From ee2ca7fbaf6c513bd714f09bddfec45d6c8af73c Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sun, 7 Sep 2014 00:33:46 +0200
Subject: [PATCH] Added account settings management and avatars

---
 data/avatars/.gitignore                       |   3 +
 data/avatars/blank.png                        | Bin 0 -> 6425 bytes
 data/config.ini                               |  21 ++-
 public_html/css/forms.css                     |  12 ++
 public_html/index.html                        |   4 +
 public_html/js/Auth.js                        |  10 ++
 public_html/js/Controls/FileDropper.js        |  54 ++++++
 .../js/Presenters/RegistrationPresenter.js    |  22 +--
 .../Presenters/UserAccountRemovalPresenter.js |  78 +++++++++
 .../UserAccountSettingsPresenter.js           | 154 ++++++++++++++++++
 .../UserBrowsingSettingsPresenter.js          |  46 ++++++
 public_html/js/Presenters/UserPresenter.js    |  60 +++----
 public_html/js/Util.js                        |   4 +-
 public_html/templates/account-removal.tpl     |   4 +-
 public_html/templates/account-settings.tpl    | 130 ++++++++-------
 public_html/templates/browsing-settings.tpl   |   4 +-
 public_html/templates/login-form.tpl          |   9 +-
 public_html/templates/registration-form.tpl   |  16 +-
 public_html/templates/user.tpl                |  16 +-
 src/Controllers/UserAvatarController.php      |  69 ++++++++
 src/Controllers/UserController.php            |  75 +++++++--
 src/Controllers/ViewProxies/UserViewProxy.php |   3 +-
 src/Entities/User.php                         |   5 +
 src/FormData/RegistrationFormData.php         |   4 +-
 src/FormData/UserEditFormData.php             |  24 +++
 src/Helpers/EnumHelper.php                    |  35 +++-
 src/Helpers/HttpHelper.php                    |   6 +
 src/Privilege.php                             |  10 ++
 src/Services/FileService.php                  |  93 +++++++++++
 .../IThumbnailGenerator.php                   |   7 +
 .../ImageGdThumbnailGenerator.php             |  98 +++++++++++
 .../ImageImagickThumbnailGenerator.php        |  78 +++++++++
 .../ImageThumbnailGenerator.php               |  28 ++++
 src/Services/ThumbnailService.php             |  30 ++++
 src/Services/UserService.php                  |  83 +++++++++-
 src/di.php                                    |   8 +-
 tests/AbstractTestCase.php                    |  17 ++
 tests/Services/FileServiceTest.php            |  16 ++
 tests/Services/UserServiceTest.php            |  15 +-
 tests/files/.gitignore                        |   2 +
 40 files changed, 1178 insertions(+), 175 deletions(-)
 create mode 100644 data/avatars/.gitignore
 create mode 100644 data/avatars/blank.png
 create mode 100644 public_html/js/Controls/FileDropper.js
 create mode 100644 public_html/js/Presenters/UserAccountRemovalPresenter.js
 create mode 100644 public_html/js/Presenters/UserAccountSettingsPresenter.js
 create mode 100644 public_html/js/Presenters/UserBrowsingSettingsPresenter.js
 create mode 100644 src/Controllers/UserAvatarController.php
 create mode 100644 src/FormData/UserEditFormData.php
 create mode 100644 src/Services/FileService.php
 create mode 100644 src/Services/ThumbnailGenerators/IThumbnailGenerator.php
 create mode 100644 src/Services/ThumbnailGenerators/ImageGdThumbnailGenerator.php
 create mode 100644 src/Services/ThumbnailGenerators/ImageImagickThumbnailGenerator.php
 create mode 100644 src/Services/ThumbnailGenerators/ImageThumbnailGenerator.php
 create mode 100644 src/Services/ThumbnailService.php
 create mode 100644 tests/Services/FileServiceTest.php
 create mode 100644 tests/files/.gitignore

diff --git a/data/avatars/.gitignore b/data/avatars/.gitignore
new file mode 100644
index 00000000..1bc68f63
--- /dev/null
+++ b/data/avatars/.gitignore
@@ -0,0 +1,3 @@
+*
+!blank.png
+!.gitignore
diff --git a/data/avatars/blank.png b/data/avatars/blank.png
new file mode 100644
index 0000000000000000000000000000000000000000..54c5e1e121fa2f1afbbd8380adec47050c775deb
GIT binary patch
literal 6425
zcma)gcTf}Dw{4_D5Rl%aNl^&B2Z++8V}Ot#5JCykdnfdwbm>)^0z$;l1nEUUjDUPd
z6GB(I(wmga_q%W2yf<_IxM$Cveb!!U&Hn40Gjm=T8*1OCVy6NC0Jn7>Yd`^jTcCfF
z;-&$xWFC8aQ%D?D4O9Vux>Vo=iu4BG@_}lr0cuA$H*Nrr-D9W$01zw)07S$90OvQY
zh;;zKPXYkgv;hFXxc~r*XJP9T<r{*?R!>_4a2=oewd)2^dOk+@002PxfAiKqgs_Vn
z>5z_ws%hYlouWNGmyZqIC)d|r+{oHY9|~UH7)}~Z4aPhFu9tXC-3RgNJTY`?i^d5c
z(4XPg=Y-|}KbQBFZWc=0n;k4QD%_5O(iu9x<ePJ7@g5;0A@Khv{+CE3Yq6+da@jF)
z`5$EROkc2iQV?k-B;<5mJ;{r9>$a-gt?$kw+nVpbS~tuyrV<sa=C!g$r#>24(-0Pd
zm*|yf%jMZYg=MshS>6}g2*_v2fMOKZ4sA0+;2zVZ6K;o-&)lr<Ud~f5(BmFeYST8a
z38@dU*;RwVZJpP9hi_1kMX{`|1<Lffd0xBb(m`MjXzv@F3!zfeS93=CQezS)HU|$`
zlS3~J`_vw~V+u!FZI+zW8;zz0(;4FvBunQb%$O;ck1nTUBAzdrg}Hy&@^^BHCw&b~
zn}233HJg+g7nL0YT;yBj$T!2sVDG<G?&SLTJBaGlumUYRo9D)yS23wSg`qN;{Ktn`
zulZy61bbWPqOMI?9n`4A6d$|=gVjGjemeWwyzRC~>jyuAud}wftY`w1AHyerQ|l7D
z8cKkk1_-}~rZbWI2F{+Ywnv!nqAO8Bhok<7#+1;^c8C_UC5-7AljoTb=!{PQ1vN91
z<=Nj|9@FRjBrg}-F$=*5g!v+*i3S7|1xn1<Yv<)u>Czb!6Z@#P=`1m#J>e7b<wCPT
zTLIP$`32Sd*P7~M=8@3Ip1o$y(0%(yiJhm7>AZG=BU)n|9R4D{-BL{06ZcN{Na4Ba
z^aS}5&;!#~VJ9XFo3-O$|6n1Tk2#@%znUn=lH${&PF^lI;1n485{0f^sj+MZTLDDO
z%u14cx|-kiG-I9nL(-_SwWQizDq+zqmPQ1ZBV4*Wf-qg;5x)xH1Ki@$4a;Y45mWoQ
zq)@^(K#)*hAtp<6-z*-Pj;Lnj@q7!xSM%_pSZL>ynig(Le}`Cj!seAZ-+10KmwQWc
z2?9x`ZnG^_uCNl^b4&N=X#9>h8qsuS^^xgAbVH7)iS#!VSYfit;ryuaiFleGc5ZD)
z@ul>@p<{?!oPfa|+r2E|{&!m+*t2QIKG<-M{b1D|6hOYD_$JmXcBtP>Fm3h{LA@zs
zI44XRXv;nkiH<$vH>)(DFqrk*f%WdoG1Xc!^jXEu5E4jiEpKh`DLPf|DEJS<da0Pl
zEh#wXRJcDU)KX;=-O~_<7aEp%JZ;OuL1mmR<vV!F`0QJxq(2F>f>;F<^L*W#5|=kQ
zmCvzs7fr%unqRWcKnbPF@E}cm-`IhvhX9D7ea{4=oyn*1#oG@DB~i@+;WGr?-?I60
zNzMI%{*x}~f+%9MwdJ9D;^luRLogi9mz_-Q{{rhNCJj}t+-{HL=6E`5@PTU5^}CaZ
z0D=YdIqcD3wGSMoCIfb5!d4YH@_uP@f{|`il*AAQN|YYHcuI<Q4$w+mI+sa=K2}&#
zA2-lnn|&Ac^Wri>`oSbAFk18!6~$>3%26>4>)FqzfL({R$iZ2)x?8I{i+aGEm#`k^
z)bGvX9x9os52=Cp$fO$LD*{`C70nei{k)+10kYiYXQQcx0r*`rQMQNUkNh>EPTrSg
zpi$rN)3wCcgIE-*L2I@tryxpz|6U(CN7TWc#70D)RKw)PM%HS9iReJ8wn=KTcjtn8
z^A*bP9j$@pDVft9uN9MM)TomErBdL^#dc^kmZt`NxEfDxi5cHq=#ejywe^!diB%h;
zt7-Vwzq)b|=TP2h@9F~)$%>9~#u1mTZNje6tQh=M&d>Hp-NoM&ZACE`sGz^ft6L&=
z9UjTGJG=Ld=ktFS2$RDv22|4~Jb)V4rRwczmhN2Hi?uHxCnYjeJwJaj=}~j>7L0_-
zHnuWax^gkE^)0%7opsFP*wz?{fSEaGC}Fj_e;E86aH2GPpFBF(lN$D(gx7fm_q|zn
zMu8I18)b==Ua|4nh4~CatLrY02T#cGYOhwd^&N>5Dg6svjH`+5-=WTPZ-a!tsOLBp
zI+QiZwPaY@=v1&CwBnhv>q^Z&cGK(YNJ$2P0~vPLeF{{!ulO=WytAATGr_J%4u?J}
z`Ti=38#Z-^bQqHd#3s=4U&{^4M8!|{jKG-@OLILY6^{!xI(fUjCAr~zJ?uX%%Jw2e
zQiIj$m5t5jf3|w88|1DMi!|}PJWw9Lt9-@DEe!>EJ}sQg>!qR-TUcd4N1kNbyvQ3s
z09=A!s_tDfWv{01OBs<D+Z3V6^r)rYIU-g<vyz#XD`Zwo(d<1dLxNe!wqDyvW>XnN
zubN~Onncgold4=9!~BUR|7ECg=^d$KJ6e}n)XuQypT(2XzF!#T)wuDMB)Fuk@jlP!
zZD7nq5&AVkpGkO%f~$sx;GhLbd<)%|nhnlQ4mdN_Wy@$`M_ZKD&7TY9(_$MVi(OQJ
zAtSOw6wF}?!@dFJvsB7MmFGgcM6X41L_r+VQ381-+j67J$Y<(XgeMTq!0m5k;8BeF
zd&%#uBSPL0r&c(*DU3QtA@`aI44t%V;YcNtJJOP7FmvnT7So#CI0YoP$|}boJX-@!
zD>g-D*`D#e*m0%tzFpbI2^^j(kpE1-^1$g^nOfDN)bMSCsn#{YRlB%)cF0Kxi`Jib
zGMb5NPA2=7J+qgObqnQ#7PdTzYi%1U!;m@Za*e#>WOL?Y+nyz-ziMci?3yd^-+Q`r
zm1}kT<&l`G=dOOE@?t09TIb~a<E{q=ZuQF4m<8&I>mc<}mweTp%)J`1VRt-RcJdT`
zVkSqtEN5($bUafbFEpzl-f#1waflPfIXvRE6>5^UnLd>?rIu3JG3vbj(D(U{#{O+G
z3&x^|*E!&043oh%ZXi5mg{hQd_OrNvv+U|Ou7lu$X0}aMY`L%98+ItAAY~hcLT0}M
zSC6*JI6?DcPr*z}Ch<gIH={vCyfpHSG~|Q7Pe9z_9G~i_g!Aqgx)rr244IzR_mC$C
zu4TPSiPGYr{+OMGB$+QwX=NxF2kjzKO<c-dFgZbmN5Tqek8!f|5r3ho<>})YAD#{=
zV6%F_CM2|@SgSrpJMC0=fo9V8G?S}I(4Hw8U|aof3~tu%j^D|pXV}JRYv@Gc1E_z6
zQcW`u))-K4X_s>UA3>S5{vn0H4hLLPap6*0i>w7t?SuNTq@pqRwpxYek(7}sxHVdw
zL6O^}vngLSzovi*-Fp}hig$^QEgy-+@;DEkWz2eUUm($}?H)$gCSJm;?6vxtp*&^?
z(q^@r3tMe>dk2H*&Ma}6?xtIyK|G1yDfC$1)tdMQS=N727k4*l8AnIYy!0;CA-b7%
zpM!gU;v`@A%aCiobhx=w+y+E2{GK@&zSD)HlDzw{ZAV7kvh$rR-TsB~Vl%9how;eE
zVaQiW`*^0Y&#5To>dF{<h2ErMoG~11*f~TfbjzK7YeN5^PRuGmxkit>e<&h$z4ktw
zKR+(3!Vwdx4bH2PKA(|{u(KRWw<c{SLnwlPA6R?GXXK-z6#_j*5~*SrjG~l4o7^8}
zDB-MXrz1uq@s0NNUBV=*k<f_G>4izX7K}G<zH$qFp&$XnP5-03Jg2*}S^#x{-6?#b
zL<A&XTy*+077O~D$V+mM@%=9t?Z~p=kbCZuUTUU)XNS^ja+PzCHRGmzROJ}VG<^nu
z)c{i8u{|F{c$5-}#qO{BU&K4vRUWwt*~Bs`!}T!|k7YYZOMSb=1-&K*9^@`rSWa5V
zY<bXoY=l2cHjq<56w)86sENJO2W)YTxC!l&Q`defX)Uq=H;tTh`okv+{-PuSj~Va3
z1y4jjK)`E^VvWsc*T!dK+k;)zw?n>K`s0>CNn*5F8g6B;S8ch(MX|y*jWnP5g#_+e
zLs(h<av^iMK?{c4zCY%c8dhi?YG$E)mx{i!-d}W~$m%=L9xo-A*=p)N>ho6cr<2+~
z{;L^Vo+RS>JS~(LbXJC0KCRu8+*$m}GE)>sIvTGodVMmJ?4H8Zr<CSkCW?KnyKA9;
z_f-=6W7&+FeI5T<>I}4^wDV<S!^)rT7g?GgB^*J|m0Pb$`wqSrz}nVb(+SqMC9fsf
zn~1lfTS_+Cc&$PuHh-a9)v3eE?shUC_}EQdOis~mIkLocY8z?gs6T%NeL-bQMO2Xo
z0}OnD7AiN6c${O<#Q3KKG6Jh~Sg3*u1S|2_rVP>%#@T#u+P$fQB@qd7hVxs=Csyc$
ze|P)4*(doVYC;;_?R<bs=OAW(L?K^Sq-qxZlcp@XQ7I;6=tl=zXGFe>`3ZgMXwk9q
z0gV^<;NVTS`#I(pF%bT&V2*``*~lJn2W~fB;(QC2cB@ADE1hO#LXI>qn`OdR%yR-G
zZF!XUjx7FT7iZ{m|HEC+aG$W?Dv2J!G^)2tV?#T`!*+IrsR-Frl{F_F?^TNsPb0F6
z06rUogOy+QdlMh^i{>t#eNB7{41|aUzeD<PU(AajDJIJhVXq+CNrdY{wOZmc-9${W
z(HfNqZPd%y7rvDFac@9=S0v)!MK2sJbFW@J)t20Ofeq`oycBe)78Ej&V&~d$vaPeH
z;}*Bqd4%GzSi2xT!X66H%|=tDL#>t7yeYDkf_kgI@*9LW)lNIZA1wPqRPL-#Vu3pZ
zoU$=B{*9W=6OZ}Kj&ABby%^J7da3)l;QR3bZtFaa&o@pMk=~Iz$A||hQ9}C_PCUQc
z71Y4>!d2{(=`S+@Vb8Ywu3}?`f~)Qy8v@$OfseCzI&%kcBWE`jpJtAWX<z9Oa~38M
z-TZajzRjbxr@OkM%7T^;WUnp23irqHY@$FI(@{~8A9@@4g?08ekldL}I<F}w)c84X
zc^Of1ua5QZAyg29@<pit6G!jUTfgS7&clkR&KNTihs}%#2DW~i-iiB}>@{Y@)t#yb
z>M9A7=&d$A)31nq%FI1YmGNGaW3CyXgl<vRjUE28+wr;YleXj6?7Y%qp-$%d4%3G;
zi{DbuXFr4+(X8K52zA9qAPwUOf4lt|)3~0h`C3Eb?kvPWKBLQ8v=>!XZq^5ezFu^^
z_qjt!K5u#h`G?<SI6tQ{s%bj=$hgl|oKzHcyQVvuQ*FW~rNmrr=jyPdc<efI-~4hD
z?G-A^NRpxa@tkb#P<=7}#nObrNUM3#my7Ij#!4kz^q9jB)=!pXw$)~RQPVYr*D@AX
zDV)cFUF}(g!*pN8qg=SHYU=HySf+~yKYtm$OP>VeecqS%`AsX=JKK=1aOs$fd+UQ+
z>`)|SBpo|Bf24~7la_G<e~cIXKl|tBPgX_{ztGQ$+}yXy>{+i$tc=On2<)NE{^FIz
z<hSmMB%U+lZSwL<WAzo`Dv23DNC^kG`QeZ4I41F_jIB+t--bB1EytCopEIX$=NNmx
zPjX-KJf6;)AX>Y0h(E|e)+-sz7%knxdVjb?|IVP9Z@gShy3FIvPMj6VJAXIyOZ;)D
z+hw-7Xm;^|lsW_0CxD{R^OpF=z#m|kis_@XrJ{|fA*#vm53TNBIM@#B><|CN=Bx<s
zZkezch2`g<2~!&_lmkF1+G5#<6apjyM;PmTKU2N@b`r5zHcOU^;7>GWiC@m2mE%HN
zle#SkXD_aOGRH&5nq}P%h1$mqD-BAJbI1$7;o!HCrvu6b3|_fPSamNVkH#P;ji#*$
zY>qo>E`Yl@oi6}3of!;HSvs<sJ#x-Ic^mL$RM6~+8TrQsaMhxlA==4j?!q?gati{a
zwXzlZW|hqG^o-gxM4R9J)kMH_dbGUOyBWtImy7T6EcJ}__kHpY{#KYe@M=B~XAd0j
z3f|Zk3Wb61hZ(LZZ7JSP3p1H+zZLQ7VXO@yAH)1xHVE@%G0RBT6;f-#zsoFXTAKh&
ze%Tjn^Cp|f#kG>)W5P0{eoo$4=KiYaH#Fm)^w~?i%cR~{n+n3p(qyS_3k`SM+p{c+
z<z}Q!)-u^bat(3y2crf?m8t<ksGgUO1>Pmw$mBO+yRH|VyR9BqOd6v5>_|cHBt(?W
z<B|x}t^u0f^XzuX9_#**+RKOi6}`k-+|$C;SHDQWtZ7lPu;yc~E{say>`Tt8V2|yD
z;cu_2miDT;SJIQ*?!G&GB_N){WpZHy0|JYdS65FG?$natA*`1OR)z!y*kzbhPrtJ)
z?xH;a02%x}C{fII(j^>46YhIQ1$X87^mI^G#B8|TMO|Kzm%l)@sY^H^EklRp$DuLz
zT+5XNXuC=;q^(o2Qj;uW98!b8maHW=A5@;-oV`KR@GR@$!6{>yXq2lGh^RKPIHmZg
zowp1LA0P)VO!tfERy!ZG$rm#TS0{X{d9Iz{cA8s$Edko`(tsWY$S!$DGZX|LAT}zp
z&qoGrTn}3vhkMEF|C*u{<6OfA&l>n1^wb+1+1E9FbQ~rUk%6R)z}e{<fM^N?pE7>t
zesDWUE0UZ$Id3Dw&GFDkaZK9Iwu^?V=JQqOyb4^_@YRN5RO*iaqZyAkR|%XDzbiZ9
zX$W-<v6%`X*yyO@1Wd{@epG{)Ul@nFSuM9e&K2J1IJtC&?Uwi5dgo6I(<F~CPqnf*
z_9CZ!uyj1dK2NX8tFx{6@~W0f08g+p(+$M^QHiCgb1QS{U9Vzfn!S=)b9|C%R;J7z
zJJ4T|TpSboQi+7Gvg}h(Y#Vu^<dB|M0&2C)q>o!dop!8^d!?v)TCCLthubri&>e(`
zZIfG4*YwvR&)ZiwSWiYYEu0Qa_Vz9N?8I_48t7optkwwkxIzX?OP?YS{~{>X&4NE@
zuPIH%8TBL#_@TV57vGG5qNNovK!)@?Ujn@#l!=1OpqN;za+*r1C+%c{*OO%q0?9%G
zyMg-yv83`TpcsetreVn#I6P>f2gg`UnH@;+A%(-`x`X00a^josR6k8NIxM@j#aadv
zT!-!#{I0|z(JoL=V{lQ3M*QK<{n6=m?m)Wic8pupecNBEeh{B#x?}lyw}DRc&1w0W
z{kjAtdDPn?(BI4O(u5b$5@(j{i(duA<CNaRODy`LkolvEfwNGZnw>3OYnaB9p6Cz7
z2Z-ar5@pcFZ>2!0RK?Rh7o6{5%Tw-lP(1dOs4f~bjmzBamSp8V^3Es4?b;^R@yH5z
zpUCRbTQEot0Hwbw{bl*nOC>H}XYF0_c?y2}h3&=u&#-A6C)U^W9vS=z=@OE6WLe`;
zQq0sLxnoW=DU8FFB7=T(Jn=n1ZxM0nO}|)2m{t1zr%!6WdA=|Q&dD&lAlvYbniL`=
zK6+dEgFL<`s_C1o72YeQdb*eSw}XIFOhhbphn;1<v-iLX&MZ@R*~eVJJk8g<g~fG(
z9=x|lT|es~pK*x($Hq|`S(0`X@HQ3w$Nl-`vG`AWkINi8(#Bmicvm6Y@>}bv-(jIg
z4aO6#C+>_v3)FS;L5EDTE-{yQyx>0r@deu+JnP8nf`GQ=>wZUsWBfJ{6dlge8#g&4
zfMFI?%KwjBLaQlc&G_oC7jufKaDPripKj(r$9UI8CwjwCWhS!k7M@CDk0J0-Ku@Ms
zx;gYDn1eaLbg{W&T+jS&=;hBt;SJbM&U^5*)7gLaicNUfU2G87YIx8X6@0JfKq)}0
zql-P50snq&VXQA_?DQv0oxvA>dR#1G3FH5Xo$y%5{R_cPhp{Aub|@rD>~$pLd-lP~
z#ywruh5e)$ir^voWXb>}(<GtZ!6Cx0zY}fzr8Ya3bZF_pbw2LY3EujO$+_;5B^o5Y
z`^^tt|H`3g%~^i*t7wEKQ}|kNTR5dI=FAM0H7|bK#rV$N&u5gX)jjpN_9J4Q)hQ8?
zK6ToQ^pCta(Ir2m_()W|7$F_^DEBo|(zhi2qky^k+FdTtUuUf6pxT!JL#HbsNGZm3
zZA&rmb3mNG4qR^94$jtT{ep}y!me%gcS`av{m<TOG-=}WX1ZR-Bk#1Y$+j#%FK_h-
zzg9ppGoQAEoE=fUfeUAy;FV5Qu>W(o#T|v?@SZ(t&Kyr}e)<J`HQ~PYC|?J#owvhH
z0Z2(m%7{uRib}|vN=SgECBYKXA`((y35oS`f5ZRJ;O1fPgbw;Y1{qOl2~(*XwIo<p
z{=W@u#8}%K!<~O8ID0xcg6%w9J-mH9QFb>|Kz?S$Hzd#hC4EqCo~};rj-qIkov(*C
dKq^oQBpE3AZ|a;^G~Q?dI+}(WwQ4p|{{;cxMf?B&

literal 0
HcmV?d00001

diff --git a/data/config.ini b/data/config.ini
index 942ee782..cb7a6194 100644
--- a/data/config.ini
+++ b/data/config.ini
@@ -8,12 +8,25 @@ secret = change
 minPasswordLength = 5
 
 [security.privileges]
-register           = anonymous
-listUsers          = regularUser, powerUser, moderator, administrator
-deleteOwnAccount   = regularUser, powerUser, moderator, administrator
-deleteAllAccounts  = administrator
+register                = anonymous
+listUsers               = regularUser, powerUser, moderator, administrator
+deleteOwnAccount        = regularUser, powerUser, moderator, administrator
+deleteAllAccounts       = administrator
+changeOwnName           = regularUser, powerUser, moderator, administrator
+changeOwnAvatarStyle    = regularUser, powerUser, moderator, administrator
+changeOwnEmailAddress   = regularUser, powerUser, moderator, administrator
+changeOwnName           = regularUser, powerUser, moderator, administrator
+changeOwnPassword       = regularUser, powerUser, moderator, administrator
+changeAllAvatarStyles   = moderator, administrator
+changeAllEmailAddresses = moderator, administrator
+changeAllNames          = moderator, administrator
+changeAllPasswords      = moderator, administrator
+changeAccessRank        = administrator
 
 [users]
 minUserNameLength = 1
 maxUserNameLength = 32
 usersPerPage = 20
+
+[misc]
+thumbnailCropStyle = outside
diff --git a/public_html/css/forms.css b/public_html/css/forms.css
index e91e2aca..0b8b4181 100644
--- a/public_html/css/forms.css
+++ b/public_html/css/forms.css
@@ -44,3 +44,15 @@ input[type=button] {
 	font-family: 'Droid Sans', sans-serif;
 	font-size: 17px;
 }
+
+.file-handler {
+	border: 3px dashed #eee;
+	padding: 0.3em 0.5em;
+	line-height: 140% !important;
+	text-align: center;
+	cursor: pointer;
+}
+.file-handler.active {
+	border-color: #6a2;
+	background-color: #eeffcc;
+}
diff --git a/public_html/index.html b/public_html/index.html
index 38966ca9..6c4d92a9 100644
--- a/public_html/index.html
+++ b/public_html/index.html
@@ -33,6 +33,7 @@
 	<script type="text/javascript" src="/js/Api.js"></script>
 	<script type="text/javascript" src="/js/Auth.js"></script>
 	<script type="text/javascript" src="/js/Util.js"></script>
+	<script type="text/javascript" src="/js/Controls/FileDropper.js"></script>
 	<script type="text/javascript" src="/js/Presenters/TopNavigationPresenter.js"></script>
 	<script type="text/javascript" src="/js/Presenters/PagedCollectionPresenter.js"></script>
 	<script type="text/javascript" src="/js/Presenters/LoginPresenter.js"></script>
@@ -40,6 +41,9 @@
 	<script type="text/javascript" src="/js/Presenters/MessagePresenter.js"></script>
 	<script type="text/javascript" src="/js/Presenters/RegistrationPresenter.js"></script>
 	<script type="text/javascript" src="/js/Presenters/UserListPresenter.js"></script>
+	<script type="text/javascript" src="/js/Presenters/UserBrowsingSettingsPresenter.js"></script>
+	<script type="text/javascript" src="/js/Presenters/UserAccountSettingsPresenter.js"></script>
+	<script type="text/javascript" src="/js/Presenters/UserAccountRemovalPresenter.js"></script>
 	<script type="text/javascript" src="/js/Presenters/UserPresenter.js"></script>
 	<script type="text/javascript" src="/js/Router.js"></script>
 	<script type="text/javascript" src="/js/Bootstrap.js"></script>
diff --git a/public_html/js/Auth.js b/public_html/js/Auth.js
index 4b2dfef4..472e6886 100644
--- a/public_html/js/Auth.js
+++ b/public_html/js/Auth.js
@@ -5,6 +5,16 @@ App.Auth = function(jQuery, util, api, appState, promise) {
 	var privileges = {
 		register: 'register',
 		listUsers: 'listUsers',
+		viewAllEmailAddresses: 'viewAllEmailAddresses',
+		changeAccessRank: 'changeAccessRank',
+		changeOwnAvatarStyle: 'changeOwnAvatarStyle',
+		changeOwnEmailAddress: 'changeOwnEmailAddress',
+		changeOwnName: 'changeOwnName',
+		changeOwnPassword: 'changeOwnPassword',
+		changeAllAvatarStyles: 'changeAllAvatarStyles',
+		changeAllEmailAddresses: 'changeAllEmailAddresses',
+		changeAllNames: 'changeAllNames',
+		changeAllPasswords: 'changeAllPasswords',
 		deleteOwnAccount: 'deleteOwnAccount',
 		deleteAllAccounts: 'deleteAllAccounts',
 	};
diff --git a/public_html/js/Controls/FileDropper.js b/public_html/js/Controls/FileDropper.js
new file mode 100644
index 00000000..9fcf71f5
--- /dev/null
+++ b/public_html/js/Controls/FileDropper.js
@@ -0,0 +1,54 @@
+var App = App || {};
+App.Controls = App.Controls || {};
+
+App.Controls.FileDropper = function(
+	$fileInput,
+	allowMultiple,
+	onChange,
+	jQuery) {
+
+	var $dropDiv = jQuery('<div class="file-handler"></div>');
+	$dropDiv.html((allowMultiple ? 'Drop files here!' : 'Drop file here!') + '<br/>Or just click on this box.');
+	$dropDiv.insertBefore($fileInput);
+	$fileInput.attr('multiple', allowMultiple);
+	$fileInput.hide();
+
+	$fileInput.change(function(e)
+	{
+		addFiles(this.files);
+	});
+
+	$dropDiv.on('dragenter', function(e)
+	{
+		$dropDiv.addClass('active');
+	}).on('dragleave', function(e)
+	{
+		$dropDiv.removeClass('active');
+	}).on('dragover', function(e)
+	{
+		e.preventDefault();
+	}).on('drop', function(e)
+	{
+		e.preventDefault();
+		addFiles(e.originalEvent.dataTransfer.files);
+	}).on('click', function(e)
+	{
+		$fileInput.show().focus().trigger('click').hide();
+		$dropDiv.addClass('active');
+	});
+
+	function getFiles() {
+		return files;
+	}
+
+	function addFiles(files) {
+		$dropDiv.removeClass('active');
+		if (!allowMultiple && files.length > 1) {
+			alert('Cannot select multiple files.');
+			return;
+		}
+		onChange(files);
+	}
+}
+
+App.DI.register('fileDropper', App.Controls.FileDropper);
diff --git a/public_html/js/Presenters/RegistrationPresenter.js b/public_html/js/Presenters/RegistrationPresenter.js
index f11755a5..810641d1 100644
--- a/public_html/js/Presenters/RegistrationPresenter.js
+++ b/public_html/js/Presenters/RegistrationPresenter.js
@@ -31,20 +31,20 @@ App.Presenters.RegistrationPresenter = function(
 		e.preventDefault();
 		messagePresenter.hideMessages($messages);
 
-		registrationData = {
-			userName: $el.find('[name=user]').val(),
-			password: $el.find('[name=password1]').val(),
-			passwordConfirmation: $el.find('[name=password2]').val(),
+		formData = {
+			userName: $el.find('[name=userName]').val(),
+			password: $el.find('[name=password]').val(),
+			passwordConfirmation: $el.find('[name=passwordConfirmation]').val(),
 			email: $el.find('[name=email]').val(),
 		};
 
-		if (!validateRegistrationData(registrationData))
+		if (!validateRegistrationFormData(formData))
 			return;
 
-		api.post('/users', registrationData)
+		api.post('/users', formData)
 			.then(function(response) {
 				registrationSuccess(response);
-			}).catch(function(response) {
+			}).fail(function(response) {
 				registrationFailure(response);
 			});
 	}
@@ -62,18 +62,18 @@ App.Presenters.RegistrationPresenter = function(
 		messagePresenter.showError($messages, apiResponse.json && apiResponse.json.error || apiResponse);
 	}
 
-	function validateRegistrationData(registrationData) {
-		if (registrationData.userName.length == 0) {
+	function validateRegistrationFormData(formData) {
+		if (formData.userName.length == 0) {
 			messagePresenter.showError($messages, 'User name cannot be empty.');
 			return false;
 		}
 
-		if (registrationData.password.length == 0) {
+		if (formData.password.length == 0) {
 			messagePresenter.showError($messages, 'Password cannot be empty.');
 			return false;
 		}
 
-		if (registrationData.password != registrationData.passwordConfirmation) {
+		if (formData.password != formData.passwordConfirmation) {
 			messagePresenter.showError($messages, 'Passwords must be the same.');
 			return false;
 		}
diff --git a/public_html/js/Presenters/UserAccountRemovalPresenter.js b/public_html/js/Presenters/UserAccountRemovalPresenter.js
new file mode 100644
index 00000000..a9749663
--- /dev/null
+++ b/public_html/js/Presenters/UserAccountRemovalPresenter.js
@@ -0,0 +1,78 @@
+var App = App || {};
+App.Presenters = App.Presenters || {};
+
+App.Presenters.UserAccountRemovalPresenter = function(
+	jQuery,
+	util,
+	promise,
+	api,
+	auth,
+	router,
+	messagePresenter) {
+
+	var target;
+	var template;
+	var user;
+	var privileges = {};
+
+	function init(args) {
+		return promise.make(function(resolve, reject) {
+			user = args.user;
+			target = args.target;
+
+			privileges.canDeleteAccount =
+				auth.hasPrivilege(auth.privileges.deleteAllAccounts) ||
+				(auth.hasPrivilege(auth.privileges.deleteOwnAccount) && auth.isLoggedIn(user.name));
+
+			promise.wait(util.promiseTemplate('account-removal')).then(function(html) {
+				template = _.template(html);
+				render();
+				resolve();
+			});
+		});
+	}
+
+	function render() {
+		$el = jQuery(target);
+		$el.html(template({
+			user: user,
+			canDeleteAccount: privileges.canDeleteAccount}));
+
+		$el.find('form').submit(accountRemovalFormSubmitted);
+	}
+
+	function getPrivileges() {
+		return privileges;
+	}
+
+	function accountRemovalFormSubmitted(e) {
+		e.preventDefault();
+		$messages = jQuery(target).find('.messages');
+		messagePresenter.hideMessages($messages);
+		if (!$el.find('input[name=confirmation]:visible').prop('checked')) {
+			messagePresenter.showError($messages, 'Must confirm to proceed.');
+			return;
+		}
+		api.delete('/users/' + user.name)
+			.then(function() {
+				auth.logout();
+				var $messageDiv = messagePresenter.showInfo($messages, 'Account deleted. <a href="">Back to main page</a>');
+				$messageDiv.find('a').click(mainPageLinkClicked);
+			}).fail(function(response) {
+				messagePresenter.showError($messages, response.json && response.json.error || response);
+			});
+	}
+
+	function mainPageLinkClicked(e) {
+		e.preventDefault();
+		router.navigateToMainPage();
+	}
+
+	return {
+		init: init,
+		render: render,
+		getPrivileges: getPrivileges
+	};
+};
+
+App.DI.register('userAccountRemovalPresenter', App.Presenters.UserAccountRemovalPresenter);
diff --git a/public_html/js/Presenters/UserAccountSettingsPresenter.js b/public_html/js/Presenters/UserAccountSettingsPresenter.js
new file mode 100644
index 00000000..52922283
--- /dev/null
+++ b/public_html/js/Presenters/UserAccountSettingsPresenter.js
@@ -0,0 +1,154 @@
+var App = App || {};
+App.Presenters = App.Presenters || {};
+
+App.Presenters.UserAccountSettingsPresenter = function(
+	jQuery,
+	util,
+	promise,
+	api,
+	auth,
+	messagePresenter) {
+
+	var $messages;
+	var target;
+	var template;
+	var user;
+	var privileges;
+	var avatarContent;
+
+	function init(args) {
+		return promise.make(function(resolve, reject) {
+			user = args.user;
+			target = args.target;
+
+			privileges = {
+				canChangeAccessRank:
+					auth.hasPrivilege(auth.privileges.changeAccessRank),
+				canChangeAvatarStyle:
+					auth.hasPrivilege(auth.privileges.changeAllAvatarStyles) ||
+					(auth.hasPrivilege(auth.privileges.changeOwnAvatarStyle) && auth.isLoggedIn(user.name)),
+				canChangeName:
+					auth.hasPrivilege(auth.privileges.changeAllNames) ||
+					(auth.hasPrivilege(auth.privileges.changeOwnName) && auth.isLoggedIn(user.name)),
+				canChangeEmailAddress:
+					auth.hasPrivilege(auth.privileges.changeAllEmailAddresses) ||
+					(auth.hasPrivilege(auth.privileges.changeOwnEmailAddress) && auth.isLoggedIn(user.name)),
+				canChangePassword:
+					auth.hasPrivilege(auth.privileges.changeAllPasswords) ||
+					(auth.hasPrivilege(auth.privileges.changeOwnPassword) && auth.isLoggedIn(user.name)),
+			};
+
+			promise.wait(util.promiseTemplate('account-settings')).then(function(html) {
+				template = _.template(html);
+				render();
+				resolve();
+			});
+		});
+	}
+
+	function render() {
+		var $el = jQuery(target);
+		$el.html(template(_.extend({user: user}, privileges)));
+		$el.find('form').submit(accountSettingsFormSubmitted);
+		$el.find('form [name=avatar-style]').change(avatarStyleChanged);
+		avatarStyleChanged();
+		new App.Controls.FileDropper($el.find('[name=avatar-content]'), false, avatarContentChanged, jQuery);
+	}
+
+	function getPrivileges() {
+		return privileges;
+	}
+
+	function avatarStyleChanged(e) {
+		var $el = jQuery(target);
+		var $target = $el.find('.avatar-content .file-handler');
+		if ($el.find('[name=avatar-style]:checked').val() == 'manual') {
+			$target.show();
+		} else {
+			$target.hide();
+		}
+	}
+
+	function avatarContentChanged(files) {
+		if (files.length == 1) {
+			var reader = new FileReader();
+			reader.onloadend = function() {
+				avatarContent = reader.result;
+				var $el = jQuery(target);
+				var $target = $el.find('.avatar-content .file-handler');
+				$target.html(files[0].name);
+			}
+			reader.readAsDataURL(files[0]);
+		}
+	}
+
+	function accountSettingsFormSubmitted(e) {
+		e.preventDefault();
+		var $el = jQuery(target);
+		var $messages = jQuery(target).find('.messages');
+		messagePresenter.hideMessages($messages);
+		var formData = {};
+
+		if (privileges.canChangeAvatarStyle) {
+			formData.avatarStyle = $el.find('[name=avatar-style]:checked').val();
+			if (avatarContent)
+				formData.avatarContent = avatarContent;
+		}
+		if (privileges.canChangeName) {
+			formData.userName = $el.find('[name=userName]').val();
+		}
+		if (privileges.canChangeEmailAddress) {
+			formData.email = $el.find('[name=email]').val();
+		}
+		if (privileges.canChangePassword) {
+			formData.password = $el.find('[name=password]').val();
+			formData.passwordConfirmation = $el.find('[name=passwordConfirmation]').val();
+		}
+		if (privileges.canChangeAccessRank) {
+			formData.accessRank = $el.find('[name=access-rank]').val();
+		}
+
+		if (!validateAccountSettingsFormData($messages, formData)) {
+			return;
+		}
+
+		if (!formData.password) {
+			delete formData.password;
+			delete formData.passwordConfirmation;
+		}
+
+		api.put('/users/' + user.name, formData)
+			.then(function(response) {
+				editSuccess($messages, response);
+			}).fail(function(response) {
+				editFailure($messages, response);
+			});
+	}
+
+	function editSuccess($messages, apiResponse) {
+		//todo: tell user if it turned out that he needs to confirm his e-mail
+		var message = 'Account settings updated!';
+		messagePresenter.showInfo($messages, message);
+	}
+
+	function editFailure($messages, apiResponse) {
+		messagePresenter.showError($messages, apiResponse.json && apiResponse.json.error || apiResponse);
+	}
+
+	function validateAccountSettingsFormData($messages, formData) {
+		if (formData.password != formData.passwordConfirmation) {
+			messagePresenter.showError($messages, 'Passwords must be the same.');
+			return false;
+		}
+
+		return true;
+	}
+
+	return {
+		init: init,
+		render: render,
+		getPrivileges: getPrivileges,
+	};
+}
+
+App.DI.register('userAccountSettingsPresenter', App.Presenters.UserAccountSettingsPresenter);
diff --git a/public_html/js/Presenters/UserBrowsingSettingsPresenter.js b/public_html/js/Presenters/UserBrowsingSettingsPresenter.js
new file mode 100644
index 00000000..1a58a9be
--- /dev/null
+++ b/public_html/js/Presenters/UserBrowsingSettingsPresenter.js
@@ -0,0 +1,46 @@
+var App = App || {};
+App.Presenters = App.Presenters || {};
+
+App.Presenters.UserBrowsingSettingsPresenter = function(
+	jQuery,
+	util,
+	promise,
+	auth) {
+
+	var target;
+	var template;
+	var user;
+	var privileges = {};
+
+	function init(args) {
+		return promise.make(function(resolve, reject) {
+			user = args.user;
+			target = args.target;
+
+			privileges.canChangeBrowsingSettings = auth.isLoggedIn(user.name) && user.name == auth.getCurrentUser().name;
+
+			promise.wait(util.promiseTemplate('browsing-settings')).then(function(html) {
+				template = _.template(html);
+				render();
+				resolve();
+			});
+		});
+	}
+
+	function render() {
+		$el = jQuery(target);
+		$el.html(template({user: user}));
+	}
+
+	function getPrivileges() {
+		return privileges;
+	}
+
+	return {
+		init: init,
+		render: render,
+		getPrivileges: getPrivileges,
+	};
+}
+
+App.DI.register('userBrowsingSettingsPresenter', App.Presenters.UserBrowsingSettingsPresenter);
diff --git a/public_html/js/Presenters/UserPresenter.js b/public_html/js/Presenters/UserPresenter.js
index f6c4b38a..bfd04bc2 100644
--- a/public_html/js/Presenters/UserPresenter.js
+++ b/public_html/js/Presenters/UserPresenter.js
@@ -8,14 +8,14 @@ App.Presenters.UserPresenter = function(
 	api,
 	auth,
 	topNavigationPresenter,
+	userBrowsingSettingsPresenter,
+	userAccountSettingsPresenter,
+	userAccountRemovalPresenter,
 	messagePresenter) {
 
 	var $el = jQuery('#content');
 	var $messages = $el;
 	var template;
-	var accountSettingsTemplate;
-	var accountRemovalTemplate;
-	var browsingSettingsTemplate;
 	var user;
 	var userName;
 
@@ -25,23 +25,22 @@ App.Presenters.UserPresenter = function(
 
 		promise.waitAll(
 			util.promiseTemplate('user'),
-			util.promiseTemplate('account-settings'),
-			util.promiseTemplate('account-removal'),
-			util.promiseTemplate('browsing-settings'),
 			api.get('/users/' + userName))
 		.then(function(
 				userHtml,
-				accountSettingsHtml,
-				accountRemovalHtml,
-				browsingSettingsHtml,
 				response) {
+			$messages = $el.find('.messages');
 			template = _.template(userHtml);
-			accountSettingsTemplate = _.template(accountSettingsHtml);
-			accountRemovalTemplate = _.template(accountRemovalHtml);
-			browsingSettingsTemplate = _.template(browsingSettingsHtml);
 
 			user = response.json;
-			render();
+			var extendedContext = _.extend(args, {user: user});
+
+			promise.waitAll(
+				userBrowsingSettingsPresenter.init(_.extend(extendedContext, {target: '#browsing-settings-target'})),
+				userAccountSettingsPresenter.init(_.extend(extendedContext, {target: '#account-settings-target'})),
+				userAccountRemovalPresenter.init(_.extend(extendedContext, {target: '#account-removal-target'})))
+			.then(render);
+
 		}).fail(function(response) {
 			$el.empty();
 			messagePresenter.showError($messages, response.json && response.json.error || response);
@@ -49,37 +48,16 @@ App.Presenters.UserPresenter = function(
 	}
 
 	function render() {
-		var context = {
+		$el.html(template({
 			user: user,
-			canDeleteAccount: auth.hasPrivilege(auth.privileges.deleteAllAccounts) ||
-				(auth.isLoggedIn(userName) && auth.hasPrivilege(auth.privileges.deleteOwnAccount)),
-		};
-		$el.html(template(context));
-		$el.find('.browsing-settings').html(browsingSettingsTemplate(context));
-		$el.find('.account-settings').html(accountSettingsTemplate(context));
-		$el.find('.account-removal').html(accountRemovalTemplate(context));
-		$el.find('.account-removal form').submit(accountRemovalFormSubmitted);
-		$messages = $el.find('.messages');
+			canChangeBrowsingSettings: userBrowsingSettingsPresenter.getPrivileges().canChangeBrowsingSettings,
+			canChangeAccountSettings: _.any(userAccountSettingsPresenter.getPrivileges()),
+			canDeleteAccount: userAccountRemovalPresenter.getPrivileges().canDeleteAccount}));
+		userBrowsingSettingsPresenter.render();
+		userAccountSettingsPresenter.render();
+		userAccountRemovalPresenter.render();
 	};
 
-	function accountRemovalFormSubmitted(e) {
-		e.preventDefault();
-		$messages = $el.find('.account-removal .messages');
-		messagePresenter.hideMessages($messages);
-		if (!$el.find('.account-removal input[name=confirmation]:visible').prop('checked')) {
-			messagePresenter.showError($messages, 'Must confirm to proceed.');
-			return;
-		}
-		api.delete('/users/' + user.name)
-			.then(function() {
-				auth.logout();
-				var $messageDiv = messagePresenter.showInfo($messages, 'Account deleted. <a href="">Back to main page</a>');
-				$messageDiv.find('a').click(mainPageLinkClicked);
-			}).fail(function(response) {
-				messagePresenter.showError($messages, response.json && response.json.error || response);
-			});
-	}
-
 	return {
 		init: init,
 		render: render
diff --git a/public_html/js/Util.js b/public_html/js/Util.js
index 9127554d..a178cf77 100644
--- a/public_html/js/Util.js
+++ b/public_html/js/Util.js
@@ -44,7 +44,7 @@ App.Util = (function(jQuery, promise) {
 		} else {
 			lastContentPresenter.reinit.call(presenter, args);
 		}
-	};
+	}
 
 	function promiseTemplate(templateName) {
 		return promiseTemplateFromCache(templateName)
@@ -83,7 +83,7 @@ App.Util = (function(jQuery, promise) {
 					resolve(data);
 				},
 				error: function(xhr, textStatus, errorThrown) {
-					console.log(Error('Error while loading template ' +  templateName + ': ' + errorThrown));
+					console.log(Error('Error while loading template ' + templateName + ': ' + errorThrown));
 					reject();
 				},
 			});
diff --git a/public_html/templates/account-removal.tpl b/public_html/templates/account-removal.tpl
index 7792b45a..0eb928ff 100644
--- a/public_html/templates/account-removal.tpl
+++ b/public_html/templates/account-removal.tpl
@@ -1,4 +1,4 @@
-<form class="account-settings">
+<form class="account-removal">
 	<div class="messages"></div>
 
 	<div class="form-row">
@@ -15,7 +15,7 @@
 	<div class="form-row">
 		<label class="form-label"></label>
 		<div class="form-input">
-			<button class="submit" type="submit">Delete account</button>
+			<button type="submit">Delete account</button>
 		</div>
 	</div>
 </form>
diff --git a/public_html/templates/account-settings.tpl b/public_html/templates/account-settings.tpl
index 8c94ebd4..17e06ecc 100644
--- a/public_html/templates/account-settings.tpl
+++ b/public_html/templates/account-settings.tpl
@@ -1,74 +1,94 @@
 <form class="account-settings">
-	<div class="form-row">
-		<label class="form-label">User picture:</label>
-		<div class="form-input">
-			<label for="account-settings-avatar-gravatar">
-				<input type="radio" name="avatar-style" id="account-settings-avatar-gravatar" class="avatar-style" value="gravatar"/>
-				Gravatar
-			</label>
-			<label for="account-settings-avatar-manual">
-				<input type="radio" name="avatar-style" id="account-settings-avatar-manual" class="avatar-style" value="manual"/>
-				Custom
-			</label>
-			<label for="account-settings-avatar-none">
-				<input type="radio" name="avatar-style" id="account-settings-avatar-none" class="avatar-style" value="none"/>
-				None
-			</label>
-		</div>
-	</div>
+	<div class="messages"></div>
 
-	<div class="form-row">
-		<label class="form-label" for="account-settings-avatar-content"></label>
-		<div class="form-input">
-			<input class="avatar-content" type="file" name="avatar-content" id="account-settings-avatar-content"/>
-		</div>
-	</div>
-
-	<div class="form-row">
-		<label class="form-label" for="account-settings-name">Name:</label>
+	<% if (canChangeAvatarStyle) { %>
+		<div class="form-row">
+			<label class="form-label">User picture:</label>
 			<div class="form-input">
-			<input type="text" name="name" id="account-settings-name" placeholder="New name&hellip;" value=""/>
+				<%
+					var avatarStyles = {
+						gravatar: 'Gravatar',
+						manual: 'Custom',
+						blank: 'Blank',
+					};
+				%>
+				<% _.each(avatarStyles, function(v, k) { %>
+					<label for="account-settings-avatar-<%= k %>">
+						<input <% print(user.avatarStyle == k ? 'checked="checked"' : '') %> type="radio" name="avatar-style" id="account-settings-avatar-<%= k %>" value="<%= k %>"/>
+						<%= v %>
+					</label>
+				<% }) %>
+			</div>
 		</div>
-	</div>
 
-	<div class="form-row">
-		<label class="form-label" for="account-settings-email">E-mail:</label>
-		<div class="form-input">
-			<input type="text" name="email" id="account-settings-email" placeholder="New e-mail&hellip;" value=""/>
+		<div class="form-row avatar-content">
+			<label class="form-label"></label>
+			<div class="form-input">
+				<input type="file" name="avatar-content" id="account-settings-avatar-content"/>
+			</div>
 		</div>
-	</div>
+	<% } %>
 
-	<div class="form-row">
-		<label class="form-label" for="account-settings-password1">New password:</label>
-		<div class="form-input">
-			<input type="password" name="password1" id="account-settings-password1" placeholder="New password&hellip;" value=""/>
+	<% if (canChangeName) { %>
+		<div class="form-row">
+			<label class="form-label" for="account-settings-name">Name:</label>
+				<div class="form-input">
+				<input type="text" name="userName" id="account-settings-name" placeholder="New name&hellip;" value="<%= user.name %>"/>
+			</div>
 		</div>
-	</div>
+	<% } %>
 
-	<div class="form-row">
-		<label class="form-label" for="account-settings-password2"></label>
-		<div class="form-input">
-			<input type="password" name="password2" id="account-settings-password2" placeholder="New password&hellip; (repeat)" value=""/>
+	<% if (canChangeEmailAddress) { %>
+		<div class="form-row">
+			<label class="form-label" for="account-settings-email">E-mail:</label>
+			<div class="form-input">
+				<input type="text" name="email" id="account-settings-email" placeholder="New e-mail&hellip;" value="<%= user.email %>"/>
+			</div>
 		</div>
-	</div>
+	<% } %>
 
-	<div class="form-row">
-		<label class="form-label" for="account-settings-access-rank">Access rank:</label>
-		<div class="form-input">
-			<select name="access-rank" id="account-settings-access-rank">
-			<option value="anonymous">anonymous</option>
-			<option value="regular-user">registered</option>
-			<option value="power-user">power user</option>
-			<option value="moderator">moderator</option>
-			<option value="administrator" selected="selected">admin</option>
-		</select>
+	<% if (canChangePassword) { %>
+		<div class="form-row">
+			<label class="form-label" for="account-settings-password">New password:</label>
+			<div class="form-input">
+				<input type="password" name="password" id="account-settings-password" placeholder="New password&hellip;" value=""/>
+			</div>
 		</div>
-	</div>
+
+		<div class="form-row">
+			<label class="form-label" for="account-settings-password-confirmation"></label>
+			<div class="form-input">
+				<input type="password" name="passwordConfirmation" id="account-settings-password-confirmation" placeholder="New password&hellip; (repeat)" value=""/>
+			</div>
+		</div>
+	<% } %>
+
+	<% if (canChangeAccessRank) { %>
+		<div class="form-row">
+			<label class="form-label" for="account-settings-access-rank">Access rank:</label>
+			<div class="form-input">
+				<select name="access-rank" id="account-settings-access-rank">
+					<%
+						var accessRanks = {
+							anonymous: 'Anonymous',
+							regularUser: 'Regular user',
+							powerUser: 'Power user',
+							moderator: 'Moderator',
+							administrator: 'Administrator'
+						};
+					%>
+					<% _.each(accessRanks, function(v, k) { %>
+						<option <% print(user.accessRank == k ? 'selected="selected"' : '') %> value="<%= k %>"><%= v %></option>
+					<% }) %>
+				</select>
+			</div>
+		</div>
+	<% } %>
 
 	<div class="form-row">
 		<label class="form-label"></label>
 		<div class="form-input">
-			<button class="submit" type="submit">Update settings</button>
+			<button type="submit">Update settings</button>
 		</div>
 	</div>
 </form>
diff --git a/public_html/templates/browsing-settings.tpl b/public_html/templates/browsing-settings.tpl
index cbe54b24..ccbee420 100644
--- a/public_html/templates/browsing-settings.tpl
+++ b/public_html/templates/browsing-settings.tpl
@@ -1,4 +1,6 @@
 <form class="browsing-settings">
+	<div class="messages"></div>
+
 	<div class="form-row">
 		<label class="form-label">Safety:</label>
 		<div class="form-input">
@@ -47,7 +49,7 @@
 	<div class="form-row">
 		<label class="form-label"></label>
 		<div class="form-input">
-			<button class="submit" type="submit">Update settings</button>
+			<button type="submit">Update settings</button>
 		</div>
 	</div>
 </form>
diff --git a/public_html/templates/login-form.tpl b/public_html/templates/login-form.tpl
index 20dacbda..ad0c1698 100644
--- a/public_html/templates/login-form.tpl
+++ b/public_html/templates/login-form.tpl
@@ -8,14 +8,14 @@
 
 	<form method="post" class="form-wrapper">
 		<div class="form-row">
-			<label for="login-user" class="form-label">User name:</label>
+			<label class="form-label" for="login-user">User name:</label>
 			<div class="form-input">
 				<input autocomplete="off" type="text" name="user" id="login-user"/>
 			</div>
 		</div>
 
 		<div class="form-row">
-			<label for="login-password" class="form-label">Password:</label>
+			<label class="form-label" for="login-password">Password:</label>
 			<div class="form-input">
 				<input autocomplete="off" type="password" name="password" id="login-password"/>
 			</div>
@@ -24,12 +24,11 @@
 		<div class="form-row">
 			<label class="form-label"></label>
 			<div class="form-input">
-				<button class="submit" type="submit">Log in</button>
+				<button type="submit">Log in</button>
 				&nbsp;
 				<input type="hidden" name="remember" value="0"/>
-				<label class="checkbox-wrapper">
+				<label>
 					<input type="checkbox" name="remember" value="1"/>
-					<span></span>
 					Remember me
 				</label>
 			</div>
diff --git a/public_html/templates/registration-form.tpl b/public_html/templates/registration-form.tpl
index 6a8bae28..94dfc6eb 100644
--- a/public_html/templates/registration-form.tpl
+++ b/public_html/templates/registration-form.tpl
@@ -8,28 +8,28 @@
 
 	<form method="post" class="form-wrapper">
 		<div class="form-row">
-			<label for="registration-user" class="form-label">User name:</label>
+			<label class="form-label" for="registration-user">User name:</label>
 			<div class="form-input">
-				<input autocomplete="off" type="text" name="user" id="registration-user" placeholder="e.g. darth_vader" value=""/>
+				<input autocomplete="off" type="text" name="userName" id="registration-user" placeholder="e.g. darth_vader" value=""/>
 			</div>
 		</div>
 
 		<div class="form-row">
-			<label for="registration-password" class="form-label">Password:</label>
+			<label class="form-label" for="registration-password">Password:</label>
 			<div class="form-input">
-				<input autocomplete="off" type="password" name="password1" id="registration-password" placeholder="e.g. &#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;" value=""/>
+				<input autocomplete="off" type="password" name="password" id="registration-password" placeholder="e.g. &#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;" value=""/>
 			</div>
 		</div>
 
 		<div class="form-row">
-			<label for="registration-password-confirm" class="form-label">Password (repeat):</label>
+			<label class="form-label" for="registration-password-confirmation">Password (repeat):</label>
 			<div class="form-input">
-				<input autocomplete="off" type="password" name="password2" id="registration-password-confirm" placeholder="e.g. &#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;" value=""/>
+				<input autocomplete="off" type="password" name="passwordConfirmation" id="registration-password-confirmation" placeholder="e.g. &#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;&#x25cf;" value=""/>
 			</div>
 		</div>
 
 		<div class="form-row">
-			<label for="registration-email" class="form-label">E-mail address:</label>
+			<label class="form-label" for="registration-email">E-mail address:</label>
 			<div class="form-input">
 				<input autocomplete="off" type="text" name="email" id="registration-email" placeholder="e.g. vader@empire.gov" value=""/>
 			</div>
@@ -38,7 +38,7 @@
 		<div class="form-row">
 			<label class="form-label"></label>
 			<div class="form-input">
-				<button class="submit" type="submit">Register</button>
+				<button type="submit">Register</button>
 			</div>
 		</div>
 	</form>
diff --git a/public_html/templates/user.tpl b/public_html/templates/user.tpl
index 3d3905e1..b7c24c9e 100644
--- a/public_html/templates/user.tpl
+++ b/public_html/templates/user.tpl
@@ -1,16 +1,22 @@
 <div id="user-view">
 	<div class="messages"></div>
+
+	<img src="/api/users/<%= user.name %>/avatar/50" alt="Avatar"/>
 	<%= user.name %>
 
-	<h2>Browsing settings</h2>
-	<div class="browsing-settings"></div>
+	<% if (canChangeBrowsingSettings) { %>
+		<h2>Browsing settings</h2>
+		<div id="browsing-settings-target"></div>
+	<% } %>
 
-	<h2>Account settings</h2>
-	<div class="account-settings"></div>
+	<% if (canChangeAccountSettings) { %>
+		<h2>Account settings</h2>
+		<div id="account-settings-target"></div>
+	<% } %>
 
 	<% if (canDeleteAccount) { %>
 		<h2>Account removal</h2>
-		<div class="account-removal"></div>
+		<div id="account-removal-target"></div>
 	<% } %>
 
 </div>
diff --git a/src/Controllers/UserAvatarController.php b/src/Controllers/UserAvatarController.php
new file mode 100644
index 00000000..e2a67811
--- /dev/null
+++ b/src/Controllers/UserAvatarController.php
@@ -0,0 +1,69 @@
+<?php
+namespace Szurubooru\Controllers;
+
+final class UserAvatarController extends AbstractController
+{
+	private $userService;
+	private $fileService;
+	private $httpHelper;
+	private $thumbnailService;
+
+	public function __construct(
+		\Szurubooru\Services\UserService $userService,
+		\Szurubooru\Services\FileService $fileService,
+		\Szurubooru\Helpers\HttpHelper $httpHelper,
+		\Szurubooru\Services\ThumbnailService $thumbnailService)
+	{
+		$this->userService = $userService;
+		$this->fileService = $fileService;
+		$this->httpHelper = $httpHelper;
+		$this->thumbnailService = $thumbnailService;
+	}
+
+	public function registerRoutes(\Szurubooru\Router $router)
+	{
+		$router->get('/api/users/:userName/avatar/:size', [$this, 'getAvatarByName']);
+	}
+
+	public function getAvatarByName($userName, $size)
+	{
+		$user = $this->userService->getByName($userName);
+		if (!$user)
+			throw new \InvalidArgumentException('User with name "' . $userName . '" was not found.');
+
+		switch ($user->avatarStyle)
+		{
+			case \Szurubooru\Entities\User::AVATAR_STYLE_GRAVATAR:
+				$hash = md5(strtolower(trim($user->email ? $user->email : $user->id . $user->name)));
+				$url = 'https://www.gravatar.com/avatar/' . $hash . '?d=retro&s=' . $size;
+				$this->serveFromUrl($url);
+				break;
+
+			case \Szurubooru\Entities\User::AVATAR_STYLE_BLANK:
+				$this->serveFromFile($this->userService->getBlankAvatarSourcePath(), $size);
+				break;
+
+			case \Szurubooru\Entities\User::AVATAR_STYLE_MANUAL:
+				$this->serveFromFile($this->userService->getCustomAvatarSourcePath($user), $size);
+				break;
+
+			default:
+				$this->serveFromFile($this->userService->getBlankAvatarSourcePath(), $size);
+				break;
+		}
+	}
+
+	private function serveFromUrl($url)
+	{
+		$this->httpHelper->nonCachedRedirect($url);
+	}
+
+	private function serveFromFile($file, $size)
+	{
+		if (!$this->fileService->exists($file))
+			$file = $this->userService->getBlankAvatarSourcePath();
+
+		$sizedFile = $this->thumbnailService->generateFromFile($file, $size, $size);
+		$this->fileService->serve($sizedFile);
+	}
+}
diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php
index b561a6c4..609c387d 100644
--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@@ -22,18 +22,18 @@ final class UserController extends AbstractController
 
 	public function registerRoutes(\Szurubooru\Router $router)
 	{
-		$router->post('/api/users', [$this, 'register']);
+		$router->post('/api/users', [$this, 'createUser']);
 		$router->get('/api/users', [$this, 'getFiltered']);
-		$router->get('/api/users/:name', [$this, 'getByName']);
-		$router->put('/api/users/:name', [$this, 'update']);
-		$router->delete('/api/users/:name', [$this, 'delete']);
+		$router->get('/api/users/:userName', [$this, 'getByName']);
+		$router->put('/api/users/:userName', [$this, 'updateUser']);
+		$router->delete('/api/users/:userName', [$this, 'deleteUser']);
 	}
 
-	public function getByName($name)
+	public function getByName($userName)
 	{
-		$user = $this->userService->getByName($name);
+		$user = $this->userService->getByName($userName);
 		if (!$user)
-			throw new \DomainException('User with name "' . $name . '" was not found.');
+			throw new \InvalidArgumentException('User with name "' . $userName . '" was not found.');
 		return $this->userViewProxy->fromEntity($user);
 	}
 
@@ -41,8 +41,8 @@ final class UserController extends AbstractController
 	{
 		$this->privilegeService->assertPrivilege(\Szurubooru\Privilege::LIST_USERS);
 
-		$searchFormData = new \Szurubooru\FormData\SearchFormData($this->inputReader);
-		$searchResult = $this->userService->getFiltered($searchFormData);
+		$formData = new \Szurubooru\FormData\SearchFormData($this->inputReader);
+		$searchResult = $this->userService->getFiltered($formData);
 		$entities = $this->userViewProxy->fromArray($searchResult->entities);
 		return [
 			'data' => $entities,
@@ -50,27 +50,66 @@ final class UserController extends AbstractController
 			'totalRecords' => $searchResult->totalRecords];
 	}
 
-	public function register()
+	public function createUser()
 	{
 		$this->privilegeService->assertPrivilege(\Szurubooru\Privilege::REGISTER);
-
-		$input = new \Szurubooru\FormData\RegistrationFormData($this->inputReader);
-		$user = $this->userService->register($input);
+		$formData = new \Szurubooru\FormData\RegistrationFormData($this->inputReader);
+		$user = $this->userService->createUser($formData);
 		return $this->userViewProxy->fromEntity($user);
 	}
 
-	public function update($name)
+	public function updateUser($userName)
 	{
-		throw new \BadMethodCallException('Not implemented');
+		$formData = new \Szurubooru\FormData\UserEditFormData($this->inputReader);
+
+		if ($formData->avatarStyle !== null)
+		{
+			$this->privilegeService->assertPrivilege(
+				$this->privilegeService->isLoggedIn($userName)
+					? \Szurubooru\Privilege::CHANGE_OWN_AVATAR_STYLE
+					: \Szurubooru\Privilege::CHANGE_ALL_AVATAR_STYLES);
+		}
+
+		if ($formData->userName !== null)
+		{
+			$this->privilegeService->assertPrivilege(
+				$this->privilegeService->isLoggedIn($userName)
+					? \Szurubooru\Privilege::CHANGE_OWN_NAME
+					: \Szurubooru\Privilege::CHANGE_ALL_NAMES);
+		}
+
+		if ($formData->password !== null)
+		{
+			$this->privilegeService->assertPrivilege(
+				$this->privilegeService->isLoggedIn($userName)
+					? \Szurubooru\Privilege::CHANGE_OWN_PASSWORD
+					: \Szurubooru\Privilege::CHANGE_ALL_PASSWORDS);
+		}
+
+		if ($formData->email !== null)
+		{
+			$this->privilegeService->assertPrivilege(
+				$this->privilegeService->isLoggedIn($userName)
+					? \Szurubooru\Privilege::CHANGE_OWN_EMAIL_ADDRESS
+					: \Szurubooru\Privilege::CHANGE_ALL_EMAIL_ADDRESSES);
+		}
+
+		if ($formData->accessRank)
+		{
+			$this->privilegeService->assertPrivilege(\Szurubooru\Privilege::CHANGE_ACCESS_RANK);
+		}
+
+		$user = $this->userService->updateUser($userName, $formData);
+		return $this->userViewProxy->fromEntity($user);
 	}
 
-	public function delete($name)
+	public function deleteUser($userName)
 	{
 		$this->privilegeService->assertPrivilege(
-			$this->privilegeService->isLoggedIn($name)
+			$this->privilegeService->isLoggedIn($userName)
 				? \Szurubooru\Privilege::DELETE_OWN_ACCOUNT
 				: \Szurubooru\Privilege::DELETE_ACCOUNTS);
 
-		return $this->userService->deleteByName($name);
+		return $this->userService->deleteUserByName($userName);
 	}
 }
diff --git a/src/Controllers/ViewProxies/UserViewProxy.php b/src/Controllers/ViewProxies/UserViewProxy.php
index 6aeb9e3c..c4b679e6 100644
--- a/src/Controllers/ViewProxies/UserViewProxy.php
+++ b/src/Controllers/ViewProxies/UserViewProxy.php
@@ -20,8 +20,9 @@ class UserViewProxy extends AbstractViewProxy
 			$result->accessRank = \Szurubooru\Helpers\EnumHelper::accessRankToString($user->accessRank);
 			$result->registrationTime = $user->registrationTime;
 			$result->lastLoginTime = $user->lastLoginTime;
+			$result->avatarStyle = $user->avatarStyle;
 
-			if ($this->privilegeService->hasPrivilege(\Szurubooru\Privilege::PRIVILEGE_VIEW_ALL_EMAIL_ADDRESSES) or
+			if ($this->privilegeService->hasPrivilege(\Szurubooru\Privilege::VIEW_ALL_EMAIL_ADDRESSES) or
 				$this->privilegeService->isLoggedIn($user))
 			{
 				$result->email = $user->email;
diff --git a/src/Entities/User.php b/src/Entities/User.php
index 1e8bc547..85944990 100644
--- a/src/Entities/User.php
+++ b/src/Entities/User.php
@@ -10,10 +10,15 @@ final class User extends Entity
 	const ACCESS_RANK_MODERATOR = 4;
 	const ACCESS_RANK_ADMINISTRATOR = 5;
 
+	const AVATAR_STYLE_GRAVATAR = 'gravatar';
+	const AVATAR_STYLE_MANUAL = 'manual';
+	const AVATAR_STYLE_BLANK = 'blank';
+
 	public $name;
 	public $email;
 	public $passwordHash;
 	public $accessRank;
 	public $registrationTime;
 	public $lastLoginTime;
+	public $avatarStyle;
 }
diff --git a/src/FormData/RegistrationFormData.php b/src/FormData/RegistrationFormData.php
index 7ed83a42..d355e750 100644
--- a/src/FormData/RegistrationFormData.php
+++ b/src/FormData/RegistrationFormData.php
@@ -3,7 +3,7 @@ namespace Szurubooru\FormData;
 
 class RegistrationFormData
 {
-	public $name;
+	public $userName;
 	public $password;
 	public $email;
 
@@ -11,7 +11,7 @@ class RegistrationFormData
 	{
 		if ($inputReader !== null)
 		{
-			$this->name = $inputReader->userName;
+			$this->userName = $inputReader->userName;
 			$this->password = $inputReader->password;
 			$this->email = $inputReader->email;
 		}
diff --git a/src/FormData/UserEditFormData.php b/src/FormData/UserEditFormData.php
new file mode 100644
index 00000000..b396df50
--- /dev/null
+++ b/src/FormData/UserEditFormData.php
@@ -0,0 +1,24 @@
+<?php
+namespace Szurubooru\FormData;
+
+class UserEditFormData
+{
+	public $userName;
+	public $email;
+	public $accessRank;
+	public $password;
+	public $avatarStyle;
+
+	public function __construct($inputReader = null)
+	{
+		if ($inputReader !== null)
+		{
+			$this->userName = $inputReader->userName;
+			$this->email = $inputReader->email;
+			$this->password = $inputReader->password;
+			$this->accessRank = $inputReader->accessRank;
+			$this->avatarStyle = $inputReader->avatarStyle;
+			$this->avatarContent = $inputReader->avatarContent;
+		}
+	}
+}
diff --git a/src/Helpers/EnumHelper.php b/src/Helpers/EnumHelper.php
index 3e515200..d325e6ab 100644
--- a/src/Helpers/EnumHelper.php
+++ b/src/Helpers/EnumHelper.php
@@ -7,13 +7,38 @@ class EnumHelper
 	{
 		switch ($accessRank)
 		{
-			case \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS: return 'anonymous'; break;
-			case \Szurubooru\Entities\User::ACCESS_RANK_REGULAR_USER: return 'regularUser'; break;
-			case \Szurubooru\Entities\User::ACCESS_RANK_POWER_USER: return 'powerUser'; break;
-			case \Szurubooru\Entities\User::ACCESS_RANK_MODERATOR: return 'moderator'; break;
-			case \Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR: return 'administrator'; break;
+			case \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS: return 'anonymous';
+			case \Szurubooru\Entities\User::ACCESS_RANK_REGULAR_USER: return 'regularUser';
+			case \Szurubooru\Entities\User::ACCESS_RANK_POWER_USER: return 'powerUser';
+			case \Szurubooru\Entities\User::ACCESS_RANK_MODERATOR: return 'moderator';
+			case \Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR: return 'administrator';
 			default:
 				throw new \DomainException('Invalid access rank!');
 		}
 	}
+
+	public static function accessRankFromString($accessRankString)
+	{
+		switch (trim(strtolower($accessRankString)))
+		{
+			case 'anonymous': return \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS;
+			case 'regularuser': return \Szurubooru\Entities\User::ACCESS_RANK_REGULAR_USER;
+			case 'poweruser': return \Szurubooru\Entities\User::ACCESS_RANK_POWER_USER;
+			case 'moderator': return \Szurubooru\Entities\User::ACCESS_RANK_MODERATOR;
+			case 'administrator': return \Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR;
+			default:
+				throw new \DomainException('Unrecognized access rank: ' . $accessRankString);
+		}
+	}
+
+	public static function avatarStyleFromString($avatarStyleString)
+	{
+		switch (trim(strtolower($avatarStyleString)))
+		{
+			case 'gravatar': return \Szurubooru\Entities\User::AVATAR_STYLE_GRAVATAR;
+			case 'manual': return \Szurubooru\Entities\User::AVATAR_STYLE_MANUAL;
+			case 'none':
+			case 'blank': return \Szurubooru\Entities\User::AVATAR_STYLE_BLANK;
+		}
+	}
 }
diff --git a/src/Helpers/HttpHelper.php b/src/Helpers/HttpHelper.php
index d89338c3..ccdeeda7 100644
--- a/src/Helpers/HttpHelper.php
+++ b/src/Helpers/HttpHelper.php
@@ -45,4 +45,10 @@ class HttpHelper
 		$requestUri = preg_replace('/\?.*$/', '', $requestUri);
 		return $requestUri;
 	}
+
+	public function nonCachedRedirect($destination)
+	{
+		$this->setResponseCode(303);
+		$this->setHeader('Location', $destination);
+	}
 }
diff --git a/src/Privilege.php b/src/Privilege.php
index 005134bf..2ad06147 100644
--- a/src/Privilege.php
+++ b/src/Privilege.php
@@ -5,6 +5,16 @@ class Privilege
 {
 	const REGISTER = 'register';
 	const LIST_USERS = 'listUsers';
+	const VIEW_ALL_EMAIL_ADDRESSES = 'viewAllEmailAddresses';
+	const CHANGE_ACCESS_RANK = 'changeAccessRank';
+	const CHANGE_OWN_AVATAR_STYLE = 'changeOwnAvatarStyle';
+	const CHANGE_OWN_EMAIL_ADDRESS = 'changeOwnEmailAddress';
+	const CHANGE_OWN_NAME = 'changeOwnName';
+	const CHANGE_OWN_PASSWORD = 'changeOwnPassword';
+	const CHANGE_ALL_AVATAR_STYLES = 'changeAllAvatarStyles';
+	const CHANGE_ALL_EMAIL_ADDRESSES = 'changeAllEmailAddresses';
+	const CHANGE_ALL_NAMES = 'changeAllNames';
+	const CHANGE_ALL_PASSWORDS = 'changeAllPasswords';
 	const DELETE_OWN_ACCOUNT = 'deleteOwnAccount';
 	const DELETE_ALL_ACCOUNTS = 'deleteAllAccounts';
 }
diff --git a/src/Services/FileService.php b/src/Services/FileService.php
new file mode 100644
index 00000000..a9de8d50
--- /dev/null
+++ b/src/Services/FileService.php
@@ -0,0 +1,93 @@
+<?php
+namespace Szurubooru\Services;
+
+class FileService
+{
+	private $dataDirectory;
+	private $httpHelper;
+
+	public function __construct($dataDirectory, \Szurubooru\Helpers\HttpHelper $httpHelper)
+	{
+		$this->dataDirectory = $dataDirectory;
+		$this->httpHelper = $httpHelper;
+	}
+
+	public function serve($source, $options = [])
+	{
+		$finalSource = $this->getFullPath($source);
+
+		$daysToLive = isset($options->daysToLive)
+				? $options->daysToLive
+				: 7;
+		$secondsToLive = $daysToLive * 24 * 60 * 60;
+		$lastModified = filemtime($finalSource);
+		$eTag = md5(file_get_contents($finalSource)); //todo: faster
+
+		$ifModifiedSince = isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])
+			? $_SERVER['HTTP_IF_MODIFIED_SINCE']
+			: false;
+
+		$eTagHeader = isset($_SERVER['HTTP_IF_NONE_MATCH'])
+			? trim($_SERVER['HTTP_IF_NONE_MATCH'], "\" \t\r\n")
+			: false;
+
+		$this->httpHelper->setHeader('ETag', '"' . $eTag . '"');
+		$this->httpHelper->setHeader('Last-Modified', gmdate('D, d M Y H:i:s \G\M\T', $lastModified));
+		$this->httpHelper->setHeader('Pragma', 'public');
+		$this->httpHelper->setHeader('Cache-Control', 'public, max-age=' . $secondsToLive);
+		$this->httpHelper->setHeader('Expires', gmdate('D, d M Y H:i:s \G\M\T', time() + $secondsToLive));
+
+		if (isset($options->customFileName))
+		{
+			$this->httpHelper->setHeader('Content-Disposition', 'inline; filename="' . $options->customFileName . '"');
+		}
+
+		if (isset($options->mimeType))
+		{
+			$this->httpHelper->setHeader('Content-Type', $options->mimeType);
+		}
+		else
+		{
+			$this->httpHelper->setHeader('Content-Type', mime_content_type($finalSource));
+		}
+
+		if (strtotime($ifModifiedSince) == $lastModified or $eTagHeader == $eTag)
+		{
+			$this->httpHelper->setResponseCode(304);
+		}
+		else
+		{
+			$this->httpHelper->setResponseCode(200);
+			readfile($finalSource);
+		}
+		exit;
+	}
+
+	public function exists($source)
+	{
+		$finalSource = $this->getFullPath($source);
+		return $source and file_exists($finalSource);
+	}
+
+	public function delete($source)
+	{
+		$finalSource = $this->getFullPath($source);
+		if (file_exists($finalSource))
+			unlink($finalSource);
+	}
+
+	public function saveFromBase64($base64string, $destination)
+	{
+		$finalDestination = $this->getFullPath($destination);
+		$commaPosition = strpos($base64string, ',');
+		if ($commaPosition !== null)
+			$base64string = substr($base64string, $commaPosition + 1);
+		$data = base64_decode($base64string);
+		file_put_contents($finalDestination, $data);
+	}
+
+	public function getFullPath($destination)
+	{
+		return $this->dataDirectory . DIRECTORY_SEPARATOR . $destination;
+	}
+}
diff --git a/src/Services/ThumbnailGenerators/IThumbnailGenerator.php b/src/Services/ThumbnailGenerators/IThumbnailGenerator.php
new file mode 100644
index 00000000..3a317c09
--- /dev/null
+++ b/src/Services/ThumbnailGenerators/IThumbnailGenerator.php
@@ -0,0 +1,7 @@
+<?php
+namespace Szurubooru\Services\ThumbnailGenerators;
+
+interface IThumbnailGenerator
+{
+	public function generateFromFile($srcPath, $dstPath, $width, $height);
+}
diff --git a/src/Services/ThumbnailGenerators/ImageGdThumbnailGenerator.php b/src/Services/ThumbnailGenerators/ImageGdThumbnailGenerator.php
new file mode 100644
index 00000000..506d029a
--- /dev/null
+++ b/src/Services/ThumbnailGenerators/ImageGdThumbnailGenerator.php
@@ -0,0 +1,98 @@
+<?php
+namespace Szurubooru\Services\ThumbnailGenerators;
+
+class ImageGdThumbnailGenerator implements IThumbnailGenerator
+{
+	private $config;
+
+	public function __construct(\Szurubooru\Config $config)
+	{
+		$this->config = $config;
+	}
+
+	public function generateFromFile($srcPath, $dstPath, $width, $height)
+	{
+		if (!file_exists($srcPath))
+			throw new \InvalidArgumentException($srcPath . ' does not exist');
+
+		$mime = mime_content_type($srcPath);
+
+		switch ($mime)
+		{
+			case 'image/jpeg':
+				$srcImage = imagecreatefromjpeg($srcPath);
+				break;
+
+			case 'image/png':
+				$srcImage = imagecreatefrompng($srcPath);
+				break;
+
+			case 'image/gif':
+				$srcImage = imagecreatefromgif($srcPath);
+				break;
+
+			default:
+				throw new \Exception('Invalid thumbnail image type');
+		}
+
+		switch ($this->config->misc->thumbnailCropStyle)
+		{
+			case 'outside':
+				$dstImage = $this->cropOutside($srcImage, $width, $height);
+				break;
+			case 'inside':
+				$dstImage = $this->cropInside($srcImage, $width, $height);
+				break;
+			default:
+				throw new \Exception('Unknown thumbnail crop style');
+		}
+
+		imagejpeg($dstImage, $dstPath);
+		imagedestroy($srcImage);
+		imagedestroy($dstImage);
+	}
+
+	private function cropOutside($srcImage, $dstWidth, $dstHeight)
+	{
+		$srcWidth = imagesx($srcImage);
+		$srcHeight = imagesy($srcImage);
+
+		if (($dstHeight / $dstWidth) > ($srcHeight / $srcWidth))
+		{
+			$h = $srcHeight;
+			$w = $h * $dstWidth / $dstHeight;
+		}
+		else
+		{
+			$w = $srcWidth;
+			$h = $w * $dstHeight / $dstWidth;
+		}
+		$x = ($srcWidth - $w) / 2;
+		$y = ($srcHeight - $h) / 2;
+
+		$dstImage = imagecreatetruecolor($dstWidth, $dstHeight);
+		imagecopyresampled($dstImage, $srcImage, 0, 0, $x, $y, $dstWidth, $dstHeight, $w, $h);
+		return $dstImage;
+	}
+
+	private function cropInside($srcImage, $dstWidth, $dstHeight)
+	{
+		$srcWidth = imagesx($srcImage);
+		$srcHeight = imagesy($srcImage);
+
+		if (($dstHeight / $dstWidth) < ($srcHeight / $srcWidth))
+		{
+			$h = $dstHeight;
+			$w = $h * $srcWidth / $srcHeight;
+		}
+		else
+		{
+			$w = $dstWidth;
+			$h = $w * $srcHeight / $srcWidth;
+		}
+
+		$dstImage = imagecreatetruecolor($w, $h);
+		imagecopyresampled($dstImage, $srcImage, 0, 0, 0, 0, $w, $h, $srcWidth, $srcHeight);
+		return $dstImage;
+	}
+}
diff --git a/src/Services/ThumbnailGenerators/ImageImagickThumbnailGenerator.php b/src/Services/ThumbnailGenerators/ImageImagickThumbnailGenerator.php
new file mode 100644
index 00000000..fe247072
--- /dev/null
+++ b/src/Services/ThumbnailGenerators/ImageImagickThumbnailGenerator.php
@@ -0,0 +1,78 @@
+<?php
+namespace Szurubooru\Services\ThumbnailGenerators;
+
+class ImageImagickThumbnailGenerator implements IThumbnailGenerator
+{
+	private $config;
+
+	public function __construct(\Szurubooru\Config $config)
+	{
+		$this->config = $config;
+	}
+
+	public function generateFromFile($srcPath, $dstPath, $width, $height)
+	{
+		if (!file_exists($srcPath))
+			throw new \InvalidArgumentException($srcPath . ' does not exist');
+
+		$image = new \Imagick($srcPath);
+		$image = $image->coalesceImages();
+
+		switch ($this->config->misc->thumbnailCropStyle)
+		{
+			case 'outside':
+				$this->cropOutside($image, $width, $height);
+				break;
+			case 'inside':
+				$this->cropInside($image, $width, $height);
+				break;
+			default:
+				throw new \Exception('Unknown thumbnail crop style');
+		}
+
+		$image->writeImage($dstPath);
+		$image->destroy();
+	}
+
+	private function cropOutside($srcImage, $dstWidth, $dstHeight)
+	{
+		$srcWidth = $srcImage->getImageWidth();
+		$srcHeight = $srcImage->getImageHeight();
+
+		if (($dstHeight / $dstWidth) > ($srcHeight / $srcWidth))
+		{
+			$h = $dstHeight;
+			$w = $h * $srcWidth / $srcHeight;
+		}
+		else
+		{
+			$w = $dstWidth;
+			$h = $w * $srcHeight / $srcWidth;
+		}
+		$x = ($srcWidth - $w) / 2;
+		$y = ($srcHeight - $h) / 2;
+
+		$srcImage->resizeImage($w, $h, \imagick::FILTER_LANCZOS, 0.9);
+		$srcImage->cropImage($dstWidth, $dstHeight, ($w - $dstWidth) >> 1, ($h - $dstHeight) >> 1);
+		$srcImage->setImagePage(0, 0, 0, 0);
+	}
+
+	private function cropInside($srcImage, $dstWidth, $dstHeight)
+	{
+		$srcWidth = $srcImage->getImageWidth();
+		$srcHeight = $srcImage->getImageHeight();
+
+		if (($dstHeight / $dstWidth) < ($srcHeight / $srcWidth))
+		{
+			$h = $dstHeight;
+			$w = $h * $srcWidth / $srcHeight;
+		}
+		else
+		{
+			$w = $dstWidth;
+			$h = $w * $srcHeight / $srcWidth;
+		}
+
+		$srcImage->resizeImage($w, $h, \imagick::FILTER_LANCZOS, 0.9);
+	}
+}
diff --git a/src/Services/ThumbnailGenerators/ImageThumbnailGenerator.php b/src/Services/ThumbnailGenerators/ImageThumbnailGenerator.php
new file mode 100644
index 00000000..c8eff9b2
--- /dev/null
+++ b/src/Services/ThumbnailGenerators/ImageThumbnailGenerator.php
@@ -0,0 +1,28 @@
+<?php
+namespace Szurubooru\Services\ThumbnailGenerators;
+
+class ImageThumbnailGenerator implements IThumbnailGenerator
+{
+	private $imageImagickThumbnailGenerator;
+	private $imageGdThumbnailGenerator;
+
+	public function __construct(
+		ImageImagickThumbnailGenerator $imageImagickThumbnailGenerator,
+		ImageGdThumbnailGenerator $imageGdThumbnailGenerator)
+	{
+		$this->imageImagickThumbnailGenerator = $imageImagickThumbnailGenerator;
+		$this->imageGdThumbnailGenerator = $imageGdThumbnailGenerator;
+	}
+
+	public function generateFromFile($srcPath, $dstPath, $width, $height)
+	{
+		if (extension_loaded('imagick'))
+			$strategy = $this->imageImagickThumbnailGenerator;
+		elseif (extension_loaded('gd'))
+			$strategy = $this->imageGdThumbnailGenerator;
+		else
+			throw new \Exception('Both imagick and gd extensions are disabled');
+
+		return $strategy->generateFromFile($srcPath, $dstPath, $width, $height);
+	}
+}
diff --git a/src/Services/ThumbnailService.php b/src/Services/ThumbnailService.php
new file mode 100644
index 00000000..52dda27b
--- /dev/null
+++ b/src/Services/ThumbnailService.php
@@ -0,0 +1,30 @@
+<?php
+namespace Szurubooru\Services;
+
+class ThumbnailService
+{
+	private $fileService;
+	private $thumbnailGenerator;
+
+	public function __construct(
+		FileService $fileService,
+		ThumbnailGenerators\SmartThumbnailGenerator $thumbnailGenerator)
+	{
+		$this->fileService = $fileService;
+		$this->thumbnailGenerator = $thumbnailGenerator;
+	}
+
+	public function generateFromFile($source, $width, $height)
+	{
+		$target = $source . '-thumb' . $width . 'x' . $height . '.jpg';
+
+		if (!$this->fileService->exists($target))
+		{
+			$fullSource = $this->fileService->getFullPath($source);
+			$fullTarget = $this->fileService->getFullPath($target);
+			$this->thumbnailGenerator->generateFromFile($fullSource, $fullTarget, $width, $height);
+		}
+
+		return $target;
+	}
+}
diff --git a/src/Services/UserService.php b/src/Services/UserService.php
index e1777530..270ced9a 100644
--- a/src/Services/UserService.php
+++ b/src/Services/UserService.php
@@ -9,6 +9,7 @@ class UserService
 	private $userSearchService;
 	private $passwordService;
 	private $emailService;
+	private $fileService;
 	private $timeService;
 
 	public function __construct(
@@ -18,6 +19,7 @@ class UserService
 		\Szurubooru\Dao\Services\UserSearchService $userSearchService,
 		\Szurubooru\Services\PasswordService $passwordService,
 		\Szurubooru\Services\EmailService $emailService,
+		\Szurubooru\Services\FileService $fileService,
 		\Szurubooru\Services\TimeService $timeService)
 	{
 		$this->config = $config;
@@ -26,6 +28,7 @@ class UserService
 		$this->userSearchService = $userSearchService;
 		$this->passwordService = $passwordService;
 		$this->emailService = $emailService;
+		$this->fileService = $fileService;
 		$this->timeService = $timeService;
 	}
 
@@ -42,17 +45,17 @@ class UserService
 		return $this->userSearchService->getFiltered($searchFilter);
 	}
 
-	public function register(\Szurubooru\FormData\RegistrationFormData $formData)
+	public function createUser(\Szurubooru\FormData\RegistrationFormData $formData)
 	{
-		$this->validator->validateUserName($formData->name);
+		$this->validator->validateUserName($formData->userName);
 		$this->validator->validatePassword($formData->password);
 		$this->validator->validateEmail($formData->email);
 
-		if ($this->userDao->getByName($formData->name))
+		if ($this->userDao->getByName($formData->userName))
 			throw new \DomainException('User with this name already exists.');
 
 		$user = new \Szurubooru\Entities\User();
-		$user->name = $formData->name;
+		$user->name = $formData->userName;
 		$user->email = $formData->email;
 		$user->passwordHash = $this->passwordService->getHash($formData->password);
 		$user->accessRank = $this->userDao->hasAnyUsers()
@@ -60,15 +63,81 @@ class UserService
 			: \Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR;
 		$user->registrationTime = $this->timeService->getCurrentTime();
 		$user->lastLoginTime = null;
+		$user->avatarStyle = \Szurubooru\Entities\User::AVATAR_STYLE_GRAVATAR;
 
-		//todo: send activation mail if necessary
+		$this->sendActivationMailIfNeeded($user);
 
 		return $this->userDao->save($user);
 	}
 
-	public function deleteByName($name)
+	public function updateUser($userName, \Szurubooru\FormData\UserEditFormData $formData)
 	{
-		$this->userDao->deleteByName($name);
+		$user = $this->getByName($userName);
+		if (!$user)
+			throw new \InvalidArgumentException('User with name "' . $userName . '" was not found.');
+
+		if ($formData->avatarStyle !== null)
+		{
+			$user->avatarStyle = \Szurubooru\Helpers\EnumHelper::avatarStyleFromString($formData->avatarStyle);
+			if ($formData->avatarContent)
+				$this->fileService->saveFromBase64($formData->avatarContent, $this->getCustomAvatarSourcePath($user));
+		}
+
+		if ($formData->userName !== null and $formData->userName != $user->name)
+		{
+			$this->validator->validateUserName($formData->userName);
+			if ($this->userDao->getByName($formData->userName))
+				throw new \DomainException('User with this name already exists.');
+
+			$user->name = $formData->userName;
+		}
+
+		if ($formData->password !== null)
+		{
+			$this->validator->validatePassword($formData->password);
+			$user->passwordHash = $this->passwordService->getHash($formData->password);
+		}
+
+		if ($formData->email !== null)
+		{
+			$this->validator->validateEmail($formData->email);
+			$user->email = $formData->email;
+		}
+
+		if ($formData->accessRank !== null)
+		{
+			$user->accessRank = \Szurubooru\Helpers\EnumHelper::accessRankFromString($formData->accessRank);
+		}
+
+		if ($formData->email !== null)
+			$this->sendActivationMailIfNeeded($user);
+
+		return $this->userDao->save($user);
+	}
+
+	public function deleteUserByName($userName)
+	{
+		$user = $this->getByName($userName);
+		if (!$user)
+			throw new \InvalidArgumentException('User with name "' . $userName . '" was not found.');
+
+		$this->userDao->deleteByName($userName);
+		$this->fileService->delete($this->getCustomAvatarSourcePath($user));
 		return true;
 	}
+
+	public function getCustomAvatarSourcePath($user)
+	{
+		return 'avatars' . DIRECTORY_SEPARATOR . $user->id;
+	}
+
+	public function getBlankAvatarSourcePath()
+	{
+		return 'avatars' . DIRECTORY_SEPARATOR . 'blank.png';
+	}
+
+	private function sendActivationMailIfNeeded(\Szurubooru\Entities\User &$user)
+	{
+		//todo
+	}
 }
diff --git a/src/di.php b/src/di.php
index 290e8ce7..9e830bf1 100644
--- a/src/di.php
+++ b/src/di.php
@@ -1,8 +1,11 @@
 <?php
+$dataDirectory = __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'data';
 return [
 	\Szurubooru\Config::class => DI\object()->constructor([
-		__DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'config.ini',
-		__DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'local.ini']),
+		$dataDirectory . DIRECTORY_SEPARATOR . 'config.ini',
+		$dataDirectory . DIRECTORY_SEPARATOR . 'local.ini']),
+
+	\Szurubooru\Services\FileService::class => DI\object()->constructor($dataDirectory),
 
 	\Szurubooru\ControllerRepository::class => DI\object()->constructor(DI\link('controllers')),
 
@@ -10,6 +13,7 @@ return [
 		return [
 			$c->get(\Szurubooru\Controllers\AuthController::class),
 			$c->get(\Szurubooru\Controllers\UserController::class),
+			$c->get(\Szurubooru\Controllers\UserAvatarController::class),
 		];
 	}),
 ];
diff --git a/tests/AbstractTestCase.php b/tests/AbstractTestCase.php
index 9a537fa5..0589a432 100644
--- a/tests/AbstractTestCase.php
+++ b/tests/AbstractTestCase.php
@@ -12,6 +12,23 @@ abstract class AbstractTestCase extends \PHPUnit_Framework_TestCase
 	{
 		return new ConfigMock();
 	}
+
+	public function getTestDirectory()
+	{
+		return __DIR__ . DIRECTORY_SEPARATOR . 'files';
+	}
+
+	protected function tearDown()
+	{
+		$this->cleanTestDirectory();
+	}
+
+	private function cleanTestDirectory()
+	{
+		foreach (scandir($this->getTestDirectory()) as $fn)
+			if ($fn{0} != '.')
+				unlink($this->getTestDirectory() . DIRECTORY_SEPARATOR . $fn);
+	}
 }
 
 date_default_timezone_set('UTC');
diff --git a/tests/Services/FileServiceTest.php b/tests/Services/FileServiceTest.php
new file mode 100644
index 00000000..e4dd7173
--- /dev/null
+++ b/tests/Services/FileServiceTest.php
@@ -0,0 +1,16 @@
+<?php
+namespace Szurubooru\Tests\Services;
+
+class FileServiceTest extends \Szurubooru\Tests\AbstractTestCase
+{
+	public function testSaving()
+	{
+		$httpHelper = $this->mock( \Szurubooru\Helpers\HttpHelper::class);
+		$fileService = new \Szurubooru\Services\FileService($this->getTestDirectory(), $httpHelper);
+		$input = 'data:text/plain,YXdlc29tZSBkb2c=';
+		$fileService->saveFromBase64($input, 'dog.txt');
+		$expected = 'awesome dog';
+		$actual = file_get_contents($this->getTestDirectory() . DIRECTORY_SEPARATOR . 'dog.txt');
+		$this->assertEquals($expected, $actual);
+	}
+}
diff --git a/tests/Services/UserServiceTest.php b/tests/Services/UserServiceTest.php
index 1a83a1db..9137c53a 100644
--- a/tests/Services/UserServiceTest.php
+++ b/tests/Services/UserServiceTest.php
@@ -9,6 +9,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 	private $userSearchServiceMock;
 	private $passwordServiceMock;
 	private $emailServiceMock;
+	private $fileServiceMock;
 	private $timeServiceMock;
 
 	public function setUp()
@@ -19,6 +20,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 		$this->userSearchService = $this->mock(\Szurubooru\Dao\Services\UserSearchService::class);
 		$this->passwordServiceMock = $this->mock(\Szurubooru\Services\PasswordService::class);
 		$this->emailServiceMock = $this->mock(\Szurubooru\Services\EmailService::class);
+		$this->fileServiceMock = $this->mock(\Szurubooru\Services\FileService::class);
 		$this->timeServiceMock = $this->mock(\Szurubooru\Services\TimeService::class);
 	}
 
@@ -43,7 +45,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 	public function testValidRegistration()
 	{
 		$formData = new \Szurubooru\FormData\RegistrationFormData;
-		$formData->name = 'user';
+		$formData->userName = 'user';
 		$formData->password = 'password';
 		$formData->email = 'email';
 
@@ -53,7 +55,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 		$this->userDaoMock->method('save')->will($this->returnArgument(0));
 
 		$userService = $this->getUserService();
-		$savedUser = $userService->register($formData);
+		$savedUser = $userService->createUser($formData);
 
 		$this->assertEquals('user', $savedUser->name);
 		$this->assertEquals('email', $savedUser->email);
@@ -65,7 +67,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 	public function testAccessRankOfFirstUser()
 	{
 		$formData = new \Szurubooru\FormData\RegistrationFormData;
-		$formData->name = 'user';
+		$formData->userName = 'user';
 		$formData->password = 'password';
 		$formData->email = 'email';
 
@@ -73,7 +75,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 		$this->userDaoMock->method('save')->will($this->returnArgument(0));
 
 		$userService = $this->getUserService();
-		$savedUser = $userService->register($formData);
+		$savedUser = $userService->createUser($formData);
 
 		$this->assertEquals(\Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR, $savedUser->accessRank);
 	}
@@ -81,7 +83,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 	public function testRegistrationWhenUserExists()
 	{
 		$formData = new \Szurubooru\FormData\RegistrationFormData;
-		$formData->name = 'user';
+		$formData->userName = 'user';
 		$formData->password = 'password';
 		$formData->email = 'email';
 
@@ -92,7 +94,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 		$userService = $this->getUserService();
 
 		$this->setExpectedException(\Exception::class, 'User with this name already exists');
-		$savedUser = $userService->register($formData);
+		$savedUser = $userService->createUser($formData);
 	}
 
 	private function getUserService()
@@ -104,6 +106,7 @@ final class UserServiceTest extends \Szurubooru\Tests\AbstractTestCase
 			$this->userSearchService,
 			$this->passwordServiceMock,
 			$this->emailServiceMock,
+			$this->fileServiceMock,
 			$this->timeServiceMock);
 	}
 }
diff --git a/tests/files/.gitignore b/tests/files/.gitignore
new file mode 100644
index 00000000..d6b7ef32
--- /dev/null
+++ b/tests/files/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore