Page 1 of 1

treasure hunt

Posted: Sat May 21, 2005 4:41 am
by checksum
I am trying to create a treasure hunt for a clients website - the visitors are given the URL of the login page and some clues to guess the username and password required to login and unlock the treasure.

The successful user logs in and is presented with instructions on how to claim their prize. Subsequent visitors are directed to a page informing them that they didn't quite make it on time.

The way I'm thinking of doing this relies on logging the IP of the first user to correctly input the username and password (the one and only winner). Their IP is written to a text file.

The treasure page then compares user IP with the first IP in the text file - if they match - user can proceed to collect the bounty - if not they are sent to a page informing them they arrived to late and have not won.

This is what I have written so far:

Code: Select all

<form name=&quote;form&quote; method=&quote;post&quote; action=&quote;login.php&quote;>
	<ul>
		<li>User: <input type=&quote;text&quote; size=&quote;20&quote; name=&quote;user&quote;></li>
		<li>Pass  <input type=&quote;password&quote; size=&quote;20&quote; name=&quote;pass&quote;></li>
		<li><input type=&quote;submit&quote; value=&quote;Login&quote;></li>
	</ul>
 </form>

Code: Select all

<?php

$usercorrect=blah; 
$passcorrect=blah; 

 if ($user==$usercorrect && $pass==$passcorrect) {

$log_file = &quote;ip.txt&quote;; 
$ip = getenv('REMOTE_ADDR'); 
$fp = fopen(&quote;$log_file&quote;, &quote;a&quote;);
fputs($fp, &quote;$ip&quote;);
flock($fp, 3); 
fclose($fp);

	 $goforth = &quote;location: treasure.php&quote;;  // login correct - go forth and rejoice in thy treasure
	 header($goforth);
 } elseif ($user!=$usercorrect || $pass!=$passcorrect) {
     header(&quote;location: try_again.php&quote;); // login incorrect - access denied
 } else {
     break;
 }
?>
I only want one IP to be written to the file ip.txt - is this possible?

Code: Select all

<?php 

$ip = getenv('REMOTE_ADDR'); 

$winner = fopen the file ip.txt and parse the ip address - any pointers?

if ($ip!=$winner) {
	header(&quote;location: oh_well.php&quote;); // user re-directed and informed that they have lost 
	elseif ($ip==$winner) {

<html>
I'm faltering a bit now.

Does this interest anyone? :P

JCART | PLEASE USE

Code: Select all

TAGS AND REVIEW   [url=http://forums.devnetwork.net/viewtopic.php?t=21171]POSTING CODE IN THE FORUMS[/url][/color]

Posted: Sat May 21, 2005 7:41 am
by phpScott
if you do a search on this site you will quickly realize the using ip address's is not the most realable way of tracking the user.

Posted: Sat May 21, 2005 1:03 pm
by method_man
how else would you track the user?

Posted: Sat May 21, 2005 1:06 pm
by Roja
method_man wrote:how else would you track the user?
In this case, the better solution would be to set a cookie on the "winner"'s computer, and simply check for that cookie when they login to get their "prize".

Posted: Sat May 21, 2005 2:11 pm
by AGISB
I would do it this way.

1. Give hint
2. login
3. if successfull display the bounty page including a secret token or forward them to a form they can put their details in. Then update a database that the bounty was gotten. If the next logs in the database has a entry and the user is displayed with the too late message.

This way you could program multiple hints and release one e.g. each day

Posted: Sat May 21, 2005 4:26 pm
by method_man
I like AGISB's idea :D