Blog Entry: 3/25/2006 4:52:45 PM
the menu file.. "menu.asp" or something... just follow the logic of the code to find things like that. Look for server side include files and what not in the source code.
This is a good article on figuring out what pages to edit as well as other things.
http://www.powerasp.com/content/hintstips/common_sense.asp
If it was working and you changed code you could have possible messed up how all of that works... you may need to revert back and be really careful as you make changes testing every step of the way. cwilliams38308.0683449074, How can I make so it goes to certain webpages if user enters valid username and password??
I suppose user enters its information on check_user_inc.asp page, and username and password are stored on SQL database.
Thanks
,
Chris,
Thanks for the reply. It all makes sense.
I have gone with your first option but here is the problem:
I have moved the password protected page from the detail page with the
querystring to the straight .asp page. This obviously fixes the
previous error.
Once someone has logged in they are then presented with a list of links
to the previously protected pricelist detail pages (example -
"somepage.asp?ID=3""). They are then able to access the pricelists.
The problem is that if someone copies the pricelist URL they are then
able to pass it on to someone else and bypass the password protection.
If I also password protect the pricelist pages then someone will have to login twice.
Is there some code that i can add that will simply check that they have
logged in otherwise kick them back out to the protected .asp page.
All code in your documentation tends to open the login page regardless of whether you have previously logged in.
Thanks,
Stuart
, do you have "use picture uploading" checked in the settings ?
that is important..
have proper permissions been set on the picture folder ?
are the paths set correctly for the picture folder ?, Okay Chris, I wold like to get rid of the encryption then if it's not too much trouble.
I have no option of running the production server against an ms access db, since the db needs to be online and accessible from another system. , dsn-less is the way to go..
http://support.cjwsoft.com/code/moreinfo9-2.htm
you also need to use newer versions of the database as the odbc drivers on the server are sometimes very new and no longer work with access 97 databases
, I am running Windows 2000 server. I do believe asp.net IS installed as I have the .NET 1.1 framework installed.
Funny about the bounce backs. I am at about 10% of my limit, which I control as I am the network admin. I'll check into that. , so, on control_pics.asp where you see
<% =TempDesc %>
you could try doing this instead
<% =Replace(TempDesc," ","") %>
, its no different than linking to an image or another page. you have to adjust the path to the include file based on what directory you are in.. or you get an error
This is noted in the admin area on the code generator page which also gives you 2 examples of ways of calling the server side include. (Virtual or File include)
These threads below are also full of info. I found them by doing a quick search and they should help you out as well.
http://support.cjwsoft.com/code/code_info.asp?TID=349&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=303&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=236&KW =The+include+file , Come on the threats are not necessary- i got the point the first time you said it.. i thought i made a friend thru this and felt comfortable to say something like that... i am not a big online chatter just do the web stuff as a hobby... i am a network / computer hardware guy (yet i work for a mortgage co. go figure...), Actually quite well. I have this problem worked out and it
actually isn't to bad. But now I am getting some strange
error messages. I will start another post.
Cheers
Roy
, Oh also, I tried to run the asp on my machine (win XP) and unless I'm missing something fairly obvious, I cannot get it to run correctly...when previewing it, I see all the code instead of what I should be seeing., I would highly suggest setting up a DSN-LESS connection.
That system dsn is most likely the source of your trouble It is probably that or permissions are still not correct.
I can't tell you how many people have had trouble with system dsn's and finally set up a dsn-less connection and everything then worked as it should.
The location of your database is fine as long as permissions are truly set correctly like I mentioned.
Also, be sure you are setting the database type correctly in the dataconn_inc.asp file. That can cause problems as well as some people have been known to delete that line.
See my articles...
http://support.cjwsoft.com/code/moreinfo9-1.htm
http://support.cjwsoft.com/code/moreinfo136-1.htm
http://support.cjwsoft.com/code/code_info.asp?TID=40&KW= system+dsn , Sounds great, Sold!
Thanks Christopher! , all that docmunetation is online as well right here so you dont really need the chm file
http://support.cjwsoft.com/code/info24.htm
the chm format is a windows format that can only be viewed on windows pcs. I do not know why you can not see it. I would do reseach on viewing CHM files on whatever operating system and version you are running because perhaps you are using a mac or linux operating system which can not natively view chm files ?
, I didn't know about it. I will try to check it out some more this week.
, Ok i was wanting to know what the "if then" statement would be if i wanted to show xxx if your group is xxx.
I tried
<% If Session("Groups") = "1" then%>
<font size="2">TEXT HERE</font>
<%end if%>
But that did not seem to work. , Hello,
Sorry, I do not have any good ideas on this one...
Domain Name Masking can cause issues with quite a few things.
cwilliams38366.3136342593, Ow.
I haven't moved (or messed with) any critical files within the directory at all, just placed them as a job lot into a subdirectory call aspprotect.
All I did was put all the files directly into a directory rather than into the root because some of the subdirectories had the same name as some already in use and would therefore have been overwritten.
I'll go back and have another look in the cold light of day (its too late tonight UK time).
Thanks anyway. , Chris.
After I had you install ASPProtect I added the ASP protecting code to the top of my home page:
<%@ LANGUAGE="VBSCRIPT" %>
<% CHECKFOR = "1" %>
<!--#INCLUDE FILE="../../check_user_inc.asp"-->
Then I made my index.html page my login page buy using the script "Login form on a non protected page" on that I changed <form method="POST" action="memberarea.asp"> to <form method="POST" action="home.html">.
When I try to log on to that page I get en error page HTTP Error 405 - The HTTP verb used to access this page is not allowed. Internet Information Services (IIS). I checked with my hosting company GoDaddy.com and they informed me that due to the fact that they do not have ASPProtect instaled on there systems they can not support it. In recent conversations you told me that you have customers that do use godaddy and you products.
Can you please tell me what I can do to get this working?
Thank you for your time and help.
, http://support.cjwsoft.com/code/moreinfo286-2.htm
http://support.cjwsoft.com/code/moreinfo391-1.htm
http://support.cjwsoft.com/code/moreinfo385-1.htm , ... doesn't seem to be working on my site. I expect I did something wrong.
I've created some groups, "week", "month", and "year". Their IDS are 6, 5, and 4, respectivelty. When someone goes through the PayPal signup, he's assigned to one of those groups based on his subscription.
When I see a new subscriber and check the relevant group the person's supposed to be in, that person's not in that group. I'm adding them manually for now, but I'd sure like a solution for when I go to sleep...
My subscription code looks like this:
input type="hidden" name="custom" value="5,*4*,<% =User_ID %>
One-off code looks like this:
option selected value="7,4.95,1,*6*"
I've created the groups in my management console. Is there anywhere or anything else I'm missing?
, sounds like trouble with the SQL database.
Did you create it using the SQL scripts we provide as that is extremely important ? , that information is actually not helpful in determining whether parent paths is enabled or not.
You should really ask your hosting company or better yet try doing a server side include to page one directory up and see if you get an error.
example
<!--#include file = "../myfile.asp"-->
cwilliams38302.6484259259, the txt file is only lke 624 kb...so I'm not sure, also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815, That was it - Thanks!, I have an asp page that includes other asp pages via an include. for example:
snippet code: file name: collaboration.asp
<table bgcolor="#bed1e4" border="0" cellspacing="0" cellpadding="10" marginwidth="0" marginheight="0" leftmargin="0" topmargin="0">
<tr>
<td>
<!--#include file="../../../filetransfer/directory_listing2.asp" -->
<BR><BR>
<!--#include file="../../../filetransfer/upload.asp" -->
</td></tr>
</table>
I can add the code below to collaboration.asp and it seems to work,but I cant seem to figure out how to protect the other files such as upload.asp at the same time. -- can you help? - Note: as soon as I add the code below (and adjust the path) - I cant bring up the page.
This is the protection code I am using.
<!--#INCLUDE FILE="../../../../aspprotect/check_user_inc.asp"-->
Shirely , Hi there,
Just bought ASPProtect 7.0 last week and just got around to installing it. I've gotten through the installation and am now trying to test the (Forgot Password) functionality.
I get the following error when I type in the e-mail (or in some cases the username) and Post the form.
Error was [11004] Valid name, no data record of requested type
I know that the add user functionality is pointing to the correct database (I see the additional rows via SQL Enterprise Manager) and that the e-mail address I am looking for is in the SQL database.
Any ideas? Any other information you need?
Thanks,
Toni
, Is there a possibility to build in a option that the administrator will be notifed when a banner expired.
, Thanks, I know, I have it all figured out and have thought about it before. Just no time yet to do it. It will probably be an add-on/mod when I get time. , Thanks, I'll take a look.
Nick , any asp code that accesses an access database, writes to text files, or allows for picture uploading will need permissions set on certain directories
every application out there is going to need permissions set at some point
its just a fact.. and if your hosting company does not give you a way to manage permissions or have it done when you ask they do not know what they are doing and they are not supporting your asp hosting needs
see my article for more info on the whole process
http://support.cjwsoft.com/code/moreinfo136-1.htm
the part newar the bottom talks about hosting companies , Christopher
Found this but I dont really know what to do with it or even if its the right thing.
<%
'=========================================================== ==================='
' Application: Utiity Function
' Author: ; John Gardner
' Date: & nbsp; 20th December 2004
' Description: Used to check the validity of a postcode
' QueryString: None
' Version: V1.0
' Required routines: &nb sp; None
'----------------------------------------------------------- -------------------'
function Check_Postcode (byRef strPostcode)
' This routine checks the value of the form element specified by the parameter
' for a valid postcode.
' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf
' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.
Dim strPostcodeRegExp(2) ' holds the regular expressions for valid postcodes
Dim intCount &nbs p; ' For loop counter
Dim strPostcodeCopy ' Copy of postcode
' Variables used to hold regular expression object
Dim objRegExp, objMatches, objMatch
' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Expression for postcodes: ANA NAA, and AANA NAA
strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Exception for the special postcode GIR 0AA
strPostcodeRegExp(2) = "^(gir)(0aa)$"
' Copy the parameter and convert into lowercase
strPostcodeCopy = Lcase(strPostCode)
' Assume we're not going to find a valid postcode
Check_Postcode = false
' Strip out spaces
strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
Check_Postcode = False
Set objRegExp = New RegExp
' Check the string against valid types of post codes
For intCount = 0 to Ubound(strPostCodeRegExp)
' Check next pattern in list
objRegExp.Pattern = strPostcodeRegExp(intCount)
If objRegExp.Test (strPostcodeCopy) Then
' Post code found. Ensure input parameter is in correct format.
Set objMatches = objRegExp.Execute (strPostcodeCopy)
Set objMatch = objMatches(0)
strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " & Ucase (objMatch.subMatches (1))
' Show that we have found the postcode
Check_Postcode = True
End if
Next
' Ensure that the uppercase postcode gets returned if valid
If Check_Postcode Then strPostcode = strPostcodeCopy
End Function
%>
regards
John
, Ok, I tried what you suggested but the program won't let me leave the
date area on the banner ad blank. I reset it to a date in 2010.
I deleted the Level 1 Access note in the notes area.
I then attempted to access the banner stats using the correct info and
the right link. Again, got this message:
ACCESS DENIED
INVALID Username & Password
Username HAS EXPIRED
Any ideas? Should I just delete the whole account and start fresh?
TIA,
Laura
, I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database.
How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'? cwilliams38417.7773032407, Hello,
As I have my site hosted by a web hosting company (1and1.com), I want to make sure the ASP Photo Gallery software runs correctly before I buy. I am not sure about whether or not they support parent paths because I can find nothing in the online faqs. But, I have two other ASP apps (Forum and News from Web Wiz) running on the site, both connecting to Access databases. I remember having problems initially setting these up because I kept trying to use paths like ../db/wwforum.mdb like I would normally do when referencing images or pages in other folders.
Anyway, here are the database connection strings for the two apps. The first is for the Forum, which is at /forum/common.asp connecting to a database in /db/wwForum.mdb. The second is for the News, at /news/common.asp accessing /db/news.mdb.
'Virtual path to database
strDbPathAndName = Server.MapPath("/db/wwForum.mdb")
'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("/db/news.mdb")
Thanks for your help, hopefully I'll be setting up my new galleries this weekend!
- Jason , oh, its timing out during the import ??
I didnt know that. I thought you said it was timing out after when you tried to log in.
That changes everything...
Let me start again cause I think I know the problem., Hi there, I am not exactly what you mean when you say "moved some of the include files to user"
are you saying you are moving files around ? I am not sure what you mean there.
but.. the parent path issue is described in detail here
http://support.cjwsoft.com/code/moreinfo5-1.htm
Having is enabled is actually a requirment of the photo gallery application as stated on the web site
http://www.aspphotogallery.com/aspgallery_pro.asp
You can certainly still use the apllication but as that article says you will need to change any file includes to virtual includes so they will work with parent paths disabled
, Personally, I really wouldnt worry about. Personal Client virus software like that is not really meant to run on servers anyway. That software is meant for client machines, not web servers.
Any Server designed virus product will not incorporate script blocking features because servers often need to run scripts when dealing with ASP, PHP, CFM, etc etc
That article I link to has more on all of that.
Turning that off is nothing to worry about. I been running IIS servers for 8 years. ,
Timecard Entry: 3/25/2006 4:52:45 PM
starting to slow down, TRAVELED BACK TO WATERTOWN , Marketing, IB SOAP COMPANY DEVELOPING INITIAL WEBSITE GRAPHIC LAYOUT, 7 PAGES, 3 FORMS, SCANNED AND EDITED PHOTOS, Organize tasks for Thursday, quickie lunch, Community Service - Town of Clayton Fire District financial reports, 290 Miles - Trip from Madison, WI, meeting with realtors, phones, invoices etc., s/w kv on corp partners and presentations, including materials, etc. to watertown, first draft of presentation emailed for review and contract ideas to tb., review initial design- all set add phone- need info from customer, NY FELT- COPNTACT TO FINISH WEB SITE AND FINALIZE
SEND INFO TO ADAM HUGHES
CONTACT LOIS FROM GOLFD RIVER REALTY
, Florida National realtors Convention, Entered payroll into QB will finish in morning, did some callbacks, Trouble shoot PcAnywhere for Mike Nelson, email, covering NOC, Manning NOC. Resetting open modems. Checking modems. Checking voice mail. Talking with Tom Kitto from the Times about a mail problem. Entered two new employees into emerald for access to customer database. Tweaking froggy 97's stream., Stuffed envelopes and helped out billing, On phone w/Tony at ICS about Backtobasicspetfood.com secure order form, Web billing, training at Raleigh Nortel Training School, answered incoming calls, copying papers, Doc Manager, research use of Flash w/ASP for graphing component, troubleshoot connection problem with McGrann Paper., changes to Sicard-snowblast.com site. Billable., research Looksmart content and alternatives for Vermont Internet dial up customer web portal,
| 
