number guess form submission

[sphinx]

Hello,

 

Basically, I'm using srand to generate a number, and if the user gets a specific number, they can win by entering their details into the form.

 

However, I want to block other numbers except from (in this example) 300000. I'm using:

 

<form method="POST" id="form1" name="form1" action="send.php">
Email:<input type="text" id="name" name="email"><br />
<input type="hidden" value="<?php echo $b ?>" name="name" id="name" />
<input type="hidden" value="<? echo $random_number ?>" name="code" id="code" />
<br /><input type="submit" name="submit" value="Submit my code">
</form>

 

With:

 

<?php
session_start(); 
if($_SERVER['REQUEST_METHOD'] === 'POST'){
if(isset($_POST["code"]) && $_SESSION["code"] == $_POST["code"]) {
$blacklisted = Array("300000", "##", "##", "##", "##", "##");
$code = $_POST['code'];
if( !in_array( strtolower($code), $blacklisted ) ) {
$emailblock = '<div id="captchatext">Sorry, that number was not 300000.</div>';	
} else { 
require('send.php'); 	
}   
}}
?>

 

However, any number entered seems to require send.php.

 

Many thanks

[scootstah]

I think you got your logic flow mixed up. Remove the ! from in_array().

[sphinx]

<?php
session_start(); 
if($_SERVER['REQUEST_METHOD'] === 'POST'){
if(isset($_POST["code"]) && $_SESSION["code"] == $_POST["code"]) {
$blacklisted = Array("796574", "7", "2", "3", "4", "5");
$code = $_POST['code'];
if( in_array( strtolower($code), $blacklisted ) ) {
$emailblock = '<div id="captchatext">Sorry, that number was not 300000.</div>';	
} else { 
require('send.php'); 	
}   
}}
?>

 

Still getting through - thanks for assistance.

[scootstah]

With this code I get "incorrect" - is that not what you wanted?

$blacklisted = Array("796574", "7", "2", "3", "4", "5");
//$code = $_POST['code'];
$code = 2;
if( in_array( strtolower($code), $blacklisted ) ) {
//$emailblock = '<div id="captchatext">Sorry, that number was not 300000.</div>';
echo 'incorrect';
} else { 
//require('send.php'); 
echo 'correct';
}

[sphinx]

Must be a form issue:

 

<?php
session_start(); 
if($_SERVER['REQUEST_METHOD'] === 'POST'){
if(isset($_POST["code"]) && $_SESSION["code"] == $_POST["code"]) {
$blacklisted = Array("796574", "7", "2", "3", "4", "5");
//$code = $_POST['code'];
$code = 2;
if( in_array( strtolower($code), $blacklisted ) ) {
//$emailblock = '<div id="captchatext">Sorry, that number was not 300000.</div>';
echo 'incorrect';
} else { 
//require('send.php'); 
echo 'correct';
}}}
?>

 

still goes through ;/

[scootstah]

Okay I think I know what you are trying to do. I've rewritten your script, does this do what you want?

session_start(); 

$_SESSION['code'] = 79;

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$blacklisted = array(796574, 7, 2, 3, 4, 5);

if (isset($_POST['code'])) {
	$code = $_POST['code'];

	if (!in_array($code, $blacklisted) && $_SESSION['code'] == $code) {
		echo 'correct';
	} else {
		echo 'incorrect';
	}
}
}

echo '<form action="test.php" method="post">
<input type="text" name="code" /><input type="submit" name="submit" value="submit" />
</form>';

[sphinx]

Brilliant, thanks. Do I still need that array stuff If I only need it to check one number?

 

Ta

[scootstah]

No, you can just do:

 $blacklisted = 717;
// .....
if ($code != $blacklisted && $_SESSION['code'] == $code) {

[sphinx]

Whats the difference between  $blacklisted = 717; and $_SESSION['code'] = 717;?

 

Thanks

[scootstah]

$blacklisted is number(s) that aren't allowed.

 

$_SESSION['code'] is the number you are trying to guess.

[sphinx]

Well, I want it too only allow the number 300000 does this still require both of these to be in place?

[scootstah]

Always the number 300000? That makes it substantially simpler.

if ($_SERVER['REQUEST_METHOD'] === 'POST') {		
if (isset($_POST['code'])) {
	$code = $_POST['code'];

	if ($code == 300000) {
		echo 'correct';
	} else {
		echo 'incorrect';
	}
}
}

echo '<form action="test.php" method="post">
<input type="text" name="code" /><input type="submit" name="submit" value="submit" />
</form>';

[sphinx]

Great thanks