Jump to content

Recommended Posts

hi all, i have written a seating plan page for my website which allows users to click on a seat and that seat is then allocated to there username, however theres nothing stopping a user changing the URL to a seat thats been taken and "taking" that seat from someone else.

 

heres my code for my reserve_seat.php

 

<?PHP
session_start();
/* get user id */
$user_id = $_SESSION['username'];

/* get the seat number */
$seat_id = $_GET['seat'];

/* connect to data base */
require ('./secure/connect.php');


/* create query */
$query = "UPDATE seats_table set taken = FALSE, user_id = '0' WHERE user_id = '$user_id'";
$query2 = "UPDATE seats_table set taken = TRUE, user_id = '$user_id'  WHERE id = '$seat_id'";
/* $query3 = "UPDATE users set signed_up = '3' WHERE username = '$user_id'"; */


/* execute the query */
$result = mysql_query($query);
$result2 = mysql_query($query2);
/* $result3 = mysql_query($query3); */


/* advise user their seat has been reserved */
include 'seating.php';

?>

 

so if a user reserves seat 28 the url is http://localhost/reserve_seat.php?seat=26, but theres nothing stopping another user typing this url and "stealing" this seat

 

i need some kind of IF statement before the sql queries that checks to see if the seats "taken" column is 1 or 0 bearing in mind there is 49 seats but im lost at how to write it. any help would be great

 

Lee

Link to comment
https://forums.phpfreaks.com/topic/228404-seating-overwrite/
Share on other sites

<?PHP
session_start();
/* get user id */
$user_id = $_SESSION['username'];

/* get the seat number */
$seat_id = $_GET['seat'];

//NEW CODE STARTS HERE

$sqlCommand = "SELECT taken FROM seats_table WHERE seat_id = $seat_id";
$query = mysql_query($sqlCommand, $myConnection) or die (mysql_error());
while($row = mysql_fetch_array($query)){
$taken = $row["taken"];
}
mysql_free_result($query);

//Check if seat is taken
if($taken == 1){
echo "That seat is taken, please go back and select another";
exit();		//will stop processing the rest of the script, so nothing else will be shown.
}

//NEW CODE ENDS HERE

/* connect to data base */
require ('./secure/connect.php');


/* create query */
$query = "UPDATE seats_table set taken = FALSE, user_id = '0' WHERE user_id = '$user_id'";
$query2 = "UPDATE seats_table set taken = TRUE, user_id = '$user_id'  WHERE id = '$seat_id'";
/* $query3 = "UPDATE users set signed_up = '3' WHERE username = '$user_id'"; */


/* execute the query */
$result = mysql_query($query);
$result2 = mysql_query($query2);
/* $result3 = mysql_query($query3); */


/* advise user their seat has been reserved */
include 'seating.php';

?>

 

That's something I've just whipped up for you. You can see where I've added code. I haven't tested it, so there might be some silly errors in there, but nothing that you won't be able to figure out :).

 

Hopefully that helps.

 

Denno

Link to comment
https://forums.phpfreaks.com/topic/228404-seating-overwrite/#findComment-1178044
Share on other sites

So, a user can only have one seat? That would seem to be the case based upon your code. Oh well, denno020 has the right idea, but I think the below would be more efficient. Plus that code will not work as written sice it is trying to run queries before connecting to the DB. I also added code to prevent sql injection

 

<?php
session_start();

/* connect to data base */
require ('./secure/connect.php');

/* get user id */
$user_id = mysql_real_escape_string(trim($_SESSION['username']));
/* get the seat number */
$seat_id = mysql_real_escape_string(trim($_GET['seat']));

//Check if seat is already taken
$query = "SELECT taken FROM seats_table WHERE seat_id = $seat_id AND taken = TRUE";
$result = mysql_query($query, $myConnection) or die (mysql_error());

//Check if seat is taken
if(mysql_num_rows($result)>0)
{
    echo "That seat is taken, please go back and select another";
exit();
    //Could also do a header to redirect to appropritate page
}

/* create query */
$query = "UPDATE seats_table set taken = FALSE, user_id = '0' WHERE user_id = '$user_id'";
$result = mysql_query($query) or die (mysql_error());
$query = "UPDATE seats_table set taken = TRUE, user_id = '$user_id'  WHERE id = '$seat_id'";
$result = mysql_query($query) or die (mysql_error());
/* $query3 = "UPDATE users set signed_up = '3' WHERE username = '$user_id'"; */
/* $result3 = mysql_query($query3); */

/* advise user their seat has been reserved */
include 'seating.php';

?>

 

Link to comment
https://forums.phpfreaks.com/topic/228404-seating-overwrite/#findComment-1178052
Share on other sites

So, a user can only have one seat? That would seem to be the case based upon your code. Oh well, denno020 has the right idea, but I think the below would be more efficient. Plus that code will not work as written sice it is trying to run queries before connecting to the DB. I also added code to prevent sql injection

 

<?php
session_start();

/* connect to data base */
require ('./secure/connect.php');

/* get user id */
$user_id = mysql_real_escape_string(trim($_SESSION['username']));
/* get the seat number */
$seat_id = mysql_real_escape_string(trim($_GET['seat']));

//Check if seat is already taken
$query = "SELECT taken FROM seats_table WHERE seat_id = $seat_id AND taken = TRUE";
$result = mysql_query($query, $myConnection) or die (mysql_error());

//Check if seat is taken
if(mysql_num_rows($result)>0)
{
    echo "That seat is taken, please go back and select another";
exit();
    //Could also do a header to redirect to appropritate page
}

/* create query */
$query = "UPDATE seats_table set taken = FALSE, user_id = '0' WHERE user_id = '$user_id'";
$result = mysql_query($query) or die (mysql_error());
$query = "UPDATE seats_table set taken = TRUE, user_id = '$user_id'  WHERE id = '$seat_id'";
$result = mysql_query($query) or die (mysql_error());
/* $query3 = "UPDATE users set signed_up = '3' WHERE username = '$user_id'"; */
/* $result3 = mysql_query($query3); */

/* advise user their seat has been reserved */
include 'seating.php';

?>

 

 

That's a pretty good point about running queries before being connected to the database, oops.

Thanks for the sql injection fix up too.

Link to comment
https://forums.phpfreaks.com/topic/228404-seating-overwrite/#findComment-1178056
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.