Blog Entry: 3/25/2006 4:53:02 PM
Have you thought about language file so users dont have to go into the code to put it in their language?? , Chris -
Long time no talk, which is a good thing. I have purchased another product from you, ASPVendor. I am running into an issues.
When I try and remove the image through the image manager, it does not remove it. Screen shot attached.
2005-10-19_194248_image_upload.zip
Thanks ,
Humm, its hard to explain but I am not sure that is a good way to be testing that. I hear what you are saying but I am not sure that really means anything. Whatever is going on its some sort of client side issue with the browser and the meta refreshing over a very long period of time during which there really is no user doing anything at the site. , I just installed ASPProtect on my site. The instructions were definately on the target. Very very good instructions.
But... Isn't there always a but ??? 
I needed to setup my site with MS SQL and it is hosted so I don't have Enterprise Manager. I tried the web based Enterprise Manager and any other one I could find. But, I kept getting errors when trying to use the SQL Script.
I finally had to go back to my work where we do have the licenses and get an SQL Admin to use Enterprise Manager to run the script and it worked finally.
I don't know if this is a common problem ??? But, maybe you would want to look at the SQL Server script or make a different version that would work with the Web Based SQL manager.
Thanks , you actually dont touch any of those
UploadDirectory = CmdGetConfiguration("UploadDirectory")
They get set from the config table in the database which gets edited in the admin area.
so...
I am talking about the settings area in the admin area of the applicaton.
Every setting there is descibed in detail. You get there and change serttings there via the web browser and by logging in as the admin.
Log in to the online demo as admin and check out the settings area if you are confused.
http://www.aspphotogallery.com/demo_pro.asp
, I downloaded v7 3/7/2005
I entered a password that was supposed to be all caps with only first letter caps.
it is odd, if I go to other user and enter wrong password that does not come up. it apprpriately goes to a screen that says Access Denied.
thx , Great Thank you!
As of thus far the program is working rather nicely.
I am very impressed :) , I wonder what that ENDSQLMail send failure is all about ?
I dont use anything regarding SQLMAIL in the ASPProtect code.
I think I might need to go in so I can debug a bit. Everything seems to work fine with a SQL installation here so I just don't know at the moment.
If that is ok with you I would need ftp access or something so I can trry a few things and hopefully figure it out. Admin access to the aspprotect admin area as well so I can see what you have set up in there.
PM me with that info if you want me to take a look.
, Hope the wedding went well. I have one this weekend.
I was successful at performing an upload. The free upload software was either not configure properly (probably) or not working. I downloaded the trial version of softartisan's upload (which is like over $300) and it started working.
Can more than one photo be uploaded at one time (like a whole folder full of photos) or does each have to be done individually? , Alright...I'll try those out. Also, if I do the data import on my laptop initially and just publish it to the server do you think that will help?, That's excellent!
I did learn that parent paths were disabled on my test 2003 server...
But on the hosted server, it looks like parent paths are supported as I change the file location of the language file in the forum common.asp as such, and obviously moved the file as well:
from:
<!--#include file="language_files/language_file_inc.asp" -->
to:
<!--#include file="../language_file_inc.asp" -->
Everything seems to work fine and I thank you very much for you quick response!!! 
Ok, time to buy...thanks again!
- Jason
, this could go on forever...
if you want PM "private message" me info to log into your site.. show me the pages we are dealing with...
and I will take a look at it all...
CJW , That would be great.
I am sure you know that many virus that are sent via email have the same property. (double extension). The code can be executed even though Windows identifies them as simple text files etc.
Thanks again , I get the following message when trying to look up the sysdiag.aspx and the default.aspx files. Why? I have followed all the install instructions.
Server Error in '/' Application.
Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration> |
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration> |
cwilliams38454.4276388889, Post a request in the "custom code work" forum.
Perhaps another customer will want to do the work or help you out with some code.
I am just too busy to do any custom work for quite a while.
, If it stopped working it has nothing to do with the ASP code. YIf could have stopped for any number of reasons as hosts often change email server requirements and info. You need to go over the email settings. Of course make sure you and the person you are sending to have valid email addresses and try different methods/settings until you get emailing to work again.
Testing it by sending emails off from the users screen.. in each email type in what you are trying at that time so you know what worked if emails make it through. Also, be sure to check junk filters when testing to make sure the emails are not being put in any of those.
That's what I would do. CDOSYS is always your best bet for sending emails as it has so many options and all new server support it. , Hi,
In my search for a product to administer my banners I came across ASPBanner. In my site: http://www.lovenest.co.il I have 3 locations for banners:
In the top section a big banner and a small banner
At the bottom a serie of 5 banners.
My question: is it possible to place a list of banners (let's say 8 banners) and randomally pull 5 banners each time the page loads?
If yes please explain in detail.
Thanks. , Tony,
ASPBanner.NET was discontinued about 14 months ago. It is no longer supported in any way because quite frankly the classic ASP version is faster, more stable, has more features, and is a lot easier to install and get running.
If you PM me via the forum you are welcome to a copy of the current ASP Unlimited Version. It can serve banners to any type of page extension. All you have to do is ask for a copy.
Whether or not your existing ASPBanner.NET database is exactly the same structure I do not know, but I believe it is. You should compare the two if you plan to keep using the old database and make any neccessary changes so the old database has the exact same structure as the new version. If there are any differences they are very few. , This user has notified me that the issue has been resolved based on what I told him., also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815, I am having problems accessing the admin site at the following URL:
http://www.drsweisberg.com/password_admin/default.asp
It brings up the login page, but when I enter the admin/test, it times out. The DB is the copy with no password and it resides in a directory on the same server hosting the site but it is not in a folder viewable by web users. This is how the dataconn_inc.asp is set:
<%
'*** Below are the only two settings you need to edit in this file
ConnectionString = "DSN=drweisberg;Driver={Microsoft Access Driver (*.mdb)}"
DatabaseType = "MSACCESS"
%>
The ODBC is setup and the IUSR has read/write/modify permissions.
Any help would be greatly appreciated. , i downloaded the latest version. i also downloaded the sql script provided and ran in sql query analyser to create the tables.
After that i ran a special page to intially get into the system,
then setup a new user, then make them an admin,
and after that i logged out and again when i try to login iam not able to login. When i check the ASpp_User table I noticed that the values in the fields "Login_limit" and "Active" in the ASPP_Users table in the SQL changed to NULL and 0. But if the value are Nulls or 0 it means it's not active and it's not allowing me to login.
Pls advice
, Triple check the upgrade instructions because I think you missed something important.
line 227 on "/password_admin/save.asp" refers to the "Password" field
the error your getting most likely means it is not there..
Pay close attention to the areas in the upgrade instructions regarding renaming your existing "Password" field to "Old_Password"
Then making a new "Password" field and carefully following the instructions needed to convert your old passwords for use with the new system.
If you don't everything carefully and perfectly this is the sort of error you will get.
cwilliams38451.8787268519, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296, Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..
Same thing happens... certain passwords just do not work.
So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.
Here is an example.. see the screenshot below.
Username "admin" password "petepetepete"
The top query done in Enterprise Manager is valid and shows the user.
The bottom query is also valid but it does not show the user.
And that is exactly what is happening from the ASP codes point of view.
Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.
It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.
I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.
One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.
It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.
Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.
Your call..
, Haven't gotten to it yet. I do know there are a few customers using it to edit the app and said it was not all that different. Maybe they will chime in with some tips., ok, that probably means the physical path you have set for the logfile directory (in the admin settings area) is not correc t
the error pretty much means just what it says
, Hi, Its just a generic error that really doesn't mean much of anything except that something wrong with your data connection.
http://support.cjwsoft.com/code/moreinfo27-1.htm
could be invalid permissions on the database folder... could be any number of things
when setting up your connection I suggest going dsn-less.
http://support.cjwsoft.com/code/moreinfo9-1.htm
It is better/faster and also a lot easier to set up. , noted.
1.) this has been explored and because of the way groups works is not feasable. Because us this I wrote code to allow you to view and sort all users for any group on the actual groups page. You pick a groups and then click the "Show Users" button
2.) noted , ok, that wont work the way you did it because groups are not stored like like.
groups are stored "*1*"
or "*1*,*9,*"
so if you test for them you must do so using the InStr function of vbscript
example:
If InStr(Session("Groups"),"*1*") Then
' do whatever
End If
also.. as for the session variable
it should be Session("Groups")
And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved
Session("Groups") = CmdCheckUser("Groups")
If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value , Hello,
I have ASPprotect 7 installed on my remote server. I am able to go to the examples/default.asp page and login in without any difficulties. If I copy the code from that page and paste it in a new page called the same thing but in a different folder, I get this error; (Keep in mind that this is essentially the same exact page in a different location of the website)
Error Type:
Active Server Pages, ASP 0126 (0x80004005)
The include file '../../check_user_inc.asp' was not found.
/aspprotect/Pages/default.asp, line 3
I get the same error if I paste the "protection code" I have generated into the top of a current (.asp) page in my site.
Basically, the only pages that work are the ones that came with the program as examples. Thats great, but now I need to make it work for my pages. Any thoughts?
, how about translating the error to english..
Looks to me off hand that it would have something to do with the SQL server itself not being run in an english lcid/format and causing some sort of date issue.
I would also suggest you start off with a brand new blank SQL ASPBanner database and make sure that works before you attemp t to import any data into it. , issue resolved.. new files did the trick, Here is the complete page with the error message:
============================================================ ===
Unspecified error
This means there is most likely a problem with the "ConnectionString" info that you specified.
If you are using a DSN-Less Connection with MSACCESS.
Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.
ConnectionString = "DBQ=C:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"
If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.
If you are using a System DSN
It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.
============================================================ ===
I am the only one on the site since I just transferred the files and in the testing phase. It is using an MSAccess DB
, Is there a way to upload photos to individual user directories? I don't want all the picture files in a single directory.
Thanks,
Steve , Hi, I am wondering if I can redirect users with "GROUPACCESS"
just like access levelS. I tried to redirect using both "Groups"
and "GROUPACCESS" example below:
<%
If Session("GROUPACCESS") = "1" Then
Response.Redirect("group1.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
I could only get the Access_Level to actually redirect. Is
this something the option pack supports? If so, any words of
advice?
, whether you use SSL or not really does not effect aspprotect in any way
I say, the smart thing to do there is too not start them off at a http:// url
one way to do it is put a simple ASP redirect on that default page and send them to an SSL version of the page instead...
http://www.powerasp.com/content/code-snippets/redirects.asp
another way would be not start them off on a protected page right off the bat and offer links to the the protected area...
in my opinion thats pretty odd to be starting them off on a protected page anyway
SLL maybe, but protected right from the time they hit the default page of the site.. thats just odd.. usually you want o say a little something about the site your at and then link people to protected areas or give them a login form which posts to a protected area.
Regardless if you always want users at your site under https:// you should have code on every single page in your site checking the url info at every page load. Then if someone ever hits a page and is not using the https:// you can do something about it like redirect them to the SSL home poge or redirect to that same page but with the https:// in the url.. , I will actually explain how to set access_levels and/or groups...
in "users/add_new_account.asp"
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
or
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*"
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
*1*,*5*,*9*
that user would be a member of groups 1,5, and 9 , This relates to a part of the new documentation that wasn't ready yet.
I just made a thread about it though.
Here you go.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=198& ; ;PN=1&TPN=1 cwilliams38419.5353587963,
Timecard Entry: 3/25/2006 4:53:02 PM
Timecard system uprgrade posting live to site, working lunch, meet with mark falitore, Reports from Emerald for Jim, Beth and Michele ( Jim executable report for all setup fees charged and paid per month, Beth channel partner report and weekly breakdown, Michele weekly totals of invoices created and not voided in Emerald, last 4 weeks), network card was set up wrong in linux.....ssl and ssh couldnt be installed...had to see how network card was set up via a setup disk....did all that and went back and still couldnt get it to work, andy thinks i botched the install....but i think that linux is just stupid =), trying to determine what needs to be done in the next week, check with jeff make sure Gina is good to go now. talked with jim about matt. , Took tech calls, monitored RAD, checked DUI, AUAQ, and Voice Mail.... VERY slow day., voice mails, emails. revisions to po report., figured out how to up the ammount of people the mail server can handle per virtual e-mail server so that roserealtyny.com can have more than 20 users..., cowboys down, email calls, Channel Partner meeting, house call per dannielle, Email regarding the floating holiday, JCIDA, Interview with Mr. Webster, worked on Real Rock poll, researched IBM s390's/VM/VSE for Steve, researched LookSmart and wrote them about setting up different home pages for national users, installed SR-1 for Office2000, worked with rob and steve on layout for interface on pc bundle. wrote report for mbo review with ef. printed and assembled in booklet for meeting on wednesday., Email from Lafargeville central. New teacher and students to add to database., Trouble shoot iNex issue for Nat'l Hanger, s/w vicki from key bank and set up mtg for 12th in watertown. s/w gus from ids in oneonta about program and realtor bundle. spreadsheet emailed to jb. reviewed layout fc developed for mbo format., heavy calls up to 9:45..., Read and reply to email, To Watertown, admin, Cleaning capital accounts, Lunch meeting with Beth and Tara, Met w/ Kelly RE Upcoming Softgrades presentation at So. Jeff, Trying to clean desk, wire cable ends, forgot what else I did this afternoon, North Country honda- web site info sent out info
Mary peters- web site info and info
Vapco- Sam- quetsion os on website
Woodwork- Ulysses- friend of carol0- web site info - sent email,
| 
