diff --git a/admin/index.php b/admin/index.php
index 07af98cbb362d592147734743060e1903850c033..3aadf5f396ed640ee9201261990344ab8285b70c 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -25,6 +25,9 @@ function site_content() {
     ORDER BY name ASC');
   $result->execute();
   $result = $result->fetchAll(PDO::FETCH_ASSOC); ?>
+    <div class="text-center mb-3">
+        <a class="btn btn-primary" href="{BASE_URL}db">{Go to database...|Adatbázis megnyitása...}</a>
+    </div>
     <div class="row">
         <div class="col-sm-10 offset-sm-1 col-lg-8 offset-lg-2">
             <table class="table table-striped table-hover">
@@ -46,7 +49,7 @@ function site_content() {
                         <a href="{BASE_URL}profile/?<?=$row['shibboleth']?>">
                         <?=$row['name']?></td>
                         </a>
-                    <td><?=$row['verified'] ?? 0 + $row['unverified'] ?? 0?></td>
+                    <td><?=($row['verified'] ?? 0) + ($row['unverified'] ?? 0)?></td>
                     <td>
                         <a href="{BASE_URL}verified/?<?=$row['shibboleth']?>">
                         <?=$row['verified'] ?? 0?>
diff --git a/auth/messages.json b/auth/messages.json
index e396eaa75f0f72e8cce9e73e4df123539f64fb09..8d22bf294794c67580ea1ef6757afea59dfa5a2a 100644
--- a/auth/messages.json
+++ b/auth/messages.json
@@ -12,8 +12,8 @@
         "hu": "<div class='text-center'>Olvasd le a kártyádat 3x a következő <span class='time'></span> másodpercen belül.</div>"
     },
     "success": {
-        "en": "You have successfully [registered and|] authenticated your card. From now, every time, you check in with that card, we will record your face and use these images to train the face recognition system.",
-        "hu": "A [regisztráció és|] kártya-hitelesítés sikeres volt. Mostantól minden egyes alkalommal, amikor ezzel a kártyával lépsz be az épületbe, rögzíteni fogjuk az arcodat, és az így készített képeket az arcfelismerő rendszer tanításához fel fogjuk használni."
+        "en": "You have successfully [registered and|] authenticated your card. From now, every time, you check in with that card, we will record your face and use these images to train the face recognition system.<div class='text-center'><a class='btn btn-primary m-2' href='{BASE_URL}profile'>Profile</a><a class='btn btn-primary m-2' href='{BASE_URL}verified'>Verified photos</a><a class='btn btn-primary m-2' href='{BASE_URL}unverified'>Unverified Photos</a></div>",
+        "hu": "A [regisztráció és|] kártya-hitelesítés sikeres volt. Mostantól minden egyes alkalommal, amikor ezzel a kártyával lépsz be az épületbe, rögzíteni fogjuk az arcodat, és az így készített képeket az arcfelismerő rendszer tanításához fel fogjuk használni.<div class='text-center'><a class='btn btn-primary m-2' href='{BASE_URL}profile'>Profil</a><a class='btn btn-primary m-2' href='{BASE_URL}verified'>Hitelesített képeks</a><a class='btn btn-primary m-2' href='{BASE_URL}unverified'>Nem hitelesített képek</a></div>"
     },
     "timeout": {
         "en": "<div class='text-center'>The authentication session has been timed out.<br><button onclick='start()' class='mt-3 btn btn-primary'>Start again</button></div>",
diff --git a/core/functions.js b/core/functions.js
index 61fb88773c82e955622fe16218eccdbafc28e558..af1f79d170539deef19f5381395cb51ecef8ba9f 100644
--- a/core/functions.js
+++ b/core/functions.js
@@ -71,9 +71,10 @@ function navbarAdjustments(isAdmin, isRegistered) {
     if (! isAdmin)
         $("#admin").hide();
     if (isRegistered) {
+        $("#auth").attr("id","auth-2");
+        $("#auth-2").hide();
         $("#auth-1 a").attr("href", "{BASE_URL}auth");
         $("#auth-1").attr("id","auth");
-        $("#auth-2").hide();
         $("#profile, #verified, #unverified, #auth-1").show();
     } else {
         $("#auth").attr("id","auth-1");
diff --git a/core/index.html b/core/index.html
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/photos/backend.php b/photos/backend.php
index e3edaab143528100b3ba127e395e57401f6204c1..81ebd3a19e7cc43f8e8f4ba3b3917c323eb68c49 100644
--- a/photos/backend.php
+++ b/photos/backend.php
@@ -1,4 +1,8 @@
 <?php
+if (!isset($_POST['page']) OR
+    ($_POST['page'] !== 'verified' AND $_POST['page'] !== 'unverified'))
+    die('Missing or wrong page information');
+
 require_once('../core/functions.php'); // isAdmin, isRegistered, shibboleth, db
 
 // Once the page is loaded, we do not want to send already loaded images
@@ -126,7 +130,8 @@ function updateAcceptedPhotos($card_ID, $accepted) {
     $statement = $db->prepare("
         UPDATE photo SET is_it_sure = TRUE
         WHERE photo_ID IN ($accepted) AND card_ID = :card_ID");
-    return $statement->execute([ 'card_ID' => $card_ID ]);
+    return $statement->execute([ 'card_ID' => $card_ID ]) AND
+        saveAnnotation($card_ID, $accepted, 'accepted');
 }
 
 function deleteRejectedPhotos($card_ID, $rejected) {
@@ -137,7 +142,23 @@ function deleteRejectedPhotos($card_ID, $rejected) {
     $statement = $db->prepare("
         DELETE FROM photo
         WHERE photo_ID IN ($rejected) AND card_ID = :card_ID");
-    return $statement->execute([ 'card_ID' => $card_ID ]);
+    return saveAnnotation($card_ID, $rejected, 'rejected') AND
+        $statement->execute([ 'card_ID' => $card_ID ]);
+}
+
+function saveAnnotation($card_ID, $IDs, $decision) {
+    global $db;
+    $statement = $db->prepare("
+    INSERT INTO annotation (user_ID, photo_timestamp, annotation_timestamp, source, annotation)
+    SELECT user_ID, timestamp, :now, :source, :annotation
+        FROM photo JOIN user USING(card_ID)
+        WHERE photo_ID IN ($IDs) AND card_ID = :card_ID");
+    return $statement->execute([
+        'now' => microtime(true)*1000,
+        'source' => $_POST['page'],
+        'annotation' => $decision,
+        'card_ID' => $card_ID
+    ]);
 }
 
 function getPhotos($limit, $last_timestamp) {