MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.4.x Bug Reports > Duplicate or Bogus Bugs > [B] captcha.php test code still present
Full Version: [B] captcha.php test code still present
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

goughy000

2008-09-04, 08:15 AM
Is this code from the development stages or is it still used?

if($mybb->input['imagehash'] == "test")
{
	$imagestring = "MyBB";
}

so browsing to http://community.mybboard.net/captcha.ph...ehash=test

always returns an image with MyBB text.

I'm not sure if this is used as a valid test somewhere or is it just left over from the development stages?

I have checked over though and this dosn't compromise the job the captcha does against spam bots.


Update:
PS in the code following the above
elseif($mybb->input['imagehash'])
{
	$query = $db->simple_select("captcha", "*", "imagehash='".$db->escape_string(strval($mybb->input['imagehash']))."'", array("limit" => 1));
	$regimage = $db->fetch_array($query);
	$imagestring = $regimage['imagestring'];
}

the $query should be checked to see if it has returned rows or not and if it hasn't then return false.

Ryan Gordon

2008-09-04, 07:41 PM
MySQL will return null or false if there is no row, which is sufficient enough.

goughy000

2008-09-04, 09:45 PM
Yes i see your point but by adding this simple check with a "return false;" will cancel the rest of captcha.php from processing for no reason. It's just good code practice
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > Archived Bug Reports > MyBB 1.4.x Bug Reports > Duplicate or Bogus Bugs > [B] captcha.php test code still present