diff --git a/api/api_login.php b/api/api_login.php
index 2b4c667..d058006 100644
--- a/api/api_login.php
+++ b/api/api_login.php
@@ -15,7 +15,7 @@ class api_login {
     public static function call_account_action_confirm_email($username){
         return \SYSTEM\SECURITY\security::confirm_email($username);}
     public static function call_account_action_confirm($token){
-        return \SYSTEM\SECURITY\security::confirm($token);}
+        return \SYSTEM\SECURITY\security::confirm($token,true);}
     
     public static function call_account_action_reset_password($username){
         return \SYSTEM\SECURITY\security::reset_password($username);}
diff --git a/api/verify.php b/api/verify.php
index 680a381..e034c50 100644
--- a/api/verify.php
+++ b/api/verify.php
@@ -16,5 +16,6 @@ class verify {
     public static function ARY      ($param)    {return \is_array($param);}
     public static function LANG     ($param)    {return \SYSTEM\locale::isLang($param);}
     public static function RESULT   ($param)    {return ($param == 'json' || $param == 'msgpack');}
+    public static function EMAIL    ($param)    {return filter_var($param, FILTER_VALIDATE_EMAIL);}
     
 };
\ No newline at end of file
diff --git a/autoload.inc b/autoload.inc
index 50353fd..065ab5e 100644
--- a/autoload.inc
+++ b/autoload.inc
@@ -21,4 +21,5 @@ require_once dirname(__FILE__).'/files/autoload.inc';
 require_once dirname(__FILE__).'/cron/autoload.inc';
 require_once dirname(__FILE__).'/sai/autoload.inc';
 require_once dirname(__FILE__).'/html/autoload.inc';
+require_once dirname(__FILE__).'/token/autoload.inc';
 require_once dirname(__FILE__).'/lib/autoload.inc';
\ No newline at end of file
diff --git a/sai/modules/saimod_sys_security/js/saimod_sys_security.js b/sai/modules/saimod_sys_security/js/saimod_sys_security.js
index e3771fe..83045c0 100644
--- a/sai/modules/saimod_sys_security/js/saimod_sys_security.js
+++ b/sai/modules/saimod_sys_security/js/saimod_sys_security.js
@@ -45,8 +45,9 @@ function init_saimod_sys_security_user() {
                 });
     });
     $('#btn_confirm_email').click(function(){
-        $.get( './sai.php?call=account&action=requestconfirm&username='+$(this).attr('user'),function(data){
-                    if(data==1){
+        system.account_confirm_email($(this).attr('user'),
+                function(data){
+                    if(data.status){
                         alert('Email sent');
                     } else {
                         alert('fail');
@@ -68,8 +69,9 @@ function init_saimod_sys_security_user() {
         }
     });
     $('#btn_reset_password').click(function(){
-        $.get( './sai.php?call=account&action=resetpassword&account='+$(this).attr('user'),function(data){
-                    if(data==1){
+        system.account_reset_password($(this).attr('user'),
+                function(data){
+                    if(data.status){
                         alert('Email sent');
                     } else {
                         alert('fail');
@@ -77,8 +79,9 @@ function init_saimod_sys_security_user() {
                 });
     });
     $('#btn_change_email').click(function(){
-        $.get( './sai.php?call=account&action=changeemail&username='+$(this).attr('user')+'&new_email=',function(data){
-                    if(data==1){
+        system.account_change_email($(this).attr('user'),$('#input_new_email').val(),
+                function(data){
+                    if(data.status){
                         alert('Email sent');
                     } else {
                         alert('fail');
diff --git a/security/qq/SYS_SECURITY_USER_INFO.php b/security/qq/SYS_SECURITY_USER_INFO.php
new file mode 100644
index 0000000..6a296df
--- /dev/null
+++ b/security/qq/SYS_SECURITY_USER_INFO.php
@@ -0,0 +1,13 @@
+<?php
+namespace SYSTEM\SQL;
+class SYS_SECURITY_USER_INFO extends \SYSTEM\DB\QP {
+    public static function get_class(){return \get_class();}
+    public static function pgsql(){return
+'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_PG.
+' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER($1);';
+    }
+    public static function mysql(){return
+'SELECT id,username,email,joindate,locale,last_active,email_confirmed FROM '.\SYSTEM\SQL\system_user::NAME_MYS.
+' WHERE UPPER('.\SYSTEM\SQL\system_user::FIELD_USERNAME.') like UPPER(?);';
+    }
+}
\ No newline at end of file
diff --git a/security/security.php b/security/security.php
index a615302..cc2b3a9 100644
--- a/security/security.php
+++ b/security/security.php
@@ -79,31 +79,70 @@ class security {
         return $result ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
     }
     public static function change_email($username, $new_email) {
-        $vars = array();
+        if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
+            throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
         //find all userdata
-        
-        //generate token
-        $vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_change_email', $new_email);
+        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
+        if(!$vars || $vars['email_confirmed'] !== 1){
+            throw new \SYSTEM\LOG\ERROR("Username not found or Email unconfirmed.");}
+            
+        //generate pw & token
+        $vars['email'] = $new_email;
+        $vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_change_email',array('user' => $vars['id'],'email' => $vars['email']));
+        $vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
+        $vars['newline'] = "\r\n";
         
         //mail
+        $to     = $vars['email'];
+        $subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_change_email_subject'), $vars);
+        $message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_change_email'), $vars);
+        $header = 'From: '. \SYSTEM\PAGE\text::get('mail_change_email_from')."\r\n" .
+                  'Reply-To: '.\SYSTEM\PAGE\text::get('mail_change_email_replyto');
+
+        return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
     }
     public static function reset_password($username) {
-        $vars = array();
         //find all userdata
-        
-        //generate token
-        $vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_reset_password', $new_pw_generated);
+        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
+        if(!$vars){
+            throw new \SYSTEM\LOG\ERROR("Username not found.");}
+            
+        //generate pw & token
+        $vars['pw'] = substr(sha1(time().rand(0, 4000)), 1,10);
+        $vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_reset_password',array('user' => $vars['id'],'pw_sha1' => sha1($vars['pw'])));
+        $vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
+        $vars['newline'] = "\r\n";
         
         //mail
+        $to     = $vars['email'];
+        $subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_reset_password_subject'), $vars);
+        $message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_reset_password'), $vars);
+        $header = 'From: '. \SYSTEM\PAGE\text::get('mail_reset_password_from')."\r\n" .
+                  'Reply-To: '.\SYSTEM\PAGE\text::get('mail_reset_password_replyto');
+
+        return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
     }
     public static function confirm_email($username) {
-        $vars = array();
+        if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
+            throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
         //find all userdata
+        $vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
+        if(!$vars || $vars['email_confirmed'] == 1){
+            throw new \SYSTEM\LOG\ERROR("Username not found or already confirmed.");}
         
         //generate token
-        $vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_confirm_email');
+        $vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_confirm_email',array('user' => $vars['id']));
+        $vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
+        $vars['newline'] = "\r\n";
         
         //mail
+        $to     = $vars['email'];
+        $subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_confirm_email_subject'), $vars);
+        $message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_confirm_email'), $vars);
+        $header = 'From: '. \SYSTEM\PAGE\text::get('mail_confirm_email_from')."\r\n" .
+                  'Reply-To: '.\SYSTEM\PAGE\text::get('mail_confirm_email_replyto');
+
+        return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
     }
     public static function confirm($token,$json_result = false) {
         return \SYSTEM\TOKEN\token::confirm($token) ? 
diff --git a/sql/qt/mysql/data/system_api.sql b/sql/qt/mysql/data/system_api.sql
index 4d12651..9f44b19 100644
--- a/sql/qt/mysql/data/system_api.sql
+++ b/sql/qt/mysql/data/system_api.sql
@@ -1,9 +1,14 @@
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 0, 0, -1, NULL, 'call', NULL);
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 0, 0, 10, NULL, 'action', NULL);
 
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 0, 2, 11, 'reset_password', 'username', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 0, 2, 11, 'change_password', 'username', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 0, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (15, 0, 3, 11, 'change_password', 'new_password_sha1', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (16, 0, 2, 11, 'confirm_email', 'username', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (17, 0, 2, 11, 'confirm', 'token', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (18, 0, 2, 11, 'change_email', 'username', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (19, 0, 2, 11, 'change_email', 'new_email', 'EMAIL');
 
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (20, 0, 2, 11, 'login', 'username', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (21, 0, 2, 11, 'login', 'password_sha1', 'STRING');
diff --git a/sql/qt/mysql/data/system_sai_api.sql b/sql/qt/mysql/data/system_sai_api.sql
index de6413b..61193e9 100644
--- a/sql/qt/mysql/data/system_sai_api.sql
+++ b/sql/qt/mysql/data/system_sai_api.sql
@@ -9,9 +9,14 @@ REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `na
 -- system_api
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (10, 42, 0, -1, NULL, 'call', NULL);
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (11, 42, 0, 10, NULL, 'action', NULL);
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (12, 42, 2, 11, 'reset_password', 'username', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (13, 42, 2, 11, 'change_password', 'username', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (14, 42, 2, 11, 'change_password', 'old_password_sha1', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (15, 42, 3, 11, 'change_password', 'new_password_sha1', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (16, 42, 2, 11, 'confirm_email', 'username', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (17, 42, 2, 11, 'confirm', 'token', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (18, 42, 2, 11, 'change_email', 'username', 'STRING');
+REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (19, 42, 2, 11, 'change_email', 'new_email', 'EMAIL');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (20, 42, 2, 11, 'login', 'username', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (21, 42, 2, 11, 'login', 'password_sha1', 'STRING');
 REPLACE INTO `system_api` (`ID`, `group`, `type`, `parentID`, `parentValue`, `name`, `verify`) VALUES (22, 42, 3, 11, 'login', 'locale', 'LANG');
diff --git a/sql/qt/mysql/data/system_text.sql b/sql/qt/mysql/data/system_text.sql
index dc44503..bc1b53d 100644
--- a/sql/qt/mysql/data/system_text.sql
+++ b/sql/qt/mysql/data/system_text.sql
@@ -1483,4 +1483,32 @@
     INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'sai_log');
     INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'sai_security');
     INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'sai_todo');
-    INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'time');
\ No newline at end of file
+    INSERT INTO `system_text_tag` (`id`, `tag`) VALUES ('time_ago_year', 'time');
+
+
+-- mail
+
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email', 'enUS', 'Hello ${username}${newline}${newline}follow this link to change your Accounts Email-Address to ${email}${newline}${base_url}api.php?call=account&action=confirm&token=${token}${newline}${newline}Sincerely your Admin Team', 10, 10, '2016-06-06 03:32:41', '2016-06-06 03:17:53');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email_from', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:19:53', '2016-06-06 03:19:53');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email_replyto', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:20:15', '2016-06-06 03:20:15');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_change_email_subject', 'enUS', 'Change Email', 10, 10, '2016-06-06 03:14:38', '2016-06-06 03:14:38');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email', 'enUS', 'Hello ${username}${newline}${newline}follow this link to confirm your Email-Address ${email}${newline}${base_url}api.php?call=account&action=confirm&token=${token} ${newline}${newline}Sincerely your Admin Team', 10, 10, '2016-06-06 01:44:07', '2016-06-06 01:42:58');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email_from', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 01:12:32', '2016-06-06 01:12:32');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email_replyto', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 01:12:51', '2016-06-06 01:12:51');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_confirm_email_subject', 'enUS', 'Confirm Email', 10, 10, '2016-06-06 03:14:18', '2016-06-06 03:14:18');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password', 'enUS', 'Hello ${username}${newline}${newline}follow this link to rest Accounts Password to ${pw}${newline}${base_url}api.php?call=account&action=confirm&token=${token}${newline}${newline}Sincerely your Admin Team', 10, 10, '2016-06-06 03:32:55', '2016-06-06 03:19:12');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password_from', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:21:14', '2016-06-06 03:21:14');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password_replyto', 'enUS', 'admin@mojotrollz.eu', 10, 10, '2016-06-06 03:21:34', '2016-06-06 03:21:34');
+    REPLACE INTO `system_text` (`id`, `lang`, `text`, `author`, `author_edit`, `time_create`, `time_edit`) VALUES ('mail_reset_password_subject', 'enUS', 'Reset Password', 10, 10, '2016-06-06 03:20:53', '2016-06-06 03:20:53');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email_from', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email_replyto', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_change_email_subject', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email_from', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email_replyto', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_confirm_email_subject', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password_from', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password_replyto', 'mail');
+    REPLACE INTO `system_text_tag` (`id`, `tag`) VALUES ('mail_reset_password_subject', 'mail');
\ No newline at end of file
diff --git a/token/qq/BETA_CHECK_CODE.php b/token/qq/BETA_CHECK_CODE.php
deleted file mode 100644
index 3fb6379..0000000
--- a/token/qq/BETA_CHECK_CODE.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-namespace SQL;
-class BETA_CHECK_CODE extends \SYSTEM\DB\QP {
-    public static function get_class(){return \get_class();}
-    public static function mysql(){return
-'SELECT COUNT(*) as count FROM mojotrollz_beta WHERE code = ? AND user_new IS NULL';
-    }
-}
\ No newline at end of file
diff --git a/token/qq/BETA_DELETE_CODE.php b/token/qq/BETA_DELETE_CODE.php
deleted file mode 100644
index 7955f92..0000000
--- a/token/qq/BETA_DELETE_CODE.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-namespace SQL;
-class BETA_DELETE_CODE extends \SYSTEM\DB\QP {
-    public static function get_class(){return \get_class();}
-    public static function mysql(){return
-'DELETE FROM `mojotrollz_beta`'.
-' WHERE code = ?;';    
-    }
-}
\ No newline at end of file
diff --git a/token/qq/SYS_SECURITY_CHANGE_EMAIL.php b/token/qq/SYS_SECURITY_CHANGE_EMAIL.php
new file mode 100644
index 0000000..8532fa2
--- /dev/null
+++ b/token/qq/SYS_SECURITY_CHANGE_EMAIL.php
@@ -0,0 +1,9 @@
+<?php
+namespace SYSTEM\SQL;
+class SYS_SECURITY_CHANGE_EMAIL extends \SYSTEM\DB\QP {
+    public static function get_class(){return \get_class();}
+    public static function mysql(){return 
+'UPDATE system_user SET email = ?, email_confirmed = NULL WHERE id = ?;';
+    }
+}
+
diff --git a/token/qq/SYS_SECURITY_CONFIRM_EMAIL.php b/token/qq/SYS_SECURITY_CONFIRM_EMAIL.php
new file mode 100644
index 0000000..7cee986
--- /dev/null
+++ b/token/qq/SYS_SECURITY_CONFIRM_EMAIL.php
@@ -0,0 +1,9 @@
+<?php
+namespace SYSTEM\SQL;
+class SYS_SECURITY_CONFIRM_EMAIL extends \SYSTEM\DB\QP {
+    public static function get_class(){return \get_class();}
+    public static function mysql(){return 
+'UPDATE system_user SET email_confirmed = 1 WHERE id = ?;';
+    }
+}
+
diff --git a/token/qq/SYS_SECURITY_RESET_PASSWORD.php b/token/qq/SYS_SECURITY_RESET_PASSWORD.php
new file mode 100644
index 0000000..f1803d1
--- /dev/null
+++ b/token/qq/SYS_SECURITY_RESET_PASSWORD.php
@@ -0,0 +1,9 @@
+<?php
+namespace SYSTEM\SQL;
+class SYS_SECURITY_RESET_PASSWORD extends \SYSTEM\DB\QP {
+    public static function get_class(){return \get_class();}
+    public static function mysql(){return 
+'UPDATE system_user SET password_sha1 = ? WHERE id = ?;';
+    }
+}
+
diff --git a/token/token.php b/token/token.php
index 66b9b02..8adb948 100644
--- a/token/token.php
+++ b/token/token.php
@@ -7,7 +7,7 @@ class token{
     private static function check_handler($handler){
         if( !\class_exists($handler) ||
             !\is_array($parents = \class_parents($handler)) ||
-            !\array_search('SYSTEM\TOKEN\token_handler', $handler)){
+            !\array_search('SYSTEM\TOKEN\token_handler', $parents)){
             return false;}
         return true;}   
 
@@ -16,14 +16,14 @@ class token{
             throw new \SYSTEM\LOG\ERROR('Problem with your Token class: '.$class.'; it might not be available or inherits from the wrong class!');}
         array_push(self::$type_handlers,$class);}
     
-    public static function request($class,$data=null){    
-        if(!\array_search($class, self::$type_handlers)){
+    public static function request($class,$data=array()){
+        if(!\in_array($class, self::$type_handlers)){
             throw new \SYSTEM\LOG\ERROR("Token_handler class not known to Token class. Please register it first.");}
             
         $token = \call_user_func(array($class, 'token'));
-        $res = \SYSTEM\SQL\SYS_TOKEN_INSERT::QI( array( $token, $type,
+        $res = \SYSTEM\SQL\SYS_TOKEN_INSERT::QI( array( $token, $class,
                                                         \call_user_func(array($class, 'expire')),
-                                                        \call_user_func(array($class, array('data',$data))),
+                                                        json_encode($data),
                                                         \SYSTEM\SECURITY\security::isLoggedIn() ? \SYSTEM\SECURITY\security::getUser()->id : null));
         return $token;
     }
@@ -33,13 +33,13 @@ class token{
             throw new \SYSTEM\LOG\ERROR('Token invalid.');}
         if(!$res['expire'] || strtotime($res['expire']) < time()){
             throw new \SYSTEM\LOG\ERROR('Token has expired!');}
-        if(!\array_search($res['class'], self::$type_handlers)){
+        if(!\in_array($res['class'], self::$type_handlers)){
             throw new \SYSTEM\LOG\ERROR('Token_handler class not known to Token class. Please register it first.');}
-        if(!\call_user_func(array($res['class'], array('confirm',$res)))){
+        if(!\call_user_func_array(array($res['class'], 'confirm'),array($res))){
             throw new \SYSTEM\LOG\ERROR('Token_handler rejected Token.');}
         return \SYSTEM\SQL\SYS_TOKEN_CONFIRM::QI(array( \SYSTEM\SECURITY\security::isLoggedIn() ? \SYSTEM\SECURITY\security::getUser()->id : null,
                                                         $token));
     }
     public static function get($token){
-        return \SYSTEM\SQL\SYS_TOKEN_GET::Q1($token);}
+        return \SYSTEM\SQL\SYS_TOKEN_GET::Q1(array($token));}
 }
\ No newline at end of file
diff --git a/token/token_change_email.php b/token/token_change_email.php
index 8c301e1..b51d70b 100644
--- a/token/token_change_email.php
+++ b/token/token_change_email.php
@@ -1,12 +1,11 @@
 <?php
 namespace SYSTEM\TOKEN;
 class token_change_email extends token_handler{
-    public function token(){
+    public static function token(){
         return sha1(time().rand(0, 3000));}
-    public function expire(){
-        time() + (60 * 60 * 12);}
-    public function data($data){
-        return $data;}
-    public function confirm($token_data){
-        return true;}
+    public static function expire(){
+        return time() + (60 * 60 * 12);}
+    public static function confirm($token_data){
+        $data = \json_decode($token_data['data'],true);
+        return \SYSTEM\SQL\SYS_SECURITY_CHANGE_EMAIL::QI(array($data['email'],$data['user'])) ? true : false;}
 }
diff --git a/token/token_confirm_email.php b/token/token_confirm_email.php
index 91e84da..9f7a49e 100644
--- a/token/token_confirm_email.php
+++ b/token/token_confirm_email.php
@@ -1,12 +1,11 @@
 <?php
 namespace SYSTEM\TOKEN;
 class token_confirm_email extends token_handler{
-    public function token(){
+    public static function token(){
         return sha1(time().rand(0, 1000));}
-    public function expire(){
-        time() + (60 * 60 * 24 * 3);}
-    public function data($data){
-        return $data;}
-    public function confirm($token_data){
-        return true;}
+    public static function expire(){
+        return time() + (60 * 60 * 24 * 3);}
+    public static function confirm($token_data){
+        $data = \json_decode($token_data['data'],true);
+        return \SYSTEM\SQL\SYS_SECURITY_CONFIRM_EMAIL::QI(array($data['user'])) ? true : false;}
 }
diff --git a/token/token_handler.php b/token/token_handler.php
index 7b60eae..1bdd1f2 100644
--- a/token/token_handler.php
+++ b/token/token_handler.php
@@ -2,8 +2,7 @@
 namespace SYSTEM\TOKEN;
 
 abstract class token_handler {
-    abstract public function token();
-    abstract public function expire();
-    abstract public function data($data);
-    abstract public function confirm($token_data);
+    abstract public static function token();
+    abstract public static function expire();
+    abstract public static function confirm($token_data);
 }
\ No newline at end of file
diff --git a/token/token_reset_password.php b/token/token_reset_password.php
index ddf70c6..f62183b 100644
--- a/token/token_reset_password.php
+++ b/token/token_reset_password.php
@@ -1,12 +1,11 @@
 <?php
 namespace SYSTEM\TOKEN;
 class token_reset_password extends token_handler{
-    public function token(){
+    public static function token(){
         return sha1(time().rand(0, 2000));}
-    public function expire(){
-        time() + (60 * 60 * 1);}
-    public function data($data){
-        return $data;}
-    public function confirm($token_data){
-        return true;}
+    public static function expire(){
+        return time() + (60 * 60 * 1);}
+    public static function confirm($token_data){
+        $data = \json_decode($token_data['data'],true);
+        return \SYSTEM\SQL\SYS_SECURITY_RESET_PASSWORD::QI(array($data['pw_sha1'],$data['user'])) ? true : false;}
 }