diff --git a/account.php b/account.php
index 30fa20f..fe7931c 100644
--- a/account.php
+++ b/account.php
@@ -77,7 +77,7 @@ if (isset($message )) {
 ?>
 
 <div id="wrapper">
-    <div id="profile">
+    <div id="mini_profile">
         <img src="<?= get_gravatar_url($user['email']); ?>">
         <div class="details">
             <span class="displayname"><?= $user['display_name'] ?></span>
diff --git a/api_handler.php b/api_handler.php
index d3fdc14..2792cb1 100644
--- a/api_handler.php
+++ b/api_handler.php
@@ -14,6 +14,7 @@ if (!empty($access_token)) {
     $token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
     // if the token doesn't exist...
     if (empty($token)) {
+
         $invalid_token = true; // We won't tell this to the end-user immediately because I'd prefer to tell them about
                                 // 404 first.
     } else {
@@ -21,10 +22,12 @@ if (!empty($access_token)) {
     }
 }
 
-function check_authorisation($token): int
+function check_authorisation($token=""): int
 {
+    global $token_owner;
     // Validate token
-    if (!validate_access_token($token)) {
+    if (!validate_access_token($token) && "" != $token) {
+        echo "invalid";
         return 0; // Unauthorised
     }
 
@@ -37,6 +40,7 @@ function check_authorisation($token): int
                 $token_row = [
                     "type" => "dangerous"
                 ];
+                $token_owner = $_SESSION['id'];
             } else {
                 return 0;
             }
@@ -94,8 +98,11 @@ function api_user_info(): array
 
     $data = null;
 
-    if ($level == 1) {
+    if ($level >= 1) {
         $data = db_execute("SELECT id, email, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
+    } if ($level == 22) {
+        $data = db_execute("SELECT * FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
+        unset($data['password']);
     }
 
     if (null != $data) {
diff --git a/dashboard.php b/dashboard.php
index 9542481..b5e630e 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -14,4 +14,20 @@ if (!$_SESSION['auth']) {
 $doc_title = get_display_name($user['id']) . "'s Dashboard" ;
 
 $output = $output .
-    "<h1>Hey there ". $user['display_name'] ."!</h1>";
+    "<link rel='stylesheet' href='/styles/settings.css' />
+
+<div id=\"settings_split\">
+    <div id=\"mini_profile\" class=\"left\">
+        <div class=\"image_container\" data-backgroundcolour=\"white\">
+            <img src='" . get_avatar_url($user['id']) . "' />
+        </div>
+        <div class=\"texts\">
+            <span class=\"displayname\">" . htmlspecialchars(get_display_name($user['id'], false)) . "</span>
+            <span class=\"id bcid\">" .  format_bcid($user['id']) . "</span>
+        </div>
+    </div>
+    <div class='right'>
+        <h1>". htmlspecialchars(get_display_name($user['id'], false)) ."'s Dashboard</h1>
+    </div>
+</div>
+";
diff --git a/index.php b/index.php
index 354cb19..dee8e31 100755
--- a/index.php
+++ b/index.php
@@ -125,6 +125,7 @@ $paths = array(
 
     // Settings
     "/dashboard" => ["dashboard.php", "Dashboard", true],
+    "/settings" => ["settings.php", "Settings"],
 
     "/account" => ["account.php", "Your account"],
     "/signin" => ["signin.php", "Sign in"],
diff --git a/login_external_basic.php b/login_external_basic.php
index 5b3d55b..15bfebe 100644
--- a/login_external_basic.php
+++ b/login_external_basic.php
@@ -86,14 +86,7 @@ login:
 
 ?>
 
-<!DOCTYPE html>
-<html>
-<head>
-    <?php include ("head.php"); ?>
-</head>
-<body>
-    <?php include("header.php"); ?>
-    <main>
+<main>
         <div id="loginform">
             <?php if ("" != $error) {goto error_no_app;} ?>
             <div id="connection_img">
diff --git a/settings.php b/settings.php
new file mode 100644
index 0000000..13d3d3a
--- /dev/null
+++ b/settings.php
@@ -0,0 +1,44 @@
+<?php
+
+if (empty($_SESSION)) {
+    http_response_code(307);
+    header('Location: /signin?callback=/dashboard');
+    exit();
+}
+if (!$_SESSION['auth']) {
+    http_response_code(307);
+    header('Location: /signin?callback=/dashboard');
+    exit;
+}
+
+?>
+
+<link href="/styles/settings.css" rel="stylesheet" />
+
+<div id="settings_split">
+    <div id="mini_profile" class="left">
+        <div class="image_container" data-backgroundcolour="white">
+            <img src=<?= get_avatar_url($user['id']) ?> />
+        </div>
+        <div class="texts">
+            <span class="displayname"><?= htmlspecialchars(get_display_name($user['id'], false)) ?></span>
+            <span class="id bcid"><?= format_bcid($user['id']) ?></span>
+        </div>
+    </div>
+
+    <ul id="settings_list" class="right">
+        <h1>Settings</h1>
+        <li>
+            <a href="/settings/account">
+                <i class="fa-solid fa-fw fa-person icon"></i>
+                Account
+            </a>
+        </li>
+        <li>
+            <a href="/dashboard">
+                <i class="fa-solid fa-fw fa-arrow-left icon"></i>
+                Return to Dashboard
+            </a>
+        </li>
+    </ul>
+</div>
diff --git a/styles/colours.css b/styles/colours.css
index 287d9f0..aac47e3 100644
--- a/styles/colours.css
+++ b/styles/colours.css
@@ -27,6 +27,9 @@
     --background: white;
     --background-dark: #121212;
 
+    --foreground: black;
+    --foreground-dark: white;
+
     color-scheme: light dark;
 }
 
@@ -107,8 +110,15 @@ input[data-com-onepassword-filled="dark"] {
 }
 
 @media screen and (prefers-color-scheme: dark) {
+    :root {
+        --background: #121212;
+        --foreground: white;
+
+        color-scheme: light dark;
+    }
+
     html {
-        background: var(--background-dark, #121212);
+        background: var(--background, #121212);
     }
 
     button.primary, .button.primary {
@@ -126,7 +136,6 @@ input[data-com-onepassword-filled="dark"] {
     }
 
     input, textarea {
-
         background-color: #2c2c2c77;
     }
 
diff --git a/styles/profiles.css b/styles/profiles.css
index 01c8d67..fb02a44 100644
--- a/styles/profiles.css
+++ b/styles/profiles.css
@@ -1,5 +1,5 @@
 
-#profile {
+#mini_profile {
     display: flex;
     gap: 1rem;
     padding: 1rem;
@@ -12,18 +12,18 @@
     background: var(--grey-0);
 }
 
-#profile > .avatar {
+#mini_profile > .avatar {
     height: 150px;
 
     border-radius: 1em;
 }
 
-#profile > .info > .displayname {
+#mini_profile > .info > .displayname {
     font-size: 2.5rem;
     font-weight: bolder;
 }
 
-#profile > .info > .bcid {
+#mini_profile > .info > .bcid {
     font-size: 1.5rem;
 }
 
@@ -63,7 +63,7 @@
 }
 
 @media screen and (prefers-color-scheme: dark) {
-    #profile {
+    #mini_profile {
         background: var(--grey-9);
     }
 }
diff --git a/styles/settings.css b/styles/settings.css
new file mode 100644
index 0000000..86ad52f
--- /dev/null
+++ b/styles/settings.css
@@ -0,0 +1,69 @@
+
+#settings_split {
+    display: grid;
+
+    grid-template-columns: 1fr 4fr;
+}
+
+#mini_profile {
+    display: flex;
+    flex-direction: column;
+
+    border-radius: 1.5rem;
+    overflow: clip;
+}
+
+#mini_profile .image_container {
+    display: flex;
+    background: linear-gradient(to bottom, white, var(--background) 90%);
+}
+
+#mini_profile .image_container img {
+    width: 50%;
+    margin: 0.5rem auto auto;
+    padding-top: 0.5rem;
+    border-radius: 1rem;
+}
+
+#mini_profile .texts {
+    text-align: center;
+    display: flex;
+    flex-direction: column;
+
+    padding-top: 1rem;
+}
+
+#mini_profile .texts .displayname {
+    font-size: 2rem;
+    font-weight: bold;
+}
+
+#settings_list {
+    list-style: none;
+}
+
+#settings_list > h1 {
+    margin: 0 0 1rem 0;
+}
+
+#settings_list li {
+    border-top: var(--foreground) 1px solid;
+}
+
+#settings_list li:first-child {
+    border-top: none;
+}
+
+#settings_list li > a {
+    display: block;
+    padding: 1rem 0;
+
+    color: var(--foreground);
+    text-decoration: none;
+
+    transition: color 0.2s ease-in-out;
+}
+
+#settings_list li > a:hover {
+    color: var(--flax)
+}