I don't think there's a way to exploit this code in this example.
Anyway I think you have to be aware that it's is to make it exploitable by possibility of type juggling (usually cast to integer 0
).
That's why I suggest you to use strict mode of in_array
like
in_array($_COOKIE['pr'],$planes, true); //third parameter enforces type checking