diff --git a/db/sqlite.py b/db/sqlite.py
index 586493e..1d74bc5 100644
--- a/db/sqlite.py
+++ b/db/sqlite.py
@@ -131,16 +131,18 @@ class DB:
             (rowid,)
         ).fetchone()
 
-    def delete_thread(self, thread_id):
+    def delete_thread(self, user_id, thread_id):
         db = self._db()
-        db.execute('''
+        c = db.cursor()
+        c.execute('''
             delete
             from threads
-            where thread_id = ?
+            where thread_id = ? and author_id = ?
             ''',
-            (thread_id,)
+            (thread_id, user_id)
         )
         db.commit()
+        return c.rowcount > 0
 
     def add_comment_to_thread(self, thread_id, author_id, text, time):
         db = self._db()
@@ -153,9 +155,8 @@ class DB:
             ''',
             (thread_id, author_id, text, time, time, thread_id)
         )
-        rowid = c.lastrowid
         db.commit()
-        return rowid is not None
+        return c.rowcount > 0
 
     def add_comment_to_comment(self, parent_id, author_id, text, time):
         db = self._db()
@@ -170,9 +171,7 @@ class DB:
             (parent_id, author_id, text, time, time, parent_id)
         )
         print(c.lastrowid)
-        rowid = c.lastrowid
-        db.commit()
-        return rowid is not None
+        return c.rowcount > 0
 
     def _db(self):
         return sqlite3.connect(self.conn)
diff --git a/main.py b/main.py
index eacc23a..d9775c2 100644
--- a/main.py
+++ b/main.py
@@ -137,8 +137,15 @@ def confirm_delete_thread(thread_id):
 
 @app.route('/thread/<int:thread_id>/delete/', methods = ['POST'])
 def delete_thread(thread_id):
-    db.delete_thread(thread_id)
-    flash('Thread has been deleted', 'success')
+    user_id = session.get('user_id')
+    if user_id is None:
+        return redirect(url_for('login'))
+
+    if db.delete_thread(user_id, thread_id):
+        flash('Thread has been deleted', 'success')
+    else:
+        flash('Thread could not be removed', 'error')
+        # TODO return 403, maybe?
     return redirect(url_for('index'))
 
 @app.route('/thread/<int:thread_id>/comment/', methods = ['POST'])
diff --git a/static/theme.css b/static/theme.css
index f76324d..4fdfeef 100644
--- a/static/theme.css
+++ b/static/theme.css
@@ -85,6 +85,12 @@ table.form > * > tr > td, th {
 }
 
 .flash.success {
+	background-color: lightgreen;
+	border-radius: 5px;
+	padding: 8px;
+}
+
+.flash.error {
 	background-color: #ff4646;
 	border-radius: 5px;
 	padding: 8px;