Blog Entry: 3/25/2006 2:58:40 PM
This is what "John Evans" of CJWSoft has to say on the matter...
"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.
I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.
Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig.
Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."
cwilliams38447.0602083333, Hello dear Chris
I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user.
I noticed that the values in the fields "Login_limit" and "Active" in
the ASPP_Users table in the SQL changed to NULL and 0 when login and
remained in those values after close the browser.
If manually I change the values it is ok but the problem repeated.
Thank you in advance.
,
new version is still not finshed as of the end of the year... I am not going to release it until I feel it is ready., FYI. There is a typo in the upgrade (6.0 to 7.0) instructions. It specifies adding a field named "passwords". Should be "password"., How do I change the character length for the description field?
, Okay, I deleted out the aspprotect folder and started over. I also took out the dsn connection to the ecommerce database and deleted out the subweb that had it, I decided to use another provided where the database is resident on thier servers not mine.
I broke my txt file into groups and it's loading sort of. The first 1000 users uploaded fine...the second said it timed out, but when I looked at the access database it showed 2000 people. The login still times out and every page seems to load incredibly slow still.
, thats intertesting.. I have never heard of the concept until now..
I did a search for ASP examples or ASP components that can help with the process and just couldn't find anything about it., It's real easy actually if ya sniff around the source code.
ASP is so easy to (work with/edit) even if you dont know any code.
edit "save.asp" with a text editor
change
If Request("First_Name") = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a First Name.\n\n")
End If
to
If Request("Company_Name") = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a Company Name.\n\n")
End If
From looking at that save code I dont see where Last_Name was required. The only name I saw required was a 1st name.
Also.. making the First_Name not required may break something somwhere else. I dont think it will but it might. You are warned.
cwilliams38326.5102662037, I think I've found the problem..
The password "abcdefgh" works
The password "abcdefghi" does not
(username "ace45")
Passwords can obviously only contain up to and including 8 characters... By some coincidence I only used short passwords with MS Access.
, I dont what it is..u got to just keep trying stuff like connecting to different versions of the database and maybe even the version with no password set on it.. maybe do some iisresets in between if it is your server.. maybe try putting the database in a different folder
Usually people have zero trouble setting up this particular app because everything is so time tested and rock solid...
its just got to be something related to the actual data connection.. low level stuff , Thankyou, that was very helpful, It a generic error that means something is wrong with your data connection.
http://support.cjwsoft.com/code/moreinfo27-1.htm
http://support.cjwsoft.com/code/moreinfo136-1.htm
, Our login works great, variables even help determine menu options. When user logs on, however, it opens in a new page. Is there a setting somewhere that sets whether you can open in a new or existing page?
Also, when you log off
, I am also getting the "Unspecified Error" message. I just transferred my site to IIS 5.0 and I get that error now. However it does not happen everytime. I can click on a page and it opens fine and then I hit refresh in the browser and I get the "Unspecified Error" message. What could be causing this?
, Makes sense to me. I used the ASPProtect_access2002.mdb supplied.
(I am using 2003). Only added more names and other personal info
to it for test. Uploaded the amended db with FTP. This did not
restrict someone not listed in db from logging in.
Would each individuals' information need to be added to the code in
order to have it check the database first to find out if the person is
authorized to view?
Part of the problem is I dont know which ASP page or script links the
db to the rest of the web, or how one page relates or links to the
other.
Sometimes I wonder if problems I encounter originate with the server.
Thanks for patience.
, I am having an issue with the Thumbnailing process. My host does not support ASPImage so I have to use something called asp thumbnailer which is similar to ASPImage. I am trying to modify the Dundas upload to automatically reduce the images to create thumbnails. I ripped out the asp image code and replaced with the bottom. The main issue I believe is grabbing the image files. I am not sure how to name the actual image file that is already uploaded by the dundas upload. the code is below:
The peices in red are where the issue is I believe. What you see below is my attempt to identify the exact image and then rename it tthumbnail. My optimal solution would be to take the picture, resize it and rename it exactly what it was named before.
Any ideas
Thanks
<% Else %>
<%
Dim thumbObj
Set thumbObj = Server.CreateObject("ASPThumbnailer2.Thumbnail")
If thumbObj.LoadFromWeb("../pictures/" & Filename) Then
thumbObj.ThumbMaxDimension = 140
If thumbObj.CreateThumbnailToWeb("../pictures/Thumbnail.jpg") Then
Response.Write("Thumbnail successfully created.")
Else
Response.Write("There was an error creating the thumbnail.")
End If
Else
Response.Write("<p><hr><b>Unable to load the original image.</b><hr>")
End If
Set ConnClassified = Server.CreateObject("ADODB.Connection")
ConnClassified.Open ConnectionString
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdSetImageInfo = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "UPDATE Ads SET Image" & PicNumber & "_Uploaded = 1, Image" & PicNumber & "_FileExtension = '" & FileExtension & "' WHERE (Ad_ID = " & Ad_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnClassified
CmdSetImageInfo.Open cmdTemp, , 1, 3
%>
, I am sending you a PM with the new download url
see instructions above for what to do with it, Access Database Password
By default all of the Access Databases we give out have a default password of "temp"
The Default username that and Access database uses is "Admin" but you should not be concerned with that except in your connection strings.
The default password for the Access Database can only be changed using Microsoft Access to do so. If you have security concerns it would make sense to change the password. The help system built into Microsoft Access best explains how to do that.
cwilliams38403.6820833333, Great Thank you!
As of thus far the program is working rather nicely.
I am very impressed :)
, ASPProtect Version 7
Expiry Notices go out to members who have recently renewed by subscription.
When an existing member from ASPProtect Version 6, with an expiry date, renews with SUBSCRIPTION in v7, the previous expiry date remains unchanged.
We assume the expiry date remains blank with NEW Subscriptions and that Paypal takes care of notifications.
But our notifications to the "about to expire" dating from v6 catches the "Renewed by subscrtiption" as well, as the date has nor been changed or removed, and this REALLY confuses our members.
Can this be resolved?
, I have no idea.. perhaps PM me info on how to log into your site and reproduce the issue., Please be more specific. What hit count are we talking about ?
User Logging ? Albums ? Something else ?
Please descriube the situation in detail. There are really no settings for any sort of hit count.
, MySQL Database Setup
Use of MySQL is 100% unsupported as you can see from the site.
http://www.aspbanner.com/mysql.htm
Even still I recently had an encouter with an extremely Jerky person (read the thread above for more on that) and because of him I am adding this tutorial showing one way to set things up on a windows server using the official MySQL tools available.
Let me just say as well that there are 100's of 3rd party tools to work with MySQL databases and many ways to create the database and apply the database creation script. In the past it had to be done via the command line, but now there are a lot of visual tools you can do it with. Furthermore all hosting companies set MySQL up differently and give you access to varius interfaces to manage it which are all different, and that is primarily why I do not support it. How the hell could I support all those different interfaces many of which are totally custom?
The fact is 99% of the people that purchased ASPBanner to use with MySQL have done so without issue and love how it runs. Regardless here is how I set up a working MySQL database on a windows server proving it does indeed run with a MySQL database.
1st of all if you are setting up the server you need to download some things from http://www.mysql.com/
(btw: you local developers can install this on XP Pro as well if you like.)
For this article we are going to download the current non beta windows version of MySQL which is 5.0. ALso known as the Windows Essentials (x86) download. It's about 17 meg.
Because ASPBanner uses the MyODBC drivers (now called Connector/ODBC) to connect to the MySQL database you need to download those as well. (Our site flat out says this is required for MySQL use)
So I download those from here. http://dev.mysql.com/downloads/connector/odbc/3.51.html
Version 3.51 has been the current version for a couple years now.
You want the windows driver install which is about 2 meg.
The two downloads should look like this.
Now, on the webserver you run the version 5 setup (mysql-essential-5.0.19-win32.msi) I will guide you through it step by setp.
Hit Next
I am going to choose typical for the sake of this article.
Hit Next
Hit Next
Wait for a bit
I skipped this part.
Choose to configure the MySQL Now
Hit Finish
Hit Next
I am going to choose Detailed Configuration
Since I am on a development machine for this install I am going to choose Developer Machine. For a Real Server choose one of the server options.
For this article I am going to choose Multifunctional Database: You may want to pick one of the other options. That is up to you. ASPBanner will work under any of the scenarios.
I am going to leave the location at its default
Hit Next
Since this is a development machine these options are fine.
Hit Next
These options are fine as well.
Hit Next
Standard is fine for my development machine.
Hit Next
I am going to choose both of these options. The 1st one is Important and should be enabled on a real server so MySQL always runs. The 2nd is not so important.
Hit Next
Set the "root" password and do not forget it. You will need it to manage your MySQL server. I do not advise creating an anonymous account unless it is a development server and you just do not care. Whether you enable root access from remote machines or not is up to you so do some research on that. For this articles needs I am not choosing it.
Hit Next
Hit Execute and wait
If all goes well you will see this. (I actually got an error message about not being able to connect... I went to to Administrative tools/services and restarted the MySQL service and hit retry which cured that... it probably only did this to me since I have installed this before.. new installs probably will not have any trouble)
Hit Finish
Your done.. You just installed the MySQL Server (TIP: its usally a good idea to reboot and make sure the MySQL servce is running by default)
Now, moving on..
Lets install the MyODBC drivers.. (now called Connector/ODBC)
This one is a bit of a no-brainer so I am not going to go into detail.
Just run (mysql-connector-odbc-3.51.12-win32.msi) and run through all the defaults until it is done.. Choose typical when that comes up.
Your done setting up MyODBC on the server. If its not your server I guess you don't need to worry about installing all of this as its your hosts job to do that.
, Is there anyway to limit the number of Albums each user can make?
, Thank you so much that works great.
I will test with the other settings on the email server again thanks for the advice,
best regards
, This is amazing. You replied to question within minutes. Thanks for showing such a professionalism.
, that is because passwords in the import/export files are encrypted.. if you make one of your own you need to use the rc4 function in the "config_inc.asp" to encrpyt your passwords just like the aspprotect system does (requires knowledge of vbscript and integration into your export system)
now, there is a way around this
if you want to import a file you made with clear text passwords edit "import.asp" beforehand and change
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = UserArray2(5)
to
If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = RC4(UserArray2(5), PasswordEncryptionKey)
that way it should convert your clear text passwords to encrypted while it does the import
this post also addresses this but in the reverse scenario
http://support.cjwsoft.com/code/code_info.asp?TID=261&PN =1&TPN=1
I hope this helps you because I really do have to leave the office like right now. Very late for a dinner meeting.
I should be back on the computer later tonight or tommoro morning
, sorry, I am guilty of being very tired and didnt read your message fully.
I know this forum area is called "database connection issues" but it is only meant for generic issues.
Issues specific to a particular application need to go in that applications area in the forum. It keeps the forums more organized and helps other people fnd help later on.
So please post in the correct area.
I will answer this question soon. I have to do something 1st though.
, no, there is not not.
If you wanted to to that you would have to add some code to check their album count in the database and not allow them to make a new album if they were at the limit.
cwilliams38433.0233680556, A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.
Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.
Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them
In addition to the settings above each table has one field that is a primary key with an auto increment of one
In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.
The SQL column settings for each one of the primary key fields must be set as follows
In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.
cwilliams38325.7405092593, Ohhh...
I was thinking it worked like this; A user goes to that page and logs in.. and from there they can then browse the site and do what they want..
So in order for it to work i need to edit a page say... members.aspx (i assume it needs to be an asp.net page) and in the header put that protect code and when a user accesses it, it will prompt them for their un and pw and then if correct will allow them to view the page... and likewise if they are still logged in will be able to use the page?
If that is how to works as i mentioned above thats great...
I understand the redirect principle...but say i have a log in box on the main page... you know like most pages have a user log in on the left hand side... i wanted to do that. But i cant obviously protect the main home page or else normal users will not be able to view it without logging in or registering
, that's they way it should be done..
the only other thing would have been to test everything with sql before trying to import any data.. and make sure all was fine at that stage
more info on the errors would be helpful.
Id' also carefully visually compare the SQL tables and fields with the SQL scripts and make sure all field types and settings got set correctly.
Also, make sure the user accessign the database has datareader and datawriter permissions of course.
, ASPProtect protects ".asp" pages only.
That is your problem.
, Even if I try to upload the test file that was included with the system I still get the same error.
My host is using Windows 2003 Server.
Will send you a private email to see if the issues can be sorted out.
Thanks
, The random password is generated during signup and the function that creates it is located on this page of code.
users/register.asp
it looks like this
Function RndStr(Length, UseChrs)
If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
NewStr = ""
Randomize(CByte(Left(Right(Time(),5),2)))
For gpIndex = 1 To Length
NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
Next
RndStr = NewStr
End Function
For example go to this page and hit refresh and watch the password change.
http://www.aspprotect.com/demo2/users/register.asp
Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.
Anyway... when signing up the new user of course has the option to change that password to something they would like better...
As far as... "selecting the same user name and password every time"
I need more information. That does not make sense for a lot of reasons.
Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.
So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.
Now of course if you edited the code in any way it is possible all this is not working correctly ?
cwilliams38164.8059143519, The "forgot your password" feature is not sending passwords to users when they put in their emails.
Any suggestions?
Thanks
, Protecting ASP Pages
To protect a page without using the Access_Level or Groups feature simply add this code to the top of that page.
Put this under the <%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.
The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp
Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in.
An example of doing this is provided in the "default.asp" file included in the root of the Password System.
Look at the source code with a text editor to see the working code. It is quite simple.
Protecting ASP Pages Using Access Levels
To protect a page using the Access Level feature simply add this code to the top of that page.
You simply specify the Access Level before the include file is called. In this example we are protecting the page with Access Level 4.
Put this under the <%@ LANGUAGE="VBSCRIPT" %>
<% CHECKFOR = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.
The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp
Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in as a Level 4 user.
Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System.
Look at the source code of the ASP pages in that folder with a text editor to see the working code. Again, It is quite simple to follow.
Protecting ASP Pages Using Groups
Please see the code generators in the admin are for the code to do that.
