diff --git a/src/apis/auth.php b/src/apis/auth.php
index 9626b05..483eb4e 100755
--- a/src/apis/auth.php
+++ b/src/apis/auth.php
@@ -1,7 +1,7 @@
 <?php
 @include 'conn.conn';
 $GLOBALS['conn'];
-$conn=@mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
+$conn = @mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
 
 $content = null;
 $content->status = array();
@@ -9,17 +9,21 @@ $data = json_decode(file_get_contents("php://input"));
 
 if(isset($_GET['act']) && $_GET['act'] == 'login') {
   if($data->usr == 'admin' && $data->pwd == 'JohnHolmes') {
+    http_response_code(200);
     $content->status = 200;
     $content->authToken = base64_encode('admin:JohnHolmes'.date("Y-m-d"));
   } else {
-    $content->status = 403;
+    http_response_code(401);
+    $content->status = 401;
   }
 } else if(isset($_GET['act']) && $_GET['act'] == 'check') {
   if($data->token == base64_encode('admin:JohnHolmes'.date("Y-m-d"))) {
+    http_response_code(200);
     $content->status = 200;
     $content->authToken = base64_encode('admin:JohnHolmes'.date("Y-m-d"));
   } else {
-    $content->status = 403;
+    http_response_code(401);
+    $content->status = 401;
   }
 }
 header("Access-Control-Allow-Origin: *");
diff --git a/src/apis/index.php b/src/apis/index.php
index e8e2b18..10fd756 100644
--- a/src/apis/index.php
+++ b/src/apis/index.php
@@ -1,7 +1,7 @@
 <?php
 @include 'conn.conn';
 $GLOBALS['conn'];
-$conn=@mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
+$conn = @mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
 
 $content = null;
 
@@ -86,27 +86,8 @@ if(isset($_GET['query'])) {
       }
       break;
   }
-
-} else if(isset($_GET['auth'])) {
-  switch($_GET['auth']) {
-    case 'auth':
-      if($_POST['usr'] == 'admin' && $_POST['pwd'] == 'JohnHolmes') {
-        $content->status = 200;
-        $content->authToken = md5(date("Y-m-d"));
-      } else {
-        $content->status = 403;
-      }
-      break;
-    case 'check':
-      if($_POST['token'] == md5(date("Y-m-d"))) {
-        $content->status = 200;
-        $content->authToken = md5(date("Y-m-d"));
-      } else {
-        $content->status = 403;
-      }
-      break;
-  }
 }
+http_response_code(200);
 
 header("Access-Control-Allow-Origin: *");
 header("Content-Type: application/json; charset=UTF-8");
diff --git a/src/apis/remove.php b/src/apis/remove.php
index 6051c5a..8f3b4a0 100644
--- a/src/apis/remove.php
+++ b/src/apis/remove.php
@@ -1,14 +1,22 @@
 <?php
-@include 'conn.conn';
-$GLOBALS['conn'];
-$conn=@mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
 
 $content = null;
-$content->imageUrl = 'http://unsplash.it/800/600';
+$data = json_decode(file_get_contents("php://input"));
+
+if(isset($data->token) && $data->token == base64_encode('admin:JohnHolmes'.date("Y-m-d"))) {
+
+    @unlink('..'.$data->url);
+    http_response_code(200);
+    $content->status = 200;
+
+} else {
+  http_response_code(401);
+  $content->status = 401;
+}
 
 header("Access-Control-Allow-Origin: *");
 header("Content-Type: application/json; charset=UTF-8");
-header("Access-Control-Allow-Methods: GET");
+header("Access-Control-Allow-Methods: POST");
 header("Access-Control-Max-Age: 3600");
 
 echo json_encode($content);
diff --git a/src/apis/upload.php b/src/apis/upload.php
index fcdbcc6..39e84a7 100644
--- a/src/apis/upload.php
+++ b/src/apis/upload.php
@@ -1,10 +1,29 @@
 <?php
-@include 'conn.conn';
-$GLOBALS['conn'];
-$conn=@mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
 
 $content = null;
-$content->imageUrl = 'http://unsplash.it/800/600';
+
+if(isset($_POST['token']) && $_POST['token'] == base64_encode('admin:JohnHolmes'.date("Y-m-d"))) {
+
+  if(is_uploaded_file($_FILES['file']['tmp_name'])) {
+    $file = $_FILES['file']['tmp_name'];
+    $filename = date("YmdHis").".".end((explode(".", $_FILES["file"]["name"])));
+
+    $path = isset($_POST['path']) ? "/uploads/".$_POST['path'] : "/uploads/";
+    @move_uploaded_file($file, "..".$path."/".$filename);
+
+    http_response_code(200);
+    $content->status = 200;
+    $content->imageUrl = $path."/".$filename;
+
+  } else {
+    http_response_code(401);
+    $content->status = 401;
+    $content->megssage = 'No file uploaded';
+  }
+} else {
+  http_response_code(401);
+  $content->status = 401;
+}
 
 header("Access-Control-Allow-Origin: *");
 header("Content-Type: application/json; charset=UTF-8");
diff --git a/src/apis/work.php b/src/apis/work.php
new file mode 100644
index 0000000..4736285
--- /dev/null
+++ b/src/apis/work.php
@@ -0,0 +1,59 @@
+<?php
+@include 'conn.conn';
+$GLOBALS['conn'];
+$conn = @mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
+
+$content = null;
+$data = json_decode(file_get_contents("php://input"));
+
+if(isset($data->token) && $data->token == base64_encode('admin:JohnHolmes'.date("Y-m-d"))) {
+
+  if(isset($_GET['act']) && $_GET['act'] == 'save') {
+
+    if(isset($data->id)) {
+      $q = mysqli_query($conn,"UPDATE `works` SET title = '".addslashes($data->title)."', content = '".addslashes($data->content)."',
+                                  type = '".$data->type."', tags = '".$data->tags."', image = '".$data->image."',
+                                  exhibitions = '".$data->exhibitions."', gallery = '".$data->gallery."', videos = '".$data->videos."'
+                                  WHERE id = ".$data->id."");
+    } else {
+      $q = mysqli_query($conn,"INSERT INTO `works` (`id`, `title`, `content`, `type`, `tags`, `image`, `exhibitions`, `gallery`, `videos`)
+                                VALUES (NULL, '".addslashes($data->title)."', '".addslashes($data->content)."', '".$data->type."',
+                                        '".$data->tags."', '".$data->image."', '".$data->exhibitions."', '".$data->gallery."',
+                                        '".$data->videos."')");
+    }
+
+    $qe = mysqli_query($conn,"SELECT * FROM `works` ORDER BY id DESC");
+    if(mysqli_num_rows($qe) > 0) {
+      $content->items = array();
+      while($re = mysqli_fetch_array($qe)) {
+        $item = null;
+        $item->id = $re['id'];
+        $item->title = $re['title'];
+        $item->type = $re['type'];
+        $item->tags = $re['tags'];
+        $item->image = $re['image'];
+        array_push($content->items, $item);
+      }
+    }
+
+    if($q) {
+      http_response_code(201);
+      $content->status = 201;
+    } else {
+      http_response_code(403);
+      $content->status = 403;
+    }
+  }
+
+} else {
+  http_response_code(401);
+  $content->status = 401;
+}
+header("Access-Control-Allow-Origin: *");
+header("Content-Type: application/json; charset=UTF-8");
+header("Access-Control-Allow-Methods: POST");
+header("Access-Control-Max-Age: 3600");
+
+echo json_encode($content);
+
+?>
diff --git a/src/app/admin/admin.component.html b/src/app/admin/admin.component.html
index ca38265..711c236 100644
--- a/src/app/admin/admin.component.html
+++ b/src/app/admin/admin.component.html
@@ -29,18 +29,17 @@
     <div class="col p-5">
       <div class="edit-container">
         <span class="title">{{sectionTitle}}</span>
-        <form class="form row" (submit)="saveWork()" *ngIf="activeEditor == 'works-modify'">
+        <form class="form row" (submit)="saveWork()" *ngIf="activeEditor == 'works-modify' || activeEditor == 'works-delete'">
           <div class="col-12">
-            <span class="label">Select work</span>
             <select class="input-select">
-              <option value=""></option>
+              <option value="">- Select work from list -</option>
               <option value="{{work.title}}" *ngFor="let work of works" (click)="selectWork(work.id)">
-                {{work.title}}
+                {{work.type}} | {{work.title}}
               </option>
             </select>
           </div>
         </form>
-        <form class="form row" (submit)="saveWork()" *ngIf="activeEditor == 'works-add' || activeModify">
+        <form class="form row" (submit)="saveWork()" *ngIf="activeEditor == 'works-add' || (activeEditor == 'works-modify' && activeModify)">
           <div class="col-8">
             <span class="label">Title</span>
             <input type="text" class="input-text" name="title" [(ngModel)]="title">
@@ -113,6 +112,32 @@
             <button class="button w-100" type="submit">Save</button>
           </div>
         </form>
+
+
+        <form class="form row" (submit)="deleteWork(modifyId)" *ngIf="activeEditor == 'works-delete' && modifyId">
+          <div class="col-12">
+            <span class="label">Title</span>
+            <div class="preview-box">{{title}} | {{type}}</div>
+          </div>
+          <div class="col-12">
+            <span class="label">Content</span>
+            <div class="preview-box" [innerHTML]="content"></div>
+          </div>
+
+          <div class="col-12">
+            <span class="label">Gallery</span>
+            <div class="gallery-container">
+              <div class="image-box" [ngClass]="{'main': image.main}" *ngFor="let image of selectedGallery">
+                <img class="image" [src]="basePath+image.url">
+                <button type="button" class="remove" (click)="galleryRemove(image.url)"><span class="icon-trash-2"></span></button>
+              </div>
+            </div>
+          </div>
+
+          <div class="col-12 pt-5">
+            <button class="button w-100" type="submit">Delete</button>
+          </div>
+        </form>
       </div>
     </div>
   </div>
diff --git a/src/app/admin/admin.component.scss b/src/app/admin/admin.component.scss
index 01f960e..729fed7 100644
--- a/src/app/admin/admin.component.scss
+++ b/src/app/admin/admin.component.scss
@@ -34,13 +34,13 @@
         padding: 20px 0 5px 0;
       }
 
-
       .gallery-container {
         display: flex;
         background: $white;
         border-radius: 4px;
         width: 100%;
         padding: 5px;
+        min-height: 100px;
 
         .image-add {
           appearance: none;
@@ -142,6 +142,13 @@
           color: $gray;
         }
       }
+
+      .preview-box {
+        border-radius: 4px;
+        background: $white-alpha2;
+        padding: 10px;
+        width: 100%;
+      }
     }
   }
 
diff --git a/src/app/admin/admin.component.ts b/src/app/admin/admin.component.ts
index 9f015cc..efe953f 100644
--- a/src/app/admin/admin.component.ts
+++ b/src/app/admin/admin.component.ts
@@ -107,6 +107,7 @@ export class AdminComponent implements OnInit {
     }
     this.activeModify = false
     this.activeEditor = section
+    this.modifyId = null
     this.resetFields()
   }
 
@@ -209,7 +210,6 @@ export class AdminComponent implements OnInit {
   }
 
   saveWork(): void {
-
     let error = false
     let errorMessages = []
     const mainImage = this.selectedGallery.filter(item => item.main)
@@ -245,7 +245,6 @@ export class AdminComponent implements OnInit {
 
       this.apisService.saveWork(body).toPromise().then((response) => {
         this.resetFields()
-
         this.works = response.items
       },(error) => {
         console.error(error)
@@ -255,6 +254,23 @@ export class AdminComponent implements OnInit {
     }
   }
 
+  deleteWork(id): void {
+
+    const body = {
+      id: id,
+      token: window.sessionStorage.getItem('authToken')
+    }
+
+    this.apisService.deleteWork(body).toPromise().then((response) => {
+      this.resetFields()
+      this.works = response.items
+    },(error) => {
+      console.error(error)
+    }).catch((e) => {
+      console.error(e)
+    })
+  }
+
   resetFields(): void {
     this.title = ''
     this.content = ''
@@ -263,5 +279,6 @@ export class AdminComponent implements OnInit {
     this.selectedExhibitions = []
     this.selectedGallery = []
     this.selectedVideos = []
+    this.modifyId = null
   }
 }
diff --git a/src/app/services/apis.service.ts b/src/app/services/apis.service.ts
index 4f730e1..0ffcf69 100644
--- a/src/app/services/apis.service.ts
+++ b/src/app/services/apis.service.ts
@@ -52,5 +52,12 @@ export class ApisService extends BaseService {
     )
   }
 
+  deleteWork(body): Observable<any> {
+    let urlApi = `${this.restApi}work.php?act=delete`
+    return this.http.post<any>(urlApi, JSON.stringify(body)).pipe(
+      catchError(this.handleError)
+    )
+  }
+
 
 }
diff --git a/src/assets/images/angle-down.svg b/src/assets/images/angle-down.svg
new file mode 100644
index 0000000..1008067
--- /dev/null
+++ b/src/assets/images/angle-down.svg
@@ -0,0 +1,7 @@
+<!-- Generated by IcoMoon.io -->
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="768" height="768" viewBox="0 0 768 768">
+<title></title>
+<g id="icomoon-ignore">
+</g>
+<path d="M169.376 310.624l192 192c12.512 12.512 32.768 12.512 45.248 0l192-192c12.512-12.512 12.512-32.768 0-45.248s-32.768-12.512-45.248 0l-169.376 169.376-169.376-169.376c-12.512-12.512-32.768-12.512-45.248 0s-12.512 32.768 0 45.248z"></path>
+</svg>
diff --git a/src/assets/scss/forms.scss b/src/assets/scss/forms.scss
index d60b308..60e4caa 100644
--- a/src/assets/scss/forms.scss
+++ b/src/assets/scss/forms.scss
@@ -50,6 +50,10 @@ select {
 
 .input-select {
   padding: 9px 20px !important;
+  background-image: url('/assets/images/angle-down.svg');
+  background-size: 28px;
+  background-position: right 10px top 10px;
+  background-repeat: no-repeat;
 }
 
 .button {