| Blog News Main Page |
NEWS FROM 2006-03-25
Blog Entry: 3/25/2006 1:47:23 PM
ASPProtect Version 7
Expiry Notices go out to members who have recently renewed by subscription.
When an existing member from ASPProtect Version 6, with an expiry date, renews with SUBSCRIPTION in v7, the previous expiry date remains unchanged.
We assume the expiry date remains blank with NEW Subscriptions and that Paypal takes care of notifications.
But our notifications to the "about to expire" dating from v6 catches the "Renewed by subscrtiption" as well, as the date has nor been changed or removed, and this REALLY confuses our members.
Can this be resolved?,
You edit the web.config file that came with ASPProtect.NET.
You find this tagcwilliams38454.4368055556,
<customErrors mode="RemoteOnly" />
you change it to this
<customErrors mode="Off" />
If you have a different web.config file in your root I suggest you make sure the tag is set to off there as well for troubleshooting sake
If done correctly you will get a detailed error
It's basic low level ASP.NET stuff really and does not have anything specific to do with ASPProtect.NET.
You also need to make sure your web is set up correctly for ASP.NET and that the correct web.config's are firing..etc etc
thank you for such a quick response -- It sounds straight forward - so I should be all set. Thanks again., I just started using ASPJpeg, and i used the
"generate_new_thumbnails.asp" to create new thumbs of all of the
existing albums. It generates the thumbs just fine, but they
don't get picked up by the "Randomly Selected Photo" section. If
I upload new pics, they will show up in the random photo area.
So, it reads the new upload thumbs, but not the newly generated ones using your .asp page.
Is there anything I can do?
Our webhost set the permissions, but the error is still there, so that is obviously not the problem. We now have both our webhost and our asp support technician trying to figure out the problem and everyone is stumped. Can you please provide us with the following information to help us out:
1) what is the name of the file that sets the connection string?
2) what is the name of the file, if it is different from above, that sets the password of the database?
also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I donít know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...cwilliams38391.6024189815, Along with being able to set an expiry date or number of impressions, is it possible to add another option for a banner to be "non-expiring"?
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ????
With our current ad software (which we are transferring all data from to ASPBanner), we run banners for both paid advertisers, and for our own services. The banners relating to our own services, we would like to set to "non-expiring" so they appear all the time. ,
To be honest I just can't remember what happens. It has been a long time since I did a real live test of that. I know it seemed like a pretty smooth process to me. Right now I can not test it out as I am on a road trip with my motorcycle and I am sending this email from my PDA.
I would ask Dave at this website.
Or via this username in the forums
He can tell you what happens as he has been using the IPN stuff for about a month now.
Perhaps another user could chime in here as well and let us know. I know there are a lot of people using the IPN stuff.
Its still not there as labeled 'internet guest'. There's a 'guest' and a host of others. Is there a way to identify it as the proper guest account to use with ASPProtect?
Also, looking through support documentation, I see other possibilities it could be (http://www.powerasp.com/content/hintstips/permissions.asp). Is there a way of telling which the problem is and whether we use a dsn connection or not?
The error we are getting is
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x1340 Thread 0x17a4 DBC 0x162becc Jet'.
/aspprotect/scripts/populate_config_variables_inc.asp, line 11 ,
Glad it workedcwilliams38406.5549074074,
ASPProtect and PayPal are fully automated and ready to go.cwilliams38421.530787037, Is the user ID case sensetive? In my case I use the user email as the login ID.,
Accounts will automatically get activated after payment.
We actually do not tell you to put nothing in the PayPal system for the IPN URL. Something has to be there or PayPal will not let you enable IPN. We actually tell you in you PayPal settings to turn on IPN and make up an IPN url because something has to go there. (I think we suggested making a blank asp page on you're site to send it to) It really doesn't matter where you send that but it might as well be a valid page on your site to avoid any 404 errors in your logs when a non ASPProtect payment comes in.
You see, we dont set that IPN url set in the PayPal system because each ASPProtect signup script directory (single payment and subcription) uses it own IPN url and that all gets set on the fly by the aspprotect system. There is a way to overide the defaul IPN url is what I am saying.
A lot of people already have something there and we didn't want the ASPProtect system to interfere with things they already had going on.
Yesterday when I would access the get_me_in page with the password key, I was then taken to the default login page. It did not give me the option to create a user.
Today, when I entered the password key into the get_me_in page, I was taken right to the create user page. So, yes the problem has been resolved. I have no idea why though.
It's probably something I could do for you as a custom project if you are interesting in paying to have that work done, but it is probably not something that will be added to this version of aspbanner as it is in my opinion a feature more suited for a more expensive software package.
It is also difficult to get ASP code to do things on it's own. Scheduling something to run on the server or some other clever scenario is necessary and that usually means it would be unique to each persons setup.
, Well my hosting company has finally gotten back with me, so I'm having them troubleshoot the webserver to see what might be eating up those resources. So I'm in a holding pattern on this for right now.,
Chris, that fixed it. Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.
Suggestion for future release. Create an option to email the admin when a message is posted. If this code already exists please advise.
I really do not know.. maybe it is a conflict with something else..
I run many instances of aspbanner on my servers and I have every item to log enabled for my iis log files... my stats server software which reads those log files (livestats and smarterstats) have never reported any 404 errors related to (aspbanner/those images)...
I do not know what is happening in your situation..
ok... glad ya figured it out.
Yes.. for ASP server side code to run the page extension must be ".asp". I was gonna mention that but I guess I just didnt think anyone would do that.
no offense.. not everyone works with this stuff every day..,
The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.
You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.
Please continue to check the support forum threads for the most up to date documentation.,
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then choose unblock down in the lower right corner ...then you can open and view the file correctly
ok.. There are various spots that call the end_date variable. That is why I am asking. Then incorporating it into the forms that have been developed, made me wonder.
I can empathize. It can be a real pain to stablize a server and fend off hack attacks.
As for beta testing, I was referring to once you get to the point where you're ready to release it to the public whether it's this month, next month, etc.
Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.
I downloaded v7 3/7/2005
I entered a password that was supposed to be all caps with only first letter caps.
it is odd, if I go to other user and enter wrong password that does not come up. it apprpriately goes to a screen that says Access Denied.
Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..
Same thing happens... certain passwords just do not work.
So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.
Here is an example.. see the screenshot below.
Username "admin" password "petepetepete"
The top query done in Enterprise Manager is valid and shows the user.
The bottom query is also valid but it does not show the user.
And that is exactly what is happening from the ASP codes point of view.
Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.
It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.
I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.
One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.
It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.
Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.
The password is HANNAH. If you're into trouble shooting mode and would like the key, I can send it to you. If not, no big deal, I've email the guy a new password. We'll see how many rounds it takes him to get it right.
Thanks, , Makes sense to me. I used the ASPProtect_access2002.mdb supplied.
(I am using 2003). Only added more names and other personal info
to it for test. Uploaded the amended db with FTP. This did not
restrict someone not listed in db from logging in.
Would each individuals' information need to be added to the code in
order to have it check the database first to find out if the person is
authorized to view?
Part of the problem is I dont know which ASP page or script links the
db to the rest of the web, or how one page relates or links to the
Sometimes I wonder if problems I encounter originate with the server.
Thanks for patience.
Thanks for the info. We'll do as you suggest.
I do not have any programming knowledge and have what might be a simple question.
I am having a hard time getting my hosting company to modify the rights on the data folder. They state they support ASP and access databases however this is the response I got when I requested the modify permissions set for the internet guest account:
Were the rights changed on the data folder? No, we do not manage rights to folders.
My question to you is: Doesn't supporting asp require those permissions be set on the database folder or can asp (not just aspprotect) work without those rights modified?
I installed the ASPProtect.NET project no problem. I am using VS.NET 2003 on Windows XP SP2 (and fully patched). I am able to build the project successfully, however I cannot debug the project. I get an error "Unable to start debugging on the web server. The project is not configured to be debugged." The web app runs fine just browsing to it.
I know this is an isolated problem particular to this project. I have MANY other .NET projects that I can debug without any problems. I have tried going into IIS and turn on the debugging for server-side script debugging and making sure my IIS application setting were configured correctly.
Can anyone shed any light on this at all? Christopher, is there any reason I should not be able to debug this? (i.e. the aspprotectlicense.dll)
K, I just remembered the current skin is stored in a text file in the pictures folder. If it did not have permissions for writing it could give you trouble. That could of had something to do with it.cwilliams38295.3821064815,
(FREE) Nov 23 2005 Update Files
If you purchased ASPProtect Version 7.x before Nov 23 2005 then you can download these Update Files.
(These are non-critical updates.. only update if you want the described changes below)
These updates do the following..
- Make the Tabs in the Admin area move up and down as you navigate around so they look more like tabs used in a file cabinet.
- Updates the import/export process so the tab delimited text files created now store the passwords in plain text instead of encrypted. I have been thinking about this one for a while now and I think it is better this way as it was confusing a lot of people. If can also kill the whole process if by chance the encrypted output of a password contains a line break of sorts. There is no way to deal with that scenario so this is way the import/export process is going to work from now on. This also means you should be VERY carfeful about leaving export files lying around as they will have the passwords in them.
- Updates the "expected_paths.asp" in the data folder because the paths it was generating had an extra "data/" in it.
- Updates the users page so it will not show the import/export link if you have not entered a path for the export files in the settings.
- Adds an Activity Tab if using the Activity Tracking features instead of the links it used to put on the users page that most people didn't see.
To install these just copy them in over the old files.
Now of course back up your existing files so can revert back if there is a problem or you do not like the changes. If you made any custom changes to any of your pages use your head and realize that copying these in over your existing files will overide any custom changes you made. (that is your business, I am just warning you)
Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?
My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that?, We do not have plans to support recurring payments via 2checkout because their system is not flexible enough to allow it to function correctly. Basically their system will not send notifications to our system when a recurring payment fails and therefore there is no way to automatically disable a user that cancels or does not pay. etc etc.. ,
I have a customer who is asking the following:
... could you make a link from it to our website and is there a way to see what traffic goes from us to them. They are going to pay a commission on sales, however I need to be able to track who views their site...
Wishful thinking or could you add code to track their IP address and display in the report section? Not sure that would be enough to satisfy this request. Suggestions?
I had to open up the permissions to get it to work. I now have to go back and uncheck each one for directory listing.. :)
, The PayPal feature that is in ASPClassifieds has always been labeled as experimental and has never been supported as the documentation says. About a year ago I stopped even mentioning the feature on the product pages or in the live demo because I didn't like how it worked and I decided I would just market the application as a free based classifieds. Itís just not something I can support or talk about. To work really well it really needs to be coded to use PayPal IPN and a credit system. Where ads and various extra features cost so many credits and people have to buy credits before they can post any ads.
Thatís about all I can tell you. It's just not something I support.,
Hi, we purched ASP Protect a few months back and had it installed on our hosting company under a "temporary" domain name -- cidrasensors.com
We are now about ready to switch this development site over to production and I need to change the domain from cidrasensors.com to cidra.com
My hosting company wants us to create a new accounting and re-set everyting up.
So...based on this, I have a few questions for you:
1. Do I need to re-install the software? or can I copy from one account to the other?
2. Assuming I can copy the software to the new account - are there changes that will need to be made to point to the new domain?
3. If I decide I wanted to keep the first account alive for development purposes (never turn on the website domain to the public) - would I need to have a seperate ASP Protect license?
4. If I decided to ask you to do the transfer for us - is that covered in the $20 Installation fee I saw on the web?
I was told by my ISP to use localhost and it should work and it does not. It does not require authentication to send e-mails.
Any other ideas?
A mod like this would improve tracking by leaps and bounds.
Do you think this addon would be availalbe anytime in the near future? If/when this feature or mod becomes availalbe, it certainly would be ideal if some script was made to import all the log file data., How do I customize the validation email that is sent to users when they first register?,
Timecard Entry: 3/25/2006 1:47:23 PM
Reading and responding to emails and voice mails, Ordered extra DCLI for Watertown Daily Times. Changed Jim Gilberts billing address for his circuit. Called for updates on orders w/ Cortel. Returned phonecalls. Looked into DLCI issue in Massena/Canton and Malone/Peru, *24 dollar domains site design revisions, emailed Jason old Windows9x User Manual file and worked on trying to get it converted to a .doc file... need Office 2000 Disk 2 in order to install the function to do so, Switchboard, billing calls, Time spent throughout morning resolving issues w/ DSL orders w/ Bill Kopek (Bell). Gave him information received from Randy re: ATM circuits., lunch, Lunch, work on billing, PREPARATION FOR AMY'S MEETING WITH BRESEE FINISHING DETAILS, Updated info on my projects in the Work Request System, Mtg w/Jim, TICC payroll, Meeting w/ J. Johnson & B. Cornell, steady no real problems, Floating Holiday, transferred some calls. took a few customers who were getting no answer, Distributed press release re: TICC opening, Reading and responding to emails and voice mails, closed today for X-mas, general billing, callbacks from emails this morning for expired accounts, lunch at cavs, checked radlog, called
bp and exp, Mandy Curtin re: curtinludtke email, prep for Fishercast visit - Gisco end of ISDN, Also checked online reports and email., Email and vm, training at Nortel, Lunch, emails, timecard, enter bills,