diff --git a/public/language/en_GB/pages.json b/public/language/en_GB/pages.json
index 9fc75d3d2b..10a7ef070b 100644
--- a/public/language/en_GB/pages.json
+++ b/public/language/en_GB/pages.json
@@ -8,6 +8,7 @@
 	"user.edit": "Editing \"%1\"",
 	"user.following": "People %1 Follows",
 	"user.followers": "People who Follow %1",
+	"user.posts": "Posts made by %1",
 	"user.favourites": "%1's Favourite Posts",
 	"user.settings": "User Settings"
 }
\ No newline at end of file
diff --git a/public/src/app.js b/public/src/app.js
index 836748641f..f7734ab588 100644
--- a/public/src/app.js
+++ b/public/src/app.js
@@ -15,6 +15,9 @@ var socket,
 			url: RELATIVE_PATH + '/api/config',
 			success: function (data) {
 				config = data;
+
+				exposeConfigToTemplates();
+
 				if(socket) {
 					socket.disconnect();
 					setTimeout(function() {
@@ -591,13 +594,17 @@ var socket,
 		});
 
 		createHeaderTooltips();
-
-		templates.setGlobal('relative_path', RELATIVE_PATH);
-		templates.setGlobal('usePagination', config.usePagination);
-		templates.setGlobal('topicsPerPage', config.topicsPerPage);
-		templates.setGlobal('postsPerPage', config.postsPerPage);
 	});
 
+	function exposeConfigToTemplates() {
+		$(document).ready(function() {
+			templates.setGlobal('relative_path', RELATIVE_PATH);
+			for(var key in config) {
+				templates.setGlobal('config.' + key, config[key]);
+			}
+		});
+	}
+
 	function createHeaderTooltips() {
 		$('#header-menu li i[title]').each(function() {
 			$(this).parents('a').tooltip({
diff --git a/public/src/forum/login.js b/public/src/forum/login.js
index 4c8b3a0128..1f4df45ea6 100644
--- a/public/src/forum/login.js
+++ b/public/src/forum/login.js
@@ -18,23 +18,23 @@ define(function() {
 				url: RELATIVE_PATH + '/login',
 				data: loginData,
 				success: function(data, textStatus, jqXHR) {
+					$('#login').html('Redirecting...');
+					if(!app.previousUrl) {
+						app.previousUrl = '/';
+					}
 
-					if (!data.success) {
-						$('#login-error-notify').show();
-						$('#login').removeAttr('disabled').html('Login');
+					if(app.previousUrl.indexOf('/reset/') !== -1) {
+						window.location.replace(RELATIVE_PATH + "/?loggedin");
 					} else {
-						$('#login').html('Redirecting...');
-						if(!app.previousUrl) {
-							app.previousUrl = '/';
-						}
-
-						if(app.previousUrl.indexOf('/reset/') != -1)
-							window.location.replace(RELATIVE_PATH + "/?loggedin");
-						else
+						var index = app.previousUrl.indexOf('#');
+						if(index !== -1) {
+							window.location.replace(app.previousUrl.slice(0, index) + '?loggedin' + app.previousUrl.slice(index));
+						} else {
 							window.location.replace(app.previousUrl + "?loggedin");
-
-						app.loadConfig();
+						}
 					}
+
+					app.loadConfig();
 				},
 				error: function(data, textStatus, jqXHR) {
 					$('#login-error-notify').show();
diff --git a/public/templates/admin/groups.tpl b/public/templates/admin/groups.tpl
index bd21db2b9f..39967ad648 100644
--- a/public/templates/admin/groups.tpl
+++ b/public/templates/admin/groups.tpl
@@ -10,12 +10,12 @@
 				<div class="col-lg-8">
 					<h2>{groups.name}</h2>
 					<p>{groups.description}</p>
+					<!-- IF groups.deletable -->
 					<div class="btn-group">
 						<button class="btn btn-default" data-action="members">Members</button>
-						<!-- IF groups.deletable -->
 						<button class="btn btn-danger" data-action="delete">Delete Group</button>
-						<!-- ENDIF groups.deletable -->
 					</div>
+					<!-- ENDIF groups.deletable -->
 				</div>
 				<div class="col-lg-4">
 					<ul class="pull-right members">
diff --git a/public/templates/admin/index.tpl b/public/templates/admin/index.tpl
index 0ff8383dc3..a6b8db55be 100644
--- a/public/templates/admin/index.tpl
+++ b/public/templates/admin/index.tpl
@@ -12,15 +12,7 @@
 			</div>
 		</div>
 	</div>
-	<div class="col-sm-6">
-		<div class="panel panel-default">
-			<div class="panel-heading">Active Users <small><span class="badge" id="connections"></span> socket connections</small></div>
-			<div class="panel-body">
-				<div id="active_users"></div>
-			</div>
-		</div>
-	</div>
-	<div class="col-sm-6">
+	<div class="col-sm-6 pull-right">
 		<div class="panel panel-default">
 			<div class="panel-heading">Updates</div>
 			<div class="panel-body">
@@ -33,4 +25,12 @@
 			</div>
 		</div>
 	</div>
+	<div class="col-sm-6">
+		<div class="panel panel-default">
+			<div class="panel-heading">Active Users <small><span class="badge" id="connections"></span> socket connections</small></div>
+			<div class="panel-body">
+				<div id="active_users"></div>
+			</div>
+		</div>
+	</div>
 </div>
\ No newline at end of file
diff --git a/public/templates/category.tpl b/public/templates/category.tpl
index 36c5bfa393..7489279134 100644
--- a/public/templates/category.tpl
+++ b/public/templates/category.tpl
@@ -86,14 +86,14 @@
 			</li>
 			<!-- END topics -->
 		</ul>
-		<!-- IF usePagination -->
+		<!-- IF config.usePagination -->
 		<div class="text-center">
 			<ul class="pagination">
 				<li class="previous pull-left"><a href="#"><i class="fa fa-chevron-left"></i> [[global:previouspage]]</a></li>
 				<li class="next pull-right"><a href="#">[[global:nextpage]] <i class="fa fa-chevron-right"></i></a></li>
 			</ul>
 		</div>
-		<!-- ENDIF usePagination -->
+		<!-- ENDIF config.usePagination -->
 	</div>
 
 	<!-- IF topics.length -->
diff --git a/public/templates/header.tpl b/public/templates/header.tpl
index aad9c657ab..c84294f8e5 100644
--- a/public/templates/header.tpl
+++ b/public/templates/header.tpl
@@ -14,6 +14,10 @@
 	<!-- BEGIN pluginCSS -->
 	<link rel="stylesheet" href="{pluginCSS.path}?{cache-buster}">
 	<!-- END pluginCSS -->
+	<!-- IF useCustomCSS -->
+	<style type="text/css">{customCSS}</style>
+	<!-- ENDIF useCustomCSS -->
+
 	<script>
 		var RELATIVE_PATH = "{relative_path}";
 	</script>
@@ -31,12 +35,6 @@
 			}
 		});
 	</script>
-
-	<!-- TODO : this has to be refactored, maybe configured from ACP? -baris -->
-	<link rel="stylesheet" type="text/css" href="//code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css">
-	<!-- IF useCustomCSS -->
-	<style type="text/css">{customCSS}</style>
-	<!-- ENDIF useCustomCSS -->
 </head>
 
 <body>
diff --git a/public/templates/topic.tpl b/public/templates/topic.tpl
index c6eeaeb2df..4666bc639e 100644
--- a/public/templates/topic.tpl
+++ b/public/templates/topic.tpl
@@ -214,14 +214,14 @@
 		<div style="clear:both;"></div>
 	</div>
 
-	<!-- IF usePagination -->
+	<!-- IF config.usePagination -->
 	<div class="text-center">
 		<ul class="pagination">
 			<li class="previous pull-left"><a href="#"><i class="fa fa-chevron-left"></i> [[global:previouspage]]</a></li>
 			<li class="next pull-right"><a href="#">[[global:nextpage]] <i class="fa fa-chevron-right"></i></a></li>
 		</ul>
 	</div>
-	<!-- ENDIF usePagination -->
+	<!-- ENDIF config.usePagination -->
 
 	<div id="move_thread_modal" class="modal" tabindex="-1" role="dialog" aria-labelledby="Move Topic" aria-hidden="true">
 		<div class="modal-dialog">
diff --git a/src/groups.js b/src/groups.js
index 8d9b50067c..9b32cc7839 100644
--- a/src/groups.js
+++ b/src/groups.js
@@ -70,7 +70,7 @@
 			results.base.count = results.users.length;
 			results.base.members = results.users;
 
-			results.base.deletable = parseInt(results.base.gid, 10) !== 1;
+			results.base.deletable = results.base.hidden !== '1';
 
 			callback(err, results.base);
 		});
diff --git a/src/meta.js b/src/meta.js
index bd77781b17..d95614b082 100644
--- a/src/meta.js
+++ b/src/meta.js
@@ -171,8 +171,6 @@ var fs = require('fs'),
 			var user = require('./user');
 
 			Meta.title.parseFragment(decodeURIComponent(urlFragment), function(err, title) {
-				var title;
-
 				if (err) {
 					title = Meta.config.browserTitle || 'NodeBB';
 				} else {
diff --git a/src/routes/admin.js b/src/routes/admin.js
index 8af4d4b6b2..d04ac78b80 100644
--- a/src/routes/admin.js
+++ b/src/routes/admin.js
@@ -448,9 +448,20 @@ var nconf = require('nconf'),
 			});
 
 			app.get('/groups', function (req, res) {
-				groups.list({
-					expand: true
-				}, function (err, groups) {
+				async.parallel([
+					function(next) {
+						groups.list({
+							expand: true
+						}, next);
+					},
+					function(next) {
+						groups.listSystemGroups({
+							expand: true
+						}, next);
+					}
+				], function(err, data) {
+					var	groups = data[0].concat(data[1]);
+
 					res.json(200, {
 						groups: groups,
 						yourid: req.user.uid
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 2476b391f2..5f40c1133b 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -13,16 +13,6 @@
 
 		login_strategies = [];
 
-	passport.use(new passportLocal(function(user, password, next) {
-		Auth.login(user, password, function(err, login) {
-			if (!err) {
-				next(null, login.user);
-			} else {
-				next(null, false, err);
-			}
-		});
-	}));
-
 	plugins.ready(function() {
 		plugins.fireHook('filter:auth.init', login_strategies, function(err) {
 			if (err) {
@@ -33,16 +23,6 @@
 		});
 	});
 
-	passport.serializeUser(function(user, done) {
-		done(null, user.uid);
-	});
-
-	passport.deserializeUser(function(uid, done) {
-		done(null, {
-			uid: uid
-		});
-	});
-
 	Auth.initialize = function(app) {
 		app.use(passport.initialize());
 		app.use(passport.session());
@@ -107,11 +87,9 @@
 					if (err) {
 						return next(err);
 					}
+
 					if (!user) {
-						return res.send({
-							success: false,
-							message: info.message
-						});
+						return res.json(403, info);
 					}
 
 					// Alter user cookie depending on passed-in option
@@ -127,10 +105,7 @@
 					req.login({
 						uid: user.uid
 					}, function() {
-						res.send({
-							success: true,
-							message: 'authentication succeeded'
-						});
+						res.json(info);
 					});
 				})(req, res, next);
 			});
@@ -163,50 +138,60 @@
 
 	Auth.login = function(username, password, next) {
 		if (!username || !password) {
-			return next({
-				status: 'error',
-				message: 'invalid-user'
-			});
-		} else {
+			return next(new Error('invalid-user'));
+		}
+
+		var userslug = utils.slugify(username);
+
+		user.getUidByUserslug(userslug, function(err, uid) {
+			if (err) {
+				return next(err);
+			}
 
-			var userslug = utils.slugify(username);
+			if(!uid) {
+				return next(null, false, 'user doesn\'t exist');
+			}
 
-			user.getUidByUserslug(userslug, function(err, uid) {
+			user.getUserFields(uid, ['password', 'banned'], function(err, userData) {
 				if (err) {
-					return next(new Error('redis-error'));
-				} else if (uid == null) {
-					return next(new Error('invalid-user'));
+					return next(err);
 				}
 
-				user.getUserFields(uid, ['password', 'banned'], function(err, userData) {
-					if (err) return next(err);
+				if (!userData || !userData.password) {
+					return next(new Error('invalid userdata or password'));
+				}
 
-					if (userData.banned && parseInt(userData.banned, 10) === 1) {
-						return next({
-							status: "error",
-							message: "user-banned"
-						});
+				if (userData.banned && parseInt(userData.banned, 10) === 1) {
+					return next(null, false, 'User banned');
+				}
+
+				bcrypt.compare(password, userData.password, function(err, res) {
+					if (err) {
+						winston.err(err.message);
+						return next(new Error('bcrypt compare error'));
 					}
 
-					bcrypt.compare(password, userData.password, function(err, res) {
-						if (err) {
-							winston.err(err.message);
-							next(new Error('bcrypt compare error'));
-							return;
-						}
-
-						if (res) {
-							next(null, {
-								user: {
-									uid: uid
-								}
-							});
-						} else {
-							next(new Error('invalid-password'));
-						}
-					});
+					if (!res) {
+						next(null, false, 'invalid-password');
+					}
+
+					next(null, {
+						uid: uid
+					}, 'Authentication successful');
 				});
 			});
-		}
+		});
 	}
+
+	passport.use(new passportLocal(Auth.login));
+
+	passport.serializeUser(function(user, done) {
+		done(null, user.uid);
+	});
+
+	passport.deserializeUser(function(uid, done) {
+		done(null, {
+			uid: uid
+		});
+	});
 }(exports));
\ No newline at end of file
diff --git a/src/routes/user.js b/src/routes/user.js
index be3b474374..45a0c7f20c 100644
--- a/src/routes/user.js
+++ b/src/routes/user.js
@@ -45,18 +45,17 @@ var fs = require('fs'),
 
 		app.namespace('/user', function () {
 
-			function createRoute(routeName, path, templateName) {
-				app.get(routeName, function(req, res, next) {
-					if (!req.params.userslug) {
-						return next();
-					}
+			function createRoute(routeName, path, templateName, access) {
+
+				function isAllowed(req, res, next) {
+					var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
-					if (!req.user && (path === '/favourites' || !!parseInt(meta.config.privateUserInfo, 10))) {
+					if (!callerUID && !!parseInt(meta.config.privateUserInfo, 10)) {
 						return res.redirect('/403');
 					}
 
 					user.getUidByUserslug(req.params.userslug, function (err, uid) {
-						if(err) {
+						if (err) {
 							return next(err);
 						}
 
@@ -64,84 +63,50 @@ var fs = require('fs'),
 							return res.redirect('/404');
 						}
 
-						app.build_header({
-							req: req,
-							res: res
-						}, function (err, header) {
-							if(err) {
-								return next(err);
-							}
-							res.send(header + app.create_route('user/' + req.params.userslug + path, templateName) + templates['footer']);
-						});
-					});
-				})
-			}
+						if (parseInt(uid, 10) === callerUID) {
+							return next();
+						}
 
-			createRoute('/:userslug', '', 'account');
-			createRoute('/:userslug/following', '/following', 'following');
-			createRoute('/:userslug/followers', '/followers', 'followers');
-			createRoute('/:userslug/favourites', '/favourites', 'favourites');
-			createRoute('/:userslug/posts', '/posts', 'accountposts');
+						if (req.path.indexOf('/edit') !== -1) {
+							user.isAdministrator(callerUID, function(err, isAdmin) {
+								if(err) {
+									return next(err);
+								}
 
-			app.get('/:userslug/edit', function (req, res, next) {
+								if(!isAdmin) {
+									return res.redirect('/403');
+								}
 
-				if (!req.user) {
-					return res.redirect('/403');
+								next();
+							});
+						} else if (req.path.indexOf('/settings') !== -1 || req.path.indexOf('/favourites') !== -1) {
+							res.redirect('/403')
+						} else {
+							next();
+						}
+					});
 				}
 
-				user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
-					function done() {
-						app.build_header({
-							req: req,
-							res: res
-						}, function (err, header) {
-							res.send(header + app.create_route('user/' + req.params.userslug + '/edit', 'accountedit') + templates['footer']);
-						});
-					}
-
-					if(err || !userslug) {
-						return next(err);
-					}
-
-					if (userslug === req.params.userslug) {
-						return done();
-					}
-
-					user.isAdministrator(req.user.uid, function(err, isAdmin) {
+				app.get(routeName, isAllowed, function(req, res, next) {
+					app.build_header({
+						req: req,
+						res: res
+					}, function (err, header) {
 						if(err) {
 							return next(err);
 						}
-
-						if(!isAdmin) {
-							return res.redirect('/403');
-						}
-
-						done();
+						res.send(header + app.create_route('user/' + req.params.userslug + path, templateName) + templates['footer']);
 					});
 				});
-			});
-
-			app.get('/:userslug/settings', function (req, res) {
-
-				if (!req.user) {
-					return res.redirect('/403');
-				}
-
-				user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
-					if (req.params.userslug && userslug === req.params.userslug) {
-						app.build_header({
-							req: req,
-							res: res
-						}, function (err, header) {
-							res.send(header + app.create_route('user/' + req.params.userslug + '/settings', 'accountsettings') + templates['footer']);
-						})
-					} else {
-						return res.redirect('/404');
-					}
-				});
-			});
-
+			}
 
+			createRoute('/:userslug', '', 'account');
+			createRoute('/:userslug/following', '/following', 'following');
+			createRoute('/:userslug/followers', '/followers', 'followers');
+			createRoute('/:userslug/favourites', '/favourites', 'favourites');
+			createRoute('/:userslug/posts', '/posts', 'accountposts');
+			createRoute('/:userslug/edit', '/edit', 'accountedit');
+			createRoute('/:userslug/settings', '/settings', 'accountsettings');
 
 			app.post('/uploadpicture', function (req, res) {
 				if (!req.user) {
@@ -257,121 +222,114 @@ var fs = require('fs'),
 			next();
 		}
 
-		app.get('/api/user/:userslug/following', isAllowed, function (req, res, next) {
-			var callerUID = req.user ? req.user.uid : '0';
+		app.get('/api/user/:userslug/following', isAllowed, getUserFollowing);
+		app.get('/api/user/:userslug/followers', isAllowed, getUserFollowers);
+		app.get('/api/user/:userslug/edit', isAllowed, getUserEdit);
+		app.get('/api/user/:userslug/settings', isAllowed, getUserSettings);
+		app.get('/api/user/:userslug/favourites', isAllowed, getUserFavourites);
+		app.get('/api/user/:userslug/posts', isAllowed, getUserPosts);
+		app.get('/api/user/uid/:uid', isAllowed, getUserData);
+		app.get('/api/user/:userslug', isAllowed, getUserProfile);
+		app.get('/api/users', isAllowed, getOnlineUsers);
+		app.get('/api/users/sort-posts', isAllowed, getUsersSortedByPosts);
+		app.get('/api/users/sort-reputation', isAllowed, getUsersSortedByReputation);
+		app.get('/api/users/latest', isAllowed, getUsersSortedByJoinDate);
+		app.get('/api/users/online', isAllowed, getOnlineUsers);
+		app.get('/api/users/search', isAllowed, getUsersForSearch);
+
+
+		function getUserProfile(req, res, next) {
+			var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
 			getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
 				if(err) {
 					return next(err);
 				}
 
-				if (userData) {
-					user.getFollowing(userData.uid, function (err, followingData) {
-						if(err) {
-							return next(err);
-						}
-						userData.following = followingData;
-						userData.followingCount = followingData.length;
-						res.json(userData);
-					});
-
-				} else {
-					res.json(404, {
+				if(!userData) {
+					return res.json(404, {
 						error: 'User not found!'
 					});
 				}
-			});
-		});
 
-		app.get('/api/user/:userslug/followers', isAllowed, function (req, res, next) {
-			var callerUID = req.user ? req.user.uid : '0';
+				user.isFollowing(callerUID, userData.theirid, function (isFollowing) {
 
-			getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
-				if(err) {
-					return next(err);
-				}
+					posts.getPostsByUid(callerUID, userData.theirid, 0, 9, function (err, userPosts) {
 
-				if (userData) {
-					user.getFollowers(userData.uid, function (err, followersData) {
 						if(err) {
 							return next(err);
 						}
-						userData.followers = followersData;
-						userData.followersCount = followersData.length;
-						res.json(userData);
-					});
-				} else {
-					res.json(404, {
-						error: 'User not found!'
-					});
-				}
-			});
-		});
 
-		app.get('/api/user/:userslug/edit', function (req, res, next) {
-			var callerUID = req.user ? req.user.uid : '0';
+						userData.posts = userPosts.posts.filter(function (p) {
+							return p && parseInt(p.deleted, 10) !== 1;
+						});
+
+						userData.isFollowing = isFollowing;
 
-			if(!parseInt(callerUID, 10)) {
-				return res.json(403, {
-					error: 'Not allowed!'
+						if (!userData.profileviews) {
+							userData.profileviews = 1;
+						}
+
+						if (callerUID !== parseInt(userData.uid, 10) && callerUID) {
+							user.incrementUserFieldBy(userData.uid, 'profileviews', 1);
+						}
+
+						postTools.parse(userData.signature, function (err, signature) {
+							userData.signature = signature;
+							res.json(userData);
+						});
+					});
 				});
-			}
+			});
+		}
 
-			getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
-				if(err) {
-					return next(err);
-				}
+		function getUserData(req, res, next) {
+			var uid = req.params.uid ? req.params.uid : 0;
+
+			user.getUserData(uid, function(err, userData) {
 				res.json(userData);
 			});
-		});
-
-		app.get('/api/user/:userslug/settings', function(req, res, next) {
-			var callerUID = req.user ? req.user.uid : '0';
+		}
 
-			user.getUidByUserslug(req.params.userslug, function(err, uid) {
-				if (err) {
-					return next(err);
-				}
+		function getUserPosts(req, res, next) {
+			var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
+			user.getUidByUserslug(req.params.userslug, function (err, uid) {
 				if (!uid) {
 					return res.json(404, {
 						error: 'User not found!'
 					});
 				}
 
-				if (uid != callerUID || callerUID == '0') {
-					return res.json(403, {
-						error: 'Not allowed!'
-					});
-				}
-
-				plugins.fireHook('filter:user.settings', [], function(err, settings) {
+				user.getUserFields(uid, ['username', 'userslug'], function (err, userData) {
 					if (err) {
 						return next(err);
 					}
 
-					user.getUserFields(uid, ['username', 'userslug'], function(err, userData) {
+					if (!userData) {
+						return res.json(404, {
+							error: 'User not found!'
+						});
+					}
+
+					posts.getPostsByUid(callerUID, uid, 0, 19, function (err, userPosts) {
 						if (err) {
 							return next(err);
 						}
-
-						if(!userData) {
-							return res.json(404, {
-								error: 'User not found!'
-							});
-						}
-						userData.yourid = req.user.uid;
+						userData.uid = uid;
 						userData.theirid = uid;
-						userData.settings = settings;
+						userData.yourid = callerUID;
+						userData.posts = userPosts.posts;
+						userData.nextStart = userPosts.nextStart;
+
 						res.json(userData);
 					});
 				});
-
 			});
-		});
+		}
 
-		app.get('/api/user/:userslug/favourites', isAllowed, function (req, res, next) {
-			var callerUID = req.user ? req.user.uid : '0';
+		function getUserFavourites(req, res, next) {
+			var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
 			user.getUidByUserslug(req.params.userslug, function (err, uid) {
 				if (!uid) {
@@ -380,7 +338,7 @@ var fs = require('fs'),
 					});
 				}
 
-				if (uid != callerUID || callerUID == '0') {
+				if (parseInt(uid, 10) !== callerUID) {
 					return res.json(403, {
 						error: 'Not allowed!'
 					});
@@ -411,107 +369,114 @@ var fs = require('fs'),
 					});
 				});
 			});
-		});
+		}
 
-		app.get('/api/user/:userslug/posts', isAllowed, function (req, res, next) {
-			var callerUID = req.user ? req.user.uid : '0';
+		function getUserSettings(req, res, next) {
+			var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
+
+			user.getUidByUserslug(req.params.userslug, function(err, uid) {
+				if (err) {
+					return next(err);
+				}
 
-			user.getUidByUserslug(req.params.userslug, function (err, uid) {
 				if (!uid) {
 					return res.json(404, {
 						error: 'User not found!'
 					});
 				}
 
-				user.getUserFields(uid, ['username', 'userslug'], function (err, userData) {
+				if (parseInt(uid, 10) !== callerUID) {
+					return res.json(403, {
+						error: 'Not allowed!'
+					});
+				}
+
+				plugins.fireHook('filter:user.settings', [], function(err, settings) {
 					if (err) {
 						return next(err);
 					}
 
-					if (!userData) {
-						return res.json(404, {
-							error: 'User not found!'
-						});
-					}
-
-					posts.getPostsByUid(callerUID, uid, 0, 19, function (err, userPosts) {
+					user.getUserFields(uid, ['username', 'userslug'], function(err, userData) {
 						if (err) {
 							return next(err);
 						}
-						userData.uid = uid;
-						userData.theirid = uid;
-						userData.yourid = callerUID;
-						userData.posts = userPosts.posts;
-						userData.nextStart = userPosts.nextStart;
 
+						if(!userData) {
+							return res.json(404, {
+								error: 'User not found!'
+							});
+						}
+						userData.yourid = req.user.uid;
+						userData.theirid = uid;
+						userData.settings = settings;
 						res.json(userData);
 					});
 				});
+
 			});
-		});
+		}
 
+		function getUserEdit(req, res, next) {
+			var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
-		app.get('/api/user/uid/:uid', isAllowed, function(req, res, next) {
-			var uid = req.params.uid ? req.params.uid : 0;
-
-			user.getUserData(uid, function(err, userData) {
+			getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
+				if(err) {
+					return next(err);
+				}
 				res.json(userData);
 			});
-		});
+		}
 
-		app.get('/api/user/:userslug', isAllowed, function (req, res, next) {
-			var callerUID = req.user ? req.user.uid : '0';
+		function getUserFollowers(req, res, next) {
+			var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
 			getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
 				if(err) {
 					return next(err);
 				}
 
-				if(!userData) {
-					return res.json(404, {
+				if (userData) {
+					user.getFollowers(userData.uid, function (err, followersData) {
+						if(err) {
+							return next(err);
+						}
+						userData.followers = followersData;
+						userData.followersCount = followersData.length;
+						res.json(userData);
+					});
+				} else {
+					res.json(404, {
 						error: 'User not found!'
 					});
 				}
+			});
+		}
 
-				user.isFollowing(callerUID, userData.theirid, function (isFollowing) {
+		function getUserFollowing(req, res, next) {
+			var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
-					posts.getPostsByUid(callerUID, userData.theirid, 0, 9, function (err, userPosts) {
+			getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
+				if(err) {
+					return next(err);
+				}
 
+				if (userData) {
+					user.getFollowing(userData.uid, function (err, followingData) {
 						if(err) {
 							return next(err);
 						}
-
-						userData.posts = userPosts.posts.filter(function (p) {
-							return p && parseInt(p.deleted, 10) !== 1;
-						});
-
-						userData.isFollowing = isFollowing;
-
-						if (!userData.profileviews) {
-							userData.profileviews = 1;
-						}
-
-						if (parseInt(callerUID, 10) !== parseInt(userData.uid, 10) && parseInt(callerUID, 0)) {
-							user.incrementUserFieldBy(userData.uid, 'profileviews', 1);
-						}
-
-						postTools.parse(userData.signature, function (err, signature) {
-							userData.signature = signature;
-							res.json(userData);
-						});
+						userData.following = followingData;
+						userData.followingCount = followingData.length;
+						res.json(userData);
 					});
-				});
 
+				} else {
+					res.json(404, {
+						error: 'User not found!'
+					});
+				}
 			});
-		});
-
-		app.get('/api/users', isAllowed, getOnlineUsers);
-		app.get('/api/users/sort-posts', isAllowed, getUsersSortedByPosts);
-		app.get('/api/users/sort-reputation', isAllowed, getUsersSortedByReputation);
-		app.get('/api/users/latest', isAllowed, getUsersSortedByJoinDate);
-		app.get('/api/users/online', isAllowed, getOnlineUsers);
-		app.get('/api/users/search', isAllowed, getUsersForSearch);
-
+		}
 
 		function getUsersSortedByJoinDate(req, res) {
 			user.getUsers('users:joindate', 0, 49, function (err, data) {
@@ -607,78 +572,76 @@ var fs = require('fs'),
 		}
 
 		function getUserDataByUserSlug(userslug, callerUID, callback) {
-			var userData;
-
-			async.waterfall([
-				function(next) {
-					user.getUidByUserslug(userslug, next);
-				},
-				function(uid, next) {
-					if (!uid) {
-						return next(new Error('invalid-user'));
-					}
 
-					user.getUserData(uid, next);
-				},
-				function(data, next) {
-					userData = data;
-					if (!userData) {
-						return callback(new Error('invalid-user'));
+			user.getUidByUserslug(userslug, function(err, uid) {
+				if(err || !uid) {
+					return callback(err || new Error('invalid-user'));
+				}
+
+				async.parallel({
+					userData : function(next) {
+						user.getUserData(uid, next);
+					},
+					userSettings : function(next) {
+						user.getSettings(uid, next);
+					},
+					isAdmin : function(next) {
+						user.isAdministrator(callerUID, next);
+					},
+					followStats: function(next) {
+						user.getFollowStats(uid, next);
+					}
+				}, function(err, results) {
+					if(err || !results.userData) {
+						return callback(err || new Error('invalid-user'));
 					}
 
-					user.isAdministrator(callerUID, next);
-				}
-			], function(err, isAdmin) {
-				if(err) {
-					return callback(err);
-				}
+					var userData = results.userData;
+					var userSettings = results.userSettings;
+					var isAdmin = results.isAdmin;
 
-				userData.joindate = utils.toISOString(userData.joindate);
-				if(userData.lastonline) {
-					userData.lastonline = utils.toISOString(userData.lastonline);
-				} else {
-					userData.lastonline = userData.joindate;
-				}
+					userData.joindate = utils.toISOString(userData.joindate);
+					if(userData.lastonline) {
+						userData.lastonline = utils.toISOString(userData.lastonline);
+					} else {
+						userData.lastonline = userData.joindate;
+					}
 
-				if (!userData.birthday) {
-					userData.age = '';
-				} else {
-					userData.age = Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000);
-				}
+					if (!userData.birthday) {
+						userData.age = '';
+					} else {
+						userData.age = Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000);
+					}
 
-				function canSeeEmail() {
-					return isAdmin || callerUID == userData.uid || (userData.email && (userData.showemail && parseInt(userData.showemail, 10) === 1));
-				}
+					function canSeeEmail() {
+						return isAdmin || parseInt(callerUID, 10) === parseInt(userData.uid, 10) || (userData.email && userSettings.showemail);
+					}
 
-				if (!canSeeEmail()) {
-					userData.email = "";
-				}
+					if (!canSeeEmail()) {
+						userData.email = "";
+					}
 
-				if (callerUID == userData.uid && (!userData.showemail || parseInt(userData.showemail, 10) === 0)) {
-					userData.emailClass = "";
-				} else {
-					userData.emailClass = "hide";
-				}
+					if (parseInt(callerUID, 10) === parseInt(userData.uid, 10) && !userSettings.showemail) {
+						userData.emailClass = "";
+					} else {
+						userData.emailClass = "hide";
+					}
 
-				userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
-				userData.banned = parseInt(userData.banned, 10) === 1;
-				userData.uid = userData.uid;
-				userData.yourid = callerUID;
-				userData.theirid = userData.uid;
+					userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
+					userData.banned = parseInt(userData.banned, 10) === 1;
+					userData.uid = userData.uid;
+					userData.yourid = callerUID;
+					userData.theirid = userData.uid;
 
-				userData.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1;
+					userData.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1;
+
+					userData.followingCount = results.followStats.followingCount;
+					userData.followerCount = results.followStats.followerCount;
 
-				user.getFollowStats(userData.uid, function (err, followStats) {
-					if(err) {
-						return callback(err);
-					}
-					userData.followingCount = followStats.followingCount;
-					userData.followerCount = followStats.followerCount;
 					callback(null, userData);
 				});
 			});
 		}
-
 	};
 
 }(exports));
diff --git a/src/user.js b/src/user.js
index 56d60f3c83..1a048c9d73 100644
--- a/src/user.js
+++ b/src/user.js
@@ -104,43 +104,46 @@ var bcrypt = require('bcryptjs'),
 					'postcount': 0,
 					'lastposttime': 0,
 					'banned': 0,
-					'status': 'online',
-					'showemail': 0
+					'status': 'online'
 				};
 
-				db.setObject('user:' + uid, userData);
+				db.setObject('user:' + uid, userData, function(err) {
 
-				db.setObjectField('username:uid', userData.username, uid);
-				db.setObjectField('userslug:uid', userData.userslug, uid);
+					if(err) {
+						return callback(err);
+					}
+					db.setObjectField('username:uid', userData.username, uid);
+					db.setObjectField('userslug:uid', userData.userslug, uid);
 
-				if (userData.email !== undefined) {
-					db.setObjectField('email:uid', userData.email, uid);
-					if (parseInt(uid, 10) !== 1) {
-						User.email.verify(uid, userData.email);
+					if (userData.email !== undefined) {
+						db.setObjectField('email:uid', userData.email, uid);
+						if (parseInt(uid, 10) !== 1) {
+							User.email.verify(uid, userData.email);
+						}
 					}
-				}
 
-				plugins.fireHook('action:user.create', userData);
-				db.incrObjectField('global', 'userCount');
+					plugins.fireHook('action:user.create', userData);
+					db.incrObjectField('global', 'userCount');
 
-				db.sortedSetAdd('users:joindate', timestamp, uid);
-				db.sortedSetAdd('users:postcount', 0, uid);
-				db.sortedSetAdd('users:reputation', 0, uid);
+					db.sortedSetAdd('users:joindate', timestamp, uid);
+					db.sortedSetAdd('users:postcount', 0, uid);
+					db.sortedSetAdd('users:reputation', 0, uid);
 
-				groups.joinByGroupName('registered-users', uid);
+					groups.joinByGroupName('registered-users', uid);
 
-				if (password) {
-					User.hashPassword(password, function(err, hash) {
-						if(err) {
-							return callback(err);
-						}
+					if (password) {
+						User.hashPassword(password, function(err, hash) {
+							if(err) {
+								return callback(err);
+							}
 
-						User.setUserField(uid, 'password', hash);
+							User.setUserField(uid, 'password', hash);
+							callback(null, uid);
+						});
+					} else {
 						callback(null, uid);
-					});
-				} else {
-					callback(null, uid);
-				}
+					}
+				});
 			});
 		});
 	};
@@ -209,7 +212,7 @@ var bcrypt = require('bcryptjs'),
 				settings = {}
 			}
 
-			settings.showemail = settings.showemail ? parseInt(settings.showemail, 10) !== 0 : parseInt(meta.config.usePagination, 10) !== 0;
+			settings.showemail = settings.showemail ? parseInt(settings.showemail, 10) !== 0 : false;
 			settings.usePagination = settings.usePagination ? parseInt(settings.usePagination, 10) !== 0 : parseInt(meta.config.usePagination, 10) !== 0;
 			settings.topicsPerPage = settings.topicsPerPage ? parseInt(settings.topicsPerPage, 10) : parseInt(meta.config.topicsPerPage, 10) || 20;
 			settings.postsPerPage = settings.postsPerPage ? parseInt(settings.postsPerPage, 10) : parseInt(meta.config.postsPerPage, 10) || 10;
diff --git a/src/webserver.js b/src/webserver.js
index 687280bf14..d6fe44bbbd 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -88,10 +88,10 @@ module.exports.server = server;
 					property: 'keywords',
 					content: meta.config.keywords || ''
 				}],
-				defaultLinkTags = [/*{
+				defaultLinkTags = [{
 					rel: 'apple-touch-icon',
-					href: meta.config['brand:logo'] || nconf.get('relative_path') + '/logo.png'
-				}*/],
+					href: '/apple-touch-icon'
+				}],
 				templateValues = {
 					bootswatchCSS: meta.config['theme:src'],
 					pluginCSS: plugins.cssFiles.map(function(file) { return { path: nconf.get('relative_path') + file.replace(/\\/g, '/') }; }),
@@ -203,7 +203,17 @@ module.exports.server = server;
 
 				logger.init(app);
 
+				// favicon & apple-touch-icon middleware
 				app.use(express.favicon(path.join(__dirname, '../', 'public', meta.config['brand:favicon'] ? meta.config['brand:favicon'] : 'favicon.ico')));
+				app.use('/apple-touch-icon', function(req, res) {
+					if (meta.config['brand:logo'] && validator.isURL(meta.config['brand:logo'])) {
+						return res.redirect(meta.config['brand:logo']);
+					} else {
+						return res.sendfile(path.join(__dirname, '../public', meta.config['brand:logo'] || nconf.get('relative_path') + '/logo.png'), {
+							maxAge: app.enabled('cache') ? 5184000000 : 0
+						});
+					}
+				});
 
 				app.use(require('less-middleware')({
 					src: path.join(__dirname, '../', 'public'),