| Blog News Main Page |
NEWS FROM 2006-03-25
Blog Entry: 3/25/2006 1:41:49 PM
Disallowed Parent Path
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.
When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.
If it is not enabled on you server you will have to ask your host to enable parent paths for your website.
This is what the settings screen looks like on an XP Machine
It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.
Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.
Hosting companies should if they are serious about hosting ASP.
If they won't your only option is to go through all the code and convert the file includes to virtual includes.
The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)
Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc
Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.
In my opinion virtual includes are pretty useless for commercial web based applications... Since you don't know where the customers plan to install the apps.cwilliams38391.6033101852,
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.
The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->
But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this
<!--#include virtual = "/somedirectory/somefile.asp"-->
Weird things happening, when I upload using the vb method the image fails and error is that the image was empty.
Utilizing ASPUpload and after clicking upload file I get a blank screen, no preview, no nothing (it loads with the proper header/footer) but a completely blank body.
well, I think John just told you what the deal is. He knows more about ASP.NET than anyone else I know.
If you are going to run a non-standard setup then you are going to have big problems like you are having. ,
I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.
Thanks for the help.,
No, only ".asp" files can be protected. It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.,
To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.
Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.
Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.
In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc
If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.
For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.
Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://
cool.. let see if that works. This was the command line that I had to enter in order for it to register. Chris, as you stated before, you can try one of the other emailers, but you need a email server to tie to.
What other information do you have ?
Details are very important.
Info on situations where it works... like OS, browser version.. etc etc
Info on situations where it does not work... same stuff
size of the PDF files ?
server info ?
Maybe protect a page and offer a PDF file so myself and some of the forum users can try it and report back what happens.
Also, Many people zip up PDF files when letting people download them as browsers can act pretty odd at times with them. Perhaps that is an option., you can whatever you like but like I said those gif files are already in the correct place. The log parser is messing up. ,
I have been looking over the code and also doing some tests.
So far everything in the code looks correct and everything I have tried has worked correctly. If I select an access level and active users it is not sending emails to inactive users as you stated.
Are you using the option pack ?cwilliams38103.9618402778,
Sorry, I forgot about that when I got hung up on the install problem.
I'll tackle your explanation now to see if I can get it working. Since I already bought the software I'll keep my fingers crossed.
Thanks, I use the group feature and would like to know if it is possible to change or delete members from a group in bulk. For example if I have 200 users registered for group 1 and 3 how could I delete all members from group 3 in one pass rather than editing 200 individual members?,
I dont understand why I would get an error? -- I'm not sending the email from internal - so why would it try to validate?
I'm trying to send an email to an independent place - just like I would send an email to you
Am I using the wrong email setting - should I be doing something other than using "remote server" ,
I am confused.
Humm, how did ASPBanner 8 come with your purchase of ASPProtect ? That is not something I am aware of or something I do. Please provide more information on how you obtained ASPBanner 8. If I gave yu a copy for some reason please refresh my memory so I can go look up th emails about it. I need to know you have a valid license.
Now, as for the two not working together and the login screens messing with each other. I am even more confused. Tell me more as I just do not understand what you did ? ASPBanner has it's own user database and login system so there is no reason you should be mixing the two together as far as logins go. The two applications can certainly be in the same web together and not bother each other. ASPBanner can certainly serve banners to any pages you protect with ASPProtect or don't protect, but you certainly should not be protecting any ASPBanner code with ASPProtect code. ASPBanner already has code in it to do that. If that is the case don't do that. ASPProtect is not meant to protect code that already has a login system. That should just be obvious as far as I am concerned and hopefully you dintn't try to do that., how would anyone recommend i go about setting a different expiration date for each group a user may belong to?, If you want to have a login form on a non protected page that posts
(you said you just put the directory in there but there must be more too this than that)
But again, tell me more. I can't really know everything ??
I just dont see how your ASPProtect pages could be effected by ASPBanner unless you really did something wacky like included the ASPBanner "check_user_inc.asp" instead of the one that comes with ASPProtect or overwrote it... etc ect
If in the same web aspprotect can be wherever and aspbanner needs to be in a folder called "aspbanner". There should be no conflicts under normal use and the two will essentially run seperate of one another.
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure the page you send them to is protected by the "check_user_inc.asp" file.
cwilliams38411.453912037, humm, I am curious
<table border="0" width="400" height="200" bgcolor="#000000">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<table border="0" bgcolor="#C0C0C0">
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
<p> <input type="submit" value="Login"></p>
If these people are employees and sales reps why are are you using expiration dates at all ? and why the renewing issues... etc etc
I am sure there is a reason but you did not explain.
it might help me to better understand and possibly think about new features for new versions in the future.,
yea.. it sounds like aspimage is not working right.
You wont get any errors..
I would suggest using some of aspimage's sample asp pages in your web and see if they do their thing. You need to be sure aspimage is working correctly under the ,ost simple of circumstances
Though ASPImage is the standard in ASP image resizing and has been around forever and it works very well. Their support is almost non-existant.. in 6 years they have never answered any email I have sent them. I have sent them 6 or so over the years and then just stopped trying. I bought a server bundle too way back then for like 300.00 or so when we had a company called gisco. You would think they could answer my emails. I think that guy just made a ton of asp components back in the day and then just took a seriously long vacation. Updated them a few times in between when he felt like it and making good money the whole time.. More power too him I guess. I'd love to be in his shoes when he sells an enterprise license for 3000.00. Maybe he isn't even around anymore and the someone he knows just kept the sales going. Who knows.., FYI. There is a typo in the upgrade (6.0 to 7.0) instructions. It specifies adding a field named "passwords". Should be "password".,
Anyway... it does a great job when ya get it working.
Personally this is how I install it and it works every time.
I like to put their dll in the system32 folder.
Run their licensing prog to make it a full version if you paid for it yet.
Right click on the dll and give the "everyone" account modify permissions
Right click on the "windows/temp" folder and give it the same permissions
While attempting the database connection test, I receive the following error:
Server Error in '/' Application.
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Security error.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[SecurityException: Security error.]
aspprotectnet.DBConnectTest.Page_Load(Object sender, EventArgs e) +0
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplicati on+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300
My guess is that this is an issue with the fact that I'm in a shared hosting environment that is restricted by CAS. Before I move to a dedicated server, I'd like to verify that this is the issue. I'd appreciate your input.
My host is 1and1 Internet. You may find this FAQ helpful: http://faq.1and1.com/scripting_languages_supported/_net/16.h tml.
, new version is still not finshed as of the end of the year... I am not going to release it until I feel it is ready.,
in the version you have changing it is not something we covered
I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
We can't seem to find the purchase emails for this install of ASPProtect.
It would have been in May 2004 for NetOptions LLC or CareerMatrix.com
We noticed it should have been v6 of ASPProtect.
Can you resend the download links?, Here is an example of a query I made in MSACCESS that deletes all users that belong to Group ID of 3. I used the graphical query designer in MSACCESS to do this. Took a few minutes.
Because of the way groups are stored in the Groups fields you have to use the InStr function to determine if the user is part of a particular group
We are deleting all users that of Group ID of 1 so we look for *3* in this example
The SQL statement for a MSSQL database may be slightly different but the general Idea is the same
The SQL statment used in an ".asp" page will be very similar as well.
SQL Statements are the TRUE POWER of working with databases. They are something everyone should learn to work with because they allow you to do some very powerful things.,
yeah.. I cant say for sure.. as I have never really tried to get it working in xp pro.
Last time I actually used cdonts locally was on a 2000 box
I would do a google search on xp pro, smtp service, and cdonts and let us know what you find out.
All of our apps can use free 3rd part emailing components as well so maybe try some of those. Course you need a valid email server to connect to.
I just purchased the software and it looks great however, I have been fighting for 4 hours trying to get a protected page to do what it is supposed to.
I was trying the examples you provided and they worked fine, then I would use the code at the top of my pages with no luck.
When I installed the software, I used an FTP package as I have found lately that anything with a database gets all messed up when I publish with FP.
On a whim, I took the page I was publishing in FP and published the same page with my FTP program. It worked! What I can't figure out is what FP does to the files to screw them up so they won't function. Is there a setting in FP that I have to change to get it to work? The files look the same, but they are different sizes when I overwrite them with FTP.
Any ideas? I don't want to have to publish my entire site with FTP as it is a FP template site.
When a user 1st signs up a proper case function is run on certain fields.
This is only once on user signup and never done in the admin area.
It's goal is to keep things entered in Proper Case,
so if someone enters "chris williams" it becomes "Chris Williams"
It's not perfect but it helps a lot to keep the data clean and more consistent. Since it only happens during registration those values can be changed later by the admin or the user if someone wants to.
The function is only applied to the fields that it makes sense to apply it to....
In your case adding a drop down menu means you want exactly what is in your drop down to appear so you wouldn't want it happening.
That being said, it is really easy to remove this situation from any field it is happening to during registration.
So edit "users/add_new_account.asp" with a text editor
CmdAddUser.Fields("Company_Name") = PCase(Company_Name)
and change it to
CmdAddUser.Fields("Company_Name") = Company_Name
That is all that is needed to made the change
In my search for a product to administer my banners I came across ASPBanner. In my site: http://www.lovenest.co.il
I have 3 locations for banners:
In the top section a big banner and a small banner
At the bottom a serie of 5 banners.
My question: is it possible to place a list of banners (let's say 8 banners) and randomally pull 5 banners each time the page loads?
If yes please explain in detail.
, you have to do it like I show above... your not specifying the field name to be searched in the instr function so what you just showed me will not do anything
I'm in a bind cause I'm supposed to be launching on Monday!? I have four different subscriptions set up in ASPProtect and I'm going to 2Checkout for payment. When I go to 2checkout I have the same 4 subscriptions setup.
How does ASPProtect know what product id to use in 2Checkout?
I have the redirect setup etc. but it's using the default URL in 2checkout and not the product(Subscriptions). The only way I can tell what the user selects is from the price... and I'm specifying the time period, the cost, group in the 2checkout1.asp but I'm not getting the user set for the periods either.... my main problem is the interface to 2checkout... I think if a product id is added somehow it might work. What can I do?
You also should not have the > 0 stuff in the function because it is testing the result of the function.
You have to do it just like I showed , Hi there...
I'm using the gallery script with ASPImage for uploading and resizing.
I bought this script and the componant for the the auto-thumbnailing
feature, and it is indeed uploading and resizing and creating a
But the thumbnail is *tiny* at 64px wide. I need to change the width,
but I can't find anything in ASP Gallery or ASPImage to indicate where
that width is set. Can anyone help?
, The way the application works is one separate installation and database is required for each (IIS Application).... not only is it a licensing thing but it is also the nature of (forms based authentication) because every application in IIS has it's own set of application and session variables and they can not be shared with other various IIS applications.
That being said if you plan to run a separate install for each web/IIS application buying new licenses is fine
If you want to run one installation and database and share that with other web.IIS applications it is not technically possible.
Each web/IIS application requires a seperate install of ASPProtect.NET, I will give you permission to move it since you asked.,
Things have now changed I found out godaddy has persitis aspUPload and aspjpeg as value added products, I have the aspjpeg working but have been unable to upload when using aspUPload, everything works fine with the vbscript method so I think my permissions are correct. Whenever you get a chance, any help would be appreciated.
I believe I'm having trouble with Domain masking in that it appears to affect the ASP Photo Gallery login screen.
My address is forwarded and masked by my domain "company" (in this case: Godaddy.com). It is forwarded to a Win2000 Server running at my static home IP.
From outside of my network, the website appears to work fine...even the default.asp page works to the point of the login page. After entering a login and password - you hit the login button and the page simply reloads only with all of the header and footer information removed.
I found that by eliminating the domain masking feature at the domain company, the problem gets eliminated and the entrie site works fine.
Has anyone else run into this problem? I'm guessing it's the way the domain name is held in the browser cache but I'm not sure how to resolve it so that the ASPPhotoGallery scripts and pointers work correctly.
While my host says the permissions are now correct....its still trying to download the setup ASP file instead of executing it.
I really need to get this application working asap too. I noticed the purchasing page said that install came free.....so any help would reaallly be great.
We do not support customization of the code or any custom coding you may end up doing with Visual Studio.NET. However, if you can show me that the application functions incorrectly in its default unmodified form I can help. If not it has to be something you did most likely., [QUOTE=afifm]
Though I do not if it is the issue, mixing c# and vb.net in the same project can be tricky if not problematic. Itís definitely just not something I can support.
If you have not seen it we have tuturial on setting up the project in visual studio.net.
I would suggest starting with a clean installation. Test everything to make sure the things you say are ok or not. (if not post here about it) Then try your hand at editing the application and compiling it. Keep the c# out of the mix at 1st.
I am not even sure if adding c# to the same project is feasable.
(maybe it is , maybe it isn't)
That being said.. ASPProtect.NET can of course be used to protect pages using c#. But compiling the ASPProtect.NET project with C# code added sounds a bit iffy to me. We wrote the application in VB.NET so you really need to use vb.net when making changes to it.
I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
<!--#include virtual="/Auth/check_user_Code.asp" -->
My Protected stuff here
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
I just added couple of lines and it works fine
If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then ,
' Session("PasswordAccess") = "Yes"
SearchFlag = true
1st off.. you appear to have some strange things going on with that domain. Looks like you have a frameset and are loading another domain in it which is always confuding especially if you are running the site off your home computer or something... I am not sure
If I go to
and click on the "familiy" category
then right click on a broken image.. look at properties
Your linking the image to your localhost
and that is wrong, just like I said above
Nobody running the site off any computer but your development machine is going to see those pictures because the url isnt valid for them
My guess is in the settings you have the "PictureURL" set to
when it should be
Good luck with this.. I am going to the bar.
If you need more help I probably will not be available until Monday.
I only just purchased the product and I would be very keen to
a) is the upgrade available very soon as I don't want to spend the time developing one and than find the other released shortly &
b) would I only need to pay the difference for the upgrade or have I already downloaded the upgrade already.
I cant see what version I current have.
I look forward to your response.ripcurlsurf38138.816099537,
Timecard Entry: 3/25/2006 1:41:49 PM
Finished converstion of Dynoport database. Lisa in office, explaining what else has to be added to complete database, upload pictures, etc., Talked to Pam Nalbone RE DB conversion., Put together the other desks that were left over to be done yet, helped a user with his modem. a couple people with billing questions, Tons of it. Particularly to realtors to answer concerns/questions., working on finishing up new work request system (internal, billable, programming), Site design for niagaramls.com, emails and voicemail for Paul, Completed cash flow reports, helped Tara on network printing problem, clatyon to watertown, working with ken on internet matinence, HB paid bills, entered bills, filed, mail server down, lots of calls
I didn't do them till I got home, but I couldn't put 2 timecards in for today., lunch emails , lunch, technical support supervisor. emonitor, radlog, dial up issues, ask us a questions, incoming calls, emails, took mostly incoming calls ... helped techs as needed .. open incidents started as well. , work on requirements for changing stuff in syracuse to room down stairs, lunch , phones, radlog, ,