diff --git a/.gitignore b/.gitignore
index 041e35c..9fcbcb8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@ package-lock.json
 
 # Image Node data
 users.json
+images/
 
diff --git a/app.js b/app.js
index 1fc5724..50d5db1 100644
--- a/app.js
+++ b/app.js
@@ -5,8 +5,21 @@ let bodyParser = require('body-parser');
 let session = require("express-session");
 let fs = require("fs");
 let passwordHash = require('password-hash');
+let multer = require("multer");
+let crypto = require("crypto");
+let path = require("path");
 
 let app = express();
+let storage = multer.diskStorage({
+	destination: './images/',
+	filename: function (req, file, cb) {
+		crypto.pseudoRandomBytes(16, function (err, raw) {
+			if (err) return cb(err)
+			cb(null, raw.toString('hex') + path.extname(file.originalname))
+		})
+	}}
+);
+let upload = multer({storage: storage});
 
 if (!fs.existsSync("users.json")) {
 	fs.writeFileSync("users.json", "{}");
@@ -43,7 +56,7 @@ function isAuth(req, res, next) {
 app.use(morgan("dev"))
 	.use(express.static("public"))
 	.use(bodyParser.urlencoded({ extended: true }))
-	.use(cookieParser())
+	.use(cookieParser(process.env.SECRET))
 	.use(session({
 		secret: process.env.SECRET,
 		resave: false,
@@ -55,6 +68,12 @@ app.use(morgan("dev"))
 	.get("/", isAuth, (req, res) => {
 		res.render("index");
 	})
+	.post("/upload", isAuth, upload.single("image"), (req, res) => {
+		if (req.body.image) {
+			fs.writeFile("images/", data, options, callback)
+		}
+		res.redirect("/");
+	})
 	.get("/login", (req, res) => {
 		let fail = false;
 		if ("fail" in req.query) {
diff --git a/package.json b/package.json
index a06fe34..b2199d6 100644
--- a/package.json
+++ b/package.json
@@ -9,6 +9,7 @@
     "express": "^4.17.1",
     "express-session": "^1.17.1",
     "morgan": "^1.10.0",
+    "multer": "^1.4.2",
     "password-hash": "^1.2.2",
     "pug": "^2.0.4"
   },