Sounds to me like you got some bad databases or something. Or your trying to open a database with too old of a version of msaccess.. not sure

Everything is stored in one database. And yes there is more than just the users table.

Also,  removing the "temp" password should be a piece of cake.

Email me for a new copy of the download file ? Use the contact from on the cjwsoft site. Please tell me your order details as well so I know who you are.

I have narrowed it down.  The ../ for includes will not work with .asp files but will work in .shtml files.

any ideas?

Hi

I downloaded the .chm format installation documentation but when I open it I get the index but can't see any of the pages so am a bit stuck.

I have ASPProtect up and running and I was able to log in with little to now problem after following all of the directions. 

I imported my data base of users (approx 5300) into the access db, and now it times out just letting me log in.

I've got full access to the web server to make any changes on that end that I need.

any ideas?

Testing for XML Parser Support

the microsoft xml parser is generally installed by default on all new server setups..

It allows ASP code to make calls to other pages anywhere on the new as well as a lot of other handy things..

download and run this ".asp" page to verfiy that it is installed and be sure it is available for you to use

2004-12-10_132620_test_xmlparser.zip

Make sure you run it from your web server through the web browser

probably.. better than what we are accomplishing here LOL

or if you like send me the import file and your encrpytion key and I will try it out here and see what happens

either way PM me any sensitive info if any

We have been using ASP Protect for a while now and are big fans of the program.  We received ASP Banner 8.2 with our puchase which we now have a need for.  I went to put the files on our webpage, and doing nothing else other than locating the directory there, I noticed differences with how ASP Protect operates.  We have customized it a bit and want to keep the 2 programs separate.  the login screen for one showed up on the other, and some ASP Protect pages appeared altered so i immediately deleted ASP Banner.  did I do something wrong, and how can i ensure the 2 programs work completely independant of each other?  We can't risk braking what we're now using but would really like to add banner functionality to some of our pages.  maybe an update to the program before we install?  puchase new software?  Thanks for your help-

Protecting ASP Pages

To protect a page without using the Access_Level or Groups feature simply add this code to the top of that page.

Put this under the <%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.

The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp

Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in.

An example of doing this is provided in the "default.asp" file included in the root of the Password System.
Look at the source code with a text editor to see the working code. It is quite simple.

 Protecting ASP Pages Using Access Levels

To protect a page using the Access Level feature simply add this code to the top of that page.
You simply specify the Access Level before the include file is called. In this example we are protecting the page with Access Level 4.

Put this under the <%@ LANGUAGE="VBSCRIPT" %>

<% CHECKFOR = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

This is an example of a File Server Side Include. You could also use a Virtual Server Side Include.

The following URL explains what Server Side Includes are.
http://www.powerasp.com/content/code-snippets/includes.asp

Now when someone runs that page they will prompted to login. They will not be allowed access to that page until they successfully logged in as a Level 4 user.

Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System.
Look at the source code of the ASP pages in that folder with a text editor to see the working code. Again, It is quite simple to follow.

Protecting ASP Pages Using Groups

Please see the code generators in the admin are for the code to do that.

[QUOTE=cwilliams]I would like to delete the SQL tables and set them up from scratch using enterprise manager and sql query manager and see what happens

If that is ok with you let me know.

Something is wrong like I said...  almost seems like the database is caching old password info from the field.[/QUOTE]

Sure go ahead

One last thing..

This is bad

http://www.bones.myftpsite.net/rfamilystuff/pictures/

there are .asp files in there people can run that you dont want people running..

u should delete the asp files in there or turn off directory listing...

take care,

CJW

After I approve someone's username and password, then go to send them the default e mail telling them of the approval, the e mail never goes through.  The e mailing used to work well for many months, but it stopped working.  Any thoughts?

Spider

Access Database Password

By default all of the Access Databases we give out have a default password of "temp"

The Default username that and Access database uses is "Admin" but you should not be concerned with that except in your connection strings.

The default password for the Access Database can only be changed using Microsoft Access to do so. If you have security concerns it would make sense to change the password. The help system built into Microsoft Access best explains how to do that.

Can ASPClassifieds display the ads by city?

I have a web directory that lists websites and companies by city.  Is it possible to have specific ads shown to the user depending on what city they click on?  For example, only ads in New York would be shown to users that have already clicked on that city in my directory.

thanks,

Hi,

I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working.

Your actually confusing me with the whole "joe bloe" thing and user access. I just do not get what you are trying to tell me. Perhaps you can explain in a less confusing way. Your just not technically explaining it andand thats what I need to know to possibly help.

As for the subweb thing you just can not do that. Subwebs have their own sets of application and session variables. An ASPProtect installation and any pages you protect with it are required to be in the same "application" in IIS. Sicne subwebs have their own "applications" in IIS that won't work. It is the nature of "forms based authentication" A sub web is alo considered by our licensing to be a seperate web site and ASPProtect is licensed per web site.

As for breaking pages.. you really shouldnt be editing any pages in the admin area as you will break them unles you are very good with ASP. (does not sound like you are..no offense meant at all)

Pages in the "users" folder are less complex and it is usually ok to edit them carefully.
http://www.powerasp.com/content/hintstips/common_sense.asp

Pages of your own that you password protect can still be edited in your usualy way though without effecting anything.

Truth is if you back things up before you start editing how can you go wrong ? That's how you learn.

ok, I am home.. missed flight.. just got home an hour ago.

lets see.. I really need more info...

For starters are you using the delayed stats feature ? that is expirmental and could cause that problem

yes, there is upgrade pricing
http://www.aspprotect.com/purchase_v7_upgrade_pricing.asp

and upgrade instructions here in the forums

if you install it in the same directory structure you wont have to make any changes to the pages in your site you have already protected.. because the code to protect a page will be the same

now, anytime you upgrade an application like this there is going to be a lot of work involved especially when there have been so many changes
http://support.cjwsoft.com/code/moreinfo173-1.htm
whether or not you upgrade is up to you

Like I said you can make version 6 work with CDOSYS and a remote email server. You just need to do some research on CDOSYS code and spend the time needed to make the code use it. I however am not going to spend time detailing all of that when I created a new version that does it.

Hello cwilliams, and thank you for the fast reply.

Well, i have tryed with the ASPImage enabled and disabled, with the same results. I have used gifs and jpgs in the tests.
I have made some different test. Some with uploading the picture over an excisting picture and some as the first picture. Same results.
Everytime, it´s the 2nd thumbnail that won´t show itself, but the large picture will show, if you press the thumbnail.

I have tryed to look in the code (view_ad.asp), but as far as i can see, everything seems just fine ?!

I know, it wasn´t much help i could give you, but i think i have tryed all the possibilities.

Best regards, Erling

Our webhost set the permissions, but the error is still there, so that is obviously not the problem.  We now have both our webhost and our asp support technician trying to figure out the problem and everyone is stumped.  Can you please provide us with the following information to help us out:

1) what is the name of the file that sets the connection string?

2) what is the name of the file, if it is different from above, that sets the password of the database?

thanks

I checked the option pack code as well and it looks correct.
I tested it and it acted as it should.

You can see it in active at the live demo
http://www.aspprotect.com/demo3/demo.asp

admin
test

go the the admin area.. you will notice 3 users with level 4 access
1 of them is inactive

then go to the mass email area and pick   active and level 4
it will say it is sending email to 2 users which is correct

then go to mass email again and pick level 4 and inactive
it will say it is sending email to 1 user which is correct

choose any status and access level 4 and it will send email to 3 users which is correct

When you do this please realize you can not choose a group as well.
That will cause a problem because you can not choose a group and an access level at the same time.


Anyway... perhaps you can private message or use the contact us form and and let me take a look at your system. Since I can't reproduce the behavior that is the only way we might figure this out.

here is the answer
http://www.iisanswers.com/IIS51.htm

CDONTS

CDONTS (Colloaborative Data Objects for NT Server) is a feature of NT and W2K that allows you to easily send mail from a web page using the SMTP server. The simplicity of the code and widespread availability of free scripts employing CDONTS has resulted in  CDONTS being widely adopted.

Quite a surprise to many administrators to discover that IIS 5.1 does not support CDONTS as do IIS 4.0 and IIS 5.0. This has been replaced by CDOSYS which appears to have more capability, but it is not quite as simple to use. See: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q195 683 for more details.

You can enable CDONTS on XP by copying CDONTS.DLL from a Windows 2000 installation to your XP system’s Windows\System32 folder (default name). Then at command prompt Windows\System32 run REGSRV32 CDONTS.DLL. The extent of my testing on this was to deliver one piece of mail, so this should not be construed as a complete analysis of the effectiveness of this technique.

also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.

etc etc etc

so let me add this bit of info..

I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.

[QUOTE=cwilliams]Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.[/quote]

I did change the top_logo.gif and the associated link. That was on the default page not the Solid Black skin which is unchanged. After downloading/uploading the skins I tried changing it to one of the Beach skins and that's when it changed to Solid Black and has been stuck there ever since.

[quote]Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.[/quote]I don't have access to the Microsoft IIS console as this is a host site. I can access the site's "control panel" but it does allow for those type of settings. Mostly just permissions, DSN entries, etc.

Thanks.
Al

ok, I moved this thread..

The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.

The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)

That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing. 

Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.

Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"

change

Password = CmdDataExport("Password")

to

Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)

Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.

IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ;PN=1


The IPN Subscription Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement PayPal IPN Subscriptions with ASPProtect. IPN stands for (Instant Payment Notification). It allows you to set up scripts on your server so whenever a PayPal payment is processed the PayPal server sends info to your server regarding the transaction and vice versa. This is a fully automated process and allows you to charge users for access by the month or however long you like.

The Subscription feature of PayPal handles recurring billing automatically. The PayPal server will communicate with the ASPProtect system and keep everything up to date with users and their subscriptions.

This Support Pack basically gives you an additional signup and registration directory "paypal_sub_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup. New users can register in this directory and sign up for a subscription at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and start a subscription. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via PayPal your system is updated and they will have access.

To use this all you need to do in ASPProtect 7 is enter your PayPal account name into the settings screen. It will be an email address. You'll need a business or premier account with PayPal and you will need log into your PayPal account and turn on IPN in you profile. They make you enter a default IPN URL. We do not use that so if you already have something there leave it there. If you dont have something there you can type in any the full url to any page on your server. It's probably best to send it to an empty ".asp" page or something.

Changing Payment Options

In the "paypal1.asp" file there are some sample payment options set up.

They look like this and you can have as many as you like.

<!-- Begin Payment Option Code -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">

<% Label = "Membership (1 Month) $9.99 Recurring" %>
<!-- Begin Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="a3" value="9.99">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<!-- Field Below must have 2 commas First two values are optional (access level,groups,user ID)-->
<input type="hidden" name="custom" value=",,<% =User_ID %>">
<!-- End Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->

<!--#INCLUDE FILE="form_data_inc.asp"-->
<input type="image" src="https://www.paypal.com/images/x-click-but20.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">

</form>
<hr>
<!-- End Payment Option Code -->
 

To really understand what these form values mean it is best to look through the PayPal Subscriptions Manual which is a PDF file you can get from the PayPal Site.

This link was valid the last I checked...
Subscriptions and Recurring Payments Manual

It also may be helpful to use their wizard to create some subscription buttons with different settings and then look at the code generated.

Bascially these are the important ones..

a3 - amount to billed each recurrence t3 - time period (D=days, W=weeks, M=months, Y=years) p3 - number of time periods between each recurrence

The custom field is something we are using to send info from ASPProtect to PayPal.
it allows you to set the access_level or groups access (groups support require the ASPProtect Option Pack)

<input type="hidden" name="custom" value=",,<% =User_ID %>">

or this example where we are setting the access_level to (2) and also giving the user access to groups (3 and 4)

<input type="hidden" name="custom" value="2,*3*4*,<% =User_ID %>">

Here is how it works.
The value setting (red) is essentially and array that can be made up 3 elements separated by comma's

access_level,groups,User_ID

If you do not want to set the access_level or groups access.. then you don't even need to edit the setting.

Values must be separated by a comma even if there is no value and there can be no spaces.  If you didn't want to set an access level or groups there would still be 2 commas at the beginning.  etc etc
Basically there must always be 2 commas but you only have to set last values which is the User_ID from the ASPProtect system.

The 1st value is the access level you want to user assigned to.
The 2nd option is the groups you want the user assigned to. (requires option pack)
The 3rd option is the User_ID which the system takes care of. Do not edit this option. Leave it as <% =User_ID %>
 

An email I just received from eastcoastguy.. to keep this thread up to date