diff --git a/account.inc.php b/account.inc.php
index d01f439..0b787e8 100644
--- a/account.inc.php
+++ b/account.inc.php
@@ -198,6 +198,12 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
 	global $config;
 	global $conference;
 
+	//if we get role as a type string instead of an id (eg, 'teacher'), lets just look it up
+	if(!is_numeric($roles_id)) {
+		$tq=mysql_query("SELECT id FROM roles WHERE type='".mysql_real_escape_string($roles_id)."'");
+		$tr=mysql_fetch_object($tq);
+		$roles_id=$tr->id;
+	}
 	// avoid injections
 	$accounts_id=intval($accounts_id);
 	$roles_id=intval($roles_id);
diff --git a/admin/schools.php b/admin/schools.php
index 2f2a1cc..8fcd772 100644
--- a/admin/schools.php
+++ b/admin/schools.php
@@ -66,6 +66,48 @@ if($_POST['action']=="removeuser") {
 	echo "ok";
 	exit;
 }
+else if($_POST['action']=="adduser") {
+	/* we have the following to work with:
+		accounts_id, conferenceid, field, role, username, users_id
+		*/
+	
+	//if accounts_id is 0, it means its a new user
+	$accounts_id=intval($_POST['accounts_id']);
+	$conferenceid=intval($_POST['conferenceid']);
+	$schoolid=intval($_POST['schoolid']);
+
+	if($accounts_id==0) {
+		$a=account_create($_POST['username']);
+		if(isEmailAddress($_POST['username']))
+			account_set_email($a['id'],$_POST['username']);
+		//and load it again, just so we have the most up-to-date
+		$a=account_load($a['id']);
+	}
+	else
+		$a=account_load($accounts_id);
+
+	//now lets add the role -- this fails gracefully if they already have the role, or if its added, in both cases it returns 'ok'
+	$ret=account_add_role($a['id'],$_POST['role'],$conferenceid);
+
+	//we still need the user id
+	$u=user_load_by_accounts_id($a['id']);
+
+	if($ret=='ok' && $u['id']) {
+		mysql_query("UPDATE schools SET `".mysql_real_escape_string($_POST['field'])."`='{$u['id']}' WHERE id='$schoolid'");
+		echo mysql_error();
+		//and update the users schools_id, yes, maybe we should use the user object and user_save() but the single query here is easier and probably waaaaaay faster
+		mysql_query("UPDATE users SET schools_id='$schoolid' WHERE id='{$u['id']}'");
+		echo mysql_error();
+		echo "ok";
+	}
+	else {
+		echo "error\n";
+		echo "ret=$ret\n";
+		echo "u="; print_r($u);
+		//error ?
+	}
+	exit;
+}
 
 if($_GET['action']=='loaduser') {
 	$schoolid=intval($_GET['schoolid']);
@@ -82,7 +124,7 @@ if($_GET['action']=='loaduser') {
 	if($r->userid > 0) {
 		//we already have one, so just display teh details, with the option to remove or edit
 		echo "<td align=\"right\">";
-		echo "<a onclick=\"alert('not implemented yet'); return false;\" href=\"?edit=$r->id\"><img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\"></a>";
+		echo "<a onclick=\"return openeditor($r->userid); return false;\" href=\"#\"><img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\"></a>";
 		echo "&nbsp;";
 		echo "<a onclick=\"return removeUserFromSchool('$role',$schoolid)\"
 		href=\"#\"><img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\"></a>";
@@ -102,11 +144,13 @@ if($_GET['action']=='loaduser') {
 
 }
 
+
+
 function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
 	echo "<!--begin emit_user_selector ($name,$conferenceid,$role,$allowcreate)-->\n";
 	echo "<input type=\"hidden\" id=\"{$name}_role\" name=\"{$name}_role\" value=\"$role\">";
 	echo "<input type=\"hidden\" id=\"{$name}_conferenceid\" name=\"{$name}_conferenceid\" value=\"$conferenceid\">";
-	echo "<input type=\"text\" class=\"user_select_autocomplete\" size=\"40\" id=\"{$name}\" name=\"{$name}\">";
+	echo "<input type=\"text\" class=\"user_select_autocomplete\" size=\"45\" id=\"{$name}\" name=\"{$name}\">";
 	echo "<!--end emit_user_selector-->\n";
 }
 
@@ -121,84 +165,6 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
 
 		$atrisk = $_POST['atrisk'] == 'yes' ? 'yes' : 'no';
 
-/*
-			"sciencehead='".mysql_escape_string(stripslashes($_POST['sciencehead']))."', ".
-			"scienceheadphone='".mysql_escape_string(stripslashes($_POST['scienceheadphone']))."', ".
-			"scienceheademail='".mysql_escape_string(stripslashes($_POST['scienceheademail']))."', ".
-			"principal='".mysql_escape_string(stripslashes($_POST['principal']))."', ".
-*/
-
-		/* Get the uids for principal/science head */
-		$q = mysql_query("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
-		$i = mysql_fetch_assoc($q);
-
-		$principal_update = '';
-		$sciencehead_update = '';
-
-		list($first, $last) = explode(' ', $_POST['principal'], 2);
-		/* Load existing entry if it exists, else make an entry if
-		 * there is data, else, do nothing */
-		if($i['principal_uid'] > 0) 
-			$pl = user_load($i['principal_uid']);
-		else if($first != '' && $last != '') {
-			$pl = user_create('principal', "*$first$last".user_generate_password());
-			$principal_update = "principal_uid='{$pl['uid']}',";
-		} else 
-			$pl = false;
-
-		/* If we loaded or created an entry, either
-		 * update and save, or purge it */
-		if(is_array($pl)) {
-			if($first == '' && $last == '') {
-				user_purge($pl, 'principal');
-				$principal_update = 'principal_uid=NULL,';
-			} else {
-				$pl['firstname'] = $first;
-				$pl['lastname'] = $last;
-				user_save($pl);
-			}
-		} 
-
-
-		/* Get info about science head */
-		list($first, $last) = explode(' ', $_POST['sciencehead'], 2);
-		$em = $_POST['scienceheademail'];
-		if($em == '' && ($first != '' || $last != '')) $em = "*$first$last".user_generate_password();
-		/* Load existing record, or create new if there's something
-		 * to insert */
-		$sh = false;
-		if($i['sciencehead_uid'] > 0) {
-			$sh = user_load($i['sciencehead_uid']);
-			/* It's possile for sh to be false now, happens when the user is
-			 * deleted outside the school editor, this condition needs to be
-			 * fixed.  If we let it go, the saving the teacher info will
-			 * silently fail.  So let's just create a new teacher */
-
-			if(is_array($sh) && ($em != $sh['email'] || $em=='')) {
-				/* If the emails don't match we have no way of knowing if we're creating a different
-				 * user, or doing a correction, assume it's a different user */
-				 user_purge($sh, 'teacher');
-				 $sh = false;
-			}
-		}
-
-		/* If there was no teacher loaded, or if we just purged it, create a new one
-		 * if there's an email address */
-		if($sh == false && $em != '')  {
-			$sh = user_create('teacher', $em);
-			$sciencehead_update = "sciencehead_uid='{$sh['uid']}',";
-		}
-
-		/* If we have a record update it */
-		if(is_array($sh)) {
-			$sh['firstname'] = $first;
-			$sh['lastname'] = $last;
-			$sh['phonework'] = $_POST['scienceheadphone'];
-			$sh['email'] = $em; 
-			$sh['username'] = $em; 
-			user_save($sh);
-		}
-
 		$exec="UPDATE schools SET ".
 			"school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
 			"schoollang='".mysql_escape_string(stripslashes($_POST['schoollang']))."', ".
@@ -218,7 +184,6 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
 			"projectlimit='".mysql_escape_string(stripslashes($_POST['projectlimit']))."', ".
 			"projectlimitper='".mysql_escape_string(stripslashes($_POST['projectlimitper']))."', ".
 			"accesscode='".mysql_escape_string(stripslashes($_POST['accesscode']))."', ".
-			$sciencehead_update.$principal_update.
 			"atrisk='$atrisk' ".
 			"WHERE id='$id'";
 		mysql_query($exec);
@@ -229,8 +194,7 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
 		else
 			$notice = 'saved';
 	}
-	else if($_POST['action'] == "save_participation")
-	{
+	else if($_POST['action'] == "save_participation") {
 		// update the schools' participation in fairs an olympics to reflect the settings submitted
 		$olympicSet = array();
 		$fairSet = array();
@@ -258,6 +222,9 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
 			$q=mysql_query("SELECT * FROM schools WHERE conferences_id=$oldConfId");
 
 			while($r=mysql_fetch_object($q)) {
+				//FIXME: we need to roll the userid's to new ones for the new conference, if we use the same ones its not gonna work
+				//nobody should be copying for now, so we should be safe for a few months
+				//2011-02-22
 				$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
 				$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
 
@@ -300,8 +267,7 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
 
 	if($_GET['action']=="makeaccesscodes") {
 		$q=mysql_query("SELECT id FROM schools WHERE conferences_id='{$conference['id']}' AND (accesscode IS NULL OR accesscode='')");
-		while($r=mysql_fetch_object($q))
-		{
+		while($r=mysql_fetch_object($q)) {
 			$ac=generatePassword(5);
 			mysql_query("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND conferences_id='{$conference['id']}'");
 
@@ -345,30 +311,12 @@ function updateUser(role,schoolid) {
 			var field=$(this).attr("name");
 			var conferenceid=$("#"+field+'_conferenceid').val();
 			var role=$("#"+field+'_role').val();
-			if(accounts_id==0) {
-				//awesome, we can just post to the API!!
-				alert("Creating new account with username: "+username+" role: "+role+" schoolid: "+schoolid+" conferenceid: "+conferenceid);
-				/*
-				$.post("../api/account/create",{username: username},function(d) {
-					if(d.status=="ok") {
-						alert('successfully created account');
-					}
-					else {
-						alert('error creating account');
-					}
-				},"json");
 
-*/
-			}
-			else {
-				alert('selecting account id: '+accounts_id);
-				if(users_id==0) {
-					alert('Creating new user record for this account/conference');
-				} else {
-					alert('selecing users id: '+users_id);
-				}
-			}
-			$(this).prev().val(users_id);
+			var options={action: 'adduser', accounts_id: accounts_id, users_id: users_id, username: username, field: field, conferenceid: conferenceid, schoolid: global_schoolid, role: role };
+
+			$.post("schools.php",options,function() {
+				updateUser(role,global_schoolid);
+				});
 			}
 		});
 	});