Blog Entry: 3/25/2006 2:25:02 PM
Sorry, I forgot about that when I got hung up on the install problem.
I'll tackle your explanation now to see if I can get it working. Since I already bought the software I'll keep my fingers crossed.
((TITLE EDITED BY ADMIN))
it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.
Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...
I have one file called asplistings.sql but I have license for ASPListings_auto and ASPListings_real_estate. I really want to use the SQL server for both. Please advise how?
Thank you., Chris,
Well some good news! This from my hosting company this morning...
I'd say that the vendor is right so I've submitted a work order to"
create the *****.com/aspnetprotect directory as an application.
If there are any other directories for which this needs to be done,
please let us know. This particular task always needs to be performed
by our staff.
If you need to follow up on this job with one of our on-line or phone
technicians, you can reference ticket id 11860.
Thanks for your help thus far
I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then
SearchFlag = True
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then
<!--#include virtual="/Auth/check_user_Code.asp" -->
My Protected stuff here
For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.
I just added couple of lines and it works fine
If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then ,
' Session("PasswordAccess") = "Yes"
SearchFlag = true
any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links
example (for anyone that comes across this thread)
is going to have a different set of application and session variables then
http://examplesite.com/somepage.asp, Thanks, I know, I have it all figured out and have thought about it before. Just no time yet to do it. It will probably be an add-on/mod when I get time. , Will do!
even though they are basically the same page
I dont know about your error on line 6 when uploading..
as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.
I really need more information and possibly acess to the system to do some troubleshooting...,
This is anot a feature anyone has ever had an issue like this with.
I appreciate the offer to beta test... but its really more a matter of me getting it ready..cwilliams38295.6248032407,
I have a lot done.. but a lot of things are hard coded to only work on my machine and some things have not been sorted out. Giving it to someone else to test would be a waste of time at this point as I they probably couldnít even run it.
Lately the reason this project has fallen behind has all to do with my main webserver where I collocate.
1st it got compromised (we think by certain competitors who are always up to no good)... then windows 2003 server which I decided to go with on the new server gave me random problems... then the Cisco hardware firewall was acting up and making the sites run slow....then SQL server attacks on port 1433 from Korea when I took the firewall down....and as of the last few days I think the server just needs a new power supply. I swear for the last 2 months I have spent more time administrating my servers than working on code. Yesterday it was locking up every 30 minutes. There have been a lot of days like that and it takes up all my time until I get it situated. Especially since its over 100 miles to the collocation center. The APC unit I installed that allows me to remotely cut the power to hard reboot is a life saver.
Fun... I tell ya... and expensive.. (hardware, software, lost sales, and time) I am pretty much completely broke at the moment. It has been a very expensive few months.
But I like running my own servers... I run dns servers, email servers, sql servers, web servers.. I do it all. It's keeps me in touch with the latest software/hardware. Regardless , my servers ran well for years and they will again.
anyway.. hopefully I can actually get a new version of the photo gallery out before the month is over. It will probably be the last classic asp version. The version after that will most likely be ASP.net.
Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software.,
I'll try to help when I get back tues night,, see the contact page for info on where I am .,
Umm, if your using MSACCESS your using MSACCESS
SQL server has nothing to do with it., Hi,
I really look forward to installing V7...
I would like to test V7 by copying my existing V6 to a NEW directory,
including the database with new connection, and using this duplicate to
do an upgrade for TESTING PURPOSES ONLY before commiting to upgrading
the main system.
Should this cause any problem?
, It runs on either... I used IIS
I dont remember much about installing it except it went pretty smoothly / no issues, YAY FOR ASPPROTECT 7!!!
Now I need to know... how can I automate PayPal subscriptions and purchases? I'd like it so that once PayPal gets its money, my accounts get marked active.
Now, the documentation on this site currently says, to point the IPN post action to a null page. Yet, I see an IPN.asp in my files for PayPal subs and PayPal purchases... Looking over the code there, I see actions to make accounts active and stuff like that. Is the page ready for prime time, or should I hold off for a new version?
I have activated both activity and log files. The directories exist on my server and don't give any errors.
When I check the activity tab, some times there are a number of items in it. Other times, there is only my login info. From what I can see, it is supposed to show the last 50 items of activity at all times. Am I missing something?
Also, when I click on the log file tab, there is no file or information to see. Is there something I need to do beyond activating it in the settings area and making sure the directory has write permissions?
How busy your site is actually won't be the only factor. Really the application should not restart unless something happens. If the IIS application is reseting alot it could very well be the ISP restarting the server or doing IISRESETS as well or other sites on the server causing the application pools to restart.. etc etc etc Quality ASP hosting is important. Regardless your hosting company most likely will not admit to anything be out of the ordinary.
As far as that directory deleting itself on you.. I doubt they will have an answer for that one. All I can tell for sure is I didn't put any code to delete it in there.
Using just ASP (Form Based Authentication) you can only protect the actual content of the ".asp" files.
You can however use some ASP tricks to stream other types of files to the users.
That way the actual file locations are never known and they can only get them/see these files when they are logged in as you would be streaming files to them after they logged in.
Below are informative links I have collected on the subject in an email I sent to another customer a while back.
Using Active Server Pages you can only protect ".asp" pages.
You can however password protect ".asp" pages that stream files to the user using code like in these examples therefore keeping the actual file name a secret.
And from another email I sent...
ASPProtect only protects the content of ".asp" pages. Directory protection is not possible using just ASP.
Other file extensions can not be protected using just ASP.
There are ways to get around this.
You'd want to do a technique like this to stream non ".asp" files to the users.
The safileup component from softartisans can actually do something similar as far as streaming the files go.
Then use something like ASPProtect to protect the ASP files that streams the files.
The actual location of the files is never known to the users and of they don't have access to the asp pages they can not see or get those other types of files.
Very doable, but nothing ASPProtect takes care of automatically.
This info above should get ya on track.
I purchased 6.0 in Feb 05. Is there an upgrade price to 7.0
I spent considerable time setting up 6.0 to work with my web site. From what I read in the forum, it sounds like I have to start over again to integrate the new version into our web site. I do not relish the thought of that, but I have to move to an email system with a valid MX record.
Will I be starting over from scratch with this upgrade?
I had a question about user registration and how it works, mainly because I am having a problem.
When a user registers, with the email verification setting, I am assuming that there is supposed to be a new record created in the USERS table in the database. What could cause this not to happen?
Actually, in testing further I found that with the setting at Auto, Manual, or email, the record is not added to the table. And, if I am logged in as admin, the Add User button does not do anything.
I can however edit and delete user records...
Hmmm, adding a Category yields the same thing. And loggin in as a non-admin user still displays some of the menu items for admin, but then gives a page can not be found error if you click on one (ie, approve).
This looks like a db issue to me, I will have to try this with access and on a test server...
Hi,, Hi Chris,
The source code comes with it.
They are the.vb files.
I don't give out any project files for reasons stated in the article below.
Please read this in full if you want to edit the application in Visual Studio.NET
I've got a page with a form that includes an input field with
'type="file"' for uploading an image. The page posts back to
itself to save the info to the database and run the code necessary to
upload and resize the image.
I need to limit this page to a group. So like usual, at the top of the page I put:
<% GROUPACCESS = "1" %>
This gives me the error: "Cannot call BinaryRead after using Request.Form collection"
I have used ASPUpload and SA-FileUP before and know that this is caused
by the components having their own .form collection. This script
is using "Pure ASP File Upload" from DMXZone for the upload which I'm
not familiar with.
So...my question is, do you know a way around the BinaryRead problem wtih ASPProtect?
P.S. PLEASE don't send me to DMXZone for help....they've got notoriously bad support!
, Well you can put a link on all your pages that links to the login page?
modify the code in the login page so the return page is members.aspx or
whatever you need and thats it?
I dont see your point? probably because I understand how the program works and your not 100% up to speed on how it works.
We have a site that currently runs ASPProtect and would like to install a second instance of it. The reason is that the current one is set up to manually authorize new users (it is for applying discounts to the Trade), but we want a second instance that will allow new users to register freely (this is for personalization).
Has anyone set up such a goofy scenario themselves? Is this even possible?
Thank you!, [QUOTE=cwilliams]
Every application we sell that has a password on the database uses "temp"
Also, the password is in the connection string in the dataconn_inc.asp file.
After all, the ASP code needs to know the password just like anyone that wants to open the database would.
That i have, my question revolves around the all the users and passwords that I in that database. I need to be able to export that list to word for a mail merge list, but when I do the passwords show up encrypted. I need to be able to get an unencypted list.
thanks, that variable comes from the settings acreen in the admin area. If you do not have it set properly things like what you are describing will happen.,
It's not normal at all. My guess you accidently edited the code in a bad way.
(thats the same code the every guestbook in every application I sell uses including ASPGuest which gets downloaded for free about 50 times a day)cwilliams38454.954212963,
No one has ever said it acted funny.
I would do a default installation with the original code somewhere and see if the problem occurs. If it does I can take a look.
In the meantime I wouldn't be running that as it is probably using up massive processor time because of whatever is wrong with it.
Wondering what might be causing a long delay to display the login screen? This does seem to be intermittent. Could be server/ISP related? Have experienced enough times to justify posting this question.
I can count up to 20 seconds after clicking on the link. After login all other selections zip right along without problem.
Thanks, Lancelancem38319.6117939815, One problem that is appearing is that in the admin section, in the users.aspx page, only one user is showing up when there are in fact 9 users. Also, when I click the edit user or email icon, the page does not go to the edit screen, it remains on the same page.
Also, Iíve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile. It could be due to the fact that the rest of the project is in C#. Or it could be due to some other factor in ASP Protect.
Version 8.1 has code generators for these new methods built in...,
If you can would you do it for a price as a mod or will this be added to the new version.,
I wonder if this could this be a FrontPage problem. I deleted the skins folder and re-ftp'd the original one that only contains default and Solid Black. I logged in and tried to change it back to default but it won't. I'm going to try making this folder a Frontpage subweb to see if that makes a difference.
You might just learn something and actually get your project finished before 2010
your over there hacking away on your virus infested WaReZ machine
LOL thanks for the good laugh-- i guess its time to do some reading and making my own mods to the program..
btw i never insulted cafrepress.. not sure where you got that from- just advised that what they have is exactly what i want to have done. How much for your service?,
Hi, I am glad you like the system.
Thx for the comments..
The banner logic in aspbanner it tweaked for speed and performance.. that sort of thing really wouldn't fit into the current code structure very well. It would slow things down and be a nightmare to code because of the way aspbanner uses ultra fast application variables for the banner rotation. Basically its a feature I didnt incorporate for performance and pricing reasons.
I would suggest making different zones for different conditions.. then surrounding the banner calling code with if else logic so a different baner zone was called under certain conditions.
That way performance would not be effected and you could actually show a different group of banners based on certain conditions.
Sorry, but that is the best advice I can offer at this time.
I built ASPBanner for performance and at this time I refuse to sacrifice that for any feature that will slow it down and consume more resources.cwilliams38383.5395601852,
OK.. I went with using ASPEMAIL. The above did not seem to work. No worries though, where there is a will (with options) there is a way. cwilliams38394.7265162037,
I haven't moved (or messed with) any critical files within the directory at all, just placed them as a job lot into a subdirectory call aspprotect.
All I did was put all the files directly into a directory rather than into the root because some of the subdirectories had the same name as some already in use and would therefore have been overwritten.
I'll go back and have another look in the cold light of day (its too late tonight UK time).
Right, I've done that. My concern is that it will time out again while I'm trying to import the file.
The import/export manager does not show up under the users tab when I log in normally. I have to pull up the page in frontpage and then preview it a browser to get it to show.,
this could go on forever...
if you want PM "private message" me info to log into your site.. show me the pages we are dealing with...
and I will take a look at it all...
Thought this would be easy. A few more pointers should get the database connection to work:
1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so?
2)We have other files in there for other server applications, does that mean weíre stuck using DSNís or is the file independent of that control dialog?
3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?
What else are we missing?,
Timecard Entry: 3/25/2006 2:25:02 PM
work on jcc presentation, email, shampine problem, Holstein World Completed Proposal, answered phones, not busy chris showed me a few websites that would be helpful., Lunch, to Clayton, yep, more NOC duty, Very slow, did some cleaning and monitored Rad, Dial up, Voice Message. Did some internet exploring on win 98/2000 tips and tricks for DUN, Modems and anything else to do with internet applications., travel to dutches co for presentation, helped switch computers and trained with Michele, Voice mail, Rad Log, Cleaned hallway and kitchen., Vermont Internet site design-Photoshop, emails and voicemail, mileage check for Lisa so Fred could take to Watertown for her, meet with jnc, The Border Logo, Lunch, email, voicemail, trouble reports, Warren DB Conv., TICC payroll & tax deposit, TRAVEL BACK TO WATERTOWN TOTAL MILES 524 MILES TRAVELED TODAY, rearranging GiSCO homepage, training w/ Terri, Work on NYAB diagram. Also work database, organized order status re: Cortel, *TaskForce - WAP Phone Programming, manual, w/ Jim re: DSL... steps we need to take to finish up project., upload files to gisco.net/Jeffcofair, CERTOWERS.COM CONTINUE FINISHING DEVELOPMENT, Reinstall Adobe GoLive, *ThirdMind: BHCP Premier Access - Database changes, 50 miles to ogdensburg to pickup a router,