diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 2e90b757..f9b863c8 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -122,3 +122,16 @@ if (isset($_COOKIE[$config['cookies']['mod']])) {
 	);
 }
 
+function create_pm_header() {
+	global $mod;
+	$query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1");
+	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+	$query->execute() or error(db_error($query));
+	
+	if ($pm = $query->fetch()) {
+		return Array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
+	}
+	
+	return false;
+}
+
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 2b5487fd..4903567a 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -252,13 +252,42 @@ function mod_delete($board, $post) {
 
 function mod_users() {
 	global $config;
-	if(!hasPermission($config['mod']['manageusers']))
+	
+	if (!hasPermission($config['mod']['manageusers']))
 		error($config['error']['noaccess']);
 	
 	$args = array();
 	$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
 	$args['users'] = $query->fetchAll(PDO::FETCH_ASSOC);
 	
-	mod_page("Manage users", 'mod/users.html', $args);
+	mod_page('Manage users', 'mod/users.html', $args);
+}
+
+function mod_new_pm($username) {
+	global $config, $mod;
+	
+	if (!hasPermission($config['mod']['create_pm']))
+		error($config['error']['noaccess']);
+	
+	$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
+	$query->bindValue(':username', $username);
+	$query->execute() or error(db_error($query));
+	if (!$id = $query->fetchColumn(0))
+		error($config['error']['404']);
+	
+	if (isset($_POST['message'])) {
+		markup($_POST['message']);
+		
+		$query = prepare("INSERT INTO `pms` VALUES (NULL, :me, :id, :message, :time, 1)");
+		$query->bindValue(':me', $mod['id']);
+		$query->bindValue(':id', $id);
+		$query->bindValue(':message', $_POST['message']);
+		$query->bindValue(':time', time());
+		$query->execute() or error(db_error($query));
+		
+		header('Location: ?/', true, $config['redirect_http']);
+	}
+	
+	mod_page("New PM for {$username}", 'mod/new_pm.html', array('username' => $username, 'id' => $id));
 }
 
diff --git a/mod.php b/mod.php
index d95f9552..e7134603 100644
--- a/mod.php
+++ b/mod.php
@@ -28,7 +28,7 @@ $pages = array(
 	'!^/log/(\d+)$!'			=> 'log',		// modlog
 
 	'!^/users$!'				=> 'users',		// manage users
-	
+	'!^/new_PM/([^/]+)$!'			=> 'new_pm',		// create a new pm
 	
 	'!^/ban$!'				=> 'ban',		// new ban
 	'!^/IP/([\w.:]+)$!'			=> 'ip',		// view ip address
diff --git a/templates/mod/new_pm.html b/templates/mod/new_pm.html
new file mode 100644
index 00000000..d694bc26
--- /dev/null
+++ b/templates/mod/new_pm.html
@@ -0,0 +1,22 @@
+{#{% if id == mod.id %}
+	{% set username = 'me' %}
+{% endif %}#}
+
+<form action="" method="post">
+	<table>
+		<tr>
+			<th>To</th>
+			{% if mod|hasPermission(config.mod.editusers) %}
+				<td><a href="?/users/{{ id }}">{{ username|e }}</a></td>
+			{% else %}
+				<td>{{ username|e }}</td>
+			{% endif %}
+		</tr>
+		<tr>
+			<th>Message</th>
+			<td><textarea name="message" rows="10" cols="40"></textarea></td>
+		</tr>
+	</table>
+
+	<p style="text-align:center"><input type="submit" value="Send message"></p>
+</form>
diff --git a/templates/mod/users.html b/templates/mod/users.html
new file mode 100644
index 00000000..aeacc8b5
--- /dev/null
+++ b/templates/mod/users.html
@@ -0,0 +1,54 @@
+<table class="modlog" style="width:auto">
+	<tr>
+		<th>ID</th>
+		<th>Username</th>
+		<th>Type</th>
+		<th>Boards</th>
+		<th>Last action</th>
+		<th>&hellip;</th>
+	</tr>
+	
+	{% for user in users %}
+		<tr>
+			<td><small>{{ user.id }}</small></td>
+			<td>{{ user.username }}</td>
+			<td>
+				{% if user.type == constant('JANITOR') %}Janitor
+				{% elseif user.type == constant('MOD') %}Mod
+				{% elseif user.type == constant('ADMIN') %}Admin
+				{% endif %}
+			</td>
+			<td>
+				{# This is really messy, but IMO it beats doing it in PHP. #}
+				{% set boards = user.boards|split(',') %}
+				{% set _boards = [] %}
+				{% for board in boards %}
+					{% set _boards = _boards|push(board == '*' ? '*' : config.board_abbreviation|sprintf(board)) %}
+				{% endfor %}
+				{% set _boards = _boards|sort %}
+				{{ _boards|join(', ') }}
+			</td>
+			<td>
+				{% if mod|hasPermission(config.mod.modlog) %}
+					<span title="{{ user.action|e }}">{{ user.last|ago }}</span>
+				{% else %}
+					&ndash;
+				{% endif %}
+			</td>
+			<td>
+				{% if mod|hasPermission(config.mod.promoteusers) and user.type < constant('ADMIN') %}
+					<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/promote" title="Promote">&#9650;</a> 
+				{% endif %}
+				{% if mod|hasPermission(config.mod.promoteusers) and user.type > constant('JANITOR') %}
+					<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/demote" title="Demote">&#9660;</a> 
+				{% endif %}
+				{% if mod|hasPermission(config.editusers) or (mod|hasPermission(config.change_password) and mod.id == user.id) %}
+					<a class="unimportant" style="margin-left:5px;float:right" href="?/users/{{ user.id }}">[edit]</a> 
+				{% endif %}
+				{% if mod|hasPermission(config.mod.create_pm) %}
+					<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/{{ user.username }}">[PM]</a>
+				{% endif %}
+			</td>
+		</tr>
+	{% endfor %}
+</table>