I have just purchased ASP v7 and loaded.  Followed instructions.  Obtained codes not prob.  Get to single field login screen, enter password and following page appears:

Method Not Allowed

The requested method POST is not allowed for the URL /temp/aspprotect/password_admin/get_me_in.asp.

Added folder aspprotect under (temp web) folder - temp, but also tried under root folder of web site.

Still no luck.

You really should just look at the documentation that came with the application. It tells you everything you need to know.

it is in the docs folder in html format.. it is also linked to from the aspclassifieds website

http://www.aspclassifieds.com/demo/docs/

This is amazing. You replied to question within minutes. Thanks for showing such a professionalism.

Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings?

You not getting a blank page.. you getting an error. You just can't see it because it appears you edited the page background to black.

error '80040211'

/aspprotect/scripts/emailing_subs_inc.asp, line 174

This is great FREE SQL Server Web Data Administrator App from Microsoft..

http://www.microsoft.com/downloads/details.aspx?FamilyID=C03 9A798-C57A-419E-ACBC-2A332CB7F959&displaylang=en

It is an ASP.NET web application that you install locally on your development server and then use to connect to a SQL database whether remote or local.

It can do nearly everything enterprise manager can do.

I have tested it and it works great for me.

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

Great software.

How easy would it be to copy the email address entered at registration directly into the login id field so that the user's email address is automatically used as the login id? 

Also, where in the code can I turn off the random password generator - I'd rather force people to pick something they can remember themselves.

Thanks,

Nick

Hello,

no default setting for something like that... what your thinking about doing is on the right track I'd say

I just took a look and that is definetly what happened.
It has nothing to do with the registration process as far as I can see.

Just running this page triggers it and I know it does not do that the way it comes.
http://www.myvirtualtutor.com/aspprotect/users/user_area.asp

Please back up what you changed and put the user area back the way it came..

If error still happens then I can help you.. It it works fine with the default files from the zip archive then you messed something up in the code.

You have to be really careful when working with ASP code.

Also: just in case you did this. " you should not be password protecting any files in the users area that are already there " the users area does it's own thing and there is no reason to be doing anything like that to the files that are already there. You can do whatever you like to files you add on your own.

maybe this is the issue...

do you realize that the descriptive name you give a group is not always going to be the same ID in the database ? The two are not related.

Perhaps what you named Group 1 is really group ID 3

You can tell for sure by generating protection code for group 1 and see what ID it tells you to use..



You also need to remember that you are testing this with different users and it is really easy to get confused so you need specifically log off using the log off page to ensure session info from the previous login doesn't show up and cause confusion when you log in with a different user... etc etc

in addition to logging off that way you may also want clear the session and application info via the code at the bottom of my article
http://www.powerasp.com/content/new/displaying-session-and-a pplication-variables.asp

and do that in between any user you log in as

Yup everything looks ok - but why no error?

This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...

What would cause it to 'think' it is doing the task yet still fail?

I would also double check that you changed the field size correctly and on the correct database that is being used in the connection string

Hi there,

Just bought ASPProtect 7.0 last week and just got around to installing it. I've gotten through the installation and am now trying to test the (Forgot Password) functionality.

I get the following error when I type in the e-mail (or in some cases the username) and Post the form. 

Error was [11004] Valid name, no data record of requested type

I know that the add user functionality is pointing to the correct database (I see the additional rows via SQL Enterprise Manager) and that the e-mail address I am looking for is in the SQL database. 

Any ideas? Any other information you need?

Thanks,
Toni

               Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile.  It could be due to the fact that the rest of the project is in C#.  Or it could be due to some other factor in ASP Protect.

Hi - When I try the mass email feature, I get an error that says:

ODBC Microsoft access driver) too few parameters expected 1

/aspprotect/password/admin/send_mass_email.asp line 280

Oddly...this feature works fine when I use the original admin user that you setup. 

But I setup another one with my username and password (not test) - because I was afraid anything with "test" could get deleted. 

Any ideas on why the new admin userid would not work?  Note: I have not change any code from the original installation.

I used Dreamweaver4 to make my site is there anything I can do to make it work?

no, that only applies to random pictures and stats..

The issues you are talking about usually relate to issues created by switching back and forth between a local install and a live server install and not being careful about changing the paths in the settings depending on where you are running it from.

For example.. it trying to use a url at the server level that is only valid when you are running it locally

Christopher

I have gone back to your original files and uploaded them to another server folder and instead of using a DSN I have tried this with a DSN less connection and changed the database to MS Access 2002.

This has corrected the problem.
I will check this out again using the DSN with access 2002 to see if this was the problem. It may be something to do with an older format of database on this particular server.

I will let you know what I find.

Thanks for your  quick reply.

The login page sends the user to redirect.asp (which is as follows)

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If InStr(Session("Groups"),"*1*") Then
    Response.Redirect("gp01.asp")
End If
%>

<%
If InStr(Session("Groups"),"*2*") Then
    Response.Redirect("gp02.asp")
End If
%>

I am not being redirected to gp02.asp if I am a member of group2.  Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)

Thanks in advance.

Hi Chris,

Thank you for your prompt response.

Our current project requires alot of customization.

Yes, the error is probably a data problem and not due to your code, because we needed to make modifications to the database.  But that's why debugging would be helpful.

Basically our intent to modify the asp protect code stems from the fact that our client doesn’t want certain fields to be recorded or to appear: address, city, state, zip etc…

We are happy to be able to modify the HTML, but we also want to modify some other default behavior, such as which page opens when the "cancel" button is hit in the editaccountinfo.aspx page.

Disallowed Parent Path

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory. 

When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.

If it is not enabled on you server you will have to ask your host to enable parent paths for your website.

This is what the settings screen looks like on an XP Machine

Additional Information:

It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.

Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.

Hosting companies should if they are serious about hosting ASP.


If they won't your only option is to go through all the code and convert the file includes to virtual includes.

http://www.powerasp.com/content/code-snippets/includes.asp

The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)

Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc

Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.

In my opinion virtual includes are pretty useless for commercial web based applications...  Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.

For example...

The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->

But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this

<!--#include virtual = "/somedirectory/somefile.asp"-->

It should be released sometime late May 2004 or early June 2004 but no gurantees as I am pretty busy right now with some projects.

There will be upgrade instructions and it should be a fairly easy upgrade.

Hi there, I am not exactly what you mean when you say "moved some of the include files to user"

are you saying you are moving files around ? I am not sure what you mean there.

but.. the parent path issue is described in detail here

http://support.cjwsoft.com/code/moreinfo5-1.htm


Having is enabled is actually a requirment of the photo gallery application as stated on the web site
http://www.aspphotogallery.com/aspgallery_pro.asp

You can certainly still use the apllication but as that article says you will need to change any file includes to virtual includes so they will work with parent paths disabled

SQL Database Creation (NEW INSTALL)

If you are creating a new database do so using SQL enterprise manager.
Create a new database called whatever you like and keep all the default settings. If using an existing sql database skip that step.

Now open up SQL Query Analyzer

unzip the following sql script and open it in query analyser.
2005-02-20_132116_aspprotect_v7_sql_script.zip

VERY IMPORTANT
On the drop down box at the top right make sure your intended database is selected. Otherwise your changes may effect the wrong database in your SQL server.

Then load the script  into the Query Analyzer.  Click the green play button at the top. If everything goes well the response should read something like this.

******************************************************
(1 row(s) affected)
******************************************************

If so the tables have been created in your existing database.

Now make sure an existing or new SQL user has (public / datareader / datawriter) permissions for the new tables. You will be referencing this user in the asp code connection string so this user must be set up correctly. You may need your SQL server admins or hosting company to help you on this step as you may not have access to do this. You may not need to create a user and set permissions as the sql user you were logged in as to use query analyzer may by default get the correct permissions on anything you create.

Regardless, as you can see from this screenshot I made a SQL user called "aspprotectuser" and proceeded to set the permissions for that user. Under database access giving him (public,datareader, and datewriter permissions).


Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and modify the connection string info. Be sure to change the info to match your server,username, and password.

Below is an example of valid connection string.

ConnectionString = "Provider=sqloledb;Data Source=poseidon;Initial Catalog=aspprotect;User Id=aspprotectuser;Password=temp;"

The  "Data Source" setting is either the Network Name for the SQL Server or the IP Address. For local servers you can sometimes use an IP of "127.0.0.1" or the name of the local server.

"Initial Catalog" is the name of your database.

Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and set the DatabaseType variable to SQL like so.

DatabaseType = "SQL"

where is your site ? I'll taka a look

Everything is running fine.. I can read ads... reply to them. but when I click sign in or register.. I get a server error.

Any suggestions

Thank You