diff --git a/Client/scripts.js b/Client/scripts.js
index 07d5d73..2f8130d 100644
--- a/Client/scripts.js
+++ b/Client/scripts.js
@@ -222,6 +222,16 @@ async function checkSettings(skipServer=false) {
         document.getElementById("partymode-button").innerHTML = "Off";
     }
     document.getElementById("volumerange").value = parseInt(x["volume"])
+
+    // do the admin checkboxes here
+    // seemingly i almost finished it last time, dunno why i stopped here
+    // like as far as i can tell this is the last step
+    let currentAdminPerms = x["admin"];
+    document.getElementById("addsongsettingcheckbox").checked = currentAdminPerms["AS"];
+    document.getElementById("skipsongsettingcheckbox").checked = currentAdminPerms["SK"];
+    document.getElementById("playpausesettingcheckbox").checked = currentAdminPerms["PP"];
+    document.getElementById("partymodesettingcheckbox").checked = currentAdminPerms["PM"];
+    document.getElementById("volumechangesettingcheckbox").checked = currentAdminPerms["VOL"];
 }
 
 async function generateVisualPlaylist(conditions="") {
@@ -325,14 +335,20 @@ function adminPassEnter(e) {
         alertText("Admin Password Updated")
     }
 }
-function submitPerms() {
+async function submitPerms() {
     let tempData = {}
-    tempData["PP"] = document.getElementById("playpausesettingcheckbox").checked
-    tempData["SK"] = document.getElementById("skipsongsettingcheckbox").checked
-    tempData["AS"] = document.getElementById("addsongsettingcheckbox").checked
-    tempData["PM"] = document.getElementById("partymodesettingcheckbox").checked
-    tempData["VOL"] = document.getElementById("partymodesettingcheckbox").checked
-    getFromServer({"setting":"perms","admin":tempData},"settings")
+    tempData["PP"] = document.getElementById("playpausesettingcheckbox").checked;
+    tempData["SK"] = document.getElementById("skipsongsettingcheckbox").checked;
+    tempData["AS"] = document.getElementById("addsongsettingcheckbox").checked;
+    tempData["PM"] = document.getElementById("partymodesettingcheckbox").checked;
+    tempData["VOL"] = document.getElementById("partymodesettingcheckbox").checked;
+    let returncode = await getFromServer({"setting":"perms","admin":tempData},"settings");
+    if (returncode === "401") {
+        // just so that the checkboxes don't change if you click without the
+        // (I know i could do this better but this is good enough for now)
+        // okay this actually doesn't work but i have to go eat dinner
+        checkSettings();
+    }
 }
 
 let optionslist = []
@@ -350,6 +366,8 @@ document.getElementById("settings-mode").style.display = "none";
 document.getElementById("volumerange").onchange = async function() {
     let returnValue = await getFromServer({setting:"volume",level:this.value}, "settings")
     if (returnValue["volumePassed"] !=0) {
+        // i forgot about this, i had to do this because it confused the crap out of me one time
+        // vlc doesn't let you change the volume of nothing, which makes sense if you think about it
         alertText("Nothing is playing")
         document.getElementById("volumerange").value = -1
     }
@@ -378,6 +396,7 @@ document.getElementById("songlist").addEventListener('click', function(e){checkW
 let tempWidth = document.getElementById('controls').clientWidth;
 document.getElementById("controls").style.marginLeft = "-"+String(parseInt(tempWidth/2))+"px";
 // document.getElementById("darkmode-button").addEventListener('click',function(){toggleDark()})
+
 //for my use case (my immediate family), they dont know how to set an ip
 //using this allows the creator of the link for, a qr code for example, to set the ip before distributing the code, and it would all work smoothly
 //example (http://192.168.1.100:8000/?ip=192.168.1.100:19054 sets the ip to the same host at the default port)
diff --git a/Server/webbyBits.py b/Server/webbyBits.py
index 22a84c5..fb81d9f 100644
--- a/Server/webbyBits.py
+++ b/Server/webbyBits.py
@@ -10,7 +10,11 @@ parser=argparse.ArgumentParser(description="Options for the Webby Bits")
 parser.add_argument('-p','--port',help="Port to host on, not the same as the web (client) port",default='19054')
 parser.add_argument('-a','--admin',help="Add an admin password to be used in the client. DO NOT use a password you use elsewhere",default="")
 args = parser.parse_args()
+
+
 portTheUserPicked=args.port
+#Just a note that the return code "401" as of now is used to mean "you don't have the password"
+#This is not great design, and the whole "returning string codes" thing is something to add to the todo list
 ADMIN_PASS = args.admin
 if not(ADMIN_PASS):
     ADMIN_PASS = None
@@ -36,7 +40,7 @@ elif "/" in soundLocation:
     soundLocation += "/"
 else:
     soundLocation += "\\"
-print(soundLocation)
+#print(soundLocation)
 #Create Virtual table for searching
 songDatabase.execute("DROP TABLE virtualSongs;")
 songDatabase.execute("CREATE VIRTUAL TABLE virtualSongs USING fts5(filename, title, artist, art, length);")
@@ -58,7 +62,7 @@ player = fakeplayer.media_player_new()
 # for client side volume to work as well as possible, set system volume to 100 and control in app
 player.audio_set_volume(100)
 app = Flask(__name__)
-# because you are posting from another domain to this one, you need CORS
+# because you are POSTing from another domain to this one, you need CORS
 CORS(app)
 
 def queueSong(song):
@@ -124,6 +128,8 @@ def playerControls():
                 return "401"
         else:
             return "400"
+    else:
+        return "400"
 
 @app.route("/settings", methods=['POST'])
 def settingsControl():
@@ -145,8 +151,8 @@ def settingsControl():
         else:
             return "401"
     elif recieveData["setting"] == "perms":
-        print(ADMIN_PASS)
-        print(recieveData["password"])
+        # print(ADMIN_PASS)
+        # print(recieveData["password"])
         if ADMIN_PASS == recieveData["password"] and ADMIN_PASS:
             #if an adminpass doesn't exist these perms can never be changed
             controlPerms = recieveData["admin"]
@@ -188,17 +194,14 @@ def searchSongDB():
 @app.route("/songadd", methods=["POST"])
 def songadd():
     recieveData=request.get_json(force=True)
-    if ADMIN_PASS and ADMIN_PASS == recieveData['password']:
-        # Pass exists and is correct
+    if (ADMIN_PASS and ADMIN_PASS == recieveData['password']):
+        # Pass exists and is correct, or it's not restricted 
         queueSong(recieveData['song'])
         return "200"
-    elif ADMIN_PASS and not(controlPerms["AS"]):
+    else:
         # Pass exists, or this action isn't restricted 
         return "401"
-    else:
-        # No pass
-        queueSong(recieveData['song'])
-        return "200"
+
 @app.route("/playlist", methods=["POST"])
 def getPlaylist():
     global songNext