Index: lams_admin/conf/language/ApplicationResources.properties
===================================================================
diff -u -r345f430043a4687f28474cc4761098b9f3658cc3 -r56856bd68b40ca6b0bdf1e13c6812ed23063fb25
--- lams_admin/conf/language/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision 345f430043a4687f28474cc4761098b9f3658cc3)
+++ lams_admin/conf/language/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision 56856bd68b40ca6b0bdf1e13c6812ed23063fb25)
@@ -35,6 +35,10 @@
 error.need.sysadmin = You need to have the sys admin role to do this.
 error.roles.empty = You need to assign at least one role.
 error.userid.invalid = Invalid User Id.
+error.firstname.required = First name is required.
+error.lastname.required = Last Name is required.
+error.email.required = Email address is required.
+error.valid.email.required = Valid email address is required.
 
 #======================= Warning Messages ==========================# 
 msg.user.add.to.parent.group = User/s marked with a '*' will be automatically added to the parent group with the same roles.
Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserSaveAction.java
===================================================================
diff -u -r08950e1090443c3423a3d1c587416a2fccd8bbdf -r56856bd68b40ca6b0bdf1e13c6812ed23063fb25
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserSaveAction.java	(.../UserSaveAction.java)	(revision 08950e1090443c3423a3d1c587416a2fccd8bbdf)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/UserSaveAction.java	(.../UserSaveAction.java)	(revision 56856bd68b40ca6b0bdf1e13c6812ed23063fb25)
@@ -26,6 +26,8 @@
 
 import java.util.Date;
 import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -81,6 +83,7 @@
 			HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
 
+		// action input
 		ActionMessages errors = new ActionMessages();
 		DynaActionForm userForm = (DynaActionForm) form;
 		Integer orgId = (Integer) userForm.get("orgId");
@@ -102,6 +105,7 @@
 
 		if (userId != 0) edit = true;
 
+		// (dyna)form validation
 		if ((userForm.get("login") == null) || (userForm.getString("login").trim().length() == 0)) {
 			errors.add("login", new ActionMessage("error.login.required"));
 		}
@@ -112,6 +116,21 @@
 			passwordChanged = false;
 			if (!edit) errors.add("password", new ActionMessage("error.password.required"));
 		}
+		if ((userForm.get("firstName") == null) || (userForm.getString("firstName").trim().length() == 0)) {
+			errors.add("firstName", new ActionMessage("error.firstname.required"));
+		}
+		if ((userForm.get("lastName") == null) || (userForm.getString("lastName").trim().length() == 0)) {
+			errors.add("lastName", new ActionMessage("error.lastname.required"));
+		}
+		if ((userForm.get("email") == null) || (userForm.getString("email").trim().length() == 0)) {
+			errors.add("email", new ActionMessage("error.email.required"));
+		} else {
+			Pattern p = Pattern.compile(".+@.+\\.[a-z]+");
+			Matcher m = p.matcher(userForm.getString("email"));
+			if (!m.matches()) {
+				errors.add("email", new ActionMessage("error.valid.email.required"));
+			}
+		}
 		
 		User user = null;
 		if (errors.isEmpty()) {
Index: lams_central/conf/language/ApplicationResources.properties
===================================================================
diff -u -rf13a83ab0b734b566a297559e47ac3c3e905d4ec -r56856bd68b40ca6b0bdf1e13c6812ed23063fb25
--- lams_central/conf/language/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision f13a83ab0b734b566a297559e47ac3c3e905d4ec)
+++ lams_central/conf/language/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision 56856bd68b40ca6b0bdf1e13c6812ed23063fb25)
@@ -156,5 +156,9 @@
 error.portrait.not.image  =The file is not an image (PNG, GIF, JPG, WBMP and BMP formats allowed).
 msg.portrait.resized  =Note: image will be resized to fit inside 120x120 pixels. The image formats allowed are: PNG, GIF, JPG, WBMP and BMP.
 msg.design.not.saved=Your design is not saved, any changes you have made since you last saved will be lost.
+error.firstname.required = First name is required.
+error.lastname.required = Last Name is required.
+error.email.required = Email address is required.
+error.valid.email.required = Valid email address is required.
 
 #======= End labels: Exported 148 labels for en AU =====
Index: lams_central/src/java/org/lamsfoundation/lams/web/ProfileSaveAction.java
===================================================================
diff -u -r08950e1090443c3423a3d1c587416a2fccd8bbdf -r56856bd68b40ca6b0bdf1e13c6812ed23063fb25
--- lams_central/src/java/org/lamsfoundation/lams/web/ProfileSaveAction.java	(.../ProfileSaveAction.java)	(revision 08950e1090443c3423a3d1c587416a2fccd8bbdf)
+++ lams_central/src/java/org/lamsfoundation/lams/web/ProfileSaveAction.java	(.../ProfileSaveAction.java)	(revision 56856bd68b40ca6b0bdf1e13c6812ed23063fb25)
@@ -24,6 +24,9 @@
 /* $Id$ */
 package org.lamsfoundation.lams.web;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -33,6 +36,8 @@
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
+import org.apache.struts.action.ActionMessage;
+import org.apache.struts.action.ActionMessages;
 import org.apache.struts.action.DynaActionForm;
 import org.lamsfoundation.lams.usermanagement.SupportedLocale;
 import org.lamsfoundation.lams.usermanagement.User;
@@ -68,8 +73,35 @@
 			return mapping.findForward("profile");
 		}
 		
+		ActionMessages errors = new ActionMessages();
 		User requestor = (User)getService().getUserByLogin(request.getRemoteUser());
 		DynaActionForm userForm = (DynaActionForm)form;
+		
+		// check requestor is same as user being edited
+		log.debug("requestor: "+requestor.getLogin()+", form login: "+userForm.get("login"));
+		if(!requestor.getLogin().equals(userForm.get("login"))){
+			errors.add(ActionMessages.GLOBAL_MESSAGE,new ActionMessage("error.authorisation"));
+			saveErrors(request,errors);
+			return (mapping.getInputForward());
+		}
+		
+		// (dyna)form validation
+		if ((userForm.get("firstName") == null) || (userForm.getString("firstName").trim().length() == 0)) {
+			errors.add("firstName", new ActionMessage("error.firstname.required"));
+		}
+		if ((userForm.get("lastName") == null) || (userForm.getString("lastName").trim().length() == 0)) {
+			errors.add("lastName", new ActionMessage("error.lastname.required"));
+		}
+		if ((userForm.get("email") == null) || (userForm.getString("email").trim().length() == 0)) {
+			errors.add("email", new ActionMessage("error.email.required"));
+		} else {
+			Pattern p = Pattern.compile(".+@.+\\.[a-z]+");
+			Matcher m = p.matcher(userForm.getString("email"));
+			if (!m.matches()) {
+				errors.add("email", new ActionMessage("error.valid.email.required"));
+			}
+		}
+		
 		BeanUtils.copyProperties(requestor,userForm);
 		SupportedLocale locale = (SupportedLocale) getService().findById(SupportedLocale.class, (Byte)userForm.get("localeId"));
 		requestor.setLocale(locale);
@@ -87,4 +119,4 @@
 		return service;
 	}
 
-}
+}
\ No newline at end of file