diff --git a/conf/server.conf b/conf/server.conf
index 8766f0f..196aec4 100644
--- a/conf/server.conf
+++ b/conf/server.conf
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
 [global]
-environment= 'production'
+;environment= 'production'
 
 ; number of threads running
 server.thread_pool= 10
diff --git a/database.py b/database.py
index 017fe8d..c082bea 100644
--- a/database.py
+++ b/database.py
@@ -1,5 +1,6 @@
 
 import sqlite3
+from hashlib import sha256
 
 class Database(object):
     def __init__(self, db):
@@ -24,3 +25,18 @@ class Database(object):
             students = c.execute('SELECT number,name,password FROM students ORDER BY number ASC;')
             return students.fetchall()
 
+    def student_reset_pw(self, d):
+        # d = {'12345': 'mypassword', ...}
+        with sqlite3.connect(self.db) as c:
+            for num, pw in d.items():
+                if pw != '':
+                    pw = sha256(pw.encode('utf-8')).hexdigest()
+                cmd = 'UPDATE students SET password=? WHERE number=?'
+                c.execute(cmd, (pw, num))
+
+    def student_add(self, number, name, password=''):  # FIXME testar...
+        with sqlite3.connect(self.db) as c:
+            if password != '':
+                password = sha256(password.encode('utf-8')).hexdigest()
+            cmd = 'INSERT INTO students VALUES (?, ?, ?);'
+            c.execute(cmd, number, name, password)
diff --git a/serve.py b/serve.py
index 3edc4bb..a9bcf7e 100755
--- a/serve.py
+++ b/serve.py
@@ -6,7 +6,6 @@
 
 import cherrypy
 from mako.lookup import TemplateLookup
-import sqlite3
 import yaml
 import argparse
 from datetime import datetime
@@ -38,13 +37,18 @@ class Root(object):
 
     # --- STUDENTS -----------------------------------------------------------
     @cherrypy.expose
-    def students(self, reset_pw=None):
-        if cherrypy.session.get('userid') != '0':
-            raise cherrypy.HTTPRedirect('/')
+    @require()
+    # def students(self, reset_pw=None):
+    def students(self, **reset_pw):
+        uid = cherrypy.session.get('userid')
+
+        if uid != '0':
+            raise cherrypy.HTTPRedirect('/')  #FIXME use authorization @require(admin)
 
-        print(reset_pw)
-        if reset_pw is not None:
-            self.database.reset_pw(reset_pw)
+        if reset_pw:
+            self.database.student_reset_pw(reset_pw)
+            for num in reset_pw:
+                cherrypy.log.error('Password updated for student %s.' % str(num), 'APPLICATION')
 
         students = self.database.students()
         # print(students)
diff --git a/static/.DS_Store b/static/.DS_Store
index f547b80..0d96294 100644
Binary files a/static/.DS_Store and b/static/.DS_Store differ
diff --git a/static/css/.DS_Store b/static/css/.DS_Store
deleted file mode 100644
index 5008ddf..0000000
Binary files a/static/css/.DS_Store and /dev/null differ
diff --git a/static/js/.DS_Store b/static/js/.DS_Store
deleted file mode 100644
index 5008ddf..0000000
Binary files a/static/js/.DS_Store and /dev/null differ
diff --git a/templates/results.html b/templates/results.html
index 00ce0b8..bff406d 100644
--- a/templates/results.html
+++ b/templates/results.html
@@ -47,9 +47,9 @@
             <tbody>
                  % for r in results:
                 <tr>
-                    <td>${r[0]}</td>  <!-- data -->
-                    <td>${r[1]}</td>  <!-- teste -->
-                    <td>
+                    <td>${r[0]}</td>  <!-- numero -->
+                    <td>${r[1]}</td>  <!-- nome -->
+                    <td>              <!-- nota -->
                         <div class="progress">
                             % if r[2] < 10:
                                 <div class="progress-bar progress-bar-danger" role="progressbar" aria-valuenow="${'{0}'.format(round(r[2]))}" aria-valuemin="0" aria-valuemax="20" style="min-width: 2em; width: ${'{0}'.format(round(5 * r[2]))}%;">
diff --git a/templates/students.html b/templates/students.html
index c3c5c77..145d19d 100644
--- a/templates/students.html
+++ b/templates/students.html
@@ -45,7 +45,7 @@
                 </tr>
             </thead>
             <tbody>
-                 % for r in students:
+                % for r in students:
                     % if r[0] in loggedin:
                         <tr class="success">
                     % else:
@@ -54,17 +54,19 @@
                             <td>${r[0]}</td>  <!-- numero -->
                             <td>${r[1]}</td>  <!-- nome -->
                             <td class="col-sm-6">
-                                <form action="/students" method="post">
-                                <div class="input-group">
-                                    <span class="input-group-btn">
-                                        <button class="btn btn-danger" type="submit">reset</button>
-                                    </span>
-                                    <input type="text" class="form-control" placeholder="${r[2]}" name="number">
-                                </div><!-- /input-group -->
+                                <form action="/students/" method="post" id="${r[0]}">
+                                    <div class="input-group">
+                                        <span class="input-group-btn">
+                                            <!-- <button class="btn btn-danger" type="submit">reset</button> -->
+                                            <button form="${r[0]}" type="submit" value="submit" class="btn btn-danger">reset</button>
+
+                                        </span>
+                                        <input type="password" class="form-control" placeholder="${r[2]}" name="${r[0]}">
+                                    </div><!-- /input-group -->
                                 </form>
                             </td>  <!-- password -->
                         </tr>
-                 % endfor
+                % endfor
             </tbody>
         </table>
     </div> <!-- panel -->
--
libgit2 0.21.2