diff --git a/apps/advanced/backstage/config/main.php b/apps/advanced/backstage/config/main.php
index 6204f50..d47904a 100644
--- a/apps/advanced/backstage/config/main.php
+++ b/apps/advanced/backstage/config/main.php
@@ -19,7 +19,7 @@ return array(
 		'cache' => $params['components.cache'],
 		'user' => array(
 			'class' => 'yii\web\User',
-			'identityClass' => 'app\models\User',
+			'identityClass' => 'common\models\User',
 		),
 		'assetManager' => array(
 			'bundles' => require(__DIR__ . '/assets.php'),
diff --git a/apps/advanced/backstage/controllers/SiteController.php b/apps/advanced/backstage/controllers/SiteController.php
index 192884b..d40738a 100644
--- a/apps/advanced/backstage/controllers/SiteController.php
+++ b/apps/advanced/backstage/controllers/SiteController.php
@@ -4,20 +4,10 @@ namespace backstage\controllers;
 
 use Yii;
 use yii\web\Controller;
-use app\models\LoginForm;
-use app\models\ContactForm;
+use common\models\LoginForm;
 
 class SiteController extends Controller
 {
-	public function actions()
-	{
-		return array(
-			'captcha' => array(
-				'class' => 'yii\web\CaptchaAction',
-			),
-		);
-	}
-
 	public function actionIndex()
 	{
 		echo $this->render('index');
@@ -40,22 +30,4 @@ class SiteController extends Controller
 		Yii::$app->getUser()->logout();
 		Yii::$app->getResponse()->redirect(array('site/index'));
 	}
-
-	public function actionContact()
-	{
-		$model = new ContactForm;
-		if ($this->populate($_POST, $model) && $model->contact(Yii::$app->params['adminEmail'])) {
-			Yii::$app->session->setFlash('contactFormSubmitted');
-			Yii::$app->response->refresh();
-		} else {
-			echo $this->render('contact', array(
-				'model' => $model,
-			));
-		}
-	}
-
-	public function actionAbout()
-	{
-		echo $this->render('about');
-	}
 }
diff --git a/apps/advanced/backstage/views/layouts/main.php b/apps/advanced/backstage/views/layouts/main.php
index 635e118..44117f4 100644
--- a/apps/advanced/backstage/views/layouts/main.php
+++ b/apps/advanced/backstage/views/layouts/main.php
@@ -31,8 +31,6 @@ $this->registerAssetBundle('app');
 						'options' => array('class' => 'nav'),
 						'items' => array(
 							array('label' => 'Home', 'url' => array('/site/index')),
-							array('label' => 'About', 'url' => array('/site/about')),
-							array('label' => 'Contact', 'url' => array('/site/contact')),
 							Yii::$app->user->isGuest ?
 								array('label' => 'Login', 'url' => array('/site/login')) :
 								array('label' => 'Logout (' . Yii::$app->user->identity->username .')' , 'url' => array('/site/logout')),
diff --git a/apps/advanced/backstage/views/site/about.php b/apps/advanced/backstage/views/site/about.php
deleted file mode 100644
index 86e19e1..0000000
--- a/apps/advanced/backstage/views/site/about.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-use yii\helpers\Html;
-/**
- * @var yii\base\View $this
- */
-$this->title = 'About';
-$this->params['breadcrumbs'][] = $this->title;
-?>
-<h1><?php echo Html::encode($this->title); ?></h1>
-
-<p>
-	This is the About page. You may modify the following file to customize its content:
-</p>
-
-<code><?php echo __FILE__; ?></code>
-
diff --git a/apps/advanced/backstage/views/site/contact.php b/apps/advanced/backstage/views/site/contact.php
deleted file mode 100644
index e740d0f..0000000
--- a/apps/advanced/backstage/views/site/contact.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-use yii\helpers\Html;
-use yii\widgets\ActiveForm;
-use yii\widgets\Captcha;
-
-/**
- * @var yii\base\View $this
- * @var yii\widgets\ActiveForm $form
- * @var app\models\ContactForm $model
- */
-$this->title = 'Contact';
-$this->params['breadcrumbs'][] = $this->title;
-?>
-<h1><?php echo Html::encode($this->title); ?></h1>
-
-<?php if (Yii::$app->session->hasFlash('contactFormSubmitted')): ?>
-<div class="alert alert-success">
-	Thank you for contacting us. We will respond to you as soon as possible.
-</div>
-<?php return; endif; ?>
-
-<p>
-	If you have business inquiries or other questions, please fill out the following form to contact us. Thank you.
-</p>
-
-<?php $form = ActiveForm::begin(array(
-	'options' => array('class' => 'form-horizontal'),
-	'fieldConfig' => array('inputOptions' => array('class' => 'input-xlarge')),
-)); ?>
-	<?php echo $form->field($model, 'name')->textInput(); ?>
-	<?php echo $form->field($model, 'email')->textInput(); ?>
-	<?php echo $form->field($model, 'subject')->textInput(); ?>
-	<?php echo $form->field($model, 'body')->textArea(array('rows' => 6)); ?>
-	<?php
-		$field = $form->field($model, 'verifyCode');
-		echo $field->begin()
-			. $field->label()
-			. Captcha::widget()
-			. Html::activeTextInput($model, 'verifyCode', array('class' => 'input-medium'))
-			. $field->error()
-			. $field->end();
-	?>
-	<div class="form-actions">
-		<?php echo Html::submitButton('Submit', null, null, array('class' => 'btn btn-primary')); ?>
-	</div>
-<?php ActiveForm::end(); ?>
diff --git a/apps/advanced/frontend/models/LoginForm.php b/apps/advanced/common/models/LoginForm.php
similarity index 97%
rename from apps/advanced/frontend/models/LoginForm.php
rename to apps/advanced/common/models/LoginForm.php
index f5e131d..4631dbd 100644
--- a/apps/advanced/frontend/models/LoginForm.php
+++ b/apps/advanced/common/models/LoginForm.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace frontend\models;
+namespace common\models;
 
 use Yii;
 use yii\base\Model;
diff --git a/apps/advanced/common/models/User.php b/apps/advanced/common/models/User.php
index 035f1fb..110487e 100644
--- a/apps/advanced/common/models/User.php
+++ b/apps/advanced/common/models/User.php
@@ -1,42 +1,58 @@
 <?php
-
 namespace common\models;
 
-class User extends \yii\base\Object implements \yii\web\Identity
+use yii\db\ActiveRecord;
+use yii\helpers\SecurityHelper;
+use yii\web\Identity;
+
+/**
+ * Class User
+ * @package common\models
+ *
+ * @property integer $id
+ * @property string $username
+ * @property string $password_hash
+ * @property string $email
+ * @property string $auth_key
+ * @property integer $role
+ * @property integer $status
+ * @property integer $create_time
+ * @property integer $update_time
+ */
+class User extends ActiveRecord implements Identity
 {
-	public $id;
-	public $username;
+	/**
+	 * @var string the raw password. Used to collect password input and isn't saved in database
+	 */
 	public $password;
-	public $authKey;
-
-	private static $users = array(
-		'100' => array(
-			'id' => '100',
-			'username' => 'admin',
-			'password' => 'admin',
-			'authKey' => 'test100key',
-		),
-		'101' => array(
-			'id' => '101',
-			'username' => 'demo',
-			'password' => 'demo',
-			'authKey' => 'test101key',
-		),
-	);
+
+	const STATUS_DELETED = 0;
+	const STATUS_ACTIVE = 10;
+
+	const ROLE_USER = 10;
+
+	public function behaviors()
+	{
+		return array(
+			'timestamp' => array(
+				'class' => 'yii\behaviors\AutoTimestamp',
+				'attributes' => array(
+					ActiveRecord::EVENT_BEFORE_INSERT => 'create_time',
+					ActiveRecord::EVENT_BEFORE_INSERT => 'update_time',
+					ActiveRecord::EVENT_BEFORE_UPDATE => 'update_time',
+				),
+			),
+		);
+	}
 
 	public static function findIdentity($id)
 	{
-		return isset(self::$users[$id]) ? new self(self::$users[$id]) : null;
+		return static::find($id);
 	}
 
 	public static function findByUsername($username)
 	{
-		foreach (self::$users as $user) {
-			if (strcasecmp($user['username'], $username) === 0) {
-				return new self($user);
-			}
-		}
-		return null;
+		return static::find(array('username' => $username, 'status' => static::STATUS_ACTIVE));
 	}
 
 	public function getId()
@@ -46,16 +62,54 @@ class User extends \yii\base\Object implements \yii\web\Identity
 
 	public function getAuthKey()
 	{
-		return $this->authKey;
+		return $this->auth_key;
 	}
 
 	public function validateAuthKey($authKey)
 	{
-		return $this->authKey === $authKey;
+		return $this->auth_key === $authKey;
 	}
 
 	public function validatePassword($password)
 	{
-		return $this->password === $password;
+		return SecurityHelper::validatePassword($password, $this->password_hash);
+	}
+
+	public function rules()
+	{
+		return array(
+			array('username', 'filter', 'filter' => 'trim'),
+			array('username', 'required'),
+			array('username', 'length', 'min' => 2, 'max' => 255),
+
+			array('email', 'filter', 'filter' => 'trim'),
+			array('email', 'required'),
+			array('email', 'email'),
+			array('email', 'unique', 'message' => 'This email address has already been taken.'),
+
+			array('password', 'required'),
+			array('password', 'length', 'min' => 6),
+		);
+	}
+
+	public function scenarios()
+	{
+		return array(
+			'signup' => array('username', 'email', 'password'),
+			'login' => array('username', 'password'),
+		);
+	}
+
+	public function beforeSave($insert)
+	{
+		if(parent::beforeSave($insert)) {
+			if($this->isNewRecord) {
+				if(!empty($this->password)) {
+					$this->password_hash = SecurityHelper::generatePasswordHash($this->password);
+				}
+			}
+			return true;
+		}
+		return false;
 	}
 }
diff --git a/apps/advanced/frontend/config/main.php b/apps/advanced/frontend/config/main.php
index eac7c4d..e83ac26 100644
--- a/apps/advanced/frontend/config/main.php
+++ b/apps/advanced/frontend/config/main.php
@@ -19,7 +19,7 @@ return array(
 		'cache' => $params['components.cache'],
 		'user' => array(
 			'class' => 'yii\web\User',
-			'identityClass' => 'app\models\User',
+			'identityClass' => 'common\models\User',
 		),
 		'assetManager' => array(
 			'bundles' => require(__DIR__ . '/assets.php'),
diff --git a/apps/advanced/frontend/controllers/SiteController.php b/apps/advanced/frontend/controllers/SiteController.php
index d2ea5a6..cd3339c 100644
--- a/apps/advanced/frontend/controllers/SiteController.php
+++ b/apps/advanced/frontend/controllers/SiteController.php
@@ -4,8 +4,8 @@ namespace frontend\controllers;
 
 use Yii;
 use yii\web\Controller;
-use app\models\LoginForm;
-use app\models\ContactForm;
+use common\models\LoginForm;
+use frontend\models\ContactForm;
 
 class SiteController extends Controller
 {
diff --git a/apps/advanced/frontend/models/User.php b/apps/advanced/frontend/models/User.php
deleted file mode 100644
index 8a60503..0000000
--- a/apps/advanced/frontend/models/User.php
+++ /dev/null
@@ -1,61 +0,0 @@
-<?php
-
-namespace frontend\models;
-
-class User extends \yii\base\Object implements \yii\web\Identity
-{
-	public $id;
-	public $username;
-	public $password;
-	public $authKey;
-
-	private static $users = array(
-		'100' => array(
-			'id' => '100',
-			'username' => 'admin',
-			'password' => 'admin',
-			'authKey' => 'test100key',
-		),
-		'101' => array(
-			'id' => '101',
-			'username' => 'demo',
-			'password' => 'demo',
-			'authKey' => 'test101key',
-		),
-	);
-
-	public static function findIdentity($id)
-	{
-		return isset(self::$users[$id]) ? new self(self::$users[$id]) : null;
-	}
-
-	public static function findByUsername($username)
-	{
-		foreach (self::$users as $user) {
-			if (strcasecmp($user['username'], $username) === 0) {
-				return new self($user);
-			}
-		}
-		return null;
-	}
-
-	public function getId()
-	{
-		return $this->id;
-	}
-
-	public function getAuthKey()
-	{
-		return $this->authKey;
-	}
-
-	public function validateAuthKey($authKey)
-	{
-		return $this->authKey === $authKey;
-	}
-
-	public function validatePassword($password)
-	{
-		return $this->password === $password;
-	}
-}