Blog Entry: 3/25/2006 4:55:32 PM
to finalize this thread.... turns out I was correct and this person was not unzipping the zip file correctly. , I appreciate the offer to beta test... but its really more a matter of me getting it ready..
I have a lot done.. but a lot of things are hard coded to only work on my machine and some things have not been sorted out. Giving it to someone else to test would be a waste of time at this point as I they probably couldn’t even run it.
Lately the reason this project has fallen behind has all to do with my main webserver where I collocate.
1st it got compromised (we think by certain competitors who are always up to no good)... then windows 2003 server which I decided to go with on the new server gave me random problems... then the Cisco hardware firewall was acting up and making the sites run slow....then SQL server attacks on port 1433 from Korea when I took the firewall down....and as of the last few days I think the server just needs a new power supply. I swear for the last 2 months I have spent more time administrating my servers than working on code. Yesterday it was locking up every 30 minutes. There have been a lot of days like that and it takes up all my time until I get it situated. Especially since its over 100 miles to the collocation center. The APC unit I installed that allows me to remotely cut the power to hard reboot is a life saver.
Fun... I tell ya... and expensive.. (hardware, software, lost sales, and time) I am pretty much completely broke at the moment. It has been a very expensive few months.
But I like running my own servers... I run dns servers, email servers, sql servers, web servers.. I do it all. It's keeps me in touch with the latest software/hardware. Regardless , my servers ran well for years and they will again.
anyway.. hopefully I can actually get a new version of the photo gallery out before the month is over. It will probably be the last classic asp version. The version after that will most likely be ASP.net.
cwilliams38295.6248032407,
Hi,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
, I did all that you sugessted and all failed, you said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually? below are the steps I performed......
1 - made sure the web is it's own application in IIS
2 - Reset IIS in command promt
3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.
I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?
Thank you!
Matt...
, I have found the alternate databases and they do not work either. I then went back and changed the database path in the asptest page to connect to the 2000 and 2002 test databases and it connected successfully to both of those databases, just as it had successfully connected to the asptest.mdb., I'm using the groups protect feature on my pages. None of them seem to close the session after clicking 'logoff'. I can tell because if I hit the back button and return to the group-protected page, hit 'refresh', the page refreshes, I'm not asked to log in again.
On the other hand, when I open a page that's protected by an access level and click 'logoff' (uses same logoff asp file to logoff), it seems to work fine - if I go back a page and refresh, it asks me to log in.
Just wondering - is anybody else having problems like this? Maybe I screwed something up in the few adjustments I made a while back. Any idea what it might be?
, Hi, I am wondering if I can redirect users with "GROUPACCESS"
just like access levelS. I tried to redirect using both "Groups"
and "GROUPACCESS" example below:
<%
If Session("GROUPACCESS") = "1" Then
Response.Redirect("group1.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
I could only get the Access_Level to actually redirect. Is
this something the option pack supports? If so, any words of
advice?
, When I attempt to upload, it appears that the image uploads. I get a "Original Image Size 0 X 0 pixels"
they don't appear in the web pages, any thoughts? I am using VBscript to upload, my host has safileup but I am unable to use it in this script, thanks for any help
http://mcintoshcounty.org/real_estate/extras/server_info.asp
here's the site link
Never mind, had the path to the image folder screwed up
, I have tried everything to get your CJWSoft code working..I purchased the auto listings software and I am stumped, and actually you stumped my hosting provider, my database is stored in the database directory on the root.
I have even tried your ASPtest and still cannot connect. My have connected other databases without an issue on this same host, I have named a DNS Auto for my database and ponted to that in my code but get the following error you see at http://www.burkesauto.com and even when i try you test script found here at http://www.burkesauto.com/asptest.asp .
cwilliams38145.8522800926, I have an asp page that includes other asp pages via an include. for example:
snippet code: file name: collaboration.asp
<table bgcolor="#bed1e4" border="0" cellspacing="0" cellpadding="10" marginwidth="0" marginheight="0" leftmargin="0" topmargin="0">
<tr>
<td>
<!--#include file="../../../filetransfer/directory_listing2.asp" -->
<BR><BR>
<!--#include file="../../../filetransfer/upload.asp" -->
</td></tr>
</table>
I can add the code below to collaboration.asp and it seems to work,but I cant seem to figure out how to protect the other files such as upload.asp at the same time. -- can you help? - Note: as soon as I add the code below (and adjust the path) - I cant bring up the page.
This is the protection code I am using.
<!--#INCLUDE FILE="../../../../aspprotect/check_user_inc.asp"-->
Shirely
, I had some issues with passwords not working. I cleared them up by
going to the affected user and typing in the desired password manually
on the edit screen. Worked like a champ every time, and I haven't had
to do that for some time now.
, thats not good.. its a web server configuration issue of some sorts ?
post is a common method for forms.. if it is not supported it is something you should ask the server admins about.
Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?
ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
http://support.cjwsoft.com/code/moreinfo165-1.htm
My guess is your web server is running Apache Unix or something like that.
, While I originally thought the login form on a non-protected page idea may be similar in setup to how our Classic ASP version of ASPProtect works I could not have been more incorrect. Truth is I forgot that it works a lot differently.
ASP.NET Web forms are meant to post to themselves and there is thing called the viewstate. (google it.. its a hidden variable the server creates in the form code that is required when the form posts back to itself.. and hold all sorts of information the server uses) Doing what you are asking about means disabling the viewstate and that can have big consequences and break certain things.
Basically you cant just put a form on a non-protected page and post to a protected page if the viewstate is enabled. Disabling it can break certain web controls like data grids .etc etc.. and can also have an effect on how the session is managed at the site and sometimes disabling it is not possible depending on what is going on cause you need it.
I am still doing research on the whole thing, but it looks to me like doing that is going to have a tradeoff of some sort.
That does not mean this isn't possible somehow. I am still researching and I am also going to see what John Evans thinks.
I told you .NET was complicated.
As for your other question that is something you have to sort out on your own by editing the code and recompiling it based on your custom project needs. It is not something I can help you with. , I really can not support it because you made that modification and it probably directly relates to the issue your having.
There are many issues that can be caused when dealing with encryption. Sometimes the encrpted passwords can end up with problematic characters. etc etc Maybe the users are changing there passwords to ones that do that... after you fix them.. Its hard to say
I know as I had to sort things like out when I designed version 7 which has built in encrpytion.
It could be anything really.. since you made changes like you sorta need to figure out what is backfiring. There has to be a reason.
Chris , Great Thank you!
As of thus far the program is working rather nicely.
I am very impressed :)
, A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.
Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.
Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them
In addition to the settings above each table has one field that is a primary key with an auto increment of one
In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.
The SQL column settings for each one of the primary key fields must be set as follows
In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.
cwilliams38325.7405092593, I have ASPPhotoGallery installed. Everything has been working great for some time. Suddenly, for no apparent reason, I am not getting the "Hits" incremented when a user opens an album. It works when an administrator is logged on. Does not for any anonymous users. Everything else seems to work fine. Again, this used to work. Any ideas. , Another good tip is to make a copy of the "password_admin/default.asp" named whatever you like..
"default2.asp" would work...
then maybe add a link to it from the header_inc.asp file
then you can modify that one all you want and your will still have the original around.
That concept works for a lot of things.. for example you could make a copy of the "users" folder and call it "users2" granted a few paths might need to be changed here and there but really not a lot. (how do you think the paypal signup folders were created, they started as a copy of the "users" folder of course)
You can even make a copy of the "check_users_inc,asp" file if you like. Then make a copy of the "scripts/login_form_inc.asp" file... then make your new "check_user_inc.asp" file reference it.
Then you can password protect pages using different versions of the "check_user_inc.asp" file. Why ? well maybe you want different looking logn forms for different parts of your website or you want to make a lot of changes to the "check_user_inc.asp" file and want to leave the original alone.
The sky is the limit really. When it comes down to it besides the actual guts of the "check_user_inc.asp" file ASPProtect is nothing but html tags and chunks of simple server side code that produce more html dynamically. What your browser ends up with is basic html. (some client side javascript in certain cases, but that is pretty basic stuff too.)
cwilliams38422.509525463, All of the fields with the expected paths show the correct file structure, so now I've put them in them in the boxes
, You not getting a blank page.. you getting an error. You just can't see it because it appears you edited the page background to black.
error '80040211'
/aspprotect/scripts/emailing_subs_inc.asp, line 174
, After understanding how the count works i checked the IP in the db. They are all set to the same IP (my web server) no matter what ip is doing the viewing. This is probably due to my ISA2004 firewall that is posting the ip address of the web server with each log on. So, can you help me with where the code would be to modify so the db does not get updated? I risk the refresh problem, don't think it is an issue with me.
Thanks,
, Yeah sorry you are right. It works for me
http://www.rottys.net/gallery/default.asp?CatLevel=2&Cat 1_ID=5
, Thanks for the quick reply!
I was thinking it was an ASP config/install issue.
I usually deal with Linux/PHP, so this is all new to me :)
, I am converting the email over from CDONTS to CDO so it will run on my host 2003 server.
What files should I be concerned with? Under gallery_admin there is an email_user.asp and under the main gallery folder thier is an email friend. Is there an other email routines I should be concerned with?
Thank You for your Assistance.
Jeromy
, Good Morning - I am receiving an Http 500 internal server error when I go to add a new user via the register.asp page. the url when the error appears is: .../users/add_new_account.asp
I think the error has to do with my email component setting - becuase it works fine otherwise.
I have the email component setting set to CDOSYS (using remote server) with the mail.remote.server set to email.cidra.com - email address set to webmaster@cidra.com
Note: I receive the email notification and the user does get added.
Can you help please? Shirley
UPDATE...I just figured out that it only errors when the email address I use for the user is NOT from cidra.com -- Any idea why?
, MSACCESS 2000
server: windows
option pack: yes (after the install I have this problems with groups and edit users )
host permissions: yes
MESSAGGE:
Active Server Pages error 'ASP0113' Script time out/password_admin/groups.asp The maximum amount of the time for a script to execute was exceeded. ...
vaghelis38300.5484143519, Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properlly.
The way to cure it are as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
, Is there an easy way to make this work with reoccurring a monthly or yearly subscription?
, humm.. their FAQ is interesting...it looks like some sort of .NET configuration issue regarding security policies like you mentioned
Thats one of the big problems with hosting .NET. Some hosting companies just do do some oddball things. ASPProtect.NET works under default conditions but when hosts go around locking things down to the max there is bound to be trouble. This is the 1st I have heard of this.
Now, ASPProtect.NET does use the "System.Data.OleDb" and "System.Data.Odbc" which your host says they block because they require full trust.
All I can really say at the moment is go with a hosting company like www.alentus.com or www.maximumasp.com that does not restrict your .NET abilities so much.
In the meantime I am going to ask John Evans what he thinks about this.
, Actually, as far the "aspprotectnet.dll" file goes it makes sense because of the following.
The "aspprotectlicense.dll" is something we do not provide the source code for. We also do not compile it in "debug" mode because you not want dll's running in "debug" mode in a production environment and we also do not want that dll in debug mode because of reverse engineering reasons.
Now, that being said that DLL is no different than any other 3rd party dll "so to speak" that you would use in a project. Many of which will not be in debug mode and you will also not have the source for.
"Microsoft.Data.Odbc.dll" being an example
Regardless, there must be a way to do what your trying to do. I am just not sure at the moment. It is nothing anyone has brought up before and I personally have never had any issues like that when I work on the application so I am just not sure.
It probably has something to do with the way you set up your project., When adding a new user I am taken to a form.
There are several "required fields".
First and last names are 2 of them.
This is not needed by me and I need the company name as a required field instead. I work and deal with company names, not individuals.
So, i am unable to add any users due to this.
How can I either do away with the names as a required field or swap the individual names with the company name as a required field?
I have customers wanting to be able to view their own stats, but I need to do away with the required fields to work with my customer base.
-john
, Than you 
I'm happy after changing to XML parser for two of the ads. Later I'll change the other codes to XML, never to use iframe again!
, This may be an old question ??? If it is please point me to the post or documentation where I can find the answer please.
When creating protected pages I am using the following to protect them:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="/aspprotect/check_user_inc.asp"-->
But that is not working. I get the following error when I try to access the members logon page in the directory that I wish to add the pages to:
Active Server Pages error 'ASP 0130'
Invalid File attribute
/filelocation/filename.asp, line 3
File attribute '/aspprotect/check_user_inc.asp' cannot start with forward slash or back slash.
However if I create the pages in the root of the AspProtect directory and use a link to the same page that exists in the AspProtect directory and the following include:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
The pages work fine.
I really do not want to put all of my protected pages in the root of the AspProtect directory.
I would like to mix protected and unprotected pages throughout the site in order to #1 make it easier to administer. #2 keep the AspProtect directory solely for authentication. And, #3 keep any user authentication pages out of the AspProtect directory.
TIA
, I disagree...
It would be 20 hours + of conversion and testing. Maybe more.
Like I said, I converted a version fo ASPBanner once to work with MYSQL. It took forever to change all the code (2 weeks of messing around) and get it working. There were also a lot of issues with null values in the database, ado update code that had to be rewritten, cursor type issues, recordcounts not working, etc etc that had to be sorted out. There was a ton of situations where things seemed to be working but later on I noticed there were minor bugs to deal with. It was a lot of work.
ASP Photo Gallery has a ton of asp pages. It is a much larger app then ASPBanner. If you convert it to work with mysql I highly doubt you could have it running well with less than 20+ hours of work. I wrote the app and it would at least take me that long and there would still be bugs at that point.
If you think you could your not used to my style of coding and don't realize exactly how much stuff needs to be rewritten.
Granted, you could get some of the basics running off mysql in a few hours or less but there is just so much little stuff that would give you trouble.
cwilliams38243.9065277778, I have been told it does as I got about 5 people or so who upgraded but I have not used SQL 2005 yet. I'll order a copy., Chris:
Quick question. I'm currently using navigation style 1 which
keeps everything within the 1 window. I'd like to take the text
descriptions and place them under the main photo when it is
displayed. Before i modify anything, I'd like to check if I'm in
the right neighborhood first. It looks like I need to:
- modify the behaviour of the 'onmouseover' function in the file 'view_album_style_1.asp'
- add in a few lines of code to take
FixStr(UserArray1(PicIndex - 1),"PrepareForJavaScript"), put it into a
text string and do a response.write under (or over) the photo in
question.
Question Part 2 -- if i wanted to use the first line of the description as a title could I:
- add in an input to the photo upload
- concatenate the 2 strings together (title and description)
- display the title under the thumbs
- bold the display of the title over the large version of the image.
Pretty complicated questions, but I'm coming along nicely (IMHO). Have a look at
http://www.iphotosite.com/galleryapp/default.asp
I really like the progress that I've been able to make with this app without really spending a huge amount of time.
Kurt
, humm.. can I possibly see this happening ?
any changes to that part of the code ?
, There is nothing built in to the system but it is very doable.
However, you need to be a decent asp coder because your going to have to write some code.
Basically you would want to do a check on the screen where a user uploads to count how many pictures they have uploaded.
Then act accordinly and either let them or dont let them proceed.
On a side note the overall filesize limit of the total of all pictures a user can upload can be set when you edit a user.
, in the version you have changing it is not something we covered
I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
, Okay thanks, I'll have to consider wether or not to go down the path of the upgrade or cut my losses as the Access cannot handle the pressure
It's just errored out again with the following message:
msxml3.dll error '80072ee2'
The operation timed out
/forum/banner.asp, line 15
Regards,
Dave
,
Timecard Entry: 3/25/2006 4:55:32 PM
few big calls, and steady calls after that., lunch meeting with Paul, Worked with Steve and Ed upstairs looking at some of the equipment and checking for collisions and basically listening in on what was going on, backing up and moving all gisco marketing files from 8500, Lunch, TRAVEL TO SCHENECTADY, USA1net memo, uploaded newsletter to home.gisco.net, teched phone calls and clayton numbers were up and down all night 1915-4911-1918, cyber expo, salmon run mall, watertown times, vapevincent planning council, research antenna systems, Career Day at Lowville, Configure BackupExec, cleaned up server room, phones, invoices, training with Emerald, note to Tim/Nic about Catt Co BOR dinner $ donation, Met with howard regarding the tracking of the promotions, Very Busy Morning Dutoes:Quality checking sign ups, cancellations, callbacks on voice mail, checking billing emails, answering phones, sign ups., Phone call from Boces disputing their bill. Did some research, called Tim Lasek to discuss, asked him to call them to clear it up., to Watertown
, staples, travel to saratoga to meet with vp of albany meeting with vp of albany board, Work on billing for Chris nichols,
review time cards for Ed/Randy, work on website with Steve Woodfin, Still calling Lowville customers, Took business calls., read and sent emails, The phones were sporatic. , DEALING WITH SEVERAL CLIENT ISSUES WITH AMY AND LISA, Vermont Internet site design,
