diff --git a/ctp_blogr.sqlite b/ctp_blogr.sqlite
index 8df54e8..f35ca23 100644
Binary files a/ctp_blogr.sqlite and b/ctp_blogr.sqlite differ
diff --git a/ctp_blogr/__init__.py b/ctp_blogr/__init__.py
index 680d01c..20ebb3a 100644
--- a/ctp_blogr/__init__.py
+++ b/ctp_blogr/__init__.py
@@ -10,7 +10,7 @@ def main(global_config, **settings):
     """ This function returns a Pyramid WSGI application.
     """
     # session factory
-    my_session_factory = SignedCookieSessionFactory('mGcAJn2HmNH6Hc')
+    my_session_factory = SignedCookieSessionFactory('hZug2zPt7hT2MZ')
 
     authentication_policy = AuthTktAuthenticationPolicy('J2wv322aL5DTn2', 
                             callback=groupfinder, hashalg='sha512', timeout=36000)
diff --git a/ctp_blogr/forms.py b/ctp_blogr/forms.py
index aefbc00..03d0480 100644
--- a/ctp_blogr/forms.py
+++ b/ctp_blogr/forms.py
@@ -1,6 +1,6 @@
 from wtforms import Form, StringField, TextAreaField, SelectField, DecimalField
 from wtforms import IntegerField, PasswordField
-from wtforms.validators import InputRequired, Length
+from wtforms.validators import InputRequired, Length, EqualTo
 from wtforms.widgets import HiddenInput
 
 strip_filter = lambda x: x.strip() if x else None
@@ -26,8 +26,11 @@ class TagForm(Form):
 
 
 class UserCreateForm(Form):
-    username = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)], filters=[strip_filter])
-    password = PasswordField('Mot de passe', validators=[InputRequired(), Length(min=6)])
+    id = IntegerField(widget=HiddenInput())
+    name = StringField('Nom', validators=[InputRequired(), Length(min=1, max=255)],
+                           filters=[strip_filter])
+    password = PasswordField('Mot de passe')
+    confirm = PasswordField('Confirmer', validators=[EqualTo('password', message='Les 2 Passwords doivent être identiques')])
 
 class HistoForm(Form):
     no_id = IntegerField(widget=HiddenInput())
diff --git a/ctp_blogr/routes.py b/ctp_blogr/routes.py
index 1a665f3..5ffef17 100644
--- a/ctp_blogr/routes.py
+++ b/ctp_blogr/routes.py
@@ -11,8 +11,7 @@ def includeme(config):
     config.add_route('tags', '/tags')
     config.add_route('tag_edit', '/tag_edit/{id}')
     config.add_route('users', '/users')
-    config.add_route('user_add', '/user_add/{name}')
-    config.add_route('user_pwd', '/user_pwd/{name}')
+    config.add_route('user_edit', '/user_edit/{name}')
     # portfolio
     config.add_route('actif_edit', '/actif_edit/{no_id}')
     config.add_route('actif2_edit', '/actif2_edit/{no_id}')
diff --git a/ctp_blogr/templates/layout.jinja2 b/ctp_blogr/templates/layout.jinja2
index 45e2f4c..2a26e13 100644
--- a/ctp_blogr/templates/layout.jinja2
+++ b/ctp_blogr/templates/layout.jinja2
@@ -42,6 +42,10 @@
             <ul class="dropdown-menu">
               {% if request.authenticated_userid == 'admin' %}
                 <li><a href="{{request.route_url('users')}}"><span class="glyphicon glyphicon-user"></span>&nbsp;&nbsp;Utilisateurs</a></li>
+              {% else %}
+                <li><a href="{{request.route_url('user_edit', name=request.authenticated_userid)}}">
+                  <span class="glyphicon glyphicon-user"></span>&nbsp;&nbsp;Modifier le mot de passe</a>
+                </li>
               {% endif %}
               <li><a href="{{ request.route_url('portfolio') }}"><span class="glyphicon glyphicon-briefcase"></span>&nbsp;&nbsp;Portfolio</a></li>
               <li><a href="{{ request.route_url('tags') }}"><span class="glyphicon glyphicon-tag"></span>&nbsp;&nbsp;Tags</a></li>
diff --git a/ctp_blogr/templates/user_add.jinja2 b/ctp_blogr/templates/user_add.jinja2
deleted file mode 100644
index 444cacb..0000000
--- a/ctp_blogr/templates/user_add.jinja2
+++ /dev/null
@@ -1,34 +0,0 @@
-{% extends "layout.jinja2" %}
-
-{% block content %}
-
-    <form action="{{request.route_url('user_add', name=name)}}" method="post" class="form">
-
-        {% for error in form.username.errors %}
-            <div class="error">{{ error }}</div>
-        {% endfor %}
-
-        <div class="form-group">
-            <label class="required-field" for="username">{{form.username.label}}</label>
-            {{form.username(class_='form-control')}}
-        </div>
-
-        {% for error in form.password.errors %}
-            <div class="error">{{error}}</div>
-        {% endfor %}
-
-        <div class="form-group">
-            <label class="required-field" for="password">{{form.password.label}}</label>
-            {{form.password(class_='form-control')}}
-        </div>
-
-        <div class="form-group">					
-            <a class="btn btn-default" href="{{ request.route_url('users') }}"><span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
-            <button class="btn btn-primary" type="submit" name="form.submitted">
-                <span class="glyphicon glyphicon-ok"></span> Enregistrer</button>
-        </div>
-
-
-    </form>
-
-{% endblock %}
diff --git a/ctp_blogr/templates/user_edit.jinja2 b/ctp_blogr/templates/user_edit.jinja2
new file mode 100644
index 0000000..929cc95
--- /dev/null
+++ b/ctp_blogr/templates/user_edit.jinja2
@@ -0,0 +1,55 @@
+{% extends "layout.jinja2" %}
+
+{% block content %}
+
+    {% if message %}
+        <div class="alert alert-danger">
+            {{ message }}
+        </div>
+    {% endif %}
+
+    <form action="{{ url }}" method="post" class="form">
+
+        {% for error in form.name.errors %}
+            <div class="label label-warning">{{ error }}</div>
+        {% endfor %}
+
+        <div class="form-group">
+            <label class="required-field" for="name">{{form.name.label}}</label>
+            {% if form.id.data  %}
+                <input class="form-control" name="name" readonly type="text" value="{{form.name.data}}">
+            {% else %}
+                {{form.name(class_='form-control')}}
+            {% endif %}
+        </div>
+
+        <div class="form-group">
+            <label class="required-field" for="password">{{form.password.label}}</label>
+            {{form.password(class_='form-control')}}
+        </div>
+
+        {% for error in form.confirm.errors %}
+            <div class="label label-danger">{{error}}</div>
+        {% endfor %}
+
+        <div class="form-group">
+            <label class="required-field" for="confirm">{{form.confirm.label}}</label>
+            {{form.confirm(class_='form-control')}}
+        </div>
+
+        <br>
+        <div class="form-group">					
+            <a class="btn btn-default" href="{{ url_retour }}"><span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
+            <button class="btn btn-primary" type="submit" name="form.submitted">
+                <span class="glyphicon glyphicon-ok"></span> Enregistrer</button>
+            {% if form.id.data and request.authenticated_userid == 'admin' %}
+                <button class="btn btn-warning" type="submit" name="form.deleted">
+                    <span class="glyphicon glyphicon-remove"></span> Supprimer</button>
+            {% endif %}
+            
+        </div>
+
+
+    </form>
+
+{% endblock %}
diff --git a/ctp_blogr/templates/user_pwd.jinja2 b/ctp_blogr/templates/user_pwd.jinja2
deleted file mode 100644
index fa90e7c..0000000
--- a/ctp_blogr/templates/user_pwd.jinja2
+++ /dev/null
@@ -1,30 +0,0 @@
-{% extends "layout.jinja2" %}
-
-{% block content %}
-
-    <form action="{{ request.route_url('user_pwd', name=entry.name) }}" method="post" class="form">
-
-        <div class="form-group">
-            <label for="password">Nouveau mot de passe</label></label>
-            <input type="password" name="new_password" class="form-control" placeholder="Optionel">
-        </div>
-
-        <div class="form-group">
-            <div class="form-control-static text-success">
-                <strong>Dernière connexion</strong> : 
-                {{ entry.last_logged.strftime("%d-%m-%Y - %H:%M") }}</div>
-        </div>
-
-        <div class="form-group">					
-            <a class="btn btn-default" href="{{ request.route_url('users') }}"><span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
-            <button class="btn btn-primary" type="submit" name="form.submitted">
-                <span class="glyphicon glyphicon-ok"></span> Enregistrer</button>
-            {% if name != 'new' %}
-            <button class="btn btn-warning" type="submit" name="form.deleted">
-                <span class="glyphicon glyphicon-remove"></span> Supprimer</button>
-            {% endif %}
-        </div>
-
-    </form>
-
-{% endblock %}
diff --git a/ctp_blogr/templates/users.jinja2 b/ctp_blogr/templates/users.jinja2
index 22ef3f5..46d697c 100644
--- a/ctp_blogr/templates/users.jinja2
+++ b/ctp_blogr/templates/users.jinja2
@@ -4,7 +4,7 @@
     <p>
         <a href="{{ request.route_url('home' ) }}" class="btn btn-default" role="button">
             <span class="glyphicon glyphicon-chevron-left"></span> Retour</a>
-        <a href="{{ request.route_url('user_add', name='new') }}" class="btn btn-success" role="button">
+        <a href="{{ request.route_url('user_edit', name='0') }}" class="btn btn-success" role="button">
             <span class="glyphicon glyphicon-plus"></span> Nouvel utilisateur</a>
     </p>
 
@@ -20,7 +20,7 @@
             <tr>
                 <td>{{ entry.id }}</td>
                 <td>
-                    <a href="{{ request.route_url('user_pwd', name=entry.name) }}">
+                    <a href="{{ request.route_url('user_edit', name=entry.name) }}">
                         {{ entry.name }}
                     </a>
                     </td>
diff --git a/ctp_blogr/views/default.py b/ctp_blogr/views/default.py
index df7afb8..8fd2551 100644
--- a/ctp_blogr/views/default.py
+++ b/ctp_blogr/views/default.py
@@ -82,51 +82,70 @@ def users(request):
         'users': users
         }
 
-
-@view_config(route_name='user_add', renderer='../templates/user_add.jinja2', permission='manage')
-def user_add(request):
+@view_config(route_name='user_edit', renderer='ctp_blogr:templates/user_edit.jinja2', permission='view')
+def user_edit(request):
+    message = ''
     name = request.matchdict['name']
+    url = request.route_url('user_edit', name=name)
+    if request.authenticated_userid == 'admin':
+        url_retour = request.route_url('users')
+    else:
+        url_retour = request.route_url('home')
+
+    if name == '0':
+        # nouvel utilisateur
+        user = User()
+        form = UserCreateForm(request.POST, user)
+        page_title = "Nouvel utilisateur"
+    else:
+        # lire la fiche du user 
+        user = UserService.by_name(request, name)
+        if not user:
+            request.session.flash("Utilisateur non trouvé : %s" % name, 'danger')
+            return HTTPFound(location=url_retour)
+
+        form = UserCreateForm(request.POST, user)
+        page_title = "Modification utilisateur"
+
 
-    # nouveau
-    form = UserCreateForm(request.POST)
- 
     if 'form.submitted' in request.params and form.validate():
-        # créer nouveau
-        new_user = User(name=form.username.data)
-        new_user.set_password(form.password.data.encode('utf8'))
-        request.dbsession.add(new_user)
-        return HTTPFound(location=request.route_url('users'))
+        # controle que le password a moins 6 car
+        if len(form.password.data) < 6 :
+            message = "Le mot de passe doit avoir au moins 6 caractères"
+        else:
+            if name == '0':
+                # création user                
+                # controler que le nouvel user n'existe pas dans la BD 
+                new_user = UserService.by_name(request, form.name.data)
+                if new_user:
+                    message = "Utilisateur déjà créé : %s" % form.name.data
+                else:
+                    form.populate_obj(user)
+                    user.set_password(form.password.data.encode('utf8'))
+                    # créer le nouveau
+                    request.dbsession.add(user)
+                    request.session.flash("La fiche a été créée avec succès.", 'success')
+                    return HTTPFound(location=url_retour)
+
+            else:
+                # modification user
+                del form.name  # SECURITY: prevent overwriting of primary key
+                form.populate_obj(user)
+                user.set_password(form.password.data.encode('utf8'))
+                request.session.flash("La fiche a été modifiée avec succès.", 'success')
+                return HTTPFound(location=url_retour)
     
+    if 'form.deleted' in request.params:
+        UserService.delete(request, user.id)
+        request.session.flash("La fiche a été supprimée avec succès.", 'success')
+        return HTTPFound(location=url_retour)
+
     return {
-        'page_title': 'Nouvel utilsateur',
+        'page_title': page_title,
+        'message': message,
         'form': form, 
+        'url': url,
+        'url_retour': url_retour,
         'name': name,
         }
 
-
-@view_config(route_name='user_pwd', renderer='../templates/user_pwd.jinja2', permission='manage')
-def user_pwd(request):
-    # reset password or delete user
-    name = request.matchdict['name']
-
-    # lire la fiche du membre 
-    entry = UserService.by_name(request, name)
-    if not entry:
-        request.session.flash(u"Utilisateur non trouvé : %s" % name, 'warning')
-        return HTTPFound(location=request.route_url('users'))
-
-    if 'form.submitted' in request.params:
-        mdp = request.params["new_password"]
-        entry.set_password(mdp.encode('utf8'))
-        return HTTPFound(location=request.route_url('users'))
-
-    if 'form.deleted' in request.params:
-        UserService.delete(request, entry.id)
-        request.session.flash("La fiche a été supprimée avec succès.", 'success')
-        return HTTPFound(location=request.route_url('users'))
-
-    
-    return {
-        'page_title': "Utilisateur : %s" %(entry.name),
-        'entry': entry,
-    }