User Registration

The "users" folder allows users to sign themselves up and edit there accounts as well as retrieve lost passwords..

In the settings tab of the ASPProtect admin area there are options for which fields are used and which are mandatory when a user signs up. The only validation the system performs by default is checking for mandatory status. If you want to add more validation so reduce the chances of input errors that is up to you.

You can add additional server side validation by doing server side checks on the save pages... you can also make the field sizes larger in the database if you think you need to. You'll need to be good with ASP to do this.

Always backup your files before making changes to them so that you can revert back to a working copy if you mess something up.

right..

I had to open up the permissions to get it to work.  I now have to go back and uncheck each one for directory listing.. :)

ok.. There are various spots that call the end_date variable.  That is why I am asking.  Then incorporating it into the forms that have been developed, made me wonder.

I dont know. Perhaps a fresh installation in a new folder would be a good idea as well if possible..

for troubleshooting sake..

Hi

ASPBanner is great...

I have a little problem I have a ASP site http://www.bythebeach.com.au/

I understand how Zones (location on a pages) works but i need only to display those banners that pertain only to that catorgries or sub catorgries.

How would i do that would ....  Would i have to add a new field in the database...?

Any help would be greatly apprecaited

regards

Domenic

Sydney, Australia

I have noticed that during the file import, that some of the pictures get messed up.  I can import aroun 150 pictures into different albums, say 3 albums with 50 each.

I have noticed however that some of the get messed up.  What is happening is...the thumbnail will be correct, but after you click it the picture that shows up is one form a different album.

Any cure for this?

I want to try this on the machine im using now; which is windows XP.

Is this possible? I don't think i can set folder permissions on XP... there is no option to do so...

Is there a way to do it?

Hi Chris:

Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?

I'm not quite sure what the syntax would be in the URL.

Warren

I would kile to see more support for the groups function:

1. on the password_admin/default.asp page have a coulmn listing groups

2. ability to change groups in bulk eg change the expiry date for all group x members

Cheers

That would be great.

I am sure you know that many virus that are sent via email have the same property. (double extension). The code can be executed even though Windows identifies them as simple text files etc.

Thanks again

Larry,

I have a new computer up and running and am back on the Internet full time. I am here to help when you are ready to continue with this.

I went to your site to look around and "try it" like you mentioned but I can not really try anything as the admin username/password seems to be something other than the default

you password protect an asp page in your site "where that is is up to you"

http://support.cjwsoft.com/code/moreinfo171-1.htm

then you link them there from your own pages

thats all there is to it

is that what you are asking?

Additionally...any page you password protect automatically becomes a login page... where you want to start and where you send them after or before login is something you have to handle on your own

Any pages you pasword protect will prompt the user for login info if they are not yet logged in that is.

Then once logged in it returns them to the same page they are showing the page content as it would normally appear.

I am up to speed on how it works. My goal was to not have just a link to a protected page- so that when a user clicks it they get the "access denied" screen and then have to log in. My goal was to avoid that if possible by having them log in and then redirected to the protected page.

So this isnt possible? The only way for it to work is for a user to click a link to the protected page, get the denied screen, then login and be redirected?

Or is there another way..?

I made my point by rebuttling your "cafepress" with agreeing "YES" that is what i want... now you are changing this around on me. I dont think i can be ANY clearer in what i intend to do. It is extremely clear and i am not sure why its becoming more than it should be. I just want the user to be able to log in from ANY PAGE ON THE WEBSITE AND THEN BE REDIRECTED TO THE PROTECTED PAGE IF THE HAVE THE PROPER CREDENTIALS. It would be nice if this software gave an error message when an incorrect username/password was entered instead of simply refreshing the screen.

Hi,

We use ASP Protect 6.0 and the database is SQL Server. Our hosting company is charging a lot for daily and weekly backups for everything. Which directories/folders do we need to backup daily and weekly incase something happenes to the site and we need to restore and get the password-protected are that works with ASP Protect to get working.

Thanks very much for the quick reply.

That sets my mind at ease

I was just worried if users would see warnings in their firewall software too.

I realize that the admin would have to have to go through some errors...

And since we are throwing things in here... Definately, if you have your own server you need a Hardware Firewall and a Managed one at that. The internet can be pretty dangerous for business if you don't.

Plus, I agree Black Ice although in it's heyday a few years ago was considered great. It is not suitable for todays standards alone even for the normal user (But, it is required by the company I work with for VPN. I think it's stupid too using old technology. I have 2 more firewalls setup besides that just so that I do have some security. And, that's just for my PC)...

Thanks 

as far as permissions are concerned I wrote two large articles about permissions that cover everything in detail on how to properly set them

http://support.cjwsoft.com/code/info11.htm

see the windows 2003 and windows xp permission threads

From things you are saying I assume this is your server. My comments about the path looking funny are because very few commercial hosts would use the "c:\inetpub\wwwroot\" directory. If you are using that and that is correct info then that is fine.

as for knowing whether or not the filesystem object is working the best thing to do is to try to write  a text file somewhere in your web and see if it works. Testing something under the most basic scenario is the key to troubleshooting asp issues.

http://www.devasp.com/samples/writetofile.asp

you do not run "check_user_inc.asp" by itself

Pages you protect include that file at the top.. when they someone goes  to a protected page if not logged in a user then sees a login prompt..

after loggin in they see that same page as normal

its an automated process..

now, that being said if you really want to you a specify a page to be redirected to after the 1st login when you edit a users info. You can also redirect anyone anywhere like using a simple ASP redirect statement in your code.

Personally I feel that redirecting people all over the place is poor site design. ASP is all about dynamic code and ASPProtect is all about dynamically tailoring pages to the current logged in users... so why redirect people all over the place.. it justs complicates things because you still need to password protect the places you send them to.... which means twice the work and twice the confusion.


Also, here is a Version 6 thread about redirecting manually that still applies to version 7.

http://support.cjwsoft.com/code/moreinfo17-1.htm

Hi,  Its just a generic error that really doesn't mean much of anything except that something wrong with your data connection.

http://support.cjwsoft.com/code/moreinfo27-1.htm

could be invalid permissions on the database folder... could be any number of things

when setting up your connection I suggest going dsn-less.
http://support.cjwsoft.com/code/moreinfo9-1.htm

It is better/faster and also a lot easier to set up.

I'm trying to use CDOSYS.

It seems to work fine on the web page, however the mail never gets
delivered.

I can see my messages sitting in c:\inetpub\mailroot\pickup but they never leave it.

I found another folder after doing a search for "pickup".... it is:
d:\program files\Exchsrvr\Mailroot\vsi 1\PickUp     If I paste the files
into there, they get delivered.

How can I get the email to be delivered without doing the cut and paste?

I've tried it both with and without authorization.

I am running a Windows 2000 server with Exchange 2000.

Thanks.

well, I need more details..

you got SQL server or data connection issues is pretty much the bottom line

If I remember right we went down this road with a SQL setup quite a while back (auguest 2005) and that never really got resolved

here it is
http://support.cjwsoft.com/code/code_info.asp?TID=321&KW =yiak

I am having problems with a password a user wants to use.  He wants HANNAH.  When he (or I) try to log in with his username and password, I get a syntax error  -

Syntax error in string in query expression '(Username = 'changedforsecurity') AND (Password = ' éG'.
pathOnComputer../1protect/check_user_inc.asp, line 114

I've obviously changed the username and the server path in the info above for security. 

I have not messed with the encryption.   

What is it that the system doesn't like in the word HANNAH as a password?  I would just change his password for him but this guy has enough trouble just turning the computer on!  Confusing him with a new password would take weeks to set him straight. 

Thanks,
Mick

Help!.. I need to export the username and password fields to a mail merged letter so everyone knows their username and passwords. However whenever i access the database or do an export. The passwords showup as encrypted. Is there a way to access the list, un encrypted?

thanks

Hi Chris,

I have a small problem, I have installed asp photo gallery pro on a hosted site, and after eventually getting them to modify permissions on directories it is essentially working, except that it won't delete pictures from an album. If I delete an album the pictures are left in the pictures directory, but the album is no longer displayed. If I then make a new album it is labelled incrementally... ie I had one album "album_ID_1", deleted it created a new album it is labelled "album_ID_2". I would have thought that the new album would be called "album_ID_1" ie taking the place of the deleted one. It seems to me that the delete album function isn't fully working either. My hosting comppany swears that the permissions on the pictures directory are set to full access for everybody. What have I done wrong?

Thank you

Nigel

I have set up a user to be redirected to a different page when logging in for the first time.

I assumed this function would count the number of times a user has logged in. When the login count was greater than 1, the user would be taken to the default.asp 

This isn't happening. The user is always redirected.  The user login count in the database is now 9.

What am I missing?

There are several pages on my website that a user may go to that are not protected (e.g. home page).  If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?

Our knowledge base which is hosted at a remote location is protected by ASPProtect Full Version 6. I would like to allow our employee to access the knowledge base from within our internal network unchallenged. Is there a way which I can modify the code "check_user_inc.asp" to allow any one coming from say 10.1.X.X to access the site unchallenged?

Thanks,

Mo

I just finished implementing the V7 product on our site and someone made mention that on the profile form where you are asked all your personal and user information there are 2 fields for passwords.  The first field uses masking to hide the password as you type it, where the second shows it in clear text.

Now we know that the only people able to see the password are the user and the administrator, but it is playing mind games with my users as they think there is a problem with the application.  I am not a programmer (however, learning ASP slowly now!) and am not sure if you did this on purpose or if it is a bug?

If it was done on purpose, can you advise how I can make the confirm password field masked as well to eliminate the unfounded questions!

Thanks

[QUOTE=cwilliams]
Is that a real term or just something you named it cause they have like a zillion people using that SQL server?[/QUOTE]

yeah thats it, you buy into a part of the sql server so it's an sql server hotel...

Chris,

When I set up a test user name it does accept name and passwords and the passwords are encrypted, no problem there.

All I want to do is to restrict access to the protected pages to the members only. Only those users will be accepted and allowed to view.

I have entered all of thier names, address, phone number, email and company in the database, which is still named ASPProtect_access2002.mdb and in the fpdb directory of wwwroot. To get it there I uploaded via FTP.  I hope I expained the situation well enough.

you can not limit image size using the pure code upload method. Its not possible using a pure asp method that I know of.

You would have to be using one the supported commercial upload components and edit the upload code accordinly to limit upload sizes (you would do this by looking through their documentation and samples) I didnt include any support for upload file size limitations with the supported 3rd party upload components because in my testing I found it problematic with all but aspupload from persits software. (I have example coe for that component I can provide that limits the upload size and seems to do it well) I am sure it could work with safileup and dundas as well but I gave up trying.

As for image resizing..
Image resizing requires the use of one of the supported 3rd party image resizing components. You didnt mention if you are using one or not. If you dont have one available image resizing is just not possible as asp can not do that on its own.

The random password is generated during signup and the function that creates it is located on this page of code.

users/register.asp

it looks like this

Function RndStr(Length, UseChrs)
 If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
 NewStr = ""
 Randomize(CByte(Left(Right(Time(),5),2)))
 For gpIndex = 1 To Length
  NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
 Next
 RndStr = NewStr
End Function

For example go to this page and hit refresh and watch the password change.

http://www.aspprotect.com/demo2/users/register.asp

Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.

Anyway... when signing up the new user of course has the option to change that password to something they would like better...

As far as... "selecting the same user name and password every time"

I need more information. That does not make sense for a lot of reasons.

Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.

So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.

Now of course if you edited the code in any way it is possible all this is not working correctly ?

Hi,

I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working.