diff --git a/cgi-bin/kraut.space b/cgi-bin/kraut.space
index d55b746..4391c02 100755
--- a/cgi-bin/kraut.space
+++ b/cgi-bin/kraut.space
@@ -1,14 +1,14 @@
 #!/bin/sh -e
 
 header() {
-    echo -en 'Content-type: text/html
-Strict-Transport-Security: max-age=86400000\n\n'
+    echo -e 'Content-type: text/html\nStrict-Transport-Security: max-age=86400000\n'
 }
 
-header_redir_display() {
-    header
-    echo "<head><meta http-equiv=\"Refresh\" content=\"0; $SCRIPT_NAME?secret=$secret\"></head>"
-}
+# let nginx do it!
+#header_redir_display() {
+#    header
+#    echo "<head><meta http-equiv=\"Refresh\" content=\"0; $SCRIPT_NAME?secret=$secret\"></head>"
+#}
 
 ## enforce SSL
 #if [ $SERVER_PORT -ne 443 ]; then
@@ -19,23 +19,19 @@ header_redir_display() {
 # extract parameters
 # tr -dc removes all characters, this prevents things like xss
 getp() {
-  echo "$REQUEST_URI" | sed 's/.*?//' | sed 's/%20/ /g' | tr "?&" "\n"  | tr -dc "0-9a-z_= \n" | egrep "^$1=" | sed "s/^$1=//"
+  echo "$REQUEST_URI" | sed 's/.*?//' | sed 's/%20/ /g' \
+    | tr "?&" "\n"  | tr --complement --delete "0-9a-z_= \n" | egrep "^$1=" | sed "s/^$1=//"
 }
 secret=$(getp secret)
 hashed_secret=$(echo "$secret" | md5sum | cut -f1 -d\ )
 cmd=$(getp cmd)
 
-#echo "secret        $secret"  >/var/www/cgi-bin/2
-#echo "hashed_secret $hashed_secret"  >>/var/www/cgi-bin/2
-#echo "cmd           $cmd"     >>/var/www/cgi-bin/2
-
-
 # check secret
 # the secrets file has to contain the hashes on a single line, comments are allowed on seperate lines
 # secrets can only contain the characters that are allowed in getp() with tr -dc
 if [ -z "$secret" ] || ! grep -q "^$hashed_secret$" /etc/door-token-hashs; then
     header
-    [ -z "$secret" ] || echo "<html><p>Ich bin mir nicht sicher. Mir scheint du bist doch ein Kohlkopf oder Anderes!</p>"
+    [ -z "$secret" ] || echo "<html><p>Ich bin mir nicht sicher. Mir scheint, du bist doch ein Kohlkopf oder Anderes!</p>"
     cat /var/www/tpl/secret.html
     exit
 fi
@@ -43,8 +39,8 @@ fi
 # control relais card
 if [ -n "$cmd" ]; then
     case "$cmd" in
-    indoor_lock)   pin=17; delay1=0;  delay2=1;;
-    indoor_unlock) pin=4;  delay1=0;  delay2=1;;
+#    indoor_unlock)   pin=17; delay1=0;  delay2=1;;   unused pin
+    indoor_lock) pin=4;  delay1=0;  delay2=1;;
     indoor_open)   pin=27; delay1=0;  delay2=1;;
     outdoor_buzz)  pin=22; delay1=15; delay2=5;;
     *) header; echo 'Do not hack the hackerspace!'"$cmd"; exit;;
diff --git a/tpl/features.html b/tpl/features.html
index 006a3de..1314027 100644
--- a/tpl/features.html
+++ b/tpl/features.html
@@ -11,13 +11,10 @@
 <body>
     <form method="GET" action="#">
         <input type=hidden name=secret value="XSECRET_HEREX">
-	<h2>Hauptfunktionen</h2>
-	<button class="main_button main_open" type="submit" name="cmd" value="indoor_open">Tür öffnen</button>
-        <button class="main_button" type="submit" name="cmd" value="outdoor_buzz">Haustüröffner</button>
-
-	<h2>weitere Funktionen</h2>
+	<h2>Schließfunktionen</h2>
+	<button class="main_button main_open" type="submit" name="cmd" value="indoor_open">Tür öffnen</button><br/>
+        <button class="main_button" type="submit" name="cmd" value="outdoor_buzz">Haustüröffner</button><br/>
 	<button class="main_close" type="submit" name="cmd" value="indoor_lock">Tür abschließen</button>
-	<button type="submit" name="cmd" value="indoor_unlock">Tür aufschließen</button>
     </form>
 </body>