diff --git a/app/lib/App/Core/AccessControl.php b/app/lib/App/Core/AccessControl.php
index 761ea04..e3a0268 100644
--- a/app/lib/App/Core/AccessControl.php
+++ b/app/lib/App/Core/AccessControl.php
@@ -23,7 +23,7 @@ class AccessControl
             // routes that need power level 1 and up
             [
                 "routes" => [
-                    "race/"
+                    "race/*"
                 ],
                 "catcher" => [
                     "name" => "page",
@@ -33,7 +33,7 @@ class AccessControl
             // routes that dont need any auth
             [
                 "routes" => [
-                    ""
+                    "*"
                 ],
                 "catcher" => [
                     "name" => "nothing",
@@ -46,6 +46,7 @@ class AccessControl
             strlen($this->app->config["root_url"])
         );
 
+        // TODO: add error handling
         foreach ($this->acl as $key => $value)
         {
             $routes  = $value["routes"];
@@ -53,16 +54,24 @@ class AccessControl
 
             foreach ($routes as $key => $value)
             {
-                // check if string starts with
-                if (strncmp($this->currentPage, $value, strlen($value)) !== 0)
+                // if the end of the route is an asterisk we match everything after it
+                if ($value[-1] == '*')
                 {
-                    continue;
+                    // remove asterisk
+                    $value = substr($value, 0, -1);
+                    // check if string starts with
+                    if (strncmp($this->currentPage, $value, strlen($value)) !== 0)
+                    {
+                        continue;
+                    }
+                } else {
+                    // end is not an asterisk, match full string
+                    if ($value !== $this->currentPage)
+                    {
+                        continue;
+                    }
                 }
-                #if ($value !== $this->currentPage)
-                #{
-                #    continue;
-                #}
- 
+
                 if (isset($catcher["args"]))
                 {
                     call_user_func([$this, $catcher["name"]], $catcher["args"]);
@@ -79,10 +88,8 @@ class AccessControl
 
     private function page(int $powerLevel): void
     {
-        if ($this->app->user->loggedIn && $this->app->user->powerLevel >= $powerLevel)
+        if (!$this->app->user->loggedIn || !($this->app->user->powerLevel >= $powerLevel))
         {
-            # code...
-        } else {
             http_response_code(401);
             $this->app->view("template/header", ["title" => "Ingen tilgang!"]);
             $this->app->view("App/Core/AccessControl/unauthorized");
diff --git a/app/view/App/Core/AccessControl/unauthorized.php b/app/view/App/Core/AccessControl/unauthorized.php
index e82ca86..fee46d5 100644
--- a/app/view/App/Core/AccessControl/unauthorized.php
+++ b/app/view/App/Core/AccessControl/unauthorized.php
@@ -1,2 +1,2 @@
 <h1>Ingen tilgang!</h1>
-<p>Du har ikke tilstrekkelig tillatelse til å se denne siden.</p>
\ No newline at end of file
+<p>Du har ikke tilstrekkelige tillatelser til å se denne siden.</p>
\ No newline at end of file