diff --git a/devel/TODO b/devel/TODO
index 4a3c7b7..ea23460 100644
--- a/devel/TODO
+++ b/devel/TODO
@@ -1,18 +1,18 @@
 WTFs:
 [x] Kontostand beim kaufen auch veraendern..
 [x] Einkaufshistory basteln
-[ ] Beim einkaufen von Objekten ohne Deposit sollten es nicht moeglich sein diese "with Deposit" zu kaufen
+[x] Beim einkaufen von Objekten ohne Deposit sollten es nicht moeglich sein diese "with Deposit" zu kaufen
 
 Noch zu tun:
-[ ] "Home" mit inhalt fuellen
-[ ] API
+[x] "Home" mit inhalt fuellen
+[x] API
 [ ] Kassenwart-ueberweisung "ok" interface
 [ ] Einstellungen (email bei ueberweisung,...?)
-[ ] Ldap anbindung fuer login
+[x] Ldap anbindung fuer login
 
 
 Nice-to-haf:
-[ ] Search'n'Buy
+[x] Search'n'Buy
 [ ] API-Beispiele
 
 Konrad:
diff --git a/devel/api b/devel/api
index 447079f..e3220e0 100644
--- a/devel/api
+++ b/devel/api
@@ -73,6 +73,11 @@ auth/
 			blob		blob to get user from / auth user with, returns User or NULL
 		POST 
 			""" set authblob if allowed """
+	user/
+		GET (=get)
+			""" get user by authblob string - this function works only when plugin
+			                                  has unique authblobs """
+			authblob	[REQ] authblob to sear
 	
 config/
 	GET (=get)
diff --git a/k4ever/buyable/models.py b/k4ever/buyable/models.py
index 35018c6..3fb5a28 100644
--- a/k4ever/buyable/models.py
+++ b/k4ever/buyable/models.py
@@ -21,7 +21,7 @@ class Buyable(models.Model):
 	buyableType = models.ManyToManyField(BuyableType)
 
 	def hasDeposit(self):
-		return self.deposit > 0.0
+		return self.deposit > Decimal(0)
 	
 	def createPurchase(self, isDeposit=False):
 		p = Purchase()
diff --git a/k4ever/buyable/templates/buyables/showItem.html b/k4ever/buyable/templates/buyables/showItem.html
index 2958681..5a5a282 100644
--- a/k4ever/buyable/templates/buyables/showItem.html
+++ b/k4ever/buyable/templates/buyables/showItem.html
@@ -2,12 +2,27 @@
 
 {% block "content" %}
 	{% if item %}
-		You got the item {{ item }}.
-		Buy <a href="/store/buy/{{ item.id }}/">it!</a>
-		{% if item.hasDeposit %}
-			<a href="/store/buy/{{ item.id }}/with/deposit/">it+deposit!</a>
-			<a href="/store/buy/{{ item.id }}/only/deposit/"> only deposit!</a>
-		{% endif %}
+		<table border="1" frame="box" rules="cols" width="40%" cellpadding="5">
+			<tr>
+				<td colspan="2"><img src="{{ MEDIA_URL }}{{ item.image }}"></td>
+			</tr>
+			<tr>
+				<th>Zugeh&ouml;rig zu:</th>
+	        	<td>{% for type in item.buyableType.all %}
+                	{{ type }}
+	        	{% endfor %}</td>
+			</tr>
+			<tr>
+				<th>Kauf {{ item }}:</th>
+				<td>Buy <a href="/store/buy/{{ item.id }}/">it!</a></td>
+			</tr>
+			<tr>
+				<td>&nbsp;</td>
+				<td>{% if item.hasDeposit %}
+				<a href="/store/buy/{{ item.id }}/with/deposit/">it+deposit!</a>
+				<a href="/store/buy/{{ item.id }}/only/deposit/"> only deposit!</a>
+				{% endif %}</td>
+			</tr></table>
 	{% else %}
 		No item found :(
 	{% endif %}
diff --git a/k4ever/buyable/templates/buyables/showItems.html b/k4ever/buyable/templates/buyables/showItems.html
index e25e3e6..65eed81 100644
--- a/k4ever/buyable/templates/buyables/showItems.html
+++ b/k4ever/buyable/templates/buyables/showItems.html
@@ -2,7 +2,18 @@
 
 {% block "content" %}
 {% for item in items %}
-	<img src="{{ MEDIA_URL }}{{ item.image }}">{{ item }}
-	<a href="/store/show/{{ item.id }}">{{ item.name }}</a>
+	<div style="float:left; width=200; ">
+	      <a href="/store/show/{{ item.id }}"><img WIDTH=64 HEIGHT=64 src="{{ MEDIA_URL }}{{ item.image }}"></a>
+	</br> {{ item }}
+	</br> Buy <a href="/store/buy/{{ item.id }}/">it!</a>
+                {% if item.hasDeposit %}
+                        <a href="/store/buy/{{ item.id }}/with/deposit/">it+deposit!</a>
+                        <a href="/store/buy/{{ item.id }}/only/deposit/"> only deposit!</a>
+                {% endif %}
+ 	</br> (
+	{% for type in item.buyableType.all %}
+		{{ type }}
+	{% endfor %} )
+	</div>
 {% endfor %}
 {% endblock %}
diff --git a/k4ever/main/templates/settings/settings.html b/k4ever/main/templates/settings/settings.html
index 2559542..ce2e99e 100644
--- a/k4ever/main/templates/settings/settings.html
+++ b/k4ever/main/templates/settings/settings.html
@@ -3,8 +3,7 @@
 {% block "content" %}
 	<h2>Passwort</h2>
 	<hr />
-	&lt;Change Password here&gt;
-	<br />
+	Da die meisten der Nutzer dieses Systems &uuml;ber den LDAP der Freitagsrunde laufen, kann man hier sein Passwort nicht &auml;ndern. Wenn du dein Passwort trotzdem &auml;ndern m&ouml;chstest (und dieses System nicht &uuml;ber einen Freitagsrundenaccount benutzt), wende dich bitte an einen der Freitagsrunden-Admins. (lies: not implemented)
 	<br />
 	<br />
 	<h2>Plugin Berechtigungen</h2>
diff --git a/k4ever/main/views.py b/k4ever/main/views.py
index f41e176..ed73fd5 100644
--- a/k4ever/main/views.py
+++ b/k4ever/main/views.py
@@ -16,7 +16,7 @@ def startpage(request):
 	allMost = Purchase.objects.filter(isDeposit=False).values('buyable__name', 'buyable__id').annotate(num_buys=Count('buyable')).order_by('-num_buys')
 	usersMost = Purchase.objects.filter(isDeposit=False).values('buyable__name','buyable__id').filter(order__user=request.user.id).annotate(num_buys=Count('buyable')).order_by('-num_buys')
 	usersLast = Purchase.objects.filter(isDeposit=False).values('buyable__name','buyable__id').filter(order__user=request.user.id).order_by('-order__dateTime')
-	return render_to_response("main/startpage.html", {'allMost' : allMost,'usersMost': usersMost, 'usersLast' : usersLast}, RequestContext(request))
+	return render_to_response("main/startpage.html", {'allMost' : allMost,'usersMost': usersMost, 'usersLast' : usersLast[:12]}, RequestContext(request))
 
 def register(request):
 	return render_to_response("registration/register.html", RequestContext(request))
@@ -88,6 +88,11 @@ def pluginAuthblob(request, pluginId):
 		d['pluginerror'] = "Der Authblob darf f&uuml;r dieses Plugin nicht vom User ver&auml;ndert werden (oder der Authblob war kaputt)"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	
+	if p.plugin.uniqueAuthblob and PluginPermission.objects.filter(plugin=plugin, authblob=request.POST["authblob"]).count() > 0:
+		d = getPluginDict(request)
+		d['pluginerror'] = "Achtung! Dein Authblob wird bereits von einer anderen Person benutzt. Bitte w&auml;hle einen anderen (eindeutigen) Authblob!"
+		return render_to_response("settings/settings.html", d, RequestContext(request))
+	
 	p.authblob = request.POST['authblob']
 	p.save()
 	d = getPluginDict(request)
diff --git a/k4ever/transaction/admin.py b/k4ever/transaction/admin.py
index 9c3f5ee..9de41da 100644
--- a/k4ever/transaction/admin.py
+++ b/k4ever/transaction/admin.py
@@ -3,6 +3,7 @@ from models import Transaction, TransactionType
 from django.contrib import admin
 
 class TransactionAdmin(admin.ModelAdmin):
+	list_filter = ('checked','transactionType','amount')
 	actions = ['really_delete_selected']
 	
 	def get_actions(self, request):