I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

Hi, I haven't heard anything from you.

Has this issue been resolved ?

Thanks

I assume that if I am using this product, search engines such as Google cannot access and index my content. Can somebody confirm that; I want to be 100% sure.

In case it matters, I am using a basic, cheap ISP setup where my site is on a shared server.

Thanks in advance.

(FREE) Nov 23 2005 Update Files

If you purchased ASPProtect Version 7.x before Nov 23 2005 then you can download these Update Files.

(These are non-critical updates.. only update if you want the described changes below)

These updates do the following..

• Make the Tabs in the Admin area move up and down as you navigate around so they look more like tabs used in a file cabinet.
  
• Updates the import/export process so the tab delimited text files created now store the passwords in plain text instead of encrypted. I have been thinking about this one for a while now and I think it is better this way as it was confusing a lot of people. If can also kill the whole process if by chance the encrypted output of a password contains a line break of sorts. There is no way to deal with that scenario so this is way the import/export process is going to work from now on. This also means you should be VERY carfeful about leaving export files lying around as they will have the passwords in them.
  
• Updates the "expected_paths.asp" in the data folder because the paths it was generating had an extra "data/" in it.
  
• Updates the users page so it will not show the import/export link if you have not entered a path for the export files in the settings.
  
• Adds an Activity Tab if using the Activity Tracking features instead of the links it used to put on the users page that most people didn't see.

To install these just copy them in over the old files.

Now of course back up your existing files so can revert back if there is a problem or you do not like the changes. If you made any custom changes to any of your pages use your head and realize that copying these in over your existing files will overide any custom changes you made. (that is your business, I am just warning you)

2005-11-23_163025_ASPProtect_v7_11-23-2005_update.zip

Sorry, you cannot, that is how it works and that is how it has to work for reasons I am not going to try to explain as it is pretty technical. (it works the same way even when not using paypal and using email authentication... nearly every registration system out there does it that way under an email authentication scenario or a PayPal IPN thing.)

Basically, if you are concerned about it you need to periodically manually check for accounts that were never activated and delete them. Maybe when I get some time some day I will make a little interface to help find those and clean them up at once.

I am attempting to have the page dedirect from the group, as some of my users are part of different and multiple groups (they are not structured in access levels, b/c they cannot be part of multiple levels(?)).  So I think I need to redirect by group.  I am having trouble having this work correctly.

-j

I'll give it a shot loading it on the laptop and publishing it, if it doesn't work I'll let you know and you can take a look at it tomorrow afternoon.  Thanks for all the help tonight...

Good luck pouring that concrete!

well, I need more details..

you got SQL server or data connection issues is pretty much the bottom line

If I remember right we went down this road with a SQL setup quite a while back (auguest 2005) and that never really got resolved

here it is
http://support.cjwsoft.com/code/code_info.asp?TID=321&KW =yiak

how about translating the error to english..

Looks to me off hand that it would have something to do with the SQL server itself not being run in an english lcid/format and causing some sort of date issue.

I would also suggest you start off with a brand new blank SQL ASPBanner database and make sure that works before you attemp t to import any data into it.

Sounds great, Sold!

Thanks Christopher!

I pull that crap on myself once and a while... or my favorite is leaving a bootable CD in the drive and then wondering why the heck the OS doesn’t come back up. I pretty much promised myself back in 2002 that I would never mess with anything minor after 10PM. For whatever reason I always start messing around trying to "fix" something and end up sorry... Granted if it’s an emergency I am all for it, but I get dresses in advance anticipating the practically inevitable drive down to the datacenter.

Good luck with that, I am sure you will be much better off in the long run.

ummm.. ok.. Then this doesnt make sense.  On two out of the three machines I have in house here, the images do not show up.  They only show up on the server machine.  I am using the constant url on all three machines.  www.rfamilystuff.com  Does it show up on your?

Okay, I did that, now I get:

Microsoft VBScript runtime error '800a004c'

Path not found

/aspprotect/password_admin/upload_post.asp, line 292

I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.

So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?

Or is there another way..?

I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.

You not getting a blank page.. you getting an error. You just can't see it because it appears you edited the page background to black.

error '80040211'

/aspprotect/scripts/emailing_subs_inc.asp, line 174

The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.

Download Documentation

You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.

Please continue to check the support forum threads for the most up to date documentation.


IMPORTANT
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then  choose unblock down in the lower right corner ...then you can open and view the file correctly

The only other thing I can think of if you are not getting any errors.

Is that you may have the path to the server include file correct but ASP server side code is not executing in that part of your web site.

You can do a simple test to tell if it is...

Make a simple ".asp" page in the same folder.

Put only this code in it.

<% Response.Write ("ASP is executing") %>

then run the page via the web browser thru the server..

If the text prints out ASP is running... if you don't see anything it is not

I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out

thx for posting this..


Just a few notes... more than 100 pictures specified in the config file is not supported. You are of course on your own if you specify more than 100

Also, technically the post above should say more than 102 pictures... "I think" as you wont need more html cell code until then..

The loop in the code is probably how I should have done it in the 1st place but I was in a hurry to get this finished and I also never expected/wanted anyone to specify more than 100 pics per album.

Lastly.. depending on what style you are using in the config file the code above may not work as some of the styles do not use cells but line breaks instead..   At least from what I remember.

well, I was curious myself so I just tried it.

Good news is it worked just as I thought.

Only problem is your changing things to allow authentication info to be passed over the net in a url. If you can live with the security implications then it will work. I mean a sniffer could see that and end up knowing the username and password.. not likely but just putting that out there.

Of course now that I think about it unless you are running under SSL (https://) when you log in normally that info is in the post info anyway and possible to get at.. course not right out in the open like when you put it in the url and less likely to be noticed.

As long as your not doing it to access critical areas like the admin pages... and you monitor the log files once in a while it's probably nothing to worry about.

Chris:

I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.

Thanks for the help.

Chris,

I've given the IUSR account modify access for the aspprotect folder.

In the ODBC manager module on the webserver I've taken out the aspprotect access driver option.

The dataconn_inc.asp line reads as

ConnectionString = "DBQ=D:\missourirealtor.org\members\aspprotect\data\database \ASPProtect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Now this should make it DNS-less correct? with the permissions set properly?

I've also taken out the password on the access database.

The original database of users I had was an access database from a different program called spooky login.  I exported them into a tab delimited file and changed the column headings to match those in aspprotect exactly.  Actually access would not let me import them in the databases without them being exact.

I imported that information directly using access's import options.  I tried the import/export manager in aspprotect but kept timing out as well.

[QUOTE=cwilliams]Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.[/quote]

I did change the top_logo.gif and the associated link. That was on the default page not the Solid Black skin which is unchanged. After downloading/uploading the skins I tried changing it to one of the Beach skins and that's when it changed to Solid Black and has been stuck there ever since.

[quote]Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.[/quote]I don't have access to the Microsoft IIS console as this is a host site. I can access the site's "control panel" but it does allow for those type of settings. Mostly just permissions, DSN entries, etc.

Thanks.
Al

You might just learn something and actually get your project finished before 2010

your over there hacking away on your virus infested WaReZ machine

LOL thanks for the good laugh-- i guess its time to do some reading and making my own mods to the program..

btw i never insulted cafrepress.. not sure where you got that from- just advised that what they have is exactly what i want to have done. How much for your service?

when you get back to work.. your   "redirect.asp" needs the password include file at the top of it.. or that wont work either..

and of course those pages you send people to all need to be repaired

Hi all

User activity screen shows history of logged-in users.

Is it possible to view only those users that are currently logged in ? not the all users that have logged in previously

thanks in advance

The redirection feature isn't working as I exected.

If I clear a user's redirection_URL, they can navigate to any protected page on my website as expected.

However, if I set the user's redirection_URL to a protected page, they cannot login. More specifically, their browser just keeps displaying the login form while the browser's progress bar just increments ad infinitum.

If I set the user's redirection_URL to a NON-protected page, the user is directed to that non-protected page, but if they then try to navigate to a protected page, they are redirected back to the redirection_URL.

Is this the way the redirection feature is supposed to work?

My application requires that a user is directed to a protected page and from there, they can navigate to any page that they are allowed to go to.

What can I do?

Flash Code Generator

Until I have time to make one I suggest using the one on the banmanpro support site as it is pretty nice.

http://www.banmanpro.com/support/flashgenerator.asp

Gotcha.

Can you set an expiration date on a subscription?

Thanks,

Jess