diff --git a/Web/Presenters/UserPresenter.php b/Web/Presenters/UserPresenter.php
index 42bb4f1d..9cfa3654 100644
--- a/Web/Presenters/UserPresenter.php
+++ b/Web/Presenters/UserPresenter.php
@@ -334,11 +334,14 @@ final class UserPresenter extends OpenVKPresenter
         $post->setFlags($flags);
         $post->save();
         $post->attach($photo);
-
-        $this->returnJson([
-            "url" => $photo->getURL(),
-            "id" => $photo->getPrettyId()
-        ]);
+        if($this->postParam("ava", true) == (int)1) {
+            $this->returnJson([
+                "url" => $photo->getURL(),
+                "id" => $photo->getPrettyId()
+            ]);
+        } else {
+            $this->flashFail("succ", tr("photo_saved"), tr("photo_saved_comment"));
+        }
     }
     
     function renderSettings(): void
diff --git a/Web/Presenters/templates/Group/View.xml b/Web/Presenters/templates/Group/View.xml
index 15c03145..6cfca77b 100644
--- a/Web/Presenters/templates/Group/View.xml
+++ b/Web/Presenters/templates/Group/View.xml
@@ -98,17 +98,17 @@
     {var $avatarLink = ((is_null($avatarPhoto) ? FALSE : $avatarPhoto->isAnonymous()) ? "/photo" . ("s/" . base_convert((string) $avatarPhoto->getId(), 10, 32)) : $club->getAvatarLink())}
     <div class="avatar_block" style="position:relative;">
     {var $hasAvatar = !str_contains($club->getAvatarUrl('miniscule'), "/assets/packages/static/openvk/img/camera_200.png")}
-        {if $hasAvatar == false && $club->canBeModifiedBy($thisUser)}
-            <a href="javascript:addAvatarImage('{rawurlencode($csrfToken)}', true, {$club->getId()})" class="text_add_image">{_add_image_group}</a>
-        {elseif $hasAvatar == true && $club->canBeModifiedBy($thisUser)}
+        {if !is_null($thisUser) && $hasAvatar == false && $club->canBeModifiedBy($thisUser)}
+            <a href="javascript:addAvatarImage(true, {$club->getId()})" class="text_add_image">{_add_image_group}</a>
+        {elseif !is_null($thisUser) && $hasAvatar == true && $club->canBeModifiedBy($thisUser)}
             <div class="avatar_controls">
                 <div class="avatarDelete">
-                    <a id="upl" href="javascript:deleteAvatar('{$club->getAvatarPhoto()->getPrettyId()}', '{rawurlencode($csrfToken)}')"><img src="/assets/packages/static/openvk/img/delete.png"/></a>
+                    <a id="upl" href="javascript:deleteAvatar('{$club->getAvatarPhoto()->getPrettyId()}')"><img src="/assets/packages/static/openvk/img/delete.png"/></a>
                 </div>
                 <div class="avatar_variants">
                     <div class="variant">
                         <img src="/assets/packages/static/openvk/img/upload.png" style="margin-left:15px;height: 10px;">
-                        <a href="javascript:addAvatarImage('{rawurlencode($csrfToken)}', true, {$club->getId()})"><p>{_upload_new_picture}</p></a>
+                        <a href="javascript:addAvatarImage(true, {$club->getId()})"><p>{_upload_new_picture}</p></a>
                     </div>
                 </div>
             </div>
diff --git a/Web/Presenters/templates/User/View.xml b/Web/Presenters/templates/User/View.xml
index e0a24eca..e4d55e9e 100644
--- a/Web/Presenters/templates/User/View.xml
+++ b/Web/Presenters/templates/User/View.xml
@@ -71,17 +71,17 @@
     <div class="left_small_block">
         <div style="margin-left: auto;margin-right: auto;display: table;position:relative;" class="avatar_block" id="av">
             {var $hasAvatar = !str_contains($user->getAvatarUrl('miniscule'), "/assets/packages/static/openvk/img/camera_200.png")}
-            {if $hasAvatar == false && $user->getId() == $thisUser->getId()}
-                <a href="javascript:addAvatarImage('{rawurlencode($csrfToken)}', false)" class="text_add_image">{_add_image}</a>
-            {elseif $hasAvatar == true && $user->getId() == $thisUser->getId()}
+            {if !is_null($thisUser) && $hasAvatar == false && $user->getId() == $thisUser->getId()}
+                <a href="javascript:addAvatarImage(false)" class="text_add_image">{_add_image}</a>
+            {elseif !is_null($thisUser) && $user && $hasAvatar == true && $user->getId() == $thisUser->getId()}
                 <div class="avatar_controls">
                     <div class="avatarDelete">
-                        <a id="upl" href="javascript:deleteAvatar('{$user->getAvatarPhoto()->getPrettyId()}', '{rawurlencode($csrfToken)}')"><img src="/assets/packages/static/openvk/img/delete.png"/></a>
+                        <a id="upl" href="javascript:deleteAvatar('{$user->getAvatarPhoto()->getPrettyId()}')"><img src="/assets/packages/static/openvk/img/delete.png"/></a>
                     </div>
                     <div class="avatar_variants">
                         <div class="variant">
                             <img src="/assets/packages/static/openvk/img/upload.png" style="margin-left:15px;height: 10px;">
-                            <a href="javascript:addAvatarImage('{rawurlencode($csrfToken)}', false)"><p>{_upload_new_picture}</p></a>
+                            <a href="javascript:addAvatarImage(false)"><p>{_upload_new_picture}</p></a>
                         </div>
                     </div>
                 </div>
@@ -92,13 +92,6 @@
                      id="thisUserAvatar"
                      style="width: 100%; image-rendering: -webkit-optimize-contrast;" />
             </a>
-            <script>
-                window.addEventListener("load", event => {
-                {if $hasAvatar == false}
-                
-                {/if}
-                })
-            </script>
         </div>
         <div n:ifset="$thisUser" id="profile_links">
             {if $user->getId() == $thisUser->getId()}
diff --git a/Web/Presenters/templates/_includeCSS.xml b/Web/Presenters/templates/_includeCSS.xml
index 4f7780de..60409c27 100644
--- a/Web/Presenters/templates/_includeCSS.xml
+++ b/Web/Presenters/templates/_includeCSS.xml
@@ -9,6 +9,7 @@
             {css "css/bsdn.css"}
             {css "css/dialog.css"}
             {css "css/notifications.css"}
+            {css "css/avataredit.css"}
 
             {if $isXmas}
                 {css "css/xmas.css"}
@@ -25,6 +26,7 @@
         {css "css/bsdn.css"}
         {css "css/dialog.css"}
         {css "css/notifications.css"}
+        {css "css/avataredit.css"}
 
         {if $isXmas}
             {css "css/xmas.css"}
@@ -48,6 +50,7 @@
     {css "css/dialog.css"}
     {css "css/nsfw-posts.css"}
     {css "css/notifications.css"}
+    {css "css/avataredit.css"}
 
     {if $isXmas}
         {css "css/xmas.css"}
diff --git a/Web/static/js/openvk.cls.js b/Web/static/js/openvk.cls.js
index ebbdec76..8cb6ecb5 100644
--- a/Web/static/js/openvk.cls.js
+++ b/Web/static/js/openvk.cls.js
@@ -440,7 +440,7 @@ function escapeHtml(text) {
     return text.replace(/[&<>"']/g, function(m) { return map[m]; });
 }
 
-function addAvatarImage(hash, groupStrings = false, groupId = 0)
+function addAvatarImage(groupStrings = false, groupId = 0)
 {
     let inputname = groupStrings == true ? 'ava' : 'blob';
     let body = `
@@ -452,7 +452,6 @@ function addAvatarImage(hash, groupStrings = false, groupId = 0)
         <input accept="image/*" type="file" name="${inputname}" hidden id="${inputname}" style="display: none;" onchange="uploadAvatar(${groupStrings}, ${groupStrings == true ? groupId : null})">
         </label><br><br>
         <p>${tr('troubles_avatar')}</p>
-        <input type="hidden" value="${hash}">
     </div>
     `
     let msg = MessageBox(tr('uploading_new_image'), body, [
@@ -465,7 +464,7 @@ function addAvatarImage(hash, groupStrings = false, groupId = 0)
     msg.attr("style", "width: 600px;");
 }
 
-function uploadAvatar(group = false, group_id = 0, hash)
+function uploadAvatar(group = false, group_id = 0)
 {
     loader.style.display = "block";
     uploadbtn.setAttribute("hidden", "hidden")
@@ -473,6 +472,8 @@ function uploadAvatar(group = false, group_id = 0, hash)
     let formData = new FormData();
     let bloborava = group == false ? "blob" : "ava"
     formData.append(bloborava, document.getElementById(bloborava).files[0]);
+    formData.append("ava", 1)
+    formData.append("hash", u("meta[name=csrf]").attr("value"))
     xhr.open("POST", group == true ? "/club"+group_id+"/al_avatar" : "/al_avatars")
     xhr.onload = () => {
         let json = JSON.parse(xhr.responseText);
@@ -498,7 +499,7 @@ function uploadAvatar(group = false, group_id = 0, hash)
     xhr.send(formData)
 }
 
-function deleteAvatar(avatar, hash)
+function deleteAvatar(avatar)
 {
     let body = `
         <p>${tr("deleting_avatar_sure")}</p>
@@ -516,7 +517,7 @@ function deleteAvatar(avatar, hash)
                 location.reload()
             }
             xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
-            xhr.send("hash="+hash)
+            xhr.send("hash="+u("meta[name=csrf]").attr("value"))
         }),
         (function() {
             u("#tmpPhDelF").remove();