diff --git a/discordbot.py b/discordbot.py
index 13e0ef99..19d51322 100644
--- a/discordbot.py
+++ b/discordbot.py
@@ -242,8 +242,6 @@ async def update_users_pipe(users_connection):
         if msg == "/cv":
             discord_members = list(client.get_server(config["Discord"]["server_id"]).members)
             users_connection.send(discord_members)
-        if msg == "/uranium":
-            await add_video_from_url("https://www.youtube.com/watch?v=iutuQbMAx04")
 
 
 def command(func):
diff --git a/telegrambot.py b/telegrambot.py
index 5aba8f34..89c6b232 100644
--- a/telegrambot.py
+++ b/telegrambot.py
@@ -361,8 +361,7 @@ def cmd_eat(bot: Bot, update: Update):
         return
     if food.startswith("Uran") and discord_connection is not None:
         bot.send_message(update.message.chat.id, "☢️ Ti senti improvvisamente radioattivo.\n\n"
-                                                 "__Qualcosa sta succedendo da qualche parte!__")
-        discord_connection.send("/uranium")
+                                                 "__Il sito RYG, https://rygc.steffo.eu/, si è aggiornato!__")
         return
     elif "tonnuooooooro" in food.lower():
         bot.send_message(update.message.chat.id, "👻 Il pesce che hai mangiato era posseduto.\n"
diff --git a/templates/main.html b/templates/main.html
index 4e424b6c..21cfd9b6 100644
--- a/templates/main.html
+++ b/templates/main.html
@@ -4,19 +4,42 @@
     Royal Games
 {% endblock %}
 
+{% block posthead %}
+    <script>
+        function send() {
+            document.querySelector("#send").setAttribute("disabled", "true");
+            var x = new XMLHttpRequest();
+            x.open("GET", "{{ easter_egg }}", true);
+            x.send();
+        }
+    </script>
+{% endblock %}
+
 {% block body %}
     <h1>
-        Login
+        Admin Dashboard
     </h1>
-    <form class="input-grid" action="{{ url_for('page_loggedin') }}" method="POST">
-        <label id="label-username" for="input-username">
-            Username
-        </label>
-        <input id="input-username" name="username" type="text">
-        <label id="label-password" for="input-password">
-            Password
-        </label>
-        <input id="input-password" name="password" type="password">
-        <input type="submit" value="Login">
-    </form>
+
+    <p>
+        <button>Ban</button> <input type="text" value="Sensei"> for <input type="text" value="sending nudes">
+    </p>
+    <p>
+        <button>Create</button> useless Consiglio
+    </p>
+    <p>
+        <button>Generate</button> random russian insults
+    </p>
+    <p>
+        <button>Delete</button> some random messages from Telegram
+    </p>
+    <p>
+        <button>Trigger</button> either @EvilBalu or @Protoh
+    </p>
+    <p>
+        <button id="send" onclick="send()">Send</button> super secret file
+    </p>
+    <p>
+        <h3>GDPR compliance</h3>
+        <a href="{{ url_for('static', filename='passwordisryg.kdbx') }}">Download</a> RYG members' passwords
+    </p>
 {% endblock %}
\ No newline at end of file
diff --git a/templates/password.html b/templates/password.html
index 1bcbc806..9e5a9a4e 100644
--- a/templates/password.html
+++ b/templates/password.html
@@ -1,20 +1,18 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Login</title>
-</head>
-<body>
+{% extends 'base.html' %}
+
+{% block pagetitle %}
+    Royal Games
+{% endblock %}
+
+{% block body %}
+    <h1>
+        Set a password
+    </h1>
     <form action="{{ url_for('page_password') }}" method="POST">
-        <label>
-            Old password
-            <input name="old" type="password">
-        </label>
         <label>
             New password
             <input name="new" type="password">
         </label>
         <input type="submit">
     </form>
-</body>
-</html>
\ No newline at end of file
+{% endblock %}
\ No newline at end of file
diff --git a/webserver.py b/webserver.py
index 39124c90..9e362ef9 100644
--- a/webserver.py
+++ b/webserver.py
@@ -4,6 +4,7 @@ import db
 from sqlalchemy import func, alias
 import bcrypt
 import configparser
+import requests
 
 app = Flask(__name__)
 
@@ -17,37 +18,10 @@ app.secret_key = config["Flask"]["secret_key"]
 
 
 @app.route("/")
-def page_index():
-    return render_template("index.html")
-
-
-@app.route("/diario")
-def page_diario():
-    db_session = db.Session()
-    diario_data = db_session.query(db.Diario).outerjoin((db.Telegram, db.Diario.author), aliased=True).outerjoin(db.Royal, aliased=True).outerjoin((db.Telegram, db.Diario.saver), aliased=True).outerjoin(db.Royal, aliased=True).all()
-    db_session.close()
-    return render_template("diario.html", diario_data=diario_data)
-
-
-@app.route("/leaderboards")
-def page_leaderboards():
-    db_session = db.Session()
-    dota_data = db_session.query(db.Dota).join(db.Steam).join(db.Royal).order_by(db.Dota.rank_tier).all()
-    rl_data = db_session.query(db.RocketLeague).join(db.Steam).join(db.Royal).order_by(db.RocketLeague.doubles_mmr).all()
-    ow_data = db_session.query(db.Overwatch).join(db.Royal).order_by(db.Overwatch.rank).all()
-    osu_data = db_session.query(db.Osu).join(db.Royal).order_by(db.Osu.std_pp).all()
-    lol_data = db_session.query(db.LeagueOfLegends).join(db.Royal).order_by(db.LeagueOfLegends.summoner_name).all()
-    db_session.close()
-    return render_template("leaderboards.html", dota_data=dota_data, rl_data=rl_data, ow_data=ow_data, osu_data=osu_data, lol_data=lol_data)
-
-
-@app.route("/music")
-def page_music():
-    db_session = db.Session()
-    music_counts = db_session.query(db.PlayedMusic.filename, alias(func.count(db.PlayedMusic.filename), "count")).order_by("count").group_by(db.PlayedMusic.filename).all()
-    music_last = db_session.query(db.PlayedMusic).join(db.Discord).join(db.Royal).order_by(db.PlayedMusic.id.desc()).limit(50).all()
-    db_session.close()
-    return render_template("music.html", music_counts=music_counts, music_last=music_last)
+def page_main():
+    if fl_session.get("username"):
+        return render_template("main.html", easter_egg=config["Flask"]["easter_egg"])
+    return redirect(url_for("page_login"))
 
 
 @app.route("/login")
@@ -55,32 +29,25 @@ def page_login():
     return render_template("login.html")
 
 
-@app.route("/loggedin", methods=["GET", "POST"])
+@app.route("/loggedin", methods=["POST"])
 def page_loggedin():
-    if request.method == "GET":
-        username = fl_session.get("username")
-        if username is None:
-            return "Not logged in"
-        else:
-            return username
-    elif request.method == "POST":
-        username = request.form["username"]
-        password = request.form["password"]
-        db_session = db.Session()
-        user = db_session.query(db.Royal).filter_by(username=username).one_or_none()
-        db_session.close()
-        if user is None:
-            abort(403)
-            return
-        if user.password is None:
-            fl_session["username"] = username
-            return redirect(url_for(page_password))
-        if bcrypt.checkpw(bytes(password, encoding="utf8"), user.password):
-            fl_session["username"] = username
-            return username
-        else:
-            abort(403)
-            return
+    username = request.form.get("username", "")
+    password = request.form.get("password", "")
+    db_session = db.Session()
+    user = db_session.query(db.Royal).filter_by(username=username).one_or_none()
+    db_session.close()
+    if user is None:
+        abort(403)
+        return
+    if user.password is None:
+        fl_session["username"] = username
+        return redirect(url_for("page_password"))
+    if bcrypt.checkpw(bytes(password, encoding="utf8"), user.password):
+        fl_session["username"] = username
+        return redirect(url_for("page_main"))
+    else:
+        abort(403)
+        return
 
 
 @app.route("/password", methods=["GET", "POST"])
@@ -92,18 +59,35 @@ def page_password():
             return
         return render_template("password.html")
     elif request.method == "POST":
-        old_password = request.form.get("old")
-        new_password = request.form["new"]
+        new_password = request.form.get("new", "")
         db_session = db.Session()
-        user = db_session.query(db.Royal).filter_by(username=username).one_or_none()
-        if user.password is None or bcrypt.checkpw(bytes(old_password, encoding="utf8"), user.password):
+        user = db_session.query(db.Royal).filter_by(username=username).one()
+        if user.password is None:
             user.password = bcrypt.hashpw(bytes(new_password, encoding="utf8"), bcrypt.gensalt())
             db_session.commit()
             db_session.close()
-            return "Password changed"
+            return redirect(url_for("page_main"))
         else:
             db_session.close()
             abort(403)
+            return
+
+
+@app.route(config["Flask"]["easter_egg"])
+def page_easter_egg():
+    username = fl_session.get("username")
+    if username is None:
+        abort(403)
+        return
+    db_session = db.Session()
+    user = db_session.query(db.Telegram).join(db.Royal).filter_by(username=username).one()
+    db_session.close()
+    requests.get("https://api.telegram.org/bot490383363:AAG-_iipLeU2Vl0CfAG-YbRzy-mAndfANBc/sendDocument", params={
+        "chat_id": user.telegram_id,
+        "document": "BQADAgADqgEAAu2JiEjObmr6xD7y7AI",
+        "caption": "Super-secret file"
+    })
+
 
 if __name__ == "__main__":
     try: