I'm designing a simple MMORPG using HTML5 canvas, JS, and PHP via AJAX. I've got a simple demo working where a user can log in, and is taken to a page where they can choose a world from a dropdown.
However, I now face a security issue: I need to be able to tell PHP via JS which world to change to, but I don't want the user to be able to change this themselves.
I have a dropdown of worlds available to the user, but don't want them to be able to change to any world they feel like via very simple client-side hacking. ie: Changing the tag's value via Chrome's right-click -> inspect element.
I know the solution would be to make everything server-side, but then how do I pass (from JS to PHP) which world the user has selected to change to?
(Apologies if this was poorly written, and many thanks in advanced)