diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 7ffca0c73d06..853049d20568 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -77,7 +77,16 @@ class Handler extends ExceptionHandler
         {
             return response()->json(['message'=>'Fatal error', 500]);
         }
-
+/*        else if ($exception instanceof \Illuminate\Session\TokenMismatchException)
+        {
+            return redirect()
+                    ->back()
+                    ->withInput($request->except('password'))
+                    ->with([
+                        'message' => ctrans('texts.token_expired'),
+                        'message-type' => 'danger']);
+        }   
+*/
         return parent::render($request, $exception);
 
     }
diff --git a/app/Http/Controllers/ClientPortal/ProfileController.php b/app/Http/Controllers/ClientPortal/ProfileController.php
index 85db14345032..2f2cb45bc5d9 100644
--- a/app/Http/Controllers/ClientPortal/ProfileController.php
+++ b/app/Http/Controllers/ClientPortal/ProfileController.php
@@ -13,6 +13,7 @@ namespace App\Http\Controllers\ClientPortal;
 
 use App\Http\Controllers\Controller;
 use App\Http\Requests\ClientPortal\UpdateContactRequest;
+use App\Http\Requests\ClientPortal\UpdateSettingsRequest;
 use App\Jobs\Util\UploadAvatar;
 use App\Models\ClientContact;
 use Illuminate\Http\Request;
@@ -89,4 +90,14 @@ class ProfileController extends Controller
         return back();
     }
 
+    public function settings()
+    {
+        return view('portal.default.settings.index');   
+    }
+
+    public function updateSettings(UpdateSettingsRequest $request)
+    {
+
+        return back();
+    }
 }
diff --git a/app/Http/Requests/ClientPortal/UpdateContactRequest.php b/app/Http/Requests/ClientPortal/UpdateContactRequest.php
index ef6b783fe033..686a665aeffe 100644
--- a/app/Http/Requests/ClientPortal/UpdateContactRequest.php
+++ b/app/Http/Requests/ClientPortal/UpdateContactRequest.php
@@ -12,10 +12,13 @@
 namespace App\Http\Requests\ClientPortal;
 
 use App\Http\Requests\Request;
+use App\Utils\Traits\MakesHash;
 use Zend\Diactoros\Response\JsonResponse;
 
 class UpdateContactRequest extends Request
 {
+    use MakesHash;
+    
     /**
      * Determine if the user is authorized to make this request.
      *
@@ -24,7 +27,7 @@ class UpdateContactRequest extends Request
 
     public function authorize() : bool
     {
-        return true;
+        return $this->encodePrimaryKey(auth()->user()->id) === request()->segment(3);
     }
 
     public function rules()
@@ -33,7 +36,8 @@ class UpdateContactRequest extends Request
         return [
             'first_name' => 'required',
             'last_name' => 'required',
-            'email' => 'required|email',
+            //'email' => 'required|email',
+            'email' => 'required|email|unique:client_contacts,email,' . auth()->user()->id,
             'password' => 'sometimes|nullable|min:6|confirmed',
             'file' => 'sometimes|nullable|max:100000|mimes:png,svg,jpeg,gif,jpg,bmp'
         ];
diff --git a/app/Http/Requests/ClientPortal/UpdateSettingsRequest.php b/app/Http/Requests/ClientPortal/UpdateSettingsRequest.php
new file mode 100644
index 000000000000..5f2f156aad9d
--- /dev/null
+++ b/app/Http/Requests/ClientPortal/UpdateSettingsRequest.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com)
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2019. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://opensource.org/licenses/AAL
+ */
+
+namespace App\Http\Requests\ClientPortal;
+
+use App\Http\Requests\Request;
+use App\Utils\Traits\MakesHash;
+
+class UpdateSettingsRequest extends Request
+{
+    use MakesHash;
+    
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+
+    public function authorize() : bool
+    {
+        return $this->encodePrimaryKey(auth()->user()->id) === request()->segment(3);
+    }
+
+    public function rules()
+    {
+
+        return [
+        ];
+
+    }
+
+    
+
+}
+
diff --git a/resources/views/portal/default/header.blade.php b/resources/views/portal/default/header.blade.php
index 7507f5bf8772..5fa6ce425d48 100644
--- a/resources/views/portal/default/header.blade.php
+++ b/resources/views/portal/default/header.blade.php
@@ -51,7 +51,7 @@
                 </div>
                 <a class="dropdown-item" href="{{ route('client.profile.edit', ['id' => auth()->user()->hashed_id])}}">
                     <i class="fa fa-user"></i> @lang('texts.profile')</a>
-                <a class="dropdown-item" href="">
+                <a class="dropdown-item" href="{{ route('client.profile.settings', ['id' => auth()->user()->hashed_id])}}">
                     <i class="fa fa-wrench"></i> @lang('texts.settings')</a>
 
                 <div class="dropdown-divider"></div>
diff --git a/resources/views/portal/default/settings/index.blade.php b/resources/views/portal/default/settings/index.blade.php
new file mode 100644
index 000000000000..727d27b59745
--- /dev/null
+++ b/resources/views/portal/default/settings/index.blade.php
@@ -0,0 +1,110 @@
+@extends('portal.default.layouts.master')
+@push('css')
+  <link href="/vendors/css/select2.min.css" rel="stylesheet">
+  <link href="/vendors/css/select2-bootstrap4.css" rel="stylesheet">
+  <style>    
+    select {border: 1px solid  !important;}
+    .select2-container--bootstrap4 .select2-selection--single 
+    {
+      border: 1px solid #e4e7ea !important;
+    }
+
+  </style>
+@endpush
+@section('body')
+  <main class="main">
+
+      <div class="container-fluid">
+		    <div class="row" style="padding-top: 30px;">
+
+          @if (Session::has('error'))
+              <div class="alert alert-danger">{!! Session::get('error') !!}</div>
+          @endif
+          <div class="col-sm-3" style="padding-bottom: 10px;">
+
+              {!! Former::framework('TwitterBootstrap4'); !!}
+
+              {!! Former::horizontal_open()
+                    ->id('update_settings')
+                    ->route('client.profile.update_settings', auth()->user()->hashed_id)
+                    ->method('PUT');	!!}
+              
+              @csrf
+
+              <div class="card">
+
+                  <div class="card-header">
+                  
+                      <strong>{{ ctrans('texts.avatar') }}</strong>
+
+                  </div>
+
+                  <div class="card-body align-items-center">
+
+                      @if(auth()->user()->avatar)
+                      <img src="{{ auth()->user()->avatar }}" class="img-fluid">
+                      @else
+                      <i class="fa fa-user fa-5x"></i>
+                      @endif
+
+                      {!! Former::file('avatar')
+                          ->max(2, 'MB')
+                          ->accept('image')
+                          ->label('')
+                          ->inlineHelp(trans('texts.logo_help')) !!}
+
+                  </div>
+
+                  <div class="card-footer">
+                  </div>
+
+              </div>
+
+          </div>
+
+          <div class="col-sm-6" style="padding-bottom: 10px;">
+              
+              <div class="card">
+
+                  <div class="card-header">
+                  
+                      <strong> {{ ctrans('texts.user_details') }}</strong>
+
+                  </div>
+
+                  <div class="card-body">
+                  
+                  {!! Former::text('first_name')->placeholder( ctrans('texts.first_name'))->label('')->value(auth()->user()->first_name)!!}
+
+                  {!! Former::text('last_name')->placeholder( ctrans('texts.last_name'))->label('')->value(auth()->user()->last_name) !!}
+
+                  {!! Former::text('email')->placeholder( ctrans('texts.email'))->label('')->value(auth()->user()->email) !!}
+
+                  {!! Former::text('phone')->placeholder( ctrans('texts.phone'))->label('')->value(auth()->user()->phone) !!}
+
+                  {!! Former::password('password')->placeholder( ctrans('texts.password'))->label('') !!}
+
+                  {!! Former::password('password_confirmation')->placeholder( ctrans('texts.confirm_password'))->label('') !!}
+
+                  </div>
+
+                  <div class="card-footer">
+
+                      <button class="btn btn-primary pull-right">{{ ctrans('texts.save') }}</button>
+
+                  </div>
+
+              </div>
+
+              {!! Former::close() !!}
+
+          </div>
+
+		    </div>
+
+    </div>
+
+  </main>
+
+</body>
+@endsection
\ No newline at end of file
diff --git a/routes/client.php b/routes/client.php
index 68d13207ad47..ecda7d6cfe0e 100644
--- a/routes/client.php
+++ b/routes/client.php
@@ -18,6 +18,8 @@ Route::group(['middleware' => ['auth:contact'], 'prefix' => 'client', 'as' => 'c
 	Route::get('invoices', 'ClientPortal\InvoiceController@index')->name('invoices.index'); // name = (dashboard. index / create / show / update / destroy / edit
 	Route::get('profile/{client_contact}/edit', 'ClientPortal\ProfileController@edit')->name('profile.edit');
 	Route::put('profile/{client_contact}/edit', 'ClientPortal\ProfileController@update')->name('profile.update');
+	Route::get('profile/{client_contact}/settings', 'ClientPortal\ProfileController@settings')->name('profile.settings');
+	Route::put('profile/{client_contact}/settings', 'ClientPortal\ProfileController@updateSettings')->name('profile.update_settings');
 
 	Route::post('document', 'ClientPortal\DocumentController@store')->name('document.store');
 	Route::delete('document', 'ClientPortal\DocumentController@destroy')->name('document.destroy');