An email I just received from eastcoastguy.. to keep this thread up to date

I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.

<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then  
 SearchFlag = True
End If
 
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then 
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>

</head>

<body>

My Protected stuff here

</body>

</html>

For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.

Thanks,

Mo

I have never heard of such a thing...
If the settings are enabled for the web it should work.
That is, as long as your include file syntax is valid.

I run my own windows 2003 server (you are on it now) so I should know

for troubleshooting

try a very very simple example... like a file in a folder.. with a server side include to a file under it

and see if that works

use real simple asp files with nothing crazy in them... and an include like this

<!--#include file = "../myfile.asp"-->

• What kind of encryption do you use with version 7?
• If I purchase version 7 and use it on my site with a new SQL database then migrate the old records from version 6 so I can by-pass the issue with my home-grown Base 64 encryption, do you forsee other issues with the upgrade?

Hello,

Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.

If you design the site to be intelligent that scenario should never happen.

For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.

It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.

Here are some simple examples.

Here is an example using access levels.

<%
If Session("Access_Level") = "1"  Then
' show links to pages that allow access level 1
End If
%>

And one for groups..

<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>

- I am using the original files that came with the software.
- The software ads items to the database flawlessly.
- ASPImage works great.

- When I try to remove an ad or an image it says it's been removed.
- The ad does not show up on the site anymore.
- BUT, when looking at the sql database the ad is still listed there.

Why is the software not deleting the columns from the database and the images from folder?

Note: My other tables for other projects, in the database, allow me to delete them.

I used Dreamweaver4 to make my site is there anything I can do to make it work?

Thank you so so much! I went to the admin area and changed the email component from CDOSYS (using remote server) to CDOSYS (using port 25 forwarding) and all is working great now!

Again, thanks!

More Upgrade Info

To upgrade an existing ASPBanner system please follow these steps.

Back up your old system completely before starting.

Install the new system per the installation instructions that came with it.

Once it is running simply use your old ASPBanner database with the new system.

You may also want to keep your banner images folder from before in the same location so your existing banners still link to valid image urls because the new system stores banner images in a new location.

Since the config table in the database is no longer used you will need to go to the settings screen of aspbanner again and configure things. The config table in your old database can be deleted or left alone. It won't be used anymore so it does not matter either way.

That is all there is to it. If you have any issues please ask in the forums and we will help you out.

Christopher,

Thank you again Sir. Your quick responses and helpful demeanor add greatly to the value of your software.

It seems that if a user attempts to access a page that is not in their access level or they do not have the group permission they are redirected to the login page.  Re entering their ID generates an eror and they cannot go back to the pages they are alowed to access.  Is there a way for them to simply be blocked and return to the previous page or to a defined page so they can continue using the site?

thankyou 

Is there any way to extend the limit multiple login feature to a certain number instead all or none?  In other words, i need to have a user be able to use the same login for x number of people.  My customers are institutions and want to be able to have a single login for however many users they purchase for.

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

Hi, its just not something i can suppport as I do not support custmizations to the code epecially when dealing with an image component that is not supported by the application.

Sorry, its something you have to figure out. Bascially I would suggest looking at the existing asp image resizing code and using that as a guide.

Have you considered just buying a license of ASPImage and asking the host if they will install it after you purchase it. It sounds like it may save you a lot of time.

If you are ever looking for a good host for ASP. www.alentus.com is one of the best. There 9.95 plan gives you access to 3000.00 of commercial quaility asp components also which is nice.

you have to check the session variables for groups a little differently.. info on that is here

http://support.cjwsoft.com/code/moreinfo198-1.htm

IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ;PN=1


The IPN Subscription Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement PayPal IPN Subscriptions with ASPProtect. IPN stands for (Instant Payment Notification). It allows you to set up scripts on your server so whenever a PayPal payment is processed the PayPal server sends info to your server regarding the transaction and vice versa. This is a fully automated process and allows you to charge users for access by the month or however long you like.

The Subscription feature of PayPal handles recurring billing automatically. The PayPal server will communicate with the ASPProtect system and keep everything up to date with users and their subscriptions.

This Support Pack basically gives you an additional signup and registration directory "paypal_sub_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup. New users can register in this directory and sign up for a subscription at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and start a subscription. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via PayPal your system is updated and they will have access.

To use this all you need to do in ASPProtect 7 is enter your PayPal account name into the settings screen. It will be an email address. You'll need a business or premier account with PayPal and you will need log into your PayPal account and turn on IPN in you profile. They make you enter a default IPN URL. We do not use that so if you already have something there leave it there. If you dont have something there you can type in any the full url to any page on your server. It's probably best to send it to an empty ".asp" page or something.

Changing Payment Options

In the "paypal1.asp" file there are some sample payment options set up.

They look like this and you can have as many as you like.

<!-- Begin Payment Option Code -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">

<% Label = "Membership (1 Month) $9.99 Recurring" %>
<!-- Begin Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="a3" value="9.99">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<!-- Field Below must have 2 commas First two values are optional (access level,groups,user ID)-->
<input type="hidden" name="custom" value=",,<% =User_ID %>">
<!-- End Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->

<!--#INCLUDE FILE="form_data_inc.asp"-->
<input type="image" src="https://www.paypal.com/images/x-click-but20.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">

</form>
<hr>
<!-- End Payment Option Code -->
 

To really understand what these form values mean it is best to look through the PayPal Subscriptions Manual which is a PDF file you can get from the PayPal Site.

This link was valid the last I checked...
Subscriptions and Recurring Payments Manual

It also may be helpful to use their wizard to create some subscription buttons with different settings and then look at the code generated.

Bascially these are the important ones..

a3 - amount to billed each recurrence t3 - time period (D=days, W=weeks, M=months, Y=years) p3 - number of time periods between each recurrence

The custom field is something we are using to send info from ASPProtect to PayPal.
it allows you to set the access_level or groups access (groups support require the ASPProtect Option Pack)

<input type="hidden" name="custom" value=",,<% =User_ID %>">

or this example where we are setting the access_level to (2) and also giving the user access to groups (3 and 4)

<input type="hidden" name="custom" value="2,*3*4*,<% =User_ID %>">

Here is how it works.
The value setting (red) is essentially and array that can be made up 3 elements separated by comma's

access_level,groups,User_ID

If you do not want to set the access_level or groups access.. then you don't even need to edit the setting.

Values must be separated by a comma even if there is no value and there can be no spaces.  If you didn't want to set an access level or groups there would still be 2 commas at the beginning.  etc etc
Basically there must always be 2 commas but you only have to set last values which is the User_ID from the ASPProtect system.

The 1st value is the access level you want to user assigned to.
The 2nd option is the groups you want the user assigned to. (requires option pack)
The 3rd option is the User_ID which the system takes care of. Do not edit this option. Leave it as <% =User_ID %>
 

Editing the look of the login page.

In this version editing the look of the login page is very easy.
You can make this login page look exactly like you web site if you like.

You want to edit the "scripts/login_form_inc.asp" file.

It can be edited with any editor as long as the existing bits of server side code in it and the login form remain in tact.

The best thing to do is back it up before you start editing it.
Then if you goof it up you can revert back to the original.

If you edit this page with FrontPage enable the "show all" feature.
Its the little PIE sign in your icons. It will show the server side code as yellow things on the screen so you know where they are and can be careful not to delete them.

see screenshot

Christopher,

I can empathize. It can be a real pain to stablize a server and fend off hack attacks.

As for beta testing, I was referring to once you get to the point where you're ready to release it to the public whether it's this month, next month, etc.

Good Luck!

Al

What about browser caching ? It can happen easily especially if you update pictures over one another.

emtpy out the temp files of ie (take a while usually).. close all ie windows and go back..

Otherwise I need detailed info on the problem. What you told me is not enough to troubleshoot. There are so many factors like what image  image rezie component you are using, the size of the pictures before conversion, server resources, what your doing regarding 3 albums.... etc etc

I have imported 100 pics at a time into an album on a fast server with no issues. Thats using any of the image resizing components.

If an album is new what your describing should never happen. Again, it think what your seeing is browser caching playing tricks on you. We have anticaching things in place so thumbnails never do that but not for the large images.

OK, well, that error is pretty self explanatory really. There isn't anything else it could mean.

What you showed me in that screen shot all looked correct, but still permissions to that file just can't be correct. The paths are correct. The path to the file looks correct. The ASPNET (ASP.NET) account looks correct.

I would try settings permissions directly on that XML file. Perhaps child permissions did not go through the way you intended. (the advanced tab must be used for that) If that doesn't work try giving ASPNET and Everyone full permissions on the file directly.

Possibly check the paths in the web.config file just for the heck of it.

Last case scenario, you can edit that XML file directly instead of using the screens in the application. Of course if that file does not have correct permission chances are other things like log files will give you issues as well.

That is all I can think of right now.

Hello

I have a strange problem with the thumbnails in the ASPClassifieds.
If i upload some pictures in an ad, the 2nd picture always shows with an x, as the picture doesn´t exists. But if i click on the 2nd thumbnail, the picture shows okay. I haven´t changed enything from the original code.
Does anyone have any idea, where it goes wrong ?

With best regards, Erling Larsen

ASPProtect v7.x has a new feature called groups.

Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customer that was using them.

A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.



Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.

For example..

You make 8 groups and assign users to them accordingly

Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any one of those groups would have access..

Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  2-8 would have access..

Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  3-8 would have access..

and so on... I think you should get the picture by now

OK, I just spent like an hour in your site.. I almost gave up

1st off... I don't know what FTP Program/Settings or what OS you are using but all the ASP Protect Files had been reformatted in a odd way which was causing some issues and the database also had problems. Your somehow introducing all sorts of UNIX line breaks to all the files and the database was actually missing some crucial parts of itself and was corrupted. So I had to update everything which means a new database. I have never seen anything like it but I fixed it all. Its something you are doing but I do not know what. Maybe your unzipping method again ?


So to get back into the admin area...

admin
test

Now, the reason  the albums were not showing is because you are using the ole connection string which causes problems like that. However because you host has like the worst setup ever with that network path crap for the site that was the only connection string that would work for some reason.

I highly suggest a new host with a proper setup for running ASP. www.alentus.com
Your hosting companies setup is horrid as far as I am concerned.
Access Databases are not meant to be connected to via a network path.
http://www.aspfaq.com/show.asp?id=2168

Anyway, I rewrote some of the code because of the ole connection and got the albums showing up for you.. who knows what other problems that OLE connection may bring up in the future.. for now things I tested seem ok.

As for your broken image in the your header/footer...  You cant link to images and links using virtual pathing in those includes because the files are called from different directories and will work in some and not others

so when your in the root you see the image, when in a different folder you see a broken image

In other words.

link to

http://www.vickerylightning.com/gallery/vickery_template5_r2 _c1.jpg

not just

vickery_template5_r2_c1.jpg

The same goes for hyperlinks.. use the full url paths


Whatever you do...Back up the gallery folder with my changes before you go doing anything.

Hello,

1.)

I dont really have any ideas about the japanese characters. I also don't have any ideas about changing settings in the database. Your going to have to do some research on all of that.

Perhaps try pasting the text into a text document 1st.. then copy/paste them into the application. Perhaps that will eliminate any unseen weird characters. I do it sometimes when pasting things from word to my html editors and it works great.


2.)

I dont/cant support custimization to the code but here are some tips to get you started.

edit "items_inc.asp" carefully with a text editor
(back it up before you begin so you can revert back)

change this anywhere you see it

?SORTBY=Name

to

?SORTBY=Name+Asc

or

?SORTBY=Name+Desc

Expiriment to see which gives you the desired sorting.
Do the same process for the price.
The + Sign just passes a "space" back to the page in the proper format if you are wondering.

3.)

The items for page setting is easy. Just go to the settings page when logged in as the admin. Edit this field.   "ResultPageSize"

ok, I moved this thread..

The code in the ASP application handles all encryption and un-encrpytion of passwords in the database. I uses the vbscript RC4 function and the password encryption key specific to your installation to do this.

The whole idea is that if someone gets your database and opens it up that they will not get the passwords (utilitiies to crack access databases are common and work well so they can easily get by the main password)

That being said when you open the database manually your not supposed to see clear text passwords. Your also not supposed to have an easy way to make them clear text. It's a security thing. 

Though I am not officially supporting it I will tell you what I think would be the easisest way to make an export file with clear text passwords in it.

Use the export fire creator in the admin area of aspprotect.
Mosdify "export.asp"

change

Password = CmdDataExport("Password")

to

Password = RC4(CmdDataExport("Password"), PasswordEncryptionKey)

Then make an export file and see if that worked.
you can then import the export file into and access database or do whatever you like with it.

Microsoft VBScript compilation error '800a0400'

Expected statement

D:\CLIENTS\RKLARMAN\DRSWEISBERG\PASSWORD_ADMIN\../dataconn_i nc.asp, line 18

<%
^

(Capcha Security Image Mod)

This mod will add a Capcha Security Image to the registration signup form.



Instructions:

Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/

Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.

Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.


    <tr>
      <td valign="top" align="right"><font face="Arial" size="2"><strong>
  Newsletter</strong></font></td> ; ; ; ; ; ; ;
      <td valign="top">
  <input type="checkbox" name="Newsletter" value="True" checked>
  <font face="Arial" size="1">Do you want to be subscribed to the
  newsletter ?</font></td>
    </tr>

    <tr>
      <td valign="top" align="right"></td>
      <td valign="top">&nbsp;<img src="aspcaptcha.asp" alt="" width="86" height="21" />
   <font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
   <input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
    </tr>

    <tr>
      <td colspan="2" bgcolor="#FFFFFF">
        <p align="center"><input type="submit" value="Register"></p>
      </td>
    </tr>


ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.

If User_Custom6_Used = True Then
 If User_Custom6_Required = True Then
  If  Custom6 = "" Then
   ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
  End IF
 End If
End If
 
 strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
 if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
 else
  ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
 End If 
 
If ErrorMessage <> "" Then
 Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
 Response.End
End If

Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.

The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.

Download Documentation

You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.

Please continue to check the support forum threads for the most up to date documentation.


IMPORTANT
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then  choose unblock down in the lower right corner ...then you can open and view the file correctly

its a text file   you just edit it with notepad..  if ya mess it up ya put an original copy back in

no biggie either way

jump in there..

I just showed ya exactly what to change.. its a no brainer man
This is simple source code. It's meant to be edited and hacked.

The only reason I warn you is so you can't blame me later on if it effects something

I am just trying to help

If ya dont like that solution why not just use periods for the first name field.. or a dash or something... then nobody will really see it

or maybe store the company name in the first_name field

seems like clever things to try without changing the code..

good luck...

What other information do you have ?

Details are very important.

Info on situations where it works... like OS, browser version.. etc etc

Info on situations where it does not work... same stuff

size of the PDF files ?

server info ?

Maybe protect a page and offer a PDF file so myself and some of the forum users can try it and report back what happens.

Also, Many people zip up PDF files when letting people download them as browsers can act pretty odd at times with them. Perhaps that is an option.

We can't seem to find the purchase emails for this install of ASPProtect.

It would have been in May 2004 for NetOptions LLC or CareerMatrix.com

We noticed it should have been v6 of ASPProtect.

Can you resend the download links?