Blog Entry: 3/25/2006 4:52:33 PM
DONE IT
DON'T WORRY!
DON'T ASK HOW, BUT NOW IT WORKS!!
THANK YOU IF IT WAS YOU, OR THANK YOU GOD IF IT WAS ME!!!
, it probably means the page you are trying to protect is (not in an iis application or not in the same iis application) which it needs to be
for a situation like using ASPProtect you really want your root of your virtual directory set up as one big application in IIS. (after you inquired about it your hosting company probably went and set the ASPProtect folder as an application in IIS which means any pages you protect need to be in there as well. (truth is they should have had your entire web starting from the root set as one in the 1st place..... its standard practice for any experienced hosting company) cwilliams38456.9306828704,
I will actually explain how to set access_levels and/or groups...
in "users/add_new_account.asp"
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
or
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*"
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
*1*,*5*,*9*
that user would be a member of groups 1,5, and 9
, humm, I am curious
If these people are employees and sales reps why are are you using expiration dates at all ? and why the renewing issues... etc etc
I am sure there is a reason but you did not explain.
it might help me to better understand and possibly think about new features for new versions in the future., I am not talking about image resizing. I need to know if it is possible to limit the upload to images where their height or width is less than 500 PIX. , It a generic error that means something is wrong with your data connection.
http://support.cjwsoft.com/code/moreinfo27-1.htm
http://support.cjwsoft.com/code/moreinfo136-1.htm
, People who have the option pack have a new feature called groups.
Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customers older protection code.
A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.
Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.
For example..
You make 8 groups and assign users to them accordingly
Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any one of those groups would have access..
Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 2-8 would have access..
Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 3-8 would have access..
cwilliams38114.800775463, I'm all set - after thinking about your replies - i checked a bit more and changed the email component type -- thanks again for all your help.
, Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
, as far as sql goes if you follow the instructions with give for setting up a new database you shouldnt have any issues and permissions should be already set. because we handle that in the sql script we give you.. "its a good thing to look at and it is pretty easy to understand what is going on""
however using another account could cause permissions issues.."yes, even sa" basically the username your using needs datareader and datawriter permissions to all tables used by the photo gallery system and you probably have to go specifically set them usin ght e security tab for your database in enterprise manager. This is more of SQL server 101 than anything to do with the Photo Gallery Code so I am not going to get into it too deeply, but that is definetly the issue. Permissions...
cwilliams38303.6065740741, when you get back to work.. your "redirect.asp" needs the password include file at the top of it.. or that wont work either..
and of course those pages you send people to all need to be repaired
, nope ,sql server has nothing to do with this
I am talking about the folder pictures are stored in.. it needs modify permissions set for the internet guest account like those articles talk about
, Am very interesting in purchasing ASPProtect, but am curious as to whether anyone has had success/failure with Network Solutions "standard windows hosting" solution? Thought I would ask just in case someone has had recent experience. thx, , How do I recover or reset admin password used for the aspprotected pages. I have installed it months and months ago, but now can not recall the password. Any help appreciated, as I do not feel like installing it again.
, all I can say is try other things... like
mail.yoursite.com
or
smtp.yoursite.com
etc etc etc
replacing yoursite with the name of your domain of course
the settings for sending email via ASP are no different then the settings you would use in outlook or something... except sometimes on the server level localhost works as the email server because they set it up to allow that
and of course those 3rd party emailing components need to actually be installed on the server
, Hi, I haven't heard anything from you.
Has this issue been resolved ?
Thanks
, The default database password is "temp"
This is noted in the docs. You can also see the current password by looking at your connection string.
cwilliams38176.7913888889, SQL Server Datareader Datawriter Permissions..
here is a screenshot that shows how to set datareader and datawriter permissions on a database using "SQL Enterprise Manager"
In this example we are making sure the aspbanneruser has those permissions on the aspbanner database in the SQL Server
cwilliams38390.5986921296, The Double DIM needs to be removed for this code to work properly.
<%
Dim BannerZone, BannerConnectionString, BannerDatabaseType, ConnBannerSystem
Dim CmdCheckUser, CmdGetConfiguration, App_Name, Config_SQL, BodyTag, BanDataConn
Dim CmdBannerTemp, CmdGetZones, ZoneString, ZoneArray, ZoneIndex, CmdUpdateWaiting
Dim CmdUpdateExpired, CmdRetrieveImpLimitedAds, CmdRetrieveImpressions
Dim CmdUpdateImpHit, CmdRetrieveAds, CycleBannerTotal, CycleList, NewCycleList
Dim Dim LoopBanner, CycleLoop, CycleListArray, CycleListArrayIndex, BannerCycleData
Dim Banner_Array, CurrentBanner, NewCycleListArray, Banner_Array2, LocationIndex
Dim Stop_Processing, Keep_Processing, CmdUpdateStats
%>
, Chris: You are right about a little extra coding to make it work. I am still learning .ASP coding, so I did a little web searching and used IF THEN statments to confirm a member logged in with a valid Access Code. If valid, the protected page executes, with the Member's Name and Access Level on a single line at the top of that page. Looks sharp! If not logged in, or a non member (who found the page via Google), I used a Redirect to send s/he to a login page with optional links as you suggested (http://www.vspa.com/aspprotect/vspa-password-failed.asp) . I couldn't get it to work when using Group Access, but I am sure that is just because I am a novice at .ASP (I will post that example when I figure it out). Meanwhile, here's the code I used that works:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="dataconn_inc.asp"-->
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!--#INCLUDE FILE="config_inc.asp"-->
<% =Session("First_Name") %> <% =Session("Last_Name") %>:
<%
If Session("Access_Level") = "6" Then
Response.Write "VSPA Active Member Access Level 6"
End If
If Session("Access_Level") = "7" Then
Response.Write "VSPA Life Member Access Level 7"
End If
If Session("Access_Level") = "8" Then
Response.Write "VSPA Officer/Staff Access Level 8"
End If
If Session("Access_Level") < "6" Then
Response.Write "Access Level 1-6 NOT AUTHORIZED RESTRICTED AREA ACCESS"
Response.Redirect("vspa-password-failed.asp")
End If
%><!-- http://www.vspa.com/aspprotect/vspa-password-enter.asp -->
<!-- *** End ASPProtect Code *** -->
<html>
<head>
, 
Hi, we purched ASP Protect a few months back and had it installed on our hosting company under a "temporary" domain name -- cidrasensors.com
We are now about ready to switch this development site over to production and I need to change the domain from cidrasensors.com to cidra.com
My hosting company wants us to create a new accounting and re-set everyting up.
So...based on this, I have a few questions for you:
1. Do I need to re-install the software? or can I copy from one account to the other?
2. Assuming I can copy the software to the new account - are there changes that will need to be made to point to the new domain?
3. If I decide I wanted to keep the first account alive for development purposes (never turn on the website domain to the public) - would I need to have a seperate ASP Protect license?
4. If I decided to ask you to do the transfer for us - is that covered in the $20 Installation fee I saw on the web?
, so you are using the subscriptions signup directory right ?
"paypal_signup2" ?
1st.. I would check that the xml parser is working.
It is required for making the post back to paypal.
It is installed on windows 2000 and 2003 and XP by default.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=134& ; ; ; ; ; ;PN=1
Then I would check the actual form page to paypal to make sure it is generating a valid IPN url as a hidden form value. It's the payment page you actually click on that actually takes you to paypal. For the subscription signup system that page is called "paypal1.asp"
You'll want to go through the process starting with the default.asp of the signup folder untill you get to that page. Then you want to look at the html source of that page in Internet Explorer. Your looking for something like this in the source code and you want to make sure it is valid.
<input type="hidden" name="notify_url" value=http://www.mysite.com/aspprotect/paypal_sub_signup/ipn.asp>
It also has to a url on the internet that paypals server can see. It can not be a local url for your machine. Also: If it is not valid we can try hard coding it.
If all of these things are good I'll have to take a look. I have some text file logging I can do when paypal hits your IPN url that can tell us if it is actually hitting that page like it is supposed to. And I can test the system for you by making some 1 cent payments using my own paypal account until we find out what is going wrong.
cwilliams38421.5686921296, Lastly, I put there information here to help, but please don't ask me any questions about it.
I am not microsoft SQL server support. If this doesn't work for you simply start troubleshooting and doing google searches like I do. , Adding Support For ServerObjects ASPMail
ASPProtect as you know does not support ServerObjects ASPMail component by default.
Here are directions to make it work.
In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.
So search through the code for any place where email is sent and simply change
Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")
To
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
It is about 4 places. They are not too hard to find.
That’s the easy way to get all the emailing functions working with ASPMail
cwilliams38419.7864351852, That bit about zones makes perfect sense and seems surpassingly simple for me to integrate due to our categories and page contents being based on the same if/then functionality.
Regarding the user, I guess you mean that I could simply recreate a limited admin interface for users based on the interface you have included for me, is that correct? I realize how subjective the question is, but do you think that this would be a bad idea?
I'm leaning toward your software here. I have a budget that could easily cover a variety of programs, but the UI for advertisers at banmanpro, for example, seems far too complicated for my users. Also, banmanpro doesn't have supporting compatible softare I am interested in, such as your classifieds software.
I guess I am trying to buy a good shell from which I can do my own customization and coding, and into which I can integrate future additions such as your classified ads. Does this seem like the right place to be?
Thanks much for your time!
, sometimes those emails take a bit... all depend on wht you are using to send them and whether a pickup directory is involved
as for the other I do not know.. PM me the site details I can look
if it is a 2003 server parent paths must of course be enabled.. its a requirement of aspclassifieds
, humm, I dont know then..
If you want PM me your site info and I will go in and troubleshoot.
Frontpage or frontpage access, either way
and also the site URL
, Yes, you are right.
We have now tested it using the DSN less connection with Access 2002 and it works fine. We have also tested it again with a DSN using 2002 and this also seems to work.
The comment about speed is a consideration although I have not noticed any differences. ( we only have a few database entries at this time).
Thanks for your help
, If things are not perfect there will be no log files and no errors.. it can only be one of these things really
http://support.cjwsoft.com/code/moreinfo313-2.htm
You may also want to make your the filesystem on the server is working and not disabled by norton script blocking or anything random like that. Testing the filesystem object is best done by writing a simple text file to a folder. Plenty of examples of doing that can be found at www.aspin.com
Recent activity is temporary and admin activity in the admin area is not tracked. If your application in IIS has reset or there has been no activity in the users area or in pages you protected there will be nothing there. The busier your site the more chance something will be there. For example usually our online demo has something there except right after 4am when my server does an iisreset.
, Can ASPClassifieds display the ads by city?
I have a web directory that lists websites and companies by city. Is it possible to have specific ads shown to the user depending on what city they click on? For example, only ads in New York would be shown to users that have already clicked on that city in my directory.
thanks,
, I just upgraded from 6.0 to 7.0 primarily because we were limited in the choices of email systems we could use to send an email validation message.
Previously, with 6.0, we were using CDONTS to send an email validation message to new registrants. Unfortunately, AOL email addressee's were not receiving the vaildation email from us. I received a reply to another post I made on this forum that the problem was due to the fact that aCDONTS generated email has no MX record and AOL blocks non-MX record containing emails.
Well, I upgraded to 7.0, switched to CDOSYS (Using SMTP Virtual Server) with SMTP Authentication and it appears that AOL is still blocking the validation email.
Any suggestions, comments?
, yup. that is correct... they can't log in so they can't see any pages you protect
its the nature of forms based authetication
, I was able to get it all figured out. Thanks a lot for your help, I really appreciate it. I ended up copying the database with the password to the directory and used the user/password connection code and it works great. I believe it was related to that but I cannot be sure. Thanks again!
, I think its great to share a mod.
I will have few with the new album.
, Christopher,
Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software.
, FYI. There is a typo in the upgrade (6.0 to 7.0) instructions. It specifies adding a field named "passwords". Should be "password"., Unfortunatley, I dont have an easy answer for you. It is certainly doable but adjusting the code so people assigned to certain groups get specific expiration dates means a lot of code work and time. It would probably even take me a long time to figure out.
The fact that users can belong to more than one group also greatly complicats the whole idea.
You can certainly assign an expiration level when someone signs up. That is easy and explained in the forums. , While I originally thought the login form on a non-protected page idea may be similar in setup to how our Classic ASP version of ASPProtect works I could not have been more incorrect. Truth is I forgot that it works a lot differently.
ASP.NET Web forms are meant to post to themselves and there is thing called the viewstate. (google it.. its a hidden variable the server creates in the form code that is required when the form posts back to itself.. and hold all sorts of information the server uses) Doing what you are asking about means disabling the viewstate and that can have big consequences and break certain things.
Basically you cant just put a form on a non-protected page and post to a protected page if the viewstate is enabled. Disabling it can break certain web controls like data grids .etc etc.. and can also have an effect on how the session is managed at the site and sometimes disabling it is not possible depending on what is going on cause you need it.
I am still doing research on the whole thing, but it looks to me like doing that is going to have a tradeoff of some sort.
That does not mean this isn't possible somehow. I am still researching and I am also going to see what John Evans thinks.
I told you .NET was complicated.
As for your other question that is something you have to sort out on your own by editing the code and recompiling it based on your custom project needs. It is not something I can help you with. , I like to change my database from access to SQL.
I run the aspbanner.sql in the database and
then I checked the new database tables with the screenshots
from your support info.
Then I make a ODBC Connection and it looks very good,
I logged in and create a zone, but I was not able to
store it.
I got the following message:
Microsoft OLE DB Provider for ODBC Drivers- Fehler '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server] Bei der Konvertierung eines char-Datentyps in einen datetime-Datentyp liegt der datetime-Wert ausserhalb des gütigen Bereichs.
/adserve/aspbanner/appinfo_inc.asp, line121
Please can anyone help me, that aspbanner also run on my SQL Server ?
Best regards Josef Raschko , Disallowed Parent Path
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.
If it is not enabled on you server you will have to ask your host to enable parent paths for your website.
This is what the settings screen looks like on an XP Machine
Additional Information:
It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.
Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.
Hosting companies should if they are serious about hosting ASP.
If they won't your only option is to go through all the code and convert the file includes to virtual includes.
http://www.powerasp.com/content/code-snippets/includes.asp
The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)
Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc
Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.
In my opinion virtual includes are pretty useless for commercial web based applications... Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.
For example...
The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->
But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this
<!--#include virtual = "/somedirectory/somefile.asp"-->
