Chris,

I've given the IUSR account modify access for the aspprotect folder.

In the ODBC manager module on the webserver I've taken out the aspprotect access driver option.

The dataconn_inc.asp line reads as

ConnectionString = "DBQ=D:\missourirealtor.org\members\aspprotect\data\database \ASPProtect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Now this should make it DNS-less correct? with the permissions set properly?

I've also taken out the password on the access database.

The original database of users I had was an access database from a different program called spooky login.  I exported them into a tab delimited file and changed the column headings to match those in aspprotect exactly.  Actually access would not let me import them in the databases without them being exact.

I imported that information directly using access's import options.  I tried the import/export manager in aspprotect but kept timing out as well.

Hey, I run a business and I will not have things like that mentioned in these forums.

been working on this for about 5 hours today.. I think I found the problem and it involves a vbNullChar that the encryption process is creating only during login attempts

it then messes up during ASPProtect authentication because it blows up the SQL Statement to the database

like I mentioned before the chances off this happening are slim but possible as two people so far have been able to create the situation

I seem to have the HANNAH password working now using your encrption key

I need a little bit more time to clean up the files I have been working on. Then I will give you new "check_user_inc.asp" and "check_admin_inc.asp" files to try out

The pages in the ASProtect Full version that have emailing code in them are as follows.

password_admin/email_user.asp

password_admin/send_mass_email.asp

users/add_new_account.asp

users/email_password.asp

I have tried everything to get your CJWSoft code working..I purchased the auto listings software and I am stumped, and actually you stumped my hosting provider, my database is stored in the database directory on the root.

I have even tried your ASPtest and still cannot connect.  My have connected other databases without an issue on this same host, I have named a DNS Auto for my database and ponted to that in my code  but get the following error you see at http://www.burkesauto.com and even when i try you test script found here at http://www.burkesauto.com/asptest.asp .

Hi Chris:

Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?

I'm not quite sure what the syntax would be in the URL.

Warren

Please be aware folks..

This file is not provided by CJWSoft. Though this may work very well use of it is not supported in any way. We have not tested it.

This user is not using the option pack so this file will not be compatible with anyone using that because it does not have support for groups and some of the other new features.

Regardless..we appretiate users sharing ideas and solutions that they have come up with.

yeah.. I cant say for sure.. as I have never really tried to get it working in xp pro.

Last time I actually used cdonts locally was on a 2000 box

I would do a google search on xp pro, smtp service, and cdonts and let us know what you find out.

All of our apps can use free 3rd part emailing components as well so maybe try some of those. Course you need a valid email server to connect to.

Line 409:
Line 410:
Line 411:		<authentication mode="Forms">
Line 412:			
Line 413:			<!-- DO NOT CHANGE UNLESS INSTRUCTED TO DO SO -->

Yeah, its working great witht he Access database. Now I just need to get it all set up. I like how the config file is set up with all the comments, it really helped allieviate the 40k thumbnails, .

I just told you a lot of different things to try... and I doubt you have tried them in the time since I mentioned them

(User Search & Contact Mod) for ASPProtect Version 7.x

This will allow an individual user to search for other users as well as email or call them.

Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.

Directions:
Back up your existing ASPProtect installation.

copy "search.asp" into your "users" folder

2006-03-10_143253_User_Search_Contact_Mod.zip

Direct your users there. They will have to be logged in to view the page.

WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp

You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.

If it is 2 directories down it should probably look different..

example:)   "../../checkuser_inc.asp"

It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.

Also..

The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.

Lasty…. If you are logged in at the time

Whether your current session at the site is still active… or you have the cookie set to remember you.

Well, nothing will happen… cause your already logged in and you will just see the page as normal.

Perhaps things are working and you just don’t understand that part ?

You need to go to the log off page.. log off… then close all instances of the web browser windows..

Then come back to the site… then see if it prompts you to log in.

Yes, I was referring to ASP Protect.

I had about a dozen people access the same account, but it is highly unlikely that they would all try at the same time (unless there were several hundred people who had access). Having an enhanced login abuse would be nice.

Ok time for some more questions!!!

Is there a way to make the person's email address their default username... or force it in somehow instead of allowing them to create their own?

That carrot doesn't really exist in the file, so I'm not sure.

I did download and place the ASPTEST file in www.drsweisberg.com/asptest and when I try to load the 2 pages it fails to load.  I have another site on the same server and I uploaded the same exact set of files and the asp pages load.  www.klarman.com/asptest

http://www.drsweisberg.com/asptest/server_info.asp

http://www.klarman.com/asptest/server_info.asp

This is how I set the connection:

ConnectionString = "DBQ=D:\clients\rklarman\klarman\asptest\_database\asptest.m db;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

ConnectionString = "DBQ=D:\clients\rklarman\drsweisberg\asptest\_database\aspte st.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Yup, it probably means the virtual directory is not configured as an Application in IIS.

You did put this in a plain folder in your web, correcct ?
Not a subweb

Regarding the application settings for the virtual directory.. if it is your server you set that stuff up in the IIS console.

If hosted somewhere it is there responsibility to have that set up correctly for you and you need to contact them and ask them what the deal is.

OK, I updated the server with the SP 8 Jet updates and this had no effect.

Then I loaded the asptest file and put in the correct path. The results were:

Failed: Database could not be connected to....

Error reported from server:
Error source: Microsoft OLE DB Provider for ODBC Drivers
Error number: -2147467259
Error description: [Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x784 Thread 0x854 DBC 0x2101014 Jet'.

I think this addresses your question

http://support.cjwsoft.com/code/moreinfo144-1.htm

<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>

<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

Hello,

no default setting for something like that... what your thinking about doing is on the right track I'd say

Below is the email I received when testing the self-registration. Does anyone know what setting I configured incorrectly?

I received the email to confirm the registration but the link to activate is invalied.

Thanks!

Your registration still has to be validated.
Go to
?u=bubbaj&v=4579
to verify your registration.

again I will ask you what is the real error??

see the link above when I asked you the 1st time.
(I need the error details and line number.. etc etc)

and what kind of a server are you trying to run it on ?
you mention xp pro but in a confusing way ?

Adding Support For ServerObjects ASPMail

ASPProtect as you know does not support ServerObjects ASPMail component by default.

Here are directions to make it work.

In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.

So search through the code for any place where email is sent and simply change

Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")

To

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")

It is about 4 places. They are not too hard to find.

That’s the easy way to get all the emailing functions working with ASPMail

IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ; ; ; ; ; ; ; ; ; ; ;PN=1

The 2Checkout Support Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement 2Checkout Payments with ASPProtect. You must be using version 2 of the 2checkout system. They are phasing out version 1 regardless so everyone will be using version 2 very soon if they are not already.

THIS IS NOT INTENDED OR DESIGNED TO USE 2CHECKOUT SUBSCRIPTIONS. (see bottom of this thread for more info on that)

This Support Pack basically gives you an additional signup and registration directory "2checkout_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup in general. New users can register in this directory and pay for membership at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and buy additional membership time online. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via 2Checkout your system is updated and they will have access.

The 2checkout pack is NEW.. and was released on March 19, 2005. If you don't have it and would like it please just ask.

To start using this edit the "2checkout_signup/2checkout_config_inc.asp" file

You will be entering your 2Checkout Account number in that file as well as the URL you want a user to go to after payment. It is all commented in that file. (There is also a testing variable you can set to True if you want to do testing without real charges being applied)

After editing that file run this page.

http://www.mysite.com/2checkout_signup/show_postback_path.asp

Replacing the part in blue with your website info.

It will report back that postback url you need to use in the 2checkout system.

Log into your 2checkout version 2 account and under the "look & feel section" enter that postback url for both the "Approved URL" and the  "Pending URL"

Trust me: You want the URL there for a pending URL because the 2Checkout system is quite random and 95% of the payments that come in go to the pending URL and end up being legitimate sales. (at least for me they do)

Now make sure the Direct Return option on that page is on as well. 

If set to Yes buyers will be immediately directed to your URLs below once they click the Complete Order button. If set to No the buyers will have to click a button to return to your URLs below.

Save that page... and leave 2checkout.

Now, delete this page from your ASPProtect setup.
http://www.mysite.com/2checkout_signup/show_postback_path.asp

It's a minor security risk and is no longer needed needed.

The basic setup is finished. All you have to now is set up payments options the way you want them.


Changing Payment Options

In the "2checkout1.asp" file there are form options set up.

They look like this and you can have as many as you like.

<option selected value="30,9.95,3,">30 Days, 9.95</option>

In this option... A user has the option to purchase 30 days for $9.95 and he will be set to Access Level 3 when payment in completed.

Here is how it works.

The value setting (red) is essentially and array that can be made up 4 elements separated by comma's
They must be separated by a comma and there can be no spaces. In this example the 4th value was not used but the last comma must still be there. If you didn't want to set an access level and left out the "3" there would 2 commas at the end.  etc etc
Basically there must always be 3 commas but you only have to set the 1st 2 values which are days and price.

days,price,access level,groups

The 1st value is the amount of days.
The 2nd value is the price for the amount of days.
The 3rd value is the access level you want to user assigned to.
The 4th option is the groups you want the user assigned to. (see PayPal subscription thread for examples of specifying group info)

Now, the label for the option in (blue) can say whatever you like.