Is there a possibility to build in a option that the administrator will be notifed when a banner expired.

After turning off the friendly errors, here is the detail.

Active Server Pages error 'ASP 0131'
Disallowed Parent Path

/users/register.asp, line 16
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

ANSWER:
http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&K W=Disallowed+Parent+Path+

ok, PM me some additional info so I can go look around.

I dont quite understand everything going on.

Let me know what to do exactly to be successful logging in and also...

Let me know what to do exactly to reproduce the issue and I will tell you what I think.

Disallowed Parent Path

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory. 

When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.

If it is not enabled on you server you will have to ask your host to enable parent paths for your website.

This is what the settings screen looks like on an XP Machine

Additional Information:

It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.

Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.

Hosting companies should if they are serious about hosting ASP.


If they won't your only option is to go through all the code and convert the file includes to virtual includes.

http://www.powerasp.com/content/code-snippets/includes.asp

The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)

Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc

Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.

In my opinion virtual includes are pretty useless for commercial web based applications...  Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.

For example...

The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->

But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this

<!--#include virtual = "/somedirectory/somefile.asp"-->

ok...

you got problems if you cant import a file created by the system..

You using SQL or MSACCESS and do any of the users data have apostraphes in it ?

ok, I just sent you a private message with download information.

replace you existing

"check_user_inc.asp"

"admin/check_admin_inc.asp"

"admin/email_user.asp"

with the new versions in the download

Do some testing to make sure that HANNAH password works ok for you.

Hopefully this cures the issue...
If it works ok for you for a while I will offer the fixes to everyone and start using this code from now on

BTW:
"admin/email_user.asp" had an unrelated bug in it that only happened if its error handling got triggered... it was posting back to the wrong page when that happened and causing an error

[QUOTE=cwilliams]actually, passwords can be up to 75 characters long in ASPProtect.
the only requirement when entered from a non admin user is that they are at least 4 characters long.

what does MSAccess have to do with this ? Are you trying to convert and old system or something? I noticed you created and "old password" field in there ? Is there something I do not know about as far as what you are trying to do?

Passwords in version 7 are encrypted so I hope you understand all of that and realize you can not enter or change passwords right from SQL server. Also if you import info you must handle that accordingly and convert the passwords to encrypted format. [/QUOTE]

First off, I haven't imported anything from MS Access.. The only reason I mentioned it is cuz I thought initially it worked with Access and not SQL server.

I am not converting nor entering any data manually into the db, nor have I changed anything in the way the registration is made (don't know where the "Old password" has come from? thought it was a function you made?)

Ok i was wanting to know what the "if then" statement would be if i wanted to show xxx if your group is xxx.

I tried

    <% If Session("Groups") = "1" then%>
    <font size="2">TEXT HERE</font>
    <%end if%>

But that did not seem to work.

Yes worked fine

thanks

Access to some sections of the forums must be requested.
Please Click on the following link and read all of it carefully.

http://support.cjwsoft.com/

It's seems to work fine after renaming the file, rebuilding the application, and editing the web.config file to point to login.aspx. It looks like I can use your fine product and thanks again for the help. It was unusually easy. Merry Christmas…

I have seen that happen before though it usually just happens once and then after that it doesn;t show up. It's the asphttp component doing it. The ASPBanner system is not doing it. I would try using banner calling method such as the xml parser method. It's usually installed by default on 200 and 2003 servers.

Hi all

I logged in myself to my website, and I tried to log in to another with same username and password. But I was able to log in again.

It was supposed to block me from logging in, but it let me to log in.

there has got to be some configurations I must have missed.

Could you instruct me on this Concurrrent login so mine works as well...

thanks

Nov 2005

New question...

When someone edits their personal information, such as address, is there any way to set it so that someone in the office can receive an e-mail noting the changes?

Thanks.

If you have found out that parent paths are disabled on the web server you can still use the application.

Before you continue.

If it is your server consider enabling parent paths to solve the problem.

If it is not your server consider asking them to enable parent paths for your web site to solve the problem.

If that is not possible please download this zip file.
2005-02-20_150703_aspprotect_v7.x_alternate_include_file_pat hs.zip

This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.

The zip file contains the following folders and files.

Below is the contents of the readme.txt file which explains everything.

The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.

(parent paths enabled) - This is the way the application comes.
The files in this folder have FILE server side includes containing "../" information. While these includes will work when the applicaion in is any location of a website they will not work if parent paths are disabled on the web server. Generally you will want to use these on your xp development machine. You can of course use them on your real server if parent paths are enabled. Parent Paths are now disabled on II6 by default and some hosting company will not enable them.

(domain root)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in the root of your web domain. For example if your domain was called "www.somedomain.com" the following aspprotect files and folders would end up like this
"http://www.somedomain.com/check_user_inc.asp"
"http://www.somedomain.com/password_admin"
"http://www.somedomain.com/users"

(domain directory)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in a directory called "aspprotect" in the root of your web domain. For example if your domain was called "www.somedomain.com" the
following aspprotect files and folders would end up like this
"http://www.somedomain.com/aspprotect/check_user_inc.asp"
"http://www.somedomain.com/aspprotect/password_admin"
"http://www.somedomain.com/aspprotect/users"
You can change the name of the "aspprotect" directory but you will will have to edit the includes in the files.

Lastly, if you are on a local machine and insist on using the VIRTUAL INCLUDES you would also use the (domain directory files) even though you dont have a domain on your local machine most likely
For example if your site was installed like so.
"http://localhost/aspprotect/check_user_inc.asp"
"http://localhost/aspprotect/password_admin"
"http://localhost/aspprotect/users"

I have an asp page that includes other asp pages via an include.  for example:

snippet code: file name: collaboration.asp

 <table bgcolor="#bed1e4" border="0" cellspacing="0" cellpadding="10" marginwidth="0" marginheight="0" leftmargin="0" topmargin="0"> 
    <tr>
    <td>     
     <!--#include file="../../../filetransfer/directory_listing2.asp" -->
    <BR><BR>
     <!--#include file="../../../filetransfer/upload.asp" -->
    </td></tr>
   </table>

I can add the code below to collaboration.asp and it seems to work,but I cant seem to figure out how to protect the other files such as upload.asp at the same time. -- can you help?  - Note: as soon as I add the code below (and adjust the path) - I cant bring up the page.

This is the protection code I am using.

<!--#INCLUDE FILE="../../../../aspprotect/check_user_inc.asp"-->

Shirely

Chris, that fixed it.  Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.

Suggestion for future release.  Create an option to email the admin when a message is posted.  If this code already exists please advise.

Thanks, Lance

The main root of your web site needs a "aspnet_client" folder for .NET apps like ASPProtect.NET to run.

If this isnt quite right one of two things can happen.

1.) You'll get a pop-up error like this.
'Unable to find script library WebUIValidation.js'

2.) The ASPProtect login screen will come up but just not let you log in.

This folder only goes in the root. Not in subfolders and subwebs.

If you dont have this folder in the root of your web.

Read this article to learn how to properly create the folder.
http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/cpguide/html/cpconconfiguringaspnetapplicationforaspnet version.asp

If the app is installed on a hosted server you'll need to ask them to do that for you.

You can also try copying a the folder from your own machine after creating it the way the article above says.

or

here is a copy of my "aspnet_client" folder created under the latest framework at the time of this writing. v 1_1_4322

2004-11-03_134912_aspnet_client.zip

I am not sure if copying it in is as good as having created by the server as I haven't had time to really test all of that but it should work. Ultimately all this does is put some files .net needs in the web.

The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.

Download Documentation

You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.

Please continue to check the support forum threads for the most up to date documentation.


IMPORTANT
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then  choose unblock down in the lower right corner ...then you can open and view the file correctly

here is a thread that may help you if this is what you were getting at

http://support.cjwsoft.com/code/moreinfo389-1.htm

I recently upgraded my ASPclassifieds from MS Access to SQL.  The application launches, I can browse existing catagories, etc. but when I try clicking on the login, guestbook, register or accessing the classifieds_admin,  I get the HTTP 500 - Internal server error.  Guessing this must be a folder or file permission issue?  Have tried changing IUSR permissions but nothing helps.

Please advise.
Thanks, lancem

Hi,

We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.

Hello,

I do not really understand what you mean?
There are no country and city lists in ASPClassifieds.

I just took a look and that is definetly what happened.
It has nothing to do with the registration process as far as I can see.

Just running this page triggers it and I know it does not do that the way it comes.
http://www.myvirtualtutor.com/aspprotect/users/user_area.asp

Please back up what you changed and put the user area back the way it came..

If error still happens then I can help you.. It it works fine with the default files from the zip archive then you messed something up in the code.

You have to be really careful when working with ASP code.

Also: just in case you did this. " you should not be password protecting any files in the users area that are already there " the users area does it's own thing and there is no reason to be doing anything like that to the files that are already there. You can do whatever you like to files you add on your own.

Umm, if your using MSACCESS your using MSACCESS

SQL server has nothing to do with it.

I did a sign up.. your verify URL is not saved/set in the application variables.

try saving the admin settings page again.. or reboot the server so the settings get reloaded

if you can make sure the web is it's own application in IIS

if it is your server do and "iisreset" from the command prompt

if all else fails you got iis application issues with the site... wait till tommoro to see if the setting gets loaded

Hello,

Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.

If you design the site to be intelligent that scenario should never happen.

For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.

It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.

Here are some simple examples.

Here is an example using access levels.

<%
If Session("Access_Level") = "1"  Then
' show links to pages that allow access level 1
End If
%>

And one for groups..

<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>

The random password is generated during signup and the function that creates it is located on this page of code.

users/register.asp

it looks like this

Function RndStr(Length, UseChrs)
 If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
 NewStr = ""
 Randomize(CByte(Left(Right(Time(),5),2)))
 For gpIndex = 1 To Length
  NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
 Next
 RndStr = NewStr
End Function

For example go to this page and hit refresh and watch the password change.

http://www.aspprotect.com/demo2/users/register.asp

Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.

Anyway... when signing up the new user of course has the option to change that password to something they would like better...

As far as... "selecting the same user name and password every time"

I need more information. That does not make sense for a lot of reasons.

Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.

So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.

Now of course if you edited the code in any way it is possible all this is not working correctly ?

After taking another look at this and trying your suggestions without success, it appears that in Windows 2003 server it is nearly impossible to remove the READ ONLY attribute from the _database folder.  I'm wonder if this could the cause?

Thanks