Blog Entry: 3/25/2006 4:51:48 PM
Best setup I recomend is just setting up a rig and making a workgroup.
No real reason for a production machine to have any access to internal
security when you think about it.
classic asp should be pretty easy to move, just set up new webs and
dump the scripts in there. If you have 2 machines its always easier to
look at the one while your building the other. Basically copy the setup
and tada... the only thing you might need to remeber is components (if
your using any) and thats usually not a very big deal either.
Point sort of being at some point your going to have to change that
thing around and while its no fun you have to imagine now is a better
time to bite the bullet and get it set up the right way. Your
alternative is to mess around for hours and hours praying that you
change domain wide security to the point that running NET
apps on that domain controller works. Personally I wouldnt sleep well
knowing I had just messed around so bad with the OS that I had no clue
what bugs and security holes I might have accidently opened in the
process. I wont even get into the possible things that might stop
working on the rest of the domain if you fiddle with accounts like
"Network Service"
Oh and if thats not enough reason to make you think about it, consider
how hard it will be to try and rember what you did at 2AM 6 months from
now if that machine takes a dive or some critical update undoes what
you changed.
I feel for you though, trust me we have all been down that road once or
twice. Get some sleep and in the AM the task at hand wont seem nearly
as bad. You live and you learn, and you will definatly be WAY better
off making things right sooner than later
, ok.
sorry then..
I just had a series of fraudulant orders this past week including today and the whole thing has me on edge. (foreign people getting my code for free and doing who knows what with it) When you mentioned calling the cc company it pushed all the right buttons.
Merry Christmas,
I am brought to a logon page in which I cannot access the page. This must be due to the check_user_inc.asp include. Without the include I get a blank page.
, Well, thats not normal.
(it should work just like our online demo does)
Do you have everything turned on in the settings ?
Uploading needs to be enabled and you also have to pick a valid upload method.
, SQL Server Datareader Datawriter Permissions..
here is a screenshot that shows how to set datareader and datawriter permissions on a database using "SQL Enterprise Manager"
In this example we are making sure the aspbanneruser has those permissions on the aspbanner database in the SQL Server
cwilliams38390.5986921296, I really do not know for sure, but I imagine there are customers using their windows hosting. Usually I do not know what hosting company a customer uses and I am usualy the only one that responds to forum questions.
Why not download the current Free lite version and try it out ?
CJW
, Thought that was already done....
Back to the drawing board...
, Please forgive my question in advance, I'm sure I've overlooked the answer somewhere obvious. I'm sorry!
I'm wondering if it is possible to customize the appearance of the
banner stats login page or the admin pages. I'd really like the
banner stats pages to look more like my own site or at least have my
logo on there or something like that so that my advertisers can see
that it is my site when checking their stats. However, I want to
do this without violating copyright, etc.
Can someone point me in the right direction or shut down my hope?
Thanks!
Laura
, here is the next response to this which was emailed to me but should have been posted here
From: Mo Afifi
Sent: Sunday, October 23, 2005 4:47 PM
To: CJWSoft Support Info
Subject: Re: CJWSoft Support Info : SSL - Verisign Certifcates
Hello,
Thank you for responding to my posting. In the second line of your response you said “not start them off at an http:// url". I think what you meant is to "not start them off at an https:// url". If this is your intention then I agree with you 100%. I have revised my pages so the users will go first to a non-https page and then make a choice either to use secure or non-secure access. Please note that the site is not intended to be completely SSL protected but only the sign up pages. I have another problem though when I click on the "Secure Log In" and enter my log in information; the entire subsequent URLs will have https:// in them which I could not shake off. As I said the intention was to use the https for sign in only.
I realize that this issue does not have any thing to do with your product, but any input will be appreciated. Best,
, I think you getting all confused about dsn's and what they really are.
A system dsn gets created via the ODBC control panel and gets listed there. A system dsn is nothing more than a registry entry telling information about where the database is an how to connect to it. Then every time code accesses the database it has to do a registry lookup. The whole process adds a lot of delays, causes very poor performance and is unnecessary.
A dsn-less connection simply connects directly to the database by specifying the driver being used, where the database is, and some other information like the password if there is one.
To get aspprotect or any other ASP application using a database all you have to do is make sure the database folder has correct permissions and then make a connection string like so. (with the correct info for your directory structure of course)
DBQ=c:\inetpub\wwwroot\aspprotect_6\data\database\ASPProtect _access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp
If you are wondering Access databases always use the same username.
So, basically if permissions are set correctly and the directory is valid it will work.
It is really that simple. 99% of the time when people have problems it is one or the other.
That being said, don't worry about the odbc control panel and what is listed there for connections. All we really care about is that odbc drivers are installed and somewhat current.
One last thign for reference: even if you do make a system dsn the database folder still needs the correct permissions.
cwilliams38417.7371643518, When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
Thanks
, Hi,
I basically explained how I thought that might work here where I went over everything I could think of and suggested you download the free version and see if you could get it working
http://support.cjwsoft.com/code/moreinfo488-1.htm
The part about using the alternate scenario involving querystring info from a url.
I have never done anything like that and that is why I told you what I knew and suggested you try it with the free version...
, You kid around again regarding illegal downloads and not only will you be banned from the forums, your support will be cut off completely.
, I have one file called asplistings.sql but I have license for ASPListings_auto and ASPListings_real_estate. I really want to use the SQL server for both. Please advise how?
Thank you.
Lance
, One last thing..
This is bad
http://www.bones.myftpsite.net/rfamilystuff/pictures/
there are .asp files in there people can run that you dont want people running..
u should delete the asp files in there or turn off directory listing...
take care,
CJW
, Actually it would because you would just count records for that user that are also active
and yes, users cant delete albums.. they can only turn them off which really means the albums lose their active status
only the admin can truly delete an album the way the code is
(that's just the way I did it for some reason.. I don't remember why)
cwilliams38433.0343865741, I sent you a PM, Well you can put a link on all your pages that links to the login page?
modify the code in the login page so the return page is members.aspx or
whatever you need and thats it?
I dont see your point? probably because I understand how the program works and your not 100% up to speed on how it works.
, >>1. What is telling paypal to return the info to the ipn.asp page for
processing? Is that something I have to set up in my paypal
account?
Nevermind on this question. I found the notify_url variable. :-\
Thanks,
Michelle
, dsn-less is the way to go..
http://support.cjwsoft.com/code/moreinfo9-2.htm
you also need to use newer versions of the database as the odbc drivers on the server are sometimes very new and no longer work with access 97 databases
, That worked...but when I tried importing the test user, the password was imported in an add formated...like it was encrypted, and I can't log in using the User ID that I imported., 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , If by permissions ou are reffering to the IUSR with write/execute
permissions, they are already set. I get this error when I hit the 'Create New
Export File From Current User Database' link:
Microsoft VBScript runtime error '800a004c'
Path not found
/ASPProtect/password_admin/export.asp, line 76
Any other suggestions?, Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.
Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.
, I need a point or a little insight please.
I need to get information from a credit card authorization called netbilling. I have been looking at your code for PayPal and 2 checkout. I have a feel for the code flow and the relationships of the "includes" .
I have been doing a lot of reading in my books and am seemingly twisted around the axel. I am not expert in ASP I am better in VB. I am not afraid to write code I am just a little nervous about messing up existing relationships.
My plan is simple: code a page to open the database and populate the database fields from netbilling and convert their field name to yours in the database.
I appreciate your time and insight. As in the past I need your help again.
Thanks
, humm, I see your using the lite version which is technically not supported.
I know you were responding to an existing thread but I really would rather you have posted this in the ASPProtect Lite area or at least mentioned what version you are using. Usually there are big differences in the versions and it helps me help you if I know what is going on.
Regardless, the code for this feature is actually the same and I just tested a fresh install of the lite version and it stored that verify url perfectly and all worked as it should in the verification email.
All I can think of is that you can try manually editing the "users/add_new_account.asp" file.
This part
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & vbCrLf & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Would need your verify URL hardcoded into it which would pretty much guarantee it would get put in the email.
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & "http://localhost/aspprotectlite/users/v.asp" & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Of course change the url to be valid for your setup.
Still, the fact that this isn't working means there is something wrong with your installation. It would probably be a good idea to erase everything, do an iisreset, and re-install the application in a different directory... immediatly log and go to the settings page, carefully set everything and save it... then register as a new user and see what happens.
There is no reason that variable shouldn't get set. I mean I tested it just now with a fresh install of the version you are using and not only that... 1000's of people have been using that same code for over a year in the full version and no one has had this problem except the guy who started this thread who never populated the value.
My guess is still a problem with your "IIS application" for that web. It is not doing it's thing for some reason. When the settings page is saved and application variable gets set telling the config file to reload the variables as it doesn't do it every time to conserve resources.
If that isn't getting triggered and that variable isn't getting set who knows what else isn't getting set and it's not pratical going around hardcoding 15 important variables., I use the group feature and would like to know if it is possible to change or delete members from a group in bulk. For example if I have 200 users registered for group 1 and 3 how could I delete all members from group 3 in one pass rather than editing 200 individual members?, We do not have plans to support recurring payments via 2checkout because their system is not flexible enough to allow it to function correctly. Basically their system will not send notifications to our system when a recurring payment fails and therefore there is no way to automatically disable a user that cancels or does not pay. etc etc.. , When a logged in user with specific group rights tries to look at a
page that has different group membership requirements the Login screen
comes up giving them an opportunity to login with different rights to
view the page. If you log in again with your current user name
the same login screen returns with the added words something to the
effect of "Access Denied, you dont have group rights to this page...".
The only way to get back to the previous page is to hit the back button
on the browser (there is not a back button on the denied page).
I would really rather not even present the "login again" screen to a
user but just have a custom page that says "access denied" of my own
design with a back button on it. Is this an option provided for
in ASPProtect currently? I did not see it in the admin section
settings tab. Is there a separate "login again" asp file that is
being used for this
group access deny message that I could alter, or does it always have to
be the login asp file?
Or would this require me modifying the check_user_inc.asp file around
line 356 to change this behavior (I don't want to screw up any other
stuff though...).
Thanks!!
Oh, PS. just a quick check...it looks like if a user is an
"admin" he automatically gets to see all group pages regardless of
which set of group numbers are assigned in his user account...is that
right?
, let's try this... edit that page with a text editor like notepad...
Carefully replace any instance of "Cint" with "CDbl".. I may have missed some of those when testing the last time I edited the code.
, After taking another look at this and trying your suggestions without success, it appears that in Windows 2003 server it is nearly impossible to remove the READ ONLY attribute from the _database folder. I'm wonder if this could the cause?
Thanks
, did anyone find a way to get the descriptions to show under the image yet?
, If I also password protect the pricelist pages then someone will have to login twice.
nobody should have to log in twice... ?
session variables keep track of access... once your in - your in and you can browse to and from any password protected pages you like
If it is making you log in each time then cookies are most likely disabled.. session variables requires cookies being on to work.. cookies being on is a requirement of aspprotect and is how Formed Based Authentication works..
let me know if that is the issue there...
you shouldnt have to be logging in more than once per session
Thats the whole point of the application...
,
I just added this line to the paypal1.asp
page
<input type="hidden" name="currency_code"
value="CAD">
and it worked. Clearly other values can be entered for other currencies.
Everything was listed in this manual https://www.paypal.com/en_US/pdf/subscriptions.pdf.
Cheers
Roy
, its no different than linking to an image or another page. you have to adjust the path to the include file based on what directory you are in.. or you get an error
This is noted in the admin area on the code generator page which also gives you 2 examples of ways of calling the server side include. (Virtual or File include)
These threads below are also full of info. I found them by doing a quick search and they should help you out as well.
http://support.cjwsoft.com/code/code_info.asp?TID=349&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=303&KW =The+include+file
http://support.cjwsoft.com/code/code_info.asp?TID=236&KW =The+include+file , I didn't know about it. I will try to check it out some more this week.
, It does not matter what directory name the ASPProtect files and folders are in but you cant go moving around critical file and folders like it appears you did nor is there any reason to.
All that is is saying is that the users folder, the password_admin folder, the scripts folder, the check_user_inc.asp file, and all the other files and folders that come with the system can be in any directory name as a whole.... but that doesn't mean you can go messing around with the files and folders in that directory.
I assure you 100's of users do not use "aspprotect" as the main folder name and they have no issues doing so.
Regardless, you need to explain in much clearer detail exactly what you did and what paths you used and what is where. At this point I really do not know what is you did as your post was not clear to me.
You should also check that you have entered correct path info in the admin settings page area. The register page is one of the paths that geths set there.
, 1st of all when I look at the site I see a lot of non US characters and I can see the regional settings of the site are foreign.
ASPClassifieds in only intended to run under US and Canadian regional settings as stated on the site.
Thus the BIG notice on the purchase page.
http://www.aspclassifieds.com/purchase.asp
It won't run right like that for a lot of reasons and it is not supported like that as that notice says.
The categories showing 0 is just one of the problems you will have.
If I help you fix this it will just lead to 4 more issues right after.
If you would like support with the classifieds application you need to run it on a server with US or Canadian regional settings like the site says. ,
I can no longer send e-mails to my configured accounts through aspbanner. It was working for over a year and now it stopped.
At one point I was using
CDONTS_Installed but since I moved to a new Windows 2003 server I was told by my ISP that either one of these will work
but neither one works. Can some one assist?
JMAIL_Installed
ASPEMAIL_Installed
, I am not sure totally understand your question.
I need you to explain it differently.
Any ".asp" page that is protected is going to automatically prompt them for a login box or log them in automatically depending on if they set that option.. In the end returning them to that same page.
So, it really all takes care of itself for the most part.. It doesn't even matter if the bookmark a protected page deep in your site. The system is smart enough to keep them at that page as well as handle their access.
Now of course if they are at an unprotected page of your site and navigate to a protected page they get a loin prompt or are allowed in if they already logged in...
Also.. when you say unprotected page ? do you mean ".htm" or ".asp"
cwilliams38298.6571759259,
Timecard Entry: 3/25/2006 4:51:48 PM
talked to by about ideas for wednesday meeting. notes for bundle revisions. contacts transferred to wizard. talked with az about compuserv web design referral. , Gotta eat sometime., Lunch, labeling and tying down new runs in server room, testing connections and switch overs.
ripping out the old wiring, train, Jeff Cooper re: email problems, Travel to Watn., Article for North COuntry this week, Touch ups to MLS Powerpoint presentation., Lunch, lunch, Called a couple of Ask Us A Questions and checked RadLog again., wHITES MEETING, on and off spurts of phone calls, got busy at times later in the night
, CER TOWERS, Troubleshoot balaganchik FPSE issue, conference, Ron, Timberview.Com - Adding a feature to admin that pops up a seperate, printable window of the main summary page., Doc Manager, STAFF MEETING, helping MARCOM move, review proposals for amy, evaluate projects and assign names whom work will be completed by., Prepareing, and Organizing Switch room for Nortel to bring in and install switch, travel to the bay for the BAH, worked/played with Wiley Weather web site for Steve, also went back to Watertown office to talk to Steve about the site, examened ASP creation software, daily ticc meeting, Mike Soulia re: email migration, entered cc batches, Picke up mail and opened. Posted account, ans. phone. and customer inquiries.,
