Home | Advertising Info25 USERS CURRENTLY ONLINE   
   Site Search Contact Us Thursday, October 17, 2019  

Active Server Pages ASP a directory of ASP tutorials applications scripts components and articles for the novice to professional developer. CJWSoft ASPProtect ASPBanner ASPClassifieds

Blog Entry: 3/25/2006 1:49:15 PM

Sounds crazy. I recently took over this web site and all IT duties. User today said member area was not working. All pages would not display. After restoring some files I got the members area partially working. But I cannot find where the database sits. I am able to get in and view users in the admin are and log in as a member. Thanks., Once you have the LANGUAGE = VBSCRIPT and Checkfor = 1 on your page, you'll have it secured. I've got over 1600 pages secured in such a manner, thanks to ASPProtect! ,


Well I'm in the middle of uploading the txt file and it's about half way done and sitting there...so I'm keeping my fingers crossed.


When adding a new user I am taken to a form.

There are several "required fields".

First and last names are 2 of them.

This is not needed by me and I need the company name as a required field instead. I work and deal with company names, not individuals.

So, i am unable to add any users due to this.

How can I either do away with the names as a required field or swap the individual names with the company name as a required field?

I have customers wanting to be able to view their own stats, but I need to do away with the required fields to work with my customer base.



Version 7 uses.. RC4

The upgrade process is described here in detail including a procedure to convert existing clear text passwords to the encrypted versions. (Your passwords will need to be clear text as the system shipped of course for the conversion to do its thing)


It is also covered in the downloadbale docs

Many people have done the upgrade without any issues and Version 7 is getting great feedback.

Should you decide to go with it there is upgrade pricing.

, Hi, lets start with about when did you purchase and download the application so I know what version of the code you have., If you want to have a login form on a non protected page that posts
to a protected ".asp" page use code like this.

Change the action of the form to the page you want them to log into.
Make sure the page you send them to is protected by the "check_user_inc.asp" file.

  <table border="0" width="400" height="200" bgcolor="#000000">
      <td bgcolor="#F4F4F4">
        <form method="POST" action="memberarea.asp">
          <input type="hidden" name="Status" value="Checkem">
          <p align="center"><font face="Arial">ASPProtect Login</font></p>
          <div align="center">
             <table border="0" bgcolor="#C0C0C0">
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Username</font></small></stro ng></td>
                 <td><input type="text" name="Username" size="10"></td>
                 <td bgcolor="#EBEBEB"><strong><small><font face="Arial">Password</font></small></stro ng></td>
                 <td><input type="Password" name="Password" size="10"></td>
                 <td bgcolor="#EBEBEB" colspan="2"><font face="Verdana, Arial, Helvetica" size="-1"><input type="checkbox" name="KEEPMESIGNEDIN" value="True">Keep
                   me signed in on this computer unless I log off.</font></td>
          <div align="center">
             <p>&nbsp;<input type="submit" value="Login"></p>


Hi Chris,

The password is HANNAH.  If you're into trouble shooting mode and would like the key, I can send it to you.  If not, no big deal, I've email the guy a new password.  We'll see how many rounds it takes him to get it right. 



maybe this is the issue...

do you realize that the descriptive name you give a group is not always going to be the same ID in the database ? The two are not related.

Perhaps what you named Group 1 is really group ID 3

You can tell for sure by generating protection code for group 1 and see what ID it tells you to use..

You also need to remember that you are testing this with different users and it is really easy to get confused so you need specifically log off using the log off page to ensure session info from the previous login doesn't show up and cause confusion when you log in with a different user... etc etc

in addition to logging off that way you may also want clear the session and application info via the code at the bottom of my article
http://www.powerasp.com/content/new/displaying-session-and-a pplication-variables.asp

and do that in between any user you log in as


Permissions and Folder Locations

By default and to keep things clean we store everything in folder called "data"

That folder then has it in 4 sub folders

database (where the .mdb and temporary .ldb files are handled)
export (where the aspprotect export files are saved)
logfiles (where the aspprotect logfiles are saved)
user_pics (where the user pictures are saved)

Doing it this way makes it very easy for a system administrator to right click on one folder and set permissions for that folder and all of it's child folders.

Now, that being said.. you do not have to use these folders.

For example if you already have a folder in your web with modify permissions for the anonymous webserver account then you can use that one folder to store all of the 4 things above.

You'd simply edit your data connection string to point to that folder and then edit the other paths in the settings area of ASPProtect.

We did it that way so you would have options in case your hosting company was being difficult with your ASP hosting needs.


you basically have to edit the html in the links in the various pages and remove them... some are in includes files

use a text editor and be causious / back things up before you remove links so you can revert back

As I already had directories in my web site root called 'images' and 'templates' I loaded the files into a sub directory called 'aspprotect' as suggested in the installation guide where it say 'either way it really doesn't matter'.
However, it does.
The scripts are often looking for a file which it can't find because the /aspprotect part of the path is missing.  Example:
I can't find a way of editing all the scripts that need changing.  I'm assuming it would be easier to change my site to avoid using subdirectories used by aspprotect and reinstalling from scratch straight into the root directory.
Anyone with any suggestions?
Many thanks

When using the ASPProtect admin panel. My firewall software is going crazy or Blocking it on the Mass E-Mail, Newsletter, and other pages.

Here are some of the messages:

[Unauthorized Access Attempt] This signatures detects an attempt by a web server to deliver a malicious HTML page to a browser client, in an

[Suspicious Activity] This signature detects HTML documents attempting to spoof a link destination in the browser's status bar.

I am using Black Ice...

Will users also get this kind of activity from the pages ??? Or is it only because of using the Admin Interface of the software ???





I am trying to find out where I can enter the ttle for the application.

There is a variableor field called App_Name into which it would be good to insert a generic name. Can this be edited?

I have searched high and low but cannot find anything to do with it.


Why all the pages at the directory .../password_admin/ are very slow to open online?


Something very strange is happening.  Some users can't see the classified ads in their browser.  This is specific to the user's computer, and they can check other computers and see it fine.

In each case, the user is using windows explorer 6.0 browser with windows xp.

they can't see the ads listed on the ads page, but they can see the categories.

also, they can't see the place ad link on some pages.

Do you think that their browser is blocking the javascript for the mouseover message?




My guess your having trouble setting up a system dsn because the database has a password set on it. Your hosting company most likely sets up DSNs without using the advanced tab which is where the authentication information goes. Or they have some sort of web interface for the customers to use that doesnít allow setting up that information.System DSNís are actually difficult to set up correctly when the database has a password on it. There is of course a password on the database for security reasons so if someone ever downloads it somehow they will not get your information.

System DSNís are not the way to go regardless as you will see mentioned at our support site.

http://support.cjwsoft.com/forum/forum_posts.asp?TID=9&P N=1


You really should try setting up a DSN-less connection. It is the best way to go. They are easier to set up, perform better, and are less load on the server. Any host that wants it customers to use system dsnís is not on the ball as far as server performance and server resource conservation goes. They are really asking for trouble down the road.

All you need to do to make dsn-less connection is the following.

Get permissions set for the folder the database is in (by your host)Ö then figure out the physical path on the server to the database by using server.mappath or you simply ask your host for the info.

An article I wrote on using server.mappath


Then your connection string will look something like this.. (of course you edit the path to match what server.mappath tells you. And you make sure the database name is correct)

ListingsConnectionString = "DBQ=C:\Inetpub\wwwroot\asplistings\_database\asplistings_ac cess2000.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"

Another option would be to simply remove the password from the database using MSACCESS.. then try to connect to it using a System DSN without the password. If your host is storing the databases outside of your web in the root of the server then removing the password on the database is not that bad of a thing to do as there is no way anyone will be able to dload it from your site. Of course there is a still a performace loss when using a system dsn with an Access Database

cwilliams38145.8540509259, You are right.
I have SQL server.
From August to today I have used a very simple login system and now I come back to you for better.
I can insert, edit, delete  users but it happens what I mentioned in my first message.

Some of our users complained that their users id and passwords are sent in the clear. So we decided to invest in an SSL certificate from Verisign. It has been tested fine with all forms and pages in ASPProtect version 6. The only remaining page which I am not sure how to protect is the home page. Let's say my home page is http://www.MyDomain.com/index.asp. When the user goes to this link he/she will be presented with the check_user_inc.asp page so he/she can enter their ID and PW. So how to make the login information send from this page thru HTTPS?


Javascript Popup/Pop Under Generator

Until I have time to make one I suggest using the one on the banmanpro support site as it is pretty nice.

Just dont use option 2 on that page as that is specific to banmanpro


cwilliams38291.614849537, also, just to show you what happens when a user creates a subscription this is the code. you can see in red where the subscrition is is set and also where the exp date is set to null

 If txn_type = "subscr_signup" Then
  Set ConnPasswords = Server.CreateObject("ADODB.Connection") 
  Set CmdEditUser = Server.CreateObject("ADODB.Recordset")
  ConnPasswords.Open ConnectionString
  SQL = "SELECT " & tbl_label_users & ".* FROM " & tbl_label_users & " WHERE (User_ID = " & User_ID & ")"
  CmdEditUser.Open SQL, ConnPasswords, 1, 3
  CmdEditUser.Fields("Active") = "1"
  CmdEditUser.Fields("Validated") = "1"
  CmdEditUser.Fields("PayPal_Subscriber_ID") = subscr_id
  CmdEditUser.Fields("Notes") = "Successful PayPal Subscription Signup on " & Date
  CmdEditUser.Fields("Expiration_Date") = Null
  If Access_Level <> "" Then
   CmdEditUser.Fields("Access_Level") = Access_Level
  End If
  If Groups <> "" Then
   CmdEditUser.Fields("Groups") = Trim(Groups)
  End If
  Set CmdEditUser = Nothing
  Set ConnPasswords = Nothing
 End If

been working on this for about 5 hours today.. I think I found the problem and it involves a vbNullChar that the encryption process is creating only during login attempts

it then messes up during ASPProtect authentication because it blows up the SQL Statement to the database

like I mentioned before the chances off this happening are slim but possible as two people so far have been able to create the situation

I seem to have the HANNAH password working now using your encrption key

I need a little bit more time to clean up the files I have been working on. Then I will give you new "check_user_inc.asp" and "check_admin_inc.asp" files to try out


sorry.. you just said above you were using XP SP2 so that is the article I referred you to as I just assumed you were talking about your local web server

here is my article on permissions regarding server 2003
http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp

I can look at your installation monday if you like. In about an hour I leave for a wedding thingie and I wont be around again untill monday around noon

Try the uploading using VBSCRIPT method just for the heck of it. Perhaps there is an issue with the installation of the dundas component.




Humm, I dont see how moving to a new server could have anything to do with that.

What method of displaying the banners are you using. Perhaps try some of the other ones.

Don't use the javascript method with a javascript based ad like google.. that's for sure.



you got problems if you cant import a file created by the system..

You using SQL or MSACCESS and do any of the users data have apostraphes in it ?

, I am not sure. I can tell you that I run windows 2003 server and I have never had any issues setting permissions for ASP.NET files and folders. This very server is 2003 and the ASPProtect.NET demo runs on this server as well.

Course, I can't say that I have specifically tried to remove ASP.NET READ permissions on the database folder as it's just not something I would not have a reason to do.  Why are you trying to do that? The ASP.NET account needs that permission. If you are trying to stop file browsing and downloading in that folder that is not how you do that.  The best way to do that is by keeping the database somewhere else on the server that is not part of the http web. ,

I have a customer who is asking the following:

... could you make a link from it to our website and is there a way to see what traffic goes from us to them.  They are going to pay a commission on sales, however I need to be able to track who views their site...

Wishful thinking or could you add code to track their IP address and display in the report section?  Not sure that would be enough to satisfy this request.   Suggestions?

Thanks, Lance



1.) this has been explored and because of the way groups works is not feasable. Because us this I wrote code to allow you to view and sort all users for any group on the actual groups page. You pick a groups and then click the "Show Users" button

2.) noted


Good Evening,

I have been trying to log into my site using the protected pages comments you have in support. I have copied the code in the ASPprotect 7 guide.


<!--#INCLUDE FILE="check_user_inc.asp"-->

and pasted it in my page, set the the IIS to open this page and the page will not open it and the page will not open and the error is

Error Type:
Active Server Pages, ASP 0126 (0x80004005)
The include file 'check_user_inc.asp' was not found.
/olem/reldt/introduction.asp, line 3

When I remove the two lines of code everything goes normally.

I have aspprotect in its own directory in the website. I have read the installation several times and I am afraid I am missing something blatently obvious so I really appreciate you thoughts.

I am presently using redirects. I like not haveing to use them as your comments have suggested. I have pulled all that code from the pages I desire to protect during this test.

I have three test users in my database - 1 administrator

Any suggestions?

Thanks and best regards

, you can edit the look of it but because it is licensed software the links to aspbanner and the aspbanner logo.. etc etc must remain  otherwise change it all you like., They send an email?

Hope my spam killer didn't zap it...

New Version 8.1 Released

Whats new..

Upgrade Instructions...

Upgrade at your own risk. Though we try new versions are not always perfect due to minor bugs we may miss.

Back up your old setup so you can revert back if necessary..!!!
Save your data connection string info in a text file so you have it.
You can get that by viewing the system info page in the admin area.

Carefully copy all the ".asp" files from the new version to the old.
Your going to want all the .asp files in the aspbanner folder.
Your going to want all the .asp files in the aspbanner/scripts folder

Copy the aspbanner/images folder because there are some new images

Be sure to also copy the "data/config" folder files.folders as well as a lot of that is new including the actual config file. If you dont get the new config file copied in there you will have problems later on with some of the new features.

Be sure to create a new folder in the "data" folder called "tempstats"
Make sure it has proper permissions if you plan on using the delayed stats feature as the stats gets temporarily stored there. 

Go back to the area where you originally setup the data connection and do that again...

From the web browser run the following URL


Replace "yoursite" with the proper url info relevant to your web site location.

When run via the web server that page will ask for a password. By default it is "temp". You should change it later on for security reasons. That page tells you how.


Now... moving on..

There were no changes to the database except for SQL Server users so you can use your existing database.

SQL Server users that want to use the new stored procedures feature (it's optional) will need to update their SQL database with the stored procedures.

Scripts to do that are provided.

ALSO: I have been running this new version using SQL Server Stored Procedure mode for a 1 week on a special banner server that serves banners to many of my own sites. I have also been using the new Delayed Stats feature.

All I can say is it is running like a champ and the SQL server is using less memory than it ever did before.


Is there a way to set various members to upload a limit of photos. So, one member can only upload 5 photos in 1 album and another can upload 30 photos in 2 albums. Even if you just set a permission for the number of uploads for each member.

Thank you


All can say right now is take a break and get away from it for a bit. All your going to do is stress yourself out more if you keep working on it.

There is probably a way to make it work but it may require days of fiddling around and reading articles and trying things and even then you may not get it working AND THEN ITS JUST A BAD IDEA ANYWAY. Like John says you are better off running it on a server that is not a domain controller.


how about translating the error to english..

Looks to me off hand that it would have something to do with the SQL server itself not being run in an english lcid/format and causing some sort of date issue.

I would also suggest you start off with a brand new blank SQL ASPBanner database and make sure that works before you attemp t to import any data into it.

, I do not what see what this has to do with anything I sell ?

Those errors are all related to pages that have nothing to do with my ASP applications and code.,

I Dont know... it shouldnt do anything like that.

if it ever asks to download a aspx or asp page its generally a server configuration issue not related to the actual code


provided you arent trying to grab the injectbanner page through an iframe call which is only for use with the javascript method of calling banners


cool.. let see if that works.  This was the command line that I had to enter in order for it to register.  Chris, as you stated before, you can try one of the other emailers, but you need a email server to tie to. 

"regsvr32 cdonts.dll"


I have a solution for asp already but thanks anyway. Is there a good book or other learning tool I can purchase that you might know about? I would know where to start about how create a timed subscription in .NET.


Ok, I was not aware of this domain controller issue as I have never had a customer have their web server set up that way. It is not a common situation under commercial hosting, thats for sure.

http://support.microsoft.com/default.aspx?scid=kb;en-us;3151 58

seems it was some sort of bug that was corrected in the the 1.1 .NET framework involving no ASPNET account being created. seems there are lots of work arounds involving making new accounts and editing machine config files. I found quite a few google articles as well.



I actually should have said "the framework installed" not "asp.net"

So, in the meantime I am asking John Evans what he thinks about this and I am going to ask you what version of the framework you have installed ? ASP.NET Framework 2.0 is the newest and you definetely should be running at least version 1.1 and probably should upgrade to 2.0.

I do not know why other ASP.NET code you have works ok. Your other code may not be using the odbc driver dll the same way ASPProtect.NET does. There are lots of possible reasons. At the end of the day I think the basic issue here is still a low level configuration/permissions issue and it can be corrected from what I am reading. It just may require a bit of trial and error regarding local and domain accounts and editing the machine config files... etc etc


Timecard Entry: 3/25/2006 1:49:15 PM

G3 MAINTENANCE, Chat db conv., teched phone calls , did callbacks , had a ask us a question, to North Lawrence, general billing issues, training Joann, invoices, radlog, dial up issues, phone call. , Had to reformat my laptop......., Hotel to Class, working with Ben on 2 frames that went down......both SLR. Ben opened tickets both of them I checked the router in Potsdam to see what was going on. Both show hard down, Wan and Wirless Projects includin Wirless training, revisions to Wireless marketing materials Met with McQuaid and Bannigan with Mary lee to into the possibility of Wireless and also possible a T1 with all telecom services over it, wrote out wirless proposal for them, looked at the list of telecom customers from Paul, spoke to several phone prospects regarding dedicated circuits, po approved for gray and faxed to mark - verified receipt. wrote po's for office supplies. chr call. nortel call., THE BORDER.. MADE CHANGES AND ADDITIONS REQUESTED BY THE CLIENT, Updating Don Gruneisen's CostGuard and checking to see if his battery was recalled, printed timecards, called Pam regarding the porch, teched calls and some auaq, Travel to Watertown to meet Don & Seth , then to Syracuse for Neca DSL seminar, General/TICC, Checked RadLog, Dial Up Issues and answered phone calls. not too busy., Went over some items w/ Randy that I completed last week., Migrate micro-cad.com to iMail, Cleaned up a few emails in my mailbox... still wondering where the spam message came from yesterday., continuing reports, Review notes from meeting, meet with doug engles albany board, Assembled articles form the last 6 months for marcy to copy on Wed , Posted accounts and did a detail of checks and cash for a bank deposit. Credit card authorizations, coupon referals, customer inquiries, ans phone and worked on problem children., changing cities in emerald, Managers Meet, Via Net Meeting, Worked in Photoshop on SoftVendor design, started running into computer issues, Bldg X-mas party,

   Active Server Pages Rule The World
Contact Us  
All artwork, design & content contained in this site are Copyright © 1998 - 2019 PowerASP.com and Christopher J. Williams
Banner ads ,other site logos, etc are copyright of their respective companies.
STATS Unless otherwise noted - All Rights Reserved.

Active Server Pages help tutorial how to ASP Help ASP Tutorials ASP Programming ASP Code - ASP Free CJWSoft ASPProtect ASPBanner ASPClassifieds www.aspclassifieds.com, www.powerasp.com,www.cjwsoft.com,www.aspphotogallery.com,www.codewanker.com,www.aspprotect.com,www.aspbanner.com