someone has to do something other than me.. i've given up

if i give u the username/pw can you set this up on the network solutions host and ask them to set whatever permissions are needed?

cant do it anymore....

Hello,

I dont know exactly how you go about that and it would really depend on a lot of things like when the ad started and how yu wanted t handle that. it would involve custom coding though, not a change in the database.

Hello..

I actually noticed something was up with your install earlier...
(I saw you in my log files when you clicked to cjwoft from the docs)

I need more info... like what uploading method your using.. what image resizing component, what widths yoru resizing things to... etc

have you tried it while telling it to delete the pics and also while not telling it not to delete them from the import folder

I might have to take a look tommoro as well to really figure it if that is ok

I have to go the bar to meet some friends so I wont be of much more help tonight :)

I been working steady all week and need a few.

CJW

New Features added to 7.x

1. Entire application gone through and updated.
2. New graphics, new look and feel
3. Passwords and Cookies are now encrypted using separate keys individual to each customer install.
4. Groups Feature... powerful way to protect pages based on group access
5. Ability to upload a picture for each user.
6. New printable profile user screen.
7. Supports 13 email components as well as outgoing authentication for a few of the email components
8. New Lockout option. "However many" try’s to login and you are locked out for a certain amount of time.
9. PayPal signup routines for both single payments and subscriptions integrated into the application. Everything is handled automatically. Charging for membership couldn't be easier. 
10. New Newsletter Feature allows you to send newsletters to those subscribed. 
11. New ability to Email users soon to expire
12. HTML emailing for people using CDOSYS. This includes an inline html editor so you can send out some really professional looking emails.
13. Ability to redirect a user anywhere on 1st login
14. Option to turn off Login Remember Me Feature
15. Login Form now very easy to edit
16. All paths for places that need permissions can be easily changed.
17. Works with Parent Paths Disabled on the web server.
18. Company Name is now an optional field
19. Handy javascript popup date selectors
20. All date functions now internationl date friendly
21. Password conversion routine to upgrade existing users to the password encryption
22. Import / Export of user database built in
23. Protection Code Generators
24. Notes Feature. Javascript Popup on users screen that allows you to quickly see information without going to their edit screen
25. Mass email users incuding ability to send them usernames and passwords all at one time.
26. Option to not allow concurrent logins by the same username
27. Optional feature to keep track of recent users that have logged in as well as allow you to view the information.
28. Optional feature to keep track of recent users that have logged in, what pages they accessed, and when, as well as allow you to view the information.
29. Ability to protect other files types other than just protecting the viewing of the ".asp" pages. We provide working example code showing you how to protect images and file downloads in your protected ".asp" pages. You can protect nearly any type of file from downloading and viewing. (gif, bmp, jpg, zip, exe, pdf, rar, mp3,etc..)

ACCESS DENIED

INVALID Username & Password

Username HAS EXPIRED

you can not limit image size using the pure code upload method. Its not possible using a pure asp method that I know of.

You would have to be using one the supported commercial upload components and edit the upload code accordinly to limit upload sizes (you would do this by looking through their documentation and samples) I didnt include any support for upload file size limitations with the supported 3rd party upload components because in my testing I found it problematic with all but aspupload from persits software. (I have example coe for that component I can provide that limits the upload size and seems to do it well) I am sure it could work with safileup and dundas as well but I gave up trying.

As for image resizing..
Image resizing requires the use of one of the supported 3rd party image resizing components. You didnt mention if you are using one or not. If you dont have one available image resizing is just not possible as asp can not do that on its own.

Hi-

Thanks for the quick response to my previous posts.

This is my issue:

I have read over all the docs and installation instructions and can't find a way to do this:

my default page in my root dir will be a log in page which will take the user once his level is validated to a "home page". Is there a page in your examples that will perform the function of this log in page? or should I rename check_user_inc.asp as the default and change it's html output to make it look like my log in page?

I also looked within the code for check_user_inc.asp and did not see where to specify where the user will go once he signs in.

Your help is appreciated

[QUOTE=cwilliams]actually, passwords can be up to 75 characters long in ASPProtect.
the only requirement when entered from a non admin user is that they are at least 4 characters long.

what does MSAccess have to do with this ? Are you trying to convert and old system or something? I noticed you created and "old password" field in there ? Is there something I do not know about as far as what you are trying to do?

Passwords in version 7 are encrypted so I hope you understand all of that and realize you can not enter or change passwords right from SQL server. Also if you import info you must handle that accordingly and convert the passwords to encrypted format. [/QUOTE]

First off, I haven't imported anything from MS Access.. The only reason I mentioned it is cuz I thought initially it worked with Access and not SQL server.

I am not converting nor entering any data manually into the db, nor have I changed anything in the way the registration is made (don't know where the "Old password" has come from? thought it was a function you made?)

In addition to that I just noticed the </href> you have in there.. man that is some scary stuff you came up with.. that may appear to work and make a link but it is not correct. Each link will work but never truly be closed.

That is just not valid proper use of the anchor tag.
You make a link in html like so

<a href = "somepage.htm">somepage.htm</a>
http://www.w3schools.com/tags/tag_a.asp

Then your surrounding each link with <span lang="en-us"> </span>
Not sure why ?

Suprising I started this tread off on ASPImage, but I resolved my issue and forgot to change the thread topic.  I will try your suggestion.

New Version 8.1 Released

Whats new..
http://www.aspbanner.com/v8_notes.asp

Upgrade Instructions...

Upgrade at your own risk. Though we try new versions are not always perfect due to minor bugs we may miss.

Back up your old setup so you can revert back if necessary..!!!
Save your data connection string info in a text file so you have it.
You can get that by viewing the system info page in the admin area.

Carefully copy all the ".asp" files from the new version to the old.
Your going to want all the .asp files in the aspbanner folder.
Your going to want all the .asp files in the aspbanner/scripts folder

Copy the aspbanner/images folder because there are some new images

Be sure to also copy the "data/config" folder files.folders as well as a lot of that is new including the actual config file. If you dont get the new config file copied in there you will have problems later on with some of the new features.

Be sure to create a new folder in the "data" folder called "tempstats"
Make sure it has proper permissions if you plan on using the delayed stats feature as the stats gets temporarily stored there. 

Go back to the area where you originally setup the data connection and do that again...

From the web browser run the following URL

http://yoursite/data/config/aspbanner_unlimited.asp

Replace "yoursite" with the proper url info relevant to your web site location.

When run via the web server that page will ask for a password. By default it is "temp". You should change it later on for security reasons. That page tells you how.

Now... moving on..

There were no changes to the database except for SQL Server users so you can use your existing database.

SQL Server users that want to use the new stored procedures feature (it's optional) will need to update their SQL database with the stored procedures.

Scripts to do that are provided.


ALSO: I have been running this new version using SQL Server Stored Procedure mode for a 1 week on a special banner server that serves banners to many of my own sites. I have also been using the new Delayed Stats feature.

All I can say is it is running like a champ and the SQL server is using less memory than it ever did before.

Ok, so I checked to see if ASP is running on the server and it is.  then I added code to the top of a page and this is what i can see when 'view Source' on the web browser:

<%@ LANGUAGE="VBSCRIPT" %>

<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * Admins * ) -->
<% GROUPACCESS = "4" %>
<! #INCLUDE FILE="check_user_inc.asp">
<!-- End ASPProtect Code -->

<html>
<head>
<title>TeamManagers</title>

Yet I get no challenage for a password and no error message!

you summed it up perfectly... everything you said really

As for the banner software custimizations.. you could just make another folder with a modified admin area (little tweaks here and there so the person logged in only controls their own banners) You'd probably want to add an approval process so nothing they did went live unless you really really trust them. That wouldn't be that hard either.

I always planned to do it someday but I just never have time.

Thanks for your rapid responses, your support is excellent!

It may be best that I stick with html then. You mention that is stresses the Version 7 software, would the unlimited version perform any differently if I use multiple zones?

Also, if I do go with a single zone, would either program be able to make sure each banner is unique, or would there by duplicates for each page view?

Sorry to post so many questions in one day.

Different Versions of the Access Database

Below is a zip file with many alternate versions of the Access Database provided to help with installation and general usage.

2005-02-20_155310_ASPProtect_Database_Versions.zip

ASPProtect.mdb is saved as an Access97 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2000 database (password "temp")
ASPProtect_access2000.mdb is saved as and Access 2002-2003 database (password "temp")
ASPProtect_access2002_no_password.mdb is saved as and Access 2002-2003 database with no password set on it

Try to use the newest version as server odbc drivers sometimes have to use the newest version for everything to work correctly. No password version is provided because sometimes there are issues connecting to a database with a password set on it.

Default username for access databases is of course "admin" but you really dont use that except in the data connection information.

Sorry you feel that way, not my intention. I'm not threatening anything. I was very happy you responded when did so there no reason for any bad feelings. I like your product as I said before and have no problems with it. Sorry again, that was not my intention. Merry Christmas…

Yeah, its a win2k server.

Im up and running now (my guess is ASP wasnt installed, but he did not say), but am not having luck with any of the email.  I contacted my host to see what is available and have yet to hear back.  Do you generally recommend people to run CDOSYS?

Ive been reading through the docs, and the users and protection seems to be pretty straightforward.   Nice!

The only other real question I have (and cant find in the docs) is how to remove the self registration option all togehter.  My client wants to add its users manually, and not give the option for them to sign up themselves.  Do I just find any remove any code that references it?

I think this addresses your question

http://support.cjwsoft.com/code/moreinfo144-1.htm

We can't seem to find the purchase emails for this install of ASPProtect.

It would have been in May 2004 for NetOptions LLC or CareerMatrix.com

We noticed it should have been v6 of ASPProtect.

Can you resend the download links?

Please forgive any ignorance on my part.

Using the live demo, it seems that with the banner software my advertisers would only have access to reports, but no ability to upload banners, specify keyword triggers or zones, what have you. Is this correct?

The other thing I couldn't quite figure out, assuming I had a categorized directory on my site, is this system configurable to display different banners based on category? Perhaps through keyword triggers?

Thank you in advance for any assistance.

again I will ask you what is the real error??

see the link above when I asked you the 1st time.
(I need the error details and line number.. etc etc)

and what kind of a server are you trying to run it on ?
you mention xp pro but in a confusing way ?

Chris.

After I had you install ASPProtect I added the ASP protecting code to the top of my home page:

<%@ LANGUAGE="VBSCRIPT" %>

<% CHECKFOR = "1" %>
<!--#INCLUDE FILE="../../check_user_inc.asp"-->

Then I made my index.html page my login page buy using the script "Login form on a non protected page" on that I changed <form method="POST" action="memberarea.asp"> to <form method="POST" action="home.html">. 

When I try to log on to that page I get en error page HTTP Error 405 - The HTTP verb used to access this page is not allowed. Internet Information Services (IIS). I checked with my hosting company GoDaddy.com and they informed me that due to the fact that they do not have ASPProtect instaled on there systems they can not support it.  In recent conversations you told me that you have customers that do use godaddy and you products. 

Can you please tell me what I can do to get this working?

Thank you for your time and help.

Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.

Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.

I made the changes like you suggested, but now the page just times out before even loading. 

<%
ConnectionString = "DBQ=D:\clients\rklarman\DrWeisbergUsers.mdb;Driver={Microso ft Access Driver (*.mdb)}"
DatabaseType = "MSACCESS"
%>

ok, here is what is going on

you are password protecting an ".asp" page that requires querystring info to run correctly   (example - "somepage.asp?ID=3"")

that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out

this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact

it was a nice feature never intended to handle any situations other than what I just described...

now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info

that more than anything is what is going on..  browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...

To avoid all of this...

One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)

Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.

Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc

So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.

I hope this makes some sense to you.. it is very hard to try and explain

Using "Email Authentication" as a registration option you cannot do that. There is no possible way I know of to have a delay on the authentication email like that. Also that method is not intended to involve any sort of manual registration like what you are doing.

Because you want to review people manually you need to change to registration process to "manual" and then send the email out manually from the users screen after making a user active.

Hi,

I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.

I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?

Thanks

S

I have activated both activity and log files. The directories exist on my server and don't give any errors.

When I check the activity tab, some times there are a number of items in it.  Other times, there is only my login info.  From what I can see, it is supposed to show the last 50 items of activity at all times.  Am I missing something?

Also, when I click on the log file tab, there is no file or information to see.  Is there something I need to do beyond activating it in the settings area and making sure the directory has write permissions?

Thanks.

Perfect exactly what I was looking for.

Thanks