| Blog News Main Page |
NEWS FROM 2006-03-25
Blog Entry: 3/25/2006 1:36:56 PM
Installing and running NET on a DOMAIN CONTROLLER is a BAD idea period.
Besides the security risks you will have nothing but endless problems
with that setup. Domain controllers ARE NOT and NEVER were intended to
be run as any sort of application server. Your best bet is to run your
asp and asp.net scripts from a member server or one set up just for web
apps. Of course if your in the mood to mess around endlessly it is
possible to make that work, but why would you want to when the prefered
solution is a heck of a lot easier.
the reason being is because when I do installs I do not touch any of your existing content. I only install the base application and make sure everything in it working correctly and also that the example protected pages are working. I do not integrate it with your existing site or edit any of your existing web content. That is up to you
sorry about that, but it would be way too time consuming and editing people's existing pages is a good way to cause a lot of headaches for me and the customer if something goes wrong. Not only that but everyone uses the system differently and it wouldnt make sense for me to be the one doing that based on access levels, groups.. etc etc which will all be custom to how you want things set up.,
more on installation policies here.
Have tried doing that but same error...
Some users have reported an error during the registration process.
Here is what I believe is happening.
When you register you get sent a validation email that has a link in it that looks something like this.
That link can only be clicked on once which will activate your account.cwilliams38089.6248842593,
If you somehow run that link more than once you will get a message telling you there was an error.
I think some people are double clicking on the link they get sent and running it more than once.... or clicking on it again after registration is complete. It probably happens very fast so they never see the success screen.
Either way, if you can login to the forum nothing is wrong and you are already activated.
it is not uncommon for folder permissions to be lost or changed on a server.. a lot of things can cause it
if it was working and now you can not edit or write new data to the database it is most likely permissions
I would triple check permissions... see my articles if there is any doubt on how permissions are set
, Just copy the files over. have permissions set on any folders that need it, and edit the data connection so it's valid for the new server. Once you get logged to the admin area go update all the settings so any urls are valid.
really its no different than a new installation so just follow those directions but use your existing files.
There is no domain pointing involved...
As logn as the old stuff is not accesible on the live internet you don't need another license.
As for my installation fee of 25. That is only for new installations. I charge more for something like that as there may be compications such as custom changes to the code that I would have to deal with. Customers often custimize the login and users area.. etc etc .. and there may be hardcoded urls and what not to worry about changing.
LASTLY, I noticed all your other posts are in the ASPProtect 7 area so the installaton process for that is a bit different than for Version 6 so what I said above is not quite the same process. Please make sure you post in the correct area when asking questions. ,
upgrade pricing is here
what is different
the changes to make it work with MySQL were vast to say the least
more on that from an old thread
just please remember use of MySQL is just not supported, I moved the password check file out of /user and am getting this message:
I can assure you it works well as I have people using it
Microsoft VBScript compilation error '800a0400'
/asplog/check_user_inc.asp, line 404
Is this a standard database connection error so I should ask my IIS to make sure permissions are correct?
Installed latest verison Doesn't seem to have corrected problem. Still with same message. I wonder if deleting this user and putting him back in might help. I have not however tried any other user names and passwords. ,
It's probably something I could do for you as a custom project if you are interesting in paying to have that work done, but it is probably not something that will be added to this version of aspbanner as it is in my opinion a feature more suited for a more expensive software package.
It is also difficult to get ASP code to do things on it's own. Scheduling something to run on the server or some other clever scenario is necessary and that usually means it would be unique to each persons setup.
I have a strange problem with the thumbnails in the ASPClassifieds.
If i upload some pictures in an ad, the 2nd picture always shows with an x, as the picture doesn´t exists. But if i click on the 2nd thumbnail, the picture shows okay. I haven´t changed enything from the original code.
Does anyone have any idea, where it goes wrong ?
With best regards, Erling Larsen, I just got home from a lonnng trip.. I will try to answer this 1st thing in the morning.
Does ASPprotect support Paypal's Website Payments Pro option, where a user can use a credit card directly on a web site, without passing to paypal.com?
Got it working. Had purchased a long time ago and forgot about needing to run the userreg.exe. All is well and thanks for the follow up.
also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...cwilliams38391.6024189815,
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ????
Okay, so I copied the txt file into the export file and tried the import users option and it timed out on me as well.
Would it be easier to figure out if you were able to look at the iis server?, Are you aware ASP can run on any machine running win95/95,2000,xp pro, 2003. You really should test all asp code locally before running it on live servers but anyway... that is your deal
I am not sure if memory alone will be enough for that server but it could help. I saw a decent amount of free memory when I looked. Its just about an 8-10 year old system on every aspect (processer,OS,Hard drives, memory etc etc) and not only that something is tasking the heck out of the resources left over for asp database access. Something is just wrong. I don't know what it is but I am pretty sure it is not aspprotect. I got rid of my last nt 4 server about 4-5 years ago but the application always ran great on NT and I still have some customers using NT 4. Not many though.
if you email me the import file and the encryption keys you are using I will make a database for you.. just zip it up and send it to chris-cjwsoft.com
replace - with @ , Say, I just thought of one last thing.
Your not by any chance running something like norton antivirus with norton script blocker on that server are you ?
It can cause issues when ASP uses the filesystem object and cause never ending page hangs like you are having.
There are other apps as well that can cause it to hang.
And ASPProtect does use the filesystem object.,
I would like to ensure the the user uses a UK style postcode not a clue how to ensure this as I am new to asp. Any ideas?
John, MODS are NOT SUPPORTED.. questions about them will not be answered in the support forums. If you want to use a MOD you are considered an advanced user and will need to sort out any issues that may or may not come up.
MODS are used at your own risk and may or may not require certain basic coding skills. ,
I need some help with the following code. Please look at the area in red. I need to be able to set someting up to where the variable eval1 (a yes/no field in my database) is set to false after the associated link is pressed.
font-family:"Times New Roman";
margin-left:0in; margin-right:0in; margin-top:0in}
<body background="../images/1.gif" bgcolor="#C0B59A" vlink="#FF0000" alink="#FF0000" link="#0000FF">
<area href="http://www.utb.edu/" shape="rect" coords="627, 66, 670, 81"></map>
<span lang="en-us"> & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp; & ; ; ; ;nbsp;
<img border="0" src="https://blue.utb.edu/irp/Inst-Research&Plan.jpg" usemap="#FPMap1" width="675" height="82"><br>
<h2 align="center"><span lang="en-us">Administrator Evaluations</span></h2>
<p align="center"> </p>
<p align="left"><span lang="en-us"> <b>Welcome, </b> </span> <b> <% Response.Write(Session("FIRST_NAME")) %>
<p align="left"><b><span lang="en-us">On this page, you will see a list of names
that represent the persons that you will be evaluating this year.
Please click on a name to select that persons evaluation form. Once you have completed
and submitted that persons evaluation, you will be returned back to this page to
continue with the next person on your list. Once you have completed all your
evaluations, you can log off the system using the link below.</span></b></p>
<p align="left"><b><span lang="en-us">Please note: Only <u>1</u> submission per
person will be accepted, any additional submissions will not be accepted.</span></b></p>
<p align="left"><span lang="en-us"><b>If you have any questions please feel free
to contact us at the number below.</b></span></p>
<hr color="#FF9933" width="80%" size="3">
<p align="center"><span lang="en-us"><b>Please click on a name below to begin
the evaluation process.</b></span></p>
<%If Session("Link1_Name") <> "" Then %>
<table border="1" width="28%" id="table1" bordercolor="#000080">
<tr><td bgcolor="#FFFFCC" style="float: left"> <b><span lang="en-us"> <a href="https://<% Response.Write(Session("Link1"))%>" onclick="<%=Session("eval1")="true"%>;return true" </href> <font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link1_Name"))%>< /span></font></a></span> </td>
<%If Session("Link2_Name") <> "" Then %>
<table border="1" width="28%" id="table1" bordercolor="#000080">
<td bgcolor="#FFFFCC" style="float: left"> <b><span lang="en-us"> <a href="https://<% Response.Write(Session("Link2"))%>" </href><font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link2_Name"))%>< /span></font></a></span></td>
<%If Session("Link3_Name") <> "" Then %>
<table border="1" width="28%" id="table1" bordercolor="#000080">
<td bgcolor="#FFFFCC" style="float: left"> <b><span lang="en-us"> <a href="https://<% Response.Write(Session("Link3"))%>" </href><font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link3_Name"))%>< /span></font></a></span></td>
POST EDITED / SOME CODE REMOVED TO KEEP IT SHORTER ..
This went to Link3_Name
<p><span lang="en-us"><b>If you have completed all your evaluations and wish to
log out please click <a href="log_off.asp">here.</a></b></span> </p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="3" width="80%" noshade color="#ff9933" align="center"></div>
<p align="center" style="text-align:center"><b>Institutional Research and Planning
80 Fort Brown<br>
Brownsville, TX 78520</b></p>
<p align="center" style="text-align:center"><b>Phone: 956-544-8816 &nbs p; &nbs p;
<a style="color: blue; text-decoration: underline; text-underline: single" href="mailto:firstname.lastname@example.org?subject=Administrators%20Evaluation">
it is by design actually and something that can be improved
(I just never thought of it when I 1st designed the system and it is actually planned to be added in Version 8)
The trick would be to reset those session variables anytime someone edits and saves their information... not very hard at all
you would do it on the save code page for when a user edits themself.
you want to grab the info posted from the form and reset each session variable at the same time everything is re-saved to the database
Session("Company_Name") = Request("Company_Name")
Is there any way to extend the limit multiple login feature to a certain number instead all or none? In other words, i need to have a user be able to use the same login for x number of people. My customers are institutions and want to be able to have a single login for however many users they purchase for.,
I hear ya.. problem is it just does not fit into the banner rotation logic., well, I just tried a password using "abcdefghi" and like you said it did not work
I know it sounds like a simple thing, but it is not because ASPBanner does it's rotation logic in a totolly unique way that no other system I know of does. It basically does everything in memory.
I just don't see anyway to do add what you are asking about without totolly re-writing how it works. The system would have to rely totally on complex (SQL queries / stored procedures) to do the banner rotation like every other poorly performing system out there.
It's really hard to explain, but I just no way I see to add it to the high performance application variable banner logic. If I changed the system to not use those application variables there would be a tremendous performance loss because the database would be doing about 90% more work than it currently does.
As I have said before sacrificing performance is just not something I am willing to do.
I built ASPBanner for performance and speed and that has always been it's main intention.
I leave the bloated features to the competition. If I lose sales because of it that is just unfortunate. I want the best performing system. The system I can be proud of. The system that can handle millions of impressions per day under a MSSQL or MYSQL installation and not even flinch. That is what ASPBanner is all about.
The other thing is pricing. The price is kept low partically because the feature set is low.
Maybe someday there will be a version with more features and less performace. I really do not know. Right now it's just not something I plan on doing.
I am looking into that.
Also, it seems I had the SQL scripts creating the "Old Password" field just in case someone needed it and I forgot about that. ,
A general question - Can you have multiple instance of the gallery on the same server? ,
that is because passwords in the import/export files are encrypted.. if you make one of your own you need to use the rc4 function in the "config_inc.asp" to encrpyt your passwords just like the aspprotect system does (requires knowledge of vbscript and integration into your export system)
now, there is a way around this, I get the following message when trying to look up the sysdiag.aspx and the default.aspx files. Why? I have followed all the install instructions.
if you want to import a file you made with clear text passwords edit "import.asp" beforehand and change
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = UserArray2(5)
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = RC4(UserArray2(5), PasswordEncryptionKey)
that way it should convert your clear text passwords to encrypted while it does the import
this post also addresses this but in the reverse scenario
I hope this helps you because I really do have to leave the office like right now. Very late for a dinner meeting.
I should be back on the computer later tonight or tommoro morning
Server Error in '/' Application.
Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
The problem with that is when a user deletes an album, the album record does not get deleted from the DB, so counting all the records would return the accurate result. :(
Any hints? eeye38433.0290740741,
I actually did not think you did.
As far as debugging goes.. thats all built into visual studio.net.
There is a tag you edit in the web.config file to enable project debugging
Like I said though for changes to ASPProtect.NET I'd start off from scratch and stick with vb.net... using the visual.studio.net interface is not really vary hard to remove and change things you dont' need even if you are a C# coder. Especially simple stuff like you mentioned., alternate databases are right here.. the documentation clearly links to this, its really not difficult to find
whether you use SSL or not really does not effect aspprotect in any way,
I say, the smart thing to do there is too not start them off at a http:// url
one way to do it is put a simple ASP redirect on that default page and send them to an SSL version of the page instead...
another way would be not start them off on a protected page right off the bat and offer links to the the protected area...
in my opinion thats pretty odd to be starting them off on a protected page anyway
SLL maybe, but protected right from the time they hit the default page of the site.. thats just odd.. usually you want o say a little something about the site your at and then link people to protected areas or give them a login form which posts to a protected area.
Regardless if you always want users at your site under https:// you should have code on every single page in your site checking the url info at every page load. Then if someone ever hits a page and is not using the https:// you can do something about it like redirect them to the SSL home poge or redirect to that same page but with the https:// in the url..
Seems like its working just got to test it bit to see, though it wasnt going to work as I had one too many End If's after the last part of the code you done for me. But even I eventually sussed it, nothing to do with your bit just another mistake on my part
Great to get support like this especially on a Saturday
John, My guess it they are runnign some sort of ad blocking software like norton ad blocking. Something on the client side blocking ads or anything with the word ad in it.
I would investigate that.,
The redirection feature isn't working as I exected.
If I clear a user's redirection_URL, they can navigate to any protected page on my website as expected.
However, if I set the user's redirection_URL to a protected page, they cannot login. More specifically, their browser just keeps displaying the login form while the browser's progress bar just increments ad infinitum.
If I set the user's redirection_URL to a NON-protected page, the user is directed to that non-protected page, but if they then try to navigate to a protected page, they are redirected back to the redirection_URL.
Is this the way the redirection feature is supposed to work?
My application requires that a user is directed to a protected page and from there, they can navigate to any page that they are allowed to go to.
What can I do?,
I just finished implementing the V7 product on our site and someone made mention that on the profile form where you are asked all your personal and user information there are 2 fields for passwords. The first field uses masking to hide the password as you type it, where the second shows it in clear text.
Now we know that the only people able to see the password are the user and the administrator, but it is playing mind games with my users as they think there is a problem with the application. I am not a programmer (however, learning ASP slowly now!) and am not sure if you did this on purpose or if it is a bug?
If it was done on purpose, can you advise how I can make the confirm password field masked as well to eliminate the unfounded questions!
Thanks very much for the quick reply.
That sets my mind at ease
I was just worried if users would see warnings in their firewall software too.
I realize that the admin would have to have to go through some errors...
And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.
Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...
MySQL Database Setup
Use of MySQL is 100% unsupported as you can see from the site.
Even still I recently had an encouter with an extremely Jerky person (read the thread above for more on that) and because of him I am adding this tutorial showing one way to set things up on a windows server using the official MySQL tools available.
Let me just say as well that there are 100's of 3rd party tools to work with MySQL databases and many ways to create the database and apply the database creation script. In the past it had to be done via the command line, but now there are a lot of visual tools you can do it with. Furthermore all hosting companies set MySQL up differently and give you access to varius interfaces to manage it which are all different, and that is primarily why I do not support it. How the hell could I support all those different interfaces many of which are totally custom?
The fact is 99% of the people that purchased ASPBanner to use with MySQL have done so without issue and love how it runs. Regardless here is how I set up a working MySQL database on a windows server proving it does indeed run with a MySQL database.
1st of all if you are setting up the server you need to download some things from http://www.mysql.com/
(btw: you local developers can install this on XP Pro as well if you like.)
For this article we are going to download the current non beta windows version of MySQL which is 5.0. ALso known as the Windows Essentials (x86) download. It's about 17 meg.
Because ASPBanner uses the MyODBC drivers (now called Connector/ODBC) to connect to the MySQL database you need to download those as well. (Our site flat out says this is required for MySQL use)
So I download those from here. http://dev.mysql.com/downloads/connector/odbc/3.51.html
Version 3.51 has been the current version for a couple years now.
You want the windows driver install which is about 2 meg.
The two downloads should look like this.
Now, on the webserver you run the version 5 setup (mysql-essential-5.0.19-win32.msi) I will guide you through it step by setp.
I am going to choose typical for the sake of this article.
Wait for a bit
I skipped this part.
Choose to configure the MySQL Now
I am going to choose Detailed Configuration
Since I am on a development machine for this install I am going to choose Developer Machine. For a Real Server choose one of the server options.
For this article I am going to choose Multifunctional Database: You may want to pick one of the other options. That is up to you. ASPBanner will work under any of the scenarios.
I am going to leave the location at its default
Since this is a development machine these options are fine.
These options are fine as well.
Standard is fine for my development machine.
I am going to choose both of these options. The 1st one is Important and should be enabled on a real server so MySQL always runs. The 2nd is not so important.
Set the "root" password and do not forget it. You will need it to manage your MySQL server. I do not advise creating an anonymous account unless it is a development server and you just do not care. Whether you enable root access from remote machines or not is up to you so do some research on that. For this articles needs I am not choosing it.
Hit Execute and wait
If all goes well you will see this. (I actually got an error message about not being able to connect... I went to to Administrative tools/services and restarted the MySQL service and hit retry which cured that... it probably only did this to me since I have installed this before.. new installs probably will not have any trouble)
Your done.. You just installed the MySQL Server (TIP: its usally a good idea to reboot and make sure the MySQL servce is running by default)
Now, moving on..
Lets install the MyODBC drivers.. (now called Connector/ODBC)
This one is a bit of a no-brainer so I am not going to go into detail.
Just run (mysql-connector-odbc-3.51.12-win32.msi) and run through all the defaults until it is done.. Choose typical when that comes up.
Your done setting up MyODBC on the server. If its not your server I guess you don't need to worry about installing all of this as its your hosts job to do that.
Is it possible to set the user account time limits when they register? I am using email verification and am trying to have their accout expire 32 days after their initial login.
Also I have an issue with the email notification not notifying me when a new user logs in. It does a beautiful job notifying the new user. I do not understand why my server will send to one and not the other, I ahve searched the links but none seem to answer this.
Thank you for your help and insight,
Timecard Entry: 3/25/2006 1:36:56 PM
LUNCH, Web billing -stuffed for the mail, Moving to Wtn, enter bills, Email/Voice Mail, Back home - 70 miles, Miscellaneous, Problems from the folder from Jackie, Arrived. Stuffed and mailed 6 month access letters to Realtors. , work on company profile for dave