Let me put it this way.

My home page (default.asp) is an unprotected page.

When a user that has signed in on another (protected pages) and has the remember me checkbox checked closes the browser cookies should be set for the next time they return.

When the user opens their browser and returns  to my home page (default.asp), I'd like to put a message saying:
Welcome back <%Session ("Username")%>

How is this done?

... in addition it is a virtual include not a file.  I just tried to use file instead of virtual and then the ../ includes worked on the asp pages.

This is strange because they used to work like that on the 2000 server I had these sites running on.

I think this addresses your question

http://support.cjwsoft.com/code/moreinfo144-1.htm

I do not have any programming knowledge and have what might be a simple question.

I am having a hard time getting my hosting company to modify the rights on the data folder. They state they support ASP and access databases however this is the response I got when I requested the modify permissions set for the internet guest account:

Were the rights changed on the data folder?  No, we do not manage rights to folders.

My question to you is: Doesn't supporting asp require those permissions be set on the database folder or can asp (not just aspprotect) work without those rights modified?

Thanks

I'm all set - after thinking about your replies - i checked a bit more and changed the email component type -- thanks again for all your help.

I am testing this now and there is something wrong.

PayPal is hitting the ipn.asp but the database is not being updated.

I will figure it out shortly though and post the anwer here.

I really do not know for sure, but I imagine there are customers using their windows hosting. Usually I do not know what hosting company a customer uses and I am usualy the only one that responds to forum questions.

Why not download the current Free lite version and try it out ?

CJW

Permissions and Folder Locations

By default and to keep things clean we store everything in folder called "data"

That folder then has it in 4 sub folders

database (where the .mdb and temporary .ldb files are handled)
export (where the aspprotect export files are saved)
logfiles (where the aspprotect logfiles are saved)
user_pics (where the user pictures are saved)

Doing it this way makes it very easy for a system administrator to right click on one folder and set permissions for that folder and all of it's child folders.

Now, that being said.. you do not have to use these folders.

For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.

You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.

We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs.

If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.

Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.

<center>
  <table border="0" width="400" height="200" bgcolor="#000000">
    <tr>
      <td bgcolor="#F4F4F4">
        <form method="POST" action="memberarea.asp">
          <input type="hidden" name="Status" value="Checkem">
          <p align="center"><font face="Arial">ASPProtect Login</font></p>
          <div align="center">
             <center>
             <table border="0" bgcolor="#C0C0C0">
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
                 <td><input type="text" name="Username" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
                 <td><input type="Password" name="Password" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
                   me signed in on this computer unless I log off.</font></td>
               </tr>
             </table>
             </center>
          </div>
          <div align="center">
             <center>
             <p>&nbsp;<input type="submit" value="Login"></p>
             </center>
          </div>
       
        </form>
      </td>
    </tr>
  </table>
  </center>

Just installed software,  when I attempt to log on I get the following error (actually this is after I moved some of the include files to user).

Active Server Pages error 'ASP 0131'

Disallowed Parent Path

/gallery_admin/default.asp, line 25

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

What do I need to do to fix?

thanks.

you summed it up perfectly... everything you said really

As for the banner software custimizations.. you could just make another folder with a modified admin area (little tweaks here and there so the person logged in only controls their own banners) You'd probably want to add an approval process so nothing they did went live unless you really really trust them. That wouldn't be that hard either.

I always planned to do it someday but I just never have time.

When that link is clicked on it will then track the click and redirect the user to the “link url” specified for that banner. 

The system actually generates the necessary ASPBanner URL for you. That link is shown on the banner edit screen.(you must save the banner at least once and come back to that screen to see the link though) 

Really the best way to show it is with an example as seen below.

Basically the flash banner file "powerasp.swf" highlighted in green needs to be edited to link to the banner redirect url which is highlighted in red.... the banner redirect url will then track the click and ultimately send the user to the Link_URL highligthed in blue.

All banners systems work this way when it comes to flash files.
It’s the nature of flash and the web browser, 

The flash source code must be edited to link to the redirect url in the ASPBanner system. There is no possible way any banner system can track a flash click unless the flash file links to the banner system 1st.... because that click is handled by Flash and the web browser. 

In some cases if you do have the original source file for the flash banner then you are out of luck as far as tracking clicks goes.



On a side note... if you create flash banners the way this article says you can actually feed a .swf flash file a link for it to click to. Instead of it being hardcoded.

http://www.macromedia.com/resources/richmedia/tracking/desig ners_guide/index.html

This is really the way everyone should design their flash banners from now on because the url it links to can be easily changed at any time without editing the flash file source code. 

thx for posting this..


Just a few notes... more than 100 pictures specified in the config file is not supported. You are of course on your own if you specify more than 100

Also, technically the post above should say more than 102 pictures... "I think" as you wont need more html cell code until then..

The loop in the code is probably how I should have done it in the 1st place but I was in a hurry to get this finished and I also never expected/wanted anyone to specify more than 100 pics per album.

Lastly.. depending on what style you are using in the config file the code above may not work as some of the styles do not use cells but line breaks instead..   At least from what I remember.

where is your site ? I'll taka a look

Now that I really think about it.. instead of logging that info to a text file and worrying about folder permissions you could probably just save the post info into an application variable during the paypal ipn.asp post like so

For Each Item In Request.Form
formdata = formdata & vbCrLf & Item & "=" & Request.Form(Item) & vbCrLf
Next

Application("PayPalPost") = formdata & " - " & NOW


then anytime you wanted to see if that info was there or when it happened you could make a simple asp page in your site to display the results like so

<%
Response.Write "(" & Application("PayPalPost") & ")"
%>

Hi

I would like to ensure the the user uses a UK style postcode not a clue how to ensure this as I am new to asp. Any ideas?

regards

John

There is nothing built in to the system but it is very doable.
However, you need to be a decent asp coder because your going to have to write some code.

Basically you would want to do a check on the screen where a user uploads to count how many pictures they have uploaded.

Then act accordinly and either let them or dont let them proceed.

On a side note the overall filesize limit of the total of all pictures a user can upload can be set when you edit a user.

Is there a way to protect other virtual sites on the server that are not under the default web site considering people may have different websites running off one server?  I get the following error:

Parser Error Message: Cannot use a leading .. to exit above the top directory.

Source Error:

Line 1: <%@ Register TagPrefix="aspprotect" TagName="checkaccess" Src="../../protectpage.ascx" %> Line 2: <aspprotect:checkaccess level="4" groups="null" runat="server"></aspprotect:checkaccess> Line 3:

Thanks!

Hi,

No, only ".asp" files can be protected.  It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.

To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.

Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.

Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.

In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc

If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.

For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.

Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://

I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.

That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.

see this article...

80040211
http://www.aspfaq.com/show.asp?id=2026

Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.

If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc

The only reason no one else asked this many questions is possibly because they didnt NEED the functions i am TRYING to do.

We offer tech support for installation of the base application purchased in it's native form.  In other words were not planning on spending weeks holding your hand and teaching you how to build your application or modify the one you bought. Not because anyone wants to make it hard on you but because there is a practically infinite number of things someone could be trying to do and the only way to give you the exact answer would pretty much involve either writing it for you or having a look at your code to see what the heck your doing. Sorry but my time isn’t cheap nor do I have a lot to spare. I already gave you my approach on what to do and what you should be looking at but obviously you’re not catching on. SO ONCE AGAIN, PLEASE LOOK AT THE SOURCE CODE AND DECIDE HOW YOU WANT TO HANDLE YOUR END OF THINGS BASED ON HOW THE APP DOES ITS THING. I really don’t know how I can be more clear that that. I don’t have a crystal ball that can tell me where you’re going with your own code, what the final requirements are... what field you want to add or remove for the database etc. There is a demo up that everyone can look at and play with so they can get a feel for how the things behave and look. It’s not my fault your naivety led you to believe you could do anything with it in ten seconds. I mean if I just add some wings to my car maybe it will fly, and if you just add a shopping cart and a few products maybe you can start your own Amazon.com with that software right? Sounds good to me…

It would take me longer to re-write YOUR code than it would to have LEARNED ASP.NET and made MY OWN.

Well thats one thing we both agree on, I bet it would take you a long time to rewrite the code when you dont know how to write it in the first place. By you own admission you dont know enough about what your doing to be messing with a .NET app at this point. Maybe you should take your own advice and LEARN SOMETHING ABOUT IT. What’s even worse is that application isnt even complicated, its 101 stuff honestly. One class, thats it! Your not looking at thousands and thousands of them that you will have to read and comprehend. If you can actually “read” the code we kept it lean and mean and to the point. Nothing strange or random, no references to a zillion things all sprinkled here and there. Its reads like a book if you know the language. That’s why developers buy these apps all the time. Not because they couldn’t write one themselves, but because they know their time is valuable as well and for $150 which is less than most get paid an hour they couldn’t be bothered. Furthermore we both spend a lot of time making sure these apps are "dumbed down" so that the average programmer without a lot of object oriented background can pick up the coding style tweak it if they need to. Some people do modify things to suite their needs and others are happy with our apps "as is".

Just to recap we already wasted two days yappin about your jacked up servers and after you went through THREE of them and finally got one working you said the code was working. Red lights started flashing in my office by the time you got to the second screwed up machine, but hey weird things happen so at that point I wasn’t 100% concerned. Technically we could have and possible should have cut you off there as the policy in place is pretty clear about us not being your tech support crew when it comes to getting your machine working properly (especially one we cant even look at). Go check those posts again both Chris and I were answering your questions and being as helpful as anyone could possibly expect.

Several more days have been spent answering questions about how to modify your application and again that’s not our responsibility and we don’t support modified versions of the software for all the reasons that should be obvious. No software company does and if I have to explain why that is well this conversation is beyond hope.

Bottom line is the responsibility to support that application ends the moment you get it running the way it was shipped. Were pretty damn decent about going above and beyond and a lot of the time we go into things we shouldn’t have to. If you have well thought out and specific questions by all means ask, this isn’t some sort of thanks for your money now get lost operation. CJWSoft has been around since the beginning of Microsoft’s entrance into the web application market. We have thousands and thousands of happy customers because we are developers and enjoy working with other developers along the way.

You’re not the first N0oB to show up, but you’re the first one I can think of that ever tried to tell us we didn’t write the apps we sell and essentially wanted to argue that we don’t know what were talking about. Meanwhile you should have been done with your thing days and days and days ago, not in here yapping off and showing your ignorance to the other developers that regularly browse these forums. You trying to tell me how CafePress works is a joke, I happened to have been part of the team that worked on the first few revisions of that site and again you really didn’t even understand what I was getting at in that last post. LINK TO LOGIN PAGE not link to every protected page on the site.

If you think I am pissed off at you, your wrong. I'm just irritated with the whining about this and that and rather than admit your over your head you come back with half baked remarks that only make sense to you. If you think you can google a few terms and come back here talking smack like you’re actually someone that knows what you’re talking about your just making a fool of yourself. You sound like a guy from China trying to tell me how to speak English... My advice is get a few books and start learning or try actually reading up and listening to the other bazillion knowledgeable developers out there that do a great job posting articles about the subject. You might just learn something and actually get your project finished before 2010 and when you do please come back and re-read your posts with "enlightened eyes" so you can see what a goofball you are for saying half of the things you have said. I am not in the mood to keep helping you get your project done step by step. I have huge projects of my own going on and if I thought you could actually provide a descent project specification I might offer to make the changes for you at a serious discount so you could go away and everyone would be happy. Problem is I dont get the feeling you could explain your way out of a paper bag let alone provide a group of programmer the techinal specs for your project.

Your best bet is to post a link to the start of this thread at www.AngryCoder.com I'm sure a  few of  people over there would be more than willing to give you a ton of usefull advice

Google 4GuysFromRolla… a great resource site with example, just dont come back here  telling me those guys/ladies posted things that dont work either.

Chris has written hundreds of articles on PowerASP, a great place to start looking as well… www.powerasp.com I've been spitting out code for longer than I can remeber and I still look thing up on this site because its LOADED with great info. That happens to be one of the very first ASP sites that went up on the net so lets just say he knows a bit or two about the subject.

I'm sure your frusturated but your pushing your luck seriously. 38 posts about this subject in a week and your over there hacking away on your virus infested WaReZ machine which isnt exactally the ideal development rig. I mean we provide the code and your supposed to provide at the least a very basic knowlege of what your doing and a production grade platform to test it out on. To me thats like buying a car and then asking how to drive it... then bugging the dealer to teach you and when you smash the thing complaining because no one told you that your not supposed to drive into a wall. I have the same policy as the dealer, show me something wrong with the car from the factory and we will fix it for you NO QUESTIONS at all with our appoligies, but really once you take it off the lot what you do with it is your deal and its not our responsability in the least.

The login page sends the user to redirect.asp (which is as follows)

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If InStr(Session("Groups"),"*1*") Then
    Response.Redirect("gp01.asp")
End If
%>

<%
If InStr(Session("Groups"),"*2*") Then
    Response.Redirect("gp02.asp")
End If
%>

I am not being redirected to gp02.asp if I am a member of group2.  Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)

Thanks in advance.

Hi,

We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.

OK, thanks.

Nick

it is by design actually and something that can be improved
(I just never thought of it when I 1st designed the system and it is actually planned to be added in Version 8)

The trick would be to reset those session variables anytime someone edits and saves their information... not very hard at all

you would do it on the save code page for when a user edits themself.
you want to grab the info posted from the form and  reset each session variable at the same time everything is re-saved to the database

example

Session("Company_Name") = Request("Company_Name")

It's custimization work. and just not something I can support.
Basically it is basic ASP/Database work.

Something you kind of need to figure out on your own. It's not difficult work for a good asp coder but there is no easy way and it is time comsuming.

I wouldn't use the custom fields though. I would make your own.
It's simpler that way.