Just to let you know that i figured out my problem. I had to modify the connection in the email code and get the correct path from my provider.

I hope you enjoyed your vacation.

Thank you
Adam

It almost seems like allow images is denied.  When I look at the ad it doesn't even show a place where the thumbnail or image would go:

Columns now are Ad Name/ Price / Expires / Hits

There used to be one before Ad Name.

Even unchecked (saved) and checked

Use_Picture_Upload

< = value=True name=Use_Picture_Upload> Check this if you will be using the picture uploading feature.

Both the NET and Classic ASP versions of this application are designed for fine granularity protection of individual apsx extension files. ASPProtect.NET is not designed or intended to protect sub directories, or non aspx content such as Adobe Acrobat .pdf files etc etc.

I completely disagree with your statement that “most sites” have a login box on the left hand side of the page. I suspect you thinking of the ever popular php based forums and “Nuke” type CMS systems which are set up that way but if you look at any site written entirely using .NET that’s rarely if ever the case. (Granted I cant say for sure because I personally haven’t looked at >50% of the estimated 18 billion +  web pages on the internet) Just off the top of my head www.CafePress.com come to mind as a pure .NET site. If you take a look the login button it takes you to its own login page there is not global login form used throughout the site. Reason being that .NET introduced this thing called a “view state” which is used to store things like your session ID (and way more) and must be posted back to the server in order to keep track of visitors. This technology comes in especially handy when you have a web farm in place and your content is being spit out out by more than one server at the same time

I can think of loads of scenarios where the web servers need to know who you are even though you are never directly contacting them via http. This approach is a very smooth and actually very clever solution for enterprise level websites that simply can’t be handled with a single web server.

 On a practical level I know what you are saying but that application sets up all sorts of things when a protected page is accessed and the user is not yet authenticated. That’s the entire reason you need to put that snippet of code at the top of a page you want to protect. That code snippet calls the ASPProtect.NET class and runs through all the logic to see if you are able to access the page. If you are the subroutine exits and the server continues to process the remaining logic on the page. AKA you are able to access its content. If you are NOT authenticated ASPProtect will setup all the proper session and viewstate info and redirect you to the login page for authentication. You may have also noticed a parameter on the login page called ReturnURL. The application looks for that info and if you do have a user ID and password the application automatically redirects you to the page you were trying to access in the first place.

Really I have no idea what you are trying to do, but there is a world of difference in how something looks verses how it works. Lets just say there was a simple way to do what your thinking, what are you going to do with that login form after the person logs in? Just keep displaying it on the entire site so people get confused and don’t know if they are logged in or not? Just that little part of the equation will require making some changes to either ASPProtect.NET or your application will have to have some logic built into it to stop displaying the login forum.

It sounds to me like your basically looking for a super simple 101 type deal that allows people to sign up for an event and you the admin can see that information? I’m guessing they can also log in again and check out their details and see what event they signed up for?

If that’s the case you’re trying to take a very sophisticated protection application and downgrade it into something that would be one heck of a lot easier to write all from scratch in about an hour.

Your not going to be able to “plug and play” a simple form into a page and turn that application as a magic universal login solution for a website, while its 100% possible to use the application that way if you choose, you need to check out the source code and plan your custom integration accordingly.

Just got back 10 minutes ago..
Missed plane yesterday because of traffic and the flight today was 3 hours plus 4 hours of driving

The fact that you are using Server 2003 is not relevant. I am very familiar with it and all my sites run on it.

The ASPNET account will be there by default once the .NET framework is installed. It won’t just show up in the list, you have to search for it like my article mentions.

http://www.powerasp.com/content/new/windows_2003_server_and_ permissions.asp

Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.

In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.

' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30

Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.

I wonder why the banners in ASPBanner 8.1 are moving from one place to another when opening my site www.helserevyen.no in a Mac Safari browser and click on refresh?

Can you take a look at my site and response?

All of the fields with the expected paths show the correct file structure, so now I've put them in them in the boxes

Good Morning - I getting errors in my system log that says "404 file not found" for a number of files - Here are a few examples:

/aspprotect/password_admin/ drop1.gif http://cidra.easycgi.com/ aspprotect/password_admin/edit.asp? User_ID=181	4	0.28%
/aspprotect/password_admin/ drop2.gif http://cidra.easycgi.com/ aspprotect/password_admin/edit.asp? User_ID=181	4	0.28%
/aspprotect/password_admin/ left1.gif http://cidra.easycgi.com/ aspprotect/password_admin/edit.asp? User_ID=181

I ideas on how to fix this?  Note: The system seems to be working fine, but I want my log files as clean as possible. 

Thanks.  shirley

Installed latest verison  Doesn't seem to have corrected problem.  Still with same message.  I wonder if deleting this user and putting him back in might help.  I have not however tried any other user names and passwords.

if you use either of those options the mail server info you use must of course be valid (example: mail.somesite.com) your host can provide that info

you should also make sure your sending the emails using an account at your email server.. not some other email you have


other than that if it does not send emails it could be because your hosting company may require authentication for outgoing emails...

ask them ...

if that is the case the version of ASPBanner you have does not support sending email that way and you would need to add the necessary code to any places that send email... in order for emailing to work

Trying to make sense of this.  I am still confused.  In the file config_inc.asp.  I found the setting for "uploaddirectory".  That entry looks like this [UploadDirectory = CmdGetConfiguration("UploadDirectory")].  I assume there is a config file where the value of upload directory is located. 

The settings in the config_inc.asp file have not been changed.  they are set to the way it was delivered.  Is there a document that gives instructions as to what and where the config settings are to be changes?

I'm using Aspimage and SQL. Photos are 2464 x 1632 px, tried the upload and import directory methods, same results: thumbnails ok, full images 0 bytes.

ServerSoftware Microsoft-IIS/6.0
ServerName www.larrysampas.com
ServerProtocol HTTP/1.1
PathInfo /gallery2/extras
PathTranslated d:\Customers\user1095000\www\gallery2\extras
 
FILE SYSTEM OBJECT Installed
ADODB (ActiveX Data Object) Version: 1.2 Installed  
CDONTS Version: 2.80 Installed  
SMTPMail Version: SMTPMail Retail Version V2, 2, 1, 0 Installed  
JMail Version: 4.1.2 Installed  
AspEmail Installed
AspMail Installed
SAFILEUP Installed
Dundas Upload Not Installed  
ASPImage Version: 2.31 Installed  
AspJpeg Not Installed  
ImgWriter Not Installed  
 
Script Engine 
Type VBScript
Version 5.6
Build 8515

There are several pages on my website that a user may go to that are not protected (e.g. home page).  If the user has indicated that they want to be saved on this computer (until they explicitly log off), and their 1st entry point is to an unprotected page, how do I determine whether they have logged in before, and extract the info from the cookie / session variables without forcing them to log in or making the entry page protected?

Microsoft VBScript compilation error '800a0411'

Name redefined

/aspprotect/config_inc.asp, line 15

Dim  Address_Required,CDONTS_Installed,City_Required,Registration _Type,VerifyURL,Log_Off_Page
----^

I did not make a mistake.. what I typed is what I meant to say. I think maybe you are taking it the opposite way as I explained it.

Regardless,

What you want to do... logging them in under https and then having them continue though the site under http is not possible.

It doesn't work that. way. As far as the webserver is concerned https is a totally different site than http and each have their own unique set of application and session variables.

In a sense no different than www.somesite.com is different then somesite.com (each has their own unique set of application and session variables as well).

Now, because of the nature of Forms Based Authentication session varibles created under one will not carry over to the over and thus no password access if you switch over from a secure url to a non secure url.

If you want them logging in under SSL you need to keep them under SSL.

That is not to say there is some ultra complex scenario to mimic the session variables on the non secure side of things (possible with a complex http post to a non secure page from the scure page telling it what variables to create and set), but doing so means a ton of work and also has security concerns of its own.

The protection code for my group3 is:

<!-- Begin ASPProtect Code -->
<!-- Groups with access to this page. ( * GP03 * ) -->
<% GROUPACCESS = "3" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
<!-- End ASPProtect Code -->

btw - sorry but I am using v7
and thanks for the assistance

New question...

When someone edits their personal information, such as address, is there any way to set it so that someone in the office can receive an e-mail noting the changes?

Thanks.

I need to use SQL for other reasons than efficiency.  If I create 2-seperate databases, would there be a lot of code to edit?

Thank you.
Lance

Hello,

It is very possible, however there may be some issues such as the session variables specific to a particular user would not be able to be created because there would not be a specific user.

I can't tell you exactly how to do it as it would probably take a few hours of messing around with the code to sort it out. Bascially, it's not something I could tell you how to do real quick and I do not support custimizations to the code.

But, it is very possible. You want to check the server variable for the IP address. The tricky part would be where and how this all just integrated into the "check_user_inc.asp" file

Encountered another issue.  When entering a user name correct but the wrong password get the following error:

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '(Username = 'ROBERT') AND (Password = 'Z£$'.

/check_user_inc.asp, line 115

Did I do something else wrong?!

Thanks

- I am using the original files that came with the software.
- The software ads items to the database flawlessly.
- ASPImage works great.

- When I try to remove an ad or an image it says it's been removed.
- The ad does not show up on the site anymore.
- BUT, when looking at the sql database the ad is still listed there.

Why is the software not deleting the columns from the database and the images from folder?

Note: My other tables for other projects, in the database, allow me to delete them.

Hello,

You are correct regarding what you noticed.. ASPBanner only allows one person to administrate. If if did what you are asking about it would probably cost more.
(you get the ASP source so if you really wanted that you could always add it on your own fairly easily, but it all depends on your skills)

AS for keyword advertising and different ads based on certain pages ASPBanner does not get into that. The main reason being performance as I built ASPBanner primarily as a performance banner rotation solution.
http://support.cjwsoft.com/forum/forum_posts.asp?TID=144& ; ; ; ; ;PN=1

Like that thread says, you could make different zones for different conditions.. then surround the banner calling code with if else logic so a different banner zone was called under certain conditions.

Regardless, if you really need something that has every bell and whistle. BanManPro is where it is at.

You should read my article on server side includes… the path to the include file must of course be adjusted depending on where in your web you are.
http://www.powerasp.com/content/code-snippets/includes.asp

You will also notice if you look at the provided example pages that the include paths have been adjusted to make sense.

If it is 2 directories down it should probably look different..

example:)   "../../checkuser_inc.asp"

It’s weird that if you are not getting an error because if the path to the server side include is wrong you should get a nasty server error.

Also..

The ASPProtect system and any pages it protects must also be part of the same Application in IIS. It’s the nature of forms based authentication. Do a google search if you are not sure what an application is in IIS.

Lasty…. If you are logged in at the time

Whether your current session at the site is still active… or you have the cookie set to remember you.

Well, nothing will happen… cause your already logged in and you will just see the page as normal.

Perhaps things are working and you just don’t understand that part ?

You need to go to the log off page.. log off… then close all instances of the web browser windows..

Then come back to the site… then see if it prompts you to log in.

also.. the log out page shouldnt really need this
but you can try adding this to it where all the other ones are set to nothing..

<% Session("Groups") = "" %>

here is the answer
http://www.iisanswers.com/IIS51.htm

CDONTS

CDONTS (Colloaborative Data Objects for NT Server) is a feature of NT and W2K that allows you to easily send mail from a web page using the SMTP server. The simplicity of the code and widespread availability of free scripts employing CDONTS has resulted in  CDONTS being widely adopted.

Quite a surprise to many administrators to discover that IIS 5.1 does not support CDONTS as do IIS 4.0 and IIS 5.0. This has been replaced by CDOSYS which appears to have more capability, but it is not quite as simple to use. See: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q195 683 for more details.

You can enable CDONTS on XP by copying CDONTS.DLL from a Windows 2000 installation to your XP system’s Windows\System32 folder (default name). Then at command prompt Windows\System32 run REGSRV32 CDONTS.DLL. The extent of my testing on this was to deliver one piece of mail, so this should not be construed as a complete analysis of the effectiveness of this technique.

I'm all set - after thinking about your replies - i checked a bit more and changed the email component type -- thanks again for all your help.

Ok, I started the database tables from scratch. I did everything using sql enterprise manager and query analizer..

Same thing happens... certain passwords just do not work.

So I did a lot of testing and I have come to the conclusion that this has something to do with the regional settings of that SQL server.

Here is an example.. see the screenshot below.

Username "admin" password "petepetepete"

The top query done in Enterprise Manager is valid and shows the user.

The bottom query is also valid but it does not show the user.

And that is exactly what is happening from the ASP codes point of view.

Now, this means that even though that encrypted password is getting saved to the databse correctly this particular SQL server just cant deal with it from a QUERY.

It works fine on two different SQL servers that I have. It's just got to be something regional related like unicode characters not being dealt with correctly or something odd like that.

I tried changing the collation data for the "Password" field type on that SQL server and it looks right. I don't know what else to do but it is something about that SQL server. There may be a way to change the regional setting through the connection string but I cant find any articles on that right now.

One solution I have for you to get this working there is to eliminate the encryption factor then I dont think you will have these issues.

It's either that or find another SQL server with US type settings or use MSAccess. ASPProtect runs nearly as fast on Access as long as you do not have over 10,000 users or whatever. The system hardly ever accesses the database so it performance under MSAccess is always good.

Let me know what you want to do. I can shows you how to eliminate the encrypytion factor if you want to try that. I think if I make you a custom version of the RC4 function you can just replace that and then the system will use plain passwords.

Your call..