diff --git a/backend/include/bs-utility.h b/backend/include/bs-utility.h
index f093bd4..6acecca 100644
--- a/backend/include/bs-utility.h
+++ b/backend/include/bs-utility.h
@@ -116,13 +116,13 @@ void Respond(BlockingStringStream *output_ptr, std::string SessionToken,
 
 class UserItemClass {
  public:
-  char user_id[31], password[31], user_name[31];
+  char user_id[35], password[35], user_name[35];
   unsigned char privilege;
 };
 
 class BookItemClass {
  public:
-  char ISBN[21], name[61], author[61], keyword[61];
+  char ISBN[25], name[65], author[65], keyword[65];
   double price;
   int quantity_remain;
   int bid;
diff --git a/backend/src/engine.cpp b/backend/src/engine.cpp
index 4e7e43c..e4152d3 100644
--- a/backend/src/engine.cpp
+++ b/backend/src/engine.cpp
@@ -103,9 +103,11 @@ std::vector<std::string> BookStoreEngineClass::Execute(
       return ExecuteBuy(cmd, login_stack);
     }
     case OperationType::__Kreport: {
+      // return std::vector<std::string>({"Invalid"});
       return ExecuteReport(cmd, login_stack);
     }
     case OperationType::__Klog: {
+      // return std::vector<std::string>({"Invalid"});
       return ExecuteLog(cmd, login_stack);
     }
   }
@@ -120,11 +122,14 @@ std::vector<std::string> BookStoreEngineClass::ExecuteSu(
   if (!CommandSuLexer(cmd, user_id, password))
     return std::vector<std::string>({"Invalid"});
   // debugPrint("su", user_id, " ", password);
+  if (user_data_base.GetPrevilege(user_id) == -1)
+    return std::vector<std::string>({"Invalid"});
   if (login_stack.size() > 0 &&
-      user_data_base.GetPrevilege(login_stack.top().first) == 7) {
-    // debugPrint("has root previlege");
-    if (user_data_base.GetPrevilege(user_id) == -1)
+      user_data_base.GetPrevilege(login_stack.top().first) >
+          user_data_base.GetPrevilege(user_id)) {
+    if (password != "" && !user_data_base.PAM(user_id, password))
       return std::vector<std::string>({"Invalid"});
+    // debugPrint("has root previlege");
     login_stack.push(std::make_pair(user_id, 0));
     login_count[user_id]++;
     return std::vector<std::string>();
@@ -156,7 +161,7 @@ std::vector<std::string> BookStoreEngineClass::ExecuteRegister(
   std::string user_id, password, user_name;
   if (!CommandRegisterLexer(cmd, user_id, password, user_name))
     return std::vector<std::string>({"Invalid"});
-  if (user_data_base.GetPrevilege(cmd) != -1)
+  if (user_data_base.GetPrevilege(user_id) != -1)
     return std::vector<std::string>({"Invalid"});
   user_data_base.AddUser(user_id, password, user_name, 1);
   return std::vector<std::string>();
diff --git a/backend/src/lexer.cpp b/backend/src/lexer.cpp
index cab8ca1..ce7021c 100644
--- a/backend/src/lexer.cpp
+++ b/backend/src/lexer.cpp
@@ -157,8 +157,7 @@ bool CommandUseraddLexer(const std::string &command, std::string &user_id,
     ss >> password;
     ss >> privilege;
     ss >> username;
-    if (privilege != 0 && privilege != 1 && privilege != 3 && privilege != 7)
-      return false;
+    if (privilege != 1 && privilege != 3 && privilege != 7) return false;
     return true;
   } else
     return false;
@@ -212,7 +211,7 @@ bool CommandShowLexer(const std::string &command, std::string &ISBN,
                       std::string &name, std::string &author,
                       std::string &keyword) {
   static std::basic_regex main_pattern(
-      R"(^ *show(?: +-ISBN=(?:\S{1,20})| +-name=\"(?:[^\s"]{1,60})\"| +-author=\"(?:[^\s"]{1,60})\"| +-keyword=\"(?:[^\s"]{1,60})\")* *$)",
+      R"(^ *show(?: +-ISBN=(?:\S{1,20})| +-name=\"(?:[^\s"]{1,60})\"| +-author=\"(?:[^\s"]{1,60})\"| +-keyword=\"(?:[^\s"]{1,60})\")? *$)",
       std::regex_constants::optimize);
 
   bool has_ISBN = false;
@@ -337,7 +336,7 @@ bool CommandModifyLexer(const std::string &command, std::string &ISBN,
                         std::string &name, std::string &author,
                         std::string &keyword, double &price) {
   static std::basic_regex main_pattern(
-      R"(^ *modify(?: +-ISBN=(?:\S{1,20})| +-name=\"(?:[^\s"]{1,60})\"| +-author=\"(?:[^\s"]{1,60})\"| +-keyword=\"(?:[^\s"]{1,60})\"| +-price=[0-9]{1,10}(?:\.[0-9]{1,2})?)+ *$)",
+      R"(^ *modify(?: +-ISBN=(?:\S{1,20})| +-name=\"(?:[^\s"]{1,60})\"| +-author=\"(?:[^\s"]{1,60})\"| +-keyword=\"(?:[^\s"]{1,60})\"| +-price=[0-9]{1,10}(?:\.[0-9]+)?)+ *$)",
       std::regex_constants::optimize);
   if (std::regex_match(command, main_pattern)) {
     std::stringstream ss(command);
@@ -385,7 +384,7 @@ bool CommandModifyLexer(const std::string &command, std::string &ISBN,
 bool CommandImportLexer(const std::string &command, int &quantity,
                         double &total_cost) {
   static std::basic_regex main_pattern(
-      R"(^ *import +[0-9]{1,10} +[0-9]{1,10}(?:\.[0-9]{1,2})? *$)",
+      R"(^ *import +[0-9]{1,10} +[0-9]{1,10}(?:\.[0-9]+)? *$)",
       std::regex_constants::optimize);
   if (std::regex_match(command, main_pattern)) {
     std::stringstream ss(command);