diff --git a/api/api_login.php b/api/api_login.php
index ff637bc..bfab6d5 100644
--- a/api/api_login.php
+++ b/api/api_login.php
@@ -87,8 +87,8 @@ class api_login {
      * @param string $username Username
      * @return JSON Returns JSON result with success/failure status
      */
-    public static function call_account_action_reset_password(){
-        return \SYSTEM\SECURITY\security::reset_password();}
+    public static function call_account_action_reset_password($username){
+        return \SYSTEM\SECURITY\security::reset_password($username);}
         
     /**
      * System Account Change Password
diff --git a/sai/modules/saimod_sys_security/saimod_sys_security.php b/sai/modules/saimod_sys_security/saimod_sys_security.php
index 234ab95..76faef8 100644
--- a/sai/modules/saimod_sys_security/saimod_sys_security.php
+++ b/sai/modules/saimod_sys_security/saimod_sys_security.php
@@ -303,7 +303,7 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule {
     public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_changepassword($user,$new_password_sha1){
         if(!\SYSTEM\SECURITY\security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){
             return \SYSTEM\LOG\JsonResult::fail();}
-        $row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user));
+        $row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user,$user));
         if(!$row){
             throw new \SYSTEM\LOG\ERROR("No such User.");}
         return \SYSTEM\SQL\SYS_SECURITY_UPDATE_PW::QI(array($new_password_sha1, $row['id'])) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
@@ -322,7 +322,7 @@ class saimod_sys_security extends \SYSTEM\SAI\SaiModule {
     public static function sai_mod__SYSTEM_SAI_saimod_sys_security_action_changeemail($user,$new_email){
         if(!\SYSTEM\SECURITY\security::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT)){
             return \SYSTEM\LOG\JsonResult::fail();}
-        $row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user));
+        $row = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user,$user));
         if(!$row){
             throw new \SYSTEM\LOG\ERROR("No such User.");}
         return \SYSTEM\SQL\SYS_SECURITY_CHANGE_EMAIL::QI(array($new_email,$row['id'])) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
diff --git a/security/qq/SYS_SECURITY_LOGIN_USER_EMAIL_SHA1.php b/security/qq/SYS_SECURITY_LOGIN_USER_EMAIL_SHA1.php
deleted file mode 100644
index b2d2ed6..0000000
--- a/security/qq/SYS_SECURITY_LOGIN_USER_EMAIL_SHA1.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-/**
- * System - PHP Framework
- *
- * PHP Version 5.6
- *
- * @copyright   2016 Ulf Gebhardt (http://www.webcraft-media.de)
- * @license     http://www.opensource.org/licenses/mit-license.php MIT
- * @link        https://github.com/webcraftmedia/system
- * @package     SYSTEM\SQL
- */
-namespace SYSTEM\SQL;
-
-/**
- * QQ to check for emails creadentials (login)
- */
-class SYS_SECURITY_LOGIN_USER_EMAIL_SHA1 extends \SYSTEM\DB\QP {
-    /**
-     * Get Classname of the QQ
-     * 
-     * @return string Returns classname
-     */
-    public static function get_class(){return \get_class();}
-    
-    /**
-     * Get QQs PostgreSQL Query String
-     * 
-     * @return string Returns PostgreSQL Query String
-     */
-    public static function pgsql(){return           
-'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_PG.
-' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER($1) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER($2))'.
-' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = $3;';
-    }
-    
-    /**
-     * Get QQs MYSQL Query String
-     * 
-     * @return string Returns MYSQL Query String
-     */
-    public static function mysql(){return
-'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
-' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER(?) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER(?))'.
-' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = ?;';
-    }
-}
\ No newline at end of file
diff --git a/security/qq/SYS_SECURITY_LOGIN_USER_SHA1.php b/security/qq/SYS_SECURITY_LOGIN_USER_SHA1.php
index c82779f..e3eb577 100644
--- a/security/qq/SYS_SECURITY_LOGIN_USER_SHA1.php
+++ b/security/qq/SYS_SECURITY_LOGIN_USER_SHA1.php
@@ -12,7 +12,7 @@
 namespace SYSTEM\SQL;
 
 /**
- * QQ to check for usernames credentials (login)
+ * QQ to check for emails creadentials (login)
  */
 class SYS_SECURITY_LOGIN_USER_SHA1 extends \SYSTEM\DB\QP {
     /**
@@ -29,7 +29,7 @@ class SYS_SECURITY_LOGIN_USER_SHA1 extends \SYSTEM\DB\QP {
      */
     public static function pgsql(){return           
 'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_PG.
-' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER($1)'.
+' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER($1) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER($2))'.
 ' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = $3;';
     }
     
@@ -40,7 +40,7 @@ class SYS_SECURITY_LOGIN_USER_SHA1 extends \SYSTEM\DB\QP {
      */
     public static function mysql(){return
 'SELECT * FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
-' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER(?)'.
+' WHERE (UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') LIKE UPPER(?) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') LIKE UPPER(?))'.
 ' AND '.\SYSTEM\SQL\system_user::FIELD_PASSWORD_SHA.' = ?;';
     }
 }
\ No newline at end of file
diff --git a/security/qq/SYS_SECURITY_USER_INFO.php b/security/qq/SYS_SECURITY_USER_INFO.php
index 7f65b71..00d1da2 100644
--- a/security/qq/SYS_SECURITY_USER_INFO.php
+++ b/security/qq/SYS_SECURITY_USER_INFO.php
@@ -29,7 +29,7 @@ class SYS_SECURITY_USER_INFO extends \SYSTEM\DB\QP {
      */
     public static function pgsql(){return
 'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_PG.
-' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER($1);';
+' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') = UPPER($1) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') = UPPER($2);';
     }
     
     /**
@@ -39,6 +39,6 @@ class SYS_SECURITY_USER_INFO extends \SYSTEM\DB\QP {
      */
     public static function mysql(){return
 'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
-' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER(?);';
+' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') = UPPER(?) OR UPPER('.\SYSTEM\SQL\system_user::FIELD_EMAIL.') = UPPER(?);';
     }
 }
\ No newline at end of file
diff --git a/security/security.php b/security/security.php
index 0e71407..97ba4f9 100644
--- a/security/security.php
+++ b/security/security.php
@@ -50,7 +50,7 @@ class security {
         $_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] = NULL;
                 
         //Database check
-        $row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_EMAIL_SHA1::Q1(array($username, $username, $password_sha1));         
+        $row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array($username, $username, $password_sha1));         
         if(!$row){
             throw new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");}
            
@@ -126,7 +126,8 @@ class security {
     public static function change_password($old_password_sha1,$new_password_sha1){
         if(!\SYSTEM\SECURITY\security::isLoggedIn()){
             throw new \SYSTEM\LOG\ERROR("You need to be logged in to change your Password!");}
-        $row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array(\SYSTEM\SECURITY\security::getUser()->username, $old_password_sha1));                        
+        $username = \SYSTEM\SECURITY\security::getUser()->username;
+        $row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array($username, $username, $old_password_sha1));                        
         if(!$row){
             throw new \SYSTEM\LOG\ERROR("No such User Password combination.");}
         return \SYSTEM\SQL\SYS_SECURITY_UPDATE_PW::QI(array($new_password_sha1, $row['id'])) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
@@ -151,11 +152,16 @@ class security {
      */
     public static function change_email($new_email,$post_script=null,$post_script_data=null) {
         if(!\SYSTEM\SECURITY\security::isLoggedIn()){
-            throw new \SYSTEM\LOG\ERROR("You need to be logged in to change your EMail!");}
+            throw new \SYSTEM\LOG\ERROR('You need to be logged in to change your EMail!');}
+        $res = \SYSTEM\SQL\SYS_SECURITY_AVAILABLE_EMAIL::Q1(array($new_email,$new_email));
+        if(!$res || $res['count'] != 0){
+            throw new \SYSTEM\LOG\ERROR('The EMail '.$new_email.' is already registered!');}
         //find all userdata
-        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array(\SYSTEM\SECURITY\security::getUser()->username));
+        $username = \SYSTEM\SECURITY\security::getUser()->username;
+        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username,$username));
         if(!$vars || $vars['email_confirmed'] !== 1){
-            throw new \SYSTEM\LOG\ERROR("Username not found or Email unconfirmed.");}
+            throw new \SYSTEM\LOG\ERROR('Username not found or Email unconfirmed.');}
+            
         $old_email = $vars['email'];
         $data = array('user' => $vars['id'],'email' => $new_email);
         if($post_script){
@@ -191,12 +197,10 @@ class security {
      * @return bool Returns true or false
      */
     public static function reset_password($username,$post_script=null,$post_script_data=null) {
-        if(!\SYSTEM\SECURITY\security::isLoggedIn()){
-            throw new \SYSTEM\LOG\ERROR("You need to be logged in to reset your Password!");}
         //find all userdata
-        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
+        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username,$username));
         if(!$vars){
-            throw new \SYSTEM\LOG\ERROR("Username not found.");}
+            throw new \SYSTEM\LOG\ERROR("Username or EMail could not be found.");}
         
         //generate pw & token
         $vars['pw'] = substr(sha1(time().rand(0, 4000)), 1,10);
@@ -250,7 +254,7 @@ class security {
      */
     public static function confirm_email_admin($user, $post_script=null,$post_script_data=null) {
         //find all userdata
-        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user));
+        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($user,$user));
         if(!$vars || $vars['email_confirmed'] == 1){
             throw new \SYSTEM\LOG\ERROR("Username not found or already confirmed.");}
         
diff --git a/sql/qt/mysql/data/system_api.sql b/sql/qt/mysql/data/system_api.sql
index f661157..11ee02e 100644
--- a/sql/qt/mysql/data/system_api.sql
+++ b/sql/qt/mysql/data/system_api.sql
@@ -1,8 +1,7 @@
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 0, 0, -1, NULL, 'call', NULL);
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 0, 0, 10, NULL, 'action', NULL);
 
--- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 0, 2, 11, 'reset_password', 'username', 'STRING');
-DELETE FROM `system_api` WHERE `ID` = 12 AND `group` = 0;
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 0, 2, 11, 'reset_password', 'username', 'STRING');
 -- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 0, 2, 11, 'change_password', 'username', 'STRING');
 DELETE FROM `system_api` WHERE `ID` = 13 AND `group` = 0;
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 0, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
diff --git a/sql/qt/mysql/data/system_sai_api.sql b/sql/qt/mysql/data/system_sai_api.sql
index 0a53d8c..5bc73c3 100644
--- a/sql/qt/mysql/data/system_sai_api.sql
+++ b/sql/qt/mysql/data/system_sai_api.sql
@@ -9,8 +9,7 @@ REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `na
 -- system_api
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 42, 0, -1, NULL, 'call', NULL);
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 42, 0, 10, NULL, 'action', NULL);
--- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 42, 2, 11, 'reset_password', 'username', 'STRING');
-DELETE FROM `system_api` WHERE `ID` = 12 AND `group` = 42;
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 42, 2, 11, 'reset_password', 'username', 'STRING');
 -- REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 42, 2, 11, 'change_password', 'username', 'STRING');
 DELETE FROM `system_api` WHERE `ID` = 13 AND `group` = 42;
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 42, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
diff --git a/sql/qt/mysql/schema/system_user.sql b/sql/qt/mysql/schema/system_user.sql
index 1a87553..cd2e9d7 100644
--- a/sql/qt/mysql/schema/system_user.sql
+++ b/sql/qt/mysql/schema/system_user.sql
@@ -6,8 +6,11 @@ CREATE TABLE `system_user` (
 	`joindate` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
 	`locale` CHAR(6) NOT NULL DEFAULT 'enUS',
 	`last_active` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00',
+	`session_id` VARCHAR(40) NULL DEFAULT NULL,
 	`email_confirmed` INT(11) NULL DEFAULT NULL,
-	PRIMARY KEY (`id`)
+	PRIMARY KEY (`id`),
+	UNIQUE INDEX `email` (`email`),
+	UNIQUE INDEX `username` (`username`)
 )
 COLLATE='utf8_general_ci'
 ENGINE=InnoDB