yes, admins have access to absolutely anything...

as for the other question what you should do is only show links to people logged in that they have access to.. then they wont get logged out when they go to a page they do not have access to

for example if someone doesn't have access to a level 4 page dont give them a link to go there... you can do that by checking the session variables and creating your hyperlink html code accordingly .. using simple if-else logic... you could even make a hyperlink non-clickable and add some text to it like (no access)

it's all about taking the time to intelligently designing the different areas of your web site. It takes a bit of time and work to really make a system flow the way you want it to.

other than that it becomes extremely complicated to not grant them access when they go to a page they dont have access to but also keep them logged in. It is just not designed to flow that way. If someone goes to a page they do have access to they get logged out. It sort of has to be that way because of the ways things flow.

more info on accessing user info after login so you can do that
http://support.cjwsoft.com/code/moreinfo198-1.htm

another good thing to check out is the provided examples for mutliple access levels. You can see that if you log into the default page for that that it only shows you links to pages you have access to. Done with simple if-else logic around the html links. It is using groups but you can do the same sort of concept using groups.

The links to view that info are on the main users screen of the admin area.

Down below...

They wont show up unless you have that stuff enabled in the settings screen as well.

Additional Information.

A set of these variables get created for every user that logs in to your site.
For performance and memory conservation reasons some of them can be turned off and are optional.

If you look in the "check_user_inc.asp" file or the "check_admin_inc.asp" file you will see a section of code like this


   ' Start of optional session variables to be set
   ' Recommended that you remark out any of the session variables below that you don't really need to use
   ' This will save a lot of server resource because every user logged in has a set of these
   
   ' I added some code here to not create these if they are empty
   If CmdCheckUser("First_Name") <> "" Then Session("First_Name") = CmdCheckUser("First_Name")
   If CmdCheckUser("Last_Name") <> "" Then Session("Last_Name") = CmdCheckUser("Last_Name")
   If CmdCheckUser("Company_Name") <> "" Then Session("Company_Name") = CmdCheckUser("Company_Name")
   If CmdCheckUser("Email") <> "" Then Session("Email") = CmdCheckUser("Email")
   If CmdCheckUser("Address") <> "" Then Session("Address") = CmdCheckUser("Address")
   If CmdCheckUser("City") <> "" Then Session("City") = CmdCheckUser("City")
   If CmdCheckUser("State_Province") <> "" Then Session("State_Province") = CmdCheckUser("State_Province")
   If CmdCheckUser("Zipcode_Postal_Code") <> "" Then Session("Zipcode_Postal_Code") = CmdCheckUser("Zipcode_Postal_Code")
   If CmdCheckUser("Phone") <> "" Then Session("Phone") = CmdCheckUser("Phone")
   If CmdCheckUser("Custom1") <> "" Then Session("Custom1") = CmdCheckUser("Custom1")
   If CmdCheckUser("Custom2") <> "" Then Session("Custom2") = CmdCheckUser("Custom2")
   If CmdCheckUser("Custom3") <> "" Then Session("Custom3") = CmdCheckUser("Custom3")
   If CmdCheckUser("Custom4") <> "" Then Session("Custom4") = CmdCheckUser("Custom4")
   If CmdCheckUser("Custom5") <> "" Then Session("Custom5") = CmdCheckUser("Custom5")
   If CmdCheckUser("Custom6") <> "" Then Session("Custom6") = CmdCheckUser("Custom6")
   
   ' End of optional session variables to be set

If you do not need a particular variable to be set as a session variable simply comment that line out with single quote.

If you have an extremely busy site with a lot of users this is a good idea. If not, you probably don't need to bother doing this. I added some code in there so they will not be created if they are empty and that alone helps out a lot.

Yes, that�s all I wanted to know. The problem is on my end. The server is not creating the .NET site correctly. I think I got it working now. Thanks.

In case you wanted to know? The only reason I asked you is because you mentioned that you where having trouble with overseas piracy and my account is new. I figured it was my user error by just though I�d ask you first. Hope you have no more piracy issues and have a good rest of the day.

Thanks again for the quick response.

Actually it would because you would just count records for that user that are also active

and yes, users cant delete albums.. they can only turn them off which really means the albums lose their active status

only the admin can truly delete an album the way the code is
(that's just the way I did it for some reason.. I don't remember why)

Well I have the web hosting tech looking into the memory issues at this point.  Unfortunately I don't have another machine to be able to run the asp on that would run it correctly so that I can just publish it over.

http://gibsoncity.info/guestbook/default.asp

Reports 65-messages, however after the first 10 are displayed and you click on the More Messages button, I get the Page cannot be found error.

Chris,

When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.

All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.

I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP.  I hope I expained the situation well enough.

You should not have single quotes around the "-1" because Album_Active is not a string field in the database. It's true/false or bit field in the database depending on the database you are using (MSSQL or ACCESS)

I'd do it a little more like this I think.

SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = 1"

I took out the parentheses as well since I dont believe they are needed in a simple case like this

but is hard to say unless your the one testing it... my version might have a mistake as I am a little rusty with my SQL at the moment

also: in case your wondering...
depending on the situation and the odbc drivers the 1 and -1 should work either way but sometimes it's picky and you have to do it one way or the other

When using this code:

<!------- ASPBanner Ad code ------------->
<script language="JavaScript"> var code = '';
var now = new Date();
var nIndex = now.getTime();
document.write('<s' + 'cript src=" http://www.poconocommuter.com/aspbanner/injectbanner.asp?Ban nerZone=6&nocache=' + nIndex + '">');
document.write('</' + 's' + 'cript>');
</script>
<script language="JavaScript">document.write(jscode);</script& gt;
<!--------- End ASPBanner Ad code --------------->

I receive an error that jscode is undefined. The banner will not display.

Any ideas how to fix this?

Hi Chris,

The hosting company has been doing some work apparently regarding the database connection issue. Still something is funky

When I type in www.vickerylightning.com/aspgallery/default.asp I get the custom 404 error page and I noticed that it is trying to open the following:

http://www.vickerylightning.com/skins/default/settings.asp

Is that what it is supposed to do?

Thanks!
Rhona, the rookie

Different Versions of the Access Database

Below is a zip file with many alternate versions of the Access Database provided to help with installation and general usage.

2005-02-20_155310_ASPProtect_Database_Versions.zip

ASPProtect.mdb is saved as an Access97 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2000 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2002-2003 database (password "temp")
ASPProtect_access2002_no_password.mdb is saved as and Access 2002-2003 database with no password set on it

Try to use the newest version as server odbc drivers sometimes have to use the newest version for everything to work correctly. No password version is provided because sometimes there are issues connecting to a database with a password set on it.

Default username for access databases is of course "admin" but you really dont use that except in the data connection information.

yes, usernames and passwords are both case sensitive. It increases security.

I would also double check that you changed the field size correctly and on the correct database that is being used in the connection string

It's real easy actually if ya sniff around the source code.
ASP is so easy to (work with/edit) even if you dont know any code.


edit   "save.asp" with a text editor

change

If Request("First_Name") = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a First Name.\n\n")
End If

to

If Request("Company_Name") = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a Company Name.\n\n")
End If


From looking at that save code I dont see where Last_Name was required. The only name I saw required was a 1st name.

Also.. making the First_Name not required may break something somwhere else. I dont think it will but it might. You are warned.

It probably is. You would have to look at the paypal documentation for IPN and see what needs to be changed in the form code.

You can get all that info from PayPal's website.

There are tons of variables and options you can use with all of their code.
They have detailed PDF files full of information on all of them.

Hi,

I can't seem to find the code where it limits the upload file size. I want to limit the upload size to 1.5 mg for all users. Also I've noticed that the 500 pix doesn't seem to work. As in if an image is bigger than 500 pix the script still uploads it. i am using Upload_post_VBSCRIPT.ASP.

Thanks

Chris,

Another question on V7.  I set up all the paths as required for the extras like user pics and exports on my site.  They were working fine.  I created an export, then as you recommend, deleted the file on the site to ensure it doesn't get in the wrong hands.  I did this a few times to test it after a number of people logged in.

About 2 days later, I went to do it again and the system came back with an error saying the directory didn't exist.  I know it did because I created it and it worked fine.  I then created the directory again thinking I was losing it.

Then today, I went to do another export and the directory is gone again!  Can you help me understand why this might be happening?  I am the only one with FTP access to the site so there is no way that it could be someone else doing it.  The error I get is:

Microsoft VBScript runtime error '800a004c'

Path not found

/password_admin/export.asp, line 78

Thanks,
Dave

More Info in Case Anyone is Interested:

This bug was mentioned by a couple people. The cause of it was never really understood until I recently re-wrote some of the banner code for an upcoming version.

The fix for this bug was very simple. It was just one of those weird situations where code should have worked but did not. I added some code to do it a bit differently and it worked as it should have..

It really still makes no sense to me why it didnt work the way it was, but at least there is a fix.

Is there a possibility to build in a option that the administrator will be notifed when a banner expired.

I dont know about your error on line 6 when uploading..

as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.

I really need more information and possibly acess to the system to do some troubleshooting...

This is anot a feature anyone has ever had an issue like this with.

When a new user adds themselves to the db thru the registration page, no user id is assigned in the User_id field.  I can't access the page on-line due to an user_id related error on the page.  I must use access itself and add the user id.  After that, everything works as expected.

What have I done?

Hello,

 I need some help with the following code. Please look at the area in red. I need to be able to set someting up to where the variable eval1 (a yes/no field in my database) is set to false after the associated link is pressed.

Thank you

="vbscript" %>
<!--#INCLUDE virtual="/irp/check_user_inc.asp"-->
<html>

<head>
<title>Administrator Evaluations</title>
<style>
<!--
 div.MsoNormal
 {mso-style-parent:"";
 margin-bottom:.0001pt;
 font-size:12.0pt;
 font-family:"Times New Roman";
 margin-left:0in; margin-right:0in; margin-top:0in}
-->
</style>
</head>

<body background="../images/1.gif" bgcolor="#C0B59A" vlink="#FF0000" alink="#FF0000" link="#0000FF">

<p><map name="FPMap1">
<area href="http://www.utb.edu/" shape="rect" coords="627, 66, 670, 81"></map>
<span lang="en-us">&nbsp;&nbsp;&nbsp;&nbsp;& ; ; ; ;nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;& ; ; ; ;nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;& ; ; ; ;nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;& ; ; ; ;nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;& ; ; ; ;nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;& ; ; ; ;nbsp;
</span>
<img border="0" src="https://blue.utb.edu/irp/Inst-Research&Plan.jpg" usemap="#FPMap1" width="675" height="82"><br>
&nbsp;</p>
<h2 align="center"><span lang="en-us">Administrator Evaluations</span></h2>
<p align="center">&nbsp;</p>
<p align="left"><span lang="en-us">&nbsp;<b>Welcome,&nbsp; </b>  </span> <b> <% Response.Write(Session("FIRST_NAME")) %>
</b>
</p>
<p align="left"><b><span lang="en-us">On this page, you will see a list of names
that represent the persons that you will be evaluating this year.
Please click on a name to select that persons evaluation form. Once you have completed
and submitted that persons evaluation, you will be returned back to this page to
continue with the next person on your list. Once you have completed all your
evaluations, you can log off the system using the link below.</span></b></p>
<p align="left"><b><span lang="en-us">Please note: Only <u>1</u> submission per
person will be accepted, any additional submissions will not be accepted.</span></b></p>
<p align="left"><span lang="en-us"><b>If you have any questions please feel free
to contact us at the number below.</b></span></p>
<hr color="#FF9933" width="80%" size="3">
<p align="center"><span lang="en-us"><b>Please click on a name below to begin
the evaluation process.</b></span></p>
<div align="center">
<table>
         
       <%If Session("Link1_Name") <> "" Then %>
    <table border="1" width="28%" id="table1" bordercolor="#000080">
  <tr><td bgcolor="#FFFFCC" style="float: left">&nbsp;  <b><span lang="en-us">&nbsp;<a href="https://<% Response.Write(Session("Link1"))%>" onclick="<%=Session("eval1")="true"%>;return true" </href>  <font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link1_Name"))%>< /span></font></a></span> </td>
  </tr>
  <%End If%>  
       
   
  <%If Session("Link2_Name") <> "" Then %>
  <table border="1" width="28%" id="table1" bordercolor="#000080">
  <tr>
  <td bgcolor="#FFFFCC" style="float: left">&nbsp;  <b><span lang="en-us">&nbsp;<a href="https://<% Response.Write(Session("Link2"))%>" </href><font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link2_Name"))%>< /span></font></a></span></td>
  </tr>
  <%End If%>
 
  
  
  <%If Session("Link3_Name") <> "" Then %>
        <table border="1" width="28%" id="table1" bordercolor="#000080">
  <tr>
   <td bgcolor="#FFFFCC" style="float: left">&nbsp;  <b><span lang="en-us">&nbsp;<a href="https://<% Response.Write(Session("Link3"))%>" </href><font color="#000000"><span style="text-decoration: none"><%Response.Write(Session("Link3_Name"))%>< /span></font></a></span></td>
  </tr>
  <%End If%>
  
 
POST EDITED / SOME CODE REMOVED TO KEEP IT SHORTER .. 
This went to Link3_Name    
    
 
</table>
<p>&nbsp;</p>
<p><span lang="en-us"><b>If you have completed all your evaluations and wish to
log out please click <a href="log_off.asp">here.</a></b></span> </p>
<p>&nbsp;</div>
<div class="MsoNormal" align="center" style="text-align:center">
 <hr size="3" width="80%" noshade color="#ff9933" align="center"></div>
<p align="center" style="text-align:center"><b>Institutional Research and Planning
<br>
Tandy 270<br>
80 Fort Brown<br>
Brownsville, TX 78520</b></p>
<p align="center" style="text-align:center"><b>Phone: 956-544-8816&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Fax: 956-983-7652<br>
E-Mail:
<a style="color: blue; text-decoration: underline; text-underline: single" href="mailto:iresearch@utb.edu?subject=Administrators%20Evaluation">
iresearch@utb.edu</a></b></p>

you basically have to edit the html in the links in the various pages and remove them... some are in includes files

use a text editor and be causious / back things up before you remove links so you can revert back

Hi. Chris.  I'm not a programmer of any sorts, so I am not comfortable plugging in the changes you suggested and not knowing for sure if it will "break something somewhere else".  If the programmer tells me "you have been warned", its a pretty good sign its a no win situation. If you don't know, theres no way i can know.

I saw in the code where you mentioned the changes. I don't see where it mentions the last name is required either, but the bottom line is it does require it it the actual new user form.

Thanks anyway Chris. I'll figure something out.

-john

I am not entirely sure how one configures the system to assign a user to a specific group.  For example, let say I have created two groups A and B, and I have pages protected by the code generated in the admin area for groups A and B.  I know I can assign access to these groups in the admin area.  However,  it is not clear to me how I do it automatically through the registration process. 

I have a user who is trying to login. However, I am getting a error that I can't seem to find.
Username: executive.barcheski
Password: executive@amcpc.com

Encrypted Password: �?=�`م�

Error on check_user_inc.asp line 114

If (Request.Cookies("PASSWORDSYSTEMCOOKIE")("KEEPMESIGNEDIN") = "True") And (Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME") <> "") And KeepSignedInOption And Status <> "Checkem" Then
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME "), CookieEncryptionKey) & "') And (Password = '" & Replace(RC4(RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COO KIE_PASSWORD"), CookieEncryptionKey), PasswordEncryptionKey),"'","''") & "')"
Else
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & Username & "') AND (Password = '" & Replace(RC4(Password, PasswordEncryptionKey),"'","''") & "')"
End If

CmdCheckUser.Open CheckUserSQL, ConnPasswords

error received: unclosed quote after '�?=�

Any ideas

Jason Johnson

ASPProtect protects ".asp" pages only.

That is your problem.