This first one may be an obvious one, but is it only .asp files that I can protect as in no HTML files.

Can the program be set to protect my whole https directory contents (though the answer to the last question may have bearing here - there are html files as well as .asp in there) as in http://secure.mydomain.com

Thanks in advance

at this point I would say install a fresh untouched copy in the web in a different directory and lets see if it acts weird from scratch.. the we can go from there.. I dont know what is going on

Chris,

When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.

All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.

I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP.  I hope I expained the situation well enough.

Access to some sections of the forums must be requested.
Please Click on the following link and read all of it carefully.

http://support.cjwsoft.com/

Now, we can connect to the MySQL database with ASPBanner using the following connection string if we like.

"driver={MySQL ODBC 3.51 Driver};server=localhost;port=3306;uid=root;pwd=temp;databas e=aspbanner;option=16386"

But we really do not want to connect to the aspbanner MySQL database using the "root" account

So, lets make an account to use..

In MySQL Administrator select "User Administration"

Down below you will see the user "root"

Right click on "root" and select "Add new user"



Type in a New MySQL Username and Password

I am going to call my new user "aspbanneruser"

Hit the Schema Privileges" tab



In this case since I am using the root account to manage my MySQL system I am just going to give this new user account what it needs to use the aspbanner database.. you may want to apply more permissions to the new account, that is up to you.. I am giving the new user (select, insert, update, delete, execute) So I right click on the aspbanner and then bring over the permissions I need for it.. and hit apply changes down in the bottom right.

We can now connect to the aspbanner MySQL database using this new account like so.

"driver={MySQL ODBC 3.51 Driver};server=localhost;port=3306;uid=aspbanneruser;pwd=tem p;databas e=aspbanner;option=16386"

------------------------------------------------------------ -----
article still in the process of being written (3/14/06)

Hello,

Unfortuantely I can not help you much regarding the javascript because I am a server side code kinda guy. Client side javascript just isn't my thing. That was free javascript code that I used for that function. I really do not know enough about editing client javascript. Sounds like you might though.

Style 1 is really a relic left over from the standard version. I just left it in in case someone wanted to use it. Like I said because it is javascript making it do more than it does is tricky (at least for me)

Now,, for actually getting description code. The thing to do is check out how that all works in the pic_window.asp file which is what style 2 two uses. Bascially descriptions for an particular album get stored in one text file. We read that test file. Put the lines into an array. Then display the info which gets run through a functions to convert some special characters used when saving back to normal.

I tried to look at your site but it woulnt load for some reason.

I have been able to successfully edit some text colors, but there seems to be one page that wont change the text color. Inside the users/ folder, the login.asp page, i cant seem to change the text color from ffffff to 000000 so it can be read on my background color. Every page in the script is correct but this one.

Thanks.

Hi,

I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.

I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?

Thanks

S

BTW.. I dont know what is going on But I keep getting all these returned emails. My forum is sending you emails and they are coming back as undeliverable saying your storage space is exceeded on your server.

When using this code:

<!------- ASPBanner Ad code ------------->
<script language="JavaScript"> var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.poconocommuter.com/aspbanner/injectbanner.asp?Ban nerZone=6&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script& gt;
<!--------- End ASPBanner Ad code --------------->

I receive an error that jscode is undefined. The banner will not display.

Any ideas how to fix this?

Hi,

I don't see any good reason to rename any of those files.

Changing them though may involve changes to the code recompiling, etc etc... it is not something I support.

question 2 is answered best here

http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal

I should also mention that the paypal scenarios used in ASPProtect can not be tested using PayPal's sandbox. Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts)

then you can log into the other and refund the transctions and of course it makes sense to use low amount like 1 cent and what not.

Also, I'd love to see what you came up with with the integration. I have been working on it here as well and took it in a different direction as I plan to sell directions for it as an add-on for aspprotect. I have it all working here but so far I dont see an easy way to let other people do it as I had to change things in both systems in a lot of places. Utimately if done under a SQL environment triggers should be used at the database level and that is another consideration.

Chris,

Yesterday when I would access the get_me_in page with the password key, I was then taken to the default login page.  It did not give me the option to create a user. 

Today, when I entered the password key into the get_me_in page, I was taken right to the create user page.  So, yes the problem has been resolved.  I have no idea why though.

Well, I assumed I'd be able to tweak this thing but it is all so intertwined it doesn't pay to mess with any of the files. Hence, I'm going to have buy a different system only a week or two after buying the unlimited version here.

As I leave I want to give you some impressions here. While the system is low-cost, the 99 dollar version is missing a few pieces that I think would bring the value to 99. It is one thing to talk about the speed/performance, but to a degree that's hard to measure, and to anyone with web advertising on their site, performance will always run second to potential site income.

It definitely needs a user interface and registration for advertisers, and it definitely needs a single variables file for changing the hundreds of variables for which there is no control. I had to search on my own just to change the look and feel.

Lack of multi-zone support is a serious drawback. I would submit that anyone with a serious website needs it, and will gladly pay you 139 over 99 for just that one feature.

Take them or leave them, they are just suggestions.

SQL Server Datareader Datawriter Permissions..

here is a screenshot that shows how to set datareader and datawriter permissions on a database using "SQL Enterprise Manager"

In this example we are making sure the aspbanneruser has those permissions on the aspbanner database in the SQL Server

Parent Paths ?

http://support.cjwsoft.com/forum/forum_posts.asp?TID=5&P N=1

Things have now changed I found out godaddy has persitis aspUPload and aspjpeg as value added products, I have the aspjpeg working but have been unable to upload when using aspUPload, everything works fine with the vbscript method so I think my permissions are correct. Whenever you get a chance, any help would be appreciated.

Thanks

Mark

I just installed ASPProtect on my site. The instructions were definately on the target. Very very good instructions.

But... Isn't there always a but ???

I needed to setup my site with MS SQL and it is hosted so I don't have Enterprise Manager. I tried the web based Enterprise Manager and any other one I could find. But, I kept getting errors when trying to use the SQL Script.

I finally had to go back to my work where we do have the licenses and get an SQL Admin to use Enterprise Manager to run the script and it worked finally.

I don't know if this is a common problem ??? But, maybe you would want to look at the SQL Server script or make a different version that would work with the Web Based SQL manager.

Thanks

User Registration

The "users" folder allows users to sign themselves up and edit there accounts as well as retrieve lost passwords..

In the settings tab of the ASPProtect admin area there are options for which fields are used and which are mandatory when a user signs up. The only validation the system performs by default is checking for mandatory status. If you want to add more validation so reduce the chances of input errors that is up to you.

You can add additional server side validation by doing server side checks on the save pages... you can also make the field sizes larger in the database if you think you need to. You'll need to be good with ASP to do this.

Always backup your files before making changes to them so that you can revert back to a working copy if you mess something up.

I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out

Look in the "check_user_inc.asp" file..

You'll see the name of the cookie there and also get an idea how to access it.

In most versions it looks like this.

Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME")

You'll want the cookie for the username because the session variable will not exist unless they have actually gone to a protected page during that session at the site.

It would probably be best the check for both the session and the cookie. That will make sure people logged in that arent using the cookie option still see the message you want to display.

Sorta like this..

GetUsername = ""
If Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME") <> "" Then
GetUsername = Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME")
Else If Session("Username") <> "" Then
GetUsername = Session("Username")
End If

Response.Write GetUsername

Your actually confusing me with the whole "joe bloe" thing and user access. I just do not get what you are trying to tell me. Perhaps you can explain in a less confusing way. Your just not technically explaining it andand thats what I need to know to possibly help.

As for the subweb thing you just can not do that. Subwebs have their own sets of application and session variables. An ASPProtect installation and any pages you protect with it are required to be in the same "application" in IIS. Sicne subwebs have their own "applications" in IIS that won't work. It is the nature of "forms based authentication" A sub web is alo considered by our licensing to be a seperate web site and ASPProtect is licensed per web site.

As for breaking pages.. you really shouldnt be editing any pages in the admin area as you will break them unles you are very good with ASP. (does not sound like you are..no offense meant at all)

Pages in the "users" folder are less complex and it is usually ok to edit them carefully.
http://www.powerasp.com/content/hintstips/common_sense.asp

Pages of your own that you password protect can still be edited in your usualy way though without effecting anything.

Truth is if you back things up before you start editing how can you go wrong ? That's how you learn.

if you use either of those options the mail server info you use must of course be valid (example: mail.somesite.com) your host can provide that info

you should also make sure your sending the emails using an account at your email server.. not some other email you have


other than that if it does not send emails it could be because your hosting company may require authentication for outgoing emails...

ask them ...

if that is the case the version of ASPBanner you have does not support sending email that way and you would need to add the necessary code to any places that send email... in order for emailing to work

Sorry, not really.. not without a lot of changes to the code.
the recent activity info recycles.. it is not meant to be day by day

My suggestion there would be to look at both the log files and the user activty screens...

ya,

any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links

example (for anyone that comes across this thread)

http://www.examplesite.com/somepage.asp

is going to have a different set of application and session variables then

http://examplesite.com/somepage.asp

even though they are basically the same page

Hi Chris,

I have a small problem, I have installed asp photo gallery pro on a hosted site, and after eventually getting them to modify permissions on directories it is essentially working, except that it won't delete pictures from an album. If I delete an album the pictures are left in the pictures directory, but the album is no longer displayed. If I then make a new album it is labelled incrementally... ie I had one album "album_ID_1", deleted it created a new album it is labelled "album_ID_2". I would have thought that the new album would be called "album_ID_1" ie taking the place of the deleted one. It seems to me that the delete album function isn't fully working either. My hosting comppany swears that the permissions on the pictures directory are set to full access for everybody. What have I done wrong?

Thank you

Nigel

This is what "John Evans" of CJWSoft has to say on the matter...

"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.

I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.

Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig. 

Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."