diff --git a/Register.php b/Register.php
index a0751de02f65a4ad6f1bc9c20deaae408f1ef003..eca4b5b7a21a08786d60671d49f628b7a04bb47d 100644
--- a/Register.php
+++ b/Register.php
@@ -52,20 +52,27 @@ if (isset($provided_email) && isset($provided_password) && isset($provided_age))
     if ($num_rows == 1) {
         $errors = "user with email $provided_email already exists";
     } else {
-
         // hashed password 
         $hashed_password = password_hash($provided_password, PASSWORD_BCRYPT);
 
-        // signup 
+        // signup token 
         $token = hash('sha256', time() . $provided_email . 'BX');
 
-        $query = "INSERT INTO `users` VALUE (null, '$provided_user_name', '$provided_age','$provided_email','$hashed_password', '$provided_bio', 0, 0, '$token', null, null);";
+
+        $message = ['email' => $provided_email, 'token' => $token]; // we can add the valid_until time also 
+
+        $verification_token = ['message' => $message, 'reset' => 0, 'hash_of_message' => $obj->encrypt(json_encode($message))];
+
+        $encrypted_token = $obj->encrypt(json_encode($verification_token));
+
+
+        $query = "INSERT INTO `users` VALUE (null, '$provided_user_name', '$provided_age','$provided_email',null,'$hashed_password', '$provided_bio', 0, 0, '$token', null, null);";
         $result = $obj->executeQuery($query);
 
 
         $body = '
             <p>click on this link to verify your account</p>
-            <p><b><a href="localhost/verifyAcount.php?token=' . $token . '&email=' . $provided_email . '">confirm your account</a></b></p>
+            <p><b><a href="localhost/verifyAcount.php?token=' . $encrypted_token . '">confirm your account</a></b></p>
         ';
 
         $sended = $obj->sendMail($provided_email, 'confirm your account', $body);
diff --git a/accepte_or_reject_friend.php b/accepte_or_reject_friend.php
new file mode 100644
index 0000000000000000000000000000000000000000..b7d107bb9032c89e00ff2b9771e8d609bf71a1bc
--- /dev/null
+++ b/accepte_or_reject_friend.php
@@ -0,0 +1,39 @@
+<?php
+require_once 'header.php';
+
+if (!$obj->loggedin($obj)) {
+    header("Location: login.php");
+}
+if (!$obj->acountVerified($obj)) {
+    header("Location: verifyemail.php");
+}
+$loged_user_email = $_SESSION['logged_user'];
+$user_id = $obj->getUserIdByEmail($obj, $loged_user_email);
+
+if (isset($_POST["accepte"]) && !empty($_POST["accepte"])) {
+
+
+    $accpeted_user_id = $_POST["accepte"];
+
+    // accepte friend request 
+    $query = "UPDATE user_has_friend SET accepted = 1 where user_id2 = '$user_id' AND user_id1 = '$accpeted_user_id';";
+    $result = $obj->executeQuery($query);
+
+    // create a bidirectional relation 
+    $query = "INSERT INTO user_has_friend VALUE ('$user_id', '$accpeted_user_id', 1);";
+    $result = $obj->executeQuery($query);
+}
+
+if (isset($_POST["rejecte"]) && !empty($_POST["rejecte"])) {
+
+    $rejected_user_id = $_POST["rejecte"];
+
+    // rejecte friend request 
+    $query = "DELETE FROM user_has_friend where user_id2 = '$user_id' AND user_id1 = '$rejected_user_id';";
+    $result = $obj->executeQuery($query);
+
+}
+
+header("Location: " . $_SERVER['HTTP_REFERER']);
+
+?>
\ No newline at end of file
diff --git a/add_friend.php b/add_friend.php
new file mode 100644
index 0000000000000000000000000000000000000000..e6443029a0af625651d7c9c980a562c8b943cd36
--- /dev/null
+++ b/add_friend.php
@@ -0,0 +1,39 @@
+<?php
+require_once 'header.php';
+
+if (!$obj->loggedin($obj)) {
+    header("Location: login.php");
+}
+if (!$obj->acountVerified($obj)) {
+    header("Location: verifyemail.php");
+}
+
+if (isset($_POST["friend"]) && !empty($_POST["friend"])) {
+
+    $freind_id = $_POST["friend"];
+    $logged_user = $_SESSION['logged_user'];
+    $user_id = $obj->getUserIdByEmail($obj, $logged_user);
+
+    // check if two user has freind relationship 
+    $query = "SELECT * FROM user_has_friend WHERE (user_id1 = '$user_id' AND user_id2='$freind_id') OR (user_id2 = '$user_id' AND user_id1='$freind_id');";
+
+    $result = $obj->executeQuery($query);
+
+    // there is no relation between : already freinds
+    if (mysqli_num_rows($result) == 0) {
+        $query = "INSERT INTO user_has_friend VALUE ('$user_id', '$freind_id', 0);";
+
+        $result = $obj->executeQuery($query);
+        if ($result) {
+            // redirect 
+            header("Location: index.php");
+        }
+    }
+
+
+
+
+
+
+}
+?>
\ No newline at end of file
diff --git a/admin.php b/admin.php
new file mode 100644
index 0000000000000000000000000000000000000000..ae2d19bf2423e276f8c912345d9e3ccc838cf614
--- /dev/null
+++ b/admin.php
@@ -0,0 +1,55 @@
+<?php
+require_once 'header.php';
+
+if (!$obj->loggedin($obj)) {
+    header("Location: login.php");
+}
+if (!$obj->acountVerified($obj)) {
+    header("Location: verifyemail.php");
+}
+
+if (!$obj->isAdmin($obj)) {
+    header("Location: " . $_SERVER['HTTP_REFERER']);
+}
+
+
+$query = "SELECT * FROM users";
+$users = $obj->executeQuery($query);
+
+
+?>
+
+<div class="admin-page">
+    <h3>admin page</h3>
+    <table class="table table-striped">
+        <thead>
+            <tr>
+                <th scope="col">User Name </th>
+                <th scope="col">Profile Photo </th>
+                <th scope="col">Email</th>
+                <th scope="col">User Type</th>
+                <th scope="col">Suspend</th>
+                <th scope="col">Delete</th>
+            </tr>
+        </thead>
+        <tbody>
+            <?php
+            while ($row = mysqli_fetch_array($users)) {
+                $isAdmin = ($row['isAdmin'] == 1) ? '@ADMIN' : '@USER';
+                echo ' <tr>
+               <td>' . $row['user_name'] . '</td>
+               <td><img src="' . $row['profile_image'] . '" alt=""></td>
+               <th scope="row">' . $row['email'] . '</th>
+               <th>' . $isAdmin . '</th>
+               <td><button type="button" class="btn btn-sm btn-warning">suspend <i
+                           class="fa-solid fa-stop"></i></button>
+               </td>
+               <td><button type="button" class="btn btn-sm btn-danger">Delete <i
+                           class="fa-solid fa-trash"></i></button></td>
+           </tr>';
+            }
+            ?>
+        </tbody>
+    </table>
+
+</div>
\ No newline at end of file
diff --git a/chat/index.html b/chat/index.html
new file mode 100644
index 0000000000000000000000000000000000000000..59ce469149263c705465562172867373d4932ade
--- /dev/null
+++ b/chat/index.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html> 
+  <head>
+    <meta charset="utf-8" />
+    <title></title>
+  </head>
+  <body>
+    <p>my id: <span id="person1id"></span></p>
+    <input type="person2id" id="personid" placeholder="enter person id" />
+    <input type="text" id="personmessage" placeholder="person1 message" />
+    <button id="callperson1" onclick="callperson()">connect</button>
+    <button id="video_call" onclick="videocall()">video call</button>
+    <hr />
+    <div id="result"></div>
+    <video id="localVideo" autoplay></video>
+    <video id="remoteVideo" autoplay></video>
+    <script src="https://unpkg.com/peerjs@1.5.1/dist/peerjs.min.js"></script>
+    <script src="index.js" charset="utf-8"></script>
+  </body>
+</html>
diff --git a/chat/index.js b/chat/index.js
new file mode 100644
index 0000000000000000000000000000000000000000..e6c023a73455dcf66e4f04ebecb07a849c681ed9
--- /dev/null
+++ b/chat/index.js
@@ -0,0 +1,84 @@
+var peer1 = null;
+
+
+(function(){
+
+    let myid = prompt('enter your id');
+    peer1 = new Peer(myid);
+    peer1.on('open', function(id) {
+        var person1idcontainer = document.getElementById('person1id');
+        person1idcontainer.innerHTML = id;
+    });
+
+
+    peer1.on('connection', function(conn) {
+        let result = document.getElementById('result');
+        conn.on('data', function(data){
+          result.innerHTML = result.innerHTML + data;
+        });
+    });
+
+
+       
+
+    peer1.on('call', function(call) {
+        var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia;
+        getUserMedia({ video: true, audio: true })
+            .then(function (stream) {
+                let localVideo = document.getElementById('localVideo');
+                localVideo.srcObject = stream;
+                let confirmcall = confirm("you have a call");
+               
+                if(confirmcall){
+                    call.answer(stream); // Answer the call with an A/V stream.
+                    call.on('stream', function (remoteStream) {
+                        let remoteVideo = document.getElementById('remoteVideo');
+                        remoteVideo.srcObject = remoteStream;
+                    });
+                }
+                
+            })
+            .catch(function (err) {
+                console.log('Failed to get local stream', err);
+            });
+    });
+        
+        
+})();
+
+// send message
+function callperson(){
+    var personid = document.getElementById("personid").value;
+    var person1 = peer1.connect(personid);
+    // on open will be launch when you successfully connect to PeerServer
+    person1.on('open', function(){
+    // here you have conn.id
+    let message = document.getElementById('personmessage').value;
+    person1.send(message);
+    });
+}
+
+function videocall() {
+    var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia;
+    getUserMedia({ video: true, audio: true })
+    .then(function (stream) { 
+
+        let localVideo = document.getElementById('localVideo');
+        localVideo.srcObject = stream;
+
+        var personid = document.getElementById("personid").value;
+        var call = peer1.call(personid, stream);
+        call.on('stream', function (remoteStream) {
+
+            let remoteVideo = document.getElementById('remoteVideo');
+            remoteVideo.srcObject = remoteStream;
+            // Show the stream in a video or canvas element.
+        });
+    })
+    .catch(function (err) {
+        console.log('Failed to get local stream', err);
+    });
+}
+
+
+
diff --git a/connection.php b/connection.php
index 9900dc087670eec210dcfaef79f3390437f426e0..549abf55cb7c617ff7ec63cfa41885740dc5dfe9 100644
--- a/connection.php
+++ b/connection.php
@@ -15,15 +15,17 @@ class Connection
     public $connection = NULL;
 
     public $USER_SESSION_DURATION = NULL;
+    public $key = NULL;
 
     public function __construct()
     {
-        $this->env = parse_ini_file('.env');
+        $this->env = parse_ini_file('dev.env');
 
         $this->servername = $this->env["DB_HOST"]; // cause we are on the docker network 
         $this->username = $this->env['DB_USER'];
         $this->password = $this->env['DB_PASSWORD'];
         $this->DB_name = $this->env['DB_NAME'];
+        $this->key = $this->env['ecryption_key'];
 
         // Create connection
         $this->connection = mysqli_connect($this->servername, $this->username, $this->password, $this->DB_name);
@@ -38,6 +40,7 @@ class Connection
             user_name VARCHAR(64),
             age INT,
             email VARCHAR(255),
+            profile_image VARCHAR(1024),
             password VARCHAR(255),
             bio VARCHAR(512),
             isAdmin Boolean default 0,
@@ -54,6 +57,24 @@ class Connection
             die("Query failed: " . mysqli_error($this->connection));
         }
 
+
+        // user has friends tables
+        $query = 'CREATE TABLE IF NOT EXISTS `user_has_friend` (
+                `user_id1` INTEGER NOT NULL,
+                `user_id2` INTEGER NOT NULL,
+                accepted BOOLEAN DEFAULT 0, 
+                FOREIGN KEY (`user_id1`) REFERENCES `users` (`id`),
+                FOREIGN KEY (`user_id2`) REFERENCES `users` (`id`))';
+
+        // Execute the query
+        $result = mysqli_query($this->connection, $query);
+        // Check if the query was successful
+        if (!$result) {
+            die("Query failed: " . mysqli_error($this->connection));
+        }
+
+
+        // create posts table 
         $query = 'CREATE TABLE IF NOT EXISTS posts (
             id INT PRIMARY KEY AUTO_INCREMENT,
             title VARCHAR(255),
@@ -71,6 +92,27 @@ class Connection
         }
 
 
+
+        // create messages table 
+        // user has friends tables
+        $query = 'CREATE TABLE IF NOT EXISTS user_has_messages (
+        user_id1 INTEGER NOT NULL,
+        user_id2 INTEGER NOT NULL,
+        message varchar(512),
+        sended_at DATETIME DEFAULT CURRENT_TIMESTAMP, 
+        FOREIGN KEY (user_id1) REFERENCES users (id),
+        FOREIGN KEY (user_id2) REFERENCES users (id))';
+        // Execute the query
+        $result = mysqli_query($this->connection, $query);
+        // Check if the query was successful
+        if (!$result) {
+            die("Query failed: " . mysqli_error($this->connection));
+        }
+
+
+
+
+
     }
 
     public function executeQuery($query)
@@ -130,6 +172,17 @@ class Connection
 
     }
 
+    public function isAdmin($obj)
+    {
+        $loged_user_email = $_SESSION['logged_user'];
+        $query = "SELECT * FROM users where email='$loged_user_email'";
+        $result = $obj->executeQuery($query);
+        $result = mysqli_fetch_assoc($result)['isAdmin'];
+        return ($result == 1);
+
+    }
+
+
     public function getUserIdByEmail($obj, $email)
     {
         // echo $_SESSION['logged_user'];
@@ -152,7 +205,7 @@ class Connection
         $mail->isSMTP();
         $mail->Host = $this->env['SMTP_HOST']; //gmail SMTP server
         $mail->SMTPAuth = true;
-        
+
         $mail->Username = $this->env['SMTP_USER_MAIL']; //email
         $mail->Password = $this->env['SMTP_USER_PASSWORD']; //16 character obtained from app password created
         $mail->Port = $this->env['SMTP_PORT']; //SMTP port
@@ -180,6 +233,22 @@ class Connection
         return ($sended == true);
     }
 
+    function encrypt($message)
+    {
+        $iv = substr($message, 0, 16);
+        $cipherMessage = openssl_encrypt($message, 'aes-256-cbc', $this->key, 0, $iv);
+        return base64_encode($iv . $cipherMessage);
+    }
+
+    function decrypt($message)
+    {
+        $data = base64_decode($message);
+        $iv = substr($data, 0, 16);
+        $message = substr($data, 16);
+        return openssl_decrypt($message, 'aes-256-cbc', $this->key, 0, $iv);
+    }
+
+
     public function __destruct()
     {
         $this->closeConnection();
diff --git a/css/main.css b/css/main.css
index 6f2f0aa96bc4bcac0890d85c6427ef715e22cf24..db17c4c699b5e31150f45b1150059f2a279b90f4 100644
--- a/css/main.css
+++ b/css/main.css
@@ -77,6 +77,11 @@ body {
   border-radius: 5px;
   background: white;
 }
+
+.register_post h6 {
+  color: var(--bs-gray-700);
+  font-weight: bold;
+}
 /* new post  */
 
 
@@ -84,11 +89,11 @@ body {
 /* friend list page */
 .freind-list {
   background: white;
-  min-height: 200px;
+  /* min-height: 200px; */
   margin-top: 15px;
   padding: 1rem;
   border-radius: 10px;
-  height: 90vh;
+  /* height: 90vh; */
 }
 
 .freind-list .title {
@@ -97,15 +102,17 @@ body {
 .freind-list .friend-list-box {
   max-height: 300px;
   overflow: scroll;
-  border-top: 1px solid var(--main-color-ligther);
+  overflow-x: hidden;
+  border-top: 5px solid var(--bs-gray-400);
   margin-top: 10px;
   padding: 1em;
-  border-bottom: 1px solid var(--main-color-ligther);
+  border-bottom: 5px solid var(--bs-gray-400);
 }
 
 .freind-list .friend-list-box .friends {
   display: flex;
   margin: 1em 0;
+  justify-content: space-between;
 }
 
 
@@ -129,8 +136,51 @@ body {
   margin-top: 5px;
   color: var(--main-color-gray);
 }
+.freind-list .friend-list-box .friends .cals {
+  align-items: center;
+}
+.freind-list .friend-list-box .friends .cals i {
+  margin: 0 10px;
+}
+
+.freind-list .friend-list-box .friends .cals button.message-button i {
+  color: var(--main-color);
+}
+.freind-list .friend-list-box .friends .cals button {
+  background: transparent;
+  border: none;
+}
+.freind-list .friend-list-box .friends .cals > button.green {
+  color: var(--bs-success);
+}
+
+.freind-list .friend-list-box .friends .cals > button.red {
+  color: var(--bs-danger);
+}
+
+.freind-list .friend-list-box .friends .cals > form:nth-child(1) button{
+  color: var(--bs-success);
+}
+
+.freind-list .friend-list-box .friends .cals >  form:nth-child(2) button {
+  color: var(--bs-danger);
+}
+
+
+.freind-list .videos {
+  display: flex;
+}
+
+.freind-list .videos video {
+  width: 50%;
+}
+
+
+
 
 /* friend list page */
+
+
 .author {
   color: #FF5722;
   background: #2196f34d;
@@ -154,7 +204,7 @@ body {
 .sidebar {
   background: #ffffff;
   border: 1px solid #edeaea;
-  margin: 1rem;
+  margin: 15px 1rem;
   padding: 1rem;
   border-radius: 5px;
   position: fixed;
@@ -201,6 +251,10 @@ body {
   border-radius: 5px;
   transition: background 0.7s ease-in-out;
 }
+
+.sidebar .profile_menu .is-admin a i {
+  color: #FFC107;
+}
 .sidebar .profile_menu ul li:hover {
   background-color: var(--main-menu-color-hover);
 }
@@ -259,7 +313,7 @@ body {
   border-bottom: 1px solid var(--main-color-ligther);
 }
 
-.rsidebar .feeds {
+.rsidebar .topics {
   margin: 10px 0;
   background: #efefef;
   border-radius: 10px;
@@ -273,11 +327,11 @@ body {
   padding: 1em;
   margin: 15px 0 0 0;
   border-radius: 5px;
-  background: white;
-  transition: background 0.3s ease-in-out;
+  background-color: white;
+  transition: background-color 0.3s ease-in-out;
 }
 .twit:hover {
-  background: #eef0f2;
+  background-color: #eef0f2;
 }
 .twit .twit-owner {
   display: flex;
@@ -310,10 +364,16 @@ body {
 .twit .twit-header {
   margin: 15px 0px;
 }
+.twit .twit-header h5{
+  font-weight: 600;
+  text-decoration: underline;
+}
 .twit .twit-body img {
   position: relative;
   width: 100%;
   border-radius: 3%;
+  max-height: 300px;
+  object-fit: cover;
 }
 
 
@@ -365,6 +425,83 @@ body {
   background-color: rgb(255 193 7 / 33%);
   color: var(--bs-black);
 }
+
+
+/* friend proposal */
+.friend_proposal {
+  background-color: white;
+  margin: 15px 0;
+  border-radius: 10px;
+  padding: 15px 0;
+}
+.friend_proposal .header {
+  padding: 1rem;
+  font-weight: bold;
+}
+.friend_proposal .proposal {
+  display: flex;
+}
+.friend_proposal .person {
+  display: flex;
+  flex-direction: column;
+  justify-content: flex-start;
+  align-items: center;
+  width: 130px;
+  padding: 0 10px;
+  box-sizing: border-box;
+}
+.friend_proposal .person:hover .person_content  {
+  background: var(--bs-primary-bg-subtle);
+} 
+.friend_proposal .person .person_image {
+  position: relative;
+  top: 7px;
+  z-index: 1;
+  height: 30%;
+
+}
+.friend_proposal .person .person_image img {
+  width: 70px;
+  border: 5px solid var(--bs-white);
+  border-radius: 100%;
+}
+.friend_proposal .person .person_content {
+  background: var(--bs-gray-400);
+  text-align: center;
+  border-radius: 5px;
+  min-height: 70%;
+  min-width: 100%;
+  display: flex;
+  flex-direction: column;
+  justify-content: end;
+  transition: background 0.6s ease-in-out;
+}
+.friend_proposal .person .person_content .person_details {
+  padding-top: 15px;
+  font-size: 13px;
+  text-transform: lowercase;
+  margin-bottom: 5px;
+}
+
+.friend_proposal .person .person_content .connect button {
+  font-size: 10pt;
+  border-radius: 10px;
+  margin-bottom: 6px;
+  text-transform: lowercase;
+  padding: 2px 12px;
+  background: #2c9afb;
+  border: none;
+  color: white;
+  transition: background 0.5s ease-in-out;
+}
+
+.friend_proposal .person .person_content .connect button:hover {
+  background: #146ebe;
+}
+
+/* friend proposal */
+
+
 /* index twits */
 
 /* verify email */
@@ -392,5 +529,232 @@ body {
   background: white;
   border-radius: 10px;
   padding: 1em;
+} 
+/* verify_account */
+
+
+/* settings  */
+
+.settings {
+  background-color: white;
+  padding: 1em;
+  border-radius: 10px;
+  margin-top: 15px;
+}
+.settings  h6 {
+  font-weight: bold;
+  margin: 10px 0;
+}
+
+.settings .profile {
+  border: 1px solid var(--bs-gray-300);
+  border-radius: 10px;
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  padding: 10px;
+}
+
+.settings .profile .p_details {
+  display: flex;
+  align-items: center;
+ 
+}
+.settings .profile .p_details .user-name {
+  margin-left: 15px;
+}
+.settings .profile .p_details .user-name p{
+  margin: 0;
+  text-transform: uppercase;
+  font-weight: bold;
+  font-size: 12px;
+  color: var(--bs-gray);
+}
+.settings .profile .p_details .p_image img {
+  width: 50px;
+  border-radius: 100%;
+}
+
+.profile .config button {
+  background: transparent;
+  border: 1px solid lightgray;
+  border-radius: 30px;
+  padding: 2px 10px;
+  font-size: 10pt;
+}
+
+.profile .config button span,i {
+  margin: 0 5px;
+}
+
+.profile button > i, .p_info button > i {
+  color: var(--bs-code-color);
+}
+
+.profile .config {
+  display: flex;
+  flex-direction: column;
+  justify-content: space-around;
+  align-items: center;
+}
+
+.p_info {
+  margin: 15px 0;
+  border: 1px solid var(--bs-gray-300);
+  border-radius: 10px;
+  padding: 15px;
+}
+.p_info h6 {
+  margin: 0;
+  color: var(--bs-gray-600);
+  font-size: 13px;
+}
+
+.p_info .header {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  width: 100%;
+}
+.p_info .config button {
+  background: transparent;
+  border: 1px solid lightgray;
+  border-radius: 30px;
+  padding: 2px 10px;
+  font-size: 10pt;
+}
+.p_info .user_info .line {
+  display: flex;
+  justify-content: space-between;
+  margin: 20px 0;
+}
+.p_info .user_info .line label,b{
+  display: block;
+  font-size: 13px;
+  font-weight: bold;
+}
+
+.p_info .user_info .line div {
+  min-width: 100px;
+}
+
+.p_info .user_info .line label {
+  color: var(--bs-gray-600);
+
+}
+
+.p_info .user_info .line .profile_bio p {
+  margin: 5px 0;
+}
+
+.p_info .user_info .line div.delete_acount button {
+  border: none;
+  background: var(--bs-form-invalid-border-color);
+  color: white;
+  padding: 5px 10px;
+  border-radius: 10px;
+  margin-top: 10px;
+
+}
+
+/* settings  */
+
+
+/* messages */
+.messages, .admin-page {
+  background-color: white;
+  border-radius: 10px;
+  margin-top: 15px;
+  padding: 1rem;
+}
+.messages .message-dist {
+  display: flex;
+}
+.messages .message-dist .message-dist-image {
+  margin-right: 10px;
+}
+.messages .message-dist .message-dist-image img {
+  height: 50px;
+  border-radius: 100%;
+}
+
+.messages .message-dist .message-dist-username p {
+  margin: 0;
+}
+.messages .message-dist .message-dist-username p:nth-child(2) {
+  color: var(--main-color-gray);
+  font-size: 12px;
+} 
+.messages .message-dist .message-dist-username p span:nth-child(2){
+  color: var(--main-color-ligther);
+  font-size: 15px;
+}
+.messages .message-box {
+  min-height: 200px;
+  border: 1px solid var(--main-color-gray);
+  border-radius: 10px;
+  margin: 10px 0px;
+  max-height: 350px;
+  overflow: scroll;
+  padding: 10px 5px;
+}
+
+.messages .message-box p {
+  width: fit-content;
+  margin: 5px 10px;
+  background: var(--main-color-ligther);
+  color: white;
+  padding: 4px 14px;
+  font-size: 13px;
+}
+.messages .message-box div.me {
+  display: flex;
+  justify-content: end;
+}
+.messages .message-box div.target p {
+  border-radius: 10px 0px;
+}
+.messages .message-box div.me p {
+  border-radius: 0px 10px;
+}
+
+
+.messages .input-message input {
+  border: 1px solid var(--bs-gray-500);
+  padding: 5px 10px;
+  border-radius: 10px;
+  outline: none;
+  color: var(--bs-gray-600);
+  min-width: 84%;
+}
+
+.messages .input-message button {
+  border: none;
+  background: var(--main-color);
+  color: white;
+  padding: 5px 10px;
+  border-radius: 10px;
+  outline: none;
+}
+/* messages */
+
+
+
+/* admin */
+
+.admin-page {
+  width: 150%;
+}
+.admin-page tbody {
+  font-size: 12px;
+}
+
+.admin-page tbody tr {
+  line-height: 50px;
+}
+
+.admin-page tbody tr img {
+  width: 50px;
+  border-radius: 100%;
 }
-/* verify_account */
\ No newline at end of file
+/* admin */
diff --git a/edit_profile.php b/edit_profile.php
new file mode 100644
index 0000000000000000000000000000000000000000..31f0e92bdcdc7540a6f89e10e39770cb2651dd37
--- /dev/null
+++ b/edit_profile.php
@@ -0,0 +1,212 @@
+<?php
+require_once 'header.php';
+
+if (!$obj->loggedin($obj)) {
+    header("Location: login.php");
+}
+if (!$obj->acountVerified($obj)) {
+    header("Location: verifyemail.php");
+}
+
+$logged_user = $_SESSION['logged_user'];
+$user = $obj->getUserByEmail($obj, $logged_user);
+
+
+
+$provided_user_name = NULL;
+$provided_password = NULL;
+$provided_age = NULL;
+$provided_bio = NULL;
+$errors = NULL;
+$message = NULL;
+
+$profileImageName = null;
+$profileImageTmpName = null;
+$fileSize = null;
+$fileError = null;
+
+if (isset($_POST['user_name'])) {
+    $provided_user_name = $_POST['user_name'];
+}
+
+
+if (isset($_FILES["profile_image"]["name"])) {
+    $profileImageName = $_FILES["profile_image"]["name"];
+    $profileImageTmpName = $_FILES["profile_image"]["tmp_name"];
+    $fileSize = $_FILES["profile_image"]["size"];
+    $fileError = $_FILES["profile_image"]["error"];
+}
+
+if (isset($_POST['password'])) {
+    $provided_password = $_POST['password'];
+}
+
+if (isset($_POST['age'])) {
+    $provided_age = $_POST['age'];
+}
+
+if (isset($_POST['bio'])) {
+    $provided_bio = $_POST['bio'];
+}
+
+
+if (
+    isset($provided_user_name)
+    && isset($provided_age)
+    && isset($provided_bio)
+    && !empty($profileImageName)
+    && !empty($provided_password)
+) {
+    // hashed password 
+    $hashed_password = password_hash($provided_password, PASSWORD_BCRYPT);
+    // errors during upload
+    if ($fileError === 0) {
+        // delete pervious image_profile 
+
+        if (!unlink($user['profile_image'])) {
+            $errors = "can't delete old image";
+        }
+
+        // upload directory 
+        $uploadDir = "uploads/";
+
+        // Generate a unique name for the uploaded file
+        $uniqueFileName = $uploadDir . uniqid() . "_" . $profileImageName;
+        // Move the file from the temporary location to the desired directory
+        if (move_uploaded_file($profileImageTmpName, $uniqueFileName)) {
+            $query = "UPDATE `users` SET user_name= '$provided_user_name',password='$hashed_password', profile_image='$uniqueFileName', age='$provided_age',bio='$provided_bio' where email='$logged_user'";
+            $result = $obj->executeQuery($query);
+            if ($result) {
+                $message = 'profile updated successfuly';
+                $user = $obj->getUserByEmail($obj, $logged_user);
+            }
+        } else {
+            $errors = "Error uploading file.";
+        }
+    }
+
+
+} else if (
+    isset($provided_user_name)
+    && isset($provided_age)
+    && isset($provided_bio)
+) {
+
+    if (empty($profileImageName) && empty($provided_password)) {
+        $query = "UPDATE `users` SET user_name= '$provided_user_name', age='$provided_age',bio='$provided_bio' where email='$logged_user'";
+        $result = $obj->executeQuery($query);
+
+        if ($result) {
+            $message = 'profile updated successfuly';
+            $user = $obj->getUserByEmail($obj, $logged_user);
+        }
+    }
+
+    // don't want change profile_image 
+    else if (empty($profileImageName) && !empty($provided_password)) {
+        // hashed password 
+        $hashed_password = password_hash($provided_password, PASSWORD_BCRYPT);
+
+        $query = "UPDATE `users` SET user_name= '$provided_user_name',password='$hashed_password', age='$provided_age',bio='$provided_bio' where email='$logged_user'";
+        $result = $obj->executeQuery($query);
+
+        if ($result) {
+            $message = 'profile updated successfuly';
+            $user = $obj->getUserByEmail($obj, $logged_user);
+        }
+
+    } else if (!empty($profileImageName) && empty($provided_password)) {
+        if ($fileError === 0) {
+            // delete pervious image_profile 
+
+            if (!unlink($user['profile_image'])) {
+                $errors = "can't delete old image";
+            }
+            // upload directory 
+            $uploadDir = "uploads/";
+
+            // Generate a unique name for the uploaded file
+            $uniqueFileName = $uploadDir . uniqid() . "_" . $profileImageName;
+            // Move the file from the temporary location to the desired directory
+            if (move_uploaded_file($profileImageTmpName, $uniqueFileName)) {
+                $query = "UPDATE `users` SET user_name= '$provided_user_name', profile_image='$uniqueFileName', age='$provided_age',bio='$provided_bio' where email='$logged_user'";
+                $result = $obj->executeQuery($query);
+                if ($result) {
+                    $message = 'profile updated successfuly';
+                    $user = $obj->getUserByEmail($obj, $logged_user);
+                }
+            } else {
+                $errors = "Error uploading file.";
+            }
+        }
+    }
+}
+
+?>
+
+<div class="container m-3 d-flex justify-content-start flex-wrap">
+
+    <div class="content">
+        <div class="signup">
+            <h2 class='text-center'>Edit Profile</h2>
+
+            <text class='text-danger text-center'>
+                <?php
+                if ($errors != null) {
+                    echo $errors;
+                }
+                ?>
+            </text>
+
+            <text class='text-success text-center'>
+                <?php
+                if ($message != null) {
+                    echo $message;
+                }
+                ?>
+            </text>
+
+
+            <form action="" method="POST" enctype="multipart/form-data">
+                <div class="mb-3">
+                    <label for="user_name" class="form-label">User Name</label>
+                    <input value="<?php echo $user['user_name'] ?>" type="text" name="user_name" class="form-control"
+                        id="user_name" aria-describedby="user_name">
+                </div>
+
+                <div class="mb-3">
+                    <label for="age" class="form-label">Age</label>
+                    <input value="<?php echo $user['age'] ?>" type="number" name="age" class="form-control" id="age"
+                        aria-describedby="ageHelp">
+                </div>
+
+                <div class="mb-3">
+                    <label for="email" class="form-label">Profile Image </label>
+                    <input type="file" name="profile_image" class="form-control" id="profile_photo" multiple>
+                </div>
+
+                <div class="mb-3">
+                    <label for="password" class="form-label">Password</label>
+                    <input type="password" name="password" class="form-control" id="password">
+                </div>
+
+                <div class="mb-3">
+                    <label for="bio" class="form-label">Bio</label>
+                    <textarea name="bio" class="form-control" id="bio"
+                        aria-describedby="bioHelp"><?php echo $user['bio'] ?></textarea>
+
+                </div>
+
+
+
+                <div class="d-flex justify-content-between">
+                    <button type="submit" class="btn btn-danger">submit</button>
+                </div>
+            </form>
+        </div>
+    </div>
+
+</div>
+<?php
+include_once 'footer.php';
+?>
\ No newline at end of file
diff --git a/footer.php b/footer.php
index 2cfdc2aea64d86eece43214dd8700de84a2fcc42..73ef5bf71b487b605d5fc4e33d6e45ade5a36423 100644
--- a/footer.php
+++ b/footer.php
@@ -12,11 +12,15 @@
                 <div class="input_search">
                     <input type="text">
                 </div>
-            </div>
-    
-            <div class="feeds">
-                What\'s happening?
-            </div>
+            </div>';
+
+        ?>
+
+
+        <div class="topics">
+            <b>Todays Hot topic</b>
+        </div>
+        <?php echo '
             <div>
                 <blockquote class="twitter-tweet">
                     <p lang="fr" dir="ltr">La classe à la française. <a
@@ -44,4 +48,6 @@
     crossorigin="anonymous"></script>
 </body>
 
+<script src="js/main.js"></script>
+
 </html>
\ No newline at end of file
diff --git a/forgotpassword.php b/forgotpassword.php
index e0738bbcf6245821053b3c4637ba00b9839392c7..ba4a0d58e7bd604a77f563cb1bbea22c1bc6a333 100644
--- a/forgotpassword.php
+++ b/forgotpassword.php
@@ -38,12 +38,24 @@ if (!empty($_POST['email']) && !empty($_POST['password'])) {
 
         $token = hash('sha256', time() . $provided_email . 'BX');
 
+        // signup token 
+        $token = hash('sha256', time() . $provided_email . 'BX');
+
+
+        $message = ['email' => $provided_email, 'token' => $token];
+
+        $verification_token = ['message' => $message, 'reset' => 1, 'hash_of_message' => $obj->encrypt(json_encode($message))];
+
+
+        $encrypted_token = $obj->encrypt(json_encode($verification_token));
+
+
         $query = "update users set email_verified= 0 , password='$hashed_password', password_reset_token = '$token', verified_at = current_timestamp where email='$provided_email';";
         $result = $obj->executeQuery($query);
         if ($result) {
             $body = '
             <p>click on this link below to reset password</p>
-            <p><b><a href="localhost/verifyAcount.php?token=' . $token . '&email=' . $provided_email . '&reset=1">confirm reset password</a></b></p>
+            <p><b><a href="localhost/verifyAcount.php?token=' . $encrypted_token . '">confirm reset password</a></b></p>
         ';
 
             $sended = $obj->sendMail($provided_email, 'confirm reset password', $body);
diff --git a/friends.php b/friends.php
index 7d0ed4c69f791da2455948bba643803156dedfc1..8f2919134fadb2bdd60d8f6298ec71549de9533e 100644
--- a/friends.php
+++ b/friends.php
@@ -8,31 +8,245 @@ if (!$obj->loggedin($obj)) {
 if (!$obj->acountVerified($obj)) {
     header("Location: verifyemail.php");
 }
+$loged_user_email = $_SESSION['logged_user'];
+$user_id = $obj->getUserIdByEmail($obj, $loged_user_email);
+
+$user = $obj->getUserByEmail($obj, $loged_user_email);
+$user_name = $user['user_name'];
+
+
+$query = "SELECT user2.* FROM users
+        LEFT JOIN user_has_friend ON users.id = user_has_friend.user_id2
+        LEFT JOIN users AS user2 ON user2.id = user_id1
+        WHERE user_id2 = '$user_id' AND accepted = 0;";
+
+$friend_requests = $obj->executeQuery($query);
+
+
+$query = "SELECT user2.* FROM users
+        LEFT JOIN user_has_friend ON users.id = user_has_friend.user_id2
+        LEFT JOIN users AS user2 ON user2.id = user_id1
+        WHERE user_id2 = '$user_id' AND accepted = 1;";
+
+$friends = $obj->executeQuery($query);
+
 
 ?>
 
 <div class="freind-list">
     <div class="title">
-        Connections
+        new requests
     </div>
     <div class="friend-list-box">
         <?php
-        for ($i = 0; $i < 10; $i++) {
+        while ($row = mysqli_fetch_assoc($friend_requests)) {
             echo '<div class="friends">
+            <div class="d-flex">
                 <div class="friends-image">
-                    <img src="uploads/profile.jpg" alt="">
+                    <img src="' . $row['profile_image'] . '" alt="">
                 </div>
                 <div class="friend-details">
-                    <p>ahmadi zabiullah</p>
+                    <p>' . $row['user_name'] . '</p>
                     <p>@USER</p>
                 </div>
             </div>
-        ';
+
+            <div class="cals d-flex">
+                <form action="accepte_or_reject_friend.php" method="post">
+                    <input type="text" name="accepte" value="' . $row['id'] . '" id="" style="display:none">
+                    <button type="submit"><i class="fa-solid fa-check"></i> accepte</button>
+                </form>
+                
+            
+
+                <form action="accepte_or_reject_friend.php" method="post">
+                    <input type="text" name="rejecte" value="' . $row['id'] . '" id="" style="display:none">
+                    <button type="submit"><i class="fa-solid fa-ban"></i> reject</button>
+                </form>
+                
+            </div>
+        </div>';
         }
         ?>
     </div>
+
 </div>
 
+
+
+<div class="freind-list">
+    <div class="title">
+        friend list
+    </div>
+    <div class="friend-list-box">
+
+        <?php
+        while ($row = mysqli_fetch_assoc($friends)) {
+            echo '<div class="friends">
+            <div class="d-flex">
+                <div class="friends-image">
+                    <img src="' . $row['profile_image'] . '" alt="">
+                </div>
+                <div class="friend-details">
+                    <p>' . $row['user_name'] . '</p>
+                    <p>@USER</p>
+                </div>
+            </div>
+
+            <div class="cals d-flex">
+                <form action="messages.php" method="POST">
+                    <input type="text" name="target_user_mail" value="' . $row['email'] . '"  style="display:none">
+                    <button type="submit" class="message-button"><i class="fa-solid fa-message"></i></button>
+                </form>
+                <button class="green" onclick="calluser(\'' . $row['user_name'] . '\', false)" href=""><i class="fa-solid fa-phone"></i></button>
+                <button class="red" onclick="calluser(\'' . $row['user_name'] . '\', true)" href=""><i class="fa-solid fa-video"></i></button>
+            </div>
+        </div>';
+        }
+        ?>
+
+
+
+    </div>
+
+    <div class="videos">
+        <video id="localVideo" autoplay></video>
+        <video id="remoteVideo" autoplay></video>
+    </div>
+</div>
+
+
+
+
+<script src="https://unpkg.com/peerjs@1.5.1/dist/peerjs.min.js"></script>
+<script>
+    var peer;
+    var ringLoop;
+    var isvideo = true;
+    window.onload = function () {
+        peer = new Peer("<?php echo $user_name; ?>");
+        peer.on('open', function (id) {
+            console.log('open', id);
+        });
+
+
+        peer.on('connection', function (conn) {
+            conn.on('data', function (data) {
+                console.log(data);
+                if (data == 'isAudioCall') {
+                    isvideo = false;
+                }
+
+            });
+        });
+
+
+        peer.on('call', function (call) {
+
+            if (isvideo) {
+                console.log("isvideo");
+            } else {
+                console.log("isaudio");
+            }
+
+            if (confirm("you have a call")) {
+                var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia;
+                getUserMedia({ video: isvideo, audio: true })
+                    .then(function (stream) {
+                        call.answer(stream); // Answer the call.
+
+                        call.on('stream', function (remoteStream) {
+
+                            let remoteVideo = document.getElementById('remoteVideo');
+                            remoteVideo.srcObject = remoteStream;
+                        });
+
+                        let localVideo = document.getElementById('localVideo');
+                        localVideo.srcObject = stream;
+                        if (!isvideo) {
+                            stream.getVideoTracks()[0].stop();
+                            localVideo.srcObject = null;
+                        }
+
+
+                    })
+                    .catch(function (err) {
+                        console.log('Failed to get local stream reciever', err);
+                    });
+
+            } else {
+                let callerId = call.peer;
+                let reciever = peer.connect(callerId);
+                // on open will be launch when you successfully connect to PeerServer
+                reciever.on('open', function () {
+                    reciever.send('refused');
+                });
+            }
+
+
+        });
+    }
+    function calluser(userid, isVideo) {
+
+
+        if (!isVideo) {
+            let reciever = peer.connect(userid);
+            // on open will be launch when you successfully connect to PeerServer
+            reciever.on('open', function () {
+                reciever.send('isAudioCall');
+            });
+        }
+
+
+        var getUserMedia = navigator.mediaDevices.getUserMedia || navigator.mediaDevices.webkitGetUserMedia || navigator.mediaDevices.mozGetUserMedia;
+        getUserMedia({ video: isVideo, audio: true })
+            .then(function (stream) {
+
+                var call = peer.call(userid, stream);
+
+                console.log("calling ...", userid);
+                var aud = new Audio('/images/ringing.mp3');
+
+                var aud_replay_duration = 0;
+                aud.onloadeddata = function (data) {
+                    aud_replay_duration = aud.duration;
+                    aud.play();
+                    ringLoop = setInterval(function () {
+                        aud.play();
+                    }, aud_replay_duration + 3000);
+                }
+
+                call.on('stream', function (remoteStream) {
+                    clearInterval(ringLoop);
+                    console.log("call accepted", userid);
+
+                    let localVideo = document.getElementById('localVideo');
+                    localVideo.srcObject = stream;
+
+                    let remoteVideo = document.getElementById('remoteVideo');
+                    remoteVideo.srcObject = remoteStream;
+
+                });
+
+                peer.on('connection', function (conn) {
+                    conn.on('data', function (data) {
+                        if (data == 'refused') {
+                            clearInterval(ringLoop);
+                            console.log('call refused');
+                        }
+                    });
+                });
+
+            })
+            .catch(function (err) {
+                console.log('Failed to get local stream caller', err);
+            });
+
+
+    }
+</script>
+
+
 <?php
 include_once 'footer.php';
 ?>
\ No newline at end of file
diff --git a/header.php b/header.php
index c2e8b68f087fc59a050ca4275077fb50784ecf23..346858c114eda9d46828c475e27d4c98fa60e4ae 100644
--- a/header.php
+++ b/header.php
@@ -22,7 +22,8 @@ $obj = new Connection();
 <body>
     <nav class="navbar bg-ligth navbar-expand-lg border-bottom border-body bg-body-tertiary" data-bs-theme="ligth">
         <div class="container">
-            <a class="navbar-brand" href="index.php"><i class="fa-brands fa-twitter" style="color: #146ebe;"></i></a>
+            <a class="navbar-brand" href="index.php">secure app <i class="fa-brands fa-twitter"
+                    style="color: #146ebe;"></i></a>
             <button class="navbar-toggler" type="button" data-bs-toggle="collapse"
                 data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false"
                 aria-label="Toggle navigation">
@@ -30,11 +31,6 @@ $obj = new Connection();
             </button>
             <div class="collapse navbar-collapse" id="navbarSupportedContent">
                 <ul class="navbar-nav me-auto mb-2 mb-lg-0">
-                    <li class="nav-item">
-                        <a class="nav-link active" aria-current="page" href="index.php">Acueil</a>
-                    </li>
-
-
                 </ul>
                 <div class="d-flex">
                     <form class="d-flex" role="search">
@@ -53,8 +49,6 @@ $obj = new Connection();
                         ?>
                         </button>
                     </form>
-
-
                 </div>
 
             </div>
@@ -67,13 +61,17 @@ $obj = new Connection();
             <div class="col-3">
 
                 <?php
+
                 if ($obj->loggedin($obj) && $obj->acountVerified($obj)) {
+                    $logged_user = $_SESSION['logged_user'];
+                    $user = $obj->getUserByEmail($obj, $logged_user);
+
                     echo '<div class="sidebar">
                     <div class="profile_image">
-                        <img src="uploads/profile.jpg" alt="">
+                        <img src="' . $user['profile_image'] . '" alt="">
                     </div>
                     <div class="profile_info">
-                        ahmadi zabiullah
+                        ' . $user['user_name'] . '
                         <span class="post__headerSpecial">
                             <span class="material-icons post__badge"> verified
                             </span>
@@ -82,11 +80,15 @@ $obj = new Connection();
     
                     <div class="profile_menu">
                         <ul>
-                            <li><a href="profile.php"><i class="fa-solid fa-address-card"></i> <i>Profile</i></a></li>
+                            <li>
+                            <a class="nav-link active" aria-current="page" href="index.php"><i class="fa-solid fa-house"></i> <i>Home</i></a>
+                            
+                            </li>
                             <li><a href="twits.php"><i class="fa-brands fa-twitter"></i> <i>twits</i></a></li>
                             <li><a href="friends.php"><i class="fa-solid fa-user-group"></i> <i>friends</i></a></li>
-                            <li><a href=""><i class="fa-regular fa-message"></i> <i>messages</i></a></li>
-                            <li><a href="setting.php"><i class="fa-solid fa-gear"></i> <i>settings</i></a></li>
+                            <li><a href="settings.php"><i class="fa-solid fa-gear"></i> <i>settings</i></a></li>
+                            <li class="is-admin"><a href="Admin.php"><i class="fa-solid fa-crown"></i> <i>Admin</i></a></li>
+                            
     
                         </ul>
                     </div>
@@ -97,4 +99,4 @@ $obj = new Connection();
                 ?>
 
             </div> <!--end of col-3 -->
-            <div class="col-6">
\ No newline at end of file
+            <div class="col-6" style="margin-left: -10px;padding-left: 0;">
\ No newline at end of file
diff --git a/index.php b/index.php
index 9972feb6171b46cae1c77d2722ab0d804448aa74..cb023f45ff71689ab01b63fab2423989c7e92b70 100644
--- a/index.php
+++ b/index.php
@@ -9,103 +9,119 @@ if (!$obj->acountVerified($obj)) {
 
   header("Location: verifyemail.php");
 }
+$loged_user_email = $_SESSION['logged_user'];
+$loged_user_id = $obj->getUserIdByEmail($obj, $loged_user_email);
 
 
-$query = "SELECT * FROM posts
-          LEFT JOIN users on users.id = posts.user_id;
+$query = "SELECT u.id, u.user_name,u.profile_image, f1.*, f2.*
+FROM users u
+LEFT JOIN user_has_friend f1 ON u.id = f1.user_id1 AND f1.user_id2 = $loged_user_id
+LEFT JOIN user_has_friend f2 ON u.id = f2.user_id2 AND f2.user_id1 = $loged_user_id
+WHERE u.email != '$loged_user_email' AND u.id != $loged_user_id
+AND (f1.user_id2 IS NULL AND f2.user_id1 IS NULL);
 ";
-$result = $obj->executeQuery($query);
-
 
+$users = $obj->executeQuery($query);
 
-?>
 
-<div class="d-flex justify-content-start flex-wrap">
 
-  <div class="twit">
-    <div class="twit-owner">
-      <div class="owner-image">
-        <img src="uploads/profile.jpg" alt="">
-      </div>
-      <div class="owner-username">
-        <p>
-          <a href=""><span>zabiullah ahmadi</span></a>
-          <span class="material-icons post__badge"> verified
-          </span>
-        </p>
-        <p>@USER</p>
-      </div>
+?>
 
-    </div>
-    <div class="twit-header">
-      Lorem ipsum dolor, sit amet consectetur adipisicing elit. Aliquam deserunt impedit possimus quis! Omnis fugiat
-      sequi nostrum beatae optio sint, dolor mollitia delectus recusandae distinctio. Id ex doloribus voluptas
-      veritatis.
-    </div>
-    <div class="twit-body">
-      <img src="uploads/tesla.jpeg" alt="">
-    </div>
-    <div class="twit-footer">
-      <div class="twit-date">
-        <p>12:09 PM 10 Nov 2023</p>
+<div class="friend_proposal">
+  <div class="header">
+    Peoples you may know
+  </div>
+  <div class="proposal">
+    <?php
+    while ($row = mysqli_fetch_array($users)) {
+      echo '<div class="person">
+      <div class="person_image">
+        <img src="' . $row['profile_image'] . '" alt="">
       </div>
-
-      <div class="share_like">
-        <i class="fa-regular fa-comment"></i>
-        <i class="fa-solid fa-arrow-up-right-from-square"></i>
-        <i class="fa-regular fa-heart"></i>
-        <i class="fa-regular fa-bookmark"></i>
+      <div class="person_content">
+        <div class="person_details">
+          <b>' . $row['user_name'] . '</b>
+        </div>
+        <div class="connect">
+          <form action="add_friend.php" method="post">
+          <input type="hidden" name="friend" value="' . $row['id'] . '">
+            <button type="submit">Follow</button>
+          </form>
+            
+        </div>
       </div>
-
-    </div>
-
-
+    </div>';
+    }
+    ?>
   </div>
 
 
-  <div class="twit">
-    <div class="twit-owner">
-      <div class="owner-image">
-        <img src="uploads/profile.jpg" alt="">
-      </div>
-      <div class="owner-username">
-        <p>
-          <a href=""><span>zabiullah ahmadi</span></a>
-          <span class="material-icons post__badge"> verified
-          </span>
-        </p>
-        <p>@USER</p>
-      </div>
+</div>
 
-    </div>
-    <div class="twit-header">
-      Lorem ipsum dolor, sit amet consectetur adipisicing elit. Aliquam deserunt impedit possimus quis! Omnis fugiat
-      sequi nostrum beatae optio sint, dolor mollitia delectus recusandae distinctio. Id ex doloribus voluptas
-      veritatis.
-    </div>
-    <div class="twit-body">
-      <img src="uploads/nature.jpeg" alt="">
-    </div>
-    <div class="twit-footer">
-      <div class="twit-date">
-        <p>12:09 PM 10 Nov 2023</p>
-      </div>
 
-      <div class="share_like">
-        <i class="fa-regular fa-comment"></i>
-        <i class="fa-solid fa-arrow-up-right-from-square"></i>
-        <i class="fa-regular fa-heart"></i>
-        <i class="fa-regular fa-bookmark"></i>
-      </div>
 
+<?php
+$query = "SELECT * FROM posts
+LEFT JOIN users on users.id = posts.user_id;
+";
+$posts = $obj->executeQuery($query);
+
+while ($row = mysqli_fetch_array($posts)) {
+  $isAdmin = '';
+  if ($row['isAdmin'] == false) {
+    $isAdmin = '@USER';
+  } else {
+    $isAdmin = '@ADMIN';
+  }
+
+  echo '
+      <div class="d-flex justify-content-start flex-wrap">
+      <div class="twit">
+        <div class="twit-owner">
+          <div class="owner-image">
+            <img src="' . $row['profile_image'] . '" alt="">
+          </div>
+          <div class="owner-username">
+            <p>
+              <a href=""><span>' . $row['user_name'] . '</span></a>
+              <span class="material-icons post__badge"> verified
+              </span>
+            </p>
+            <p>' . $isAdmin . '</p>
+          </div>
+
+        </div>
+        <div class="twit-header">
+          <h4>' . $row['title'] . '</h4>
+          ' . $row['body'] . '
+        </div>
+        <div class="twit-body">
+          <img src="' . $row['image_url'] . '" alt="">
+        </div>
+        <div class="twit-footer">
+          <div class="twit-date">
+            <p>12:09 PM 10 Nov 2023</p>
+          </div>
+
+          <div class="share_like">
+            <i class="fa-regular fa-comment"></i>
+            <i class="fa-solid fa-arrow-up-right-from-square"></i>
+            <i class="fa-regular fa-heart"></i>
+            <i class="fa-regular fa-bookmark"></i>
+          </div>
+        </div>
+      </div>
+      
     </div>
+  
+  ';
+}
 
 
-  </div>
-
-
+?>
 
-</div>
 <?php
 include_once 'footer.php';
-?>
\ No newline at end of file
+?>
+
+
diff --git a/js/main.js b/js/main.js
index c87acf331cad1a643e707e37795c2973bf1b6b81..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 100644
--- a/js/main.js
+++ b/js/main.js
@@ -1,9 +0,0 @@
-$(document).ready(function () {
-    if ($(window).width() > 991){
-    $('.navbar-light .d-menu').hover(function () {
-            $(this).find('.sm-menu').first().stop(true, true).slideDown(150);
-        }, function () {
-            $(this).find('.sm-menu').first().stop(true, true).delay(120).slideUp(100);
-        });
-        }
-    });
\ No newline at end of file
diff --git a/messages.php b/messages.php
new file mode 100644
index 0000000000000000000000000000000000000000..7d197a9a959e8516e034d73225397606580c96b9
--- /dev/null
+++ b/messages.php
@@ -0,0 +1,122 @@
+<?php
+require_once 'header.php';
+
+if (!$obj->loggedin($obj)) {
+    header("Location: login.php");
+}
+if (!$obj->acountVerified($obj)) {
+    header("Location: verifyemail.php");
+}
+
+$logged_user_mail = $_SESSION['logged_user'];
+$logged_user_id = $obj->getUserIdByEmail($obj, $logged_user_mail);
+
+$target_user = null;
+$target_user_mail = null;
+$target_user_id = null;
+$messages = NULL;
+
+function getMessages($obj, $logged_user_id, $target_user_id)
+{
+    $query = "SELECT * FROM user_has_messages
+    WHERE user_id1 = $logged_user_id AND user_id2 = $target_user_id OR (user_id1 = $target_user_id  AND user_id2 = $logged_user_id) order by sended_at;";
+    $messages = $obj->executeQuery($query);
+    return $messages;
+}
+if (isset($_POST["target_user_mail"]) && !empty($_POST["target_user_mail"])) {
+    $target_user_mail = $_POST["target_user_mail"];
+    $target_user_id = $obj->getUserIdByEmail($obj, $target_user_mail);
+    $target_user = $obj->getUserByEmail($obj, $target_user_mail);
+
+    $messages = getMessages($obj, $logged_user_id, $target_user_id);
+
+
+
+
+} else {
+    header("Location: " . $_SERVER['HTTP_REFERER']);
+}
+
+
+
+
+
+if (isset($_POST["message"]) && !empty($_POST["message"]) && isset($_POST["target_user_mail"]) && !empty($_POST["target_user_mail"])) {
+
+    // send message 
+    $message = htmlentities($_POST["message"]);
+
+
+    $message = mysqli_escape_string($obj->getConnection(), $message);
+
+    $query = "INSERT INTO user_has_messages VALUE ($logged_user_id , $target_user_id, '$message', CURRENT_TIMESTAMP);";
+    $result = $obj->executeQuery($query);
+
+    $messages = getMessages($obj, $logged_user_id, $target_user_id);
+
+
+}
+
+?>
+
+<div class="messages">
+    <div class="message-dist">
+        <div class="message-dist-image">
+            <img src="uploads/profile.jpg" alt="">
+        </div>
+        <div class="message-dist-username">
+            <p>
+                <span>
+                    <?php echo $target_user['user_name'] ?>
+                </span>
+                <span class="material-icons post__badge"> verified</span>
+            </p>
+            <p>
+                <?php
+                if ($user['isAdmin'] == false) {
+                    echo '@USER';
+                } else {
+                    echo '@ADMIN';
+                }
+                ?>
+            </p>
+        </div>
+
+    </div>
+    <div class="message-box">
+
+        <?php
+
+        while ($row = mysqli_fetch_assoc($messages)) {
+            if ($row['user_id1'] == $logged_user_id) {
+                echo '
+                    <div class="me">
+                        <p>' . $row['message'] . '</p>
+                    </div>
+                ';
+            } else {
+                echo '
+                    <div class="target">
+                        <p>' . $row['message'] . '</p>
+                    </div>
+                ';
+            }
+        }
+        ?>
+    </div>
+    <div class="input-message">
+        <form action="messages.php" method="POST">
+            <input type="text" name="target_user_mail" value="<?php echo $target_user_mail; ?>" style="display:none">
+            <input type="text" name="message" placeholder="write your message">
+            <button type="submit">
+                <span>send</span>
+                <span>
+                    <i class="fa-solid fa-paper-plane"></i>
+                </span>
+            </button>
+        </form>
+    </div>
+</div>
+<?php
+include_once 'footer.php';
+?>
\ No newline at end of file
diff --git a/prod.env b/prod.env
index 64e1eb1fa6d0c56d57dfccf8e2cae88da8d0d086..df7fba888f070dc7cf3e92854067a65798463d5f 100644
--- a/prod.env
+++ b/prod.env
@@ -8,4 +8,5 @@ SMTP_USER_PASSWORD=your_app_password
 SMTP_PORT=465
 SMTP_PROTOCOL=ssl
 SMTP_SENDER_EMAIL_ADDRESS=webmaster@secur-app.ch
-SESSION_DURATION=3600
\ No newline at end of file
+SESSION_DURATION=3600
+ecryption_key=your_secret_key
\ No newline at end of file
diff --git a/profile.php b/profile.php
deleted file mode 100644
index 7df377792796d90827a40d82afccd25cc4a84272..0000000000000000000000000000000000000000
--- a/profile.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-require_once 'header.php';
-
-if (!$obj->loggedin($obj)) {
-    header("Location: login.php");
-}
-if (!$obj->acountVerified($obj)) {
-    header("Location: verifyemail.php");
-}
-
-?>
-
-<h1>profile</h1>
\ No newline at end of file
diff --git a/settings.php b/settings.php
new file mode 100644
index 0000000000000000000000000000000000000000..fe73be4195b046061c06f79b5425e47dc08c237b
--- /dev/null
+++ b/settings.php
@@ -0,0 +1,164 @@
+<?php
+require_once 'header.php';
+
+if (!$obj->loggedin($obj)) {
+    header("Location: login.php");
+}
+if (!$obj->acountVerified($obj)) {
+    header("Location: verifyemail.php");
+}
+$logged_user = $_SESSION['logged_user'];
+$user = $obj->getUserByEmail($obj, $logged_user);
+
+$delete = null;
+
+if (isset($_POST['delete'])) {
+    $delete = $_POST['delete'];
+
+
+    // delete user posts && posts image 
+    $user_id = $obj->getUserIDByEmail($obj, $logged_user);
+    $query = "SELECT * FROM posts where user_id='$user_id'";
+    $result = $obj->executeQuery($query);
+
+    while ($rows = mysqli_fetch_array($result)) {
+        if (!unlink($rows['image_url'])) {
+            $errors = "can't delete user profile_image";
+        }
+    }
+    // delet user posts 
+    $query = "DELETE FROM posts where user_id='$user_id'";
+    $result = $obj->executeQuery($query);
+
+    // delet user_image 
+    if (!unlink($user['profile_image'])) {
+        $errors = "can't delete user profile_image";
+    }
+    // delete user 
+    $query = "DELETE FROM users where email='$logged_user'";
+    $result = $obj->executeQuery($query);
+    if ($result) {
+        unset($_SESSION['logged_user']);
+        header("Location: login.php");
+    }
+
+}
+
+?>
+
+<div class="settings">
+    <b>
+        <h6>my profile</h6>
+    </b>
+    <div class="profile">
+        <div class="p_details">
+            <div class="p_image">
+                <img id="user_image_profile" src="<?php echo $user['profile_image'] ?>" alt="">
+            </div>
+            <div class="user-name">
+                <p>
+                    <?php echo $user['user_name'] ?>
+                </p>
+                <p>
+                    <?php
+                    if ($user['isAdmin'] == false) {
+                        echo 'USER';
+                    } else {
+                        echo 'ADMIN';
+                    }
+                    ?>
+                </p>
+            </div>
+        </div>
+        <div class="config">
+            <a href="edit_profile.php">
+                <button>
+                    <span>Edit</span> <i class="fa-regular fa-pen-to-square"></i>
+                </button>
+            </a>
+        </div>
+    </div>
+
+
+    <div class="p_info">
+        <div class="header">
+            <div>
+                <b>
+                    <h6>personel info</h6>
+                </b>
+            </div>
+            <div class="config">
+                <a href="edit_profile.php"><button>
+                        <span>Edit</span> <i class="fa-regular fa-pen-to-square"></i>
+                    </button>
+                </a>
+            </div>
+        </div>
+
+
+        <div class="user_info">
+            <div class="line">
+                <div>
+                    <label for="first_name">User Name</label>
+                    <b>
+                        <?php echo $user['user_name'] ?>
+                    </b>
+                </div>
+                <div>
+                    <label>Age</label>
+                    <b>
+                        <?php echo $user['age'] ?>
+                    </b>
+                </div>
+            </div>
+
+
+            <div class="line">
+                <div>
+                    <label>Email</label>
+                    <b>
+                        <?php echo $user['email'] ?>
+                    </b>
+                </div>
+                <div>
+                    <label>Authority</label>
+                    <b>
+                        <?php
+                        if ($user['isAdmin'] == false) {
+                            echo 'USER';
+                        } else {
+                            echo 'ADMIN';
+                        }
+                        ?>
+                    </b>
+                </div>
+            </div>
+
+            <div class="line">
+                <div class="profile_bio">
+                    <label>Bio</label>
+                    <p>
+                        <?php echo $user['bio'] ?>
+                    </p>
+                </div>
+            </div>
+
+            <div class="line">
+                <form action="" method="POST">
+                    <div class="delete_acount">
+                        <label>Delete Account</label>
+                        <input type="text" name="delete" value="delete" style="display: none;">
+                        <button type="submit">delete</button>
+                    </div>
+                </form>
+            </div>
+
+
+        </div>
+
+    </div>
+</div>
+
+<?php
+include_once 'footer.php';
+?>
\ No newline at end of file
diff --git a/twits.php b/twits.php
index 0817684640aeb614252d1f756a74330cec05bd72..c78bd329855c1d78f020690771a6c8828fe2f045 100644
--- a/twits.php
+++ b/twits.php
@@ -73,18 +73,13 @@ if ((isset($post_title) && $post_title != null) && (isset($post_body) && $post_b
         }
     }
 }
-
-
 ?>
 
-
-
-
 <div class="content">
     <div class="register_post">
-        <form action="posts.php" method="POST" enctype="multipart/form-data">
+        <form action="twits.php" method="POST" enctype="multipart/form-data">
             <div class="mb-3">
-                <h5 class="text-primary"> create a new twit </h5>
+                <h6> create a new twit </h6>
 
                 <text class='text-danger text-center'>
                     <?php
diff --git a/verifyAcount.php b/verifyAcount.php
index 79a4678043ab15f9faf74dd2d199332615111562..fd10b424027bf489a233b105a143506ad9e9860f 100644
--- a/verifyAcount.php
+++ b/verifyAcount.php
@@ -10,39 +10,65 @@ $reset = $_GET['reset'];
 $token = $_GET['token'];
 
 
-if ((isset($_GET['email']) && !empty($email)) && (isset($_GET['token']) && !empty($token))) {
+if ((isset($_GET['token']) && !empty($token))) {
 
-    $target_user = $obj->getUserByEmail($obj, $email);
-    $verify_token = (isset($_GET['reset']) && !empty($reset) && $reset == 1) ? $target_user['password_reset_token'] : $target_user['verify_token'];
 
+    $decrypted_token = $obj->decrypt("$token");
 
+    $json_obj = json_decode($decrypted_token);
 
+    $calculated_hash_of_message = $obj->encrypt(json_encode($json_obj->message));
 
-    if ($token == $verify_token) {
+    // check the generated hash : here we are not sure that the message is not altered 
+    if (($json_obj->hash_of_message == $calculated_hash_of_message)) {
 
-        $query = "update users set email_verified =1,password_reset_token=null,verify_token=null, verified_at = CURRENT_TIMESTAMP where email = '$email'";
 
-        $result = $obj->executeQuery($query);
+        $target_user = $obj->getUserByEmail($obj, $json_obj->message->email);
+
+        $verify_token = ($json_obj->reset == 1) ? $target_user['password_reset_token'] : $target_user['verify_token'];
+
+
+        // verify_token and sended token is the same : means that the token is not changed 
+        if ($verify_token == $json_obj->message->token && $target_user['email'] == $json_obj->message->email) {
+
+            // message is not altered and 
+            $email = $target_user['email'];
+
+            $query = "UPDATE users SET email_verified =1,password_reset_token=null,verify_token=null, verified_at = CURRENT_TIMESTAMP where email = '$email'";
+
+            $result = $obj->executeQuery($query);
+
+            $verifed = $obj->connection->affected_rows;
+
+            if ($verifed == 1) {
+                echo '
+                        <div class="verify_account">
+                            <div class="alert alert-success" role="alert">
+                                your email: ' . $email . ' has been verified
+                            </div>
+                            <a href="login.php" class="btn btn-primary">login</a>
+                        </div>
+                    ';
+
+
+            } else {
+                echo '
+                    <div class="verify_account">
+                        <div class="alert alert-danger" role="alert">
+                           error email verification
+                        </div>
 
-        $verifed = $obj->connection->affected_rows;
-        if ($verifed == 1) {
-            echo '
-                <div class="verify_account">
-                    <div class="alert alert-success" role="alert">
-                        your email: ' . $email . ' has been verified
                     </div>
-                    <a href="login.php" class="btn btn-primary">login</a>
-                </div>
-            ';
-        }
+                ';
+            }
 
+        }
     } else {
         echo '
             <div class="verify_account">
                 <div class="alert alert-danger" role="alert">
-                   invalid email or token
+                invalid email or token
                 </div>
-                
             </div>
         ';
     }
@@ -53,7 +79,6 @@ if ((isset($_GET['email']) && !empty($email)) && (isset($_GET['token']) && !empt
             <div class="alert alert-danger" role="alert">
                invalid email or token
             </div>
-            
         </div>
     ';
 }