diff --git a/main.go b/main.go
index 37bfdd4..fcae6ac 100644
--- a/main.go
+++ b/main.go
@@ -123,6 +123,15 @@ type ContactKeywordLink struct {
 /*                   ENDE DER STRUKTUREN                              */
 /* ################################################################## */
 
+// ----- Example handlers -----
+func (s *Server) publicHello(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintln(w, "Hallo an alle – öffentliche Daten")
+}
+func (s *Server) privateHello(w http.ResponseWriter, r *http.Request) {
+	user := r.Context().Value(userKey).(string)
+	fmt.Fprintf(w, "Hallo %s – hier deine persönlichen Daten", user)
+}
+
 func main() {
 
 	// Signal-Kanal einrichten
@@ -186,7 +195,9 @@ func main() {
 	mux := http.NewServeMux()
 
 	mux.HandleFunc("/login", srv.loginHandler)
-	mux.Handle("/protected", srv.withAuth(http.HandlerFunc(srv.protectedHandler)))
+	//mux.Handle("/protected", srv.withAuth(http.HandlerFunc(srv.protectedHandler)))
+
+	mux.Handle("/hello", srv.authAware(true, http.HandlerFunc(srv.publicHello), http.HandlerFunc(srv.privateHello)))
 
 	// Handler für /
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
@@ -194,6 +205,26 @@ func main() {
 	})
 
 	mux.HandleFunc("/htmx/kontakt", func(w http.ResponseWriter, r *http.Request) {
+		if err := r.ParseForm(); err != nil {
+			http.Error(w, "bad request", http.StatusBadRequest)
+			return
+		}
+		sparam := strings.TrimSpace(r.Form.Get("search"))
+
+		sqlq := "SELECT * FROM contact c WHERE c.contact_displayname LIKE '%" + sparam + "%' OR c.contact_phone LIKE '%" + sparam + "%' OR c.contact_mobile LIKE '%" + sparam + "%' OR c.contact_homeoffice LIKE '%" + sparam + "%';"
+
+		rows, err := db.Query(sqlq)
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+		}
+
+		var contList []Contact
+
+		for rows.Next() {
+			var c Contact
+			err = rows.Scan(&c.Id)
+		}
+
 		tplKontakt.ExecuteTemplate(w, "kontakt", nil)
 	})
 
@@ -362,28 +393,17 @@ func (s *Server) loginHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	user := strings.TrimSpace(r.Form.Get("username"))
 	pass := r.Form.Get("password")
-
 	if err := s.auth.Authenticate(user, pass); err != nil {
 		http.Error(w, "invalid credentials", http.StatusUnauthorized)
 		return
 	}
-
 	token, err := s.sessions.Create(user, s.cfg.SessionTTL)
 	if err != nil {
 		log.Println("cannot create session:", err)
 		http.Error(w, "internal error", http.StatusInternalServerError)
 		return
 	}
-
-	http.SetCookie(w, &http.Cookie{
-		Name:     "session_token",
-		Value:    token,
-		Expires:  time.Now().Add(s.cfg.SessionTTL),
-		Path:     "/",
-		Secure:   true,
-		HttpOnly: true,
-		SameSite: http.SameSiteStrictMode,
-	})
+	http.SetCookie(w, &http.Cookie{Name: "session_token", Value: token, Expires: time.Now().Add(s.cfg.SessionTTL), Path: "/", Secure: true, HttpOnly: true, SameSite: http.SameSiteStrictMode})
 	fmt.Fprintln(w, "ok")
 }