From 152adc8e3cecaf5b370a29b7dcfd4646be4cb17d Mon Sep 17 00:00:00 2001
From: Steven Tracey <steven@nevets.tech>
Date: Mon, 14 Jul 2025 22:08:10 -0400
Subject: [PATCH] V2 ish

---
 README.md                                     |   6 +
 db.go                                         | 132 +++++++-
 formatDB.sql                                  |  20 +-
 go.mod                                        |  14 +-
 go.sum                                        |  23 +-
 html/genqr.html                               |  69 ++++
 html/home.html                                |   4 +-
 html/register.html                            |  65 ++++
 html/verify.html                              |   8 +-
 main.go                                       | 248 ++------------
 renderHtml.bat                                |  15 +-
 static/qrcode.min.js                          |   1 +
 static/register.js                            |  29 ++
 static/style.css                              |  93 +++++-
 .../base.html.tmpl                            |   8 +-
 templates/error.html.tmpl                     |  30 --
 templates/info.html.tmpl                      |   4 +-
 util.go                                       |  86 +++++
 web.go                                        | 304 ++++++++++++++++++
 19 files changed, 874 insertions(+), 285 deletions(-)
 create mode 100644 html/genqr.html
 create mode 100644 html/register.html
 create mode 100644 static/qrcode.min.js
 create mode 100644 static/register.js
 rename html/unauthorized.html => templates/base.html.tmpl (79%)
 delete mode 100644 templates/error.html.tmpl
 create mode 100644 util.go
 create mode 100644 web.go

diff --git a/README.md b/README.md
index 1fb3b56..26ec401 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,8 @@
 # LuggageTracker
 
+## TODO
+- Geo Tagging when scanned
+
 ## Envs
 - PORT.................| 8080
 - DB_USER..............| user
@@ -11,6 +14,9 @@
 - DB_CERT_PATH.........| /etc/ssl/client-cert.pem
 - DB_KEY_PATH..........| /etc/ssl/private/client-key.pem
 - DB_SKIP_VERIFY.......| true
+- SECURE_SESSION.......| true
+- AUTHENTICATION_KEY...| xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
+- ENCRYPTION_KEY.......| xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
 - CORS_ALLOWED_ORIGINS.| http://localhost:8080,https://example.com
 
 ## Endpoints
diff --git a/db.go b/db.go
index 617f50a..b2a82a8 100644
--- a/db.go
+++ b/db.go
@@ -1,12 +1,14 @@
 package main
 
 import (
+	"crypto/rand"
 	"crypto/tls"
 	"crypto/x509"
 	"database/sql"
 	"errors"
 	"fmt"
 	"github.com/go-sql-driver/mysql"
+	"io"
 	"log"
 	"os"
 	"strconv"
@@ -17,7 +19,8 @@ type LDB struct {
 	db *sql.DB
 }
 
-var NoEntriesFoundError error = errors.New("no entries found")
+var NoEntriesFoundError = errors.New("no entries found")
+var CodeExistsError = errors.New("code already exists")
 
 func createTLSConf(skipVerify bool) tls.Config {
 	rootCertPool := x509.NewCertPool()
@@ -90,7 +93,7 @@ func connect() *LDB {
 	return &LDB{db}
 }
 
-func (ldb *LDB) queryUser(userName string) (u *User, newError error) {
+func (ldb *LDB) queryUser(userName string) (*User, error) {
 	db := ldb.db
 
 	queryStr := `
@@ -125,6 +128,81 @@ func (ldb *LDB) queryUser(userName string) (u *User, newError error) {
 	return user, nil
 }
 
+func RandNum(length int) string {
+	b := make([]byte, length)
+	n, err := io.ReadAtLeast(rand.Reader, b, length)
+	if n != length {
+		panic(err)
+	}
+	for i := 0; i < len(b); i++ {
+		b[i] = table[int(b[i])%len(table)]
+	}
+	return string(b)
+}
+
+var table = [...]byte{'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'}
+
+func (ldb *LDB) createUser(user *User) (*string, error) {
+	db := ldb.db
+
+	insertStr := `
+		INSERT INTO addresses(street1, street2, city, state, postal_code, country, created_at, updated_at)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?);
+		SELECT last_insert_id();
+`
+	stmt, err := db.Prepare(insertStr)
+	if err != nil {
+		return nil, err
+	}
+	row := stmt.QueryRow(
+		user.MailingAddress.Street1, user.MailingAddress.Street2, user.MailingAddress.City, user.MailingAddress.State,
+		user.MailingAddress.PostalCode, user.MailingAddress.Country, time.Now(), time.Now(),
+	)
+	var id int64
+	err = row.Scan(&id)
+	if err != nil {
+		return nil, err
+	}
+	insertStr = `
+		INSERT INTO users(user_name, contact_name, secret_codes, contact_number, email_address, mailing_address)
+		VALUES (?, ?, ?, ?, ?, ?);
+`
+	stmt, err = db.Prepare(insertStr)
+	if err != nil {
+		return nil, err
+	}
+
+	code := RandNum(6)
+	_, err = stmt.Exec(user.UserName, user.ContactName, code, user.ContactName, user.EmailAddress, user.MailingAddress)
+	if err != nil {
+		return nil, err
+	}
+	return &code, nil
+}
+
+func (ldb *LDB) getUsers() ([]string, error) {
+	db := ldb.db
+
+	queryStr := `
+		SELECT user_name FROM users;
+`
+	rows, err := db.Query(queryStr)
+	if err != nil {
+		return nil, err
+	}
+
+	var users []string
+	var user string
+	for rows.Next() {
+		err = rows.Scan(&user)
+		if err != nil {
+			return nil, err
+		}
+		users = append(users, user)
+	}
+	return users, nil
+}
+
 func (ldb *LDB) updateToken(userName string, token string) error {
 	db := ldb.db
 
@@ -143,3 +221,53 @@ func (ldb *LDB) updateToken(userName string, token string) error {
 	}
 	return nil
 }
+
+// Creates an 8-digit token with GenerateToken, then inserts it into the db
+// If the generated token already exists it will be regenerated up to 10 times
+// Returns the token and any errors
+func (ldb *LDB) createRegistrationCode() (*string, error) {
+	db := ldb.db
+	code, err := GenerateToken(8)
+	if err != nil {
+		return nil, err
+	}
+
+	for i := 0; i < 10; i++ {
+		_, err = db.Exec(
+			"INSERT INTO registration_codes (registration_code, expiration) VALUES (?, ?)",
+			code, time.Now(),
+		)
+		if err == nil {
+			return &code, nil
+		}
+
+		var mySqlErr *mysql.MySQLError
+		if errors.As(err, &mySqlErr) && mySqlErr.Number == 1062 {
+			continue
+		}
+
+		return nil, err
+	}
+
+	return nil, errors.New("could not generate a unique token after 10 retries")
+}
+
+// Queries DB for any matching code
+// Returns no error if code is found
+// Otherwise returns NoEntryFoundError
+func (ldb *LDB) checkRegistrationCode(code string) error {
+	db := ldb.db
+
+	querySql := `
+		SELECT * FROM registration_codes
+		WHERE registration_code=?;
+`
+	rows, err := db.Query(querySql, code)
+	if err != nil {
+		return err
+	}
+	if rows.Next() {
+		return nil
+	}
+	return NoEntriesFoundError
+}
diff --git a/formatDB.sql b/formatDB.sql
index d6c86db..7d491f7 100644
--- a/formatDB.sql
+++ b/formatDB.sql
@@ -14,6 +14,7 @@ CREATE TABLE addresses (
 CREATE TABLE users (
     id BIGINT NOT NULL AUTO_INCREMENT,
     user_name TEXT NOT NULL,
+    contact_name TEXT NOT NULL,
     secret_codes TEXT NOT NULL,
     current_token TEXT,
     token_creation TIMESTAMP,
@@ -21,5 +22,22 @@ CREATE TABLE users (
     email_address TEXT NOT NULL,
     mailing_address BIGINT NOT NULL,
     PRIMARY KEY (id),
-    FOREIGN KEY (mailing_address) REFERENCES addresses(id)
+    FOREIGN KEY (mailing_address) REFERENCES addresses(id),
+    UNIQUE (user_name)
+);
+
+CREATE TABLE accounts(
+                         id BIGINT NOT NULL AUTO_INCREMENT,
+                         email TEXT NOT NULL,
+                         passwordHash TEXT NOT NULL,
+                         PRIMARY KEY (id),
+                         UNIQUE (email)
+);
+
+CREATE TABLE registration_codes(
+    id BIGINT AUTO_INCREMENT NOT NULL,
+    registration_code TEXT NOT NULL,
+    expiration TIMESTAMP NOT NULL,
+    PRIMARY KEY (id),
+    UNIQUE (registration_code)
 );
\ No newline at end of file
diff --git a/go.mod b/go.mod
index c400387..8c49633 100644
--- a/go.mod
+++ b/go.mod
@@ -1,32 +1,42 @@
 module LuggageLocatorBackend
 
-go 1.23.2
+go 1.24.2
+
+toolchain go1.24.5
 
 require (
+	github.com/JGLTechnologies/gin-rate-limit v1.5.6
 	github.com/gin-contrib/cors v1.7.6
 	github.com/gin-gonic/gin v1.10.1
 	github.com/go-sql-driver/mysql v1.9.3
+	github.com/golang-jwt/jwt/v4 v4.5.2
 )
 
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/bytedance/sonic v1.13.3 // indirect
 	github.com/bytedance/sonic/loader v0.2.4 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
+	github.com/gin-contrib/sessions v1.0.4 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.26.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/gorilla/context v1.1.2 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
-	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/redis/go-redis/v9 v9.7.3 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.3.0 // indirect
 	golang.org/x/arch v0.18.0 // indirect
diff --git a/go.sum b/go.sum
index e129fe2..91230cc 100644
--- a/go.sum
+++ b/go.sum
@@ -1,21 +1,32 @@
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/JGLTechnologies/gin-rate-limit v1.5.6 h1:BrL2wXrF7SSqmB88YTGFVKMGVcjURMUeKqwQrlmzweI=
+github.com/JGLTechnologies/gin-rate-limit v1.5.6/go.mod h1:fwUuBegxLKm8+/4ST0zDFssRFTFaVZ7bH3ApK7iNZww=
+github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
+github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bytedance/sonic v1.13.3 h1:MS8gmaH16Gtirygw7jV91pDCN33NyMrPbN7qiYhEsF0=
 github.com/bytedance/sonic v1.13.3/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
 github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
 github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
 github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
 github.com/gin-contrib/cors v1.7.6 h1:3gQ8GMzs1Ylpf70y8bMw4fVpycXIeX1ZemuSQIsnQQY=
 github.com/gin-contrib/cors v1.7.6/go.mod h1:Ulcl+xN4jel9t1Ry8vqph23a60FwH9xVLd+3ykmTjOk=
+github.com/gin-contrib/sessions v1.0.4 h1:ha6CNdpYiTOK/hTp05miJLbpTSNfOnFg5Jm2kbcqy8U=
+github.com/gin-contrib/sessions v1.0.4/go.mod h1:ccmkrb2z6iU2osiAHZG3x3J4suJK+OU27oqzlWOqQgs=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
@@ -32,9 +43,17 @@ github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1
 github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
+github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -58,6 +77,8 @@ github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM=
+github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
diff --git a/html/genqr.html b/html/genqr.html
new file mode 100644
index 0000000..882b70a
--- /dev/null
+++ b/html/genqr.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
+</head>
+<body>
+
+<header class="header">
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
+    <div class="spacer"></div>
+</header>
+<div class="container">
+    <div class="content flex-vertical">
+        <div class="section-one">
+            <h1>QR Code</h1>
+            <a id="qr-link" href="">
+                <div id="qr"></div>
+            </a>
+        </div>
+        <div class="section-two">
+            <div id="loading"></div>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
+</footer>
+
+<script src="/static/qrcode.min.js"></script>
+<script>
+    const path = window.location.pathname;
+    const parts = path.split("/");
+    const user = parts.pop();
+    let url = location.protocol + "//" + location.host + "/u/" + user;
+
+    const qrcode = new QRCode(document.getElementById('qr'), {
+        text: url,
+        width: 1024,
+        height: 1024,
+        colorDark : '#000',
+        colorLight : '#fff',
+        correctLevel : QRCode.CorrectLevel.L
+    });
+
+    let qrLink = document.getElementById("qr-link");
+    let qrImg = document.querySelector("#qr img");
+    console.log(qrImg.src);
+    qrLink.setAttribute("download", "qrcode-" + user + ".png");
+
+    const delay = ms => new Promise(res => setTimeout(res, ms));
+    const setHref = async () => {
+        while (!qrLink.href.startsWith("data:")) {
+            await delay(100);
+            qrLink.setAttribute("href", qrImg.src);
+            console.log("Refreshing...");
+        }
+        document.getElementById("loading").remove();
+    };
+    setHref();
+</script>
+</body>
+</html>
\ No newline at end of file
diff --git a/html/home.html b/html/home.html
index 2701d6a..aa25fb4 100644
--- a/html/home.html
+++ b/html/home.html
@@ -9,7 +9,9 @@
 <body>
 
 <header class="header">
-    <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
     <h1 class="title">My Luggage Info</h1>
     <div class="spacer"></div>
 </header>
diff --git a/html/register.html b/html/register.html
new file mode 100644
index 0000000..ac5f2ba
--- /dev/null
+++ b/html/register.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
+    <title>My Luggage Info</title>
+    <link rel="stylesheet" href="/static/style.css?v=43">
+</head>
+<body>
+
+<header class="header">
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
+    <h1 class="title">My Luggage Info</h1>
+    <div class="spacer"></div>
+</header>
+<div class="container">
+    <div class="content flex-vertical">
+        <div class="section-one">
+            <h1>Registration</h1>
+        </div>
+        <div class="section-two">
+            <form id="reg-form" accept-charset="UTF-8" action="/api/register" method="post">
+                <div class="inputs">
+                    <div class="flex flex-vertical">
+                        <label class="label-left" for="name">Name</label>
+                        <input id="name" name="name" type="text" placeholder="John Doe">
+                        <label class="label-left" for="user-id">User ID</label>
+                        <input id="user-id" name="user-id" type="text" placeholder="jdoe">
+                        <label class="label-left" for="email">Email Address</label>
+                        <input id="email" name="email" type="text" placeholder="johndoe@example.com">
+                        <label class="label-left" for="phone-number">Phone Number</label>
+                        <input id="phone-number" name="phone-number" type="text" placeholder="+1(212)555-1234">
+                        <label class="label-left" for="registration_code">Registration Code</label>
+                        <input id="registration_code" name="registration_code" type="text" placeholder="xxxxxxxx">
+                        <p id="msg-box"></p>
+                    </div>
+                    <div class="flex flex-vertical">
+                        <label class="label-left" for="street1">Street Line 1</label>
+                        <input id="street1" name="street1" type="text" placeholder="123 Main Street">
+                        <label class="label-left" for="street2">Street Line 2</label>
+                        <input id="street2" name="street2" type="text" placeholder="(Optional)">
+                        <label class="label-left" for="city">City</label>
+                        <input id="city" name="city" type="text" placeholder="Anytown">
+                        <label class="label-left" for="state">State</label>
+                        <input id="state" name="state" type="text" placeholder="New York">
+                        <label class="label-left" for="postal-code">Postal Code</label>
+                        <input id="postal-code" name="postal-code" type="text" placeholder="12345">
+                        <label class="label-left" for="country">Country</label>
+                        <input id="country" name="country" type="text" placeholder="United States">
+                    </div>
+                </div>
+                <input class="btn" type="submit" value="Register">
+            </form>
+        </div>
+    </div>
+</div>
+
+<footer class="footer">
+    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
+</footer>
+<script src="/static/register.js"></script>
+</body>
+</html>
\ No newline at end of file
diff --git a/html/verify.html b/html/verify.html
index c01bdc4..e6416e4 100644
--- a/html/verify.html
+++ b/html/verify.html
@@ -9,7 +9,9 @@
 <body>
 
 <header class="header">
-    <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
     <h1 class="title">My Luggage Info</h1>
     <div class="spacer"></div>
 </header>
@@ -18,10 +20,10 @@
         <div class="section-one flex-horizontal">
             <label for="code">Secret Code (SC):</label>
             <input id="code" type="text">
-            <button id="submitBtn">Submit</button>
+            <button id="submitBtn" class="btn">Submit</button>
         </div>
         <div class="section-two flex-vertical">
-            <p id="status" class="hidden">Text</p>
+            <p id="status" class="hidden"></p>
         </div>
     </div>
 </div>
diff --git a/main.go b/main.go
index 3ab305d..abd29ba 100644
--- a/main.go
+++ b/main.go
@@ -2,86 +2,19 @@ package main
 
 import (
 	"context"
-	"crypto/rand"
-	"database/sql"
-	"encoding/base64"
-	"errors"
-	"fmt"
 	"github.com/gin-contrib/cors"
+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"log"
-	"net/http"
 	"os"
 	"strings"
 	"time"
 )
 
-type Address struct {
-	Id         int64     `json:"-"`
-	Street1    string    `json:"street1" form:"street1"`
-	Street2    *string   `json:"street2,omitempty" form:"street2,omitempty"`
-	City       string    `json:"city" form:"city"`
-	State      *string   `json:"state,omitempty" form:"state,omitempty"`
-	PostalCode string    `json:"postal_code" form:"postal_code"`
-	Country    string    `json:"country" form:"country"`
-	CreatedAt  time.Time `json:"-"`
-	UpdatedAt  time.Time `json:"-"`
-}
-
-type User struct {
-	Status         int32   `json:"status"`
-	Id             int64   `json:"-"`
-	UserName       string  `json:"user_name" form:"user_name"`
-	ContactName    string  `json:"contact_name" form:"contact_name"`
-	SecretCodes    string  `json:"-"`
-	CurrentToken   *string `json:"-"`
-	ContactNumber  string  `json:"contact_number" form:"phone_number"`
-	EmailAddress   string  `json:"email_address" form:"email_address"`
-	MailingAddress Address `json:"mailing_address"`
-}
-
-func GenerateToken(n int) (string, error) {
-	b := make([]byte, n)
-	if _, err := rand.Read(b); err != nil {
-		return "", fmt.Errorf("reading random bytes: %w\n", err)
-	}
-	return base64.RawURLEncoding.EncodeToString(b), nil
-}
-
-func startCleanupLoop(ctx context.Context, db *sql.DB, interval, ttl time.Duration) {
-	ticker := time.NewTicker(interval)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-ctx.Done():
-			return
-
-		case <-ticker.C:
-			if err := cleanupExpired(db, ttl); err != nil {
-				log.Printf("token cleanup error: %v\n", err)
-			}
-		}
-	}
-}
-
-func cleanupExpired(db *sql.DB, ttl time.Duration) error {
-	sqlStmt := `
-		DELETE FROM users
-        WHERE token_creation < DATE_SUB(NOW(), INTERVAL ? SECOND);
-`
-	res, err := db.Exec(sqlStmt, int(ttl.Seconds()))
-	if err != nil {
-		return err
-	}
-
-	n, _ := res.RowsAffected()
-	log.Printf("token cleanup: deleted %d rows\n", n)
-	return nil
-}
+var db *LDB
 
 func main() {
-	db := connect()
+	db = connect()
 	defer db.db.Close()
 
 	ctx, cancel := context.WithCancel(context.Background())
@@ -90,6 +23,9 @@ func main() {
 
 	r := gin.Default()
 	gin.SetMode(gin.ReleaseMode)
+	createSessionStore()
+	r.Use(sessions.Sessions("luggageinfo_session", sessionStore))
+	createRateLimiters()
 
 	allowedOrigins := strings.Split(os.Getenv("CORS_ALLOWED_ORIGINS"), ",")
 	r.Use(cors.New(cors.Config{
@@ -104,166 +40,26 @@ func main() {
 	r.StaticFile("/favicon.ico", "./static/favicon.ico")
 	r.LoadHTMLGlob("./templates/*")
 
-	r.GET("/", func(c *gin.Context) {
-		c.File("./html/home.html")
-	})
-	r.GET("/ping", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{
-			"message": "pong",
-		})
-	})
+	r.GET("/", htmlRL, webRoot)
+	r.GET("/register", htmlRL, webRegister)
+	r.GET("/register/success", htmlRL, webRegisterSuccess)
+	r.GET("/qr/:user", htmlRL, webQr)
+	r.GET("/ping", webPing)
 
 	api := r.Group("/api")
-	api.GET("/u/:user", func(c *gin.Context) {
-		user, err := db.queryUser(c.Param("user"))
-		if user.CurrentToken == nil {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
-				"status": 401,
-				"error":  "Unauthorized",
-			})
-		} else if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
-			if err != nil {
-				if errors.Is(err, NoEntriesFoundError) {
-					c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
-						"status": 401,
-						"error":  "Unauthorized",
-					})
-				} else {
-					fmt.Printf("Error: %s\n", err)
-					c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{
-						"status": 500,
-						"error":  err.Error(),
-					})
-				}
-			} else {
-				c.JSON(http.StatusOK, user)
-			}
-		} else {
-			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
-				"status": 401,
-				"error":  "Unauthorized",
-			})
-		}
-	})
-	api.GET("/verify/:user", func(c *gin.Context) {
-		user, err := db.queryUser(c.Param("user"))
-		if err != nil {
-			if errors.Is(err, NoEntriesFoundError) {
-				c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
-					"status": 404,
-					"user":   "",
-					"error":  "User not found",
-				})
-			} else {
-				fmt.Printf("Error: %s\n", err)
-				c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
-					"status": 500,
-					"user":   "",
-					"error":  err.Error(),
-				})
-			}
-		} else {
-			codes := strings.Split(user.SecretCodes, "'")
-			responded := false
-			for _, code := range codes {
-				codeHeader := c.GetHeader("Authorization")
-				reqCode := strings.Split(codeHeader, " ")
-				if strings.Compare(code, reqCode[len(reqCode)-1]) == 0 {
-					token, err := GenerateToken(16)
-					if err != nil {
-						c.JSON(http.StatusInternalServerError, gin.H{
-							"status": 500,
-							"user":   "",
-							"error":  err.Error(),
-						})
-						responded = true
-						break
-					} else {
-						err = db.updateToken(user.UserName, token)
-						if err != nil {
-							c.JSON(http.StatusInternalServerError, gin.H{
-								"status": 500,
-								"user":   "",
-								"error":  err.Error(),
-							})
-							responded = true
-							break
-						} else {
-							user.Status = 200
-							c.JSON(http.StatusOK, gin.H{
-								"status": 200,
-								"user":   user.UserName,
-								"error":  "",
-								"token":  token,
-							})
-							responded = true
-							break
-						}
-					}
-				}
-			}
-			if !responded {
-				c.JSON(http.StatusNotFound, gin.H{
-					"status": "404",
-					"user":   "",
-					"error":  "User not found",
-				})
-			}
-		}
-	})
-	api.POST("/register/:user", func(c *gin.Context) {
-		var newUser User
-		err := c.Bind(&newUser)
-		if err != nil {
-			fmt.Printf("Error: %v", err)
-		}
-		c.JSON(http.StatusOK, newUser)
-	})
+	api.GET("/u/:user", jsonRL, webUserApi)
+	api.GET("/verify/:user", jsonRL, webVerifyUserApi)
+	api.GET("/checkname/:user", jsonRL, webCheckNameApi)
+	api.POST("/register", jsonRL, webRegisterApi)
 
 	user := r.Group("/u")
-	user.GET("/:user", func(c *gin.Context) {
-		c.File("./html/verify.html")
-	})
-	user.GET("/:user/info", func(c *gin.Context) {
-		user, err := db.queryUser(c.Param("user"))
-		if user.CurrentToken == nil {
-			c.Status(http.StatusUnauthorized)
-			c.File("./html/unauthorized.html")
-		} else if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
-			if err != nil {
-				if errors.Is(err, NoEntriesFoundError) {
-					c.Status(http.StatusUnauthorized)
-					c.File("./html/unauthorized.html")
-				} else {
-					fmt.Printf("Error: %s\n", err)
-					c.HTML(http.StatusInternalServerError, "error.html.tmpl", gin.H{
-						"error": err.Error(),
-					})
-				}
-			} else {
-				addressStr := fmt.Sprintf("%s", user.MailingAddress.Street1)
-				if user.MailingAddress.Street2 == nil {
-					addressStr = fmt.Sprintf("%s, %s", addressStr, user.MailingAddress.City)
-				} else {
-					addressStr = fmt.Sprintf("%s, %s, %s", addressStr, *user.MailingAddress.Street2, user.MailingAddress.City)
-				}
-				if user.MailingAddress.State == nil {
-					addressStr = fmt.Sprintf("%s, %s, %s", addressStr, user.MailingAddress.PostalCode, user.MailingAddress.Country)
-				} else {
-					addressStr = fmt.Sprintf("%s, %s, %s, %s", addressStr, *user.MailingAddress.State, user.MailingAddress.PostalCode, user.MailingAddress.Country)
-				}
-				c.HTML(http.StatusOK, "info.html.tmpl", gin.H{
-					"contact_name":  user.ContactName,
-					"phone_number":  user.ContactNumber,
-					"email_address": user.EmailAddress,
-					"address":       addressStr,
-				})
-			}
-		} else {
-			c.Status(http.StatusUnauthorized)
-			c.File("./html/unauthorized.html")
-		}
-	})
+	user.GET("/:user", htmlRL, webUser)
+	user.GET("/:user/info", htmlRL, webUserInfo)
+
+	auth := r.Group("/auth")
+	auth.GET("/login", htmlRL, webLoginAuth)
+	auth.POST("/login", htmlRL, webLoginAuthPost)
+	auth.GET("/logout", htmlRL, webLogoutAuth)
 
 	err := r.Run()
 	if err != nil {
diff --git a/renderHtml.bat b/renderHtml.bat
index 98df8c8..cb50f62 100644
--- a/renderHtml.bat
+++ b/renderHtml.bat
@@ -1,17 +1,20 @@
 @echo off
 title Render HTML from PHP
 
-del .\html\*
-del .\static\style.css
-del .\static\verify.js
-del .\templates\*
+del /s /q .\html\*
+del /s /q .\static\style.css
+del /s /q .\static\verify.js
+del /s /q .\static\register.js
+del /s /q .\templates\*
 
 curl -o ./html/home.html http://localhost:8080/home.php
-curl -o ./html/unauthorized.html http://localhost:8080/unauthorized.php
+curl -o ./html/register.html http://localhost:8080/register.php
 curl -o ./html/verify.html http://localhost:8080/verify.php
+curl -o ./html/genqr.html http://localhost:8080/genqr.php
 
+curl -o ./templates/base.html.tmpl http://localhost:8080/generic.php
 curl -o ./templates/info.html.tmpl http://localhost:8080/info.php
-curl -o ./templates/error.html.tmpl http://localhost:8080/error.php
 
 curl -o ./static/verify.js http://localhost:8080/static/verify.js
+curl -o ./static/register.js http://localhost:8080/static/register.js
 curl -o ./static/style.css http://localhost:8080/static/style.css
diff --git a/static/qrcode.min.js b/static/qrcode.min.js
new file mode 100644
index 0000000..993e88f
--- /dev/null
+++ b/static/qrcode.min.js
@@ -0,0 +1 @@
+var QRCode;!function(){function a(a){this.mode=c.MODE_8BIT_BYTE,this.data=a,this.parsedData=[];for(var b=[],d=0,e=this.data.length;e>d;d++){var f=this.data.charCodeAt(d);f>65536?(b[0]=240|(1835008&f)>>>18,b[1]=128|(258048&f)>>>12,b[2]=128|(4032&f)>>>6,b[3]=128|63&f):f>2048?(b[0]=224|(61440&f)>>>12,b[1]=128|(4032&f)>>>6,b[2]=128|63&f):f>128?(b[0]=192|(1984&f)>>>6,b[1]=128|63&f):b[0]=f,this.parsedData=this.parsedData.concat(b)}this.parsedData.length!=this.data.length&&(this.parsedData.unshift(191),this.parsedData.unshift(187),this.parsedData.unshift(239))}function b(a,b){this.typeNumber=a,this.errorCorrectLevel=b,this.modules=null,this.moduleCount=0,this.dataCache=null,this.dataList=[]}function i(a,b){if(void 0==a.length)throw new Error(a.length+"/"+b);for(var c=0;c<a.length&&0==a[c];)c++;this.num=new Array(a.length-c+b);for(var d=0;d<a.length-c;d++)this.num[d]=a[d+c]}function j(a,b){this.totalCount=a,this.dataCount=b}function k(){this.buffer=[],this.length=0}function m(){return"undefined"!=typeof CanvasRenderingContext2D}function n(){var a=!1,b=navigator.userAgent;return/android/i.test(b)&&(a=!0,aMat=b.toString().match(/android ([0-9]\.[0-9])/i),aMat&&aMat[1]&&(a=parseFloat(aMat[1]))),a}function r(a,b){for(var c=1,e=s(a),f=0,g=l.length;g>=f;f++){var h=0;switch(b){case d.L:h=l[f][0];break;case d.M:h=l[f][1];break;case d.Q:h=l[f][2];break;case d.H:h=l[f][3]}if(h>=e)break;c++}if(c>l.length)throw new Error("Too long data");return c}function s(a){var b=encodeURI(a).toString().replace(/\%[0-9a-fA-F]{2}/g,"a");return b.length+(b.length!=a?3:0)}a.prototype={getLength:function(){return this.parsedData.length},write:function(a){for(var b=0,c=this.parsedData.length;c>b;b++)a.put(this.parsedData[b],8)}},b.prototype={addData:function(b){var c=new a(b);this.dataList.push(c),this.dataCache=null},isDark:function(a,b){if(0>a||this.moduleCount<=a||0>b||this.moduleCount<=b)throw new Error(a+","+b);return this.modules[a][b]},getModuleCount:function(){return this.moduleCount},make:function(){this.makeImpl(!1,this.getBestMaskPattern())},makeImpl:function(a,c){this.moduleCount=4*this.typeNumber+17,this.modules=new Array(this.moduleCount);for(var d=0;d<this.moduleCount;d++){this.modules[d]=new Array(this.moduleCount);for(var e=0;e<this.moduleCount;e++)this.modules[d][e]=null}this.setupPositionProbePattern(0,0),this.setupPositionProbePattern(this.moduleCount-7,0),this.setupPositionProbePattern(0,this.moduleCount-7),this.setupPositionAdjustPattern(),this.setupTimingPattern(),this.setupTypeInfo(a,c),this.typeNumber>=7&&this.setupTypeNumber(a),null==this.dataCache&&(this.dataCache=b.createData(this.typeNumber,this.errorCorrectLevel,this.dataList)),this.mapData(this.dataCache,c)},setupPositionProbePattern:function(a,b){for(var c=-1;7>=c;c++)if(!(-1>=a+c||this.moduleCount<=a+c))for(var d=-1;7>=d;d++)-1>=b+d||this.moduleCount<=b+d||(this.modules[a+c][b+d]=c>=0&&6>=c&&(0==d||6==d)||d>=0&&6>=d&&(0==c||6==c)||c>=2&&4>=c&&d>=2&&4>=d?!0:!1)},getBestMaskPattern:function(){for(var a=0,b=0,c=0;8>c;c++){this.makeImpl(!0,c);var d=f.getLostPoint(this);(0==c||a>d)&&(a=d,b=c)}return b},createMovieClip:function(a,b,c){var d=a.createEmptyMovieClip(b,c),e=1;this.make();for(var f=0;f<this.modules.length;f++)for(var g=f*e,h=0;h<this.modules[f].length;h++){var i=h*e,j=this.modules[f][h];j&&(d.beginFill(0,100),d.moveTo(i,g),d.lineTo(i+e,g),d.lineTo(i+e,g+e),d.lineTo(i,g+e),d.endFill())}return d},setupTimingPattern:function(){for(var a=8;a<this.moduleCount-8;a++)null==this.modules[a][6]&&(this.modules[a][6]=0==a%2);for(var b=8;b<this.moduleCount-8;b++)null==this.modules[6][b]&&(this.modules[6][b]=0==b%2)},setupPositionAdjustPattern:function(){for(var a=f.getPatternPosition(this.typeNumber),b=0;b<a.length;b++)for(var c=0;c<a.length;c++){var d=a[b],e=a[c];if(null==this.modules[d][e])for(var g=-2;2>=g;g++)for(var h=-2;2>=h;h++)this.modules[d+g][e+h]=-2==g||2==g||-2==h||2==h||0==g&&0==h?!0:!1}},setupTypeNumber:function(a){for(var b=f.getBCHTypeNumber(this.typeNumber),c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[Math.floor(c/3)][c%3+this.moduleCount-8-3]=d}for(var c=0;18>c;c++){var d=!a&&1==(1&b>>c);this.modules[c%3+this.moduleCount-8-3][Math.floor(c/3)]=d}},setupTypeInfo:function(a,b){for(var c=this.errorCorrectLevel<<3|b,d=f.getBCHTypeInfo(c),e=0;15>e;e++){var g=!a&&1==(1&d>>e);6>e?this.modules[e][8]=g:8>e?this.modules[e+1][8]=g:this.modules[this.moduleCount-15+e][8]=g}for(var e=0;15>e;e++){var g=!a&&1==(1&d>>e);8>e?this.modules[8][this.moduleCount-e-1]=g:9>e?this.modules[8][15-e-1+1]=g:this.modules[8][15-e-1]=g}this.modules[this.moduleCount-8][8]=!a},mapData:function(a,b){for(var c=-1,d=this.moduleCount-1,e=7,g=0,h=this.moduleCount-1;h>0;h-=2)for(6==h&&h--;;){for(var i=0;2>i;i++)if(null==this.modules[d][h-i]){var j=!1;g<a.length&&(j=1==(1&a[g]>>>e));var k=f.getMask(b,d,h-i);k&&(j=!j),this.modules[d][h-i]=j,e--,-1==e&&(g++,e=7)}if(d+=c,0>d||this.moduleCount<=d){d-=c,c=-c;break}}}},b.PAD0=236,b.PAD1=17,b.createData=function(a,c,d){for(var e=j.getRSBlocks(a,c),g=new k,h=0;h<d.length;h++){var i=d[h];g.put(i.mode,4),g.put(i.getLength(),f.getLengthInBits(i.mode,a)),i.write(g)}for(var l=0,h=0;h<e.length;h++)l+=e[h].dataCount;if(g.getLengthInBits()>8*l)throw new Error("code length overflow. ("+g.getLengthInBits()+">"+8*l+")");for(g.getLengthInBits()+4<=8*l&&g.put(0,4);0!=g.getLengthInBits()%8;)g.putBit(!1);for(;;){if(g.getLengthInBits()>=8*l)break;if(g.put(b.PAD0,8),g.getLengthInBits()>=8*l)break;g.put(b.PAD1,8)}return b.createBytes(g,e)},b.createBytes=function(a,b){for(var c=0,d=0,e=0,g=new Array(b.length),h=new Array(b.length),j=0;j<b.length;j++){var k=b[j].dataCount,l=b[j].totalCount-k;d=Math.max(d,k),e=Math.max(e,l),g[j]=new Array(k);for(var m=0;m<g[j].length;m++)g[j][m]=255&a.buffer[m+c];c+=k;var n=f.getErrorCorrectPolynomial(l),o=new i(g[j],n.getLength()-1),p=o.mod(n);h[j]=new Array(n.getLength()-1);for(var m=0;m<h[j].length;m++){var q=m+p.getLength()-h[j].length;h[j][m]=q>=0?p.get(q):0}}for(var r=0,m=0;m<b.length;m++)r+=b[m].totalCount;for(var s=new Array(r),t=0,m=0;d>m;m++)for(var j=0;j<b.length;j++)m<g[j].length&&(s[t++]=g[j][m]);for(var m=0;e>m;m++)for(var j=0;j<b.length;j++)m<h[j].length&&(s[t++]=h[j][m]);return s};for(var c={MODE_NUMBER:1,MODE_ALPHA_NUM:2,MODE_8BIT_BYTE:4,MODE_KANJI:8},d={L:1,M:0,Q:3,H:2},e={PATTERN000:0,PATTERN001:1,PATTERN010:2,PATTERN011:3,PATTERN100:4,PATTERN101:5,PATTERN110:6,PATTERN111:7},f={PATTERN_POSITION_TABLE:[[],[6,18],[6,22],[6,26],[6,30],[6,34],[6,22,38],[6,24,42],[6,26,46],[6,28,50],[6,30,54],[6,32,58],[6,34,62],[6,26,46,66],[6,26,48,70],[6,26,50,74],[6,30,54,78],[6,30,56,82],[6,30,58,86],[6,34,62,90],[6,28,50,72,94],[6,26,50,74,98],[6,30,54,78,102],[6,28,54,80,106],[6,32,58,84,110],[6,30,58,86,114],[6,34,62,90,118],[6,26,50,74,98,122],[6,30,54,78,102,126],[6,26,52,78,104,130],[6,30,56,82,108,134],[6,34,60,86,112,138],[6,30,58,86,114,142],[6,34,62,90,118,146],[6,30,54,78,102,126,150],[6,24,50,76,102,128,154],[6,28,54,80,106,132,158],[6,32,58,84,110,136,162],[6,26,54,82,110,138,166],[6,30,58,86,114,142,170]],G15:1335,G18:7973,G15_MASK:21522,getBCHTypeInfo:function(a){for(var b=a<<10;f.getBCHDigit(b)-f.getBCHDigit(f.G15)>=0;)b^=f.G15<<f.getBCHDigit(b)-f.getBCHDigit(f.G15);return(a<<10|b)^f.G15_MASK},getBCHTypeNumber:function(a){for(var b=a<<12;f.getBCHDigit(b)-f.getBCHDigit(f.G18)>=0;)b^=f.G18<<f.getBCHDigit(b)-f.getBCHDigit(f.G18);return a<<12|b},getBCHDigit:function(a){for(var b=0;0!=a;)b++,a>>>=1;return b},getPatternPosition:function(a){return f.PATTERN_POSITION_TABLE[a-1]},getMask:function(a,b,c){switch(a){case e.PATTERN000:return 0==(b+c)%2;case e.PATTERN001:return 0==b%2;case e.PATTERN010:return 0==c%3;case e.PATTERN011:return 0==(b+c)%3;case e.PATTERN100:return 0==(Math.floor(b/2)+Math.floor(c/3))%2;case e.PATTERN101:return 0==b*c%2+b*c%3;case e.PATTERN110:return 0==(b*c%2+b*c%3)%2;case e.PATTERN111:return 0==(b*c%3+(b+c)%2)%2;default:throw new Error("bad maskPattern:"+a)}},getErrorCorrectPolynomial:function(a){for(var b=new i([1],0),c=0;a>c;c++)b=b.multiply(new i([1,g.gexp(c)],0));return b},getLengthInBits:function(a,b){if(b>=1&&10>b)switch(a){case c.MODE_NUMBER:return 10;case c.MODE_ALPHA_NUM:return 9;case c.MODE_8BIT_BYTE:return 8;case c.MODE_KANJI:return 8;default:throw new Error("mode:"+a)}else if(27>b)switch(a){case c.MODE_NUMBER:return 12;case c.MODE_ALPHA_NUM:return 11;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 10;default:throw new Error("mode:"+a)}else{if(!(41>b))throw new Error("type:"+b);switch(a){case c.MODE_NUMBER:return 14;case c.MODE_ALPHA_NUM:return 13;case c.MODE_8BIT_BYTE:return 16;case c.MODE_KANJI:return 12;default:throw new Error("mode:"+a)}}},getLostPoint:function(a){for(var b=a.getModuleCount(),c=0,d=0;b>d;d++)for(var e=0;b>e;e++){for(var f=0,g=a.isDark(d,e),h=-1;1>=h;h++)if(!(0>d+h||d+h>=b))for(var i=-1;1>=i;i++)0>e+i||e+i>=b||(0!=h||0!=i)&&g==a.isDark(d+h,e+i)&&f++;f>5&&(c+=3+f-5)}for(var d=0;b-1>d;d++)for(var e=0;b-1>e;e++){var j=0;a.isDark(d,e)&&j++,a.isDark(d+1,e)&&j++,a.isDark(d,e+1)&&j++,a.isDark(d+1,e+1)&&j++,(0==j||4==j)&&(c+=3)}for(var d=0;b>d;d++)for(var e=0;b-6>e;e++)a.isDark(d,e)&&!a.isDark(d,e+1)&&a.isDark(d,e+2)&&a.isDark(d,e+3)&&a.isDark(d,e+4)&&!a.isDark(d,e+5)&&a.isDark(d,e+6)&&(c+=40);for(var e=0;b>e;e++)for(var d=0;b-6>d;d++)a.isDark(d,e)&&!a.isDark(d+1,e)&&a.isDark(d+2,e)&&a.isDark(d+3,e)&&a.isDark(d+4,e)&&!a.isDark(d+5,e)&&a.isDark(d+6,e)&&(c+=40);for(var k=0,e=0;b>e;e++)for(var d=0;b>d;d++)a.isDark(d,e)&&k++;var l=Math.abs(100*k/b/b-50)/5;return c+=10*l}},g={glog:function(a){if(1>a)throw new Error("glog("+a+")");return g.LOG_TABLE[a]},gexp:function(a){for(;0>a;)a+=255;for(;a>=256;)a-=255;return g.EXP_TABLE[a]},EXP_TABLE:new Array(256),LOG_TABLE:new Array(256)},h=0;8>h;h++)g.EXP_TABLE[h]=1<<h;for(var h=8;256>h;h++)g.EXP_TABLE[h]=g.EXP_TABLE[h-4]^g.EXP_TABLE[h-5]^g.EXP_TABLE[h-6]^g.EXP_TABLE[h-8];for(var h=0;255>h;h++)g.LOG_TABLE[g.EXP_TABLE[h]]=h;i.prototype={get:function(a){return this.num[a]},getLength:function(){return this.num.length},multiply:function(a){for(var b=new Array(this.getLength()+a.getLength()-1),c=0;c<this.getLength();c++)for(var d=0;d<a.getLength();d++)b[c+d]^=g.gexp(g.glog(this.get(c))+g.glog(a.get(d)));return new i(b,0)},mod:function(a){if(this.getLength()-a.getLength()<0)return this;for(var b=g.glog(this.get(0))-g.glog(a.get(0)),c=new Array(this.getLength()),d=0;d<this.getLength();d++)c[d]=this.get(d);for(var d=0;d<a.getLength();d++)c[d]^=g.gexp(g.glog(a.get(d))+b);return new i(c,0).mod(a)}},j.RS_BLOCK_TABLE=[[1,26,19],[1,26,16],[1,26,13],[1,26,9],[1,44,34],[1,44,28],[1,44,22],[1,44,16],[1,70,55],[1,70,44],[2,35,17],[2,35,13],[1,100,80],[2,50,32],[2,50,24],[4,25,9],[1,134,108],[2,67,43],[2,33,15,2,34,16],[2,33,11,2,34,12],[2,86,68],[4,43,27],[4,43,19],[4,43,15],[2,98,78],[4,49,31],[2,32,14,4,33,15],[4,39,13,1,40,14],[2,121,97],[2,60,38,2,61,39],[4,40,18,2,41,19],[4,40,14,2,41,15],[2,146,116],[3,58,36,2,59,37],[4,36,16,4,37,17],[4,36,12,4,37,13],[2,86,68,2,87,69],[4,69,43,1,70,44],[6,43,19,2,44,20],[6,43,15,2,44,16],[4,101,81],[1,80,50,4,81,51],[4,50,22,4,51,23],[3,36,12,8,37,13],[2,116,92,2,117,93],[6,58,36,2,59,37],[4,46,20,6,47,21],[7,42,14,4,43,15],[4,133,107],[8,59,37,1,60,38],[8,44,20,4,45,21],[12,33,11,4,34,12],[3,145,115,1,146,116],[4,64,40,5,65,41],[11,36,16,5,37,17],[11,36,12,5,37,13],[5,109,87,1,110,88],[5,65,41,5,66,42],[5,54,24,7,55,25],[11,36,12],[5,122,98,1,123,99],[7,73,45,3,74,46],[15,43,19,2,44,20],[3,45,15,13,46,16],[1,135,107,5,136,108],[10,74,46,1,75,47],[1,50,22,15,51,23],[2,42,14,17,43,15],[5,150,120,1,151,121],[9,69,43,4,70,44],[17,50,22,1,51,23],[2,42,14,19,43,15],[3,141,113,4,142,114],[3,70,44,11,71,45],[17,47,21,4,48,22],[9,39,13,16,40,14],[3,135,107,5,136,108],[3,67,41,13,68,42],[15,54,24,5,55,25],[15,43,15,10,44,16],[4,144,116,4,145,117],[17,68,42],[17,50,22,6,51,23],[19,46,16,6,47,17],[2,139,111,7,140,112],[17,74,46],[7,54,24,16,55,25],[34,37,13],[4,151,121,5,152,122],[4,75,47,14,76,48],[11,54,24,14,55,25],[16,45,15,14,46,16],[6,147,117,4,148,118],[6,73,45,14,74,46],[11,54,24,16,55,25],[30,46,16,2,47,17],[8,132,106,4,133,107],[8,75,47,13,76,48],[7,54,24,22,55,25],[22,45,15,13,46,16],[10,142,114,2,143,115],[19,74,46,4,75,47],[28,50,22,6,51,23],[33,46,16,4,47,17],[8,152,122,4,153,123],[22,73,45,3,74,46],[8,53,23,26,54,24],[12,45,15,28,46,16],[3,147,117,10,148,118],[3,73,45,23,74,46],[4,54,24,31,55,25],[11,45,15,31,46,16],[7,146,116,7,147,117],[21,73,45,7,74,46],[1,53,23,37,54,24],[19,45,15,26,46,16],[5,145,115,10,146,116],[19,75,47,10,76,48],[15,54,24,25,55,25],[23,45,15,25,46,16],[13,145,115,3,146,116],[2,74,46,29,75,47],[42,54,24,1,55,25],[23,45,15,28,46,16],[17,145,115],[10,74,46,23,75,47],[10,54,24,35,55,25],[19,45,15,35,46,16],[17,145,115,1,146,116],[14,74,46,21,75,47],[29,54,24,19,55,25],[11,45,15,46,46,16],[13,145,115,6,146,116],[14,74,46,23,75,47],[44,54,24,7,55,25],[59,46,16,1,47,17],[12,151,121,7,152,122],[12,75,47,26,76,48],[39,54,24,14,55,25],[22,45,15,41,46,16],[6,151,121,14,152,122],[6,75,47,34,76,48],[46,54,24,10,55,25],[2,45,15,64,46,16],[17,152,122,4,153,123],[29,74,46,14,75,47],[49,54,24,10,55,25],[24,45,15,46,46,16],[4,152,122,18,153,123],[13,74,46,32,75,47],[48,54,24,14,55,25],[42,45,15,32,46,16],[20,147,117,4,148,118],[40,75,47,7,76,48],[43,54,24,22,55,25],[10,45,15,67,46,16],[19,148,118,6,149,119],[18,75,47,31,76,48],[34,54,24,34,55,25],[20,45,15,61,46,16]],j.getRSBlocks=function(a,b){var c=j.getRsBlockTable(a,b);if(void 0==c)throw new Error("bad rs block @ typeNumber:"+a+"/errorCorrectLevel:"+b);for(var d=c.length/3,e=[],f=0;d>f;f++)for(var g=c[3*f+0],h=c[3*f+1],i=c[3*f+2],k=0;g>k;k++)e.push(new j(h,i));return e},j.getRsBlockTable=function(a,b){switch(b){case d.L:return j.RS_BLOCK_TABLE[4*(a-1)+0];case d.M:return j.RS_BLOCK_TABLE[4*(a-1)+1];case d.Q:return j.RS_BLOCK_TABLE[4*(a-1)+2];case d.H:return j.RS_BLOCK_TABLE[4*(a-1)+3];default:return void 0}},k.prototype={get:function(a){var b=Math.floor(a/8);return 1==(1&this.buffer[b]>>>7-a%8)},put:function(a,b){for(var c=0;b>c;c++)this.putBit(1==(1&a>>>b-c-1))},getLengthInBits:function(){return this.length},putBit:function(a){var b=Math.floor(this.length/8);this.buffer.length<=b&&this.buffer.push(0),a&&(this.buffer[b]|=128>>>this.length%8),this.length++}};var l=[[17,14,11,7],[32,26,20,14],[53,42,32,24],[78,62,46,34],[106,84,60,44],[134,106,74,58],[154,122,86,64],[192,152,108,84],[230,180,130,98],[271,213,151,119],[321,251,177,137],[367,287,203,155],[425,331,241,177],[458,362,258,194],[520,412,292,220],[586,450,322,250],[644,504,364,280],[718,560,394,310],[792,624,442,338],[858,666,482,382],[929,711,509,403],[1003,779,565,439],[1091,857,611,461],[1171,911,661,511],[1273,997,715,535],[1367,1059,751,593],[1465,1125,805,625],[1528,1190,868,658],[1628,1264,908,698],[1732,1370,982,742],[1840,1452,1030,790],[1952,1538,1112,842],[2068,1628,1168,898],[2188,1722,1228,958],[2303,1809,1283,983],[2431,1911,1351,1051],[2563,1989,1423,1093],[2699,2099,1499,1139],[2809,2213,1579,1219],[2953,2331,1663,1273]],o=function(){var a=function(a,b){this._el=a,this._htOption=b};return a.prototype.draw=function(a){function g(a,b){var c=document.createElementNS("http://www.w3.org/2000/svg",a);for(var d in b)b.hasOwnProperty(d)&&c.setAttribute(d,b[d]);return c}var b=this._htOption,c=this._el,d=a.getModuleCount();Math.floor(b.width/d),Math.floor(b.height/d),this.clear();var h=g("svg",{viewBox:"0 0 "+String(d)+" "+String(d),width:"100%",height:"100%",fill:b.colorLight});h.setAttributeNS("http://www.w3.org/2000/xmlns/","xmlns:xlink","http://www.w3.org/1999/xlink"),c.appendChild(h),h.appendChild(g("rect",{fill:b.colorDark,width:"1",height:"1",id:"template"}));for(var i=0;d>i;i++)for(var j=0;d>j;j++)if(a.isDark(i,j)){var k=g("use",{x:String(i),y:String(j)});k.setAttributeNS("http://www.w3.org/1999/xlink","href","#template"),h.appendChild(k)}},a.prototype.clear=function(){for(;this._el.hasChildNodes();)this._el.removeChild(this._el.lastChild)},a}(),p="svg"===document.documentElement.tagName.toLowerCase(),q=p?o:m()?function(){function a(){this._elImage.src=this._elCanvas.toDataURL("image/png"),this._elImage.style.display="block",this._elCanvas.style.display="none"}function d(a,b){var c=this;if(c._fFail=b,c._fSuccess=a,null===c._bSupportDataURI){var d=document.createElement("img"),e=function(){c._bSupportDataURI=!1,c._fFail&&_fFail.call(c)},f=function(){c._bSupportDataURI=!0,c._fSuccess&&c._fSuccess.call(c)};return d.onabort=e,d.onerror=e,d.onload=f,d.src="data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==",void 0}c._bSupportDataURI===!0&&c._fSuccess?c._fSuccess.call(c):c._bSupportDataURI===!1&&c._fFail&&c._fFail.call(c)}if(this._android&&this._android<=2.1){var b=1/window.devicePixelRatio,c=CanvasRenderingContext2D.prototype.drawImage;CanvasRenderingContext2D.prototype.drawImage=function(a,d,e,f,g,h,i,j){if("nodeName"in a&&/img/i.test(a.nodeName))for(var l=arguments.length-1;l>=1;l--)arguments[l]=arguments[l]*b;else"undefined"==typeof j&&(arguments[1]*=b,arguments[2]*=b,arguments[3]*=b,arguments[4]*=b);c.apply(this,arguments)}}var e=function(a,b){this._bIsPainted=!1,this._android=n(),this._htOption=b,this._elCanvas=document.createElement("canvas"),this._elCanvas.width=b.width,this._elCanvas.height=b.height,a.appendChild(this._elCanvas),this._el=a,this._oContext=this._elCanvas.getContext("2d"),this._bIsPainted=!1,this._elImage=document.createElement("img"),this._elImage.style.display="none",this._el.appendChild(this._elImage),this._bSupportDataURI=null};return e.prototype.draw=function(a){var b=this._elImage,c=this._oContext,d=this._htOption,e=a.getModuleCount(),f=d.width/e,g=d.height/e,h=Math.round(f),i=Math.round(g);b.style.display="none",this.clear();for(var j=0;e>j;j++)for(var k=0;e>k;k++){var l=a.isDark(j,k),m=k*f,n=j*g;c.strokeStyle=l?d.colorDark:d.colorLight,c.lineWidth=1,c.fillStyle=l?d.colorDark:d.colorLight,c.fillRect(m,n,f,g),c.strokeRect(Math.floor(m)+.5,Math.floor(n)+.5,h,i),c.strokeRect(Math.ceil(m)-.5,Math.ceil(n)-.5,h,i)}this._bIsPainted=!0},e.prototype.makeImage=function(){this._bIsPainted&&d.call(this,a)},e.prototype.isPainted=function(){return this._bIsPainted},e.prototype.clear=function(){this._oContext.clearRect(0,0,this._elCanvas.width,this._elCanvas.height),this._bIsPainted=!1},e.prototype.round=function(a){return a?Math.floor(1e3*a)/1e3:a},e}():function(){var a=function(a,b){this._el=a,this._htOption=b};return a.prototype.draw=function(a){for(var b=this._htOption,c=this._el,d=a.getModuleCount(),e=Math.floor(b.width/d),f=Math.floor(b.height/d),g=['<table style="border:0;border-collapse:collapse;">'],h=0;d>h;h++){g.push("<tr>");for(var i=0;d>i;i++)g.push('<td style="border:0;border-collapse:collapse;padding:0;margin:0;width:'+e+"px;height:"+f+"px;background-color:"+(a.isDark(h,i)?b.colorDark:b.colorLight)+';"></td>');g.push("</tr>")}g.push("</table>"),c.innerHTML=g.join("");var j=c.childNodes[0],k=(b.width-j.offsetWidth)/2,l=(b.height-j.offsetHeight)/2;k>0&&l>0&&(j.style.margin=l+"px "+k+"px")},a.prototype.clear=function(){this._el.innerHTML=""},a}();QRCode=function(a,b){if(this._htOption={width:256,height:256,typeNumber:4,colorDark:"#000000",colorLight:"#ffffff",correctLevel:d.H},"string"==typeof b&&(b={text:b}),b)for(var c in b)this._htOption[c]=b[c];"string"==typeof a&&(a=document.getElementById(a)),this._android=n(),this._el=a,this._oQRCode=null,this._oDrawing=new q(this._el,this._htOption),this._htOption.text&&this.makeCode(this._htOption.text)},QRCode.prototype.makeCode=function(a){this._oQRCode=new b(r(a,this._htOption.correctLevel),this._htOption.correctLevel),this._oQRCode.addData(a),this._oQRCode.make(),this._el.title=a,this._oDrawing.draw(this._oQRCode),this.makeImage()},QRCode.prototype.makeImage=function(){"function"==typeof this._oDrawing.makeImage&&(!this._android||this._android>=3)&&this._oDrawing.makeImage()},QRCode.prototype.clear=function(){this._oDrawing.clear()},QRCode.CorrectLevel=d}();
\ No newline at end of file
diff --git a/static/register.js b/static/register.js
new file mode 100644
index 0000000..bc726b8
--- /dev/null
+++ b/static/register.js
@@ -0,0 +1,29 @@
+const form = document.getElementById("reg-form"); // Replace #my-form with your form's ID
+
+form.addEventListener("submit", async (event) => {
+    event.preventDefault();
+
+    let userId = document.getElementById("user-id").value;
+    let msgBox = document.getElementById("msg-box");
+    try {
+        const response = await fetch(`/api/checkname/${userId}`, {
+            method: "GET",
+        });
+
+        if (response.status === 409) {
+            msgBox.innerText = "Entry with id \"" + userId + "\" already in use";
+            return;
+        } else if (!response.ok) {
+            throw new Error(`Server Error: ${response.status}`);
+        }
+
+        const data = await response.json();
+        console.log("Fetch successful:", data);
+
+        form.submit();
+
+    } catch (error) {
+        console.error("Fetch failed:", error);
+        msgBox.innerText = "Internal Error: " + error;
+    }
+});
\ No newline at end of file
diff --git a/static/style.css b/static/style.css
index fd60afd..c8cd05d 100644
--- a/static/style.css
+++ b/static/style.css
@@ -33,9 +33,8 @@
     .header-icon {
         display: block;
         flex: 0 0 72px;
-        width: 20vw;
-        height: auto;
-        max-height: 85px;
+        width: 85px;
+        height: 85px;
     }
 
     .footer {
@@ -51,7 +50,7 @@
         max-width: 800px;
         padding: 1.5rem;
         background: white;
-        border-radius: 5px;
+        border-radius: 15px;
         text-align: center;
     }
 
@@ -59,7 +58,7 @@
         font-size: 16px;
     }
 
-    .content button {
+    .btn {
         color: var(--dark);
         background-color: var(--light);
         border-radius: 8px;
@@ -76,6 +75,20 @@
         align-items: flex-start;
         margin-left: 5vw;
     }
+
+    .inputs {
+        display: flex;
+        flex: 1 0 auto;
+        flex-direction: column;
+    }
+
+    .inputs div {
+        flex: 1 0 auto;
+    }
+
+    .inputs input {
+        margin-bottom: 10px;
+    }
 }
 
 @media only screen and (min-width: 700px) {
@@ -100,12 +113,15 @@
         flex: 0 0 64px;
     }
 
+    .icon-link {
+        display: flex;
+    }
+
     .header-icon {
         display: block;
         flex: 0 0 64px;
-        width: 15vw;
-        height: auto;
-        max-height: 80px;
+        width: 80px;
+        height: 80px;
     }
 
     .footer {
@@ -129,7 +145,7 @@
         font-size: 16px;
     }
 
-    .content button {
+    .btn {
         color: var(--dark);
         background-color: var(--light);
         border-radius: 8px;
@@ -146,6 +162,22 @@
         align-items: flex-start;
         margin-left: 5vw;
     }
+
+    .inputs {
+        display: flex;
+        flex: 1 0 auto;
+        flex-direction: row;
+        justify-content: space-between;
+        column-gap: 5vw;
+    }
+
+    .inputs div {
+        flex: 1 0 auto;
+    }
+
+    .inputs input {
+        margin-bottom: 10px;
+    }
 }
 
 .title {
@@ -221,11 +253,17 @@
     background-color: var(--dark-click);
 }
 
+.flex {
+    display: flex;
+}
+
 .flex-vertical {
+    /*display: flex;*/
     flex-direction: column;
 }
 
 .flex-horizontal {
+    /*display: flex;*/
     flex-direction: row;
 }
 
@@ -242,6 +280,43 @@
     flex: 1 0 auto;
 }
 
+.label-left {
+    text-align: left;
+}
+
+#reg-form {
+    flex: 1 0 auto;
+}
+
 #status {
     margin-bottom: 0;
+}
+
+#qr-link {
+    display: inline-flex;
+}
+
+#qr {
+    display: flex;
+    justify-content: center;
+}
+
+#qr img {
+    width: auto;
+    height: 60vh;
+}
+
+#loading {
+    display: inline-block;
+    width: 50px;
+    height: 50px;
+    border: 3px solid var(--mid-light);
+    border-radius: 50%;
+    border-top-color: var(--mid-dark);
+    animation: spin 1s ease-in-out infinite;
+    -webkit-animation: spin 1s ease-in-out infinite;
+}
+
+@keyframes spin {
+    to { transform: rotate(360deg); }
 }
\ No newline at end of file
diff --git a/html/unauthorized.html b/templates/base.html.tmpl
similarity index 79%
rename from html/unauthorized.html
rename to templates/base.html.tmpl
index 10fc688..fc8a684 100644
--- a/html/unauthorized.html
+++ b/templates/base.html.tmpl
@@ -9,15 +9,17 @@
 <body>
 
 <header class="header">
-    <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
     <h1 class="title">My Luggage Info</h1>
     <div class="spacer"></div>
 </header>
 <div class="container">
     <div class="content flex-vertical">
         <div class="section-one">
-            <h1>Unauthorized</h1>
-            <p>Maybe you had the wrong code?</p>
+            <h1>{{ .header }}</h1>
+            <p>{{ .body  }}</p>
         </div>
     </div>
 </div>
diff --git a/templates/error.html.tmpl b/templates/error.html.tmpl
deleted file mode 100644
index 2b971d9..0000000
--- a/templates/error.html.tmpl
+++ /dev/null
@@ -1,30 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, internal-scale=1, viewport-fit=cover">
-    <title>My Luggage Info</title>
-    <link rel="stylesheet" href="/static/style.css?v=43">
-</head>
-<body>
-
-<header class="header">
-    <img class="header-icon" src="/static/icon.png" alt="icon"/>
-    <h1 class="title">My Luggage Info</h1>
-    <div class="spacer"></div>
-</header>
-<div class="container">
-    <div class="content flex-vertical">
-        <div class="section-one">
-            <h1>Error</h1>
-            <p>Please report the following to Steven</p>
-            <p>{{ .error }}</p>
-        </div>
-    </div>
-</div>
-
-<footer class="footer">
-    <p class="footer-text">Made hastily by <a class="footer-text" href="https://www.linkedin.com/in/steven-tracey18/">Steven Tracey</a></p>
-</footer>
-</body>
-</html>
diff --git a/templates/info.html.tmpl b/templates/info.html.tmpl
index 18965df..aa01b2b 100644
--- a/templates/info.html.tmpl
+++ b/templates/info.html.tmpl
@@ -9,7 +9,9 @@
 <body>
 
 <header class="header">
-    <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    <a class="icon-link" href="/">
+        <img class="header-icon" src="/static/icon.png" alt="icon"/>
+    </a>
     <h1 class="title">My Luggage Info</h1>
     <div class="spacer"></div>
 </header>
diff --git a/util.go b/util.go
new file mode 100644
index 0000000..f4b9705
--- /dev/null
+++ b/util.go
@@ -0,0 +1,86 @@
+package main
+
+import (
+	"context"
+	"crypto/rand"
+	"database/sql"
+	"encoding/base64"
+	"fmt"
+	"log"
+	"time"
+)
+
+type Address struct {
+	Id         int64     `json:"-"`
+	Street1    string    `json:"street1" form:"street1"`
+	Street2    *string   `json:"street2,omitempty" form:"street2,omitempty"`
+	City       string    `json:"city" form:"city"`
+	State      *string   `json:"state,omitempty" form:"state,omitempty"`
+	PostalCode string    `json:"postal_code" form:"postal-code"`
+	Country    string    `json:"country" form:"country"`
+	CreatedAt  time.Time `json:"-"`
+	UpdatedAt  time.Time `json:"-"`
+}
+
+type User struct {
+	Status           int32   `json:"status"`
+	Id               int64   `json:"-"`
+	UserName         string  `json:"user_name" form:"user-id"`
+	ContactName      string  `json:"contact_name" form:"name"`
+	SecretCodes      string  `json:"-"`
+	CurrentToken     *string `json:"-"`
+	ContactNumber    string  `json:"contact_number" form:"phone-number"`
+	EmailAddress     string  `json:"email_address" form:"email"`
+	MailingAddress   Address `json:"mailing_address"`
+	RegistrationCode string  `json:"-" form:"registration_code"`
+}
+
+func GenerateToken(n int) (string, error) {
+	b := make([]byte, n)
+	if _, err := rand.Read(b); err != nil {
+		return "", fmt.Errorf("reading random bytes: %w\n", err)
+	}
+	return base64.RawURLEncoding.EncodeToString(b), nil
+}
+
+func startCleanupLoop(ctx context.Context, db *sql.DB, interval, ttl time.Duration) {
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+
+		case <-ticker.C:
+			if err := cleanupExpired(db, ttl); err != nil {
+				log.Printf("token cleanup error: %v\n", err)
+			}
+		}
+	}
+}
+
+func cleanupExpired(db *sql.DB, ttl time.Duration) error {
+	sqlStmt := `
+		UPDATE users
+		SET current_token=null,token_creation=null
+		WHERE token_creation < DATE_SUB(NOW(), INTERVAL ? SECOND);
+`
+	res, err := db.Exec(sqlStmt, int(ttl.Seconds()))
+	if err != nil {
+		return err
+	}
+
+	n, _ := res.RowsAffected()
+	log.Printf("Token Cleanup: updated %d rows\n", n)
+	return nil
+}
+
+func generateAESKey(keySize int) ([]byte, error) {
+	key := make([]byte, keySize)
+	_, err := rand.Read(key)
+	if err != nil {
+		return nil, err
+	}
+	return key, nil
+}
diff --git a/web.go b/web.go
new file mode 100644
index 0000000..3c49a53
--- /dev/null
+++ b/web.go
@@ -0,0 +1,304 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	ratelimit "github.com/JGLTechnologies/gin-rate-limit"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+)
+
+var sessionStore sessions.Store
+var htmlRL gin.HandlerFunc
+var jsonRL gin.HandlerFunc
+
+func createSessionStore() {
+	secureBool, err := strconv.ParseBool(os.Getenv("SECURE_SESSION"))
+	if err != nil {
+		fmt.Printf("Unable to get Secure Session Env, defaulting to \"true\". Error: %v\n", err.Error())
+		secureBool = true
+	}
+
+	sessionStore = cookie.NewStore([]byte(os.Getenv("AUTHENTICATION_KEY")), []byte(os.Getenv("ENCRYPTION_KEY")))
+	sessionStore.Options(sessions.Options{
+		Path:     "/",
+		MaxAge:   60 * 60 * 24, // 1 day
+		HttpOnly: true,
+		Secure:   secureBool,
+		SameSite: http.SameSiteLaxMode,
+	})
+}
+
+func keyFunc(c *gin.Context) string {
+	return c.ClientIP()
+}
+
+func createRateLimiters() {
+	store := ratelimit.InMemoryStore(&ratelimit.InMemoryOptions{
+		Rate:  time.Second,
+		Limit: 5,
+	})
+	htmlRL = ratelimit.RateLimiter(store, &ratelimit.Options{
+		ErrorHandler: func(c *gin.Context, info ratelimit.Info) {
+			c.HTML(http.StatusTooManyRequests, "base.html.tmpl", gin.H{
+				"header": "Error",
+				"body":   fmt.Sprintf("Too many requests. Try again in %v", time.Until(info.ResetTime).String()),
+			})
+		},
+		KeyFunc: keyFunc,
+	})
+	jsonRL = ratelimit.RateLimiter(store, &ratelimit.Options{
+		ErrorHandler: func(c *gin.Context, info ratelimit.Info) {
+			c.JSON(http.StatusTooManyRequests, gin.H{})
+		},
+		KeyFunc: keyFunc,
+	})
+}
+
+func webRoot(c *gin.Context) {
+	c.File("./html/home.html")
+}
+
+func webRegister(c *gin.Context) {
+	c.File("./html/register.html")
+}
+
+func webRegisterSuccess(c *gin.Context) {
+	c.HTML(http.StatusOK, "base.html.tmpl", gin.H{
+		"header": "Registration Success",
+		"body":   "We will reach out soon to get your tag to you!",
+	})
+}
+
+func webQr(c *gin.Context) {
+	c.File("./html/genqr.html")
+}
+
+func webPing(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{
+		"message": "pong",
+	})
+}
+
+func webUserApi(c *gin.Context) {
+	user, err := db.queryUser(c.Param("user"))
+	if user.CurrentToken == nil {
+		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+			"status": 401,
+			"error":  "Unauthorized",
+		})
+	} else if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
+		if err != nil {
+			if errors.Is(err, NoEntriesFoundError) {
+				c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+					"status": 401,
+					"error":  "Unauthorized",
+				})
+			} else {
+				fmt.Printf("Error: %s\n", err)
+				c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{
+					"status": 500,
+					"error":  err.Error(),
+				})
+			}
+		} else {
+			c.JSON(http.StatusOK, user)
+		}
+	} else {
+		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
+			"status": 401,
+			"error":  "Unauthorized",
+		})
+	}
+}
+
+func webVerifyUserApi(c *gin.Context) {
+	user, err := db.queryUser(c.Param("user"))
+	if err != nil {
+		if errors.Is(err, NoEntriesFoundError) {
+			c.AbortWithStatusJSON(http.StatusNotFound, gin.H{
+				"status": 404,
+				"user":   "",
+				"error":  "User not found",
+			})
+			return
+		}
+		fmt.Printf("Error: %s\n", err)
+		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
+			"status": 500,
+			"user":   "",
+			"error":  err.Error(),
+		})
+		return
+	}
+	codes := strings.Split(user.SecretCodes, "'")
+	responded := false
+	for _, code := range codes {
+		codeHeader := c.GetHeader("Authorization")
+		reqCodeRaw := strings.Split(codeHeader, " ")
+		reqCode := strings.ReplaceAll(reqCodeRaw[len(reqCodeRaw)-1], " ", "")
+		if strings.Compare(code, reqCode) == 0 {
+			token, err := GenerateToken(16)
+			if err != nil {
+				c.JSON(http.StatusInternalServerError, gin.H{
+					"status": 500,
+					"user":   "",
+					"error":  err.Error(),
+				})
+				responded = true
+				return
+			} else {
+				err = db.updateToken(user.UserName, token)
+				if err != nil {
+					c.JSON(http.StatusInternalServerError, gin.H{
+						"status": 500,
+						"user":   "",
+						"error":  err.Error(),
+					})
+					responded = true
+					return
+				} else {
+					user.Status = 200
+					c.JSON(http.StatusOK, gin.H{
+						"status": 200,
+						"user":   user.UserName,
+						"error":  "",
+						"token":  token,
+					})
+					responded = true
+					break
+				}
+			}
+		}
+	}
+	if !responded {
+		c.JSON(http.StatusNotFound, gin.H{
+			"status": "404",
+			"user":   "",
+			"error":  "User not found",
+		})
+	}
+}
+
+func webCheckNameApi(c *gin.Context) {
+	users, err := db.getUsers()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"status": 500,
+			"error":  err.Error(),
+		})
+		return
+	}
+	anyMatch := false
+	for _, user := range users {
+		if strings.Compare(user, c.Param("user")) == 0 {
+			anyMatch = true
+			break
+		}
+	}
+	if anyMatch {
+		c.JSON(http.StatusConflict, gin.H{
+			"status": 409,
+			"error":  "userid already exists",
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"status": 200,
+		"error":  "",
+	})
+}
+
+func webRegisterApi(c *gin.Context) { //TODO refactor with JS form submission or under logged in user dashboard
+	var newUser User
+	err := c.ShouldBind(&newUser)
+	if err != nil {
+		fmt.Printf("Error: %v\n", err)
+		c.HTML(http.StatusInternalServerError, "base.html.tmpl", gin.H{
+			"header": "Registration Error",
+			"body":   err.Error(),
+		})
+		return
+	}
+	err = db.checkRegistrationCode(newUser.RegistrationCode)
+	if errors.Is(err, NoEntriesFoundError) {
+		c.HTML(http.StatusNotFound, "base.html.tmpl", gin.H{
+			"header": "Registration Error",
+			"body":   err.Error(),
+		})
+		return
+	}
+	c.Redirect(http.StatusSeeOther, "/register/success")
+}
+
+func webUser(c *gin.Context) {
+	c.File("./html/verify.html")
+}
+
+func webUserInfo(c *gin.Context) {
+	user, err := db.queryUser(c.Param("user"))
+	if user.CurrentToken == nil {
+		c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
+			"header": "Unauthorized",
+			"body":   "You don't have the right token :/",
+		})
+		return
+	}
+	if strings.Compare(c.Query("token"), *user.CurrentToken) == 0 {
+		if err != nil {
+			if errors.Is(err, NoEntriesFoundError) {
+				c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
+					"header": "Unauthorized",
+					"body":   "You don't have the right token :/",
+				})
+				return
+			}
+			fmt.Printf("Error: %s\n", err)
+			c.HTML(http.StatusInternalServerError, "base.html.tmpl", gin.H{
+				"header": "Error",
+				"body":   err.Error(),
+			})
+			return
+		}
+		addressStr := fmt.Sprintf("%s", user.MailingAddress.Street1)
+		if user.MailingAddress.Street2 == nil {
+			addressStr = fmt.Sprintf("%s, %s", addressStr, user.MailingAddress.City)
+		} else {
+			addressStr = fmt.Sprintf("%s, %s, %s", addressStr, *user.MailingAddress.Street2, user.MailingAddress.City)
+		}
+		if user.MailingAddress.State == nil {
+			addressStr = fmt.Sprintf("%s, %s, %s", addressStr, user.MailingAddress.PostalCode, user.MailingAddress.Country)
+		} else {
+			addressStr = fmt.Sprintf("%s, %s, %s, %s", addressStr, *user.MailingAddress.State, user.MailingAddress.PostalCode, user.MailingAddress.Country)
+		}
+		c.HTML(http.StatusOK, "info.html.tmpl", gin.H{
+			"contact_name":  user.ContactName,
+			"phone_number":  user.ContactNumber,
+			"email_address": user.EmailAddress,
+			"address":       addressStr,
+		})
+		return
+	}
+	c.HTML(http.StatusUnauthorized, "base.html.tmpl", gin.H{
+		"header": "Unauthorized",
+		"body":   "You don't have the right token :/",
+	})
+}
+
+func webLoginAuth(c *gin.Context) {
+
+}
+
+func webLoginAuthPost(c *gin.Context) {
+
+}
+
+func webLogoutAuth(c *gin.Context) {
+
+}