Blog Entry: 3/25/2006 4:43:40 PM
ya, that firewall could mess that up.
just edit which ever style include you are using
(with a text editor)
it will be one of these depending on your settings.. and they are located in the "scripts" directory
view_album_style1_inc.asp
view_album_style2_inc.asp
view_album_style3_inc.asp
find this section of code and remove the part in red
If Last_Counter_IP <> Request.ServerVariables("REMOTE_ADDR") Then
Set CmdUpdateCounter = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "SELECT " & tbl_label_albums & ".* FROM " & tbl_label_albums & " WHERE (Album_ID = " & Album_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnGallery
CmdUpdateCounter.Open cmdTemp, , 1, 3
CmdUpdateCounter.Fields("Album_Counter") = (Album_Counter + 1)
CmdUpdateCounter.Fields("Last_Counter_IP") = Request.ServerVariables("REMOTE_ADDR")
CmdUpdateCounter.Update
CmdUpdateCounter.Close
Album_Counter = Album_Counter + 1
End If
, You are not supposed to use "../" with a virtual include
Thats goes against what a virtual include is and makes no sense.
When using a virtual include you give the path as if accessing from the root of the main web / virtual directory
I find it very hard to believe it ever worked like that and if it ever did it was wrong.
cwilliams38434.6703356481,
and when I go to your now.. its very fast again.., I just installed ASPProtect on my site. The instructions were definately on the target. Very very good instructions.
But... Isn't there always a but ??? 
I needed to setup my site with MS SQL and it is hosted so I don't have Enterprise Manager. I tried the web based Enterprise Manager and any other one I could find. But, I kept getting errors when trying to use the SQL Script.
I finally had to go back to my work where we do have the licenses and get an SQL Admin to use Enterprise Manager to run the script and it worked finally.
I don't know if this is a common problem ??? But, maybe you would want to look at the SQL Server script or make a different version that would work with the Web Based SQL manager.
Thanks
, That carrot doesn't really exist in the file, so I'm not sure.
I did download and place the ASPTEST file in www.drsweisberg.com/asptest and when I try to load the 2 pages it fails to load. I have another site on the same server and I uploaded the same exact set of files and the asp pages load. www.klarman.com/asptest
http://www.drsweisberg.com/asptest/server_info.asp
http://www.klarman.com/asptest/server_info.asp
This is how I set the connection:
ConnectionString = "DBQ=D:\clients\rklarman\klarman\asptest\_database\asptest.m db;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
ConnectionString = "DBQ=D:\clients\rklarman\drsweisberg\asptest\_database\aspte st.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
,
Best setup I recomend is just setting up a rig and making a workgroup.
No real reason for a production machine to have any access to internal
security when you think about it.
classic asp should be pretty easy to move, just set up new webs and
dump the scripts in there. If you have 2 machines its always easier to
look at the one while your building the other. Basically copy the setup
and tada... the only thing you might need to remeber is components (if
your using any) and thats usually not a very big deal either.
Point sort of being at some point your going to have to change that
thing around and while its no fun you have to imagine now is a better
time to bite the bullet and get it set up the right way. Your
alternative is to mess around for hours and hours praying that you
change domain wide security to the point that running NET
apps on that domain controller works. Personally I wouldnt sleep well
knowing I had just messed around so bad with the OS that I had no clue
what bugs and security holes I might have accidently opened in the
process. I wont even get into the possible things that might stop
working on the rest of the domain if you fiddle with accounts like
"Network Service"
Oh and if thats not enough reason to make you think about it, consider
how hard it will be to try and rember what you did at 2AM 6 months from
now if that machine takes a dive or some critical update undoes what
you changed.
I feel for you though, trust me we have all been down that road once or
twice. Get some sleep and in the AM the task at hand wont seem nearly
as bad. You live and you learn, and you will definatly be WAY better
off making things right sooner than later
, ok, here is what is going on
you are password protecting an ".asp" page that requires querystring info to run correctly (example - "somepage.asp?ID=3"")
that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out
this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact
it was a nice feature never intended to handle any situations other than what I just described...
now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info
that more than anything is what is going on.. browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...
To avoid all of this...
One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)
Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.
Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc
So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.
I hope this makes some sense to you.. it is very hard to try and explain
, Hi,
I can't seem to find the code where it limits the upload file size. I want to limit the upload size to 1.5 mg for all users. Also I've noticed that the 500 pix doesn't seem to work. As in if an image is bigger than 500 pix the script still uploads it. i am using Upload_post_VBSCRIPT.ASP.
Thanks
, sorry,
there is not.. it gets really complicated
its practically a miracle it does what it does due to the nature of the web
perhaps with some modications it could do mroe but the current version pretty much does what it does
, no, that system only works with ASP.NET code.
Currently it can not possibly work with classic asp.
PayPal made it a nightmare to use and work with.
Special things regarding the signing of digital certificates also need to be installed on the web server so if it isn't your server your also out of luck.
, A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.
Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.
Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them
In addition to the settings above each table has one field that is a primary key with an auto increment of one
In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.
The SQL column settings for each one of the primary key fields must be set as follows
In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.
cwilliams38325.7405092593, I'lll try to look at it this weekend. I have to leave the office now.
There must be something wrong with the last build of the code. I dont think that upload export file thing is a feature too many people use or I would have heard of this sooner.
For now just upload you export files to the export folder manually using ftp or frontpage explorer and you can accomplish the same thing.
, I post new ads , can view it in admin area
but when go to first page no ads show
all categories show (0)
How solve this problem ?
PS: I set default auto approved ads
, SQL Server Database Information Mod
This mod is only for customers running SQL server. It is a new stored procedure and a new version of the "server_info.asp" file that will display information about your SQL database on the Server Info page.
Purchase Page
This is for Advanced SQL Users only that understand how to add a Stored Procedure to a SQL Database as well as assign permissions and what not.
To install this mod you should have access to SQL Enterprise Manager and Query Analyzer as well as be able to grant your SQL database user EXEC permissions on the new stored procedure. , The Pop-Up Javascript Date Pickers will only show up of your server's regional settings are set to one of two lCID values.
1033 which is English - United States
mm/dd/yyyy date format
or
2057 which is English - United Kingdom
dd/mm/yyyy date format
Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.
This setting can however be easily overwritten when using the ASPBanner system.
Edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 1033
or
Session.LCID = 2057
depending on what date format you are looking to use
Save the file and go edit a banner. The date pickers should be there now.
cwilliams38325.7403125, (Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Instructions:
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<tr>
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<td valign="top">
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
newsletter ?</font></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
</td>
</tr>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
End IF
End If
End If
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
else
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
End If
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Response.End
End If
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
, 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , Hope the wedding went well. I have one this weekend.
I was successful at performing an upload. The free upload software was either not configure properly (probably) or not working. I downloaded the trial version of softartisan's upload (which is like over $300) and it started working.
Can more than one photo be uploaded at one time (like a whole folder full of photos) or does each have to be done individually?
, [QUOTE=afifm]
I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
End If
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>
</head>
<body>
My Protected stuff here
</body>
</html>
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
Thanks,
Mo
[/QUOTE]
I just added couple of lines and it works fine
If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then
' Session("PasswordAccess") = "Yes"
SearchFlag = true
End If
, Hi,
First and foremost, a great product. I downloaded it last night and it took little effort to get it up and running 
.....now a little question...
Has the software/code been tried out on a Mysql db and if so did it work?
The reason I ask is that my website is very busy (1.5million page views per month avg) and I'm considering converting the ASPBanner Access db to a Mysql one to help handle the traffic. For every page view one banner impression is being made which means that the Access db is under a bit of pressure
This afternoon there were 1012 simultanious users on the website and it froze with an error message displaying where the banner should have been (I didn't quite catch the message but something to do with the banner script timing out). I'm not sure if the Access db had something to do with it but it seemed too coincidental. Rebooting the server cured the problem but obviously kicked off the visistors as well
At present there's 668 online and no problems so I'll have to monitor it to see how it goes but if anyone can answer the Mysql question I'd be grateful
Thanks,
Dave
, Hello,
Thank you for the feedback.
I would like to point out the requirements of the application however as this is something I am aware of and do address.
http://support.cjwsoft.com/code/moreinfo165-1.htm
These requirments are directly linked to from the ASPProtect v7 web page, so its not like I dont try to tell people the deal regarding SQL server.
Basically I only have the resources to provide scipts and instructions for using SQL Enterprise Manager and that is all I officially support. I also personally think anyone using a SQL Server should be using SQL Enterprise Manager because later on down the road there are things you may want to do such as backups/etc etc
Take Care,
Chris Williams
www.CJWSoft.com
, Well, thats not normal.
(it should work just like our online demo does)
Do you have everything turned on in the settings ?
Uploading needs to be enabled and you also have to pick a valid upload method.
, You know what, you really are frigin goofy to say you might think we
didn't write the software. I got source code to the license dll as well
as about 12 revisions of the application sitting on my development
server as well as about 1200 emails between John & Myself as we
worked on it. Not to mention all those .vb files that come with the
application. What do you think those are ? I bet you don't even really
know based on something you said in one of your earlier forum posts.
Did you even read this cause this is YOU... !!!
http://support.cjwsoft.com/code/moreinfo234-1.htm
And we say right on the ASPProtect.NET product page to read that article before making a purchase.
Moving
on... it basically says on the site ASPProtect.NET works the way
it is shown to work. You can use it that way or you can further edit
the code with Visual Studio.NET. If you are so good with asp.net then
you should be editing the code to work differently or writing your own
authentication that works exactly how you want it to. End of story. You
keep arguing about things your done... you are so done !!! I won't keep
putting up with you., My ISP uses ASPSmartMail. The email confirmation works except when I try to register an AOL user the server returns an error 500.
, I tried the iFrame method that you have shown, and it works great!!!!, Chris:
The string is being saved and I get a .wav ring sound to confirm. I have tried editing in "notepad" and then running the "data/show_path_info.asp" file after with the same results.
Ken
, Oh, it does seem to put the photo in the correct directory., Are you aware ASP can run on any machine running win95/95,2000,xp pro, 2003. You really should test all asp code locally before running it on live servers but anyway... that is your deal
I am not sure if memory alone will be enough for that server but it could help. I saw a decent amount of free memory when I looked. Its just about an 8-10 year old system on every aspect (processer,OS,Hard drives, memory etc etc) and not only that something is tasking the heck out of the resources left over for asp database access. Something is just wrong. I don't know what it is but I am pretty sure it is not aspprotect. I got rid of my last nt 4 server about 4-5 years ago but the application always ran great on NT and I still have some customers using NT 4. Not many though.
if you email me the import file and the encryption keys you are using I will make a database for you.. just zip it up and send it to chris-cjwsoft.com
replace - with @ , I'll try to help when I get back tues night,, see the contact page for info on where I am
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry
, I have been able to successfully edit some text colors, but there seems to be one page that wont change the text color. Inside the users/ folder, the login.asp page, i cant seem to change the text color from ffffff to 000000 so it can be read on my background color. Every page in the script is correct but this one.
Thanks.
, Hi - I am a recent user of your software. I administer it for the owner. I probably missed something in your forums somewhere - but I'd like to know how to stop the software from sending an "accept registration" e-mail (after they fill out the registration page) from going out so fast - usually within minutes. I'd like to know how to defer the message for 24 hours, more or less, so that our company can go over the registration details and decide whether to allow the person registering to actually have access to our protected website pages. The program is working very well and we are excited about it. So far, no problems (knock on wood!).
Thanks so much for your help!
, I'm trying to use CDOSYS.
It seems to work fine on the web page, however the mail never gets
delivered.
I can see my messages sitting in c:\inetpub\mailroot\pickup but they never leave it.
I found another folder after doing a search for "pickup".... it is:
d:\program files\Exchsrvr\Mailroot\vsi 1\PickUp If I paste the files
into there, they get delivered.
How can I get the email to be delivered without doing the cut and paste?
I've tried it both with and without authorization.
I am running a Windows 2000 server with Exchange 2000.
Thanks.
, Has this been resolved ?, its part of how the skins load.. regardless you got bigger problems here..
I am beginning to wonder if you unzipped the download correctly because I see things in folders they should not be in...
you should have ended up with a bunch of folders and files...
It you just ended up with a ton of files in one directory you did not unzip the zip file correctly... if so check your zip program settings.. I mean that error is because it is looking for a file in the skins folder that isn't there and it should be there
better yet, unzip the downloaded zip file using windows xp built in unzipping features which will do it correctly...
, I do not have any programming knowledge and have what might be a simple question.
I am having a hard time getting my hosting company to modify the rights on the data folder. They state they support ASP and access databases however this is the response I got when I requested the modify permissions set for the internet guest account:
Were the rights changed on the data folder?
See, and that's what I thought. What's interesting is that if I call either an aspx page or an asp page in the iframe tag, it asks me if I want to open the page, it doesn't display it. I'm using IE6 so there's not problem with the support for the tag.
I'll keep looking to find out what's going on. I think the iframe method might work best.
The standard version can not work with MySQL.
There were a lot of changes to make the new version work with it and I really only did ift because I have a couple friends with busy sites that could only use MySQL.
It sounds like your site is way too busy for using an access database as you mentioned.
, Thanks, I'll take a look.
