And I'm the one who finds those rarities!   I'm not surprised. 

Oh well...this should be interesting trying to get an 80 year old man to change his password.

Thanks for your quick responses Chris.  This is still an awesome membership system!

Mick

at this point I would say install a fresh untouched copy in the web in a different directory and lets see if it acts weird from scratch.. the we can go from there.. I dont know what is going on

i took another look at the file, and realized that when i was looking at the data structure i had confused "banner_image_URL" with "banner_link_URL". i lengthened the latter, and now all is good.

sorry for the false alarm, and thanks for a very-to-work-with product.

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

the following error message appears, but only when attempting to log off. all other parts of the program seem to be working.

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0xa04 Thread 0xa38 DBC 0x21ff024 Jet'.

here ya go

http://support.cjwsoft.com/code/moreinfo169-1.htm

The file check_user_inc.asp as the lines: (which include Session("groups")

 Here we set some valus about the user into session variables
   Session("PasswordAccess") = "Yes"
   Session("Access_Level") = CmdCheckUser("Access_Level")
   Session("Admin") = CmdCheckUser("Admin")
   Session("Active") = CmdCheckUser("Active")
   Session("Expiration_Date") = Expiration_Date
   Session("User_ID") = CmdCheckUser("User_ID")
   Session("Groups") = CmdCheckUser("Groups")
   Session("Redirection_URL") = CmdCheckUser("Redirection_URL")
   Session("Password") = RC4(CmdCheckUser("Password"), PasswordEncryptionKey)
   Session("Username") = CmdCheckUser("Username")

all that docmunetation is online as well right here so you dont really need the chm file
http://support.cjwsoft.com/code/info24.htm

the chm format is a windows format that can only be viewed on windows pcs. I do not know why you can not see it. I would do reseach on viewing CHM files on whatever operating system and version you are running because perhaps you are using a mac or linux operating system which can not natively view chm files ?

Is this the full version 7.
Did you make any changes to the code ?
Is the User_ID field still an autonumber field in the Access database ?

I do not see how this could happen unless somehow the autonumber field setting for User_ID was changed in the database?

Alternate Method to call banners from non ".asp" pages.

<iframe src ="http://localhost/aspbanner/aspbanner/aspbanner_inc.asp?Ban nerZone=4" width="468" height="60" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe>

Be sure to delete the space in the BannerZone variable above. I am not sure why it is doing that in this post.

You can try calling the banners in an simple iframe like so.
This method should work much better than the javascript method because users with javascript turned off will still see the banners. You also will not have any of the limitations the javascript method has. Iframe is now supported by most recent browsers so it is now a good solution. Here is a chart that shows which browser versions support iframe.

Be sure however to edit the height and width values accordingly as that is very important.

The ASPProtect v7.x Documentation is now available as a download in windows ".chm" format. (needs to be viewed on a windows based machine that can read it) If you are using XP with Service Pack 2 follow the instructions below or you will not be able to view the help file.

Download Documentation

You should save this file and then open it.
Just opening it from download may not work and you will not be able to read it correctly.

Please continue to check the support forum threads for the most up to date documentation.


IMPORTANT
If your are using xp with service pack 2 there are some new security features that can block the access of help files you download. So as far as the ".chm" file goes.. you have to download it... right click on it...go to properties... then  choose unblock down in the lower right corner ...then you can open and view the file correctly

Our webhost set the permissions, but the error is still there, so that is obviously not the problem.  We now have both our webhost and our asp support technician trying to figure out the problem and everyone is stumped.  Can you please provide us with the following information to help us out:

1) what is the name of the file that sets the connection string?

2) what is the name of the file, if it is different from above, that sets the password of the database?

thanks

Hi there, I am not exactly what you mean when you say "moved some of the include files to user"

are you saying you are moving files around ? I am not sure what you mean there.

but.. the parent path issue is described in detail here

http://support.cjwsoft.com/code/moreinfo5-1.htm


Having is enabled is actually a requirment of the photo gallery application as stated on the web site
http://www.aspphotogallery.com/aspgallery_pro.asp

You can certainly still use the apllication but as that article says you will need to change any file includes to virtual includes so they will work with parent paths disabled

Disallowed Parent Path

The Include file '../dataconn_inc.asp' cannot contain '..' to indicate the parent directory. 

When you get an error like this it is because parent paths are disabled on the web server. This is a setting in the IIS console for your website.

If it is not enabled on you server you will have to ask your host to enable parent paths for your website.

This is what the settings screen looks like on an XP Machine

Additional Information:

It is enabled by default on IIS4-IIS5 but in IIS6 it is disabled by default.
It is a minor security risk to have enabled and some hosts can be difficult about setting it.

Truth is, if your hosting ASP for customers you need to enable this setting if the customer requests it. Especially since 90% of the ASP applications out there require the setting.

Hosting companies should if they are serious about hosting ASP.


If they won't your only option is to go through all the code and convert the file includes to virtual includes.

http://www.powerasp.com/content/code-snippets/includes.asp

The trouble with virtual includes is they are different depending on the layout of your website. (that's why web application developers generally don't use them)

Basically if you are in a sub domain the path for the virtual include is going to be different then if you were in the root.. etc etc

Also.. someone developing on a local machine would need totally different virtual includes on the development server than they would on the live server. Server Side includes are processed before ASP so there is no way to make them SMART, so to speak. Server Side includes are hardcoded and that's that.

In my opinion virtual includes are pretty useless for commercial web based applications...  Since you don't know where the customers plan to install the apps.
And YES there are some tricks when designing the applications that make it less of an issue but they are not perfect solutions.

For example...

The virtual include below would work if the application or code was installed in the root
<!--#include virtual = /somefile.asp"-->

But if the application or code was installed in a directory called "somedirectory" the virtual include directive would need to look like this

<!--#include virtual = "/somedirectory/somefile.asp"-->

Hi,

1. Two months ago, we have set up to use the Subscription services exclusively for all new members and renews. and removed the regular payment service, a carry-over from v6.
2. Many from the "pre-subscription" service have yet to expire, thus have a populated expiry field.
3. With a 10 month bridge before we get all the members onto the Subscription service the "Send email to users that are soon to expire."
is used to remind these.
3. When members RENEW using the subscription service, the Expiry Field is not Nulled and they become targets for future reminders although they have renewed as Subscribers.

XYZ signed up on Nov. 05 2004, we send him a reminder in Oct 2005 and he renews as a SUBSCRIBER. His expiry date field is not nulled and he will keep getting notices although he has paid for another year.

Hope this is clearer... Thanks

as I look at your installation more I notice that you are using MSSQl as the database type.

chances are that is the source of these problems. Fields in the sql database are most likely not all set correctly

it is very important that the sql tables and fields are set up exactly as described and that the sql script we provide runs without error

http://support.cjwsoft.com/code/moreinfo160-1.htm

if you create the sql database other than the way we tell you to or the sql script doesn't do its job setting all the field types/constraints/primary keys/etc..... for some reason .. then weird things like this can happen

at this time this is my best guess as to what is going on

I would examing the sql script we provide and compare the information set in it for each field and table to your existing SQL database to see if everything got set correctly.. I would start by checking these fields 1st of all as they are very important.... (username,password,expiration_date,admin,active)

in the meantime testing the ASPProtect system with an Access database will prove that all the ASP code is working as it is supposed to if you are interested in doing that

SQL Server Datareader Datawriter Permissions..

here is a screenshot that shows how to set datareader and datawriter permissions on an aspbanner database using "SQL Enterprise Manager"

In this example we are making sure the aspbanneruser has those permissions on the aspbanner table in the database

If you bought ASPBanner Unlimited Version 7.3 Before August/10/2004 this file needs to be updated.

It fixes a bug where the JavaScript method is not properlly closing an html Image tag. It can cause other hyperlinks on your web page to link to the same place the banner links to. This does not always happen but this fix is the way the code should be so it is best to update it.

Copy this file into your ASPBanner folder over the existing file of the same name.

2004-08-10_125304_injectbanner.zip

I getting a strange error with ASPProtect.

 Microsoft OLE DB Provider for SQL Server error '80040e14'

Unclosed quotation mark before the character string '¾_^Ö'.

/aspprotect/check_user_inc.asp, line 114

If I check the database directly "¾_^Ö" is the exact string for the password.

Any Ideas

Hi. Chris.  I'm not a programmer of any sorts, so I am not comfortable plugging in the changes you suggested and not knowing for sure if it will "break something somewhere else".  If the programmer tells me "you have been warned", its a pretty good sign its a no win situation. If you don't know, theres no way i can know.

I saw in the code where you mentioned the changes. I don't see where it mentions the last name is required either, but the bottom line is it does require it it the actual new user form.

Thanks anyway Chris. I'll figure something out.

-john

Ok time for some more questions!!!

Is there a way to make the person's email address their default username... or force it in somehow instead of allowing them to create their own?

The parent paths things really should not be an issue.

This is an article from the troubleshooting section of the documentation that takes care of it all very easily.

http://support.cjwsoft.com/code/moreinfo162-1.htm


As for a good host that knows ASP and does not mess around when you ask for something. I always recommened www.alentus.com

We do not support customization of the code or any custom coding you may end up doing with Visual Studio.NET. However, if you can show me that the application functions incorrectly in its default unmodified form I can help. If not it has to be something you did most likely.

Though I do not if it is the issue, mixing c# and vb.net in the same project can be tricky if not problematic. It’s definitely just not something I can support.

If you have not seen it we have tuturial on setting up the project in visual studio.net.
http://support.cjwsoft.com/code/moreinfo85-1.htm

I would suggest starting with a clean installation. Test everything to make sure the things you say are ok or not. (if not post here about it) Then try your hand at editing the application and compiling it. Keep the c# out of the mix at 1st.

I am not even sure if adding c# to the same project is feasable.
(maybe it is , maybe it isn't)

That being said.. ASPProtect.NET can of course be used to protect pages using c#. But compiling the ASPProtect.NET project with C# code added sounds a bit iffy to me. We wrote the application in VB.NET so you really need to use vb.net when making changes to it.

Hi

I've tried almost anything here... I'm using an online SQL SERVER database with ASPProtect 7, and I can't login after my initial creation of the admin account.

It works fine with Access... I believe I have checked all the fields created by the sql statement (which was run with no errors),

What could be the problem here? could it be a problem that I run my local IIS against the online sql server?

sincerely,

Morten

I dont know. Perhaps a fresh installation in a new folder would be a good idea as well if possible..

for troubleshooting sake..

I log all 404 errors on my site and since installing ASPBanner, I get a lot of the following error:

/aspbanner/edit_banner.asp?Banner_ID=11&User_ID=1 contains a broken link:

/aspbanner/right1.gif

ID changes and there are various missing links.  Some missing links include:

/aspbanner/drop2.gif
/aspbanner/left1.gif
/aspbanner/right2.gif
etc.

While not critical, these are filling up my error logs and it takes time for me to sort through them.

UPDATE

Version 8.1 has code generators for these new methods built in...

this issue has been resolved.. see following thread

http://support.cjwsoft.com/code/moreinfo316-1.htm

Christopher

Found this but I dont really know what to do with it or even if its the right thing.

<%
'=========================================================== ==================='

' Application:     Utiity Function
' Author:          ; John Gardner
' Date:         & nbsp;  20th December 2004
' Description:     Used to check the validity of a postcode
' QueryString:     None
' Version:         V1.0

' Required routines:        &nb sp; None
                    
'----------------------------------------------------------- -------------------'

function Check_Postcode (byRef strPostcode)

' This routine checks the value of the form element specified by the parameter
' for a valid postcode.

' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf

' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.

  Dim strPostcodeRegExp(2)   ' holds the regular expressions for valid postcodes
  Dim intCount        &nbs p;      ' For loop counter
  Dim strPostcodeCopy        ' Copy of postcode
 
  ' Variables used to hold regular expression object  
  Dim objRegExp, objMatches, objMatch
 
  ' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
  strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"

  ' Expression for postcodes: ANA NAA, and AANA  NAA
  strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
 
  ' Exception for the special postcode GIR 0AA
  strPostcodeRegExp(2) = "^(gir)(0aa)$"

  ' Copy the parameter and convert into lowercase
  strPostcodeCopy = Lcase(strPostCode)
 
  ' Assume we're not going to find a valid postcode
  Check_Postcode = false
 
  ' Strip out spaces
  strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
  Check_Postcode = False
 
  Set objRegExp = New RegExp
 
  ' Check the string against valid types of post codes
  For intCount = 0 to Ubound(strPostCodeRegExp)
 
    ' Check next pattern in list
    objRegExp.Pattern =  strPostcodeRegExp(intCount)
    If objRegExp.Test (strPostcodeCopy) Then
   
      ' Post code found. Ensure input parameter is in correct format.
      Set objMatches = objRegExp.Execute (strPostcodeCopy)
      Set objMatch = objMatches(0)
      strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " &  Ucase (objMatch.subMatches (1))
     
      ' Show that we have found the postcode
      Check_Postcode = True
    End if
  Next
 
  ' Ensure that the uppercase postcode gets returned if valid
  If Check_Postcode Then strPostcode = strPostcodeCopy
 
End Function
%>

regards

John