There is no way I'm going to spend hundreds of dollars for a thumbnail creation program. Mine is a family web site and all out of my pocket.

Is there any free products that work with Gallery that will create the thumbnails? If not can I create them on my own and link them to the pics? There are tons of Perl based freebies out there.

Steve

Chris,

I understand.  I set it to a lower number that will hopefully be a good balance for the user.  I am simply AMAZED at what your software does and I thank you for all you have done.

Jess

We have been using ASP Protect for a while now and are big fans of the program.  We received ASP Banner 8.2 with our puchase which we now have a need for.  I went to put the files on our webpage, and doing nothing else other than locating the directory there, I noticed differences with how ASP Protect operates.  We have customized it a bit and want to keep the 2 programs separate.  the login screen for one showed up on the other, and some ASP Protect pages appeared altered so i immediately deleted ASP Banner.  did I do something wrong, and how can i ensure the 2 programs work completely independant of each other?  We can't risk braking what we're now using but would really like to add banner functionality to some of our pages.  maybe an update to the program before we install?  puchase new software?  Thanks for your help-

Ok nevermind that... i got by that wasn't paying attention...

The problem is even before this which i didn't know until now.

I placed the protect tag in a page i called members.aspx

When i go to this page is says ACCESS DENIED etc etc etc.

When i go to login to view this page i get the error..which i DIDNT know because i assumed it was working. This is the error im getting:

Server Error in '/MAP' Application.

---

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /map/users/aspprotectlogin.aspx

btw it says /map because that is the subfolder within the root folder

Making progress. I have made the appropriate settings and now I have the option to upload.  When I upload, I get the following message:

 "Your upload did not succeed, most likely because your browser does not support Upload via this mechanism.

Your browser must support a standard called RFC 1867. Please check with your browser vendor for support of this standard"

I am using IE6 XP SP2.  I also am using DUNDAS UPLOAD, ASPIMAGE.

I think I set permissions correctly bot not positive.  I have given all auth to everyone for the database etc.

Actually it would because you would just count records for that user that are also active

and yes, users cant delete albums.. they can only turn them off which really means the albums lose their active status

only the admin can truly delete an album the way the code is
(that's just the way I did it for some reason.. I don't remember why)

Sorry about earlier post in wrong area-

I have followed instructions to set up access levels (adding the

<% CHECKFOR = "4" %>    for user level 4 for instance.) The database is connecting properly and the basic check for login is taking place, but it seems that all users have access to all levels no matter what is on the database; i.e I set up a test page with "checkfor=4" and all users have access to it, even those with lower leve access.

Any ideas?

Thanks

Hello,

no default setting for something like that... what your thinking about doing is on the right track I'd say

works fine now

When a user 1st signs up a proper case function is run on certain fields.
This is only once on user signup and never done in the admin area.

It's goal is to keep things entered in Proper Case,

so if someone enters "chris williams" it becomes "Chris Williams"

It's not perfect but it helps a lot to keep the data clean and more consistent. Since it only happens during registration those values can be changed later by the admin or the user if someone wants to.

The function is only applied to the fields that it makes sense to apply it to.... 
In your case adding a drop down menu means you want exactly what is in your drop down to appear so you wouldn't want it happening.

That being said, it is really easy to remove this situation from any field it is happening to during registration.

So edit "users/add_new_account.asp" with a text editor

find

CmdAddUser.Fields("Company_Name") = PCase(Company_Name)

and change it to

CmdAddUser.Fields("Company_Name") = Company_Name

That is all that is needed to made the change

Adding Support For ServerObjects ASPMail

ASPProtect as you know does not support ServerObjects ASPMail component by default.

Here are directions to make it work.

In the ASPProtect admin settings area simply pretend as if you are using the softartisans sasmtp mailer component. ASPMail and that sasmtp component share the same properties… and the code used for them is nearly identical.

So search through the code for any place where email is sent and simply change

Set Mailer = Server.CreateObject("SoftArtisans.SMTPMail")

To

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")

It is about 4 places. They are not too hard to find.

That’s the easy way to get all the emailing functions working with ASPMail

I was actually able to do similar thing by allowing our dedicated search engine to access the site unchallanged.

<%
If Trim(Left(Request.ServerVariables("HTTP_USER_AGENT"),11)) = "MYPASSWORD" Then  
 SearchFlag = True
End If
 
If SearchFlag <> True Then
If Session("Access_Level") > CHECKFOR or Session("Access_Level") = "" Then 
%>
<!--#include virtual="/Auth/check_user_Code.asp" -->
<head>
<title>My Title</title>

</head>

<body>

My Protected stuff here

</body>

</html>

For this to work, the search engine must pass the PW to the web site. I just was not sure how to do the same thing with IPs. I will play with the code and see what happens. If it works, I will post it here to help others, if this is OK with forum rules.

Thanks,

Mo

I have sent an registration email (as test) to both a yahoo account and also my own email server and in both cases I get the same issue, all else is working great. I am sure its somthing simple, perhaps I am over looking somthing else. the site url is www.rochestertek.us/asp/users/register.asp if this helps

Again thanks.

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
    Response.Write(Session("Groups"))
%>

I am using v7 with other software written in ASP.NET. When I include the the "checkfor" and include file, I'm receiving a compliation error.

Here is the include I have on the .aspx file:
<% CHECKFOR = "4" %>
<!--#INCLUDE FILE="../../ASPProtect/check_user_inc.asp"-->

Here is the error:

ok, here is what is going on

you are password protecting an ".asp" page that requires querystring info to run correctly   (example - "somepage.asp?ID=3"")

that is something I never intended anyone to do.. while it does handle and repass the querystring info along during successful login it does not re-pass that info during a failed login as you have found out

this is all by design.. the only reason the system re-passes the querystring info at all is because I wanted to make it smart for the sake of the remember me/cookie feature.. so if someone was using that and bookmarked a page deep in your site with querstring info...then when they went back to that bookmark they would get authenticated and still see the page as intended with the querystring info in tact

it was a nice feature never intended to handle any situations other than what I just described...

now...
notice the url in the browser after failing a login.. then logging in successfully.. it is missing the querystring info

that more than anything is what is going on..  browser caching can cause some confusion when dealing with this because the browser likes to return you to the page minus the querstring info... when that happens a simple browser refresh at that time may very well solve the problem and then you see the page you are supposed to see...

To avoid all of this...

One solution to this is to always start people logging in to an ".asp" page that has no querystring info. That way this won't happen. Once they are logged in you can then offer them links to the pages they need to go to. (you of course still want to password protect those pages)

Another solution is to log them into a page with no querystring info and then do a response.redirect to the page with quersytring info.. thus accomplishing the same thing but without the possibility of the issue because of a failed login.

Another solutions is to do checks in your asp page for missing querstring info.. and if it isn't there do something about it like send them somewhere else.. or display a message about there being an error... etc etc

So,basically you don't want to tell people to login into such and such page with querstring info... and providing a username and password..... You can do it but like you found out it can cause an error if they mess up logging in the 1st time. The system just was not designed to handle that. There are complex reasons for that involving security that would just take me too long to explain.

I hope this makes some sense to you.. it is very hard to try and explain

ok,

when you say "we have set up to use the Subscription services exclusively for all new members "

I am sorry to have to ask this again but what does that mean exactly ?

how was that accomplished ?

The reason I say this is because when a subscription is created by a user through the normal channels.. meaning they went to the paypal subscription directory and either started a new account or found their old one to start a subscription with.. either way the PayPal Subscripber ID that paypal assigns is added to the database for that user and the expiration date is set to null.

Now, that being said the function that sends expiration emails to users will NEVER send an expiration to a user that has info in their PayPal Subscriber Field in the database. I just double checked that.

So that is where I am confused ? How did all these users get set up to use subscriptions and not have the PayPal Subscriber ID field popluated in the database ?

Seems to me the only way this could happen is if you set some stuff up manually and the PayPal Subscriber ID for each user never got put in the database. That and the expiration date didnt get set to null.

Again, I am sorry to keep asking this but it just seems to me that something else must be going on that I am not clear on regarding how you upgraded these people to use subscriptions.

In the end I think the answer may be to manually make sure each old user now using subscriptions has their PayPal Subscription ID set in the database as well as their expiration date from before set to null.

Christopher

Found this but I dont really know what to do with it or even if its the right thing.

<%
'=========================================================== ==================='

' Application:     Utiity Function
' Author:          ; John Gardner
' Date:         & nbsp;  20th December 2004
' Description:     Used to check the validity of a postcode
' QueryString:     None
' Version:         V1.0

' Required routines:        &nb sp; None
                    
'----------------------------------------------------------- -------------------'

function Check_Postcode (byRef strPostcode)

' This routine checks the value of the form element specified by the parameter
' for a valid postcode.

' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf

' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.

  Dim strPostcodeRegExp(2)   ' holds the regular expressions for valid postcodes
  Dim intCount        &nbs p;      ' For loop counter
  Dim strPostcodeCopy        ' Copy of postcode
 
  ' Variables used to hold regular expression object  
  Dim objRegExp, objMatches, objMatch
 
  ' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
  strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"

  ' Expression for postcodes: ANA NAA, and AANA  NAA
  strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
 
  ' Exception for the special postcode GIR 0AA
  strPostcodeRegExp(2) = "^(gir)(0aa)$"

  ' Copy the parameter and convert into lowercase
  strPostcodeCopy = Lcase(strPostCode)
 
  ' Assume we're not going to find a valid postcode
  Check_Postcode = false
 
  ' Strip out spaces
  strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
  Check_Postcode = False
 
  Set objRegExp = New RegExp
 
  ' Check the string against valid types of post codes
  For intCount = 0 to Ubound(strPostCodeRegExp)
 
    ' Check next pattern in list
    objRegExp.Pattern =  strPostcodeRegExp(intCount)
    If objRegExp.Test (strPostcodeCopy) Then
   
      ' Post code found. Ensure input parameter is in correct format.
      Set objMatches = objRegExp.Execute (strPostcodeCopy)
      Set objMatch = objMatches(0)
      strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " &  Ucase (objMatch.subMatches (1))
     
      ' Show that we have found the postcode
      Check_Postcode = True
    End if
  Next
 
  ' Ensure that the uppercase postcode gets returned if valid
  If Check_Postcode Then strPostcode = strPostcodeCopy
 
End Function
%>

regards

John

(User Search & Contact Mod) for ASPProtect Version 7.x

This will allow an individual user to search for other users as well as email or call them.

Notes: This is a down and dirty mod. The users page from the admin area was used as a starting point. I then edited it up real quick to be used as a user search. The way it is it shows the user email as a regular email link. If you want to set it up so emailing is done from the application and emails are not actually shown you will have to do some extra work. If you don't want phone numbers shown you will have to remove that column which is not very difficult.

Directions:
Back up your existing ASPProtect installation.

copy "search.asp" into your "users" folder

2006-03-10_143253_User_Search_Contact_Mod.zip

Direct your users there. They will have to be logged in to view the page.

WARNING: This has not been extensively tested for SQL Injection attacks.
I think it is perfectly fine the way it is by looking it over quickly, but use it at your own risk.

humm, yea thats a data connection error..
really not related to the asp code in the application for the most part.

that is low level

If using MSACCESS

I would make sure permissions are set correctly on the database folder (not just the database file itself)

I would make sure your using at least a 2000 version of the database. 2003-2003 format being better.. 

I would make sure the server has up to date mdac/odbc drivers.. (that is really the server admins responsibility)


As for permissions there are articles in our forums about exactly how they need to be set. Improper permissions can cause a ton of random errors like that.

The redirection feature isn't working as I exected.

If I clear a user's redirection_URL, they can navigate to any protected page on my website as expected.

However, if I set the user's redirection_URL to a protected page, they cannot login. More specifically, their browser just keeps displaying the login form while the browser's progress bar just increments ad infinitum.

If I set the user's redirection_URL to a NON-protected page, the user is directed to that non-protected page, but if they then try to navigate to a protected page, they are redirected back to the redirection_URL.

Is this the way the redirection feature is supposed to work?

My application requires that a user is directed to a protected page and from there, they can navigate to any page that they are allowed to go to.

What can I do?

sorry.. you just said above you were using XP SP2 so that is the article I referred you to as I just assumed you were talking about your local web server

here is my article on permissions regarding server 2003
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp

I can look at your installation monday if you like. In about an hour I leave for a wedding thingie and I wont be around again untill monday around noon

Try the uploading using VBSCRIPT method just for the heck of it. Perhaps there is an issue with the installation of the dundas component.

CJW

Thanks

It wasn't a complaint. I just bought it last night and installed it today. But, I must have missed the part about requiring Enterprise Manager for installing it on SQL.

If you want it the link to the Web Based SQL Manager is : http://www.aspenterprisemanager.com/ which is free and the Trialware that I tried is EMS SQL Manager.

Maybe that will help a little in not requiring that people have an MS SQL license to access their hosted MS SQL to install the software.

Thanks

Redirecting is not something ASPProtect does because you can
do that sort of thing using simple ASP redirects.

In all of these examples you are going to want to protect the pages you send these users to accordingly.
So that if they know the url they just cant go their directly without loging in.

Redirecting example..
This page will redirect admins or level 4 users to a certain page  and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Admin") = "True" or Session("Access_Level") = "4"  Then
    Response.Redirect("sompage.asp")
Else
    Response.Redirect("someotherpage.asp")
End If
%>

Redirecting example..
This page will redirect level 1 users to a certain page. level 2 users to certain page, and anyone else to
another page.
 
 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Access_Level") = "1"  Then
    Response.Redirect("level1.asp")
ElseIf Session("Access_Level") = "2" Then
    Response.Redirect("level2.asp")
Else
    Response.Redirect("allothers.asp")
End If
%>

Redirecting example..
This page will redirect user "PistolPete" to a certain page.

 
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
 
<%
If Session("Username") = "PistolPete" Then
    Response.Redirect("somedirectory/somepage.asp")
End If
%>

 
then just make sure the page you send the user to to also checks to see if the user is the right user.... to make sure others users can't access each others pages
 
<%
If Session("Username") <> "PistolPete" Then
    Response.Write("You do not have access to this page.")
    Response.End
End If
%>

etc etc etc.... these code snippets should point you in the right direction...

Is there a limit to how many access levels the program has?  We were thinking of having a different access level for each client that logs on our site so we can customize their web experience.  We see 6 in one place of the program, 8 in another, but is there any reason why we couldn't make 100 more?

Thanks again for the help!

Ok, so I checked to see if ASP is running on the server and it is.  then I added code to the top of a page and this is what i can see when 'view Source' on the web browser:

<%@ LANGUAGE="VBSCRIPT" %>

<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * Admins * ) -->
<% GROUPACCESS = "4" %>
<! #INCLUDE FILE="check_user_inc.asp">
<!-- End ASPProtect Code -->

<html>
<head>
<title>TeamManagers</title>

Yet I get no challenage for a password and no error message!

It probably is. You would have to look at the paypal documentation for IPN and see what needs to be changed in the form code.

You can get all that info from PayPal's website.

There are tons of variables and options you can use with all of their code.
They have detailed PDF files full of information on all of them.

Our webhost changed converted all sites from c: to d:, and without us doing anything else, our customers now get the following error message when trying to access our Classifieds site:

***********

Microsoft][ODBC Microsoft Access Driver] Not a valid password.

This means there is most likely a problem with the "ConnectionString" info that you specified.

If you are using a DSN-Less Connection with MSACCESS.

Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.

ConnectionString = "DBQ=D:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"

If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.

If you are using a System DSN

It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.

************************************************************ *********************

We did everything the web host asked us to do, that is, changed all references to the C drive to new references to the D drive, but the error is still there.  We also never changed any passwords (as far as we can remember).  Can someone please tell us where to look (also which file might tell us what the correct password is in case it has in fact been changed.

A mod like this would improve tracking by leaps and bounds.

Do you think this addon would be availalbe anytime in the near future? If/when this feature or mod becomes availalbe, it certainly would be ideal if some script was made to import all the log file data.