diff --git a/README.md b/README.md
index 619f9a9dd..42369868f 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ Gogs(Go Git Service) is a Self Hosted Git Service in the Go Programming Language
 
 ![Demo](http://gowalker.org/public/gogs_demo.gif)
 
-##### Current version: 0.2.3 Alpha
+##### Current version: 0.2.4 Alpha
 
 #### Due to testing purpose, data of [try.gogits.org](http://try.gogits.org) has been reset in April 6, 2014 and will reset multiple times after. Please do NOT put your important data on the site.
 
diff --git a/README_ZH.md b/README_ZH.md
index 35a0b7630..71db29a6e 100644
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -5,7 +5,7 @@ Gogs(Go Git Service) 是一个由 Go 语言编写的自助 Git 托管服务。
 
 ![Demo](http://gowalker.org/public/gogs_demo.gif)
 
-##### 当前版本：0.2.3 Alpha
+##### 当前版本：0.2.4 Alpha
 
 ## 开发目的
 
diff --git a/routers/admin/user.go b/routers/admin/user.go
index 9f043507d..fee692202 100644
--- a/routers/admin/user.go
+++ b/routers/admin/user.go
@@ -16,14 +16,15 @@ import (
 	"github.com/gogits/gogs/modules/middleware"
 )
 
-func NewUser(ctx *middleware.Context, form auth.RegisterForm) {
+func NewUser(ctx *middleware.Context) {
 	ctx.Data["Title"] = "New Account"
 	ctx.Data["PageIsUsers"] = true
+	ctx.HTML(200, "admin/users/new")
+}
 
-	if ctx.Req.Method == "GET" {
-		ctx.HTML(200, "admin/users/new")
-		return
-	}
+func NewUserPost(ctx *middleware.Context, form auth.RegisterForm) {
+	ctx.Data["Title"] = "New Account"
+	ctx.Data["PageIsUsers"] = true
 
 	if form.Password != form.RetypePasswd {
 		ctx.Data["HasError"] = true
@@ -55,7 +56,7 @@ func NewUser(ctx *middleware.Context, form auth.RegisterForm) {
 		case models.ErrUserNameIllegal:
 			ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "admin/users/new", &form)
 		default:
-			ctx.Handle(200, "admin.user.NewUser", err)
+			ctx.Handle(500, "admin.user.NewUser", err)
 		}
 		return
 	}
@@ -66,25 +67,39 @@ func NewUser(ctx *middleware.Context, form auth.RegisterForm) {
 	ctx.Redirect("/admin/users")
 }
 
-func EditUser(ctx *middleware.Context, params martini.Params, form auth.AdminEditUserForm) {
+func EditUser(ctx *middleware.Context, params martini.Params) {
 	ctx.Data["Title"] = "Edit Account"
 	ctx.Data["PageIsUsers"] = true
 
 	uid, err := base.StrTo(params["userid"]).Int()
 	if err != nil {
-		ctx.Handle(200, "admin.user.EditUser", err)
+		ctx.Handle(404, "admin.user.EditUser", err)
 		return
 	}
 
 	u, err := models.GetUserById(int64(uid))
 	if err != nil {
-		ctx.Handle(200, "admin.user.EditUser", err)
+		ctx.Handle(500, "admin.user.EditUser", err)
 		return
 	}
 
-	if ctx.Req.Method == "GET" {
-		ctx.Data["User"] = u
-		ctx.HTML(200, "admin/users/edit")
+	ctx.Data["User"] = u
+	ctx.HTML(200, "admin/users/edit")
+}
+
+func EditUserPost(ctx *middleware.Context, params martini.Params, form auth.AdminEditUserForm) {
+	ctx.Data["Title"] = "Edit Account"
+	ctx.Data["PageIsUsers"] = true
+
+	uid, err := base.StrTo(params["userid"]).Int()
+	if err != nil {
+		ctx.Handle(404, "admin.user.EditUser", err)
+		return
+	}
+
+	u, err := models.GetUserById(int64(uid))
+	if err != nil {
+		ctx.Handle(500, "admin.user.EditUser", err)
 		return
 	}
 
@@ -96,47 +111,44 @@ func EditUser(ctx *middleware.Context, params martini.Params, form auth.AdminEdi
 	u.IsActive = form.Active == "on"
 	u.IsAdmin = form.Admin == "on"
 	if err := models.UpdateUser(u); err != nil {
-		ctx.Handle(200, "admin.user.EditUser", err)
+		ctx.Handle(500, "admin.user.EditUser", err)
 		return
 	}
-
-	ctx.Data["IsSuccess"] = true
-	ctx.Data["User"] = u
-	ctx.HTML(200, "admin/users/edit")
-
 	log.Trace("%s User profile updated by admin(%s): %s", ctx.Req.RequestURI,
 		ctx.User.LowerName, ctx.User.LowerName)
+
+	ctx.Data["User"] = u
+	ctx.Flash.Success("Account profile has been successfully updated.")
+	ctx.Redirect("/admin/users/" + params["userid"])
 }
 
 func DeleteUser(ctx *middleware.Context, params martini.Params) {
-	ctx.Data["Title"] = "Edit Account"
+	ctx.Data["Title"] = "Delete Account"
 	ctx.Data["PageIsUsers"] = true
 
+	log.Info("delete")
 	uid, err := base.StrTo(params["userid"]).Int()
 	if err != nil {
-		ctx.Handle(200, "admin.user.EditUser", err)
+		ctx.Handle(404, "admin.user.EditUser", err)
 		return
 	}
 
 	u, err := models.GetUserById(int64(uid))
 	if err != nil {
-		ctx.Handle(200, "admin.user.EditUser", err)
+		ctx.Handle(500, "admin.user.EditUser", err)
 		return
 	}
 
 	if err = models.DeleteUser(u); err != nil {
-		ctx.Data["HasError"] = true
 		switch err {
 		case models.ErrUserOwnRepos:
-			ctx.Data["ErrorMsg"] = "This account still has ownership of repository, owner has to delete or transfer them first."
-			ctx.Data["User"] = u
-			ctx.HTML(200, "admin/users/edit")
+			ctx.Flash.Error("This account still has ownership of repository, owner has to delete or transfer them first.")
+			ctx.Redirect("/admin/users/" + params["userid"])
 		default:
-			ctx.Handle(200, "admin.user.DeleteUser", err)
+			ctx.Handle(500, "admin.user.DeleteUser", err)
 		}
 		return
 	}
-
 	log.Trace("%s User deleted by admin(%s): %s", ctx.Req.RequestURI,
 		ctx.User.LowerName, ctx.User.LowerName)
 
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index 9688fd4d9..9ab07c0d5 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -82,15 +82,17 @@ func Issues(ctx *middleware.Context) {
 	ctx.HTML(200, "issue/list")
 }
 
-func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.CreateIssueForm) {
+func CreateIssue(ctx *middleware.Context, params martini.Params) {
 	ctx.Data["Title"] = "Create issue"
 	ctx.Data["IsRepoToolbarIssues"] = true
 	ctx.Data["IsRepoToolbarIssuesList"] = false
+	ctx.HTML(200, "issue/create")
+}
 
-	if ctx.Req.Method == "GET" {
-		ctx.HTML(200, "issue/create")
-		return
-	}
+func CreateIssuePost(ctx *middleware.Context, params martini.Params, form auth.CreateIssueForm) {
+	ctx.Data["Title"] = "Create issue"
+	ctx.Data["IsRepoToolbarIssues"] = true
+	ctx.Data["IsRepoToolbarIssuesList"] = false
 
 	if ctx.HasError() {
 		ctx.HTML(200, "issue/create")
@@ -100,7 +102,7 @@ func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 	issue, err := models.CreateIssue(ctx.User.Id, ctx.Repo.Repository.Id, form.MilestoneId, form.AssigneeId,
 		ctx.Repo.Repository.NumIssues, form.IssueName, form.Labels, form.Content, false)
 	if err != nil {
-		ctx.Handle(200, "issue.CreateIssue(CreateIssue)", err)
+		ctx.Handle(500, "issue.CreateIssue(CreateIssue)", err)
 		return
 	}
 
@@ -108,7 +110,7 @@ func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 	if err = models.NotifyWatchers(&models.Action{ActUserId: ctx.User.Id, ActUserName: ctx.User.Name, ActEmail: ctx.User.Email,
 		OpType: models.OP_CREATE_ISSUE, Content: fmt.Sprintf("%d|%s", issue.Index, issue.Name),
 		RepoId: ctx.Repo.Repository.Id, RepoName: ctx.Repo.Repository.Name, RefName: ""}); err != nil {
-		ctx.Handle(200, "issue.CreateIssue(NotifyWatchers)", err)
+		ctx.Handle(500, "issue.CreateIssue(NotifyWatchers)", err)
 		return
 	}
 
@@ -116,7 +118,7 @@ func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 	if base.Service.NotifyMail {
 		tos, err := mailer.SendIssueNotifyMail(ctx.User, ctx.Repo.Owner, ctx.Repo.Repository, issue)
 		if err != nil {
-			ctx.Handle(200, "issue.CreateIssue(SendIssueNotifyMail)", err)
+			ctx.Handle(500, "issue.CreateIssue(SendIssueNotifyMail)", err)
 			return
 		}
 
@@ -132,12 +134,12 @@ func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 		}
 		if err = mailer.SendIssueMentionMail(ctx.User, ctx.Repo.Owner, ctx.Repo.Repository,
 			issue, models.GetUserEmailsByNames(newTos)); err != nil {
-			ctx.Handle(200, "issue.CreateIssue(SendIssueMentionMail)", err)
+			ctx.Handle(500, "issue.CreateIssue(SendIssueMentionMail)", err)
 			return
 		}
 	}
-
 	log.Trace("%d Issue created: %d", ctx.Repo.Repository.Id, issue.Id)
+
 	ctx.Redirect(fmt.Sprintf("/%s/%s/issues/%d", params["username"], params["reponame"], issue.Index))
 }
 
diff --git a/routers/repo/repo.go b/routers/repo/repo.go
index d4d52ba0d..b2897d0f5 100644
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@@ -21,16 +21,19 @@ import (
 	"github.com/gogits/gogs/modules/middleware"
 )
 
-func Create(ctx *middleware.Context, form auth.CreateRepoForm) {
+func Create(ctx *middleware.Context) {
 	ctx.Data["Title"] = "Create repository"
-	ctx.Data["PageIsNewRepo"] = true // For navbar arrow.
+	ctx.Data["PageIsNewRepo"] = true
 	ctx.Data["LanguageIgns"] = models.LanguageIgns
 	ctx.Data["Licenses"] = models.Licenses
+	ctx.HTML(200, "repo/create")
+}
 
-	if ctx.Req.Method == "GET" {
-		ctx.HTML(200, "repo/create")
-		return
-	}
+func CreatePost(ctx *middleware.Context, form auth.CreateRepoForm) {
+	ctx.Data["Title"] = "Create repository"
+	ctx.Data["PageIsNewRepo"] = true
+	ctx.Data["LanguageIgns"] = models.LanguageIgns
+	ctx.Data["Licenses"] = models.Licenses
 
 	if ctx.HasError() {
 		ctx.HTML(200, "repo/create")
@@ -50,17 +53,18 @@ func Create(ctx *middleware.Context, form auth.CreateRepoForm) {
 		ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "repo/create", &form)
 		return
 	}
-	ctx.Handle(200, "repo.Create", err)
+	ctx.Handle(500, "repo.Create", err)
 }
 
-func Mirror(ctx *middleware.Context, form auth.CreateRepoForm) {
+func Mirror(ctx *middleware.Context) {
 	ctx.Data["Title"] = "Mirror repository"
-	ctx.Data["PageIsNewRepo"] = true // For navbar arrow.
+	ctx.Data["PageIsNewRepo"] = true
+	ctx.HTML(200, "repo/mirror")
+}
 
-	if ctx.Req.Method == "GET" {
-		ctx.HTML(200, "repo/mirror")
-		return
-	}
+func MirrorPost(ctx *middleware.Context, form auth.CreateRepoForm) {
+	ctx.Data["Title"] = "Mirror repository"
+	ctx.Data["PageIsNewRepo"] = true
 
 	if ctx.HasError() {
 		ctx.HTML(200, "repo/mirror")
@@ -80,7 +84,7 @@ func Mirror(ctx *middleware.Context, form auth.CreateRepoForm) {
 		ctx.RenderWithErr(models.ErrRepoNameIllegal.Error(), "repo/mirror", &form)
 		return
 	}
-	ctx.Handle(200, "repo.Mirror", err)
+	ctx.Handle(500, "repo.Mirror", err)
 }
 
 func Single(ctx *middleware.Context, params martini.Params) {
diff --git a/routers/user/setting.go b/routers/user/setting.go
index 03da04b9e..7e66ad359 100644
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@@ -69,38 +69,46 @@ func SettingPost(ctx *middleware.Context, form auth.UpdateProfileForm) {
 	ctx.Redirect("/user/setting")
 }
 
-func SettingPassword(ctx *middleware.Context, form auth.UpdatePasswdForm) {
+func SettingPassword(ctx *middleware.Context) {
+	ctx.Data["Title"] = "Password"
+	ctx.Data["PageIsUserSetting"] = true
+	ctx.Data["IsUserPageSettingPasswd"] = true
+	ctx.HTML(200, "user/password")
+}
+
+func SettingPasswordPost(ctx *middleware.Context, form auth.UpdatePasswdForm) {
 	ctx.Data["Title"] = "Password"
 	ctx.Data["PageIsUserSetting"] = true
 	ctx.Data["IsUserPageSettingPasswd"] = true
 
-	if ctx.Req.Method == "GET" {
+	if ctx.HasError() {
 		ctx.HTML(200, "user/password")
 		return
 	}
 
 	user := ctx.User
-	newUser := &models.User{Passwd: form.NewPasswd}
-	newUser.EncodePasswd()
-	if user.Passwd != newUser.Passwd {
-		ctx.Data["HasError"] = true
-		ctx.Data["ErrorMsg"] = "Old password is not correct"
+	tmpUser := &models.User{
+		Passwd: form.OldPasswd,
+		Salt:   user.Salt,
+	}
+	tmpUser.EncodePasswd()
+	if user.Passwd != tmpUser.Passwd {
+		ctx.Flash.Error("Old password is not correct")
 	} else if form.NewPasswd != form.RetypePasswd {
-		ctx.Data["HasError"] = true
-		ctx.Data["ErrorMsg"] = "New password and re-type password are not same"
+		ctx.Flash.Error("New password and re-type password are not same")
 	} else {
-		newUser.Salt = models.GetUserSalt()
-		user.Passwd = newUser.Passwd
+		user.Passwd = form.NewPasswd
+		user.Salt = models.GetUserSalt()
+		user.EncodePasswd()
 		if err := models.UpdateUser(user); err != nil {
 			ctx.Handle(200, "setting.SettingPassword", err)
 			return
 		}
-		ctx.Data["IsSuccess"] = true
+		log.Trace("%s User password updated: %s", ctx.Req.RequestURI, ctx.User.LowerName)
+		ctx.Flash.Success("Password is changed successfully. You can now sign in via new password.")
 	}
 
-	ctx.Data["Owner"] = user
-	ctx.HTML(200, "user/password")
-	log.Trace("%s User password updated: %s", ctx.Req.RequestURI, ctx.User.LowerName)
+	ctx.Redirect("/user/setting/password")
 }
 
 func SettingSSHKeys(ctx *middleware.Context, form auth.AddSSHKeyForm) {
diff --git a/templates/admin/users/edit.tmpl b/templates/admin/users/edit.tmpl
index 5db2c7a95..da9a67cfa 100644
--- a/templates/admin/users/edit.tmpl
+++ b/templates/admin/users/edit.tmpl
@@ -11,8 +11,8 @@
             <div class="panel-body">
             	<br/>
 				<form action="/admin/users/{{.User.Id}}" method="post" class="form-horizontal">
-				    {{if .IsSuccess}}<p class="alert alert-success">Account profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
 				    {{.CsrfTokenHtml}}
+				    {{template "base/alert" .}}
                 	<input type="hidden" value="{{.User.Id}}" name="userId"/>
 					<div class="form-group">
 						<label class="col-md-3 control-label">Username: </label>
diff --git a/templates/admin/users/new.tmpl b/templates/admin/users/new.tmpl
index 7f441f32b..4c851e314 100644
--- a/templates/admin/users/new.tmpl
+++ b/templates/admin/users/new.tmpl
@@ -12,7 +12,7 @@
             	<br/>
 				<form action="/admin/users/new" method="post" class="form-horizontal">
 					{{.CsrfTokenHtml}}
-				    <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
+				    {{template "base/alert" .}}
 					<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
 						<label class="col-md-3 control-label">Username: </label>
 						<div class="col-md-7">
diff --git a/templates/issue/create.tmpl b/templates/issue/create.tmpl
index 5375040b0..a75ee8361 100644
--- a/templates/issue/create.tmpl
+++ b/templates/issue/create.tmpl
@@ -6,6 +6,7 @@
     <div id="issue">
         <form class="form" action="{{.RepoLink}}/issues/new" method="post" id="issue-create-form">
             {{.CsrfTokenHtml}}
+            {{template "base/alert" .}}
             <div class="col-md-1">
                 <img class="avatar" src="{{.SignedUser.AvatarLink}}" alt=""/>
             </div>
diff --git a/templates/repo/create.tmpl b/templates/repo/create.tmpl
index dc509fc1c..97c794561 100644
--- a/templates/repo/create.tmpl
+++ b/templates/repo/create.tmpl
@@ -4,7 +4,7 @@
     <form action="/repo/create" method="post" class="form-horizontal card" id="repo-create">
         {{.CsrfTokenHtml}}
         <h3>Create New Repository</h3>
-        <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
+        {{template "base/alert" .}}
         <div class="form-group">
             <label class="col-md-2 control-label">Owner<strong class="text-danger">*</strong></label>
             <div class="col-md-8">
diff --git a/templates/repo/mirror.tmpl b/templates/repo/mirror.tmpl
index 2ac21dd61..0f10d1f54 100644
--- a/templates/repo/mirror.tmpl
+++ b/templates/repo/mirror.tmpl
@@ -4,7 +4,7 @@
     <form action="/repo/create" method="post" class="form-horizontal card" id="repo-create">
         {{.CsrfTokenHtml}}
         <h3>Create Repository Mirror</h3>
-        <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
+        {{template "base/alert" .}}
         <div class="form-group">
             <label class="col-md-2 control-label">From<strong class="text-danger">*</strong></label>
             <div class="col-md-8">
diff --git a/templates/user/delete.tmpl b/templates/user/delete.tmpl
index 39949ee2b..6493bef38 100644
--- a/templates/user/delete.tmpl
+++ b/templates/user/delete.tmpl
@@ -1,18 +1,7 @@
 {{template "base/head" .}}
 {{template "base/navbar" .}}
 <div id="body" class="container" data-page="user">
-    <div id="user-setting-nav" class="col-md-3">
-        <h4>Account Setting</h4>
-        <ul class="list-group">
-            <li class="list-group-item"><a href="/user/setting">Account Profile</a></li>
-            <li class="list-group-item"><a href="/user/setting/password">Password</a></li>
-            <!-- <li class="list-group-item"><a href="/user/setting/notification">Notifications</a></li> -->
-            <li class="list-group-item"><a href="/user/setting/ssh/">SSH Keys</a></li>
-            <!-- <li class="list-group-item"><a href="/user/setting/security">Security</a></li> -->
-            <li class="list-group-item list-group-item-success"><a href="/user/delete">Delete Account</a></li>
-        </ul>
-    </div>
-
+    {{template "user/setting_nav" .}}
     <div id="user-setting-container" class="col-md-9">
         <h4>Delete Account</h4>
         {{template "base/alert" .}}
diff --git a/templates/user/password.tmpl b/templates/user/password.tmpl
index b2cdc72d9..cba9cce0c 100644
--- a/templates/user/password.tmpl
+++ b/templates/user/password.tmpl
@@ -6,9 +6,8 @@
         <div id="setting-pwd">
             <h4>Password</h4>
             <form class="form-horizontal" id="password-form" method="post" action="/user/setting/password">
-            {{.CsrfTokenHtml}}
-            {{if .IsSuccess}}
-                <p class="alert alert-success">Password is changed successfully. You can now sign in via new password.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
+                {{.CsrfTokenHtml}}
+                {{template "base/alert" .}}
                 <div class="form-group">
                     <label class="col-md-3 control-label">Old Password<strong class="text-danger">*</strong></label>
                     <div class="col-md-7">
@@ -33,7 +32,7 @@
                 <div class="form-group">
                     <div class="col-md-offset-3 col-md-7">
                         <button type="submit" class="btn btn-primary">Change Password</button>&nbsp;&nbsp;
-                        <a href="/forget-password/">Forgot your password?</a>
+                        <a href="/user/forget_password/">Forgot your password?</a>
                     </div>
                 </div>
             </form>
diff --git a/web.go b/web.go
index 8af27038f..b2be73d67 100644
--- a/web.go
+++ b/web.go
@@ -103,8 +103,6 @@ func runWeb(*cli.Context) {
 		r.Get("/login/github", user.SocialSignIn)
 		r.Get("/sign_up", user.SignUp)
 		r.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
-		r.Get("/forget_password", user.ForgotPasswd)
-		r.Post("/forget_password", user.ForgotPasswdPost)
 		r.Get("/reset_password", user.ResetPasswd)
 		r.Post("/reset_password", user.ResetPasswdPost)
 	}, reqSignOut)
@@ -118,18 +116,25 @@ func runWeb(*cli.Context) {
 	m.Group("/user", func(r martini.Router) {
 		r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
 		r.Get("/activate", user.Activate)
+		r.Get("/forget_password", user.ForgotPasswd)
+		r.Post("/forget_password", user.ForgotPasswdPost)
 	})
 	m.Group("/user/setting", func(r martini.Router) {
-		r.Any("/password", bindIgnErr(auth.UpdatePasswdForm{}), user.SettingPassword)
+		r.Get("/password", user.SettingPassword)
+		r.Post("/password", bindIgnErr(auth.UpdatePasswdForm{}), user.SettingPasswordPost)
 		r.Any("/ssh", bindIgnErr(auth.AddSSHKeyForm{}), user.SettingSSHKeys)
-		r.Any("/notification", user.SettingNotification)
-		r.Any("/security", user.SettingSecurity)
+		r.Get("/notification", user.SettingNotification)
+		r.Get("/security", user.SettingSecurity)
 	}, reqSignIn)
 
 	m.Get("/user/:username", ignSignIn, user.Profile)
 
-	m.Any("/repo/create", reqSignIn, bindIgnErr(auth.CreateRepoForm{}), repo.Create)
-	m.Any("/repo/mirror", reqSignIn, bindIgnErr(auth.CreateRepoForm{}), repo.Mirror)
+	m.Group("/repo", func(r martini.Router) {
+		m.Get("/create", repo.Create)
+		m.Post("/create", bindIgnErr(auth.CreateRepoForm{}), repo.CreatePost)
+		m.Get("/mirror", repo.Mirror)
+		m.Post("/mirror", bindIgnErr(auth.CreateRepoForm{}), repo.MirrorPost)
+	}, reqSignIn)
 
 	adminReq := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true, AdminRequire: true})
 
@@ -140,9 +145,11 @@ func runWeb(*cli.Context) {
 		r.Get("/config", admin.Config)
 	}, adminReq)
 	m.Group("/admin/users", func(r martini.Router) {
-		r.Any("/new", bindIgnErr(auth.RegisterForm{}), admin.NewUser)
-		r.Any("/:userid", bindIgnErr(auth.AdminEditUserForm{}), admin.EditUser)
-		r.Any("/:userid/delete", admin.DeleteUser)
+		r.Get("/new", admin.NewUser)
+		r.Post("/new", bindIgnErr(auth.RegisterForm{}), admin.NewUserPost)
+		r.Get("/:userid", admin.EditUser)
+		r.Post("/:userid", bindIgnErr(auth.AdminEditUserForm{}), admin.EditUserPost)
+		r.Get("/:userid/delete", admin.DeleteUser)
 	}, adminReq)
 
 	if martini.Env == martini.Dev {
@@ -153,7 +160,8 @@ func runWeb(*cli.Context) {
 		r.Post("/settings", repo.SettingPost)
 		r.Get("/settings", repo.Setting)
 		r.Get("/action/:action", repo.Action)
-		r.Any("/issues/new", bindIgnErr(auth.CreateIssueForm{}), repo.CreateIssue)
+		r.Get("/issues/new", repo.CreateIssue)
+		r.Post("/issues/new", bindIgnErr(auth.CreateIssueForm{}), repo.CreateIssuePost)
 		r.Post("/issues/:index", bindIgnErr(auth.CreateIssueForm{}), repo.UpdateIssue)
 		r.Post("/comment/:action", repo.Comment)
 	}, reqSignIn, middleware.RepoAssignment(true))
@@ -162,7 +170,7 @@ func runWeb(*cli.Context) {
 		r.Get("/issues", repo.Issues)
 		r.Get("/issues/:index", repo.ViewIssue)
 		r.Get("/releases", repo.Releases)
-		r.Any("/releases/new", repo.ReleasesNew)
+		r.Any("/releases/new", repo.ReleasesNew) // TODO:
 		r.Get("/pulls", repo.Pulls)
 		r.Get("/branches", repo.Branches)
 	}, ignSignIn, middleware.RepoAssignment(true))