diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..8c346de
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,6 @@
+RewriteEngine On
+
+<Files "admin.php">
+    Order Allow,Deny
+    Deny from all
+</Files> 
\ No newline at end of file
diff --git a/README b/README
index 01e661a..9ab4394 100644
--- a/README
+++ b/README
@@ -47,10 +47,17 @@ Docker установка:
 - Стиль 4chan/2ch
 - Ключ доступа для входа
 - Автообновление постов
+- Админка для управления тредами
 
 Безопасность:
 - Валидация файлов
 - Ограничение размера
 - Защита от XSS
 - Rate limiting
-- Безопасная загрузка файлов 
\ No newline at end of file
+- Безопасная загрузка файлов
+
+Админка:
+- Доступ по паролю из конфига
+- Удаление тредов
+- Просмотр статистики
+- Путь: /admin1337.php 
\ No newline at end of file
diff --git a/admin.php b/admin.php
new file mode 100644
index 0000000..9bc93eb
--- /dev/null
+++ b/admin.php
@@ -0,0 +1,420 @@
+<?php
+session_start();
+header('Content-Type: text/html; charset=utf-8');
+header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: DENY');
+header('X-XSS-Protection: 1; mode=block');
+
+$config = require 'config.php';
+
+if (isset($_GET['logout'])) {
+    unset($_SESSION['admin_authenticated']);
+    header('Location: admin.php');
+    exit;
+}
+
+if (!isset($_SESSION['admin_authenticated'])) {
+    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        $password = $_POST['password'] ?? '';
+        if ($password === $config['admin']['password']) {
+            $_SESSION['admin_authenticated'] = true;
+            header('Location: admin.php');
+            exit;
+        } else {
+            $error = 'Неверный пароль';
+        }
+    }
+    ?>
+    <!DOCTYPE html>
+    <html>
+    <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>mkach - Админка</title>
+        <style>
+            * { margin: 0; padding: 0; box-sizing: border-box; }
+            body { 
+                background: #000; 
+                color: #0f0; 
+                font-family: 'Courier New', monospace; 
+                display: flex; 
+                align-items: center; 
+                justify-content: center; 
+                min-height: 100vh;
+                font-size: 16px;
+            }
+            .container {
+                text-align: center;
+                background: rgba(0,20,0,0.8);
+                padding: 40px;
+                border: 1px solid #0f0;
+                border-radius: 5px;
+                box-shadow: 0 0 20px rgba(0,255,0,0.3);
+            }
+            h1 { margin-bottom: 30px; font-size: 2.5em; }
+            .form-group { margin-bottom: 20px; }
+            input[type="password"] {
+                background: #000;
+                border: 1px solid #0f0;
+                color: #0f0;
+                padding: 15px;
+                font-size: 18px;
+                width: 300px;
+                text-align: center;
+                font-family: 'Courier New', monospace;
+            }
+            input[type="password"]:focus {
+                outline: none;
+                box-shadow: 0 0 10px rgba(0,255,0,0.5);
+            }
+            button {
+                background: #000;
+                border: 1px solid #0f0;
+                color: #0f0;
+                padding: 15px 30px;
+                font-size: 16px;
+                cursor: pointer;
+                font-family: 'Courier New', monospace;
+                transition: all 0.3s;
+            }
+            button:hover {
+                background: #0f0;
+                color: #000;
+            }
+            .error {
+                color: #f00;
+                margin-top: 15px;
+                font-size: 14px;
+            }
+        </style>
+    </head>
+    <body>
+        <div class="container">
+            <h1>mkach - Админка</h1>
+            <form method="post">
+                <div class="form-group">
+                    <input type="password" name="password" placeholder="Введите пароль админа" required>
+                </div>
+                <button type="submit">Войти</button>
+            </form>
+            <?php if (isset($error)): ?>
+                <div class="error"><?= htmlspecialchars($error) ?></div>
+            <?php endif; ?>
+        </div>
+    </body>
+    </html>
+    <?php
+    exit;
+}
+
+try {
+    $db = new PDO(
+        "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", 
+        $config['db']['user'], 
+        $config['db']['pass']
+    );
+    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+    $db->exec('SET NAMES utf8');
+} catch (PDOException $e) {
+    die('Connection failed');
+}
+
+require_once 'logger.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_thread'])) {
+    $threadId = $_POST['delete_thread'];
+    
+    try {
+        $db->beginTransaction();
+        
+        $stmt = $db->prepare('DELETE FROM posts WHERE thread_id = ?');
+        $stmt->execute([$threadId]);
+        
+        $stmt = $db->prepare('DELETE FROM threads WHERE thread_id = ?');
+        $stmt->execute([$threadId]);
+        
+        $db->commit();
+        logAdminAction('DELETE_THREAD', "Thread ID: $threadId");
+        $success = 'Тред успешно удален';
+    } catch (PDOException $e) {
+        $db->rollBack();
+        $error = 'Ошибка при удалении треда';
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_post'])) {
+    $postId = $_POST['delete_post'];
+    
+    if (!preg_match('/^\d{6}$/', $postId)) {
+        $error = 'Неверный формат номера сообщения';
+    } else {
+        try {
+            $stmt = $db->prepare('SELECT COUNT(*) FROM posts WHERE post_id = ?');
+            $stmt->execute([$postId]);
+            $exists = $stmt->fetchColumn();
+            
+            if ($exists) {
+                $stmt = $db->prepare('DELETE FROM posts WHERE post_id = ?');
+                $stmt->execute([$postId]);
+                logAdminAction('DELETE_POST', "Post ID: $postId");
+                $success = 'Сообщение №' . $postId . ' успешно удалено';
+            } else {
+                $error = 'Сообщение №' . $postId . ' не найдено';
+            }
+        } catch (PDOException $e) {
+            $error = 'Ошибка при удалении сообщения';
+        }
+    }
+}
+
+try {
+    $stmt = $db->prepare('
+        SELECT t.*, b.name as board_name, COUNT(p.id) as post_count
+        FROM threads t 
+        JOIN boards b ON t.board_id = b.board_id
+        LEFT JOIN posts p ON t.thread_id = p.thread_id 
+        GROUP BY t.id 
+        ORDER BY t.created_at DESC
+    ');
+    $stmt->execute();
+    $threads = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    
+    $stmt = $db->prepare('
+        SELECT p.*, t.title as thread_title, b.board_id
+        FROM posts p 
+        JOIN threads t ON p.thread_id = t.thread_id 
+        JOIN boards b ON t.board_id = b.board_id
+        ORDER BY p.created_at DESC 
+        LIMIT 50
+    ');
+    $stmt->execute();
+    $recentPosts = $stmt->fetchAll(PDO::FETCH_ASSOC);
+} catch (PDOException $e) {
+    die('Database error');
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>mkach - Админка</title>
+    <style>
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        body { 
+            background: #000; 
+            color: #0f0; 
+            font-family: 'Courier New', monospace; 
+            padding: 20px;
+            font-size: 14px;
+        }
+        .container {
+            max-width: 1200px;
+            margin: 0 auto;
+        }
+        .header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-bottom: 30px;
+            padding-bottom: 20px;
+            border-bottom: 1px solid #0f0;
+        }
+        h1 { font-size: 2em; }
+        .header-buttons a {
+            color: #0f0;
+            text-decoration: none;
+            margin-left: 20px;
+            padding: 10px 15px;
+            border: 1px solid #0f0;
+            transition: all 0.3s;
+        }
+        .header-buttons a:hover {
+            background: #0f0;
+            color: #000;
+        }
+        .message {
+            padding: 15px;
+            margin-bottom: 20px;
+            border: 1px solid;
+        }
+        .success {
+            background: rgba(0,255,0,0.1);
+            border-color: #0f0;
+            color: #0f0;
+        }
+        .error {
+            background: rgba(255,0,0,0.1);
+            border-color: #f00;
+            color: #f00;
+        }
+        .threads-table {
+            width: 100%;
+            border-collapse: collapse;
+            margin-top: 20px;
+        }
+        .threads-table th,
+        .threads-table td {
+            padding: 10px;
+            text-align: left;
+            border-bottom: 1px solid #0f0;
+        }
+        .threads-table th {
+            background: rgba(0,255,0,0.1);
+            font-weight: bold;
+        }
+        .delete-btn {
+            background: #000;
+            border: 1px solid #f00;
+            color: #f00;
+            padding: 5px 10px;
+            cursor: pointer;
+            font-family: 'Courier New', monospace;
+            transition: all 0.3s;
+        }
+        .delete-btn:hover {
+            background: #f00;
+            color: #000;
+        }
+        .thread-title {
+            max-width: 300px;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+        .thread-id {
+            font-family: monospace;
+            color: #0f0;
+        }
+        .delete-post-form {
+            background: rgba(0,255,0,0.05);
+            border: 1px solid #0f0;
+            padding: 20px;
+            margin-top: 30px;
+        }
+        .delete-post-form h2 {
+            margin-bottom: 20px;
+            color: #0f0;
+        }
+        .form-row {
+            display: flex;
+            align-items: center;
+            gap: 15px;
+        }
+        .form-row label {
+            font-weight: bold;
+            min-width: 150px;
+        }
+        .form-row input[type="text"] {
+            background: #000;
+            border: 1px solid #0f0;
+            color: #0f0;
+            padding: 10px;
+            font-family: 'Courier New', monospace;
+            font-size: 14px;
+            width: 120px;
+            text-align: center;
+        }
+        .form-row input[type="text"]:focus {
+            outline: none;
+            box-shadow: 0 0 10px rgba(0,255,0,0.3);
+        }
+        .post-message {
+            max-width: 300px;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1>mkach - Админка</h1>
+            <div class="header-buttons">
+                <a href="index.php">Главная</a>
+                <a href="?logout=1">Выход</a>
+            </div>
+        </div>
+
+        <?php if (isset($success)): ?>
+            <div class="message success"><?= htmlspecialchars($success) ?></div>
+        <?php endif; ?>
+
+        <?php if (isset($error)): ?>
+            <div class="message error"><?= htmlspecialchars($error) ?></div>
+        <?php endif; ?>
+
+        <h2>Управление тредами</h2>
+        <table class="threads-table">
+            <thead>
+                <tr>
+                    <th>ID</th>
+                    <th>Доска</th>
+                    <th>Название</th>
+                    <th>Постов</th>
+                    <th>Создан</th>
+                    <th>Действия</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($threads as $thread): ?>
+                    <tr>
+                        <td class="thread-id"><?= htmlspecialchars($thread['thread_id']) ?></td>
+                        <td>/<?= htmlspecialchars($thread['board_id']) ?>/</td>
+                        <td class="thread-title"><?= htmlspecialchars($thread['title'] ?? 'Без названия') ?></td>
+                        <td><?= $thread['post_count'] ?></td>
+                        <td><?= date('d.m.Y H:i', strtotime($thread['created_at'])) ?></td>
+                        <td>
+                            <form method="post" style="display: inline;" onsubmit="return confirm('Удалить тред <?= htmlspecialchars($thread['thread_id']) ?>?')">
+                                <input type="hidden" name="delete_thread" value="<?= htmlspecialchars($thread['thread_id']) ?>">
+                                <button type="submit" class="delete-btn">Удалить</button>
+                            </form>
+                        </td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+        <h2>Удаление сообщений</h2>
+        <div class="delete-post-form">
+            <form method="post" onsubmit="return confirm('Удалить сообщение №' + document.getElementById('post_id').value + '?')">
+                <div class="form-row">
+                    <label for="post_id">Номер сообщения:</label>
+                    <input type="text" id="post_id" name="delete_post" placeholder="123456" required pattern="[0-9]{6}" title="6-значный номер сообщения">
+                    <button type="submit" class="delete-btn">Удалить сообщение</button>
+                </div>
+            </form>
+        </div>
+
+        <h2>Последние сообщения</h2>
+        <table class="threads-table">
+            <thead>
+                <tr>
+                    <th>№</th>
+                    <th>Тред</th>
+                    <th>Доска</th>
+                    <th>Сообщение</th>
+                    <th>Время</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($recentPosts as $post): ?>
+                    <tr>
+                        <td class="thread-id"><?= htmlspecialchars($post['post_id']) ?></td>
+                        <td class="thread-title"><?= htmlspecialchars($post['thread_title'] ?? 'Без названия') ?></td>
+                        <td>/<?= htmlspecialchars($post['board_id']) ?>/</td>
+                        <td class="post-message">
+                            <?php 
+                            $message = htmlspecialchars($post['message'] ?? '');
+                            echo strlen($message) > 50 ? substr($message, 0, 50) . '...' : $message;
+                            ?>
+                        </td>
+                        <td><?= date('d.m.Y H:i', strtotime($post['created_at'])) ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+    </div>
+</body>
+</html> 
\ No newline at end of file
diff --git a/admin1337.php b/admin1337.php
new file mode 100644
index 0000000..9bc93eb
--- /dev/null
+++ b/admin1337.php
@@ -0,0 +1,420 @@
+<?php
+session_start();
+header('Content-Type: text/html; charset=utf-8');
+header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: DENY');
+header('X-XSS-Protection: 1; mode=block');
+
+$config = require 'config.php';
+
+if (isset($_GET['logout'])) {
+    unset($_SESSION['admin_authenticated']);
+    header('Location: admin.php');
+    exit;
+}
+
+if (!isset($_SESSION['admin_authenticated'])) {
+    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        $password = $_POST['password'] ?? '';
+        if ($password === $config['admin']['password']) {
+            $_SESSION['admin_authenticated'] = true;
+            header('Location: admin.php');
+            exit;
+        } else {
+            $error = 'Неверный пароль';
+        }
+    }
+    ?>
+    <!DOCTYPE html>
+    <html>
+    <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>mkach - Админка</title>
+        <style>
+            * { margin: 0; padding: 0; box-sizing: border-box; }
+            body { 
+                background: #000; 
+                color: #0f0; 
+                font-family: 'Courier New', monospace; 
+                display: flex; 
+                align-items: center; 
+                justify-content: center; 
+                min-height: 100vh;
+                font-size: 16px;
+            }
+            .container {
+                text-align: center;
+                background: rgba(0,20,0,0.8);
+                padding: 40px;
+                border: 1px solid #0f0;
+                border-radius: 5px;
+                box-shadow: 0 0 20px rgba(0,255,0,0.3);
+            }
+            h1 { margin-bottom: 30px; font-size: 2.5em; }
+            .form-group { margin-bottom: 20px; }
+            input[type="password"] {
+                background: #000;
+                border: 1px solid #0f0;
+                color: #0f0;
+                padding: 15px;
+                font-size: 18px;
+                width: 300px;
+                text-align: center;
+                font-family: 'Courier New', monospace;
+            }
+            input[type="password"]:focus {
+                outline: none;
+                box-shadow: 0 0 10px rgba(0,255,0,0.5);
+            }
+            button {
+                background: #000;
+                border: 1px solid #0f0;
+                color: #0f0;
+                padding: 15px 30px;
+                font-size: 16px;
+                cursor: pointer;
+                font-family: 'Courier New', monospace;
+                transition: all 0.3s;
+            }
+            button:hover {
+                background: #0f0;
+                color: #000;
+            }
+            .error {
+                color: #f00;
+                margin-top: 15px;
+                font-size: 14px;
+            }
+        </style>
+    </head>
+    <body>
+        <div class="container">
+            <h1>mkach - Админка</h1>
+            <form method="post">
+                <div class="form-group">
+                    <input type="password" name="password" placeholder="Введите пароль админа" required>
+                </div>
+                <button type="submit">Войти</button>
+            </form>
+            <?php if (isset($error)): ?>
+                <div class="error"><?= htmlspecialchars($error) ?></div>
+            <?php endif; ?>
+        </div>
+    </body>
+    </html>
+    <?php
+    exit;
+}
+
+try {
+    $db = new PDO(
+        "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", 
+        $config['db']['user'], 
+        $config['db']['pass']
+    );
+    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+    $db->exec('SET NAMES utf8');
+} catch (PDOException $e) {
+    die('Connection failed');
+}
+
+require_once 'logger.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_thread'])) {
+    $threadId = $_POST['delete_thread'];
+    
+    try {
+        $db->beginTransaction();
+        
+        $stmt = $db->prepare('DELETE FROM posts WHERE thread_id = ?');
+        $stmt->execute([$threadId]);
+        
+        $stmt = $db->prepare('DELETE FROM threads WHERE thread_id = ?');
+        $stmt->execute([$threadId]);
+        
+        $db->commit();
+        logAdminAction('DELETE_THREAD', "Thread ID: $threadId");
+        $success = 'Тред успешно удален';
+    } catch (PDOException $e) {
+        $db->rollBack();
+        $error = 'Ошибка при удалении треда';
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_post'])) {
+    $postId = $_POST['delete_post'];
+    
+    if (!preg_match('/^\d{6}$/', $postId)) {
+        $error = 'Неверный формат номера сообщения';
+    } else {
+        try {
+            $stmt = $db->prepare('SELECT COUNT(*) FROM posts WHERE post_id = ?');
+            $stmt->execute([$postId]);
+            $exists = $stmt->fetchColumn();
+            
+            if ($exists) {
+                $stmt = $db->prepare('DELETE FROM posts WHERE post_id = ?');
+                $stmt->execute([$postId]);
+                logAdminAction('DELETE_POST', "Post ID: $postId");
+                $success = 'Сообщение №' . $postId . ' успешно удалено';
+            } else {
+                $error = 'Сообщение №' . $postId . ' не найдено';
+            }
+        } catch (PDOException $e) {
+            $error = 'Ошибка при удалении сообщения';
+        }
+    }
+}
+
+try {
+    $stmt = $db->prepare('
+        SELECT t.*, b.name as board_name, COUNT(p.id) as post_count
+        FROM threads t 
+        JOIN boards b ON t.board_id = b.board_id
+        LEFT JOIN posts p ON t.thread_id = p.thread_id 
+        GROUP BY t.id 
+        ORDER BY t.created_at DESC
+    ');
+    $stmt->execute();
+    $threads = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    
+    $stmt = $db->prepare('
+        SELECT p.*, t.title as thread_title, b.board_id
+        FROM posts p 
+        JOIN threads t ON p.thread_id = t.thread_id 
+        JOIN boards b ON t.board_id = b.board_id
+        ORDER BY p.created_at DESC 
+        LIMIT 50
+    ');
+    $stmt->execute();
+    $recentPosts = $stmt->fetchAll(PDO::FETCH_ASSOC);
+} catch (PDOException $e) {
+    die('Database error');
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>mkach - Админка</title>
+    <style>
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        body { 
+            background: #000; 
+            color: #0f0; 
+            font-family: 'Courier New', monospace; 
+            padding: 20px;
+            font-size: 14px;
+        }
+        .container {
+            max-width: 1200px;
+            margin: 0 auto;
+        }
+        .header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-bottom: 30px;
+            padding-bottom: 20px;
+            border-bottom: 1px solid #0f0;
+        }
+        h1 { font-size: 2em; }
+        .header-buttons a {
+            color: #0f0;
+            text-decoration: none;
+            margin-left: 20px;
+            padding: 10px 15px;
+            border: 1px solid #0f0;
+            transition: all 0.3s;
+        }
+        .header-buttons a:hover {
+            background: #0f0;
+            color: #000;
+        }
+        .message {
+            padding: 15px;
+            margin-bottom: 20px;
+            border: 1px solid;
+        }
+        .success {
+            background: rgba(0,255,0,0.1);
+            border-color: #0f0;
+            color: #0f0;
+        }
+        .error {
+            background: rgba(255,0,0,0.1);
+            border-color: #f00;
+            color: #f00;
+        }
+        .threads-table {
+            width: 100%;
+            border-collapse: collapse;
+            margin-top: 20px;
+        }
+        .threads-table th,
+        .threads-table td {
+            padding: 10px;
+            text-align: left;
+            border-bottom: 1px solid #0f0;
+        }
+        .threads-table th {
+            background: rgba(0,255,0,0.1);
+            font-weight: bold;
+        }
+        .delete-btn {
+            background: #000;
+            border: 1px solid #f00;
+            color: #f00;
+            padding: 5px 10px;
+            cursor: pointer;
+            font-family: 'Courier New', monospace;
+            transition: all 0.3s;
+        }
+        .delete-btn:hover {
+            background: #f00;
+            color: #000;
+        }
+        .thread-title {
+            max-width: 300px;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+        .thread-id {
+            font-family: monospace;
+            color: #0f0;
+        }
+        .delete-post-form {
+            background: rgba(0,255,0,0.05);
+            border: 1px solid #0f0;
+            padding: 20px;
+            margin-top: 30px;
+        }
+        .delete-post-form h2 {
+            margin-bottom: 20px;
+            color: #0f0;
+        }
+        .form-row {
+            display: flex;
+            align-items: center;
+            gap: 15px;
+        }
+        .form-row label {
+            font-weight: bold;
+            min-width: 150px;
+        }
+        .form-row input[type="text"] {
+            background: #000;
+            border: 1px solid #0f0;
+            color: #0f0;
+            padding: 10px;
+            font-family: 'Courier New', monospace;
+            font-size: 14px;
+            width: 120px;
+            text-align: center;
+        }
+        .form-row input[type="text"]:focus {
+            outline: none;
+            box-shadow: 0 0 10px rgba(0,255,0,0.3);
+        }
+        .post-message {
+            max-width: 300px;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1>mkach - Админка</h1>
+            <div class="header-buttons">
+                <a href="index.php">Главная</a>
+                <a href="?logout=1">Выход</a>
+            </div>
+        </div>
+
+        <?php if (isset($success)): ?>
+            <div class="message success"><?= htmlspecialchars($success) ?></div>
+        <?php endif; ?>
+
+        <?php if (isset($error)): ?>
+            <div class="message error"><?= htmlspecialchars($error) ?></div>
+        <?php endif; ?>
+
+        <h2>Управление тредами</h2>
+        <table class="threads-table">
+            <thead>
+                <tr>
+                    <th>ID</th>
+                    <th>Доска</th>
+                    <th>Название</th>
+                    <th>Постов</th>
+                    <th>Создан</th>
+                    <th>Действия</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($threads as $thread): ?>
+                    <tr>
+                        <td class="thread-id"><?= htmlspecialchars($thread['thread_id']) ?></td>
+                        <td>/<?= htmlspecialchars($thread['board_id']) ?>/</td>
+                        <td class="thread-title"><?= htmlspecialchars($thread['title'] ?? 'Без названия') ?></td>
+                        <td><?= $thread['post_count'] ?></td>
+                        <td><?= date('d.m.Y H:i', strtotime($thread['created_at'])) ?></td>
+                        <td>
+                            <form method="post" style="display: inline;" onsubmit="return confirm('Удалить тред <?= htmlspecialchars($thread['thread_id']) ?>?')">
+                                <input type="hidden" name="delete_thread" value="<?= htmlspecialchars($thread['thread_id']) ?>">
+                                <button type="submit" class="delete-btn">Удалить</button>
+                            </form>
+                        </td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+        <h2>Удаление сообщений</h2>
+        <div class="delete-post-form">
+            <form method="post" onsubmit="return confirm('Удалить сообщение №' + document.getElementById('post_id').value + '?')">
+                <div class="form-row">
+                    <label for="post_id">Номер сообщения:</label>
+                    <input type="text" id="post_id" name="delete_post" placeholder="123456" required pattern="[0-9]{6}" title="6-значный номер сообщения">
+                    <button type="submit" class="delete-btn">Удалить сообщение</button>
+                </div>
+            </form>
+        </div>
+
+        <h2>Последние сообщения</h2>
+        <table class="threads-table">
+            <thead>
+                <tr>
+                    <th>№</th>
+                    <th>Тред</th>
+                    <th>Доска</th>
+                    <th>Сообщение</th>
+                    <th>Время</th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($recentPosts as $post): ?>
+                    <tr>
+                        <td class="thread-id"><?= htmlspecialchars($post['post_id']) ?></td>
+                        <td class="thread-title"><?= htmlspecialchars($post['thread_title'] ?? 'Без названия') ?></td>
+                        <td>/<?= htmlspecialchars($post['board_id']) ?>/</td>
+                        <td class="post-message">
+                            <?php 
+                            $message = htmlspecialchars($post['message'] ?? '');
+                            echo strlen($message) > 50 ? substr($message, 0, 50) . '...' : $message;
+                            ?>
+                        </td>
+                        <td><?= date('d.m.Y H:i', strtotime($post['created_at'])) ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+    </div>
+</body>
+</html> 
\ No newline at end of file
diff --git a/board.php b/board.php
index b657e30..f03bdec 100644
--- a/board.php
+++ b/board.php
@@ -45,6 +45,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $title = trim($_POST['title'] ?? '');
         $description = trim($_POST['description'] ?? '');
         
+        if (strlen($message) > $config['max_message_length']) {
+            $error = 'Сообщение слишком длинное';
+        }
+        
         if ($message || $title || ($file && $file['error'] === UPLOAD_ERR_OK)) {
             $postId = sprintf('%06d', mt_rand(1, 999999));
             
diff --git a/config.php b/config.php
index 0299e87..5ef07b8 100644
--- a/config.php
+++ b/config.php
@@ -10,7 +10,11 @@ return [
     'upload_path' => 'uploads/',
     'max_file_size' => 26214400,
     'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'],
+    'max_message_length' => 10000,
     'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК',
     'logo_enabled' => true,
-    'logo_text' => 'mkach'
+    'logo_text' => 'mkach',
+    'admin' => [
+        'password' => 'admin1337'
+    ]
 ]; 
\ No newline at end of file
diff --git a/config.php.example b/config.php.example
index 59fcc91..36a98b2 100644
--- a/config.php.example
+++ b/config.php.example
@@ -10,7 +10,11 @@ return [
     'upload_path' => 'uploads/',
     'max_file_size' => 26214400,
     'allowed_types' => ['jpg', 'jpeg', 'png', 'gif', 'webp','JPG','JPEG','PNG','GIF','WEBP'],
+    'max_message_length' => 10000,
     'motd' => 'Добро пожаловать на mkach - анонимный имиджборд от МК',
     'logo_enabled' => true,
-    'logo_text' => 'mkach'
+    'logo_text' => 'mkach',
+    'admin' => [
+        'password' => 'admin1337'
+    ]
 ]; 
\ No newline at end of file
diff --git a/csrf.php b/csrf.php
new file mode 100644
index 0000000..d0886bb
--- /dev/null
+++ b/csrf.php
@@ -0,0 +1,12 @@
+<?php
+function generateCSRFToken() {
+    if (!isset($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
+    return $_SESSION['csrf_token'];
+}
+
+function validateCSRFToken($token) {
+    return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
+}
+?> 
\ No newline at end of file
diff --git a/logger.php b/logger.php
new file mode 100644
index 0000000..e8239c2
--- /dev/null
+++ b/logger.php
@@ -0,0 +1,16 @@
+<?php
+function logAdminAction($action, $details = '') {
+    $logFile = 'logs/admin.log';
+    $logDir = dirname($logFile);
+    
+    if (!is_dir($logDir)) {
+        mkdir($logDir, 0755, true);
+    }
+    
+    $timestamp = date('Y-m-d H:i:s');
+    $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
+    $logEntry = "[$timestamp] [$ip] $action: $details\n";
+    
+    file_put_contents($logFile, $logEntry, FILE_APPEND | LOCK_EX);
+}
+?> 
\ No newline at end of file
diff --git a/styles.css b/styles.css
index ef7b980..b1b03d6 100644
--- a/styles.css
+++ b/styles.css
@@ -43,7 +43,7 @@ body {
     color: #ff6b6b;
 }
 
-.boards-btn, .logout-btn {
+.boards-btn, .logout-btn, .admin-btn {
     background: #d6daf0;
     border: 1px solid #b7c5d9;
     padding: 5px 10px;
@@ -53,7 +53,7 @@ body {
     margin-left: 5px;
 }
 
-.boards-btn:hover, .logout-btn:hover {
+.boards-btn:hover, .logout-btn:hover, .admin-btn:hover {
     background: #e5e9f0;
 }
 
