Security fix to captcha checking example

jianlinwei / cool-php-captcha

Automatically exported from code.google.com/p/cool-php-captcha

GNU General Public License v3.0

0 stars 0 forks source link

Security fix to captcha checking example #5

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

I suggest to check if $_SESSION['captcha'] is not empty. Because current
example allows surpassing captcha when both session and request variables
are empty.

So fixed example should be:

if (!$_SESSION['captcha'] || (strtolower(trim($_REQUEST['captcha'])) !=
$_SESSION['captcha'])) {
    return "Invalid captcha";
}

Original issue reported on code.google.com by laurynas...@gmail.com on 29 Oct 2009 at 11:09

GoogleCodeExporter commented 9 years ago

Original comment by joserodr...@gmail.com on 20 Aug 2010 at 7:00

Changed state: Fixed