diff --git a/communityadmin.go b/communityadmin.go
index 61ffec9..9c94c49 100644
--- a/communityadmin.go
+++ b/communityadmin.go
@@ -197,7 +197,7 @@ func EditCommunityProfile(ctxt ui.AmContext) (string, any) {
 			nci.Region = dlg.Field("reg").ValPtr()
 			nci.PostalCode = dlg.Field("pcode").ValPtr()
 			nci.Country = dlg.Field("country").ValPtr()
-			_, err = nci.Save(ctxt.Ctx())
+			_, err = nci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
 			ci = nci
 			if err == nil {
 				var joinkey *string = nil
@@ -296,7 +296,7 @@ func EditCommunityLogo(ctxt ui.AmContext) (string, any) {
 				if err == nil {
 					photourl := fmt.Sprintf("/img/store/%d", img.ImgId)
 					ci.PhotoURL = &photourl
-					_, err = ci.Save(ctxt.Ctx())
+					_, err = ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
 					if err == nil {
 						err = comm.TouchUpdate(ctxt.Ctx())
 					}
@@ -337,7 +337,7 @@ func EditCommunityLogo(ctxt ui.AmContext) (string, any) {
 			}()
 		}
 		ci.PhotoURL = nil
-		_, err := ci.Save(ctxt.Ctx())
+		_, err := ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
 		if err != nil {
 			return "error", err
 		}
@@ -429,7 +429,7 @@ func CreateCommunity(ctxt ui.AmContext) (string, any) {
 			ci.Region = dlg.Field("reg").ValPtr()
 			ci.PostalCode = dlg.Field("pcode").ValPtr()
 			ci.Country = dlg.Field("country").ValPtr()
-			_, err = ci.Save(ctxt.Ctx())
+			_, err = ci.Save(ctxt.Ctx(), user, ctxt.RemoteIP())
 			if err == nil {
 				err = comm.SetContactID(ctxt.Ctx(), ci.ContactId)
 			}
diff --git a/database/contactinfo.go b/database/contactinfo.go
index ca77169..01e765b 100644
--- a/database/contactinfo.go
+++ b/database/contactinfo.go
@@ -120,7 +120,7 @@ func (ci *ContactInfo) FullName(ps bool) string {
  *     true if the E-mail address on this account has been changed, false if not.
  *     Standard Go error status.
  */
-func (ci *ContactInfo) Save(ctx context.Context) (bool, error) {
+func (ci *ContactInfo) Save(ctx context.Context, changer *User, ipaddr string) (bool, error) {
 	ci.Mutex.Lock()
 	defer ci.Mutex.Unlock()
 
@@ -189,6 +189,11 @@ func (ci *ContactInfo) Save(ctx context.Context) (bool, error) {
 	if err != nil {
 		return false, err
 	}
+	if ci.OwnerCommId < 0 {
+		if changer.Uid != ci.OwnerUid {
+			AmStoreAudit(AmNewAudit(AuditAdminSetUserContactInfo, changer.Uid, ipaddr, fmt.Sprintf("uid=%d", ci.OwnerUid), fmt.Sprintf("contactid=%d", ci.ContactId)))
+		}
+	}
 	return emailChange, err
 }
 
diff --git a/database/user.go b/database/user.go
index bde09e3..25c0c21 100644
--- a/database/user.go
+++ b/database/user.go
@@ -55,13 +55,32 @@ func (p *UserPrefs) Clone() *UserPrefs {
 }
 
 // Save saves off the user preferences, replacing the prefs on the user if necessary.
-func (p *UserPrefs) Save(ctx context.Context, u *User) error {
+func (p *UserPrefs) Save(ctx context.Context, u, setter *User, ipaddr string) error {
 	if u != nil && u.Uid != p.Uid {
 		return errors.New("internal mismatch of IDs")
 	}
+	var old *UserPrefs
+	if setter.Uid != u.Uid {
+		var dbdata []UserPrefs
+		err := amdb.SelectContext(ctx, &dbdata, "SELECT * FROM userprefs WHERE uid = ?", u.Uid)
+		if err != nil {
+			return err
+		} else if len(dbdata) != 1 {
+			return errors.New("unable to take snapshot")
+		}
+		old = &(dbdata[0])
+	}
 	_, err := amdb.NamedExecContext(ctx, "UPDATE userprefs SET localeid = :localeid, tzid = :tzid WHERE uid = :uid", p)
 	if err == nil && u != nil {
 		u.prefs = p
+		if old != nil {
+			if old.LocaleID != p.LocaleID {
+				AmStoreAudit(AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", p.Uid), "field=localeid"))
+			}
+			if old.TimeZoneID != p.TimeZoneID {
+				AmStoreAudit(AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", p.Uid), "field=tzid"))
+			}
+		}
 	}
 	return err
 }
@@ -272,7 +291,7 @@ func (u *User) NewEmailConfirmationNumber(ctx context.Context) error {
 }
 
 // ChangePassword resets a user's password.
-func (u *User) ChangePassword(ctx context.Context, password string, remoteIP string) error {
+func (u *User) ChangePassword(ctx context.Context, password string, changer *User, remoteIP string) error {
 	var ar *AuditRecord = nil
 	defer func() {
 		AmStoreAudit(ar)
@@ -284,7 +303,11 @@ func (u *User) ChangePassword(ctx context.Context, password string, remoteIP str
 	_, err := amdb.ExecContext(ctx, "UPDATE users SET passhash = ? WHERE uid = ?", pval, u.Uid)
 	if err == nil {
 		u.Passhash = pval
-		ar = AmNewAudit(AuditChangePassword, u.Uid, remoteIP, "via password change request")
+		if changer.Uid == u.Uid {
+			ar = AmNewAudit(AuditChangePassword, u.Uid, remoteIP, "via password change request")
+		} else {
+			ar = AmNewAudit(AuditAdminChangeUserPassword, changer.Uid, remoteIP, fmt.Sprintf("uid=%d", u.Uid))
+		}
 	}
 	return err
 }
@@ -354,11 +377,25 @@ func (u *User) Prefs(ctx context.Context) (*UserPrefs, error) {
  * Returns:
  *     Standard Go error status.
  */
-func (u *User) SetProfileData(ctx context.Context, reminder string, dob *time.Time, descr *string) error {
+func (u *User) SetProfileData(ctx context.Context, reminder string, dob *time.Time, descr *string, setter *User, ipaddr string) error {
+	ara := make([]*AuditRecord, 0, 3)
+	defer func() {
+		for _, ar := range ara {
+			AmStoreAudit(ar)
+		}
+	}()
 	u.Mutex.Lock()
 	defer u.Mutex.Unlock()
-	_, err := amdb.Exec("UPDATE users SET passreminder = ?, dob = ?, description = ? WHERE uid = ?", reminder, dob, descr, u.Uid)
+	_, err := amdb.ExecContext(ctx, "UPDATE users SET passreminder = ?, dob = ?, description = ? WHERE uid = ?", reminder, dob, descr, u.Uid)
 	if err == nil {
+		if setter.Uid != u.Uid {
+			if u.Description != descr {
+				ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=description"))
+			}
+			if !util.SameDate(u.DOB, dob) {
+				ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=dob"))
+			}
+		}
 		u.PassReminder = reminder
 		u.DOB = dob
 		u.Description = descr
@@ -366,6 +403,44 @@ func (u *User) SetProfileData(ctx context.Context, reminder string, dob *time.Ti
 	return err
 }
 
+// SetSecurityData sets the "security" variables for this user.
+func (u *User) SetSecurityData(ctx context.Context, baseLevel uint16, lockout, verifyEmail bool, setter *User, ipaddr string) error {
+	ara := make([]*AuditRecord, 0, 3)
+	defer func() {
+		for _, ar := range ara {
+			AmStoreAudit(ar)
+		}
+	}()
+	bofhLevel := AmRole("Global.BOFH").Level()
+	if (u.BaseLevel == bofhLevel || baseLevel == bofhLevel) && u.BaseLevel != baseLevel {
+		return errors.New("cannot change levels to or from global system administrator")
+	}
+	u.Mutex.Lock()
+	defer u.Mutex.Unlock()
+	_, err := amdb.ExecContext(ctx, "UPDATE users SET base_lvl = ?, lockout = ?, verify_email = ? WHERE uid = ?", baseLevel, lockout, verifyEmail, u.Uid)
+	if err == nil {
+		if u.BaseLevel != baseLevel {
+			ara = append(ara, AmNewAudit(AuditAdminSetAccountSecurity, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), fmt.Sprintf("level=%d", baseLevel)))
+		}
+		if u.Lockout != lockout {
+			m := ""
+			if lockout {
+				m = "locked"
+			} else {
+				m = "unlocked"
+			}
+			ara = append(ara, AmNewAudit(AuditAdminLockUnlockAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), m))
+		}
+		if u.VerifyEMail != verifyEmail {
+			ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=verify_email"))
+		}
+		u.BaseLevel = baseLevel
+		u.Lockout = lockout
+		u.VerifyEMail = verifyEmail
+	}
+	return err
+}
+
 /* AmGetUser returns a reference to the specified user.
  * Parameters:
  *	   ctx - Standard Go context value.
diff --git a/docs/MISSINGFUNCS.md b/docs/MISSINGFUNCS.md
index 246a3c0..9873c58 100644
--- a/docs/MISSINGFUNCS.md
+++ b/docs/MISSINGFUNCS.md
@@ -15,8 +15,7 @@ _(italicized items can be deferred)_
 - Sysadmin Menu:
   - ~~Edit Global Properties~~
   - View/Edit IP Address Bans
-  - View/Edit Banned Users
-  - User Account Management
+  - ~~User Account Management~~
   - System Audit Logs
   - Import User Accounts
 - Conferences list:
diff --git a/login.go b/login.go
index ff0825e..b863391 100644
--- a/login.go
+++ b/login.go
@@ -378,7 +378,7 @@ func NewAccount(ctxt ui.AmContext) (string, any) {
 						ci.PostalCode = dlg.Field("pcode").ValPtr()
 						ci.Country = dlg.Field("country").ValPtr()
 						ci.Email = dlg.Field("email").ValPtr()
-						_, err = ci.Save(ctxt.Ctx())
+						_, err = ci.Save(ctxt.Ctx(), user, ctxt.RemoteIP())
 						if err == nil {
 							err = user.SetContactID(ctxt.Ctx(), ci.ContactId)
 						}
@@ -431,7 +431,7 @@ func PasswordRecovery(ctxt ui.AmContext) (string, any) {
 		user, err := database.AmGetUser(ctxt.Ctx(), int32(uid))
 		if err == nil {
 			newpass := util.GenerateRandomPassword()
-			err = user.ChangePassword(ctxt.Ctx(), newpass, ctxt.RemoteIP())
+			err = user.ChangePassword(ctxt.Ctx(), newpass, user, ctxt.RemoteIP())
 			if err == nil {
 				// send the password change message
 				msg := email.AmNewEmailMessage(user.Uid, ctxt.RemoteIP())
diff --git a/main.go b/main.go
index 6c321d5..c8993fe 100644
--- a/main.go
+++ b/main.go
@@ -79,6 +79,10 @@ func setupEcho() *echo.Echo {
 	e.GET("/sysadmin/globals", ui.AmWrap(GlobalPropertiesForm))
 	e.POST("/sysadmin/globals", ui.AmWrap(GlobalPropertiesSet))
 	e.Match(GetAndPost, "/sysadmin/users", ui.AmWrap(UserManagementSearch))
+	e.GET("/sysadmin/users/:uname", ui.AmWrap(UserManagementForm))
+	e.POST("/sysadmin/users/:uname", ui.AmWrap(UserManagementSave))
+	e.GET("/sysadmin/users/:uname/photo", ui.AmWrap(AdminUserPhotoForm))
+	e.POST("/sysadmin/users/:uname/photo", ui.AmWrap(AdminUserPhoto))
 	e.GET("/create_comm", ui.AmWrap(CreateCommunityForm))
 	e.POST("/create_comm", ui.AmWrap(CreateCommunity))
 	e.GET("/manage_comm", ui.AmWrap(ManageCommunities))
diff --git a/sysadmin.go b/sysadmin.go
index d1c99d1..a36955b 100644
--- a/sysadmin.go
+++ b/sysadmin.go
@@ -11,11 +11,16 @@
 package main
 
 import (
+	"context"
+	"errors"
 	"fmt"
 	"strconv"
+	"strings"
 
 	"git.erbosoft.com/amy/amsterdam/database"
 	"git.erbosoft.com/amy/amsterdam/ui"
+	"git.erbosoft.com/amy/amsterdam/util"
+	log "github.com/sirupsen/logrus"
 )
 
 /* SysAdminMenu renders the system administration menu.
@@ -205,3 +210,290 @@ func UserManagementSearch(ctxt ui.AmContext) (string, any) {
 	ctxt.SetFrameTitle("User Account Management")
 	return "framed", "admin_users.jet"
 }
+
+/* UserManagementForm displays the form for modifying a user.
+ * Parameters:
+ *     ctxt - The AmContext for the request.
+ * Returns:
+ *     Command string dictating what to be rendered.
+ *     Data as a parameter for the command string.
+ */
+func UserManagementForm(ctxt ui.AmContext) (string, any) {
+	if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
+		return "error", ENOACCESS
+	}
+	user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
+	if err != nil {
+		return "error", err
+	}
+
+	dlg, err := ui.AmLoadDialog("admin_user")
+	if err == nil {
+		dlg.SetTargetUser(user)
+		if ctxt.CurrentUser().BaseLevel == database.AmRole("Global.BOFH").Level() {
+			// only the BOFH can designate a user as a PFY!
+			dlg.Field("base_lvl").Param = "Global.UserLevelsPFY"
+		}
+		var ci *database.ContactInfo
+		ci, err = user.ContactInfo(ctxt.Ctx())
+		if err == nil {
+			var prefs *database.UserPrefs
+			prefs, err = user.Prefs(ctxt.Ctx())
+			if err == nil {
+				dlg.Field("remind").Value = user.PassReminder
+				dlg.Field("base_lvl").SetLevel(user.BaseLevel)
+				dlg.Field("verify_email").SetChecked(user.VerifyEMail)
+				dlg.Field("lockout").SetChecked(user.Lockout)
+				dlg.Field("nophoto").SetChecked(user.FlagValue(ctxt.Ctx(), database.UserFlagDisallowSetPhoto))
+				dlg.Field("prefix").SetVal(ci.Prefix)
+				dlg.Field("first").SetVal(ci.GivenName)
+				dlg.Field("mid").SetVal(ci.MiddleInit)
+				dlg.Field("last").SetVal(ci.FamilyName)
+				dlg.Field("suffix").SetVal(ci.Suffix)
+				dlg.Field("company").SetVal(ci.Company)
+				dlg.Field("addr1").SetVal(ci.Addr1)
+				dlg.Field("addr2").SetVal(ci.Addr2)
+				dlg.Field("pvt_addr").SetChecked(ci.PrivateAddr)
+				dlg.Field("loc").SetVal(ci.Locality)
+				dlg.Field("reg").SetVal(ci.Region)
+				dlg.Field("pcode").SetVal(ci.PostalCode)
+				dlg.Field("country").SetVal(ci.Country)
+				dlg.Field("phone").SetVal(ci.Phone)
+				dlg.Field("mobile").SetVal(ci.Mobile)
+				dlg.Field("pvt_phone").SetChecked(ci.PrivatePhone)
+				dlg.Field("fax").SetVal(ci.Fax)
+				dlg.Field("pvt_fax").SetChecked(ci.PrivateFax)
+				dlg.Field("email").SetVal(ci.Email)
+				dlg.Field("pvt_email").SetChecked(ci.PrivateEmail)
+				dlg.Field("url").SetVal(ci.URL)
+				dlg.Field("dob").SetDate(user.DOB)
+				dlg.Field("descr").SetVal(user.Description)
+				dlg.Field("photo").Value = userPhotoURL(ci)
+				dlg.Field("pic_in_post").SetChecked(user.FlagValue(ctxt.Ctx(), database.UserFlagPicturesInPosts))
+				dlg.Field("no_mass_mail").SetChecked(user.FlagValue(ctxt.Ctx(), database.UserFlagMassMailOptOut))
+				dlg.Field("locale").Value = prefs.ReadLocale()
+				dlg.Field("tz").Value = prefs.TimeZoneID
+				return dlg.Render(ctxt)
+			}
+		}
+	}
+	return "error", err
+}
+
+/* UserManagementSave saves the profile data of the user.
+ * Parameters:
+ *     ctxt - The AmContext for the request.
+ * Returns:
+ *     Command string dictating what to be rendered.
+ *     Data as a parameter for the command string.
+ */
+func UserManagementSave(ctxt ui.AmContext) (string, any) {
+	if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
+		return "error", ENOACCESS
+	}
+	user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
+	if err != nil {
+		return "error", err
+	}
+
+	dlg, err := ui.AmLoadDialog("admin_user")
+	if err == nil {
+		dlg.LoadFromForm(ctxt)
+		dlg.SetTargetUser(user)
+		if ctxt.CurrentUser().BaseLevel == database.AmRole("Global.BOFH").Level() {
+			// only the BOFH can designate a user as a PFY!
+			dlg.Field("base_lvl").Param = "Global.UserLevelsPFY"
+		}
+		action := dlg.WhichButton(ctxt)
+		if action == "cancel" { // Cancel button pressed
+			return "redirect", "/sysadmin/users"
+		}
+		if action == "update" {
+			err = dlg.Validate()
+			if err != nil {
+				return dlg.RenderError(ctxt, err.Error())
+			}
+			var ci *database.ContactInfo
+			ci, err = user.ContactInfo(ctxt.Ctx())
+			if err == nil {
+				var prefs *database.UserPrefs
+				prefs, err = user.Prefs(ctxt.Ctx())
+				if err == nil && !(dlg.Field("pass1").IsEmpty() && dlg.Field("pass2").IsEmpty()) {
+					p1 := dlg.Field("pass1").Value
+					if p1 == dlg.Field("pass2").Value {
+						err = user.ChangePassword(ctxt.Ctx(), p1, ctxt.CurrentUser(), ctxt.RemoteIP())
+					} else {
+						err = errors.New("passwords do not match")
+					}
+				}
+				if err == nil {
+					nci := ci.Clone()
+					nci.Prefix = dlg.Field("prefix").ValPtr()
+					nci.GivenName = dlg.Field("first").ValPtr()
+					nci.MiddleInit = dlg.Field("mid").ValPtr()
+					nci.FamilyName = dlg.Field("last").ValPtr()
+					nci.Suffix = dlg.Field("suffix").ValPtr()
+					nci.Company = dlg.Field("company").ValPtr()
+					nci.Addr1 = dlg.Field("addr1").ValPtr()
+					nci.Addr2 = dlg.Field("addr2").ValPtr()
+					nci.PrivateAddr = dlg.Field("pvt_addr").IsChecked()
+					nci.Locality = dlg.Field("loc").ValPtr()
+					nci.Region = dlg.Field("reg").ValPtr()
+					nci.PostalCode = dlg.Field("pcode").ValPtr()
+					nci.Country = dlg.Field("country").ValPtr()
+					nci.Phone = dlg.Field("phone").ValPtr()
+					nci.Mobile = dlg.Field("mobile").ValPtr()
+					nci.PrivatePhone = dlg.Field("pvt_phone").IsChecked()
+					nci.Fax = dlg.Field("fax").ValPtr()
+					nci.PrivateFax = dlg.Field("pvt_fax").IsChecked()
+					nci.Email = dlg.Field("email").ValPtr()
+					nci.PrivateEmail = dlg.Field("pvt_email").IsChecked()
+					nci.URL = dlg.Field("url").ValPtr()
+					_, err = nci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
+					ci = nci
+				}
+				if err == nil {
+					nprefs := prefs.Clone()
+					nprefs.WriteLocale(dlg.Field("locale").Value)
+					nprefs.TimeZoneID = dlg.Field("tz").Value
+					err = nprefs.Save(ctxt.Ctx(), user, ctxt.CurrentUser(), ctxt.RemoteIP())
+				}
+				if err == nil {
+					var f *util.OptionSet
+					f, err = user.Flags(ctxt.Ctx())
+					if err == nil {
+						nf := f.Clone()
+						nf.Set(database.UserFlagPicturesInPosts, dlg.Field("pic_in_post").IsChecked())
+						nf.Set(database.UserFlagMassMailOptOut, dlg.Field("no_mass_mail").IsChecked())
+						nf.Set(database.UserFlagDisallowSetPhoto, dlg.Field("nophoto").IsChecked())
+						err = user.SaveFlags(ctxt.Ctx(), nf)
+					}
+				}
+				if err == nil {
+					err = user.SetProfileData(ctxt.Ctx(), dlg.Field("remind").Value, dlg.Field("dob").AsDate(), dlg.Field("descr").ValPtr(),
+						ctxt.CurrentUser(), ctxt.RemoteIP())
+				}
+				if err == nil {
+					err = user.SetSecurityData(ctxt.Ctx(), dlg.Field("base_lvl").GetLevel(), dlg.Field("lockout").IsChecked(),
+						dlg.Field("verify_email").IsChecked(), ctxt.CurrentUser(), ctxt.RemoteIP())
+				}
+				if err == nil {
+					return "redirect", "/sysadmin/users"
+				}
+			}
+		}
+		return dlg.RenderError(ctxt, EBUTTON.Error())
+	}
+	return "error", err
+}
+
+/* AdminUserPhotoForm displays the form for editing the user's photo.
+ * Parameters:
+ *     ctxt - The AmContext for the request.
+ * Returns:
+ *     Command string dictating what to be rendered.
+ *     Data as a parameter for the command string.
+ */
+func AdminUserPhotoForm(ctxt ui.AmContext) (string, any) {
+	if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
+		return "error", ENOACCESS
+	}
+	user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
+	if err != nil {
+		return "error", err
+	}
+	ci, err := user.ContactInfo(ctxt.Ctx())
+	if err == nil {
+		ctxt.VarMap().Set("target", "")
+		ctxt.VarMap().Set("username", user.Username)
+		ctxt.VarMap().Set("postUrl", fmt.Sprintf("/sysadmin/users/%s/photo", user.Username))
+		ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
+		ctxt.SetFrameTitle("Upload User Photo for: " + user.Username)
+		return "framed", "photo_upload.jet"
+	}
+	return "error", err
+}
+
+/* AdminUserPhoto handles processing the user's photo.
+ * Parameters:
+ *     ctxt - The AmContext for the request.
+ * Returns:
+ *     Command string dictating what to be rendered.
+ *     Data as a parameter for the command string.
+ */
+func AdminUserPhoto(ctxt ui.AmContext) (string, any) {
+	if !database.AmTestPermission("Global.SysAdminAccess", ctxt.CurrentUser().BaseLevel) {
+		return "error", ENOACCESS
+	}
+	user, err := database.AmGetUserByName(ctxt.Ctx(), ctxt.URLParam("uname"), nil)
+	if err != nil {
+		return "error", err
+	}
+	ci, err := user.ContactInfo(ctxt.Ctx())
+	if err != nil {
+		return "error", err
+	}
+	if ctxt.FormFieldIsSet("cancel") {
+		return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
+	}
+	if ctxt.FormFieldIsSet("upload") {
+		file, err := ctxt.FormFile("thepic")
+		if err == nil {
+			var imageData []byte
+			var mimeType string
+			imageData, mimeType, err = ui.AmProcessUploadedImage(file, ui.UserPhotoWidth, ui.UserPhotoHeight,
+				ui.UserPhotoMaxBytes)
+			if err == nil {
+				var img *database.ImageStore
+				img, err = database.AmStoreImage(ctxt.Ctx(), database.ImageTypeUserPhoto, user.Uid, mimeType, imageData)
+				if err == nil {
+					photourl := fmt.Sprintf("/img/store/%d", img.ImgId)
+					ci.PhotoURL = &photourl
+					_, err = ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
+					if err == nil {
+						return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
+					}
+				}
+			}
+		}
+		ctxt.VarMap().Set("errorMessage", err.Error())
+		ctxt.VarMap().Set("target", "")
+		ctxt.VarMap().Set("username", user.Username)
+		ctxt.VarMap().Set("postUrl", fmt.Sprintf("/sysadmin/users/%s/photo", user.Username))
+		ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
+		ctxt.SetFrameTitle("Upload User Photo for: " + user.Username)
+		return "framed", "photo_upload.jet"
+	}
+	if ctxt.FormFieldIsSet("remove") {
+		purl := ci.PhotoURL
+		happy := false
+		if purl == nil || *purl == "" {
+			// this is a no-op
+			return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
+		}
+		if strings.HasPrefix(*purl, "/img/store/") {
+			id, err := strconv.Atoi((*purl)[11:])
+			if err != nil {
+				return "error", err
+			}
+			defer func() {
+				if happy {
+					ampool.Submit(func(context.Context) {
+						err := database.AmDeleteImage(ctxt.Ctx(), int32(id))
+						if err != nil {
+							log.Errorf("unable to delete image ID %d: %v", id, err)
+						}
+					})
+				}
+			}()
+		}
+		ci.PhotoURL = nil
+		_, err := ci.Save(ctxt.Ctx(), ctxt.CurrentUser(), ctxt.RemoteIP())
+		if err != nil {
+			return "error", err
+		}
+		happy = true
+		return "redirect", fmt.Sprintf("/sysadmin/users/%s", user.Username)
+	}
+	return "error", EBUTTON
+}
diff --git a/ui/dialog.go b/ui/dialog.go
index fcbd683..a787c27 100644
--- a/ui/dialog.go
+++ b/ui/dialog.go
@@ -246,6 +246,12 @@ func (d *Dialog) SetTargetUser(u *database.User) {
 	d.Title = strings.ReplaceAll(d.Title, "[USERNAME]", u.Username)
 	d.Subtitle = strings.ReplaceAll(d.Subtitle, "[USERNAME]", u.Username)
 	d.Action = strings.ReplaceAll(d.Action, "[USERNAME]", u.Username)
+	for i, fld := range d.Fields {
+		switch fld.Type {
+		case "userphoto", "communitylogo":
+			d.Fields[i].Param = strings.ReplaceAll(fld.Param, "[USERNAME]", u.Username)
+		}
+	}
 }
 
 // SetCommunity alters a dialog's content to reflect the community.
diff --git a/ui/dialogs/admin_user.yaml b/ui/dialogs/admin_user.yaml
index 4337b66..57f826a 100644
--- a/ui/dialogs/admin_user.yaml
+++ b/ui/dialogs/admin_user.yaml
@@ -180,7 +180,7 @@ fields:
   - type: "userphoto"
     name: "photo"
     caption: "User Photo"
-    param: "/profile_photo"
+    param: "/sysadmin/users/[USERNAME]/photo"
   - type: "header"
     name: "header7"
     caption: "User Preferences"
diff --git a/ui/views/dialog.jet b/ui/views/dialog.jet
index cd5e580..773b04d 100644
--- a/ui/views/dialog.jet
+++ b/ui/views/dialog.jet
@@ -228,13 +228,12 @@
                     {{ else if .Type == "userphoto" }}
                         <div class="flex items-start">
                             <label class="w-64 text-right pr-4 {{ if .Disabled }}text-gray-400{{ else }}text-black{{ end }} text-sm pt-2">{{ .Caption }}
-                                {{ if .Subcaption != "" }} {{ .Subcaption }}{{ end }} (click to change):</label>
+                                {{ if .Subcaption != "" }} {{ .Subcaption }}{{ end }} {{ if !.Disabled }}(click to change){{ end }}:</label>
                             <input type="hidden" name="{{ .Name }}_data" value="{{ .Value }}"/>
                             {{ if .Disabled }}
                                 <img src="{{ .Value }}" class="w-25 h-25">
                             {{ else }}
-                                <a href="/profile_photo?tgt={{ target | url }}"
-                                class="border-2 border-gray-300 rounded hover:border-blue-500 transition-colors">
+                                <a href="{{ .Param }}" class="border-2 border-gray-300 rounded hover:border-blue-500 transition-colors">
                                     <img src="{{ .Value }}" alt="Click to upload photo" class="w-25 h-25">
                                 </a>    
                             {{ end }}                            
diff --git a/ui/views/photo_upload.jet b/ui/views/photo_upload.jet
index 5b05e7f..975a70f 100644
--- a/ui/views/photo_upload.jet
+++ b/ui/views/photo_upload.jet
@@ -9,7 +9,12 @@
 <!-- Page Title -->
 <div class="p-4">
     <div class="mb-6">
-        <h1 class="text-blue-800 text-4xl font-bold mb-2">Upload User Photo</h1>
+        <div class="flex items-baseline gap-2">
+            <h1 class="text-blue-800 text-4xl font-bold">Upload User Photo</h1>
+            {{ if isset(userName) }}
+                <span class="text-blue-800 text-2xl">for User: {{ username }}</span>
+            {{ end }}
+        </div>
         <hr class="border-2 border-gray-400 w-4/5 mb-4">
     </div>
 
@@ -28,7 +33,7 @@
     {{ end }}
 
     <!-- Upload Form -->
-    <form method="POST" enctype="multipart/form-data" action="/profile_photo" class="max-w-2xl">
+    <form method="POST" enctype="multipart/form-data" action="{{ postUrl }}" class="max-w-2xl">
         <input type="hidden" name="tgt" value="{{ target }}">
 
         <div class="bg-gray-50 p-6 rounded-lg">
@@ -75,16 +80,18 @@
                 </div>
             </div>
 
-            <!-- Additional Instructions -->
-            <div class="mt-6 p-4 bg-blue-50 border border-blue-200 rounded">
-                <h3 class="text-sm font-bold text-blue-900 mb-2">Photo Guidelines:</h3>
-                <ul class="text-xs text-blue-800 space-y-1 list-disc list-inside">
-                    <li>Your photo will be visible to other users in the community</li>
-                    <li>Photos should be appropriate for a professional community setting</li>
-                    <li>The image will be automatically resized to fit the profile display</li>
-                    <li>You can update or remove your photo at any time</li>
-                </ul>
-            </div>
+            {{ if !isset(username) }}
+                <!-- Additional Instructions -->
+                <div class="mt-6 p-4 bg-blue-50 border border-blue-200 rounded">
+                    <h3 class="text-sm font-bold text-blue-900 mb-2">Photo Guidelines:</h3>
+                    <ul class="text-xs text-blue-800 space-y-1 list-disc list-inside">
+                        <li>Your photo will be visible to other users in the community</li>
+                        <li>Photos should be appropriate for a professional community setting</li>
+                        <li>The image will be automatically resized to fit the profile display</li>
+                        <li>You can update or remove your photo at any time</li>
+                    </ul>
+                </div>
+            {{ end }}
         </div>
     </form>
 </div>
\ No newline at end of file
diff --git a/userdata.go b/userdata.go
index bed4a56..9aab9ed 100644
--- a/userdata.go
+++ b/userdata.go
@@ -55,7 +55,7 @@ func EditProfileForm(ctxt ui.AmContext) (string, any) {
 	dlg, err := ui.AmLoadDialog("profile")
 	if err == nil {
 		dlg.Field("tgt").Value = target
-		ctxt.VarMap().Set("target", target)
+		dlg.Field("photo").Param = "/profile_photo?tgt=" + url.QueryEscape(target)
 		var ci *database.ContactInfo
 		ci, err = u.ContactInfo(ctxt.Ctx())
 		if err == nil {
@@ -117,7 +117,7 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
 		if target == "" {
 			target = "/"
 		}
-		ctxt.VarMap().Set("target", target)
+		dlg.Field("photo").Param = "/profile_photo?tgt=" + url.QueryEscape(target)
 
 		action := dlg.WhichButton(ctxt)
 		if action == "cancel" { // Cancel button pressed
@@ -137,7 +137,7 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
 				if err == nil && !(dlg.Field("pass1").IsEmpty() && dlg.Field("pass2").IsEmpty()) {
 					p1 := dlg.Field("pass1").Value
 					if p1 == dlg.Field("pass2").Value {
-						err = u.ChangePassword(ctxt.Ctx(), p1, ctxt.RemoteIP())
+						err = u.ChangePassword(ctxt.Ctx(), p1, u, ctxt.RemoteIP())
 					} else {
 						err = errors.New("passwords do not match")
 					}
@@ -165,14 +165,14 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
 					nci.Email = dlg.Field("email").ValPtr()
 					nci.PrivateEmail = dlg.Field("pvt_email").IsChecked()
 					nci.URL = dlg.Field("url").ValPtr()
-					emailChange, err = nci.Save(ctxt.Ctx())
+					emailChange, err = nci.Save(ctxt.Ctx(), u, ctxt.RemoteIP())
 					ci = nci
 				}
 				if err == nil {
 					nprefs := prefs.Clone()
 					nprefs.WriteLocale(dlg.Field("locale").Value)
 					nprefs.TimeZoneID = dlg.Field("tz").Value
-					err = nprefs.Save(ctxt.Ctx(), u)
+					err = nprefs.Save(ctxt.Ctx(), u, u, ctxt.RemoteIP())
 				}
 				if err == nil {
 					var f *util.OptionSet
@@ -185,7 +185,7 @@ func EditProfile(ctxt ui.AmContext) (string, any) {
 					}
 				}
 				if err == nil {
-					err = u.SetProfileData(ctxt.Ctx(), dlg.Field("remind").Value, dlg.Field("dob").AsDate(), dlg.Field("descr").ValPtr())
+					err = u.SetProfileData(ctxt.Ctx(), dlg.Field("remind").Value, dlg.Field("dob").AsDate(), dlg.Field("descr").ValPtr(), u, ctxt.RemoteIP())
 				}
 				if err == nil {
 					if emailChange {
@@ -224,6 +224,7 @@ func ProfilePhotoForm(ctxt ui.AmContext) (string, any) {
 	ci, err := u.ContactInfo(ctxt.Ctx())
 	if err == nil {
 		ctxt.VarMap().Set("target", target)
+		ctxt.VarMap().Set("postUrl", "/profile_photo")
 		ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
 		ctxt.SetScratch("frame_suppressLogin", true)
 		ctxt.SetFrameTitle("Upload User Photo")
@@ -268,7 +269,7 @@ func ProfilePhoto(ctxt ui.AmContext) (string, any) {
 				if err == nil {
 					photourl := fmt.Sprintf("/img/store/%d", img.ImgId)
 					ci.PhotoURL = &photourl
-					_, err = ci.Save(ctxt.Ctx())
+					_, err = ci.Save(ctxt.Ctx(), u, ctxt.RemoteIP())
 					if err == nil {
 						return "redirect", "/profile?tgt=" + url.QueryEscape(target)
 					}
@@ -277,6 +278,7 @@ func ProfilePhoto(ctxt ui.AmContext) (string, any) {
 		}
 		ctxt.VarMap().Set("errorMessage", err.Error())
 		ctxt.VarMap().Set("target", target)
+		ctxt.VarMap().Set("postUrl", "/profile_photo")
 		ctxt.VarMap().Set("photo_url", userPhotoURL(ci))
 		ctxt.SetScratch("frame_suppressLogin", true)
 		ctxt.SetFrameTitle("Upload User Photo")
@@ -306,7 +308,7 @@ func ProfilePhoto(ctxt ui.AmContext) (string, any) {
 			}()
 		}
 		ci.PhotoURL = nil
-		_, err := ci.Save(ctxt.Ctx())
+		_, err := ci.Save(ctxt.Ctx(), u, ctxt.RemoteIP())
 		if err != nil {
 			return "error", err
 		}
diff --git a/util/util.go b/util/util.go
index 0d834b5..a5d6f3f 100644
--- a/util/util.go
+++ b/util/util.go
@@ -13,6 +13,7 @@ package util
 import (
 	"regexp"
 	"strings"
+	"time"
 	"unicode"
 	"unicode/utf8"
 )
@@ -64,6 +65,18 @@ func SqlEscape(s string, wildcards bool) string {
 	return sb.String()
 }
 
+// SameDate returns true if the two time values are the same date.
+func SameDate(t1, t2 *time.Time) bool {
+	if t1 == nil {
+		return t2 == nil
+	} else if t2 == nil {
+		return false
+	}
+	y1, m1, d1 := t1.Date()
+	y2, m2, d2 := t2.Date()
+	return (y1 == y2) && (m1 == m2) && (d1 == d2)
+}
+
 /* IsNumeric returns true if the string is numeric (all digits).
  * Parameters:
  *     s - String to be tested.