diff --git a/donutshop_ecommerce/public/cross.png b/donutshop_ecommerce/public/cross.png
new file mode 100644
index 0000000..65e81b3
Binary files /dev/null and b/donutshop_ecommerce/public/cross.png differ
diff --git a/donutshop_ecommerce/src/app/api/auth/[...nextauth]/route.js b/donutshop_ecommerce/src/app/api/auth/[...nextauth]/route.js
index fe7bd04..35b0223 100644
--- a/donutshop_ecommerce/src/app/api/auth/[...nextauth]/route.js
+++ b/donutshop_ecommerce/src/app/api/auth/[...nextauth]/route.js
@@ -1,11 +1,12 @@
 import * as mongoose from "mongoose"
-import NextAuth from "next-auth"
+import NextAuth, { getServerSession } from "next-auth"
 import CredentialsProvider from "next-auth/providers/credentials"
 import { User } from "../../models/User"
 import bcrypt from 'bcrypt'
 import GoogleProvider from "next-auth/providers/google";
 import { MongoDBAdapter } from "@auth/mongodb-adapter"
 import clientPromise from "../../../../libs/mongoConnect"
+import { UserInfo } from "../../models/UserInfo"
 
 export const authOptions = {
     secret: process.env.SECRET,
@@ -37,6 +38,21 @@ export const authOptions = {
         }
       }),
     ],
+};
+
+export async function isAdmin(){
+  const session = await getServerSession(authOptions);
+  const userEmail = session?.user?.email;
+  if (!userEmail) {
+    return false;
+  }
+
+  const userInfo = await UserInfo.findOne({email:userEmail});
+  if (!userInfo) {
+    return false;
+  }
+  
+  return userInfo.admin;
 }
 
 const handler = NextAuth(authOptions);
diff --git a/donutshop_ecommerce/src/app/api/categories/route.js b/donutshop_ecommerce/src/app/api/categories/route.js
index 4e23686..305fd6c 100644
--- a/donutshop_ecommerce/src/app/api/categories/route.js
+++ b/donutshop_ecommerce/src/app/api/categories/route.js
@@ -1,19 +1,24 @@
 import mongoose from "mongoose";
 import { Category } from "../models/Category";
+import { isAdmin } from "../auth/[...nextauth]/route";
 
 export async function POST(req){
     mongoose.connect(process.env.MONGO_URL)
     const {name} = await req.json();
-    const categoryDoc = await Category.create({name})
-
-    return Response.json(categoryDoc);
+    if(await isAdmin()){
+        const categoryDoc = await Category.create({name})
+        return Response.json(categoryDoc);
+    } else {
+        return Response.json({})
+    }    
 }
 
 export async function PUT(req){
     mongoose.connect(process.env.MONGO_URL)
     const {_id, name} = await req.json();
-    await Category.updateOne({_id}, {name});
-
+    if(await isAdmin()){
+        await Category.updateOne({_id}, {name});
+    }
     return Response.json(true);
 }
 
@@ -28,7 +33,8 @@ export async function DELETE(req){
     mongoose.connect(process.env.MONGO_URL)
     const url = new URL(req.url);
     const _id = url.searchParams.get('_id');
-    await Category.deleteOne({_id})
-
+    if(await isAdmin()){
+        await Category.deleteOne({_id})
+    }
     return Response.json(true)
 }
\ No newline at end of file
diff --git a/donutshop_ecommerce/src/app/api/menu-items/route.js b/donutshop_ecommerce/src/app/api/menu-items/route.js
index 87d7236..edf1679 100644
--- a/donutshop_ecommerce/src/app/api/menu-items/route.js
+++ b/donutshop_ecommerce/src/app/api/menu-items/route.js
@@ -1,18 +1,26 @@
 import mongoose from "mongoose";
 import { MenuItem } from "../models/MenuItem";
+import { isAdmin } from "../auth/[...nextauth]/route";
 
 export async function POST(req){
     mongoose.connect(process.env.MONGO_URL)
     const data = await req.json();
-    const menuItemDoc = await MenuItem.create(data);
-
-    return Response.json(menuItemDoc)
+    if(await isAdmin()){
+        const menuItemDoc = await MenuItem.create(data);
+        return Response.json(menuItemDoc)
+    } else {
+        return Response.json({});
+    }
+    
 }
 
 export async function PUT(req){
     mongoose.connect(process.env.MONGO_URL)
-    const {_id, ...data} = await req.json();
-    await MenuItem.findByIdAndUpdate(_id, data);
+    if(await isAdmin()){
+        const {_id, ...data} = await req.json();
+        await MenuItem.findByIdAndUpdate(_id, data);
+    }
+    
 
     return Response.json(true)
 }
@@ -21,14 +29,16 @@ export async function GET(){
     mongoose.connect(process.env.MONGO_URL)
     return Response.json(
         await MenuItem.find()
-    )
+    )   
 }
 
 export async function DELETE(req){
     mongoose.connect(process.env.MONGO_URL)
     const url = new URL(req.url);
     const _id = url.searchParams.get('_id');
-    await MenuItem.deleteOne({_id})
-
+    if(await isAdmin()){
+        await MenuItem.deleteOne({_id})
+    }
+    
     return Response.json(true)
 }
\ No newline at end of file
diff --git a/donutshop_ecommerce/src/app/api/orders/route.js b/donutshop_ecommerce/src/app/api/orders/route.js
index aa51e0c..ecc2144 100644
--- a/donutshop_ecommerce/src/app/api/orders/route.js
+++ b/donutshop_ecommerce/src/app/api/orders/route.js
@@ -1,31 +1,23 @@
 import mongoose from "mongoose";
 import { getServerSession } from "next-auth"
-import { authOptions } from "../auth/[...nextauth]/route"
-import { UserInfo } from "../models/UserInfo"
+import { authOptions, isAdmin } from "../auth/[...nextauth]/route"
 import { Order } from "../models/Order"
 
 export async function GET(req){
     mongoose.connect(process.env.MONGO_URL);
     const session = await getServerSession(authOptions);
     const userEmail = session?.user?.email;
-    
+    const admin = isAdmin();
     const url = new URL(req.url);
     const _id = url.searchParams.get('_id')
     if(_id){
         return Response.json( await Order.findById(_id));
     }
 
-    let isAdmin = false;
-
-    if(userEmail){
-        const userInfo = await UserInfo.findOne({email:userEmail});
-        if(userInfo){
-            const isAdmin = userInfo.admin;
-        }
-    }
-    if(isAdmin){
+    if(admin){
         return Response.json( await Order.find() )
     }
+
     if(userEmail){
         return Response.json( await Order.find({userEmail}) )
     }
diff --git a/donutshop_ecommerce/src/app/api/users/route.js b/donutshop_ecommerce/src/app/api/users/route.js
index e010514..6906585 100644
--- a/donutshop_ecommerce/src/app/api/users/route.js
+++ b/donutshop_ecommerce/src/app/api/users/route.js
@@ -1,9 +1,14 @@
 import mongoose from "mongoose";
 import { User } from "../models/User";
+import { isAdmin } from "../auth/[...nextauth]/route";
 
 export async function GET(){
     mongoose.connect(process.env.MONGO_URL);
-    const users = await User.find();
-
-    return Response.json(users);
+    if(await isAdmin()) {
+        const users = await User.find();
+        return Response.json(users);
+    } else {
+        return Response.json([]);
+    }
+    
 }
\ No newline at end of file
diff --git a/donutshop_ecommerce/src/app/orders/[id]/page.js b/donutshop_ecommerce/src/app/orders/[id]/page.js
index 024cfa7..176638a 100644
--- a/donutshop_ecommerce/src/app/orders/[id]/page.js
+++ b/donutshop_ecommerce/src/app/orders/[id]/page.js
@@ -6,7 +6,7 @@ import { useParams } from 'next/navigation'
 import AddressInfo from '../../../components/layout/AddressInfo'
 
 const OrdersPage = () => {
-    const {clearCart, cartProducts} = useContext(CartContext);
+    const {clearCart} = useContext(CartContext);
     const {id} = useParams();
     const [order, setOrder] = useState();
 
@@ -37,13 +37,23 @@ const OrdersPage = () => {
   return (
     <div className='pb-20 md:pb-40'>
         <div className='px-5 md:px-10 py-5 sm:py-10 max-w-xl mx-auto'>
+            {order?.paid ? (
             <div className='flex flex-col gap-4 items-center justify-center text-center mb-10'>
                 <Image src='/check.png' width={100} height={100} alt='checked' className='mb-5'/>
                 <p className='uppercase'>Thank you</p>
                 <p className='uppercase text-xl'>Your order is confirmed</p>
                 <button type='button' className='p-2 bg-pink-500 rounded-md text-xs text-white hover:opacity-80 uppercase'>Track your order</button>
             </div>
-            {order && (
+            ) : (
+            <div className='flex flex-col gap-4 items-center justify-center text-center mb-10'>
+                <Image src='/cross.png' width={100} height={100} alt='checked' className='mb-5'/>
+                <p className='uppercase text-red-600'>Action needed</p>
+                <p className='uppercase text-xl text-red-600'>Payment is required</p>
+            </div>
+            )
+        }
+            
+            {order&& (
                 <div className='flex flex-col gap-5 py-5 px-5 border rounded-md shadow-md'>
                     <div className='border-b pb-5'>
                         <p className='mb-5 text-pink-500 font-semibold text-center'>Order Summary</p>
diff --git a/donutshop_ecommerce/src/app/orders/page.js b/donutshop_ecommerce/src/app/orders/page.js
index 501705e..f2e9c7a 100644
--- a/donutshop_ecommerce/src/app/orders/page.js
+++ b/donutshop_ecommerce/src/app/orders/page.js
@@ -41,7 +41,12 @@ const OrderPage = () => {
                     <div className='flex flex-col gap-2'>
                         <div className='text-gray-700 font-semibold'>{order.userEmail}</div>
                         <div className='mb-2'>
-                            <Link href={'/orders/'+order._id} className='bg-gray-200 text-gray-700 p-2 text-xs font-semibold'>Order info</Link>
+                            {order.paid? (
+                                <Link href={'/orders/'+order._id} className='bg-gray-200 text-gray-700 p-2 text-xs font-semibold'>Receipt info</Link>
+                            ): (
+                                <Link href={'/orders/'+order._id} className='bg-gray-200 text-gray-700 p-2 text-xs font-semibold'>Order info</Link>
+                            )
+                        }
                         </div>
                         <div className='text-xs text-gray-500'>{dateTime(order.createdAt)}</div>
                     </div>
diff --git a/donutshop_ecommerce/src/components/layout/HomeMenu.js b/donutshop_ecommerce/src/components/layout/HomeMenu.js
index b1ea029..71f0cfd 100644
--- a/donutshop_ecommerce/src/components/layout/HomeMenu.js
+++ b/donutshop_ecommerce/src/components/layout/HomeMenu.js
@@ -14,7 +14,7 @@ const HomeDrink = () => {
   useEffect(() => {
     fetch('/api/menu-items').then(res => {
       res.json().then(menuItems => {
-        setBestSeller(menuItems.slice(-5))
+        setBestSeller(menuItems.slice(5, 10))
       })
     })
   }, [])
diff --git a/donutshop_ecommerce/src/components/menu/MenuItem.js b/donutshop_ecommerce/src/components/menu/MenuItem.js
index d17e7f5..77d6b8a 100644
--- a/donutshop_ecommerce/src/components/menu/MenuItem.js
+++ b/donutshop_ecommerce/src/components/menu/MenuItem.js
@@ -18,20 +18,14 @@ const MenuItem = (menuItem) => {
   }
   
   return (
-    <>
-    {showPopup && (
-      <div className='fixed inset-0 bg-black/80'>
+    <div className='py-1 sm:py-5 flex flex-col gap-2 sm:gap-4 justify-center items-center text-center rounded-xl bg-white h-[350px] sm:h-[450px]'>
+      <Image src={menuImg} width={300} height={300} alt='menu-donut' className='w-[200px] sm:w-[250px]'/>
+      <p className='text-sm sm:text-base font-semibold capitalize text-[#95743D] px-2'>{itemName}</p>
+      <p className='text-xs sm:text-sm px-2 line-clamp-2 text-[#95743D]'>{description}</p>
+      <p className='text-[#95743D] text-sm'>${basePrice}</p>
+      <button type='button' onClick={handleAddToCartButtonClick} className='px-2 py-1 sm:px-4 sm:py-2 rounded-full text-xs sm:text-sm border border-[#E78895] text-[#95743D] font-semibold hover:bg-[#E78895] hover:text-[#FDE2DE] duration-300'>Add to cart</button>
+    </div>
 
-      </div>
-    )}
-      <div className='py-1 sm:py-5 flex flex-col gap-2 sm:gap-4 justify-center items-center text-center rounded-xl bg-white h-[350px] sm:h-[450px]'>
-        <Image src={menuImg} width={300} height={300} alt='menu-donut' className='w-[200px] sm:w-[250px]'/>
-        <p className='text-sm sm:text-base font-semibold capitalize text-[#95743D] px-2'>{itemName}</p>
-        <p className='text-xs sm:text-sm px-2 line-clamp-2 text-[#95743D]'>{description}</p>
-        <p className='text-[#95743D] text-sm'>${basePrice}</p>
-        <button type='button' onClick={handleAddToCartButtonClick} className='px-2 py-1 sm:px-4 sm:py-2 rounded-full text-xs sm:text-sm border border-[#E78895] text-[#95743D] font-semibold hover:bg-[#E78895] hover:text-[#FDE2DE] duration-300'>Add to cart</button>
-      </div>
-    </>
   )
 }