diff --git a/firefly/forms/user.py b/firefly/forms/user.py
index 533b1c2..f101121 100644
--- a/firefly/forms/user.py
+++ b/firefly/forms/user.py
@@ -1,8 +1,9 @@
 # coding=utf-8
 from __future__ import absolute_import
 from flask_wtf import Form
+from flask_login import current_user
 from wtforms import StringField, PasswordField
-from wtforms.validators import ValidationError, Email, Required
+from wtforms.validators import ValidationError, Email, Required, URL
 
 from firefly.models.user import User
 
@@ -39,3 +40,17 @@ def validate_password(self, field):
             self.user = user
         else:
             raise ValidationError('邮箱或密码错误')
+
+
+class ProfileForm(Form):
+    location = StringField('Location')
+    website = StringField('URL', [URL()])
+    github_id = StringField('Github')
+
+    def save(self):
+        user = current_user
+        if user and not user.is_anonymous():
+            user.location = self.location.data
+            user.website = self.website.data
+            user.github_id = self.github_id.data
+            user.save()
diff --git a/firefly/models/user.py b/firefly/models/user.py
index 6219004..3beb93e 100644
--- a/firefly/models/user.py
+++ b/firefly/models/user.py
@@ -55,9 +55,16 @@ class User(db.Document, UserMixin):
     roles = fields.ListField(
         fields.ReferenceField(Role, reverse_delete_rule=DENY), default=[])
 
+    location = db.StringField(max_length=25)
+    website = db.URLField()
+    github_id = db.StringField(max_length=25)
+
     def __str__(self):
         return self.cn
 
+    def __repr__(self):
+        return '<User id={id} cn={cn}>'.format(cn=self.cn, id=str(self.id))
+
     def url(self):
         return url_for('user.detail', id=str(self.id))
 
diff --git a/firefly/templates/user/settings.html b/firefly/templates/user/settings.html
new file mode 100644
index 0000000..382ab07
--- /dev/null
+++ b/firefly/templates/user/settings.html
@@ -0,0 +1,38 @@
+{% extends "base.html" %}
+
+{% block title %}
+  用户设置
+{% endblock %}
+
+{% block outlet %}
+<div>
+    <form id="settingsform" class="settings-form" role="form" method="post" action="{{url_for('user.settings')}}">
+       <div class="form-group">
+          <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+          <label class="control-label" for="inputLocation">地点</label>
+          <input id="inputLocation" class="form-control" type="text" value="{{ user.location if user.location else ''}}" required="" tabindex="1" name="location"/>
+       </div>
+       <div class="form-group">
+          <label class="control-label" for="inputWebsite">网站</label>
+          <input id="inputWebsite" class="form-control" type="text" value="{{ user.website if user.website else ''}}" required="" tabindex="1" name="website"/>
+        </div>
+        <div class="form-group">
+          <label class="control-label" for="inputGithub">Github</label>
+          @<input id="inputGithub" class="form-control" type="text" value="{{ user.github_id if user.github_id else ''}}" required="" tabindex="1" name="github_id"/>
+        </div>
+        <div class="form-group">
+          <button id="loginBtn" class="login-btn btn-default" tabindex="3" type="submit">
+               修改
+          </button>
+        </div>
+    </form>
+</div>
+{% endblock %}
+
+{% block head_script %}
+<link href="{{url_for('static', filename='stylesheets/base16-light.css')}}" rel="stylesheet"/>
+<link href="{{url_for('static', filename='stylesheets/codemirror.css')}}" rel="stylesheet"/>
+<link href="{{url_for('static', filename='stylesheets/select2.min.css')}}" rel="stylesheet"/>
+<link href="{{url_for('static', filename='stylesheets/effeckt/list-items.css')}}" rel="stylesheet"/>
+<link href="{{url_for('static', filename='stylesheets/index.css')}}" rel="stylesheet" media="all"/>
+{% endblock %}
diff --git a/firefly/views/user.py b/firefly/views/user.py
index 5db321c..442ddc9 100644
--- a/firefly/views/user.py
+++ b/firefly/views/user.py
@@ -1,8 +1,13 @@
 # coding=utf-8
 from __future__ import absolute_import
 
+from flask import url_for, redirect
+
 from flask.views import MethodView
 from flask.blueprints import Blueprint
+from flask.ext.login import login_required, current_user
+from firefly.libs.template import render_template
+from firefly.forms.user import ProfileForm
 
 
 bp = Blueprint('user', __name__, url_prefix='/user')
@@ -12,4 +17,17 @@ class UserView(MethodView):
     def get(self, id):
         return ''
 
+
+class UserSettingsView(MethodView):
+    decorators = [login_required]
+
+    def get(self):
+        return render_template('user/settings.html', user=current_user)
+
+    def post(self):
+        form = ProfileForm()
+        form.save()
+        return redirect(url_for('user.settings'))
+
 bp.add_url_rule('/<id>/', view_func=UserView.as_view('detail'))
+bp.add_url_rule('/settings', view_func=UserSettingsView.as_view('settings'))
diff --git a/requirements.txt b/requirements.txt
index 77b7c32..88239fc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,11 +8,12 @@ Flask-Cache
 Flask-Mail
 Flask-Redis>=0.1.0
 flask-restful
+flask-login<0.3.0
+Flask-Security<=1.7.4
 MarkupSafe
 mistune
 pygments
 arrow
-Flask_Security
 facebook-sdk
 python-twitter
 google-api-python-client
diff --git a/tests/test_user.py b/tests/test_user.py
index 42ac5f1..b20c08a 100644
--- a/tests/test_user.py
+++ b/tests/test_user.py
@@ -35,6 +35,31 @@ def login(self, user_no):
         assert current_user.is_authenticated()
         assert url_for('security.logout') in rv.data
 
+    def test_user_settings(self):
+        LOCATION = 'Beijing'
+        WEBSITE = 'http://firefly.dev'
+        GITHUB_ID = 'firefly'
+
+        self.login(0)
+        url = url_for('user.settings')
+        assert self.users[0].location is None
+        assert self.users[0].website is None
+        assert self.users[0].github_id is None
+
+        form = {
+            'location': LOCATION,
+            'website': WEBSITE,
+            'github_id': GITHUB_ID
+        }
+        rv = self.client.post(url, data=form)
+        assert rv.status_code == 302
+
+        user = User.objects.filter(id=self.users[0].id).first()
+        assert user
+        assert user.location == LOCATION
+        assert user.website == WEBSITE
+        assert user.github_id == GITHUB_ID
+
     def test_follow_user_api(self):
         # test follow
         self.login(0)