commit aaacdd165c1ded6dbbea92211592b6d7ae7e08f8
Author: Disassembler <disassembler@dasm.cz>
Date:   Thu Nov 1 10:10:35 2018 +0100

    Move vmmgr to separate app- directory

diff --git a/config.default.json b/config.default.json
new file mode 100644
index 0000000..2c11b70
--- /dev/null
+++ b/config.default.json
@@ -0,0 +1,19 @@
+{
+    "apps": {},
+    "common": {
+        "email": "admin@example.com",
+        "gmaps-api-key": ""
+    },
+    "host": {
+        "adminpwd": "${ADMINPWD}",
+        "domain": "spotter.vm",
+        "firstrun": true,
+        "port": "443"
+    },
+    "packages": {},
+    "repo": {
+        "pwd": "",
+        "url": "https://dl.dasm.cz/spotter-repo",
+        "user": ""
+    }
+}
diff --git a/mgr/__init__.py b/mgr/__init__.py
new file mode 100644
index 0000000..36326f5
--- /dev/null
+++ b/mgr/__init__.py
@@ -0,0 +1,364 @@
+# -*- coding: utf-8 -*-
+
+import os
+import shutil
+import subprocess
+
+from . import tools
+from . import validator
+from .config import Config
+
+VERSION = '0.0.1'
+
+ISSUE_FILE = '/etc/issue'
+NGINX_DIR = '/etc/nginx/conf.d'
+ACME_CRON = '/etc/periodic/daily/acme-sh'
+CERT_PUB_FILE = '/etc/ssl/services.pem'
+CERT_KEY_FILE = '/etc/ssl/services.key'
+CERT_SAN_FILE = '/etc/ssl/san.cnf'
+
+NGINX_TEMPLATE = '''server {{
+    listen [::]:{port} ssl http2;
+    server_name {host}.{domain};
+
+    access_log /var/log/nginx/{app}.access.log;
+    error_log /var/log/nginx/{app}.error.log;
+
+    location / {{
+        proxy_pass http://{app}:8080;
+    }}
+
+    error_page 502 /502.html;
+    location = /502.html {{
+        root /srv/vm/templates;
+    }}
+
+    location = /vm-ping {{
+        add_header Content-Type text/plain;
+        return 200 "vm-pong";
+    }}
+}}
+'''
+
+NGINX_DEFAULT_TEMPLATE = '''server {{
+    listen [::]:80 default_server ipv6only=off;
+
+    location / {{
+        return 301 https://$host:{port}$request_uri;
+    }}
+
+    location /.well-known/acme-challenge/ {{
+        root /etc/acme.sh.d;
+    }}
+
+    location = /vm-ping {{
+        add_header Content-Type text/plain;
+        return 200 "vm-pong";
+    }}
+}}
+
+server {{
+    listen [::]:{port} ssl http2 default_server ipv6only=off;
+
+    location / {{
+        proxy_pass http://127.0.0.1:8080;
+    }}
+
+    location /static {{
+        root /srv/vm;
+    }}
+
+    error_page 502 /502.html;
+    location = /502.html {{
+        root /srv/vm/templates;
+    }}
+
+    location = /vm-ping {{
+        add_header Content-Type text/plain;
+        return 200 "vm-pong";
+    }}
+}}
+'''
+
+ISSUE_TEMPLATE = '''
+\x1b[1;32m   _____             _   _         __      ____  __ 
+  / ____|           | | | |        \\\\ \\\\    / /  \\\\/  |
+ | (___  _ __   ___ | |_| |_ ___ _ _\\\\ \\\\  / /| \\\\  / |
+  \\\\___ \\\\| '_ \\\\ / _ \\\\| __| __/ _ \\\\ '__\\\\ \\\\/ / | |\\\\/| |
+  ____) | |_) | (_) | |_| ||  __/ |   \\\\  /  | |  | |
+ |_____/| .__/ \\\\___/ \\\\__|\\\\__\\\\___|_|    \\\\/   |_|  |_|
+        | |                                         
+        |_|\x1b[0m
+
+ \x1b[1;33mUPOZORNĚNÍ:\x1b[0m Neoprávněný přístup k tomuto zařízení je zakázán.
+ Musíte mít výslovné oprávnění k přístupu nebo konfiguraci tohoto zařízení.
+ Neoprávněné pokusy a kroky k přístupu nebo používání tohoto systému mohou mít
+ za následek občanské nebo trestní sankce.
+
+ \x1b[1;33mCAUTION:\x1b[0m Unauthozired access to this device is prohibited.
+ You must have explicit, authorized permission to access or configure this
+ device. Unauthorized attempts and actions to access or use this system may
+ result in civil or criminal penalties.
+
+
+ Pro přístup k aplikacím otevřete URL \x1b[1m{url}\x1b[0m ve Vašem
+ internetovém prohlížeči.
+
+\x1b[0;30m
+'''
+
+ACME_CRON_TEMPLATE = '''#!/bin/sh
+
+[ -x /usr/bin/acme.sh ] && /usr/bin/acme.sh --cron >/dev/null
+'''
+
+CERT_SAN = '''[ req ]
+distinguished_name = dn
+x509_extensions = ext
+[ dn ]
+[ ext ]
+subjectAltName=DNS:{domain},DNS:*.{domain}"
+'''
+
+class VMMgr:
+    def __init__(self):
+        # Load JSON configuration
+        self.conf = Config()
+        self.domain = self.conf['host']['domain']
+        self.port = self.conf['host']['port']
+
+    def update_login(self, app, login, password):
+        # Update login and password for an app in the configuration
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        if login is not None:
+            self.conf['apps'][app]['login'] = login
+        if password is not None:
+            self.conf['apps'][app]['password'] = password
+        self.conf.save()
+
+    def show_tiles(self, app):
+        # Update visibility for the app in the configuration
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        self.conf['apps'][app]['visible'] = True
+        self.conf.save()
+
+    def hide_tiles(self, app):
+        # Update visibility for the app in the configuration
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        self.conf['apps'][app]['visible'] = False
+        self.conf.save()
+
+    def start_app(self, app):
+        # Start the actual app service
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        tools.start_service(app)
+
+    def stop_app(self, app):
+        # Stop the actual app service
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        tools.stop_service(app)
+        # Stop the app service's dependencies if they are not used by another running app
+        deps = self.build_deps_tree()
+        for dep in self.get_app_deps(app):
+            if not any([tools.is_service_started(d) for d in deps[dep]]):
+                tools.stop_service(dep)
+
+    def build_deps_tree(self):
+        # Fisrt, build a dictionary of {app: [needs]}
+        needs = {}
+        for app in self.conf['apps']:
+            needs[app] = self.get_app_deps(app)
+        # Then reverse it to {need: [apps]}
+        deps = {}
+        for app, need in needs.items():
+            for n in need:
+                deps.setdefault(n, []).append(app)
+        return deps
+
+    def get_app_deps(self, app):
+        # Get "needs" line from init script and split it to list
+        try:
+            with open(os.path.join('/etc/init.d', app), 'r') as f:
+                for line in f.readlines():
+                    if line.strip().startswith('need'):
+                        return line.split()[1:]
+        except:
+            pass
+        return []
+
+    def enable_autostart(self, app):
+        # Add the app to OpenRC default runlevel
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        subprocess.run(['/sbin/rc-update', 'add', app])
+
+    def disable_autostart(self, app):
+        # Remove the app from OpenRC default runlevel
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        subprocess.run(['/sbin/rc-update', 'del', app])
+
+    def prepare_container(self):
+        # Extract the variables from values given via lxc.hook.pre-start hook
+        app = os.environ['LXC_NAME']
+        # Remove ephemeral layer data
+        tools.clean_ephemeral_layer(app)
+        # Configure host and common params used in the app
+        self.configure_app(app)
+
+    def register_container(self):
+        # Extract the variables from values given via lxc.hook.start-host hook
+        app = os.environ['LXC_NAME']
+        pid = os.environ['LXC_PID']
+        # Lease the first unused IP to the container
+        ip = tools.get_unused_ip()
+        tools.update_hosts_lease(ip, app)
+        tools.set_container_ip(pid, ip)
+
+    def unregister_container(self):
+        # Extract the variables from values given via lxc.hook.post-stop hook
+        app = os.environ['LXC_NAME']
+        # Release the container IP
+        tools.update_hosts_lease(None, app)
+        # Remove ephemeral layer data
+        tools.clean_ephemeral_layer(app)
+
+    def configure_app(self, app):
+        script = os.path.join('/srv', app, 'update-conf.sh')
+        if os.path.exists(script):
+            setup_env = os.environ.copy()
+            setup_env['DOMAIN'] = self.domain
+            setup_env['PORT'] = self.port
+            setup_env['EMAIL'] = self.conf['common']['email']
+            setup_env['GMAPS_API_KEY'] = self.conf['common']['gmaps-api-key']
+            subprocess.run([script], env=setup_env, check=True)
+
+    def register_proxy(self, app):
+        # Setup proxy configuration and reload nginx
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        with open(os.path.join(NGINX_DIR, '{}.conf'.format(app)), 'w') as f:
+            f.write(NGINX_TEMPLATE.format(app=app, host=self.conf['apps'][app]['host'], domain=self.domain, port=self.port))
+        tools.reload_nginx()
+
+    def unregister_proxy(self, app):
+        # Remove proxy configuration and reload nginx
+        if app not in self.conf['apps']:
+            raise validator.InvalidValueException('app', app)
+        os.unlink(os.path.join(NGINX_DIR, '{}.conf'.format(app)))
+        tools.reload_nginx()
+
+    def update_host(self, domain, port):
+        # Update domain and port and rebuild all configuration. Web interface calls tools.restart_nginx() in WSGI close handler
+        if not validator.is_valid_domain(domain):
+            raise validator.InvalidValueException('domain', domain)
+        if not validator.is_valid_port(port):
+            raise validator.InvalidValueException('port', port)
+        self.domain = self.conf['host']['domain'] = domain
+        self.port = self.conf['host']['port'] = port
+        self.conf.save()
+        # Restart all apps to trigger configuration refresh
+        for app in self.conf['apps']:
+            if tools.is_service_started(app):
+                tools.restart_service(app)
+        # Rebuild and restart nginx if it was requested. 
+        self.rebuild_nginx()
+
+    def rebuild_nginx(self):
+        # Rebuild nginx config for the portal app. Web interface calls tools.restart_nginx() in WSGI close handler
+        with open(os.path.join(NGINX_DIR, 'default.conf'), 'w') as f:
+            f.write(NGINX_DEFAULT_TEMPLATE.format(port=self.port))
+
+    def rebuild_issue(self):
+        # Compile the HTTPS host displayed in terminal banner
+        domain = self.domain
+        # If the dummy host is used, take an IP address of a primary interface instead
+        if domain == 'spotter.vm':
+            domain = tools.get_local_ipv4()
+            if not domain:
+                domain = tools.get_local_ipv6()
+            if not domain:
+                domain = '127.0.0.1'
+        # Rebuild the terminal banner
+        with open(ISSUE_FILE, 'w') as f:
+            f.write(ISSUE_TEMPLATE.format(url=tools.compile_url(domain, self.port)))
+
+    def update_common(self, email, gmaps_api_key):
+        # Update common configuration values
+        if email != None:
+            # Update email
+            if not validator.is_valid_email(email):
+                raise validator.InvalidValueException('email', email)
+            self.conf['common']['email'] = email
+        if gmaps_api_key != None:
+            # Update Google Maps API key
+            self.conf['common']['gmaps-api-key'] = gmaps_api_key
+        # Save config to file
+        self.conf.save()
+        for app in self.conf['apps']:
+            # Restart currently running apps in order to update their config
+            if tools.is_service_started(app):
+                tools.restart_service(app)
+
+    def update_password(self, oldpassword, newpassword):
+        # Update LUKS password and adminpwd for WSGI application
+        input = '{}\n{}'.format(oldpassword, newpassword).encode()
+        subprocess.run(['cryptsetup', 'luksChangeKey', '/dev/sda2'], input=input, check=True)
+        # Update bcrypt-hashed password in config
+        self.conf['host']['adminpwd'] = tools.adminpwd_hash(newpassword)
+        # Save config to file
+        self.conf.save()
+
+    def create_selfsigned_cert(self):
+        # Remove acme.sh cronjob
+        if os.path.exists(ACME_CRON):
+            os.unlink(ACME_CRON)
+        # Create selfsigned certificate with wildcard alternative subject name
+        with open(os.path.join(CERT_SAN_FILE), 'w') as f:
+            f.write(CERT_SAN.format(domain=self.domain))
+        subprocess.run(['openssl', 'req', '-config', CERT_SAN_FILE, '-x509', '-new', '-out', CERT_PUB_FILE, '-keyout', CERT_KEY_FILE, '-nodes', '-days', '7305', '-subj', '/CN={}'.format(self.domain)], check=True)
+        os.chmod(CERT_KEY_FILE, 0o640)
+
+    def request_acme_cert(self):
+        # Remove all possible conflicting certificates requested in the past
+        certs = [i for i in os.listdir('/etc/acme.sh.d') if i not in ('account.conf', 'ca', 'http.header')]
+        for cert in certs:
+            if cert != self.domain:
+                subprocess.run(['/usr/bin/acme.sh', '--remove', '-d', cert])
+        # Compile an acme.sh command for certificate requisition only if the certificate hasn't been requested before
+        if not os.path.exists(os.path.join('/etc/acme.sh.d', self.domain)):
+            cmd = ['/usr/bin/acme.sh', '--issue', '-d', self.domain]
+            for app in self.conf['apps']:
+                cmd += ['-d', '{}.{}'.format(self.conf['apps'][app]['host'], self.domain)]
+            cmd += ['-w', '/etc/acme.sh.d']
+            # Request the certificate
+            subprocess.run(cmd, check=True)
+        # Otherwise just try to renew
+        else:
+            # Acme.sh returns code 2 on skipped renew
+            try: 
+                subprocess.run(['/usr/bin/acme.sh', '--renew', '-d', self.domain], check=True)
+            except subprocess.CalledProcessError as e:
+                if e.returncode != 2:
+                    raise
+        # Install the issued certificate
+        subprocess.run(['/usr/bin/acme.sh', '--install-cert', '-d', self.domain, '--key-file', CERT_KEY_FILE, '--fullchain-file', CERT_PUB_FILE, '--reloadcmd', '/sbin/service nginx reload'], check=True)
+        # Install acme.sh cronjob
+        with open(ACME_CRON, 'w') as f:
+            f.write(ACME_CRON_TEMPLATE)
+
+    def install_manual_cert(self, public_file, private_file):
+        # Remove acme.sh cronjob
+        if os.path.exists(ACME_CRON):
+            os.unlink(ACME_CRON)
+        # Copy certificate files
+        shutil.copyfile(public_file, CERT_PUB_FILE)
+        shutil.copyfile(private_file, CERT_KEY_FILE)
+        os.chmod(CERT_KEY_FILE, 0o640)
+        # Reload nginx
+        tools.reload_nginx()
diff --git a/mgr/appmgr.py b/mgr/appmgr.py
new file mode 100644
index 0000000..5338097
--- /dev/null
+++ b/mgr/appmgr.py
@@ -0,0 +1,231 @@
+# -*- coding: utf-8 -*-
+
+import hashlib
+import json
+import os
+import requests
+import shutil
+import subprocess
+import time
+import uuid
+
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives.serialization import load_pem_public_key
+from threading import Lock
+
+from . import tools
+
+PUB_FILE = '/srv/vm/packages.pub'
+LXC_ROOT = '/var/lib/lxc'
+
+class ActionItem:
+    def __init__(self, action, app):
+        self.timestamp = int(time.time())
+        self.action = action
+        self.app = app
+        self.started = False
+        self.finished = False
+        self.data = None
+
+class InstallItem:
+    def __init__(self, total):
+        # Stage 0 = download, 1 = deps install, 2 = app install
+        self.stage = 0
+        self.total = total
+        self.downloaded = 0
+
+    def __str__(self):
+        # Limit the disaplyed percentage between 1 - 99 for aestethical and psychological reasons
+        return str(max(1, min(99, round(self.downloaded / self.total * 100))))
+
+class AppMgr:
+    def __init__(self, vmmgr):
+        self.vmmgr = vmmgr
+        self.conf = vmmgr.conf
+        self.online_packages = {}
+        self.action_queue = {}
+        self.lock = Lock()
+
+    def get_repo_resource(self, url, stream=False):
+        return requests.get('{}/{}'.format(self.conf['repo']['url'], url), auth=(self.conf['repo']['user'], self.conf['repo']['pwd']), stream=stream)
+
+    def fetch_online_packages(self):
+        # Fetches and verifies online packages. Can raise InvalidSignature
+        online_packages = {}
+        packages = self.get_repo_resource('packages').content
+        packages_sig = self.get_repo_resource('packages.sig').content
+        with open(PUB_FILE, 'rb') as f:
+            pub_key = load_pem_public_key(f.read(), default_backend())
+        pub_key.verify(packages_sig, packages, ec.ECDSA(hashes.SHA512()))
+        online_packages = json.loads(packages)
+        # Minimze the time when self.online_packages is out of sync
+        self.online_packages = online_packages
+
+    def enqueue_action(self, action, app):
+        # Remove actions older than 1 day
+        for id,item in self.action_queue.items():
+            if item.timestamp < time.time() - 86400:
+                del self.item[id]
+        # Enqueue action
+        id = '{}:{}'.format(app, uuid.uuid4())
+        item = ActionItem(action, app)
+        self.action_queue[id] = item
+        return id,item
+
+    def get_actions(self, ids):
+        # Return list of requested actions
+        result = {}
+        for id in ids:
+            result[id] = self.action_queue[id] if id in self.action_queue else None
+        return result
+
+    def process_action(self, id):
+        # Main method for deferred queue processing called by WSGI close handler
+        item = self.action_queue[id]
+        with self.lock:
+            item.started = True
+            try:
+                # Call the action method inside exclusive lock
+                getattr(self, item.action)(item)
+            except BaseException as e:
+                item.data = e
+            finally:
+                item.finished = True
+
+    def start_app(self, item):
+        if not tools.is_service_started(item.app):
+            self.vmmgr.start_app(item.app)
+
+    def stop_app(self, item):
+        if tools.is_service_started(item.app):
+            self.vmmgr.stop_app(item.app)
+
+    def install_app(self, item):
+        # Main installation function. Wrapper for download, registration and install script
+        deps = [d for d in self.get_install_deps(item.app) if d not in self.conf['packages']]
+        item.data = InstallItem(sum(self.online_packages[d]['size'] for d in deps))
+        for dep in deps:
+            self.download_package(dep, item.data)
+        for dep in deps:
+            item.data.stage = 2 if dep == deps[-1] else 1
+            # Purge old data before unpacking to clean previous failed installation
+            self.purge_package(dep)
+            self.unpack_package(dep)
+            # Run uninstall script before installation to clean previous failed installation
+            self.run_uninstall_script(dep)
+            self.register_package(dep)
+            self.run_install_script(dep)
+
+    def uninstall_app(self, item):
+        # Main uninstallation function. Wrapper for uninstall script, filesystem purge and unregistration
+        self.stop_app(item)
+        if tools.is_service_autostarted(item.app):
+            self.vmmgr.disable_autostart(item.app)
+        deps = self.get_install_deps(item.app, False)[::-1]
+        for dep in deps:
+            if dep not in self.get_uninstall_deps():
+                self.run_uninstall_script(dep)
+                self.purge_package(dep)
+                self.unregister_package(dep)
+
+    def download_package(self, name, installitem):
+        tmp_archive = '/tmp/{}.tar.xz'.format(name)
+        r = self.get_repo_resource('{}.tar.xz'.format(name), True)
+        with open(tmp_archive, 'wb') as f:
+            for chunk in r.iter_content(chunk_size=65536):
+                if chunk:
+                    installitem.downloaded += f.write(chunk)
+
+    def unpack_package(self, name):
+        tmp_archive = '/tmp/{}.tar.xz'.format(name)
+        # Verify hash
+        if self.online_packages[name]['sha512'] != hash_file(tmp_archive):
+            raise InvalidSignature(name)
+        # Unpack
+        subprocess.run(['tar', 'xJf', tmp_archive], cwd='/', check=True)
+        os.unlink(tmp_archive)
+
+    def purge_package(self, name):
+        # Removes package and shared data from filesystem
+        lxcpath = self.conf['packages'][name]['lxcpath'] if name in self.conf['packages'] else self.online_packages[name]['lxcpath']
+        lxc_dir = os.path.join(LXC_ROOT, lxcpath)
+        if os.path.exists(lxc_dir):
+            shutil.rmtree(lxc_dir)
+        srv_dir = os.path.join('/srv/', name)
+        if os.path.exists(srv_dir):
+            shutil.rmtree(srv_dir)
+        lxc_log = '/var/log/lxc/{}.log'.format(name)
+        if os.path.exists(lxc_log):
+            os.unlink(lxc_log)
+
+    def register_package(self, name):
+        # Registers a package in local configuration
+        metadata = self.online_packages[name]
+        self.conf['packages'][name] = {
+            'deps': metadata['deps'],
+            'lxcpath': metadata['lxcpath'],
+            'version': metadata['version']
+        }
+        # If host definition is present, register the package as application
+        if 'host' in metadata:
+            self.conf['apps'][name] = {
+                'title': metadata['title'],
+                'host': metadata['host'],
+                'login': 'N/A',
+                'password': 'N/A',
+                'visible': False
+            }
+        self.conf.save()
+
+    def unregister_package(self, name):
+        # Removes a package from local configuration
+        del self.conf['packages'][name]
+        if name in self.conf['apps']:
+            del self.conf['apps'][name]
+        self.conf.save()
+
+    def run_install_script(self, name):
+        # Runs install.sh for a package, if the script is present
+        install_dir = os.path.join('/srv/', name, 'install')
+        install_script = os.path.join('/srv/', name, 'install.sh')
+        if os.path.exists(install_script):
+            subprocess.run(install_script, check=True)
+            os.unlink(install_script)
+        if os.path.exists(install_dir):
+            shutil.rmtree(install_dir)
+
+    def run_uninstall_script(self, name):
+        # Runs uninstall.sh for a package, if the script is present
+        uninstall_script = os.path.join('/srv/', name, 'uninstall.sh')
+        if os.path.exists(uninstall_script):
+            subprocess.run(uninstall_script, check=True)
+
+    def get_install_deps(self, name, online=True):
+        # Flatten dependency tree for a package while preserving the dependency order
+        packages = self.online_packages if online else self.conf['packages']
+        deps = packages[name]['deps'].copy()
+        for dep in deps[::-1]:
+            deps[:0] = [d for d in self.get_install_deps(dep, online)]
+        deps = list(dict.fromkeys(deps + [name]))
+        return deps
+
+    def get_uninstall_deps(self):
+        # Create reverse dependency tree for all installed packages
+        deps = {}
+        for pkg in self.conf['packages']:
+            for d in self.conf['packages'][pkg]['deps']:
+                deps.setdefault(d, []).append(pkg)
+        return deps
+
+def hash_file(file_path):
+    sha512 = hashlib.sha512()
+    with open(file_path, 'rb') as f:
+        while True:
+            data = f.read(65536)
+            if not data:
+                break
+            sha512.update(data)
+    return sha512.hexdigest()
diff --git a/mgr/config.py b/mgr/config.py
new file mode 100644
index 0000000..1bf0752
--- /dev/null
+++ b/mgr/config.py
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+
+import json
+from threading import Lock
+
+CONF_FILE = '/srv/vm/config.json'
+
+class Config:
+    def __init__(self):
+        self.lock = Lock()
+        self.load()
+
+    def load(self):
+        with self.lock:
+            with open(CONF_FILE, 'r') as f:
+                self.data = json.load(f)
+
+    def save(self):
+        with self.lock:
+            with open(CONF_FILE, 'w') as f:
+                json.dump(self.data, f, sort_keys=True, indent=4)
+
+    def __getitem__(self, attr):
+        return self.data[attr]
diff --git a/mgr/tools.py b/mgr/tools.py
new file mode 100644
index 0000000..1c0e4fd
--- /dev/null
+++ b/mgr/tools.py
@@ -0,0 +1,159 @@
+# -*- coding: utf-8 -*-
+
+import bcrypt
+import dns.exception
+import dns.resolver
+import os
+import requests
+import shutil
+import socket
+import subprocess
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.x509.oid import NameOID
+
+def compile_url(domain, port, proto='https'):
+    port = '' if (proto == 'https' and  port == '443') or (proto == 'http' and port == '80') else ':{}'.format(port)
+    return '{}://{}{}'.format(proto, domain, port)
+
+def get_local_ipv4():
+    # Return first routable IPv4 address of the VM (container host)
+    try:
+        return subprocess.run(['/sbin/ip', 'route', 'get', '1'], check=True, stdout=subprocess.PIPE).stdout.decode().split()[-1]
+    except:
+        return None
+
+def get_local_ipv6():
+    # Return first routable IPv6 address of the VM (container host)
+    try:
+        return subprocess.run(['/sbin/ip', 'route', 'get', '2003::'], check=True, stdout=subprocess.PIPE).stdout.decode().split()[-3]
+    except:
+        return None
+
+def get_external_ip(family):
+    # Return external IP address of given family via 3rd party service
+    allowed_gai_family = requests.packages.urllib3.util.connection.allowed_gai_family
+    try:
+        requests.packages.urllib3.util.connection.allowed_gai_family = lambda: family
+        return requests.get('https://tools.dasm.cz/myip.php', timeout=5).text
+    except:
+        return None
+    finally:
+        requests.packages.urllib3.util.connection.allowed_gai_family = allowed_gai_family
+
+def get_external_ipv4():
+    # Return external IPv4 address
+    return get_external_ip(socket.AF_INET)
+
+def get_external_ipv6():
+    # Return external IPv6 address
+    return get_external_ip(socket.AF_INET6)
+
+resolver = dns.resolver.Resolver()
+resolver.timeout = 3
+resolver.lifetime = 3
+resolver.nameservers = ['8.8.8.8', '8.8.4.4', '2001:4860:4860::8888', '2001:4860:4860::8844']
+
+def resolve_ip(domain, type):
+    # Resolve domain name using Google Public DNS
+    try:
+        return resolver.query(domain, type)[0].address
+    except dns.exception.Timeout:
+        raise
+    except:
+        return None
+
+def ping_url(url):
+    try:
+        return requests.get('https://tools.dasm.cz/vm-ping.php', params = {'url': url}, timeout=5).text == 'vm-pong'
+    except requests.exceptions.Timeout:
+        raise
+    except:
+        return False
+
+def is_service_started(app):
+    # Check OpenRC service status without calling any binary
+    return os.path.exists(os.path.join('/run/openrc/started', app))
+
+def is_service_autostarted(app):
+    # Check OpenRC service enablement
+    return os.path.exists(os.path.join('/etc/runlevels/default', app))
+
+def start_service(service):
+    subprocess.run(['/sbin/service', service, 'start'], check=True)
+
+def stop_service(service):
+    subprocess.run(['/sbin/service', service, 'stop'], check=True)
+
+def restart_service(service):
+    subprocess.run(['/sbin/service', service, 'restart'])
+
+def reload_nginx():
+    subprocess.run(['/usr/sbin/nginx', '-s', 'reload'])
+
+def restart_nginx():
+    restart_service('nginx')
+
+def get_cert_info(cert):
+    # Gather certificate data important for setup-host
+    with open(cert, 'rb') as f:
+        cert = x509.load_pem_x509_certificate(f.read(), default_backend())
+    data = {'subject': cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value,
+            'issuer': cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value,
+            'expires': '{} UTC'.format(cert.not_valid_after),
+            'method': 'manual'}
+    if os.path.exists('/etc/periodic/daily/acme-sh'):
+        data['method'] = 'letsencrypt'
+    # This is really naive method of inferring if the cert is selfsigned and should never be used in production :)
+    elif data['subject'] == data['issuer']:
+        data['method'] = 'selfsigned'
+    return data
+
+def adminpwd_hash(password):
+    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+
+def adminpwd_verify(password, hash):
+    return bcrypt.checkpw(password.encode(), hash.encode())
+
+def shutdown_vm():
+    subprocess.run(['/sbin/poweroff'])
+
+def reboot_vm():
+    subprocess.run(['/sbin/reboot'])
+
+def get_unused_ip():
+    # This is a poor man's DHCP server which uses /etc/hosts as lease database
+    # Leases the first unused IP from range 172.17.0.0/16
+    leased = []
+    with open('/etc/hosts', 'r') as f:
+        for line in f.read().splitlines():
+            if line.startswith('172.17'):
+                ip = line.split()[0].split('.')
+                leased.append(int(ip[2]) * 256 + int(ip[3]))
+    for i in range(1, 65534):
+        if i not in leased:
+            break
+    return '172.17.{}.{}'. format(i // 256, i % 256)
+
+def update_hosts_lease(ip, app):
+    hosts = []
+    with open('/etc/hosts', 'r') as f:
+        for line in f:
+            if not line.strip().endswith(' {}'.format(app)):
+                hosts.append(line)
+    if ip:
+        hosts.append('{} {}\n'.format(ip, app))
+    with open('/etc/hosts', 'w') as f:
+        f.writelines(hosts)
+
+def set_container_ip(pid, ip):
+    # Set IP in container based on PID given via lxc.hook.start-host hook
+    cmd = 'ip addr add {}/16 broadcast 172.17.255.255 dev eth0 && ip route add default via 172.17.0.1'.format(ip)
+    subprocess.run(['nsenter', '-a', '-t', pid, '--', '/bin/sh', '-c', cmd])
+
+def clean_ephemeral_layer(app):
+    layer = os.path.join('/var/lib/lxc', app, 'delta0')
+    if os.path.exists(layer):
+        for item in os.scandir(layer):
+            shutil.rmtree(item.path) if item.is_dir() else os.unlink(item.path)
diff --git a/mgr/validator.py b/mgr/validator.py
new file mode 100644
index 0000000..14571d4
--- /dev/null
+++ b/mgr/validator.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+
+import re
+
+domain_re = re.compile(r'^(?!-)[a-z0-9-]{1,63}(?<!-)(?:\.(?!-)[a-z0-9-]{1,63}(?<!-)){0,125}\.(?!-)(?![0-9]+$)[a-z0-9-]{1,63}(?<!-)$')
+box_re = re.compile(r'^[a-z0-9!#$%&\'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&\'*+/=?^_`{|}~-]+)*$')
+
+class InvalidValueException(Exception):
+    pass
+
+def is_valid_domain(domain):
+    return bool(domain_re.match(domain))
+
+def is_valid_port(port):
+    try:
+        port = int(port)
+        return port > 0 and port < 65536
+    except:
+        return False
+
+def is_valid_email(email):
+    parts = email.split('@')
+    if len(parts) != 2:
+        return False
+    return bool(box_re.match(parts[0])) and bool(domain_re.match(parts[1]))
diff --git a/mgr/wsgiapp.py b/mgr/wsgiapp.py
new file mode 100644
index 0000000..f39fca1
--- /dev/null
+++ b/mgr/wsgiapp.py
@@ -0,0 +1,399 @@
+# -*- coding: utf-8 -*-
+
+import json
+import os
+
+from werkzeug.exceptions import BadRequest, HTTPException, NotFound
+from werkzeug.routing import Map, Rule
+from werkzeug.utils import redirect
+from werkzeug.wrappers import Request, Response
+from werkzeug.wsgi import ClosingIterator
+from jinja2 import Environment, FileSystemLoader
+
+from . import VMMgr, CERT_PUB_FILE
+from . import tools
+from .appmgr import AppMgr
+from .validator import InvalidValueException
+from .wsgilang import WSGILang
+from .wsgisession import WSGISession
+
+SESSION_KEY = os.urandom(26)
+
+class WSGIApp(object):
+    def __init__(self):
+        self.vmmgr = VMMgr()
+        self.appmgr = AppMgr(self.vmmgr)
+        self.conf = self.vmmgr.conf
+        self.jinja_env = Environment(loader=FileSystemLoader('/srv/vm/templates'), autoescape=True, lstrip_blocks=True, trim_blocks=True)
+        self.jinja_env.globals.update(is_app_visible=self.is_app_visible)
+        self.jinja_env.globals.update(is_service_autostarted=tools.is_service_autostarted)
+        self.jinja_env.globals.update(is_service_started=tools.is_service_started)
+
+    def __call__(self, environ, start_response):
+        return self.wsgi_app(environ, start_response)
+
+    def wsgi_app(self, environ, start_response):
+        request = Request(environ)
+        # Reload config in case it has changed between requests
+        self.conf.load()
+        # Enhance request
+        request.session = WSGISession(request.cookies, SESSION_KEY)
+        request.session.lang = WSGILang()
+        # Dispatch request
+        response = self.dispatch_request(request)
+        # Save session if changed
+        request.session.save(response)
+        return response(environ, start_response)
+
+    def dispatch_request(self, request):
+        adapter = self.get_url_map(request.session).bind_to_environ(request.environ)
+        try:
+            endpoint, values = adapter.match()
+            return getattr(self, endpoint)(request, **values)
+        except NotFound as e:
+            # Return custom 404 page
+            response = self.render_template('404.html', request)
+            response.status_code = 404
+            return response
+        except HTTPException as e:
+            return e
+
+    def get_url_map(self, session):
+        rules = [
+            Rule('/', endpoint='portal_view'),
+            Rule('/login', methods=['GET'], endpoint='login_view', defaults={'redirect': '/'}),
+            Rule('/login', methods=['POST'], endpoint='login_action'),
+            Rule('/logout', endpoint='logout_action')
+        ]
+        if session['admin']:
+            rules += [
+                Rule('/setup-host', endpoint='setup_host_view'),
+                Rule('/setup-apps', endpoint='setup_apps_view'),
+                Rule('/update-host', endpoint='update_host_action'),
+                Rule('/verify-dns', endpoint='verify_dns_action'),
+                Rule('/verify-https', endpoint='verify_http_action', defaults={'proto': 'https'}),
+                Rule('/verify-http', endpoint='verify_http_action', defaults={'proto': 'http'}),
+                Rule('/update-cert', endpoint='update_cert_action'),
+                Rule('/update-common', endpoint='update_common_action'),
+                Rule('/update-repo', endpoint='update_repo_action'),
+                Rule('/update-app-visibility', endpoint='update_app_visibility_action'),
+                Rule('/update-app-autostart', endpoint='update_app_autostart_action'),
+                Rule('/start-app', endpoint='start_app_action'),
+                Rule('/stop-app', endpoint='stop_app_action'),
+                Rule('/install-app', endpoint='install_app_action'),
+                Rule('/get-progress', endpoint='get_progress_action'),
+                Rule('/uninstall-app', endpoint='uninstall_app_action'),
+                Rule('/update-password', endpoint='update_password_action'),
+                Rule('/shutdown-vm', endpoint='shutdown_vm_action'),
+                Rule('/reboot-vm', endpoint='reboot_vm_action'),
+            ]
+        else:
+            rules += [
+                Rule('/setup-host', endpoint='login_view', defaults={'redirect': '/setup-host'}),
+                Rule('/setup-apps', endpoint='login_view', defaults={'redirect': '/setup-apps'}),
+            ]
+        return Map(rules)
+
+    def render_template(self, template_name, request, **context):
+        # Enhance context
+        context['conf'] = self.conf
+        context['session'] = request.session
+        # Render template
+        t = self.jinja_env.get_template(template_name)
+        return Response(t.render(context), mimetype='text/html')
+
+    def render_json(self, data):
+        return Response(json.dumps(data), mimetype='application/json')
+
+    def login_view(self, request, **kwargs):
+        return self.render_template('login.html', request, redirect=kwargs['redirect'])
+
+    def login_action(self, request):
+        password = request.form['password']
+        redir_url = request.form['redirect']
+        if tools.adminpwd_verify(password, self.conf['host']['adminpwd']):
+            request.session['admin'] = True
+            return redirect(redir_url)
+        else:
+            return self.render_template('login.html', request, message=request.session.lang.bad_password())
+
+    def logout_action(self, request):
+        request.session.reset()
+        return redirect('/')
+
+    def portal_view(self, request):
+        # Default portal view. If this is the first run, perform first-run setup.
+        if self.conf['host']['firstrun']:
+            # Set user as admin
+            request.session['admin'] = True
+            # Disable and save first-run flag
+            self.conf['host']['firstrun'] = False
+            self.conf.save()
+            # Redirect to host setup view
+            return redirect('/setup-host')
+        host = tools.compile_url(self.conf['host']['domain'], self.conf['host']['port'])[8:]
+        if request.session['admin']:
+            return self.render_template('portal-admin.html', request, host=host)
+        return self.render_template('portal-user.html', request, host=host)
+
+    def setup_host_view(self, request):
+        # Host setup view.
+        ex_ipv4 = tools.get_external_ipv4()
+        ex_ipv6 = tools.get_external_ipv6()
+        in_ipv4 = tools.get_local_ipv4()
+        in_ipv6 = tools.get_local_ipv6()
+        cert_info = tools.get_cert_info(CERT_PUB_FILE)
+        return self.render_template('setup-host.html', request, ex_ipv4=ex_ipv4, ex_ipv6=ex_ipv6, in_ipv4=in_ipv4, in_ipv6=in_ipv6, cert_info=cert_info)
+
+    def setup_apps_view(self, request):
+        # Application manager view.
+        try:
+            self.appmgr.fetch_online_packages()
+        except:
+            pass
+        all_apps = sorted(set([k for k,v in self.appmgr.online_packages.items() if 'host' in v] + list(self.conf['apps'].keys())))
+        return self.render_template('setup-apps.html', request, all_apps=all_apps, online_packages=self.appmgr.online_packages)
+
+    def render_setup_apps_row(self, request, app, app_title, item):
+        lang = request.session.lang
+        actions = '<div class="loader"></div>'
+        if item.action == 'start_app':
+            if not item.started:
+                status = 'Spouští se (ve frontě)'
+            elif not item.finished:
+                status = 'Spouští se'
+            elif isinstance(item.data, BaseException):
+                status = '<span class="error">{}</span>'.format(lang.stop_start_error())
+            else:
+                status = '<span class="info">Spuštěna</span>'
+                actions = '<a href="#" class="app-stop">Zastavit</a>'
+        elif item.action == 'stop_app':
+            if not item.started:
+                status = 'Zastavuje se (ve frontě)'
+            elif not item.finished:
+                status = 'Zastavuje se'
+            elif isinstance(item.data, BaseException):
+                status = '<span class="error">{}</span>'.format(lang.stop_start_error())
+            else:
+                status = '<span class="error">Zastavena</span>'
+                actions = '<a href="#" class="app-start">Spustit</a>, <a href="#" class="app-uninstall">Odinstalovat</a>'
+        elif item.action == 'install_app':
+            if not item.started:
+                status = 'Stahuje se (ve frontě)'
+            elif not item.finished:
+                if item.data.stage == 0:
+                    status = 'Stahuje se ({} %)'.format(item.data)
+                elif item.data.stage == 1:
+                    status = 'Instalují se závislosti'
+                else:
+                    status = 'Instaluje se'
+            elif isinstance(item.data, BaseException):
+                status = '<span class="error">{}</span>'.format(lang.package_manager_error())
+            else:
+                status = '<span class="error">Zastavena</span>'
+                actions = '<a href="#" class="app-start">Spustit</a>, <a href="#" class="app-uninstall">Odinstalovat</a>'
+        elif item.action == 'uninstall_app':
+            if not item.started:
+                status = 'Odinstalovává se (ve frontě)'
+            elif not item.finished:
+                status = 'Odinstalovává se'
+            elif isinstance(item.data, BaseException):
+                status = '<span class="error">{}</span>'.format(lang.package_manager_error())
+            else:
+                status = 'Není nainstalována'
+                actions = '<a href="#" class="app-install">Instalovat</a>'
+        is_error = isinstance(item.data, BaseException)
+        t = self.jinja_env.get_template('setup-apps-row.html')
+        return t.render({'conf': self.conf, 'session': request.session, 'app': app, 'app_title': app_title, 'status': status, 'actions': actions, 'is_error': is_error})
+
+    def update_host_action(self, request):
+        # Update domain and port, then restart nginx
+        try:
+            domain = request.form['domain']
+            port = request.form['port']
+            self.vmmgr.update_host(domain, port)
+            server_name = request.environ['HTTP_X_FORWARDED_SERVER_NAME']
+            url = '{}/setup-host'.format(tools.compile_url(server_name, port))
+            response = self.render_json({'ok': request.session.lang.host_updated(url, url)})
+            response.call_on_close(tools.restart_nginx)
+            return response
+        except BadRequest:
+            return self.render_json({'error': request.session.lang.malformed_request()})
+        except InvalidValueException as e:
+            if e.args[0] == 'domain':
+                return self.render_json({'error': request.session.lang.invalid_domain(domain)})
+            if e.args[0] == 'port':
+                return self.render_json({'error': request.session.lang.invalid_port(port)})
+
+    def verify_dns_action(self, request):
+        # Check if all FQDNs for all applications are resolvable and point to current external IP
+        domains = [self.vmmgr.domain]+['{}.{}'.format(self.conf['apps'][app]['host'], self.vmmgr.domain) for app in self.conf['apps']]
+        ipv4 = tools.get_external_ipv4()
+        ipv6 = tools.get_external_ipv6()
+        for domain in domains:
+            try:
+                a = tools.resolve_ip(domain, 'A')
+                aaaa = tools.resolve_ip(domain, 'AAAA')
+                if not a and not aaaa:
+                    return self.render_json({'error': request.session.lang.dns_record_does_not_exist(domain)})
+                if a and a != ipv4:
+                    return self.render_json({'error': request.session.lang.dns_record_mismatch(domain, a, ipv4)})
+                if aaaa and aaaa != ipv6:
+                    return self.render_json({'error': request.session.lang.dns_record_mismatch(domain, aaaa, ipv6)})
+            except:
+                return self.render_json({'error': request.session.lang.dns_timeout()})
+        return self.render_json({'ok': request.session.lang.dns_records_ok()})
+
+    def verify_http_action(self, request, **kwargs):
+        # Check if all applications are accessible from the internet using 3rd party ping service
+        proto = kwargs['proto']
+        port = self.vmmgr.port if proto == 'https' else '80'
+        domains = [self.vmmgr.domain]+['{}.{}'.format(self.conf['apps'][app]['host'], self.vmmgr.domain) for app in self.conf['apps']]
+        for domain in domains:
+            url = tools.compile_url(domain, port, proto)
+            try:
+                if not tools.ping_url(url):
+                    return self.render_json({'error': request.session.lang.http_host_not_reachable(url)})
+            except:
+                    return self.render_json({'error': request.session.lang.http_timeout()})
+        return self.render_json({'ok': request.session.lang.http_hosts_ok(port)})
+
+    def update_cert_action(self, request):
+        # Update certificate - either request via Let's Encrypt or manually upload files
+        try:
+            if request.form['method'] not in ['selfsigned', 'automatic', 'manual']:
+                raise BadRequest()
+            if request.form['method'] == 'selfsigned':
+                self.vmmgr.create_selfsigned_cert()
+            elif request.form['method'] == 'automatic':
+                self.vmmgr.request_acme_cert()
+            else:
+                if not request.files['public']:
+                    return self.render_json({'error': request.session.lang.cert_file_missing()})
+                if not request.files['private']:
+                    return self.render_json({'error': request.session.lang.key_file_missing()})
+                request.files['public'].save('/tmp/public.pem')
+                request.files['private'].save('/tmp/private.pem')
+                self.vmmgr.install_manual_cert('/tmp/public.pem', '/tmp/private.pem')
+                os.unlink('/tmp/public.pem')
+                os.unlink('/tmp/private.pem')
+        except BadRequest:
+            return self.render_json({'error': request.session.lang.malformed_request()})
+        except:
+            return self.render_json({'error': request.session.lang.cert_request_error()})
+        url = tools.compile_url(self.vmmgr.domain, self.vmmgr.port)
+        return self.render_json({'ok': request.session.lang.cert_installed(url, url)})
+
+    def update_common_action(self, request):
+        # Update common settings shared between apps - admin e-mail address, Google Maps API key
+        try:
+            self.vmmgr.update_common(request.form['email'], request.form['gmaps-api-key'])
+        except BadRequest:
+            return self.render_json({'error': request.session.lang.malformed_request()})
+        return self.render_json({'ok': request.session.lang.common_updated()})
+
+    def update_repo_action(self, request):
+        # Update repository URL and credentials
+        try:
+            self.conf['repo']['url'] = request.form['repourl']
+            self.conf['repo']['user'] = request.form['repousername']
+            self.conf['repo']['pwd'] = request.form['repopassword']
+            self.conf.save()
+        except:
+            pass
+        return redirect('/setup-apps')
+
+    def update_app_visibility_action(self, request):
+        # Update application visibility on portal page
+        try:
+            if request.form['value'] == 'true':
+                self.vmmgr.show_tiles(request.form['app'])
+            else:
+                self.vmmgr.hide_tiles(request.form['app'])
+        except (BadRequest, InvalidValueException):
+            return self.render_json({'error': request.session.lang.malformed_request()})
+        return self.render_json({'ok': 'ok'})
+
+    def update_app_autostart_action(self, request):
+        # Update value determining if the app should be automatically started after VM boot
+        try:
+            if request.form['value'] == 'true':
+                self.vmmgr.enable_autostart(request.form['app'])
+            else:
+                self.vmmgr.disable_autostart(request.form['app'])
+        except (BadRequest, InvalidValueException):
+            return self.render_json({'error': request.session.lang.malformed_request()})
+        return self.render_json({'ok': 'ok'})
+
+    def enqueue_action(self, request, action):
+        try:
+            app = request.form['app']
+        except BadRequest:
+            return self.render_json({'error': request.session.lang.malformed_request()})
+        app_title = self.conf['apps'][app]['title'] if app in self.conf['apps'] else self.appmgr.online_packages[app]['title']
+        id,item = self.appmgr.enqueue_action(action, app)
+        response = self.render_json({'html': self.render_setup_apps_row(request, app, app_title, item), 'id': id})
+        response.call_on_close(lambda: self.appmgr.process_action(id))
+        return response
+
+    def start_app_action(self, request):
+        # Queues application start along with its dependencies
+        return self.enqueue_action(request, 'start_app')
+
+    def stop_app_action(self, request):
+        # Queues application stop along with its dependencies
+        return self.enqueue_action(request, 'stop_app')
+
+    def install_app_action(self, request):
+        # Queues application installation
+        return self.enqueue_action(request, 'install_app')
+
+    def uninstall_app_action(self, request):
+        # Queues application uninstallation
+        return self.enqueue_action(request, 'uninstall_app')
+
+    def get_progress_action(self, request):
+        # Gets appmgr queue status for given ids
+        json = {}
+        try:
+            ids = request.form.getlist('ids[]')
+        except BadRequest:
+            return self.render_json({'error': request.session.lang.malformed_request()})
+        actions = self.appmgr.get_actions(ids)
+        for id,item in actions.items():
+            app = item.app
+            # In case of installation error, we need to get the name from online_packages as the app is not yet registered
+            app_title = self.conf['apps'][app]['title'] if app in self.conf['apps'] else self.appmgr.online_packages[app]['title']
+            json[id] = {'html': self.render_setup_apps_row(request, app, app_title, item), 'last': item.finished}
+        return self.render_json(json)
+
+    def update_password_action(self, request):
+        # Updates password for both HDD encryption (LUKS-on-LVM) and web interface admin account
+        try:
+            if request.form['newpassword'] != request.form['newpassword2']:
+                return self.render_json({'error': request.session.lang.password_mismatch()})
+            if request.form['newpassword'] == '':
+                return self.render_json({'error': request.session.lang.password_empty()})
+            # No need to explicitly validate old password, update_luks_password will raise exception if it's wrong
+            self.vmmgr.update_password(request.form['oldpassword'], request.form['newpassword'])
+        except:
+            return self.render_json({'error': request.session.lang.bad_password()})
+        return self.render_json({'ok': request.session.lang.password_changed()})
+
+    def reboot_vm_action(self, request):
+        # Reboots VM
+        response = self.render_json({'ok': request.session.lang.reboot_initiated()})
+        response.call_on_close(tools.reboot_vm)
+        return response
+
+    def shutdown_vm_action(self, request):
+        # Shuts down VM
+        response = self.render_json({'ok': request.session.lang.shutdown_initiated()})
+        response.call_on_close(tools.shutdown_vm)
+        return response
+
+    def is_app_visible(self, app):
+        return app in self.conf['apps'] and self.conf['apps'][app]['visible'] and tools.is_service_started(app)
+
+class InvalidRecordException(Exception):
+    pass
diff --git a/mgr/wsgilang.py b/mgr/wsgilang.py
new file mode 100644
index 0000000..8785643
--- /dev/null
+++ b/mgr/wsgilang.py
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+
+class WSGILang:
+    lang = {
+        'malformed_request': 'Byl zaslán chybný požadavek. Obnovte stránku a zkuste akci zopakovat.',
+        'invalid_domain': 'Zadaný doménový název "{}" není platný.',
+        'invalid_port': 'Zadaný port "{}" není platný.',
+        'host_updated': 'Nastavení hostitele bylo úspěšně změněno. Přejděte na URL <a href="{}">{}</a> a pokračujte následujícími kroky.',
+        'dns_record_does_not_exist': 'DNS záznam pro název "{}" neexistuje.',
+        'dns_record_mismatch': 'DNS záznam pro název "{}" směřuje na IP {} místo očekávané {}.',
+        'dns_timeout': 'Nepodařilo se kontaktovat DNS server. Zkontrolujte, zda má virtuální stroj přístup k internetu.',
+        'dns_records_ok': 'DNS záznamy jsou nastaveny správně.',
+        'http_host_not_reachable': 'Adresa {} není dostupná z internetu. Zkontrolujte nastavení síťových komponent.',
+        'http_timeout': 'Nepodařilo se kontaktovat ping server. Zkontrolujte, zda má virtuální stroj přístup k internetu.',
+        'http_hosts_ok': 'Síť je nastavena správně. Všechny aplikace na portu {} jsou z internetu dostupné.',
+        'cert_file_missing': 'Nebyl vybrán soubor s certifikátem.',
+        'key_file_missing': 'Nebyl vybrán soubor se soukromým klíčem.',
+        'cert_request_error': 'Došlo k chybě při žádosti o certifikát. Zkontrolujte, zda je virtuální stroj dostupný z internetu na portu 80.',
+        'cert_installed': 'Certifikát byl úspěšně nainstalován. Přejděte na URL <a href="{}">{}</a> nebo restartujte webový prohlížeč pro jeho načtení.',
+        'common_updated': 'Nastavení aplikací bylo úspěšně změněno.',
+        'stop_start_error': 'Došlo k chybě při spouštění/zastavování. Zkuste akci opakovat nebo restartuje virtuální stroj.',
+        'installation_in_progress': 'Probíhá instalace jiného balíku. Vyčkejte na její dokončení.',
+        'package_manager_error': 'Došlo k chybě při instalaci aplikace. Zkuste akci opakovat nebo restartuje virtuální stroj.',
+        'bad_password': 'Nesprávné heslo',
+        'password_mismatch': 'Zadaná hesla se neshodují',
+        'password_empty': 'Nové heslo nesmí být prázdné',
+        'password_changed': 'Heslo úspěšně změněno',
+        'reboot_initiated': 'Příkaz odeslán. Vyčkejte na restartování virtuálního stroje.',
+        'shutdown_initiated': 'Příkaz odeslán. Vyčkejte na vypnutí virtuálního stroje.',
+    }
+
+    def __getattr__(self, key):
+        def function(*args):
+            return self.lang[key].format(*args)
+        return function
diff --git a/mgr/wsgisession.py b/mgr/wsgisession.py
new file mode 100644
index 0000000..938ba06
--- /dev/null
+++ b/mgr/wsgisession.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+
+from werkzeug.contrib.securecookie import SecureCookie
+
+class WSGISession:
+    def __init__(self, cookies, secret_key):
+        self.secret_key = secret_key
+        data = cookies.get('session')
+        if data:
+            self.sc = SecureCookie.unserialize(data, secret_key)
+        else:
+            self.reset()
+        if 'admin' not in self.sc:
+            self.reset()
+
+    def __getitem__(self, key):
+        return self.sc.__getitem__(key)
+    def __setitem__(self, key, value):
+        return self.sc.__setitem__(key, value)
+    def __delitem__(self, key):
+        return self.sc.__delitem__(key)
+    def __contains__(self, key):
+        return self.sc.__contains__(key)
+
+    def reset(self):
+        self.sc = SecureCookie(secret_key=self.secret_key)
+        self.sc['admin'] = False
+
+    def save(self, response):
+        if self.sc.should_save:
+            data = self.sc.serialize()
+            response.set_cookie('session', data, httponly=True)
diff --git a/packages.pub b/packages.pub
new file mode 100644
index 0000000..60532d9
--- /dev/null
+++ b/packages.pub
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEWJXH4Qm0kt2L86sntQH+C1zOJNQ0qMRt
+0vx4krTxRs9HQTQYAy//JC92ea2aKleA8OL0JF90b1NYXcQCWdAS+vE/ng9IEAii
+8C2+5nfuFeZ5YUjbQhfFblwHSM0c7hEG
+-----END PUBLIC KEY-----
diff --git a/static/css/style.css b/static/css/style.css
new file mode 100644
index 0000000..7ec9407
--- /dev/null
+++ b/static/css/style.css
@@ -0,0 +1,200 @@
+body {
+    font-family: 'Calibri', 'Verdana', 'Tahoma', sans-serif;
+    background-color: #bbb;
+    color: #000;
+    line-height: 150%;
+    margin: 25px 30px;
+}
+
+a {
+    color: #06f;
+    text-decoration: none;
+}
+
+img {
+    border: 0px;
+}
+
+nav {
+    float: right;
+}
+
+nav #menu-button {
+    float: right;
+    cursor: pointer;
+}
+
+nav #menu-button div {
+    width: 24px;
+    height: 4px;
+    background-color: #fff;
+    border: 1px solid #000;
+    margin: 2px 0px;
+}
+
+nav ul {
+    display: none;
+    list-style: none;
+    border: 1px solid #000;
+    margin: 26px 0px 0px 0px;
+    position: absolute;
+    background-color: #fff;
+    padding: 10px;
+    right: 30px;
+    z-index: 1;
+}
+
+nav a {
+    display: block;
+}
+
+h1, h2 {
+    font-size: 150%;
+}
+
+header {
+    color: #fff;
+}
+
+header h1,
+header p,
+.portal-box p {
+    padding: 0px;
+    margin: 0px;
+}
+
+.portal-box,
+.setup-box {
+    background-color: #fff;
+    margin-top: 13px;
+    border: solid 1px #000;
+    padding: 10px;
+}
+
+.portal-box {
+    position: relative;
+    margin-right: 13px;
+    width: 365px;
+    float: left;
+    height: 175px;
+}
+
+.portal-box h2 {
+    margin: 0px;
+    font-weight: normal;
+}
+
+.portal-box h2 a {
+    color: inherit;
+}
+
+.portal-box h2 img {
+    float: right;
+    margin-left: 10px;
+    margin-bottom:10px;
+    width: 100px;
+    height: 100px;
+}
+
+.portal-box ul {
+    margin: 0px;
+    padding-left: 30px;
+}
+
+.portal-box:last-child:after {
+    clear: both;
+}
+
+.portal-box-double-width {
+    width: 765px;
+}
+
+.ico {
+    margin-right: 5px;
+    width: 20px;
+    height: 20px;
+    vertical-align: top;
+}
+
+.setup-box h2 {
+    margin-top: 0px;
+}
+
+.setup-box input[type="text"],
+.setup-box input[type="password"],
+.setup-box input[type="submit"],
+.setup-box input[type="button"],
+.setup-box input[type="file"],
+.setup-box select {
+    box-sizing: border-box;
+    width: 180px;
+}
+
+.setup-box table {
+    border-collapse: collapse;
+}
+
+.setup-box thead {
+    font-weight: bold;
+}
+
+.setup-box td {
+    padding: 1px 10px;
+    vertical-align: top;
+}
+
+.setup-box td:first-child {
+    white-space: nowrap;
+}
+
+.setup-box td.remark {
+    color: #999;
+    font-size: 80%;
+    font-style: italic;
+    line-height: 125%;
+    padding-top: 5px;
+}
+
+#app-manager {
+    table-layout: fixed;
+}
+
+.center {
+    text-align: center;
+}
+
+.error {
+    color: #c00;
+    font-weight: bold;
+}
+
+.info {
+    color: #090;
+    font-weight: bold;
+}
+
+.loader-wrap {
+    display: none;
+}
+
+.loader-wrap span:after {
+    clear: both;
+    content: '';
+    display: table;
+}
+
+.loader {
+    float: left;
+    width: 14px;
+    height: 14px;
+    border: 5px solid #eee;
+    border-top: 5px solid #fa3;
+    border-radius: 50%;
+    margin-right: 5px;
+    animation: spin 1s linear infinite;
+}
+
+@keyframes spin {
+    0% { transform: rotate(0deg); }
+    100% { transform: rotate(360deg); }
+}
diff --git a/static/img/CAP.png b/static/img/CAP.png
new file mode 100644
index 0000000..e8eb9f4
Binary files /dev/null and b/static/img/CAP.png differ
diff --git a/static/img/CKAN.png b/static/img/CKAN.png
new file mode 100644
index 0000000..77cfb7e
Binary files /dev/null and b/static/img/CKAN.png differ
diff --git a/static/img/CTS.png b/static/img/CTS.png
new file mode 100644
index 0000000..9bd35f4
Binary files /dev/null and b/static/img/CTS.png differ
diff --git a/static/img/Cluster_Spotter.png b/static/img/Cluster_Spotter.png
new file mode 100644
index 0000000..dc32e20
Binary files /dev/null and b/static/img/Cluster_Spotter.png differ
diff --git a/static/img/Crisis_Cleanup.png b/static/img/Crisis_Cleanup.png
new file mode 100644
index 0000000..6979185
Binary files /dev/null and b/static/img/Crisis_Cleanup.png differ
diff --git a/static/img/Diaspora.png b/static/img/Diaspora.png
new file mode 100644
index 0000000..ec88dca
Binary files /dev/null and b/static/img/Diaspora.png differ
diff --git a/static/img/EDEN.png b/static/img/EDEN.png
new file mode 100644
index 0000000..6fd72a1
Binary files /dev/null and b/static/img/EDEN.png differ
diff --git a/static/img/FrontlineSMS.png b/static/img/FrontlineSMS.png
new file mode 100644
index 0000000..de2b91b
Binary files /dev/null and b/static/img/FrontlineSMS.png differ
diff --git a/static/img/FrontlineSync.png b/static/img/FrontlineSync.png
new file mode 100644
index 0000000..9c6ad76
Binary files /dev/null and b/static/img/FrontlineSync.png differ
diff --git a/static/img/GNU_Health.png b/static/img/GNU_Health.png
new file mode 100644
index 0000000..779ca5a
Binary files /dev/null and b/static/img/GNU_Health.png differ
diff --git a/static/img/GeoODK_Collect.png b/static/img/GeoODK_Collect.png
new file mode 100644
index 0000000..8f0831d
Binary files /dev/null and b/static/img/GeoODK_Collect.png differ
diff --git a/static/img/Kanboard.png b/static/img/Kanboard.png
new file mode 100644
index 0000000..969bad6
Binary files /dev/null and b/static/img/Kanboard.png differ
diff --git a/static/img/MifosX.png b/static/img/MifosX.png
new file mode 100644
index 0000000..29ceb11
Binary files /dev/null and b/static/img/MifosX.png differ
diff --git a/static/img/MifosX_Mobile.png b/static/img/MifosX_Mobile.png
new file mode 100644
index 0000000..5c06ab9
Binary files /dev/null and b/static/img/MifosX_Mobile.png differ
diff --git a/static/img/Motech.png b/static/img/Motech.png
new file mode 100644
index 0000000..55636a8
Binary files /dev/null and b/static/img/Motech.png differ
diff --git a/static/img/ODK.png b/static/img/ODK.png
new file mode 100644
index 0000000..3d48ef5
Binary files /dev/null and b/static/img/ODK.png differ
diff --git a/static/img/ODK_Collect.png b/static/img/ODK_Collect.png
new file mode 100644
index 0000000..4862290
Binary files /dev/null and b/static/img/ODK_Collect.png differ
diff --git a/static/img/OMK.png b/static/img/OMK.png
new file mode 100644
index 0000000..fdaa652
Binary files /dev/null and b/static/img/OMK.png differ
diff --git a/static/img/OpenID.png b/static/img/OpenID.png
new file mode 100644
index 0000000..8263f07
Binary files /dev/null and b/static/img/OpenID.png differ
diff --git a/static/img/POSM.png b/static/img/POSM.png
new file mode 100644
index 0000000..0ed788e
Binary files /dev/null and b/static/img/POSM.png differ
diff --git a/static/img/Pandora.png b/static/img/Pandora.png
new file mode 100644
index 0000000..3eb5771
Binary files /dev/null and b/static/img/Pandora.png differ
diff --git a/static/img/PostGIS.png b/static/img/PostGIS.png
new file mode 100644
index 0000000..6e01af3
Binary files /dev/null and b/static/img/PostGIS.png differ
diff --git a/static/img/SMS_Sync.png b/static/img/SMS_Sync.png
new file mode 100644
index 0000000..8084f12
Binary files /dev/null and b/static/img/SMS_Sync.png differ
diff --git a/static/img/SeedDMS.png b/static/img/SeedDMS.png
new file mode 100644
index 0000000..aec78d5
Binary files /dev/null and b/static/img/SeedDMS.png differ
diff --git a/static/img/Sigmah.png b/static/img/Sigmah.png
new file mode 100644
index 0000000..8b07dbe
Binary files /dev/null and b/static/img/Sigmah.png differ
diff --git a/static/img/Ushahidi.png b/static/img/Ushahidi.png
new file mode 100644
index 0000000..e568cbe
Binary files /dev/null and b/static/img/Ushahidi.png differ
diff --git a/static/img/Ushahidi_mobile.png b/static/img/Ushahidi_mobile.png
new file mode 100644
index 0000000..6a29201
Binary files /dev/null and b/static/img/Ushahidi_mobile.png differ
diff --git a/static/img/icons/Android.png b/static/img/icons/Android.png
new file mode 100644
index 0000000..f974b23
Binary files /dev/null and b/static/img/icons/Android.png differ
diff --git a/static/img/icons/Java.png b/static/img/icons/Java.png
new file mode 100644
index 0000000..196c11e
Binary files /dev/null and b/static/img/icons/Java.png differ
diff --git a/static/img/icons/Linux.png b/static/img/icons/Linux.png
new file mode 100644
index 0000000..5a79ac9
Binary files /dev/null and b/static/img/icons/Linux.png differ
diff --git a/static/img/icons/MacOS.png b/static/img/icons/MacOS.png
new file mode 100644
index 0000000..5bfe192
Binary files /dev/null and b/static/img/icons/MacOS.png differ
diff --git a/static/img/icons/Windows.png b/static/img/icons/Windows.png
new file mode 100644
index 0000000..0fc7e3f
Binary files /dev/null and b/static/img/icons/Windows.png differ
diff --git a/static/img/icons/iOS.png b/static/img/icons/iOS.png
new file mode 100644
index 0000000..69f5429
Binary files /dev/null and b/static/img/icons/iOS.png differ
diff --git a/static/js/admin.js b/static/js/admin.js
new file mode 100644
index 0000000..1aaa527
--- /dev/null
+++ b/static/js/admin.js
@@ -0,0 +1,229 @@
+var action_queue = [];
+
+$(function() {
+    $('#update-host').on('submit', update_host);
+    $('#verify-dns').on('click', verify_dns);
+    $('#verify-https').on('click', verify_https);
+    $('#verify-http').on('click', verify_http);
+    $('#cert-method').on('change', toggle_cert_method);
+    $('#update-cert').on('submit', update_cert);
+    $('#update-common').on('submit', update_common);
+    $('#app-manager')
+        .on('click', '.app-visible', update_app_visibility)
+        .on('click', '.app-autostart', update_app_autostart)
+        .on('click', '.app-start', start_app)
+        .on('click', '.app-stop', stop_app)
+        .on('click', '.app-install', install_app)
+        .on('click', '.app-uninstall', uninstall_app);
+    $('#update-password').on('submit', update_password);
+    $('#reboot-vm').on('click', reboot_vm);
+    $('#shutdown-vm').on('click', shutdown_vm);
+    window.setInterval(check_progress, 1000);
+});
+
+function update_host() {
+    $('#host-submit').hide();
+    $('#host-message').hide();
+    $('#host-wait').show();
+    $.post('/update-host', {'domain': $('#domain').val(), 'port': $('#port').val()}, function(data) {
+        $('#host-wait').hide();
+        if (data.error) {
+            $('#host-message').attr('class','error').html(data.error).show();
+            $('#host-submit').show();
+        } else {
+            $('#host-message').attr('class','info').html(data.ok).show();
+            $('input').prop('disabled', true);
+            $('.setup-box').slice(1).css('opacity', '0.5');
+        }
+    });
+    return false;
+}
+
+function verify_dns() {
+    $('#verify-dns').hide();
+    $('#dns-message').hide();
+    $('#dns-wait').show();
+    $.get('/verify-dns', function(data) {
+        $('#dns-wait').hide();
+        if (data.error) {
+            $('#dns-message').attr('class','error').html(data.error).show();
+            $('#verify-dns').show();
+        } else {
+            $('#dns-message').attr('class','info').html(data.ok).show();
+        }
+    });
+    return false;
+}
+
+function _verify_http(proto) {
+    $('#verify-'+proto).hide();
+    $('#'+proto+'-message').hide();
+    $('#'+proto+'-wait').show();
+    $.get('/verify-' + proto, function(data) {
+        $('#'+proto+'-wait').hide();
+        if (data.error) {
+            $('#'+proto+'-message').attr('class','error').html(data.error).show();
+            $('#verify-'+proto).show();
+        } else {
+            $('#'+proto+'-message').attr('class','info').html(data.ok).show();
+        }
+    });
+    return false;
+}
+
+function verify_http() {
+    return _verify_http('http');
+}
+
+function verify_https() {
+    return _verify_http('https');
+}
+
+function toggle_cert_method() {
+    if ($('#cert-method').val() == 'manual') {
+        $('.cert-upload').show();
+    } else {
+        $('.cert-upload').hide();
+    }
+}
+
+function update_cert() {
+    $('#cert-submit').hide();
+    $('#cert-message').hide();
+    $('#cert-wait').show();
+    $.ajax({url: '/update-cert', type: 'POST', data: new FormData($('#update-cert')[0]), cache: false, contentType: false, processData: false, success: function(data) {
+        $('#cert-wait').hide();
+        if (data.error) {
+            $('#cert-message').attr('class','error').html(data.error).show();
+            $('#cert-submit').show();
+        } else {
+            $('#cert-message').attr('class','info').html(data.ok).show();
+        }
+    }});
+    return false;
+}
+
+function update_common() {
+    $('#common-submit').hide();
+    $('#common-message').hide();
+    $('#common-wait').show();
+    $.post('/update-common', {'email': $('#email').val(), 'gmaps-api-key': $('#gmaps-api-key').val()}, function(data) {
+        $('#common-wait').hide();
+        if (data.error) {
+            $('#common-message').attr('class','error').html(data.error).show();
+            $('#common-submit').show();
+        } else {
+            $('#common-message').attr('class','info').html(data.ok).show();
+            $('#common-submit').show();
+        }
+    });
+    return false;
+}
+
+function _update_app(item, ev) {
+    var el = $(ev.target);
+    var app = el.closest('tr').data('app');
+    var value = el.is(':checked') ? 'true' : '';
+    $.post('/update-app-'+item, {'app': app, 'value': value}, function(data) {
+        if (data.error) {
+            el.prop('checked', !value);
+            alert(data.error);
+        }
+    });
+}
+
+function update_app_visibility(ev) {
+    return _update_app('visibility', ev);
+}
+
+function update_app_autostart(ev) {
+    return _update_app('autostart', ev);
+}
+
+function _do_app(action, ev) {
+    var el = $(ev.target);
+    var tr = el.closest('tr');
+    var td = el.closest('td');
+    td.html('<div class="loader"></div>');
+    $.post('/'+action+'-app', {'app': tr.data('app')}, function(data) {
+        if (data.error) {
+            td.attr('class','error').html(data.error);
+        } else if (action) {
+            tr.html(data.html);
+            action_queue.push(data.id);
+        }
+    });
+    return false;
+}
+
+function start_app(ev) {
+    return _do_app('start', ev);
+}
+
+function stop_app(ev) {
+    return _do_app('stop', ev);
+}
+
+function install_app(ev) {
+    return _do_app('install', ev);
+}
+
+function uninstall_app(ev) {
+    var app = $(ev.target).closest('tr').children().first().text()
+    if (confirm('Opravdu chcete odinstalovat aplikaci '+app+'?')) {
+        return _do_app('uninstall', ev);
+    }
+    return false;
+}
+
+function check_progress() {
+    if (action_queue.length) {
+        $.post('/get-progress', {'ids': action_queue}, function(data) {
+            for (id in data) {
+                var app = id.split(':')[0];
+                $('#app-manager tr[data-app="'+app+'"]').html(data[id].html);
+                if (data[id].last) {
+                    action_queue = action_queue.filter(function(item) { 
+                        return item !== id
+                    });
+                }
+            }
+        });
+    }
+}
+
+function update_password() {
+    $('#password-submit').hide();
+    $('#password-message').hide();
+    $('#password-wait').show();
+    $.post('/update-password', {'oldpassword': $('#oldpassword').val(), 'newpassword': $('#newpassword').val(), 'newpassword2': $('#newpassword2').val()}, function(data) {
+        $('#password-wait').hide();
+        if (data.error) {
+            $('#password-message').attr('class','error').html(data.error).show();
+            $('#password-submit').show();
+        } else {
+            $('#password-message').attr('class','info').html(data.ok).show();
+        }
+    });
+    return false;
+}
+
+function _do_vm(action) {
+    $.get('/'+action+'-vm', function(data) {
+        $('#vm-message').attr('class','info').html(data.ok).show();
+    });
+}
+
+function reboot_vm() {
+    if (confirm('Opravdu chcete restartovat VM?')) {
+        _do_vm('reboot');
+    }
+    return false;
+}
+
+function shutdown_vm() {
+    if (confirm('Opravdu chcete vypnout VM?')) {
+        _do_vm('shutdown');
+    }
+    return false;
+}
diff --git a/static/js/jquery-3.3.1.min.js b/static/js/jquery-3.3.1.min.js
new file mode 100644
index 0000000..4d9b3a2
--- /dev/null
+++ b/static/js/jquery-3.3.1.min.js
@@ -0,0 +1,2 @@
+/*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */
+!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(o.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:n.sort,splice:n.splice},w.extend=w.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||g(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)||(i=Array.isArray(r)))?(i?(i=!1,o=n&&Array.isArray(n)?n:[]):o=n&&w.isPlainObject(n)?n:{},a[t]=w.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},w.extend({expando:"jQuery"+("3.3.1"+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==c.call(e))&&(!(t=i(e))||"function"==typeof(n=f.call(t,"constructor")&&t.constructor)&&p.call(n)===d)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e){m(e)},each:function(e,t){var n,r=0;if(C(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(T,"")},makeArray:function(e,t){var n=t||[];return null!=e&&(C(Object(e))?w.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:u.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r,i=[],o=0,a=e.length,s=!n;o<a;o++)(r=!t(e[o],o))!==s&&i.push(e[o]);return i},map:function(e,t,n){var r,i,o=0,s=[];if(C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function C(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!g(e)&&!y(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle"+1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=function(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},P="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",R="(?:\\\\.|[\\w-]|[^\0-\\xa0])+",I="\\["+M+"*("+R+")(?:"+M+"*([*^$|!~]?=)"+M+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+R+"))|)"+M+"*\\]",W=":("+R+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+I+")*)|.*)\\)|)",$=new RegExp(M+"+","g"),B=new RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),F=new RegExp("^"+M+"*,"+M+"*"),_=new RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),z=new RegExp("="+M+"*([^\\]'\"]*?)"+M+"*\\]","g"),X=new RegExp(W),U=new RegExp("^"+R+"$"),V={ID:new RegExp("^#("+R+")"),CLASS:new RegExp("^\\.("+R+")"),TAG:new RegExp("^("+R+"|[*])"),ATTR:new RegExp("^"+I),PSEUDO:new RegExp("^"+W),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+P+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},G=/^(?:input|select|textarea|button)$/i,Y=/^h\d$/i,Q=/^[^{]+\{\s*\[native \w/,J=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,K=/[+~]/,Z=new RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),ee=function(e,t,n){var r="0x"+t-65536;return r!==r||n?t:r<0?String.fromCharCode(r+65536):String.fromCharCode(r>>10|55296,1023&r|56320)},te=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ne=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},re=function(){p()},ie=me(function(e){return!0===e.disabled&&("form"in e||"label"in e)},{dir:"parentNode",next:"legend"});try{L.apply(A=H.call(w.childNodes),w.childNodes),A[w.childNodes.length].nodeType}catch(e){L={apply:A.length?function(e,t){q.apply(e,H.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function oe(e,t,r,i){var o,s,l,c,f,h,v,m=t&&t.ownerDocument,T=t?t.nodeType:9;if(r=r||[],"string"!=typeof e||!e||1!==T&&9!==T&&11!==T)return r;if(!i&&((t?t.ownerDocument||t:w)!==d&&p(t),t=t||d,g)){if(11!==T&&(f=J.exec(e)))if(o=f[1]){if(9===T){if(!(l=t.getElementById(o)))return r;if(l.id===o)return r.push(l),r}else if(m&&(l=m.getElementById(o))&&x(t,l)&&l.id===o)return r.push(l),r}else{if(f[2])return L.apply(r,t.getElementsByTagName(e)),r;if((o=f[3])&&n.getElementsByClassName&&t.getElementsByClassName)return L.apply(r,t.getElementsByClassName(o)),r}if(n.qsa&&!S[e+" "]&&(!y||!y.test(e))){if(1!==T)m=t,v=e;else if("object"!==t.nodeName.toLowerCase()){(c=t.getAttribute("id"))?c=c.replace(te,ne):t.setAttribute("id",c=b),s=(h=a(e)).length;while(s--)h[s]="#"+c+" "+ve(h[s]);v=h.join(","),m=K.test(e)&&ge(t.parentNode)||t}if(v)try{return L.apply(r,m.querySelectorAll(v)),r}catch(e){}finally{c===b&&t.removeAttribute("id")}}}return u(e.replace(B,"$1"),t,r,i)}function ae(){var e=[];function t(n,i){return e.push(n+" ")>r.cacheLength&&delete t[e.shift()],t[n+" "]=i}return t}function se(e){return e[b]=!0,e}function ue(e){var t=d.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function le(e,t){var n=e.split("|"),i=n.length;while(i--)r.attrHandle[n[i]]=t}function ce(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function fe(e){return function(t){return"input"===t.nodeName.toLowerCase()&&t.type===e}}function pe(e){return function(t){var n=t.nodeName.toLowerCase();return("input"===n||"button"===n)&&t.type===e}}function de(e){return function(t){return"form"in t?t.parentNode&&!1===t.disabled?"label"in t?"label"in t.parentNode?t.parentNode.disabled===e:t.disabled===e:t.isDisabled===e||t.isDisabled!==!e&&ie(t)===e:t.disabled===e:"label"in t&&t.disabled===e}}function he(e){return se(function(t){return t=+t,se(function(n,r){var i,o=e([],n.length,t),a=o.length;while(a--)n[i=o[a]]&&(n[i]=!(r[i]=n[i]))})})}function ge(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}n=oe.support={},o=oe.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return!!t&&"HTML"!==t.nodeName},p=oe.setDocument=function(e){var t,i,a=e?e.ownerDocument||e:w;return a!==d&&9===a.nodeType&&a.documentElement?(d=a,h=d.documentElement,g=!o(d),w!==d&&(i=d.defaultView)&&i.top!==i&&(i.addEventListener?i.addEventListener("unload",re,!1):i.attachEvent&&i.attachEvent("onunload",re)),n.attributes=ue(function(e){return e.className="i",!e.getAttribute("className")}),n.getElementsByTagName=ue(function(e){return e.appendChild(d.createComment("")),!e.getElementsByTagName("*").length}),n.getElementsByClassName=Q.test(d.getElementsByClassName),n.getById=ue(function(e){return h.appendChild(e).id=b,!d.getElementsByName||!d.getElementsByName(b).length}),n.getById?(r.filter.ID=function(e){var t=e.replace(Z,ee);return function(e){return e.getAttribute("id")===t}},r.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&g){var n=t.getElementById(e);return n?[n]:[]}}):(r.filter.ID=function(e){var t=e.replace(Z,ee);return function(e){var n="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return n&&n.value===t}},r.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&g){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),r.find.TAG=n.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):n.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},r.find.CLASS=n.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&g)return t.getElementsByClassName(e)},v=[],y=[],(n.qsa=Q.test(d.querySelectorAll))&&(ue(function(e){h.appendChild(e).innerHTML="<a id='"+b+"'></a><select id='"+b+"-\r\\' msallowcapture=''><option selected=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&y.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||y.push("\\["+M+"*(?:value|"+P+")"),e.querySelectorAll("[id~="+b+"-]").length||y.push("~="),e.querySelectorAll(":checked").length||y.push(":checked"),e.querySelectorAll("a#"+b+"+*").length||y.push(".#.+[+~]")}),ue(function(e){e.innerHTML="<a href='' disabled='disabled'></a><select disabled='disabled'><option/></select>";var t=d.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&y.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&y.push(":enabled",":disabled"),h.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&y.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),y.push(",.*:")})),(n.matchesSelector=Q.test(m=h.matches||h.webkitMatchesSelector||h.mozMatchesSelector||h.oMatchesSelector||h.msMatchesSelector))&&ue(function(e){n.disconnectedMatch=m.call(e,"*"),m.call(e,"[s!='']:x"),v.push("!=",W)}),y=y.length&&new RegExp(y.join("|")),v=v.length&&new RegExp(v.join("|")),t=Q.test(h.compareDocumentPosition),x=t||Q.test(h.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return f=!0,0;var r=!e.compareDocumentPosition-!t.compareDocumentPosition;return r||(1&(r=(e.ownerDocument||e)===(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!n.sortDetached&&t.compareDocumentPosition(e)===r?e===d||e.ownerDocument===w&&x(w,e)?-1:t===d||t.ownerDocument===w&&x(w,t)?1:c?O(c,e)-O(c,t):0:4&r?-1:1)}:function(e,t){if(e===t)return f=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e===d?-1:t===d?1:i?-1:o?1:c?O(c,e)-O(c,t):0;if(i===o)return ce(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?ce(a[r],s[r]):a[r]===w?-1:s[r]===w?1:0},d):d},oe.matches=function(e,t){return oe(e,null,null,t)},oe.matchesSelector=function(e,t){if((e.ownerDocument||e)!==d&&p(e),t=t.replace(z,"='$1']"),n.matchesSelector&&g&&!S[t+" "]&&(!v||!v.test(t))&&(!y||!y.test(t)))try{var r=m.call(e,t);if(r||n.disconnectedMatch||e.document&&11!==e.document.nodeType)return r}catch(e){}return oe(t,d,null,[e]).length>0},oe.contains=function(e,t){return(e.ownerDocument||e)!==d&&p(e),x(e,t)},oe.attr=function(e,t){(e.ownerDocument||e)!==d&&p(e);var i=r.attrHandle[t.toLowerCase()],o=i&&N.call(r.attrHandle,t.toLowerCase())?i(e,t,!g):void 0;return void 0!==o?o:n.attributes||!g?e.getAttribute(t):(o=e.getAttributeNode(t))&&o.specified?o.value:null},oe.escape=function(e){return(e+"").replace(te,ne)},oe.error=function(e){throw new Error("Syntax error, unrecognized expression: "+e)},oe.uniqueSort=function(e){var t,r=[],i=0,o=0;if(f=!n.detectDuplicates,c=!n.sortStable&&e.slice(0),e.sort(D),f){while(t=e[o++])t===e[o]&&(i=r.push(o));while(i--)e.splice(r[i],1)}return c=null,e},i=oe.getText=function(e){var t,n="",r=0,o=e.nodeType;if(o){if(1===o||9===o||11===o){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=i(e)}else if(3===o||4===o)return e.nodeValue}else while(t=e[r++])n+=i(t);return n},(r=oe.selectors={cacheLength:50,createPseudo:se,match:V,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(Z,ee),e[3]=(e[3]||e[4]||e[5]||"").replace(Z,ee),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||oe.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&oe.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return V.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=a(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(Z,ee).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=E[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&E(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r){var i=oe.attr(r,e);return null==i?"!="===t:!t||(i+="","="===t?i===n:"!="===t?i!==n:"^="===t?n&&0===i.indexOf(n):"*="===t?n&&i.indexOf(n)>-1:"$="===t?n&&i.slice(-n.length)===n:"~="===t?(" "+i.replace($," ")+" ").indexOf(n)>-1:"|="===t&&(i===n||i.slice(0,n.length+1)===n+"-"))}},CHILD:function(e,t,n,r,i){var o="nth"!==e.slice(0,3),a="last"!==e.slice(-4),s="of-type"===t;return 1===r&&0===i?function(e){return!!e.parentNode}:function(t,n,u){var l,c,f,p,d,h,g=o!==a?"nextSibling":"previousSibling",y=t.parentNode,v=s&&t.nodeName.toLowerCase(),m=!u&&!s,x=!1;if(y){if(o){while(g){p=t;while(p=p[g])if(s?p.nodeName.toLowerCase()===v:1===p.nodeType)return!1;h=g="only"===e&&!h&&"nextSibling"}return!0}if(h=[a?y.firstChild:y.lastChild],a&&m){x=(d=(l=(c=(f=(p=y)[b]||(p[b]={}))[p.uniqueID]||(f[p.uniqueID]={}))[e]||[])[0]===T&&l[1])&&l[2],p=d&&y.childNodes[d];while(p=++d&&p&&p[g]||(x=d=0)||h.pop())if(1===p.nodeType&&++x&&p===t){c[e]=[T,d,x];break}}else if(m&&(x=d=(l=(c=(f=(p=t)[b]||(p[b]={}))[p.uniqueID]||(f[p.uniqueID]={}))[e]||[])[0]===T&&l[1]),!1===x)while(p=++d&&p&&p[g]||(x=d=0)||h.pop())if((s?p.nodeName.toLowerCase()===v:1===p.nodeType)&&++x&&(m&&((c=(f=p[b]||(p[b]={}))[p.uniqueID]||(f[p.uniqueID]={}))[e]=[T,x]),p===t))break;return(x-=i)===r||x%r==0&&x/r>=0}}},PSEUDO:function(e,t){var n,i=r.pseudos[e]||r.setFilters[e.toLowerCase()]||oe.error("unsupported pseudo: "+e);return i[b]?i(t):i.length>1?(n=[e,e,"",t],r.setFilters.hasOwnProperty(e.toLowerCase())?se(function(e,n){var r,o=i(e,t),a=o.length;while(a--)e[r=O(e,o[a])]=!(n[r]=o[a])}):function(e){return i(e,0,n)}):i}},pseudos:{not:se(function(e){var t=[],n=[],r=s(e.replace(B,"$1"));return r[b]?se(function(e,t,n,i){var o,a=r(e,null,i,[]),s=e.length;while(s--)(o=a[s])&&(e[s]=!(t[s]=o))}):function(e,i,o){return t[0]=e,r(t,null,o,n),t[0]=null,!n.pop()}}),has:se(function(e){return function(t){return oe(e,t).length>0}}),contains:se(function(e){return e=e.replace(Z,ee),function(t){return(t.textContent||t.innerText||i(t)).indexOf(e)>-1}}),lang:se(function(e){return U.test(e||"")||oe.error("unsupported lang: "+e),e=e.replace(Z,ee).toLowerCase(),function(t){var n;do{if(n=g?t.lang:t.getAttribute("xml:lang")||t.getAttribute("lang"))return(n=n.toLowerCase())===e||0===n.indexOf(e+"-")}while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===h},focus:function(e){return e===d.activeElement&&(!d.hasFocus||d.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:de(!1),disabled:de(!0),checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,!0===e.selected},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeType<6)return!1;return!0},parent:function(e){return!r.pseudos.empty(e)},header:function(e){return Y.test(e.nodeName)},input:function(e){return G.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||"text"===t.toLowerCase())},first:he(function(){return[0]}),last:he(function(e,t){return[t-1]}),eq:he(function(e,t,n){return[n<0?n+t:n]}),even:he(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:he(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:he(function(e,t,n){for(var r=n<0?n+t:n;--r>=0;)e.push(r);return e}),gt:he(function(e,t,n){for(var r=n<0?n+t:n;++r<t;)e.push(r);return e})}}).pseudos.nth=r.pseudos.eq;for(t in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})r.pseudos[t]=fe(t);for(t in{submit:!0,reset:!0})r.pseudos[t]=pe(t);function ye(){}ye.prototype=r.filters=r.pseudos,r.setFilters=new ye,a=oe.tokenize=function(e,t){var n,i,o,a,s,u,l,c=k[e+" "];if(c)return t?0:c.slice(0);s=e,u=[],l=r.preFilter;while(s){n&&!(i=F.exec(s))||(i&&(s=s.slice(i[0].length)||s),u.push(o=[])),n=!1,(i=_.exec(s))&&(n=i.shift(),o.push({value:n,type:i[0].replace(B," ")}),s=s.slice(n.length));for(a in r.filter)!(i=V[a].exec(s))||l[a]&&!(i=l[a](i))||(n=i.shift(),o.push({value:n,type:a,matches:i}),s=s.slice(n.length));if(!n)break}return t?s.length:s?oe.error(e):k(e,u).slice(0)};function ve(e){for(var t=0,n=e.length,r="";t<n;t++)r+=e[t].value;return r}function me(e,t,n){var r=t.dir,i=t.next,o=i||r,a=n&&"parentNode"===o,s=C++;return t.first?function(t,n,i){while(t=t[r])if(1===t.nodeType||a)return e(t,n,i);return!1}:function(t,n,u){var l,c,f,p=[T,s];if(u){while(t=t[r])if((1===t.nodeType||a)&&e(t,n,u))return!0}else while(t=t[r])if(1===t.nodeType||a)if(f=t[b]||(t[b]={}),c=f[t.uniqueID]||(f[t.uniqueID]={}),i&&i===t.nodeName.toLowerCase())t=t[r]||t;else{if((l=c[o])&&l[0]===T&&l[1]===s)return p[2]=l[2];if(c[o]=p,p[2]=e(t,n,u))return!0}return!1}}function xe(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function be(e,t,n){for(var r=0,i=t.length;r<i;r++)oe(e,t[r],n);return n}function we(e,t,n,r,i){for(var o,a=[],s=0,u=e.length,l=null!=t;s<u;s++)(o=e[s])&&(n&&!n(o,r,i)||(a.push(o),l&&t.push(s)));return a}function Te(e,t,n,r,i,o){return r&&!r[b]&&(r=Te(r)),i&&!i[b]&&(i=Te(i,o)),se(function(o,a,s,u){var l,c,f,p=[],d=[],h=a.length,g=o||be(t||"*",s.nodeType?[s]:s,[]),y=!e||!o&&t?g:we(g,p,e,s,u),v=n?i||(o?e:h||r)?[]:a:y;if(n&&n(y,v,s,u),r){l=we(v,d),r(l,[],s,u),c=l.length;while(c--)(f=l[c])&&(v[d[c]]=!(y[d[c]]=f))}if(o){if(i||e){if(i){l=[],c=v.length;while(c--)(f=v[c])&&l.push(y[c]=f);i(null,v=[],l,u)}c=v.length;while(c--)(f=v[c])&&(l=i?O(o,f):p[c])>-1&&(o[l]=!(a[l]=f))}}else v=we(v===a?v.splice(h,v.length):v),i?i(null,a,v,u):L.apply(a,v)})}function Ce(e){for(var t,n,i,o=e.length,a=r.relative[e[0].type],s=a||r.relative[" "],u=a?1:0,c=me(function(e){return e===t},s,!0),f=me(function(e){return O(t,e)>-1},s,!0),p=[function(e,n,r){var i=!a&&(r||n!==l)||((t=n).nodeType?c(e,n,r):f(e,n,r));return t=null,i}];u<o;u++)if(n=r.relative[e[u].type])p=[me(xe(p),n)];else{if((n=r.filter[e[u].type].apply(null,e[u].matches))[b]){for(i=++u;i<o;i++)if(r.relative[e[i].type])break;return Te(u>1&&xe(p),u>1&&ve(e.slice(0,u-1).concat({value:" "===e[u-2].type?"*":""})).replace(B,"$1"),n,u<i&&Ce(e.slice(u,i)),i<o&&Ce(e=e.slice(i)),i<o&&ve(e))}p.push(n)}return xe(p)}function Ee(e,t){var n=t.length>0,i=e.length>0,o=function(o,a,s,u,c){var f,h,y,v=0,m="0",x=o&&[],b=[],w=l,C=o||i&&r.find.TAG("*",c),E=T+=null==w?1:Math.random()||.1,k=C.length;for(c&&(l=a===d||a||c);m!==k&&null!=(f=C[m]);m++){if(i&&f){h=0,a||f.ownerDocument===d||(p(f),s=!g);while(y=e[h++])if(y(f,a||d,s)){u.push(f);break}c&&(T=E)}n&&((f=!y&&f)&&v--,o&&x.push(f))}if(v+=m,n&&m!==v){h=0;while(y=t[h++])y(x,b,a,s);if(o){if(v>0)while(m--)x[m]||b[m]||(b[m]=j.call(u));b=we(b)}L.apply(u,b),c&&!o&&b.length>0&&v+t.length>1&&oe.uniqueSort(u)}return c&&(T=E,l=w),x};return n?se(o):o}return s=oe.compile=function(e,t){var n,r=[],i=[],o=S[e+" "];if(!o){t||(t=a(e)),n=t.length;while(n--)(o=Ce(t[n]))[b]?r.push(o):i.push(o);(o=S(e,Ee(i,r))).selector=e}return o},u=oe.select=function(e,t,n,i){var o,u,l,c,f,p="function"==typeof e&&e,d=!i&&a(e=p.selector||e);if(n=n||[],1===d.length){if((u=d[0]=d[0].slice(0)).length>2&&"ID"===(l=u[0]).type&&9===t.nodeType&&g&&r.relative[u[1].type]){if(!(t=(r.find.ID(l.matches[0].replace(Z,ee),t)||[])[0]))return n;p&&(t=t.parentNode),e=e.slice(u.shift().value.length)}o=V.needsContext.test(e)?0:u.length;while(o--){if(l=u[o],r.relative[c=l.type])break;if((f=r.find[c])&&(i=f(l.matches[0].replace(Z,ee),K.test(u[0].type)&&ge(t.parentNode)||t))){if(u.splice(o,1),!(e=i.length&&ve(u)))return L.apply(n,i),n;break}}}return(p||s(e,d))(i,t,!g,n,!t||K.test(e)&&ge(t.parentNode)||t),n},n.sortStable=b.split("").sort(D).join("")===b,n.detectDuplicates=!!f,p(),n.sortDetached=ue(function(e){return 1&e.compareDocumentPosition(d.createElement("fieldset"))}),ue(function(e){return e.innerHTML="<a href='#'></a>","#"===e.firstChild.getAttribute("href")})||le("type|href|height|width",function(e,t,n){if(!n)return e.getAttribute(t,"type"===t.toLowerCase()?1:2)}),n.attributes&&ue(function(e){return e.innerHTML="<input/>",e.firstChild.setAttribute("value",""),""===e.firstChild.getAttribute("value")})||le("value",function(e,t,n){if(!n&&"input"===e.nodeName.toLowerCase())return e.defaultValue}),ue(function(e){return null==e.getAttribute("disabled")})||le(P,function(e,t,n){var r;if(!n)return!0===e[t]?t.toLowerCase():(r=e.getAttributeNode(t))&&r.specified?r.value:null}),oe}(e);w.find=E,w.expr=E.selectors,w.expr[":"]=w.expr.pseudos,w.uniqueSort=w.unique=E.uniqueSort,w.text=E.getText,w.isXMLDoc=E.isXML,w.contains=E.contains,w.escapeSelector=E.escape;var k=function(e,t,n){var r=[],i=void 0!==n;while((e=e[t])&&9!==e.nodeType)if(1===e.nodeType){if(i&&w(e).is(n))break;r.push(e)}return r},S=function(e,t){for(var n=[];e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n},D=w.expr.match.needsContext;function N(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}var A=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,t,n){return g(t)?w.grep(e,function(e,r){return!!t.call(e,r,e)!==n}):t.nodeType?w.grep(e,function(e){return e===t!==n}):"string"!=typeof t?w.grep(e,function(e){return u.call(t,e)>-1!==n}):w.filter(t,e,n)}w.filter=function(e,t,n){var r=t[0];return n&&(e=":not("+e+")"),1===t.length&&1===r.nodeType?w.find.matchesSelector(r,e)?[r]:[]:w.find.matches(e,w.grep(t,function(e){return 1===e.nodeType}))},w.fn.extend({find:function(e){var t,n,r=this.length,i=this;if("string"!=typeof e)return this.pushStack(w(e).filter(function(){for(t=0;t<r;t++)if(w.contains(i[t],this))return!0}));for(n=this.pushStack([]),t=0;t<r;t++)w.find(e,i[t],n);return r>1?w.uniqueSort(n):n},filter:function(e){return this.pushStack(j(this,e||[],!1))},not:function(e){return this.pushStack(j(this,e||[],!0))},is:function(e){return!!j(this,"string"==typeof e&&D.test(e)?w(e):e||[],!1).length}});var q,L=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/;(w.fn.init=function(e,t,n){var i,o;if(!e)return this;if(n=n||q,"string"==typeof e){if(!(i="<"===e[0]&&">"===e[e.length-1]&&e.length>=3?[null,e,null]:L.exec(e))||!i[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(i[1]){if(t=t instanceof w?t[0]:t,w.merge(this,w.parseHTML(i[1],t&&t.nodeType?t.ownerDocument||t:r,!0)),A.test(i[1])&&w.isPlainObject(t))for(i in t)g(this[i])?this[i](t[i]):this.attr(i,t[i]);return this}return(o=r.getElementById(i[2]))&&(this[0]=o,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):g(e)?void 0!==n.ready?n.ready(e):e(w):w.makeArray(e,this)}).prototype=w.fn,q=w(r);var H=/^(?:parents|prev(?:Until|All))/,O={children:!0,contents:!0,next:!0,prev:!0};w.fn.extend({has:function(e){var t=w(e,this),n=t.length;return this.filter(function(){for(var e=0;e<n;e++)if(w.contains(this,t[e]))return!0})},closest:function(e,t){var n,r=0,i=this.length,o=[],a="string"!=typeof e&&w(e);if(!D.test(e))for(;r<i;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(n.nodeType<11&&(a?a.index(n)>-1:1===n.nodeType&&w.find.matchesSelector(n,e))){o.push(n);break}return this.pushStack(o.length>1?w.uniqueSort(o):o)},index:function(e){return e?"string"==typeof e?u.call(w(e),this[0]):u.call(this,e.jquery?e[0]:e):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){return this.pushStack(w.uniqueSort(w.merge(this.get(),w(e,t))))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}});function P(e,t){while((e=e[t])&&1!==e.nodeType);return e}w.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return k(e,"parentNode")},parentsUntil:function(e,t,n){return k(e,"parentNode",n)},next:function(e){return P(e,"nextSibling")},prev:function(e){return P(e,"previousSibling")},nextAll:function(e){return k(e,"nextSibling")},prevAll:function(e){return k(e,"previousSibling")},nextUntil:function(e,t,n){return k(e,"nextSibling",n)},prevUntil:function(e,t,n){return k(e,"previousSibling",n)},siblings:function(e){return S((e.parentNode||{}).firstChild,e)},children:function(e){return S(e.firstChild)},contents:function(e){return N(e,"iframe")?e.contentDocument:(N(e,"template")&&(e=e.content||e),w.merge([],e.childNodes))}},function(e,t){w.fn[e]=function(n,r){var i=w.map(this,t,n);return"Until"!==e.slice(-5)&&(r=n),r&&"string"==typeof r&&(i=w.filter(r,i)),this.length>1&&(O[e]||w.uniqueSort(i),H.test(e)&&i.reverse()),this.pushStack(i)}});var M=/[^\x20\t\r\n\f]+/g;function R(e){var t={};return w.each(e.match(M)||[],function(e,n){t[n]=!0}),t}w.Callbacks=function(e){e="string"==typeof e?R(e):w.extend({},e);var t,n,r,i,o=[],a=[],s=-1,u=function(){for(i=i||e.once,r=t=!0;a.length;s=-1){n=a.shift();while(++s<o.length)!1===o[s].apply(n[0],n[1])&&e.stopOnFalse&&(s=o.length,n=!1)}e.memory||(n=!1),t=!1,i&&(o=n?[]:"")},l={add:function(){return o&&(n&&!t&&(s=o.length-1,a.push(n)),function t(n){w.each(n,function(n,r){g(r)?e.unique&&l.has(r)||o.push(r):r&&r.length&&"string"!==x(r)&&t(r)})}(arguments),n&&!t&&u()),this},remove:function(){return w.each(arguments,function(e,t){var n;while((n=w.inArray(t,o,n))>-1)o.splice(n,1),n<=s&&s--}),this},has:function(e){return e?w.inArray(e,o)>-1:o.length>0},empty:function(){return o&&(o=[]),this},disable:function(){return i=a=[],o=n="",this},disabled:function(){return!o},lock:function(){return i=a=[],n||t||(o=n=""),this},locked:function(){return!!i},fireWith:function(e,n){return i||(n=[e,(n=n||[]).slice?n.slice():n],a.push(n),t||u()),this},fire:function(){return l.fireWith(this,arguments),this},fired:function(){return!!r}};return l};function I(e){return e}function W(e){throw e}function $(e,t,n,r){var i;try{e&&g(i=e.promise)?i.call(e).done(t).fail(n):e&&g(i=e.then)?i.call(e,t,n):t.apply(void 0,[e].slice(r))}catch(e){n.apply(void 0,[e])}}w.extend({Deferred:function(t){var n=[["notify","progress",w.Callbacks("memory"),w.Callbacks("memory"),2],["resolve","done",w.Callbacks("once memory"),w.Callbacks("once memory"),0,"resolved"],["reject","fail",w.Callbacks("once memory"),w.Callbacks("once memory"),1,"rejected"]],r="pending",i={state:function(){return r},always:function(){return o.done(arguments).fail(arguments),this},"catch":function(e){return i.then(null,e)},pipe:function(){var e=arguments;return w.Deferred(function(t){w.each(n,function(n,r){var i=g(e[r[4]])&&e[r[4]];o[r[1]](function(){var e=i&&i.apply(this,arguments);e&&g(e.promise)?e.promise().progress(t.notify).done(t.resolve).fail(t.reject):t[r[0]+"With"](this,i?[e]:arguments)})}),e=null}).promise()},then:function(t,r,i){var o=0;function a(t,n,r,i){return function(){var s=this,u=arguments,l=function(){var e,l;if(!(t<o)){if((e=r.apply(s,u))===n.promise())throw new TypeError("Thenable self-resolution");l=e&&("object"==typeof e||"function"==typeof e)&&e.then,g(l)?i?l.call(e,a(o,n,I,i),a(o,n,W,i)):(o++,l.call(e,a(o,n,I,i),a(o,n,W,i),a(o,n,I,n.notifyWith))):(r!==I&&(s=void 0,u=[e]),(i||n.resolveWith)(s,u))}},c=i?l:function(){try{l()}catch(e){w.Deferred.exceptionHook&&w.Deferred.exceptionHook(e,c.stackTrace),t+1>=o&&(r!==W&&(s=void 0,u=[e]),n.rejectWith(s,u))}};t?c():(w.Deferred.getStackHook&&(c.stackTrace=w.Deferred.getStackHook()),e.setTimeout(c))}}return w.Deferred(function(e){n[0][3].add(a(0,e,g(i)?i:I,e.notifyWith)),n[1][3].add(a(0,e,g(t)?t:I)),n[2][3].add(a(0,e,g(r)?r:W))}).promise()},promise:function(e){return null!=e?w.extend(e,i):i}},o={};return w.each(n,function(e,t){var a=t[2],s=t[5];i[t[1]]=a.add,s&&a.add(function(){r=s},n[3-e][2].disable,n[3-e][3].disable,n[0][2].lock,n[0][3].lock),a.add(t[3].fire),o[t[0]]=function(){return o[t[0]+"With"](this===o?void 0:this,arguments),this},o[t[0]+"With"]=a.fireWith}),i.promise(o),t&&t.call(o,o),o},when:function(e){var t=arguments.length,n=t,r=Array(n),i=o.call(arguments),a=w.Deferred(),s=function(e){return function(n){r[e]=this,i[e]=arguments.length>1?o.call(arguments):n,--t||a.resolveWith(r,i)}};if(t<=1&&($(e,a.done(s(n)).resolve,a.reject,!t),"pending"===a.state()||g(i[n]&&i[n].then)))return a.then();while(n--)$(i[n],s(n),a.reject);return a.promise()}});var B=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;w.Deferred.exceptionHook=function(t,n){e.console&&e.console.warn&&t&&B.test(t.name)&&e.console.warn("jQuery.Deferred exception: "+t.message,t.stack,n)},w.readyException=function(t){e.setTimeout(function(){throw t})};var F=w.Deferred();w.fn.ready=function(e){return F.then(e)["catch"](function(e){w.readyException(e)}),this},w.extend({isReady:!1,readyWait:1,ready:function(e){(!0===e?--w.readyWait:w.isReady)||(w.isReady=!0,!0!==e&&--w.readyWait>0||F.resolveWith(r,[w]))}}),w.ready.then=F.then;function _(){r.removeEventListener("DOMContentLoaded",_),e.removeEventListener("load",_),w.ready()}"complete"===r.readyState||"loading"!==r.readyState&&!r.documentElement.doScroll?e.setTimeout(w.ready):(r.addEventListener("DOMContentLoaded",_),e.addEventListener("load",_));var z=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===x(n)){i=!0;for(s in n)z(e,t,s,n[s],!0,o,a)}else if(void 0!==r&&(i=!0,g(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(w(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},X=/^-ms-/,U=/-([a-z])/g;function V(e,t){return t.toUpperCase()}function G(e){return e.replace(X,"ms-").replace(U,V)}var Y=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function Q(){this.expando=w.expando+Q.uid++}Q.uid=1,Q.prototype={cache:function(e){var t=e[this.expando];return t||(t={},Y(e)&&(e.nodeType?e[this.expando]=t:Object.defineProperty(e,this.expando,{value:t,configurable:!0}))),t},set:function(e,t,n){var r,i=this.cache(e);if("string"==typeof t)i[G(t)]=n;else for(r in t)i[G(r)]=t[r];return i},get:function(e,t){return void 0===t?this.cache(e):e[this.expando]&&e[this.expando][G(t)]},access:function(e,t,n){return void 0===t||t&&"string"==typeof t&&void 0===n?this.get(e,t):(this.set(e,t,n),void 0!==n?n:t)},remove:function(e,t){var n,r=e[this.expando];if(void 0!==r){if(void 0!==t){n=(t=Array.isArray(t)?t.map(G):(t=G(t))in r?[t]:t.match(M)||[]).length;while(n--)delete r[t[n]]}(void 0===t||w.isEmptyObject(r))&&(e.nodeType?e[this.expando]=void 0:delete e[this.expando])}},hasData:function(e){var t=e[this.expando];return void 0!==t&&!w.isEmptyObject(t)}};var J=new Q,K=new Q,Z=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,ee=/[A-Z]/g;function te(e){return"true"===e||"false"!==e&&("null"===e?null:e===+e+""?+e:Z.test(e)?JSON.parse(e):e)}function ne(e,t,n){var r;if(void 0===n&&1===e.nodeType)if(r="data-"+t.replace(ee,"-$&").toLowerCase(),"string"==typeof(n=e.getAttribute(r))){try{n=te(n)}catch(e){}K.set(e,t,n)}else n=void 0;return n}w.extend({hasData:function(e){return K.hasData(e)||J.hasData(e)},data:function(e,t,n){return K.access(e,t,n)},removeData:function(e,t){K.remove(e,t)},_data:function(e,t,n){return J.access(e,t,n)},_removeData:function(e,t){J.remove(e,t)}}),w.fn.extend({data:function(e,t){var n,r,i,o=this[0],a=o&&o.attributes;if(void 0===e){if(this.length&&(i=K.get(o),1===o.nodeType&&!J.get(o,"hasDataAttrs"))){n=a.length;while(n--)a[n]&&0===(r=a[n].name).indexOf("data-")&&(r=G(r.slice(5)),ne(o,r,i[r]));J.set(o,"hasDataAttrs",!0)}return i}return"object"==typeof e?this.each(function(){K.set(this,e)}):z(this,function(t){var n;if(o&&void 0===t){if(void 0!==(n=K.get(o,e)))return n;if(void 0!==(n=ne(o,e)))return n}else this.each(function(){K.set(this,e,t)})},null,t,arguments.length>1,null,!0)},removeData:function(e){return this.each(function(){K.remove(this,e)})}}),w.extend({queue:function(e,t,n){var r;if(e)return t=(t||"fx")+"queue",r=J.get(e,t),n&&(!r||Array.isArray(n)?r=J.access(e,t,w.makeArray(n)):r.push(n)),r||[]},dequeue:function(e,t){t=t||"fx";var n=w.queue(e,t),r=n.length,i=n.shift(),o=w._queueHooks(e,t),a=function(){w.dequeue(e,t)};"inprogress"===i&&(i=n.shift(),r--),i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,a,o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return J.get(e,n)||J.access(e,n,{empty:w.Callbacks("once memory").add(function(){J.remove(e,[t+"queue",n])})})}}),w.fn.extend({queue:function(e,t){var n=2;return"string"!=typeof e&&(t=e,e="fx",n--),arguments.length<n?w.queue(this[0],e):void 0===t?this:this.each(function(){var n=w.queue(this,e,t);w._queueHooks(this,e),"fx"===e&&"inprogress"!==n[0]&&w.dequeue(this,e)})},dequeue:function(e){return this.each(function(){w.dequeue(this,e)})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,t){var n,r=1,i=w.Deferred(),o=this,a=this.length,s=function(){--r||i.resolveWith(o,[o])};"string"!=typeof e&&(t=e,e=void 0),e=e||"fx";while(a--)(n=J.get(o[a],e+"queueHooks"))&&n.empty&&(r++,n.empty.add(s));return s(),i.promise(t)}});var re=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,ie=new RegExp("^(?:([+-])=|)("+re+")([a-z%]*)$","i"),oe=["Top","Right","Bottom","Left"],ae=function(e,t){return"none"===(e=t||e).style.display||""===e.style.display&&w.contains(e.ownerDocument,e)&&"none"===w.css(e,"display")},se=function(e,t,n,r){var i,o,a={};for(o in t)a[o]=e.style[o],e.style[o]=t[o];i=n.apply(e,r||[]);for(o in t)e.style[o]=a[o];return i};function ue(e,t,n,r){var i,o,a=20,s=r?function(){return r.cur()}:function(){return w.css(e,t,"")},u=s(),l=n&&n[3]||(w.cssNumber[t]?"":"px"),c=(w.cssNumber[t]||"px"!==l&&+u)&&ie.exec(w.css(e,t));if(c&&c[3]!==l){u/=2,l=l||c[3],c=+u||1;while(a--)w.style(e,t,c+l),(1-o)*(1-(o=s()/u||.5))<=0&&(a=0),c/=o;c*=2,w.style(e,t,c+l),n=n||[]}return n&&(c=+c||+u||0,i=n[1]?c+(n[1]+1)*n[2]:+n[2],r&&(r.unit=l,r.start=c,r.end=i)),i}var le={};function ce(e){var t,n=e.ownerDocument,r=e.nodeName,i=le[r];return i||(t=n.body.appendChild(n.createElement(r)),i=w.css(t,"display"),t.parentNode.removeChild(t),"none"===i&&(i="block"),le[r]=i,i)}function fe(e,t){for(var n,r,i=[],o=0,a=e.length;o<a;o++)(r=e[o]).style&&(n=r.style.display,t?("none"===n&&(i[o]=J.get(r,"display")||null,i[o]||(r.style.display="")),""===r.style.display&&ae(r)&&(i[o]=ce(r))):"none"!==n&&(i[o]="none",J.set(r,"display",n)));for(o=0;o<a;o++)null!=i[o]&&(e[o].style.display=i[o]);return e}w.fn.extend({show:function(){return fe(this,!0)},hide:function(){return fe(this)},toggle:function(e){return"boolean"==typeof e?e?this.show():this.hide():this.each(function(){ae(this)?w(this).show():w(this).hide()})}});var pe=/^(?:checkbox|radio)$/i,de=/<([a-z][^\/\0>\x20\t\r\n\f]+)/i,he=/^$|^module$|\/(?:java|ecma)script/i,ge={option:[1,"<select multiple='multiple'>","</select>"],thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:[0,"",""]};ge.optgroup=ge.option,ge.tbody=ge.tfoot=ge.colgroup=ge.caption=ge.thead,ge.th=ge.td;function ye(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&N(e,t)?w.merge([e],n):n}function ve(e,t){for(var n=0,r=e.length;n<r;n++)J.set(e[n],"globalEval",!t||J.get(t[n],"globalEval"))}var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d<h;d++)if((o=e[d])||0===o)if("object"===x(o))w.merge(p,o.nodeType?[o]:o);else if(me.test(o)){a=a||f.appendChild(t.createElement("div")),s=(de.exec(o)||["",""])[1].toLowerCase(),u=ge[s]||ge._default,a.innerHTML=u[1]+w.htmlPrefilter(o)+u[2],c=u[0];while(c--)a=a.lastChild;w.merge(p,a.childNodes),(a=f.firstChild).textContent=""}else p.push(t.createTextNode(o));f.textContent="",d=0;while(o=p[d++])if(r&&w.inArray(o,r)>-1)i&&i.push(o);else if(l=w.contains(o.ownerDocument,o),a=ye(f.appendChild(o),"script"),l&&ve(a),n){c=0;while(o=a[c++])he.test(o.type||"")&&n.push(o)}return f}!function(){var e=r.createDocumentFragment().appendChild(r.createElement("div")),t=r.createElement("input");t.setAttribute("type","radio"),t.setAttribute("checked","checked"),t.setAttribute("name","t"),e.appendChild(t),h.checkClone=e.cloneNode(!0).cloneNode(!0).lastChild.checked,e.innerHTML="<textarea>x</textarea>",h.noCloneChecked=!!e.cloneNode(!0).lastChild.defaultValue}();var be=r.documentElement,we=/^key/,Te=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,Ce=/^([^.]*)(?:\.(.+)|)/;function Ee(){return!0}function ke(){return!1}function Se(){try{return r.activeElement}catch(e){}}function De(e,t,n,r,i,o){var a,s;if("object"==typeof t){"string"!=typeof n&&(r=r||n,n=void 0);for(s in t)De(e,s,n,r,t[s],o);return e}if(null==r&&null==i?(i=n,r=n=void 0):null==i&&("string"==typeof n?(i=r,r=void 0):(i=r,r=n,n=void 0)),!1===i)i=ke;else if(!i)return e;return 1===o&&(a=i,(i=function(e){return w().off(e),a.apply(this,arguments)}).guid=a.guid||(a.guid=w.guid++)),e.each(function(){w.event.add(this,t,i,r,n)})}w.event={global:{},add:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,y=J.get(e);if(y){n.handler&&(n=(o=n).handler,i=o.selector),i&&w.find.matchesSelector(be,i),n.guid||(n.guid=w.guid++),(u=y.events)||(u=y.events={}),(a=y.handle)||(a=y.handle=function(t){return"undefined"!=typeof w&&w.event.triggered!==t.type?w.event.dispatch.apply(e,arguments):void 0}),l=(t=(t||"").match(M)||[""]).length;while(l--)d=g=(s=Ce.exec(t[l])||[])[1],h=(s[2]||"").split(".").sort(),d&&(f=w.event.special[d]||{},d=(i?f.delegateType:f.bindType)||d,f=w.event.special[d]||{},c=w.extend({type:d,origType:g,data:r,handler:n,guid:n.guid,selector:i,needsContext:i&&w.expr.match.needsContext.test(i),namespace:h.join(".")},o),(p=u[d])||((p=u[d]=[]).delegateCount=0,f.setup&&!1!==f.setup.call(e,r,h,a)||e.addEventListener&&e.addEventListener(d,a)),f.add&&(f.add.call(e,c),c.handler.guid||(c.handler.guid=n.guid)),i?p.splice(p.delegateCount++,0,c):p.push(c),w.event.global[d]=!0)}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,y=J.hasData(e)&&J.get(e);if(y&&(u=y.events)){l=(t=(t||"").match(M)||[""]).length;while(l--)if(s=Ce.exec(t[l])||[],d=g=s[1],h=(s[2]||"").split(".").sort(),d){f=w.event.special[d]||{},p=u[d=(r?f.delegateType:f.bindType)||d]||[],s=s[2]&&new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),a=o=p.length;while(o--)c=p[o],!i&&g!==c.origType||n&&n.guid!==c.guid||s&&!s.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(p.splice(o,1),c.selector&&p.delegateCount--,f.remove&&f.remove.call(e,c));a&&!p.length&&(f.teardown&&!1!==f.teardown.call(e,h,y.handle)||w.removeEvent(e,d,y.handle),delete u[d])}else for(d in u)w.event.remove(e,d+t[l],n,r,!0);w.isEmptyObject(u)&&J.remove(e,"handle events")}},dispatch:function(e){var t=w.event.fix(e),n,r,i,o,a,s,u=new Array(arguments.length),l=(J.get(this,"events")||{})[t.type]||[],c=w.event.special[t.type]||{};for(u[0]=t,n=1;n<arguments.length;n++)u[n]=arguments[n];if(t.delegateTarget=this,!c.preDispatch||!1!==c.preDispatch.call(this,t)){s=w.event.handlers.call(this,t,l),n=0;while((o=s[n++])&&!t.isPropagationStopped()){t.currentTarget=o.elem,r=0;while((a=o.handlers[r++])&&!t.isImmediatePropagationStopped())t.rnamespace&&!t.rnamespace.test(a.namespace)||(t.handleObj=a,t.data=a.data,void 0!==(i=((w.event.special[a.origType]||{}).handle||a.handler).apply(o.elem,u))&&!1===(t.result=i)&&(t.preventDefault(),t.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,t),t.result}},handlers:function(e,t){var n,r,i,o,a,s=[],u=t.delegateCount,l=e.target;if(u&&l.nodeType&&!("click"===e.type&&e.button>=1))for(;l!==this;l=l.parentNode||this)if(1===l.nodeType&&("click"!==e.type||!0!==l.disabled)){for(o=[],a={},n=0;n<u;n++)void 0===a[i=(r=t[n]).selector+" "]&&(a[i]=r.needsContext?w(i,this).index(l)>-1:w.find(i,this,null,[l]).length),a[i]&&o.push(r);o.length&&s.push({elem:l,handlers:o})}return l=this,u<t.length&&s.push({elem:l,handlers:t.slice(u)}),s},addProp:function(e,t){Object.defineProperty(w.Event.prototype,e,{enumerable:!0,configurable:!0,get:g(t)?function(){if(this.originalEvent)return t(this.originalEvent)}:function(){if(this.originalEvent)return this.originalEvent[e]},set:function(t){Object.defineProperty(this,e,{enumerable:!0,configurable:!0,writable:!0,value:t})}})},fix:function(e){return e[w.expando]?e:new w.Event(e)},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==Se()&&this.focus)return this.focus(),!1},delegateType:"focusin"},blur:{trigger:function(){if(this===Se()&&this.blur)return this.blur(),!1},delegateType:"focusout"},click:{trigger:function(){if("checkbox"===this.type&&this.click&&N(this,"input"))return this.click(),!1},_default:function(e){return N(e.target,"a")}},beforeunload:{postDispatch:function(e){void 0!==e.result&&e.originalEvent&&(e.originalEvent.returnValue=e.result)}}}},w.removeEvent=function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n)},w.Event=function(e,t){if(!(this instanceof w.Event))return new w.Event(e,t);e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||void 0===e.defaultPrevented&&!1===e.returnValue?Ee:ke,this.target=e.target&&3===e.target.nodeType?e.target.parentNode:e.target,this.currentTarget=e.currentTarget,this.relatedTarget=e.relatedTarget):this.type=e,t&&w.extend(this,t),this.timeStamp=e&&e.timeStamp||Date.now(),this[w.expando]=!0},w.Event.prototype={constructor:w.Event,isDefaultPrevented:ke,isPropagationStopped:ke,isImmediatePropagationStopped:ke,isSimulated:!1,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=Ee,e&&!this.isSimulated&&e.preventDefault()},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=Ee,e&&!this.isSimulated&&e.stopPropagation()},stopImmediatePropagation:function(){var e=this.originalEvent;this.isImmediatePropagationStopped=Ee,e&&!this.isSimulated&&e.stopImmediatePropagation(),this.stopPropagation()}},w.each({altKey:!0,bubbles:!0,cancelable:!0,changedTouches:!0,ctrlKey:!0,detail:!0,eventPhase:!0,metaKey:!0,pageX:!0,pageY:!0,shiftKey:!0,view:!0,"char":!0,charCode:!0,key:!0,keyCode:!0,button:!0,buttons:!0,clientX:!0,clientY:!0,offsetX:!0,offsetY:!0,pointerId:!0,pointerType:!0,screenX:!0,screenY:!0,targetTouches:!0,toElement:!0,touches:!0,which:function(e){var t=e.button;return null==e.which&&we.test(e.type)?null!=e.charCode?e.charCode:e.keyCode:!e.which&&void 0!==t&&Te.test(e.type)?1&t?1:2&t?3:4&t?2:0:e.which}},w.event.addProp),w.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(e,t){w.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,o=e.handleObj;return i&&(i===r||w.contains(r,i))||(e.type=o.origType,n=o.handler.apply(this,arguments),e.type=t),n}}}),w.fn.extend({on:function(e,t,n,r){return De(this,e,t,n,r)},one:function(e,t,n,r){return De(this,e,t,n,r,1)},off:function(e,t,n){var r,i;if(e&&e.preventDefault&&e.handleObj)return r=e.handleObj,w(e.delegateTarget).off(r.namespace?r.origType+"."+r.namespace:r.origType,r.selector,r.handler),this;if("object"==typeof e){for(i in e)this.off(i,t,e[i]);return this}return!1!==t&&"function"!=typeof t||(n=t,t=void 0),!1===n&&(n=ke),this.each(function(){w.event.remove(this,e,n,t)})}});var Ne=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,Ae=/<script|<style|<link/i,je=/checked\s*(?:[^=]|=\s*.checked.)/i,qe=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;function Le(e,t){return N(e,"table")&&N(11!==t.nodeType?t:t.firstChild,"tr")?w(e).children("tbody")[0]||e:e}function He(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function Oe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Pe(e,t){var n,r,i,o,a,s,u,l;if(1===t.nodeType){if(J.hasData(e)&&(o=J.access(e),a=J.set(t,o),l=o.events)){delete a.handle,a.events={};for(i in l)for(n=0,r=l[i].length;n<r;n++)w.event.add(t,i,l[i][n])}K.hasData(e)&&(s=K.access(e),u=w.extend({},s),K.set(t,u))}}function Me(e,t){var n=t.nodeName.toLowerCase();"input"===n&&pe.test(e.type)?t.checked=e.checked:"input"!==n&&"textarea"!==n||(t.defaultValue=e.defaultValue)}function Re(e,t,n,r){t=a.apply([],t);var i,o,s,u,l,c,f=0,p=e.length,d=p-1,y=t[0],v=g(y);if(v||p>1&&"string"==typeof y&&!h.checkClone&&je.test(y))return e.each(function(i){var o=e.eq(i);v&&(t[0]=y.call(this,i,o.html())),Re(o,t,n,r)});if(p&&(i=xe(t,e[0].ownerDocument,!1,e,r),o=i.firstChild,1===i.childNodes.length&&(i=o),o||r)){for(u=(s=w.map(ye(i,"script"),He)).length;f<p;f++)l=i,f!==d&&(l=w.clone(l,!0,!0),u&&w.merge(s,ye(l,"script"))),n.call(e[f],l,f);if(u)for(c=s[s.length-1].ownerDocument,w.map(s,Oe),f=0;f<u;f++)l=s[f],he.test(l.type||"")&&!J.access(l,"globalEval")&&w.contains(c,l)&&(l.src&&"module"!==(l.type||"").toLowerCase()?w._evalUrl&&w._evalUrl(l.src):m(l.textContent.replace(qe,""),c,l))}return e}function Ie(e,t,n){for(var r,i=t?w.filter(t,e):e,o=0;null!=(r=i[o]);o++)n||1!==r.nodeType||w.cleanData(ye(r)),r.parentNode&&(n&&w.contains(r.ownerDocument,r)&&ve(ye(r,"script")),r.parentNode.removeChild(r));return e}w.extend({htmlPrefilter:function(e){return e.replace(Ne,"<$1></$2>")},clone:function(e,t,n){var r,i,o,a,s=e.cloneNode(!0),u=w.contains(e.ownerDocument,e);if(!(h.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||w.isXMLDoc(e)))for(a=ye(s),r=0,i=(o=ye(e)).length;r<i;r++)Me(o[r],a[r]);if(t)if(n)for(o=o||ye(e),a=a||ye(s),r=0,i=o.length;r<i;r++)Pe(o[r],a[r]);else Pe(e,s);return(a=ye(s,"script")).length>0&&ve(a,!u&&ye(e,"script")),s},cleanData:function(e){for(var t,n,r,i=w.event.special,o=0;void 0!==(n=e[o]);o++)if(Y(n)){if(t=n[J.expando]){if(t.events)for(r in t.events)i[r]?w.event.remove(n,r):w.removeEvent(n,r,t.handle);n[J.expando]=void 0}n[K.expando]&&(n[K.expando]=void 0)}}}),w.fn.extend({detach:function(e){return Ie(this,e,!0)},remove:function(e){return Ie(this,e)},text:function(e){return z(this,function(e){return void 0===e?w.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=e)})},null,e,arguments.length)},append:function(){return Re(this,arguments,function(e){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||Le(this,e).appendChild(e)})},prepend:function(){return Re(this,arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=Le(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return Re(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return Re(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},empty:function(){for(var e,t=0;null!=(e=this[t]);t++)1===e.nodeType&&(w.cleanData(ye(e,!1)),e.textContent="");return this},clone:function(e,t){return e=null!=e&&e,t=null==t?e:t,this.map(function(){return w.clone(this,e,t)})},html:function(e){return z(this,function(e){var t=this[0]||{},n=0,r=this.length;if(void 0===e&&1===t.nodeType)return t.innerHTML;if("string"==typeof e&&!Ae.test(e)&&!ge[(de.exec(e)||["",""])[1].toLowerCase()]){e=w.htmlPrefilter(e);try{for(;n<r;n++)1===(t=this[n]||{}).nodeType&&(w.cleanData(ye(t,!1)),t.innerHTML=e);t=0}catch(e){}}t&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(){var e=[];return Re(this,arguments,function(t){var n=this.parentNode;w.inArray(this,e)<0&&(w.cleanData(ye(this)),n&&n.replaceChild(t,this))},e)}}),w.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){w.fn[e]=function(e){for(var n,r=[],i=w(e),o=i.length-1,a=0;a<=o;a++)n=a===o?this:this.clone(!0),w(i[a])[t](n),s.apply(r,n.get());return this.pushStack(r)}});var We=new RegExp("^("+re+")(?!px)[a-z%]+$","i"),$e=function(t){var n=t.ownerDocument.defaultView;return n&&n.opener||(n=e),n.getComputedStyle(t)},Be=new RegExp(oe.join("|"),"i");!function(){function t(){if(c){l.style.cssText="position:absolute;left:-11111px;width:60px;margin-top:1px;padding:0;border:0",c.style.cssText="position:relative;display:block;box-sizing:border-box;overflow:scroll;margin:auto;border:1px;padding:1px;width:60%;top:1%",be.appendChild(l).appendChild(c);var t=e.getComputedStyle(c);i="1%"!==t.top,u=12===n(t.marginLeft),c.style.right="60%",s=36===n(t.right),o=36===n(t.width),c.style.position="absolute",a=36===c.offsetWidth||"absolute",be.removeChild(l),c=null}}function n(e){return Math.round(parseFloat(e))}var i,o,a,s,u,l=r.createElement("div"),c=r.createElement("div");c.style&&(c.style.backgroundClip="content-box",c.cloneNode(!0).style.backgroundClip="",h.clearCloneStyle="content-box"===c.style.backgroundClip,w.extend(h,{boxSizingReliable:function(){return t(),o},pixelBoxStyles:function(){return t(),s},pixelPosition:function(){return t(),i},reliableMarginLeft:function(){return t(),u},scrollboxSize:function(){return t(),a}}))}();function Fe(e,t,n){var r,i,o,a,s=e.style;return(n=n||$e(e))&&(""!==(a=n.getPropertyValue(t)||n[t])||w.contains(e.ownerDocument,e)||(a=w.style(e,t)),!h.pixelBoxStyles()&&We.test(a)&&Be.test(t)&&(r=s.width,i=s.minWidth,o=s.maxWidth,s.minWidth=s.maxWidth=s.width=a,a=n.width,s.width=r,s.minWidth=i,s.maxWidth=o)),void 0!==a?a+"":a}function _e(e,t){return{get:function(){if(!e())return(this.get=t).apply(this,arguments);delete this.get}}}var ze=/^(none|table(?!-c[ea]).+)/,Xe=/^--/,Ue={position:"absolute",visibility:"hidden",display:"block"},Ve={letterSpacing:"0",fontWeight:"400"},Ge=["Webkit","Moz","ms"],Ye=r.createElement("div").style;function Qe(e){if(e in Ye)return e;var t=e[0].toUpperCase()+e.slice(1),n=Ge.length;while(n--)if((e=Ge[n]+t)in Ye)return e}function Je(e){var t=w.cssProps[e];return t||(t=w.cssProps[e]=Qe(e)||e),t}function Ke(e,t,n){var r=ie.exec(t);return r?Math.max(0,r[2]-(n||0))+(r[3]||"px"):t}function Ze(e,t,n,r,i,o){var a="width"===t?1:0,s=0,u=0;if(n===(r?"border":"content"))return 0;for(;a<4;a+=2)"margin"===n&&(u+=w.css(e,n+oe[a],!0,i)),r?("content"===n&&(u-=w.css(e,"padding"+oe[a],!0,i)),"margin"!==n&&(u-=w.css(e,"border"+oe[a]+"Width",!0,i))):(u+=w.css(e,"padding"+oe[a],!0,i),"padding"!==n?u+=w.css(e,"border"+oe[a]+"Width",!0,i):s+=w.css(e,"border"+oe[a]+"Width",!0,i));return!r&&o>=0&&(u+=Math.max(0,Math.ceil(e["offset"+t[0].toUpperCase()+t.slice(1)]-o-u-s-.5))),u}function et(e,t,n){var r=$e(e),i=Fe(e,t,r),o="border-box"===w.css(e,"boxSizing",!1,r),a=o;if(We.test(i)){if(!n)return i;i="auto"}return a=a&&(h.boxSizingReliable()||i===e.style[t]),("auto"===i||!parseFloat(i)&&"inline"===w.css(e,"display",!1,r))&&(i=e["offset"+t[0].toUpperCase()+t.slice(1)],a=!0),(i=parseFloat(i)||0)+Ze(e,t,n||(o?"border":"content"),a,r,i)+"px"}w.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Fe(e,"opacity");return""===n?"1":n}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{},style:function(e,t,n,r){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var i,o,a,s=G(t),u=Xe.test(t),l=e.style;if(u||(t=Je(s)),a=w.cssHooks[t]||w.cssHooks[s],void 0===n)return a&&"get"in a&&void 0!==(i=a.get(e,!1,r))?i:l[t];"string"==(o=typeof n)&&(i=ie.exec(n))&&i[1]&&(n=ue(e,t,i),o="number"),null!=n&&n===n&&("number"===o&&(n+=i&&i[3]||(w.cssNumber[s]?"":"px")),h.clearCloneStyle||""!==n||0!==t.indexOf("background")||(l[t]="inherit"),a&&"set"in a&&void 0===(n=a.set(e,n,r))||(u?l.setProperty(t,n):l[t]=n))}},css:function(e,t,n,r){var i,o,a,s=G(t);return Xe.test(t)||(t=Je(s)),(a=w.cssHooks[t]||w.cssHooks[s])&&"get"in a&&(i=a.get(e,!0,n)),void 0===i&&(i=Fe(e,t,r)),"normal"===i&&t in Ve&&(i=Ve[t]),""===n||n?(o=parseFloat(i),!0===n||isFinite(o)?o||0:i):i}}),w.each(["height","width"],function(e,t){w.cssHooks[t]={get:function(e,n,r){if(n)return!ze.test(w.css(e,"display"))||e.getClientRects().length&&e.getBoundingClientRect().width?et(e,t,r):se(e,Ue,function(){return et(e,t,r)})},set:function(e,n,r){var i,o=$e(e),a="border-box"===w.css(e,"boxSizing",!1,o),s=r&&Ze(e,t,r,a,o);return a&&h.scrollboxSize()===o.position&&(s-=Math.ceil(e["offset"+t[0].toUpperCase()+t.slice(1)]-parseFloat(o[t])-Ze(e,t,"border",!1,o)-.5)),s&&(i=ie.exec(n))&&"px"!==(i[3]||"px")&&(e.style[t]=n,n=w.css(e,t)),Ke(e,n,s)}}}),w.cssHooks.marginLeft=_e(h.reliableMarginLeft,function(e,t){if(t)return(parseFloat(Fe(e,"marginLeft"))||e.getBoundingClientRect().left-se(e,{marginLeft:0},function(){return e.getBoundingClientRect().left}))+"px"}),w.each({margin:"",padding:"",border:"Width"},function(e,t){w.cssHooks[e+t]={expand:function(n){for(var r=0,i={},o="string"==typeof n?n.split(" "):[n];r<4;r++)i[e+oe[r]+t]=o[r]||o[r-2]||o[0];return i}},"margin"!==e&&(w.cssHooks[e+t].set=Ke)}),w.fn.extend({css:function(e,t){return z(this,function(e,t,n){var r,i,o={},a=0;if(Array.isArray(t)){for(r=$e(e),i=t.length;a<i;a++)o[t[a]]=w.css(e,t[a],!1,r);return o}return void 0!==n?w.style(e,t,n):w.css(e,t)},e,t,arguments.length>1)}});function tt(e,t,n,r,i){return new tt.prototype.init(e,t,n,r,i)}w.Tween=tt,tt.prototype={constructor:tt,init:function(e,t,n,r,i,o){this.elem=e,this.prop=n,this.easing=i||w.easing._default,this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=o||(w.cssNumber[n]?"":"px")},cur:function(){var e=tt.propHooks[this.prop];return e&&e.get?e.get(this):tt.propHooks._default.get(this)},run:function(e){var t,n=tt.propHooks[this.prop];return this.options.duration?this.pos=t=w.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):this.pos=t=e,this.now=(this.end-this.start)*t+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):tt.propHooks._default.set(this),this}},tt.prototype.init.prototype=tt.prototype,tt.propHooks={_default:{get:function(e){var t;return 1!==e.elem.nodeType||null!=e.elem[e.prop]&&null==e.elem.style[e.prop]?e.elem[e.prop]:(t=w.css(e.elem,e.prop,""))&&"auto"!==t?t:0},set:function(e){w.fx.step[e.prop]?w.fx.step[e.prop](e):1!==e.elem.nodeType||null==e.elem.style[w.cssProps[e.prop]]&&!w.cssHooks[e.prop]?e.elem[e.prop]=e.now:w.style(e.elem,e.prop,e.now+e.unit)}}},tt.propHooks.scrollTop=tt.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},w.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2},_default:"swing"},w.fx=tt.prototype.init,w.fx.step={};var nt,rt,it=/^(?:toggle|show|hide)$/,ot=/queueHooks$/;function at(){rt&&(!1===r.hidden&&e.requestAnimationFrame?e.requestAnimationFrame(at):e.setTimeout(at,w.fx.interval),w.fx.tick())}function st(){return e.setTimeout(function(){nt=void 0}),nt=Date.now()}function ut(e,t){var n,r=0,i={height:e};for(t=t?1:0;r<4;r+=2-t)i["margin"+(n=oe[r])]=i["padding"+n]=e;return t&&(i.opacity=i.width=e),i}function lt(e,t,n){for(var r,i=(pt.tweeners[t]||[]).concat(pt.tweeners["*"]),o=0,a=i.length;o<a;o++)if(r=i[o].call(n,t,e))return r}function ct(e,t,n){var r,i,o,a,s,u,l,c,f="width"in t||"height"in t,p=this,d={},h=e.style,g=e.nodeType&&ae(e),y=J.get(e,"fxshow");n.queue||(null==(a=w._queueHooks(e,"fx")).unqueued&&(a.unqueued=0,s=a.empty.fire,a.empty.fire=function(){a.unqueued||s()}),a.unqueued++,p.always(function(){p.always(function(){a.unqueued--,w.queue(e,"fx").length||a.empty.fire()})}));for(r in t)if(i=t[r],it.test(i)){if(delete t[r],o=o||"toggle"===i,i===(g?"hide":"show")){if("show"!==i||!y||void 0===y[r])continue;g=!0}d[r]=y&&y[r]||w.style(e,r)}if((u=!w.isEmptyObject(t))||!w.isEmptyObject(d)){f&&1===e.nodeType&&(n.overflow=[h.overflow,h.overflowX,h.overflowY],null==(l=y&&y.display)&&(l=J.get(e,"display")),"none"===(c=w.css(e,"display"))&&(l?c=l:(fe([e],!0),l=e.style.display||l,c=w.css(e,"display"),fe([e]))),("inline"===c||"inline-block"===c&&null!=l)&&"none"===w.css(e,"float")&&(u||(p.done(function(){h.display=l}),null==l&&(c=h.display,l="none"===c?"":c)),h.display="inline-block")),n.overflow&&(h.overflow="hidden",p.always(function(){h.overflow=n.overflow[0],h.overflowX=n.overflow[1],h.overflowY=n.overflow[2]})),u=!1;for(r in d)u||(y?"hidden"in y&&(g=y.hidden):y=J.access(e,"fxshow",{display:l}),o&&(y.hidden=!g),g&&fe([e],!0),p.done(function(){g||fe([e]),J.remove(e,"fxshow");for(r in d)w.style(e,r,d[r])})),u=lt(g?y[r]:0,r,p),r in y||(y[r]=u.start,g&&(u.end=u.start,u.start=0))}}function ft(e,t){var n,r,i,o,a;for(n in e)if(r=G(n),i=t[r],o=e[n],Array.isArray(o)&&(i=o[1],o=e[n]=o[0]),n!==r&&(e[r]=o,delete e[n]),(a=w.cssHooks[r])&&"expand"in a){o=a.expand(o),delete e[r];for(n in o)n in e||(e[n]=o[n],t[n]=i)}else t[r]=i}function pt(e,t,n){var r,i,o=0,a=pt.prefilters.length,s=w.Deferred().always(function(){delete u.elem}),u=function(){if(i)return!1;for(var t=nt||st(),n=Math.max(0,l.startTime+l.duration-t),r=1-(n/l.duration||0),o=0,a=l.tweens.length;o<a;o++)l.tweens[o].run(r);return s.notifyWith(e,[l,r,n]),r<1&&a?n:(a||s.notifyWith(e,[l,1,0]),s.resolveWith(e,[l]),!1)},l=s.promise({elem:e,props:w.extend({},t),opts:w.extend(!0,{specialEasing:{},easing:w.easing._default},n),originalProperties:t,originalOptions:n,startTime:nt||st(),duration:n.duration,tweens:[],createTween:function(t,n){var r=w.Tween(e,l.opts,t,n,l.opts.specialEasing[t]||l.opts.easing);return l.tweens.push(r),r},stop:function(t){var n=0,r=t?l.tweens.length:0;if(i)return this;for(i=!0;n<r;n++)l.tweens[n].run(1);return t?(s.notifyWith(e,[l,1,0]),s.resolveWith(e,[l,t])):s.rejectWith(e,[l,t]),this}}),c=l.props;for(ft(c,l.opts.specialEasing);o<a;o++)if(r=pt.prefilters[o].call(l,e,c,l.opts))return g(r.stop)&&(w._queueHooks(l.elem,l.opts.queue).stop=r.stop.bind(r)),r;return w.map(c,lt,l),g(l.opts.start)&&l.opts.start.call(e,l),l.progress(l.opts.progress).done(l.opts.done,l.opts.complete).fail(l.opts.fail).always(l.opts.always),w.fx.timer(w.extend(u,{elem:e,anim:l,queue:l.opts.queue})),l}w.Animation=w.extend(pt,{tweeners:{"*":[function(e,t){var n=this.createTween(e,t);return ue(n.elem,e,ie.exec(t),n),n}]},tweener:function(e,t){g(e)?(t=e,e=["*"]):e=e.match(M);for(var n,r=0,i=e.length;r<i;r++)n=e[r],pt.tweeners[n]=pt.tweeners[n]||[],pt.tweeners[n].unshift(t)},prefilters:[ct],prefilter:function(e,t){t?pt.prefilters.unshift(e):pt.prefilters.push(e)}}),w.speed=function(e,t,n){var r=e&&"object"==typeof e?w.extend({},e):{complete:n||!n&&t||g(e)&&e,duration:e,easing:n&&t||t&&!g(t)&&t};return w.fx.off?r.duration=0:"number"!=typeof r.duration&&(r.duration in w.fx.speeds?r.duration=w.fx.speeds[r.duration]:r.duration=w.fx.speeds._default),null!=r.queue&&!0!==r.queue||(r.queue="fx"),r.old=r.complete,r.complete=function(){g(r.old)&&r.old.call(this),r.queue&&w.dequeue(this,r.queue)},r},w.fn.extend({fadeTo:function(e,t,n,r){return this.filter(ae).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(e,t,n,r){var i=w.isEmptyObject(e),o=w.speed(t,n,r),a=function(){var t=pt(this,w.extend({},e),o);(i||J.get(this,"finish"))&&t.stop(!0)};return a.finish=a,i||!1===o.queue?this.each(a):this.queue(o.queue,a)},stop:function(e,t,n){var r=function(e){var t=e.stop;delete e.stop,t(n)};return"string"!=typeof e&&(n=t,t=e,e=void 0),t&&!1!==e&&this.queue(e||"fx",[]),this.each(function(){var t=!0,i=null!=e&&e+"queueHooks",o=w.timers,a=J.get(this);if(i)a[i]&&a[i].stop&&r(a[i]);else for(i in a)a[i]&&a[i].stop&&ot.test(i)&&r(a[i]);for(i=o.length;i--;)o[i].elem!==this||null!=e&&o[i].queue!==e||(o[i].anim.stop(n),t=!1,o.splice(i,1));!t&&n||w.dequeue(this,e)})},finish:function(e){return!1!==e&&(e=e||"fx"),this.each(function(){var t,n=J.get(this),r=n[e+"queue"],i=n[e+"queueHooks"],o=w.timers,a=r?r.length:0;for(n.finish=!0,w.queue(this,e,[]),i&&i.stop&&i.stop.call(this,!0),t=o.length;t--;)o[t].elem===this&&o[t].queue===e&&(o[t].anim.stop(!0),o.splice(t,1));for(t=0;t<a;t++)r[t]&&r[t].finish&&r[t].finish.call(this);delete n.finish})}}),w.each(["toggle","show","hide"],function(e,t){var n=w.fn[t];w.fn[t]=function(e,r,i){return null==e||"boolean"==typeof e?n.apply(this,arguments):this.animate(ut(t,!0),e,r,i)}}),w.each({slideDown:ut("show"),slideUp:ut("hide"),slideToggle:ut("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,t){w.fn[e]=function(e,n,r){return this.animate(t,e,n,r)}}),w.timers=[],w.fx.tick=function(){var e,t=0,n=w.timers;for(nt=Date.now();t<n.length;t++)(e=n[t])()||n[t]!==e||n.splice(t--,1);n.length||w.fx.stop(),nt=void 0},w.fx.timer=function(e){w.timers.push(e),w.fx.start()},w.fx.interval=13,w.fx.start=function(){rt||(rt=!0,at())},w.fx.stop=function(){rt=null},w.fx.speeds={slow:600,fast:200,_default:400},w.fn.delay=function(t,n){return t=w.fx?w.fx.speeds[t]||t:t,n=n||"fx",this.queue(n,function(n,r){var i=e.setTimeout(n,t);r.stop=function(){e.clearTimeout(i)}})},function(){var e=r.createElement("input"),t=r.createElement("select").appendChild(r.createElement("option"));e.type="checkbox",h.checkOn=""!==e.value,h.optSelected=t.selected,(e=r.createElement("input")).value="t",e.type="radio",h.radioValue="t"===e.value}();var dt,ht=w.expr.attrHandle;w.fn.extend({attr:function(e,t){return z(this,w.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){w.removeAttr(this,e)})}}),w.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?w.prop(e,t,n):(1===o&&w.isXMLDoc(e)||(i=w.attrHooks[t.toLowerCase()]||(w.expr.match.bool.test(t)?dt:void 0)),void 0!==n?null===n?void w.removeAttr(e,t):i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:(e.setAttribute(t,n+""),n):i&&"get"in i&&null!==(r=i.get(e,t))?r:null==(r=w.find.attr(e,t))?void 0:r)},attrHooks:{type:{set:function(e,t){if(!h.radioValue&&"radio"===t&&N(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},removeAttr:function(e,t){var n,r=0,i=t&&t.match(M);if(i&&1===e.nodeType)while(n=i[r++])e.removeAttribute(n)}}),dt={set:function(e,t,n){return!1===t?w.removeAttr(e,n):e.setAttribute(n,n),n}},w.each(w.expr.match.bool.source.match(/\w+/g),function(e,t){var n=ht[t]||w.find.attr;ht[t]=function(e,t,r){var i,o,a=t.toLowerCase();return r||(o=ht[a],ht[a]=i,i=null!=n(e,t,r)?a:null,ht[a]=o),i}});var gt=/^(?:input|select|textarea|button)$/i,yt=/^(?:a|area)$/i;w.fn.extend({prop:function(e,t){return z(this,w.prop,e,t,arguments.length>1)},removeProp:function(e){return this.each(function(){delete this[w.propFix[e]||e]})}}),w.extend({prop:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return 1===o&&w.isXMLDoc(e)||(t=w.propFix[t]||t,i=w.propHooks[t]),void 0!==n?i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=w.find.attr(e,"tabindex");return t?parseInt(t,10):gt.test(e.nodeName)||yt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),h.optSelected||(w.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null},set:function(e){var t=e.parentNode;t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex)}}),w.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){w.propFix[this.toLowerCase()]=this});function vt(e){return(e.match(M)||[]).join(" ")}function mt(e){return e.getAttribute&&e.getAttribute("class")||""}function xt(e){return Array.isArray(e)?e:"string"==typeof e?e.match(M)||[]:[]}w.fn.extend({addClass:function(e){var t,n,r,i,o,a,s,u=0;if(g(e))return this.each(function(t){w(this).addClass(e.call(this,t,mt(this)))});if((t=xt(e)).length)while(n=this[u++])if(i=mt(n),r=1===n.nodeType&&" "+vt(i)+" "){a=0;while(o=t[a++])r.indexOf(" "+o+" ")<0&&(r+=o+" ");i!==(s=vt(r))&&n.setAttribute("class",s)}return this},removeClass:function(e){var t,n,r,i,o,a,s,u=0;if(g(e))return this.each(function(t){w(this).removeClass(e.call(this,t,mt(this)))});if(!arguments.length)return this.attr("class","");if((t=xt(e)).length)while(n=this[u++])if(i=mt(n),r=1===n.nodeType&&" "+vt(i)+" "){a=0;while(o=t[a++])while(r.indexOf(" "+o+" ")>-1)r=r.replace(" "+o+" "," ");i!==(s=vt(r))&&n.setAttribute("class",s)}return this},toggleClass:function(e,t){var n=typeof e,r="string"===n||Array.isArray(e);return"boolean"==typeof t&&r?t?this.addClass(e):this.removeClass(e):g(e)?this.each(function(n){w(this).toggleClass(e.call(this,n,mt(this),t),t)}):this.each(function(){var t,i,o,a;if(r){i=0,o=w(this),a=xt(e);while(t=a[i++])o.hasClass(t)?o.removeClass(t):o.addClass(t)}else void 0!==e&&"boolean"!==n||((t=mt(this))&&J.set(this,"__className__",t),this.setAttribute&&this.setAttribute("class",t||!1===e?"":J.get(this,"__className__")||""))})},hasClass:function(e){var t,n,r=0;t=" "+e+" ";while(n=this[r++])if(1===n.nodeType&&(" "+vt(mt(n))+" ").indexOf(t)>-1)return!0;return!1}});var bt=/\r/g;w.fn.extend({val:function(e){var t,n,r,i=this[0];{if(arguments.length)return r=g(e),this.each(function(n){var i;1===this.nodeType&&(null==(i=r?e.call(this,n,w(this).val()):e)?i="":"number"==typeof i?i+="":Array.isArray(i)&&(i=w.map(i,function(e){return null==e?"":e+""})),(t=w.valHooks[this.type]||w.valHooks[this.nodeName.toLowerCase()])&&"set"in t&&void 0!==t.set(this,i,"value")||(this.value=i))});if(i)return(t=w.valHooks[i.type]||w.valHooks[i.nodeName.toLowerCase()])&&"get"in t&&void 0!==(n=t.get(i,"value"))?n:"string"==typeof(n=i.value)?n.replace(bt,""):null==n?"":n}}}),w.extend({valHooks:{option:{get:function(e){var t=w.find.attr(e,"value");return null!=t?t:vt(w.text(e))}},select:{get:function(e){var t,n,r,i=e.options,o=e.selectedIndex,a="select-one"===e.type,s=a?null:[],u=a?o+1:i.length;for(r=o<0?u:a?o:0;r<u;r++)if(((n=i[r]).selected||r===o)&&!n.disabled&&(!n.parentNode.disabled||!N(n.parentNode,"optgroup"))){if(t=w(n).val(),a)return t;s.push(t)}return s},set:function(e,t){var n,r,i=e.options,o=w.makeArray(t),a=i.length;while(a--)((r=i[a]).selected=w.inArray(w.valHooks.option.get(r),o)>-1)&&(n=!0);return n||(e.selectedIndex=-1),o}}}}),w.each(["radio","checkbox"],function(){w.valHooks[this]={set:function(e,t){if(Array.isArray(t))return e.checked=w.inArray(w(e).val(),t)>-1}},h.checkOn||(w.valHooks[this].get=function(e){return null===e.getAttribute("value")?"on":e.value})}),h.focusin="onfocusin"in e;var wt=/^(?:focusinfocus|focusoutblur)$/,Tt=function(e){e.stopPropagation()};w.extend(w.event,{trigger:function(t,n,i,o){var a,s,u,l,c,p,d,h,v=[i||r],m=f.call(t,"type")?t.type:t,x=f.call(t,"namespace")?t.namespace.split("."):[];if(s=h=u=i=i||r,3!==i.nodeType&&8!==i.nodeType&&!wt.test(m+w.event.triggered)&&(m.indexOf(".")>-1&&(m=(x=m.split(".")).shift(),x.sort()),c=m.indexOf(":")<0&&"on"+m,t=t[w.expando]?t:new w.Event(m,"object"==typeof t&&t),t.isTrigger=o?2:3,t.namespace=x.join("."),t.rnamespace=t.namespace?new RegExp("(^|\\.)"+x.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,t.result=void 0,t.target||(t.target=i),n=null==n?[t]:w.makeArray(n,[t]),d=w.event.special[m]||{},o||!d.trigger||!1!==d.trigger.apply(i,n))){if(!o&&!d.noBubble&&!y(i)){for(l=d.delegateType||m,wt.test(l+m)||(s=s.parentNode);s;s=s.parentNode)v.push(s),u=s;u===(i.ownerDocument||r)&&v.push(u.defaultView||u.parentWindow||e)}a=0;while((s=v[a++])&&!t.isPropagationStopped())h=s,t.type=a>1?l:d.bindType||m,(p=(J.get(s,"events")||{})[t.type]&&J.get(s,"handle"))&&p.apply(s,n),(p=c&&s[c])&&p.apply&&Y(s)&&(t.result=p.apply(s,n),!1===t.result&&t.preventDefault());return t.type=m,o||t.isDefaultPrevented()||d._default&&!1!==d._default.apply(v.pop(),n)||!Y(i)||c&&g(i[m])&&!y(i)&&((u=i[c])&&(i[c]=null),w.event.triggered=m,t.isPropagationStopped()&&h.addEventListener(m,Tt),i[m](),t.isPropagationStopped()&&h.removeEventListener(m,Tt),w.event.triggered=void 0,u&&(i[c]=u)),t.result}},simulate:function(e,t,n){var r=w.extend(new w.Event,n,{type:e,isSimulated:!0});w.event.trigger(r,null,t)}}),w.fn.extend({trigger:function(e,t){return this.each(function(){w.event.trigger(e,t,this)})},triggerHandler:function(e,t){var n=this[0];if(n)return w.event.trigger(e,t,n,!0)}}),h.focusin||w.each({focus:"focusin",blur:"focusout"},function(e,t){var n=function(e){w.event.simulate(t,e.target,w.event.fix(e))};w.event.special[t]={setup:function(){var r=this.ownerDocument||this,i=J.access(r,t);i||r.addEventListener(e,n,!0),J.access(r,t,(i||0)+1)},teardown:function(){var r=this.ownerDocument||this,i=J.access(r,t)-1;i?J.access(r,t,i):(r.removeEventListener(e,n,!0),J.remove(r,t))}}});var Ct=e.location,Et=Date.now(),kt=/\?/;w.parseXML=function(t){var n;if(!t||"string"!=typeof t)return null;try{n=(new e.DOMParser).parseFromString(t,"text/xml")}catch(e){n=void 0}return n&&!n.getElementsByTagName("parsererror").length||w.error("Invalid XML: "+t),n};var St=/\[\]$/,Dt=/\r?\n/g,Nt=/^(?:submit|button|image|reset|file)$/i,At=/^(?:input|select|textarea|keygen)/i;function jt(e,t,n,r){var i;if(Array.isArray(t))w.each(t,function(t,i){n||St.test(e)?r(e,i):jt(e+"["+("object"==typeof i&&null!=i?t:"")+"]",i,n,r)});else if(n||"object"!==x(t))r(e,t);else for(i in t)jt(e+"["+i+"]",t[i],n,r)}w.param=function(e,t){var n,r=[],i=function(e,t){var n=g(t)?t():t;r[r.length]=encodeURIComponent(e)+"="+encodeURIComponent(null==n?"":n)};if(Array.isArray(e)||e.jquery&&!w.isPlainObject(e))w.each(e,function(){i(this.name,this.value)});else for(n in e)jt(n,e[n],t,i);return r.join("&")},w.fn.extend({serialize:function(){return w.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var e=w.prop(this,"elements");return e?w.makeArray(e):this}).filter(function(){var e=this.type;return this.name&&!w(this).is(":disabled")&&At.test(this.nodeName)&&!Nt.test(e)&&(this.checked||!pe.test(e))}).map(function(e,t){var n=w(this).val();return null==n?null:Array.isArray(n)?w.map(n,function(e){return{name:t.name,value:e.replace(Dt,"\r\n")}}):{name:t.name,value:n.replace(Dt,"\r\n")}}).get()}});var qt=/%20/g,Lt=/#.*$/,Ht=/([?&])_=[^&]*/,Ot=/^(.*?):[ \t]*([^\r\n]*)$/gm,Pt=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Mt=/^(?:GET|HEAD)$/,Rt=/^\/\//,It={},Wt={},$t="*/".concat("*"),Bt=r.createElement("a");Bt.href=Ct.href;function Ft(e){return function(t,n){"string"!=typeof t&&(n=t,t="*");var r,i=0,o=t.toLowerCase().match(M)||[];if(g(n))while(r=o[i++])"+"===r[0]?(r=r.slice(1)||"*",(e[r]=e[r]||[]).unshift(n)):(e[r]=e[r]||[]).push(n)}}function _t(e,t,n,r){var i={},o=e===Wt;function a(s){var u;return i[s]=!0,w.each(e[s]||[],function(e,s){var l=s(t,n,r);return"string"!=typeof l||o||i[l]?o?!(u=l):void 0:(t.dataTypes.unshift(l),a(l),!1)}),u}return a(t.dataTypes[0])||!i["*"]&&a("*")}function zt(e,t){var n,r,i=w.ajaxSettings.flatOptions||{};for(n in t)void 0!==t[n]&&((i[n]?e:r||(r={}))[n]=t[n]);return r&&w.extend(!0,e,r),e}function Xt(e,t,n){var r,i,o,a,s=e.contents,u=e.dataTypes;while("*"===u[0])u.shift(),void 0===r&&(r=e.mimeType||t.getResponseHeader("Content-Type"));if(r)for(i in s)if(s[i]&&s[i].test(r)){u.unshift(i);break}if(u[0]in n)o=u[0];else{for(i in n){if(!u[0]||e.converters[i+" "+u[0]]){o=i;break}a||(a=i)}o=o||a}if(o)return o!==u[0]&&u.unshift(o),n[o]}function Ut(e,t,n,r){var i,o,a,s,u,l={},c=e.dataTypes.slice();if(c[1])for(a in e.converters)l[a.toLowerCase()]=e.converters[a];o=c.shift();while(o)if(e.responseFields[o]&&(n[e.responseFields[o]]=t),!u&&r&&e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u=o,o=c.shift())if("*"===o)o=u;else if("*"!==u&&u!==o){if(!(a=l[u+" "+o]||l["* "+o]))for(i in l)if((s=i.split(" "))[1]===o&&(a=l[u+" "+s[0]]||l["* "+s[0]])){!0===a?a=l[i]:!0!==l[i]&&(o=s[0],c.unshift(s[1]));break}if(!0!==a)if(a&&e["throws"])t=a(t);else try{t=a(t)}catch(e){return{state:"parsererror",error:a?e:"No conversion from "+u+" to "+o}}}return{state:"success",data:t}}w.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Ct.href,type:"GET",isLocal:Pt.test(Ct.protocol),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":$t,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":JSON.parse,"text xml":w.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(e,t){return t?zt(zt(e,w.ajaxSettings),t):zt(w.ajaxSettings,e)},ajaxPrefilter:Ft(It),ajaxTransport:Ft(Wt),ajax:function(t,n){"object"==typeof t&&(n=t,t=void 0),n=n||{};var i,o,a,s,u,l,c,f,p,d,h=w.ajaxSetup({},n),g=h.context||h,y=h.context&&(g.nodeType||g.jquery)?w(g):w.event,v=w.Deferred(),m=w.Callbacks("once memory"),x=h.statusCode||{},b={},T={},C="canceled",E={readyState:0,getResponseHeader:function(e){var t;if(c){if(!s){s={};while(t=Ot.exec(a))s[t[1].toLowerCase()]=t[2]}t=s[e.toLowerCase()]}return null==t?null:t},getAllResponseHeaders:function(){return c?a:null},setRequestHeader:function(e,t){return null==c&&(e=T[e.toLowerCase()]=T[e.toLowerCase()]||e,b[e]=t),this},overrideMimeType:function(e){return null==c&&(h.mimeType=e),this},statusCode:function(e){var t;if(e)if(c)E.always(e[E.status]);else for(t in e)x[t]=[x[t],e[t]];return this},abort:function(e){var t=e||C;return i&&i.abort(t),k(0,t),this}};if(v.promise(E),h.url=((t||h.url||Ct.href)+"").replace(Rt,Ct.protocol+"//"),h.type=n.method||n.type||h.method||h.type,h.dataTypes=(h.dataType||"*").toLowerCase().match(M)||[""],null==h.crossDomain){l=r.createElement("a");try{l.href=h.url,l.href=l.href,h.crossDomain=Bt.protocol+"//"+Bt.host!=l.protocol+"//"+l.host}catch(e){h.crossDomain=!0}}if(h.data&&h.processData&&"string"!=typeof h.data&&(h.data=w.param(h.data,h.traditional)),_t(It,h,n,E),c)return E;(f=w.event&&h.global)&&0==w.active++&&w.event.trigger("ajaxStart"),h.type=h.type.toUpperCase(),h.hasContent=!Mt.test(h.type),o=h.url.replace(Lt,""),h.hasContent?h.data&&h.processData&&0===(h.contentType||"").indexOf("application/x-www-form-urlencoded")&&(h.data=h.data.replace(qt,"+")):(d=h.url.slice(o.length),h.data&&(h.processData||"string"==typeof h.data)&&(o+=(kt.test(o)?"&":"?")+h.data,delete h.data),!1===h.cache&&(o=o.replace(Ht,"$1"),d=(kt.test(o)?"&":"?")+"_="+Et+++d),h.url=o+d),h.ifModified&&(w.lastModified[o]&&E.setRequestHeader("If-Modified-Since",w.lastModified[o]),w.etag[o]&&E.setRequestHeader("If-None-Match",w.etag[o])),(h.data&&h.hasContent&&!1!==h.contentType||n.contentType)&&E.setRequestHeader("Content-Type",h.contentType),E.setRequestHeader("Accept",h.dataTypes[0]&&h.accepts[h.dataTypes[0]]?h.accepts[h.dataTypes[0]]+("*"!==h.dataTypes[0]?", "+$t+"; q=0.01":""):h.accepts["*"]);for(p in h.headers)E.setRequestHeader(p,h.headers[p]);if(h.beforeSend&&(!1===h.beforeSend.call(g,E,h)||c))return E.abort();if(C="abort",m.add(h.complete),E.done(h.success),E.fail(h.error),i=_t(Wt,h,n,E)){if(E.readyState=1,f&&y.trigger("ajaxSend",[E,h]),c)return E;h.async&&h.timeout>0&&(u=e.setTimeout(function(){E.abort("timeout")},h.timeout));try{c=!1,i.send(b,k)}catch(e){if(c)throw e;k(-1,e)}}else k(-1,"No Transport");function k(t,n,r,s){var l,p,d,b,T,C=n;c||(c=!0,u&&e.clearTimeout(u),i=void 0,a=s||"",E.readyState=t>0?4:0,l=t>=200&&t<300||304===t,r&&(b=Xt(h,E,r)),b=Ut(h,b,E,l),l?(h.ifModified&&((T=E.getResponseHeader("Last-Modified"))&&(w.lastModified[o]=T),(T=E.getResponseHeader("etag"))&&(w.etag[o]=T)),204===t||"HEAD"===h.type?C="nocontent":304===t?C="notmodified":(C=b.state,p=b.data,l=!(d=b.error))):(d=C,!t&&C||(C="error",t<0&&(t=0))),E.status=t,E.statusText=(n||C)+"",l?v.resolveWith(g,[p,C,E]):v.rejectWith(g,[E,C,d]),E.statusCode(x),x=void 0,f&&y.trigger(l?"ajaxSuccess":"ajaxError",[E,h,l?p:d]),m.fireWith(g,[E,C]),f&&(y.trigger("ajaxComplete",[E,h]),--w.active||w.event.trigger("ajaxStop")))}return E},getJSON:function(e,t,n){return w.get(e,t,n,"json")},getScript:function(e,t){return w.get(e,void 0,t,"script")}}),w.each(["get","post"],function(e,t){w[t]=function(e,n,r,i){return g(n)&&(i=i||r,r=n,n=void 0),w.ajax(w.extend({url:e,type:t,dataType:i,data:n,success:r},w.isPlainObject(e)&&e))}}),w._evalUrl=function(e){return w.ajax({url:e,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},w.fn.extend({wrapAll:function(e){var t;return this[0]&&(g(e)&&(e=e.call(this[0])),t=w(e,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstElementChild)e=e.firstElementChild;return e}).append(this)),this},wrapInner:function(e){return g(e)?this.each(function(t){w(this).wrapInner(e.call(this,t))}):this.each(function(){var t=w(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=g(e);return this.each(function(n){w(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(e){return this.parent(e).not("body").each(function(){w(this).replaceWith(this.childNodes)}),this}}),w.expr.pseudos.hidden=function(e){return!w.expr.pseudos.visible(e)},w.expr.pseudos.visible=function(e){return!!(e.offsetWidth||e.offsetHeight||e.getClientRects().length)},w.ajaxSettings.xhr=function(){try{return new e.XMLHttpRequest}catch(e){}};var Vt={0:200,1223:204},Gt=w.ajaxSettings.xhr();h.cors=!!Gt&&"withCredentials"in Gt,h.ajax=Gt=!!Gt,w.ajaxTransport(function(t){var n,r;if(h.cors||Gt&&!t.crossDomain)return{send:function(i,o){var a,s=t.xhr();if(s.open(t.type,t.url,t.async,t.username,t.password),t.xhrFields)for(a in t.xhrFields)s[a]=t.xhrFields[a];t.mimeType&&s.overrideMimeType&&s.overrideMimeType(t.mimeType),t.crossDomain||i["X-Requested-With"]||(i["X-Requested-With"]="XMLHttpRequest");for(a in i)s.setRequestHeader(a,i[a]);n=function(e){return function(){n&&(n=r=s.onload=s.onerror=s.onabort=s.ontimeout=s.onreadystatechange=null,"abort"===e?s.abort():"error"===e?"number"!=typeof s.status?o(0,"error"):o(s.status,s.statusText):o(Vt[s.status]||s.status,s.statusText,"text"!==(s.responseType||"text")||"string"!=typeof s.responseText?{binary:s.response}:{text:s.responseText},s.getAllResponseHeaders()))}},s.onload=n(),r=s.onerror=s.ontimeout=n("error"),void 0!==s.onabort?s.onabort=r:s.onreadystatechange=function(){4===s.readyState&&e.setTimeout(function(){n&&r()})},n=n("abort");try{s.send(t.hasContent&&t.data||null)}catch(e){if(n)throw e}},abort:function(){n&&n()}}}),w.ajaxPrefilter(function(e){e.crossDomain&&(e.contents.script=!1)}),w.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(e){return w.globalEval(e),e}}}),w.ajaxPrefilter("script",function(e){void 0===e.cache&&(e.cache=!1),e.crossDomain&&(e.type="GET")}),w.ajaxTransport("script",function(e){if(e.crossDomain){var t,n;return{send:function(i,o){t=w("<script>").prop({charset:e.scriptCharset,src:e.url}).on("load error",n=function(e){t.remove(),n=null,e&&o("error"===e.type?404:200,e.type)}),r.head.appendChild(t[0])},abort:function(){n&&n()}}}});var Yt=[],Qt=/(=)\?(?=&|$)|\?\?/;w.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Yt.pop()||w.expando+"_"+Et++;return this[e]=!0,e}}),w.ajaxPrefilter("json jsonp",function(t,n,r){var i,o,a,s=!1!==t.jsonp&&(Qt.test(t.url)?"url":"string"==typeof t.data&&0===(t.contentType||"").indexOf("application/x-www-form-urlencoded")&&Qt.test(t.data)&&"data");if(s||"jsonp"===t.dataTypes[0])return i=t.jsonpCallback=g(t.jsonpCallback)?t.jsonpCallback():t.jsonpCallback,s?t[s]=t[s].replace(Qt,"$1"+i):!1!==t.jsonp&&(t.url+=(kt.test(t.url)?"&":"?")+t.jsonp+"="+i),t.converters["script json"]=function(){return a||w.error(i+" was not called"),a[0]},t.dataTypes[0]="json",o=e[i],e[i]=function(){a=arguments},r.always(function(){void 0===o?w(e).removeProp(i):e[i]=o,t[i]&&(t.jsonpCallback=n.jsonpCallback,Yt.push(i)),a&&g(o)&&o(a[0]),a=o=void 0}),"script"}),h.createHTMLDocument=function(){var e=r.implementation.createHTMLDocument("").body;return e.innerHTML="<form></form><form></form>",2===e.childNodes.length}(),w.parseHTML=function(e,t,n){if("string"!=typeof e)return[];"boolean"==typeof t&&(n=t,t=!1);var i,o,a;return t||(h.createHTMLDocument?((i=(t=r.implementation.createHTMLDocument("")).createElement("base")).href=r.location.href,t.head.appendChild(i)):t=r),o=A.exec(e),a=!n&&[],o?[t.createElement(o[1])]:(o=xe([e],t,a),a&&a.length&&w(a).remove(),w.merge([],o.childNodes))},w.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return s>-1&&(r=vt(e.slice(s)),e=e.slice(0,s)),g(t)?(n=t,t=void 0):t&&"object"==typeof t&&(i="POST"),a.length>0&&w.ajax({url:e,type:i||"GET",dataType:"html",data:t}).done(function(e){o=arguments,a.html(r?w("<div>").append(w.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},w.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){w.fn[t]=function(e){return this.on(t,e)}}),w.expr.pseudos.animated=function(e){return w.grep(w.timers,function(t){return e===t.elem}).length},w.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l,c=w.css(e,"position"),f=w(e),p={};"static"===c&&(e.style.position="relative"),s=f.offset(),o=w.css(e,"top"),u=w.css(e,"left"),(l=("absolute"===c||"fixed"===c)&&(o+u).indexOf("auto")>-1)?(a=(r=f.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),g(t)&&(t=t.call(e,n,w.extend({},s))),null!=t.top&&(p.top=t.top-s.top+a),null!=t.left&&(p.left=t.left-s.left+i),"using"in t?t.using.call(e,p):f.css(p)}},w.fn.extend({offset:function(e){if(arguments.length)return void 0===e?this:this.each(function(t){w.offset.setOffset(this,e,t)});var t,n,r=this[0];if(r)return r.getClientRects().length?(t=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:t.top+n.pageYOffset,left:t.left+n.pageXOffset}):{top:0,left:0}},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===w.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===w.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=w(e).offset()).top+=w.css(e,"borderTopWidth",!0),i.left+=w.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-w.css(r,"marginTop",!0),left:t.left-i.left-w.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===w.css(e,"position"))e=e.offsetParent;return e||be})}}),w.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(e,t){var n="pageYOffset"===t;w.fn[e]=function(r){return z(this,function(e,r,i){var o;if(y(e)?o=e:9===e.nodeType&&(o=e.defaultView),void 0===i)return o?o[t]:e[r];o?o.scrollTo(n?o.pageXOffset:i,n?i:o.pageYOffset):e[r]=i},e,r,arguments.length)}}),w.each(["top","left"],function(e,t){w.cssHooks[t]=_e(h.pixelPosition,function(e,n){if(n)return n=Fe(e,t),We.test(n)?w(e).position()[t]+"px":n})}),w.each({Height:"height",Width:"width"},function(e,t){w.each({padding:"inner"+e,content:t,"":"outer"+e},function(n,r){w.fn[r]=function(i,o){var a=arguments.length&&(n||"boolean"!=typeof i),s=n||(!0===i||!0===o?"margin":"border");return z(this,function(t,n,i){var o;return y(t)?0===r.indexOf("outer")?t["inner"+e]:t.document.documentElement["client"+e]:9===t.nodeType?(o=t.documentElement,Math.max(t.body["scroll"+e],o["scroll"+e],t.body["offset"+e],o["offset"+e],o["client"+e])):void 0===i?w.css(t,n,s):w.style(t,n,i,s)},t,a?i:void 0,a)}})}),w.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,t){w.fn[t]=function(e,n){return arguments.length>0?this.on(t,null,e,n):this.trigger(t)}}),w.fn.extend({hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),w.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)}}),w.proxy=function(e,t){var n,r,i;if("string"==typeof t&&(n=e[t],t=e,e=n),g(e))return r=o.call(arguments,2),i=function(){return e.apply(t||this,r.concat(o.call(arguments)))},i.guid=e.guid=e.guid||w.guid++,i},w.holdReady=function(e){e?w.readyWait++:w.ready(!0)},w.isArray=Array.isArray,w.parseJSON=JSON.parse,w.nodeName=N,w.isFunction=g,w.isWindow=y,w.camelCase=G,w.type=x,w.now=Date.now,w.isNumeric=function(e){var t=w.type(e);return("number"===t||"string"===t)&&!isNaN(e-parseFloat(e))},"function"==typeof define&&define.amd&&define("jquery",[],function(){return w});var Jt=e.jQuery,Kt=e.$;return w.noConflict=function(t){return e.$===w&&(e.$=Kt),t&&e.jQuery===w&&(e.jQuery=Jt),w},t||(e.jQuery=e.$=w),w});
diff --git a/static/js/script.js b/static/js/script.js
new file mode 100644
index 0000000..8fd36e7
--- /dev/null
+++ b/static/js/script.js
@@ -0,0 +1,7 @@
+$(function() {
+    $('#menu-button').on('click', toggle_menu);
+});
+
+function toggle_menu() {
+    $('#menu').toggle();
+}
diff --git a/templates/404.html b/templates/404.html
new file mode 100644
index 0000000..364c4d6
--- /dev/null
+++ b/templates/404.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="cs">
+    <head>
+        <meta charset="utf-8">
+        <meta name="author" content="TS">
+        <meta name="copyright" content="page is under CC BY-NC-ND 3.0 CZ">
+        <meta name="generator" content="Spotter.ngo">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <title>Chyba 404</title>
+    </head>
+    <body>
+        <h1>Stránka nebyla nalezena</h1>
+        <p>Stránka, kterou se pokoušíte zobrazit, nebyla na serveru nalezena. Zkontrolujte prosím URL v adresním řádku nebo se vraťte <a href="/">zpět na úvodní stránku</a>.</p>
+    </body>
+</html>
diff --git a/templates/502.html b/templates/502.html
new file mode 100644
index 0000000..7c17d66
--- /dev/null
+++ b/templates/502.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="cs">
+    <head>
+        <meta charset="utf-8">
+        <meta name="author" content="TS">
+        <meta name="copyright" content="page is under CC BY-NC-ND 3.0 CZ">
+        <meta name="generator" content="Spotter.ngo">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <title>Chyba 502</title>
+    </head>
+    <body>
+        <h1>Chyba spojení s aplikací</h1>
+        <p>Aplikace ke které se pokoušíte připojit není dostupná. Nejspíše byla vypnuta správcem serveru.</p>
+    </body>
+</html>
diff --git a/templates/layout.html b/templates/layout.html
new file mode 100644
index 0000000..a6ceee6
--- /dev/null
+++ b/templates/layout.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html lang="cs">
+    <head>
+        <meta charset="utf-8">
+        <meta name="author" content="TS">
+        <meta name="copyright" content="page is under CC BY-NC-ND 3.0 CZ">
+        <meta name="generator" content="Spotter.ngo">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <title>{% block title %}{% endblock %}</title>
+        <link rel="icon" href="static/img/Cluster_Spotter.png" type="image/png">
+        <link rel="stylesheet" href="static/css/style.css" type="text/css" media="screen">
+        <script src="static/js/jquery-3.3.1.min.js"></script>
+        <script src="static/js/script.js"></script>
+        {% if session.admin %}
+        <script src="static/js/admin.js"></script>
+        {% endif %}
+    </head>
+    <body>
+        <nav>
+            <div id="menu-button">
+                <div></div>
+                <div></div>
+                <div></div>
+            </div>
+            <ul id="menu">
+                <li><a href="/">Portál</a></li>
+                {% if session.admin %}
+                <li><a href="/setup-host">Nastavení hostitele</a></li>
+                <li><a href="/setup-apps">Nastavení aplikací</a></li>
+                <li><a href="/logout">Odhlášení</a></li>
+                {% else %}
+                <li><a href="/login">Přihlášení</a></li>
+                {% endif %}
+            </ul>
+        </nav>
+        <header>
+            <h1>CLUSTER NGO</h1>
+            <p>Sada softwarových nástrojů určená pro krizový management.</p>
+        </header>
+        {% block body %}{% endblock %}
+    </body>
+</html>
diff --git a/templates/login.html b/templates/login.html
new file mode 100644
index 0000000..f739f63
--- /dev/null
+++ b/templates/login.html
@@ -0,0 +1,26 @@
+{% extends 'layout.html' %}
+{% block title %}Přihlášení{% endblock %}
+{% block body %}
+<div class="setup-box">
+    <h2>Přihlášení</h2>
+    <form action="/login" method="post">
+        <table>
+            <tr>
+                <td>Jméno:</td>
+                <td>admin</td>
+            </tr>
+            <tr>
+                <td>Heslo</td>
+                <td><input type="password" name="password"></td>
+            </tr>
+            <tr>
+                <td><input type="hidden" name="redirect" value="{{ redirect }}"></td>
+                <td><input type="submit" value="Přihlásit"></td>
+            </tr>
+        </table>
+        {% if message is defined %}
+        <p class="error">{{ message }}</p>
+        {% endif %}
+    </form>
+</div>
+{% endblock %}
diff --git a/templates/portal-admin.html b/templates/portal-admin.html
new file mode 100644
index 0000000..29687d9
--- /dev/null
+++ b/templates/portal-admin.html
@@ -0,0 +1,352 @@
+{% extends 'layout.html' %}
+{% block title %}Cluster NGO{% endblock %}
+{% block body %}
+{% if is_app_visible('sahana') %}
+{% set app = conf['apps']['sahana'] %}
+<div class="portal-box portal-box-double-width">
+    <h2><a href="https://sahana.{{ host }}/eden/"><img src="static/img/EDEN.png" alt="Sahana EDEN" title="Sahana EDEN">Sahana EDEN</a></h2>
+    <p><strong>Registr kontaktů</strong> asociací, organizací, jednotek zaměstnanců, dobrovolníků, <strong>Registr prostředků</strong>, materiálních zdrojů určených pro činnost v krizových situacích, <strong>logistika</strong> krizového zboží ve skladištích, úkrytech, <strong>organizace lidských zdrojů</strong>, diobrovolníků, <strong>mapová vizualizace</strong> pro lokalizaci a popis krizové události a <strong>mnoho dalších funkcí</strong>.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('sahana-demo') %}
+{% set app = conf['apps']['sahana-demo'] %}
+<div class="portal-box">
+    <h2><a href="https://sahana-demo.{{ host }}/eden/"><img src="static/img/EDEN.png" alt="Sahana EDEN DEMO" title="Sahana EDEN DEMO">Sahana EDEN DEMO</a></h2>
+    <p>Přístup určený k bezpečnému vyzkoušení aplikace. Zde můžete přidávat i mazat testovací data.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('sambro') %}
+{% set app = conf['apps']['sambro'] %}
+<div class="portal-box">
+    <h2><a href="https://sambro.{{ host }}/eden/"><img src="static/img/EDEN.png" alt="Sahana EDEN SAMBRO" title="Sahana EDEN SAMBRO">Sahana EDEN SAMBRO</a></h2>
+    <p>Samostatná instance Sahana EDEN s šablonou SAMBRO.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/EDEN.png" alt="SAMBRO Mobile" title="SAMBRO Mobile">SAMBRO Mobile</a></h2>
+    <p>Mobilní klient k aplikaci Sahana EDEN.<br>
+        <a href="https://itunes.apple.com/us/app/sambro-mobile/id1127251669"><img src="static/img/icons/iOS.png" class="ico" alt="IOS">IOS 6.0 a vyšší</a><br>
+        <a href="https://apkpure.com/sambro-mobile/io.sahana.sambro.mobile"><img src="static/img/icons/Android.png" class="ico" alt="Android">Android 4.0 a vyšší</a>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">https://sambro.{{ host }}/eden/</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('crisiscleanup') %}
+{% set app = conf['apps']['crisiscleanup'] %}
+<div class="portal-box">
+    <h2><a href="https://cc.{{ host }}"><img src="static/img/Crisis_Cleanup.png" alt="Crisis Cleanup" title="Crisis Cleanup">Crisis Cleanup</a></h2>
+    <p><strong>Mapování krizové pomoci</strong> při odstraňování následků katastrof a koordinaci práce. Jde o majetek, ne o lidi.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('ckan') %}
+{% set app = conf['apps']['ckan'] %}
+<div class="portal-box">
+    <h2><a href="https://ckan.{{ host }}"><img src="static/img/CKAN.png" alt="CKAN" title="CKAN">CKAN</a></h2>
+    <p><strong>Repository</strong> management a datová analýza pro vytváření otevřených dat.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('opendatakit-build') %}
+{% set app = conf['apps']['opendatakit-build'] %}
+<div class="portal-box">
+    <h2><a href="https://odkbuild.{{ host }}"><img src="static/img/ODK.png" alt="Open Data Kit" title="Open Data Kit">ODK Build</a></h2>
+    <p><strong>Sběr dat s pomocí smartphone</strong>.<br>Aplikace pro návrh formulářů<br>
+        <p><a href="https://opendatakit.org/xiframe/">XLSForm</a> - online konverter XLS.<br>
+        <a href="https://opendatakit.org/downloads/download-info/odk-formuploader/"><img src="static/img/icons/Java.png" class="ico" alt="ODK Form Uploader">ODK Form Uploader</a><br>
+        <a href="https://opendatakit.org/downloads/download-info/odk-validate-2/"><img src="static/img/icons/Java.png" class="ico" alt="ODK Validate">ODK Validate</a></p>
+</div>
+{% endif %}
+
+{% if is_app_visible('opendatakit') %}
+{% set app = conf['apps']['opendatakit'] %}
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/ODK_Collect.png" alt="Open Data Kit" title="Open Data Kit">ODK Collect</a></h2>
+    <p>Mobilní aplikace<br>
+        <a href="https://play.google.com/store/apps/details?id=org.odk.collect.android"><img src="static/img/icons/Android.png" class="ico" alt="ODK Collect">ODK Collect pro Android</a><br>
+        <a href="https://opendatakit.org/downloads/download-info/odk-briefcase/"><img src="static/img/icons/Java.png" class="ico" alt="ODK Briefcase">ODK Briefcase</a><br>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">https://odk.{{ host }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="https://odk.{{ host }}/"><img src="static/img/ODK.png" alt="Open Data Kit" title="Open Data Kit">ODK Aggregate</a></h2>
+    <p><strong>Sběr dat s pomocí smartphone</strong>.<br>
+        <a href="http://geoodk.com">GeoODK Collect</a> - náhrada papírových dotazníků smartphonem.
+    </p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('openmapkit') %}
+{% set app = conf['apps']['openmapkit'] %}
+<div class="portal-box">
+    <h2><a href="https://omk.{{ host }}"><img src="static/img/OMK.png" alt="Open Map Kit" title="Open Map Kit">OpenMapKit Server</a></h2>
+    <p><strong>Sběr dat s pomocí smartphone</strong>.<br>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/GeoODK_Collect.png" alt="GeoODK Collect" title="GeoODK Collect">GeoODK Collect</a></h2>
+    <p>Mobilní aplikace<br>
+        <a href="https://play.google.com/store/apps/details?id=com.geoodk.collect.android"><img src="static/img/icons/Android.png" class="ico" alt="GeoODK Collect">GeoODK Collect pro Android</a>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">https://omk.{{ host }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/OMK.png" alt="Open Map Kit" title="Open Map Kit">OpenMapKit</a></h2>
+    <p>Mobilní aplikace<br>
+        <a href="https://play.google.com/store/apps/details?id=org.odk.collect.android"><img src="static/img/icons/Android.png" class="ico" alt="ODK Collect">ODK Collect pro Android</a><br>
+        <a href="https://play.google.com/store/apps/details?id=org.redcross.openmapkit"><img src="static/img/icons/Android.png" class="ico" alt="Android">OpenMapKit pro Android 4.1 a vyšší</a>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">https://omk.{{ host }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('frontlinesms') %}
+{% set app = conf['apps']['frontlinesms'] %}
+<div class="portal-box">
+    <h2><a href="https://sms.{{ host }}"><img src="static/img/FrontlineSMS.png" alt="FrontlineSMS" title="FrontlineSMS">FrontlineSMS</a></h2>
+    <p><strong>SMS messaging</strong> přes veřejné datové brány</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/FrontlineSync.png" alt="FrontlineSync" title="FrontlineSync">FrontlineSync</a></h2>
+    <p>Mobilní aplikace pro<br>
+        <a href="https://play.google.com/store/apps/details?id=com.simlab.frontlinesync"><img src="static/img/icons/Android.png" class="ico" alt="Android">Android 2.3 a vyšší</a>
+    </p>
+</div>
+{% endif %}
+
+{% if is_app_visible('seeddms') %}
+{% set app = conf['apps']['seeddms'] %}
+<div class="portal-box">
+    <h2><a href="https://dms.{{ host }}"><img src="static/img/SeedDMS.png" alt="SeedDMS" title="SeedDMS">SeedDMS</a></h2>
+    <p><strong>Dokument management</strong> na dokumentaci a projektovou dokumentaci</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('pandora') %}
+{% set app = conf['apps']['pandora'] %}
+<div class="portal-box">
+    <h2><a href="https://pandora.{{ host }}"><img src="static/img/Pandora.png" alt="Pan.do/ra" title="Pan.do/ra">Pan.do/ra</a></h2>
+    <p><strong>Media management</strong> na foto a video z krizové události. Tvorba metadat, komentářů, lokalizace v čase a na mapě.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('ushahidi') %}
+{% set app = conf['apps']['ushahidi'] %}
+<div class="portal-box">
+    <h2><a href="https://ush.{{ host }}"><img src="static/img/Ushahidi.png" alt="Ushahidi" title="Ushahidi">Ushahidi</a></h2>
+    <p>Reakce na krizovou událost. Shromažďujte zprávy od obětí a pracovníků v terénu prostřednictvím SMS, e-mailu, webu, Twitteru.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/Ushahidi_mobile.png" alt="Ushahidi" title="Ushahidi">Ushahidi Mobile</a></h2>
+    <p>Mobilní aplikace Ushahidi pro<br>
+        <a href="https://itunes.apple.com/us/app/ushahidi-mobile/id1205994516?mt=8"><img src="static/img/icons/iOS.png" class="ico" alt="IOS">IOS 9.0 a vyšší</a><br>
+        <a href="https://play.google.com/store/apps/details?id=com.ushahidi.mobile"><img src="static/img/icons/Android.png" class="ico" alt="Android">Android 4.4 a vyšší</a>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">ush.{{ host }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/SMS_Sync.png" alt="SMS Sync Gateway" title="SMS Sync Gateway">SMS Sync Gateway</a></h2>
+    <p>Mobilní aplikace pro<br>
+        <a href="https://play.google.com/store/apps/details?id=org.addhen.smssync"><img src="static/img/icons/Android.png" class="ico" alt="Android">Android 2.3 a vyšší</a>
+    </p>
+</div>
+{% endif %}
+
+{% if is_app_visible('kanboard') %}
+{% set app = conf['apps']['kanboard'] %}
+<div class="portal-box">
+    <h2><a href="https://kb.{{ host }}"><img src="static/img/Kanboard.png" alt="Kanboard" title="Kanboard">Kanboard</a></h2>
+    <p>Usnadňuje tvorbu a řízení projektů s pomocí Kanban metodiky.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/Kanboard.png" alt="Kanboard" title="Kanboard">Kanboard Mobile</a></h2>
+    <p>Mobilní aplikace<br>
+        <a href="https://play.google.com/store/apps/details?id=eu.it_quality.kanboard"><img src="static/img/icons/Android.png" class="ico" alt="KanBoard">KanBoard client pro Android 4.1 a vyšší</a><br>
+        <a href="https://f-droid.org/packages/in.andres.kandroid/"><img src="static/img/icons/Android.png" class="ico" alt="Android">Kandroid pro Android 4.2 a vyšší</a>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">https://kb.{{ host }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('cts') %}
+{% set app = conf['apps']['cts'] %}
+<div class="portal-box">
+    <h2><a href="https://cts.{{ host }}"><img src="static/img/CTS.png" alt="CTS" title="CTS">CTS</a></h2>
+    <p>Logistika hmotné pomoci pro humanitární potřeby.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('gnuhealth') %}
+{% set app = conf['apps']['gnuhealth'] %}
+<div class="portal-box">
+    <h2><a href="https://gh.{{ host }}/index.html"><img src="static/img/GNU_Health.png" alt="GNU Health" title="GNU Health">GNU Health</a></h2>
+    <p>Zdravotní a nemocniční informační systém.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+        <li><strong>Heslo k demu:</strong> <span class="demopassword">gnusolidario</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/GNU_Health.png" alt="GNU Health" title="GNU Health">GNU Health klienti</a></h2>
+    <p>Klientské aplikace platformy Tryton GNU Health pro<br>
+        <a href="https://downloads.tryton.org/4.2/tryton-last.exe"><img src="static/img/icons/Windows.png" class="ico" alt="Windows">Windows</a><br>
+        <a href="https://downloads.tryton.org/4.2/tryton-last.dmg"><img src="static/img/icons/MacOS.png" class="ico" alt="MacOS">MacOS</a><br>
+        <a href="https://downloads.tryton.org/4.2/tryton-last.tar.gz"><img src="static/img/icons/Linux.png" class="ico" alt="Linux">Linux</a>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">gh.{{ host }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('sigmah') %}
+{% set app = conf['apps']['sigmah'] %}
+<div class="portal-box">
+    <h2><a href="https://sigmah.{{ host }}/sigmah/"><img src="static/img/Sigmah.png" alt="Sigmah" title="Sigmah">Sigmah</a></h2>
+    <p>Rozpočtování získávání finančních prostředků.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('motech') %}
+{% set app = conf['apps']['motech'] %}
+<div class="portal-box">
+    <h2><a href="https://motech.{{ host }}/"><img src="static/img/Motech.png" alt="Motech" title="Motech">Motech</a></h2>
+    <p>Integrace zdravotnických a komunikačních služeb.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if is_app_visible('mifosx') %}
+{% set app = conf['apps']['mifosx'] %}
+<div class="portal-box">
+    <h2><a href="https://mifosx.{{ host }}/"><img src="static/img/MifosX.png" alt="Mifos X" title="Mifos X">Mifos X</a></h2>
+    <p>Nástroj na rozvojovou, humanitární pomoc a mikrofinancování.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/MifosX_Mobile.png" alt="Mifos X" title="Mifos X">Mifos X</a></h2>
+    <p>Mobilní aplikace<br>
+        <a href="https://github.com/openMF/android-client/releases"><img src="static/img/icons/Android.png" class="ico" alt="Mifos X">Mifos X client pro Android 3.0 a vyšší</a><br>
+    </p>
+    <ul>
+        <li><strong>URL:</strong> <span class="clienturl">mifosx.{{ host }}</span></li>
+        <li><strong>Tenant ID:</strong> <span>default</span></li>
+    </ul>
+</div>
+{% endif %}
+
+{% if false %}
+{% set app = conf['apps']['diaspora'] %}
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/Diaspora.png" alt="diaspora*" title="diaspora*">diaspora*</a></h2>
+    <p>Autonomní sociání síť s možností propojení do cizích sociálních sítí.</p>
+    <ul>
+        <li><strong>Login:</strong> <span class="login">{{ app['login'] }}</span></li>
+        <li><strong>Heslo:</strong> <span class="password">{{ app['password'] }}</span></li>
+    </ul>
+</div>
+
+<div class="portal-box">
+    <h2><a href="https://openid.net"><img src="static/img/OpenID.png" alt="OpenID" title="OpenID">OpenID</a></h2>
+    <p>Pro ověření identity budete potřebovat účet OpenID. Zaregistrujte se. Registraci využijete v software Sahana EDEN.</p>
+</div>
+
+<div class="portal-box">
+    <h2><a href="#"><img src="static/img/POSM.png" alt="POSM" title="POSM">POSM</a></h2>
+    <p><strong>Portable Open Street Map</strong> - softwarový balík na offline používání OpenStreet Map v samostatné virtuální image.</p>
+</div>
+{% endif %}
+
+<div class="portal-box">
+    <h2><a href="http://spotter.ngo"><img src="static/img/Cluster_Spotter.png" alt="Cluster Spotter" title="Cluster Spotter">Cluster Spotter</a></h2>
+    <p>Info o Misi a Vizi projektu, včetně kontaktu. Zachovejte data bezpečná a neposkytujte je nepovolaným osobám.<br>
+        <small>CC 4.0 CZ by <a href="http://trendspotter.cz">TS</a>. Content is based on PD, CC, GNU/GPL. Brand names, trademarks belong to their respective holders.</small>
+    </p>
+</div>
+{% endblock %}
diff --git a/templates/portal-user.html b/templates/portal-user.html
new file mode 100644
index 0000000..98b9094
--- /dev/null
+++ b/templates/portal-user.html
@@ -0,0 +1,122 @@
+{% extends 'layout.html' %}
+{% block title %}Cluster NGO{% endblock %}
+{% block body %}
+{% if is_app_visible('sahana-demo') %}
+<div class="portal-box">
+    <h2><a href="https://sahana-demo.{{ host }}/eden/">Řízení humanítární činnosti</a></h2>
+    <p>Přístup určený k bezpečnému vyzkoušení aplikace. Zde můžete přidávat i mazat testovací data.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('sambro') %}
+<div class="portal-box">
+    <h2><a href="https://sambro.{{ host }}/eden/">Centrum hlášení a výstrah</a></h2>
+    <p>Samostatná instance s šablonou pro centrum hlášení a výstrah.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('crisiscleanup') %}
+<div class="portal-box">
+    <h2><a href="https://cc.{{ host }}">Mapování následků katastrof</a></h2>
+    <p><strong>Mapování krizové pomoci</strong> při odstraňování následků katastrof a koordinaci práce. Jde o majetek, ne o lidi.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('ckan') %}
+<div class="portal-box">
+    <h2><a href="https://ckan.{{ host }}">Datový sklad</a></h2>
+    <p><strong>Repository</strong> management a datová analýza pro vytváření otevřených dat.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('opendatakit-build') %}
+<div class="portal-box">
+    <h2><a href="https://odkbuild.{{ host }}">Sběr formulářových dat</a></h2>
+    <p><strong>Sběr dat s pomocí smartphone</strong>.<br>Aplikace pro návrh formulářů</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('opendatakit') %}
+<div class="portal-box">
+    <h2><a href="https://odk.{{ host }}/">Sběr formulářových dat</a></h2>
+    <p><strong>Sběr dat s pomocí smartphone</strong>.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('openmapkit') %}
+<div class="portal-box">
+    <h2><a href="https://omk.{{ host }}">Sběr mapových dat</a></h2>
+    <p><strong>Sběr dat s pomocí smartphone</strong>.<br>
+</div>
+{% endif %}
+
+{% if is_app_visible('frontlinesms') %}
+<div class="portal-box">
+    <h2><a href="https://sms.{{ host }}">Hromadné odesílání zpráv</a></h2>
+    <p><strong>SMS messaging</strong> přes veřejné datové brány</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('seeddms') %}
+<div class="portal-box">
+    <h2><a href="https://dms.{{ host }}">Archiv dokumentace</a></h2>
+    <p><strong>Dokument management</strong> na dokumentaci a projektovou dokumentaci</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('pandora') %}
+<div class="portal-box">
+    <h2><a href="https://pandora.{{ host }}">Archiv medií</a></h2>
+    <p><strong>Media management</strong> na foto a video z krizové události. Tvorba metadat, komentářů, lokalizace v čase a na mapě.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('ushahidi') %}
+<div class="portal-box">
+    <h2><a href="https://ush.{{ host }}">Skupinová reakce na události</a></h2>
+    <p>Reakce na krizovou událost. Shromažďujte zprávy od obětí a pracovníků v terénu prostřednictvím SMS, e-mailu, webu, Twitteru.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('kanboard') %}
+<div class="portal-box">
+    <h2><a href="https://kb.{{ host }}">Kanban řízení projektů</a></h2>
+    <p>Usnadňuje tvorbu a řízení projektů s pomocí Kanban metodiky.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('gnuhealth') %}
+<div class="portal-box">
+    <h2><a href="https://gh.{{ host }}/index.html">Lékařské záznamy pacientů</a></h2>
+    <p>Zdravotní a nemocniční informační systém.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('sigmah') %}
+<div class="portal-box">
+    <h2><a href="https://sigmah.{{ host }}/sigmah/">Finanční řízení sbírek</a></h2>
+    <p>Rozpočtování získávání finančních prostředků.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('motech') %}
+<div class="portal-box">
+    <h2><a href="https://motech.{{ host }}/">Automatizace komunikace</a></h2>
+    <p>Integrace zdravotnických a komunikačních služeb.</p>
+</div>
+{% endif %}
+
+{% if is_app_visible('mifosx') %}
+<div class="portal-box">
+    <h2><a href="https://mifosx.{{ host }}/">Mikrofinancování rozvojových projektů</a></h2>
+    <p>Nástroj na rozvojovou, humanitární pomoc a mikrofinancování.</p>
+</div>
+{% endif %}
+
+<div class="portal-box">
+    <h2><a href="http://spotter.ngo"><img src="static/img/Cluster_Spotter.png" alt="Cluster Spotter" title="Cluster Spotter">Cluster Spotter</a></h2>
+    <p>Info o Misi a Vizi projektu, včetně kontaktu. Zachovejte data bezpečná a neposkytujte je nepovolaným osobám.<br>
+        <small>CC 4.0 CZ by <a href="http://trendspotter.cz">TS</a>. Content is based on PD, CC, GNU/GPL. Brand names, trademarks belong to their respective holders.</small>
+    </p>
+</div>
+{% endblock %}
diff --git a/templates/setup-apps-row.html b/templates/setup-apps-row.html
new file mode 100644
index 0000000..520baa7
--- /dev/null
+++ b/templates/setup-apps-row.html
@@ -0,0 +1,23 @@
+{% set not_installed = app not in conf['apps'] %}
+{% if not status %}
+    {% if not_installed: %}
+        {% set status = 'Není nainstalována' %}
+        {% set actions = '<a href="#" class="app-install">Instalovat</a>' %}
+    {% elif is_service_started(app): %}
+        {% set status = '<span class="info">Spuštěna</span>' %}
+        {% set actions = '<a href="#" class="app-stop">Zastavit</a>' %}
+    {% else: %}
+        {% set status = '<span class="error">Zastavena</span>' %}
+        {% set actions = '<a href="#" class="app-start">Spustit</a>, <a href="#" class="app-uninstall">Odinstalovat</a>' %}
+    {% endif %}
+{% endif %}
+
+<td>{{ app_title }}</td>
+<td class="center"><input type="checkbox" class="app-visible"{% if not_installed %} disabled{% elif conf['apps'][app]['visible'] %} checked{% endif %}></td>
+<td class="center"><input type="checkbox" class="app-autostart"{% if not_installed %} disabled{% elif is_service_autostarted(app) %} checked{% endif %}></td>
+{% if is_error %}
+<td colspan="2">{{ status|safe }}</td>
+{% else %}
+<td>{{ status|safe }}</td>
+<td>{{ actions|safe }}</td>
+{% endif %}
diff --git a/templates/setup-apps.html b/templates/setup-apps.html
new file mode 100644
index 0000000..651a285
--- /dev/null
+++ b/templates/setup-apps.html
@@ -0,0 +1,119 @@
+{% extends 'layout.html' %}
+{% block title %}Nastavení aplikací{% endblock %}
+{% block body %}
+<div class="setup-box">
+    <h2>Správce aplikací</h2>
+    <p>Vyberte které aplikace mají být nainstalovány, které se mají zobrazovat na hlavní straně portálu a které mají být automaticky spuštěny při startu virtuálního stroje.</p>
+    <table id="app-manager">
+        <thead>
+            <tr>
+                <td style="width:190px">Aplikace</td>
+                <td style="width:70px">Zobrazena</td>
+                <td style="width:70px">Autostart</td>
+                <td style="width:190px">Stav</td>
+                <td>Akce</td>
+            </tr>
+        </thead>
+        <tbody>
+            {% for app in all_apps %}
+            {% set app_title = conf['apps'][app]['title'] if app in conf['apps'] else online_packages[app]['title'] %}
+            <tr data-app="{{ app }}">
+                {% include 'setup-apps-row.html' %}
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+    {% if not online_packages %}
+    <p class="error">Připojení k distribučnímu serveru se nezdařilo. Zkontrolujte přístupové údaje a připojení k síti.</p>
+    {% endif %}
+    <p><strong>Přístupové údaje k distribučnímu serveru:</strong></p>
+    <form id="update-repo" action="/update-repo" method="post">
+        <table>
+            <tr>
+                <td>URL serveru:</td>
+                <td><input type="text" name="repourl" value="{{ conf['repo']['url'] }}"></td>
+            </tr>
+            <tr>
+                <td>Uživatelské jméno:</td>
+                <td><input type="text" name="repousername" value="{{ conf['repo']['user'] }}"></td>
+            </tr>
+            <tr>
+                <td>Heslo:</td>
+                <td><input type="password" name="repopassword"></td>
+            </tr>
+            <tr>
+                <td>&nbsp;</td>
+                <td colspan="2">
+                    <input type="submit" id="repo-submit" value="Nastavit hodnoty">
+                </td>
+            </tr>
+        </table>
+    </form>
+</div>
+
+<div class="setup-box">
+    <h2>Nastavení aplikací</h2>
+    <p>Společné nastavení sdílené některými aplikacemi.</p>
+    <form id="update-common" action="/update-common" method="post">
+        <table>
+            <tr>
+                <td>E-mail</td>
+                <td><input type="text" name="email" id="email" value="{{ conf['common']['email'] }}"></td>
+                <td class="remark">Administrativní e-mail na který budou doručovány zprávy a upozornění z aplikací. Stejná e-mailová adresa bude také využita některými aplikacemi pro odesílání zpráv uživatelům.</td>
+            </tr>
+            <tr>
+                <td>Google Maps API klíč</td>
+                <td><input type="text" name="gmaps-api-key" id="gmaps-api-key" value="{{ conf['common']['gmaps-api-key'] }}"></td>
+                <td class="remark">API klíč pro službu Google Maps, která je využita některými aplikacemi.</td>
+            </tr>
+            <tr>
+                <td>&nbsp;</td>
+                <td colspan="2">
+                    <input type="submit" id="common-submit" value="Nastavit hodnoty">
+                    <div id="common-message"></div>
+                    <div id="common-wait" class="loader-wrap">
+                        <div class="loader"></div>
+                        <span>Provádí se změna nastavení, prosím čekejte...</span>
+                    </div>
+                </td>
+            </tr>
+        </table>
+    </form>
+</div>
+
+<div class="setup-box">
+    <h2>Správce virtuálního stroje</h2>
+    <p>Změna hesla k šifrovanému diskovému oddílu a administračnímu rozhraní.</p>
+    <form id="update-password" action="/update-password" method="post">
+        <table>
+            <tr>
+                <td>Stávající heslo:</td>
+                <td><input type="password" name="oldpassword" id="oldpassword"></td>
+            </tr>
+            <tr>
+                <td>Nové heslo:</td>
+                <td><input type="password" name="newpassword" id="newpassword"></td>
+            </tr>
+            <tr>
+                <td>Kontrola nového hesla:</td>
+                <td><input type="password" name="newpassword2" id="newpassword2"></td>
+            </tr>
+            <tr>
+                <td>&nbsp;</td>
+                <td colspan="2">
+                    <input type="submit" id="password-submit" value="Změnit heslo">
+                    <div id="password-message"></div>
+                    <div id="password-wait" class="loader-wrap">
+                        <div class="loader"></div>
+                        <span>Provádí se změna hesla, prosím čekejte...</span>
+                    </div>
+                </td>
+            </tr>
+        </table>
+    </form>
+    <p>Restartování nebo vypnutí virtuálního stroje.</p>
+    <input type="button" id="reboot-vm" value="Restartovat VM">
+    <input type="button" id="shutdown-vm" value="Vypnout VM">
+    <div id="vm-message"></div>
+</div>
+{% endblock %}
diff --git a/templates/setup-host.html b/templates/setup-host.html
new file mode 100644
index 0000000..96bbfcd
--- /dev/null
+++ b/templates/setup-host.html
@@ -0,0 +1,118 @@
+{% extends 'layout.html' %}
+{% block title %}Nastavení hostitele{% endblock %}
+{% block body %}
+<div class="setup-box">
+    <h2>HTTPS Hostitel</h2>
+    <p>Základní doménové jméno a HTTPS port na kterých budou přístupny všechny aplikace.</p>
+    <form id="update-host" action="/update-host" method="post">
+        <table>
+            <tr>
+                <td>Doména</td>
+                <td><input type="text" name="domain" id="domain" value="{{ conf['host']['domain'] }}"></td>
+                <td class="remark">Plně kvalifikovaný doménový název, na kterém bude dostupný aplikační portál. Jednotlivé aplikace budou dostupné na subdoménách této domény.</td>
+            </tr>
+            <tr>
+                <td>Port</td>
+                <td><input type="text" name="port" id="port" value="{{ conf['host']['port'] }}"></td>
+                <td class="remark">HTTPS port na kterém budou dostupné aplikace. Výchozí HTTPS port je 443.</td>
+            </tr>
+            <tr>
+                <td>&nbsp;</td>
+                <td colspan="2">
+                    <input type="submit" id="host-submit" value="Nastavit hostitele">
+                    <div id="host-message"></div>
+                    <div id="host-wait" class="loader-wrap">
+                        <div class="loader"></div>
+                        <span>Provádí se změna nastavení, prosím čekejte...</span>
+                    </div>
+                </td>
+            </tr>
+        </table>
+    </form>
+</div>
+
+<div class="setup-box">
+    <h2>DNS záznamy</h2>
+    <p>Na jmenném serveru domény nastavené v sekci <em>HTTPS Hostitel</em> nastavte DNS záznamy typu A, případně i AAAA pro následující doménové názvy a nasměrujte je na vnější (tj. dostupnou z internetu) IP adresu tohoto virtuální stroje. Toto nastavení lze obvykle provést skrze webové rozhraní registrátora domény.</p>
+    <p>Vnější IPv4 {% if ex_ipv4 %}je <strong>{{ ex_ipv4 }}</strong>{% else %}nebyla zjištěna{% endif %} a IPv6 {% if ex_ipv6 %}je <strong>{{ ex_ipv6 }}</strong>{% else %}nebyla zjištěna{% endif %}.</p>
+    <ul>
+        <li>{{ conf['host']['domain'] }}</li>
+        <li>*.{{ conf['host']['domain'] }}</li>
+    </ul>
+    <p>Pokud jmenný server nepodporuje wildcard záznamy nebo pokud nemůžete či nechcete dedikovat virtuálnímu stroji všechny subdomény, nastavte místo toho záznamy pro následující doménové názvy</p>
+    <ul style="column-count:3">
+        <li>{{ conf['host']['domain'] }}</li>
+        {% for app in conf['apps']|sort %}
+        <li>{{ conf['apps'][app]['host'] }}.{{ conf['host']['domain'] }}</li>
+        {% endfor %}
+    </ul>
+    <input type="button" id="verify-dns" value="Ověřit nastavení DNS">
+    <div id="dns-message"></div>
+    <div id="dns-wait" class="loader-wrap">
+        <div class="loader"></div>
+        <span>Ověřuje se nastavení DNS, prosím čekejte...</span>
+    </div>
+</div>
+
+<div class="setup-box">
+    <h2>Firewall a NAT</h2>
+    <p>Pokud je stávající připojení k internetu zprostředkováno routerem s NAT, na hypervizoru je nastaven firewall nebo existují jiné restrikce síťového provozu, je nutno upravit nastavení příslušných komponent, aby byl provoz na portu {{ conf['host']['port'] }} (nastaveném v sekci <em>HTTPS Hostitel</em>) z internetu korektně nasměrován na místní adresu virtuálního stroje.</p>
+    <p>Pokud bude využit systém automatického vyžádání a obnovy certifikátu (sekce <em>HTTPS certifikát</em>), je nutno aby byl na místní adresu virtuálního stroje nasměrován i port 80, případně byla nastavena HTTP proxy přesměrovávající doménová jména zmíněná v sekci <em>DNS záznamy</em>.</p>
+    <p>Místní IPv4 {% if in_ipv4 %}je <strong>{{ in_ipv4 }}</strong>{% else %}nebyla zjištěna{% endif %} a IPv6 {% if in_ipv6 %}je <strong>{{ in_ipv6 }}</strong>{% else %}nebyla zjištěna{% endif %}.</p>
+    <input type="button" id="verify-https" value="Ověřit nastavení portu {{ conf['host']['port'] }}">
+    <div id="https-message"></div>
+    <div id="https-wait" class="loader-wrap">
+        <div class="loader"></div>
+        <span>Ověřuje se nastavení firewallu a NAT pro port {{ conf['host']['port'] }}, prosím čekejte...</span>
+    </div>
+    <input type="button" id="verify-http" value="Ověřit nastavení portu 80">
+    <div id="http-message"></div>
+    <div id="http-wait" class="loader-wrap">
+        <div class="loader"></div>
+        <span>Ověřuje se nastavení firewallu a NAT pro port 80, prosím čekejte...</span>
+    </div>
+</div>
+
+<div class="setup-box">
+    <h2>HTTPS certifikát</h2>
+    <p>Stávající certifikát je vystaven na jméno <strong>{{ cert_info['subject'] }}</strong> vystavitelem <strong>{{ cert_info['issuer'] }}</strong> a jeho platnost vyprší <strong>{{ cert_info['expires'] }}</strong>.</p>
+    <form id="update-cert" action="/update-cert" method="post">
+        <table>
+            <tr>
+                <td>Způsob správy</td>
+                <td>
+                    <select name="method" id="cert-method">
+                        <option value="selfsigned"{% if cert_info['method'] == 'selfsigned' %} selected{% endif %}>Self-signed</option>
+                        <option value="automatic"{% if cert_info['method'] == 'automatic' %} selected{% endif %}>Automaticky</option>
+                        <option value="manual"{% if cert_info['method'] == 'manual' %} selected{% endif %}>Ručně</option>
+                    </select>
+                </td>
+                <td class="remark">Volba "Self-signed" vygeneruje certifikát s vlastním podpisem a platností 20 let. Tento certifikát je použitelný pro testovací účely, ale většina mobilních aplikací s ním odmítne fungovat.
+                    <br>Volba "Automaticky" způsobí, že systém automaticky zažádá o certifikát certifikační autority Let's Encrypt pro všechny plně kvalifikované doménové názvy (tj. nikoliv wildcard) zmíněné v sekci <em>DNS záznamy</em>. Počet žádostí o certifikát se stejným doménovým jménem je omezený na 5 týdně, proto je vhodné tento typ certifikátu nastavovat až po instalaci aplikací. Zároveň bude nainstalována úloha pro automatickou obnovu. Proces vyžádání tohoto typu certifikátu může trvat několik minut.
+                    <br>Volba "Ručně" znamená, že soubory certifikátu a jeho soukromého klíče je nutno nahrát a následně obnovovat ručně skrze formulář na této stránce.</td>
+            </tr>
+            <tr class="cert-upload"{% if cert_info['method'] != 'manual' %} style="display:none"{% endif %}>
+                <td>Soubor certifikátu</td>
+                <td><input type="file" name="public" accept=".cer, .crt, .pem"></td>
+                <td class="remark">Soubor s certifikátem ve formátu PEM.<br>Pokud je podepsán certifikační autoritou třetí strany, pak by tento soubor měl mimo koncového certifikátu obsahovat i podpisový certifikát.</td>
+            </tr>
+            <tr class="cert-upload"{% if cert_info['method'] != 'manual' %} style="display:none"{% endif %}>
+                <td>Soubor klíče</td>
+                <td><input type="file" name="private" accept=".key, .pem"></td>
+                <td class="remark">Soubor se soukromým klíčem ve formátu PEM pro výše vybraný certifikát.</td>
+            </tr>
+            <tr>
+                <td>&nbsp;</td>
+                <td colspan="2">
+                    <input type="submit" id="cert-submit" value="Nastavit certifikát">
+                    <div id="cert-message"></div>
+                    <div id="cert-wait" class="loader-wrap">
+                        <div class="loader"></div>
+                        <span>Provádí se změna nastavení, prosím čekejte...</span>
+                    </div>
+                </td>
+            </tr>
+        </table>
+    </form>
+</div>
+{% endblock %}
diff --git a/wsgi.py b/wsgi.py
new file mode 100755
index 0000000..4f5c9a8
--- /dev/null
+++ b/wsgi.py
@@ -0,0 +1,16 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+
+import sys
+
+sys.path.append('/srv/vm')
+from mgr.wsgiapp import WSGIApp
+
+application = WSGIApp()
+
+if __name__ == '__main__':
+    import os
+    from werkzeug.contrib.fixers import ProxyFix
+    from werkzeug.serving import run_simple
+
+    run_simple('127.0.0.1', 8080, ProxyFix(application), threaded=True)