(User Photo Upload Mod) for ASPProtect Version 7.x

This will allow an individual user to upload a user picture instead of just the admin.

Notes: This is a down and dirty mod. The user upload code was copied from the admin area and there are no safeguards. Meaning there is no limit on the file size a user uploads and there is no confirmation process in case something they upload is inappropriate. etc etc etc

If you want that you will have to work on that on your own.

Directions:
Back up your existing ASPProtect installation.

copy these files into your "users" folder

2006-01-24_111305_User_Upload_Mod.zip

A question.  Does this apply to all areas of the application.  I have recently uploaded 50 photes.  But when I look at the site from the url, I have X where the picture should be.  Now, if I look at it though the localhost, I see the pictures perfectly.

I believe I'm having trouble with Domain masking in that it appears to affect the ASP Photo Gallery login screen.

My address is forwarded and masked by my domain "company" (in this case: Godaddy.com). It is forwarded to a Win2000 Server running at my static home IP.

From outside of my network, the website appears to work fine...even the default.asp page works to the point of the login page. After entering a login and password - you hit the login button and the page simply reloads only with all of the header and footer information removed.

I found that by eliminating the domain masking feature at the domain company, the problem gets eliminated and the entrie site works fine.

Has anyone else run into this problem? I'm guessing it's the way the domain name is held in the browser cache but I'm not sure how to resolve it so that the ASPPhotoGallery scripts and pointers work correctly.

Eric

http://gibsoncity.info/guestbook/default.asp

Reports 65-messages, however after the first 10 are displayed and you click on the More Messages button, I get the Page cannot be found error.

We have been using ASP Protect for a while now and are big fans of the program.  We received ASP Banner 8.2 with our puchase which we now have a need for.  I went to put the files on our webpage, and doing nothing else other than locating the directory there, I noticed differences with how ASP Protect operates.  We have customized it a bit and want to keep the 2 programs separate.  the login screen for one showed up on the other, and some ASP Protect pages appeared altered so i immediately deleted ASP Banner.  did I do something wrong, and how can i ensure the 2 programs work completely independant of each other?  We can't risk braking what we're now using but would really like to add banner functionality to some of our pages.  maybe an update to the program before we install?  puchase new software?  Thanks for your help-

ahhh ok.. I was going to wait till morning to answer this one..

glad ya figured it out

I really do not know.. maybe it is a conflict with something else..

I run many instances of aspbanner on my servers and I have every item to log enabled for my iis log files... my stats server software which reads those log files (livestats and smarterstats) have never reported any 404 errors related to (aspbanner/those images)...

I do not know what is happening in your situation..

sorry.

Hi,

No, only ".asp" files can be protected.  It is the nature of Forms Based Authentication when using web based scripting technologies whether those scripts be ".cgi", ".asp", ".php", or whatever.

To protect entire direcotries at once you really need to run your own webserver and use NTFS permissions and user accounts..... or if something special is installed on the server there may be ways to do it as well. That usually isn't going to happen under a shared hosting account but there are special authentication products for such a thing that some hosting companies do purchase and allow their hosting customers to use.

Using aspprotect we do give working examples of ways to stream and partially protect images and downloads while a user is logged in to an ".asp" page.

Also, any ".htm" pages can simply be renamed to ".asp" if you need to protect them. Links to each other need to be updated of course because of the extension change.

In my opinion the truth of the matter is most high end sites use Forms Based Authentication with scripts. Not directory protection as it is fairly primitive/old school as well as sometimes being confusing for the users of the site because of how the login window from the server often gets stuck behind the browser.. etc etc

If you have a lot of pages in a site that you need to add protection code to then if can often be helpful to use a good Multiple file search and replace program to carefully add the protection code to the top of the source code of the pages. There are even multiple file search and replace programs that can rename extensions which can be helpful for large sites.

For images and graphics you want protect you have to do some work and set up and intelligent system for yourself.

Lastly whether you use https:// or not is no concern to ASPProtect as it works the same under https:// as it does under http://

Session.LCID = 2057

one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.

perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation

I am trying to protect and ASP page written in Javascript.  The first part of the page goes:

<%@LANGUAGE="JAVASCRIPT"%>
<!--#include file="../Connections/connWINGAP.asp" -->

When I insert the aspprotect code it looks like this:

<%@LANGUAGE="JAVASCRIPT"%>
<!--#INCLUDE VIRTUAL="/GIS/WCGIS/GISProtect/check_user_inc.asp"-->
<!--#include file="../Connections/connWINGAP.asp" -->

and I get this error: 

Microsoft JScript compilation error '800a03f7'

Unterminated string constant

/GIS/WCGIS/GISProtect/check_user_inc.asp, line 2

I think I understand that your code is written in VBscript and that is why it is not working.  If this is the case, how can I switch to VB to execute your stuff then switch back?

Thanks,

Jess

Regarding hosting companies..

Now.. obviously if you are hosting on someone elses server you may not be able to set permissions like this.

Ultimately, if you are hosting somewhere and ASP and Database connectivity is part of your hosting plan. It is the hosting company's responsibility to set these permissions for you when asked or to give you a special interface to do so on your own. If they are not helping you do this then maybe it is time to get a hosting company that is serious about your ASP Hosting Needs.

Also... JUST TO BE PERFECTLY CLEAR

The permissions we are talking about cannot be set via FTP or Frontpage access to your web site. They must be set like shown above or via a special interface meant to set the permissions correctly. For all you people out there messing with the permissions you see in FTP and Frontpage.. you are wasting your time and possibly creating problems in your web.

All ASP scripts that communicate with an Access Database, Upload Pictures, Modify Text files.... are going to need these permissions set in some way or another. We have no control over that fact.

I have reviewed the permissions requirements for folders from the support documentation but do not see the 'internal guest' account shown in our system to allow internet access to read/write to the access database. 

How else can we locate the proper account (or is it possible there is none?) to use to allow permissions to access the Data directory if it doesn't show up as 'Internal Guest'?

I need to use SQL for other reasons than efficiency.  If I create 2-seperate databases, would there be a lot of code to edit?

Thank you.
Lance

Probably not... javascript calling complex javascript is not a good thing and is often a problem.

I would try one of the other methods such as the xml parser if possible.

My site is composed of mostly asp based pages with some javascripting thrown in, but a fair amount is strictly html and javascripting. Currently I am using the javascript banner method throughout the site.

You have mentioned in the past that several other methods might be a better option for asp pages.

Examples would be:  XML Parser Method or asphttp method.

I was wondering if it is possible to use the javascript method on my non-asp pages and maybe the asphttp method on the asp pages and all in the same Zone?

Or, is it possible to use the asphttp method on all pages, whether they are asp or not?

I'm just trying to figure out what is the most efficient way to use the banner system.

Or maybe should I just keep it all javascript method?

Any helpful feedback would be appreciated!

Thanks.

-john

I did a google search and it turns out that error very well might have to do with ASP trying to send an email and that process failing.

That tells me your emailing from the application is not working so it is probably not something you edited incorrectly.

see this article...

80040211
http://www.aspfaq.com/show.asp?id=2026

Emailing was working as when I did your installation (I think I did it months ago, didn't I) so it must be some incorrect changes to your email settings in the admin settings screen. Try sending an individual email to a user from the admin users screen and see if it works. My guess is you will get the same error and means your email sending options are no longer correct or valid.

If that is the case I would ask you if you changed them or possibly something changed as far as your email setup goes. Passwords ? EMail Server .. etc etc etc

I would kile to see more support for the groups function:

1. on the password_admin/default.asp page have a coulmn listing groups

2. ability to change groups in bulk eg change the expiry date for all group x members

Cheers

New Version 8.1 Released

Whats new..
http://www.aspbanner.com/v8_notes.asp

Upgrade Instructions...

Upgrade at your own risk. Though we try new versions are not always perfect due to minor bugs we may miss.

Back up your old setup so you can revert back if necessary..!!!
Save your data connection string info in a text file so you have it.
You can get that by viewing the system info page in the admin area.

Carefully copy all the ".asp" files from the new version to the old.
Your going to want all the .asp files in the aspbanner folder.
Your going to want all the .asp files in the aspbanner/scripts folder

Copy the aspbanner/images folder because there are some new images

Be sure to also copy the "data/config" folder files.folders as well as a lot of that is new including the actual config file. If you dont get the new config file copied in there you will have problems later on with some of the new features.

Be sure to create a new folder in the "data" folder called "tempstats"
Make sure it has proper permissions if you plan on using the delayed stats feature as the stats gets temporarily stored there. 

Go back to the area where you originally setup the data connection and do that again...

From the web browser run the following URL

http://yoursite/data/config/aspbanner_unlimited.asp

Replace "yoursite" with the proper url info relevant to your web site location.

When run via the web server that page will ask for a password. By default it is "temp". You should change it later on for security reasons. That page tells you how.

Now... moving on..

There were no changes to the database except for SQL Server users so you can use your existing database.

SQL Server users that want to use the new stored procedures feature (it's optional) will need to update their SQL database with the stored procedures.

Scripts to do that are provided.


ALSO: I have been running this new version using SQL Server Stored Procedure mode for a 1 week on a special banner server that serves banners to many of my own sites. I have also been using the new Delayed Stats feature.

All I can say is it is running like a champ and the SQL server is using less memory than it ever did before.

you summed it up perfectly... everything you said really

As for the banner software custimizations.. you could just make another folder with a modified admin area (little tweaks here and there so the person logged in only controls their own banners) You'd probably want to add an approval process so nothing they did went live unless you really really trust them. That wouldn't be that hard either.

I always planned to do it someday but I just never have time.

Yes I did see that, and created the new project as well as imported the DLL's. I guess my question is; is it as easy as rename the file from aspprotectlogin.aspx to login.aspx and then running the release to regenerate? I know this is a novice question as I am a novice to .NET but the fastest way to learn is to do. Also I know you’re an advanced programmer with better things to do so if I’m stepping over the line from technical help to basic programming I should already know, feel free to point me somewhere ells.

The problem was in config_inc.asp. we had renamed the field in the DB but didn't change it in this file.

But we changed it, it is back to normal.

Thanks

IMPORTANT UPDATE - READ THIS
http://support.cjwsoft.com/forum/forum_posts.asp?TID=205& ;PN=1


The IPN Subscription Pack which is built in to ASPProtect 7 contains all the pre-built scripts you need to implement PayPal IPN Subscriptions with ASPProtect. IPN stands for (Instant Payment Notification). It allows you to set up scripts on your server so whenever a PayPal payment is processed the PayPal server sends info to your server regarding the transaction and vice versa. This is a fully automated process and allows you to charge users for access by the month or however long you like.

The Subscription feature of PayPal handles recurring billing automatically. The PayPal server will communicate with the ASPProtect system and keep everything up to date with users and their subscriptions.

This Support Pack basically gives you an additional signup and registration directory "paypal_sub_signup" and it should not interfere with any changes or customizations you have made to your ASPProtect setup. New users can register in this directory and sign up for a subscription at the same time. Existing users whether active or expired can be sent to this directory where they can lookup their account and start a subscription. You can also assign various Access and Group Levels during signup and you can set up various prices for various amounts of time as well. This is a real-time setup for the most part. As soon as a user pays via PayPal your system is updated and they will have access.

To use this all you need to do in ASPProtect 7 is enter your PayPal account name into the settings screen. It will be an email address. You'll need a business or premier account with PayPal and you will need log into your PayPal account and turn on IPN in you profile. They make you enter a default IPN URL. We do not use that so if you already have something there leave it there. If you dont have something there you can type in any the full url to any page on your server. It's probably best to send it to an empty ".asp" page or something.

Changing Payment Options

In the "paypal1.asp" file there are some sample payment options set up.

They look like this and you can have as many as you like.

<!-- Begin Payment Option Code -->
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">

<% Label = "Membership (1 Month) $9.99 Recurring" %>
<!-- Begin Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="a3" value="9.99">
<input type="hidden" name="p3" value="1">
<input type="hidden" name="t3" value="M">
<input type="hidden" name="src" value="1">
<input type="hidden" name="sra" value="1">
<!-- Field Below must have 2 commas First two values are optional (access level,groups,user ID)-->
<input type="hidden" name="custom" value=",,<% =User_ID %>">
<!-- End Form Fields You Can Edit.. See PayPal Subscription Manual For Details -->

<!--#INCLUDE FILE="form_data_inc.asp"-->
<input type="image" src="https://www.paypal.com/images/x-click-but20.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">

</form>
<hr>
<!-- End Payment Option Code -->
 

To really understand what these form values mean it is best to look through the PayPal Subscriptions Manual which is a PDF file you can get from the PayPal Site.

This link was valid the last I checked...
Subscriptions and Recurring Payments Manual

It also may be helpful to use their wizard to create some subscription buttons with different settings and then look at the code generated.

Bascially these are the important ones..

a3 - amount to billed each recurrence t3 - time period (D=days, W=weeks, M=months, Y=years) p3 - number of time periods between each recurrence

The custom field is something we are using to send info from ASPProtect to PayPal.
it allows you to set the access_level or groups access (groups support require the ASPProtect Option Pack)

<input type="hidden" name="custom" value=",,<% =User_ID %>">

or this example where we are setting the access_level to (2) and also giving the user access to groups (3 and 4)

<input type="hidden" name="custom" value="2,*3*4*,<% =User_ID %>">

Here is how it works.
The value setting (red) is essentially and array that can be made up 3 elements separated by comma's

access_level,groups,User_ID

If you do not want to set the access_level or groups access.. then you don't even need to edit the setting.

Values must be separated by a comma even if there is no value and there can be no spaces.  If you didn't want to set an access level or groups there would still be 2 commas at the beginning.  etc etc
Basically there must always be 2 commas but you only have to set last values which is the User_ID from the ASPProtect system.

The 1st value is the access level you want to user assigned to.
The 2nd option is the groups you want the user assigned to. (requires option pack)
The 3rd option is the User_ID which the system takes care of. Do not edit this option. Leave it as <% =User_ID %>
 

UPDATE..

Installed a new rack mount 1u server this week.

3.2 ghz hyperthreading 1 mb l2 cache prescott cpu
2 gb pf pc3200 kingston memory
SATA Raid.. (2) 120 gb drives running hardware raid 1

It is a supermicro 1u server case and server motherboard.
The hard drives are SATA 150 120 gb 7200 rpm Diamondmax Maxtors

All high end server type stuff... It's a very powerful server and has been running great all week. 500+ hours uptime so far.

Running Windows 2003 Server Enterprise
SQL 2000 Enterprise SP3
SmarterMail
SmarterStats
Windows DNS
ZipEnable (which I am reviewing for them)
ServerMask (which I am reviewing for them)
A ton of ASP Components which I have purchased over the years.

So that means I can now focus my attention on creating software again instead of being a system admin. (Due to these server issues over the past few months I am now back to godly status as far as windows system administration goes.. not to mention I am now back up to speed on the latest processors and hardware)

So, getting back to ASP Photo Gallery...

I spent about 20 more hours this week on the new version of ASP Photo Gallery Pro.. I have another 40 or more to put into it as I have a lot I want to do.

I think it will be ready within the next three weeks. I know a lot of you have been waiting for something.

Chris, that fixed it.  Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.

Suggestion for future release.  Create an option to email the admin when a message is posted.  If this code already exists please advise.

Thanks, Lance