Blog Entry: 3/25/2006 4:57:38 PM
(User Photo Upload Mod) for ASPProtect Version 7.x
This will allow an individual user to upload a user picture instead of just the admin.
Notes: This is a down and dirty mod. The user upload code was copied from the admin area and there are no safeguards. Meaning there is no limit on the file size a user uploads and there is no confirmation process in case something they upload is inappropriate. etc etc etc
If you want that you will have to work on that on your own.
Directions:
Back up your existing ASPProtect installation.
copy these files into your "users" folder
2006-01-24_111305_User_Upload_Mod.zip
, if you just see code then you do not have ASP and Web Server setup correctly.. Basic IIS Server Setup stuff and not something I cover, but there is plenty of info out there.
http://www.aspfaq.com/show.asp?id=2084
http://www.codefixer.com/tutorials/installation.asp
http://www.webwizguide.com/asp/tutorials/installing_iis_winX P_pro.asp
http://www.w3schools.com/asp/asp_intro.asp
,
Hello,
It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.
I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.
But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file
, ok.. glad it is doing it's thing, I agree -- don't use the code as is. I provided it only as an idea for a work-around if your ASPProtect users with Internet Explorer complain about the Page Expired message.
I did not test it to be sure the parms coming into the target page (which would be part of the URL when bookmarking) are properly preserved. It would be easy to make sure they are preserved, but I am not sure the code in the example does that. I also customized the code with my own page header and footer.
I have the Option Pack but the site does not need it yet so I haven't applied it. I don't expect many problems re-applying my few lines of modifications.
The IE behavior is not a big deal if you provide an explicit login page, since users would have less interest in paging back to that. In my case, I simply gave a link to a protected part of the site, and when they take that link, they instead get the login form if they aren't logged on. Once they log on, they get their desired content page, to which they sometimes want to page back later on.
From searching the Microsoft Knowledge Base and other sources, I could not find a way (using HTML) to turn off IE's behavior of refusing to quietly reload a page containing form data. Netscape does not do this. So my IE workaround is to ensure my target page does not contain the login form. It does not solve the cause of the problem, but in this case it gets rid of the Page Expired error message for my IE users.
I also purchased ASPProtect for another site, and I'm using that "out of the box" unmodified. I'm very pleased with ASPProtect's functionality and the fact that it works completely without the need to customize. However, I've found it is very easy to customize if I want to.
Jim
Puli Club of America
, well, I think John just told you what the deal is. He knows more about ASP.NET than anyone else I know.
If you are going to run a non-standard setup then you are going to have big problems like you are having. , Same here. Thinking it might be server load or the bandwidth to the server.
Thanks for checking!
Lance
, I am attempting to have the page dedirect from the group, as some of my users are part of different and multiple groups (they are not structured in access levels, b/c they cannot be part of multiple levels(?)). So I think I need to redirect by group. I am having trouble having this work correctly.
-j
, I did all that you sugessted and all failed, you said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually? below are the steps I performed......
1 - made sure the web is it's own application in IIS
2 - Reset IIS in command promt
3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.
I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?
Thank you!
Matt...
, pretty clever...
If anyone is interested in what the Mod function actually does this article explains it nicely. They even use it for the same purpose in the examples.
http://www.asp101.com/articles/steven/mod/default.asp
cwilliams38210.6791898148, It is common when testing a site that this happens because of the nature of session variables.
Admins have access to EVERYTHING so it is very important when testing different user accounts that you specifically log out... and then close every single browser window before logging in as a different user. This is to ensure session info from the previous user does not overlap in any areas.
(The session variable for admin access being the main one)
Under normal circumstances a user would not log in with many different accounts on the same computer this this would only be a problem for a developer who is testing.
So make sure you go to the to log-off page and log off.. then close all browser windows.. then test another user.
If all this is not the case then something else is going on and I will need more information. I pretty much know the level checking code for ASPProtect Version 6 is correct as there has been no reason to change any of it in over a year. I would have heard reports of problems with it. , Then, you would have to add those users to the aspprotect user database. You would do so using the built in import/export features of msaccess and being very carteful about it. It is not a process we support and the technique used would be unique to any situation. Its basic database work though but still you have to be able to do it.
ASPProtect uses its own user database and you have to use that database. ASPPortect can not authenticate users using some other existing database.
Does that make sense ?, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296, Hi all,
I have the photo gallery set up at www.kashabowieoutposts.com/gallery
It's great - love to work with it.
But I've never been able to get those with just User permissions to be able to upload... Only an administrator is successful in uploading. This was no problem in the past, but now this client would like to give their guests a means to share their pictures on their site - so now I have to figure out the bug...
... this is the error I keep getting...
Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard.
------- anyone else experienced this?
Many thanks all!!
Doug
, This may be an old question ??? If it is please point me to the post or documentation where I can find the answer please.
When creating protected pages I am using the following to protect them:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="/aspprotect/check_user_inc.asp"-->
But that is not working. I get the following error when I try to access the members logon page in the directory that I wish to add the pages to:
Active Server Pages error 'ASP 0130'
Invalid File attribute
/filelocation/filename.asp, line 3
File attribute '/aspprotect/check_user_inc.asp' cannot start with forward slash or back slash.
However if I create the pages in the root of the AspProtect directory and use a link to the same page that exists in the AspProtect directory and the following include:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
The pages work fine.
I really do not want to put all of my protected pages in the root of the AspProtect directory.
I would like to mix protected and unprotected pages throughout the site in order to #1 make it easier to administer. #2 keep the AspProtect directory solely for authentication. And, #3 keep any user authentication pages out of the AspProtect directory.
TIA
, Update..
I have support for the ibulc image uploading client working.
http://www.ibulc.com/
There is also an option in asp photo gallery pro to store the images original filename in the description field which is pretty cool.
Ibulc client bulk upload support currently only works with the pure vbscript upload or the safileup component. (I may support the other two components asp photo gallery can use but it really depends on time) The pure vbscript upload code I am using for this is much better than the code I was using before so that method should be offer decent performance for anyone though using a component is always better.
I still have to add the ibulc feature to the users side. It currently all only works for an admin user.
The whole process is very cool. You install the ibulc client on you computer. It's tiny, and free for uploading up to 10 (100kb) pictures at once. You have to by a domain license from them to do more than 10. Anyway.. it lets you select multiple pictures off your hard drive and it then uploads them all at once with individual progress info for each picture. Its really cool and since it really treats each picture as an individual upload it doesn't hammer the server with one big upload at once.
I also made it so you can start the picture uploads at any picture number.
So if you already have pictures in an album you can add more without losing what is already there.
This was one of the main features of the new version and now that it is working hopefully I can tie up any loose ends and get the new version out soon.
cwilliams38327.5488541667, The default database password is "temp"
This is noted in the docs. You can also see the current password by looking at your connection string.
cwilliams38176.7913888889, You would carefully use the built in features of access to import/export data.
The password for our databases is noted in the documentation. It's pretty hard to miss really. You can also see the database password by looking at the connection string info.
different versions may be different but it is usually "temp" minus the quotes
, that's they way it should be done..
the only other thing would have been to test everything with sql before trying to import any data.. and make sure all was fine at that stage
more info on the errors would be helpful.
Id' also carefully visually compare the SQL tables and fields with the SQL scripts and make sure all field types and settings got set correctly.
Also, make sure the user accessign the database has datareader and datawriter permissions of course.
, Thank you!!
Yippee!
Laura
, thats intertesting.. I have never heard of the concept until now..
I did a search for ASP examples or ASP components that can help with the process and just couldn't find anything about it., Hi Chris,
When I run the physical map test this is what I get:
The Physical path to this virtual website is: \\NAWINFS04\home\users\web\b2623\rh.vickery2004
Will that work correctly without a drive letter specified?
Thanks 
Rhona
, ya it should have uploaded that no problem...
what about something blocking the use of the filesystem object and causing these timeouts ?
Your not running anything like Norton Script Blocker are you ?
Its part of Norton Antivirus or Internet Security and causes all sorts of problems with ASP when it is running on a server. Especailly when using the filesystem object to deal with text files and when uploading via pure asp.
It could be the cause of the all these problems or something like it ?
It will cause a timeout like your getting and give no real reason why.
More info on that.
http://www.aspfaq.com/show.asp?id=2180, I recently upgraded my ASPclassifieds from MS Access to SQL. The application launches, I can browse existing catagories, etc. but when I try clicking on the login, guestbook, register or accessing the classifieds_admin, I get the HTTP 500 - Internal server error. Guessing this must be a folder or file permission issue? Have tried changing IUSR permissions but nothing helps.
Please advise.
Thanks, lancem
, you can edit the look of it but because it is licensed software the links to aspbanner and the aspbanner logo.. etc etc must remain otherwise change it all you like., I am having difficulties importing new Users.
I have exported the existing list and then copied in the additional users and save the file as text (tab delimited) in Exel.
When I go to import the file (browse then upload) I get the following error:
Microsoft VBScript compilation error '800a03f9'
Expected 'Then'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.
All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.
Any assistance would be appreciated.
Thanks
, IFRAME is just an client side html thing...
has nothing to do with .NET
will work with any page extension or server side technology
As you see from that compatibilty chart I posted a link to.
Nearly every modern browser supports it.
cwilliams38155.4462847222, at this point I would say install a fresh untouched copy in the web in a different directory and lets see if it acts weird from scratch.. the we can go from there.. I dont know what is going on
, Actually this was rather easy to fix. Once you restrict the permissions on the folder, open up IIS admin. Goto the selected folder, and right click/properties. Once there you modify directory listing and add defauly.asp to documents. This will provide an automatic load with you enter in the unmask route. 
, if you use our existing User_ID they are going to get new ID's. There is nothing you can do about that.
You could very easily though stick your exisisting User_ID's in one of the custum fields so you dont lose that info for each member., ok, that does not work but that still is not enough to help me troubleshoot.
I'll probably need to look around in your admin area and check things out in order to figure anything out.
I will also need to see the protection code you put on that page exactly as it appears.
PM (private message) the admin usersname/password to me if that is ok with you and I will check it out
it's really the only way I can help with an issue like this. I have to make sure you didn't do something wrong and then go from there , Hi. Chris. I'm not a programmer of any sorts, so I am not comfortable plugging in the changes you suggested and not knowing for sure if it will "break something somewhere else". If the programmer tells me "you have been warned", its a pretty good sign its a no win situation. If you don't know, theres no way i can know.
I saw in the code where you mentioned the changes. I don't see where it mentions the last name is required either, but the bottom line is it does require it it the actual new user form.
Thanks anyway Chris. I'll figure something out.
-john
, ya,
any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links
example (for anyone that comes across this thread)
http://www.examplesite.com/somepage.asp
is going to have a different set of application and session variables then
http://examplesite.com/somepage.asp
even though they are basically the same page
, you dont want to use the virtual smtp virtual server method... you want to use a real remote email server with valid MX records..
ultimately though after all that is going is it is out of the hands of the asp code and it becomes issues other then the code sending the email... regarding to whether or not emails get blocked by certain organizations
For example:
I have many aol users sign up for various systems I have running without issue. I use CDOSYS with my own server mail.cjwsoft.com which has proper MX records set up.
I would also try to determine the difference between blocking and spam/junk email filtering. It is impoirtant to truly know what is going on.
Sometimes adding more information to the body of the emails going out will eliminate the junk mail filters from gettings the emails.
Then you have the various open relay lists that places like AOL use. If your email server or IP sending the email is on those lists for spamming you do not stand a chance. That is all out of the hands of the ASP code.
, OK, I figured out the problem. Not running ASP becasue the pages are not saved as ASP but rather HTM... OK so I am smart like a tractor but strong like an ox.
cwilliams38229.9128819444, Ok I used the following for the sql string.. is this correct?
SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE (User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = '-1'" & ")"
, Hi-
Thanks for the quick response to my previous posts.
This is my issue:
I have read over all the docs and installation instructions and can't find a way to do this:
my default page in my root dir will be a log in page which will take the user once his level is validated to a "home page". Is there a page in your examples that will perform the function of this log in page? or should I rename check_user_inc.asp as the default and change it's html output to make it look like my log in page?
I also looked within the code for check_user_inc.asp and did not see where to specify where the user will go once he signs in.
Your help is appreciated
,
AUGUST 12th 2004
NEW VERSION OF ASPBANNER IS BEING RELEASED THIS WEEK
ASPBanner Unlimited Version 8.0
It is completely finished.
http://www.aspbanner.com/
This new version has more features and is selling for $99.95
Unlimited Version 7.3 is now named "ASPBanner Standard"
Owner's of Unlimited Version 7.3 can get an upgrade to Unlimited Version 8 for the difference in price (based on current pricing)
It is available now for purchase at the following link .
http://www.aspbanner.com/purchase_unlimited_v8.1_classic_upg rade.asp
The new version can use your existing database so it is a fairly easy upgrade.
If you are not an existing ASPBanner Customer you can use the following link to purchase the application normally.
http://www.aspbanner.com/purchase_unlimited_v8.1_classic.asp
Notes on the new version:
ASPBanner Unlimited Version 8
Improved graphics and some new icons
New reports screen... 4 reports total 3 of which are new
New Iframe Banner Calling method with built in auto refresh feature so banners can rotate at a specified interval on their own
New Zone Order Informaion Page
Visually shows you what the current rotation looks like for a zone
Banners can now be stopped at a certain date and at an impression limit
Whichever is hit 1st.. before it was just one or the other
New "data" folder... this new directory is the only directory that needs permissions
this should make setting up the system and permissions a breeze.. all cjwsoft applications will
eventually use this same folder
New configuration text file... eliminates config table in the database and allows us to easily
add more config options in the future without changing the database.. means easier upgrades down the road
and faster loading of the configuration data
New application data connection wizard
makes setting up the data connection a no brainer
more overall emailing methods supported
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
Persists ASPEMail now supports outgoing SMTP authentication.
Simple Mail now supports outgoing SMTP authentication.
It is becoming popular for ISP to use this.
Emailing code now uses functions so we can easily add more email component support down the road
Flash files (.swf) can now be previewed and used in new banner right from the upload page
before this could only be done with image files
Users page now has a notes popup feature
when you hold the mouse over the icon you see all info on a user without needing to edit that user
Edit banner page now shows the color of the banner status in the dropdown menu
New clone banner feature.. allows you to easily create similar banners
Banner application page has been optimized to be even more efficient
Javascript popup calendar date selectors
Ton of misc little things & Improvements...
Some Screenshots
, gotcha...thanks.
, Hi Chris,
Thanks for the answer. No, I am not using Paypal since these are employees and sales reps. I guess i'm on my own on this one. :)
Thanks
Sylvain
,
Timecard Entry: 3/25/2006 4:57:38 PM
Assembled Wan folders for customers, logins / e-mails /voice mail, Travel to Watertown, General tech duties. Email, rad log, online reports, and phone calls., Connie Fitsgerald- sent info out last week- gave me address of current site- wants us to develop sites for her- get more hits, installation of new equipement, Last weeks cancellations, Looking for promotional items on Net, Excel lesson #5, genealogical services- signed website put on credit card- one page ad
eileen- rf company out of syracuse- internet training- email jim about that
ardene green charters- left message for
the moose- changes for web sote gave jason last week- give to tom
email problems
, lunch, elementary kids tour, Answered tech related calls., not too busy, helped out
with the expires, Mandy Curtin re: curtinludtke email, email, voicemail, call backs, misc, Amy - Explaining problem w/CDonts email component not working on Tycho server. Explaining current downfalls of our secure checkout process and what needs to be done to make it truely secure., Prep for BOCES presentation, Whites lumber- change contact us
Meegan wize- left message for web site info
Popcorn-n-more- left message for larry
Proposal for patrick evans for - fax and sent email- spoke to him about proposals
Make payment for domian names for gisco.net, surgicalfgroup,public square.com
Register attyevans for patrcik evans.com
Creat work order for chris bryns, edgwoofresort, north country orthopeadic
, timecards and submitted my timecards for when I am on vacation, busy....techcalls, Radlog, Picked up mail and opened. Posted accts and customer inquiries., food, trouble shooting problems w/our phone system
, Swept hallway, jim's office and tech room then mopped all area's. Kept a very close watch on emonitor as it went down before my shift and was going yellow many times., had to get out for a minute, Fixed ''Listener'' form on Classichitsz93.com to point to correct address. Fixed corrupted image on Northcountrynow.com. Attempted to publish updates to timberview.com, still no luck., Troubleshooting Dr. Maresca's line. Fiasco with a medical image that didn't make it. Ben was on call, had to talk with Kareta, Dennis, and Dr. Maresca. Then stayed on the phone w/ Bell Atlantic to MAKE them test the time extensively, forced them to see their problem, which they overlooked on their own initiative. Co-ordinated Ben and Bell to meet at his house at 9:00 this morning., billing issues, invoices, DSL info to customers, Spoke to American Dreams Gynastics about being a sponsor for them,
