ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..

This comes with the system as an example folder with some files in it.

Basically we protect the image in 2 ways.

All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.

For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.

Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41

Chris:

I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.

Thanks for the help.

When that link is clicked on it will then track the click and redirect the user to the “link url” specified for that banner. 

The system actually generates the necessary ASPBanner URL for you. That link is shown on the banner edit screen.(you must save the banner at least once and come back to that screen to see the link though) 

Really the best way to show it is with an example as seen below.

Basically the flash banner file "powerasp.swf" highlighted in green needs to be edited to link to the banner redirect url which is highlighted in red.... the banner redirect url will then track the click and ultimately send the user to the Link_URL highligthed in blue.

All banners systems work this way when it comes to flash files.
It’s the nature of flash and the web browser, 

The flash source code must be edited to link to the redirect url in the ASPBanner system. There is no possible way any banner system can track a flash click unless the flash file links to the banner system 1st.... because that click is handled by Flash and the web browser. 

In some cases if you do have the original source file for the flash banner then you are out of luck as far as tracking clicks goes.



On a side note... if you create flash banners the way this article says you can actually feed a .swf flash file a link for it to click to. Instead of it being hardcoded.

http://www.macromedia.com/resources/richmedia/tracking/desig ners_guide/index.html

This is really the way everyone should design their flash banners from now on because the url it links to can be easily changed at any time without editing the flash file source code. 

Christopher,

I can empathize. It can be a real pain to stablize a server and fend off hack attacks.

As for beta testing, I was referring to once you get to the point where you're ready to release it to the public whether it's this month, next month, etc.

Good Luck!

Al

UPDATE:  read whole thread..
Version has been delayed




These are my personal notes on the new version of ASP Photo Gallery that should be out sometime in May/June 2004. Please ingore any typos.

This version may be more expensive than the current pro version as this is a major re-write and there will be a ton of new features.

Regardless, special pricing will be offerered to existing users.

If you see any features not listed that you think would be nice please post them here. We will of course consider them.

ASP Photo Gallery Version 4

------------------------------------------------------------ --------------------------------------------

Finished Improvements:

new setup page makes setting up the data connection easier than ever
it attempts to determine the possible data paths and makes suggestions for what to try
when you finally get the data connection working it gives you a link to the admin area of the application
so you can get started using the application

all database table names can be specified in the config_inc.asp file for advanced users that they may need
to change the table names in the database.. helpful for sql installation where one sql database must be
shared by many applications

new data folder is the only folder that needs permissions set
before multiple folders needed permissions
now everything can be put in this folder... database,logfiles,configuration files,picture upload folders...
eventually all cjwsoft applications will do this allowing multiple cjwsoft applications to use that same folder
therefore making it easier than ever to setup more applications without asking your host to set more permissions

new text based config file makes it easier to add new options to the program without making changes to
the database structure... therefore the need for the configuration table in the database has been eliminated
this also reduces system resources needed to load the config data for each page because it eliminates calls to the
database for config data

added voice effects for data connection page, intro users page, and settings page

made it so ratings color was an option (red or blue)

fixed minor bug that wasn't showing fixed category heights when that was selected and am image wasn't originally sized that way during initial upload

changed logfiles dates so they always show up in the proper order 09 vs 9

added config option to change bit query value to 1 or -1
default it to 1.... this is a technical thing

added the extra options currently in the config file to the settings page so people do not have to manually edit that
file any longer...

added new persits email option and authentication options to the settings page

added new CDOSYS emailing option

added support for dundas emailer

added support for ASPSMARTMAIL

fixed word filter so if it is empty it doesn't mess up
also make editing it part of the main settings

made email functions include file and edited all page that email to use it

added css/style sheet support and removed a lot of the old font tags

seperated the settings page into sections because it was too big and confusing

added ability for text watermarking when using the ASPImage component

made the picture upload error message no longer mention browsers that do not support picture uploading
as that is confusing people... and the problem is never that anymore

Made the ASPImage test page delete the bar graph before creating it so if it is already there they will
not think it is working

added crystal ball feature to admin users screen... shows additional user info when you hold the mouse over it

Made search function highlight search word in results.
Made the search function search the image description text files as well

Eliminated the guestbook directory as there was no need for the guestbook to be in it's own directory. This also simplified the menu.asp file as the guestbook section could be removed.

------------------------------------------------------------ --------------------------------------------

Possible Improvements:

eventually make new and much better directions/documentation... html based for multiple reasons

Eliminate the need for parent paths to be enabled on the web server.
(THIS MAY NOT BE POSSIBLE)
Many hosting companies disabled parent paths and will not enable them for their users.
On Windows 2003 Server Parent Paths are disabled by default.

make it so users ability to upload pics can be optionally disabled

possibly make some of the special functions in the extras folder built in to the admin area

Make the category picture uploader smarter because of the jpg gif issue when reuploading cat icons
A jpg loaded over a gif.. doesn't delete the old gif graphic and vice versa

Reduce number of ".asp" pages in general.

Use more functions for redundant tasks.

Optimize all instances of the old filefound function which is using more resources than are necessary

option.explicit the entire application and get all the variables dimmed once and for all

possibly incorporate the new category system I am working on which allows for unlimited categories and levels
also simplifies the heck out of the pages that call the categories

possibly add some cool image manipulation functions such as rotation for the various image components supported

possibly add the ability to move pictures around in an album. and maybe between albums
I must also remember to move the ratings and desc as well for that image.

possibly add the ability to make individual pictures require approval

possibly add the streaming image ability (asp page called from image tag) I came up with as an option for
people that can use it. this will better secure images in password protected albums and also possibly make
it so images can only be viewed from certain urls.. and maybe make an interface for a list of allowed urls

improve the .net support to also resize the larger images.. currently it does not

possibly add a feature to store 3 versions of images uploaded
thumbnail, medium res, and high res/original
this will appeal to professionals or people that may want to sell prints
storing a large version will be optional

possible support for multimedia content other than gif and jpg images

fix... url to link to..   problem on control pics page when both a jpg and a gif are present... which also relates to a another slight
bug that needs to be taken care of

make interface in admin to listen to installed midi files
and also to upload / delete them

possibly make per album guestbook... or call it something else like disussion or comments

add option to store the images orginal name in the images description area during upload
may be helpful to people that name their images in a somewhat descriptive way

change approval settings so they work on a per user basis
eliminate access levels from edit user screen and get rid of the level 4 stuff mentioned
possibly add a per user option for individual pic approval as well if I get that feature implemented

add support for the ibulc bulk upload client that I recently discovered
it is very cool

in that file "upload_post.asp"

change

<%
If Session("Admin") <> "True"
 Response.End
End If
%>

to

<%
If Session("Admin") <> "True" Then
 Response.End
End If
%>

When a user 1st signs up a proper case function is run on certain fields.
This is only once on user signup and never done in the admin area.

It's goal is to keep things entered in Proper Case,

so if someone enters "chris williams" it becomes "Chris Williams"

It's not perfect but it helps a lot to keep the data clean and more consistent. Since it only happens during registration those values can be changed later by the admin or the user if someone wants to.

The function is only applied to the fields that it makes sense to apply it to.... 
In your case adding a drop down menu means you want exactly what is in your drop down to appear so you wouldn't want it happening.

That being said, it is really easy to remove this situation from any field it is happening to during registration.

So edit "users/add_new_account.asp" with a text editor

find

CmdAddUser.Fields("Company_Name") = PCase(Company_Name)

and change it to

CmdAddUser.Fields("Company_Name") = Company_Name

That is all that is needed to made the change

I am testing this now and there is something wrong.

PayPal is hitting the ipn.asp but the database is not being updated.

I will figure it out shortly though and post the anwer here.

Got it working.    Had purchased a long time ago and forgot about needing to run the userreg.exe.  All is well and thanks for the follow up.

Lance

Hi -

We are trying to set up ASPProtect 7 so that the user is redirected to a specific web page based on their group membership.

For example, immediately upon successful login:

Group 1 members are directed to page A
Group 2 members are directed to page B
Group 3 members are directed to page C

Users will only ever belong to one group.

We tried to use the Redirect_URL feature but it causes the browser to loop.

Could you let us know exactly how to do this.  We are not ASP programmers and need to work from an example.

Thanks!

Everything seems to work fine and I thank you very much for you quick response!!!

Ok I used the following for the sql string.. is this correct?

SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE (User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = '-1'" & ")"

Yup everything looks ok - but why no error?

This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...

What would cause it to 'think' it is doing the task yet still fail?

Update..

I have support for the ibulc image uploading client working.

http://www.ibulc.com/

There is also an option in asp photo gallery pro to store the images original filename in the description field which is pretty cool.

Ibulc client bulk upload support currently only works with the pure vbscript upload or the safileup component. (I may support the other two components asp photo gallery can use but it really depends on time) The pure vbscript upload code I am using for this is much better than the code I was using before so that method should be offer decent performance for anyone though using a component is always better.

I still have to add the ibulc feature to the users side. It currently all only works for an admin user.

The whole process is very cool. You install the ibulc client on you computer. It's tiny, and free for uploading up to 10 (100kb) pictures at once. You have to by a domain license from them to do more than 10. Anyway.. it lets you select multiple pictures off your hard drive and it then uploads them all at once with individual progress info for each picture. Its really cool and since it really treats each picture as an individual upload it doesn't hammer the server with one big upload at once.

I also made it so you can start the picture uploads at any picture number.
So if you already have pictures in an album you can add more without losing what is already there.

This was one of the main features of the new version and now that it is working hopefully I can tie up any loose ends and get the new version out soon.

Hi,

I can't seem to find the code where it limits the upload file size. I want to limit the upload size to 1.5 mg for all users. Also I've noticed that the 500 pix doesn't seem to work. As in if an image is bigger than 500 pix the script still uploads it. i am using Upload_post_VBSCRIPT.ASP.

Thanks

That was wrong of me but not what I meant. It seems as soon as I purchase something like this it doesn't work right and it can't be altered to work with what I have. The support ends up sucking or being none. Listen I’ve gone thru you're product and it's wonderful and does exactly what you say it does so that's a relief. Sorry about my ignorance with .NET but I’m from an ASP world and it's a lot different. You can see what I’m trying to protect here http://www.hotmixxent.com:8087/default.aspx. The final site after testing will be http://mxais.sfmx.org/default.aspx. Again thanks for the support on Christmas Sunday, that’s defiantly beyond the call and I appreciate it a lot.

ok,

IE and firefox do some things differently.

It could very well have to do with MIME types set on the server for your website. pdf probably isnt set as a mime type which can cause issues with file streaming situations.

Mime types are either set in the IIS console for your web site under the http headers tab or you can try setting the content-type header to 'application/pdf' right on the asp page the does the streaming

see this article which shows how to do that
http://psacake.com/web/gj.asp

'Specify a MIME type such as "text/html", "image/gif" or "application/pdf"
Response.contenttype = "application/pdf"
'Useful in cases for unknown file types

You would want to put the code that sets the contentype as close to the top of the asp page doing the streaming as possible.

That being said, ASPIN has a lot of problems with anonymous reviews so if you can please sign up with them and post an Authentic review as they carry a lot more weight. Authentic reviews involve responding to their validation email so when doing so use a real email address that you regularly check.

And sorry I made you use the forums, but as you can see this is exactly the sort of thread that will help someone else later on.. and that is why I require people to use the forums now instead of just email support. That way the conversations are out in the open where they can help everyone instead of buried in my outlook where no one will ever see them. And of course if information is sensitive you can always do a Private Message as you did earlier.

It is all about creating a knowlegebase of valuable information.

Thank you so so much! I went to the admin area and changed the email component from CDOSYS (using remote server) to CDOSYS (using port 25 forwarding) and all is working great now!

Again, thanks!

Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.

Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.

<compilation defaultLanguage="vb" debug="false" />

change it to this

<compilation defaultLanguage="vb" debug="true" />

When you run the code in a production environment change it back though

More Info
http://support.microsoft.com/default.aspx?scid=kb;EN-US;3061 56

Sorry you feel that way, not my intention. I'm not threatening anything. I was very happy you responded when did so there no reason for any bad feelings. I like your product as I said before and have no problems with it. Sorry again, that was not my intention. Merry Christmas…

Hi,

Its just not enough information to go on. I need more details on what is going on. There are a lot of configuration settings in these applications. I really do not know what to make of that screen shot.

My 1st guess is that if you cannot delete a picture that the picture folder does not have delete permissions ??

I also need to mention that I am not sure what this has to do with ASPImage ?

Chris -

Long time no talk, which is a good thing.  I have purchased another product from you, ASPVendor.  I am running into an issues.

When I try and remove the image through the image manager, it does not remove it.  Screen shot attached.

2005-10-19_194248_image_upload.zip

Thanks

Hi - I am a recent user of your software. I administer it for the owner. I probably missed something in your forums somewhere - but I'd like to know how to stop the software from sending an "accept registration" e-mail (after they fill out the registration page) from going out so fast - usually within minutes.  I'd like to know how to defer the message for 24 hours, more or less, so that our company can go over the registration details and decide whether to allow the person registering to actually have access to our protected website pages.  The program is working very well and we are excited about it.  So far, no problems (knock on wood!).

Thanks so much for your help!

yea.. it sounds like aspimage is not working right.

You wont get any errors..

I would suggest using some of aspimage's sample asp pages in your web and see if they do their thing. You need to be sure aspimage is working correctly under the ,ost simple of circumstances

Though ASPImage is the standard in ASP image resizing and has been around forever and it works very well. Their support is almost non-existant.. in 6 years they have never answered any email I have sent them. I have sent them 6 or so over the years and then just stopped trying. I bought a server bundle too way back then for like 300.00 or so when we had a company called gisco. You would think they could answer my emails. I think that guy just made a ton of asp components back in the day and then just took a seriously long vacation. Updated them a few times in between when he felt like it and making good money the whole time.. More power too him I guess. I'd love to be in his shoes when he sells an enterprise license for 3000.00. Maybe he isn't even around anymore and the someone he knows just kept the sales going. Who knows..

Anyway... it does a great job when ya get it working.

Personally this is how I install it and it works every time.
I like to put their dll in the system32 folder.
Register it.
Run their licensing prog to make it a full version if you paid for it yet.
Right click on the dll and give the "everyone" account modify permissions
Right click on the "windows/temp" folder and give it the same permissions

(User Search & Contact Mod) for ASPProtect Version 7.x

This will allow an individual user to search for other users as well as email or call them.

Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.

Directions:
Back up your existing ASPProtect installation.

copy "search.asp" into your "users" folder

2006-03-10_143253_User_Search_Contact_Mod.zip

Direct your users there. They will have to be logged in to view the page.

WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.