That was wrong of me but not what I meant. It seems as soon as I purchase something like this it doesn't work right and it can't be altered to work with what I have. The support ends up sucking or being none. Listen I’ve gone thru you're product and it's wonderful and does exactly what you say it does so that's a relief. Sorry about my ignorance with .NET but I’m from an ASP world and it's a lot different. You can see what I’m trying to protect here http://www.hotmixxent.com:8087/default.aspx. The final site after testing will be http://mxais.sfmx.org/default.aspx. Again thanks for the support on Christmas Sunday, that’s defiantly beyond the call and I appreciate it a lot.

Hi,

I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.

I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?

Thanks

S

Sorry about earlier post in wrong area-

I have followed instructions to set up access levels (adding the

<% CHECKFOR = "4" %>    for user level 4 for instance.) The database is connecting properly and the basic check for login is taking place, but it seems that all users have access to all levels no matter what is on the database; i.e I set up a test page with "checkfor=4" and all users have access to it, even those with lower leve access.

Any ideas?

Thanks

is that lindsey lohan and her fake boobs as ur avatar?

I am installing IIS and all of its glory on the other computer now... gotta love remote desktop (the pc is at work  )

Also.. if you want to customize each person's experience individually it really does not make sense to use groups or access levels for that purpose alone.

I mean, why bother making a group or access level for every user and worrying about keeping track of it all when you can just access the available session info about the user to create dynamic pages specific to that user.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=198& ; ; ; ;PN=1

That is why that information is there.


You can of course use some combination of the two technologies as well should you have groups of users that you want to have a slightly different experience.

Hello,

Sorry
No, there is not.

not the way the code ships.. The program keeps tracks of everything by the way it ranames files. The system has been tested to work well with as many as 10,000 images files. Any more than that and you need something a little more serious meant for that amount of images.

You could certainly modify it do work that way if you are good with source code. There are actually as many drawbacks as doing doing it that way as there are advantages.
Take Care

Thank you....  yes it does

Is there a limit in the number of Zones you can have in the database.

thanking you

In a way your questions are confusing to me, but here is some information regardless.



Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.


If you are concerned about customers downloading the access database..

best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that

the more of these things you can do the better..

And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.

I think you may be using old code where that was an issue... I am going to PM you the latest version..

to be safe upgrade all the ASP files except the dataconn_inc.asp files and your config_inc.asp files

"be real careful not to lose your current encryption keys in the "config_inc.asp" file or you will be in real trouble

You can use your existing database

Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..

Same thing happens... certain passwords just do not work.

So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.

Here is an example.. see the screenshot below.

Username "admin" password "petepetepete"

The top query done in Enterprise Manager is valid and shows the user.

The bottom query is also valid but it does not show the user.

And that is exactly what is happening from the ASP codes point of view.

Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.

It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.

I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.

One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.

It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.

Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.

Your call..

I'll try to help when I get back tues night,, see the contact page for info on where I am .
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry

IFRAME is just an client side html thing...

has nothing to do with .NET

will work with any page extension or server side technology

As you see from that compatibilty chart I posted a link to.
Nearly every modern browser supports it.

ya,

any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links

example (for anyone that comes across this thread)

http://www.examplesite.com/somepage.asp

is going to have a different set of application and session variables then

http://examplesite.com/somepage.asp

even though they are basically the same page

Umm, if your using MSACCESS your using MSACCESS

SQL server has nothing to do with it.

Weird things happening, when I upload using the vb method the image fails and error is that the image was empty.

Utilizing ASPUpload and after clicking upload file I get a blank screen, no preview, no nothing (it loads with the proper header/footer) but a completely blank body.

Any hints?

The problem was that I did not have

ConnectionString = "Driver={Microsoft Access Driver (*.mdb)}.... in the connection string.

Thank You.

I'am in the process of modifing registration and tieing in paypal. When I get live I will send you a link. Thanks for help.

John

works fine now

I purchased 6.0 in Feb 05.  Is there an upgrade price to 7.0

I spent considerable time setting up 6.0 to work with my web site. From what I read in the forum, it sounds like I have to start over again to integrate the new version into our web site. I do not relish the thought of that, but I have to move to an email system with a valid MX record.

Will I be starting over from scratch with this upgrade?

can add photo album but after i upload a pic, nothing shows.

where do i look to research why pics aren't showing in the albums

Glad it worked

This is a great article for newbies..

Hints & Tips when working with ASP
http://www.powerasp.com/content/hintstips/common_sense.asp

When adding a new user I am taken to a form.

There are several "required fields".

First and last names are 2 of them.

This is not needed by me and I need the company name as a required field instead. I work and deal with company names, not individuals.

So, i am unable to add any users due to this.

How can I either do away with the names as a required field or swap the individual names with the company name as a required field?

I have customers wanting to be able to view their own stats, but I need to do away with the required fields to work with my customer base.

-john

in Control_pic.asp is there way to wrap the description field so that it doesn't go outside the table.

Thanks

Using "Email Authentication" as a registration option you cannot do that. There is no possible way I know of to have a delay on the authentication email like that. Also that method is not intended to involve any sort of manual registration like what you are doing.

Because you want to review people manually you need to change to registration process to "manual" and then send the email out manually from the users screen after making a user active.

To be honest I just can't remember what happens. It has been a long time since I did a real live test of that. I know it seemed like a pretty smooth process to me. Right now I can not test it out as I am on a road trip with my motorcycle and I am sending this email from my PDA.

I would ask Dave at this website.
http://www.davephoenix.com/

Or via this username in the forums
PhoenixUK

He can tell you what happens as he has been using the IPN stuff for about a month now.

Perhaps another user could chime in here as well and let us know. I know there are a lot of people using the IPN stuff.

import/export feature WARNING !!

I just want to warn everyone that the built in import/export feature can be a little dangerous.
The reason being is when you import users they get new "Users_ID"s in the database.

The "User_ID" field is an autonumber field and that is why and there is nothing you can do about it.

So, if you are using a user's current "User_ID" to keep track up something important NEVER export the users and re-import them. Because their "User_ID" will change and you will be in trouble.

The PayPal signup features of ASPProtect actually use the "User_ID" like this and that is the main reason this warning is here.

now, that being said

If you are importing new users into ASPProtect

or

simply exporting existing users to another system

then this is nothing to worry about.


Basically, the moral of this story is dont think of the built in Import/Export feature as backup system because it is not. It is not a substistute for backing up your database.

It is a just a tool that can come in handy for various things.

as far as sql goes if you follow the instructions with give for setting up a new database you shouldnt have any issues and permissions should be already set. because we handle that in the sql script we give you.. "its a good thing to look at and it is pretty easy to understand what is going on""

however using another account could cause permissions issues.."yes, even sa"     basically the username your using needs datareader and datawriter permissions to all tables used by the photo gallery system and you probably have to go specifically set them usin ght e security tab for your database in enterprise manager. This is more of SQL server 101 than anything to do with the Photo Gallery Code so I am not going to get into it too deeply, but that is definetly the issue.  Permissions...

Whein I went by the numbers off of your directions, which work well up to that point, the import would time out.

At that point I tried to import directly into access...and then it hung trying to login.

okay so I've put in a clean database and created a new record for me as admin.