CodingForums.com - Simple 'whats current year' spam protection in classic ASP

Thanks for help, but still when loading page with form (visitors.asp) i get redirected to wrong.asp without chance to fill form. It's probably problem with existing code in that page but i can't find what that is.
asp code at top of visitors.asp looks like this:

Code:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>

<!--#include virtual="/Connections/access.asp" -->



<%

Dim MM_editAction

MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))

If (Request.QueryString <> "") Then

  MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString)

End If



' boolean to abort record edit

Dim MM_abortEdit

MM_abortEdit = false

%>

<%

' IIf implementation

Function MM_IIf(condition, ifTrue, ifFalse)

  If condition = "" Then

    MM_IIf = ifFalse

  Else

    MM_IIf = ifTrue

  End If

End Function

%>

<%

If (CStr(Request("MM_insert")) = "form1") Then

  If (Not MM_abortEdit) Then

    ' execute the insert

    Dim MM_editCmd



    Set MM_editCmd = Server.CreateObject ("ADODB.Command")

    MM_editCmd.ActiveConnection = MM_access_STRING

    MM_editCmd.CommandText = "INSERT INTO Content (data_Name, data_email, Text, Video, permission, Group, status) VALUES (?, ?, ?, ?, ?, ?, ?)" 

    MM_editCmd.Prepared = true

    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param1", 202, 1, 255, Request.Form("data_Name")) ' adVarWChar

    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param2", 202, 1, 255, Request.Form("data_email")) ' adVarWChar

    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param3", 203, 1, 536870910, Request.Form("Text")) ' adLongVarWChar

    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param4", 202, 1, 255, Request.Form("Video")) ' adVarWChar

    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param5", 5, 1, -1, MM_IIF(Request.Form("permission"), Request.Form("permission"), null)) ' adDouble

    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param6", 5, 1, -1, MM_IIF(Request.Form("Group"), Request.Form("Group"), null)) ' adDouble

    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param7", 5, 1, -1, MM_IIF(Request.Form("status"), Request.Form("status"), null)) ' adDouble

    MM_editCmd.Execute

    MM_editCmd.ActiveConnection.Close



    ' append the query string to the redirect URL

    Dim MM_editRedirectUrl

    MM_editRedirectUrl = "/visitors.asp"

    If (Request.QueryString <> "") Then

      If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0) Then

        MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString

      Else

        MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString

      End If

    End If

    Response.Redirect(MM_editRedirectUrl)

  End If

End If

%>

<!--#include virtual="/global.asp" -->

<%

Dim rsVisitors

Dim rsVisitors_cmd

Dim rsVisitors_numRows



Set rsVisitors_cmd = Server.CreateObject ("ADODB.Command")

rsVisitors_cmd.ActiveConnection = MM_access_STRING

rsVisitors_cmd.CommandText = "SELECT * FROM Content WHERE group = 3 AND status= 1 ORDER BY dataID desc" 

rsVisitors_cmd.Prepared = true



Set rsVisitors = rsVisitors_cmd.Execute

rsVisitors_numRows = 0

%>

<%

Dim Repeat1__numRows

Dim Repeat1__index



Repeat1__numRows = -1

Repeat1__index = 0

rsVisitors_numRows = rsVisitors_numRows + Repeat1__numRows

%>

asp code under  shouldnt be problem because its used to show exisiting inputs (as i get it :D)

and here is full form with code that you wrote:

Code:

<form action="<%=MM_editAction%>" method="POST" name="form1" id="form1">

          <label>Name:</label>

          <span id="sprytextfield1">

          <input type="text" name="data_Name" size="25" />

          <span class="textfieldRequiredMsg">Please insert your name.</span></span>

          <label>E-mail:</label>

          <span id="sprytextfield2">

          <input type="text" name="data_email" size="25" />

          <span class="textfieldRequiredMsg">Please insert your e-mail.</span><span class="textfieldInvalidFormatMsg">Invalid e-mail format.</span></span>

          <label>Message:</label>

          <span id="sprytextarea1">

          <textarea name="Text" cols="35" rows="5"></textarea>

          <span id="countsprytextarea1"></span><span class="textareaRequiredMsg">Please enter message.</span> <span class="textareaMinCharsMsg">Enter more than 10 characters.</span><span class="textareaMaxCharsMsg">&nbsp;Message is longer than 250 characters...Make it shorter!</span></span>

          <label>Video link:</label>

          <textarea name="Video" cols="35" rows="5"></textarea>

          <br />

          <label>SPAM protection:</label>

          <span>What's current year?</span>

          <input type="text" name="year" size="19" /><br/>

          <input type="submit" value="Send" />

          <input type="hidden" name="permission" value="0" />

          <input type="hidden" name="Group" value="3" />

          <input type="hidden" name="status" value="0" />

          <input name="date" type="hidden" id="date" value="Date()" />

          <input type="hidden" name="MM_insert" value="form1" />

                  

                <% 

                Dim captcha

                        capcha = 0

                On Error Resume Next

                        captcha = CINT(Request.Form("year"))

                On Error GoTo 0



                If captcha <> Year(Date) Then

                        Response.Redirect("wrong.asp")

                End If

                %>



        </form>