MyBB Community Forums

Full Version: [B] captcha.php test code still present
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Is this code from the development stages or is it still used?

if($mybb->input['imagehash'] == "test")
{
	$imagestring = "MyBB";
}

so browsing to http://community.mybboard.net/captcha.ph...ehash=test

always returns an image with MyBB text.

I'm not sure if this is used as a valid test somewhere or is it just left over from the development stages?

I have checked over though and this dosn't compromise the job the captcha does against spam bots.


Update:
PS in the code following the above
elseif($mybb->input['imagehash'])
{
	$query = $db->simple_select("captcha", "*", "imagehash='".$db->escape_string(strval($mybb->input['imagehash']))."'", array("limit" => 1));
	$regimage = $db->fetch_array($query);
	$imagestring = $regimage['imagestring'];
}

the $query should be checked to see if it has returned rows or not and if it hasn't then return false.
MySQL will return null or false if there is no row, which is sufficient enough.
Yes i see your point but by adding this simple check with a "return false;" will cancel the rest of captcha.php from processing for no reason. It's just good code practice