diff --git a/app.js b/app.js
index 8052687..55c2b6d 100644
--- a/app.js
+++ b/app.js
@@ -12,6 +12,8 @@ const User = require('./models/users');
 const indexRouter = require('./routes/index');
 const signupRouter = require('./routes/signup');
 const loginRouter = require('./routes/login');
+const secretPageRouter = require('./routes/secretPage');
+const adminRouter = require('./routes/admin');
 
 const app = express();
 
@@ -49,13 +51,8 @@ passport.deserializeUser(async (id, done) => {
 app.use('/', indexRouter);
 app.use('/signup', signupRouter);
 app.use('/login', loginRouter);
-app.get('/admin', async (req, res, next) => {
-  const user = await User.findOneAndUpdate().populate('username').exec();
-  user.admin = true;
-  const result = await user.save();
-  res.redirect('/');
-
-})
+app.use('/secret', secretPageRouter);
+app.use('/admin', adminRouter);
 
 // catch 404 and forward to error handler
 app.use(function(req, res, next) {
diff --git a/controllers/indexController.js b/controllers/indexController.js
index ab319db..6223534 100644
--- a/controllers/indexController.js
+++ b/controllers/indexController.js
@@ -3,9 +3,15 @@ const User = require('../models/users');
 
 const get_index = async (req, res) => {
     const posts = await Post.find().populate('author').exec()
-    // const user = await User.find();
-    // console.log(user)
-    res.render('index', { title: 'Members Only | Project', user: req.user, posts: posts, admin: req.user });
+    const user = await User.findById(req.user)
+    
+    if (user) {
+        const can_post = user.can_post;
+        res.render('index', { title: 'Members Only | Project', user: req.user, posts: posts, admin: req.user, canPost: can_post });
+    } else {
+        res.render('index', { title: 'Members Only | Project', user: req.user, posts: posts, admin: req.user })
+    }
+
 }
 
 module.exports = { get_index }
\ No newline at end of file
diff --git a/models/users.js b/models/users.js
index 83b9ed5..88c26ae 100644
--- a/models/users.js
+++ b/models/users.js
@@ -8,9 +8,10 @@ const UserSchema = new Schema({
     email: { type: String, required: true },
     username: { type: String, required: true },
     password: { type: String, required: true },
+    can_post: { type: Boolean, default: false },
     date_created: { type: Date },
     posts: [{ type: mongoose.Schema.Types.Array, ref: 'Post' }],
-    admin: { type: Boolean }
+    admin: { type: Boolean, default: false }
 })
 
 UserSchema.virtual('name').get(() => {
diff --git a/public/stylesheets/style.css b/public/stylesheets/style.css
index 2b8f447..cf8b1f0 100644
--- a/public/stylesheets/style.css
+++ b/public/stylesheets/style.css
@@ -30,6 +30,9 @@ a {
   justify-content: center;
   flex-direction: column;
 }
+.banner a {
+  font-size: 14px;
+}
 .links {
   display: flex;
   align-items: center;
diff --git a/routes/admin.js b/routes/admin.js
new file mode 100644
index 0000000..ce1d1c9
--- /dev/null
+++ b/routes/admin.js
@@ -0,0 +1,24 @@
+const express = require('express');
+const router = express.Router();
+const User = require('../models/users');
+
+router.get('/', (req, res, next) => {
+    res.render('admin', { title: 'Members Only | Admin Page' })
+})
+
+router.post('/', async (req, res, next) => {
+    const admin = process.env.ADMINCODE
+
+    if (req.body.admincode == admin) {
+        await User.findByIdAndUpdate(
+            req.user._id,
+            { admin: true },
+            { new: true }
+        )
+        res.render('admin', { title: 'Members Only | Admin Page', success: 'You are now an admin.' })
+    } else {
+        res.render('admin', { title: 'Members Only | Admin Page', success: '' })
+    }
+})
+
+module.exports = router;
\ No newline at end of file
diff --git a/routes/secretPage.js b/routes/secretPage.js
new file mode 100644
index 0000000..1cd2f34
--- /dev/null
+++ b/routes/secretPage.js
@@ -0,0 +1,25 @@
+require('dotenv').config();
+const express = require('express');
+const router = express.Router();
+const User = require('../models/users')
+
+router.get('/', (req, res, next) => {
+    res.render('secretpage', { title: 'Members Page | Secret Page', message: '' })
+})
+
+router.post('/', async (req, res, next) => {
+    const secret = process.env.SECRET
+    // const getUser = req.user
+    if (req.body.secretcode == secret) {
+        await User.findByIdAndUpdate(
+            req.user._id,
+            { can_post: true },
+            { new: true }
+        )
+        res.render('secretpage', { title: 'Members Page | Secret Page', state: true, message: 'Congrats! You can post now!' })
+    } else {
+        res.render('secretpage', { title: 'Members Page | Secret Page', state: false, message: "Sorry that's not the secret code!" })
+    }
+})
+
+module.exports = router;
\ No newline at end of file
diff --git a/views/admin.pug b/views/admin.pug
new file mode 100644
index 0000000..25cfcfc
--- /dev/null
+++ b/views/admin.pug
@@ -0,0 +1,12 @@
+extends layout 
+
+block content 
+    h1 #{title}
+    h3 #{success}
+    
+    a(href="/") Home
+
+    form(class="signup-form" method="POST")
+        label(for="admincode")
+        input(type="text" name="admincode")
+        button Send  
\ No newline at end of file
diff --git a/views/index.pug b/views/index.pug
index 40cd08d..6094007 100644
--- a/views/index.pug
+++ b/views/index.pug
@@ -6,20 +6,20 @@ block content
     if (user)
       h3(class="banner") Welcome to #{title} - <span class="username">#{user.username}</span>
       div(class="links")
-        a(href="/") HOME
-        a(href="/logout") LOG OUT
-
-      div
-        form(class="post-form" method="POST")
-          label(for="post") Post: 
-          textarea(name="post" required)
-          button Submit   
+        a(href="/") Home
+        a(href="/logout") Log Out
+      if (user && canPost)
+        div
+          form(class="post-form" method="POST")
+            label(for="post") Post: 
+            textarea(name="post" required)
+            button Submit   
     else
       h3(class="banner") Welcome to #{title}
         div(class="links")
-          a(href="/") HOME
-          a(href="/signup") SIGNUP
-          a(href="/login") LOGIN
+          a(href="/") Home
+          a(href="/signup") Sign Up
+          a(href="/login") Login
       div 
         h3 Please <a href="/login"> log in </a> if you have an existing account.
         h3 If not feel free to <a href="/signup">Sign up!</a>
diff --git a/views/login.pug b/views/login.pug
index 0a4003d..405d7a5 100644
--- a/views/login.pug
+++ b/views/login.pug
@@ -4,8 +4,8 @@ block content
 
     h1 #{title}
     div(class="links")
-        a(href="/") HOME
-        a(href="/signup") SIGNUP 
+        a(href="/") Home
+        a(href="/signup") Sign Up 
 
     form(class="signup-form" action="/login" method="POST")
         label(for="username") Username: 
diff --git a/views/secretpage.pug b/views/secretpage.pug
index a8ebc19..06e9535 100644
--- a/views/secretpage.pug
+++ b/views/secretpage.pug
@@ -4,6 +4,13 @@ block content
 
     h1 #{title}
 
+    if (state)
+        a(href="/") Home
+        h3 #{message}
+    else
+        a(href="/") Home
+        h3 #{message}
+
     form(class="signup-form" method="POST")
         label(for="secretcode")
         input(type="text" name="secretcode")
diff --git a/views/signup.pug b/views/signup.pug
index eb3b394..e72475f 100644
--- a/views/signup.pug
+++ b/views/signup.pug
@@ -4,8 +4,8 @@ block content
 
     h1 #{title}
     div(class="links")
-        a(href="/") HOME
-        a(href="/login") LOGIN 
+        a(href="/") Home
+        a(href="/login") Login 
 
     form(class="signup-form" method='POST')
         label(for='firstname') First Name: