not really, aside from looking in paypal and manually adding each one for each user...

how many users are we talking about anyway ?

and were any of the users new sign ups from scratch because if they were and that field didnt get populated that is weird?

ultimately aspprotect does not use that field. I was just storing it for the sake of storing it... so its not a big deal but I would still like to figure out what is going on

removing the expiration dates from paypal subscripbers will be enough to fix the issue your having about them getting the expiration notifications

it is by design actually and something that can be improved
(I just never thought of it when I 1st designed the system and it is actually planned to be added in Version 8)

The trick would be to reset those session variables anytime someone edits and saves their information... not very hard at all

you would do it on the save code page for when a user edits themself.
you want to grab the info posted from the form and  reset each session variable at the same time everything is re-saved to the database

example

Session("Company_Name") = Request("Company_Name")

Well, I assumed I'd be able to tweak this thing but it is all so intertwined it doesn't pay to mess with any of the files. Hence, I'm going to have buy a different system only a week or two after buying the unlimited version here.

As I leave I want to give you some impressions here. While the system is low-cost, the 99 dollar version is missing a few pieces that I think would bring the value to 99. It is one thing to talk about the speed/performance, but to a degree that's hard to measure, and to anyone with web advertising on their site, performance will always run second to potential site income.

It definitely needs a user interface and registration for advertisers, and it definitely needs a single variables file for changing the hundreds of variables for which there is no control. I had to search on my own just to change the look and feel.

Lack of multi-zone support is a serious drawback. I would submit that anyone with a serious website needs it, and will gladly pay you 139 over 99 for just that one feature.

Take them or leave them, they are just suggestions.

If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.

Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.

<center>
  <table border="0" width="400" height="200" bgcolor="#000000">
    <tr>
      <td bgcolor="#F4F4F4">
        <form method="POST" action="memberarea.asp">
          <input type="hidden" name="Status" value="Checkem">
          <p align="center"><font face="Arial">ASPProtect Login</font></p>
          <div align="center">
             <center>
             <table border="0" bgcolor="#C0C0C0">
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
                 <td><input type="text" name="Username" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
                 <td><input type="Password" name="Password" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
                   me signed in on this computer unless I log off.</font></td>
               </tr>
             </table>
             </center>
          </div>
          <div align="center">
             <center>
             <p>&nbsp;<input type="submit" value="Login"></p>
             </center>
          </div>
       
        </form>
      </td>
    </tr>
  </table>
  </center>

Chris:

I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.

Thanks for the help.

thanks!! the file took care of the extra slash. I also fixed the problem by modifying the permissions.

dazed

How to set a new users expiration date.

You'll need to edit the "users/add_new_account.asp" with a text editor.

Find this section..

<%
CmdAddUser.Fields("ValidateEmailCode") = ValidateEmailCode
CmdAddUser.Fields("Access_Level") = "4"
' PUT YOUR CODE HERE
CmdAdduser.Update
ID = CmdAdduser("ID")
CmdAdduser.Close
Set CmdAdduser = Nothing
ConnPasswords.Close
Set ConnPasswords = Nothing
%>

You'll want to add code like this right between the Acccess_Level  and Updates section

CmdAddUser.Fields("Expiration_Date") = Date + 60

That will give take todays date and add 60 days to it.
You can of course do whatever you want here.

Actually, any database value for the user can be set during registration.

You can also change the default Access_Level to whatever you like.

Actually, your whole site is like that.

http://www.bones.myftpsite.net/rfamilystuff/

You should definetly fix that..
I can't help ya with it though. You'll have to figure it out.

I know ya can do it...

later

whether you use SSL or not really does not effect aspprotect in any way

I say, the smart thing to do there is too not start them off at a http:// url

one way to do it is put a simple ASP redirect on that default page and send them to an SSL version of the page instead...

http://www.powerasp.com/content/code-snippets/redirects.asp

another way would be not start them off on a protected page right off the bat and offer links to the the protected area...

in my opinion thats pretty odd to be starting them off on a protected page anyway
SLL maybe, but protected right from the time they hit the default page of the site.. thats just odd.. usually you want o say a little something about the site your at and then link people to protected areas or give them a login form which posts to a protected area.


Regardless if you always want users at your site under https:// you should have code on every single page in your site checking the url info at every page load. Then if someone ever hits a page and is not using the https://  you can do something about it like redirect them to the SSL home poge or redirect to that same page but with the https:// in the url..

that's they way it should be done..

the only other thing would have been to test everything with sql before trying to import any data.. and make sure all was fine at that stage




more info on the errors would be helpful.

Id' also carefully visually compare the SQL tables and fields with the SQL scripts and make sure all field types and settings got set correctly.

Also, make sure the user accessign the database has datareader and datawriter permissions of course.

I think this addresses your question

http://support.cjwsoft.com/code/moreinfo144-1.htm

I would say that it isn't all that difficult using mySQL for the backend....the main thing is to make sure you set the primary keys for auto-incrementing in your database.  Alos need to make sure that any DELETE SQL statements are formatted like this

DELETE FROM tblName WHERE tblField=SomeValue

and not

DELETE * FROM tblName WHERE tblField=SomeValue

The same holds true for using MSSQL

Hello,

VBScript is the most popular ASP scripting language, and has the most support available. I estimate that less than 5% of the ASP coders out there use anything other than vbscript

That being said it specifically says on the aspprotect site ASPProtect is only for use in protecting asp using "vbscript" as the language.

http://www.aspprotect.com/more_info_full_v7.asp

http://www.aspprotect.com/comparison.asp

it is something I specified very clearly for this very reason.

Sorry, but you can not use ASPProtect to protect pages using Language="Javascript". The code is too complex to be mixed with server side Javascript.

To password protect asp pages written using "Javascript" you really need a an application specifically written in and designed to work with ASP pages written using "Javascript". And then of course that application would not be able to protect ".asp" pages written using "vbscript." (I mean never say never, but it would be a ton of work to get both working and I doubt you will ever see a commercial application that does both)

as for switching back and forth between vbscript and javascript you really can't except with very simple code. Doing so with anything complex can be extremely problematic because the order of execution sometimes gets all mixed up because of the complexity of the code being used.

That doesn't mean it can not work....

You would really want to do something like this.


do not specify a default language at the top

surround the aspprotect include file with this

<SCRIPT Language="vbscript">

</script>

surround your javascript code with this

<SCRIPT Language="JavaScript">

</script>

then make sure none the code including the aspprotect include file has any <% or %> tags in it

that means you have to remove that sort of thing everywhere... that means a lot of work if you used a lot of that sort of thing instead of response.writes to write out html type stuff

and again... I don't know if you would ever get it all working

I checked the option pack code as well and it looks correct.
I tested it and it acted as it should.

You can see it in active at the live demo
http://www.aspprotect.com/demo3/demo.asp

admin
test

go the the admin area.. you will notice 3 users with level 4 access
1 of them is inactive

then go to the mass email area and pick   active and level 4
it will say it is sending email to 2 users which is correct

then go to mass email again and pick level 4 and inactive
it will say it is sending email to 1 user which is correct

choose any status and access level 4 and it will send email to 3 users which is correct

When you do this please realize you can not choose a group as well.
That will cause a problem because you can not choose a group and an access level at the same time.


Anyway... perhaps you can private message or use the contact us form and and let me take a look at your system. Since I can't reproduce the behavior that is the only way we might figure this out.

IFRAME is just an client side html thing...

has nothing to do with .NET

will work with any page extension or server side technology

As you see from that compatibilty chart I posted a link to.
Nearly every modern browser supports it.

I dont know about your error on line 6 when uploading..

as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.

I really need more information and possibly acess to the system to do some troubleshooting...

This is anot a feature anyone has ever had an issue like this with.

I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out

In a way your questions are confusing to me, but here is some information regardless.



Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.


If you are concerned about customers downloading the access database..

best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that

the more of these things you can do the better..

And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.

Than you 

I'm happy after changing to XML parser for two of the ads. Later I'll change the other codes to XML, never to use iframe again!

Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..

Same thing happens... certain passwords just do not work.

So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.

Here is an example.. see the screenshot below.

Username "admin" password "petepetepete"

The top query done in Enterprise Manager is valid and shows the user.

The bottom query is also valid but it does not show the user.

And that is exactly what is happening from the ASP codes point of view.

Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.

It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.

I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.

One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.

It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.

Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.

Your call..

Hello Chris:

Yes I'm using the Option Pack.

-Ricardo

It's custimization work. and just not something I can support.
Basically it is basic ASP/Database work.

Something you kind of need to figure out on your own. It's not difficult work for a good asp coder but there is no easy way and it is time comsuming.

I wouldn't use the custom fields though. I would make your own.
It's simpler that way.

Also.. if you want to customize each person's experience individually it really does not make sense to use groups or access levels for that purpose alone.

I mean, why bother making a group or access level for every user and worrying about keeping track of it all when you can just access the available session info about the user to create dynamic pages specific to that user.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=198& ; ; ; ;PN=1

That is why that information is there.


You can of course use some combination of the two technologies as well should you have groups of users that you want to have a slightly different experience.

(FREE) Nov 23 2005 Update Files

If you purchased ASPProtect Version 7.x before Nov 23 2005 then you can download these Update Files.

(These are non-critical updates.. only update if you want the described changes below)

These updates do the following..

• Make the Tabs in the Admin area move up and down as you navigate around so they look more like tabs used in a file cabinet.
  
• Updates the import/export process so the tab delimited text files created now store the passwords in plain text instead of encrypted. I have been thinking about this one for a while now and I think it is better this way as it was confusing a lot of people. If can also kill the whole process if by chance the encrypted output of a password contains a line break of sorts. There is no way to deal with that scenario so this is way the import/export process is going to work from now on. This also means you should be VERY carfeful about leaving export files lying around as they will have the passwords in them.
  
• Updates the "expected_paths.asp" in the data folder because the paths it was generating had an extra "data/" in it.
  
• Updates the users page so it will not show the import/export link if you have not entered a path for the export files in the settings.
  
• Adds an Activity Tab if using the Activity Tracking features instead of the links it used to put on the users page that most people didn't see.

To install these just copy them in over the old files.

Now of course back up your existing files so can revert back if there is a problem or you do not like the changes. If you made any custom changes to any of your pages use your head and realize that copying these in over your existing files will overide any custom changes you made. (that is your business, I am just warning you)

2005-11-23_163025_ASPProtect_v7_11-23-2005_update.zip

OK, I updated the server with the SP 8 Jet updates and this had no effect.

Then I loaded the asptest file and put in the correct path. The results were:

Failed: Database could not be connected to....

Error reported from server:
Error source: Microsoft OLE DB Provider for ODBC Drivers
Error number: -2147467259
Error description: [Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x784 Thread 0x854 DBC 0x2101014 Jet'.

If we wanted to user groups, is the "Access Level" in the User setup the same ID as what the group access would be?  Ex. If John had Access Level 4 and the page specified <% GROUPACCESS = "4" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

I'm asking because there is no Group Access Level in the user setup.  Thanks

as far as sql goes if you follow the instructions with give for setting up a new database you shouldnt have any issues and permissions should be already set. because we handle that in the sql script we give you.. "its a good thing to look at and it is pretty easy to understand what is going on""

however using another account could cause permissions issues.."yes, even sa"     basically the username your using needs datareader and datawriter permissions to all tables used by the photo gallery system and you probably have to go specifically set them usin ght e security tab for your database in enterprise manager. This is more of SQL server 101 than anything to do with the Photo Gallery Code so I am not going to get into it too deeply, but that is definetly the issue.  Permissions...

the sql databse is the same.. the sql script is the same for any version

as the site says they are essentially the same app with very minor changes... if you are trying to share the same sql database with both it's not gonna happen because the table names are the same

truthfully:
that app runs nealry as well with msaccess as it does with sql so I wouldnt get too excited about running it withe sql. You will not see any benefits unless you have a ton of simultaneus (sp) users.

It turns out that I never enabled ASP.net on the site. After doing that the skins work much better. I'll have to poke around and see what other functionality is now available.

Thanks!

Al

I would check out this article for starters... aspprotect is very similar to asp photo gallery and so are a lot of the page names.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=49& PN=1

Jeromy, You should have access to that page.

I wonder what that ENDSQLMail send failure is all about ?
I dont use anything regarding SQLMAIL in the ASPProtect code.

I think I might need to go in so I can debug a bit. Everything seems to work fine with a SQL installation here so I just don't know at the moment.

If that is ok with you I would need ftp access or something so I can trry a few things and hopefully figure it out. Admin access to the aspprotect admin area as well so I can see what you have set up in there.

PM me with that info if you want me to take a look.

Thought this would be easy.  A few more pointers should get the database connection to work:

1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so? 

2)We have other files in there for other server applications, does that mean we’re stuck using DSN’s or is the file independent of that control dialog?

3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?

What else are we missing?