Blog Entry: 3/25/2006 2:21:46 PM
Oh, to clarify the above. We did not change any columns in your [Users] database or any other table., Noted:
I actually did not think you did.
As far as debugging goes.. thats all built into visual studio.net.
There is a tag you edit in the web.config file to enable project debugging
http://support.cjwsoft.com/code/moreinfo251-1.htm
Like I said though for changes to ASPProtect.NET I'd start off from scratch and stick with vb.net... using the visual.studio.net interface is not really vary hard to remove and change things you dont' need even if you are a C# coder. Especially simple stuff like you mentioned.
,
Well, you cant have a login box on the home page when using ASPProtect.NET.. there is no way to make that work. I tried all day to come up with something and it is not going to happen. I suggest you make a login button and link it directly to the protected page you want them to start on. The redirect or link them whereever from there. Either that or write your own forms based authentication solution that works exactly the way you want it to or edit the code accordingly since you have the source. It is not a feature we advertise for the product regardless. It works the way it works. , its one or the other... you cant protect upload.asp at the same time if upload.asp is included in another page..
I mean sure you can protect upload.asp from running when another page calls it by password protecting the page calling it.
And sure you can protect upload.asp by itself if it also runs all by itself. But you can not include the "check_user_inc.asp" more than once in any order of execution scenario. That includes pages being included.
Generally anytime a page is included in another that included page is not meant to run by itself and wouldn't produce any outcome if run by itself so this would never be an issue.
if you don't want "upload.asp" to ever be run by itself in that scenario put it somewhere in your web site that is not web browser accessible.
I would also suggest you look into using Virtual includes. It will save you a lot of time figuring out this sort of thing "../../../../../" becuase once you figure out the virtual include path you can use the same server side include from any directory level.
http://www.powerasp.com/content/code-snippets/includes.asp
, ok, I am home.. missed flight.. just got home an hour ago.
lets see.. I really need more info...
For starters are you using the delayed stats feature ? that is expirmental and could cause that problem
, Will do!
, Christopher,
When viewing a list of albums with the navigation option 1, is there a way to get the Time Created sort to list Newest to Oldest, instead of Oldest to Newest.
Looking at the code in albums_navigation1_inc.asp, I can not determine how this works.
Thanks for your help!
- Jason
p.s. I always forget how addicting this stuff can be...lol.
, nope ,sql server has nothing to do with this
I am talking about the folder pictures are stored in.. it needs modify permissions set for the internet guest account like those articles talk about
, I have ASP Photogallery running and it seems to be great, but I would like to allow uploads using DUNDAS the problem is I can't seem to find it on the linked website. I did find an EXE install in another place but I am running on a Shared Host (Godaddy) and can't run an executable on it. Where can I find Dundas and is there a way to install it without running an EXE??, Alright...I'll try those out. Also, if I do the data import on my laptop initially and just publish it to the server do you think that will help?, Below is the email I received when testing the self-registration. Does anyone know what setting I configured incorrectly?
I received the email to confirm the registration but the link to activate is invalied.
Thanks!
Your registration still has to be validated.
Go to
?u=bubbaj&v=4579
to verify your registration.
, Is it possible to set the user account time limits when they register? I am using email verification and am trying to have their accout expire 32 days after their initial login.
Also I have an issue with the email notification not notifying me when a new user logs in. It does a beautiful job notifying the new user. I do not understand why my server will send to one and not the other, I ahve searched the links but none seem to answer this.
Thank you for your help and insight
, The main users screen... the 1st screen you see when you go to the admin area.. where you email an individual user..
The settings I am referring to being the various emailing settings on the settings screen, The settings you showed me.
As for emailing via a remote server over dsl. It may not be working because the ISP's block the port (25) to stop people from running email servers over their dsl.
Your POP3 works because POP3 uses port 110.
If you want to send emails from your local server on your dsl you should probably install the SMTP service of IIS if you have not and send emails using that with CDOSYS. Either that or get a commerical DSL account with a static IP that allows for running email servers.
, ASPProtect version 6 does not officially support any sort of redirection or is it a feature.
You can however do redirection after login with some basic ASP if-else statements and ASP redirects. Basically you check the session variables after successful login and send users where based on that info. You of course also need to protect any pages you send users to and make sure any people that aren't supposed to go there do not go there directly and bypass your security.
I highly frown on Redirecting during login (In my opinion it is poor site design and it defeats the purpose of dynamic web pages, there is seldom a good reason to even need to do it if you design your site well) but you can check out this thread which should give you lots of good information.
http://support.cjwsoft.com/code/code_info.asp?TID=17&KW= redirect, Not without changing a lot of code. If you didn't want encryption you really should have went with version 6. Encryption is a big new feature of Version 7 and it is inter-mixed with it the code in a lot of places.
As for doing the export and import you have to create a valid export file and then read through this very thread which explains how to import an export file with clear text passwords.
This is from the admin area regarding the text file format
The import/export file must be tab delimited with no text qualifiers. The 1st row containing field names and the following each being a new user. To create your own import file it must be in this exact format. To find out what field names and their order are simply create an export file using ASPProtect and take a look at it.
Generating an import file from your own database requires good knowlege and understanding of Access's Importing and Exporting functions. It is not something I cover as the process is different for everyone and not really very hard. , that would probably work...
any ".aspx" page can grab that data after someone logs in..
Session("Username")
Session("User_ID")
etc etc
anything you see set in the "aspprotectlogin.aspx.vb" file will be there
any data not set there would have to be added and then the project recomplied so that data gets saved...
, Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?
I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?
, 
Yes.
Now its OK
Thanks Christopher
, I just upgraded from 6.0 to 7.0 primarily because we were limited in the choices of email systems we could use to send an email validation message.
Previously, with 6.0, we were using CDONTS to send an email validation message to new registrants. Unfortunately, AOL email addressee's were not receiving the vaildation email from us. I received a reply to another post I made on this forum that the problem was due to the fact that aCDONTS generated email has no MX record and AOL blocks non-MX record containing emails.
Well, I upgraded to 7.0, switched to CDOSYS (Using SMTP Virtual Server) with SMTP Authentication and it appears that AOL is still blocking the validation email.
Any suggestions, comments?
, that wont work the way you did it because groups are not stored like like.
groups are stored "*1*"
or "*1*,*9,*"
so if you test for them you must do so using the InStr function of vbscript
example:
If InStr(Session("Groups"),"*1*") Then
' do whatever
End If
also.. as for the session variable
it should be Session("Groups")
And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved
Session("Groups") = CmdCheckUser("Groups")
If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value
, I really need more information..
SQL or Access database ?
If Access are you using the newest version of the .mdb file
Is this a new item ?
Show me your connection string ?
perhaps the url to the site as well so I can look around?
things like that that will help me troubleshoot.
If any info is sensative send me a PM..
, When a new user adds themselves to the db thru the registration page, no user id is assigned in the User_id field. I can't access the page on-line due to an user_id related error on the page. I must use access itself and add the user id. After that, everything works as expected.
What have I done?
, good news.. like I said it is probably becuase aol blocks emails sent from IP's with no MX record in the dns system , sometimes those emails take a bit... all depend on wht you are using to send them and whether a pickup directory is involved
as for the other I do not know.. PM me the site details I can look
if it is a 2003 server parent paths must of course be enabled.. its a requirement of aspclassifieds
, thanks... a review at aspin is always appretiated ...no one ever seems to do a review and they help me out a lot.. the aspprotect admin area header has a link
thanks...
, well, ultimately it comes down to this and this is stated in the footer of every page in the cjwsoft family of websites.
"In some cases in order to receive proper tech support your application will be need to be installed on a live professionaly setup server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine."
and if you have some sort of weird timeout going on on your local machine and cant even give me a detailed error message there is just no way I can possibly troubleshoot it... I told you what to check and thats really all I can do... all my applications run on XP. As a matter of fact I do all my development on XP boxes.
It could be any numbers of things... odbc drivers, versions of vbscript... other software on the pc interfering such as antivirus script blockers like norton... all sorts of issues can pop up on personal machines running xp
If you put this up on a live professionally setup web server I can help you. On your local machine there is only so much I can suggest. , The sql script creates aspgalleryuser
dataconn_inc.asp out of the box indicates aspgallery as the user.
GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspgallery;User Id=aspgallery;Password=temp;"
, Additional Information.
A set of these variables get created for every user that logs in to your site.
For performance and memory conservation reasons some of them can be turned off and are optional.
If you look in the "check_user_inc.asp" file or the "check_admin_inc.asp" file you will see a section of code like this
' Start of optional session variables to be set
' Recommended that you remark out any of the session variables below that you don't really need to use
' This will save a lot of server resource because every user logged in has a set of these
' I added some code here to not create these if they are empty
If CmdCheckUser("First_Name") <> "" Then Session("First_Name") = CmdCheckUser("First_Name")
If CmdCheckUser("Last_Name") <> "" Then Session("Last_Name") = CmdCheckUser("Last_Name")
If CmdCheckUser("Company_Name") <> "" Then Session("Company_Name") = CmdCheckUser("Company_Name")
If CmdCheckUser("Email") <> "" Then Session("Email") = CmdCheckUser("Email")
If CmdCheckUser("Address") <> "" Then Session("Address") = CmdCheckUser("Address")
If CmdCheckUser("City") <> "" Then Session("City") = CmdCheckUser("City")
If CmdCheckUser("State_Province") <> "" Then Session("State_Province") = CmdCheckUser("State_Province")
If CmdCheckUser("Zipcode_Postal_Code") <> "" Then Session("Zipcode_Postal_Code") = CmdCheckUser("Zipcode_Postal_Code")
If CmdCheckUser("Phone") <> "" Then Session("Phone") = CmdCheckUser("Phone")
If CmdCheckUser("Custom1") <> "" Then Session("Custom1") = CmdCheckUser("Custom1")
If CmdCheckUser("Custom2") <> "" Then Session("Custom2") = CmdCheckUser("Custom2")
If CmdCheckUser("Custom3") <> "" Then Session("Custom3") = CmdCheckUser("Custom3")
If CmdCheckUser("Custom4") <> "" Then Session("Custom4") = CmdCheckUser("Custom4")
If CmdCheckUser("Custom5") <> "" Then Session("Custom5") = CmdCheckUser("Custom5")
If CmdCheckUser("Custom6") <> "" Then Session("Custom6") = CmdCheckUser("Custom6")
' End of optional session variables to be set
If you do not need a particular variable to be set as a session variable simply comment that line out with single quote.
If you have an extremely busy site with a lot of users this is a good idea. If not, you probably don't need to bother doing this. I added some code in there so they will not be created if they are empty and that alone helps out a lot.
cwilliams38419.5459606481, Upgrade from V6 to v7.x with an MSSQL SERVER DATABASE
1st of all, backup your existing ASPProtect files and database before performing this upgrade. Please be really careful while performing this upgrade. Version 7.x is a highly advanced application compared to any previous versions. CJWSoft under no circumstances is responsible if you lose information or have website downtime.
BOTTOM LINE: (PERFORM THIS UPGRADE AT YOUR OWN RISK)
To do this upgrade you're going to need to have SQL Enterprise Manager and SQL Query Analyzer
That being said, on with the upgrade..
Open your SQL database in SQL Enterprise Manager
Regarding the following Tables
Rename "Users" to "ASPP_Users"
Rename "Groups" to "ASPP_Groups"
If you do not have a "Groups" table do not worry about it right now.
Now right click and DELETE the Config Table.
Yes, delete it..
Now, go into Design View for the "ASPP_Users" Table.
Rename the "Password" field to "Old_Password"
Be sure to spell it perfectly using the Underscore
If you have a "Groups" Field... leave it alone
If you do not have a "Groups" Field add one and make it a "nvarchar" field with a lengh of 255.
Now, we are going to add a few more new fields.
Add a field called "Redirection_URL" make it a "nvarchar" field with a lengh of 150.
Add a field called "PayPal_Subscriber_ID" make it a "nvarchar" field with a lengh of 100.
Add a field called "Newsletter" and make it a "bit" field
Add a field called "Password" and make it a "nvarchar" field with a lengh of 100.
Now close that window and save the changes..
Download these scripts.
2005-02-23_171110_aspprotect_v7_sql_upgrade_scripts.zip
Now open up SQL Query Analyzer
Connect to your SQL server.
Then load the script "aspprotect_v7_config_table.sql" into the Query Analyzer. Click the green play button at the top. If everything goes well the response should read something like this.
******************************************************
(1 row(s) affected)
******************************************************
Now, if you had a Groups Table your done with the database changes.
If you didnt have a groups table.
Then load the script "aspprotect_v7_groups_table.sql" into the Query Analyzer. Click the green play button at the top.
Now, go back to your database in Enterprise Manager and make sure all 3 tables are there and look ok. You might need to do a refresh or two to see them.
Now make sure an existing or new SQL user has (public / datareader / datawriter) permissions for all three tables. You reference this user in the asp code connection string so this user must be set up correctly. You may need your SQL server admins or hosting company to help you on this step as you may not have access to do this. You may not need to create a user and set permissions as the sql user you were logged in as to use query analyzer may by default get the correct permissions on anything you create.
Regardless, as you can see from this screenshot I have a SQL user called "aspprotectuser" and proceeded to set the permissions for that user. Under database access giving him (public,datareader, and datewriter permissions).
Now, you are done upgrading your SQL Server Database.
The existing passwords still have to be encrytped and moved from the "Old_Password" to the "Password" field
To that we have a special page we run in the application that will take care of that.
So, for now... go install the application, but using the database we just created.
Follow these instructions for the most part...
http://support.cjwsoft.com/forum/forum_posts.asp?TID=181& ; ;PN=1
When you get to the part where you finally get into the admin area and need to make an admin account you will notice that your existing user database is there but none of the users have passwords if you look at them in the edit screen.
That is normal. Simply do what the instructions say and create and admin account using a username that does not exist..
Then log off... then back in as that new admin account. If that works you are ready to convert the passwords.
This part is very easy.
You want to run a special page via the browser.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
Replacing the part in blue with your website info.
Once you get the page running you will see a login prompt and one form field just like before with the "get_me_in.asp" page
You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.
If all goes well you will see a page telling you to click here to encrypt the passwords and copy them over.
So do what it says... dont click more than once and wait.
Eventually it should say it is finished. So go log in to the admin area of the system using the new admin account.
Now edit some users but dont save... you want to see if the passwords are showing up. If they are the conversion worked. If you see nothing or a garbled mess it did not work and you made a mistake during this whole process.
If things went well backup and delete the conversion file below.
http://www.mysite.com/password_admin/convert_to_encrypted.asp
You do not need it anymore.
Once you are positive every thing is running smoothly and everyone's passwords are ok you can go in and delete the "Old_Password" field as well.
If things didnt go well.. try again from scratch and go slowly.
If they still dont go well get ahold of us for help.
We are here to help, but if you really want us to we can be hired to do the conversion.
, well, thats a network drive path and in my opinion a very poor way for them to have set things up. It can work as long as permissions get set there and they have the anonymous webserver accounts set up correctly to handle that scenario, but performance isn't the best because your accessing the access database over the network. Access databases are not just not meant to be connected to over the network in a web based scenario. Quality ASP hosting companies do not set up their servers that way and it can often be difficult to get things running as it is a more complex setup on their end. Meaning if they dont synchronize the IUSR_machine accounts correctly you'll have permission issues.Well, that is why we added the PayPal subscription pack where all of that is taken care of and customers get put under a recurring billing cycle.
The more people you get to pay that way the less you have to do.
We also have routines for the two other supported payment methods so people can look up their account and add time to it whether it is active/expired or not.
Other than that, yes it is something you need to sort out on your own based on how you want to run your system. You have the source code and the sky is the limit on how you want handle all of that. You send out an email to users about to expire. Whether they come back to the site/look up their account and add more time to it is up to them. I really just do not see any way ASPProtect could handle that whole process automatically.
As for batch changing to users in the database. We give you the source code and we also use an open database structure. You can run any query you want on the database whether with ASP code or directly in your database using the tools that come with it, You can write any code you like to do whatever you like to the database. You can even tie other systems and code into the database via OBDC and manipulate data. The sky is the limit like I said. I also don't really see how batch changes to the database relates to individual users paying again for access or not especially since we include payment pages were a users can look up their accounts and pay for and add more time to it automatically ? At least not regarding the payment routine we provide support for.
ASPProtect can not handle everything every person would need to do. It is meant as a solid starting point for any project, but there are going to be times when more functionality will need to be added by the customer based on their specific needs.
, If by permissions ou are reffering to the IUSR with write/execute
ConnectionString = "DBQ=C:\TradersReportsCom\aspprotect\data\database\ASPProtec t_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
I have already set the folder permissions as indicated in the documentation.
, I had some issues with passwords not working. I cleared them up by
going to the affected user and typing in the desired password manually
on the edit screen. Worked like a champ every time, and I haven't had
to do that for some time now.
, you have to do it like I show above... your not specifying the field name to be searched in the instr function so what you just showed me will not do anythingIf they changed the paths they moved the site.
That means permissions for the database folder must be set again.
If permissions are not set and you are not using the correct new path info then you will still get errors.
Those errors the server reports back and quite generic and do no mean exactly what they say. They just mean everything is not perfect.
And everything just has to be perfect..
The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.
