diff --git a/Rocksolid_Light/common/changepw.php b/Rocksolid_Light/common/changepw.php
deleted file mode 100644
index 6f056ba..0000000
--- a/Rocksolid_Light/common/changepw.php
+++ /dev/null
@@ -1,140 +0,0 @@
-<?php
-
-include "config.inc.php";
-include "head.inc";
-
-$keyfile = $spooldir.'/keys.dat';
-$keys = unserialize(file_get_contents($keyfile));
-
-if((password_verify($keys[0],$_POST['key'])) || (password_verify($keys[1],$_POST['key']))) {
-  $auth_ok = true;
-} else {
-  $auth_ok = false;
-  unset($_POST['command']);
-}
-
-if(!isset($_POST['command']) || $_POST['command'] !== 'Change') {
-
-  echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
-  echo '<tr>';
-  echo '<form name="form1" method="post" action="changepw.php">';
-  echo '<td><tr>';
-  echo '<td colspan="3"><strong>Change Password </strong></td>';
-  echo '</tr><tr>';
-  echo '<td>Username:</td>';
-  echo '<td><input name="username" type="text" id="username"></td>';
-  echo '</tr><tr>';
-  echo '<td>Current Password:</td>';
-  echo '<td><input name="current" type="password" id="password"></td>';
-  echo '</tr><tr>';
-  echo '<td>New Password:</td>';
-  echo '<td><input name="password" type="password" id="password"></td>';
-  echo '</tr><tr>';
-  echo '<td>Re-enter Password:</td>';
-  echo '<td><input name="password2" type="password" id="password2"></td>';
-  echo '</tr><tr>';
-  echo '<td><input name="command" type="hidden" id="command" value="Change" readonly="readonly"></td>';
-  echo '</tr><tr>';
-  echo '<input name="key" type="hidden" value="'.password_hash($keys[0], PASSWORD_DEFAULT).'">';
-  echo '<td>&nbsp;</td>';
-  echo '<td><input type="submit" name="Submit" value="Change Password"></td>';
-  echo '</tr></td></form></tr></table>';
-  exit(0);
-}
-
-# $hostname: '{POPaddress:port/pop3}INBOX'
-$hostname = '{rocksolidbbs:110/pop3}INBOX';
-# $external: Using external POP auth?
-$external = 0;
-# $workpath: Where to cache users (must be writable by calling program)
-$workpath = $config_dir."users/";
-$keypath = $config_dir."userconfig/";
-
-$ok = FALSE;
-$command = "Login";
-
-$current = $_POST['current'];
-$username = $_POST['username'];
-$password = $_POST['password'];
-$command = $_POST['command'];
-
-echo '<center>';
-
-$thisusername = $username;
-$username = strtolower($username);
-$userFilename = $workpath.$username;
-$keyFilename = $keypath.$username;
-
-# Check all input
-if (empty($_POST['username'])) {
-  echo "Please enter a Username\r\n";
-  echo '<br /><a href="changepw.php">Back</a>';
-  exit(2);
-}
-
-if (!check_bbs_auth($username, $current)) {
-  echo "Failed to authenticate\r\n";
-  echo '<br /><a href="changepw.php">Back</a>';
-  exit(2);
-}
-
-if ($_POST['password'] !== $_POST['password2']) {
-  echo "Your passwords entered do not match\r\n";
-  echo '<br /><a href="changepw.php">Back</a>';
-  exit(2);
-}
-
-$ok=true;
-# User is authenticated or to be created. Either way, create the file
-if ($ok || ($command == "Change") )
-{
-    if ($userFileHandle = @fopen($userFilename, 'w+'))
-    {
-        fwrite($userFileHandle, password_hash($password, PASSWORD_DEFAULT));
-        fclose($userFileHandle);
-		chmod($userFilename, 0666);
-    }
-
-    echo "User:".$thisusername." Password changed\r\n";
-    echo '<br /><a href="../">Back</a>';
-    exit(0);
-} else {
-    echo "Authentication Failed\r\n";
-    exit(1);
-}
-
-function make_key($username) {
-    $key = openssl_random_pseudo_bytes(44);
-    return base64_encode($key);
-}
-
-function check_bbs_auth($username, $password) {
-  global $config_dir;
-  $workpath = $config_dir."users/";
-  $username = strtolower($username);
-  $userFilename = $workpath.$username;
-
-  if ($userFileHandle = @fopen($userFilename, 'r'))
-  {
-        $userFileInfo = fread($userFileHandle, filesize($userFilename));
-        fclose($userFileHandle);
-        if (password_verify ( $password , $userFileInfo))
-        {
-                touch($userFilename);
-                $ok = TRUE;
-        } else {
-                $ok = FALSE;
-        }
-  } else {
-        $ok = FALSE;
-  }
-  if ($ok)
-  {
-        return TRUE;
-  } else {
-        return FALSE;
-  }
-}
-?>
-</body>
-</html> 
diff --git a/Rocksolid_Light/common/register.php b/Rocksolid_Light/common/register.php
index ea7ef22..1267bb2 100644
--- a/Rocksolid_Light/common/register.php
+++ b/Rocksolid_Light/common/register.php
@@ -49,16 +49,16 @@ if (! isset($_POST['command'])) {
         echo '<td><tr>';
         echo '<td><strong>Register Username </strong></td>';
         echo '</tr><tr>';
-        echo '<td>Username:</td>';
+        echo '<td>Username: </td>';
         echo '<td><input name="username" type="text" id="username"value="' . $_POST['username'] . '" maxlength="30"></td>';
         echo '</tr><tr>';
-        echo '<td>Email:</td>';
+        echo '<td>Email: </td>';
         echo '<td><input name="user_email" type="text" id="user_email" value="' . $_POST['user_email'] . '"></td>';
         echo '</tr><tr>';
-        echo '<td>Password:</td>';
+        echo '<td>Password: </td>';
         echo '<td><input name="password" type="password" id="password"></td>';
         echo '</tr><tr>';
-        echo '<td>Re-enter Password:</td>';
+        echo '<td>Re-enter Password: </td>';
         echo '<td><input name="password2" type="password" id="password2"></td>';
         echo '</tr><tr>';
         echo '<td><img src="' . $captchaImage . '" /></td>';
@@ -72,7 +72,6 @@ if (! isset($_POST['command'])) {
         echo '<td>&nbsp;</td>';
         echo '<td><input type="submit" name="Submit" value="Create"></td>';
         echo '</tr>';
-        echo '<tr><td><a href="changepw.php">Change current password</a></td></tr>';
         echo '<tr><td>';
         echo '<td></td><td></td>';
         echo '</td></tr>';
diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php
index 000de9b..3394731 100644
--- a/Rocksolid_Light/spoolnews/user.php
+++ b/Rocksolid_Light/spoolnews/user.php
@@ -12,7 +12,7 @@ if (isset($_POST['command']) && $_POST['command'] == 'Logout') {
     $_SESSION = array();
     session_destroy();
     unset($_COOKIE['mail_name']);
-    setcookie('mail_name', '', -1, '/');
+    setcookie('mail_name', '', - 1, '/');
     $logmeout = true;
 } else {
     $logmeout = false;
@@ -204,8 +204,14 @@ if ($_POST['command'] != 'Configuration' && $_POST['command'] != 'SaveConfig') {
     echo "<p>" . $golink . "</p>";
     echo '</center>';
 }
+
 // Apply Config
 if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
+    // Confirm password
+    if (! check_bbs_auth($user, $_POST['confirm_password'])) {
+        $message = '<b>Password Incorrect</b><br />Please try again';
+        retry_configuration($message);
+    }
     if ($OVERRIDES['disable_change_name'] != true) {
         if (trim($_POST['display_name']) == '') {
             $_POST['display_name'] = $user;
@@ -223,67 +229,59 @@ if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
                 $value = false;
             }
         }
-        if(isset($OVERRIDES['reserved_names'])) {
-            $reserved_names = $OVERRIDES['reserved_names']; 
+        if (isset($OVERRIDES['reserved_names'])) {
+            $reserved_names = $OVERRIDES['reserved_names'];
         } else {
-            $reserved_names = array("admin", "sysop");
+            $reserved_names = array(
+                "admin",
+                "sysop"
+            );
         }
-        if(isset($OVERRIDES['duplicate_aliases'])) {
+        if (isset($OVERRIDES['duplicate_aliases'])) {
             $dupe_ok = $OVERRIDES['duplicate_aliases'];
         } else {
             $dupe_ok = false;
-        }    
-        foreach($reserved_names as $name) {
-            if(strtolower($_POST['display_name']) == strtolower($name)) {
+        }
+        foreach ($reserved_names as $name) {
+            if (strtolower($_POST['display_name']) == strtolower($name)) {
                 // It's a reserved alias
-                echo '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
-                echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
-                echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
-                echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
-                echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
-                exit();
+                $message = '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
+                retry_configuration($message);
             }
         }
         if ($value && (strtolower($_POST['display_name']) != $user)) {
             // It's someone else's username or alias
-            echo '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
-            echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
-            echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
-            echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
-            echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
-            exit();
+            $message = '<b>' . $_POST['display_name'] . "</b> is unavailable.<br />Please try again";
+            retry_configuration($message);
         }
         // Validate email format
         if (filter_var($_POST['display_email'], FILTER_VALIDATE_EMAIL) == false) {
             // Email address format invalid. Format is important but does not need to be a real address
-            echo '</b> Display email format appears incorrect:<br><b>' . $_POST['display_email'] . '</b><br />Please try again';
-            echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
-            echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
-            echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
-            echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
-            exit();
+            $message = '</b> Display email format appears incorrect:<br><b>' . $_POST['display_email'] . '</b><br />Please try again';
+            retry_configuration($message);
         }
         // Check if email already exists in user database
         if ($founduser = check_registered_email_addresses(trim($_POST['display_email']))) {
             // Email exists in database
             if (strtolower($user) != strtolower($founduser)) {
                 // It's someone else's email
-                echo '<b>' . $_POST['display_email'] . "</b> is unavailable.<br />Please try again";
-                echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
-                echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
-                echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
-                echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
-                exit();
+                $message = '<b>' . $_POST['display_email'] . "</b> is unavailable.<br />Please try again";
+                retry_configuration($message);
             }
         }
+        // New passwords do not match
+        if ($_POST['password'] !== $_POST['password2']) {
+            $message = '<b> New password entries do not match</b><br />Please try again';
+            retry_configuration($message);
+        }
         $user_config['display_name'] = trim($_POST['display_name']);
         $user_config['display_email'] = trim($_POST['display_email']);
         // Apply alias into $config_dir/aliases_conf
-        if(strtolower($user_config['display_name'] != strtolower($_POST['username']))) {
+        if (strtolower($user_config['display_name'] != strtolower($_POST['username']))) {
             $value_unique = true;
-            if($dupe_ok) {
-                foreach($dupe_ok as $dupe) {
-                    if($dupe == strtolower($_POST['username'])) {
+            if ($dupe_ok) {
+                foreach ($dupe_ok as $dupe) {
+                    if ($dupe == strtolower($_POST['username'])) {
                         $value_unique = false;
                         break;
                     }
@@ -295,7 +293,7 @@ if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
     $user_config['signature'] = $_POST['signature'];
     $user_config['xface'] = $_POST['xface'];
     $user_config['timezone'] = $_POST['timezone'];
-    $user_config['theme'] = $_POST['listbox'];
+    $user_config['theme'] = $_POST['theme'];
     $user_config['hide_unsub'] = $_POST['hide_unsub'];
     file_put_contents($config_dir . '/userconfig/' . $user . '.config', serialize($user_config));
     $_SESSION['theme'] = $user_config['theme'];
@@ -315,7 +313,13 @@ if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
     if ($userdata) {
         ksort($userdata);
     }
-    echo 'Configuration Saved for ' . $_POST['username'];
+    // Save new password
+    if ((trim($_POST['password']) != '') && ($_POST['password'] == $_POST['password2'])) {
+        $userFilename = $config_dir . '/users/' . strtolower($user);
+        file_put_contents($userFilename, password_hash($_POST['password'], PASSWORD_DEFAULT));
+    }
+
+    echo '<center>Configuration Saved for ' . $_POST['username'] . '</center>';
 } else {
     $user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . $user . '.config'));
 }
@@ -350,6 +354,16 @@ if ($OVERRIDES['disable_change_name'] != true) {
 }
 sort($themes);
 if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
+    // Use modifications from retry configuration
+    if ($_POST['retry'] == "retry") {
+        $display_name = $_POST['display_name'];
+        $display_email = $_POST['display_email'];
+        $user_config['signature'] = $_POST['signature'];
+        $user_config['xface'] = urldecode($_POST['xface']);
+        $user_config['hide_unsub'] = $_POST['hide_unsub'];
+        $user_config['subscribed'] = $_POST['subscribed'];
+        $user_config['theme'] = $_POST['theme'];
+    }
     // Show Config
     echo '<hr><h1 class="np_thread_headline"></h1>';
     echo '<table cellspacing="0" width="100%" class="np_results_table">';
@@ -377,13 +391,13 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
     echo '</textarea></td>';
     echo '</tr>';
     // Theme
-    if (isset($user_config['theme'])) {
+    if (isset($user_config['theme']) && trim($user_config['theme']) != '') {
         echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Theme: (' . $user_config['theme'] . ')</h3></td>';
     } else {
         echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Theme:</h3></td>';
     }
     echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word">';
-    echo '<select name="listbox" class="theme_listbox" size="10">';
+    echo '<select name="theme" class="theme_listbox" size="10">';
     foreach ($themes as $theme) {
         if ($theme == $user_config['theme']) {
             echo '<option value="' . $theme . '" selected="selected">' . $theme . '</option>';
@@ -395,21 +409,21 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
     echo '</td>';
     echo '</tr>';
     // Subscriptions
-    if(!isset($user_config['hide_unsub'])) {
+    if (! isset($user_config['hide_unsub'])) {
         $user_config['hide_unsub'] = 'show';
     }
     echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Subscriptions:</h3></td>';
     echo '<tr><td class="np_result_line1" style="word-wrap:break-word";>';
     echo '&nbsp;While viewing section pages:<br />';
-    
-    if($user_config['hide_unsub'] == 'hide') {
+
+    if ($user_config['hide_unsub'] == 'hide') {
         echo '<input type="radio" name="hide_unsub" id="hide" value="hide" checked="checked">';
     } else {
         echo '<input type="radio" name="hide_unsub" id="hide" value="hide">';
     }
     echo '<label for="hide_unsub"> Hide Unsubscribed Groups</label><br />';
-    
-    if($user_config['hide_unsub'] == 'show') {
+
+    if ($user_config['hide_unsub'] == 'show') {
         echo '<input type="radio" name="hide_unsub" id="show" value="show" checked="checked">';
     } else {
         echo '<input type="radio" name="hide_unsub" id="show" value="show">';
@@ -419,20 +433,45 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
 
     echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Subscribed groups:</h3></td>';
     echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word";><textarea class="configuration" id="subscribed" name="subscribed" rows="10" cols="40">';
-    foreach ($userdata as $key => $value) {
-        if($key == "DO.NOT.DELETE") {
-            continue;
+    // print_r($user_config['subscribed']);
+
+    if (isset($user_config['subscribed'])) {
+        $userdata = $user_config['subscribed'];
+        print_r($user_config['subscribed']);
+    } else {
+        foreach ($userdata as $key => $value) {
+            if ($key == "DO.NOT.DELETE") {
+                continue;
+            }
+            echo $key . "\n";
         }
-        echo $key . "\n";
     }
     echo '</textarea></td>';
     echo '</tr>';
+
+    // User Display Name
+    echo '<tr>';
+    echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>New password: </h3>';
+    echo '<input name="password" type="password" id="password" maxlength="40"></td>';
+    echo '</tr>';
+    // User Display Email
+    echo '<tr>';
+    echo '<td class="np_result_line1" style="word-wrap:break-word";><h3>Re-enter new password: </h3>';
+    echo '<input name="password2" type="password" id="password2" maxlength="40"></td>';
+    echo '</tr>';
+
     /*
      * // Timezone
      * echo '<td class="np_result_line1" style="word-wrap:break-word";>Timezone offset (+/- hours from UTC):</td>';
      * echo '</tr><tr><td class="np_result_line1" style="word-wrap:break-word";><input type="text" name="timezone" value="'.$user_config[timezone].'"></td>';
      * echo '</tr>';
      */
+    // Password confirmation
+    echo '<tr>';
+    echo '<td class="np_result_line2" style="word-wrap:break-word";><h3>Current password: </h3><h4>(required)</h4>';
+    echo '<input name="confirm_password" type="password" id="confirm_password" maxlength="40"></td>';
+    echo '</tr>';
+
     echo '<td class="np_result_line2" style="word-wrap:break-word";>';
     echo '<button class="np_button_link" type="submit">Save Configuration</button>';
     echo '<a href="' . $_SERVER['PHP_SELF'] . '">Cancel</a>';
@@ -444,4 +483,23 @@ if (isset($_POST['command']) && $_POST['command'] == 'Configuration') {
     echo '<br />';
 }
 include "tail.inc";
-?>
+
+function retry_configuration($message)
+{
+    echo '<center>';
+    echo $message;
+    echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
+    echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
+    echo "<input type='hidden' name='retry' value='retry' />";
+    echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
+    echo "<input type='hidden' name='display_name' value='" . $_POST['display_name'] . "' />";
+    echo "<input type='hidden' name='display_email' value='" . $_POST['display_email'] . "' />";
+    echo "<input type='hidden' name='signature' value='" . $_POST['signature'] . "' />";
+    echo "<input type='hidden' name='xface' value='" . urlencode($_POST['xface']) . "' />";
+    echo "<input type='hidden' name='hide_unsub' value='" . $_POST['hide_unsub'] . "' />";
+    echo "<input type='hidden' name='subscribed' value='" . $_POST['subscribed'] . "' />";
+    echo "<input type='hidden' name='theme' value='" . $_POST['theme'] . "' />";
+    echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
+    echo '</center>';
+    exit();
+}