You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp

You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.

If it is 2 directories down it should probably look different..

example:)   "../../checkuser_inc.asp"

It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.

Also..

The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.

Lasty…. If you are logged in at the time

Whether your current session at the site is still active… or you have the cookie set to remember you.

Well, nothing will happen… cause your already logged in and you will just see the page as normal.

Perhaps things are working and you just don’t understand that part ?

You need to go to the log off page.. log off… then close all instances of the web browser windows..

Then come back to the site… then see if it prompts you to log in.

in the version you have changing it is not something we covered

I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes

Chris -

Long time no talk, which is a good thing.  I have purchased another product from you, ASPVendor.  I am running into an issues.

When I try and remove the image through the image manager, it does not remove it.  Screen shot attached.

2005-10-19_194248_image_upload.zip

Thanks

The pages in the ASProtect Full version that have emailing code in them are as follows.

password_admin/email_user.asp

password_admin/send_mass_email.asp

users/add_new_account.asp

users/email_password.asp

Has any one used the aspmail function to send emails from within your site? If so what did you use as the AspMail_Host string in the connections database?

thank you

Christopher

Found this but I dont really know what to do with it or even if its the right thing.

<%
'=========================================================== ==================='

' Application:     Utiity Function
' Author:          ; John Gardner
' Date:         & nbsp;  20th December 2004
' Description:     Used to check the validity of a postcode
' QueryString:     None
' Version:         V1.0

' Required routines:        &nb sp; None
                    
'----------------------------------------------------------- -------------------'

function Check_Postcode (byRef strPostcode)

' This routine checks the value of the form element specified by the parameter
' for a valid postcode.

' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf

' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.

  Dim strPostcodeRegExp(2)   ' holds the regular expressions for valid postcodes
  Dim intCount        &nbs p;      ' For loop counter
  Dim strPostcodeCopy        ' Copy of postcode
 
  ' Variables used to hold regular expression object  
  Dim objRegExp, objMatches, objMatch
 
  ' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
  strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"

  ' Expression for postcodes: ANA NAA, and AANA  NAA
  strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
 
  ' Exception for the special postcode GIR 0AA
  strPostcodeRegExp(2) = "^(gir)(0aa)$"

  ' Copy the parameter and convert into lowercase
  strPostcodeCopy = Lcase(strPostCode)
 
  ' Assume we're not going to find a valid postcode
  Check_Postcode = false
 
  ' Strip out spaces
  strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
  Check_Postcode = False
 
  Set objRegExp = New RegExp
 
  ' Check the string against valid types of post codes
  For intCount = 0 to Ubound(strPostCodeRegExp)
 
    ' Check next pattern in list
    objRegExp.Pattern =  strPostcodeRegExp(intCount)
    If objRegExp.Test (strPostcodeCopy) Then
   
      ' Post code found. Ensure input parameter is in correct format.
      Set objMatches = objRegExp.Execute (strPostcodeCopy)
      Set objMatch = objMatches(0)
      strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " &  Ucase (objMatch.subMatches (1))
     
      ' Show that we have found the postcode
      Check_Postcode = True
    End if
  Next
 
  ' Ensure that the uppercase postcode gets returned if valid
  If Check_Postcode Then strPostcode = strPostcodeCopy
 
End Function
%>

regards

John

If you still cant see the upload buttons after checking the settings send me a PM with the info and I will take a look at your installation. It will have to be up on a live server of course.

Hi,

I wanted to see if you had any suggestions for converting from Access to SQL sever database. I attempted this earlier today performing the following steps.

1) Create SQL Tables using Enterprise Manager / SQL Scripts
2) Use DTS to move all of the existing table data to the sql tables.
3) Update dataconn_inc.asp to use SQL and the required connection string.

When these steps were complete I was able to login to ASPProtect as an admin and search / find both groups and users. However, any attempt to edit or create users resulted in a "the page ... had a problem ... " type problem. It seems that I can read from the db fine but and getting errors writing to the tables. The user id that is being used to connect to the db is the [dbo].

Any additional hints for this procedure?

Thanks

Darrell

Ok nevermind that... i got by that wasn't paying attention...

The problem is even before this which i didn't know until now.

I placed the protect tag in a page i called members.aspx

When i go to this page is says ACCESS DENIED etc etc etc.

When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:

Server Error in '/MAP' Application.

---

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /map/users/aspprotectlogin.aspx

btw it says /map because that is the subfolder within the root folder

I've got an ecommerce module that's running on it that uses access for the db.  Connecting into that thing is slow as well, but I figured that's because of the complications and volume it handles.

So as far as importing on a faster machine and copying it over to the server...what suggestions do you have?

really all depends on the sql connection string you are using and the names of your sql user you are using...

you really havent described very much..

I'd double check all of it.. something is wrong

I just added this line to the paypal1.asp page

<input type="hidden" name="currency_code" value="CAD">

and it worked.  Clearly other values can be entered for other currencies.  Everything was listed in this manual https://www.paypal.com/en_US/pdf/subscriptions.pdf.

Cheers
Roy

  Much thanks, the duplicate incl's I spaced on and should have caught.  The hidden form variable was a key issue.  Thanks for the syntax and the help.  Now I get this page together. j  As a note - I got faster results by dropping my timeout to 3 minutes temporarily while progging and cleared browser cache between tests.  Thanks again.

thanks.. it was not taken as a complaint.
I just wanted to explain

When you said you tried using the web version of sql manager. Did you use the microsoft one I link to here "just curious"

http://support.cjwsoft.com/code/moreinfo127-1.htm

Whenever you are running software that can block scripts from certain things you are going to have issues like this.

I imagine many complex asp scripts you will download will do things like this as well.

A highly doubt it is anything to worry about regarding people that use your site.

ASP code delivers standard html to the browser... nothing weird goes on as far as that goes.

This system has been sold for 6 years and this is just not something to worry about. Trust me.. though you may want to tone down black ice so it doesn't give you issues as it tries to block various things.

If I were you I would do some google searches on black ice and issues with it blocking asp scripts.. etc etc

Now, if you are running black ice right on the server that a whole other story and something you as a server admin need to decide what to do about. I doubt that is the case as black ice is not probably suitable for a commercial webserver but I just thought I would throw that out there.

It turns out that I never enabled ASP.net on the site. After doing that the skins work much better. I'll have to poke around and see what other functionality is now available.

Thanks!

Al

Line 409:
Line 410:
Line 411:		<authentication mode="Forms">
Line 412:			
Line 413:			<!-- DO NOT CHANGE UNLESS INSTRUCTED TO DO SO -->

In addition to that I just noticed the </href> you have in there.. man that is some scary stuff you came up with.. that may appear to work and make a link but it is not correct. Each link will work but never truly be closed.

That is just not valid proper use of the anchor tag.
You make a link in html like so

<a href = "somepage.htm">somepage.htm</a>
http://www.w3schools.com/tags/tag_a.asp

Then your surrounding each link with <span lang="en-us"> </span>
Not sure why ?

if that account isnt there thats normal because if it doesn't have any permissions for that folder so it wouldnt be listed

you simply dig into the menus a liitle deaper and find it then add it.

I've encountered another problem.  When i edit the link for existing banners and save it, the banner reverts to the old link instead of the new one.

The directory where the the database is located to rwed so the permissions is not a problem.

Any advice?

Thanks

I'd say that the vendor is right so I've submitted a work order to
create the *****.com/aspnetprotect directory as an application.
If there are any other directories for which this needs to be done,
please let us know. This particular task always needs to be performed
by our staff.


If you need to follow up on this job with one of our on-line or phone
technicians, you can reference ticket id 11860.

With regards

no, its part the concurrent login checking system.

currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)

when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over

sorry

as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional.

Hi Chris,

We installed our key onto the live server.

However, since our temp key has expired, we can't access our application on our development machine because the login won't work anywhere except on the live server.

Of course we can access the application on dev, if we remove the aspprotect tags, but if we need to log in to do something unique to the user, then we have a problem.

Can we get another temp key from you? And would there be a better long term solution to this debug/maintanence issue?

--JP

whether you use SSL or not really does not effect aspprotect in any way

I say, the smart thing to do there is too not start them off at a http:// url

one way to do it is put a simple ASP redirect on that default page and send them to an SSL version of the page instead...

http://www.powerasp.com/content/code-snippets/redirects.asp

another way would be not start them off on a protected page right off the bat and offer links to the the protected area...

in my opinion thats pretty odd to be starting them off on a protected page anyway
SLL maybe, but protected right from the time they hit the default page of the site.. thats just odd.. usually you want o say a little something about the site your at and then link people to protected areas or give them a login form which posts to a protected area.


Regardless if you always want users at your site under https:// you should have code on every single page in your site checking the url info at every page load. Then if someone ever hits a page and is not using the https://  you can do something about it like redirect them to the SSL home poge or redirect to that same page but with the https:// in the url..

that wont work the way you did it because groups are not stored like like.

groups are stored "*1*"
or "*1*,*9,*"

so if you test for them you must do so using the InStr function of vbscript

example:

If InStr(Session("Groups"),"*1*") Then
    ' do whatever
End If

also.. as for the session variable
it should be    Session("Groups")

And in Version 6.... (its all ready to go in version 7) that session variable must be saved in the check_user_inc.asp file near where all the others are saved. If it is not there by default "I dont remember if it is or not" you have to add it like so near where all the others are saved

Session("Groups") = CmdCheckUser("Groups")

If you are wondering if it is being saved correctly you can always response.write out the Session("Groups") to see if it holds a value