Blog Entry: 3/25/2006 4:55:51 PM
that is because passwords in the import/export files are encrypted.. if you make one of your own you need to use the rc4 function in the "config_inc.asp" to encrpyt your passwords just like the aspprotect system does (requires knowledge of vbscript and integration into your export system)
now, there is a way around this
if you want to import a file you made with clear text passwords edit "import.asp" beforehand and change
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = UserArray2(5)
to
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = RC4(UserArray2(5), PasswordEncryptionKey)
that way it should convert your clear text passwords to encrypted while it does the import
this post also addresses this but in the reverse scenario
http://support.cjwsoft.com/code/code_info.asp?TID=261&PN =1&TPN=1
I hope this helps you because I really do have to leave the office like right now. Very late for a dinner meeting.
I should be back on the computer later tonight or tommoro morning
, no, you cannot unless you plan to write a lot of custom code.
That is why the option pack has groups which eliminate the need to use access levels because groups can do everything access levels can and more.
There is an article here regarding that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=32& PN=1
cwilliams38303.5555439815,
gotcha...thanks.
, Hello,
You are correct regarding what you noticed.. ASPBanner only allows one person to administrate. If if did what you are asking about it would probably cost more.
(you get the ASP source so if you really wanted that you could always add it on your own fairly easily, but it all depends on your skills)
AS for keyword advertising and different ads based on certain pages ASPBanner does not get into that. The main reason being performance as I built ASPBanner primarily as a performance banner rotation solution.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=144& ; ; ; ; ;PN=1
Like that thread says, you could make different zones for different conditions.. then surround the banner calling code with if else logic so a different banner zone was called under certain conditions.
Regardless, if you really need something that has every bell and whistle. BanManPro is where it is at.
cwilliams38434.7100578704, glad it is working now
sorry ya had trouble.
cwilliams38418.6886342593, did you read what this thread says about that session variable for groups not be created by default
you have to add code so it sgets created before you can check it... this thread talks about that, Installed latest verison Doesn't seem to have corrected problem. Still with same message. I wonder if deleting this user and putting him back in might help. I have not however tried any other user names and passwords.
, well, I was curious myself so I just tried it.
Good news is it worked just as I thought.
Only problem is your changing things to allow authentication info to be passed over the net in a url. If you can live with the security implications then it will work. I mean a sniffer could see that and end up knowing the username and password.. not likely but just putting that out there.
Of course now that I think about it unless you are running under SSL (https://) when you log in normally that info is in the post info anyway and possible to get at.. course not right out in the open like when you put it in the url and less likely to be noticed.
As long as your not doing it to access critical areas like the admin pages... and you monitor the log files once in a while it's probably nothing to worry about.
, well, ultimately it comes down to this and this is stated in the footer of every page in the cjwsoft family of websites.
"In some cases in order to receive proper tech support your application will be need to be installed on a live professionaly setup server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine."
and if you have some sort of weird timeout going on on your local machine and cant even give me a detailed error message there is just no way I can possibly troubleshoot it... I told you what to check and thats really all I can do... all my applications run on XP. As a matter of fact I do all my development on XP boxes.
It could be any numbers of things... odbc drivers, versions of vbscript... other software on the pc interfering such as antivirus script blockers like norton... all sorts of issues can pop up on personal machines running xp
If you put this up on a live professionally setup web server I can help you. On your local machine there is only so much I can suggest. , Hi Chris:
Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?
I'm not quite sure what the syntax would be in the URL.
Warren
, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296, Then, you would have to add those users to the aspprotect user database. You would do so using the built in import/export features of msaccess and being very carteful about it. It is not a process we support and the technique used would be unique to any situation. Its basic database work though but still you have to be able to do it.
ASPProtect uses its own user database and you have to use that database. ASPPortect can not authenticate users using some other existing database.
Does that make sense ?, the following error message appears, but only when attempting to log off. all other parts of the program seem to be working.
[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0xa04 Thread 0xa38 DBC 0x21ff024 Jet'.
, LOL
, ok, I moved this thread..
The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.
The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)
That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing.
Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.
Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"
change
Password = CmdDataExport("Password")
to
Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)
Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.
, The problem with that is when a user deletes an album, the album record does not get deleted from the DB, so counting all the records would return the accurate result. :(
Any hints?
eeye38433.0290740741, Thanks for the install. After many hours I finally got part of the
system working. I can log in and log out as a user. My problem is I
want the pages
accesses by Members ONly. The database will contain the names of
the members and only they are allowed access, and no one else. I
tried Joe Blow to log in and it worked, the only thing is Joe was not
in the database and he should have been locked out and a page come us
saying something like "you are not a registered user, please complete
the membership application" and then link back to the root web,
application page.
I am also afraid of breaking the codes you provided thus far. I also
want the password protected pages in a sub-web of the root web.
This may sound like elementary stuff, but this newbie is having
constant trouble. I am also referencing books on ASP and Access
and VB and still come up with a dead end. Search the net and come up
with a few codes which are described as something I am looking for, but
dont want to add any thing like that for fear of breaking the whole
thing.
Any suggestions?
, Hello,
What is the difference between the paypal_sub_signup and the paypal_signup directories? Also, I know it depends, but what directories and files can I delete from my web server if I am not using them? I copied the entire set of files that came with the program over to the webserver and I am concerned that there is too much out there.
Jess
cwilliams38446.6304050926, You are NEVER supposed to move any files, especially that one. Of course that is going to break a lot of things.
Please put it back the way it was.
You change the path of the include file when you call it, never the location of the include file., Another good tip is to make a copy of the "password_admin/default.asp" named whatever you like..
"default2.asp" would work...
then maybe add a link to it from the header_inc.asp file
then you can modify that one all you want and your will still have the original around.
That concept works for a lot of things.. for example you could make a copy of the "users" folder and call it "users2" granted a few paths might need to be changed here and there but really not a lot. (how do you think the paypal signup folders were created, they started as a copy of the "users" folder of course)
You can even make a copy of the "check_users_inc,asp" file if you like. Then make a copy of the "scripts/login_form_inc.asp" file... then make your new "check_user_inc.asp" file reference it.
Then you can password protect pages using different versions of the "check_user_inc.asp" file. Why ? well maybe you want different looking logn forms for different parts of your website or you want to make a lot of changes to the "check_user_inc.asp" file and want to leave the original alone.
The sky is the limit really. When it comes down to it besides the actual guts of the "check_user_inc.asp" file ASPProtect is nothing but html tags and chunks of simple server side code that produce more html dynamically. What your browser ends up with is basic html. (some client side javascript in certain cases, but that is pretty basic stuff too.)
cwilliams38422.509525463, humm,
thats a new one.. something is very wrong.
Please show me screenshots of exactly what happens and what you see. It does not make any sense so I need more info or I least need it described in more detail., Chris,
I understand. I set it to a lower number that will hopefully be a good balance for the user. I am simply AMAZED at what your software does and I thank you for all you have done.
Jess
, Well, I had no more trouble after I read the instructions.
The PayPal integration is really neat stuff! WOW! And the email
users function got up and running in a snap... this is an awesome
package!
The coolest thing with the user registration is that the account
username and password are selected by the user. That is very very nice.
Much less typing for me to do.
, I would look on the pictures folder on the server and see what is there for pictures. Also, when you see a broken X on the site right click and see where it is trying to get the picture from and what the pictures name should be.
I would also be sure to clear out your temporary internet files in IE. clost and restart all browsers..
maybe show me the site ? so I can see this happening ?
cwilliams38348.9748726852, let's try this... edit that page with a text editor like notepad...
Carefully replace any instance of "Cint" with "CDbl".. I may have missed some of those when testing the last time I edited the code.
, Well. fontpage publishing is evil. That you have found out.
Do not use it. It usually wont work right when running asp code locally and also at the server because of differences with the paths and virtual directory structure. etc etc etc
You can definetly use frontpage to connect to the web site live and drag and drop files into it/edit them... but the sooner you stop using the publishing feature the better off you will be.
, you not seeing the real error
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1
, Hello,
It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.
I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.
But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file
, I am sure its permissions as well, but I don't have that much access to the hosted server...lol.
I will use access for now, since it works fine, and try to talk with the hosting people later.
Thanks!
, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks
, Is the user ID case sensetive? In my case I use the user email as the login ID., I would like to have the ability to give a user 1 album with the default # of photos in it.
Is the best way to implement this to just add in an album creation
routine during the sigup/registration process and turn off the ability
to create a new album? Or is a user setting prebuilt into the
system for this?
, That helped very much. Thank you. Hope you enjoyed your dinner., thats not good.. its a web server configuration issue of some sorts ?
post is a common method for forms.. if it is not supported it is something you should ask the server admins about.
Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?
ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
http://support.cjwsoft.com/code/moreinfo165-1.htm
My guess is your web server is running Apache Unix or something like that.
, does emailing work at the simplest level.. ??
meaning does a user get an email when you send an email from the admin users screen ?
if emails are not sending it could very well be the setting you have chosen for emails in the settings.
the best thing to do is keep trying to send an email there and try different emails settings until you get something that works... even when I do installs for people I often have to try a lot of various things before I get emails to send.. like picking different components and trying different things for the email server address because what they tell me is often wrong
also, sometimes emails get sent but depending on where they go they may get deleted as spam.. aol, hotmail, msn, and yahoo are famous for that , Thank you.... yes it does
Is there a limit in the number of Zones you can have in the database.
thanking you
, My guess it they are runnign some sort of ad blocking software like norton ad blocking. Something on the client side blocking ads or anything with the word ad in it.
I would investigate that., I did all that you sugessted and all failed, you said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually? below are the steps I performed......
1 - made sure the web is it's own application in IIS
2 - Reset IIS in command promt
3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.
I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?
Thank you!
Matt...
,
 |
Don't want to install the application ?
Having trouble doing it ?
Don't think you can ? |
No problem, have us install it for you.
PLEASE READ ALL OF THIS
Installation service is generally available Mon - Fri during the hours of 10 am - 7 pm EST.
We may very well be around to do installs at other times but we do not guarantee that.
To do an install we generally need FrontPage Explorer or FTP access to your site.
We also need a way to set permissions on any necessary directories, etc etc.
To do a SQL Server install we need to access your SQL server via Enterprise Manager.
Some installs may require access to other things not mentioned.
The server must be a properly set up NT/2000/2003 server running IIS 4-6 for ASP 3.0 applications.
(with support for ASP scripts and database connectivity.) Parent Paths must be enabled on the server.
Please Note:
These ASP scripts do not run under Chillisoft ASP. That means they do not run under Unix, Linux, Apache, etc etc.
We do not install our applications on free ASP Hosting solutions. Why, because they are more trouble than they are worth. Free hosts like that are usually zero help if we need something changed. There is a reason they are free.
We install the software in it's base configuration. We make sure it is running correctly. If you break the installation you will have to pay to have it fixed. We do not integrate it with your existing site or edit any of your existing web content. That is up to you. Installation fees are non refundable as is the digital source code we sell. When you purchase anything from us you agree to this.
We do not do installs for IPNFulfill and Color Sequence Protection as they are simple scripts and do not even use a database.. We also do not install the IPN Support Pack as it is just a folder you copy into your web and some configuration files that you must decide how to configure based on your needs and your PayPal account info.
|
Installation Service Pricing
Any CJWSoft ASP 3.0 application
(Access Database Installation) |
25.00 |
 |
Any CJWSoft ASP 3.0 application
(SQL Database Installation) |
40.00 |
|
Contact us if you have any questions.cwilliams38165.5615277778, If I would like a link on my web page that will take someone to the login page (I would also like this page to contain forgot passord? and register) I am not entirely clear what file to link to to do this. Would it be check_user_inc.asp?
Thanks in advance?
cwilliams38456.0972106481,
Timecard Entry: 3/25/2006 4:55:51 PM
test and publish suimall.com site templates, printed, reviewed and mailed invoices; readied money for Clayton, cancellations for nonpayment, answered phones, Sat in NOC room... was going to help Drew pull cable from 135 Park Place, but it didn't happen. Took a couple tech calls. Tried putting 2000 Pro on Furies, but it wouldn't let me boot from the CD Rom, so Furies is still 98. :-P, on site at Climax for installation, router not what client expected, bring back for additional configuration, HELP FIX PRINTER, spreadsheet and emailed/faxed payroll and gave Terri web billing info, Checked DUI, Voice mail, and AUQ. Took tech calls., Carthage federal- billed for work not completed- pre-qualify form not up- snet request to Peggy, contact customer all set., s/w mildred on lease. s/w rp on exhibit a. fax received from ernst and young to george. walker invoices to drew for shipments. po for mel on excel training. email to fred on badges - no word from tim. key cabinets received. list dev. for phone service messages and sent to nic for sales., Emptied trash and transfered all cleaning supplies to womens room cabnets., general work, develop and deliver a production summary report to BIll Martin/Communicating Arts, return emails, talk to boldt castle, ti authority, davidsons, guy about web hosting, Picked up mail and opened. Posted accounts, credit card authorizations, coupon referrals, customer inquiries, and ans. phone., return to office, emails, etc, check voice email/email
calumet motel- schedule appointment owth russel- changes to web site, billing question, caskinette auto- work order changes to web site- gave to dave
Gigabytes- transfer domain over to us, talk with kelly and tara, Aqua zoo- info fabout transfering domain name- things that need to be done, could take up two fourto eight weeks, Boces- scheule appinemnt for uploading disk to computer
Thousand islands coouncil- meeting for thursday, Moby dick charters-inofr for web site, email, North country orthopaedic- infor for statstracker , *TaskForce - Exchange Installation Research; Configure New Exchange Server, Took some business calls., Costguard setup work, Meet with South Jeff Teachers, meeting with connie schoch, busy teching, Folded materials for Citec conference on June 20, General, mostly making sure that Service Master got going on the building. Last minute checks to make sure things were ready for the McNally's visit., Work on NYAB diagram. Also work database, organized order status re: Cortel, Returned call to Howard Beyer (LMOM). Spoke with BC about customer referral. Began working on coupon for bundle training. , REAL busy...5000 and 5500
numbers down, Watching the NOC from the Tech Room, flipping through the CSG Manual, Web billing, email, voicemail, stats tracker for remington museum,
