Blog Entry: 3/25/2006 1:45:39 PM
Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server? I get the following error:
Parser Error Message: Cannot use a leading .. to exit above the top directory.
Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %>
Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess>
I think I've found the problem..
The password "abcdefgh" works
The password "abcdefghi" does not
Passwords can obviously only contain up to and including 8 characters... By some coincidence I only used short passwords with MS Access.
<%@ LANGUAGE="VBSCRIPT" %>, I've been working on it for quite some time.... doesn't seem to be working as of yet :(,
I checked through the code and could not find anything as well.
However, I do think it may be related somehow to the code as I get the messages popping up in the error log only after I have edited a banner.
If there is nothing obvious, I may just set my error log to filter and automatically delete this type of error. Not something I prefer to do.
Thanks for the quick response.
Otherwise the program is working very well and I'm happy with it.
Good Morning - I am receiving an Http 500 internal server error when I go to add a new user via the register.asp page. the url when the error appears is: .../users/add_new_account.asp
I think the error has to do with my email component setting - becuase it works fine otherwise.
I have the email component setting set to CDOSYS (using remote server) with the mail.remote.server set to email.cidra.com - email address set to firstname.lastname@example.org
Note: I receive the email notification and the user does get added.
Can you help please? Shirley
UPDATE...I just figured out that it only errors when the email address I use for the user is NOT from cidra.com -- Any idea why?
Sounds cool.. post info when you get it sorted out
hopefully someday I'll get the new version finished.. I just never seem to have time. Lately ASPProtect takes up all my time and now aspclassifieds seems to be in need of a new version more so than asp photo gallery
New Features added to 7.x
- Entire application gone through and updated.
- New graphics, new look and feel
Passwords and Cookies are now encrypted using separate keys individual to each customer install.
- Groups Feature... powerful way to protect pages based on group access
- Ability to upload a picture for each user.
- New printable profile user screen.
- Supports 13 email components as well as outgoing authentication for a few of the email components
- New Lockout option. "However many" try’s to login and you are locked out for a certain amount of time.
- PayPal signup routines for both single payments and subscriptions integrated into the application. Everything is handled automatically. Charging for membership couldn't be easier.
- New Newsletter Feature allows you to send newsletters to those subscribed.
- New ability to Email users soon to expire
- HTML emailing for people using CDOSYS. This includes an inline html editor so you can send out some really professional looking emails.
- Ability to redirect a user anywhere on 1st login
- Option to turn off Login Remember Me Feature
- Login Form now very easy to edit
- All paths for places that need permissions can be easily changed.
- Works with Parent Paths Disabled on the web server.
- Company Name is now an optional field
- All date functions now internationl date friendly
- Password conversion routine to upgrade existing users to the password encryption
- Import / Export of user database built in
- Protection Code Generators
- Mass email users incuding ability to send them usernames and passwords all at one time.
- Option to not allow concurrent logins by the same username
- Optional feature to keep track of recent users that have logged in as well as allow you to view the information.
- Optional feature to keep track of recent users that have logged in, what pages they accessed, and when, as well as allow you to view the information.
- Ability to protect other files types other than just protecting the viewing of the ".asp" pages. We provide working example code showing you how to protect images and file downloads in your protected ".asp" pages. You can protect nearly any type of file from downloading and viewing. (gif, bmp, jpg, zip, exe, pdf, rar, mp3,etc..)
Where is the system getting the random user name and password, and why does it keep selecting the same user name and password every time?
, ok, I got it all sorted out for you and aspupload seems to be working now.
Basically they seem to have an odd version of it installed and I had to tweak the code a little. I also uploaded the server info page in the admin area to test for it.
Just back up the gallery folder so you have a backup copy of the modified code.
any asp code that accesses an access database, writes to text files, or allows for picture uploading will need permissions set on certain directories,
every application out there is going to need permissions set at some point
its just a fact.. and if your hosting company does not give you a way to manage permissions or have it done when you ask they do not know what they are doing and they are not supporting your asp hosting needs
see my article for more info on the whole process
the part newar the bottom talks about hosting companies
Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?
I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?,
I actually did not think you did.
As far as debugging goes.. thats all built into visual studio.net.
There is a tag you edit in the web.config file to enable project debugging
Like I said though for changes to ASPProtect.NET I'd start off from scratch and stick with vb.net... using the visual.studio.net interface is not really vary hard to remove and change things you dont' need even if you are a C# coder. Especially simple stuff like you mentioned.,
More Upgrade Info
To upgrade an existing ASPBanner system please follow these steps.
Back up your old system completely before starting.
Install the new system per the installation instructions that came with it.cwilliams38211.7525231481,
Once it is running simply use your old ASPBanner database with the new system.
You may also want to keep your banner images folder from before in the same location so your existing banners still link to valid image urls because the new system stores banner images in a new location.
Since the config table in the database is no longer used you will need to go to the settings screen of aspbanner again and configure things. The config table in your old database can be deleted or left alone. It won't be used anymore so it does not matter either way.
That is all there is to it. If you have any issues please ask in the forums and we will help you out.
You really should check out the documentation regarding the config file before you go any farther.
If the server supports ASP.NET you do not have to spend any money to have real fast loading thumbnails.
Also, licenses of ASPImage only cost 69.95 and regardless any quality host supporting ASP should have one of the 3 supported resizing components installed or else you should consider a better host like www.alentus.com Places like that have good hosting prices and give you access to 3000.00 worth of 3rd party asp components.
I did learn that parent paths were disabled on my test 2003 server...
But on the hosted server, it looks like parent paths are supported as I change the file location of the language file in the forum common.asp as such, and obviously moved the file as well:
<!--#include file="language_files/language_file_inc.asp" -->
<!--#include file="../language_file_inc.asp" -->
Everything seems to work fine and I thank you very much for you quick response!!!
Ok, time to buy...thanks again!
It's probably something I could do for you as a custom project if you are interesting in paying to have that work done, but it is probably not something that will be added to this version of aspbanner as it is in my opinion a feature more suited for a more expensive software package.
It is also difficult to get ASP code to do things on it's own. Scheduling something to run on the server or some other clever scenario is necessary and that usually means it would be unique to each persons setup.
I did everything mentioned here but it do not work ;(,
yes. what you are talking about has to do with norton ad blocking software.. it blocks images or paths that have the word "ad" in them.. and you see red x's where images should be on web sites.. usually
it is different then what this thread initially mentions which has to do with a code/server issue with the application variables., As I'd said in my previous response, I found those databases and they didn't work. All three databases in asptest do work.,
That bit about zones makes perfect sense and seems surpassingly simple for me to integrate due to our categories and page contents being based on the same if/then functionality.
Regarding the user, I guess you mean that I could simply recreate a limited admin interface for users based on the interface you have included for me, is that correct? I realize how subjective the question is, but do you think that this would be a bad idea?
I'm leaning toward your software here. I have a budget that could easily cover a variety of programs, but the UI for advertisers at banmanpro, for example, seems far too complicated for my users. Also, banmanpro doesn't have supporting compatible softare I am interested in, such as your classifieds software.
I guess I am trying to buy a good shell from which I can do my own customization and coding, and into which I can integrate future additions such as your classified ads. Does this seem like the right place to be?
Thanks much for your time!, and when I go to your now.. its very fast again..,
This is what it says in that thread I pointed you to
This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.,
I really dont see what is confusing about it. I think I explained it all in detail in that thread.
I am having difficulty properly securing pdf's using 7.x
I used the example file and have been able to secure images and word
docs, but the pdf's give users the error "There was an error opening
this document. The file cannot be found."
The kicker -- it works fine on my computer, just not anyone else's. I
put a link up to the same file without any security and that works on
everyone's computer. The word file links and redirects work too. I've
tried my log-in on other computers, then attempting to download the pdf
and that doesn't work.
The client wants a site where users must register before downloading
pdf's. They should be able to view all the pages without registering.
I don't know what I'm doing wrong. But I can't complete the site until this issue is resolved.
that would probably work...
any ".aspx" page can grab that data after someone logs in..
anything you see set in the "aspprotectlogin.aspx.vb" file will be there
any data not set there would have to be added and then the project recomplied so that data gets saved...
All fixed and working
It worked after bout 15 minutes. I receive a response of *3*
However, when I log in as a user who is only a mamber of group1 I still get a response of *3*,
Thought that was already done....
Back to the drawing board...,
If you re-start the web via IIS, reboot the server, or (possibly) just add and remove a category... that will clear up.
ASPClassifieds and ASPListings must be installed in seperate IIS applications if they are the same web. Otherwise the category caching system of each system will interfere with each other. They were never intended to be installed in the same web together since ASPListings is merely a stripped down version of ASPClassifieds and they share a lot of the same code. Like I said though if different IIS applications are set up in the web site you can do it because each IIS application will have it's own set of application and session variables., It is common when testing a site that this happens because of the nature of session variables.
Admins have access to EVERYTHING so it is very important when testing different user accounts that you specifically log out... and then close every single browser window before logging in as a different user. This is to ensure session info from the previous user does not overlap in any areas.
(The session variable for admin access being the main one)
Under normal circumstances a user would not log in with many different accounts on the same computer this this would only be a problem for a developer who is testing.
So make sure you go to the to log-off page and log off.. then close all browser windows.. then test another user.
If all this is not the case then something else is going on and I will need more information. I pretty much know the level checking code for ASPProtect Version 6 is correct as there has been no reason to change any of it in over a year. I would have heard reports of problems with it. , I already gave execute permissions to the stored procedures and that
cleared up the first error, but the second one I still can't figure out., well, thats a network drive path and in my opinion a very poor way for them to have set things up. It can work as long as permissions get set there and they have the anonymous webserver accounts set up correctly to handle that scenario, but performance isn't the best because your accessing the access database over the network. Access databases are not just not meant to be connected to over the network in a web based scenario. Quality ASP hosting companies do not set up their servers that way and it can often be difficult to get things running as it is a more complex setup on their end. Meaning if they dont synchronize the IUSR_machine accounts correctly you'll have permission issues.
Everything is running fine.. I can read ads... reply to them. but when I click sign in or register.. I get a server error.
Thank You, "I can login for the first time."
when you say that what exactly does that mean, because in this version you do not just log in for the 1st time.
What I am saying is there are steps where you run a special page to intially get into the system, then you setup a new user, then you make them an admin, and then you can log in as them.
You left all of that out of your story...
I really need all details in order to help.. is this an upgrade or a new install, etc etc etc
I would also advise very carefully comparing the fields in your sql database to the sql creation scripts to make sure all the field settings are correct.
Lastly, please tell me what name/email you ordered the product under so I can check your purchase.
Thanks, O.K. , I register myself as a user. No problem, Iget an e-mail saying account active. No problem. I click the link in the e-mail. No problem. I click sign in and get this message. Big problem!!
Microsoft VBScript compilation error '800a0411'
/aspprotect/config_inc.asp, line 15
Dim Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page cwilliams38456.0969444444,
The hosting company has been doing some work apparently regarding the database connection issue. Still something is funky
When I type in www.vickerylightning.com/aspgallery/default.asp I get the custom 404 error page and I noticed that it is trying to open the following:
Is that what it is supposed to do?
Rhona, the rookie
, How about the option to add an unsubscribe link to the end of newsletters that are sent out and a function that will uncheck the newletter field for that record if they click on the link?
Michelle , My server is Server2003. I could not find the folder settings you mentioned. I did find a iuser which I added as specified. I retried to perform an upload. Still same message. But it does move the JPG to the picture folder. So, part of it is working. ,
the menu file.. "menu.asp" or something... just follow the logic of the code to find things like that. Look for server side include files and what not in the source code.
This is a good article on figuring out what pages to edit as well as other things.
If it was working and you changed code you could have possible messed up how all of that works... you may need to revert back and be really careful as you make changes testing every step of the way.cwilliams38308.0683449074, I down loaded your latest ASPProtect.NET_v1.4 and now when i try to get in the admin area it won't let me in. The admin box is selected in the database under the admin user and i can update my user information (password and Address, not username). Is there something that was changed on this version or is it more likely user error on my part? What do you think i should try first?,
Timecard Entry: 3/25/2006 1:45:39 PM
Checked modems, set up the Konice on Kelly, Beth, and Peggy's computers. Also installed modem and drivers on Beth's laptop. Took some tech calls also., course 3281 pspt training, Brownville Specialty Paper - Fixing secure server form., training plus chamber dinner, ribbon cutting, open house, E-mail, Not too busy... worked on expired users and other radlogs... checked Dial up Issues and the whatnot., Using vacation time instead of a sick day to complete a 40 hour week (because I have no more left). This ticket was de-authorized and resubmitted as Andrea requested., printed invoices and stuffed them, Making changes to Softvendor storefront software so that it works with new email component that we are going to start using. Also cleaning up the order process code so it is cleaner and easier for us to edit in the future., Schemrhorn landing- meeting today for training on upload manager
American Red cross- left
Cfm- foods- will be sending info for web site, WANs, ATM RFP, The phone calls were still non-stop and performed radlog checks when possible and called some of the multiple bp errors and expired accounts. Ron was on ICQ and was doing some radlog to help us out because of it being so busy. Stayed until 430 answering some of the overwhelming emails that we had, Reset Microcoms, Netservers, Total Controls, and Compaq modems., Review status of St. Lawrence Chamber and Watertown School District sites, Took in 4 calls., Follow up domain mod reqs., started daily, weekly, and monthly reports., working in VB for Heike on her project, Dave had his Web Cam on live feed., Evening Meeting, Billing calls, JCC Seminar, LUNCH, Balanced TICC checkbook to bank statement, seth needs some more ips for fishercast. added and routed. , Cleaned stations and monitors. Kept a close eye on emonitor as andy and ken transfered IMC server., dial up issues, radlog,, vacation day, researching cc verification software,