diff --git a/.gitignore b/.gitignore
index 7032593..5ce4508 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,5 @@ app.log
 __pycache__/
 database.db
 .env
-flask_session
\ No newline at end of file
+flask_session
+temp
\ No newline at end of file
diff --git a/src/html/board.html b/src/html/board.html
index 3d796bb..ac84b8f 100644
--- a/src/html/board.html
+++ b/src/html/board.html
@@ -9,6 +9,8 @@
     <p>{{ board.description }}</p>
     {% if board.owner_id == session.user_id %}
         <h6><a href="/boards/delete/{{ board.id }}">Delete Board</a></h6>
+    {% elif session.perms == "admin" %}
+        <h6><a href="/boards/delete/{{ board.id }}">Delete Board</a></h6>
     {% endif %}
     {% if session.user_id %}
         <br>
diff --git a/src/html/post.html b/src/html/post.html
index fda3e64..7373c95 100644
--- a/src/html/post.html
+++ b/src/html/post.html
@@ -34,7 +34,7 @@
     {% endif %}
     <p>{{post.content}}</p>
     <h6>
-        {% if session.name == "SYSTEM" %}
+        {% if session.perms == "admin" %}
             <a href="/delete/post/{{ post.id }}">Delete</a>
         {% elif session.name == post.user.name %}
             <a href="/delete/post/{{ post.id }}">Delete</a>
diff --git a/src/html/templates/post.html b/src/html/templates/post.html
index 27919c3..50a98d5 100644
--- a/src/html/templates/post.html
+++ b/src/html/templates/post.html
@@ -20,7 +20,7 @@
         {% if post.replies > 0 %}
         ({{ post.replies }} replies)
         {% endif %}
-        {% if session.name == "SYSTEM" %}
+        {% if session.perms == "admin" %}
         | <a href="/delete/post/{{ post.id }}">Delete</a>
         {% elif session.name == post.user.name %}
         | <a href="/delete/post/{{ post.id }}">Delete</a>
diff --git a/src/html/templates/short_post.html b/src/html/templates/short_post.html
index cd09d0e..bfaa8ab 100644
--- a/src/html/templates/short_post.html
+++ b/src/html/templates/short_post.html
@@ -20,7 +20,7 @@
         {% if post.replies > 0 %}
         ({{ post.replies }} replies)
         {% endif %}
-        {% if session.name == "SYSTEM" %}
+        {% if session.perms == "admin" %}
         | <a href="/delete/post/{{ post.id }}">Delete</a>
         {% elif session.name == post.user.name %}
         | <a href="/delete/post/{{ post.id }}">Delete</a>
diff --git a/src/main.py b/src/main.py
index 6ad7fa7..26ce819 100644
--- a/src/main.py
+++ b/src/main.py
@@ -20,7 +20,7 @@ console_log.setFormatter(logging.Formatter("\033[1;32m%(asctime)s\033[0m - \033[
 console_log.setLevel(logging.INFO)
 
 # Create file handler with a specific format
-file_log = logging.FileHandler(env('LOG_FILE', default='app.log'))
+file_log = logging.FileHandler(env('LOG_FILE', default='app.log'), mode=env('LOG_MODE', default='a'))
 file_log.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(name)s - %(message)s"))
 file_log.setLevel(logging.DEBUG)
 
@@ -550,6 +550,16 @@ def delete_board(board_id):
         return redirect('/login')
     log.debug(f"Token validated for user {user[1]}")
 
+    # Check if user owns the board or is admin
+    board = db.execute_query("SELECT * FROM boards WHERE id = ?", (board_id,), fetch_type=FETCHONE)
+    if not board:
+        log.error("Board not found")
+        return render_template('error.html', error="Board not found")
+    
+    if board[4] != user[0] and session['perms'] != 'admin':
+        log.error("User does not have permission to delete this board")
+        return render_template('error.html', error="You do not have permission to delete this board")
+
     # Delete the board
     db.execute_query("DELETE FROM boards WHERE id = ?", (board_id,))
     log.info(f"Board ID {board_id} deleted successfully")
@@ -598,6 +608,10 @@ def new_post():
         log.error("No post content provided")
         return render_template('error.html', error="No post content provided")
     
+    if len(content) > 10000:
+        log.error("Post content is too long")
+        return render_template('error.html', error="Post content is too long")
+    
     attachments = request.files.getlist('attachments')
 
     reference = request.form.get('reference')
@@ -675,6 +689,16 @@ def delete_post(post_id):
         return redirect('/login')
     log.debug(f"Token validated for user {user[1]}")
 
+    # Check if user owns the post or is admin
+    post = db.execute_query("SELECT * FROM posts WHERE id = ?", (post_id,), fetch_type=FETCHONE)
+    if not post:
+        log.error("Post not found")
+        return render_template('error.html', error="Post not found")
+    
+    if post[1] != user[0] and session['perms'] != 'admin':
+        log.error("User does not have permission to delete this post")
+        return render_template('error.html', error="You do not have permission to delete this post")
+
     # Delete the post
     db.execute_query("DELETE FROM posts WHERE id = ?", (post_id,))
     log.info(f"Post ID {post_id} deleted successfully")