diff --git a/db/db.update.127.sql b/db/db.update.127.sql
new file mode 100644
index 00000000..15ee01cf
--- /dev/null
+++ b/db/db.update.127.sql
@@ -0,0 +1,35 @@
+INSERT INTO `config` (`var`, `val`, `category`, `type`, `type_values`, `ord`, `description`, `year`) VALUES
+('fair_stats_participation', 'yes', 'Science Fairs', 'yesno', '', 100, 'Gather Stats: Student and School Participation (students, gender, and projects) by age group.', -1),
+('fair_stats_schools_ext', 'yes', 'Science Fairs', 'yesno', '', 200, 'Gather Stats: Extended school participation data.<ul>\r\n<li>Number of at-risk schools and students<li>Number of public schools and students<li>Number of private/independent schools and students</ul>', -1),
+('fair_stats_minorities', 'firstnations', 'Science Fairs', 'multisel', 'firstnations=Number of First Nation students|disabled=Number of Disabled students', 300, 'Gather Stats: Participant minority demographics (must be filled in manually by the fair)', -1),
+('fair_stats_guests', 'yes', 'Science Fairs', 'yesno', '', 400, 'Gather Stats: Number of student and public guests (must be filled in manually by the fair)', -1);
+
+ALTER TABLE `fairs_stats` CHANGE `publicschools` `schools_public` INT( 11 ) NOT NULL DEFAULT '0',
+	CHANGE `privateschools` `schools_private` INT( 11 ) NOT NULL DEFAULT '0';
+ALTER TABLE `fairs_stats` ADD `students_public` INT NOT NULL AFTER `projects_11` ;
+ALTER TABLE `fairs_stats` ADD `students_private` INT NOT NULL AFTER `public_schools` ;
+ALTER TABLE `fairs_stats` CHANGE `users_uid` `fairs_id` INT( 11 ) NOT NULL DEFAULT '0';
+ALTER TABLE `fairs_stats` ADD `students_total` INT NOT NULL AFTER `projects_11` ,
+	ADD `schools_total` INT NOT NULL AFTER `students_total` ;
+ALTER TABLE `fairs_stats` CHANGE `innercity` `students_atrisk` INT( 11 ) NOT NULL DEFAULT '0';
+ALTER TABLE `fairs_stats` ADD `schools_atrisk` INT NOT NULL AFTER `students_atrisk` ;
+ALTER TABLE `fairs_stats` ADD `schools_active` INT NOT NULL AFTER `schools_total` ;
+
+ALTER TABLE `fairs_stats` ADD `committee_members` INT NOT NULL AFTER `consideringcareer` ,
+	ADD `judges` INT NOT NULL AFTER `committee_members` ;
+
+CREATE TABLE `fairs` (
+	`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+	`name` TINYTEXT NOT NULL ,
+	`abbrv` VARCHAR( 16 ) NOT NULL ,
+	`type` ENUM( 'feeder', 'sfiab', 'ysf' ) NOT NULL ,
+	`url` TINYTEXT NOT NULL ,
+	`username` varchar( 32 ) NOT NULL ,
+	`password` varchar( 32 ) NOT NULL 
+) ENGINE = MYISAM ;
+
+ALTER TABLE `users_fair` CHANGE `fair_name` `fairs_id` INT NOT NULL;
+ALTER TABLE `users_fair` DROP `fair_abbrv` ;
+
+
+
diff --git a/xmltransport.php b/xmltransport.php
new file mode 100644
index 00000000..293d60ea
--- /dev/null
+++ b/xmltransport.php
@@ -0,0 +1,88 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2005 James Grant <james@lightbox.org>
+   Copyright (C) 2009 David Grant <dave@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require_once('common.inc.php');
+ require_once('user.inc.php');
+ require_once('admin/xml.inc.php');
+
+ $d=xml_parsexml($_POST['xml']);
+ $data = $d['sfiab'][0];
+ 
+ $username = $data['username'][0];
+ $password = $data['password'][0];
+ 
+// echo "Authenticating... ";
+ $username = mysql_escape_string($username);
+ $q=mysql_query("SELECT uid FROM users WHERE username='$username'");
+ if(mysql_num_rows($q) != 1) {
+	 echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
+	 exit;
+ }
+ $i = mysql_fetch_assoc($q);
+ $u = user_load_by_uid($i['uid']);
+ if($u['password'] != $password) {
+	 echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
+	 exit;
+ }
+
+ $response = array();
+ if(array_key_exists('getstats', $data)) {
+	$year = $data['getstats'][0]['year'][0];
+	$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
+		 'fair_stats_minorities', 'fair_stats_guests');
+	foreach($vars as $v) {
+		$response['statconfig'][$v] = $config[$v];
+	}
+	$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
+				AND year='$year'");
+	$response['stats'] = mysql_fetch_assoc($q);
+	unset($response['stats']['id']);
+ }
+
+ if(array_key_exists('stats', $data)) {
+	$stats = array();
+	foreach($data['stats'][0] as $k=>$v) {
+		$stats[$k] = $v[0];
+	}
+	$str = join(',',$stats);
+	$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
+	$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
+	mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
+		AND year='{$stats['year']}'");
+	echo mysql_error();
+	mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
+	echo mysql_error();
+
+	$response['error'] = 0;
+	$response['message'] = 'Stats saved';
+ }
+
+ $output="";
+ xmlCreateRecurse(array('sfiab'=>$response));
+ echo urlencode($output);
+// echo "Success!<br />";
+
+
+?>