That’s about all I can tell you. It's just not something I support.

I am getting the same error looking at the previous post, I looked in settings and my Registration-URL is pointing at the correct location.

Is there any other thoughts on this issue

Thank you!

Matt2112

It probably is. You would have to look at the paypal documentation for IPN and see what needs to be changed in the form code.

You can get all that info from PayPal's website.

There are tons of variables and options you can use with all of their code.
They have detailed PDF files full of information on all of them.

               Also, I’ve been trying to modify the code to adapt it for our application -- by removing fields that we do not need such as address, city, state, phone, but I am having trouble getting visual studio to compile.  It could be due to the fact that the rest of the project is in C#.  Or it could be due to some other factor in ASP Protect.

Just wanted to say how much I like the program! I hunted for days and finally purchased a Perl based product. After several days of goofing with it I gave up. ASPPhoto worked right on first install!!!!

Way to go!

I have set up a user to be redirected to a different page when logging in for the first time.

I assumed this function would count the number of times a user has logged in. When the login count was greater than 1, the user would be taken to the default.asp 

This isn't happening. The user is always redirected.  The user login count in the database is now 9.

What am I missing?

I downloaded v7 3/7/2005

I entered a password that was supposed to be all caps with only first letter caps. 

it is odd, if I go to other user and enter wrong password that does not come up.  it apprpriately goes to a screen that says Access Denied.

thx

I wonder if this could this be a FrontPage problem. I deleted the skins folder and re-ftp'd the original one that only contains default and Solid Black. I logged in and tried to change it back to default but it won't. I'm going to try making this folder a Frontpage subweb to see if that makes a difference.

Al

Both the NET and Classic ASP versions of this application are designed for fine granularity protection of individual apsx extension files. ASPProtect.NET is not designed or intended to protect sub directories, or non aspx content such as Adobe Acrobat .pdf files etc etc.

I completely disagree with your statement that “most sites” have a login box on the left hand side of the page. I suspect you thinking of the ever popular php based forums and “Nuke” type CMS systems which are set up that way but if you look at any site written entirely using .NET that’s rarely if ever the case. (Granted I cant say for sure because I personally haven’t looked at >50% of the estimated 18 billion +  web pages on the internet) Just off the top of my head www.CafePress.com come to mind as a pure .NET site. If you take a look the login button it takes you to its own login page there is not global login form used throughout the site. Reason being that .NET introduced this thing called a “view state” which is used to store things like your session ID (and way more) and must be posted back to the server in order to keep track of visitors. This technology comes in especially handy when you have a web farm in place and your content is being spit out out by more than one server at the same time

I can think of loads of scenarios where the web servers need to know who you are even though you are never directly contacting them via http. This approach is a very smooth and actually very clever solution for enterprise level websites that simply can’t be handled with a single web server.

 On a practical level I know what you are saying but that application sets up all sorts of things when a protected page is accessed and the user is not yet authenticated. That’s the entire reason you need to put that snippet of code at the top of a page you want to protect. That code snippet calls the ASPProtect.NET class and runs through all the logic to see if you are able to access the page. If you are the subroutine exits and the server continues to process the remaining logic on the page. AKA you are able to access its content. If you are NOT authenticated ASPProtect will setup all the proper session and viewstate info and redirect you to the login page for authentication. You may have also noticed a parameter on the login page called ReturnURL. The application looks for that info and if you do have a user ID and password the application automatically redirects you to the page you were trying to access in the first place.

Really I have no idea what you are trying to do, but there is a world of difference in how something looks verses how it works. Lets just say there was a simple way to do what your thinking, what are you going to do with that login form after the person logs in? Just keep displaying it on the entire site so people get confused and don’t know if they are logged in or not? Just that little part of the equation will require making some changes to either ASPProtect.NET or your application will have to have some logic built into it to stop displaying the login forum.

It sounds to me like your basically looking for a super simple 101 type deal that allows people to sign up for an event and you the admin can see that information? I’m guessing they can also log in again and check out their details and see what event they signed up for?

If that’s the case you’re trying to take a very sophisticated protection application and downgrade it into something that would be one heck of a lot easier to write all from scratch in about an hour.

Your not going to be able to “plug and play” a simple form into a page and turn that application as a magic universal login solution for a website, while its 100% possible to use the application that way if you choose, you need to check out the source code and plan your custom integration accordingly.

It's not working because i guess im copying the viewstate also...and it comes up

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

I have a need for more than the current number of custom fields currently available in the registration form.  Is there a documented method of adding additional fields or am I not able to do so?

Thanks,

Dave

CJWSoft offers a mutually beneficial partnership program for resellers of our Active Server Pages Based Web applications.

The program is very simple.

• You offer our products to your customer's as Ready-to-Run Web Site Applications.
• We sell your company our software at a 50% discount allowing you to re-sell if for the same price we sell it for or slightly higher.
• Your company installs the application in the customer's web site and configures it for the customer.
• Your company is in charge of installation support and general usage issues. We handle other more complex issues as usual.

Each time a customer purchases an application from you, you are required to purchase a license from us.
These must be purchased online via PayPal. You will be give a special password protected URL where these purchases can be made. You are in charge of setting up a system for your customers to purchase the software from you. You are also responsible for purchasing a license from us within 7 days of a license being purchased from you.

Below are the applications currently eligible for the program.
They have been chosen because of their popularity and reliability.
You must resell all three applications below.
The details and pricing of this program may change at any time.

	ASPBanner Standard sells for 99.95 (You pay 49.95) ASPBanner Standard is a high end Banner Rotation system. Web Based Administration for managing the users and banners in the database. Advertisers can monitor online statistical reports via their web browsers.
	ASPProtect Version 6 with Option Pack sells for 99.95 (You pay 49.95) Easily Password Protect any ".asp" page within your web site.  Easily integrates with your current website or project design. Web Based Administration for managing the users in the database.
	ASP Photo Gallery Pro sells for 49.95 (You pay 24.95) ASP Photo Gallery allows anyone to have their very own online photo album. Upload an unlimited amount of albums. Set up categories however you like. Allow others to upload photos. Optional image resizing and thumbnail creation.

We are looking for Web Hosting Companies and ISP's who can sell an average of 2 applications per month.
If you are not a serious company with a professionally done website you need not apply.
We are not looking for mom & pop operations.

To be very clear:
We are looking for experienced ASP Development/Hosting Companies that are serious about being a reseller and ready to go.
We need knowledgeable resellers that are experienced with ASP and will be able to install the application for the customers and handle some of the general installation issues that may come up.

To qualify for the program:

Please send us a brief overview of your company, Website URL, and your expectations for the program. After looking over your information we will get back to you with a response.

Contact us

Additional Info:

Our applications run on NT based servers only with true Microsoft ASP support. They do not run under Chilisoft. Our applications are licensed per website. That means one running installation of the database and scripts. Qualified resellers will be reviewed every quarter to see if they are meeting the 2 application per month quota.

Cool.

Well I'm in the middle of uploading the txt file and it's about half way done and sitting there...so I'm keeping my fingers crossed.

Whein I went by the numbers off of your directions, which work well up to that point, the import would time out.

At that point I tried to import directly into access...and then it hung trying to login.

okay so I've put in a clean database and created a new record for me as admin.

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

I dont know about your error on line 6 when uploading..

as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.

I really need more information and possibly acess to the system to do some troubleshooting...

This is anot a feature anyone has ever had an issue like this with.

Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?

I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?

sure and thats probably what you should do... that pure asp upload thing must not be able to handle the size of your import file... another thing which can very .. also some versions of IIS require registry changes to upload bigger files via asp code alone

I installed the ASPProtect.NET project no problem.  I am using VS.NET 2003 on Windows XP SP2 (and fully patched).  I am able to build the project successfully, however I cannot debug the project.  I get an error "Unable to start debugging on the web server. The project is not configured to be debugged."  The web app runs fine just browsing to it.

I know this is an isolated problem particular to this project.  I have MANY other .NET projects that I can debug without any problems.  I have tried going into IIS and turn on the debugging for server-side script debugging and making sure my IIS application setting were configured correctly.

Can anyone shed any light on this at all?  Christopher, is there any reason I should not be able to debug this?  (i.e. the aspprotectlicense.dll)

Thanks,

K

I have ASPProtect up and running and I was able to log in with little to now problem after following all of the directions. 

I imported my data base of users (approx 5300) into the access db, and now it times out just letting me log in.

I've got full access to the web server to make any changes on that end that I need.

any ideas?

I need to use SQL for other reasons than efficiency.  If I create 2-seperate databases, would there be a lot of code to edit?

Thank you.
Lance

not really, aside from looking in paypal and manually adding each one for each user...

how many users are we talking about anyway ?

and were any of the users new sign ups from scratch because if they were and that field didnt get populated that is weird?

ultimately aspprotect does not use that field. I was just storing it for the sake of storing it... so its not a big deal but I would still like to figure out what is going on

removing the expiration dates from paypal subscripbers will be enough to fix the issue your having about them getting the expiration notifications

you summed it up perfectly... everything you said really

As for the banner software custimizations.. you could just make another folder with a modified admin area (little tweaks here and there so the person logged in only controls their own banners) You'd probably want to add an approval process so nothing they did went live unless you really really trust them. That wouldn't be that hard either.

I always planned to do it someday but I just never have time.

Can ASPClassifieds display the ads by city?

I have a web directory that lists websites and companies by city.  Is it possible to have specific ads shown to the user depending on what city they click on?  For example, only ads in New York would be shown to users that have already clicked on that city in my directory.

thanks,

You might just learn something and actually get your project finished before 2010

your over there hacking away on your virus infested WaReZ machine

LOL thanks for the good laugh-- i guess its time to do some reading and making my own mods to the program..

btw i never insulted cafrepress.. not sure where you got that from- just advised that what they have is exactly what i want to have done. How much for your service?

Yes, you are right.

We have now tested it using the DSN less connection with Access 2002 and it works fine. We have also tested it again with a DSN using 2002 and this also seems to work.

The comment about speed is a consideration although I have not noticed any differences. ( we only have a few database entries at this time).

Thanks for your help

You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp

You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.

If it is 2 directories down it should probably look different..

example:)   "../../checkuser_inc.asp"

It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.

Also..

The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.

Lasty…. If you are logged in at the time

Whether your current session at the site is still active… or you have the cookie set to remember you.

Well, nothing will happen… cause your already logged in and you will just see the page as normal.

Perhaps things are working and you just don’t understand that part ?

You need to go to the log off page.. log off… then close all instances of the web browser windows..

Then come back to the site… then see if it prompts you to log in.

When I add a user, I can not activat it.

What do you have the registration type set to in the settings ?
They wont be activated automatically unless you have "automatically" selected ?

It sends me back to log on and will now allow me to log in as admin???

I am not quite sure I understand ? Seems to me like that would be normal because you can always log in as the admin at any time. If you cant log in as the user you just signed up as that could be for a couple reasons relating to the registration type you have slected in the settings. There are 3 types all epxlained in the settings screen. Some require manual activation byt the admin, some involve a registration email.. etc etc

I can restart the APP and log in as Admin, but the user I added
is still not activated??

How and why are you restarting the applicaton ? Please explain what your doing there.

My system will also not allow me to set the Stay Loged in FLag.
It just ignores it....

As I told you in an email earlier cookies must be enabled for authentication to work. You mentioned now you can not log off ? I am not sure I know what you mean by that. I assume you know to close all browser windows when testing things like this and I assume you know you have specifically log off and confim it in order to remove the remember me cookie and have to log in again when you return to the site.

If you are using version 6 CDOSYS is not supported. That is one reason why version 7 came out. If you want to rewrite the code to work with CDOSYS in version 6 that is something you need to sort out on your own as I do not support custimization to the code.

I had never noticed this before, but a customer sent me email to say that they had set up their aspclassifieds profile such  that they be contacted by email and not by phone.

However, in their ad, their phone number still appears. The lines in view_ad.asp that check for True values for the Contact_Via_Email and Contact_Via_Phone before displaying that information seem to always evaluate to True, regardless of their setting in the database.

I'm using an Access2000 DB for this. When I open the DB in access, I see the checkboxes correctly unchecked for phone and checked for email. However, if I do a quick test to display the retrieved values in the view_ad.asp (<%=contact_via_phone%> <%=contact_via_email%> they both display True.

What gives? I have had nightmares with Access and its weird handling of true/false 0/1 yes/no fields, but this is driving me nuts.

I think you getting all confused about dsn's and what they really are.

A system dsn gets created via the ODBC control panel and gets listed there. A system dsn is nothing more than a registry entry telling information about where the database is an how to connect to it. Then every time code accesses the database it has to do a registry lookup. The whole process adds a lot of delays, causes very poor performance and is unnecessary.

A dsn-less connection simply connects directly to the database by specifying the driver being used, where the database is, and some other information like the password if there is one.

To get aspprotect or any other ASP application using a database all you have to do is make sure the database folder has correct permissions and then make a connection string like so. (with the correct info for your directory structure of course)

DBQ=c:\inetpub\wwwroot\aspprotect_6\data\database\ASPProtect _access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp

If you are wondering Access databases always use the same username.

So, basically if permissions are set correctly and the directory is valid it will work.
It is really that simple. 99% of the time when people have problems it is one or the other.

That being said, don't worry about the odbc control panel and what is listed there for connections. All we really care about is that odbc drivers are installed and somewhat current.


One last thign for reference: even if you do make a system dsn the database folder still needs the correct permissions.

More info on the groups session variable.

Session("Groups") will contain the ID numbers of whatever groups the user is a part of.
It does not store the descriptive name of that group. It will show the same data that is actually stored in the "Groups" field in the database.

for example it might hold a value like this

*2*,*5*,*9*

meaning a user is part of groups 2, 5, and 9

so if you wanted to check to see if a user was part of a particular group you would do something like this

<%
If InStr(Session("Groups"),"*9*") Then
     Response.Write("You are a member of group 9")
End If
%>


Taking this even further, if you really wanted to get a particular group's name or description you would have to query the database like so. In this case we ask it the name and description for group 9.

 Group_ID=9
 Set ConnPasswords = Server.CreateObject("ADODB.Connection")
 ConnPasswords.Open ConnectionString
 Set cmdTemp = Server.CreateObject("ADODB.Command")
 Set CmdEditGroup = Server.CreateObject("ADODB.Recordset")
 cmdTemp.CommandText = "SELECT " & tbl_label_groups & ".* FROM " & tbl_label_groups & " WHERE (Group_ID = " & Group_ID & ")"
 cmdTemp.CommandType = 1
 Set cmdTemp.ActiveConnection = ConnPasswords
 CmdEditGroup.Open cmdTemp, , 0, 1
  
 Group_Name = CmdEditGroup("Group_Name")
 Group_Desc = CmdEditGroup("Group_Desc")

really all depends on the sql connection string you are using and the names of your sql user you are using...

you really havent described very much..

I'd double check all of it.. something is wrong

ASPProtect v7 comes with working example code of protecting a file download.

This comes with the system as an example folder with some files in it.

(some of the initial purchaser's of the system might not have that directory.. if that is the case please ask)

Here is how it works...

Basically we protect the file download by only allowing a logged in user to download it. The special ".asp" page we use the stream the file is password protected. It also hides the true location of the file so you can keep your files out of your web or keep them in a folder in your web that does not allow file browsing. Under this scenario even if someone looks at the html source they can not tell where the file really came from and they can only download if they are logged in and you offered them the link to the file.

For the file download protection examples to work you may need to edit some values
in the stream_download.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "download file name" from the download_link.asp file which is an example of how make a download link to the streamed download.