| Blog News Main Page |
NEWS FROM 2006-03-25
Blog Entry: 3/25/2006 4:35:02 PM
I will actually explain how to set access_levels and/or groups...
carefully edit with a text editor
find this part
CmdAddUser.Fields("Access_Level") = "4"
that is where the acess level gets set...
you can change the level or remove that line all together if you dont want one set
now for groups you would add this line in the same area
CmdAddUser.Fields("Groups") = "*3*"
CmdAddUser.Fields("Groups") = "*1*,*2*,*3*",
Groups access for a user is stored in one field in the database like you see above. If you are confused what you should be saving in that field I suggest simply setting a user to whatever groups you want via the admin area and then looking in the database to see what got saved in that field. It's pretty simple really how they are stored.
that user would be a member of groups 1,5, and 9
I just upgraded from 6.0 to 7.0 primarily because we were limited in the choices of email systems we could use to send an email validation message.
Previously, with 6.0, we were using CDONTS to send an email validation message to new registrants. Unfortunately, AOL email addressee's were not receiving the vaildation email from us. I received a reply to another post I made on this forum that the problem was due to the fact that aCDONTS generated email has no MX record and AOL blocks non-MX record containing emails.
Well, I upgraded to 7.0, switched to CDOSYS (Using SMTP Virtual Server) with SMTP Authentication and it appears that AOL is still blocking the validation email.
Any suggestions, comments?
Now,, for actually getting description code. The thing to do is check out how that all works in the pic_window.asp file which is what style 2 two uses. Bascially descriptions for an particular album get stored in one text file. We read that test file. Put the lines into an array. Then display the info which gets run through a functions to convert some special characters used when saving back to normal.
I tried to look at your site but it woulnt load for some reason.
Seems like its working just got to test it bit to see, though it wasnt going to work as I had one too many End If's after the last part of the code you done for me. But even I eventually sussed it, nothing to do with your bit just another mistake on my part
Great to get support like this especially on a Saturday
Yep, thats my thinking as well.
On the test server I have the site connected to a SQL 2000 db with the sa account, so it should have full control. But still no luck.
However, on the test server, I connected to the Access 2002 db and it works fine..adding user, adding categories, adding albums.
(Capcha Security Image Mod)
This mod will add a Capcha Security Image to the registration signup form.
Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/
Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.
Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
<td valign="top" align="right"><font face="Arial" size="2"><strong>
Newsletter</strong></font></td> ; ; ; ; ; ; ;
<input type="checkbox" name="Newsletter" value="True" checked>
<font face="Arial" size="1">Do you want to be subscribed to the
<td valign="top" align="right"></td>
<td valign="top"> <img src="aspcaptcha.asp" alt="" width="86" height="21" />
<font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
<input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
<td colspan="2" bgcolor="#FFFFFF">
<p align="center"><input type="submit" value="Register"></p>
ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.
If User_Custom6_Used = True Then
If User_Custom6_Required = True Then
If Custom6 = "" Then
ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
If ErrorMessage <> "" Then
Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.
I am investigating the possibility of purchasing above script having spent some hours trying to integrate various free banner rotators into my Invision portal.
What attracts me to your script is that it has 6 ways to call banners. I am an inexperienced webmaster with only a smatterring of knowledge about ASP. Will ASP Banner be able to integrate with my portal?
David van der Want,
Version 8.1 can work with MySQL
It is just not supported at all.
The standard version can not work with MySQL.,
There were a lot of changes to make the new version work with it and I really only did ift because I have a couple friends with busy sites that could only use MySQL.
It sounds like your site is way too busy for using an access database as you mentioned.
I am having an issue with the Thumbnailing process. My host does not support ASPImage so I have to use something called asp thumbnailer which is similar to ASPImage. I am trying to modify the Dundas upload to automatically reduce the images to create thumbnails. I ripped out the asp image code and replaced with the bottom. The main issue I believe is grabbing the image files. I am not sure how to name the actual image file that is already uploaded by the dundas upload. the code is below:
The peices in red are where the issue is I believe. What you see below is my attempt to identify the exact image and then rename it tthumbnail. My optimal solution would be to take the picture, resize it and rename it exactly what it was named before.
<% Else %>
Set thumbObj = Server.CreateObject("ASPThumbnailer2.Thumbnail")
If thumbObj.LoadFromWeb("../pictures/" & Filename) Then
thumbObj.ThumbMaxDimension = 140
If thumbObj.CreateThumbnailToWeb("../pictures/Thumbnail.jpg") Then
Response.Write("Thumbnail successfully created.")
Response.Write("There was an error creating the thumbnail.")
Response.Write("<p><hr><b>Unable to load the original image.</b><hr>")
Set ConnClassified = Server.CreateObject("ADODB.Connection")
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdSetImageInfo = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "UPDATE Ads SET Image" & PicNumber & "_Uploaded = 1, Image" & PicNumber & "_FileExtension = '" & FileExtension & "' WHERE (Ad_ID = " & Ad_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnClassified
CmdSetImageInfo.Open cmdTemp, , 1, 3
Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?
My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that?,
this issue has been resolved.. see following thread
, CDOSYS is the way to go usually...
My article may shed some light on the different ways to send email using CDOSYS
As for eliminating the registration its pretty much like what you said.. manually remove the links and what not... etc etc and dont send users to the registration pages..
If you dont want people to be able to edit their info ever... or retrieve lost passwords.. you can delete the users folder completely..
though it's probably better to leave some of that stuff and just disable the registration links and page...
The paypal and 2checkout folders can be wiped out completley either way as you won't be using them at all. , This is the error that I am getting when I try to add a banner...
[code]Microsoft OLE DB Provider for SQL Server error '80040e09'
EXECUTE permission denied on object 'sp_ASPBanner_GetZones', database
'aspbanner', owner 'dbo'.
/aspbanner/appinfo_inc.asp, line 67[/code]
also, when i go to the banners tab i see this in the banner list...
[code](3 Banners Found)
Microsoft OLE DB Provider for SQL Server error '80040e14'
Line 1: Incorrect syntax near '='.
/aspbanner/banners.asp, line 306[/code]
ok, I am home.. missed flight.. just got home an hour ago.
lets see.. I really need more info... ,
For starters are you using the delayed stats feature ? that is expirmental and could cause that problem
yes. what you are talking about has to do with norton ad blocking software.. it blocks images or paths that have the word "ad" in them.. and you see red x's where images should be on web sites.. usually
it is different then what this thread initially mentions which has to do with a code/server issue with the application variables., Has this been resolved ?, ok, now were getting somewhere
I didn't know you imported from another system,
chances are you are missing field information that an ASPProtect user requires.
Start off from scratch with a new aspprotect database... create a new user and look at the info that gets entered by default for every field in the database
make sure when you import a user that you mimic it all
dont import directly using access because the passwords will not get converted to encrypted versions of themselves correctly.. and the whole process will be usesless as no passwords will be correct
Use the import feature built into ASPProtect.. because it is smart enough to take the clear text passwords and encrypt them accordingly
if you want to know a correctly formatted import file needs to look like make one and check it out
do one user at a time and make sure you can log in to an example protected page till you get it right...
once you get that working do them all
Thats really the best advice I can give you. ,
Sorry, but the way the system works you can not call an individual banner like that. It just not something the system was meant to do.,
If you wanted a specific banner to show up at all times you would have to make an individual banner and a zone just for that.
After looking at your site since you have so many banners there I dont know if that is the greatest option for you. It would also put a lot of stress of the Version 7 software because it is not really meant to call so many banners zones at one time on one page.
If you could live with tracking clicks on the home page but not displays I would suggest making banners for the home page in one zone. Then hard coding the banner images into your homepage like you already do but linking to the tracking part of aspbanner instead of where they would usually link to. That way you could at least track clicks and there owuld be no performance issues.
for example.. one of the images might link to
which would track clicks for you.. and then send then wherever they are supposed to go
I am converting the email over from CDONTS to CDO so it will run on my host 2003 server.
What files should I be concerned with? Under gallery_admin there is an email_user.asp and under the main gallery folder thier is an email friend. Is there an other email routines I should be concerned with?
Thank You for your Assistance.
I have an asp page that includes other asp pages via an include. for example:
snippet code: file name: collaboration.asp
<table bgcolor="#bed1e4" border="0" cellspacing="0" cellpadding="10" marginwidth="0" marginheight="0" leftmargin="0" topmargin="0">
<!--#include file="../../../filetransfer/directory_listing2.asp" -->
<!--#include file="../../../filetransfer/upload.asp" -->
I can add the code below to collaboration.asp and it seems to work,but I cant seem to figure out how to protect the other files such as upload.asp at the same time. -- can you help? - Note: as soon as I add the code below (and adjust the path) - I cant bring up the page.
This is the protection code I am using.
ok, I moved this thread..
The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.,
The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)
That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing.
Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.
Use the export fire creator in the admin area of aspprotect.
Password = CmdDataExport("Password")
Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)
Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.
Just wanted to let you know that after modifying the remote host string in the email pages and getting the correct connection from my server, everything is running fine.
I hope you enjoyed your vacation.
I am trying to set up ASP protect 6 and have a problem that when a new user registers their email is not transferred to the database.
I can see the rest of their entries both in the database and in the admin/edit form but not the email.
ok... lets forget about all this redirecting business for a minute
when I go to "GP01.asp" directly via your web site I get a big nasty error that says this
Microsoft VBScript compilation error '800a0411'
/protect/config_inc.asp, line 15
Dim Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
then when I look at what you did in that file I see why
you have this code which is totally wrong because you cannot include the password protection file twice
<%@ LANGUAGE="VBSCRIPT" %>
<% GROUPACCESS = "*1*" %>
it should be
<%@ LANGUAGE="VBSCRIPT" %>
<% GROUPACCESS = "*1*" %>
and that is probably the root of this entire problem.. the redirection was working...
but you were sending them to invalid pages with errors
all those pages are wrong...
if you dont see the real error above see this
if you look over the aspprotect 7 installation instructions that is the very 1st thing I tell people to do
hopefully this is the info you need to continue and get some work done,
humm, I dont know.
If you want me too I would be glad to go into your web site and troubleshoot. If so PM me the info I need and I will take a look and see if I can figure it out.
Your users with Internet Explorer may have received the "Page Expired" error. For ASPProtect users, it happens when the user is not logged on and tries to invoke the target page. check_user_inc.asp puts up the login form, and IE sees it as part of the target page. Any later attempt to Back up and reload from cache gives the errror.
My solution was, after successful login, instead of falling through the bottom of check_user_inc.asp and running the target page, I issue a re-direct to reload the target page. I also added META tags on the dynamic login form to say no-cache and expire now, so the re-direct really does reload the target page. This time, of course, check_user_inc.asp does not need to put up the login form, and the new target page in cache contains no form at all. So, IE will not give a Page Expired error when Backing up to it later.
Netscape, and I gather other browsers, do not behave the same way, so I limited the solution to IE. Also, the solution only works if the target page has no form of its own.
Need to clarify something..
Your talking about the page where a new user registers right ?
Your not talking about adding a new user from the admin area ?
Either way under no circumstances do I see anything like you are saying happening nor has any other ASPProtect user ever mentioned this probem.cwilliams38164.8115046296,
I am going to need to see your site and see this happening. It just makes no sense the way you are describing it.
Also. did you edit the registration page code in any way. If so please revert back to an original copy to ensure this is not some sort of problem introduced by editing the code.
1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another? I am asking because there is only one table in the DB, and it is the "Users" table. So I am presuming that there must be other databases that are linked to the DB. Is this correct?
2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software? I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of. ,
Your actually confusing me with the whole "joe bloe" thing and user access. I just do not get what you are trying to tell me. Perhaps you can explain in a less confusing way. Your just not technically explaining it andand thats what I need to know to possibly help.,
As for the subweb thing you just can not do that. Subwebs have their own sets of application and session variables. An ASPProtect installation and any pages you protect with it are required to be in the same "application" in IIS. Sicne subwebs have their own "applications" in IIS that won't work. It is the nature of "forms based authentication" A sub web is alo considered by our licensing to be a seperate web site and ASPProtect is licensed per web site.
As for breaking pages.. you really shouldnt be editing any pages in the admin area as you will break them unles you are very good with ASP. (does not sound like you are..no offense meant at all)
Pages in the "users" folder are less complex and it is usually ok to edit them carefully.
Pages of your own that you password protect can still be edited in your usualy way though without effecting anything.
Truth is if you back things up before you start editing how can you go wrong ? That's how you learn.
ok.. so we got an NT server with a 486 with 256 meg of ram. ,
anyway.. I have the system running without doing any importing and WOW is it chugging.. I mean it takes a while even to edit/save a user
good news is the filesystem object works as I wrote to a text file
this may end up being a simple case of lack of horsepower..
we may need to do the importing on a faster system and then take the database over cause everthing I see on your server looks correct
even so aspprotect is running so slow.. I have never seen it chug like this
I even tried connecting to a 2000 version of the database and no difference.
I am not totally sure what is going on but the server resources available are scaring me... however this could be something new in the code that I never got a chance to try on NT server.. I dont think so though
how does your other stuff run ?
static pages that do not access a database seem to serve up quickly.
are you running any other dynamic code ?
Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?
I'm not quite sure what the syntax would be in the URL.
The Double DIM needs to be removed for this code to work properly.
Dim BannerZone, BannerConnectionString, BannerDatabaseType, ConnBannerSystem
Dim CmdCheckUser, CmdGetConfiguration, App_Name, Config_SQL, BodyTag, BanDataConn
Dim CmdBannerTemp, CmdGetZones, ZoneString, ZoneArray, ZoneIndex, CmdUpdateWaiting
Dim CmdUpdateExpired, CmdRetrieveImpLimitedAds, CmdRetrieveImpressions
Dim CmdUpdateImpHit, CmdRetrieveAds, CycleBannerTotal, CycleList, NewCycleList
Dim Dim LoopBanner, CycleLoop, CycleListArray, CycleListArrayIndex, BannerCycleData
Dim Banner_Array, CurrentBanner, NewCycleListArray, Banner_Array2, LocationIndex
Dim Stop_Processing, Keep_Processing, CmdUpdateStats
Everything is running fine.. I can read ads... reply to them. but when I click sign in or register.. I get a server error.
I just spent a bunch of time in your setup using SQL server and I didnt have a single issue. It all seems to be working perfectly to me.
I got into the system using the "get_me_in.asp" page like the instructions say to to.. then I deleted those two users you had there.
I created a new user called "admin".. then I edited that user to make him an admin.
I have logged off and back on as that user a bunch of times without issue.
is the user info..
I just didnt see any problems whatsoever???
I also took the liberty of going into the settings page and setting all that up for you as well so all the url paths are right now and emailing from the application works.
I am going to wait an hour or so and try to log in a few more times but it honestly seems to be running perfectly to me. ,
ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..
This comes with the system as an example folder with some files in it.
(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)
Here is how it works...
Basically we protect the image in 2 ways.
- We stream the image via a special password protected ".asp" page and use an image tag to call it. This hides the true location of the file. You can therefore keep your images out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the img tag html source they can not tell where the file came from. Doing all of this allows you to offer certain images only to people that are logged in.
All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth., I really need more detailed information to say anything about it.
For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.
Look at the source. The values you can edit are commented.
Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.
I would try different methods of calling banners as well to see if that helps., Oh yes...I've changed the time a script is allowed to run before timing out from 90 seconds to 180 seconds on the aspprotect folder.,
you do not run "check_user_inc.asp" by itself
Pages you protect include that file at the top.. when they someone goes to a protected page if not logged in a user then sees a login prompt..
after loggin in they see that same page as normal
its an automated process..
now, that being said if you really want to you a specify a page to be redirected to after the 1st login when you edit a users info. You can also redirect anyone anywhere like using a simple ASP redirect statement in your code.
Personally I feel that redirecting people all over the place is poor site design. ASP is all about dynamic code and ASPProtect is all about dynamically tailoring pages to the current logged in users... so why redirect people all over the place.. it justs complicates things because you still need to password protect the places you send them to.... which means twice the work and twice the confusion.
Also, here is a Version 6 thread about redirecting manually that still applies to version 7.
I've got an ecommerce module that's running on it that uses access for the db. Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.
So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?,
I am not sure totally understand your question.cwilliams38298.6571759259,
I need you to explain it differently.
Any ".asp" page that is protected is going to automatically prompt them for a login box or log them in automatically depending on if they set that option.. In the end returning them to that same page.
So, it really all takes care of itself for the most part.. It doesn't even matter if the bookmark a protected page deep in your site. The system is smart enough to keep them at that page as well as handle their access.
Now of course if they are at an unprotected page of your site and navigate to a protected page they get a loin prompt or are allowed in if they already logged in...
Also.. when you say unprotected page ? do you mean ".htm" or ".asp"
Timecard Entry: 3/25/2006 4:35:02 PM
illingworth millwokr/ email link incorrect /given to tom/seaway prevention council changes for web site
, Setup E-mail for lecky.com, phones, busy busy busy, to Clayton, Amy - Discussing ''Golf With Your Buddies". Checking status of Sunandshield.com virtual email accounts., Pretty steady up until 9:45 when it slowed down... did a couple of Connection issues and discussed the past week with Ron., Create e-mail to inform rest of related staff as to my projects and duties, so that my absense is convenient., tech phone calls, callbacks from voicemail, checked emails, cc report, incident report, taking sign ups, quality checked sign ups, answering phone., Retouched photo for Z93, placement of exsisting elements,
Discussed printed comp & changes w/Jason. , phones died out after 4, on line and rad log,,trash,,straighten sweep, Working on new MLS software. Began work on new version of the Market Analysis that we will use in the new software. It is more customizable and have better features that people have asked for., PAID DAY OFF use vacation time, Sent out DSL responses, Met wiht IHC about the Wireless and Phone service, reviewed redwood mtg with jw for thursday. talked to hb about ottowa/nortel. reviewed jetstream info. talked to bob nelson-got realtor name to contact for banks and computer dealers in oneonta. to call thursday., Cleaned up mails from past three days., Talked/ICQed with Steve/Cris about the Steve Rose visit on Thursday. No one seems to know what the hell's going on...I guess Kelly was making the arrangements., fix compaq 6000 in syracuse fix modem problesm fix card problems reflash whole box, traveled back to watertown, Lunch, Spoke to Kelly about MBOS, talked to Crispin about some drop-down menu changes requested by Warren, PA board., new/close out w/o's, u/d trkr, work end of week reports, review invoices, Email/talk to Tom/Tim about changes needed on CPHospital.org, lunch, registered touch of grace, nesco-local links, work orders, updates intranet and databse, pretty slow did callbacks and some radlog died down at 10 hgad three things go down... all were emailed and called by me except one we had larry do to get the feel of calling NOC, vacation , checking email.,