Blog Entry: 3/25/2006 4:49:44 PM
yes, PM me the encryption and cookie keys if you don't mind.
I can add it to my combinations that cause trouble.
it might help me to figure this problem out. , Hi,
I really look forward to installing V7...
I would like to test V7 by copying my existing V6 to a NEW directory,
including the database with new connection, and using this duplicate to
do an upgrade for TESTING PURPOSES ONLY before commiting to upgrading
the main system.
Should this cause any problem?
Tx,
Leon
,
Humm, its hard to explain but I am not sure that is a good way to be testing that. I hear what you are saying but I am not sure that really means anything. Whatever is going on its some sort of client side issue with the browser and the meta refreshing over a very long period of time during which there really is no user doing anything at the site. , Ok.. glad you got it working., this issue has been resolved.. see following thread
http://support.cjwsoft.com/code/moreinfo316-1.htm
, Disallowed Parent Path
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.
If it is not enabled on you server you will have to ask your host to enable parent paths for your website.
This is what the settings screen looks like on an XP Machine
Additional Information:
It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.
Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.
Hosting companies should if they are serious about hosting ASP.
If they won't your only option is to go through all the code and convert the file includes to virtual includes.
http://www.powerasp.com/content/code-snippets/includes.asp
The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)
Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc
Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.
In my opinion virtual includes are pretty useless for commercial web based applications... Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.
For example...
The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->
But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this
<!--#include virtual = "/somedirectory/somefile.asp"--> cwilliams38391.6033101852, I do not what see what this has to do with anything I sell ?
Those errors are all related to pages that have nothing to do with my ASP applications and code., Update..
I have support for the ibulc image uploading client working.
http://www.ibulc.com/
There is also an option in asp photo gallery pro to store the images original filename in the description field which is pretty cool.
Ibulc client bulk upload support currently only works with the pure vbscript upload or the safileup component. (I may support the other two components asp photo gallery can use but it really depends on time) The pure vbscript upload code I am using for this is much better than the code I was using before so that method should be offer decent performance for anyone though using a component is always better.
I still have to add the ibulc feature to the users side. It currently all only works for an admin user.
The whole process is very cool. You install the ibulc client on you computer. It's tiny, and free for uploading up to 10 (100kb) pictures at once. You have to by a domain license from them to do more than 10. Anyway.. it lets you select multiple pictures off your hard drive and it then uploads them all at once with individual progress info for each picture. Its really cool and since it really treats each picture as an individual upload it doesn't hammer the server with one big upload at once.
I also made it so you can start the picture uploads at any picture number.
So if you already have pictures in an album you can add more without losing what is already there.
This was one of the main features of the new version and now that it is working hopefully I can tie up any loose ends and get the new version out soon. cwilliams38327.5488541667, Got any info for me on this ?
Chris , New question...
When someone edits their personal information, such as address, is there any way to set it so that someone in the office can receive an e-mail noting the changes?
Thanks. , Oh big deal !!... John mentioned some site and you feel like you proved some sort of point. Aren't you special ?
Look, I am telling for the 3rd time you can't do what you are talking about with ASPProtect.NET. Are you braindead cause I really am beginning to think you are and I for one am done trying to be somewhat nice to you ??????
I am also willing to bet you had no idea what viewstate even was until I mentioned it and then you probably went and read up about it so quit trying to pretend like you know what is going on! If you knew what was going on you would not be asking more questions about ASPProtect.NET than any customer in the history of selling the application.
As a matter of fact you should send me like 400.00 just for all my time you have taken up because you are totally frigin clueless !!!!!
I should have cut you off the instant you offered me illegal software from p2p right in a forum post., Testing for XML Parser Support
the microsoft xml parser is generally installed by default on all new server setups..
It allows ASP code to make calls to other pages anywhere on the new as well as a lot of other handy things..
download and run this ".asp" page to verfiy that it is installed and be sure it is available for you to use
2004-12-10_132620_test_xmlparser.zip
Make sure you run it from your web server through the web browser cwilliams38331.5621180556,
Best setup I recomend is just setting up a rig and making a workgroup.
No real reason for a production machine to have any access to internal
security when you think about it.
classic asp should be pretty easy to move, just set up new webs and
dump the scripts in there. If you have 2 machines its always easier to
look at the one while your building the other. Basically copy the setup
and tada... the only thing you might need to remeber is components (if
your using any) and thats usually not a very big deal either.
Point sort of being at some point your going to have to change that
thing around and while its no fun you have to imagine now is a better
time to bite the bullet and get it set up the right way. Your
alternative is to mess around for hours and hours praying that you
change domain wide security to the point that running NET
apps on that domain controller works. Personally I wouldnt sleep well
knowing I had just messed around so bad with the OS that I had no clue
what bugs and security holes I might have accidently opened in the
process. I wont even get into the possible things that might stop
working on the rest of the domain if you fiddle with accounts like
"Network Service"
Oh and if thats not enough reason to make you think about it, consider
how hard it will be to try and rember what you did at 2AM 6 months from
now if that machine takes a dive or some critical update undoes what
you changed.
I feel for you though, trust me we have all been down that road once or
twice. Get some sleep and in the AM the task at hand wont seem nearly
as bad. You live and you learn, and you will definatly be WAY better
off making things right sooner than later
, been working on this for about 5 hours today.. I think I found the problem and it involves a vbNullChar that the encryption process is creating only during login attempts
it then messes up during ASPProtect authentication because it blows up the SQL Statement to the database
like I mentioned before the chances off this happening are slim but possible as two people so far have been able to create the situation
I seem to have the HANNAH password working now using your encrption key
I need a little bit more time to clean up the files I have been working on. Then I will give you new "check_user_inc.asp" and "check_admin_inc.asp" files to try out , someone has to do something other than me.. i've given up
if i give u the username/pw can you set this up on the network solutions host and ask them to set whatever permissions are needed?
cant do it anymore.... , Does ASPprotect support Paypal's Website Payments Pro option, where a user can use a credit card directly on a web site, without passing to paypal.com?
Nick , Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings? , sorry for the confusion. I completely forgot about that flag setup, and how different it is between the two databases., ok, humm, I see your using the lite version which is technically not supported.
I know you were responding to an existing thread but I really would rather you have posted this in the ASPProtect Lite area or at least mentioned what version you are using. Usually there are big differences in the versions and it helps me help you if I know what is going on.
Regardless, the code for this feature is actually the same and I just tested a fresh install of the lite version and it stored that verify url perfectly and all worked as it should in the verification email.
All I can think of is that you can try manually editing the "users/add_new_account.asp" file.
This part
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & vbCrLf & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Would need your verify URL hardcoded into it which would pretty much guarantee it would get put in the email.
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & "http://localhost/aspprotectlite/users/v.asp" & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Of course change the url to be valid for your setup.
Still, the fact that this isn't working means there is something wrong with your installation. It would probably be a good idea to erase everything, do an iisreset, and re-install the application in a different directory... immediatly log and go to the settings page, carefully set everything and save it... then register as a new user and see what happens.
There is no reason that variable shouldn't get set. I mean I tested it just now with a fresh install of the version you are using and not only that... 1000's of people have been using that same code for over a year in the full version and no one has had this problem except the guy who started this thread who never populated the value.
My guess is still a problem with your "IIS application" for that web. It is not doing it's thing for some reason. When the settings page is saved and application variable gets set telling the config file to reload the variables as it doesn't do it every time to conserve resources.
If that isn't getting triggered and that variable isn't getting set who knows what else isn't getting set and it's not pratical going around hardcoding 15 important variables., still.. its got to be somthing along those lines.. I have seen times when even dbo didnt have full rights to a particular database so permissions should always be manually checked..
The import data routine is most likely the source of the trouble
For troubleshooting sake I would create a fresh installation from scratch using the sql script we provide and a new SQL user. Then see if that works. If it does then try to import your data into that.
There are no other things I can think of doing. Sometimes you just have to start with a clean slate. , Yes, you are right.
We have now tested it using the DSN less connection with Access 2002 and it works fine. We have also tested it again with a DSN using 2002 and this also seems to work.
The comment about speed is a consideration although I have not noticed any differences. ( we only have a few database entries at this time).
Thanks for your help , Sounds great, Sold!
Thanks Christopher! , Christopher,
Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software. , Hi,
I basically explained how I thought that might work here where I went over everything I could think of and suggested you download the free version and see if you could get it working
http://support.cjwsoft.com/code/moreinfo488-1.htm
The part about using the alternate scenario involving querystring info from a url.
I have never done anything like that and that is why I told you what I knew and suggested you try it with the free version... , If you are using an ACCESS Database try to avoid using a system DSN. They are much slower because they go through ODBC which then uses the Jet Drivers to access the database. They also have to do a registry lookup.
ttp://www.4guysfromrolla.com/webtech/070399-1.shtml
http://www.powerasp.com/content/database/dsn_vs_dnsless.asp
It's funny because in the 4guys article they ask the question..
"Hmmmm... so who was right, Microsoft or Wrox?"
I'll tell you who was right and who said it 1st. It was me and I said it on my old powerasp.com site before anyone else ever did.
I found it out on my own by experimenting when I was the Systems Analyst for an large ISP. We we had web servers that were not running well. I didn't read about this solution anywhere because no one was talking about it at the time. Microsoft said use System DSN's so everyone just took their word for it.
I took a lot of heat for saying that back in the day but over time everyone started saying it.
, well, I was curious myself so I just tried it.
Good news is it worked just as I thought.
Only problem is your changing things to allow authentication info to be passed over the net in a url. If you can live with the security implications then it will work. I mean a sniffer could see that and end up knowing the username and password.. not likely but just putting that out there.
Of course now that I think about it unless you are running under SSL (https://) when you log in normally that info is in the post info anyway and possible to get at.. course not right out in the open like when you put it in the url and less likely to be noticed.
As long as your not doing it to access critical areas like the admin pages... and you monitor the log files once in a while it's probably nothing to worry about. , I'll send you something.. , I am not sure. I can tell you that I run windows 2003 server and I have never had any issues setting permissions for ASP.NET files and folders. This very server is 2003 and the ASPProtect.NET demo runs on this server as well.
Course, I can't say that I have specifically tried to remove ASP.NET READ permissions on the database folder as it's just not something I would not have a reason to do. Why are you trying to do that? The ASP.NET account needs that permission. If you are trying to stop file browsing and downloading in that folder that is not how you do that. The best way to do that is by keeping the database somewhere else on the server that is not part of the http web. , I dont get it.. I am still looking into it..
I think this has something to do with your original experience when things would work and then not work.
something weird is going on
, Oh, to clarify the above. We did not change any columns in your [Users] database or any other table., Hi there,
Just bought ASPProtect 7.0 last week and just got around to installing it. I've gotten through the installation and am now trying to test the (Forgot Password) functionality.
I get the following error when I type in the e-mail (or in some cases the username) and Post the form.
Error was [11004] Valid name, no data record of requested type
I know that the add user functionality is pointing to the correct database (I see the additional rows via SQL Enterprise Manager) and that the e-mail address I am looking for is in the SQL database.
Any ideas? Any other information you need?
Thanks,
Toni
, humm, I dont know then..
If you want PM me your site info and I will go in and troubleshoot.
Frontpage or frontpage access, either way
and also the site URL , I dont know. Perhaps a fresh installation in a new folder would be a good idea as well if possible..
for troubleshooting sake.. , That is by design and how it is designed to function.
There is no easy way to do what you are asking about.
Can it be done ?, sure!!
But it is a lot of custom coding to sort it all out and not something we support.
If I were you I would simply edit the login box screen to show some hyperlinks and options should a person need to use them. , You would carefully use the built in features of access to import/export data.
The password for our databases is noted in the documentation. It's pretty hard to miss really. You can also see the database password by looking at the connection string info.
different versions may be different but it is usually "temp" minus the quotes , Send email to users that are soon to expire:
What Format should be used for dates and does international friendly dates affect the date as used by the reminder ?
Am having serious problems with renewal notices and expiration dates.
All member sign ups are for 1 yr., yet new members are being sent
renewal notices.
Does Paypal use a different date system or has does
Paypal have nothing to do with Subscription dates?
, Yeah, its a win2k server.
Im up and running now (my guess is ASP wasnt installed, but he did not say), but am not having luck with any of the email. I contacted my host to see what is available and have yet to hear back. Do you generally recommend people to run CDOSYS?
Ive been reading through the docs, and the users and protection seems to be pretty straightforward. Nice!
The only other real question I have (and cant find in the docs) is how to remove the self registration option all togehter. My client wants to add its users manually, and not give the option for them to sign up themselves. Do I just find any remove any code that references it? , sounds like the data/export folde does not have permissions, Hi Chris:
Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?
I'm not quite sure what the syntax would be in the URL.
Warren ,
Timecard Entry: 3/25/2006 4:49:44 PM
working on designing Ingles store front for doostore (doostore.com), Talked to Nic about a possible opening for Dave in the Burlington office, Management Meeting, E-mail, Travel to Geneseo, Gen wan stuff, Bob Nelson- go over changes with Tim for Bob
Pete Parkers- password for frontpage and email
Penn Clark- word of grace- old web site files, for word of grace
Peter- cfm foods- password for front page and statracker, also, search engine key words- create work order for tom, Murray Brynes- left message for soft Auto,demonstration,
Tony -ICS- change form on secure server,
have tim take a look at it for pricing,
Clayton Chamber- create work order for changing menu bar
John Pertunil- info for wEb site
, 99-7-6 BASTASFLOWERS SCAN PHOTOS FOR WEB SITE, ADD INFORMATION TO PLANT CARE, ADD ORDERING FORM TO CATEGORY, COMPLETE STORE FRONT CATEGORY SELECTION FORMAT, Batching and answering phone., GoGiSCO.Net - Adding updated upload component to GoGiSCO., maintainance, preparing antenna for winter, Trade, closing books, deferred income, traveled to cayuga board, met with Lisa about jmorrow.com and more small changes to order form on secure server, also emailed John Morrow back with answers to questions he had (non-billable), DEFERRIET PAPER BUILT 4 FORMS, pizza, lunch , Downstate mailer, TaskForce, Working on CMA for SOftMLS, started wall display for new task lists. tried to use beth's old computer (hooked up and failed). reconnected old system., finished up Edgewood Resort work, IP address database (Excel) start, weekly review of cancels, Adding an additional page to Christensen Realty to link to the NNYMLS site and open in a new window. , On phone w/Jacki at Lafargeville, office work, phone calls, busy, techcalls, new users, Radlog, Install softstart power supply, emails,
|
