Blog Entry: 3/25/2006 4:28:23 PM
Every application we sell that has a password on the database uses "temp"
Also, the password is in the connection string in the dataconn_inc.asp file.
After all, the ASP code needs to know the password just like anyone that wants to open the database would.
That i have, my question revolves around the all the users and passwords that I in that database. I need to be able to export that list to word for a mail merge list, but when I do the passwords show up encrypted. I need to be able to get an unencypted list.
I had a question about user registration and how it works, mainly because I am having a problem.
When a user registers, with the email verification setting, I am assuming that there is supposed to be a new record created in the USERS table in the database. What could cause this not to happen?
Actually, in testing further I found that with the setting at Auto, Manual, or email, the record is not added to the table. And, if I am logged in as admin, the Add User button does not do anything.
I can however edit and delete user records...
Hmmm, adding a Category yields the same thing. And loggin in as a non-admin user still displays some of the menu items for admin, but then gives a page can not be found error if you click on one (ie, approve).
This looks like a db issue to me, I will have to try this with access and on a test server...
ok, here is what is going on
you are password protecting an ".asp" page that requires querystring info to run correctly (example - "somepage.asp?ID=3""),
that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out
this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact
it was a nice feature never intended to handle any situations other than what I just described...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info
that more than anything is what is going on.. browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...
To avoid all of this...
One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)
Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.
Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc
So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.
I hope this makes some sense to you.. it is very hard to try and explain
If you see that when doing a view source then that code is not running.
I will need to go into your site and look as something is very wrong on a low level and I have no more ideas.
PM or email me the info and I will figure out what is going on.
I'll need ftp or frontpage access to the site.
I'll also need to know the urls for the asprotect system as well as the page you are trying to protect.
One last thing..
This is bad
there are .asp files in there people can run that you dont want people running..
u should delete the asp files in there or turn off directory listing...
Well, that is why we added the PayPal subscription pack where all of that is taken care of and customers get put under a recurring billing cycle.,
The more people you get to pay that way the less you have to do.
We also have routines for the two other supported payment methods so people can look up their account and add time to it whether it is active/expired or not.
Other than that, yes it is something you need to sort out on your own based on how you want to run your system. You have the source code and the sky is the limit on how you want handle all of that. You send out an email to users about to expire. Whether they come back to the site/look up their account and add more time to it is up to them. I really just do not see any way ASPProtect could handle that whole process automatically.
As for batch changing to users in the database. We give you the source code and we also use an open database structure. You can run any query you want on the database whether with ASP code or directly in your database using the tools that come with it, You can write any code you like to do whatever you like to the database. You can even tie other systems and code into the database via OBDC and manipulate data. The sky is the limit like I said. I also don't really see how batch changes to the database relates to individual users paying again for access or not especially since we include payment pages were a users can look up their accounts and pay for and add more time to it automatically ? At least not regarding the payment routine we provide support for.
ASPProtect can not handle everything every person would need to do. It is meant as a solid starting point for any project, but there are going to be times when more functionality will need to be added by the customer based on their specific needs.
Parent paths being enabled on the server is a requirement of the application. That error means just what it says.
you can change all the server side includes to virtual includes that will work or you can ask you host to enable parent paths.. those are the options
I run F-secure on my laptop which has the anti-virus and firewall modules, and the servers aren't running anything like that., If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.
Change the action of the form to the page you want them to log into.
Make sure the page you send them to is protected by the "check_user_inc.asp" file.
<table border="0" width="400" height="200" bgcolor="#000000">
<form method="POST" action="memberarea.asp">
<input type="hidden" name="Status" value="Checkem">
<p align="center"><font face="Arial">ASPProtect Login</font></p>
<table border="0" bgcolor="#C0C0C0">
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
<td><input type="text" name="Username" size="10"></td>
<td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
<td><input type="Password" name="Password" size="10"></td>
<td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
me signed in on this computer unless I log off.</font></td>
<p> <input type="submit" value="Login"></p>
as far as sql goes if you follow the instructions with give for setting up a new database you shouldnt have any issues and permissions should be already set. because we handle that in the sql script we give you.. "its a good thing to look at and it is pretty easy to understand what is going on""
however using another account could cause permissions issues.."yes, even sa" basically the username your using needs datareader and datawriter permissions to all tables used by the photo gallery system and you probably have to go specifically set them usin ght e security tab for your database in enterprise manager. This is more of SQL server 101 than anything to do with the Photo Gallery Code so I am not going to get into it too deeply, but that is definetly the issue. Permissions...cwilliams38303.6065740741,
MySQL Database Setup
Use of MySQL is 100% unsupported as you can see from the site.
Even still I recently had an encouter with an extremely Jerky person (read the thread above for more on that) and because of him I am adding this tutorial showing one way to set things up on a windows server using the official MySQL tools available.
Let me just say as well that there are 100's of 3rd party tools to work with MySQL databases and many ways to create the database and apply the database creation script. In the past it had to be done via the command line, but now there are a lot of visual tools you can do it with. Furthermore all hosting companies set MySQL up differently and give you access to varius interfaces to manage it which are all different, and that is primarily why I do not support it. How the hell could I support all those different interfaces many of which are totally custom?
The fact is 99% of the people that purchased ASPBanner to use with MySQL have done so without issue and love how it runs. Regardless here is how I set up a working MySQL database on a windows server proving it does indeed run with a MySQL database.
1st of all if you are setting up the server you need to download some things from http://www.mysql.com/
(btw: you local developers can install this on XP Pro as well if you like.)
For this article we are going to download the current non beta windows version of MySQL which is 5.0. ALso known as the Windows Essentials (x86) download. It's about 17 meg.
Because ASPBanner uses the MyODBC drivers (now called Connector/ODBC) to connect to the MySQL database you need to download those as well. (Our site flat out says this is required for MySQL use)
So I download those from here. http://dev.mysql.com/downloads/connector/odbc/3.51.html
Version 3.51 has been the current version for a couple years now.
You want the windows driver install which is about 2 meg.
The two downloads should look like this.
Now, on the webserver you run the version 5 setup (mysql-essential-5.0.19-win32.msi) I will guide you through it step by setp.
I am going to choose typical for the sake of this article.
Wait for a bit
I skipped this part.
Choose to configure the MySQL Now
I am going to choose Detailed Configuration
Since I am on a development machine for this install I am going to choose Developer Machine. For a Real Server choose one of the server options.
For this article I am going to choose Multifunctional Database: You may want to pick one of the other options. That is up to you. ASPBanner will work under any of the scenarios.
I am going to leave the location at its default
Since this is a development machine these options are fine.
These options are fine as well.
Standard is fine for my development machine.
I am going to choose both of these options. The 1st one is Important and should be enabled on a real server so MySQL always runs. The 2nd is not so important.
Set the "root" password and do not forget it. You will need it to manage your MySQL server. I do not advise creating an anonymous account unless it is a development server and you just do not care. Whether you enable root access from remote machines or not is up to you so do some research on that. For this articles needs I am not choosing it.
Hit Execute and wait
If all goes well you will see this. (I actually got an error message about not being able to connect... I went to to Administrative tools/services and restarted the MySQL service and hit retry which cured that... it probably only did this to me since I have installed this before.. new installs probably will not have any trouble)
Your done.. You just installed the MySQL Server (TIP: its usally a good idea to reboot and make sure the MySQL servce is running by default)
Now, moving on..
Lets install the MyODBC drivers.. (now called Connector/ODBC)
This one is a bit of a no-brainer so I am not going to go into detail.
Just run (mysql-connector-odbc-3.51.12-win32.msi) and run through all the defaults until it is done.. Choose typical when that comes up.
Your done setting up MyODBC on the server. If its not your server I guess you don't need to worry about installing all of this as its your hosts job to do that.
I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.
That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.
see this article...
Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.,
If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc
I am still a little confused... one thing I would like to mention is that the passwords in the aspprotect database are encrypted... meaning you cant just add a password to the user database by hand because it wont be the encrypted value and wont work., And here is an even simpler version where the database name is hardcoded and the User_ID is set ahead of time from wherever you are getting it from
It is something the application takes care of when you add a user via the web based interface.
You can however still add users manaully or with careful import/exporting... but you will have to use the existing password conversion technique which is covered at the end of our upgrade instructions in these forums.
Basically you want to add a field to the "ASPP_Users" table called "Old_Password" and that is where you enter the password in plain text. Then after you are finished adding users to the database manually you do this.
You want to run a special page via the browser.
Which will convert the passwords to the encrypted value for you.
See the bottom of this thread for all the info on that.
'User_ID = CmdListUsers("User_ID") ' getting it from another database query
User_ID = Request("User_ID") ' getting it from the page post
SELECT COUNT(Album_ID) AS Alb_Count FROM Albums WHERE User_ID = " & User_ID & " AND Album_Active = 1" cwilliams38433.0595949074,
its one or the other... you cant protect upload.asp at the same time if upload.asp is included in another page..
I mean sure you can protect upload.asp from running when another page calls it by password protecting the page calling it.
And sure you can protect upload.asp by itself if it also runs all by itself. But you can not include the "check_user_inc.asp" more than once in any order of execution scenario. That includes pages being included.
Generally anytime a page is included in another that included page is not meant to run by itself and wouldn't produce any outcome if run by itself so this would never be an issue.
if you don't want "upload.asp" to ever be run by itself in that scenario put it somewhere in your web site that is not web browser accessible.
I would also suggest you look into using Virtual includes. It will save you a lot of time figuring out this sort of thing "../../../../../" becuase once you figure out the virtual include path you can use the same server side include from any directory level.
I am using cdont to send email. what do i have to do send email to other display my full name instead of email address. In other word I want to see first name last name in their email client instead of email address.
thanks for your help
option pack: yes (after the install I have this problems with groups and edit users )
host permissions: yes
Active Server Pages error 'ASP0113' Script time out/password_admin/groups.asp The maximum amount of the time for a script to execute was exceeded. ...
For some odd reason, the the export path has two backslashes (\\) at the end, thus generating an error each time I try to export. For example
This appears toward the bottom of the import_export_manager.asp page and is called by =ExportDirectory.
I checked under settings tab, no path ends with a "\". Any idea where else I need to look?
, still.. its got to be somthing along those lines.. I have seen times when even dbo didnt have full rights to a particular database so permissions should always be manually checked..
The import data routine is most likely the source of the trouble
For troubleshooting sake I would create a fresh installation from scratch using the sql script we provide and a new SQL user. Then see if that works. If it does then try to import your data into that.
There are no other things I can think of doing. Sometimes you just have to start with a clean slate. ,
I am trying to set up ASP protect 6 and have a problem that when a new user registers their email is not transferred to the database.
I can see the rest of their entries both in the database and in the admin/edit form but not the email.
Another good tip is to make a copy of the "password_admin/default.asp" named whatever you like..
"default2.asp" would work...
then maybe add a link to it from the header_inc.asp filecwilliams38422.509525463, (customer replied aug-sep 2005)
then you can modify that one all you want and your will still have the original around.
That concept works for a lot of things.. for example you could make a copy of the "users" folder and call it "users2" granted a few paths might need to be changed here and there but really not a lot. (how do you think the paypal signup folders were created, they started as a copy of the "users" folder of course)
You can even make a copy of the "check_users_inc,asp" file if you like. Then make a copy of the "scripts/login_form_inc.asp" file... then make your new "check_user_inc.asp" file reference it.
Then you can password protect pages using different versions of the "check_user_inc.asp" file. Why ? well maybe you want different looking logn forms for different parts of your website or you want to make a lot of changes to the "check_user_inc.asp" file and want to leave the original alone.
OK, you have old code then... I will send you some updated files that you can try.. let me know here if it solves the problem. , I didn't think that was it, but just to prove, I just viewed the same album from 2 different IP's. It did not increment the "hits". ,
How can I make so it goes to certain webpages if user enters valid username and password??
I suppose user enters its information on check_user_inc.asp page, and username and password are stored on SQL database.
, Hey, I thought I'd share this tip with the ASPProtect community...
If you'd like to remove, modify, or add fields to the "Users" view in
the password_admin default.asp page, it's really easy to do. Well, at
least it was for me. I'm using an MS Access database, by the way.
For me, I don't need "Company" info, but I do need last access and # of
times accessed displayed. Therefore, I had to change the default page
in three areas:
In /password_admin/default.asp, go to about line 185 or so, where you see stuff like:
[code]<td valign="bottom"><font face="Arial" color="#000000"
="2"><b>First Name& lt;/b> </font></td> [/code]
OK, those are the column headings. Each one corresponds to a column
from your USERS table in your database. There are two more areas to
consider, both of which appear immediately after this section.
The next section has statements that look like this:
[code]<td valign="bottom"><a href="<% =THISPAGE
border="0" src="../images/sort_ascending.gif" Alt="Sort
Ascending"></a><a href="<% =THISPAGE
border="0" src="../images/sort_descending.gif" Alt="Sort
See the "First_Name" items? The first is for an ascending sort, the
second for a descending. This particular line corresponds to the code
snippet immediately above it. But all this does is handle the sorting.
For the actual data, look lower for this stuff:
[code] <td bgcolor="<% = Cellbgcolor
%>"><font face="Arial" size="1"> <%=
%& gt; </font></td> [/code]
It's a good ways down, so don't be impatient if you don't see it in 10
lines from the end of the last mentioned section. This stuff handles
the display of the data from the database (where else ya gonna get
Now, to remove a field, you need to find the three sets that go with
that data. The ascending/descending sort is potentially the trickiest,
because it's the longest set of data and can take a number of lines.
Just clear it from the start td to the end /td and you'll be fine.
To *add* a field, copy and paste the code from an existing field and
modify it. In the first one, the column title, you can type whatever
you want to describe your info. Nobody but you and your admins will see
it. For the next two sections, though, you need to get the correct
column heading from the USERS table and use that to correct the lines
in the copied code you pasted in.
For example, when I added a column to show the number of times a user
logged in, I copied the above snippets and pasted them in where I felt
the column I needed should be. Then, in the first one, I changed "First
Name" to "Logins". In the ascending/descending snippet, I changed
First_Name to Counter. Same for the last snippet.
The result? A new column, showing the number of logins my users were successful with.
Of course, before you experiment, back up your existing default.asp file, JUST IN CASE.
, how would anyone recommend i go about setting a different expiration date for each group a user may belong to?,
I am trying to import a file, and I get this error:
Microsoft VBScript compilation error '800a03f9'
/aspprotect/password_admin/upload_post.asp, line 6
If Session("Admin") <> "True"
Any suggestions on how to fix it?
[QUOTE=cwilliams]Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.[/quote]
I did change the top_logo.gif and the associated link. That was on the default page not the Solid Black skin which is unchanged. After downloading/uploading the skins I tried changing it to one of the Beach skins and that's when it changed to Solid Black and has been stuck there ever since.
[quote]Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.[/quote]I don't have access to the Microsoft IIS console as this is a host site. I can access the site's "control panel" but it does allow for those type of settings. Mostly just permissions, DSN entries, etc.
I log all 404 errors on my site and since installing ASPBanner, I get a lot of the following error:
/aspbanner/edit_banner.asp?Banner_ID=11&User_ID=1 contains a broken link:
ID changes and there are various missing links. Some missing links include:
While not critical, these are filling up my error logs and it takes time for me to sort through them. ,
Okay, so I copied the txt file into the export file and tried the import users option and it timed out on me as well.
Would it be easier to figure out if you were able to look at the iis server?,
1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another? I am asking because there is only one table in the DB, and it is the "Users" table. So I am presuming that there must be other databases that are linked to the DB. Is this correct?
2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software? I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of. ,
You'll need to find a validation function to test for it.
I dont have any experience with validating zip codes here much less UK.
Google it would be my best advice.. or maybe find some free app written in UK format and see how they did it.
And if ya find anything post it here if ya like
Thanks for a speedy reply. This is what I have used most recently...
ListingsConnectionString = "DSN=longreach;UID=lradmin;PWD=skipper;"
DatabaseType = "SQL"
but that throws an error of:
[Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified
I have private messaged you my SQL server IP address. I am a fast learner with ASP (I think!) but some things really catch me out!, One of my users is looking to do mass updates (multiple records). He wants to be able to update the "Expiration Date" for a group of users who work for the same company. ,
I am in process of upgrading from v6 to v7. I have made database changes, can connect to database and get in to Administration area just fine. However when I go to create a new user I get the following error
ADODB.Recordset error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/password_admin/save.asp, line 227
Our login works great, variables even help determine menu options. When user logs on, however, it opens in a new page. Is there a setting somewhere that sets whether you can open in a new or existing page?
Also, when you log off,
The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.
You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.
Please continue to check the support forum threads for the most up to date documentation., The way the application works is one separate installation and database is required for each (IIS Application).... not only is it a licensing thing but it is also the nature of (forms based authentication) because every application in IIS has it's own set of application and session variables and they can not be shared with other various IIS applications.
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then choose unblock down in the lower right corner ...then you can open and view the file correctly
That being said if you plan to run a separate install for each web/IIS application buying new licenses is fine
If you want to run one installation and database and share that with other web.IIS applications it is not technically possible.
Each web/IIS application requires a seperate install of ASPProtect.NET,
If you still cant see the upload buttons after checking the settings send me a PM with the info and I will take a look at your installation. It will have to be up on a live server of course.,
I have purchased the Standard version about a week ago. Its a great script.
I have been able to select uploaded banners from day one... but just now i dont seem to be able to select...
i know its hard for you to trouble shoot with such little information.. but i had to ask..
Should i maybe upload the site again ( but same the database first)?
Timecard Entry: 3/25/2006 4:28:23 PM
lunch, Interview Hall and Natali, Mike co - update pricing for menu bar and banner ad- email info
Jh Burnash- spoke with Jeanne - domain name/ search engine registration send info/email
Uncle Sam's/captain thomson- changes for web site call to set up an appointment in November (Carry Hartmen)
CHC Construction company- spoke with Adam hughes/interested in hosting and design- from syracuse area ( will send info to do proposal.
RMSCO- Syracuse - interested in hosting and email accounts, looking to do in november
Pete Deshaw- send email on cancellation for hosting to billing
cancel zdu class, Not much of a change... a couple calls., went to make the deposit at the bank and entered the deposit, Tech calls from Gary, McGrann paper and OCCE., waited for alan shulman to email me back, and error checked agency ideas, Covered NOC - Started checking modems while down there., entered bills, Traveled back to Clayton - Mileage =94, ws trkr u/d, review workorders for close out, Travel to Plattsburg 30 Miles, Tasks, 26 Miles : Clayton - Watertown, Drive back to Clayton (no miles)
, phones, *BHCP, phones busy, Newsgroups/Email/Timecard, Setup traffic reports for blushhill, Working on new MLS software. Tediously converting fields from the old system to match the new field structure so that I can start converting all the old reports to work with the new system., To Watertown for business after hours, R&K, Checked over Clayton microcoms., Smoke break, Team meeting, review proposals for amy, evaluate projects and assign names whom work will be completed by., lunch, Traffic reports, Post office and bulk mail also went to the Nutshell for party poinsetta spoke to Jodi at hte Riveredge , Reset all the modems, and checked TCM to make sure that the modems were all doing okay. Found a bad modem on Syracuse 5500. Took some tech calls, when needed.,