diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -52,7 +52,7 @@
       redirect_to :controller => 'main', :action => 'login'
       return
     end
-    @user = User.new(params[:user])
+    @user = User.new(user_params)
     @user.password_confirmation = @user.password = User.random_password
     @user.activated = false
     if (@user.valid?) and (@user.save)
@@ -109,9 +109,10 @@
     redirect_to :action => 'forget'
   end
 
-  def profile
+  def stat
     @user = User.find(params[:id])
-    @submission = Submission.includes(:problem).where(user_id: params[:id])
+    @submission = Submission.joins(:problem).where(user_id: params[:id])
+    @submission = @submission.where('problems.available = true') unless current_user.admin?
 
     range = 120
     @histogram = { data: Array.new(range,0), summary: {} }
@@ -209,6 +210,10 @@
     #finally, we allow only admin
     admin_authorization
   end
-  
+
+  private
+    def user_params
+      params.require(:user).permit(:login, :full_name, :email)
+    end
 
 end