diff --git a/conf/messages.php b/conf/messages.php
index 01c807799..62d5b1fda 100644
--- a/conf/messages.php
+++ b/conf/messages.php
@@ -31,13 +31,13 @@
 
 $_owa_messages = array(
 
-// Login related
 2000 => array("An e-mail containing instructions on how to complete the password reset process has been sent to %s",1),
 2001 => array("The e-mail <B>%s</B> was not found in our database. Please check the address and try again.",1),
 2002 => array("<B>Login Failed</B>. Your user name or password did not match.",0),
 2003 => array("Your Account lacks the necessary priviledges to access the requested resource.",0),
 2004 => array("You must login to access the requested resource.",0),
 2010 => array("Sucess. Logout Complete.",0),
+2011 => array("Error. Can't find your temporary passkey in the db.",0),
 
 // Options/Configuration related
 2500 => array("Options Saved.",0),
@@ -53,9 +53,11 @@
 3003 => array("Success. User profile saved.",0),
 3004 => array("Success. User acount deleted."),
 3005 => array("Enter Your New Password", 0),
-3006 => array("Success. Your password will be changed shortly. This may take a few minutes.",0),
+3006 => array("Success. Please login with your new password.",0),
 3007 => array("Error. Your passwords must match.",0),
 3008 => array("Error. Your password must be %s characters long.", 1),
+3009 => array("Error. A user with that email address already exists.", 0),
+3010 => array("A user with that email address does not exist.", 0),
 
 //sites management
 3200 => array("Error. Please fill in all required fields.",0),
diff --git a/modules/base/classes/entityManager.php b/modules/base/classes/entityManager.php
index 35b623901..21dc7d8bc 100644
--- a/modules/base/classes/entityManager.php
+++ b/modules/base/classes/entityManager.php
@@ -183,7 +183,7 @@ function create() {
 	 */
 	function update($where = '') {	
 		
-		$this->entity->update($where);
+		return $this->entity->update($where);
 		
 	}
 	
diff --git a/modules/base/classes/mailer.php b/modules/base/classes/mailer.php
index 09699f28d..1f18c562e 100644
--- a/modules/base/classes/mailer.php
+++ b/modules/base/classes/mailer.php
@@ -88,7 +88,7 @@ function sendMail() {
 			return $this->e->debug(sprintf("Mailer Failure. Was not able to send to %s with subject of '%s'. Error Msgs: '%s'", $this->mailer->to, $this->mailer->Subject, $this->mailer->ErrorInfo));
 			
 		else:
-			return $this->e->debug(sprintf("Mail sent to %s with the subject of '%s'.", $this->mailer->to, $this->mailer->Subject));
+			return $this->e->debug(sprintf("Mail sent to %s with the subject of '%s'.", $this->mailer->to[0], $this->mailer->Subject));
 		endif;
 		
 		
diff --git a/modules/base/loginForm.php b/modules/base/loginForm.php
index 948725a8b..ccf706826 100644
--- a/modules/base/loginForm.php
+++ b/modules/base/loginForm.php
@@ -18,7 +18,6 @@
 
 require_once(OWA_BASE_DIR.'/owa_view.php');
 require_once(OWA_BASE_DIR.'/owa_controller.php');
-require_once(OWA_BASE_DIR.'/owa_auth.php');
 
 /**
  * Login Form Controller
diff --git a/modules/base/passwordResetRequest.php b/modules/base/passwordResetRequest.php
index add3fd36b..d0d2c0b18 100644
--- a/modules/base/passwordResetRequest.php
+++ b/modules/base/passwordResetRequest.php
@@ -39,36 +39,43 @@ function owa_passwordResetRequestController($params) {
 	
 	function __construct($params) {
 		
-		return parent::__construct($params);
+		parent::__construct($params);
+		
+		$v1 = owa_coreAPI::validationFactory('entityDoesNotExist');
+		$v1->setConfig('entity', 'base.user');
+		$v1->setConfig('column', 'email_address');
+		$v1->setValues($this->getParam('email_address'));
+		$v1->setErrorMessage($this->getMsg(3010));
+		$this->setValidation('email_address', $v1);
+		
+		return;
 	}
 	
 	function action() {
+				
+		// Log password reset request to event queue
+		$eq = &eventQueue::get_instance();
 		
-		// Check to see if this email exists in the db
-		// fetch user object from the db
-		$u = owa_coreAPI::entityFactory('base.user');
-		$u->getByColumn('email_address', $this->getParam('email_address'));
-		$uid = $u->get('user_id');	
-		
-		// If user exists then fire event and return view
-		if (!empty($uid)) {
-			
-			// Log password reset request to event queue
-			$eq = &eventQueue::get_instance();
-			$eq->log(array('user_id' => $uid), 'base.reset_password');
-		
-			// return view
-			$this->setView('base.passwordResetForm');
-			$this->set('status_msg', $this->getMsg(2000, $this->getParam('email_address')));	
-			
-		// if user does not exists just return view with error
-		} else {
-			$this->setView('base.passwordResetForm');
-			$this->set('error_msg', $this->getMsg(2001, $this->getParam('email_address')));
-		}
-		
+		$eq->log(array('email_address' => $this->getParam('email_address')), 'base.reset_password');
+	
+		// return view
+		$this->setView('base.passwordResetForm');
+		$email_address = $this->getParam('email_address');
+		$msg = $this->getMsg(2000, $email_address);
+		$this->set('status_msg', $msg);	
+							
 		return;
 	}
+	
+	function errorAction() {
+	
+		$this->setView('base.passwordResetForm');
+		$this->set('error_msg', $this->getMsg(2001, $this->getParam('email_address')));
+		return;
+	}
+	
+	
+	
 }
 
 
diff --git a/modules/base/sitesAdd.php b/modules/base/sitesAdd.php
index baa52cc15..3a9cec03a 100644
--- a/modules/base/sitesAdd.php
+++ b/modules/base/sitesAdd.php
@@ -130,14 +130,13 @@ function action() {
 	
 	function errorAction() {
 		
-		$data['view_method'] = 'delegate'; 
-		$data['view'] = 'base.options';
-		$data['subview'] = 'base.sitesProfile';
-		$data['error_code'] = 3307;
-		$data['site'] = $this->params;	
-		$data['validation_errors'] = $this->getValidationErrorMsgs();
+		$this->setView('base.options');
+		$this->setSubview('base.sitesProfile');
+		$this->set('error_code', 3309);
+		$this->set('site', $this->params);	
+		//$data['validation_errors'] = $this->getValidationErrorMsgs();
 	
-		return $data;
+		return;
 	}
 	
 }
diff --git a/modules/base/templates/users.tpl b/modules/base/templates/users.tpl
index cd20f32a2..8e7faef58 100644
--- a/modules/base/templates/users.tpl
+++ b/modules/base/templates/users.tpl
@@ -13,6 +13,7 @@
 			<TR>
 				<TH>User ID</TH>
 				<TH>Real Name</TH>
+				<TH>Email Address</TH>
 				<TH>Role</TH>
 				<TH>Last Updated</TH>
 				<TH>Options</TH>
@@ -23,6 +24,7 @@
 			<TR>
 				<TD><?=$value['user_id'];?></TD>
 				<TD><?=$value['real_name'];?></TD>
+				<TD><?=$value['email_address'];?></TD>
 				<TD><?=$value['role'];?></TD>
 				<TD><?=date("F j, Y, g:i a", $value['last_update_date']);?></TD>
 				<TD><a href="<?=$this->makeLink(array('do' => 'base.usersProfile', 'edit' => true, 'user_id' => $value['user_id']));?>">Edit</a>  
diff --git a/modules/base/usersAdd.php b/modules/base/usersAdd.php
index 8ecbea6d9..229bc53eb 100644
--- a/modules/base/usersAdd.php
+++ b/modules/base/usersAdd.php
@@ -40,56 +40,68 @@ function owa_usersAddController($params) {
 	
 	function __construct($params) {
 	
+		parent::__construct($params);
+		
 		$this->setRequiredCapability('edit_users');
-		return parent::__construct($params);
+		
+		// Check for user with the same email address
+		// this is needed or else the change password feature will not know which account
+		// to chane the password for.
+		$v1 = owa_coreAPI::validationFactory('entityExists');
+		$v1->setConfig('entity', 'base.user');
+		$v1->setConfig('column', 'email_address');
+		$v1->setValues($this->getParam('email_address'));
+		$v1->setErrorMessage($this->getMsg(3009));
+		$this->setValidation('email_address', $v1);
+		
+		// Check user name.
+		$v2 = owa_coreAPI::validationFactory('entityExists');
+		$v2->setConfig('entity', 'base.user');
+		$v2->setConfig('column', 'user_id');
+		$v2->setValues($this->getParam('user_id'));
+		$v2->setErrorMessage($this->getMsg(3001));
+		$this->setValidation('user_id', $v2);
+
+		return;
 	}
 	
 	function action() {
+				
+		$userManager = owa_coreApi::supportClassFactory('base', 'userManager');				
+				
+				
+		$user_params = array( 'user_id' 		=> $this->params['user_id'],
+							  'real_name' 		=> $this->params['real_name'],
+						      'role'			=> $this->params['role'],
+							  'email_address' 	=> $this->params['email_address']); 
+							          
+		$temp_passkey = $userManager->createNewUser($user_params);
 		
-		$u = owa_coreApi::entityFactory('base.user');
+		// log account creation event to event queue
+		$eq = &eventQueue::get_instance();
+		$eq->log(array( 'user_id' 	=> $this->params['user_id'],
+						'real_name' => $this->params['real_name'],
+						'role' 		=> $this->params['role'],
+						'email_address' => $this->params['email_address'],
+						'temp_passkey' => $temp_passkey), 
+						'base.new_user_account');
 		
-		//Check to see if user name already exists
-		$u->getByColumn('user_id', $this->params['user_id']);
-			
-		$id = $u->get('id');
 		
-		// Set user object Params
-		if (empty($id)):
-		
-			$userManager = owa_coreApi::supportClassFactory('base', 'userManager');				
-					
-					
-			$user_params = array( 'user_id' 		=> $this->params['user_id'],
-								  'real_name' 		=> $this->params['real_name'],
-							      'role'			=> $this->params['role'],
-								  'email_address' 	=> $this->params['email_address']); 
-								          
-			$temp_passkey = $userManager->createNewUser($user_params);
-			
-			// log account creation event to event queue
-			$eq = &eventQueue::get_instance();
-			$eq->log(array( 'user_id' 	=> $this->params['user_id'],
-							'real_name' => $this->params['real_name'],
-							'role' 		=> $this->params['role'],
-							'email_address' => $this->params['email_address'],
-							'temp_passkey' => $temp_passkey), 
-							'base.new_user_account');
-			
-			
-			$this->setRedirectAction('base.users');
-			$this->set('status_code', 3000);
-			
-		//Send user and back to form to pick a new user name.
-		else:
-			
-			$this->setView('base.options');
-			$this->setSubview('base.usersProfile');
-			$this->set('error_code', 3001);
-			//assign original form data so the user does not have to re-enter the data
-			$this->set('user', $this->params);
-		endif;
+		$this->setRedirectAction('base.users');
+		$this->set('status_code', 3000);
+				
+		return;
+	}
+	
+	function errorAction() {
+		$this->setView('base.options');
+		$this->setSubview('base.usersProfile');
+		$this->set('error_code', 3009);
+		//assign original form data so the user does not have to re-enter the data
+		$this->set('profile', $this->params);
 		
 		return;
+		
 	}
 	
 }
diff --git a/modules/base/usersChangePassword.php b/modules/base/usersChangePassword.php
index b93f04258..e4d7c9dcc 100644
--- a/modules/base/usersChangePassword.php
+++ b/modules/base/usersChangePassword.php
@@ -64,7 +64,7 @@ function __construct($params) {
 	}
 	
 	function action() {
-		exit;
+		
 		$auth = &owa_auth::get_instance();
 		$status = $auth->authenticateUserTempPasskey($this->params['k']);
 			
@@ -74,11 +74,11 @@ function action() {
 			$new_password = array('key' => $this->params['k'], 'password' => $auth->encryptPassword($this->params['password']), 'ip' => $_SERVER['REMOTE_ADDR']);
 			$eq->log($new_password, 'base.set_password');
 			$auth->deleteCredentials();	
-			$this->setRedirectAction('base.login');
+			$this->setRedirectAction('base.loginForm');
 			$this->set('status_code', 3006);
 		} else {
-			$this->setRedirectAction('base.login');
-			$this->set('error_code', 000000); // can't find key in the db
+			$this->setRedirectAction('base.loginForm');
+			$this->set('error_code', 2011); // can't find key in the db
 		}
 				
 		return;
diff --git a/modules/base/usersResetPassword.php b/modules/base/usersResetPassword.php
index 4d16ef56a..c3132a4d7 100644
--- a/modules/base/usersResetPassword.php
+++ b/modules/base/usersResetPassword.php
@@ -35,23 +35,30 @@
 class owa_usersResetPasswordController extends owa_controller {
 	
 	function owa_usersResetPasswordController($params) {
-		$this->owa_controller($params);
 		
+		return owa_usersResetPasswordController::__construct($params);
+	}
+	
+	function __construct($params) {
+	
+		return parent::__construct($params);
 	}
 	
 	function action() {
 		$auth = &owa_auth::get_instance();
 		$u = owa_coreAPI::entityFactory('base.user');
-		$u->getByColumn('user_id', $this->getParam('user_id'));
-		$u->set('temp_passkey', $auth->generateTempPasskey($this->getParam('user_id')));
+		$u->getByColumn('email_address', $this->getParam('email_address'));
+		$u->set('temp_passkey', $auth->generateTempPasskey($u->get('user_id')));
 		$status = $u->update();
-
+		$this->e->debug('status: '.$status);
 		if ($status === true):
 	
 			$this->setView('base.usersResetPassword');
 			$this->set('key', $u->get('temp_passkey'));
 			$this->set('email_address', $u->get('email_address'));
 			
+		else:
+			$this->e->debug("could not update password in db.");	
 		endif;
 		
 		return;
@@ -89,7 +96,7 @@ function render($data) {
 		$this->body->set_template('users_reset_password_email.tpl');
 		$this->body->set('key', $this->get('key'));
 		$this->setMailSubject('Your New OWA Password');	
-		$this->addMailToAddress($this->get('email_address'));
+		$this->addMailToAddress($this->get('email_address')); 
 		
 		return;
 		
diff --git a/owa_base.php b/owa_base.php
index 5b0709472..d918be618 100644
--- a/owa_base.php
+++ b/owa_base.php
@@ -100,7 +100,12 @@ function __construct() {
 	 */
 	function getMsg($code, $s1 = null, $s2 = null, $s3 = null, $s4 = null) {
 		
-		include_once(OWA_DIR.'conf/messages.php');
+		static $_owa_messages;
+		
+		if (empty($_owa_messages)) {
+			
+			require_once(OWA_DIR.'conf/messages.php');
+		}
 		
 		switch ($_owa_messages[$code][1]) {
 			
diff --git a/owa_controller.php b/owa_controller.php
index c070dbc00..b1d772435 100644
--- a/owa_controller.php
+++ b/owa_controller.php
@@ -216,26 +216,23 @@ function doAction() {
 		// set site_id
 		$this->set('site_id', $this->get('site_id'));
 				
-		/*
-		
 		// set status msg - NEEDED HERE? doesnt owa_ view handle this?
-		if (!empty($this->params['status_code'])):
-			$this->data['status_msg'] = $this->getMsg($this->params['status_code']);
+		if (array_key_exists('status_code', $this->params)):
+			$this->set('status_code', $this->getParam('status_code'));
 		endif;
 		
 		// get error msg from error code passed on the query string from a redirect.
-		if (!empty($this->params['error_code'])):
-			$this->data['error_msg'] = $this->getMsg($this->params['error_code']);
+		if (array_key_exists('error_code', $this->params)):
+			$this->set('error_code', $this->getParam('error_code'));
 		endif;
-		
-		*/
 		 
 		// check to see if the controller has created a validator
 		if (!empty($this->v)):
 			// if so do the validations required
 			$this->v->doValidations();
-			//check for erros
+			//check for errors
 			if ($this->v->hasErrors === true):
+				//print_r($this->v);
 				// if errors, do the errorAction instead of the normal action
 				$this->set('validation_errors', $this->getValidationErrorMsgs());
 				$ret = $this->errorAction();
diff --git a/owa_lib.php b/owa_lib.php
index 819bfd572..87b1328f1 100644
--- a/owa_lib.php
+++ b/owa_lib.php
@@ -555,8 +555,21 @@ function makeLinkQueryString($query_params) {
 	
 	function getRequestParams() {
 		
+		$params = array();
+		
+		if (!empty($_POST)) {
+			$params = $_POST;
+		} else {
+			$params = $_GET;
+		}
+		
+		if (!empty($_COOKIE)) {
+			
+			$params = array_merge($params, $_COOKIE);
+		}
+		
 		// Clean Input arrays
-		$params = owa_lib::inputFilter($_REQUEST);
+		$params = owa_lib::inputFilter($params);
 		
 		return owa_lib::stripParams($params);
 	}
diff --git a/owa_view.php b/owa_view.php
index a43ba331d..4e243e2ad 100644
--- a/owa_view.php
+++ b/owa_view.php
@@ -694,7 +694,11 @@ function setMailSubject($sbj) {
 		return;
 	}
 	
-	function addMailToAddress($email, $name) {
+	function addMailToAddress($email, $name = '') {
+		
+		if (empty($name)) {
+			$name = $email;
+		}
 		
 		$this->po->mailer->AddAddress($email, $name);
 		return;
diff --git a/plugins/validations/entityDoesNotExist.php b/plugins/validations/entityDoesNotExist.php
new file mode 100644
index 000000000..b798db87a
--- /dev/null
+++ b/plugins/validations/entityDoesNotExist.php
@@ -0,0 +1,71 @@
+<?php
+
+//
+// Open Web Analytics - An Open Source Web Analytics Framework
+//
+// Copyright 2006 Peter Adams. All rights reserved.
+//
+// Licensed under GPL v2.0 http://www.gnu.org/copyleft/gpl.html
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// $Id$
+//
+
+/**
+ * Sub String Position Validation
+ * 
+ * @author      Peter Adams <peter@openwebanalytics.com>
+ * @copyright   Copyright &copy; 2006 Peter Adams <peter@openwebanalytics.com>
+ * @license     http://www.gnu.org/copyleft/gpl.html GPL v2.0
+ * @category    owa
+ * @package     owa
+ * @version		$Revision$	      
+ * @since		owa 1.0.0
+ */
+ 
+ class owa_entityDoesNotExistValidation extends owa_validation {
+ 	
+ 	
+ 	function owa_entityDoesNotExistValidation() {
+ 		
+ 		return owa_EntityDoesNotExistValidation::__construct();
+ 	}
+ 	
+ 	function __construct() {
+ 		
+ 		return parent::__construct();
+ 	}
+ 	
+ 	
+ 	function validate() {
+ 		
+ 		$entity = owa_coreAPI::entityFactory($this->getConfig('entity'));
+ 		$entity->getByColumn($this->getConfig('column'), $this->getValues());
+ 		 		
+ 		$error = $this->getErrorMsg();
+ 		
+ 		if (empty($error)) {
+ 			$this->setErrorMessage('An entity with that value does not exist.');
+ 		}
+
+		$id = $entity->get('id');
+		
+		// validation logic 
+ 		if (empty($id)) {
+ 			$this->hasError();
+ 		}	
+					
+ 		return;
+ 		
+ 	}
+ 	
+ }
+ 
+ 
+?>
+ 
\ No newline at end of file
diff --git a/plugins/validations/entityExists.php b/plugins/validations/entityExists.php
new file mode 100644
index 000000000..4335b0887
--- /dev/null
+++ b/plugins/validations/entityExists.php
@@ -0,0 +1,71 @@
+<?php
+
+//
+// Open Web Analytics - An Open Source Web Analytics Framework
+//
+// Copyright 2006 Peter Adams. All rights reserved.
+//
+// Licensed under GPL v2.0 http://www.gnu.org/copyleft/gpl.html
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// $Id$
+//
+
+/**
+ * Sub String Position Validation
+ * 
+ * @author      Peter Adams <peter@openwebanalytics.com>
+ * @copyright   Copyright &copy; 2006 Peter Adams <peter@openwebanalytics.com>
+ * @license     http://www.gnu.org/copyleft/gpl.html GPL v2.0
+ * @category    owa
+ * @package     owa
+ * @version		$Revision$	      
+ * @since		owa 1.0.0
+ */
+ 
+ class owa_entityExistsValidation extends owa_validation {
+ 	
+ 	
+ 	function owa_entityExistsValidation() {
+ 		
+ 		return owa_EntityExistsValidation::__construct();
+ 	}
+ 	
+ 	function __construct() {
+ 		
+ 		return parent::__construct();
+ 	}
+ 	
+ 	
+ 	function validate() {
+ 		
+ 		$entity = owa_coreAPI::entityFactory($this->getConfig('entity'));
+ 		$entity->getByColumn($this->getConfig('column'), $this->getValues());
+ 		 		
+ 		$error = $this->getErrorMsg();
+ 		
+ 		if (empty($error)) {
+ 			$this->setErrorMessage('An entity with that value already exists.');
+ 		}
+
+		$id = $entity->get('id');
+		
+		// validation logic 
+ 		if (!empty($id)) {
+ 			$this->hasError();
+ 		}	
+					
+ 		return;
+ 		
+ 	}
+ 	
+ }
+ 
+ 
+?>
+ 
\ No newline at end of file