You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp

You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.

If it is 2 directories down it should probably look different..

example:)   "../../checkuser_inc.asp"

It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.

Also..

The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.

Lasty…. If you are logged in at the time

Whether your current session at the site is still active… or you have the cookie set to remember you.

Well, nothing will happen… cause your already logged in and you will just see the page as normal.

Perhaps things are working and you just don’t understand that part ?

You need to go to the log off page.. log off… then close all instances of the web browser windows..

Then come back to the site… then see if it prompts you to log in.

lets get back to using the forum and not the pm's  please only use the PM's for sensative information. its too hard for me to keep track of all of this as well as help everything else when I got an inbox full of pm's

Ok, so you say no paypal subscription info is being put in the database at all.

I know we have a bunch of people using the paypal subscription code with no issues so I know it works but obviously you got something wrong.

It could be a few things.

Did you enable IPN in the paypal system and put in a postback url like my directions say ?

Are you sure you are not getting paypal single payments and paypal subscriptions mixed up ?

Are the paypal links you made for paypal subscriptions in the correct format like are directions state ? That is critical and another example of something important that you have not shown me.

Did you populate all settings correctly for our paypal subscription code ?
This includes a correct and valid postback url because if that is not right paypal cant communicate with the aspprotect system and no info will get posted back from them at all.

You say your upgrade went well but if you did all all field names perfectly there could be issues with that.

There is just way too much for me to figure out under free support with the info you keep providing me.

I dont think we are going to get anywhere unless I go into your system and spend a considerable amount of time checking everything out. That is not something I do under normal support so if you are interested it is going to involve a fee paid via paypal. It's probably going to take me a while to check everything out and I need you to be 100% sure IPM is enabled in your PayPal account. If you are not sure how to turn it on search their help system as they have plenty of documentation on the process.

nope ,sql server has nothing to do with this

I am talking about the folder pictures are stored in.. it needs modify permissions set for the internet guest account like those articles talk about

sure, there are reasons AOL would block the email.. it might think it is spam or it might not like the fact that fact that a cdonts generated email has no MX records because it can not..

for more on MX records read my CDOSYS article
http://www.powerasp.com/content/new/sending_email_cdosys.asp


as far as the emails not being sent because notifications are off. I was not aware of that and will try to look into it.. Version 6 is no longer worked on but if I can find the time I will check that out

5300 users honetly wouldn't even phase the database or the code... even with MSAccess...you got other problems and I can say that with 150% certainty

my guess is permissions on the database folder are not quite right or the odbc drivers have issues.. something along those lines..

access databases act up when full modify permissions are not given to the folder they are in.... they can also act up if the odbc drivers are very new and you are not using a newer version of the access database such as 2002 version as opposed to a 97 or 2000 version

using a system dsn as opposed to a dsn-less connection can also cause BIG issues. always use a DSN-LESS connection

you can also have big problems if just the database file is given permissions instead of the whole directory it is in

also, the script timeout has nothing to do with it.. if that is happening something is wrong with the data connection like I said... no amount of changing timeouts is going to cure it...

how permissions are correctly set
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp

why system dsn's with access databases are bad news
http://support.cjwsoft.com/code/moreinfo9-1.htm

I know it worked at 1st but it can still be related to all of this because when permissions are not perfect databases will work ok for a while and then act up. it all has to do with the temporay lock files that access creates and deletes on a regualr basis

humm, I dont know.

If you want me too I would be glad to go into your web site and troubleshoot. If so PM me the info I need and I will take a look and see if I can figure it out.

CJW

More Info on Simple File Sharing

http://www.practicallynetworked.com/sharing/xp/filesharing.h tm

http://www.theeldergeek.com/quick_guide_to_simple_file_shari ng.htm

http://support.microsoft.com/default.aspx?scid=kb;en-us;3040 40

I have a very weird problem.  At the top of the page, where there used to be

[Place Ad] [Classifieds Home] [Register] [Sign In]

now there is only

[] [Classifieds Home] [Register] [Sign In]

so the words "Place Ad" have disappeared completely.  Can you please tell me which file in which folder would control this

Are there any problems with modifying the default database fields.

I need to have an update from net billing and they use different settings in the database than the default.

Will the interface still be functional?

When did you download the ASPProtect Version 7 zip file ?

what did you enter as a wrong password to make that happen ?

does it it do it when other wrong passwords are entered ?

New Version 8.1 Released

Whats new..
http://www.aspbanner.com/v8_notes.asp

Upgrade Instructions...

Upgrade at your own risk. Though we try new versions are not always perfect due to minor bugs we may miss.

Back up your old setup so you can revert back if necessary..!!!
Save your data connection string info in a text file so you have it.
You can get that by viewing the system info page in the admin area.

Carefully copy all the ".asp" files from the new version to the old.
Your going to want all the .asp files in the aspbanner folder.
Your going to want all the .asp files in the aspbanner/scripts folder

Copy the aspbanner/images folder because there are some new images

Be sure to also copy the "data/config" folder files.folders as well as a lot of that is new including the actual config file. If you dont get the new config file copied in there you will have problems later on with some of the new features.

Be sure to create a new folder in the "data" folder called "tempstats"
Make sure it has proper permissions if you plan on using the delayed stats feature as the stats gets temporarily stored there. 

Go back to the area where you originally setup the data connection and do that again...

From the web browser run the following URL

http://yoursite/data/config/aspbanner_unlimited.asp

Replace "yoursite" with the proper url info relevant to your web site location.

When run via the web server that page will ask for a password. By default it is "temp". You should change it later on for security reasons. That page tells you how.

Now... moving on..

There were no changes to the database except for SQL Server users so you can use your existing database.

SQL Server users that want to use the new stored procedures feature (it's optional) will need to update their SQL database with the stored procedures.

Scripts to do that are provided.


ALSO: I have been running this new version using SQL Server Stored Procedure mode for a 1 week on a special banner server that serves banners to many of my own sites. I have also been using the new Delayed Stats feature.

All I can say is it is running like a champ and the SQL server is using less memory than it ever did before.

Hi,

No, only ".asp" files can be protected.  It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.

To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.

Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.

Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.

In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc

If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.

For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.

Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://

Just got back 10 minutes ago..
Missed plane yesterday because of traffic and the flight today was 3 hours plus 4 hours of driving

The fact that you are using Server 2003 is not relevant. I am very familiar with it and all my sites run on it.

The ASPNET account will be there by default once the .NET framework is installed. It won’t just show up in the list, you have to search for it like my article mentions.

http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

The login page sends the user to redirect.asp (which is as follows)

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If InStr(Session("Groups"),"*1*") Then
    Response.Redirect("gp01.asp")
End If
%>

<%
If InStr(Session("Groups"),"*2*") Then
    Response.Redirect("gp02.asp")
End If
%>

I am not being redirected to gp02.asp if I am a member of group2.  Also, we wish users who are part of group 2 and 3 to go to a different page (ie. gp2-3.asp)

Thanks in advance.

<compilation defaultLanguage="vb" debug="false" />

change it to this

<compilation defaultLanguage="vb" debug="true" />

When you run the code in a production environment change it back though

More Info
http://support.microsoft.com/default.aspx?scid=kb;EN-US;3061 56

I had both ASP Listings & Classified on the same website.  The categories seem to be getting mixed up. I removed ASP Classified but classfieds categories is still appearing in the student of ASP Listing.

How do I fix this?

Thanks

Hello,

It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.

I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.

But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file

Yes, you are right.

We have now tested it using the DSN less connection with Access 2002 and it works fine. We have also tested it again with a DSN using 2002 and this also seems to work.

The comment about speed is a consideration although I have not noticed any differences. ( we only have a few database entries at this time).

Thanks for your help

Thanks very much for the quick reply.

That sets my mind at ease

I was just worried if users would see warnings in their firewall software too.

I realize that the admin would have to have to go through some errors...

And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.

Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...

Thanks 

OK, I just spent like an hour in your site.. I almost gave up

1st off... I don't know what FTP Program/Settings or what OS you are using but all the ASP Protect Files had been reformatted in a odd way which was causing some issues and the database also had problems. Your somehow introducing all sorts of UNIX line breaks to all the files and the database was actually missing some crucial parts of itself and was corrupted. So I had to update everything which means a new database. I have never seen anything like it but I fixed it all. Its something you are doing but I do not know what. Maybe your unzipping method again ?


So to get back into the admin area...

admin
test

Now, the reason  the albums were not showing is because you are using the ole connection string which causes problems like that. However because you host has like the worst setup ever with that network path crap for the site that was the only connection string that would work for some reason.

I highly suggest a new host with a proper setup for running ASP. www.alentus.com
Your hosting companies setup is horrid as far as I am concerned.
Access Databases are not meant to be connected to via a network path.
http://www.aspfaq.com/show.asp?id=2168

Anyway, I rewrote some of the code because of the ole connection and got the albums showing up for you.. who knows what other problems that OLE connection may bring up in the future.. for now things I tested seem ok.

As for your broken image in the your header/footer...  You cant link to images and links using virtual pathing in those includes because the files are called from different directories and will work in some and not others

so when your in the root you see the image, when in a different folder you see a broken image

In other words.

link to

http://www.vickerylightning.com/gallery/vickery_template5_r2 _c1.jpg

not just

vickery_template5_r2_c1.jpg

The same goes for hyperlinks.. use the full url paths


Whatever you do...Back up the gallery folder with my changes before you go doing anything.

I am brought to a logon page in which I cannot access the page.  This must be due to the check_user_inc.asp include.  Without the include I get a blank page.

I have tried everything to get your CJWSoft code working..I purchased the auto listings software and I am stumped, and actually you stumped my hosting provider, my database is stored in the database directory on the root.

I have even tried your ASPtest and still cannot connect.  My have connected other databases without an issue on this same host, I have named a DNS Auto for my database and ponted to that in my code  but get the following error you see at http://www.burkesauto.com and even when i try you test script found here at http://www.burkesauto.com/asptest.asp .

I do not think it it anything to do with the Application.

You most likely have some sort of ad blocking software that is doing it.

It is seeing the word "banner" or "ad" and blocking the images in your browser.

I doubt it is anything built into xp doing it. XP with SP2 has built in pop-up blockers but no ad blockers like that really. It is norton ad blocker or something of that nature.

If you have found out that parent paths are disabled on the web server you can still use the application.

Before you continue.

If it is your server consider enabling parent paths to solve the problem.

If it is not your server consider asking them to enable parent paths for your web site to solve the problem.

If that is not possible please download this zip file.
2005-02-20_150703_aspprotect_v7.x_alternate_include_file_pat hs.zip

This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.

The zip file contains the following folders and files.

Below is the contents of the readme.txt file which explains everything.

The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.

(parent paths enabled) - This is the way the application comes.
The files in this folder have FILE server side includes containing "../" information. While these includes will work when the applicaion in is any location of a website they will not work if parent paths are disabled on the web server. Generally you will want to use these on your xp development machine. You can of course use them on your real server if parent paths are enabled. Parent Paths are now disabled on II6 by default and some hosting company will not enable them.

(domain root)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in the root of your web domain. For example if your domain was called "www.somedomain.com" the following aspprotect files and folders would end up like this
"http://www.somedomain.com/check_user_inc.asp"
"http://www.somedomain.com/password_admin"
"http://www.somedomain.com/users"

(domain directory)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in a directory called "aspprotect" in the root of your web domain. For example if your domain was called "www.somedomain.com" the
following aspprotect files and folders would end up like this
"http://www.somedomain.com/aspprotect/check_user_inc.asp"
"http://www.somedomain.com/aspprotect/password_admin"
"http://www.somedomain.com/aspprotect/users"
You can change the name of the "aspprotect" directory but you will will have to edit the includes in the files.

Lastly, if you are on a local machine and insist on using the VIRTUAL INCLUDES you would also use the (domain directory files) even though you dont have a domain on your local machine most likely
For example if your site was installed like so.
"http://localhost/aspprotect/check_user_inc.asp"
"http://localhost/aspprotect/password_admin"
"http://localhost/aspprotect/users"