Go Back   CodingForums.com > :: Server side development > ASP
Reload this Page Simple 'whats current year' spam protection in classic ASP

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rating: Thread Rating: 3 votes, 5.00 average.
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 07-31-2012, 12:36 PM   PM User | #1
367
New Coder

 
Join Date: Nov 2011
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
367 is an unknown quantity at this point
Simple 'whats current year' spam protection in classic ASP
Hi
Title says what I need so I'll paste code that I have now. Am asp noob so
html
Code:
<span>Whats current year?</span>
<input type="text" name="year" />
asp
Code:
<% Dim captcha

captcha = Request.Form("year")

If captcha <> "&Year(Date)" Then
    Response.Redirect("wrong.asp")
End If

%>
Now it openes wrong.asp on page load automatically
I think that "&Year(Date)" part is wrong, but when i put "2012" instead, it also openes wrong.asp on page load.

Any suggestions?

Thanks
367 is offline   Reply With Quote
Old 07-31-2012, 08:39 PM   PM User | #2
Old Pedant
Supreme Master coder!

 
Old Pedant's Avatar
 
Join Date: Feb 2009
Posts: 23,248
Thanks: 59
Thanked 3,998 Times in 3,967 Posts
Old Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to all
Code:
<% 
Dim captcha
capcha = 0
On Error Resume Next
    captcha = CINT(Request.Form("year"))
On Error GoTo 0

If captcha <> Year(Date) Then
    Response.Redirect("wrong.asp")
End If
%>
Year(Date) will be a *NUMBER* so you want to ensure that what comes from the user is also a number.

The ON ERROR code allows you to force the value from the <form> posting to be a number. If it is not, then captcha will remain at 0 and of course not match the year of today's date.
__________________
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.
Old Pedant is offline   Reply With Quote
Old 08-01-2012, 01:31 PM   PM User | #3
367
New Coder

 
Join Date: Nov 2011
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
367 is an unknown quantity at this point
Thanks for help, but still when loading page with form (visitors.asp) i get redirected to wrong.asp without chance to fill form. It's probably problem with existing code in that page but i can't find what that is.
asp code at top of visitors.asp looks like this:
Code:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include virtual="/Connections/access.asp" -->

<%
Dim MM_editAction
MM_editAction = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
  MM_editAction = MM_editAction & "?" & Server.HTMLEncode(Request.QueryString)
End If

' boolean to abort record edit
Dim MM_abortEdit
MM_abortEdit = false
%>
<%
' IIf implementation
Function MM_IIf(condition, ifTrue, ifFalse)
  If condition = "" Then
    MM_IIf = ifFalse
  Else
    MM_IIf = ifTrue
  End If
End Function
%>
<%
If (CStr(Request("MM_insert")) = "form1") Then
  If (Not MM_abortEdit) Then
    ' execute the insert
    Dim MM_editCmd

    Set MM_editCmd = Server.CreateObject ("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_access_STRING
    MM_editCmd.CommandText = "INSERT INTO Content (data_Name, data_email, Text, Video, permission, Group, status) VALUES (?, ?, ?, ?, ?, ?, ?)" 
    MM_editCmd.Prepared = true
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param1", 202, 1, 255, Request.Form("data_Name")) ' adVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param2", 202, 1, 255, Request.Form("data_email")) ' adVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param3", 203, 1, 536870910, Request.Form("Text")) ' adLongVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param4", 202, 1, 255, Request.Form("Video")) ' adVarWChar
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param5", 5, 1, -1, MM_IIF(Request.Form("permission"), Request.Form("permission"), null)) ' adDouble
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param6", 5, 1, -1, MM_IIF(Request.Form("Group"), Request.Form("Group"), null)) ' adDouble
    MM_editCmd.Parameters.Append MM_editCmd.CreateParameter("param7", 5, 1, -1, MM_IIF(Request.Form("status"), Request.Form("status"), null)) ' adDouble
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close

    ' append the query string to the redirect URL
    Dim MM_editRedirectUrl
    MM_editRedirectUrl = "/visitors.asp"
    If (Request.QueryString <> "") Then
      If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0) Then
        MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
      Else
        MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
      End If
    End If
    Response.Redirect(MM_editRedirectUrl)
  End If
End If
%>
<!--#include virtual="/global.asp" -->
<%
Dim rsVisitors
Dim rsVisitors_cmd
Dim rsVisitors_numRows

Set rsVisitors_cmd = Server.CreateObject ("ADODB.Command")
rsVisitors_cmd.ActiveConnection = MM_access_STRING
rsVisitors_cmd.CommandText = "SELECT * FROM Content WHERE group = 3 AND status= 1 ORDER BY dataID desc" 
rsVisitors_cmd.Prepared = true

Set rsVisitors = rsVisitors_cmd.Execute
rsVisitors_numRows = 0
%>
<%
Dim Repeat1__numRows
Dim Repeat1__index

Repeat1__numRows = -1
Repeat1__index = 0
rsVisitors_numRows = rsVisitors_numRows + Repeat1__numRows
%>
asp code under <!--#include virtual="/global.asp" --> shouldnt be problem because its used to show exisiting inputs (as i get it )

and here is full form with code that you wrote:
Code:
<form action="<%=MM_editAction%>" method="POST" name="form1" id="form1">
          <label>Name:</label>
          <span id="sprytextfield1">
          <input type="text" name="data_Name" size="25" />
          <span class="textfieldRequiredMsg">Please insert your name.</span></span>
          <label>E-mail:</label>
          <span id="sprytextfield2">
          <input type="text" name="data_email" size="25" />
          <span class="textfieldRequiredMsg">Please insert your e-mail.</span><span class="textfieldInvalidFormatMsg">Invalid e-mail format.</span></span>
          <label>Message:</label>
          <span id="sprytextarea1">
          <textarea name="Text" cols="35" rows="5"></textarea>
          <span id="countsprytextarea1"></span><span class="textareaRequiredMsg">Please enter message.</span> <span class="textareaMinCharsMsg">Enter more than 10 characters.</span><span class="textareaMaxCharsMsg">&nbsp;Message is longer than 250 characters...Make it shorter!</span></span>
          <label>Video link:</label>
          <textarea name="Video" cols="35" rows="5"></textarea>
          <br />
          <label>SPAM protection:</label>
	  <span>What's current year?</span>
	  <input type="text" name="year" size="19" /><br/>
          <input type="submit" value="Send" />
          <input type="hidden" name="permission" value="0" />
          <input type="hidden" name="Group" value="3" />
          <input type="hidden" name="status" value="0" />
          <input name="date" type="hidden" id="date" value="Date()" />
          <input type="hidden" name="MM_insert" value="form1" />
		  
		<% 
		Dim captcha
			capcha = 0
		On Error Resume Next
			captcha = CINT(Request.Form("year"))
		On Error GoTo 0

		If captcha <> Year(Date) Then
			Response.Redirect("wrong.asp")
		End If
		%>

        </form>
367 is offline   Reply With Quote
Old 08-01-2012, 08:55 PM   PM User | #4
Old Pedant
Supreme Master coder!

 
Old Pedant's Avatar
 
Join Date: Feb 2009
Posts: 23,248
Thanks: 59
Thanked 3,998 Times in 3,967 Posts
Old Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to allOld Pedant is a name known to all
You can't put that year-checking code IN THE FORM!!!

It has to go at the top of the code that *PROCESSES* the form!

For example, maybe here:
Code:
<%
If (CStr(Request("MM_insert")) = "form1") Then
    Dim captcha
    capcha = 0
    On Error Resume Next
        captcha = CINT(Request.Form("year"))
    On Error GoTo 0
    If captcha <> Year(Date) Then
        Response.Redirect("wrong.asp")
    End If

   If (Not MM_abortEdit) Then
      ' execute the insert
      Dim MM_editCmd
      ...
__________________
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.
Old Pedant is offline   Reply With Quote
Users who have thanked Old Pedant for this post:
367 (08-01-2012)
Old 08-01-2012, 09:44 PM   PM User | #5
367
New Coder

 
Join Date: Nov 2011
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
367 is an unknown quantity at this point
omg, you are right. it works now.

thank you very much!
367 is offline   Reply With Quote
Reply

Bookmarks

Tags
asp, captcha, spam protection

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 12:42 PM.
Advertisement
Log in to turn off these ads.