diff --git a/DBConn.php b/DBConn.php
new file mode 100644
index 000000000..fc07fda42
--- /dev/null
+++ b/DBConn.php
@@ -0,0 +1,281 @@
+<?php
+class DBConn{
+	private $conn;
+	private $errors = array();
+	private $numRows = 0;
+	
+	function __construct()
+	{
+		$this->connectToDatabase();
+	}
+
+	function connectToDatabase()
+	{
+		$dsn = "mysql:dbname=db;host=localhost";
+		$user = "root";
+		$password = "";
+		try{
+			$this->conn = new PDO($dsn, $user, $password);
+		}
+		catch(Exception $e)
+		{
+			$this->errors[] = $e->getMessage();
+			return false;
+		}
+		return true;
+	}
+
+	function close()
+	{
+		$this->conn = NULL;
+	}
+
+	function rowCount()
+	{
+		return $this->numRows;
+	}
+
+	function update($query, $newValues = array(), $whereValues = array())
+	{	//echo "update function parameters passed in<br>newValues: ".print_r($newValues, true)."<br>whereValues: ".print_r($whereValues, true)."</pre>";
+		$this->numRows = 0;
+                $this->errors = array();
+		if(!is_array($newValues))
+		{
+			$newValues = (array)$newValues;
+		}
+		if(!is_array($whereValues))
+		{
+			$whereValues = (array)$whereValues;
+		}
+		$newValues = $this->clean($newValues);
+		$whereValues = $this->clean($whereValues);
+		try{
+			//echo "preparing update<br>";
+			if (($stmt = $this->conn->prepare($query)) === false)
+			{
+				$this->errors[] = "Error preparing update query: ".$query.PHP_EOL."Values: ".print_r($newValues, true).print_r($whereValues, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+			$count = 1;
+			if (count($newValues)>0)
+			{//echo "new values count > 0. <br>";
+				foreach($newValues as $key=>&$value)
+				{
+					//echo "binding value: $value<br>";
+					if(($stmt->bindParam($count, $value)) === false)
+					{
+						$this->errors[] = "Error binding 'new' parameters for update statement: ".$query.PHP_EOL."Values: ".print_r($newValues, true).print_r($whereValues, true);
+						$messageArray = $stmt->errorInfo();
+						$this->errors[] = $messageArray[2];
+						return false;
+					}
+					$count++;
+				}
+			}
+			if (count($whereValues)>0)
+			{//echo "where values count > 0.<br>";
+				foreach($whereValues as $key=>&$value)
+				{//echo "binding value: $value<br>";
+					if(($stmt->bindParam($count, $value)) === false)
+					{
+						$this->errors[] = "Error binding 'where' parameters for update statement: ".$query.PHP_EOL."Values: ".print_r($newValues, true).print_r($whereValues, true);
+						$messageArray = $stmt->errorInfo();
+						$this->errors[] = $messageArray[2];
+						return false;
+					}
+					$count++;
+				}
+			}
+			if (($stmt->execute()) === false)
+			{
+				$this->errors[] = "Error executing update statement: ".$query.PHP_EOL."Values: ".print_r($newValues, true).print_r($whereValues, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+			//echo "statement executed<br>";
+		}
+		catch(Exception $e)
+		{
+			$this->errors[] = $e->getMessage();
+			return false;
+		}
+		$this->numRows = $stmt->rowCount();
+		//echo "update statement should have been successful<br>";
+		return true;
+	}
+
+	function insert($query, $values = array())
+	{
+		$this->numRows = 0;
+                $this->errors = array();
+		if(!is_array($values))
+		{
+			$values = (array)$values;
+		}
+		$values = $this->clean($values);
+		try{
+			if (($stmt = $this->conn->prepare($query)) === false)
+			{
+				$this->errors[] = "Error preparing insert query: ".$query.PHP_EOL."Values: ".print_r($values, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+			if (count($values)>0)
+			{
+				foreach($values as $key=>&$value)
+				{
+					if(($stmt->bindParam($key + 1, $value)) === false)
+					{
+						$this->errors[] = "Error binding parameters for insert statement: ".$query.PHP_EOL."Values: ".print_r($values, true);
+						$messageArray = $stmt->errorInfo();
+						$this->errors[] = $messageArray[2];
+						return false;
+					}
+				}
+			}
+			if (($stmt->execute()) === false)
+			{
+				$this->errors[] = "Error executing insert statement: ".$query.PHP_EOL."Values: ".print_r($values, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+		}
+		catch(Exception $e)
+		{
+			$this->errors[] = $e->getMessage();
+			return false;
+		}
+		$this->numRows = $stmt->rowCount();
+		return true;
+	}
+
+
+	function select($query, $values = array())
+	{
+		$this->numRows = 0;
+                $this->errors = array();
+		if(!is_array($values))
+		{
+			$values = (array)$values;
+		}
+		$values = $this->clean($values);
+		try{
+			if (($stmt = $this->conn->prepare($query)) === false)
+			{
+				$this->errors[] = "Error preparing select query: ".$query.PHP_EOL."Values: ".print_r($values, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+			if(count($values)>0)
+			{
+				foreach($values as $key=>&$value)
+				{
+					if(($stmt->bindParam($key + 1, $value)) === false)
+					{
+						$this->errors[] = "Error binding parameters for select statement: ".$query.PHP_EOL."Values: ".print_r($values, true);
+						$messageArray = $stmt->errorInfo();
+						$this->errors[] = $messageArray[2];
+						return false;
+					}
+				}
+			}
+			if (($stmt->execute()) === false)
+			{
+				$this->errors[] = "Error executing select statement: ".$query.PHP_EOL."Values: ".print_r($values, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+			if (($rows = $stmt->fetchAll(PDO::FETCH_ASSOC)) === false)
+			{
+				$this->errors[] = "Error fetching rows for query: ".$query.PHP_EOL."Values: ".print_r($values, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+		}
+		catch(Exception $e)
+		{
+			$this->errors[] = $e->getMessage();
+			return false;
+		}
+		$this->numRows = count($rows);
+		return $rows;
+	}
+
+	function delete($query, $values = array())
+	{
+		$this->numRows = 0;
+                $this->errors = array();
+		if(!is_array($values))
+		{
+			$values = (array)$values;
+		}
+		$values = $this->clean($values);
+		try{
+			if (($stmt = $this->conn->prepare($query)) === false)
+			{
+				$this->errors[] = "Error preparing delete query: ".$query.PHP_EOL."Values: ".print_r($values, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+			if (count($values)>0)
+			{
+				foreach($values as $key=>&$value)
+				{
+					if(($stmt->bindParam($key + 1, $value)) === false)
+					{
+						$this->errors[] = "Error binding parameters for delete statement: ".$query.PHP_EOL."Values: ".print_r($values, true);
+					$messageArray = $stmt->errorInfo();
+					$this->errors[] = $messageArray[2];
+						return false;
+					}
+				}
+			}
+			if (($stmt->execute()) === false)
+			{
+				$this->errors[] = "Error executing delete statement: ".$query.PHP_EOL."Values: ".print_r($values, true);
+				$messageArray = $stmt->errorInfo();
+				$this->errors[] = $messageArray[2];
+				return false;
+			}
+		}
+		catch(Exception $e)
+		{
+			$this->errors[] = $e->getMessage();
+			return false;
+		}
+		$this->numRows = $stmt->rowCount();
+		return true;
+	}
+
+	function getErrors()
+	{
+		return $this->errors;
+	}
+
+	function clean($values = array())
+	{//echo "in clean, values passed in: <pre>".print_r($values, true)."</pre><br>";
+		$cleanValues = array();
+		foreach($values as $key=>$value)
+		{
+			if (is_array($value))
+			{
+				$cleanValues[$key] = $this->clean($value);
+			}
+			else
+			{
+				$cleanValues[$key] = htmlspecialchars($value);
+			}
+		}
+		return $cleanValues;
+	}
+}
+?>
diff --git a/DML/deleteFile.php b/DML/deleteFile.php
new file mode 100644
index 000000000..619125d9d
--- /dev/null
+++ b/DML/deleteFile.php
@@ -0,0 +1,22 @@
+<?php
+$servername = "localhost";
+$username = "root";
+$dbname = "db";
+
+// Create connection
+$conn = new mysqli($servername, $username, "", $dbname);
+
+// Check connection
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+}
+// prepare and bind
+$stmt = $conn->prepare("DELETE FROM file WHERE groupid =?)");
+$stmt->bind_param("i", $groupid);
+
+//execute
+$stmt->execute();
+$stmt->close();
+$conn->close();
+///filesystem operations still need to be dealt with
+?>
diff --git a/DML/getPermission.php b/DML/getPermission.php
new file mode 100644
index 000000000..90ae1c29f
--- /dev/null
+++ b/DML/getPermission.php
@@ -0,0 +1,28 @@
+<?php
+$servername = "localhost";
+$username = "root";
+$password = "";
+$dbname = "db";
+$input = "test";
+$id= "";
+
+// Create connection
+$conn = new mysqli($servername, $username, "", $dbname);
+// Check connection
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+}
+
+// prepare and bind
+$stmt = $conn->prepare("select permission_name FROM permission WHERE id=?");
+$stmt->bind_param("i", $usertypeid);
+
+//execute
+$stmt->execute();
+$stmt->bind_result($id);
+$stmt->store_result();
+$stmt->fetch();
+echo $id;
+$stmt->close();
+$conn->close();
+?>
diff --git a/DML/insertFile.php b/DML/insertFile.php
new file mode 100644
index 000000000..bee7d12df
--- /dev/null
+++ b/DML/insertFile.php
@@ -0,0 +1,20 @@
+<?php
+$servername = "localhost";
+$username = "root";
+$dbname = "db";
+// Create connection
+$conn = new mysqli($servername, $username, "", $dbname);
+// Check connection
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+}
+// prepare and bind
+$stmt = $conn->prepare("INSERT INTO file (groupid, path, activeuserflag) VALUES (?, ?, ?, ?)");
+$stmt->bind_param("sss", $username, $hashedpassword, $usertypeid, $activeuserflag);
+//execute
+$stmt->execute();
+$stmt->close();
+$conn->close();
+
+///filesystem operatinos still need to be dealt with
+?>
diff --git a/DML/insertUser.php b/DML/insertUser.php
index ba62dff11..42472af48 100644
--- a/DML/insertUser.php
+++ b/DML/insertUser.php
@@ -15,6 +15,13 @@
 $stmt = $conn->prepare("INSERT INTO user (username, hashedpassword, usertypeid, activeuserflag) VALUES (?, ?, ?, ?)");
 $stmt->bind_param("sss", $username, $hashedpassword, $usertypeid, $activeuserflag);
 
+//execute
+$stmt->execute();
+
+////set permission////
+// prepare and bind
+$stmt = $conn->prepare("INSERT INTO permissiongroup (permissionid) VALUES (?)");
+$stmt->bind_param("i", $permissionid);
 
 //execute
 $stmt->execute();
diff --git a/DML/loginQueries.php b/DML/loginQueries.php
new file mode 100644
index 000000000..229f04c23
--- /dev/null
+++ b/DML/loginQueries.php
@@ -0,0 +1,37 @@
+<?php
+
+$servername = "localhost";
+$username = "root";
+$password = "";
+$dbname = "db";
+
+$input = "test";
+
+$id= "";
+
+// Create connection
+$conn = new mysqli($servername, $username, "", $dbname);
+
+// Check connection
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+}
+
+// prepare and bind
+$stmt = $conn->prepare("select id from user WHERE username=? AND password=?");
+$stmt->bind_param("ss", $input,  $input);
+
+
+//execute
+$stmt->execute();
+
+$stmt->bind_result($id);
+$stmt->store_result();
+$stmt->fetch();
+
+echo $id;
+
+$stmt->close();
+$conn->close();
+
+?>
diff --git a/DML/note.txt b/DML/note.txt
new file mode 100644
index 000000000..93074aca4
--- /dev/null
+++ b/DML/note.txt
@@ -0,0 +1,3 @@
+these are meant to be included where needed
+
+updating a file would just entail deleting the original and creating a new one
diff --git a/DML/updateUser.php b/DML/updateUser.php
index f5ab91e38..be9f24894 100644
--- a/DML/updateUser.php
+++ b/DML/updateUser.php
@@ -20,6 +20,16 @@
 //execute
 $stmt->execute();
 
+
+////update permission////
+// prepare and bind
+$stmt = $conn->prepare("UPDATE permissiongroup SET permissionid=usertypeid");
+$stmt->bind_param("i", $permissionid);
+//execute
+$stmt->execute();
+
+
+
 $stmt->close();
 $conn->close();
 ?>
diff --git a/RADs logo.PNG b/RADs logo.PNG
new file mode 100644
index 000000000..1ab1e77dd
Binary files /dev/null and b/RADs logo.PNG differ
diff --git a/RADs tab.PNG b/RADs tab.PNG
new file mode 100644
index 000000000..d06a4d9cd
Binary files /dev/null and b/RADs tab.PNG differ
diff --git a/RADstab.ico b/RADstab.ico
new file mode 100644
index 000000000..08746e678
Binary files /dev/null and b/RADstab.ico differ
diff --git a/README.md b/README.md
index d20f1646a..cfb3690f0 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,90 @@
 # Group2Final
 Repository for Group 2 of the Final Project
 
-Link to Deployment:
+# Link to Deployment:
 http://138.197.129.215/Group2Final/login.php
+
+
+
+## Deployment Notes
+
+   The RADs software system was developed and tested on FreeBSD 11.0-RELEASE.  That said, it will work in any environment with mysql57, php56, and apache24, and appropriate modules, but the details for such a deployment are not listed here.
+
+
+### Operating System
+
+
+   FreeBSD was chosen for its reliability, security, and predictability in updates and releases.  It is a proven solution as shown by its use by companies such as Netflix and Yahoo, incidentally accounting for more than a third of all internet traffic in 2015 in north america. 
+
+### Database and Webserver
+
+
+   mysql and apache, again, were chosen as they are proven solutions and offer functionality in terms load balancing and high availability for future growth.  This functionality is not yet implemented.
+
+
+### Cloud Services Provider
+
+
+   For development and testing DigitalOcean was used, but any will do.
+
+
+### Step-by-Step Setup
+
+
+   Get to your root shell.  This is on you.
+
+
+Update and upgrade the operating system and install pkg if you do not want to compile ports from source.  The commands are as follows:
+
+	freebsd-update fetch
+	freebsd-update install
+	pkg
+	pkg update
+	pkg upgrade
+
+To at any time see what installed:
+
+	pkg info
+
+Install a text editor, git, and other packages:
+
+	pkg install nano git apache24 mysql57-server php56 php56-json php56-mysql php56-mysqli php56-pdo php56-pdo_mysql php56-session mod_php56
+
+
+Services in FreeBSD are started and stopped like in post-systemd linux.  For example “service apache24 restart” will restart.  Services to be started on boot are in the file “/etc/rc.conf”.  Do the following:
+Add “ apache24_enable=”YES” “ to /etc/rc.conf
+Add “ mysql_enable=”YES” “ to /etc/rc.conf
+You will now be able to start the services, or reboot to start the services.
+Run to create a php config file:
+
+	cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
+
+
+Add php functionality to apache configuration
+Add the following to /usr/local/etc/apache24/Includes/php.conf
+
+
+	<IfModule dir_module>
+	    DirectoryIndex index.php index.html
+	   <FilesMatch "\.php$">
+	        SetHandler application/x-httpd-php
+	    </FilesMatch>
+	    <FilesMatch "\.phps$">
+	        SetHandler application/x-httpd-php-source
+	    </FilesMatch>
+	</IfModule>
+
+
+Restart apache
+
+	service apache24 restart
+
+
+On the first start of mysql, it creates the hidden file in root’s home directory called “.mysql_secret”.  You can find this with ll.  cat it to see the preset password.  You will use this to log in to the mysql shell.
+
+Log into the mysql shell with “ mysql -u root -p ”.  Enter or paste the password from before.  Now you may, and should, choose to change the password.  Create a database “db” and source the .sql provided in the github repository.  The default credentials in the application for testing are “root”:””
+
+Navigate to /usr/local/www/apache24/data/ and git clone the github repository.  The application will now be running.
+
+	cd /usr/local/www/apache24/data/
+	git clone https://github.com/jvbkw8/Group2Final.git
diff --git a/account.php b/account.php
new file mode 100644
index 000000000..bd820693e
--- /dev/null
+++ b/account.php
@@ -0,0 +1,154 @@
+<?php
+include "security.php";
+if(!isset($_SESSION['ADMIN']) || $_SESSION['ADMIN'] == 0){
+	header("Location: /Group2Final/");
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<style>
+	input[type=checkbox] + label {
+  color: #ccc;
+  font-style: italic;
+} 
+input[type=checkbox]:checked + label {
+  color: #f00;
+  font-style: normal;
+}
+#error, #success{
+	position:fixed;
+	top:15px;
+	right:15px;
+	z-index:60000;
+}
+</style>
+<head>
+  <title>RADs(Research Analysis and Database for Scientists)</title>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+</head>
+
+<body>
+
+<?php
+	include "header.php";
+?>
+<div id="error" class="alert alert-danger" style="display:none"><?php echo $_GET['error'];?></div>
+<div id="success" class="alert alert-success" style="display:none"><?php echo $_GET['success'];?></div>
+<div class="container">
+<?php
+	require_once "DBConn.php";
+	$conn = new DBConn();
+	if($conn->connectToDatabase()){
+		$q = "SELECT id, username, isadmin, activeuserflag from db.user";
+		$rows = $conn->select($q);
+		$Yes = "<span style='color:green'>Yes</span>";
+		$No = "<span style='color:red'>No</span>";
+		if($rows){
+			?>
+			<table class="table">
+				<thead>
+					<th>Username</th>
+					<th>Active User?</th>
+					<th>Admin User?</th>
+					<th>Activate/Deactivate</th>
+					<th>Admin Control</th>
+					<th>Reset Password</th>
+				</thead>
+				<tbody>
+				<?php
+				foreach($rows as $row){
+				?>
+					<tr>
+						<td><?php echo $row['username'];?></td>
+						<td><?php if($row['activeuserflag']){echo $Yes;} else {echo $No;}?></td>
+						<td><?php if($row['isadmin']){echo $Yes;} else {echo $No;}?></td>
+						<td><div id="<?php echo $row['id']?>_active" class="btn btn-info" onclick="toggleUserActive(<?php echo $row['id'];?>);"><?php if($row['activeuserflag']){echo "Deactivate";} else {echo "Activate";}?></div></td>
+						<td><div id="<?php echo $row['id']?>_admin" class="btn btn-info" onclick="toggleUserAdmin(<?php echo $row['id'];?>);"><?php if($row['isadmin']){echo "De-adminify";} else {echo "Adminify";}?></div></td>
+						<td><div id="<?php echo $row['id']?>_password" class="btn btn-info" onclick="resetPassword(<?php echo $row['id'];?>);">Reset Password</div></td>
+					</tr>
+				<?php
+				}
+				?>
+				</tbody>
+			</table>
+			<?php
+		}
+	}
+?>
+</div>
+<script>
+	$(document).ready(function(){
+		<?php
+		if(isset($_GET['error'])){
+			?>
+			$('#error').show();
+			setTimeout(function(){
+				$("#error").fadeOut(1000);
+			}, 7000);
+			<?php
+		}
+		if(isset($_GET['success'])){
+			?>
+			$('#success').show();
+			setTimeout(function(){
+				$("#success").fadeOut(1000);
+			}, 7000);
+			<?php
+		}
+		?>
+	});
+	var timeout;
+	function toggleUserActive(id){
+		if($('#'+id+'_active').html() == "Activate"){
+			var action = "activateUser";
+		} else {
+			var action = "deactivateUser";
+		}
+		editUser(id, action);
+	}
+	
+	function resetPassword(id){
+		editUser(id, "resetPassword");	
+	}
+	
+	function toggleUserAdmin(id){
+		if($('#'+id+"_admin").html() == "Adminify"){
+			var action = "adminify";
+		} else {
+			var action = "deadminify";
+		}
+		editUser(id, action);
+	}
+	
+	function editUser(id, action){
+		$.ajax({
+			url:"editUser.php",
+			method:"POST",
+			data:{id:id, action:action},
+			success:function(html){
+				if(html.error){
+// 					$("#error").html(html.error);
+// 					$('#error').show();
+					locaton.replace("account.php?error="+html.error);
+				}
+				if(html.success){
+// 					$('#success').html(html.success);
+// 					$('#success').show();
+					location.replace("account.php?success="+html.success);
+				}
+			},
+			error:function(bla, error, errortext){
+// 				$('#error').html("Oops! Something went wrong.");
+// 				$('#error').show();
+				location.replace("account.php?error=Oops! Something went wrong.");
+// 				console.log("ajax error when toggling user active. " + error + " " + errortext);
+			},
+		});
+	}
+</script>
+</body>
+</html>
diff --git a/doupload.php b/doupload.php
new file mode 100644
index 000000000..f5a235f62
--- /dev/null
+++ b/doupload.php
@@ -0,0 +1,108 @@
+<?php
+
+session_start();
+
+$servername = "localhost";
+$username = "root";
+$password = "";
+$dbname = "db";
+
+// Create connection
+$conn = new mysqli($servername, $username, "", $dbname);
+
+// Check connection
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+}
+
+
+$max_file_size = 1024000*10000; //1mb?
+
+
+$numFilesNotUploaded = 0;
+$numFilesUploaded = 0;
+$error = array();
+if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST"){
+	
+	//set manifest name for all
+	$manifestname = $_POST["manifestname"];
+	
+	$stmt = $conn->prepare("SELECT name FROM manifest where name = ?");
+	$stmt->bind_param("s", $manifestname);
+	if(!$stmt->execute()){
+		$error[] = "Problem when checking if manifest name exists";
+	}
+	$mcheck = "";
+	$stmt->bind_result($mcheck);
+	while($stmt->fetch()){
+		$error[] = "Manifest name ".$mcheck." already exists.";
+	}
+	//insert manifest name and get its id
+	$stmt = $conn->prepare("INSERT INTO manifest(name) VALUES (?)");
+	$stmt->bind_param("s", $manifestname);	
+	if(!$stmt->execute()){
+		$error[] = "Manifest name not stored.";
+		break;
+	}
+	$manifestid = mysqli_insert_id($conn);
+	
+	if(count($error) == 0){
+		// for each file
+		foreach ($_FILES['files']['name'] as $f => $name) {
+		//echo $name;
+		//echo "<br>";
+		//continue;
+
+		    if ($_FILES['files']['error'][$f] == 4) {
+			continue; // Skip file if any error found
+		    }	       
+		    if ($_FILES['files']['error'][$f] == 0) {	           
+			if ($_FILES['files']['size'][$f] > $max_file_size) {
+			    $error[] = "$name is too large!";
+			    continue; // Skip large files
+			}
+
+			else{ // No error found
+				//for each file do these things
+				$binaryData = file_get_contents($_FILES['files']['tmp_name'][$f]);
+				$owner = $_SESSION['NAME'];
+				$null = NULL; //this made it all work
+
+				// prepare and bind
+				$stmt = $conn->prepare("INSERT INTO files (data, name, owner, manifestid) VALUES (?, ?, ?, ?)");
+				$stmt->bind_param("bssi", $null,  $name, $owner, $manifestid);
+				$stmt->send_long_data(0, $binaryData);	//this made it all work	
+				if(!$stmt->execute()){
+					$numFilesNotUploaded++;
+				} else {
+					$numFilesUploaded++;
+				}
+			}
+		    }
+		}
+	}
+} else {
+	$error[] = "No files uploaded.";
+}
+if($numFilesUploaded == 0){
+	$error[] = "No files uploaded";
+}
+if($numFilesNotUploaded > 0){
+	$plural = ($numFilesNotUploaded > 1)? "s":"";
+	$error[] = $numFilesNotUploaded." file".$plural." not uploaded.";
+}
+foreach($error as $msg){
+	$errorMsg .= $msg."<br>";	
+}
+if(isset($errorMsg)){
+	$errorMsg = rtrim($errorMsg, "<br>");
+}
+
+$stmt->close();
+$conn->close();
+if(isset($errorMsg)){
+	header( 'Location: /Group2Final/upload.php?error='.$errorMsg ) ;
+}else{
+	header('Location: /Group2Final/upload.php?success='.$numFilesUploaded);
+}
+?>
diff --git a/download.php b/download.php
new file mode 100644
index 000000000..38dd17e99
--- /dev/null
+++ b/download.php
@@ -0,0 +1,34 @@
+<?php
+include "security.php";
+
+$servername = "localhost";
+$username = "root";
+$password = "";
+$dbname = "db";
+
+
+
+
+
+$db_link = new mysqli('localhost', 'root', '', 'db');
+$query = "select * from files where id={$_GET["id"]};" or die('Error, query failed');;
+$result = mysqli_query($db_link, $query);
+
+
+//data  
+$row = mysqli_fetch_assoc($result);
+			
+$filename = $row['name'];
+//$mimetype = $row['mimetype'];
+$filedata = $row['data'];
+header("Content-length: ".strlen($filedata));
+//header("Content-type: 'image/png'");
+header("Content-disposition: download; filename=$filename");
+//$filedata=addslashes($filedata);
+echo $filedata;
+
+mysqli_close($db_link);
+
+exit();
+
+?>
diff --git a/editUser.php b/editUser.php
new file mode 100644
index 000000000..ce4aeabdd
--- /dev/null
+++ b/editUser.php
@@ -0,0 +1,58 @@
+<?php
+if(!isset($_POST['id']) || !isset($_POST['action'])){
+  echo json_encode(array("error"=>'Required data not sent'));
+  exit();
+}
+header("Content-Type: application/json");
+require "DBConn.php";
+$conn = new DBConn();
+if($conn->connectToDatabase()){
+  switch($_POST['action']){
+    case "resetPassword":
+      $newPassword = password_hash("password123", PASSWORD_DEFAULT);
+      $q = "UPDATE db.user SET hashedpassword = ? where id = ?";
+      if($conn->update($q, $newPassword, $_POST['id'])){
+        echo json_encode(array("success"=> 'Password is now password123'));        
+      } else {
+        echo json_encode(array("error"=> 'Password not reset'));
+      }
+      break;
+    case "activateUser":
+      $q = "UPDATE db.user SET activeuserflag = ? where id = ?";
+      if($conn->update($q, "1", $_POST['id'])){
+        echo json_encode(array("success"=> 'User activated'));
+      } else {
+        echo json_encode(array("error"=> 'User activation failed'));
+      }
+      break;
+    case "deactivateUser":
+      $q = "UPDATE db.user SET activeuserflag = ? where id = ?";
+      if($conn->update($q, "0", $_POST['id'])){
+        echo json_encode(array("success"=> 'User deactivated'));
+      } else {
+        echo json_encode(array("error"=> 'User deactivation failed'));
+      }
+      break;
+    case "adminify":
+      $q = "UPDATE db.user SET isadmin = ? where id = ?";
+      if($conn->update($q, '1', $_POST['id'])){
+        echo json_encode(array("success"=> 'User is now an admin'));
+      } else {
+        echo json_encode(array("error"=> 'Adminification failed'));
+      }
+      break;
+    case "deadminify":
+      $q = "UPDATE db.user SET isadmin = ? where id = ?";
+      if($conn->update($q, '0', $_POST['id'])){
+        echo json_encode(array("success"=> 'User is no longer an admin'));
+      } else {
+        echo json_encode(array("error"=> 'De-admnification failed'));
+      }
+      break;
+    default:
+      echo json_encode(array("error"=> 'Action requested is not clear. '.$_POST['action']));
+  }
+} else {
+  echo json_encode(array("error"=> 'Could not connect. Try again later'));
+}
+?>
diff --git a/header.php b/header.php
new file mode 100644
index 000000000..1e1ed5625
--- /dev/null
+++ b/header.php
@@ -0,0 +1,73 @@
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+<script>
+    $('head').ready(function(){
+        $('head').append($("<link rel='shortcut icon' href='RADstab.ico'>"));
+    });
+</script>
+<?php
+switch($_SERVER['PHP_SELF']){
+  case "/Group2Final/index.php":
+      $index_active = "active";
+      break;
+  case "/Group2Final/upload.php":
+      $upload_active = "active";
+      break;
+  case "/Group2Final/search.php":
+      $search_active = "active";
+      break;
+  case "/Group2Final/account.php":
+      $account_active = "active";
+      break;
+  case "/Group2Final/logout.php":
+      $logout_active = "active";
+      break;
+    case "/Group2Final/login.php":
+        $login_active = "active";
+        break;
+    case "/Group2Final/signup.php":
+        $signup_active = "active";
+        break;
+}
+?>
+<div style="width:100%; height:100%; overflow-y:none">
+<div style="border-bottom:1px solid black;padding-bottom:1em; position:fixed; top:0px; width:100%; z-index:50000; background-color:white;">
+    <h2><a href="index.php"><img src="RADs logo.PNG" width="200px" height="auto"></a><span style="padding:20px 25px 0px 0px;float:right;"><?php
+    $admin = "";
+    if(isset($_SESSION['ADMIN']) and $_SESSION['ADMIN'] == 1){
+      $admin = "super user ";
+    }
+    if(isset($_SESSION['NAME'])){
+      echo "Welcome ".$admin.$_SESSION['NAME']."!";
+    }
+    ?></span></h2>
+  <ul class="nav nav-pills nav-justified" style="position:relative; margin-top:-5em;width:800px; margin-left:auto; margin-right:auto">
+    <li class="<?=$index_active?>"><a href="index.php">Home</a></li>
+      <?php
+        if(isset($_SESSION['NAME'])){
+            ?>
+            <li class="<?=$upload_active?>"><a href="upload.php">Upload</a></li>
+            <li class="<?=$search_active?>"><a href="search.php">Search Manifests</a></li>
+            <?php
+        }
+        ?>
+    <?php
+       if(isset($_SESSION['ADMIN']) and $_SESSION['ADMIN'] == 1){
+          ?>
+          <li class="<?=$account_active?>"><a href="account.php">Account Manager</a></li>
+        <?php
+       }
+        if(isset($_SESSION['NAME'])){
+       ?>
+        <li class="<?=$logout_active?>"><a href="logout.php">Logout</a></li>
+       <?php
+        } else {
+         ?>
+          <li class="<?=$login_active?>"><a href="login.php">Login</a></li>
+          <li class="<?=$signup_active?>"><a href="signup.php">Sign Up</a></li>
+          <?php
+        }
+        ?>
+  </ul>
+</div>
+<div class="container" style="margin-top:150px; width:100%">
+    <div class="container" style="width:100%; height:100%; overflow-y:auto">
diff --git a/index.html b/index.html
deleted file mode 100644
index 88d2be11e..000000000
--- a/index.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>Final Project Group 2</title>
-</head>
-
-<body>
-  <h1>RADs(Research Analysis and Database for Scientists)</h1>
-  <p>Hello World!</p>
-
-<<<<<<< HEAD
-	<div>		
-		<a href="upload.html" class=" btn btn-info" type="submit" name="login" value="login">Upload</a>
-	</div>
-=======
-<p>Search bar</p>
->>>>>>> jvbkw8
-</body>
-</html>
diff --git a/index.php b/index.php
new file mode 100644
index 000000000..6337051c5
--- /dev/null
+++ b/index.php
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <title>RADs(Research Analysis and Database for Scientists)</title>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+</head>
+
+<body>
+
+<?php
+	session_start();
+	include "header.php";
+?>
+<div class="container">
+  <p> The goal of this application is to facilitate the research of computational social scientists and data scientists alike by serving as a repository for datasets and metadata following the Open Community Data eXchange (OCDX) specification.</p>
+  <p>
+  View the OCDX specification on their <a href="https://github.com/OCDX"> Github page.</a>
+  </p>
+</div>
+
+</body>
+</html>
diff --git a/login.php b/login.php
index 84e2b355e..1dacc9315 100644
--- a/login.php
+++ b/login.php
@@ -1,10 +1,8 @@
 <?php
-
-//	session_start(); // session starts with the help of this function
-
+session_start();
+$_SESSION = array();
+session_destroy();
 ?>
-
-
 <!DOCTYPE html>
 <html lang="en">
   <head>
@@ -20,78 +18,47 @@
 
     <title>RADs Login</title>
 
-   
     <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
-    
     <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" rel="stylesheet">
-    
-    <!--<link href="../bootstrap/assets/css/ie10-viewport-bug-workaround.css" rel="stylesheet">-->
-
-    
-    <!--<link href="app.css" rel="stylesheet">-->
-
-    
-    <!--<script src="../bootstrap/assets/js/ie-emulation-modes-warning.js"></script>-->
-		<script>
-
-
-		</script>
   </head>
 
   <body>
-  <?php //include "header.php"; 
-        include "connection.php";
-  ?>
-	<div class="container">
-		<?php
-            $user = $_POST['username'];
-            $userPaswword = $_POST['password'];
-            $action = '';
-            $link = mysqli_connect("$servername", "$username", "$password", "$dbname") or die ("Connection Error " . mysqli_error($link));
-            $sql = "SELECT username, passsword FROM user WHERE username = '$user' AND password= '$password';";
-            $result = mysqli_query($link, $sql);
-            $row = mysql_fetch_array($query);
-
-            if (isset($_POST['login']) && !empty($user) 
-               && !empty($userPaswword)) {
-				
-               if ($user == $row['username'] && $userPaswword == $row['password'] ) {
-                header("location: index.html");
-                 
-               }else {
-                  $action = 'Wrong username or password';
-               }
-            }
-         ?>
-		<div class="row">
-			<div class="col-md-4 col-sm-4 col-xs-3"></div>
-			<div class="col-md-4 col-sm-4 col-xs-6">
-				<h2>Login</h2>
-				<form action="<?=$_SERVER['PHP_SELF']?>" method="POST">
-					<div class="row form-group">
-							<input class='form-control' type="text" name="username" placeholder="username">
-					</div>
-					<div class="row form-group">
-							<input class='form-control' type="password" name="password" placeholder="password">
-					</div>
-					<div class="row form-group">
-							<input class=" btn btn-info" type="submit" name="submit" value="Login"/>
-					</div>
-				</form>
-
-			</div>
-
+<?php
+	include "header.php";	  
+?>
+	<div class="row">
+		<div class="col-md-4 col-sm-4 col-xs-3"></div>
+		<div class="col-md-4 col-sm-4 col-xs-6">
+			<h2>Login</h2>
+			<form action="loginVerify.php" method="POST">
+				<div class="row form-group">
+						<input id="user" class='form-control' type="text" name="username" placeholder="username">
+				</div>
+				<div class="row form-group">
+						<input id="password" class='form-control' type="password" name="userpassword" placeholder="password">
+				</div>
+				<div class="row form-group">
+						<input class=" btn btn-info" type="submit" name="submit" value="Login"/>
+				</div>
+			</form>
 		</div>
-
-
-
-
-		
+	  </div>
+	  <div class="row">
+		  <div class="col-md-4 col-sm-4 col-xs-3"></div>
+		  <div id="error" class="alert alert-danger col-md-4 col-sm-4 col-xs-6" style="display:none"><?php if(isset($_GET['error'])){echo $_GET['error'];}?></div>
+	  </div>
 	<!-- Bootstrap core JavaScript
     ================================================== -->
     <!-- Placed at the end of the document so the pages load faster -->
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
     <!--<script>window.jQuery || document.write('<script src="../../assets/js/vendor/jquery.min.js"><\/script>')</script>-->
-    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+	  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
   </body>
+	<script>
+		$(document).ready(function(){
+			if($("#error").html() != ""){
+				$("#error").toggle();
+			}
+		});
+	</script>
 </html>
diff --git a/loginTests.php b/loginTests.php
new file mode 100644
index 000000000..27adf277b
--- /dev/null
+++ b/loginTests.php
@@ -0,0 +1,57 @@
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+<script>
+  var loginCredentials = [
+    {test:true, username:"", userpassword:"",expected:"false"}, //no username or password
+    {test:true, username:"", userpassword:"test", expected:"false"},//no username
+    {test:true, username:"testing", userpassword: "invalidpassword", expected:"false"}, //valid username, invalid password
+    {test:true, username:"testing", userpassword: "test", expected:"true"}, //valid username and password
+    {test:true, username:"tesTIng", userpassword: "test", expected:"false"}, //username with capitals changed, password that would work for username: testing
+    {test:true, username:"testing", userpassword: "teSt", expected:"false"}, //valid username, password with capitals changed
+    {test:true, username:"admin", userpassword: "admin", expected:"true"}, //another valid username and password
+    {test:true, username:"admin;delete from user where username = 'testing';", userpassword:"admin", expected:"false"}, //sql injection!!!
+    {test:true, username:"testing", userpassword: "test", expected:"true"} //test if the known account is still there after the sql injection attempt
+  ]
+  for(var i = 0; i < loginCredentials.length; i++){
+    $.ajax({
+      url:"loginVerify.php",
+      data: loginCredentials[i],
+      method: "POST",
+      success: function(html){
+        var newRow = $('<tr>');
+        var testPassed = "success";
+        if(html.test_passed == "false"){
+          testPassed = "danger";
+        }
+        newRow.append($('<td>').html(html.test_passed))
+          .append($('<td>').html(html.login_success))
+          .append($('<td>').html(html.login_expected))
+          .append($('<td>').html(html.username))
+          .append($('<td>').html(html.password))
+          .append($('<td>').html(html.isadmin))
+          .append($('<td>').html(html.error))
+          .addClass(testPassed);
+        $('#results').append(newRow);
+      },
+      error: function(jqxhr, errortext, errornum){
+        console.log("ajax error: " + errortext);
+      }
+    });
+  }
+</script>
+<head> 
+  <link href = "//maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css" rel = "stylesheet">
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+</head>
+<table class="table table-bordered table-hover table-striped">
+  <thead>
+    <th>Test Passed</th>
+    <th>Login Success</th>
+    <th>Expected Success?</th>
+    <th>Username</th>
+    <th>Password</th>
+    <th>Admin?</th>
+    <th>DB Errors</th>
+  </thead>
+  <tbody id="results">
+  </tbody>
+</table>
diff --git a/loginVerify.php b/loginVerify.php
new file mode 100644
index 000000000..511a0f73d
--- /dev/null
+++ b/loginVerify.php
@@ -0,0 +1,100 @@
+<?php
+	if(isset($_POST['test'])){
+		header("Content-Type: application/json");
+	}
+        $user_name = $_POST['username'];
+        $user_password = $_POST['userpassword'];
+	if(!$user_name or !$user_password){
+		if(isset($_POST['test'])){
+			$errorstring = "";
+			$passed = "false";
+			if($_POST['expected'] == "false"){
+				$passed = "true";
+			}
+			$returnarray = array("login_success"=>"false",
+					    "login_expected"=>$_POST['expected'],
+					    "test_passed"=>$passed,
+					    "username"=>$user_name,
+					    "password"=>$user_password,
+					    "error"=>$errorstring);
+			echo json_encode($returnarray);
+// 			echo "{login_success: 'false',
+// 			login_expected: '".$_POST['expected']."',
+// 			test_passed: '".$passed."',
+// 			username: '".addslashes($user_name)."',
+// 			error: '".$errorstring."'}";
+		} else {
+			header("Location: login.php?error=Invalid username or password");
+		}
+		exit();
+	}
+	session_start(); // session starts with the help of this function
+	require_once "DBConn.php";
+	$dbconn = new DBConn();
+	if($dbconn->connectToDatabase()){
+		$sql = "SELECT username, isadmin, hashedpassword FROM db.user WHERE BINARY username = ? AND activeuserflag = 1;";
+		$rows = $dbconn->select($sql, array($user_name));
+		if($rows !== false && count($rows) == 1){
+			$row = $rows[0];
+			$errorstring = "";
+		} else {
+			$errorstring = "Username not found.";
+		}
+		$errorstring = "";
+		if(count($errors = $dbconn->getErrors()) > 0){
+			foreach($errors as $error){
+				$errorstring .= $error."<br>";
+			}
+			$errorstring = rtrim($errorstring, "<br>");
+		}
+		if(!$errorstring and isset($row['hashedpassword']) and password_verify($user_password, $row['hashedpassword'])){
+			$_SESSION['NAME'] = $user_name;
+			$_SESSION['ADMIN'] = $row['isadmin'];
+			if(isset($_POST['test'])){
+				$passed = "false";
+				if($_POST['expected'] == "true"){
+					$passed = "true";
+				}
+				$returnarray = array("login_success"=>"true",
+						    "login_expected"=>$_POST['expected'],
+						    "test_passed"=>$passed,
+						    "username"=>$user_name,
+						    "password"=>$user_password,
+						    "isadmin"=>$row['isadmin'],
+						    "error"=>$errorstring);
+				echo json_encode($returnarray);
+// 				echo "{login_success: 'true',
+// 				login_expected: '".$_POST['expected']."',
+// 				test_passed: '".$passed."',
+// 				username: '".addslashes($user_name)."',
+// 				isadmin: '".$row['isadmin']."',
+// 				error: '0'}";
+			} else {
+				header("Location: index.php");
+			}
+			exit();
+		} else {
+			if(isset($_POST['test'])){
+				$passed = "false";
+				if($_POST['expected'] == "false"){
+					$passed = "true";
+				}
+				$returnarray = array("login_success"=>"false",
+						    "login_expected"=>$_POST['expected'],
+						    "test_passed"=>$passed,
+						    "username"=>$user_name,
+						    "password"=>$user_password,
+						    "error"=>$errorstring);
+				echo json_encode($returnarray);
+// 				echo "{login_success: 'false',
+// 				login_expected: '".$_POST['expected']."',
+// 				test_passed: '".$passed."',
+// 				username: '".addslashes($user_name)."',
+// 				error: '".$errorstring."'}";
+			} else {
+				header("Location: login.php?error=Invalid username or password");
+			}
+			exit();
+		}
+	} else {header("Location: login.php?error=Problems connecting.  Please try again later.");}
+?>
diff --git a/logout.php b/logout.php
new file mode 100644
index 000000000..d4c63a621
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,6 @@
+<?php
+session_start();
+$_SESSION = array();
+session_destroy();
+header("Location: login.php");
+?>
diff --git a/pagemap.png b/pagemap.png
new file mode 100644
index 000000000..0d0bc577e
Binary files /dev/null and b/pagemap.png differ
diff --git a/search.php b/search.php
new file mode 100644
index 000000000..8f0553cfa
--- /dev/null
+++ b/search.php
@@ -0,0 +1,187 @@
+<?php
+include "security.php";
+
+$servername = "localhost";
+$username = "root";
+$password = "";
+$dbname = "db";
+?>
+
+<?php
+//gets file id via post from search screen table and deletes data
+//nathan hensel
+if(isset($_POST['deleteid']))
+	{
+	$db_link = new mysqli('localhost', 'root', '', 'db');
+	$query = "delete from files where id={$_POST["deleteid"]};" or die('Error, query failed');;
+	$result = mysqli_query($db_link, $query);
+	$query = "select count(files.id) as numFiles, manifest.id from manifest left join files on files.manifestid = manifest.id group by manifest.id;";
+	$result = mysqli_query($db_link, $query);
+	while($row = mysqli_fetch_assoc($result)){
+		if($row['numFiles'] == 0){
+			$query = "DELETE from manifest where id = ".$row['id'];
+			mysqli_query($db_link, $query);
+		}
+	}
+
+	mysqli_close($db_link);
+
+	header( 'Location: /Group2Final/search.php' ) ;
+	exit();
+	}
+?>
+
+
+
+
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" rel="stylesheet">
+
+<title>Search Manifests</title>
+</head>
+
+<style>
+table {
+    font-family: arial, sans-serif;
+    border-collapse: collapse;
+    width: 50%;
+}
+
+td, th {
+    border: 1px solid #3fb4d7;
+    text-align: left;
+    padding: 8px;
+}
+
+tr:nth-child(even) {
+    background-color: #dddddd;
+}
+</style>
+
+<body>
+<?php
+	include "header.php";
+?>
+
+<div class="container">
+		<div class="row">
+			<div class="col-md-3 col-sm-10 col-xs-10">
+				<div>
+				<form action="/Group2Final/search.php" method="post">				
+					  <label for="example-first-input" class=" col-form-label">By Filename:</label>			 
+					  <br>
+					  <input class="form-control" type="text" placeholder="" name="searchname" value="<?php if(isset($_POST['searchname'])){echo $_POST['searchname'];}?>">
+					  <br>
+					  
+					  <input type="submit" value="Search" class="btn btn-info">
+				</form>
+
+
+				<br>
+				<br>
+				<form action="/Group2Final/search.php" method="post">
+					  <label for="example-first-input" class="col-form-label">By Username:</label>
+					  <br>						  
+					  <input class="form-control" type="text" placeholder="" name="searchowner" value="<?php if(isset($_POST['searchowner'])){echo $_POST['searchowner'];}?>">
+					  <br>
+					  
+					  <input type="submit" value="Search" class="btn btn-info">
+				</form>
+				<br>
+				<br>
+				<form action="/Group2Final/search.php" method="post">
+					  <label for="example-first-input" class="col-form-label">By Manifest:</label>
+					  <br>						  
+					  <input class="form-control" type="text" placeholder="" name="searchmanifest" value="<?php if(isset($_POST['searchmanifest'])){echo $_POST['searchmanifest'];}?>">
+					  <br>
+					  
+					  <input type="submit" value="Search" class="btn btn-info">
+				</form>
+				</div>
+			</div>
+			<div class="col-md-9 col-sm-10 col-xs-10">
+<?php
+//This block gets all the files and constructs a table.  more to come
+	$db_link = new mysqli('localhost', 'root', '', 'db');
+
+	if(isset($_POST['searchowner']))
+		{
+		$query = "select files.*, manifest.name as manifestname from files left join manifest on files.manifestid = manifest.id where owner LIKE '%{$_POST["searchowner"]}%';";
+		}
+	elseif(isset($_POST['searchname']))
+		{
+		$query = "select files.*, manifest.name as manifestname from files left join manifest on files.manifestid = manifest.id where files.name LIKE '%{$_POST["searchname"]}%';";
+		}
+	elseif(isset($_POST['searchmanifest']))
+		{
+		$query = "select files.*, manifest.name as manifestname from files left join manifest on manifest.id = files.manifestid where manifest.name LIKE '%{$_POST["searchmanifest"]}%';";
+		}
+	else
+		{
+		$query = "select files.*, manifest.name as manifestname from files left join manifest on manifest.id = files.manifestid;";
+		}
+
+	if ($result = mysqli_query($db_link, $query)){
+		?>
+		<table style="width:100%">
+			<tr>
+				<th>File Name</th>
+				<th>Owner</th>
+				<th>Get File</th>
+				<th>View Manifest</th>
+				<th>Manifest Name</th>
+				<th>Delete File?</th>
+			</tr>
+				
+		<?php
+		//data  
+		while ($row = mysqli_fetch_assoc($result))
+		{
+			//echo print_r($row);continue;
+		     $manifestname = (isset($row['manifestname']))?$row['manifestname']:"";
+		     ?>
+			<tr>
+				<td><?php echo $row["name"];?></td>
+				<td><?php echo $row['owner'];?></td>
+				<td><a href='download.php?id=<?php echo $row["id"];?>' class='btn btn-info'>Download</a></td>
+				<td><form action='search.php' method='post'><button type="submit" name='searchmanifest' class='btn btn-info' value='<?php echo $row['manifestname'];?>'>View Files From This Manifest</button></form></td>
+				<td><?php echo $manifestname;?></td>
+				<?php
+				if($row["owner"] == $_SESSION['NAME'] || (isset($_SESSION['ADMIN']) && $_SESSION['ADMIN'] == 1)){
+					?>
+					<td><form action='search.php' method='post'><button type='submit' name='deleteid' value="<?php echo $row["id"];?>" class='btn btn-info'>Delete</button></form></td>
+					<?php
+				} else {
+					?>
+					<td>You Are Not The Owner</td>
+					<?php
+				}
+			?>
+			</tr>
+			<?php
+		    }
+		?>
+		</table>
+		<?php
+		    mysqli_free_result($result);
+		    mysqli_close($db_link);
+	}
+	?>
+		</div>
+	</div>
+</div>
+		
+
+	    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+ 	    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+
+</body>
+</html>
diff --git a/security.php b/security.php
new file mode 100644
index 000000000..095ee30f1
--- /dev/null
+++ b/security.php
@@ -0,0 +1,22 @@
+<?php
+session_start();
+$requireLogin = false;
+if(!isset($_SESSION['NAME'])){
+  $requireLogin = true;
+} else {
+  include "connection.php";
+  $conn = new mysqli($servername, $username, $password, $dbname);
+  $query = "SELECT * from user where BINARY username = '".$_SESSION['NAME']."' and activeuserflag = 1";
+  $r = mysqli_query($conn, $query);
+  if($r->num_rows != 1){
+     $requireLogin = true;
+  } else {
+    $row = mysqli_fetch_assoc($r);
+    $_SESSION['ADMIN'] = $row['isadmin'];
+  }
+  
+}
+if($requireLogin){
+  header("Location: /Group2Final/login.php");
+}
+?>
diff --git a/signup.php b/signup.php
new file mode 100644
index 000000000..5c8e040cc
--- /dev/null
+++ b/signup.php
@@ -0,0 +1,67 @@
+<?php
+session_start();
+$_SESSION = array();
+session_destroy();
+?>
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+   
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
+	
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="favicon.ico">
+
+    <title>RADs Signup</title>
+
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" rel="stylesheet">
+  </head>
+
+  <body>
+	  <?php
+	  include "header.php";
+	  ?>
+	<div class="row">
+		<div class="col-md-4 col-sm-4 col-xs-3"></div>
+		<div class="col-md-4 col-sm-4 col-xs-6">
+			<h2>Sign Up</h2>
+			<form action="signupVerify.php" method="POST">
+				<div class="row form-group">
+						<input id="user" class='form-control' type="text" name="username" placeholder="username">
+				</div>
+				<div class="row form-group">
+						<input id="password" class='form-control' type="password" name="userpassword" placeholder="password">
+				</div>
+        <div class="row form-group">
+          <input id="password-confirm" class="form-control" type="password" name="password_confirm" placeholder="confirm password">
+          </div>
+				<div class="row form-group">
+						<input class=" btn btn-info" type="submit" name="submit" value="Sign Up"/>
+				</div>
+			</form>
+		</div>
+	  </div>
+	  <div class="row">
+		  <div class="col-md-4 col-sm-4 col-xs-3"></div>
+		  <div id="error" class="alert alert-danger col-md-4 col-sm-4 col-xs-6" style="display:none"><?php if(isset($_GET['error'])){echo $_GET['error'];}?></div>
+	  </div>
+	<!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+    <!--<script>window.jQuery || document.write('<script src="../../assets/js/vendor/jquery.min.js"><\/script>')</script>-->
+	  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+  </body>
+	<script>
+		$(document).ready(function(){
+			if($("#error").html() != ""){
+				$("#error").toggle();
+			}
+		});
+	</script>
+</html>
diff --git a/signupVerify.php b/signupVerify.php
new file mode 100644
index 000000000..d07916043
--- /dev/null
+++ b/signupVerify.php
@@ -0,0 +1,33 @@
+<?php
+    $user_name = $_POST['username'];
+    $user_password = $_POST['userpassword'];
+    $user_password_confirm = $_POST['password_confirm'];
+    if(!$user_name or !$user_password or !$user_password_confirm){
+      header("Location: signup.php?error=Please fill in all fields");
+        exit();
+    }
+    if($user_password != $user_password_confirm){
+      header("Location: signup.php?error=Passwords must match");
+        exit();
+    }
+    include "connection.php";
+    $conn = new mysqli($servername, $username, $password);
+    $usernamecheck = "select * from db.user where BINARY username = '$user_name';";
+    //echo $usernamecheck;
+    $result = $conn->query($usernamecheck);
+    if($result->num_rows != 0){
+        header("Location: signup.php?error=Username already exists");
+        exit();
+    }
+    $hashedPassword = password_hash($user_password, PASSWORD_DEFAULT);
+    $sql = "INSERT into db.user (username, hashedpassword, activeuserflag, isadmin) values ('$user_name', '$hashedPassword', 1, 0);";
+    //echo $sql;exit();
+    $conn->query($sql);
+    if($conn->affected_rows != 1){
+      header("Location: signup.php?error=Information not stored");
+        exit();
+    }
+    session_start();
+    $_SESSION[NAME] = $user_name;
+    header("Location: index.php");
+?>
diff --git a/upload.html b/upload.html
deleted file mode 100644
index e00a59cc2..000000000
--- a/upload.html
+++ /dev/null
@@ -1,77 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- 	<meta charset="utf-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-
-    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
-	
-	<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
-
-    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" rel="stylesheet">
-<title>Upload Form</title>
-</head>
-<body>
-<div class="container">
-		<div class="row">
-			<div class="col-md-12 col-sm-10 col-xs-310"></div>
-			<div class="col-md-8 col-sm-10 col-xs-10">
-				<h2>Upload Form</h2>
-				<form action="<?=$_SERVER['PHP_SELF']?>" method="POST">
-					<div class="form-group row">
-						<label for="example-first-input" class="col-xs-2 col-form-label">First Name:</label>
-						<div class="col-xs-10">
-							<input class="form-control" type="text" placeholder="First Name" id="firstname">
-							<br>
-					</div>
-					</div>
-					<div class="form-group row">
-						<label for="example-last-input" class="col-xs-2 col-form-label">Last Name:</label>
-						<div class="col-xs-10">
-							<input class="form-control" type="text" placeholder="Last Name" id="lastname">
-							<br>
-					</div>
-					</div>
-					<div class="form-group row">
-  						<label for="example-date-input" class="col-xs-2 col-form-label">Date</label>
- 						<div class="col-xs-10">
-							 <input class="form-control" type="date" value="2016-01-01" id="example-date-input">
-							 <br>
- 					 </div>	
- 					 </div>
- 					 <div class="form-group row">
-						<label for="example-user-input" class="col-xs-2 col-form-label">User Type:</label>
- 					 		<input type="radio" name="user" value="student">Student
-							<input type="radio" name="user" value="researcher">Researcher
- 					 		<input type="radio" name="user" value="Data Scientist">Data Scientist<br>
-					</div>
-					<form method="post" enctype="multipart/form-data">
-            <input type="file" name="my_file[]" multiple>
-        </form>
-        <?php
-            if (isset($_FILES['my_file'])) {
-                $myFile = $_FILES['my_file'];
-                $fileCount = count($myFile["name"]);
-
-                for ($i = 0; $i < $fileCount; $i++) {
-                    ?>
-                        
-                    <?php
-                }
-            }
-        ?><br>
-					<div class="row form-group">
-							<a href="index.html" class=" btn btn-info" type="submit" name="login" value="login">Submit</a>
-					</div>
-				</form>
-		</div>
-			</div>
-</div>
-		</div>
-</div>	</div> </div>
-	    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
- 	    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
-
-</body>
-</html>
diff --git a/upload.php b/upload.php
new file mode 100644
index 000000000..3a155092d
--- /dev/null
+++ b/upload.php
@@ -0,0 +1,87 @@
+<?php
+include "security.php";
+
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8">
+	<meta http-equiv="X-UA-Compatible" content="IE=edge">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
+	<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
+	<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" rel="stylesheet">
+	<title>Upload Manifest</title>
+</head>
+
+<body>
+<?php
+	include "header.php";
+?>
+<br>
+<br>
+<?php
+	$s = "";	//for plural files
+	if (isset ($_GET["error"]))
+		{
+		echo '<div class="alert alert-danger" id="alertbad">';
+		echo "<strong>Error!</strong> {$_GET['error']}";
+		echo '</div>';
+		}
+	else if (isset ($_GET['success']))
+		{
+		if ($_GET['success'] >= 1)
+			{
+			$s = "s";	//if plural
+			}
+		echo '<div class="alert alert-success" id="alertgood">';
+		echo "<strong>Success!</strong> {$_GET['success']} file{$s} uploaded.";
+		echo '</div>';
+		}
+		
+?>
+	
+	
+<br>
+<div class="container">
+  <form action="doupload.php" method="post" enctype="multipart/form-data" onsubmit="return checkForm(this)";>
+    <input type="file" id="file" name="files[]" multiple="multiple" minFiles="1" />
+    <br>
+    Manifest Name:
+    <br>
+    <input type="text" id="inputfield" name="manifestname" />
+    <br>
+    <br>
+    <input class="btn btn-info" type="submit" value="Upload" />
+  </form>
+</div>
+
+	
+<script type="text/javascript">
+  function checkForm(form)
+  {
+    // validation fails if the input is blank
+    if(form.inputfield.value == "")
+    	{
+	alert("No manifest name");
+	form.inputfield.focus();
+	return false;
+    }
+   if(form.file.value == "")
+   	{
+	alert("No files selected");
+	form.inputfield.focus();
+	return false;   
+   	}
+  else
+  	{
+	// validation was successful
+	return true;
+	}
+  }
+
+</script>
+	
+	
+</body>
+</html>
diff --git a/uploadcheck.php b/uploadcheck.php
new file mode 100644
index 000000000..f0f6a2143
--- /dev/null
+++ b/uploadcheck.php
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" rel="stylesheet">
+</head>
+<title>Upload Check</title>
+<?php
+	require('./login.php'); //Login page must exist
+	
+	//If no session exists
+	if(!$_SESSION) echo "You are not logged in. Please log in and try again.";
+	
+$target_dir = "./docs/uploads/";
+$target_file = $target_dir . basename($_FILES["my_file"]["name"]); //Name of file
+$allowedExts = array("doc", "docx"); //Allow both
+$extension = end(explode(".", $_FILES["my_file"]["name"]);
+$upload_max_filesize = 1000000000; //1GB worth of information
+$max_file_uploads = 10; //NEEDS DISCUSSION - Number of uploaded files available for one upload session
+
+if(($_FILES["my_file"]["type"] == "application/msword") //doc
+	|| ($_FILES["my_file"]["type"] -- "application/vnd.openxmlformats-officedocument.wordprocessingml.document") //docx
+	&& ($_FILES["my_file"]["size"] < $upload_max_filesize )) // Less than 1 GB & End if
+
+	if($_FILES == NULL) echo "Please choose a file to submit.";
+
+	if ($_FILES["my_file"]["error"] == 0) echo "Uploaded document successfully"; //Success
+	if ($_FILES["my_file"]["error"] == 4) echo "You need to add a file to upload!"; //Fail
+	if ($_FILES["my_file"]["error"] != 0 && $_FILES["file"]["error"] != 4) echo "File failed to upload"; //Fail
+
+?>
+
+	    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+ 	    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+		
+<body>
+<script>
+</script>
+</body>
+</html>
\ No newline at end of file
