diff --git a/php/.htaccess b/php/.htaccess
deleted file mode 100644
index f289550940da314e0c59b1995c38ed2b670f8f78..0000000000000000000000000000000000000000
--- a/php/.htaccess
+++ /dev/null
@@ -1 +0,0 @@
-Header set Access-Control-Allow-Origin "*"
diff --git a/php/config.php b/php/config.php
index 5e7980b5a861f872f24d5dd44e06471e748bf364..51116abd60ce33908aa847daf26b32c720fbe2b9 100644
--- a/php/config.php
+++ b/php/config.php
@@ -1,7 +1,6 @@
 <?php
 
-//$poller_bin = "/usr/lib/mw/mwpoll";
-$poller_bin = "/usr/local/lib/mw/mwpoll.test";
+$poller_bin = "/usr/lib/mw/mwpoll";
 $poller_path = "/var/run/mw/mwpoll.";
 
 /* Fix these paths to your local test copy for test mode  e.g. */
diff --git a/php/imageproxy.php b/php/imageproxy.php
new file mode 100644
index 0000000000000000000000000000000000000000..9226c278b26905c585fe2da427adcf4f2de76f77
--- /dev/null
+++ b/php/imageproxy.php
@@ -0,0 +1,35 @@
+<?php
+  $url = "";
+  if (isset($_GET['url'])){
+    $url = $_GET[ 'url' ];
+  } else {
+    exit();
+  }
+
+  $url_headers = get_headers($url, 1);
+  
+  if (isset($url_headers['Content-Type'])) {
+    $type = strtolower($url_headers['Content-Type']);
+
+    $valid_image_type = array();
+    $valid_image_type['image/png']='';
+    $valid_image_type['image/jpg']='';
+    $valid_image_type['image/jpeg']='';
+    $valid_image_type['image/jpe']='';
+    $valid_image_type['image/gif']='';
+    $valid_image_type['image/tif']='';
+    $valid_image_type['image/tiff']='';
+    $valid_image_type['image/svg']='';
+    $valid_image_type['image/ico']='';
+    $valid_image_type['image/icon']='';
+    $valid_image_type['image/x-icon']='';
+
+    if (isset($valid_image_type[$type])) {
+      $im = file_get_contents($url);
+      $imdata = base64_encode($im);
+      echo $imdata;
+    } else {
+      echo 'not_an_image';
+    }
+  }
+?>
diff --git a/php/index.php b/php/index.php
index cb0aab8ac7fa180db852a7c03bb0f9e8ab9e1e7c..44869e265f1ea58153ccdb5ec488889faf986b2d 100644
--- a/php/index.php
+++ b/php/index.php
@@ -23,7 +23,7 @@ if (!isset($mwsess)) {
   if ($_REQUEST['sucssite_loggedin']=="true" && $action!="logout") {
     require("startup.php");
   } else {
-    echo 'Post requests only to this url';
+    echo 'nope';
     exit;
   }
 }
diff --git a/php/poll.php b/php/poll.php
index a9d7783c6df53ee8a51a2e0d5e20c4ad3cffec34..144623f2f5de8166c53403830e8cff485e51e466 100644
--- a/php/poll.php
+++ b/php/poll.php
@@ -1,12 +1,11 @@
 <?
-
 require_once("config.php");
 
 $data = unserialize(@$_REQUEST['mwsess']);
 $sess = (int)$data['pid'];
 $auth = trim($data['auth']);
 
-$path = $poller_path.$sess;
+$path = $poller_path . $sess;
 
 header("Content-type: application/json; charset=utf-8");
 
@@ -27,7 +26,10 @@ if (@socket_recv($sock, $response, 4096, 0)===FALSE) {
   exit;
 }
 $res = json_decode($response, TRUE);
-if ($res === NULL) { echo "{\"status\":\"Bad server response\"}\n"; exit; }
+if ($res === NULL) {
+  echo "{\"status\":\"Bad server response\"}\n";
+  exit;
+}
 
 if ($res['status'] != "OK") {
   echo $response;
@@ -46,8 +48,12 @@ if (@socket_recv($sock, $response, 262144, 0)===FALSE) {
   exit;
 }
 
-if ($response!="") echo $response."\n";
-else echo "[]\n";
+if ($response != "") {
+  echo $response . "\n";
+} else {
+  echo "[]\n";
+}
 
 socket_close($sock);
+exit;
 ?>
diff --git a/php/startup.php b/php/startup.php
index 0e9781a74274256b980cb6aa0a640cba9fb077df..32db816f3f13109bff79e7317a8ec286f9893b5d 100644
--- a/php/startup.php
+++ b/php/startup.php
@@ -7,140 +7,120 @@ $password = trim($_REQUEST['password']);
 
 // Preliminary checks
 
-// Have we been passed SUCSsite cookies?
-// If not, test that the login details make sense.
-if (@$_REQUEST['sucssite_loggedin']!="true") {
-  if (empty($username) || empty($password)) {
-    echo json_encode((object) ['error' => 'username and password must both be not empty']);
-    exit;
-  }
+// Test that the login details make sense.
+if (empty($username) || empty($password)) {
+  echo json_encode((object) ['error' => 'username and password must both be not empty']);
+}
 
-  if (ctype_alnum($username) === FALSE) {
-    echo json_encode((object) ['error' => 'alphanumeric usernames only']);
-    exit;
-  }
+if (!preg_match("/^[a-z][a-z0-9_]*$/", $username)) {
+  echo json_encode((object) ['error' => 'invalid characters in username']);
+  exit;
 }
 
-// Have we been asked to create a new Milliways account?
-// If so, make sure that the password supplied is suitable.
-if ($action=="create") {
-  $pass1 = @$_REQUEST['password1'];
-  $pass2 = @$_REQUEST['password2'];
-  
-  if ($pass1 != $pass2) {
-    echo json_encode((object) ['error' => 'Passwords don\'t match - please try again']);
-    exit;	
-  }
+login($mwpoll, $username, $password, true);
 
-  if (empty($pass1)) {
-    echo json_encode((object) ['error' => 'Password cannot be blank']);
-    exit;	
-  }
-	
-  if (ctype_alnum($pass1) === FALSE) {
-    echo json_encode((object) ['error' => 'Milliways passwords can only contain alphanumeric characters']);
-    exit;	
-  }
+function login($mwpoll, $username, $password, $continue) {
+  $desc = array( 
+    0 => array("pipe", "r"),
+    1 => array("pipe", "w"),
+  );
+  $pipes = array();
 
-  if (strlen($pass1) < 6) {
-    echo json_encode((object) ['error' => 'Milliways passwords must be 6 characters or more']);
-    exit;	
-  }
-}
-
-$desc = array( 
-  0 => array("pipe", "r"),
-  1 => array("pipe", "w"),
-);
-$pipes = array();
-
-// Have we got SUCSsite cookies?
-// And no login attempt?
-// If so, fetch the user details and try to log in without a password.
-if (@$_REQUEST['sucssite_loggedin']=="true" && empty($username)) {
-
-  // Do we appear to be in the SUCSsite environment?
-  // There's only any point trying if we do.
-  if (file_exists("../settings.php")) {
-    // Do the bare minimum of SUCSsite init to retrieve the username for the session we've been passed
-    include("../settings.php");
-    // Initialise the database
-    require("/usr/share/php/adodb/adodb.inc.php");
-    $DB = NewADOConnection('postgres9');
-    $DB->Connect('dbname='.$dbname.' user=apache');
-    $DB->SetFetchMode(ADODB_FETCH_ASSOC);
-	
-    // Include the session library
-    require($base."lib/session.php");
-    $session = new Session;
-    // $smarty->assign("session", $session); // This line might be useful?
-    $realuser = $session->username;
-
-    if ($action == "create") {
-      $p = proc_open($mwpoll." -q -a -u ".$realuser." -s", $desc, $pipes);
-    } else {
-      $p = proc_open($mwpoll." -q -u ".$realuser." -s", $desc, $pipes);
-    }
-    $mode = "sucssite";
-  }
-} else {
-  // If not, try logging in with a password.
   $p = proc_open($mwpoll." -q -u $username", $desc, $pipes);
-  $mode = "password";
-}
 
-if (empty($p)) {
-  echo "<h1>No</h1>";	
-  exit;
-}
-
-if ($p === FALSE) {
-  echo json_encode((object) ['error' => 'failed to exec mwpoll']);
-  exit;
-}
+  if (empty($p)) {
+    echo "<h1>No</h1>";	
+    exit;
+  }
 
-if ($mode == "sucssite" && @$_REQUEST['sucssite_loggedin']=="true" && empty($username)) {
-  // If we have a sucssite session cookie, use that
-  fwrite($pipes[0], trim($_REQUEST['sucssite_session'])."\n");
-  if ($action="create") {
-    fwrite($pipes[0], $pass1."\n");
+  if ($p === FALSE) {
+    echo json_encode((object) ['error' => 'failed to exec mwpoll']);
+    exit;
   }
-} else {
+
   // Try logging on using username and password
   if (fwrite($pipes[0], $password."\n") === FALSE) {
     echo "Error writing to mwpoll\n";
   }
-}
 
-$pid = fgets($pipes[1]);
-if ($pid === FALSE) {
-  echo "error reading pid.\n";
-}
+  $pid = fgets($pipes[1]);
+  if ($pid === FALSE) {
+    echo "error reading pid.\n";
+    exit;
+  }
 
-$pid = trim($pid);
-if (!is_numeric($pid)) {
-  if (substr($pid, -10) =="not found.") {
-    // User doesn't exist - ask for a Milliways password so we can create them!
-    echo json_encode((object) ['error' => $pid]);
-    exit;	
+  $pid = trim($pid);
+  if (!is_numeric($pid)) {
+    if (preg_match('/not found/', $pid)) {
+      if ($continue) {
+	createUser($mwpoll, $username, $password);
+      }
+      exit;
+    } else {
+      echo json_encode((object) ['error' => 'Bad response: pid=$pid']);
+      exit;
+    }
   }
+  
+  $auth = fgets($pipes[1]);
 
-  echo json_encode((object) ['error' => 'Bad response: pid=$pid']);
-  exit;
-}
+  if ($auth === FALSE) {
+    echo "Error reading auth string\n";
+  }
 
-$auth = fgets($pipes[1]);
+  $sess = array (
+    "pid" => $pid,
+    "auth" => $auth,
+    "username" => $username
+  );
 
-if ($auth === FALSE) {
-  echo "Error reading auth string\n";
+  $mwsess = serialize($sess);
+  echo "success:" . $mwsess;
 }
 
-$sess = array (
-  "pid" => $pid,
-  "auth" => $auth,
-  "username" => $username
-);
-
-$mwsess = serialize($sess);
-echo "success:" . $mwsess;
+function createUser($mwpoll, $username, $password) {
+  // SUCS LDAP Server
+  $sucsLDAPServer = 'silver.sucs.swan.ac.uk';
+  // Bind String
+  $sucsBindDn = "uid=$username,ou=People,dc=sucs,dc=org";
+
+  // Try and connect to Silver
+  $ldapconnSUCS = ldap_connect($sucsLDAPServer) or die("Could not connect to SUCS LDAP server.");
+
+  if ($ldapconnSUCS) {
+    // Try and bind to SUCS LDAP. Using @ to suppress PHP warining on failure
+    $ldapbindSUCS = @ldap_bind($ldapconnSUCS, $sucsBindDn, $password);
+
+    if ($ldapbindSUCS) {
+      $desc = array( 
+	0 => array("pipe", "r"),
+	1 => array("pipe", "w"),
+      );
+      $pipes = array();
+      // Authed to SUCS lets try and create the user
+      $p = proc_open($mwpoll." -q -a -u $username -s", $desc, $pipes);
+      fwrite($pipes[0], $password . "\n");
+      fwrite($pipes[0], $password . "\n");
+      fclose($pipes[0]);
+      $pid = fgets($pipes[1]);
+      if ($pid === FALSE) {
+	echo json_encode((object) ['error' => 'Error reading pid']);
+      }
+
+      $auth = fgets($pipes[1]);
+      fclose($pipes[1]);
+      proc_close($p);
+      if ($auth === FALSE) {
+	login($mwpoll, $username, $password, false);
+      }
+      exit;
+    } else {
+      echo json_encode((object) ['error' => 'Failed to auth to SUCS']);
+      exit;
+    }
+  } else {
+    echo json_encode((object) ['error' => 'Failed to connect to SUCS LDAP']);
+    exit;
+  }
+}
 ?>