been working on this for about 5 hours today.. I think I found the problem and it involves a vbNullChar that the encryption process is creating only during login attempts

it then messes up during ASPProtect authentication because it blows up the SQL Statement to the database

like I mentioned before the chances off this happening are slim but possible as two people so far have been able to create the situation

I seem to have the HANNAH password working now using your encrption key

I need a little bit more time to clean up the files I have been working on. Then I will give you new "check_user_inc.asp" and "check_admin_inc.asp" files to try out

How do I recover or reset admin password used for the aspprotected pages. I have installed it months and months ago, but now can not recall the password. Any help appreciated, as I do not feel like installing it again.

Ohhh...

I was thinking it worked like this; A user goes to that page and logs in.. and from there they can then browse the site and do what they want..

So in order for it to work i need to edit a page say... members.aspx (i assume it needs to be an asp.net page) and in the header put that protect code and when a user accesses it, it will prompt them for their un and pw and then if correct will allow them to view the page... and likewise if they are still logged in will be able to use the page?

If that is how to works as i mentioned above thats great...

I understand the redirect principle...but say i have a log in box on the main page... you know like most pages have a user log in on the left hand side... i wanted to do that. But i cant obviously protect the main home page or else normal users will not be able to view it without logging in or registering

Can you incorporate a secure log in within the scripting.  I would like the account information to be secure without having to have the whole site using running through a secure (https://) path.  If this is possible, the scripting is perfect!

I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.

Can't I simply delete the code that does encryption?

If not, how can I

take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,

export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks

actually  I just went to it again and it was somewhat slow coming up this time..

perhaps you have some issues with the sql database.

it should be instant.. like this one I run on my server
http://banserver.powerasp.com/aspbanner/

I suppose it could also have something to do with sql server resources but its hard to say..

Hello,

Sorry, I do not have any good ideas on this one...
Domain Name Masking can cause issues with quite a few things.

Hello Chris:

Let me run some more test if it's working on your end it should be on mine?  I have made some custom updates to the code but no in that area.

Thanks,
-Ricardo

I just did a quick google search... found a ton of info on how to find the setting. Here is one...

These are directions for IIS6 but the process is similar for IIS4-5

1. Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. Double-click your computer name in the left pane, and then double-click Web Sites.
3. Locate the Web site and directory that houses the ASP application.
4. Right-click the application site or directory, and then click Properties.
5. Select Home Directory, and then click Configuration.
6. Click Options, and then click to select the Enable Parent Paths check box.
7. Click OK two times.

can add photo album but after i upload a pic, nothing shows.

where do i look to research why pics aren't showing in the albums

((TITLE EDITED BY ADMIN))


it would be nice if there was an option for login abuse, where a login account would be flagged if it logged in from x number of different IPs over a period of time. I know many have dynamic IPs, but there's got to be a balance between legitimate logins and logins that are 'shared' for the sake of saving money (I sell subscriptions), in the end costing me.

Maybe searching the first two number groups in the IP (example, 209.168.*.*), and if finding more than an admin specified number of logins per week from IPs with different first two groups, the record would be flagged or locked...

I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.

So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?

Or is there another way..?

I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.

IT worked just as cwilliams said. I did see the IP address being stored in the table but it didn't dawn on me that it was tied in to the view count, I tried it from a different IP address and it worked great .

Good coding Christopher

Thanks

John

Okay, thanks, I'm going to change the method tonight and see if it makes a difference

I'll report back

Dave

that would probably work...

any ".aspx" page can grab that data after someone logs in..

Session("Username")
Session("User_ID")

etc etc

anything you see set in the "aspprotectlogin.aspx.vb" file will be there

any data not set there would have to be added and then the project recomplied so that data gets saved...

I am trying to find out where I can enter the ttle for the application.

There is a variableor field called App_Name into which it would be good to insert a generic name. Can this be edited?

I have searched high and low but cannot find anything to do with it.

edited due to inappropriate content

Did you see this thread. It shows how to set up the project in Visual Studio in detail.

http://support.cjwsoft.com/code/moreinfo85-1.htm

Thank you so much that works great.

I will test with the other settings on the email server again thanks for the advice,

best regards

its part of how the skins load.. regardless you got bigger problems here..

I am beginning to wonder if you unzipped the download correctly because I see things in folders they should not be in...

you should have ended up with a bunch of folders and files...

It you just ended up with a ton of files in one directory you did not unzip the zip file correctly... if so check your zip program settings.. I mean that error is because it is looking for a file in the skins folder that isn't there and it should be there

better yet, unzip the downloaded zip file using windows xp built in unzipping features which will do it correctly...

Banners no longer show up on my site ?

If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.

The web server must have crashed or lost power and now the application variables are in limbo/not working.

I have seen this happen a few times.

Basically the application variable system gets messed up because it was not shut down properly.

The way to cure it is as follows.

Edit and save a banner in the system. Hopefully that gets things going again.

If this happens a lot it is a server issue, not ASPBanner's fault.

ok, I just sent you a private message with download information.

replace you existing

"check_user_inc.asp"

"admin/check_admin_inc.asp"

"admin/email_user.asp"

with the new versions in the download

Do some testing to make sure that HANNAH password works ok for you.

Hopefully this cures the issue...
If it works ok for you for a while I will offer the fixes to everyone and start using this code from now on

BTW:
"admin/email_user.asp" had an unrelated bug in it that only happened if its error handling got triggered... it was posting back to the wrong page when that happened and causing an error

Encountered another issue.  When entering a user name correct but the wrong password get the following error:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '(Username = 'ROBERT') AND (Password = 'ZŁ$'.

/check_user_inc.asp, line 115

Did I do something else wrong?!

Thanks

A mod like this would improve tracking by leaps and bounds.

Do you think this addon would be availalbe anytime in the near future? If/when this feature or mod becomes availalbe, it certainly would be ideal if some script was made to import all the log file data.

Additional Information.

A set of these variables get created for every user that logs in to your site.
For performance and memory conservation reasons some of them can be turned off and are optional.

If you look in the "check_user_inc.asp" file or the "check_admin_inc.asp" file you will see a section of code like this


   ' Start of optional session variables to be set
   ' Recommended that you remark out any of the session variables below that you don't really need to use
   ' This will save a lot of server resource because every user logged in has a set of these
   
   ' I added some code here to not create these if they are empty
   If CmdCheckUser("First_Name") <> "" Then Session("First_Name") = CmdCheckUser("First_Name")
   If CmdCheckUser("Last_Name") <> "" Then Session("Last_Name") = CmdCheckUser("Last_Name")
   If CmdCheckUser("Company_Name") <> "" Then Session("Company_Name") = CmdCheckUser("Company_Name")
   If CmdCheckUser("Email") <> "" Then Session("Email") = CmdCheckUser("Email")
   If CmdCheckUser("Address") <> "" Then Session("Address") = CmdCheckUser("Address")
   If CmdCheckUser("City") <> "" Then Session("City") = CmdCheckUser("City")
   If CmdCheckUser("State_Province") <> "" Then Session("State_Province") = CmdCheckUser("State_Province")
   If CmdCheckUser("Zipcode_Postal_Code") <> "" Then Session("Zipcode_Postal_Code") = CmdCheckUser("Zipcode_Postal_Code")
   If CmdCheckUser("Phone") <> "" Then Session("Phone") = CmdCheckUser("Phone")
   If CmdCheckUser("Custom1") <> "" Then Session("Custom1") = CmdCheckUser("Custom1")
   If CmdCheckUser("Custom2") <> "" Then Session("Custom2") = CmdCheckUser("Custom2")
   If CmdCheckUser("Custom3") <> "" Then Session("Custom3") = CmdCheckUser("Custom3")
   If CmdCheckUser("Custom4") <> "" Then Session("Custom4") = CmdCheckUser("Custom4")
   If CmdCheckUser("Custom5") <> "" Then Session("Custom5") = CmdCheckUser("Custom5")
   If CmdCheckUser("Custom6") <> "" Then Session("Custom6") = CmdCheckUser("Custom6")
   
   ' End of optional session variables to be set

If you do not need a particular variable to be set as a session variable simply comment that line out with single quote.

If you have an extremely busy site with a lot of users this is a good idea. If not, you probably don't need to bother doing this. I added some code in there so they will not be created if they are empty and that alone helps out a lot.

Change the action of the form to the page you want them to log into.
Make sure the page you send them to is protected by the "check_user_inc.asp" file.

<center>
  <table border="0" width="400" height="200" bgcolor="#000000">
    <tr>
      <td bgcolor="#F4F4F4">
        <form method="POST" action="memberarea.asp">
          <input type="hidden" name="Status" value="Checkem">
          <p align="center"><font face="Arial">ASPProtect Login</font></p>
          <div align="center">
             <center>
             <table border="0" bgcolor="#C0C0C0">
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
                 <td><input type="text" name="Username" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
                 <td><input type="Password" name="Password" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
                   me signed in on this computer unless I log off.</font></td>
               </tr>
             </table>
             </center>
          </div>
          <div align="center">
             <center>
             <p>&nbsp;<input type="submit" value="Login"></p>
             </center>
          </div>
       
        </form>
      </td>
    </tr>
  </table>
  </center>

I really need more information.

Connection strings being used ?
How have permissions for the database folder been set ?

etc etc  the more specific the better

You also may want to download ASPTest from our main site and see if you can get that running.

I would suspect your problem relates to the databases having a password set on them. Probably the ones you connected to didn't. It complicates setting up a connection correctly (especially a dsn) but there is a good reason for it as it adds a little extra security.

And of course my detailed article on the error.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1

The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.

Download Documentation

You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.

Please continue to check the support forum threads for the most up to date documentation.


IMPORTANT
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then  choose unblock down in the lower right corner ...then you can open and view the file correctly