diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index ee9fb77c..9e320c15 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -177,7 +177,7 @@ class UserRepository extends BaseRepository
             throw new \InvalidArgumentException("password confirmation != password");
         }
         $user = User::query()->findOrFail($id, ['id', 'username', 'class']);
-        $operator = Auth::user();
+        $operator = get_user_id();
         if ($operator) {
             $this->checkPermission($operator, $user);
         }
diff --git a/include/constants.php b/include/constants.php
index 8398bb3c..b1438c43 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
 defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.9.10');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2025-10-29');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2025-10-30');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
diff --git a/public/adduser.php b/public/adduser.php
index af5dc04f..d54a8fa4 100644
--- a/public/adduser.php
+++ b/public/adduser.php
@@ -6,40 +6,52 @@ if (get_user_class() < UC_ADMINISTRATOR)
 stderr("Error", "Access denied.");
 if ($_SERVER["REQUEST_METHOD"] == "POST")
 {
-	if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
-	stderr("Error", "Missing form data.");
-	if ($_POST["password"] != $_POST["password2"])
-	stderr("Error", "Passwords mismatch.");
-	$email = htmlspecialchars(trim($_POST["email"]));
-	$email = safe_email($email);
-	if (!check_email($email))
-	stderr("Error","Invalid email address!");
-	
-	$username = $_POST["username"];
-	
-	if (!validusername($username))
-		stderr("Error","Invalid username.");
-	$username = sqlesc($username);
-	$res = sql_query("SELECT id FROM users WHERE username=$username");
-	$arr = mysql_fetch_row($res);
-	if ($arr)
-		stderr("Error","Username already exists!");
-	$password = $_POST["password"];
-	$email = sqlesc($_POST["email"]);
-	$res = sql_query("SELECT id FROM users WHERE email=$email");
-	$arr = mysql_fetch_row($res);
-	if ($arr)
-		stderr("Error","The e-mail address is already in use.");
-	$secret = mksecret();
-	$passhash = sqlesc(md5($secret . $password . $secret));
-	$secret = sqlesc($secret);
+//	if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
+//	stderr("Error", "Missing form data.");
+//	if ($_POST["password"] != $_POST["password2"])
+//	stderr("Error", "Passwords mismatch.");
+//	$email = htmlspecialchars(trim($_POST["email"]));
+//	$email = safe_email($email);
+//	if (!check_email($email))
+//	stderr("Error","Invalid email address!");
+//
+//	$username = $_POST["username"];
+//
+//	if (!validusername($username))
+//		stderr("Error","Invalid username.");
+//	$username = sqlesc($username);
+//	$res = sql_query("SELECT id FROM users WHERE username=$username");
+//	$arr = mysql_fetch_row($res);
+//	if ($arr)
+//		stderr("Error","Username already exists!");
+//	$password = $_POST["password"];
+//	$email = sqlesc($_POST["email"]);
+//	$res = sql_query("SELECT id FROM users WHERE email=$email");
+//	$arr = mysql_fetch_row($res);
+//	if ($arr)
+//		stderr("Error","The e-mail address is already in use.");
+//	$secret = mksecret();
+//	$passhash = sqlesc(md5($secret . $password . $secret));
+//	$secret = sqlesc($secret);
+//
+//	sql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, stylesheet, class,email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', ".$defcss.",".$defaultclass_class.",$email)") or sqlerr(__FILE__, __LINE__);
+//	$res = sql_query("SELECT id FROM users WHERE username=$username");
+//	$arr = mysql_fetch_row($res);
+//	if (!$arr)
+//	stderr("Error", "Unable to create the account. The user name is possibly already taken.");
 
-	sql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, stylesheet, class,email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', ".$defcss.",".$defaultclass_class.",$email)") or sqlerr(__FILE__, __LINE__);
-	$res = sql_query("SELECT id FROM users WHERE username=$username");
-	$arr = mysql_fetch_row($res);
-	if (!$arr)
-	stderr("Error", "Unable to create the account. The user name is possibly already taken.");
-	header("Location: " . get_protocol_prefix() . "$BASEURL/userdetails.php?id=".htmlspecialchars($arr[0]));
+    try {
+        $userRep = new \App\Repositories\UserRepository();
+        $newUser = $userRep->store([
+            'username' => $_POST['username'],
+            'email' => $_POST['email'],
+            'password' => $_POST['password'],
+            'password_confirmation' => $_POST['password2'],
+        ]);
+    } catch (\Exception $e) {
+        stderr("ERROR", $e->getMessage());
+    }
+	header("Location: " . get_protocol_prefix() . "$BASEURL/userdetails.php?id=".htmlspecialchars($newUser->id));
 	die;
 }
 stdhead("Add user");
diff --git a/public/modtask.php b/public/modtask.php
index 6f7348c2..a67d2a33 100644
--- a/public/modtask.php
+++ b/public/modtask.php
@@ -218,23 +218,23 @@ if ($action == "edituser")
             $userModifyLogs[] = "donor status changed by {$CURUSER['username']}. Current donor status: $donor";
         }
 	}
-
-	if ($chpassword != "" AND $passagain != "") {
-		unset($passupdate);
-		$passupdate=false;
-
-		if ($chpassword ==  $username OR strlen($chpassword) > 40 OR strlen($chpassword) < 6 OR $chpassword != $passagain)
-			$passupdate=false;
-		else
-			$passupdate=true;
-	}
-
-	if (isset($passupdate) && $passupdate) {
-		$sec = mksecret();
-		$passhash = md5($sec . $chpassword . $sec);
-		$updateset[] = "secret = " . sqlesc($sec);
-		$updateset[] = "passhash = " . sqlesc($passhash);
-	}
+//migrate to management
+//	if ($chpassword != "" AND $passagain != "") {
+//		unset($passupdate);
+//		$passupdate=false;
+//
+//		if ($chpassword ==  $username OR strlen($chpassword) > 40 OR strlen($chpassword) < 6 OR $chpassword != $passagain)
+//			$passupdate=false;
+//		else
+//			$passupdate=true;
+//	}
+//
+//	if (isset($passupdate) && $passupdate) {
+//		$sec = mksecret();
+//		$passhash = md5($sec . $chpassword . $sec);
+//		$updateset[] = "secret = " . sqlesc($sec);
+//		$updateset[] = "passhash = " . sqlesc($passhash);
+//	}
 
 	if ($curclass >= get_user_class())
 		puke();
@@ -457,7 +457,7 @@ if ($action == "edituser")
 			$subject = nexus_trans("user.msg_download_rights_removed", [], $locale);
 			$msg = nexus_trans("user.msg_your_download_rights_removed", [], $locale) . $CURUSER['username'] . nexus_trans("user.msg_probably_reason_three", [], $locale);
 			$added = sqlesc(date("Y-m-d H:i:s"));
-			
+
 			\App\Models\Message::add([
 		    'sender' => 0,
 		    'receiver' => $userid,
diff --git a/public/reset.php b/public/reset.php
index d9f62133..4b1c06a0 100644
--- a/public/reset.php
+++ b/public/reset.php
@@ -23,6 +23,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
 
    $res = sql_query("SELECT * FROM users WHERE username=" . sqlesc($username) . " ") or sqlerr();
 $arr = mysql_fetch_assoc($res);
+if (empty($arr)) {
+    stderr("Error","Sorry, that username doesn't exist.");
+}
 if (get_user_class() <= $arr['class']) {
     $log = "Password Reset For $username by {$CURUSER['username']} denied: operator class => " . get_user_class() . " is not greater than target user => {$arr['class']}";
     write_log($log);
@@ -31,10 +34,16 @@ if (get_user_class() <= $arr['class']) {
 }
 
 $id = $arr['id'];
-$wantpassword=$newpassword;
-$secret = mksecret();
-$wantpasshash = md5($secret . $wantpassword . $secret);
-sql_query("UPDATE users SET passhash=".sqlesc($wantpasshash).", secret= ".sqlesc($secret)." where id=$id");
+//$wantpassword=$newpassword;
+//$secret = mksecret();
+//$wantpasshash = md5($secret . $wantpassword . $secret);
+//sql_query("UPDATE users SET passhash=".sqlesc($wantpasshash).", secret= ".sqlesc($secret)." where id=$id");
+    $userRep = new \App\Repositories\UserRepository();
+    try {
+        $userRep->resetPassword($id, $newpassword, $newpasswordagain);
+    } catch (\Exception $e) {
+        stderr('Error', $e->getMessage());
+    }
 write_log("Password Reset For $username by {$CURUSER['username']}");
  if (mysql_affected_rows() != 1)
    stderr("Error", "Unable to RESET PASSWORD on this account.");
diff --git a/public/usercp.php b/public/usercp.php
index afb2a0ee..11ebbd2b 100644
--- a/public/usercp.php
+++ b/public/usercp.php
@@ -790,8 +790,10 @@ tr_small($lang_usercp['row_funbox'],"<input type=checkbox name=showfb".($CURUSER
 					$passhash = hash('sha256', $sec . $chpassword);
 					$updateset[] = "secret = " . sqlesc($sec);
 					$updateset[] = "passhash = " . sqlesc($passhash);
+                    $authKey = mksecret();
+					$updateset[] = "auth_key = " . sqlesc($authKey);
 
-					logincookie($CURUSER["id"],  $userInfo->auth_key);
+					logincookie($CURUSER["id"], $authKey);
 					$passupdated = 1;
 				}
 
diff --git a/public/userdetails.php b/public/userdetails.php
index e0ae5494..edf021c8 100644
--- a/public/userdetails.php
+++ b/public/userdetails.php
@@ -619,8 +619,8 @@ JS;
 		tr($lang_userdetails['row_change_email'], "<input type=\"text\" size=\"80\" name=\"email\" value=\"" . htmlspecialchars($user['email']) . "\" />", 1);
 	}
 
-	tr($lang_userdetails['row_change_password'], "<input type=\"password\" name=\"chpassword\" size=\"50\" />", 1);
-	tr($lang_userdetails['row_repeat_password'], "<input type=\"password\" name=\"passagain\" size=\"50\" />", 1);
+	tr($lang_userdetails['row_change_password'], "<input disabled type=\"password\" name=\"chpassword\" size=\"50\" />".$migratedHelp, 1);
+	tr($lang_userdetails['row_repeat_password'], "<input disabled type=\"password\" name=\"passagain\" size=\"50\" />".$migratedHelp, 1);
 
 	if (user_can('cruprfmanage'))
 	{