Hello,

I really need more infomation..

for starters

what is the server ? iis4,5, or 6 ?

what is the version of aspbanner.. aspbanner standard or aspbanner unlimited ?

what was the error message before you removed the "on error resume next"

was the sql database created using the sql creation scripts we provide as that is VERY important.

and lastly what are the the regional settings of the server ?
what is the date format ?

I think I've found the problem..

The password "abcdefgh" works

The password "abcdefghi" does not

(username "ace45")

Passwords can obviously only contain up to and including 8 characters... By some coincidence I only used short passwords with MS Access.

if it is your own XP machine there is no reason you should edit that config file manually.

simply set permissions on the data folder and all the folders in it and the application will write to the config files on its own... if you are having problems chances are you are not setting permissions correctly.. please read all of this
http://support.cjwsoft.com/code/moreinfo56-1.htm

if is not an XP machine (your post was confusing and I am not sure) then this is an article for 2003 server
http://support.cjwsoft.com/code/moreinfo136-1.htm

Most importantly whats the real error ? error 500 does not help figure out anything
http://support.cjwsoft.com/code/moreinfo11-1.htm

lastly make sure you go into iis and make that web its own application

I really do not know for sure, but I imagine there are customers using their windows hosting. Usually I do not know what hosting company a customer uses and I am usualy the only one that responds to forum questions.

Why not download the current Free lite version and try it out ?

CJW

(Password Expiration Mod) for ASPProtect Version 7.x

This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)


 
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.

Purchase Page

Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.

This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.

There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.


Directions:
Back up your existing ASPProtect installation.

Add two new fields to the "ASPP_Users" table in your database.

For an MSAccess Database

Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)

For a MSSQL Database

Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)

once that is done

Copy all the new ".asp" pages into your site.


Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file

It needs to be the full URL to to the "change_password/default.asp" file


Now edit the "change_password/processchange.asp" file

There are 3 variables you can edit.

PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8

The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.

The other two values should be obvious.

That's it...

Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file

Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. 

btw: who is this hosting company anyway ?

and did they give you access to a control panel that lets you manage your site ? sometimes that is where you manage those permissions if their interface supports it

lastly, are frontpage extensions installed in your web so it can be connected to via frontpage ?

It should be released sometime late May 2004 or early June 2004 but no gurantees as I am pretty busy right now with some projects.

There will be upgrade instructions and it should be a fairly easy upgrade.

[/QUOTE]

Like I said no guarantee... I have a lot of things going on... it might not even be finished till the end of July... customers will always be able to get it for the difference in price

You have the version listed on the site when you purchassed it.
Version 3.0

Microsoft VBScript compilation error '800a0400'

Expected statement

/asplog/check_user_inc.asp, line 404

End If
^

Is this a standard database connection error so I should ask my IIS to make sure permissions are correct?

Thanks..!

Sorry, not really.. not without a lot of changes to the code.
the recent activity info recycles.. it is not meant to be day by day

My suggestion there would be to look at both the log files and the user activty screens...

Is there a limit to how many access levels the program has?  We were thinking of having a different access level for each client that logs on our site so we can customize their web experience.  We see 6 in one place of the program, 8 in another, but is there any reason why we couldn't make 100 more?

Thanks again for the help!

Hi,

I need to be able to add about 9 checkboxes to the register.asp. would I be able to use one of the custom fields?

The other thing is once I add the checkboxes the value must be written to the DB and later read when displaying the person's Album.

Any idea on how I can do this.

Thanks

check the action for the button in the code... its probably not posting back the the right page which should the same page it is...

I bet ya it is posting to guestbook2 which is the wrong directory... an old mistake I forgot to correct...

The login page sends the user to redirect.asp (which is as follows)

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If InStr(Session("Groups"),"*1*") Then
    Response.Redirect("gp01.asp")
End If
%>

<%
If InStr(Session("Groups"),"*2*") Then
    Response.Redirect("gp02.asp")
End If
%>

I am not being redirected to gp02.asp if I am a member of group2.  Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)

Thanks in advance.

I had never noticed this before, but a customer sent me email to say that they had set up their aspclassifieds profile such  that they be contacted by email and not by phone.

However, in their ad, their phone number still appears. The lines in view_ad.asp that check for True values for the Contact_Via_Email and Contact_Via_Phone before displaying that information seem to always evaluate to True, regardless of their setting in the database.

I'm using an Access2000 DB for this. When I open the DB in access, I see the checkboxes correctly unchecked for phone and checked for email. However, if I do a quick test to display the retrieved values in the view_ad.asp (<%=contact_via_phone%> <%=contact_via_email%> they both display True.

What gives? I have had nightmares with Access and its weird handling of true/false 0/1 yes/no fields, but this is driving me nuts.

I would also double check that you changed the field size correctly and on the correct database that is being used in the connection string

If you are developing using Windows XP Pro and running the NTFS file system setting proper permissions on a folder in your website requires that you 1st disable simple file sharing.

To do so open up "my computer". At the top open up "tools/folder options"

Then the "view" tab.

Then at the bottom uncheck "use simple file sharing"

After that that is done... using "my computer" browse to the folder in your web that you need to set permissions on.

Right click on that folder and then choose the "security" tab.
(If simple file sharing is on that tab wont be there)

Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.

You can also give permissions to the everyone account and accomplish the same thing.



BTW:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"

Hi Chris,

Alright.  We figured out how to work with both C# and VB, by creating a separate VB web project in VStudio, and then passing the aspprotectnet.dll to the C# project.

Ok.  I have another question:

How can our code determine the identity and user_id of the currently logged in user:

Is it Session["User_ID"].ToString() and Session["Username"].ToString()?

thank you

also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.

etc etc etc

so let me add this bit of info..

I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.

How do I change the character length for the description field?

SQL Database Creation (NEW INSTALL)

If you are creating a new database do so using SQL enterprise manager.
Create a new database called whatever you like and keep all the default settings. If using an existing sql database skip that step.

Now open up SQL Query Analyzer

unzip the following sql script and open it in query analyser.
2005-02-20_132116_aspprotect_v7_sql_script.zip

VERY IMPORTANT
On the drop down box at the top right make sure your intended database is selected. Otherwise your changes may effect the wrong database in your SQL server.

Then load the script  into the Query Analyzer.  Click the green play button at the top. If everything goes well the response should read something like this.

******************************************************
(1 row(s) affected)
******************************************************

If so the tables have been created in your existing database.

Now make sure an existing or new SQL user has (public / datareader / datawriter) permissions for the new tables. You will be referencing this user in the asp code connection string so this user must be set up correctly. You may need your SQL server admins or hosting company to help you on this step as you may not have access to do this. You may not need to create a user and set permissions as the sql user you were logged in as to use query analyzer may by default get the correct permissions on anything you create.

Regardless, as you can see from this screenshot I made a SQL user called "aspprotectuser" and proceeded to set the permissions for that user. Under database access giving him (public,datareader, and datewriter permissions).


Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and modify the connection string info. Be sure to change the info to match your server,username, and password.

Below is an example of valid connection string.

ConnectionString = "Provider=sqloledb;Data Source=poseidon;Initial Catalog=aspprotect;User Id=aspprotectuser;Password=temp;"

The  "Data Source" setting is either the Network Name for the SQL Server or the IP Address. For local servers you can sometimes use an IP of "127.0.0.1" or the name of the local server.

"Initial Catalog" is the name of your database.

Now, in the ASP files provided with ASPProtect edit "dataconn_inc.asp" with a text editor and set the DatabaseType variable to SQL like so.

DatabaseType = "SQL"

I dont know about the unspecified errors. I really need more detailed information. (Since it has been working fine for quite a long time you might want to consider installaing the application from scracth again and see if you still get errors)

As for the log in not persiting. Did you by chance turn off cookies in your browser ? They are required for forms based authentication to function. Otherwise, yes you would need to log in to each and every page as you moved around.

I've got an ecommerce module that's running on it that uses access for the db.  Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.

So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?

That is by design, removing and deleting are two different things as far as the classifieds system goes.

A regular user can only remove an ad from the category index. (which makes the ad inactive)

An admin however can truly delete an ad from the system.

I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.

So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?

Or is there another way..?

I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.

I've encountered another problem.  When i edit the link for existing banners and save it, the banner reverts to the old link instead of the new one.

The directory where the the database is located to rwed so the permissions is not a problem.

Any advice?

Thanks

thanks!! the file took care of the extra slash. I also fixed the problem by modifying the permissions.

dazed

ConnectionString = "DBQ=C:\TradersReportsCom\aspprotect\data\database\ASPProtec t_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

I have already set the folder permissions as indicated in the documentation.

yes. what you are talking about has to do with norton ad blocking software.. it blocks images or paths that have the word "ad" in them.. and you see red x's where images should be on web sites.. usually

it is different then what this thread initially mentions which has to do with a code/server issue with the application variables.

Thank you....  yes it does

Is there a limit in the number of Zones you can have in the database.

thanking you

it has been 3 days since I logged myself in under Admin, and all the user information on the User Activiy screen seemed to be gone.

is there any specific length of period it refreshes its user information??

I wonder what that ENDSQLMail send failure is all about ?
I dont use anything regarding SQLMAIL in the ASPProtect code.

I think I might need to go in so I can debug a bit. Everything seems to work fine with a SQL installation here so I just don't know at the moment.

If that is ok with you I would need ftp access or something so I can trry a few things and hopefully figure it out. Admin access to the aspprotect admin area as well so I can see what you have set up in there.

PM me with that info if you want me to take a look.