Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.

In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.

' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30

Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.

Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/aspprotect/password_admin/upload_post.asp, line 6

If Session("Admin") <> "True"



If I upload the text file by FTP and then try to import it it only tends to import the first two existing rows.

All collumns match but not sure if I need to add "User_ID". I have added it and created consequecutive numbers.

Any assistance would be appreciated.

Thanks

Christopher

Many Thanks

Seems like its working just got to test it bit to see, though it wasnt going to work as I had one too many End If's after the last part of the code you done for me. But even I eventually sussed it, nothing to do with your bit just another mistake on my part

Great to get support like this especially on a Saturday

regards

John

no, you cannot unless you plan to write a lot of custom code.

That is why the option pack has groups which eliminate the need to use access levels because groups can do everything access levels can and more.

There is an article here regarding that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=32& PN=1

that would probably work...

any ".aspx" page can grab that data after someone logs in..

Session("Username")
Session("User_ID")

etc etc

anything you see set in the "aspprotectlogin.aspx.vb" file will be there

any data not set there would have to be added and then the project recomplied so that data gets saved...

No problem. I get it now.

I added a Session Variable for "Counter". Then wrote an If statement around that. When the user logs on for the first time they see a window pop, after that the normal start page.

Thanks

Can you incorporate a secure log in within the scripting.  I would like the account information to be secure without having to have the whole site using running through a secure (https://) path.  If this is possible, the scripting is perfect!

I am a little confused here.  I am in the process of understand how this all works, mainly the email portions as I am running this through a home server (Windows XP).  I have tried test emails, but they are not going threw.  I ran the server_info.asp and it is telling me that I do have CDONTS installed, version 2.8.  Then I tried running, the test_mailer_component.asp.  This page is telling me it is not installed.  This process lead me to start looking at my components for my IIS.  Everything appears to be there. 

Any ideas, where I should go next.  It appears the CDONTS code is in every page that it needs to be in, and it appears that I have it installed, but there is a disconnect between the two..

Turn off "Show Friendly HTTP error messages"
If you are getting errors with your ASP application go to Internet Explorer and make sure this setting is unchecked. Having this checked can cause a generic error to be displayed in you web browser when ASP code encounters an error. This generic error message doesn't really help you fix the problem. Having this setting unchecked will usually result in a more detailed error message and the line number the error is occurring at, thus giving you a good clue as to where the problem is within the ASP code. If detailed ASP error messages have been disabled at the server level this setting will make no difference.

Just wanted to say how much I like the program! I hunted for days and finally purchased a Perl based product. After several days of goofing with it I gave up. ASPPhoto worked right on first install!!!!

Way to go!

how you connecting... lets see the connection string...

could be permissions related too.. if they are not set correctly
(always give them to the folder, never just the mdb file)

Some of this might help...

http://support.cjwsoft.com/code/moreinfo11-1.htm

http://support.cjwsoft.com/code/moreinfo136-1.htm

http://support.cjwsoft.com/code/moreinfo56-1.htm

you may want to download some of the different versions of the access database from the support area and try connecting to them as you may have older odbc drivers on the server

You may also want to try to get ASPTest from our website working before you go any further

Both the NET and Classic ASP versions of this application are designed for fine granularity protection of individual apsx extension files. ASPProtect.NET is not designed or intended to protect sub directories, or non aspx content such as Adobe Acrobat .pdf files etc etc.

I completely disagree with your statement that “most sites” have a login box on the left hand side of the page. I suspect you thinking of the ever popular php based forums and “Nuke” type CMS systems which are set up that way but if you look at any site written entirely using .NET that’s rarely if ever the case. (Granted I cant say for sure because I personally haven’t looked at >50% of the estimated 18 billion +  web pages on the internet) Just off the top of my head www.CafePress.com come to mind as a pure .NET site. If you take a look the login button it takes you to its own login page there is not global login form used throughout the site. Reason being that .NET introduced this thing called a “view state” which is used to store things like your session ID (and way more) and must be posted back to the server in order to keep track of visitors. This technology comes in especially handy when you have a web farm in place and your content is being spit out out by more than one server at the same time

I can think of loads of scenarios where the web servers need to know who you are even though you are never directly contacting them via http. This approach is a very smooth and actually very clever solution for enterprise level websites that simply can’t be handled with a single web server.

 On a practical level I know what you are saying but that application sets up all sorts of things when a protected page is accessed and the user is not yet authenticated. That’s the entire reason you need to put that snippet of code at the top of a page you want to protect. That code snippet calls the ASPProtect.NET class and runs through all the logic to see if you are able to access the page. If you are the subroutine exits and the server continues to process the remaining logic on the page. AKA you are able to access its content. If you are NOT authenticated ASPProtect will setup all the proper session and viewstate info and redirect you to the login page for authentication. You may have also noticed a parameter on the login page called ReturnURL. The application looks for that info and if you do have a user ID and password the application automatically redirects you to the page you were trying to access in the first place.

Really I have no idea what you are trying to do, but there is a world of difference in how something looks verses how it works. Lets just say there was a simple way to do what your thinking, what are you going to do with that login form after the person logs in? Just keep displaying it on the entire site so people get confused and don’t know if they are logged in or not? Just that little part of the equation will require making some changes to either ASPProtect.NET or your application will have to have some logic built into it to stop displaying the login forum.

It sounds to me like your basically looking for a super simple 101 type deal that allows people to sign up for an event and you the admin can see that information? I’m guessing they can also log in again and check out their details and see what event they signed up for?

If that’s the case you’re trying to take a very sophisticated protection application and downgrade it into something that would be one heck of a lot easier to write all from scratch in about an hour.

Your not going to be able to “plug and play” a simple form into a page and turn that application as a magic universal login solution for a website, while its 100% possible to use the application that way if you choose, you need to check out the source code and plan your custom integration accordingly.

yeah.. I cant say for sure.. as I have never really tried to get it working in xp pro.

Last time I actually used cdonts locally was on a 2000 box

I would do a google search on xp pro, smtp service, and cdonts and let us know what you find out.

All of our apps can use free 3rd part emailing components as well so maybe try some of those. Course you need a valid email server to connect to.

question 2 is answered best here

http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal

I should also mention that the paypal scenarios used in ASPProtect can not be tested using PayPal's sandbox. Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts)

then you can log into the other and refund the transctions and of course it makes sense to use low amount like 1 cent and what not.

Also, I'd love to see what you came up with with the integration. I have been working on it here as well and took it in a different direction as I plan to sell directions for it as an add-on for aspprotect. I have it all working here but so far I dont see an easy way to let other people do it as I had to change things in both systems in a lot of places. Utimately if done under a SQL environment triggers should be used at the database level and that is another consideration.

If logfiles do not get created it is most likely one of 3 things

1. invalid physical path specified
2. permisssions
3. filesystem object is disabled on the server

that path doesn't look correct to me for a live professionally set up server but only you or your server admins can know that for sure

you will not get any errors when things arent perfect.. just no physical logs

RecentActiveUsers and RecentPageRequrests are not related to the stored logfile feature.. Recent Activity is a different thing

ok... glad ya figured it out.

Yes.. for ASP server side code to run the page extension must be ".asp". I was gonna mention that but I guess I just didnt think anyone would do that.

no offense.. not everyone works with this stuff every day..

I think you getting all confused about dsn's and what they really are.

A system dsn gets created via the ODBC control panel and gets listed there. A system dsn is nothing more than a registry entry telling information about where the database is an how to connect to it. Then every time code accesses the database it has to do a registry lookup. The whole process adds a lot of delays, causes very poor performance and is unnecessary.

A dsn-less connection simply connects directly to the database by specifying the driver being used, where the database is, and some other information like the password if there is one.

To get aspprotect or any other ASP application using a database all you have to do is make sure the database folder has correct permissions and then make a connection string like so. (with the correct info for your directory structure of course)

DBQ=c:\inetpub\wwwroot\aspprotect_6\data\database\ASPProtect _access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp

If you are wondering Access databases always use the same username.

So, basically if permissions are set correctly and the directory is valid it will work.
It is really that simple. 99% of the time when people have problems it is one or the other.

That being said, don't worry about the odbc control panel and what is listed there for connections. All we really care about is that odbc drivers are installed and somewhat current.


One last thign for reference: even if you do make a system dsn the database folder still needs the correct permissions.

The only other thing I can think of if you are not getting any errors.

Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.

You can do a simple test to tell if it is...

Make a simple ".asp" page in the same folder.

Put only this code in it.

<% Response.Write ("ASP is executing") %>

then run the page via the web browser thru the server..

If the text prints out ASP is running... if you don't see anything it is not

I have a very weird problem.  At the top of the page, where there used to be

[Place Ad] [Classifieds Home] [Register] [Sign In]

now there is only

[] [Classifieds Home] [Register] [Sign In]

so the words "Place Ad" have disappeared completely.  Can you please tell me which file in which folder would control this

This is what it says in that thread I pointed you to

This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.

I really dont see what is confusing about it. I think I explained it all in detail in that thread.

Our login works great, variables even help determine menu options.  When user logs on, however, it opens in a new page.  Is there a setting somewhere that sets whether you can open in a new or existing page?

Also, when you log off

Still not ready... I have no time to finsih it at the moment..

release date is unknown...

I am still a little confused... one thing I would like to mention is that the passwords in the aspprotect database are encrypted... meaning you cant just add a password to the user database by hand because it wont be the encrypted value and wont work.

It is something the application takes care of when you add a user via the web based interface.

You can however still add users manaully or with careful import/exporting... but you will have to use the existing password conversion technique which is covered at the end of our upgrade instructions in these forums.
http://support.cjwsoft.com/code/moreinfo174-1.htm

Basically you want to add a field to the "ASPP_Users" table called "Old_Password" and that is where you enter the password in plain text. Then after you are finished adding users to the database manually you do this.

You want to run a special page via the browser.

http://www.mysite.com/password_admin/convert_to_encrypted.asp

Which will convert the passwords to the encrypted value for you.
See the bottom of this thread for all the info on that.
http://support.cjwsoft.com/code/moreinfo174-1.htm

This is what "John Evans" of CJWSoft has to say on the matter...

"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.

I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.

Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig. 

Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."

Are there any problems with modifying the default database fields.

I need to have an update from net billing and they use different settings in the database than the default.

Will the interface still be functional?

I'll give it a shot within the next day or so. I'm busy with a few other things right now.  You're right about just saving a copy before I start. It can't really hurt anything.

Thanks Chris. I'll let you know how it turns out.

-john

Thanks.

clark

Ok i am having an issue with my other comp. I have spent ANOTHER 3 hours researching this one.... it WONT START THE IIS SERVICE!!!

I get this error:

The service did not respond to the start or control request in a timely fashion

ANYWAY---

I decided to use one of my client's hosts; which happens to be Network Solutions.

ANYWAY again-

I uploaded the whole thing there and they advised me they cannot do the explicit permissions on that _database folder. This is what they said: I would also would like to point out that ASP.NET applications and permissions do not extend to any other folder, other than the root, (/htdocs/), and the bin, (/htdocs/bin/) folders.  Sub-directories and folder after bin and htdocs will not have ASP.NET permission (read or write).

If you could move or reconfigure your application to save all your code behind, include and dll files onto the root or bin folder, your application could work or possibly run as you would expect.  Please have this done and retest your application. If and when you get a different problem or another error after doing so, please let us know, and we shall be happy to help you troubleshoot any problems that you may have.

There is a 'create database option'  where i can create a database..create a dsnname, user name, password and have to specify the database file name. Once i do this i need to place the database file (aspprotectnet2002.mdb) in the /db folder within the root. I also tried this and made the appropriate change in the web.config but it STILL DOES NOT WORK. I AM PULLING MY HAIROUT WHY WONT ANYTHING WORK.

ALL THE FILES ON ON THE ROOT OF THE WEB HOST. I PULLED THE FILES OUT OF THE _DATABASE FOLDER AND DUMPED THEM ON THE ROOT. I CHANGED THAT ON THE WEB.CONFIG BUT ITS STILL LOOKING FOR SOME .XML FILE IN THAT _DATABASE FOLDER.

I'VE BEEN TRYING EVERYTHING AND IT SEEMS THAT I CANT USE THIS SOFTWARE FOR THE LIFE OF ME

Hi,

Ok, well... you have a lot of stuff going on there.

More importantly than that.. you cant even log into the admin area using the admin account. There is something majorly wrong with the installation.

I also notice you havent even saved any path settings in the settings page of the admin area. I am looking that over now and filling in the missing info. That information needs to be populated.

How can i get to this to register someone in the database only after the Paypal payment has been accepted.  I was testing it out to see if it makes it to my Paypal account (which it did just fine) then I closed Paypal before paying.  I logged in as the administrator and looked at the member list and the account was created anyway.  How can I stop this from being created until "only" after the Paypal payment has been "approved"?

What if this person never comes back to "try again"? Now the username he used (and is inactive) is not available for anyone else to use.  And it takes up database space.

I am using the Paypal (non-subscription)

Thanks in advance,
scottyFlasher

Hello,

Thank you for the feedback.

I would like to point out the requirements of the application however as this is something I am aware of and do address.

http://support.cjwsoft.com/code/moreinfo165-1.htm

These requirments are directly linked to from the ASPProtect v7 web page, so its not like I dont try to tell people the deal regarding SQL server.

Basically I only have the resources to provide scipts and instructions for using SQL Enterprise Manager and that is all I officially support. I also personally think anyone using a SQL Server should be using SQL Enterprise Manager because later on down the road there are things you may want to do such as backups/etc etc

Take Care,

Chris Williams
www.CJWSoft.com