Sorry about earlier post in wrong area-

I have followed instructions to set up access levels (adding the

<% CHECKFOR = "4" %>    for user level 4 for instance.) The database is connecting properly and the basic check for login is taking place, but it seems that all users have access to all levels no matter what is on the database; i.e I set up a test page with "checkfor=4" and all users have access to it, even those with lower leve access.

Any ideas?

Thanks

1st off.. you appear to have some strange things going on with that domain. Looks like you have a frameset and are loading another domain in it which is always confuding especially if you are running the site off your home computer or something... I am not sure

That aside..

If I go to

http://www.bones.myftpsite.net/rfamilystuff/default.asp

and click on the "familiy" category

then right click on a broken image.. look at properties

Your linking the image to your localhost

see

http://localhost/rfamilystuff/pictures/Pic_3_1_thumb.jpg

and that is wrong, just like I said above

Nobody running the site off any computer but your development machine is going to see those pictures because the url isnt valid for them

My guess is in the settings you have the "PictureURL" set to

http://localhost/rfamilystuff/pictures

when it should be

http://www.bones.myftpsite.net/rfamilystuff/pictures


Good luck with this.. I am going to the bar.
If you need more help I probably will not be available until Monday.

I've got an ecommerce module that's running on it that uses access for the db.  Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.

So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

Hi

I downloaded the .chm format installation documentation but when I open it I get the index but can't see any of the pages so am a bit stuck.

I did the initial steps of downloading the sql scripts and running it in Query Analyser, tables created fine.

I can login for the first time. I exit from the browser and then I cannot login again. This happens for every user and admin.
I noticed that the values in the fields "Login_limit" and "Active" in the ASPP_Users table in the SQL changed to NULL and 0 when login and remained in those values after close the browser.

So iam just struck not able to log in. Pls advice.

Chris:

I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.

Thanks for the help.

that wont work the way you did it because groups are not stored like like.

groups are stored "*1*"
or "*1*,*9,*"

so if you test for them you must do so using the InStr function of vbscript

example:

If InStr(Session("Groups"),"*1*") Then
    ' do whatever
End If

also.. as for the session variable
it should be    Session("Groups")

And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved

Session("Groups") = CmdCheckUser("Groups")

If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value

Here are three known bugs and their fixes...

If you have any of these symptoms these fixes will most likely take care of them.
If you don't have a symptom do not make any changes as you most likely have an updated copy of the application.

Technically if you bought that app on or after April 27th 2004 these bugs should all have been corrected.

Description Fix

(no descriptions showing in pop up window)

Edit pic_window.asp with a text editor

Change

Set f=fs.OpenTextFile(Server.MapPath("pictures/Album_ID_" & Album_ID & ".txt"), 1)

To

Set f=fs.OpenTextFile(Server.MapPath("../pictures/Album_ID_" & Album_ID & ".txt"), 1)

Slideshow Fix…

(last image in slideshow it not showing)

In slideshow.asp

Change

<% For PicArrayIndex = 0 To Ubound(PicArray) - 1 %>

To

<% For PicArrayIndex = 0 To Ubound(PicArray) %>

Add To Favorites fix

(add to favorites feature doesn’t work at all)

Edit "album_uppermenu_inc.asp" in the scripts folder

Change

<a href="users/favorite_albums.asp?Album_ID=<% =Album_ID %>"><img border="0" src="<% =application("skinpath") %>add_to_favorites.gif"></a>

To

<a href="users/favorite_albums.asp?Album_ID=<% =Album_ID %>&Action=Add_To_Favorites"><img border="0" src="<% =application("skinpath") %>add_to_favorites.gif"></a>

The redirection feature isn't working as I exected.

If I clear a user's redirection_URL, they can navigate to any protected page on my website as expected.

However, if I set the user's redirection_URL to a protected page, they cannot login. More specifically, their browser just keeps displaying the login form while the browser's progress bar just increments ad infinitum.

If I set the user's redirection_URL to a NON-protected page, the user is directed to that non-protected page, but if they then try to navigate to a protected page, they are redirected back to the redirection_URL.

Is this the way the redirection feature is supposed to work?

My application requires that a user is directed to a protected page and from there, they can navigate to any page that they are allowed to go to.

What can I do?

We can't seem to find the purchase emails for this install of ASPProtect.

It would have been in May 2004 for NetOptions LLC or CareerMatrix.com

We noticed it should have been v6 of ASPProtect.

Can you resend the download links?

Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.

Thanks!
Rhona (rookie)

Another good tip is to make a copy of the "password_admin/default.asp" named whatever you like..

"default2.asp" would work...

then maybe add a link to it from the header_inc.asp file

then you can modify that one all you want and your will still have the original around.



That concept works for a lot of things.. for example you could make a copy of the "users" folder and call it "users2"  granted a few paths might need to be changed here and there but really not a lot. (how do you think the paypal signup folders were created, they started as a copy of the "users" folder of course)

You can even make a copy of the "check_users_inc,asp" file if you like. Then make a copy of the "scripts/login_form_inc.asp" file... then make your new "check_user_inc.asp" file reference it.

Then you can password protect pages using different versions of the "check_user_inc.asp" file. Why ? well maybe you want different looking logn forms for different parts of your website or you want to make a lot of changes to the "check_user_inc.asp" file and want to leave the original alone.

The sky is the limit really. When it comes down to it besides the actual guts of the "check_user_inc.asp" file ASPProtect is nothing but html tags and chunks of simple server side code that produce more html dynamically. What your browser ends up with is basic html. (some client side javascript in certain cases, but that is pretty basic stuff too.)

I really do not know to tell you the truth. I'll do some research.

The script only allows .jpg, .jpeg, and .gif extensions.

If someone uploads a file called... "filename.vbs.jpeg" with bad vbscript in it I seriously doubt anything can happen because of it because of the extension.

But I really do not know.

It has never happened to any sites I have or know of.

thanks.. it was not taken as a complaint.
I just wanted to explain

When you said you tried using the web version of sql manager. Did you use the microsoft one I link to here "just curious"

http://support.cjwsoft.com/code/moreinfo127-1.htm

Hi,

I am investigating the possibility of purchasing above script having spent some hours trying to integrate various free banner rotators into my Invision portal.

What attracts me to your script is that it has 6 ways to call banners. I am an inexperienced webmaster with only a smatterring of knowledge about ASP. Will ASP Banner be able to integrate with my portal?

Many thanks

David van der Want

its a text file   you just edit it with notepad..  if ya mess it up ya put an original copy back in

no biggie either way

jump in there..

I just showed ya exactly what to change.. its a no brainer man
This is simple source code. It's meant to be edited and hacked.

The only reason I warn you is so you can't blame me later on if it effects something

I am just trying to help

If ya dont like that solution why not just use periods for the first name field.. or a dash or something... then nobody will really see it

or maybe store the company name in the first_name field

seems like clever things to try without changing the code..

good luck...

I'm using ASPimage and have the maximum width set to 320 in the settings.  Also using SAFileUP ver. 4.0.

Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.

Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.

Suggestions?

OK, thanks.

Nick

thanks for posting this... Since "private" is the default setting from what I read and setting it to "public" cured the issue chances are leaving it at "public" is the way to go.

http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/iissdk/html/33f2780a-eee8-4601-84b7-b489e4c756df.asp

http://www.w3schools.com/asp/prop_cachecontrol.asp

ALSO: since you are one the few people that has ever contributed anything helpful to the forums I am going to reward you with a free copy of the password expiration mod. I am sending you a PM with the download info.

I just installed the software, but I can't find any place where I can see when users logged in, can someone please tell me where I can do this?

Thanks

ok, here is what is going on

you are password protecting an ".asp" page that requires querystring info to run correctly   (example - "somepage.asp?ID=3"")

that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out

this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact

it was a nice feature never intended to handle any situations other than what I just described...

now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info

that more than anything is what is going on..  browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...

To avoid all of this...

One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)

Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.

Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc

So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.

I hope this makes some sense to you.. it is very hard to try and explain

really all depends on the sql connection string you are using and the names of your sql user you are using...

you really havent described very much..

I'd double check all of it.. something is wrong

Have SQL 2000 backend...
We just moved from Windows 2000 to Windows 2003, used import data routine in SQL to move data.

Logged into admin area. When adding new user, no record is created. However, editing record works just fine.

Any ideas would be appreciated.

I have been having some display issues with the .NET version of ASPBanner.  I set the size of the image, and I set the size of the banner and there is still white space above and below the image.  I am not using a text link below the banner, so I have it set to blank.

Here is a link to my page. 

http://www.nababaseball.com

Two of the three banners in the rotation on the main page have non-white backgrounds so it's easy to see the issue I'm talking about.

Is there a way to tighten up the formatting so that the image fits onto the page in the size specified?

JDooley

Ok i am having an issue with my other comp. I have spent ANOTHER 3 hours researching this one.... it WONT START THE IIS SERVICE!!!

I get this error:

The service did not respond to the start or control request in a timely fashion

ANYWAY---

I decided to use one of my client's hosts; which happens to be Network Solutions.

ANYWAY again-

I uploaded the whole thing there and they advised me they cannot do the explicit permissions on that _database folder. This is what they said: I would also would like to point out that ASP.NET applications and permissions do not extend to any other folder, other than the root, (/htdocs/), and the bin, (/htdocs/bin/) folders.  Sub-directories and folder after bin and htdocs will not have ASP.NET permission (read or write).

If you could move or reconfigure your application to save all your code behind, include and dll files onto the root or bin folder, your application could work or possibly run as you would expect.  Please have this done and retest your application. If and when you get a different problem or another error after doing so, please let us know, and we shall be happy to help you troubleshoot any problems that you may have.

There is a 'create database option'  where i can create a database..create a dsnname, user name, password and have to specify the database file name. Once i do this i need to place the database file (aspprotectnet2002.mdb) in the /db folder within the root. I also tried this and made the appropriate change in the web.config but it STILL DOES NOT WORK. I AM PULLING MY HAIROUT WHY WONT ANYTHING WORK.

ALL THE FILES ON ON THE ROOT OF THE WEB HOST. I PULLED THE FILES OUT OF THE _DATABASE FOLDER AND DUMPED THEM ON THE ROOT. I CHANGED THAT ON THE WEB.CONFIG BUT ITS STILL LOOKING FOR SOME .XML FILE IN THAT _DATABASE FOLDER.

I'VE BEEN TRYING EVERYTHING AND IT SEEMS THAT I CANT USE THIS SOFTWARE FOR THE LIFE OF ME