I'm using version 6 upgrade and recently some of the users complained that their passwords are no longer working. I was able to replicate the problem as I also experienced the same thing with my account.

Once I reset the password thru e-mail (Forgotten your password?), I am able to login but it fails later. This is weird as I have an identical copy of the code running flawlessly  on my test server.

The only change which I made to the original downloadable code is by adding password encryption using Base 64 encryption.

Any ideas what might be the problem

I would say that it isn't all that difficult using mySQL for the backend....the main thing is to make sure you set the primary keys for auto-incrementing in your database.  Alos need to make sure that any DELETE SQL statements are formatted like this

DELETE FROM tblName WHERE tblField=SomeValue

and not

DELETE * FROM tblName WHERE tblField=SomeValue

The same holds true for using MSSQL

While attempting the database connection test, I receive the following error:

Server Error in '/' Application.

---

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Security error.] aspprotectnet.DBConnectTest.Page_Load(Object sender, EventArgs e) +0 System.Web.UI.Control.OnLoad(EventArgs e) +67 System.Web.UI.Control.LoadRecursive() +35 System.Web.UI.Page.ProcessRequestMain() +2112 System.Web.UI.Page.ProcessRequest() +218 System.Web.UI.Page.ProcessRequest(HttpContext context) +18 System.Web.CallHandlerExecutionStep.System.Web.HttpApplicati on+IExecutionStep.Execute() +179 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.

So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?

Or is there another way..?

I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.

If you re-start the web via IIS, reboot the server, or (possibly) just add and remove a category... that will clear up.

ASPClassifieds and ASPListings must be installed in seperate IIS applications if they are the same web. Otherwise the category caching system of each system will interfere with each other. They were never intended to be installed in the same web together since ASPListings is merely a stripped down version of ASPClassifieds and they share a lot of the same code. Like I said though if different IIS applications are set up in the web site you can do it because each IIS application will have it's own set of application and session variables.

ok, then I need more information.

Was the code changed ? Thats the big one. If it worked and now it doesn't something must have changed. Things just don't stop working on their own. I would try putting the original files back in there for everything but the config and dataconn files just to make sure and see and if it works with the original files. (back up your old ones 1st so you can copy them back of course)

Also, perhaps PM me the site info so I can go look as well.

(Capcha Security Image Mod)

This mod will add a Capcha Security Image to the registration signup form.



Instructions:

Download the latest version of the ASP Security Image Generator from this site. http://www.tipstricks.org/

Unzip that download and copy "aspcaptcha.asp" and "aspcaptcha_distort.asp" into the aspprotect "users" folder.

Now edit "users/register.asp" with a text editor and add the code shown below in blue. The code to add goes near the bottom of the form right above the submit button. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.


    <tr>
      <td valign="top" align="right"><font face="Arial" size="2"><strong>
  Newsletter</strong></font></td> ; ; ; ; ; ; ;
      <td valign="top">
  <input type="checkbox" name="Newsletter" value="True" checked>
  <font face="Arial" size="1">Do you want to be subscribed to the
  newsletter ?</font></td>
    </tr>

    <tr>
      <td valign="top" align="right"></td>
      <td valign="top">&nbsp;<img src="aspcaptcha.asp" alt="" width="86" height="21" />
   <font face="Arial" size="2" color="#000000">Type the characters shown in image for verification.</font><br>
   <input name="strCAPTCHA" type="text" id="strCAPTCHA" maxlength="8" /></td>
    </tr>

    <tr>
      <td colspan="2" bgcolor="#FFFFFF">
        <p align="center"><input type="submit" value="Register"></p>
      </td>
    </tr>


ok, now edit "users/add_new_account.asp" with a text editor and add the code shown below in blue. Just add the blue code. The code around it is shown to help you find the area of code where it gets placed.

If User_Custom6_Used = True Then
 If User_Custom6_Required = True Then
  If  Custom6 = "" Then
   ErrorMessage = ErrorMessage & Server.URLEncode("You need to enter a " & User_Custom6_Name &".\n\n")
  End IF
 End If
End If
 
 strCAPTCHA = Trim(Request.Form("strCAPTCHA"))
 if strCAPTCHA = Trim(Session("CAPTCHA_" & Session.SessionID)) then
 else
  ErrorMessage = ErrorMessage & Server.URLEncode("You did not type in the verification info correctly.\n\n")
 End If 
 
If ErrorMessage <> "" Then
 Response.Redirect "register.asp?" & Request.Form & "&ErrorMessage=" & ErrorMessage
 Response.End
End If

Your done. You just added a Capcha Security Image to your signup form. If you would like a more distorted image that is more difficult for an automated program to figure out change the image tag to call the "aspcaptcha_distort.asp" page instead. It will look more like this.

I'm using Aspimage and SQL. Photos are 2464 x 1632 px, tried the upload and import directory methods, same results: thumbnails ok, full images 0 bytes.

ServerSoftware Microsoft-IIS/6.0
ServerName www.larrysampas.com
ServerProtocol HTTP/1.1
PathInfo /gallery2/extras
PathTranslated d:\Customers\user1095000\www\gallery2\extras
 
FILE SYSTEM OBJECT Installed
ADODB (ActiveX Data Object) Version: 1.2 Installed  
CDONTS Version: 2.80 Installed  
SMTPMail Version: SMTPMail Retail Version V2, 2, 1, 0 Installed  
JMail Version: 4.1.2 Installed  
AspEmail Installed
AspMail Installed
SAFILEUP Installed
Dundas Upload Not Installed  
ASPImage Version: 2.31 Installed  
AspJpeg Not Installed  
ImgWriter Not Installed  
 
Script Engine 
Type VBScript
Version 5.6
Build 8515

ConnectionString = "DBQ=C:\TradersReportsCom\aspprotect\data\database\ASPProtec t_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

I have already set the folder permissions as indicated in the documentation.

http://support.cjwsoft.com/code/code_info.asp?TID=319&KW =paypal

>>I should also mention that the paypals scenarios used in ASPProtect can not be tested using PayPal's sandbox.

>>Also test using two real PayPal accounts and on a live setup. (You'll allowed two paypal accounts) then you can log into the other and refund the transctions and of course it makes sense to use low amount like 1 cent and what not.

Yeah, been messing around with that.  Got everything going except the return page which I can't do until the site is live. 

>>Also, I'd love to see what you came up with with the integration. I have been working on it here as well and took it in a different direction as I plan to sell directions for it as an add-on for aspprotect.

Ok.  Will email you with a username and password for access to the site once it's live. 

Sounds like a great add-on for ASPProtect!

I Dont know... it shouldnt do anything like that.

if it ever asks to download a aspx or asp page its generally a server configuration issue not related to the actual code

provided you arent trying to grab the injectbanner page through an iframe call which is only for use with the javascript method of calling banners

Ok nevermind that... i got by that wasn't paying attention...

The problem is even before this which i didn't know until now.

I placed the protect tag in a page i called members.aspx

When i go to this page is says ACCESS DENIED etc etc etc.

When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:

Server Error in '/MAP' Application.

---

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /map/users/aspprotectlogin.aspx

btw it says /map because that is the subfolder within the root folder

I would look on the pictures folder on the server and see what is there for pictures. Also, when you see a broken X on the site right click and see where it is trying to get the picture from and what the pictures name should be.

I would also be sure to clear out your temporary internet files in IE. clost and restart all browsers..

maybe show me the site ? so I can see this happening ?

I'm using the groups protect feature on my pages. None of them seem to close the session after clicking 'logoff'. I can tell because if I hit the back button and return to the group-protected page, hit 'refresh', the page refreshes, I'm not asked to log in again.

On the other hand, when I open a page that's protected by an access level and click 'logoff' (uses same logoff asp file to logoff), it seems to work fine - if I go back a page and refresh, it asks me to log in.

Just wondering - is anybody else having problems like this? Maybe I screwed something up in the few adjustments I made a while back. Any idea what it might be?

Hello- I am trying to install the ASPPROTECT product and tried to read all the docs but still am getting the following error:

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x1980 Thread 0x1458 DBC 0x223c374 Jet'.

I understand about the physical path for the DSN-less connection and followed the example given. I got in touch with tech support for the host of my site and the give me the following as a physical path:

c:\sites\Single20\laptv1\database

Some observations:

1.- The database directory is outside the root dir but I think I am accounting for it with the path

2.- The permissions are ok

Any ideas?

Thanks

FP

check the action for the button in the code... its probably not posting back the the right page which should the same page it is...

I bet ya it is posting to guestbook2 which is the wrong directory... an old mistake I forgot to correct...

IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ;PN=1


The IPN Subscription Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement PayPal IPN Subscriptions with ASPProtect. IPN stands for (Instant Payment Notification). It allows you to set up scripts on your server so whenever a PayPal payment is processed the PayPal server sends info to your server regarding the transaction and vice versa. This is a fully automated process and allows you to charge users for access by the month or however long you like.

The Subscription feature of PayPal handles recurring billing automatically. The PayPal server will communicate with the ASPProtect system and keep everything up to date with users and their subscriptions.

This Support Pack basically gives you an additional signup and registration directory "paypal_sub_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup. New users can register in this directory and sign up for a subscription at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and start a subscription. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via PayPal your system is updated and they will have access.

To use this all you need to do in ASPProtect 7 is enter your PayPal account name into the settings screen. It will be an email address. You'll need a business or premier account with PayPal and you will need log into your PayPal account and turn on IPN in you profile. They make you enter a default IPN URL. We do not use that so if you already have something there leave it there. If you dont have something there you can type in any the full url to any page on your server. It's probably best to send it to an empty ".asp" page or something.

Changing Payment Options

In the "paypal1.asp" file there are some sample payment options set up.

They look like this and you can have as many as you like.

<!-- Begin Payment Option Code -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">

<% Label = "Membership (1 Month) $9.99 Recurring" %>
<!-- Begin Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="a3" value="9.99">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<!-- Field Below must have 2 commas First two values are optional (access level,groups,user ID)-->
<input type="hidden" name="custom" value=",,<% =User_ID %>">
<!-- End Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->

<!--#INCLUDE FILE="form_data_inc.asp"-->
<input type="image" src="https://www.paypal.com/images/x-click-but20.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">

</form>
<hr>
<!-- End Payment Option Code -->
 

To really understand what these form values mean it is best to look through the PayPal Subscriptions Manual which is a PDF file you can get from the PayPal Site.

This link was valid the last I checked...
Subscriptions and Recurring Payments Manual

It also may be helpful to use their wizard to create some subscription buttons with different settings and then look at the code generated.

Bascially these are the important ones..

a3 - amount to billed each recurrence t3 - time period (D=days, W=weeks, M=months, Y=years) p3 - number of time periods between each recurrence

The custom field is something we are using to send info from ASPProtect to PayPal.
it allows you to set the access_level or groups access (groups support require the ASPProtect Option Pack)

<input type="hidden" name="custom" value=",,<% =User_ID %>">

or this example where we are setting the access_level to (2) and also giving the user access to groups (3 and 4)

<input type="hidden" name="custom" value="2,*3*4*,<% =User_ID %>">

Here is how it works.
The value setting (red) is essentially and array that can be made up 3 elements separated by comma's

access_level,groups,User_ID

If you do not want to set the access_level or groups access.. then you don't even need to edit the setting.

Values must be separated by a comma even if there is no value and there can be no spaces.  If you didn't want to set an access level or groups there would still be 2 commas at the beginning.  etc etc
Basically there must always be 2 commas but you only have to set last values which is the User_ID from the ASPProtect system.

The 1st value is the access level you want to user assigned to.
The 2nd option is the groups you want the user assigned to. (requires option pack)
The 3rd option is the User_ID which the system takes care of. Do not edit this option. Leave it as <% =User_ID %>
 

If you run asplistings auto in its own folder with its own application in IIS. Connected to its own database.

And you run your other version of ASPListiings in its own folder with its own application in IIS. Connected to its own database.

You will have zero major changes to make to anything... other than what you did above..

But remember theyare the same app and share a lot of thing including sessions and application variables.. that is why if they are installed in the same domain each one needs its own application set in the IIS console so they run seperately of one another.

Need to clarify something..

Your talking about the page where a new user registers right ?
Your not talking about adding a new user from the admin area ?

Either way under no circumstances do I see anything like you are saying happening nor has any other ASPProtect user ever mentioned this probem.

I am going to need to see your site and see this happening. It just makes no sense the way you are describing it.

Also. did you edit the registration page code in any way. If so please revert back to an original copy to ensure this is not some sort of problem introduced by editing the code.

Yup, it probably means the virtual directory is not configured as an Application in IIS.

You did put this in a plain folder in your web, correcct ?
Not a subweb

Regarding the application settings for the virtual directory.. if it is your server you set that stuff up in the IIS console.

If hosted somewhere it is there responsibility to have that set up correctly for you and you need to contact them and ask them what the deal is.

I really need more information.

Connection strings being used ?
How have permissions for the database folder been set ?

etc etc  the more specific the better

You also may want to download ASPTest from our main site and see if you can get that running.

I would suspect your problem relates to the databases having a password set on them. Probably the ones you connected to didn't. It complicates setting up a connection correctly (especially a dsn) but there is a good reason for it as it adds a little extra security.

And of course my detailed article on the error.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1

Good Morning, any suggestions on how to best "fake out the system" -- I would like to try to keep this clean so I can see the real errors?

My thought was to try to just move those .gif files to the directory that it thinks it should be in -- do you have any better suggestions? Or reasons why I really wouldnt want to do that?

While my host says the permissions are now correct....its still trying to download the setup ASP file instead of executing it.

I really need to get this application working asap too.  I noticed the purchasing page said that install came free.....so any help would reaallly be great.

re

Chris.

After I had you install ASPProtect I added the ASP protecting code to the top of my home page:

<%@ LANGUAGE="VBSCRIPT" %>

<% CHECKFOR = "1" %>
<!--#INCLUDE FILE="../../check_user_inc.asp"-->

Then I made my index.html page my login page buy using the script "Login form on a non protected page" on that I changed <form method="POST" action="memberarea.asp"> to <form method="POST" action="home.html">. 

When I try to log on to that page I get en error page HTTP Error 405 - The HTTP verb used to access this page is not allowed. Internet Information Services (IIS). I checked with my hosting company GoDaddy.com and they informed me that due to the fact that they do not have ASPProtect instaled on there systems they can not support it.  In recent conversations you told me that you have customers that do use godaddy and you products. 

Can you please tell me what I can do to get this working?

Thank you for your time and help.

I think its great to share a mod.

I will have  few with the new album.

Did you see this thread. It shows how to set up the project in Visual Studio in detail.

http://support.cjwsoft.com/code/moreinfo85-1.htm

Hi,

1. Two months ago, we have set up to use the Subscription services exclusively for all new members and renews. and removed the regular payment service, a carry-over from v6.
2. Many from the "pre-subscription" service have yet to expire, thus have a populated expiry field.
3. With a 10 month bridge before we get all the members onto the Subscription service the "Send email to users that are soon to expire."
is used to remind these.
3. When members RENEW using the subscription service, the Expiry Field is not Nulled and they become targets for future reminders although they have renewed as Subscribers.

XYZ signed up on Nov. 05 2004, we send him a reminder in Oct 2005 and he renews as a SUBSCRIBER. His expiry date field is not nulled and he will keep getting notices although he has paid for another year.

Hope this is clearer... Thanks

yeah.. I cant say for sure.. as I have never really tried to get it working in xp pro.

Last time I actually used cdonts locally was on a 2000 box

I would do a google search on xp pro, smtp service, and cdonts and let us know what you find out.

All of our apps can use free 3rd part emailing components as well so maybe try some of those. Course you need a valid email server to connect to.

yes, usernames and passwords are both case sensitive. It increases security.

Hallo,

Can I change the number of the access levels?

I want to have about 20 levels...