diff --git a/backend/app.js b/backend/app.js
index 50348af..8da9fc1 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -44,8 +44,4 @@ app.use("/admin", adminRoutes);
 const usersRoutes = require("./routes/users.routes");
 app.use("/users", usersRoutes);
 
-const suggestController = require("./routes/suggest.routes");
-app.get("/suggest", suggestController);
-
-
 module.exports = app;
\ No newline at end of file
diff --git a/backend/controllers/auth.controller.js b/backend/controllers/auth.controller.js
index 979f5a4..74e243f 100644
--- a/backend/controllers/auth.controller.js
+++ b/backend/controllers/auth.controller.js
@@ -15,14 +15,20 @@ exports.register = async (req, res) => {
 };
 
 exports.login = async (req, res) => {
-  const { username, password } = req.body;
-  console.log(`Login attempt for user: ${username} with password: ${password}`);
+  let { username, password } = req.body;
 
+  username = username.toLowerCase();
   const user = await User.findByUsername(username);
-  if (!user) return res.status(401).json({ message: "Invalid credentials" });
+  if (!user) {
+    console.log(`⚠️   Login attempt -> No user found: ${username}`);
+    return res.status(401).json({ message: "User not found" });
+  }
 
   const valid = await bcrypt.compare(password, user.password);
-  if (!valid) return res.status(401).json({ message: "Invalid credentials" });
+  if (!valid) {
+    console.log(`⛔   Login attempt for user ${username} with password ${password}`);
+    return res.status(401).json({ message: "Invalid credentials" });
+  }
 
   const token = jwt.sign(
     { id: user.id, role: user.role },
diff --git a/backend/controllers/lists.controller.js b/backend/controllers/lists.controller.js
index 8c06638..bf772c3 100644
--- a/backend/controllers/lists.controller.js
+++ b/backend/controllers/lists.controller.js
@@ -22,3 +22,10 @@ exports.markBought = async (req, res) => {
   await List.setBought(req.body.id);
   res.json({ message: "Item marked bought" });
 };
+
+
+exports.getSuggestions = async (req, res) => {
+  const { query } = req.query || "";
+  const suggestions = await List.getSuggestions(query);
+  res.json(suggestions);
+};
\ No newline at end of file
diff --git a/backend/controllers/suggest.controller.js b/backend/controllers/suggest.controller.js
deleted file mode 100644
index 5a69a20..0000000
--- a/backend/controllers/suggest.controller.js
+++ /dev/null
@@ -1,9 +0,0 @@
-const List = require("../models/list.model");
-
-
-exports.getHistory = async (req, res) => {
-  console.log("GET /suggest called");
-  const { query } = req.query;
-  const items = await List.getHistory(query);
-  res.json("asdf");
-};
\ No newline at end of file
diff --git a/backend/models/list.model.js b/backend/models/list.model.js
index 499a110..072cc9d 100644
--- a/backend/models/list.model.js
+++ b/backend/models/list.model.js
@@ -44,7 +44,8 @@ exports.addHistoryRecord = async (itemId, quantity) => {
   );
 };
 
-exports.getHistory = async (query) => {
+
+exports.getSuggestions = async (query) => {
   const result = await pool.query(
     `SELECT DISTINCT item_name 
        FROM grocery_list 
@@ -52,9 +53,7 @@ exports.getHistory = async (query) => {
        LIMIT 10`,
     [`%${query}%`]
   );
-  console.log("QUERY:");
-  console.log(result.query);
+  res = result.rows;
   return result.rows;
-
 };
 
diff --git a/backend/routes/list.routes.js b/backend/routes/list.routes.js
index 5e67c2a..bf881ec 100644
--- a/backend/routes/list.routes.js
+++ b/backend/routes/list.routes.js
@@ -8,6 +8,7 @@ const User = require("../models/user.model");
 
 
 router.get("/", auth, requireRole(ROLES.VIEWER, ROLES.EDITOR, ROLES.ADMIN), controller.getList);
+router.get("/suggest", auth, requireRole(ROLES.VIEWER, ROLES.EDITOR, ROLES.ADMIN), controller.getSuggestions);
 
 
 router.post("/add", auth, requireRole(ROLES.EDITOR, ROLES.ADMIN), controller.addItem);
diff --git a/backend/routes/suggest.routes.js b/backend/routes/suggest.routes.js
deleted file mode 100644
index 0d13e01..0000000
--- a/backend/routes/suggest.routes.js
+++ /dev/null
@@ -1,9 +0,0 @@
-const router = require("express").Router();
-const controller = require("../controllers/suggest.controller");
-const auth = require("../middleware/auth");
-const requireRole = require("../middleware/rbac");
-const { ROLES } = require("../models/user.model");
-
-router.get("/", auth, requireRole(ROLES.VIEWER, ROLES.EDITOR, ROLES.ADMIN), controller.getHistory);
-
-module.exports = router;
diff --git a/frontend/src/api/auth.js b/frontend/src/api/auth.js
index d52cedd..ad0ca3a 100644
--- a/frontend/src/api/auth.js
+++ b/frontend/src/api/auth.js
@@ -2,7 +2,6 @@ import api from "./axios";
 
 export const loginRequest = async (username, password) => {
   const res = await api.post("/auth/login", { username, password });
-  alert(`Response data: ${JSON.stringify(res.data)}`);
   return res.data;
 };
 
diff --git a/frontend/src/api/list.js b/frontend/src/api/list.js
index 4423986..d84a94e 100644
--- a/frontend/src/api/list.js
+++ b/frontend/src/api/list.js
@@ -3,7 +3,4 @@ import api from "./axios";
 export const getList = () => api.get("/list");
 export const addItem = (itemName, quantiy) => api.post("/list/add", { itemName, quantiy });
 export const markBought = (id) => api.post("/list/mark-bought", { id });
-export const suggest = (query) => {
-  console.log("API SUGGEST QUERY:", query);
-  api.get("/suggest", { query });
-}; 
\ No newline at end of file
+export const getSuggestions = (query) => api.get("/list/suggest", { params: { query: query } });
\ No newline at end of file
diff --git a/frontend/src/constants/roles.js b/frontend/src/constants/roles.js
index fc1b90b..c108f79 100644
--- a/frontend/src/constants/roles.js
+++ b/frontend/src/constants/roles.js
@@ -2,4 +2,5 @@ export const ROLES = {
   VIEWER: "viewer",
   EDITOR: "editor",
   ADMIN: "admin",
+  UP_TO_ADMIN: ["viewer", "editor", "admin"],
 };
\ No newline at end of file
diff --git a/frontend/src/pages/GroceryList.jsx b/frontend/src/pages/GroceryList.jsx
index f6e9aaa..d1988ea 100644
--- a/frontend/src/pages/GroceryList.jsx
+++ b/frontend/src/pages/GroceryList.jsx
@@ -1,5 +1,6 @@
 import { useContext, useEffect, useState } from "react";
-import { addItem, getList, markBought, suggest } from "../api/list";
+import { addItem, getList, getSuggestions, markBought } from "../api/list";
+import { ROLES } from "../constants/roles";
 import { AuthContext } from "../context/AuthContext";
 import "../styles/GroceryList.css";
 
@@ -56,7 +57,11 @@ export default function GroceryList() {
     }
 
     try {
-      setSuggestions(suggest(text).data.map((i) => i.item_name));
+      console.log("Getting suggestions for:", text);
+      let suggestions = await getSuggestions(text);
+      suggestions = suggestions.data.map(s => s.item_name);
+      console.log(`Suggestions: ${suggestions}`);
+      setSuggestions(suggestions);
     } catch {
       setSuggestions([]);
     }
@@ -89,8 +94,7 @@ export default function GroceryList() {
     <div className="glist-body">
       <div className="glist-container">
 
-        <h1 className="glist-title">Costco Grocery List - {username}[{role}]</h1>
-        <p><strong>{username}</strong> ({role})</p>
+        <h1 className="glist-title">Costco Grocery List</h1>
 
         {/* Sorting dropdown */}
         <select
@@ -105,7 +109,7 @@ export default function GroceryList() {
         </select>
 
         {/* Add Item form (editor/admin only) */}
-        {(role === "editor" || role === "admin") && showAddForm && (
+        {[ROLES.ADMIN, ROLES.VIEWER].includes(role) && showAddForm && (
           <>
             <input
               type="text"
@@ -163,7 +167,7 @@ export default function GroceryList() {
       </div>
 
       {/* Floating Button (editor/admin only) */}
-      {(role === "editor" || role === "admin") && (
+      {[ROLES.ADMIN, ROLES.VIEWER].includes(role) && (
         <button
           className="glist-fab"
           onClick={() => setShowAddForm(!showAddForm)}
diff --git a/frontend/src/pages/Login.jsx b/frontend/src/pages/Login.jsx
index e8d1d2d..78c5fe4 100644
--- a/frontend/src/pages/Login.jsx
+++ b/frontend/src/pages/Login.jsx
@@ -16,7 +16,7 @@ export default function Login() {
       login(data);
       window.location.href = "/";
     } catch (err) {
-      setError("Invalid username or password");
+      setError(err.response?.data?.message || "Login failed");
     }
   };
 
diff --git a/frontend/src/styles/GroceryList.css b/frontend/src/styles/GroceryList.css
index 0feb7b6..a6861b2 100644
--- a/frontend/src/styles/GroceryList.css
+++ b/frontend/src/styles/GroceryList.css
@@ -54,14 +54,18 @@
   max-height: 150px;
   overflow-y: auto;
   position: absolute;
-  z-index: 999;
-  width: calc(100% - 2em);
-  left: 1em;
-  right: 1em;
+  z-index: 999;  
+  border-radius: 8px;
+  box-shadow: 0 0 10px rgba(0,0,0,0.08);
+  padding: 1em;
+  width: calc(100% - 8em);  
+  max-width: 440px;  
+  margin: 0 auto;    
 }
 
 .glist-suggest-item {
   padding: 0.5em;
+  padding-inline: 2em;
   cursor: pointer;
 }