1) You could add an if condition to show the message:
<?php if(isset($_SESSION['PromoCode']) && isset($_SESSION['realCode']) && ($_SESSION['PromoCode'] != $_SESSION['realCode']) || date("m/d/Y") > "4/12/2012") { ?>
the promo code entered did not match
<?php } ?>
2) use an htaccess rule to force the site to use the secure server for all pages to prevent transfer problems:
force-ssl-htaccess.html