Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    367
    367 is offline
    New Coder
    Join Date
    Nov 2011
    Posts
    12
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Simple 'whats current year' spam protection in classic ASP

    Hi
    Title says what I need so I'll paste code that I have now. Am asp noob so
    html
    Code:
    <span>Whats current year?</span>
    <input type="text" name="year" />
    asp
    Code:
    <% Dim captcha
    
    captcha = Request.Form("year")
    
    If captcha <> "&Year(Date)" Then
        Response.Redirect("wrong.asp")
    End If
    
    %>
    Now it openes wrong.asp on page load automatically
    I think that "&Year(Date)" part is wrong, but when i put "2012" instead, it also openes wrong.asp on page load.

    Any suggestions?

    Thanks

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,216
    Thanks
    75
    Thanked 4,344 Times in 4,310 Posts
    Code:
    <% 
    Dim captcha
    capcha = 0
    On Error Resume Next
        captcha = CINT(Request.Form("year"))
    On Error GoTo 0
    
    If captcha <> Year(Date) Then
        Response.Redirect("wrong.asp")
    End If
    %>
    Year(Date) will be a *NUMBER* so you want to ensure that what comes from the user is also a number.

    The ON ERROR code allows you to force the value from the <form> posting to be a number. If it is not, then captcha will remain at 0 and of course not match the year of today's date.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #3
    367
    367 is offline
    New Coder
    Join Date
    Nov 2011
    Posts
    12
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thanks for help, but still when loading page with form (visitors.asp) i get redirected to wrong.asp without chance to fill form. It's probably problem with existing code in that page but i can't find what that is.
    asp code at top of visitors.asp looks like this:
    Code:
    <%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
    <!--#include virtual="/Connections/access.asp" -->
    
    <%
    Dim MM_editAction
    MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
    If (Request.QueryString <> "") Then
      MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString)
    End If
    
    ' boolean to abort record edit
    Dim MM_abortEdit
    MM_abortEdit = false
    %>
    <%
    ' IIf implementation
    Function MM_IIf(condition, ifTrue, ifFalse)
      If condition = "" Then
        MM_IIf = ifFalse
      Else
        MM_IIf = ifTrue
      End If
    End Function
    %>
    <%
    If (CStr(Request("MM_insert")) = "form1") Then
      If (Not MM_abortEdit) Then
        ' execute the insert
        Dim MM_editCmd
    
        Set MM_editCmd = Server.CreateObject ("ADODB.Command")
        MM_editCmd.ActiveConnection = MM_access_STRING
        MM_editCmd.CommandText = "INSERT INTO Content (data_Name, data_email, Text, Video, permission, Group, status) VALUES (?, ?, ?, ?, ?, ?, ?)" 
        MM_editCmd.Prepared = true
        MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param1", 202, 1, 255, Request.Form("data_Name")) ' adVarWChar
        MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param2", 202, 1, 255, Request.Form("data_email")) ' adVarWChar
        MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param3", 203, 1, 536870910, Request.Form("Text")) ' adLongVarWChar
        MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param4", 202, 1, 255, Request.Form("Video")) ' adVarWChar
        MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param5", 5, 1, -1, MM_IIF(Request.Form("permission"), Request.Form("permission"), null)) ' adDouble
        MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param6", 5, 1, -1, MM_IIF(Request.Form("Group"), Request.Form("Group"), null)) ' adDouble
        MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param7", 5, 1, -1, MM_IIF(Request.Form("status"), Request.Form("status"), null)) ' adDouble
        MM_editCmd.Execute
        MM_editCmd.ActiveConnection.Close
    
        ' append the query string to the redirect URL
        Dim MM_editRedirectUrl
        MM_editRedirectUrl = "/visitors.asp"
        If (Request.QueryString <> "") Then
          If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0) Then
            MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
          Else
            MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
          End If
        End If
        Response.Redirect(MM_editRedirectUrl)
      End If
    End If
    %>
    <!--#include virtual="/global.asp" -->
    <%
    Dim rsVisitors
    Dim rsVisitors_cmd
    Dim rsVisitors_numRows
    
    Set rsVisitors_cmd = Server.CreateObject ("ADODB.Command")
    rsVisitors_cmd.ActiveConnection = MM_access_STRING
    rsVisitors_cmd.CommandText = "SELECT * FROM Content WHERE group = 3 AND status= 1 ORDER BY dataID desc" 
    rsVisitors_cmd.Prepared = true
    
    Set rsVisitors = rsVisitors_cmd.Execute
    rsVisitors_numRows = 0
    %>
    <%
    Dim Repeat1__numRows
    Dim Repeat1__index
    
    Repeat1__numRows = -1
    Repeat1__index = 0
    rsVisitors_numRows = rsVisitors_numRows + Repeat1__numRows
    %>
    asp code under <!--#include virtual="/global.asp" --> shouldnt be problem because its used to show exisiting inputs (as i get it )

    and here is full form with code that you wrote:
    Code:
    <form action="<%=MM_editAction%>" method="POST" name="form1" id="form1">
              <label>Name:</label>
              <span id="sprytextfield1">
              <input type="text" name="data_Name" size="25" />
              <span class="textfieldRequiredMsg">Please insert your name.</span></span>
              <label>E-mail:</label>
              <span id="sprytextfield2">
              <input type="text" name="data_email" size="25" />
              <span class="textfieldRequiredMsg">Please insert your e-mail.</span><span class="textfieldInvalidFormatMsg">Invalid e-mail format.</span></span>
              <label>Message:</label>
              <span id="sprytextarea1">
              <textarea name="Text" cols="35" rows="5"></textarea>
              <span id="countsprytextarea1"></span><span class="textareaRequiredMsg">Please enter message.</span> <span class="textareaMinCharsMsg">Enter more than 10 characters.</span><span class="textareaMaxCharsMsg">&nbsp;Message is longer than 250 characters...Make it shorter!</span></span>
              <label>Video link:</label>
              <textarea name="Video" cols="35" rows="5"></textarea>
              <br />
              <label>SPAM protection:</label>
    	  <span>What's current year?</span>
    	  <input type="text" name="year" size="19" /><br/>
              <input type="submit" value="Send" />
              <input type="hidden" name="permission" value="0" />
              <input type="hidden" name="Group" value="3" />
              <input type="hidden" name="status" value="0" />
              <input name="date" type="hidden" id="date" value="Date()" />
              <input type="hidden" name="MM_insert" value="form1" />
    		  
    		<% 
    		Dim captcha
    			capcha = 0
    		On Error Resume Next
    			captcha = CINT(Request.Form("year"))
    		On Error GoTo 0
    
    		If captcha <> Year(Date) Then
    			Response.Redirect("wrong.asp")
    		End If
    		%>
    
            </form>

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,216
    Thanks
    75
    Thanked 4,344 Times in 4,310 Posts
    You can't put that year-checking code IN THE FORM!!!

    It has to go at the top of the code that *PROCESSES* the form!

    For example, maybe here:
    Code:
    <%
    If (CStr(Request("MM_insert")) = "form1") Then
        Dim captcha
        capcha = 0
        On Error Resume Next
            captcha = CINT(Request.Form("year"))
        On Error GoTo 0
        If captcha <> Year(Date) Then
            Response.Redirect("wrong.asp")
        End If
    
       If (Not MM_abortEdit) Then
          ' execute the insert
          Dim MM_editCmd
          ...
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    367 (08-01-2012)

  • #5
    367
    367 is offline
    New Coder
    Join Date
    Nov 2011
    Posts
    12
    Thanks
    3
    Thanked 0 Times in 0 Posts
    omg, you are right. it works now.

    thank you very much!


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •