diff --git a/Client/index.html b/Client/index.html
index 975e2de..54502b8 100644
--- a/Client/index.html
+++ b/Client/index.html
@@ -89,7 +89,7 @@ changes visibility with JS-->
             <div class="item">
                 <h2>Admin Password:</h2>
                 <p class="italic">Enter to use admin restricted functions</p>
-                <input placeholder="Wordpass12" type="password" title="Admin password box" id="adminpasswordbox"> 
+                <input placeholder="Wordpass12" type="password" title="Admin password box" id="adminpasswordbox" enterkeyhint="done"> 
             </div>
             <div class=item>
                 <h2>Fine action control:</h2>
diff --git a/Client/scripts.js b/Client/scripts.js
index e3f4e07..ba710ba 100644
--- a/Client/scripts.js
+++ b/Client/scripts.js
@@ -8,13 +8,17 @@ const VALID_FILE_EXT = ["mp3","flac","wav"];
 const params = new URLSearchParams(location.search);
 
 let darkmodetemp = getCookie("darkmode");
-darkmodetemp = params.get("darkmode")
 if(darkmodetemp === "") {
+    darkmodetemp = params.get("darkmode")
 }
 if (darkmodetemp === "true") {
     // i know this is gonna cause weird blinking
     // maybe the dark mode function should be loaded before any content, would that work?
     // NEW JS FILE ????? exciting stuff
+    // im thinking a few new js files
+    // you know like good design separating stuff
+    // yeah but i need the getCookie function in both the darkmode.js and this one, so im gonna make a 
+    // getcookie.js
     toggleDark("None");
 }
 
diff --git a/readme.md b/readme.md
index 76a6477..e1a753f 100644
--- a/readme.md
+++ b/readme.md
@@ -92,4 +92,14 @@ From left to right:
  - QR Code Generator: JS file found [here](https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js)
  - Cookie Popup: JS file found [here](https://cookieconsent.popupsmart.com/src/js/popper.js)
 
-*See `LICENSE.md` for redistribution and editing details.*
\ No newline at end of file
+*See `LICENSE.md` for redistribution and editing details.*
+
+### A quick note on the password feature
+
+The exact process of the password's plaintext scope is as follows
+
+- On the server, you type in the password on the server in the console, the python script takes that plaintext, hashes it, then stores that hash as a variable. The plaintext is also technically a variable, but it's not accessed after that initial hashing. (It's also going to be visible in your console history)
+
+- On the client, you type in the password and press enter. A function reads the value of the password box, saves the hash of that password to a variable, and sends it with all your requests. The plaintext is still stored in the inputbox, but if you delete it and don't press enter on the box again, the hash will be stored without keeping the plaintext. (I may change this behaviour so this box auto-clears when enter is pressed, maybe)
+
+None of this is "secure", but it's better than sending plaintext passwords, which is what I was doing before. Hypothetically somebody who intercepted your packet where you sent the password can't get back the original plaintext, just the hash. 
\ No newline at end of file