At first, I was asked to create a very basic login from defined passwords - so I made a txt file of mock 9 digit alphanumeric codes, and it would take you to a page if the code you entered matched one of the 72 that I was given.

Now they want something far more complex - one of 2 scenarios - a logged in user can only try once per day - then they are redirected to a page that will randomly tell them if they have won or not - and what they've won. That prize - let's say there are 50 prizes - has to then be removed from the listing of available random prizes.

The other scenario is that we generate 500,000 (yes, 500,000) unique numbers to appear on a scratch card, then the user enters that unique number to see if they've (randomly again) won one of the 50 prizes. In this scenario, they don't need the 24 hour login limitation, since they will have to have a new PIN code to enter to play.

I am concerned about how to first of all deny access for 24 hours (or the next calendar day is more accurate - not necessarily 24 hours) per login per user, plus then the logistics of having a random prize page (or 'sorry you lose' page) and removing any winning prize pages from the pool - plus managing 500,000 potential PIN numbers. There will be nowhere near that many played, so the odds of winning should be high.

Not even sure where to begin an approach to this, or what a better solution would be.

They (the client) are trying to limit fraudulent repeat play, and still have random prizing.

I think the better solution might be to have a "once per day" login, and just the random prize page - but even that is a bit tricky for me to get my head around. Not a total newbie, but I am responsible for all things PHP, HTML, flash, Illustrator, photoshop, MS office, etc., so I don't touch PHP every day, and a bit of advice would be greatly appreciated.

Thanks,

Mike