diff --git a/backend.php b/backend.php
index d203af3fa..745a1a132 100644
--- a/backend.php
+++ b/backend.php
@@ -81,6 +81,10 @@
 		1440 => "Daily",
 		10080 => "Weekly");
 
+	$access_level_names = array(
+		0 => "User", 
+		10 => "Administrator");
+
 	$script_started = getmicrotime();
 
 	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
@@ -2007,13 +2011,9 @@
 		
 					$edit_cat_id = $_GET["id"];
 		
-					if ($subop == "editCat") {
-						if ($cat_id != $edit_cat_id) {
+					if ($subop == "editCat" && $cat_id != $edit_cat_id) {
 							$class .= "Grayed";
 							$this_row_id = "";
-						} else {
-							$class .= "Selected";
-						}
 					} else {
 						$this_row_id = "id=\"FCATR-$cat_id\"";
 					}
@@ -2683,30 +2683,6 @@
 
 		}
 
-		if ($id == "quickDelFeed") {
-
-			$param = db_escape_string($param);
-
-			$result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$param'");
-
-			if ($result) {
-
-				$f_title = db_fetch_result($result, 0, "title");
-		
-				print "Remove current feed (<b>$f_title</b>)?&nbsp;
-				<input class=\"button\"
-					type=\"submit\" onclick=\"javascript:qfdDelete($param)\" value=\"Remove\">
-				<input class=\"button\"
-					type=\"submit\" onclick=\"javascript:closeInfoBox()\" 
-					value=\"Cancel\">";
-			} else {
-				print "Error: Feed $param not found.&nbsp;
-				<input class=\"button\"
-					type=\"submit\" onclick=\"javascript:closeInfoBox()\" 
-					value=\"Cancel\">";		
-			}
-		}
-
 		if ($id == "search") {
 
 			print "<div id=\"infoBoxTitle\">Search</div>";
@@ -3229,16 +3205,78 @@
 
 		$subop = $_GET["subop"];
 
+		if ($subop == "edit") {
+
+			$id = db_escape_string($_GET["id"]);
+
+			print "<div id=\"infoBoxTitle\">User editor</div>";
+			
+			print "<div class=\"infoBoxContents\">";
+
+			print "<form id=\"user_edit_form\">";
+
+			print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
+			print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
+			print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
+
+			$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
+
+			$login = db_fetch_result($result, 0, "login");
+			$access_level = db_fetch_result($result, 0, "access_level");
+			$email = db_fetch_result($result, 0, "email");
+
+			print "<table width='100%'>";
+			print "<tr><td>Login:</td><td>
+				<input class=\"iedit\" name=\"login\" value=\"$login\"></td></tr>";
+
+			print "<tr><td>Change password:</td><td>
+				<input class=\"iedit\" name=\"password\"></td></tr>";
+
+			print "<tr><td>E-mail:</td><td>
+				<input class=\"iedit\" name=\"email\" value=\"$email\"></td></tr>";
+
+			$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
+				
+			print "<tr><td>Access level:</td><td>";
+			print_select_hash("access_level", $access_level, $access_level_names, 
+				$sel_disabled);
+			print "</td></tr>";
+
+			print "</table>";
+
+			print "</form>";
+			
+			print "<div align='right'>
+				<input class=\"button\"
+					type=\"submit\" onclick=\"javascript:userEditSave()\" value=\"Save\">
+				<input class=\"button\"
+					type=\"submit\" onclick=\"javascript:userEditCancel()\" 
+					value=\"Cancel\"></div>";
+
+			print "</div>";
+
+			return;
+		}
+
 		if ($subop == "editSave") {
 	
-			if (!WEB_DEMO_MODE) {
+			if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
 
-				$login = db_escape_string($_GET["l"]);
+				$login = db_escape_string(trim($_GET["login"]));
 				$uid = db_escape_string($_GET["id"]);
-				$access_level = sprintf("%d", $_GET["al"]);
-				$email = db_escape_string($_GET["e"]);
+				$access_level = sprintf("%d", $_GET["access_level"]);
+				$email = db_escape_string(trim($_GET["email"]));
+				$password = db_escape_string(trim($_GET["password"]));
 
-				db_query($link, "UPDATE ttrss_users SET login = '$login', 
+				if ($password) {
+					$pwd_hash = 'SHA1:' . sha1($password);
+					$pass_query_part = "pwd_hash = '$pwd_hash', ";					
+					print "<div class='notice'>Changed password for user <b>$login</b>.</div>";
+				} else {
+					$pass_query_part = "";
+				}
+
+				db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login', 
 					access_level = '$access_level', email = '$email' WHERE id = '$uid'");
 
 			}
@@ -3363,10 +3401,9 @@
 
 		print "<tr class=\"title\">
 					<td align='center' width=\"5%\">&nbsp;</td>
-					<td width='20%'>Login</td>
-					<td width='20%'>E-mail</td>
-					<td width='20%'>Access Level</td>
-					<td width='20%'>Last login</td></tr>";
+					<td width='40%'>Login</td>
+					<td width='40%'>Access Level</td>
+					<td width='30%'>Last login</td></tr>";
 		
 		$lnum = 0;
 		
@@ -3393,7 +3430,7 @@
 
 			$access_level_names = array(0 => "User", 10 => "Administrator");
 
-			if (!$edit_uid || $subop != "edit") {
+//			if (!$edit_uid || $subop != "edit") {
 
 				print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");' 
 				type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
@@ -3403,13 +3440,10 @@
 
 				if (!$line["email"]) $line["email"] = "&nbsp;";
 
-				print "<td><a href=\"javascript:editUser($uid);\">" . 
-					$line["email"] . "</td>";			
-
 				print "<td><a href=\"javascript:editUser($uid);\">" . 
 					$access_level_names[$line["access_level"]] . "</td>";			
 
-			} else if ($uid != $edit_uid) {
+/*			} else if ($uid != $edit_uid) {
 
 				if (!$line["email"]) $line["email"] = "&nbsp;";
 
@@ -3445,7 +3479,7 @@
 				print "</select>";
 				print "</td>";
 
-			}
+			} */
 				
 			print "<td>".$line["last_login"]."</td>";		
 		
@@ -3458,14 +3492,14 @@
 
 		print "<p id='userOpToolbar'>";
 
-		if ($subop == "edit") {
+/*		if ($subop == "edit") {
 			print "Edit user:
 				<input type=\"submit\" class=\"button\" 
 					onclick=\"javascript:userEditSave()\" value=\"Save\">
 				<input type=\"submit\" class=\"button\" 
 					onclick=\"javascript:userEditCancel()\" value=\"Cancel\">";
 					
-		} else {
+		} else { */
 
 			print "
 				Selection:
@@ -3478,7 +3512,7 @@
 			<input type=\"submit\" class=\"button\" disabled=\"true\"
 				onclick=\"javascript:resetSelectedUserPass()\" value=\"Reset password\">";
 
-		}
+//		}
 	}
 
 	if ($op == "user-details") {
diff --git a/prefs.js b/prefs.js
index 23830cee7..00ba1a62b 100644
--- a/prefs.js
+++ b/prefs.js
@@ -1,10 +1,8 @@
 var xmlhttp = false;
 
-var active_feed = false;
 var active_feed_cat = false;
 var active_filter = false;
 var active_label = false;
-var active_user = false;
 var active_tab = false;
 var feed_to_expand = false;
 
@@ -33,18 +31,19 @@ function feedlist_callback() {
 			container.innerHTML=xmlhttp.responseText;
 			selectTab("feedConfig", true);
 
-			if (active_feed) {
-				var row = document.getElementById("FEEDR-" + active_feed);
+			if (active_feed_cat) {
+				var row = document.getElementById("FCATR-" + active_feed_cat);
 				if (row) {
 					if (!row.className.match("Selected")) {
 						row.className = row.className + "Selected";
 					}		
 				}
-				var checkbox = document.getElementById("FRCHK-" + active_feed);
+				var checkbox = document.getElementById("FCCHK-" + active_feed_cat);
 				if (checkbox) {
 					checkbox.checked = true;
 				}
 			}
+
 			notify("");
 		} catch (e) {
 			exception_error("feedlist_callback", e);
@@ -109,20 +108,6 @@ function userlist_callback() {
 	var container = document.getElementById('prefContent');
 	if (xmlhttp.readyState == 4) {
 		container.innerHTML=xmlhttp.responseText;
-
-		if (active_user) {
-			var row = document.getElementById("UMRR-" + active_user);
-			if (row) {
-				if (!row.className.match("Selected")) {
-					row.className = row.className + "Selected";
-				}		
-			}
-			var checkbox = document.getElementById("UMCHK-" + active_user);
-			
-			if (checkbox) {
-				checkbox.checked = true;
-			}
-		} 
 		notify("");
 	}
 }
@@ -352,11 +337,12 @@ function editUser(id) {
 		return
 	}
 
-	active_user = id;
+	selectTableRowsByIdPrefix('prefUserList', 'UMRR-', 'UMCHK-', false);
+	selectTableRowById('UMRR-'+id, 'UMCHK-'+id, true);
 
 	xmlhttp.open("GET", "backend.php?op=pref-users&subop=edit&id=" +
 		param_escape(id), true);
-	xmlhttp.onreadystatechange=userlist_callback;
+	xmlhttp.onreadystatechange=infobox_callback;
 	xmlhttp.send(null);
 
 }
@@ -386,14 +372,12 @@ function editFeed(feed) {
 		return
 	}
 
-	active_feed = feed;
-
 	// clean selection from all rows & select row being edited
 	selectTableRowsByIdPrefix('prefFeedList', 'FEEDR-', 'FRCHK-', false);
 	selectTableRowById('FEEDR-'+feed, 'FRCHK-'+feed, true);
 
 	xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=editfeed&id=" +
-		param_escape(active_feed), true);
+		param_escape(feed), true);
 
 	xmlhttp.onreadystatechange=infobox_callback;
 	xmlhttp.send(null);
@@ -611,8 +595,6 @@ function feedEditCancel() {
 
 	selectPrefRows('feed', false); // cleanup feed selection
 
-	active_feed = false;
-
 }
 
 function feedCatEditCancel() {
@@ -645,8 +627,6 @@ function feedEditSave() {
 
 		var query = Form.serialize("edit_feed_form");
 
-		active_feed = false;
-
 		notify("Saving feed...");
 
 		xmlhttp.open("POST", "backend.php", true);
@@ -730,14 +710,9 @@ function userEditCancel() {
 		return
 	}
 
-	active_user = false;
-
-//	notify("Operation cancelled.");
-
-	xmlhttp.open("GET", "backend.php?op=pref-users", true);
-	xmlhttp.onreadystatechange=userlist_callback;
-	xmlhttp.send(null);
+	selectPrefRows('user', false); // cleanup feed selection
 
+	closeInfoBox();
 }
 
 function filterEditCancel() {
@@ -766,22 +741,18 @@ function labelEditSave() {
 		return
 	}
 
-/*	var sqlexp = document.getElementById("iedit_expr").value;
-	var descr = document.getElementById("iedit_descr").value;
+	var sql_exp = document.forms["label_edit_form"].sql_exp.value;
+	var description = document.forms["label_edit_form"].description.value;
 
-//	notify("Saving label " + sqlexp + ": " + descr);
-
-	if (sqlexp.length == 0) {
-		notify("SQL expression cannot be blank.");
+	if (sql_exp.length == 0) {
+		alert("SQL Expression cannot be blank.");
 		return;
 	}
 
-	if (descr.length == 0) {
-		notify("Caption cannot be blank.");
+	if (description.length == 0) {
+		alert("Caption field cannot be blank.");
 		return;
-	} */
-
-	// FIXME: input validation
+	}
 
 	notify("Saving label...");
 
@@ -798,41 +769,25 @@ function labelEditSave() {
 
 function userEditSave() {
 
-	var user = active_user;
-
 	if (!xmlhttp_ready(xmlhttp)) {
 		printLockingError();
 		return
 	}
 
-	var login = document.getElementById("iedit_ulogin").value;
-	var level = document.getElementById("iedit_ulevel");
-
-	level = level[level.selectedIndex].id;
-	
-	var email = document.getElementById("iedit_email").value;
+	var login = document.forms["user_edit_form"].login.value;
 
 	if (login.length == 0) {
-		notify("Login cannot be blank.");
+		alert("Login field cannot be blank.");
 		return;
 	}
-
-	if (level.length == 0) {
-		notify("User level cannot be blank.");
-		return;
-	}
-
-	active_user = false;
-
+	
 	notify("Saving user...");
-
-	xmlhttp.open("GET", "backend.php?op=pref-users&subop=editSave&id=" +
-		user + "&l=" + param_escape(login) + "&al=" + param_escape(level) +
-		"&e=" + param_escape(email), true);
-		
+	
+	var query = Form.serialize("user_edit_form");
+	
+	xmlhttp.open("GET", "backend.php?" + query, true);			
 	xmlhttp.onreadystatechange=userlist_callback;
 	xmlhttp.send(null);
-
 }
 
 
@@ -843,7 +798,12 @@ function filterEditSave() {
 		return
 	}
 
-	// FIXME: input validation
+	var reg_exp = document.forms["filter_edit_form"].reg_exp.value;
+
+	if (reg_exp.length == 0) {
+		alert("Filter expression field cannot be blank.");
+		return;
+	}
 
 	notify("Saving filter...");
 
@@ -1171,11 +1131,9 @@ function selectTab(id, noupdate) {
 		notify("Loading, please wait...", true);
 
 		// clean up all current selections, just in case
-		active_feed = false;
 		active_feed_cat = false;
 		active_filter = false;
 		active_label = false;
-		active_user = false;
 
 		if (id == "feedConfig") {
 			updateFeedList();

Login:	+
Change password:	+
E-mail:	+
Access level:	"; + print_select_hash("access_level", $access_level, $access_level_names, + $sel_disabled); + print "