ok, I moved this thread..

The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.

The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)

That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing. 

Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.

Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"

change

Password = CmdDataExport("Password")

to

Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)

Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.

it is by design actually and something that can be improved
(I just never thought of it when I 1st designed the system and it is actually planned to be added in Version 8)

The trick would be to reset those session variables anytime someone edits and saves their information... not very hard at all

you would do it on the save code page for when a user edits themself.
you want to grab the info posted from the form and  reset each session variable at the same time everything is re-saved to the database

example

Session("Company_Name") = Request("Company_Name")

I had both ASP Listings & Classified on the same website.  The categories seem to be getting mixed up. I removed ASP Classified but classfieds categories is still appearing in the student of ASP Listing.

How do I fix this?

Thanks

I have ASPProtect up and running and I was able to log in with little to now problem after following all of the directions. 

I imported my data base of users (approx 5300) into the access db, and now it times out just letting me log in.

I've got full access to the web server to make any changes on that end that I need.

any ideas?

I am in process of upgrading from v6 to v7.  I have made database changes, can connect to database and get in to Administration area just fine.  However when I go to create a new user I get the following error

ADODB.Recordset error '800a0cc1'

Item cannot be found in the collection corresponding to the requested name or ordinal.

/password_admin/save.asp, line 227

Thanks

... in addition it is a virtual include not a file.  I just tried to use file instead of virtual and then the ../ includes worked on the asp pages.

This is strange because they used to work like that on the 2000 server I had these sites running on.

I just took a look and that is definetly what happened.
It has nothing to do with the registration process as far as I can see.

Just running this page triggers it and I know it does not do that the way it comes.
http://www.myvirtualtutor.com/aspprotect/users/user_area.asp

Please back up what you changed and put the user area back the way it came..

If error still happens then I can help you.. It it works fine with the default files from the zip archive then you messed something up in the code.

You have to be really careful when working with ASP code.

Also: just in case you did this. " you should not be password protecting any files in the users area that are already there " the users area does it's own thing and there is no reason to be doing anything like that to the files that are already there. You can do whatever you like to files you add on your own.

Hello,

If you are using ASPProtect Version 7 it is possible because version 7 supports html emailing. In any other version it would require some custom coding to add html email support. You would have to sort it out by experimenting and editing the emailing code. All the email methods have documentation on the web in some form or another showing how to send html emails.

Also,
sometimes depending on the email component being used and the email client reading the email a link in a text based email will get hyperlinked automatically. For example outlook usually will do that, but it doesn't always in other situations.

Lastly, we have special upgrade pricing should anyone want to upgrade to ASPProtect Version 7. It really has a ton of great features.

Best Regards,

Chris Williams
www.CJWSoft.com

Don't want to install the application ? Having trouble doing it ? Don't think you can ? No problem, have us install it for you. PLEASE READ ALL OF THIS Installation service is generally available Mon - Fri during the hours of 10 am - 7 pm EST. We may very well be around to do installs at other times but we do not guarantee that. To do an install we generally need FrontPage Explorer or FTP access to your site. We also need a way to set permissions on any necessary directories, etc etc. To do a SQL Server install we need to access your SQL server via Enterprise Manager. Some installs may require access to other things not mentioned. The server must be a properly set up NT/2000/2003 server running IIS 4-6 for ASP 3.0 applications. (with support for ASP scripts and database connectivity.) Parent Paths must be enabled on the server. Please Note: These ASP scripts do not run under Chillisoft ASP. That means they do not run under Unix, Linux, Apache, etc etc. We do not install our applications on free ASP Hosting solutions. Why, because they are more trouble than they are worth. Free hosts like that are usually zero help if we need something changed. There is a reason they are free. We install the software in it's base configuration. We make sure it is running correctly. If you break the installation you will have to pay to have it fixed. We do not integrate it with your existing site or edit any of your existing web content. That is up to you. Installation fees are non refundable as is the digital source code we sell. When you purchase anything from us you agree to this. We do not do installs for IPNFulfill and Color Sequence Protection as they are simple scripts and do not even use a database.. We also do not install the IPN Support Pack as it is just a folder you copy into your web and some configuration files that you must decide how to configure based on your needs and your PayPal account info.

Any CJWSoft ASP 3.0 application (Access Database Installation)	25.00
Any CJWSoft ASP 3.0 application (SQL Database Installation)	40.00

Contact us if you have any questions.

It turns out that I never enabled ASP.net on the site. After doing that the skins work much better. I'll have to poke around and see what other functionality is now available.

Thanks!

Al

Parent paths being enabled on the server is a requirement of the application. That error means just what it says.

you can change all the server side includes to virtual includes that will work or you can ask you host to enable parent paths.. those are the options

more here...
http://support.cjwsoft.com/code/moreinfo5-1.htm

That would not happen unless you added a target to the login form or you're code had a base target set.

Like so..

<base target="_blank">

I would really need more detailed information. It's nothing the system does the way it ships under normal circumstances. For example you shouldn't see that behavior in any of the example protected ".asp" pages

that is unless you have something odd going on with your browser settings or you made changes to the login form or code around it causing it. (or you are using frames and dont have some of the targets and what not set correctly)

My guess is that it has to be something you added or did, but I really need to know more to offer more than that.

How do I change the character length for the description field?

I would say that it isn't all that difficult using mySQL for the backend....the main thing is to make sure you set the primary keys for auto-incrementing in your database.  Alos need to make sure that any DELETE SQL statements are formatted like this

DELETE FROM tblName WHERE tblField=SomeValue

and not

DELETE * FROM tblName WHERE tblField=SomeValue

The same holds true for using MSSQL

umm.. rename the pages to ".asp"

After all these are ASP scripts we are dealing with and the product is called ASPProtect.

The web site says it is used to protect ".asp" pages

And the directions tell you to put the protection code on ".asp" pages.

ASP can not run in ".html" pages

If you do not know basic things like this you should really learn the basics of ASP before you try to use the application. I would suggest a good book or two. ASPProtect is for people that have at least some experience with Active Server Pages.

Really awesome, thanks..

If possible please be sure to respond to the email they send so the review ends up authenticated

I need a point or a little insight please.

I need to get information from a credit card authorization called netbilling. I have been looking at your code for PayPal and 2 checkout. I have a feel for the code flow and the relationships of the "includes" .

I have been doing a lot of reading in my books and am seemingly twisted around the axel. I am not expert in ASP I am better in VB. I am not afraid to write code I am just a little nervous about messing up existing relationships.

My plan is simple: code a page to open the database and populate the database fields from netbilling and convert their field name to yours in the database.

I appreciate your time and insight. As in the past I need your help again.

Thanks

I have imported like 50,000 users into an access database when testing... it took like 4-5 minutes but worked..

course it really all depends on the setup how many you can get away with

something must still be wrong

have you tried just importing 1 or 2 users for troubleshooting sake ?

I would also recommend that after any timeout you reboot the server or at the very least do an "iisreset" to get things back to normal

Hi,

First and foremost, a great product. I downloaded it last night and it took little effort to get it up and running

.....now a little question...

Has the software/code been tried out on a Mysql db and if so did it work?

The reason I ask is that my website is very busy (1.5million page views per month avg) and I'm considering converting the ASPBanner Access db to a Mysql one to help handle the traffic. For every page view one banner impression is being made which means that the Access db is under a bit of pressure

This afternoon there were 1012 simultanious users on the website and it froze with an error message displaying where the banner should have been (I didn't quite catch the message but something to do with the banner script timing out). I'm not sure if the Access db had something to do with it but it seemed too coincidental. Rebooting the server cured the problem but obviously kicked off the visistors as well
At present there's 668 online and no problems so I'll have to monitor it to see how it goes but if anyone can answer the Mysql question I'd be grateful

Thanks,

Dave

I really do not know.. maybe it is a conflict with something else..

I run many instances of aspbanner on my servers and I have every item to log enabled for my iis log files... my stats server software which reads those log files (livestats and smarterstats) have never reported any 404 errors related to (aspbanner/those images)...

I do not know what is happening in your situation..

sorry.

I did all that you sugessted and all failed, you  said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually?  below are the steps I performed......

1 - made sure the web is it's own application in IIS

2 - Reset IIS in command promt

3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.

I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?

Thank you!

Matt...

We can't seem to find the purchase emails for this install of ASPProtect.

It would have been in May 2004 for NetOptions LLC or CareerMatrix.com

We noticed it should have been v6 of ASPProtect.

Can you resend the download links?

Hi,

I have just one quick question, I know this works with Paypal but does this work with Merchant Account?

How difficult it is to make it workable with Merchant account? I appreciate your answer.

Thanks.

Advertising ?? oh really.

It was named that because that way if you already have a login.aspx file for whatever reason it does not interfere which is a good thing. It has nothing to do with advertising.

Next off you never mentioned having an issue with it saying aspprotect in it. I am EXTREMELY clear about what I support and do not regarding ASPProtect.NET. If you are upset because I didn't tell you exactly what to edit and change in visual studio.net and hold your hand you are out of line. My god, I sent you to like the best and most detailed tutorial on how to setup and use the application with VS.NET that could ever exist. That took forever to put together. I even responded to your post on Christmas on a Sunday. I doubt too many companies would have responded on Christmas.

More importantly than that when you purchase code from CJWSoft you are purchasing digital source code and there are no refunds. Every single page in the CJWSoft family states that very cleary in the footer. I do not appretiate it when someone threatens a chargeback and as far as I am concerned anyone that does that is commiting a crime of theft. I also do not appretiate smart comments saying it's "obvious" etc etc

If you wanted to strike a nerve with me you did. If you want to commit a crime and be a thief that is your business as well. Obviously I can not stop that and the credit card company will take your side. I work very hard on the source code I sell and my policies on everything are VERY clear.

Advertising ??
Calling the credit card company ??
Obvious ??

nice, real nice

Connecting user is dbo of database.

User_ID is primary key with auto increment identity.

SQL Script of current table:
CREATE TABLE [dbo].[Security_Users] (
 [User_ID] [int] IDENTITY (1, 1) NOT NULL ,
 [First_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Last_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Company_Name] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Username] [nvarchar] (75) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Password] [nvarchar] (15) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Access_Level] [nvarchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Notes] [nvarchar] (1000) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Admin] [bit] NOT NULL ,
 [Active] [bit] NOT NULL ,
 [Expiration_Date] [smalldatetime] NULL ,
 [Email] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Address] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [City] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [State_Province] [nvarchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Zipcode_Postal_Code] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Phone] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Counter] [int] NULL ,
 [Last_Access] [smalldatetime] NULL ,
 [Login_Limit] [int] NULL ,
 [Custom1] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom2] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom3] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom4] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom5] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Custom6] [nvarchar] (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [ValidateEmailCode] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [Date_Created] [datetime] NULL ,
 [Validated] [bit] NOT NULL
) ON [PRIMARY]
GO

ALTER TABLE [dbo].[Security_Users] WITH NOCHECK ADD
 CONSTRAINT [PK_Security_Users] PRIMARY KEY  CLUSTERED
 (
  [User_ID]
 )  ON [PRIMARY]
GO

Can you do a better price deal for that version in place of the one I've just purchased ie for a single licence rather than unlimited Christopher?

Or failing that can you give me an idea of how many changes you had to make to convert 7.3 to work with Mysql?

Regards,

Dave

Hello,

Unfortuantely I can not help you much regarding the javascript because I am a server side code kinda guy. Client side javascript just isn't my thing. That was free javascript code that I used for that function. I really do not know enough about editing client javascript. Sounds like you might though.

Style 1 is really a relic left over from the standard version. I just left it in in case someone wanted to use it. Like I said because it is javascript making it do more than it does is tricky (at least for me)

Now,, for actually getting description code. The thing to do is check out how that all works in the pic_window.asp file which is what style 2 two uses. Bascially descriptions for an particular album get stored in one text file. We read that test file. Put the lines into an array. Then display the info which gets run through a functions to convert some special characters used when saving back to normal.

I tried to look at your site but it woulnt load for some reason.

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

ok, that probably means the physical path you have set for the logfile directory (in the admin settings area) is not correc t

the error pretty much means just what it says

humm

expiration dates in the aspprotect system are not used at all when using paypal subscriptions.. all date handling is done on their end actually

and they of course send notices from their system to the user regarding their subscription and when it renews,cancels, etc etc

so I am pretty sure any errors with that would have more to do with the info you used for the subscription setup and possibly any paypal settings associated with it

its hard to say at this point

The smart thing to do I think.. would be to sign up someone using another PayPal account (your allowed 2)... and while doing it be very careful about the subscription setup data.. and then as soon as the subscription is created review all the info in the paypal system and see if the length of the subscription / expiration.. etc etc in the paypal system info looks right..

at least then you can begin to troubleshoot what is going on...

Christopher

Thanks for a speedy reply.  This is what I have used most recently...

ListingsConnectionString = "DSN=longreach;UID=lradmin;PWD=skipper;"
DatabaseType = "SQL"

but that throws an error of:

 [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified

I have private messaged you my SQL server IP address.  I am a fast learner with ASP (I think!) but some things really catch me out!

i will probably end up doing this myself, but dropping all the log data in a sql table would be nice as it offers much more flexibility on how an admin can keep track and use the data. Browsing through each log file is very inconvenient. I can search for text in the files (server-side, others with a shared server would probably have to separately download all log files first), but with the current method I don't have the following important options:

• cannot sort by any criteria
• quickly see a list of all login attempts by a specific user (i need to search each log file individually for this info)

if you had an option during setup perhaps (or elsewhere) in a future version that allowed an admin to specify the preferred logging method (separate files or a table in sql) i'm sure many admins would find it very useful to have a database alternative of keeping track of users becuase it would offer the two benefits listed above, plus more.