And I'm the one who finds those rarities!   I'm not surprised. 

Oh well...this should be interesting trying to get an 80 year old man to change his password.

Thanks for your quick responses Chris.  This is still an awesome membership system!

Mick

when you get back to work.. your   "redirect.asp" needs the password include file at the top of it.. or that wont work either..

and of course those pages you send people to all need to be repaired

We are emailing a weekly newsletter via the Newsletter feature.  Many clients complain that they are not receiving the newsletter.  The emails are not bouncing back indicating that they possibly are not being sent to begin with. 

Is there any way we can determine if ASP is making it through the entire database of subscribers?

You edit the web.config file that came with ASPProtect.NET.

You find this tag

  <customErrors mode="RemoteOnly" />

you change it to this

  <customErrors mode="Off" />

If you have a different web.config file in your root I suggest you make sure the tag is set to off there as well for troubleshooting sake

If done correctly you will get a detailed error
It's basic low level ASP.NET stuff really and does not have anything specific to do with ASPProtect.NET.

You also need to make sure your web is set up correctly for ASP.NET and that the correct web.config's are firing..etc etc

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

I'll send you something..

I am trying to protect and ASP page written in Javascript.  The first part of the page goes:

<%@LANGUAGE="JAVASCRIPT"%>
<!--#include file="../Connections/connWINGAP.asp" -->

When I insert the aspprotect code it looks like this:

<%@LANGUAGE="JAVASCRIPT"%>
<!--#INCLUDE VIRTUAL="/GIS/WCGIS/GISProtect/check_user_inc.asp"-->
<!--#include file="../Connections/connWINGAP.asp" -->

and I get this error: 

Microsoft JScript compilation error '800a03f7'

Unterminated string constant

/GIS/WCGIS/GISProtect/check_user_inc.asp, line 2

I think I understand that your code is written in VBscript and that is why it is not working.  If this is the case, how can I switch to VB to execute your stuff then switch back?

Thanks,

Jess

Something very strange is happening.  Some users can't see the classified ads in their browser.  This is specific to the user's computer, and they can check other computers and see it fine.

In each case, the user is using windows explorer 6.0 browser with windows xp.

they can't see the ads listed on the ads page, but they can see the categories.

also, they can't see the place ad link on some pages.

Do you think that their browser is blocking the javascript for the mouseover message?

thanks.

Hi,

I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working.

Chris -

Sorry, I am looking at your code on view_item.asp and I have noticed that you are calling 3 variable; start_date, end_date, and image_url that do not exist in the databases that you provided.  Do I have the updated package for ASPVendor?

Christopher
We are actually having a lot of problems with this software.

Apart from the above problem of the email not being in the database as details above we also do not get any reply emails from any forms, the mass email button does not appear and the forgotten password does not send emails either.

We have CDONTS Version: 2.80 Installed as the email system, this is operational on the server. I have tested this with server_info.asp to check.

I can email you direct any other information you may need.

Regards

I'm using ASPimage and have the maximum width set to 320 in the settings.  Also using SAFileUP ver. 4.0.

Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.

Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.

Suggestions?

Can I have the logon be in a top frame while having the protected pages displayed in a main frame?

Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.

If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames

personally though I think that would be a somewhat goofy setup to have going on


Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?

As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .

Really, the best thing to do is expirment and see how things behave.

Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?

I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?

I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.

That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.

see this article...

80040211
http://www.aspfaq.com/show.asp?id=2026

Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.

If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc

I am brought to a logon page in which I cannot access the page.  This must be due to the check_user_inc.asp include.  Without the include I get a blank page.

All can say right now is take a break and get away from it for a bit. All your going to do is stress yourself out more if you keep working on it.

There is probably a way to make it work but it may require days of fiddling around and reading articles and trying things and even then you may not get it working AND THEN ITS JUST A BAD IDEA ANYWAY. Like John says you are better off running it on a server that is not a domain controller.

LOL

Editing using Visual Studio.NET

Here are directions for editing the application using Visual Studio.NET
2002 or 2003 version.. either should work

Some of you are wondering why I didnt just give you the project files.
It is best you go through this process and really understand what is going on.
Also, I dont use VS 2002 so I wouldnt be able to give you project files that would work with that. Not to mention there is 100% chance my prject files wouldn't work for you anyway because of path differences and other things.


Anyway.. on with the instructions...

1st.. make sure IIS, ASP.NET, .NET Framework, and Visual Studio.NET are all installed correctly and up to date.

Open Visual Studio.NET

File -  New Project

Select a New Visual Basic ASP.NET web application.

give the new web to be created a name.. I called mine "aspprotectdotnet"

Hit Ok..

Now. once the project opens up we need to delete a few things in the solution explorer window.

So delete "webform1.aspx" , "deletestyles.css", "Global.asax", "AssemblyInfo.vb", and "web.config"

Basically all the files under the project...

Now... you should have the aspprotect.net files unzipped somewhere on you hard drive...

open that folder and select all the files and folders like so




Now drag those selected files and folders to the solution explorer window of Visual Studio.NET right on to the name of the web. In my case "aspprotectdotnet"

It might say this folder already contains a folder names Bins.. just tell it to copy over and continue on any prompts like that.

You'll notice your project is now populated.

Open up the references tab in the solution explorer window as we need to add some references to the dlls in the bin folder of this project. This is needed so the compile process and function correctly.

Right click on references.. click add reference
Then browse....browse on your hard drive to the location of the new web and the bin folder within it. 

In my case... "C:\Inetpub\wwwroot\aspprotectnet\bin"

Choose "aspprotectlicense.dll"

Hit open...

Now do the same thing again until you have added all the dlls in that bin folder to the references.. 

Now.. click add-references again and this time choose
"system.management" from the choices in the .NET tab

Once all of that is done your references should look like this




Now in the Visual Studio.NET menu system up top..

Choose Build - Build Solution

If you did everything right you will see something like this in the build window

------ Build started: Project: aspprotectdotnet, Configuration: Debug .NET ------

someone has to do something other than me.. i've given up

if i give u the username/pw can you set this up on the network solutions host and ask them to set whatever permissions are needed?

cant do it anymore....

The protection code for my group3 is:

<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * GP03 * ) -->
<% GROUPACCESS = "3" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->

btw - sorry but I am using v7
and thanks for the assistance

Protecting ASP Pages

To protect a page without using the Access_Level or Groups feature simply add this code to the top of that page.

Put this under the <%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.

The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp

Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in.

An example of doing this is provided in the "default.asp" file included in the root of the Password System.
Look at the source code with a text editor to see the working code. It is quite simple.

 Protecting ASP Pages Using Access Levels

To protect a page using the Access Level feature simply add this code to the top of that page.
You simply specify the Access Level before the include file is called. In this example we are protecting the page with Access Level 4.

Put this under the <%@ LANGUAGE="VBSCRIPT" %>

<% CHECKFOR = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.

The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp

Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in as a Level 4 user.

Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System.
Look at the source code of the ASP pages in that folder with a text editor to see the working code. Again, It is quite simple to follow.

Protecting ASP Pages Using Groups

Please see the code generators in the admin are for the code to do that.

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

It does not matter what directory name the ASPProtect files and folders are in but you cant go moving around critical file and folders like it appears you did nor is there any reason to.

All that is is saying is that the users folder, the password_admin folder, the scripts folder, the check_user_inc.asp file, and all the other files and folders that come with the system can be in any directory name as a whole.... but that doesn't mean you can go messing around with the files and folders in that directory.

I assure you 100's of users do not use "aspprotect" as the main folder name and they have no issues doing so.

Regardless, you need to explain in much clearer detail exactly what you did and what paths you used and what is where.  At this point I really do not know what is you did as your post was not clear to me.

You should also check that you have entered correct path info in the admin settings page area. The register page is one of the paths that geths set there.

The redirection at 1st login feature is supposed to work like I explain in this thread.

http://support.cjwsoft.com/code/moreinfo385-1.htm

Though what you just said is a bit confusing it sounds like you have some sort of browser problem and it is doing the redirect every single time. ?

I would suggest reseting all your browser settings to normal and making sure cookies are enabled because forms based authentication uses session variables and cookies must be enabled for session variables to work correctly. If not something like this could happen as the redirection at 1st login would happen over and over every time.

So try it on other computers and try with firefox as well as IE. Many people go nuts with their browser settings and way too much stuff blocked which can cuse all sorts of issues. Also some script blocking and firewall software can cause problems so disable all of that when testing.

You may also have created some sort of endless loop. (I really need to know way more information on what you did to know that for sure)

You may also want to consider doing your redirects manually meaning you protect a a page and right after the protection you use regular ASP redirect statements to redirect the user whevever you like based on their session info which is available to easily check immediatly after someone gets through the authentication.

I still stand behind my statements that redirection is not good site design. You really really need to understand and plan your ASP pages as well as have a very good understanding of the session and how all of that works if you use redirection with a password authentication scenario. You should never be redirecting someone to an ".htm" pages except during testing because you wont be able to stop users who are not supposed to go there from going there directly.

Are there any problems with modifying the default database fields.

I need to have an update from net billing and they use different settings in the database than the default.

Will the interface still be functional?

Most likely it is no longer supported on the web server. The web host probably moved you site to a windows 2003 server which does not support cdonts or they stopped running the IIS SMTP server.

You usualy wont get an error..

it is also possible that cdonts is boned up as it is pretty flaky and that tends to happen. For example sometimes the emails it is suppost to send get caught up in the smtp pickup directory and never get sent out until the server is rebooted.

You should really ask the hosting company why cdonts has stopped working. It definetly has nothing to do with the code if it has been working all that time.  If CDONTS still is supportd tell them you emails are in limbo. Ask them to look and see if a bunch of ".eml" files are stuck in the stmp pickup directly and if so to please reboot the server.

lastly:
cdonts has been deprecated and now everyone uses cdosys.
see my article
http://www.powerasp.com/content/new/sending_email_cdosys.asp

ok... lets forget about all this redirecting business for a minute

when I go to "GP01.asp" directly via your web site I get a big nasty error that says this

Microsoft VBScript compilation error '800a0411'

Name redefined

/protect/config_inc.asp, line 15

Dim  Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^ 

then when I look at what you did in that file I see why

you have this code which is totally wrong because you cannot include the password protection file twice

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<% GROUPACCESS = "*1*" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

it should be

<%@ LANGUAGE="VBSCRIPT" %>

<% GROUPACCESS = "*1*" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

and that is probably the root of this entire problem.. the redirection was working...
but you were sending them to invalid pages with errors

all those pages are wrong...

if you dont see the real error above see this

http://support.cjwsoft.com/code/moreinfo11-1.htm

if you look over the aspprotect 7 installation instructions that is the very 1st thing I tell people to do

hopefully this is the info you need to continue and get some work done

Microsoft VBScript compilation error '800a0400'

Expected statement

/asplog/check_user_inc.asp, line 404

End If
^

Is this a standard database connection error so I should ask my IIS to make sure permissions are correct?

Thanks..!

well, you should probably be backing up the SQL database on a regular basis. That is between you and hosting company. If they let you connect via SQL Enterprise Manager you can do backups on your own.

As far as the aspprotect files and folders go back them up somewhere, and then only worry about backing them up again if you change some of the files.

That's really all there is to it. None of the ASPProtect files change on their own except the generated log files that you may or may not care about backing up.

I mean the important thing is the Database, and then of course any your own .asp pages that you protected as well as any custimizations you made to the users area or your site...

Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.

In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.

Redirecting example..
This page will redirect admins or level 4 users to a certain page  and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Admin") = "True" or Session("Access_Level") = "4"  Then
    Response.Redirect("sompage.asp")
Else
    Response.Redirect("someotherpage.asp")
End If
%>

Redirecting example..
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Access_Level") = "1"  Then
    Response.Redirect("level1.asp")
ElseIf Session("Access_Level") = "2" Then
    Response.Redirect("level2.asp")
Else
    Response.Redirect("allothers.asp")
End If
%>

Redirecting example..
This page will redirect user "PistolPete" to a certain page.

 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Username") = "PistolPete" Then
    Response.Redirect("somedirectory/somepage.asp")
End If
%>

 
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
 
<%
If Session("Username") <> "PistolPete" Then
    Response.Write("You do not have access to this page.")
    Response.End
End If
%>

etc etc etc.... these code snippets should point you in the right direction...

Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.

Thanks!
Rhona (rookie)

Hi,

That is not enough to go on. I need details in order to help.