#5 Automatic DiskID generation problem
There is a potential problem in the way the automatic
DiskID generation works.
Now, the ID is generated by adding 1 to the highest
DiskID in the database. This is located near the end of
edit.php.
The problem can arise because this is done BEFORE
completing the new item form. So, if while I am filling
the form, somebody else does the same, he will get the
same DiskID. Thus, the two entries will be identified
by the same ID, and when you borrow one the other will
be also borrowed by mistake.
It can be at least made less probable.
Instead of calculating the DiskID before the form
completion, it should be done at the moment of database
insertion.
To do this, the following lines should be commented out
in edit.php:
$result = runSQL\($NEXTUSERID\);
$video\[0\]\['diskid'\] = $result\[0\]\['max'\];
and instead, the following should be inserted in the
part where it says "sanitize input", just before the
"if ($SETS...." statement (it is on line 177 in the
version 2.0.2 I downloaded):
if\(\($name == 'diskid'\) && \($config\['autoid'\]\) &&
(empty($$name)))
{
$result = runSQL($NEXTUSERID);
$$name = $result[0]['max'];
}
This way, IF autoid is on, and no manual ID has been
given, it will calculate an appropriate DiskID just
before insertion. It is still not 100% safe, but at
least the interval in which conflicts can happen is
very small, driving the probability of equal IDs to a
much lower value.
I am attaching the modified version of edit.php that I
put in place on my installation.
Cheers.
modified version of edit.php
Logged In: YES
user_id=213309
One thing that would be nice is to have a random number
assigned, if you choose to..
Because I use a speciall numbering system for some movies
(divx, etc). BUT I want to use the normal auto-increment
number for DVDs.. but they don't work nice together. It
appears that the auto number never increments.