Sorry, I guess you did say you finally found them.
Regardless, sorry then, I tried

I dont know what else to tell ya.. except to search www.aspin.com

Perhaps you will find something you can use there.

For pay signups you set the groups during signup it like this thread tells you to

http://support.cjwsoft.com/code/moreinfo186-1.htm

only difference is you need to specify the groups info like so
(basically getting rid of the commas and just leaving behind the group numbers with a * around everything)

Also be sure to have no double asterisks

so, *1*,*2* would just be *1*2*

so, *1*,*2*,*5* would just be *1*2*5*

I've got an ecommerce module that's running on it that uses access for the db.  Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.

So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?

I am having problems with a password a user wants to use.  He wants HANNAH.  When he (or I) try to log in with his username and password, I get a syntax error  -

Syntax error in string in query expression '(Username = 'changedforsecurity') AND (Password = ' éG'.
pathOnComputer../1protect/check_user_inc.asp, line 114

I've obviously changed the username and the server path in the info above for security. 

I have not messed with the encryption.   

What is it that the system doesn't like in the word HANNAH as a password?  I would just change his password for him but this guy has enough trouble just turning the computer on!  Confusing him with a new password would take weeks to set him straight. 

Thanks,
Mick

... in addition it is a virtual include not a file.  I just tried to use file instead of virtual and then the ../ includes worked on the asp pages.

This is strange because they used to work like that on the 2000 server I had these sites running on.

(Capcha Security Image Mod)

This mod will add a Capcha Security Image to the registration signup form.



Instructions:

Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/

Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.

Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.


    <tr>
      <td valign="top" align="right"><font face="Arial" size="2"><strong>
  Newsletter</strong></font></td> ; ; ; ; ; ; ;
      <td valign="top">
  <input type="checkbox" name="Newsletter" value="True" checked>
  <font face="Arial" size="1">Do you want to be subscribed to the
  newsletter ?</font></td>
    </tr>

    <tr>
      <td valign="top" align="right"></td>
      <td valign="top">&nbsp;<img src="aspcaptcha.asp" alt="" width="86" height="21" />
   <font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
   <input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
    </tr>

    <tr>
      <td colspan="2" bgcolor="#FFFFFF">
        <p align="center"><input type="submit" value="Register"></p>
      </td>
    </tr>


ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.

If User_Custom6_Used = True Then
 If User_Custom6_Required = True Then
  If  Custom6 = "" Then
   ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
  End IF
 End If
End If
 
 strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
 if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
 else
  ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
 End If 
 
If ErrorMessage <> "" Then
 Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
 Response.End
End If

Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.

1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another?  I am asking because there is only one table in the DB, and it is the "Users" table.  So I am presuming that there must be other databases that are linked to the DB.  Is this correct? 

2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software?  I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of. 

[QUOTE=cwilliams]
something weird is going on
[/QUOTE]

Yeah that's my impression too. I've done a lot of searching before posting this problem, but haven't solved it. Maybe it has to do with the sql-server/hotel?

Though I have compared carefully what goes on (and it should all be good) it could still be the problem? I have now made it work on a local msde sql server too..

I checked the option pack code as well and it looks correct.
I tested it and it acted as it should.

You can see it in active at the live demo
http://www.aspprotect.com/demo3/demo.asp

admin
test

go the the admin area.. you will notice 3 users with level 4 access
1 of them is inactive

then go to the mass email area and pick   active and level 4
it will say it is sending email to 2 users which is correct

then go to mass email again and pick level 4 and inactive
it will say it is sending email to 1 user which is correct

choose any status and access level 4 and it will send email to 3 users which is correct

When you do this please realize you can not choose a group as well.
That will cause a problem because you can not choose a group and an access level at the same time.


Anyway... perhaps you can private message or use the contact us form and and let me take a look at your system. Since I can't reproduce the behavior that is the only way we might figure this out.

I'm getting this error when I try to login:

 Active Server Pages error 'ASP 0131'

Disallowed Parent Path

/gallery/users/login.asp, line 19

The Include file '..dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

Hi all

I logged in myself to my website, and I tried to log in to another with same username and password. But I was able to log in again.

It was supposed to block me from logging in, but it let me to log in.

there has got to be some configurations I must have missed.

Could you instruct me on this Concurrrent login so mine works as well...

thanks

Dear Christofer

I already have send you the details you asked me for. Please let me know if you have received

Good Evening,

I have been trying to log into my site using the protected pages comments you have in support. I have copied the code in the ASPprotect 7 guide.

<%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

and pasted it in my page, set the the IIS to open this page and the page will not open it and the page will not open and the error is

Error Type:
Active Server Pages, ASP 0126 (0x80004005)
The include file 'check_user_inc.asp' was not found.
/olem/reldt/introduction.asp, line 3

When I remove the two lines of code everything goes normally.

I have aspprotect in its own directory in the website. I have read the installation several times and I am afraid I am missing something blatently obvious so I really appreciate you thoughts.

I am presently using redirects. I like not haveing to use them as your comments have suggested. I have pulled all that code from the pages I desire to protect during this test.

I have three test users in my database - 1 administrator

Any suggestions?

Thanks and best regards

I downloaded v7 3/7/2005

I entered a password that was supposed to be all caps with only first letter caps. 

it is odd, if I go to other user and enter wrong password that does not come up.  it apprpriately goes to a screen that says Access Denied.

thx

The problem was that I did not have

ConnectionString = "Driver={Microsoft Access Driver (*.mdb)}.... in the connection string.

Thank You.

if that account isnt there thats normal because if it doesn't have any permissions for that folder so it wouldnt be listed

you simply dig into the menus a liitle deaper and find it then add it.

i downloaded the latest version. i also downloaded the sql script provided and ran in sql query analyser to create the tables.

After that i ran a special page to intially get into the system,

then setup a new user, then make them an admin,

and after that i logged out and again when i try to login iam not able to login.  When i check the ASpp_User table I noticed that the values in the fields "Login_limit" and "Active" in the ASPP_Users table in the SQL changed to NULL and 0. But if the value are Nulls or 0 it means it's not active and it's not allowing me to login.

Pls advice

Hi,

I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working.

SQL Database Creation (NEW INSTALL)

If you are creating a new database do so using SQL enterprise manager.
Create a new database called whatever you like and keep all the default settings. If using an existing sql database skip that step.

Now open up SQL Query Analyzer

unzip the following sql script and open it in query analyser.
2005-02-20_132116_aspprotect_v7_sql_script.zip

VERY IMPORTANT
On the drop down box at the top right make sure your intended database is selected. Otherwise your changes may effect the wrong database in your SQL server.

Then load the script  into the Query Analyzer.  Click the green play button at the top. If everything goes well the response should read something like this.

******************************************************
(1 row(s) affected)
******************************************************

If so the tables have been created in your existing database.

Now make sure an existing or new SQL user has (public / datareader / datawriter) permissions for the new tables. You will be referencing this user in the asp code connection string so this user must be set up correctly. You may need your SQL server admins or hosting company to help you on this step as you may not have access to do this. You may not need to create a user and set permissions as the sql user you were logged in as to use query analyzer may by default get the correct permissions on anything you create.

Regardless, as you can see from this screenshot I made a SQL user called "aspprotectuser" and proceeded to set the permissions for that user. Under database access giving him (public,datareader, and datewriter permissions).


Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and modify the connection string info. Be sure to change the info to match your server,username, and password.

Below is an example of valid connection string.

ConnectionString = "Provider=sqloledb;Data Source=poseidon;Initial Catalog=aspprotect;User Id=aspprotectuser;Password=temp;"

The  "Data Source" setting is either the Network Name for the SQL Server or the IP Address. For local servers you can sometimes use an IP of "127.0.0.1" or the name of the local server.

"Initial Catalog" is the name of your database.

Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and set the DatabaseType variable to SQL like so.

DatabaseType = "SQL"

I dont know about your error on line 6 when uploading..

as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.

I really need more information and possibly acess to the system to do some troubleshooting...

This is anot a feature anyone has ever had an issue like this with.

In a way your questions are confusing to me, but here is some information regardless.



Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.


If you are concerned about customers downloading the access database..

best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that

the more of these things you can do the better..

And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.

I want to try this on the machine im using now; which is windows XP.

Is this possible? I don't think i can set folder permissions on XP... there is no option to do so...

Is there a way to do it?

Regarding installation in a subfolder

Though this should be common sense and ASP.NET 101 "so to speak" One thing not mentioned in the docs..


If you do not install ASPProtect.NET in the true root of a web there a key in the web config you must adjust.

it looks like this

<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

The way it comes it is valid for a root installation..

lets say you installed the application in folder called.
"aspprotectnet"

the key would change to this

<forms name=".aspprotect~net" loginUrl="/aspprotectnet/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

I think you may be using old code where that was an issue... I am going to PM you the latest version..

to be safe upgrade all the ASP files except the dataconn_inc.asp files and your config_inc.asp files

"be real careful not to lose your current encryption keys in the "config_inc.asp" file or you will be in real trouble

You can use your existing database

That would not happen unless you added a target to the login form or you're code had a base target set.

Like so..

<base target="_blank">

I would really need more detailed information. It's nothing the system does the way it ships under normal circumstances. For example you shouldn't see that behavior in any of the example protected ".asp" pages

that is unless you have something odd going on with your browser settings or you made changes to the login form or code around it causing it. (or you are using frames and dont have some of the targets and what not set correctly)

My guess is that it has to be something you added or did, but I really need to know more to offer more than that.

I do not have any programming knowledge and have what might be a simple question.

I am having a hard time getting my hosting company to modify the rights on the data folder. They state they support ASP and access databases however this is the response I got when I requested the modify permissions set for the internet guest account:

Were the rights changed on the data folder?  No, we do not manage rights to folders.

My question to you is: Doesn't supporting asp require those permissions be set on the database folder or can asp (not just aspprotect) work without those rights modified?

Thanks

More info on the groups session variable.

Session("Groups") will contain the ID numbers of whatever groups the user is a part of.
It does not store the descriptive name of that group. It will show the same data that is actually stored in the "Groups" field in the database.

for example it might hold a value like this

*2*,*5*,*9*

meaning a user is part of groups 2, 5, and 9

so if you wanted to check to see if a user was part of a particular group you would do something like this

<%
If InStr(Session("Groups"),"*9*") Then
     Response.Write("You are a member of group 9")
End If
%>


Taking this even further, if you really wanted to get a particular group's name or description you would have to query the database like so. In this case we ask it the name and description for group 9.

 Group_ID=9
 Set ConnPasswords = Server.CreateObject("ADODB.Connection")
 ConnPasswords.Open ConnectionString
 Set cmdTemp = Server.CreateObject("ADODB.Command")
 Set CmdEditGroup = Server.CreateObject("ADODB.Recordset")
 cmdTemp.CommandText = "SELECT " & tbl_label_groups & ".* FROM " & tbl_label_groups & " WHERE (Group_ID = " & Group_ID & ")"
 cmdTemp.CommandType = 1
 Set cmdTemp.ActiveConnection = ConnPasswords
 CmdEditGroup.Open cmdTemp, , 0, 1
  
 Group_Name = CmdEditGroup("Group_Name")
 Group_Desc = CmdEditGroup("Group_Desc")

This is what it says in that thread I pointed you to

This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.

I really dont see what is confusing about it. I think I explained it all in detail in that thread.