| Blog News Main Page |
NEWS FROM 2006-03-25
Blog Entry: 3/25/2006 1:42:05 PM
that wont work the way you did it because groups are not stored like like.
groups are stored "*1*"
so if you test for them you must do so using the InStr function of vbscript
If InStr(Session("Groups"),"*1*") Then
' do whatever
also.. as for the session variable
it should be Session("Groups")
And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved,
Session("Groups") = CmdCheckUser("Groups")
If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value
I Dont know... it shouldnt do anything like that.
if it ever asks to download a aspx or asp page its generally a server configuration issue not related to the actual code
Because employees and sales reps might leave or go to work at competitors without our knowledge and we can't have them get an perm account so we need to implement some sort of expiry and then review their account with them.,
Microsoft has a free version of SQL server 2000 than you can run on a development machine.
This is really the same thing as the MSDN version of SQL server that comes with Visual Studio
No single database can exceed 2 gigabytes in size. However, each Desktop Engine server instance can contain many databases, each of which can be up to 2 gigabytes in size. Each computer can host up to sixteen instances of Desktop Engine.
Performance will rapidly decline when more than five simultaneous users use the database engine at the same time. With five users or less Desktop Engine will operate with full SQL Server speed.
It is limited in two ways.
After you install this your going to need a way to connect to your sql server as well as a way to run queires on it.
I suggest either install the client tools off any SQL 2000 Installation Disc (giving you enterprise manager and query manager)
or use the FREE SQL Server Web Data Administrator which will do amost everything you will need to do. It is really very slick
http://support.cjwsoft.com/forum/forum_posts.asp?TID=127& ; ; ;PN=1
Then you have a pretty sweet setup for testing and developing locally using SQL server.
If you are wondering why someone with a real SQL Server 2000 cd wouldn't just install the real SQL server locally it is because the server part will usually not install on XP Pro or non server versions of windows for licensing reasons. (at least every SQL 2000 CD I have is like that regardless of whether it is standard or enterprise) But the client side tools on the cd are invaluable so I just install the Desktop Version of SQL along with the client side tools and everything works great., oh, its timing out during the import ??
I didnt know that. I thought you said it was timing out after when you tried to log in.
That changes everything...
Let me start again cause I think I know the problem., You are right.
I have SQL server.
From August to today I have used a very simple login system and now I come back to you for better.
I can insert, edit, delete users but it happens what I mentioned in my first message.
also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I donít know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...cwilliams38391.6024189815, its no different than linking to an image or another page. you have to adjust the path to the include file based on what directory you are in.. or you get an error
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ????
This is noted in the admin area on the code generator page which also gives you 2 examples of ways of calling the server side include. (Virtual or File include)
These threads below are also full of info. I found them by doing a quick search and they should help you out as well.
http://support.cjwsoft.com/code/code_info.asp?TID=236&KW =The+include+file , I believe that solved the problem as I have not heard from this person since I sent him the code.,
I did learn that parent paths were disabled on my test 2003 server...
But on the hosted server, it looks like parent paths are supported as I change the file location of the language file in the forum common.asp as such, and obviously moved the file as well:
<!--#include file="language_files/language_file_inc.asp" -->
<!--#include file="../language_file_inc.asp" -->
Everything seems to work fine and I thank you very much for you quick response!!!
Ok, time to buy...thanks again!
thx, thats a known error I forgot about.
I just updated the zip archive so the error is gone but if you bought ASPBanner Unlimited Version 7.3 Before April/06/2004 you can optionally apply the fix.
To fix it (only if you want to use the option explicit method of calling banners and not even a really necessary fix as this is just an error in the generated code your supposed to use)
Just edit aspbanner/zones.asp with a text editor.cwilliams38209.9251851852, ok, Has this been resolved ?,
Where you see the double dim carefully remove one of the "dim" s and save the file.
sure (XP PRO), see my article on that
Thanks for the quick reply!
I was thinking it was an ASP config/install issue.
I usually deal with Linux/PHP, so this is all new to me :),
sure, there are reasons AOL would block the email.. it might think it is spam or it might not like the fact that fact that a cdonts generated email has no MX records because it can not..
for more on MX records read my CDOSYS article
as far as the emails not being sent because notifications are off. I was not aware of that and will try to look into it.. Version 6 is no longer worked on but if I can find the time I will check that out
You might just learn something and actually get your project finished before 2010
your over there hacking away on your virus infested WaReZ machine
LOL thanks for the good laugh-- i guess its time to do some reading and making my own mods to the program..
btw i never insulted cafrepress.. not sure where you got that from- just advised that what they have is exactly what i want to have done. How much for your service?, No, Unfortunately.
I have seen your messages.
I have not edited the code at all.
Tomorrow I will install the sql database again from your script as I
did before and I will try again. I will send all the details.
Thank you again.
one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.
perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation
If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.
<table border="0" width="400" height="200" bgcolor="#000000">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<table border="0" bgcolor="#C0C0C0">
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
<p> <input type="submit" value="Login"></p>
No changes to any scripts - just a response.write added to Email_Password.asp to print out the SQL.
Sure - here's the address.
P.S. E-mail address to look for is email@example.com,
here is the answer
CDONTS (Colloaborative Data Objects for NT Server) is a feature of NT and W2K that allows you to easily send mail from a web page using the SMTP server. The simplicity of the code and widespread availability of free scripts employing CDONTS has resulted in CDONTS being widely adopted.
Quite a surprise to many administrators to discover that IIS 5.1 does not support CDONTS as do IIS 4.0 and IIS 5.0. This has been replaced by CDOSYS which appears to have more capability, but it is not quite as simple to use. See: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q195 683 for more details.
You can enable CDONTS on XP by copying CDONTS.DLL from a Windows 2000 installation to your XP systemís Windows\System32 folder (default name). Then at command prompt Windows\System32 run REGSRV32 CDONTS.DLL. The extent of my testing on this was to deliver one piece of mail, so this should not be construed as a complete analysis of the effectiveness of this technique. cwilliams38392.8260300926,
I assume you mean 500 pixels wide
no.. because you cant reliably tell a pictures image width without an image resizing component to look it up.. asp can not do things like that on its own
serverobjects has a free component called "imagesize" that can do it as well but you need access to the server to install the component
so if you cant do that with regular asp code you definetly can not stop the upload proces because the picture is too wide..
heck, that would be nearly imposible to do regardless.. even with the best 3rd party components at your disposal
even with an image resizing component you would have to allow the upload.. then check the pixel width.. then delete it.. tell the user what is going on...etc etc .. all a very complicated process
If I would like a link on my web page that will take someone to the login page (I would also like this page to contain forgot passord? and register) I am not entirely clear what file to link to to do this. Would it be check_user_inc.asp?
Thanks in advance?
When I add a user, I can not activat it.
It sends me back to log on and will now allow me to log in as admin???
I can restart the APP and log in as Admin, but the user I added
is still not activated??
My system will also not allow me to set the Stay Loged in FLag.
It just ignores it....
, It runs on either... I used IIS
I dont remember much about installing it except it went pretty smoothly / no issues, it makes zero sense really... in the 4 years we have sold this application this is really the weirdest thing anyone has had happen..,
I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it., SQL server hotel ehh ? Humm that sounds bad whatever that is ?
What you want to do... logging them in under https and then having them continue though the site under http is not possible.
It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.
In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).
Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.
If you want them logging in under SSL you need to keep them under SSL.
That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.
Is that a real term or just something you named it cause they have like a zillion people using that SQL server? I have never heard of that name ?,
Right, I've done that. My concern is that it will time out again while I'm trying to import the file.
The import/export manager does not show up under the users tab when I log in normally. I have to pull up the page in frontpage and then preview it a browser to get it to show.,
BTW.. I dont know what is going on But I keep getting all these returned emails. My forum is sending you emails and they are coming back as undeliverable saying your storage space is exceeded on your server.
Could not deliver message to the following recipient(s):
Failed Recipient: firstname.lastname@example.org
Reason: Remote host said: 552 Requested mail action aborted: exceeded storage allocation
-- The header and top 20 lines of the message follows --
Received: from server.powerasp.com [126.96.36.199] by mail.cjwsoft.com with SMTP;
Thu, 28 Apr 2005 15:34:44 -0400
From: "CJWSoft Support Info" <email@example.com>
Subject: CJWSoft Support Info : Thumbnail creation
Date: Thu, 28 Apr 2005 15:34:44 -0400
Hi srgould41,<br /><br />A message has been posted in the info area on CJWSoft Support Info that you asked us to keep an eye on.<br /><br />To view and/or reply to the info then click on the link below : -<br /><a href="http://support.cjwsoft.com/code/code_info.asp?TID=249& amp;TPN=1">http://support.cjwsoft.com/code/code_info.asp? TID=249&TPN=1</a><br /><br />If you no-longer wish to recieve email notification for this Info or Infor Area click on the link below : -<br /><a href="http://support.cjwsoft.com/code/email_notify.asp?TID=2 49&FID=4&M=Unsubscribe">http://support.cjwsoft.co m/code/email_notify.asp?TID=249&FID=4&M=Unsubscribe& lt;/a><br /><br /><hr /><br /><b>Information Area:</b> ASP Photo Gallery Pro Version<br /><b>Info:</b> Thumbnail creation<br /><b>By:</b> cwilliams<br /><br /><P>trust me, they (serverobjects) does not check.. as a matter of fact they havent answered support emails for about 3 years. All they do is sell that crap and forget the customer. But the stuff does work well and always has. (that guy took all the money he made/makes from those components and took off to Jamaica or something sitting on the beach drinking margaritas)<BR><BR>regardless,<BR>ASP just cant resize pictures on it's own. <BR>It' just not possible. You need a 3rd Party component.<BR><BR>There isn't much to say about the ASP.NET thing.<BR><BR>If your server has ASP.NET installed (meaning you can run aspx pages on your server and the ASP.NET framework is installed) and running you just pick that option in the config file and ASP Photo Gallery will use ASP.NET to make dynamic thumbnails for you.<BR><BR>To run ASP.NET it must be a 2000 or 2003 server.</P>
Understood.... can you point me to a place where there are other methods of calling banners? Do you mean not use Flash? I am new to this and will need some pushing over the cliff!
ok.. Chris.. I am now kicking myself in the butt. In the setting section, I had to redirect certain urls and directories to the right spot. I forgot that I renamed the root folder.
Thank you, thus far for your continued help. It is greatly appreciate.
, While I originally thought the login form on a non-protected page idea may be similar in setup to how our Classic ASP version of ASPProtect works I could not have been more incorrect. Truth is I forgot that it works a lot differently.
ASP.NET Web forms are meant to post to themselves and there is thing called the viewstate. (google it.. its a hidden variable the server creates in the form code that is required when the form posts back to itself.. and hold all sorts of information the server uses) Doing what you are asking about means disabling the viewstate and that can have big consequences and break certain things.
Basically you cant just put a form on a non-protected page and post to a protected page if the viewstate is enabled. Disabling it can break certain web controls like data grids .etc etc.. and can also have an effect on how the session is managed at the site and sometimes disabling it is not possible depending on what is going on cause you need it.
I am still doing research on the whole thing, but it looks to me like doing that is going to have a tradeoff of some sort.
That does not mean this isn't possible somehow. I am still researching and I am also going to see what John Evans thinks.
I told you .NET was complicated.
As for your other question that is something you have to sort out on your own by editing the code and recompiling it based on your custom project needs. It is not something I can help you with. ,
I would say that it isn't all that difficult using mySQL for the backend....the main thing is to make sure you set the primary keys for auto-incrementing in your database. Alos need to make sure that any DELETE SQL statements are formatted like this
DELETE FROM tblName WHERE tblField=SomeValue
DELETE * FROM tblName WHERE tblField=SomeValue
The same holds true for using MSSQL,
When did you download the ASPProtect Version 7 zip file ?
what did you enter as a wrong password to make that happen ?
does it it do it when other wrong passwords are entered ?
How to set a new users expiration date.
You'll need to edit the "users/add_new_account.asp" with a text editor.
Find this section..
CmdAddUser.Fields("ValidateEmailCode") = ValidateEmailCode
CmdAddUser.Fields("Access_Level") = ""
' PUT YOUR CODE HERE
ID = CmdAdduser("ID")
Set CmdAdduser = Nothing
Set ConnPasswords = Nothing
You'll want to add code like this right between the Acccess_Level and Updates section
CmdAddUser.Fields("Expiration_Date") = Date + 60cwilliams38403.6828587963,
That will give take todays date and add 60 days to it.
You can of course do whatever you want here.
Actually, any database value for the user can be set during registration.
You can also change the default Access_Level to whatever you like.
you password protect an asp page in your site "where that is is up to you"
then you link them there from your own pages
thats all there is to it
is that what you are asking?
Additionally...any page you password protect automatically becomes a login page... where you want to start and where you send them after or before login is something you have to handle on your own
Any pages you pasword protect will prompt the user for login info if they are not yet logged in that is.
Then once logged in it returns them to the same page they are showing the page content as it would normally appear.
Advertising ?? oh really.,
It was named that because that way if you already have a login.aspx file for whatever reason it does not interfere which is a good thing. It has nothing to do with advertising.
Next off you never mentioned having an issue with it saying aspprotect in it. I am EXTREMELY clear about what I support and do not regarding ASPProtect.NET. If you are upset because I didn't tell you exactly what to edit and change in visual studio.net and hold your hand you are out of line. My god, I sent you to like the best and most detailed tutorial on how to setup and use the application with VS.NET that could ever exist. That took forever to put together. I even responded to your post on Christmas on a Sunday. I doubt too many companies would have responded on Christmas.
More importantly than that when you purchase code from CJWSoft you are purchasing digital source code and there are no refunds. Every single page in the CJWSoft family states that very cleary in the footer. I do not appretiate it when someone threatens a chargeback and as far as I am concerned anyone that does that is commiting a crime of theft. I also do not appretiate smart comments saying it's "obvious" etc etc
If you wanted to strike a nerve with me you did. If you want to commit a crime and be a thief that is your business as well. Obviously I can not stop that and the credit card company will take your side. I work very hard on the source code I sell and my policies on everything are VERY clear.
Calling the credit card company ??
nice, real nice
((TITLE EDITED BY ADMIN))
it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.
Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...
Timecard Entry: 3/25/2006 1:42:06 PM
java training, talked one customer out of switching to aol. more calls about clayton, Added three fields to softmls database and all reports to include Network Solutions passwords and our charges for adding advertising to the sites, Team Meeting, entries to Verizon analysis spreadsheet, continued to clean sink and mopped the floor. Took in some easy calls and kept eye on all activities., TICC a/r deposit, USA1Net affidavits of publication, loaded up Paul's truck with stuff for Watertown, Review Bills w/ Carol. Generate invoices for customers and setup new info on IBS Telecom., BERNIERCARR.COM DATA ENTRY, E-Mail, Voice-Mail, Follow-up, Meeting with Tim regarding MBO, Nortel phone meeting with Randy and Darrell.....well sorta we spent most of the time trying to hunt them down, billing issues, lots of invoices, cancels, worked on why some asp sites on raptor werent working., fixed some more issues with imail from the cutover., helped a few customers with email, Audit stuff, AR-people calling on statements, *TaskForce: Office Addin Development, Nortel CI, Started to answer my list for the day, Prepare dba Vermont materials, Pulled cards on the microcom in Clayton., Ans phones and taking appl. ans. billing questions., MS Tech Support re: FPSE, same as above, Prepare for meeting with JCIDA, lunch, sign ups, billing questions, info into computer,