To be honest I just can't remember what happens. It has been a long time since I did a real live test of that. I know it seemed like a pretty smooth process to me. Right now I can not test it out as I am on a road trip with my motorcycle and I am sending this email from my PDA.

I would ask Dave at this website.
http://www.davephoenix.com/

Or via this username in the forums
PhoenixUK

He can tell you what happens as he has been using the IPN stuff for about a month now.

Perhaps another user could chime in here as well and let us know. I know there are a lot of people using the IPN stuff.

yes, admins have access to absolutely anything...

as for the other question what you should do is only show links to people logged in that they have access to.. then they wont get logged out when they go to a page they do not have access to

for example if someone doesn't have access to a level 4 page dont give them a link to go there... you can do that by checking the session variables and creating your hyperlink html code accordingly .. using simple if-else logic... you could even make a hyperlink non-clickable and add some text to it like (no access)

it's all about taking the time to intelligently designing the different areas of your web site. It takes a bit of time and work to really make a system flow the way you want it to.

other than that it becomes extremely complicated to not grant them access when they go to a page they dont have access to but also keep them logged in. It is just not designed to flow that way. If someone goes to a page they do have access to they get logged out. It sort of has to be that way because of the ways things flow.

more info on accessing user info after login so you can do that
http://support.cjwsoft.com/code/moreinfo198-1.htm

another good thing to check out is the provided examples for mutliple access levels. You can see that if you log into the default page for that that it only shows you links to pages you have access to. Done with simple if-else logic around the html links. It is using groups but you can do the same sort of concept using groups.

like I said... you would have to modify the code
(and really I dont think it is possible, how could it be when images uploaded are of all shapes and sizes)

How are pictures of various shapes and size going to resized to a fixed width and height without distortion on either a horizontal or vertical level ? Uness the image uploaded matches the fixed thumbnail ratio you have set there is going to be distortion.

There is no component that is going to make it any easier. You are already using an image resizing component.

I give you two options the way the code ships.

fixed width and height for thumbnails

or

fixed width / dynamic height for thumbnails

The only other possible option would be

fixed height / dynamic width for thumbnails

and that you would have to code on your own because that option is not there

The last thing I will say is this. Sorry, but I do not support custimizations to the code. It's just not easy to explain. Its a lot of code work. Its a lot of time.

Hi all,

I have the photo gallery set up at www.kashabowieoutposts.com/gallery

It's great - love to work with it.

But I've never been able to get those with just User permissions to be able to upload... Only an administrator is successful in uploading.  This was no problem in the past, but now this client would like to give their guests a means to share their pictures on their site - so now I have to figure out the bug...

... this is the error I keep getting...

Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.

Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard.

------- anyone else experienced this?

Many thanks all!!

Doug

Thanks very much for the quick reply.

That sets my mind at ease

I was just worried if users would see warnings in their firewall software too.

I realize that the admin would have to have to go through some errors...

And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.

Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...

Thanks 

Hi Chris,

I tried changing using Notepad in the config_inc.asp

from:

If  Application("SERVER_SOFTWARE") = "" Then
 Application("SERVER_SOFTWARE") = Request.ServerVariables("SERVER_SOFTWARE")
End If

To

Application("SERVER_SOFTWARE") = "iis/6"

and the albums still do not show up under the categories

Rhona (rookie)

I am trying to find out where I can enter the ttle for the application.

There is a variableor field called App_Name into which it would be good to insert a generic name. Can this be edited?

I have searched high and low but cannot find anything to do with it.

humm.. can I possibly see this happening ?
any changes to that part of the code ?

[QUOTE=cwilliams]actually, passwords can be up to 75 characters long in ASPProtect.
the only requirement when entered from a non admin user is that they are at least 4 characters long.

what does MSAccess have to do with this ? Are you trying to convert and old system or something? I noticed you created and "old password" field in there ? Is there something I do not know about as far as what you are trying to do?

Passwords in version 7 are encrypted so I hope you understand all of that and realize you can not enter or change passwords right from SQL server. Also if you import info you must handle that accordingly and convert the passwords to encrypted format. [/QUOTE]

First off, I haven't imported anything from MS Access.. The only reason I mentioned it is cuz I thought initially it worked with Access and not SQL server.

I am not converting nor entering any data manually into the db, nor have I changed anything in the way the registration is made (don't know where the "Old password" has come from? thought it was a function you made?)

[QUOTE=cwilliams]
Is that a real term or just something you named it cause they have like a zillion people using that SQL server?[/QUOTE]

yeah thats it, you buy into a part of the sql server so it's an sql server hotel...

Need to clarify something..

Your talking about the page where a new user registers right ?
Your not talking about adding a new user from the admin area ?

Either way under no circumstances do I see anything like you are saying happening nor has any other ASPProtect user ever mentioned this probem.

I am going to need to see your site and see this happening. It just makes no sense the way you are describing it.

Also. did you edit the registration page code in any way. If so please revert back to an original copy to ensure this is not some sort of problem introduced by editing the code.

<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>

<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

Anyway,

How busy your site is actually won't be the only factor. Really the application should not restart unless something happens. If the IIS application is reseting alot it could very well be the ISP restarting the server or doing IISRESETS as well or other sites on the server causing the application pools to restart.. etc etc etc  Quality ASP hosting is important. Regardless your hosting company most likely will not admit to anything be out of the ordinary.

As far as that directory deleting itself on you.. I doubt they will have an answer for that one. All I can tell for sure is I didn't put any code to delete it in there.

If you code support for it yes, the application comes with no paypal code or support built in.

If you think it will help you, you are welcome to a copy of the classic asp version which supports paypal subscriptions. Perhaps looking at the code would help you.

ahhh ok.. I was going to wait till morning to answer this one..

glad ya figured it out

The stat not show when  impression over  xxxxxx

I use  aspbanner v8.1   MS SQL version

Total Impressions	83523
Total Clicks	7
Total Clickthru	.0%

Microsoft VBScript runtime error '800a0006'

Overflow: 'CInt'

/aspbanner/stats_window_admin.asp, line 257

Please forgive any ignorance on my part.

Using the live demo, it seems that with the banner software my advertisers would only have access to reports, but no ability to upload banners, specify keyword triggers or zones, what have you. Is this correct?

The other thing I couldn't quite figure out, assuming I had a categorized directory on my site, is this system configurable to display different banners based on category? Perhaps through keyword triggers?

Thank you in advance for any assistance.

well, you should probably be backing up the SQL database on a regular basis. That is between you and hosting company. If they let you connect via SQL Enterprise Manager you can do backups on your own.

As far as the aspprotect files and folders go back them up somewhere, and then only worry about backing them up again if you change some of the files.

That's really all there is to it. None of the ASPProtect files change on their own except the generated log files that you may or may not care about backing up.

I mean the important thing is the Database, and then of course any your own .asp pages that you protected as well as any custimizations you made to the users area or your site...

In a way your questions are confusing to me, but here is some information regardless.



Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.


If you are concerned about customers downloading the access database..

best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that

the more of these things you can do the better..

And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.

Chris, I'm having problems getting this to work. When I plug in the redirect URL and then try to load the web page, the Flash ad never loads successfully - just its black background in the 468 x 60 space. Here's an example of what I'm seeing:

http://www.innovationtools.com/Articles/ArticleHeadlines.asp

Just keep refreshing the page until the black rectangle appears. And here is the code I've loaded for this flash ad:

<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
 codebase=" http://active.macromedia.com/flash2/cabs/swflash.cab#version =4,0,0,0" ID=banner WIDTH="468" HEIGHT="60">
 <PARAM NAME=movie VALUE=" http://www.innovationtools.com/aspbanner/aspbanner/banner_re direct.asp?Banner_ID=25">
 <PARAM NAME=quality VALUE=high>
 <PARAM NAME=bgcolor VALUE=#000000>
 <embed src=" http://www.innovationtools.com/aspbanner/aspbanner/images/ba nners/mindmatters_innovation3.swf "
quality="high" bgcolor="#3CBDCD" WIDTH="468" HEIGHT="60" TYPE="application/x-shockwave-flash" PLUGINSPAGE=" http://www.macromedia.com/shockwave/download/index.cgi?P1_Pr od_Version=ShockwaveFlash">
</OBJECT>

What am I doing wrong? By the way, I'm using the standard version of ASPBanner. Not sure of the version, but it dates from about 2002.

Looks great. I can't wait until this will be released. Will there also be an easy way to migrate my current version ?

Hans

Using "Email Authentication" as a registration option you cannot do that. There is no possible way I know of to have a delay on the authentication email like that. Also that method is not intended to involve any sort of manual registration like what you are doing.

Because you want to review people manually you need to change to registration process to "manual" and then send the email out manually from the users screen after making a user active.

I get this error, Any ideas?

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.

/guestbook/save.asp, line 109

I'm getting errors when clicking the Update Config Button in the System Info page and when clicking the log files button.

I'm not sure if it's a permission thing or not.  ASPNET and IUSR both have modify access to the _database folder and childs, yet I'm still getting the error:

Access to the path "D:\Inetpub\wwwroot\aspprotectnet\_database\xsd\aspprotectne t_config.xml" is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path "D:\Inetpub\wwwroot\_database\xsd\aspprotectnet_config.xml" is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Any ideas?

Thanks

What am i supposed to do now... i do have another member server that is not a domain controller-

However, i have like 5 websites running on this domain controller already. I have thought about this before how its a HUGE security risk but it will take too long to configure everything on the other computer :(

well, assuming that function works and is vbscript not vb
(if it is vb code it may need some conversion work)

anyway

in "users/add_new_account.asp"

you would put the code for that function anywhere in the page.. it does not matter where as long as it is in code tags <% %>

then.. right under this part of the same page

If Zipcode_Postal_Code_Required = True Then
 If  Zipcode_Postal_Code = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Zipcode_Postal_Code.\n\n")
 End IF
End If

add this

If Check_Postcode(Zipcode_Postal_Code) <> True Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a Valid Zipcode_Postal_Code.\n\n")
End If

No guarantees but that is the gist of it

... in addition it is a virtual include not a file.  I just tried to use file instead of virtual and then the ../ includes worked on the asp pages.

This is strange because they used to work like that on the 2000 server I had these sites running on.

Look in the "check_user_inc.asp" file..

You'll see the name of the cookie there and also get an idea how to access it.

In most versions it looks like this.

Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME")

You'll want the cookie for the username because the session variable will not exist unless they have actually gone to a protected page during that session at the site.

It would probably be best the check for both the session and the cookie. That will make sure people logged in that arent using the cookie option still see the message you want to display.

Sorta like this..

GetUsername = ""
If Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME") <> "" Then
GetUsername = Request.Cookies("PASWORDSYSTEMCOOKIE")("COOKIE_USERNAME")
Else If Session("Username") <> "" Then
GetUsername = Session("Username")
End If

Response.Write GetUsername

Post a request in the "custom code work" forum.
Perhaps another customer will want to do the work or help you out with some code.

I am just too busy to do any custom work for quite a while.

rrabago

I have been looking over the code and also doing some tests.

So far everything in the code looks correct and everything I have tried has worked correctly. If I select an access level and active users it is not sending emails to inactive users as you stated.

Are you using the option pack ?