diff --git a/router/apiHandler.go b/router/apiHandler.go
index 557fa5c0..548b0862 100644
--- a/router/apiHandler.go
+++ b/router/apiHandler.go
@@ -97,7 +97,7 @@ func ApiViewHandler(w http.ResponseWriter, r *http.Request) {
 
 func ApiUploadHandler(w http.ResponseWriter, r *http.Request) {
 	if config.UploadsDisabled {
-		http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)
+		http.Error(w, "Error uploads are disabled", http.StatusBadRequest)
 		return
 	}
 
@@ -105,7 +105,7 @@ func ApiUploadHandler(w http.ResponseWriter, r *http.Request) {
 	user := model.User{}
 	db.ORM.Where("api_token = ?", token).First(&user) //i don't like this
 	if user.ID == 0 {
-		http.Error(w, apiService.ErrApiKey.Error(), http.StatusForbidden)
+		http.Error(w, apiService.ErrApiKey.Error(), http.StatusUnauthorized)
 		return
 	}
 
diff --git a/router/upload.go b/router/upload.go
index 91564d50..b00d59e9 100644
--- a/router/upload.go
+++ b/router/upload.go
@@ -166,8 +166,9 @@ func (f *UploadForm) ExtractInfo(r *http.Request) error {
 		if !strings.HasPrefix(exactTopic, "urn:btih:") {
 			return metainfo.ErrInvalidTorrentFile
 		}
-		f.Infohash = strings.ToUpper(strings.TrimPrefix(exactTopic, "urn:btih:"))
-		matched, err := regexp.MatchString("^[0-9A-F]{40}$", f.Infohash)
+		exactTopic = strings.SplitAfter(exactTopic, ":")[2]
+		f.InfoHash = strings.ToUpper(strings.Split(exactTopic, "&")[0])
+		matched, err := regexp.MatchString("^[0-9A-Z]+$", f.Infohash) //ffuuuuuuck
 		if err != nil || !matched {
 			return metainfo.ErrInvalidTorrentFile
 		}
diff --git a/service/api/api.go b/service/api/api.go
index 78740bb8..05d2990e 100644
--- a/service/api/api.go
+++ b/service/api/api.go
@@ -3,6 +3,7 @@ package apiService
 import (
 	"encoding/hex"
 	"errors"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -92,16 +93,18 @@ func validateMagnet(r *TorrentRequest) (error, int) {
 		return err, http.StatusInternalServerError
 	}
 	exactTopic := magnetUrl.Query().Get("xt")
+	fmt.Println(exactTopic)
 	if !strings.HasPrefix(exactTopic, "urn:btih:") {
 		return ErrMagnet, http.StatusNotAcceptable
 	}
-	r.Hash = strings.ToUpper(strings.TrimPrefix(exactTopic, "urn:btih:"))
+	exactTopic = strings.SplitAfter(exactTopic, ":")[2]
+	r.Hash = strings.ToUpper(strings.Split(exactTopic, "&")[0])
 	return nil, http.StatusOK
 }
 
 func validateHash(r *TorrentRequest) (error, int) {
 	r.Hash = strings.ToUpper(r.Hash)
-	matched, err := regexp.MatchString("^[0-9A-F]{40}$", r.Hash)
+	matched, err := regexp.MatchString("^[0-9A-Z]+$", r.Hash) //fucking garbage
 	if err != nil {
 		return err, http.StatusInternalServerError
 	}
@@ -146,11 +149,11 @@ func (r *TorrentRequest) ValidateMultipartUpload(req *http.Request) (int64, erro
 		}
 		// check a few things
 		if torrent.IsPrivate() {
-			return 0, errors.New("private torrents not allowed"), http.StatusBadRequest
+			return 0, errors.New("private torrents not allowed"), http.StatusNotAcceptable
 		}
 		trackers := torrent.GetAllAnnounceURLS()
 		if !uploadService.CheckTrackers(trackers) {
-			return 0, errors.New("tracker(s) not allowed"), http.StatusBadRequest
+			return 0, errors.New("tracker(s) not allowed"), http.StatusNotAcceptable
 		}
 		if r.Name == "" {
 			r.Name = torrent.TorrentName()