Is it actually possible, with your product, to password-protect the folder that has the actual database without having to require customers browsing the listings to enter a password, or will password-protecting the database folder prevent customers from browsing the classifeds listings?

Need to clarify something..

Your talking about the page where a new user registers right ?
Your not talking about adding a new user from the admin area ?

Either way under no circumstances do I see anything like you are saying happening nor has any other ASPProtect user ever mentioned this probem.

I am going to need to see your site and see this happening. It just makes no sense the way you are describing it.

Also. did you edit the registration page code in any way. If so please revert back to an original copy to ensure this is not some sort of problem introduced by editing the code.

ASPProtect and PayPal are fully automated and ready to go.
Accounts will automatically get activated after payment.

We actually do not tell you to put nothing in the PayPal system for the IPN URL. Something has to be there or PayPal will not let you enable IPN. We actually tell you in you PayPal settings to turn on IPN and make up an IPN url because something has to go there. (I think we suggested making a blank asp page on you're site to send it to) It really doesn't matter where you send that but it might as well be a valid page on your site to avoid any 404 errors in your logs when a non ASPProtect payment comes in.

You see, we dont set that IPN url set in the PayPal system because each ASPProtect signup script directory (single payment and subcription) uses it own IPN url and that all gets set on the fly by the aspprotect system. There is a way to overide the defaul IPN url is what I am saying.

Also:
A  lot of people already have something there and we didn't want the ASPProtect system to interfere with things they already had going on.

need more info..

are you using aspimage to resize images and make true thumbnails..
(because if you have it turned on and it isnt actually installed on the server you will get broken thumbnails.)

what kind of images are you using ? gif or jpegs

are you uploading images over existing images ?

really need to know exactly what to do to reproduce the situation from scratch and then I can give you a better answer ??

Chris.

After I had you install ASPProtect I added the ASP protecting code to the top of my home page:

<%@ LANGUAGE="VBSCRIPT" %>

<% CHECKFOR = "1" %>
<!--#INCLUDE FILE="../../check_user_inc.asp"-->

Then I made my index.html page my login page buy using the script "Login form on a non protected page" on that I changed <form method="POST" action="memberarea.asp"> to <form method="POST" action="home.html">. 

When I try to log on to that page I get en error page HTTP Error 405 - The HTTP verb used to access this page is not allowed. Internet Information Services (IIS). I checked with my hosting company GoDaddy.com and they informed me that due to the fact that they do not have ASPProtect instaled on there systems they can not support it.  In recent conversations you told me that you have customers that do use godaddy and you products. 

Can you please tell me what I can do to get this working?

Thank you for your time and help.

There is nothing built in to the system but it is very doable.
However, you need to be a decent asp coder because your going to have to write some code.

Basically you would want to do a check on the screen where a user uploads to count how many pictures they have uploaded.

Then act accordinly and either let them or dont let them proceed.

On a side note the overall filesize limit of the total of all pictures a user can upload can be set when you edit a user.

User Registration

The "users" folder allows users to sign themselves up and edit there accounts as well as retrieve lost passwords..

In the settings tab of the ASPProtect admin area there are options for which fields are used and which are mandatory when a user signs up. The only validation the system performs by default is checking for mandatory status. If you want to add more validation so reduce the chances of input errors that is up to you.

You can add additional server side validation by doing server side checks on the save pages... you can also make the field sizes larger in the database if you think you need to. You'll need to be good with ASP to do this.

Always backup your files before making changes to them so that you can revert back to a working copy if you mess something up.

Hi, I am glad you like the system.
Thx for the comments..

The banner logic in aspbanner it tweaked for speed and performance.. that sort of thing really wouldn't fit into the current code structure very well. It would slow things down and be a nightmare to code because of the way aspbanner uses ultra fast application variables for the banner rotation. Basically its a feature I didnt incorporate for performance and pricing reasons.

I would suggest making different zones for different conditions.. then surrounding the banner calling code with if else logic so a different baner zone was called under certain conditions.

That way performance would not be effected and you could actually show a different group of banners based on certain conditions.

Sorry, but that is the best advice I can offer at this time.

I built ASPBanner for performance and at this time I refuse to sacrifice that for any feature that will slow it down and consume more resources.

I am having problems accessing the admin site at the following URL:

http://www.drsweisberg.com/password_admin/default.asp

It brings up the login page, but when I enter the admin/test, it times out.  The DB is the copy with no password and it resides in a directory on the same server hosting the site but it is not in a folder viewable by web users.  This is how the dataconn_inc.asp is set:

<%
'*** Below are the only two settings you need to edit in this file
 
ConnectionString = "DSN=drweisberg;Driver={Microsoft Access Driver (*.mdb)}"
DatabaseType = "MSACCESS"
%>

The ODBC is setup and the IUSR has read/write/modify permissions.

Any help would be greatly appreciated.

Sounds great, Sold!

Thanks Christopher!

Thanks for that.

I have tried InStr("*2*",>"0") in the query design window but it does not return any members.  

I have orded a Access Bible to help me in furture

Hi,

No, only ".asp" files can be protected.  It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.

To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.

Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.

Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.

In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc

If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.

For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.

Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://

trust me, they (serverobjects) do not check processors.. as a matter of fact they haven't answered support emails for about 3 years. All they do is sell those components like hotcakes and take in mad crazy cash. But I will say the stuff does work well and always has. (that guy probably took all the money he made/makes from those components and took off to Jamaica or something sitting on the beach drinking margaritas)

regardless,
ASP just cant resize pictures on it's own.
It' just not possible. You need a 3rd Party component.

There isn't much to say about the ASP.NET thing.

If your server has ASP.NET installed (meaning you can run aspx pages on your server and the ASP.NET framework is installed) and running you just pick that option in the config file and ASP Photo Gallery will use ASP.NET to make dynamic thumbnails for you.

To run ASP.NET it must be a 2000 or 2003 server.

This is a great article from my old powerasp.com site.
Connections And Server Database Permissions

I think this addresses your question

http://support.cjwsoft.com/code/moreinfo144-1.htm

- I am using the original files that came with the software.
- The software ads items to the database flawlessly.
- ASPImage works great.

- When I try to remove an ad or an image it says it's been removed.
- The ad does not show up on the site anymore.
- BUT, when looking at the sql database the ad is still listed there.

Why is the software not deleting the columns from the database and the images from folder?

Note: My other tables for other projects, in the database, allow me to delete them.

yes, usernames and passwords are both case sensitive. It increases security.

I did everything mentioned here but it do not work ;(

hello,

There is no built in option. You would have to add code to do that.
Its not difficult but custimization like that is not something I support.

how di I change the currency dollar sign to gdp pound sign ?

I need all my tranactions in gdp puund sterling to use on paypal

regards

simon

[QUOTE=cwilliams]
something weird is going on
[/QUOTE]

Yeah that's my impression too. I've done a lot of searching before posting this problem, but haven't solved it. Maybe it has to do with the sql-server/hotel?

Though I have compared carefully what goes on (and it should all be good) it could still be the problem? I have now made it work on a local msde sql server too..

ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..

This comes with the system as an example folder with some files in it.

Basically we protect the image in 2 ways.

All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.

For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.

Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41

Christopher

I have gone back to your original files and uploaded them to another server folder and instead of using a DSN I have tried this with a DSN less connection and changed the database to MS Access 2002.

This has corrected the problem.
I will check this out again using the DSN with access 2002 to see if this was the problem. It may be something to do with an older format of database on this particular server.

I will let you know what I find.

Thanks for your  quick reply.

Advertising ?? oh really.

It was named that because that way if you already have a login.aspx file for whatever reason it does not interfere which is a good thing. It has nothing to do with advertising.

Next off you never mentioned having an issue with it saying aspprotect in it. I am EXTREMELY clear about what I support and do not regarding ASPProtect.NET. If you are upset because I didn't tell you exactly what to edit and change in visual studio.net and hold your hand you are out of line. My god, I sent you to like the best and most detailed tutorial on how to setup and use the application with VS.NET that could ever exist. That took forever to put together. I even responded to your post on Christmas on a Sunday. I doubt too many companies would have responded on Christmas.

More importantly than that when you purchase code from CJWSoft you are purchasing digital source code and there are no refunds. Every single page in the CJWSoft family states that very cleary in the footer. I do not appretiate it when someone threatens a chargeback and as far as I am concerned anyone that does that is commiting a crime of theft. I also do not appretiate smart comments saying it's "obvious" etc etc

If you wanted to strike a nerve with me you did. If you want to commit a crime and be a thief that is your business as well. Obviously I can not stop that and the credit card company will take your side. I work very hard on the source code I sell and my policies on everything are VERY clear.

Advertising ??
Calling the credit card company ??
Obvious ??

nice, real nice

Please Note : ASPProtect v7.x has a new feature called groups that is much more powerful than access levels. Access Levels were left in the product primarily for existing customers that upgrade to the new version so they do not need to make a lot of changes to their site if they were using Access Levels.


More On Access Levels

Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.

Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default.

In the "check_user_inc.asp" that comes in the root of this system Access Levels work as follows.

Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN

Here is some additional info..

If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.

Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do

Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.

Do something like this..

Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.

So you could do something like this...


<%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>

The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp

That would in effect create totally custom access levels.. but you would
have to do it manually for each user.

You can also do things like this after a person logs in

Show custom html to any specific user based on either their username or
access level ... like so

say there was a menu and a certain link should only show up to username
"paully67"

you could do something like this


<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>


<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>

</BODY>
</HTML>

Or you can show custom HTML or links based on Access Levels or any other info.

You can do just about anything with if-then statements and
using the built in vbscript functions..

Hopefully this info will help to give you some ideas...

Bottom line is you have to do some work within your site to make the Access Level system really come alive.

MSACCESS 2000

server: windows

option pack: yes (after the install I have this problems with groups and edit users )

host permissions: yes

MESSAGGE:
Active Server Pages error 'ASP0113' Script time out/password_admin/groups.asp The maximum amount of the time for a script to execute was exceeded. ...

Version 7 uses.. RC4

The upgrade process is described here in detail including a procedure to convert existing clear text passwords to the encrypted versions. (Your passwords will need to be clear text as the system shipped of course for the conversion to do its thing)

http://support.cjwsoft.com/code/info24.htm

It is also covered in the downloadbale docs
http://support.cjwsoft.com/code/moreinfo221-1.htm

Many people have done the upgrade without any issues and Version 7 is getting great feedback.

Should you decide to go with it there is upgrade pricing.
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp

I had not rebooted after installing the Jet driver updates, so I tried that and the asptest page worked fine, and said that all the tests were successful and that the data connection was setup correctly. I then installed aspprotect again, but with the same results. I cannot log-in from the get_me_in.asp page. It still says that it is opening the page, but does not respons for an indefinite period. The asptest page is in the same directory.

I have looked for alternate databases for this product on your site, but I cannot seem to find them.

enjoy the bar.. drink one for me.. cause that was the problem..

I made the changes like you suggested, but now the page just times out before even loading. 

<%
ConnectionString = "DBQ=D:\clients\rklarman\DrWeisbergUsers.mdb;Driver={Microso ft Access Driver (*.mdb)}"
DatabaseType = "MSACCESS"
%>

When I enter www.vickerylightning.com/aspgallery/dataconn_inc.asp on the screen it says "Not a valid bookmark"

as far as that goes I have no idea.. I have never seen that message before but you are not suppose to run that page by itself regardless.. it is an include file not meant to run on its own

I used Dreamweaver4 to make my site is there anything I can do to make it work?