No problem. I get it now.

I added a Session Variable for "Counter". Then wrote an If statement around that. When the user logs on for the first time they see a window pop, after that the normal start page.

Thanks

When I enter www.vickerylightning.com/aspgallery/dataconn_inc.asp on the screen it says "Not a valid bookmark"

as far as that goes I have no idea.. I have never seen that message before but you are not suppose to run that page by itself regardless.. it is an include file not meant to run on its own

yes, PM me the encryption and cookie keys if you don't mind.
I can add it to my combinations that cause trouble.

it might help me to figure this problem out.

Hallo,

Can I change the number of the access levels?

I want to have about 20 levels...

so use the connection string the readme.txt in the sql installation folder file tells you to... it has the correct username.. I just posted that info above

or change the username in the connection string so its rigfht

or go into sql and give any user you want access to the database and use them

Any connection strings that come in the datacon_inc.asp file the way it ships are examples. We fully expect people to edit them.

Also.. the SQL scripts primarly goal is give you a properly set up database with correct files and table settings. Users and permissions often need a little extra attention from the installer as that part doesn't always get set right by the scripts It really all depends on what sql user you are when you execute the scripts. Many times the user someone logs in with doesn't have permission to make users and set permissions.

Really awesome, thanks..

If possible please be sure to respond to the email they send so the review ends up authenticated

Hi,

First and foremost, a great product. I downloaded it last night and it took little effort to get it up and running

.....now a little question...

Has the software/code been tried out on a Mysql db and if so did it work?

The reason I ask is that my website is very busy (1.5million page views per month avg) and I'm considering converting the ASPBanner Access db to a Mysql one to help handle the traffic. For every page view one banner impression is being made which means that the Access db is under a bit of pressure

This afternoon there were 1012 simultanious users on the website and it froze with an error message displaying where the banner should have been (I didn't quite catch the message but something to do with the banner script timing out). I'm not sure if the Access db had something to do with it but it seemed too coincidental. Rebooting the server cured the problem but obviously kicked off the visistors as well
At present there's 668 online and no problems so I'll have to monitor it to see how it goes but if anyone can answer the Mysql question I'd be grateful

Thanks,

Dave

You can't unless you plan on editiing and custimizing the code.

The application is only designed to have one kind of admin and that kind has full access to the admin area.

You can of course give any user access to stats for their banners via the bannerstats page.

That is how it works. There are no other levels of admin access.

I finally spoke with someone who knew what I was asking for and they set the rights and all is fine.

Thanks for your help. Wish all business' had customer support like here

Ok i was wanting to know what the "if then" statement would be if i wanted to show xxx if your group is xxx.

I tried

    <% If Session("Groups") = "1" then%>
    <font size="2">TEXT HERE</font>
    <%end if%>

But that did not seem to work.

This may be an old question ??? If it is please point me to the post or documentation where I can find the answer please.

When creating protected pages I am using the following to protect them:

<%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="/aspprotect/check_user_inc.asp"-->

But that is not working. I get the following error when I try to access the members logon page in the directory that I wish to add the pages to:

Active Server Pages error 'ASP 0130'

Invalid File attribute

/filelocation/filename.asp, line 3

File attribute '/aspprotect/check_user_inc.asp' cannot start with forward slash or back slash.

However if I create the pages in the root of the AspProtect directory and use a link to the same page that exists in the AspProtect directory and the following include:

<%@ LANGUAGE="VBSCRIPT" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

The pages work fine.

I really do not want to put all of my protected pages in the root of the AspProtect directory.

 I would like to mix protected and unprotected pages throughout the site in order to #1 make it easier to administer. #2 keep the AspProtect directory solely for authentication. And, #3 keep any user authentication pages out of the AspProtect directory.

TIA

More Info in Case Anyone is Interested:

This bug was mentioned by a couple people. The cause of it was never really understood until I recently re-wrote some of the banner code for an upcoming version.

The fix for this bug was very simple. It was just one of those weird situations where code should have worked but did not. I added some code to do it a bit differently and it worked as it should have..

It really still makes no sense to me why it didnt work the way it was, but at least there is a fix.

I'm using the groups protect feature on my pages. None of them seem to close the session after clicking 'logoff'. I can tell because if I hit the back button and return to the group-protected page, hit 'refresh', the page refreshes, I'm not asked to log in again.

On the other hand, when I open a page that's protected by an access level and click 'logoff' (uses same logoff asp file to logoff), it seems to work fine - if I go back a page and refresh, it asks me to log in.

Just wondering - is anybody else having problems like this? Maybe I screwed something up in the few adjustments I made a while back. Any idea what it might be?

ACCESS DENIED

INVALID Username & Password

Username HAS EXPIRED

as far as permissions are concerned I wrote two large articles about permissions that cover everything in detail on how to properly set them

http://support.cjwsoft.com/code/info11.htm

see the windows 2003 and windows xp permission threads

From things you are saying I assume this is your server. My comments about the path looking funny are because very few commercial hosts would use the "c:\inetpub\wwwroot\" directory. If you are using that and that is correct info then that is fine.

as for knowing whether or not the filesystem object is working the best thing to do is to try to write  a text file somewhere in your web and see if it works. Testing something under the most basic scenario is the key to troubleshooting asp issues.

http://www.devasp.com/samples/writetofile.asp

I am using VS 2005, when i go to new project in visual basic folder asp.net web application is not there..

Can i add it somehow?

Is it possible to set the user account time limits when they register? I am using email verification and am trying to have their accout expire 32 days after their initial login.

Also I have an issue with the email notification not notifying me when a new user logs in. It does a beautiful job notifying the new user.  I do not understand why my server will send to one and not the other, I ahve searched the links but none seem to answer this.

Thank you for your help and insight

Hi,

I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working.

yeah.. thats an old graphic probably only seen in a few places.

it is not on the main site
http://www.cjwsoft.com/
or here
http://www.aspprotect.com/
or here
http://www.aspbanner.com/
or here
http://www.aspclassifieds.com/
or here
http://www.aspphotogallery.com/

but I am sure there are a couple of pages left over still using it like the aspvendor and asplistings pages.. etc    I am aware of it, just been too busy to go change them and I didn't consider it a big deal

2003 servers are NT based anyway

1st: try it with a normal dsn-less connection like we show in the example.. dont use that OLEDB.4.0 connection string.. connecting like that can cause a lot of problems and is not as great as everyone thinks it is and it can sometimes be difficult to get it working when the database has a password set on it

For the sake of troubleshooting just connect like so: (fixing the path of course)

ConnectionString = "DBQ=C:\Inetpub\wwwroot\aspprotect\data\database\ASPProtect_ access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

ASPProtect will generate the actual connection string you should use when you run this page

http://www.mysite.com/data/setup_info.asp

Replacing the part in blue with your website info.


2nd: any IIS server setup to have the access database over the network path like that has a poor setup... and that can cause all sorts of problems as well, access is not designed to run over the network like that.. for more on that read this thread -  Start 5 posts down
http://support.cjwsoft.com/code/code_info.asp?TID=479&KW =OLEDB%2E4%2E0

3rd: If the app does not run using the connection string like I say to use then the problem is 100% on their end and is either related to permissions or the fact they are keeping the access database on a network path which is BAD BAD BAD... no quality host that knew what they are doing would set it up that way.. ultimately you don't want to host asp with a place that has a setup like that

4th: If you want to try some other stuff out we have a free guestbook, asptest, and a free version of aspbanner you can try out as well... www.cjwsoft.com

5th: If you need a quality asp host that knows what they are doing and offers great asp support www.alentus.com is the place

6th: Your right, it is not the code, its the data connection

ahh, I see..

that is not really something you should change.. it is pretty much always going to say read for any folder

It's hard to say, but adjusting settings like that could inadvertently change folder permissions in a way that could cause problems and be hard to correct. I really don't know that for sure but it is very easy to totally mess up permissions when trying different things. In the past I had to reinstall iis just to get things back to normal. I eventually over time learned what to do and what not to do and have never had a problem since. I am not saying you are one of those people but a lot of people have problems because they play around with things they shouldn't or they go nuts trying to give every account permission starting from root folders... overwriting important default permissions instead of just making changes to a few specific folders.. not understanding the importance of what they are doing..... etc etc

Sometimes you practically have to be a NT expert just to fully understand permissions. I know a lot and I can handle my own server but it's hard to explain the low level basic of NT permissions to others as there is a lot to it under the scenes. A lot of hard core NT/2000 users do all the permissions from the command prompt because there is a lot more control at that level.

Like I said earlier, what you showed me looks right but this isn't a complex issue and the error means what it means. Something isn't right with the permissions.

I would start from scratch if I were you. Perhaps consider doing an install in a new web instead of in your root like you showed me. Or try installing it on another machine for troubeshooting sake.

I am sorry I can't think of some amazing answer on this one, but I think this is just one of those weird situations that requires starting from scratch or trying it on another machine.

I apologize if I've missed this, but I would love to see the ability to auto-e-mail the advertiser at some randomly set interval before the banner expires. Ideally, I would also be cc'd on this e-mail so I can stay in touch. If the advertiser wants to renew, I can receive payment and change the expiration date without their banner ever falling out of service.

Since e-mail is already built into the program, would it be difficult to add a routine that checks for expiring banners at some daily interval, and contacts the advertiser?

To get really fancy, the e-mail could include the ability for me to add a button for paypal, allowing the advertiser to easily click and send off another payment.

Best,

Wayne

Can you incorporate a secure log in within the scripting.  I would like the account information to be secure without having to have the whole site using running through a secure (https://) path.  If this is possible, the scripting is perfect!

humm

expiration dates in the aspprotect system are not used at all when using paypal subscriptions.. all date handling is done on their end actually

and they of course send notices from their system to the user regarding their subscription and when it renews,cancels, etc etc

so I am pretty sure any errors with that would have more to do with the info you used for the subscription setup and possibly any paypal settings associated with it

its hard to say at this point

The smart thing to do I think.. would be to sign up someone using another PayPal account (your allowed 2)... and while doing it be very careful about the subscription setup data.. and then as soon as the subscription is created review all the info in the paypal system and see if the length of the subscription / expiration.. etc etc in the paypal system info looks right..

at least then you can begin to troubleshoot what is going on...

Using "Email Authentication" as a registration option you cannot do that. There is no possible way I know of to have a delay on the authentication email like that. Also that method is not intended to involve any sort of manual registration like what you are doing.

Because you want to review people manually you need to change to registration process to "manual" and then send the email out manually from the users screen after making a user active.

Both the NET and Classic ASP versions of this application are designed for fine granularity protection of individual apsx extension files. ASPProtect.NET is not designed or intended to protect sub directories, or non aspx content such as Adobe Acrobat .pdf files etc etc.

I completely disagree with your statement that “most sites” have a login box on the left hand side of the page. I suspect you thinking of the ever popular php based forums and “Nuke” type CMS systems which are set up that way but if you look at any site written entirely using .NET that’s rarely if ever the case. (Granted I cant say for sure because I personally haven’t looked at >50% of the estimated 18 billion +  web pages on the internet) Just off the top of my head www.CafePress.com come to mind as a pure .NET site. If you take a look the login button it takes you to its own login page there is not global login form used throughout the site. Reason being that .NET introduced this thing called a “view state” which is used to store things like your session ID (and way more) and must be posted back to the server in order to keep track of visitors. This technology comes in especially handy when you have a web farm in place and your content is being spit out out by more than one server at the same time

I can think of loads of scenarios where the web servers need to know who you are even though you are never directly contacting them via http. This approach is a very smooth and actually very clever solution for enterprise level websites that simply can’t be handled with a single web server.

 On a practical level I know what you are saying but that application sets up all sorts of things when a protected page is accessed and the user is not yet authenticated. That’s the entire reason you need to put that snippet of code at the top of a page you want to protect. That code snippet calls the ASPProtect.NET class and runs through all the logic to see if you are able to access the page. If you are the subroutine exits and the server continues to process the remaining logic on the page. AKA you are able to access its content. If you are NOT authenticated ASPProtect will setup all the proper session and viewstate info and redirect you to the login page for authentication. You may have also noticed a parameter on the login page called ReturnURL. The application looks for that info and if you do have a user ID and password the application automatically redirects you to the page you were trying to access in the first place.

Really I have no idea what you are trying to do, but there is a world of difference in how something looks verses how it works. Lets just say there was a simple way to do what your thinking, what are you going to do with that login form after the person logs in? Just keep displaying it on the entire site so people get confused and don’t know if they are logged in or not? Just that little part of the equation will require making some changes to either ASPProtect.NET or your application will have to have some logic built into it to stop displaying the login forum.

It sounds to me like your basically looking for a super simple 101 type deal that allows people to sign up for an event and you the admin can see that information? I’m guessing they can also log in again and check out their details and see what event they signed up for?

If that’s the case you’re trying to take a very sophisticated protection application and downgrade it into something that would be one heck of a lot easier to write all from scratch in about an hour.

Your not going to be able to “plug and play” a simple form into a page and turn that application as a magic universal login solution for a website, while its 100% possible to use the application that way if you choose, you need to check out the source code and plan your custom integration accordingly.

I am not sure totally understand your question.
I need you to explain it differently.

Any ".asp" page that is protected is going to automatically prompt them for a login box or log them in automatically depending on if they set that option.. In the end returning them to that same page.

So, it really all takes care of itself for the most part.. It doesn't even matter if the bookmark a protected page deep in your site. The system is smart enough to keep them at that page as well as handle their access.

Now of course if they are at an unprotected page of your site and navigate to a protected page they get a loin prompt or are allowed in if they already logged in...

Also.. when you say unprotected page ? do you mean ".htm" or ".asp"

I have been working on this. 2Checkout is like the most confusing and worst payment processing company on the planet. There are things about that page I just don not understand as many times as I read through it.

Doesn't seem like this stuff is mandatory just yet. (I asked)

I should have something soon.

sure, there are reasons AOL would block the email.. it might think it is spam or it might not like the fact that fact that a cdonts generated email has no MX records because it can not..

for more on MX records read my CDOSYS article
http://www.powerasp.com/content/new/sending_email_cdosys.asp


as far as the emails not being sent because notifications are off. I was not aware of that and will try to look into it.. Version 6 is no longer worked on but if I can find the time I will check that out

Can we get access to the source project files for ASPProtect.net since we'd like to put in some of our own branding on the pages and not everything can be done in HTML.

Thanks

this error really does not mean anything specific

Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard"

If you get an error its real weird that the file is being uploaded.
Generally if you get an error during upload it is because of one of these 3 things

Invalid physical path specified

Unsupported upload method chosen

Permissions

See my article on XP and permissions
http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp

many people dont do their permissions right on XP Pro and that article covers everything