diff --git a/db/db.code.version.txt b/db/db.code.version.txt
index 9be0dc9..bf18240 100644
--- a/db/db.code.version.txt
+++ b/db/db.code.version.txt
@@ -1 +1 @@
-228
+229
diff --git a/db/db.update.229.sql b/db/db.update.229.sql
new file mode 100644
index 0000000..f376fc4
--- /dev/null
+++ b/db/db.update.229.sql
@@ -0,0 +1 @@
+ALTER TABLE `emergencycontact` ADD `users_id` INT NULL DEFAULT NULL AFTER `registrations_id`;
diff --git a/register_participants_emergencycontact.php b/register_participants_emergencycontact.php
index eb1c472..90bed9a 100644
--- a/register_participants_emergencycontact.php
+++ b/register_participants_emergencycontact.php
@@ -22,113 +22,37 @@
 */
 ?>
 <?
- require("common.inc.php");
- include "register_participants.inc.php";
- include "user.inc.php";
- 
- //authenticate based on email address and registration number from the SESSION
- if(!$_SESSION['email'])
- {
- 	header("Location: register_participants.php");
-	exit;
- }
- if(!$_SESSION['registration_number'])
- {
- 	header("Location: register_participants.php");
-	exit;
- }
+require("common.inc.php");
+include "register_participants.inc.php";
+include "user.inc.php";
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
- 	"WHERE students.email='".$_SESSION['email']."' ".
-	"AND registrations.num='".$_SESSION['registration_number']."' ". 
-	"AND registrations.id='".$_SESSION['registration_id']."' ".
-	"AND students.registrations_id=registrations.id ".
-	"AND registrations.conferences_id=".$conference['id']." ".
-	"AND students.conferences_id=".$conference['id']);
-echo mysql_error();
+$edit_id = isset($_GET['users_id']) ? intval($_GET['users_id']) : $_SESSION['users_id'];
+if($edit_id != $_SESSION['users_id']) 
+	user_auth_required('admin');
+else
+	user_auth_required();
 
- if(mysql_num_rows($q)==0)
- {
- 	header("Location: register_participants.php");
-	exit;
- 
- }
- $authinfo=mysql_fetch_object($q);
 
- //send the header
- send_header("Participant Registration - Emergency Contact Information");
+if(array_key_exists('action', $_POST)){
+	switch($_POST['action']){
+		case 'save':
+			saveData();
+			break;
+	}
+}
 
- echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
- echo "<br />";
+send_header("Participant Registration - Emergency Contact Information");
 
- $studentstatus=studentStatus();
- if($studentstatus!="complete")
- {
+echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
+echo "<br />";
+
+$studentstatus=studentStatus();
+if($studentstatus!="complete")
+{
 	echo error(i18n("Please complete the <a href=\"register_participants_students.php\">Student Information Page</a> first"));
 	send_footer();
 	exit;
- }
-
-
- if($_POST['action']=="save")
- {
-	if(registrationFormsReceived()) {
-		echo error(i18n("Cannot make changes to forms once they have been received by the fair"));
-	}
-	else if(registrationDeadlinePassed()) {
-		echo error(i18n("Cannot make changes to forms after registration deadline"));
-	}
-	else {
-		//first, lets make sure this emergency contact really does belong to them
-		foreach($_POST['ids'] AS $id)
-		{ 
-			$q=mysql_query("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND conferences_id='".$conference['id']."'");
-			if(mysql_num_rows($q)==1) {
-				$e=stripslashes($_POST['email'][$id]);
-				if($_POST['relation'][$id]=="Parent" && $e && user_valid_email($e)) {
-				   if($u=user_load_by_email($e)) {
-				       $u['firstname']=stripslashes($_POST['firstname'][$id]);
-				       $u['lastname']=stripslashes($_POST['lastname'][$id]);
-				       $u['phonehome']=stripslashes($_POST['phone1'][$id]);
-				       $u['phonework']=stripslashes($_POST['phone2'][$id]);
-				       $u['email']=$e;
-				       $u['types'][]="parent";
-				       user_save($u);
-				   }
-				   else {
-				       $u=user_create("parent",$e);
-				       $u['firstname']=stripslashes($_POST['firstname'][$id]);
-				       $u['lastname']=stripslashes($_POST['lastname'][$id]);
-				       $u['phonehome']=stripslashes($_POST['phone1'][$id]);
-				       $u['phonework']=stripslashes($_POST['phone2'][$id]);
-				       $u['email']=$e;
-				       user_save($u);
-				   }
-				}
-
-				mysql_query("UPDATE emergencycontact SET ".
-						"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$id]))."', ".
-						"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$id]))."', ".
-						"relation='".mysql_escape_string(stripslashes($_POST['relation'][$id]))."', ".
-						"phone1='".mysql_escape_string(stripslashes($_POST['phone1'][$id]))."', ".
-						"phone2='".mysql_escape_string(stripslashes($_POST['phone2'][$id]))."', ".
-						"phone3='".mysql_escape_string(stripslashes($_POST['phone3'][$id]))."', ".
-						"phone4='".mysql_escape_string(stripslashes($_POST['phone4'][$id]))."', ".
-						"email='".mysql_escape_string(stripslashes($_POST['email'][$id]))."' ".
-						"WHERE id='$id'");
-						echo mysql_error();
-				echo notice(i18n("Emergency contact information successfully updated"));
-			}
-			else
-			{
-				echo error(i18n("Invalid emergency contact to update (%1)"),array($id));
-			}
-		}
-	}
- }
-
-
-
+}
 //output the current status
 $newstatus=emergencycontactStatus();
 if($newstatus!="complete")
@@ -140,8 +64,9 @@ else if($newstatus=="complete")
 	echo happy(i18n("Emergency Contact Information Complete"));
 
 }
-
-$sq=mysql_query("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND conferences_id='".$conference['id']."'");
+$user = user_load($_SESSION['users_id']);
+$registrations_id = $user['registrations_id'];
+$sq=mysql_query("SELECT id,firstname,lastname FROM users WHERE registrations_id='$registrations_id' AND conferences_id='".$conference['id']."'");
 $numstudents=mysql_num_rows($sq);
 
 echo "<form name=\"emergencycontactform\" method=\"post\" action=\"register_participants_emergencycontact.php\">\n";
@@ -149,54 +74,139 @@ echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
 
 while($sr=mysql_fetch_object($sq))
 {
-	$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND conferences_id='".$conference['id']."' AND students_id='$sr->id'");
-
-	if(mysql_num_rows($q)==0) {
-		mysql_query("INSERT INTO emergencycontact (registrations_id,students_id,conferences_id) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$conference['id']."')");
-		$id=mysql_insert_id();
-		unset($r);
-	}
-	else {
-		$r=mysql_fetch_object($q);
-		$id=$r->id;
-	}
-
+	$u = user_load($sr->id);
 	echo "<h3>".i18n("Emergency Contact for %1 %2",array($sr->firstname,$sr->lastname))."</h3>";
-	echo "<input type=\"hidden\" name=\"ids[]\" value=\"$id\">";
+	foreach($u['emergencycontacts'] as $contact){
+		drawEmergencyContactForm($sr->id, $contact);
+	}
+	echo "<h5>" . i18n("Add a new emergency contact") . "</h5>";
+	drawEmergencyContactForm($sr->id);
+}
+echo "<input type=\"submit\" value=\"".i18n("Save Emergency Contact Information")."\" />\n";
+echo "</form>";
+send_footer();
+
+/***************** function definitions *****************/
+// draw the form in which emergency contact data is populated/edited
+function drawEmergencyContactForm($userId, $contactInfo = null){
+	static $index = 0;
+	$index++;
+	$showDeleteBox = true;
+	if($contactInfo == null){
+		// we'll use the same variables for drawing the form regardless,
+		// just need to make sure they're defined
+		$contactInfo = array(
+			'firstname' => '',
+			'lastname' => '',
+			'relation' => '',
+			'email' => '',
+			'phone1' => '',
+			'phone2' => '',
+			'phone3' => '',
+			'phone4' => ''
+		);
+		$showDeleteBox = false;
+	}
+
+	echo "<input type=\"hidden\" name=\"ids[]\" value=\"$index\">";
+	echo "<input type=\"hidden\" name=\"userId[$index]\" value=\"$userId\">";
 	echo "<table>\n";
 	echo "<tr>";
-	echo " <td>".i18n("First Name").": </td><td><input type=\"text\" name=\"firstname[$id]\" size=\"20\" value=\"$r->firstname\" />".REQUIREDFIELD."</td>";
-	echo " <td>".i18n("Last Name").": </td><td><input type=\"text\" name=\"lastname[$id]\" size=\"20\" value=\"$r->lastname\" />".REQUIREDFIELD."</td>";
+	echo " <td>".i18n("First Name").": </td><td><input type=\"text\" name=\"firstname[$index]\" size=\"20\" value=\"{$contactInfo['firstname']}\" />".REQUIREDFIELD."</td>";
+	echo " <td>".i18n("Last Name").": </td><td><input type=\"text\" name=\"lastname[$index]\" size=\"20\" value=\"{$contactInfo['lastname']}\" />".REQUIREDFIELD."</td>";
 	echo "</tr>\n";
 	echo "<tr>";
 	echo " <td>".i18n("Relation").": </td><td>";
-    echo "  <select name=\"relation[$id]\">\n";
-    echo "   <option value=\"\">".i18n("Choose a relation")."</option>\n";
-    $relations=array("Parent","Legal Guardian","Grandparent","Family Friend", "Other");
-    foreach($relations AS $rel) {
-        if($r->relation==$rel) $sel="selected=\"selected\""; else $sel="";
-        echo "<option $sel value=\"$rel\">".i18n($rel)."</option>\n";
-    }
-    echo "  </select>\n";
-    echo REQUIREDFIELD."</td>";
-	echo " <td>".i18n("Email Address").": </td><td><input type=\"text\" name=\"email[$id]\" size=\"20\" value=\"$r->email\" /></td>";
+	echo "  <select name=\"relation[$index]\">\n";
+	echo "   <option value=\"\">".i18n("Choose a relation")."</option>\n";
+	$relations=array("Parent","Legal Guardian","Grandparent","Family Friend", "Other");
+	foreach($relations AS $rel) {
+		if($contactInfo['relation'] == $rel) $sel="selected=\"selected\"";
+		else $sel="";
+		echo "<option $sel value=\"$rel\">".i18n($rel)."</option>\n";
+	}
+	echo "  </select>\n";
+	echo REQUIREDFIELD."</td>";
+	echo " <td>".i18n("Email Address").": </td><td><input type=\"text\" name=\"email[$index]\" size=\"20\" value=\"{$contactInfo['email']}\" /></td>";
 	echo "</tr>\n";
 	echo "<tr>";
-	echo " <td>".i18n("Phone 1").": </td><td><input type=\"text\" name=\"phone1[$id]\" size=\"20\" value=\"$r->phone1\" />".REQUIREDFIELD."</td>";
-	echo " <td>".i18n("Phone 2").": </td><td><input type=\"text\" name=\"phone2[$id]\" size=\"20\" value=\"$r->phone2\" /></td>";
+	echo " <td>".i18n("Phone 1").": </td><td><input type=\"text\" name=\"phone1[$index]\" size=\"20\" value=\"{$contactInfo['phone1']}\" />".REQUIREDFIELD."</td>";
+	echo " <td>".i18n("Phone 2").": </td><td><input type=\"text\" name=\"phone2[$index]\" size=\"20\" value=\"{$contactInfo['phone2']}\" /></td>";
 	echo "</tr>\n";
 	echo "<tr>";
-	echo " <td>".i18n("Phone 3").": </td><td><input type=\"text\" name=\"phone3[$id]\" size=\"20\" value=\"$r->phone3\" /></td>";
-	echo " <td>".i18n("Phone 4").": </td><td><input type=\"text\" name=\"phone4[$id]\" size=\"20\" value=\"$r->phone4\" /></td>";
+	echo " <td>".i18n("Phone 3").": </td><td><input type=\"text\" name=\"phone3[$index]\" size=\"20\" value=\"{$contactInfo['phone3']}\" /></td>";
+	echo " <td>".i18n("Phone 4").": </td><td><input type=\"text\" name=\"phone4[$index]\" size=\"20\" value=\"{$contactInfo['phone4']}\" /></td>";
 	echo "</tr>\n";
+	if($showDeleteBox){
+		echo "<tr><td colspan = 2><label>" . i18n("Remove this contact") . " <input type=\"checkbox\" name=\"delete[$index]\" value=\"yes\"></label></td></tr>";
+	}
 	echo "</table>";
 	echo "<br />";
-	echo "<br />";
+}
 
- }
- echo "<input type=\"submit\" value=\"".i18n("Save Emergency Contact Information")."\" />\n";
- echo "</form>";
+// save the posted contact info data
+function saveData(){
+	global $conference;
+	$currentUser = user_load($_SESSION['users_id']);
+	$registrations_id = $currentUser['registrations_id'];
+	$newContacts = array();
+	foreach($_POST['ids'] as $postIndex){
+		if(substr($postIndex, 0, 4) == 'new_'){
+			// we're creating a new contact, and linking them to the user whose ID is in the contactId tag
+			$userId = intval(substr($postIndex, 4));
+		}else if(is_numeric($postIndex)){
+			// we're updating an existing contact
+			$userId = $_POST['userId'][$postIndex];
+		}else{
+			// invalid contact Id
+			continue;
+		}
 
+		// let's make sure this user ID is a valid one and one which we can update with this post
+		$query = "SELECT COUNT(*) AS tally FROM users WHERE id = $userId AND registrations_id='$registrations_id' AND conferences_id='{$conference['id']}'";
+		$row = mysql_fetch_assoc(mysql_query($query));
+		if($row['tally'] != 1){
+			// not a user whose contacts we're allowed to update
+			continue;
+		}
+
+		// don't add contact info from an empty form
+		$emptyFields = true;
+		foreach(array('firstname', 'lastname', 'relation', 'email', 'phone1', 'phone2', 'phone3', 'phone4') as $idx){
+			if($_POST[$idx][$postIndex] != ''){
+				$emptyFields = false;
+				break;
+			}
+		}
+		if($emptyFields) continue;
+
+		if(array_key_exists('delete', $_POST) && array_key_exists($postIndex, $_POST['delete'])){
+			if($_POST['delete'][$postIndex] == 'yes'){
+				continue;
+			}
+		}
+
+		if(!array_key_exists($userId, $newContacts)){
+			$newContacts[$userId] = array();
+		}
+
+		$newContacts[$userId][] = array(
+			'firstname' => mysql_real_escape_string($_POST['firstname'][$postIndex]),
+			'lastname' => mysql_real_escape_string($_POST['lastname'][$postIndex]),
+			'relation' => mysql_real_escape_string($_POST['relation'][$postIndex]),
+			'email' => mysql_real_escape_string($_POST['email'][$postIndex]),
+			'phone1' => mysql_real_escape_string($_POST['phone1'][$postIndex]),
+			'phone2' => mysql_real_escape_string($_POST['phone2'][$postIndex]),
+			'phone3' => mysql_real_escape_string($_POST['phone3'][$postIndex]),
+			'phone4' => mysql_real_escape_string($_POST['phone4'][$postIndex])
+		);
+	}
+	// we've scraped together the new contact info, now let's update each of the users
+	foreach($newContacts as $userId => $contactList){
+		$u = user_load($userId);
+		$u['emergencycontacts'] = $contactList;
+		user_save($u);
+	}
+}
 
- send_footer();
 ?>
diff --git a/user.inc.php b/user.inc.php
index 4569298..7178d13 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -93,6 +93,16 @@ function user_load($users_id, $accounts_id = false)
 		 * a new role */
 	}
 
+	// not sure if this is the best place to add it, but if the user is a student, add their emergency contacts
+	if(array_key_exists('participant', $u['roles'])){
+		$u['emergencycontacts'] = array();
+		$fields = array('id', 'firstname', 'lastname', 'relation', 'phone1', 'phone2', 'phone3', 'phone4', 'email');
+		$q = mysql_query("SELECT " . implode(',', $fields) . " FROM emergencycontact WHERE users_id = $users_id");
+		while($row = mysql_fetch_assoc($q)){
+			$u['emergencycontacts'][] = $row;
+		}
+	}
+
 	// get a list of all fields relevant to this user
 	$fieldDat = user_get_fields(array_keys($u['roles']));
 	// we need to separate the fields that are in the users table from those in separate tables
@@ -809,6 +819,34 @@ function user_save(&$u)
 		}
 	}
 
+	if( // if this user has emergency contacts ...
+	// not sure if this is the best place to add it, but if the user is a student, add their emergency contacts
+		array_key_exists('emergencycontacts', $u)
+	){
+		mysql_query("DELETE FROM emergencycontact WHERE users_id = {$u['id']}");
+		if(mysql_error() != '') return "SQLERR6: " . mysql_error();
+		if(count($u['emergencycontacts']) > 0){
+			$query = "INSERT INTO emergencycontact (users_id, firstname, lastname, relation, phone1, phone2, phone3, phone4, email, conferences_id) VALUES ";
+			$queryParts = array();
+			foreach($u['emergencycontacts'] as $contact){
+				$queryParts[] = "(". $u['id'] . ",'" .
+					$contact['firstname'] . "','" . 
+					$contact['lastname'] . "','" .
+					$contact['relation'] . "','" .
+					$contact['phone1'] . "','" .
+					$contact['phone2'] . "','" .
+					$contact['phone3'] . "','" .
+					$contact['phone4'] . "','" .
+					$contact['email'] . "'," .
+					$conference['id'] . ") ";
+			}
+			$query .= implode(',', $queryParts);
+			mysql_query($query);
+		}
+		if(mysql_error() != '') return "SQLERR7: " . mysql_error();
+	}
+
+
 	/* Record all the data in orig that we saved so subsequent
 	 * calls to user_save don't try to overwrite data already
 	 * saved to the database */