diff --git a/public/index.php b/public/index.php
index 9bb1f79..08219cf 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,7 +1,22 @@
 <?php
 require_once '../vendor/autoload.php';
 
-if (\FooBar\Configuration::loadConfig()->isOpen()) {
+$config = \FooBar\Configuration::loadConfig();
+
+if (isset($_POST['auth_check'])) {
+    if (!$config->isAuthorized()) {
+        http_response_code(403);
+    }
+} elseif (isset($_POST['toggle']) && $config->isAuthorized()) {
+    $file = $config->stateFile();
+    if ($config->isOpen()) {
+        unlink($file);
+    } else {
+        touch($file);
+    }
+}
+
+if ($config->isOpen()) {
     require '../templates/open.html';
 } else {
     require '../templates/closed.html';
diff --git a/public/toggle.php b/public/toggle.php
deleted file mode 100644
index 6f6d8bb..0000000
--- a/public/toggle.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-require_once '../vendor/autoload.php';
-
-$configuration = \FooBar\Configuration::loadConfig();
-
-if (isset($_POST['toggle']) && $configuration->isAuthorized()) {
-    $file = $configuration->stateFile();
-    if ($configuration->isOpen()) {
-        unlink($file);
-    } else {
-        touch($file);
-    }
-}
-?>
-<!DOCTYPE HTML>
-<html>
-<head>
-<meta charset="UTF-8">
-<title>Verander de status van de foobar</title>
-</head>
-<body>
-<h1>De foobar is nu
-<?php
-echo $configuration->isOpen() ? ' ' : ' niet ';
-?>
-open.</h1>
-<form method="post">
-<input type="submit" name="toggle" value="Verander dit">
-</form>
-</body>
-</html>
diff --git a/src/base.scss b/src/base.scss
index 0df4640..592d9bb 100644
--- a/src/base.scss
+++ b/src/base.scss
@@ -1,3 +1,10 @@
 * {
   font-family: verdana, sans-serif;
 }
+
+#toggle-button {
+  z-index: 2;
+  position: absolute;
+  top: 0;
+  left: 0;
+}
diff --git a/src/index.js b/src/index.js
index 452fc4e..40fe3da 100644
--- a/src/index.js
+++ b/src/index.js
@@ -7,4 +7,47 @@ window.addEventListener('load', function () {
     } else {
         startClosedAnimation();
     }
+
+    doIfAuthorized(showToggleButton);
 });
+
+function showToggleButton() {
+    console.log('Should show toggle button.');
+    const template = `
+    <div id="toggle-button">
+        <form method="post">
+            <button name="toggle">Verander dit</button>
+        </form>
+    </div>`;
+
+    const div = document.createElement('div');
+    div.innerHTML = template.trim();
+    const content = div.firstChild;
+    div.removeChild(content);
+    document.body.appendChild(content);
+    console.log(content);
+}
+
+/**
+ * Run the specified callback if the user is authorized
+ *
+ * @param callback
+ */
+function doIfAuthorized(callback) {
+    const request = new XMLHttpRequest();
+    request.open('POST', window.location); // Post to self should work
+    request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+    request.onreadystatechange = function () {
+        switch (request.readyState) {
+            case XMLHttpRequest.DONE:
+                if (request.status === 200) {
+                    callback();
+                }
+                break;
+            default:
+                // Wait for completion.
+                break;
+        }
+    };
+    request.send('auth_check=1');
+}