Blog Entry: 3/25/2006 1:44:45 PM
I'm getting this error when I try to login:
Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/gallery/users/login.asp, line 19
The Include file '..dataconn_inc.asp' cannot contain '..' to indicate the parent directory. ,
Connecting user is dbo of database.
User_ID is primary key with auto increment identity.
SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
[User_ID] [int] IDENTITY (1, 1) NOT NULL ,
[First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Admin] [bit] NOT NULL ,
[Active] [bit] NOT NULL ,
[Expiration_Date] [smalldatetime] NULL ,
[Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Counter] [int] NULL ,
[Last_Access] [smalldatetime] NULL ,
[Login_Limit] [int] NULL ,
[Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Date_Created] [datetime] NULL ,
[Validated] [bit] NOT NULL
) ON [PRIMARY]
ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD ,
CONSTRAINT [PK_Security_Users] PRIMARY KEY CLUSTERED
) ON [PRIMARY]
Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?
My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that?,
I've got an ecommerce module that's running on it that uses access for the db. Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.
So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?,
Not to be pushy, but how's the new version progressing?
I'm hoping these features will be in it:
- possibly add the ability to move pictures around in an album. and maybe between albums, I must also remember to move the ratings and desc as well for that image.
- possibly add a feature to store 3 versions of images uploaded
thumbnail, medium res, and high res/original
add option to store the images orginal name in the images description area during upload
may be helpful to people that name their images in a somewhat descriptive way
add support for the ibulc bulk upload client that I recently discovered
If you could use a beta tester, I'm still just setting up my site and would be willing to run a beta.
Can you set an expiration date on a subscription?
a. Sorry for the missunderstanding
b . Im running XP pro and done what was explained
c. The iis stops responding - Till I make iisrest
Ran, Once you have the LANGUAGE = VBSCRIPT and Checkfor = 1 on your page,
you'll have it secured. I've got over 1600 pages secured in such a
manner, thanks to ASPProtect!
I need a point or a little insight please.
I need to get information from a credit card authorization called netbilling. I have been looking at your code for PayPal and 2 checkout. I have a feel for the code flow and the relationships of the "includes" .
I have been doing a lot of reading in my books and am seemingly twisted around the axel. I am not expert in ASP I am better in VB. I am not afraid to write code I am just a little nervous about messing up existing relationships.
My plan is simple: code a page to open the database and populate the database fields from netbilling and convert their field name to yours in the database.
I appreciate your time and insight. As in the past I need your help again.
I have a strange problem with the thumbnails in the ASPClassifieds.
If i upload some pictures in an ad, the 2nd picture always shows with an x, as the picture doesn´t exists. But if i click on the 2nd thumbnail, the picture shows okay. I haven´t changed enything from the original code.
Does anyone have any idea, where it goes wrong ?
With best regards, Erling Larsen, I purchased the photo upload software and it all works fine, except when I
try to click the categories I've created on the home page they don't show
any of the albums I've created and designated as that category. I went to
one of the example sites at http://www.minnessota.com/users/
and it works fine. When you click Photos(40) it takes you to the 40
photos. I'm sure it's some setting I missed or something simple. Could
you email me back soon and let me know what to do/try? Thanks. ,
My Admin user got corupted, and I need to reset the password and user, what is the defualt password for this database, as I do not think I have changes this (hopefully) as of yet.
Paul, well, I just tried a password using "abcdefghi" and like you said it did not work
I am looking into that.
Also, it seems I had the SQL scripts creating the "Old Password" field just in case someone needed it and I forgot about that. ,
Perfect exactly what I was looking for.
Does emailing work under the simplest scenario ? (directly from the users screen)
Thats the way to test it..
All that error means is whatever reason the settings you have chosen are not working. It could be the server. It could be what you chosen. (and yes I realize your pop info from outlook should probably work with the settings you chose),
Whenever I do installs I often have to try 3-5 different emailing scenarios before I come across one that works.
Each time making some changes and sending out test emails from the users screen until I get somewhere. Often time getting a working example of how your Hosting Company wants you to send email from ASP is the info to get your hands on. (what method and settings)
In this case they may have blocked the usee of a remote server and want you to use some other settings for sending email from asp. A lot of times they put that info in their help system.
If I were you I would start by trying the other two CDOSYS options for starters, and then try the remote server option again but using "localhost" as the server, if none of those work consult your host for example code and settings to send email from asp. If you still have no luck I can help for sure.
Realize too when testing the emails may take a bit to arrive. A delay of sorts. Best to type in a quick note about which method you are trying in the email text. That way when you finally get one delivered you'll know which method worked.
I have connected to countless DB's using my own applications written in dreamweaver and have tested them on my own server and also my web facing one. BUT this seems to be different. no matter what I try I still get this error.
[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x440 Thread 0x6b0 DBC 0x1f995bc Jet'.
On both a windows 2000 server and also a windows 2003 server. Also using both DSN and DSN less connection and oledb.
Any help would be greatly apprectiated.
ASPProtect v7 comes with working example code of protecting a file download.
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the file download by only allowing a logged in user to download it. The special ".asp" page we use the stream the file is password protected. It also hides the true location of the file so you can keep your files out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the html source they can not tell where the file really came from and they can only download if they are logged in and you offered them the link to the file.
For the file download protection examples to work you may need to edit some values
in the stream_download.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Now, you also need to call a valid "download file name" from the download_link.asp file which is an example of how make a download link to the streamed download.
Lastly, we provide a working example. Now, you obviously may need to customize it to fit your needs. Please realize you are going to have to make special download links in your .asp pages and not only should you only show those links to people with appropriate access to download the files, but you should also protect the streaming download page accordingly as well as far as level, groups, and particular users. What I am saying is which files a particular user is allowed to download is not automatically handled by ASPProtect in any way. We give you all the tools to provide protected downloads to logged in users, but if you have complex needs you’re probably going to need to come up with a system that works for you. It's not really difficult because we did all the complicated stuff, but its something you have to sort out.,
Perhaps someday in the future ASPProtect will have an interface to upload files and associate them with certain users. But at the moment it does not.
It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.
I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.
But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file,
Here is what I have in settings.
|FILE SYSTEM OBJECT
|ADODB (ActiveX Data Object)
||Version: 1.2 Installed |
||Version: 2.80 Installed |
||Not Installed |
||Not Installed |
||Not Installed |
||Not Installed |
||Not Installed |
||Not Installed |
||Version: 18.104.22.168 Installed |
||Not Installed |
I do not even see ASPUpload listed but when I run the test_asp_components.asp from the extras/more_component_info folder, it shows that it is installed.
, how would anyone recommend i go about setting a different expiration date for each group a user may belong to?,
In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.cwilliams38306.6367708333,
I will actually explain how to set access_levels and/or groups...
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*",
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
that user would be a member of groups 1,5, and 9
If you are using ASPProtect Version 7 it is possible because version 7 supports html emailing. In any other version it would require some custom coding to add html email support. You would have to sort it out by experimenting and editing the emailing code. All the email methods have documentation on the web in some form or another showing how to send html emails.
sometimes depending on the email component being used and the email client reading the email a link in a text based email will get hyperlinked automatically. For example outlook usually will do that, but it doesn't always in other situations.
Lastly, we have special upgrade pricing should anyone want to upgrade to ASPProtect Version 7. It really has a ton of great features.
1033 which is English - United States
mm/dd/yyyy date format
2057 which is English - United Kingdom
dd/mm/yyyy date format
Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.
This setting can however be easily overwritten when using the ASPBanner system.
Edit the "config_inc.asp" file with a text editor.
Add this code between the <% and %> tags.
Near the top is good
Session.LCID = 1033
Session.LCID = 2057
depending on what date format you are looking to usecwilliams38325.7403125,
Save the file and go edit a banner. The date pickers should be there now.
when you get back to work.. your "redirect.asp" needs the password include file at the top of it.. or that wont work either..
and of course those pages you send people to all need to be repaired,
Payment now taken in £.
Pasted <input type="hidden" name="currency_code" value="GDP"> into
If you have found out that parent paths are disabled on the web server you can still use the application.
Before you continue.
If it is your server consider enabling parent paths to solve the problem.
If it is not your server consider asking them to enable parent paths for your web site to solve the problem.
If that is not possible please download this zip file.
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.
The zip file contains the following folders and files.
Below is the contents of the readme.txt file which explains everything.
The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.
(parent paths enabled) - This is the way the application comes.
The files in this folder have FILE server side includes containing "../" information. While these includes will work when the applicaion in is any location of a website they will not work if parent paths are disabled on the web server. Generally you will want to use these on your xp development machine. You can of course use them on your real server if parent paths are enabled. Parent Paths are now disabled on II6 by default and some hosting company will not enable them.
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in the root of your web domain. For example if your domain was called "www.somedomain.com" the following aspprotect files and folders would end up like this
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in a directory called "aspprotect" in the root of your web domain. For example if your domain was called "www.somedomain.com" the
following aspprotect files and folders would end up like this
You can change the name of the "aspprotect" directory but you will will have to edit the includes in the files.
Lastly, if you are on a local machine and insist on using the VIRTUAL INCLUDES you would also use the (domain directory files) even though you dont have a domain on your local machine most likely
For example if your site was installed like so.
that wont work the way you did it because groups are not stored like like.
groups are stored "*1*"
so if you test for them you must do so using the InStr function of vbscript
If InStr(Session("Groups"),"*1*") Then
' do whatever
also.. as for the session variable
it should be Session("Groups")
And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved,
Session("Groups") = CmdCheckUser("Groups")
If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value
Yes, that’s all I wanted to know. The problem is on my end. The server is not creating the .NET site correctly. I think I got it working now. Thanks.
In case you wanted to know? The only reason I asked you is because you mentioned that you where having trouble with overseas piracy and my account is new. I figured it was my user error by just though I’d ask you first. Hope you have no more piracy issues and have a good rest of the day.
Thanks again for the quick response.,
We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.,
I am using VS 2005, when i go to new project in visual basic folder asp.net web application is not there..
Can i add it somehow?, There are problems with your sql server database then. It was not set up correctly.
The 1st problem relates to having "used stored procedures" checked in the settings page.. but not actually giving those stored procedure execute permissions which they need to run. That is something that must be done on the SQL enterprise manager side of things either by you if you are allowed or your hosting company.
If you can not get the execute permissions set on the stored procedures for the sql database user you are using then turn off that option in the settings page and try things without it.
The 2nd error I am not sure of at this point so correct the 1st issue and we will go from there. It could be another sql database issue (not created correctly) or it could be an asp code issue of some sort though I doubt that or other people would have had problems on that page as well. I also just tested it out and looked the code over and I did not have any issues here. ,
need more info..
are you using aspimage to resize images and make true thumbnails..
(because if you have it turned on and it isnt actually installed on the server you will get broken thumbnails.)
what kind of images are you using ? gif or jpegs
are you uploading images over existing images ?
really need to know exactly what to do to reproduce the situation from scratch and then I can give you a better answer ??
AUGUST 12th 2004
NEW VERSION OF ASPBANNER IS BEING RELEASED THIS WEEK
ASPBanner Unlimited Version 8.0
It is completely finished.
This new version has more features and is selling for $99.95
Unlimited Version 7.3 is now named "ASPBanner Standard"
Owner's of Unlimited Version 7.3 can get an upgrade to Unlimited Version 8 for the difference in price (based on current pricing)
It is available now for purchase at the following link .
The new version can use your existing database so it is a fairly easy upgrade.
If you are not an existing ASPBanner Customer you can use the following link to purchase the application normally.
Notes on the new version:
ASPBanner Unlimited Version 8
Improved graphics and some new icons
New reports screen... 4 reports total 3 of which are new
New Iframe Banner Calling method with built in auto refresh feature so banners can rotate at a specified interval on their own
New Zone Order Informaion Page
Visually shows you what the current rotation looks like for a zone
Banners can now be stopped at a certain date and at an impression limit
Whichever is hit 1st.. before it was just one or the other
New "data" folder... this new directory is the only directory that needs permissions
this should make setting up the system and permissions a breeze.. all cjwsoft applications will
eventually use this same folder
New configuration text file... eliminates config table in the database and allows us to easily
add more config options in the future without changing the database.. means easier upgrades down the road
and faster loading of the configuration data
New application data connection wizard
makes setting up the data connection a no brainer
more overall emailing methods supported
QuickSoft EasyMail Objects
Persists ASPEMail now supports outgoing SMTP authentication.
Simple Mail now supports outgoing SMTP authentication.
It is becoming popular for ISP to use this.
Emailing code now uses functions so we can easily add more email component support down the road
Flash files (.swf) can now be previewed and used in new banner right from the upload page
before this could only be done with image files
Users page now has a notes popup feature
when you hold the mouse over the icon you see all info on a user without needing to edit that user
Edit banner page now shows the color of the banner status in the dropdown menu
New clone banner feature.. allows you to easily create similar banners
Banner application page has been optimized to be even more efficient
Ton of misc little things & Improvements...
Okay, here's the problem. The out of the box sql script creates a catalog called aspphotogallery and a user id aspphotogalleryuser.
The out of the box GalleryConnectionString tries to access a catalog called aspgallery and a user id aspgallery
'*** GalleryConnectionString = "Provider=sqloledb;Data Source=p600laptop;Initial Catalog=aspgallery;User Id=aspgallery;Password=temp;"
I see the readme.txt has been corrected but the line in dataconn_inc.asp still needs to be changed.lancem38325.9032986111,
I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.
That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.
see this article...
Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.,
If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc
Chris, I'm having problems getting this to work. When I plug in the redirect URL and then try to load the web page, the Flash ad never loads successfully - just its black background in the 468 x 60 space. Here's an example of what I'm seeing:
Just keep refreshing the page until the black rectangle appears. And here is the code I've loaded for this flash ad:
codebase=" http://active.macromedia.com/flash2/cabs/swflash.cab#version =4,0,0,0" ID=banner WIDTH="468" HEIGHT="60">
<PARAM NAME=movie VALUE=" http://www.innovationtools.com/aspbanner/aspbanner/banner_re direct.asp?Banner_ID=25">
<PARAM NAME=quality VALUE=high>
<PARAM NAME=bgcolor VALUE=#000000>
<embed src=" http://www.innovationtools.com/aspbanner/aspbanner/images/ba nners/mindmatters_innovation3.swf "
quality="high" bgcolor="#3CBDCD" WIDTH="468" HEIGHT="60" TYPE="application/x-shockwave-flash" PLUGINSPAGE=" http://www.macromedia.com/shockwave/download/index.cgi?P1_Pr od_Version=ShockwaveFlash">
What am I doing wrong? By the way, I'm using the standard version of ASPBanner. Not sure of the version, but it dates from about 2002.,
I'am in the process of modifing registration and tieing in paypal. When I get live I will send you a link. Thanks for help.
John, thats intertesting.. I have never heard of the concept until now..
I did a search for ASP examples or ASP components that can help with the process and just couldn't find anything about it.,
Timecard Entry: 3/25/2006 1:44:45 PM
lunch time, working on new tech support firewall router with DHCP, Webmin, SSH, SSL, IPMASQ, LPD, Assy of Book Shelf, filed , two phones going to Watertown, watertown mail, timecard -mine, emailed messages to Paul , worked on work order numbers on Work Request System (internal billable), WORKED ON THE sEACOMM PROBLEM- RESCHEDULED WITH lAUREL AND DAVE- SPOKE TO NIC ABOUT ISSUES WITH WANS AND WIRELESS NOT GETTING INSTALLED- NO SUPPPORT FOR CUSTOMERS, Meeting with Chris W. on what we need to do for Albany board, Took tech calls, checked DUI, AUAQ, RAD, and Voice Mail. Called users back with expiring accts, and DUI. , emails, voice mails, did lots of calls and set ups, got to be a bit steady, tech issues, online issue (there was only one of them) ask us a question (was none) voice mail (one and a hang up) , going over changes needed to ccbrmls.com, noting the ones that have been completed, teched calls - slow, Memorial Day holiday, added new ZipLink access numbers to GiSCO and USA1Net databases, sent updated numbers.txt file to Jim Gilbert (not billable, internal), Labor Day, Charts, Answered phones, checked RadLog and Dial Up Issues repeatedly., Lunch, Conference call with CHR w/Tim re excise tax, traveled back to watertown, Music-Contact, re: move to Shark, finish up phone calls, traveled to saratoga for board meeting, Trained with Ben and Andy. Ben showed me how to add in a domain,Raptor, and also how to configure the domain, Andy showed me Tycho, and Cisco, and I configured Linda's laptop for her. , 3 calls 1 was a former employee
Scott Kraeger, Beth - Has updates for 1812ale. Kelly - Reviewing his SoftGrade overview, printing color copy of sunandshield.com, Daily reports, Painting old NextCom area., Modified scripts and they seem to work, Kelly's comments lead me to add more items to menu, and find hyperlinks for some of the content pages., Telephone with Judy Fiorentino of CREG Systems,