diff --git a/Lab2/__pycache__/server.cpython-310.pyc b/Lab2/__pycache__/server.cpython-310.pyc
index 3af99e8a6819cb2af0635cb1cace0ebe952112d3..9b004867109a8db67ebe33d1813dc745cabcd9d6 100644
Binary files a/Lab2/__pycache__/server.cpython-310.pyc and b/Lab2/__pycache__/server.cpython-310.pyc differ
diff --git a/Lab2/database.db b/Lab2/database.db
index 9861d56e4ec1021e1661cf9fb09ba4bf5562a22c..6ec2df962c98e8c989c5014c632fc9621491b4d7 100644
Binary files a/Lab2/database.db and b/Lab2/database.db differ
diff --git a/Lab2/server.py b/Lab2/server.py
index e693669ac8ae48f2b01384baccde6d6878d43dda..98ccdfdffc22d000efb3fcab6efc46c7cc67f93c 100644
--- a/Lab2/server.py
+++ b/Lab2/server.py
@@ -68,9 +68,9 @@ def sign_in():
 
 @app.route("/users/sign_out", methods = ['POST'])
 def sign_out():
-    data = request.get_json()
-    if('token' in data):
-        if database_helper.log_out(data['token']):
+    token = get_token_from_header()
+    if(token != 1):
+        if database_helper.log_out(token):
             return "", 200
         else:
             return "", 401
@@ -81,11 +81,12 @@ def sign_out():
 @app.route("/account/change_password", methods = ['PUT'])
 def change_password():
     data = request.get_json()
-    if('token' in data and 'oldPassword' in data and 'newPassword' in data):
+    token = get_token_from_header()
+    if('oldPassword' in data and 'newPassword' in data and token != 1):
         if(len(data['oldPassword']) > 5 and len(data['newPassword']) > 5):
-            if database_helper.is_online(data['token']):
-                email = database_helper.tokenToEmail(data['token'])
-                password = database_helper.tokenToPassword(data['token'])
+            if database_helper.is_online(token):
+                email = database_helper.tokenToEmail(token)
+                password = database_helper.tokenToPassword(token)
                 if(data['oldPassword'] == password):
                     if database_helper.change_password(email, data['newPassword']):
                         return "", 204
@@ -101,17 +102,27 @@ def change_password():
         return "", 400
 
 
-@app.route("/account/get/data/<token>", methods = ['GET'])
-def get_user_data_token(token):
+@app.route("/account/get/data", methods = ['GET'])
+def get_user_data_token():
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
     email = database_helper.tokenToEmail(token)
     if email:
-        return get_user_data_email(token, email)
+        return get_user_data_email(email)
     else:
         return "", 401
 
 
-@app.route("/account/get/data/<token>/<email>", methods = ['GET'])
-def get_user_data_email(token, email):
+@app.route("/account/get/data/<email>", methods = ['GET'])
+def get_user_data_email(email):
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
     if database_helper.is_online(token):
         data = database_helper.get_data_email(email)
         if data:
@@ -130,17 +141,27 @@ def get_user_data_email(token, email):
         return "", 401
 
 
-@app.route("/account/get/message/<token>", methods = ['GET'])
-def get_user_message_token(token):
+@app.route("/account/get/message", methods = ['GET'])
+def get_user_message_token():
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
     email = database_helper.tokenToEmail(token)
     if email:
-        return get_user_message_email(token, email)
+        return get_user_message_email(email)
     else:
         return "", 401
 
 
-@app.route("/account/get/message/<token>/<email>", methods = ['GET'])
-def get_user_message_email(token, email):
+@app.route("/account/get/message/<email>", methods = ['GET'])
+def get_user_message_email(email):
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
     if database_helper.is_online(token):
         data = database_helper.get_messages_email(email)
         #this user has message(s)
@@ -167,10 +188,11 @@ def get_user_message_email(token, email):
 @app.route("/account/post_message", methods = ['POST'])
 def post_message():
     data = request.get_json()
-    if('token' in data
+    token = get_token_from_header()
+    if(token != 1
         and 'message' in data
         and 'email_recipient' in data):
-        email_sender = database_helper.tokenToEmail(data['token'])
+        email_sender = database_helper.tokenToEmail(token)
         if email_sender:
             if(data['email_recipient'] == "null"):
                 data['email_recipient'] = email_sender
@@ -188,6 +210,15 @@ def post_message():
         return "", 400
 
 
+def get_token_from_header():
+    try:
+        token = request.headers['token']
+    except:
+        token = 1
+
+    return token
+
+
 def generate_token():
     characters = string.ascii_letters + string.digits
     return ''.join(random.choices(characters, k=36))