diff --git a/controllers/UsersController.inc b/controllers/UsersController.inc
index 70ab8904..03b9c4c0 100644
--- a/controllers/UsersController.inc
+++ b/controllers/UsersController.inc
@@ -28,7 +28,7 @@
 			'index' => array('admin', 'moderator'),
 			'user' => array('admin', 'moderator', 'user'),
 			'create' => array('admin', 'moderator'),
-			'edit' => array('admin', 'moderator'),
+			'edit' => array('admin', 'moderator', 'user'),
 			'delete' => array('admin')
 		);
 		/**
@@ -245,21 +245,61 @@
 		 */
 		public function create()
 		{
+			// Values
+			$username = '';
+			$prename = '';
+			$surname = '';
+			$email = '';
+			$fields = array('username', 'prename', 'surname', 'email', 'password');
+			$validation = array();
+			
+			// Create new user
 			if($this->request->getRequestMethod() == 'POST' && !is_null($this->request->getPostParam('create')))
 			{
-				// Create new user
-				$userId = $this->Users->createUser(
-					$this->request->getPostParam('username'),
-					$this->request->getPostParam('prename'),
-					$this->request->getPostParam('surname'),
-					$this->request->getPostParam('email'),
-					$this->request->getPostParam('password')
-				);
+				// Get params and validate them
+				$validation = $this->Validation->validateParams($this->request->getPostParams(), $fields);
+				$username = $this->request->getPostParam('username');
+				if($this->Users->usernameExists($username)) {
+					$validation = $this->Validation->addValidationResult($validation, 'username', 'exist', true);
+				}
+				$prename = $this->request->getPostParam('prename');
+				$surname = $this->request->getPostParam('surname');
+				$email = $this->request->getPostParam('email');
+				if($this->Users->emailExists($email)) {
+					$validation = $this->Validation->addValidationResult($validation, 'email', 'exist', true);
+				}
 				
-				// Redirect to user
-				$user = $this->Users->getUserById($userId);
-				$this->redirect($this->linker->link(array($user['url']), 1));
+				// Create
+				if($validation === true)
+				{
+					$userId = $this->Users->createUser(
+						$this->request->getPostParam('username'),
+						$this->request->getPostParam('prename'),
+						$this->request->getPostParam('surname'),
+						$this->request->getPostParam('email'),
+						$this->request->getPostParam('password')
+					);
+				
+					// Redirect to user
+					$user = $this->Users->getUserById($userId);
+					$this->redirect($this->linker->link(array($user['url']), 1));
+				}
 			}
+			
+			// Get validation settings
+			$validationSettings = array();
+			foreach($fields as &$field) {
+				$validationSettings[$field] = \nre\configs\AppConfig::$validation[$field];
+			}
+			
+			
+			// Pass data to view
+			$this->set('username', $username);
+			$this->set('prename', $prename);
+			$this->set('surname', $surname);
+			$this->set('email', $email);
+			$this->set('validation', $validation);
+			$this->set('validationSettings', $validationSettings);
 		}
 		
 		
@@ -276,32 +316,77 @@
 			// User
 			$user = $this->Users->getUserByUrl($userUrl);
 			
-			// Check request method
-			if($this->request->getRequestMethod() == 'POST')
+			// Check permissions
+			if(count(array_intersect(array('admin','moderator'), \hhu\z\controllers\IntermediateController::$user['roles'])) == 0 && $user['id'] != \hhu\z\controllers\IntermediateController::$user['id']) {
+				throw new \nre\exceptions\AccessDeniedException();
+			}
+			
+			// Values
+			$username = $user['username'];
+			$prename = $user['prename'];
+			$surname = $user['surname'];
+			$email = $user['email'];
+			$fields = array('username', 'prename', 'surname', 'email');
+			$validation = array();
+			
+			// Edit user
+			if($this->request->getRequestMethod() == 'POST' && !is_null($this->request->getPostParam('save')))
 			{
+				// Get params and validate them
+				$validation = $this->Validation->validateParams($this->request->getPostParams(), $fields);
+				$username = $this->request->getPostParam('username');
+				if($this->Users->usernameExists($username, $user['id'])) {
+					$validation = $this->Validation->addValidationResult($validation, 'username', 'exist', true);
+				}
+				if(!empty($this->request->getPostParam('password'))) {
+					$validation = $this->Validation->addValidationResults($validation,
+						'password',
+						$this->Validation->validateParam(
+							$this->request->getPostParams(),
+							'password'
+						)
+					);
+				}
+				$prename = $this->request->getPostParam('prename');
+				$surname = $this->request->getPostParam('surname');
+				$email = $this->request->getPostParam('email');
+				if($this->Users->emailExists($email, $user['id'])) {
+					$validation = $this->Validation->addValidationResult($validation, 'email', 'exist', true);
+				}
+				
 				// Save changes
-				if(!is_null($this->request->getPostParam('save')))
+				if($validation === true)
 				{
 					// Edit user
 					$this->Users->editUser(
 						$user['id'],
-						$this->request->getPostParam('username'),
+						(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0) ? $this->request->getPostParam('username') : $user['username'],
 						$this->request->getPostParam('prename'),
 						$this->request->getPostParam('surname'),
 						$this->request->getPostParam('email'),
 						$this->request->getPostParam('password')
 					);
+					
+					// Redirect to entry
 					$user = $this->Users->getUserById($user['id']);
+					$this->redirect($this->linker->link(array('user', $user['url']), 1));
 				}
-				
-				
-				// Redirect to entry
-				$this->redirect($this->linker->link(array($user['url']), 1));
+			}
+			
+			// Get validation settings
+			$validationSettings = array();
+			foreach($fields as &$field) {
+				$validationSettings[$field] = \nre\configs\AppConfig::$validation[$field];
 			}
 			
 			
 			// Pass data to view
-			$this->set('user', $user);
+			$this->set('username', $username);
+			$this->set('prename', $prename);
+			$this->set('surname', $surname);
+			$this->set('email', $email);
+			$this->set('validation', $validation);
+			$this->set('validationSettings', $validationSettings);
 		}
 		
 		
diff --git a/models/UsersModel.inc b/models/UsersModel.inc
index d2a69003..2181586a 100644
--- a/models/UsersModel.inc
+++ b/models/UsersModel.inc
@@ -149,24 +149,22 @@
 		 * Check if an username already exists.
 		 * 
 		 * @param	string	$username	Username to check
+		 * @param	int	$userId		Do not check this ID (for editing)
 		 * @return	boolean			Whether username exists or not
 		 */
-		public function usernameExists($username)
+		public function usernameExists($username, $userId=null)
 		{
 			$data = $this->db->query(
-				'SELECT count(id) AS c '.
+				'SELECT id '.
 				'FROM users '.
 				'WHERE username = ? OR url = ?',
 				'ss',
 				$username,
 				\nre\core\Linker::createLinkParam($username)
 			);
-			if(!empty($data)) {
-				return ($data[0]['c'] > 0);
-			}
 			
 			
-			return false;
+			return (!empty($data) && (is_null($userId) || $userId != $data[0]['id']));
 		}
 		
 		
@@ -174,23 +172,21 @@
 		 * Check if an e‑mail address already exists.
 		 * 
 		 * @param	string	$email	E‑mail address to check
+		 * @param	int	$userId	Do not check this ID (for editing)
 		 * @return	boolean		Whether e‑mail address exists or not
 		 */
-		public function emailExists($email)
+		public function emailExists($email, $userId=null)
 		{
 			$data = $this->db->query(
-				'SELECT count(id) AS c '.
+				'SELECT id '.
 				'FROM users '.
 				'WHERE email = ?',
 				's',
 				$email
 			);
-			if(!empty($data)) {
-				return ($data[0]['c'] > 0);
-			}
 			
 			
-			return false;
+			return (!empty($data) && (is_null($userId) || $userId != $data[0]['id']));
 		}
 		
 		
diff --git a/views/html/users/create.tpl b/views/html/users/create.tpl
index ba7baed6..590dff3b 100644
--- a/views/html/users/create.tpl
+++ b/views/html/users/create.tpl
@@ -1,21 +1,97 @@
 <div class="moodpic">
 	<img src="<?=$linker->link(array('grafics','questlab.jpg'))?>" />
 </div>
-<h1><?=_('Users')?></h1>
-<h2><?=_('New user')?></h2>
+<ul class="breadcrumbs">
+	<li><a href="<?=$linker->link('index',1)?>"><?=_('Users')?></a></li>
+</ul>
 
-<form method="post" action="<?=$linker->link('create', 1)?>" class="logreg">
+<h1><?=_('New user')?></h1>
+<?php if($validation !== true) : ?>
+<ul>
+	<?php foreach($validation as $field => &$settings) : ?>
+	<li>
+		<ul>
+			<?php foreach($settings as $setting => $value) : ?>
+			<li>
+				<?php switch($field) {
+					case 'username':
+						switch($setting) {
+							case 'minlength': printf(_('Username is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Username is too long (max. %d chars)'), $value);
+							break;
+							case 'regex': echo _('Username contains illegal characters');
+							break;
+							case 'exist': echo _('Username already exists');
+							break;
+							default: echo _('Username invalid');
+						}
+					break;
+					case 'prename':
+						switch($setting) {
+							case 'minlength': printf(_('Prename is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Prename is too long (max. %d chars)'), $value);
+							break;
+							case 'regex': printf(_('Prename contains illegal characters'));
+							break;
+							default: echo _('Prename invalid');
+						}
+					break;
+					case 'surname':
+						switch($setting) {
+							case 'minlength': printf(_('Surname is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Surname is too long (max. %d chars)'), $value);
+							break;
+							case 'regex': printf(_('Surname contains illegal characters'));
+							break;
+							default: echo _('Surname invalid');
+						}
+					break;
+					case 'email':
+						switch($setting) {
+							case 'regex': echo _('E‑mail address invalid');
+							break;
+							case 'exist': echo _('E‑mail address already exists');
+							break;
+							default: echo _('E‑mail address invalid');
+						}
+					break;
+					case 'password':
+						switch($setting) {
+							case 'minlength': printf(_('Password is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Password is too long (max. %d chars)'), $value);
+							break;
+							default: echo _('Password invalid');
+						}
+					break;
+					default:
+						echo $exception->getMessage();
+					break;
+				} ?>
+			</li>
+			<?php endforeach ?>
+		</ul>
+	</li>
+	<?php endforeach ?>
+</ul>
+<?php endif ?>
+<form method="post" class="logreg">
 	<fieldset>
+		<fieldset>
 		<label for="username"><?=_('Username')?>:</label>
-		<input type="text" name="username" placeholder="<?=_('Username')?>" /><br />
+		<input name="username" type="text" placeholder="<?=_('Username')?>" title="<?=_('Username')?>" required="required" maxlength="<?=$validationSettings['username']['maxlength']?>" value="<?=$username?>" <?=(array_key_exists('username', $validation)) ? 'class="invalid"' : null?> /><br />
 		<label for="prename"><?=_('Prename')?>:</label>
-		<input name="prename" type="text" placeholder="<?=_('Prename')?>" /><br />
+		<input name="prename" type="text" placeholder="<?=_('Prename')?>" title="<?=_('Prename')?>" required="required" maxlength="<?=$validationSettings['prename']['maxlength']?>" value="<?=$prename?>" <?=(array_key_exists('prename', $validation)) ? 'class="invalid"' : null?> /><br />
 		<label for="surname"><?=_('Surname')?>:</label>
-		<input name="surname" type="text" placeholder="<?=_('Surname')?>" /><br />
+		<input name="surname" type="text" placeholder="<?=_('Surname')?>" title="<?=_('Surname')?>" required="required" maxlength="<?=$validationSettings['surname']['maxlength']?>" value="<?=$surname?>" <?=(array_key_exists('surname', $validation)) ? 'class="invalid"' : null?> /><br />
 		<label for="email"><?=_('E‑mail address')?>:</label>
-		<input type="email" name="email" placeholder="<?=_('E‑mail address')?>" /><br />
+		<input name="email" type="email" placeholder="<?=_('E‑mail address')?>" title="<?=_('E‑mail address')?>" required="required" value="<?=$email?>" <?=(array_key_exists('email', $validation)) ? 'class="invalid"' : null?> /><br />
 		<label for="password"><?=_('Password')?>:</label>
-		<input type="password" name="password" placeholder="<?=_('Password')?>" /><br />
+		<input name="password" type="password" placeholder="<?=_('Password')?>" title="<?=_('Password')?>" required="required" maxlength="<?=$validationSettings['password']['maxlength']?>" <?=(array_key_exists('password', $validation)) ? 'class="invalid"' : null?> /><br />
+	</fieldset>
 	</fieldset>
 	<input type="submit" name="create" value="<?=_('create')?>" />
 </form>
diff --git a/views/html/users/delete.tpl b/views/html/users/delete.tpl
index af0631b7..ca28f4fc 100644
--- a/views/html/users/delete.tpl
+++ b/views/html/users/delete.tpl
@@ -1,9 +1,11 @@
 <div class="moodpic">
 	<img src="<?=$linker->link(array('grafics','questlab.jpg'))?>" />
 </div>
-<h1><?=_('Users')?></h1>
-<h2><?=_('Delete user')?></h2>
+<ul class="breadcrumbs">
+	<li><a href="<?=$linker->link('index',1)?>"><?=_('Users')?></a></li>
+</ul>
 
+<h1><?=_('Delete user')?></h1>
 <?=sprintf(_('Should the user “%s” (%s) really be deleted?'), $user['username'], $user['email'])?>
 <form method="post">
 	<input type="submit" name="delete" value="<?=_('delete')?>" />
diff --git a/views/html/users/edit.tpl b/views/html/users/edit.tpl
index 6d25f014..7a6bf041 100644
--- a/views/html/users/edit.tpl
+++ b/views/html/users/edit.tpl
@@ -1,20 +1,104 @@
 <div class="moodpic">
 	<img src="<?=$linker->link(array('grafics','questlab.jpg'))?>" />
 </div>
-<h1><?=_('Users')?></h1>
-<h2><?=_('Edit user')?></h2>
+<ul class="breadcrumbs">
+	<?php if(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0) : ?>
+	<li><a href="<?=$linker->link('index',1)?>"><?=_('Users')?></a></li>
+	<?php else : ?>
+	<li><?=_('Users')?></li>
+	<?php endif ?>
+</ul>
 
+<h1><?=_('Edit user')?></h1>
+<?php if($validation !== true) : ?>
+<ul>
+	<?php foreach($validation as $field => &$settings) : ?>
+	<li>
+		<ul>
+			<?php foreach($settings as $setting => $value) : ?>
+			<li>
+				<?php switch($field) {
+					case 'username':
+						switch($setting) {
+							case 'minlength': printf(_('Username is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Username is too long (max. %d chars)'), $value);
+							break;
+							case 'regex': echo _('Username contains illegal characters');
+							break;
+							case 'exist': echo _('Username already exists');
+							break;
+							default: echo _('Username invalid');
+						}
+					break;
+					case 'prename':
+						switch($setting) {
+							case 'minlength': printf(_('Prename is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Prename is too long (max. %d chars)'), $value);
+							break;
+							case 'regex': printf(_('Prename contains illegal characters'));
+							break;
+							default: echo _('Prename invalid');
+						}
+					break;
+					case 'surname':
+						switch($setting) {
+							case 'minlength': printf(_('Surname is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Surname is too long (max. %d chars)'), $value);
+							break;
+							case 'regex': printf(_('Surname contains illegal characters'));
+							break;
+							default: echo _('Surname invalid');
+						}
+					break;
+					case 'email':
+						switch($setting) {
+							case 'regex': echo _('E‑mail address invalid');
+							break;
+							case 'exist': echo _('E‑mail address already exists');
+							break;
+							default: echo _('E‑mail address invalid');
+						}
+					break;
+					case 'password':
+						switch($setting) {
+							case 'minlength': printf(_('Password is too short (min. %d chars)'), $value);
+							break;
+							case 'maxlength': printf(_('Password is too long (max. %d chars)'), $value);
+							break;
+							default: echo _('Password invalid');
+						}
+					break;
+					default:
+						echo $exception->getMessage();
+					break;
+				} ?>
+			</li>
+			<?php endforeach ?>
+		</ul>
+	</li>
+	<?php endforeach ?>
+</ul>
+<?php endif ?>
 <form method="post" class="logreg">
 	<fieldset>
 		<label for="username"><?=_('Username')?>:</label>
-		<input type="text" name="username" placeholder="<?=_('Username')?>" value="<?=$user['username']?>" /><br />
-		<label for="prename"><?=_('Prename')?>:</label>		<input name="prename" type="text" placeholder="<?=_('Prename')?>" value="<?=$user['prename']?>" /><br />
+		<?php if(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0) : ?>
+		<input name="username" type="text" placeholder="<?=_('Username')?>" title="<?=_('Username')?>" value="<?=$username?>" required="required" maxlength="<?=$validationSettings['username']['maxlength']?>" <?=(array_key_exists('username', $validation)) ? 'class="invalid"' : null ?> />
+		<?php else : ?>
+		<input name="username" type="text" placeholder="<?=_('Username')?>" title="<?=_('Username')?>" value="<?=$username?>" disabled="disabled" />
+		<input type="hidden" name="username" value="<?=$username?>" />
+		<?php endif ?><br />
+		<label for="prename"><?=_('Prename')?>:</label>
+		<input name="prename" type="text" placeholder="<?=_('Prename')?>" title="<?=_('Prename')?>" required="required" maxlength="<?=$validationSettings['prename']['maxlength']?>" value="<?=$prename?>" <?=(array_key_exists('prename', $validation)) ? 'class="invalid"' : null?> /><br />
 		<label for="surname"><?=_('Surname')?>:</label>
-		<input name="surname" type="text" placeholder="<?=_('Surname')?>" value="<?=$user['surname']?>" /><br />
+		<input name="surname" type="text" placeholder="<?=_('Surname')?>" title="<?=_('Surname')?>" required="required" maxlength="<?=$validationSettings['surname']['maxlength']?>" value="<?=$surname?>" <?=(array_key_exists('surname', $validation)) ? 'class="invalid"' : null?> /><br />
 		<label for="email"><?=_('E‑mail address')?>:</label>
-		<input type="email" name="email" placeholder="<?=_('E‑mail address')?>" value="<?=$user['email']?>" /><br />
+		<input name="email" type="email" placeholder="<?=_('E‑mail address')?>" title="<?=_('E‑mail address')?>" required="required" value="<?=$email?>" <?=(array_key_exists('email', $validation)) ? 'class="invalid"' : null?> /><br />
 		<label for="password"><?=_('Password')?>:</label>
-		<input type="password" name="password" placeholder="<?=_('Password')?>" /><br />
+		<input name="password" type="password" placeholder="<?=_('Password')?>" title="<?=_('Password')?>" maxlength="<?=$validationSettings['password']['maxlength']?>" <?=(array_key_exists('password', $validation)) ? 'class="invalid"' : null?> /><br />
 	</fieldset>
 	<input type="submit" name="save" value="<?=_('save')?>" />
 </form>
diff --git a/views/html/users/login.tpl b/views/html/users/login.tpl
index 7b88b50b..71b5fa4c 100644
--- a/views/html/users/login.tpl
+++ b/views/html/users/login.tpl
@@ -7,7 +7,7 @@
 <?php if($failed) : ?>
 <p class="invalid"><?=_('Login failed')?>.</p>
 <?php endif ?>
-<form method="post" action="<?=$linker->link(array(), 2)?>" class="logreg">
+<form method="post" class="logreg">
 	<fieldset>
 		<label for="username"><?=_('Username')?>:</label>
 		<input name="username" type="text" placeholder="<?=_('Username')?>" value="<?=$username?>" required="required" autofocus="autofocus" /><br />
diff --git a/views/html/users/register.tpl b/views/html/users/register.tpl
index 1b2b1db0..48fe6f47 100644
--- a/views/html/users/register.tpl
+++ b/views/html/users/register.tpl
@@ -1,9 +1,11 @@
 <div class="moodpic">
 	<img src="<?=$linker->link(array('grafics','questlab.jpg'))?>" />
 </div>
-<h1><?=_('Users')?></h1>
+<ul class="breadcrumbs">
+	<li><?=_('Users')?></li>
+</ul>
 
-<h2><?=_('Registration')?></h2>
+<h1><?=_('Registration')?></h1>
 <?php if($validation !== true) : ?>
 <ul>
 	<?php foreach($validation as $field => &$settings) : ?>
@@ -76,7 +78,7 @@
 	<?php endforeach ?>
 </ul>
 <?php endif ?>
-<form method="post" action="<?=$linker->link(array(), 2)?>" class="logreg">
+<form method="post" class="logreg">
 	<fieldset>
 		<label for="username"><?=_('Username')?>:</label>
 		<input name="username" type="text" placeholder="<?=_('Username')?>" title="<?=_('Username')?>" required="required" maxlength="<?=$validationSettings['username']['maxlength']?>" value="<?=$username?>" <?=(array_key_exists('username', $validation)) ? 'class="invalid"' : null?> /><br />
diff --git a/views/html/users/user.tpl b/views/html/users/user.tpl
index d3b8b5ad..31c4907b 100644
--- a/views/html/users/user.tpl
+++ b/views/html/users/user.tpl
@@ -1,14 +1,23 @@
 <div class="moodpic">
 	<img src="<?=$linker->link(array('grafics','questlab.jpg'))?>" />
 </div>
-<h1><?=_('Users')?></h1>
-<?php if(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0) : ?>
+<ul class="breadcrumbs">
+	<?php if(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0) : ?>
+	<li><a href="<?=$linker->link('index',1)?>"><?=_('Users')?></a></li>
+	<?php else : ?>
+	<li><?=_('Users')?></li>
+	<?php endif ?>
+</ul>
+
+<h1><?=$user['username']?></h1>
 <nav class="admin">
+	<?php if(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0 || $user['id'] == \hhu\z\controllers\IntermediateController::$user['id']) : ?>
 	<li><a href="<?=$linker->link('edit', 3)?>"><?=_('Edit user')?></a></li>
+	<?php endif ?>
+	<?php if(count(array_intersect(array('admin','moderator'),\hhu\z\controllers\IntermediateController::$user['roles'])) > 0) : ?>
 	<li><a href="<?=$linker->link('delete', 3)?>"><?=_('Delete user')?></a></li>
+	<?php endif ?>
 </nav>
-<?php endif ?>
-<h2><?=$user['username']?></h2>
 <p>
 	<?=sprintf(_('registered on %s'), $dateFormatter->format(new \DateTime($user['created'])))?><br />
 	<?=_('Name')?>: <?=$user['prename']?> <?=$user['surname']?><br />