tip for real 1

I just spent an hour properly setting variable(s).

Spoiler?

JS injection isn't the only thing you need to do to finish this mission and don't bother typing any values into the login form.

ummmm…. I know I'm not a great hacker myself, but I've gotten a ways through real 1, and haven't yet injected any javascript. Maybe you're making this too complicated.

I don't know what you did, but once I logged in, I found I couldn't follow the link to the logs. However, all the other links link to home.php, or toys.php, or something along those lines. I've gotten to the logs at logs.php. Now I don't know what to do with them. It lists a file named JohnDoe.txt, but I can't find the file itself. Ideas?

Nope, your not following it correctly, your trying to log on as admin and change the prices yes. So changing the url to get to the logs file, you do that to find the admins user. Now all you need to look for is his password and think where you may have seen it. Remember seeing that picture on the front page, take a closer look, as thats what im doing right now.