diff --git a/admin/.htaccess b/admin/.htaccess
new file mode 100644
index 0000000..1dbe967
--- /dev/null
+++ b/admin/.htaccess
@@ -0,0 +1,16 @@
+
+AuthType Basic
+AuthName "Iolovolio ADMIN"
+AuthUserFile /www/iolovolio/admin/.htpasswd
+Require valid-user
+
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^([^\.]+)$ index.php?q=$1 [NC,L]
+
+#10l0v0l104dm1nPwd
+#
+# Rewritebase /
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteCond %{REQUEST_FILENAME} !-d
+# RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
diff --git a/admin/.htpasswd b/admin/.htpasswd
new file mode 100644
index 0000000..097cba8
--- /dev/null
+++ b/admin/.htpasswd
@@ -0,0 +1 @@
+admin:{SHA}7YC5wks0QslZEMixf4Zv25PucmU=
diff --git a/admin/index.php b/admin/index.php
new file mode 100644
index 0000000..c0f39f7
--- /dev/null
+++ b/admin/index.php
@@ -0,0 +1,48 @@
+<?php
+
+  session_start();
+
+  @include '../cgi-bin/conn.conn';
+  @include '../cgi-bin/functions.inc';
+  @include '../cgi-bin/params.inc';
+
+  $GLOBALS['conn'];
+
+  $conn = @mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb)or die("CONNECTION ERROR");
+  mysqli_set_charset($conn, "utf8");
+
+  if(@$_GET['q']){ $GLOBALS['getQ'] = explode("/",$_GET['q']); }
+
+?>
+
+<!DOCTYPE html>
+<html lang="it">
+  <head>
+    <meta charset="UTF-8">
+    <title>IoLovOlio</title>
+    <meta name="viewport" content="width=device-width, user-scalable=no,initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0">
+    <meta name="description" content=".">
+    <link rel="stylesheet" href="../assets/css/styles.css">
+  </head>
+  <body>
+
+    <main class="main-content">
+
+      <div class="container">
+        <div class="row no-gutters">
+          <div class="col-6 mx-auto">
+            <a class="button button-<?= $getQ[0] == 'orders' ? 'brown' : 'white';?>" href="/admin/orders">Ordini</a>
+          </div>
+          <div class="col-6 mx-auto">
+            <a class="button button-<?= $getQ[0] == 'users' ? 'brown' : 'white';?>" href="/admin/users">Utenti</a>
+          </div>
+        </div>
+      </div>
+
+      <?php
+        @include $getQ[0].'.php';
+      ?>
+
+    </main>
+  </body>
+</html>
diff --git a/admin/orders.php b/admin/orders.php
new file mode 100644
index 0000000..6c50f9e
--- /dev/null
+++ b/admin/orders.php
@@ -0,0 +1,81 @@
+
+<?php
+  @include('components/breadcrumb/breadcrumb.php');
+  setlocale(LC_MONETARY, 'it_IT.UTF-8');
+
+  if(isset($_POST['update_traking'])) {
+    $q = mysqli_query($conn, "UPDATE orders SET traking = '".$_POST['update_traking']."',
+                              status = 'SHIPPED' WHERE id = ".$_POST['id']);
+  }
+?>
+
+
+<div class="admin-list container py-5">
+  <div class="row list-row py-2 text-bold">
+    <div class="col-2"> Data </div>
+    <div class="col-3"> Articoli </div>
+    <div class="col-3"> Spedizione </div>
+    <div class="col-1"> Stato </div>
+    <div class="col-1"> Totale </div>
+    <div class="col-2"> Traking </div>
+  </div>
+
+  <?php
+    $q = mysqli_query($conn, "SELECT * FROM orders ORDER BY date ASC");
+    while($r = mysqli_fetch_array($q)) {
+  ?>
+
+  <div class="row list-row py-2">
+    <div class="col-2 col-border">
+      <?= conv_date($r['date']);?>
+    </div>
+    <div class="col-3 col-border">
+      <?php
+        $items = json_decode($r['items']);
+        foreach($items as $item) {
+          $qp = mysqli_query($conn, "SELECT * FROM products WHERE id=".$item->pid);
+          $p = mysqli_fetch_array($qp);
+          ?>
+          <div class="row">
+            <div class="col-6"><?= $p['name'];?></div>
+            <div class="col-3"><?= money_format('%.2n', $item->price);?></div>
+            <div class="col-3 text-right">x <?= $item->qty;?></div>
+          </div>
+          <?php
+        }
+      ?>
+    </div>
+    <div class="col-3 col-border">
+      <?php
+        $shipping = json_decode($r['shipping']);
+      ?>
+      <div class="row">
+        <div class="col-12"><?= $shipping->full_name;?></div>
+        <div class="col-12"><?= $shipping->address;?></div>
+        <div class="col-12"><?= $shipping->zip_code." - ".$shipping->city." (".$shipping->province.")";?></div>
+      </div>
+    </div>
+    <div class="col-1 col-border">
+      <?= $r['status'];?>
+    </div>
+    <div class="col-1 col-border">
+      <?= money_format('%.2n', $r['total']);?>
+    </div>
+    <div class="col-2">
+      <form method="post">
+      <input type="hidden" name="id" value="<?= $r['id'];?>">
+      <input class="input-text input-small" type="text" name="update_traking" value="<?= $r['traking'];?>">
+      <button type="submit" class="button button-small button-brown w-100">Salva</button>
+      </form>
+    </div>
+
+  </div>
+
+  <?php
+    }
+  ?>
+
+  </div>
+</div>
+
+
diff --git a/api/order_add.php b/api/order_add.php
index 0aa269f..820f308 100644
--- a/api/order_add.php
+++ b/api/order_add.php
@@ -15,16 +15,16 @@ $conn = $databaseService->getConnection();
 $data = json_decode(file_get_contents("php://input"));
 $shipping = array(
   "full_name" => $data->profile->first_name." ".$data->profile->last_name,
-  "address" => $data->address,
-  "city" => $data->city,
-  "zip_code" => $data->zip_code,
-  "province" => $data->province
+  "address" => $data->profile->address,
+  "city" => $data->profile->city,
+  "zip_code" => $data->profile->zip_code,
+  "province" => $data->profile->province
 );
 
 $query = "INSERT INTO `orders`
           (`id`, `uid`, `date`, `items`, `total`, `status`, `token`, `shipping`, `traking`)
           VALUES (NULL, ".intval($data->uid).", NOW(), '".json_encode($data->cart)."', ".floatval($data->total).",
-          'PAID',
+          'CREATED',
           '".trim($data->token)."',
           '".json_encode($shipping)."', '')";
 
diff --git a/components/thankyou/thankyou.html b/components/thankyou/thankyou.html
index c25b120..9670404 100644
--- a/components/thankyou/thankyou.html
+++ b/components/thankyou/thankyou.html
@@ -1,8 +1,16 @@
 <?php
   @include('components/breadcrumb/breadcrumb.php');
   setlocale(LC_MONETARY, 'it_IT.UTF-8');
-?>
 
+  $url = $_SERVER[REQUEST_URI];
+  $url_components = parse_url($url);
+  parse_str($url_components['query'], $params);
+
+  if(isset($params['token'])) {
+    $q = mysqli_query($conn, "UPDATE orders SET status = 'PAID' WHERE token = '".$params['token']."'");
+  }
+
+?>
 
 <div class="component-thankyou">
   <div class="container">
diff --git a/deploy.sh b/deploy.sh
index 4ef9f70..bc97809 100644
--- a/deploy.sh
+++ b/deploy.sh
@@ -15,4 +15,5 @@ done
 cd ..
 
 rsync -avz --delete --exclude '/cgi-bin/conn.conn' -e "ssh -i ./auth/marketmind.pem" ./public/* ubuntu@18.194.83.82:/var/www/iolovolio.com/
+rsync -avz --delete -e "ssh -i ./auth/marketmind.pem" ./admin/* ubuntu@18.194.83.82:/var/www/iolovolio.com/admin/
 
diff --git a/pages/.htaccess b/pages/.htaccess
index 74b5589..3b02d81 100644
--- a/pages/.htaccess
+++ b/pages/.htaccess
@@ -1,6 +1,8 @@
 RewriteEngine On
+RewriteCond %{REQUEST_URI} !^/admin/
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^([^\.]+)$ index.php?q=$1 [NC,L]
+
 #
 # Rewritebase /
 # RewriteCond %{REQUEST_FILENAME} !-f
diff --git a/src/scss/admin.scss b/src/scss/admin.scss
new file mode 100644
index 0000000..8346308
--- /dev/null
+++ b/src/scss/admin.scss
@@ -0,0 +1,10 @@
+.admin-list {
+  .list-row {
+    border-bottom: 1px solid $gray;
+    font-size: $font-14;
+
+    .col-border {
+      border-right: 1px dotted $gray;
+    }
+  }
+}
diff --git a/src/scss/forms.scss b/src/scss/forms.scss
index 7b5db9b..3c23456 100644
--- a/src/scss/forms.scss
+++ b/src/scss/forms.scss
@@ -93,6 +93,11 @@ select,
 .input-text {
   padding: 7px 20px;
   //height: 40px;
+
+  &.input-small {
+    padding: 3px 10px;
+    font-style: $font-14;
+  }
 }
 
 .input-select {
@@ -119,7 +124,7 @@ select,
   &.button-brown {
     background: $brown;
     color: $white;
-    border: none;
+    border: 1px solid $brown;
   }
 
   &.button-white {
diff --git a/src/scss/main.scss b/src/scss/main.scss
index d6e4ff8..83a31dc 100644
--- a/src/scss/main.scss
+++ b/src/scss/main.scss
@@ -12,6 +12,7 @@
 @import "../scss/icons.scss";
 @import "../scss/global.scss";
 @import "../scss/forms.scss";
+@import "../scss/admin.scss";
 
 @import "./components/header/header.scss";
 @import "./components/sectionHeader/sectionHeader.scss";