Blog Entry: 3/25/2006 2:44:27 PM
Thanks Chris, When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
Thanks
,
Can you be more specific on the javascript I should look for? Can it be combined with ASPBanner?, you do not run "check_user_inc.asp" by itself
Pages you protect include that file at the top.. when they someone goes to a protected page if not logged in a user then sees a login prompt..
after loggin in they see that same page as normal
its an automated process..
now, that being said if you really want to you a specify a page to be redirected to after the 1st login when you edit a users info. You can also redirect anyone anywhere like using a simple ASP redirect statement in your code.
Personally I feel that redirecting people all over the place is poor site design. ASP is all about dynamic code and ASPProtect is all about dynamically tailoring pages to the current logged in users... so why redirect people all over the place.. it justs complicates things because you still need to password protect the places you send them to.... which means twice the work and twice the confusion.
Also, here is a Version 6 thread about redirecting manually that still applies to version 7.
http://support.cjwsoft.com/code/moreinfo17-1.htm
, Does ASPProtect 7 work with SQL 2005?, I am not sure totally understand your question.
I need you to explain it differently.
Any ".asp" page that is protected is going to automatically prompt them for a login box or log them in automatically depending on if they set that option.. In the end returning them to that same page.
So, it really all takes care of itself for the most part.. It doesn't even matter if the bookmark a protected page deep in your site. The system is smart enough to keep them at that page as well as handle their access.
Now of course if they are at an unprotected page of your site and navigate to a protected page they get a loin prompt or are allowed in if they already logged in...
Also.. when you say unprotected page ? do you mean ".htm" or ".asp"
cwilliams38298.6571759259, Running in parallel for testing is actually a smart way to do it, but the truth is you don't use anything from version 6 except the upgraded database (we have a tutorial on how to upgrade the database)
Version 7 was a drastic change /rewrite to all of the asp files that come with the application. So you will be starting out with fresh version 7 ".asp" files and folders... You will also find that once you get version 7 running that editing certain things like the look of the users area and the login screens is much easier to do.
That being said any of your own ".asp" pages that you protect use the same protection code they always did, so there will be no drastic changes needed there when you do finalize the upgrade.
If using MSACCESS as the database I suggest installing the application somewhere in your web and using a fresh ASPProtect 7 database. Once you are familiar with the setup and everything is working fine. Attempt the database conversion and when your done stick your converted database in there and see if everything is ok.
Also, if you already purchased the application download the latest version before doing the install. It's the same download URL. If you don't have it email me and I can hook you up. I have added some new features and fixed a couple minor things since it's release.
So far the feedback on version 7 has been awesome..
cwilliams38414.0133680556, It does not matter what directory name the ASPProtect files and folders are in but you cant go moving around critical file and folders like it appears you did nor is there any reason to.
All that is is saying is that the users folder, the password_admin folder, the scripts folder, the check_user_inc.asp file, and all the other files and folders that come with the system can be in any directory name as a whole.... but that doesn't mean you can go messing around with the files and folders in that directory.
I assure you 100's of users do not use "aspprotect" as the main folder name and they have no issues doing so.
Regardless, you need to explain in much clearer detail exactly what you did and what paths you used and what is where. At this point I really do not know what is you did as your post was not clear to me.
You should also check that you have entered correct path info in the admin settings page area. The register page is one of the paths that geths set there.
, Installed latest verison Doesn't seem to have corrected problem. Still with same message. I wonder if deleting this user and putting him back in might help. I have not however tried any other user names and passwords.
, Still not having much success. I am using SQL server. I changed the permission in the following directory :sql server data\mssql\data. Is that the database directory you are referring to?, When a logged in user with specific group rights tries to look at a
page that has different group membership requirements the Login screen
comes up giving them an opportunity to login with different rights to
view the page. If you log in again with your current user name
the same login screen returns with the added words something to the
effect of "Access Denied, you dont have group rights to this page...".
The only way to get back to the previous page is to hit the back button
on the browser (there is not a back button on the denied page).
I would really rather not even present the "login again" screen to a
user but just have a custom page that says "access denied" of my own
design with a back button on it. Is this an option provided for
in ASPProtect currently? I did not see it in the admin section
settings tab. Is there a separate "login again" asp file that is
being used for this
group access deny message that I could alter, or does it always have to
be the login asp file?
Or would this require me modifying the check_user_inc.asp file around
line 356 to change this behavior (I don't want to screw up any other
stuff though...).
Thanks!!
Oh, PS. just a quick check...it looks like if a user is an
"admin" he automatically gets to see all group pages regardless of
which set of group numbers are assigned in his user account...is that
right?
, Actually it is my own server (retired email server from my employer). I will check out the documentation again. I DID read that part, but didn't understand it enough. I'll dig deeper. Also my box has 2 CPU's, hence the $125 for ASPImage..., Makes sense to me. I used the ASPProtect_access2002.mdb supplied.
(I am using 2003). Only added more names and other personal info
to it for test. Uploaded the amended db with FTP. This did not
restrict someone not listed in db from logging in.
Would each individuals' information need to be added to the code in
order to have it check the database first to find out if the person is
authorized to view?
Part of the problem is I dont know which ASP page or script links the
db to the rest of the web, or how one page relates or links to the
other.
Sometimes I wonder if problems I encounter originate with the server.
Thanks for patience.
, yes, dont worry about that. It is not checkking permissions just explaining things.
and dont worry about the extra slash it seems to be adding at the end of the path. That is normal. I guess I need to fix that so it does not add that extra slash., I have ASPProtect up and running and I was able to log in with little to now problem after following all of the directions.
I imported my data base of users (approx 5300) into the access db, and now it times out just letting me log in.
I've got full access to the web server to make any changes on that end that I need.
any ideas?
, I wouldn't bother doing that. If pic uplading doesn't work it is most likely permissions to the directory pictures are uploaded to. If they are not set correctly it will not work. That dir needs the same permissions the database folder needs. , Chris, that fixed it. Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.
Suggestion for future release. Create an option to email the admin when a message is posted. If this code already exists please advise.
Thanks, Lance
, is that lindsey lohan and her fake boobs as ur avatar?
I am installing IIS and all of its glory on the other computer now... gotta love remote desktop (the pc is at work 
)
, I dont get it.. I am still looking into it..
I think this has something to do with your original experience when things would work and then not work.
something weird is going on
, I am confused.
Humm, how did ASPBanner 8 come with your purchase of ASPProtect ? That is not something I am aware of or something I do. Please provide more information on how you obtained ASPBanner 8. If I gave yu a copy for some reason please refresh my memory so I can go look up th emails about it. I need to know you have a valid license.
Now, as for the two not working together and the login screens messing with each other. I am even more confused. Tell me more as I just do not understand what you did ? ASPBanner has it's own user database and login system so there is no reason you should be mixing the two together as far as logins go. The two applications can certainly be in the same web together and not bother each other. ASPBanner can certainly serve banners to any pages you protect with ASPProtect or don't protect, but you certainly should not be protecting any ASPBanner code with ASPProtect code. ASPBanner already has code in it to do that. If that is the case don't do that. ASPProtect is not meant to protect code that already has a login system. That should just be obvious as far as I am concerned and hopefully you dintn't try to do that.
(you said you just put the directory in there but there must be more too this than that)
But again, tell me more. I can't really know everything ??
I just dont see how your ASPProtect pages could be effected by ASPBanner unless you really did something wacky like included the ASPBanner "check_user_inc.asp" instead of the one that comes with ASPProtect or overwrote it... etc ect
If in the same web aspprotect can be wherever and aspbanner needs to be in a folder called "aspbanner". There should be no conflicts under normal use and the two will essentially run seperate of one another.
, ok, how about some more in fo on the setup ?
What version of MSSQl ?
Exactly how did you create the sql database ?
Is it possible banners.asp got edited ?
Did you create all your banners via the admin interface and do all all banners have a zone assigned as that is important ? Sometimes customers will add banner info directly to the database and leave out vital field info that the application requires. Based on that error it is starting to look like that page is coming across a banner with no zone ID and thus the error. , Adding Support For ServerObjects ASPMail
ASPProtect as you know does not support ServerObjects ASPMail component by default.
Here are directions to make it work.
In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.
So search through the code for any place where email is sent and simply change
Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")
To
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
It is about 4 places. They are not too hard to find.
That’s the easy way to get all the emailing functions working with ASPMail
cwilliams38419.7864351852, from the import page in the admin area.
The import/export file must be tab delimited with no text qualifiers. The 1st row containing field names and the following each being a new user. To create your own import file it must be in this exact format. To find out what field names and their order are simply create an export file using ASPProtect and take a look at it. You can also import that text file into MSACCESS. , I have no idea.. perhaps PM me info on how to log into your site and reproduce the issue., Thats what I needed. Thank you!, rrabago
I have been looking over the code and also doing some tests.
So far everything in the code looks correct and everything I have tried has worked correctly. If I select an access level and active users it is not sending emails to inactive users as you stated.
Are you using the option pack ?
cwilliams38103.9618402778, I posted this in the wrong forum. Sorry.
I have installed ASPProtect on a client's website and I have been
notified that some of their customers have been unable to login to the
protected pages.
On testing it seems that the issues seem to be related to how cookies are being stored by IE 6.
ASPProtect is being used to protect particular template files within a
Content Mangement System. 90% of the time it is working fine but on the
odd occassion particular cutomers are unabe to login.
After quite a bit of testing I have managed to find the scenario in
which it starts to have problems and was hoping you may be able to
provide a solution.
If a customer enters the wrong password, then reenters the correct
username and password, they receive a message "template can not be
found" from the Content Management System. This message is generated
when a url is entered that contains a link to a template file that does
not exist. In this case the template does exist. If I remove the
ASPProtect code the page opens without error.
Everytime they re-enter the details they receive the same message.
If they close down the browser and then reenter the correct details in some instances the page will open correctly.
More often than not, they have to delete cookies and temporary files
and close the browser. This seems to fix the problem again for
most users. For users who's web access is heavily cached by an internal
server, even this does not work.
Have you come across this problem before and can you suggest a remedy.
If you can email me privately I can give you the URL and access codes.
Thanks,
Stuart
, Weird things happening, when I upload using the vb method the image fails and error is that the image was empty.
Utilizing ASPUpload and after clicking upload file I get a blank screen, no preview, no nothing (it loads with the proper header/footer) but a completely blank body.
Any hints?
, yea that info gets updated once an hour, Version 7 uses.. RC4
The upgrade process is described here in detail including a procedure to convert existing clear text passwords to the encrypted versions. (Your passwords will need to be clear text as the system shipped of course for the conversion to do its thing)
http://support.cjwsoft.com/code/info24.htm
It is also covered in the downloadbale docs
http://support.cjwsoft.com/code/moreinfo221-1.htm
Many people have done the upgrade without any issues and Version 7 is getting great feedback.
Should you decide to go with it there is upgrade pricing.
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp
, Hi, I am wondering if I can redirect users with "GROUPACCESS"
just like access levelS. I tried to redirect using both "Groups"
and "GROUPACCESS" example below:
<%
If Session("GROUPACCESS") = "1" Then
Response.Redirect("group1.asp")
Else
Response.Redirect("allothers.asp")
End If
%>
I could only get the Access_Level to actually redirect. Is
this something the option pack supports? If so, any words of
advice?
, I just finished implementing the V7 product on our site and someone made mention that on the profile form where you are asked all your personal and user information there are 2 fields for passwords. The first field uses masking to hide the password as you type it, where the second shows it in clear text.
Now we know that the only people able to see the password are the user and the administrator, but it is playing mind games with my users as they think there is a problem with the application. I am not a programmer (however, learning ASP slowly now!) and am not sure if you did this on purpose or if it is a bug?
If it was done on purpose, can you advise how I can make the confirm password field masked as well to eliminate the unfounded questions!
Thanks
, Also, I found this page which specifically talks about hidden IPN form values to change currencies
https://www.paypal.com/us/cgi-bin/webscr?cmd=p/acc/ipn-info
| mc_currency |
For payment IPNs, this is the currency of the payment. For non-payment subscription IPNs, this is the currency of the subscription. |
| "USD" |
The currency of the payment is U.S. Dollars. |
| "CAD" |
The currency of the payment is Canadian Dollars. |
| "GBP" |
The currency of the payment is Pounds Sterling. |
| "EUR" |
The currency of the payment is Euros. |
| "JPY" |
The currency of the payment is Yen. |
cwilliams38459.9616087963, That would be great.
I am sure you know that many virus that are sent via email have the same property. (double extension). The code can be executed even though Windows identifies them as simple text files etc.
Thanks again
, Please be more specific. What hit count are we talking about ?
User Logging ? Albums ? Something else ?
Please descriube the situation in detail. There are really no settings for any sort of hit count.
, Chris, if there is no way to change this, I understand. I just though maybe it might be possible and I can't find out if i don't ask.
Thanks Chris.
Let me know.
-john
, if you use our existing User_ID they are going to get new ID's. There is nothing you can do about that.
You could very easily though stick your exisisting User_ID's in one of the custum fields so you dont lose that info for each member., I would like to delete the SQL tables and set them up from scratch using enterprise manager and sql query manager and see what happens
If that is ok with you let me know.
Something is wrong like I said... almost seems like the database is caching old password info from the field., Yup everything looks ok - but why no error?
This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...
What would cause it to 'think' it is doing the task yet still fail?
, No I didn't...
The one I tried is the hosted one at my provider which I gave you the link for.
Thanks very much. 
I will get that one and it may be much easier if I need to get into the Nitty Gritty of the database at some time.
Thanks
,
Timecard Entry: 3/25/2006 2:44:27 PM
Transfer Laptop Files to Desk top, fax time sheets/copy time sheets
ti bait- go over info with shawn on upload manager
Contact Statcommunications for page like premier paging, spokeith Andy, Melinda and Tom from Stats- send email to John Morgan
Allied Federated- spoek with Kelly waiting on jim
Salmon Run Mall- spoke with Ranyd:
Send Nic email
Help imcnet customer for persaonl web page problem
Contact San Francisco with questions, contact on Tuesday
Do mailing for beth
make copies for ilage and entertainment
Send in trouble ticket for breseecars.com
rredbenoit- go ver with tom changes thats hould have been done last week
Alexbay.com- send info to Jason about meta tags that need to beplaces on site
, Realtor.com told me we were not using the latest file specs... so I recoded all of our 4 sites that will using realtor.com to match the new specs, slow, worked on expired
accounts, meeting with Jim and Tara about channel site, writting a Jim w/list of events for channel site, assisting Bill on problem reports site, working on tech support section of home page, Scheduling Nortel Training.
Filing, Copies & Binders., match Walker packing slips to invoices, Passport training, Calling people back. Answering e-mails. Answering tech questions., *TaskForce: Competition Research (eRoom), Back to St. Lawrence County Chamber. Adding open-text search capabilities to admin., travel back to Clayton, Picked up mail and opened. Posted accounts, and. phone, customer inquries and did a detail of check and cash for a bank deposit., Jason helped me with Virtual PC -- downloaded a patch and adjusted virtual memory and all seems to be working well now., my timecard: printed timecards, see where seth and beth are with neustar test, talk to gary stienbrener , went over and fixed a problem at imcnet building ns0 problem, General TS Overnight duties... cleaned and emptied trash., WO for Amy, Working with Seth, review wan work, create work orders, Hepburn Medical not able to receive mail from Alice Hydemail is not bing forwarded off kenny @ IMCNET ----->
, email, Talked to Amy about TIBait.com changes, Marketing and meet with Bethany, Checked email and answered tech related calls., printed copies of nortel required infor for hb and dc. chr conference call. submitted expense report for harry. started po's for darrell's expenses. s/w sonya at verizon on id cards. email to hb and ct on nortel invoices. s/w peg at verizon, to f/u tomorrow, MBO Meeting., Business after hours- Watertown Chamber, helped a user set up email. helped a new customer with the software. had a billing question, met and worked with Steve at Clayton office on how to incorporate work order system with Work Request System,
