diff --git a/auth.sh b/auth.sh
index 81f8f08..adada83 100644
--- a/auth.sh
+++ b/auth.sh
@@ -1,5 +1,13 @@
 #!/usr/bin/env sh
 
+PATH=$PATH:/usr/local/bin
 set -e
+auth_usr=$(head -1 $1)
+auth_passwd=$(tail -1 $1)
 
-openvpn-user auth --user $(head -1 $1) --password $(tail -1 $1)
+if [ $common_name = ${auth_usr} ]; then
+  openvpn-user auth --user ${auth_usr} --password ${auth_passwd}
+else
+  echo "Authorization failed"
+  exit 1
+fi
\ No newline at end of file
diff --git a/openvpn-user.go b/openvpn-user.go
index 1bd759a..ce3013e 100644
--- a/openvpn-user.go
+++ b/openvpn-user.go
@@ -10,11 +10,15 @@ import (
 	"text/tabwriter"
 )
 
+const (
+	version = "1.0.3-alpha"
+)
+
 var (
 	dbPath = kingpin.Flag("db.path", "path do openvpn-user db").Default("./openvpn-user.db").String()
 
-	dbInitCommand   = kingpin.Command("db-init", "Init db.")
-	dbMigrateCommand   = kingpin.Command("db-migrate", "STUB: Migrate db.")
+	dbInitCommand    = kingpin.Command("db-init", "Init db.")
+	dbMigrateCommand = kingpin.Command("db-migrate", "STUB: Migrate db.")
 
 	createCommand             = kingpin.Command("create", "Create user.")
 	createCommandUserFlag     = createCommand.Flag("user", "Username.").Required().String()
@@ -32,8 +36,8 @@ var (
 	listCommand = kingpin.Command("list", "List active users.")
 	listAll     = listCommand.Flag("all", "Show all users include revoked and deleted.").Default("false").Bool()
 
-	checkCommand             = kingpin.Command("check", "check user existent.")
-	checkCommandUserFlag     = checkCommand.Flag("user", "Username.").Required().String()
+	checkCommand         = kingpin.Command("check", "check user existent.")
+	checkCommandUserFlag = checkCommand.Flag("user", "Username.").Required().String()
 
 	authCommand             = kingpin.Command("auth", "Auth user.")
 	authCommandUserFlag     = authCommand.Flag("user", "Username.").Required().String()
@@ -43,17 +47,17 @@ var (
 	changePasswordCommandUserFlag     = changePasswordCommand.Flag("user", "Username.").Required().String()
 	changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String()
 
-	//debug   = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
-	//verbose = kingpin.Flag("verbose", "Enable verbose mode.").Default("false").Bool()
+	debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
 
+	versionCommand = kingpin.Command("version", "Show version.")
 )
 
 type User struct {
 	id       int64
 	name     string
 	password string
-	revoked   bool
-	deleted   bool
+	revoked  bool
+	deleted  bool
 }
 
 func main() {
@@ -79,8 +83,13 @@ func main() {
 		initDb()
 	case dbMigrateCommand.FullCommand():
 		migrateDb()
+	case versionCommand.FullCommand():
+		showVersion()
 	}
 }
+func showVersion() {
+	fmt.Printf("openvpn-user: version %s n", version)
+}
 
 func getDb() *sql.DB {
 	db, err := sql.Open("sqlite3", *dbPath)
@@ -108,42 +117,97 @@ func createUser(username, password string) {
 		_, err := getDb().Exec("INSERT INTO users(username, password) VALUES ($1, $2)", username, string(hash))
 		checkErr(err)
 		fmt.Printf("User %s created\n", username)
+	} else {
+		fmt.Printf("ERROR: User %s already registered\n", username)
+		os.Exit(1)
 	}
+
 }
 
 func deleteUser(username string) {
-	_, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
+	res, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
 	checkErr(err)
-	fmt.Printf("User %s deleted\n", username)
+	if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
+		if rowsAffected == 1 {
+			fmt.Printf("User %s deleted\n", username)
+		}
+	} else {
+		if *debug {
+			fmt.Printf("ERROR: due deleting user %s: %s\n", username, rowsErr)
+		}
+	}
 }
 
 func revokedUser(username string) {
-	// TODO: ignore deleted user
-	_, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
-	checkErr(err)
-	fmt.Printf("User %s revoked\n", username)
+	if !userDeleted(username) {
+		res, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
+		checkErr(err)
+		if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
+			if rowsAffected == 1 {
+				fmt.Printf("User %s revoked\n", username)
+			}
+		} else {
+			if *debug {
+				fmt.Printf("ERROR: due reoking user %s: %s\n", username, rowsErr)
+			}
+		}
+	}
 }
 
 func restoreUser(username string) {
-	// TODO: ignore deleted user
-	_, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
-	checkErr(err)
-	fmt.Printf("User %s restored\n", username)
+	if !userDeleted(username) {
+		res, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
+		checkErr(err)
+		if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
+			if rowsAffected == 1 {
+				fmt.Printf("User %s restored\n", username)
+			}
+		} else {
+			if *debug {
+				fmt.Printf("ERROR: due restoring user %s: %s\n", username, rowsErr)
+			}
+		}
+	}
 }
 
 func checkUserExistent(username string) bool {
 	// we need to check if there is already such a user
- 	// return true if user exist
+	// return true if user exist
 	var c int
 	_ = getDb().QueryRow("SELECT count(*) FROM users WHERE username = $1", username).Scan(&c)
-	if c == 1  {
-		fmt.Printf("WARNING: User %s already registered\n", username)
+	if c == 1 {
+		fmt.Printf("User %s exist\n", username)
 		return true
 	} else {
 		return false
 	}
 }
 
+func userDeleted(username string) bool {
+	// return true if user marked as deleted
+	u := User{}
+	_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
+	if u.deleted  {
+		fmt.Printf("User %s marked as deleted\n", username)
+		return true
+	} else {
+		return false
+	}
+}
+
+func userIsActive(username string) bool {
+	// return true if user exist and not deleted and revoked
+	u := User{}
+	_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
+	if  !u.revoked && !u.deleted  {
+		fmt.Printf("User %s is active\n", username)
+		return true
+	} else {
+		fmt.Println("User may be deleted or revoked")
+		return false
+	}
+}
+
 func listUsers() []User {
 	condition := "WHERE deleted = 0 AND revoked = 0"
 	var users []User
@@ -189,20 +253,23 @@ func changeUserPassword(username, password string) {
 	fmt.Println("Password changed")
 }
 
-func authUser(username, password string)  {
+func authUser(username, password string) {
 
 	row := getDb().QueryRow("select * from users where username = $1", username)
 	u := User{}
 	err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted)
 	checkErr(err)
 
-	if ! u.revoked && ! u.deleted {
+	if userIsActive(username) {
 		err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))
 		if err != nil {
-			fmt.Println("Passwords mismatched")
+			fmt.Println("Authorization failed")
+			if *debug {
+				fmt.Println("Passwords mismatched")
+			}
 			os.Exit(1)
 		} else {
-			fmt.Println("Auth successful")
+			fmt.Println("Authorization successful")
 			os.Exit(0)
 		}
 	}