Sorry if this has been asked before
but, I'd like to know how to make the adoption page looks like virtuadopt.com (http://virtuadopt.com/adopt.php) where the users don't know what they are adopting untill the eggs are hatched

My adopt.php page fetch a random adoptables from database and everything seems to be working fine since I remove any info about the adoptables from the adopt.php page

but recently one of the users knows how to work around this random adoption thing

he type in URL to directly access the adoption page for an adoptable like
http://www.domain.com/adopt.php?id=X
and then adopt the adoptable he wants!

So does anyone know how to make the adoption page like virtuadopt?

With some modification you could change your adopt.php page to use POST instead of GET, so that users would have to click a form button to adopt the pet and then the adoptable ID would not be passed via the browser's address bar.

How much PHP do you know?

Wouldn't they still be able to use firebug or something to change it?
Perhaps getting a random number and selecting that from the db? You'd have to make it exclude certain retired / deleted pets, but it could work.

With some modification you could change your adopt.php page to use POST instead of GET, so that users would have to click a form button to adopt the pet and then the adoptable ID would not be passed via the browser's address bar.

How much PHP do you know?

I'm still new to PHP, so I don't know much about it

Wouldn't they still be able to use firebug or something to change it?
Perhaps getting a random number and selecting that from the db? You'd have to make it exclude certain retired / deleted pets, but it could work.

Yeah, and I think you could do the same with Tamper Data too!
the method you suggested seems to be really good, but it also seems kinda complicated

EDIT: tried to do what brandon said, but no luck. When the users clicked the button, it only refresh the page

BUMP!

does anyone can help me..?

My method isn't complicated, it'd just require work. I'm sure you'll figure it out in no time. Simple select from the database with ORDER BY RAND() and then get the first adoptable kind and give them that adoptable. Easy enough. :D

you mean like this?


SELECT * FROM ".$prefix."adoptables WHERE whenisavail='always' ORDER BY RAND() LIMIT 1

Yup. :)

Well unfortunately that still doesn't fix my problem which is how to make sure that the user can't cheat his way to adopt any adoptables he wants...

That would solve your problem, I don't see why it wouldn't. You either do it that way - generate the adoptable upon adopting, this eliminating the need to have ids in the url - or you let him cheat his way there. Your choice.

Just out of curiosity, how would someone use Firebug or similar to get around the 'post' method? I played around with a copy of my adopt/doadopt and changed it from 'get' to 'post', then used the Web Developer add on in Firefox to change the method from 'post' to 'get' in my browser, and even though it does show you the adoptable id, it wouldn't let me do anything with it, if I tried to run it through the regular URL with the id included, the adoptables script wouldn't let me, it just loaded the adopts page over again. I tried the same thing with the doadopt page to see if it would let me do it that way, but it just came up with the invalid id message.

It's easy enough - you don't get around the method, you get around the hidden variables.
<input type='hidden' name='petid' value='2' />
In firebug, just change the value and you're set. You can't change it from post to get, but you can change the values. :?

Ah right yes, you can do that in the Web Developer add on too. Sneaky!

Still, I do like this post version I must say.

That would solve your problem, I don't see why it wouldn't. You either do it that way - generate the adoptable upon adopting, this eliminating the need to have ids in the url - or you let him cheat his way there. Your choice.

actually I already use that query from the first place but the user still able to enter the url manually in the address bar to adopt the pet he wants :(

my problem now is how to change the method from GET to POST just like what brandon said

any idea?

We changed the system at mystic grove to include a random code each time a new [pet is made.. then the code is called not the id number.. stopped our problem

EDIT: nevermind...I managed to do what brandon said
this thread can be closed now