WH4L

Have you noticed the tiny graphic image aside of your address bar when you load up your DotNetNuke site in your browser that looks like this?

By default, you’ll have a file called favicon.ico located in your folder where you installed DotNetNuke. Many developers have learned how to change this ico file to another image that identifies your website and it’s fairly easy to do.

A favicon is seen by the browser aside of your URL.  It’s only 16×16 pixel square icon. Once you find the favicon.ico file in your DotNetNuke folder, you can double click on it and paint will open up and you can see the size and the image.

Here are some examples:

Now that you know what a favicon is, let’s change yours.

There is a great site that will create it for you if you want. Go to http://www.favicon.cc/ and create your ico and then download it and make sure you name it favicon.ico and put it  in your root folder where your DotNetNuke files are located.

Another way is to create the 16×16 graphic file of what you want in a graphics program and then save it as favicon.ico. If you use Photoshop, you’ll need to get a plug in to create the  ico file.

If you don’t want the plug in then you can go to this site and upload your graphic and the site will create the ico file for you. You can see your new favicon in the browser before you download it.

One thing that is important! Have a backup of your favicon.ico file because when you upgrade your DotNetNuke site to another version, your existing favicon.ico file will be replaced by the DotNetNuke favicon.ico.

Go ahead, change your DotNetNuke favicon!

Antonio Chagoury (www.cto20.com) – Microsoft MVP sent this to me to add:

There is an easier way to have favicons and not having to re-upload with each upgrade.

Also, with the same way you can have favicons for child and parent portals within the same dnn instance… here is how:

Just drop the favicon in the “portals/<portalid>” folder instead. Done!

What are Magic Quotes:Magic Quotes is a process that automagically escapes incoming data to the PHP script. It’s preferred to code with magic quotes off and to instead escape the data at runtime, as needed.

Why did we use Magic Quotes:There is no reason to use magic quotes because they are no longer a supported part of PHP. However, they did exist and did help a few beginners blissfully and unknowingly write better (more secure) code. But, when dealing with code that relies upon this behavior it’s better to update the code instead of turning magic quotes on. So why did this feature exist? Simple, to help prevent SQL Injection. Today developers are better aware of security and end up using database specific escaping mechanisms and/or prepared statements instead of relying upon features like magical quotes.

Why not to use Magic Quotes

• Portability Assuming it to be on, or off, affects portability. Use get_magic_quotes_gpc() to check for this, and code accordingly.
• Performance Because not every piece of escaped data is inserted into a database, there is a performance loss for escaping all this data. Simply calling on the escaping functions (like addslashes()) at runtime is more efficient. Although php.ini-development enables these directives by default, php.ini-production disables it. This recommendation is mainly due to performance reasons.
• Inconvenience Because not all data needs escaping, it’s often annoying to see escaped data where it shouldn’t be. For example, emailing from a form, and seeing a bunch of \’ within the email. To fix, this may require excessive use of stripslashes().

Disabling Magic Quotes:

The magic_quotes_gpc directive may only be disabled at the system level, and not at runtime. In otherwords, use of ini_set() is not an option.

php_flag magic_quotes_gpc Off

In the interest of writing portable code (code that works in any environment), like if setting at the server level is not possible, here’s an example to disable magic_quotes_gpc at runtime. This method is inefficient so it’s preferred to instead set the appropriate directives elsewhere.

Community Server is a fully functional web based discussion system that demonstrates how extraordinarily simple it is to create powerful, scalable applications for the Microsoft .NET platform.If you are using Community Server and forgot your Community Server site login information then you come to the right place.We will guide you how to check the user password in database.

1. Connect to database via DB management tool like sql management studio and then open SQL Analyzer and run the statement below(replace [UserID] with the ID you like to check).
   

   select Password from aspnet_Membership where UserID = (select UserId from aspnet_Users where UserName = ‘[UserID]‘)

2. Find the the user and note the userID in table ‘aspnet_Users’ – select UserId from aspnet_Users where UserName = ‘userID’
3. Check the password from table ‘aspnet_Membership’ – select * from aspnet_Membership where UserID = ‘[the result of #2]‘

Then you will see the password show in password field.

You may get the following error message "’421 Cannot connect to SMTP server" in outlook and outlook express. Here I will post some of my opinions of this problem.

Error sample

"An unknown error has occurred. Account: ‘Hotmail’, Server: ‘smpt.live.com’, Protocol: SMTP, Server Response: ’421 Cannot connect to SMTP server 65.55.24.100 (65.55.24.100:25), connect error 10060′, Port: 25, Secure(SSL): Yes, Server Error: 421, Error Number: 0x800CCC67"

My opinions on fixing this problem

Please check your computer and make sure that the factors listed below are not affecting your ability to send messages. You may also contact your Internet Service Provider and verify if they are blocking Port 25.

a. You may be using the Incorrect SMTP settings.
b. Your firewall software is blocking your e-mail client or the port for outgoing messages (Port 25) is being blocked by your security software.
c. Your router has a firmware setting to block certain communication ports (specifically port 25).
d. Your ISP has blocked access to port 25.

I also suggest using port 587 instead of port 25. This will help you to get around any blocks set up on port 25.

If you have a hosted website at a wehosting servcie provider, you may get the pain that some unknow scripts were embedded in your website files. So lets take a look at why this happed and how to prevent it.

As you can imagine,it’s mostly like the site is hacked and the unknown scripts are added to your website files via ftp access. As a webmaster or admin of the website,when you visit some virus infected website,your computer will be infected as well and may be compromised with Spyware through sending off FTP access information to the malicious.So once the hacker gets your ftp information he/she will be able to embed scripts in your website files after access to your ftp account.

There are some symptoms you may notice if such a hack happened to your website.

• Your web pages are loading slowly, possibly while the malicious code communicates with it’s master.
• When you visit the site, your computer starts frantic disk activity and browser locks up.
• A bar at the top of the page prompts you to download a Microsoft Add-on.

If your computer is compromised,it may display the following symptoms:

• Computer has generally slowed down.
• You experience browser hijacking possibly "search engine" redirection.
• Other websites that you manage start to get infected.

How the hacking script looks (in asp files)

<script language=javascript><!–
document.write(unescape(‘%3CscAw

—– some detail has been removed —–

CKizgpt%3E’).replace(/UbF|ubC|PT|eB|zg|CK|AwM|Sz|s1R|Tf1/g,""));
–></script>

How the hacking script looks (in html and js files)

</head>
<script language=javascript><!–
document.write(‘<script src=http:/

—-some detail has been removed —-

mage.php ><script>’); –></script> <body>

How the hacking script looks (in php files)

<?php if(!function_exists(‘tmp_lkojfghx’)){if(isset($_POST

—– some detail has been removed —–

lkojfghx2(); ?>

Here are solutions for this probolem

1. Keeping a strong password is crucial and is the first step in protecting your website. Use a password with Upper case and lower case, numbers and symbols or characters. The longer the password the better. Change your password every 3 months at minimal.
2. Meticulously clean out all traces of the malware from your website by reloading pages or editing out the hack code. Check hidden directories for infected files.
3. Use a good virus scanner and keep it up to date. Also keep a trojan scanner on your computer. Maintaining a clean PC is good practice as one of the most popular iFrame Hacks comes from an infected PC.
4. Backing up your website is a must. You should always have a current copy of your website on your computer. Keep the files on your PC or a USB Key or External Hard Drive, it can save you from a major headache.
5. Security of file permission. Many scripts these day require you to set full permission (777 permissions on files and or folder). This is NOT safe in any way and we highly recommend you do not do that. Full Permission (777) allows users to have full access to that folder and file. To remedy this always use read/execute (755 or 644 permissions). Your script should still operate without any issues at all.
6. Keep Your Software/Scripts Up To Date. You should ALWAYS check your software or script provider for updates, patches or new versions. When software is released not only are there new features but security is always tightened and bugs are also fixed. Making sure your script is up to date is critical is maintaining a safe website.

If you are using IE7 or IE8 you may get the error "Navigation to the webpage was canceled" when  you browse web pages. Here is the solution for this problem. Please follow the instructions below,that will fix the problem:

1. Click Tools on the top of your Internet Explorer screen.
2. Click Internet Options.
3. Click the Security tab.
4. Click the Internet icon.
5. Click Custom level.
6. Locate Display mixed content.
7. Click the radio button next to Enable (the default setting is" Prompt ").
8. Click OK to save your changes.

To export your SQL database to a .bak file you can use Microsoft SQL Server Management Studio Express. This is found in the start menu in:

• Programs > Microsoft SQL Server 2005 > SQL Server Management Studio Express
  OR
• Programs > Microsoft SQL Server 2008 > SQL Server Management Studio Express

If you don’t already have mssms installed then you can get it from here:
http://www.microsoft.com/express/sql/download/

Follow these steps to perform a backup:

1. Open SQL Server Management Studio Express
2. Connect to your database server
3. Right click on the database you want to back up
4. Select the Tasks menu item
5. Select the Backup menu item
6. In the Destination section of the Back Up Database window make sure you have selected Disk
7. Click the Add button and type in a location for the backup
8. Make sure you type the .bak on the end of the filename as it will not automatically add this in for you
9. Click OK and the database will be backed up to the location you specified

Note

If you are connecting to a remote sql server the .bak file can only be saved to the file system of the sql server. I do not know of a way around this limitation so you will need to access to the file system via ftp or some other method in order to move your backup to a secure offsite location.

You may have the question "What is the app_data realy for?" if you just entered into the web developement world as a newbie. Below if a brief introduction of  app_data folder. Please keep on reading and  you’ll get the answer.

App_Data allows you to use a file-based database.That includes not only SQL Server 2005 express and Access, but also XML files and Excel worksheets, among others, i.e., *any* file-based data store.

The real advantage is that any file you place in APP_Data won’t be downloadable
if a direct request for it is made over the wire, i.e., your data can’t be hijacked.

The content in all the special ASP.NET folders other than App_Themes is not be accessible via http requests to the server.

Do you know that you can manage multiple hosting accounts with a master login account at webhost4life?If you have multiple hosting account at webhost4life then you can create a mater login to manage all your accounts so you don’t need to login each account one by one to manage them.

You can follow the instructions below to create master login:

• Open the Control Panel Login link on top right corner of webhost4life’s website,then you’ll see the hosting control panel login page
• On the hosting control panel login page, click on the link “Click Here for Master Control Login” then you’ll get master account login page.
• On the master account login page you’ll see the link “Click here to Create a Master Account”. You can open this link there to create master account

The list is displayed in Standard view. It cannot be displayed in Datasheet view for one or more of the following reasons:

- A datasheet component compatible with Windows SharePoint Services is not installed
-  your browser does not support ActiveX controls, or support for ActiveX controls is disabled.

It means that your local computer does not have Microsoft Office 2003/2007 installed, which is necessary for viewing lists in Datasheet view. Neither Office 2000 nor Office XP are compatible with SharePoint 2003 version.