diff --git a/cgi-bin/kraut.space b/cgi-bin/kraut.space
new file mode 100755
index 0000000..4e11fa4
--- /dev/null
+++ b/cgi-bin/kraut.space
@@ -0,0 +1,70 @@
+#!/bin/sh -e
+
+header() {
+    echo -en 'Content-type: text/html
+Strict-Transport-Security: max-age=86400000\n\n'
+}
+
+header_redir_display() {
+    header
+    echo "<head><meta http-equiv=\"Refresh\" content=\"0; $SCRIPT_NAME?secret=$secret\"></head>"
+}
+
+## enforce SSL
+#if [ $SERVER_PORT -ne 443 ]; then
+#    header_redir_display
+#    exit
+#fi
+
+# extract parameters
+# tr -dc removes all characters, this prevents things like xss
+getp() {
+  echo "$REQUEST_URI" | sed 's/.*?//' | sed 's/%20/ /g' | tr "?&" "\n"  | tr -dc "0-9a-z_= \n" | egrep "^$1=" | sed "s/^$1=//"
+}
+secret=$(getp secret)
+hashed_secret=$(echo "$secret" | md5sum | cut -f1 -d\ )
+cmd=$(getp cmd)
+
+#echo "secret        $secret"  >/var/www/cgi-bin/2
+#echo "hashed_secret $hashed_secret"  >>/var/www/cgi-bin/2
+#echo "cmd           $cmd"     >>/var/www/cgi-bin/2
+
+
+# check secret
+# the secrets file has to contain the hashes on a single line, comments are allowed on seperate lines
+# secrets can only contain the characters that are allowed in getp() with tr -dc
+if [ -z "$secret" ] || ! grep -q "^$hashed_secret$" /etc/door-token-hashs; then
+    header
+    [ -z "$secret" ] || echo "<html><p>Ich bin mir nicht sicher. Mir scheint du bist doch ein Kohlkopf oder Anderes!</p>"
+    cat /var/www/tpl/secret.html
+    exit
+fi
+
+# control relais card
+if [ -n "$cmd" ]; then
+    case "$cmd" in
+    indoor_lock)   pin=4; delay1=0;  delay2=1;;
+    indoor_unlock) pin=17; delay1=0;  delay2=1;;
+    indoor_open)   pin=27; delay1=0;  delay2=1;;
+    outdoor_buzz)  pin=22; delay1=15; delay2=5;;
+    *) header; echo 'Do not hack the hackerspace!'"$cmd"; exit;;
+    esac
+    
+    # execute long-running ppio job in background shell
+    (   sleep $delay1
+    /usr/local/bin/gpio -g write $pin on
+    sleep $delay2
+    /usr/local/bin/gpio -g write $pin off
+    ) </dev/null >/dev/null 2>/dev/null &
+
+
+    header
+    sed 's/XTIMEOUTX/'"$(($delay1 + $delay2))"'/' /var/www/tpl/wait.html | sed 's/XSECRETX/'"$secret"/
+    exit
+
+fi
+
+# show feature page
+header
+sed 's/XSECRET_HEREX/'"$secret"'/' /var/www/tpl/features.html
+exit