diff --git a/server/accounts.js b/server/accounts.js
index ebbd5e6..c2a910a 100644
--- a/server/accounts.js
+++ b/server/accounts.js
@@ -9,6 +9,7 @@ let sendmail = require('sendmail')({silent: true});
 //utilities
 let { log, validateEmail } = require('../common/utilities.js');
 let { throttle, isThrottled } = require('../common/throttle.js');
+let { logActivity } = require('./utilities.js');
 
 const signupRequest = (connection) => (req, res) => {
 	//formidable handles forms
@@ -205,6 +206,8 @@ const loginRequest = (connection) => (req, res) => {
 						msg: log('Logged in', fields.email, rand)
 					});
 					res.end();
+
+					logActivity(connection, results[0].id);
 				});
 			});
 		});
@@ -216,6 +219,7 @@ const logoutRequest = (connection) => (req, res) => {
 	connection.query(query, [req.body.id, req.body.token], (err) => {
 		if (err) throw err;
 		log('Logged out', req.body.id, req.body.token);
+		logActivity(connection, req.body.id);
 	});
 
 	res.end(); //NOTE: don't send a response
@@ -275,6 +279,8 @@ const passwordChangeRequest = (connection) => (req, res) => {
 									msg: log('Password changed!', fields.id)
 								});
 								res.end();
+
+								logActivity(connection, fields.id);
 							});
 						});
 					});
@@ -410,7 +416,8 @@ const passwordResetRequest = (connection) => (req, res) => {
 
 							res.status(200).json({ msg: log('Password updated!', fields.email) });
 							res.end();
-							return;
+
+							logActivity(connection, results[0].id);
 						});
 					});
 				});
diff --git a/server/combat.js b/server/combat.js
index 62966cd..de3e355 100644
--- a/server/combat.js
+++ b/server/combat.js
@@ -8,7 +8,7 @@ let CronJob = require('cron').CronJob;
 let { logDiagnostics } = require('./diagnostics.js');
 let { log } = require('../common/utilities.js');
 
-let { getStatistics, isAttacking } = require('./utilities.js');
+let { getStatistics, isAttacking, logActivity } = require('./utilities.js');
 
 const attackRequest = (connection) => (req, res) => {
 	//verify the attacker's credentials (only the attacker can launch an attack)
@@ -70,6 +70,8 @@ const attackRequest = (connection) => (req, res) => {
 							msg: log('Attacking', req.body.attacker, req.body.defender)
 						});
 						res.end();
+
+						logActivity(connection, req.body.id);
 					});
 				});
 			});
diff --git a/server/equipment.js b/server/equipment.js
index 68b8049..5fd4b13 100644
--- a/server/equipment.js
+++ b/server/equipment.js
@@ -4,7 +4,7 @@ require('dotenv').config();
 //utilities
 let { log } = require('../common/utilities.js');
 
-let { getStatistics, getOwned, isAttacking, isSpying } = require('./utilities.js');
+let { getStatistics, getOwned, isAttacking, isSpying, logActivity } = require('./utilities.js');
 
 const equipmentRequest = (connection) => (req, res) => {
 	//validate the credentials
@@ -179,6 +179,8 @@ const purchaseRequest = (connection) => (req, res) => {
 										res.end();
 
 										log('Purchase made', req.body.id, req.body.token, req.body.type, req.body.name);
+
+										logActivity(connection, req.body.id);
 									});
 								});
 							});
@@ -277,6 +279,8 @@ const sellRequest = (connection) => (req, res) => {
 										if (err) throw err;
 
 										log('Cleaned database', 'equipment sale');
+
+										logActivity(connection, req.body.id);
 									});
 								});
 							});
diff --git a/server/profiles.js b/server/profiles.js
index 9bd5c82..d024325 100644
--- a/server/profiles.js
+++ b/server/profiles.js
@@ -4,7 +4,7 @@ require('dotenv').config();
 //libraries
 let CronJob = require('cron').CronJob;
 
-let { isAttacking, isSpying } = require('./utilities.js');
+let { isAttacking, isSpying, logActivity } = require('./utilities.js');
 
 //utilities
 let { logDiagnostics } = require('./diagnostics.js');
@@ -44,6 +44,7 @@ function profileCreateRequestInner(connection, req, res, body) {
 				if (err) throw err;
 
 				log('Profile created', body.username, body.id, body.token);
+				logActivity(connection, body.id);
 
 				return profileRequestInner(connection, req, res, body);
 			});
@@ -154,6 +155,7 @@ const recruitRequest = (connection) => (req, res) => {
 
 					log('Recruit successful', results[0].username, req.body.id, req.body.token);
 					logDiagnostics(connection, 'recruit', 1);
+					logActivity(connection, req.body.id);
 				});
 			});
 		});
@@ -259,6 +261,7 @@ const trainRequest = (connection) => (req, res) => {
 							});
 							res.end();
 							log('Train executed', results[0].username, req.body.role, req.body.id, req.body.token);
+							logActivity(connection, req.body.id);
 						});
 					});
 				});
@@ -371,6 +374,7 @@ const untrainRequest = (connection) => (req, res) => {
 							});
 							res.end();
 							log('Untrain executed', results[0].username, roleName, req.body.id, req.body.token);
+							logActivity(connection, req.body.id);
 						});
 					});
 				});
diff --git a/server/spying.js b/server/spying.js
index 7461f05..ff544bf 100644
--- a/server/spying.js
+++ b/server/spying.js
@@ -8,7 +8,7 @@ let CronJob = require('cron').CronJob;
 let { logDiagnostics } = require('./diagnostics.js');
 let { log } = require('../common/utilities.js');
 
-let { getStatistics, isSpying, isAttacking } = require('./utilities.js'); //TODO: rename getStatistics to getEquipmentStatistics
+let { getStatistics, isSpying, isAttacking, logActivity } = require('./utilities.js'); //TODO: rename getStatistics to getEquipmentStatistics
 
 const spyRequest = (connection) => (req, res) => {
 	//verify the attacker's credentials (only the attacker can launch an attack)
@@ -70,6 +70,8 @@ const spyRequest = (connection) => (req, res) => {
 							msg: log('Spying', req.body.attacker, req.body.defender) //TODO: am I using this msg parameter anywhere?
 						});
 						res.end();
+
+						logActivity(connection, req.body.id);
 					});
 				});
 			});
diff --git a/server/utilities.js b/server/utilities.js
index af83686..b4b3871 100644
--- a/server/utilities.js
+++ b/server/utilities.js
@@ -86,9 +86,17 @@ const isSpying = (connection, user, cb) => {
 	});
 };
 
+const logActivity = (connection, id) => {
+	let query = 'UPDATE accounts SET lastActivityTime = CURRENT_TIMESTAMP() WHERE id = ?;';
+	connection.query(query, [id], (err) => {
+		if (err) throw err;
+	});
+};
+
 module.exports = {
 	getStatistics: getStatistics,
 	getOwned: getOwned,
 	isAttacking: isAttacking,
-	isSpying: isSpying
+	isSpying: isSpying,
+	logActivity: logActivity
 };
\ No newline at end of file
diff --git a/sql/create_database_structure.sql b/sql/create_database_structure.sql
index 408883f..f526261 100644
--- a/sql/create_database_structure.sql
+++ b/sql/create_database_structure.sql
@@ -36,7 +36,9 @@ CREATE TABLE IF NOT EXISTS accounts (
 	email VARCHAR(320) UNIQUE,
 	username VARCHAR(100) UNIQUE,
 	salt VARCHAR(50),
-	hash VARCHAR(100)
+	hash VARCHAR(100),
+
+	lastActivityTime TIMESTAMP DEFAULT '2019-01-01 00:00:00'
 );
 
 CREATE TABLE IF NOT EXISTS sessions (
diff --git a/sql/update.sql b/sql/update.sql
index 93c9cbd..b25d56c 100644
--- a/sql/update.sql
+++ b/sql/update.sql
@@ -1,2 +1,3 @@
 #NOTE: ALWAYS, ALWAYS, ALWAYS write a script in revert.sql that undoes these changes
 
+ALTER TABLE accounts ADD COLUMN lastActivityTime TIMESTAMP DEFAULT '2019-01-01 00:00:00';
\ No newline at end of file