the menu file.. "menu.asp" or something... just follow the logic of the code to find things like that. Look for server side include files and what not in the source code.

This is a good article on figuring out what pages to edit as well as other things.
http://www.powerasp.com/content/hintstips/common_sense.asp

If it was working and you changed code you could have possible messed up how all of that works... you may need to revert back and be really careful as you make changes testing every step of the way.

After understanding how the count works i checked the IP in the db.  They are all set to the same IP (my web server) no matter what ip is doing the viewing.  This is probably due to my ISA2004 firewall that is posting the ip address of the web server with each log on.  So, can you help me with where the code would be to modify so the db does not get updated?  I risk the refresh problem, don't think it is an issue with me.

Thanks,

Hi Chris,

I have a small problem, I have installed asp photo gallery pro on a hosted site, and after eventually getting them to modify permissions on directories it is essentially working, except that it won't delete pictures from an album. If I delete an album the pictures are left in the pictures directory, but the album is no longer displayed. If I then make a new album it is labelled incrementally... ie I had one album "album_ID_1", deleted it created a new album it is labelled "album_ID_2". I would have thought that the new album would be called "album_ID_1" ie taking the place of the deleted one. It seems to me that the delete album function isn't fully working either. My hosting comppany swears that the permissions on the pictures directory are set to full access for everybody. What have I done wrong?

Thank you

Nigel

(FREE) Nov 23 2005 Update Files

If you purchased ASPProtect Version 7.x before Nov 23 2005 then you can download these Update Files.

(These are non-critical updates.. only update if you want the described changes below)

These updates do the following..

• Make the Tabs in the Admin area move up and down as you navigate around so they look more like tabs used in a file cabinet.
  
• Updates the import/export process so the tab delimited text files created now store the passwords in plain text instead of encrypted. I have been thinking about this one for a while now and I think it is better this way as it was confusing a lot of people. If can also kill the whole process if by chance the encrypted output of a password contains a line break of sorts. There is no way to deal with that scenario so this is way the import/export process is going to work from now on. This also means you should be VERY carfeful about leaving export files lying around as they will have the passwords in them.
  
• Updates the "expected_paths.asp" in the data folder because the paths it was generating had an extra "data/" in it.
  
• Updates the users page so it will not show the import/export link if you have not entered a path for the export files in the settings.
  
• Adds an Activity Tab if using the Activity Tracking features instead of the links it used to put on the users page that most people didn't see.

To install these just copy them in over the old files.

Now of course back up your existing files so can revert back if there is a problem or you do not like the changes. If you made any custom changes to any of your pages use your head and realize that copying these in over your existing files will overide any custom changes you made. (that is your business, I am just warning you)

2005-11-23_163025_ASPProtect_v7_11-23-2005_update.zip

Also, I found this page which specifically talks about hidden IPN form values to change currencies

https://www.paypal.com/us/cgi-bin/webscr?cmd=p/acc/ipn-info

mc_currency	For payment IPNs, this is the currency of the payment. For non-payment subscription IPNs, this is the currency of the subscription.
	"USD"	The currency of the payment is U.S. Dollars.
	"CAD"	The currency of the payment is Canadian Dollars.
	"GBP"	The currency of the payment is Pounds Sterling.
	"EUR"	The currency of the payment is Euros.
	"JPY"	The currency of the payment is Yen.

5300 users honetly wouldn't even phase the database or the code... even with MSAccess...you got other problems and I can say that with 150% certainty

my guess is permissions on the database folder are not quite right or the odbc drivers have issues.. something along those lines..

access databases act up when full modify permissions are not given to the folder they are in.... they can also act up if the odbc drivers are very new and you are not using a newer version of the access database such as 2002 version as opposed to a 97 or 2000 version

using a system dsn as opposed to a dsn-less connection can also cause BIG issues. always use a DSN-LESS connection

you can also have big problems if just the database file is given permissions instead of the whole directory it is in

also, the script timeout has nothing to do with it.. if that is happening something is wrong with the data connection like I said... no amount of changing timeouts is going to cure it...

how permissions are correctly set
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp

why system dsn's with access databases are bad news
http://support.cjwsoft.com/code/moreinfo9-1.htm

I know it worked at 1st but it can still be related to all of this because when permissions are not perfect databases will work ok for a while and then act up. it all has to do with the temporay lock files that access creates and deletes on a regualr basis

Hi,

Its just not enough information to go on. I need more details on what is going on. There are a lot of configuration settings in these applications. I really do not know what to make of that screen shot.

My 1st guess is that if you cannot delete a picture that the picture folder does not have delete permissions ??

I also need to mention that I am not sure what this has to do with ASPImage ?

Umm, if your using MSACCESS your using MSACCESS

SQL server has nothing to do with it.

I hear ya.. problem is it just does not fit into the banner rotation logic.

I know it sounds like a simple thing, but it is not because ASPBanner does it's rotation logic in a totolly unique way that no other system I know of does. It basically does everything in memory.

I just don't see anyway to do add what you are asking about without totolly re-writing how it works. The system would have to rely totally on complex (SQL queries / stored procedures) to do the banner rotation like every other poorly performing system out there.

It's really hard to explain, but I just no way I see to add it to the high performance application variable banner logic.  If I changed the system to not use those application variables there would be a tremendous performance loss because the database would be doing about 90% more work than it currently does.

As I have said before sacrificing performance is just not something I am willing to do.
http://support.cjwsoft.com/code/moreinfo144-1.htm

I built ASPBanner for performance and speed and that has always been it's main intention.

I leave the bloated features to the competition. If I lose sales because of it that is just unfortunate. I want the best performing system. The system I can be proud of. The system that can handle millions of impressions per day under a MSSQL or MYSQL installation and not even flinch. That is what ASPBanner is all about.

The other thing is pricing. The price is kept low partically because the feature set is low.

Maybe someday there will be a version with more features and less performace. I really do not know. Right now it's just not something I plan on doing.

import/export feature WARNING !!

I just want to warn everyone that the built in import/export feature can be a little dangerous.
The reason being is when you import users they get new "Users_ID"s in the database.

The "User_ID" field is an autonumber field and that is why and there is nothing you can do about it.

So, if you are using a user's current "User_ID" to keep track up something important NEVER export the users and re-import them. Because their "User_ID" will change and you will be in trouble.

The PayPal signup features of ASPProtect actually use the "User_ID" like this and that is the main reason this warning is here.

now, that being said

If you are importing new users into ASPProtect

or

simply exporting existing users to another system

then this is nothing to worry about.


Basically, the moral of this story is dont think of the built in Import/Export feature as backup system because it is not. It is not a substistute for backing up your database.

It is a just a tool that can come in handy for various things.

Hi Chris

After turing off the delayed stats feature the internal errors have stopped and it still serves banners, although I havent checked the logs yet. I will and post any errors.

I left my test page up last night at say 11pm serving 4 banners of different sizes rotating every 15 seconds, now at 9am the page is just displaying 1. If I refresh the page they all reappear.

Regards
Colin

Has anyone used the aspmail function to send and recieve emails from within your forms? If so what string did you use in the aspmail_host field in the connections database.

thank you
adam

The parent paths things really should not be an issue.

This is an article from the troubleshooting section of the documentation that takes care of it all very easily.

http://support.cjwsoft.com/code/moreinfo162-1.htm


As for a good host that knows ASP and does not mess around when you ask for something. I always recommened www.alentus.com

The Pop-Up Javascript Date Pickers will only show up of your server's regional settings are set to one of two lCID values.

1033 which is English - United States
mm/dd/yyyy date format

or

2057 which is English - United Kingdom
dd/mm/yyyy date format

Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.

This setting can however be easily overwritten when using the ASPBanner system.

or

Session.LCID = 2057

depending on what date format you are looking to use

Save the file and go edit a banner. The date pickers should be there now.

Hi Chris,

Thanks for the answer. No, I am not using Paypal since these are employees and sales reps. I guess i'm on my own on this one. :)

Thanks
Sylvain

  Hi, we purched ASP Protect a few months back and had it installed on our hosting company under a "temporary" domain name -- cidrasensors.com

We are now about ready to switch this development site over to production and I need to change the domain from cidrasensors.com to cidra.com

My hosting company wants us to create a new accounting and re-set everyting up.

So...based on this, I have a few questions for you:

1. Do I need to re-install the software? or can I copy from one account to the other?

2. Assuming I can copy the software to the new account - are there changes that will need to be made to point to the new domain?

3. If I decide I wanted to keep the first account alive for development purposes (never turn on the website domain to the public) - would I need to have a seperate ASP Protect license? 

4. If I decided to ask you to do the transfer for us - is that covered in the $20 Installation fee I saw on the web?  

1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another?  I am asking because there is only one table in the DB, and it is the "Users" table.  So I am presuming that there must be other databases that are linked to the DB.  Is this correct? 

2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software?  I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of. 

http://support.cjwsoft.com/code/moreinfo286-2.htm

http://support.cjwsoft.com/code/moreinfo391-1.htm

http://support.cjwsoft.com/code/moreinfo385-1.htm

Chris,

I understand.  I set it to a lower number that will hopefully be a good balance for the user.  I am simply AMAZED at what your software does and I thank you for all you have done.

Jess

After I approve someone's username and password, then go to send them the default e mail telling them of the approval, the e mail never goes through.  The e mailing used to work well for many months, but it stopped working.  Any thoughts?

Spider

I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.

<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then  
 SearchFlag = True
End If
 
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then 
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>

</head>

<body>

My Protected stuff here

</body>

</html>

For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.

Thanks,

Mo

[/QUOTE]

I just added couple of lines and it works fine

If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then 
 ' Session("PasswordAccess") = "Yes"
 SearchFlag = true
End If

Hi

I have purchased the Standard version about a week ago. Its a great script.

I have been able to select  uploaded banners from day one... but just now i dont seem to be able to select...

i know its hard for you to trouble shoot with such little information.. but i had to ask..

Should i maybe upload the site again ( but same the database first)?

regards

Domenic

Sydney, Australia

I am having an issue with the Thumbnailing process. My host does not support ASPImage so I have to use something called asp thumbnailer which is similar to ASPImage. I am trying to modify the Dundas upload to automatically reduce the images to create thumbnails. I ripped out the asp image code and replaced with the bottom. The main issue I believe is grabbing the image files. I am not sure how to name the actual image file that is already uploaded by the dundas upload. the code is below:

The peices in red are where the issue is I believe. What you see below is my attempt to identify the exact image and then rename it tthumbnail. My optimal solution would be to take the picture, resize it and rename it exactly what it was named before.

Any ideas

Thanks

<% Else %>

<%
 Dim thumbObj
  
 Set thumbObj = Server.CreateObject("ASPThumbnailer2.Thumbnail")
  
 If thumbObj.LoadFromWeb("../pictures/" & Filename) Then
     thumbObj.ThumbMaxDimension = 140
     If thumbObj.CreateThumbnailToWeb("../pictures/Thumbnail.jpg") Then
         Response.Write("Thumbnail successfully created.") 
     Else
         Response.Write("There was an error creating the thumbnail.")
     End If
 Else
     Response.Write("<p><hr><b>Unable to load the original image.</b><hr>")
 End If

 
Set ConnClassified = Server.CreateObject("ADODB.Connection")
ConnClassified.Open ConnectionString
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdSetImageInfo = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "UPDATE Ads SET Image" & PicNumber & "_Uploaded = 1, Image" & PicNumber & "_FileExtension = '" & FileExtension & "' WHERE (Ad_ID = " & Ad_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnClassified
CmdSetImageInfo.Open cmdTemp, , 1, 3
%>

Hi Chris,

The password is HANNAH.  If you're into trouble shooting mode and would like the key, I can send it to you.  If not, no big deal, I've email the guy a new password.  We'll see how many rounds it takes him to get it right. 

Thanks,
Mick

(User Search & Contact Mod) for ASPProtect Version 7.x

This will allow an individual user to search for other users as well as email or call them.

Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.

Directions:
Back up your existing ASPProtect installation.

copy "search.asp" into your "users" folder

2006-03-10_143253_User_Search_Contact_Mod.zip

Direct your users there. They will have to be logged in to view the page.

WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.

ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.


Before you even start please read this thread and do what it says.
If any errors show up it is important you see the real error instead of a useless HTTP 500 internal server error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1

Once doing that make sure to use Internet Explorer as you follow along with these directions.

Now, unzip your installation zip file that you downloaded from CJWSoft.
Use a program like winzip and be sure you have it set up to unzip the directories as well. You can also use windows xp's built in folder compression tools to unzip the archive.

When you unzip the application you should have all of the following folders and files. (more or less, it depends on the version)

Now, you can copy all of these files into the root of your website or if you like you can make a folder called "aspprotect" and put all of these folders and files in that folder. Either way it really does not matter.

Now, contact your web hosting company and instruct them that you need permissions set on the data folder that you copied into your website. This folder and all of its child folders need modify permissions set on it for the anonymous webserver account. It is very important that they set the permissions correctly and on all the child folders as well.

Here are some threads on exactly how these permissions are set.
If you run your own server or are developing locally you can do this yourself. If not most likely you need to put in a request to your hosting company as you CAN NOT set these permissions via Frontpage or FTP.

Windows 2003 Server and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=136& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Windows XP Pro and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=56& PN=1

Once permissions are set.. run this page via your web browser

http://www.mysite.com/data/setup_info.asp

Replacing the part in blue with your website info.

When this page is run it will report back a screen like so:



Now, take the connection string info it shows you.
Edit the "dataconn_inc.asp" file in the root of the ASPProtect system and use that data connection information. It should be valid for the server.

If you are using MSSQL server instead of Access please see the SQL database creation directions as you will need to create the MSSQL database and use a special connection string for that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=160& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Now, take the CookieEncryptionKey and PasswordEncryptionKey info that it gives you and enter it into the "config_inc.asp" file in the root of the ASPProtect system. These will be the unique keys that your encryption will be based off of.

Ok...

The files have been copied to your website, the permissions are set on the data folder, and the database connection is ready.

Now.. run this page

http://www.mysite.com/password_admin/get_me_in.asp

Replacing the part in blue with your website info.

This is a special page we use to get into the system for the 1st time.

If you get a nasty error when you run that page similar to this.

Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

Then parent paths are disabled on the webserver and you need to do an extra step to deal with that. Follow this link.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=162& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1&TPN=1

If you get any other variery of "80004005" error then there is a problem with your data connection.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1

Those errors are usualy related to database folder permissions or an imcorrect physical path to the database file specified though they can mean a lot of things.


Once you get the page running you will see a login prompt and one form field

You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.

If all goes well you will see the admin area of ASPProtect.

Now that you are in the system you need to create an admin account.

Click on "ADD NEW USER".. fill out the info and add a user.
You really only need to fill out (first name,last name,email,username,and password)

Now save that user.

You should see a new user listed in the admin area. Click on Edit user to the left of the new account. On the edit screen check the "admin" checkbox and save the user.

You just created an Admin account.

Now click on the "log off" button on the top menu and click yes to log off.

Now close the browser. Then run this URL

http://www.mysite.com/password_admin/default.asp

Replacing the part in blue with your website info.

You should now be able to in to the admin area of the system using the new admin account you created.

You are now ready to go to the settings page so click on the settings tab in the menu. There are a lot of options and paths that need to be set on this page. Every setting is described in detail on this page. You need to go through the page and set things up properly. Anytime the page asks for a path to a url or file the page will auto generate what should be the path to use. (expected path) If your server has parent paths disabled a few of those auto generated paths will not show up. If that is the case run this url from your server and it should tell you the paths to use for those settings.

http://www.mysite.com/data/expected_paths.asp

Replacing the part in blue with your website info.

Once your all done and the system seems to be running fine you should go back and delete the following pages as they are no longer needed and pose a potential security risk.

http://www.mysite.com/data/setup_info.asp
http://www.mysite.com/data/expected_paths.asp
http://www.mysite.com/password_admin/get_me_in.asp

You should back up the original zip archive you got from CJWSoft in case you ever need those files again.

VERY IMPORTANT: The user passwords from now on will be encrypted using the "PasswordEncryptionKey" you specified in the "config_inc.asp" file.

If you ever change that key all of your passwords will be invalid and you can not get them back unless you know the key and put it back, so plan on never changing that key unless you really know what your doing and know how to decrypt/re-encrypt the passwords using a new key. (something we do not cover at the moment but probably will when we have time to make a tutorial) 

right..

I had to open up the permissions to get it to work.  I now have to go back and uncheck each one for directory listing.. :)

Yes, as long as each installation is in in it's own web site.
(or at least in it's own application in IIS)
Meaning you could have 5 directories in your site each with the app installed as long as each directory got set as an application in IIS.

Remember, a license must purchased for each running install except for development reasons on local machines.

Please Note : Users with the option pack a new feature called groups that is much more powerful than access levels.


More On Access Levels

Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.

Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default and also info on an alternate scenario we have provided.

In the "check_user_inc.asp" that comes in the root of this system Access Levels works as follows.

Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN

The "check_user_inc.asp" included in the "extras" directory is an example of changing the access level checking code
to work differently. In that "check_user_inc.asp" Access Levels works as follows.

Level 1 has Access to - Level 1
Level 2 has Access to - Level 2
Level 3 has Access to - Level 3
Level 4 has Access to - Level 4
Level 5 has Access to - Level 5
Level 6 has Access to - Level 6
Level 7 has Access to - Level 7
Level 8 has Access to - Level 8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN

If you get creative you can create some interesting access level checking scenarios.

Here is some additional info..

If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.

Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do

Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.

Do something like this..

Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.

So you could do something like this...


<%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>

The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp

That would in effect create totally custom access levels.. but you would
have to do it manually for each user.

You can also do things like this after a person logs in

Show custom html to any specific user based on either their username or
access level ... like so

say there was a menu and a certain link should only show up to username
"paully67"

you could do something like this


<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>


<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>

</BODY>
</HTML>

Or you can show custom HTML or links based on Access Levels or any other info.

You can do just about anything with if-then statements and
using the built in vbscript functions..

Hopefully this info will help to give you some ideas...

Bottom line is you have to do some work within your site to make the Access Level system really come alive.

Anyway,

How busy your site is actually won't be the only factor. Really the application should not restart unless something happens. If the IIS application is reseting alot it could very well be the ISP restarting the server or doing IISRESETS as well or other sites on the server causing the application pools to restart.. etc etc etc  Quality ASP hosting is important. Regardless your hosting company most likely will not admit to anything be out of the ordinary.

As far as that directory deleting itself on you.. I doubt they will have an answer for that one. All I can tell for sure is I didn't put any code to delete it in there.