Concept of Holding a reservation.

[cancer10]

Hi

I was wondering how do you implement the concept of holding a registration of an event or a booking?

For instance, when you try to book a hotel room or a try to book a air ticket online, they hold your registration for say 10 or 15 mins, during which the room or seat will be locked for that time and once the time expires, they release the holding.

A real life example would be events hosting on eventbrite

Code:

http://collaboratemumbai-ehometext.eventbrite.com/

How do we implement the same concept in an PHP application?



Any help will be greatful.


Thanks

[JoeDaStudd]

The data about availability will be held in a table.
Odds are they will use a script which reduces the availability and puts a separate entry on a reservation table. Against which they will store timestamp, which item was reserved, how many it was reserved for, who for, etc.

Depending on the size of the site they will then have cron or similar task scheduled to run every x minutes which looks at the reservation table once the timestamp + x time it reverts the reservation and deletes the entry in the table.

Sounds complicated, but its essentially just 1 query to reduce, 1 to insert, 1 to check the timestamp vs current timestamp, another to update and a final one to remove.
There is very little php involved.

We that's at least how I would do it.

[cancer10]

Thanks for your reply

I will try this and shall get back to you if I have further queries.


Thanks once again

[cancer10]

Hi Again

I have implemented the concept and it works like a charm except for one case. Our QA team has discovered an issue and I am not sure if this is the problem of the code or the database queue request.

Our QA team are testing this by clicking on the "Check Room Availability" button simultaneously on 2 different computers at a single point of time. 2 out of 20 times they succeed in breaking the rule.

For example, for 10th July 2011 only 1 room is available in a hotel. If we proceed with booking this room for the aforesaid date, the application holds the reservation for 15 mins for that user. But if the "Check Room Availability" button is clicked by 2 users at the same point of time, the rule fails 2 times out of 20 attempts.

What do you think the cause of this and how can we prevent it?

Any suggestion will be highly appreciated.


Many thanks in advance.

[cancer10]

HI Again

I have an interesting question regarding the concept of holding a reservation.

Suppose a registration is being held for a user for 20 mins, he fills up all the required forms (lets assume he spends 15 mins filling up the forms), after that the application takes him to the payment gateway page, where he spends 6-7 mins filling up teh credit card details, name etc.

In the meanwhile a CRON which is set to run every 20 mins, deletes the record of that user from the database since the user has spent more than 20 mins for completing the whole process.

After making a successful payment, when the user is redirected back to the application, the application does not find the matching record and displays an error to him saying your session has timed out etc.

How would you handle or make the application handle such a case where the user has already made the payment?

Any help / ideas will be highly appreciated.

[ApacheTech]

You could use an AJAX script or even a basic Javascript to show the user how long they have left in their "session". Maybe even a link that says "Require more time?" which then resets the timestamp in the database. The script would automatically disable the submit buttons on the forms they are filling in when the session expires. AJAX would allow you to reset the session without them losing the data they have already filled in.

[traq]

taking that concept further, write an AJAX script that simply tells the server that the user is still filling out the form (so the server can reset to time limit, effectively starting the countdown only after the user leaves the page).

[cancer10]

But the question is, when the user is at the payment gateway (paypal etc) and spends all the time there, how will our application work in the background?

[ApacheTech]

taking that concept further, write an AJAX script that simply tells the server that the user is still filling out the form (so the server can reset to time limit, effectively starting the countdown only after the user leaves the page).

There would be a slight security hole in this, where a user could effectively shut down your booking system by auto filling forms and not sending them. Just activating the form (typing, focusing, blurring etc) would reset the timestamp. One irate customer with <X> tabs open could effectively shut down the hotel. Unless the backend security is rock solid, it could easily lead to IOOR errors and possible DDOS if the server load gets too high. You'd need something that means a human has to authenticate their need to continue.

A link saying "Need more time to fill in the form?" opens a modal overlay with a Captcha and a submit button. That's the safest way to do it via AJAX.

But the question is, when the user is at the payment gateway (paypal etc) and spends all the time there, how will our application work in the background?

Rather than have them go to PayPal, have PayPal come to them. You can use the PayPal API to intergrate an express checkout into your site:

https://cms.paypal.com/us/cgi-bin/?c...o_api_overview

Or, if you need something more bespoke, you could commission a paid API such as:

http://www.hotelsystems.co.uk/softwa...ooking-system/

However you choose to do it; make sure you are security conscious all the way through. This is the one part of the website in which security holes could lead to real world monetary loss for your company. Make sure you use air-tight sessions to validate your customer and use that session as your reservation marker. If you have two sessions running for the same customer, it could leave things open to exploitation.

Lastly, make sure you only ever accept payments (even using the PayPal or other 3rd party API) through an SSL connection, and use AES Salted encryption whenever possible.