diff --git a/app.py b/app.py
index 4347b45..2b88f57 100644
--- a/app.py
+++ b/app.py
@@ -15,6 +15,7 @@
     # a risk that we may run into circular dependencies, so we do it at the
     # last minute here.
 
-    from views import *
+    # from views import *
+    from views2 import *
 
     app.run(debug=True)
diff --git a/backup.csv b/backup.csv
new file mode 100644
index 0000000..6100f78
--- /dev/null
+++ b/backup.csv
@@ -0,0 +1,4 @@
+waffle,15.0,200
+chocolate,15.0,200
+ice cream,10.0,100
+cake,30.0,400
diff --git a/backup.py b/backup.py
new file mode 100644
index 0000000..4d0c6f5
--- /dev/null
+++ b/backup.py
@@ -0,0 +1,27 @@
+from models import *
+
+
+def save_data():
+
+    with open('backup.csv', 'w') as f:  # Open file 'backup.csv' for writing
+
+        for dessert in Dessert.query.all():
+            # Create a comma separated line
+            line = "{},{},{}\n".format(dessert.name, dessert.price,
+                                       dessert.calories)
+            # Write it to the file
+            f.write(line)
+
+def load_data():
+
+    with open('backup.csv') as f:
+        for line in f:
+            name, price, calories = line.split(',')
+            d = Dessert(name, price, calories)
+            db.session.add(d)
+    db.session.commit()
+
+
+if __name__=="__main__":
+    # save_data()
+    load_data()
diff --git a/desserts.db b/desserts.db
new file mode 100644
index 0000000..14237d2
Binary files /dev/null and b/desserts.db differ
diff --git a/models.py b/models.py
index 1b5286a..20daf80 100644
--- a/models.py
+++ b/models.py
@@ -13,10 +13,14 @@ class Dessert(db.Model):
     price = db.Column(db.Float)
     calories = db.Column(db.Integer)
 
-    def __init__(self, name, price, calories):
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
+    user = db.relationship("User", backref="desserts")
+
+    def __init__(self, name, price, calories, user_id):
         self.name = name
         self.price = price
         self.calories = calories
+        self.user_id = user_id
 
     def calories_per_dollar(self):
         if self.calories:
@@ -32,7 +36,25 @@ def __init__(self, name):
         self.name = name
 
 
-def create_dessert(new_name, new_price, new_calories):
+class User(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(100))
+    password = db.Column(db.String(100))
+    email = db.Column(db.String(250))
+    name = db.Column(db.String(100))
+    avatar = db.Column(db.String(250))
+
+    def __init__(self, username, password, email, name, avatar):
+        self.username = username
+        self.password = password
+        self.email = email
+        self.name = name
+        self.avatar = avatar
+
+
+def create_dessert(new_name, new_price, new_calories, user_id):
+    # Dessert.query.filter_by
+
     # Create a dessert with the provided input.
 
     # We need every piece of input to be provided.
@@ -45,8 +67,17 @@ def create_dessert(new_name, new_price, new_calories):
     if new_name == '' or new_price == '' or new_calories == '':
         raise Exception("Need name, price and calories!")
 
+    # Check that name does not already exist
+
+    if Dessert.query.filter_by(name=new_name).first() is not None:
+        raise Exception("That name already exists!")
+
+    # Check that calories is between 0 and 2000
+    if 0 > new_calories > 2000:
+        raise Exception("Really that many calories?")
+
     # This line maps to line 16 above (the Dessert.__init__ method)
-    dessert = Dessert(new_name, new_price, new_calories)
+    dessert = Dessert(new_name, new_price, new_calories, user_id)
 
     # Actually add this dessert to the database
     db.session.add(dessert)
@@ -82,6 +113,32 @@ def delete_dessert(id):
         return "Dessert not found"
 
 
+def update_dessert(id, new_name, new_price, new_calories):
+
+    dessert = Dessert.query.get(id)
+
+    if dessert:
+
+        dessert.name = new_name
+        dessert.price = new_price
+        dessert.calories = new_calories
+
+        try:
+            db.session.commit()
+            return "Dessert {} updated".format(new_name)
+        except:
+            db.session.rollback()
+            return "Something went wrong"
+    else:
+        return "Dessert not found"
+
+
+def log_out(user_id):
+    if user_id:
+        user_id = None
+    return user_id
+
+
 if __name__ == "__main__":
 
     # Run this file directly to create the database tables.
diff --git a/static/favicon.ico b/static/favicon.ico
new file mode 100644
index 0000000..16f6da6
Binary files /dev/null and b/static/favicon.ico differ
diff --git a/templates/add.html b/templates/add.html
index d3ad60c..4c2aa22 100644
--- a/templates/add.html
+++ b/templates/add.html
@@ -68,4 +68,4 @@ <h3>Add Dessert</h3>
 
     </div>
 
-</body>
\ No newline at end of file
+</body>
diff --git a/templates/details.html b/templates/details.html
index 23f0356..215231f 100644
--- a/templates/details.html
+++ b/templates/details.html
@@ -14,10 +14,23 @@ <h4>{{ dessert.name }}</h4>
 
     <p>Calories per dollar: {{ dessert.calories_per_dollar() }}</p>
 
+    <a href="/update/{{ dessert.id }}" class="btn btn-info">Update Item</a>
 
-    <a href="/delete/{{ dessert.id }}" class="btn btn-danger">Delete {{ dessert.name }}</a>
+    <a href="/delete/{{ dessert.id }}" class="btn btn-danger" id="delete-button">Delete {{ dessert.name }}</a>
 
 
     </div>
+<script type="text/javascript">
 
-</body>
\ No newline at end of file
+    var delButton = document.getElementById('delete-button');
+
+    delButton.addEventListener('click', function(){
+       confirm("Are you sure you want to delete this item?")
+
+       // how can I pass the result of this into python...
+    })
+
+
+</script>
+
+</body>
diff --git a/templates/header.html b/templates/header.html
index afbc019..956b06d 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -2,6 +2,9 @@
 
     <title>Desserts</title>
 
+    <!-- Favicon! -->
+    <link rel="shortcut icon" href="{{ url_for('static', filename='favicon.ico') }}">
+
     <!-- BEGIN BOOTSTRAP -->
 
     <!-- Latest compiled and minified CSS -->
@@ -15,4 +18,11 @@
 
     <!-- END BOOTSTRAP -->
 
+    <!-- Bit of CSS -->
+    <style>
+        .form-horizontal {
+            width: 50%;
+            margin: 50px auto;
+        }
+    </style>
 </head>
diff --git a/templates/index.html b/templates/index.html
index b6a05e5..91e09e2 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -7,9 +7,18 @@
 
     <h3>Dessert Menu</h3>
 
+    <form action="/desserts/{{ id }}" method="POST">
+        <div class="input-group">
+            <input type="text" class="form-control" name="search-name" placeholder="Search for name...">
+            <span class="input-group-btn">
+                <button class="btn btn-default" type="submit">Go!</button>
+            </span>
+        </div>
+    </form>
+
     {% if message %}
     <div class="alert alert-info" role="alert">
-    
+
     {{ message }}
 
     </div>
@@ -22,9 +31,10 @@ <h3>Dessert Menu</h3>
     {% endfor %}
     </ul>
 
+
     <a href="/add" class="btn btn-success">Add Item</a>
 
 
     </div>
 
-</body>
\ No newline at end of file
+</body>
diff --git a/templates/login.html b/templates/login.html
new file mode 100644
index 0000000..17fe394
--- /dev/null
+++ b/templates/login.html
@@ -0,0 +1,23 @@
+{% include 'header.html' %}
+
+<body>
+    <form action="/menu" method="POST" class="form-horizontal">
+        <div class="form-group">
+            <label for="inputEmail3" class="col-sm-4 control-label">User Name</label>
+            <div class="col-sm-8">
+                <input type="text" name="username" id="inputEmail3" placeholder="User name">
+            </div>
+        </div>
+        <div class="form-group">
+            <label for="inputPassword3" class="col-sm-4 control-label">Password</label>
+            <div class="col-sm-8">
+                <input type="password" name="password" id="inputPassword3" placeholder="Password">
+            </div>
+        </div>
+        <div class="form-group">
+            <div class="col-sm-offset-4 col-sm-8">
+                <button type="submit" class="btn btn-default">Sign in</button>
+            </div>
+        </div>
+    </form>
+</body>
diff --git a/templates/menu.html b/templates/menu.html
new file mode 100644
index 0000000..3181836
--- /dev/null
+++ b/templates/menu.html
@@ -0,0 +1,41 @@
+{% include 'header.html' %}
+
+<body>
+
+    <div class="container">
+
+
+    <h3>Dessert Menu</h3>
+
+    <form action="/desserts/{{ dessert_id }}" method="POST">
+        <div class="input-group">
+            <input type="text" class="form-control" name="search-name" placeholder="Search for name...">
+            <span class="input-group-btn">
+                <button class="btn btn-default" type="submit">Go!</button>
+            </span>
+        </div>
+    </form>
+
+    {% if message %}
+    <div class="alert alert-info" role="alert">
+
+    {{ message }}
+
+    </div>
+    {% endif %}
+
+
+    <ul>
+    {% for dessert in desserts %}
+        <li><a href="/desserts/{{ dessert.id }}">{{ dessert.name }}</a> - ${{ dessert.price }}, {{ dessert.calories }} calories</li>
+    {% endfor %}
+    </ul>
+
+
+    <a href="/add" class="btn btn-success">Add Item</a>
+    <a href="/login" class="btn btn-default">Log Out</a>
+
+
+    </div>
+
+</body>
diff --git a/templates/update.html b/templates/update.html
new file mode 100644
index 0000000..d56599d
--- /dev/null
+++ b/templates/update.html
@@ -0,0 +1,67 @@
+{% include 'header.html' %}
+
+<body>
+
+    <div class="container">
+
+
+    <h3>Update Dessert</h3>
+
+<!--     {% if dessert %}
+
+    <div class="alert alert-success" role="alert">
+
+        <p><strong>{{dessert.name}}</strong> successfully updated! Add another below.</p>
+        <p><a href="/">Back to Dessert List</a></p>
+
+    </div>
+
+    {% endif %}
+
+    {% if error %}
+    <div class="alert alert-danger" role="alert">
+
+    An error occurred trying to create your dessert:
+
+    {{ error }}
+
+    </div>
+    {% endif %} -->
+
+
+    <!-- The form action and method correspond to a Flask route -->
+    <form action="/update/{{ id }}" method="POST" class="form-inline">
+
+    <div class="form-group">
+
+        <label for="name_id">Name</label>
+        <input  class="form-control" id="name_id" name="name_field" type="text" value="{{ dessert.name }}"/>
+
+    </div>
+
+    <div class="form-group">
+
+        <label for="price_id">Price</label>
+        <input class="form-control" id="price_id" name="price_field" type="text" size="4" value="{{ dessert.price }}" />
+
+    </div>
+
+    <div class="form-group">
+
+        <label for="cals_id">Calories</label>
+        <input class="form-control" id="cals_id" name="cals_field" type="text" size="4" value="{{ dessert.calories }}"/>
+
+    </div>
+
+
+
+    <!-- We need a submit button to submit a form! -->
+    <input type="submit" value="Update" class="btn btn-success"/>
+
+
+    </form>
+
+
+    </div>
+
+</body>
diff --git a/views.py b/views.py
index 679621a..5ed4e9c 100644
--- a/views.py
+++ b/views.py
@@ -1,6 +1,6 @@
 from flask import render_template, request
 
-from models import Dessert, create_dessert, delete_dessert
+from models import Dessert, create_dessert, delete_dessert, update_dessert
 from app import app
 
 
@@ -44,6 +44,12 @@ def add():
 
 @app.route('/desserts/<id>')
 def view_dessert(id):
+    # if request.method == "Post":
+    #     dessert_name = request.form.get('search-name')
+    #     dessert = Dessert.query.filter_by(name=dessert_name)
+    #     if dessert:
+    #         dessert = dessert
+    #         return render_template('details.html', )
 
     # We could define this inside its own function but it's simple enough
     # that we don't really need to.
@@ -58,3 +64,24 @@ def delete(id):
     message = delete_dessert(id)
 
     return index()  # Look at the URL bar when you do this. What happens?
+
+
+@app.route('/update/<id>', methods=['GET', 'POST'])
+def update(id):
+
+    dessert = Dessert.query.get(id)
+
+    if request.method == 'GET':
+        return render_template('update.html', dessert=dessert, id=id)
+
+    dessert_name = request.form.get('name_field')
+    dessert_price = request.form.get('price_field')
+    dessert_cals = request.form.get('cals_field')
+
+    try:
+        dessert = update_dessert(id, dessert_name, dessert_price, dessert_cals)
+        return index()
+    except Exception as e:
+        # Oh no, something went wrong!
+        # We can access the error message via e.message:
+        return render_template('update.html', error=e.message)
diff --git a/views2.py b/views2.py
new file mode 100644
index 0000000..1cef136
--- /dev/null
+++ b/views2.py
@@ -0,0 +1,105 @@
+from flask import render_template, request, session
+
+from models import Dessert, User, create_dessert, delete_dessert, update_dessert, log_out
+from app import app
+
+
+@app.route('/')
+def login():
+    user_id = session.get("user_id")
+    if user_id:
+        user = User.query.get(user_id)
+        return render_template('menu.html', desserts=user.desserts)
+    else:
+        return render_template('login.html')
+
+
+@app.route('/menu', methods=['GET', 'POST'])
+def menu():
+
+    user_entry = request.form.get('username')
+    password_entry = request.form.get('password')
+
+    user = User.query.filter_by(username=user_entry).first()
+
+    if user:
+        if user.password == password_entry:
+            session["user_id"] = user.id
+            return render_template('menu.html', desserts=user.desserts)
+
+
+# Secret Key
+app.secret_key = 'q<pskdn73&kj2d$'
+
+
+@app.route('/add', methods=['GET', 'POST'])
+def add():
+    if request.method == 'GET':
+        return render_template('add.html')
+
+    dessert_name = request.form.get('name_field')
+    dessert_price = request.form.get('price_field')
+    dessert_cals = request.form.get('cals_field')
+    user_id = session.get("user_id")
+
+    if user_id:
+        try:
+            dessert = create_dessert(dessert_name, dessert_price, dessert_cals, user_id)
+            return render_template("add.html", dessert=dessert)
+        except Exception as e:
+            return render_template('add.html', error=e.message)
+    else:
+        return render_template('login.html')
+
+
+@app.route('/desserts/<id>')
+def view_dessert(id):
+
+    dessert = Dessert.query.get(id)
+    return render_template('details.html', dessert=dessert)
+
+
+@app.route('/desserts/<id>', methods="[POST]")
+def search_dessert():
+    dessert_name = request.form.get('search-name')
+    dessert = Dessert.query.filter_by(name=dessert_name).first()
+    dessert_id = dessert.id
+
+    return render_template('details.html', dessert=dessert, dessert_id=dessert_id)
+
+
+@app.route('/delete/<id>')
+def delete(id):
+
+    message = delete_dessert(id)
+
+    return menu()  # Look at the URL bar when you do this. What happens?
+
+
+@app.route('/update/<id>', methods=['GET', 'POST'])
+def update(id):
+
+    dessert = Dessert.query.get(id)
+
+    if request.method == 'GET':
+        return render_template('update.html', dessert=dessert, id=id)
+
+    dessert_name = request.form.get('name_field')
+    dessert_price = request.form.get('price_field')
+    dessert_cals = request.form.get('cals_field')
+
+    # Figure out how to not show the success message before updating
+
+    try:
+        dessert = update_dessert(id, dessert_name, dessert_price, dessert_cals)
+        return login()
+    except Exception as e:
+        # Oh no, something went wrong!
+        # We can access the error message via e.message:
+        return render_template('update.html', error=e.message)
+
+@app.route('/login')
+def logout():
+    user_id = session.get("user_id")
+    user_id = log_out(user_id)
+    return render_template('login.html')