ya,

any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links

example (for anyone that comes across this thread)

http://www.examplesite.com/somepage.asp

is going to have a different set of application and session variables then

http://examplesite.com/somepage.asp

even though they are basically the same page

Is there an easy way to make this work with reoccurring a monthly or yearly subscription?

I did all that you sugessted and all failed, you  said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually?  below are the steps I performed......

1 - made sure the web is it's own application in IIS

2 - Reset IIS in command promt

3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.

I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?

Thank you!

Matt...

I think you getting all confused about dsn's and what they really are.

A system dsn gets created via the ODBC control panel and gets listed there. A system dsn is nothing more than a registry entry telling information about where the database is an how to connect to it. Then every time code accesses the database it has to do a registry lookup. The whole process adds a lot of delays, causes very poor performance and is unnecessary.

A dsn-less connection simply connects directly to the database by specifying the driver being used, where the database is, and some other information like the password if there is one.

To get aspprotect or any other ASP application using a database all you have to do is make sure the database folder has correct permissions and then make a connection string like so. (with the correct info for your directory structure of course)

DBQ=c:\inetpub\wwwroot\aspprotect_6\data\database\ASPProtect _access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp

If you are wondering Access databases always use the same username.

So, basically if permissions are set correctly and the directory is valid it will work.
It is really that simple. 99% of the time when people have problems it is one or the other.

That being said, don't worry about the odbc control panel and what is listed there for connections. All we really care about is that odbc drivers are installed and somewhat current.


One last thign for reference: even if you do make a system dsn the database folder still needs the correct permissions.

Ahhh....yes, I always forget about the cache.  That's exactly what it was. 

 I had made modifications to the import_pics.asp file, because I added more fields to the db, and made the import folder path dynamic, but I seem to have forgotten to add in the response.expires=0

Once I added this back in it has stopped messing up.

What was happening was, it wasn't overwriting the files, nor were they too big, but you would click on one thumbnail in an album(category) and it would display a picture from a totally different category.  It seems browser cache was the culprit, however.

Thanks for the quick reply, great product tooo!!!

Hi,

That is not enough to go on. I need details in order to help.

Christopher

I have gone back to your original files and uploaded them to another server folder and instead of using a DSN I have tried this with a DSN less connection and changed the database to MS Access 2002.

This has corrected the problem.
I will check this out again using the DSN with access 2002 to see if this was the problem. It may be something to do with an older format of database on this particular server.

I will let you know what I find.

Thanks for your  quick reply.

If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.

Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.

<center>
  <table border="0" width="400" height="200" bgcolor="#000000">
    <tr>
      <td bgcolor="#F4F4F4">
        <form method="POST" action="memberarea.asp">
          <input type="hidden" name="Status" value="Checkem">
          <p align="center"><font face="Arial">ASPProtect Login</font></p>
          <div align="center">
             <center>
             <table border="0" bgcolor="#C0C0C0">
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
                 <td><input type="text" name="Username" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
                 <td><input type="Password" name="Password" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
                   me signed in on this computer unless I log off.</font></td>
               </tr>
             </table>
             </center>
          </div>
          <div align="center">
             <center>
             <p>&nbsp;<input type="submit" value="Login"></p>
             </center>
          </div>
       
        </form>
      </td>
    </tr>
  </table>
  </center>

ok, then I need more information.

Was the code changed ? Thats the big one. If it worked and now it doesn't something must have changed. Things just don't stop working on their own. I would try putting the original files back in there for everything but the config and dataconn files just to make sure and see and if it works with the original files. (back up your old ones 1st so you can copy them back of course)

Also, perhaps PM me the site info so I can go look as well.

Hi

I downloaded the .chm format installation documentation but when I open it I get the index but can't see any of the pages so am a bit stuck.

(Password Expiration Mod) for ASPProtect Version 7.x

This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)


 
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.

Purchase Page

Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.

This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.

There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.


Directions:
Back up your existing ASPProtect installation.

Add two new fields to the "ASPP_Users" table in your database.

For an MSAccess Database

Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)

For a MSSQL Database

Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)

once that is done

Copy all the new ".asp" pages into your site.


Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file

It needs to be the full URL to to the "change_password/default.asp" file


Now edit the "change_password/processchange.asp" file

There are 3 variables you can edit.

PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8

The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.

The other two values should be obvious.

That's it...

Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file

Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. 

like I said you made changes to something to cause that...

users/user_area.asp

runs fine the way it ships "it is one of things I tested earlier when I looked at your installation for you"

If you want I'll go look via FTP and tell you what is wrong

OK.  If no return page is set, do they end up on a PayPal confirmation page and have to navigate back to my site by going Back or typing the web address?

Nick

Ok, so I checked to see if ASP is running on the server and it is.  then I added code to the top of a page and this is what i can see when 'view Source' on the web browser:

<%@ LANGUAGE="VBSCRIPT" %>

<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * Admins * ) -->
<% GROUPACCESS = "4" %>
<! #INCLUDE FILE="check_user_inc.asp">
<!-- End ASPProtect Code -->

<html>
<head>
<title>TeamManagers</title>

Yet I get no challenage for a password and no error message!

Encountered another issue.  When entering a user name correct but the wrong password get the following error:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '(Username = 'ROBERT') AND (Password = 'ZŁ$'.

/check_user_inc.asp, line 115

Did I do something else wrong?!

Thanks

You would carefully use the built in features of access to import/export data.

The password for our databases is noted in the documentation. It's pretty hard to miss really. You can also see the database password by looking at the connection string info.

different versions may be different but it is usually "temp" minus the quotes

You really can not do something like that. You can not use client side code to change a server side session variable.

To make changes server side a form must be submitted or a link clicked on to another page. Then you can do whatever you like but you cant have an onlci event update a session variable like that.

Though I am not sure of exactly what you are trying to do I think you'll need to go about things a little differently.

Of course ASP.NET is and HAS been installed. I have been running asp.net scripts for years on it. I am not new to asp.net nor setting up the server or anything. ASP.NET is properly installed and works perfectly.

You are missing the fact i mentioned it is a DOMAIN CONTROLLER.

I have come across MANY articles ONLINE via GOOGLE that mention if it is a domain controller, for some reason the aspnet account is not there or gets deleted.

IN ITS PLACE GOES THE IIS_WPG ACCOUNT. IS YOUR SOFTWARE NOT COMPATIBLE WITH THIS ACCOUNT?

Is it possible to run ASP.NET scripts without ASP.NET not being installed? Because I have been running asp.net pages without any problem.

Let me put it this way.

My home page (default.asp) is an unprotected page.

When a user that has signed in on another (protected pages) and has the remember me checkbox checked closes the browser cookies should be set for the next time they return.

When the user opens their browser and returns  to my home page (default.asp), I'd like to put a message saying:
Welcome back <%Session ("Username")%>

How is this done?

thats not good.. its a web server configuration issue of some sorts ?

post is a common method for forms.. if it is not supported it is something you should ask the server admins about.

Is this a windows based web server running true microsoft ASP because that error is usally associated with non windows IIS based web servers from what I can see by doing a google search ?

ASPProtect only runs on windows servers running IIS and True Microsoft ASP.
http://support.cjwsoft.com/code/moreinfo165-1.htm

My guess is your web server is running Apache Unix or something like that.

UPDATE..

Installed a new rack mount 1u server this week.

3.2 ghz hyperthreading 1 mb l2 cache prescott cpu
2 gb pf pc3200 kingston memory
SATA Raid.. (2) 120 gb drives running hardware raid 1

It is a supermicro 1u server case and server motherboard.
The hard drives are SATA 150 120 gb 7200 rpm Diamondmax Maxtors

All high end server type stuff... It's a very powerful server and has been running great all week. 500+ hours uptime so far.

Running Windows 2003 Server Enterprise
SQL 2000 Enterprise SP3
SmarterMail
SmarterStats
Windows DNS
ZipEnable (which I am reviewing for them)
ServerMask (which I am reviewing for them)
A ton of ASP Components which I have purchased over the years.

So that means I can now focus my attention on creating software again instead of being a system admin. (Due to these server issues over the past few months I am now back to godly status as far as windows system administration goes.. not to mention I am now back up to speed on the latest processors and hardware)

So, getting back to ASP Photo Gallery...

I spent about 20 more hours this week on the new version of ASP Photo Gallery Pro.. I have another 40 or more to put into it as I have a lot I want to do.

I think it will be ready within the next three weeks. I know a lot of you have been waiting for something.

Yup everything looks ok - but why no error?

This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...

What would cause it to 'think' it is doing the task yet still fail?

ok, I moved this thread..

The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.

The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)

That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing. 

Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.

Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"

change

Password = CmdDataExport("Password")

to

Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)

Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.

Good Morning - I am receiving an Http 500 internal server error when I go to add a new user via the register.asp page.   the url when the error appears is: .../users/add_new_account.asp

I think the error has to do with my email component setting - becuase it works fine otherwise.

I have the email component setting set to CDOSYS (using remote server) with the mail.remote.server set to email.cidra.com - email address set to webmaster@cidra.com

Note: I receive the email notification and the user does get added.

Can you help please? Shirley

UPDATE...I just figured out that it only errors when the email address I use for the user is NOT from cidra.com -- Any idea why?

If you re-start the web via IIS, reboot the server, or (possibly) just add and remove a category... that will clear up.

ASPClassifieds and ASPListings must be installed in seperate IIS applications if they are the same web. Otherwise the category caching system of each system will interfere with each other. They were never intended to be installed in the same web together since ASPListings is merely a stripped down version of ASPClassifieds and they share a lot of the same code. Like I said though if different IIS applications are set up in the web site you can do it because each IIS application will have it's own set of application and session variables.

I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.

So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?

Or is there another way..?

I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.

(User Photo Upload Mod) for ASPProtect Version 7.x

This will allow an individual user to upload a user picture instead of just the admin.

Notes: This is a down and dirty mod. The user upload code was copied from the admin area and there are no safeguards. Meaning there is no limit on the file size a user uploads and there is no confirmation process in case something they upload is inappropriate. etc etc etc

If you want that you will have to work on that on your own.

Directions:
Back up your existing ASPProtect installation.

copy these files into your "users" folder

2006-01-24_111305_User_Upload_Mod.zip

I dont know about your error on line 6 when uploading..

as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.

I really need more information and possibly acess to the system to do some troubleshooting...

This is anot a feature anyone has ever had an issue like this with.