Blog Entry: 3/25/2006 1:35:54 PM
The pages in the ASProtect Full version that have emailing code in them are as follows.
Even though I have a big disclaimer that the account is totally
worthless without someone paying to activate it, the new IDs keep
coming, about 3 a day.
Thanks for the quick reply.
I will consider editing the code.,
This is what "John Evans" of CJWSoft has to say on the matter...
"I think thatís pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.
I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.
Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didnít even know they had a virus on their rig.
Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."
I would kile to see more support for the groups function:
1. on the password_admin/default.asp page have a coulmn listing groups
2. ability to change groups in bulk eg change the expiry date for all group x members
Triple check the upgrade instructions because I think you missed something important.
line 227 on "/password_admin/save.asp" refers to the "Password" field
the error your getting most likely means it is not there..
Pay close attention to the areas in the upgrade instructions regarding renaming your existing "Password" field to "Old_Password"
Then making a new "Password" field and carefully following the instructions needed to convert your old passwords for use with the new system.
If you don't everything carefully and perfectly this is the sort of error you will get.
Installed a new rack mount 1u server this week.
3.2 ghz hyperthreading 1 mb l2 cache prescott cpu
2 gb pf pc3200 kingston memory
SATA Raid.. (2) 120 gb drives running hardware raid 1
It is a supermicro 1u server case and server motherboard.
The hard drives are SATA 150 120 gb 7200 rpm Diamondmax Maxtors
All high end server type stuff... It's a very powerful server and has been running great all week. 500+ hours uptime so far.
Running Windows 2003 Server Enterprise
SQL 2000 Enterprise SP3
ZipEnable (which I am reviewing for them)
ServerMask (which I am reviewing for them)
A ton of ASP Components which I have purchased over the years.
So that means I can now focus my attention on creating software again instead of being a system admin. (Due to these server issues over the past few months I am now back to godly status as far as windows system administration goes.. not to mention I am now back up to speed on the latest processors and hardware)
So, getting back to ASP Photo Gallery...cwilliams38331.5907060185, Attached is a SQL script to create the ASPProtect Database with the Option Pack Changes already applied. This lets you create the database in one step and you wont have to make the option pack changes as they are already there.
I spent about 20 more hours this week on the new version of ASP Photo Gallery Pro.. I have another 40 or more to put into it as I have a lot I want to do.
I think it will be ready within the next three weeks. I know a lot of you have been waiting for something.
This only applies to people using MSSQL and doing a new installation.
This scripts are run via SQL Enterprise Manager.
You make a new database then run this script on it in query manager.
2004-06-14_180056_aspprotect_w_option_pack.zip cwilliams38152.7522569444, [QUOTE=cwilliams]
Every application we sell that has a password on the database uses "temp"
Also, the password is in the connection string in the dataconn_inc.asp file.
After all, the ASP code needs to know the password just like anyone that wants to open the database would.
That i have, my question revolves around the all the users and passwords that I in that database. I need to be able to export that list to word for a mail merge list, but when I do the passwords show up encrypted. I need to be able to get an unencypted list.
I had both ASP Listings & Classified on the same website. The categories seem to be getting mixed up. I removed ASP Classified but classfieds categories is still appearing in the student of ASP Listing.
How do I fix this?
How busy your site is actually won't be the only factor. Really the application should not restart unless something happens. If the IIS application is reseting alot it could very well be the ISP restarting the server or doing IISRESETS as well or other sites on the server causing the application pools to restart.. etc etc etc Quality ASP hosting is important. Regardless your hosting company most likely will not admit to anything be out of the ordinary.
As far as that directory deleting itself on you.. I doubt they will have an answer for that one. All I can tell for sure is I didn't put any code to delete it in there.
Two things you can do to test..
make sure there is at least one ".log" file in that directory.. then if you go to the log file screen and it does not show up in the list the physical path you are using is just not correct
remember the physcial path must contain a drive letter (sometimes a network path starting with // is ok if they have it setup as a network drive)
the other thing you can do is use this script to try and write a simple text file in the directory
That will show you if permissions are correct
A general question - Can you have multiple instance of the gallery on the same server? ,
We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.,
Sorry, you cannot, that is how it works and that is how it has to work for reasons I am not going to try to explain as it is pretty technical. (it works the same way even when not using paypal and using email authentication... nearly every registration system out there does it that way under an email authentication scenario or a PayPal IPN thing.)
Basically, if you are concerned about it you need to periodically manually check for accounts that were never activated and delete them. Maybe when I get some time some day I will make a little interface to help find those and clean them up at once.
I have no idea where links to hose graphics are being called.
I checked the source of edt_banner.asp and I see no calls to any images named like that
I didnt see any calls in the header and footer files either...
yup. that is correct... they can't log in so they can't see any pages you protect
its the nature of forms based authetication,
Our company has a big dilemma on how to manage the database for accounts that are expiring/expired.
We saw the function to email a batch of users who are expiring soon but this doesn't help us to complete the renewal process.
Once the email is sent, what happens afterwards? how can we setup the system so that we can renew their expiry dates or accounts without too much hassle?
The system currently doesn't have any renewal functions or to allow batch changes on multiple accounts at the same time so we have to manually edit one account at a time. This is extremely tedious if we have over 1000 accounts to manage (and we will).
If you have anything to suggest on all this I would appreciate it :)
Got it working. Had purchased a long time ago and forgot about needing to run the userreg.exe. All is well and thanks for the follow up.
When I run the physical map test this is what I get:
The Physical path to this virtual website is: \\NAWINFS04\home\users\web\b2623\rh.vickery2004
Will that work correctly without a drive letter specified?
, Please try this URL www.telepedia.net/pages/chem_periex.asp
It is protected by GROUPACCESS "6" and the username:dimitris and password:tele
In the administration area, I have arranged this username as member of the group 6.
Thank you in advance for your help
, also, from looking at your site your ideal scenario would be a system that allows you to show all banners in one zone at any given time but in a different order.
ASPBanner is just not that sort of system. It is only designed to show one banner at a time from a given zone in random order., They send an email?
Hope my spam killer didn't zap it...
I wonder why the banners in ASPBanner 8.1 are moving from one place to another when opening my site www.helserevyen.no in a Mac Safari browser and click on refresh?
Can you take a look at my site and response?, I have no idea to be honest, I just like the way it looks
Good deal on the remote install, just dont pull the old "hangman" move
shutdown the machine on yourself around 4AM. Otherwise you be getting
in the car and going for a drive LOL
Is there a way to set various members to upload a limit of photos. So, one member can only upload 5 photos in 1 album and another can upload 30 photos in 2 albums. Even if you just set a permission for the number of uploads for each member.
The sql script creates aspgalleryuser
dataconn_inc.asp out of the box indicates aspgallery as the user.
GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspgallery;User Id=aspgallery;Password=temp;",
...I have earned a beer (dont tell anyone im underage) ,
I wanted to see if you had any suggestions for converting from Access to SQL sever database. I attempted this earlier today performing the following steps.
1) Create SQL Tables using Enterprise Manager / SQL Scripts
2) Use DTS to move all of the existing table data to the sql tables.
3) Update dataconn_inc.asp to use SQL and the required connection string.
When these steps were complete I was able to login to ASPProtect as an admin and search / find both groups and users. However, any attempt to edit or create users resulted in a "the page ... had a problem ... " type problem. It seems that I can read from the db fine but and getting errors writing to the tables. The user id that is being used to connect to the db is the [dbo].
Any additional hints for this procedure?
That is not enough to go on. I need details in order to help., Haven't gotten to it yet. I do know there are a few customers using it to edit the app and said it was not all that different. Maybe they will chime in with some tips.,
Sounds to me like you got some bad databases or something. Or your trying to open a database with too old of a version of msaccess.. not sure
Everything is stored in one database. And yes there is more than just the users table.
Also, removing the "temp" password should be a piece of cake.
Email me for a new copy of the download file ? Use the contact from on the cjwsoft site. Please tell me your order details as well so I know who you are.
I had never noticed this before, but a customer sent me email to say that they had set up their aspclassifieds profile such that they be contacted by email and not by phone.
However, in their ad, their phone number still appears. The lines in view_ad.asp that check for True values for the Contact_Via_Email and Contact_Via_Phone before displaying that information seem to always evaluate to True, regardless of their setting in the database.
I'm using an Access2000 DB for this. When I open the DB in access, I see the checkboxes correctly unchecked for phone and checked for email. However, if I do a quick test to display the retrieved values in the view_ad.asp (<%=contact_via_phone%> <%=contact_via_email%> they both display True.
What gives? I have had nightmares with Access and its weird handling of true/false 0/1 yes/no fields, but this is driving me nuts.
Regarding installation in a subfolder
Though this should be common sense and ASP.NET 101 "so to speak" One thing not mentioned in the docs..
If you do not install ASPProtect.NET in the true root of a web there a key in the web config you must adjust.
it looks like this
<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />
The way it comes it is valid for a root installation..
lets say you installed the application in folder called.
the key would change to this
<forms name=".aspprotect~net" loginUrl="/aspprotectnet/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />
... could you make a link from it to our website and is there a way to see what traffic goes from us to them. They are going to pay a commission on sales, however I need to be able to track who views their site...
Wishful thinking or could you add code to track their IP address and display in the report section? Not sure that would be enough to satisfy this request. Suggestions?
Now, that being said.. you do not have to use these folders.
For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.
You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.
We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs.
Does ASPprotect support Paypal's Website Payments Pro option, where a user can use a credit card directly on a web site, without passing to paypal.com?