diff --git a/README.md b/README.md
index c5eefa2..2da1567 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,8 @@ Hanami's universeller Serien Organizer
 | - | - | - | - | - | - | - |
 | GET | /api/auth/{user} | Test für Authentifizierung | (status code) | {user} = MAL username | X-HUSO-AUTH | |
 | POST | /api/register | Registrieren | RegisterData JSON | | | RegisterData JSON |
-| DELETE | /api/register | User löschen | RegisterData JSON | | | RegisterData JSON |
+| PATCH | /api/register | Registrierung bearbeiten | RegisterData JSON | | X-HUSO-AUTH | RegisterData JSON |
+| DELETE | /api/register | User löschen | RegisterData JSON | | X-HUSO-AUTH | RegisterData JSON |
 
 _RegisterData_
 ```json
diff --git a/huso.go b/huso.go
index 8b003a5..bce5704 100644
--- a/huso.go
+++ b/huso.go
@@ -125,7 +125,11 @@ func main() {
 	} else {
 		mmDb, err = sql.Open("mysql", conns)
 		if err != nil || mmDb == nil {
-			color.Errorln(err.Error())
+			if err != nil {
+				color.Errorln(err.Error())
+			} else {
+				color.Errorln("No MovieManager DB connection")
+			}
 		} else {
 			mmDb.SetConnMaxLifetime(time.Minute * 3)
 			mmDb.SetMaxOpenConns(10)
diff --git a/ober.go b/ober.go
index b24634e..1746ee8 100644
--- a/ober.go
+++ b/ober.go
@@ -34,6 +34,7 @@ func RunWebserv() {
 	r.POST("/api/chat/{id}/{user}", Headers(ChatPost))
 	r.POST("/api/register", Headers(Register))
 	r.POST("/api/watch/{user}", Headers(WatchPost))
+	r.PATCH("/api/register", Headers(RegisterUpdate))
 	r.DELETE("/api/appointment/{user}", Headers(AppointmentDelete))
 	r.DELETE("/api/register", Headers(UnRegister))
 	r.DELETE("/api/watch/{user}", Headers(WatchDelete))
@@ -452,6 +453,65 @@ func Register(ctx *fasthttp.RequestCtx) {
 	ctx.SetStatusCode(fasthttp.StatusOK)
 }
 
+func RegisterUpdate(ctx *fasthttp.RequestCtx) {
+	auth := ctx.Request.Header.Peek("X-HUSO-AUTH")
+	if auth == nil || string(auth) == "" || !strings.Contains(string(ctx.Request.Header.ContentType()), "application/json") {
+		ctx.SetStatusCode(fasthttp.StatusBadRequest)
+		return
+	}
+	body := ctx.PostBody()
+	var regUpdate RegisterData
+	err := json.Unmarshal(body, &regUpdate)
+	if err != nil {
+		ctx.WriteString(err.Error())
+		ctx.SetStatusCode(fasthttp.StatusBadRequest)
+		return
+	}
+	if regUpdate.MalID == 0 || regUpdate.Username == "" || regUpdate.Sauce == "" {
+		ctx.WriteString("Sprich JSON du Hurensohn")
+		ctx.SetStatusCode(fasthttp.StatusBadRequest)
+		return
+	}
+	legit, _ := GheddoAuth(regUpdate.Username, string(auth))
+	if !legit {
+		ctx.SetStatusCode(fasthttp.StatusUnauthorized)
+		return
+	}
+	calcSauce := Sauce(regUpdate.MalID, regUpdate.Username)
+	if calcSauce != strings.ToLower(regUpdate.Sauce) {
+		ctx.WriteString("Möge die Sauce mit dir sein")
+		ctx.SetStatusCode(fasthttp.StatusBadRequest)
+		return
+	}
+	// check user exists
+	user, err := ReadUser(regUpdate.Username)
+	if err != nil {
+		ctx.WriteString("Dich gibts hier nicht wtf")
+		ctx.SetStatusCode(fasthttp.StatusNotFound)
+		return
+	}
+	if regUpdate.MalID != user.MalID {
+		ctx.WriteString("MAL id ändern is nich")
+		ctx.SetStatusCode(fasthttp.StatusBadRequest)
+		return
+	}
+
+	if regUpdate.Secret != "" {
+		user.Secret = regUpdate.Secret
+	}
+	user.DiscordID = regUpdate.DiscordID
+
+	err = SaveUser(user)
+	if err != nil {
+		addErrorToCtx(ctx, err)
+		return
+	}
+
+	ctx.SetBody(body)
+	ctx.SetContentType("application/json; charset=utf-8")
+	ctx.SetStatusCode(fasthttp.StatusOK)
+}
+
 func AppointmentPost(ctx *fasthttp.RequestCtx) {
 	processUpdateAppointmentReq(ctx, true)
 }
@@ -511,7 +571,8 @@ func AppointmentDelete(ctx *fasthttp.RequestCtx) {
 }
 
 func UnRegister(ctx *fasthttp.RequestCtx) {
-	if !strings.Contains(string(ctx.Request.Header.ContentType()), "application/json") {
+	auth := ctx.Request.Header.Peek("X-HUSO-AUTH")
+	if auth == nil || string(auth) == "" || !strings.Contains(string(ctx.Request.Header.ContentType()), "application/json") {
 		ctx.SetStatusCode(fasthttp.StatusBadRequest)
 		return
 	}
@@ -528,6 +589,11 @@ func UnRegister(ctx *fasthttp.RequestCtx) {
 		ctx.SetStatusCode(fasthttp.StatusBadRequest)
 		return
 	}
+	legit, _ := GheddoAuth(register.Username, string(auth))
+	if !legit {
+		ctx.SetStatusCode(fasthttp.StatusUnauthorized)
+		return
+	}
 	calcSauce := Sauce(register.MalID, register.Username)
 	if calcSauce != strings.ToLower(register.Sauce) {
 		ctx.WriteString("Möge die Sauce mit dir sein")
@@ -641,7 +707,9 @@ func processUpdateReq(ctx *fasthttp.RequestCtx, update bool) {
 	var animes []AnimeUser
 	err := json.Unmarshal(body, &animes)
 	if err != nil || len(animes) == 0 {
-		ctx.WriteString(err.Error())
+		if err != nil {
+			ctx.WriteString(err.Error())
+		}
 		ctx.SetStatusCode(fasthttp.StatusBadRequest)
 		return
 	}
@@ -716,7 +784,9 @@ func processUpdateAppointmentReq(ctx *fasthttp.RequestCtx, update bool) {
 	var appoints []Appointment
 	err := json.Unmarshal(body, &appoints)
 	if err != nil || len(appoints) == 0 {
-		ctx.WriteString(err.Error())
+		if err != nil {
+			ctx.WriteString(err.Error())
+		}
 		ctx.SetStatusCode(fasthttp.StatusBadRequest)
 		return
 	}