|
| Blog News Main Page
NEWS FROM 2006-03-25
Blog Entry: 3/25/2006 2:44:04 PM
Both
the NET and Classic ASP versions of this application are designed for
fine granularity protection of individual apsx extension files.
ASPProtect.NET is not designed or intended to protect sub directories,
or non aspx content such as Adobe Acrobat .pdf files etc etc.
I
completely disagree with your statement that “most sites” have a login
box on the left hand side of the page. I suspect you thinking of the
ever popular php based forums and “Nuke” type CMS systems which are set
up that way but if you look at any site written entirely using .NET
that’s rarely if ever the case. (Granted I cant say for sure because I
personally haven’t looked at >50% of the estimated 18 billion + web
pages on the internet) Just off the top of my head www.CafePress.com
come to mind as a pure .NET site. If you take a look the login button
it takes you to its own login page there is not global login form used
throughout the site. Reason being that .NET introduced this thing
called a “view state” which is used to store things like your session
ID (and way more) and must be posted back to the server in order to
keep track of visitors. This technology comes in especially handy when
you have a web farm in place and your content is being spit out out by
more than one server at the same time
I
can think of loads of scenarios where the web servers need to know who
you are even though you are never directly contacting them via http.
This approach is a very smooth and actually very clever solution for
enterprise level websites that simply can’t be handled with a single
web server.
On
a practical level I know what you are saying but that application sets
up all sorts of things when a protected page is accessed and the user
is not yet authenticated. That’s the entire reason you need to put that
snippet of code at the top of a page you want to protect. That code
snippet calls the ASPProtect.NET class and runs through all the logic
to see if you are able to access the page. If you are the subroutine
exits and the server continues to process the remaining logic on the
page. AKA you are able to access its content. If you are NOT
authenticated ASPProtect will setup all the proper session and
viewstate info and redirect you to the login page for authentication.
You may have also noticed a parameter on the login page called
ReturnURL. The application looks for that info and if you do have a
user ID and password the application automatically redirects you to the
page you were trying to access in the first place.
Really
I have no idea what you are trying to do, but there is a world of
difference in how something looks verses how it works. Lets just say
there was a simple way to do what your thinking, what are you going to
do with that login form after the person logs in? Just keep displaying
it on the entire site so people get confused and don’t know if they are
logged in or not? Just that little part of the equation will require
making some changes to either ASPProtect.NET or your application will
have to have some logic built into it to stop displaying the login
forum.
It
sounds to me like your basically looking for a super simple 101 type
deal that allows people to sign up for an event and you the admin can
see that information? I’m guessing they can also log in again and check
out their details and see what event they signed up for?
If
that’s the case you’re trying to take a very sophisticated protection
application and downgrade it into something that would be one heck of a
lot easier to write all from scratch in about an hour.
Your
not going to be able to “plug and play” a simple form into a page and
turn that application as a magic universal login solution for a
website, while its 100% possible to use the application that way if you
choose, you need to check out the source code and plan your custom
integration accordingly.
, Yes worked fine
thanks ,
Will purchasing an additional license resolve the issue which will allow another installation or is this a function of the application that it can only protect one site per server?, Just as an FYI, I found the problem. FP2003 has an "Optimize" feature that removes so called not needed spaces and comments from the pages. It also completely screws up .ASP code.
I turned off the optimization feature and all the pages I was having problems with worked. However, I would still recommend not using it too! , thats intertesting.. I have never heard of the concept until now..
I did a search for ASP examples or ASP components that can help with the process and just couldn't find anything about it.,
If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.
<center>
<table border="0" width="400" height="200" bgcolor="#000000">
<tr>
<td bgcolor="#F4F4F4">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<div align="center">
<center>
<table border="0" bgcolor="#C0C0C0">
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
</tr>
<tr>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<p> <input type="submit" value="Login"></p>
</center>
</div>
</form>
</td>
</tr>
</table>
</center>
, 1st of all when I look at the site I see a lot of non US characters and I can see the regional settings of the site are foreign.
ASPClassifieds in only intended to run under US and Canadian regional settings as stated on the site.
Thus the BIG notice on the purchase page.
http://www.aspclassifieds.com/purchase.asp
It won't run right like that for a lot of reasons and it is not supported like that as that notice says.
The categories showing 0 is just one of the problems you will have.
If I help you fix this it will just lead to 4 more issues right after.
If you would like support with the classifieds application you need to run it on a server with US or Canadian regional settings like the site says. ,
Access to some sections of the forums must be requested.
Please Click on the following link and read all of it carefully.
http://support.cjwsoft.com/
cwilliams38291.6121296296, to finalize this thread.... turns out I was correct and this person was not unzipping the zip file correctly. , I post new ads , can view it in admin area
but when go to first page no ads show
all categories show (0)
How solve this problem ?
PS: I set default auto approved ads , DONE IT
DON'T WORRY!
DON'T ASK HOW, BUT NOW IT WORKS!!
THANK YOU IF IT WAS YOU, OR THANK YOU GOD IF IT WAS ME!!! , just leave the databse where it is, use the connection string generated for you and most importantly... put in a request with alentus for permissions to be set
tell them "D:\Websites\www.mysite.com\aspprotect\data" and all of its child folders need change permissions (r,w,x,d) set so aspprotect can do its thing
until the permissions are set that connection string can not work
this is all noted in the installation docs... , lmao ... ya that has never happend to me before.... , Okay, I deleted out the aspprotect folder and started over. I also took out the dsn connection to the ecommerce database and deleted out the subweb that had it, I decided to use another provided where the database is resident on thier servers not mine.
I broke my txt file into groups and it's loading sort of. The first 1000 users uploaded fine...the second said it timed out, but when I looked at the access database it showed 2000 people. The login still times out and every page seems to load incredibly slow still. , I believe that solved the problem as I have not heard from this person since I sent him the code., 
ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.
ASPProtect can use a Microsoft Access Database or Microsoft SQL Server as it's data source. We provide the access databases and everything you need to create the SQL database, however customer's using Microsoft SQL Server are required to have SQL Enterprise Manager and SQL Query Analyzer in order to setup and maintain the SQL database. Other scenarios are possible but we do not support them.
ASPProtect v7.supports 13 different emailing methods and components so chances are you will have no problem finding one that will work for you.
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
We extensivley support all implemenations of CDOSYS which is installed on all the servers by default. We also support outgoing SMTP authentication requirements. If you can not send emails from the application using one of our 13 methods and you have an ASP solution that can send an email on your server we will work with you to make sure the application can send emails.
FINALLY
ASPProtect v7.x does not run under Chillisoft ASP. That means it does not run under Unix, Linux, Apache, etc etc. ASPProtect v7.x can not use a MySQL database. MySQL and Microsoft SQL are not the same thing.
If you are wondering if your web server runs Windows or Linux you can try using the header check here.
http://www.port80software.com/support/p80tools
Be warned however it will not always be accurate because some people cloak that information or show something different than what they are running to trick potential hackers. With commerical hosting though the the header information is usually accurate. , all I can say is try other things... like
mail.yoursite.com
or
smtp.yoursite.com
etc etc etc
replacing yoursite with the name of your domain of course
the settings for sending email via ASP are no different then the settings you would use in outlook or something... except sometimes on the server level localhost works as the email server because they set it up to allow that
and of course those 3rd party emailing components need to actually be installed on the server , Well you can put a link on all your pages that links to the login page?
modify the code in the login page so the return page is members.aspx or
whatever you need and thats it?
I dont see your point? probably because I understand how the program works and your not 100% up to speed on how it works.
, There are several pages on my website that a user may go to that are not protected (e.g. home page). If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?
, When adding a new user I am taken to a form.
There are several "required fields".
First and last names are 2 of them.
This is not needed by me and I need the company name as a required field instead. I work and deal with company names, not individuals.
So, i am unable to add any users due to this.
How can I either do away with the names as a required field or swap the individual names with the company name as a required field?
I have customers wanting to be able to view their own stats, but I need to do away with the required fields to work with my customer base.
-john , The login page sends the user to redirect.asp (which is as follows)
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If InStr(Session("Groups"),"*1*") Then
Response.Redirect("gp01.asp")
End If
%>
<%
If InStr(Session("Groups"),"*2*") Then
Response.Redirect("gp02.asp")
End If
%>
I am not being redirected to gp02.asp if I am a member of group2. Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)
Thanks in advance.
, ASPProtect version 6 does not officially support any sort of redirection or is it a feature.
You can however do redirection after login with some basic ASP if-else statements and ASP redirects. Basically you check the session variables after successful login and send users where based on that info. You of course also need to protect any pages you send users to and make sure any people that aren't supposed to go there do not go there directly and bypass your security.
I highly frown on Redirecting during login (In my opinion it is poor site design and it defeats the purpose of dynamic web pages, there is seldom a good reason to even need to do it if you design your site well) but you can check out this thread which should give you lots of good information.
http://support.cjwsoft.com/code/code_info.asp?TID=17&KW= redirect, Thanks dude, I'll figure it out. I've been ripping apart pieces
of the code to get it. I'm in the process of pulling some things
out to make functions that do specific tasks based on your code.
I actually had a lot of luck yesterday with it.
, That's excellent!
I did learn that parent paths were disabled on my test 2003 server...
But on the hosted server, it looks like parent paths are supported as I change the file location of the language file in the forum common.asp as such, and obviously moved the file as well:
from:
<!--#include file="language_files/language_file_inc.asp" -->
to:
<!--#include file="../language_file_inc.asp" -->
Everything seems to work fine and I thank you very much for you quick response!!! 
Ok, time to buy...thanks again!
- Jason
, Hi,
First and foremost, a great product. I downloaded it last night and it took little effort to get it up and running 
.....now a little question...
Has the software/code been tried out on a Mysql db and if so did it work?
The reason I ask is that my website is very busy (1.5million page views per month avg) and I'm considering converting the ASPBanner Access db to a Mysql one to help handle the traffic. For every page view one banner impression is being made which means that the Access db is under a bit of pressure
This afternoon there were 1012 simultanious users on the website and it froze with an error message displaying where the banner should have been (I didn't quite catch the message but something to do with the banner script timing out). I'm not sure if the Access db had something to do with it but it seemed too coincidental. Rebooting the server cured the problem but obviously kicked off the visistors as well
At present there's 668 online and no problems so I'll have to monitor it to see how it goes but if anyone can answer the Mysql question I'd be grateful
Thanks,
Dave , ya, that firewall could mess that up.
just edit which ever style include you are using
(with a text editor)
it will be one of these depending on your settings.. and they are located in the "scripts" directory
view_album_style1_inc.asp
view_album_style2_inc.asp
view_album_style3_inc.asp
find this section of code and remove the part in red
If Last_Counter_IP <> Request.ServerVariables("REMOTE_ADDR") Then
Set CmdUpdateCounter = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "SELECT " & tbl_label_albums & ".* FROM " & tbl_label_albums & " WHERE (Album_ID = " & Album_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnGallery
CmdUpdateCounter.Open cmdTemp, , 1, 3
CmdUpdateCounter.Fields("Album_Counter") = (Album_Counter + 1)
CmdUpdateCounter.Fields("Last_Counter_IP") = Request.ServerVariables("REMOTE_ADDR")
CmdUpdateCounter.Update
CmdUpdateCounter.Close
Album_Counter = Album_Counter + 1
End If , [QUOTE=cwilliams]
Is that a real term or just something you named it cause they have like a zillion people using that SQL server?[/QUOTE]
yeah thats it, you buy into a part of the sql server so it's an sql server hotel... , ok, how about some more in fo on the setup ?
What version of MSSQl ?
Exactly how did you create the sql database ?
Is it possible banners.asp got edited ?
Did you create all your banners via the admin interface and do all all banners have a zone assigned as that is important ? Sometimes customers will add banner info directly to the database and leave out vital field info that the application requires. Based on that error it is starting to look like that page is coming across a banner with no zone ID and thus the error. , The Pop-Up Javascript Date Pickers will only show up of your server's regional settings are set to one of two lCID values.
1033 which is English - United States
mm/dd/yyyy date format
or
2057 which is English - United Kingdom
dd/mm/yyyy date format
Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.
This setting can however be easily overwritten when using the ASPBanner system.
Edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 1033
or
Session.LCID = 2057
depending on what date format you are looking to use
Save the file and go edit a banner. The date pickers should be there now. cwilliams38325.7403125, thanks for posting this... Since "private" is the default setting from what I read and setting it to "public" cured the issue chances are leaving it at "public" is the way to go.
http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/iissdk/html/33f2780a-eee8-4601-84b7-b489e4c756df.asp
http://www.w3schools.com/asp/prop_cachecontrol.asp
ALSO: since you are one the few people that has ever contributed anything helpful to the forums I am going to reward you with a free copy of the password expiration mod. I am sending you a PM with the download info. , Hello,
It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.
I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.
But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file , If you PM your site info and I can go in and troubleshoot. I have no more ideas. Usually people have zero issues installating this application as I got it pretty tweaked so I need to see what is going on in order to help., ok.. glad it is doing it's thing, I'll give it a shot within the next day or so. I'm busy with a few other things right now. You're right about just saving a copy before I start. It can't really hurt anything.
Thanks Chris. I'll let you know how it turns out.
-john
, I have noticed that during the file import, that some of the pictures get messed up. I can import aroun 150 pictures into different albums, say 3 albums with 50 each.
I have noticed however that some of the get messed up. What is happening is...the thumbnail will be correct, but after you click it the picture that shows up is one form a different album.
Any cure for this? , when I go to that url is seems fairly fast and somewhat normal.. even when I try to log in it pops right back up asking for login info again..
I would check to make sure you are not running anything that might be effecting your web browsing.. software firewalls.. ad blockers.. script blockers... norton internet security.. zone alarm... anything like that
they can all effect a lot of things regarding how web browsers act. , Actually, as far the "aspprotectnet.dll" file goes it makes sense because of the following.
The "aspprotectlicense.dll" is something we do not provide the source code for. We also do not compile it in "debug" mode because you not want dll's running in "debug" mode in a production environment and we also do not want that dll in debug mode because of reverse engineering reasons.
Now, that being said that DLL is no different than any other 3rd party dll "so to speak" that you would use in a project. Many of which will not be in debug mode and you will also not have the source for.
"Microsoft.Data.Odbc.dll" being an example
Regardless, there must be a way to do what your trying to do. I am just not sure at the moment. It is nothing anyone has brought up before and I personally have never had any issues like that when I work on the application so I am just not sure.
It probably has something to do with the way you set up your project., I'll try to help when I get back tues night,, see the contact page for info on where I am .
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry , This is the error that I am getting when I try to add a banner...
[code]Microsoft OLE DB Provider for SQL Server error '80040e09'
EXECUTE permission denied on object 'sp_ASPBanner_GetZones', database
'aspbanner', owner 'dbo'.
/aspbanner/appinfo_inc.asp, line 67[/code]
also, when i go to the banners tab i see this in the banner list...
[code](3 Banners Found)
Microsoft OLE DB Provider for SQL Server error '80040e14'
Line 1: Incorrect syntax near '='.
/aspbanner/banners.asp, line 306[/code]
Help., hi,
no.., not unless you come up with some clever way to handle it on your own
http://support.cjwsoft.com/code/code_info.asp?TID=369&KW =https
read 2nd to last post
The way ASPProtect ships it is designed to either be in http:// the whole time or https:// the whole time.... (there curently is no solution from me allowing going from one to the other)
sorry
,
Timecard Entry: 3/25/2006 2:44:04 PM
WDT new Canton office install, Review Net Kit Training materials, Driving back from Syracuse. 70 miles., Went to the Herald building roof and moved the antenna from the position it was in to test some other areas. Hooked up the 110 directional to test it out again. , Marketing Meeting, Working on cma for SOFTMLS system, lunch, Emerald and phones, Reading about some wireless information and trying to find a good book that might be able to help me out, met w/company group ins. rep and h-r, Ordered 56k CSU, C21 real estate: e-mail support: Cori Kennedy, bill saiff- network solutions go over info biling procedures, online and rad log, dial up issues check, phones dead till like 7am,
trash out, straighten up, Meeting with Crispin, Chris and Dave V. on current status and last week status, meeting with mcnalleys, covered downstairs and filed bills-cc batch entered, lunch, Waiting for Bell Atlantic., Same as before... never picked up., 25 Miles : Watertown - Clayton, 790wtny.com - Making requested updates, chow, Picked up mail and opened. Posted accounts, credit card authorizations. customer inquiries, ans. phone and sorted the mail., *24 Dollar Domains site development, Sunandshield.Com - Published completed bookshelf., Lunch, work on doing monthly maintance on email server, web servers deleteing old log files, pruning out old msgs in emails, worked on deleting domains no longer hosted by gisco, mail run and timecards still missing alot, evening meeting with Howard,
|
