I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out

Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/aspprotect/password_admin/upload_post.asp, line 6

If Session("Admin") <> "True"



If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.

All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.

Any assistance would be appreciated.

Thanks

i've got a client who has handed me a 151 character banner URL, and i see that the database is designed to take 150 characters. i took the obvious step of just increasing the size of that text field in the database, but i still get this error when i try to enter the URL in the proper form field:

Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done.

/banners/aspbanner/save_banner.asp, line 200

now, line 200 is just this:

If Banner_Link_URL = "" THEN
 CmdEditBanner.Fields("Banner_Link_URL") = NULL
Else
 CmdEditBanner.Fields("Banner_Link_URL") = Banner_Link_URL
End If

which tells me that something is blocking the assignment of that long value to that field, even though i believed i had extended the length of that field in the source database.

where else might i look?

You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp

You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.

If it is 2 directories down it should probably look different..

example:)   "../../checkuser_inc.asp"

It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.

Also..

The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.

Lasty…. If you are logged in at the time

Whether your current session at the site is still active… or you have the cookie set to remember you.

Well, nothing will happen… cause your already logged in and you will just see the page as normal.

Perhaps things are working and you just don’t understand that part ?

You need to go to the log off page.. log off… then close all instances of the web browser windows..

Then come back to the site… then see if it prompts you to log in.

When I attempt to upload, it appears that the image uploads. I get a "Original Image Size 0 X 0 pixels"

they don't appear in the web pages, any thoughts? I am using VBscript to upload, my host has safileup but I am unable to use it in this script, thanks for any help

http://mcintoshcounty.org/real_estate/extras/server_info.asp

here's the site link

Never mind, had the path to the image folder screwed up 

It appears there was a flag problem. When reading it into SQL Server, it converted the True/False in Access to 1/0 in SQL Server.

sorry,

there is not.. it gets really complicated
its practically a miracle it does what it does due to the nature of the web

perhaps with some modications it could do mroe but the current version pretty much does what it does

No worries

then..

is there any way I can get rid of those information shown on User activity screen, so I can at least know who logged in current day?

thank you in advance

Hello,

VBScript is the most popular ASP scripting language, and has the most support available. I estimate that less than 5% of the ASP coders out there use anything other than vbscript

That being said it specifically says on the aspprotect site ASPProtect is only for use in protecting asp using "vbscript" as the language.

http://www.aspprotect.com/more_info_full_v7.asp

http://www.aspprotect.com/comparison.asp

it is something I specified very clearly for this very reason.

Sorry, but you can not use ASPProtect to protect pages using Language="Javascript". The code is too complex to be mixed with server side Javascript.

To password protect asp pages written using "Javascript" you really need a an application specifically written in and designed to work with ASP pages written using "Javascript". And then of course that application would not be able to protect ".asp" pages written using "vbscript." (I mean never say never, but it would be a ton of work to get both working and I doubt you will ever see a commercial application that does both)

as for switching back and forth between vbscript and javascript you really can't except with very simple code. Doing so with anything complex can be extremely problematic because the order of execution sometimes gets all mixed up because of the complexity of the code being used.

That doesn't mean it can not work....

You would really want to do something like this.


do not specify a default language at the top

surround the aspprotect include file with this

<SCRIPT Language="vbscript">

</script>

surround your javascript code with this

<SCRIPT Language="JavaScript">

</script>

then make sure none the code including the aspprotect include file has any <% or %> tags in it

that means you have to remove that sort of thing everywhere... that means a lot of work if you used a lot of that sort of thing instead of response.writes to write out html type stuff

and again... I don't know if you would ever get it all working

I'll try to help when I get back tues night,, see the contact page for info on where I am .
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry

When a new user adds themselves to the db thru the registration page, no user id is assigned in the User_id field.  I can't access the page on-line due to an user_id related error on the page.  I must use access itself and add the user id.  After that, everything works as expected.

What have I done?

Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.

In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.

Redirecting example..
This page will redirect admins or level 4 users to a certain page  and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Admin") = "True" or Session("Access_Level") = "4"  Then
    Response.Redirect("sompage.asp")
Else
    Response.Redirect("someotherpage.asp")
End If
%>

Redirecting example..
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Access_Level") = "1"  Then
    Response.Redirect("level1.asp")
ElseIf Session("Access_Level") = "2" Then
    Response.Redirect("level2.asp")
Else
    Response.Redirect("allothers.asp")
End If
%>

Redirecting example..
This page will redirect user "PistolPete" to a certain page.

 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Username") = "PistolPete" Then
    Response.Redirect("somedirectory/somepage.asp")
End If
%>

 
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
 
<%
If Session("Username") <> "PistolPete" Then
    Response.Write("You do not have access to this page.")
    Response.End
End If
%>

etc etc etc.... these code snippets should point you in the right direction...

ok, I just sent you a private message with download information.

replace you existing

"check_user_inc.asp"

"admin/check_admin_inc.asp"

"admin/email_user.asp"

with the new versions in the download

Do some testing to make sure that HANNAH password works ok for you.

Hopefully this cures the issue...
If it works ok for you for a while I will offer the fixes to everyone and start using this code from now on

BTW:
"admin/email_user.asp" had an unrelated bug in it that only happened if its error handling got triggered... it was posting back to the wrong page when that happened and causing an error

Umm, if your using MSACCESS your using MSACCESS

SQL server has nothing to do with it.

Yes I did see that, and created the new project as well as imported the DLL's. I guess my question is; is it as easy as rename the file from aspprotectlogin.aspx to login.aspx and then running the release to regenerate? I know this is a novice question as I am a novice to .NET but the fastest way to learn is to do. Also I know you’re an advanced programmer with better things to do so if I’m stepping over the line from technical help to basic programming I should already know, feel free to point me somewhere ells.

It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.

Regardless,

If an account isn't listed you have to add it.

Click (add-advanced-find now) and it will list off all the user accounts on the machine

You can also click (add-advanced) and simply type in the account name or part of it.

Some more tips:

If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.

You can also go to computer management in your server's administrative tools and view all of the accounts  and groups there under "Local Users and Groups".

I have ASPProtect up and running and I was able to log in with little to now problem after following all of the directions. 

I imported my data base of users (approx 5300) into the access db, and now it times out just letting me log in.

I've got full access to the web server to make any changes on that end that I need.

any ideas?

YES.. you need to edit your SWF file to link to the aspbanner system...

example.. the link may look something like this
http://banserver.powerasp.com/aspbanner/banner_redirect.asp? Banner_ID=60

of course you need to put in the right information for your site and whatever banner ID it is in your system

Like it says above.. if you save the new banner at least once and then come back to edit that link will be generated for you at the bottom of the edit page.

then when your flash banner is clicked on it will go track the click and then send them to the "link_url" specified for that banner when you edited it.
(you need to enter the final destination url there if you want that to work)

Hello,

My guess your having trouble setting up a system dsn because the database has a password set on it. Your hosting company most likely sets up DSNs without using the advanced tab which is where the authentication information goes. Or they have some sort of web interface for the customers to use that doesn’t allow setting up that information.System DSN’s are actually difficult to set up correctly when the database has a password on it. There is of course a password on the database for security reasons so if someone ever downloads it somehow they will not get your information.

System DSN’s are not the way to go regardless as you will see mentioned at our support site.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=9&P N=1

You really should try setting up a DSN-less connection. It is the best way to go. They are easier to set up, perform better, and are less load on the server. Any host that wants it customers to use system dsn’s is not on the ball as far as server performance and server resource conservation goes. They are really asking for trouble down the road.

All you need to do to make dsn-less connection is the following.

Get permissions set for the folder the database is in (by your host)… then figure out the physical path on the server to the database by using server.mappath or you simply ask your host for the info.

An article I wrote on using server.mappath

http://www.powerasp.com/content/hintstips/physical-path.asp

Then your connection string will look something like this.. (of course you edit the path to match what server.mappath tells you. And you make sure the database name is correct)

ListingsConnectionString = "DBQ=C:\Inetpub\wwwroot\asplistings\_database\asplistings_ac cess2000.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Another option would be to simply remove the password from the database using MSACCESS.. then try to connect to it using a System DSN without the password. If your host is storing the databases outside of your web in the root of the server then removing the password on the database is not that bad of a thing to do as there is no way anyone will be able to dload it from your site. Of course there is a still a performace loss when using a system dsn with an Access Database

(User Search & Contact Mod) for ASPProtect Version 7.x

This will allow an individual user to search for other users as well as email or call them.

Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.

Directions:
Back up your existing ASPProtect installation.

copy "search.asp" into your "users" folder

2006-03-10_143253_User_Search_Contact_Mod.zip

Direct your users there. They will have to be logged in to view the page.

WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.

I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=49& PN=1

Jeromy, You should have access to that page.

UPDATE..

Installed a new rack mount 1u server this week.

3.2 ghz hyperthreading 1 mb l2 cache prescott cpu
2 gb pf pc3200 kingston memory
SATA Raid.. (2) 120 gb drives running hardware raid 1

It is a supermicro 1u server case and server motherboard.
The hard drives are SATA 150 120 gb 7200 rpm Diamondmax Maxtors

All high end server type stuff... It's a very powerful server and has been running great all week. 500+ hours uptime so far.

Running Windows 2003 Server Enterprise
SQL 2000 Enterprise SP3
SmarterMail
SmarterStats
Windows DNS
ZipEnable (which I am reviewing for them)
ServerMask (which I am reviewing for them)
A ton of ASP Components which I have purchased over the years.

So that means I can now focus my attention on creating software again instead of being a system admin. (Due to these server issues over the past few months I am now back to godly status as far as windows system administration goes.. not to mention I am now back up to speed on the latest processors and hardware)

So, getting back to ASP Photo Gallery...

I spent about 20 more hours this week on the new version of ASP Photo Gallery Pro.. I have another 40 or more to put into it as I have a lot I want to do.

I think it will be ready within the next three weeks. I know a lot of you have been waiting for something.

Noted:
I actually did not think you did.

As far as debugging goes.. thats all built into visual studio.net.
There is a tag you edit in the web.config file to enable project debugging
http://support.cjwsoft.com/code/moreinfo251-1.htm

Like I said though for changes to ASPProtect.NET I'd start off from scratch and stick with vb.net... using the visual.studio.net interface is not really vary hard to remove and change things you dont' need even if you are a C# coder. Especially simple stuff like you mentioned.

edited due to inappropriate content

I did all that you sugessted and all failed, you  said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually?  below are the steps I performed......

1 - made sure the web is it's own application in IIS

2 - Reset IIS in command promt

3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.

I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?

Thank you!

Matt...

Microsoft VBScript compilation error '800a0411'

Name redefined

/aspprotect/config_inc.asp, line 15

Dim  Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^

hello,

There is no built in option. You would have to add code to do that.
Its not difficult but custimization like that is not something I support.

Hello,

It is very possible (just basic ASP and database accessing techniques)
It is just not the sort of thing I support in the forums as it is a customization related.

Even for me something like that would take 1-3 hours of coding time. Basically, it is just not something I could just explain to you real quick.

You might want to pick up a good book on ASP or check out some of the great resources out there. http://support.cjwsoft.com/forum/forum_topics.asp?FID=17

Doing stuff like this is relatively easy, but can be time consuming work.


In the future please use a more descriptive topic for yours posts "I need help" is not exactly helpful to anyone else searching through the forums . I therefore renamed your post accordingly.

I really try to keep the forums organized and clean. That's all.

Thanks

that wont work the way you did it because groups are not stored like like.

groups are stored "*1*"
or "*1*,*9,*"

so if you test for them you must do so using the InStr function of vbscript

example:

If InStr(Session("Groups"),"*1*") Then
    ' do whatever
End If

also.. as for the session variable
it should be    Session("Groups")

And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved

Session("Groups") = CmdCheckUser("Groups")

If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value

Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?

I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?

It really means just what it says. Your connection string is just not valid and the sql server speicifed can not be reached. The username and password could also be invalid. Since you already had a database set up you should use the same username and password you have always been using. You also need to use the same database name you have always been using. Without actually knowing more and seeing what you are doing it is pretty hard to tell you anymore than that.

The directions and sql scripts given are for setting up a new sql database. Applying them to an existing sql database requires a slightly different approach. Modificiations to the SQL scripts elimintating references to the usernames/password/database we suggest in the scripts is also a good idea.

A data connection is a low level as it gets. Until you get that working you are really not even touching any of the code in the ASPListings application.

If you want I have no problem going into your sql server and web and setting up for you correctly.