Chris, that fixed it.  Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.

Suggestion for future release.  Create an option to email the admin when a message is posted.  If this code already exists please advise.

Thanks, Lance

Hey, I run a business and I will not have things like that mentioned in these forums.

I am running Windows 2000 server. I do believe asp.net IS installed as I have the .NET 1.1 framework installed.

Funny about the bounce backs. I am at about 10% of my limit, which I control as I am the network admin. I'll check into that.

I have tried everything to get your CJWSoft code working..I purchased the auto listings software and I am stumped, and actually you stumped my hosting provider, my database is stored in the database directory on the root.

I have even tried your ASPtest and still cannot connect.  My have connected other databases without an issue on this same host, I have named a DNS Auto for my database and ponted to that in my code  but get the following error you see at http://www.burkesauto.com and even when i try you test script found here at http://www.burkesauto.com/asptest.asp .

It's real easy actually if ya sniff around the source code.
ASP is so easy to (work with/edit) even if you dont know any code.


edit   "save.asp" with a text editor

change

If Request("First_Name") = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a First Name.\n\n")
End If

to

If Request("Company_Name") = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a Company Name.\n\n")
End If


From looking at that save code I dont see where Last_Name was required. The only name I saw required was a 1st name.

Also.. making the First_Name not required may break something somwhere else. I dont think it will but it might. You are warned.

You really should just look at the documentation that came with the application. It tells you everything you need to know.

it is in the docs folder in html format.. it is also linked to from the aspclassifieds website

http://www.aspclassifieds.com/demo/docs/

I am using ASPProtect's password program, which has been very successful, for managing over 1,500 military veterans' memberships at http://www.vspa.com.  What I am trying to do now is utilize the "Groups" code, as generated by the Admin page, to prevent members with expired accounts (and non-members) from accessing restricted "members only" .ASP pages they may have bookmarked, or found via web search. The code generated and used is as follows:

<%@ LANGUAGE="VBSCRIPT" %>
<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * ADMIN * Member Current * Member Life * Officer/Staff * ) -->
<% GROUPACCESS = "10,12,14,19" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->

The above is placed over the <html><head> statements on the page.

When I am logged in the code works perfectly! When I log off and try the URL again, the page appears in its entirety but with a Login box for Username and Login Password at the top of the page. You may view the problem at: http://www.vspa.com/aspprotect/vspa-password-enter.asp .

What I would like to have happen is expired members and non-members would be sent (or Redirected) to a Login page. I do not want the Login password box to merely be inserted above the page that I am trying to keep them from visiting.

Don Poss,
VSPA Webmaster

No I didn't...

The one I tried is the hosted one at my provider which I gave you the link for.

Thanks very much.  I will get that one and it may be much easier if I need to get into the Nitty Gritty of the database at some time.

Thanks

I have been able to successfully edit some text colors, but there seems to be one page that wont change the text color. Inside the users/ folder, the login.asp page, i cant seem to change the text color from ffffff to 000000 so it can be read on my background color. Every page in the script is correct but this one.

Thanks.

Hi. Chris.  I'm not a programmer of any sorts, so I am not comfortable plugging in the changes you suggested and not knowing for sure if it will "break something somewhere else".  If the programmer tells me "you have been warned", its a pretty good sign its a no win situation. If you don't know, theres no way i can know.

I saw in the code where you mentioned the changes. I don't see where it mentions the last name is required either, but the bottom line is it does require it it the actual new user form.

Thanks anyway Chris. I'll figure something out.

-john

The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.

Download Documentation

You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.

Please continue to check the support forum threads for the most up to date documentation.


IMPORTANT
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then  choose unblock down in the lower right corner ...then you can open and view the file correctly

There is no way I'm going to spend hundreds of dollars for a thumbnail creation program. Mine is a family web site and all out of my pocket.

Is there any free products that work with Gallery that will create the thumbnails? If not can I create them on my own and link them to the pics? There are tons of Perl based freebies out there.

Steve

so you are using the subscriptions signup directory right ?
"paypal_signup2" ?

1st.. I would check that the xml parser is working.

It is required for making the post back to paypal.
It is installed on windows 2000 and 2003 and XP by default.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=134& ; ; ; ; ; ;PN=1


Then I would check the actual form page to paypal to make sure it is generating a valid IPN url as a hidden form value.  It's the payment page you actually click on that actually takes you to paypal. For the subscription signup system that page is called "paypal1.asp"


You'll want to go through the process starting with the default.asp of the signup folder untill you get to that page. Then you want to look at the html source of that page in Internet Explorer. Your looking for something like this in the source code and you want to make sure it is valid.

<input type="hidden" name="notify_url" value=http://www.mysite.com/aspprotect/paypal_sub_signup/ipn.asp>

It also has to a url on the internet that paypals server can see. It can not be a local url for your machine. Also: If it is not valid we can try hard coding it.


If all of these things are good I'll have to take a look. I have some text file logging I can do when paypal hits your IPN url that can tell us if it is actually hitting that page like it is supposed to. And I can test the system for you by making some 1 cent payments using my own paypal account until we find out what is going wrong.

I have activated both activity and log files. The directories exist on my server and don't give any errors.

When I check the activity tab, some times there are a number of items in it.  Other times, there is only my login info.  From what I can see, it is supposed to show the last 50 items of activity at all times.  Am I missing something?

Also, when I click on the log file tab, there is no file or information to see.  Is there something I need to do beyond activating it in the settings area and making sure the directory has write permissions?

Thanks.

I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.

<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then  
 SearchFlag = True
End If
 
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then 
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>

</head>

<body>

My Protected stuff here

</body>

</html>

For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.

Thanks,

Mo

That did the trick. Once again a quick very helpfull reply.

Thanks.

Okay, so I copied the txt file into the export file and tried the import users option and it timed out on me as well. 

Would it be easier to figure out if you were able to look at the iis server?

One last thing..

This is bad

http://www.bones.myftpsite.net/rfamilystuff/pictures/

there are .asp files in there people can run that you dont want people running..

u should delete the asp files in there or turn off directory listing...

take care,

CJW

Hello,

In that version is is not easy to change the values as they were not intended to be edited. You would have to dig through quite a lot of code as those values are hardcoded in quite a few pages. Probably at least 10 or more.

In the pro version there are variables you can change that very easily as that is intended to be easily changed in that version.

nope ,sql server has nothing to do with this

I am talking about the folder pictures are stored in.. it needs modify permissions set for the internet guest account like those articles talk about

check the action for the button in the code... its probably not posting back the the right page which should the same page it is...

I bet ya it is posting to guestbook2 which is the wrong directory... an old mistake I forgot to correct...

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

This is what "John Evans" of CJWSoft has to say on the matter...

"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.

I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.

Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig. 

Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."

In addition to that I just noticed the </href> you have in there.. man that is some scary stuff you came up with.. that may appear to work and make a link but it is not correct. Each link will work but never truly be closed.

That is just not valid proper use of the anchor tag.
You make a link in html like so

<a href = "somepage.htm">somepage.htm</a>
http://www.w3schools.com/tags/tag_a.asp

Then your surrounding each link with <span lang="en-us"> </span>
Not sure why ?

I'll try to help when I get back tues night,, see the contact page for info on where I am .
http://www.cjwsoft.com/contact/default.asp?Subject=CJWSoft+G eneral+Inquiry

Hi,

I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working.

I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=49& PN=1

Jeromy, You should have access to that page.