diff --git a/index.js b/index.js
index 8195515..2eb18ce 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,6 @@
 var fs = require('fs');
 var url = require('url');
+var mqtt = require('mqtt');
 var http = require('http');
 var https = require('https');
 var flash = require('connect-flash');
@@ -19,6 +20,25 @@ var port = (process.env.VCAP_APP_PORT || process.env.PORT ||3000);
 var host = (process.env.VCAP_APP_HOST || '0.0.0.0');
 var mongo_url = (process.env.MONGO_URL || 'mongodb://localhost/users');
 
+var mqtt_url = (process.env.MQTT_URL || 'mqtt://localhost:1883');
+var mqtt_user = (process.env.MQTT_USER || undefined);
+var mqtt_password = (process.env.MQTT_PASSWORD || undefined);
+console.log(mqtt_url);
+
+var mqttOptions = {
+	keepAlive: 10,
+	clean: true,
+	clientId: 'webApp_' + Math.random().toString(16).substr(2, 8)
+};
+
+if (mqtt_user) {
+	mqttOptions.username = mqtt_user;
+	mqttOptions.password = mqtt_password;
+}
+
+var mqttClient = mqtt.connect(mqtt_url, mqttOptions);
+
+
 if (process.env.VCAP_SERVICES) {
 	var services = JSON.parse(process.env.VCAP_SERVICES);
 
@@ -101,7 +121,7 @@ var accessTokenStrategy = new PassportOAuthBearer(function(token, done) {
 	oauthModels.AccessToken.findOne({ token: token }).populate('user').populate('grant').exec(function(error, token) {
 		if (token && token.active && token.grant.active && token.user) {
 			done(null, token.user, { scope: token.scope });
-		} else if (!error) {p
+		} else if (!error) {
 			done(null, false);
 		} else {
 			done(error);
@@ -289,6 +309,14 @@ app.post('/api/v1/command',
 	function(req,res,next){
 		console.log(req.user.username);
 		console.log(req.body);
+		var topic = req.user.username + "/" + req.body.payload.appliance.applianceId;
+		var message = JSON.stringify(req.body);
+		try{
+			mqttClient.publish(topic,message);
+		} catch (err) {
+
+		}
+		res.status(200).send();
 	}
 );
 
diff --git a/models/oauth.js b/models/oauth.js
index 9785c33..795b126 100644
--- a/models/oauth.js
+++ b/models/oauth.js
@@ -18,7 +18,7 @@ var GrantCodeSchema = new Schema({
 			return uid(24);
 		}
 	},
-	user: { type: Schema.Types.ObjectId, ref: 'User' },
+	user: { type: Schema.Types.ObjectId, ref: 'Account' },
 	application: { type: Schema.Types.ObjectId, ref: 'Application' },
 	scope: [ { type: String } ],
 	active: { type: Boolean, default: true }
@@ -29,7 +29,7 @@ var AccessTokenSchema = new Schema({
 			return uid(124);
 		}
 	},
-	user: { type: Schema.Types.ObjectId, ref: 'User' },
+	user: { type: Schema.Types.ObjectId, ref: 'Account' },
 	application: { type: Schema.Types.ObjectId, ref: 'Application' },
 	grant: { type: Schema.Types.ObjectId, ref: 'GrantCode' },
 	scope: [ { type: String }],
diff --git a/package.json b/package.json
index 65e94fc..58e4dfd 100644
--- a/package.json
+++ b/package.json
@@ -24,6 +24,7 @@
     "mongoose": "^4.6.5",
     "mongoose-sequence": "^3.1.0",
     "morgan": "^1.7.0",
+    "mqtt": "^2.0.1",
     "oauth2orize": "^1.5.1",
     "passport": "^0.3.2",
     "passport-http-bearer": "^1.0.1",
diff --git a/views/pages/register.ejs b/views/pages/register.ejs
index ddcf8f0..0f4e2b2 100644
--- a/views/pages/register.ejs
+++ b/views/pages/register.ejs
@@ -2,8 +2,8 @@
   <div class="container main-content">
     <div id="register">
       <label style="width: 75px" for="username">Username:</label>
-      <input type="text" id="username"/>
-      <span>(can contain any utf-8 chars except /, + or #)</span>
+      <input type="text" onchange="validate()" id="username"/>
+      <span>(can contain any utf-8 chars except /, + or # and must not start with $)</span>
       <br>
       <label style="width: 75px" for="email">Email:</label>
       <input type="email" id="email"/>
@@ -45,6 +45,16 @@
       		
       		xhr.send(params);
       	};
+
+        function validate() {
+          var data = $('#username').val();
+          console.log(data);
+          if (data.indexOf('/') > 0 || data.indexOf('#') > 0 || data.indexOf('+') > 0) {
+            alert("invalid username");
+          } else if (data.indexOf('$') == 0) {
+            alert("invalid username");
+          }
+        }
       </script>
     </div>
   </div>