diff --git a/README.md b/README.md
index f98ce8bb..da3267fb 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
   <li>Supported alternative registration methods:<br>
   <ul>
     <li>PHPBB, VBulletin: MD5VB - PHPBB</li>
+    <li>Xenforo: XFBCRYPT</li>
     <li>MyBB: MYBB</li>
     <li>IPB3: IPB3</li>
     <li>PhpFusion: PHPFUSION</li>
diff --git a/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java b/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java
index a446a4e9..ec2b7d98 100644
--- a/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java
+++ b/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java
@@ -27,12 +27,7 @@ public class ChangePasswordAdminCommand implements ExecutableCommand {
 
         // Validate the password
         String playerPassLowerCase = playerPass.toLowerCase();
-        // TODO #308: Remove this check
-        if (playerPassLowerCase.contains("delete") || playerPassLowerCase.contains("where")
-            || playerPassLowerCase.contains("insert") || playerPassLowerCase.contains("modify")
-            || playerPassLowerCase.contains("from") || playerPassLowerCase.contains("select")
-            || playerPassLowerCase.contains(";") || playerPassLowerCase.contains("null")
-            || !playerPassLowerCase.matches(Settings.getPassRegex)) {
+        if (!playerPassLowerCase.matches(Settings.getPassRegex)) {
             commandService.send(sender, MessageKey.PASSWORD_MATCH_ERROR);
             return;
         }
diff --git a/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java b/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java
index 640cdb8b..46916b7b 100644
--- a/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java
+++ b/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java
@@ -27,12 +27,7 @@ public class RegisterAdminCommand implements ExecutableCommand {
         final String playerPassLowerCase = playerPass.toLowerCase();
 
         // Command logic
-        // TODO #308: Remove the check for SQL keywords
-        if (playerPassLowerCase.contains("delete") || playerPassLowerCase.contains("where")
-            || playerPassLowerCase.contains("insert") || playerPassLowerCase.contains("modify")
-            || playerPassLowerCase.contains("from") || playerPassLowerCase.contains("select")
-            || playerPassLowerCase.contains(";") || playerPassLowerCase.contains("null")
-            || !playerPassLowerCase.matches(Settings.getPassRegex)) {
+        if (!playerPassLowerCase.matches(Settings.getPassRegex)) {
             commandService.send(sender, MessageKey.PASSWORD_MATCH_ERROR);
             return;
         }
diff --git a/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java b/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java
index ca3639c0..0d1cdc48 100644
--- a/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java
+++ b/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java
@@ -32,12 +32,7 @@ public class ChangePasswordCommand extends PlayerCommand {
 
         // Make sure the password is allowed
         String playerPassLowerCase = newPassword.toLowerCase();
-        // TODO #308: Remove SQL keywords check
-        if (playerPassLowerCase.contains("delete") || playerPassLowerCase.contains("where")
-            || playerPassLowerCase.contains("insert") || playerPassLowerCase.contains("modify")
-            || playerPassLowerCase.contains("from") || playerPassLowerCase.contains("select")
-            || playerPassLowerCase.contains(";") || playerPassLowerCase.contains("null")
-            || !playerPassLowerCase.matches(Settings.getPassRegex)) {
+        if (!playerPassLowerCase.matches(Settings.getPassRegex)) {
             commandService.send(player, MessageKey.PASSWORD_MATCH_ERROR);
             return;
         }
diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index fd11d9ea..9e459ad7 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -104,7 +104,12 @@ public class MySQL implements DataSource {
         ds = new HikariDataSource();
         ds.setPoolName("AuthMeMYSQLPool");
         ds.setDriverClassName("com.mysql.jdbc.Driver");
-        ds.setJdbcUrl("jdbc:mysql://" + this.host + ":" + this.port + "/" + this.database + "?rewriteBatchedStatements=true&jdbcCompliantTruncation=false");
+        ds.setJdbcUrl("jdbc:mysql://" + this.host + ":" + this.port + "/" + this.database);
+        ds.addDataSourceProperty("rewriteBatchedStatements", "true");
+        ds.addDataSourceProperty("jdbcCompliantTruncation", "false");
+        ds.addDataSourceProperty("cachePrepStmts", "true");
+        ds.addDataSourceProperty("prepStmtCacheSize", "250");
+        ds.addDataSourceProperty("prepStmtCacheSqlLimit", "2048");
         ds.setUsername(this.username);
         ds.setPassword(this.password);
         ds.setInitializationFailFast(true); // Don't start the plugin if the database is unavailable
@@ -329,17 +334,18 @@ public class MySQL implements DataSource {
             boolean useSalt = !columnSalt.isEmpty() || !StringUtils.isEmpty(auth.getPassword().getSalt());
             sql = "INSERT INTO " + tableName + "("
                 + columnName + "," + columnPassword + "," + columnIp + ","
-                + columnLastLogin + "," + columnRealName
+                + columnLastLogin + "," + columnRealName + "," + columnEmail
                 + (useSalt ? "," + columnSalt : "")
-                + ") VALUES (?,?,?,?,?" + (useSalt ? ",?" : "") + ");";
+                + ") VALUES (?,?,?,?,?,?" + (useSalt ? ",?" : "") + ");";
             pst = con.prepareStatement(sql);
             pst.setString(1, auth.getNickname());
             pst.setString(2, auth.getPassword().getHash());
             pst.setString(3, auth.getIp());
             pst.setLong(4, auth.getLastLogin());
             pst.setString(5, auth.getRealName());
+            pst.setString(6, auth.getEmail());
             if (useSalt) {
-                pst.setString(6, auth.getPassword().getSalt());
+                pst.setString(7, auth.getPassword().getSalt());
             }
             pst.executeUpdate();
             pst.close();
@@ -496,10 +502,12 @@ public class MySQL implements DataSource {
                 rs = pst.executeQuery();
                 if (rs.next()) {
                     int id = rs.getInt(columnID);
-                    pst2 = con.prepareStatement("INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?);");
+                    sql = "INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?)";
+                    pst2 = con.prepareStatement(sql);
                     pst2.setInt(1, id);
-                    pst2.setString(2, "XenForo_Authentication_Core12");
-                    byte[] bytes = auth.getPassword().getHash().getBytes();
+                    pst2.setString(2, XFBCRYPT.SCHEME_CLASS);
+                    String serializedHash = XFBCRYPT.serializeHash(auth.getPassword().getHash());
+                    byte[] bytes = serializedHash.getBytes();
                     Blob blob = con.createBlob();
                     blob.setBytes(1, bytes);
                     pst2.setBlob(3, blob);
@@ -554,7 +562,8 @@ public class MySQL implements DataSource {
                     // Insert password in the correct table
                     sql = "UPDATE xf_user_authenticate SET data=? WHERE " + columnID + "=?;";
                     PreparedStatement pst2 = con.prepareStatement(sql);
-                    byte[] bytes = password.getHash().getBytes();
+                    String serializedHash = XFBCRYPT.serializeHash(password.getHash());
+                    byte[] bytes = serializedHash.getBytes();
                     Blob blob = con.createBlob();
                     blob.setBytes(1, bytes);
                     pst2.setBlob(1, blob);
@@ -564,7 +573,7 @@ public class MySQL implements DataSource {
                     // ...
                     sql = "UPDATE xf_user_authenticate SET scheme_class=? WHERE " + columnID + "=?;";
                     pst2 = con.prepareStatement(sql);
-                    pst2.setString(1, "XenForo_Authentication_Core12");
+                    pst2.setString(1, XFBCRYPT.SCHEME_CLASS);
                     pst2.setInt(2, id);
                     pst2.executeUpdate();
                     pst2.close();
@@ -618,15 +627,18 @@ public class MySQL implements DataSource {
     public synchronized List<String> autoPurgeDatabase(long until) {
         List<String> list = new ArrayList<>();
         try (Connection con = getConnection()) {
-            String sql = "SELECT " + columnName + " FROM " + tableName + " WHERE " + columnLastLogin + "<" + until;
-            Statement st = con.createStatement();
-            ResultSet rs = st.executeQuery(sql);
+            String sql = "SELECT " + columnName + " FROM " + tableName + " WHERE " + columnLastLogin + "<?;";
+            PreparedStatement st = con.prepareStatement(sql);
+            st.setLong(1, until);
+            ResultSet rs = st.executeQuery();
             while (rs.next()) {
                 list.add(rs.getString(columnName));
             }
             rs.close();
-            sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<" + until;
-            st.executeUpdate(sql);
+            sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<?;";
+            st = con.prepareStatement(sql);
+            st.setLong(1, until);
+            st.executeUpdate();
             st.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
@@ -648,9 +660,10 @@ public class MySQL implements DataSource {
                 ResultSet rs = pst.executeQuery();
                 if (rs.next()) {
                     int id = rs.getInt(columnID);
-                    sql = "DELETE FROM xf_user_authenticate WHERE " + columnID + "=" + id;
-                    Statement st = con.createStatement();
-                    st.executeUpdate(sql);
+                    sql = "DELETE FROM xf_user_authenticate WHERE " + columnID + "=?;";
+                    PreparedStatement st = con.prepareStatement(sql);
+                    st.setInt(1, id);
+                    st.executeUpdate();
                     st.close();
                 }
                 rs.close();
diff --git a/src/main/java/fr/xephi/authme/datasource/SQLite.java b/src/main/java/fr/xephi/authme/datasource/SQLite.java
index 876bbfa1..9b14b1cc 100644
--- a/src/main/java/fr/xephi/authme/datasource/SQLite.java
+++ b/src/main/java/fr/xephi/authme/datasource/SQLite.java
@@ -1,5 +1,11 @@
 package fr.xephi.authme.datasource;
 
+import fr.xephi.authme.ConsoleLogger;
+import fr.xephi.authme.cache.auth.PlayerAuth;
+import fr.xephi.authme.security.crypts.HashedPassword;
+import fr.xephi.authme.settings.Settings;
+import fr.xephi.authme.util.StringUtils;
+
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.PreparedStatement;
@@ -9,12 +15,6 @@ import java.sql.Statement;
 import java.util.ArrayList;
 import java.util.List;
 
-import fr.xephi.authme.ConsoleLogger;
-import fr.xephi.authme.cache.auth.PlayerAuth;
-import fr.xephi.authme.security.crypts.HashedPassword;
-import fr.xephi.authme.settings.Settings;
-import fr.xephi.authme.util.StringUtils;
-
 /**
  */
 public class SQLite implements DataSource {
@@ -41,7 +41,7 @@ public class SQLite implements DataSource {
      * Constructor for SQLite.
      *
      * @throws ClassNotFoundException Exception
-     * @throws SQLException Exception
+     * @throws SQLException           Exception
      */
     public SQLite() throws ClassNotFoundException, SQLException {
         this.database = Settings.getMySQLDatabase;
@@ -219,23 +219,26 @@ public class SQLite implements DataSource {
                         + "is not set in the config!");
                 }
                 pst = con.prepareStatement("INSERT INTO " + tableName + "(" + columnName + "," + columnPassword +
-                    "," + columnIp + "," + columnLastLogin + "," + columnRealName + ") VALUES (?,?,?,?,?);");
+                    "," + columnIp + "," + columnLastLogin + "," + columnRealName + "," + columnEmail +
+                    ") VALUES (?,?,?,?,?,?);");
                 pst.setString(1, auth.getNickname());
                 pst.setString(2, password.getHash());
                 pst.setString(3, auth.getIp());
                 pst.setLong(4, auth.getLastLogin());
                 pst.setString(5, auth.getRealName());
+                pst.setString(6, auth.getEmail());
                 pst.executeUpdate();
             } else {
                 pst = con.prepareStatement("INSERT INTO " + tableName + "(" + columnName + "," + columnPassword + ","
-                    + columnIp + "," + columnLastLogin + "," + columnSalt + "," + columnRealName
-                    + ") VALUES (?,?,?,?,?,?);");
+                    + columnIp + "," + columnLastLogin + "," + columnRealName + "," + columnEmail + "," + columnSalt
+                    + ") VALUES (?,?,?,?,?,?,?);");
                 pst.setString(1, auth.getNickname());
                 pst.setString(2, password.getHash());
                 pst.setString(3, auth.getIp());
                 pst.setLong(4, auth.getLastLogin());
-                pst.setString(5, password.getSalt());
-                pst.setString(6, auth.getRealName());
+                pst.setString(5, auth.getRealName());
+                pst.setString(6, auth.getEmail());
+                pst.setString(7, password.getSalt());
                 pst.executeUpdate();
             }
         } catch (SQLException ex) {
diff --git a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java
index 2e365e93..f672250c 100644
--- a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java
+++ b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java
@@ -185,7 +185,7 @@ public class AuthMePlayerListener implements Listener {
         }
     }
 
-    @EventHandler(priority = EventPriority.LOWEST)
+    @EventHandler(priority = EventPriority.LOW)
     public void onPlayerJoin(PlayerJoinEvent event) {
         final Player player = event.getPlayer();
         if (player == null) {
diff --git a/src/main/java/fr/xephi/authme/output/MessagesManager.java b/src/main/java/fr/xephi/authme/output/MessagesManager.java
index 3221e334..1308712a 100644
--- a/src/main/java/fr/xephi/authme/output/MessagesManager.java
+++ b/src/main/java/fr/xephi/authme/output/MessagesManager.java
@@ -2,21 +2,18 @@ package fr.xephi.authme.output;
 
 import fr.xephi.authme.ConsoleLogger;
 import fr.xephi.authme.settings.CustomConfiguration;
+import org.bukkit.ChatColor;
 
 import java.io.File;
 
 /**
  * Class responsible for reading messages from a file and formatting them for Minecraft.
- * <p />
+ * <p>
  * This class is used within {@link Messages}, which offers a high-level interface for accessing
  * or sending messages from a properties file.
  */
 class MessagesManager extends CustomConfiguration {
 
-    /** The section symbol, used in Minecraft for formatting codes. */
-    private static final String SECTION_SIGN = "\u00a7";
-
-
     /**
      * Constructor for Messages.
      *
@@ -49,12 +46,10 @@ class MessagesManager extends CustomConfiguration {
     }
 
     static String[] formatMessage(String message) {
-        // TODO: Check that the codes actually exist, i.e. replace &c but not &y
-        // TODO: Allow '&' to be retained with the code '&&'
         String[] lines = message.split("&n");
         for (int i = 0; i < lines.length; ++i) {
             // We don't initialize a StringBuilder here because mostly we will only have one entry
-            lines[i] = lines[i].replace("&", SECTION_SIGN);
+            lines[i] = ChatColor.translateAlternateColorCodes('&', lines[i]);
         }
         return lines;
     }
diff --git a/src/main/java/fr/xephi/authme/permission/PlayerPermission.java b/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
index 8eddb802..9b8fdf60 100644
--- a/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
+++ b/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
@@ -83,7 +83,12 @@ public enum PlayerPermission implements PermissionNode {
 	/**
 	 * Permission to use all player (non-admin) commands.
 	 */
-	PLAYER_ALL("authme.player.*");
+	PLAYER_ALL("authme.player.*"),
+
+	/**
+	 * Permission to use to see own other accounts.
+	 */
+	SEE_OWN_ACCOUNTS("authme.player.seeownaccounts");
 
     /**
      * The permission node.
diff --git a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
index 9b911da1..7109840f 100644
--- a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
+++ b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
@@ -223,8 +223,6 @@ public class AsynchronousLogin {
             return;
         }
         List<String> auths = this.database.getAllAuthsByName(auth);
-        // List<String> uuidlist =
-        // plugin.otherAccounts.getAllPlayersByUUID(player.getUniqueId());
         if (auths.isEmpty()) {
             return;
         }
@@ -232,8 +230,6 @@ public class AsynchronousLogin {
             return;
         }
         StringBuilder message = new StringBuilder("[AuthMe] ");
-        // String uuidaccounts =
-        // "[AuthMe] PlayerNames has %size% links to this UUID : ";
         int i = 0;
         for (String account : auths) {
             i++;
@@ -244,18 +240,13 @@ public class AsynchronousLogin {
                 message.append('.');
             }
         }
-        /*
-         * TODO: Active uuid system i = 0; for (String account : uuidlist) {
-         * i++; uuidaccounts = uuidaccounts + account; if (i != auths.size()) {
-         * uuidaccounts = uuidaccounts + ", "; } else { uuidaccounts =
-         * uuidaccounts + "."; } }
-         */
+
         for (Player player : Utils.getOnlinePlayers()) {
-            if (plugin.getPermissionsManager().hasPermission(player, PlayerPermission.SEE_OTHER_ACCOUNTS)) {
+            if (plugin.getPermissionsManager().hasPermission(player, PlayerPermission.SEE_OTHER_ACCOUNTS)
+            		|| (player.getName().equals(this.player.getName())
+            				&& plugin.getPermissionsManager().hasPermission(player, PlayerPermission.SEE_OWN_ACCOUNTS))) {
                 player.sendMessage("[AuthMe] The player " + auth.getNickname() + " has " + auths.size() + " accounts");
                 player.sendMessage(message.toString());
-                // player.sendMessage(uuidaccounts.replace("%size%",
-                // ""+uuidlist.size()));
             }
         }
     }
diff --git a/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java b/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java
index 0aaa3a73..38c00185 100644
--- a/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java
+++ b/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java
@@ -44,10 +44,7 @@ public class AsyncRegister {
         } else if (!Settings.isRegistrationEnabled) {
             m.send(player, MessageKey.REGISTRATION_DISABLED);
             return false;
-        } else if (passLow.contains("delete") || passLow.contains("where") || passLow.contains("insert")
-            || passLow.contains("modify") || passLow.contains("from") || passLow.contains("select")
-            || passLow.contains(";") || passLow.contains("null") || !passLow.matches(Settings.getPassRegex)) {
-            // TODO #308: Remove check for SQL keywords
+        } else if (!passLow.matches(Settings.getPassRegex)) {
             m.send(player, MessageKey.PASSWORD_MATCH_ERROR);
             return false;
         } else if (passLow.equalsIgnoreCase(player.getName())) {
diff --git a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
index 6666a076..75c6a791 100644
--- a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
@@ -4,6 +4,7 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 public class XFBCRYPT extends BCRYPT {
+    public static final String SCHEME_CLASS = "XenForo_Authentication_Core12";
     private static final Pattern HASH_PATTERN = Pattern.compile("\"hash\";s.*\"(.*)?\"");
 
     @Override
@@ -19,4 +20,8 @@ public class XFBCRYPT extends BCRYPT {
         }
         return "*"; // what?
     }
+
+    public static String serializeHash(String hash) {
+        return "a:1:{s:4:\"hash\";s:" + hash.length() + ":\""+hash+"\";}";
+    }
 }
diff --git a/src/main/resources/plugin.yml b/src/main/resources/plugin.yml
index 69e954e3..e5c28b15 100644
--- a/src/main/resources/plugin.yml
+++ b/src/main/resources/plugin.yml
@@ -141,6 +141,7 @@ permissions:
             authme.player.seeotheraccounts: true
             authme.player.unregister: true
             authme.player.vip: true
+            authme.player.seeownaccounts: true
     authme.player.bypassantibot:
         description: Permission node to bypass AntiBot protection.
         default: false
@@ -186,3 +187,6 @@ permissions:
     authme.player.seeotheraccounts:
         description: Permission for user to see other accounts.
         default: false
+    authme.player.seeownaccounts:
+        description: Permission for user to see own other accounts.
+        default: false