You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp

You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.

If it is 2 directories down it should probably look different..

example:)   "../../checkuser_inc.asp"

It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.

Also..

The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.

Lasty…. If you are logged in at the time

Whether your current session at the site is still active… or you have the cookie set to remember you.

Well, nothing will happen… cause your already logged in and you will just see the page as normal.

Perhaps things are working and you just don’t understand that part ?

You need to go to the log off page.. log off… then close all instances of the web browser windows..

Then come back to the site… then see if it prompts you to log in.

Great Thank you!

As of thus far the program is working rather nicely.

I am very impressed :)

Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS?

Now that I think about you may very well be able to use the existing login_form_inc.asp page

the header and footer files for the users area may be ok as well.

probably the smart thing to do is try your old ones and compare them to the new and see if everything you need is there. If not add it by looking at the source html and comparing.

All other files should definetly be replaced with the new.

There are several pages on my website that a user may go to that are not protected (e.g. home page).  If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?

If you are developing using Windows XP Pro and running the NTFS file system setting proper permissions on a folder in your website requires that you 1st disable simple file sharing.

To do so open up "my computer". At the top open up "tools/folder options"

Then the "view" tab.

Then at the bottom uncheck "use simple file sharing"

After that that is done... using "my computer" browse to the folder in your web that you need to set permissions on.

Right click on that folder and then choose the "security" tab.
(If simple file sharing is on that tab wont be there)

Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.

You can also give permissions to the everyone account and accomplish the same thing.



BTW:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"

Hello,

Thank you for the feedback.

I would like to point out the requirements of the application however as this is something I am aware of and do address.

http://support.cjwsoft.com/code/moreinfo165-1.htm

These requirments are directly linked to from the ASPProtect v7 web page, so its not like I dont try to tell people the deal regarding SQL server.

Basically I only have the resources to provide scipts and instructions for using SQL Enterprise Manager and that is all I officially support. I also personally think anyone using a SQL Server should be using SQL Enterprise Manager because later on down the road there are things you may want to do such as backups/etc etc

Take Care,

Chris Williams
www.CJWSoft.com

I have activated both activity and log files. The directories exist on my server and don't give any errors.

When I check the activity tab, some times there are a number of items in it.  Other times, there is only my login info.  From what I can see, it is supposed to show the last 50 items of activity at all times.  Am I missing something?

Also, when I click on the log file tab, there is no file or information to see.  Is there something I need to do beyond activating it in the settings area and making sure the directory has write permissions?

Thanks.

IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ;PN=1


The IPN Subscription Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement PayPal IPN Subscriptions with ASPProtect. IPN stands for (Instant Payment Notification). It allows you to set up scripts on your server so whenever a PayPal payment is processed the PayPal server sends info to your server regarding the transaction and vice versa. This is a fully automated process and allows you to charge users for access by the month or however long you like.

The Subscription feature of PayPal handles recurring billing automatically. The PayPal server will communicate with the ASPProtect system and keep everything up to date with users and their subscriptions.

This Support Pack basically gives you an additional signup and registration directory "paypal_sub_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup. New users can register in this directory and sign up for a subscription at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and start a subscription. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via PayPal your system is updated and they will have access.

To use this all you need to do in ASPProtect 7 is enter your PayPal account name into the settings screen. It will be an email address. You'll need a business or premier account with PayPal and you will need log into your PayPal account and turn on IPN in you profile. They make you enter a default IPN URL. We do not use that so if you already have something there leave it there. If you dont have something there you can type in any the full url to any page on your server. It's probably best to send it to an empty ".asp" page or something.

Changing Payment Options

In the "paypal1.asp" file there are some sample payment options set up.

They look like this and you can have as many as you like.

<!-- Begin Payment Option Code -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">

<% Label = "Membership (1 Month) $9.99 Recurring" %>
<!-- Begin Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="a3" value="9.99">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<!-- Field Below must have 2 commas First two values are optional (access level,groups,user ID)-->
<input type="hidden" name="custom" value=",,<% =User_ID %>">
<!-- End Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->

<!--#INCLUDE FILE="form_data_inc.asp"-->
<input type="image" src="https://www.paypal.com/images/x-click-but20.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">

</form>
<hr>
<!-- End Payment Option Code -->
 

To really understand what these form values mean it is best to look through the PayPal Subscriptions Manual which is a PDF file you can get from the PayPal Site.

This link was valid the last I checked...
Subscriptions and Recurring Payments Manual

It also may be helpful to use their wizard to create some subscription buttons with different settings and then look at the code generated.

Bascially these are the important ones..

a3 - amount to billed each recurrence t3 - time period (D=days, W=weeks, M=months, Y=years) p3 - number of time periods between each recurrence

The custom field is something we are using to send info from ASPProtect to PayPal.
it allows you to set the access_level or groups access (groups support require the ASPProtect Option Pack)

<input type="hidden" name="custom" value=",,<% =User_ID %>">

or this example where we are setting the access_level to (2) and also giving the user access to groups (3 and 4)

<input type="hidden" name="custom" value="2,*3*4*,<% =User_ID %>">

Here is how it works.
The value setting (red) is essentially and array that can be made up 3 elements separated by comma's

access_level,groups,User_ID

If you do not want to set the access_level or groups access.. then you don't even need to edit the setting.

Values must be separated by a comma even if there is no value and there can be no spaces.  If you didn't want to set an access level or groups there would still be 2 commas at the beginning.  etc etc
Basically there must always be 2 commas but you only have to set last values which is the User_ID from the ASPProtect system.

The 1st value is the access level you want to user assigned to.
The 2nd option is the groups you want the user assigned to. (requires option pack)
The 3rd option is the User_ID which the system takes care of. Do not edit this option. Leave it as <% =User_ID %>
 

I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out

Hi Chris

I've just recently purchased ASPBanner and have been testing out serving multiple Tradedoubler code using the IFRAME method. I have four types of banner on the same page refreshing every 15 seconds. (this will change on the live site) 

I've been leaving the IE page up for x hours and coming back to find between 1-3 of the banners has stopped and in place is an "internal error".

BannerZone=3&Refresh=15|40|800a0046|Permission_denied 80

I thought it may have been the SQL permissions from one of your other messages so I gave the banner user the DataReader and DataWriter permissions.

Its still happening and around the same time in the logs theres a couple of file not found errors.

BannerZone=2&Refresh=15|23|800a0035|File_not_found 80 - 80.65.240.159

BannerZone=4&Refresh=15|25|800a0035|File_not_found 80 - 80.65.240.159

BannerZone=1&Refresh=15|25|800a0035|File_not_found 80 - 80.65.240.159

Any ideas? I'm hoping its not the server as there is currently only 2 sites on it and this is pretty much the only traffic.

Thanks

Colin

I did all that you sugessted and all failed, you  said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually?  below are the steps I performed......

1 - made sure the web is it's own application in IIS

2 - Reset IIS in command promt

3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.

I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?

Thank you!

Matt...

Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/aspprotect/password_admin/upload_post.asp, line 6

If Session("Admin") <> "True"



If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.

All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.

Any assistance would be appreciated.

Thanks

The protection code for my group3 is:

<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * GP03 * ) -->
<% GROUPACCESS = "3" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->

btw - sorry but I am using v7
and thanks for the assistance

I did try to redit the banner and the old link was there, not the new one.  In addition I tried to ad a new banner to an account but it too was not saved.

Since I can see the banners from the aspbanner solution, does that not tell me that the solution is properly connected to the database?  The only thing is the solution only appears to be able to read the data and not write or delete it.

The settings for the directory are read write execute and delete so I am not sure what I need to do to get it working again

Please forgive any ignorance on my part.

Using the live demo, it seems that with the banner software my advertisers would only have access to reports, but no ability to upload banners, specify keyword triggers or zones, what have you. Is this correct?

The other thing I couldn't quite figure out, assuming I had a categorized directory on my site, is this system configurable to display different banners based on category? Perhaps through keyword triggers?

Thank you in advance for any assistance.

ya, thats basically what I was gonna do..

BTW.. if that other app is going crazy with an access database it could be the cause of all the slowdown with ASPProtect... what happens there is it is using so much database driver time that it robs other things that also access a database... so basically ASPProtect isn't asking its database for much but your other application and database are cripping that part of the system and causing it to run like crapola

If your other app is using a system dsn try changing it to use a dsn-less connection... it might actually help

its a text file   you just edit it with notepad..  if ya mess it up ya put an original copy back in

no biggie either way

jump in there..

I just showed ya exactly what to change.. its a no brainer man
This is simple source code. It's meant to be edited and hacked.

The only reason I warn you is so you can't blame me later on if it effects something

I am just trying to help

If ya dont like that solution why not just use periods for the first name field.. or a dash or something... then nobody will really see it

or maybe store the company name in the first_name field

seems like clever things to try without changing the code..

good luck...

Hello,

I really need more infomation..

for starters

what is the server ? iis4,5, or 6 ?

what is the version of aspbanner.. aspbanner standard or aspbanner unlimited ?

what was the error message before you removed the "on error resume next"

was the sql database created using the sql creation scripts we provide as that is VERY important.

and lastly what are the the regional settings of the server ?
what is the date format ?

ok, here is what is going on

you are password protecting an ".asp" page that requires querystring info to run correctly   (example - "somepage.asp?ID=3"")

that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out

this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact

it was a nice feature never intended to handle any situations other than what I just described...

now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info

that more than anything is what is going on..  browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...

To avoid all of this...

One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)

Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.

Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc

So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.

I hope this makes some sense to you.. it is very hard to try and explain

Just wanted to let you know that after modifying the remote host string in the email pages and getting the correct connection from my server, everything is running fine.

I hope you enjoyed your vacation.

thank you
adam

SQL Server Datareader Datawriter Permissions..

here is a screenshot that shows how to set datareader and datawriter permissions on an aspbanner database using "SQL Enterprise Manager"

In this example we are making sure the aspbanneruser has those permissions on the aspbanner table in the database

One is for paypal subscriptions (recurring billing) and the other is for single payments

http://support.cjwsoft.com/forum/forum_posts.asp?TID=185& ; ; ;PN=1

http://support.cjwsoft.com/forum/forum_posts.asp?TID=186& ; ; ;PN=1

You can delete any of the 3rd party payment directories you are not using including the the 2checkout one... (all those folders really are is a copy of the users folder specially modified to handle a certain payment processor)

Just Don't delete the "users" folder though as there are things you do there that you can not do anywhere else..  quite a few things..  editing existing account info, looking up passwords... etc etc

Hi Chris,

Thank you for your prompt response.

Our current project requires alot of customization.

Yes, the error is probably a data problem and not due to your code, because we needed to make modifications to the database.  But that's why debugging would be helpful.

Basically our intent to modify the asp protect code stems from the fact that our client doesn’t want certain fields to be recorded or to appear: address, city, state, zip etc…

We are happy to be able to modify the HTML, but we also want to modify some other default behavior, such as which page opens when the "cancel" button is hit in the editaccountinfo.aspx page.

An email I just received from eastcoastguy.. to keep this thread up to date

This is a great article from my old powerasp.com site.
Connections And Server Database Permissions

Whein I went by the numbers off of your directions, which work well up to that point, the import would time out.

At that point I tried to import directly into access...and then it hung trying to login.

okay so I've put in a clean database and created a new record for me as admin.

no, that system only works with ASP.NET code.

Currently it can not possibly work with classic asp.
PayPal made it a nightmare to use and work with.

Special things regarding the signing of digital certificates also need to be installed on the web server so if it isn't your server your also out of luck.

no, there is not not.

If you wanted to to that you would have to add some code to check their album count in the database and not allow them to make a new album if they were at the limit.