diff --git a/4dev/database/function/edit_access_set_uid.sql b/4dev/database/function/edit_access_set_uid.sql
index a6d21e91..d1c27e32 100644
--- a/4dev/database/function/edit_access_set_uid.sql
+++ b/4dev/database/function/edit_access_set_uid.sql
@@ -25,4 +25,4 @@ BEGIN
 	RETURN NEW;
 END;
 $$
-	LANGUAGE 'plpgsql';
+LANGUAGE 'plpgsql';
diff --git a/4dev/database/function/edit_group_set_uid.sql b/4dev/database/function/edit_group_set_uid.sql
index bcee3b11..2775d166 100755
--- a/4dev/database/function/edit_group_set_uid.sql
+++ b/4dev/database/function/edit_group_set_uid.sql
@@ -25,4 +25,4 @@ BEGIN
 	RETURN NEW;
 END;
 $$
-	LANGUAGE 'plpgsql';
+LANGUAGE 'plpgsql';
diff --git a/4dev/tests/CoreLibsACLLoginTest.php b/4dev/tests/CoreLibsACLLoginTest.php
index 8b1f39cd..c57528a6 100644
--- a/4dev/tests/CoreLibsACLLoginTest.php
+++ b/4dev/tests/CoreLibsACLLoginTest.php
@@ -1477,7 +1477,7 @@ final class CoreLibsACLLoginTest extends TestCase
 				);
 				// - loginGetLoginHTML
 				$this->assertStringContainsString(
-					'<html>',
+					'<html lang="',
 					$login_mock->loginGetLoginHTML(),
 					'Assert login html string exits'
 				);
@@ -1529,7 +1529,7 @@ final class CoreLibsACLLoginTest extends TestCase
 					// html login basic check only, content is the same as when
 					// read from loginGetLoginHTML()
 					$this->assertStringContainsString(
-						'<html>',
+						'<html lang="',
 						$_POST['login_html'],
 						'Assert ajax _POST html string exits'
 					);
diff --git a/4dev/tests/CoreLibsCheckEncodingTest.php b/4dev/tests/CoreLibsCheckEncodingTest.php
index 3c1014e4..16aea2b0 100644
--- a/4dev/tests/CoreLibsCheckEncodingTest.php
+++ b/4dev/tests/CoreLibsCheckEncodingTest.php
@@ -92,6 +92,7 @@ final class CoreLibsCheckEncodingTest extends TestCase
 		$error_char,
 		$expected
 	): void {
+		$current_subsitute_character = mb_substitute_character();
 		if ($error_char !== null) {
 			\CoreLibs\Check\Encoding::setErrorChar($error_char);
 			if (!in_array($error_char, ['none', 'long', 'entity'])) {
@@ -111,6 +112,8 @@ final class CoreLibsCheckEncodingTest extends TestCase
 			$expected,
 			$return
 		);
+		// reset after test
+		mb_substitute_character($current_subsitute_character);
 	}
 }
 
diff --git a/4dev/tests/CoreLibsCreateEmailTest.php b/4dev/tests/CoreLibsCreateEmailTest.php
index 003a552b..25c343ef 100644
--- a/4dev/tests/CoreLibsCreateEmailTest.php
+++ b/4dev/tests/CoreLibsCreateEmailTest.php
@@ -122,7 +122,7 @@ final class CoreLibsCreateEmailTest extends TestCase
 	 * Undocumented function
 	 *
 	 * @dataProvider encodeEmailNameProvider
-	 * @testdox encode email $email, name $name, encoding $encoding will be $expected [$_dataName]
+	 * @testdox encode email $email, name $name, encoding $encoding, folding $kv_folding will be $expected [$_dataName]
 	 *
 	 * @return void
 	 */
diff --git a/4dev/tests/CoreLibsCreateSessionTest.php b/4dev/tests/CoreLibsCreateSessionTest.php
index 2eeaefe3..ba97d1a4 100644
--- a/4dev/tests/CoreLibsCreateSessionTest.php
+++ b/4dev/tests/CoreLibsCreateSessionTest.php
@@ -181,7 +181,7 @@ final class CoreLibsCreateSessionTest extends TestCase
 		string $type,
 		array $mock_data,
 		string $expected,
-		string $expected_error,
+		string $expected_error
 	): void {
 		// override expected
 		if ($type == 'd') {
diff --git a/4dev/tests/CoreLibsDBIOTest.php b/4dev/tests/CoreLibsDBIOTest.php
index e3fe16f5..c840c6a1 100644
--- a/4dev/tests/CoreLibsDBIOTest.php
+++ b/4dev/tests/CoreLibsDBIOTest.php
@@ -2536,7 +2536,7 @@ final class CoreLibsDBIOTest extends TestCase
 	private function subAssertCursorExtTestDbReturnFunction(
 		\CoreLibs\DB\IO $db,
 		string $query,
-		array $cursor_ext_checks,
+		array $cursor_ext_checks
 	): void {
 		// cursor check
 		if (
diff --git a/4dev/database/update/20190910-edit_update_missing_cuid.sql b/4dev/update/20190910_page_content/20190910-edit_update_missing_cuid.sql
similarity index 100%
rename from 4dev/database/update/20190910-edit_update_missing_cuid.sql
rename to 4dev/update/20190910_page_content/20190910-edit_update_missing_cuid.sql
diff --git a/4dev/database/update/20191211-edit_tables_missing_columns.sql b/4dev/update/20191211_edit_add_missing_columns/20191211-edit_tables_missing_columns.sql
similarity index 100%
rename from 4dev/database/update/20191211-edit_tables_missing_columns.sql
rename to 4dev/update/20191211_edit_add_missing_columns/20191211-edit_tables_missing_columns.sql
diff --git a/4dev/database/update/20220617-edit_user_login_user_id_add.sql b/4dev/update/20220617_edit_user_login_update/20220617-edit_user_login_user_id_add.sql
similarity index 100%
rename from 4dev/database/update/20220617-edit_user_login_user_id_add.sql
rename to 4dev/update/20220617_edit_user_login_update/20220617-edit_user_login_user_id_add.sql
diff --git a/4dev/update/20220906_edit_acl_update/20220906_readme.md b/4dev/update/20220906_edit_acl_update/20220906_readme.md
new file mode 100644
index 00000000..e62d6a05
--- /dev/null
+++ b/4dev/update/20220906_edit_acl_update/20220906_readme.md
@@ -0,0 +1,23 @@
+# Files to be changed
+
+Change: Update Generate\Form to use ACL for form creation (basic)
+Date: 2022/9/6
+
+## File List
+
+```sh
+includes/table_arrays/array_edit_pages.php
+includes/table_arrays/array_edit_users.php
+includes/templates/admin/edit_body.tpl
+includes/templates/admin/edit_elements.tpl
+includes/templates/admin/edit_load.tpl
+includes/templates/admin/edit_new.tpl
+includes/templates/admin/edit_save_delete.tpl
+includes/edit_base.php
+lib/CoreLibs/ACL/Login.php
+lib/CoreLibs/DB/Extended/ArrayIO.php
+lib/CoreLibs/Convert/MimeEncode.php
+lib/CoreLibs/Create/Email.php
+lib/CoreLibs/Output/Form/Generate.php
+
+```
diff --git a/www/composer.lock b/www/composer.lock
index 0a6f6202..9116bc21 100644
--- a/www/composer.lock
+++ b/www/composer.lock
@@ -138,16 +138,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v4.13.2",
+            "version": "v4.15.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "210577fe3cf7badcc5814d99455df46564f3c077"
+                "reference": "0ef6c55a3f47f89d7a374e6f835197a0b5fcf900"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/210577fe3cf7badcc5814d99455df46564f3c077",
-                "reference": "210577fe3cf7badcc5814d99455df46564f3c077",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/0ef6c55a3f47f89d7a374e6f835197a0b5fcf900",
+                "reference": "0ef6c55a3f47f89d7a374e6f835197a0b5fcf900",
                 "shasum": ""
             },
             "require": {
@@ -188,9 +188,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v4.13.2"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v4.15.1"
             },
-            "time": "2021-11-30T19:35:32+00:00"
+            "time": "2022-09-04T07:30:47+00:00"
         },
         {
             "name": "phar-io/manifest",
@@ -303,252 +303,25 @@
             },
             "time": "2022-02-21T01:04:05+00:00"
         },
-        {
-            "name": "phpdocumentor/reflection-common",
-            "version": "2.2.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/phpDocumentor/ReflectionCommon.git",
-                "reference": "1d01c49d4ed62f25aa84a747ad35d5a16924662b"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/1d01c49d4ed62f25aa84a747ad35d5a16924662b",
-                "reference": "1d01c49d4ed62f25aa84a747ad35d5a16924662b",
-                "shasum": ""
-            },
-            "require": {
-                "php": "^7.2 || ^8.0"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-2.x": "2.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "phpDocumentor\\Reflection\\": "src/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Jaap van Otterdijk",
-                    "email": "opensource@ijaap.nl"
-                }
-            ],
-            "description": "Common reflection classes used by phpdocumentor to reflect the code structure",
-            "homepage": "http://www.phpdoc.org",
-            "keywords": [
-                "FQSEN",
-                "phpDocumentor",
-                "phpdoc",
-                "reflection",
-                "static analysis"
-            ],
-            "support": {
-                "issues": "https://github.com/phpDocumentor/ReflectionCommon/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionCommon/tree/2.x"
-            },
-            "time": "2020-06-27T09:03:43+00:00"
-        },
-        {
-            "name": "phpdocumentor/reflection-docblock",
-            "version": "5.3.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "622548b623e81ca6d78b721c5e029f4ce664f170"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/622548b623e81ca6d78b721c5e029f4ce664f170",
-                "reference": "622548b623e81ca6d78b721c5e029f4ce664f170",
-                "shasum": ""
-            },
-            "require": {
-                "ext-filter": "*",
-                "php": "^7.2 || ^8.0",
-                "phpdocumentor/reflection-common": "^2.2",
-                "phpdocumentor/type-resolver": "^1.3",
-                "webmozart/assert": "^1.9.1"
-            },
-            "require-dev": {
-                "mockery/mockery": "~1.3.2",
-                "psalm/phar": "^4.8"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "5.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "phpDocumentor\\Reflection\\": "src"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Mike van Riel",
-                    "email": "me@mikevanriel.com"
-                },
-                {
-                    "name": "Jaap van Otterdijk",
-                    "email": "account@ijaap.nl"
-                }
-            ],
-            "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
-            "support": {
-                "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.3.0"
-            },
-            "time": "2021-10-19T17:43:47+00:00"
-        },
-        {
-            "name": "phpdocumentor/type-resolver",
-            "version": "1.6.1",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/phpDocumentor/TypeResolver.git",
-                "reference": "77a32518733312af16a44300404e945338981de3"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/77a32518733312af16a44300404e945338981de3",
-                "reference": "77a32518733312af16a44300404e945338981de3",
-                "shasum": ""
-            },
-            "require": {
-                "php": "^7.2 || ^8.0",
-                "phpdocumentor/reflection-common": "^2.0"
-            },
-            "require-dev": {
-                "ext-tokenizer": "*",
-                "psalm/phar": "^4.8"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-1.x": "1.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "phpDocumentor\\Reflection\\": "src"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Mike van Riel",
-                    "email": "me@mikevanriel.com"
-                }
-            ],
-            "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names",
-            "support": {
-                "issues": "https://github.com/phpDocumentor/TypeResolver/issues",
-                "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.6.1"
-            },
-            "time": "2022-03-15T21:29:03+00:00"
-        },
-        {
-            "name": "phpspec/prophecy",
-            "version": "v1.15.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "bbcd7380b0ebf3961ee21409db7b38bc31d69a13"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/bbcd7380b0ebf3961ee21409db7b38bc31d69a13",
-                "reference": "bbcd7380b0ebf3961ee21409db7b38bc31d69a13",
-                "shasum": ""
-            },
-            "require": {
-                "doctrine/instantiator": "^1.2",
-                "php": "^7.2 || ~8.0, <8.2",
-                "phpdocumentor/reflection-docblock": "^5.2",
-                "sebastian/comparator": "^3.0 || ^4.0",
-                "sebastian/recursion-context": "^3.0 || ^4.0"
-            },
-            "require-dev": {
-                "phpspec/phpspec": "^6.0 || ^7.0",
-                "phpunit/phpunit": "^8.0 || ^9.0"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "1.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Prophecy\\": "src/Prophecy"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Konstantin Kudryashov",
-                    "email": "ever.zet@gmail.com",
-                    "homepage": "http://everzet.com"
-                },
-                {
-                    "name": "Marcello Duarte",
-                    "email": "marcello.duarte@gmail.com"
-                }
-            ],
-            "description": "Highly opinionated mocking framework for PHP 5.3+",
-            "homepage": "https://github.com/phpspec/prophecy",
-            "keywords": [
-                "Double",
-                "Dummy",
-                "fake",
-                "mock",
-                "spy",
-                "stub"
-            ],
-            "support": {
-                "issues": "https://github.com/phpspec/prophecy/issues",
-                "source": "https://github.com/phpspec/prophecy/tree/v1.15.0"
-            },
-            "time": "2021-12-08T12:19:24+00:00"
-        },
         {
             "name": "phpunit/php-code-coverage",
-            "version": "9.2.15",
+            "version": "9.2.17",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-code-coverage.git",
-                "reference": "2e9da11878c4202f97915c1cb4bb1ca318a63f5f"
+                "reference": "aa94dc41e8661fe90c7316849907cba3007b10d8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/2e9da11878c4202f97915c1cb4bb1ca318a63f5f",
-                "reference": "2e9da11878c4202f97915c1cb4bb1ca318a63f5f",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/aa94dc41e8661fe90c7316849907cba3007b10d8",
+                "reference": "aa94dc41e8661fe90c7316849907cba3007b10d8",
                 "shasum": ""
             },
             "require": {
                 "ext-dom": "*",
                 "ext-libxml": "*",
                 "ext-xmlwriter": "*",
-                "nikic/php-parser": "^4.13.0",
+                "nikic/php-parser": "^4.14",
                 "php": ">=7.3",
                 "phpunit/php-file-iterator": "^3.0.3",
                 "phpunit/php-text-template": "^2.0.2",
@@ -597,7 +370,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues",
-                "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.15"
+                "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.17"
             },
             "funding": [
                 {
@@ -605,7 +378,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-03-07T09:28:20+00:00"
+            "time": "2022-08-30T12:24:04+00:00"
         },
         {
             "name": "phpunit/php-file-iterator",
@@ -850,16 +623,16 @@
         },
         {
             "name": "phpunit/phpunit",
-            "version": "9.5.20",
+            "version": "9.5.24",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/phpunit.git",
-                "reference": "12bc8879fb65aef2138b26fc633cb1e3620cffba"
+                "reference": "d0aa6097bef9fd42458a9b3c49da32c6ce6129c5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/12bc8879fb65aef2138b26fc633cb1e3620cffba",
-                "reference": "12bc8879fb65aef2138b26fc633cb1e3620cffba",
+                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/d0aa6097bef9fd42458a9b3c49da32c6ce6129c5",
+                "reference": "d0aa6097bef9fd42458a9b3c49da32c6ce6129c5",
                 "shasum": ""
             },
             "require": {
@@ -874,7 +647,6 @@
                 "phar-io/manifest": "^2.0.3",
                 "phar-io/version": "^3.0.2",
                 "php": ">=7.3",
-                "phpspec/prophecy": "^1.12.1",
                 "phpunit/php-code-coverage": "^9.2.13",
                 "phpunit/php-file-iterator": "^3.0.5",
                 "phpunit/php-invoker": "^3.1.1",
@@ -889,13 +661,9 @@
                 "sebastian/global-state": "^5.0.1",
                 "sebastian/object-enumerator": "^4.0.3",
                 "sebastian/resource-operations": "^3.0.3",
-                "sebastian/type": "^3.0",
+                "sebastian/type": "^3.1",
                 "sebastian/version": "^3.0.2"
             },
-            "require-dev": {
-                "ext-pdo": "*",
-                "phpspec/prophecy-phpunit": "^2.0.1"
-            },
             "suggest": {
                 "ext-soap": "*",
                 "ext-xdebug": "*"
@@ -937,7 +705,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/phpunit/issues",
-                "source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.20"
+                "source": "https://github.com/sebastianbergmann/phpunit/tree/9.5.24"
             },
             "funding": [
                 {
@@ -949,7 +717,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-04-01T12:37:26+00:00"
+            "time": "2022-08-30T07:42:16+00:00"
         },
         {
             "name": "sebastian/cli-parser",
@@ -1808,16 +1576,16 @@
         },
         {
             "name": "sebastian/type",
-            "version": "3.0.0",
+            "version": "3.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/type.git",
-                "reference": "b233b84bc4465aff7b57cf1c4bc75c86d00d6dad"
+                "reference": "fb44e1cc6e557418387ad815780360057e40753e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/type/zipball/b233b84bc4465aff7b57cf1c4bc75c86d00d6dad",
-                "reference": "b233b84bc4465aff7b57cf1c4bc75c86d00d6dad",
+                "url": "https://api.github.com/repos/sebastianbergmann/type/zipball/fb44e1cc6e557418387ad815780360057e40753e",
+                "reference": "fb44e1cc6e557418387ad815780360057e40753e",
                 "shasum": ""
             },
             "require": {
@@ -1829,7 +1597,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.0-dev"
+                    "dev-master": "3.1-dev"
                 }
             },
             "autoload": {
@@ -1852,7 +1620,7 @@
             "homepage": "https://github.com/sebastianbergmann/type",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/type/issues",
-                "source": "https://github.com/sebastianbergmann/type/tree/3.0.0"
+                "source": "https://github.com/sebastianbergmann/type/tree/3.1.0"
             },
             "funding": [
                 {
@@ -1860,7 +1628,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-03-15T09:54:48+00:00"
+            "time": "2022-08-29T06:55:37+00:00"
         },
         {
             "name": "sebastian/version",
@@ -1915,88 +1683,6 @@
             ],
             "time": "2020-09-28T06:39:44+00:00"
         },
-        {
-            "name": "symfony/polyfill-ctype",
-            "version": "v1.25.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">=7.1"
-            },
-            "provide": {
-                "ext-ctype": "*"
-            },
-            "suggest": {
-                "ext-ctype": "For best performance"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-main": "1.23-dev"
-                },
-                "thanks": {
-                    "name": "symfony/polyfill",
-                    "url": "https://github.com/symfony/polyfill"
-                }
-            },
-            "autoload": {
-                "files": [
-                    "bootstrap.php"
-                ],
-                "psr-4": {
-                    "Symfony\\Polyfill\\Ctype\\": ""
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Gert de Pagter",
-                    "email": "BackEndTea@gmail.com"
-                },
-                {
-                    "name": "Symfony Community",
-                    "homepage": "https://symfony.com/contributors"
-                }
-            ],
-            "description": "Symfony polyfill for ctype functions",
-            "homepage": "https://symfony.com",
-            "keywords": [
-                "compatibility",
-                "ctype",
-                "polyfill",
-                "portable"
-            ],
-            "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.25.0"
-            },
-            "funding": [
-                {
-                    "url": "https://symfony.com/sponsor",
-                    "type": "custom"
-                },
-                {
-                    "url": "https://github.com/fabpot",
-                    "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
-                    "type": "tidelift"
-                }
-            ],
-            "time": "2021-10-20T20:35:02+00:00"
-        },
         {
             "name": "theseer/tokenizer",
             "version": "1.2.1",
@@ -2046,64 +1732,6 @@
                 }
             ],
             "time": "2021-07-28T10:34:58+00:00"
-        },
-        {
-            "name": "webmozart/assert",
-            "version": "1.10.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/webmozarts/assert.git",
-                "reference": "6964c76c7804814a842473e0c8fd15bab0f18e25"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/6964c76c7804814a842473e0c8fd15bab0f18e25",
-                "reference": "6964c76c7804814a842473e0c8fd15bab0f18e25",
-                "shasum": ""
-            },
-            "require": {
-                "php": "^7.2 || ^8.0",
-                "symfony/polyfill-ctype": "^1.8"
-            },
-            "conflict": {
-                "phpstan/phpstan": "<0.12.20",
-                "vimeo/psalm": "<4.6.1 || 4.6.2"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "^8.5.13"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "1.10-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Webmozart\\Assert\\": "src/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Bernhard Schussek",
-                    "email": "bschussek@gmail.com"
-                }
-            ],
-            "description": "Assertions to validate method input/output with nice error messages.",
-            "keywords": [
-                "assert",
-                "check",
-                "validate"
-            ],
-            "support": {
-                "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/1.10.0"
-            },
-            "time": "2021-03-09T10:59:23+00:00"
         }
     ],
     "aliases": [],
diff --git a/www/includes/edit_base.php b/www/includes/edit_base.php
index b9752834..60e0718d 100644
--- a/www/includes/edit_base.php
+++ b/www/includes/edit_base.php
@@ -552,6 +552,7 @@ if (is_dir(BASE . CACHE)) {
 }
 $smarty->display($EDIT_TEMPLATE, 'editAdmin_' . $smarty->lang, 'editAdmin_' . $smarty->lang);
 
+$form->log->debug('DEBUGEND', '==================================== [Form END]');
 // debug output
 echo $login->log->printErrorMsg();
 echo $form->log->printErrorMsg();
diff --git a/www/includes/table_arrays/array_edit_pages.php b/www/includes/table_arrays/array_edit_pages.php
index ca6c7704..3198eda6 100644
--- a/www/includes/table_arrays/array_edit_pages.php
+++ b/www/includes/table_arrays/array_edit_pages.php
@@ -66,8 +66,8 @@ $edit_pages = [
 			'int' => 1,
 			'type' => 'binary',
 			'element_list' => [
-				 '1' => 'Yes',
-				 '0' => 'No'
+				'1' => 'Yes',
+				'0' => 'No'
 			],
 		],
 		'popup' => [
@@ -76,8 +76,8 @@ $edit_pages = [
 			'int' => 1,
 			'type' => 'binary',
 			'element_list' => [
-				 '1' => 'Yes',
-				 '0' => 'No'
+				'1' => 'Yes',
+				'0' => 'No'
 			],
 		],
 		'popup_x' => [
@@ -128,12 +128,12 @@ $edit_pages = [
 			'name' => 'filename',
 			'before_value' => 'Filename: '
 		],
-		 [
-		   'name' => 'online',
-		   'binary' => ['Yes', 'No'],
-		   'before_value' => 'Online: '
-		 ],
-		 [
+		[
+			'name' => 'online',
+			'binary' => ['Yes', 'No'],
+			'before_value' => 'Online: '
+		],
+		[
 			'name' => 'menu',
 			'binary' => ['Yes', 'No'],
 			'before_value' => 'Menu: '
diff --git a/www/includes/table_arrays/array_edit_users.php b/www/includes/table_arrays/array_edit_users.php
index cbe73790..d311b264 100644
--- a/www/includes/table_arrays/array_edit_users.php
+++ b/www/includes/table_arrays/array_edit_users.php
@@ -15,7 +15,11 @@ $edit_users = [
 			'output_name' => 'Username',
 			'mandatory' => 1,
 			'error_check' => 'unique|alphanumericextended',
-			'type' => 'text'
+			'type' => 'text',
+			// if not min_edit_acl only read
+			// if not min_show_acl not visible
+			'min_edit_acl' => '100',
+			'min_show_acl' => '-1',
 		],
 		'password' => [
 			'value' => $GLOBALS['password'] ?? '',
@@ -30,6 +34,8 @@ $edit_users = [
 					'value' => 'NOW()' // value [todo: complex reference
 				],
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		// password date when first insert and password is set, needs special field with connection to password
 		// password reset force interval, if set, user needs to reset password after X time period
@@ -41,7 +47,9 @@ $edit_users = [
 			'type' => 'text',
 			'interval' => 1, // interval needs NULL write for empty
 			'size' => 5, // make it 5 chars long
-			'length' => 5
+			'length' => 5,
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'enabled' => [
 			'value' => $GLOBALS['enabled'] ?? '',
@@ -52,6 +60,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '-1',
 		],
 		'deleted' => [
 			'value' => $GLOBALS['deleted'] ?? '',
@@ -62,6 +72,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'strict' => [
 			'value' => $GLOBALS['strict'] ?? '',
@@ -72,6 +84,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'locked' => [
 			'value' => $GLOBALS['locked'] ?? '',
@@ -82,6 +96,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'admin' => [
 			'value' => $GLOBALS['admin'] ?? '',
@@ -92,6 +108,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'debug' => [
 			'value' => $GLOBALS['debug'] ?? '',
@@ -102,6 +120,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'db_debug' => [
 			'value' => $GLOBALS['db_debug'] ?? '',
@@ -112,22 +132,30 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'email' => [
 			'value' => $GLOBALS['email'] ?? '',
 			'output_name' => 'E-Mail',
 			'type' => 'text',
-			'error_check' => 'email'
+			'error_check' => 'email',
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'last_name' => [
 			'value' => $GLOBALS['last_name'] ?? '',
 			'output_name' => 'Last Name',
-			'type' => 'text'
+			'type' => 'text',
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'first_name' => [
 			'value' => $GLOBALS['first_name'] ?? '',
 			'output_name' => 'First Name',
-			'type' => 'text'
+			'type' => 'text',
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'lock_until' => [
 			'value' => $GLOBALS['lock_until'] ?? '',
@@ -136,6 +164,8 @@ $edit_users = [
 			'error_check' => 'datetime',
 			'sql_read' => 'YYYY-MM-DD HH24:MI',
 			'datetime' => 1,
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'lock_after' => [
 			'value' => $GLOBALS['lock_after'] ?? '',
@@ -143,7 +173,8 @@ $edit_users = [
 			'type' => 'datetime',
 			'error_check' => 'datetime',
 			'sql_read' => 'YYYY-MM-DD HH24:MI',
-			'datetime' => 1,
+			'datetime' => 1,'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'login_user_id' => [
 			'value' => $GLOBALS['login_user_id'] ?? '',
@@ -151,19 +182,22 @@ $edit_users = [
 			'type' => 'text',
 			'error_check' => 'unique|custom',
 			'error_regex' => "/^[A-Za-z0-9]+$/",
-			'emptynull' => 1,
+			'emptynull' => 1,'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'login_user_id_set_date' => [
 			'output_name' => 'loginUserId set date',
 			'value' => $GLOBALS['login_user_id_set_date'] ?? '',
 			'type' => 'view',
-			'empty' => '-'
+			'empty' => '-',
+			'min_show_acl' => '100',
 		],
 		'login_user_id_last_revalidate' => [
 			'output_name' => 'loginUserId last revalidate date',
 			'value' => $GLOBALS['login_user_id_last_revalidate'] ?? '',
 			'type' => 'view',
-			'empty' => '-'
+			'empty' => '-',
+			'min_show_acl' => '100',
 		],
 		'login_user_id_locked' => [
 			'value' => $GLOBALS['login_user_id_locked'] ?? '',
@@ -174,6 +208,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'login_user_id_revalidate_after' => [
 			'value' => $GLOBALS['login_user_id_revalidate_after'] ?? '',
@@ -182,7 +218,9 @@ $edit_users = [
 			'error_check' => 'intervalshort',
 			'interval' => 1, // interval needs NULL write for empty
 			'size' => 5, // make it 5 chars long
-			'length' => 5
+			'length' => 5,
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'login_user_id_valid_from' => [
 			'value' => $GLOBALS['login_user_id_valid_from'] ?? '',
@@ -191,6 +229,8 @@ $edit_users = [
 			'error_check' => 'datetime',
 			'sql_read' => 'YYYY-MM-DD HH24:MI',
 			'datetime' => 1,
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'login_user_id_valid_until' => [
 			'value' => $GLOBALS['login_user_id_valid_until'] ?? '',
@@ -199,6 +239,8 @@ $edit_users = [
 			'error_check' => 'datetime',
 			'sql_read' => 'YYYY-MM-DD HH24:MI',
 			'datetime' => 1,
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'edit_language_id' => [
 			'value' => $GLOBALS['edit_language_id'] ?? '',
@@ -206,14 +248,18 @@ $edit_users = [
 			'mandatory' => 1,
 			'int' => 1,
 			'type' => 'drop_down_db',
-			'query' => "SELECT edit_language_id, long_name FROM edit_language WHERE enabled = 1 ORDER BY order_number"
+			'query' => "SELECT edit_language_id, long_name FROM edit_language WHERE enabled = 1 ORDER BY order_number",
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'edit_scheme_id' => [
 			'value' => $GLOBALS['edit_scheme_id'] ?? '',
 			'output_name' => 'Scheme',
 			'int_null' => 1,
 			'type' => 'drop_down_db',
-			'query' => "SELECT edit_scheme_id, name FROM edit_scheme WHERE enabled = 1 ORDER BY name"
+			'query' => "SELECT edit_scheme_id, name FROM edit_scheme WHERE enabled = 1 ORDER BY name",
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'edit_group_id' => [
 			'value' => $GLOBALS['edit_group_id'] ?? '',
@@ -221,7 +267,9 @@ $edit_users = [
 			'int' => 1,
 			'type' => 'drop_down_db',
 			'query' => "SELECT edit_group_id, name FROM edit_group WHERE enabled = 1 ORDER BY name",
-			'mandatory' => 1
+			'mandatory' => 1,
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'edit_access_right_id' => [
 			'value' => $GLOBALS['edit_access_right_id'] ?? '',
@@ -229,25 +277,30 @@ $edit_users = [
 			'mandatory' => 1,
 			'int' => 1,
 			'type' => 'drop_down_db',
-			'query' => "SELECT edit_access_right_id, name FROM edit_access_right ORDER BY level"
+			'query' => "SELECT edit_access_right_id, name FROM edit_access_right ORDER BY level",
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'login_error_count' => [
 			'output_name' => 'Login error count',
 			'value' => $GLOBALS['login_error_count'] ?? '',
 			'type' => 'view',
-			'empty' => '0'
+			'empty' => '0',
+			'min_show_acl' => '100',
 		],
 		'login_error_date_last' => [
 			'output_name' => 'Last login error',
 			'value' => $GLOBALS['login_error_date_liast'] ?? '',
 			'type' => 'view',
-			'empty' => '-'
+			'empty' => '-',
+			'min_show_acl' => '100',
 		],
 		'login_error_date_first' => [
 			'output_name' => 'First login error',
 			'value' => $GLOBALS['login_error_date_first'] ?? '',
 			'type' => 'view',
-			'empty' => '-'
+			'empty' => '-',
+			'min_show_acl' => '100',
 		],
 		'protected' => [
 			'value' => $GLOBALS['protected'] ?? '',
@@ -258,6 +311,8 @@ $edit_users = [
 				'1' => 'Yes',
 				'0' => 'No'
 			],
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 		'additional_acl' => [
 			'value' => $GLOBALS['additional_acl'] ?? '',
@@ -265,12 +320,27 @@ $edit_users = [
 			'type' => 'textarea',
 			'error_check' => 'json',
 			'rows' => 10,
-			'cols' => 60
+			'cols' => 60,
+			'min_edit_acl' => '100',
+			'min_show_acl' => '100',
 		],
 	],
 	'load_query' => "SELECT edit_user_id, username, enabled, deleted, "
 		. "strict, locked, login_error_count "
-		. "FROM edit_user ORDER BY username",
+		. "FROM edit_user "
+		// if base acl is not 90 only list enabled
+		// if not admin flag, do not list admin flagged
+		. (
+			!$GLOBALS['acl_admin'] ?
+				"WHERE admin = 0 "
+				. (
+					$GLOBALS['base_acl_level'] < 90 ?
+						"AND enabled = 1 " :
+						""
+				)
+			: ''
+		)
+		. "ORDER BY username",
 	'table_name' => 'edit_user',
 	'show_fields' => [
 		[
@@ -305,7 +375,12 @@ $edit_users = [
 		'edit_access_user' => [
 			'output_name' => 'Accounts',
 			'mandatory' => 1,
-			'delete' => 0, // set then reference entries are deleted, else the 'enable' flag is only set
+			// set then reference entries are deleted, else the 'enable' flag is only set
+			'delete' => 0,
+			// acl
+			'min_edit_acl' => '40',
+			'min_show_acl' => '20',
+			// table read prefix
 			'prefix' => 'ecu',
 			'read_data' => [
 				'table_name' => 'edit_access',
diff --git a/www/includes/templates/admin/edit_body.tpl b/www/includes/templates/admin/edit_body.tpl
index 926d244d..0486b6a7 100644
--- a/www/includes/templates/admin/edit_body.tpl
+++ b/www/includes/templates/admin/edit_body.tpl
@@ -83,13 +83,8 @@ function pop(theURL, winName, features) {
 	<td width="{$table_width}" class="edit_bgcolor">
 		<form method="post" name="edit_form" style="margin-block-end: 0em;">
 		<table width="100%" border="0" cellpadding="2" cellspacing="1">
-	 <!-- LOAD START //-->
 	{include file="edit_load.tpl"}
-	 <!-- LOAD END //-->
-	 <!-- NEW START //-->
 	{include file="edit_new.tpl"}
-	{* $form_create_new*}
-	 <!-- NEW END //-->
 	{if $form_yes}
 		{include file="edit_save_delete.tpl"}
 		{if $form_my_page_name == "edit_pages" && $filename_exist}
diff --git a/www/includes/templates/admin/edit_elements.tpl b/www/includes/templates/admin/edit_elements.tpl
index be8c0ef3..5df4fdf7 100644
--- a/www/includes/templates/admin/edit_elements.tpl
+++ b/www/includes/templates/admin/edit_elements.tpl
@@ -8,6 +8,7 @@
 	********************************************************************
 *}
 {foreach from=$elements item=element key=key name=loop}
+{if $element.allow_edit}
 	<tr>
 		<td class="edit_fgcolor" class="normal" valign="top">
 			{$element.output_name}
@@ -129,4 +130,21 @@
 		{/if}
 		</td>
 	</tr>
+{elseif $element.allow_show}
+	<tr>
+		<td class="edit_fgcolor" class="normal" valign="top">
+			{$element.output_name}
+		</td>
+		<td class="{$element.color}" class="normal">
+			{if $element.type != 'view'}
+			{$element.show_value}
+			<input type="hidden" name="{$element.data.name}" value="{$element.show_value}">
+			{else}
+			{$element.data.value}
+			{/if}
+		</td>
+	</tr>
+{* {else}
+<!-- No {$key} --> *}
+{/if}
 {/foreach}
diff --git a/www/includes/templates/admin/edit_load.tpl b/www/includes/templates/admin/edit_load.tpl
index 4dbe89fe..8b779655 100644
--- a/www/includes/templates/admin/edit_load.tpl
+++ b/www/includes/templates/admin/edit_load.tpl
@@ -7,7 +7,7 @@
 	* HISTORY:
 	********************************************************************
 *}
-
+<!-- LOAD START //-->
 <tr>
 	<td class="edit_fgcolor_alt" class="normal">
 		Load:
@@ -20,3 +20,4 @@
 		<input type="submit" name="archive" value="{t}Load{/t}">
 	</td>
 </tr>
+<!-- LOAD END //-->
diff --git a/www/includes/templates/admin/edit_new.tpl b/www/includes/templates/admin/edit_new.tpl
index bb678f8d..69df3b14 100644
--- a/www/includes/templates/admin/edit_new.tpl
+++ b/www/includes/templates/admin/edit_new.tpl
@@ -7,7 +7,8 @@
 	* HISTORY:
 	********************************************************************
 *}
-
+{if $new.seclevel_okay}
+	<!-- NEW START //-->
 	<tr>
 		<td class="edit_fgcolor_alt" class="normal">
 			{t}Create new media:{/t}
@@ -21,3 +22,5 @@
 			<input type="submit" name="new" value="{$new.new_name}">
 		</td>
 	</tr>
+	<!-- NEW END //-->
+{/if}
diff --git a/www/includes/templates/admin/edit_save_delete.tpl b/www/includes/templates/admin/edit_save_delete.tpl
index fb70945d..b23b79a7 100644
--- a/www/includes/templates/admin/edit_save_delete.tpl
+++ b/www/includes/templates/admin/edit_save_delete.tpl
@@ -7,16 +7,18 @@
 	* HISTORY:
 	********************************************************************
 *}
-	<tr>
 	{if $save_delete.seclevel_okay}
+	<tr>
+		<!-- SAVE START //-->
 		<td class="edit_fgcolor_alt" class="normal">
 			<input type="submit" name="save" value="{$save_delete.save}">
 		{if $save_delete.old_school_hidden}
 			<input type="hidden" name="{$save_delete.pk_name}" value="{$save_delete.pk_value}">
 		{/if}
 		</td>
-	{/if}
+		<!-- SAVE END //-->
 	{if $save_delete.show_delete}
+		<!-- DELETE START //-->
 		<td class="edit_fgcolor_delete">
 			{if !$save_delete.hide_delete_checkbox}
 			<input type="checkbox" name="really_delete" value="yes">&nbsp;{t}really{/t}&nbsp;
@@ -24,9 +26,11 @@
 			<input type="hidden" name="really_delete" value="yes">
 			{/if}
 			<input type="submit" name="delete" value="{t}Delete{/t}">
+			<!-- DELETE END //-->
 	{else}
 		<td class="edit_fgcolor_alt" class="normal">
             &nbsp;
 	{/if}
 		</td>
 	</tr>
+	{/if}
diff --git a/www/lib/CoreLibs/ACL/Login.php b/www/lib/CoreLibs/ACL/Login.php
index fbb36163..732cd8d9 100644
--- a/www/lib/CoreLibs/ACL/Login.php
+++ b/www/lib/CoreLibs/ACL/Login.php
@@ -1131,6 +1131,9 @@ class Login
 
 		$html_string = (string)$this->login_template['template'];
 
+		$locales = $this->l->parseLocale($this->l->getLocale());
+		$this->login_template['strings']['LANGUAGE'] = $locales['lang'] ?? 'en';
+
 		// if password change is okay
 		if ($this->password_change) {
 			$html_string_password_change = $this->login_template['password_change'];
@@ -1334,7 +1337,7 @@ EOM;
 		if (!$this->login_template['template']) {
 			$this->login_template['template'] = <<<EOM
 <!DOCTYPE html>
-<html lang="en">
+<html lang="{LANGUAGE}">
 <head>
 <title>{HTML_TITLE}</title>
 <style type="text/css">
@@ -1617,7 +1620,7 @@ EOM;
 		// set the locale
 		if (
 			$this->session->checkActiveSession() === true &&
-			!empty($_SESSION['DEFAULT_LANG'])
+			!empty($_SESSION['DEFAULT_LOCALE'])
 		) {
 			$locale = $_SESSION['DEFAULT_LOCALE'] ?? '';
 		} else {
diff --git a/www/lib/CoreLibs/Convert/MimeEncode.php b/www/lib/CoreLibs/Convert/MimeEncode.php
index 8f959d83..73a3254d 100644
--- a/www/lib/CoreLibs/Convert/MimeEncode.php
+++ b/www/lib/CoreLibs/Convert/MimeEncode.php
@@ -26,6 +26,7 @@ class MimeEncode
 		string $encoding,
 		string $line_break = "\r\n"
 	): string {
+		$current_internal_encoding = mb_internal_encoding();
 		// set internal encoding, so the mimeheader encode works correctly
 		mb_internal_encoding($encoding);
 		// if a subject, make a work around for the broken mb_mimencode
@@ -60,6 +61,9 @@ class MimeEncode
 		}
 		// strip out any spaces BEFORE a line break
 		$string = str_replace(" " . $line_break, $line_break, $_string);
+		// before we end, reset internal encoding
+		mb_internal_encoding($current_internal_encoding);
+		// return mime encoded string
 		return $string;
 	}
 }
diff --git a/www/lib/CoreLibs/Create/Email.php b/www/lib/CoreLibs/Create/Email.php
index 1c1cba11..def74379 100644
--- a/www/lib/CoreLibs/Create/Email.php
+++ b/www/lib/CoreLibs/Create/Email.php
@@ -45,27 +45,26 @@ class Email
 		string $encoding = 'UTF-8',
 		bool $kv_folding = false
 	): string {
-		if (!empty($email_name)) {
-			// if encoding is not UTF-8 then we convert
-			if ($encoding != 'UTF-8') {
-				$email_name = mb_convert_encoding($email_name, $encoding, 'UTF-8');
-			}
-			$email_name =
-				mb_encode_mimeheader(
-					in_array($encoding, self::$encoding_kv_allowed) && $kv_folding ?
-						mb_convert_kana(
-							$email_name,
-							self::$mb_convert_kana_mode,
-							$encoding
-						) :
-						$email_name,
-					$encoding
-				);
-			return '"' . $email_name . '" '
-				. '<' . (string)$email . '>';
-		} else {
+		if (empty($email_name)) {
 			return $email;
 		}
+		// if encoding is not UTF-8 then we convert
+		if ($encoding != 'UTF-8') {
+			$email_name = mb_convert_encoding($email_name, $encoding, 'UTF-8');
+		}
+		$email_name =
+			mb_encode_mimeheader(
+				in_array($encoding, self::$encoding_kv_allowed) && $kv_folding ?
+					mb_convert_kana(
+						$email_name,
+						self::$mb_convert_kana_mode,
+						$encoding
+					) :
+					$email_name,
+				$encoding
+			);
+		return '"' . $email_name . '" '
+			. '<' . (string)$email . '>';
 	}
 
 	/**
diff --git a/www/lib/CoreLibs/DB/Extended/ArrayIO.php b/www/lib/CoreLibs/DB/Extended/ArrayIO.php
index 3da3ab80..51432224 100644
--- a/www/lib/CoreLibs/DB/Extended/ArrayIO.php
+++ b/www/lib/CoreLibs/DB/Extended/ArrayIO.php
@@ -46,21 +46,28 @@ class ArrayIO extends \CoreLibs\DB\IO
 	public $pk_name = ''; // the primary key from this table
 	/** @var int|string|null */
 	public $pk_id; // the PK id
+	// security values
+	/** @var int base acl for current page */
+	private $base_acl_level = 0;
 
 	/**
 	 * constructor for the array io class, set the
 	 * primary key name automatically (from array)
 	 *
-	 * @param array<mixed> $db_config   db connection config
-	 * @param array<mixed> $table_array table array config
-	 * @param string       $table_name  table name string
+	 * @param array<mixed> $db_config      db connection config
+	 * @param array<mixed> $table_array    table array config
+	 * @param string       $table_name     table name string
 	 * @param \CoreLibs\Debug\Logging|null $log Logging class, default set if not set
+	 * @param int          $base_acl_level Set base acl level, if needed
+	 * @param int          $acl_admin      Flag if this is an admin ACL access level
 	 */
 	public function __construct(
 		array $db_config,
 		array $table_array,
 		string $table_name,
-		\CoreLibs\Debug\Logging $log = null
+		\CoreLibs\Debug\Logging $log = null,
+		int $base_acl_level = 0,
+		int $acl_admin = 0
 	) {
 		// instance db_io class
 		parent::__construct($db_config, $log ?? new \CoreLibs\Debug\Logging());
@@ -79,6 +86,7 @@ class ArrayIO extends \CoreLibs\DB\IO
 				}
 			}
 		} // set pk_name IF table_array was given
+		$this->dbArrayIOSetAcl($base_acl_level, $acl_admin);
 	}
 
 	/**
@@ -89,6 +97,33 @@ class ArrayIO extends \CoreLibs\DB\IO
 		parent::__destruct();
 	}
 
+	/**
+	 * set the base acl level and admin acl flag
+	 * This is needed for table array ACL checks
+	 * if not set I assume 0 (non write/non read/non admin)
+	 *
+	 * @param  int  $base_acl_level ACL Level from 0 to 100, -1 is not allowed
+	 *                              Will sett 0 if invalid
+	 * @param  int  $acl_admin      0 for non admin, 1 for admin (base acl is 100)
+	 * @return void
+	 */
+	public function dbArrayIOSetAcl(int $base_acl_level, int $acl_admin): void
+	{
+		// default not allowed, must be 0 at least
+		if ($base_acl_level < 0) {
+			$base_acl_level = 0;
+		}
+		// only 0 or 1 allowed
+		if (!in_array($acl_admin, [0, 1])) {
+			$acl_admin = 0;
+		}
+		// if the user is admin flagged, auto set to 100, if not already set to 100
+		if ($acl_admin == 1) {
+			$base_acl_level = 100;
+		}
+		$this->base_acl_level = $base_acl_level;
+	}
+
 	/**
 	 * changes all previously alterd HTML code into visible one,
 	 * works for <b>,<i>, and <a> (thought <a> can be / or should
@@ -191,9 +226,10 @@ class ArrayIO extends \CoreLibs\DB\IO
 	 *
 	 * @param  array<mixed> $table_array optional override for table array set
 	 *                                   set this as new table array too
+	 * @param  boolean      $acl_limit   [false], if set to true, well do ACL limit check
 	 * @return array<mixed>              returns the table array that was deleted
 	 */
-	public function dbDelete($table_array = [])
+	public function dbDelete($table_array = [], $acl_limit = false)
 	{
 		// is array and has values, override set and set new
 		if (is_array($table_array) && count($table_array)) {
@@ -202,6 +238,11 @@ class ArrayIO extends \CoreLibs\DB\IO
 		if (!$this->dbCheckPkSet()) {
 			return $this->table_array;
 		}
+		if ($acl_limit === true && $this->base_acl_level < 100) {
+			$this->log->debug('DB DELETE ERROR', 'ACL Limit on, Delete, '
+				. 'but base ACL level of 100 not met: ' . $this->base_acl_level);
+			return $this->table_array;
+		}
 		// delete query
 		$q = 'DELETE FROM ' . $this->table_name . ' WHERE ';
 		$q .= $this->pk_name . ' = ' . $this->table_array[$this->pk_name]['value'] . ' ';
@@ -338,10 +379,14 @@ class ArrayIO extends \CoreLibs\DB\IO
 	 *
 	 * @param  boolean      $addslashes  old convert entities and set set escape
 	 * @param  array<mixed> $table_array optional table array, overwrites internal one
+	 * @param  boolean      $acl_limit   [false], if set to true, well do ACL limit check
 	 * @return array<mixed>              table array or null
 	 */
-	public function dbWrite($addslashes = false, $table_array = [])
-	{
+	public function dbWrite(
+		bool $addslashes = false,
+		array $table_array = [],
+		bool $acl_limit = false
+	): array {
 		if (is_array($table_array) && count($table_array)) {
 			$this->table_array = $table_array;
 		}
@@ -355,6 +400,12 @@ class ArrayIO extends \CoreLibs\DB\IO
 		} else {
 			$insert = 0;
 		}
+		// early abort for new write with not enough ACL level
+		if ($insert && $acl_limit === true && $this->base_acl_level < 100) {
+			$this->log->debug('DB WRITE ERROR', 'ACL Limit on, Insert, '
+				. 'but base ACL level of 100 not met: ' . $this->base_acl_level);
+			return $this->table_array;
+		}
 
 		reset($this->table_array);
 		$q_data = '';
@@ -408,11 +459,25 @@ class ArrayIO extends \CoreLibs\DB\IO
 			/********************************* END FILE **************************************/
 
 			// do not write 'pk' (primary key) or 'view' values
+			// also do not write UPDATE for elements that are
+			// acl flagged, not if we have an ACL limiter, don't insert
+			// $this->log->debug('DB WRITE', 'C: ' . $column . ', '
+			// 	. 'ACL Level ' . $this->log->prBl($acl_limit) . ', '
+			// 	. 'TA ACL: ' . ($this->table_array[$column]['min_edit_acl'] ?? 100) . ', '
+			// 	. 'Base ACL: ' . $this->base_acl_level);
 			if (
 				!isset($this->table_array[$column]['pk']) &&
 				isset($this->table_array[$column]['type']) &&
 				$this->table_array[$column]['type'] != 'view' &&
-				strlen($column) > 0
+				strlen($column) > 0 &&
+				// no acl limiter
+				($acl_limit === false ||
+				(
+					// acl limit is true, min edit must be at larger than set
+					$acl_limit === true &&
+					$this->base_acl_level >=
+						($this->table_array[$column]['min_edit_acl'] ?? 100)
+				))
 			) {
 				// for password use hidden value if main is not set
 				if (
@@ -510,6 +575,11 @@ class ArrayIO extends \CoreLibs\DB\IO
 			}
 		} // while ...
 
+		if (empty($q_data)) {
+			$this->log->debug('DB WRITE ERROR', 'No data to write, possible through ACL');
+			return $this->table_array;
+		}
+
 		// NOW get PK, and FK settings (FK only for update query)
 		// get it at the end, cause now we can be more sure of no double IDs, etc
 		reset($this->table_array);
diff --git a/www/lib/CoreLibs/Output/Form/Generate.php b/www/lib/CoreLibs/Output/Form/Generate.php
index 1c850891..61b4310b 100644
--- a/www/lib/CoreLibs/Output/Form/Generate.php
+++ b/www/lib/CoreLibs/Output/Form/Generate.php
@@ -270,9 +270,11 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	public $save;
 	/** @var string */
 	public $remove_button;
-	// security publics
-	/** @var int */
-	public $base_acl_level;
+	// security values
+	/** @var int base acl for current page */
+	private $base_acl_level = 0;
+	/** @var int admin master flag (1/0) */
+	private $acl_admin = 0;
 	/** @var array<mixed> */
 	public $security_level;
 	// layout publics
@@ -336,6 +338,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		// load config array
 		// get table array definitions for current page name
 
+		// security settings
+		$this->base_acl_level = (int)$_SESSION['BASE_ACL_LEVEL'];
+		$this->acl_admin = (int)$_SESSION['ADMIN'];
+		$GLOBALS['base_acl_level'] = $this->base_acl_level;
+		$GLOBALS['acl_admin'] = $this->acl_admin;
+
 		// first check if we have a in page override as $table_arrays[page name]
 		if (
 			/* isset($GLOBALS['table_arrays']) &&
@@ -348,7 +356,8 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			// $config_array = $GLOBALS['table_arrays'][System::getPageName(1)];
 			$config_array = $table_arrays[System::getPageName(1)];
 		} else {
-			// WARNING: auto spl load does not work with this as it is an array and not a function/object
+			// WARNING: auto spl load does not work with this as it is an array
+			// and not a function/object
 			// check if this is the old path or the new path
 			// check local folder in current path
 			// then check general global folder
@@ -383,8 +392,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$db_config,
 			$config_array['table_array'],
 			$config_array['table_name'],
-			$log ?? new \CoreLibs\Debug\Logging()
+			$log ?? new \CoreLibs\Debug\Logging(),
+			// set the ACL
+			$this->base_acl_level,
+			$this->acl_admin
 		);
+		// $this->log->debug('SESSION FORM', 'sessin: ' . $this->log->prAr($_SESSION));
 		// here should be a check if the config_array is correct ...
 		if (isset($config_array['show_fields']) && is_array($config_array['show_fields'])) {
 			$this->field_array = $config_array['show_fields'];
@@ -392,6 +405,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		if (isset($config_array['load_query']) && $config_array['load_query']) {
 			$this->load_query = $config_array['load_query'];
 		}
+		if (empty($this->load_query)) {
+			$this->log->debug('INIT ERROR', 'Missing Load Query for: ' . $this->my_page_name);
+		}
 		$this->archive_pk_name = 'a_' . $this->pk_name;
 		$this->col_name = str_replace('_id', '', $this->pk_name);
 		$this->int_pk_name = $this->pk_name;
@@ -416,8 +432,6 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		$this->save = $_POST['save'] ?? '';
 		$this->remove_button = $_POST['remove_button'] ?? '';
 
-		// security settings
-		$this->base_acl_level = $_SESSION['BASE_ACL_LEVEL'] ?? 0;
 		// security levels for buttons/actions
 		// if array does not exists create basic
 		if (
@@ -428,9 +442,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			)
 		) {
 			$this->security_level = [
-				'load' => 100,
+				'load' => 20,
 				'new' => 100,
-				'save' => 100,
+				'save' => 40,
 				'delete' => 100
 			];
 		} else {
@@ -438,9 +452,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$this->security_level = isset($config_array['security_level']) ?
 				$config_array['security_level'] :
 				[
-					'load' => 100,
+					'load' => 20,
 					'new' => 100,
-					'save' => 100,
+					'save' => 40,
 					'delete' => 100
 				];
 		}
@@ -489,8 +503,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	 * @param  string|null   $key_value value to match to (optional)
 	 * @return string|null              returns key found or empty string
 	 */
-	public function formGetColNameFromKey(string $want_key, ?string $key_value = null): ?string
-	{
+	public function formGetColNameFromKey(
+		string $want_key,
+		?string $key_value = null
+	): ?string {
 		if (!is_array($this->table_array)) {
 			$this->table_array = [];
 		}
@@ -513,8 +529,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	 * @param  string|null $key_value if set searches for special right value
 	 * @return array<mixed>           found key fields
 	 */
-	public function formGetColNameArrayFromKey(string $want_key, ?string $key_value = null): array
-	{
+	public function formGetColNameArrayFromKey(
+		string $want_key,
+		?string $key_value = null
+	): array {
 		$key_array = [];
 		if (!is_array($this->table_array)) {
 			$this->table_array = [];
@@ -648,8 +666,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	 * @param  array<mixed> $remove_name  key names that should be removed
 	 * @return void                       has no return
 	 */
-	public function formProcedureDeleteFromElementList(array $element_list, array $remove_name): void
-	{
+	public function formProcedureDeleteFromElementList(
+		array $element_list,
+		array $remove_name
+	): void {
 		/** @phan-suppress-next-line PhanTypeArraySuspiciousNullable */
 		$this->log->debug('REMOVE ELEMENT', 'Remove REF ELEMENT: ' . $this->base_acl_level . ' >= '
 			. $this->security_level['delete']);
@@ -752,55 +772,72 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		$t_pk_name = '';
 		$pk_names = [];
 		$pk_ids = [];
+		$seclevel_okay = false;
+		// for error abort only
+		$return_array = [
+			't_pk_name' => $t_pk_name,
+			'pk_ids' => $pk_ids,
+			'pk_names' => $pk_names,
+			'pk_selected' => $pk_selected,
+			'seclevel_okay' => $seclevel_okay,
+		];
 		// when security level is okay ...
 		if (
-			isset($this->security_level['load']) &&
-			$this->base_acl_level >= $this->security_level['load']
+			empty($this->security_level['load']) ||
+			$this->base_acl_level < $this->security_level['load']
 		) {
-			$t_pk_name = $this->archive_pk_name;
+			return $return_array;
+		}
+		if (empty($this->load_query)) {
+			$this->log->debug('LOAD LIST ERROR', 'Missing load list query');
+			return $return_array;
+		}
 
-			// load list data
-			$this->dbExec($this->load_query);
-			while (is_array($res = $this->dbFetchArray())) {
-				$pk_ids[] = $res[$this->int_pk_name];
-				if (
-					isset($this->table_array[$this->int_pk_name]['value']) &&
-					$res[$this->int_pk_name] == $this->table_array[$this->int_pk_name]['value']
-				) {
-					$pk_selected = $res[$this->int_pk_name];
-				}
-				$t_string = '';
-				foreach ($this->field_array as $i => $field_array) {
-					if ($t_string) {
-						$t_string .= ', ';
-					}
-					if (isset($field_array['before_value'])) {
-						$t_string .= $field_array['before_value'];
-					}
-					// must have res element set
-					if (
-						isset($field_array['name']) &&
-						isset($res[$field_array['name']])
-					) {
-						if (isset($field_array['binary'])) {
-							if (isset($field_array['binary'][0])) {
-								$t_string .= $field_array['binary'][0];
-							} elseif (isset($field_array['binary'][1])) {
-								$t_string .= $field_array['binary'][1];
-							}
-						} else {
-							$t_string .= $res[$field_array['name']];
-						}
-					}
-				}
-				$pk_names[] = $t_string;
+		$t_pk_name = $this->archive_pk_name;
+
+		// load list data
+		$this->dbExec($this->load_query);
+		while (is_array($res = $this->dbFetchArray())) {
+			$pk_ids[] = $res[$this->int_pk_name];
+			if (
+				isset($this->table_array[$this->int_pk_name]['value']) &&
+				$res[$this->int_pk_name] == $this->table_array[$this->int_pk_name]['value']
+			) {
+				$pk_selected = $res[$this->int_pk_name];
 			}
-		} // show it at all
+			$t_string = '';
+			foreach ($this->field_array as $i => $field_array) {
+				if ($t_string) {
+					$t_string .= ', ';
+				}
+				if (isset($field_array['before_value'])) {
+					$t_string .= $field_array['before_value'];
+				}
+				// must have res element set
+				if (
+					isset($field_array['name']) &&
+					isset($res[$field_array['name']])
+				) {
+					if (isset($field_array['binary'])) {
+						if (isset($field_array['binary'][0])) {
+							$t_string .= $field_array['binary'][0];
+						} elseif (isset($field_array['binary'][1])) {
+							$t_string .= $field_array['binary'][1];
+						}
+					} else {
+						$t_string .= $res[$field_array['name']];
+					}
+				}
+			}
+			$pk_names[] = $t_string;
+		}
+		$seclevel_okay = true;
 		return [
 			't_pk_name' => $t_pk_name,
 			'pk_ids' => $pk_ids,
 			'pk_names' => $pk_names,
-			'pk_selected' => $pk_selected
+			'pk_selected' => $pk_selected,
+			'seclevel_okay' => $seclevel_okay,
 		];
 	}
 
@@ -808,30 +845,38 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	 * Create new entry element for HTML output
 	 *
 	 * @param  bool $hide_new_checkbox  show or hide the new checkbox, default is false
-	 * @return array<string,string|int> return the new create array with name & checkbox show flag
+	 * @return array<string,string|bool> return the new create array with name & checkbox show flag
 	 */
-	public function formCreateNew($hide_new_checkbox = false): array
+	public function formCreateNew(bool $hide_new_checkbox = false): array
 	{
-		$show_checkbox = 0;
+		$show_checkbox = false;
 		$new_name = '';
+		$seclevel_okay = false;
 		// when security level is okay
 		if (
-			isset($this->security_level['new']) &&
-			$this->base_acl_level >= $this->security_level['new']
+			empty($this->security_level['new']) ||
+			$this->base_acl_level < $this->security_level['new']
 		) {
-			if ($this->yes && !$hide_new_checkbox) {
-				$show_checkbox = 1;
-			}
-			// set type of new name
-			if ($this->yes) {
-				$new_name = $this->l->__('Clear all and create new');
-			} else {
-				$new_name = $this->l->__('New');
-			}
-		} // security level okay
+			return [
+				'new_name' => $new_name,
+				'show_checkbox' => $show_checkbox,
+				'seclevel_okay' => $seclevel_okay,
+			];
+		}
+		if ($this->yes && !$hide_new_checkbox) {
+			$show_checkbox = false;
+		}
+		// set type of new name
+		if ($this->yes) {
+			$new_name = $this->l->__('Clear all and create new');
+		} else {
+			$new_name = $this->l->__('New');
+		}
+		$seclevel_okay = true;
 		return [
 			'new_name' => $new_name,
-			'show_checkbox' => $show_checkbox
+			'show_checkbox' => $show_checkbox,
+			'seclevel_okay' => $seclevel_okay,
 		];
 	}
 
@@ -842,42 +887,57 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	 * @return array<string,mixed>         return the hide/show delete framework
 	 *                                     for html creation
 	 */
-	public function formCreateSaveDelete($hide_delete = false, $hide_delete_checkbox = false): array
-	{
-		$seclevel_okay = 0;
+	public function formCreateSaveDelete(
+		bool $hide_delete = false,
+		bool $hide_delete_checkbox = false,
+		bool $old_school_hidden = false
+	): array {
+		$seclevel_okay = false;
 		$save = '';
 		$pk_name = '';
 		$pk_value = '';
-		$show_delete = 0;
-		$old_school_hidden = 0;
+		$show_delete = false;
 		if (
-			(isset($this->security_level['save']) &&
-				$this->base_acl_level >= $this->security_level['save']) ||
-			(isset($this->security_level['delete']) &&
-				$this->base_acl_level >= $this->security_level['delete'])
+			(empty($this->security_level['save']) ||
+			$this->base_acl_level < $this->security_level['save']) &&
+			(empty($this->security_level['delete']) ||
+			$this->base_acl_level < $this->security_level['delete'])
 		) {
-			if ($this->base_acl_level >= $this->security_level['save']) {
-				$seclevel_okay = 1;
-				if (empty($this->table_array[$this->int_pk_name]['value'])) {
-					$save = $this->l->__('Save');
-				} else {
-					$save = $this->l->__('Update');
-				}
-				// print the old_school hidden if requestet
-				if ($old_school_hidden == 1) { /** @phpstan-ignore-line Unclear logic */
-					$pk_name = $this->int_pk_name;
-					$pk_value = $this->table_array[$this->int_pk_name]['value'];
-				}
-			} // show save part
-			// show delete part only if pk is set && we want to see the delete
-			if (
-				!empty($this->table_array[$this->int_pk_name]['value']) &&
-				!$hide_delete &&
-				$this->base_acl_level >= $this->security_level['delete']
-			) {
-				$show_delete = 1;
+			return [
+				'seclevel_okay' => $seclevel_okay,
+				'save' => $save,
+				'pk_name' => $pk_name,
+				'pk_value' => $pk_value,
+				'show_delete' => $show_delete,
+				'old_school_hidden' => $old_school_hidden,
+				'hide_delete_checkbox' => $hide_delete_checkbox
+			];
+		}
+		if (
+			!empty($this->security_level['save']) &&
+			$this->base_acl_level >= $this->security_level['save']
+		) {
+			$seclevel_okay = true;
+			if (empty($this->table_array[$this->int_pk_name]['value'])) {
+				$save = $this->l->__('Save');
+			} else {
+				$save = $this->l->__('Update');
 			}
-		} // print save/delete row at all$
+			// print the old_school hidden if requestet
+			if ($old_school_hidden === true) {
+				$pk_name = $this->int_pk_name;
+				$pk_value = $this->table_array[$this->int_pk_name]['value'];
+			}
+		} // show save part
+		// show delete part only if pk is set && we want to see the delete
+		if (
+			!empty($this->table_array[$this->int_pk_name]['value']) &&
+			!$hide_delete &&
+			!empty($this->security_level['delete']) &&
+			$this->base_acl_level >= $this->security_level['delete']
+		) {
+			$show_delete = true;
+		}
 		return [
 			'seclevel_okay' => $seclevel_okay,
 			'save' => $save,
@@ -921,11 +981,16 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		}
 		// create right side depending on 'definiton' in table_array
 		$type = $this->table_array[$element_name]['type'];
+		// set default min edit/read to 100 (admin)
+		$min_edit_acl = $this->table_array[$element_name]['min_edit_acl'] ?? 100;
+		$min_show_acl = $this->table_array[$element_name]['min_show_acl'] ?? 100;
+		$show_value = '-';
 		// view only output
 		if ($this->table_array[$element_name]['type'] == 'view') {
 			$data['value'] = empty($this->table_array[$element_name]['value']) ?
 				$this->table_array[$element_name]['empty'] :
 				$this->table_array[$element_name]['value'];
+			$show_value = $data['value'];
 		}
 		// binary true/false element
 		if ($this->table_array[$element_name]['type'] == 'binary') {
@@ -940,6 +1005,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 					(!$i && !$this->table_array[$element_name]['value']))
 				) {
 					$data['checked'] = $this->table_array[$element_name]['value'];
+					$show_value = $this->table_array[$element_name]['element_list'][$i] ?? $data['checked'];
 				}
 
 				if ($i) {
@@ -952,6 +1018,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$data['name'] = $element_name;
 			$data['value'][] = $this->table_array[$element_name]['element_list'];
 			$data['checked'] = $this->table_array[$element_name]['value'];
+			// array map element list + value
+			// foreach ($data['checked'] as $checked)
+			$show_value = join(', ', $data['checked']);
 		}
 		// normal text element
 		if ($this->table_array[$element_name]['type'] == 'text') {
@@ -959,6 +1028,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$data['value'] = $this->table_array[$element_name]['value'] ?? '';
 			$data['size'] = $this->table_array[$element_name]['size'] ?? '';
 			$data['length'] = $this->table_array[$element_name]['length'] ?? '';
+			$show_value = $data['value'];
 		}
 		// password element, does not write back the value
 		if ($this->table_array[$element_name]['type'] == 'password') {
@@ -971,11 +1041,13 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		if ($this->table_array[$element_name]['type'] == 'date') {
 			$data['name'] = $element_name;
 			$data['value'] = $this->table_array[$element_name]['value'] ?? '';
+			$show_value = $data['value'];
 		}
 		// date time (no sec) (YYYY-MM-DD HH:mm)
 		if ($this->table_array[$element_name]['type'] == 'datetime') {
 			$data['name'] = $element_name;
 			$data['value'] = $this->table_array[$element_name]['value'] ?? '';
+			$show_value = $data['value'];
 		}
 		// textarea
 		if ($this->table_array[$element_name]['type'] == 'textarea') {
@@ -983,6 +1055,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$data['value'] = $this->table_array[$element_name]['value'] ?? '';
 			$data['rows'] = $this->table_array[$element_name]['rows'] ?? '';
 			$data['cols'] = $this->table_array[$element_name]['cols'] ?? '';
+			$show_value = $data['value'];
 		}
 		// for drop_down_*
 		if (preg_match("/^drop_down_/", $this->table_array[$element_name]['type'])) {
@@ -1047,6 +1120,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 					$this->table_array[$element_name]['value'] == $res[0]
 				) {
 					$data['selected'] = $this->table_array[$element_name]['value'];
+					$show_value = $res[1];
 				}
 			}
 			// for _input put additional field next to drop down
@@ -1079,6 +1153,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$data['output'][] = $value;
 				if ($this->table_array[$element_name]['value'] == $key) {
 					$data['selected'] = $this->table_array[$element_name]['value'];
+					$show_value = $value;
 				}
 			}
 		}
@@ -1093,6 +1168,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				$data['output'][] = $value;
 				if ($this->table_array[$element_name]['value'] == $key) {
 					$data['checked'] = $this->table_array[$element_name]['value'];
+					$show_value = $value;
 				}
 				$data['separator'] = '';
 			}
@@ -1126,7 +1202,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			'output_name' => $output_name,
 			'color' => $EDIT_FGCOLOR_T,
 			'type' => $type,
-			'data' => $data
+			'data' => $data,
+			'show_value' => $show_value,
+			'allow_edit' => $this->base_acl_level >= $min_edit_acl ? 1 : 0,
+			'allow_show' => $this->base_acl_level >= $min_show_acl ? 1 : 0,
 		];
 	}
 
@@ -1146,6 +1225,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		}
 		reset($this->table_array);
 		foreach ($this->table_array as $key => $value) {
+			// skip if we are not allowe to write this anyway
+			// $this->log->debug('ERROR CHECK', 'ACL K: ' . $key . ', '
+			// 	. ($value['min_edit_acl'] ?? 100) . ' < ' . $this->base_acl_level);
+			if ($this->base_acl_level < ($value['min_edit_acl'] ?? 100)) {
+				continue;
+			}
 			//if ($value['mandatory'] && $value['error_check'])
 			// if error value set && somethign input, check if input okay
 			if (
@@ -1373,6 +1458,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		// do check for reference tables
 		reset($this->reference_array);
 		foreach ($this->reference_array as $key => $value) {
+			// skip if not allowed to write
+			if (
+				$this->base_acl_level < ($this->reference_array[$key]['min_edit_acl'] ?? 100)
+			) {
+				continue;
+			}
 			if (
 				isset($this->reference_array[$key]['mandatory']) &&
 				$this->reference_array[$key]['mandatory'] &&
@@ -1392,6 +1483,12 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 				if (!is_array($reference_array)) {
 					$reference_array = [];
 				}
+				// skip if not allowed to write
+				if (
+					$this->base_acl_level < ($this->reference_array['min_edit_acl'] ?? 100)
+				) {
+					continue;
+				}
 				// set pk/fk id for this
 				$_pk_name = '';
 				$_fk_name = '';
@@ -1567,32 +1664,33 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	{
 		// get order name
 		$order_name = $this->formGetColNameFromKey('order');
-		if ($order_name) {
-			// first check out of order ...
-			if (empty($this->table_array[$order_name]['value'])) {
-				// set order (read max)
-				$q = 'SELECT MAX(' . $order_name . ') + 1 AS max_page_order '
-					. 'FROM ' . $this->table_name;
-				if (
-					is_array($res = $this->dbReturnRow($q)) &&
-					!empty($res['max_page_order'])
-				) {
-					$this->table_array[$order_name]['value'] = $res['max_page_order'];
-				}
-				// frist element is 0 because NULL gets returned, set to 1
-				if (!$this->table_array[$order_name]['value']) {
-					$this->table_array[$order_name]['value'] = 1;
-				}
-			} elseif (!empty($this->table_array[$this->int_pk_name]['value'])) {
-				$q = 'SELECT ' . $order_name . ' AS order_name '
-					. 'FROM ' . $this->table_name . ' '
-					. 'WHERE ' . $this->int_pk_name . ' = ' . $this->table_array[$this->int_pk_name]['value'];
-				if (
-					is_array($res = $this->dbReturnRow($q)) &&
-					!empty($res['order_name'])
-				) {
-					$this->table_array[$order_name]['value'] = $res['order_name'];
-				}
+		if (empty($order_name)) {
+			return $this->table_array;
+		}
+		// first check out of order ...
+		if (empty($this->table_array[$order_name]['value'])) {
+			// set order (read max)
+			$q = 'SELECT MAX(' . $order_name . ') + 1 AS max_page_order '
+				. 'FROM ' . $this->table_name;
+			if (
+				is_array($res = $this->dbReturnRow($q)) &&
+				!empty($res['max_page_order'])
+			) {
+				$this->table_array[$order_name]['value'] = $res['max_page_order'];
+			}
+			// frist element is 0 because NULL gets returned, set to 1
+			if (!$this->table_array[$order_name]['value']) {
+				$this->table_array[$order_name]['value'] = 1;
+			}
+		} elseif (!empty($this->table_array[$this->int_pk_name]['value'])) {
+			$q = 'SELECT ' . $order_name . ' AS order_name '
+				. 'FROM ' . $this->table_name . ' '
+				. 'WHERE ' . $this->int_pk_name . ' = ' . $this->table_array[$this->int_pk_name]['value'];
+			if (
+				is_array($res = $this->dbReturnRow($q)) &&
+				!empty($res['order_name'])
+			) {
+				$this->table_array[$order_name]['value'] = $res['order_name'];
 			}
 		}
 		return $this->table_array;
@@ -1681,7 +1779,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	 * @param  bool $addslashes override internal addslasahes flag (default false)
 	 * @return void             has no return
 	 */
-	public function formSaveTableArray($addslashes = false)
+	public function formSaveTableArray(bool $addslashes = false)
 	{
 		// for drop_down_db_input check if text field is filled and if, if not yet in db ...
 		// and upload files
@@ -1827,7 +1925,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		//	. $this->table_array[$this->pk_name]['value'] . "/"
 		//	. $this->table_array[$this->int_pk_name]['value']);
 		// write the object
-		$this->dbWrite($addslashes);
+		$this->dbWrite($addslashes, [], true);
 		// write reference array (s) if necessary
 		if (is_array($this->reference_array)) {
 			if (!is_array($this->reference_array)) {
@@ -1852,6 +1950,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			$type = [];
 			reset($this->element_list);
 			foreach ($this->element_list as $table_name => $reference_array) {
+				// early skip if not enought ACL
+				if ($this->base_acl_level < ($reference_array['min_edit_acl'] ?? 100)) {
+					continue;
+				}
 				// init arrays
 				$q_begin = [];
 				$q_middle = [];
@@ -2157,7 +2259,14 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 	public function formCreateElementReferenceTable(string $table_name): array
 	{
 		$data = [];
+		//
+		$show_value = '';
+		// set default min edit/read to 100 (admin)
+		$min_edit_acl = $this->reference_array[$table_name]['min_edit_acl'] ?? 100;
+		$min_show_acl = $this->reference_array[$table_name]['min_show_acl'] ?? 100;
+		// output name
 		$output_name = $this->reference_array[$table_name]['output_name'];
+		// mandatory flag
 		if (
 			isset($this->reference_array[$table_name]['mandatory']) &&
 			$this->reference_array[$table_name]['mandatory']
@@ -2169,17 +2278,27 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 		while (is_array($res = $this->dbReturn($this->reference_array[$table_name]['query']))) {
 			$data['value'][] = $res[0];
 			$data['output'][] = $res[1];
-			$data['selected'][] = (\CoreLibs\Convert\Html::checked(
+			$selected = (\CoreLibs\Convert\Html::checked(
 				$this->reference_array[$table_name]['selected'] ?? '',
 				$res[0]
 			)) ? $res[0] : '';
+			$data['selected'][] = $selected;
+			if (!empty($selected)) {
+				if (!empty($show_value)) {
+					$show_value .= ", ";
+				}
+				$show_value .= $res[1];
+			}
 		}
 		$type = 'reference_table';
 		return [
 			'output_name' => $output_name,
 			'type' => $type,
 			'color' => 'edit_fgcolor',
-			'data' => $data
+			'data' => $data,
+			'show_value' => empty($show_value) ? '-' : $show_value,
+			'allow_edit' => $this->base_acl_level >= $min_edit_acl ? 1 : 0,
+			'allow_show' => $this->base_acl_level >= $min_show_acl ? 1 : 0,
 		];
 	}
 
@@ -2211,8 +2330,13 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			'pos' => [],
 			'table_name' => $table_name // sub table name
 		];
+		$show_value = '-';
+		// set default min edit/read to 100 (admin)
+		$min_edit_acl = $this->element_list[$table_name]['min_edit_acl'] ?? 100;
+		$min_show_acl = $this->element_list[$table_name]['min_show_acl'] ?? 100;
 		// output name for the viewable left table td box, prefixed with * if mandatory
 		$output_name = $this->element_list[$table_name]['output_name'];
+		// mandatory flag
 		if (
 			isset($this->element_list[$table_name]['mandatory']) &&
 			$this->element_list[$table_name]['mandatory']
@@ -2523,7 +2647,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
 			'output_name' => $output_name,
 			'type' => $type,
 			'color' => 'edit_fgcolor',
-			'data' => $data
+			'data' => $data,
+			'show_value' => $show_value,
+			'allow_edit' => $this->base_acl_level >= $min_edit_acl ? 1 : 0,
+			'allow_show' => $this->base_acl_level >= $min_show_acl ? 1 : 0,
 		];
 	}
 	// end of class