Blog Entry: 3/25/2006 4:46:39 PM
at this point I would say install a fresh untouched copy in the web in a different directory and lets see if it acts weird from scratch.. the we can go from there.. I dont know what is going on
, Please Note : Users with the option pack a new feature called groups that is much more powerful than access levels.
More On Access Levels
Again, Examples of managing Access Levels are provided in the "multiple_access_levels" folder included in the root of the Password System. Look at the source code of the ASP pages in that folder with a text editor to see the working code.
Access Levels and how they work can be re-coded to work in many different ways. However, you have to be a good ASP developer to make changes to it. Here is some information on how they work by default and also info on an alternate scenario we have provided.
In the "check_user_inc.asp" that comes in the root of this system Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 1,2
Level 3 has Access to - Level 1,2,3
Level 4 has Access to - Level 1,2,3,4
Level 5 has Access to - Level 1,2,3,4,5
Level 6 has Access to - Level 1,2,3,4,5,6
Level 7 has Access to - Level 1,2,3,4,5,6,7
Level 8 has Access to - Level 1,2,3,4,5,6,7,8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
The "check_user_inc.asp" included in the "extras" directory is an example of changing the access level checking code
to work differently. In that "check_user_inc.asp" Access Levels works as follows.
Level 1 has Access to - Level 1
Level 2 has Access to - Level 2
Level 3 has Access to - Level 3
Level 4 has Access to - Level 4
Level 5 has Access to - Level 5
Level 6 has Access to - Level 6
Level 7 has Access to - Level 7
Level 8 has Access to - Level 8
ADMIN has Access to - Level 1,2,3,4,5,6,7,8,ADMIN
If you get creative you can create some interesting access level checking scenarios.
Here is some additional info..
If the access levels are too restrictive you can ignore them all together and create your own totally custom solutions.
Here is a quick rundown of some of the things you can do.
Ok... so if you want to be really specific about what each user can see and
can't .. here's an example of what you can do
Don't use the access levels before the include file..
Don't worry about what you set a user to in the admin area since the access levels won't be used.
Do something like this..
Every time a user logs in session variables are set that you can access at
any time.. thus allowing you to know who they are.
So you could do something like this...
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<%
If Session("USERNAME") = "bob1267" or Session("USERNAME") = "carl45" or Session("ADMIN") = "True" Then
Session("PASSWORDACCESS") = "Yes"
Else
Session("PASSWORDACCESS") = "No"
Response.Redirect(Request.ServerVariables("script_name"))
End If
%>
The following URL explains what Redirects are.
http://www.powerasp.com/content/code-snippets/redirects.asp
That would in effect create totally custom access levels.. but you would
have to do it manually for each user.
You can also do things like this after a person logs in
Show custom html to any specific user based on either their username or
access level ... like so
say there was a menu and a certain link should only show up to username
"paully67"
you could do something like this
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<br>
<a href="main.asp">Home Page</a>
<%
If Session("USERNAME") = "paully67" Then
%>
<br>
<a href="paullys_page.asp">Pauls Stats Page</a>
<%
End If
%>
<br>
<a href="links.asp">Links Page</a>
</BODY>
</HTML>
Or you can show custom HTML or links based on Access Levels or any other info.
You can do just about anything with if-then statements and
using the built in vbscript functions..
Hopefully this info will help to give you some ideas...
Bottom line is you have to do some work within your site to make the Access Level system really come alive.
cwilliams38114.6506712963,
you can whatever you like but like I said those gif files are already in the correct place. The log parser is messing up. , Actually, as far the "aspprotectnet.dll" file goes it makes sense because of the following.
The "aspprotectlicense.dll" is something we do not provide the source code for. We also do not compile it in "debug" mode because you not want dll's running in "debug" mode in a production environment and we also do not want that dll in debug mode because of reverse engineering reasons.
Now, that being said that DLL is no different than any other 3rd party dll "so to speak" that you would use in a project. Many of which will not be in debug mode and you will also not have the source for.
"Microsoft.Data.Odbc.dll" being an example
Regardless, there must be a way to do what your trying to do. I am just not sure at the moment. It is nothing anyone has brought up before and I personally have never had any issues like that when I work on the application so I am just not sure.
It probably has something to do with the way you set up your project., The version of aspbanner you have should not matter.
What you are doing here is wrong.
<PARAM NAME=movie VALUE=" http://www.innovationtools.com/aspbanner/aspbanner/banner_re direct.asp?Banner_ID=25">
PARAM NAME=movie is supposed to link to your ".swf" file.
And thats why all you see is black.
I don't think you quite understood all of that information fully.
Your ".swf" files needs to be coded in FLASH to link to the aspbanner redirect url. You don't change that flash calling code like that.
The ".swf" file links to the aspbanner redirect url which tracks the click and then redirects the user to the Link URL
You basically need to code your ".swf" flash file to go to that aspbanner URL or code your flash file so it can take a parameter for the url it clicks to (like the macromedia article talks about. This has to be done when editing the flash file in the flash editor before the file is saved.
If you dont have access to the original ".swf" to edit it and re-save it.. your out of luck as far as tracking clicks goes
,
I have switched to Alentus and have the permissions set correctly and Parent paths turned on. I cannot figure out how to connect to the database. Should I have the database in the aspprotect/data/database folder, or in the data folder that Alentus has in my root directory? once that is determined, how do I decide what the path to that database is? I have tried many things, but this is what the setup page tells me to enter in the data_conn file DBQ=D:\Websites\www.mysite.com\aspprotect\data\database\ASPP rotect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp
Thank You
, you password protect an asp page in your site "where that is is up to you"
http://support.cjwsoft.com/code/moreinfo171-1.htm
then you link them there from your own pages
thats all there is to it
is that what you are asking?
Additionally...any page you password protect automatically becomes a login page... where you want to start and where you send them after or before login is something you have to handle on your own
Any pages you pasword protect will prompt the user for login info if they are not yet logged in that is.
Then once logged in it returns them to the same page they are showing the page content as it would normally appear.
cwilliams38455.7128356481, Not really. The way I thought activity would work is that I would always see the last 50 users. Not sure what controls that and why I wasn't seeing it, but it sounds like it is an IIS thing and since my site is not all that busy, it will not show the users if some process has reset the numbers. Not a big deal.
As for the log files, I think it is related to my other question regarding the export directory. I have the ISP looking into things at thier end to see if they are doing anything that could cause the directories to disappear.
Thanks,
Dave
, I'll give it a shot loading it on the laptop and publishing it, if it doesn't work I'll let you know and you can take a look at it tomorrow afternoon. Thanks for all the help tonight...
Good luck pouring that concrete!
, [QUOTE=cwilliams]
something weird is going on
[/QUOTE]
Yeah that's my impression too. I've done a lot of searching before posting this problem, but haven't solved it. Maybe it has to do with the sql-server/hotel?
Though I have compared carefully what goes on (and it should all be good) it could still be the problem? I have now made it work on a local msde sql server too.. 
, Christopher
We are actually having a lot of problems with this software.
Apart from the above problem of the email not being in the database as details above we also do not get any reply emails from any forms, the mass email button does not appear and the forgotten password does not send emails either.
We have CDONTS Version: 2.80 Installed as the email system, this is operational on the server. I have tested this with server_info.asp to check.
I can email you direct any other information you may need.
Regards
, (Password Expiration Mod) for ASPProtect Version 7.x
This Advanced Mod requires decent knowledge of Databases and working with ASP. I originally wrote something like this for a customer on a custom project. I then took the time to re-write all the code from scratch so it could easily be plugged in to the current version of ASPProtect as an option. All in all this mod took me over 15 hours of time to develop and will save you a ton of time & money if you were planning on writing something like this on your own. Some parts of this were so difficult to get working that I would never have written this code if I was not paid to do so. (The encrypted array that rotates through the last 12 passwords was quite frustrating to get working)
The price on this is 19.95. I am not incorporating this into the base product because it makes things more complicated and isn't for everyone.
Purchase Page
Security is a big concern and making your users change their password every so often is a good idea. Keeping track of previous passwords they used and making them choose something they haven't used before takes the concept even further.
This Mod will add a password expiration date to the application. When the password expiration date is hit the user must confirm their old password as well as pick a new one before they can log in again.
There is a new password expiration directory where they must choose a new password that has not been used before. The new password must be confirmed during this process. (It remembers 12 old passwords the way it is coded) The old passwords are stored in the database in an encrypted array.
Directions:
Back up your existing ASPProtect installation.
Add two new fields to the "ASPP_Users" table in your database.
For an MSAccess Database
Password_Expiration_Date (Date_Time Field)
PreviousPasswords (Memo Field)
For a MSSQL Database
Password_Expiration_Date (smalldatetime)
PreviousPasswords (nvarchar 160 characters)
once that is done
Copy all the new ".asp" pages into your site.
Edit the "PasswordExpirationURL" variable in the "check_user_inc.asp" file
It needs to be the full URL to to the "change_password/default.asp" file
Now edit the "change_password/processchange.asp" file
There are 3 variables you can edit.
PageSentToAfter = "http://localhost/aspprotectmods/password_admin/default.asp"
PassMinLength = 4
PassMaxLength = 8
The "PageSentToAfter" is where you want them sent to after they change the password. It can be whatever you like.
If it is a protected page they should automatically get logged in with the new password they just changed to which is nice.
The other two values should be obvious.
That's it...
Just remember the password change thing is not used in the admin area...
You could easily add code for that on your own though by looking at the the password expiration code I added to the publics "check_user_inc.asp" file
Also:
You will see a new field to edit on the user edit screen for the Password Expiration of course. , Hi, I haven't heard anything from you.
Has this issue been resolved ?
Thanks
, if you are talking about IPN subscriptions and how they work paypal has detailed manauls on their site.. if you are talking about asp.net in general there are probably a lot of good books..
the reason I said look at the aspprotect 7 code is cause the applications and database are very similar and the same techniques will apply for the most part as far as how the ipn subscription posts from paypal talk to the database and what happens during the various post events.. etc etc etc , Looks great. I can't wait until this will be released. Will there also be an easy way to migrate my current version ?
Hans
, False alarm. Dumb user alert (both the classifieds customer and me).
When I test fixes, I need to be looking at the right Ad_ID to get correct results 
, recent activity infomation is temporary and mantains itself per application start up.. when the web application restarts for whatever reason the info is reset
a reboot, an iisreset on the server, application pool restarts, etc etc
this is done because if that info was saved in the database your database would get huge real quick
logfiles however do not do that and are permanent
, Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?
I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?
, Hi there...
I'm using the gallery script with ASPImage for uploading and resizing.
I bought this script and the componant for the the auto-thumbnailing
feature, and it is indeed uploading and resizing and creating a
thumbnail.
But the thumbnail is *tiny* at 64px wide. I need to change the width,
but I can't find anything in ASP Gallery or ASPImage to indicate where
that width is set. Can anyone help?
Thanks!
, Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS?
, After I approve someone's username and password, then go to send them the default e mail telling them of the approval, the e mail never goes through. The e mailing used to work well for many months, but it stopped working. Any thoughts?
Spider
, Editing the look of the login page.
In this version editing the look of the login page is very easy.
You can make this login page look exactly like you web site if you like.
You want to edit the "scripts/login_form_inc.asp" file.
It can be edited with any editor as long as the existing bits of server side code in it and the login form remain in tact.
The best thing to do is back it up before you start editing it.
Then if you goof it up you can revert back to the original.
If you edit this page with FrontPage enable the "show all" feature.
Its the little PIE sign in your icons. It will show the server side code as yellow things on the screen so you know where they are and can be careful not to delete them.
see screenshot
cwilliams38448.8132638889, in Control_pic.asp is there way to wrap the description field so that it doesn't go outside the table.
Thanks
, Is there a way to set various members to upload a limit of photos. So, one member can only upload 5 photos in 1 album and another can upload 30 photos in 2 albums. Even if you just set a permission for the number of uploads for each member.
Thank you
, You need to make sure you created the SQL database using the SQL scripts we provide and that no errors occur whatsoever. That is extremely important. You must use our SQL creation scripts.
Then, when you create the user you need to go back to that user and make sure you check the admin account and save that user again. (many times when setting up a system for someone I find myself forgetting that step and then I have to go back in and check the admin box for the user I created.)
And of course create the user from the ASPProtect admin area web interface. Do not add the user to the database manually because you will have no way to enter the password correct as it is encrypted. And do not change the encryption key after making the user/.
It would also be wise to check the SQL server database at every step to make sure the user info gets created and that all the field info looks correct for the most part.
You also want to be sure to specify SQL as the database type side the connection string info as the SQL directions go over
a remote sql server should not an issue.
thats really all I can think of right now
, Yep, thats my thinking as well.
On the test server I have the site connected to a SQL 2000 db with the sa account, so it should have full control. But still no luck.
However, on the test server, I connected to the Access 2002 db and it works fine..adding user, adding categories, adding albums.
Weird
, You are not supposed to use "../" with a virtual include
Thats goes against what a virtual include is and makes no sense.
When using a virtual include you give the path as if accessing from the root of the main web / virtual directory
I find it very hard to believe it ever worked like that and if it ever did it was wrong.
cwilliams38434.6703356481, I cleaned up the code as you suggested, and I still can't get the images to display without the whitespace around it.
How do I download the ASP version? I'll give it a try.
Thanks for your help,
JDooley
, well, I was curious myself so I just tried it.
Good news is it worked just as I thought.
Only problem is your changing things to allow authentication info to be passed over the net in a url. If you can live with the security implications then it will work. I mean a sniffer could see that and end up knowing the username and password.. not likely but just putting that out there.
Of course now that I think about it unless you are running under SSL (https://) when you log in normally that info is in the post info anyway and possible to get at.. course not right out in the open like when you put it in the url and less likely to be noticed.
As long as your not doing it to access critical areas like the admin pages... and you monitor the log files once in a while it's probably nothing to worry about.
, Its not a known issue.. I would try the original code before you made any changes and see if it still happens to you.
It seems to be working fine here for me in amy test web.
I am going to look into some more in the meantime.cwilliams38341.7166782407, Hi,
I have a question re ASP Protect, I have got it up and running on a dev server which also hosts a e-com engine (ASP / Access), when users check out they are presented with the e-com log in screen (which is sharing the same ASPP_User table). All's well and registration and editing user details is fine both in the Admin section and the front end of ASP and if I request an email reminder from the ecom scripts I get back the encrypted password.
I'm using <% = Session("Email") %> and <% = Session("Password") %> to populate the fields on the ecom log in page so users can click though and progress, the checkout process needs the username/password, all user info shows up ok, however, when I proceed with these credentials, it doesn't work, even though I know these to be correct and even without requesting a password reminder and using the one that gets me in everywhere else, I still can't get through? do I need some code re the crypto so the ecom can decode??
Any help would be great - I've been on it for about 10 hours, and checked through the posts here but can't fathom it out?
Thanks Craig
, Right, I've done that. My concern is that it will time out again while I'm trying to import the file.
The import/export manager does not show up under the users tab when I log in normally. I have to pull up the page in frontpage and then preview it a browser to get it to show.
, well, ultimately it comes down to this and this is stated in the footer of every page in the cjwsoft family of websites.
"In some cases in order to receive proper tech support your application will be need to be installed on a live professionaly setup server on the Internet. We simply cannot troubleshoot all issues when the application is only installed on your local machine."
and if you have some sort of weird timeout going on on your local machine and cant even give me a detailed error message there is just no way I can possibly troubleshoot it... I told you what to check and thats really all I can do... all my applications run on XP. As a matter of fact I do all my development on XP boxes.
It could be any numbers of things... odbc drivers, versions of vbscript... other software on the pc interfering such as antivirus script blockers like norton... all sorts of issues can pop up on personal machines running xp
If you put this up on a live professionally setup web server I can help you. On your local machine there is only so much I can suggest. , Because employees and sales reps might leave or go to work at competitors without our knowledge and we can't have them get an perm account so we need to implement some sort of expiry and then review their account with them., That's exactly what it was.
The site owner couldn't see their own ads because Norton was blocking anything with the word ad in it.
On another note: I changed the word 'ad' to 'listing' and got it to show even with Norton.
, this could go on forever...
if you want PM "private message" me info to log into your site.. show me the pages we are dealing with...
and I will take a look at it all...
CJW
, If you have messed up the admin account or forgotten the admin password you generally should open up the database manually and add a new account or see what the old account is.
In version 7 however you have another option. Go through the installation instructions again. Specifically the part where you use the "get_me_in.asp" page to get back into the admin area by pasting in the password encrpytion keye you are using from your config file. , Is there somthing I need to change in the settings to get the hit count to update?, You edit the web.config file that came with ASPProtect.NET.
You find this tag
<customErrors mode="RemoteOnly" />
you change it to this
<customErrors mode="Off" />
If you have a different web.config file in your root I suggest you make sure the tag is set to off there as well for troubleshooting sake
If done correctly you will get a detailed error
It's basic low level ASP.NET stuff really and does not have anything specific to do with ASPProtect.NET.
You also need to make sure your web is set up correctly for ASP.NET and that the correct web.config's are firing..etc etc
cwilliams38454.4368055556, Simply not possible, that feature is one of the most complicated things I have ever coded. I am very serious when I say that. There is simply no way to make it do that without spending like 80+ hours on the code and even then I do not know how it would work. There is some very slick stuff going on there and there is no simple way to change it like that. ,
Timecard Entry: 3/25/2006 4:46:39 PM
assisted Robbie with tech support question, Uploading timecard system to exchange server and working on code that logs users on using network password authenication, email/voice mail
go over info with tim, met with hacketts to discuss ideas for the site they would like to do, Review WDT proposal, Calls really started pouring in. , Took in 8 calls altogether. Emonitor was Red before my shift and seems everyone was busy I called Andy. Was the Radius2.gisco., mail and petty bag, entered Staples check, TICC - entered & paid bills, filing, lunch, Feedback, Expired users, AUQ, Took 2 phone calls, one a signup (yay!), Meetings and errands in Watertown, trying to corner head shed on Warrior Blood site, To Watertown - 70 miles, jason trying to upload powerpoint to web, Answered tech related calls. Checked online issues, rad log, and ask a question emails. Also called expiring users., Take care of cust. support requests, lowville was down. did a signup, Email- organized, Took some business calls., jefflewismediation.com - added admin, converted all static pages in web to dynamic ASP pages, redesigned navigation system to support events calendar, added user login/admin and events calendar., TICC, crediting accts, looking up stuff for Seth, discussing bills, etc, fix a few problems with web sites., reception (phones, customer service, receipts, PC Bundle info, sign ups, researched iPAQ for upcoming bundle, Crispen brought me a book on how to do VB progress bars., Review CREG transaction documents, catchup on emails, Lunch,
