I really need more info on what you have going on?

This can sometimes be cause by a slow server / bad data connection.

Sometimes caused when someone is using the option pack but did not make the proper changes to the database.

Sometimes caused when a user adds users the database on his own and does some "incorrect" things..

The more details you can provide the better. Think of anything and everything and describe it.

SQL or MSACCESS... version of either
Server OS
Using Option Pack or not
Did you have your host set permissions...

etc etc etc

To hopefully wrap this thread up...

This user showed me his site and things were working for me as they should.

We came to the conlusion that the weird behavior he was experiencing was because he was using AutoComplete in Internet Explorer....

It was automatically filling in the fields with his username/password that he had autocomplete save.

So it was a web browser usage issue.. not the code.

it is by design actually and something that can be improved
(I just never thought of it when I 1st designed the system and it is actually planned to be added in Version 8)

The trick would be to reset those session variables anytime someone edits and saves their information... not very hard at all

you would do it on the save code page for when a user edits themself.
you want to grab the info posted from the form and  reset each session variable at the same time everything is re-saved to the database

example

Session("Company_Name") = Request("Company_Name")

Glad it worked

There is nothing built in to the system but it is very doable.
However, you need to be a decent asp coder because your going to have to write some code.

Basically you would want to do a check on the screen where a user uploads to count how many pictures they have uploaded.

Then act accordinly and either let them or dont let them proceed.

On a side note the overall filesize limit of the total of all pictures a user can upload can be set when you edit a user.

Okay Chris, I wold like to get rid of the encryption then if it's not too much trouble.

I have no option of running the production server against an ms access db, since the db needs to be online and accessible from another system.

Chris,

When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.

All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.

I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP.  I hope I expained the situation well enough.

Why all the pages at the directory .../password_admin/ are very slow to open online?

If you are developing using Windows XP Pro and running the NTFS file system setting proper permissions on a folder in your website requires that you 1st disable simple file sharing.

To do so open up "my computer". At the top open up "tools/folder options"

Then the "view" tab.

Then at the bottom uncheck "use simple file sharing"

After that that is done... using "my computer" browse to the folder in your web that you need to set permissions on.

Right click on that folder and then choose the "security" tab.
(If simple file sharing is on that tab wont be there)

Give the "Internet Guest Account" Modify Permissions
This will check all the boxes under modify as well.

You can also give permissions to the everyone account and accomplish the same thing.



BTW:
If you are using ASP.NET you need to give permissions to an account called ASPNET. It wont show up in the user list. You'll need to click "add" and then type in "ASPNET"

Not really.  The way I thought activity would work is that I would always see the last 50 users.  Not sure what controls that and why I wasn't seeing it, but it sounds like it is an IIS thing and since my site is not all that busy, it will not show the users if some process has reset the numbers.  Not a big deal.

As for the log files, I think it is related to my other question regarding the export directory.  I have the ISP looking into things at thier end to see if they are doing anything that could cause the directories to disappear.

Thanks,

Dave

do you have the smtp part of iis installed on your machine

cdonts needs that

then again I am not sure you can even use cdonts on a xp box without making some changes...

cdonts has kinds died out and as of windows 2000 basically got replaces by cdosys

Can you do a better price deal for that version in place of the one I've just purchased ie for a single licence rather than unlimited Christopher?

Or failing that can you give me an idea of how many changes you had to make to convert 7.3 to work with Mysql?

Regards,

Dave

I'll try to help when I get back tues night,, see the contact page for info on where I am .
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry

While attempting the database connection test, I receive the following error:

Server Error in '/' Application.

---

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Security error.] aspprotectnet.DBConnectTest.Page_Load(Object sender, EventArgs e) +0 System.Web.UI.Control.OnLoad(EventArgs e) +67 System.Web.UI.Control.LoadRecursive() +35 System.Web.UI.Page.ProcessRequestMain() +2112 System.Web.UI.Page.ProcessRequest() +218 System.Web.UI.Page.ProcessRequest(HttpContext context) +18 System.Web.CallHandlerExecutionStep.System.Web.HttpApplicati on+IExecutionStep.Execute() +179 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

I am using ASPProtect's password program, which has been very successful, for managing over 1,500 military veterans' memberships at http://www.vspa.com.  What I am trying to do now is utilize the "Groups" code, as generated by the Admin page, to prevent members with expired accounts (and non-members) from accessing restricted "members only" .ASP pages they may have bookmarked, or found via web search. The code generated and used is as follows:

<%@ LANGUAGE="VBSCRIPT" %>
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * ADMIN * Member Current * Member Life * Officer/Staff * ) -->
<% GROUPACCESS = "10,12,14,19" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->

The above is placed over the <html><head> statements on the page.

When I am logged in the code works perfectly! When I log off and try the URL again, the page appears in its entirety but with a Login box for Username and Login Password at the top of the page. You may view the problem at: http://www.vspa.com/aspprotect/vspa-password-enter.asp .

What I would like to have happen is expired members and non-members would be sent (or Redirected) to a Login page. I do not want the Login password box to merely be inserted above the page that I am trying to keep them from visiting.

Don Poss,
VSPA Webmaster

I would like to create a login form on the home page which will not be password protected to the site for members so that they can login right from the home page and not a password protected page like many sites have. And every portal I have seen.

Plus the login form looks really pretty and proffesional on the home page   ...

I can't find anything in the documentation that says how to do this or if it's even possible. Everything I have found says to password protect a page and then direct them there which isn't what I would like to do.

Here is the code of the login page which is an asp include file on the main page:

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>

<body>
                              <td><img src="images/a026.jpg" alt="" width="187" height="21"></td>
                          </tr>
                          <tr>
                              <td bgcolor="#EBEBEB"><table width="100%"  border="0" cellspacing="0" cellpadding="3">
                                       <tr>
                                           <td><table width="180" border="0" cellpadding="0" cellspacing="0" bgcolor="#AAAAAA">
                                                   <tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                         <td><img src="images/spacer.gif" alt="" width="178" height="1"></td>
                                                         <td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                   </tr>
                                                   <tr>
                                                         <td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                         <td bgcolor="#FFFFFF"><form name="form_login" method="post" action="">
                                                              <table width="100%"  border="0" cellspacing="5" cellpadding="0">
                                                                  <tr>
                                                                      <td width="53%"><input name="textfield" type="text" class="style-01" value="username"></td>
                                                                      <td width="47%"><a href="#" class="link-02">Forgot pass?</a> </td>
                                                                  </tr>
                                                                  <tr>
                                                                      <td><input name="textfield2" type="text" class="style-01" value="password"></td>
                                                                      <td><a href="#" class="link-02">Not registered?</a> </td>
                                                                  </tr>
                                                              </table>
                                                         </form></td>
                                                         <td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                   </tr>
                                                   <tr>
                                                         <td colspan="3"><a href="#"><img src="images/a027.jpg" alt="" width="180" height="15" border="0"></a></td>
                                                   </tr>
                                           </table></td>
                                       </tr>
                              </table></td>
</body>

</html>

Does anybody know what values I would put in the form to send the correct login to AspProtect. And, if I would have to add any extra includes or code to it.

TIA

ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..

This comes with the system as an example folder with some files in it.

Basically we protect the image in 2 ways.

All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.

For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.

Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41

This is what it says in that thread I pointed you to

This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.

I really dont see what is confusing about it. I think I explained it all in detail in that thread.

i will probably end up doing this myself, but dropping all the log data in a sql table would be nice as it offers much more flexibility on how an admin can keep track and use the data. Browsing through each log file is very inconvenient. I can search for text in the files (server-side, others with a shared server would probably have to separately download all log files first), but with the current method I don't have the following important options:

• cannot sort by any criteria
• quickly see a list of all login attempts by a specific user (i need to search each log file individually for this info)

if you had an option during setup perhaps (or elsewhere) in a future version that allowed an admin to specify the preferred logging method (separate files or a table in sql) i'm sure many admins would find it very useful to have a database alternative of keeping track of users becuase it would offer the two benefits listed above, plus more.

Yes, you are right.

We have now tested it using the DSN less connection with Access 2002 and it works fine. We have also tested it again with a DSN using 2002 and this also seems to work.

The comment about speed is a consideration although I have not noticed any differences. ( we only have a few database entries at this time).

Thanks for your help

(Capcha Security Image Mod)

This mod will add a Capcha Security Image to the registration signup form.



Instructions:

Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/

Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.

Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.


    <tr>
      <td valign="top" align="right"><font face="Arial" size="2"><strong>
  Newsletter</strong></font></td> ; ; ; ; ; ; ;
      <td valign="top">
  <input type="checkbox" name="Newsletter" value="True" checked>
  <font face="Arial" size="1">Do you want to be subscribed to the
  newsletter ?</font></td>
    </tr>

    <tr>
      <td valign="top" align="right"></td>
      <td valign="top">&nbsp;<img src="aspcaptcha.asp" alt="" width="86" height="21" />
   <font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
   <input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
    </tr>

    <tr>
      <td colspan="2" bgcolor="#FFFFFF">
        <p align="center"><input type="submit" value="Register"></p>
      </td>
    </tr>


ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.

If User_Custom6_Used = True Then
 If User_Custom6_Required = True Then
  If  Custom6 = "" Then
   ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
  End IF
 End If
End If
 
 strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
 if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
 else
  ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
 End If 
 
If ErrorMessage <> "" Then
 Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
 Response.End
End If

Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.

Now that I think about you may very well be able to use the existing login_form_inc.asp page

the header and footer files for the users area may be ok as well.

probably the smart thing to do is try your old ones and compare them to the new and see if everything you need is there. If not add it by looking at the source html and comparing.

All other files should definetly be replaced with the new.

It should be released sometime late May 2004 or early June 2004 but no gurantees as I am pretty busy right now with some projects.

There will be upgrade instructions and it should be a fairly easy upgrade.

In addition to that I just noticed the </href> you have in there.. man that is some scary stuff you came up with.. that may appear to work and make a link but it is not correct. Each link will work but never truly be closed.

That is just not valid proper use of the anchor tag.
You make a link in html like so

<a href = "somepage.htm">somepage.htm</a>
http://www.w3schools.com/tags/tag_a.asp

Then your surrounding each link with <span lang="en-us"> </span>
Not sure why ?

as far as permissions are concerned I wrote two large articles about permissions that cover everything in detail on how to properly set them

http://support.cjwsoft.com/code/info11.htm

see the windows 2003 and windows xp permission threads

From things you are saying I assume this is your server. My comments about the path looking funny are because very few commercial hosts would use the "c:\inetpub\wwwroot\" directory. If you are using that and that is correct info then that is fine.

as for knowing whether or not the filesystem object is working the best thing to do is to try to write  a text file somewhere in your web and see if it works. Testing something under the most basic scenario is the key to troubleshooting asp issues.

http://www.devasp.com/samples/writetofile.asp

Great software.

How easy would it be to copy the email address entered at registration directly into the login id field so that the user's email address is automatically used as the login id? 

Also, where in the code can I turn off the random password generator - I'd rather force people to pick something they can remember themselves.

Thanks,

Nick

like I said you made changes to something to cause that...

users/user_area.asp

runs fine the way it ships "it is one of things I tested earlier when I looked at your installation for you"

If you want I'll go look via FTP and tell you what is wrong

Christopher

Many Thanks

Seems like its working just got to test it bit to see, though it wasnt going to work as I had one too many End If's after the last part of the code you done for me. But even I eventually sussed it, nothing to do with your bit just another mistake on my part

Great to get support like this especially on a Saturday

regards

John

I downloaded v7 3/7/2005

I entered a password that was supposed to be all caps with only first letter caps. 

it is odd, if I go to other user and enter wrong password that does not come up.  it apprpriately goes to a screen that says Access Denied.

thx

that's they way it should be done..

the only other thing would have been to test everything with sql before trying to import any data.. and make sure all was fine at that stage




more info on the errors would be helpful.

Id' also carefully visually compare the SQL tables and fields with the SQL scripts and make sure all field types and settings got set correctly.

Also, make sure the user accessign the database has datareader and datawriter permissions of course.

Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS?

People who have the option pack have a new feature called groups.

Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customers older protection code.

A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.



Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.

For example..

You make 8 groups and assign users to them accordingly

Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any one of those groups would have access..

Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  2-8 would have access..

Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  3-8 would have access..