Blog Entry: 3/25/2006 2:43:25 PM
I am brought to a logon page in which I cannot access the page. This must be due to the check_user_inc.asp include. Without the include I get a blank page.
, I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.
Can't I simply delete the code that does encryption?
If not, how can I
take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,
export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks
,
Chris,
Thanks for the reply. It all makes sense.
I have gone with your first option but here is the problem:
I have moved the password protected page from the detail page with the
querystring to the straight .asp page. This obviously fixes the
previous error.
Once someone has logged in they are then presented with a list of links
to the previously protected pricelist detail pages (example -
"somepage.asp?ID=3""). They are then able to access the pricelists.
The problem is that if someone copies the pricelist URL they are then
able to pass it on to someone else and bypass the password protection.
If I also password protect the pricelist pages then someone will have to login twice.
Is there some code that i can add that will simply check that they have
logged in otherwise kick them back out to the protected .asp page.
All code in your documentation tends to open the login page regardless of whether you have previously logged in.
Thanks,
Stuart
, Ya, you must have tried to upgrade from a really really old version like you said which wouldnt really work out because those instructions are specifically for upgrading a version 6 database to version 7.
That line error you had was looking for the User_ID field and I bet the version you had was so old that you didnt have a field named that as a few years ago the field "ID" got renamed to "User_ID"
As for all the cool stuff... yup there is a lot of cool stuff in this version... glad ya like it so far
cwilliams38418.8164930556, For all you advanced users..
Here are two examples of ASP.NET code you can use on your ".aspx" pages to call banners from the ASP 3.0 version of ASPBaner Unlimited V8
This code is not supported... and you of course must change things accordingly like the variable names and zone numbers to match the zone you want to call banners from as well as the url.
2004-08-27_153832_asp.net_examples.zip
cwilliams38226.6523263889, Help!.. I need to export the username and password fields to a mail merged letter so everyone knows their username and passwords. However whenever i access the database or do an export. The passwords showup as encrypted. Is there a way to access the list, un encrypted?
thanks
, I installed the ASPProtect.NET project no problem. I am using VS.NET 2003 on Windows XP SP2 (and fully patched). I am able to build the project successfully, however I cannot debug the project. I get an error "Unable to start debugging on the web server. The project is not configured to be debugged." The web app runs fine just browsing to it.
I know this is an isolated problem particular to this project. I have MANY other .NET projects that I can debug without any problems. I have tried going into IIS and turn on the debugging for server-side script debugging and making sure my IIS application setting were configured correctly.
Can anyone shed any light on this at all? Christopher, is there any reason I should not be able to debug this? (i.e. the aspprotectlicense.dll)
Thanks,
K
, Will purchasing an additional license resolve the issue which will allow another installation or is this a function of the application that it can only protect one site per server?,
Thanks for the quick reply.
I will consider editing the code.
, Oh yes...I've changed the time a script is allowed to run before timing out from 90 seconds to 180 seconds on the aspprotect folder., If you can would you do it for a price as a mod or will this be added to the new version.
, Its not on their end. Using ASP alone you really won't be able to send more than around 300-400 individuals emails at a time before things will time out. Its just that ASP is not an efficient way of sending email and it never will be.
You really should look into worldcast like I mentioned before.
http://www.fairlogic.com/worldcast/
Then just export the email list from the database into worldcast and send out the newsletters.
You will get much better results and perfect newsletters and it really only takes a little bit longer to do each time once you figure it out. That is how I send out my PowerASP and CJWSoft newsletters and it works perfectly every time.
, Chris,
When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.
All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.
I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP. I hope I expained the situation well enough.
, Actually quite well. I have this problem worked out and it
actually isn't to bad. But now I am getting some strange
error messages. I will start another post.
Cheers
Roy
, ok, now were getting somewhere
I didn't know you imported from another system,
chances are you are missing field information that an ASPProtect user requires.
Start off from scratch with a new aspprotect database... create a new user and look at the info that gets entered by default for every field in the database
make sure when you import a user that you mimic it all
dont import directly using access because the passwords will not get converted to encrypted versions of themselves correctly.. and the whole process will be usesless as no passwords will be correct
Use the import feature built into ASPProtect.. because it is smart enough to take the clear text passwords and encrypt them accordingly
if you want to know a correctly formatted import file needs to look like make one and check it out
do one user at a time and make sure you can log in to an example protected page till you get it right...
once you get that working do them all
Thats really the best advice I can give you. , Permissions and Folder Locations
By default and to keep things clean we store everything in folder called "data"
That folder then has it in 4 sub folders
database (where the .mdb and temporary .ldb files are handled)
export (where the aspprotect export files are saved)
logfiles (where the aspprotect logfiles are saved)
user_pics (where the user pictures are saved)
Doing it this way makes it very easy for a system administrator to right click on one folder and set permissions for that folder and all of it's child folders.
Now, that being said.. you do not have to use these folders.
For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.
You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.
We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs.
cwilliams38403.6837962963, Did you see this thread. It shows how to set up the project in Visual Studio in detail.
http://support.cjwsoft.com/code/moreinfo85-1.htm
, Oh also, I tried to run the asp on my machine (win XP) and unless I'm missing something fairly obvious, I cannot get it to run correctly...when previewing it, I see all the code instead of what I should be seeing., When a user 1st signs up a proper case function is run on certain fields.
This is only once on user signup and never done in the admin area.
It's goal is to keep things entered in Proper Case,
so if someone enters "chris williams" it becomes "Chris Williams"
It's not perfect but it helps a lot to keep the data clean and more consistent. Since it only happens during registration those values can be changed later by the admin or the user if someone wants to.
The function is only applied to the fields that it makes sense to apply it to....
In your case adding a drop down menu means you want exactly what is in your drop down to appear so you wouldn't want it happening.
That being said, it is really easy to remove this situation from any field it is happening to during registration.
So edit "users/add_new_account.asp" with a text editor
find
CmdAddUser.Fields("Company_Name") = PCase(Company_Name)
and change it to
CmdAddUser.Fields("Company_Name") = Company_Name
That is all that is needed to made the change
cwilliams38421.5069328704, Is there a simple way to upgrade from 7.x Lite to 7.x Full? I was testing out the software and I just purchased it. I have made some look and feel changes to the lite version (ie: login page), but no look and feel changes to the admin section. Is there certian files that I can add to have the full version without shorting myself features or functionalbity?
Thanks
, I have no idea of what kind of 'stuff' to try. I'm running other asp apps that use there own Access databases with no problem whatsoever., Good Morning - I getting errors in my system log that says "404 file not found" for a number of files - Here are a few examples:
I ideas on how to fix this? Note: The system seems to be working fine, but I want my log files as clean as possible.
Thanks. shirley
, Sounds crazy. I recently took over this web site and all IT duties. User today said member area was not working. All pages would not display. After restoring some files I got the members area partially working. But I cannot find where the database sits. I am able to get in and view users in the admin are and log in as a member. Thanks., I am trying to find out where I can enter the ttle for the application.
There is a variableor field called App_Name into which it would be good to insert a generic name. Can this be edited?
I have searched high and low but cannot find anything to do with it.
, More Info in Case Anyone is Interested:
This bug was mentioned by a couple people. The cause of it was never really understood until I recently re-wrote some of the banner code for an upcoming version.
The fix for this bug was very simple. It was just one of those weird situations where code should have worked but did not. I added some code to do it a bit differently and it worked as it should have..
It really still makes no sense to me why it didnt work the way it was, but at least there is a fix.
cwilliams38203.5883680556, cool.. let see if that works. This was the command line that I had to enter in order for it to register. Chris, as you stated before, you can try one of the other emailers, but you need a email server to tie to.
"regsvr32 cdonts.dll"
, Hello..
I actually noticed something was up with your install earlier...
(I saw you in my log files when you clicked to cjwoft from the docs)
I need more info... like what uploading method your using.. what image resizing component, what widths yoru resizing things to... etc
have you tried it while telling it to delete the pics and also while not telling it not to delete them from the import folder
I might have to take a look tommoro as well to really figure it if that is ok
I have to go the bar to meet some friends so I wont be of much more help tonight :)
I been working steady all week and need a few.
CJW
, OMFG, no, but in the standard version it probably will not run so great with more than 75 or so.
The unlimited version can handle pretty much whatever., We would like to give a member an opportunity to upload an image when on their profile page. How does this work with the photo option on the settings page? Is this the intended usage? Thank You. , Chris,
I have had a couple of users log out of the system as they are supposed to, move to another computer and not be allowed to login because of "they are currently logged in using another IP address" when in fact they logged off properly. Is there anything that they should be doing differently?
Thanks,
Jess
,
Access to some sections of the forums must be requested.
Please Click on the following link and read all of it carefully.
http://support.cjwsoft.com/
cwilliams38291.6121296296, We do not have plans to support recurring payments via 2checkout because their system is not flexible enough to allow it to function correctly. Basically their system will not send notifications to our system when a recurring payment fails and therefore there is no way to automatically disable a user that cancels or does not pay. etc etc.. , And here is an even simpler version where the database name is hardcoded and the User_ID is set ahead of time from wherever you are getting it from
'User_ID = CmdListUsers("User_ID") ' getting it from another database query
User_ID = Request("User_ID") ' getting it from the page post
SELECT COUNT(Album_ID) AS Alb_Count FROM Albums WHERE User_ID = " & User_ID & " AND Album_Active = 1" cwilliams38433.0595949074, Thank you.... yes it does
Is there a limit in the number of Zones you can have in the database.
thanking you
, ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/aspprotect/password_admin/default.asp, line 287
I'm doing an upgrade from an OOOOOOOOOOLD version (not sure if it was 6 or not) and it read my database OK prior to adding a new user. Now I get this error message. I was able to run the password encryption function OK, but I still get this error when I try to view the password_admin stuff. I can log in via the "get_me_in" asp page just fine, but I get the above error.
If I try to log in with my admin account, I get
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/aspprotect/password_admin/check_admin_inc.asp, line 166
*****
OK, my question is this... if I retype all the info from the old DB into a brand new one, never before used, that would work, right? I only have 108 users, so that's about an hour of work. Or is there a 5-minute fix that I can try? I've done some messing around that got nowhere and returned all edited files to their original state, with the exceptions of the ones calling the DB location.
I'll start the C&P process and await your reply... 
On a side note, I really love the new format and am excited about the new features. I'm not married to upgrading the DB and if copy and paste is faster (I just need first name, last name, username, password, email, and expiration date), then I'm using v.7 that much faster.
cwilliams38457.6090509259, Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Source Error:
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
Line 3: |
Thanks!
, Sorry, you cannot, that is how it works and that is how it has to work for reasons I am not going to try to explain as it is pretty technical. (it works the same way even when not using paypal and using email authentication... nearly every registration system out there does it that way under an email authentication scenario or a PayPal IPN thing.)
Basically, if you are concerned about it you need to periodically manually check for accounts that were never activated and delete them. Maybe when I get some time some day I will make a little interface to help find those and clean them up at once.
,
Hi Chris,
Alright. We figured out how to work with both C# and VB, by creating a separate VB web project in VStudio, and then passing the aspprotectnet.dll to the C# project.
Ok. I have another question:
How can our code determine the identity and user_id of the currently logged in user:
Is it Session["User_ID"].ToString() and Session["Username"].ToString()?
thank you
, Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
cwilliams38344.8751736111,
Timecard Entry: 3/25/2006 2:43:25 PM
At Work Working on new CMA code for SOFTMLS2, E-Mail and phone conversation re: updates on three issues, that is taking forever., watched keynote speech from Macworld San Francisco, talked about some new features for desktop / and internet publishing and new OS, double checks on y2k, setup so that everyone auths, install some upgrades to systems, includes making new
copies of daily sheets, techsupport supervisor duties, steady tonight, qlight, dial up issues, radlog, ask us a questions, voice mail, callbacks expired users, new user callbacks. Emails and follow ups. caught things up well , Printed timecards, timecards into spreadsheet, Getting images for North Country Now off of Mac Zip Disk. Cropping and adjusting images to try in site as banner ads., web site billing report for memorized transactions, traveled back to watertown, Noticed that phone was logged off. I logged it back on and it logged itself off about 20 min's. later. I received a call from 'sonor' a little while later and he said he was trying to call just a few minutes before yet I know the phone was logged in. I logged that phone off and turned Rob's phone on. Otherwise, it was slow., Copied new BA bills and continued auditing on spreadsheet., Problems w/ DANC. Worked out w/ Jeff Woid and Randy, Making changes to house-now,cortland,wstarmls regarding the CMA.. also backed up manaully all the boards SQL databases before I left for the weekend, General duties, and tried to get a company computer back up and running, fiber optic training in Canton, NCORTHO.COM CHANGE NAVIGATION MENU ON HOME PAGE, *bram, Mtg. w/ J. Woods, Ron, Gary, Jodi, had a few customers with web page problems, web billing, Email etc, teched calls - steady, Personal Time - Eric's Graduation, had one call about email, Emails, Phone, Tasks, changes/updates to ti golf club site, Script to convert Syracuse Basketball App data file to Access database for Kelly., e-mail,
