Thread: Simple 'whats current year' spam protection in classic ASP
View Single Post
Old 08-01-2012, 01:31 PM   PM User | #3
367
New Coder

 
Join Date: Nov 2011
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
367 is an unknown quantity at this point
Thanks for help, but still when loading page with form (visitors.asp) i get redirected to wrong.asp without chance to fill form. It's probably problem with existing code in that page but i can't find what that is.
asp code at top of visitors.asp looks like this:
Code:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include virtual="/Connections/access.asp" -->

<%
Dim MM_editAction
MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
  MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString)
End If

' boolean to abort record edit
Dim MM_abortEdit
MM_abortEdit = false
%>
<%
' IIf implementation
Function MM_IIf(condition, ifTrue, ifFalse)
  If condition = "" Then
    MM_IIf = ifFalse
  Else
    MM_IIf = ifTrue
  End If
End Function
%>
<%
If (CStr(Request("MM_insert")) = "form1") Then
  If (Not MM_abortEdit) Then
    ' execute the insert
    Dim MM_editCmd

    Set MM_editCmd = Server.CreateObject ("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_access_STRING
    MM_editCmd.CommandText = "INSERT INTO Content (data_Name, data_email, Text, Video, permission, Group, status) VALUES (?, ?, ?, ?, ?, ?, ?)" 
    MM_editCmd.Prepared = true
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param1", 202, 1, 255, Request.Form("data_Name")) ' adVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param2", 202, 1, 255, Request.Form("data_email")) ' adVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param3", 203, 1, 536870910, Request.Form("Text")) ' adLongVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param4", 202, 1, 255, Request.Form("Video")) ' adVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param5", 5, 1, -1, MM_IIF(Request.Form("permission"), Request.Form("permission"), null)) ' adDouble
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param6", 5, 1, -1, MM_IIF(Request.Form("Group"), Request.Form("Group"), null)) ' adDouble
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param7", 5, 1, -1, MM_IIF(Request.Form("status"), Request.Form("status"), null)) ' adDouble
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close

    ' append the query string to the redirect URL
    Dim MM_editRedirectUrl
    MM_editRedirectUrl = "/visitors.asp"
    If (Request.QueryString <> "") Then
      If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0) Then
        MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
      Else
        MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
      End If
    End If
    Response.Redirect(MM_editRedirectUrl)
  End If
End If
%>
<!--#include virtual="/global.asp" -->
<%
Dim rsVisitors
Dim rsVisitors_cmd
Dim rsVisitors_numRows

Set rsVisitors_cmd = Server.CreateObject ("ADODB.Command")
rsVisitors_cmd.ActiveConnection = MM_access_STRING
rsVisitors_cmd.CommandText = "SELECT * FROM Content WHERE group = 3 AND status= 1 ORDER BY dataID desc" 
rsVisitors_cmd.Prepared = true

Set rsVisitors = rsVisitors_cmd.Execute
rsVisitors_numRows = 0
%>
<%
Dim Repeat1__numRows
Dim Repeat1__index

Repeat1__numRows = -1
Repeat1__index = 0
rsVisitors_numRows = rsVisitors_numRows + Repeat1__numRows
%>
asp code under <!--#include virtual="/global.asp" --> shouldnt be problem because its used to show exisiting inputs (as i get it )

and here is full form with code that you wrote:
Code:
<form action="<%=MM_editAction%>" method="POST" name="form1" id="form1">
          <label>Name:</label>
          <span id="sprytextfield1">
          <input type="text" name="data_Name" size="25" />
          <span class="textfieldRequiredMsg">Please insert your name.</span></span>
          <label>E-mail:</label>
          <span id="sprytextfield2">
          <input type="text" name="data_email" size="25" />
          <span class="textfieldRequiredMsg">Please insert your e-mail.</span><span class="textfieldInvalidFormatMsg">Invalid e-mail format.</span></span>
          <label>Message:</label>
          <span id="sprytextarea1">
          <textarea name="Text" cols="35" rows="5"></textarea>
          <span id="countsprytextarea1"></span><span class="textareaRequiredMsg">Please enter message.</span> <span class="textareaMinCharsMsg">Enter more than 10 characters.</span><span class="textareaMaxCharsMsg">&nbsp;Message is longer than 250 characters...Make it shorter!</span></span>
          <label>Video link:</label>
          <textarea name="Video" cols="35" rows="5"></textarea>
          <br />
          <label>SPAM protection:</label>
	  <span>What's current year?</span>
	  <input type="text" name="year" size="19" /><br/>
          <input type="submit" value="Send" />
          <input type="hidden" name="permission" value="0" />
          <input type="hidden" name="Group" value="3" />
          <input type="hidden" name="status" value="0" />
          <input name="date" type="hidden" id="date" value="Date()" />
          <input type="hidden" name="MM_insert" value="form1" />
		  
		<% 
		Dim captcha
			capcha = 0
		On Error Resume Next
			captcha = CINT(Request.Form("year"))
		On Error GoTo 0

		If captcha <> Year(Date) Then
			Response.Redirect("wrong.asp")
		End If
		%>

        </form>
367 is offline   Reply With Quote