diff --git a/LICENSE (fpdf) b/LICENSE (fpdf)
new file mode 100755
index 0000000..387f26e
--- /dev/null
+++ b/LICENSE (fpdf)	
@@ -0,0 +1,6 @@
+FPDF has no license details... except as below as stated on http://www.fpdf.org/en/FAQ.php#q1
+
+1. What's exactly the license of FPDF? Are there any usage restrictions?
+
+FPDF is released under a permissive license: there is no usage restriction. You may embed it freely in your application (commercial or not), with or without modifications.
+
diff --git a/includes/footer.inc.php b/includes/footer.inc.php
index 1dd37be..7b360ff 100755
--- a/includes/footer.inc.php
+++ b/includes/footer.inc.php
@@ -1,8 +1,7 @@
 </div>
-        <div class="header">
-          <h2>Server Time: <span id="date_time"></span><script type="text/javascript">window.onload = date_time('date_time');</script></h2>
-        </div>
-
+<div class="header">
+<h2>Server Time: <span id="date_time"></span><script type="text/javascript">window.onload = date_time('date_time');</script></h2>
+</div>
 </div>
 <script src="<?php echo $yaptc_libweb; ?>ui.js"></script>
 </body>
diff --git a/includes/menu.inc.php b/includes/menu.inc.php
index 2fa772a..0090857 100755
--- a/includes/menu.inc.php
+++ b/includes/menu.inc.php
@@ -13,7 +13,7 @@
 
 
 // Get login status and access level
-if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($sql); } else { $userLogged = false; $userAccess = ""; }
+if (getSessionStatus() == true) { $userLogged = true; $userAccess = getSessionAccess($yaptc_db); } else { $userLogged = false; $userAccess = ""; }
 
 // All menu options - only ones with permissions allowed are shown to logged-in users.
 // Home
@@ -54,8 +54,8 @@ if ($userLogged == false) {
 
         <div class="header">
           <h1><?php echo $yaptc_pagename; ?></h1>
-          <h2><?php if (isset($_SESSION['user_id'])) {echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];} else {echo "Please log in to use the timecard system";}?></h2>
-          <h4><?php if (!empty($adminmessage)) {echo "<div class=\"successmessage\">" . $adminmessage . "</div>"; } ?></h4>
+          <h2><?php if (isset($_SESSION['user_id'])): echo "Logged as: " . $_SESSION['firstname'] . ' ' . $_SESSION['lastname']; else: echo "Please log in to use the timecard system"; endif; ?></h2>
+          <h4><?php if (!empty($adminmessage)): echo "<div class=\"adminmessage\">" . $adminmessage . "</div>"; endif; ?></h4>
         </div>
 
         <div class="content">
diff --git a/index.php b/index.php
index 0df574b..5b3e0c7 100755
--- a/index.php
+++ b/index.php
@@ -4,14 +4,20 @@ require_once("config.inc.php");
 $yaptc_pagename = "Home";
 require_once($yaptc_inc . "header.inc.php");
 require_once($yaptc_inc . "menu.inc.php");
-if (getSessionStatus() == false) {
+if (getSessionStatus() == false):
 killSession();
-} else {
-//********** BEGIN CONTENT **********//
+else:
+//********** BEGIN CONTENT **********// ?>
 
+<?php
 $userid = $_SESSION['user_id'];
+
+
+
+
+
 // This is to get the current user status - in or out - and the notes and times associated for use in the form
-$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
+$result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
     $result->execute();
     $last = $result->fetchObject();
     
@@ -75,7 +81,7 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
         // Is the user currently punched in?  If so, insert the punch out record, otherwise, insert a new punch in
         if ($status == "In") {
             $query = "UPDATE punches SET outtime = NOW(), notes = :p_notes WHERE id = :p_punchid";
-            $stmt  = $sql->prepare($query);
+            $stmt  = $yaptc_db->prepare($query);
             $stmt->execute(array(
                 ':p_punchid' => $punchid,
                 ':p_notes' => $p_notes
@@ -83,7 +89,7 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
         } //$status == "In"
         else {
             $query = "INSERT INTO punches (userid, notes, intime) VALUES (:p_userid, :p_notes, NOW())";
-            $stmt  = $sql->prepare($query);
+            $stmt  = $yaptc_db->prepare($query);
             $stmt->execute(array(
                 ':p_userid' => $_SESSION['user_id'],
                 ':p_notes' => $p_notes
@@ -97,9 +103,10 @@ $result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches
     // Close out the form...
     echo "</fieldset>";
     echo "</form>";
+?>    
     
-    
-    //********** END CONTENT **********//
-}
+
+<?php //********** END CONTENT **********//
+endif;
 require_once($yaptc_inc . "footer.inc.php");
 ?>
diff --git a/login.php b/login.php
index 88a47eb..ab9ef20 100755
--- a/login.php
+++ b/login.php
@@ -4,55 +4,50 @@ require_once("config.inc.php");
 $yaptc_pagename = "Login";
 require_once($yaptc_inc . "header.inc.php");
 require_once($yaptc_inc . "menu.inc.php");
-//********** BEGIN CONTENT **********//
-
-// Is user logged in?  If so, tell them and go to main...
-if (isset($_SESSION['user_id']) && isset($_SESSION['signature']) && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] = true && $_SESSION['signature'] = md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
-{
+if (getSessionStatus() == true):
 header ("Refresh:3; url=index.php", true, 303);
 echo "<h2 class=\"content-subhead\">You are already logged in...</h2>";
-}
-else
-{
-echo "<h2 class=\"content-subhead\">User Login</h2>";
-  echo "<form class=\"pure-form\" action=\"login.php\" method=\"post\">";
-  echo "<fieldset class=\"pure-group\" id=\"login\">";
-  echo "<label for=\"username\">Username</label>";
-  echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"Username\" id=\"username\" name=\"username\">";
-  echo "<label for=\"password\">Password</label>";
-  echo "<input type=\"password\" class=\"pure-input-1-2\" placeholder=\"Password\" id=\"password\" name=\"password\">";
-  echo "</fieldset>";
-  echo "<button type=\"submit\" class=\"pure-button pure-input-1-2 pure-button-primary\" value=\"Login\">Sign in</button>";
-  echo "</form>";
+else:
+//********** BEGIN CONTENT **********// ?>
+
+
+<h2 class="content-subhead">User Login</h2>
+<form class="pure-form" action="login.php" method="post">
+    <fieldset class="pure-group" id="login">
+        <input type="text" class="pure-input-1" placeholder="Username" id="username" name="username" />
+        <input type="password" class="pure-input-1" placeholder="Password" id="password" name="password" />
+    </fieldset>
+    <button type="submit" class="pure-button button-success pure-input-1 pure-button-primary" value="Login">Sign in</button>
+</form>
+
+<?php
 require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
-    $hasher = new PasswordHash(8, FALSE);
-    if (!empty($_POST)) {
-      $query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
-      $stmt = $sql->prepare($query);
-      $stmt->execute(array(':username' => $_POST['username']));
-      $user = $stmt->fetchObject();
-      if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)) {
+$hasher = new PasswordHash(8, FALSE);
+if (!empty($_POST)):
+    $query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
+    $stmt  = $yaptc_db->prepare($query);
+    $stmt->execute(array(
+        ':username' => $_POST['username']
+    ));
+    $user = $stmt->fetchObject();
+    if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)):
         session_regenerate_id();
         $_SESSION['user_id']   = $user->id;
         $_SESSION['loggedIn']  = TRUE;
         $_SESSION['signature'] = md5($user->id . $_SERVER['HTTP_USER_AGENT']);
-        $_SESSION['firstname']   = $user->firstname;
-        $_SESSION['lastname']   = $user->lastname;
+        $_SESSION['firstname'] = $user->firstname;
+        $_SESSION['lastname']  = $user->lastname;
         session_write_close();
-        echo "Login successful...";
-         header("Location: index.php");
-
-      }
-      else
-      {
-header ("Refresh:3; url=login.php", true, 303);
-echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
-      }
-    }
-
-  }
+        header("Location: index.php");
+    else:
+        header("Refresh:3; url=login.php", true, 303);
+        echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
+    endif;
+endif;
+?>
 
 
-//********** END CONTENT **********//
+<?php //********** END CONTENT **********//
+endif;
 require_once($yaptc_inc . "footer.inc.php");
 ?>
diff --git a/schema.mysql b/mysql.sql
similarity index 93%
rename from schema.mysql
rename to mysql.sql
index 3ed7c05..33fa612 100755
--- a/schema.mysql
+++ b/mysql.sql
@@ -32,8 +32,8 @@ CREATE TABLE `punches` (
   `intime` datetime NOT NULL,
   `outtime` datetime DEFAULT NULL,
   PRIMARY KEY (`id`),
-  KEY `userid` (`userid`),
-  CONSTRAINT `punches_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `users` (`id`)
+  KEY `punches_ibfk_1` (`userid`),
+  CONSTRAINT `punches_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
@@ -63,9 +63,9 @@ CREATE TABLE `users` (
   `lastname` varchar(50) DEFAULT NULL,
   `usertype` int(11) unsigned zerofill NOT NULL,
   PRIMARY KEY (`id`),
-  KEY `usertype` (`usertype`),
-  CONSTRAINT `users_ibfk_1` FOREIGN KEY (`usertype`) REFERENCES `usertypes` (`id`)
-) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;
+  KEY `users_ibfk_1` (`usertype`),
+  CONSTRAINT `users_ibfk_1` FOREIGN KEY (`usertype`) REFERENCES `usertypes` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB AUTO_INCREMENT=21 DEFAULT CHARSET=utf8;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
 --
@@ -101,10 +101,6 @@ LOCK TABLES `usertypes` WRITE;
 INSERT INTO `usertypes` VALUES (00000000001,'Administrator'),(00000000002,'User');
 /*!40000 ALTER TABLE `usertypes` ENABLE KEYS */;
 UNLOCK TABLES;
-
---
--- Dumping routines for database 'yaptc'
---
 /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
 
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
@@ -115,4 +111,4 @@ UNLOCK TABLES;
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2015-02-18 19:57:14
+-- Dump completed on 2015-02-20  1:54:16
diff --git a/profile.php b/profile.php
index 5f8fa1a..4f6ceeb 100755
--- a/profile.php
+++ b/profile.php
@@ -4,67 +4,77 @@ require_once("config.inc.php");
 $yaptc_pagename = "Profile";
 require_once($yaptc_inc . "header.inc.php");
 require_once($yaptc_inc . "menu.inc.php");
-if (getSessionStatus() == false) {
+if (getSessionStatus() == false):
 killSession();
-} else {
-//********** BEGIN CONTENT **********//
+else:
+//********** BEGIN CONTENT **********// ?>
 
+<?php
+require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
 $query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id";
-  $stmt = $sql->prepare($query);
+  $stmt = $yaptc_db->prepare($query);
   $stmt->execute(array(':id' => $_SESSION['user_id']));
   $user = $stmt->fetchObject();
 ?>
-<h2 class\"content-subhead">Profile Information</h2>
+
+<?php if (isset($errors['update'])): ?>
+        <p class="error"><?php echo $errors['update']; ?></p>
+        <?php endif; ?>
+
+<h2 class="content-subhead">Profile Information</h2>
 <p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p>
-<form class="pure-form pure-form-aligned" action="profile.php" method="post">
-<fieldset>
-<div class="pure-control-group">
+<p>PASSWORD CHANGE IS NOT CURRENTLY IMPLEMENTED</p>
+<form class="pure-form pure-form-stacked" action="profile.php" method="post">
+<fieldset id="update">
+<div class="pure-g">
+<div class="pure-u-1 pure-u-md-1-3">
 <label for="username">Username</label>
 <input type="text" name="username" maxlength="50" value="<?php echo $user->username; ?>" readonly>
-</div>
-<div class="pure-control-group">
 <label for="created">Created</label>
 <input type="text" name="created" value="<?php echo $user->created; ?>" readonly>
-</div>
-<div class="pure-control-group">
 <label for="usertype">User Type</label>
 <input type="text" name="usertype" maxlength="50" value="<?php echo $user->usertype; ?>" readonly>
 </div>
-<div class="pure-control-group">
+<div class="pure-u-1 pure-u-md-1-3">
 <label for="firstname">First Name</label>
 <input type="text" name="firstname" maxlength="50" value="<?php echo $user->firstname; ?>">
-</div>
-<div class="pure-control-group">
 <label for="lastname">Last Name</label>
 <input type="text" name="lastname" maxlength="50" value="<?php echo $user->lastname; ?>">
-</div>
-<div class="pure-control-group">
 <label for="email">Email</label>
 <input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>">
 </div>
-<div class="pure-controls">
-<button type="submit" class="pure-button button-xlarge button-success">Save</button>
+<div class="pure-u-1 pure-u-md-1-3">
+<label for="newpassword1">New Password</label>
+<input type="password" name="newpassword1" maxlength="50" disabled>
+<label for="newpassword2">Confirm Password</label>
+<input type="password" name="newpassword2" maxlength="50" disabled>
+<?php echo isset($errors['newpassword2']) ? $errors['newpassword2'] : ''; ?>
 </div>
+<div class="pure-controls pure-u-1">
+<button type="submit" class="pure-input-1 pure-button button-success ">Save</button>
+</div>
+</div>
+</fieldset>
+</form>
 
 <?php
-    if (!empty($_POST)) {
-$query = "UPDATE users SET firstname = :firstname, lastname = :lastname, email = :email WHERE id = :userid";
-   $stmt = $sql->prepare($query);
-$stmt->execute(array(
-        ':userid' => $_SESSION['user_id'],
-        ':firstname' => $_POST['firstname'],
-        ':lastname'    => $_POST['lastname'],
-        ':email'    => $_POST['email']
-    ));
-header('Location: '.$_SERVER['PHP_SELF']);
-exit;
-}
-echo "</fieldset>";
-echo "</form>";
+if (!empty($_POST)):
+    if (empty($_POST['newpassword1']) && empty($_POST['newpassword2'])):
+        updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['newpassword1'], $_POST['newpassword2']);
+        header('Location: ' . $_SERVER['PHP_SELF']);
+    elseif (!empty($_POST['newpassword1']) || !empty($_POST['newpassword2'])):
+        $errors['newpassword2'] = "New passwords do not match.";
+    elseif ($_POST['newpassword1'] != $_POST['newpassword2']):
+        $errors['newpassword2'] = "New passwords do not match.";
+
+    endif;
+//otherwise what?
+endif;
+?>
 
 
 
-//********** END CONTENT **********//
-}
+<?php //********** END CONTENT **********//
+endif;
 require_once($yaptc_inc . "footer.inc.php");
 ?>
diff --git a/punchlog.php b/punchlog.php
index 4f360a7..71ff34c 100755
--- a/punchlog.php
+++ b/punchlog.php
@@ -13,7 +13,7 @@ $userid = $_SESSION['user_id'];
 $timenow = date('Y-m-d H:i');
 
 // This is to get the current user status - in or out - and the notes and times associated for use in the form
-$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
+$result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC LIMIT 1");
 $result->execute();
 $last = $result->fetchObject();
 
@@ -65,7 +65,7 @@ if (isset($_POST['punchtime'])) {
 // Is the user currently punched in?  If so, insert the punch out record, otherwise, insert a new punch in
 if ($status=="In") {
   $query = "UPDATE punches SET outtime = :p_punchtime, notes = :p_notes, modified = :p_modified WHERE id = :p_punchid";
-  $stmt = $sql->prepare($query);
+  $stmt = $yaptc_db->prepare($query);
   $stmt->execute(array(
         ':p_punchid'    => $punchid,
         ':p_notes'    => $p_notes,
@@ -74,7 +74,7 @@ if ($status=="In") {
     ));
   } else {
   $query = "INSERT INTO punches (userid, notes, intime, modified) VALUES (:p_userid, :p_notes, :p_punchtime, :p_modified)";
-  $stmt = $sql->prepare($query);
+  $stmt = $yaptc_db->prepare($query);
   $stmt->execute(array(
     ':p_userid' => $_SESSION['user_id'],
         ':p_notes'    => $p_notes,
@@ -94,7 +94,7 @@ echo "</form>";
 
 echo "<h2 class=\"content-subhead\">Punch History</h2>";
 echo "<p>Below is your full punch history, sorted newest to oldest.</p>";
-$result = $sql->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC");
+$result = $yaptc_db->prepare("SELECT punches.id as punchid, users.id as user, punches.intime as intime, punches.outtime as outtime, punches.notes as notes, punches.modified as modified FROM punches INNER JOIN users ON punches.userid = users.id WHERE users.id = $userid ORDER BY punches.id DESC");
 $result->execute();
 echo '<table class="pure-table">';
 echo '<thead>';
diff --git a/reports.php b/reports.php
index f259303..8eeffb3 100755
--- a/reports.php
+++ b/reports.php
@@ -4,129 +4,56 @@ require_once("config.inc.php");
 $yaptc_pagename = "Reports";
 require_once($yaptc_inc . "header.inc.php");
 require_once($yaptc_inc . "menu.inc.php");
-if (getSessionStatus() == false) {
+if (getSessionStatus() == false):
 killSession();
-} else {
-//********** BEGIN CONTENT **********//
+else:
+//********** BEGIN CONTENT **********// ?>
 
-echo "<h2 class=\"content-subhead\">Punch History</h2>";
-echo "<p>Below is your company punch history.  The below drop-down can be used to select pre-configured reports.  Other reports are currently being written.</p>";
+<h2 class="content-subhead">Punch History</h2>
+<p>Below is your company punch history.  The below drop-down can be used to select pre-configured reports.  Other reports are currently being written.</p>
+<form class="pure-form pure-form-stacked" action="reports.php" method="post">
+<fieldset>
+<div class="pure-g">
+<div class="pure-u-1">
+<label for="reporttype">Report Type</label>
+<select name="reporttype" class="pure-input-1-2">
+<?php if (isset($_POST['reporttype'])): ?>
+    <option value="<?php echo $_POST['reporttype']; ?>"><?php echo $_POST['reporttype']; ?></option>
+    <option>----------</option>
+<?php else: ?>
+    <option></option>
+<?php endif; ?>
+<option value="Hours per week per user">Hours per week per user</option>
+<option value="Hours per month per user">Hours per month per user</option>
+</select>
+</div>
+</div>
+<button type=\"submit\" class=\"pure-button pure-button-primary\">Submit</button>
+</fieldset>
+</form>
+
+<?php if (isset($_POST['reporttype'])): ?>
+    <?php if ($_POST['reporttype'] == "Hours per week per user"): ?><table class="pure-table">
+        <thead><tr><th>Year</th><th>Week#</th><th>Username</th><th>Hours</th></tr></thead>
+        <tbody><?php foreach (reportWeeklyByUser($yaptc_db) as $row): ?>
+        <tr><td><?php echo $row['g_year']; ?></td><td><?php echo $row['g_week']; ?></td><td><?php echo $row['username']; ?></td><td><?php echo $row['punchhours']; ?></td></tr><?php endforeach; ?>
+        </tbody>
+        </table>
+    <?php endif; ?>
+    <?php if ($_POST['reporttype'] == "Hours per month per user"): ?><table class="pure-table">
+        <thead><tr><th>Year</th><th>Month</th><th>Username</th><th>Hours</th></tr></thead>
+        <tbody><?php foreach (reportMonthlyByUser($yaptc_db) as $row): ?>
+        <tr><td><?php echo $row['g_year']; ?></td><td><?php echo $row['g_month']; ?></td><td><?php echo $row['username']; ?></td><td><?php echo $row['punchhours']; ?></td></tr><?php endforeach; ?>
+        </tbody>
+        </table>
+    <?php endif; ?>
+<?php else: ?>
+    <p>No query to display.  Please select from the dropdown above...</p>
+<?php endif; ?>
 
 
-echo "<form class=\"pure-form pure-form-stacked\" action=\"reports.php\" method=\"post\">";
-echo "    <fieldset>";
-echo "        <div class=\"pure-g\">";
-echo "             <div class=\"pure-u-1\">";
-echo "                <label for=\"reporttype\">Report Type</label>";
-echo "                <select name=\"reporttype\" class=\"pure-input-1-2\">";
-if (isset($_POST['reporttype'])) { echo "<option value=\"" . $_POST['reporttype'] . "\">" . $_POST['reporttype'] . "</option><option>----------</option>";}
-else { echo "<option></option>";}
-echo "                    <option value=\"Hours per week per user\">Hours per week per user</option>";
-echo "                    <option value=\"Hours per month per user\">Hours per month per user</option>";
-echo "                </select>";
-echo "            </div>";
-echo "        </div>";
-echo "        <button type=\"submit\" class=\"pure-button pure-button-primary\">Submit</button>";
-echo "    </fieldset>";
-echo "</form>";
 
-if (isset($_POST['reporttype'])) {
-if ($_POST['reporttype'] == "Hours per week per user") {
-$query = "SELECT
-YEAR(punches.intime) AS g_year,
-WEEK(punches.intime) AS g_week,
-ROUND(SUM(TIME_TO_SEC(TIMEDIFF(punches.outtime, punches.intime))/3600),2) AS punchhours,
-  punches.id as punchid,
-  users.id as user,
-  users.username as username,
-  users.firstname as firstname,
-  users.lastname as lastname,
-  punches.intime as intime,
-  punches.outtime as outtime,
-  punches.notes as notes,
-  punches.modified as modified
-  FROM punches
-INNER JOIN users ON punches.userid = users.id
-GROUP BY g_year, g_week, users.username;";
-$stmt = $sql->prepare($query);
-$stmt->execute();
-$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-
-//set up table header and open table
-echo '<table class="pure-table">';
-echo '<thead>';
-echo '<tr>';
-echo '<th>Year</th>';
-echo '<th>Week#</th>';
-echo '<th>Username</th>';
-echo '<th>Hours</th>';
-echo '</tr>';
-echo '</thead>';
-echo '<tbody>';
-
-// $rows is an array containing all records...
-foreach ($rows as $row) {
-    echo "<tr>";
-    echo "<td>" . $row['g_year'] . "</td>";
-    echo "<td>" . $row['g_week'] . "</td>";
-    echo "<td>" . $row['username'] . "</td>";
-    echo "<td>" . $row['punchhours'] . "</td>";
-    echo "</tr>";
-}
-echo '</tbody>';
-echo '</table>';
-}
-elseif ($_POST['reporttype'] == "Hours per month per user") {
-$query = "SELECT
-YEAR(punches.intime) AS g_year,
-MONTHNAME(punches.intime) AS g_month,
-ROUND(SUM(TIME_TO_SEC(TIMEDIFF(punches.outtime, punches.intime))/3600),2) AS punchhours,
-  punches.id as punchid,
-  users.id as user,
-  users.username as username,
-  users.firstname as firstname,
-  users.lastname as lastname,
-  punches.intime as intime,
-  punches.outtime as outtime,
-  punches.notes as notes,
-  punches.modified as modified
-  FROM punches
-INNER JOIN users ON punches.userid = users.id
-GROUP BY g_year, g_month, users.username;";
-$stmt = $sql->prepare($query);
-$stmt->execute();
-$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-
-//set up table header and open table
-echo '<table class="pure-table">';
-echo '<thead>';
-echo '<tr>';
-echo '<th>Year</th>';
-echo '<th>Month</th>';
-echo '<th>Username</th>';
-echo '<th>Hours</th>';
-echo '</tr>';
-echo '</thead>';
-echo '<tbody>';
-
-// $rows is an array containing all records...
-foreach ($rows as $row) {
-    echo "<tr>";
-    echo "<td>" . $row['g_year'] . "</td>";
-    echo "<td>" . $row['g_month'] . "</td>";
-    echo "<td>" . $row['username'] . "</td>";
-    echo "<td>" . $row['punchhours'] . "</td>";
-    echo "</tr>";
-}
-echo '</tbody>';
-echo '</table>';
-}
-else {
-  echo "no query";
-}
-} else { echo "no query"; }
-
-//********** END CONTENT **********//
-}
+<?php //********** END CONTENT **********//
+endif;
 require_once($yaptc_inc . "footer.inc.php");
 ?>
diff --git a/users.php b/users.php
index 47b7f8b..4622f87 100755
--- a/users.php
+++ b/users.php
@@ -7,11 +7,11 @@ require_once($yaptc_inc . "menu.inc.php");
 if (getSessionStatus() == false) {
 killSession();
 } else {
-//********** BEGIN CONTENT **********//
-
-echo "<h2 class=\"content-subhead\">Add User</h2>";
-echo "<p>Use the following form to add users to the system.  Passwords must be 8+ characters.  Email must be filled out, and username must be unique.</p>";
+//********** BEGIN CONTENT **********// ?>
 
+<h2 class="content-subhead">Add User</h2>
+<p>All fields are required!  Password must be 8+ characters.  Username and email must be unique.</p>
+<?php
 require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
 if (!empty($_POST['newuser']))
 {
@@ -31,18 +31,6 @@ if (!empty($_POST['newuser']))
     {
         $errors['password'] = "Password must be at least 8 charcaters.";
     }
-    // OPTIONAL
-    // Force passwords to contain at least one number and one special character.
-    /*
-    if (!preg_match('/[0-9]/', $_POST['password']))
-    {
-        $errors['password'] = "Password must contain at least one number.";
-    }
-    if (!preg_match('/[\W]/', $_POST['password']))
-    {
-        $errors['password'] = "Password must contain at least one special character.";
-    }
-    */
     if (empty($_POST['password_confirm']))
     {
         $errors['password_confirm'] = "Please confirm password.";
@@ -56,28 +44,15 @@ if (!empty($_POST['newuser']))
     {
         $errors['email'] = "Not a valid email address.";
     }
-
-    /**
-     * Check that the username and email aren't already in our database.
-     * Note the use of prepared statements. If you aren't using prepared
-     * statements, be sure to escape your data before passing it to the query.
-     *
-     * Note also the absence of SELECT *
-     * Grab the columns you need, nothing more.
-     */
     $query = "SELECT username, email
               FROM users
               WHERE username = :username OR email = :email";
-    $stmt = $sql->prepare($query);
+    $stmt = $yaptc_db->prepare($query);
     $stmt->execute(array(
         ':username' => $_POST['username'],
         ':email' => $email
     ));
 
-    /**
-     * There may well be more than one point of failure, but all we really need
-     * is the first one.
-     */
     $existing = $stmt->fetchObject();
 
     if ($existing)
@@ -93,26 +68,13 @@ if (!empty($_POST['newuser']))
     }
 }
 
-/**
- * If the form has been submitted and no errors were detected, we can proceed
- * to account creation.
- */
 if (!empty($_POST['newuser']) && empty($errors))
 {
-    /**
-     * Hash password before storing in database
-     */
     $hasher = new PasswordHash(8, FALSE);
     $password = $hasher->HashPassword($_POST['password']);
-
-    /**
-     * I'm going to mention it again because it's important; if you aren't using
-     * prepared statements, be sure to escape your data before passing it to
-     * your query.
-     */
     $query = "INSERT INTO users (firstname, lastname, username, password, email, created, usertype)
               VALUES (:firstname, :lastname, :username, :password, :email, NOW(), :usertype)";
-    $stmt = $sql->prepare($query);
+    $stmt = $yaptc_db->prepare($query);
     $success = $stmt->execute(array(
         ':firstname' => $_POST['firstname'],
         ':lastname' => $_POST['lastname'],
@@ -134,13 +96,6 @@ if (!empty($_POST['newuser']) && empty($errors))
 
 ?>
 
-<!DOCTYPE html>
-<html>
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-        <title>User Registration</title>
-    </head>
-    <body>
         <?php if (isset($message)): ?>
         <p class="success"><?php echo $message; ?></p>
         <?php endif; ?>
@@ -193,7 +148,7 @@ if (!empty($_POST['deluser']))
 {
 if ($_SERVER['REQUEST_METHOD'] == 'DELETE' || ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['_METHOD'] == 'DELETE')) {
     $deleteid = (int) $_POST['deleteid'];
-$deletequery = $sql->prepare("DELETE FROM users WHERE users.id=$deleteid");
+$deletequery = $yaptc_db->prepare("DELETE FROM users WHERE users.id=$deleteid");
 $deletequery->execute();
 echo "user deleted!";
     if ($deletequery !== false) {
@@ -205,45 +160,42 @@ echo "user deleted!";
 }
 
 
-echo "<h2 class=\"content-subhead\">User List</h2>";
-echo "<p>Current users.  To edit, select the edit button in the right column.</p>";
-$result = $sql->prepare("SELECT users.id as userid, users.username as username, users.email as email, users.created as created, users.firstname as firstname, users.lastname as lastname, users.usertype as usertypeid, usertypes.typename as usertype
-FROM yaptc.users
-INNER JOIN usertypes ON users.usertype = usertypes.id
-ORDER BY users.lastname ASC;");
-$result->execute();
-echo '<table class="pure-table">';
-echo '<thead>';
-echo '<tr>';
-echo '<th>First Name</th>';
-echo '<th>Last Name</th>';
-echo '<th>Username</th>';
-echo '<th>Email</th>';
-echo '<th>Created</th>';
-echo '<th>User Type</th>';
-echo '<th>Actions</th>';
-echo '</tr>';
-echo '</thead>';
-echo '<tbody>';
-while ($row = $result->fetch(PDO::FETCH_ASSOC))
-{
-echo "<tr>";
+?>
+
+<h2 class="content-subhead">User List</h2>
+<p>Current users.  To edit, select the edit button in the right column.</p>
+<table class="pure-table">
+<thead>
+<tr>
+<th>First Name</th>
+<th>Last Name</th>
+<th>Username</th>
+<th>Email</th>
+<th>Created</th>
+<th>User Type</th>
+<th>Actions</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<?php
+foreach (listUsers($yaptc_db) as $row) {
 echo "<td>" . $row['firstname'] . "</td>";
 echo "<td>" . $row['lastname'] . "</td>";
 echo "<td>" . $row['username'] . "</td>";
 echo "<td>" . $row['email'] . "</td>";
 echo "<td>" . $row['created'] . "</td>";
 echo "<td>" . $row['usertype'] . "</td>";
-?><td><form method="post" onsubmit="return confirm('Are you sure you want to delete this user?')">
+?>
+<td><form method="post" onsubmit="return confirm('WARNING! - WARNING! - WARNING! This will delete the user and ALL punches associated with them.  There is NO UNDO!  Are you sure?')">
 <input type="hidden" name="_METHOD" value="DELETE">
-<input type="hidden" name="deleteid" value="<?php echo $row['userid']; ?>"><button name="deluser" value="deluser" type="submit">Delete</button></form></td>
-<?php
-echo "</tr>";
-}
-echo '</tbody>';
-echo '</table>';
+<input type="hidden" name="deleteid" value="<?php echo $row['userid']; ?>"><button button class="button-error pure-button" name="deluser" value="deluser" type="submit">Delete</button></form></td>
+</tr>
+<?php } ?>
+</tbody>
+</table>
 
 
-//********** END CONTENT **********//
+<?php //********** END CONTENT **********//
 require_once($yaptc_inc . "footer.inc.php");
 ?>