Gotcha.

Can you set an expiration date on a subscription?

Thanks,

Jess

i took another look at the file, and realized that when i was looking at the data structure i had confused "banner_image_URL" with "banner_link_URL". i lengthened the latter, and now all is good.

sorry for the false alarm, and thanks for a very-to-work-with product.

pretty clever...

If anyone is interested in what the Mod function actually does this article explains it nicely. They even use it for the same purpose in the examples.

http://www.asp101.com/articles/steven/mod/default.asp

You are not supposed to use "../" with a virtual include

Thats goes against what a virtual include is and makes no sense.
When using a virtual include you give the path as if accessing from the root of the main web / virtual directory

I find it very hard to believe it ever worked like that and if it ever did it was wrong.

i will probably end up doing this myself, but dropping all the log data in a sql table would be nice as it offers much more flexibility on how an admin can keep track and use the data. Browsing through each log file is very inconvenient. I can search for text in the files (server-side, others with a shared server would probably have to separately download all log files first), but with the current method I don't have the following important options:

• cannot sort by any criteria
• quickly see a list of all login attempts by a specific user (i need to search each log file individually for this info)

if you had an option during setup perhaps (or elsewhere) in a future version that allowed an admin to specify the preferred logging method (separate files or a table in sql) i'm sure many admins would find it very useful to have a database alternative of keeping track of users becuase it would offer the two benefits listed above, plus more.

Hi-

Thanks for the quick response to my previous posts.

This is my issue:

I have read over all the docs and installation instructions and can't find a way to do this:

my default page in my root dir will be a log in page which will take the user once his level is validated to a "home page". Is there a page in your examples that will perform the function of this log in page? or should I rename check_user_inc.asp as the default and change it's html output to make it look like my log in page?

I also looked within the code for check_user_inc.asp and did not see where to specify where the user will go once he signs in.

Your help is appreciated

as I look at your installation more I notice that you are using MSSQl as the database type.

chances are that is the source of these problems. Fields in the sql database are most likely not all set correctly

it is very important that the sql tables and fields are set up exactly as described and that the sql script we provide runs without error

http://support.cjwsoft.com/code/moreinfo160-1.htm

if you create the sql database other than the way we tell you to or the sql script doesn't do its job setting all the field types/constraints/primary keys/etc..... for some reason .. then weird things like this can happen

at this time this is my best guess as to what is going on

I would examing the sql script we provide and compare the information set in it for each field and table to your existing SQL database to see if everything got set correctly.. I would start by checking these fields 1st of all as they are very important.... (username,password,expiration_date,admin,active)

in the meantime testing the ASPProtect system with an Access database will prove that all the ASP code is working as it is supposed to if you are interested in doing that

Hi,

Ok, well... you have a lot of stuff going on there.

More importantly than that.. you cant even log into the admin area using the admin account. There is something majorly wrong with the installation.

I also notice you havent even saved any path settings in the settings page of the admin area. I am looking that over now and filling in the missing info. That information needs to be populated.

ASPProtect v7.x runs on Microsoft IIS servers only.
That means Windows XP Pro, Windows 2000 server and Windows 2003 server. The web server must have ASP support enabled and support Data Connections. 99% of them do as it's a pretty normal thing, but you should ask and make sure your hosting plan supports it.


Before you even start please read this thread and do what it says.
If any errors show up it is important you see the real error instead of a useless HTTP 500 internal server error.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=11& PN=1

Once doing that make sure to use Internet Explorer as you follow along with these directions.

Now, unzip your installation zip file that you downloaded from CJWSoft.
Use a program like winzip and be sure you have it set up to unzip the directories as well. You can also use windows xp's built in folder compression tools to unzip the archive.

When you unzip the application you should have all of the following folders and files. (more or less, it depends on the version)

Now, you can copy all of these files into the root of your website or if you like you can make a folder called "aspprotect" and put all of these folders and files in that folder. Either way it really does not matter.

Now, contact your web hosting company and instruct them that you need permissions set on the data folder that you copied into your website. This folder and all of its child folders need modify permissions set on it for the anonymous webserver account. It is very important that they set the permissions correctly and on all the child folders as well.

Here are some threads on exactly how these permissions are set.
If you run your own server or are developing locally you can do this yourself. If not most likely you need to put in a request to your hosting company as you CAN NOT set these permissions via Frontpage or FTP.

Windows 2003 Server and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=136& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Windows XP Pro and permissions
http://support.cjwsoft.com/forum/forum_posts.asp?TID=56& PN=1

Once permissions are set.. run this page via your web browser

http://www.mysite.com/data/setup_info.asp

Replacing the part in blue with your website info.

When this page is run it will report back a screen like so:



Now, take the connection string info it shows you.
Edit the "dataconn_inc.asp" file in the root of the ASPProtect system and use that data connection information. It should be valid for the server.

If you are using MSSQL server instead of Access please see the SQL database creation directions as you will need to create the MSSQL database and use a special connection string for that.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=160& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1

Now, take the CookieEncryptionKey and PasswordEncryptionKey info that it gives you and enter it into the "config_inc.asp" file in the root of the ASPProtect system. These will be the unique keys that your encryption will be based off of.

Ok...

The files have been copied to your website, the permissions are set on the data folder, and the database connection is ready.

Now.. run this page

http://www.mysite.com/password_admin/get_me_in.asp

Replacing the part in blue with your website info.

This is a special page we use to get into the system for the 1st time.

If you get a nasty error when you run that page similar to this.

Error Type:
Active Server Pages, ASP 0131 (0x80004005)
The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory.

Then parent paths are disabled on the webserver and you need to do an extra step to deal with that. Follow this link.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=162& ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;PN=1&TPN=1

If you get any other variery of "80004005" error then there is a problem with your data connection.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=27& PN=1

Those errors are usualy related to database folder permissions or an imcorrect physical path to the database file specified though they can mean a lot of things.


Once you get the page running you will see a login prompt and one form field

You will need to paste the "PasswordEncryptionKey" value that you used in the "config_inc.asp" file in the form field and hit enter.

If all goes well you will see the admin area of ASPProtect.

Now that you are in the system you need to create an admin account.

Click on "ADD NEW USER".. fill out the info and add a user.
You really only need to fill out (first name,last name,email,username,and password)

Now save that user.

You should see a new user listed in the admin area. Click on Edit user to the left of the new account. On the edit screen check the "admin" checkbox and save the user.

You just created an Admin account.

Now click on the "log off" button on the top menu and click yes to log off.

Now close the browser. Then run this URL

http://www.mysite.com/password_admin/default.asp

Replacing the part in blue with your website info.

You should now be able to in to the admin area of the system using the new admin account you created.

You are now ready to go to the settings page so click on the settings tab in the menu. There are a lot of options and paths that need to be set on this page. Every setting is described in detail on this page. You need to go through the page and set things up properly. Anytime the page asks for a path to a url or file the page will auto generate what should be the path to use. (expected path) If your server has parent paths disabled a few of those auto generated paths will not show up. If that is the case run this url from your server and it should tell you the paths to use for those settings.

http://www.mysite.com/data/expected_paths.asp

Replacing the part in blue with your website info.

Once your all done and the system seems to be running fine you should go back and delete the following pages as they are no longer needed and pose a potential security risk.

http://www.mysite.com/data/setup_info.asp
http://www.mysite.com/data/expected_paths.asp
http://www.mysite.com/password_admin/get_me_in.asp

You should back up the original zip archive you got from CJWSoft in case you ever need those files again.

VERY IMPORTANT: The user passwords from now on will be encrypted using the "PasswordEncryptionKey" you specified in the "config_inc.asp" file.

If you ever change that key all of your passwords will be invalid and you can not get them back unless you know the key and put it back, so plan on never changing that key unless you really know what your doing and know how to decrypt/re-encrypt the passwords using a new key. (something we do not cover at the moment but probably will when we have time to make a tutorial) 

Hi, I have not gotten anything from you about it.

click on the PM button below and send it that way through the forums.

Thanks

I wonder what that ENDSQLMail send failure is all about ?
I dont use anything regarding SQLMAIL in the ASPProtect code.

I think I might need to go in so I can debug a bit. Everything seems to work fine with a SQL installation here so I just don't know at the moment.

If that is ok with you I would need ftp access or something so I can trry a few things and hopefully figure it out. Admin access to the aspprotect admin area as well so I can see what you have set up in there.

PM me with that info if you want me to take a look.

also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.

etc etc etc

so let me add this bit of info..

I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.

I am having problems accessing the admin site at the following URL:

http://www.drsweisberg.com/password_admin/default.asp

It brings up the login page, but when I enter the admin/test, it times out.  The DB is the copy with no password and it resides in a directory on the same server hosting the site but it is not in a folder viewable by web users.  This is how the dataconn_inc.asp is set:

<%
'*** Below are the only two settings you need to edit in this file
 
ConnectionString = "DSN=drweisberg;Driver={Microsoft Access Driver (*.mdb)}"
DatabaseType = "MSACCESS"
%>

The ODBC is setup and the IUSR has read/write/modify permissions.

Any help would be greatly appreciated.

Hi,

Sorry, but if  ".asp" pages download instead of run on a server then that means ASP is not working on the server and is not configured correctly. That is about as low level as it gets and it is really the hosting companie's responsibilty to sort that one out.

It is totally a system admininister's job to make sure that sort of thing is working. If this place supports ASP they really need to fix that for you. There really is nothing  I can do for you until ".asp" pages at least run.

As for the Free install... that is no problem. Of course you need to get the hosting company to fix the web before I can be of any help. There is more to that problem then permissions.

For starters I would make a simple ".asp" page with hardly anything it (even some simple html text is fine) and ask them why it is downloading instead of executing and to please fix things.

The only major usability issue I've found to date is multi-zone banners. Cloning is helpful to a point, but then if you have a change to that banner, you have to make the change 6 times or what have you. I think, even at the expense of speed, multi-zone capability for a single banner would be excellent addition. Of course, that supposes I haven't just missed it and it's already there.

ok... lets forget about all this redirecting business for a minute

when I go to "GP01.asp" directly via your web site I get a big nasty error that says this

Microsoft VBScript compilation error '800a0411'

Name redefined

/protect/config_inc.asp, line 15

Dim  Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^ 

then when I look at what you did in that file I see why

you have this code which is totally wrong because you cannot include the password protection file twice

<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<% GROUPACCESS = "*1*" %>

<!--#INCLUDE FILE="check_user_inc.asp"-->

it should be

<%@ LANGUAGE="VBSCRIPT" %>

<% GROUPACCESS = "*1*" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

and that is probably the root of this entire problem.. the redirection was working...
but you were sending them to invalid pages with errors

all those pages are wrong...

if you dont see the real error above see this

http://support.cjwsoft.com/code/moreinfo11-1.htm

if you look over the aspprotect 7 installation instructions that is the very 1st thing I tell people to do

hopefully this is the info you need to continue and get some work done

thats because you can not have exchange server running at the same time as the windows IIS virtual smtp server..

they clash with one another... and thats why the emails never get picked up by the iis stmp server

you have to send the emails another way like using a true remote mail server..  I am not sure but if your exchange server can do pop 3 you can probably use that that way

you may be able to change the pickup directory that cdosys uses under the virtual SMTP scenario, but I am not sure if that will work with exchange picking it up, but maybe it will work ok because you said it does when you paste them in there manually.. I do not really know.. you'd have to try it and edit the email sub routine to use that pickup path

"scripts/emailing_subs_inc.asp" is where you could try editing that path

If logfiles do not get created it is most likely one of 3 things

1. invalid physical path specified
2. permisssions
3. filesystem object is disabled on the server

that path doesn't look correct to me for a live professionally set up server but only you or your server admins can know that for sure

you will not get any errors when things arent perfect.. just no physical logs

RecentActiveUsers and RecentPageRequrests are not related to the stored logfile feature.. Recent Activity is a different thing

Chris -

I am encountering a problem with items showing up.  When I click on a category and then select an item to view I get

THIS ITEM IS NO LONGER ACTIVE
DO NOT CONTACT THIS USER AS THIS ITEM HAS BEEN TURNED OFF
OR THE USER HAS SOLD THE ITEM.

I have verified the item has the item_active check.  For giggles, I even unchecked with the same results.

Thoughts?

I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out

If you would like me to, I also have no problem going into your machine real quick via remote access and setting permissions / putting the right connecting string in there for you.

I need to go in as an administator though to set the permissions.

Hi, its just not something i can suppport as I do not support custmizations to the code epecially when dealing with an image component that is not supported by the application.

Sorry, its something you have to figure out. Bascially I would suggest looking at the existing asp image resizing code and using that as a guide.

Have you considered just buying a license of ASPImage and asking the host if they will install it after you purchase it. It sounds like it may save you a lot of time.

If you are ever looking for a good host for ASP. www.alentus.com is one of the best. There 9.95 plan gives you access to 3000.00 of commercial quaility asp components also which is nice.

I am trying to set up ASP protect 6 and have a problem that when a new user registers their email is not transferred to the database.

I can see the rest of their entries both in the database and in the admin/edit form but not the email.

Any ideas?

... in addition it is a virtual include not a file.  I just tried to use file instead of virtual and then the ../ includes worked on the asp pages.

This is strange because they used to work like that on the 2000 server I had these sites running on.

Anyway,

How busy your site is actually won't be the only factor. Really the application should not restart unless something happens. If the IIS application is reseting alot it could very well be the ISP restarting the server or doing IISRESETS as well or other sites on the server causing the application pools to restart.. etc etc etc  Quality ASP hosting is important. Regardless your hosting company most likely will not admit to anything be out of the ordinary.

As far as that directory deleting itself on you.. I doubt they will have an answer for that one. All I can tell for sure is I didn't put any code to delete it in there.

Well I have the web hosting tech looking into the memory issues at this point.  Unfortunately I don't have another machine to be able to run the asp on that would run it correctly so that I can just publish it over.

humm, those are some very big images to be starting off with but I am not sure that would cause a problem under the importing scenario

what width are you having the system resize them to ?

What happens when you upload a image manually (one a t a time)

Also, try the import process out with some pictures no bigger than say 1024 and lets see what happens