Blog Entry: 3/25/2006 4:47:09 PM
Any updates on this ?, You do not run that page by itself. That is not how forms based authentication in .NET works. That is a special page used by the web.config file. It is automatically used when you protect one of your existing .NET pages but is not meant to run on it’s own thus the error.
To answer your other question a user is not sent anywhere. You protect existing ASP.NET pages as shown in the documentation and the examples. If sent to any protected page they are either prompted with a login box or if logged in they see the page as usual. If they log in the form posts to itself and they end up at the same page after supplying proper login credentials. That is how ASP.NET forms based authentication works. I suggest you get a good book on ASP.NET that explains all of that if you are still confused.
Now, if you really want some sort of page to redirect them somewhere after login make a basic asp.net page.. protect it.. and then use a redirect statement. ,
I really do not know to tell you the truth. I'll do some research.
The script only allows .jpg, .jpeg, and .gif extensions.
If someone uploads a file called... "filename.vbs.jpeg" with bad vbscript in it I seriously doubt anything can happen because of it because of the extension.
But I really do not know.
It has never happened to any sites I have or know of.
cwilliams38447.0491435185, Hi all,
I have the photo gallery set up at www.kashabowieoutposts.com/gallery
It's great - love to work with it.
But I've never been able to get those with just User permissions to be able to upload... Only an administrator is successful in uploading. This was no problem in the past, but now this client would like to give their guests a means to share their pictures on their site - so now I have to figure out the bug...
... this is the error I keep getting...
Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.
Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard.
------- anyone else experienced this?
Many thanks all!!
Doug
, alternate databases are right here.. the documentation clearly links to this, its really not difficult to find
http://support.cjwsoft.com/code/moreinfo164-1.htm, I have seen that happen before though it usually just happens once and then after that it doesn;t show up. It's the asphttp component doing it. The ASPBanner system is not doing it. I would try using banner calling method such as the xml parser method. It's usually installed by default on 200 and 2003 servers.
cwilliams38248.6400115741, I have an asp page that includes other asp pages via an include. for example:
snippet code: file name: collaboration.asp
<table bgcolor="#bed1e4" border="0" cellspacing="0" cellpadding="10" marginwidth="0" marginheight="0" leftmargin="0" topmargin="0">
<tr>
<td>
<!--#include file="../../../filetransfer/directory_listing2.asp" -->
<BR><BR>
<!--#include file="../../../filetransfer/upload.asp" -->
</td></tr>
</table>
I can add the code below to collaboration.asp and it seems to work,but I cant seem to figure out how to protect the other files such as upload.asp at the same time. -- can you help? - Note: as soon as I add the code below (and adjust the path) - I cant bring up the page.
This is the protection code I am using.
<!--#INCLUDE FILE="../../../../aspprotect/check_user_inc.asp"-->
Shirely
, Hi,
I can't seem to find the code where it limits the upload file size. I want to limit the upload size to 1.5 mg for all users. Also I've noticed that the 500 pix doesn't seem to work. As in if an image is bigger than 500 pix the script still uploads it. i am using Upload_post_VBSCRIPT.ASP.
Thanks
, OK, I figured out the problem. Not running ASP becasue the pages are not saved as ASP but rather HTM... OK so I am smart like a tractor but strong like an ox.
cwilliams38229.9128819444, in the version you have changing it is not something we covered
I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
, When I go to set up a new user, my user name and password are already in the window. And I am un-sure why. I start a new browser, and again that my same user name and password is in that window., SQL Database Creation (NEW INSTALL)
If you are creating a new database do so using SQL enterprise manager.
Create a new database called whatever you like and keep all the default settings. If using an existing sql database skip that step.
Now open up SQL Query Analyzer
unzip the following sql script and open it in query analyser.
2005-02-20_132116_aspprotect_v7_sql_script.zip
VERY IMPORTANT
On the drop down box at the top right make sure your intended database is selected. Otherwise your changes may effect the wrong database in your SQL server.
Then load the script into the Query Analyzer. Click the green play button at the top. If everything goes well the response should read something like this.
******************************************************
(1 row(s) affected)
******************************************************
If so the tables have been created in your existing database.
Now make sure an existing or new SQL user has (public / datareader / datawriter) permissions for the new tables. You will be referencing this user in the asp code connection string so this user must be set up correctly. You may need your SQL server admins or hosting company to help you on this step as you may not have access to do this. You may not need to create a user and set permissions as the sql user you were logged in as to use query analyzer may by default get the correct permissions on anything you create.
Regardless, as you can see from this screenshot I made a SQL user called "aspprotectuser" and proceeded to set the permissions for that user. Under database access giving him (public,datareader, and datewriter permissions).
Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and modify the connection string info. Be sure to change the info to match your server,username, and password.
Below is an example of valid connection string.
ConnectionString = "Provider=sqloledb;Data Source=poseidon;Initial Catalog=aspprotect;User Id=aspprotectuser;Password=temp;"
The "Data Source" setting is either the Network Name for the SQL Server or the IP Address. For local servers you can sometimes use an IP of "127.0.0.1" or the name of the local server.
"Initial Catalog" is the name of your database.
Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and set the DatabaseType variable to SQL like so.
DatabaseType = "SQL"
cwilliams38403.6834953704, Hi-
Thanks for the quick response to my previous posts.
This is my issue:
I have read over all the docs and installation instructions and can't find a way to do this:
my default page in my root dir will be a log in page which will take the user once his level is validated to a "home page". Is there a page in your examples that will perform the function of this log in page? or should I rename check_user_inc.asp as the default and change it's html output to make it look like my log in page?
I also looked within the code for check_user_inc.asp and did not see where to specify where the user will go once he signs in.
Your help is appreciated
, There are several pages on my website that a user may go to that are not protected (e.g. home page). If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?
, Sounds to me like you got some bad databases or something. Or your trying to open a database with too old of a version of msaccess.. not sure
Everything is stored in one database. And yes there is more than just the users table.
Also, removing the "temp" password should be a piece of cake.
Email me for a new copy of the download file ? Use the contact from on the cjwsoft site. Please tell me your order details as well so I know who you are.
, I checked through the code and could not find anything as well.
However, I do think it may be related somehow to the code as I get the messages popping up in the error log only after I have edited a banner.
If there is nothing obvious, I may just set my error log to filter and automatically delete this type of error. Not something I prefer to do.
Thanks for the quick response.
Otherwise the program is working very well and I'm happy with it.
, at some point I can do the users in mass correct using the import feature in aspprotect right?, More Info in Case Anyone is Interested:
This bug was mentioned by a couple people. The cause of it was never really understood until I recently re-wrote some of the banner code for an upcoming version.
The fix for this bug was very simple. It was just one of those weird situations where code should have worked but did not. I added some code to do it a bit differently and it worked as it should have..
It really still makes no sense to me why it didnt work the way it was, but at least there is a fix.
cwilliams38203.5883680556, I set the max image width to 1000; previously it was null. Now I'm getting server errors:
page not found, then, service unavailable (the page is there). But in a new album, the images imported fine and it seems to be working now, despite the IIS issues.
I think my host restricted the amount of memory and resources my site is allowed to use.
, Terribly sorry, but we are not software-technical. So can you please tell us exactly which folder the database would be in.
Thanks in advance.
, If I would like a link on my web page that will take someone to the login page (I would also like this page to contain forgot passord? and register) I am not entirely clear what file to link to to do this. Would it be check_user_inc.asp?
Thanks in advance?
cwilliams38456.0972106481, In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.
cwilliams38306.6367708333, I'm using ASPimage and have the maximum width set to 320 in the settings. Also using SAFileUP ver. 4.0.
Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.
Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.
Suggestions?
lancem38326.9070486111, I finally spoke with someone who knew what I was asking for and they set the rights and all is fine.
Thanks for your help. Wish all business' had customer support like here
, Oh yes...I've changed the time a script is allowed to run before timing out from 90 seconds to 180 seconds on the aspprotect folder., SQL Server Database Information Mod
This mod is only for customers running SQL server. It is a new stored procedure and a new version of the "server_info.asp" file that will display information about your SQL database on the Server Info page.
Purchase Page
This is for Advanced SQL Users only that understand how to add a Stored Procedure to a SQL Database as well as assign permissions and what not.
To install this mod you should have access to SQL Enterprise Manager and Query Analyzer as well as be able to grant your SQL database user EXEC permissions on the new stored procedure. , I am trying to import a database into my list of registered
users. When I go the import_export_manager.asp page most of the
content is missing. All that appears is the first 2 lines of text
and a box. The rest of the page is blank. I have tried this
under 5 different browsers on 3 different machines and on 2 operating
systems. I also ftp'd the original .asp file with no success. Any
clues?
, like I said... you would have to modify the code
(and really I dont think it is possible, how could it be when images uploaded are of all shapes and sizes)
How are pictures of various shapes and size going to resized to a fixed width and height without distortion on either a horizontal or vertical level ? Uness the image uploaded matches the fixed thumbnail ratio you have set there is going to be distortion.
There is no component that is going to make it any easier. You are already using an image resizing component.
I give you two options the way the code ships.
fixed width and height for thumbnails
or
fixed width / dynamic height for thumbnails
The only other possible option would be
fixed height / dynamic width for thumbnails
and that you would have to code on your own because that option is not there
The last thing I will say is this. Sorry, but I do not support custimizations to the code. It's just not easy to explain. Its a lot of code work. Its a lot of time.
, I get the following message when trying to look up the sysdiag.aspx and the default.aspx files. Why? I have followed all the install instructions.
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration> |
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration> |
cwilliams38454.4276388889, I really need more information.
Connection strings being used ?
How have permissions for the database folder been set ?
etc etc the more specific the better
You also may want to download ASPTest from our main site and see if you can get that running.
I would suspect your problem relates to the databases having a password set on them. Probably the ones you connected to didn't. It complicates setting up a connection correctly (especially a dsn) but there is a good reason for it as it adds a little extra security.
And of course my detailed article on the error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1
, If you have messed up the admin account or forgotten the admin password you generally should open up the database manually and add a new account or see what the old account is.
In version 7 however you have another option. Go through the installation instructions again. Specifically the part where you use the "get_me_in.asp" page to get back into the admin area by pasting in the password encrpytion keye you are using from your config file. , How to set a new users expiration date.
You'll need to edit the "users/add_new_account.asp" with a text editor.
Find this section..
<%
CmdAddUser.Fields("ValidateEmailCode") = ValidateEmailCode
CmdAddUser.Fields("Access_Level") = ""
' PUT YOUR CODE HERE
CmdAdduser.Update
ID = CmdAdduser("ID")
CmdAdduser.Close
Set CmdAdduser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
%>
You'll want to add code like this right between the Acccess_Level and Updates section
CmdAddUser.Fields("Expiration_Date") = Date + 60
That will give take todays date and add 60 days to it.
You can of course do whatever you want here.
Actually, any database value for the user can be set during registration.
You can also change the default Access_Level to whatever you like.
cwilliams38403.6828587963, MSACCESS 2000
server: windows
option pack: yes (after the install I have this problems with groups and edit users )
host permissions: yes
MESSAGGE:
Active Server Pages error 'ASP0113' Script time out/password_admin/groups.asp The maximum amount of the time for a script to execute was exceeded. ...
vaghelis38300.5484143519, well, like I said.. I am leaving in about 5 minutes for the wedding.
If you put this up on a live server that I can connect to I will look at it tommoro for you. I have told you everything I could possibly tell you so I dont think your going to figure it out based on the things you have told me so far.
Only other thing I can think of is make sure your not running anything goofy on that server 2003 box. Norton Antivirus script blocking... various ad blockers.. anti spyware applications... etc etc... They can cause problems as well. , I just started using ASPJpeg, and i used the
"generate_new_thumbnails.asp" to create new thumbs of all of the
existing albums. It generates the thumbs just fine, but they
don't get picked up by the "Randomly Selected Photo" section. If
I upload new pics, they will show up in the random photo area.
So, it reads the new upload thumbs, but not the newly generated ones using your .asp page.
Is there anything I can do?
, one more problem I see...
I think your login box on the main page is missing the hidden form variable
http://support.cjwsoft.com/code/moreinfo169-1.htm, Please forgive my question in advance, I'm sure I've overlooked the answer somewhere obvious. I'm sorry!
I'm wondering if it is possible to customize the appearance of the
banner stats login page or the admin pages. I'd really like the
banner stats pages to look more like my own site or at least have my
logo on there or something like that so that my advertisers can see
that it is my site when checking their stats. However, I want to
do this without violating copyright, etc.
Can someone point me in the right direction or shut down my hope?
Thanks!
Laura
, Looks great. I can't wait until this will be released. Will there also be an easy way to migrate my current version ?
Hans
, thats a new one... I need some sort of error to go on..
No error ever ? It must eventually show something ?
, Are there any problems with modifying the default database fields.
I need to have an update from net billing and they use different settings in the database than the default.
Will the interface still be functional?
,
Timecard Entry: 3/25/2006 4:47:09 PM
lunch, Worked on the letter to go out to the statement of old accounts outstanding and entered bills, checked emails / voice mails., called a few expired users on radlog. did a dial up issue, Skeemers, PowerFSBO: Review site changes with Bill Supple via phone., Checking e-mail. Checking voice mail. Resetting a few modems. Backing up servers., Email/Voice Mail/Newsgroups/Time Cards, Javascript training - trying to learn more about form validation & creating dynamic dropdowns etc. on the fly on the client side., Lunch, rotary, Resetting open modems., Oriskany to Watertown - 88 miles, Marketing, drop off equipment from Clayton to IMCNet, Corrected an error in the Z93 site menu, tech support supv, dial up issues, voice mail.\, qlight, auq., online issues and follow up on them ... elaine left at 9pm , radlog , finished up the dsl print outs and separated the ones that asked questions and the online sign ups. steady night.. new guy did well... reminded to be on qlight a few but was ok ... little shaky one a remove dun and reinstall but walked thru ok. listened in on call of a set up and did a set up himself ... done well ..., Demob- work with tim- get web page up- cannot view from cd sent
shane hutchinson- question about adding info to links page
Mike Kelly- search engine registration
Melvin Mcleare- send info black creek0 owns cottages.
Tim- north country pc bundle - wouldl ike to be reseller0- send info
Matt herbert - need assistance- imcnet person
Jane- redwood motel in pulaski - changes to web sit bonnie castle - changes to web site- gave to jason
darlene- reswood national bank- search engine registration
, filled in modem maintenance log in outlook and sorted through notes., Emptied trash and swept in Jims office next to lockers. Took in a few more calls including a printer problem. Helped the customer since I was not busy., Organize archives and support files, emailed reminders of Meeting on Monday and the GWCC dinner, Allied Coop, Team Mtg, No calls at all, very slow. Audited green sign up sheets. There was no problems with that. just kept busy doing many odd stuff on the web and reading., AlliedCoop.Com - Text file uploads/import to database complete, published to server & tested. (billable)., emails and voicemail for Paul, Created sample renderings for guide cover image., Prepare and send e-mail to Chris Palermo, Payroll,
