diff --git a/src/router/friend.rs b/src/router/friend.rs
index f774b77..9d9c498 100644
--- a/src/router/friend.rs
+++ b/src/router/friend.rs
@@ -4,6 +4,8 @@ use actix_web::{HttpResponse, HttpRequest};
 use crate::router::{userdata, global};
 use crate::encryption;
 
+pub const FRIEND_LIMIT: usize = 40;
+
 pub fn friend(req: HttpRequest, body: String) -> HttpResponse {
     let key = global::get_login(req.headers(), &body);
     let body = json::parse(&encryption::decrypt_packet(&body).unwrap()).unwrap();
@@ -101,7 +103,7 @@ pub fn request(req: HttpRequest, body: String) -> HttpResponse {
     
     let uid = body["user_id"].as_i64().unwrap();
     if !userdata::friend_request_disabled(uid) {
-        if !friends["request_user_id_list"].contains(uid) { 
+        if !friends["request_user_id_list"].contains(uid) && friends["request_user_id_list"].len() < FRIEND_LIMIT { 
             friends["request_user_id_list"].push(uid).unwrap(); 
             userdata::save_acc_friends(&key, friends);
         }
@@ -126,7 +128,7 @@ pub fn approve(req: HttpRequest, body: String) -> HttpResponse {
     let index = friends["pending_user_id_list"].members().into_iter().position(|r| *r.to_string() == uid.to_string());
     if !index.is_none() {
         friends["pending_user_id_list"].array_remove(index.unwrap());
-        if body["approve"].to_string() == "1" && ! friends["friend_user_id_list"].contains(uid) {
+        if body["approve"].to_string() == "1" && ! friends["friend_user_id_list"].contains(uid) && friends["friend_user_id_list"].len() < FRIEND_LIMIT {
             friends["friend_user_id_list"].push(uid).unwrap();
         }
         
diff --git a/src/router/userdata/mod.rs b/src/router/userdata/mod.rs
index 5829e94..c421fb6 100644
--- a/src/router/userdata/mod.rs
+++ b/src/router/userdata/mod.rs
@@ -400,7 +400,7 @@ pub fn friend_request(uid: i64, requestor: i64) {
     let uid = get_uid(&login_token);
     let friends = DATABASE.lock_and_select("SELECT friends FROM friends WHERE user_id=?1", params!(uid));
     let mut friends = json::parse(&friends.unwrap()).unwrap();
-    if !friends["pending_user_id_list"].contains(requestor) {
+    if !friends["pending_user_id_list"].contains(requestor) && friends["pending_user_id_list"].len() < crate::router::friend::FRIEND_LIMIT {
         friends["pending_user_id_list"].push(requestor).unwrap();
         DATABASE.lock_and_exec("UPDATE friends SET friends=?1 WHERE user_id=?2", params!(json::stringify(friends), uid));
     }
@@ -422,7 +422,7 @@ pub fn friend_request_approve(uid: i64, requestor: i64, accepted: bool, key: &st
     if !index.is_none() {
         friends["request_user_id_list"].array_remove(index.unwrap());
     }
-    if accepted && !friends["friend_user_id_list"].contains(requestor) {
+    if accepted && !friends["friend_user_id_list"].contains(requestor) && friends["friend_user_id_list"].len() < crate::router::friend::FRIEND_LIMIT {
         friends["friend_user_id_list"].push(requestor).unwrap();
     }
     DATABASE.lock_and_exec("UPDATE friends SET friends=?1 WHERE user_id=?2", params!(json::stringify(friends), uid));