diff --git a/.gitignore b/.gitignore
index 98e6ef6..8205fdc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.db
+db.json
diff --git a/db.json b/db.json
deleted file mode 100644
index 6919142..0000000
--- a/db.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "account_num": 6
-}
\ No newline at end of file
diff --git a/db.rb b/players.rb
similarity index 61%
rename from db.rb
rename to players.rb
index 109e1be..395ee9b 100644
--- a/db.rb
+++ b/players.rb
@@ -5,11 +5,11 @@ require "json"
 ALPHANUM = [*"0".."9", *"A".."Z", *"a".."z", "-", "_"].freeze
 
 # DataBase handler module
-module DataBase
+module Players
   db_file = File.expand_path("infinsweeper.db")
   DB = Sequel.connect("sqlite:///#{db_file}", single_threaded: false)
 
-  def self.player_list
+  def self.list
     DB["select * from Players"].all
   end
 
@@ -19,7 +19,9 @@ module DataBase
 
   def self.mk_player(username, email, pass)
     raise ArgumentError, "Email format is wrong!" unless email.match?(/\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/)
-    raise ArgumentError, "Password must be at least 8 characters and valid format." unless
+    raise ArgumentError, "Username must be at least 4 characters long and of valid format." unless
+      username.match?(/\A[a-zA-Z][a-zA-Z0-9_.-]+\z/) && username.length >= 4
+    raise ArgumentError, "Password must be at least 8 characters and of valid format." unless
       pass.match?(/\A[a-zA-Z0-9_.!?@#$%^&*()+=-]+\z/) && pass.length >= 8
 
     digest = XXhash.xxh32(pass, 1234)
@@ -38,9 +40,12 @@ module DataBase
     end
     code = code.reverse.rjust(12, "0")
 
-    DB["insert into Players (email, digest, username, code) values (?, ?, ?, ?)", email, digest, username, code].insert
+    DB[
+      "insert into Players (email, digest, username, activation_code) values (?, ?, ?, ?)",
+      email, digest, username, code
+    ].insert
 
-    send_email(email, username, code)
+    send_email(:new, email, username, code)
     Thread.new do
       sleep 24 * 60 * 60
       rm_player(email) unless verified?(email)
@@ -54,7 +59,31 @@ module DataBase
   end
 
   def self.verify(code)
-    DB["update Players set code = ? where code = ?", "!", code].update != 0
+    DB["update Players set activation_code = ? where code = ?", "!", code].update != 0
+  end
+
+  def self.pass_req(email)
+    path = File.expand_path("db.json")
+    json = File.exist?(path) ? JSON.parse(File.read(path)) : {}
+    json["pass_num"] ||= 0
+    pass_num = json["pass_num"]
+    json["pass_num"] += 1
+    File.write(path, JSON.pretty_generate(json))
+    pass_num = XXhash.xxh64(pass_num, 1234)
+    code = ""
+    while pass_num.positive?
+      code << ALPHANUM[pass_num % 64]
+      pass_num /= 64
+    end
+    code = code.reverse.rjust(12, "0")
+
+    DB["update Players set new_pass_code = ? where email = ?", code, email].update
+
+    send_email(:pass_req, email, code)
+  end
+
+  def self.pass_reset(new_pass, code)
+    DB["update Players set pass = ? where new_pass_code = ?", new_pass, code].update != 0
   end
 
   def self.[](email)
diff --git a/run.fish b/run.fish
index e334d9d..df000f4 100644
--- a/run.fish
+++ b/run.fish
@@ -3,6 +3,9 @@ set oldsum (cat (find . -name '*.rb' | sort) | md5sum)
 if not test -p infinsweeper.db
   sqlite3 infinsweeper.db < schema.sql
 end
+if not test -p db.json
+  echo "{\"account_num\":0,\"pass_num\":0}" > db.json
+end
 pkill ruby
 ruby main.rb -p8080 &
 if not test -p $pipe_path
diff --git a/schema.sql b/schema.sql
index 9fa6a13..0d60a11 100644
--- a/schema.sql
+++ b/schema.sql
@@ -3,5 +3,6 @@ CREATE TABLE Players (
   username TEXT UNIQUE,
   digest BLOB,
   data BLOB,
-  code TEXT
+  activation_code TEXT,
+  new_pass_code TEXT
 );