How do I recover or reset admin password used for the aspprotected pages. I have installed it months and months ago, but now can not recall the password. Any help appreciated, as I do not feel like installing it again.

Hi, its just not something i can suppport as I do not support custmizations to the code epecially when dealing with an image component that is not supported by the application.

Sorry, its something you have to figure out. Bascially I would suggest looking at the existing asp image resizing code and using that as a guide.

Have you considered just buying a license of ASPImage and asking the host if they will install it after you purchase it. It sounds like it may save you a lot of time.

If you are ever looking for a good host for ASP. www.alentus.com is one of the best. There 9.95 plan gives you access to 3000.00 of commercial quaility asp components also which is nice.

humm, I dont know then..

If you want PM me your site info and I will go in and troubleshoot.

Frontpage or frontpage access, either way

and also the site URL

Upgrade from V6 to v7.x with an MSACCESS DATABASE

1st of all, backup your existing ASPProtect files and database before performing this upgrade. Please be really careful while performing this upgrade. Version 7.x  is a highly advanced application compared to any previous versions. CJWSoft under no circumstances is responsible if you lose information or have website downtime.

BOTTOM LINE: (PERFORM THIS UPGRADE AT YOUR OWN RISK)

To do this upgrade you're going to need to have the Microsoft Access Application.
To work with an Access .mdb file it can not be newer than the version of Microsoft Access you are running.

That being said, on with the upgrade..

Open you're existing Acccess Database up in Microsoft Access..
You should see this something like this.



By right clicking on then choosing rename
Rename "Users" to "ASPP_Users"
Rename "Groups" to "ASPP_Groups"

If you do not have a "Groups" table do not worry about it right now.

Now right click and DELETE the Config Table.
Yes, delete it..

You should now see this. (with or without the "Groups" table)



Now, right click on "ASPP_Users" and go into design view.
It should look like this.


Rename the "Password" field to "Old_Password"
Be sure to spell it perfectly using the Underscore
It will look like this.


Now scroll down to the bottom a bit It should look like this.



Now..

If you have a "Groups" Field... leave it alone
If you do not have a "Groups" Field add one and make it a memo field.

Now, we are going to add a few more new fields.

Add a field called "Redirection_URL" make it a "text" field with 150 field size
Add a field called "PayPal_Subscriber_ID" make it a "text" field with 100 field size
Add a field called "Newsletter" and make it a yes/no field
Add a field called "Password" and make it a "text" field with 100 field size

It should now look like this.
(you do not need to worry about the field descriptions.. that part is optional and only seen when working on the database)



Now close that window and save the changes..

Your now going to open up another Access Database while still leaving the one you have on your screen open. You going to open up one of the new databases that came with v7.x. This database has some info we are simply going to copy and paste.

You'll want to open it and put it side by side on your desktop like so.
(the old database is on the left.. the new one is on the right)



Now, for the fun part.

On the new database to the right.. right click on the "ASPP_Config" table and pick "Copy"

Then move your mouse over to the old database on the left. Right click in the open white area and click "paste"

It will ask you for a database name. Type in "ASPP_Config"
Leave "Structure and Data" checked and hit OK

Your old database on the left should now have a nice new "ASPP_Config" table.

OK, now for the "ASPP_Groups" table

If you already have a "ASPP_Groups" table in your old database you are done.

If you do not have one your going to copy and paste the table from the New Database to your old database just like we just did with the "ASPP_config" table.

Your old database should now look like this.



Now, you are done upgrading your database from within Microsoft Access.

The existing passwords still have to be encrytped and moved from the "Old_Password" to the "Password" field

To that we have a special page we run in the application that will take care of that.

So, for now... go install the application, but using the database we just created.
Follow these instructions for the most part...
http://support.cjwsoft.com/forum/forum_posts.asp?TID=181& ; ;PN=1

When you get to the part where you finally get into the admin area and need to make an admin account you will notice that your existing user database is there but none of the users have passwords if you look at them in the edit screen.

That is normal. Simply do what the instructions say and create and admin account using a username that does not exist..

Then log off... then back in as that new admin account. If that works you are ready to convert the passwords.

This part is very easy.

You want to run a special page via the browser.

http://www.mysite.com/password_admin/convert_to_encrypted.asp

Replacing the part in blue with your website info.

Once you get the page running you will see a login prompt and one form field just like before with the "get_me_in.asp" page

You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.

If all goes well you will see a page telling you to click here to encrypt the passwords and copy them over.

So do what it says... dont click more than once and wait.

Eventually it should say it is finished. So go log in to the admin area of the system using the new admin account.

Now edit some users but dont save... you want to see if the passwords are showing up. If they are the conversion worked. If you see nothing or a garbled mess it did not work and you made a mistake during this whole process.

If things went well backup and delete the conversion file below.

http://www.mysite.com/password_admin/convert_to_encrypted.asp

You do not need it anymore.

Once you are positive every thing is running smoothly and everyone's passwords are ok you can go in and delete the "Old_Password" field as well.



If things didnt go well.. try again from scratch and go slowly.
If they still dont go well get ahold of us for help.

We are here to help, but if you really want us to we can be hired to do the conversion.

Yeah sorry you are right. It works for me

http://www.rottys.net/gallery/default.asp?CatLevel=2&Cat 1_ID=5

It a generic error that means something is wrong with your data connection.

http://support.cjwsoft.com/code/moreinfo27-1.htm

http://support.cjwsoft.com/code/moreinfo136-1.htm

This article from my old powerasp.com site explains what Server.MapPath is and also why you can't use it to specify the data connection in any of the CJWSoft applications.

Use ASP to determine the Physical Path Of Your Virtual Website

As this article mentions you can still use it to determine the path, but you can't use it in our data connection strings because the data connection page is an include file and server.mappath will report back different paths for the different directories....... meaning it will work in one directory level but not another as the path will be different.

More Info in Case Anyone is Interested:

This bug was mentioned by a couple people. The cause of it was never really understood until I recently re-wrote some of the banner code for an upcoming version.

The fix for this bug was very simple. It was just one of those weird situations where code should have worked but did not. I added some code to do it a bit differently and it worked as it should have..

It really still makes no sense to me why it didnt work the way it was, but at least there is a fix.

also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.

etc etc etc

so let me add this bit of info..

I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.

When I designed the system I never really intended people to type in long descriptions for pictures

and if they did I assumed they would use the enter key once in while..

but I guess people dont do that

This thread is along the same lines and shows what someone else did about this..

http://support.cjwsoft.com/code/moreinfo99-1.htm

though they are talking about a different page its the same issue

It appears there is an auto logout after inactivity for a period of time.  How does one change the default time allowed for inactivity?

thx

The only other thing I can think of if you are not getting any errors.

Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.

You can do a simple test to tell if it is...

Make a simple ".asp" page in the same folder.

Put only this code in it.

<% Response.Write ("ASP is executing") %>

then run the page via the web browser thru the server..

If the text prints out ASP is running... if you don't see anything it is not

Is there a limit to how many access levels the program has?  We were thinking of having a different access level for each client that logs on our site so we can customize their web experience.  We see 6 in one place of the program, 8 in another, but is there any reason why we couldn't make 100 more?

Thanks again for the help!

I am trying to find out where I can enter the ttle for the application.

There is a variableor field called App_Name into which it would be good to insert a generic name. Can this be edited?

I have searched high and low but cannot find anything to do with it.

I just upgraded from 6.0 to 7.0 primarily because we were limited in the choices of email systems we could use to send an email validation message.

Previously, with 6.0, we were using CDONTS to send an email validation message to new registrants. Unfortunately, AOL email addressee's were not receiving the vaildation email from us. I received a reply to another post I made on this forum that the problem was due to the fact that aCDONTS generated email has no MX record and AOL blocks non-MX record containing emails.

Well, I upgraded to 7.0, switched to CDOSYS (Using SMTP Virtual Server) with SMTP Authentication and it appears that AOL is still blocking the validation email.

Any suggestions, comments?

that's they way it should be done..

the only other thing would have been to test everything with sql before trying to import any data.. and make sure all was fine at that stage




more info on the errors would be helpful.

Id' also carefully visually compare the SQL tables and fields with the SQL scripts and make sure all field types and settings got set correctly.

Also, make sure the user accessign the database has datareader and datawriter permissions of course.

Of course ASP.NET is and HAS been installed. I have been running asp.net scripts for years on it. I am not new to asp.net nor setting up the server or anything. ASP.NET is properly installed and works perfectly.

You are missing the fact i mentioned it is a DOMAIN CONTROLLER.

I have come across MANY articles ONLINE via GOOGLE that mention if it is a domain controller, for some reason the aspnet account is not there or gets deleted.

IN ITS PLACE GOES THE IIS_WPG ACCOUNT. IS YOUR SOFTWARE NOT COMPATIBLE WITH THIS ACCOUNT?

Is it possible to run ASP.NET scripts without ASP.NET not being installed? Because I have been running asp.net pages without any problem.

I am trying to import a file, and I get this error:

Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/aspprotect/password_admin/upload_post.asp, line 6

If Session("Admin") <> "True"
-----------------------------^

Any suggestions on how to fix it?

Thank you.

I had both ASP Listings & Classified on the same website.  The categories seem to be getting mixed up. I removed ASP Classified but classfieds categories is still appearing in the student of ASP Listing.

How do I fix this?

Thanks

You are not supposed to use "../" with a virtual include

Thats goes against what a virtual include is and makes no sense.
When using a virtual include you give the path as if accessing from the root of the main web / virtual directory

I find it very hard to believe it ever worked like that and if it ever did it was wrong.

I think its great to share a mod.

I will have  few with the new album.

ASPProtect v7.x has a new feature called groups.

Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customer that was using them.

A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.



Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.

For example..

You make 8 groups and assign users to them accordingly

Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any one of those groups would have access..

Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  2-8 would have access..

Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  3-8 would have access..

and so on... I think you should get the picture by now

whether you use SSL or not really does not effect aspprotect in any way

I say, the smart thing to do there is too not start them off at a http:// url

one way to do it is put a simple ASP redirect on that default page and send them to an SSL version of the page instead...

http://www.powerasp.com/content/code-snippets/redirects.asp

another way would be not start them off on a protected page right off the bat and offer links to the the protected area...

in my opinion thats pretty odd to be starting them off on a protected page anyway
SLL maybe, but protected right from the time they hit the default page of the site.. thats just odd.. usually you want o say a little something about the site your at and then link people to protected areas or give them a login form which posts to a protected area.


Regardless if you always want users at your site under https:// you should have code on every single page in your site checking the url info at every page load. Then if someone ever hits a page and is not using the https://  you can do something about it like redirect them to the SSL home poge or redirect to that same page but with the https:// in the url..

ok,

when you say "we have set up to use the Subscription services exclusively for all new members "

I am sorry to have to ask this again but what does that mean exactly ?

how was that accomplished ?

The reason I say this is because when a subscription is created by a user through the normal channels.. meaning they went to the paypal subscription directory and either started a new account or found their old one to start a subscription with.. either way the PayPal Subscripber ID that paypal assigns is added to the database for that user and the expiration date is set to null.

Now, that being said the function that sends expiration emails to users will NEVER send an expiration to a user that has info in their PayPal Subscriber Field in the database. I just double checked that.

So that is where I am confused ? How did all these users get set up to use subscriptions and not have the PayPal Subscriber ID field popluated in the database ?

Seems to me the only way this could happen is if you set some stuff up manually and the PayPal Subscriber ID for each user never got put in the database. That and the expiration date didnt get set to null.

Again, I am sorry to keep asking this but it just seems to me that something else must be going on that I am not clear on regarding how you upgraded these people to use subscriptions.

In the end I think the answer may be to manually make sure each old user now using subscriptions has their PayPal Subscription ID set in the database as well as their expiration date from before set to null.

ALL FIXED.. tested with real paypal accounts and a live system
works perfectly

THIS FIX IS ONLY FOR PAYPAL SUBSCRIPTIONS

Download this file "ipn.asp" and put it in the "paypal_sub_signup" folder
2005-03-10_164645_aspprotect_subscription_fix.zip

Basically somehow an older version of the this file was in the original download archive.

I am VERY SORRY

Anyone who purchased ASPProtect 7 before March 11, 2005 should download this fix.

Hi

I have purchased the Standard version about a week ago. Its a great script.

I have been able to select  uploaded banners from day one... but just now i dont seem to be able to select...

i know its hard for you to trouble shoot with such little information.. but i had to ask..

Should i maybe upload the site again ( but same the database first)?

regards

Domenic

Sydney, Australia

We want to insert a hyperlink i the mesage area when we e-mail users from the Password Admin area.  Is ther an easy way to insert the hyperlink so when the user gets the e-mail, they can just click on it and go the the page we want them to?

Thanks,

Andy

ok, I moved this thread..

The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.

The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)

That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing. 

Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.

Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"

change

Password = CmdDataExport("Password")

to

Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)

Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.

all I can say is try other things...  like

mail.yoursite.com

or

smtp.yoursite.com

etc etc etc

replacing yoursite with the name of your domain of course


the settings for sending email via ASP are no different then the settings you would use in outlook or something... except sometimes on the server level localhost works as the email server because they set it up to allow that

and of course those 3rd party emailing components need to actually be installed on the server

ya,

any variation of a site url is going to have its own set of application and session variables.. soy you have to be consistant with your navigation links

example (for anyone that comes across this thread)

http://www.examplesite.com/somepage.asp

is going to have a different set of application and session variables then

http://examplesite.com/somepage.asp

even though they are basically the same page

I'm getting this error when I try to login:

 Active Server Pages error 'ASP 0131'

Disallowed Parent Path

/gallery/users/login.asp, line 19

The Include file '..dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

i've got a client who has handed me a 151 character banner URL, and i see that the database is designed to take 150 characters. i took the obvious step of just increasing the size of that text field in the database, but i still get this error when i try to enter the URL in the proper form field:

Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done.

/banners/aspbanner/save_banner.asp, line 200

now, line 200 is just this:

If Banner_Link_URL = "" THEN
 CmdEditBanner.Fields("Banner_Link_URL") = NULL
Else
 CmdEditBanner.Fields("Banner_Link_URL") = Banner_Link_URL
End If

which tells me that something is blocking the assignment of that long value to that field, even though i believed i had extended the length of that field in the source database.

where else might i look?