Blog Entry: 3/25/2006 2:22:24 PM
Chris:
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help.
, We have been using ASP Protect for a while now and are big fans of the program. We received ASP Banner 8.2 with our puchase which we now have a need for. I went to put the files on our webpage, and doing nothing else other than locating the directory there, I noticed differences with how ASP Protect operates. We have customized it a bit and want to keep the 2 programs separate. the login screen for one showed up on the other, and some ASP Protect pages appeared altered so i immediately deleted ASP Banner. did I do something wrong, and how can i ensure the 2 programs work completely independant of each other? We can't risk braking what we're now using but would really like to add banner functionality to some of our pages. maybe an update to the program before we install? puchase new software? Thanks for your help-
,
1st. Please understand you have to purchase two licenses to do such a thing as each installation will need a valid license purchased.
Moving on:
ASPProtect using a industry standard concept called "Forms Based Authentication"
This primarily relies on session variables keeping track of login status.
Each installation must be in it's own unique "IIS Application" so it will have it's own set of application and session variables.
That is often not possible with shared hosting plans as the server admins may not be willing to set a folder in your web as a separate IIS application. You would need to ask. It is going to depend on the quality of your hosting plan whether they do it or not.
technically it takes about 1 minute to open up the "IIS Console" and set up a folder in your web as a separate "application"
Based on what you are telling me that you want to do I think it would make a lot more sense to have one installation and one user database and customize your sites so ASPProtect users that are part of certain "groups" have access to things others do not or see things on pages other users would not. That is after all the entire point of Dynamic web sites and also why ASPProtect has "groups".
Then as far as the registration differences go you would make a copy of the users area folder area and manual customize it to register users in an alternate fashion than the main "users" folder. And then send people there if that is how you want them to register.
I don't support customizations but that is the gist of it. It's really not difficult work, but you have to be good with ASP., Chris, that fixed it. Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.
Suggestion for future release. Create an option to email the admin when a message is posted. If this code already exists please advise.
Thanks, Lance
, I'm using Groups and would like to assign all new users to a particular group. How is this done? cwilliams38298.5087384259, Hello,
You are correct regarding what you noticed.. ASPBanner only allows one person to administrate. If if did what you are asking about it would probably cost more.
(you get the ASP source so if you really wanted that you could always add it on your own fairly easily, but it all depends on your skills)
AS for keyword advertising and different ads based on certain pages ASPBanner does not get into that. The main reason being performance as I built ASPBanner primarily as a performance banner rotation solution.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=144& ; ; ; ; ;PN=1
Like that thread says, you could make different zones for different conditions.. then surround the banner calling code with if else logic so a different banner zone was called under certain conditions.
Regardless, if you really need something that has every bell and whistle. BanManPro is where it is at.
cwilliams38434.7100578704, OK. If no return page is set, do they end up on a PayPal confirmation page and have to navigate back to my site by going Back or typing the web address?
Nick
, Hallo,
Can I change the number of the access levels?
I want to have about 20 levels...
, ASPProtect v7.x has a new feature called groups.
Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customer that was using them.
A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.
Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.
For example..
You make 8 groups and assign users to them accordingly
Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any one of those groups would have access..
Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 2-8 would have access..
Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…
<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
In this case a user assigned to any group between 3-8 would have access..
and so on... I think you should get the picture by now
, thanks.. it was not taken as a complaint.
I just wanted to explain
When you said you tried using the web version of sql manager. Did you use the microsoft one I link to here "just curious"
http://support.cjwsoft.com/code/moreinfo127-1.htm
, If you have found out that parent paths are disabled on the web server you can still use the application.
Before you continue.
If it is your server consider enabling parent paths to solve the problem.
If it is not your server consider asking them to enable parent paths for your web site to solve the problem.
If that is not possible please download this zip file.
2005-02-20_150703_aspprotect_v7.x_alternate_include_file_pat hs.zip
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.
The zip file contains the following folders and files.
Below is the contents of the readme.txt file which explains everything.
The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.
(parent paths enabled) - This is the way the application comes.
The files in this folder have FILE server side includes containing "../" information. While these includes will work when the applicaion in is any location of a website they will not work if parent paths are disabled on the web server. Generally you will want to use these on your xp development machine. You can of course use them on your real server if parent paths are enabled. Parent Paths are now disabled on II6 by default and some hosting company will not enable them.
(domain root)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in the root of your web domain. For example if your domain was called "www.somedomain.com" the following aspprotect files and folders would end up like this
"http://www.somedomain.com/check_user_inc.asp"
"http://www.somedomain.com/password_admin"
"http://www.somedomain.com/users"
(domain directory)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in a directory called "aspprotect" in the root of your web domain. For example if your domain was called "www.somedomain.com" the
following aspprotect files and folders would end up like this
"http://www.somedomain.com/aspprotect/check_user_inc.asp"
"http://www.somedomain.com/aspprotect/password_admin"
"http://www.somedomain.com/aspprotect/users"
You can change the name of the "aspprotect" directory but you will will have to edit the includes in the files.
Lastly, if you are on a local machine and insist on using the VIRTUAL INCLUDES you would also use the (domain directory files) even though you dont have a domain on your local machine most likely
For example if your site was installed like so.
"http://localhost/aspprotect/check_user_inc.asp"
"http://localhost/aspprotect/password_admin"
"http://localhost/aspprotect/users"
cwilliams38403.6836342593, Your assumption was incorrect.... the login count has nothing to do with that. The login count only has one purpose and that is to limit the amount of times a user can log in if you want to do that.
Logging in for the 1st time means the time at which they 1st login and their session at the site is created... If there session ends and they come back and login they will get redirected because it will be the 1st time again.
Forms Based Authentication is all about sessions and session variables.
If you only want them redirected somewhere based on the login count that is something you have to work out and check on your own. It's very doable.
Seems like now I should have explained that better but I never thought anyone would think it meant what you thought., No luck...this is the message
Return To Import / Export Screen.
Active Server Pages
error 'ASP 0113'
Script timed out
/members/aspprotect/password_admin/upload_post.asp
The maximum amount of time for a script to execute was exceeded. You can change this limit by specifying a new value for the property Server.ScriptTimeout or by changing the value in the IIS administration tools.
, I am sending you a PM with the new download url
see instructions above for what to do with it, I will actually explain how to set access_levels and/or groups...
in "users/add_new_account.asp"
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
or
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*"
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
*1*,*5*,*9*
that user would be a member of groups 1,5, and 9
, DONE IT
DON'T WORRY!
DON'T ASK HOW, BUT NOW IT WORKS!!
THANK YOU IF IT WAS YOU, OR THANK YOU GOD IF IT WAS ME!!!
, One of my users is looking to do mass updates (multiple records). He wants to be able to update the "Expiration Date" for a group of users who work for the same company. , I did try to redit the banner and the old link was there, not the new one. In addition I tried to ad a new banner to an account but it too was not saved.
Since I can see the banners from the aspbanner solution, does that not tell me that the solution is properly connected to the database? The only thing is the solution only appears to be able to read the data and not write or delete it.
The settings for the directory are read write execute and delete so I am not sure what I need to do to get it working again
, If things are not perfect there will be no log files and no errors.. it can only be one of these things really
http://support.cjwsoft.com/code/moreinfo313-2.htm
You may also want to make your the filesystem on the server is working and not disabled by norton script blocking or anything random like that. Testing the filesystem object is best done by writing a simple text file to a folder. Plenty of examples of doing that can be found at www.aspin.com
Recent activity is temporary and admin activity in the admin area is not tracked. If your application in IIS has reset or there has been no activity in the users area or in pages you protected there will be nothing there. The busier your site the more chance something will be there. For example usually our online demo has something there except right after 4am when my server does an iisreset.
, When adding a new user I am taken to a form.
There are several "required fields".
First and last names are 2 of them.
This is not needed by me and I need the company name as a required field instead. I work and deal with company names, not individuals.
So, i am unable to add any users due to this.
How can I either do away with the names as a required field or swap the individual names with the company name as a required field?
I have customers wanting to be able to view their own stats, but I need to do away with the required fields to work with my customer base.
-john
, Simply not possible, that feature is one of the most complicated things I have ever coded. I am very serious when I say that. There is simply no way to make it do that without spending like 80+ hours on the code and even then I do not know how it would work. There is some very slick stuff going on there and there is no simple way to change it like that. , Thought this would be easy. A few more pointers should get the database connection to work:
1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so?
2)We have other files in there for other server applications, does that mean we’re stuck using DSN’s or is the file independent of that control dialog?
3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?
What else are we missing?
, sorry for delay responding,
I got bombarded with support inquiries while I was gone and I missed this one since I been home.
Does the server_info.asp page I provide say that aspupload is indeed installed. Let's start there. , Thanks for that. The upload size is just as effective and possibly a better solution to maintain server space.
What about individual gallery permissions. So only 1 member can post in only 1 gallery. I have a forum of 500 plus members so if they want to add a gallery than setting a permission would be idea for each gallery.
, To be honest I just can't remember what happens. It has been a long time since I did a real live test of that. I know it seemed like a pretty smooth process to me. Right now I can not test it out as I am on a road trip with my motorcycle and I am sending this email from my PDA.
I would ask Dave at this website.
http://www.davephoenix.com/
Or via this username in the forums
PhoenixUK
He can tell you what happens as he has been using the IPN stuff for about a month now.
Perhaps another user could chime in here as well and let us know. I know there are a lot of people using the IPN stuff.
, there is no straight answer to a question like that..
I think my code is very easy to figure out and work with...
What your asking all depends on your skills and also what sort of payment processing system/merchant account you go with and what sort of ASP example code they provide you, you would have to edit the application in visual studio.net.. change some things around and recompile the application... in the process figuring out how you want to handle all of that (probably combining the username and email fields just on the registration form then saving both values to the database)
very doable.. just not anything documented or supported as it is custimization
I do have a very nice article on the forums on how to set up a project in visual studio.net with the application.. it is in the forums, Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111, ok.. the count your talking about wont increment until someone other than you views the page.
After that you can increment it one time...
It keeps track of the last IP that hit it.. if it is the same it doesn't increment
This is all by design... so the same person doesn't increment the count over and over..
It's simplitist and it can be tricked... but it does what it needs to do
, I'm all set - after thinking about your replies - i checked a bit more and changed the email component type -- thanks again for all your help.
, ITS WORKING
...I have earned a beer (dont tell anyone im underage) 
, Where is the system getting the random user name and password, and why does it keep selecting the same user name and password every time?
, The protection code for my group3 is:
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * GP03 * ) -->
<% GROUPACCESS = "3" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->
btw - sorry but I am using v7
and thanks for the assistance
, How can i get to this to register someone in the database only after the Paypal payment has been accepted. I was testing it out to see if it makes it to my Paypal account (which it did just fine) then I closed Paypal before paying. I logged in as the administrator and looked at the member list and the account was created anyway. How can I stop this from being created until "only" after the Paypal payment has been "approved"?
What if this person never comes back to "try again"? Now the username he used (and is inactive) is not available for anyone else to use. And it takes up database space.
I am using the Paypal (non-subscription)
Thanks in advance,
scottyFlasher
, Sorry, not really.. not without a lot of changes to the code.
the recent activity info recycles.. it is not meant to be day by day
My suggestion there would be to look at both the log files and the user activty screens...
, Okay, hopefully I'm posting in the correct area this time.
Currently we are utilizing ASPProtect 7.x
When using the Newsletter function, many members are indicating they are not receiving email. No evidence of email in SPAM folders. Also, when checking with email provider, they insist it is not being filtered prior to delivery to member's email address.
The following message does appear when a newsletter is sent.
error '8004020f'
/newsite/ASPprotect/scripts/emailing_subs_inc.asp, line 124
Line 124 is the line of code to 'send' the emails. We have approx. 860 members who are on the list to receive the newsletter emails. I have no way of knowing how many are not getting the email. Based on anecdotal evidence, I'm guessing it could be as high as 20%.
We are using CDOSYS / SMTP authentication with a real external email with MX records. Our website is hosted by Cbeyond. They insist it isn't at their end. (for what it's worth)
Thanks for your assistance.
NPA
, If you PM your site info and I can go in and troubleshoot. I have no more ideas. Usually people have zero issues installating this application as I got it pretty tweaked so I need to see what is going on in order to help., I am having an issue with the Thumbnailing process. My host does not support ASPImage so I have to use something called asp thumbnailer which is similar to ASPImage. I am trying to modify the Dundas upload to automatically reduce the images to create thumbnails. I ripped out the asp image code and replaced with the bottom. The main issue I believe is grabbing the image files. I am not sure how to name the actual image file that is already uploaded by the dundas upload. the code is below:
The peices in red are where the issue is I believe. What you see below is my attempt to identify the exact image and then rename it tthumbnail. My optimal solution would be to take the picture, resize it and rename it exactly what it was named before.
Any ideas
Thanks
<% Else %>
<%
Dim thumbObj
Set thumbObj = Server.CreateObject("ASPThumbnailer2.Thumbnail")
If thumbObj.LoadFromWeb("../pictures/" & Filename) Then
thumbObj.ThumbMaxDimension = 140
If thumbObj.CreateThumbnailToWeb("../pictures/Thumbnail.jpg") Then
Response.Write("Thumbnail successfully created.")
Else
Response.Write("There was an error creating the thumbnail.")
End If
Else
Response.Write("<p><hr><b>Unable to load the original image.</b><hr>")
End If
Set ConnClassified = Server.CreateObject("ADODB.Connection")
ConnClassified.Open ConnectionString
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdSetImageInfo = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "UPDATE Ads SET Image" & PicNumber & "_Uploaded = 1, Image" & PicNumber & "_FileExtension = '" & FileExtension & "' WHERE (Ad_ID = " & Ad_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnClassified
CmdSetImageInfo.Open cmdTemp, , 1, 3
%>
, did you fix it because I see all the pictures just fine ?
http://mcintoshcounty.org/real_estate/view_item.asp?Ad_ID=1
, I installed the ASPProtect.NET project no problem. I am using VS.NET 2003 on Windows XP SP2 (and fully patched). I am able to build the project successfully, however I cannot debug the project. I get an error "Unable to start debugging on the web server. The project is not configured to be debugged." The web app runs fine just browsing to it.
I know this is an isolated problem particular to this project. I have MANY other .NET projects that I can debug without any problems. I have tried going into IIS and turn on the debugging for server-side script debugging and making sure my IIS application setting were configured correctly.
Can anyone shed any light on this at all? Christopher, is there any reason I should not be able to debug this? (i.e. the aspprotectlicense.dll)
Thanks,
K
,
Timecard Entry: 3/25/2006 2:22:24 PM
lunch, Newsgroups/Email, Walking a new customer through how to use Front Page (doggsultans.com), watn schools menu system, travel from Watertown to Raleigh NC, Yesterdays Time Cards, ans email prep for 401 meeting, Timberview.Com - Published changes made over weekend. Added feature to trail admin to allow for searching from start date to end date range., working on channel partners page, Talking with rational regional manager to create order for Rational Rose Enterprise Edition, Credit card authorizations, customer inquiries,, ans. phone, and worked on problem children.--, setup some domains and fix some problems with current domains. , Traffic reports / SQL Self-study, ALLMAN PROMOTIONS ADD NEW LOGOS AND TEXT PLUS CREATE BUTTONS, BUILD NEW PAGES WITH CONTENT FOR FESTIVALS, paperwork, Seth, questions on NYAB routers, Herlad Building, Nortel, Grader Bill,
DANC, Micheal-CHRSolutions,Emails , finished payroll and emailed to Carol, Answered phones, Put stock away, Answered phones and looked at DU issues, Read articles mailed from Paul on Internet about marketing. Leaving for bank, and then Sackets., went over Pauls schedule and started the receipts for Amex and Capital One , Lunch, Back to Watertown - 150 miles., CFM Foods- register domain name- web site info ffrom peter- need seth to conaztct for wan/lan for as 400, Packing stuff and loading in car for move to Clayton, One side of Syracuse to the other., cleanup work on the servers in the Co-Locations room....put all the Dell's in their rack kits and stacked them the correct way. Put Raptor in the third bay and fixed a few other minor things in the bays. Instaled the shelf blanks also.,
