Home | Advertising Info92 USERS CURRENTLY ONLINE   
   Site Search Contact Us Wednesday, December 11, 2019  

vbscript active server pages ASP vbscript SQL database informix oracle SQL Server Perl CGI Delphi PHP source code code sample samples program CJWSoft ASPProtect ASPBanner ASPClassifieds

Blog Entry: 3/25/2006 1:37:52 PM

Thank you so so much! I went to the admin area and changed the email component from CDOSYS (using remote server) to CDOSYS (using port 25 forwarding) and all is working great now!

Again, thanks!

, Hi Chris,

I've got a page with a form that includes an input field with 'type="file"' for uploading an image.  The page posts back to itself to save the info to the database and run the code necessary to upload and resize the image.

I need to limit this page to a group.   So like usual, at the top of the page I put:
<% GROUPACCESS = "1" %>
<!--#INCLUDE FILE="../check_user_inc.asp"-->

This gives me the error: "Cannot call BinaryRead after using Request.Form collection"

I have used ASPUpload and SA-FileUP before and know that this is caused by the components having their own .form collection.  This script is using "Pure ASP File Upload" from DMXZone for the upload which I'm not familiar with. 

So...my question is, do you know a way around the BinaryRead problem wtih ASPProtect? 


P.S. PLEASE don't send me to DMXZone for help....they've got notoriously bad support!


Looks great. I can't wait until this will be released. Will there also be an easy way to migrate my current version ?



Hi - When I try the mass email feature, I get an error that says:

ODBC Microsoft access driver) too few parameters expected 1

/aspprotect/password/admin/send_mass_email.asp line 280

Oddly...this feature works fine when I use the original admin user that you setup. 

But I setup another one with my username and password (not test) - because I was afraid anything with "test" could get deleted. 

Any ideas on why the new admin userid would not work?  Note: I have not change any code from the original installation.


, Has this been resolved ?,

IT worked just as cwilliams said. I did see the IP address being stored in the table but it didn't dawn on me that it was tied in to the view count, I tried it from a different IP address and it worked great .

Good coding Christopher




Yeah, its a win2k server.

Im up and running now (my guess is ASP wasnt installed, but he did not say), but am not having luck with any of the email.  I contacted my host to see what is available and have yet to hear back.  Do you generally recommend people to run CDOSYS?

Ive been reading through the docs, and the users and protection seems to be pretty straightforward.   Nice!

The only other real question I have (and cant find in the docs) is how to remove the self registration option all togehter.  My client wants to add its users manually, and not give the option for them to sign up themselves.  Do I just find any remove any code that references it?


ok, I moved this thread..

The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.

The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)

That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing. 

Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.

Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"


Password = CmdDataExport("Password")


Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)

Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.

, Ok...thanks.,

I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database. 

How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'?

cwilliams38417.7773032407, I think I have successfully integrated Paypal but seem to have a slight issue. Once a person has entered the Paypal site but cancels their order, the ad is still placed on the site. The optimal way for my site to work would be to cancel the ad once the Paypal process has been cancelled. Any help would be great.




I understand.  I set it to a lower number that will hopefully be a good balance for the user.  I am simply AMAZED at what your software does and I thank you for all you have done.



Disallowed Parent Path

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory. 

When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.

If it is not enabled on you server you will have to ask your host to enable parent paths for your website.

This is what the settings screen looks like on an XP Machine

Additional Information:

It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.

Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.

Hosting companies should if they are serious about hosting ASP.

If they won't your only option is to go through all the code and convert the file includes to virtual includes.


The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)

Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc

Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.

In my opinion virtual includes are pretty useless for commercial web based applications...  Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.

For example...

The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->

But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this

<!--#include virtual = "/somedirectory/somefile.asp"-->

cwilliams38391.6033101852, [QUOTE=sdunham]

My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work.   I've tried many different options - here are two that are the closest - but have issues:

1. If I use the settings:

email component: aspemail

Mail remote server: my internal server name

*no smtp authentication

email mail notification - my email address on my internal server

***I get the following results:

       I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.

2. If i try to change the setting to use the Hosting Website email server - I get the following results:  I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.

**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.



The relay error is because when you send emails outside your email domain smtp authentication is required.

I suggest trying to use CDOSYS with the smtp authentication option. CDOSYS is on all servers by default and is really the way to go. Use a real email account and password to send the emails through the server.  Be sure to check smtp authentication for cdosys and to specify all that info for your email account and password in the settings screen.

If you want to know about CDOSYS read my article.


New Power Supply and a new (CPU Fan/Heat Sink) seemed to do the the trick. She's running like a champ now...

Hopefully it keeps doing so. Only time will tell.

It she's stable I can get back to designing some new software.


Sorry, I forgot about that when I got hung up on the install problem.

 I'll tackle your explanation now to see if I can get it working. Since I already bought the software I'll keep my fingers crossed.



Hi Chris,

The password is HANNAH.  If you're into trouble shooting mode and would like the key, I can send it to you.  If not, no big deal, I've email the guy a new password.  We'll see how many rounds it takes him to get it right. 


, This relates to a part of the new documentation that wasn't ready yet.
I just made a thread about it though.

Here you go.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=198& ; ;PN=1&TPN=1 cwilliams38419.5353587963, Personally, I think that is something you should work into your existing site code or something you should handle on your own.

It's basic site maintenance issues.. and something every webmaster must deal with on an individual basis. If you are going to upload a new version of some large file of course you should go disable wherever people are dloading it from and then wait/re upload/turn things back on.. etc etc

It is not going to be a feature of ASPProtect and I don't see why it should be. If you want to have some sort of global site is temporaily down thing you should have a common server side include on all your pages right after the password protection include file. In that include file you could easily stop site access with a response.end and also show a message.

Or you should disable a file download page manually on a file to file basis.

Really, big busy sites that have their sh*t together use versions of files for a reason. Every new upload is a slightly new version revision and has a slightly different file name They do this partially to eliminate the problem your talking about and also because that is the way it should be done. Nothing gets uploaded over itself ever. Even if there is a mistake in a file they upload a new revision and document it in the revision/changes file. And of course they dont show users a link to a new file revisions until it is uploaded.
, sorry for delay responding,

I got bombarded with support inquiries while I was gone and I missed this one since I been home.

Does the server_info.asp page I provide say that aspupload is indeed installed. Let's start there. ,
I had a question about user registration and how it works, mainly because I am having a problem.
When a user registers, with the email verification setting, I am assuming that there is supposed to be a new record created in the USERS table in the database. What could cause this not to happen?
Actually, in testing further I found that with the setting at Auto, Manual, or email, the record is not added to the table. And, if I am logged in as admin, the Add User button does not do anything.
I can however edit and delete user records...
Hmmm, adding a Category yields the same thing. And loggin in as a non-admin user still displays some of the menu items for admin, but then gives a page can not be found error if you click on one (ie, approve).
This looks like a db issue to me, I will have to try this with access and on a test server...
Any thoughts?
- Jason

its one or the other... you cant protect upload.asp at the same time if upload.asp is included in another page..

I mean sure you can protect upload.asp from running when another page calls it by password protecting the page calling it.

And sure you can protect upload.asp by itself if it also runs all by itself. But you can not include the "check_user_inc.asp" more than once in any order of execution scenario. That includes pages being included.

Generally anytime a page is included in another that included page is not meant to run by itself and wouldn't produce any outcome if run by itself so this would never be an issue.

if you don't want "upload.asp" to ever be run by itself in that scenario put it somewhere in your web site that is not web browser accessible.

I would also suggest you look into using Virtual includes. It will save you a lot of time figuring out this sort of thing "../../../../../" becuase once you figure out the virtual include path you can use the same server side include from any directory level.



, Got it.  Thanks Chris!


Thanks for the info.  We'll do as you suggest.



as far as permissions are concerned I wrote two large articles about permissions that cover everything in detail on how to properly set them


see the windows 2003 and windows xp permission threads

From things you are saying I assume this is your server. My comments about the path looking funny are because very few commercial hosts would use the "c:\inetpub\wwwroot\" directory. If you are using that and that is correct info then that is fine.

as for knowing whether or not the filesystem object is working the best thing to do is to try to write  a text file somewhere in your web and see if it works. Testing something under the most basic scenario is the key to troubleshooting asp issues.



(Indemnification Agreement Mod)

This very simple mod will add an Indemnification Agreement Pop-up to the registration signup form which must be agreed to before continuing. This is often done for legal reasons to help cover yourself if something should come up later on.


Download 2006-03-19_212700_Indemnification_Agreement_Mod.zip which contains "terms.js" and put it in your scripts folder. It contains the text that will be displayed in the pop-up. You can of course carefully edit it with a text editor to say whatever you like.

Now carefully edit "users/register.asp" with a text editor. Add this bit of code in blue right after the include to the "footer_inc.asp" file like so. It will be near the bottom of the page.

<!--#INCLUDE FILE="footer_inc.asp"-->

<% If ErrorMessage = "" Then %>
<script language="JavaScript" src="../scripts/terms.js">
<% End If %>

Your done, that's it. Now when "users/register.asp" is run for the 1st time the pop-up will come up.


Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.

Rhona (rookie)


New Version 8.1 Released

Whats new..

Upgrade Instructions...

Upgrade at your own risk. Though we try new versions are not always perfect due to minor bugs we may miss.

Back up your old setup so you can revert back if necessary..!!!
Save your data connection string info in a text file so you have it.
You can get that by viewing the system info page in the admin area.

Carefully copy all the ".asp" files from the new version to the old.
Your going to want all the .asp files in the aspbanner folder.
Your going to want all the .asp files in the aspbanner/scripts folder

Copy the aspbanner/images folder because there are some new images

Be sure to also copy the "data/config" folder files.folders as well as a lot of that is new including the actual config file. If you dont get the new config file copied in there you will have problems later on with some of the new features.

Be sure to create a new folder in the "data" folder called "tempstats"
Make sure it has proper permissions if you plan on using the delayed stats feature as the stats gets temporarily stored there. 

Go back to the area where you originally setup the data connection and do that again...

From the web browser run the following URL


Replace "yoursite" with the proper url info relevant to your web site location.

When run via the web server that page will ask for a password. By default it is "temp". You should change it later on for security reasons. That page tells you how.


Now... moving on..

There were no changes to the database except for SQL Server users so you can use your existing database.

SQL Server users that want to use the new stored procedures feature (it's optional) will need to update their SQL database with the stored procedures.

Scripts to do that are provided.

ALSO: I have been running this new version using SQL Server Stored Procedure mode for a 1 week on a special banner server that serves banners to many of my own sites. I have also been using the new Delayed Stats feature.

All I can say is it is running like a champ and the SQL server is using less memory than it ever did before.

cwilliams38291.7372800926, I have added two users in different group access but none of them can login to the pages ,

Hi Chris,

I have a small problem, I have installed asp photo gallery pro on a hosted site, and after eventually getting them to modify permissions on directories it is essentially working, except that it won't delete pictures from an album. If I delete an album the pictures are left in the pictures directory, but the album is no longer displayed. If I then make a new album it is labelled incrementally... ie I had one album "album_ID_1", deleted it created a new album it is labelled "album_ID_2". I would have thought that the new album would be called "album_ID_1" ie taking the place of the deleted one. It seems to me that the delete album function isn't fully working either. My hosting comppany swears that the permissions on the pictures directory are set to full access for everybody. What have I done wrong?

Thank you



I just did a quick google search... found a ton of info on how to find the setting. Here is one...

These are directions for IIS6 but the process is similar for IIS4-5

  1. Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. Double-click your computer name in the left pane, and then double-click Web Sites.
  3. Locate the Web site and directory that houses the ASP application.
  4. Right-click the application site or directory, and then click Properties.
  5. Select Home Directory, and then click Configuration.
  6. Click Options, and then click to select the Enable Parent Paths check box.
  7. Click OK two times.

I have a user who is trying to login. However, I am getting a error that I can't seem to find.
Username: executive.barcheski
Password: executive@amcpc.com

Encrypted Password: ?=`م

Error on check_user_inc.asp line 114

If (Request.Cookies("PASSWORDSYSTEMCOOKIE")("KEEPMESIGNEDIN") = "True") And (Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME") <> "") And KeepSignedInOption And Status <> "Checkem" Then
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME "), CookieEncryptionKey) & "') And (Password = '" & Replace(RC4(RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COO KIE_PASSWORD"), CookieEncryptionKey), PasswordEncryptionKey),"'","''") & "')"
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & Username & "') AND (Password = '" & Replace(RC4(Password, PasswordEncryptionKey),"'","''") & "')"
End If

CmdCheckUser.Open CheckUserSQL, ConnPasswords

error received: unclosed quote after '?=

Any ideas

Jason Johnson


Thanks for that.


I have tried InStr("*2*",>"0") in the query design window but it does not return any members.  


I have orded a Access Bible to help me in furture


This is amazing. You replied to question within minutes. Thanks for showing such a professionalism.


, you can edit the look of it but because it is licensed software the links to aspbanner and the aspbanner logo.. etc etc must remain  otherwise change it all you like.,

I wonder why the banners in ASPBanner 8.1 are moving from one place to another when opening my site www.helserevyen.no in a Mac Safari browser and click on refresh?

Can you take a look at my site and response?

, Come on the threats are not necessary- i got the point the first time you said it.. i thought i made a friend thru this and felt comfortable to say something like that... i am not a big online chatter just do the web stuff as a hobby... i am a network / computer hardware guy (yet i work for a mortgage co. go figure...),

This is a great article for newbies..

Hints & Tips when working with ASP

cwilliams38436.5949768519, I have been using the AspHttp Component method for displaying my ads along with the google adsense code.  However, in the last few days my site was taking too long to load, so I replaced the AspHttp component, with Javascript method.  The site was back to speed.  But now, the Google Adsense banners do not show up.  Is there a solution for that?  Can the Javascript show Adsense banners also?  Because they do show the Flash banners.,

I am getting closer.


This error actually does not have anything to do with the forgotten password feature or your database.


It has to do with the settings you chose for emailing.

it relates to aspmail and it not liking the remotehost you used, or something like that.... etc etc


Timecard Entry: 3/25/2006 1:37:52 PM

JPM, Channel 7, Time Warner , tech calls - moderate traffic, Travel to and meet in Watertown for weekly meeting, worked on some of the changes for the Excel upload portion of the NNYRHCA web site, for noting it's not yet complete (nnyrhca.org, programming, billable), Meet with Howard (re: Phone company), Marketing, working on new Linux development box for Jeff Wood so we can phase out Godizilla, printed, reviewed and mailed invoices; readied money for Clayton; answered phone, marketing meeting with Tom McCall, Printed timecards and put in spreadsheet, Checked online issues and radlog again. Filled out my timecard. It was very busy today but the calls were strange again. A lot of strange problems that aren't even Gisco's problems. , Very busy with calls. Had 2 calls from out of state. Emonitor did go red, I called Ben., Inventory, chr call, training in Wisconsin, Neighborhoodsupermarkets.com - Made requested changes to admin to allow manual sorting of category fields, added a field for extra text, changed text colors, etc., Updated info on my projects in the Work Request System, AT&T, Read in my ASP book some more about some database connections along with doing review, Working on fxing problems on a couple of servers up in vermont. Trying to get exchange working up in vermont. Supporting problems customers were having up in vermont., Reviewing VBITS Material & downloading code examples from VBITS Website., Setting up meeting with JCC for myselft and Ed (talking on phone with Sarah Baldwin), Gen marketing- read tariff, assembled DSL materials folllowed up on Emails regarding DSL, Gave my computer up to Joanna since there weren't any calls coming in. I then finished looking over the resume's and helped other employees stay on task. , 60 miles to syracuse to look at locations, go over chanes with dave and tom for allied chemical mail out letters for hostig and new leads check emial.voice mail Mike lynch- send oput info- go over hosting packages, Talking w/ Randall of Nexcom regarding our pricing on long distance., SCU payment, Read/answered mail from Terri's PC., an hour late, due to rad and weather conditions in the areas I had to cover during the day, phones were steady, barely got into on line and rad log or dial up issues,

   Active Server Pages Rule The World
Contact Us  
All artwork, design & content contained in this site are Copyright 1998 - 2019 PowerASP.com and Christopher J. Williams
Banner ads ,other site logos, etc are copyright of their respective companies.
STATS Unless otherwise noted - All Rights Reserved.

vbscript active server pages ASP vbscript SQL database informix oracle SQL Server Perl CGI Delphi PHP source code code sample samples program CJWSoft ASPProtect ASPBanner ASPClassifieds www.aspclassifieds.com, www.powerasp.com,www.cjwsoft.com,www.aspphotogallery.com,www.codewanker.com,www.aspprotect.com,www.aspbanner.com