Blog Entry: 3/25/2006 4:46:37 PM
new version is still not finshed as of the end of the year... I am not going to release it until I feel it is ready., whether you use SSL or not really does not effect aspprotect in any way
I say, the smart thing to do there is too not start them off at a http:// url
one way to do it is put a simple ASP redirect on that default page and send them to an SSL version of the page instead...
http://www.powerasp.com/content/code-snippets/redirects.asp
another way would be not start them off on a protected page right off the bat and offer links to the the protected area...
in my opinion thats pretty odd to be starting them off on a protected page anyway
SLL maybe, but protected right from the time they hit the default page of the site.. thats just odd.. usually you want o say a little something about the site your at and then link people to protected areas or give them a login form which posts to a protected area.
Regardless if you always want users at your site under https:// you should have code on every single page in your site checking the url info at every page load. Then if someone ever hits a page and is not using the https:// you can do something about it like redirect them to the SSL home poge or redirect to that same page but with the https:// in the url..
,
Another good tip is to make a copy of the "password_admin/default.asp" named whatever you like..
"default2.asp" would work...
then maybe add a link to it from the header_inc.asp file
then you can modify that one all you want and your will still have the original around.
That concept works for a lot of things.. for example you could make a copy of the "users" folder and call it "users2" granted a few paths might need to be changed here and there but really not a lot. (how do you think the paypal signup folders were created, they started as a copy of the "users" folder of course)
You can even make a copy of the "check_users_inc,asp" file if you like. Then make a copy of the "scripts/login_form_inc.asp" file... then make your new "check_user_inc.asp" file reference it.
Then you can password protect pages using different versions of the "check_user_inc.asp" file. Why ? well maybe you want different looking logn forms for different parts of your website or you want to make a lot of changes to the "check_user_inc.asp" file and want to leave the original alone.
The sky is the limit really. When it comes down to it besides the actual guts of the "check_user_inc.asp" file ASPProtect is nothing but html tags and chunks of simple server side code that produce more html dynamically. What your browser ends up with is basic html. (some client side javascript in certain cases, but that is pretty basic stuff too.)
cwilliams38422.509525463, A nice addition for the listing script would be if the script would allow a "featured ad" or ads that would appear on the default page. , Oh snap. Tried the blank database and got the same errors. Fixed THE
FILE PATHS to conform to the AspProtect 7 setup, and it worked like a
champ. I still need to copy and paste the info, but it's working just
fine with the ones I add manually.
Moral of the story: FOLLOW INSTRUCTIONS TO THE LETTER. 
, thats a new one... I need some sort of error to go on..
No error ever ? It must eventually show something ?
, I've encountered another problem. When i edit the link for existing banners and save it, the banner reverts to the old link instead of the new one.
The directory where the the database is located to rwed so the permissions is not a problem.
Any advice?
Thanks
, [QUOTE=cwilliams]
Is that a real term or just something you named it cause they have like a zillion people using that SQL server?[/QUOTE]
yeah thats it, you buy into a part of the sql server so it's an sql server hotel...
, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296, I'am in the process of modifing registration and tieing in paypal. When I get live I will send you a link. Thanks for help.
John
, Thank you!!
Yippee!
Laura
, check permissions for the user you are connecting to the SQL database.
http://support.cjwsoft.com/code/moreinfo122-1.htm
That user may not have permission to make new data
Also, check all field and table settings manually by comparing them to the SQL creation script we provide. You may very well be missing auto increment and primary keys which would make adding new data not work.
It is most likely one of those two things.
, Humm..
I have no idea where links to hose graphics are being called.
I checked the source of edt_banner.asp and I see no calls to any images named like that
I didnt see any calls in the header and footer files either...
, You are right, there are NO entries in the "PayPal_Subscriber_ID" field at all. Any way of fixing this?
, Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..
Same thing happens... certain passwords just do not work.
So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.
Here is an example.. see the screenshot below.
Username "admin" password "petepetepete"
The top query done in Enterprise Manager is valid and shows the user.
The bottom query is also valid but it does not show the user.
And that is exactly what is happening from the ASP codes point of view.
Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.
It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.
I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.
One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.
It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.
Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.
Your call..
, Login failed for user 'aspgallery'.
Okay, shouldn't this be trying to use aspgalleryuser?
Lance
cwilliams38325.8848263889, Bingo! that did it. Somehow the data must have gotten corrupted.
Hopefully that will do for me. Seems like everything is humming along and looks great!
Thanks again,
Laura
, I'll send you something..
, What application you talking about ? I'll assume ASPProtect. In the future please specify what application you are talking about.
ASPProtect 7 already has protection that is quite effective. The no concurrent login feature which will not let the same username under a different ip log in at the same time. Meaning if someone gives out their info they will screw themslves over because eventually they won't be able to log in. Only one unique ip at a time can log in so even of 100 people know the info it won't really do anyone much good except the lucky one that logged in 1st and stayed logged in. The username/password will eventually become more and more useless as more and people know it.
In addition to that is is a good idea to monitor the daily logs and single out a user you see logging in a lot. The more ips you see for that user the more chance it is multiple people logging in and you should take action. , that's they way it should be done..
the only other thing would have been to test everything with sql before trying to import any data.. and make sure all was fine at that stage
more info on the errors would be helpful.
Id' also carefully visually compare the SQL tables and fields with the SQL scripts and make sure all field types and settings got set correctly.
Also, make sure the user accessign the database has datareader and datawriter permissions of course.
, I am having an issue with the Thumbnailing process. My host does not support ASPImage so I have to use something called asp thumbnailer which is similar to ASPImage. I am trying to modify the Dundas upload to automatically reduce the images to create thumbnails. I ripped out the asp image code and replaced with the bottom. The main issue I believe is grabbing the image files. I am not sure how to name the actual image file that is already uploaded by the dundas upload. the code is below:
The peices in red are where the issue is I believe. What you see below is my attempt to identify the exact image and then rename it tthumbnail. My optimal solution would be to take the picture, resize it and rename it exactly what it was named before.
Any ideas
Thanks
<% Else %>
<%
Dim thumbObj
Set thumbObj = Server.CreateObject("ASPThumbnailer2.Thumbnail")
If thumbObj.LoadFromWeb("../pictures/" & Filename) Then
thumbObj.ThumbMaxDimension = 140
If thumbObj.CreateThumbnailToWeb("../pictures/Thumbnail.jpg") Then
Response.Write("Thumbnail successfully created.")
Else
Response.Write("There was an error creating the thumbnail.")
End If
Else
Response.Write("<p><hr><b>Unable to load the original image.</b><hr>")
End If
Set ConnClassified = Server.CreateObject("ADODB.Connection")
ConnClassified.Open ConnectionString
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdSetImageInfo = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "UPDATE Ads SET Image" & PicNumber & "_Uploaded = 1, Image" & PicNumber & "_FileExtension = '" & FileExtension & "' WHERE (Ad_ID = " & Ad_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnClassified
CmdSetImageInfo.Open cmdTemp, , 1, 3
%>
, I think its great to share a mod.
I will have few with the new album.
, I have found the alternate databases and they do not work either. I then went back and changed the database path in the asptest page to connect to the 2000 and 2002 test databases and it connected successfully to both of those databases, just as it had successfully connected to the asptest.mdb., ok
thanks
, With ASPVendor you must use the SQL scripts we provide with the SQL Version to create the SQL database or else fields will not get set correctly.
I wish you would have told me you were using SQL server. It's important details like that that allow me to help and troubleshoot. , ok, so from your PM Iknow you are using SQL server with IIS5.
You say you created the SQL database using the provided scripts and that is good.
What is going on may just be a weird odbc issue that sometimes happens on IIS5 when using SQL server and I have an idea on how to remedy it.
Edit the "config_inc.asp" with notepad.
Change
If Application("SERVER_SOFTWARE") = "" Then
Application("SERVER_SOFTWARE") = Request.ServerVariables("SERVER_SOFTWARE")
End If
To
Application("SERVER_SOFTWARE") = "iis/6"
And lets see if that helps the situation.
it will change some SQL String query values in the application from "-1" to "1"
either should always work but under certain scenariois only one or the other works, Hello,
Thank you for the feedback.
I would like to point out the requirements of the application however as this is something I am aware of and do address.
http://support.cjwsoft.com/code/moreinfo165-1.htm
These requirments are directly linked to from the ASPProtect v7 web page, so its not like I dont try to tell people the deal regarding SQL server.
Basically I only have the resources to provide scipts and instructions for using SQL Enterprise Manager and that is all I officially support. I also personally think anyone using a SQL Server should be using SQL Enterprise Manager because later on down the road there are things you may want to do such as backups/etc etc
Take Care,
Chris Williams
www.CJWSoft.com
, Thanks.
Nick
, ok... glad ya figured it out.
Yes.. for ASP server side code to run the page extension must be ".asp". I was gonna mention that but I guess I just didnt think anyone would do that.
no offense.. not everyone works with this stuff every day..
, Then, you would have to add those users to the aspprotect user database. You would do so using the built in import/export features of msaccess and being very carteful about it. It is not a process we support and the technique used would be unique to any situation. Its basic database work though but still you have to be able to do it.
ASPProtect uses its own user database and you have to use that database. ASPPortect can not authenticate users using some other existing database.
Does that make sense ?, I think I have successfully integrated Paypal but seem to have a slight
issue. Once a person has entered the Paypal site but cancels their
order, the ad is still placed on the site. The optimal way for my site
to work would be to cancel the ad once the Paypal process has been
cancelled. Any help would be great.
Thanks
, Hi Chris:
Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?
I'm not quite sure what the syntax would be in the URL.
Warren
, Is there an easy way to make this work with reoccurring a monthly or yearly subscription?
, I'lll try to look at it this weekend. I have to leave the office now.
There must be something wrong with the last build of the code. I dont think that upload export file thing is a feature too many people use or I would have heard of this sooner.
For now just upload you export files to the export folder manually using ftp or frontpage explorer and you can accomplish the same thing.
, The protection code for my group3 is:
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * GP03 * ) -->
<% GROUPACCESS = "3" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->
btw - sorry but I am using v7
and thanks for the assistance
, Flash files cannot track clicks unless you edit the original flash file to link to the aspbanner system redirect URL.. feeding it the correct ID of the banner.
When that link is clicked on it will then track the click and redirect the user to the “link url” specified for that banner.
The system actually generates the necessary ASPBanner URL for you. That link is shown on the banner edit screen.(you must save the banner at least once and come back to that screen to see the link though)
Really the best way to show it is with an example as seen below.
Basically the flash banner file "powerasp.swf" highlighted in green needs to be edited to link to the banner redirect url which is highlighted in red.... the banner redirect url will then track the click and ultimately send the user to the Link_URL highligthed in blue.
All banners systems work this way when it comes to flash files.
It’s the nature of flash and the web browser,
The flash source code must be edited to link to the redirect url in the ASPBanner system. There is no possible way any banner system can track a flash click unless the flash file links to the banner system 1st.... because that click is handled by Flash and the web browser.
In some cases if you do have the original source file for the flash banner then you are out of luck as far as tracking clicks goes.
On a side note... if you create flash banners the way this article says you can actually feed a .swf flash file a link for it to click to. Instead of it being hardcoded.
http://www.macromedia.com/resources/richmedia/tracking/desig ners_guide/index.html
This is really the way everyone should design their flash banners from now on because the url it links to can be easily changed at any time without editing the flash file source code.
cwilliams38325.740162037, If you PM your site info and I can go in and troubleshoot. I have no more ideas. Usually people have zero issues installating this application as I got it pretty tweaked so I need to see what is going on in order to help., I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database.
How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'?
cwilliams38417.7773032407, no, and none of the ASP based systems I know of can do anything like that.
A zone can only produce 1 banner at a time.
What your are talking about I have mostly only seen done using very complex javascript code available freely on the web if you search. , When I attempt to upload, it appears that the image uploads. I get a "Original Image Size 0 X 0 pixels"
they don't appear in the web pages, any thoughts? I am using VBscript to upload, my host has safileup but I am unable to use it in this script, thanks for any help
http://mcintoshcounty.org/real_estate/extras/server_info.asp
here's the site link
Never mind, had the path to the image folder screwed up
,
Timecard Entry: 3/25/2006 4:46:37 PM
Few people needed calling., read and responded to emails, moved boxes downstairs, Breakfast :), Paid more bills, research use of Flash for Vermont Internet public and portal sites, Channel Banks, email/voice mail, Cancellations, setting up bays in switch room, cleaning and organizing , work with Tim, Revised and finalized October budget, few calls, fax sent for Tim and sorted the mail, TI Comm Team Mtg, Deferiet - initial design ideas..., readied money for clayton, filed customer paperwork, answered phone, signups, acct changes, cancellations. , TICC A/R receipts and deposit, Emerald ,Phones, SenatorJimWright.Com - Adding code to accumulate form submissions into a database and admin to support it as requested., followups w/other directors
, Help dave w/rivervillagerealty.com softmls component setup., TICC bills, Entered bills to A/P report delivered the mail , Printed off payroll, Picked up mail and opened. Posted accounts, ans. phone, credit card authorizations, coupon referrals, and customer inquiries., painfully long conversation with Lance Evans re: nnymls.com and some changes they want, McCadam.com - adding upload managers and transfering existing content into upload component areas., checking older tape backups to see if we can locate a web site that was deleted some time last week........may have a copy stored on a system drive of an older web server., helping beth try to fix nnyads,
