Well, you gotta differentiate the users, staff and the creator should be able to see the password, users should see an input box and the text.
You should create a basic html forum which allows users to create the raffle. For safety reasons I'd suggest you encrypt (you are able to decrypt the password again) or hash (you aren't able to decrypt the password, to compare the user's answer you have to hash that as well) the password.
Then you have to create a raffle page on which the normal users can see the puzzle and an input box and the staff/creator can see the password.
You can then add optional stuff like brute-force protection by limiting the amount of requests a user can make per minute.