diff --git a/.ruby-version b/.ruby-version
index c46effc..9c1555f 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-ruby-1.9.3-p385
+ruby-3.3.2
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..c9ee65e
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+FROM ruby:1.9.3
+
+# TODO: install imagemagick, arp-scan(?)
+
+WORKDIR /app
+COPY . /app
+
+RUN bundle install
+
+# Copy example Docker configs and generate a random secret token
+# .env will be handled by ENV in docker-compose
+RUN cp config/database.yml.docker config/database.yml &&\
+    cp config/config.yml.docker config/config.yml &&\
+    echo "Dooraccess::Application.config.secret_token = \"$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30; echo)\"" > config/initializers/secret_token.rb
+
+EXPOSE 3000
+CMD "/app/docker-run.sh"
\ No newline at end of file
diff --git a/Gemfile b/Gemfile
index dcf5099..f4c4f21 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,56 +1,24 @@
-source 'https://rubygems.org'
-
-ruby '1.9.3'
-
-gem 'rails', '3.2.8'
-gem 'dotenv-rails'
-
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-
-gem 'sqlite3'
-gem 'pg'
-gem 'taps'
-
-gem 'json'
-
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  gem 'sass-rails',   '~> 3.2.3'
-  gem 'coffee-rails', '~> 3.2.1'
-
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  gem 'therubyracer', :platform => :ruby
-
-  gem 'uglifier', '>= 1.0.3'
-end
-
-gem 'jquery-rails'
-
-gem 'devise'
-
-gem "cancan"
-
-# To use ActiveModel has_secure_password
-gem 'bcrypt-ruby', '~> 3.0.0'
-
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
-# Use unicorn as the app server
-# gem 'unicorn'
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-#gem 'debugger'
+source "https://rubygems.org"
+
+ruby "3.3.2"
+
+gem "rails", "~> 7.1"
+gem "dotenv-rails"
+gem "sprockets-rails"
+gem "pg"
+gem "puma"
+gem "importmap-rails"
+gem "turbo-rails"
+gem "stimulus-rails"
+gem "jbuilder"
+gem "redis"
+gem "tzinfo-data", platforms: %i[ mingw mswin x64_mingw jruby ]
+gem "bootsnap", require: false
+gem "jquery-rails"
+gem "devise"
+gem "rails-healthcheck"
+gem "recaptcha"
+gem "cancancan"
 
 gem "paperclip", "~> 3.0"
-gem "aws-sdk"
-gem 'gravtastic'
-
-gem 'passenger'
-
-gem "rails-settings-cached", "0.2.4"
+gem "gravtastic"
diff --git a/Gemfile.lock b/Gemfile.lock
index e597316..0ffd8a4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,177 +1,271 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.8)
-      actionpack (= 3.2.8)
-      mail (~> 2.4.4)
-    actionpack (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.0)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.8)
-      activesupport (= 3.2.8)
-      builder (~> 3.0.0)
-    activerecord (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.8)
-      activemodel (= 3.2.8)
-      activesupport (= 3.2.8)
-    activesupport (3.2.8)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    arel (3.0.2)
-    aws-sdk (1.33.0)
-      json (~> 1.4)
-      nokogiri (>= 1.4.4)
-      uuidtools (~> 2.1)
-    bcrypt-ruby (3.0.1)
-    builder (3.0.4)
-    cancan (1.6.10)
-    climate_control (0.0.3)
-      activesupport (>= 3.0)
-    cocaine (0.5.3)
+    actioncable (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+      zeitwerk (~> 2.6)
+    actionmailbox (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      actionview (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
+      rails-dom-testing (~> 2.2)
+    actionpack (7.1.3.4)
+      actionview (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actiontext (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.1.3.4)
+      activesupport (= 7.1.3.4)
+      builder (~> 3.1)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.3.4)
+      activesupport (= 7.1.3.4)
+      globalid (>= 0.3.6)
+    activemodel (7.1.3.4)
+      activesupport (= 7.1.3.4)
+    activerecord (7.1.3.4)
+      activemodel (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      timeout (>= 0.4.0)
+    activestorage (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      marcel (~> 1.0)
+    activesupport (7.1.3.4)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      mutex_m
+      tzinfo (~> 2.0)
+    base64 (0.2.0)
+    bcrypt (3.1.20)
+    bigdecimal (3.1.8)
+    bootsnap (1.18.4)
+      msgpack (~> 1.2)
+    builder (3.3.0)
+    cancancan (3.6.1)
+    climate_control (0.2.0)
+    cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
-    coffee-rails (3.2.2)
-      coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
-    coffee-script (2.2.0)
-      coffee-script-source
-      execjs
-    coffee-script-source (1.6.3)
-    daemon_controller (1.1.5)
-    devise (2.2.7)
-      bcrypt-ruby (~> 3.0)
+    concurrent-ruby (1.3.3)
+    connection_pool (2.4.1)
+    crass (1.0.6)
+    date (3.3.4)
+    devise (4.9.4)
+      bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (~> 3.1)
-      warden (~> 1.2.1)
-    dotenv (0.10.0)
-    dotenv-rails (0.10.0)
-      dotenv (= 0.10.0)
-    erubis (2.7.0)
-    execjs (2.0.2)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    dotenv (3.1.2)
+    dotenv-rails (3.1.2)
+      dotenv (= 3.1.2)
+      railties (>= 6.1)
+    drb (2.2.1)
+    erubi (1.13.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     gravtastic (3.2.6)
-    hike (1.2.3)
-    i18n (0.6.5)
-    journey (1.0.4)
-    jquery-rails (3.0.4)
-      railties (>= 3.0, < 5.0)
+    i18n (1.14.5)
+      concurrent-ruby (~> 1.0)
+    importmap-rails (2.0.1)
+      actionpack (>= 6.0.0)
+      activesupport (>= 6.0.0)
+      railties (>= 6.0.0)
+    io-console (0.7.2)
+    irb (1.14.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    jbuilder (2.12.0)
+      actionview (>= 5.0.0)
+      activesupport (>= 5.0.0)
+    jquery-rails (4.6.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    json (1.8.1)
-    libv8 (3.16.14.3)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.25)
-    mini_portile (0.5.2)
-    multi_json (1.8.2)
-    nokogiri (1.6.1)
-      mini_portile (~> 0.5.0)
-    orm_adapter (0.4.0)
+    loofah (2.22.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    mail (2.8.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    marcel (1.0.4)
+    mime-types (3.5.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2024.0806)
+    mini_mime (1.1.5)
+    minitest (5.24.1)
+    msgpack (1.7.2)
+    mutex_m (0.2.0)
+    net-imap (0.4.14)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.2)
+      timeout
+    net-smtp (0.5.0)
+      net-protocol
+    nio4r (2.7.3)
+    nokogiri (1.16.7-arm64-darwin)
+      racc (~> 1.4)
+    orm_adapter (0.5.0)
     paperclip (3.5.4)
       activemodel (>= 3.0.0)
       activesupport (>= 3.0.0)
       cocaine (~> 0.5.3)
       mime-types
-    passenger (4.0.19)
-      daemon_controller (>= 1.1.0)
-      rack
-      rake (>= 0.8.1)
-    pg (0.17.0)
-    polyglot (0.3.3)
-    rack (1.4.5)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.3)
-      rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (3.2.8)
-      actionmailer (= 3.2.8)
-      actionpack (= 3.2.8)
-      activerecord (= 3.2.8)
-      activeresource (= 3.2.8)
-      activesupport (= 3.2.8)
-      bundler (~> 1.0)
-      railties (= 3.2.8)
-    rails-settings-cached (0.2.4)
-      rails (>= 3.0.0)
-    railties (3.2.8)
-      actionpack (= 3.2.8)
-      activesupport (= 3.2.8)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.1.0)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    ref (1.0.5)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    sass (3.2.11)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
-    sequel (3.20.0)
-    sinatra (1.0)
-      rack (>= 1.0)
-    sprockets (2.1.3)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.8)
-    taps (0.3.24)
-      rack (>= 1.0.1)
-      rest-client (>= 1.4.0, < 1.7.0)
-      sequel (~> 3.20.0)
-      sinatra (~> 1.0.0)
-    therubyracer (0.12.0)
-      libv8 (~> 3.16.14.0)
-      ref
-    thor (0.18.1)
-    tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.38)
-    uglifier (2.2.1)
-      execjs (>= 0.3.0)
-      multi_json (~> 1.0, >= 1.0.2)
-    uuidtools (2.1.4)
-    warden (1.2.3)
-      rack (>= 1.0)
+    pg (1.5.7)
+    psych (5.1.2)
+      stringio
+    puma (6.4.2)
+      nio4r (~> 2.0)
+    racc (1.8.1)
+    rack (3.1.7)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rails (7.1.3.4)
+      actioncable (= 7.1.3.4)
+      actionmailbox (= 7.1.3.4)
+      actionmailer (= 7.1.3.4)
+      actionpack (= 7.1.3.4)
+      actiontext (= 7.1.3.4)
+      actionview (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activemodel (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      bundler (>= 1.15.0)
+      railties (= 7.1.3.4)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-healthcheck (1.4.0)
+      actionpack
+      railties
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
+      irb
+      rackup (>= 1.0.0)
+      rake (>= 12.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rake (13.2.1)
+    rdoc (6.7.0)
+      psych (>= 4.0.0)
+    recaptcha (5.17.0)
+    redis (5.2.0)
+      redis-client (>= 0.22.0)
+    redis-client (0.22.2)
+      connection_pool
+    reline (0.5.9)
+      io-console (~> 0.5)
+    responders (3.1.1)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
+    sprockets (4.2.1)
+      concurrent-ruby (~> 1.0)
+      rack (>= 2.2.4, < 4)
+    sprockets-rails (3.5.2)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      sprockets (>= 3.0.0)
+    stimulus-rails (1.3.3)
+      railties (>= 6.0.0)
+    stringio (3.1.1)
+    thor (1.3.1)
+    timeout (0.4.1)
+    turbo-rails (2.0.6)
+      actionpack (>= 6.0.0)
+      activejob (>= 6.0.0)
+      railties (>= 6.0.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    webrick (1.8.1)
+    websocket-driver (0.7.6)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.6.17)
 
 PLATFORMS
-  ruby
+  arm64-darwin-23
 
 DEPENDENCIES
-  aws-sdk
-  bcrypt-ruby (~> 3.0.0)
-  cancan
-  coffee-rails (~> 3.2.1)
+  bootsnap
+  cancancan
   devise
   dotenv-rails
   gravtastic
+  importmap-rails
+  jbuilder
   jquery-rails
-  json
   paperclip (~> 3.0)
-  passenger
   pg
-  rails (= 3.2.8)
-  rails-settings-cached (= 0.2.4)
-  sass-rails (~> 3.2.3)
-  sqlite3
-  taps
-  therubyracer
-  uglifier (>= 1.0.3)
+  puma
+  rails (~> 7.1)
+  rails-healthcheck
+  recaptcha
+  redis
+  sprockets-rails
+  stimulus-rails
+  turbo-rails
+  tzinfo-data
+
+RUBY VERSION
+   ruby 3.3.2p78
+
+BUNDLED WITH
+   2.5.9
diff --git a/README.md b/README.md
index afa8e86..631835e 100644
--- a/README.md
+++ b/README.md
@@ -1,18 +1,26 @@
-Open Access Control Web Interface
-==
+# Open Access Control Web Interface
 
 Web software for managing a database of members in a collaborative grassroots workshop, and also controlling Arclight of 23b Hackerspace's Arduino access control system via Ethernet ( see: https://github.com/zyphlar/Open_Access_Control_Ethernet )
 
 https://github.com/zyphlar/Open-Source-Access-Control-Web-Interface
 
-Copyright Will Bradley, 2012-2014
+Copyright Will Bradley, 2012-2024
 Distributed under a Creative Commons Attribution 3.0 license http://creativecommons.org/licenses/by/3.0/
 
 ![screenshot](https://cloud.githubusercontent.com/assets/48434/8439253/a9a810e6-1f1f-11e5-8b5c-3f0b22f14a9f.png)
 
 Contributions welcome! Simply send a pull request via Github.
 
-To use:
+
+## Docker (development) setup
+
+* Run `docker compose up`
+* Once running, seed the (development, right?) database with `docker exec -it members_web rake db:setup`
+* Default user/pass is in `db/seeds.rb`
+* Note by default the DB is persisted in the `db_data` volume but the source code is only copied during docker build. That can be changed if desired.
+* The DB server can be accessed from the host machine via `postgres://postgres:postgres@localhost:5432/members_db_development` -- further work would be needed to set this up for production.
+
+## Manual setup
 
 * Install Imagemagick (for Paperclip / image uploads)
 * Install arp-scan (for LAN Mac address scanning)
@@ -20,6 +28,6 @@ To use:
 * Copy config/config.yml.example to config/config.yml and edit appropriately
 * Copy config/database.yml.example to config/database.yml and edit appropriately
 * Copy env.example to .env and edit appropriately for your Amazon S3 account OR adjust the resource.rb and contract.rb model settings to use different storage for picture attachments (via Paperclip)
-* Copy config/initializers/secret_token.rb.example to config/config/initializers/secret_token.rb and edit appropriately
+* Copy config/initializers/secret_token.rb.example to config/initializers/secret_token.rb and edit appropriately
 * See/edit db/seeds.rb for the initial admin account info.
 * Run bundle install, rake db:migrate, rake db:seed, etc.
diff --git a/app/assets/config/manifest.js b/app/assets/config/manifest.js
new file mode 100644
index 0000000..6fa9457
--- /dev/null
+++ b/app/assets/config/manifest.js
@@ -0,0 +1,5 @@
+//= link_tree ../images
+//= link_directory ../stylesheets.css
+//= link_tree ../../javascript.js
+//= link_tree ../../../vendor/javascript.js
+
diff --git a/app/controllers/door_logs_controller.rb b/app/controllers/door_logs_controller.rb
index d3ff0bd..8b17b50 100755
--- a/app/controllers/door_logs_controller.rb
+++ b/app/controllers/door_logs_controller.rb
@@ -6,7 +6,7 @@ class DoorLogsController < ApplicationController
   # GET /door_logs.json
   def index
 #    @door_logs = DoorLog.find(:all, :order => "created_at DESC", :limit => 1000)
-    @door_logs = DoorLog.where("key NOT LIKE 'alarm%' AND key != 'armed' AND key != 'activated'").order("created_at DESC").limit(1000)
+    @door_logs = DoorLog.where("key NOT LIKE 'alarm%' AND key != 'armed' AND key != 'activated'").order("created_at DESC").limit(3000)
 
 
     begin
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index 8a4f211..a11fc38 100755
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -15,30 +15,32 @@ def index
 #    end
 
     # Fun Stats
+
+    # Commented out for now, as it's not really useful and is a performance hit
     @featured_resource = Resource.where("picture_file_name IS NOT NULL").sample
 
-    @num_certs = UserCertification.count
-    @recent_certs = UserCertification.where("created_at > ?", DateTime.now - 7.days).count
-    @num_users = User.count
-    @recent_users = User.where("created_at > ?", DateTime.now - 7.days).count
+#    @num_certs = UserCertification.count
+#    @recent_certs = UserCertification.where("created_at > ?", DateTime.now - 7.days).count
+#    @num_users = User.count
+#    @recent_users = User.where("created_at > ?", DateTime.now - 7.days).count
     # Payments: member levels are multipled by 10 to indicate current payment; 25 x 10 = 250
-    @num_paid_users = User.all.select{|u| u.member_status >= 250 }.count
-    @num_plus_users = User.all.select{|u| u.member_status == 1000 }.count
-    @num_basic_users = User.all.select{|u| u.member_status == 500 }.count
-    @num_associate_users = User.all.select{|u| u.member_status == 250 }.count
-    @num_delinquent_users = User.all.select{|u| !u.payment_status }.count
+#    @num_paid_users = User.all.select{|u| u.member_status >= 250 }.count
+#    @num_plus_users = User.all.select{|u| u.member_status == 1000 }.count
+#    @num_basic_users = User.all.select{|u| u.member_status == 500 }.count
+#    @num_associate_users = User.all.select{|u| u.member_status == 250 }.count
+#    @num_delinquent_users = User.all.select{|u| !u.payment_status }.count
     if can? :read, User then
-      @recent_user_names = User.where("member_level > 10").accessible_by(current_ability).order('created_at desc').limit(5)
+      @recent_user_names = User.where("member_level > 0").accessible_by(current_ability).order('created_at desc').limit(5)
     end
-    @num_door_opens = DoorLog.where("key = 'G'").count
-    @today_door_opens = DoorLog.where("key = 'G' AND created_at > ?", DateTime.now - 1.day).count
-    @recent_door_opens = DoorLog.where("key = 'G' AND created_at > ?", DateTime.now - 7.days).count
-    @num_door_denieds = DoorLog.where("key = 'D'").count
-    @recent_door_denieds = DoorLog.where("key = 'D' AND created_at > ?", DateTime.now - 1.month).count
-    @num_logins = User.sum('sign_in_count')
-    @recent_logins = User.where('current_sign_in_at > ?',Date.today - 7.days).count
-    @num_macs = Mac.count
-    @recent_macs = Mac.where("since > ?", DateTime.now - 1.day).count
+#    @num_door_opens = DoorLog.where("key = 'G'").count
+#    @today_door_opens = DoorLog.where("key = 'G' AND created_at > ?", DateTime.now - 1.day).count
+#    @recent_door_opens = DoorLog.where("key = 'G' AND created_at > ?", DateTime.now - 7.days).count
+#    @num_door_denieds = DoorLog.where("key = 'D'").count
+#    @recent_door_denieds = DoorLog.where("key = 'D' AND created_at > ?", DateTime.now - 1.month).count
+#    @num_logins = User.sum('sign_in_count')
+#    @recent_logins = User.where('current_sign_in_at > ?',Date.today - 7.days).count
+#    @num_macs = Mac.count
+#    @recent_macs = Mac.where("since > ?", DateTime.now - 1.day).count
 
       respond_to do |format|
         format.html # index.html.erb
diff --git a/app/controllers/space_api_controller.rb b/app/controllers/space_api_controller.rb
index 39dcadf..ad78b67 100755
--- a/app/controllers/space_api_controller.rb
+++ b/app/controllers/space_api_controller.rb
@@ -89,7 +89,13 @@ def access_post
           DoorLog.create!({:key => "rem_"+DoorLog.parse_command(params['cmd'])[:url_param], :data => current_user.id})
 
           # Execute the access
-          @output += DoorLog.execute_command(params['cmd'])
+          ## unless it's unlocking the back door, per HYH 20180222 - Nate P
+          unless params['cmd'] == "unlock-rear"
+            @output += DoorLog.execute_command(params['cmd'])
+          else
+            @output += "Attempted to unlock the back door. This is no longer allowed."
+            Rails.logger.warn "----------\r\nWARNING: ATTEMPTED TO UNLOCK REAR DOOR. USER #{current_user.inspect}\r\n----------"
+          end
         end 
       end
     end
diff --git a/app/models/user.rb b/app/models/user.rb
index 16eef55..d1b753d 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -9,7 +9,7 @@ class User < ActiveRecord::Base
          :recoverable, :rememberable, :trackable, :validatable
 
   # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :admin, :instructor, :member, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications, :hidden, :marketing_source, :payee, :accountant, :exit_reason, :twitter_url, :facebook_url, :github_url, :website_url, :email_visible, :phone_visible, :postal_code #TODO: make admin/instructor/member/etc not accessible
+  attr_accessible :email, :password, :password_confirmation, :remember_me, :name, :emergency_name, :emergency_phone, :current_skills, :desired_skills, :waiver, :emergency_email, :phone, :payment_method, :orientation, :member_level, :certifications, :hidden, :marketing_source, :payee, :accountant, :exit_reason, :twitter_url, :facebook_url, :github_url, :website_url, :email_visible, :phone_visible, :postal_code
 
   belongs_to :oriented_by, :foreign_key => "oriented_by_id", :class_name => "User"
   has_many :cards
@@ -26,7 +26,8 @@ class User < ActiveRecord::Base
 
   validates_format_of [:twitter_url, :facebook_url, :github_url, :website_url], :with => URI::regexp(%w(http https)), :allow_blank => true
 
-  # disable # validates_presence_of :postal_code
+  validates_format_of :email, :without => /\.ru$/
+  validates_presence_of [:name, :postal_code, :current_skills, :desired_skills, :marketing_source]
 
   after_create :send_new_user_email
 
@@ -104,7 +105,7 @@ def member_level_string
   end
 
   def self.member_levels
-    {25 => "Associate", 50 => "Basic", 75 => "Basic", 100 => "Plus"}
+    {20 => "Associate", 25 => "Associate", 35 => "Associate", 50 => "Basic", 75 => "Basic", 80 => 'Basic', 100 => "Plus"}
   end
 
   def payment_status
diff --git a/app/views/home/index.html.erb b/app/views/home/index.html.erb
index 26d277c..db88861 100755
--- a/app/views/home/index.html.erb
+++ b/app/views/home/index.html.erb
@@ -16,8 +16,10 @@
   </div>
 <% end %>
 
-<div class="col-sm-4">  
+<div class="col-sm-4">
+<% if false %>
   <h2>Cool Stats:</h2>
+  <span>Disabled for now.</span>
   <dl>
     <dt># of People in this DB:</dt>
     <dd><%= @num_users %> (<%= @recent_users %> new in the last 7 days)</dd>
@@ -34,6 +36,7 @@
     <dt># of Computers in this DB:</dt>
     <dd><%= @num_macs %> (<%= @recent_macs %> seen today)</dd>
   </dl>
+<% end %>
 </div>
 
 <div class="col-sm-4">
@@ -47,4 +50,4 @@
 <span class="col-sm-4">
   <h3>Featured tool:</h3>
   <%= render @featured_resource unless @featured_resource.blank? %>
-</span>
\ No newline at end of file
+</span>
diff --git a/app/views/space_api/access.html.erb b/app/views/space_api/access.html.erb
index c1bfa64..93efb77 100755
--- a/app/views/space_api/access.html.erb
+++ b/app/views/space_api/access.html.erb
@@ -90,13 +90,6 @@
   </p>
   <% end %>
   <span id="status">
-    <div>
-      <span id="overall_status">
-        Both<br/>
-      <%= button_tag "Unlock", {name: "cmd", value: "unlock", class: "btn unlock"} %>
-      <%= button_tag "Lock", {name: "cmd", value: "lock", class: "btn lock"} %>
-      </span>
-    </div>
     <span id="door_1_status">
       Front Door<br/>
       <%= button_tag "Open", {name: "cmd", value: "open-front", class: "btn unlock"} %>
@@ -106,7 +99,6 @@
     <span id="door_2_status">
       Rear Door<br/>
       <%= button_tag "Open", {name: "cmd", value: "open-rear", class: "btn unlock"} %>
-      <%= button_tag "Unlock", {name: "cmd", value: "unlock-rear", class: "btn unlock"} %>
       <%= button_tag "Lock", {name: "cmd", value: "lock-rear", class: "btn lock"} %>
     </span>
     <p>Green = open, Red = locked.</p>
diff --git a/config/application.rb b/config/application.rb
index 5b119f1..7943451 100755
--- a/config/application.rb
+++ b/config/application.rb
@@ -1,59 +1,19 @@
-require File.expand_path('../boot', __FILE__)
+require_relative "boot"
 
-require 'rails/all'
+require "rails/all"
 
-if defined?(Bundler)
-  # If you precompile assets before deploying to production, use this line
-  #Bundler.require(*Rails.groups(:assets => %w(development test)))
-  # If you want your assets lazily compiled in production, use this line
-  Bundler.require(:default, :assets, Rails.env)
-end
+Bundler.require(*Rails.groups)
 
 module Dooraccess
   class Application < Rails::Application
-    # Settings in config/environments/* take precedence over those specified here.
-    # Application configuration should go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded.
-
-    # Custom directories with classes and modules you want to be autoloadable.
-    # config.autoload_paths += %W(#{config.root}/extras)
-
-    # Only load the plugins named here, in the order given (default is alphabetical).
-    # :all can be used as a placeholder for all plugins not explicitly named.
-    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
-
-    # Activate observers that should always be running.
-    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
-
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    config.time_zone = 'America/Phoenix'
-
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :de
-
-    # Configure the default encoding used in templates for Ruby 1.9.
-    config.encoding = "utf-8"
+    # config.active_support.cache_format_version = 7.0
+    config.load_defaults 7.1
+    config.time_zone = "America/Phoenix"
 
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password, :pass]
 
-    # Use SQL instead of Active Record's schema dumper when creating the database.
-    # This is necessary if your schema can't be completely dumped by the schema dumper,
-    # like if you have constraints or database-specific column types
-    # config.active_record.schema_format = :sql
-
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
-    # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
-
-    # Enable the asset pipeline
-    config.assets.enabled = true
-
     # Version of your assets, change this if you want to expire all your assets
-    config.assets.version = '1.1'
+    config.assets.version = "1.1"
   end
 end
diff --git a/config/boot.rb b/config/boot.rb
index 4489e58..988a5dd 100755
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,6 +1,4 @@
-require 'rubygems'
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
-
-require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+require "bundler/setup" # Set up gems listed in the Gemfile.
+require "bootsnap/setup" # Speed up boot time by caching expensive operations.
diff --git a/config/config.yml.docker b/config/config.yml.docker
new file mode 100644
index 0000000..9dfbec0
--- /dev/null
+++ b/config/config.yml.docker
@@ -0,0 +1,32 @@
+development:
+  door_access_url: "http://192.168.1.177"
+  door_access_password: "1234"
+  smtp_tls: true
+  smtp_address: "inbucket"
+  smtp_port: 10025
+  smtp_domain: "gmail.com"
+  smtp_authentication: "login"
+  smtp_user: "user"
+  smtp_password: "passw0rd"
+
+test:
+  door_access_url: "http://192.168.1.177"
+  door_access_password: "1234"
+  smtp_tls: true
+  smtp_address: "inbucket"
+  smtp_port: 10025
+  smtp_domain: "gmail.com"
+  smtp_authentication: "login"
+  smtp_user: "user"
+  smtp_password: "passw0rd"
+
+production:
+  door_access_url: "http://192.168.1.177"
+  door_access_password: "1234"
+  smtp_tls: true
+  smtp_address: "smtp.gmail.com"
+  smtp_port: 587
+  smtp_domain: "gmail.com"
+  smtp_authentication: "login"
+  smtp_user: ""
+  smtp_password: ""
diff --git a/config/database.yml.docker b/config/database.yml.docker
new file mode 100644
index 0000000..89ac294
--- /dev/null
+++ b/config/database.yml.docker
@@ -0,0 +1,36 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+
+development:
+  adapter: postgresql
+  encoding: unicode
+  database: members_db_development
+  host: members_postgres
+  pool: 5
+  username: members_db_development
+  password: members_db_development
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+
+test:
+  adapter: postgresql
+  encoding: unicode
+  database: members_db_test
+  host: members_postgres
+  pool: 5
+  username: members_db_test
+  password: members_db_test
+
+production:
+  adapter: postgresql
+  encoding: unicode
+  database: members_db_production
+  host: members_postgres
+  pool: 5
+  username: members_db_production
+  password: members_db_production
\ No newline at end of file
diff --git a/config/environments/development.rb b/config/environments/development.rb
index a904175..c3ffea1 100755
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -1,4 +1,5 @@
-Dooraccess::Application.configure do
+Rails.application.configure do
+  config.eager_load = false
   # Settings specified here will take precedence over those in config/application.rb
 
   # In the development environment your application's code is reloaded on
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 89d5aee..3822d0f 100755
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -1,4 +1,5 @@
-Dooraccess::Application.configure do
+Rails.application.configure do
+  config.eager_load = true
   # Settings specified here will take precedence over those in config/application.rb
 
   # Code is not reloaded between requests
diff --git a/config/initializers/default_settings.rb b/config/initializers/default_settings.rb
index f3a01e7..05888ab 100755
--- a/config/initializers/default_settings.rb
+++ b/config/initializers/default_settings.rb
@@ -1,3 +1,4 @@
+=begin
 @@default_settings = {
   :welcome_title => "Welcome to the Hackerspace Members Site",
   :welcome_body => "<p>We are a member-driven community workshop where you can learn, make cool stuff, meet other cool people, and make your city a better place to live!</p><p>You don't have to be a member to come visit, but if you're interested in volunteering or being a member, feel free to sign up here! For more information, <a href=\"/more_info\">Click Here</a>.</p>",
@@ -45,3 +46,4 @@
     Setting.save_default(key, value)
   end
 end
+=end
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..599caea
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,53 @@
+version: "3"
+services:
+  members_web:
+    restart: 'unless-stopped'
+    container_name: members_web
+    build:
+      # target: dev
+      context: .
+    depends_on:
+      members_postgres:
+        condition: service_healthy
+    ports:
+      - "3000:3000"
+    # environment:
+      # TODO: implement for Paperclip uploads (user-provided photos, PDFs, etc)
+      # S3_BUCKET: ""
+      # S3_KEY: ""
+      # S3_SECRET: ""
+    # volumes:
+      # Uncomment and use volume overlays to easily edit the app as a developer
+      # - .:/app
+
+  members_postgres:
+    container_name: members_postgres
+    image: postgres:9.6.1-alpine
+    ports:
+      - "5432:5432"
+    environment:
+      POSTGRES_MULTIPLE_DATABASES: members_db_development,members_db_test
+      POSTGRES_PASSWORD: postgres
+    volumes:
+      - db_data:/var/lib/postgresql/data
+      # Script to create users/DBs according to POSTGRES_MULTIPLE_DATABASES
+      - ./pg-init-scripts:/docker-entrypoint-initdb.d
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  inbucket:
+    image: inbucket/inbucket:3.0.4
+    restart: always
+    ports:
+      - 10001:10001 # inbucket web ui
+    environment:
+      INBUCKET_WEB_ADDR: "0.0.0.0:10001"
+      INBUCKET_POP3_ADDR: "0.0.0.0:10110"
+      INBUCKET_SMTP_ADDR: "0.0.0.0:10025"
+
+volumes:
+  db_data:
+    driver: local
diff --git a/docker-run.sh b/docker-run.sh
new file mode 100644
index 0000000..1e26587
--- /dev/null
+++ b/docker-run.sh
@@ -0,0 +1,2 @@
+rm -f /app/tmp/pids/server.pid
+rails server -b 0.0.0.0
\ No newline at end of file
diff --git a/pg-init-scripts/Dockerfile b/pg-init-scripts/Dockerfile
new file mode 100644
index 0000000..cb4cbfc
--- /dev/null
+++ b/pg-init-scripts/Dockerfile
@@ -0,0 +1,2 @@
+FROM postgres:9.6
+COPY create-postgres-databases.sh /docker-entrypoint-initdb.d/
diff --git a/pg-init-scripts/create-postgres-databases.sh b/pg-init-scripts/create-postgres-databases.sh
new file mode 100644
index 0000000..ac6bbe6
--- /dev/null
+++ b/pg-init-scripts/create-postgres-databases.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+set -u
+
+function create_user_and_database() {
+	local database=$1
+	echo "💌  Creating user and database '$database'"
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+		CREATE USER $database WITH PASSWORD '$database';
+		CREATE DATABASE $database WITH OWNER $database;
+		GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
+EOSQL
+}
+
+if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
+	echo "❤️  Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
+	for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
+		create_user_and_database $db
+	done
+	echo "❤️  Multiple databases created"
+fi