diff --git a/challenge/urls.py b/challenge/urls.py
index 5e94738..0e6b245 100644
--- a/challenge/urls.py
+++ b/challenge/urls.py
@@ -25,7 +25,7 @@
     url(r'^logout/$', django.contrib.auth.views.logout_then_login,
         name="logout_then_login"),
     url(r'^register/$', core.views.register, name="register"),
-    url(r'^score/$', stats.views.score, name='score'),
+    url(r'^score/$', stats.views.ScoreList.as_view(), name='score'),
     url(r'^attempts/$', stats.views.attempts, name='attempts'),
     url(r'^attempts/(?P<getnum>\d*)/$', stats.views.attempts),
 
diff --git a/stats/templates/stats/score_list.html b/stats/templates/stats/score_list.html
new file mode 100644
index 0000000..71499c8
--- /dev/null
+++ b/stats/templates/stats/score_list.html
@@ -0,0 +1,46 @@
+{% extends "core/base.html" %}
+{% load i18n %}
+{% load staffonly %}
+
+{% block extrahead %}
+	<meta http-equiv="refresh" content="5" />
+{% endblock %}
+
+{% block content %}
+
+<h1>{% trans "Score" %}</h1>
+
+{% if object_list %}
+<table class="table table-striped table-bordered">
+
+	<thead>
+		<tr>
+			<th>{% trans "User" %}</th>
+			<th>{% trans "Score" %}</th>
+			{% if user.is_superuser or user.is_staff %}
+			<th>{% trans "Staff" %}</th>
+			<th>{% trans "Superuser" %}</th>
+			{% endif %}
+		</tr>
+	</thead>
+
+	<tbody>
+		{% staffonly object_list as object_list%}
+		{% for score_user in object_list %}
+		<tr>
+			<td>{{score_user.username}} ({{score_user.first_name}} {{score_user.last_name}})</td>
+			<td>{{score_user.userprofile.get_score}}</td>
+			{% if user.is_superuser or user.is_staff %}
+			<td>{{score_user.is_staff|yesno}}</td>
+			<td>{{score_user.is_superuser|yesno}}</td>
+			{% endif %}
+		</tr>
+		{% endfor %}
+	</tbody>		
+
+</table>
+
+{% else %}
+<div class="alert alert-warning"><p>{% trans "No users registered" %}</p></div>
+{% endif %}
+{% endblock %}
diff --git a/stats/templatetags/__init__.py b/stats/templatetags/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/stats/templatetags/staffonly.py b/stats/templatetags/staffonly.py
new file mode 100644
index 0000000..556e47f
--- /dev/null
+++ b/stats/templatetags/staffonly.py
@@ -0,0 +1,23 @@
+from django import template
+
+register = template.Library()
+
+@register.simple_tag(takes_context=True)
+def staffonly(context, users):
+    r = []
+    request = context['request']
+    if request.user.is_superuser or request.user.is_staff:
+        staff = True
+    else:
+        staff = False
+
+    for user in users:
+        if (user.is_superuser or user.is_staff) and (request.user.is_staff or request.user.is_superuser):
+            r.append(user)
+        elif (user.is_superuser or user.is_staff) and (not request.user.is_staff and not request.user.is_superuser):
+            pass
+        else:
+            r.append(user)
+
+
+    return r
diff --git a/stats/views.py b/stats/views.py
index 6c9b411..5de30cd 100644
--- a/stats/views.py
+++ b/stats/views.py
@@ -1,14 +1,17 @@
 # -*- coding: utf-8 -*-
 from django.contrib.auth.decorators import user_passes_test
 from django.shortcuts import render
+from django.views.generic import ListView
+from django.contrib.auth.models import User
 
 from levels.models import Score, Attempt
 
 # score can be accessed by anyone
-def score(request):
-    context = {}
-    context['score'] = Score.objects.order_by('-max_level', 'updated')
-    return render(request, "stats/score.html", context)
+class ScoreList(ListView):
+#    queryset = User.objects.filter(is_superuser=False).filter(is_staff=False)
+    model = User
+    template_name = 'stats/score_list.html'
+
 
 # attemps should only be visible to superusers
 @user_passes_test(lambda u: u.is_superuser)