diff --git a/foftickets.js b/foftickets.js
index ba2d34c..cb15f2e 100644
--- a/foftickets.js
+++ b/foftickets.js
@@ -41,7 +41,10 @@ const QRSalt   ="!SaltyMagic5392370662";
 //   + Turn ticket use on/off from Settings (Admin)
 //   + Turn email on/off from Settings (Admin)
 //   + Magic-link Login System
+//     Convert all the routes to use common.(user,superuser,
+//     Display messages for all GET routes?
 //     Setting to deactivate transfers globally
+//     Option to "Email me my QR Code"
 //     Mass-import of individual tickets
 //   + Cookie based QR code functionality
 //   + Create Account (User)
@@ -120,6 +123,24 @@ function MagicLinkValid(email,hash) {
     }
 
 
+app.use((req, res, next) => {
+    console.log("Middleware! req.session=",req.session);
+    res.locals.commonData = {
+        username: req.username, // Attach user info if available
+        superuser: req.superuser,
+        error:   req.session && req.session.error   || null, // Flash error messages
+        success: req.session && req.session.success || null, // Flash success messages
+    };
+
+    // Clear session-based flash messages after use
+    if (req.session) {
+        delete req.session.error;
+        delete req.session.success;
+    }
+    next();
+    });
+
+
 //
 // In-memory data structures
 //
@@ -514,8 +535,9 @@ app.post('/login', (req, res) => {
         const redir=req.session.returnTo;
         delete req.session.returnTo;
         return res.redirect(redir || "/mytickets");
-  }
-  res.send('Invalid username or password. <a href="/login">Try again</a>');
+        }
+    req.session.error="Invalid username or password.";
+    return res.redirect("/login");
 });
 
 app.get('/logout', (req, res) => {
@@ -566,7 +588,7 @@ app.get("/checkscanqr", (req,res) => {
     });
 
 app.get('/changepassword', requireLogin,(req, res) => {
-    return res.render("changepassword");
+    return res.render("changepassword",{ username:req.session.username, superuser:req.session.superuser, settings:settings, message: "" });
     });
 
 app.post('/changepassword', requireLogin,(req, res) => {
@@ -595,7 +617,7 @@ app.post('/qrcodesu',requireSuperUser,async (req,res) => {
 
 
 app.get('/settings',requireSuperUser, (req,res) => {
-    res.render('settings',{ username:req.session.username, superuser:req.session.superuser, message: "" })
+    res.render('settings',{ username:req.session.username, superuser:req.session.superuser, settings:settings, message: "" })
     });
 
 app.post('/wipedb',requireSuperUser, (req,res) => {
@@ -621,6 +643,7 @@ app.post('/purge',requireSuperUser, (req,res) => {
 
 app.post('/update-setting', requireSuperUser, (req, res) => {
     settings[req.body.name]=req.body.checked;
+    console.log("setting got updated to ",settings[req.body.name]);
     res.json({ success: true, message: 'Checkbox state updated successfully' });
     });
 
diff --git a/views/settings.ejs b/views/settings.ejs
index 6d41968..19f0dcd 100644
--- a/views/settings.ejs
+++ b/views/settings.ejs
@@ -7,10 +7,10 @@
   <body>
     <%- include('partials/nav') %>
     <div class="content">
-    <input type="checkbox" class="setting" name="enable-email">Enable Email<br>
-    <input type="checkbox" class="setting" name="enable-ticket-use">Enable Ticket Use<br>
-    <input type="checkbox" class="setting" name="enable-credit-cards">Enable Credit Cards<br>
-    <input type="checkbox" class="setting" name="enable-transfers">Enable Transfers<br>
+    <input type="checkbox" class="setting" name="enable-email" <%= settings["enable-email"] ? "checked" : "" %> >Enable Email<br>
+    <input type="checkbox" class="setting" name="enable-ticket-use" <%= settings["enable-ticket-use"] ? "checked" : "" %> >Enable Ticket Use<br>
+    <input type="checkbox" class="setting" name="enable-credit-cards" <%= settings["enable-credit-cards"] ? "checked" : "" %> >Enable Credit Cards<br>
+    <input type="checkbox" class="setting" name="enable-transfers" <%= settings["enable-transfers"] ? "checked" : "" %> >Enable Transfers<br>
     <form action='/purge' method='post'>
       <button type="submit" >Purge Revoked Tickets</button>
     </form>