Hello,

Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.

If you design the site to be intelligent that scenario should never happen.

For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.

It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.

Here are some simple examples.

Here is an example using access levels.

<%
If Session("Access_Level") = "1"  Then
' show links to pages that allow access level 1
End If
%>

And one for groups..

<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>

User Information

After a user logs in there are variables that you can always access.
They can be used to check various things or to display information
dynamically based on who has logged into the system.

   Session("PasswordAccess")
   Session("Access_Level")
   Session("Admin")
   Session("Active")
   Session("Expiration_Date")
   Session("User_ID")
   Session("Groups")
   Session("Redirection_URL")
   Session("Password")
   Session("Username")
   Session("First_Name")
   Session("Last_Name")
   Session("Company_Name")
   Session("Email")
   Session("Address")
   Session("City")
   Session("State_Province")
   Session("Zipcode_Postal_Code")
   Session("Phone")
   Session("Custom1")
   Session("Custom2")
   Session("Custom3")
   Session("Custom4")
   Session("Custom5")
   Session("Custom6")

You can display them on a page at any time using Response.Write like so

<% Response.Write(Session("FIRST_NAME")) %>

or like this

<% = Session("LAST_NAME") %>

How can I make so it goes to certain webpages if user enters valid username and password??

I suppose user enters its information on check_user_inc.asp page, and username and password are stored on SQL database.

Thanks

Sorry about earlier post in wrong area-

I have followed instructions to set up access levels (adding the

<% CHECKFOR = "4" %>    for user level 4 for instance.) The database is connecting properly and the basic check for login is taking place, but it seems that all users have access to all levels no matter what is on the database; i.e I set up a test page with "checkfor=4" and all users have access to it, even those with lower leve access.

Any ideas?

Thanks

Disallowed Parent Path

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory. 

When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.

If it is not enabled on you server you will have to ask your host to enable parent paths for your website.

This is what the settings screen looks like on an XP Machine

Additional Information:

It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.

Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.

Hosting companies should if they are serious about hosting ASP.


If they won't your only option is to go through all the code and convert the file includes to virtual includes.

http://www.powerasp.com/content/code-snippets/includes.asp

The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)

Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc

Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.

In my opinion virtual includes are pretty useless for commercial web based applications...  Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.

For example...

The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->

But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this

<!--#include virtual = "/somedirectory/somefile.asp"-->

Hello,

I need to see if this is possible. I want to create a browsing system such that, the user selects a Province from a drop down list on the main page. Based the selection, the username of all the users in that province will be shown. Then the user can click on a specific username and his/her portfolio (photo album) will be displayed.

is this possible? If so, How can I do this, please help.

Thanks

Sean

Ok time for some more questions!!!

Is there a way to make the person's email address their default username... or force it in somehow instead of allowing them to create their own?

I'm using Aspimage and SQL. Photos are 2464 x 1632 px, tried the upload and import directory methods, same results: thumbnails ok, full images 0 bytes.

ServerSoftware Microsoft-IIS/6.0
ServerName www.larrysampas.com
ServerProtocol HTTP/1.1
PathInfo /gallery2/extras
PathTranslated d:\Customers\user1095000\www\gallery2\extras
 
FILE SYSTEM OBJECT Installed
ADODB (ActiveX Data Object) Version: 1.2 Installed  
CDONTS Version: 2.80 Installed  
SMTPMail Version: SMTPMail Retail Version V2, 2, 1, 0 Installed  
JMail Version: 4.1.2 Installed  
AspEmail Installed
AspMail Installed
SAFILEUP Installed
Dundas Upload Not Installed  
ASPImage Version: 2.31 Installed  
AspJpeg Not Installed  
ImgWriter Not Installed  
 
Script Engine 
Type VBScript
Version 5.6
Build 8515

Your SQL statement to the database is the key.

You want to change the sortby hyperlink on that page so that it will in turn change the dynamic sql statement to sort the way you want

Find

?SORTBY=Date_Created

change it to

?SORTBY=Date_Created+ASC

or maybe

?SORTBY=Date_Created+DESC

One of them is the default anyway, but I cant remember which is which off hand so just try them both till you get the desired result

near the top you can also change the default sortby when thet page is loaded

SORTBY = Request("SORTBY")
If SORTBY = "" Then
 SORTBY = "Name"
End If

there you would use a space though.. not a "+" sign when adding the ASC or DESC

The + sign is only used in the hyperlinks because it means a space for browsers that can't deal with spaces in links

I think I've got it to work somewhat.  I modified the 2checkout1 & 2 asp file to use and pass Product_id.  It now identifies the product correctly.  I'm good fo now. Thanks for the info though.

-Jason

More Upgrade Info

To upgrade an existing ASPBanner system please follow these steps.

Back up your old system completely before starting.

Install the new system per the installation instructions that came with it.

Once it is running simply use your old ASPBanner database with the new system.

You may also want to keep your banner images folder from before in the same location so your existing banners still link to valid image urls because the new system stores banner images in a new location.

Since the config table in the database is no longer used you will need to go to the settings screen of aspbanner again and configure things. The config table in your old database can be deleted or left alone. It won't be used anymore so it does not matter either way.

That is all there is to it. If you have any issues please ask in the forums and we will help you out.

Hi,

Actually that is not a feature at this time. Only the admin can add an image for user. If you look at the code for that you could adapt it for individual user use fairly easily provided you are decent with ASP.

That feature will probably be added some day, but there was no time to add it to into the current version and I can not give you a time on when it will be added. The complicated part is making some sort of approval process in case a user adds something undesirable and also limited file sizes which is hard to do without somesort of 3rd party uplaod component being involved.

Hi,

I have just one quick question, I know this works with Paypal but does this work with Merchant Account?

How difficult it is to make it workable with Merchant account? I appreciate your answer.

Thanks.

ADODB.Recordset error '800a0cc1'

Item cannot be found in the collection corresponding to the requested name or ordinal.

/aspprotect/password_admin/default.asp, line 287

I'm doing an upgrade from an OOOOOOOOOOLD version (not sure if it was 6 or not) and it read my database OK prior to adding a new user. Now I get this error message. I was able to run the password encryption function OK, but I still get this error when I try to view the password_admin stuff. I can log in via the "get_me_in" asp page just fine, but I get the above error.

If I try to log in with my admin account, I get

ADODB.Recordset error '800a0cc1'

Item cannot be found in the collection corresponding to the requested name or ordinal.

/aspprotect/password_admin/check_admin_inc.asp, line 166

*****

OK, my question is this... if I retype all the info from the old DB into a brand new one, never before used, that would work, right? I only have 108 users, so that's about an hour of work. Or is there a 5-minute fix that I can try? I've done some messing around that got nowhere and returned all edited files to their original state, with the exceptions of the ones calling the DB location.

I'll start the C&P process and await your reply...

On a side note, I really love the new format and am excited about the new features. I'm not married to upgrading the DB and if copy and paste is faster (I just need first name, last name, username, password, email, and expiration date), then I'm using v.7 that much faster.

Post a request in the "custom code work" forum.
Perhaps another customer will want to do the work or help you out with some code.

I am just too busy to do any custom work for quite a while.

Did you see this thread. It shows how to set up the project in Visual Studio in detail.

http://support.cjwsoft.com/code/moreinfo85-1.htm

Hi,

We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.

IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ; ; ; ; ; ; ; ; ; ; ;PN=1

The 2Checkout Support Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement 2Checkout Payments with ASPProtect. You must be using version 2 of the 2checkout system. They are phasing out version 1 regardless so everyone will be using version 2 very soon if they are not already.

THIS IS NOT INTENDED OR DESIGNED TO USE 2CHECKOUT SUBSCRIPTIONS. (see bottom of this thread for more info on that)

This Support Pack basically gives you an additional signup and registration directory "2checkout_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup in general. New users can register in this directory and pay for membership at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and buy additional membership time online. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via 2Checkout your system is updated and they will have access.

The 2checkout pack is NEW.. and was released on March 19, 2005. If you don't have it and would like it please just ask.

To start using this edit the "2checkout_signup/2checkout_config_inc.asp" file

You will be entering your 2Checkout Account number in that file as well as the URL you want a user to go to after payment. It is all commented in that file. (There is also a testing variable you can set to True if you want to do testing without real charges being applied)

After editing that file run this page.

http://www.mysite.com/2checkout_signup/show_postback_path.asp

Replacing the part in blue with your website info.

It will report back that postback url you need to use in the 2checkout system.

Log into your 2checkout version 2 account and under the "look & feel section" enter that postback url for both the "Approved URL" and the  "Pending URL"

Trust me: You want the URL there for a pending URL because the 2Checkout system is quite random and 95% of the payments that come in go to the pending URL and end up being legitimate sales. (at least for me they do)

Now make sure the Direct Return option on that page is on as well. 

If set to Yes buyers will be immediately directed to your URLs below once they click the Complete Order button. If set to No the buyers will have to click a button to return to your URLs below.

Save that page... and leave 2checkout.

Now, delete this page from your ASPProtect setup.
http://www.mysite.com/2checkout_signup/show_postback_path.asp

It's a minor security risk and is no longer needed needed.

The basic setup is finished. All you have to now is set up payments options the way you want them.


Changing Payment Options

In the "2checkout1.asp" file there are form options set up.

They look like this and you can have as many as you like.

<option selected value="30,9.95,3,">30 Days, 9.95</option>

In this option... A user has the option to purchase 30 days for $9.95 and he will be set to Access Level 3 when payment in completed.

Here is how it works.

The value setting (red) is essentially and array that can be made up 4 elements separated by comma's
They must be separated by a comma and there can be no spaces. In this example the 4th value was not used but the last comma must still be there. If you didn't want to set an access level and left out the "3" there would 2 commas at the end.  etc etc
Basically there must always be 3 commas but you only have to set the 1st 2 values which are days and price.

days,price,access level,groups

The 1st value is the amount of days.
The 2nd value is the price for the amount of days.
The 3rd value is the access level you want to user assigned to.
The 4th option is the groups you want the user assigned to. (see PayPal subscription thread for examples of specifying group info)

Now, the label for the option in (blue) can say whatever you like.

Hi,

I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working.

This has not been officially released yet, but it is ready.
Here is the overview...
http://www.aspprotect.com/demo3/paypal_signup2/overview.asp

And the Code for the IPN Subscription Pack is 30.00.
http://www.aspprotect.com/ipn_subscription_support_pack.asp

A few people are using it and say it works very well.

Like the IPN Single Purchase System it is a separate directory you copy into the web site. One change must be made to your database so it’s pretty easy to get working. 

Though I am not guaranteeing this you should be able to accept Single IPN payments and IPN Subscriptions at the same time without the two bothering each other. I haven’t tested it but one customer is doing it and said it is working fine. It just involves manually specifying the IPN URL for one of the systems so it overrides the default IPN URL on your paypal settings. (As each system needs its own IPN URL) Its easy to do… just a form field you would add to the subscription form. I already looked it up. See below. 

Specifying Your Notification URL

If you only need to receive your IPNs at a single URL, you can enter that URL in the Preferences section of your Profile. If you would like to receive payment notifications for different payments at different URLs (i.e. if you need to separate payments made to different websites you run), you can manually pass the IPN URL with each payment by including it in that payment’s HTML code. Use the notify_url field to pass this information. The notify_url for a specific payment will be saved, and any subsequent updates to that payment (e.g. cleared eCheck) will be sent to that notify_url. When you pass a notify_url in your HTML code, it will override any preferences you set in your Profile. 

Anyway.. the Code for the IPN Subscription Pack is 30.00.
http://www.aspprotect.com/ipn_subscription_support_pack.asp

Hi

I would like to ensure the the user uses a UK style postcode not a clue how to ensure this as I am new to asp. Any ideas?

regards

John

Are you reffering to the number of the left of the users name in admin.

I thought it was a counter at first but that number only displays the number of albums they have set up.

Hi,

How do you know permissions are ok in that folder ?
Please tell me more on how they were set.

Please read through my article on how they are set correctly.
http://support.cjwsoft.com/code/moreinfo136-1.htm

Often times they are not set correctly or people thingk they set them somehow but in fact did not do it the correct way.

I would also suggest using the "test_physical_path.asp" page in the "extras" folder to verify if the path you are using to the database mdb file is in fact correct. That page should work whether permissions are set or not. At least then you will know if the path is correct or not and you can go from there.

you actually dont touch any of those
UploadDirectory = CmdGetConfiguration("UploadDirectory")
They get set from the config table in the database which gets edited in the admin area.

so...

I am talking about the settings area in the admin area of the applicaton.
Every setting there is descibed in detail. You get there and change serttings there via the web browser and by logging in as the admin.

Log in to the online demo as admin and check out the settings area if you are confused.
http://www.aspphotogallery.com/demo_pro.asp

I am using VS 2005, when i go to new project in visual basic folder asp.net web application is not there..

Can i add it somehow?

Hello,

I do not really understand what you mean?
There are no country and city lists in ASPClassifieds.

ok, well if you want to test on your own....  in the ipn.asp file for the subscription folder you will see this area of code used for testing

' Un-comment this section and give this directory proper permissions to enable logging to a text file
' Very helpful for troubleshooting
'   Set ObjMyFile = CreateObject("Scripting.FileSystemObject")
'   LogFileName = ("paypal.txt")
'   'Open Text File.. If doesn't exist create it and append to it .. If exists just append to it
'   Set WriteMyData = ObjMyFile.OpenTextFile(Server.MapPath("paypal.txt"),8,True)
'   RowHeaderString =  ""
'   RowHeaderString =  RowHeaderString & OrderID & vbTab
'   RowHeaderString =  RowHeaderString & Custom & vbTab
'   RowHeaderString =  RowHeaderString & User_ID & vbTab
'   RowHeaderString =  RowHeaderString & subscr_id & vbTab
'   RowHeaderString =  RowHeaderString & txn_type & vbTab
'   RowHeaderString =  RowHeaderString & subscr_date & vbTab
'   RowHeaderString =  RowHeaderString & Access_level & vbTab
'   RowHeaderString =  RowHeaderString & Groups
'   WriteMyData.WriteLine(RowHeaderString)
'   WriteMyData.Close

now that folder will need modify permissions for the text file to be written to but this is a good way to test if the ipn.asp page ever gets hit by paypal.

ITS REAL IMPORTANT THAT THE TEST FILE CAN BE WRITTEN TO OR DOING THIS WILL JUST CAUSE MORE ISSUES

To ensure the text file can be written to and permissions are correct for that folder you can make a new .asp in there and run this to see if the text file writing works

   Set ObjMyFile = CreateObject("Scripting.FileSystemObject")
   LogFileName = ("paypal.txt")
   'Open Text File.. If doesn't exist create it and append to it .. If exists just append to it
   Set WriteMyData = ObjMyFile.OpenTextFile(Server.MapPath("paypal.txt"),8,True)
   WriteMyData.WriteLine("the file was written to")
   WriteMyData.Close

Now, you can even change the location of the text file to place that does have permissions if you like.

This is what I would do if I was in there... then I would make some test payments using 1 cent and another paypal account (your allowed 2)

and see what happens

it is always possible the subscription code may have a bug in it. The last time I tested I only tested the single payment folder which worked perfectly. If I have time in the next couple days I am going to test the subscription stuff again. If there is something wrong I can cure it quickly.

The two routines share a lot of code in common.

That would be great.

I am sure you know that many virus that are sent via email have the same property. (double extension). The code can be executed even though Windows identifies them as simple text files etc.

Thanks again

Is there anyway to limit the number of Albums each user can make?

But can you guess as to why the following might be happening:

1) The password is still "temp", and we verified that by checking dataconn_inc.asp ; 2) People are able to place new ads, etc. ; 3) We then download the DB.  Sometimes we are able to open up the DB just downloaded with the password "temp", but only see the USERS table.  At other times, we cannot open the same DB with any password, and get a "password not valid" message even when using the password "temp".

So what can the problem be?

No problem. I get it now.

I added a Session Variable for "Counter". Then wrote an If statement around that. When the user logs on for the first time they see a window pop, after that the normal start page.

Thanks

I would like to create a login form on the home page which will not be password protected to the site for members so that they can login right from the home page and not a password protected page like many sites have. And every portal I have seen.

Plus the login form looks really pretty and proffesional on the home page   ...

I can't find anything in the documentation that says how to do this or if it's even possible. Everything I have found says to password protect a page and then direct them there which isn't what I would like to do.

Here is the code of the login page which is an asp include file on the main page:

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>

<body>
                              <td><img src="images/a026.jpg" alt="" width="187" height="21"></td>
                          </tr>
                          <tr>
                              <td bgcolor="#EBEBEB"><table width="100%"  border="0" cellspacing="0" cellpadding="3">
                                       <tr>
                                           <td><table width="180" border="0" cellpadding="0" cellspacing="0" bgcolor="#AAAAAA">
                                                   <tr>
<td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                         <td><img src="images/spacer.gif" alt="" width="178" height="1"></td>
                                                         <td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                   </tr>
                                                   <tr>
                                                         <td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                         <td bgcolor="#FFFFFF"><form name="form_login" method="post" action="">
                                                              <table width="100%"  border="0" cellspacing="5" cellpadding="0">
                                                                  <tr>
                                                                      <td width="53%"><input name="textfield" type="text" class="style-01" value="username"></td>
                                                                      <td width="47%"><a href="#" class="link-02">Forgot pass?</a> </td>
                                                                  </tr>
                                                                  <tr>
                                                                      <td><input name="textfield2" type="text" class="style-01" value="password"></td>
                                                                      <td><a href="#" class="link-02">Not registered?</a> </td>
                                                                  </tr>
                                                              </table>
                                                         </form></td>
                                                         <td><img src="images/spacer.gif" alt="" width="1" height="1"></td>
                                                   </tr>
                                                   <tr>
                                                         <td colspan="3"><a href="#"><img src="images/a027.jpg" alt="" width="180" height="15" border="0"></a></td>
                                                   </tr>
                                           </table></td>
                                       </tr>
                              </table></td>
</body>

</html>

Does anybody know what values I would put in the form to send the correct login to AspProtect. And, if I would have to add any extra includes or code to it.

TIA