Ideas on validating a word submitted against a list of predetermined words?

[tribol]

I have a situation where I need to put a textbox and a submit button on a page. The user is logged in. The script needs to check against a list of words to make sure the word the user entered is correct and if so submit their information(ie:name, email, time, date, word entered to a database table. The part i'm having trouble with is figuring out how to make it check against a specific set of words.

 

<p><strong>Enter Word</strong></p>
			<form action="/paradisepassword.php" method="post">
			<input type="hidden" name="action" value="password2paradise" />
                <table cellpadding="5px">
				<tr>
					<td style="padding:3px;"><label for="password2paradise">Enter here::</label></td>
					<td style="padding:3px;"><input name="password2paradise" type="password2paradise" id="password2paradise" value="" maxlength="30" tabindex="5" /></td>
	</tr>
                    <tr>
			<td style="padding:3px;"> </td>
			<td style="padding:3px;"><input name="submit" type="submit" value="Submit Password" tabindex="7" class="generalButton" /></td>
		</tr>
                 </table>
              	</form>

 

and the php file to process it:

 

<?php
include_once($_SERVER['DOCUMENT_ROOT']."/_core/config.php");
include_once($_SERVER['DOCUMENT_ROOT']."/_core/db-connect.php");
include_once($_SERVER['DOCUMENT_ROOT']."/_core/functions.php");
include_once($_SERVER['DOCUMENT_ROOT']."/_core/user-cookies.php"); 

/////////////////////////////////////////////////////////////////////////////

//function submitParadisePassword($intContestantID, $intDateSent, $intParadisePassword, $strType){

$paradise_password = paradisePassword("password1", "password2", "password3", "password4", "password5", "password6", "password7", "password8", "password9", "password10");

if (!$paradise_password == paradisePassword); {

	// success!
	$query_insert="INSERT INTO ".DB_DATABASE.".paradisepassword_2010
	(
	accountID,
	nickname,
	firstName,
	lastName,
	email,
	paradisePassword,
	sentFromUrl,
	dateSent,
	dateSentTimestamp,
	ipAddress
	)
	VALUES
	(
	'".mysql_real_escape_string($_POST['accountID'])."',
	'".mysql_real_escape_string($_POST['nickname'])."',
	'".mysql_real_escape_string($_POST['firstName'])."',
	'".mysql_real_escape_string($_POST['lastName'])."',
	'".mysql_real_escape_string($_POST['email'])."',
	'".mysql_real_escape_string($_POST['paradisePassword'])."',
	'".mysql_real_escape_string($_POST['sentFromUrl'])."',
	'".date("Y-m-d")."',
	'".time()."',
	'".$_SERVER['REMOTE_ADDR']."'
	)		
	";
	mysql_query($query_insert);

	header("Location: ".$_POST['sentFromUrl']."?p2p=success");

} else {

	header("Location: ".$_POST['sentFromUrl']."?p2p=fail");
}
//}

?>

 

what am i missing?

 

[sasa]

look in_array($needle, $haystackarray); function

[Namtip]

You could use the preg_match function (I think it's the best way of validating form information because its versatility). You just need to understand regular expressions. Do you mind me asking why you want to check for specific words?

[tribol]

Not at all, it's for a contest. People have to find a word in a random place and type it into the textbox on their dashboard on their account page. If it's the right word they get entered into a contest to win a trip.

[tribol]

So here is the most recent, it's submitting some info to the db table but not yet grabbing the users cookie to fill in the rest of the information. The other thing is that when it does it submits the password twice and then puts another 40 records in the db without the word? So it's looping like mad (i guess) and still can't grab the users info out of the cookie? (DW shows me an error in the code when I uncomment //if ($validUser==1($_COOKIE['account_id']))

 

<?php
include_once($_SERVER['DOCUMENT_ROOT']."/_core/config.php");
include_once($_SERVER['DOCUMENT_ROOT']."/_core/db-connect.php");
include_once($_SERVER['DOCUMENT_ROOT']."/_core/functions.php");
include_once($_SERVER['DOCUMENT_ROOT']."/_core/user-cookies.php"); 

/////////////////////////////////////////////////////////////////////////////

//if ($validUser==1($_COOKIE['account_id']))

//function submitParadisePassword($intContestantID, $intVoterID, $strType){


$p2p = array("Password1", "password1");


if (in_array("Password1", $p2p)) {
    // success!
	$query_insert="INSERT INTO ".DB_DATABASE.".paradise_password_2010
	(
	accountID,
	nickname,
	firstName,
	lastName,
	email,
	paradisePassword,
	sentFromUrl,
	dateSent,
	dateSentTimestamp,
	ipAddress
	)
	VALUES
	(
	'".mysql_real_escape_string($_POST['accountID'])."',
	'".mysql_real_escape_string($_POST['nickname'])."',
	'".mysql_real_escape_string($_POST['firstName'])."',
	'".mysql_real_escape_string($_POST['lastName'])."',
	'".mysql_real_escape_string($_POST['email'])."',
	'".mysql_real_escape_string($_POST['paradisePassword'])."',
	'".mysql_real_escape_string($_POST['sentFromUrl'])."',
	'".date("Y-m-d")."',
	'".time()."',
	'".$_SERVER['REMOTE_ADDR']."'
	)		
	";
	mysql_query($query_insert);

	header("Location: ".$_POST['sentFromUrl']."?p2p=success");

} else {

	header("Location: ".$_POST['sentFromUrl']."?p2p=fail");
}


if (in_array("password1", $p2p)) {

    // success!
	$query_insert="INSERT INTO ".DB_DATABASE.".paradise_password_2010
	(
	accountID,
	nickname,
	firstName,
	lastName,
	email,
	paradisePassword,
	sentFromUrl,
	dateSent,
	dateSentTimestamp,
	ipAddress
	)
	VALUES
	(
	'".mysql_real_escape_string($_POST['accountID'])."',
	'".mysql_real_escape_string($_POST['nickname'])."',
	'".mysql_real_escape_string($_POST['firstName'])."',
	'".mysql_real_escape_string($_POST['lastName'])."',
	'".mysql_real_escape_string($_POST['email'])."',
	'".mysql_real_escape_string($_POST['paradisePassword'])."',
	'".mysql_real_escape_string($_POST['sentFromUrl'])."',
	'".date("Y-m-d")."',
	'".time()."',
	'".$_SERVER['REMOTE_ADDR']."'
	)		
	";
	mysql_query($query_insert);

	header("Location: ".$_POST['sentFromUrl']."?p2p=success");

} else {

	header("Location: ".$_POST['sentFromUrl']."?p2p=fail");
}

//}
?>

 

[Pikachu2000]

If the cookie is set by one of the included files (user_cookies.php, perhaps?), its value isn't available to the script. Cookie values aren't available until the next page load.

 

EDIT: What it this supposed to do? if ($validUser==1($_COOKIE['account_id'] )) The syntax is off.

[tribol]

The cookie is set when the user logs into the site using user-cookies.php

 

The second line is supposed to validate that the user is actually a verified user so that it can pull their account details for when they get to the dashboard.

 

arghh.. wish i knew more, i'm one of two developers for this site but the other is in australia... he's the one that put it together

[Namtip]

This is probably off topic now As you seem to have problems with inserting the information from a cookie into your database. Whereas I thought you wanted to know how to check that a word from a form is you competition winning word. I knocked up some code to help you with that.

 

but check out this tutorial

http://www.webcheatsheet.com/php/regular_expressions.php

 

winner.php

<?php
if (isset($_POST['submit']))
{ 

if(  preg_match('/^magicword$/',$_POST['word'])){
echo 'success!';
//put the code you use to insert you data here.
}

else{
echo 'failed!';
}
}
?>


<html>
  <form action="winner.php" method="post">
   <table>
    <tr>
     <td><label for="word">Special competition word:</label></td>
     <td><input type="text" name="word" id="word" size="100"
       maxlength="100" value=""/>
   </td>
     <td><input type="submit" name="submit" value="Sumbit"/></td>
</tr>
   </table>
  </form>
</html>
  

 

Maybe you should start up a new post and be a little more specific about what your problem is? I dunno I'm a newbie too