diff --git a/templates/create_password.html b/templates/create_password.html
index 25829fe..1a94997 100644
--- a/templates/create_password.html
+++ b/templates/create_password.html
@@ -9,8 +9,8 @@
 <h2>Please enter a password for your new Curious Greg account.</h2>
 <!-- <div id='logo-main'></div> -->
 <form action='/internal/create_account' method='POST'>
-	<div id='form-avi' style='background-image:url("https://fedi.lynnesbian.space/system/accounts/avatars/000/000/002/original/7ebcb4b973eee926.gif?1541354017")'></div>
-	<span id='form-avi-label'>@lynnesbian@fedi.lynnesbian.space</span><br /><br />
+	<div id='form-avi' style='background-image:url("")'></div>
+	<span id='form-avi-label'>{{ session['acct'] }}</span><br /><br />
 	<label for='pw'>Password</label><br />
 	<input type='password' name='pw' placeholder='••••••••' required /><br />
 	<button>Create Account</button>
diff --git a/templates/landing_page.html b/templates/landing_page.html
index 7b11383..29b8378 100644
--- a/templates/landing_page.html
+++ b/templates/landing_page.html
@@ -8,7 +8,7 @@
 <h1>Curious Greg</h1>
 <h2>Connect your Curious Cat and Mastodon accounts for automated crossposting.</h2>
 <!-- <div id='logo-main'></div> -->
-<form action='/internal/create_app' method='POST'>
+<form action='/internal/auth_a' method='GET'>
 	<label for='instance'>Instance URL</label><br />
 	<input name='instance' placeholder='mastodon.social' id='instance-input' /><br />
 	<button>Sign Up</button>
diff --git a/web.py b/web.py
index f1cd335..458a889 100755
--- a/web.py
+++ b/web.py
@@ -11,10 +11,11 @@ import bcrypt
 import urllib
 
 cfg = json.load(open("meta.json"))
+scopes = ["read:accounts", "write:statuses"]
 
 db = sqlite3.connect("database.db") #TODO: switch to mysql so concurrency is possible
 c = db.cursor()
-c.execute("CREATE TABLE IF NOT EXISTS `data` (username TEXT NOT NULL, instance TEXT NOT NULL, password TEXT NOT NULL, avi TEXT NOT NULL, secret TEXT NOT NULL, appid TEXT NOT NULL, appsecret TEXT NOT NULL, cc TEXT, latest_post TEXT, latest_timestamp TEXT, time_between_checks INT)")
+c.execute("CREATE TABLE IF NOT EXISTS `data` (username TEXT NOT NULL, instance TEXT NOT NULL, password TEXT NOT NULL, avi TEXT NOT NULL, secret TEXT NOT NULL, client_id TEXT NOT NULL, client_secret TEXT NOT NULL, cc TEXT, latest_post TEXT, latest_timestamp TEXT, time_between_checks INT)")
 
 app = Flask(cfg['name'])
 app.secret_key = cfg['flask_key']
@@ -53,34 +54,30 @@ def log_in():
 @app.route('/internal/auth_a')
 def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow
 
-	session['instance_url'] = request.args.get('url', default='mastodon.social', type=str)
+	session['instance_url'] = request.args.get('instance', default='mastodon.social', type=str)
 	if not session['instance_url'].startswith("https://"):
 		session['instance_url'] = "https://{}".format(session['instance_url'])
 
 	session['client_id'], session['client_secret'] = Mastodon.create_app(cfg['name'],
 		api_base_url=session['instance_url'],
-		scopes=["write:statuses", "read:accounts"],
+		scopes=scopes,
 		website=cfg['website'],
-		redirect_uris=['https://cg.lynnesbian.space/internal/auth_b']
+		redirect_uris=['https://cg.lynnesbian.space/internal/auth_b', 'http://localhost:5000/internal/auth_b']
 	)
 
-	params = {
-		"client_id": session['client_id'],
-		"client_secret":session['client_secret'],
-		"scope":"write:statuses+read:accounts",
-		"redirect_uri": "https://cg.lynnesbian.space/internal/auth_b",
-		"response_type":"code",
-	}
-
-	url = "{}/oauth/authorize?{}".format(session['instance_url'], urllib.parse.urlencode(params))
-	return url
+	client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
+	url = client.auth_request_url(client_id=session['client_id'], redirect_uris='http://localhost:5000/internal/auth_b', scopes=scopes)
+	
+	return redirect(url, code=307)
 
 @app.route('/internal/auth_b')
 def internal_auth_b():
-	session['secret'] = request.args.get('code')
 	#write details to DB
-	client = Mastodon(access_token = session['secret'], api_base_url=session['instance_url'])
-	session['username'] = client.account_verify_credentials()['username']
+	client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
+	session['secret'] = client.log_in(code = request.args.get('code'), scopes=scopes, redirect_uri='http://localhost:5000/internal/auth_b')
+	acct_info = client.account_verify_credentials()
+	session['username'] = acct_info['username']
+	session['avi'] = acct_info['avatar']
 	session['acct'] = "@{}@{}".format(session['username'], session['instance_url'].replace("https://", ""))
 	if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance_url'])).fetchone()[0] > 0:
 		#user already has an account with CG
@@ -99,5 +96,5 @@ def create_password():
 @app.route('/internal/create_account', methods=['POST'])
 def create_account():
 	pw = bcrypt.hashpw(request.form['pw'], bcrypt.gensalt(15))
-	c.execute("INSERT INTO data (username, instance, password, secret, appid, appsecret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'],  session['secret'], session['client_id'], session['client_secret']))
+	c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'],  session['secret'], session['client_id'], session['client_secret']))
 	db.commit()