diff --git a/Dockerfile b/Dockerfile
index 2014659..3ea9aa0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,6 +17,7 @@ RUN apt-get install -y \
 	php-cgi \
 	php-cli \
 	php-common \
+	php-gd 	\
 	php-curl \
 	php-dev \
 	php-json \
diff --git a/README.md b/README.md
index f5e8849..864c52a 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@
 * Broken Authentication
 * Race Condition
 * Server Side Template Injection (SSTI)
+* API Hacking
 
 <!-- Installation -->
 ## Installation
diff --git a/app/lab/api-hacking/API-HACKING2/allcontent.php b/app/lab/api-hacking/API-HACKING2/allcontent.php
new file mode 100644
index 0000000..9a415d7
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/allcontent.php
@@ -0,0 +1,36 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+require_once "dbconnect.php";
+
+$sql = "SELECT id, content FROM contents";
+$stmt = $pdo->query($sql);
+$contents = $stmt->fetchAll(PDO::FETCH_ASSOC);
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>API HACKING</title>
+    <!-- Add Bootstrap CSS -->
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+</head>
+<body>
+    <div class="container">
+        <h2><?php echo $strings['allcontent']; ?></h2>
+        <div class="row">
+            <?php foreach($contents as $content) : ?>
+            <div class="col-md-4">
+                <div class="card content-card">
+                    <div class="card-body">
+                        <p class="card-text"><?= substr($content['content'], 0, 100); ?>...</p>
+                        <a href="viewcontent.php?id=<?= $content['id']; ?>" class="btn btn-primary"><?php echo $strings['view']; ?></a>
+                    </div>
+                </div>
+            </div>
+            <?php endforeach; ?>
+        </div>
+    </div>
+</body>
+<script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</html>
diff --git a/app/lab/api-hacking/API-HACKING2/api.db b/app/lab/api-hacking/API-HACKING2/api.db
new file mode 100644
index 0000000..2db3158
Binary files /dev/null and b/app/lab/api-hacking/API-HACKING2/api.db differ
diff --git a/app/lab/api-hacking/API-HACKING2/api.php b/app/lab/api-hacking/API-HACKING2/api.php
new file mode 100644
index 0000000..cbd182a
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/api.php
@@ -0,0 +1,27 @@
+<?php
+session_start();
+if(!isset($_SESSION['user_id'])) {
+    http_response_code(401);
+    echo "Yetkisiz erişim!";
+    exit;
+}
+
+if($_SERVER["REQUEST_METHOD"] == "POST") {
+    require_once "dbconnect.php";
+
+    $content_id = $_POST['content_id'];
+    $new_content = $_POST['new_content'];
+
+    $sql = "UPDATE contents SET content = :new_content WHERE id = :content_id";
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindParam(':new_content', $new_content, PDO::PARAM_STR);
+    $stmt->bindParam(':content_id', $content_id, PDO::PARAM_INT);
+    $Stmt->bindParam(':userid', $_SESSION['user_id'], PDO::PARAM_INT);
+    $stmt->execute();
+
+    echo "Makale başarıyla güncellendi!";
+} else {
+    http_response_code(405);
+    echo "Geçersiz metod!";
+}
+?>
diff --git a/app/lab/api-hacking/API-HACKING2/content.php b/app/lab/api-hacking/API-HACKING2/content.php
new file mode 100644
index 0000000..2d5e439
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/content.php
@@ -0,0 +1,63 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+session_start();
+if(!isset($_SESSION['user_id'])) {
+    header("Location: index.php");
+    exit;
+}
+
+require_once "dbconnect.php";
+
+$user_id = $_SESSION['user_id'];
+$sql = "SELECT id, content FROM contents WHERE userid = :userid";
+$stmt = $pdo->prepare($sql);
+$stmt->bindParam(':userid', $user_id, PDO::PARAM_INT);
+$stmt->execute();
+$contents = $stmt->fetchAll(PDO::FETCH_ASSOC);
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>API HACKING</title>
+    <!-- Add Bootstrap CSS -->
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+    <style>
+        /* Optional: Add custom CSS for styling */
+        .content-card {
+            margin-bottom: 20px;
+        }
+        .btn-primary a,
+.btn-danger a {
+    color: white;
+}
+    </style>
+</head>
+<body>
+    <div class="container">
+    <button class="btn btn-danger"><a href="logout.php"><?php echo $strings['logout']; ?></a></button>
+<button class="btn btn-primary"><a href="allcontent.php"><?php echo $strings['allcontent']; ?></a></button>
+
+        <h2><?php echo $strings['articles']; ?></h2>
+        <div class="row">
+            <?php foreach($contents as $content) : ?>
+            <div class="col-md-4">
+                <div class="card content-card">
+                    <div class="card-body">
+                        <p class="card-text"><?= $content['content']; ?></p>
+                        <a href="edit-content.php?id=<?= $content['id']; ?>" class="btn btn-primary"><?php echo $strings['edit'] ?></a>
+                    </div>
+                </div>
+            </div>
+            <?php endforeach; ?>
+        </div>
+    </div>
+
+    <!-- Add Bootstrap JS (optional, only if you need Bootstrap JS features) -->
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
+</body>
+<script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</html>
diff --git a/app/lab/api-hacking/API-HACKING2/dbconnect.php b/app/lab/api-hacking/API-HACKING2/dbconnect.php
new file mode 100644
index 0000000..445b387
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/dbconnect.php
@@ -0,0 +1,5 @@
+<?php
+$database_file = 'api.db';
+$pdo = new PDO("sqlite:" . $database_file);
+$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+?>
diff --git a/app/lab/api-hacking/API-HACKING2/edit-content.php b/app/lab/api-hacking/API-HACKING2/edit-content.php
new file mode 100644
index 0000000..e187fc3
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/edit-content.php
@@ -0,0 +1,68 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+session_start();
+if(!isset($_SESSION['user_id'])) {
+    header("Location: index.php");
+    exit;
+}
+
+require_once "dbconnect.php";
+
+if($_SERVER["REQUEST_METHOD"] == "POST") {
+    $content_id = $_POST['content_id'];
+    $content = $_POST['content'];
+
+    $sql = "UPDATE contents SET content = :content WHERE id = :content_id";
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindParam(':content', $content, PDO::PARAM_STR);
+    $stmt->bindParam(':content_id', $content_id, PDO::PARAM_INT);
+    $stmt->execute();
+
+    header("Location: content.php");
+    exit;
+}
+
+$content_id = $_GET['id'];
+$user_id = $_SESSION['user_id'];
+$sql = "SELECT content FROM contents WHERE id = :content_id AND userid = :userid";
+$stmt = $pdo->prepare($sql);
+$stmt->bindParam(':content_id', $content_id, PDO::PARAM_INT);
+$stmt->bindParam(':userid', $user_id, PDO::PARAM_INT);
+$stmt->execute();
+$content = $stmt->fetch(PDO::FETCH_ASSOC);
+
+if(!$content) {
+    echo $strings['contentnotfound'];
+    exit;
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>API HACKING</title>
+    <!-- Add Bootstrap CSS -->
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+</head>
+<body>
+    <div class="container">
+        <h2><?php echo $strings['editarticle']; ?></h2>
+        <form method="post" action="">
+            <input type="hidden" name="content_id" value="<?= $content_id; ?>">
+            <div class="form-group">
+                <label for="content"><?php echo $strings['content']; ?>:</label>
+                <textarea class="form-control" id="content" name="content" rows="5"><?= $content['content']; ?></textarea>
+            </div>
+            <button type="submit" class="btn btn-primary"><?php echo $strings['save'] ?></button>
+        </form>
+    </div>
+
+    <!-- Add Bootstrap JS (optional, only if you need Bootstrap JS features) -->
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
+    <script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
+
diff --git a/app/lab/api-hacking/API-HACKING2/en.ini b/app/lab/api-hacking/API-HACKING2/en.ini
new file mode 100644
index 0000000..c931494
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/en.ini
@@ -0,0 +1,18 @@
+title = "API Hacking"
+username = "Username"
+password = "Password"
+login = "Login"
+loginerror = "Invalid username or password!"
+edit = "Edit"
+logout = "Log Out"
+articles = "Articles"
+contentnotfound = "You do not have access to this article!" 
+editarticle = "Edit the article" 
+save = "Save"
+content = "Content"
+allcontent = "All Articles"
+view = "View"
+article = "Article"
+notfound = "Content not found!"
+missid = "Content ID is missing!"
+author = "Author: "
\ No newline at end of file
diff --git a/app/lab/api-hacking/API-HACKING2/fr.ini b/app/lab/api-hacking/API-HACKING2/fr.ini
new file mode 100644
index 0000000..566df4d
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/fr.ini
@@ -0,0 +1,18 @@
+title = "API Hacking"
+username = "Nom d'utilisateur"
+password = "Mot de passe"
+login = "Connexion"
+loginerror = "Nom d'utilisateur ou mot de passe incorrect!"
+edit = "Modifier"
+logout =  "Déconnexion"
+articles = "Articles"
+contentnotfound = "Vous n'avez pas accès à cet article!"
+editarticle = "Modifier l'article"
+save = "Enregistrer"
+content = "Contenu" 
+allcontent = "Tous les articles"
+view = "Voir"
+article = "Article"
+notfound = "Contenu introuvable!"
+missid = "L'ID de contenu est manquant!"
+author = "Auteure: "
\ No newline at end of file
diff --git a/app/lab/api-hacking/API-HACKING2/index.php b/app/lab/api-hacking/API-HACKING2/index.php
new file mode 100644
index 0000000..e3af7ef
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/index.php
@@ -0,0 +1,103 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+session_start();
+if(isset($_SESSION['user_id'])) {
+    header("Location: content.php");
+    exit;
+}
+
+if($_SERVER["REQUEST_METHOD"] == "POST") {
+    require_once "dbconnect.php";
+
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+
+    $sql = "SELECT id, username, password FROM users WHERE username = :username AND password = :password";
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindParam(':username', $username, PDO::PARAM_STR);
+    $stmt->bindParam(':password', $password, PDO::PARAM_STR);
+    $stmt->execute();
+    $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if($user) {
+        $_SESSION['user_id'] = $user['id'];
+        header("Location: content.php");
+        exit;
+    } else {
+        $error = $strings['loginerror'];
+    }
+}
+
+
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>API HACKING</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet">
+    <style>
+        /* Stil düzenlemeleri */
+        .container {
+            margin-top: 50px; /* Formun sayfanın ortasında olması için boşluk bırak */
+        }
+        .card {
+            display: flex;
+            flex-direction: column;
+            justify-content: center;
+            align-items: center;
+            padding: 20px;
+        }
+        .card-body {
+            width: 100%;
+        }
+        .btn-primary {
+            margin-top: 20px;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="row justify-content-center">
+            <div class="col-md-6">
+                <div class="card">
+                    <div class="card-body">
+                        <h2 class="card-title text-center">Login</h2>
+                        <form method="post" action="">
+                            <div class="form-group">
+                                <label for="username"><?php echo $strings['username'];?>:</label>
+                                <input type="text" class="form-control" id="username" name="username" required>
+                            </div>
+                            <div class="form-group">
+                                <label for="password"><?php echo $strings['password'];?>:</label>
+                                <input type="password" class="form-control" id="password" name="password" required>
+                            </div>
+                            <div class="form-group text-center">
+                                <h3><?php echo $strings['username'];?>: user1</h3>
+                                <h3><?php echo $strings['password'];?>: password1</h3>
+                            </div>
+                            <button type="submit" class="btn btn-primary"><?php echo $strings['login'];?></button>
+                        </form>
+                        <?php if(isset($error)) { echo '<div class="alert alert-danger mt-3" role="alert">' . $error . '</div>'; } ?>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Bootstrap JS ve jQuery -->
+    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.4/dist/umd/popper.min.js"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
+    <script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
+
+
+
+
+
+
+
diff --git a/app/lab/api-hacking/API-HACKING2/logout.php b/app/lab/api-hacking/API-HACKING2/logout.php
new file mode 100644
index 0000000..ac0ed9c
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/logout.php
@@ -0,0 +1,6 @@
+<?php 
+session_start();
+session_destroy();
+header("Location: index.php");
+exit;
+?>
diff --git a/app/lab/api-hacking/API-HACKING2/tr.ini b/app/lab/api-hacking/API-HACKING2/tr.ini
new file mode 100644
index 0000000..5ede110
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/tr.ini
@@ -0,0 +1,18 @@
+title = "API Saldırısı"
+username = "Kullanıcı Adı"
+password = "Şifre"
+login = "Giriş Yap"
+loginerror = "Kullanıcı adı veya şifre hatalı!"
+edit = "Düzenle"
+logout = "Çıkış Yap"
+articles = "Makaleler"
+contentnotfound = "Bu makaleye erişim izniniz yok!"
+editarticle = "Makaleyi Düzenle"
+save = "Kaydet"
+content = "İçerik"
+allcontent = "Tüm Makaleler"
+view = "Görüntüle"
+article = "Makale"
+notfound = "İçerik bulunamadı."
+missid = "ID bulunamadı."
+author = "Yazar: "
\ No newline at end of file
diff --git a/app/lab/api-hacking/API-HACKING2/viewcontent.php b/app/lab/api-hacking/API-HACKING2/viewcontent.php
new file mode 100644
index 0000000..155aab9
--- /dev/null
+++ b/app/lab/api-hacking/API-HACKING2/viewcontent.php
@@ -0,0 +1,55 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+require_once "dbconnect.php";
+
+if(isset($_GET['id'])) {
+    $content_id = $_GET['id'];
+    
+    $sql = "SELECT contents.content, users.username 
+            FROM contents 
+            INNER JOIN users ON contents.userid = users.id
+            WHERE contents.id = :content_id";
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindParam(':content_id', $content_id, PDO::PARAM_INT);
+    $stmt->execute();
+    $content = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if($content) { 
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <title>API HACKING</title>
+    <!-- Add Bootstrap CSS -->
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+    <style>
+        /* Optional: Add custom CSS for styling */
+        .content-card {
+            margin-bottom: 20px;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="card content-card">
+            <div class="card-header">
+                <?php echo $strings['author'] . $content['username']; ?>
+            </div>
+            <div class="card-body">
+                <h5 class="card-title"><?php echo $strings['article'] ?></h5>
+                <p class="card-text"><?php echo $content['content']; ?></p>
+            </div>
+        </div>
+    </div>
+</body>
+<script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</html>
+<?php
+    } else {
+        echo $strings['notfound'];
+    }
+} else {
+    echo $strings['missid'];
+}
+?>
diff --git a/app/lab/api-hacking/api-hacking/api.php b/app/lab/api-hacking/api-hacking/api.php
new file mode 100644
index 0000000..95a9cf6
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking/api.php
@@ -0,0 +1,23 @@
+<?php
+// Şehir adını al
+$city = $_GET['city'];
+
+// Şehir adı boşsa hata döndür
+if (empty($city)) {
+    echo "Lütfen bir şehir adı girin.";
+    exit;
+}
+
+// Şehir adına göre hava durumu verisi oluştur
+$weatherData = array(
+    'city' => $city,
+    'temperature' => rand(-10, 40), // Rastgele sıcaklık oluştur
+    'description' => 'Parçalı bulutlu', // Sabit bir hava durumu açıklaması
+    'humidity' => rand(0, 100), // Rastgele nem oluştur
+    'wind_speed' => rand(0, 30) // Rastgele rüzgar hızı oluştur
+);
+
+// JSON formatında hava durumu bilgisini döndür
+header('Content-Type: application/json');
+echo json_encode($weatherData);
+?>
diff --git a/app/lab/api-hacking/api-hacking/en.ini b/app/lab/api-hacking/api-hacking/en.ini
new file mode 100644
index 0000000..ff71f0e
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking/en.ini
@@ -0,0 +1,8 @@
+lang = "en"
+title = "API Hacking"
+weather = "Weather"
+info = "Weather Info's"
+get_weather = "Get Weather"
+city = "City"
+for = "Weather forecast for" 
+please = "Please enter a city name."
\ No newline at end of file
diff --git a/app/lab/api-hacking/api-hacking/fr.ini b/app/lab/api-hacking/api-hacking/fr.ini
new file mode 100644
index 0000000..ca2b1be
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking/fr.ini
@@ -0,0 +1,8 @@
+lang = "fr"
+title = "API Hacking"
+weather = "Météo"
+info = "Informations météorologiques"
+get_weather = "Obtenir la météo"
+city = "Ville"
+for = "Météo à"
+please = "Veuillez saisir un nom de ville." 
\ No newline at end of file
diff --git a/app/lab/api-hacking/api-hacking/get-weather.php b/app/lab/api-hacking/api-hacking/get-weather.php
new file mode 100644
index 0000000..b7d86d4
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking/get-weather.php
@@ -0,0 +1,52 @@
+<?php
+
+require("../../../lang/lang.php");
+$strings = tr();
+
+$city = $_GET['city'];
+if (empty($city)) {
+    echo $strings['please'];
+    exit;
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?php echo $strings['weather']?> - <?php echo $city; ?></title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+    <style>
+        body {
+            padding: 50px;
+        }
+        h1 {
+            text-align: center;
+            margin-bottom: 30px;
+        }
+        iframe {
+            width: 100%;
+            height: 400px;
+            border: 1px solid #ccc;
+            border-radius: 5px;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="card">
+            <div class="card-header">
+                <h1 class="card-title"><?php echo $city; ?> <?php echo $strings['for']?></h1>
+            </div>
+            <div class="card-body">
+                <div class="embed-responsive embed-responsive-16by9">
+                    <iframe class="embed-responsive-item" src="api.php?city=<?php echo $city; ?>"></iframe>
+                </div>
+            </div>
+        </div>
+    </div>
+</body>
+
+</html>
+
+
diff --git a/app/lab/api-hacking/api-hacking/index.php b/app/lab/api-hacking/api-hacking/index.php
new file mode 100644
index 0000000..73b5344
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking/index.php
@@ -0,0 +1,40 @@
+<?php 
+require("../../../lang/lang.php");
+$strings = tr();
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title><?php echo $strings['weather']; ?></title>
+    <!-- Bootstrap CSS dosyasını ekleyin -->
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+</head>
+<body>
+    <div class="container">
+        <div class="row justify-content-center align-items-center" style="height: 100vh;">
+            <div class="col-md-6">
+                <div class="card">
+                    <div class="card-body">
+                        <h1 class="card-title"><?php echo $strings['info']; ?></h1>
+                        <form action="get-weather.php" method="GET">
+                            <div class="form-group">
+                                <?php echo $strings['city']; ?>: <input type="text" name="city" class="form-control">
+                            </div>
+                            <div class="form-group mt-3">
+                                <!-- Butonun class'ını 'btn btn-primary' yaparak primary stile sahip olmasını sağlayın -->
+                                <button type="submit" class="btn btn-primary"><?php echo $strings['get_weather']; ?></button>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <script id="VLBar" title="<?= $strings['title'] ?>" category-id="1" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
+
+
+
diff --git a/app/lab/api-hacking/api-hacking/tr.ini b/app/lab/api-hacking/api-hacking/tr.ini
new file mode 100644
index 0000000..80190c3
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking/tr.ini
@@ -0,0 +1,8 @@
+lang = "tr"
+title = "API Saldırısı"
+weather = "Hava Durumu"
+info = "Hava Durumu Bilgisi"
+get_weather = "Hava Durumunu Getir"
+city = "Şehir"
+for = "için Hava Durumu"
+please = "Lütfen bir şehir adı girin."
\ No newline at end of file
diff --git a/app/lab/api-hacking/api-hacking1/all_wallpapers.php b/app/lab/api-hacking/api-hacking1/all_wallpapers.php
new file mode 100644
index 0000000..20c5825
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/all_wallpapers.php
@@ -0,0 +1,52 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+$uploadDirectory = '../api-hacking1/api/uploads/';
+$images = scandir($uploadDirectory);
+
+$images = array_diff($images, array('..', '.'));
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Hacking</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+
+<div class="container mt-5">
+    <button type="button" class="btn btn-primary mt-2" onclick="backToLoginPage()"><?php echo $strings['backtologin']; ?></button>
+    <p></p>
+    <div class="row">
+        <?php foreach ($images as $image) : ?>
+            <div class="col-md-4 mb-4">
+                <div class="card h-100">
+                    <img src="<?= $uploadDirectory . $image ?>" class="card-img-top" alt="<?= $image ?>">
+                    <div class="card-body text-center">
+                        <h5 class="card-title"><?= $image ?></h5>
+                    </div>
+                </div>
+            </div>
+        <?php endforeach; ?>
+    </div>
+
+    <div class="mt-3">
+    </div>
+</div>
+
+<!-- Bootstrap JS and Popper.js (required for Bootstrap JavaScript plugins) -->
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+<script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+<script>
+    function backToLoginPage() {
+        window.location.href = 'index.php'; 
+    }
+</script>
+</body>
+</html>
diff --git a/app/lab/api-hacking/api-hacking1/api/all_wallpapers.php b/app/lab/api-hacking/api-hacking1/api/all_wallpapers.php
new file mode 100644
index 0000000..b4e90bb
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/all_wallpapers.php
@@ -0,0 +1,43 @@
+<?php
+$uploadDirectory = '../api/uploads/';
+$images = scandir($uploadDirectory);
+
+$images = array_diff($images, array('..', '.'));
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Hacking</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+
+<div class="container mt-5">
+    <p></p>
+    <div class="row">
+        <?php foreach ($images as $image) : ?>
+            <div class="col-md-4 mb-4">
+                <div class="card h-100">
+                    <img src="<?= $uploadDirectory . $image ?>" class="card-img-top" alt="<?= $image ?>">
+                    <div class="card-body text-center">
+                        <h5 class="card-title"><?= $image ?></h5>
+                    </div>
+                </div>
+            </div>
+        <?php endforeach; ?>
+    </div>
+
+    <div class="mt-3">
+    </div>
+</div>
+
+<!-- Bootstrap JS and Popper.js (required for Bootstrap JavaScript plugins) -->
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+<script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/1_delete_me.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/1_delete_me.jpg
new file mode 100644
index 0000000..a503e7f
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/1_delete_me.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/1_rick-and-morty-macbook-2880-x-1800-g3s43t1cye39jx5s.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/1_rick-and-morty-macbook-2880-x-1800-g3s43t1cye39jx5s.jpg
new file mode 100644
index 0000000..90386d4
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/1_rick-and-morty-macbook-2880-x-1800-g3s43t1cye39jx5s.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/1_rick-and-morty-sunglasses-pink-blue-wallpaper.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/1_rick-and-morty-sunglasses-pink-blue-wallpaper.jpg
new file mode 100644
index 0000000..e5cfe16
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/1_rick-and-morty-sunglasses-pink-blue-wallpaper.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/1_wp4945601.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/1_wp4945601.jpg
new file mode 100644
index 0000000..6a92e20
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/1_wp4945601.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/2_1458290-The-Last-of-Us-2-Naughty-Dog-Sony-Playstation-4K.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/2_1458290-The-Last-of-Us-2-Naughty-Dog-Sony-Playstation-4K.jpg
new file mode 100644
index 0000000..a94b40f
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/2_1458290-The-Last-of-Us-2-Naughty-Dog-Sony-Playstation-4K.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/2_1491251-The-Last-of-Us-2-video-games-PlayStation-4-screen.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/2_1491251-The-Last-of-Us-2-video-games-PlayStation-4-screen.jpg
new file mode 100644
index 0000000..133e2fa
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/2_1491251-The-Last-of-Us-2-video-games-PlayStation-4-screen.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/2_425331-The-Last-of-Us-2-video-games-artwork-post-apocalypse.png b/app/lab/api-hacking/api-hacking1/api/backup_images/2_425331-The-Last-of-Us-2-video-games-artwork-post-apocalypse.png
new file mode 100644
index 0000000..ae60c2b
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/2_425331-The-Last-of-Us-2-video-games-artwork-post-apocalypse.png differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/3_544298.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/3_544298.jpg
new file mode 100644
index 0000000..6a8137f
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/3_544298.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/3_mr-robot-control-illusion-3t2s38ni80wrmasf.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/3_mr-robot-control-illusion-3t2s38ni80wrmasf.jpg
new file mode 100644
index 0000000..8bf89ed
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/3_mr-robot-control-illusion-3t2s38ni80wrmasf.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/3_mr-robot-mask-f-society-artwork-4k-on-2880x1800.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/3_mr-robot-mask-f-society-artwork-4k-on-2880x1800.jpg
new file mode 100644
index 0000000..3afc020
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/3_mr-robot-mask-f-society-artwork-4k-on-2880x1800.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/4_130672-lara-croft-tomb-raider-5k.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/4_130672-lara-croft-tomb-raider-5k.jpg
new file mode 100644
index 0000000..7a0bdb7
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/4_130672-lara-croft-tomb-raider-5k.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/4_b610a778f896dbcb966e0d6083db2460.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/4_b610a778f896dbcb966e0d6083db2460.jpg
new file mode 100644
index 0000000..0f6ac49
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/4_b610a778f896dbcb966e0d6083db2460.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/4_tomb-raider-dark-sea-hd-lt4fxkxaz442tu1s.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/4_tomb-raider-dark-sea-hd-lt4fxkxaz442tu1s.jpg
new file mode 100644
index 0000000..36ede13
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/4_tomb-raider-dark-sea-hd-lt4fxkxaz442tu1s.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/5_3105122.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/5_3105122.jpg
new file mode 100644
index 0000000..f8d0eec
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/5_3105122.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/5_d027bacc775eea447f19eb18b352c024.jpeg b/app/lab/api-hacking/api-hacking1/api/backup_images/5_d027bacc775eea447f19eb18b352c024.jpeg
new file mode 100644
index 0000000..3d440b7
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/5_d027bacc775eea447f19eb18b352c024.jpeg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/backup_images/5_wp10244267.jpg b/app/lab/api-hacking/api-hacking1/api/backup_images/5_wp10244267.jpg
new file mode 100644
index 0000000..ddc59cd
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/backup_images/5_wp10244267.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/delete_image.php b/app/lab/api-hacking/api-hacking1/api/delete_image.php
new file mode 100644
index 0000000..3f3bcc3
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/delete_image.php
@@ -0,0 +1,26 @@
+<?php
+
+header("Content-Type: application/json");
+
+$response = array();
+
+if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
+    $imageToDelete = $_GET['image'];
+    $uploadDirectory = '../api/uploads/';
+
+    $targetFile = $uploadDirectory . $imageToDelete;
+
+    if (file_exists($targetFile) && unlink($targetFile)) {
+        $response['success'] = true;
+        $response['message'] = $strings['success2'];
+    } else {
+        $response['success'] = false;
+        $response['message'] = $strings['deleteerr'];
+    }
+} else {
+    $response['success'] = false;
+    $response['message'] = $strings['requestmethod'];
+}
+
+echo json_encode($response);
+?>
diff --git a/app/lab/api-hacking/api-hacking1/api/get_images.php b/app/lab/api-hacking/api-hacking1/api/get_images.php
new file mode 100644
index 0000000..fa216b5
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/get_images.php
@@ -0,0 +1,19 @@
+<?php
+session_start();
+
+$uploadDirectory = '../api/uploads/';
+
+if (isset($_SESSION['user_id'])) {
+    $userId = $_SESSION['user_id'];
+
+    $images = array_filter(scandir($uploadDirectory), function ($image) use ($userId) {
+        //Check if the number at the beginning of the file name matches the user ID.
+        preg_match('/^(\d+)_/', $image, $matches);
+        return isset($matches[1]) && $matches[1] == $userId;
+    });
+
+    echo json_encode(array_values($images));
+} else {
+    echo json_encode([]);
+}
+?>
diff --git a/app/lab/api-hacking/api-hacking1/api/logout.php b/app/lab/api-hacking/api-hacking1/api/logout.php
new file mode 100644
index 0000000..632e419
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/logout.php
@@ -0,0 +1,8 @@
+<?php
+session_start();
+
+session_unset();
+session_destroy();
+
+$response = array('success' => true);
+echo json_encode($response);
diff --git a/app/lab/api-hacking/api-hacking1/api/reset_images.php b/app/lab/api-hacking/api-hacking1/api/reset_images.php
new file mode 100644
index 0000000..25e6680
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/reset_images.php
@@ -0,0 +1,35 @@
+<?php
+
+header("Content-Type: application/json");
+
+$response = array();
+
+$backupDirectory = __DIR__ . '/backup_images/';
+
+if (!file_exists($backupDirectory)) {
+    $response['success'] = false;
+    echo json_encode($response);
+    exit;
+}
+
+$uploadDirectory = 'uploads/';
+
+$files = glob($uploadDirectory . '*'); 
+foreach ($files as $file) {
+    if (is_file($file)) {
+        unlink($file); 
+    }
+}
+
+$backupFiles = glob($backupDirectory . '*');
+foreach ($backupFiles as $backupFile) {
+    if (is_file($backupFile)) {
+        $targetFile = $uploadDirectory . basename($backupFile);
+        copy($backupFile, $targetFile); 
+    }
+}
+
+$response['success'] = true;
+$response['message'] = $strings['reset'];
+echo json_encode($response);
+?>
diff --git a/app/lab/api-hacking/api-hacking1/api/upload.php b/app/lab/api-hacking/api-hacking1/api/upload.php
new file mode 100644
index 0000000..ef7d96c
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/upload.php
@@ -0,0 +1,50 @@
+<?php
+
+session_start();
+header("Content-Type: application/json");
+
+$response = array();
+
+$uploadDirectory = 'uploads/';
+
+// Check the user's identity.
+if (!isset($_SESSION['user_id'])) {
+    $response['success'] = false;
+    $response['message'] = $strings['authenticate'];
+    echo json_encode($response);
+    exit;
+}
+
+$userId = $_SESSION['user_id'];
+
+// Check the allowed file types.
+$allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
+if (!in_array($_FILES['image']['type'], $allowedTypes)) {
+    $response['success'] = false;
+    $response['message'] = $strings['invalidtype'] . implode(', ', $allowedTypes);
+    echo json_encode($response);
+    exit;
+}
+
+// Create the file name.
+$targetFile = $uploadDirectory . $userId . '_' . basename($_FILES['image']['name']);
+
+// Check if a file with the same name exists.
+if (file_exists($targetFile)) {
+    $response['success'] = false;
+    $response['message'] = $strings['samename'];
+    echo json_encode($response);
+    exit;
+}
+
+if (move_uploaded_file($_FILES['image']['tmp_name'], $targetFile)) {
+    $response['success'] = true;
+    $response['message'] = $strings['success1'];
+} else {
+    $response['success'] = false;
+    $response['message'] = $strings['uploaderr'];
+}
+
+echo json_encode($response);
+
+?>
\ No newline at end of file
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/1_delete_me.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/1_delete_me.jpg
new file mode 100644
index 0000000..a503e7f
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/1_delete_me.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/1_rick-and-morty-macbook-2880-x-1800-g3s43t1cye39jx5s.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/1_rick-and-morty-macbook-2880-x-1800-g3s43t1cye39jx5s.jpg
new file mode 100644
index 0000000..90386d4
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/1_rick-and-morty-macbook-2880-x-1800-g3s43t1cye39jx5s.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/1_rick-and-morty-sunglasses-pink-blue-wallpaper.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/1_rick-and-morty-sunglasses-pink-blue-wallpaper.jpg
new file mode 100644
index 0000000..e5cfe16
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/1_rick-and-morty-sunglasses-pink-blue-wallpaper.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/1_wp4945601.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/1_wp4945601.jpg
new file mode 100644
index 0000000..6a92e20
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/1_wp4945601.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/2_1458290-The-Last-of-Us-2-Naughty-Dog-Sony-Playstation-4K.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/2_1458290-The-Last-of-Us-2-Naughty-Dog-Sony-Playstation-4K.jpg
new file mode 100644
index 0000000..a94b40f
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/2_1458290-The-Last-of-Us-2-Naughty-Dog-Sony-Playstation-4K.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/2_1491251-The-Last-of-Us-2-video-games-PlayStation-4-screen.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/2_1491251-The-Last-of-Us-2-video-games-PlayStation-4-screen.jpg
new file mode 100644
index 0000000..133e2fa
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/2_1491251-The-Last-of-Us-2-video-games-PlayStation-4-screen.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/2_425331-The-Last-of-Us-2-video-games-artwork-post-apocalypse.png b/app/lab/api-hacking/api-hacking1/api/uploads/2_425331-The-Last-of-Us-2-video-games-artwork-post-apocalypse.png
new file mode 100644
index 0000000..ae60c2b
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/2_425331-The-Last-of-Us-2-video-games-artwork-post-apocalypse.png differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/3_544298.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/3_544298.jpg
new file mode 100644
index 0000000..6a8137f
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/3_544298.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/3_mr-robot-control-illusion-3t2s38ni80wrmasf.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/3_mr-robot-control-illusion-3t2s38ni80wrmasf.jpg
new file mode 100644
index 0000000..8bf89ed
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/3_mr-robot-control-illusion-3t2s38ni80wrmasf.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/3_mr-robot-mask-f-society-artwork-4k-on-2880x1800.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/3_mr-robot-mask-f-society-artwork-4k-on-2880x1800.jpg
new file mode 100644
index 0000000..3afc020
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/3_mr-robot-mask-f-society-artwork-4k-on-2880x1800.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/4_130672-lara-croft-tomb-raider-5k.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/4_130672-lara-croft-tomb-raider-5k.jpg
new file mode 100644
index 0000000..7a0bdb7
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/4_130672-lara-croft-tomb-raider-5k.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/4_b610a778f896dbcb966e0d6083db2460.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/4_b610a778f896dbcb966e0d6083db2460.jpg
new file mode 100644
index 0000000..0f6ac49
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/4_b610a778f896dbcb966e0d6083db2460.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/4_tomb-raider-dark-sea-hd-lt4fxkxaz442tu1s.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/4_tomb-raider-dark-sea-hd-lt4fxkxaz442tu1s.jpg
new file mode 100644
index 0000000..36ede13
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/4_tomb-raider-dark-sea-hd-lt4fxkxaz442tu1s.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/5_3105122.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/5_3105122.jpg
new file mode 100644
index 0000000..f8d0eec
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/5_3105122.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/5_d027bacc775eea447f19eb18b352c024.jpeg b/app/lab/api-hacking/api-hacking1/api/uploads/5_d027bacc775eea447f19eb18b352c024.jpeg
new file mode 100644
index 0000000..3d440b7
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/5_d027bacc775eea447f19eb18b352c024.jpeg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/uploads/5_wp10244267.jpg b/app/lab/api-hacking/api-hacking1/api/uploads/5_wp10244267.jpg
new file mode 100644
index 0000000..ddc59cd
Binary files /dev/null and b/app/lab/api-hacking/api-hacking1/api/uploads/5_wp10244267.jpg differ
diff --git a/app/lab/api-hacking/api-hacking1/api/users.json b/app/lab/api-hacking/api-hacking1/api/users.json
new file mode 100644
index 0000000..b38681e
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/users.json
@@ -0,0 +1,7 @@
+[
+    {"id":"1", "username":"admin", "password":"admin"},
+    {"id":"2","username":"user","password":"user"},
+    {"id":"3","username":"user2","password":"user2"},
+    {"id":"4","username":"user3","password":"user3"},
+    {"id":"5","username":"user4","password":"user4"}
+]
\ No newline at end of file
diff --git a/app/lab/api-hacking/api-hacking1/api/users.php b/app/lab/api-hacking/api-hacking1/api/users.php
new file mode 100644
index 0000000..8627c75
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/api/users.php
@@ -0,0 +1,34 @@
+<?php
+$userInfo = array(
+    'id' => '1',
+    'username' => 'admin',
+    'password' => 'admin'
+);
+$userInfo2 = array(
+    'id' => '2',
+    'username' => 'user',
+    'password' => 'user'
+);
+$userInfo = array(
+    'id' => '3',
+    'username' => 'user2',
+    'password' => 'user2'
+);
+$userInfo = array(
+    'id' => '4',
+    'username' => 'user3',
+    'password' => 'user3'
+);
+$userInfo = array(
+    'id' => '5',
+    'username' => 'user3',
+    'password' => 'user3'
+);
+
+$userData = array($userInfo);
+
+$jsonData = json_encode($userData);
+
+file_put_contents('users.json', $jsonData);
+
+?>
\ No newline at end of file
diff --git a/app/lab/api-hacking/api-hacking1/dashboard.php b/app/lab/api-hacking/api-hacking1/dashboard.php
new file mode 100644
index 0000000..c317c08
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/dashboard.php
@@ -0,0 +1,193 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+session_start();
+
+if (!isset($_SESSION['username'])) {
+    header('Location: index.php');
+    exit;
+}
+
+if (!isset($_SESSION['id'])) {
+    $usersFilePath = __DIR__ . '/api/users.json';
+
+    if (!file_exists($usersFilePath)) {
+        die();
+    }
+
+    $users = json_decode(file_get_contents($usersFilePath), true);
+
+    $loggedInUser = $_SESSION['username'];
+
+    foreach ($users as $user) {
+        if ($user['username'] === $loggedInUser) {
+            $_SESSION['user_id'] = $user['id'];
+            break;
+        }
+    }
+}
+
+
+?>
+
+<!DOCTYPE html>
+<html lang=<?php echo $strings['lang']; ?> >
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Hacking</title>
+    <!-- Bootstrap CSS -->
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
+</head>
+<body class="bg-light">
+    <div class="container mt-5">
+        <h1 class="mb-4"><?php echo $strings['labtitle']; ?> </h1>
+
+        <button type="button" class="btn btn-secondary mt-2" onclick="resetImages()"><?php echo $strings['resetlab'] ?></button>
+        <button type="button" class="btn btn-danger mt-2" onclick="logout()"><?php echo $strings['logout']; ?></button>
+
+
+        <!-- Image Upload Form -->
+        <form id="uploadForm" enctype="multipart/form-data" class="mb-4">
+            <div class="custom-file">
+                <input type="file" class="custom-file-input" id="image" name="image" accept="image/*" required>
+                <label class="custom-file-label" for="image"><?php echo $strings['chooseimage']; ?> </label>
+            </div>
+            <button type="button" class="btn btn-primary mt-2" onclick="submitForm()"><?php echo $strings['upload']; ?> </button>
+        </form>
+
+        <!-- Display uploaded images -->
+        <h2><?php echo $strings['wallpapers']; ?> </h2>
+        <div id="imageList" class="row d-flex align-items-center justify-content-center"></div>
+    </div>
+
+    <!-- Bootstrap JS ve Popper.js -->
+    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
+
+    <script>
+        // Fetch and display uploaded images using API
+        function fetchImages() {
+        fetch('api/get_images.php')
+            .then(response => response.json())
+            .then(data => {
+                const imageList = document.getElementById('imageList');
+                imageList.innerHTML = "";
+
+                data.forEach(image => {
+                    const col = document.createElement('div');
+                    col.className = 'col-md-4 mb-4 d-flex align-items-center justify-content-center';
+
+                    const card = document.createElement('div');
+                    card.className = 'card position-relative';
+
+                    const imgElement = document.createElement('img');
+                    imgElement.src = 'api/uploads/' + image;
+                    imgElement.alt = '<?php echo $strings['uploaded']; ?>';
+                    imgElement.className = 'card-img-top';
+
+                    const cardBody = document.createElement('div');
+                    cardBody.className = 'card-body text-center';
+
+                    const fileName = document.createElement('h5');
+                    fileName.className = 'card-title';
+                    fileName.textContent = image;
+
+                    const deleteButton = document.createElement('button');
+                    deleteButton.textContent = '<?php echo $strings['delete']; ?>';
+                    deleteButton.className = 'btn btn-danger position-absolute top-50 start-50 translate-middle';
+                    deleteButton.onclick = function () {
+                        deleteImage(image);
+                    };
+
+                    cardBody.appendChild(fileName);
+                    card.appendChild(imgElement);
+                    card.appendChild(cardBody);
+                    card.appendChild(deleteButton);
+                    col.appendChild(card);
+                    imageList.appendChild(col);
+                });
+            });
+        }
+
+        // Update file input label text
+        document.getElementById('image').addEventListener('change', function() {
+            const fileName = this.files[0].name;
+            const label = document.querySelector('.custom-file-label');
+            label.textContent = fileName;
+        });
+
+        // Handle form submission
+        function submitForm() {
+            const formData = new FormData(document.getElementById('uploadForm'));
+
+            fetch('api/upload.php', {
+                method: 'POST',
+                body: formData
+            })
+            .then(response => response.json())
+            .then(data => {
+                if (data.success) {
+                    alert("<?php echo $strings['success1']; ?>");
+                    fetchImages();
+                } else {
+                    alert("<?php echo $strings['uploaderr']; ?>");
+                }
+            })
+            .catch(error => console.error('Error:', error));
+        }
+
+        function deleteImage(image) {
+            fetch('api/delete_image.php?image=' + encodeURIComponent(image), {
+                method: 'DELETE'
+            })
+            .then(response => response.json())
+            .then(data => {
+                if (data.success) {
+                    alert("<?php echo $strings['success2']; ?>");
+                    fetchImages();
+                } else {
+                    alert("<?php echo $strings['deleteerr']; ?>");
+                }
+            })
+            .catch(error => console.error('Error:', error));
+        }
+
+        function resetImages() {
+            fetch('api/reset_images.php')
+                .then(response => response.json())
+                .then(data => {
+                    if (data.success) {
+                        alert('<?php echo $strings['reset']; ?>');
+                        fetchImages();
+                    }
+                })
+                .catch(error => console.error('Hata:', error));
+        }
+
+        function logout() {
+        fetch('api/logout.php')
+            .then(response => {
+                if (response.ok) {
+                    return response.json();
+                }
+            })
+            .then(data => {
+                if (data.success) {
+                    window.location.href = 'index.php'; 
+                } else {
+                    alert('<?php echo $strings['logouterr'] ?>');
+                }
+            })
+            .catch(error => console.error('Error:', error));
+    }
+
+
+        // Initial fetch to display uploaded images on page load
+        fetchImages();
+    </script>
+     <script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
diff --git a/app/lab/api-hacking/api-hacking1/en.ini b/app/lab/api-hacking/api-hacking1/en.ini
new file mode 100644
index 0000000..0211052
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/en.ini
@@ -0,0 +1,28 @@
+lang="en"
+title = "API Hacking"
+incorrect =  "Username or password is incorrect."
+requesterr = "An error occurred while processing your request."
+login = "Login"
+username = "Username:"
+password = "Password:"
+labtitle = "Wallpapers Dashboard"
+chooseimage = "Choose Image"
+upload = "Upload"
+wallpapers = "Wallpapers"
+uploaded = "Uploaded Image"
+delete = "Delete"
+success1 = "The upload process has been successfully completed."
+uploaderr = "An error occurred while uploading the file."
+success2 = "Image deleted successfully."
+deleteerr = "Error deleting the image."
+invalidtype = "Invalid file type. Allowed types are:"
+samename = "File with the same name already exists."
+authenticate = "User not authenticated."
+requestmethod = "Invalid request method."
+reset = "The images have been successfully reset."
+resetlab = "Reset Lab"
+allwallpapers = "All Wallpapers" 
+filename = "File Name: "
+logouterr = "Çıkış yapılamadı. Tekrar deneyiniz."
+backtologin = "Back to Login Page"
+logout = "Log Out"
diff --git a/app/lab/api-hacking/api-hacking1/fr.ini b/app/lab/api-hacking/api-hacking1/fr.ini
new file mode 100644
index 0000000..c44d310
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/fr.ini
@@ -0,0 +1,28 @@
+lang="fr"
+title = "Violation de l'API"
+incorrect =  "Nom d'utilisateur ou mot de passe incorrect."
+requesterr = "Une erreur s'est produite lors du traitement de votre demande."
+login = "Connexion"
+username = "Nom d'utilisateur:"
+password = "Mot de passe:"
+labtitle = "Tableau de bord des fonds d'écran"
+chooseimage = "Sélectionner une image"
+upload = "Téléverser"
+wallpapers = "Fonds d'écran"
+uploaded = "Image téléchargée"
+delete = "Supprimer"
+success1 = "Le processus de téléchargement a été terminé avec succès."
+uploaderr = "Une erreur s'est produite lors du téléchargement du fichier."
+success2 = "Image supprimée avec succès."
+deleteerr = "Erreur lors de la suppression de l'image."
+invalidtype = "Invalide type de fichier. Les types autorisés sont :"
+samename = "Un fichier du même nom existe déjà."
+authenticate = "Utilisateur non authentifié."
+requestmethod = "Méthode de requête invalide."
+reset = "Les images ont été réinitialisées avec succès."
+resetlab = "Le aboratoire a été réinitialisé."
+allwallpapers = "Tous les fonds d'écran"
+filename = "Nom de fichier: "
+logouterr = "La déconnexion a échoué. Veuillez réessayer."
+backtologin = "Retour à la page de connexion."
+logout = "Se déconnecter" 
diff --git a/app/lab/api-hacking/api-hacking1/index.php b/app/lab/api-hacking/api-hacking1/index.php
new file mode 100644
index 0000000..e049694
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/index.php
@@ -0,0 +1,105 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+session_start();
+
+// Read users json
+$usersData = file_get_contents('api/users.json');
+$users = json_decode($usersData, true);
+
+// Username and Password Check
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+
+$foundUser = null;
+foreach ($users as $user) {
+    if ($user['username'] === $username && $user['password'] === $password) {
+        $foundUser = $user;
+        break;
+    }
+}
+if ($foundUser) {
+    
+    $_SESSION['username'] = $foundUser['username'];
+    header('Location: dashboard.php');
+    exit;
+} else {
+    $errorMessage = $strings['incorrect'];
+}
+}
+?>
+
+<!DOCTYPE html>
+<html lang="<?= $strings['lang']; ?>">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Hacking</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+    <script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>
+
+<script>
+    $(document).ready(function() {
+        $('#loginForm').submit(function(e) {
+            e.preventDefault();
+            $.ajax({
+                type: 'POST',
+                url: 'api.php',
+                contentType: 'application/json',
+                dataType: 'json',
+                data: JSON.stringify({ action: 'login', id: $('#username').val(), password: $('#password').val() }),
+                success: function(response) {
+                    alert(response.error || response.message);
+                    if (response.success) {
+                        window.location.href = 'dashboard.php';
+                    }
+                },
+                error: function() {
+                    alert($strings['requesterr']);
+                }
+            });
+        });
+    });
+</script>
+
+</head>
+<body>
+
+<div class="container mt-5">
+    <div class="col-md-6 offset-md-3">
+        <div class="card">
+            <div class="card-body">
+                <h2 class="card-title text-center"><?php echo($strings['login']); ?></h2>
+                <?php if (isset($errorMessage)) { ?>
+                    <div class="mb-3 text-center text-danger"><?= $errorMessage ?></div>
+                <?php } ?>
+                <form action="#" method="post">
+                    <div class="mb-3">
+                        <label for="username" class="form-label"><?php echo($strings['username']); ?></label>
+                        <input type="text" class="form-control" id="username" name="username" required>
+                    </div>
+                    <div class="mb-3">
+                        <label for="password" class="form-label"><?php echo $strings['password']; ?></label>
+                        <input type="password" class="form-control" id="password" name="password" required>
+                    </div>
+                    <div class="mb-3 text-center">
+                        <button type="submit" class="btn btn-primary"><?php echo $strings['login']; ?></button>
+                        <a href="api/all_wallpapers.php" class="btn btn-secondary"><?php echo $strings['allwallpapers']; ?></a>
+                    </div>
+                    <div class="mb-3 text-center">
+                        <h4><?php echo $strings['username']; ?> user</h4>
+                        <h4><?php echo $strings['password']; ?> user</h4>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Bootstrap JS and Popper.js (required for Bootstrap JavaScript plugins) -->
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+<script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
diff --git a/app/lab/api-hacking/api-hacking1/tr.ini b/app/lab/api-hacking/api-hacking1/tr.ini
new file mode 100644
index 0000000..175be2c
--- /dev/null
+++ b/app/lab/api-hacking/api-hacking1/tr.ini
@@ -0,0 +1,28 @@
+lang="tr"
+title = "API Saldırısı"
+incorrect =  "Kullanıcı adı veya şifre yanlış."
+requesterr = "İsteğiniz işlenirken bir hata oluştu."
+login = "Giriş Yap"
+username = "Kullanıcı Adı:"
+password = "Şifre:"
+labtitle = "Duvar Kağıtları Paneli"
+chooseimage = "Resim Seç"
+upload = "Yükle"
+wallpapers = "Duvar Kağıtları"
+uploaded = "Yüklenen Resimler"
+delete = "Sil"
+success1 = "Yükleme işlemi başarıyla tamamlandı."
+uploaderr = "Dosya yüklenirken bir hata oluştu."
+success2 = "Resim başarıyla silindi."
+deleteerr = "Resim silinemedi."
+invalidtype = "Geçersiz dosya türü. İzin verilen türler:"
+samename = "Aynı isimde dosya zaten mevcut."
+authenticate = "Kullanıcı kimliği doğrulanmadı."
+requestmethod = "Geçersiz istek yöntemi."
+reset = "Resimler başarıyla sıfırlandı."
+resetlab = "Laboratuvarı sıfırla"
+allwallpapers = "Tüm Duvar Kağıtları"
+filename = "Dosya Adı: "
+logouterr = "Çıkış yapılamadı. Tekrar deneyiniz."
+backtologin = "Giriş Yap Sayfasına Dön"
+logout = "Çıkış Yap"
diff --git a/app/lab/captcha-bypass/bypass1/captcha.png b/app/lab/captcha-bypass/bypass1/captcha.png
new file mode 100644
index 0000000..a9978ae
Binary files /dev/null and b/app/lab/captcha-bypass/bypass1/captcha.png differ
diff --git a/app/lab/captcha-bypass/bypass1/comment.db b/app/lab/captcha-bypass/bypass1/comment.db
new file mode 100644
index 0000000..54da722
Binary files /dev/null and b/app/lab/captcha-bypass/bypass1/comment.db differ
diff --git a/app/lab/captcha-bypass/bypass1/en.ini b/app/lab/captcha-bypass/bypass1/en.ini
new file mode 100644
index 0000000..7cb2952
--- /dev/null
+++ b/app/lab/captcha-bypass/bypass1/en.ini
@@ -0,0 +1,12 @@
+title="Captcha-ByPass"
+text="Captcha Verification"
+finish="Captcha verification successful, note added."
+notfinish="Captcha verification failed, note not added."
+comment="Enter your comment:"
+herecomment="Write your comment here"
+comment1="Think Simple :)"
+comment2="Take advantage of Source Codes!"
+captcha="Enter the captcha"
+button="Confirm"
+comments="Comments"
+reset="Reset Table"
diff --git a/app/lab/captcha-bypass/bypass1/fr.ini b/app/lab/captcha-bypass/bypass1/fr.ini
new file mode 100644
index 0000000..a57fa79
--- /dev/null
+++ b/app/lab/captcha-bypass/bypass1/fr.ini
@@ -0,0 +1,12 @@
+title="Captcha-ByPass"
+text="Vérification de captcha"
+finish="Vérification Captcha réussie, note ajoutée."
+notfinish="Vérification Captcha réussie, note non ajoutée"
+comment="Entrez votre commentaire :"
+herecomment="Ecrivez votre commentaire ici"
+comment1="Pensez simple :)"
+comment2="Profitez des codes sources !"
+captcha="Entrez le captcha"
+button="Confirmer"
+comments="Commentaires"
+reset="Réinitialiser le tableau"
\ No newline at end of file
diff --git a/app/lab/captcha-bypass/bypass1/index.php b/app/lab/captcha-bypass/bypass1/index.php
new file mode 100644
index 0000000..e06891b
--- /dev/null
+++ b/app/lab/captcha-bypass/bypass1/index.php
@@ -0,0 +1,270 @@
+<?php
+session_start();
+require("../../../lang/lang.php");
+$strings = tr();
+
+
+$db = new PDO('sqlite:comment.db');
+
+$stmt1 = $db->prepare("SELECT id FROM comments WHERE id IN (1, 2)");
+$stmt1->execute();
+$selected_ids = $stmt1->fetchAll(PDO::FETCH_COLUMN);
+
+
+if (count($selected_ids) != 2) {
+
+
+    $stmt2 = $db->prepare("INSERT INTO comments (id, comment) VALUES (:id, :comment)");
+
+
+    $comments = [$strings['comment1'], $strings['comment2']];
+    $ids = [1, 2];
+    foreach ($comments as $index => $comment) {
+        $stmt2->bindParam(':id', $ids[$index]);
+        $stmt2->bindParam(':comment', $comment);
+        $stmt2->execute();
+    }
+}
+
+$results = $db->prepare("SELECT comment FROM comments");
+$results->execute();
+
+
+
+
+function generateCaptcha($width, $height, $length = 6)
+{
+
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    $charactersLength = strlen($characters);
+    $captcha = '';
+    $image = imagecreatetruecolor($width, $height);
+
+
+    $bgColor = imagecolorallocate($image, rand(200, 255), rand(200, 255), rand(200, 255));
+    imagefill($image, 0, 0, $bgColor);
+
+    for ($i = 0; $i < 500; $i++) {
+        $pointColor = imagecolorallocate($image, rand(0, 255), rand(0, 255), rand(0, 255));
+        imagesetpixel($image, rand(0, $width), rand(0, $height), $pointColor);
+    }
+
+
+    for ($i = 0; $i < 10; $i++) {
+        $lineColor = imagecolorallocate($image, rand(0, 255), rand(0, 255), rand(0, 255));
+        imageline($image, rand(0, $width), rand(0, $height), rand(0, $width), rand(0, $height), $lineColor);
+    }
+
+
+    for ($i = 0; $i < $length; $i++) {
+        $char = $characters[rand(0, $charactersLength - 1)];
+        $captcha .= $char;
+        $textColor = imagecolorallocate($image, rand(0, 150), rand(0, 150), rand(0, 150));
+        imagestring($image, 5, 30 * $i + 10, rand(10, 20), $char, $textColor);
+    }
+
+
+    $imagePath = 'captcha.png';
+    imagepng($image, $imagePath);
+    imagedestroy($image);
+
+    return array('captcha' => $captcha, 'imagePath' => $imagePath);
+}
+
+
+$captchaData = generateCaptcha(200, 50);
+$captchaValue = $captchaData['captcha'];
+$captchaImagePath = $captchaData['imagePath'];
+
+if (!isset($_SESSION['captchas'])) {
+    $_SESSION['captchas'] = array();
+}
+
+if (!isset($_SESSION['input'])) {
+    $_SESSION['input'] = false;
+}
+
+
+
+array_push($_SESSION['captchas'], $captchaValue);
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    $submitted_captcha = $_POST['captcha'];
+    $_SESSION['input'] = true;
+
+    if (in_array($submitted_captcha, $_SESSION['captchas'])) {
+        $comment = $_POST['user_comment'];
+        $stmt = $db->prepare("INSERT INTO comments (comment) VALUES (:comment)");
+        $stmt->bindParam(':comment', $comment);
+        $stmt->execute();
+
+        header("location:/lab/captcha-bypass/bypass1/index.php?success=1");
+        exit();
+    } else {
+        header("location:/lab/captcha-bypass/bypass1/index.php?error=1");
+        exit();
+    }
+}
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?php echo "Captcha Bypass"; ?></title>
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
+    <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap" rel="stylesheet">
+
+    <style>
+        body {
+            font-family: 'Roboto', sans-serif;
+            background-color: #f8f9fa;
+        }
+
+        .container {
+            margin-top: 50px;
+        }
+
+        .form-container {
+            background-color: #fff;
+            padding: 30px;
+            border-radius: 10px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+        }
+
+        .form-title {
+            text-align: center;
+            margin-bottom: 30px;
+        }
+
+        .form-group label {
+            font-weight: bold;
+        }
+
+        .captcha-container {
+            text-align: center;
+            margin-top: 20px;
+        }
+
+        .captcha-image {
+            margin-bottom: 10px;
+        }
+
+        .table-container {
+            margin-top: 50px;
+        }
+
+        .table {
+            background-color: #fff;
+            border-radius: 10px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+        }
+
+        .table th,
+        .table td {
+            border: none;
+            padding: 12px 15px;
+            text-align: left;
+        }
+
+        .table th {
+            background-color: #007bff;
+            color: #fff;
+        }
+
+        .table tbody tr:nth-child(even) {
+            background-color: #f2f2f2;
+        }
+
+        .btn-submit {
+            background-color: #007bff;
+            border-color: #007bff;
+        }
+
+        .btn-submit:hover {
+            background-color: #0056b3;
+            border-color: #0056b3;
+        }
+
+        .alert {
+            border-radius: 10px;
+        }
+
+        .alert-danger {
+            background-color: #f8d7da;
+            border-color: #f5c6cb;
+            color: #721c24;
+        }
+
+        .alert-success {
+            background-color: #d4edda;
+            border-color: #c3e6cb;
+            color: #155724;
+        }
+    </style>
+
+</head>
+
+<body>
+    <div class="container">
+        <div class="row justify-content-center">
+            <div class="col-md-6 form-container">
+                <h2 class="form-title"><?php echo $strings['text']; ?></h2>
+                <?php if ($_GET["error"] == 1 && $_SESSION["input"]) : ?>
+                    <div class='alert alert-danger text-center' role='alert'>
+                        <strong><?php echo $strings['notfinish']; ?></strong>
+                        <?php $_SESSION['input'] = false; ?>
+                    </div>
+                <?php elseif ($_GET["success"] == 1 && $_SESSION["input"]) : ?>
+                    <div class='alert alert-success text-center' role='alert'>
+                        <strong><?php echo $strings['finish']; ?></strong>
+                        <?php $_SESSION['input'] = false; ?>
+                    </div>
+                <?php endif; ?>
+                <form method="post" action="index.php" class="post">
+                    <div class="form-group">
+                        <label for="user_comment"><?php echo $strings['comment']; ?></label>
+                        <textarea class="form-control" id="user_comment" name="user_comment" rows="4" placeholder="<?php echo $strings['herecomment']; ?>"></textarea>
+                    </div>
+                    <div class="captcha-container">
+                        <img src="<?= $captchaImagePath ?>" alt="Captcha Resmi" class="captcha-image"><br>
+                        <input placeholder="<?php echo $strings['captcha']; ?>" type="text" class="form-control" id="captcha" name="captcha" required>
+                    </div>
+                    <button type="submit" class="btn btn-primary btn-lg btn-block mt-3 btn-submit"><?php echo $strings['button']; ?></button>
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <div class="container table-container">
+        <form method="post" action="reset_table.php" style="margin-bottom: 8px">
+            <button type="submit" class="btn btn-danger"><?php echo $strings['reset']; ?></button>
+        </form>
+        <table class='table'>
+            <thead>
+                <tr>
+                    <th>#</th>
+                    <th><?php echo $strings['comments']; ?></th>
+                </tr>
+            </thead>
+            <tbody>
+                <?php foreach ($results as $index => $comment) : ?>
+                    <tr>
+                        <td><?= $index + 1 ?></td>
+                        <td><?= htmlspecialchars($comment['comment']) ?></td>
+                    </tr>
+                <?php endforeach; ?>
+            </tbody>
+        </table>
+
+    </div>
+
+</body>
+
+</html>
+
+
+<script id="VLBar" title="<?= $strings["title"]; ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
\ No newline at end of file
diff --git a/app/lab/captcha-bypass/bypass1/reset_table.php b/app/lab/captcha-bypass/bypass1/reset_table.php
new file mode 100644
index 0000000..84c94ea
--- /dev/null
+++ b/app/lab/captcha-bypass/bypass1/reset_table.php
@@ -0,0 +1,12 @@
+<?php
+// Veritabanı bağlantısı
+$db = new PDO('sqlite:comment.db');
+
+// 1 ve 2 ID'ye sahip comment'lar hariç tüm comment'ları sil
+$stmt = $db->prepare("DELETE FROM comments ");
+$stmt->execute();
+
+// Ana sayfaya yönlendirme
+header("Location: /lab/captcha-bypass/bypass1/index.php");
+exit();
+?>
diff --git a/app/lab/captcha-bypass/bypass1/tr.ini b/app/lab/captcha-bypass/bypass1/tr.ini
new file mode 100644
index 0000000..0646a1b
--- /dev/null
+++ b/app/lab/captcha-bypass/bypass1/tr.ini
@@ -0,0 +1,12 @@
+title="Captcha-ByPass"
+text="Captcha Doğrulama"
+finish="Captcha Doğrulama Başarılı,Not Eklendi."
+notfinish="Captcha Bypass Başarısız,Not Eklenemedi."
+comment="Yorumunuzu giriniz"
+herecomment="Yorumunuzu buraya yazınız"
+comment1="Basit Düşün:)"
+comment2="Kaynak Kodlardan yararlan!"
+captcha="Captchayı giriniz"
+button="Doğrula"
+comments="Yorumlar"
+reset="Tabloyu sıfırla"
\ No newline at end of file
diff --git a/app/lab/race-condition/race-condition1/database.db b/app/lab/race-condition/race-condition1/database.db
index 319ad1b..96a46fa 100644
Binary files a/app/lab/race-condition/race-condition1/database.db and b/app/lab/race-condition/race-condition1/database.db differ
diff --git a/app/lab/race-condition/race-condition2/index.php b/app/lab/race-condition/race-condition2/index.php
index fd8ae37..0fb9550 100644
--- a/app/lab/race-condition/race-condition2/index.php
+++ b/app/lab/race-condition/race-condition2/index.php
@@ -3,47 +3,48 @@
 require("../../../lang/lang.php");
 $strings = tr();
 
-session_start(); // Oturumu başlat
+session_start();
 
-// Sepet işlemleri
+
+// Cart operations
 if (!isset($_SESSION['cart'])) {
     $_SESSION['cart'] = [];
 }
 
-// Ürünlerin eklendiği form gönderildiğinde
+// When the form in which the products are added is submitted
 if (isset($_POST['add_to_cart'])) {
     $product_price = $_POST['product'];
-    // Sepet durumunu al
+    // Get cart status
     $cart = $_SESSION['cart'];
-    // Yeni ürünü sepete ekle
+    // Add new product to the cart
     $cart[] = $product_price;
-    // Sepet durumunu güncelle
+    // Update cart status
     $_SESSION['cart'] = $cart;
 }
 
-// İndirim kodu işlemleri
+// Discount code operations
 if (isset($_POST['apply_discount'])) {
     $coupon_code = $_POST['coupon_code'];
 
-    // İndirim kodu kullanılmadıysa ve doğru indirim kodu girildiyse
+    // If discount code is not used and correct discount code is entered
     if (!isset($_SESSION['discount_applied']) && $coupon_code === "sbrvtn50") {
-        // Oturumu kilitle
+        // Lock the session
         session_write_close();
 
-        // Kısa bir süre bekletme 
+        // Wait for a short time
         sleep(3);
 
-        // Tekrar oturumu başlat
+        // Start the session again
         session_start();
 
-        // Sepetin toplam tutarını sakla
+        // Store the total amount of the cart
         $_SESSION['old_total'] = isset($_SESSION['old_total']) ? $_SESSION['old_total'] : array_sum($_SESSION['cart']);
 
-        // Toplam tutar 50 TL'den büyük veya eşitse, indirimi uygula
+        // Apply the discount if the total amount is greater than or equal to 50
         if ($_SESSION['old_total'] >= 50) {
-            $_SESSION['cart'][] = -50; // Sepete indirim olarak ekle
-            $_SESSION['discount_applied'] = true; // İndirim uygulandı işareti
-            $_SESSION['discount_amount'] = 50; // Uygulanan indirim miktarını sakla
+            $_SESSION['cart'][] = -50; // Add discount to the cart
+            $_SESSION['discount_applied'] = true; // Mark discount as applied
+            $_SESSION['discount_amount'] = 50; // Store the applied discount amount
             echo "<script>alert('" . $strings['successful'] . "')</script>";
 
         } else {
@@ -55,24 +56,24 @@
 }
 
 
-// İndirim kodu temizleme işlemi
+// Clear discount code operation
 if (isset($_POST['clear_discount'])) {
     unset($_SESSION['discount_applied']);
     $discount_amount = isset($_SESSION['discount_amount']) ? $_SESSION['discount_amount'] : 0;
-    // Sepetten indirim miktarını çıkararak eski toplamı geri getir
+    // Remove discount amount from the cart to restore the old total
     if ($discount_amount > 0) {
         $cart_index = array_search(-$discount_amount, $_SESSION['cart']);
         if ($cart_index !== false) {
             unset($_SESSION['cart'][$cart_index]);
         }
     }
-    unset($_SESSION['discount_amount']); // İndirim miktarını temizle
-    unset($_SESSION['old_total']); // Önceki toplamı temizle
+    unset($_SESSION['discount_amount']); // Clear discount amount
+    unset($_SESSION['old_total']); // Clear old total
 }
 
-// Sepeti temizleme işlemi
+// Clear cart operation
 if (isset($_POST['clear_cart'])) {
-    $_SESSION['cart'] = []; // Sepeti boşalt
+    $_SESSION['cart'] = []; // Empty the cart
 }
 
 ?>
@@ -146,7 +147,7 @@
             margin-top: 20px;
         }
 
-        /* İndirim Yazısı Stili */
+        
         .discount-message {
             margin-top: 10px;
             text-align: center;
@@ -155,14 +156,15 @@
     </style>
 </head>
 <body>
-    <!-- Bilgilendirme Mesajı -->
+   
     <div class="info-bar">
     <?php echo $strings['text']; ?>
     </div>
 
     <div class="container">
     <h2><?php echo $strings['information']; ?></h2>
-        <!-- Ürünler -->
+        <!-- Products -->
+
         <div class="product">
         <h3><?php echo $strings['product1']; ?></h3>
             <form method="post">
@@ -197,7 +199,7 @@
             </form>
         </div>
 
-        <!-- İndirim Kodu -->
+       <!-- Discount Code -->
         <div class="discount-code">
             <form method="post">
                 <label for="coupon_code" ><?php echo $strings['code']; ?>:</label>
@@ -208,21 +210,21 @@
             </form>
         </div>
 
-        <!-- İndirim Bilgisi ve Toplam -->
+       <!-- Discount Information and Total -->
         <div class="discount-info">
             <?php
-            sleep(2);
+            
             if (isset($_SESSION['discount_applied']) && $_SESSION['discount_applied']) {
                 echo "<p>" . $strings['discount'] . "{$_SESSION['discount_amount']}" . $strings['unit'] . " </p>";
             } elseif (isset($_SESSION['old_total'])) {
                 echo "<p>" . $strings['oldamount'] .  "{$_SESSION['old_total']} ". $strings['unit']." </p>";
             }
             
-            // Toplam tutarı hesapla ve göster
+           // Calculate and display the total amount
             $total = array_sum(array_filter($_SESSION['cart'], 'is_numeric')); 
             echo "<p> ". $strings['total'] . "$total " . $strings['unit'] . "</p>";
             ?>
-            <!-- İndirim Kodu Mesajı -->
+            <!-- Discount Code Message -->
             <?php if (isset($_SESSION['discount_applied']) && $_SESSION['discount_applied'] && $_SESSION['discount_amount'] == 50) : ?>
                 <p class="discount-message"><?php echo $strings['message']; ?></p>
             <?php endif; ?>
diff --git a/app/lab/xss/basic-stored/database.db b/app/lab/xss/basic-stored/database.db
index 85591c4..f0b8678 100644
Binary files a/app/lab/xss/basic-stored/database.db and b/app/lab/xss/basic-stored/database.db differ
diff --git a/app/lab/xss/news/hackernews.db b/app/lab/xss/news/hackernews.db
index eefdf80..5ef464f 100644
Binary files a/app/lab/xss/news/hackernews.db and b/app/lab/xss/news/hackernews.db differ
diff --git a/app/main.json b/app/main.json
index 5fc1b91..b55f343 100644
--- a/app/main.json
+++ b/app/main.json
@@ -1035,5 +1035,121 @@
             }
             
         ]
+    },
+    {
+        "id": 13,
+        "title": {
+            "en": "API Hacking",
+            "tr": "API Saldırısı",
+<<<<<<< HEAD
+            "fr": "Violation de l'API",
+            "ar": ""
+        },
+        "description": {
+            "en": "API hacking is a type of attack where malicious individuals or hackers attempt to gain unauthorized access to applications or systems through an API.",
+            "tr": "API saldırısı, kötü niyetli kişilerin veya hacker'ların, bir API üzerinden uygulama veya sistemlere yetkisiz erişim elde etmeye çalıştığı bir saldırı türüdür.",
+            "fr": "L'API hacking est un type d'attaque où des individus malveillants ou des pirates informatiques tentent d'obtenir un accès non autorisé à des applications ou des systèmes via une API.",
+=======
+            "fr": "API Hacking", 
+            "ar": ""
+        },
+        "description": {
+            "en": "API hacking is the act of exploiting vulnerabilities in an application or web deployment API by using it for malicious purposes. Such attacks can result in unauthorized access, leaking data at sensitive intervals, or denial of service.",
+            "tr": "API hacking, bir uygulamanın veya web sitesinin API'sini kötü niyetli amaçlarla kullanarak güvenlik açıklarını sömürme eylemidir. Bu tür saldırılar, yetkisiz erişim elde etmek, hassas verilere erişmek, veri sızdırmak veya hizmeti engellemek gibi sonuçlar doğurabilir.",
+            "fr": "Le piratage d'API consiste à exploiter les vulnérabilités d'une application ou d'une API de déploiement Web en l'utilisant à des fins malveillantes. De telles attaques peuvent entraîner un accès non autorisé, une fuite de données à des intervalles sensibles ou un déni de service.",
+>>>>>>> bab6308f19302d31407a97fe2766786a6ea75ec8
+            "ar": ""
+        },
+        "imgURL": "public/assets/img/vulns/api.png",
+        "labs": [
+            {
+                "id": 1,
+                "title": {
+<<<<<<< HEAD
+                    "en": "API Documentation",
+                    "tr": "API Belgeleri",
+                    "fr": "Documentation de l'API",
+                    "ar": ""
+                },
+                "description": {
+                    "en": "Using the ID of the admin user, delete the \"delete_me.jpg\" file.",
+                    "tr": "Admin kullanıcısının id bilgisini kullanarak \"delete_me.jpg\" dosyasını siliniz.",
+                    "fr": "Supprimez le fichier \"delete_me.jpg\" en utilisant l'identifiant de l'utilisateur administrateur.",
+                    "ar": ""
+                },
+                "url": "/lab/api-hacking/api-hacking1/",
+                "vulnID": 13
+            },
+            {
+                "id": 2,
+                "title": {
+                    "en": "API Hacking with IDOR 2",
+                    "tr": "IDOR ile API Hacking 2",
+                    "fr":  "Piratage d'API avec IDOR 2",
+                    "ar": ""
+                },
+                "description": {
+                    "en": "Manipulate the API to modify articles of different users.",
+                    "tr": "API'yi manipüle ederek farklı kullanıcıların makalelerini değiştiriniz.",
+                    "fr": "Manipulez l'API pour modifier les articles d'autres utilisateurs.",
+                    "ar": ""
+                },
+                "url": "/lab/api-hacking/API-HACKING2/",
+                "vulnID": 13
+            }
+        ]
+    },
+    {
+        "id": 14,
+        "title": {
+            "en": "Captcha Bypass",
+            "tr": "Captcha Bypass",
+            "fr": "Captcha Bypass",
+            "ar": ""
+        },
+        "description": {
+            "en": "CAPTCHA bypass methods are techniques developed to circumvent security measures on websites. These methods typically aim to exploit computer programming and artificial intelligence techniques to allow non-human automated bots to solve or bypass CAPTCHA challenges. This facilitates activities such as spam submissions, account creation bots, and other automated malicious activities. However, such methods are considered unethical and illegal, and are constantly monitored by website owners for detection and mitigation.",
+            "tr": "CAPTCHA bypass, web sitelerindeki güvenlik önlemlerini aşmak amacıyla geliştirilen yöntemlerdir. Bu yöntemler, genellikle bilgisayar programlama ve yapay zeka tekniklerinin karmaşık kombinasyonlarını kullanarak, insan olmayan otomatik botların CAPTCHA'yı çözmesini veya geçmesini sağlar. Bu sayede, spam gönderimleri, hesap oluşturma botları ve diğer otomatik kötü niyetli faaliyetlerin gerçekleştirilmesi amaçlanır. Ancak, bu tür yöntemler etik dışı ve yasa dışı kabul edilir ve web sitesi sahipleri tarafından tespit edilerek önlem alınması için sürekli olarak izlenirler.",
+            "fr": "Les méthodes de contournement de CAPTCHA sont des techniques développées pour contourner les mesures de sécurité sur les sites Web. Ces méthodes visent généralement à exploiter la programmation informatique et les techniques d'intelligence artificielle pour permettre aux robots automatisés non humains de résoudre ou de contourner les défis CAPTCHA. Cela facilite des activités telles que les soumissions de spam, les robots de création de compte et d'autres activités malveillantes automatisées. Cependant, de telles méthodes sont considérées comme contraires à l'éthique et illégales, et sont constamment surveillées par les propriétaires de sites Web pour la détection et l'atténuation.",
+            "ar": ""
+        },
+        "imgURL": "public/assets/img/vulns/captcha.png",
+        "labs": [
+            {
+                "id": 1,
+                "title": {
+                    "en": "Captcha Bypass",
+                    "tr": "Captcha Bypass",
+                    "fr": "Captcha Bypass",
+                    "ar": ""
+                },
+                "description": {
+                    "en": "Get rid of CAPTCHA with the help of ROBOTS! Remember, CAPTCHA is constantly being refreshed.",
+                    "tr": "ROBOTlardan yardım alarak Captchadan kurtulun! Unutmayın, captcha sürekli yenileniyor:)",
+                    "fr": "Débarrassez-vous de CAPTCHA avec l'aide des ROBOTS! N'oubliez pas, CAPTCHA est constamment rafraîchi.",
+                    "ar": ""
+                },
+                "url": "/lab/captcha-bypass/bypass1",
+                "vulnID": 14
+            }
+        ]
+=======
+                    "en": "Running Scripts with API Hacking",
+                    "tr": "API Hacking ile Script Çalıştırma",
+                    "fr": "Exécuter des scripts avec le piratage d'API",
+                    "ar": ""
+                    
+                },
+                "description": {
+                    "en": "Find a way to suppress the 1 per page warning.",
+                    "tr": "Sayfada 1 uyarısı bastırmanın bir yolunu bulunuz.",
+                    "fr": "Trouvez un moyen de supprimer l’avertissement 1 par page.",
+                    "ar": ""
+                },
+                "url": "/lab/api-hacking/api-hacking/",
+                "vulnID": 13
+            }
+        ]
+>>>>>>> bab6308f19302d31407a97fe2766786a6ea75ec8
     }
 ]
\ No newline at end of file
diff --git a/app/public/assets/img/vulns/api.png b/app/public/assets/img/vulns/api.png
new file mode 100644
index 0000000..c50adf0
Binary files /dev/null and b/app/public/assets/img/vulns/api.png differ
diff --git a/app/public/assets/img/vulns/captcha.png b/app/public/assets/img/vulns/captcha.png
new file mode 100644
index 0000000..3b99828
Binary files /dev/null and b/app/public/assets/img/vulns/captcha.png differ
diff --git a/app/resources.json b/app/resources.json
index 577db00..b5337d3 100644
--- a/app/resources.json
+++ b/app/resources.json
@@ -103,5 +103,22 @@
         "res": {
             "1": "https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection"
         }
+    },
+<<<<<<< HEAD
+=======
+
+>>>>>>> bab6308f19302d31407a97fe2766786a6ea75ec8
+    {
+        "id": "13",
+        "lab": "API Hacking",
+        "res": {
+<<<<<<< HEAD
+            "1": "https://portswigger.net/web-security/api-testing",
+            "2": "https://iaraoz.medium.com/hacking-apis-building-the-lab-0448e817a5a8",
+            "3": "https://owasp.org/www-project-api-security/"
+=======
+            "1": "https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/web-api-pentesting"
+>>>>>>> bab6308f19302d31407a97fe2766786a6ea75ec8
+        }
     }
-]
\ No newline at end of file
+] 
\ No newline at end of file