Blog Entry: 3/25/2006 4:46:43 PM
If we wanted to user groups, is the "Access Level" in the User setup the same ID as what the group access would be? Ex. If John had Access Level 4 and the page specified <% GROUPACCESS = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
I'm asking because there is no Group Access Level in the user setup. Thanks , The way the application works is one separate installation and database is required for each (IIS Application).... not only is it a licensing thing but it is also the nature of (forms based authentication) because every application in IIS has it's own set of application and session variables and they can not be shared with other various IIS applications.
That being said if you plan to run a separate install for each web/IIS application buying new licenses is fine
If you want to run one installation and database and share that with other web.IIS applications it is not technically possible.
Each web/IIS application requires a seperate install of ASPProtect.NET,
Well you can put a link on all your pages that links to the login page?
modify the code in the login page so the return page is members.aspx or
whatever you need and thats it?
I dont see your point? probably because I understand how the program works and your not 100% up to speed on how it works.
, I down loaded your latest ASPProtect.NET_v1.4 and now when i try to get in the admin area it won't let me in. The admin box is selected in the database under the admin user and i can update my user information (password and Address, not username). Is there something that was changed on this version or is it more likely user error on my part? What do you think i should try first?, Just to put an end to this thread here is the solution for anyone reading.
The permissions were ok.
The data connection string never got edited in the "dataconn_inc.asp" file so it was invalid the whole time.
Once that was corrected the application ran.
So really this whole thread was over not following the directions and not editing the data connection string...
, More info on the groups session variable.
Session("Groups") will contain the ID numbers of whatever groups the user is a part of.
It does not store the descriptive name of that group. It will show the same data that is actually stored in the "Groups" field in the database.
for example it might hold a value like this
*2*,*5*,*9*
meaning a user is part of groups 2, 5, and 9
so if you wanted to check to see if a user was part of a particular group you would do something like this
<%
If InStr(Session("Groups"),"*9*") Then
Response.Write("You are a member of group 9")
End If
%>
Taking this even further, if you really wanted to get a particular group's name or description you would have to query the database like so. In this case we ask it the name and description for group 9.
Group_ID=9
Set ConnPasswords = Server.CreateObject("ADODB.Connection")
ConnPasswords.Open ConnectionString
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdEditGroup = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "SELECT " & tbl_label_groups & ".* FROM " & tbl_label_groups & " WHERE (Group_ID = " & Group_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnPasswords
CmdEditGroup.Open cmdTemp, , 0, 1
Group_Name = CmdEditGroup("Group_Name")
Group_Desc = CmdEditGroup("Group_Desc")
, Chris: You are right about a little extra coding to make it work. I am still learning .ASP coding, so I did a little web searching and used IF THEN statments to confirm a member logged in with a valid Access Code. If valid, the protected page executes, with the Member's Name and Access Level on a single line at the top of that page. Looks sharp! If not logged in, or a non member (who found the page via Google), I used a Redirect to send s/he to a login page with optional links as you suggested (http://www.vspa.com/aspprotect/vspa-password-failed.asp) . I couldn't get it to work when using Group Access, but I am sure that is just because I am a novice at .ASP (I will post that example when I figure it out). Meanwhile, here's the code I used that works:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="dataconn_inc.asp"-->
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!--#INCLUDE FILE="config_inc.asp"-->
<% =Session("First_Name") %> <% =Session("Last_Name") %>:
<%
If Session("Access_Level") = "6" Then
Response.Write "VSPA Active Member Access Level 6"
End If
If Session("Access_Level") = "7" Then
Response.Write "VSPA Life Member Access Level 7"
End If
If Session("Access_Level") = "8" Then
Response.Write "VSPA Officer/Staff Access Level 8"
End If
If Session("Access_Level") < "6" Then
Response.Write "Access Level 1-6 NOT AUTHORIZED RESTRICTED AREA ACCESS"
Response.Redirect("vspa-password-failed.asp")
End If
%><!-- http://www.vspa.com/aspprotect/vspa-password-enter.asp -->
<!-- *** End ASPProtect Code *** -->
<html>
<head>
, oh, its timing out during the import ??
I didnt know that. I thought you said it was timing out after when you tried to log in.
That changes everything...
Let me start again cause I think I know the problem., Yup everything looks ok - but why no error?
This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...
What would cause it to 'think' it is doing the task yet still fail? , Hi, lets start with about when did you purchase and download the application so I know what version of the code you have., Chris,
2Checkout.com has added to their required cart parameters:
https://www.2checkout.com/documentation/newparameters.html
Do you have a version of 2checkout2.asp that will support these?
Thanks,
Nick , Okay, hopefully I'm posting in the correct area this time.
Currently we are utilizing ASPProtect 7.x
When using the Newsletter function, many members are indicating they are not receiving email. No evidence of email in SPAM folders. Also, when checking with email provider, they insist it is not being filtered prior to delivery to member's email address.
The following message does appear when a newsletter is sent.
error '8004020f'
/newsite/ASPprotect/scripts/emailing_subs_inc.asp, line 124
Line 124 is the line of code to 'send' the emails. We have approx. 860 members who are on the list to receive the newsletter emails. I have no way of knowing how many are not getting the email. Based on anecdotal evidence, I'm guessing it could be as high as 20%.
We are using CDOSYS / SMTP authentication with a real external email with MX records. Our website is hosted by Cbeyond. They insist it isn't at their end. (for what it's worth)
Thanks for your assistance.
NPA , ASPProtect Version 7
Expiry Notices go out to members who have recently renewed by subscription.
When an existing member from ASPProtect Version 6, with an expiry date, renews with SUBSCRIPTION in v7, the previous expiry date remains unchanged.
We assume the expiry date remains blank with NEW Subscriptions and that Paypal takes care of notifications.
 But our notifications to the "about to expire" dating from v6 catches the "Renewed by subscrtiption" as well, as the date has nor been changed or removed, and this REALLY confuses our members.
Can this be resolved? , glad it is working now
sorry ya had trouble. cwilliams38418.6886342593, say ?
How do you like LiveSTATS.xsp V7 ?
Looks pretty sweet but the pricing is just too much for me to justify as I am very happy with smarterstats and I host a lot of sites now.
I used to use Livestats 5 back in the day when we had a 50 domain license where I worked and hosted my sites. I liked it a lot then I tried the version 6.2 that they had for a while and hated it. Version 5 still runs well on 2003 server but it has such outdated search engine information that it isnt worth using. cwilliams38324.8862847222, does emailing work at the simplest level.. ??
meaning does a user get an email when you send an email from the admin users screen ?
if emails are not sending it could very well be the setting you have chosen for emails in the settings.
the best thing to do is keep trying to send an email there and try different emails settings until you get something that works... even when I do installs for people I often have to try a lot of various things before I get emails to send.. like picking different components and trying different things for the email server address because what they tell me is often wrong
also, sometimes emails get sent but depending on where they go they may get deleted as spam.. aol, hotmail, msn, and yahoo are famous for that , Chris -
Long time no talk, which is a good thing. I have purchased another product from you, ASPVendor. I am running into an issues.
When I try and remove the image through the image manager, it does not remove it. Screen shot attached.
2005-10-19_194248_image_upload.zip
Thanks , thanks.. it was not taken as a complaint.
I just wanted to explain
When you said you tried using the web version of sql manager. Did you use the microsoft one I link to here "just curious"
http://support.cjwsoft.com/code/moreinfo127-1.htm
, Upgrade from V6 to v7.x with an MSSQL SERVER DATABASE
1st of all, backup your existing ASPProtect files and database before performing this upgrade. Please be really careful while performing this upgrade. Version 7.x is a highly advanced application compared to any previous versions. CJWSoft under no circumstances is responsible if you lose information or have website downtime.
BOTTOM LINE: (PERFORM THIS UPGRADE AT YOUR OWN RISK)
To do this upgrade you're going to need to have SQL Enterprise Manager and SQL Query Analyzer
That being said, on with the upgrade..
Open your SQL database in SQL Enterprise Manager
Regarding the following Tables
Rename "Users" to "ASPP_Users"
Rename "Groups" to "ASPP_Groups"
If you do not have a "Groups" table do not worry about it right now.
Now right click and DELETE the Config Table.
Yes, delete it..
Now, go into Design View for the "ASPP_Users" Table.
Rename the "Password" field to "Old_Password"
Be sure to spell it perfectly using the Underscore
If you have a "Groups" Field... leave it alone
If you do not have a "Groups" Field add one and make it a "nvarchar" field with a lengh of 255.
Now, we are going to add a few more new fields.
Add a field called "Redirection_URL" make it a "nvarchar" field with a lengh of 150.
Add a field called "PayPal_Subscriber_ID" make it a "nvarchar" field with a lengh of 100.
Add a field called "Newsletter" and make it a "bit" field
Add a field called "Password" and make it a "nvarchar" field with a lengh of 100.
Now close that window and save the changes..
Download these scripts.
2005-02-23_171110_aspprotect_v7_sql_upgrade_scripts.zip
Now open up SQL Query Analyzer
Connect to your SQL server.
Then load the script "aspprotect_v7_config_table.sql" into the Query Analyzer. Click the green play button at the top. If everything goes well the response should read something like this.
******************************************************
(1 row(s) affected)
******************************************************
Now, if you had a Groups Table your done with the database changes.
If you didnt have a groups table.
Then load the script "aspprotect_v7_groups_table.sql" into the Query Analyzer. Click the green play button at the top.
Now, go back to your database in Enterprise Manager and make sure all 3 tables are there and look ok. You might need to do a refresh or two to see them.
Now make sure an existing or new SQL user has (public / datareader / datawriter) permissions for all three tables. You reference this user in the asp code connection string so this user must be set up correctly. You may need your SQL server admins or hosting company to help you on this step as you may not have access to do this. You may not need to create a user and set permissions as the sql user you were logged in as to use query analyzer may by default get the correct permissions on anything you create.
Regardless, as you can see from this screenshot I have a SQL user called "aspprotectuser" and proceeded to set the permissions for that user. Under database access giving him (public,datareader, and datewriter permissions).
Now, you are done upgrading your SQL Server Database.
The existing passwords still have to be encrytped and moved from the "Old_Password" to the "Password" field
To that we have a special page we run in the application that will take care of that.
So, for now... go install the application, but using the database we just created.
Follow these instructions for the most part...
http://support.cjwsoft.com/forum/forum_posts.asp?TID=181& ; ;PN=1
When you get to the part where you finally get into the admin area and need to make an admin account you will notice that your existing user database is there but none of the users have passwords if you look at them in the edit screen.
That is normal. Simply do what the instructions say and create and admin account using a username that does not exist..
Then log off... then back in as that new admin account. If that works you are ready to convert the passwords.
This part is very easy.
You want to run a special page via the browser.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
Replacing the part in blue with your website info.
Once you get the page running you will see a login prompt and one form field just like before with the "get_me_in.asp" page
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see a page telling you to click here to encrypt the passwords and copy them over.
So do what it says... dont click more than once and wait.
Eventually it should say it is finished. So go log in to the admin area of the system using the new admin account.
Now edit some users but dont save... you want to see if the passwords are showing up. If they are the conversion worked. If you see nothing or a garbled mess it did not work and you made a mistake during this whole process.
If things went well backup and delete the conversion file below.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
You do not need it anymore.
Once you are positive every thing is running smoothly and everyone's passwords are ok you can go in and delete the "Old_Password" field as well.
If things didnt go well.. try again from scratch and go slowly.
If they still dont go well get ahold of us for help.
We are here to help, but if you really want us to we can be hired to do the conversion. , humm, yea thats a data connection error..
really not related to the asp code in the application for the most part.
that is low level
If using MSACCESS
I would make sure permissions are set correctly on the database folder (not just the database file itself)
I would make sure your using at least a 2000 version of the database. 2003-2003 format being better..
I would make sure the server has up to date mdac/odbc drivers.. (that is really the server admins responsibility)
As for permissions there are articles in our forums about exactly how they need to be set. Improper permissions can cause a ton of random errors like that.
cwilliams38414.6528240741, When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
Thanks
, After you click the link in the confirmation e-mail you are directed to
the Thank you page. Right above is a sign in link. When I
click this I get that funky error message.
I am trying to integrate the scripts with the look of my
site, if that is what you mean by changing things around too
much. But, I don't think I have done anything out of the ordinary.
Cheers,
Roy
, when you get back to work.. your "redirect.asp" needs the password include file at the top of it.. or that wont work either..
and of course those pages you send people to all need to be repaired , thats a new one... I need some sort of error to go on..
No error ever ? It must eventually show something ? , My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work. I've tried many different options - here are two that are the closest - but have issues:
1. If I use the settings:
email component: aspemail
Mail remote server: my internal server name
*no smtp authentication
email mail notification - my email address on my internal server
***I get the following results:
I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.
2. If i try to change the setting to use the Hosting Website email server - I get the following results: I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.
**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.
, Hey, I thought I'd share this tip with the ASPProtect community...
If you'd like to remove, modify, or add fields to the "Users" view in
the password_admin default.asp page, it's really easy to do. Well, at
least it was for me. I'm using an MS Access database, by the way.
For me, I don't need "Company" info, but I do need last access and # of
times accessed displayed. Therefore, I had to change the default page
in three areas:
In /password_admin/default.asp, go to about line 185 or so, where you see stuff like:
[code]<td valign="bottom"><font face="Arial" color="#000000"
size
="2"><b>First Name& lt;/b> </font></td> [/code]
OK, those are the column headings. Each one corresponds to a column
from your USERS table in your database. There are two more areas to
consider, both of which appear immediately after this section.
The next section has statements that look like this:
[code]<td valign="bottom"><a href="<% =THISPAGE
%>?SORTBY=First_Name+ASC&MyPageSize=<% =MyPageSize
%>&Keyword=<% =Server.URLEncode(Keyword)%>"><img
border="0" src="../images/sort_ascending.gif" Alt="Sort
Ascending"></a><a href="<% =THISPAGE
%>?SORTBY=First_Name+DESC&MyPageSize=<% =MyPageSize
%>&Keyword=<% =Server.URLEncode(Keyword)%>"><img
border="0" src="../images/sort_descending.gif" Alt="Sort
Descending"></a></td>[/code]
See the "First_Name" items? The first is for an ascending sort, the
second for a descending. This particular line corresponds to the code
snippet immediately above it. But all this does is handle the sorting.
For the actual data, look lower for this stuff:
[code] <td bgcolor="<% = Cellbgcolor
%>"><font face="Arial" size="1"> <%=
CmdListUsers("First_Name")
%& gt; </font></td> [/code]
It's a good ways down, so don't be impatient if you don't see it in 10
lines from the end of the last mentioned section. This stuff handles
the display of the data from the database (where else ya gonna get
data, anyway?)...
Now, to remove a field, you need to find the three sets that go with
that data. The ascending/descending sort is potentially the trickiest,
because it's the longest set of data and can take a number of lines.
Just clear it from the start td to the end /td and you'll be fine.
To *add* a field, copy and paste the code from an existing field and
modify it. In the first one, the column title, you can type whatever
you want to describe your info. Nobody but you and your admins will see
it. For the next two sections, though, you need to get the correct
column heading from the USERS table and use that to correct the lines
in the copied code you pasted in.
For example, when I added a column to show the number of times a user
logged in, I copied the above snippets and pasted them in where I felt
the column I needed should be. Then, in the first one, I changed "First
Name" to "Logins". In the ascending/descending snippet, I changed
First_Name to Counter. Same for the last snippet.
The result? A new column, showing the number of logins my users were successful with.
Of course, before you experiment, back up your existing default.asp file, JUST IN CASE.
Have fun!
, I run F-secure on my laptop which has the anti-virus and firewall modules, and the servers aren't running anything like that. , again I will ask you what is the real error??
see the link above when I asked you the 1st time.
(I need the error details and line number.. etc etc)
and what kind of a server are you trying to run it on ?
you mention xp pro but in a confusing way ? , Yeah, its working great witht he Access database. Now I just need to get it all set up. I like how the config file is set up with all the comments, it really helped allieviate the 40k thumbnails,  .
One quick question though, and I haven't looked through all the code yet... Is there a quick way to have pic_window.asp open full screen by default? I just want to minimize having to either scroll through, or maximize, the screen
Thanks!!!
- Jason , If you bought ASPBanner Unlimited Version 7.3 Before August/10/2004 this file needs to be updated.
It fixes a bug where the JavaScript method is not properlly closing an html Image tag. It can cause other hyperlinks on your web page to link to the same place the banner links to. This does not always happen but this fix is the way the code should be so it is best to update it.
Copy this file into your ASPBanner folder over the existing file of the same name.
2004-08-10_125304_injectbanner.zip cwilliams38209.5378009259, ok.. so we got an NT server with a 486 with 256 meg of ram.
hehe sorry
anyway.. I have the system running without doing any importing and WOW is it chugging.. I mean it takes a while even to edit/save a user
good news is the filesystem object works as I wrote to a text file
this may end up being a simple case of lack of horsepower..
we may need to do the importing on a faster system and then take the database over cause everthing I see on your server looks correct
even so aspprotect is running so slow.. I have never seen it chug like this
I even tried connecting to a 2000 version of the database and no difference.
I am not totally sure what is going on but the server resources available are scaring me... however this could be something new in the code that I never got a chance to try on NT server.. I dont think so though
how does your other stuff run ?
static pages that do not access a database seem to serve up quickly.
are you running any other dynamic code ? , Okay, got it!! just in case anyone else is having the same
problem, after creating the new thumbnails using the
"generate_new_thumbnails.asp". Turn off the random photo
selection for a 10 minutes or so, and then turn it back on.
bwinklesky38324.5085069444, While my host says the permissions are now correct....its still trying to download the setup ASP file instead of executing it.
I really need to get this application working asap too. I noticed the purchasing page said that install came free.....so any help would reaallly be great.
re , This first one may be an obvious one, but is it only .asp files that I can protect as in no HTML files.
Can the program be set to protect my whole https directory contents (though the answer to the last question may have bearing here - there are html files as well as .asp in there) as in http://secure.mydomain.com
Thanks in advance , It works. Thanks Chris.
, I have been using the AspHttp Component method for displaying my ads along with the google adsense code. However, in the last few days my site was taking too long to load, so I replaced the AspHttp component, with Javascript method. The site was back to speed. But now, the Google Adsense banners do not show up. Is there a solution for that? Can the Javascript show Adsense banners also? Because they do show the Flash banners., And here is an even simpler version where the database name is hardcoded and the User_ID is set ahead of time from wherever you are getting it from
'User_ID = CmdListUsers("User_ID") ' getting it from another database query
User_ID = Request("User_ID") ' getting it from the page post
SELECT COUNT(Album_ID) AS Alb_Count FROM Albums WHERE User_ID = " & User_ID & " AND Album_Active = 1" cwilliams38433.0595949074, Excellent 
Thanks, the DESC addition did the trick!
- Jason , You do not run that page by itself. That is not how forms based authentication in .NET works. That is a special page used by the web.config file. It is automatically used when you protect one of your existing .NET pages but is not meant to run on it’s own thus the error.
To answer your other question a user is not sent anywhere. You protect existing ASP.NET pages as shown in the documentation and the examples. If sent to any protected page they are either prompted with a login box or if logged in they see the page as usual. If they log in the form posts to itself and they end up at the same page after supplying proper login credentials. That is how ASP.NET forms based authentication works. I suggest you get a good book on ASP.NET that explains all of that if you are still confused.
Now, if you really want some sort of page to redirect them somewhere after login make a basic asp.net page.. protect it.. and then use a redirect statement. , When I enter www.vickerylightning.com/aspgallery/dataconn_inc.asp on the screen it says "Not a valid bookmark"
as far as that goes I have no idea.. I have never seen that message before but you are not suppose to run that page by itself regardless.. it is an include file not meant to run on its own ,
Timecard Entry: 3/25/2006 4:46:43 PM
review of open w/o's, Prepare for Board Meeting, not so bizzy , Memorial Day, Travel and meeting with Tara Marzano to Vermont (230 miles), phones, rad log and online, callbacks, Mtg w/Jim, SoftMLS2 ... Working on all those changes and fixes, misc., general site design research, BOCES tour, quick break, Posted accounts and did a detail of checks and cash for a bank deposit. Customer inquiries, credit card authorization, coupon referrals, and ans. phone ., Answered phones, busy... mainly general problems..., techsupport supervisor duties, steady tonight, qlight, dial up issues, radlog, ask us a questions, voice mail, callbacks expired users, new user callbacks. Emails and follow ups.. very very very busy , VM messages, Answered the email that was sent to me and also the one Ron gave me to answer, marketing mtg, Got Virtual PC CD from Jason so I can reinstall it. Also picked up mailing labels and left conference info for Nic., Very busy with phone calls. Had a very high rate of calls concerning mail servers not set right in e-mail clients. Talked with a very irrate customer about her losing photo's on her home page., teched phone calls, test zlink roaming, Emails, Drive home from Niagara Falls (250 miles), taking tech calls to cover for Robby and Gary's absenses, teched calls and 4911 was giving RNA, daily reports, NOC duty, Sit down w/new guy Chrispan show him some sites we've done and to walk him through the basics. Creating a project, Front Page, passing variables, database connections, etc., finish dial up issues, time card, straighten my area,
|
