diff --git a/controllers/adminController.js b/controllers/adminController.js
index 26d36f4..56f312a 100644
--- a/controllers/adminController.js
+++ b/controllers/adminController.js
@@ -532,6 +532,7 @@ exports.validateUser = function(req, res) {
                     .exec(function(err, user) {
                         if (err) return res.send(500, err.message);
                         user.validated = true;
+                        user.validatedBy = admin._id;
 
                         user.save(function(err, user) {
                             if (err) return res.send(500, err.message);
@@ -560,6 +561,7 @@ exports.unvalidateUser = function(req, res) {
                     .exec(function(err, user) {
                         if (err) return res.send(500, err.message);
                         user.validated = false;
+                        user.validatedBy = admin._id;
 
                         user.save(function(err, user) {
                             if (err) return res.send(500, err.message);
diff --git a/controllers/userController.js b/controllers/userController.js
index 051ef15..8cfd313 100644
--- a/controllers/userController.js
+++ b/controllers/userController.js
@@ -169,6 +169,7 @@ exports.getUserById = function(req, res) {
             _id: req.params.userid
         })
         .lean()
+        .populate('validatedBy', 'username')
         .populate('travels', 'title from to date type')
         .exec(function(err, user) {
             if (err) return res.send(500, err.message);
@@ -575,12 +576,32 @@ exports.doUnfav = function(req, res) {
     });
 };
 exports.changePassword = function(req, res) {
-    //if(req.body.)
-    userModel.update({
-            'token': req.headers['x-access-token']
-        }, req.body,
-        function(err) {
-            if (err) return console.log(err);
-            exports.getUserByToken(req, res);
+    console.log(req.body);
+    userModel.findOne({
+            'token': req.headers['x-access-token'],
+            'password': crypto.createHash('sha256').update(req.body.old).digest('base64')
+        })
+        .exec(function(err, user) {
+            if (err) return res.send(500, err.message);
+            if (!user) {
+                res.json({
+                    success: false,
+                    message: 'User not found.'
+                });
+            } else if (user) {
+                if (req.body.new1 != req.body.new2) {
+                    res.json({
+                        success: false,
+                        message: 'New passwords not match'
+                    });
+                }else{
+                    user.password = crypto.createHash('sha256').update(req.body.new1).digest('base64');
+                    user.save(function(err, user) {
+                        if (err) return res.send(500, err.message);
+
+                        exports.getUserByToken(req, res);
+                    });
+                }
+            }
         });
 };
diff --git a/models/userModel.js b/models/userModel.js
index 40b461e..3930c93 100644
--- a/models/userModel.js
+++ b/models/userModel.js
@@ -12,10 +12,14 @@ var userSchema = new Schema({
     avatar:   { type: String, default: "img/avatars/racoon.png" },
     faircoinString:   { type: String, default: "faircoin wallet" },
     faircoin:   { type: String, default: "img/faircoinpublickey_sample.png" },
-    email:   { type: String, required: true },
+    email:   { type: String, required: true, select: false },
     phone: { type: String },
     telegram: { type: String },
     validated: { type: Boolean, default: false },
+    validatedBy: {
+        type: mongoose.Schema.Types.ObjectId,
+        ref: 'adminModel'
+    },
     valorations: [{
         user: {
             type: mongoose.Schema.Types.ObjectId,