Blog Entry: 3/25/2006 4:53:42 PM
This is great FREE SQL Server Web Data Administrator App from Microsoft..
http://www.microsoft.com/downloads/details.aspx?FamilyID=C03 9A798-C57A-419E-ACBC-2A332CB7F959&displaylang=en
It is an ASP.NET web application that you install locally on your development server and then use to connect to a SQL database whether remote or local.
It can do nearly everything enterprise manager can do.
I have tested it and it works great for me. cwilliams38325.7453587963, If it stopped working it has nothing to do with the ASP code. YIf could have stopped for any number of reasons as hosts often change email server requirements and info. You need to go over the email settings. Of course make sure you and the person you are sending to have valid email addresses and try different methods/settings until you get emailing to work again.
Testing it by sending emails off from the users screen.. in each email type in what you are trying at that time so you know what worked if emails make it through. Also, be sure to check junk filters when testing to make sure the emails are not being put in any of those.
That's what I would do. CDOSYS is always your best bet for sending emails as it has so many options and all new server support it. ,
Hello,
Sorry, I do not have any good ideas on this one...
Domain Name Masking can cause issues with quite a few things.
cwilliams38366.3136342593, I believe that solved the problem as I have not heard from this person since I sent him the code., thanks!! the file took care of the extra slash. I also fixed the problem by modifying the permissions.
dazed , yeah.. I cant say for sure.. as I have never really tried to get it working in xp pro.
Last time I actually used cdonts locally was on a 2000 box
I would do a google search on xp pro, smtp service, and cdonts and let us know what you find out.
All of our apps can use free 3rd part emailing components as well so maybe try some of those. Course you need a valid email server to connect to.
, humm.. their FAQ is interesting...it looks like some sort of .NET configuration issue regarding security policies like you mentioned
Thats one of the big problems with hosting .NET. Some hosting companies just do do some oddball things. ASPProtect.NET works under default conditions but when hosts go around locking things down to the max there is bound to be trouble. This is the 1st I have heard of this.
Now, ASPProtect.NET does use the "System.Data.OleDb" and "System.Data.Odbc" which your host says they block because they require full trust.
All I can really say at the moment is go with a hosting company like www.alentus.com or www.maximumasp.com that does not restrict your .NET abilities so much.
In the meantime I am going to ask John Evans what he thinks about this.
, (Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Instructions:
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<tr>
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<td valign="top">
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
newsletter ?</font></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
</td>
</tr>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
End IF
End If
End If
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
else
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
End If
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Response.End
End If
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
 , it's ok
one step at a time and at each step testing things.. then when you mess something up you can figure it out a lot easier cwilliams38456.1106018519, http://gibsoncity.info/guestbook/default.asp
Reports 65-messages, however after the first 10 are displayed and you click on the More Messages button, I get the Page cannot be found error. , Aspprotect issue
I need the ability to allow users to view url links on a page, based on the
group(s) they are a member of. If the user is the member of one group (group 1 in the following example) the code works fine.
<% If Session("GROUPS") = "*1*" then %> "view link #1"
However, if the user is a member of more than one group (let's say 1 & 5), I cannot make the code work.
I have tried various versions of wildcards, nothing seems to get me there.
I fairly new at ASP, and I am sure I'm missing something simple.
Any help would be appreciated.
, Done!
I was able to put my experience was based on *40 months* of usage! I
think I bought a version way back in 2001, IIRC, so it's been a long,
happy trip with ASPProtect for me!
, question 2 is answered best here
http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal
Ok, got it. Didn't know if there was something already set up for this that I was missing.
>>I should also mention that the paypals scenarios used in ASPProtect can not be tested using PayPal's sandbox.
Ok. Thanks.
>>Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts) then you can log into the other and refund the transctions and of
course it makes sense to use low amount like 1 cent and what not.
Yeah, been messing around with
that. Got everything going except the return page which I can't
do until the site is live. 
>>Also, I'd love to see what you came up with with the
integration. I have been working on it here as well and took it in a
different direction as I plan to sell directions for it as an add-on
for aspprotect.
Ok. Will email you with a username and password for access to the site once it's live.
Sounds like a great add-on for ASPProtect!
Thanks!
Michelle
, Perfect. Thanks buddy :) eeye38433.0629976852, Ok nevermind that... i got by that wasn't paying attention...
The problem is even before this which i didn't know until now.
I placed the protect tag in a page i called members.aspx
When i go to this page is says ACCESS DENIED etc etc etc.
When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:
Server Error in '/MAP' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /map/users/aspprotectlogin.aspx
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42
btw it says /map because that is the subfolder within the root folder , nice idea. id be interested to see your modifications for ideas, 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , The setting I am most interested in is what you have for the "Pic_Max_Image_Width" used when the image resizing components resize the big image
setting it to nothing or zero could cause this
, (customer replied aug-sep 2005)
OK, you have old code then... I will send you some updated files that you can try.. let me know here if it solves the problem. , I'm using ASPimage and have the maximum width set to 320 in the settings. Also using SAFileUP ver. 4.0.
Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.
Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.
Suggestions? lancem38326.9070486111, humm, I am curious
If these people are employees and sales reps why are are you using expiration dates at all ? and why the renewing issues... etc etc
I am sure there is a reason but you did not explain.
it might help me to better understand and possibly think about new features for new versions in the future., just leave the databse where it is, use the connection string generated for you and most importantly... put in a request with alentus for permissions to be set
tell them "D:\Websites\www.mysite.com\aspprotect\data" and all of its child folders need change permissions (r,w,x,d) set so aspprotect can do its thing
until the permissions are set that connection string can not work
this is all noted in the installation docs... , The default database password is "temp"
This is noted in the docs. You can also see the current password by looking at your connection string. cwilliams38176.7913888889, Disallowed Parent Path
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.
If it is not enabled on you server you will have to ask your host to enable parent paths for your website.
This is what the settings screen looks like on an XP Machine
Additional Information:
It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.
Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.
Hosting companies should if they are serious about hosting ASP.
If they won't your only option is to go through all the code and convert the file includes to virtual includes.
http://www.powerasp.com/content/code-snippets/includes.asp
The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)
Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc
Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.
In my opinion virtual includes are pretty useless for commercial web based applications... Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.
For example...
The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->
But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this
<!--#include virtual = "/somedirectory/somefile.asp"--> cwilliams38391.6033101852, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks , ok.. Chris.. I am now kicking myself in the butt. In the setting section, I had to redirect certain urls and directories to the right spot. I forgot that I renamed the root folder.
Thank you, thus far for your continued help. It is greatly appreciate.
, ASPProtect version 6 does not officially support any sort of redirection or is it a feature.
You can however do redirection after login with some basic ASP if-else statements and ASP redirects. Basically you check the session variables after successful login and send users where based on that info. You of course also need to protect any pages you send users to and make sure any people that aren't supposed to go there do not go there directly and bypass your security.
I highly frown on Redirecting during login (In my opinion it is poor site design and it defeats the purpose of dynamic web pages, there is seldom a good reason to even need to do it if you design your site well) but you can check out this thread which should give you lots of good information.
http://support.cjwsoft.com/code/code_info.asp?TID=17&KW= redirect, its one or the other... you cant protect upload.asp at the same time if upload.asp is included in another page..
I mean sure you can protect upload.asp from running when another page calls it by password protecting the page calling it.
And sure you can protect upload.asp by itself if it also runs all by itself. But you can not include the "check_user_inc.asp" more than once in any order of execution scenario. That includes pages being included.
Generally anytime a page is included in another that included page is not meant to run by itself and wouldn't produce any outcome if run by itself so this would never be an issue.
if you don't want "upload.asp" to ever be run by itself in that scenario put it somewhere in your web site that is not web browser accessible.
I would also suggest you look into using Virtual includes. It will save you a lot of time figuring out this sort of thing "../../../../../" becuase once you figure out the virtual include path you can use the same server side include from any directory level.
http://www.powerasp.com/content/code-snippets/includes.asp
, Our webhost changed converted all sites from c: to d:, and without us doing anything else, our customers now get the following error message when trying to access our Classifieds site:
***********
Microsoft][ODBC Microsoft Access Driver] Not a valid password.
This means there is most likely a problem with the "ConnectionString" info that you specified.
If you are using a DSN-Less Connection with MSACCESS.
Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.
ConnectionString = "DBQ=D:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"
If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.
If you are using a System DSN
It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.
************************************************************ *********************
We did everything the web host asked us to do, that is, changed all references to the C drive to new references to the D drive, but the error is still there. We also never changed any passwords (as far as we can remember). Can someone please tell us where to look (also which file might tell us what the correct password is in case it has in fact been changed.
Scaramouche38306.4845833333, Because employees and sales reps might leave or go to work at competitors without our knowledge and we can't have them get an perm account so we need to implement some sort of expiry and then review their account with them., Is it possible to set the user account time limits when they register? I am using email verification and am trying to have their accout expire 32 days after their initial login.
Also I have an issue with the email notification not notifying me when a new user logs in. It does a beautiful job notifying the new user. I do not understand why my server will send to one and not the other, I ahve searched the links but none seem to answer this.
Thank you for your help and insight , Can you do a better price deal for that version in place of the one I've just purchased ie for a single licence rather than unlimited Christopher?
Or failing that can you give me an idea of how many changes you had to make to convert 7.3 to work with Mysql?
Regards,
Dave , so you are using the subscriptions signup directory right ?
"paypal_signup2" ?
1st.. I would check that the xml parser is working.
It is required for making the post back to paypal.
It is installed on windows 2000 and 2003 and XP by default.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=134& ; ; ; ; ; ;PN=1
Then I would check the actual form page to paypal to make sure it is generating a valid IPN url as a hidden form value. It's the payment page you actually click on that actually takes you to paypal. For the subscription signup system that page is called "paypal1.asp"
You'll want to go through the process starting with the default.asp of the signup folder untill you get to that page. Then you want to look at the html source of that page in Internet Explorer. Your looking for something like this in the source code and you want to make sure it is valid.
<input type="hidden" name="notify_url" value=http://www.mysite.com/aspprotect/paypal_sub_signup/ipn.asp>
It also has to a url on the internet that paypals server can see. It can not be a local url for your machine. Also: If it is not valid we can try hard coding it.
If all of these things are good I'll have to take a look. I have some text file logging I can do when paypal hits your IPN url that can tell us if it is actually hitting that page like it is supposed to. And I can test the system for you by making some 1 cent payments using my own paypal account until we find out what is going wrong.
cwilliams38421.5686921296, Hi,
I wanted to see if you had any suggestions for converting from Access to SQL sever database. I attempted this earlier today performing the following steps.
1) Create SQL Tables using Enterprise Manager / SQL Scripts
2) Use DTS to move all of the existing table data to the sql tables.
3) Update dataconn_inc.asp to use SQL and the required connection string.
When these steps were complete I was able to login to ASPProtect as an admin and search / find both groups and users. However, any attempt to edit or create users resulted in a "the page ... had a problem ... " type problem. It seems that I can read from the db fine but and getting errors writing to the tables. The user id that is being used to connect to the db is the [dbo].
Any additional hints for this procedure?
Thanks
Darrell , The webpage header for CJWSoft states "Web Development for Win NT/2000 servers" - a little dated cause it works just fine on 2003 too, right? :), works fine now , A question. Does this apply to all areas of the application. I have recently uploaded 50 photes. But when I look at the site from the url, I have X where the picture should be. Now, if I look at it though the localhost, I see the pictures perfectly.
, The random password is generated during signup and the function that creates it is located on this page of code.
users/register.asp
it looks like this
Function RndStr(Length, UseChrs)
If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
NewStr = ""
Randomize(CByte(Left(Right(Time(),5),2)))
For gpIndex = 1 To Length
NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
Next
RndStr = NewStr
End Function
For example go to this page and hit refresh and watch the password change.
http://www.aspprotect.com/demo2/users/register.asp
Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.
Anyway... when signing up the new user of course has the option to change that password to something they would like better...
As far as... "selecting the same user name and password every time"
I need more information. That does not make sense for a lot of reasons.
Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.
So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.
Now of course if you edited the code in any way it is possible all this is not working correctly ?
cwilliams38164.8059143519, [QUOTE=cwilliams]
Is that a real term or just something you named it cause they have like a zillion people using that SQL server?[/QUOTE]
yeah thats it, you buy into a part of the sql server so it's an sql server hotel... , ASPProtect 7 Customization Service
As some people seem to have a lot of trouble editing ASP code I am currently willing to consider doing ASP Programming custimization work to the registration pages/database as well as the admin area of ASPProtect Version 7.
things like drop down lists, yes/no fields, new database fields, edit screen additions... etc etc
things that might take an ASP novice forever but I could do in reasonable time.
PM me detailed specs on what you want and will then provide a quote if interested. I get paid via PayPal ahead of time and am charging 40/hour for my time which is a discounted rate. (partially since I am so familiar with the application and partially because you have made a purchase from CJWSoft)
So to be very clear...
You tell me exactly what you want in detail, If I agree and you like the price quote, I get paid, I write the code, you get the code, I fix any minor bugs or errors if I made if any, and everyone is happy. That's the deal.
Pain in the ass people or people not willing to spend money for quality work done quickly need not contact me. I get enough of that as it is and my time is valuable. I also may refuse a job if I don't have time or just don't want to do the work involved. Really how well you describe what you want and the intelligence level vibe I get from you has a lot to do with whether I will do the job or not.,
Timecard Entry: 3/25/2006 4:53:42 PM
Traffic Reports, email, moving grubbage sites over, e-mail, meet with greg g, Modem & Network Maintenance, training at Nortel SPM, Pickup Mat'ls Westco, did callbacks and emails, general billing issues, Seminar (Syracuse), Gen Mktg- prep for mtg at Bernier, not too bad, Meeting with Chris W. on current status of pocketrealestate and realtor.com, teched phone calls and radlog most calls were connecting but not surfing, had do reinstall DUN with a customer. had a few general questions. , check email/ go over softpublicatioin with tim, Break-lunch, Sat in the NOC room with Beth, and did some Modems., Coupon 37-5, Email and VM, MBO For CB, Update IP address database, Went over bunch of stuff with Paul about the MLS site and all the things we have added to it over the past year or so.
Working on coded feature saving routine code for the new mls site., Training Bill M. and helping him update report a problem and tech problems to SQL, lunch, tech calls, Binder setup & organization, Discuss Hunt groups on tech support lines with Gilbert, teched calls and vermont mail did go red once or twice,
| 
