diff --git a/Controller/NotesController.php b/Controller/NotesController.php
index cc53f2d..1017e56 100644
--- a/Controller/NotesController.php
+++ b/Controller/NotesController.php
@@ -101,4 +101,39 @@ class NotesController
         header("Location: ?controller=Notes&page=showNotes&do=showNotes");
         exit();
     }
+
+    public function fileManager() 
+    {
+        # Redirect zum Login wenn kein User eingeloggt ist
+        if(!Isset($_SESSION['role'])) 
+        {
+            header("Location: ?controller=User&do=showUserLoginForm");
+        }
+        # Redirect zum Welcome wenn kein User kein Admin ist
+        if(!Isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') 
+        {
+            header("Location: ?controller=Welcome&do=showWelcome");
+        }
+    
+        $sortBy = $_GET['sort_by'] ?? 'uploaded_at';
+        $sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC');
+        $isAdmin = $_SESSION['role'] === 'admin';
+        $userid = $_SESSION['user_id'];
+
+        $files = $this->notesModel->selectFiles($userid, true);
+        $this->view->setVars([
+            "files" => $files
+        ]);
+    }
+    
+    public function deleteFile() 
+    {
+        if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['file_id'])) {
+            $fileId = $_POST['file_id'];
+            $this->notesModel->deleteFile($fileId, $_SESSION['user_id']);
+        }
+        
+        header("Location: ?controller=Notes&do=fileManager");
+        exit();
+    }
 }
\ No newline at end of file
diff --git a/Model/NotesModel.php b/Model/NotesModel.php
index 82fb70e..75eb263 100644
--- a/Model/NotesModel.php
+++ b/Model/NotesModel.php
@@ -43,6 +43,37 @@ class NotesModel extends Database
             return false;
         }
     }
+    public function selectFiles($userid, $isAdmin = false, $sortBy = 'updated_at', $sortOrder = 'DESC')
+    {
+        $pdo = $this->linkDB();
+        $erg = array();
+
+        // Whitelist of allowed sort columns
+        $allowedSortColumns = ['id', 'original_filename', 'stored_filename', 'note_id', 'owner_username', 'uploaded_at', 'file_size'];
+        $allowedSortOrders = ['ASC', 'DESC'];
+        
+        $sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'uploaded_at';
+        $sortOrder = in_array(strtoupper($sortOrder), $allowedSortOrders) ? strtoupper($sortOrder) : 'DESC';
+        
+        try {
+            if ($isAdmin) {
+                $sql = "SELECT f.*, n.title AS note_title, u.username AS owner_username 
+                    FROM files f 
+                    JOIN notes n ON f.note_id = n.id 
+                    JOIN users u ON n.user_id = u.id 
+                    ORDER BY {$sortBy} {$sortOrder}";
+                $stmt = $pdo->prepare($sql);
+                $stmt->execute();
+            }
+            
+            $erg = $stmt->fetchAll(\PDO::FETCH_ASSOC);
+            return $erg;
+            
+        } catch (PDOException $e) {
+            error_log("Database Error in selectFiles: " . $e->getMessage());
+            return false;
+        }
+    }
 
     function getNoteById($noteId) {
         $pdo = $this->linkDB();
@@ -222,4 +253,38 @@ class NotesModel extends Database
         }
         return ['success' => true, 'message' => 'Files uploaded successfully.', 'fileNames' => $uploadedFileNames];
     }
+
+    public function deleteFile($fileId, $userId) {
+        $pdo = $this->linkDB();
+        if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
+        try {
+            // Delete the local file
+            $stmt = $pdo->prepare("SELECT stored_filename FROM files WHERE id = ?");
+            $stmt->execute([$fileId]);
+            $file = $stmt->fetch();
+            if ($file) {
+                $filePath = $_SERVER['DOCUMENT_ROOT'] . '/EIANotesApp/Uploads/' . $file['stored_filename'];
+                if (file_exists($filePath)) {
+                    unlink($filePath);
+                }
+            }
+            
+            if ($this->isAdmin()) { // Admin can delete any file
+                $stmt = $pdo->prepare("DELETE FROM files WHERE id = ?");
+                $params = [$fileId];
+            } else { // User can only delete their own files
+                $stmt = $pdo->prepare("DELETE FROM files WHERE id = ? AND note_id IN (SELECT id FROM notes WHERE user_id = ?)");
+                $params = [$fileId, $userId];
+            }
+            $stmt->execute($params);
+
+            if ($stmt->rowCount() > 0) {
+                return ['success' => true, 'message' => 'File deleted successfully.'];
+            }
+            return ['success' => false, 'message' => 'File not found or permission denied.'];
+        } catch (PDOException $e) {
+            error_log("Delete File Error: " . $e->getMessage());
+            return ['success' => false, 'message' => 'Failed to delete file.'];
+        }
+    }
 }
\ No newline at end of file
diff --git a/Views/Notes/fileManager.phtml b/Views/Notes/fileManager.phtml
new file mode 100644
index 0000000..a645b6c
--- /dev/null
+++ b/Views/Notes/fileManager.phtml
@@ -0,0 +1,64 @@
+<?php include dirname(__DIR__).'/header.phtml'; ?>
+
+<div class="container">
+<?php
+    function isLoggedIn() {
+        return isset($_SESSION['user_id']);
+    }
+    
+    function isAdmin() {
+        return isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
+    }
+    
+    function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
+        return htmlspecialchars((string)$data, $flags, $encoding);
+    }
+    
+    $sortBy = $_GET['sort_by'] ?? 'uploaded_at';
+    $sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC'); // Ensure uppercase for comparison
+    ?>
+    <div class="page-header">
+        <h2>All Users' Files</h2>
+    </div>
+
+    <?php if (isset($errmsg)): ?>
+    <label class="error-message"><?php echo $errmsg; ?></label>
+    <?php endif; ?>
+    
+    <table class="notes-table">
+        <thead>
+            <tr>
+                <th data-sort="id">File ID <span class="sort-icon"><?php if($sortBy === 'id') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
+                <th data-sort="original_filename">Original File Name <span class="sort-icon"><?php if($sortBy === 'original_filename') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
+                <th data-sort="stored_filename">Stored File Name <span class="sort-icon"><?php if($sortBy === 'stored_filename') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
+                <th data-sort="note_id">Note ID <span class="sort-icon"><?php if($sortBy === 'note_id') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
+                <th data-sort="owner_username">Owner <span class="sort-icon"><?php if($sortBy === 'owner_username') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
+                <th data-sort="uploaded_at">Uploaded At <span class="sort-icon"><?php if($sortBy === 'uploaded_at') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
+                <th data-sort="file_size">File Size <span class="sort-icon"><?php if($sortBy === 'file_size') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
+                <th>Actions</th>
+            </tr>
+        </thead>
+        <tbody>
+            <?php foreach ($files as $file): ?>
+                <tr>
+                    <td><?php echo sanitize($file['id']); ?></td>
+                    <td><a href="/EIANotesApp/Uploads/<?php echo $file['stored_filename']; ?>" download target="_blank"><?php echo sanitize($file['original_filename']); ?></a></td>
+                    <td><?php echo sanitize($file['stored_filename']); ?></td>
+                    <td><?php echo sanitize($file['note_id']); ?></td>
+                    <td><?php echo sanitize($file['owner_username']); ?></td>
+                    <td><?php echo date("d.m.Y H:i", strtotime($file['uploaded_at'])); ?></td>
+                    <td><?php echo round(sanitize($file['file_size']) / 1024, 2) . ' KB'; ?></td>
+                    <td class="actions-cell">
+                        <form method="POST" action="?controller=Notes&do=deleteFile" onsubmit="return confirm('Are you sure you want to delete this file?');" style="display: inline;">
+                            <input type="hidden" name="file_id" value="<?php echo $file['id']; ?>">
+                            <button type="submit" class="button danger">Delete</button>
+                            <input type="hidden" name="controller" value="Notes">
+                            <input type="hidden" name="do" value="deleteFile">
+                        </form>
+                    </td>
+                </tr>
+            <?php endforeach; ?>
+        </tbody>
+    </table>
+   
+<?php include dirname(__DIR__).'/footer.phtml'; ?>
\ No newline at end of file
diff --git a/Views/header.phtml b/Views/header.phtml
index 3b57e52..bbd512b 100644
--- a/Views/header.phtml
+++ b/Views/header.phtml
@@ -16,6 +16,9 @@
                 <ul>
                     <li><a href="?controller=Welcome&do=showWelcome">Welcome!</a></li>
                     <li><a href="?controller=Notes&do=showNotes">Notes</a></li>
+                    <?php if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin'): ?>
+                        <li><a href="?controller=Notes&do=fileManager">File Manager</a></li>
+                    <?php endif; ?>
                 </ul>
             </nav>
 
@@ -25,7 +28,6 @@
                     <form id="logout-form" method="POST" style="display: inline;">
                          <a class="icon-button" href="?controller=User&do=logoutUser">→</a>
                     </form>
-                    <!-- <button class="icon-button" title="More options">⋮</button> -->
                 </div>
             <?php else: ?>
                 <div class="user-info">