www.ASPProtect.com

ASPProtect (LITE VERSION)
 Formally called Advanced Password Protection
 Designed By Chris Williams (chris@powerasp.com)

INFO ON PURCHASING THE FULL VERSION IS AVAILABLE AT
www.ASPProtect.com

It has many advanced features compared to the Lite Version and includes all source code unlike this free version.

There is also a 5 user limitation on the (Lite Version). That means there can only be 5 users in the database at a time.

DIRECTIONS (It is recommended that you read all of this carefully)

Copy the contents of this zip into the root of your website
The zip contains the following files and folders
FOLDER _database The database directory and sample database
FOLDER password_admin The Administration portion of this   
FILE check_user_inc.asp The password protection script
FILE simple_example.asp Example of how to include the password script and NOT check for access levels
Here are some things you need to do to get this working.

Make sure you are using at least version 5 of Windows Script
http://msdn.microsoft.com/scripting/

Parts of this free version are encoded and you need that to be able to use this.
Most likely you are already using version 5 or higher.

Manually specify the data path in check_user_inc.asp
This has to be set manually. You cannot use Server.MapPath because
this file will be included in every page you password protect.

EX:)
DATA_PATH = "C:\Inetpub\wwwroot\password\_database\passwords.mdb"

If you change the password for the access database set that also. See Access help files for information on changing a database password.

EX:)
ConnPasswords_RuntimePassword = "Xpass"
BTW.. That is a capital "X" and the rest is lower case.
If running NT make sure the Database or Database Directory has
Change permissions for the anonymous webserver account or you will get errors like.

[Microsoft][ODBC Microsoft Driver] Not a valid password.

Or 

Microsoft JET Database Engine (0x80040E4D)

Or

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x6a4 Thread 0x744 DBC 0x25fafe4 Jet'.


These errors are because the database could not be found or opened, so it gives back this error message that ends up confusing everyone. Anyway if you see this error it is because the permissions have not been set or you have not specified the data path correctly.
Here is some additional info you might like to know.

By default there are 2 sample users.

ADMINS can add and remove other ADMINS...   You could easily modify the way all that works, but that is how I made this for now.

This is an Admin account. (Admins have access to the admin area.)
username test
password test

This user has Basic access. (A basic user can not access the admin area.)
username joe
password test

Use the Admin account to get into the Admin Area and manage users.
If you lose Admin access because you unchecked it or forgot the password
you will have to open the database up via Microsoft Access and add
Admin access to an existing user in order to gain access to the Web Admin again.
After a user logs in there are variables that you can always access.
They can be used to check various things or to display information
dynamically based on who has logged into the system.

Session("PASSWORDACCESS")
Session("FULL_NAME")
Session("PASSWORD")
Session("USERNAME")
Session("ADMIN")

You can display them on a page using Response.Write like so

<% Response.Write(Session("FULL_NAME")) %>

or like this

<% = Session("FULL_NAME") %>


Disclaimer... PowerASP and Chris Williams make no guarantee about the security this script offers. Use this at your own risk. To the best of knowledge it is very secure, but that doesn't mean there isn't a bug or some hacker will never find a way into it. We recommend you rigorously test it and change the password on the Access database before you start using this. That way if someone downloads your database they will a hard time getting anything useful out of it especially since the database supplied with this download is also encrypted. If you really want secure password protection you should port this to a SQL database.