Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile.  It could be due to the fact that the rest of the project is in C#.  Or it could be due to some other factor in ASP Protect.

At one point I was using CDONTS_Installed but since I moved to a new Windows 2003 server I was told by my ISP that either one of these will work

Protecting ASP Pages

To protect a page without using the Access_Level or Groups feature simply add this code to the top of that page.

Put this under the <%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.

The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp

Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in.

An example of doing this is provided in the "default.asp" file included in the root of the Password System.
Look at the source code with a text editor to see the working code. It is quite simple.

 Protecting ASP Pages Using Access Levels

To protect a page using the Access Level feature simply add this code to the top of that page.
You simply specify the Access Level before the include file is called. In this example we are protecting the page with Access Level 4.

Put this under the <%@ LANGUAGE="VBSCRIPT" %>

<% CHECKFOR = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.

The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp

Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in as a Level 4 user.

Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System.
Look at the source code of the ASP pages in that folder with a text editor to see the working code. Again, It is quite simple to follow.

Protecting ASP Pages Using Groups

Please see the code generators in the admin are for the code to do that.

Hi,

I don't see any good reason to rename any of those files.

Changing them though may involve changes to the code recompiling, etc etc... it is not something I support.

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
    Response.Write(Session("Groups"))
%>

lmao ... ya that has never happend to me before....

one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.

perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation

Can I have the logon be in a top frame while having the protected pages displayed in a main frame?

Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.

If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames

personally though I think that would be a somewhat goofy setup to have going on


Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?

As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .

Really, the best thing to do is expirment and see how things behave.

I get this error, Any ideas?

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.

/guestbook/save.asp, line 109

I have an asp page that includes other asp pages via an include.  for example:

snippet code: file name: collaboration.asp

 <table bgcolor="#bed1e4" border="0" cellspacing="0" cellpadding="10" marginwidth="0" marginheight="0" leftmargin="0" topmargin="0"> 
    <tr>
    <td>     
     <!--#include file="../../../filetransfer/directory_listing2.asp" -->
    <BR><BR>
     <!--#include file="../../../filetransfer/upload.asp" -->
    </td></tr>
   </table>

I can add the code below to collaboration.asp and it seems to work,but I cant seem to figure out how to protect the other files such as upload.asp at the same time. -- can you help?  - Note: as soon as I add the code below (and adjust the path) - I cant bring up the page.

This is the protection code I am using.

<!--#INCLUDE FILE="../../../../aspprotect/check_user_inc.asp"-->

Shirely

Humm, I dont see how moving to a new server could have anything to do with that.

What method of displaying the banners are you using. Perhaps try some of the other ones.

Don't use the javascript method with a javascript based ad like google.. that's for sure.

I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.

<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then  
 SearchFlag = True
End If
 
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then 
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>

</head>

<body>

My Protected stuff here

</body>

</html>

For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.

Thanks,

Mo

[/QUOTE]

I just added couple of lines and it works fine

If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then 
 ' Session("PasswordAccess") = "Yes"
 SearchFlag = true
End If

ok.. so we got an NT server with a 486 with 256 meg of ram. 

hehe  sorry

anyway.. I have the system running without doing any importing and WOW is it chugging.. I mean it takes a while even to edit/save a user

good news is the filesystem object works as I wrote to a text file

this may end up being a simple case of lack of horsepower..

we may need to do the importing on a faster system and then take the database over cause everthing I see on your server looks correct

even so aspprotect is running so slow.. I have never seen it chug like this

I even tried connecting to a 2000 version of the database and no difference.

I am not totally sure what is going on but the server resources available are scaring me... however this could be something new in the code that I never got a chance to try on NT server.. I dont think so though

how does your other stuff run ?

static pages that do not access a database seem to serve up quickly.

are you running any other dynamic code ?

ok, I just sent you a private message with download information.

replace you existing

"check_user_inc.asp"

"admin/check_admin_inc.asp"

"admin/email_user.asp"

with the new versions in the download

Do some testing to make sure that HANNAH password works ok for you.

Hopefully this cures the issue...
If it works ok for you for a while I will offer the fixes to everyone and start using this code from now on

BTW:
"admin/email_user.asp" had an unrelated bug in it that only happened if its error handling got triggered... it was posting back to the wrong page when that happened and causing an error

I assume that if I am using this product, search engines such as Google cannot access and index my content. Can somebody confirm that; I want to be 100% sure.

In case it matters, I am using a basic, cheap ISP setup where my site is on a shared server.

Thanks in advance.

Okay Chris, I wold like to get rid of the encryption then if it's not too much trouble.

I have no option of running the production server against an ms access db, since the db needs to be online and accessible from another system.

Let me put it this way.

My home page (default.asp) is an unprotected page.

When a user that has signed in on another (protected pages) and has the remember me checkbox checked closes the browser cookies should be set for the next time they return.

When the user opens their browser and returns  to my home page (default.asp), I'd like to put a message saying:
Welcome back <%Session ("Username")%>

How is this done?

Flash Code Generator

Until I have time to make one I suggest using the one on the banmanpro support site as it is pretty nice.

http://www.banmanpro.com/support/flashgenerator.asp

Adding Support For ServerObjects ASPMail

ASPProtect as you know does not support ServerObjects ASPMail component by default.

Here are directions to make it work.

In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.

So search through the code for any place where email is sent and simply change

Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")

To

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")

It is about 4 places. They are not too hard to find.

That’s the easy way to get all the emailing functions working with ASPMail

Whein I went by the numbers off of your directions, which work well up to that point, the import would time out.

At that point I tried to import directly into access...and then it hung trying to login.

okay so I've put in a clean database and created a new record for me as admin.

and the permissions, how exactly were they set ?
I find a lot of customers think they are setting permissions correctly when they really are not. That's why I wrote that long article on the subject.

As you probably know a data connection is a very low level thing. It is the foundation of any ASP application that communicates with a database. Unfortunatly it sometimes takes a while to get the hang of setting them up without issue.

Everything must be perfect.. the ODBC drivers must be up to date, folder permission are critical, sometimes you must use a new version of the access database.. etc etc etc  The errors and things that happen when all these things are not perfect and not helpful as you have found out.

I would suggest you download and get ASPTest from CJWSoft running before you go any further. It is designed to be as simple as possible and helps get a hang of the database setup process.

Perfect. Thanks buddy :)

yup. that is correct... they can't log in so they can't see any pages you protect

its the nature of forms based authetication

Version 7 uses.. RC4

The upgrade process is described here in detail including a procedure to convert existing clear text passwords to the encrypted versions. (Your passwords will need to be clear text as the system shipped of course for the conversion to do its thing)

http://support.cjwsoft.com/code/info24.htm

It is also covered in the downloadbale docs
http://support.cjwsoft.com/code/moreinfo221-1.htm

Many people have done the upgrade without any issues and Version 7 is getting great feedback.

Should you decide to go with it there is upgrade pricing.
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp

I finally spoke with someone who knew what I was asking for and they set the rights and all is fine.

Thanks for your help. Wish all business' had customer support like here

I was able to get it all figured out.  Thanks a lot for your help, I really appreciate it.  I ended up copying the database with the password to the directory and used the user/password connection code and it works great.  I believe it was related to that but I cannot be sure.  Thanks again!

Kurt,

There really is no default width in general.

The thing to remember is that the default.asp page includes a lot of different pages.. and some of those pages also include pages.

Now all of this gets wrapped by the header and footer include files so in a sense what you do there can effect everything inside to a certain degree.

Now there are some widths set here and there for different tables and what not on certain pages, but its really the kind of situation where you just have to dig around in the code and experiment until you eventualy find what you are looking for and get the desired result.

I'd love to tell you there is easy way to just set a width, but it is not that simple.

Maybe someday it will be. Just not in the current version.

CJW

People who have the option pack have a new feature called groups.

Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customers older protection code.

A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.



Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.

For example..

You make 8 groups and assign users to them accordingly

Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any one of those groups would have access..

Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  2-8 would have access..

Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  3-8 would have access..

Hi there, I am not exactly what you mean when you say "moved some of the include files to user"

are you saying you are moving files around ? I am not sure what you mean there.

but.. the parent path issue is described in detail here

http://support.cjwsoft.com/code/moreinfo5-1.htm


Having is enabled is actually a requirment of the photo gallery application as stated on the web site
http://www.aspphotogallery.com/aspgallery_pro.asp

You can certainly still use the apllication but as that article says you will need to change any file includes to virtual includes so they will work with parent paths disabled

check permissions for the user you are connecting to the SQL database.
http://support.cjwsoft.com/code/moreinfo122-1.htm

That user may not have permission to make new data

Also,  check all field and table settings manually by comparing them to the SQL creation script we provide. You may very well be missing auto increment and primary keys which would make adding new data not work.

It is most likely one of those two things.

My Admin user got corupted, and I need to reset the password and user, what is the defualt password for this database, as I do not think I have changes this (hopefully) as of yet.

Regards,

Paul

My hosting company uses ASPEMAIL - and I am trying to setup the mailing settings on ASPPROTECT - but cant seem to get it to work.   I've tried many different options - here are two that are the closest - but have issues:

1. If I use the settings:

email component: aspemail

Mail remote server: my internal server name

*no smtp authentication

email mail notification - my email address on my internal server

***I get the following results:

       I can get get notified when a new user logs in, email a user from aspprotect user screen if they are in my company and have a valid email -- but I can not send to the outside world - I get an relay prohibited error.

2. If i try to change the setting to use the Hosting Website email server - I get the following results:  I dont get notified when a new user registers, I cant send to internal company people - but I can send to the outside world.

**any suggestions on what to do? I'm trying to work with the people who manage the mail servers - but since I dont know anything about them - its a bit difficult.