Need web application checked for errors

My web application is used to reserve cabins on a ship. Similar to reserving seats at a concert. If a cabin is available you can click on it to reserve it. Cabins that are already sold are disabled - not available to click on. In addition, I have affiliates (resellers) selling cabins also. Each affiliate gets an inventory of cabins that only they can sell. In other words, if affiliate A has cabins 1, 2, 3 and 4;and affiliate B has cabins 5, 6, 7 and 8, affiliate A cannot sell cabins 5, 6, 7, 8. Those cabins would appear disabled to affiliate Bs [login to view URL] if a customer comes from affiliate A's link they can only click on cabins 1, 2, 3 or 4. If they come from affiliate B's link, they can only click on cabins 5, 6, 7 or 8. Etc. I have a problem where sometimes customers from affiliate A can click on reseller B's links and vice versa. This only happens occasionally and I cannot figure out why it is happening, but that is this project - to find the weakness in the application. We are using the following technologies: 1) Uses Flash actionscript to display the cabins 2) XML to pass some data about the cabins 3) PHP & MySQL to store data on which cabions are assigned to which resellers, which cabins are already sold and to capture registrations Click the following links and note that each of the resellers has different cabin inventory. <[login to view URL]> <[login to view URL]> <[login to view URL]> <[login to view URL]> In addition to agreed wage, the winning bidder will receive a $200 bonus if no errors occur for 2 months. Bidders with expert guarantee will get top priority. The winning bidder will have access to the programmer if needed. ## Deliverables * * *This broadcast message was sent to all bidders on Saturday Oct 8, 2011 12:59:38 PM: Just to clarify, we put in a message in case someone changes the affiliate ID in the URL during the booking process: "There has been an error processing your request.. Please contact our webmaster at greatsupport thresholdcomputer com or PHONE Number" but as you see you cannot go further and regester under those circumstances. So that is not the problem. Then problem allows someone to completely register under the wrong affiliateID.