$seat = array('A1', ...
before the loop, it will make your page faster.
If you mean by secure that $_SESSION will contain only one of those 240 seats, then no, the user can type in anything and you just take it. You need to check if in_array($_REQUEST['seat'],$seat).
And if you mean a seat can be taken only by one customer, then you need to check it against some storage, preferably against sql db.
Jay Fitzgerald wrote:
This is the code I have that is on step 4 of an event registration system i am working on...
[code page=step4.php]
ini_set("display_errors", "1"); ini_set ('error_reporting', E_ALL);
session_start (); $ip = $_SERVER['REMOTE_ADDR']; $fullhost = gethostbyaddr($ip); $host = preg_replace("/^[^.]+./", "*.", $fullhost);
$_SESSION['host'] = $fullhost;
$_SESSION['ip'] = $ip;
$_SESSION['eventid'] = $_SESSION['eventid'];
$_SESSION['age'] = $_SESSION['age'];
$_SESSION['terms'] = $_SESSION['terms'];
$_SESSION['team'] = $_REQUEST['team'];
for($i = 0; $i <= 239; $i++):
$seat = array('A1', 'A2', 'A3', 'A4', 'A5', 'A6', 'A7', 'A8', 'A9', 'A10', 'A11', 'A12', 'A13', 'A14', 'A15', 'A16', 'A17', 'A18', 'A19', 'A20', 'B21', 'B22', 'B23', 'B24', 'B25', 'B26', 'B27', 'B28', 'B29', 'B30', 'B31', 'B32', 'B33', 'B34', 'B35', 'B36', 'B37', 'B38', 'B39', 'B40', 'C41', 'C42', 'C43', 'C44', 'C45', 'C46', 'C47', 'C48', 'C49', 'C50', 'C51', 'C52', 'C53', 'C54', 'C55', 'C56', 'C57', 'C58', 'C59', 'C60', 'D61', 'D62', 'D63', 'D64', 'D65', 'D66', 'D67', 'D68', 'D69', 'D70', 'D71', 'D72', 'D73', 'D74', 'D75', 'D76', 'D77', 'D78', 'D79', 'D80', 'D81', 'D82', 'D83', 'D84', 'D85', 'D86', 'D87', 'D88', 'D89', 'D90', 'E91', 'E92', 'E93', 'E94', 'E95', 'E96', 'E97', 'E98', 'E99', 'E100', 'E101', 'E102', 'E103', 'E104', 'E105', 'E106', 'E107', 'E108', 'E109', 'E110', 'F111', 'F112', 'F113', 'F114', 'F115', 'F116', 'F117', 'F118', 'F119', 'F120', 'G121', 'G122', 'G123', 'G124', 'G125', 'G126', 'G127', 'G128', 'G129', 'G130', 'H131', 'H132', 'H133', 'H134', 'H135', 'H136', 'H137', 'H138', 'H139', 'H140', 'H141', 'H142', 'H143', 'H144', 'H145', 'H146', 'H147', 'H148', 'H149', 'H150', 'I151', 'I152', 'I153', 'I154', 'I155', 'I156', 'I157', 'I158', 'I159', 'I160', 'I161', 'I162', 'I163', 'I164', 'I165', 'I166', 'I167', 'I168', 'I169', 'I170', 'I171', 'I172', 'I173', 'I174', 'I175', 'I176', 'I177', 'I178', 'I179', 'I180', 'J181', 'J182', 'J183', 'J184', 'J185', 'J186', 'J187', 'J188', 'J189', 'J190', 'J191', 'J192', 'J193', 'J194', 'J195', 'J196', 'J197', 'J198', 'J199', 'J200', 'K201', 'K202', 'K203', 'K204', 'K205', 'K206', 'K207', 'K208', 'K209', 'K210', 'K211', 'K212', 'K213', 'K214', 'K215', 'K216', 'K217', 'K218', 'K219', 'K220', 'L221', 'L222', 'L223', 'L224', 'L225', 'L226', 'L227', 'L228', 'L229', 'L230', 'L231', 'L232', 'L233', 'L234', 'L235', 'L236', 'L237', 'L238', 'L239', 'L240');
echo "<A HREF=\"step5.php?seat=$seat[$i]\">$seat[$i]</A><BR>"; endfor;
[/end code]
Now - all of that works perfect and it displays seperate lines with links to each $seat in the browser....even when I click on the link and goto step 5, it "seems" as though it is working correctly...
[code page=step5.php]
session_start (); $_SESSION['seat'] = $_REQUEST['seat'];
echo "$_SESSION[seat]";
[/end code]
My question is - is my session working correctly? am I doing what I need to be doing in order to keep the seats secure so that noone can just type the seat number in the location bar and get to register their seat?
The reson I ask this is because the only way I know to test sessions is to close out my browser completely, reopen it and try going to the page I am testing...HOWEVER, when I do that in this situation, I am still allowed to change the actual seat number in my location bar....this is what I do NOT want...
I have read and read and read online and every place I have looked says the same stuff that the way I have it above should be secure, but apparently it is not...
TIA,
Jay
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
