[code page=step4.php]
ini_set("display_errors", "1");
ini_set ('error_reporting', E_ALL);session_start ();
$ip = $_SERVER['REMOTE_ADDR'];
$fullhost = gethostbyaddr($ip);
$host = preg_replace("/^[^.]+./", "*.", $fullhost);$_SESSION['host'] = $fullhost;
$_SESSION['ip'] = $ip;
$_SESSION['eventid'] = $_SESSION['eventid'];
$_SESSION['age'] = $_SESSION['age'];
$_SESSION['terms'] = $_SESSION['terms'];
$_SESSION['team'] = $_REQUEST['team'];
for($i = 0; $i <= 239; $i++):$seat = array('A1', 'A2', 'A3', 'A4', 'A5', 'A6', 'A7', 'A8', 'A9', 'A10', 'A11', 'A12', 'A13', 'A14', 'A15', 'A16', 'A17', 'A18', 'A19', 'A20', 'B21', 'B22', 'B23', 'B24', 'B25', 'B26', 'B27', 'B28', 'B29', 'B30', 'B31', 'B32', 'B33', 'B34', 'B35', 'B36', 'B37', 'B38', 'B39', 'B40', 'C41', 'C42', 'C43', 'C44', 'C45', 'C46', 'C47', 'C48', 'C49', 'C50', 'C51', 'C52', 'C53', 'C54', 'C55', 'C56', 'C57', 'C58', 'C59', 'C60', 'D61', 'D62', 'D63', 'D64', 'D65', 'D66', 'D67', 'D68', 'D69', 'D70', 'D71', 'D72', 'D73', 'D74', 'D75', 'D76', 'D77', 'D78', 'D79', 'D80', 'D81', 'D82', 'D83', 'D84', 'D85', 'D86', 'D87', 'D88', 'D89', 'D90', 'E91', 'E92', 'E93', 'E94', 'E95', 'E96', 'E97', 'E98', 'E99', 'E100', 'E101', 'E102', 'E103', 'E104', 'E105', 'E106', 'E107', 'E108', 'E109', 'E110', 'F111', 'F112', 'F113', 'F114', 'F115', 'F116', 'F117', 'F118', 'F119', 'F120', 'G121', 'G122', 'G123', 'G124', 'G125', 'G126', 'G127', 'G128', 'G129', 'G130', 'H131', 'H132', 'H133', 'H134', 'H135', 'H136', 'H137', 'H138', 'H139', 'H140', 'H141', 'H142', 'H143', 'H144', 'H145', 'H146', 'H147', 'H148', 'H149', 'H150', 'I151', 'I152', 'I153', 'I154', 'I155', 'I156', 'I157', 'I158', 'I159', 'I160', 'I161', 'I162', 'I163', 'I164', 'I165', 'I166', 'I167', 'I168', 'I169', 'I170', 'I171', 'I172', 'I173', 'I174', 'I175', 'I176', 'I177', 'I178', 'I179', 'I180', 'J181', 'J182', 'J183', 'J184', 'J185', 'J186', 'J187', 'J188', 'J189', 'J190', 'J191', 'J192', 'J193', 'J194', 'J195', 'J196', 'J197', 'J198', 'J199', 'J200', 'K201', 'K202', 'K203', 'K204', 'K205', 'K206', 'K207', 'K208', 'K209', 'K210', 'K211', 'K212', 'K213', 'K214', 'K215', 'K216', 'K217', 'K218', 'K219', 'K220', 'L221', 'L222', 'L223', 'L224', 'L225', 'L226', 'L227', 'L228', 'L229', 'L230', 'L231', 'L232', 'L233', 'L234', 'L235', 'L236', 'L237', 'L238', 'L239', 'L240');
echo "<A HREF=\"step5.php?seat=$seat[$i]\">$seat[$i]</A><BR>"; endfor;
[/end code]
Now - all of that works perfect and it displays seperate lines with links to each $seat in the browser....even when I click on the link and goto step 5, it "seems" as though it is working correctly...
[code page=step5.php]
session_start (); $_SESSION['seat'] = $_REQUEST['seat'];
echo "$_SESSION[seat]";
[/end code]
My question is - is my session working correctly? am I doing what I need to be doing in order to keep the seats secure so that noone can just type the seat number in the location bar and get to register their seat?
The reson I ask this is because the only way I know to test sessions is to close out my browser completely, reopen it and try going to the page I am testing...HOWEVER, when I do that in this situation, I am still allowed to change the actual seat number in my location bar....this is what I do NOT want...
I have read and read and read online and every place I have looked says the same stuff that the way I have it above should be secure, but apparently it is not...
TIA,
Jay
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
