diff --git a/htroot/User.html b/htroot/User.html
index 8f1aa2c17..cc6ccaf25 100644
--- a/htroot/User.html
+++ b/htroot/User.html
@@ -16,7 +16,42 @@ You are currently logged in as #[username]#.<br />
 <form action="User.html">
   <input type="submit" name="logout" value="logout">
 </form>
+#(limit)#::
+You have used <i>#[timeused]#</i> minutes of your onlinetime limit of <i>#[timelimit]#</i> minutes per day.<br />
+#(/limit)#
+<form action="User.html" method="POST">
+<table border="1">
+</table>
+<tr>
+  <td>old Password</td>
+  <td><input type="password" name="oldpass" /></td>
+</tr><tr>
+  <td>new Password</td>
+  <td><input type="password" name="newpass"></td>
+</tr><tr>
+  <td>new Password(repetition)</td>
+  <td><input type="password" name="newpass2"></td>
+</tr><tr>
+  <td colspan="2"><input type="submit" name="changepass" value="change"></td>
+</tr>
+</table>
+</form>
+<p />
+<b>
 #(/logged-in)#
+#(status)#
+::
+#(password)#
+Password was changed.
+::
+old Password is wrong.
+::
+new Password and its repetition do not match.
+::
+new Password is empty.
+#(/password)#
+#(/status)#
+</b>
 
 #[footer]#
 </body>
diff --git a/htroot/User.java b/htroot/User.java
index 0d2fa893f..7a442d72b 100644
--- a/htroot/User.java
+++ b/htroot/User.java
@@ -46,9 +46,12 @@
 //javac -classpath .:../Classes Message.java
 //if the shell's current path is HTROOT
 
+import java.io.IOException;
+
 import de.anomic.data.userDB;
 import de.anomic.http.httpHeader;
 import de.anomic.plasma.plasmaSwitchboard;
+import de.anomic.server.serverCodings;
 import de.anomic.server.serverObjects;
 import de.anomic.server.serverSwitch;
 
@@ -62,6 +65,8 @@ public class User{
 
         //default values
         prop.put("logged_in", 0);
+        prop.put("logged-in_limit", 0);
+        prop.put("status", 0);
         entry=sb.userDB.proxyAuth(((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")));
         if(entry != null){
         		prop.put("logged-in_identified-by", 1);
@@ -74,10 +79,35 @@ public class User{
         if(entry != null){
         		prop.put("logged-in", 1);
         		prop.put("logged-in_username", entry.getUserName());
+        		if(entry.getTimeLimit().intValue() > 0){
+        			prop.put("logged-in_limit", 1);
+        			prop.put("logged-in_limit_timelimit", entry.getTimeLimit());
+        			prop.put("logged-in_limit_timeused", entry.getTimeUsed());
+        		}
         }
-        if(post!= null && post.containsKey("logout") && entry != null){
-        		entry.logout(((String)header.get("CLIENTIP", "xxxxxx")));
-        		prop.put("logged-in", 0);
+        if(post!= null && entry != null){
+        		if(post.containsKey("logout")){
+        			entry.logout(((String)header.get("CLIENTIP", "xxxxxx")));
+        			prop.put("logged-in", 0);
+        		}else if(post.containsKey("changepass")){
+        			prop.put("status", 1); //password
+        			if(entry.getMD5EncodedUserPwd().equals(serverCodings.encodeMD5Hex(entry.getUserName()+":"+(String)post.get("oldpass", "")))){
+        			if(((String)post.get("newpass")).equals((String)post.get("newpass2"))){
+        			if(!((String)post.get("newpass", "")).equals("")){
+        				try {
+							entry.setProperty(userDB.Entry.MD5ENCODED_USERPWD_STRING, serverCodings.encodeMD5Hex(entry.getUserName()+":"+(String)post.get("newpass", "")));
+							prop.put("status_password", 0); //changes
+						} catch (IOException e) {}
+        			}else{
+        				prop.put("status_password", 3); //empty
+        			}
+        			}else{
+        				prop.put("status_password", 2); //pws do not match
+        			}
+        			}else{
+        				prop.put("status_password", 1); //old pw wrong
+        			}
+        		}
         }
         // return rewrite properties
         return prop;