Well, this is your new adopt.php (make a backup of the old one first!)
PHP Code:
<?php
session_start(); // This is important!
// **********************************************************************
// Mysidia Adoptables Script: adopt.php
// Copyright 2011 Mysidia Adoptables staff team
// For help and support: http://www.mysidiaadoptables.com/forum/
//
// Redistribution prohibited without written permission
// **********************************************************************
// Wake the sleeping giant
// **********************************************************************
// Basic Configuration Info
// **********************************************************************
include("inc/functions.php");
include("inc/config.php");
include("lang/lang.php");
$themeurl = grabanysetting("themeurl");
// **********************************************************************
// Define our top links by calling getlinks()
// **********************************************************************
$links = getlinks();
// **********************************************************************
// Define our ads by calling getads()
// **********************************************************************
$ads = getads("any");
// **********************************************************************
// Grab any settings that we will need for the current page from the DB
// **********************************************************************
$browsertitle = grabanysetting("browsertitle");
$sitename = grabanysetting("sitename");
$slogan = grabanysetting("slogan");
// **********************************************************************
// Check and see if the user is logged in to the site
// **********************************************************************
$loginstatus = logincheck();
$isloggedin = $loginstatus[loginstatus];
$loggedinname = $loginstatus[username];
// **********************************************************************
// End Prepwork - Output the page to the user
// This page sets up the new adoptions and then forwards the user to
// a secondary page for adoptables processing.....
// **********************************************************************
$id = $_GET["id"];
$id = preg_replace("/[^a-zA-Z0-9s]/", "", $id);
$id = secure($id);
$promocode = $_GET["promocode"];
$promocode = preg_replace("/[^a-zA-Z0-9\\040.]/", "", $promocode);
$promocode = secure($promocode);
// Here we check if we have an ID that has been submitted or no
if($id == "" or !is_numeric($id)){
// We did not enter in an id, or it is not a number
// Show the available adoptables to the user...
$article_title = $showingtitle;
$article_content = $showing;
// If we are a guest, show a message that lets them know that they cannot adopt...
if($isloggedin != "yes"){
$article_content = $article_content."".$showingguest;
}
// Begin the output of all the adoptables to the user...
$query = "SELECT * FROM ".$prefix."adoptables WHERE whenisavail = 'always' ORDER BY RAND() LIMIT 1"; // Only shows 1 random adoptables
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < $num) {
$aid=@mysql_result($result,$i,"id"); //The adoptable's ID
$type=@mysql_result($result,$i,"type");
$description=@mysql_result($result,$i,"description");
$eggimage=@mysql_result($result,$i,"eggimage");
$_SESSION['id'] = $aid; // This is what we use to transfer the aid value
// Call a function to check if we have the proper privledge level to adopt this pet
// This function checks all of the little conditions and makes sure they are present
// If they are not present, the adoptable is not shown here, as that would be cruel.
// We call the function with the showing flag to not deny the showing if the user is a guest.
if($promocode == ""){
$promocode = "none";
}
$canadopt = canadopt($aid, "showing", $promocode); // Feed an adoptable ID and showing, to show the adopt to guests...
if($canadopt == "yes"){
//If we can adopt the adoptable, show the image and adoption link...
if($isloggedin == "yes"){
$article_content = $article_content."<br><img src='".$eggimage."' border='0'><br>
<form name='form1' method='get' action='doadopt.php'>
<p>Adoptable Name:
<input name='name' type='text' id='name'>
<input name='promocode' type='hidden' id='promocode' value='".$promocode."'>
</p>
<p>
<input type='submit' name='Submit' value='Adopt Me'>
</p>
</form>";
}
else{
$article_content = $article_content."<p><img src='templates/icons/no.gif' border=0> <b>".$guesterror."</b></p>";
}
}
$i++;
} // End the looping out of all adoptables...
} // This bracket ends the IF check for whether or not an ID was entered
else{
// We have specified an ID of an adoptable we wish to adopt
// Let the user name the adoptable, then forward them
// to an additional page that actually adds the adoptie
// to their account.
// Now we have to connect to the database and get information about the adoptable
$query = "SELECT * FROM ".$prefix."adoptables WHERE id='$id'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$aid=@mysql_result($result,$i,"id"); //The adoptable's ID
$type=@mysql_result($result,$i,"type");
$description=@mysql_result($result,$i,"description");
$eggimage=@mysql_result($result,$i,"eggimage");
$i++;
}
if($aid == $id){
//The adoptable exists and is valid
// Make sure again that we can adopt this adoptie...
$canadopt = canadopt($aid, "adopting", $promocode);
if($canadopt == "yes"){
$article_title = "Adopting ".$type;
$article_content = $langa1."".$type.$langa2;
$article_content = $article_content."<br><img src='".$eggimage."' border='0'><br>
<form name='form1' method='get' action='doadopt.php'>
<p>Adoptable Name:
<input name='name' type='text' id='name'>
<input name='id' type='hidden' id='id' value='".$id."'>
<input name='promocode' type='hidden' id='promocode' value='".$promocode."'>
</p>
<p>
<input type='submit' name='Submit' value='Adopt Me'>
</p>
</form>";
}
else{
$article_title = $accden;
$article_content = $adoptnoper;
} // End Can Adopt ELSE
}
else{
//The adoptable does not exist, nothing we can do...
$article_title = $err_idnoexist;
$article_content = $err_idnoexist_text;
} // End adoptable does not exist ELSE
} // This bracket ends the else statements for whether or not an ID was entered
// **********************************************************************
// Begin Template Definition
// **********************************************************************
//Define our current theme
$file = $themeurl;
// Do the template changes and echo the ready template
$template = file_get_contents($file);
$template = replace(':ARTICLETITLE:',$article_title,$template);
$template = replace(':ARTICLECONTENT:',$article_content,$template);
$template = replace(':ARTICLEDATE:',$article_date,$template);
$template = replace(':BROWSERTITLE:',$browsertitle,$template);
$template = replace(':SITENAME:',$sitename,$template);
//Define our links
$template = replace(':LINKSBAR:',$links,$template);
//Get the content for the side bar...
$sidebar = getsidebar();
$template = replace(':SIDEFEED:',$sidebar,$template);
//Get the ad content...
$template = replace(':ADS:',$ads,$template);
//Get the slogan info
$template = replace(':SLOGAN:',$slogan,$template);
echo $template;
// **********************************************************************
// End Template Definition
// **********************************************************************
?>
Unfortunately, to prevent the breaking of adoption using promo code I have to leave a security hole in the script. The user will still be able to type in the URL manually (domain.com/adopt.php?id=xx) to adopt the pet they want. I think I can fix this but my hosting server is down right now. In the meantime, post your doadopt.php here