Presence and IntComm WG

[Iljun Kim <>]

Ben,
The credit card processing script is ready for testing.  It's pointing
to the VeriSign test server and you can use Visa with 4111111111111111
as the credit card number.   It expects to get first_name, last_name
and email variables.
For example,
https://services.internet2.edu/payment/crPayment.jsp?first_name=IJ&last_name=Kim&;
  


I didn't review all the text and let me know if you want to
add/delete.

Thanks.

--IJ.


On Wed, Oct 01, 2003 at 11:43:27AM -0400, Ben Teitelbaum wrote:
> Artem,
> 
> Auditing your PHP code more carefully, I see two bugs.  
> 
> First, there is a race condition.  Two users simultaneously confirming
> and executing the confirm_email() function could step all over each
> other.  Please add file locking to prevent this possibility or
> re-implement statelessly with an MD5 checksum of $email . $first_name
> . $last_name . $secret_salt.
> 
> Secondly, the flow control is broken in the case where the user has
> already registered.  If the conditional ($status == "pending") fails,
> the script still prints:
> 
>   You are now registered for the PIC working groups Rich Presence
>   demo. You may purchase a headset at this time for use with the demo
>   by clicking here.
> 
> Admittedly, neither of these bugs is likely to cause catastrophic
> failure of the registration process, but it would be good to fix them
> anyway.
> 
> 
> For list utilities, archives, subscribe, unsubscribe, etc. please visit the
> ListProc web interface at 
> 
>     http://archives.internet2.edu/
> 
> 
> 

----------------------------------------------------------------wg-pic-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

----------------------------------------------------------------wg-pic--