Blog Entry: 3/25/2006 2:43:52 PM
either that or send me your encyrption keys and the exact password entered that causes the problem and I will try to reproduce the behavior here, Christopher
Found this but I dont really know what to do with it or even if its the right thing.
<%
'=========================================================== ==================='
' Application: Utiity Function
' Author: ; John Gardner
' Date: & nbsp; 20th December 2004
' Description: Used to check the validity of a postcode
' QueryString: None
' Version: V1.0
' Required routines: &nb sp; None
'----------------------------------------------------------- -------------------'
function Check_Postcode (byRef strPostcode)
' This routine checks the value of the form element specified by the parameter
' for a valid postcode.
' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf
' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.
Dim strPostcodeRegExp(2) ' holds the regular expressions for valid postcodes
Dim intCount &nbs p; ' For loop counter
Dim strPostcodeCopy ' Copy of postcode
' Variables used to hold regular expression object
Dim objRegExp, objMatches, objMatch
' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Expression for postcodes: ANA NAA, and AANA NAA
strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Exception for the special postcode GIR 0AA
strPostcodeRegExp(2) = "^(gir)(0aa)$"
' Copy the parameter and convert into lowercase
strPostcodeCopy = Lcase(strPostCode)
' Assume we're not going to find a valid postcode
Check_Postcode = false
' Strip out spaces
strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
Check_Postcode = False
Set objRegExp = New RegExp
' Check the string against valid types of post codes
For intCount = 0 to Ubound(strPostCodeRegExp)
' Check next pattern in list
objRegExp.Pattern = strPostcodeRegExp(intCount)
If objRegExp.Test (strPostcodeCopy) Then
' Post code found. Ensure input parameter is in correct format.
Set objMatches = objRegExp.Execute (strPostcodeCopy)
Set objMatch = objMatches(0)
strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " & Ucase (objMatch.subMatches (1))
' Show that we have found the postcode
Check_Postcode = True
End if
Next
' Ensure that the uppercase postcode gets returned if valid
If Check_Postcode Then strPostcode = strPostcodeCopy
End Function
%>
regards
John
,
Hi,
The source code comes with it.
They are the.vb files.
I don't give out any project files for reasons stated in the article below.
Please read this in full if you want to edit the application in Visual Studio.NET
http://support.cjwsoft.com/code/moreinfo85-1.htm
, Yes, you are right. That was the problem. Sorry 
Cheers
Roy
, Your actually confusing me with the whole "joe bloe" thing and user access. I just do not get what you are trying to tell me. Perhaps you can explain in a less confusing way. Your just not technically explaining it andand thats what I need to know to possibly help.
As for the subweb thing you just can not do that. Subwebs have their own sets of application and session variables. An ASPProtect installation and any pages you protect with it are required to be in the same "application" in IIS. Sicne subwebs have their own "applications" in IIS that won't work. It is the nature of "forms based authentication" A sub web is alo considered by our licensing to be a seperate web site and ASPProtect is licensed per web site.
As for breaking pages.. you really shouldnt be editing any pages in the admin area as you will break them unles you are very good with ASP. (does not sound like you are..no offense meant at all)
Pages in the "users" folder are less complex and it is usually ok to edit them carefully.
http://www.powerasp.com/content/hintstips/common_sense.asp
Pages of your own that you password protect can still be edited in your usualy way though without effecting anything.
Truth is if you back things up before you start editing how can you go wrong ? That's how you learn.
, here is the next response to this which was emailed to me but should have been posted here
From: Mo Afifi
Sent: Sunday, October 23, 2005 4:47 PM
To: CJWSoft Support Info
Subject: Re: CJWSoft Support Info : SSL - Verisign Certifcates
Hello,
Thank you for responding to my posting. In the second line of your response you said “not start them off at an http:// url". I think what you meant is to "not start them off at an https:// url". If this is your intention then I agree with you 100%. I have revised my pages so the users will go first to a non-https page and then make a choice either to use secure or non-secure access. Please note that the site is not intended to be completely SSL protected but only the sign up pages. I have another problem though when I click on the "Secure Log In" and enter my log in information; the entire subsequent URLs will have https:// in them which I could not shake off. As I said the intention was to use the https for sign in only.
I realize that this issue does not have any thing to do with your product, but any input will be appreciated. Best,
, Is there any update to this ?, Well. fontpage publishing is evil. That you have found out.
Do not use it. It usually wont work right when running asp code locally and also at the server because of differences with the paths and virtual directory structure. etc etc etc
You can definetly use frontpage to connect to the web site live and drag and drop files into it/edit them... but the sooner you stop using the publishing feature the better off you will be.
, I dont know about your error on line 6 when uploading..
as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.
I really need more information and possibly acess to the system to do some troubleshooting...
This is anot a feature anyone has ever had an issue like this with.
, I do not think it it anything to do with the Application.
You most likely have some sort of ad blocking software that is doing it.
It is seeing the word "banner" or "ad" and blocking the images in your browser.
I doubt it is anything built into xp doing it. XP with SP2 has built in pop-up blockers but no ad blockers like that really. It is norton ad blocker or something of that nature.
, Just to put an end to this thread here is the solution for anyone reading.
The permissions were ok.
The data connection string never got edited in the "dataconn_inc.asp" file so it was invalid the whole time.
Once that was corrected the application ran.
So really this whole thread was over not following the directions and not editing the data connection string...
, you password protect an asp page in your site "where that is is up to you"
http://support.cjwsoft.com/code/moreinfo171-1.htm
then you link them there from your own pages
thats all there is to it
is that what you are asking?
Additionally...any page you password protect automatically becomes a login page... where you want to start and where you send them after or before login is something you have to handle on your own
Any pages you pasword protect will prompt the user for login info if they are not yet logged in that is.
Then once logged in it returns them to the same page they are showing the page content as it would normally appear.
cwilliams38455.7128356481, I am really starting to get the hang of your
software. It seems to me, you have thought of everything a person could
possible want. Before I try to tackle
setting up Pay Pal subscription payments is there really any difference
between a file include and a virtual include statement? Is one more
secure than another?
, A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.
Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.
Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them
In addition to the settings above each table has one field that is a primary key with an auto increment of one
In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.
The SQL column settings for each one of the primary key fields must be set as follows
In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.
cwilliams38325.7405092593, Chris-
A general question - Can you have multiple instance of the gallery on the same server?
, Not really sure how to do this.... i think you know what i am looking to do.. is there anyway you can show me or create that solution for me? It would prob. take you minutes as its been taking me hours 
, the no concurrent login feature is based on IP addresses.. if you logged in again using the same IP address it would let you in regardless. So for example if you were behind a rhome router and logged in to a site on the internet it would nt matter if you had multiple computers at home because they would all have the same external IP address... etc etc
In other words it is tricky to correctly test..
I really need more detailed info on everything going on. I real world scenarios there are no issues with that feature that I know of. At least according to customers so far. , I just upgraded from 6.0 to 7.0 primarily because we were limited in the choices of email systems we could use to send an email validation message.
Previously, with 6.0, we were using CDONTS to send an email validation message to new registrants. Unfortunately, AOL email addressee's were not receiving the vaildation email from us. I received a reply to another post I made on this forum that the problem was due to the fact that aCDONTS generated email has no MX record and AOL blocks non-MX record containing emails.
Well, I upgraded to 7.0, switched to CDOSYS (Using SMTP Virtual Server) with SMTP Authentication and it appears that AOL is still blocking the validation email.
Any suggestions, comments?
, Unfortunatley, I dont have an easy answer for you. It is certainly doable but adjusting the code so people assigned to certain groups get specific expiration dates means a lot of code work and time. It would probably even take me a long time to figure out.
The fact that users can belong to more than one group also greatly complicats the whole idea.
You can certainly assign an expiration level when someone signs up. That is easy and explained in the forums. , (customer replied aug-sep 2005)
OK, you have old code then... I will send you some updated files that you can try.. let me know here if it solves the problem. , Please Note : Users with the option pack a new feature called groups that is much more powerful than access levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default and also info on an alternate scenario we have provided.
In the "check_user_inc.asp" that comes in the root of this system Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
The "check_user_inc.asp" included in the "extras" directory is an example of changing the access level checking code
to work differently. In that "check_user_inc.asp" Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 2
Level 3 has Access to - Level 3
Level 4 has Access to - Level 4
Level 5 has Access to - Level 5
Level 6 has Access to - Level 6
Level 7 has Access to - Level 7
Level 8 has Access to - Level 8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
If you get creative you can create some interesting access level checking scenarios.
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive.
cwilliams38114.6506712963, Can I suggest you have changed a code to stop this or you have a privacy software stopping your visits to add 1 to the counter. Has anyone tried to visit the album or just you. If you send me the link I can sus it out for you, ok, that is what you are suppose to do... not having that path info set can cause all sorts of trouble., I would look on the pictures folder on the server and see what is there for pictures. Also, when you see a broken X on the site right click and see where it is trying to get the picture from and what the pictures name should be.
I would also be sure to clear out your temporary internet files in IE. clost and restart all browsers..
maybe show me the site ? so I can see this happening ?
cwilliams38348.9748726852,
AUGUST 12th 2004
NEW VERSION OF ASPBANNER IS BEING RELEASED THIS WEEK
ASPBanner Unlimited Version 8.0
It is completely finished.
http://www.aspbanner.com/
This new version has more features and is selling for $99.95
Unlimited Version 7.3 is now named "ASPBanner Standard"
Owner's of Unlimited Version 7.3 can get an upgrade to Unlimited Version 8 for the difference in price (based on current pricing)
It is available now for purchase at the following link .
http://www.aspbanner.com/purchase_unlimited_v8.1_classic_upg rade.asp
The new version can use your existing database so it is a fairly easy upgrade.
If you are not an existing ASPBanner Customer you can use the following link to purchase the application normally.
http://www.aspbanner.com/purchase_unlimited_v8.1_classic.asp
Notes on the new version:
ASPBanner Unlimited Version 8
Improved graphics and some new icons
New reports screen... 4 reports total 3 of which are new
New Iframe Banner Calling method with built in auto refresh feature so banners can rotate at a specified interval on their own
New Zone Order Informaion Page
Visually shows you what the current rotation looks like for a zone
Banners can now be stopped at a certain date and at an impression limit
Whichever is hit 1st.. before it was just one or the other
New "data" folder... this new directory is the only directory that needs permissions
this should make setting up the system and permissions a breeze.. all cjwsoft applications will
eventually use this same folder
New configuration text file... eliminates config table in the database and allows us to easily
add more config options in the future without changing the database.. means easier upgrades down the road
and faster loading of the configuration data
New application data connection wizard
makes setting up the data connection a no brainer
more overall emailing methods supported
CDONTS
CDOSYS
ASPEMAIL
ASPMAIL
ASPSMARTMAIL
DUNDASMAILER
JMAIL
SASMTPMAIL
Bamboo Mail
Simple Mail
ASPQMail
QuickSoft EasyMail Objects
OCXMail
Persists ASPEMail now supports outgoing SMTP authentication.
Simple Mail now supports outgoing SMTP authentication.
It is becoming popular for ISP to use this.
Emailing code now uses functions so we can easily add more email component support down the road
Flash files (.swf) can now be previewed and used in new banner right from the upload page
before this could only be done with image files
Users page now has a notes popup feature
when you hold the mouse over the icon you see all info on a user without needing to edit that user
Edit banner page now shows the color of the banner status in the dropdown menu
New clone banner feature.. allows you to easily create similar banners
Banner application page has been optimized to be even more efficient
Javascript popup calendar date selectors
Ton of misc little things & Improvements...
Some Screenshots
, Chris:
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help.
, Hi all
User activity screen shows history of logged-in users.
Is it possible to view only those users that are currently logged in ? not the all users that have logged in previously
thanks in advance
, remeber too.. you might have to edit code you used on your existing pages in your site so they still call the "check_user_inc.asp" correctly.. though it may very well work out so it works the way it is at the new site
any redirection code you might have done may need the redirection urls changed if you used full domain urls..
things like that... etc etc etc, Thought this would be easy. A few more pointers should get the database connection to work:
1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so?
2)We have other files in there for other server applications, does that mean we’re stuck using DSN’s or is the file independent of that control dialog?
3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?
What else are we missing?
, I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=49& PN=1
Jeromy, You should have access to that page.
, humm, I see your using the lite version which is technically not supported.
I know you were responding to an existing thread but I really would rather you have posted this in the ASPProtect Lite area or at least mentioned what version you are using. Usually there are big differences in the versions and it helps me help you if I know what is going on.
Regardless, the code for this feature is actually the same and I just tested a fresh install of the lite version and it stored that verify url perfectly and all worked as it should in the verification email.
All I can think of is that you can try manually editing the "users/add_new_account.asp" file.
This part
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & vbCrLf & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Would need your verify URL hardcoded into it which would pretty much guarantee it would get put in the email.
EmailBody = EmailBody & "New Registration.." & vbCrLf & vbCrLf & "Your registration still has to be validated." & "http://localhost/aspprotectlite/users/v.asp" & "Go to " & vbCrLf & VerifyURL & "?u=" & Server.URLEncode(Request("Username")) & "&v=" & ValidateEmailCode & vbCrLf & "to verify your registration." & vbCrLf & vbCrLf
Of course change the url to be valid for your setup.
Still, the fact that this isn't working means there is something wrong with your installation. It would probably be a good idea to erase everything, do an iisreset, and re-install the application in a different directory... immediatly log and go to the settings page, carefully set everything and save it... then register as a new user and see what happens.
There is no reason that variable shouldn't get set. I mean I tested it just now with a fresh install of the version you are using and not only that... 1000's of people have been using that same code for over a year in the full version and no one has had this problem except the guy who started this thread who never populated the value.
My guess is still a problem with your "IIS application" for that web. It is not doing it's thing for some reason. When the settings page is saved and application variable gets set telling the config file to reload the variables as it doesn't do it every time to conserve resources.
If that isn't getting triggered and that variable isn't getting set who knows what else isn't getting set and it's not pratical going around hardcoding 15 important variables., Hello,
no default setting for something like that... what your thinking about doing is on the right track I'd say
, I have no idea.. perhaps PM me info on how to log into your site and reproduce the issue., Hi Chris,
Thanks for the answer. No, I am not using Paypal since these are employees and sales reps. I guess i'm on my own on this one. :)
Thanks
Sylvain
, Not sure how to response.write the session variable, Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111, like I mentioned are you by chance running something like Norton Antivirus Script Blocking ?? That can cause timeouts and all sorts of problems with ASP as can other software like it. , sorry for delay responding,
I got bombarded with support inquiries while I was gone and I missed this one since I been home.
Does the server_info.asp page I provide say that aspupload is indeed installed. Let's start there. , I finally spoke with someone who knew what I was asking for and they set the rights and all is fine.
Thanks for your help. Wish all business' had customer support like here
, Oh, it does seem to put the photo in the correct directory.,
Timecard Entry: 3/25/2006 2:43:52 PM
Gisco payroll, setup new deuctions, added new employees, Answered the online issues that we had. Only had one all day, Milscottages.com fill content and scan photos finish design and implement into html, Nortel, Fiber, DMS-10 J. Addee, Trunk Party w/ Darrell and Howard, 15 Miles : Clayton - Alexandria Bay : Work on TI Council frame., work on problems with stats tracker, deleted old log files (15,000) from dec 99 - feb 10-00, went through and deleted no longer hosted sites, , Started asnwering phones, entered bills and went to make the deposit at the bank, lunch, sign ups, cancels, ettttccc. , changed reservation for Bob Kivi, yesterdays mail, timecards, made appt for Jim and Paul with Dr. Miller at Clarkson, overnight VT payroll, Hepburn Medical and Ogdensburg circuit problems, working with ben on-site, also w/ Netserver issue., General Phone calls., Stopped to pick up Paul's registration for the truck, chow, meet with strategy team, Email and Vm from the weekend, research content and new content areas for vermont internet development, Lunch with Jeff and Ed., 230 miles one way and a $4.40 toll one way
to microsoft seminar for big day 2000 , **BHCP (fixed price) - asp graph component, lots of calls, AUAQ, radlogs, *everydaydad development, Busy Morning training Darryl and Mary Wood, radlog, dial up issues, ask us a question, General -phone with channels, wept, etc., cleaned the office and removed trash, Channel 7, Reset modems, and updated Maintenance Log. Worked on Lisa's machine because she couldn't print. ,
