I will actually explain how to set access_levels and/or groups...

in "users/add_new_account.asp"

probably.. better than what we are accomplishing here LOL

or if you like send me the import file and your encrpytion key and I will try it out here and see what happens

either way PM me any sensitive info if any

Hello Chris:

Yes I'm using the Option Pack.

-Ricardo

UPDATE:  read whole thread..
Version has been delayed




These are my personal notes on the new version of ASP Photo Gallery that should be out sometime in May/June 2004. Please ingore any typos.

This version may be more expensive than the current pro version as this is a major re-write and there will be a ton of new features.

Regardless, special pricing will be offerered to existing users.

If you see any features not listed that you think would be nice please post them here. We will of course consider them.

ASP Photo Gallery Version 4

------------------------------------------------------------ --------------------------------------------

Finished Improvements:

new setup page makes setting up the data connection easier than ever
it attempts to determine the possible data paths and makes suggestions for what to try
when you finally get the data connection working it gives you a link to the admin area of the application
so you can get started using the application

all database table names can be specified in the config_inc.asp file for advanced users that they may need
to change the table names in the database.. helpful for sql installation where one sql database must be
shared by many applications

new data folder is the only folder that needs permissions set
before multiple folders needed permissions
now everything can be put in this folder... database,logfiles,configuration files,picture upload folders...
eventually all cjwsoft applications will do this allowing multiple cjwsoft applications to use that same folder
therefore making it easier than ever to setup more applications without asking your host to set more permissions

new text based config file makes it easier to add new options to the program without making changes to
the database structure... therefore the need for the configuration table in the database has been eliminated
this also reduces system resources needed to load the config data for each page because it eliminates calls to the
database for config data

added voice effects for data connection page, intro users page, and settings page

made it so ratings color was an option (red or blue)

fixed minor bug that wasn't showing fixed category heights when that was selected and am image wasn't originally sized that way during initial upload

changed logfiles dates so they always show up in the proper order 09 vs 9

added config option to change bit query value to 1 or -1
default it to 1.... this is a technical thing

added the extra options currently in the config file to the settings page so people do not have to manually edit that
file any longer...

added new persits email option and authentication options to the settings page

added new CDOSYS emailing option

added support for dundas emailer

added support for ASPSMARTMAIL

fixed word filter so if it is empty it doesn't mess up
also make editing it part of the main settings

made email functions include file and edited all page that email to use it

added css/style sheet support and removed a lot of the old font tags

seperated the settings page into sections because it was too big and confusing

added ability for text watermarking when using the ASPImage component

made the picture upload error message no longer mention browsers that do not support picture uploading
as that is confusing people... and the problem is never that anymore

Made the ASPImage test page delete the bar graph before creating it so if it is already there they will
not think it is working

added crystal ball feature to admin users screen... shows additional user info when you hold the mouse over it

Made search function highlight search word in results.
Made the search function search the image description text files as well

Eliminated the guestbook directory as there was no need for the guestbook to be in it's own directory. This also simplified the menu.asp file as the guestbook section could be removed.

------------------------------------------------------------ --------------------------------------------

Possible Improvements:

eventually make new and much better directions/documentation... html based for multiple reasons

Eliminate the need for parent paths to be enabled on the web server.
(THIS MAY NOT BE POSSIBLE)
Many hosting companies disabled parent paths and will not enable them for their users.
On Windows 2003 Server Parent Paths are disabled by default.

make it so users ability to upload pics can be optionally disabled

possibly make some of the special functions in the extras folder built in to the admin area

Make the category picture uploader smarter because of the jpg gif issue when reuploading cat icons
A jpg loaded over a gif.. doesn't delete the old gif graphic and vice versa

Reduce number of ".asp" pages in general.

Use more functions for redundant tasks.

Optimize all instances of the old filefound function which is using more resources than are necessary

option.explicit the entire application and get all the variables dimmed once and for all

possibly incorporate the new category system I am working on which allows for unlimited categories and levels
also simplifies the heck out of the pages that call the categories

possibly add some cool image manipulation functions such as rotation for the various image components supported

possibly add the ability to move pictures around in an album. and maybe between albums
I must also remember to move the ratings and desc as well for that image.

possibly add the ability to make individual pictures require approval

possibly add the streaming image ability (asp page called from image tag) I came up with as an option for
people that can use it. this will better secure images in password protected albums and also possibly make
it so images can only be viewed from certain urls.. and maybe make an interface for a list of allowed urls

improve the .net support to also resize the larger images.. currently it does not

possibly add a feature to store 3 versions of images uploaded
thumbnail, medium res, and high res/original
this will appeal to professionals or people that may want to sell prints
storing a large version will be optional

possible support for multimedia content other than gif and jpg images

fix... url to link to..   problem on control pics page when both a jpg and a gif are present... which also relates to a another slight
bug that needs to be taken care of

make interface in admin to listen to installed midi files
and also to upload / delete them

possibly make per album guestbook... or call it something else like disussion or comments

add option to store the images orginal name in the images description area during upload
may be helpful to people that name their images in a somewhat descriptive way

change approval settings so they work on a per user basis
eliminate access levels from edit user screen and get rid of the level 4 stuff mentioned
possibly add a per user option for individual pic approval as well if I get that feature implemented

add support for the ibulc bulk upload client that I recently discovered
it is very cool

This may be an old question ??? If it is please point me to the post or documentation where I can find the answer please.

When creating protected pages I am using the following to protect them:

<%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="/aspprotect/check_user_inc.asp"-->

But that is not working. I get the following error when I try to access the members logon page in the directory that I wish to add the pages to:

Active Server Pages error 'ASP 0130'

Invalid File attribute

/filelocation/filename.asp, line 3

File attribute '/aspprotect/check_user_inc.asp' cannot start with forward slash or back slash.

However if I create the pages in the root of the AspProtect directory and use a link to the same page that exists in the AspProtect directory and the following include:

<%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

The pages work fine.

I really do not want to put all of my protected pages in the root of the AspProtect directory.

 I would like to mix protected and unprotected pages throughout the site in order to #1 make it easier to administer. #2 keep the AspProtect directory solely for authentication. And, #3 keep any user authentication pages out of the AspProtect directory.

TIA

All fixed and working

Thanks

I am also getting the "Unspecified Error" message.  I just transferred my site to IIS 5.0 and I get that error now.  However it does not happen everytime.  I can click on a page and it opens fine and then I hit refresh in the browser and I get the "Unspecified Error" message.  What could be causing this?

I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.

That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.

see this article...

80040211
http://www.aspfaq.com/show.asp?id=2026

Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.

If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc

The company is called Eschelon - there customer service leaves a lot to be desired. I have contacted them again and they said that they require the account holder to manage permissions, they won't make changes. I wish they would have told me that a week ago when I asked them about changing the permissions. They haven't responded to me yet how I am to do that though.

Frontpage ext. are not installed.

Once I hear back from them about how I connect to manage rights I should be all set.

Thanks again for all your help!

The Pop-Up Javascript Date Pickers will only show up of your server's regional settings are set to one of two lCID values.

1033 which is English - United States
mm/dd/yyyy date format

or

2057 which is English - United Kingdom
dd/mm/yyyy date format

Many servers are set to run the default LCID which is 2048 so the banner system will not show the date pickers.

This setting can however be easily overwritten when using the ASPBanner system.

or

Session.LCID = 2057

depending on what date format you are looking to use

Save the file and go edit a banner. The date pickers should be there now.

The only other thing I can think of if you are not getting any errors.

Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.

You can do a simple test to tell if it is...

Make a simple ".asp" page in the same folder.

Put only this code in it.

<% Response.Write ("ASP is executing") %>

then run the page via the web browser thru the server..

If the text prints out ASP is running... if you don't see anything it is not

edited due to inappropriate content

The application automatically generates all the code for you for each method of calling banners. It does this on the zones screen.

If you are using flash it also possible that the actualy flash file is what is causing things to slow up.

It really all depends... it could also be server resource related

using sql server or access.. ? etc etc

all important details

I used Dreamweaver4 to make my site is there anything I can do to make it work?

Access Database Password

By default all of the Access Databases we give out have a default password of "temp"

The Default username that and Access database uses is "Admin" but you should not be concerned with that except in your connection strings.

The default password for the Access Database can only be changed using Microsoft Access to do so. If you have security concerns it would make sense to change the password. The help system built into Microsoft Access best explains how to do that.

What am i supposed to do now... i do have another member server that is not a domain controller-

However, i have like 5 websites running on this domain controller already. I have thought about this before how its a HUGE security risk but it will take too long to configure everything on the other computer :(

Ohhh...

I was thinking it worked like this; A user goes to that page and logs in.. and from there they can then browse the site and do what they want..

So in order for it to work i need to edit a page say... members.aspx (i assume it needs to be an asp.net page) and in the header put that protect code and when a user accesses it, it will prompt them for their un and pw and then if correct will allow them to view the page... and likewise if they are still logged in will be able to use the page?

If that is how to works as i mentioned above thats great...

I understand the redirect principle...but say i have a log in box on the main page... you know like most pages have a user log in on the left hand side... i wanted to do that. But i cant obviously protect the main home page or else normal users will not be able to view it without logging in or registering

(Password Expiration Mod) for ASPProtect Version 7.x

This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)


 
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.

Purchase Page

Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.

This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.

There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.


Directions:
Back up your existing ASPProtect installation.

Add two new fields to the "ASPP_Users" table in your database.

For an MSAccess Database

Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)

For a MSSQL Database

Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)

once that is done

Copy all the new ".asp" pages into your site.


Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file

It needs to be the full URL to to the "change_password/default.asp" file


Now edit the "change_password/processchange.asp" file

There are 3 variables you can edit.

PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8

The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.

The other two values should be obvious.

That's it...

Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file

Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. 

let's try this... edit that page with a text editor like notepad...

Carefully replace any instance of "Cint" with "CDbl".. I may have missed some of those when testing the last time I edited the code.

I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.

So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?

Or is there another way..?

I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.

humm, those are some very big images to be starting off with but I am not sure that would cause a problem under the importing scenario

what width are you having the system resize them to ?

What happens when you upload a image manually (one a t a time)

Also, try the import process out with some pictures no bigger than say 1024 and lets see what happens

that is because passwords in the import/export files are encrypted.. if you make one of your own you need to use the rc4 function in the "config_inc.asp" to encrpyt your passwords just like the aspprotect system does (requires knowledge of vbscript and integration into your export system)

now, there is a way around this

if you want to import a file you made with clear text passwords edit "import.asp" beforehand and change

 If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = UserArray2(5)

to

 If UserArray2(5) <> "" Then CmdAddUsers.Fields("Password") = RC4(UserArray2(5), PasswordEncryptionKey)

that way it should convert your clear text passwords to encrypted while it does the import

this post also addresses this but in the reverse scenario
http://support.cjwsoft.com/code/code_info.asp?TID=261&PN =1&TPN=1

I hope this helps you because I really do have to leave the office like right now. Very late for a dinner meeting.

I should be back on the computer later tonight or tommoro morning

Installed latest verison  Doesn't seem to have corrected problem.  Still with same message.  I wonder if deleting this user and putting him back in might help.  I have not however tried any other user names and passwords.

Hi, I am glad you like the system.
Thx for the comments..

The banner logic in aspbanner it tweaked for speed and performance.. that sort of thing really wouldn't fit into the current code structure very well. It would slow things down and be a nightmare to code because of the way aspbanner uses ultra fast application variables for the banner rotation. Basically its a feature I didnt incorporate for performance and pricing reasons.

I would suggest making different zones for different conditions.. then surrounding the banner calling code with if else logic so a different baner zone was called under certain conditions.

That way performance would not be effected and you could actually show a different group of banners based on certain conditions.

Sorry, but that is the best advice I can offer at this time.

I built ASPBanner for performance and at this time I refuse to sacrifice that for any feature that will slow it down and consume more resources.

I have been working on this. 2Checkout is like the most confusing and worst payment processing company on the planet. There are things about that page I just don not understand as many times as I read through it.

Doesn't seem like this stuff is mandatory just yet. (I asked)

I should have something soon.

Parent paths being enabled on the server is a requirement of the application. That error means just what it says.

you can change all the server side includes to virtual includes that will work or you can ask you host to enable parent paths.. those are the options

more here...
http://support.cjwsoft.com/code/moreinfo5-1.htm

What about browser caching ? It can happen easily especially if you update pictures over one another.

emtpy out the temp files of ie (take a while usually).. close all ie windows and go back..

Otherwise I need detailed info on the problem. What you told me is not enough to troubleshoot. There are so many factors like what image  image rezie component you are using, the size of the pictures before conversion, server resources, what your doing regarding 3 albums.... etc etc

I have imported 100 pics at a time into an album on a fast server with no issues. Thats using any of the image resizing components.

If an album is new what your describing should never happen. Again, it think what your seeing is browser caching playing tricks on you. We have anticaching things in place so thumbnails never do that but not for the large images.

When did you download the ASPProtect Version 7 zip file ?

what did you enter as a wrong password to make that happen ?

does it it do it when other wrong passwords are entered ?

See, and that's what I thought.  What's interesting is that if I call either an aspx page or an asp page in the iframe tag, it asks me if I want to open the page, it doesn't display it.  I'm using IE6 so there's not problem with the support for the tag.

I'll keep looking to find out what's going on. I think the iframe method might work best.

JDooley