp, , 1, 3
CmdUpdateCounter.Fields("Album_Counter") = (Album_Counter + 1)
CmdUpdateCounter.Fields("Last_Counter_IP") = Request.ServerVariables("REMOTE_ADDR")
CmdUpdateCounter.Update
CmdUpdateCounter.Close
Album_Counter = Album_Counter + 1
End If
, If the physical path isnt right and the permissions are not right it just plain will not work. You will not get an error.
If the filesystem object is disabled on the webserver it will not work either.
Something has to be wrong.
Please start a new thread when the topic changes.. thanks
It helps to keep the forums organized for other users in the future.
cwilliams38454.6146180556, Thank you! I thought that is what had to be done, just didn't want to miss out on a short cut if there was one. Thanks again, Hello,
for an admin..
you view albums for a user.. make a new album... then click manage pictures
for a regular user you log in.. go to user user area.. create an album..then click on manage your albums
, It's probably something I could do for you as a custom project if you are interesting in paying to have that work done, but it is probably not something that will be added to this version of aspbanner as it is in my opinion a feature more suited for a more expensive software package.
It is also difficult to get ASP code to do things on it's own. Scheduling something to run on the server or some other clever scenario is necessary and that usually means it would be unique to each persons setup.
http://www.cjwsoft.com/custom_work.asp
,
Thanks for the quick reply.
I will consider editing the code.
, That carrot doesn't really exist in the file, so I'm not sure.
I did download and place the ASPTEST file in www.drsweisberg.com/asptest and when I try to load the 2 pages it fails to load. I have another site on the same server and I uploaded the same exact set of files and the asp pages load. www.klarman.com/asptest
http://www.drsweisberg.com/asptest/server_info.asp
http://www.klarman.com/asptest/server_info.asp
This is how I set the connection:
ConnectionString = "DBQ=D:\clients\rklarman\klarman\asptest\_database\asptest.m db;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
ConnectionString = "DBQ=D:\clients\rklarman\drsweisberg\asptest\_database\aspte st.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
, well, for now you have to watch the logs. What your talking about would take up a lot of server resources and database space to keep track of. Maybe some day, but no plans at the moment., Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?
My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that?
, that is good news... good guess on my part I guess
anyway, try this for your latest issue.
http://support.cjwsoft.com/code/code_info.asp?TID=340&KW =%2D1, is that lindsey lohan and her fake boobs as ur avatar?
I am installing IIS and all of its glory on the other computer now... gotta love remote desktop (the pc is at work 
)
, I just started using ASPJpeg, and i used the
"generate_new_thumbnails.asp" to create new thumbs of all of the
existing albums. It generates the thumbs just fine, but they
don't get picked up by the "Randomly Selected Photo" section. If
I upload new pics, they will show up in the random photo area.
So, it reads the new upload thumbs, but not the newly generated ones using your .asp page.
Is there anything I can do?
, Ow.
I haven't moved (or messed with) any critical files within the directory at all, just placed them as a job lot into a subdirectory call aspprotect.
All I did was put all the files directly into a directory rather than into the root because some of the subdirectories had the same name as some already in use and would therefore have been overwritten.
I'll go back and have another look in the cold light of day (its too late tonight UK time).
Thanks anyway.
, well, like I said.. I am leaving in about 5 minutes for the wedding.
If you put this up on a live server that I can connect to I will look at it tommoro for you. I have told you everything I could possibly tell you so I dont think your going to figure it out based on the things you have told me so far.
Only other thing I can think of is make sure your not running anything goofy on that server 2003 box. Norton Antivirus script blocking... various ad blockers.. anti spyware applications... etc etc... They can cause problems as well. , Hello,
Thank you for the feedback.
I would like to point out the requirements of the application however as this is something I am aware of and do address.
http://support.cjwsoft.com/code/moreinfo165-1.htm
These requirments are directly linked to from the ASPProtect v7 web page, so its not like I dont try to tell people the deal regarding SQL server.
Basically I only have the resources to provide scipts and instructions for using SQL Enterprise Manager and that is all I officially support. I also personally think anyone using a SQL Server should be using SQL Enterprise Manager because later on down the road there are things you may want to do such as backups/etc etc
Take Care,
Chris Williams
www.CJWSoft.com
, (Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Instructions:
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<tr>
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<td valign="top">
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
newsletter ?</font></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
</td>
</tr>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
End IF
End If
End If
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
else
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
End If
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Response.End
End If
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
, Thats what I needed. Thank you!, thanks thats what i was guessing.
, yes, any page you want protected needs to be edited..
You can probably have a login box on a non protected page. Just copy the generated source html form code for the login box of a protected page. Then put it on your non-protected page, but change the action to the page you want them to log in to.
In other words go to a protected page. See the login box, view the html browser source and use that to make your login form on the main page.
I have not tried it with .NET but I am pretty sure you can do it since it pretty much works the same as the classic asp version of ASPProtect.
try it.. see if it works.. If I have time tommoro I will test it out., Running in parallel for testing is actually a smart way to do it, but the truth is you don't use anything from version 6 except the upgraded database (we have a tutorial on how to upgrade the database)
Version 7 was a drastic change /rewrite to all of the asp files that come with the application. So you will be starting out with fresh version 7 ".asp" files and folders... You will also find that once you get version 7 running that editing certain things like the look of the users area and the login screens is much easier to do.
That being said any of your own ".asp" pages that you protect use the same protection code they always did, so there will be no drastic changes needed there when you do finalize the upgrade.
If using MSACCESS as the database I suggest installing the application somewhere in your web and using a fresh ASPProtect 7 database. Once you are familiar with the setup and everything is working fine. Attempt the database conversion and when your done stick your converted database in there and see if everything is ok.
Also, if you already purchased the application download the latest version before doing the install. It's the same download URL. If you don't have it email me and I can hook you up. I have added some new features and fixed a couple minor things since it's release.
So far the feedback on version 7 has been awesome..
cwilliams38414.0133680556, Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.
Thanks!
Rhona (rookie)
, While I originally thought the login form on a non-protected page idea may be similar in setup to how our Classic ASP version of ASPProtect works I could not have been more incorrect. Truth is I forgot that it works a lot differently.
ASP.NET Web forms are meant to post to themselves and there is thing called the viewstate. (google it.. its a hidden variable the server creates in the form code that is required when the form posts back to itself.. and hold all sorts of information the server uses) Doing what you are asking about means disabling the viewstate and that can have big consequences and break certain things.
Basically you cant just put a form on a non-protected page and post to a protected page if the viewstate is enabled. Disabling it can break certain web controls like data grids .etc etc.. and can also have an effect on how the session is managed at the site and sometimes disabling it is not possible depending on what is going on cause you need it.
I am still doing research on the whole thing, but it looks to me like doing that is going to have a tradeoff of some sort.
That does not mean this isn't possible somehow. I am still researching and I am also going to see what John Evans thinks.
I told you .NET was complicated.
As for your other question that is something you have to sort out on your own by editing the code and recompiling it based on your custom project needs. It is not something I can help you with. , ok.. Chris.. I am now kicking myself in the butt. In the setting section, I had to redirect certain urls and directories to the right spot. I forgot that I renamed the root folder.
Thank you, thus far for your continued help. It is greatly appreciate.
, Could be a mod I guess - it would be nice to have an option on the admin settings page to lock down access of all pages and redirect to a specified "lockdown" page upon attempted login.
If I'm updating the large files on the server and someone attempts a download, they'll get a partial ZIP file or an error.
, Its not on their end. Using ASP alone you really won't be able to send more than around 300-400 individuals emails at a time before things will time out. Its just that ASP is not an efficient way of sending email and it never will be.
You really should look into worldcast like I mentioned before.
http://www.fairlogic.com/worldcast/
Then just export the email list from the database into worldcast and send out the newsletters.
You will get much better results and perfect newsletters and it really only takes a little bit longer to do each time once you figure it out. That is how I send out my PowerASP and CJWSoft newsletters and it works perfectly every time.
, We want to insert a hyperlink i the mesage area when we e-mail users from the Password Admin area. Is ther an easy way to insert the hyperlink so when the user gets the e-mail, they can just click on it and go the the page we want them to?
Thanks,
Andy
cwilliams38456.0983101852,
I encountered a problem that I haven't been able to solve.
I'm trying to get .pdf files to byte serve (page-by-page load in the browser)
but unable to do so. I've narrowed it down to stream download file where it
creates the header object. I haven't made any success with the changes I've
tried. Any help would be very nice.
This maybe useful:
http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/act/htm/actml_ref_href.asp
, you have to do it like I show above... your not specifying the field name to be searched in the instr function so what you just showed me will not do anything
You also should not have the > 0 stuff in the function because it is testing the result of the function.
You have to do it just like I showed , Disallowed Parent Path
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.
If it is not enabled on you server you will have to ask your host to enable parent paths for your website.
This is what the settings screen looks like on an XP Machine
Additional Information:
It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.
Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.
Hosting companies should if they are serious about hosting ASP.
If they won't your only option is to go through all the code and convert the file includes to virtual includes.
http://www.powerasp.com/content/code-snippets/includes.asp
The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)
Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc
Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.
In my opinion virtual includes are pretty useless for commercial web based applications... Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.
For example...
The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->
But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this
<!--#include virtual = "/somedirectory/somefile.asp"-->
humm, I dont know.
If you want me too I would be glad to go into your web site and troubleshoot. If so PM me the info I need and I will take a look and see if I can figure it out.
CJW
For all you advanced users..
Here are two examples of ASP.NET code you can use on your ".aspx" pages to call banners from the ASP 3.0 version of ASPBaner Unlimited V8
This code is not supported... and you of course must change things accordingly like the variable names and zone numbers to match the zone you want to call banners from as well as the url.
2004-08-27_153832_asp.net_examples.zip
I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
you would put the code for that function anywhere in the page.. it does not matter where as long as it is in code tags <% %>
then.. right under this part of the same page
as far as permissions are concerned I wrote two large articles about permissions that cover everything in detail on how to properly set them
From things you are saying I assume this is your server. My comments about the path looking funny are because very few commercial hosts would use the "c:\inetpub\wwwroot\" directory. If you are using that and that is correct info then that is fine.
as for knowing whether or not the filesystem object is working the best thing to do is to try to write a text file somewhere in your web and see if it works. Testing something under the most basic scenario is the key to troubleshooting asp issues.
The "forgot your password" feature is not sending passwords to users when they put in their emails.
The hosting company has been doing some work apparently regarding the database connection issue. Still something is funky 
