wg-pic - [WG-PIC:156] Re: Registration CGI Ready for Testing

Subject: Presence and IntComm WG

List archive

[WG-PIC:156] Re: Registration CGI Ready for Testing

From: Ben Teitelbaum <>
To: Artem Dmytrenko <>
Cc: wg-pic <>
Subject: [WG-PIC:156] Re: Registration CGI Ready for Testing
Date: 01 Oct 2003 11:43:27 -0400

Artem,

Auditing your PHP code more carefully, I see two bugs.

First, there is a race condition. Two users simultaneously confirming
and executing the confirm_email() function could step all over each
other. Please add file locking to prevent this possibility or
re-implement statelessly with an MD5 checksum of $email . $first_name
. $last_name . $secret_salt.

Secondly, the flow control is broken in the case where the user has
already registered. If the conditional ($status == "pending") fails,
the script still prints:

You are now registered for the PIC working groups Rich Presence
demo. You may purchase a headset at this time for use with the demo
by clicking here.

Admittedly, neither of these bugs is likely to cause catastrophic
failure of the registration process, but it would be good to fix them
anyway.

-- ben (still waiting for flight in DTW)

----------------------------------------------------------------wg-pic-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

----------------------------------------------------------------wg-pic--

[WG-PIC:156] Re: Registration CGI Ready for Testing, Ben Teitelbaum, 10/01/2003
- [WG-PIC:158] Re: Registration CGI Ready for Testing, Iljun Kim, 10/01/2003
  - [WG-PIC:160] Re: Registration CGI Ready for Testing, Ben Teitelbaum, 10/01/2003
    - [WG-PIC:172] Re: Registration CGI Ready for Testing, Iljun Kim, 10/02/2003
      - [WG-PIC:178] Re: Registration CGI Ready for Testing, Ben Teitelbaum, 10/02/2003
- [WG-PIC:159] Re: Registration CGI Ready for Testing, Artem Dmytrenko, 10/01/2003

List archive

[WG-PIC:156] Re: Registration CGI Ready for Testing