Blog Entry: 3/25/2006 4:54:36 PM
http://support.cjwsoft.com/code/moreinfo286-2.htm
http://support.cjwsoft.com/code/moreinfo391-1.htm
http://support.cjwsoft.com/code/moreinfo385-1.htm
, The login page sends the user to redirect.asp (which is as follows)
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If InStr(Session("Groups"),"*1*") Then
Response.Redirect("gp01.asp")
End If
%>
<%
If InStr(Session("Groups"),"*2*") Then
Response.Redirect("gp02.asp")
End If
%>
I am not being redirected to gp02.asp if I am a member of group2. Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)
Thanks in advance.
,
yes, dont worry about that. It is not checkking permissions just explaining things.
and dont worry about the extra slash it seems to be adding at the end of the path. That is normal. I guess I need to fix that so it does not add that extra slash., Chris,
Ok new puzzle
. I have now managed to gonfigure it to get the admin screen and update members. All excellent news. Seems to work a treat.
But have used the code you give in your getting started guide to add at
the very top of an aspx page to be protected. The path is configured
correctly I am sure. the aspx file is in the root, the protect program
is in a folder now configured as an application (hence the steps
forward to get to the admin screens) on the root, so address should be
foldrname//protectpage.ascx.
Proble when I load that aspx page is as above. The exact same config error
,oww!
I am sure its a setting on my server now, but I dont know what to ask for, Any ideas...
So close now!
Andy
, I use the group feature and would like to know if it is possible to change or delete members from a group in bulk. For example if I have 200 users registered for group 1 and 3 how could I delete all members from group 3 in one pass rather than editing 200 individual members?, Simply not possible, that feature is one of the most complicated things I have ever coded. I am very serious when I say that. There is simply no way to make it do that without spending like 80+ hours on the code and even then I do not know how it would work. There is some very slick stuff going on there and there is no simple way to change it like that. , This is what "John Evans" of CJWSoft has to say on the matter...
"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.
I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.
Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig.
Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."
cwilliams38447.0602083333, Actually, I think I just found my answer...
I will take out the StrToFix = Replace(StrToFix," "," ") bit of code and see what happens...
- Jason
Jawa38406.4721412037, Well, you cant have a login box on the home page when using ASPProtect.NET.. there is no way to make that work. I tried all day to come up with something and it is not going to happen. I suggest you make a login button and link it directly to the protected page you want them to start on. The redirect or link them whereever from there. Either that or write your own forms based authentication solution that works exactly the way you want it to or edit the code accordingly since you have the source. It is not a feature we advertise for the product regardless. It works the way it works. , Oh, to clarify the above. We did not change any columns in your [Users] database or any other table., ASPProtect protects ".asp" pages only.
That is your problem.
, sorry for the confusion, but I am not that good with the tech explantions yet.
what it boils down to is I have an Access Database containing over 100
members names. I want only those people to be able to get into
the secure pages.
Thanks. Harvey
, Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.
If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames
personally though I think that would be a somewhat goofy setup to have going on
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?
As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .
Really, the best thing to do is expirment and see how things behave.
, Yup everything looks ok - but why no error?
This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...
What would cause it to 'think' it is doing the task yet still fail?
, Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properlly.
The way to cure it are as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
, Hello,
VBScript is the most popular ASP scripting language, and has the most support available. I estimate that less than 5% of the ASP coders out there use anything other than vbscript
That being said it specifically says on the aspprotect site ASPProtect is only for use in protecting asp using "vbscript" as the language.
http://www.aspprotect.com/more_info_full_v7.asp
http://www.aspprotect.com/comparison.asp
it is something I specified very clearly for this very reason.
Sorry, but you can not use ASPProtect to protect pages using Language="Javascript". The code is too complex to be mixed with server side Javascript.
To password protect asp pages written using "Javascript" you really need a an application specifically written in and designed to work with ASP pages written using "Javascript". And then of course that application would not be able to protect ".asp" pages written using "vbscript." (I mean never say never, but it would be a ton of work to get both working and I doubt you will ever see a commercial application that does both)
as for switching back and forth between vbscript and javascript you really can't except with very simple code. Doing so with anything complex can be extremely problematic because the order of execution sometimes gets all mixed up because of the complexity of the code being used.
That doesn't mean it can not work....
You would really want to do something like this.
do not specify a default language at the top
surround the aspprotect include file with this
<SCRIPT Language="vbscript">
</script>
surround your javascript code with this
<SCRIPT Language="JavaScript">
</script>
then make sure none the code including the aspprotect include file has any <% or %> tags in it
that means you have to remove that sort of thing everywhere... that means a lot of work if you used a lot of that sort of thing instead of response.writes to write out html type stuff
and again... I don't know if you would ever get it all working
, Once you have the LANGUAGE = VBSCRIPT and Checkfor = 1 on your page,
you'll have it secured. I've got over 1600 pages secured in such a
manner, thanks to ASPProtect!
, Awesome -thanks - I'll give it a try , Ok, I was not aware of this domain controller issue as I have never had a customer have their web server set up that way. It is not a common situation under commercial hosting, thats for sure.
http://support.microsoft.com/default.aspx?scid=kb;en-us;3151 58
seems it was some sort of bug that was corrected in the the 1.1 .NET framework involving no ASPNET account being created. seems there are lots of work arounds involving making new accounts and editing machine config files. I found quite a few google articles as well.
http://www.kbalertz.com/kb_315158.aspx
http://www.15seconds.com/issue/030115.htm
I actually should have said "the framework installed" not "asp.net"
So, in the meantime I am asking John Evans what he thinks about this and I am going to ask you what version of the framework you have installed ? ASP.NET Framework 2.0 is the newest and you definetely should be running at least version 1.1 and probably should upgrade to 2.0.
I do not know why other ASP.NET code you have works ok. Your other code may not be using the odbc driver dll the same way ASPProtect.NET does. There are lots of possible reasons. At the end of the day I think the basic issue here is still a low level configuration/permissions issue and it can be corrected from what I am reading. It just may require a bit of trial and error regarding local and domain accounts and editing the machine config files... etc etc
, I have just purchased ASP v7 and loaded. Followed instructions. Obtained codes not prob. Get to single field login screen, enter password and following page appears:
Method Not Allowed
The requested method POST is not allowed for the URL /temp/aspprotect/password_admin/get_me_in.asp.
Added folder aspprotect under (temp web) folder - temp, but also tried under root folder of web site.
Still no luck.
Apache/1.3.27 Server at www.didac.co.uk Port 80, That's excellent!
I did learn that parent paths were disabled on my test 2003 server...
But on the hosted server, it looks like parent paths are supported as I change the file location of the language file in the forum common.asp as such, and obviously moved the file as well:
from:
<!--#include file="language_files/language_file_inc.asp" -->
to:
<!--#include file="../language_file_inc.asp" -->
Everything seems to work fine and I thank you very much for you quick response!!!
Ok, time to buy...thanks again!
- Jason
, Just checked XML Parsing with your file. Got a clean bill of health on that: It's working.
Got the right code for the location of the ipn.asp in my paypal1.asp, from http:// all the way to .asp.
I think since everything is set up properly from the looks of things,
I'll wait and see. If I get another one who flubs things, then I'll
start the testing of the account. But if it goes through just fine,
then maybe the Internet just hiccoughed on the first guy... thanks
again!
, check the connection string in the dataconn_inc.asp file. If using MSAccess it will show the location. If using SQL Server it will show the SQL Server details in which case there is no physical database file., An email I just received from eastcoastguy.. to keep this thread up to date
Your quick reply was greatly appreciated... I removed the password and was able to use a DSN...I will look into a DSN-less connection later..once i get this working !
Cheers
eastcoastguy
cwilliams38146.6165509259, I am brought to a logon page in which I cannot access the page. This must be due to the check_user_inc.asp include. Without the include I get a blank page.
, It turns out that I never enabled ASP.net on the site. After doing that the skins work much better. I'll have to poke around and see what other functionality is now available.
Thanks!
Al
, It's just a generic error that means one of 1000 different things is wrong.. there is a lot of information on in in these forums as well as links to articles about it.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1
usually it means permissions to the database folder are incorrect or the physical path you are specifying for your dsn-less connection is invalid..
everything has to be perfect
cwilliams38370.5271296296, More info on the groups session variable.
Session("Groups") will contain the ID numbers of whatever groups the user is a part of.
It does not store the descriptive name of that group. It will show the same data that is actually stored in the "Groups" field in the database.
for example it might hold a value like this
*2*,*5*,*9*
meaning a user is part of groups 2, 5, and 9
so if you wanted to check to see if a user was part of a particular group you would do something like this
<%
If InStr(Session("Groups"),"*9*") Then
Response.Write("You are a member of group 9")
End If
%>
Taking this even further, if you really wanted to get a particular group's name or description you would have to query the database like so. In this case we ask it the name and description for group 9.
Group_ID=9
Set ConnPasswords = Server.CreateObject("ADODB.Connection")
ConnPasswords.Open ConnectionString
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdEditGroup = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "SELECT " & tbl_label_groups & ".* FROM " & tbl_label_groups & " WHERE (Group_ID = " & Group_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnPasswords
CmdEditGroup.Open cmdTemp, , 0, 1
Group_Name = CmdEditGroup("Group_Name")
Group_Desc = CmdEditGroup("Group_Desc")
, Hello Chris:
Let me run some more test if it's working on your end it should be on mine? I have made some custom updates to the code but no in that area.
Thanks,
-Ricardo
, Version 7 uses.. RC4
The upgrade process is described here in detail including a procedure to convert existing clear text passwords to the encrypted versions. (Your passwords will need to be clear text as the system shipped of course for the conversion to do its thing)
http://support.cjwsoft.com/code/info24.htm
It is also covered in the downloadbale docs
http://support.cjwsoft.com/code/moreinfo221-1.htm
Many people have done the upgrade without any issues and Version 7 is getting great feedback.
Should you decide to go with it there is upgrade pricing.
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp
, If I also password protect the pricelist pages then someone will have to login twice.
nobody should have to log in twice... ?
session variables keep track of access... once your in - your in and you can browse to and from any password protected pages you like
If it is making you log in each time then cookies are most likely disabled.. session variables requires cookies being on to work.. cookies being on is a requirement of aspprotect and is how Formed Based Authentication works..
let me know if that is the issue there...
you shouldnt have to be logging in more than once per session
Thats the whole point of the application...
, basically one at a time because of limitations of the file uploads that browsers can support
more on that here
http://www.aspphotogallery.com/pro_add_ons.asp
An Admins can however ftp a bunch of pics to the import folder and import them into any album all at once pretty easily
,
I have a quick question...when a user signs up I have a drop down menu for Company name and they have a choice of branch selections. Everything works fine but when the info is saved in the database there is some sort of conversion to lower-case...?
Original drop list selection:
Winston Salem, NC - (XXX/XXX) - original
In the database (access), some letters are lowercased now...why? anything to do with the period, , or - ?
Winston Salem, Nc - (xxx/xxx) - what is saved
, And here is an even simpler version where the database name is hardcoded and the User_ID is set ahead of time from wherever you are getting it from
'User_ID = CmdListUsers("User_ID") ' getting it from another database query
User_ID = Request("User_ID") ' getting it from the page post
SELECT COUNT(Album_ID) AS Alb_Count FROM Albums WHERE User_ID = " & User_ID & " AND Album_Active = 1" cwilliams38433.0595949074, Are there any problems with modifying the default database fields.
I need to have an update from net billing and they use different settings in the database than the default.
Will the interface still be functional?
, Chris-
A general question - Can you have multiple instance of the gallery on the same server?
, At the bottom of my "users" list page, it asks the question "number of users displayed per page"? After hitting a larger number than the default of 1-25, it increases the number of users per page to that number. But as soon as I leave that page, it goes back to the default. Any thoughts?, Send email to users that are soon to expire:
What Format should be used for dates and does international friendly dates affect the date as used by the reminder ?
Am having serious problems with renewal notices and expiration dates.
All member sign ups are for 1 yr., yet new members are being sent
renewal notices.
Does Paypal use a different date system or has does
Paypal have nothing to do with Subscription dates?
, Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?
I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?
, Hi,
We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.
,
Timecard Entry: 3/25/2006 4:54:36 PM
ti adventures - site redesign, Ate while working, general maintainance of wireless network, finishing up setting up my computer, billing, cancels, sign ups, batching., Working on getting telco racks bolted down to floor. Gathering materials to mount ladders. Bolting racks to the floor. Leveling them out. Mounting ladder to racks., research on web for clec and isp companies that package and price products and services. reviewed notes from yesterday's meeting, researched guru on hdlc. action sheet developed for this week and emailed. discussed network and operations of sonet 101 with hb., Proposal for redsign for Waterfront Property sales for Tom- sent to Mike Campbell- spoke to mike about search engine and visitor counter. , st law chamber, Checking and responding to emails, teched phone calls, sign ups, billing questions and cancels, Working on Database Structure for new MLS site., email and newsgroups, met w/ Jim Snook at JamMM, deposits to bank, pull invoices, CREG transaction, www.WRATTENS RV SALES.com , 401K meeting, Ecommerce seminar, met with two attendees to discuss website design, watertown office- info for clayton office, Marketing, signed up another account. Started cleaning., working on new homepage layout, Lunch, Batching and answering phone, Nothing much different... busy for a bit, dial up issues and other things done., General corporate, lunch, assisted tech support with dial up and web page problems,
