ASPProtect protects ".asp" pages only.

That is your problem.

glad it is working now

sorry ya had trouble.

I had never noticed this before, but a customer sent me email to say that they had set up their aspclassifieds profile such  that they be contacted by email and not by phone.

However, in their ad, their phone number still appears. The lines in view_ad.asp that check for True values for the Contact_Via_Email and Contact_Via_Phone before displaying that information seem to always evaluate to True, regardless of their setting in the database.

I'm using an Access2000 DB for this. When I open the DB in access, I see the checkboxes correctly unchecked for phone and checked for email. However, if I do a quick test to display the retrieved values in the view_ad.asp (<%=contact_via_phone%> <%=contact_via_email%> they both display True.

What gives? I have had nightmares with Access and its weird handling of true/false 0/1 yes/no fields, but this is driving me nuts.

ok, here is what is going on

you are password protecting an ".asp" page that requires querystring info to run correctly   (example - "somepage.asp?ID=3"")

that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out

this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact

it was a nice feature never intended to handle any situations other than what I just described...

now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info

that more than anything is what is going on..  browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...

To avoid all of this...

One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)

Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.

Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc

So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.

I hope this makes some sense to you.. it is very hard to try and explain

I'm all set - after thinking about your replies - i checked a bit more and changed the email component type -- thanks again for all your help.

its just an example connection string in the datacon_inc.asp file
you have the edit it to make sense for you..

the readme.txt file with the sql directions tells you this if you use that script

------------------------------------------------------
Examples of using DSN-LESS connections.

The "SERVER" and "Data Source" settings are either the Network Name for the SQL Server or the IP Address.
For local servers you can also use an IP of "127.0.0.1"

GalleryConnectionString = "Driver={SQL Server};UID=aspphotogalleryuser;password=temp;DATABASE=aspph otogallery;SERVER=127.0.0.1"

or

GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspphotogallery;User Id=aspphotogalleryuser;Password=temp;"
------------------------------------------------------ 

A very common and extremely bothersome error encountered when running ASP apps that connect to a database is the "80004005" error. It comes in many varieties.

These articles cover it.


(an article I wrote)
http://www.powerasp.com/content/hintstips/permissions.asp

(more articles)
http://www.aspfaq.com/show.asp?id=2009

http://support.microsoft.com/default.aspx?scid=kb;en-us;3065 18

http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=115

http://www.macromedia.com/support/ultradev/ts/documents/8004 005_cannot_open_unknown.htm

I finally spoke with someone who knew what I was asking for and they set the rights and all is fine.

Thanks for your help. Wish all business' had customer support like here

I pull that crap on myself once and a while... or my favorite is leaving a bootable CD in the drive and then wondering why the heck the OS doesn’t come back up. I pretty much promised myself back in 2002 that I would never mess with anything minor after 10PM. For whatever reason I always start messing around trying to "fix" something and end up sorry... Granted if it’s an emergency I am all for it, but I get dresses in advance anticipating the practically inevitable drive down to the datacenter.

Good luck with that, I am sure you will be much better off in the long run.

Three questions here:

1. I am having a problem with characters being displayed properly when viewing listings. Some alphabet characters and punctuation characters do not display properly when viewing the pages.

Sample here:

http://www.hibari2.com/lanoitanretni/kokusai_profiles/view_i tem.asp?Ad_ID=102&CatLevel=2&Cat1_ID=3&Cat2_ID=& amp; amp; amp; amp;Cat3_ID=&Cat4_ID=&FromSearch=True&SearchPage =%2Flanoitanretni%2Fkokusai%5Fprofiles%2Fdefault%2Easp%3FCat Level%3D2%26Cat1%5FID%3D3

In the access database I was looking at the properties for the ‘Ad_Custom’ fields. Unicode Compression is 'Yes' but IME Mode is set to 'No Control'. I wonder by changing this to ‘Hiragana’ if will solve the issue.

Note: the essays are typed in English on computer with Japanese OS, and then pasted up. Even though they are typed in English, there are several setting that may affect the output.

2. I want to reverse sort order for listings instead of listing 4, 5, 6, 7, I’d like to sort 7, 6, 5, 4… Could you tell me which page has to be edited, and in simplest terms what has to be changed?

3. Also, I’d like to increase the default display of ‘items per page’ from 25 to 100. Could you tell me which page has to be edited, and in simplest terms what has to be changed?

Thanks

I was able to get it all figured out.  Thanks a lot for your help, I really appreciate it.  I ended up copying the database with the password to the directory and used the user/password connection code and it works great.  I believe it was related to that but I cannot be sure.  Thanks again!

I am having an issue with the Thumbnailing process. My host does not support ASPImage so I have to use something called asp thumbnailer which is similar to ASPImage. I am trying to modify the Dundas upload to automatically reduce the images to create thumbnails. I ripped out the asp image code and replaced with the bottom. The main issue I believe is grabbing the image files. I am not sure how to name the actual image file that is already uploaded by the dundas upload. the code is below:

The peices in red are where the issue is I believe. What you see below is my attempt to identify the exact image and then rename it tthumbnail. My optimal solution would be to take the picture, resize it and rename it exactly what it was named before.

Any ideas

Thanks

<% Else %>

<%
 Dim thumbObj
  
 Set thumbObj = Server.CreateObject("ASPThumbnailer2.Thumbnail")
  
 If thumbObj.LoadFromWeb("../pictures/" & Filename) Then
     thumbObj.ThumbMaxDimension = 140
     If thumbObj.CreateThumbnailToWeb("../pictures/Thumbnail.jpg") Then
         Response.Write("Thumbnail successfully created.") 
     Else
         Response.Write("There was an error creating the thumbnail.")
     End If
 Else
     Response.Write("<p><hr><b>Unable to load the original image.</b><hr>")
 End If

 
Set ConnClassified = Server.CreateObject("ADODB.Connection")
ConnClassified.Open ConnectionString
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdSetImageInfo = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "UPDATE Ads SET Image" & PicNumber & "_Uploaded = 1, Image" & PicNumber & "_FileExtension = '" & FileExtension & "' WHERE (Ad_ID = " & Ad_ID & ")"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnClassified
CmdSetImageInfo.Open cmdTemp, , 1, 3
%>

User Information

After a user logs in there are variables that you can always access.
They can be used to check various things or to display information
dynamically based on who has logged into the system.

   Session("PasswordAccess")
   Session("Access_Level")
   Session("Admin")
   Session("Active")
   Session("Expiration_Date")
   Session("User_ID")
   Session("Groups")
   Session("Redirection_URL")
   Session("Password")
   Session("Username")
   Session("First_Name")
   Session("Last_Name")
   Session("Company_Name")
   Session("Email")
   Session("Address")
   Session("City")
   Session("State_Province")
   Session("Zipcode_Postal_Code")
   Session("Phone")
   Session("Custom1")
   Session("Custom2")
   Session("Custom3")
   Session("Custom4")
   Session("Custom5")
   Session("Custom6")

You can display them on a page at any time using Response.Write like so

<% Response.Write(Session("FIRST_NAME")) %>

or like this

<% = Session("LAST_NAME") %>

"save_pic_desc.asp"

in both the admin and users area needs to be edited

You'll see something like this...

If Len(Image_Description) > 250  Then

just change 250 to something higher.. I wouldn't go much over 500 though as it may cause problems.. I am really not sure.. Changing it higher is done at your own risk.

ok,

when you say "we have set up to use the Subscription services exclusively for all new members "

I am sorry to have to ask this again but what does that mean exactly ?

how was that accomplished ?

The reason I say this is because when a subscription is created by a user through the normal channels.. meaning they went to the paypal subscription directory and either started a new account or found their old one to start a subscription with.. either way the PayPal Subscripber ID that paypal assigns is added to the database for that user and the expiration date is set to null.

Now, that being said the function that sends expiration emails to users will NEVER send an expiration to a user that has info in their PayPal Subscriber Field in the database. I just double checked that.

So that is where I am confused ? How did all these users get set up to use subscriptions and not have the PayPal Subscriber ID field popluated in the database ?

Seems to me the only way this could happen is if you set some stuff up manually and the PayPal Subscriber ID for each user never got put in the database. That and the expiration date didnt get set to null.

Again, I am sorry to keep asking this but it just seems to me that something else must be going on that I am not clear on regarding how you upgraded these people to use subscriptions.

In the end I think the answer may be to manually make sure each old user now using subscriptions has their PayPal Subscription ID set in the database as well as their expiration date from before set to null.

I have connected to countless DB's using my own applications written in dreamweaver and have tested them on my own server and also my web facing one.  BUT this seems to be different.  no matter what I try I still get this error.

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x440 Thread 0x6b0 DBC 0x1f995bc Jet'.

On both a windows 2000 server and also a windows 2003 server. Also using both DSN and DSN less connection and oledb.

Any help would be greatly apprectiated.

Thanks

Okay, I did that, now I get:

Microsoft VBScript runtime error '800a004c'

Path not found

/aspprotect/password_admin/upload_post.asp, line 292

On second thought guys, it would must easier to change the code using modulus as follows:

<% If PicIndex mod 6 = 0 THEN %> 
      </tr>    
      <tr>
<% End If %>

This will end each row and create a new row after each 6th picture. It'll be must easier code to work with and change.  This code must be placed in the PicIndex For Loop.

If you have any questions, JPortnoy@Checkernet.com

it is not uncommon for folder permissions to be lost or changed on a server.. a lot of things can cause it

if it was working and now you can not edit or write new data to the database it is most likely permissions

I would triple check permissions... see my articles if there is any doubt on how permissions are set

http://support.cjwsoft.com/code/moreinfo136-1.htm

http://support.cjwsoft.com/code/moreinfo56-1.htm

Hello,

VBScript is the most popular ASP scripting language, and has the most support available. I estimate that less than 5% of the ASP coders out there use anything other than vbscript

That being said it specifically says on the aspprotect site ASPProtect is only for use in protecting asp using "vbscript" as the language.

http://www.aspprotect.com/more_info_full_v7.asp

http://www.aspprotect.com/comparison.asp

it is something I specified very clearly for this very reason.

Sorry, but you can not use ASPProtect to protect pages using Language="Javascript". The code is too complex to be mixed with server side Javascript.

To password protect asp pages written using "Javascript" you really need a an application specifically written in and designed to work with ASP pages written using "Javascript". And then of course that application would not be able to protect ".asp" pages written using "vbscript." (I mean never say never, but it would be a ton of work to get both working and I doubt you will ever see a commercial application that does both)

as for switching back and forth between vbscript and javascript you really can't except with very simple code. Doing so with anything complex can be extremely problematic because the order of execution sometimes gets all mixed up because of the complexity of the code being used.

That doesn't mean it can not work....

You would really want to do something like this.


do not specify a default language at the top

surround the aspprotect include file with this

<SCRIPT Language="vbscript">

</script>

surround your javascript code with this

<SCRIPT Language="JavaScript">

</script>

then make sure none the code including the aspprotect include file has any <% or %> tags in it

that means you have to remove that sort of thing everywhere... that means a lot of work if you used a lot of that sort of thing instead of response.writes to write out html type stuff

and again... I don't know if you would ever get it all working

All of the fields with the expected paths show the correct file structure, so now I've put them in them in the boxes

For pay signups you set the groups during signup it like this thread tells you to

http://support.cjwsoft.com/code/moreinfo186-1.htm

only difference is you need to specify the groups info like so
(basically getting rid of the commas and just leaving behind the group numbers with a * around everything)

Also be sure to have no double asterisks

so, *1*,*2* would just be *1*2*

so, *1*,*2*,*5* would just be *1*2*5*

in Control_pic.asp is there way to wrap the description field so that it doesn't go outside the table.

Thanks

The random password is generated during signup and the function that creates it is located on this page of code.

users/register.asp

it looks like this

Function RndStr(Length, UseChrs)
 If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
 NewStr = ""
 Randomize(CByte(Left(Right(Time(),5),2)))
 For gpIndex = 1 To Length
  NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
 Next
 RndStr = NewStr
End Function

For example go to this page and hit refresh and watch the password change.

http://www.aspprotect.com/demo2/users/register.asp

Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.

Anyway... when signing up the new user of course has the option to change that password to something they would like better...

As far as... "selecting the same user name and password every time"

I need more information. That does not make sense for a lot of reasons.

Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.

So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.

Now of course if you edited the code in any way it is possible all this is not working correctly ?