diff --git a/account.inc.php b/account.inc.php
index 7984207..c4cc72a 100644
--- a/account.inc.php
+++ b/account.inc.php
@@ -442,7 +442,7 @@ function account_remove_role($accounts_id, $roles_id, $conferences_id){
 // A function for handling updates of any fields that can be modified through an API call.
 // returns 'ok' on success, error message otherwise.
 function account_update_info($fields){
-	if(array_key_exists('accounts_id', $_SESSION)){
+	if($_SESSION['accounts_id']) {
 		$accounts_id = $_SESSION['accounts_id'];
 	}else{
 		return 'you must be logged in to change your account settings';
@@ -480,7 +480,17 @@ function account_update_info($fields){
 
 			case 'link_username_to_email':
 				if(in_array($value, array('yes', 'no'))){
-					$updates[$index] = $value;
+					if($value=='yes') {
+						//if its yes, we can only do it if username==email
+						if($fields['username']==$fields['email']) {
+							$updates[$index] = $value;
+						} else {
+							$message="username and email must match for link_username_toemail";
+						}
+					}
+					else {
+						$updates[$index] = $value;
+					}
 				}else{
 					$message = '"link_username_to_email" must be either a "yes" or "no" value';
 				}
diff --git a/api.php b/api.php
index 0d3720f..54f555d 100644
--- a/api.php
+++ b/api.php
@@ -287,6 +287,7 @@ switch($request[0]) {
 
 			/*	APIDOC: account/view
 				description(view account information for currently logged in account)
+				object(account: {id,username,link_username_to_email enum(no,yes),passwordset date,email,pendignemail,superuser enum(no,yes),deleted enum(no,yes),deleted_datetime datetime,created datetime})
 				return(account array)
 			*/
 			case 'view':
@@ -304,33 +305,27 @@ switch($request[0]) {
 			/*	APIDOC: account/edit
 				description(edits an account)
 				post(account array)
+				object(account: {id,username,password,link_username_to_email enum(no,yes),email})
 				return(account array)
 			*/
 			case 'edit':
 				if(isset($_SESSION['accounts_id'])) {
-
-					// grab the relevant keys from $_POST
-					$params = array();
-					foreach($_POST as $key => $value){
-						if(in_array($key, array('username', 'password', 'email', 'link_username_to_email'))){
-							$params[$key] = $_POST[$key];
-						}
-					}
-
-					if(count($params) > 0){
-						$result = account_update_info($params);
-						if($result == 'ok'){
-							$a = account_load($_SESSION['accounts_id']);
-							$ret['status'] = 'ok';
-							$ret['account'] = $a;
-						}else{
-							
+					$account=json_decode($_POST['account'],true);
+					if($account['id']!=$_SESSION['accounts_id']) {
 							$ret['status'] = "error";
-							$ret['error'] = $result;
-						}
+							$ret['error'] = "Account id mismatch"; 
+							break;
+					}
+					
+					$result = account_update_info($account);
+					if($result == 'ok'){
+						$a = account_load($_SESSION['accounts_id']);
+						$ret['status'] = 'ok';
+						$ret['account'] = $a;
 					}else{
+						
 						$ret['status'] = "error";
-						$ret['error'] = "No field values passed";
+						$ret['error'] = $result;
 					}
 
 				}else{