ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.


Before you even start please read this thread and do what it says.
If any errors show up it is important you see the real error instead of a useless HTTP 500 internal server error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1

Once doing that make sure to use Internet Explorer as you follow along with these directions.

Now, unzip your installation zip file that you downloaded from CJWSoft.
Use a program like winzip and be sure you have it set up to unzip the directories as well. You can also use windows xp's built in folder compression tools to unzip the archive.

When you unzip the application you should have all of the following folders and files. (more or less, it depends on the version)

Now, you can copy all of these files into the root of your website or if you like you can make a folder called "aspprotect" and put all of these folders and files in that folder. Either way it really does not matter.

Now, contact your web hosting company and instruct them that you need permissions set on the data folder that you copied into your website. This folder and all of its child folders need modify permissions set on it for the anonymous webserver account. It is very important that they set the permissions correctly and on all the child folders as well.

Here are some threads on exactly how these permissions are set.
If you run your own server or are developing locally you can do this yourself. If not most likely you need to put in a request to your hosting company as you CAN NOT set these permissions via Frontpage or FTP.

Windows 2003 Server and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=136& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Windows XP Pro and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=56& PN=1

Once permissions are set.. run this page via your web browser

http://www.mysite.com/data/setup_info.asp

Replacing the part in blue with your website info.

When this page is run it will report back a screen like so:



Now, take the connection string info it shows you.
Edit the "dataconn_inc.asp" file in the root of the ASPProtect system and use that data connection information. It should be valid for the server.

If you are using MSSQL server instead of Access please see the SQL database creation directions as you will need to create the MSSQL database and use a special connection string for that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=160& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Now, take the CookieEncryptionKey and PasswordEncryptionKey info that it gives you and enter it into the "config_inc.asp" file in the root of the ASPProtect system. These will be the unique keys that your encryption will be based off of.

Ok...

The files have been copied to your website, the permissions are set on the data folder, and the database connection is ready.

Now.. run this page

http://www.mysite.com/password_admin/get_me_in.asp

Replacing the part in blue with your website info.

This is a special page we use to get into the system for the 1st time.

If you get a nasty error when you run that page similar to this.

Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

Then parent paths are disabled on the webserver and you need to do an extra step to deal with that. Follow this link.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=162& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1&TPN=1

If you get any other variery of "80004005" error then there is a problem with your data connection.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1

Those errors are usualy related to database folder permissions or an imcorrect physical path to the database file specified though they can mean a lot of things.


Once you get the page running you will see a login prompt and one form field

You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.

If all goes well you will see the admin area of ASPProtect.

Now that you are in the system you need to create an admin account.

Click on "ADD NEW USER".. fill out the info and add a user.
You really only need to fill out (first name,last name,email,username,and password)

Now save that user.

You should see a new user listed in the admin area. Click on Edit user to the left of the new account. On the edit screen check the "admin" checkbox and save the user.

You just created an Admin account.

Now click on the "log off" button on the top menu and click yes to log off.

Now close the browser. Then run this URL

http://www.mysite.com/password_admin/default.asp

Replacing the part in blue with your website info.

You should now be able to in to the admin area of the system using the new admin account you created.

You are now ready to go to the settings page so click on the settings tab in the menu. There are a lot of options and paths that need to be set on this page. Every setting is described in detail on this page. You need to go through the page and set things up properly. Anytime the page asks for a path to a url or file the page will auto generate what should be the path to use. (expected path) If your server has parent paths disabled a few of those auto generated paths will not show up. If that is the case run this url from your server and it should tell you the paths to use for those settings.

http://www.mysite.com/data/expected_paths.asp

Replacing the part in blue with your website info.

Once your all done and the system seems to be running fine you should go back and delete the following pages as they are no longer needed and pose a potential security risk.

http://www.mysite.com/data/setup_info.asp
http://www.mysite.com/data/expected_paths.asp
http://www.mysite.com/password_admin/get_me_in.asp

You should back up the original zip archive you got from CJWSoft in case you ever need those files again.

VERY IMPORTANT: The user passwords from now on will be encrypted using the "PasswordEncryptionKey" you specified in the "config_inc.asp" file.

If you ever change that key all of your passwords will be invalid and you can not get them back unless you know the key and put it back, so plan on never changing that key unless you really know what your doing and know how to decrypt/re-encrypt the passwords using a new key. (something we do not cover at the moment but probably will when we have time to make a tutorial) 

Have SQL 2000 backend...
We just moved from Windows 2000 to Windows 2003, used import data routine in SQL to move data.

Logged into admin area. When adding new user, no record is created. However, editing record works just fine.

Any ideas would be appreciated.

Hello,

Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.

If you design the site to be intelligent that scenario should never happen.

For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.

It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.

Here are some simple examples.

Here is an example using access levels.

<%
If Session("Access_Level") = "1"  Then
' show links to pages that allow access level 1
End If
%>

And one for groups..

<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>

Okay, thanks, I'm going to change the method tonight and see if it makes a difference

I'll report back

Dave

It seems that if a user attempts to access a page that is not in their access level or they do not have the group permission they are redirected to the login page.  Re entering their ID generates an eror and they cannot go back to the pages they are alowed to access.  Is there a way for them to simply be blocked and return to the previous page or to a defined page so they can continue using the site?

thankyou 

Hi,

Ok, well... you have a lot of stuff going on there.

More importantly than that.. you cant even log into the admin area using the admin account. There is something majorly wrong with the installation.

I also notice you havent even saved any path settings in the settings page of the admin area. I am looking that over now and filling in the missing info. That information needs to be populated.

here is a thread that may help you if this is what you were getting at

http://support.cjwsoft.com/code/moreinfo389-1.htm

Regarding installation in a subfolder

Though this should be common sense and ASP.NET 101 "so to speak" One thing not mentioned in the docs..


If you do not install ASPProtect.NET in the true root of a web there a key in the web config you must adjust.

it looks like this

<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

The way it comes it is valid for a root installation..

lets say you installed the application in folder called.
"aspprotectnet"

the key would change to this

<forms name=".aspprotect~net" loginUrl="/aspprotectnet/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

--------------------------------------------
(( TRY THIS AT YOUR OWN RISK !!))
--------------------------------------------

2004-08-19_122127_ASPBanner_V7.3_code_banner_encode_decode_m od.zip

This is an Expirmental MOD for ASPBanner Version 7.3 Only
Do not use it on other versions....

It encodes CODE Banner information before saving it into the application variables that handle banner rotation. It then decodes that information before displaying them on your web pages.

The reason for this is SOME very complex javascript does not always save correctly into the application variables that rotate banners (even when not using the JavaScript Method to display the banners)

This way the javascript or whatever you entered comes out on your web page exactly as you entered it and runs correctly.. but there is little more processing going on to handle the encoding and decoding. But its probably nothing to worry about and won't effect performance at all.

Unless your having a problem don't use this mod. It is not officially supported in any way.

-- DIRECTIONS --

( COPY THESE FILES INTO YOUR ASPBANNER DIRECTORY AND BACK UP ALL THE FILES THAT YOU WILL BE REPLACING ))
(( SO YOU CAN REVERT BACK IF THERE IS TROUBLE ))

If you are wondering if the "appinfo_inc.asp" included has the weight banner bug fix applied to it already. That is a bug mentioned in our forums

ALSO:

(( YOU CAN NOT USE THE INCLUDE METHODS OF CALLING BANNERS WITH THIS CODE ))

(( YOU CAN NOT USE THE JAVASCRIPT METHOD OF CALLING BANNERS WITH THIS CODE ))

(( USE ONE OF THE OTHER METHODS ))

I wonder if this could this be a FrontPage problem. I deleted the skins folder and re-ftp'd the original one that only contains default and Solid Black. I logged in and tried to change it back to default but it won't. I'm going to try making this folder a Frontpage subweb to see if that makes a difference.

Al

I wonder what that ENDSQLMail send failure is all about ?
I dont use anything regarding SQLMAIL in the ASPProtect code.

I think I might need to go in so I can debug a bit. Everything seems to work fine with a SQL installation here so I just don't know at the moment.

If that is ok with you I would need ftp access or something so I can trry a few things and hopefully figure it out. Admin access to the aspprotect admin area as well so I can see what you have set up in there.

PM me with that info if you want me to take a look.

The way the application ships there are no password confirmation areas anywhere ? Please be more specific as to what you have done and if any mods are involved ?

If you are talking about one of the MODS please realize they are not supported. http://support.cjwsoft.com/code/moreinfo459-1.htm

Even though they are not supported I look them over pretty closely and I know of no issue like you mentioned so I would suggest re-downloading the MOD. Perhaps you got a corrupt download or file.

That was wrong of me but not what I meant. It seems as soon as I purchase something like this it doesn't work right and it can't be altered to work with what I have. The support ends up sucking or being none. Listen I’ve gone thru you're product and it's wonderful and does exactly what you say it does so that's a relief. Sorry about my ignorance with .NET but I’m from an ASP world and it's a lot different. You can see what I’m trying to protect here http://www.hotmixxent.com:8087/default.aspx. The final site after testing will be http://mxais.sfmx.org/default.aspx. Again thanks for the support on Christmas Sunday, that’s defiantly beyond the call and I appreciate it a lot.

Version 8.1 can work with MySQL
http://www.aspbanner.com/aspbanunlimited_v8.asp
It is just not supported at all.

The standard version can not work with MySQL.
There were a lot of changes to make the new version work with it and I really only did ift because I have a couple friends with busy sites that could only use MySQL.

It sounds like your site is way too busy for using an access database as you mentioned.

This is amazing. You replied to question within minutes. Thanks for showing such a professionalism.

ya, that firewall could mess that up.

just edit which ever style include you are using
(with a text editor)

it will be one of these depending on your settings.. and they are located in the "scripts" directory

view_album_style1_inc.asp
view_album_style2_inc.asp
view_album_style3_inc.asp

find this section of code and remove the part in red


If Last_Counter_IP <> Request.ServerVariables("REMOTE_ADDR") Then
 
 Set CmdUpdateCounter = Server.CreateObject("ADODB.Recordset")
 cmdTemp.CommandText = "SELECT " & tbl_label_albums & ".* FROM " & tbl_label_albums & " WHERE (Album_ID = " & Album_ID & ")"
 cmdTemp.CommandType = 1
 Set cmdTemp.ActiveConnection = ConnGallery
 CmdUpdateCounter.Open cmdTemp, , 1, 3
 
 CmdUpdateCounter.Fields("Album_Counter") = (Album_Counter + 1)
 CmdUpdateCounter.Fields("Last_Counter_IP") = Request.ServerVariables("REMOTE_ADDR")
 
 CmdUpdateCounter.Update
 CmdUpdateCounter.Close
 
 Album_Counter = Album_Counter + 1
 
End If

Please be aware folks..

This file is not provided by CJWSoft. Though this may work very well use of it is not supported in any way. We have not tested it.

This user is not using the option pack so this file will not be compatible with anyone using that because it does not have support for groups and some of the other new features.

Regardless..we appretiate users sharing ideas and solutions that they have come up with.

Good Morning - I am receiving an Http 500 internal server error when I go to add a new user via the register.asp page.   the url when the error appears is: .../users/add_new_account.asp

I think the error has to do with my email component setting - becuase it works fine otherwise.

I have the email component setting set to CDOSYS (using remote server) with the mail.remote.server set to email.cidra.com - email address set to webmaster@cidra.com

Note: I receive the email notification and the user does get added.

Can you help please? Shirley

UPDATE...I just figured out that it only errors when the email address I use for the user is NOT from cidra.com -- Any idea why?

Chris -

I am encountering a problem with items showing up.  When I click on a category and then select an item to view I get

THIS ITEM IS NO LONGER ACTIVE
DO NOT CONTACT THIS USER AS THIS ITEM HAS BEEN TURNED OFF
OR THE USER HAS SOLD THE ITEM.

I have verified the item has the item_active check.  For giggles, I even unchecked with the same results.

Thoughts?

As an update to this thread I fixed the "upload_post.asp" page quite some time ago but forgot to post the updated file here.

So here it is.

2005-09-16_165913_upload_post.zip

Editing the look of the login page.

In this version editing the look of the login page is very easy.
You can make this login page look exactly like you web site if you like.

You want to edit the "scripts/login_form_inc.asp" file.

It can be edited with any editor as long as the existing bits of server side code in it and the login form remain in tact.

The best thing to do is back it up before you start editing it.
Then if you goof it up you can revert back to the original.

If you edit this page with FrontPage enable the "show all" feature.
Its the little PIE sign in your icons. It will show the server side code as yellow things on the screen so you know where they are and can be careful not to delete them.

see screenshot

sometimes those emails take a bit... all depend on wht you are using to send them and whether a pickup directory is involved

as for the other I do not know.. PM me the site details I can look

if it is a 2003 server parent paths must of course be enabled.. its a requirement of aspclassifieds

You really can not do something like that. You can not use client side code to change a server side session variable.

To make changes server side a form must be submitted or a link clicked on to another page. Then you can do whatever you like but you cant have an onlci event update a session variable like that.

Though I am not sure of exactly what you are trying to do I think you'll need to go about things a little differently.

After I approve someone's username and password, then go to send them the default e mail telling them of the approval, the e mail never goes through.  The e mailing used to work well for many months, but it stopped working.  Any thoughts?

Spider

Noted:
I actually did not think you did.

As far as debugging goes.. thats all built into visual studio.net.
There is a tag you edit in the web.config file to enable project debugging
http://support.cjwsoft.com/code/moreinfo251-1.htm

Like I said though for changes to ASPProtect.NET I'd start off from scratch and stick with vb.net... using the visual.studio.net interface is not really vary hard to remove and change things you dont' need even if you are a C# coder. Especially simple stuff like you mentioned.

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

Sounds cool.. post info when you get it sorted out

thx

hopefully someday I'll get the new version finished.. I just never seem to have time. Lately ASPProtect takes up all my time and now aspclassifieds seems to be in need of a new version more so than asp photo gallery