one thing to note... the time period we are talking about is going to to be whatever you have the session timeout set at in the settings.

perhaps making that value lower like 10 minutes is an option for you.. and might help to deal with situation

Access to some sections of the forums must be requested.
Please Click on the following link and read all of it carefully.

http://support.cjwsoft.com/

Hello,

Sorry, I do not have any good ideas on this one...
Domain Name Masking can cause issues with quite a few things.

I assume you mean 500 pixels wide

no.. because you cant reliably tell a pictures image width without an image resizing component to look it up.. asp can not do things like that on its own

serverobjects has a free component called "imagesize" that can do it as well but you need access to the server to install the component
http://www.serverobjects.com/products.htm

so if you cant do that with regular asp code you definetly can not stop the upload proces because the picture is too wide..

heck, that would be nearly imposible to do regardless.. even with the best 3rd party components at your disposal

even with an image resizing component you would have to allow the upload.. then check the pixel width.. then delete it.. tell the user what is going on...etc etc  .. all a very complicated process

I set the max image width to 1000; previously it was null. Now I'm getting server errors:

page not found, then, service unavailable (the page is there). But in a new album, the images imported fine and it seems to be working now, despite the IIS issues.

I think my host restricted the amount of memory and resources my site is allowed to use.

no, that system only works with ASP.NET code.

Currently it can not possibly work with classic asp.
PayPal made it a nightmare to use and work with.

Special things regarding the signing of digital certificates also need to be installed on the web server so if it isn't your server your also out of luck.

Hi all,

I have the photo gallery set up at www.kashabowieoutposts.com/gallery

It's great - love to work with it.

But I've never been able to get those with just User permissions to be able to upload... Only an administrator is successful in uploading.  This was no problem in the past, but now this client would like to give their guests a means to share their pictures on their site - so now I have to figure out the bug...

... this is the error I keep getting...

Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.

Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard.

------- anyone else experienced this?

Many thanks all!!

Doug

(Password Expiration Mod) for ASPProtect Version 7.x

This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)


 
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.

Purchase Page

Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.

This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.

There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.


Directions:
Back up your existing ASPProtect installation.

Add two new fields to the "ASPP_Users" table in your database.

For an MSAccess Database

Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)

For a MSSQL Database

Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)

once that is done

Copy all the new ".asp" pages into your site.


Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file

It needs to be the full URL to to the "change_password/default.asp" file


Now edit the "change_password/processchange.asp" file

There are 3 variables you can edit.

PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8

The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.

The other two values should be obvious.

That's it...

Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file

Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. 

I've encountered another problem.  When i edit the link for existing banners and save it, the banner reverts to the old link instead of the new one.

The directory where the the database is located to rwed so the permissions is not a problem.

Any advice?

Thanks

btw: who is this hosting company anyway ?

and did they give you access to a control panel that lets you manage your site ? sometimes that is where you manage those permissions if their interface supports it

lastly, are frontpage extensions installed in your web so it can be connected to via frontpage ?

the menu file.. "menu.asp" or something... just follow the logic of the code to find things like that. Look for server side include files and what not in the source code.

This is a good article on figuring out what pages to edit as well as other things.
http://www.powerasp.com/content/hintstips/common_sense.asp

If it was working and you changed code you could have possible messed up how all of that works... you may need to revert back and be really careful as you make changes testing every step of the way.

Hi, I am glad you like the system.
Thx for the comments..

The banner logic in aspbanner it tweaked for speed and performance.. that sort of thing really wouldn't fit into the current code structure very well. It would slow things down and be a nightmare to code because of the way aspbanner uses ultra fast application variables for the banner rotation. Basically its a feature I didnt incorporate for performance and pricing reasons.

I would suggest making different zones for different conditions.. then surrounding the banner calling code with if else logic so a different baner zone was called under certain conditions.

That way performance would not be effected and you could actually show a different group of banners based on certain conditions.

Sorry, but that is the best advice I can offer at this time.

I built ASPBanner for performance and at this time I refuse to sacrifice that for any feature that will slow it down and consume more resources.

Hope the wedding went well.  I have one this weekend.

I was successful at performing an upload.  The free upload software was either not configure properly (probably) or not working.  I downloaded the trial version of softartisan's upload (which is like over $300) and it started working. 

Can more than one photo be uploaded at one time (like a whole folder full of photos) or does each have to be done individually?

Help!.. I need to export the username and password fields to a mail merged letter so everyone knows their username and passwords. However whenever i access the database or do an export. The passwords showup as encrypted. Is there a way to access the list, un encrypted?

thanks

ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.


Before you even start please read this thread and do what it says.
If any errors show up it is important you see the real error instead of a useless HTTP 500 internal server error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1

Once doing that make sure to use Internet Explorer as you follow along with these directions.

Now, unzip your installation zip file that you downloaded from CJWSoft.
Use a program like winzip and be sure you have it set up to unzip the directories as well. You can also use windows xp's built in folder compression tools to unzip the archive.

When you unzip the application you should have all of the following folders and files. (more or less, it depends on the version)

Now, you can copy all of these files into the root of your website or if you like you can make a folder called "aspprotect" and put all of these folders and files in that folder. Either way it really does not matter.

Now, contact your web hosting company and instruct them that you need permissions set on the data folder that you copied into your website. This folder and all of its child folders need modify permissions set on it for the anonymous webserver account. It is very important that they set the permissions correctly and on all the child folders as well.

Here are some threads on exactly how these permissions are set.
If you run your own server or are developing locally you can do this yourself. If not most likely you need to put in a request to your hosting company as you CAN NOT set these permissions via Frontpage or FTP.

Windows 2003 Server and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=136& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Windows XP Pro and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=56& PN=1

Once permissions are set.. run this page via your web browser

http://www.mysite.com/data/setup_info.asp

Replacing the part in blue with your website info.

When this page is run it will report back a screen like so:



Now, take the connection string info it shows you.
Edit the "dataconn_inc.asp" file in the root of the ASPProtect system and use that data connection information. It should be valid for the server.

If you are using MSSQL server instead of Access please see the SQL database creation directions as you will need to create the MSSQL database and use a special connection string for that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=160& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Now, take the CookieEncryptionKey and PasswordEncryptionKey info that it gives you and enter it into the "config_inc.asp" file in the root of the ASPProtect system. These will be the unique keys that your encryption will be based off of.

Ok...

The files have been copied to your website, the permissions are set on the data folder, and the database connection is ready.

Now.. run this page

http://www.mysite.com/password_admin/get_me_in.asp

Replacing the part in blue with your website info.

This is a special page we use to get into the system for the 1st time.

If you get a nasty error when you run that page similar to this.

Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

Then parent paths are disabled on the webserver and you need to do an extra step to deal with that. Follow this link.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=162& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1&TPN=1

If you get any other variery of "80004005" error then there is a problem with your data connection.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1

Those errors are usualy related to database folder permissions or an imcorrect physical path to the database file specified though they can mean a lot of things.


Once you get the page running you will see a login prompt and one form field

You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.

If all goes well you will see the admin area of ASPProtect.

Now that you are in the system you need to create an admin account.

Click on "ADD NEW USER".. fill out the info and add a user.
You really only need to fill out (first name,last name,email,username,and password)

Now save that user.

You should see a new user listed in the admin area. Click on Edit user to the left of the new account. On the edit screen check the "admin" checkbox and save the user.

You just created an Admin account.

Now click on the "log off" button on the top menu and click yes to log off.

Now close the browser. Then run this URL

http://www.mysite.com/password_admin/default.asp

Replacing the part in blue with your website info.

You should now be able to in to the admin area of the system using the new admin account you created.

You are now ready to go to the settings page so click on the settings tab in the menu. There are a lot of options and paths that need to be set on this page. Every setting is described in detail on this page. You need to go through the page and set things up properly. Anytime the page asks for a path to a url or file the page will auto generate what should be the path to use. (expected path) If your server has parent paths disabled a few of those auto generated paths will not show up. If that is the case run this url from your server and it should tell you the paths to use for those settings.

http://www.mysite.com/data/expected_paths.asp

Replacing the part in blue with your website info.

Once your all done and the system seems to be running fine you should go back and delete the following pages as they are no longer needed and pose a potential security risk.

http://www.mysite.com/data/setup_info.asp
http://www.mysite.com/data/expected_paths.asp
http://www.mysite.com/password_admin/get_me_in.asp

You should back up the original zip archive you got from CJWSoft in case you ever need those files again.

VERY IMPORTANT: The user passwords from now on will be encrypted using the "PasswordEncryptionKey" you specified in the "config_inc.asp" file.

If you ever change that key all of your passwords will be invalid and you can not get them back unless you know the key and put it back, so plan on never changing that key unless you really know what your doing and know how to decrypt/re-encrypt the passwords using a new key. (something we do not cover at the moment but probably will when we have time to make a tutorial) 

More Info on Simple File Sharing

http://www.practicallynetworked.com/sharing/xp/filesharing.h tm

http://www.theeldergeek.com/quick_guide_to_simple_file_shari ng.htm

http://support.microsoft.com/default.aspx?scid=kb;en-us;3040 40

Thanks very much for the quick reply.

That sets my mind at ease

I was just worried if users would see warnings in their firewall software too.

I realize that the admin would have to have to go through some errors...

And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.

Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...

Thanks 

You might just learn something and actually get your project finished before 2010

your over there hacking away on your virus infested WaReZ machine

LOL thanks for the good laugh-- i guess its time to do some reading and making my own mods to the program..

btw i never insulted cafrepress.. not sure where you got that from- just advised that what they have is exactly what i want to have done. How much for your service?

Hi,  Its just a generic error that really doesn't mean much of anything except that something wrong with your data connection.

http://support.cjwsoft.com/code/moreinfo27-1.htm

could be invalid permissions on the database folder... could be any number of things

when setting up your connection I suggest going dsn-less.
http://support.cjwsoft.com/code/moreinfo9-1.htm

It is better/faster and also a lot easier to set up.

yup. that is correct... they can't log in so they can't see any pages you protect

its the nature of forms based authetication

Christopher

I have gone back to your original files and uploaded them to another server folder and instead of using a DSN I have tried this with a DSN less connection and changed the database to MS Access 2002.

This has corrected the problem.
I will check this out again using the DSN with access 2002 to see if this was the problem. It may be something to do with an older format of database on this particular server.

I will let you know what I find.

Thanks for your  quick reply.

You can mix and match banner calling methods all you want.
Try it and see what happens.

However, the only method that is going to work on non ".asp" pages is the javascript or the new iframe method listed in the support forums.

Hello-

I'd like to set up the system to redirect to a landing page (say home1) after the user logs in.

I have looked at all the documentation and can't find something that explains how to do this. I am thinking that I can set up a log in as the default in my root directory that will have a form with an action=check_user_inc.asp. I have looked at the code there but cannot find a place where I would place a redirect to home1.

Help please

Thanks

IFRAME is just an client side html thing...

has nothing to do with .NET

will work with any page extension or server side technology

As you see from that compatibilty chart I posted a link to.
Nearly every modern browser supports it.

it's ok

one step at a time and at each step testing things.. then when you mess something up you can figure it out a lot easier

check permissions for the user you are connecting to the SQL database.
http://support.cjwsoft.com/code/moreinfo122-1.htm

That user may not have permission to make new data

Also,  check all field and table settings manually by comparing them to the SQL creation script we provide. You may very well be missing auto increment and primary keys which would make adding new data not work.

It is most likely one of those two things.

Thought this would be easy.  A few more pointers should get the database connection to work:

1) How do you decide whether it is a DSN (system datasource) or not? Does just putting the file in the ODBC make it so? 

2)We have other files in there for other server applications, does that mean we’re stuck using DSN’s or is the file independent of that control dialog?

3) Assuming we get rid of using DSN for this database (or not), does the code go referenced in your article http://www.powerasp.com/content/hintstips/permissions.asp apply here or should it just work?

What else are we missing?

Hello,

In that version is is not easy to change the values as they were not intended to be edited. You would have to dig through quite a lot of code as those values are hardcoded in quite a few pages. Probably at least 10 or more.

In the pro version there are variables you can change that very easily as that is intended to be easily changed in that version.

I got ya. Well hey, that's what's great about the iframe right?

When a user 1st signs up a proper case function is run on certain fields.
This is only once on user signup and never done in the admin area.

It's goal is to keep things entered in Proper Case,

so if someone enters "chris williams" it becomes "Chris Williams"

It's not perfect but it helps a lot to keep the data clean and more consistent. Since it only happens during registration those values can be changed later by the admin or the user if someone wants to.

The function is only applied to the fields that it makes sense to apply it to.... 
In your case adding a drop down menu means you want exactly what is in your drop down to appear so you wouldn't want it happening.

That being said, it is really easy to remove this situation from any field it is happening to during registration.

So edit "users/add_new_account.asp" with a text editor

find

CmdAddUser.Fields("Company_Name") = PCase(Company_Name)

and change it to

CmdAddUser.Fields("Company_Name") = Company_Name

That is all that is needed to made the change

Tell tell me some info about your install?

How am I supposed to know what is going on when you are not showing me what you have in your web config file and also the directory structure of the install or what you are putting in a page you are trying to protect ? It almost sounds like you are not editing the paths correctly in the various places.  I mean yes you told me something about the "map" folder but what I saying is tell me more detail.

BTW: this is a very important setting in the web.config file and must be edited accordingly so the path is right.

<forms name=".aspprotect~net" loginUrl="/aspprotectlogin.aspx" protection="All" timeout="60" path="/" />

Basically your showing me random errors and posts left and right and I honestly have no idea what your doing ?

Ulitmately though I am trying to help you in this situation like the web site says.

We offer tech support for installation of the base application purchased in it's native form. In some cases in order to receive proper tech support your application will be need to be installed on a live server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine.

Meaning I am not going to keep this up if you keep asking question after question after question regardign your local XP Pro installation. There is only so much I can assume or guess when you are running this on a local development server. I know you got all sorts of problems getting a decent live server to run this on but that just isn't my problem. Get this up and running on a professionaly and correctly setup live server and when these random configuration errors pop up atl least I can go run the pages and look at them. Right now I am just confused by nearly everything you have posted today. Half of looks like basic ASP.NET path issues that you need to sort of on your own based on where you installed the application on the machine and what you have in the web.config file.. etc etc etc

It is sounding more and more like ASP.NET is way over your head. If you want a copy of the classic ASP version of ASPProtect you are welcome to it. I think you will be a lotter better off sticking to classic ASP unless you really start reading up on ASP.NET and learning more about how forms based authentication and the web.config file work.

I just installed ASPProtect on my site. The instructions were definately on the target. Very very good instructions.

But... Isn't there always a but ???

I needed to setup my site with MS SQL and it is hosted so I don't have Enterprise Manager. I tried the web based Enterprise Manager and any other one I could find. But, I kept getting errors when trying to use the SQL Script.

I finally had to go back to my work where we do have the licenses and get an SQL Admin to use Enterprise Manager to run the script and it worked finally.

I don't know if this is a common problem ??? But, maybe you would want to look at the SQL Server script or make a different version that would work with the Web Based SQL manager.

Thanks

Where is the system getting the random user name and password, and why does it keep selecting the same user name and password every time?