If we wanted to user groups, is the "Access Level" in the User setup the same ID as what the group access would be?  Ex. If John had Access Level 4 and the page specified <% GROUPACCESS = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

I'm asking because there is no Group Access Level in the user setup.  Thanks

you do not run "check_user_inc.asp" by itself

Pages you protect include that file at the top.. when they someone goes  to a protected page if not logged in a user then sees a login prompt..

after loggin in they see that same page as normal

its an automated process..

now, that being said if you really want to you a specify a page to be redirected to after the 1st login when you edit a users info. You can also redirect anyone anywhere like using a simple ASP redirect statement in your code.

Personally I feel that redirecting people all over the place is poor site design. ASP is all about dynamic code and ASPProtect is all about dynamically tailoring pages to the current logged in users... so why redirect people all over the place.. it justs complicates things because you still need to password protect the places you send them to.... which means twice the work and twice the confusion.


Also, here is a Version 6 thread about redirecting manually that still applies to version 7.

http://support.cjwsoft.com/code/moreinfo17-1.htm

Hi Chris,

The password is HANNAH.  If you're into trouble shooting mode and would like the key, I can send it to you.  If not, no big deal, I've email the guy a new password.  We'll see how many rounds it takes him to get it right. 

Thanks,
Mick

Hi,

I have just one quick question, I know this works with Paypal but does this work with Merchant Account?

How difficult it is to make it workable with Merchant account? I appreciate your answer.

Thanks.

Ok nevermind that... i got by that wasn't paying attention...

The problem is even before this which i didn't know until now.

I placed the protect tag in a page i called members.aspx

When i go to this page is says ACCESS DENIED etc etc etc.

When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:

Server Error in '/MAP' Application.

---

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /map/users/aspprotectlogin.aspx

btw it says /map because that is the subfolder within the root folder

thx for posting this..


Just a few notes... more than 100 pictures specified in the config file is not supported. You are of course on your own if you specify more than 100

Also, technically the post above should say more than 102 pictures... "I think" as you wont need more html cell code until then..

The loop in the code is probably how I should have done it in the 1st place but I was in a hurry to get this finished and I also never expected/wanted anyone to specify more than 100 pics per album.

Lastly.. depending on what style you are using in the config file the code above may not work as some of the styles do not use cells but line breaks instead..   At least from what I remember.

any asp code that accesses an access database, writes to text files, or allows for picture uploading will need permissions set on certain directories

every application out there is going to need permissions set at some point

its just a fact.. and if your hosting company does not give you a way to manage permissions or have it done when you ask they do not know what they are doing and they are not supporting your asp hosting needs

see my article for more info on the whole process
http://support.cjwsoft.com/code/moreinfo136-1.htm
the part newar the bottom talks about hosting companies

Umm, if your using MSACCESS your using MSACCESS

SQL server has nothing to do with it.

Hello Chris:

Let me run some more test if it's working on your end it should be on mine?  I have made some custom updates to the code but no in that area.

Thanks,
-Ricardo

Hello,

Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.

If you design the site to be intelligent that scenario should never happen.

For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.

It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.

Here are some simple examples.

Here is an example using access levels.

<%
If Session("Access_Level") = "1"  Then
' show links to pages that allow access level 1
End If
%>

And one for groups..

<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>

ya,

any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links

example (for anyone that comes across this thread)

http://www.examplesite.com/somepage.asp

is going to have a different set of application and session variables then

http://examplesite.com/somepage.asp

even though they are basically the same page

It does not matter what directory name the ASPProtect files and folders are in but you cant go moving around critical file and folders like it appears you did nor is there any reason to.

All that is is saying is that the users folder, the password_admin folder, the scripts folder, the check_user_inc.asp file, and all the other files and folders that come with the system can be in any directory name as a whole.... but that doesn't mean you can go messing around with the files and folders in that directory.

I assure you 100's of users do not use "aspprotect" as the main folder name and they have no issues doing so.

Regardless, you need to explain in much clearer detail exactly what you did and what paths you used and what is where.  At this point I really do not know what is you did as your post was not clear to me.

You should also check that you have entered correct path info in the admin settings page area. The register page is one of the paths that geths set there.

The redirection feature isn't working as I exected.

If I clear a user's redirection_URL, they can navigate to any protected page on my website as expected.

However, if I set the user's redirection_URL to a protected page, they cannot login. More specifically, their browser just keeps displaying the login form while the browser's progress bar just increments ad infinitum.

If I set the user's redirection_URL to a NON-protected page, the user is directed to that non-protected page, but if they then try to navigate to a protected page, they are redirected back to the redirection_URL.

Is this the way the redirection feature is supposed to work?

My application requires that a user is directed to a protected page and from there, they can navigate to any page that they are allowed to go to.

What can I do?

Right,  I've done that.  My concern is that it will time out again while I'm trying to import the file.

The import/export manager does not show up under the users tab when I log in normally.  I have to pull up the page in frontpage and then preview it a browser to get it to show.

here ya go

http://support.cjwsoft.com/code/moreinfo169-1.htm

I have never heard of such a thing...
If the settings are enabled for the web it should work.
That is, as long as your include file syntax is valid.

I run my own windows 2003 server (you are on it now) so I should know

for troubleshooting

try a very very simple example... like a file in a folder.. with a server side include to a file under it

and see if that works

use real simple asp files with nothing crazy in them... and an include like this

<!--#include file = "../myfile.asp"-->

Okay, I did that, now I get:

Microsoft VBScript runtime error '800a004c'

Path not found

/aspprotect/password_admin/upload_post.asp, line 292

ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..

This comes with the system as an example folder with some files in it.

Basically we protect the image in 2 ways.

All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.

For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.

Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41

Thought that was already done....

Back to the drawing board...

That's exactly what it was.

The site owner couldn't see their own ads because Norton was blocking anything with the word ad in it.

On another note: I changed the word 'ad' to 'listing' and got it to show even with Norton.

Hi, I have not gotten anything from you about it.

click on the PM button below and send it that way through the forums.

Thanks

I am getting closer.

This error actually does not have anything to do with the forgotten password feature or your database.

It has to do with the settings you chose for emailing.

it relates to aspmail and it not liking the remotehost you used, or something like that.... etc etc

its one or the other... you cant protect upload.asp at the same time if upload.asp is included in another page..

I mean sure you can protect upload.asp from running when another page calls it by password protecting the page calling it.

And sure you can protect upload.asp by itself if it also runs all by itself. But you can not include the "check_user_inc.asp" more than once in any order of execution scenario. That includes pages being included.

Generally anytime a page is included in another that included page is not meant to run by itself and wouldn't produce any outcome if run by itself so this would never be an issue.

if you don't want "upload.asp" to ever be run by itself in that scenario put it somewhere in your web site that is not web browser accessible.

I would also suggest you look into using Virtual includes. It will save you a lot of time figuring out this sort of thing "../../../../../" becuase once you figure out the virtual include path you can use the same server side include from any directory level.

http://www.powerasp.com/content/code-snippets/includes.asp

I just did a quick google search... found a ton of info on how to find the setting. Here is one...

These are directions for IIS6 but the process is similar for IIS4-5

1. Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. Double-click your computer name in the left pane, and then double-click Web Sites.
3. Locate the Web site and directory that houses the ASP application.
4. Right-click the application site or directory, and then click Properties.
5. Select Home Directory, and then click Configuration.
6. Click Options, and then click to select the Enable Parent Paths check box.
7. Click OK two times.

Hi - When I try the mass email feature, I get an error that says:

ODBC Microsoft access driver) too few parameters expected 1

/aspprotect/password/admin/send_mass_email.asp line 280

Oddly...this feature works fine when I use the original admin user that you setup. 

But I setup another one with my username and password (not test) - because I was afraid anything with "test" could get deleted. 

Any ideas on why the new admin userid would not work?  Note: I have not change any code from the original installation.

Thanks for the quick reply!

I was thinking it was an ASP config/install issue.

I usually deal with Linux/PHP, so this is all new to me :)

Look in the "check_user_inc.asp" file..

You'll see the name of the cookie there and also get an idea how to access it.

In most versions it looks like this.

Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME")

You'll want the cookie for the username because the session variable will not exist unless they have actually gone to a protected page during that session at the site.

It would probably be best the check for both the session and the cookie. That will make sure people logged in that arent using the cookie option still see the message you want to display.

Sorta like this..

GetUsername = ""
If Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME") <> "" Then
GetUsername = Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME")
Else If Session("Username") <> "" Then
GetUsername = Session("Username")
End If

Response.Write GetUsername

While my host says the permissions are now correct....its still trying to download the setup ASP file instead of executing it.

I really need to get this application working asap too.  I noticed the purchasing page said that install came free.....so any help would reaallly be great.

re