diff --git a/app/Config/version.php b/app/Config/version.php
index 12808a850..4656fc48b 100644
--- a/app/Config/version.php
+++ b/app/Config/version.php
@@ -1,4 +1,4 @@
 <?php
-	Configure::write('Saito.v', '4.0.1');
+	Configure::write('Saito.v', '4.0.2');
 
 	Configure::write('Saito.saitoHomepage', 'http://saito.siezi.com');
diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index de9ef96d9..f67901bb4 100644
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -112,8 +112,6 @@ public function __construct($request = null, $response = null) {
 		public function beforeFilter() {
 			Stopwatch::start('App->beforeFilter()');
 
-			parent::beforeFilter();
-
 			// must be called before CakeError early return
 			$this->Themes->theme(Configure::read('Saito.themes'));
 			$this->Setting->load(Configure::read('Saito.Settings'));
@@ -124,6 +122,8 @@ public function beforeFilter() {
 					return;
 			}
 
+			$this->Security->blackHoleCallback = 'blackhole';
+
 			$bbcodeSettings = BbcodeSettings::getInstance();
 			$bbcodeSettings->set(
 				[
@@ -293,6 +293,16 @@ protected function _setPageTitle() {
 			return $_pageTitle;
 		}
 
+		/**
+		 *
+		 *
+		 * @param $type
+		 * @throws Saito\BlackHoledException
+		 */
+		public function blackhole($type) {
+			throw new Saito\BlackHoledException($type);
+		}
+
 		public function initBbcode() {
 			if (isset($this->_bbcodeInitialized)) {
 				return;
diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php
index e31d1dac7..cf8601a8a 100644
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@@ -446,7 +446,7 @@ public function changepassword($id = null) {
 				throw new BadRequestException();
 			}
 
-			$user = $this->User->findById($id);
+			$user = $this->User->getProfile($id);
 			$allowed = $this->_isEditingAllowed($this->CurrentUser, $id);
 			if (empty($user) || !$allowed) {
 				throw new \Saito\ForbiddenException("Attempt to change password for user $id.",
diff --git a/app/Lib/SaitoExceptions.php b/app/Lib/SaitoExceptions.php
index 41735f46f..44f7a32f2 100644
--- a/app/Lib/SaitoExceptions.php
+++ b/app/Lib/SaitoExceptions.php
@@ -6,7 +6,7 @@
 
 	class ForbiddenException extends \HttpException {
 
-		private $__Logger;
+		protected $__Logger;
 
 		/**
 		 * @throws \InvalidArgumentException
@@ -19,3 +19,14 @@ public function __construct($message = null, $data = []) {
 
 	}
 
+	class BlackHoledException extends \BadRequestException {
+
+		public function __construct($type = null) {
+			$message = 'Request was blackholed. Type: ' . $type;
+			$this->__Logger = new \Saito\Logger\ExceptionLogger();
+			$this->__Logger->write($message);
+			parent::__construct($message, 400);
+		}
+
+	}
+
diff --git a/app/Test/Case/Controller/UsersControllerTest.php b/app/Test/Case/Controller/UsersControllerTest.php
index ab3e7c86f..a29b2061e 100755
--- a/app/Test/Case/Controller/UsersControllerTest.php
+++ b/app/Test/Case/Controller/UsersControllerTest.php
@@ -108,7 +108,7 @@ public function testLoginShowForm() {
 					'autocomplete' => 'off',
 					'name' => 'data[User][username]',
 					'required' => 'required',
-					'tabindex' => '1',
+					'tabindex' => '100',
 					'type' => 'text'
 				]
 			];
@@ -121,7 +121,7 @@ public function testLoginShowForm() {
 					'autocomplete' => 'off',
 					'name' => 'data[User][password]',
 					'required' => 'required',
-					'tabindex' => '2',
+					'tabindex' => '101',
 					'type' => 'password'
 				]
 			];
diff --git a/app/View/Elements/users/login_form.ctp b/app/View/Elements/users/login_form.ctp
index e662d1c9f..0625e0a56 100644
--- a/app/View/Elements/users/login_form.ctp
+++ b/app/View/Elements/users/login_form.ctp
@@ -5,14 +5,14 @@
   echo $this->Form->input('username', [
     'id' => 'tf-login-username',
     'label' => __('user_name'),
-    'tabindex' => 1,
+    'tabindex' => 100,
     'autocomplete' => 'off'
   ]);
 
   echo $this->Form->input('password', [
     'type' => 'password',
     'label' => __('user_pw'),
-    'tabindex' => 2,
+    'tabindex' => 101,
     'autocomplete' => 'off'
   ]);
 
@@ -22,12 +22,12 @@
       'style' => 'display: inline;',
     ],
     'type' => 'checkbox', 'style' => 'width: auto;',
-    'tabindex' => 3,
+    'tabindex' => 102,
   ]);
 
   echo $this->Form->submit(__('login_btn'), [
     'class' => 'btn btn-submit',
-    'tabindex' => 4,
+    'tabindex' => 103,
   ]);
 
   echo $this->Form->end();
diff --git a/app/View/Elements/users/register-form.ctp b/app/View/Elements/users/register-form.ctp
index 9ddb6d43c..3cb6f067a 100644
--- a/app/View/Elements/users/register-form.ctp
+++ b/app/View/Elements/users/register-form.ctp
@@ -1,35 +1,37 @@
 <?php
 
-	echo $this->Form->create('User', ['action' => 'register']);
-	echo $this->element('users/register-form-core');
-	echo $this->SimpleCaptcha->input('User', [
-			'error' => [
-				'captchaResultIncorrect' => __d('simple_captcha',
-					'Captcha result incorrect'),
-				'captchaResultTooLate' => __d('simple_captcha',
-					'Captcha result too late'),
-				'captchaResultTooFast' => __d('simple_captcha',
-					'Captcha result too fast'),
-			],
-			'div' => ['class' => 'input required']
-		]
-	);
+  echo $this->Form->create('User', ['action' => 'register']);
+  echo $this->element('users/register-form-core');
+  echo $this->SimpleCaptcha->input('User', [
+      'error' => [
+        'captchaResultIncorrect' => __d('simple_captcha',
+          'Captcha result incorrect'),
+        'captchaResultTooLate' => __d('simple_captcha',
+          'Captcha result too late'),
+        'captchaResultTooFast' => __d('simple_captcha',
+          'Captcha result too fast'),
+      ],
+      'div' => ['class' => 'input required'],
+      'tabindex' => 10
+    ]
+  );
 
-	if (Configure::read('Saito.Settings.tos_enabled')) {
-		$tosUrl = Configure::read('Saito.Settings.tos_url');
-		if (empty($tosUrl)) {
-			$tosUrl = '/pages/' . Configure::read('Config.language') . '/tos';
-		};
+  if (Configure::read('Saito.Settings.tos_enabled')) {
+    $tosUrl = Configure::read('Saito.Settings.tos_url');
+    if (empty($tosUrl)) {
+      $tosUrl = '/pages/' . Configure::read('Config.language') . '/tos';
+    };
 
-		echo $this->Form->input('tos_confirm', [
-			'type' => 'checkbox',
-			'div' => ['class' => 'input password required'],
-			'label' => __('register_tos_label',
-				$this->Html->link(__('register_tos_linktext'),
-					$tosUrl, ['target' => '_blank']))
-		]);
-		echo $this->Js->get('#UserTosConfirm')->event('click',
-			<<<EOF
+    echo $this->Form->input('tos_confirm', [
+      'type' => 'checkbox',
+      'div' => ['class' => 'input password required'],
+      'label' => __('register_tos_label',
+        $this->Html->link(__('register_tos_linktext'),
+          $tosUrl, ['target' => '_blank'])),
+      'tabindex' => 11
+    ]);
+    echo $this->Js->get('#UserTosConfirm')->event('click',
+      <<<EOF
 	if (this.checked) {
 	$('#btn-register-submit').removeAttr("disabled");
 } else {
@@ -37,12 +39,13 @@
 }
 return true;
 EOF
-		);
-	}
+    );
+  }
 
-	echo $this->Form->submit(__('register_linkname'), [
-		'id' => 'btn-register-submit',
-		'class' => 'btn btn-submit',
-		'disabled' => $tosRequired ? 'disabled' : '',
-	]);
-	echo $this->Form->end();
+  echo $this->Form->submit(__('register_linkname'), [
+    'id' => 'btn-register-submit',
+    'class' => 'btn btn-submit',
+    'disabled' => $tosRequired ? 'disabled' : '',
+    'tabindex' => 12
+  ]);
+  echo $this->Form->end();