Is this secure?

[Sparticuz]

I'm writing a simple password protected file. The catch is that I only want one php file and I wanted to know if this is secure. If $thepassword is commented out it should skip the password and go straight to the content. Would it be better to somehow encrypt the password using md5?

 

$thepassword = "pwgoeshere";

if(!$password && $thepassword != null){
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
echo "<head><title>Please enter your password</title>\n";
echo "<link href=\"$css\" rel=\"stylesheet\" type=\"text/css\" />\n";
echo "</head>\n<body>\n";
echo "<form method=\"post\" id=\"pwform\" action=\"".$_SERVER["PHP_SELF"]."\">\n";
echo "<p><input type=\"password\" name=\"password\" id=\"password\" /></p></form>\n";
echo "</body></html>";

die();
}

if($password == $thepassword || $thepassword == null) {

Secure content

} else {
//The wrong password was entered or something wrong happened.
//This will forward you back to the password entry page.
header("Location: ".$_SERVER['PHP_SELF']."");
}

[Crew-Portal]

I am sorry but I am not sure why there is no database? Are you making a login scrippt using fopen and fclose fread fwrite and all that other stuff?

[Sparticuz]

No database, just this one file. Basically I want it to show the content only if the password I define is input into the form from the first if statement.

[Crew-Portal]

It looks secure egnouph and you cant do SQL injection on it! Thats always a positive! Great script! Personally i would'nt use it unless I uploaded the password into mysql, just cause I like complicated scripts! lol