- All staff paths (build, lock, edit, editgame, delete, add, search) and the
render SELECTs now use db.php helpers with bound params. Removes SQL injection
via playerid/missionid/callsign/newtype/newmap/buildmissions.
- Delete routes through new pqs_remove_player() (shared lock + transaction,
resyncs numplayers from real occupancy instead of a raw numplayers-1).
- Drop a stray buggy line ($callsign from an undefined $line) and guard
$_SERVER['SERVER_ADDR']. build now sets nummercs=0 (strict-mode safe).
Verified on the stack: build/edit/delete/editgame/lock/search all work; delete
resyncs numplayers; no errors.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Completes the overfill-race fix (item #1). New queue.php functions, all under
the same GET_LOCK + transaction and self-healing numplayers:
- pqs_add_player_to_mission (staff 'new' -> registration.php)
- pqs_add_player_to_missions (staff 'add to N missions' -> registration.php)
- pqs_enqueue_group (kiosk group leader -> callsign.php)
- pqs_claim_group_slot (kiosk group member -> callsign.php)
callsign.php and registration.php now call these instead of their own
non-atomic read-check-insert blocks.
Verified on the local stack: scenario test (leader/member/staff paths) and
120 mixed concurrent solo+group writers x3 -> zero overfill, zero drift;
HTTP smoke of leader/member/new paths all seat correctly.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>