diff --git a/src/controllers/admin_auth.controller.js b/src/controllers/admin_auth.controller.js
index 179b5ff..41448a0 100644
--- a/src/controllers/admin_auth.controller.js
+++ b/src/controllers/admin_auth.controller.js
@@ -62,6 +62,7 @@ async function getUserDetails(req, res) {
     res.status(500).json({ error: 'invalid CIF number' });
   }
 }
+
 async function getUserRights(req, res) {
   const { CIF } = req.query;
   if (!CIF) {
@@ -71,13 +72,13 @@ async function getUserRights(req, res) {
   }
   const userDetails = await adminAuthService.getCustomerDetailsFromDB(CIF);
   if (!userDetails)
-    return res.status(401).json({ error: 'invalid CIF number or No rights is present for the user.' });
+    return res.status(404).json({ error: 'invalid CIF number or No rights is present for the user.' });
   return res.json(userDetails);
 }
 
 async function UserRights(req, res) {
   try {
-    const { CIF, ib_access_level, mb_access_level } = req.body;
+    const { CIF, ib_access_level, mb_access_level, ib_limit, mb_limit } = req.body;
 
     if (!CIF) {
       return res.status(400).json({ error: 'CIF number is required' });
@@ -93,23 +94,26 @@ async function UserRights(req, res) {
       if (FirstTimeLogin && dayjs(currentTime).diff(dayjs(user.created_at), 'day') > 8) {
         // Password expired, resend
         await db.query(
-          'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 WHERE customer_no=$1',
-          [CIF, password, ib_access_level, mb_access_level, currentTime]
+          'UPDATE users SET password_hash=$2, updated_at=$5, ib_access_level=$3, mb_access_level=$4 ,inb_limit_amount=$6,mobile_limit_amount=$7 WHERE customer_no=$1',
+          [CIF, password, ib_access_level, mb_access_level, currentTime, ib_limit, mb_limit]
         );
+        logger.info("Admin sended the OTP");
         return res.json({ otp: first_time_pass });
       }
       // Just update access levels and timestamp
       await db.query(
-        'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 WHERE customer_no=$1',
-        [CIF, ib_access_level, mb_access_level, currentTime]
+        'UPDATE users SET updated_at=$4, ib_access_level=$2, mb_access_level=$3 ,inb_limit_amount=$5,mobile_limit_amount=$6 WHERE customer_no=$1',
+        [CIF, ib_access_level, mb_access_level, currentTime, ib_limit, mb_limit]
       );
+      logger.info("Admin Updated the user.");
       return res.json({ message: "User updated successfully." });
     } else {
       // User does not exist, insert
       await db.query(
-        'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level) VALUES ($1, $2, $3, $4)',
-        [CIF, password, ib_access_level, mb_access_level]
+        'INSERT INTO users (customer_no, password_hash, ib_access_level, mb_access_level ,inb_limit_amount,mobile_limit_amount) VALUES ($1, $2, $3, $4 ,$5 ,$6)',
+        [CIF, password, ib_access_level, mb_access_level, ib_limit, mb_limit]
       );
+      logger.info("New user enroll by admin.");
       return res.json({ otp: first_time_pass });
     }
   } catch (err) {
@@ -119,4 +123,30 @@ async function UserRights(req, res) {
   }
 }
 
-module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights };
+async function handleUnlockUser(req, res) {
+  try {
+    const { user, action } = req.body;
+    const adminUserName = req.admin;
+    if (!user) {
+      return res.status(400).json({ error: "CIF or username is required" });
+    }
+    const userDetails = await adminAuthService.getCustomerDetailsFromDB(user);
+    if (!userDetails) {
+      return res
+        .status(404)
+        .json({ error: "Invalid CIF number or username" });
+    }
+    await adminAuthService.updateUserLockStatus(user, action,adminUserName);
+    const statusText = action ? "locked" : "unlocked";
+    logger.info(`User ${user} has been successfully ${statusText}.`);
+
+    return res.json({
+      message: `User ${user} has been successfully ${statusText}.`,
+    });
+  } catch (error) {
+    console.error("Unlock user error:", error);
+    return res.status(500).json({ error: "Internal server error" });
+  }
+}
+
+module.exports = { login, fetchAdminDetails, getUserDetails, UserRights, getUserRights, handleUnlockUser };
diff --git a/src/controllers/otp.controller.js b/src/controllers/otp.controller.js
index 88ceb5d..1c27e3b 100644
--- a/src/controllers/otp.controller.js
+++ b/src/controllers/otp.controller.js
@@ -152,15 +152,18 @@ async function VerifyOtp(req, res) {
 
   try {
     const storedOtp = await getJson(`otp:${mobileNumber}`);
+    logger.info("OTP is stored");
 
     if (!storedOtp) {
+      logger.error("OTP expired or not found");
       return res.status(400).json({ error: 'OTP expired or not found' });
     }
 
     if (parseInt(otp, 10) !== parseInt(storedOtp, 10)) {
+      logger.error("Invalid OTP");
       return res.status(400).json({ error: 'Invalid OTP' });
     }
-
+    logger.info(`OTP verified with mobile number -${mobileNumber}`);
     return res.status(200).json({ message: 'OTP verified successfully' });
   } catch (err) {
     logger.error(err, 'Error verifying OTP');
diff --git a/src/middlewares/admin.middleware.js b/src/middlewares/admin.middleware.js
index 0c823e4..0fcb74d 100644
--- a/src/middlewares/admin.middleware.js
+++ b/src/middlewares/admin.middleware.js
@@ -13,7 +13,6 @@ function checkAdmin (req,res,next){
   const token = authHeader.split(' ')[1];
   try {
     const payload = verifyToken(token);
-    // console.log("hi",payload);
     if(payload.customerNo && payload.role === 'admin'){
       req.admin = payload.customerNo;
       next();
diff --git a/src/routes/admin_auth.route.js b/src/routes/admin_auth.route.js
index a598831..3cb2566 100644
--- a/src/routes/admin_auth.route.js
+++ b/src/routes/admin_auth.route.js
@@ -9,4 +9,5 @@ router.get('/admin_details', adminAuthenticate, adminAuthController.fetchAdminDe
 router.get('/fetch/customer_details',adminAuthenticate,adminAuthController.getUserDetails);
 router.post('/user/rights',adminAuthenticate,adminAuthController.UserRights);
 router.get('/user/rights',adminAuthenticate,adminAuthController.getUserRights);
+router.post('/user/unlock',adminAuthenticate,adminAuthController.handleUnlockUser);
 module.exports = router;
diff --git a/src/services/admin.auth.service.js b/src/services/admin.auth.service.js
index e6489c8..7d6ba5f 100644
--- a/src/services/admin.auth.service.js
+++ b/src/services/admin.auth.service.js
@@ -38,10 +38,19 @@ async function getCustomerDetails(customerNo) {
 }
 
 async function getCustomerDetailsFromDB(customerNo) {
-  const result = await db.query('SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level FROM users WHERE customer_no = $1', [
+  const result = await db.query(
+    'SELECT customer_no,created_at,last_login,is_first_login,ib_access_level,mb_access_level,inb_limit_amount,mobile_limit_amount,locked FROM users WHERE customer_no = $1 or preferred_name= $1', [
     customerNo,
   ]);
   return result.rows[0];
 }
 
-module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails,getCustomerDetailsFromDB };
+async function updateUserLockStatus(customerNo ,locked ,adminUserName) {
+  const result = await db.query(
+    'Update users set locked =$2 ,unlocked_by=$3  WHERE customer_no = $1 or preferred_name= $1', [
+    customerNo, locked ,adminUserName
+  ]);
+  return result.rows[0];
+}
+
+module.exports = { validateAdmin, findAdminByUserName, getCustomerDetails, getCustomerDetailsFromDB ,updateUserLockStatus };