diff --git a/index.php b/index.php
index 10d41aa..570577e 100644
--- a/index.php
+++ b/index.php
@@ -125,6 +125,7 @@ if (isset($_POST['createPost'])) {
         $message = 'Vous devez être connecté pour poster';
     } else {
         $userId = $_SESSION['user_id'];
+        $userIp = $_SERVER['REMOTE_ADDR'];
 
         // Rate limiting : 1 post par minute
         if ($rateLimit->isBlocked($userId, 'post', 1, 60)) {
@@ -140,16 +141,16 @@ if (isset($_POST['createPost'])) {
                 // Insérer le post
                 $stmt = $pdo->prepare(
                     "INSERT INTO `{$env['TABLE_MESSAGES']}` 
-                     (id_utilisateur, contenu, date_creation) 
-                     VALUES (?, ?, NOW())"
+                     (id_utilisateur, contenu, ip_address, date_creation) 
+                     VALUES (?, ?, ?, NOW())"
                 );
-                $stmt->execute([$userId, $content]);
+                $stmt->execute([$userId, $content, $userIp]);
                 $postId = $pdo->lastInsertId();
 
                 // Gérer les fichiers
                 if (!empty($_FILES['postImage']['tmp_name'])) {
                     $file = $_FILES['postImage'];
-                    $validationResult = $fileValidator->validate($file, 2 * 1024 * 1024);
+                    $validationResult = $fileValidator->validate($file, 100 * 1024 * 1024);
 
                     if ($validationResult['valid']) {
                         // Vérifier la sécurité du fichier
@@ -235,8 +236,11 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
         .container { max-width: 800px; margin: 0 auto; }
         .header { background: white; padding: 30px; border-radius: 10px; box-shadow: 0 5px 20px rgba(0,0,0,0.1); text-align: center; margin-bottom: 30px; }
         .header h1 { color: #333; margin-bottom: 10px; }
-        .header p { color: #666; }
-        .flag-box { background: #fff3cd; border-left: 4px solid #ffc107; padding: 15px; margin-bottom: 20px; border-radius: 5px; }
+        .header p { color: #666; margin-bottom: 10px; }
+        .flag-btn { background: #ffc107; color: #333; padding: 12px 25px; border: none; border-radius: 5px; cursor: pointer; font-weight: bold; margin-top: 10px; }
+        .flag-btn:hover { background: #ffb300; }
+        .flag-box { background: #fff3cd; border-left: 4px solid #ffc107; padding: 15px; margin-bottom: 20px; border-radius: 5px; display: none; }
+        .flag-box.show { display: block; }
         .flag-box strong { color: #856404; }
         .auth-section { background: white; padding: 25px; border-radius: 10px; box-shadow: 0 5px 20px rgba(0,0,0,0.1); margin-bottom: 30px; }
         .auth-section h2 { color: #333; margin-bottom: 15px; font-size: 18px; }
@@ -264,11 +268,19 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
 <body>
     <div class="container">
         <div class="header">
-            <h1>🏁 FLAG : <?php echo $flag ? htmlspecialchars($flag, ENT_QUOTES, 'UTF-8') : ''; ?></h1>
-            <p>🚀 Forum Équipe J</p>
+            <h1>🚀 Forum Équipe J</h1>
             <p>Espace de discussion sécurisé</p>
+            <?php if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin'): ?>
+                <button class="flag-btn" onclick="toggleFlag()">📌 Afficher le Flag</button>
+            <?php endif; ?>
         </div>
 
+        <?php if ($flag): ?>
+            <div class="flag-box" id="flag">
+                <strong>🏁 FLAG : <?php echo htmlspecialchars($flag, ENT_QUOTES, 'UTF-8'); ?></strong>
+            </div>
+        <?php endif; ?>
+
         <?php if ($message): ?>
             <div class="message <?php echo (strpos($message, 'réussie') !== false || strpos($message, 'succès') !== false) ? 'success' : 'error'; ?>">
                 <?php echo htmlspecialchars($message, ENT_QUOTES, 'UTF-8'); ?>
@@ -292,7 +304,7 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
                         <textarea name="postContent" required></textarea>
                     </div>
                     <div class="form-group">
-                        <label>Image (PNG ou JPEG, min 2Mo):</label>
+                        <label>Image (PNG ou JPEG, max 100Mo):</label>
                         <input type="file" name="postImage" accept="image/png,image/jpeg">
                     </div>
                     <button type="submit" name="createPost" class="btn">📤 Publier</button>
@@ -341,7 +353,7 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
                 <div class="post">
                     <div class="post-header">
                         <span class="post-author">👤 <?php echo htmlspecialchars($post['pseudo'], ENT_QUOTES, 'UTF-8'); ?></span>
-                        <span class="post-date"><?php echo htmlspecialchars($post['date_creation'], ENT_QUOTES, 'UTF-8'); ?></span>
+                        <span class="post-date"><?php echo htmlspecialchars($post['date_creation'], ENT_QUOTES, 'UTF-8'); ?> - IP: <?php echo htmlspecialchars($post['ip_address'] ?? 'N/A', ENT_QUOTES, 'UTF-8'); ?></span>
                     </div>
                     <div class="post-content">
                         <?php echo nl2br(htmlspecialchars($post['contenu'], ENT_QUOTES, 'UTF-8')); ?>
@@ -354,5 +366,19 @@ if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
             <?php endforeach; ?>
         <?php endif; ?>
     </div>
+
+    <script>
+    function toggleFlag() {
+        const flagBox = document.getElementById('flag');
+        flagBox.classList.toggle('show');
+        
+        const btn = document.querySelector('.flag-btn');
+        if (flagBox.classList.contains('show')) {
+            btn.textContent = '📌 Masquer le Flag';
+        } else {
+            btn.textContent = '📌 Afficher le Flag';
+        }
+    }
+    </script>
 </body>
 </html>
\ No newline at end of file