Got any info for me on this ?

Chris

Are you reffering to the number of the left of the users name in admin.

I thought it was a counter at first but that number only displays the number of albums they have set up.

that would probably work...

any ".aspx" page can grab that data after someone logs in..

Session("Username")
Session("User_ID")

etc etc

anything you see set in the "aspprotectlogin.aspx.vb" file will be there

any data not set there would have to be added and then the project recomplied so that data gets saved...

Hello Chris:

Yes I'm using the Option Pack.

-Ricardo

Thanks, I'll take a look.

Nick

I had not rebooted after installing the Jet driver updates, so I tried that and the asptest page worked fine, and said that all the tests were successful and that the data connection was setup correctly. I then installed aspprotect again, but with the same results. I cannot log-in from the get_me_in.asp page. It still says that it is opening the page, but does not respons for an indefinite period. The asptest page is in the same directory.

I have looked for alternate databases for this product on your site, but I cannot seem to find them.

I am trying to import a file, and I get this error:

Microsoft VBScript compilation error '800a03f9'

Expected 'Then'

/aspprotect/password_admin/upload_post.asp, line 6

If Session("Admin") <> "True"
-----------------------------^

Any suggestions on how to fix it?

Thank you.

I appreciate the offer to beta test... but its really more a matter of me getting it ready..

I have a lot done.. but a lot of things are hard coded to only work on my machine and some things have not been sorted out. Giving it to someone else to test would be a waste of time at this point as I they probably couldn’t even run it.

Lately the reason this project has fallen behind has all to do with my main webserver where I collocate.

1st it got compromised (we think by certain competitors who are always up to no good)... then windows 2003 server which I decided to go with on the new server gave me random problems... then the Cisco hardware firewall was acting up and making the sites run slow....then SQL server attacks on port 1433 from Korea when I took the firewall down....and as of the last few days I think the server just needs a new power supply. I swear for the last 2 months I have spent more time administrating my servers than working on code. Yesterday it was locking up every 30 minutes. There have been a lot of days like that and it takes up all my time until I get it situated.  Especially since its over 100 miles to the collocation center. The APC unit I installed that allows me to remotely cut the power to hard reboot is a life saver.

Fun... I tell ya... and expensive.. (hardware, software, lost sales, and time) I am pretty much completely broke at the moment. It has been a very expensive few months.

But I like running my own servers... I run dns servers, email servers, sql servers, web servers.. I do it all. It's keeps me in touch with the latest software/hardware. Regardless , my servers ran well for years and they will again.


anyway.. hopefully I can actually get a new version of the photo gallery out before the month is over. It will probably be the last classic asp version. The version after that will most likely be ASP.net.

I will actually explain how to set access_levels and/or groups...

in "users/add_new_account.asp"

I am successfully using ASP protect on our site. I have one question:

The file Check_user_inc.asp looks a bit bland as I can't seem to use the sites Dreamweaver template. If I apply a template to this page, it is duplicated on other pages with this template.

How can I apply a template to this page?

Thanks

Clark

It seems that if a user attempts to access a page that is not in their access level or they do not have the group permission they are redirected to the login page.  Re entering their ID generates an eror and they cannot go back to the pages they are alowed to access.  Is there a way for them to simply be blocked and return to the previous page or to a defined page so they can continue using the site?

thankyou 

A mod like this would improve tracking by leaps and bounds.

Do you think this addon would be availalbe anytime in the near future? If/when this feature or mod becomes availalbe, it certainly would be ideal if some script was made to import all the log file data.

In a way your questions are confusing to me, but here is some information regardless.



Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.


If you are concerned about customers downloading the access database..

best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that

the more of these things you can do the better..

And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it.

thx for posting this..


Just a few notes... more than 100 pictures specified in the config file is not supported. You are of course on your own if you specify more than 100

Also, technically the post above should say more than 102 pictures... "I think" as you wont need more html cell code until then..

The loop in the code is probably how I should have done it in the 1st place but I was in a hurry to get this finished and I also never expected/wanted anyone to specify more than 100 pics per album.

Lastly.. depending on what style you are using in the config file the code above may not work as some of the styles do not use cells but line breaks instead..   At least from what I remember.

Could be a mod I guess - it would be nice to have an option on the admin settings page to lock down access of all pages and redirect to a specified  "lockdown" page upon attempted login.

If I'm updating the large files on the server and someone attempts a download, they'll get a partial ZIP file or an error.

I want to try this on the machine im using now; which is windows XP.

Is this possible? I don't think i can set folder permissions on XP... there is no option to do so...

Is there a way to do it?

Hello,

I need to see if this is possible. I want to create a browsing system such that, the user selects a Province from a drop down list on the main page. Based the selection, the username of all the users in that province will be shown. Then the user can click on a specific username and his/her portfolio (photo album) will be displayed.

is this possible? If so, How can I do this, please help.

Thanks

Sean

When a new user adds themselves to the db thru the registration page, no user id is assigned in the User_id field.  I can't access the page on-line due to an user_id related error on the page.  I must use access itself and add the user id.  After that, everything works as expected.

What have I done?

I getting a strange error with ASPProtect.

 Microsoft OLE DB Provider for SQL Server error '80040e14'

Unclosed quotation mark before the character string '¾_^Ö'.

/aspprotect/check_user_inc.asp, line 114

If I check the database directly "¾_^Ö" is the exact string for the password.

Any Ideas

When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.

Here are some of the messages:

[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an

[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.

I am using Black Ice...

Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???

Thanks

The only major usability issue I've found to date is multi-zone banners. Cloning is helpful to a point, but then if you have a change to that banner, you have to make the change 6 times or what have you. I think, even at the expense of speed, multi-zone capability for a single banner would be excellent addition. Of course, that supposes I haven't just missed it and it's already there.

Chris, if there is no way to change this, I understand. I just though maybe it might be possible and I can't find out if i don't ask.

Thanks Chris.

Let me know.

-john

I cleaned up the code as you suggested, and I still can't get the images to display without the whitespace around it.

How do I download the ASP version?  I'll give it a try.

Thanks for your help,
JDooley

Chris, that fixed it.  Found 2-references to guestbook2 in the file show_messages_inc.asp located in the \guestbook\ directory.

Suggestion for future release.  Create an option to email the admin when a message is posted.  If this code already exists please advise.

Thanks, Lance

Weird

Hi Chris,

Thank you for your prompt response.

Our current project requires alot of customization.

Yes, the error is probably a data problem and not due to your code, because we needed to make modifications to the database.  But that's why debugging would be helpful.

Basically our intent to modify the asp protect code stems from the fact that our client doesn’t want certain fields to be recorded or to appear: address, city, state, zip etc…

We are happy to be able to modify the HTML, but we also want to modify some other default behavior, such as which page opens when the "cancel" button is hit in the editaccountinfo.aspx page.

I know what is happening.. its the old single quote thing messing up the query string..
but it shouldnt be happening with the newer code as I fixed it.

If you like I can go in and reproduce/fix the issue. I can not think of any other way I can help you as other users have not reported the issue.

Chances are if it is happening in one situation it will happen again in the future.. it really all depends on the passwords being used and your encyrption key... other passwords may produce the issue even if the password is correct

basically once the password gets encrypted it by chance has a single quote in it... then it messes up the query

I take care of the situation by replacing the single quote with a double quote but it looks like you found a situation where that didn't work out