Blog Entry: 3/25/2006 1:49:36 PM
perhaps the filesystem object is disabled on the server ?, Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
or some sort of script blocking is running and causing a problem ?
other than that I can take a look if you put it up on a live server.
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?,
When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.
Here are some of the messages:
[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an
[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.
I am using Black Ice...
Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???
The string is being saved and I get a .wav ring sound to confirm. I have tried editing in "notepad" and then running the "data/show_path_info.asp" file after with the same results.
I'm trying to use CDOSYS.
It seems to work fine on the web page, however the mail never gets
I can see my messages sitting in c:\inetpub\mailroot\pickup but they never leave it.
I found another folder after doing a search for "pickup".... it is:
d:\program files\Exchsrvr\Mailroot\vsi 1\PickUp If I paste the files
into there, they get delivered.
How can I get the email to be delivered without doing the cut and paste?
I've tried it both with and without authorization.
I am running a Windows 2000 server with Exchange 2000.
Thanks., If by permissions ou are reffering to the IUSR with write/execute
permissions, they are already set. I get this error when I hit the 'Create New
Export File From Current User Database' link:
Microsoft VBScript runtime error '800a004c'
Path not found
/ASPProtect/password_admin/export.asp, line 76
Any other suggestions?,
I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.
So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?
Or is there another way..?
I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.,
ok, here is what is going on
that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out
this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact
it was a nice feature never intended to handle any situations other than what I just described...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info
that more than anything is what is going on.. browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...
To avoid all of this...
One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)
Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.
Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc
So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.
I hope this makes some sense to you.. it is very hard to try and explain
sorry your having so much trouble. A good host is a must.
Yes, that is most likely permissions related.
, MSACCESS or SQL server ?,
You may want to read over my article on how permissions are set. It will give you a very good understanding of the process and may help yo when dealing with your hosting company.
there is also an xp pro version of the article for people doing locl development and running iis on their xp box
How do I recover or reset admin password used for the aspprotected pages. I have installed it months and months ago, but now can not recall the password. Any help appreciated, as I do not feel like installing it again., Does ASPProtect 7 work with SQL 2005?,
yes, there is upgrade pricing
and upgrade instructions here in the forums
if you install it in the same directory structure you wont have to make any changes to the pages in your site you have already protected.. because the code to protect a page will be the same
now, anytime you upgrade an application like this there is going to be a lot of work involved especially when there have been so many changes,
whether or not you upgrade is up to you
Like I said you can make version 6 work with CDOSYS and a remote email server. You just need to do some research on CDOSYS code and spend the time needed to make the code use it. I however am not going to spend time detailing all of that when I created a new version that does it.
The application automatically generates all the code for you for each method of calling banners. It does this on the zones screen.
If you are using flash it also possible that the actualy flash file is what is causing things to slow up.
It really all depends... it could also be server resource related
using sql server or access.. ? etc etc
all important detailscwilliams38362.6615972222, Then you should have current enough code.
If you PM me the encryption key you are using and the plain text password for this user I can see if I can reproduce the error and come up with a fix.
I believe you found one of the rare examples where the encryption creates a strange character that messes up things. Sometimes those characters are not even visable.
Changing the password should solve the problem in the meantime.,
it is an email server/setting issue most likely
your email server probably requires outgoing authentication or something like that and that is why internal emails can be sent to but nothing else
its something along those lines
this will help you see the real error instead of the generic 500,
Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.
thats not good.. its a web server configuration issue of some sorts ?
post is a common method for forms.. if it is not supported it is something you should ask the server admins about.
Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?
ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
My guess is your web server is running Apache Unix or something like that., Alright...I'll try those out. Also, if I do the data import on my laptop initially and just publish it to the server do you think that will help?,
ummm.. ok.. Then this doesnt make sense. On two out of the three machines I have in house here, the images do not show up. They only show up on the server machine. I am using the constant url on all three machines. www.rfamilystuff.com Does it show up on your?
Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.
In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.
This page will redirect admins or level 4 users to a certain page and anyone else to
<%@ LANGUAGE="VBSCRIPT" %>
If Session("Admin") = "True" or Session("Access_Level") = "4" Then
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
<%@ LANGUAGE="VBSCRIPT" %>
If Session("Access_Level") = "1" Then
ElseIf Session("Access_Level") = "2" Then
This page will redirect user "PistolPete" to a certain page.
<%@ LANGUAGE="VBSCRIPT" %>
If Session("Username") = "PistolPete" Then
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
If Session("Username") <> "PistolPete" Then
Response.Write("You do not have access to this page.")
etc etc etc.... these code snippets should point you in the right direction..., I am really starting to get the hang of your
software. It seems to me, you have thought of everything a person could
possible want. Before I try to tackle
setting up Pay Pal subscription payments is there really any difference
between a file include and a virtual include statement? Is one more
secure than another?
I have imported like 50,000 users into an access database when testing... it took like 4-5 minutes but worked..
course it really all depends on the setup how many you can get away with
something must still be wrong,
have you tried just importing 1 or 2 users for troubleshooting sake ?
I would also recommend that after any timeout you reboot the server or at the very least do an "iisreset" to get things back to normal
Turn off "Show Friendly HTTP error messages"cwilliams38084.7513773148, Are you aware ASP can run on any machine running win95/95,2000,xp pro, 2003. You really should test all asp code locally before running it on live servers but anyway... that is your deal
If you are getting errors with your ASP application go to Internet Explorer and make sure this setting is unchecked. Having this checked can cause a generic error to be displayed in you web browser when ASP code encounters an error. This generic error message doesn't really help you fix the problem. Having this setting unchecked will usually result in a more detailed error message and the line number the error is occurring at, thus giving you a good clue as to where the problem is within the ASP code. If detailed ASP error messages have been disabled at the server level this setting will make no difference.
I am not sure if memory alone will be enough for that server but it could help. I saw a decent amount of free memory when I looked. Its just about an 8-10 year old system on every aspect (processer,OS,Hard drives, memory etc etc) and not only that something is tasking the heck out of the resources left over for asp database access. Something is just wrong. I don't know what it is but I am pretty sure it is not aspprotect. I got rid of my last nt 4 server about 4-5 years ago but the application always ran great on NT and I still have some customers using NT 4. Not many though.
if you email me the import file and the encryption keys you are using I will make a database for you.. just zip it up and send it to chris-cjwsoft.com
replace - with @ ,
Is there an easy way to make this work with reoccurring a monthly or yearly subscription?,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever., My guess it they are runnign some sort of ad blocking software like norton ad blocking. Something on the client side blocking ads or anything with the word ad in it.
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
I would investigate that.,
Terribly sorry, but we are not software-technical. So can you please tell us exactly which folder the database would be in.
Thanks in advance.,
I did all that you sugessted and all failed, you said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually? below are the steps I performed......
1 - made sure the web is it's own application in IIS
2 - Reset IIS in command promt
3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.
I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?
Hi, Its just a generic error that really doesn't mean much of anything except that something wrong with your data connection.
could be invalid permissions on the database folder... could be any number of things
when setting up your connection I suggest going dsn-less.
It is better/faster and also a lot easier to set up.,
sometimes those emails take a bit... all depend on wht you are using to send them and whether a pickup directory is involved
as for the other I do not know.. PM me the site details I can look
if it is a 2003 server parent paths must of course be enabled.. its a requirement of aspclassifieds,
Can I have the logon be in a top frame while having the protected pages displayed in a main frame?
Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.
If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
but change the target of the form to one of your frames
personally though I think that would be a somewhat goofy setup to have going on
Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?
As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .
Really, the best thing to do is expirment and see how things behave.
It really means just what it says. Your connection string is just not valid and the sql server speicifed can not be reached. The username and password could also be invalid. Since you already had a database set up you should use the same username and password you have always been using. You also need to use the same database name you have always been using. Without actually knowing more and seeing what you are doing it is pretty hard to tell you anymore than that.cwilliams38301.7362037037,
The directions and sql scripts given are for setting up a new sql database. Applying them to an existing sql database requires a slightly different approach. Modificiations to the SQL scripts elimintating references to the usernames/password/database we suggest in the scripts is also a good idea.
A data connection is a low level as it gets. Until you get that working you are really not even touching any of the code in the ASPListings application.
If you want I have no problem going into your sql server and web and setting up for you correctly.
when you get back to work.. your "redirect.asp" needs the password include file at the top of it.. or that wont work either..
and of course those pages you send people to all need to be repaired, SQL Server Database Information Mod
This mod is only for customers running SQL server. It is a new stored procedure and a new version of the "server_info.asp" file that will display information about your SQL database on the Server Info page.
This is for Advanced SQL Users only that understand how to add a Stored Procedure to a SQL Database as well as assign permissions and what not.
To install this mod you should have access to SQL Enterprise Manager and Query Analyzer as well as be able to grant your SQL database user EXEC permissions on the new stored procedure. ,
Let me run some more test if it's working on your end it should be on mine? I have made some custom updates to the code but no in that area.
thanks!! the file took care of the extra slash. I also fixed the problem by modifying the permissions.,
is there any way I can get rid of those information shown on User activity screen, so I can at least know who logged in current day?
thank you in advance,
Timecard Entry: 3/25/2006 1:49:36 PM
cont on work order mess, overnight for Carol, Gisco cash flow, delete Vermont invoices from A/R, re-do entries, MBO meeting with Paul, Kelly, Tara, and Dave , Setup softstart server, lucky star - screwing around getting his site loaded onto another host...., phones, radlog, dial up issues, voicemail, email, work in Atlanta, Call from Lance Evans of Jeff Lewis BOR about Dalton, GA note. Forwarded note to Nic and Steve, entered bills, Letter's to all customer, newsletter online, spoke with Splitrock and about 6 customers from replies to gisco announcement - or voice mail, JCC job fair conversation and letter to JCC about dr. moore's sabatical request., SWNS upgrade research, Email/Newsgroups, enter bills, shop at staples, Online issues, RadLog, cvx training, Talk w/ Robby re: The Border. He said he would look into it and call them back., Plan mail server change over, Answered "Ask us a ?" e-mails., General calls, Lowville was down, Checked voice mail., Working with Matt to setup his new laptop, Finishing up customizable, and savable searchs, Tim Badour, Plattsburgh, Lunch meeting (cont. from above), Called expring users., Provisioning Setup, Fairly busy with calls., TIIC Tourism Council DB,