| Blog News Main Page |
NEWS FROM 2006-03-25
Blog Entry: 3/25/2006 1:44:11 PM
IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ; ; ; ; ; ; ; ; ; ; ;PN=1
The 2Checkout Support Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement 2Checkout Payments with ASPProtect. You must be using version 2 of the 2checkout system. They are phasing out version 1 regardless so everyone will be using version 2 very soon if they are not already.
THIS IS NOT INTENDED OR DESIGNED TO USE 2CHECKOUT SUBSCRIPTIONS. (see bottom of this thread for more info on that)
This Support Pack basically gives you an additional signup and registration directory "2checkout_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup in general. New users can register in this directory and pay for membership at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and buy additional membership time online. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via 2Checkout your system is updated and they will have access.
The 2checkout pack is NEW.. and was released on March 19, 2005. If you don't have it and would like it please just ask.
To start using this edit the "2checkout_signup/2checkout_config_inc.asp" file
You will be entering your 2Checkout Account number in that file as well as the URL you want a user to go to after payment. It is all commented in that file. (There is also a testing variable you can set to True if you want to do testing without real charges being applied)
After editing that file run this page.
Replacing the part in blue with your website info.
It will report back that postback url you need to use in the 2checkout system.
Log into your 2checkout version 2 account and under the "look & feel section" enter that postback url for both the "Approved URL" and the "Pending URL"
Trust me: You want the URL there for a pending URL because the 2Checkout system is quite random and 95% of the payments that come in go to the pending URL and end up being legitimate sales. (at least for me they do)
Now make sure the Direct Return option on that page is on as well.
|If set to Yes buyers will be immediately directed to your URLs below once they click the|
Complete Order button. If set to No the buyers will have to click a button to return
to your URLs below.
Save that page... and leave 2checkout.
Now, delete this page from your ASPProtect setup.
It's a minor security risk and is no longer needed needed.
The basic setup is finished. All you have to now is set up payments options the way you want them.
Changing Payment Options
In the "2checkout1.asp" file there are form options set up.
They look like this and you can have as many as you like.
<option selected value="30,9.95,3,">30 Days, 9.95</option>
In this option... A user has the option to purchase 30 days for $9.95 and he will be set to Access Level 3 when payment in completed.
Here is how it works.
The value setting (red) is essentially and array that can be made up 4 elements separated by comma's
They must be separated by a comma and there can be no spaces. In this example the 4th value was not used but the last comma must still be there. If you didn't want to set an access level and left out the "3" there would 2 commas at the end. etc etc
Basically there must always be 3 commas but you only have to set the 1st 2 values which are days and price.
The 1st value is the amount of days.,
The 2nd value is the price for the amount of days.
The 3rd value is the access level you want to user assigned to.
The 4th option is the groups you want the user assigned to. (see PayPal subscription thread for examples of specifying group info)
Now, the label for the option in (blue) can say whatever you like.
Chris, if there is no way to change this, I understand. I just though maybe it might be possible and I can't find out if i don't ask.
Let me know.
ya, thats basically what I was gonna do..
BTW.. if that other app is going crazy with an access database it could be the cause of all the slowdown with ASPProtect... what happens there is it is using so much database driver time that it robs other things that also access a database... so basically ASPProtect isn't asking its database for much but your other application and database are cripping that part of the system and causing it to run like crapola, that is good news... good guess on my part I guess
If your other app is using a system dsn try changing it to use a dsn-less connection... it might actually help
anyway, try this for your latest issue.
ASPBanner.NET was discontinued about 14 months ago. It is no longer supported in any way because quite frankly the classic ASP version is faster, more stable, has more features, and is a lot easier to install and get running., Hey, I thought I'd share this tip with the ASPProtect community...
If you PM me via the forum you are welcome to a copy of the current ASP Unlimited Version. It can serve banners to any type of page extension. All you have to do is ask for a copy.
Whether or not your existing ASPBanner.NET database is exactly the same structure I do not know, but I believe it is. You should compare the two if you plan to keep using the old database and make any neccessary changes so the old database has the exact same structure as the new version. If there are any differences they are very few.
If you'd like to remove, modify, or add fields to the "Users" view in
the password_admin default.asp page, it's really easy to do. Well, at
least it was for me. I'm using an MS Access database, by the way.
For me, I don't need "Company" info, but I do need last access and # of
times accessed displayed. Therefore, I had to change the default page
in three areas:
In /password_admin/default.asp, go to about line 185 or so, where you see stuff like:
[code]<td valign="bottom"><font face="Arial" color="#000000"
="2"><b>First Name& lt;/b> </font></td> [/code]
OK, those are the column headings. Each one corresponds to a column
from your USERS table in your database. There are two more areas to
consider, both of which appear immediately after this section.
The next section has statements that look like this:
[code]<td valign="bottom"><a href="<% =THISPAGE
border="0" src="../images/sort_ascending.gif" Alt="Sort
Ascending"></a><a href="<% =THISPAGE
border="0" src="../images/sort_descending.gif" Alt="Sort
See the "First_Name" items? The first is for an ascending sort, the
second for a descending. This particular line corresponds to the code
snippet immediately above it. But all this does is handle the sorting.
For the actual data, look lower for this stuff:
[code] <td bgcolor="<% = Cellbgcolor
%>"><font face="Arial" size="1"> <%=
%& gt; </font></td> [/code]
It's a good ways down, so don't be impatient if you don't see it in 10
lines from the end of the last mentioned section. This stuff handles
the display of the data from the database (where else ya gonna get
Now, to remove a field, you need to find the three sets that go with
that data. The ascending/descending sort is potentially the trickiest,
because it's the longest set of data and can take a number of lines.
Just clear it from the start td to the end /td and you'll be fine.
To *add* a field, copy and paste the code from an existing field and
modify it. In the first one, the column title, you can type whatever
you want to describe your info. Nobody but you and your admins will see
it. For the next two sections, though, you need to get the correct
column heading from the USERS table and use that to correct the lines
in the copied code you pasted in.
For example, when I added a column to show the number of times a user
logged in, I copied the above snippets and pasted them in where I felt
the column I needed should be. Then, in the first one, I changed "First
Name" to "Logins". In the ascending/descending snippet, I changed
First_Name to Counter. Same for the last snippet.
The result? A new column, showing the number of logins my users were successful with.
Of course, before you experiment, back up your existing default.asp file, JUST IN CASE.
How do you know permissions are ok in that folder ?, I have no idea to be honest, I just like the way it looks
Please tell me more on how they were set.
Please read through my article on how they are set correctly.
Often times they are not set correctly or people thingk they set them somehow but in fact did not do it the correct way.
I would also suggest using the "test_physical_path.asp" page in the "extras" folder to verify if the path you are using to the database mdb file is in fact correct. That page should work whether permissions are set or not. At least then you will know if the path is correct or not and you can go from there.
Good deal on the remote install, just dont pull the old "hangman" move
shutdown the machine on yourself around 4AM. Otherwise you be getting
in the car and going for a drive LOL
recent activity infomation is temporary and mantains itself per application start up.. when the web application restarts for whatever reason the info is reset
a reboot, an iisreset on the server, application pool restarts, etc etc
this is done because if that info was saved in the database your database would get huge real quick
logfiles however do not do that and are permanent, I do not what is going on at this time. It is not a known issue.
If is is not working it would seem to be a problem with the application variables on the server possibly and your web.
Perhaps try installing it on a local machine and see if it works for testing sake.
Also.. if your stuck with the black skin you could always just edit the information in the that skins folder to get the app looking the way you want.
That and the header and footer files that comes with the app are what control the look of the system.
I am using cdont to send email. what do i have to do send email to other display my full name instead of email address. In other word I want to see first name last name in their email client instead of email address.
thanks for your help
I get this error, Any ideas?
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.
/guestbook/save.asp, line 109 , And here is an even simpler version where the database name is hardcoded and the User_ID is set ahead of time from wherever you are getting it from
'User_ID = CmdListUsers("User_ID") ' getting it from another database query
User_ID = Request("User_ID") ' getting it from the page post
SELECT COUNT(Album_ID) AS Alb_Count FROM Albums WHERE User_ID = " & User_ID & " AND Album_Active = 1" cwilliams38433.0595949074,
This is what "John Evans" of CJWSoft has to say on the matter...
"I think thatís pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.
I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.
Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didnít even know they had a virus on their rig.
Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."
cwilliams38447.0602083333, well, like I said.. I am leaving in about 5 minutes for the wedding.
If you put this up on a live server that I can connect to I will look at it tommoro for you. I have told you everything I could possibly tell you so I dont think your going to figure it out based on the things you have told me so far.
Only other thing I can think of is make sure your not running anything goofy on that server 2003 box. Norton Antivirus script blocking... various ad blockers.. anti spyware applications... etc etc... They can cause problems as well. ,
ok, well as far as what else to try I already told you..
you need to manually compare all those field settings with the sql script and make sure they all got set correctly...
you also need to tell me what email/name you ordered the application under... before I will continue this support with you.. at this point I don't know if you purchased the application or if you are using the unsupported lite version
, the email address thing could be done many ways... personally I would remove the username field from the registration form.. and modify things so the email field got used for username and for email when everything gets saved on the page that register.asp posts to. ... it would all require some messing around with the code and time... nothing too hard really
as for the password thing it all happens in the register.asp file.. the same page the registration screen is on in the web browser.. again a little bit of fooling around and time but not difficult ,
I apologize if I've missed this, but I would love to see the ability to auto-e-mail the advertiser at some randomly set interval before the banner expires. Ideally, I would also be cc'd on this e-mail so I can stay in touch. If the advertiser wants to renew, I can receive payment and change the expiration date without their banner ever falling out of service.
Since e-mail is already built into the program, would it be difficult to add a routine that checks for expiring banners at some daily interval, and contacts the advertiser?
To get really fancy, the e-mail could include the ability for me to add a button for paypal, allowing the advertiser to easily click and send off another payment.
Thought this would be easy. A few more pointers should get the database connection to work:
1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so?
2)We have other files in there for other server applications, does that mean weíre stuck using DSNís or is the file independent of that control dialog?
3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?
What else are we missing?,
For some odd reason, the the export path has two backslashes (\\) at the end, thus generating an error each time I try to export. For example
This appears toward the bottom of the import_export_manager.asp page and is called by =ExportDirectory.
I checked under settings tab, no path ends with a "\". Any idea where else I need to look?
how di I change the currency dollar sign to gdp pound sign ?
I need all my tranactions in gdp puund sterling to use on paypal
Triple check the upgrade instructions because I think you missed something important.
line 227 on "/password_admin/save.asp" refers to the "Password" field
the error your getting most likely means it is not there..
Pay close attention to the areas in the upgrade instructions regarding renaming your existing "Password" field to "Old_Password"
Then making a new "Password" field and carefully following the instructions needed to convert your old passwords for use with the new system.
If you don't everything carefully and perfectly this is the sort of error you will get.
Well some good news! This from my hosting company this morning...
I'd say that the vendor is right so I've submitted a work order to"
create the *****.com/aspnetprotect directory as an application.
If there are any other directories for which this needs to be done,
please let us know. This particular task always needs to be performed
by our staff.
If you need to follow up on this job with one of our on-line or phone
technicians, you can reference ticket id 11860.
Thanks for your help thus far
IMPORTANT UPDATE - READ THIS
The IPN Subscription Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement PayPal IPN Subscriptions with ASPProtect. IPN stands for (Instant Payment Notification). It allows you to set up scripts on your server so whenever a PayPal payment is processed the PayPal server sends info to your server regarding the transaction and vice versa. This is a fully automated process and allows you to charge users for access by the month or however long you like.
The Subscription feature of PayPal handles recurring billing automatically. The PayPal server will communicate with the ASPProtect system and keep everything up to date with users and their subscriptions.
This Support Pack basically gives you an additional signup and registration directory "paypal_sub_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup. New users can register in this directory and sign up for a subscription at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and start a subscription. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via PayPal your system is updated and they will have access.
To use this all you need to do in ASPProtect 7 is enter your PayPal account name into the settings screen. It will be an email address. You'll need a business or premier account with PayPal and you will need log into your PayPal account and turn on IPN in you profile. They make you enter a default IPN URL. We do not use that so if you already have something there leave it there. If you dont have something there you can type in any the full url to any page on your server. It's probably best to send it to an empty ".asp" page or something.
Changing Payment Options
In the "paypal1.asp" file there are some sample payment options set up.
They look like this and you can have as many as you like.
<!-- Begin Payment Option Code -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
<% Label = "Membership (1 Month) $9.99 Recurring" %>
<!-- Begin Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="a3" value="9.99">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<!-- Field Below must have 2 commas First two values are optional (access level,groups,user ID)-->
<input type="hidden" name="custom" value=",,<% =User_ID %>">
<!-- End Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->
<input type="image" src="https://www.paypal.com/images/x-click-but20.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<!-- End Payment Option Code -->
To really understand what these form values mean it is best to look through the PayPal Subscriptions Manual which is a PDF file you can get from the PayPal Site.
This link was valid the last I checked...
Subscriptions and Recurring Payments Manual
It also may be helpful to use their wizard to create some subscription buttons with different settings and then look at the code generated.
Bascially these are the important ones..
a3 - amount to billed each recurrence
t3 - time period (D=days, W=weeks, M=months, Y=years)
p3 - number of time periods between each recurrence |
The custom field is something we are using to send info from ASPProtect to PayPal.
it allows you to set the access_level or groups access (groups support require the ASPProtect Option Pack)
<input type="hidden" name="custom" value=",,<% =User_ID %>">
or this example where we are setting the access_level to (2) and also giving the user access to groups (3 and 4)
<input type="hidden" name="custom" value="2,*3*4*,<% =User_ID %>">
Here is how it works.
The value setting (red) is essentially and array that can be made up 3 elements separated by comma's
If you do not want to set the access_level or groups access.. then you don't even need to edit the setting.
Values must be separated by a comma even if there is no value and there can be no spaces. If you didn't want to set an access level or groups there would still be 2 commas at the beginning. etc etc
Basically there must always be 2 commas but you only have to set last values which is the User_ID from the ASPProtect system.
The 1st value is the access level you want to user assigned to.cwilliams38421.7141782407, I sent you a PM, I didn't think that was it, but just to prove, I just viewed the same album from 2 different IP's. It did not increment the "hits". ,
The 2nd option is the groups you want the user assigned to. (requires option pack)
The 3rd option is the User_ID which the system takes care of. Do not edit this option. Leave it as <% =User_ID %>
I do not think it it anything to do with the Application.
You most likely have some sort of ad blocking software that is doing it.,
It is seeing the word "banner" or "ad" and blocking the images in your browser.
I doubt it is anything built into xp doing it. XP with SP2 has built in pop-up blockers but no ad blockers like that really. It is norton ad blocker or something of that nature.
I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.
Jeromy, You should have access to that page.,
its a text file you just edit it with notepad.. if ya mess it up ya put an original copy back in
no biggie either way
jump in there..
I just showed ya exactly what to change.. its a no brainer man
This is simple source code. It's meant to be edited and hacked.
The only reason I warn you is so you can't blame me later on if it effects something
I am just trying to help
If ya dont like that solution why not just use periods for the first name field.. or a dash or something... then nobody will really see it
or maybe store the company name in the first_name field
seems like clever things to try without changing the code..
Encountered another issue. When entering a user name correct but the wrong password get the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '(Username = 'ROBERT') AND (Password = 'Z£$'.
/check_user_inc.asp, line 115
Did I do something else wrong?!
when you get back to work.. your "redirect.asp" needs the password include file at the top of it.. or that wont work either..
and of course those pages you send people to all need to be repaired,
This may be an old question ??? If it is please point me to the post or documentation where I can find the answer please.
When creating protected pages I am using the following to protect them:
<%@ LANGUAGE="VBSCRIPT" %>
But that is not working. I get the following error when I try to access the members logon page in the directory that I wish to add the pages to:
Active Server Pages error 'ASP 0130'
Invalid File attribute
/filelocation/filename.asp, line 3
File attribute '/aspprotect/check_user_inc.asp' cannot start with forward slash or back slash.
However if I create the pages in the root of the AspProtect directory and use a link to the same page that exists in the AspProtect directory and the following include:
<%@ LANGUAGE="VBSCRIPT" %>
The pages work fine.
I really do not want to put all of my protected pages in the root of the AspProtect directory.
I would like to mix protected and unprotected pages throughout the site in order to #1 make it easier to administer. #2 keep the AspProtect directory solely for authentication. And, #3 keep any user authentication pages out of the AspProtect directory.
Can you do a better price deal for that version in place of the one I've just purchased ie for a single licence rather than unlimited Christopher?
Or failing that can you give me an idea of how many changes you had to make to convert 7.3 to work with Mysql?
Your users with Internet Explorer may have received the "Page Expired" error. For ASPProtect users, it happens when the user is not logged on and tries to invoke the target page. check_user_inc.asp puts up the login form, and IE sees it as part of the target page. Any later attempt to Back up and reload from cache gives the errror.
My solution was, after successful login, instead of falling through the bottom of check_user_inc.asp and running the target page, I issue a re-direct to reload the target page. I also added META tags on the dynamic login form to say no-cache and expire now, so the re-direct really does reload the target page. This time, of course, check_user_inc.asp does not need to put up the login form, and the new target page in cache contains no form at all. So, IE will not give a Page Expired error when Backing up to it later.
Netscape, and I gather other browsers, do not behave the same way, so I limited the solution to IE. Also, the solution only works if the target page has no form of its own.
Sorry, I am looking at your code on view_item.asp and I have noticed that you are calling 3 variable; start_date, end_date, and image_url that do not exist in the databases that you provided. Do I have the updated package for ASPVendor?
, FILE includes can not use virtual pathing info
if you want to do it like that you have to use a VIRTUAL include,
sometimes those emails take a bit... all depend on wht you are using to send them and whether a pickup directory is involved
as for the other I do not know.. PM me the site details I can look
if it is a 2003 server parent paths must of course be enabled.. its a requirement of aspclassifieds, here is the next response to this which was emailed to me but should have been posted here
From: Mo Afifi
Sent: Sunday, October 23, 2005 4:47 PM
To: CJWSoft Support Info
Subject: Re: CJWSoft Support Info : SSL - Verisign Certifcates
, What application you talking about ? I'll assume ASPProtect. In the future please specify what application you are talking about.
Thank you for responding to my posting. In the second line of your response you said ďnot start them off at an http:// url". I think what you meant is to "not start them off at an https:// url". If this is your intention then I agree with you 100%. I have revised my pages so the users will go first to a non-https page and then make a choice either to use secure or non-secure access. Please note that the site is not intended to be completely SSL protected but only the sign up pages. I have another problem though when I click on the "Secure Log In" and enter my log in information; the entire subsequent URLs will have https:// in them which I could not shake off. As I said the intention was to use the https for sign in only.
I realize that this issue does not have any thing to do with your product, but any input will be appreciated. Best,
ASPProtect 7 already has protection that is quite effective. The no concurrent login feature which will not let the same username under a different ip log in at the same time. Meaning if someone gives out their info they will screw themslves over because eventually they won't be able to log in. Only one unique ip at a time can log in so even of 100 people know the info it won't really do anyone much good except the lucky one that logged in 1st and stayed logged in. The username/password will eventually become more and more useless as more and people know it.
In addition to that is is a good idea to monitor the daily logs and single out a user you see logging in a lot. The more ips you see for that user the more chance it is multiple people logging in and you should take action. ,
My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work. I've tried many different options - here are two that are the closest - but have issues:
1. If I use the settings:
email component: aspemail
Mail remote server: my internal server name
*no smtp authentication
email mail notification - my email address on my internal server
***I get the following results:
I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.
2. If i try to change the setting to use the Hosting Website email server - I get the following results: I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.
**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.
Timecard Entry: 3/25/2006 1:44:12 PM
quite steady, lots of little things, not too many calls. helped a couple users with modem problems, Travelling out to clayton office, email, voicemail, stats tracker for remington museum, travel to Clayton - 23 miles, ha, HTML research, talk w/ Jeff and Ed re: VLANS, Dave from Alpha Paging with Chris B., Lunch, web site consulation with bernier and carr, 401K report, home laying on my couch being sick... yay, burger king, Flash 1600 Routers w/ Ben. Teach him how it works., Answered phone, did callbacks and checked RadLog and DUI, Getting Melody started on cGisco checkbook balancing, to watertown office (checks and box for sc). s/w ron on dsl configurator. meeting with ICS and MDG about partnering in US to promote internet ready systems., Pretty slow for the most part. There was one period where it picked up. Can in chunks really. , Answered 2 customer emails that were sent to me, lunch, fix some more wiring things, removed old imcnet servers and some equipment, reset some total control equipment ed wanted., 4 calls, doing a quick check of the modem pools at GiSCO and IMC-Net, Caught up expireds and some other customers showing up. , Answered phones for the duration, researched ASP and JScript on 'net as per instructed by Steve, consulted with chris on possible leads for Corporate partners and schools in the area., Walker, ST.LAWRENCE COUNTY WEBSITE DEVELOPMENT,