[...] // Handle the key validation when it's needed. if($keyneeded) { $key = $_GET['key']; if(is_array($key)) { die("Array trick is mitigated ;)"); } if(isset($key) && strlen($key) == '47') { $hashedkey = hash('sha256', $key); $secret = "5ccd0dbdeefbee078b88a6e52db8c1caa8dd8315f227fe1e6aee6bcb6db63656"; if(strcmp($hashedkey, $secret) == 0) { $secretok = true; } else { die("Sorry... Authentication failed. Key was invalid."); } } else { die("Authentication invalid. You might need a key."); } } // Just to make sure the above key check was passed. if(!$secretok) { die("Something went wrong with the authentication process"); }