diff --git a/backend/application/api_functions.py b/backend/application/api_functions.py
index adc9f32..87c00de 100644
--- a/backend/application/api_functions.py
+++ b/backend/application/api_functions.py
@@ -6,6 +6,22 @@ from .users_model import Users, db
 from .logs_model import Logs
 
 
+def db_create_log(ip, action, message, has_succeeded, status_code, table=None, id_user=None):
+    log = Logs(
+        date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
+        ip=ip,
+        action=action,
+        message=message,
+        has_succeeded=has_succeeded,
+        status_code=status_code,
+        table=table,
+        id_user=id_user
+    )
+    db.session.add(log)
+    db.session.commit()
+    return log.json()
+
+
 def hash_password(salt, password):
     return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)
 
@@ -18,33 +34,27 @@ def db_login(ip, email, password):
     # Check User and Hash Pass
     if user and user.hash_pass == hash_password(user.salt, password):
         message = 'User authenticated.'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=user.id,
+        db_create_log(
             ip=ip,
-            table='users',
             action='login',
             message=message,
             has_succeeded=True,
-            status_code=0
+            status_code=0,
+            table='users',
+            id_user=user.id
         )
-        db.session.add(log)
-        db.session.commit()
         return {'status': 0, 'message': message, 'data': user.json()}
     else:
         message = f'Email or password invalid'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=None,
+        db_create_log(
             ip=ip,
-            table='users',
             action='login',
             message=message,
             has_succeeded=False,
-            status_code=2
+            status_code=1,
+            table='users',
+            id_user=None
         )
-        db.session.add(log)
-        db.session.commit()
         return {'status': 1, 'message': message}  # Email or password invalid
 
 
@@ -54,18 +64,15 @@ def db_register(ip, email, nickname, password, is_admin):
     ).first()
     if user:
         message = f'{email} already exist.'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=None,
+        db_create_log(
             ip=ip,
-            table='users',
             action='register',
             message=message,
             has_succeeded=False,
-            status_code=1
+            status_code=1,
+            table='users',
+            id_user=None
         )
-        db.session.add(log)
-        db.session.commit()
         return {'status': 1, 'message': message}  # User already exist
 
     # Salt Hash Pass with SHA256
@@ -96,19 +103,74 @@ def db_register(ip, email, nickname, password, is_admin):
         has_succeeded = False
         status_code = 1
 
-    log = Logs(
-        date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-        id_user=id_user,
+    db_create_log(
         ip=ip,
-        table='users',
         action='register',
         message=message,
         has_succeeded=has_succeeded,
-        status_code=status_code
+        status_code=status_code,
+        table='users',
+        id_user=id_user
     )
-    db.session.add(log)
-    db.session.commit()
     if status_code == 0:
         return {'status': 0, 'message': message, 'data': user.json()}
     elif status_code == 1:
         return {'status': 1, 'message': message}
+
+
+def db_user_update(ip, user_id, nickname, password):
+    user = Users.query.filter(
+        Users.id == user_id
+    ).first()
+    if user:
+        has_succeeded = False
+        status_code = 2
+        if nickname and password:
+            # Salt Hash Pass with SHA256
+            salt = os.urandom(32)
+            hash_pass = hash_password(salt, password)
+            Users.query.filter(Users.id == user_id).update({'nickname': nickname, 'hash_pass': hash_pass, 'salt': salt})
+            db.session.commit()
+            message = 'User nickname and password updated.'
+            has_succeeded = True
+            status_code = 0
+        elif nickname:
+            Users.query.filter(Users.id == user_id).update({'nickname': nickname})
+            db.session.commit()
+            message = 'User nickname updated.'
+            has_succeeded = True
+            status_code = 0
+        elif password:
+            # Salt Hash Pass with SHA256
+            salt = os.urandom(32)
+            hash_pass = hash_password(salt, password)
+            Users.query.filter(Users.id == user_id).update({'hash_pass': hash_pass, 'salt': salt})
+            db.session.commit()
+            message = 'User password updated.'
+            has_succeeded = True
+            status_code = 0
+        else:
+            message = 'Only nickname and/or password can be changed.'
+
+        db_create_log(
+            ip=ip,
+            action='user_update',
+            message=message,
+            has_succeeded=has_succeeded,
+            status_code=status_code,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': status_code, 'message': message, 'data': user.json()}
+    else:
+        message = 'User do not exist.'
+        db_create_log(
+            ip=ip,
+            action='user_update',
+            message=message,
+            has_succeeded=False,
+            status_code=1,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': 1, 'message': message}
diff --git a/backend/application/routes.py b/backend/application/routes.py
index 3310e03..cda0d21 100644
--- a/backend/application/routes.py
+++ b/backend/application/routes.py
@@ -1,7 +1,7 @@
 from flask import current_app as app
 from flask import request
 from .responses import send_message, send_error
-from .api_functions import db_login, db_register
+from .api_functions import db_login, db_register, db_user_update, db_create_log
 from .sessionJWT import create_auth_token, check_auth_token
 
 
@@ -53,16 +53,53 @@ def register():
 def logout():
     token = check_auth_token(request)
     if token['success']:
-        return send_message('User disconnected.', None, token_delete=True)
+        ip = request.remote_addr
+        message = 'User disconnected.'
+        db_create_log(
+            ip=ip,
+            action='logout',
+            message=message,
+            has_succeeded=True,
+            status_code=0,
+            table='users',
+            id_user=token['payload']['id']
+        )
+        return send_message(message, None, token_delete=True)
     else:
         return send_error(500, token['message'])
 
 
-# Update User
+# Update User (Nickname, Password)
 @app.route('/api/user/update', methods=['PUT'])
 def user_update():
     token = check_auth_token(request)
-    return send_message('User.update not implemented', None)
+    if token['success']:
+        post_json = request.json
+        post_nickname = None
+        post_password = None
+        fields = ''
+        if 'nickname' in post_json:
+            post_nickname = str(post_json['nickname'])
+        else:
+            fields += 'nickname'
+
+        if 'password' in post_json:
+            post_password = str(post_json['password'])
+        else:
+            fields += ', password'
+
+        if post_nickname is not None or post_password is not None:
+            ip = request.remote_addr
+            user_id = token['payload']['id']
+            res = db_user_update(ip, user_id, post_nickname, post_password)
+            if res['status'] == 1:
+                return send_error(500, res['message'])
+            elif res['status'] == 0:
+                return send_message(res['message'], res['data'])
+        else:
+            return send_error(400, 'POST Request Error : Need ' + fields + ' field.')
+    else:
+        return send_error(500, token['message'])
 
 
 # Delete User