I have a user who is trying to login. However, I am getting a error that I can't seem to find.
Username: executive.barcheski
Password: executive@amcpc.com

Encrypted Password: Ū?=¨`Ł…Ü

Error on check_user_inc.asp line 114

If (Request.Cookies("PASSWORDSYSTEMCOOKIE")("KEEPMESIGNEDIN") = "True") And (Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME") <> "") And KeepSignedInOption And Status <> "Checkem" Then
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COOKIE_USERNAME "), CookieEncryptionKey) & "') And (Password = '" & Replace(RC4(RC4(Request.Cookies("PASSWORDSYSTEMCOOKIE")("COO KIE_PASSWORD"), CookieEncryptionKey), PasswordEncryptionKey),"'","''") & "')"
Else
CheckUserSQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (Username = '" & Username & "') AND (Password = '" & Replace(RC4(Password, PasswordEncryptionKey),"'","''") & "')"
End If

CmdCheckUser.Open CheckUserSQL, ConnPasswords

error received: unclosed quote after 'Ū?=¨

Any ideas

Jason Johnson

I was able to get it all figured out.  Thanks a lot for your help, I really appreciate it.  I ended up copying the database with the password to the directory and used the user/password connection code and it works great.  I believe it was related to that but I cannot be sure.  Thanks again!

Yea.. that error is totally because the asp pages are looking for fields in the database that are not there.. and causing a nasty loop.

if using the option pack you must go over the directions very carefully...
Make sure everything works step by step..

After upgrading to option pack code you either need to upgrade the database from the base system or use the newer database provided with the option pack.

Then.. you want to test every function of the groups.. if pages act slow and seem odd... especially the groups page and edit users page..
Then your not using a valid database. Either you didnt upgrade the old one, are not using the new one, or your connecting to an older verison by accident and not realizing it.

That's pretty much it...

no, its part the concurrent login checking system.

currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)

when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over

sorry

as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional.

not really, aside from looking in paypal and manually adding each one for each user...

how many users are we talking about anyway ?

and were any of the users new sign ups from scratch because if they were and that field didnt get populated that is weird?

ultimately aspprotect does not use that field. I was just storing it for the sake of storing it... so its not a big deal but I would still like to figure out what is going on

removing the expiration dates from paypal subscripbers will be enough to fix the issue your having about them getting the expiration notifications

Hello:

When using the Mass Mail feature and selecting the Users to ‘Active’ and the Access Level I want to send to the system will still send e-mails to the ‘Inactive’ users from the same Access Level.

In other words it sends to everyone in the Access Level regardless if you choose “Active” only.

Any ideas to correct?

Thanks,

-Ricardo

Than you 

I'm happy after changing to XML parser for two of the ads. Later I'll change the other codes to XML, never to use iframe again!

That did the trick. Once again a quick very helpfull reply.

Thanks.

If a picture does not show after uploading it is one of the following things.

The upload method chosen is not supported on the server
or
The physical path specified to the pictures folder is not correct.
or
The URL to the Pictures folder is not correct.
or
Permissions to the pictures folder have not been set properly


Here is more information on how permissions are set.

http://support.cjwsoft.com/code/moreinfo136-1.htm
http://support.cjwsoft.com/code/moreinfo56-1.htm

Without more information and the settings you have entered and chosen that is all I can offer for now.

no, you cannot unless you plan to write a lot of custom code.

That is why the option pack has groups which eliminate the need to use access levels because groups can do everything access levels can and more.

There is an article here regarding that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=32& PN=1

Tell tell me some info about your install?

How am I supposed to know what is going on when you are not showing me what you have in your web config file and also the directory structure of the install or what you are putting in a page you are trying to protect ? It almost sounds like you are not editing the paths correctly in the various places.  I mean yes you told me something about the "map" folder but what I saying is tell me more detail.

BTW: this is a very important setting in the web.config file and must be edited accordingly so the path is right.

<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

Basically your showing me random errors and posts left and right and I honestly have no idea what your doing ?

Ulitmately though I am trying to help you in this situation like the web site says.

We offer tech support for installation of the base application purchased in it's native form. In some cases in order to receive proper tech support your application will be need to be installed on a live server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine.

Meaning I am not going to keep this up if you keep asking question after question after question regardign your local XP Pro installation. There is only so much I can assume or guess when you are running this on a local development server. I know you got all sorts of problems getting a decent live server to run this on but that just isn't my problem. Get this up and running on a professionaly and correctly setup live server and when these random configuration errors pop up atl least I can go run the pages and look at them. Right now I am just confused by nearly everything you have posted today. Half of looks like basic ASP.NET path issues that you need to sort of on your own based on where you installed the application on the machine and what you have in the web.config file.. etc etc etc

It is sounding more and more like ASP.NET is way over your head. If you want a copy of the classic ASP version of ASPProtect you are welcome to it. I think you will be a lotter better off sticking to classic ASP unless you really start reading up on ASP.NET and learning more about how forms based authentication and the web.config file work.

ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..

This comes with the system as an example folder with some files in it.

Basically we protect the image in 2 ways.

All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.

For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.

Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41

How to set a new users expiration date.

You'll need to edit the "users/add_new_account.asp" with a text editor.

Find this section..

<%
CmdAddUser.Fields("ValidateEmailCode") = ValidateEmailCode
CmdAddUser.Fields("Access_Level") = "4"
' PUT YOUR CODE HERE
CmdAdduser.Update
ID = CmdAdduser("ID")
CmdAdduser.Close
Set CmdAdduser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
%>

You'll want to add code like this right between the Acccess_Level  and Updates section

CmdAddUser.Fields("Expiration_Date") = Date + 60

That will give take todays date and add 60 days to it.
You can of course do whatever you want here.

Actually, any database value for the user can be set during registration.

You can also change the default Access_Level to whatever you like.

Hello Chris:

Let me run some more test if it's working on your end it should be on mine?  I have made some custom updates to the code but no in that area.

Thanks,
-Ricardo

It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.

Regardless,

If an account isn't listed you have to add it.

Click (add-advanced-find now) and it will list off all the user accounts on the machine

You can also click (add-advanced) and simply type in the account name or part of it.

Some more tips:

If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.

You can also go to computer management in your server's administrative tools and view all of the accounts  and groups there under "Local Users and Groups".

Here is what I have in settings.

ServerSoftware	Microsoft-IIS/6.0
ServerName	www.107threnegades.com
ServerProtocol	HTTP/1.1
PathInfo	/gallery/gallery_admin
PathTranslated	d:\hosting\arisky1\gallery\gallery_admin
FILE SYSTEM OBJECT	Installed
ADODB (ActiveX Data Object)	Version: 1.2 Installed
CDONTS	Version: 2.80 Installed
SMTPMail	Not Installed
JMail	Not Installed
AspEmail	Not Installed
AspMail	Not Installed
SAFILEUP	Not Installed
Dundas Upload	Not Installed
ASPImage	Not Installed
AspJpeg	Version: 1.4.0.1 Installed
ImgWriter	Not Installed
Script Engine
Type	VBScript
Version	5.6
Build	8515

I do not even see ASPUpload listed but when I run the test_asp_components.asp from the extras/more_component_info folder, it shows that it is installed.

67	Upload	Installed	COM Details	Persits - ASPUpload
68	Image	Installed	COM Details	Persits - AspJpeg

Thanks for the quick reply!

I was thinking it was an ASP config/install issue.

I usually deal with Linux/PHP, so this is all new to me :)

Editing using Visual Studio.NET

Here are directions for editing the application using Visual Studio.NET
2002 or 2003 version.. either should work

Some of you are wondering why I didnt just give you the project files.
It is best you go through this process and really understand what is going on.
Also, I dont use VS 2002 so I wouldnt be able to give you project files that would work with that. Not to mention there is 100% chance my prject files wouldn't work for you anyway because of path differences and other things.


Anyway.. on with the instructions...

1st.. make sure IIS, ASP.NET, .NET Framework, and Visual Studio.NET are all installed correctly and up to date.

Open Visual Studio.NET

File -  New Project

Select a New Visual Basic ASP.NET web application.

give the new web to be created a name.. I called mine "aspprotectdotnet"

Hit Ok..

Now. once the project opens up we need to delete a few things in the solution explorer window.

So delete "webform1.aspx" , "deletestyles.css", "Global.asax", "AssemblyInfo.vb", and "web.config"

Basically all the files under the project...

Now... you should have the aspprotect.net files unzipped somewhere on you hard drive...

open that folder and select all the files and folders like so




Now drag those selected files and folders to the solution explorer window of Visual Studio.NET right on to the name of the web. In my case "aspprotectdotnet"

It might say this folder already contains a folder names Bins.. just tell it to copy over and continue on any prompts like that.

You'll notice your project is now populated.

Open up the references tab in the solution explorer window as we need to add some references to the dlls in the bin folder of this project. This is needed so the compile process and function correctly.

Right click on references.. click add reference
Then browse....browse on your hard drive to the location of the new web and the bin folder within it. 

In my case... "C:\Inetpub\wwwroot\aspprotectnet\bin"

Choose "aspprotectlicense.dll"

Hit open...

Now do the same thing again until you have added all the dlls in that bin folder to the references.. 

Now.. click add-references again and this time choose
"system.management" from the choices in the .NET tab

Once all of that is done your references should look like this




Now in the Visual Studio.NET menu system up top..

Choose Build - Build Solution

If you did everything right you will see something like this in the build window

------ Build started: Project: aspprotectdotnet, Configuration: Debug .NET ------

Ok, if the link to the import/export screen does not show up its probably because you never put the import/export path in the admin settings?

go check that for me.

cause running that page without a path for the files could cause a timeout.. thats why the link doesn't show if the path is not entered (so people won't run it)

it looks sorta like this (there will be a field to fill in which wont show here)

Settings below specify the physical directory path of the export directory. This is used by the system when using the import/export feature. The export directory needs modify permissions for the anonymous webserver account.
ExportDirectory

(Password Expiration Mod) for ASPProtect Version 7.x

This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)


 
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.

Purchase Page

Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.

This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.

There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.


Directions:
Back up your existing ASPProtect installation.

Add two new fields to the "ASPP_Users" table in your database.

For an MSAccess Database

Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)

For a MSSQL Database

Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)

once that is done

Copy all the new ".asp" pages into your site.


Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file

It needs to be the full URL to to the "change_password/default.asp" file


Now edit the "change_password/processchange.asp" file

There are 3 variables you can edit.

PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8

The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.

The other two values should be obvious.

That's it...

Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file

Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. 

Tony,

ASPBanner.NET was discontinued about 14 months ago. It is no longer supported in any way because quite frankly the classic ASP version is faster, more stable, has more features, and is a lot easier to install and get running.

If you PM me via the forum you are welcome to a copy of the current ASP Unlimited Version. It can serve banners to any type of page extension. All you have to do is ask for a copy.

Whether or not your existing ASPBanner.NET database is exactly the same structure I do not know, but I believe it is. You should compare the two if you plan to keep using the old database and make any neccessary changes so the old database has the exact same structure as the new version. If there are any differences they are very few.

Chris, if there is no way to change this, I understand. I just though maybe it might be possible and I can't find out if i don't ask.

Thanks Chris.

Let me know.

-john

Regarding hosting companies..

Now.. obviously if you are hosting on someone elses server you may not be able to set permissions like this.

Ultimately, if you are hosting somewhere and ASP and Database connectivity is part of your hosting plan. It is the hosting company's responsibility to set these permissions for you when asked or to give you a special interface to do so on your own. If they are not helping you do this then maybe it is time to get a hosting company that is serious about your ASP Hosting Needs.

Also... JUST TO BE PERFECTLY CLEAR

The permissions we are talking about cannot be set via FTP or Frontpage access to your web site. They must be set like shown above or via a special interface meant to set the permissions correctly. For all you people out there messing with the permissions you see in FTP and Frontpage.. you are wasting your time and possibly creating problems in your web.

All ASP scripts that communicate with an Access Database, Upload Pictures, Modify Text files.... are going to need these permissions set in some way or another. We have no control over that fact.

Christopher
We are actually having a lot of problems with this software.

Apart from the above problem of the email not being in the database as details above we also do not get any reply emails from any forms, the mass email button does not appear and the forgotten password does not send emails either.

We have CDONTS Version: 2.80 Installed as the email system, this is operational on the server. I have tested this with server_info.asp to check.

I can email you direct any other information you may need.

Regards

Well Chris:

I logged off too soon after your last response. Your last idea was the answer. I am running McAfee as my virus-scanner on the mail server I am running. There was a script inhibitor enabled as a worm detection function. When I disabled it, your software responded correctly. I guess I can do without that, although with everything thrown at the net these days, it makes me a little nervous.

Thanks

I'll give it a shot within the next day or so. I'm busy with a few other things right now.  You're right about just saving a copy before I start. It can't really hurt anything.

Thanks Chris. I'll let you know how it turns out.

-john

Just to let you know that i figured out my problem. I had to modify the connection in the email code and get the correct path from my provider.

I hope you enjoyed your vacation.

Thank you
Adam