Blog Entry: 3/25/2006 4:54:57 PM
Chris,
I'm setting up the subscription locally so I can't test it out until I
put the site live. I have a question in how the paypal
subscription works.
1. What is telling paypal to return the info to the ipn.asp page for
processing? Is that something I have to set up in my paypal
account?
2. I'd like to use Paypal's
auto return. I assume the return page would be ipn.asp?
Would I just need to add a redirect to the login page at the end
of the appropriate txn_type if/then statement?
Thanks,
Michelle
P.S. I did finish the integration of the webwizforum with
ASPProtect. Thanks for the great headstart on that! Will be
putting everything live in a couple weeks.
, nice. I love learning at least 1 thing every day,
hi,
no.., not unless you come up with some clever way to handle it on your own
http://support.cjwsoft.com/code/code_info.asp?TID=369&KW =https
read 2nd to last post
The way ASPProtect ships it is designed to either be in http:// the whole time or https:// the whole time.... (there curently is no solution from me allowing going from one to the other)
sorry
, If it stopped working it has nothing to do with the ASP code. YIf could have stopped for any number of reasons as hosts often change email server requirements and info. You need to go over the email settings. Of course make sure you and the person you are sending to have valid email addresses and try different methods/settings until you get emailing to work again.
Testing it by sending emails off from the users screen.. in each email type in what you are trying at that time so you know what worked if emails make it through. Also, be sure to check junk filters when testing to make sure the emails are not being put in any of those.
That's what I would do. CDOSYS is always your best bet for sending emails as it has so many options and all new server support it. , Hi,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
, download the free version...
check out this tutorial...
http://support.cjwsoft.com/code/moreinfo169-1.htm
If your application can post to the page and provide all the form variables needed to log in it may work out for you..
You'll have to try it out... all the form variables needed are in that login form example.
Basically you'd be posting to a protected (.asp) page..
and providing the following for the most part.. how your app creates it post data is on your end...
<input type="hidden" name="Status" value="Checkem">
<input type="text" name="Username" value="Yourusername">
<input type="Password" name="Password" value="YourPassword">
As an alternate scenario...
Now, by default the "check_user_inc.asp" file is looking for posted form data... for security reasons it is not looking for querystring info..
If you change this bit of code in that file
from
Username = Replace(Request.Form("Username"),"'","''")
Password = Request.Form("Password")
to
Username = Replace(Request("Username"),"'","''")
Password = Request("Password")
It will then grab either form or querystring data...
Meaning you wouldn't necessary have to create a true post to the page with form data. You could just access the page via a querysting like so
http://www.mysite.com/somepage.asp?Status=Checkem&Userna me=Yourusername&Password=Yourpassword
Of course that introduces security risks as the username and password would be passed in plain text over the net
Another option is...
You can also make a copy of the "check_user_inc.asp" page called whatever with those modifications just to use in pages you need your little application to post to... thus reducing the security concerns a a bit as the rest of yoru site could still have its pages protected under the normal scenario.
I hope this answers your question... I havent really ever tried any of this but that is how I think it would work... , Hi
I have purchased the Standard version about a week ago. Its a great script.
I have been able to select uploaded banners from day one... but just now i dont seem to be able to select...
i know its hard for you to trouble shoot with such little information.. but i had to ask..
Should i maybe upload the site again ( but same the database first)?
regards
Domenic
Sydney, Australia
, Testing for XML Parser Support
the microsoft xml parser is generally installed by default on all new server setups..
It allows ASP code to make calls to other pages anywhere on the new as well as a lot of other handy things..
download and run this ".asp" page to verfiy that it is installed and be sure it is available for you to use
2004-12-10_132620_test_xmlparser.zip
Make sure you run it from your web server through the web browser
cwilliams38331.5621180556, It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.
Regardless,
If an account isn't listed you have to add it.
Click (add-advanced-find now) and it will list off all the user accounts on the machine
You can also click (add-advanced) and simply type in the account name or part of it.
Some more tips:
If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.
You can also go to computer management in your server's administrative tools and view all of the accounts and groups there under "Local Users and Groups".
cwilliams38417.7186689815, Hi - I am a recent user of your software. I administer it for the owner. I probably missed something in your forums somewhere - but I'd like to know how to stop the software from sending an "accept registration" e-mail (after they fill out the registration page) from going out so fast - usually within minutes. I'd like to know how to defer the message for 24 hours, more or less, so that our company can go over the registration details and decide whether to allow the person registering to actually have access to our protected website pages. The program is working very well and we are excited about it. So far, no problems (knock on wood!).
Thanks so much for your help!
, Please be aware folks..
This file is not provided by CJWSoft. Though this may work very well use of it is not supported in any way. We have not tested it.
This user is not using the option pack so this file will not be compatible with anyone using that because it does not have support for groups and some of the other new features.
Regardless..we appretiate users sharing ideas and solutions that they have come up with.
cwilliams38313.499837963, I'm using version 6 upgrade and recently some of the users complained that their passwords are no longer working. I was able to replicate the problem as I also experienced the same thing with my account.
Once I reset the password thru e-mail (Forgotten your password?), I am able to login but it fails later. This is weird as I have an identical copy of the code running flawlessly 
on my test server.
The only change which I made to the original downloadable code is by adding password encryption using Base 64 encryption.
Any ideas what might be the problem 
, Hi all
I logged in myself to my website, and I tried to log in to another with same username and password. But I was able to log in again.
It was supposed to block me from logging in, but it let me to log in.
there has got to be some configurations I must have missed.
Could you instruct me on this Concurrrent login so mine works as well...
thanks
, Hello,
for an admin..
you view albums for a user.. make a new album... then click manage pictures
for a regular user you log in.. go to user user area.. create an album..then click on manage your albums
, no, you cannot unless you plan to write a lot of custom code.
That is why the option pack has groups which eliminate the need to use access levels because groups can do everything access levels can and more.
There is an article here regarding that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=32& PN=1
cwilliams38303.5555439815, Installing and running NET on a DOMAIN CONTROLLER is a BAD idea period.
Besides the security risks you will have nothing but endless problems
with that setup. Domain controllers ARE NOT and NEVER were intended to
be run as any sort of application server. Your best bet is to run your
asp and asp.net scripts from a member server or one set up just for web
apps. Of course if your in the mood to mess around endlessly it is
possible to make that work, but why would you want to when the prefered
solution is a heck of a lot easier.
, say ?
How do you like LiveSTATS.xsp V7 ?
Looks pretty sweet but the pricing is just too much for me to justify as I am very happy with smarterstats and I host a lot of sites now.
I used to use Livestats 5 back in the day when we had a 50 domain license where I worked and hosted my sites. I liked it a lot then I tried the version 6.2 that they had for a while and hated it. Version 5 still runs well on 2003 server but it has such outdated search engine information that it isnt worth using. cwilliams38324.8862847222, I guess i am not being clear as to what i am trying to do. As far as the event thing... lets hold off on that for now. It seems Chris has answered my question and i am on my own for that one...
As far as the log in goes: I went to that site you mentioned;www.CafePress.com to see if they had what i was talking about. and they do. Notice on the bottom of the page it says "sign in to your account"
I want that option on my home page where users can sign in to go to their account. It will either take them to a page where they can update their info, or it will take them to a protected page. Pretty much instead of posting a link on the site to say... click here to go to members.aspx and have it return an "access denied" the user can enter their info from the main page and be automatically re-directed to that members.aspx page.
I know how the viewstate works and i also know what that returnURL thing does..pretty self-explanitory.
Hopefully that makes things easier. I just want a user to log in from the homepage and be redirected to either a protected page or their account page...
(as does that cafepress website)
, My ISP uses ASPSmartMail. The email confirmation works except when I try to register an AOL user the server returns an error 500.
, Personally, I really wouldnt worry about. Personal Client virus software like that is not really meant to run on servers anyway. That software is meant for client machines, not web servers.
Any Server designed virus product will not incorporate script blocking features because servers often need to run scripts when dealing with ASP, PHP, CFM, etc etc
That article I link to has more on all of that.
Turning that off is nothing to worry about. I been running IIS servers for 8 years. , If they changed the paths they moved the site.
That means permissions for the database folder must be set again.
If permissions are not set and you are not using the correct new path info then you will still get errors.
Those errors the server reports back and quite generic and do no mean exactly what they say. They just mean everything is not perfect.
And everything just has to be perfect..
cwilliams38306.5069328704, yes, admins have access to absolutely anything...
as for the other question what you should do is only show links to people logged in that they have access to.. then they wont get logged out when they go to a page they do not have access to
for example if someone doesn't have access to a level 4 page dont give them a link to go there... you can do that by checking the session variables and creating your hyperlink html code accordingly .. using simple if-else logic... you could even make a hyperlink non-clickable and add some text to it like (no access)
it's all about taking the time to intelligently designing the different areas of your web site. It takes a bit of time and work to really make a system flow the way you want it to.
other than that it becomes extremely complicated to not grant them access when they go to a page they dont have access to but also keep them logged in. It is just not designed to flow that way. If someone goes to a page they do have access to they get logged out. It sort of has to be that way because of the ways things flow.
more info on accessing user info after login so you can do that
http://support.cjwsoft.com/code/moreinfo198-1.htm
another good thing to check out is the provided examples for mutliple access levels. You can see that if you log into the default page for that that it only shows you links to pages you have access to. Done with simple if-else logic around the html links. It is using groups but you can do the same sort of concept using groups.
, You can also try setting asphttp's user agent property to some browser version like in this example. It might stop that info from showing up when it fetches a page from the server.
<%
Dim BanObj1Http
Set BanObj1Http = Server.CreateObject("AspHTTP.Conn")
BanObj1Http.UserAgent = "Mozilla Compatible (MS IE 3.01 WinNT)"
BanObj1Http.Url = " http://banserver.powerasp.com/aspbanner/aspbanner_inc.asp?Ba nnerZone=1"
Response.Write BanObj1Http.GetURL
set BanObj1Http = nothing
%>
Also... I dont know if these values below will work but I got them from looking at my nt logs.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
And here is more info on the asphttp component and it's settings.
http://www.serverobjects.com/comp/asphttp3.htm
cwilliams38248.6481365741, Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen 3 times. Twice on my own server when the power went out for 2 hours and once on a customers server.
Basically the application variable system gets all messed up because it was not shut down properlly.
The ways to possibly cure it are as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
If not... keep reading for the more drastic cures..
Go to the command prompt on the server and type "iisreset"
Sometimes that is enough.
Reboot the server.
Sometimes that is enough.
Stop the web in the IIS console.
Sometimes that is enough.
Stop the individual processes for each web in iis
"you must really know what you doing and be very careful about doing this"
Remove and recreate new applications in IIS for the web in question.
And sometimes it just takes a combination of the things listed above and a few reboots. I don't know the best way to cure it but I do know why it happens and the steps listed above can get things back on track.
Again, this is because the server lost power or crashed as far as I know.
It was not allowed to shut down properly which sometimes happens.
You'll know things are ok again when you see your banners show up on your site.
cwilliams38295.0183101852, Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, Chris,
Well some good news
! This from my hosting company this morning...
"
I'd say that the vendor is right so I've submitted a work order to
create the *****.com/aspnetprotect directory as an application.
If there are any other directories for which this needs to be done,
please let us know. This particular task always needs to be performed
by our staff.
If you need to follow up on this job with one of our on-line or phone
technicians, you can reference ticket id 11860.
With regards
"
Thanks for your help thus far
Andy
cwilliams38455.5654513889, and did you response.write that session value to see if it holds anything to ensure it is being set ,
Thanks for the quick reply.
I will consider editing the code.
, I run F-secure on my laptop which has the anti-virus and firewall modules, and the servers aren't running anything like that.
, SQL server hotel ehh ? Humm that sounds bad whatever that is ?
Is that a real term or just something you named it cause they have like a zillion people using that SQL server? I have never heard of that name ?, Chris,
Ok new puzzle
. I have now managed to gonfigure it to get the admin screen and update members. All excellent news. Seems to work a treat.
But have used the code you give in your getting started guide to add at
the very top of an aspx page to be protected. The path is configured
correctly I am sure. the aspx file is in the root, the protect program
is in a folder now configured as an application (hence the steps
forward to get to the admin screens) on the root, so address should be
foldrname//protectpage.ascx.
Proble when I load that aspx page is as above. The exact same config error
,oww!
I am sure its a setting on my server now, but I dont know what to ask for, Any ideas...
So close now!
Andy
, Does emailing work under the simplest scenario ? (directly from the users screen)
Thats the way to test it..
All that error means is whatever reason the settings you have chosen are not working. It could be the server. It could be what you chosen. (and yes I realize your pop info from outlook should probably work with the settings you chose)
Whenever I do installs I often have to try 3-5 different emailing scenarios before I come across one that works.
Each time making some changes and sending out test emails from the users screen until I get somewhere. Often time getting a working example of how your Hosting Company wants you to send email from ASP is the info to get your hands on. (what method and settings)
In this case they may have blocked the usee of a remote server and want you to use some other settings for sending email from asp. A lot of times they put that info in their help system.
If I were you I would start by trying the other two CDOSYS options for starters, and then try the remote server option again but using "localhost" as the server, if none of those work consult your host for example code and settings to send email from asp. If you still have no luck I can help for sure.
Realize too when testing the emails may take a bit to arrive. A delay of sorts. Best to type in a quick note about which method you are trying in the email text. That way when you finally get one delivered you'll know which method worked.
, I think its great to share a mod.
I will have few with the new album.
, not sure, I havent used 2005 yet
seems like the process should be fairly similar.. you'll have to figure it out
I am going to order a copy of it., Hi,
In my search for a product to administer my banners I came across ASPBanner. In my site:
http://www.lovenest.co.il I have 3 locations for banners:
In the top section a big banner and a small banner
At the bottom a serie of 5 banners.
My question: is it possible to place a list of banners (let's say 8 banners) and randomally pull 5 banners each time the page loads?
If yes please explain in detail.
Thanks.
,
If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.
<center>
<table border="0" width="400" height="200" bgcolor="#000000">
<tr>
<td bgcolor="#F4F4F4">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<div align="center">
<center>
<table border="0" bgcolor="#C0C0C0">
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<p> <input type="submit" value="Login"></p>
</center>
</div>
</form>
</td>
</tr>
</table>
</center>
, Hello,
As I have my site hosted by a web hosting company (1and1.com), I want to make sure the ASP Photo Gallery software runs correctly before I buy. I am not sure about whether or not they support parent paths because I can find nothing in the online faqs. But, I have two other ASP apps (Forum and News from Web Wiz) running on the site, both connecting to Access databases. I remember having problems initially setting these up because I kept trying to use paths like ../db/wwforum.mdb like I would normally do when referencing images or pages in other folders.
Anyway, here are the database connection strings for the two apps. The first is for the Forum, which is at /forum/common.asp connecting to a database in /db/wwForum.mdb. The second is for the News, at /news/common.asp accessing /db/news.mdb.
'Virtual path to database
strDbPathAndName = Server.MapPath("/db/wwForum.mdb")
'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("/db/news.mdb")
Thanks for your help, hopefully I'll be setting up my new galleries this weekend!
- Jason
, I sent you a PM, A very common and extremely bothersome error encountered when running ASP apps that connect to a database is the "80004005" error. It comes in many varieties.
These articles cover it.
(an article I wrote)
http://www.powerasp.com/content/hintstips/permissions.asp
(more articles)
http://www.aspfaq.com/show.asp?id=2009
http://support.microsoft.com/default.aspx?scid=kb;en-us;3065 18
http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=115
http://www.macromedia.com/support/ultradev/ts/documents/8004 005_cannot_open_unknown.htm
cwilliams38102.4447222222, Hello dear Chris
I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user.
I noticed that the values in the fields "Login_limit" and "Active" in
the ASPP_Users table in the SQL changed to NULL and 0 when login and
remained in those values after close the browser.
If manually I change the values it is ok but the problem repeated.
Thank you in advance.
,
Timecard Entry: 3/25/2006 4:54:57 PM
traveled to mohawk to talk with herkimer county. , Went to W D Taylor's house to get his computer online. Success., MS Tech Support re: FPSE, Marketing, Soft Auto and Soft Vendor, Lunch, sort of slow. did a setup and went through a few settings, send proposal to jim navarra- going with proposal for golfwith your buddies- register domain name
shane sanford- add number and address
mail info to david
Hope- tell her to send email for veents to chris
Bob nelson- reschedule meeting with bob nelson
foy agency- contact in feew eeks- down scale proposal
New Hope Baptist Church-send info for hosting and design web site.
Bastas- go over trianing for online storefront with owner and design and what is needed to complete storefront
, work on weekly reports
, MLS, Talking to Kelly about JeffLewis BOR conversion and training, web billing from amy for hosting, Taf and TAF report for Michele, entered cc deposit and stuffed the web billing, Meet with Mike at the Chamber, Training with Steve, Ran Vermont payroll, correcting entries to QB w/ Carol, a little busy early on, Posted accounts and did a detail of checks and cash for a bank deposit. Customer inquiries, ans. phone, coupon referrals, and credit card authorizations., made A/R calls, BILLABLE Imported Davidson export files into their online database.. This is a weekly thing, lunch, GWCC ISDN , Order two phones for Herald Building, travel to Syracuse 90 miles, not as bad, techcalls, Radlog, organizing and cleaning of operations area in Herald Building. Coordinated for trash removal, domains...lots today..., Amy in office asking questions about secure transactions, Working on Timecard system and work orders,
