diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -1,6 +1,4 @@
-# --- START OF FILE app (8).py ---
-
-from flask import Flask, render_template_string, request, redirect, url_for, session, flash, send_file, jsonify
+from flask import Flask, render_template_string, request, redirect, url_for, session, flash, send_file, jsonify, send_from_directory
 from flask_caching import Cache
 import json
 import os
@@ -13,19 +11,18 @@ from werkzeug.utils import secure_filename
 import requests
 from io import BytesIO
 import uuid
-import os.path
+import mimetypes
 
 app = Flask(__name__)
 app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey")
 DATA_FILE = 'cloudeng_data.json'
-REPO_ID = "Eluza133/Z1e1u"
+REPO_ID = os.getenv("HF_REPO_ID", "Eluza133/Z1e1u")
 HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
 HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") or HF_TOKEN_WRITE
 
 cache = Cache(app, config={'CACHE_TYPE': 'simple'})
 logging.basicConfig(level=logging.INFO)
 
-@cache.memoize(timeout=300)
 def load_data():
     try:
         download_db_from_hf()
@@ -33,14 +30,23 @@ def load_data():
             data = json.load(file)
             if not isinstance(data, dict):
                 logging.warning("Data is not in dict format, initializing empty database")
-                return {'users': {}, 'files': {}}
+                return {'users': {}}
             data.setdefault('users', {})
-            data.setdefault('files', {})
+            # Ensure each user has a root folder structure
+            for user_data in data['users'].values():
+                 if 'root' not in user_data or not isinstance(user_data['root'], dict) or user_data['root'].get('_type') != 'folder':
+                      user_data['root'] = {'_type': 'folder', 'items': {}}
             logging.info("Data successfully loaded")
             return data
+    except FileNotFoundError:
+        logging.info(f"{DATA_FILE} not found, creating new database.")
+        return {'users': {}}
+    except json.JSONDecodeError:
+         logging.error(f"Error decoding JSON from {DATA_FILE}. Initializing empty database.")
+         return {'users': {}}
     except Exception as e:
         logging.error(f"Error loading data: {e}")
-        return {'users': {}, 'files': {}}
+        return {'users': {}}
 
 def save_data(data):
     try:
@@ -55,7 +61,7 @@ def save_data(data):
 
 def upload_db_to_hf():
     if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN_WRITE not set. Skipping database upload.")
+        logging.warning("HF_TOKEN_WRITE is not set. Skipping database upload.")
         return
     try:
         api = HfApi()
@@ -72,12 +78,6 @@ def upload_db_to_hf():
         logging.error(f"Error uploading database: {e}")
 
 def download_db_from_hf():
-    if not HF_TOKEN_READ:
-        logging.warning("HF_TOKEN_READ not set. Cannot download database.")
-        if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                json.dump({'users': {}, 'files': {}}, f)
-        return
     try:
         hf_hub_download(
             repo_id=REPO_ID,
@@ -85,34 +85,84 @@ def download_db_from_hf():
             repo_type="dataset",
             token=HF_TOKEN_READ,
             local_dir=".",
-            local_dir_use_symlinks=False,
-            force_download=True # Ensure we get the latest version
+            local_dir_use_symlinks=False
         )
         logging.info("Database downloaded from Hugging Face")
     except Exception as e:
         logging.error(f"Error downloading database: {e}")
         if not os.path.exists(DATA_FILE):
+            logging.warning(f"{DATA_FILE} not found locally after failed download. Creating empty.")
             with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                json.dump({'users': {}, 'files': {}}, f)
+                json.dump({'users': {}}, f)
 
 def periodic_backup():
     while True:
-        time.sleep(1800)
-        logging.info("Attempting periodic backup...")
         upload_db_to_hf()
+        time.sleep(1800)
 
-def get_file_type(filename):
-    filename_lower = filename.lower()
-    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv', '.flv')):
-        return 'video'
-    elif filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')):
+def get_mime_type(filename):
+    mime_type, _ = mimetypes.guess_type(filename)
+    if mime_type:
+        return mime_type
+    return 'application/octet-stream'
+
+def get_preview_type(mime_type):
+    if mime_type.startswith('image/'):
         return 'image'
-    elif filename_lower.endswith('.pdf'):
+    elif mime_type.startswith('video/'):
+        return 'video'
+    elif mime_type == 'application/pdf':
         return 'pdf'
-    elif filename_lower.endswith('.txt'):
+    elif mime_type == 'text/plain':
         return 'text'
     return 'other'
 
+def get_item_at_path(data, username, path_list):
+    user_data = data['users'].get(username)
+    if not user_data:
+        return None
+    current_folder = user_data.get('root')
+    if not current_folder or current_folder.get('_type') != 'folder':
+         user_data['root'] = {'_type': 'folder', 'items': {}} # Attempt to fix broken structure
+         current_folder = user_data['root']
+
+    for part in path_list:
+        if current_folder.get('_type') != 'folder' or part not in current_folder.get('items', {}):
+            return None # Path segment is not a folder or doesn't exist
+        current_folder = current_folder['items'][part]
+    return current_folder
+
+def add_item_at_path(data, username, path_list, item_name, item_data):
+    parent_folder = get_item_at_path(data, username, path_list)
+    if parent_folder and parent_folder.get('_type') == 'folder':
+        parent_folder['items'][item_name] = item_data
+        return True
+    return False
+
+def delete_item_at_path(data, username, path_list, item_name):
+    parent_folder = get_item_at_path(data, username, path_list)
+    if parent_folder and parent_folder.get('_type') == 'folder' and item_name in parent_folder.get('items', {}):
+        deleted_item = parent_folder['items'].pop(item_name)
+        return deleted_item
+    return None
+
+def list_items_at_path(data, username, path_list):
+    folder = get_item_at_path(data, username, path_list)
+    if folder and folder.get('_type') == 'folder':
+        # Sort folders first, then files, alphabetically by name
+        items = sorted(folder.get('items', {}).items(), key=lambda item: (item[1].get('_type') != 'folder', item[0]))
+        return items
+    return []
+
+def get_hf_storage_path(username, path_list, unique_name):
+    # Construct the full path on HF Hub including user folder and cloud path
+    user_base_path = f"cloud_files/{username}"
+    cloud_path = '/'.join(path_list)
+    if cloud_path:
+        return f"{user_base_path}/{cloud_path}/{unique_name}"
+    else:
+        return f"{user_base_path}/{unique_name}"
+
 BASE_STYLE = '''
 :root {
     --primary: #ff4d6d;
@@ -128,6 +178,7 @@ BASE_STYLE = '''
     --glass-bg: rgba(255, 255, 255, 0.15);
     --transition: all 0.3s ease;
     --delete-color: #ff4444;
+    --folder-color: #facc15; /* Yellow */
 }
 * { margin: 0; padding: 0; box-sizing: border-box; }
 body {
@@ -135,13 +186,14 @@ body {
     background: var(--background-light);
     color: var(--text-light);
     line-height: 1.6;
+    padding: 20px;
 }
 body.dark {
     background: var(--background-dark);
     color: var(--text-dark);
 }
 .container {
-    margin: 20px auto;
+    margin: 0 auto;
     max-width: 1200px;
     padding: 25px;
     background: var(--card-bg);
@@ -199,8 +251,7 @@ input:focus, textarea:focus {
     box-shadow: var(--shadow);
     display: inline-block;
     text-decoration: none;
-    margin-right: 5px; /* Added margin */
-    margin-bottom: 5px; /* Added margin */
+    text-align: center;
 }
 .btn:hover {
     transform: scale(1.05);
@@ -208,20 +259,28 @@ input:focus, textarea:focus {
 }
 .download-btn {
     background: var(--secondary);
+    margin-top: 10px;
 }
 .download-btn:hover {
     background: #00b8c5;
 }
 .delete-btn {
     background: var(--delete-color);
+    margin-top: 10px;
 }
 .delete-btn:hover {
     background: #cc3333;
 }
 .flash {
-    color: var(--secondary);
-    text-align: center;
+    padding: 10px;
     margin-bottom: 15px;
+    border-radius: 8px;
+    text-align: center;
+    background-color: var(--secondary); /* Using secondary for flash messages */
+    color: var(--text-light); /* Text color matching background */
+}
+body.dark .flash {
+     color: var(--text-dark);
 }
 .file-grid {
     display: grid;
@@ -256,7 +315,7 @@ body.dark .user-item {
 }
 @media (max-width: 768px) {
     .file-grid {
-        grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
+        grid-template-columns: repeat(2, 1fr);
     }
 }
 @media (max-width: 480px) {
@@ -264,54 +323,68 @@ body.dark .user-item {
         grid-template-columns: 1fr;
     }
 }
-.file-item {
+.file-item, .folder-item {
     background: var(--card-bg);
     padding: 15px;
     border-radius: 16px;
     box-shadow: var(--shadow);
     text-align: center;
     transition: var(--transition);
-    word-wrap: break-word; /* Ensure long names wrap */
-    overflow: hidden; /* Hide overflow */
+    display: flex;
+    flex-direction: column;
+    justify-content: space-between;
 }
-body.dark .file-item {
+body.dark .file-item, body.dark .folder-item {
     background: var(--card-bg-dark);
 }
-.file-item:hover {
+.file-item:hover, .folder-item:hover {
     transform: translateY(-5px);
 }
-.file-preview {
-    width: 100%; /* Ensure preview takes full width */
-    height: 180px; /* Fixed height for consistency */
-    object-fit: cover; /* Cover the area */
-    border-radius: 10px;
-    margin-bottom: 10px;
+.folder-item {
     cursor: pointer;
-    background-color: #eee; /* Placeholder color */
+    background-color: var(--glass-bg);
+    border: 2px dashed var(--folder-color);
 }
-.file-preview-icon { /* Style for icons */
-    width: 100%;
-    height: 180px;
+body.dark .folder-item {
+     background-color: rgba(40, 35, 60, 0.5);
+}
+.folder-item a {
+    display: block;
+    text-decoration: none;
+    color: var(--text-light);
+    font-weight: 600;
+    flex-grow: 1;
     display: flex;
+    flex-direction: column;
     justify-content: center;
     align-items: center;
-    font-size: 5em; /* Large icon */
-    color: var(--secondary);
+}
+body.dark .folder-item a {
+     color: var(--text-dark);
+}
+.folder-icon::before {
+    content: "📁"; /* Folder emoji */
+    font-size: 3em;
+    margin-bottom: 10px;
+    color: var(--folder-color);
+}
+.file-preview {
+    max-width: 100%;
+    max-height: 200px;
+    object-fit: cover;
     border-radius: 10px;
     margin-bottom: 10px;
-    background-color: rgba(0, 221, 235, 0.1); /* Light background */
+    loading: lazy;
     cursor: pointer;
 }
 .file-item p {
     font-size: 0.9em;
     margin: 5px 0;
-    white-space: nowrap;
-    overflow: hidden;
-    text-overflow: ellipsis; /* Add ellipsis for long names */
+    word-break: break-all; /* Prevent long names breaking layout */
 }
-.file-item .filename { /* Style for filename */
-    font-weight: 600;
-    margin-bottom: 8px;
+.file-item .file-name {
+     font-weight: 600;
+     margin-bottom: 10px;
 }
 .file-item a {
     color: var(--primary);
@@ -320,6 +393,17 @@ body.dark .file-item {
 .file-item a:hover {
     color: var(--accent);
 }
+.file-actions {
+    display: flex;
+    justify-content: center;
+    gap: 10px;
+    flex-wrap: wrap;
+}
+.file-actions .btn {
+    padding: 8px 15px;
+    font-size: 0.9em;
+    margin-top: 0;
+}
 .modal {
     display: none;
     position: fixed;
@@ -327,33 +411,23 @@ body.dark .file-item {
     left: 0;
     width: 100%;
     height: 100%;
-    background: rgba(0, 0, 0, 0.85);
+    background: rgba(0, 0, 0, 0.9);
     z-index: 2000;
     justify-content: center;
     align-items: center;
-    padding: 10px;
 }
-.modal-content {
+.modal img, .modal video, .modal iframe {
     max-width: 95%;
-    max-height: 95%;
-    display: flex; /* Use flex for centering */
-    justify-content: center;
-    align-items: center;
-}
-
-.modal img, .modal video {
-    max-width: 100%;
-    max-height: 100%;
+    max-height: 95vh;
     object-fit: contain;
-    border-radius: 10px;
+    border-radius: 20px;
     box-shadow: var(--shadow);
+    background: white; /* Ensure iframe/text background is visible */
+    border: none; /* Remove default iframe border */
 }
 .modal iframe {
-    width: 90vw;
-    height: 90vh;
-    border: none;
-    border-radius: 10px;
-    background: white; /* Background for iframe content */
+     width: 95%; /* Give iframes a width */
+     height: 95vh; /* And height */
 }
 #progress-container {
     width: 100%;
@@ -368,6 +442,42 @@ body.dark .file-item {
     background: var(--primary);
     border-radius: 10px;
     transition: width 0.3s ease;
+    text-align: center;
+    line-height: 20px;
+    color: white;
+    font-size: 0.8em;
+}
+.current-path {
+    margin-bottom: 20px;
+    font-size: 1.2em;
+    font-weight: 600;
+}
+.path-segment {
+    color: var(--primary);
+    text-decoration: none;
+}
+.path-segment:hover {
+    text-decoration: underline;
+}
+.path-segment:not(:last-child)::after {
+    content: " / ";
+    color: var(--text-light);
+}
+body.dark .path-segment:not(:last-child)::after {
+    color: var(--text-dark);
+}
+.folder-form {
+    margin-top: 20px;
+    display: flex;
+    gap: 10px;
+}
+.folder-form input[type="text"] {
+    flex-grow: 1;
+    margin: 0;
+}
+.folder-form button {
+    flex-shrink: 0;
+    margin: 0;
 }
 '''
 
@@ -386,14 +496,19 @@ def register():
         if not username or not password:
             flash('Имя пользователя и пароль обязательны!')
             return redirect(url_for('register'))
+        
+        if '/' in username or '.' in username:
+             flash('Имя пользователя не может содержать символы "/" или "."')
+             return redirect(url_for('register'))
 
         data['users'][username] = {
             'password': password,
             'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-            'files': []
+            'root': {'_type': 'folder', 'items': {}} # Initialize root folder
         }
         save_data(data)
         session['username'] = username
+        session['current_path'] = [] # Initialize current path in session
         flash('Регистрация прошла успешно!')
         return redirect(url_for('dashboard'))
 
@@ -438,6 +553,7 @@ def login():
 
         if username in data['users'] and data['users'][username]['password'] == password:
             session['username'] = username
+            session['current_path'] = [] # Reset path on login
             return jsonify({'status': 'success', 'redirect': url_for('dashboard')})
         else:
             return jsonify({'status': 'error', 'message': 'Неверное имя пользователя или пароль!'})
@@ -485,9 +601,6 @@ def login():
             .then(data => {
                 if (data.status === 'success') {
                     window.location.href = data.redirect;
-                } else {
-                    // Clear invalid stored credentials
-                    localStorage.removeItem('zeusCredentials');
                 }
             })
             .catch(error => console.error('Ошибка автовхода:', error));
@@ -505,7 +618,7 @@ def login():
                 if (data.status === 'success') {
                     const username = formData.get('username');
                     const password = formData.get('password');
-                    localStorage.setItem('zeusCredentials', JSON.stringify({ username, password }));
+                    // localStorage.setItem('zeusCredentials', JSON.stringify({ username, password })); // Uncomment to enable persistent login
                     window.location.href = data.redirect;
                 } else {
                     document.getElementById('flash-messages').innerHTML = `<div class="flash">${data.message}</div>`;
@@ -521,8 +634,9 @@ def login():
 '''
     return render_template_string(html)
 
-@app.route('/dashboard', methods=['GET', 'POST'])
-def dashboard():
+@app.route('/dashboard', defaults={'path': ''}, methods=['GET', 'POST'])
+@app.route('/dashboard/<path:path>', methods=['GET', 'POST'])
+def dashboard(path):
     if 'username' not in session:
         flash('Пожалуйста, войдите в систему!')
         return redirect(url_for('login'))
@@ -531,88 +645,114 @@ def dashboard():
     data = load_data()
     if username not in data['users']:
         session.pop('username', None)
+        session.pop('current_path', None)
         flash('Пользователь не найден!')
         return redirect(url_for('login'))
 
-    if request.method == 'POST':
-        files = request.files.getlist('files')
-        if not files or all(not f.filename for f in files):
-            flash('Файлы не выбраны!')
-            return redirect(url_for('dashboard'))
+    # Normalize path: empty string or single / becomes root []
+    path_list = [p for p in path.split('/') if p]
+    session['current_path'] = path_list
+
+    current_folder = get_item_at_path(data, username, path_list)
 
-        if len(files) > 20:
-            flash('Максимум 20 файлов за раз!')
-            return redirect(url_for('dashboard'))
+    if not current_folder or current_folder.get('_type') != 'folder':
+        flash('Папка не найдена!')
+        session['current_path'] = []
+        return redirect(url_for('dashboard'))
 
-        if not HF_TOKEN_WRITE:
-            flash('Загрузка невозможна: отсутствует токен Hugging Face для записи.')
-            return redirect(url_for('dashboard'))
+    items_in_folder = list_items_at_path(data, username, path_list)
 
-        os.makedirs('uploads', exist_ok=True)
-        api = HfApi()
-        uploaded_files_info = []
-        upload_errors = []
-
-        for file in files:
-            if file and file.filename:
-                original_filename = file.filename
-                sanitized_base, extension = os.path.splitext(secure_filename(original_filename))
-                unique_id = str(uuid.uuid4())[:8] # Shorter UUID for filename
-                unique_filename = f"{sanitized_base}_{unique_id}{extension}"
-                temp_path = os.path.join('uploads', unique_filename) # Save temp with unique name
-
-                try:
-                    file.save(temp_path)
-                    file_path_in_repo = f"cloud_files/{username}/{unique_filename}"
-
-                    api.upload_file(
-                        path_or_fileobj=temp_path,
-                        path_in_repo=file_path_in_repo,
-                        repo_id=REPO_ID,
-                        repo_type="dataset",
-                        token=HF_TOKEN_WRITE,
-                        commit_message=f"Uploaded {unique_filename} for {username}"
-                    )
-
-                    file_info = {
-                        'filename': unique_filename, # Unique name used in storage
-                        'original_name': original_filename, # Original name for display
-                        'path': file_path_in_repo,
-                        'type': get_file_type(original_filename),
-                        'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-                    }
-                    uploaded_files_info.append(file_info)
-
-                except Exception as e:
-                    logging.error(f"Error uploading file {original_filename} ({unique_filename}): {e}")
-                    upload_errors.append(original_filename)
-                finally:
-                    if os.path.exists(temp_path):
-                        os.remove(temp_path)
-
-        if uploaded_files_info:
-            current_data = load_data() # Reload data before modifying
-            if username in current_data['users']:
-                 if 'files' not in current_data['users'][username]:
-                     current_data['users'][username]['files'] = []
-                 current_data['users'][username]['files'].extend(uploaded_files_info)
-                 save_data(current_data)
-                 flash(f'{len(uploaded_files_info)} файл(ов) успешно загружено!')
-            else:
-                flash('Ошибка: пользователь не найден после загрузки.') # Should not happen if session check passed
+    if request.method == 'POST':
+        if 'files' in request.files:
+            files = request.files.getlist('files')
+            if files and len(files) > 20:
+                flash('Максимум 20 файлов за раз!')
+                return redirect(url_for('dashboard', path='/'.join(path_list)))
+
+            if files:
+                os.makedirs('uploads', exist_ok=True)
+                api = HfApi()
+                uploaded_count = 0
+
+                for file in files:
+                    if file and file.filename:
+                        original_filename = file.filename
+                        secured_filename = secure_filename(original_filename)
+                        # Generate unique name
+                        unique_filename = f"{uuid.uuid4().hex}_{secured_filename}"
+                        temp_path = os.path.join('uploads', unique_filename)
+                        file.save(temp_path)
+
+                        # Construct HF storage path relative to user's cloud_files
+                        hf_file_path = get_hf_storage_path(username, path_list, unique_filename)
+
+                        try:
+                            api.upload_file(
+                                path_or_fileobj=temp_path,
+                                path_in_repo=hf_file_path,
+                                repo_id=REPO_ID,
+                                repo_type="dataset",
+                                token=HF_TOKEN_WRITE,
+                                commit_message=f"Uploaded file {secured_filename} for {username} in /{'/'.join(path_list)}"
+                            )
+
+                            mime_type = get_mime_type(secured_filename)
+
+                            file_info = {
+                                '_type': 'file',
+                                'original_name': original_filename,
+                                'unique_name': unique_filename,
+                                'path_on_hf': hf_file_path,
+                                'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
+                                'mime_type': mime_type
+                            }
+
+                            # Add file to the database structure
+                            add_item_at_path(data, username, path_list, original_filename, file_info)
+                            uploaded_count += 1
+
+                        except Exception as e:
+                            logging.error(f"Error uploading file {original_filename} to HF: {e}")
+                            flash(f'Ошибка загрузки файла {original_filename}!')
+
+                        finally:
+                            if os.path.exists(temp_path):
+                                os.remove(temp_path)
+
+                if uploaded_count > 0:
+                    save_data(data)
+                    flash(f'Успешно загружено {uploaded_count} файл(ов)!')
+
+        elif 'folder_name' in request.form:
+             folder_name = request.form.get('folder_name')
+             if not folder_name:
+                  flash('Имя папки не может быть пустым!')
+             elif '/' in folder_name or '.' in folder_name:
+                  flash('Имя папки не может содержать символы "/" или "."')
+             else:
+                 # Check if item with same name already exists
+                 if folder_name in current_folder.get('items', {}):
+                      flash(f'Элемент с именем "{folder_name}" уже существует в этой папке!')
+                 else:
+                     folder_data = {
+                         '_type': 'folder',
+                         'items': {}
+                     }
+                     if add_item_at_path(data, username, path_list, folder_name, folder_data):
+                          save_data(data)
+                          flash(f'Папка "{folder_name}" создана!')
+                     else:
+                          flash('Не удалось создать папку.')
 
-        if upload_errors:
-            flash(f'Ошибка при загрузке файлов: {", ".join(upload_errors)}')
 
-        # Use AJAX response if request expects JSON (like from the JS progress handler)
-        if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
-             # Even though JS reloads, sending a success helps confirm operation
-             return jsonify({'status': 'success', 'uploaded': len(uploaded_files_info), 'errors': len(upload_errors)})
-        else:
-            return redirect(url_for('dashboard')) # Standard redirect for non-JS form submit
+        return redirect(url_for('dashboard', path='/'.join(path_list)))
 
-    # GET request part
-    user_files = sorted(data['users'][username].get('files', []), key=lambda x: x.get('upload_date', ''), reverse=True)
+    # Build breadcrumbs
+    breadcrumbs = [{'name': 'Главная', 'path': url_for('dashboard')}]
+    current_breadcrumb_path = []
+    for segment in path_list:
+        current_breadcrumb_path.append(segment)
+        breadcrumbs.append({'name': segment, 'path': url_for('dashboard', path='/'.join(current_breadcrumb_path))})
 
     html = '''
 <!DOCTYPE html>
@@ -622,13 +762,23 @@ def dashboard():
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Панель управления - Zeus Cloud</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css"> <!-- Font Awesome for icons -->
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
     <div class="container">
         <h1>Панель управления Zeus Cloud</h1>
-        <p>Пользователь: <strong>{{ username }}</strong></p>
+        <p>Пользователь: {{ username }}</p>
+
+        <div class="current-path">
+            {% for breadcrumb in breadcrumbs %}
+                {% if not loop.last %}
+                    <a href="{{ breadcrumb.path }}" class="path-segment">{{ breadcrumb.name }}</a>
+                {% else %}
+                    <span class="path-segment">{{ breadcrumb.name }}</span>
+                {% endif %}
+            {% endfor %}
+        </div>
+
         {% with messages = get_flashed_messages() %}
             {% if messages %}
                 {% for message in messages %}
@@ -636,120 +786,157 @@ def dashboard():
                 {% endfor %}
             {% endif %}
         {% endwith %}
+
         <form id="upload-form" method="POST" enctype="multipart/form-data">
             <input type="file" name="files" multiple required>
             <button type="submit" class="btn" id="upload-btn">Загрузить файлы</button>
         </form>
-        <div id="progress-container" style="display: none;">
+
+        <div id="progress-container">
             <div id="progress-bar"></div>
         </div>
-        <h2 style="margin-top: 30px;">Ваши файлы</h2>
+
+        <form id="create-folder-form" method="POST" class="folder-form">
+             <input type="text" name="folder_name" placeholder="Имя новой папки" required>
+             <button type="submit" class="btn">Создать папку</button>
+        </form>
+
+        <h2 style="margin-top: 30px;">Содержимое папки</h2>
         <p style="text-align: center; margin-top: 10px; color: var(--accent);">Ваши файлы под надежной защитой квантовой криптографии</p>
+
         <div class="file-grid">
-            {% for file in user_files %}
-                <div class="file-item">
-                    <p class="filename" title="{{ file.original_name }}">{{ file.original_name }}</p> {# Display original name #}
-                    {% set file_url = "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path + "?token=" + hf_token_read if hf_token_read else "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path %}
-                    {% if file.type == 'video' %}
-                        <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
-                            <source src="{{ file_url }}" type="video/mp4"> {# Use variable for URL #}
-                            Ваш браузер не поддерживает предпросмотр видео.
-                        </video>
-                    {% elif file.type == 'image' %}
-                        <img class="file-preview" src="{{ file_url }}" alt="{{ file.original_name }}" loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
-                    {% elif file.type == 'pdf' %}
-                         <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
-                            <i class="fas fa-file-pdf"></i>
+            {% for name, item in items_in_folder %}
+                {% if item._type == 'folder' %}
+                    <div class="folder-item" onclick="window.location.href='{{ url_for('dashboard', path=(current_path|join('/') + '/' + name) if current_path else name) }}'">
+                        <div class="folder-icon"></div>
+                        <p class="file-name">{{ name }}</p>
+                    </div>
+                {% elif item._type == 'file' %}
+                    <div class="file-item">
+                        <p class="file-name">{{ item.original_name }}</p>
+                        {% if item.mime_type and item.mime_type.startswith('image/') %}
+                             <img class="file-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}" alt="{{ item.original_name }}" loading="lazy" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">
+                        {% elif item.mime_type and item.mime_type.startswith('video/') %}
+                             <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">
+                                 <source src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}" type="{{ item.mime_type }}">
+                             </video>
+                        {% elif item.mime_type == 'application/pdf' %}
+                             <p style="font-size: 3em; margin-bottom: 10px;">📄</p> <!-- PDF icon -->
+                             <button class="btn download-btn" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">Просмотр PDF</button>
+                        {% elif item.mime_type == 'text/plain' %}
+                             <p style="font-size: 3em; margin-bottom: 10px;">📃</p> <!-- Text icon -->
+                             <button class="btn download-btn" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">Просмотр TXT</button>
+                        {% else %}
+                             <p style="font-size: 3em; margin-bottom: 10px;">📦</p> <!-- Default icon -->
+                        {% endif %}
+
+                        <p>Загружен: {{ item.upload_date }}</p>
+                         <div class="file-actions">
+                            <a href="{{ url_for('download_item', path=(current_path|join('/') + '/' + name) if current_path else name) }}" class="btn download-btn">Скачать</a>
+                            <a href="{{ url_for('delete_item', path=(current_path|join('/') + '/' + name) if current_path else name) }}" class="btn delete-btn" onclick="return confirm('Вы уверены, что хотите удалить "{{ name }}"?');">Удалить</a>
                          </div>
-                    {% elif file.type == 'text' %}
-                         <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
-                            <i class="fas fa-file-alt"></i>
-                         </div>
-                    {% else %}
-                         <div class="file-preview-icon" onclick="alert('Предпросмотр для этого типа файла не поддерживается.')">
-                              <i class="fas fa-file"></i> {# Generic file icon #}
-                         </div>
-                    {% endif %}
-                    <p style="font-size: 0.8em; color: #666;">{{ file.upload_date }}</p> {# Smaller date #}
-                    {# Use original_name for the download attribute #}
-                    <a href="{{ url_for('download_file', file_path=file.path, filename=file.original_name) }}" class="btn download-btn">Скачать</a>
-                    <a href="{{ url_for('delete_file', file_path=file.path) }}" class="btn delete-btn" onclick="return confirm('Вы уверены, что хотите удалить файл \'{{ file.original_name }}\'?');">Удалить</a>
-                </div>
+                    </div>
+                {% endif %}
             {% endfor %}
-            {% if not user_files %}
-                <p>Вы еще не загрузили ни одного файла.</p>
+            {% if not items_in_folder %}
+                <p>Эта папка пуста.</p>
             {% endif %}
         </div>
+
         <h2 style="margin-top: 30px;">Добавить на главный экран</h2>
         <p>Для быстрого доступа к Zeus Cloud, вы можете добавить это приложение на главный экран вашего телефона:</p>
-         <div style="display: flex; flex-wrap: wrap; gap: 20px; margin-top: 15px;">
-             <div style="flex: 1; min-width: 250px;">
-                 <h3><i class="fab fa-android"></i> Android:</h3>
-                 <ol>
-                     <li>Откройте Zeus Cloud в браузере Chrome.</li>
-                     <li>Нажмите на меню <i class="fas fa-ellipsis-v"></i> (обычно три точки).</li>
-                     <li>Выберите <strong>"Установить приложение"</strong> или <strong>"Добавить на главный экран"</strong>.</li>
-                     <li>Подтвердите добавление.</li>
-                 </ol>
-             </div>
-             <div style="flex: 1; min-width: 250px;">
-                 <h3><i class="fab fa-apple"></i> iOS (iPhone/iPad):</h3>
-                 <ol>
-                     <li>Откройте Zeus Cloud в браузере Safari.</li>
-                     <li>Нажмите кнопку <strong>"Поделиться"</strong> <i class="fas fa-external-link-square-alt"></i> (квадрат со стрелкой).</li>
-                     <li>Прокрутите вниз и выберите <strong>"На экран «Домой»"</strong>.</li>
-                     <li>Нажмите <strong>"Добавить"</strong>.</li>
-                 </ol>
-            </div>
+        <div style="margin-top: 10px;">
+            <h3>Для пользователей Android:</h3>
+            <ol>
+                <li>Откройте Zeus Cloud в браузере Chrome.</li>
+                <li>Нажмите на меню браузера (обычно три точки вверху справа).</li>
+                <li>Выберите <strong>"Добавить на главный экран"</strong>.</li>
+                <li>Подтвердите добавление, и иконка приложения появится на вашем главном экране.</li>
+            </ol>
         </div>
-        <a href="{{ url_for('logout') }}" class="btn" style="margin-top: 30px; background-color: var(--accent);" id="logout-btn">Выйти</a>
+        <div style="margin-top: 10px;">
+            <h3>Для пользователей iOS (iPhone/iPad):</h3>
+            <ol>
+                <li>Откройте Zeus Cloud в браузере Safari.</li>
+                <li>Нажмите кнопку <strong>"Поделиться"</strong> (квадрат со стрелкой вверх) в нижней части экрана.</li>
+                <li>Прокрутите список опций вниз и выберите <strong>"Добавить на экран «Домой»"</strong>.</li>
+                <li>В правом верхнем углу нажмите <strong>"Добавить"</strong>. Иконка приложения появится на вашем главном экране.</li>
+            </ol>
+        </div>
+        <a href="{{ url_for('logout') }}" class="btn" style="margin-top: 20px;" id="logout-btn">Выйти</a>
     </div>
     <div class="modal" id="mediaModal" onclick="closeModal(event)">
-        <div class="modal-content" id="modalContent"></div>
+        <div id="modalContent"></div>
     </div>
     <script>
-        const HF_TOKEN_READ = "{{ hf_token_read or '' }}"; // Pass read token to JS if available
+        const HF_TOKEN_READ = "{{ HF_TOKEN_READ }}"; // Pass token for potential private access
 
-        function openModal(src, fileType) {
+        function openModal(src, mimeType) {
             const modal = document.getElementById('mediaModal');
             const modalContent = document.getElementById('modalContent');
             modalContent.innerHTML = ''; // Clear previous content
 
-            // Add token to URL if needed and not already present
-            let finalSrc = src;
-            if (HF_TOKEN_READ && src.indexOf('token=') === -1) {
-                 finalSrc += (src.indexOf('?') === -1 ? '?' : '&') + 'token=' + HF_TOKEN_READ;
-            }
-
-            if (fileType === 'video') {
-                modalContent.innerHTML = `<video controls autoplay><source src="${finalSrc}" type="video/mp4">Ваш браузер не поддерживает это видео.</video>`;
-            } else if (fileType === 'image') {
-                modalContent.innerHTML = `<img src="${finalSrc}" alt="Предпросмотр изображения">`;
-            } else if (fileType === 'pdf' || fileType === 'text') {
-                 // Use iframe for PDF and Text preview
-                 modalContent.innerHTML = `<iframe src="${finalSrc}"></iframe>`;
+            let contentHtml = '';
+            const tokenParam = HF_TOKEN_READ ? `?token=${HF_TOKEN_READ}` : "";
+            const finalSrc = src + tokenParam; // Append token if available
+
+            if (mimeType.startsWith('image/')) {
+                contentHtml = `<img src="${finalSrc}">`;
+            } else if (mimeType.startsWith('video/')) {
+                 // Use ?download=true for video source on HF Hub might be necessary for direct stream/link
+                 const videoSrc = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
+                contentHtml = `<video controls autoplay><source src="${videoSrc}" type="${mimeType}"></video>`;
+            } else if (mimeType === 'application/pdf') {
+                 // Use ?download=true for PDF iframe source on HF Hub might be necessary
+                 const pdfSrc = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
+                contentHtml = `<iframe src="${pdfSrc}" type="${mimeType}" allowfullscreen webkitallowfullscreen></iframe>`;
+            } else if (mimeType === 'text/plain') {
+                 // Use ?download=true for TXT iframe source on HF Hub might be necessary
+                 const textSrc = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
+                 // Trying iframe for text - might work depending on browser/HF Hub
+                 contentHtml = `<iframe src="${textSrc}" type="${mimeType}"></iframe>`;
+                 // Alternative: Fetch text content and display in <pre> tag
+                 // fetch(finalSrc).then(response => response.text()).then(text => {
+                 //     modalContent.innerHTML = `<pre style="background: white; padding: 20px; border-radius: 10px; max-width: 95%; max-height: 95vh; overflow: auto;">${escapeHTML(text)}</pre>`;
+                 //     modal.style.display = 'flex';
+                 // }).catch(error => {
+                 //     console.error('Error fetching text:', error);
+                 //     modalContent.innerHTML = `<p style="color: white;">Ошибка загрузки текстового файла.</p>`;
+                 //     modal.style.display = 'flex';
+                 // });
+                 // return; // Exit function to prevent displaying iframe below
             } else {
-                 alert('Предпросмотр для этого типа файла не поддерживается.');
-                 return; // Don't open modal for unsupported types
+                // For other types, just open the download link or show a message
+                alert('Предпросмотр для этого типа файла недоступен. Файл будет скачан.');
+                window.open(src, '_blank'); // Opens download link in new tab
+                return; // Don't show modal
             }
+
+            modalContent.innerHTML = contentHtml;
             modal.style.display = 'flex';
         }
 
+         // Helper function to escape HTML for text preview (if using <pre>)
+         // function escapeHTML(str) {
+         //     return str.replace(/&/g, '&')
+         //               .replace(/</g, '<')
+         //               .replace(/>/g, '>')
+         //               .replace(/"/g, '"')
+         //               .replace(/'/g, ''');
+         // }
+
+
         function closeModal(event) {
             const modal = document.getElementById('mediaModal');
-            // Close only if clicking on the background (the modal itself)
-            if (event.target === modal) {
+             // Close only if click is outside the modal content
+             const modalContent = document.getElementById('modalContent');
+             if (modal.style.display === 'flex' && !modalContent.contains(event.target)) {
                  modal.style.display = 'none';
                  const video = modal.querySelector('video');
                  if (video) {
                     video.pause();
-                    video.src = ''; // Stop loading video
                  }
-                 const iframe = modal.querySelector('iframe');
-                 if (iframe) {
-                    iframe.src = 'about:blank'; // Clear iframe
-                 }
-                 document.getElementById('modalContent').innerHTML = ''; // Clear content
+                 modalContent.innerHTML = ''; // Clear content
             }
         }
 
@@ -757,71 +944,77 @@ def dashboard():
         const progressBar = document.getElementById('progress-bar');
         const progressContainer = document.getElementById('progress-container');
         const uploadBtn = document.getElementById('upload-btn');
-        const fileInput = form.querySelector('input[type="file"]');
 
         form.addEventListener('submit', function(e) {
-            e.preventDefault(); // Prevent default form submission
+            e.preventDefault();
+            const filesInput = form.querySelector('input[type="file"]');
+            const files = filesInput.files;
 
-            const files = fileInput.files;
-            if (files.length === 0) {
-                 alert('Пожалуйста, выберите файлы для загрузки.');
-                 return;
-            }
             if (files.length > 20) {
                 alert('Максимум 20 файлов за раз!');
                 return;
             }
+            if (files.length === 0) {
+                 alert('Пожалуйста, выберите файлы для загрузки.');
+                 return;
+            }
 
             const formData = new FormData(form);
+            // Add the current path to the form data if needed by the backend route
+            // (Not strictly necessary if backend uses session, but good practice)
+            // formData.append('current_path', window.location.pathname.replace('/dashboard/', ''));
+
             progressContainer.style.display = 'block';
             progressBar.style.width = '0%';
+            progressBar.textContent = '0%';
             uploadBtn.disabled = true;
-            uploadBtn.textContent = 'Загрузка...';
+            filesInput.disabled = true; // Disable file input during upload
 
             const xhr = new XMLHttpRequest();
-            xhr.open('POST', '{{ url_for("dashboard") }}', true);
-            // Required for Flask to know it's an AJAX request (optional but good practice)
-            xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
+            // Construct the correct URL including the current path
+            const currentUrlPath = window.location.pathname; // e.g., /dashboard or /dashboard/folder/sub
+            xhr.open('POST', currentUrlPath, true); // Send POST to the current URL
 
             xhr.upload.onprogress = function(event) {
                 if (event.lengthComputable) {
                     const percent = Math.round((event.loaded / event.total) * 100);
                     progressBar.style.width = percent + '%';
-                    progressBar.textContent = percent + '%'; // Show percentage text
+                    progressBar.textContent = percent + '%';
                 }
             };
 
-             xhr.onload = function() {
-                 uploadBtn.disabled = false;
-                 uploadBtn.textContent = 'Загрузить файлы';
-                 progressContainer.style.display = 'none';
-                 progressBar.style.width = '0%';
-                 progressBar.textContent = ''; // Clear percentage text
-
-                 if (xhr.status === 200) {
-                     // Attempt to parse JSON response for more detailed feedback (optional)
-                     try {
-                         const response = JSON.parse(xhr.responseText);
-                         // We could potentially update the file list dynamically here
-                         // For now, just reload to show flash messages and updated list
-                         location.reload();
-                     } catch (err) {
-                         // If response wasn't JSON or error, still reload
-                         location.reload();
-                     }
-                 } else {
-                     // Handle server errors (e.g., 500)
-                     alert('Ошибка сервера при загрузке файлов. Код: ' + xhr.status);
-                 }
+             xhr.onloadstart = function() {
+                progressBar.style.width = '0%';
+                progressBar.textContent = '0%';
              };
 
+            xhr.onload = function() {
+                uploadBtn.disabled = false;
+                filesInput.disabled = false;
+                progressContainer.style.display = 'none';
+
+                // Check the response status code
+                if (xhr.status >= 200 && xhr.status < 300) {
+                    // Success: Likely a redirect from Flask
+                    // Flask redirect response doesn't give JSON, it just sets the Location header
+                    // We should follow the redirect or reload the page after a short delay
+                    // to show updated file list and flash messages.
+                    // A simple reload is sufficient for this app structure.
+                    location.reload();
+                } else {
+                    // Handle potential server errors or validation errors if Flask returned non-redirect
+                    // If Flask returned JSON for errors (like login), we'd parse xhr.responseText
+                    // But the current dashboard POST handler redirects on success/failure.
+                    // So any other status likely indicates a server issue.
+                    alert('Ошибка загрузки файлов!');
+                 }
+            };
+
             xhr.onerror = function() {
-                alert('Ошибка сети при загрузке файлов.');
+                alert('Ошибка соединения!');
                 progressContainer.style.display = 'none';
-                progressBar.style.width = '0%';
-                progressBar.textContent = '';
                 uploadBtn.disabled = false;
-                uploadBtn.textContent = 'Загрузить файлы';
+                filesInput.disabled = false;
             };
 
             xhr.send(formData);
@@ -829,53 +1022,103 @@ def dashboard():
 
         document.getElementById('logout-btn').addEventListener('click', function(e) {
             e.preventDefault();
-            localStorage.removeItem('zeusCredentials');
-            window.location.href = '{{ url_for("logout") }}';
+            localStorage.removeItem('zeusCredentials'); // Clear persistent login flag
+            window.location.href = '/logout';
         });
+
+         // Close modal on ESC key
+         document.addEventListener('keydown', function(event) {
+             const modal = document.getElementById('mediaModal');
+             if (event.key === 'Escape' && modal.style.display === 'flex') {
+                 closeModal({ target: modal }); // Simulate click on modal background
+             }
+         });
+
+          // Prevent modal click closing if clicking on modal content
+          document.getElementById('modalContent').addEventListener('click', function(event) {
+               event.stopPropagation(); // Stop the click event from bubbling up to the modal background
+          });
+
     </script>
 </body>
 </html>
 '''
-    return render_template_string(html, username=username, user_files=user_files, repo_id=REPO_ID, hf_token_read=HF_TOKEN_READ)
+    # Pass current_path to the template for breadcrumbs and folder links
+    return render_template_string(html, username=username, items_in_folder=items_in_folder, repo_id=REPO_ID, current_path=path_list, breadcrumbs=breadcrumbs, HF_TOKEN_READ=HF_TOKEN_READ)
 
+@app.route('/download/<path:path>')
+def download_item(path):
+    if 'username' not in session:
+        flash('Пожалуйста, войдите в систему!')
+        return redirect(url_for('login'))
 
-@app.route('/download/<path:file_path>/<filename>')
-def download_file(file_path, filename):
-    if 'username' not in session and not (request.referrer and 'admhosto' in request.referrer):
-         flash('Пожалуйста, войдите в систему!')
-         return redirect(url_for('login'))
-
-    current_username = session.get('username')
-    is_admin_request = request.referrer and 'admhosto' in request.referrer
+    username = session['username']
+    data = load_data()
+    if username not in data['users']:
+        session.pop('username', None)
+        session.pop('current_path', None)
+        flash('Пользователь не найден!')
+        return redirect(url_for('login'))
 
-    # Basic check: if it's not an admin request, the user must be logged in
-    if not is_admin_request and not current_username:
-         flash('Доступ запрещен.')
-         return redirect(url_for('login'))
+    # Path to the item within the user's cloud
+    path_list = [p for p in path.split('/') if p]
+    if not path_list:
+         flash('Неверный путь для скачивания!')
+         return redirect(url_for('dashboard')) # Or admin_panel if admin
+
+    item_name = path_list[-1]
+    parent_path_list = path_list[:-1]
+
+    parent_folder = get_item_at_path(data, username, parent_path_list)
+
+    if not parent_folder or parent_folder.get('_type') != 'folder' or item_name not in parent_folder.get('items', {}):
+        flash('Элемент для скачивания не найден!')
+        # Redirect back to where they came from (dashboard or admin)
+        if 'admhosto' in request.referrer:
+             # Attempt to reconstruct admin path to user's files
+             try:
+                 admin_username = path_list[0] # Assuming first segment after /download/ is username in admin context
+                 # Need a way to get the actual admin path from the item's path
+                 # This is tricky. Let's just redirect to admin user root for simplicity
+                 return redirect(url_for('admin_user_files', username=admin_username))
+             except IndexError:
+                 return redirect(url_for('admin_panel'))
+        else:
+             return redirect(url_for('dashboard', path='/'.join(session.get('current_path', [])))) # Redirect to user's current path
+
+    item_data = parent_folder['items'][item_name]
+
+    if item_data.get('_type') == 'folder':
+         flash('Невозможно скачать папку напрямую.')
+         # Redirect back to where they came from
+         if 'admhosto' in request.referrer:
+             try:
+                 admin_username = path_list[0]
+                 return redirect(url_for('admin_user_files', username=admin_username))
+             except IndexError:
+                 return redirect(url_for('admin_panel'))
+         else:
+             return redirect(url_for('dashboard', path='/'.join(session.get('current_path', []))))
+
+
+    # Item is a file, proceed with download
+    hf_path = item_data.get('path_on_hf')
+    original_filename = item_data.get('original_name', item_name) # Fallback to item_name if original_name missing
+
+    if not hf_path:
+         flash('Информация о пути файла повреждена.')
+         # Redirect back
+         if 'admhosto' in request.referrer:
+             try:
+                 admin_username = path_list[0]
+                 return redirect(url_for('admin_user_files', username=admin_username))
+             except IndexError:
+                 return redirect(url_for('admin_panel'))
+         else:
+             return redirect(url_for('dashboard', path='/'.join(session.get('current_path', []))))
 
-    data = load_data()
 
-    # Determine the owner of the file from the path
-    try:
-        file_owner = file_path.split('/')[1]
-    except IndexError:
-         flash('Неверный путь к файлу.')
-         return redirect(request.referrer or url_for('dashboard'))
-
-    # Permission check
-    if not is_admin_request:
-        # Regular user request: check if they own the file
-        if current_username != file_owner:
-             flash('У вас нет доступа к этому файлу!')
-             return redirect(url_for('dashboard'))
-        # Verify the file exists in their list (optional, but good practice)
-        if not any(f['path'] == file_path for f in data.get('users', {}).get(current_username, {}).get('files', [])):
-            flash('Файл не найден в вашем аккаунте.')
-            return redirect(url_for('dashboard'))
-    # If it's an admin request, we allow the download (assuming admin is verified elsewhere or implicitly via URL)
-
-    # Construct download URL
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{file_path}?download=true"
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
     try:
         headers = {}
         if HF_TOKEN_READ:
@@ -884,32 +1127,46 @@ def download_file(file_path, filename):
         response = requests.get(file_url, headers=headers, stream=True)
         response.raise_for_status()
 
-        # Use BytesIO to handle the content in memory
+        # Use stream=True and read in chunks for large files
+        # For simplicity and potentially smaller files, reading directly into BytesIO is okay,
+        # but less memory efficient for very large files. Keeping BytesIO for now as it matches original.
         file_content = BytesIO(response.content)
 
-        # Send the file using the original filename provided in the URL
         return send_file(
             file_content,
             as_attachment=True,
-            download_name=filename, # Use the passed filename for download
-            mimetype='application/octet-stream'
+            download_name=original_filename,
+            mimetype=item_data.get('mime_type', 'application/octet-stream')
         )
     except requests.exceptions.RequestException as e:
-        logging.error(f"Error downloading file '{filename}' ({file_path}) from HF: {e}")
-        status_code = e.response.status_code if e.response is not None else 'N/A'
-        if status_code == 404:
-             flash(f'Ошибка скачивания: Файл "{filename}" не найден на сервере.')
+        logging.error(f"Error downloading file from HF ({hf_path}): {e}")
+        flash('Ошибка скачивания файла!')
+        # Redirect back
+        if 'admhosto' in request.referrer:
+             try:
+                 admin_username = path_list[0]
+                 return redirect(url_for('admin_user_files', username=admin_username))
+             except IndexError:
+                 return redirect(url_for('admin_panel'))
         else:
-             flash(f'Ошибка скачивания файла "{filename}" (код: {status_code}).')
-        return redirect(request.referrer or url_for('dashboard'))
+             return redirect(url_for('dashboard', path='/'.join(session.get('current_path', []))))
+
     except Exception as e:
-        logging.error(f"Unexpected error during download of '{filename}' ({file_path}): {e}")
-        flash(f'Произошла непредвиденная ошибка при скачивании файла "{filename}".')
-        return redirect(request.referrer or url_for('dashboard'))
+        logging.error(f"Unexpected error during download of {hf_path}: {e}")
+        flash('Произошла непредвиденная ошибка при скачивании файла.')
+        # Redirect back
+        if 'admhosto' in request.referrer:
+             try:
+                 admin_username = path_list[0]
+                 return redirect(url_for('admin_user_files', username=admin_username))
+             except IndexError:
+                 return redirect(url_for('admin_panel'))
+        else:
+             return redirect(url_for('dashboard', path='/'.join(session.get('current_path', []))))
 
 
-@app.route('/delete/<path:file_path>')
-def delete_file(file_path):
+@app.route('/delete/<path:path>')
+def delete_item(path):
     if 'username' not in session:
         flash('Пожалуйста, войдите в систему!')
         return redirect(url_for('login'))
@@ -918,54 +1175,143 @@ def delete_file(file_path):
     data = load_data()
     if username not in data['users']:
         session.pop('username', None)
+        session.pop('current_path', None)
         flash('Пользователь не найден!')
         return redirect(url_for('login'))
 
-    user_files = data['users'][username].get('files', [])
-    file_to_delete = next((file for file in user_files if file['path'] == file_path), None)
+    path_list = [p for p in path.split('/') if p]
+    if not path_list:
+         flash('Неверный путь для удаления!')
+         return redirect(url_for('dashboard', path='/'.join(session.get('current_path', []))))
 
-    if not file_to_delete:
-        flash('Файл не найден!')
-        return redirect(url_for('dashboard'))
+    item_name = path_list[-1]
+    parent_path_list = path_list[:-1]
 
-    if not HF_TOKEN_WRITE:
-        flash('Удаление невозможно: отсутствует токен Hugging Face для записи.')
-        return redirect(url_for('dashboard'))
+    # Check if the item belongs to the current user and is in the current path or a subpath of the current path
+    # For non-admin users, we restrict deletion to items directly within their current view path.
+    # This is simpler than allowing deletion of items anywhere using a path parameter.
+    # Let's enforce that the requested path for deletion MUST match the current session path + item_name
+    current_session_path_list = session.get('current_path', [])
+    expected_path_list = current_session_path_list + [item_name]
+
+    if path_list != expected_path_list:
+         flash('Неверный путь для удаления!') # Attempted to delete item not in current folder view
+         return redirect(url_for('dashboard', path='/'.join(current_session_path_list)))
+
+
+    # Find the item using the path relative to the user's root
+    parent_folder = get_item_at_path(data, username, parent_path_list)
+
+    if not parent_folder or parent_folder.get('_type') != 'folder' or item_name not in parent_folder.get('items', {}):
+        flash('Элемент для удаления не найден!')
+        return redirect(url_for('dashboard', path='/'.join(current_session_path_list)))
+
+    item_data = parent_folder['items'][item_name]
+
+    if item_data.get('_type') == 'folder':
+         flash('Невозможно удалить папку из этого интерфейса. Используйте админ-панель, если вы администратор.')
+         return redirect(url_for('dashboard', path='/'.join(current_session_path_list)))
+
+    # Item is a file, proceed with deletion
+    hf_path_to_delete = item_data.get('path_on_hf')
+
+    if not hf_path_to_delete:
+         flash('Информация о пути файла повреждена. Удаление невозможно.')
+         # Attempt to remove from DB anyway
+         delete_item_at_path(data, username, parent_path_list, item_name)
+         save_data(data)
+         logging.warning(f"Attempted to delete file {item_name} for {username} but hf_path_on_file was missing. Removed from DB.")
+         return redirect(url_for('dashboard', path='/'.join(current_session_path_list)))
 
-    original_name = file_to_delete.get('original_name', 'N/A') # Get original name for message
 
     try:
         api = HfApi()
         api.delete_file(
-            path_in_repo=file_path,
+            path_in_repo=hf_path_to_delete,
             repo_id=REPO_ID,
             repo_type="dataset",
             token=HF_TOKEN_WRITE,
-            commit_message=f"Deleted {file_path} for {username}"
+            commit_message=f"Deleted file {hf_path_to_delete} for {username}"
         )
-        # Update data only after successful deletion from HF
-        data['users'][username]['files'] = [f for f in user_files if f['path'] != file_path]
+        # Remove item from database structure
+        delete_item_at_path(data, username, parent_path_list, item_name)
         save_data(data)
-        flash(f'Файл "{original_name}" успешно удален!')
+        flash('Файл успешно удален!')
+        logging.info(f"User {username} deleted file {hf_path_to_delete}.")
+
     except Exception as e:
-        logging.error(f"Error deleting file {file_path} for {username}: {e}")
-        flash(f'Ошибка удаления файла "{original_name}"!')
+        logging.error(f"Error deleting file {hf_path_to_delete} for user {username}: {e}")
+        flash('Ошибка удаления файла!')
+
+    return redirect(url_for('dashboard', path='/'.join(current_session_path_list)))
 
-    return redirect(url_for('dashboard'))
 
 @app.route('/logout')
 def logout():
     session.pop('username', None)
-    flash('Вы вышли из системы.')
-    # Redirecting to login page handles clearing localStorage via its JS
+    session.pop('current_path', None)
+    flash('Вы успешно вышли из системы.')
     return redirect(url_for('login'))
 
+# --- Admin Panel ---
+ADMIN_PASSWORD = os.getenv("ADMIN_PASSWORD") # Set this environment variable for admin access
+
+@app.route('/admhosto', methods=['GET', 'POST'])
+def admin_panel_login():
+    if 'is_admin' in session:
+        return redirect(url_for('admin_panel_dashboard'))
+
+    if request.method == 'POST':
+        password = request.form.get('password')
+        if ADMIN_PASSWORD and password == ADMIN_PASSWORD:
+            session['is_admin'] = True
+            flash('Вход в админ-панель выполнен.')
+            return redirect(url_for('admin_panel_dashboard'))
+        else:
+            flash('Неверный пароль администратора.')
+            return redirect(url_for('admin_panel_login'))
+
+    html = '''
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Админ-вход - Zeus Cloud</title>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+    <style>''' + BASE_STYLE + '''</style>
+</head>
+<body>
+    <div class="container">
+        <h1>Вход в Админ-панель</h1>
+        {% with messages = get_flashed_messages() %}
+            {% if messages %}
+                {% for message in messages %}
+                    <div class="flash">{{ message }}</div>
+                {% endfor %}
+            {% endif %}
+        {% endwith %}
+        <form method="POST">
+            <input type="password" name="password" placeholder="Пароль администратора" required>
+            <button type="submit" class="btn">Войти</button>
+        </form>
+    </div>
+</body>
+</html>
+'''
+    # If ADMIN_PASSWORD is not set, admin panel is inaccessible (except code path)
+    if not ADMIN_PASSWORD:
+        return "Админ-панель отключена. Не установлен ADMIN_PASSWORD."
+
+    return render_template_string(html)
+
+@app.route('/admhosto/dashboard')
+def admin_panel_dashboard():
+    if 'is_admin' not in session:
+        return redirect(url_for('admin_panel_login'))
 
-@app.route('/admhosto')
-def admin_panel():
-    # Add proper admin authentication here if needed
     data = load_data()
-    users = data.get('users', {})
+    users = data['users']
 
     html = '''
 <!DOCTYPE html>
@@ -975,7 +1321,6 @@ def admin_panel():
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Админ-панель - Zeus Cloud</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
@@ -987,9 +1332,11 @@ def admin_panel():
                 <div class="user-item">
                     <a href="{{ url_for('admin_user_files', username=username) }}">{{ username }}</a>
                     <p>Дата регистрации: {{ user_data.get('created_at', 'N/A') }}</p>
-                    <p>Количество файлов: {{ user_data.get('files', []) | length }}</p>
+                     <!-- Calculate total files by traversing the root structure -->
+                    <p>Количество файлов: {{ admin_get_total_files(user_data.get('root', {})) }}</p>
+                     <!-- Add delete user button -->
                      <form method="POST" action="{{ url_for('admin_delete_user', username=username) }}" style="display: inline; margin-left: 10px;" onsubmit="return confirm('Вы уверены, что хотите удалить пользователя {{ username }} и все его файлы? Это действие необратимо!');">
-                         <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить пользователя</button>
+                         <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить</button>
                      </form>
                 </div>
             {% endfor %}
@@ -1006,21 +1353,72 @@ def admin_panel():
             </div>
           {% endif %}
         {% endwith %}
+         <a href="{{ url_for('admin_logout') }}" class="btn" style="margin-top: 20px;">Выйти из админ-панели</a>
     </div>
+     <script>
+         // Helper function to calculate total files (can also do this server-side)
+         // This is a simplified client-side calculation for display, assumes structure
+         function admin_get_total_files(item) {
+             if (!item || item._type !== 'folder') return 0;
+             let count = 0;
+             for (const key in item.items) {
+                 const subItem = item.items[key];
+                 if (subItem._type === 'file') {
+                     count++;
+                 } else if (subItem._type === 'folder') {
+                     count += admin_get_total_files(subItem);
+                 }
+             }
+             return count;
+         }
+         // Attach the helper to the global window or similar if needed by jinja (not directly needed here)
+         // The calculation needs to happen server-side for the template render.
+    </script>
 </body>
 </html>
 '''
-    return render_template_string(html, users=users)
+    def admin_get_total_files_recursive(item):
+         if not item or item.get('_type') != 'folder': return 0
+         count = 0
+         for key in item.get('items', {}):
+              sub_item = item['items'][key]
+              if sub_item.get('_type') == 'file':
+                   count += 1
+              elif sub_item.get('_type') == 'folder':
+                   count += admin_get_total_files_recursive(sub_item)
+         return count
+
+    return render_template_string(html, users=users, admin_get_total_files=admin_get_total_files_recursive)
+
+@app.route('/admhosto/user/<username>', defaults={'path': ''})
+@app.route('/admhosto/user/<username>/<path:path>')
+def admin_user_files(username, path):
+    if 'is_admin' not in session:
+        return redirect(url_for('admin_panel_login'))
 
-@app.route('/admhosto/user/<username>')
-def admin_user_files(username):
-    # Add proper admin authentication here if needed
     data = load_data()
-    if username not in data.get('users', {}):
+    if username not in data['users']:
         flash('Пользователь не найден!')
-        return redirect(url_for('admin_panel'))
+        return redirect(url_for('admin_panel_dashboard'))
+
+    path_list = [p for p in path.split('/') if p]
+
+    current_folder = get_item_at_path(data, username, path_list)
+
+    if not current_folder or current_folder.get('_type') != 'folder':
+        flash('Папка не найдена!')
+        return redirect(url_for('admin_user_files', username=username)) # Redirect to user's root
+
+    items_in_folder = list_items_at_path(data, username, path_list)
+
+    # Build breadcrumbs for admin view
+    breadcrumbs = [{'name': 'Админ-панель', 'path': url_for('admin_panel_dashboard')},
+                   {'name': username, 'path': url_for('admin_user_files', username=username)}]
+    current_breadcrumb_path = []
+    for segment in path_list:
+        current_breadcrumb_path.append(segment)
+        breadcrumbs.append({'name': segment, 'path': url_for('admin_user_files', username=username, path='/'.join(current_breadcrumb_path))})
 
-    user_files = sorted(data['users'][username].get('files', []), key=lambda x: x.get('upload_date', ''), reverse=True)
 
     html = '''
 <!DOCTYPE html>
@@ -1028,15 +1426,24 @@ def admin_user_files(username):
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Файлы пользователя {{ username }} - Zeus Cloud</title>
+    <title>Файлы пользователя {{ username }} (Админ) - Zeus Cloud</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
     <div class="container">
-        <h1>Файлы пользователя: {{ username }}</h1>
-        <a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 20px; background-color: var(--accent);">Назад к списку пользователей</a>
+        <h1>Файлы пользователя: {{ username }} (Админ)</h1>
+
+        <div class="current-path">
+            {% for breadcrumb in breadcrumbs %}
+                {% if not loop.last %}
+                    <a href="{{ breadcrumb.path }}" class="path-segment">{{ breadcrumb.name }}</a>
+                {% else %}
+                    <span class="path-segment">{{ breadcrumb.name }}</span>
+                {% endif %}
+            {% endfor %}
+        </div>
+
         {% with messages = get_flashed_messages() %}
             {% if messages %}
                 {% for message in messages %}
@@ -1044,196 +1451,308 @@ def admin_user_files(username):
                 {% endfor %}
             {% endif %}
         {% endwith %}
+
         <div class="file-grid">
-            {% for file in user_files %}
-                <div class="file-item">
-                     <p class="filename" title="{{ file.original_name }}">{{ file.original_name }}</p>
-                     {% set file_url = "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path + "?token=" + hf_token_read if hf_token_read else "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path %}
-                     {% if file.type == 'video' %}
-                         <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
-                             <source src="{{ file_url }}" type="video/mp4">
-                         </video>
-                     {% elif file.type == 'image' %}
-                         <img class="file-preview" src="{{ file_url }}" alt="{{ file.original_name }}" loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
-                     {% elif file.type == 'pdf' %}
-                          <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')"><i class="fas fa-file-pdf"></i></div>
-                     {% elif file.type == 'text' %}
-                          <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')"><i class="fas fa-file-alt"></i></div>
-                     {% else %}
-                          <div class="file-preview-icon" onclick="alert('Предпросмотр для этого типа файла не поддерживается.')"><i class="fas fa-file"></i></div>
-                     {% endif %}
-                     <p style="font-size: 0.8em; color: #666;">{{ file.get('upload_date', 'N/A') }}</p>
-                     <a href="{{ url_for('download_file', file_path=file.path, filename=file.original_name) }}" class="btn download-btn">Скачать</a>
-                     <form method="POST" action="{{ url_for('admin_delete_file', username=username, file_path=file.path) }}" style="display: inline;" onsubmit="return confirm('Вы уверены, что хотите удалить файл \'{{ file.original_name }}\'?');">
-                           <button type="submit" class="btn delete-btn" style="padding: 10px 15px; font-size: 0.9em;">Удалить</button>
-                     </form>
-                </div>
+            {% for name, item in items_in_folder %}
+                {% if item._type == 'folder' %}
+                    <div class="folder-item" onclick="window.location.href='{{ url_for('admin_user_files', username=username, path=(path_list|join('/') + '/' + name) if path_list else name) }}'">
+                        <div class="folder-icon"></div>
+                        <p class="file-name">{{ name }}</p>
+                         <div class="file-actions">
+                             <form method="POST" action="{{ url_for('admin_delete_item', username=username, path=(path_list|join('/') + '/' + name) if path_list else name) }}" style="display: inline;" onsubmit="return confirm('Вы уверены, что хотите удалить папку "{{ name }}" и все ее содержимое?');">
+                                 <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить папку</button>
+                             </form>
+                         </div>
+                    </div>
+                {% elif item._type == 'file' %}
+                    <div class="file-item">
+                        <p class="file-name">{{ item.original_name }}</p>
+                         {% if item.mime_type and item.mime_type.startswith('image/') %}
+                             <img class="file-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}" alt="{{ item.original_name }}" loading="lazy" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">
+                        {% elif item.mime_type and item.mime_type.startswith('video/') %}
+                             <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">
+                                 <source src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}" type="{{ item.mime_type }}">
+                             </video>
+                        {% elif item.mime_type == 'application/pdf' %}
+                             <p style="font-size: 3em; margin-bottom: 10px;">📄</p> <!-- PDF icon -->
+                             <button class="btn download-btn" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">Просмотр PDF</button>
+                        {% elif item.mime_type == 'text/plain' %}
+                             <p style="font-size: 3em; margin-bottom: 10px;">📃</p> <!-- Text icon -->
+                             <button class="btn download-btn" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.path_on_hf }}', '{{ item.mime_type }}')">Просмотр TXT</button>
+                        {% else %}
+                             <p style="font-size: 3em; margin-bottom: 10px;">📦</p> <!-- Default icon -->
+                        {% endif %}
+
+                        <p>Загружен: {{ item.get('upload_date', 'N/A') }}</p>
+                         <div class="file-actions">
+                             <!-- Admin download uses the same logic, pass the full path -->
+                             <a href="{{ url_for('download_item', path=(path_list|join('/') + '/' + name) if path_list else name) }}" class="btn download-btn">Скачать</a>
+                             <form method="POST" action="{{ url_for('admin_delete_item', username=username, path=(path_list|join('/') + '/' + name) if path_list else name) }}" style="display: inline; margin-left: 5px;" onsubmit="return confirm('Вы уверены, что хотите удалить этот файл?');">
+                                  <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить файл</button>
+                             </form>
+                         </div>
+                    </div>
+                {% endif %}
             {% endfor %}
-            {% if not user_files %}
-                <p>У этого пользователя пока нет файлов.</p>
+            {% if not items_in_folder %}
+                <p>Эта папка пуста.</p>
             {% endif %}
         </div>
-
+        <a href="{{ url_for('admin_panel_dashboard') }}" class="btn" style="margin-top: 20px;">Назад к списку пользователей</a>
     </div>
-    <div class="modal" id="mediaModal" onclick="closeModal(event)">
-         <div class="modal-content" id="modalContent"></div>
+     <div class="modal" id="mediaModal" onclick="closeModal(event)">
+        <div id="modalContent"></div>
     </div>
      <script>
-        const HF_TOKEN_READ = "{{ hf_token_read or '' }}";
+        const HF_TOKEN_READ = "{{ HF_TOKEN_READ }}";
 
-        function openModal(src, fileType) {
+        function openModal(src, mimeType) {
             const modal = document.getElementById('mediaModal');
             const modalContent = document.getElementById('modalContent');
-            modalContent.innerHTML = ''; // Clear previous content
-
-            let finalSrc = src;
-             if (HF_TOKEN_READ && src.indexOf('token=') === -1) {
-                 finalSrc += (src.indexOf('?') === -1 ? '?' : '&') + 'token=' + HF_TOKEN_READ;
-             }
+            modalContent.innerHTML = '';
+
+            let contentHtml = '';
+            const tokenParam = HF_TOKEN_READ ? `?token=${HF_TOKEN_READ}` : "";
+            const finalSrc = src + tokenParam;
+
+            if (mimeType.startsWith('image/')) {
+                contentHtml = `<img src="${finalSrc}">`;
+            } else if (mimeType.startsWith('video/')) {
+                 const videoSrc = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
+                contentHtml = `<video controls autoplay><source src="${videoSrc}" type="${mimeType}"></video>`;
+            } else if (mimeType === 'application/pdf') {
+                 const pdfSrc = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
+                contentHtml = `<iframe src="${pdfSrc}" type="${mimeType}" allowfullscreen webkitallowfullscreen></iframe>`;
+            } else if (mimeType === 'text/plain') {
+                 const textSrc = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
+                 contentHtml = `<iframe src="${textSrc}" type="${mimeType}"></iframe>`;
+            } else {
+                alert('Предпросмотр для этого типа файла недоступен. Файл будет скачан.');
+                window.open(src, '_blank');
+                return;
+            }
 
-             if (fileType === 'video') {
-                 modalContent.innerHTML = `<video controls autoplay><source src="${finalSrc}" type="video/mp4"></video>`;
-             } else if (fileType === 'image') {
-                 modalContent.innerHTML = `<img src="${finalSrc}">`;
-             } else if (fileType === 'pdf' || fileType === 'text') {
-                  modalContent.innerHTML = `<iframe src="${finalSrc}"></iframe>`;
-             } else {
-                  alert('Предпросмотр для этого типа файла не поддерживается.');
-                  return;
-             }
-             modal.style.display = 'flex';
+            modalContent.innerHTML = contentHtml;
+            modal.style.display = 'flex';
         }
 
          function closeModal(event) {
             const modal = document.getElementById('mediaModal');
-             if (event.target === modal) {
+             const modalContent = document.getElementById('modalContent');
+             if (modal.style.display === 'flex' && !modalContent.contains(event.target)) {
                  modal.style.display = 'none';
                  const video = modal.querySelector('video');
-                 if (video) { video.pause(); video.src=''; }
-                 const iframe = modal.querySelector('iframe');
-                 if (iframe) { iframe.src = 'about:blank'; }
-                 document.getElementById('modalContent').innerHTML = '';
+                 if (video) {
+                    video.pause();
+                 }
+                 modalContent.innerHTML = '';
             }
         }
+
+        document.addEventListener('keydown', function(event) {
+             const modal = document.getElementById('mediaModal');
+             if (event.key === 'Escape' && modal.style.display === 'flex') {
+                 closeModal({ target: modal });
+             }
+         });
+
+          document.getElementById('modalContent').addEventListener('click', function(event) {
+               event.stopPropagation();
+          });
+
     </script>
 </body>
 </html>
 '''
-    return render_template_string(html, username=username, user_files=user_files, repo_id=REPO_ID, hf_token_read=HF_TOKEN_READ)
+    # Pass path_list to the template for constructing URLs
+    return render_template_string(html, username=username, items_in_folder=items_in_folder, repo_id=REPO_ID, path_list=path_list, breadcrumbs=breadcrumbs, HF_TOKEN_READ=HF_TOKEN_READ)
 
 
 @app.route('/admhosto/delete_user/<username>', methods=['POST'])
 def admin_delete_user(username):
-    # Add proper admin authentication here
-    if not HF_TOKEN_WRITE:
-        flash('Удаление невозможно: отсутствует токен Hugging Face для записи.')
-        return redirect(url_for('admin_panel'))
+    if 'is_admin' not in session:
+        return redirect(url_for('admin_panel_login'))
 
     data = load_data()
-    if username not in data.get('users', {}):
+    if username not in data['users']:
         flash('Пользователь не найден!')
-        return redirect(url_for('admin_panel'))
-
-    user_folder_path = f"cloud_files/{username}"
-    logging.info(f"Admin attempting to delete user '{username}' and folder '{user_folder_path}'")
+        return redirect(url_for('admin_panel_dashboard'))
 
     try:
         api = HfApi()
-        # Attempt to delete the entire user folder from Hugging Face Hub
-        api.delete_folder(
-            folder_path=user_folder_path,
-            repo_id=REPO_ID,
-            repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"Admin deleted folder {user_folder_path} for user {username}",
-            ignore_patterns=None # Ensure all files are targeted
-        )
-        logging.info(f"Successfully deleted folder '{user_folder_path}' from HF Hub for user {username}.")
+        # Delete the user's root folder on HF Hub, which recursively deletes contents
+        hf_user_folder_path = f"cloud_files/{username}"
+        try:
+            api.delete_folder(
+                folder_path=hf_user_folder_path,
+                repo_id=REPO_ID,
+                repo_type="dataset",
+                token=HF_TOKEN_WRITE,
+                commit_message=f"Admin deleted user {username} and their folder"
+            )
+            logging.info(f"Admin successfully deleted HF folder {hf_user_folder_path}")
+        except Exception as e:
+             # Handle cases where the folder might not exist or is already empty
+             logging.warning(f"Failed to delete HF folder {hf_user_folder_path} for user {username} during user deletion (might be empty or already deleted): {e}")
+             # Continue to delete from DB
+
+        # Delete user from the database
+        del data['users'][username]
+        save_data(data)
+        flash(f'Пользователь "{username}" и его файлы успешно удалены!')
+        logging.info(f"Admin deleted user {username}.")
 
     except Exception as e:
-        # Log error if folder deletion fails, but proceed to delete user from DB
-        # This handles cases where the folder might be empty or already partially deleted
-        logging.error(f"Error deleting folder '{user_folder_path}' from HF Hub for user {username}: {e}. Proceeding to delete user from database.")
-        # Optionally, could iterate and delete files individually here as a fallback
+        logging.error(f"Error deleting user {username}: {e}")
+        flash(f'Ошибка при удалении пользователя "{username}"!')
+
+    return redirect(url_for('admin_panel_dashboard'))
+
+
+@app.route('/admhosto/delete_item/<username>/<path:path>', methods=['POST'])
+def admin_delete_item(username, path):
+    if 'is_admin' not in session:
+        return redirect(url_for('admin_panel_login'))
+
+    data = load_data()
+    if username not in data['users']:
+        flash('Пользователь не найден!')
+        return redirect(url_for('admin_panel_dashboard'))
+
+    path_list = [p for p in path.split('/') if p]
+    if not path_list:
+         flash('Неверный путь для удаления элемента!')
+         return redirect(url_for('admin_user_files', username=username))
+
+    item_name = path_list[-1]
+    parent_path_list = path_list[:-1]
+
+    # Find the item using the path relative to the user's root
+    parent_folder = get_item_at_path(data, username, parent_path_list)
+
+    if not parent_folder or parent_folder.get('_type') != 'folder' or item_name not in parent_folder.get('items', {}):
+        flash('Элемент для удаления не найден в базе данных пользователя!')
+        # We proceed to try deleting from HF anyway in case of DB/HF mismatch
+        logging.warning(f"Item {path} not found in DB for user {username}, attempting HF deletion.")
+        item_type = None # We don't know the type if not in DB
+        hf_path_on_item = None
+    else:
+        item_data = parent_folder['items'][item_name]
+        item_type = item_data.get('_type')
+        hf_path_on_item = item_data.get('path_on_hf')
+
 
     try:
-        # Delete the user from the local data structure
-        del data['users'][username]
-        save_data(data)
-        flash(f'Пользователь {username} и его файлы (попытка удаления с сервера) успешно удалены из базы данных!')
-        logging.info(f"Admin successfully deleted user {username} from the database.")
+        api = HfApi()
+        if item_type == 'folder':
+            # Delete folder recursively on HF Hub
+            hf_folder_path = get_hf_storage_path(username, path_list, "") # Get path up to folder name
+            hf_folder_path = hf_folder_path.rstrip('/') # Ensure no trailing slash if path_list was empty
+            if not hf_folder_path.startswith(f"cloud_files/{username}"):
+                 # Sanity check to prevent deleting outside user's directory
+                 raise ValueError(f"Invalid HF folder path attempted: {hf_folder_path}")
+
+            try:
+                api.delete_folder(
+                    folder_path=hf_folder_path,
+                    repo_id=REPO_ID,
+                    repo_type="dataset",
+                    token=HF_TOKEN_WRITE,
+                    commit_message=f"Admin deleted folder {path} for user {username}"
+                )
+                logging.info(f"Admin successfully deleted HF folder {hf_folder_path}")
+            except Exception as e:
+                 logging.warning(f"Failed to delete HF folder {hf_folder_path} for user {username} during admin item deletion (might be empty or already deleted): {e}")
+                 # Continue to delete from DB
+
+            # Remove folder from database structure (recursive)
+            deleted_item_db = delete_item_at_path(data, username, parent_path_list, item_name)
+            if deleted_item_db:
+                 save_data(data)
+                 flash(f'Папка "{item_name}" и ее содержимое успешно удалены!')
+                 logging.info(f"Admin deleted folder {path} for user {username} from DB.")
+            else:
+                 flash(f'Папка "{item_name}" не найдена в базе данных, но удаление на HF Hub было выполнено (если существовала).')
+
+
+        elif item_type == 'file' and hf_path_on_item:
+            # Delete file on HF Hub
+            api.delete_file(
+                path_in_repo=hf_path_on_item,
+                repo_id=REPO_ID,
+                repo_type="dataset",
+                token=HF_TOKEN_WRITE,
+                commit_message=f"Admin deleted file {path} for user {username}"
+            )
+            # Remove file from database structure
+            deleted_item_db = delete_item_at_path(data, username, parent_path_list, item_name)
+            if deleted_item_db:
+                save_data(data)
+                flash(f'Файл "{item_name}" успешно удален!')
+                logging.info(f"Admin deleted file {path} for user {username} from DB.")
+            else:
+                 # This case is unlikely if item_type was 'file' and hf_path_on_item existed
+                 flash(f'Файл "{item_name}" не найден в базе данных, но удален на HF Hub.')
+
+        elif item_type is None:
+            # Item wasn't found in DB, attempt HF deletion based on potential HF path pattern
+            # If it was a file, its HF path should be cloud_files/username/path/item_name (with unique prefix)
+            # If it was a folder, its HF path is cloud_files/username/path/item_name
+            # We don't know the unique prefix here, so we can only *reliably* delete folders by path name if not in DB.
+            # Deleting a file by original name + path without unique prefix is not safe/possible.
+            # Let's assume if item wasn't in DB and delete was attempted, it was likely a folder path issue or
+            # a file that needs cleanup on HF. Attempting folder delete might clean up residual files too.
+            hf_potential_folder_path = get_hf_storage_path(username, path_list, "")
+            hf_potential_folder_path = hf_potential_folder_path.rstrip('/')
+            try:
+                 api.delete_folder(
+                    folder_path=hf_potential_folder_path,
+                    repo_id=REPO_ID,
+                    repo_type="dataset",
+                    token=HF_TOKEN_WRITE,
+                    commit_message=f"Admin attempted cleanup delete for {path} for user {username}"
+                 )
+                 flash(f'Элемент "{item_name}" не найден в базе данных, но попытка удаления на HF Hub выполнена.')
+                 logging.warning(f"Admin attempted cleanup delete for {path} for user {username} on HF {hf_potential_folder_path}.")
+            except Exception as e:
+                 logging.error(f"Admin cleanup delete failed for {path} on HF {hf_potential_folder_path}: {e}")
+                 flash(f'Ошибка удаления элемента "{item_name}" на HF Hub (не найден в базе данных)!')
+
+
+        else: # item_type is file but hf_path_on_item was None, or other unexpected type
+             flash(f'Неизвестный тип элемента "{item_name}" или поврежденные данные.')
 
-    except Exception as e:
-        logging.error(f"Error deleting user {username} from database after attempting HF deletion: {e}")
-        flash(f'Ошибка при удалении пользователя {username} из базы данных!')
-
-    return redirect(url_for('admin_panel'))
-
-
-@app.route('/admhosto/delete_file/<username>/<path:file_path>', methods=['POST'])
-def admin_delete_file(username, file_path):
-     # Add proper admin authentication here
-     if not HF_TOKEN_WRITE:
-        flash('Удаление невозможно: отсутствует токен Hugging Face для записи.')
-        return redirect(url_for('admin_user_files', username=username))
-
-     data = load_data()
-     if username not in data.get('users', {}):
-         flash('Пользователь не найден!')
-         return redirect(url_for('admin_panel'))
-
-     user_files = data['users'][username].get('files', [])
-     file_to_delete = next((f for f in user_files if f['path'] == file_path), None)
-     original_name = file_to_delete.get('original_name', file_path) if file_to_delete else file_path
-
-     logging.info(f"Admin attempting to delete file '{file_path}' for user '{username}'")
-
-     try:
-         api = HfApi()
-         api.delete_file(
-             path_in_repo=file_path,
-             repo_id=REPO_ID,
-             repo_type="dataset",
-             token=HF_TOKEN_WRITE,
-             commit_message=f"Admin deleted file {file_path} for user {username}"
-         )
-         logging.info(f"Successfully deleted file {file_path} from HF Hub.")
-
-         # Update the database only if the file was found there
-         if file_to_delete:
-             data['users'][username]['files'] = [f for f in user_files if f['path'] != file_path]
-             save_data(data)
-             logging.info(f"Removed file {file_path} from database for user {username}.")
-         else:
-              logging.warning(f"File {file_path} deleted from HF Hub by admin, but was not found in user {username}'s database list.")
 
-         flash(f'Файл "{original_name}" успешно удален!')
+    except Exception as e:
+        logging.error(f"Error deleting item {path} by admin for user {username}: {e}")
+        flash(f'Произошла ошибка при удалении элемента "{item_name}"!')
 
-     except Exception as e:
-         logging.error(f"Error deleting file {file_path} from HF Hub by admin: {e}")
-         # Check if error is 'not found' - maybe already deleted?
-         flash(f'Ошибка удаления файла "{original_name}"!')
+    # Redirect back to the parent folder view in the admin panel
+    parent_url_path = '/'.join(parent_path_list)
+    return redirect(url_for('admin_user_files', username=username, path=parent_url_path))
 
-     return redirect(url_for('admin_user_files', username=username))
+@app.route('/admhosto/logout')
+def admin_logout():
+    session.pop('is_admin', None)
+    flash('Вы вышли из админ-панели.')
+    return redirect(url_for('admin_panel_login'))
 
 
 if __name__ == '__main__':
     if not HF_TOKEN_WRITE:
-        logging.warning("!!! HF_TOKEN (write access) is NOT set. File uploads, deletions, and backups WILL FAIL.")
+        logging.warning("HF_TOKEN_WRITE (for database uploads/writes) is not set. Database changes and file uploads/deletions will fail.")
     if not HF_TOKEN_READ:
-        logging.warning("!!! HF_TOKEN_READ is NOT set. Falling back to HF_TOKEN if available. File downloads/previews might fail for private repos if no read token is present.")
-
-    if not os.path.exists(DATA_FILE):
-         logging.info(f"{DATA_FILE} not found, attempting initial download...")
-         download_db_from_hf() # Try to download on startup if missing
+        logging.warning("HF_TOKEN_READ (for database downloads/file previews/downloads) is not set. Falling back to HF_TOKEN_WRITE. File downloads/previews might fail for private repos if no token has read access.")
+    if not os.getenv("HF_REPO_ID"):
+         logging.warning("HF_REPO_ID is not set. Defaulting to 'Eluza133/Z1e1u'.")
+    if not os.getenv("FLASK_SECRET_KEY"):
+         logging.warning("FLASK_SECRET_KEY is not set. Using default key. This is insecure for production.")
+    if not ADMIN_PASSWORD:
+        logging.warning("ADMIN_PASSWORD is not set. Admin panel is disabled/inaccessible.")
 
     if HF_TOKEN_WRITE:
-        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
-        backup_thread.start()
-        logging.info("Periodic backup thread started.")
+        threading.Thread(target=periodic_backup, daemon=True).start()
     else:
-        logging.warning("Periodic backup thread NOT started because HF_TOKEN_WRITE is not set.")
-
-    app.run(debug=False, host='0.0.0.0', port=7860)
+        logging.warning("Periodic backup disabled because HF_TOKEN_WRITE is not set.")
 
-# --- END OF FILE app (8).py ---
\ No newline at end of file
+    app.run(debug=False, host='0.0.0.0', port=7860)
\ No newline at end of file