diff --git a/README.md b/README.md
index eaea182..406f3fd 100644
--- a/README.md
+++ b/README.md
@@ -157,7 +157,7 @@ These settings should only be changed if you're trying to make the user manager
    
 * `ACCEPT_WEAK_PASSWORDS` (default: *FALSE*):  Set this to *TRUE* to prevent a password being rejected for being too weak.  The password strength indicators will still gauge the strength of the password.  Don't enable this in a production environment.
    
-* `REMOTE_HTTP_HEADERS_LOGIN`(default: *FALSE*) Enables session managment from a external Service like Authelia. This setting compromisses your security if your not using a Auth-Proxy infront of this application
+* `REMOTE_HTTP_HEADERS_LOGIN`(default: *FALSE*) Enables session managment from an external service like Authelia. _This setting will compromise your security if you're not using an Auth-Proxy in front of this application_.
 
 #### Email sending settings
 
@@ -312,13 +312,19 @@ If you need to use this user manager with an existing LDAP directory and your ac
 
 `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` is a comma-separated list of objectClasses to add when creating the account record.  For example, `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=ldappublickey,couriermailaccount`.   
 
-To add extra fields for new attributes you need to pass a comma-separated string of the attributes and optionally the label for the attribute (which will be shown on the user form) and a default value to `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` separated by colons (`:`).   
-The format for configuring an attribute is: `attribute1:label1,default_value1,attribute2:label2:default_value2`.   If you don't supply a label then the form field will be labelled with the attribute name.  
-An example (for the couriermailaccount objectClass) would be: `mailbox:Mailbox:domain.com,quota:Mail quota:20`   
-   
-ObjectClasses often have attributes that must have a value, so you should definitely set a default for those attributes.   
+`LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` is a comma-separated list of attributes to be displayed as extra fields on the account management pages.    
+By default these fields will be empty, with the field named for the attribute, but you can set the field labels and optionally the default values by appending the attribute names with colon-separated values like so: `attribute_name:label:default_value`.   
+Multiple attributes are separated by commas, so you can define the label and default values for several attributes as follows:  `attribute1:label1:default_value1,attribute2:label2:default_value2,attribute3:label3`.   
 
-This is advanced stuff and the user manager doesn't attempt to validate any objectClasses or any attributes, labels or default values you pass in.  It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
+As an example, to set a mailbox name and quota for the `couriermailaccount` schema you can pass these variables to the container:   
+```
+LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=couriermailaccount
+LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES="mailbox:Mailbox:domain.com,quota:Mail quota:20"
+```
+   
+ObjectClasses often have attributes that must have a value, so you'll need to set a default for those attributes otherwise you'll get errors if you forget to fill in the fields.   
+
+This is advanced usage and the user manager doesn't attempt to validate any objectClasses, attributes, labels or default values you pass in.  It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
 
 ***
 
diff --git a/www/includes/ldap_functions.inc.php b/www/includes/ldap_functions.inc.php
index e7b70cc..16c461b 100644
--- a/www/includes/ldap_functions.inc.php
+++ b/www/includes/ldap_functions.inc.php
@@ -24,7 +24,7 @@ function open_ldap_connection($ldap_bind=TRUE) {
 
   if ($tls_result != TRUE) {
 
-   error_log("$log_prefix Failed to start STARTTLS connection to ${LDAP['uri']}: " . ldap_error($ldap_connection),0);
+   if (!preg_match('/^ldap:\/\/127\.0\.0\.([0-9]+)(:[0-9]+)$/', $LDAP['uri'])) { error_log("$log_prefix Failed to start STARTTLS connection to ${LDAP['uri']}: " . ldap_error($ldap_connection),0); }
 
    if ($LDAP["require_starttls"] == TRUE) {
     print "<div style='position: fixed;bottom: 0;width: 100%;' class='alert alert-danger'>Fatal:  Couldn't create a secure connection to ${LDAP['uri']} and LDAP_REQUIRE_STARTTLS is TRUE.</div>";
diff --git a/www/includes/web_functions.inc.php b/www/includes/web_functions.inc.php
index 53d26d4..634445f 100644
--- a/www/includes/web_functions.inc.php
+++ b/www/includes/web_functions.inc.php
@@ -44,17 +44,20 @@ $DEFAULT_COOKIE_OPTIONS = array( 'expires' => time()+(60 * $SESSION_TIMEOUT),
 
 validate_passkey_cookie();
 
-if($REMOTE_HTTP_HEADERS_LOGIN) {
+if ($REMOTE_HTTP_HEADERS_LOGIN) {
   login_via_headers();
 } else {
   validate_passkey_cookie();
 }
+
+
 ######################################################
+
 function generate_passkey() {
 
- $rnd1 = rand(10000000, (int)100000000000);
- $rnd2 = rand(10000000, (int)100000000000);
- $rnd3 = rand(10000000, (int)100000000000);
+ $rnd1 = mt_rand(10000000, mt_getrandmax());
+ $rnd2 = mt_rand(10000000, mt_getrandmax());
+ $rnd3 = mt_rand(10000000, mt_getrandmax());
  return sprintf("%0x",$rnd1) . sprintf("%0x",$rnd2) . sprintf("%0x",$rnd3);
 
 }
@@ -87,7 +90,12 @@ function set_passkey_cookie($user_id,$is_admin) {
  $VALIDATED = TRUE;
 
 }
+
+
+######################################################
+
 function login_via_headers() {
+
   global $IS_ADMIN, $USER_ID, $VALIDATED, $LDAP;
   //['admins_group'];
   $USER_ID = $_SERVER['HTTP_REMOTE_USER'];
@@ -98,6 +106,7 @@ function login_via_headers() {
 
 }
 
+
 ######################################################
 
 function validate_passkey_cookie() {
@@ -438,6 +447,7 @@ EoCheckJS;
 
 }
 
+
 ######################################################
 
 function generate_username($fn,$ln) {
@@ -448,12 +458,13 @@ function generate_username($fn,$ln) {
   $username = str_replace('{first_name}',strtolower($fn), $username);
   $username = str_replace('{first_name_initial}',strtolower($fn[0]), $username);
   $username = str_replace('{last_name}',strtolower($ln), $username);
-  $username = str_replace('{first_name_initial}',strtolower($ln[0]), $username);
+  $username = str_replace('{last_name_initial}',strtolower($ln[0]), $username);
 
   return $username;
 
 }
 
+
 ######################################################
 
 function render_js_username_generator($firstname_field_id,$lastname_field_id,$username_field_id,$username_div_id) {
@@ -494,6 +505,7 @@ EoRenderJS;
 
 }
 
+
 ######################################################
 
 function render_js_cn_generator($firstname_field_id,$lastname_field_id,$cn_field_id,$cn_div_id) {
@@ -531,6 +543,7 @@ EoRenderCNJS;
 
 }
 
+
 ######################################################
 
 function render_js_email_generator($username_field_id,$email_field_id) {