No rush, I have it out on the internet, but have not gone live with the site yet.

Thanks for responding,

Enjoy your well deserved break

thanks!! the file took care of the extra slash. I also fixed the problem by modifying the permissions.

dazed

no, you cannot unless you plan to write a lot of custom code.

That is why the option pack has groups which eliminate the need to use access levels because groups can do everything access levels can and more.

There is an article here regarding that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=32& PN=1

Post a request in the "custom code work" forum.
Perhaps another customer will want to do the work or help you out with some code.

I am just too busy to do any custom work for quite a while.

If I also password protect the pricelist pages then someone will have to login twice.

nobody should have to log in twice... ?

session variables keep track of access... once your in - your in and you can browse to and from any password protected pages you like

If it is making you log in each time then cookies are most likely disabled.. session variables requires cookies being on to work.. cookies being on  is a requirement of aspprotect and is how Formed Based Authentication works..

let me know if that is the issue there...

you shouldnt have to be logging in more than once per session

Thats the whole point of the application...

Hi,

No, only ".asp" files can be protected.  It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.

To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.

Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.

Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.

In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc

If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.

For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.

Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://

You need to make sure you created the SQL database using the SQL scripts we provide and that no errors occur whatsoever. That is extremely important. You must use our SQL creation scripts.

Then, when you create the user you need to go back to that user and make sure you check the admin account and save that user again. (many times when setting up a system for someone I find myself forgetting that step and then I have to go back in and check the admin box for the user I created.)

And of course create the user from the ASPProtect admin area web interface. Do not add the user to the database manually because you will have no way to enter the password correct as it is encrypted. And do not change the encryption key after making the user/.

It would also be wise to check the SQL server database at every step to make sure the user info gets created and that all the field info looks correct for the most part.

You also want to be sure to specify SQL as the database type side the connection string info as the SQL directions go over

a remote sql server should not an issue.

thats really all I can think of right now

Are there any problems with modifying the default database fields.

I need to have an update from net billing and they use different settings in the database than the default.

Will the interface still be functional?

The redirection at 1st login feature is supposed to work like I explain in this thread.

http://support.cjwsoft.com/code/moreinfo385-1.htm

Though what you just said is a bit confusing it sounds like you have some sort of browser problem and it is doing the redirect every single time. ?

I would suggest reseting all your browser settings to normal and making sure cookies are enabled because forms based authentication uses session variables and cookies must be enabled for session variables to work correctly. If not something like this could happen as the redirection at 1st login would happen over and over every time.

So try it on other computers and try with firefox as well as IE. Many people go nuts with their browser settings and way too much stuff blocked which can cuse all sorts of issues. Also some script blocking and firewall software can cause problems so disable all of that when testing.

You may also have created some sort of endless loop. (I really need to know way more information on what you did to know that for sure)

You may also want to consider doing your redirects manually meaning you protect a a page and right after the protection you use regular ASP redirect statements to redirect the user whevever you like based on their session info which is available to easily check immediatly after someone gets through the authentication.

I still stand behind my statements that redirection is not good site design. You really really need to understand and plan your ASP pages as well as have a very good understanding of the session and how all of that works if you use redirection with a password authentication scenario. You should never be redirecting someone to an ".htm" pages except during testing because you wont be able to stop users who are not supposed to go there from going there directly.

right..

I had to open up the permissions to get it to work.  I now have to go back and uncheck each one for directory listing.. :)

The Double DIM needs to be removed for this code to work properly.

<%
Dim BannerZone, BannerConnectionString, BannerDatabaseType, ConnBannerSystem
Dim CmdCheckUser, CmdGetConfiguration, App_Name, Config_SQL, BodyTag, BanDataConn
Dim CmdBannerTemp, CmdGetZones, ZoneString, ZoneArray, ZoneIndex, CmdUpdateWaiting
Dim CmdUpdateExpired, CmdRetrieveImpLimitedAds, CmdRetrieveImpressions
Dim CmdUpdateImpHit, CmdRetrieveAds, CycleBannerTotal, CycleList, NewCycleList
Dim Dim LoopBanner, CycleLoop, CycleListArray, CycleListArrayIndex, BannerCycleData
Dim Banner_Array, CurrentBanner, NewCycleListArray, Banner_Array2, LocationIndex
Dim Stop_Processing, Keep_Processing, CmdUpdateStats
%>

A very common and extremely bothersome error encountered when running ASP apps that connect to a database is the "80004005" error. It comes in many varieties.

These articles cover it.


(an article I wrote)
http://www.powerasp.com/content/hintstips/permissions.asp

(more articles)
http://www.aspfaq.com/show.asp?id=2009

http://support.microsoft.com/default.aspx?scid=kb;en-us;3065 18

http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=115

http://www.macromedia.com/support/ultradev/ts/documents/8004 005_cannot_open_unknown.htm

Hi,

I wanted to see if you had any suggestions for converting from Access to SQL sever database. I attempted this earlier today performing the following steps.

1) Create SQL Tables using Enterprise Manager / SQL Scripts
2) Use DTS to move all of the existing table data to the sql tables.
3) Update dataconn_inc.asp to use SQL and the required connection string.

When these steps were complete I was able to login to ASPProtect as an admin and search / find both groups and users. However, any attempt to edit or create users resulted in a "the page ... had a problem ... " type problem. It seems that I can read from the db fine but and getting errors writing to the tables. The user id that is being used to connect to the db is the [dbo].

Any additional hints for this procedure?

Thanks

Darrell

Yes, thats cool.. post it here for sure.

Also, the way you allowed for your search engine is clever and probably was the easiest way to go.

You could do the same thing with the IP. Much easieri than the way I was thinking of doing it.

All this being said installing the desktop version of SQL may be a little tricky as it may complain that your SA account needs a strict password.

The solution is to run the SQL Desktop setup.exe with some parameters specifying a password for the SA account.

So you go to the command prompt or make a shortcut to the setup file and run something like this

setup.exe SAPWD="YourPassword"

minus the quotes...

I got that info from this article and it worked fine
http://www.experts-exchange.com/Databases/Q_21036508.html

The other thing to remember is it might take a reboot to actually see the SQL server icon running in the taskbar. You may also need to go into the administrative services and enable the "SQLSERVERAGENT" as well as set its startup type to "automatic"

And a reboot here and there..

Whammo... your in business...

Dear Support Team

I have read and Installed your v8 banner software

exactly as explained on XP pro which contains other asp working app.

I have problems with the " Application " and " Session" in your scripts

things that make the iis fall dead.

also in the file asp _unlimited_config.asp

you have exlained that every thing must be kept without the "" marks.

well i get http 500 error cause of it.

Please advise

Thanks

Ran

http://support.cjwsoft.com/code/moreinfo286-2.htm

http://support.cjwsoft.com/code/moreinfo391-1.htm

http://support.cjwsoft.com/code/moreinfo385-1.htm

Our knowledge base which is hosted at a remote location is protected by ASPProtect Full Version 6. I would like to allow our employee to access the knowledge base from within our internal network unchallenged. Is there a way which I can modify the code "check_user_inc.asp" to allow any one coming from say 10.1.X.X to access the site unchallenged?

Thanks,

Mo

If things are not perfect there will be no log files and no errors.. it can only be one of these things really
http://support.cjwsoft.com/code/moreinfo313-2.htm

You may also want to make your the filesystem on the server is working and not disabled by norton script blocking or anything random like that. Testing the filesystem object is best done by writing a simple text file to a folder. Plenty of examples of doing that can be found at www.aspin.com

Recent activity is temporary and admin activity in the admin area is not tracked. If your application in IIS has reset or there has been no activity in the users area or in pages you protected there will be nothing there. The busier your site the more chance something will be there. For example usually our online demo has something there except right after 4am when my server does an iisreset.

Alternate Method to call banners from non ".asp" pages.

<iframe src ="http://localhost/aspbanner/aspbanner/aspbanner_inc.asp?Ban nerZone=4" width="468" height="60" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe>

Be sure to delete the space in the BannerZone variable above. I am not sure why it is doing that in this post.

You can try calling the banners in an simple iframe like so.
This method should work much better than the javascript method because users with javascript turned off will still see the banners. You also will not have any of the limitations the javascript method has. Iframe is now supported by most recent browsers so it is now a good solution. Here is a chart that shows which browser versions support iframe.

Be sure however to edit the height and width values accordingly as that is very important.

I uploaded the files designed for an aspprotect folder at the root of my site (mysite.com/aspprotect) and went to mysite.com/password_admin/get_me_in.asp and receive this error:

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0xf54 Thread 0x908 DBC 0x90c41dc Jet'.

/aspprotect/scripts/populate_config_variables_inc.asp, line 11

I am assuming my host has still not set rights properly and that is why I receive this error. Am I correct?

 I will definitely recommend hosting company you suggested for our businees site.

You have old code I think.

It's probably because his password used with your encryption key by chance creates a single quote and messes up the database query

A notice went out about this. I will PM you the latest download with the updated files.

ACCESS DENIED

INVALID Username & Password

Username HAS EXPIRED

When adding a new user I am taken to a form.

There are several "required fields".

First and last names are 2 of them.

This is not needed by me and I need the company name as a required field instead. I work and deal with company names, not individuals.

So, i am unable to add any users due to this.

How can I either do away with the names as a required field or swap the individual names with the company name as a required field?

I have customers wanting to be able to view their own stats, but I need to do away with the required fields to work with my customer base.

-john

ok... glad ya figured it out.

Yes.. for ASP server side code to run the page extension must be ".asp". I was gonna mention that but I guess I just didnt think anyone would do that.

no offense.. not everyone works with this stuff every day..

well, assuming that function works and is vbscript not vb
(if it is vb code it may need some conversion work)

anyway

in "users/add_new_account.asp"

you would put the code for that function anywhere in the page.. it does not matter where as long as it is in code tags <% %>

then.. right under this part of the same page

If Zipcode_Postal_Code_Required = True Then
 If  Zipcode_Postal_Code = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Zipcode_Postal_Code.\n\n")
 End IF
End If

add this

If Check_Postcode(Zipcode_Postal_Code) <> True Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Valid Zipcode_Postal_Code.\n\n")
End If

No guarantees but that is the gist of it

Banners no longer show up on my site ?

If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.

The web server must have crashed or lost power and now the application variables are in limbo/not working.

I have seen this happen a few times.

Basically the application variable system gets messed up because it was not shut down properlly.

The way to cure it are as follows.

Edit and save a banner in the system. Hopefully that gets things going again.