diff --git a/FIT5032-Assignment/Controllers/HomeController.cs b/FIT5032-Assignment/Controllers/HomeController.cs
index 8a2fcf1..f0c4249 100644
--- a/FIT5032-Assignment/Controllers/HomeController.cs
+++ b/FIT5032-Assignment/Controllers/HomeController.cs
@@ -249,12 +249,60 @@ namespace FIT5032_Assignment.Controllers {
     }
 
     public ActionResult ImageUpload() {
-      var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
-      if (user != null) {
-        // Redirect to home page
+      try {
+        if (Request.Cookies["psg_auth_token"] == null) {
+          // Redirect to home page
+          return RedirectToAction("Index");
+        }
+        var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
+        if (user == null) {
+          // Redirect to home page
+          return RedirectToAction("Index");
+        } else {
+          // Detect if user is doctor or patient
+          var db = new Database1Entities();
+          var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
+          if (credential.Count() == 0) {
+            // Redirect to create account
+            return RedirectToAction("Index");
+          } else {
+            // Redirect to image upload
+            return View();
+          }
+        }
+      } catch (Exception e ) {
+        Trace.WriteLine(e);
+        return RedirectToAction("Index");
+      }
+    }
+
+    [HttpPost]
+    public ActionResult ImageUpload(Models.ImageUploadForm model) {
+      try {
+        if (Request.Cookies["psg_auth_token"] == null) {
+          // Redirect to home page
+          return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
+        }
+        var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
+        if (user == null) {
+          // Redirect to home page
+          return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
+        } else {
+          // Detect if user is doctor or patient
+          var db = new Database1Entities();
+          var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
+          if (credential.Count() == 0) {
+            // return error 403
+            return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
+          }
+          var dbUser = db.Users.Where(res => res.uuid == credential.First().user);
+          // print dbUser
+          Trace.WriteLine(dbUser.First());
+          return View();
+        }
+      } catch (Exception e) {
+        Trace.WriteLine(e);
         return RedirectToAction("Index");
-      } else {
-        return View();
       }
     }
   }
diff --git a/FIT5032-Assignment/FIT5032-Assignment.csproj b/FIT5032-Assignment/FIT5032-Assignment.csproj
index 92b8884..f10d1c9 100644
--- a/FIT5032-Assignment/FIT5032-Assignment.csproj
+++ b/FIT5032-Assignment/FIT5032-Assignment.csproj
@@ -188,6 +188,7 @@
     <Compile Include="Models\Appointments.cs">
       <DependentUpon>FIT5032-Assignment.tt</DependentUpon>
     </Compile>
+    <Compile Include="Models\ImageUploadForm.cs" />
     <Compile Include="Models\CompleteProfileForm.cs" />
     <Compile Include="Models\Credentials.cs">
       <DependentUpon>FIT5032-Assignment.tt</DependentUpon>
diff --git a/FIT5032-Assignment/Models/ImageUploadForm.cs b/FIT5032-Assignment/Models/ImageUploadForm.cs
new file mode 100644
index 0000000..697096e
--- /dev/null
+++ b/FIT5032-Assignment/Models/ImageUploadForm.cs
@@ -0,0 +1,14 @@
+using System.Web;
+using System.ComponentModel.DataAnnotations;
+
+namespace FIT5032_Assignment.Models {
+  public class ImageUploadForm {
+    [Required]
+    [Display(Name = "Assign to patient (email)")]
+    public string patientEmail { get; set; }
+
+    [Required]
+    [Display(Name = "Image file")]
+    public HttpPostedFileBase imageFile { get; set; }
+  }
+}
\ No newline at end of file
diff --git a/FIT5032-Assignment/Models/Images.cs b/FIT5032-Assignment/Models/Images.cs
index 64a552f..2ca185a 100644
--- a/FIT5032-Assignment/Models/Images.cs
+++ b/FIT5032-Assignment/Models/Images.cs
@@ -7,24 +7,22 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace FIT5032_Assignment.Models
-{
-    using System;
-    using System.Collections.Generic;
-    
-    public partial class Images
-    {
-        public string uuid { get; set; }
-        public string patient { get; set; }
-        public string responsibleBy { get; set; }
-        public Nullable<System.DateTime> createdAt { get; set; }
-        public string appointment { get; set; }
-        public Nullable<int> status { get; set; }
-        public string file { get; set; }
-    
-        public virtual Appointments Appointments { get; set; }
-        public virtual Doctors Doctors { get; set; }
-        public virtual Patients Patients { get; set; }
-        public virtual ShareURLs ShareURLs { get; set; }
-    }
+namespace FIT5032_Assignment.Models {
+  using System;
+  using System.Collections.Generic;
+
+  public partial class Images {
+    public string uuid { get; set; }
+    public string patient { get; set; }
+    public string responsibleBy { get; set; }
+    public Nullable<System.DateTime> createdAt { get; set; }
+    public string appointment { get; set; }
+    public Nullable<int> status { get; set; }
+    public string file { get; set; }
+
+    public virtual Appointments Appointments { get; set; }
+    public virtual Doctors Doctors { get; set; }
+    public virtual Patients Patients { get; set; }
+    public virtual ShareURLs ShareURLs { get; set; }
+  }
 }
diff --git a/FIT5032-Assignment/Views/Home/ImageUpload.cshtml b/FIT5032-Assignment/Views/Home/ImageUpload.cshtml
index c5600dc..8ba25d1 100644
--- a/FIT5032-Assignment/Views/Home/ImageUpload.cshtml
+++ b/FIT5032-Assignment/Views/Home/ImageUpload.cshtml
@@ -1,8 +1,42 @@
-@{
-    Layout = "~/Views/Shared/_Layout.cshtml";
+@model FIT5032_Assignment.Models.ImageUploadForm
+@{
+  Layout = "~/Views/Shared/_Layout.cshtml";
 }
 
 
-<main aria-labelledby="title">
-    image upload
-</main>
\ No newline at end of file
+@using (Html.BeginForm()) 
+{
+    @Html.AntiForgeryToken()
+    
+    <div class="form-horizontal">
+        <h4>Upload Image</h4>
+        <hr />
+        @Html.ValidationSummary(true, "", new { @class = "text-danger" })
+        <div class="form-group">
+            @Html.LabelFor(model => model.patientEmail, htmlAttributes: new { @class = "control-label col-md-2" })
+            <div class="col-md-10">
+                @Html.EditorFor(model => model.patientEmail, new { htmlAttributes = new { @class = "form-control" } })
+                @Html.ValidationMessageFor(model => model.patientEmail, "", new { @class = "text-danger" })
+            </div>
+        </div>
+
+        <div class="form-group">
+            @Html.LabelFor(model => model.imageFile, htmlAttributes: new { @class = "control-label col-md-2" })
+            <div class="col-md-10">
+                @Html.EditorFor(model => model.imageFile, new { htmlAttributes = new { @class = "form-control" } })
+                @Html.ValidationMessageFor(model => model.imageFile, "", new { @class = "text-danger" })
+            </div>
+        </div>
+
+
+        <div class="form-group">
+            <div class="col-md-offset-2 col-md-10">
+                <input type="submit" value="Create" class="btn btn-default" />
+            </div>
+        </div>
+    </div>
+}
+
+@section Scripts {
+    @Scripts.Render("~/bundles/jqueryval")
+}