I have an appointment software feature on my website that has some security problems. It was done in PHP but a user was able to change the viewable code (links) while using the scheduler and actually reserve time and make it look like it was paid in full using Miva Merchant. No one can make an appointment with paying a deposit or in full. The program takes the user through five steps to complete the booking process.
I need someone to make it impossible for someone to successfully make it look like they have paid to make an appointment which actually does make the time they chose unavailable on my schedule.
What happens is when a user puts his mouse over the time they want, a link appears at the bottom and the faker copies this link and pastes it into the browser where he makes a change in the code.
Also, it was determined that when a normal user stops the process and comes back, that the old order stays there and it adds up instead of starting a new order and they all get added up and can't be removed if they went through the scheduler.
So it's just those two things that need to be changed.
## Deliverables
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
## Platform
web