Chris: You are right about a little extra coding to make it work. I am still learning .ASP coding, so I did a little web searching and used IF THEN statments to confirm a member logged in with a valid Access Code. If valid, the protected page executes, with the Member's Name and Access Level on a single line at the top of that page. Looks sharp! If not logged in, or a non member (who found the page via Google), I used a Redirect to send s/he to a login page with optional links as you suggested (http://www.vspa.com/aspprotect/vspa-password-failed.asp) . I couldn't get it to work when using Group Access, but I am sure that is just because I am a novice at .ASP (I will post that example when I figure it out). Meanwhile, here's the code I used that works:

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="dataconn_inc.asp"-->
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!--#INCLUDE FILE="config_inc.asp"-->
<% =Session("First_Name") %>&nbsp;<% =Session("Last_Name") %>:
<%
If Session("Access_Level") = "6"  Then
    Response.Write "VSPA Active Member Access Level 6"
 End If
If Session("Access_Level") = "7" Then
    Response.Write "VSPA Life Member Access Level 7"
 End If
If Session("Access_Level") = "8" Then
    Response.Write "VSPA Officer/Staff Access Level 8"
 End If
If Session("Access_Level") < "6" Then
    Response.Write "Access Level 1-6 NOT AUTHORIZED RESTRICTED AREA ACCESS"
    Response.Redirect("vspa-password-failed.asp")
End If
%><!-- http://www.vspa.com/aspprotect/vspa-password-enter.asp -->
<!-- *** End ASPProtect Code *** -->
<html>
<head>

Yup everything looks ok - but why no error?

This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...

What would cause it to 'think' it is doing the task yet still fail?

Ok time for some more questions!!!

Is there a way to make the person's email address their default username... or force it in somehow instead of allowing them to create their own?

ok, well if you want to test on your own....  in the ipn.asp file for the subscription folder you will see this area of code used for testing

' Un-comment this section and give this directory proper permissions to enable logging to a text file
' Very helpful for troubleshooting
'   Set ObjMyFile = CreateObject("Scripting.FileSystemObject")
'   LogFileName = ("paypal.txt")
'   'Open Text File.. If doesn't exist create it and append to it .. If exists just append to it
'   Set WriteMyData = ObjMyFile.OpenTextFile(Server.MapPath("paypal.txt"),8,True)
'   RowHeaderString =  ""
'   RowHeaderString =  RowHeaderString & OrderID & vbTab
'   RowHeaderString =  RowHeaderString & Custom & vbTab
'   RowHeaderString =  RowHeaderString & User_ID & vbTab
'   RowHeaderString =  RowHeaderString & subscr_id & vbTab
'   RowHeaderString =  RowHeaderString & txn_type & vbTab
'   RowHeaderString =  RowHeaderString & subscr_date & vbTab
'   RowHeaderString =  RowHeaderString & Access_level & vbTab
'   RowHeaderString =  RowHeaderString & Groups
'   WriteMyData.WriteLine(RowHeaderString)
'   WriteMyData.Close

now that folder will need modify permissions for the text file to be written to but this is a good way to test if the ipn.asp page ever gets hit by paypal.

ITS REAL IMPORTANT THAT THE TEST FILE CAN BE WRITTEN TO OR DOING THIS WILL JUST CAUSE MORE ISSUES

To ensure the text file can be written to and permissions are correct for that folder you can make a new .asp in there and run this to see if the text file writing works

   Set ObjMyFile = CreateObject("Scripting.FileSystemObject")
   LogFileName = ("paypal.txt")
   'Open Text File.. If doesn't exist create it and append to it .. If exists just append to it
   Set WriteMyData = ObjMyFile.OpenTextFile(Server.MapPath("paypal.txt"),8,True)
   WriteMyData.WriteLine("the file was written to")
   WriteMyData.Close

Now, you can even change the location of the text file to place that does have permissions if you like.

This is what I would do if I was in there... then I would make some test payments using 1 cent and another paypal account (your allowed 2)

and see what happens

it is always possible the subscription code may have a bug in it. The last time I tested I only tested the single payment folder which worked perfectly. If I have time in the next couple days I am going to test the subscription stuff again. If there is something wrong I can cure it quickly.

The two routines share a lot of code in common.

I really do not know to tell you the truth. I'll do some research.

The script only allows .jpg, .jpeg, and .gif extensions.

If someone uploads a file called... "filename.vbs.jpeg" with bad vbscript in it I seriously doubt anything can happen because of it because of the extension.

But I really do not know.

It has never happened to any sites I have or know of.

You should not have single quotes around the "-1" because Album_Active is not a string field in the database. It's true/false or bit field in the database depending on the database you are using (MSSQL or ACCESS)

I'd do it a little more like this I think.

SELECT COUNT(Album_ID) AS Alb_Count FROM " & tbl_label_albums & " WHERE User_ID = " & CmdListUsers("User_ID") & " AND Album_Active = 1"

I took out the parentheses as well since I dont believe they are needed in a simple case like this

but is hard to say unless your the one testing it... my version might have a mistake as I am a little rusty with my SQL at the moment

also: in case your wondering...
depending on the situation and the odbc drivers the 1 and -1 should work either way but sometimes it's picky and you have to do it one way or the other

sorry,

there is not.. it gets really complicated
its practically a miracle it does what it does due to the nature of the web

perhaps with some modications it could do mroe but the current version pretty much does what it does

I have narrowed it down.  The ../ for includes will not work with .asp files but will work in .shtml files.

any ideas?

ok, PM me some additional info so I can go look around.

I dont quite understand everything going on.

Let me know what to do exactly to be successful logging in and also...

Let me know what to do exactly to reproduce the issue and I will tell you what I think.

The version of aspbanner you have should not matter.

What you are doing here is wrong.

<PARAM NAME=movie VALUE=" http://www.innovationtools.com/aspbanner/aspbanner/banner_re direct.asp?Banner_ID=25">

PARAM NAME=movie is supposed to link to your ".swf" file.
And thats why all you see is black.

I don't think you quite understood all of that information fully.

Your ".swf" files needs to be coded in FLASH to link to the aspbanner redirect url. You don't change that flash calling code like that.

The ".swf" file links to the aspbanner redirect url which tracks the click and then redirects the user to the Link URL

You basically need to code your ".swf" flash file to go to that aspbanner URL or code your flash file so it can take a parameter for the url it clicks to (like the macromedia article talks about. This has to be done when editing the flash file in the flash editor before the file is saved.

If you dont have access to the original ".swf" to edit it and re-save it.. your out of luck as far as tracking clicks goes

Thanks!  Will try both.

Appreciate the support.

Another good tip is to make a copy of the "password_admin/default.asp" named whatever you like..

"default2.asp" would work...

then maybe add a link to it from the header_inc.asp file

then you can modify that one all you want and your will still have the original around.



That concept works for a lot of things.. for example you could make a copy of the "users" folder and call it "users2"  granted a few paths might need to be changed here and there but really not a lot. (how do you think the paypal signup folders were created, they started as a copy of the "users" folder of course)

You can even make a copy of the "check_users_inc,asp" file if you like. Then make a copy of the "scripts/login_form_inc.asp" file... then make your new "check_user_inc.asp" file reference it.

Then you can password protect pages using different versions of the "check_user_inc.asp" file. Why ? well maybe you want different looking logn forms for different parts of your website or you want to make a lot of changes to the "check_user_inc.asp" file and want to leave the original alone.

The sky is the limit really. When it comes down to it besides the actual guts of the "check_user_inc.asp" file ASPProtect is nothing but html tags and chunks of simple server side code that produce more html dynamically. What your browser ends up with is basic html. (some client side javascript in certain cases, but that is pretty basic stuff too.)

I just installed the software, but I can't find any place where I can see when users logged in, can someone please tell me where I can do this?

Thanks

Disallowed Parent Path

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory. 

When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.

If it is not enabled on you server you will have to ask your host to enable parent paths for your website.

This is what the settings screen looks like on an XP Machine

Additional Information:

It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.

Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.

Hosting companies should if they are serious about hosting ASP.


If they won't your only option is to go through all the code and convert the file includes to virtual includes.

http://www.powerasp.com/content/code-snippets/includes.asp

The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)

Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc

Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.

In my opinion virtual includes are pretty useless for commercial web based applications...  Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.

For example...

The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->

But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this

<!--#include virtual = "/somedirectory/somefile.asp"-->

perhaps the filesystem object is disabled on the server ?
or some sort of script blocking is running and causing a problem ?

other than that I can take a look if you put it up on a live server.

Ya, you must have tried to upgrade from a really really old version like you said which wouldnt really work out because those instructions are specifically for upgrading a version 6 database to version 7.

That line error you had was looking for the User_ID field and I bet the version you had was so old that you didnt have a field named that as a few years ago the field "ID" got renamed to "User_ID"

As for all the cool stuff... yup there is a lot of cool stuff in this version... glad ya like it so far

Login failed for user 'aspgallery'.

Okay, shouldn't this be trying to use aspgalleryuser?

Lance

Just to let you know that i figured out my problem. I had to modify the connection in the email code and get the correct path from my provider.

I hope you enjoyed your vacation.

Thank you
Adam

I did try to redit the banner and the old link was there, not the new one.  In addition I tried to ad a new banner to an account but it too was not saved.

Since I can see the banners from the aspbanner solution, does that not tell me that the solution is properly connected to the database?  The only thing is the solution only appears to be able to read the data and not write or delete it.

The settings for the directory are read write execute and delete so I am not sure what I need to do to get it working again

Hello,

It is very possible (just basic ASP and database accessing techniques)
It is just not the sort of thing I support in the forums as it is a customization related.

Even for me something like that would take 1-3 hours of coding time. Basically, it is just not something I could just explain to you real quick.

You might want to pick up a good book on ASP or check out some of the great resources out there. http://support.cjwsoft.com/forum/forum_topics.asp?FID=17

Doing stuff like this is relatively easy, but can be time consuming work.


In the future please use a more descriptive topic for yours posts "I need help" is not exactly helpful to anyone else searching through the forums . I therefore renamed your post accordingly.

I really try to keep the forums organized and clean. That's all.

Thanks

I uploaded the files designed for an aspprotect folder at the root of my site (mysite.com/aspprotect) and went to mysite.com/password_admin/get_me_in.asp and receive this error:

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0xf54 Thread 0x908 DBC 0x90c41dc Jet'.

/aspprotect/scripts/populate_config_variables_inc.asp, line 11

I am assuming my host has still not set rights properly and that is why I receive this error. Am I correct?

 I will definitely recommend hosting company you suggested for our businees site.

I have never heard of such a thing...
If the settings are enabled for the web it should work.
That is, as long as your include file syntax is valid.

I run my own windows 2003 server (you are on it now) so I should know

for troubleshooting

try a very very simple example... like a file in a folder.. with a server side include to a file under it

and see if that works

use real simple asp files with nothing crazy in them... and an include like this

<!--#include file = "../myfile.asp"-->

(Password_Email_Confirmation_Mod) for ASPProtect Version 7.x

This will change the basic registration pages so that the email address and password entered must be confirmed when signing up. This eliminates the auto generated password during signup.

Some may prefer it working this way.

Directions:
Back up your existing ASPProtect installation.

Copy the two new files into your "users" folder

"register.asp"
"add_new_account.asp"

2005-12-01_182201_Password_Email_Confirmation_Mod.zip

Why all the pages at the directory .../password_admin/ are very slow to open online?

I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.

<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then  
 SearchFlag = True
End If
 
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then 
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>

</head>

<body>

My Protected stuff here

</body>

</html>

For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.

Thanks,

Mo

[/QUOTE]

I just added couple of lines and it works fine

If (Request.ServerVariables("REMOTE_ADDR")) = "xxx.xx.xxx.xxx" Then 
 ' Session("PasswordAccess") = "Yes"
 SearchFlag = true
End If

question 2 is answered best here

http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal

I should also mention that the paypal scenarios used in ASPProtect can not be tested using PayPal's sandbox. Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts)

then you can log into the other and refund the transctions and of course it makes sense to use low amount like 1 cent and what not.

Also, I'd love to see what you came up with with the integration. I have been working on it here as well and took it in a different direction as I plan to sell directions for it as an add-on for aspprotect. I have it all working here but so far I dont see an easy way to let other people do it as I had to change things in both systems in a lot of places. Utimately if done under a SQL environment triggers should be used at the database level and that is another consideration.

The random password is generated during signup and the function that creates it is located on this page of code.

users/register.asp

it looks like this

Function RndStr(Length, UseChrs)
 If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
 NewStr = ""
 Randomize(CByte(Left(Right(Time(),5),2)))
 For gpIndex = 1 To Length
  NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
 Next
 RndStr = NewStr
End Function

For example go to this page and hit refresh and watch the password change.

http://www.aspprotect.com/demo2/users/register.asp

Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.

Anyway... when signing up the new user of course has the option to change that password to something they would like better...

As far as... "selecting the same user name and password every time"

I need more information. That does not make sense for a lot of reasons.

Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.

So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.

Now of course if you edited the code in any way it is possible all this is not working correctly ?

far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything

once thing to be careful about

If you log in.. then log off... then go back to a page and do a refresh... you  may in fact be reposting the username and password from before.. thus logging yourself right back in

Perhaps not.. all depends on what your doing... but it is something to be careful of when testing 

It's seems to work fine after renaming the file, rebuilding the application, and editing the web.config file to point to login.aspx. It looks like I can use your fine product and thanks again for the help. It was unusually easy. Merry Christmas…

Chris:

I just got done trying it myself and it worked great for me too. I was aware of the security issue, but I'd already planned on using SSL for this particular call, as well as for the secured pages accessed through the normal process, so the bad guys will be kept at bay.

Thanks for the help.