Need a little PHP help

It worked! :D I think it is cuz I put a ; after my if and you didn’t. Thanks :)

You never put a ; behind the if :) also you don’t put it behind a loop (except for do-while)

And btw. you might want to change the password ;) But at least you are saving the IP..

$password = $_POST;
That line saves the entire $_POST array (http://php.net/manual/en/reserved.variables.post.php) to the variable password, making the password variable look something like this;
array (size=1) 'password' => string 'hello' (length=5)
Note that the variable is an array, and not a string. That means that the comparison you are doing later should never be true, as an array isn’t a string. However, the “==” operator in PHP will try to convert types around which could mean you get some weird behaviour, and especially when dealing with passwords it’s better to use the “===” operator to force types to be equal as well. (see http://www.php.net/manual/en/language.operators.comparison.php).

Also make sure you kill the script by using die(); after a header redirect, as the header call itself doesn’t prevent the script from continue running.

Doing all those things you’ll end up with something like this;
`“<?php
$password = ”;
$logFile = “../logs/index.html”;

if(isset($_POST['password'])){  
    $password = $_POST['password'];  

}

if ($password === “rolex050660”){
fopen($logFile, ‘r’);
} else {
header(“Location: error.html”);
die();
}
?>```

Ok, I’ll do that, and thanks for pointing out the XSS vulnerability. :) Can someone tell me how to encrypt it or something so that does not happen?

And btw, the password is still the same but i will change it once I am all set with fixing the XSS (Just incase anyone want’s to test it) but do you think if I hadn’t posted anything here about /admin or /logs or rolex050660 you would have gotten in?

Sorry about all these posts in a row but one last thing, how can I change the time() so it shows like “2/16/2013 at 12:20pm”?

What i posted has nothing to do with XSS.

If you hadn’t posted the password, one could have tried brute-forcing it. but since it is an 11 characters lenght password with lower-case letters and numbers (that is about 132000000000000000 combinations) it would have taken quite a while…

For formatted time, use Date.

Thanks, and I know what you posted had nothing to do with XSS, someone else did point out the vulnerability though. and I did the die() and the if isset() you mentioned, I will apply the date() as soon as I get home. but also how can I encrypt the data to protect the HTML log files from XSS?