diff --git a/app.js b/app.js
index f3ed756b08f43e2b00d9a2ba38528dca12308b2f..68d3e9442d8290a20f6bded553c389810031c0ac 100644
--- a/app.js
+++ b/app.js
@@ -8,6 +8,8 @@ const bodyParser = require('body-parser');
 const session = require('express-session');
 const errorhandler = require('errorhandler');
 const flash = require('express-flash');
+const fileUpload = require('express-fileupload');
+
 const i18n = require('i18n'); // internationalization
 i18n.configure({
   locales:['de', 'en'],
@@ -22,12 +24,20 @@ var app = express();
 app.set('port', config.app.port);
 app.set('views', __dirname + '/views');
 app.set('view engine', 'pug');
+
+// enable files upload
+app.use(fileUpload({
+  createParentPath: true,
+  limits: { 
+    fileSize: 1000000 // 1 MB max. file size
+  }
+}));
+
 app.use(morgan('combined'));
 app.use(cookieParser());
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({extended: false}));
 app.use(express.static(path.join(__dirname, 'public')));
-
 app.use(i18n.init);
 app.use((req, res, next) => {
   res.setLocale('de');
diff --git a/package.json b/package.json
index 2c3a256225dfdd55c4ad54c364b6e4d650af6004..2df854950e08a3f9e37eb6ff7ff44b94f786b621 100644
--- a/package.json
+++ b/package.json
@@ -28,6 +28,7 @@
     "crypto": "^1.0.1",
     "errorhandler": "1.4.3",
     "express": "^4.17.1",
+    "express-fileupload": "^1.1.6",
     "express-flash": "0.0.2",
     "express-session": "^1.17.0",
     "fs": "0.0.1-security",
diff --git a/routes/routes-project.js b/routes/routes-project.js
index 95534ff532a651c8435201514bf711c72ccec8b0..e15525e13e879edc37d1dec01f46d9d1c774cdeb 100644
--- a/routes/routes-project.js
+++ b/routes/routes-project.js
@@ -1,5 +1,6 @@
 const methods = require('./methods')
 const async = require('async')
+const pictSizeLimit = 1000000 // 1 MB
 
 module.exports = function (app) {
  
@@ -38,7 +39,7 @@ module.exports = function (app) {
     ])
   });
 
-  app.get('/project_', function (req, res) {
+  app.get('/project', function (req, res) {
     async.waterfall([
       // get all projects from projectdb
       function(done) {
@@ -91,7 +92,7 @@ module.exports = function (app) {
     ])
   })
 
-  app.get('/project', function (req, res) {
+  app.get('/project_', function (req, res) {
     res.render(lang+'/project/project-simplified');
   })
 
@@ -156,13 +157,18 @@ module.exports = function (app) {
       if (req.body.wiki)
         wiki = 1
 
+      var projectLogo = req.files.logo
+      var projectPicture = req.files.src
+      var projectLogoPath = './folder-in-server-to-save-projektlogo/'+req.body.pname+'/'+projectLogo.name
+      var projectPicturePath = './folder-in-server-to-save-projektbild/'+req.body.pname+'/'+projectPicture.name
       var projectTerm = req.body.termForm + " - " + req.body.termTo
+      
       var projectOverviewData = {
         pname: req.body.pname,
         title: req.body.title,
         onelinesummary: req.body.summary,
         category: req.body.category,
-        logo: req.body.logo,
+        logo: projectLogoPath,
         gitlab: req.body.gitlabURL,
         wiki: wiki,
         overview: req.body.overview,
@@ -174,7 +180,7 @@ module.exports = function (app) {
         term: projectTerm,
         further_details: req.body.furtherDetails,
         website: req.body.website,
-        src: req.body.src,
+        src: projectPicturePath,
         caption: req.body.caption,
         contact_lastname: req.body.contactName,
         contact_email: req.body.contactEmail,
@@ -182,6 +188,34 @@ module.exports = function (app) {
         leader_email: req.body.leaderEmail
       }
       
+      // raise error if limit is exceeded
+      if (projectLogo && projectLogo.size === pictSizeLimit) {
+        req.flash('error', 'Projektlogo exceeds 1 MB');
+        res.redirect('/addprojectoverview');
+      }
+      if (projectPicture && projectPicture.size === pictSizeLimit) {
+        req.flash('error', 'Projektbild exceeds 1 MB');
+        res.redirect('/addprojectoverview');
+      }
+
+      // save pictures
+      projectLogo.mv('./folder-in-server-to-save-projektlogo/'+req.body.pname+'/'+projectLogo.name, function(err) {
+        if (err) {
+          console.error(err)
+          res.status(500).render(lang+'/500', {
+            error: err
+          })
+        }
+      });
+      projectPicture.mv('./folder-in-server-to-save-projektbild/'+req.body.pname+'/'+projectPicture.name, function(err) {
+        if (err) {
+          console.error(err)
+          res.status(500).render(lang+'/500', {
+            error: err
+          })
+        }
+      });
+
       /* RS: Temporary solution while Project DB is still in early phase.
               When User DB and Project DB are integrated and quite stabil, this operation should be done in 1 transaction.
       */