I am using ASPProtect's password program, which has been very successful, for managing over 1,500 military veterans' memberships at http://www.vspa.com.  What I am trying to do now is utilize the "Groups" code, as generated by the Admin page, to prevent members with expired accounts (and non-members) from accessing restricted "members only" .ASP pages they may have bookmarked, or found via web search. The code generated and used is as follows:

<%@ LANGUAGE="VBSCRIPT" %>
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * ADMIN * Member Current * Member Life * Officer/Staff * ) -->
<% GROUPACCESS = "10,12,14,19" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->

The above is placed over the <html><head> statements on the page.

When I am logged in the code works perfectly! When I log off and try the URL again, the page appears in its entirety but with a Login box for Username and Login Password at the top of the page. You may view the problem at: http://www.vspa.com/aspprotect/vspa-password-enter.asp .

What I would like to have happen is expired members and non-members would be sent (or Redirected) to a Login page. I do not want the Login password box to merely be inserted above the page that I am trying to keep them from visiting.

Don Poss,
VSPA Webmaster

I am trying to import a file, and I get this error:

Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/aspprotect/password_admin/upload_post.asp, line 6

If Session("Admin") <> "True"
-----------------------------^

Any suggestions on how to fix it?

Thank you.

I've got an ecommerce module that's running on it that uses access for the db.  Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.

So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?

After understanding how the count works i checked the IP in the db.  They are all set to the same IP (my web server) no matter what ip is doing the viewing.  This is probably due to my ISA2004 firewall that is posting the ip address of the web server with each log on.  So, can you help me with where the code would be to modify so the db does not get updated?  I risk the refresh problem, don't think it is an issue with me.

Thanks,

How to bring up Banner Calling Code Generators

Simply go to the zones screen.
Select a Zone from the list.
Check the "Show Banner Code" option.

Click on "Display Banners in Selected Zone"

[QUOTE=cwilliams]
something weird is going on
[/QUOTE]

Yeah that's my impression too. I've done a lot of searching before posting this problem, but haven't solved it. Maybe it has to do with the sql-server/hotel?

Though I have compared carefully what goes on (and it should all be good) it could still be the problem? I have now made it work on a local msde sql server too..

I think this addresses your question

http://support.cjwsoft.com/code/moreinfo144-1.htm

Hi Chris,

The hosting company has been doing some work apparently regarding the database connection issue. Still something is funky

When I type in www.vickerylightning.com/aspgallery/default.asp I get the custom 404 error page and I noticed that it is trying to open the following:

http://www.vickerylightning.com/skins/default/settings.asp

Is that what it is supposed to do?

Thanks!
Rhona, the rookie

Hi,

I need to be able to add about 9 checkboxes to the register.asp. would I be able to use one of the custom fields?

The other thing is once I add the checkboxes the value must be written to the DB and later read when displaying the person's Album.

Any idea on how I can do this.

Thanks

The Read-only attribute i was referring to is at the windows explorer level when looking at the folder properties under the general tab. 

ASPNET and IUSR have full access to the _database folder as you suggested - Yet still I get the permission error noted above.

That is by design, removing and deleting are two different things as far as the classifieds system goes.

A regular user can only remove an ad from the category index. (which makes the ad inactive)

An admin however can truly delete an ad from the system.

ok.. There are various spots that call the end_date variable.  That is why I am asking.  Then incorporating it into the forms that have been developed, made me wonder.

I have an asp page that includes other asp pages via an include.  for example:

snippet code: file name: collaboration.asp

 <table bgcolor="#bed1e4" border="0" cellspacing="0" cellpadding="10" marginwidth="0" marginheight="0" leftmargin="0" topmargin="0"> 
    <tr>
    <td>     
     <!--#include file="../../../filetransfer/directory_listing2.asp" -->
    <BR><BR>
     <!--#include file="../../../filetransfer/upload.asp" -->
    </td></tr>
   </table>

I can add the code below to collaboration.asp and it seems to work,but I cant seem to figure out how to protect the other files such as upload.asp at the same time. -- can you help?  - Note: as soon as I add the code below (and adjust the path) - I cant bring up the page.

This is the protection code I am using.

<!--#INCLUDE FILE="../../../../aspprotect/check_user_inc.asp"-->

Shirely

How can i get to this to register someone in the database only after the Paypal payment has been accepted.  I was testing it out to see if it makes it to my Paypal account (which it did just fine) then I closed Paypal before paying.  I logged in as the administrator and looked at the member list and the account was created anyway.  How can I stop this from being created until "only" after the Paypal payment has been "approved"?

What if this person never comes back to "try again"? Now the username he used (and is inactive) is not available for anyone else to use.  And it takes up database space.

I am using the Paypal (non-subscription)

Thanks in advance,
scottyFlasher

The Pop-Up Javascript Date Pickers will only show up of your server's regional settings are set to one of two lCID values.

1033 which is English - United States
mm/dd/yyyy date format

or

2057 which is English - United Kingdom
dd/mm/yyyy date format

Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.

This setting can however be easily overwritten when using the ASPBanner system.

or

Session.LCID = 2057

depending on what date format you are looking to use

Save the file and go edit a banner. The date pickers should be there now.

Hi -

We are trying to set up ASPProtect 7 so that the user is redirected to a specific web page based on their group membership.

For example, immediately upon successful login:

Group 1 members are directed to page A
Group 2 members are directed to page B
Group 3 members are directed to page C

Users will only ever belong to one group.

We tried to use the Redirect_URL feature but it causes the browser to loop.

Could you let us know exactly how to do this.  We are not ASP programmers and need to work from an example.

Thanks!

Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.

In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.

Redirecting example..
This page will redirect admins or level 4 users to a certain page  and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Admin") = "True" or Session("Access_Level") = "4"  Then
    Response.Redirect("sompage.asp")
Else
    Response.Redirect("someotherpage.asp")
End If
%>

Redirecting example..
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Access_Level") = "1"  Then
    Response.Redirect("level1.asp")
ElseIf Session("Access_Level") = "2" Then
    Response.Redirect("level2.asp")
Else
    Response.Redirect("allothers.asp")
End If
%>

Redirecting example..
This page will redirect user "PistolPete" to a certain page.

 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Username") = "PistolPete" Then
    Response.Redirect("somedirectory/somepage.asp")
End If
%>

 
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
 
<%
If Session("Username") <> "PistolPete" Then
    Response.Write("You do not have access to this page.")
    Response.End
End If
%>

etc etc etc.... these code snippets should point you in the right direction...

humm, I dont know then..

If you want PM me your site info and I will go in and troubleshoot.

Frontpage or frontpage access, either way

and also the site URL

The way the application ships there are no password confirmation areas anywhere ? Please be more specific as to what you have done and if any mods are involved ?

If you are talking about one of the MODS please realize they are not supported. http://support.cjwsoft.com/code/moreinfo459-1.htm

Even though they are not supported I look them over pretty closely and I know of no issue like you mentioned so I would suggest re-downloading the MOD. Perhaps you got a corrupt download or file.

It appears there is an auto logout after inactivity for a period of time.  How does one change the default time allowed for inactivity?

thx

ok, I moved this thread..

The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.

The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)

That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing. 

Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.

Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"

change

Password = CmdDataExport("Password")

to

Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)

Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.

If you run asplistings auto in its own folder with its own application in IIS. Connected to its own database.

And you run your other version of ASPListiings in its own folder with its own application in IIS. Connected to its own database.

You will have zero major changes to make to anything... other than what you did above..

But remember theyare the same app and share a lot of thing including sessions and application variables.. that is why if they are installed in the same domain each one needs its own application set in the IIS console so they run seperately of one another.

Hello,

Sorry
No, there is not.

not the way the code ships.. The program keeps tracks of everything by the way it ranames files. The system has been tested to work well with as many as 10,000 images files. Any more than that and you need something a little more serious meant for that amount of images.

You could certainly modify it do work that way if you are good with source code. There are actually as many drawbacks as doing doing it that way as there are advantages.
Take Care

BTW.. I dont know what is going on But I keep getting all these returned emails. My forum is sending you emails and they are coming back as undeliverable saying your storage space is exceeded on your server.

I am also getting the "Unspecified Error" message.  I just transferred my site to IIS 5.0 and I get that error now.  However it does not happen everytime.  I can click on a page and it opens fine and then I hit refresh in the browser and I get the "Unspecified Error" message.  What could be causing this?

My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work.   I've tried many different options - here are two that are the closest - but have issues:

1. If I use the settings:

email component: aspemail

Mail remote server: my internal server name

*no smtp authentication

email mail notification - my email address on my internal server

***I get the following results:

       I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.

2. If i try to change the setting to use the Hosting Website email server - I get the following results:  I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.

**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.

[/QUOTE]

The relay error is because when you send emails outside your email domain smtp authentication is required.

I suggest trying to use CDOSYS with the smtp authentication option. CDOSYS is on all servers by default and is really the way to go. Use a real email account and password to send the emails through the server.  Be sure to check smtp authentication for cdosys and to specify all that info for your email account and password in the settings screen.

If you want to know about CDOSYS read my article.
http://www.powerasp.com/content/new/sending_email_cdosys.asp

Our login works great, variables even help determine menu options.  When user logs on, however, it opens in a new page.  Is there a setting somewhere that sets whether you can open in a new or existing page?

Also, when you log off

Triple check the upgrade instructions because I think you missed something important.

line 227 on "/password_admin/save.asp" refers to the "Password" field

the error your getting most likely means it is not there..

Pay close attention to the areas in the upgrade instructions regarding renaming your existing "Password" field to "Old_Password"

Then making a new "Password" field and carefully following the instructions needed to convert your old passwords for use with the new system.

If you don't everything carefully and perfectly this is the sort of error you will get.

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

I'm getting errors when clicking the Update Config Button in the System Info page and when clicking the log files button.

I'm not sure if it's a permission thing or not.  ASPNET and IUSR both have modify access to the _database folder and childs, yet I'm still getting the error:

Access to the path "D:\Inetpub\wwwroot\aspprotectnet\_database\xsd\aspprotectne t_config.xml" is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "D:\Inetpub\wwwroot\_database\xsd\aspprotectnet_config.xml" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Any ideas?

Thanks

I have connected to countless DB's using my own applications written in dreamweaver and have tested them on my own server and also my web facing one.  BUT this seems to be different.  no matter what I try I still get this error.

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x440 Thread 0x6b0 DBC 0x1f995bc Jet'.

On both a windows 2000 server and also a windows 2003 server. Also using both DSN and DSN less connection and oledb.

Any help would be greatly apprectiated.

Thanks