diff --git a/main.go b/main.go
index 0d6f5e186621eead212b94e21dfb2c9e6d70b6cf..daac3aece62046d69eba4193affec328ec923f28 100644
--- a/main.go
+++ b/main.go
@@ -900,7 +900,7 @@ func adminChangePasswordHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Redirect the user back to the admin page
-	http.Redirect(w, r, "/admin", http.StatusSeeOther)
+	http.Redirect(w, r, "/adminDashboard", http.StatusSeeOther)
 }
 
 // deleteUser function
@@ -951,7 +951,7 @@ func deleteHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Redirect the user back to the admin page
-	http.Redirect(w, r, "/admin", http.StatusSeeOther)
+	http.Redirect(w, r, "/adminDashboard", http.StatusSeeOther)
 }
 
 // getCurrentUser function
@@ -1254,8 +1254,14 @@ func updateEmailAndPassword(username, email, password string) (models.User, erro
 	}
 	defer client.Disconnect(context.Background())
 
-	// Update the user's avatar URL in the database
-	_, err = usersCollection.UpdateOne(context.Background(), bson.M{"username": username}, bson.M{"$set": bson.M{"email": email, "password": password}})
+	// Hash the password using bcrypt
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return models.User{}, err
+	}
+
+	// Update the user's email and hashed password in the database
+	_, err = usersCollection.UpdateOne(context.Background(), bson.M{"username": username}, bson.M{"$set": bson.M{"email": email, "password": string(hashedPassword)}})
 	if err != nil {
 		return models.User{}, err
 	}
@@ -1271,37 +1277,64 @@ func updateEmailAndPassword(username, email, password string) (models.User, erro
 }
 
 func editbyAdminHandler(w http.ResponseWriter, r *http.Request) {
-	// Check if the user is an admin
-	cookie, err := r.Cookie("username")
+	// Get the session ID from the cookie
+	cookie, err := r.Cookie("session_id")
 	if err != nil {
-		http.Redirect(w, r, "/signin", http.StatusSeeOther)
+		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	username := cookie.Value
-	user, err := getUser(username)
+	sessionID := cookie.Value
+
+	// Retrieve the session from the database
+	session, err := getSession(sessionID)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
+	// check if the user is the same as the user in the session
+	if session.Username != user.Username {
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		return
+	}
+	// Check if the user is an admin
 	if user.Role != "admin" {
 		http.Error(w, "Unauthorized", http.StatusUnauthorized)
 		return
 	}
 
-	// Get the username, email, and password from the form data
-	usernameToUpdate := r.FormValue("username")
-	email := r.FormValue("email")
-	password := r.FormValue("password")
+	if r.Method == "POST" {
+		// Get the username, email, and password from the form data
+		usernameToUpdate := r.FormValue("username")
+		email := r.FormValue("email")
+		password := r.FormValue("password")
 
-	// Update the email and password of the user in the database
-	_, err = updateEmailAndPassword(usernameToUpdate, email, password)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
+		// Update the email and password of the user in the database
+		_, err = updateEmailAndPassword(usernameToUpdate, email, password)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		// Redirect the user back to the admin page
+		http.Redirect(w, r, "/adminDashboard", http.StatusSeeOther)
+	} else if r.Method == "GET" {
+		// Render the editbyadmin.html page
+		tmpl, err := template.ParseFiles("./view/editbyadmin.html")
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		err = tmpl.Execute(w, user)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+	} else {
+		http.Error(w, "Invalid request method", http.StatusMethodNotAllowed)
 	}
 
 	// Redirect the user back to the admin page
-	http.Redirect(w, r, "/admin", http.StatusSeeOther)
+	http.Redirect(w, r, "/adminDashboard", http.StatusSeeOther)
 }
 
 func editHandler(w http.ResponseWriter, r *http.Request) {
diff --git a/output b/output
index 0751b0544e2563a95796d8f6b77da0a1f5e85596..cb4cc427fa0fd921d3fa786ce49a1b668cd1c5af 100755
Binary files a/output and b/output differ
diff --git a/view/editbyadmin.html b/view/editbyadmin.html
index 2cdf7144b3857009b6b0c51338ba37baa5ec7f96..be78bf300cd0b879c705f1ccdfd5472b435229ba 100644
--- a/view/editbyadmin.html
+++ b/view/editbyadmin.html
@@ -14,7 +14,7 @@
         <label for="password">New Password:</label>
         <input type="password" name="password" required><br>
         <button type="submit">Save</button>
-        <a href="/admin">Cancel</a>
+        <a href="/adminDashboard">Cancel</a>
     </form>
 </body>