A-Forum ISAPI Application (ISAPI-script) for MS IIS web server platform
Version 2.09f (December 2001)
Copyright (c) 1998-2001 APD-Soft, LLC

Information for server administrator.

1. Please see the instructions on how to install and to use this product
at the following web page:

http://www.apdsoft.com/afo/aforume.htm

2. Additional comments in regard to administrative mode password setting.

Server administrator can access the conference through a web browser in a
special administrative mode which allows to delete messages created by users.
To enter special administrative mode, administrator should supply a 6-digit
password appended to the URL. Instead of zaq=1X01, the request code in the
URL should have the form zaq=1X02YYYYYY, where X is an index of the
conference and YYYYYY is a 6-digit administrative password, for example
(conference 1 and password "375109"):

http://www.yourdomainname.com/cgi-bin/aforum.isa?zaq=1102375109

NOTE: unlike in normal mode, it is zaq=1102..., not zaq=1101...

The password may be defined separately for each separate conference running
on the server. In addition to that, administrator may define a universal
password for the entire server.

Separate password for a specific conference should be defined in the file
custom.txt with the tag

AdminPsw = xxxxxx

where xxxxxx - 6-digit decimal number

THE UNIVERSAL PASSWORD WILL BE CHECKED ONLY IF THERE IS NO PASSWORD FOR THE
SPECIFIC FORUM DEFINED IN THE FILE CUSTOM.TXT. The universal password will
be set automatically during the first access attempt with a special
administrative request code, PROVIDED THAT THERE IS NO PASSWORD IN THE FILE
CUSTOM.TXT. 6-digit number specified in the first such request will be
accepted as a universal password and remembered by the server for future
checking. Universal password is the same for all script instances running
on the server and is stored in system registry in the key "Remote Password"
at the following location:

HKEY_LOCAL_MACHINE\Software\AForum\

If you want to change universal password after it was once set, you should
run regedit.exe system utility on the server and delete the above key from
the system registry. After that you may invoke script from the browser using
the URL described above, specifying the new desired universal password in the
URL.

Note: the password defined in the file custom.txt has higher priority
over the universal password defined in registry.

Note: in some cases it may not be possible to set the universal password
automatically - depending on registry access rights settings on your web
server (often, only local administrator or privileged local user can change
entries in the system registry under HKEY_LOCAL_MACHINE).

NOTE: make sure there is no remote read access rights for script directories
on the level of remote web user - otherwise your custom.txt file can be
read remotely through a web browser using a URL like:

http://www.yourdomainname.com/cgi-bin/data/forum1/custom.txt

- and the password may be known to anybody. Remote read/write access rights
on the level of web server are not required for script directories. See
further comments about directory access rights on the web page with
instructions.

After you entered the conference in a special administrative mode, you will
have the same functionality as in a regular mode, but when retrieving the
messages, instead of the option "to place a reply to the message" you will
be given an option "to delete the message".

In addition to deleting some messages in a special administrative mode, you
may manually delete all the files in the directory associated with a definite
forum, except for the file custom.txt. Deleting all those files will reset
the corresponding forum, making it empty. It is not recommended to manually
delete only some files in the directory since doing this may violate data
integrity.

Note: the older messages may be deleted automatically from the bottom
of the list when it exceeds the maximum length of approx. 32 kb (something
about 400-500 messages).
