diff --git a/src/web.lisp b/src/web.lisp
index 7df2299..8e9a1a7 100644
--- a/src/web.lisp
+++ b/src/web.lisp
@@ -166,6 +166,62 @@
 		 (progn (utils:set-alert "You are not logged in.")
 			(redirect "/login"))))
 
+(defroute ("/site-settings" :method :GET) ()
+  (hermetic:auth (:administrator)
+		 ;; Authorised
+		 (let ((alert (utils:get-and-reset-alert)))
+		   (render #P"user/site-settings.html"
+			   (append (auth:auth-user-data)
+				   `(:alert ,alert))))
+		 ;; Not Authorised
+		 (progn
+		   (utils:set-alert "You are not authorised to view this page.")
+		   (redirect "/"))))
+
+(defroute ("/users" :method :GET) ()
+  (hermetic:auth (:administrator)
+		 ;; Authorised
+		 (let ((alert (utils:get-and-reset-alert)))	   
+		   (render #P"user/index.html"
+			   (append (auth:auth-user-data)
+				   `(:alert ,alert
+				     :users ,(nera:get-all-users)))))
+		 ;; Not Authorised
+		 (progn
+		   (utils:set-alert "You are not authorised to view this page.")
+		   (redirect "/login"))))
+
+(defroute ("/user/admin/create" :method :POST) ()
+  (destructuring-bind
+      (&key username display-name password password-check
+	 authenticity-token &allow-other-keys)
+      (utils:request-params
+       (lack.request:request-body-parameters ningle:*request*))
+    (cond ((not (string= authenticity-token (auth:csrf-token)))
+	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
+	  ((not (string= password password-check))
+	   (utils:set-alert "Passwords don't match.")
+	   (redirect "/users"))
+	  ((find t (mapcar
+		    #'utils:string-is-nil-or-empty?
+		    `(,username ,display-name ,password)))
+	   (utils:set-alert "Incomplete form. Please fill out every section.")
+	   (redirect "/users"))
+	  ((not (null (nera:get-user username)))
+	   (utils:set-alert "Username already taken.")
+	   (redirect "/users"))
+	  (t (hermetic:auth
+	      (:administrator)
+	      ;; Authorised
+	      (progn
+		(nera-db:create-user username display-name password +false+)
+		(utils:set-alert "Account created.")
+		(redirect "/users"))
+	      ;; Not Authorised
+	      (progn
+		(utils:set-alert "You are not authorised to view that page.")
+		(redirect "/")))))))
+
 (defroute ("/user/edit" :method :GET) ()
   (hermetic:auth (:logged-in)
 		 ;; Authorised