My Admin user got corupted, and I need to reset the password and user, what is the defualt password for this database, as I do not think I have changes this (hopefully) as of yet.

Regards,

Paul

its just an example connection string in the datacon_inc.asp file
you have the edit it to make sense for you..

the readme.txt file with the sql directions tells you this if you use that script

------------------------------------------------------
Examples of using DSN-LESS connections.

The "SERVER" and "Data Source" settings are either the Network Name for the SQL Server or the IP Address.
For local servers you can also use an IP of "127.0.0.1"

GalleryConnectionString = "Driver={SQL Server};UID=aspphotogalleryuser;password=temp;DATABASE=aspph otogallery;SERVER=127.0.0.1"

or

GalleryConnectionString = "Provider=sqloledb;Data Source=127.0.0.1;Initial Catalog=aspphotogallery;User Id=aspphotogalleryuser;Password=temp;"
------------------------------------------------------ 

Chris,

I've given the IUSR account modify access for the aspprotect folder.

In the ODBC manager module on the webserver I've taken out the aspprotect access driver option.

The dataconn_inc.asp line reads as

ConnectionString = "DBQ=D:\missourirealtor.org\members\aspprotect\data\database \ASPProtect_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Now this should make it DNS-less correct? with the permissions set properly?

I've also taken out the password on the access database.

The original database of users I had was an access database from a different program called spooky login.  I exported them into a tab delimited file and changed the column headings to match those in aspprotect exactly.  Actually access would not let me import them in the databases without them being exact.

I imported that information directly using access's import options.  I tried the import/export manager in aspprotect but kept timing out as well.

It happens at least once per hour or every time a banner is edited in the system by the admin.

Changing its frequency would be somewhat complicated. You'll have to make changes to the code in a few places and you will effect performance adversely by doing it more often as it will mean a lot more database queries which defeats the purpose of doing it once per hour to conserve resources. The reason is when you change the frequency of that you also change the frequency of the entire banner application variable caching system. It difficult to explain but it unlike most banner systems out there it basically fetches banner rotation info every so often instead of every single time your page needs a banner. It stores this rotation and cycling information in ultra fast application variables. The docs actually go over a little bit of how that process actually functions under "using the system / Setting Up Banners
"

Its a customization I just can not support and I do not recommend doing, but if you really want to you should look at the "aspbanner_inc.asp" file

this is the part that makes it happen at least once per hour (requires visitors to your site to happen obviously)... you'd have to cleverly recode it to work slightly more often

' Checks the time the banner data was last updated and basically updates it if an hour or more has passed
If Cint(Application("BannersLastUpdated")) <> Cint(Hour(time)) Then
%>
<!--#INCLUDE FILE="appinfo_inc.asp"-->
<%
End If

There may be more to changing this than that, but this is all I can tell you.

you have to check the session variables for groups a little differently.. info on that is here

http://support.cjwsoft.com/code/moreinfo198-1.htm

That would be great.

I am sure you know that many virus that are sent via email have the same property. (double extension). The code can be executed even though Windows identifies them as simple text files etc.

Thanks again

The random password is generated during signup and the function that creates it is located on this page of code.

users/register.asp

it looks like this

Function RndStr(Length, UseChrs)
 If IsNull(UseChrs) OR (UseChrs = "") Then UseChrs = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+=-"
 NewStr = ""
 Randomize(CByte(Left(Right(Time(),5),2)))
 For gpIndex = 1 To Length
  NewStr = NewStr & Mid(UseChrs, Int((Len(UseChrs)) * Rnd + 1), 1)
 Next
 RndStr = NewStr
End Function

For example go to this page and hit refresh and watch the password change.

http://www.aspprotect.com/demo2/users/register.asp

Yes, sometimes if you hit refresh quickly over and over you'll get the same password, but not generally. Also that is not something that would happen normally as a user isnt going to sit at that screen and hit refresh over and over.

Anyway... when signing up the new user of course has the option to change that password to something they would like better...

As far as... "selecting the same user name and password every time"

I need more information. That does not make sense for a lot of reasons.

Most importantly because usernames are not generated. The are inputed by the user during signup. They are then checked to ensure they do not already exist before the user is allowed to complete their signup.

So under normal circumstances there can never be duplicate usernames in the system or even users with duplicate emails as that is checked as well.

Now of course if you edited the code in any way it is possible all this is not working correctly ?

It probably is. You would have to look at the paypal documentation for IPN and see what needs to be changed in the form code.

You can get all that info from PayPal's website.

There are tons of variables and options you can use with all of their code.
They have detailed PDF files full of information on all of them.

Well I have the web hosting tech looking into the memory issues at this point.  Unfortunately I don't have another machine to be able to run the asp on that would run it correctly so that I can just publish it over.

Hi,

Sorry, but if  ".asp" pages download instead of run on a server then that means ASP is not working on the server and is not configured correctly. That is about as low level as it gets and it is really the hosting companie's responsibilty to sort that one out.

It is totally a system admininister's job to make sure that sort of thing is working. If this place supports ASP they really need to fix that for you. There really is nothing  I can do for you until ".asp" pages at least run.

As for the Free install... that is no problem. Of course you need to get the hosting company to fix the web before I can be of any help. There is more to that problem then permissions.

For starters I would make a simple ".asp" page with hardly anything it (even some simple html text is fine) and ask them why it is downloading instead of executing and to please fix things.

People who have the option pack have a new feature called groups.

Groups are meant as a replacement for using the access levels as they are much more powerful. Support for pages protected using access levels is left in tact for backward compatiability for a customers older protection code.

A customer recently told me groups could not be used like access levels and that 8 access levels was not enough. This is how I explained that groups can do everything access levels can do.



Groups can honestly do everything access levels can do if you really think about it.
Using groups and protecting pages accordingly you could actually create a system that basically worked identically to the way the access levels works.

For example..

You make 8 groups and assign users to them accordingly

Protection code on page allows access to groups 1-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "1,2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any one of those groups would have access..

Protection code on page allows access to groups 2-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "2,3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  2-8 would have access..

Protection code on page allows access to groups 3-8
The aspprotect system generates this code for you…

<% GROUPACCESS = "3,4,5,6,7,8" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->

In this case a user assigned to any group between  3-8 would have access..

It's real easy actually if ya sniff around the source code.
ASP is so easy to (work with/edit) even if you dont know any code.


edit   "save.asp" with a text editor

change

If Request("First_Name") = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a First Name.\n\n")
End If

to

If Request("Company_Name") = "" Then
  ErrorMessage = ErrorMessage & Server.URLEncode("You must enter a Company Name.\n\n")
End If


From looking at that save code I dont see where Last_Name was required. The only name I saw required was a 1st name.

Also.. making the First_Name not required may break something somwhere else. I dont think it will but it might. You are warned.

If you have found out that parent paths are disabled on the web server you can still use the application.

Before you continue.

If it is your server consider enabling parent paths to solve the problem.

If it is not your server consider asking them to enable parent paths for your web site to solve the problem.

If that is not possible please download this zip file.
2005-02-20_150703_aspprotect_v7.x_alternate_include_file_pat hs.zip

This zip file contains 3 sets of alternate files depending on your situation. You simply replace your existing aspprotect v7.x files with these new ones.

The zip file contains the following folders and files.

Below is the contents of the readme.txt file which explains everything.

The following folders each have a version of all the files in the ASPProtect system that might need to be edited in case you need to change the paths for the server side include files. There are 3 different scenarios.

(parent paths enabled) - This is the way the application comes.
The files in this folder have FILE server side includes containing "../" information. While these includes will work when the applicaion in is any location of a website they will not work if parent paths are disabled on the web server. Generally you will want to use these on your xp development machine. You can of course use them on your real server if parent paths are enabled. Parent Paths are now disabled on II6 by default and some hosting company will not enable them.

(domain root)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in the root of your web domain. For example if your domain was called "www.somedomain.com" the following aspprotect files and folders would end up like this
"http://www.somedomain.com/check_user_inc.asp"
"http://www.somedomain.com/password_admin"
"http://www.somedomain.com/users"

(domain directory)
The files in this folder have VIRTUAL server side includes in them.
These includes only work when the applicaion is installed in a directory called "aspprotect" in the root of your web domain. For example if your domain was called "www.somedomain.com" the
following aspprotect files and folders would end up like this
"http://www.somedomain.com/aspprotect/check_user_inc.asp"
"http://www.somedomain.com/aspprotect/password_admin"
"http://www.somedomain.com/aspprotect/users"
You can change the name of the "aspprotect" directory but you will will have to edit the includes in the files.

Lastly, if you are on a local machine and insist on using the VIRTUAL INCLUDES you would also use the (domain directory files) even though you dont have a domain on your local machine most likely
For example if your site was installed like so.
"http://localhost/aspprotect/check_user_inc.asp"
"http://localhost/aspprotect/password_admin"
"http://localhost/aspprotect/users"

I'm all set - after thinking about your replies - i checked a bit more and changed the email component type -- thanks again for all your help.

I am getting the same error looking at the previous post, I looked in settings and my Registration-URL is pointing at the correct location.

Is there any other thoughts on this issue

Thank you!

Matt2112

ASPProtect v7 comes with working example code of protecting an image from being downloaded and also protects the true file location of the image on your server..

This comes with the system as an example folder with some files in it.

Basically we protect the image in 2 ways.

All in all this is should be very effective protection. Yes, there are still ways to get the images like doing screen captures, but this will ensure that people viewing images are logged in to your site. This will in most cases keep them from right clicking and saving the images. This will ensure that people can not tell other people the image's url location and it will ensure other sites can not leach your images and bandwidth.

For the image protection examples to work you may need to edit some values
in the stream_pic.asp file that are valid for your setup.

Look at the source. The values you can edit are commented.

Now, you also need to call a valid "image file name" from the call_pic.asp file which is an example of how you protect a page with javascript and call a streamed image using an image tag.

Lasty, here is a great article I found on image protection and some of the things you can do about it and some of things you cannot.

http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID =41

The stat not show when  impression over  xxxxxx

I use  aspbanner v8.1   MS SQL version

Total Impressions	83523
Total Clicks	7
Total Clickthru	.0%

Microsoft VBScript runtime error '800a0006'

Overflow: 'CInt'

/aspbanner/stats_window_admin.asp, line 257

i've got a client who has handed me a 151 character banner URL, and i see that the database is designed to take 150 characters. i took the obvious step of just increasing the size of that text field in the database, but i still get this error when i try to enter the URL in the proper form field:

Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done.

/banners/aspbanner/save_banner.asp, line 200

now, line 200 is just this:

If Banner_Link_URL = "" THEN
 CmdEditBanner.Fields("Banner_Link_URL") = NULL
Else
 CmdEditBanner.Fields("Banner_Link_URL") = Banner_Link_URL
End If

which tells me that something is blocking the assignment of that long value to that field, even though i believed i had extended the length of that field in the source database.

where else might i look?

Chris, that fixed it.  Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.

Suggestion for future release.  Create an option to email the admin when a message is posted.  If this code already exists please advise.

Thanks, Lance

dsn-less is the way to go..
http://support.cjwsoft.com/code/moreinfo9-2.htm

you also need to use newer versions of the database as the odbc drivers on the server are sometimes very new and no longer work with access 97 databases

The problem was in config_inc.asp. we had renamed the field in the DB but didn't change it in this file.

But we changed it, it is back to normal.

Thanks

Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.

In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.

' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30

Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.

If you bought ASPBanner Unlimited Version 7.3 Before August/01/2004 this file needs to be updated.

It fixes a bug where CODE type banners do not work correctly with a weight higher than 1.

Basically, blank banners will rotate and you will see nothing sometimes.

Copy this file into your ASPBanner folder over the existing file of the same name.

2004-08-03_045728_appinfo_inc.zip

no, its part the concurrent login checking system.

currently when that is on logging off does not come into play..
(pretty much because it is such a complex system I wasnt able to make it quite that intelligent this time around)

when concurrent login checking is enabled the only way to log in again at another system with the same username and with a different IP is to wait till that time period is over

sorry

as you may recall it was rush feature at the last moment before I got version 7 finished. Hopefully I can improve on the feature in the next version but I dont really see it as being a big issue at the moment. Sometimes when you want maximum security you have to make some tradeoffs and that is why the feature is optional.

Nov 2005

Okay, thanks, I'm going to change the method tonight and see if it makes a difference

I'll report back

Dave

Humm.. that should have worked fine

why are you getting a "OLE DB" error I wonder ?

I need more information. 

Database being used and version ?
Server OS Version?
Connection String being used ?

etc etc

one last thing... if you did an upgrade from a previous version and didnt do the whole database field thing right during the upgrade process as stated here you could have trouble.
http://support.cjwsoft.com/code/moreinfo174-1.htm

Meaning you should check your new database with the field structure of an unmodified new database and make sure all field names match up perfectly.. especially paying attention to the username and password fields

One last thing..
If you did an import via text file and didn't import all the fields ASPProtect needs you could possibly have problems as well.. though I don't think this relates to the timeout so it probably is not the case