Blog Entry: 3/25/2006 4:58:17 PM
here is a thread that may help you if this is what you were getting at
http://support.cjwsoft.com/code/moreinfo389-1.htm
, When a logged in user with specific group rights tries to look at a
page that has different group membership requirements the Login screen
comes up giving them an opportunity to login with different rights to
view the page. If you log in again with your current user name
the same login screen returns with the added words something to the
effect of "Access Denied, you dont have group rights to this page...".
The only way to get back to the previous page is to hit the back button
on the browser (there is not a back button on the denied page).
I would really rather not even present the "login again" screen to a
user but just have a custom page that says "access denied" of my own
design with a back button on it. Is this an option provided for
in ASPProtect currently? I did not see it in the admin section
settings tab. Is there a separate "login again" asp file that is
being used for this
group access deny message that I could alter, or does it always have to
be the login asp file?
Or would this require me modifying the check_user_inc.asp file around
line 356 to change this behavior (I don't want to screw up any other
stuff though...).
Thanks!!
Oh, PS. just a quick check...it looks like if a user is an
"admin" he automatically gets to see all group pages regardless of
which set of group numbers are assigned in his user account...is that
right?
,
Regarding hosting companies..
Now.. obviously if you are hosting on someone elses server you may not be able to set permissions like this.
Ultimately, if you are hosting somewhere and ASP and Database connectivity is part of your hosting plan. It is the hosting company's responsibility to set these permissions for you when asked or to give you a special interface to do so on your own. If they are not helping you do this then maybe it is time to get a hosting company that is serious about your ASP Hosting Needs.
Also... JUST TO BE PERFECTLY CLEAR
The permissions we are talking about cannot be set via FTP or Frontpage access to your web site. They must be set like shown above or via a special interface meant to set the permissions correctly. For all you people out there messing with the permissions you see in FTP and Frontpage.. you are wasting your time and possibly creating problems in your web.
All ASP scripts that communicate with an Access Database, Upload Pictures, Modify Text files.... are going to need these permissions set in some way or another. We have no control over that fact. cwilliams38360.69125, ASPProtect and PayPal are fully automated and ready to go.
Accounts will automatically get activated after payment.
We actually do not tell you to put nothing in the PayPal system for the IPN URL. Something has to be there or PayPal will not let you enable IPN. We actually tell you in you PayPal settings to turn on IPN and make up an IPN url because something has to go there. (I think we suggested making a blank asp page on you're site to send it to) It really doesn't matter where you send that but it might as well be a valid page on your site to avoid any 404 errors in your logs when a non ASPProtect payment comes in.
You see, we dont set that IPN url set in the PayPal system because each ASPProtect signup script directory (single payment and subcription) uses it own IPN url and that all gets set on the fly by the aspprotect system. There is a way to overide the defaul IPN url is what I am saying.
Also:
A lot of people already have something there and we didn't want the ASPProtect system to interfere with things they already had going on. cwilliams38421.530787037, Does emailing work under the simplest scenario ? (directly from the users screen)
Thats the way to test it..
All that error means is whatever reason the settings you have chosen are not working. It could be the server. It could be what you chosen. (and yes I realize your pop info from outlook should probably work with the settings you chose)
Whenever I do installs I often have to try 3-5 different emailing scenarios before I come across one that works.
Each time making some changes and sending out test emails from the users screen until I get somewhere. Often time getting a working example of how your Hosting Company wants you to send email from ASP is the info to get your hands on. (what method and settings)
In this case they may have blocked the usee of a remote server and want you to use some other settings for sending email from asp. A lot of times they put that info in their help system.
If I were you I would start by trying the other two CDOSYS options for starters, and then try the remote server option again but using "localhost" as the server, if none of those work consult your host for example code and settings to send email from asp. If you still have no luck I can help for sure.
Realize too when testing the emails may take a bit to arrive. A delay of sorts. Best to type in a quick note about which method you are trying in the email text. That way when you finally get one delivered you'll know which method worked. , Actually, as far the "aspprotectnet.dll" file goes it makes sense because of the following.
The "aspprotectlicense.dll" is something we do not provide the source code for. We also do not compile it in "debug" mode because you not want dll's running in "debug" mode in a production environment and we also do not want that dll in debug mode because of reverse engineering reasons.
Now, that being said that DLL is no different than any other 3rd party dll "so to speak" that you would use in a project. Many of which will not be in debug mode and you will also not have the source for.
"Microsoft.Data.Odbc.dll" being an example
Regardless, there must be a way to do what your trying to do. I am just not sure at the moment. It is nothing anyone has brought up before and I personally have never had any issues like that when I work on the application so I am just not sure.
It probably has something to do with the way you set up your project., check permissions for the user you are connecting to the SQL database.
http://support.cjwsoft.com/code/moreinfo122-1.htm
That user may not have permission to make new data
Also, check all field and table settings manually by comparing them to the SQL creation script we provide. You may very well be missing auto increment and primary keys which would make adding new data not work.
It is most likely one of those two things. , I am running into problems with the import function. I have 25 photos loaded into the import folder. The page see all of the photos. But after I click on the import process it takes me Picture Manager with no pictures loaded. I have hit the refresh button, but there is nothing there. dr_bones38394.676412037, Those access levels are not used and are nothing to worry about. They are left over from the ASPProtect core which I used for the users area of ASPBanner.
I am not sure what you did but its not a none, Unless I know more I can not make any guesses what happened. I would make sure in the database that the user is active and the expiration date field for them if there is one is empty, Oh also, I tried to run the asp on my machine (win XP) and unless I'm missing something fairly obvious, I cannot get it to run correctly...when previewing it, I see all the code instead of what I should be seeing., Hi,
I have a question re ASP Protect, I have got it up and running on a dev server which also hosts a e-com engine (ASP / Access), when users check out they are presented with the e-com log in screen (which is sharing the same ASPP_User table). All's well and registration and editing user details is fine both in the Admin section and the front end of ASP and if I request an email reminder from the ecom scripts I get back the encrypted password.
I'm using <% = Session("Email") %> and <% = Session("Password") %> to populate the fields on the ecom log in page so users can click though and progress, the checkout process needs the username/password, all user info shows up ok, however, when I proceed with these credentials, it doesn't work, even though I know these to be correct and even without requesting a password reminder and using the one that gets me in everywhere else, I still can't get through? do I need some code re the crypto so the ecom can decode??
Any help would be great - I've been on it for about 10 hours, and checked through the posts here but can't fathom it out?
Thanks Craig , yes, like it says it is expirimental
turn it off.. the banner system will run just as fast for the most part
or leave it on and an occasional user will see a permission denied error where a banner will be, sorry.. you just said above you were using XP SP2 so that is the article I referred you to as I just assumed you were talking about your local web server
here is my article on permissions regarding server 2003
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp
I can look at your installation monday if you like. In about an hour I leave for a wedding thingie and I wont be around again untill monday around noon
Try the uploading using VBSCRIPT method just for the heck of it. Perhaps there is an issue with the installation of the dundas component.
CJW
, Glad it is working.. for anyone reading this the customer bascially did this
http://support.cjwsoft.com/forum/forum_posts.asp?TID=36& PN=1
That being said asp photo gallery actually has a few more places that send email that you going to need to modify as well. Off hand the reply to album, admin massemail, admin send email,and postcard features come to mind possibly as 3 of them.
using a multiple file search and replace utility like ReplaceEm would be the easy way to do all of this in one step and find all the instances
http://www.orbit.org/replace/
cwilliams38420.4424537037, I am brought to a logon page in which I cannot access the page. This must be due to the check_user_inc.asp include. Without the include I get a blank page. , well, thats a network drive path and in my opinion a very poor way for them to have set things up. It can work as long as permissions get set there and they have the anonymous webserver accounts set up correctly to handle that scenario, but performance isn't the best because your accessing the access database over the network. Access databases are not just not meant to be connected to over the network in a web based scenario. Quality ASP hosting companies do not set up their servers that way and it can often be difficult to get things running as it is a more complex setup on their end. Meaning if they dont synchronize the IUSR_machine accounts correctly you'll have permission issues.
http://www.aspfaq.com/show.asp?id=2168 , perhaps the filesystem object is disabled on the server ?
or some sort of script blocking is running and causing a problem ?
other than that I can take a look if you put it up on a live server.
, No problem. I get it now.
I added a Session Variable for "Counter". Then wrote an If statement around that. When the user logs on for the first time they see a window pop, after that the normal start page.
Thanks
, actually, passwords can be up to 75 characters long in ASPProtect.
the only requirement when entered from a non admin user is that they are at least 4 characters long.
what does MSAccess have to do with this ? Are you trying to convert and old system or something? I noticed you created and "old password" field in there ? Is there something I do not know about as far as what you are trying to do?
Passwords in version 7 are encrypted so I hope you understand all of that and realize you can not enter or change passwords right from SQL server. Also if you import info you must handle that accordingly and convert the passwords to encrypted format for the new version., What application you talking about ? I'll assume ASPProtect. In the future please specify what application you are talking about.
ASPProtect 7 already has protection that is quite effective. The no concurrent login feature which will not let the same username under a different ip log in at the same time. Meaning if someone gives out their info they will screw themslves over because eventually they won't be able to log in. Only one unique ip at a time can log in so even of 100 people know the info it won't really do anyone much good except the lucky one that logged in 1st and stayed logged in. The username/password will eventually become more and more useless as more and people know it.
In addition to that is is a good idea to monitor the daily logs and single out a user you see logging in a lot. The more ips you see for that user the more chance it is multiple people logging in and you should take action. , edited due to inappropriate content ,
- What kind of encryption do you use with version 7?
- If I purchase version 7 and use it on my site with a new SQL database then migrate the old records from version 6 so I can by-pass the issue with my home-grown Base 64 encryption, do you forsee other issues with the upgrade?
, (User Photo Upload Mod) for ASPProtect Version 7.x
This will allow an individual user to upload a user picture instead of just the admin.
Notes: This is a down and dirty mod. The user upload code was copied from the admin area and there are no safeguards. Meaning there is no limit on the file size a user uploads and there is no confirmation process in case something they upload is inappropriate. etc etc etc
If you want that you will have to work on that on your own.
Directions:
Back up your existing ASPProtect installation.
copy these files into your "users" folder
2006-01-24_111305_User_Upload_Mod.zip , I agree -- don't use the code as is. I provided it only as an idea for a work-around if your ASPProtect users with Internet Explorer complain about the Page Expired message.
I did not test it to be sure the parms coming into the target page (which would be part of the URL when bookmarking) are properly preserved. It would be easy to make sure they are preserved, but I am not sure the code in the example does that. I also customized the code with my own page header and footer.
I have the Option Pack but the site does not need it yet so I haven't applied it. I don't expect many problems re-applying my few lines of modifications.
The IE behavior is not a big deal if you provide an explicit login page, since users would have less interest in paging back to that. In my case, I simply gave a link to a protected part of the site, and when they take that link, they instead get the login form if they aren't logged on. Once they log on, they get their desired content page, to which they sometimes want to page back later on.
From searching the Microsoft Knowledge Base and other sources, I could not find a way (using HTML) to turn off IE's behavior of refusing to quietly reload a page containing form data. Netscape does not do this. So my IE workaround is to ensure my target page does not contain the login form. It does not solve the cause of the problem, but in this case it gets rid of the Page Expired error message for my IE users.
I also purchased ASPProtect for another site, and I'm using that "out of the box" unmodified. I'm very pleased with ASPProtect's functionality and the fact that it works completely without the need to customize. However, I've found it is very easy to customize if I want to.
Jim
Puli Club of America , ok, then I need more information.
Was the code changed ? Thats the big one. If it worked and now it doesn't something must have changed. Things just don't stop working on their own. I would try putting the original files back in there for everything but the config and dataconn files just to make sure and see and if it works with the original files. (back up your old ones 1st so you can copy them back of course)
Also, perhaps PM me the site info so I can go look as well. , Is there any update to this ?, well, assuming that function works and is vbscript not vb
(if it is vb code it may need some conversion work)
anyway
in "users/add_new_account.asp"
you would put the code for that function anywhere in the page.. it does not matter where as long as it is in code tags <% %>
then.. right under this part of the same page
If Zipcode_Postal_Code_Required = True Then
If Zipcode_Postal_Code = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Zipcode_Postal_Code.\n\n")
End IF
End If
add this
If Check_Postcode(Zipcode_Postal_Code) <> True Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Valid Zipcode_Postal_Code.\n\n")
End If
No guarantees but that is the gist of it cwilliams38381.6456828704, you not seeing the real error
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1 , I would look on the pictures folder on the server and see what is there for pictures. Also, when you see a broken X on the site right click and see where it is trying to get the picture from and what the pictures name should be.
I would also be sure to clear out your temporary internet files in IE. clost and restart all browsers..
maybe show me the site ? so I can see this happening ? cwilliams38348.9748726852, question 2 is answered best here
http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal
I should also mention that the paypal scenarios used in ASPProtect can not be tested using PayPal's sandbox. Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts)
then you can log into the other and refund the transctions and of course it makes sense to use low amount like 1 cent and what not.
Also, I'd love to see what you came up with with the integration. I have been working on it here as well and took it in a different direction as I plan to sell directions for it as an add-on for aspprotect. I have it all working here but so far I dont see an easy way to let other people do it as I had to change things in both systems in a lot of places. Utimately if done under a SQL environment triggers should be used at the database level and that is another consideration.
, Thanks for that.
I have tried InStr("*2*",>"0") in the query design window but it does not return any members.
I have orded a Access Bible to help me in furture , Hi Chris,
Our company has a big dilemma on how to manage the database for accounts that are expiring/expired.
We saw the function to email a batch of users who are expiring soon but this doesn't help us to complete the renewal process.
Once the email is sent, what happens afterwards? how can we setup the system so that we can renew their expiry dates or accounts without too much hassle?
The system currently doesn't have any renewal functions or to allow batch changes on multiple accounts at the same time so we have to manually edit one account at a time. This is extremely tedious if we have over 1000 accounts to manage (and we will).
If you have anything to suggest on all this I would appreciate it :)
Thanks alot
Sylvain , I have found the alternate databases and they do not work either. I then went back and changed the database path in the asptest page to connect to the 2000 and 2002 test databases and it connected successfully to both of those databases, just as it had successfully connected to the asptest.mdb., Christopher,
I have a follow-up to this question.
Is there a way to get the photo descriptions to save with actual spaces instead of the HTML space code all of the time?
I know that is does this if you hit Enter while typing a description, because it creates a 'br' tag. The main reason I am asking is because if the user does not enter a line break, the description is saved a single long string and the pic_window.asp page is generated with one long description which makes the page very wide.
I tried to get around this by changing the description style in pic_window.asp to reflect a value like 50% or 200 pixels, and I have tried putting it into a table with a fixed width, but there is no effect.
Thanks!
- Jason , I really do not know to tell you the truth. I'll do some research.
The script only allows .jpg, .jpeg, and .gif extensions.
If someone uploads a file called... "filename.vbs.jpeg" with bad vbscript in it I seriously doubt anything can happen because of it because of the extension.
But I really do not know.
It has never happened to any sites I have or know of.
cwilliams38447.0491435185, If they changed the paths they moved the site.
That means permissions for the database folder must be set again.
If permissions are not set and you are not using the correct new path info then you will still get errors.
Those errors the server reports back and quite generic and do no mean exactly what they say. They just mean everything is not perfect.
And everything just has to be perfect.. cwilliams38306.5069328704, As I already had directories in my web site root called 'images' and 'templates' I loaded the files into a sub directory called 'aspprotect' as suggested in the installation guide where it say 'either way it really doesn't matter'.
However, it does.
The scripts are often looking for a file which it can't find because the /aspprotect part of the path is missing. Example:
I can't find a way of editing all the scripts that need changing. I'm assuming it would be easier to change my site to avoid using subdirectories used by aspprotect and reinstalling from scratch straight into the root directory.
Anyone with any suggestions?
Many thanks
Ian , Chris,
I have had a couple of users log out of the system as they are supposed to, move to another computer and not be allowed to login because of "they are currently logged in using another IP address" when in fact they logged off properly. Is there anything that they should be doing differently?
Thanks,
Jess , you have to do it like I show above... your not specifying the field name to be searched in the instr function so what you just showed me will not do anything
You also should not have the > 0 stuff in the function because it is testing the result of the function.
You have to do it just like I showed , I am sure its permissions as well, but I don't have that much access to the hosted server...lol.
I will use access for now, since it works fine, and try to talk with the hosting people later.
Thanks! ,
Timecard Entry: 3/25/2006 4:58:17 PM
fixing modem chaos at IMC-net caused by the storm....netserver boxes totally messed up.....rest them both and straightened out the pool., fixed a few minor Front Page problems on Raptor........unloading cache and restarting sites, 200 miles to crown point for meeting with crown point, Team meeting, answered incoming calls, call backs, raptor.gisco.net went down. Had to reboot it, then after that there was a problem with statstracker.gisco.net, ended up having to reboot that. While I was up I checked out Clayton's dialin., travel to appt, 25 Miles : Watertown - Clayton, Checked and called users that left voice mail messages., did some radlog. had a few people calling because 8940 was busy, Covering the NOC, Going over long list of SoftMLS changes and what Chris and Cris have completed and what still needs to be done. Put together a summary email for Cortland MLS folks so they know we're working on it., pretty busy actually... did many rad logs online entries as well did the dial-up issue left over from yesterday , breaking down boxes, cleaning side walk, vacumeing, restarting NS0 after a crash.....checking volumes and restarting all services again, continued work on designing "user manual" for SoftVendor, steady morning. , printed, reviewed, mailed invoices, readied money for clayton, checked signups in new users, cancels for nonpayment, filed customer paperwork, answered phone-signups, cancels, acct changes, vacuumed and steam cleaned carpet., Called expiring users., did a few minor things that could be used on agency ideas, Making some long needed changes/additions to upload component package before adding it to senator wrights page. Adding in left and right image wrapping features, auto image sizing, etc. Adding fix to defeat NT permissions problem., Checked modems also., email and vm, Emonitor went off, called and talked with Seth. Emptied trash and vacummed entire area., Filling out time card for today., Updated the cancel log for Andrea, wireless, misc. work, Daily routine, Tested and fixed problems with the 4911 modem pool in Clayton., Took brochures to be printed,
|
