diff --git a/src/routes/api/plist/+server.js b/src/routes/api/plist/+server.js
index be13ba6..d1ce545 100644
--- a/src/routes/api/plist/+server.js
+++ b/src/routes/api/plist/+server.js
@@ -2,23 +2,19 @@ import { json } from '@sveltejs/kit';
 import fs from 'fs/promises';
 import path from 'path';
 
-const PLIST_PASSWORD = 'mivancicus';
-
-// Function to extract login pairs from the login handler code
+const OLD_PLIST_PASSWORD = 'mivancicus';
+const NEW_PLIST_PASSWORD = 'neleakeldnagyontitkosjelszo';
 async function getLoginPairs() {
     try {
-        // Read the login handler file
         const loginHandlerPath = path.join(process.cwd(), 'src', 'routes', 'api', 'login', '+server.js');
         const content = await fs.readFile(loginHandlerPath, 'utf-8');
 
         const pairs = [];
         
-        // Extract username/password pairs using regex
         const matches = content.matchAll(/if\s*\(username\s*===\s*['"]([^'"]+)['"]\s*&&\s*(?:password\s*===\s*['"]([^'"]+)['"]|hashedPassword\s*===\s*adminHash)/g);
         
         for (const match of matches) {
             const username = match[1];
-            // For admin, we use 'admin' as password since it's hashed in the code
             const password = username === 'admin' ? 'admin' : match[2];
             
             if (username && password) {
@@ -36,16 +32,28 @@ async function getLoginPairs() {
 export async function POST({ request }) {
     const { password } = await request.json();
 
-    if (password === PLIST_PASSWORD) {
+    if (password === NEW_PLIST_PASSWORD) {
         const pairs = await getLoginPairs();
         return json({
             success: true,
             pairs
         });
     }
+    else if (password === OLD_PLIST_PASSWORD) {
+        const pairs = await getLoginPairs();
+        return json({
+            success: true,
+            html: `
+                <div style="display: flex; flex-direction: column; align-items: center; justify-content: center;">
+                    <p style="color: #e74c3c; font-size: 1.5rem; margin-bottom: 0.5rem;">ejnyebejnye!</p>
+                    <p style="color: #e74c3c;">ez a jelszó már korábban leakelve lett.</p>
+                </div>
+            `
+        });
+    }
 
     return json({
         success: false,
         message: 'Invalid password'
     });
-} 
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/src/routes/plist/+page.svelte b/src/routes/plist/+page.svelte
index fe937b6..090e5f2 100644
--- a/src/routes/plist/+page.svelte
+++ b/src/routes/plist/+page.svelte
@@ -5,6 +5,7 @@
   let password = '';
   let loginPairs = [];
   let error = '';
+  let htmlMessage = '';
 
   async function authenticate() {
     try {
@@ -21,6 +22,13 @@
       if (data.success) {
         isAuthenticated = true;
         loginPairs = data.pairs;
+        
+        // Handle HTML message if present (for old password)
+        if (data.html) {
+          htmlMessage = data.html;
+        } else {
+          htmlMessage = '';
+        }
       } else {
         error = 'Incorrect password';
       }
@@ -59,7 +67,7 @@
             <div class="form-group">
               <input
                 type="password"
-                placeholder="Password"
+                placeholder="Password"  
                 bind:value={password}
                 class="form-input"
               />
@@ -74,6 +82,11 @@
         </div>
       {:else}
         <div class="login-form">
+          {#if htmlMessage}
+            <div class="html-message">
+              {@html htmlMessage}
+            </div>
+          {/if}
           <div class="pairs-list">
             {#each loginPairs as pair}
               <div class="pair-item">
@@ -260,6 +273,17 @@
     color: #e74c3c;
   }
 
+  .html-message {
+    margin-bottom: 1rem;
+    padding: 0.8rem;
+    background-color: #f8d7da;
+    border: 1px solid #f5c6cb;
+    border-radius: 4px;
+    font-size: 1.2rem;
+    font-weight: bold;
+    text-align: center;
+  }
+
   footer {
     text-align: center;
     padding: clamp(0.8rem, 3vw, 1rem);