It is refered to as the internet guest account but that isn't the actual username. The username is different for every machine. It usually starts off with "IUSR_" and then your machine name. "Internet Guest Account" is always the account's full name as labeled by IIS when it is installed.

Regardless,

If an account isn't listed you have to add it.

Click (add-advanced-find now) and it will list off all the user accounts on the machine

You can also click (add-advanced) and simply type in the account name or part of it.

Some more tips:

If on a local machine you always just give the "everyone" account full control which is pretty much going to make anything work.

You can also go to computer management in your server's administrative tools and view all of the accounts  and groups there under "Local Users and Groups".

ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..

This comes with the system as an example folder with some files in it.

Basically we protect the image in 2 ways.

All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.

For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.

Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41

This is what "John Evans" of CJWSoft has to say on the matter...

"I think that’s pretty much impossible. If the server sees a .JPG or .JPEG extension why in the world would it go and try to read it or do anything with it.

I believe there may have been some issues with Outlook and Outlook express that made it look like a vbs script sent as an attachment was actually a JPG because someone found an exploit in those programs and it would appear as if double extension files were one thing when in fact they were not.

Having a real time virus scanner on the server (which any good host will) should also catch anything infected being built on the server drives as the file uploads. Always worked for me and I had a lot of people uploading ZIP files on winxptheme.com at one point. Many had viruses in them although I suspect it was totally innocent on the end users part. Some people didn’t even know they had a virus on their rig. 

Fact is anything is possible but I think chances of getting a virus or being hacked in some way from this sort of upload are really slim."

Cool.

Well I'm in the middle of uploading the txt file and it's about half way done and sitting there...so I'm keeping my fingers crossed.

Christopher

Found this but I dont really know what to do with it or even if its the right thing.

<%
'=========================================================== ==================='

' Application:     Utiity Function
' Author:          ; John Gardner
' Date:         & nbsp;  20th December 2004
' Description:     Used to check the validity of a postcode
' QueryString:     None
' Version:         V1.0

' Required routines:        &nb sp; None
                    
'----------------------------------------------------------- -------------------'

function Check_Postcode (byRef strPostcode)

' This routine checks the value of the form element specified by the parameter
' for a valid postcode.

' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf

' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.

  Dim strPostcodeRegExp(2)   ' holds the regular expressions for valid postcodes
  Dim intCount        &nbs p;      ' For loop counter
  Dim strPostcodeCopy        ' Copy of postcode
 
  ' Variables used to hold regular expression object  
  Dim objRegExp, objMatches, objMatch
 
  ' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
  strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"

  ' Expression for postcodes: ANA NAA, and AANA  NAA
  strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
 
  ' Exception for the special postcode GIR 0AA
  strPostcodeRegExp(2) = "^(gir)(0aa)$"

  ' Copy the parameter and convert into lowercase
  strPostcodeCopy = Lcase(strPostCode)
 
  ' Assume we're not going to find a valid postcode
  Check_Postcode = false
 
  ' Strip out spaces
  strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
  Check_Postcode = False
 
  Set objRegExp = New RegExp
 
  ' Check the string against valid types of post codes
  For intCount = 0 to Ubound(strPostCodeRegExp)
 
    ' Check next pattern in list
    objRegExp.Pattern =  strPostcodeRegExp(intCount)
    If objRegExp.Test (strPostcodeCopy) Then
   
      ' Post code found. Ensure input parameter is in correct format.
      Set objMatches = objRegExp.Execute (strPostcodeCopy)
      Set objMatch = objMatches(0)
      strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " &  Ucase (objMatch.subMatches (1))
     
      ' Show that we have found the postcode
      Check_Postcode = True
    End if
  Next
 
  ' Ensure that the uppercase postcode gets returned if valid
  If Check_Postcode Then strPostcode = strPostcodeCopy
 
End Function
%>

regards

John

A very common and extremely bothersome error encountered when running ASP apps that connect to a database is the "80004005" error. It comes in many varieties.

These articles cover it.


(an article I wrote)
http://www.powerasp.com/content/hintstips/permissions.asp

(more articles)
http://www.aspfaq.com/show.asp?id=2009

http://support.microsoft.com/default.aspx?scid=kb;en-us;3065 18

http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=115

http://www.macromedia.com/support/ultradev/ts/documents/8004 005_cannot_open_unknown.htm

               Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile.  It could be due to the fact that the rest of the project is in C#.  Or it could be due to some other factor in ASP Protect.

Some users have reported an error during the registration process.
Here is what I believe is happening.

When you register you get sent a validation email that has a link in it that looks something like this.

http://support.cjwsoft.com/forum//activate.asp?ID=testAD3AD2 97BC

That link can only be clicked on once which will activate your account.

If you somehow run that link more than once you will get a message telling you there was an error.


I think some people are double clicking on the link they get sent and running it more than once.... or clicking on it again after registration is complete. It probably happens very fast so they never see the success screen.

Either way, if you can login to the forum nothing is wrong and you are already activated.

all I can say is try other things...  like

mail.yoursite.com

or

smtp.yoursite.com

etc etc etc

replacing yoursite with the name of your domain of course


the settings for sending email via ASP are no different then the settings you would use in outlook or something... except sometimes on the server level localhost works as the email server because they set it up to allow that

and of course those 3rd party emailing components need to actually be installed on the server

It really means just what it says. Your connection string is just not valid and the sql server speicifed can not be reached. The username and password could also be invalid. Since you already had a database set up you should use the same username and password you have always been using. You also need to use the same database name you have always been using. Without actually knowing more and seeing what you are doing it is pretty hard to tell you anymore than that.

The directions and sql scripts given are for setting up a new sql database. Applying them to an existing sql database requires a slightly different approach. Modificiations to the SQL scripts elimintating references to the usernames/password/database we suggest in the scripts is also a good idea.

A data connection is a low level as it gets. Until you get that working you are really not even touching any of the code in the ASPListings application.

If you want I have no problem going into your sql server and web and setting up for you correctly.

I appreciate the offer to beta test... but its really more a matter of me getting it ready..

I have a lot done.. but a lot of things are hard coded to only work on my machine and some things have not been sorted out. Giving it to someone else to test would be a waste of time at this point as I they probably couldn’t even run it.

Lately the reason this project has fallen behind has all to do with my main webserver where I collocate.

1st it got compromised (we think by certain competitors who are always up to no good)... then windows 2003 server which I decided to go with on the new server gave me random problems... then the Cisco hardware firewall was acting up and making the sites run slow....then SQL server attacks on port 1433 from Korea when I took the firewall down....and as of the last few days I think the server just needs a new power supply. I swear for the last 2 months I have spent more time administrating my servers than working on code. Yesterday it was locking up every 30 minutes. There have been a lot of days like that and it takes up all my time until I get it situated.  Especially since its over 100 miles to the collocation center. The APC unit I installed that allows me to remotely cut the power to hard reboot is a life saver.

Fun... I tell ya... and expensive.. (hardware, software, lost sales, and time) I am pretty much completely broke at the moment. It has been a very expensive few months.

But I like running my own servers... I run dns servers, email servers, sql servers, web servers.. I do it all. It's keeps me in touch with the latest software/hardware. Regardless , my servers ran well for years and they will again.


anyway.. hopefully I can actually get a new version of the photo gallery out before the month is over. It will probably be the last classic asp version. The version after that will most likely be ASP.net.

Can I have the logon be in a top frame while having the protected pages displayed in a main frame?

Using frames with forms based authentication is not the best thing to be doing. Your much better off not using frames and using includes files to do a virtual frames sort of thing (search google) but if you are going to use frames I would suggest password protecting the frameset page as well as any pages it contains.

If you want to have a login form in a non protected top frame all the time.. that posts to a lower frame that is password protected.. you would do this
http://support.cjwsoft.com/code/moreinfo169-1.htm
but change the target of the form to one of your frames

personally though I think that would be a somewhat goofy setup to have going on


Also, how will it behave if a user moves in between a protected page to a public page and back to the protected page again?

As long as they have cookies enabled which is required for session variables to work... then you will have no issues because once they come back to a page they have permission to they will just be allowed in without login.. at least while that session is still active.. or for a longer time if they choose the remeber me option which keeps track of them with a cookie .

Really, the best thing to do is expirment and see how things behave.

Thought that was already done....

Back to the drawing board...

It does not matter what directory name the ASPProtect files and folders are in but you cant go moving around critical file and folders like it appears you did nor is there any reason to.

All that is is saying is that the users folder, the password_admin folder, the scripts folder, the check_user_inc.asp file, and all the other files and folders that come with the system can be in any directory name as a whole.... but that doesn't mean you can go messing around with the files and folders in that directory.

I assure you 100's of users do not use "aspprotect" as the main folder name and they have no issues doing so.

Regardless, you need to explain in much clearer detail exactly what you did and what paths you used and what is where.  At this point I really do not know what is you did as your post was not clear to me.

You should also check that you have entered correct path info in the admin settings page area. The register page is one of the paths that geths set there.

Testing for XML Parser Support

the microsoft xml parser is generally installed by default on all new server setups..

It allows ASP code to make calls to other pages anywhere on the new as well as a lot of other handy things..

download and run this ".asp" page to verfiy that it is installed and be sure it is available for you to use

2004-12-10_132620_test_xmlparser.zip

Make sure you run it from your web server through the web browser

Hello

I have a strange problem with the thumbnails in the ASPClassifieds.
If i upload some pictures in an ad, the 2nd picture always shows with an x, as the picture doesn´t exists. But if i click on the 2nd thumbnail, the picture shows okay. I haven´t changed enything from the original code.
Does anyone have any idea, where it goes wrong ?

With best regards, Erling Larsen

My ISP uses ASPSmartMail. The email confirmation works except when I try to register an AOL user the server returns an error 500.

Just wanted to let you know that after modifying the remote host string in the email pages and getting the correct connection from my server, everything is running fine.

I hope you enjoyed your vacation.

thank you
adam

FYI:

The articles you references were read over by me like 3 hours ago... way passed that and prob. in deeper sh*t than i was since im trying everything possible without knowing the true reason this is not working.

You would set the groups during users signup the same way you would do the expiration in the following example.

http://support.cjwsoft.com/code/moreinfo170-1.htm

The groups field need to be set the exact same way it would look like in the database of course

So, if a user was part of groups 1, and 2

You would look in the database and see this in the groups fields for that user

*1*,*2*

so in the signup code you set that like so

CmdAddUser.Fields("Groups") = "*1*,*2*"

This info only applies to resgitrations and signups using the "users" folder.
if you wanted to make different sceanrios you would need to carefully make a copy of the users folder and adjust it accordingly

It appears there is an auto logout after inactivity for a period of time.  How does one change the default time allowed for inactivity?

thx

well, I was curious myself so I just tried it.

Good news is it worked just as I thought.

Only problem is your changing things to allow authentication info to be passed over the net in a url. If you can live with the security implications then it will work. I mean a sniffer could see that and end up knowing the username and password.. not likely but just putting that out there.

Of course now that I think about it unless you are running under SSL (https://) when you log in normally that info is in the post info anyway and possible to get at.. course not right out in the open like when you put it in the url and less likely to be noticed.

As long as your not doing it to access critical areas like the admin pages... and you monitor the log files once in a while it's probably nothing to worry about.

(User Search & Contact Mod) for ASPProtect Version 7.x

This will allow an individual user to search for other users as well as email or call them.

Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.

Directions:
Back up your existing ASPProtect installation.

copy "search.asp" into your "users" folder

2006-03-10_143253_User_Search_Contact_Mod.zip

Direct your users there. They will have to be logged in to view the page.

WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.

Chris -

I am encountering a problem with items showing up.  When I click on a category and then select an item to view I get

THIS ITEM IS NO LONGER ACTIVE
DO NOT CONTACT THIS USER AS THIS ITEM HAS BEEN TURNED OFF
OR THE USER HAS SOLD THE ITEM.

I have verified the item has the item_active check.  For giggles, I even unchecked with the same results.

Thoughts?

After understanding how the count works i checked the IP in the db.  They are all set to the same IP (my web server) no matter what ip is doing the viewing.  This is probably due to my ISA2004 firewall that is posting the ip address of the web server with each log on.  So, can you help me with where the code would be to modify so the db does not get updated?  I risk the refresh problem, don't think it is an issue with me.

Thanks,

Is there an easy way to make this work with reoccurring a monthly or yearly subscription?