far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything

once thing to be careful about

If you log in.. then log off... then go back to a page and do a refresh... you  may in fact be reposting the username and password from before.. thus logging yourself right back in

Perhaps not.. all depends on what your doing... but it is something to be careful of when testing 

1st: try it with a normal dsn-less connection like we show in the example.. dont use that OLEDB.4.0 connection string.. connecting like that can cause a lot of problems and is not as great as everyone thinks it is and it can sometimes be difficult to get it working when the database has a password set on it

For the sake of troubleshooting just connect like so: (fixing the path of course)

ConnectionString = "DBQ=C:\Inetpub\wwwroot\aspprotect\data\database\ASPProtect_ access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

ASPProtect will generate the actual connection string you should use when you run this page

http://www.mysite.com/data/setup_info.asp

Replacing the part in blue with your website info.


2nd: any IIS server setup to have the access database over the network path like that has a poor setup... and that can cause all sorts of problems as well, access is not designed to run over the network like that.. for more on that read this thread -  Start 5 posts down
http://support.cjwsoft.com/code/code_info.asp?TID=479&KW =OLEDB%2E4%2E0

3rd: If the app does not run using the connection string like I say to use then the problem is 100% on their end and is either related to permissions or the fact they are keeping the access database on a network path which is BAD BAD BAD... no quality host that knew what they are doing would set it up that way.. ultimately you don't want to host asp with a place that has a setup like that

4th: If you want to try some other stuff out we have a free guestbook, asptest, and a free version of aspbanner you can try out as well... www.cjwsoft.com

5th: If you need a quality asp host that knows what they are doing and offers great asp support www.alentus.com is the place

6th: Your right, it is not the code, its the data connection

I understand the encryption for security, but I am using ASPP for a very low security function and don't want encryption.

Can't I simply delete the code that does encryption?

If not, how can I

take my ASPProtect_access2002.mdb that was opened on my local host, with my own users added with text passwords,

export to a delimited text file, import it into ASPP with my own passwords encrypted, the use that file instead of my old .mdb file? Thanks

Christopher,

I can empathize. It can be a real pain to stablize a server and fend off hack attacks.

As for beta testing, I was referring to once you get to the point where you're ready to release it to the public whether it's this month, next month, etc.

Good Luck!

Al

no, its part the concurrent login checking system.

currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)

when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over

sorry

as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional.

I did all that you sugessted and all failed, you  said "I did a sign up.. your verify URL is not saved/set in the application variables. is this somthing I can change manually?  below are the steps I performed......

1 - made sure the web is it's own application in IIS

2 - Reset IIS in command promt

3 - Restarted the server, the only thing is I have not waited perhaps long enough for it to kick in. but it should have with the restart.

I am running windows 2003 on the front end with wondows 2003 and Exchange 2003 on the back end, is there anything else that may be causing this issure?

Thank you!

Matt...

Don't want to install the application ? Having trouble doing it ? Don't think you can ? No problem, have us install it for you. PLEASE READ ALL OF THIS Installation service is generally available Mon - Fri during the hours of 10 am - 7 pm EST. We may very well be around to do installs at other times but we do not guarantee that. To do an install we generally need FrontPage Explorer or FTP access to your site. We also need a way to set permissions on any necessary directories, etc etc. To do a SQL Server install we need to access your SQL server via Enterprise Manager. Some installs may require access to other things not mentioned. The server must be a properly set up NT/2000/2003 server running IIS 4-6 for ASP 3.0 applications. (with support for ASP scripts and database connectivity.) Parent Paths must be enabled on the server. Please Note: These ASP scripts do not run under Chillisoft ASP. That means they do not run under Unix, Linux, Apache, etc etc. We do not install our applications on free ASP Hosting solutions. Why, because they are more trouble than they are worth. Free hosts like that are usually zero help if we need something changed. There is a reason they are free. We install the software in it's base configuration. We make sure it is running correctly. If you break the installation you will have to pay to have it fixed. We do not integrate it with your existing site or edit any of your existing web content. That is up to you. Installation fees are non refundable as is the digital source code we sell. When you purchase anything from us you agree to this. We do not do installs for IPNFulfill and Color Sequence Protection as they are simple scripts and do not even use a database.. We also do not install the IPN Support Pack as it is just a folder you copy into your web and some configuration files that you must decide how to configure based on your needs and your PayPal account info.

Any CJWSoft ASP 3.0 application (Access Database Installation)	25.00
Any CJWSoft ASP 3.0 application (SQL Database Installation)	40.00

Contact us if you have any questions.

humm, those are some very big images to be starting off with but I am not sure that would cause a problem under the importing scenario

what width are you having the system resize them to ?

What happens when you upload a image manually (one a t a time)

Also, try the import process out with some pictures no bigger than say 1024 and lets see what happens

It probably is. You would have to look at the paypal documentation for IPN and see what needs to be changed in the form code.

You can get all that info from PayPal's website.

There are tons of variables and options you can use with all of their code.
They have detailed PDF files full of information on all of them.

Chris -

I am encountering a problem with items showing up.  When I click on a category and then select an item to view I get

THIS ITEM IS NO LONGER ACTIVE
DO NOT CONTACT THIS USER AS THIS ITEM HAS BEEN TURNED OFF
OR THE USER HAS SOLD THE ITEM.

I have verified the item has the item_active check.  For giggles, I even unchecked with the same results.

Thoughts?

Most likely it is no longer supported on the web server. The web host probably moved you site to a windows 2003 server which does not support cdonts or they stopped running the IIS SMTP server.

You usualy wont get an error..

it is also possible that cdonts is boned up as it is pretty flaky and that tends to happen. For example sometimes the emails it is suppost to send get caught up in the smtp pickup directory and never get sent out until the server is rebooted.

You should really ask the hosting company why cdonts has stopped working. It definetly has nothing to do with the code if it has been working all that time.  If CDONTS still is supportd tell them you emails are in limbo. Ask them to look and see if a bunch of ".eml" files are stuck in the stmp pickup directly and if so to please reboot the server.

lastly:
cdonts has been deprecated and now everyone uses cdosys.
see my article
http://www.powerasp.com/content/new/sending_email_cdosys.asp

sure (XP PRO), see my article on that

http://www.powerasp.com/content/new/windows_xp_pro_and_permi ssions.asp

Hi

I would like to ensure the the user uses a UK style postcode not a clue how to ensure this as I am new to asp. Any ideas?

regards

John

That’s about all I can tell you. It's just not something I support.

Well, I assumed I'd be able to tweak this thing but it is all so intertwined it doesn't pay to mess with any of the files. Hence, I'm going to have buy a different system only a week or two after buying the unlimited version here.

As I leave I want to give you some impressions here. While the system is low-cost, the 99 dollar version is missing a few pieces that I think would bring the value to 99. It is one thing to talk about the speed/performance, but to a degree that's hard to measure, and to anyone with web advertising on their site, performance will always run second to potential site income.

It definitely needs a user interface and registration for advertisers, and it definitely needs a single variables file for changing the hundreds of variables for which there is no control. I had to search on my own just to change the look and feel.

Lack of multi-zone support is a serious drawback. I would submit that anyone with a serious website needs it, and will gladly pay you 139 over 99 for just that one feature.

Take them or leave them, they are just suggestions.

If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.

Change the action of the form to the page you want them to log into.
Make sure to page you send them to is protected by the "check_user_inc.asp" file.

<center>
  <table border="0" width="400" height="200" bgcolor="#000000">
    <tr>
      <td bgcolor="#F4F4F4">
        <form method="POST" action="memberarea.asp">
          <input type="hidden" name="Status" value="Checkem">
          <p align="center"><font face="Arial">ASPProtect Login</font></p>
          <div align="center">
             <center>
             <table border="0" bgcolor="#C0C0C0">
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
                 <td><input type="text" name="Username" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
                 <td><input type="Password" name="Password" size="10"></td>
               </tr>
               <tr>
                 <td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
                   me signed in on this computer unless I log off.</font></td>
               </tr>
             </table>
             </center>
          </div>
          <div align="center">
             <center>
             <p>&nbsp;<input type="submit" value="Login"></p>
             </center>
          </div>
       
        </form>
      </td>
    </tr>
  </table>
  </center>

• What kind of encryption do you use with version 7?
• If I purchase version 7 and use it on my site with a new SQL database then migrate the old records from version 6 so I can by-pass the issue with my home-grown Base 64 encryption, do you forsee other issues with the upgrade?

Christopher

Found this but I dont really know what to do with it or even if its the right thing.

<%
'=========================================================== ==================='

' Application:     Utiity Function
' Author:          ; John Gardner
' Date:         & nbsp;  20th December 2004
' Description:     Used to check the validity of a postcode
' QueryString:     None
' Version:         V1.0

' Required routines:        &nb sp; None
                    
'----------------------------------------------------------- -------------------'

function Check_Postcode (byRef strPostcode)

' This routine checks the value of the form element specified by the parameter
' for a valid postcode.

' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf

' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.

  Dim strPostcodeRegExp(2)   ' holds the regular expressions for valid postcodes
  Dim intCount        &nbs p;      ' For loop counter
  Dim strPostcodeCopy        ' Copy of postcode
 
  ' Variables used to hold regular expression object  
  Dim objRegExp, objMatches, objMatch
 
  ' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
  strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"

  ' Expression for postcodes: ANA NAA, and AANA  NAA
  strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
 
  ' Exception for the special postcode GIR 0AA
  strPostcodeRegExp(2) = "^(gir)(0aa)$"

  ' Copy the parameter and convert into lowercase
  strPostcodeCopy = Lcase(strPostCode)
 
  ' Assume we're not going to find a valid postcode
  Check_Postcode = false
 
  ' Strip out spaces
  strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
  Check_Postcode = False
 
  Set objRegExp = New RegExp
 
  ' Check the string against valid types of post codes
  For intCount = 0 to Ubound(strPostCodeRegExp)
 
    ' Check next pattern in list
    objRegExp.Pattern =  strPostcodeRegExp(intCount)
    If objRegExp.Test (strPostcodeCopy) Then
   
      ' Post code found. Ensure input parameter is in correct format.
      Set objMatches = objRegExp.Execute (strPostcodeCopy)
      Set objMatch = objMatches(0)
      strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " &  Ucase (objMatch.subMatches (1))
     
      ' Show that we have found the postcode
      Check_Postcode = True
    End if
  Next
 
  ' Ensure that the uppercase postcode gets returned if valid
  If Check_Postcode Then strPostcode = strPostcodeCopy
 
End Function
%>

regards

John

Just wanted to let you know that after modifying the remote host string in the email pages and getting the correct connection from my server, everything is running fine.

I hope you enjoyed your vacation.

thank you
adam

See, and that's what I thought.  What's interesting is that if I call either an aspx page or an asp page in the iframe tag, it asks me if I want to open the page, it doesn't display it.  I'm using IE6 so there's not problem with the support for the tag.

I'll keep looking to find out what's going on. I think the iframe method might work best.

JDooley

I am still a little confused... one thing I would like to mention is that the passwords in the aspprotect database are encrypted... meaning you cant just add a password to the user database by hand because it wont be the encrypted value and wont work.

It is something the application takes care of when you add a user via the web based interface.

You can however still add users manaully or with careful import/exporting... but you will have to use the existing password conversion technique which is covered at the end of our upgrade instructions in these forums.
http://support.cjwsoft.com/code/moreinfo174-1.htm

Basically you want to add a field to the "ASPP_Users" table called "Old_Password" and that is where you enter the password in plain text. Then after you are finished adding users to the database manually you do this.

You want to run a special page via the browser.

http://www.mysite.com/password_admin/convert_to_encrypted.asp

Which will convert the passwords to the encrypted value for you.
See the bottom of this thread for all the info on that.
http://support.cjwsoft.com/code/moreinfo174-1.htm

How can i get to this to register someone in the database only after the Paypal payment has been accepted.  I was testing it out to see if it makes it to my Paypal account (which it did just fine) then I closed Paypal before paying.  I logged in as the administrator and looked at the member list and the account was created anyway.  How can I stop this from being created until "only" after the Paypal payment has been "approved"?

What if this person never comes back to "try again"? Now the username he used (and is inactive) is not available for anyone else to use.  And it takes up database space.

I am using the Paypal (non-subscription)

Thanks in advance,
scottyFlasher

I just told you a lot of different things to try... and I doubt you have tried them in the time since I mentioned them

I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out

ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Data.Odbc.OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[OdbcException: ERROR [HY000] [Microsoft][ODBC Microsoft Access Driver] Operation must use an updateable query.] Microsoft.Data.Odbc.OdbcConnection.HandleError(IntPtr hHandle, SQL_HANDLE hType, RETCODE retcode) +27 Microsoft.Data.Odbc.OdbcCommand.ExecuteReaderObject(CommandB ehavior behavior, String method) +838 Microsoft.Data.Odbc.OdbcCommand.ExecuteNonQuery() +80 aspprotectnet.aspprotectlogin.Login_Click(Object sender, EventArgs e) +2284 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEven tHandler.RaisePostBackEvent(String eventArgument) +57 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain() +1292

Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300

I am getting this error message when trying to log in as admin or registering a new user. I am using Windows Server 2003 and it is a DOMAIN CONTROLLER.

I have read that there is NO ASPNET account for a domain controller. In its place is the IIS_WPG account. I have given this account and the IUSR account FULL CONTROL.

STILL GETTING AN ERROR. ANY SUGGESTIONS???

Regarding hosting companies..

Now.. obviously if you are hosting on someone elses server you may not be able to set permissions like this.

Ultimately, if you are hosting somewhere and ASP and Database connectivity is part of your hosting plan. It is the hosting company's responsibility to set these permissions for you when asked or to give you a special interface to do so on your own. If they are not helping you do this then maybe it is time to get a hosting company that is serious about your ASP Hosting Needs.

Also... JUST TO BE PERFECTLY CLEAR

The permissions we are talking about cannot be set via FTP or Frontpage access to your web site. They must be set like shown above or via a special interface meant to set the permissions correctly. For all you people out there messing with the permissions you see in FTP and Frontpage.. you are wasting your time and possibly creating problems in your web.

All ASP scripts that communicate with an Access Database, Upload Pictures, Modify Text files.... are going to need these permissions set in some way or another. We have no control over that fact.