diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index e725e90f..0801a46b 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -1467,6 +1467,22 @@ function validateReCAPTCHA($secretKey) {
 	return $responseJSON->{'success'} === true;
 }
 
+/**
+ * Checks if the user is logged in. Stops script execution if not.
+ *
+ * @param boolean $check2ndFactor check if the 2nd factor was provided if required
+ */
+function enforceUserIsLoggedIn($check2ndFactor = true) {
+	if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
+		logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login: ' . $_SERVER["SCRIPT_FILENAME"]);
+		die();
+	}
+	if ($check2ndFactor && isset($_SESSION['2factorRequired'])) {
+		die();
+		logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login (2nd factor not provided): ' . $_SERVER["SCRIPT_FILENAME"]);
+	}
+}
+
 class LAMException extends Exception {
 
 	private $title;
diff --git a/lam/templates/3rdParty/pla/lib/session_functions.php b/lam/templates/3rdParty/pla/lib/session_functions.php
index 809d8893..ed35ce63 100644
--- a/lam/templates/3rdParty/pla/lib/session_functions.php
+++ b/lam/templates/3rdParty/pla/lib/session_functions.php
@@ -21,6 +21,7 @@ function app_session_start() {
 	include_once '../../../../lib/config.inc';
 	include_once '../../../../lib/ldap.inc';
 	startSecureSession();
+	enforceUserIsLoggedIn();
 	$config_file = CONFDIR.'config.php';
 	$config = check_config($config_file);
 	# If we came via index.php, then set our $config.
diff --git a/lam/templates/account/edit.php b/lam/templates/account/edit.php
index a01b3368..cc530a7e 100644
--- a/lam/templates/account/edit.php
+++ b/lam/templates/account/edit.php
@@ -4,7 +4,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Tilo Lutz
-                2005 - 2016  Roland Gruber
+                2005 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -47,6 +47,7 @@ include_once('../../lib/modules.inc');
 
 // Start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // Redirect to startpage if user is not loged in
 if (!isLoggedIn()) {
diff --git a/lam/templates/delete.php b/lam/templates/delete.php
index 4b299ebd..437754ef 100644
--- a/lam/templates/delete.php
+++ b/lam/templates/delete.php
@@ -49,6 +49,7 @@ include_once('../lib/modules.inc');
 
 // Start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 if (!checkIfWriteAccessIsAllowed()) {
 	die();
diff --git a/lam/templates/initsuff.php b/lam/templates/initsuff.php
index 6d3325cb..19603b1c 100644
--- a/lam/templates/initsuff.php
+++ b/lam/templates/initsuff.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2015  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -39,6 +39,7 @@ include_once("../lib/status.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 if (!checkIfWriteAccessIsAllowed()) {
 	die();
@@ -196,10 +197,10 @@ include 'main_header.php';
 	$buttonContainer->addElement(new htmlHiddenInput('new_suff', implode(";", $new_suff)));
 	$container->addElement($buttonContainer);
 	addSecurityTokenToMetaHTML($container);
-	
+
 	$tabindex = 1;
 	parseHtml(null, $container, array(), false, $tabindex, 'user');
-	
+
 	echo "</form><br>\n";
 	echo "</div>\n";
 include 'main_footer.php';
diff --git a/lam/templates/lists/deletelink.php b/lam/templates/lists/deletelink.php
index 1d3974f7..547224d9 100644
--- a/lam/templates/lists/deletelink.php
+++ b/lam/templates/lists/deletelink.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2007 - 2013  Roland Gruber
+  Copyright (C) 2007 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -39,6 +39,7 @@ include_once("../../lib/status.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 setlanguage();
 
diff --git a/lam/templates/lists/list.php b/lam/templates/lists/list.php
index 65e0fc0f..c9c7ab38 100644
--- a/lam/templates/lists/list.php
+++ b/lam/templates/lists/list.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2016  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -38,6 +38,7 @@ include_once("../../lib/config.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 setlanguage();
 
diff --git a/lam/templates/lists/userlink.php b/lam/templates/lists/userlink.php
index 043053fc..71a10657 100644
--- a/lam/templates/lists/userlink.php
+++ b/lam/templates/lists/userlink.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2010  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -39,6 +39,7 @@ include_once("../../lib/status.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 setlanguage();
 
diff --git a/lam/templates/logout.php b/lam/templates/logout.php
index a664f6f4..70d3a993 100644
--- a/lam/templates/logout.php
+++ b/lam/templates/logout.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2006  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -44,6 +44,7 @@ include_once("../lib/ldap.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // log message
 $ldapUser = $_SESSION['ldap']->decrypt_login();
diff --git a/lam/templates/main.php b/lam/templates/main.php
index b6f49c1c..8fa2b4a8 100644
--- a/lam/templates/main.php
+++ b/lam/templates/main.php
@@ -4,7 +4,7 @@ namespace LAM\INIT;
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2016  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -36,6 +36,7 @@ include_once '../lib/profiles.inc';
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 setlanguage();
 
diff --git a/lam/templates/misc/ajax.php b/lam/templates/misc/ajax.php
index c8936e2d..dd4925f1 100644
--- a/lam/templates/misc/ajax.php
+++ b/lam/templates/misc/ajax.php
@@ -63,6 +63,7 @@ class lamAjax {
 		validateSecurityToken(false);
 
 		if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {
+			enforceUserIsLoggedIn();
 			if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) {
 				if (!isset($_SESSION['account'])) die();
 				$module = $_SESSION['account']->getAccountModule($_GET['module']);
@@ -82,12 +83,13 @@ class lamAjax {
 		}
 
 		$jsonInput = $_POST['jsonInput'];
+		if ($function == 'passwordStrengthCheck') {
+			lamAjax::checkPasswordStrength($jsonInput);
+		}
+		enforceUserIsLoggedIn();
 		if ($function == 'passwordChange') {
 			lamAjax::managePasswordChange($jsonInput);
 		}
-		elseif ($function == 'passwordStrengthCheck') {
-			lamAjax::checkPasswordStrength($jsonInput);
-		}
 		elseif ($function == 'upload') {
 			include_once('../../lib/upload.inc');
 			$typeManager = new \LAM\TYPES\TypeManager();
diff --git a/lam/templates/multiEdit.php b/lam/templates/multiEdit.php
index 274d0ce9..587f6bd5 100644
--- a/lam/templates/multiEdit.php
+++ b/lam/templates/multiEdit.php
@@ -21,7 +21,7 @@ use \htmlInputTextarea;
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2013 - 2016  Roland Gruber
+  Copyright (C) 2013 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -57,6 +57,7 @@ include_once("../lib/status.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/ou_edit.php b/lam/templates/ou_edit.php
index e5156c50..03fa0b93 100644
--- a/lam/templates/ou_edit.php
+++ b/lam/templates/ou_edit.php
@@ -50,6 +50,7 @@ include_once("../lib/status.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/pdfedit/pdfmain.php b/lam/templates/pdfedit/pdfmain.php
index acec5114..711d12fa 100644
--- a/lam/templates/pdfedit/pdfmain.php
+++ b/lam/templates/pdfedit/pdfmain.php
@@ -15,13 +15,12 @@ use \htmlInputFileUpload;
 use \htmlHelpLink;
 use \htmlInputField;
 use \htmlHiddenInput;
-use \htmlDiv;
 /*
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Michael Duergner
-                2005 - 2016  Roland Gruber
+                2005 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -60,6 +59,7 @@ include_once("../../lib/modules.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/pdfedit/pdfpage.php b/lam/templates/pdfedit/pdfpage.php
index e1c0f225..aa295ac2 100644
--- a/lam/templates/pdfedit/pdfpage.php
+++ b/lam/templates/pdfedit/pdfpage.php
@@ -19,7 +19,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Michael Duergner
-                2007 - 2016  Roland Gruber
+                2007 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -62,6 +62,7 @@ include_once('../../lib/xml_parser.inc');
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/profedit/profilemain.php b/lam/templates/profedit/profilemain.php
index 74b434c7..c425e5a4 100644
--- a/lam/templates/profedit/profilemain.php
+++ b/lam/templates/profedit/profilemain.php
@@ -18,7 +18,7 @@ use \htmlInputField;
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2016  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -54,6 +54,7 @@ include_once("../../lib/config.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/profedit/profilepage.php b/lam/templates/profedit/profilepage.php
index 690083a9..57757a22 100644
--- a/lam/templates/profedit/profilepage.php
+++ b/lam/templates/profedit/profilepage.php
@@ -12,7 +12,7 @@ use \htmlHiddenInput;
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2016  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -52,6 +52,7 @@ include_once("../../lib/status.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/schema/schema.php b/lam/templates/schema/schema.php
index 44880e82..6083823c 100644
--- a/lam/templates/schema/schema.php
+++ b/lam/templates/schema/schema.php
@@ -3,7 +3,7 @@
 $Id$
 
   Copyright (C) 2004 David Smith
-  modified to fit for LDAP Account Manager 2005 - 2012 Roland Gruber
+  modified to fit for LDAP Account Manager 2005 - 2017 Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -29,8 +29,8 @@ $Id$
  * @author David Smith
  * @author Roland Gruber
  */
- 
- 
+
+
 /** security functions */
 include_once("../../lib/security.inc");
 /** access to LDAP server */
@@ -42,6 +42,7 @@ require_once("../../lib/schema.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 checkIfToolIsActive('toolSchemaBrowser');
 
@@ -51,7 +52,7 @@ include '../main_header.php';
 
 
 $view = isset( $_GET['view'] ) ? $_GET['view'] : 'objectClasses';
-$viewvalue = isset( $_GET['viewvalue'] ) ? $_GET['viewvalue'] : null; 
+$viewvalue = isset( $_GET['viewvalue'] ) ? $_GET['viewvalue'] : null;
 if( trim( $viewvalue ) == "" )
     $viewvalue = null;
 if( ! is_null( $viewvalue ) )
@@ -89,7 +90,7 @@ if( $view == 'syntaxes' ) {
 	echo "<tr><th>" . _('Syntax OID') . "</th><th>" . _('Description') . "</th></tr>\n";
 	flush();
 	$counter=1;
-	$schema_syntaxes = get_schema_syntaxes(null); 
+	$schema_syntaxes = get_schema_syntaxes(null);
 	if( ! $schema_syntaxes ) StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
 	foreach( $schema_syntaxes as $syntax ) {
 		$counter++;
@@ -107,7 +108,7 @@ if( $view == 'syntaxes' ) {
 	flush();
 	$schema_attrs = get_schema_attributes(null);
 	$schema_object_classes = get_schema_objectclasses(null);
-	if( ! $schema_attrs || ! $schema_object_classes ) 
+	if( ! $schema_attrs || ! $schema_object_classes )
 		StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
 
 	?>
@@ -116,7 +117,7 @@ if( $view == 'syntaxes' ) {
         <select name="viewvalue" onChange="submit()">
 	<option value=""> - all -</option>
 
-	<?php foreach( $schema_attrs as $attr ) { 		
+	<?php foreach( $schema_attrs as $attr ) {
                     echo( '<option value="'
                          .$attr->getName()
                          .'" '
@@ -130,7 +131,7 @@ if( $view == 'syntaxes' ) {
 	<br />
 	<table class="schema_attr" width="100%">
 
-	<?php 
+	<?php
     foreach( $schema_attrs  as $attr ) {
 	  if ( is_null( $viewvalue ) || 0 == strcasecmp( $viewvalue, $attr->getName() ) ) {
         if( ! is_null( $viewvalue ) )
@@ -218,13 +219,13 @@ if( $view == 'syntaxes' ) {
 		  echo number_format( $attr->getMaxLength() ) ." ";
 		  if (  $attr->getMaxLength()>1) {echo _('characters');}
 		  else { echo _('character')  ;}
-	                        } 
+	                        }
 		echo "</td>\n";
 		echo "</tr>\n\n";
 
 		echo "<tr class=\"" . (++$counter%2==0?'even':'odd') . "\">\n";
 		echo "<td>"._('Aliases')."</td>\n";
-		echo "<td>"; 
+		echo "<td>";
 		if( count( $attr->getAliases() ) == 0 )
 			echo '('._('none').')';
 		else
@@ -251,7 +252,7 @@ if( $view == 'syntaxes' ) {
 	echo "</table>\n";
 
 } elseif( $view == 'matching_rules' ) {
-        $schema_matching_rules = get_schema_matching_rules(null); 
+        $schema_matching_rules = get_schema_matching_rules(null);
 	echo '<small>' . _('Jump to a matching rule').'</small><br />';
 	echo '<form  action="schema.php" method="get">';
         echo '<input type="hidden" name="view" value="matching_rules" />';
@@ -260,7 +261,7 @@ if( $view == 'syntaxes' ) {
 		foreach( $schema_matching_rules as $rule ) {
 		  echo '<option value="'.$rule->getName().'"'.($rule->getName()==$viewvalue? ' selected ': '').'>'.$rule->getName().'</option>';
 		}
-        
+
         echo '</select>';
        	echo '<input type="submit" value="'._('Go').'" />';
 	echo '</form>';
@@ -268,7 +269,7 @@ if( $view == 'syntaxes' ) {
 	echo "<tr><th>" . _('Matching rule OID') . "</th><th>" . _('Name') . "</th><th>"._('Used by attributes')."</th></tr>\n";
 	flush();
 	$counter=1;
-	$schema_matching_rules = get_schema_matching_rules(null); 
+	$schema_matching_rules = get_schema_matching_rules(null);
 	if( ! $schema_matching_rules ) StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
 	foreach( $schema_matching_rules as $rule ) {
 		$counter++;
@@ -300,7 +301,7 @@ if( $view == 'syntaxes' ) {
 	}
 	echo "</table>\n";
 
-} elseif( $view == 'objectClasses' ) { 
+} elseif( $view == 'objectClasses' ) {
 	flush();
 	$schema_oclasses = get_schema_objectclasses(null);
 	if( ! $schema_oclasses ) StatusMessage("ERROR", _("Unable to retrieve schema!"), "");
@@ -310,7 +311,7 @@ if( $view == 'syntaxes' ) {
 	<select name="viewvalue"
 	onChange="submit()">
         <option value=""> - all - </option>
-	<?php foreach( $schema_oclasses as $name => $oclass ) { 
+	<?php foreach( $schema_oclasses as $name => $oclass ) {
 		echo '<option value="'
 		     .$oclass->getName()
                      .'"'
@@ -323,8 +324,8 @@ if( $view == 'syntaxes' ) {
 
         <?php flush(); ?>
 
-    <?php foreach( $schema_oclasses as $name => $oclass ) { 
-        foreach( $oclass->getSupClasses() as $parent_name ) { 
+    <?php foreach( $schema_oclasses as $name => $oclass ) {
+        foreach( $oclass->getSupClasses() as $parent_name ) {
             $parent_name = $parent_name;
             if( isset( $schema_oclasses[ $parent_name ] ) ) {
                 $schema_oclasses[ $parent_name ]->addChildObjectClass( $oclass->getName() );
@@ -337,9 +338,9 @@ if( $view == 'syntaxes' ) {
 	<?php foreach( $schema_oclasses as $name => $oclass ) {
 	  if ( $viewvalue==null || 0 == strcasecmp( $viewvalue, $oclass->getName() ) ){
         if( ! is_null( $viewvalue ) )
-            $viewed = true; 
+            $viewed = true;
         ?>
-        
+
 		<h4 class="schema_oclass"><?php echo $oclass->getName(); ?></h4>
 		<h4 class="schema_oclass_sub"><?php echo _('OID'); ?>: <b><?php echo $oclass->getOID(); ?></b></h4>
 		<?php if( $oclass->getDescription() ) { ?>
@@ -350,12 +351,12 @@ if( $view == 'syntaxes' ) {
 			<h4 class="schema_oclass_sub"><?php echo _('This object class is obsolete.'); ?></h4>
 		<?php } ?>
 
-		<h4 class="schema_oclass_sub"><?php echo _('Inherits from'); ?>: <b><?php 
+		<h4 class="schema_oclass_sub"><?php echo _('Inherits from'); ?>: <b><?php
 		if( count( $oclass->getSupClasses() ) == 0 )
 			echo "(" . _('none') . ")";
 		else
 			foreach( $oclass->getSupClasses() as $i => $object_class ) {
-				echo '<a title="' . _('Jump to an object class') . ' " 
+				echo '<a title="' . _('Jump to an object class') . ' "
 					href="?view='.$view.'&amp;viewvalue='.htmlspecialchars( $object_class ) ;
 				echo '">' . htmlspecialchars( $object_class ) . '</a>';
 				if( $i < count( $oclass->getSupClasses() ) - 1 )
@@ -363,14 +364,14 @@ if( $view == 'syntaxes' ) {
 		}
 		?></b></h4>
 
-		<h4 class="schema_oclass_sub"><?php echo _('Parent to'); ?>: <b><?php 
+		<h4 class="schema_oclass_sub"><?php echo _('Parent to'); ?>: <b><?php
         if( 0 == strcasecmp( $oclass->getName(), 'top' ) )
             echo "(<a href=\"schema.php?view=objectClasses\">all</a>)";
 		elseif( count( $oclass->getChildObjectClasses() ) == 0 )
 			echo "(" . _('none') . ")";
 		else
 			foreach( $oclass->getChildObjectClasses() as $i => $object_class ) {
-				echo '<a title="' . _('Jump to an object class') . ' " 
+				echo '<a title="' . _('Jump to an object class') . ' "
 					href="?view='.$view.'&amp;viewvalue='.htmlspecialchars( $object_class ) ;
 				echo '">' . htmlspecialchars( $object_class ) . '</a>';
 				if( $i < count( $oclass->getChildObjectClasses() ) - 1 )
@@ -400,12 +401,12 @@ if( $view == 'syntaxes' ) {
 					echo "</li>\n";
 				}
 				echo "</ul>";
-			} else				
+			} else
 				echo "<center>(" . _('none') . ")</center>\n";
 			?>
 		</td>
 		<td width="50%">
-		<?php 
+		<?php
 		if( count( $oclass->getMayAttrs($schema_oclasses) ) > 0 ) {
 			echo '<ul class="schema">';
 			foreach( $oclass->getMayAttrs($schema_oclasses) as $attr ) {
@@ -422,7 +423,7 @@ if( $view == 'syntaxes' ) {
 			}
 			echo "</ul>";
 		}
-		else				
+		else
 			echo "<center>(" . _('none') . ")</center>\n";
 	?>
 
diff --git a/lam/templates/serverInfo.php b/lam/templates/serverInfo.php
index 77eecebe..8f057feb 100644
--- a/lam/templates/serverInfo.php
+++ b/lam/templates/serverInfo.php
@@ -3,18 +3,18 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2009 - 2012  Roland Gruber
+  Copyright (C) 2009 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
-  
+
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
-  
+
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
@@ -35,6 +35,7 @@ include_once("../lib/config.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 checkIfToolIsActive('toolServerInformation');
 
diff --git a/lam/templates/tests/index.php b/lam/templates/tests/index.php
index 3d6dba52..a42ca98a 100644
--- a/lam/templates/tests/index.php
+++ b/lam/templates/tests/index.php
@@ -3,18 +3,18 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2012  Roland Gruber
+  Copyright (C) 2006 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
-  
+
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
-  
+
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
@@ -35,6 +35,7 @@ include_once("../../lib/config.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/tests/lamdaemonTest.php b/lam/templates/tests/lamdaemonTest.php
index a3cd6bb9..c035e44a 100644
--- a/lam/templates/tests/lamdaemonTest.php
+++ b/lam/templates/tests/lamdaemonTest.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2016  Roland Gruber
+  Copyright (C) 2006 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -36,6 +36,7 @@ include_once("../../lib/config.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/tests/schemaTest.php b/lam/templates/tests/schemaTest.php
index ee04f396..8feddde3 100644
--- a/lam/templates/tests/schemaTest.php
+++ b/lam/templates/tests/schemaTest.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2007 - 2016  Roland Gruber
+  Copyright (C) 2007 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -39,6 +39,7 @@ include_once("../../lib/schema.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
diff --git a/lam/templates/tools.php b/lam/templates/tools.php
index e51223cf..be87eaa4 100644
--- a/lam/templates/tools.php
+++ b/lam/templates/tools.php
@@ -3,18 +3,18 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2011  Roland Gruber
+  Copyright (C) 2003 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
-  
+
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
-  
+
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
@@ -37,6 +37,7 @@ include_once("../lib/tools.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 setlanguage();
 
diff --git a/lam/templates/tree/treeViewContainer.php b/lam/templates/tree/treeViewContainer.php
index fc5147c9..ba942d43 100644
--- a/lam/templates/tree/treeViewContainer.php
+++ b/lam/templates/tree/treeViewContainer.php
@@ -3,18 +3,18 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2010 - 2011  Roland Gruber
+  Copyright (C) 2010 - 2017  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
-  
+
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
-  
+
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
@@ -36,6 +36,7 @@ include_once("../../lib/config.inc");
 
 // start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 setlanguage();
 
diff --git a/lam/templates/upload/massBuildAccounts.php b/lam/templates/upload/massBuildAccounts.php
index 4cac7f5d..a81487df 100644
--- a/lam/templates/upload/massBuildAccounts.php
+++ b/lam/templates/upload/massBuildAccounts.php
@@ -48,6 +48,7 @@ include_once('../../lib/modules.inc');
 
 // Start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // check if this tool may be run
 checkIfToolIsActive('toolFileUpload');
diff --git a/lam/templates/upload/massDoUpload.php b/lam/templates/upload/massDoUpload.php
index bbc5b3b9..8fc64745 100644
--- a/lam/templates/upload/massDoUpload.php
+++ b/lam/templates/upload/massDoUpload.php
@@ -45,6 +45,7 @@ include_once('../../lib/pdf.inc');
 
 // Start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // check if this tool may be run
 checkIfToolIsActive('toolFileUpload');
diff --git a/lam/templates/upload/masscreate.php b/lam/templates/upload/masscreate.php
index 6b29a4eb..e6e721a8 100644
--- a/lam/templates/upload/masscreate.php
+++ b/lam/templates/upload/masscreate.php
@@ -62,6 +62,7 @@ include_once('../../lib/upload.inc');
 
 // Start session
 startSecureSession();
+enforceUserIsLoggedIn();
 
 // check if this tool may be run
 checkIfToolIsActive('toolFileUpload');
diff --git a/lam/tmp/.gitignore b/lam/tmp/.gitignore
deleted file mode 100644
index 66b83c12..00000000
--- a/lam/tmp/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/*.jpg