diff --git a/application/config/form_validation.php b/application/config/form_validation.php
index e3339a1..8f779ed 100644
--- a/application/config/form_validation.php
+++ b/application/config/form_validation.php
@@ -122,31 +122,36 @@ $config['users/edit'] = array(
  *
  * @var array
  */
-$config['settings/index'] = array(
+$config['auth/settings'] = array(
 	array(
-			'field' => 'firstname',
-			'label' => _('First name'),
-			'rules' => 'required|max_length[50]|trim',
+		'field' => 'firstname',
+		'label' => _('First name'),
+		'rules' => 'required|max_length[50]|trim',
 	),
 	array(
-			'field' => 'lastname',
-			'label' => _('Last name'),
-			'rules' => 'required|max_length[50]|trim',
+		'field' => 'lastname',
+		'label' => _('Last name'),
+		'rules' => 'required|max_length[50]|trim',
 	),
 	array(
-			'field' => 'email',
-			'label' => _('Email address'),
-			'rules' => 'required|valid_email|trim',
+		'field' => 'email',
+		'label' => _('Email address'),
+		'rules' => 'required|valid_email|trim',
 	),
 	array(
-			'field' => 'institution',
-			'label' => _('Institution'),
-			'rules' => 'max_length[100]|trim',
+		'field' => 'institution',
+		'label' => _('Institution'),
+		'rules' => 'max_length[100]|trim',
 	),
 	array(
-			'field' => 'phone',
-			'label' => _('Phone number'),
-			'rules' => 'regex_match[/^\+\d{2,4}\s\d{2,4}\s\d{3,10}+$/i]|trim',
+		'field' => 'phone',
+		'label' => _('Phone number'),
+		'rules' => 'regex_match[/^\+\d{2,4}\s\d{2,4}\s\d{3,10}+$/i]|trim',
+	),
+	array(
+		'field' => 'new_password',
+		'label' => _('New password'),
+		'rules' => 'min_length[6]|matches[new_password_confirm]',
 	),
 );
 
diff --git a/application/controllers/auth.php b/application/controllers/auth.php
index 9ecff75..e8bd34a 100644
--- a/application/controllers/auth.php
+++ b/application/controllers/auth.php
@@ -106,14 +106,9 @@ class Auth extends CI_Controller {
 	 * Allows users to edit their settings.
 	 */
 	public function settings() {
-		if (!$this->access->loggedIn()) {
-			redirect('auth/login', 'refresh');
-		}
+		$user = $this->access->getCurrentUser();
 
-		// validate the form
-		$this->form_validation->set_rules('new_password', _('New password'), 'min_length[' . $this->config->item('min_password_length', 'auth') . ']|max_length[' . $this->config->item('max_password_length', 'access') . ']|matches[new_password_confirm]');
-
-		if ($this->form_validation->run() == true) {
+		if ($this->form_validation->run() === true) {
 			// change password if needed
 			if ($this->input->post('new_password') != '') {
 				$username = $this->session->userdata('username');
@@ -124,27 +119,22 @@ class Auth extends CI_Controller {
 				}
 			}
 
-			// update user
-			$updateData = array(
-                'firstname' => $this->input->post('firstname'),
-                'lastname' => $this->input->post('lastname'),
-                'institution' => $this->input->post('institution'),
-            	'phone' => $this->input->post('phone'),
-                'email' => $this->input->post('email'),
+			// update users table
+			$data = array(
+				'email' => $this->input->post('email'),
+				'firstname' => $this->input->post('firstname'),
+				'lastname' => $this->input->post('lastname'),
+				'institution' => $this->input->post('institution'),
+				'phone' => $this->input->post('phone')
 			);
-			$this->access->updateUser($this->session->userdata('user_id'), $updateData);
 
-			// output JSON data
-			$this->output->set_content_type('application/json')
-				->set_output(json_encode(array('success' => true)));
-		} else {
-			$data['success'] = true;
-			$data['data'] = $this->access->getCurrentUser();
-
-			// output JSON data
-			$this->output->set_content_type('application/json')
-					->set_output(json_encode($data));
+			if ($this->user->update($user['id'], $data)) {
+				$this->messages->add(_("Settings saved successfully"), 'success');
+				redirect('auth/settings', 303);
+			}
 		}
+
+		$this->load->view('auth/settings', $user);
 	}
 
 	/**
diff --git a/application/controllers/settings.php b/application/controllers/settings.php
deleted file mode 100644
index 8c8f65b..0000000
--- a/application/controllers/settings.php
+++ /dev/null
@@ -1,62 +0,0 @@
-<?php
-
-/*
- * Copyright (c) 2011 Karsten Heiken <karsten@disposed.de>
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/**
- * @author Karsten Heiken <karsten@disposed.de>
- */
-class Settings extends CI_Controller {
-
-	/**
-	 * Constructor.
-	 */
-	public function __construct() {
-		parent::__construct();
-		$this->load->model('program');
-		$this->load->library('form_validation');
-	}
-
-	/**
-	 * Show a list of all available programs.
-	 */
-	public function index() {
-		$user = $this->access->getCurrentUser();
-
-		if ($this->form_validation->run() === true) {
-			$data = array(
-				'email' => $this->input->post('email'),
-				'firstname' => $this->input->post('firstname'),
-				'lastname' => $this->input->post('lastname'),
-				'institution' => $this->input->post('institution'),
-				'phone' => $this->input->post('phone')
-			);
-
-			if ($this->user->update($user['id'], $data)) {
-				$this->messages->add(_("Settings saved successfully"), 'success');
-				redirect('settings', 303);
-			}
-		}
-
-		$this->load->view('user/settings', $user);
-	}
-}
diff --git a/application/views/user/settings.php b/application/views/auth/settings.php
similarity index 96%
rename from application/views/user/settings.php
rename to application/views/auth/settings.php
index ce2a767..4195485 100644
--- a/application/views/user/settings.php
+++ b/application/views/auth/settings.php
@@ -1,7 +1,7 @@
 <?php $this->load->view('header');?>
 
 <div id="content">
-	<form name="settings" action="<?=('settings');?>" method="post">
+	<form name="settings" action="<?=site_url('auth/settings');?>" method="post">
 		<div class="title">
 			<h2><?=_('Settings');?></h2>
 		</div>
diff --git a/application/views/header.php b/application/views/header.php
index 09dd637..0eda012 100644
--- a/application/views/header.php
+++ b/application/views/header.php
@@ -29,7 +29,7 @@
 			<option value="<?=site_url('projects');?>">Projekte verwalten</option>
 		</select>
 	</div>
-	<div class="menu"><?= _('Hello,') ?> <a href="<?=site_url('');?>"><?=$this->user->profile()->firstname;?> <?=$this->user->profile()->lastname;?></a>! | <?=lang_select('assets/images');?> | <a href="#"><?=_('Help')?></a> | <?=anchor('settings', _('Settings'));?> | <?=anchor('auth/logout', _('Logout'));?></div>
+	<div class="menu"><?= _('Hello,') ?> <a href="<?=site_url('');?>"><?=$this->user->profile()->firstname;?> <?=$this->user->profile()->lastname;?></a>! | <?=lang_select('assets/images');?> | <a href="#"><?=_('Help')?></a> | <?=anchor('auth/settings', _('Settings'));?> | <?=anchor('auth/logout', _('Logout'));?></div>
 </div>
 
 <div id="wrapper">
diff --git a/application/views/user/index.html b/application/views/user/index.html
deleted file mode 100755
index c942a79..0000000
--- a/application/views/user/index.html
+++ /dev/null
@@ -1,10 +0,0 @@
-<html>
-<head>
-	<title>403 Forbidden</title>
-</head>
-<body>
-
-<p>Directory access is forbidden.</p>
-
-</body>
-</html>
\ No newline at end of file