projects / kivitendo-erp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Umstellung der Benutzereinstellungen auf getabbtes Layout: Eine Übersetzung vergessen.
[kivitendo-erp.git] / bin / mozilla / am.pl
diff --git a/bin/mozilla/am.pl b/bin/mozilla/am.pl
index 1372438..51f8f69 100644 (file)
--- a/bin/mozilla/am.pl
+++ b/bin/mozilla/am.pl
@@ -31,6 +31,7 @@
 #
 #======================================================================
 
+use SL::Auth;
 use SL::AM;
 use SL::CA;
 use SL::Form;
@@ -57,13 +58,13 @@ sub continue { call_sub($form->{"nextsub"}); }
 sub add_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}     = "Add";
   $form->{charttype} = "A";
   AM->get_account(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_account&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=list_account" unless $form->{callback};
 
   &account_header;
   &form_footer;
@@ -74,6 +75,8 @@ sub add_account {
 sub edit_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
   AM->get_account(\%myconfig, \%$form);
 
@@ -90,6 +93,8 @@ sub edit_account {
 sub account_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   if ( $form->{action} eq 'edit_account') {
     $form->{account_exists} = '1';
   } 
@@ -348,12 +353,11 @@ sub account_header {
 sub form_footer {
   $lxdebug->enter_sub();
 
-  print qq|
+  $auth->assert('config');
 
-<input name=callback type=hidden value="$form->{callback}">
+  print qq|
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
+<input name=callback type=hidden value="| . H($form->{callback}) . qq|">
 
 <br>|;
   if ((!$form->{id}) || ($form->{id} && $form->{orphaned}) || (($form->{type} eq "account") && (!$form->{new_chart_valid}))) {
@@ -381,6 +385,8 @@ sub form_footer {
 sub save_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("accno",       $locale->text('Account Number missing!'));
   $form->isblank("description", $locale->text('Account Description missing!'));
   
@@ -398,18 +404,12 @@ sub save_account {
 sub list_account {
   $lxdebug->enter_sub();
 
-  CA->all_accounts(\%myconfig, \%$form);
+  $auth->assert('config');
 
-  $form->{title} = $locale->text('Chart of Accounts');
+  $form->{callback}     = build_std_url('action=list_account');
+  my $link_edit_account = build_std_url('action=edit_account', 'callback');
 
-  # construct callback
-  $callback =
-    "$form->{script}?action=list_account&login=$form->{login}&password=$form->{password}";
-
-
-
-  # escape callback
-  $callback = $form->escape($callback);
+  CA->all_accounts(\%myconfig, \%$form);
 
   foreach $ca (@{ $form->{CA} }) {
 
@@ -423,19 +423,11 @@ sub list_account {
       $ca->{debit} = $form->format_amount(\%myconfig, -1 * $ca->{amount}, 2);
     }
     $ca->{heading}   = ( $ca->{charttype} eq 'H' ) ? 1:''; 
-    $ca->{link_edit_account} = 
-        qq|$form->{script}?action=edit_account&id=$ca->{id}|
-       .qq|&login=$form->{login}|
-       .qq|&password=$form->{password}&callback=$callback|;
+    $ca->{link_edit_account} = $link_edit_account . '&id=' . E($ca->{id});
   }
   
   # Ajax 
-  my $list_account_details_url = 
-              "$form->{script}?login=$form->{login}"
-             ."&password=$form->{password}&action=list_account_details&";
-  
-  
-  my $pjx = new CGI::Ajax('list_account_details' => $list_account_details_url);
+  my $pjx = new CGI::Ajax('list_account_details' => build_std_url('action=list_account_details'));
 
   # Eneable AJAX debuging
   #$pjx->DEBUG(1);
@@ -444,6 +436,7 @@ sub list_account {
   push(@ { $form->{AJAX} }, $pjx);
 
   $form->{stylesheets} = "list_accounts.css";
+  $form->{title}       = $locale->text('Chart of Accounts');
 
   $form->header;
   
@@ -453,7 +446,7 @@ sub list_account {
   };
   
   # Ausgabe des Templates
-  print($form->parse_html_template2('am/list_accounts', $parameters_ref));
+  print($form->parse_html_template('am/list_accounts', $parameters_ref));
   
   $lxdebug->leave_sub();
 
@@ -461,23 +454,14 @@ sub list_account {
 
 
 sub list_account_details {
-# Ajax Funktion aus list_account_details  
+# Ajax Funktion aus list_account_details
   $lxdebug->enter_sub();
 
-  my $chart_id = $form->{args};
-  
-  CA->all_accounts(\%myconfig, \%$form, $chart_id);
-
-  $form->{title} = $locale->text('Chart of Accounts');
+  $auth->assert('config');
 
-  # construct callback
-  $callback =
-    "$form->{script}?action=list_account&login=$form->{login}&password=$form->{password}";
-
-  $form->header;
+  my $chart_id = $form->{args};
 
-  # escape callback
-  $callback = $form->escape($callback);
+  CA->all_accounts(\%myconfig, \%$form, $chart_id);
 
   foreach $ca (@{ $form->{CA} }) {
 
@@ -494,11 +478,11 @@ sub list_account_details {
     }
 
     my @links = split( q{:}, $ca->{link});
-    
+
     $ca->{link} = q{};
-    
+
     foreach my $link (@links){
-      $link = ( $link eq 'AR')             ? $locale->text('Account Link AR')
+      $link =    ( $link eq 'AR')             ? $locale->text('Account Link AR')
                : ( $link eq 'AP')             ? $locale->text('Account Link AP')
                : ( $link eq 'IC')             ? $locale->text('Account Link IC')
                : ( $link eq 'AR_amount' )     ? $locale->text('Account Link AR_amount')
@@ -515,16 +499,8 @@ sub list_account_details {
                : ( $link eq 'IC_taxservice' ) ? $locale->text('Account Link IC_taxservice')
 #               : ( $link eq 'CT_tax' )        ? $locale->text('Account Link CT_tax')
                : $locale->text('Unknown Link') . ': ' . $link;
-      
       $ca->{link} .= ($link ne '') ?  "[$link] ":'';
     }
-    
-    $ca->{startdate}      =~ s/,/<br>/og;
-    $ca->{tk_ustva}       =~ s/,/<br>/og;
-    $ca->{taxkey}         =~ s/,/<br>/og;
-    $ca->{taxaccount}     =~ s/,/<br>/og;
-    $ca->{taxdescription} =~ s/,/<br>/og;
-    $ca->{datevautomatik} = ($ca->{datevautomatik}) ? $locale->text('On'):$locale->text('Off');
 
     $ca->{category} = ($ca->{category} eq 'A') ? $locale->text('Account Category A')
                     : ($ca->{category} eq 'E') ? $locale->text('Account Category E')
@@ -534,29 +510,13 @@ sub list_account_details {
                     : ($ca->{category} eq 'C') ? $locale->text('Account Category C')
                     : ($ca->{category} eq 'G') ? $locale->text('Account Category G')
                     : $locale->text('Unknown Category') . ': ' . $ca->{category};
-
-    $ca->{link_edit_account} = 
-        qq|$form->{script}?action=edit_account&id=$ca->{id}|
-       .qq|&login=$form->{login}|
-       .qq|&password=$form->{password}&callback=$callback|;
   }
 
+  $form->{title} = $locale->text('Chart of Accounts');
+  $form->header();
 
+  print $form->parse_html_template('am/list_account_details');
 
-
-  my $parameters_ref = {
-  
-  
-  #   hidden_variables                => $_hidden_variables_ref,
-  };
-  
-  # Ausgabe des Templates
-  #my $q = CGI->new();
-  my $result = $form->parse_html_template('am/list_account_details', $parameters_ref);
-  
-  print $result;
-#  print "chart_id:$chart_id, form->chartid:$form->{chart_id}, rest=$rest";
-      
   $lxdebug->leave_sub();
 
 }
@@ -564,6 +524,8 @@ sub list_account_details {
 sub delete_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text('Delete Account');
 
   foreach $id (
@@ -584,12 +546,12 @@ sub delete_account {
 sub add_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
   $form->{role}  = "P";
 
-  $form->{callback} =
-    "$form->{script}?action=add_department&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_department" unless $form->{callback};
 
   &department_header;
   &form_footer;
@@ -600,6 +562,8 @@ sub add_department {
 sub edit_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_department(\%myconfig, \%$form);
@@ -613,10 +577,11 @@ sub edit_department {
 sub list_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->departments(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_department&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_department";
 
   $callback = $form->escape($form->{callback});
 
@@ -672,7 +637,7 @@ sub list_department {
     $profitcenter = ($ref->{role} eq "P") ? "X" : "";
 
     $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_department&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{description}</td>|;
+      qq|<td><a href="am.pl?action=edit_department&id=$ref->{id}&callback=$callback">$ref->{description}</td>|;
     $column_data{cost}   = qq|<td align=center>$costcenter</td>|;
     $column_data{profit} = qq|<td align=center>$profitcenter</td>|;
 
@@ -693,15 +658,12 @@ sub list_department {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=department>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -717,6 +679,8 @@ sub list_department {
 sub department_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text("$form->{title} Department");
 
   # $locale->text('Add Department')
@@ -740,7 +704,7 @@ sub department_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=department>
@@ -773,6 +737,8 @@ sub department_header {
 sub save_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   AM->save_department(\%myconfig, \%$form);
   $form->redirect($locale->text('Department saved!'));
@@ -783,6 +749,8 @@ sub save_department {
 sub delete_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_department(\%myconfig, \%$form);
   $form->redirect($locale->text('Department deleted!'));
 
@@ -792,11 +760,11 @@ sub delete_department {
 sub add_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_lead&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_lead" unless $form->{callback};
 
   &lead_header;
   &form_footer;
@@ -807,6 +775,8 @@ sub add_lead {
 sub edit_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_lead(\%myconfig, \%$form);
@@ -822,10 +792,11 @@ sub edit_lead {
 sub list_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->lead(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_lead&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_lead";
 
   $callback = $form->escape($form->{callback});
 
@@ -868,8 +839,7 @@ sub list_lead {
 
        $lead = $ref->{lead};
        
-    $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_lead&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{lead}</td>|;
+    $column_data{description} = qq|<td><a href="am.pl?action=edit_lead&id=$ref->{id}&callback=$callback">$ref->{lead}</td>|;
 
     map { print "$column_data{$_}\n" } @column_index;
 
@@ -885,15 +855,12 @@ sub list_lead {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=lead>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -909,6 +876,8 @@ sub list_lead {
 sub lead_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text("$form->{title} Lead");
 
   # $locale->text('Add Lead')
@@ -924,7 +893,7 @@ sub lead_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=lead>
@@ -949,6 +918,8 @@ sub lead_header {
 sub save_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   AM->save_lead(\%myconfig, \%$form);
   $form->redirect($locale->text('lead saved!'));
@@ -959,6 +930,8 @@ sub save_lead {
 sub delete_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_lead(\%myconfig, \%$form);
   $form->redirect($locale->text('lead deleted!'));
 
@@ -968,11 +941,11 @@ sub delete_lead {
 sub add_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_business&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_business" unless $form->{callback};
 
   &business_header;
   &form_footer;
@@ -998,10 +971,11 @@ sub edit_business {
 sub list_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->business(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_business&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_business";
 
   $callback = $form->escape($form->{callback});
 
@@ -1057,8 +1031,7 @@ sub list_business {
       $form->format_amount(\%myconfig, $ref->{discount} * 100);
     $description =
       $ref->{description};
-    $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_business&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$description</td>|;
+    $column_data{description} = qq|<td><a href="am.pl?action=edit_business&id=$ref->{id}&callback=$callback">$description</td>|;
     $column_data{discount}           = qq|<td align=right>$discount</td>|;
     $column_data{customernumberinit} =
       qq|<td align=right>$ref->{customernumberinit}</td>|;
@@ -1080,15 +1053,12 @@ sub list_business {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=business>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1104,6 +1074,8 @@ sub list_business {
 sub business_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Business");
 
   # $locale->text('Add Business')
@@ -1118,7 +1090,7 @@ sub business_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=business>
@@ -1151,6 +1123,8 @@ sub business_header {
 sub save_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   $form->{discount} = $form->parse_amount(\%myconfig, $form->{discount}) / 100;
   AM->save_business(\%myconfig, \%$form);
@@ -1162,6 +1136,8 @@ sub save_business {
 sub delete_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_business(\%myconfig, \%$form);
   $form->redirect($locale->text('Business deleted!'));
 
@@ -1171,11 +1147,11 @@ sub delete_business {
 sub add_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_language&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_language" unless $form->{callback};
 
   &language_header;
   &form_footer;
@@ -1186,6 +1162,8 @@ sub add_language {
 sub edit_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_language(\%myconfig, \%$form);
@@ -1201,10 +1179,11 @@ sub edit_language {
 sub list_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->language(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_language&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_language";
 
   $callback = $form->escape($form->{callback});
 
@@ -1270,7 +1249,7 @@ sub list_language {
 
 
     $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_language&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{description}</td>|;
+      qq|<td><a href="am.pl?action=edit_language&id=$ref->{id}&callback=$callback">$ref->{description}</td>|;
     $column_data{template_code}           = qq|<td align=right>$ref->{template_code}</td>|;
     $column_data{article_code} =
       qq|<td align=right>$ref->{article_code}</td>|;
@@ -1306,15 +1285,12 @@ sub list_language {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=language>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1330,6 +1306,8 @@ sub list_language {
 sub language_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Language");
 
   # $locale->text('Add Language')
@@ -1367,7 +1345,7 @@ sub language_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=language>
@@ -1418,6 +1396,8 @@ sub language_header {
 sub save_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Language missing!'));
   $form->isblank("template_code", $locale->text('Template Code missing!'));
   $form->isblank("article_code", $locale->text('Article Code missing!'));
@@ -1430,6 +1410,8 @@ sub save_language {
 sub delete_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_language(\%myconfig, \%$form);
   $form->redirect($locale->text('Language deleted!'));
 
@@ -1440,13 +1422,14 @@ sub delete_language {
 sub add_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   # $locale->text("Add Buchungsgruppe")
   # $locale->text("Edit Buchungsgruppe")
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_buchungsgruppe&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_buchungsgruppe" unless $form->{callback};
+
   AM->get_buchungsgruppe(\%myconfig, \%$form);
   $form->{"inventory_accno_id"} = $form->{"std_inventory_accno_id"};
   for (my $i = 0; 4 > $i; $i++) {
@@ -1463,6 +1446,8 @@ sub add_buchungsgruppe {
 sub edit_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_buchungsgruppe(\%myconfig, \%$form);
@@ -1477,10 +1462,11 @@ sub edit_buchungsgruppe {
 sub list_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->buchungsgruppe(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_buchungsgruppe&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_buchungsgruppe";
 
   $callback = $form->escape($form->{callback});
 
@@ -1562,9 +1548,7 @@ sub list_buchungsgruppe {
         </tr>
 |;
 
-  my $swap_link = qq|$form->{script}?action=swap_buchungsgruppen&|;
-  map({ $swap_link .= $_ . "=" . $form->escape($form->{$_}) . "&" }
-      qw(login password));
+  my $swap_link = qq|am.pl?action=swap_buchungsgruppen&|;
 
   my $row = 0;
   foreach $ref (@{ $form->{ALL} }) {
@@ -1598,8 +1582,7 @@ sub list_buchungsgruppe {
         qq|</a></td>|;
     }
 
-    $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_buchungsgruppe&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{description}</td>|;
+    $column_data{description} = qq|<td><a href="am.pl?action=edit_buchungsgruppe&id=$ref->{id}&callback=$callback">$ref->{description}</td>|;
     $column_data{inventory_accno}           = qq|<td align=right>$ref->{inventory_accno}</td>|;
     $column_data{income_accno_0} =
       qq|<td align=right>$ref->{income_accno_0}</td>|;
@@ -1633,15 +1616,12 @@ sub list_buchungsgruppe {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=buchungsgruppe>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1657,6 +1637,8 @@ sub list_buchungsgruppe {
 sub buchungsgruppe_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Buchungsgruppe");
 
   # $locale->text('Add Accounting Group')
@@ -1688,11 +1670,11 @@ sub buchungsgruppe_header {
 
   if ($form->{id}) {
     $form->{selectIC} =~ s/selected//g;
-    $form->{selectIC} =~ s/ value=$form->{inventory_accno_id}/  value=$form->{inventory_accno_id} selected/;
+    $form->{selectIC} =~ s/ value=\Q$form->{inventory_accno_id}\E/  value=$form->{inventory_accno_id} selected/;
     $form->{selectIC_income} =~ s/selected//g;
-    $form->{selectIC_income} =~ s/ value=$form->{income_accno_id_0}/  value=$form->{income_accno_id_0} selected/;
+    $form->{selectIC_income} =~ s/ value=\Q$form->{income_accno_id_0}\E/  value=$form->{income_accno_id_0} selected/;
     $form->{selectIC_expense} =~ s/selected//g;
-    $form->{selectIC_expense} =~ s/ value=$form->{expense_accno_id_0}/  value=$form->{expense_accno_id_0} selected/;
+    $form->{selectIC_expense} =~ s/ value=\Q$form->{expense_accno_id_0}\E/  value=$form->{expense_accno_id_0} selected/;
   }
 
   if (!$eur) {
@@ -1719,9 +1701,9 @@ sub buchungsgruppe_header {
              </tr>|;
   if ($form->{id}) {
     $form->{selectIC_income} =~ s/selected//g;
-    $form->{selectIC_income} =~ s/ value=$form->{income_accno_id_1}/  value=$form->{income_accno_id_1} selected/;
+    $form->{selectIC_income} =~ s/ value=\Q$form->{income_accno_id_1}\E/  value=$form->{income_accno_id_1} selected/;
     $form->{selectIC_expense} =~ s/selected//g;
-    $form->{selectIC_expense} =~ s/ value=$form->{expense_accno_id_1}/  value=$form->{expense_accno_id_1} selected/;
+    $form->{selectIC_expense} =~ s/ value=\Q$form->{expense_accno_id_1}\E/  value=$form->{expense_accno_id_1} selected/;
   }
   $linkaccounts .= qq|       <tr>
                <th align=right>| . $locale->text('Revenues EU with UStId') . qq|</th>
@@ -1734,9 +1716,9 @@ sub buchungsgruppe_header {
 
   if ($form->{id}) {
     $form->{selectIC_income} =~ s/selected//g;
-    $form->{selectIC_income} =~ s/ value=$form->{income_accno_id_2}/  value=$form->{income_accno_id_2} selected/;
+    $form->{selectIC_income} =~ s/ value=\Q$form->{income_accno_id_2}\E/  value=$form->{income_accno_id_2} selected/;
     $form->{selectIC_expense} =~ s/selected//g;
-    $form->{selectIC_expense} =~ s/ value=$form->{expense_accno_id_2}/  value=$form->{expense_accno_id_2} selected/;
+    $form->{selectIC_expense} =~ s/ value=\Q$form->{expense_accno_id_2}\E/  value=$form->{expense_accno_id_2} selected/;
   }
 
   $linkaccounts .= qq|       <tr>
@@ -1750,9 +1732,9 @@ sub buchungsgruppe_header {
 
   if ($form->{id}) {
     $form->{selectIC_income} =~ s/selected//g;
-    $form->{selectIC_income} =~ s/ value=$form->{income_accno_id_3}/  value=$form->{income_accno_id_3} selected/;
+    $form->{selectIC_income} =~ s/ value=\Q$form->{income_accno_id_3}\E/  value=$form->{income_accno_id_3} selected/;
     $form->{selectIC_expense} =~ s/selected//g;
-    $form->{selectIC_expense} =~ s/ value=$form->{expense_accno_id_3}/  value=$form->{expense_accno_id_3} selected/;
+    $form->{selectIC_expense} =~ s/ value=\Q$form->{expense_accno_id_3}\E/  value=$form->{expense_accno_id_3} selected/;
   }
 
   $linkaccounts .= qq|       <tr>
@@ -1771,7 +1753,7 @@ sub buchungsgruppe_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=buchungsgruppe>
@@ -1797,6 +1779,8 @@ sub buchungsgruppe_header {
 sub save_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
 
   AM->save_buchungsgruppe(\%myconfig, \%$form);
@@ -1808,6 +1792,8 @@ sub save_buchungsgruppe {
 sub delete_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_buchungsgruppe(\%myconfig, \%$form);
   $form->redirect($locale->text('Accounting Group deleted!'));
 
@@ -1817,6 +1803,8 @@ sub delete_buchungsgruppe {
 sub swap_buchungsgruppen {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->swap_sortkeys(\%myconfig, $form, "buchungsgruppen");
   list_buchungsgruppe();
 
@@ -1827,11 +1815,11 @@ sub swap_buchungsgruppen {
 sub add_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_printer&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_printer" unless $form->{callback};
 
   &printer_header;
   &form_footer;
@@ -1842,6 +1830,8 @@ sub add_printer {
 sub edit_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_printer(\%myconfig, \%$form);
@@ -1857,10 +1847,11 @@ sub edit_printer {
 sub list_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->printer(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_printer&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_printer";
 
   $callback = $form->escape($form->{callback});
 
@@ -1913,8 +1904,7 @@ sub list_printer {
 |;
 
 
-    $column_data{printer_description} =
-      qq|<td><a href=$form->{script}?action=edit_printer&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{printer_description}</td>|;
+    $column_data{printer_description} = qq|<td><a href="am.pl?action=edit_printer&id=$ref->{id}&callback=$callback">$ref->{printer_description}"</td>|;
     $column_data{printer_command}           = qq|<td align=right>$ref->{printer_command}</td>|;
     $column_data{template_code} =
       qq|<td align=right>$ref->{template_code}</td>|;
@@ -1936,15 +1926,12 @@ sub list_printer {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=printer>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1960,6 +1947,8 @@ sub list_printer {
 sub printer_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Printer");
 
   # $locale->text('Add Printer')
@@ -1975,7 +1964,7 @@ sub printer_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=printer>
@@ -2008,6 +1997,8 @@ sub printer_header {
 sub save_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("printer_description", $locale->text('Description missing!'));
   $form->isblank("printer_command", $locale->text('Printer Command missing!'));
   AM->save_printer(\%myconfig, \%$form);
@@ -2019,6 +2010,8 @@ sub save_printer {
 sub delete_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_printer(\%myconfig, \%$form);
   $form->redirect($locale->text('Printer deleted!'));
 
@@ -2028,11 +2021,11 @@ sub delete_printer {
 sub add_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_payment&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_payment" unless $form->{callback};
 
   $form->{terms_netto} = 0;
   $form->{terms_skonto} = 0;
@@ -2050,6 +2043,8 @@ sub add_payment {
 sub edit_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_payment(\%myconfig, $form);
@@ -2067,6 +2062,8 @@ sub edit_payment {
 sub list_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->payment(\%myconfig, \%$form);
 
   $form->{callback} = build_std_url("action=list_payment");
@@ -2195,15 +2192,12 @@ sub list_payment {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=payment>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -2219,6 +2213,8 @@ sub list_payment {
 sub payment_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Payment Terms");
 
   # $locale->text('Add Payment Terms')
@@ -2233,7 +2229,7 @@ sub payment_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=payment>
@@ -2325,6 +2321,8 @@ sub payment_header {
 sub save_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   $form->{"percent_skonto"} =
     $form->parse_amount(\%myconfig, $form->{percent_skonto}) / 100;
@@ -2337,6 +2335,8 @@ sub save_payment {
 sub delete_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_payment(\%myconfig, \%$form);
   $form->redirect($locale->text('Payment terms deleted!'));
 
@@ -2346,39 +2346,73 @@ sub delete_payment {
 sub swap_payment_terms {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->swap_sortkeys(\%myconfig, $form, "payment_terms");
   list_payment();
 
   $lxdebug->leave_sub();
 }
 
-sub config {
+sub edit_defaults {
   $lxdebug->enter_sub();
 
   # get defaults for account numbers and last numbers
   AM->defaultaccounts(\%myconfig, \%$form);
 
-  foreach $item (qw(mm-dd-yy mm/dd/yy dd-mm-yy dd/mm/yy dd.mm.yy yyyy-mm-dd)) {
-    $dateformat .=
-      ($item eq $myconfig{dateformat})
-      ? "<option selected>$item\n"
-      : "<option>$item\n";
-  }
+  map { $form->{"defaults_${_}"} = $form->{defaults}->{$_} } keys %{ $form->{defaults} };
 
-  foreach $item (qw(1,000.00 1000.00 1.000,00 1000,00)) {
-    $numberformat .=
-      ($item eq $myconfig{numberformat})
-      ? "<option selected>$item\n"
-      : "<option>$item\n";
+  foreach $key (keys %{ $form->{IC} }) {
+    foreach $accno (sort keys %{ $form->{IC}->{$key} }) {
+      my $array = "ACCNOS_" . uc($key);
+      $form->{$array} ||= [];
+
+      my $value = "${accno}--" . $form->{IC}->{$key}->{$accno}->{description};
+      push @{ $form->{$array} }, {
+        'name'     => $value,
+        'value'    => $value,
+        'selected' => $form->{IC}->{$key}->{$accno}->{id} == $form->{defaults}->{$key},
+      };
+    }
   }
 
-  foreach $item (qw(name company address signature)) {
-    $myconfig{$item} =~ s/\"/&quot;/g;
-  }
+  $form->{title} = $locale->text('Ranges of numbers and default accounts');
+
+  $form->header();
+  print $form->parse_html_template('am/edit_defaults');
 
-  foreach $item (qw(address signature)) {
-    $myconfig{$item} =~ s/\\n/\r\n/g;
+  $lxdebug->leave_sub();
+}
+
+sub save_defaults {
+  $lxdebug->enter_sub();
+
+  AM->save_defaults();
+
+  $form->redirect($locale->text('Defaults saved.'));
+
+  $lxdebug->leave_sub();
+}
+
+sub _build_cfg_options {
+  my $idx   = shift;
+  my $array = uc($idx) . 'S';
+
+  $form->{$array} = [];
+  foreach my $item (@_) {
+    push @{ $form->{$array} }, {
+      'name'     => $item,
+      'value'    => $item,
+      'selected' => $item eq $myconfig{$idx},
+    };
   }
+}
+
+sub config {
+  $lxdebug->enter_sub();
+
+  _build_cfg_options('dateformat', qw(mm-dd-yy mm/dd/yy dd-mm-yy dd/mm/yy dd.mm.yy yyyy-mm-dd));
+  _build_cfg_options('numberformat', qw(1,000.00 1000.00 1.000,00 1000,00));
 
   @formats = ();
   if ($opendocument_templates && $openofficeorg_writer_bin &&
@@ -2402,346 +2436,66 @@ sub config {
   if (!$myconfig{"template_format"}) {
     $myconfig{"template_format"} = "pdf";
   }
-  my $template_format = "";
+  $form->{TEMPLATE_FORMATS} = [];
   foreach $item (@formats) {
-    $template_format .=
-      "<option value=\"$item->{value}\"" .
-      ($item->{"value"} eq $myconfig{"template_format"} ?
-       " selected" : "") .
-       ">" . H($item->{"name"}) . "</option>";
+    push @{ $form->{TEMPLATE_FORMATS} }, {
+      'name'     => $item->{name},
+      'value'    => $item->{value},
+      'selected' => $item->{value} eq $myconfig{template_format},
+    };
   }
 
   if (!$myconfig{"default_media"}) {
     $myconfig{"default_media"} = "screen";
   }
+
   my %selected = ($myconfig{"default_media"} => "selected");
-  my $default_media = qq|
-  <option value="screen" $selected{'screen'}>| . $locale->text("Screen") . qq|</option>
-  <option value="printer" $selected{'printer'}>| . $locale->text("Printer") . qq|</option>
-  <option value="queue" $selected{'queue'}>| . $locale->text("Queue") . qq|</option>
-|;
+  $form->{MEDIA} = [
+    { 'name' => $locale->text('Screen'),  'value' => 'screen',  'selected' => $selected{screen}, },
+    { 'name' => $locale->text('Printer'), 'value' => 'printer', 'selected' => $selected{printer}, },
+    { 'name' => $locale->text('Queue'),   'value' => 'queue',   'selected' => $selected{queue}, },
+    ];
 
-  %selected = ();
-  $selected{$myconfig{"default_printer_id"}} = "selected"
-    if ($myconfig{"default_printer_id"});
-  my $default_printer = qq|<option></option>|;
   AM->printer(\%myconfig, $form);
+
+  $form->{PRINTERS} = [];
   foreach my $printer (@{$form->{"ALL"}}) {
-    $default_printer .= qq|<option value="| . Q($printer->{"id"}) .
-      qq|" $selected{$printer->{'id'}}>| .
-      H($printer->{"printer_description"}) . qq|</option>|;
+    push @{ $form->{PRINTERS} }, {
+      'name'     => $printer->{printer_description},
+      'value'    => $printer->{id},
+      'selected' => $printer->{id} == $myconfig{default_printer_id},
+    };
   }
 
   %countrycodes = User->country_codes;
-  $countrycodes = '';
-  foreach $key (sort { $countrycodes{$a} cmp $countrycodes{$b} }
-                keys %countrycodes
-    ) {
-    $countrycodes .=
-      ($myconfig{countrycode} eq $key)
-      ? "<option selected value=$key>$countrycodes{$key}\n"
-      : "<option value=$key>$countrycodes{$key}\n";
-  }
-  $countrycodes = "<option>American English\n$countrycodes";
 
-  foreach $key (keys %{ $form->{IC} }) {
-    foreach $accno (sort keys %{ $form->{IC}{$key} }) {
-      $myconfig{$key} .=
-        ($form->{IC}{$key}{$accno}{id} == $form->{defaults}{$key})
-        ? "<option selected>$accno--$form->{IC}{$key}{$accno}{description}\n"
-        : "<option>$accno--$form->{IC}{$key}{$accno}{description}\n";
-    }
-  }
-
-#  opendir CSS, "css/.";
-#  @all = grep /.*\.css$/, readdir CSS;
-#  closedir CSS;
-
-# css dir has styles that are not intended as general layouts.
-# reverting to hardcoded list
-  @all = qw(lx-office-erp.css Win2000.css);
-
-  foreach $item (@all) {
-    if ($item eq $myconfig{stylesheet}) {
-      $selectstylesheet .= qq|<option selected>$item\n|;
-    } else {
-      $selectstylesheet .= qq|<option>$item\n|;
-    }
+  $countrycodes{""} = "American English";
+  $form->{COUNTRYCODES} = [];
+  foreach $countrycode (sort { $countrycodes{$a} cmp $countrycodes{$b} } keys %countrycodes) {
+    push @{ $form->{COUNTRYCODES} }, {
+      'name'     => $countrycodes{$countrycode},
+      'value'    => $countrycode,
+      'selected' => $countrycode eq $myconfig{countrycode},
+    };
   }
-  $selectstylesheet .= "<option>\n";
-
-  $form->{title} = $locale->text('Edit Preferences for') . qq| $form->{login}|;
 
-  $form->header;
-
-  if ($myconfig{menustyle} eq "old") {
-    $menustyle_old = "checked";
-  } elsif ($myconfig{menustyle} eq "neu") {
-    $menustyle_neu = "checked";
-  } elsif ($myconfig{menustyle} eq "v3") {
-    $menustyle_v3 = "checked";
+  $form->{STYLESHEETS} = [];
+  foreach $item (qw(lx-office-erp.css Win2000.css)) {
+    push @{ $form->{STYLESHEETS} }, {
+      'name'     => $item,
+      'value'    => $item,
+      'selected' => $item eq $myconfig{stylesheet},
+    };
   }
 
-  my ($show_form_details, $hide_form_details);
-  $myconfig{"show_form_details"} = 1
-    unless (defined($myconfig{"show_form_details"}));
-  $show_form_details = "checked" if ($myconfig{"show_form_details"});
-  $hide_form_details = "checked" unless ($myconfig{"show_form_details"});
-
-  print qq|
-<body>
+  $myconfig{show_form_details}              = 1 unless (defined($myconfig{show_form_details}));
+  $form->{"menustyle_$myconfig{menustyle}"} = 1;
+  $form->{CAN_CHANGE_PASSWORD}              = $auth->can_change_password();
 
-<form method=post action=$form->{script}>
+  $form->{title}                            = $locale->text('Edit Preferences for #1', $form->{login});
 
-<input type=hidden name=old_password value=$myconfig{password}>
-<input type=hidden name=type value=preferences>
-<input type=hidden name=role value=$myconfig{role}>
-
-<table width=100%>
-  <tr><th class=listtop>$form->{title}</th></tr>
-  <tr>
-    <td>
-      <table>
-        <tr>
-         <th align=right>| . $locale->text('Name') . qq|</th>
-         <td><input name=name size=15 value="$myconfig{name}"></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Password') . qq|</th>
-         <td><input type=password name=new_password size=10 value=$myconfig{password}></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('E-mail') . qq|</th>
-         <td><input name=email size=30 value="$myconfig{email}"></td>
-       </tr>
-       <tr valign=top>
-         <th align=right>| . $locale->text('Signature') . qq|</th>
-         <td><textarea name=signature rows=3 cols=50>$myconfig{signature}</textarea></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Phone') . qq|</th>
-         <td><input name=tel size=14 value="$myconfig{tel}"></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Fax') . qq|</th>
-         <td><input name=fax size=14 value="$myconfig{fax}"></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Company') . qq|</th>
-         <td><input name=company size=30 value="$myconfig{company}"></td>
-       </tr>
-       <tr valign=top>
-         <th align=right>| . $locale->text('Address') . qq|</th>
-         <td><textarea name=address rows=4 cols=50>$myconfig{address}</textarea></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Date Format') . qq|</th>
-         <td><select name=dateformat>$dateformat</select></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Output Number Format') . qq|</th>
-         <td><select name=numberformat>$numberformat</select></td>
-       </tr>
-
-       <tr>
-         <th align=right>| . $locale->text('Dropdown Limit') . qq|</th>
-         <td><input name=vclimit size=10 value="$myconfig{vclimit}"></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Language') . qq|</th>
-         <td><select name=countrycode>$countrycodes</select></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Stylesheet') . qq|</th>
-         <td><select name=usestylesheet>$selectstylesheet</select></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Setup Menu') . qq|</th>
-         <td><input name=menustyle type=radio class=radio value=v3 $menustyle_v3>&nbsp;| .
-    $locale->text("Top (CSS)") . qq|
-         <input name=menustyle type=radio class=radio value=neu $menustyle_neu>&nbsp;| .
-    $locale->text("Top (Javascript)") . qq|
-    <input name=menustyle type=radio class=radio value=old $menustyle_old>&nbsp;| .
-    $locale->text("Old (on the side)") . qq|</td>
-  </tr>
-  <tr>
-    <th align=right>| . $locale->text('Form details (second row)') . qq|</th>
-    <td><input type="radio" id="rad_show_form_details" name="show_form_details" value="1" $show_form_details>&nbsp;
-    <label for="rad_show_form_details">| . $locale->text('Show by default') . qq|</label>
-    <input type="radio" id="rad_hide_form_details" name="show_form_details" value="0" $hide_form_details>&nbsp;
-    <label for="rad_hide_form_details">| . $locale->text('Hide by default') . qq|</label></td>
-       </tr>
-       <input name=printer type=hidden value="$myconfig{printer}">
-       <tr class=listheading>
-         <th colspan=2>| . $locale->text("Print options") . qq|</th>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Default template format') . qq|</th>
-         <td><select name="template_format">$template_format</select></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Default output medium') . qq|</th>
-         <td><select name="default_media">$default_media</select></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Default printer') . qq|</th>
-         <td><select name="default_printer_id">$default_printer</select></td>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Number of copies') . qq|</th>
-         <td><input name="copies" size="10" value="| .
-    $form->quote($myconfig{"copies"}) . qq|"></td>
-       </tr>
-
-
-       <tr class=listheading>
-         <th colspan=2>&nbsp;</th>
-       </tr>
-       <tr>
-         <th align=right>| . $locale->text('Business Number') . qq|</th>
-         <td><input name=businessnumber size=25 value="$myconfig{businessnumber}"></td>
-       </tr>
-       <tr>
-               <th align=right>| . $locale->text('Year End') . qq| (mm/dd)</th>
-               <td><input name=yearend size=5 value=$form->{defaults}{yearend}></td>
-       </tr>
-       <tr class=listheading>
-         <th colspan=2>|
-    . $locale->text('Last Numbers & Default Accounts') . qq|</th>
-       </tr>
-       <tr>
-         <td colspan=2>
-           <table width=100%>
-             <tr>
-               <th align=right nowrap>| . $locale->text('Inventory Account') . qq|</th>
-               <td><select name=inventory_accno>$myconfig{IC}</select></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>| . $locale->text('Revenue Account') . qq|</th>
-               <td><select name=income_accno>$myconfig{IC_income}</select></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>| . $locale->text('Expense Account') . qq|</th>
-               <td><select name=expense_accno>$myconfig{IC_expense}</select></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>| . $locale->text('Foreign Exchange Gain') . qq|</th>
-               <td><select name=fxgain_accno>$myconfig{FX_gain}</select></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>| . $locale->text('Foreign Exchange Loss') . qq|</th>
-               <td><select name=fxloss_accno>$myconfig{FX_loss}</select></td>
-             </tr>
-             <tr>
-               <td colspan=2>|
-    . $locale->text(
-    'Enter up to 3 letters separated by a colon (i.e CAD:USD:EUR) for your native and foreign currencies'
-    )
-    . qq|<br><input name=curr size=40 value="$form->{defaults}{curr}"></td>
-             </tr>
-            </table>
-          </td>
-         </tr>
-         <tr>
-           <td colspan=2>
-             <table width=100%>
-             <tr>
-               <th align=right nowrap>| . $locale->text('Last Invoice Number') . qq|</th>
-               <td><input name=invnumber size=10 value=$form->{defaults}{invnumber}></td>
-                <th align=right nowrap>|
-    . $locale->text('Last Customer Number') . qq|</th>
-               <td><input name=customernumber size=10 value=$form->{defaults}{customernumber}></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>|
-    . $locale->text('Last Credit Note Number') . qq|</th>
-               <td><input name=cnnumber size=10 value=$form->{defaults}{cnnumber}></td>
-                <th align=right nowrap>|
-    . $locale->text('Last Vendor Number') . qq|</th>
-               <td><input name=vendornumber size=10 value=$form->{defaults}{vendornumber}></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>|
-    . $locale->text('Last Sales Order Number') . qq|</th>
-               <td><input name=sonumber size=10 value=$form->{defaults}{sonumber}></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>|
-    . $locale->text('Last Purchase Order Number') . qq|</th>
-               <td><input name=ponumber size=10 value=$form->{defaults}{ponumber}></td>
-                <th align=right nowrap>|
-    . $locale->text('Last Article Number') . qq|</th>
-               <td><input name=articlenumber size=10 value=$form->{defaults}{articlenumber}></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>|
-    . $locale->text('Last Sales Quotation Number') . qq|</th>
-               <td><input name=sqnumber size=10 value=$form->{defaults}{sqnumber}></td>
-                <th align=right nowrap>|
-    . $locale->text('Last Service Number') . qq|</th>
-               <td><input name=servicenumber size=10 value=$form->{defaults}{servicenumber}></td>
-             </tr>
-             <tr>
-               <th align=right nowrap>| . $locale->text('Last RFQ Number') . qq|</th>
-               <td><input name=rfqnumber size=10 value=$form->{defaults}{rfqnumber}></td>
-                <th align=right nowrap></th>
-               <td></td>
-             </tr>
-           </table>
-         </td>
-       </tr>|;
-#      <tr class=listheading>
-#        <th colspan=2>| . $locale->text('Tax Accounts') . qq|</th>
-#      </tr>
-#      <tr>
-#        <td colspan=2>
-#          <table>
-#            <tr>
-#              <th>&nbsp;</th>
-#              <th>| . $locale->text('Rate') . qq| (%)</th>
-#              <th>| . $locale->text('Number') . qq|</th>
-#            </tr>
-# |;
-# 
-#   foreach $accno (sort keys %{ $form->{taxrates} }) {
-#     print qq|
-#               <tr>
-#              <th align=right>$form->{taxrates}{$accno}{description}</th>
-#              <td><input name=$form->{taxrates}{$accno}{id} size=6 value=$form->{taxrates}{$accno}{rate}></td>
-#              <td><input name="taxnumber_$form->{taxrates}{$accno}{id}" value="$form->{taxrates}{$accno}{taxnumber}"></td>
-#            </tr>
-# |;
-#     $form->{taxaccounts} .= "$form->{taxrates}{$accno}{id} ";
-#   }
-# 
-#   chop $form->{taxaccounts};
-# 
-#   print qq|
-# <input name=taxaccounts type=hidden value="$form->{taxaccounts}">
-# 
-#             </table>
-#        </td>
-#      </tr>
-print qq|      </table>
-    </td>
-  </tr>
-  <tr>
-    <td><hr size=3 noshade></td>
-  </tr>
-</table>
-
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
-<br>
-<input type=submit class=submit name=action value="|
-    . $locale->text('Save') . qq|">
-
-  </form>
-
-</body>
-</html>
-|;
+  $form->header();
+  print $form->parse_html_template('am/config');
 
   $lxdebug->leave_sub();
 }
@@ -2751,10 +2505,7 @@ sub save_preferences {
 
   $form->{stylesheet} = $form->{usestylesheet};
 
-  $form->redirect($locale->text('Preferences saved!'))
-    if (
-     AM->save_preferences(\%myconfig, \%$form, $memberfile, $userspath, $webdav
-     ));
+  $form->redirect($locale->text('Preferences saved!')) if (AM->save_preferences(\%myconfig, \%$form, $webdav));
   $form->error($locale->text('Cannot save preferences!'));
 
   $lxdebug->leave_sub();
@@ -2763,6 +2514,8 @@ sub save_preferences {
 sub audit_control {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text('Audit Control');
 
   AM->closedto(\%myconfig, \%$form);
@@ -2778,10 +2531,7 @@ sub audit_control {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
-
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
+<form method=post action=am.pl>
 
 <table width=100%>
   <tr><th class=listtop>$form->{title}</th></tr>
@@ -2827,6 +2577,8 @@ sub audit_control {
 sub doclose {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->closebooks(\%myconfig, \%$form);
 
   if ($form->{revtrans}) {
@@ -2848,6 +2600,8 @@ sub doclose {
 sub edit_units {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $units = AM->retrieve_units(\%myconfig, $form, $form->{"unit_type"}, "resolved_");
   AM->units_in_use(\%myconfig, $form, $units);
   map({ $units->{$_}->{"BASE_UNIT_DDBOX"} = AM->unit_select_data($units, $units->{$_}->{"base_unit"}, 1); } keys(%{$units}));
@@ -2880,10 +2634,10 @@ sub edit_units {
   $form->{"title"} = sprintf($locale->text("Add and edit %s"), $form->{"unit_type"} eq "dimension" ? $locale->text("dimension units") : $locale->text("service units"));
   $form->header();
   print($form->parse_html_template("am/edit_units",
-                                   { "UNITS" => \@unit_list,
+                                   { "UNITS"               => \@unit_list,
                                      "NEW_BASE_UNIT_DDBOX" => $ddbox,
-                                     "LANGUAGES" => \@languages,
-                                     "updownlink" => $updownlink }));
+                                     "LANGUAGES"           => \@languages,
+                                     "updownlink"          => $updownlink }));
 
   $lxdebug->leave_sub();
 }
@@ -2891,6 +2645,8 @@ sub edit_units {
 sub add_unit {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("new_name", $locale->text("The name is missing."));
   $units = AM->retrieve_units(\%myconfig, $form, $form->{"unit_type"});
   $all_units = AM->retrieve_units(\%myconfig, $form);
@@ -2927,6 +2683,8 @@ sub add_unit {
 sub set_unit_languages {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   my ($unit, $languages, $idx) = @_;
 
   $unit->{"LANGUAGES"} = [];
@@ -2945,6 +2703,8 @@ sub set_unit_languages {
 sub save_unit {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $old_units = AM->retrieve_units(\%myconfig, $form, $form->{"unit_type"}, "resolved_");
   AM->units_in_use(\%myconfig, $form, $old_units);
 
@@ -3023,16 +2783,21 @@ sub save_unit {
 sub show_history_search {
        $lxdebug->enter_sub();
        
+  $auth->assert('config');
+
        $form->{title} = $locale->text("History Search");
     $form->header();
     
-    print $form->parse_html_template("/common/search_history");
+    print $form->parse_html_template("common/search_history");
        
        $lxdebug->leave_sub();
 }
 
 sub show_am_history {
        $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
        my %search = ( "Artikelnummer" => "parts",
                                   "Kundennummer"  => "customer",
                                   "Lieferantennummer" => "vendor",
@@ -3105,7 +2870,7 @@ sub show_am_history {
   my ($sort, $sortby) = split(/\-\-/, $form->{order});
   $sort =~ s/.*\.(.*)$/$1/;
 
-       print $form->parse_html_template("/common/show_history", 
+       print $form->parse_html_template("common/show_history", 
     {"DATEN" => $form->get_history($dbh, $daten, $restriction, $form->{order}),
      "SUCCESS" => ($form->get_history($dbh, $daten, $restriction, $form->{order}) ne "0"),
      "NONEWWINDOW" => 1,
@@ -3118,6 +2883,9 @@ sub show_am_history {
 
 sub get_employee_id {
        $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
        my $query = qq|SELECT id FROM employee WHERE name = '| . $_[0] . qq|'|;
        my $sth = $_[1]->prepare($query);
        $sth->execute() || $form->dberror($query);
@@ -3130,6 +2898,8 @@ sub get_employee_id {
 sub swap_units {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   my $dir = $form->{"dir"} eq "down" ? "down" : "up";
   my $unit_type = $form->{"unit_type"} eq "dimension" ?
     "dimension" : "service";
@@ -3143,11 +2913,11 @@ sub swap_units {
 sub add_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} =  $locale->text('Add');
 
-  $form->{callback} =
-    "$form->{script}?action=add_tax&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} ||= "am.pl?action=add_tax";
 
   _get_taxaccount_selection();
 
@@ -3158,7 +2928,7 @@ sub add_tax {
   };
   
   # Ausgabe des Templates
-  print($form->parse_html_template2('am/edit_tax', $parameters_ref));
+  print($form->parse_html_template('am/edit_tax', $parameters_ref));
 
   $lxdebug->leave_sub();
 }
@@ -3166,6 +2936,8 @@ sub add_tax {
 sub edit_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} =  $locale->text('Edit');
 
   AM->get_tax(\%myconfig, \%$form);
@@ -3179,7 +2951,7 @@ sub edit_tax {
   };
   
   # Ausgabe des Templates
-  print($form->parse_html_template2('am/edit_tax', $parameters_ref));
+  print($form->parse_html_template('am/edit_tax', $parameters_ref));
 
   $lxdebug->leave_sub();
 }
@@ -3187,6 +2959,8 @@ sub edit_tax {
 sub list_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->taxes(\%myconfig, \%$form);
 
   map { $_->{rate} = $form->format_amount(\%myconfig, $_->{rate}, 2) } @{ $form->{TAX} };
@@ -3198,7 +2972,7 @@ sub list_tax {
   $form->header();
   
   # Ausgabe des Templates
-  print($form->parse_html_template2('am/list_tax', $parameters_ref));
+  print($form->parse_html_template('am/list_tax', $parameters_ref));
 
   $lxdebug->leave_sub();
 }
@@ -3206,6 +2980,8 @@ sub list_tax {
 sub _get_taxaccount_selection{
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->get_tax_accounts(\%myconfig, \%$form);
 
   map { $_->{selected} = $form->{chart_id} == $_->{id} } @{ $form->{ACCOUNTS} };
@@ -3216,6 +2992,8 @@ sub _get_taxaccount_selection{
 sub save_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("rate", $locale->text('Taxrate missing!'));
   $form->isblank("taxdescription", $locale->text('Taxdescription  missing!'));
   $form->isblank("taxkey", $locale->text('Taxkey  missing!'));
@@ -3239,6 +3017,8 @@ sub save_tax {
 sub delete_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_tax(\%myconfig, \%$form);
   $form->redirect($locale->text('Tax deleted!'));
 
@@ -3248,12 +3028,14 @@ sub delete_tax {
 sub add_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}      = $locale->text('Add Price Factor');
   $form->{callback} ||= build_std_url('action=add_price_factor');
   $form->{fokus}      = 'description';
 
   $form->header();
-  print $form->parse_html_template2('am/edit_price_factor');
+  print $form->parse_html_template('am/edit_price_factor');
 
   $lxdebug->leave_sub();
 }
@@ -3261,6 +3043,8 @@ sub add_price_factor {
 sub edit_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}      = $locale->text('Edit Price Factor');
   $form->{callback} ||= build_std_url('action=add_price_factor');
   $form->{fokus}      = 'description';
@@ -3270,7 +3054,7 @@ sub edit_price_factor {
   $form->{factor} = $form->format_amount(\%myconfig, $form->{factor} * 1);
 
   $form->header();
-  print $form->parse_html_template2('am/edit_price_factor');
+  print $form->parse_html_template('am/edit_price_factor');
 
   $lxdebug->leave_sub();
 }
@@ -3278,6 +3062,8 @@ sub edit_price_factor {
 sub list_price_factors {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->get_all_price_factors(\%myconfig, \%$form);
 
   my $previous;
@@ -3297,7 +3083,7 @@ sub list_price_factors {
   $form->{url_base} = build_std_url('callback');
 
   $form->header();
-  print $form->parse_html_template2('am/list_price_factors');
+  print $form->parse_html_template('am/list_price_factors');
 
   $lxdebug->leave_sub();
 }
@@ -3305,6 +3091,8 @@ sub list_price_factors {
 sub save_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   $form->isblank("factor", $locale->text('Factor missing!'));
 
@@ -3322,6 +3110,8 @@ sub save_price_factor {
 sub delete_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_price_factor(\%myconfig, \%$form);
 
   $form->{callback} .= '&MESSAGE=' . $form->escape($locale->text('Price factor deleted!')) if ($form->{callback});
@@ -3334,6 +3124,8 @@ sub delete_price_factor {
 sub swap_price_factors {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->swap_sortkeys(\%myconfig, $form, 'price_factors');
   list_price_factors();
 
Unnamed repository; edit this file 'description' to name the repository.