All fixed and working

Thanks

Humm.. that should have worked fine

why are you getting a "OLE DB" error I wonder ?

I need more information. 

Database being used and version ?
Server OS Version?
Connection String being used ?

etc etc

Hi,

No, only ".asp" files can be protected.  It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.

To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.

Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.

Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.

In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc

If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.

For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.

Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://

Alternate Method to call banners from non ".asp" pages.

<iframe src ="http://localhost/aspbanner/aspbanner/aspbanner_inc.asp?Ban nerZone=4" width="468" height="60" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe>

Be sure to delete the space in the BannerZone variable above. I am not sure why it is doing that in this post.

You can try calling the banners in an simple iframe like so.
This method should work much better than the javascript method because users with javascript turned off will still see the banners. You also will not have any of the limitations the javascript method has. Iframe is now supported by most recent browsers so it is now a good solution. Here is a chart that shows which browser versions support iframe.

Be sure however to edit the height and width values accordingly as that is very important.

Christopher
We are actually having a lot of problems with this software.

Apart from the above problem of the email not being in the database as details above we also do not get any reply emails from any forms, the mass email button does not appear and the forgotten password does not send emails either.

We have CDONTS Version: 2.80 Installed as the email system, this is operational on the server. I have tested this with server_info.asp to check.

I can email you direct any other information you may need.

Regards

you can not limit image size using the pure code upload method. Its not possible using a pure asp method that I know of.

You would have to be using one the supported commercial upload components and edit the upload code accordinly to limit upload sizes (you would do this by looking through their documentation and samples) I didnt include any support for upload file size limitations with the supported 3rd party upload components because in my testing I found it problematic with all but aspupload from persits software. (I have example coe for that component I can provide that limits the upload size and seems to do it well) I am sure it could work with safileup and dundas as well but I gave up trying.

As for image resizing..
Image resizing requires the use of one of the supported 3rd party image resizing components. You didnt mention if you are using one or not. If you dont have one available image resizing is just not possible as asp can not do that on its own.

Greetings:

I am doing the initial set-up and have run into a problem. Everything has gone smoothly up to and including pulling up the get_me_in.asp page. When I enter the "PasswordEncryptionKey", nothing happens. The page just sits there without doing anything and the browser says it's opening the page, but never does. I have tried entering the value with and without the double-quotes. The value is the correct one from the config_inc.asp file. I did a copy paste from the file twice to insure I transferred it correctly.

I am running Windows 2000 server.

What now?

Warren

I'm using ASPimage and have the maximum width set to 320 in the settings.  Also using SAFileUP ver. 4.0.

Files upload okay, and the script displays a confirmation that the image was resized to 320, but the actual image uploaded is displaying full size rather than reduced to 320.

Also, the thumbnails are not displayed in the Picture Manager. Would indicated ASPImage is not working or the script is not communicating with it.

Suggestions?

Cool.

Well I'm in the middle of uploading the txt file and it's about half way done and sitting there...so I'm keeping my fingers crossed.

Triple check the upgrade instructions because I think you missed something important.

line 227 on "/password_admin/save.asp" refers to the "Password" field

the error your getting most likely means it is not there..

Pay close attention to the areas in the upgrade instructions regarding renaming your existing "Password" field to "Old_Password"

Then making a new "Password" field and carefully following the instructions needed to convert your old passwords for use with the new system.

If you don't everything carefully and perfectly this is the sort of error you will get.

Chris: You are right about a little extra coding to make it work. I am still learning .ASP coding, so I did a little web searching and used IF THEN statments to confirm a member logged in with a valid Access Code. If valid, the protected page executes, with the Member's Name and Access Level on a single line at the top of that page. Looks sharp! If not logged in, or a non member (who found the page via Google), I used a Redirect to send s/he to a login page with optional links as you suggested (http://www.vspa.com/aspprotect/vspa-password-failed.asp) . I couldn't get it to work when using Group Access, but I am sure that is just because I am a novice at .ASP (I will post that example when I figure it out). Meanwhile, here's the code I used that works:

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="dataconn_inc.asp"-->
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!--#INCLUDE FILE="config_inc.asp"-->
<% =Session("First_Name") %>&nbsp;<% =Session("Last_Name") %>:
<%
If Session("Access_Level") = "6"  Then
    Response.Write "VSPA Active Member Access Level 6"
 End If
If Session("Access_Level") = "7" Then
    Response.Write "VSPA Life Member Access Level 7"
 End If
If Session("Access_Level") = "8" Then
    Response.Write "VSPA Officer/Staff Access Level 8"
 End If
If Session("Access_Level") < "6" Then
    Response.Write "Access Level 1-6 NOT AUTHORIZED RESTRICTED AREA ACCESS"
    Response.Redirect("vspa-password-failed.asp")
End If
%><!-- http://www.vspa.com/aspprotect/vspa-password-enter.asp -->
<!-- *** End ASPProtect Code *** -->
<html>
<head>

We have a site that currently runs ASPProtect and would like to install a second instance of it.  The reason is that the current one is set up to manually authorize new users (it is for applying discounts to the Trade), but we want a second instance that will allow new users to register freely (this is for personalization). 

Has anyone set up such a goofy scenario themselves?  Is this even possible?

Thank you!

This server is sitting in my den on a DSL circuit, so I don't have a hosting company. The install for Windows 2000 server is with default settings for all components installed.

I am not sure what you are referring to when you say:

"Does emailing work under the simplest scenario ? (directly from the users screen"

What user screen?

What settings are you referring to that I may have chosen?

Hello Chris:

Let me run some more test if it's working on your end it should be on mine?  I have made some custom updates to the code but no in that area.

Thanks,
-Ricardo

Hi,

That is not enough to go on. I need details in order to help.

Adding Support For ServerObjects ASPMail

ASPProtect as you know does not support ServerObjects ASPMail component by default.

Here are directions to make it work.

In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.

So search through the code for any place where email is sent and simply change

Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")

To

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")

It is about 4 places. They are not too hard to find.

That’s the easy way to get all the emailing functions working with ASPMail

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

you actually dont touch any of those
UploadDirectory = CmdGetConfiguration("UploadDirectory")
They get set from the config table in the database which gets edited in the admin area.

so...

I am talking about the settings area in the admin area of the applicaton.
Every setting there is descibed in detail. You get there and change serttings there via the web browser and by logging in as the admin.

Log in to the online demo as admin and check out the settings area if you are confused.
http://www.aspphotogallery.com/demo_pro.asp

Yes, thats cool.. post it here for sure.

Also, the way you allowed for your search engine is clever and probably was the easiest way to go.

You could do the same thing with the IP. Much easieri than the way I was thinking of doing it.

I dont know about your error on line 6 when uploading..

as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.

I really need more information and possibly acess to the system to do some troubleshooting...

This is anot a feature anyone has ever had an issue like this with.

Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?

I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?

Dear Christofer

I already have send you the details you asked me for. Please let me know if you have received

UPDATE... on very very busy sites these methods have been reported to fail once in a while..  meaning .NET gets overloaded and instead of a banner its shows some error code.

its not the banner system .. its the .net engine and the calling method

Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.

In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.

' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30

Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.