Blog Entry: 3/25/2006 4:49:13 PM
Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
(
[User_ID]
) ON [PRIMARY]
GO , I just upgraded from 6.0 to 7.0 primarily because we were limited in the choices of email systems we could use to send an email validation message.
Previously, with 6.0, we were using CDONTS to send an email validation message to new registrants. Unfortunately, AOL email addressee's were not receiving the vaildation email from us. I received a reply to another post I made on this forum that the problem was due to the fact that aCDONTS generated email has no MX record and AOL blocks non-MX record containing emails.
Well, I upgraded to 7.0, switched to CDOSYS (Using SMTP Virtual Server) with SMTP Authentication and it appears that AOL is still blocking the validation email.
Any suggestions, comments?
,
Please be aware folks..
This file is not provided by CJWSoft. Though this may work very well use of it is not supported in any way. We have not tested it.
This user is not using the option pack so this file will not be compatible with anyone using that because it does not have support for groups and some of the other new features.
Regardless..we appretiate users sharing ideas and solutions that they have come up with. cwilliams38313.499837963,
Error when click on banner. (I remove on error resume next in config_inc.asp)
The conversion of a char data type to a datetime data type resulted in an out-of-range datetime value.
banner_redirect.asp, line 36
Database - MS SQL Server.
Gignutyi38368.5403935185, it is by design actually and something that can be improved
(I just never thought of it when I 1st designed the system and it is actually planned to be added in Version 8)
The trick would be to reset those session variables anytime someone edits and saves their information... not very hard at all
you would do it on the save code page for when a user edits themself.
you want to grab the info posted from the form and reset each session variable at the same time everything is re-saved to the database
example
Session("Company_Name") = Request("Company_Name")
, Version 7 uses.. RC4
The upgrade process is described here in detail including a procedure to convert existing clear text passwords to the encrypted versions. (Your passwords will need to be clear text as the system shipped of course for the conversion to do its thing)
http://support.cjwsoft.com/code/info24.htm
It is also covered in the downloadbale docs
http://support.cjwsoft.com/code/moreinfo221-1.htm
Many people have done the upgrade without any issues and Version 7 is getting great feedback.
Should you decide to go with it there is upgrade pricing.
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp , The path is correct for the logfile directory. This is still not working.
, If it stopped working it has nothing to do with the ASP code. YIf could have stopped for any number of reasons as hosts often change email server requirements and info. You need to go over the email settings. Of course make sure you and the person you are sending to have valid email addresses and try different methods/settings until you get emailing to work again.
Testing it by sending emails off from the users screen.. in each email type in what you are trying at that time so you know what worked if emails make it through. Also, be sure to check junk filters when testing to make sure the emails are not being put in any of those.
That's what I would do. CDOSYS is always your best bet for sending emails as it has so many options and all new server support it. , new version is still not finshed as of the end of the year... I am not going to release it until I feel it is ready., I just purchased the software and it looks great however, I have been fighting for 4 hours trying to get a protected page to do what it is supposed to.
I was trying the examples you provided and they worked fine, then I would use the code at the top of my pages with no luck.
When I installed the software, I used an FTP package as I have found lately that anything with a database gets all messed up when I publish with FP.
On a whim, I took the page I was publishing in FP and published the same page with my FTP program. It worked! What I can't figure out is what FP does to the files to screw them up so they won't function. Is there a setting in FP that I have to change to get it to work? The files look the same, but they are different sizes when I overwrite them with FTP.
Any ideas? I don't want to have to publish my entire site with FTP as it is a FP template site.
Thanks,
Dave , Chris -
Long time no talk, which is a good thing. I have purchased another product from you, ASPVendor. I am running into an issues.
When I try and remove the image through the image manager, it does not remove it. Screen shot attached.
2005-10-19_194248_image_upload.zip
Thanks , Hi,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http:// , ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the image in 2 ways.
- We use Javascript right click disabling code that works in both IE and Firefox.
- We stream the image via a special password protected ".asp" page and use an image tag to call it. This hides the true location of the file. You can therefore keep your images out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the img tag html source they can not tell where the file came from. Doing all of this allows you to offer certain images only to people that are logged in.
All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.
For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.
Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.
http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41 , you do not run "check_user_inc.asp" by itself
Pages you protect include that file at the top.. when they someone goes to a protected page if not logged in a user then sees a login prompt..
after loggin in they see that same page as normal
its an automated process..
now, that being said if you really want to you a specify a page to be redirected to after the 1st login when you edit a users info. You can also redirect anyone anywhere like using a simple ASP redirect statement in your code.
Personally I feel that redirecting people all over the place is poor site design. ASP is all about dynamic code and ASPProtect is all about dynamically tailoring pages to the current logged in users... so why redirect people all over the place.. it justs complicates things because you still need to password protect the places you send them to.... which means twice the work and twice the confusion.
Also, here is a Version 6 thread about redirecting manually that still applies to version 7.
http://support.cjwsoft.com/code/moreinfo17-1.htm
, We want to insert a hyperlink i the mesage area when we e-mail users from the Password Admin area. Is ther an easy way to insert the hyperlink so when the user gets the e-mail, they can just click on it and go the the page we want them to?
Thanks,
Andy cwilliams38456.0983101852, [QUOTE=cwilliams]Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.[/quote]
I did change the top_logo.gif and the associated link. That was on the default page not the Solid Black skin which is unchanged. After downloading/uploading the skins I tried changing it to one of the Beach skins and that's when it changed to Solid Black and has been stuck there ever since.
[quote]Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.[/quote]I don't have access to the Microsoft IIS console as this is a host site. I can access the site's "control panel" but it does allow for those type of settings. Mostly just permissions, DSN entries, etc.
Thanks.
Al , Regarding installation in a subfolder
Though this should be common sense and ASP.NET 101 "so to speak" One thing not mentioned in the docs..
If you do not install ASPProtect.NET in the true root of a web there a key in the web config you must adjust.
it looks like this
<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />
The way it comes it is valid for a root installation..
lets say you installed the application in folder called.
"aspprotectnet"
the key would change to this
<forms name=".aspprotect~net" loginUrl="/aspprotectnet/aspprotectlogin.aspx" protection="All" timeout="60" path="/" /> cwilliams38454.3830439815, FILE includes can not use virtual pathing info
http://www.powerasp.com/content/code-snippets/includes.asp
if you want to do it like that you have to use a VIRTUAL include, Ahhh, I see it, thanks that was the ticket.
, Hello,
VBScript is the most popular ASP scripting language, and has the most support available. I estimate that less than 5% of the ASP coders out there use anything other than vbscript
That being said it specifically says on the aspprotect site ASPProtect is only for use in protecting asp using "vbscript" as the language.
http://www.aspprotect.com/more_info_full_v7.asp
http://www.aspprotect.com/comparison.asp
it is something I specified very clearly for this very reason.
Sorry, but you can not use ASPProtect to protect pages using Language="Javascript". The code is too complex to be mixed with server side Javascript.
To password protect asp pages written using "Javascript" you really need a an application specifically written in and designed to work with ASP pages written using "Javascript". And then of course that application would not be able to protect ".asp" pages written using "vbscript." (I mean never say never, but it would be a ton of work to get both working and I doubt you will ever see a commercial application that does both)
as for switching back and forth between vbscript and javascript you really can't except with very simple code. Doing so with anything complex can be extremely problematic because the order of execution sometimes gets all mixed up because of the complexity of the code being used.
That doesn't mean it can not work....
You would really want to do something like this.
do not specify a default language at the top
surround the aspprotect include file with this
<SCRIPT Language="vbscript">
</script>
surround your javascript code with this
<SCRIPT Language="JavaScript">
</script>
then make sure none the code including the aspprotect include file has any <% or %> tags in it
that means you have to remove that sort of thing everywhere... that means a lot of work if you used a lot of that sort of thing instead of response.writes to write out html type stuff
and again... I don't know if you would ever get it all working , yes, there is upgrade pricing
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp
and upgrade instructions here in the forums
if you install it in the same directory structure you wont have to make any changes to the pages in your site you have already protected.. because the code to protect a page will be the same
now, anytime you upgrade an application like this there is going to be a lot of work involved especially when there have been so many changes
http://support.cjwsoft.com/code/moreinfo173-1.htm
whether or not you upgrade is up to you
Like I said you can make version 6 work with CDOSYS and a remote email server. You just need to do some research on CDOSYS code and spend the time needed to make the code use it. I however am not going to spend time detailing all of that when I created a new version that does it.
, I'm using ASPimage and have the maximum width set to 320 in the settings. Also using SAFileUP ver. 4.0.
Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.
Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.
Suggestions? lancem38326.9070486111, Are there any problems with modifying the default database fields.
I need to have an update from net billing and they use different settings in the database than the default.
Will the interface still be functional?
, I assume so you can clean up users that register, but then never pay ?, the txt file is only lke 624 kb...so I'm not sure, I would like to have the ability to give a user 1 album with the default # of photos in it.
Is the best way to implement this to just add in an album creation
routine during the sigup/registration process and turn off the ability
to create a new album? Or is a user setting prebuilt into the
system for this?
, nope ,sql server has nothing to do with this
I am talking about the folder pictures are stored in.. it needs modify permissions set for the internet guest account like those articles talk about
, Wonderful! Does it matter if I move the aspbanner logo, as long
as I keep it on the page? Or does it need to stay front and center?
Laura
, I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database.
How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'? cwilliams38417.7773032407, Yes, I was referring to ASP Protect.
I had about a dozen people access the same account, but it is highly unlikely that they would all try at the same time (unless there were several hundred people who had access). Having an enhanced login abuse would be nice.
, You cannot use server mappath in the connecting string of the application. If you want to know why read my article.
http://www.powerasp.com/content/hintstips/physical-path.asp
Make your connecting string just like in my example.. do not use the oledb connection string either as it will cause other problems.
If you need to find out the path to the mdb file you can use server.mappath to get that info but do not put server mappath in the connecting string. See my article again.
then if the database folder has proper permissions and the path to the mdb file is valid it will work... otherwise you get useless errors, its really that simple.
You also may want to download ASPTest from www.cjwsoft.com it is designed to show a person how to setup a working data connection., After a user edit his information (name, email, etc), the session variables are not updated. In the user_area.asp
page, I "Response.Write" all the session variables, and they are still
showing the old information. I tried refreshing the page but to no
avail. The only way to update the display is to log off and login again.
please help.
, The main users screen... the 1st screen you see when you go to the admin area.. where you email an individual user..
The settings I am referring to being the various emailing settings on the settings screen, The settings you showed me.
As for emailing via a remote server over dsl. It may not be working because the ISP's block the port (25) to stop people from running email servers over their dsl.
Your POP3 works because POP3 uses port 110.
If you want to send emails from your local server on your dsl you should probably install the SMTP service of IIS if you have not and send emails using that with CDOSYS. Either that or get a commerical DSL account with a static IP that allows for running email servers. , You know what, you really are frigin goofy to say you might think we
didn't write the software. I got source code to the license dll as well
as about 12 revisions of the application sitting on my development
server as well as about 1200 emails between John & Myself as we
worked on it. Not to mention all those .vb files that come with the
application. What do you think those are ? I bet you don't even really
know based on something you said in one of your earlier forum posts.
Did you even read this cause this is YOU... !!!
http://support.cjwsoft.com/code/moreinfo234-1.htm
And we say right on the ASPProtect.NET product page to read that article before making a purchase.
Moving
on... it basically says on the site ASPProtect.NET works the way
it is shown to work. You can use it that way or you can further edit
the code with Visual Studio.NET. If you are so good with asp.net then
you should be editing the code to work differently or writing your own
authentication that works exactly how you want it to. End of story. You
keep arguing about things your done... you are so done !!! I won't keep
putting up with you., Now that I really think about it.. instead of logging that info to a text file and worrying about folder permissions you could probably just save the post info into an application variable during the paypal ipn.asp post like so
For Each Item In Request.Form
formdata = formdata & vbCrLf & Item & "=" & Request.Form(Item) & vbCrLf
Next
Application("PayPalPost") = formdata & " - " & NOW
then anytime you wanted to see if that info was there or when it happened you could make a simple asp page in your site to display the results like so
<%
Response.Write "(" & Application("PayPalPost") & ")"
%>
cwilliams38421.6747453704, ok, that does not work but that still is not enough to help me troubleshoot.
I'll probably need to look around in your admin area and check things out in order to figure anything out.
I will also need to see the protection code you put on that page exactly as it appears.
PM (private message) the admin usersname/password to me if that is ok with you and I will check it out
it's really the only way I can help with an issue like this. I have to make sure you didn't do something wrong and then go from there , ok, well that should not be a problem then.. its meant to be able to be put in a folder like that.. just make sure the folder is not a subweb or anything like that... meaning dont set the folder up to have its own application in IIS. Just use a regular folder of course that is part of the root iis application.
Perhaps you just didnt edit the paths in the settings like I mentioned., again I will ask you what is the real error??
see the link above when I asked you the 1st time.
(I need the error details and line number.. etc etc)
and what kind of a server are you trying to run it on ?
you mention xp pro but in a confusing way ? ,
AUGUST 12th 2004
NEW VERSION OF ASPBANNER IS BEING RELEASED THIS WEEK
ASPBanner Unlimited Version 8.0
It is completely finished.
http://www.aspbanner.com/
This new version has more features and is selling for $99.95
Unlimited Version 7.3 is now named "ASPBanner Standard"
Owner's of Unlimited Version 7.3 can get an upgrade to Unlimited Version 8 for the difference in price (based on current pricing)
It is available now for purchase at the following link .
http://www.aspbanner.com/purchase_unlimited_v8.1_classic_upg rade.asp
The new version can use your existing database so it is a fairly easy upgrade.
If you are not an existing ASPBanner Customer you can use the following link to purchase the application normally.
http://www.aspbanner.com/purchase_unlimited_v8.1_classic.asp
Notes on the new version:
ASPBanner Unlimited Version 8
Improved graphics and some new icons
New reports screen... 4 reports total 3 of which are new
New Iframe Banner Calling method with built in auto refresh feature so banners can rotate at a specified interval on their own
New Zone Order Informaion Page
Visually shows you what the current rotation looks like for a zone
Banners can now be stopped at a certain date and at an impression limit
Whichever is hit 1st.. before it was just one or the other
New "data" folder... this new directory is the only directory that needs permissions
this should make setting up the system and permissions a breeze.. all cjwsoft applications will
eventually use this same folder
New configuration text file... eliminates config table in the database and allows us to easily
add more config options in the future without changing the database.. means easier upgrades down the road
and faster loading of the configuration data
New application data connection wizard
makes setting up the data connection a no brainer
more overall emailing methods supported
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
Persists ASPEMail now supports outgoing SMTP authentication.
Simple Mail now supports outgoing SMTP authentication.
It is becoming popular for ISP to use this.
Emailing code now uses functions so we can easily add more email component support down the road
Flash files (.swf) can now be previewed and used in new banner right from the upload page
before this could only be done with image files
Users page now has a notes popup feature
when you hold the mouse over the icon you see all info on a user without needing to edit that user
Edit banner page now shows the color of the banner status in the dropdown menu
New clone banner feature.. allows you to easily create similar banners
Banner application page has been optimized to be even more efficient
Javascript popup calendar date selectors
Ton of misc little things & Improvements...
Some Screenshots
 , Will purchasing an additional license resolve the issue which will allow another installation or is this a function of the application that it can only protect one site per server?,
Timecard Entry: 3/25/2006 4:49:13 PM
Reviewed all open
incidents; closed unnecessary ones., Talked to Jason about the G3 Mac and Photoshop 6.0 update., Reading and responding to emails and voice mails, slept, check and reply to e-mail, email, voicemail, troubleshooting of T1 link from CREG to TICC, At work working on credit card encryption technique that we are going to start using in the online storefront packages., met with pat reilly, Preparing replacement router for TI Council and time spent on the phone helping Drew and Bill troubleshoot on-site., Same as before., Working on softmls code with Chris W., Calls for DSL- sent out contracts, worked on Brownville proposal, Drive back from Watertown, Publishing classichitsz93.com to make fixes (somebody deleted admin, events calendar, and listings interfaces)., Marketing, Work with Crispin on MLS sites, On phone w/Susan at Shermehorn Marine Center, General Duties., timecards, Interview Nate, TIme spent throughout day troubleshooting Fishercast ISDN connection., Updated the entries for the www.house-now.com site, set up poaters at frontenac, spoke to them about stuffing invoices with info on the PC Bundle, Checked voice/email. Work Orders & Purchase Orders. Receiving., A/R statements, & Henderson, email voicemail, river trail proposal, Went to TICOMM to get equipment to re-wire the Church Center
, trvl to clayton, Mgr Mtg, Document eNote connectivity issue,
| 
