Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1472)
+++ branches/2.8.x/CHANGELOG	(revision 1473)
@@ -11,6 +11,12 @@
 ! = Update/Change
 
 ------------------------------------- 2.8.2 ------------------------------------
+09 Jul-2011 Build 1473 Dietmar Woellbrink (Luisehahne)
+# found more backlinks to fix
+- remove not working ftan in frontend
+# fixed redirect in login procedure (Tks to mr-fan)
+! update droplet LoginBox, additional parameter $redirect
+# remove double config call in media (Tks to Testör)
 07 Jul-2011 Build 1472 Dietmar Woellbrink (Luisehahne)
 # fixed version.php
 07 Jul-2011 Build 1471 Dietmar Woellbrink (Luisehahne)
Index: branches/2.8.x/wb/admin/groups/save.php
===================================================================
--- branches/2.8.x/wb/admin/groups/save.php	(revision 1472)
+++ branches/2.8.x/wb/admin/groups/save.php	(revision 1473)
@@ -26,6 +26,7 @@
 
 if (!$admin->checkFTAN())
 {
+	$admin->print_header();
 	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
 }
 // After check print the header
@@ -62,5 +63,3 @@
 
 // Print admin footer
 $admin->print_footer();
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/groups/groups.php
===================================================================
--- branches/2.8.x/wb/admin/groups/groups.php	(revision 1472)
+++ branches/2.8.x/wb/admin/groups/groups.php	(revision 1473)
@@ -46,7 +46,8 @@
 /*  */
 	if (!$admin->checkFTAN())
 	{
-		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+		$admin->print_header();
+		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
 	}
 
 	// Print header
@@ -194,5 +195,3 @@
 
 // Print admin footer
 $admin->print_footer();
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/groups/add.php
===================================================================
--- branches/2.8.x/wb/admin/groups/add.php	(revision 1472)
+++ branches/2.8.x/wb/admin/groups/add.php	(revision 1473)
@@ -60,5 +60,3 @@
 
 // Print admin footer
 $admin->print_footer();
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/admin/media/create.php
===================================================================
--- branches/2.8.x/wb/admin/media/create.php	(revision 1472)
+++ branches/2.8.x/wb/admin/media/create.php	(revision 1473)
@@ -38,8 +38,6 @@
 	exit(0);
 }
 
-// Print admin header
-require('../../config.php');
 require_once(WB_PATH.'/framework/class.admin.php');
 // suppress to print the header, so no new FTAN will be set
 $admin = new admin('Media', 'media_create', false);
Index: branches/2.8.x/wb/admin/media/parameters.php
===================================================================
--- branches/2.8.x/wb/admin/media/parameters.php	(revision 1472)
+++ branches/2.8.x/wb/admin/media/parameters.php	(revision 1473)
@@ -16,6 +16,9 @@
  *
  */
 
+// Must include code to stop this file being access directly
+if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
+
 function __unserialize($sObject) {  // found in php manual :-)
 	$__ret =preg_replace('!s:(\d+):"(.*?)";!e', "'s:'.strlen('$2').':\"$2\";'", $sObject );
 	return unserialize($__ret);
Index: branches/2.8.x/wb/admin/pages/sections_save.php
===================================================================
--- branches/2.8.x/wb/admin/pages/sections_save.php	(revision 1472)
+++ branches/2.8.x/wb/admin/pages/sections_save.php	(revision 1473)
@@ -32,6 +32,14 @@
 // suppress to print the header, so no new FTAN will be set
 $admin = new admin('Pages', 'pages_modify',false);
 
+// Get page id
+if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {
+	header("Location: index.php");
+	exit(0);
+} else {
+	$page_id = (int)$_GET['page_id'];
+}
+
 if (!$admin->checkFTAN())
 {
 	$admin->print_header();
@@ -39,14 +47,6 @@
 }
 // After check print the header
 $admin->print_header();
-
-// Get page id
-if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {
-	header("Location: index.php");
-	exit(0);
-} else {
-	$page_id = $_GET['page_id'];
-}
 /*
 if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
 {
Index: branches/2.8.x/wb/admin/pages/add.php
===================================================================
--- branches/2.8.x/wb/admin/pages/add.php	(revision 1472)
+++ branches/2.8.x/wb/admin/pages/add.php	(revision 1473)
@@ -26,8 +26,6 @@
 	$admin->print_header();
 	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
 }
-// After check print the header
-$admin->print_header();
 
 // Include the WB functions file
 require_once(WB_PATH.'/framework/functions.php');
@@ -49,6 +47,8 @@
 $admin_groups[] = 1;
 $viewing_groups[] = 1;
 
+// After check print the header
+$admin->print_header();
 // check parent page permissions:
 if ($parent!=0) {
 	if (!$admin->get_page_permission($parent,'admin'))
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1472)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1473)
@@ -52,6 +52,6 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.2.RC7');
-if(!defined('REVISION')) define('REVISION', '1472');
+if(!defined('REVISION')) define('REVISION', '1473');
 
 ?>
Index: branches/2.8.x/wb/account/logout.php
===================================================================
--- branches/2.8.x/wb/account/logout.php	(revision 1472)
+++ branches/2.8.x/wb/account/logout.php	(revision 1473)
@@ -1,42 +1,43 @@
-<?php
-/**
- *
- * @category        frontend
- * @package         account
- * @author          WebsiteBaker Project
- * @copyright       2004-2009, Ryan Djurovich
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
- * @license         http://www.gnu.org/licenses/gpl.html
- * @platform        WebsiteBaker 2.8.x
- * @requirements    PHP 5.2.2 and higher
- * @version         $Id$
- * @filesource		$HeadURL$
- * @lastmodified    $Date$
- *
- */
-
-require("../config.php");
-
-if(isset($_COOKIE['REMEMBER_KEY'])) {
-	setcookie('REMEMBER_KEY', '', time()-3600, '/');
-}
-
-$_SESSION['USER_ID'] = null;
-$_SESSION['GROUP_ID'] = null;
-$_SESSION['GROUPS_ID'] = null;
-$_SESSION['USERNAME'] = null;
-$_SESSION['PAGE_PERMISSIONS'] = null;
-$_SESSION['SYSTEM_PERMISSIONS'] = null;
-$_SESSION = array();
-session_unset();
-unset($_COOKIE[session_name()]);
-session_destroy();
-
-if(INTRO_PAGE) {
-	header('Location: '.WB_URL.PAGES_DIRECTORY.'/index.php');
-} else {
-	header('Location: '.WB_URL.'/index.php');
-}
-
-?>
\ No newline at end of file
+<?php
+/**
+ *
+ * @category        frontend
+ * @package         account
+ * @author          WebsiteBaker Project
+ * @copyright       2004-2009, Ryan Djurovich
+ * @copyright       2009-2011, Website Baker Org. e.V.
+ * @link			http://www.websitebaker2.org/
+ * @license         http://www.gnu.org/licenses/gpl.html
+ * @platform        WebsiteBaker 2.8.x
+ * @requirements    PHP 5.2.2 and higher
+ * @version         $Id$
+ * @filesource		$HeadURL$
+ * @lastmodified    $Date$
+ *
+ */
+
+require("../config.php");
+
+if(isset($_COOKIE['REMEMBER_KEY'])) {
+	setcookie('REMEMBER_KEY', '', time()-3600, '/');
+}
+
+$redirect = (isset($_SERVER['HTTP_REFERER'])) ?  $_SERVER['HTTP_REFERER'] : WB_URL.'/index.php';
+
+$_SESSION['USER_ID'] = null;
+$_SESSION['GROUP_ID'] = null;
+$_SESSION['GROUPS_ID'] = null;
+$_SESSION['USERNAME'] = null;
+$_SESSION['PAGE_PERMISSIONS'] = null;
+$_SESSION['SYSTEM_PERMISSIONS'] = null;
+$_SESSION = array();
+session_unset();
+unset($_COOKIE[session_name()]);
+session_destroy();
+
+if(INTRO_PAGE) {
+	header('Location: '.WB_URL.PAGES_DIRECTORY.'/index.php');
+} else {
+	header('Location: '.$redirect);
+}
+
Index: branches/2.8.x/wb/account/login_form.php
===================================================================
--- branches/2.8.x/wb/account/login_form.php	(revision 1472)
+++ branches/2.8.x/wb/account/login_form.php	(revision 1473)
@@ -43,7 +43,7 @@
 <form action="<?php echo WB_URL.'/account/login.php'; ?>" method="post">
 <p style="display:none;"><input type="hidden" name="username_fieldname" value="<?php echo $username_fieldname; ?>" /></p>
 <p style="display:none;"><input type="hidden" name="password_fieldname" value="<?php echo $password_fieldname; ?>" /></p>
-<p style="display:none;"><input type="hidden" name="redirect" value="<?php echo $thisApp->redirect_url;?>" /></p>
+<p style="display:none;"><input type="hidden" name="url" value="<?php echo $thisApp->redirect_url;?>" /></p>
 
 <table cellpadding="5" cellspacing="0" border="0" width="90%">
 <tr>
Index: branches/2.8.x/wb/account/preferences.php
===================================================================
--- branches/2.8.x/wb/account/preferences.php	(revision 1472)
+++ branches/2.8.x/wb/account/preferences.php	(revision 1473)
@@ -1,65 +1,63 @@
-<?php
-/**
- *
- * @category        frontend
- * @package         account
- * @author          WebsiteBaker Project
- * @copyright       2004-2009, Ryan Djurovich
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
- * @license         http://www.gnu.org/licenses/gpl.html
- * @platform        WebsiteBaker 2.8.x
- * @requirements    PHP 5.2.2 and higher
- * @version         $Id$
- * @filesource		$HeadURL$
- * @lastmodified    $Date$
- *
- */
-
-require_once('../config.php');
-
-if(!FRONTEND_LOGIN) {
-	if(INTRO_PAGE) {
-		header('Location: '.WB_URL.PAGES_DIRECTORY.'/index.php');
-		exit(0);
-	} else {
-		header('Location: '.WB_URL.'/index.php');
-		exit(0);
-	}
-}
-
-require_once(WB_PATH.'/framework/class.wb.php');
-$wb_inst = new wb();
-if ($wb_inst->is_authenticated()==false) {
-	header('Location: '.WB_URL.'/account/login.php');
-	exit(0);
-}
-
-// Required page details
-$page_id = 0;
-$page_description = '';
-$page_keywords = '';
-define('PAGE_ID', 0);
-define('ROOT_PARENT', 0);
-define('PARENT', 0);
-define('LEVEL', 0);
-define('PAGE_TITLE', $MENU['PREFERENCES']);
-define('MENU_TITLE', $MENU['PREFERENCES']);
-define('MODULE', '');
-define('VISIBILITY', 'public');
-
-// Set the page content include file
-if(isset($_POST['current_password']) AND isset($_POST['new_password'])) {
-	define('PAGE_CONTENT', WB_PATH.'/account/password.php');
-} elseif(isset($_POST['current_password']) AND isset($_POST['email'])) {
-	define('PAGE_CONTENT', WB_PATH.'/account/email.php');
-} elseif(isset($_POST['display_name'])) {
-	define('PAGE_CONTENT', WB_PATH.'/account/details.php');
-} else {
-	define('PAGE_CONTENT', WB_PATH.'/account/preferences_form.php');
-}
-
-// Include the index (wrapper) file
-require(WB_PATH.'/index.php');
-
-?>
\ No newline at end of file
+<?php
+/**
+ *
+ * @category        frontend
+ * @package         account
+ * @author          WebsiteBaker Project
+ * @copyright       2004-2009, Ryan Djurovich
+ * @copyright       2009-2011, Website Baker Org. e.V.
+ * @link			http://www.websitebaker2.org/
+ * @license         http://www.gnu.org/licenses/gpl.html
+ * @platform        WebsiteBaker 2.8.x
+ * @requirements    PHP 5.2.2 and higher
+ * @version         $Id$
+ * @filesource		$HeadURL$
+ * @lastmodified    $Date$
+ *
+ */
+
+require_once('../config.php');
+
+if(!FRONTEND_LOGIN) {
+	if(INTRO_PAGE) {
+		header('Location: '.WB_URL.PAGES_DIRECTORY.'/index.php');
+		exit(0);
+	} else {
+		header('Location: '.WB_URL.'/index.php');
+		exit(0);
+	}
+}
+
+require_once(WB_PATH.'/framework/class.wb.php');
+$wb_inst = new wb();
+if ($wb_inst->is_authenticated()==false) {
+	header('Location: '.WB_URL.'/account/login.php');
+	exit(0);
+}
+
+// Required page details
+$page_id = 0;
+$page_description = '';
+$page_keywords = '';
+define('PAGE_ID', 0);
+define('ROOT_PARENT', 0);
+define('PARENT', 0);
+define('LEVEL', 0);
+define('PAGE_TITLE', $MENU['PREFERENCES']);
+define('MENU_TITLE', $MENU['PREFERENCES']);
+define('MODULE', '');
+define('VISIBILITY', 'public');
+
+// Set the page content include file
+if(isset($_POST['current_password']) AND isset($_POST['new_password'])) {
+	define('PAGE_CONTENT', WB_PATH.'/account/password.php');
+} elseif(isset($_POST['current_password']) AND isset($_POST['email'])) {
+	define('PAGE_CONTENT', WB_PATH.'/account/email.php');
+} elseif(isset($_POST['display_name'])) {
+	define('PAGE_CONTENT', WB_PATH.'/account/details.php');
+} else {
+	define('PAGE_CONTENT', WB_PATH.'/account/preferences_form.php');
+}
+
+// Include the index (wrapper) file
+require(WB_PATH.'/index.php');
Index: branches/2.8.x/wb/account/password.php
===================================================================
--- branches/2.8.x/wb/account/password.php	(revision 1472)
+++ branches/2.8.x/wb/account/password.php	(revision 1473)
@@ -26,13 +26,13 @@
 
 // Create a javascript back link
 $js_back = WB_URL.'/account/preferences.php';
-
+/*
 if (!$wb->checkFTAN())
 {
 	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
 	exit();
 }
-
+*/
 // Get existing password
 // $database = new database();
 $query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
@@ -62,5 +62,3 @@
 } else {
 	$wb->print_success($MESSAGE['PREFERENCES']['PASSWORD_CHANGED']);
 }
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/account/preferences_form.php
===================================================================
--- branches/2.8.x/wb/account/preferences_form.php	(revision 1472)
+++ branches/2.8.x/wb/account/preferences_form.php	(revision 1473)
@@ -19,7 +19,6 @@
 // Must include code to stop this file being access directly
 if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
 
-$ftan = $wb->getFTAN();
 ?>
 
 <h2>&nbsp;<?php print $HEADING['MY_SETTINGS']; ?></h2>
@@ -26,7 +25,6 @@
 
 <form name="user" action="<?php print WB_URL.'/account/preferences.php'; ?>" method="post" style="margin-bottom: 5px;">
 <input type="hidden" name="user_id" value="{USER_ID}" />
-<?php echo $ftan; ?>
 <table cellpadding="5" cellspacing="0" border="0" width="97%">
 <tr>
 	<td width="140"><?php print $TEXT['DISPLAY_NAME']; ?>:</td>
@@ -150,7 +148,6 @@
 
 <form name="email" action="<?php print WB_URL.'/account/preferences.php'; ?>" method="post" style="margin-bottom: 5px;">
 <input type="hidden" name="user_id" value="{USER_ID}" />
-<?php echo $ftan; ?>
 <table cellpadding="5" cellspacing="0" border="0" width="97%">
 <tr>
 	<td width="140"><?php print $TEXT['CURRENT_PASSWORD']; ?>:</td>
@@ -180,7 +177,6 @@
 
 <form name="user" action="<?php print WB_URL.'/account/preferences.php'; ?>" method="post">
 <input type="hidden" name="user_id" value="{USER_ID}" />
-<?php echo $ftan; ?>
 <table cellpadding="5" cellspacing="0" border="0" width="97%">
 <tr>
 	<td width="140"><?php print $TEXT['CURRENT_PASSWORD']; ?>:</td>
Index: branches/2.8.x/wb/account/details.php
===================================================================
--- branches/2.8.x/wb/account/details.php	(revision 1472)
+++ branches/2.8.x/wb/account/details.php	(revision 1473)
@@ -21,13 +21,13 @@
 
 // Create a javascript back link
 $js_back = WB_URL.'/account/preferences.php';
-
+/*
 if (!$wb->checkFTAN())
 {
 	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
 	exit();
 }
-
+*/
 // Get and sanitize entered values
 $display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
 $language = strtoupper($wb->get_post('language'));
@@ -87,5 +87,3 @@
 		if(isset($_SESSION['TIMEZONE'])) { unset($_SESSION['TIMEZONE']); }
 	}
 }
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/account/email.php
===================================================================
--- branches/2.8.x/wb/account/email.php	(revision 1472)
+++ branches/2.8.x/wb/account/email.php	(revision 1473)
@@ -25,13 +25,13 @@
 
 // Create a javascript back link
 $js_back = WB_URL.'/account/preferences.php';
-
+/*
 if (!$wb->checkFTAN())
 {
 	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
 	exit();
 }
-
+*/
 // Get existing password
 // $database = new database();
 $query = "SELECT user_id FROM ".TABLE_PREFIX."users WHERE user_id = '".$wb->get_user_id()."' AND password = '".md5($current_password)."'";
@@ -58,5 +58,3 @@
 	$wb->print_success($MESSAGE['PREFERENCES']['EMAIL_UPDATED']);
 	$_SESSION['EMAIL'] = $email;
 }
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/account/signup2.php
===================================================================
--- branches/2.8.x/wb/account/signup2.php	(revision 1472)
+++ branches/2.8.x/wb/account/signup2.php	(revision 1473)
@@ -1,134 +1,133 @@
-<?php
-/**
- *
- * @category        frontend
- * @package         account
- * @author          WebsiteBaker Project
- * @copyright       2004-2009, Ryan Djurovich
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
- * @license         http://www.gnu.org/licenses/gpl.html
- * @platform        WebsiteBaker 2.8.x
- * @requirements    PHP 5.2.2 and higher
- * @version         $Id$
- * @filesource		$HeadURL$
- * @lastmodified    $Date$
- *
- */
-
-// Must include code to stop this file being access directly
-if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
-
-require_once(WB_PATH.'/framework/class.wb.php');
-$wb = new wb('Start', 'start', false, false);
-
-// Create new database object
-// $database = new database();
-
-// Get details entered
-$groups_id = FRONTEND_SIGNUP;
-$active = 1;
-$username = strtolower(strip_tags($wb->get_post_escaped('username')));
-$display_name = strip_tags($wb->get_post_escaped('display_name'));
-$email = $wb->get_post('email');
-
-// Create a javascript back link
-$js_back = WB_URL.'/account/signup.php';
-
-if (!$wb->checkFTAN())
-{
-	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
-	exit();
-}
-
-// Check values
-if($groups_id == "") {
-	$wb->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back, false);
-}
-if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
-	$wb->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '.
-	                  $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
-}
-if($email != "") {
-	if($wb->validate_email($email) == false) {
-		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);
-	}
-} else {
-	$wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false);
-}
-
-$email = $wb->add_slashes($email);
-
-// Captcha
-if(ENABLED_CAPTCHA) {
-	if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
-		// Check for a mismatch
-		if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
-			$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);
-		}
-	} else {
-		$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);
-	}
-}
-if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
-
-// Generate a random password then update the database with it
-$new_pass = '';
-$salt = "abchefghjkmnpqrstuvwxyz0123456789";
-srand((double)microtime()*1000000);
-$i = 0;
-while ($i <= 7) {
-	$num = rand() % 33;
-	$tmp = substr($salt, $num, 1);
-	$new_pass = $new_pass . $tmp;
-	$i++;
-}
-$md5_password = md5($new_pass);
-
-// Check if username already exists
-$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'");
-if($results->numRows() > 0) {
-	$wb->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back, false);
-}
-
-// Check if the email already exists
-$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($email)."'");
-if($results->numRows() > 0) {
-	if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {
-		$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false);
-	} else {
-		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);
-	}
-}
-
-// MD5 supplied password
-$md5_password = md5($new_pass);
-
-// Inser the user into the database
-$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')";
-$database->query($query);
-
-if($database->is_error()) {
-	// Error updating database
-	$message = $database->get_error();
-} else {
-	// Setup email to send
-	$mail_to = $email;
-	$mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO'];
-
-	// Replace placeholders from language variable with values
-	$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
-	$replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); 
-	$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_INFO']);
-
-	// Try sending the email
-	if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { 
-		$display_form = false;
-		$wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php' );
-	} else {
-		$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'");
-		$wb->print_error($MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'], $js_back, false);
-	}
-}
-
-?>
+<?php
+/**
+ *
+ * @category        frontend
+ * @package         account
+ * @author          WebsiteBaker Project
+ * @copyright       2004-2009, Ryan Djurovich
+ * @copyright       2009-2011, Website Baker Org. e.V.
+ * @link			http://www.websitebaker2.org/
+ * @license         http://www.gnu.org/licenses/gpl.html
+ * @platform        WebsiteBaker 2.8.x
+ * @requirements    PHP 5.2.2 and higher
+ * @version         $Id$
+ * @filesource		$HeadURL$
+ * @lastmodified    $Date$
+ *
+ */
+
+// Must include code to stop this file being access directly
+if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
+
+require_once(WB_PATH.'/framework/class.wb.php');
+$wb = new wb('Start', 'start', false, false);
+
+// Create new database object
+// $database = new database();
+
+// Get details entered
+$groups_id = FRONTEND_SIGNUP;
+$active = 1;
+$username = strtolower(strip_tags($wb->get_post_escaped('username')));
+$display_name = strip_tags($wb->get_post_escaped('display_name'));
+$email = $wb->get_post('email');
+
+// Create a javascript back link
+$js_back = WB_URL.'/account/signup.php';
+/*
+if (!$wb->checkFTAN())
+{
+	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
+	exit();
+}
+*/
+// Check values
+if($groups_id == "") {
+	$wb->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back, false);
+}
+if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
+	$wb->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '.
+	                  $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
+}
+if($email != "") {
+	if($wb->validate_email($email) == false) {
+		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);
+	}
+} else {
+	$wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false);
+}
+
+$email = $wb->add_slashes($email);
+
+// Captcha
+if(ENABLED_CAPTCHA) {
+	if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
+		// Check for a mismatch
+		if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
+			$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);
+		}
+	} else {
+		$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);
+	}
+}
+if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
+
+// Generate a random password then update the database with it
+$new_pass = '';
+$salt = "abchefghjkmnpqrstuvwxyz0123456789";
+srand((double)microtime()*1000000);
+$i = 0;
+while ($i <= 7) {
+	$num = rand() % 33;
+	$tmp = substr($salt, $num, 1);
+	$new_pass = $new_pass . $tmp;
+	$i++;
+}
+$md5_password = md5($new_pass);
+
+// Check if username already exists
+$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'");
+if($results->numRows() > 0) {
+	$wb->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back, false);
+}
+
+// Check if the email already exists
+$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($email)."'");
+if($results->numRows() > 0) {
+	if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {
+		$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false);
+	} else {
+		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);
+	}
+}
+
+// MD5 supplied password
+$md5_password = md5($new_pass);
+
+// Inser the user into the database
+$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')";
+$database->query($query);
+
+if($database->is_error()) {
+	// Error updating database
+	$message = $database->get_error();
+} else {
+	// Setup email to send
+	$mail_to = $email;
+	$mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO'];
+
+	// Replace placeholders from language variable with values
+	$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
+	$replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); 
+	$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_INFO']);
+
+	// Try sending the email
+	if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { 
+		$display_form = false;
+		$wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php' );
+	} else {
+		$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'");
+		$wb->print_error($MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'], $js_back, false);
+	}
+}
+
Index: branches/2.8.x/wb/account/login.php
===================================================================
--- branches/2.8.x/wb/account/login.php	(revision 1472)
+++ branches/2.8.x/wb/account/login.php	(revision 1473)
@@ -1,80 +1,79 @@
-<?php
-/**
- *
- * @category        frontend
- * @package         account
- * @author          WebsiteBaker Project
- * @copyright       2004-2009, Ryan Djurovich
- * @copyright       2009-2011, Website Baker Org. e.V.
- * @link			http://www.websitebaker2.org/
- * @license         http://www.gnu.org/licenses/gpl.html
- * @platform        WebsiteBaker 2.8.x
- * @requirements    PHP 5.2.2 and higher
- * @version         $Id$
- * @filesource		$HeadURL$
- * @lastmodified    $Date$
- *
- */
-
-require_once("../config.php");
-
-// Make sure the login is enabled
-if(!FRONTEND_LOGIN) {
-	if(INTRO_PAGE) {
-		header('Location: '.WB_URL.PAGES_DIRECTORY.'/index.php');
-		exit(0);
-	} else {
-		header('Location: '.WB_URL.'/index.php');
-		exit(0);
-	}
-}
-
-// Required page details
-$page_id = 0;
-$page_description = '';
-$page_keywords = '';
-define('PAGE_ID', 0);
-define('ROOT_PARENT', 0);
-define('PARENT', 0);
-define('LEVEL', 0);
-define('PAGE_TITLE', $TEXT['PLEASE_LOGIN']);
-define('MENU_TITLE', $TEXT['PLEASE_LOGIN']);
-define('VISIBILITY', 'public');
-// Set the page content include file
-define('PAGE_CONTENT', WB_PATH.'/account/login_form.php');
-
-require_once(WB_PATH.'/framework/class.login.php');
-
-// Create new login app
-$redirect = strip_tags((isset($_POST['redirect'])) ? $_POST['redirect'] : '');
-$thisApp = new Login(
-							array(
-									"MAX_ATTEMPS" => "3",
-									"WARNING_URL" => THEME_URL."/templates/warning.html",
-									"USERNAME_FIELDNAME" => 'username',
-									"PASSWORD_FIELDNAME" => 'password',
-									"REMEMBER_ME_OPTION" => SMART_LOGIN,
-									"MIN_USERNAME_LEN" => "2",
-									"MIN_PASSWORD_LEN" => "2",
-									"MAX_USERNAME_LEN" => "30",
-									"MAX_PASSWORD_LEN" => "30",
-									"LOGIN_URL" => WB_URL."/account/login.php?redirect=" .$redirect,
-									"DEFAULT_URL" => WB_URL.PAGES_DIRECTORY."/index.php",
-									"TEMPLATE_DIR" => THEME_PATH."/templates",
-									"TEMPLATE_FILE" => "login.htt",
-									"FRONTEND" => true,
-									"FORGOTTEN_DETAILS_APP" => WB_URL."/account/forgot.php",
-									"USERS_TABLE" => TABLE_PREFIX."users",
-									"GROUPS_TABLE" => TABLE_PREFIX."groups",
-									"REDIRECT_URL" => $redirect
-							)
-					);
-
-// Set extra outsider var
-$globals[] = 'thisApp';
-
-// Include the index (wrapper) file
-require(WB_PATH.'/index.php');
-
-
-?>
\ No newline at end of file
+<?php
+/**
+ *
+ * @category        frontend
+ * @package         account
+ * @author          WebsiteBaker Project
+ * @copyright       2004-2009, Ryan Djurovich
+ * @copyright       2009-2011, Website Baker Org. e.V.
+ * @link			http://www.websitebaker2.org/
+ * @license         http://www.gnu.org/licenses/gpl.html
+ * @platform        WebsiteBaker 2.8.x
+ * @requirements    PHP 5.2.2 and higher
+ * @version         $Id$
+ * @filesource		$HeadURL$
+ * @lastmodified    $Date$
+ *
+ */
+
+require_once("../config.php");
+
+// Make sure the login is enabled
+if(!FRONTEND_LOGIN) {
+	if(INTRO_PAGE) {
+		header('Location: '.WB_URL.PAGES_DIRECTORY.'/index.php');
+		exit(0);
+	} else {
+		header('Location: '.WB_URL.'/index.php');
+		exit(0);
+	}
+}
+
+// Required page details
+$page_id = 0;
+$page_description = '';
+$page_keywords = '';
+define('PAGE_ID', 0);
+define('ROOT_PARENT', 0);
+define('PARENT', 0);
+define('LEVEL', 0);
+define('PAGE_TITLE', $TEXT['PLEASE_LOGIN']);
+define('MENU_TITLE', $TEXT['PLEASE_LOGIN']);
+define('VISIBILITY', 'public');
+// Set the page content include file
+define('PAGE_CONTENT', WB_PATH.'/account/login_form.php');
+
+require_once(WB_PATH.'/framework/class.login.php');
+
+// Create new login app
+$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
+$redirect = strip_tags(isset(${$requestMethod}['redirect']) ? ${$requestMethod}['redirect'] : '');
+$thisApp = new Login(
+				array(
+						"MAX_ATTEMPS" => "3",
+						"WARNING_URL" => THEME_URL."/templates/warning.html",
+						"USERNAME_FIELDNAME" => 'username',
+						"PASSWORD_FIELDNAME" => 'password',
+						"REMEMBER_ME_OPTION" => SMART_LOGIN,
+						"MIN_USERNAME_LEN" => "2",
+						"MIN_PASSWORD_LEN" => "2",
+						"MAX_USERNAME_LEN" => "30",
+						"MAX_PASSWORD_LEN" => "30",
+						"LOGIN_URL" => WB_URL."/account/login.php?redirect=" .$redirect,
+						"DEFAULT_URL" => WB_URL.PAGES_DIRECTORY."/index.php",
+						"TEMPLATE_DIR" => THEME_PATH."/templates",
+						"TEMPLATE_FILE" => "login.htt",
+						"FRONTEND" => true,
+						"FORGOTTEN_DETAILS_APP" => WB_URL."/account/forgot.php",
+						"USERS_TABLE" => TABLE_PREFIX."users",
+						"GROUPS_TABLE" => TABLE_PREFIX."groups",
+						"REDIRECT_URL" => $redirect
+				)
+		);
+
+// Set extra outsider var
+$globals[] = 'thisApp';
+
+// Include the index (wrapper) file
+require(WB_PATH.'/index.php');
+
Index: branches/2.8.x/wb/templates/wb_theme/theme.css
===================================================================
--- branches/2.8.x/wb/templates/wb_theme/theme.css	(revision 1472)
+++ branches/2.8.x/wb/templates/wb_theme/theme.css	(revision 1473)
@@ -120,6 +120,9 @@
 .row_0 { background-color: transparent; }
 .row_1 { background-color: #ccddee; }
 
+div.content_box { margin :0em auto; }
+div.content_box form { width: 98%; }
+
 #language,
 #timezone,
 #date_format,
@@ -135,7 +138,7 @@
 #submit,
 #reset { max-width: 100px; }
 
- div#username { height: 17px; width:402px; background-color: #e9e9e9; min-width:250px; border: 0px groove #6799c4; text-align: left; font-weight:bold; margin:0;} 
+ div#username { height: 17px; width:118%; background-color: #e9e9e9; min-width:250px; border: 0px groove #6799c4; text-align: left; font-weight:bold; margin:0;} 
 .save_section { margin: 20px auto 5px auto; }
 
 #language,
@@ -147,7 +150,7 @@
 #email,
 #new_password_1,
 #new_password_2,
-#current_password {width:640px;}
+#current_password {width:118%;}
 
 .section-info { margin : 1.5em 0; }
 
Index: branches/2.8.x/wb/templates/wb_theme/templates/preferences.htt
===================================================================
--- branches/2.8.x/wb/templates/wb_theme/templates/preferences.htt	(revision 1472)
+++ branches/2.8.x/wb/templates/wb_theme/templates/preferences.htt	(revision 1473)
@@ -1,114 +1,114 @@
-<!-- BEGIN main_block -->
-<h2>{HEADING_MY_SETTINGS}</h2>
-<div class="content_box">
-	<form name="{FORM_NAME}" id="{FORM_NAME}" action="{ACTION_URL}" method="post">
-		{FTAN}
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_USERNAME}:</label><br />
-				</div>
-				<div class="c60l">
-					<div id="username">{USERNAME}</div><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_DISPLAY_NAME}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="text" id="display_name" name="display_name" value="{DISPLAY_NAME}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_LANGUAGE}:</label><br />
-				</div>
-				<div class="c60l">
-				<select name="language" id="language">
-					<!-- BEGIN language_list_block -->
-						<option value="{CODE}"{SELECTED} style="background: url({FLAG}.png) no-repeat center left; padding-left: 20px;">{NAME} ({CODE})</option>
-					<!-- END language_list_block -->
-					</select>
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_TIMEZONE}:</label><br />
-				</div>
-				<div class="c60l">
-					<select name="timezone" id="timezone">
-						<!-- BEGIN timezone_list_block -->
-							<option value="{VALUE}"{SELECTED}>{NAME}</option>
-						<!-- END timezone_list_block -->
-					</select>
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_DATE_FORMAT}:</label><br />
-				</div>
-				<div class="c60l">
-					<select name="date_format" id="date_format">
-						<!-- BEGIN date_format_list_block -->
-							<option value="{VALUE}"{SELECTED}>{NAME}</option>
-						<!-- END date_format_list_block -->
-					</select>
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_TIME_FORMAT}:</label><br />
-				</div>
-				<div class="c60l">
-					<select name="time_format" id="time_format">
-						<!-- BEGIN time_format_list_block -->
-							<option value="{VALUE}"{SELECTED}>{NAME}</option>
-						<!-- END time_format_list_block -->
-					</select>
-				</div>
-			</div>
-
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_EMAIL}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="text" id="email" name="email" value="{EMAIL}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_NEW_PASSWORD}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="password" id="new_password_1" name="new_password_1" value="{EMPTY_STRING}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_RETYPE_NEW_PASSWORD}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="password" id="new_password_2" name="new_password_2" value="{EMPTY_STRING}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_NEED_CURRENT_PASSWORD}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="password" id="current_password" name="current_password" value="{EMPTY_STRING}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns save_section">
-				<div class="c25l">
-					<input type="submit" id="submit" name="submit" value="{TEXT_SAVE}" />
-					<input type="reset" id="reset" name="reset" value="{TEXT_RESET}" />
-				</div>
-				<div class="c25l">
-				</div>
-			</div>
-	</form>
-</div>
-
-<!-- END main_block -->
+<!-- BEGIN main_block -->
+<h2>{HEADING_MY_SETTINGS}</h2>
+<div class="content_box">
+	<form name="{FORM_NAME}" id="{FORM_NAME}" action="{ACTION_URL}" method="post">
+		{FTAN}
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_USERNAME}:</label><br />
+				</div>
+				<div class="c60l">
+					<div id="username">{USERNAME}</div><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_DISPLAY_NAME}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="text" id="display_name" name="display_name" value="{DISPLAY_NAME}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_LANGUAGE}:</label><br />
+				</div>
+				<div class="c60l">
+				<select name="language" id="language">
+					<!-- BEGIN language_list_block -->
+						<option value="{CODE}"{SELECTED} style="background: url({FLAG}.png) no-repeat center left; padding-left: 20px;">{NAME} ({CODE})</option>
+					<!-- END language_list_block -->
+					</select>
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_TIMEZONE}:</label><br />
+				</div>
+				<div class="c60l">
+					<select name="timezone" id="timezone">
+						<!-- BEGIN timezone_list_block -->
+							<option value="{VALUE}"{SELECTED}>{NAME}</option>
+						<!-- END timezone_list_block -->
+					</select>
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_DATE_FORMAT}:</label><br />
+				</div>
+				<div class="c60l">
+					<select name="date_format" id="date_format">
+						<!-- BEGIN date_format_list_block -->
+							<option value="{VALUE}"{SELECTED}>{NAME}</option>
+						<!-- END date_format_list_block -->
+					</select>
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_TIME_FORMAT}:</label><br />
+				</div>
+				<div class="c60l">
+					<select name="time_format" id="time_format">
+						<!-- BEGIN time_format_list_block -->
+							<option value="{VALUE}"{SELECTED}>{NAME}</option>
+						<!-- END time_format_list_block -->
+					</select>
+				</div>
+			</div>
+
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_EMAIL}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="text" id="email" name="email" value="{EMAIL}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_NEW_PASSWORD}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="password" id="new_password_1" name="new_password_1" value="{EMPTY_STRING}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_RETYPE_NEW_PASSWORD}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="password" id="new_password_2" name="new_password_2" value="{EMPTY_STRING}" /><br />
+				</div>
+			</div>
+			<hr />
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_NEED_CURRENT_PASSWORD}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="password" id="current_password" name="current_password" value="{EMPTY_STRING}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns save_section">
+				<div class="c60l">
+					<input type="submit" id="submit" name="submit" value="{TEXT_SAVE}" />
+					<input type="reset" id="reset" name="reset" value="{TEXT_RESET}" />
+				</div>
+				<div class="c25l">&nbsp;</div>
+			</div>
+	</form>
+</div>
+
+<!-- END main_block -->
Index: branches/2.8.x/wb/templates/argos_theme/theme.css
===================================================================
--- branches/2.8.x/wb/templates/argos_theme/theme.css	(revision 1472)
+++ branches/2.8.x/wb/templates/argos_theme/theme.css	(revision 1473)
@@ -162,6 +162,9 @@
 .row_0 {background-color:transparent;}
 .row_1 {background-color:#ccddee;}
 
+div.content_box { margin :0em auto; }
+div.content_box form { width: 98%; }
+
 #language,
 #timezone,
 #date_format,
@@ -171,12 +174,12 @@
 #email,
 #new_password_1,
 #new_password_2,
-#current_password {width:640px;}
+#current_password {width:118%;}
 
 #submit,
 #reset {max-width:100px;}
 
-div#username {height:17px;width:640px;text-align:left;font-weight:bold;margin:0;} 
+div#username {height:17px;width:118%;text-align:left;font-weight:bold;margin:0;} 
 .save_section {margin:20px auto 5px auto;}
 .section-info { margin : 1.5em 0; }
 
Index: branches/2.8.x/wb/templates/argos_theme/templates/preferences.htt
===================================================================
--- branches/2.8.x/wb/templates/argos_theme/templates/preferences.htt	(revision 1472)
+++ branches/2.8.x/wb/templates/argos_theme/templates/preferences.htt	(revision 1473)
@@ -1,114 +1,114 @@
-<!-- BEGIN main_block -->
-<h2>{HEADING_MY_SETTINGS}</h2>
-<div class="content_box">
-	<form name="{FORM_NAME}" id="{FORM_NAME}" action="{ACTION_URL}" method="post">
-		{FTAN}
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_USERNAME}:</label><br />
-				</div>
-				<div class="c60l">
-					<div id="username">{USERNAME}</div><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_DISPLAY_NAME}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="text" id="display_name" name="display_name" value="{DISPLAY_NAME}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_LANGUAGE}:</label><br />
-				</div>
-				<div class="c60l">
-				<select name="language" id="language">
-					<!-- BEGIN language_list_block -->
-						<option value="{CODE}"{SELECTED} style="background: url({FLAG}.png) no-repeat center left; padding-left: 20px;">{NAME} ({CODE})</option>
-					<!-- END language_list_block -->
-					</select>
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_TIMEZONE}:</label><br />
-				</div>
-				<div class="c60l">
-					<select name="timezone" id="timezone">
-						<!-- BEGIN timezone_list_block -->
-							<option value="{VALUE}"{SELECTED}>{NAME}</option>
-						<!-- END timezone_list_block -->
-					</select>
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_DATE_FORMAT}:</label><br />
-				</div>
-				<div class="c60l">
-					<select name="date_format" id="date_format">
-						<!-- BEGIN date_format_list_block -->
-							<option value="{VALUE}"{SELECTED}>{NAME}</option>
-						<!-- END date_format_list_block -->
-					</select>
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_TIME_FORMAT}:</label><br />
-				</div>
-				<div class="c60l">
-					<select name="time_format" id="time_format">
-						<!-- BEGIN time_format_list_block -->
-							<option value="{VALUE}"{SELECTED}>{NAME}</option>
-						<!-- END time_format_list_block -->
-					</select>
-				</div>
-			</div>
-
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_EMAIL}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="text" id="email" name="email" value="{EMAIL}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_NEW_PASSWORD}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="password" id="new_password_1" name="new_password_1" value="{EMPTY_STRING}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_RETYPE_NEW_PASSWORD}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="password" id="new_password_2" name="new_password_2" value="{EMPTY_STRING}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns">
-				<div class="c25l">
-					<label>{TEXT_NEED_CURRENT_PASSWORD}:</label><br />
-				</div>
-				<div class="c60l">
-					<input type="password" id="current_password" name="current_password" value="{EMPTY_STRING}" /><br />
-				</div>
-			</div>
-			<div class="subcolumns save_section">
-				<div class="c25l">
-					<input type="submit" id="submit" name="submit" value="{TEXT_SAVE}" />
-					<input type="reset" id="reset" name="reset" value="{TEXT_RESET}" />
-				</div>
-				<div class="c25l">
-				</div>
-			</div>
-	</form>
-</div>
-
-<!-- END main_block -->
+<!-- BEGIN main_block -->
+<h2>{HEADING_MY_SETTINGS}</h2>
+<div class="content_box">
+	<form name="{FORM_NAME}" id="{FORM_NAME}" action="{ACTION_URL}" method="post">
+		{FTAN}
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_USERNAME}:</label><br />
+				</div>
+				<div class="c60l">
+					<div id="username">{USERNAME}</div><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_DISPLAY_NAME}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="text" id="display_name" name="display_name" value="{DISPLAY_NAME}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_LANGUAGE}:</label><br />
+				</div>
+				<div class="c60l">
+				<select name="language" id="language">
+					<!-- BEGIN language_list_block -->
+						<option value="{CODE}"{SELECTED} style="background: url({FLAG}.png) no-repeat center left; padding-left: 20px;">{NAME} ({CODE})</option>
+					<!-- END language_list_block -->
+					</select>
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_TIMEZONE}:</label><br />
+				</div>
+				<div class="c60l">
+					<select name="timezone" id="timezone">
+						<!-- BEGIN timezone_list_block -->
+							<option value="{VALUE}"{SELECTED}>{NAME}</option>
+						<!-- END timezone_list_block -->
+					</select>
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_DATE_FORMAT}:</label><br />
+				</div>
+				<div class="c60l">
+					<select name="date_format" id="date_format">
+						<!-- BEGIN date_format_list_block -->
+							<option value="{VALUE}"{SELECTED}>{NAME}</option>
+						<!-- END date_format_list_block -->
+					</select>
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_TIME_FORMAT}:</label><br />
+				</div>
+				<div class="c60l">
+					<select name="time_format" id="time_format">
+						<!-- BEGIN time_format_list_block -->
+							<option value="{VALUE}"{SELECTED}>{NAME}</option>
+						<!-- END time_format_list_block -->
+					</select>
+				</div>
+			</div>
+
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_EMAIL}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="text" id="email" name="email" value="{EMAIL}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_NEW_PASSWORD}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="password" id="new_password_1" name="new_password_1" value="{EMPTY_STRING}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_RETYPE_NEW_PASSWORD}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="password" id="new_password_2" name="new_password_2" value="{EMPTY_STRING}" /><br />
+				</div>
+			</div>
+			<hr />
+			<div class="subcolumns">
+				<div class="c25l">
+					<label>{TEXT_NEED_CURRENT_PASSWORD}:</label><br />
+				</div>
+				<div class="c60l">
+					<input type="password" id="current_password" name="current_password" value="{EMPTY_STRING}" /><br />
+				</div>
+			</div>
+			<div class="subcolumns save_section">
+				<div class="c60l">
+					<input type="submit" id="submit" name="submit" value="{TEXT_SAVE}" />
+					<input type="reset" id="reset" name="reset" value="{TEXT_RESET}" />
+				</div>
+				<div class="c25l">&nbsp;</div>
+			</div>
+	</form>
+</div>
+
+<!-- END main_block -->
Index: branches/2.8.x/wb/modules/menu_link/save.php
===================================================================
--- branches/2.8.x/wb/modules/menu_link/save.php	(revision 1472)
+++ branches/2.8.x/wb/modules/menu_link/save.php	(revision 1473)
@@ -23,10 +23,11 @@
 $update_when_modified = true;
 // Include WB admin wrapper script
 require(WB_PATH.'/modules/admin.php');
+$backlink = ADMIN_URL.'/pages/modify.php?page_id='.(int)$page_id;
 if (!$admin->checkFTAN())
 {
 	$admin->print_header();
-	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
+	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$backlink );
 }
 $admin->print_header();
 
@@ -51,7 +52,7 @@
 if($database->is_error()) {
 	$admin->print_error($database->get_error(), $js_back);
 } else {
-	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
+	$admin->print_success($MESSAGE['PAGES']['SAVED'],$backlink );
 }
 
 // Print admin footer
Index: branches/2.8.x/wb/modules/droplets/delete_droplet.php
===================================================================
--- branches/2.8.x/wb/modules/droplets/delete_droplet.php	(revision 1472)
+++ branches/2.8.x/wb/modules/droplets/delete_droplet.php	(revision 1473)
@@ -23,14 +23,13 @@
 require_once(WB_PATH.'/framework/class.admin.php');
 require_once(WB_PATH.'/framework/functions.php');
 
+$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
 // check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
 if(file_exists(ADMIN_PATH .'/admintools/tool.php')) {
 	$admintool_link = ADMIN_URL .'/admintools/index.php';
-	$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
 	$admin = new admin('admintools', 'admintools');
 } else {
 	$admintool_link = ADMIN_URL .'/settings/index.php?advanced=yes#administration_tools"';
-	$module_edit_link = ADMIN_URL .'/settings/tool.php?tool=droplets';
 	$admin = new admin('Settings', 'settings_advanced');
 }
 
@@ -37,7 +36,7 @@
 // Get id
 $droplet_id = $admin->checkIDKEY('droplet_id', false, 'GET');
 if (!$droplet_id) {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
  exit();
 }
 
@@ -53,5 +52,3 @@
 
 // Print admin footer
 $admin->print_footer();
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/modules/droplets/example/LoginBox.php
===================================================================
--- branches/2.8.x/wb/modules/droplets/example/LoginBox.php	(revision 1472)
+++ branches/2.8.x/wb/modules/droplets/example/LoginBox.php	(revision 1473)
@@ -1,24 +1,126 @@
 //:Puts a Login / Logout box on your page.
-//:Use: [[LoginBox]]. Remember to enable frontend login in your website settings.
-global $wb, $TEXT, $MENU;
-$return_value = " ";
-if(FRONTEND_LOGIN == 'enabled' && VISIBILITY != 'private' && $wb->get_session('USER_ID') == '') {
-	$return_value  = '<form name="login" action="'.LOGIN_URL.'" method="post" class="login_table">';
-	$return_value .= '<h2>'.$TEXT['LOGIN'].'</h2>';
-	$return_value .= $TEXT['USERNAME'].':<input type="text" name="username" style="text-transform: lowercase;" /><br />';
-	$return_value .= $TEXT['PASSWORD'].':<input type="password" name="password" /><br />';
-	$return_value .= '<input type="submit" name="submit" value="'.$TEXT['LOGIN'].'" class="dbutton" /><br />';
-	$return_value .= '<a href="'.FORGOT_URL.'">'.$TEXT['FORGOT_DETAILS'].'</a><br />';
-	if(is_numeric(FRONTEND_SIGNUP) && (FRONTEND_SIGNUP > 0))  
-		$return_value .= '<a href="'.SIGNUP_URL.'">'.$TEXT['SIGNUP'].'</a>';
-	$return_value .= '</form>';
-} elseif(FRONTEND_LOGIN == 'enabled' && is_numeric($wb->get_session('USER_ID'))) {
-	$return_value = '<form name="logout" action="'.LOGOUT_URL.'" method="post" class="login_table">';
-	$return_value .= '<h2>'.$TEXT['LOGGED_IN'].'</h2>';
-	$return_value .= $TEXT['WELCOME_BACK'].', '.$wb->get_display_name().'<br />';
-	$return_value .= '<input type="submit" name="submit" value="'.$MENU['LOGOUT'].'" class="dbutton" /><br />';
-	$return_value .= '<a href="'.PREFERENCES_URL.'">'.$MENU['PREFERENCES'].'</a><br />';
-	$return_value .= '<a href="'.ADMIN_URL.'/index.php" target="_blank">'.$TEXT['ADMINISTRATION'].'</a>';
-	$return_value .= '</form>';
-}
-return $return_value;
\ No newline at end of file
+//:Use: [[LoginBox?redirect=url]]
+ Absolute or relative url possible
+ Remember to enable frontend login in your website settings.
+ 
+	global $wb,$page_id,$TEXT, $MENU, $HEADING;
+
+	$return_value = '<div class="login-box">'."\n";
+	$return_admin = ' ';
+	// Return a system permission
+	function get_permission($name, $type = 'system')
+	{
+	   	global $wb;
+	// Append to permission type
+		$type .= '_permissions';
+		// Check if we have a section to check for
+		if($name == 'start') {
+			return true;
+		} else {
+			// Set system permissions var
+			$system_permissions = $wb->get_session('SYSTEM_PERMISSIONS');
+			// Set module permissions var
+			$module_permissions = $wb->get_session('MODULE_PERMISSIONS');
+			// Set template permissions var
+			$template_permissions = $wb->get_session('TEMPLATE_PERMISSIONS');
+			// Return true if system perm = 1
+			if (isset($$type) && is_array($$type) && is_numeric(array_search($name, $$type))) {
+				if($type == 'system_permissions') {
+					return true;
+				} else {
+					return false;
+				}
+			} else {
+				if($type == 'system_permissions') {
+					return false;
+				} else {
+					return true;
+				}
+			}
+		}
+	}
+
+	function get_page_permission($page, $action='admin') {
+		if ($action!='viewing'){ $action='admin';}
+		$action_groups=$action.'_groups';
+		$action_users=$action.'_users';
+		if (is_array($page)) {
+				$groups=$page[$action_groups];
+				$users=$page[$action_users];
+		} else {
+			global $database,$wb;
+			$results = $database->query("SELECT $action_groups,$action_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page'");
+			$result = $results->fetchRow();
+			$groups = explode(',', str_replace('_', '', $result[$action_groups]));
+			$users = explode(',', str_replace('_', '', $result[$action_users]));
+		}
+
+		$in_group = FALSE;
+		foreach($wb->get_groups_id() as $cur_gid){
+		    if (in_array($cur_gid, $groups)) {
+		        $in_group = TRUE;
+		    }
+		}
+		if((!$in_group) AND !is_numeric(array_search($wb->get_user_id(), $users))) {
+			return false;
+		}
+		return true;
+	}
+
+// Get redirect
+	$redirect_url = '';
+    	$redirect_url = isset($redirect)&&($redirect!='') ? '<input type="hidden" name="url" value="'.$redirect.'" />'."\n" : $redirect_url;
+	$redirect_url = (isset($_SERVER['HTTP_REFERER']) && ($redirect_url=='') ?  '<input type="hidden" name="url" value="'.$_SERVER['HTTP_REFERER'].'" />'."\n"  : $redirect_url );
+
+	if ( ( FRONTEND_LOGIN == 'enabled') &&
+		    ( VISIBILITY != 'private') &&
+		        ( $wb->get_session('USER_ID') == '')  )
+	{
+		$return_value .= '<form action="'.LOGIN_URL.'" method="post">'."\n";
+		$return_value .= $redirect_url."\n";
+	    	$return_value .= '<fieldset>'."\n";
+		$return_value .= '<h1>'.$TEXT['LOGIN'].'</h1>'."\n";
+		$return_value .= '<label for="username">'.$TEXT['USERNAME'].':</label>'."\n";
+		$return_value .= '<p><input type="text" name="username" id="username"  /></p>'."\n";
+		$return_value .= '<label for="password">'.$TEXT['PASSWORD'].':</label>'."\n";
+		$return_value .= '<p><input type="password" name="password" id="password"/></p>'."\n";
+		$return_value .= '<p><input type="submit" id="submit" value="'.$TEXT['LOGIN'].'" class="dbutton" /></p>'."\n";
+	    	$return_value .= '<ul class="login-advance">'."\n";
+		$return_value .= '<li class="forgot"><a href="'.FORGOT_URL.'"><span>'.$TEXT['FORGOT_DETAILS'].'</span></a></li>'."\n";
+
+		if (intval(FRONTEND_SIGNUP) > 0)
+	    {
+	        $return_value .= '<li class="sign"><a href="'.SIGNUP_URL.'">'.$TEXT['SIGNUP'].'</a></li>'."\n";
+	    }
+	    $return_value .= '</ul>'."\n";
+	    $return_value .= '</fieldset>'."\n";
+		$return_value .= '</form>'."\n";
+
+	} elseif( (FRONTEND_LOGIN == 'enabled') &&
+				(is_numeric($wb->get_session('USER_ID'))) )
+	{
+			$return_value .= '<form action="'.LOGOUT_URL.'" method="post" class="login-table">'."\n";
+	        	$return_value .= '<fieldset>'."\n";
+			$return_value .= '<h1>'.$TEXT["LOGGED_IN"].'</h1>'."\n";
+			$return_value .= '<label>'.$TEXT['WELCOME_BACK'].', '.$wb->get_display_name().'</label>'."\n";
+			$return_value .= '<p><input type="submit" name="submit" value="'.$MENU['LOGOUT'].'" class="dbutton" /></p>'."\n";
+	        	$return_value .= '<ul class="logout-advance">'."\n";
+			$return_value .= '<li class="preference"><a href="'.PREFERENCES_URL.'" title="'.$MENU['PREFERENCES'].'">'.$MENU['PREFERENCES'].'</a></li>'."\n";
+
+			if ($wb->ami_group_member('1'))  //change ot the group that should get special links
+	        {
+			        $return_admin .= '<li class="admin"><a target="_blank" href="'.ADMIN_URL.'/index.php" title="'.$TEXT['ADMINISTRATION'].'" class="blank_target">'.$TEXT["ADMINISTRATION"].'</a></li>'."\n";
+				//you can add more links for your users like userpage, lastchangedpages or something
+				$return_value .= $return_admin;
+			}
+            //change ot the group that should get special links
+			if( get_permission('pages_modify') && get_page_permission( PAGE_ID ) )
+	        {
+				$return_value .= '<li class="modify"><a target="_blank" href="'.ADMIN_URL.'/pages/modify.php?page_id='.PAGE_ID.'" title="'.$HEADING['MODIFY_PAGE'].'" class="blank_target">'.$HEADING['MODIFY_PAGE'].'</a></li>'."\n";
+	        }
+	        $return_value .= '</ul>'."\n";
+	        $return_value .= '</fieldset>'."\n";
+			$return_value .= '</form>'."\n";
+	}
+	$return_value .= '</div>'."\n";
+	return $return_value;
Index: branches/2.8.x/wb/modules/droplets/backup_droplets.php
===================================================================
--- branches/2.8.x/wb/modules/droplets/backup_droplets.php	(revision 1472)
+++ branches/2.8.x/wb/modules/droplets/backup_droplets.php	(revision 1473)
@@ -31,7 +31,7 @@
 // protect from CSRF
 $id = $admin->checkIDKEY('id', false, 'GET');
 if (!$id or $id != 999) {
- $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
  exit();
 }
 
@@ -72,7 +72,6 @@
 delete_directory ( $temp_dir );
 $admin->print_footer();
 
-
 function delete_directory($dirname) {
     if (is_dir($dirname))
         $dir_handle = opendir($dirname);
@@ -90,4 +89,3 @@
     rmdir($dirname);
     return true;
 }
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/modules/droplets/save_droplet.php
===================================================================
--- branches/2.8.x/wb/modules/droplets/save_droplet.php	(revision 1472)
+++ branches/2.8.x/wb/modules/droplets/save_droplet.php	(revision 1473)
@@ -29,14 +29,13 @@
 require_once(WB_PATH.'/framework/class.admin.php');
 require_once(WB_PATH.'/framework/functions.php');
 
+$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
 // check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
 if(file_exists(ADMIN_PATH .'/admintools/tool.php')) {
 	$admintool_link = ADMIN_URL .'/admintools/index.php';
-	$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
 	$admin = new admin('admintools', 'admintools',false);
 } else {
 	$admintool_link = ADMIN_URL .'/settings/index.php?advanced=yes#administration_tools"';
-	$module_edit_link = ADMIN_URL .'/settings/tool.php?tool=droplets';
 	$admin = new admin('Settings', 'settings_advanced',false);
 }
 
Index: branches/2.8.x/wb/modules/news/move_up.php
===================================================================
--- branches/2.8.x/wb/modules/news/move_up.php	(revision 1472)
+++ branches/2.8.x/wb/modules/news/move_up.php	(revision 1473)
@@ -21,12 +21,13 @@
 // Include WB admin wrapper script
 require(WB_PATH.'/modules/admin.php');
 
+$backlink = ADMIN_URL.'/pages/modify.php?page_id='.(int)$page_id;
 // Get id
 $pid = $admin->checkIDKEY('post_id', false, 'GET');
 $gid = $admin->checkIDKEY('group_id', false, 'GET');
 if (!$pid) {
 	if (!$gid) {
-		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $backlink);
 	} else {
 		$id = $gid;
 		$id_field = 'group_id';
@@ -44,9 +45,9 @@
 // Create new order object an reorder
 $order = new order($table, 'position', $id_field, 'section_id');
 if($order->move_up($id)) {
-	$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
+	$admin->print_success($TEXT['SUCCESS'], $backlink);
 } else {
-	$admin->print_error($TEXT['ERROR'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
+	$admin->print_error($TEXT['ERROR'], $backlink);
 }
 
 // Print admin footer
Index: branches/2.8.x/wb/modules/news/modify_post.php
===================================================================
--- branches/2.8.x/wb/modules/news/modify_post.php	(revision 1472)
+++ branches/2.8.x/wb/modules/news/modify_post.php	(revision 1473)
@@ -26,9 +26,10 @@
 // Include WB admin wrapper script
 require(WB_PATH.'/modules/admin.php');
 
+$backlink = ADMIN_URL.'/pages/modify.php?page_id='.(int)$page_id;
 $post_id = intval($admin->checkIDKEY('post_id', false, 'GET'));
 if (!$post_id) {
-	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $backlink);
 }
 
 // Get header and footer
@@ -255,5 +256,3 @@
 
 // Print admin footer
 $admin->print_footer();
-
-?>
\ No newline at end of file
Index: branches/2.8.x/wb/modules/news/move_down.php
===================================================================
--- branches/2.8.x/wb/modules/news/move_down.php	(revision 1472)
+++ branches/2.8.x/wb/modules/news/move_down.php	(revision 1473)
@@ -21,12 +21,13 @@
 // Include WB admin wrapper script
 require(WB_PATH.'/modules/admin.php');
 
+$backlink = ADMIN_URL.'/pages/modify.php?page_id='.(int)$page_id;
 // Get id
 $pid = $admin->checkIDKEY('post_id', false, 'GET');
 $gid = $admin->checkIDKEY('group_id', false, 'GET');
 if (!$pid) {
 	if (!$gid) {
-		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
+		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $backlink);
 		exit();
 	} else {
 		$id = $gid;
@@ -45,9 +46,9 @@
 // Create new order object an reorder
 $order = new order($table, 'position', $id_field, 'section_id');
 if($order->move_down($id)) {
-	$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
+	$admin->print_success($TEXT['SUCCESS'], $backlink);
 } else {
-	$admin->print_error($TEXT['ERROR'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
+	$admin->print_error($TEXT['ERROR'], $backlink);
 }
 
 // Print admin footer