diff --git a/app/Controllers/SkinlibController.php b/app/Controllers/SkinlibController.php
index 8962df89..6a6e80fb 100644
--- a/app/Controllers/SkinlibController.php
+++ b/app/Controllers/SkinlibController.php
@@ -96,7 +96,7 @@ class SkinlibController extends BaseController
     {
         if (!isset($_GET['tid'])) Http::abort(404, 'No specified tid.');
         $texture = Texture::find($_GET['tid']);
-
+/*
         if (!$texture || $texture && !\Storage::exist(BASE_DIR."/textures/".$texture->hash)) {
             if (Option::get('auto_del_invalid_texture') == "1") {
                 if ($texture) $texture->delete();
@@ -104,7 +104,7 @@ class SkinlibController extends BaseController
             }
             Http::abort(404, '请求的材质文件已经被删除，请联系管理员删除该条目');
         }
-
+*/
         if ($texture->public == "0") {
             if (is_null($this->user) || ($this->user->uid != $texture->uploader && !$this->user->is_admin))
                 Http::abort(404, '请求的材质已经设为隐私，仅上传者和管理员可查看');
diff --git a/app/Middlewares/CheckLoggedInMiddleware.php b/app/Middlewares/CheckLoggedInMiddleware.php
index 071ea251..56f6ce3a 100644
--- a/app/Middlewares/CheckLoggedInMiddleware.php
+++ b/app/Middlewares/CheckLoggedInMiddleware.php
@@ -5,7 +5,10 @@ namespace App\Middlewares;
 use Pecee\Http\Middleware\IMiddleware;
 use Pecee\Http\Request;
 use App\Models\User;
+use App\Models\UserModel;
 use App\Exceptions\E;
+use View;
+use Http;
 
 class CheckLoggedInMiddleware implements IMiddleware
 {
@@ -20,20 +23,42 @@ class CheckLoggedInMiddleware implements IMiddleware
             $user = new User($_SESSION['uid']);
 
             if ($_SESSION['token'] != $user->getToken())
-                \Http::redirect('../auth/login', '无效的 token，请重新登录~');
+                Http::redirect('../auth/login', '无效的 token，请重新登录~');
 
             if ($user->getPermission() == "-1") {
                 // delete cookies
-                setcookie("uid", "", time() - 3600, '/');
-                setcookie("token", "", time() - 3600, '/');
+                setcookie('uid',   '', time() - 3600, '/');
+                setcookie('token', '', time() - 3600, '/');
                 session_destroy();
 
                 throw new E('你已经被本站封禁啦，请联系管理员解决', 5, true);
             }
 
+            // ask for filling email
+            if ($user->email == "") {
+                if (isset($_POST['email'])) {
+                    if (\Validate::email($_POST['email'])) {
+                        if (UserModel::where('email', $_POST['email'])->get()->isEmpty()) {
+                            $user->setEmail($_POST['email']);
+                            // refresh token
+                            $_SESSION['token'] = $user->getToken(true);
+                            setcookie('token', $_SESSION['token'], time() + 3600, '/');
+                            return $user;
+                        } else {
+                            echo View::make('auth.bind')->with('msg', '该邮箱已被占用');
+                        }
+                    } else {
+                        echo View::make('auth.bind')->with('msg', '邮箱格式错误');
+                    }
+                    exit;
+                }
+                View::show('auth.bind');
+                exit;
+            }
+
             return $user;
         } else {
-            \Http::redirect('../auth/login', '非法访问，请先登录');
+            Http::redirect('../auth/login', '非法访问，请先登录');
         }
     }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index 5765fddb..04f01071 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -130,9 +130,9 @@ class User
         return $this->model->save();
     }
 
-    public function getToken()
+    public function getToken($refresh = false)
     {
-        if ($this->token === "")
+        if ($this->token === "" || $refresh)
             $this->token = md5($this->model->email . $this->model->password . $_ENV['SALT']);
         return $this->token;
     }
diff --git a/app/Services/Migration.php b/app/Services/Migration.php
index 3d9f75b6..e35334d4 100644
--- a/app/Services/Migration.php
+++ b/app/Services/Migration.php
@@ -14,9 +14,15 @@ class Migration
         require BASE_DIR."/setup/tables.php";
     }
 
-    public static function importV2Textures()
+    public static function __callStatic($method, $args)
     {
-        return require BASE_DIR."/setup/migrations/import_v2_textures.php";
+        if (strpos($method, 'import') !== false) {
+            $filename = BASE_DIR."/setup/migrations/".snake_case($method).".php";
+            if (Storage::exist($filename)) {
+                return require $filename;
+            }
+        }
+        throw new \InvalidArgumentException('Non-existent migration');
     }
 
 }
diff --git a/resources/views/auth/bind.tpl b/resources/views/auth/bind.tpl
new file mode 100644
index 00000000..65831c12
--- /dev/null
+++ b/resources/views/auth/bind.tpl
@@ -0,0 +1,40 @@
+@extends('auth.master')
+
+@section('title', '绑定邮箱')
+
+@section('content')
+
+<div class="login-box">
+    <div class="login-logo">
+        <a href="../">{{ Option::get('site_name') }}</a>
+    </div>
+    <!-- /.login-logo -->
+    <div class="login-box-body">
+        <p class="login-box-msg">欢迎！您需要填写邮箱以继续使用本站。</p>
+
+        <form  method="post" id="login-form">
+            <div class="form-group has-feedback">
+                <input name="email" type="email" class="form-control" placeholder="Email">
+                <span class="glyphicon glyphicon-envelope form-control-feedback"></span>
+            </div>
+
+            <p>邮箱仅用于重置密码，我们将不会向您发送任何垃圾邮件。</p>
+
+            @if (isset($msg))
+            <div id="msg" class="alert alert-warning">{{ $msg }}</div>
+            @endif
+
+            <div class="row">
+                <div class="col-xs-8"></div>
+                <div class="col-xs-4">
+                    <button type="submit" class="btn btn-primary btn-block btn-flat">绑定</button>
+                </div><!-- /.col -->
+            </div>
+        </form>
+
+    </div>
+    <!-- /.login-box-body -->
+</div>
+<!-- /.login-box -->
+
+@endsection
diff --git a/resources/views/setup/migrations/import-v2-textures.tpl b/resources/views/setup/migrations/import-v2-textures.tpl
index 2afd988d..48de5db2 100644
--- a/resources/views/setup/migrations/import-v2-textures.tpl
+++ b/resources/views/setup/migrations/import-v2-textures.tpl
@@ -45,6 +45,15 @@
                 </p>
             </td>
         </tr>
+
+        <tr>
+            <th scope="row">私密材质</th>
+            <td>
+                <label for="import_as_private">
+                    <input name="import_as_private" type="checkbox" id="import_as_private" size="25" /> 导入为私密材质
+                </label>
+            </td>
+        </tr>
     </table>
 
     @if (isset($_SESSION['msg']))
@@ -63,7 +72,7 @@
 @if ($step == '2')
 
 <?php
-    if (Validate::checkPost(['v2_table_name', 'uploader_uid', 'texture_name_pattern'])) {
+    if (Validate::checkPost(['v2_table_name', 'uploader_uid', 'texture_name_pattern'], true)) {
         if ($_POST['v2_table_name'] == "") {
             Http::redirect('index.php?action=import-v2-textures&step=1', 'v2 users 表名不能为空');
         } else {
diff --git a/resources/views/setup/migrations/import-v2-users.tpl b/resources/views/setup/migrations/import-v2-users.tpl
new file mode 100644
index 00000000..0ef1252e
--- /dev/null
+++ b/resources/views/setup/migrations/import-v2-users.tpl
@@ -0,0 +1,72 @@
+@extends('setup.migrations.master')
+
+@section('content')
+
+<?php $step = isset($_GET['step']) ? $_GET['step'] : '1'; ?>
+
+{{-- Step 1: --}}
+
+@if ($step == '1')
+<h1>导入用户数据</h1>
+
+<p>本功能用于导入 v2 的用户账户数据至 v3，请先将 v2 的 users 表改名导入到当前 v3 的同一数据库中</p>
+<p><b>注意：</b> v3 当前设置的密码加密方式必须和之前 v2 的一致，否则导入后的用户将无法登录。</p>
+
+<hr />
+
+<form id="setup" method="post" action="index.php?action=import-v2-users&step=2" novalidate="novalidate">
+    <table class="form-table">
+        <tr>
+            <th scope="row"><label for="v2_table_name">v2 的用户表名</label></th>
+            <td>
+                <input name="v2_table_name" type="v2_table_name" id="v2_table_name" size="25" value="" />
+                <p>就是你改名过的 v2 的 users 表现在的名字</p>
+            </td>
+        </tr>
+    </table>
+
+    @if (isset($_SESSION['msg']))
+    <div class="alert alert-warning" role="alert">{{ htmlspecialchars($_SESSION['msg']) }}</div>
+    <?php unset($_SESSION['msg']); ?>
+    @endif
+
+    <p class="step">
+        <input type="submit" name="submit" id="submit" class="button button-large" value="开始迁移"  />
+    </p>
+</form>
+@endif
+
+{{-- Step 2: --}}
+
+@if ($step == '2')
+
+<?php
+    if (Validate::checkPost(['v2_table_name'], true)) {
+        if ($_POST['v2_table_name'] == "") {
+            Http::redirect('index.php?action=import-v2-users&step=1', 'v2 users 表名不能为空');
+        } else {
+            if (Utils::convertString($_POST['v2_table_name']) != $_POST['v2_table_name'])
+                Http::redirect('index.php?action=import-v2-users&step=1', "表名 {$_POST['v2_table_name']} 中含有无效字符");
+
+            if (!Database::hasTable($_POST['v2_table_name'])) {
+                Http::redirect('index.php?action=import-v2-users&step=1', "数据表 {$_POST['v2_table_name']} 不存在");
+            }
+        }
+    } else {
+        Http::redirect('index.php?action=import-v2-users&step=1', '表单信息不完整');
+    }
+?>
+
+<h1>导入成功</h1>
+
+<?php $result = Migration::importV2Users(); ?>
+
+<p>已导入 {{ $result['imported'] }} 个用户，{{ $result['duplicated'] }} 个用户因重复而未导入。</p>
+
+<p class="step">
+<a href="../../" class="button button-large">导入完成</a>
+</p>
+
+@endif
+
+@endsection
diff --git a/resources/views/setup/migrations/index.tpl b/resources/views/setup/migrations/index.tpl
index e1d815b3..c2d6de99 100644
--- a/resources/views/setup/migrations/index.tpl
+++ b/resources/views/setup/migrations/index.tpl
@@ -4,8 +4,7 @@
 <h1>欢迎</h1>
 
 <p>欢迎使用 Blessing Skin Server 数据迁移工具，此工具用于迁移 v2 的数据至 v3。</p>
-<p>目前仅支持从 v2 导入用户皮肤至 v3 的皮肤库中。</p>
-<p>更多功能等我有时间再些吧（学业为重</p>
+<p>目前支持导入 v2 的用户数据以及导入用户皮肤至 v3 的皮肤库中。</p>
 
 <hr />
 
@@ -13,6 +12,6 @@
 
 <p class="step">
     <a href="index.php?action=import-v2-textures" class="button button-large">导入 v2 皮肤库</a>
-    <a class="button button-large" disabled="disabled">导入 v2 用户数据</a>
+    <a href="index.php?action=import-v2-users" class="button button-large">导入 v2 用户数据</a>
 </p>
 @endsection
diff --git a/setup/index.php b/setup/index.php
index f9806dad..bbbaf880 100644
--- a/setup/index.php
+++ b/setup/index.php
@@ -85,7 +85,7 @@ switch ($step) {
         }
 
         // register super admin
-        $user = new App\Models\User(0, ['email' => $_POST['email']]);
+        $user = new App\Models\User(null, ['email' => $_POST['email']]);
         $user->register($_POST['password'], Http::getRealIP());
         $user->setPermission('2');
 
diff --git a/setup/migrations/import_v2_textures.php b/setup/migrations/import_v2_textures.php
index 0682517b..5cdf1853 100644
--- a/setup/migrations/import_v2_textures.php
+++ b/setup/migrations/import_v2_textures.php
@@ -3,12 +3,14 @@
  * @Author: printempw
  * @Date:   2016-08-09 21:44:13
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-08-14 08:00:49
+ * @Last Modified time: 2016-08-19 22:48:54
  *
  * There are still some coupling relationships here but,
  * Just let it go :)
  */
 
+if (!defined('BASE_DIR')) exit('Permission denied.');
+
 $v2_table_name = $_POST['v2_table_name'];
 $v3_table_name = Config::getDbConfig()['prefix']."textures";
 
@@ -20,6 +22,8 @@ $db = Database::table($v2_table_name, true);
 
 $steps = ceil($db->getRecordNum() / 250);
 
+$public = isset($_POST['import_as_private']) ? '1' : '0';
+
 // chunked
 for ($i = 0; $i <= $steps; $i++) {
     $start = $i * 250;
@@ -42,14 +46,14 @@ for ($i = 0; $i <= $steps; $i++) {
                     'hash'      => $row['hash_steve'],
                     'size'      => 0,
                     'uploader'  => $_POST['uploader_uid'],
-                    'public'    => '1',
+                    'public'    => $public,
                     'upload_at' => Utils::getTimeFormatted()
                 ], $v3_table_name);
 
-                $imported += 1;
+                $imported++;
                 // echo $row['hash_steve']." saved. <br />";
             } else {
-                $duplicated += 1;
+                $duplicated++;
                 // echo $row['hash_steve']." duplicated. <br />";
             }
         }
@@ -65,14 +69,14 @@ for ($i = 0; $i <= $steps; $i++) {
                     'hash'      => $row['hash_alex'],
                     'size'      => 0,
                     'uploader'  => $_POST['uploader_uid'],
-                    'public'    => '1',
+                    'public'    => $public,
                     'upload_at' => Utils::getTimeFormatted()
                 ], $v3_table_name);
 
-                $imported += 1;
+                $imported++;
                 // echo $row['hash_alex']." saved. <br />";
             } else {
-                $duplicated += 1;
+                $duplicated++;
                 // echo $row['hash_alex']." duplicated. <br />";
             }
         }
@@ -88,14 +92,14 @@ for ($i = 0; $i <= $steps; $i++) {
                     'hash'      => $row['hash_cape'],
                     'size'      => 0,
                     'uploader'  => $_POST['uploader_uid'],
-                    'public'    => '1',
+                    'public'    => $public,
                     'upload_at' => Utils::getTimeFormatted()
                 ], $v3_table_name);
 
-                $imported += 1;
+                $imported++;
                 // echo $row['hash_cape']." saved. <br />";
             } else {
-                $duplicated += 1;
+                $duplicated++;
                 // echo $row['hash_cape']." duplicated. <br />";
             }
         }
diff --git a/setup/migrations/import_v2_users.php b/setup/migrations/import_v2_users.php
new file mode 100644
index 00000000..371e2ece
--- /dev/null
+++ b/setup/migrations/import_v2_users.php
@@ -0,0 +1,77 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-08-18 17:46:19
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-08-19 22:00:02
+ */
+
+if (!defined('BASE_DIR')) exit('Permission denied.');
+
+$v2_table_name = $_POST['v2_table_name'];
+$prefix        = Config::getDbConfig()['prefix'];
+$v3_users      = $prefix."users";
+$v3_players    = $prefix."players";
+$v3_closets    = $prefix."closets";
+
+$imported   = 0;
+$duplicated = 0;
+
+// use db helper instead of fat ORM
+$db = Database::table($v2_table_name, true);
+
+$steps = ceil($db->getRecordNum() / 250);
+
+$score = Option::get('user_initial_score');
+
+// chunked
+for ($i = 0; $i <= $steps; $i++) {
+    $start = $i * 250;
+
+    $sql = "SELECT * FROM `$v2_table_name` ORDER BY `uid` LIMIT $start, 250";
+    $result = $db->query($sql);
+
+    while ($row = $result->fetch_array()) {
+        if (!$db->has('player_name', $row['username'], $v3_players)) {
+            // generate random nickname
+            $nickname = $row['username']."_".time();
+
+            $db->insert([
+                'email'        => '',
+                'nickname'     => $nickname,
+                'score'        => $score,
+                'password'     => $row['password'],
+                'avatar'       => '0',
+                'ip'           => $row['ip'],
+                'permission'   => '0',
+                'last_sign_at' => Utils::getTimeFormatted(time() - 86400),
+                'register_at'  => Utils::getTimeFormatted()
+            ], $v3_users);
+
+            $uid = $db->select('nickname', $nickname, null, $v3_users)['uid'];
+
+            $db->insert([
+                'uid' => $uid,
+                'player_name'   => $row['username'],
+                'preference'    => 'steve',
+                'last_modified' => Utils::getTimeFormatted()
+            ], $v3_players);
+
+            $db->insert([
+                'uid'      => $uid,
+                'textures' => ''
+            ], $v3_closets);
+
+            $imported++;
+            // echo $row['username']." saved. <br />";
+        } else {
+            $duplicated++;
+            // echo $row['username']." duplicated. <br />";
+        }
+    }
+}
+
+return [
+    'imported' => $imported,
+    'duplicated' => $duplicated
+];
diff --git a/setup/migrations/index.php b/setup/migrations/index.php
index ab95e50e..20f45c79 100644
--- a/setup/migrations/index.php
+++ b/setup/migrations/index.php
@@ -25,14 +25,14 @@ if (Config::checkDbConfig($db_config)) {
 
 Boot::checkInstallation('../../setup/index.php');
 
-if (isset($_COOKIE['email']) && isset($_COOKIE['token'])) {
-    $_SESSION['email'] = $_COOKIE['email'];
+if (isset($_COOKIE['uid']) && isset($_COOKIE['token'])) {
+    $_SESSION['uid'] = $_COOKIE['uid'];
     $_SESSION['token'] = $_COOKIE['token'];
 }
 
 // check permission
-if (isset($_SESSION['email'])) {
-    $user = new App\Models\User(0, ['email' => $_SESSION['email']]);
+if (isset($_SESSION['uid'])) {
+    $user = new App\Models\User($_SESSION['uid']);
 
     if ($_SESSION['token'] != $user->getToken())
         Http::redirect('../../auth/login', '无效的 token，请重新登录~');
@@ -55,6 +55,10 @@ switch ($action) {
         View::show('setup.migrations.import-v2-textures');
         break;
 
+    case 'import-v2-users':
+        View::show('setup.migrations.import-v2-users');
+        break;
+
     default:
         throw new App\Exceptions\E('非法参数', 1, true);
         break;