Blog Entry: 3/25/2006 4:52:20 PM
now, even though it should work with two slashes or not... here is an updated file that will clear that issue up.
You can try it but I think you have other issues like I said above.
just replace this file in the "scripts" folder
2005-12-16_141245_populate_config_variables_inc.zip , this could go on forever...
if you want PM "private message" me info to log into your site.. show me the pages we are dealing with...
and I will take a look at it all...
CJW
,
Here is an example of a query I made in MSACCESS that deletes all users that belong to Group ID of 3. I used the graphical query designer in MSACCESS to do this. Took a few minutes.
DELETE
FROM ASPP_Users
WHERE (((InStr([ASPP_Users]![Groups],"*3*"))>"0"));
Because of the way groups are stored in the Groups fields you have to use the InStr function to determine if the user is part of a particular group
We are deleting all users that of Group ID of 1 so we look for *3* in this example
The SQL statement for a MSSQL database may be slightly different but the general Idea is the same
The SQL statment used in an ".asp" page will be very similar as well.
SQL Statements are the TRUE POWER of working with databases. They are something everyone should learn to work with because they allow you to do some very powerful things., when did you puchase/download the application? you may have old code., The company that hosts our business web site has been impossible to deal with in assisting me in getting asp protect to work. Getting the rights set correctly took 6 days and then getting parent paths enabled has been impossible. There last response was simply this:
The includes were changed so that if your server does not support "parent paths"
' and the "../" that you could easily change a few files like this and make the
' includes virtual includes instead of file includes. We didnt make them virtual
' includes by default because depending on where in your site you put the application
' the virtual include path would be different. They are also much different on a local
' development server than they would be on your real server
'
' Here are some examples of what you might change these includes to
'
' If you put the aspprotect folder in the root of your domain at your server
' example: www.mydomain.com/aspprotect
' then you would probably use
'
' #INCLUDE VIRTUAL="/aspprotect/dataconn_inc.asp"
' #INCLUDE VIRTUAL="/aspprotect/config_inc.asp"
' #INCLUDE VIRTUAL="/aspprotect/scripts/emailing_subs_inc.asp"
'
' Or if you didnt use the aspprotect folder and just put the contents of it in the root
' of your domain
' then you would probably use
'
' #INCLUDE VIRTUAL="/dataconn_inc.asp"
' #INCLUDE VIRTUAL="/config_inc.asp"
' #INCLUDE VIRTUAL="/scripts/emailing_subs_inc.asp"
'
' It really all depends on what works for your situation
' If you want more information on server side includes read this article at PowerASP
'
' http://www.powerasp.com/content/code-snippets/includes.asp
I am assuming that they will not enable parent paths and I need to modify some code. I do not know asp. WHere do I modify the code for a server that will not enable parent paths?
Thanks,
D
, 1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another? I am asking because there is only one table in the DB, and it is the "Users" table. So I am presuming that there must be other databases that are linked to the DB. Is this correct?
2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software? I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of.
, I have a customer who is asking the following:
... could you make a link from it to our website and is there a way to see what traffic goes from us to them. They are going to pay a commission on sales, however I need to be able to track who views their site...
Wishful thinking or could you add code to track their IP address and display in the report section? Not sure that would be enough to satisfy this request. Suggestions?
Thanks, Lance
, That did the trick. Once again a quick very helpfull reply.
Thanks.
, The folder named Pictures permissions are set to your specs. It has jpg's that were uploaded per the aspphotogal instructions. But, the error message still appears and I am unable to access using aspphotogal., Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, Hi Chris,
I've got a page with a form that includes an input field with
'type="file"' for uploading an image. The page posts back to
itself to save the info to the database and run the code necessary to
upload and resize the image.
I need to limit this page to a group. So like usual, at the top of the page I put:
<% GROUPACCESS = "1" %>
<!--#INCLUDE FILE="../check_user_inc.asp"-->
This gives me the error: "Cannot call BinaryRead after using Request.Form collection"
I have used ASPUpload and SA-FileUP before and know that this is caused
by the components having their own .form collection. This script
is using "Pure ASP File Upload" from DMXZone for the upload which I'm
not familiar with.
So...my question is, do you know a way around the BinaryRead problem wtih ASPProtect?
Thanks,
Michelle
P.S. PLEASE don't send me to DMXZone for help....they've got notoriously bad support!
, Actually quite well. I have this problem worked out and it
actually isn't to bad. But now I am getting some strange
error messages. I will start another post.
Cheers
Roy
, 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , enjoy the bar.. drink one for me.. cause that was the problem..
, I appreciate the offer to beta test... but its really more a matter of me getting it ready..
I have a lot done.. but a lot of things are hard coded to only work on my machine and some things have not been sorted out. Giving it to someone else to test would be a waste of time at this point as I they probably couldn’t even run it.
Lately the reason this project has fallen behind has all to do with my main webserver where I collocate.
1st it got compromised (we think by certain competitors who are always up to no good)... then windows 2003 server which I decided to go with on the new server gave me random problems... then the Cisco hardware firewall was acting up and making the sites run slow....then SQL server attacks on port 1433 from Korea when I took the firewall down....and as of the last few days I think the server just needs a new power supply. I swear for the last 2 months I have spent more time administrating my servers than working on code. Yesterday it was locking up every 30 minutes. There have been a lot of days like that and it takes up all my time until I get it situated. Especially since its over 100 miles to the collocation center. The APC unit I installed that allows me to remotely cut the power to hard reboot is a life saver.
Fun... I tell ya... and expensive.. (hardware, software, lost sales, and time) I am pretty much completely broke at the moment. It has been a very expensive few months.
But I like running my own servers... I run dns servers, email servers, sql servers, web servers.. I do it all. It's keeps me in touch with the latest software/hardware. Regardless , my servers ran well for years and they will again.
anyway.. hopefully I can actually get a new version of the photo gallery out before the month is over. It will probably be the last classic asp version. The version after that will most likely be ASP.net.
cwilliams38295.6248032407, Adding Support For ServerObjects ASPMail
ASPProtect as you know does not support ServerObjects ASPMail component by default.
Here are directions to make it work.
In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.
So search through the code for any place where email is sent and simply change
Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")
To
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
It is about 4 places. They are not too hard to find.
That’s the easy way to get all the emailing functions working with ASPMail
cwilliams38419.7864351852, If logfiles do not get created it is most likely one of 3 things
- invalid physical path specified
- permisssions
- filesystem object is disabled on the server
that path doesn't look correct to me for a live professionally set up server but only you or your server admins can know that for sure
you will not get any errors when things arent perfect.. just no physical logs
RecentActiveUsers and RecentPageRequrests are not related to the stored logfile feature.. Recent Activity is a different thing
, I'll try to help when I get back tues night,, see the contact page for info on where I am
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry
, 1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., I have been working on this all night long. I have been reading every possible article. I have created an ODBC connection on the server.. which i have never done before? Still nothing. I looked at the machine.config file... i read about impersonating whatever the hell that is... I am really stressed out. I have the 1.1 framework installed.
I read about dsn and dsn-less connections. Is there another way i can connect to the database? Without using a username and pw maybe?
, Chris,
Thanks for the reply. It all makes sense.
I have gone with your first option but here is the problem:
I have moved the password protected page from the detail page with the
querystring to the straight .asp page. This obviously fixes the
previous error.
Once someone has logged in they are then presented with a list of links
to the previously protected pricelist detail pages (example -
"somepage.asp?ID=3""). They are then able to access the pricelists.
The problem is that if someone copies the pricelist URL they are then
able to pass it on to someone else and bypass the password protection.
If I also password protect the pricelist pages then someone will have to login twice.
Is there some code that i can add that will simply check that they have
logged in otherwise kick them back out to the protected .asp page.
All code in your documentation tends to open the login page regardless of whether you have previously logged in.
Thanks,
Stuart
, Christopher,
Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software.
, and when I go to your now.. its very fast again.., Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings?
, I wonder if this could this be a FrontPage problem. I deleted the skins folder and re-ftp'd the original one that only contains default and Solid Black. I logged in and tried to change it back to default but it won't. I'm going to try making this folder a Frontpage subweb to see if that makes a difference.
Al
, no, but in the standard version it probably will not run so great with more than 75 or so.
The unlimited version can handle pretty much whatever., ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/aspprotect/password_admin/default.asp, line 287
I'm doing an upgrade from an OOOOOOOOOOLD version (not sure if it was 6 or not) and it read my database OK prior to adding a new user. Now I get this error message. I was able to run the password encryption function OK, but I still get this error when I try to view the password_admin stuff. I can log in via the "get_me_in" asp page just fine, but I get the above error.
If I try to log in with my admin account, I get
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/aspprotect/password_admin/check_admin_inc.asp, line 166
*****
OK, my question is this... if I retype all the info from the old DB into a brand new one, never before used, that would work, right? I only have 108 users, so that's about an hour of work. Or is there a 5-minute fix that I can try? I've done some messing around that got nowhere and returned all edited files to their original state, with the exceptions of the ones calling the DB location.
I'll start the C&P process and await your reply... 
On a side note, I really love the new format and am excited about the new features. I'm not married to upgrading the DB and if copy and paste is faster (I just need first name, last name, username, password, email, and expiration date), then I'm using v.7 that much faster.
cwilliams38457.6090509259, still.. its got to be somthing along those lines.. I have seen times when even dbo didnt have full rights to a particular database so permissions should always be manually checked..
The import data routine is most likely the source of the trouble
For troubleshooting sake I would create a fresh installation from scratch using the sql script we provide and a new SQL user. Then see if that works. If it does then try to import your data into that.
There are no other things I can think of doing. Sometimes you just have to start with a clean slate. , I would highly suggest setting up a DSN-LESS connection.
That system dsn is most likely the source of your trouble It is probably that or permissions are still not correct.
I can't tell you how many people have had trouble with system dsn's and finally set up a dsn-less connection and everything then worked as it should.
The location of your database is fine as long as permissions are truly set correctly like I mentioned.
Also, be sure you are setting the database type correctly in the dataconn_inc.asp file. That can cause problems as well as some people have been known to delete that line.
See my articles...
http://support.cjwsoft.com/code/moreinfo9-1.htm
http://support.cjwsoft.com/code/moreinfo136-1.htm
http://support.cjwsoft.com/code/code_info.asp?TID=40&KW= system+dsn
, If things are not perfect there will be no log files and no errors.. it can only be one of these things really
http://support.cjwsoft.com/code/moreinfo313-2.htm
You may also want to make your the filesystem on the server is working and not disabled by norton script blocking or anything random like that. Testing the filesystem object is best done by writing a simple text file to a folder. Plenty of examples of doing that can be found at www.aspin.com
Recent activity is temporary and admin activity in the admin area is not tracked. If your application in IIS has reset or there has been no activity in the users area or in pages you protected there will be nothing there. The busier your site the more chance something will be there. For example usually our online demo has something there except right after 4am when my server does an iisreset.
, O.K. , I register myself as a user. No problem, Iget an e-mail saying account active. No problem. I click the link in the e-mail. No problem. I click sign in and get this message. Big problem!!
Microsoft VBScript compilation error '800a0411'
Name redefined
/aspprotect/config_inc.asp, line 15
Dim Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^
cwilliams38456.0969444444, I purchased and installed the full version ASPProtect 6.0 in Feb 05 (must have been just before 7.0 came out) and have been using CDONTS for email authorization during the registration process.
It was working fine for about three months. Now, after registering, the email authorization is NOT delivered to the new registrant. There are no error messages.It just doesn't arrive.
Any thoughts on the subject would be appreciated.
, Unfortunatley, I dont have an easy answer for you. It is certainly doable but adjusting the code so people assigned to certain groups get specific expiration dates means a lot of code work and time. It would probably even take me a long time to figure out.
The fact that users can belong to more than one group also greatly complicats the whole idea.
You can certainly assign an expiration level when someone signs up. That is easy and explained in the forums. , That was wrong of me but not what I meant. It seems as soon as I purchase something like this it doesn't work right and it can't be altered to work with what I have. The support ends up sucking or being none. Listen I’ve gone thru you're product and it's wonderful and does exactly what you say it does so that's a relief. Sorry about my ignorance with .NET but I’m from an ASP world and it's a lot different. You can see what I’m trying to protect here http://www.hotmixxent.com:8087/default.aspx. The final site after testing will be http://mxais.sfmx.org/default.aspx. Again thanks for the support on Christmas Sunday, that’s defiantly beyond the call and I appreciate it a lot.
, One last thing..
This is bad
http://www.bones.myftpsite.net/rfamilystuff/pictures/
there are .asp files in there people can run that you dont want people running..
u should delete the asp files in there or turn off directory listing...
take care,
CJW
, yes, there is upgrade pricing
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp
and upgrade instructions here in the forums
if you install it in the same directory structure you wont have to make any changes to the pages in your site you have already protected.. because the code to protect a page will be the same
now, anytime you upgrade an application like this there is going to be a lot of work involved especially when there have been so many changes
http://support.cjwsoft.com/code/moreinfo173-1.htm
whether or not you upgrade is up to you
Like I said you can make version 6 work with CDOSYS and a remote email server. You just need to do some research on CDOSYS code and spend the time needed to make the code use it. I however am not going to spend time detailing all of that when I created a new version that does it.
, well, I need more details..
you got SQL server or data connection issues is pretty much the bottom line
If I remember right we went down this road with a SQL setup quite a while back (auguest 2005) and that never really got resolved
here it is
http://support.cjwsoft.com/code/code_info.asp?TID=321&KW =yiak
, The webpage header for CJWSoft states "Web Development for Win NT/2000 servers" - a little dated cause it works just fine on 2003 too, right? :), http://support.cjwsoft.com/code/moreinfo286-2.htm
http://support.cjwsoft.com/code/moreinfo391-1.htm
http://support.cjwsoft.com/code/moreinfo385-1.htm
, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296,
Timecard Entry: 3/25/2006 4:52:20 PM
Not too bad, until 5000 and 5500 lines went down., Callback that Ron gave me to do. I checked my emails and answered those that needed to be. I also checked the online issues again. , Answered tech related calls., Training of tasks for on call duties, Amy in office - explaining situation with backtobasicspetfood and what needs to be done to remedy the problem. Going over how admin works for Neighborhoodsupermarkets.com. Changing all usernames and passwords for all stores., On phone w/Amy about SenatorJimWright.Com, tanned, Reset microcom modems., balanced checkbook- Tim did not enter transactions from reconcile. Post office trip, Remington article for the business record, Froggy97 - Lets make a deal promo, moved scooby doo, found correct font and redesigned left menu image map to include froggy album, events calendar, business listings., lunch, calendar update for Paul and Jeff, Lunch and Insurance detail, Drive to Cat County (after car accident) (300 miles), tech calls made 3.1 disks rad log , Training for Jeff-Lewis, answer voice mail/ email
research sites for meeting for bernier and carr, Doing last week's billing, lunch, E-mail, Penny, morning routine., 1Meg Modem - Ottawa, to Watertown, ran modem lines upstairs, Forever Broadcasting 790wtny.com - On-Air Personalities and Program Schedule updates. (billable), fixing www3.imcnet.net with Ben....http headers weren't set on neptune...causing errors., taco salad. , Business Cards, lethead, envelope..., paper, printer.., met with matt to discuss changes, *ISO Analysis,
