diff --git a/README.md b/README.md
index 1cc046d..1f1214f 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,6 @@ Basic features are:
 
 - location management
 - monitoring of storage conditions
-- audit trails 
 - barcode labels 
 - logs
 - user and permission management 
diff --git a/lab/forms.py b/lab/forms.py
index b007eb5..37f1181 100644
--- a/lab/forms.py
+++ b/lab/forms.py
@@ -336,10 +336,11 @@ class TypeAttributesFormNew(forms.Form):
                                   widget=forms.Select(attrs={'class': 'form-control'}),
                                   help_text='Select a type.')
     list_values = forms.CharField(label='list values', max_length=DEFAULT, required=False,
-                                  help_text='Enter values via comma separated list.',
+                                  help_text='Enter values separated by commas to generate a selectable drop down '
+                                            'list. This field is optional.',
                                   widget=forms.TextInput(attrs={'class': 'form-control'}))
     default_value = forms.CharField(label='default value', max_length=DEFAULT, required=False,
-                                    help_text='Enter a default value.',
+                                    help_text='Enter a default value. This field is optional.',
                                     widget=forms.TextInput(attrs={'class': 'form-control'}))
     mandatory = forms.BooleanField(label='mandatory', required=False, help_text='Define if field is mandatory.',
                                    widget=forms.CheckboxInput(attrs={'class': 'form-control', 'style': 'align: left'}))
diff --git a/lab/framework.py b/lab/framework.py
index 6ea8cb5..81cd04a 100644
--- a/lab/framework.py
+++ b/lab/framework.py
@@ -454,10 +454,16 @@ def verify_checksum(self, row):
         to_verify += str(SECRET)
         checksum = row['checksum']
         try:
-            return argon2.verify(to_verify, checksum)
+            result = argon2.verify(to_verify, checksum)
+            if not result:
+                # return false + log entry
+                message = 'Checksum for "{}" of table "{}" was not correct. Data integrity is at risk!'. \
+                    format(row[self.unique], self.table_name)
+                log.warning(message)
+            return result
         except ValueError or TypeError:
             # return false + log entry
-            message = 'Checksum for "{}" of table "{}" was not correct.\nData integrity is at risk!'.\
+            message = 'Checksum for "{}" of table "{}" was not correct. Data integrity is at risk!'.\
                 format(row[self.unique], self.table_name)
             log.warning(message)
             return False
@@ -641,14 +647,6 @@ def get(self, **dic):
             _list.append(tmp)
         return _list
 
-    @property
-    def export(self):
-        value_list = self.table.objects.values_list(*self.header)
-        _return = [tuple(custom.capitalize(self.header))]
-        for row in value_list:
-            _return.append(row)
-        return _return
-
 
 class GetLog(GetStandard):
     pass
@@ -678,8 +676,8 @@ def _table_header_dynamic(self):
     def query_dynamic(self, id_main):
         """Query dynamic table for main record id.
 
-            :param id_ref: main record identifier id
-            :type id_ref: int
+            :param id_main: main record identifier id
+            :type id_main: int
 
             :return: records for id_ref
             :rtype: django.db.models.query.QuerySet
@@ -708,12 +706,17 @@ def html_header(self):
         return custom.capitalize(_header)
 
     def table_row_head_total(self, row, query_dynamic):
-        # TODO #59
         if self.verify_checksum(row=row):
+            _success_list = list()
             for row in query_dynamic:
                 if not self.verify_checksum_dynamic(row=row):
-                    return '<tr style="color: red">'
-            return '<tr>'
+                    _success_list.append(False)
+                else:
+                    _success_list.append(True)
+            if custom.check_equal(_success_list):
+                return '<tr>'
+            else:
+                return '<tr style="color: red">'
         else:
             return '<tr style="color: red">'
 
@@ -733,11 +736,21 @@ def verify_checksum_dynamic(self, row):
         to_verify += str(SECRET)
         checksum = row['checksum']
         try:
-            return argon2.verify(to_verify, checksum)
+            result = argon2.verify(to_verify, checksum)
+            if not result:
+                # return false + log entry
+                unique_main = models.Reagents.objects.filter(id=row['id_main'])[0].reagent
+                message = 'Checksum for "{}" attribute "{}" with id "{}" of table "{}" was not correct. ' \
+                          'Data integrity is at risk!'. \
+                    format(unique_main, row['type_attribute'], row[self.dynamic_table_unique], self.dynamic_table_name)
+                log.warning(message)
+            return result
         except ValueError or TypeError:
             # return false + log entry
-            message = 'Checksum for "{}" of table "{}" was not correct.\nData integrity is at risk!'. \
-                format(row[self.dynamic_table_unique], self.dynamic_table_name)
+            unique_main = models.Reagents.objects.filter(id=row['id_main'])[0].reagent
+            message = 'Checksum for "{}" attribute "{}" with id "{}" of table "{}" was not correct. ' \
+                      'Data integrity is at risk!'. \
+                format(unique_main, row['type_attribute'], row[self.dynamic_table_unique], self.dynamic_table_name)
             log.warning(message)
             return False
 
@@ -770,50 +783,137 @@ def get(self, **dic):
             _list.append(tmp)
         return _list
 
+    @property
+    def export(self):
+        _query = self.query(order_by=self.order_by, type=self.type)
+        _list = list()
+        for row in _query:
+            _query_dynamic = self.query_dynamic(row['id'])
+            _tuple = tuple()
+            for field in self.header_start:
+                _tuple += (row[field], )
 
-class GetDynamicAuditTrail(GetStandard):
-    def __init__(self, table, dynamic_table, type):
-        super().__init__(table)
-        self.type = type
+            for field in self.type_attributes:
+                if field not in self.dynamic_table.objects.list_of_type_attributes(id_main=row['id']):
+                    _tuple += ('', )
+                else:
+                    for row_dynamic in _query_dynamic:
+                        if field == row_dynamic['type_attribute']:
+                            _tuple += (row_dynamic['value'], )
+            _tuple += (row['version'], )
+            _list.append(_tuple)
+        _return = [tuple(custom.capitalize(self.header_start)) +
+                   tuple(custom.capitalize(self.type_attributes)) +
+                   ('Version', )]
+        for row in _list:
+            _return.append(row)
+        return _return
+
+
+class GetDynamicAuditTrail(GetDynamic):
+    def __init__(self, table, dynamic_table, type, dt=None):
+        super().__init__(table, dynamic_table, type)
+        if dt:
+            self.dt = datetime.timedelta(seconds=int(dt) * 60)
+            self.utc_offset = custom.fill_up_time_delta(dt)
+
+    def query_dynamic_at(self, id_main, version):
+        """Query dynamic table for main record id.
+
+            :param id_main: main record identifier id
+            :type id_main: int
+
+            :param version: version of the audit trail record stored in id_ref
+            :type version: int
+
+            :return: records for id_ref
+            :rtype: django.db.models.query.QuerySet
+        """
+        return self.dynamic_table.objects.filter(id_main=id_main, id_ref=version).values()
+
+    @property
+    def header(self):
+        _header = self._table_header
+        _header.remove('id')
+        _header.remove('checksum')
+        _header.remove('id_ref')
+        return _header
+
+    @property
+    def header_start(self):
+        _header_start = self.header
+        if self.affiliation == 'Reagents':
+            _header_start.remove('type')
+        _header_start.remove('version')
+        _header_start.remove('action')
+        _header_start.remove('user')
+        _header_start.remove('timestamp')
+        return _header_start
+
+    @property
+    def header_dynamic(self):
+        _header_dynamic = self._table_header_dynamic
+        _header_dynamic.remove('id')
+        _header_dynamic.remove('checksum')
+        _header_dynamic.remove('id_ref')
+        # _header_dynamic.remove('id_main')
+        return _header_dynamic
+
+    @property
+    def html_header(self):
+        _header = self.header_start + self.type_attributes
+        _header.append('Version')
+        _header.append('action')
+        _header.append('user')
+        _header.append('timestamp')
+        return custom.capitalize(_header)
 
     def table_row_head_total(self, row, query_dynamic):
-        # TODO #59
         if self.verify_checksum(row=row):
+            _success_list = list()
             for row in query_dynamic:
                 if not self.verify_checksum_dynamic(row=row):
-                    return '<tr class="tmp_audit_trail" style="color: red">'
-            return '<tr class="tmp_audit_trail">'
+                    _success_list.append(False)
+                else:
+                    _success_list.append(True)
+            if custom.check_equal(_success_list):
+                return '<tr class="tmp_audit_trail">'
+            else:
+                return '<tr class="tmp_audit_trail" style="color: red">'
         else:
             return '<tr class="tmp_audit_trail" style="color: red">'
 
     def get(self, **dic):
-        _query = self.query(order_by=self.order_by, type=self.type)
+        _query = self.query(order_by=self.order_by, type=self.type, **dic)
         _list = list()
         for row in _query:
-            _query_dynamic = self.query_dynamic(row['id'])
+            _query_dynamic = self.query_dynamic_at(id_main=row['id_ref'], version=row['version'])
             tmp = self.table_row_head_total(row=row, query_dynamic=_query_dynamic)
             # adding all tds for builder_header_start
             for field in self.header_start:
-                # tagging the unique field
-                if field == self.unique:
-                    tmp += '<td class="unique gui">{}</td>'.format(row[field])
-                else:
-                    tmp += '<td class="gui">{}</td>'.format(row[field])
+                # only payload
+                tmp += '<td>{}</td>'.format(row[field])
             # adding all tds for builder_header_dynamic
             for field in self.type_attributes:
-                if field not in self.dynamic_table.objects.list_of_type_attributes(id_main=row['id']):
-                    tmp += '<td class="gui"></td>'
+                if field not in self.dynamic_table.objects.list_of_type_attributes(id_main=row['id_ref'],
+                                                                                   version=row['version']):
+                    tmp += '<td></td>'
                 else:
                     for row_dynamic in _query_dynamic:
                         if field == row_dynamic['type_attribute']:
-                            tmp += '<td class="gui">{}</td>'.format(row_dynamic['value'])
+                            tmp += '<td>{}</td>'.format(row_dynamic['value'])
             # adding all tds for builder_header_end
             tmp += '<td>{}</td>'.format(row['version'])
+            tmp += '<td>{}</td>'.format(row['action'])
+            tmp += '<td>{}</td>'.format(row['user'])
+            tmp += '<td>{}</td>'.format(custom.format_timestamp(timestamp=row['timestamp'],
+                                                                dt=self.dt,
+                                                                utc_offset=self.utc_offset))
             # close table
             tmp += '</tr>'
             # append table row
             _list.append(tmp)
-        return _list
+        return True, _list
 
 
 class TableManipulation(Master):
@@ -1021,6 +1121,27 @@ def new_dynamic(self, user, identifier, main_version, timestamp, **kwargs):
     def new_boxing(self, **kwargs):
         return self.new_log(text='boxing', unique='box', **kwargs)
 
+    def clear_boxing(self, **kwargs):
+        """Dedicated function to clear boxing records. WARNING, does not suit framework!
+
+            :return: flag
+            :rtype: bool
+        """
+        try:
+            # parse record data
+            checksum = self.parsing(**kwargs)
+            self.table.objects.filter(box=kwargs['box'],
+                                      position=kwargs['position']).update(**self.dict, checksum=checksum)
+            # success message + log entry
+            message = 'Boxing record for "{}" has been cleared.'.format(kwargs['object'])
+            log.info(message)
+        except:
+            # raise error
+            message = 'Could not clear boxing record for "{}".'.format(kwargs['object'])
+            raise NameError(message)
+        else:
+            return True
+
     def edit_boxing(self, **kwargs):
         """Dedicated function to update boxing records. WARNING, does not suit framework!
 
@@ -1235,6 +1356,14 @@ def delete_multiple(self, user, records):
                 pass
         return True
 
+    def delete_at(self, user, record):
+        # setting the user for identification
+        self.user = user
+        if self.delete(record):
+            return self.audit_trail(action='Delete')
+        else:
+            return False
+
     def delete(self, record):
         # check if record is existing in the db
         if self.table.objects.exist(record):
diff --git a/lab/models.py b/lab/models.py
index 605ab15..f07b0b7 100644
--- a/lab/models.py
+++ b/lab/models.py
@@ -387,7 +387,12 @@ class DynamicReagents(models.Model):
 
 # audit trail manager
 class DynamicReagentsAuditTrailManager(GlobalAuditTrailManager):
-    pass
+    def list_of_type_attributes(self, id_main, version):
+        try:
+            return list(self.filter(id_main=id_main, id_ref=version).order_by('id').
+                        values_list('type_attribute', flat=True))
+        except IndexError:
+            return list()
 
 
 # audit trail table
@@ -857,7 +862,16 @@ def method(self, unique):
         return self.filter(object=unique)[0].type
 
     def box(self, unique):
-        return self.filter(object=unique)[0].box
+        try:
+            return self.filter(object=unique)[0].box
+        except IndexError:
+            return None
+
+    def position(self, unique):
+        try:
+            return self.filter(object=unique)[0].position
+        except IndexError:
+            return None
 
     def type(self, unique):
         try:
diff --git a/lab/templates/lab/audittrail.html b/lab/templates/lab/audittrail.html
index 4a6b3b7..cb20414 100644
--- a/lab/templates/lab/audittrail.html
+++ b/lab/templates/lab/audittrail.html
@@ -23,7 +23,7 @@
             var item = $('#id_table').find('#id_unique').find("td:first").text();
             $.ajax({
                 method: "GET",
-                url: "/" + "{{ content }}" + "/audit_trail/",
+                url: "/" + "{{ content }}" + "/audit_trail/{% if content_dynamic %}{{ content_dynamic }}/{% endif %}",
                 data: {
                     'unique': item
                 },
diff --git a/lab/templates/lab/core.html b/lab/templates/lab/core.html
deleted file mode 100644
index af1c520..0000000
--- a/lab/templates/lab/core.html
+++ /dev/null
@@ -1,128 +0,0 @@
-<!--
-turtle-lab.org
-Copyright (C) 2017  Henrik Baran
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
--->
-
-<script>
-    // cover
-    $(window).on('load', function() {
-       $("#cover").hide();
-    });
-
-    // using jQuery
-    function getCookie(name) {
-        var cookieValue = null;
-        if (document.cookie && document.cookie !== '') {
-            var cookies = document.cookie.split(';');
-            for (var i = 0; i < cookies.length; i++) {
-                var cookie = jQuery.trim(cookies[i]);
-                // Does this cookie string begin with the name we want?
-                if (cookie.substring(0, name.length + 1) === (name + '=')) {
-                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
-                    break;
-                }
-            }
-        }
-        return cookieValue;
-    }
-
-    //var csrftoken = getCookie('csrftoken');
-    var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();
-
-
-    function csrfSafeMethod(method) {
-        // these HTTP methods do not require CSRF protection
-        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
-    }
-
-    $.ajaxSetup({
-        beforeSend: function(xhr, settings) {
-            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
-                xhr.setRequestHeader("X-CSRFToken", csrftoken);
-            }
-        }
-    });
-
-    // VARIABLES
-    var table_row_color = "#98ccff";
-
-    $(document).ready(function(){
-        $('[data-toggle="tooltip"]').tooltip();
-    });
-
-    // tables
-    $('#id_table tbody tr').mousedown (function(event) {
-        switch (event.which) {
-            case 1:
-                event.preventDefault();
-                document.getSelection().removeAllRanges();
-                $("#id_nav_btn_delete").removeClass('disabled').removeClass('btn-default').addClass('btn-danger');
-                $("#id_nav_btn_edit").removeClass('disabled').removeClass('btn-default').addClass('btn-primary');
-                $("#id_nav_btn_duplicate").removeClass('disabled').removeClass('btn-default').addClass('btn-success');
-                $("#id_nav_btn_audit_trail").removeClass('disabled').removeClass('btn-default').addClass('btn-warning');
-                $("#id_nav_btn_movement").removeClass('disabled').removeClass('btn-default').addClass('btn-info');
-                $("#id_nav_btn_overview_boxing").removeClass('disabled').removeClass('btn-default').addClass('btn-primary');
-                $("#id_nav_btn_barcode").removeClass('disabled').removeClass('btn-default').addClass('btn-info');
-                $("#id_nav_btn_password").removeClass('disabled').removeClass('btn-default').addClass('btn-info');
-                $("#id_nav_btn_active").removeClass('disabled').removeClass('btn-default').addClass('btn-success');
-                if (event.ctrlKey) {
-                    event.preventDefault();
-                    $(this).addClass('selected');
-                    $(this).css("background-color", table_row_color);
-                    $("#id_nav_btn_edit").addClass('disabled').removeClass('btn-primary').addClass('btn-default');
-                    $("#id_nav_btn_duplicate").addClass('disabled').removeClass('btn-success').addClass('btn-default');
-                    $("#id_nav_btn_audit_trail").addClass('disabled').removeClass('btn-warning').addClass('btn-default');
-                    $("#id_nav_btn_movement").addClass('disabled').removeClass('btn-info').addClass('btn-default');
-                    $("#id_nav_btn_overview_boxing").addClass('disabled').removeClass('btn-primary').addClass('btn-default');
-                    $("#id_nav_btn_barcode").addClass('disabled').removeClass('btn-info').addClass('btn-default');
-                    $("#id_nav_btn_password").addClass('disabled').removeClass('btn-info').addClass('btn-default');
-                    $("#id_nav_btn_active").addClass('disabled').removeClass('btn-success').addClass('btn-default');
-                } else {
-                    event.preventDefault();
-                    if ($(this).hasClass('.clicked')) {
-                        $(this).removeClass('selected');
-                        $(this).removeClass('.clicked');
-                        $(this).css("background-color", "");
-                        $(this).attr('id', '');
-                        $("#id_nav_btn_delete").addClass('disabled').removeClass('btn-danger').addClass('btn-default');
-                        $("#id_nav_btn_edit").addClass('disabled').removeClass('btn-primary').addClass('btn-default');
-                        $("#id_nav_btn_duplicate").addClass('disabled').removeClass('btn-success').addClass('btn-default');
-                        $("#id_nav_btn_audit_trail").addClass('disabled').removeClass('btn-warning').addClass('btn-default');
-                        $("#id_nav_btn_movement").addClass('disabled').removeClass('btn-info').addClass('btn-default');
-                        $("#id_nav_btn_overview_boxing").addClass('disabled').removeClass('btn-primary').addClass('btn-default');
-                        $("#id_nav_btn_barcode").addClass('disabled').removeClass('btn-info').addClass('btn-default');
-                        $("#id_nav_btn_password").addClass('disabled').removeClass('btn-info').addClass('btn-default');
-                        $("#id_nav_btn_active").addClass('disabled').removeClass('btn-success').addClass('btn-default');
-                    } else {
-                        $(this).addClass('selected').siblings().removeClass('selected').removeClass('.clicked').attr('id', '').css("background-color", "");
-                        $(this).css("background-color", table_row_color);
-                        $(this).addClass('.clicked');
-                        $(this).attr('id', 'id_unique');
-                        //console.log($(this).find("td:first").text());
-                    }
-                }
-                break;
-            case 2:
-                //alert('Middle Mouse button pressed.');
-                break;
-            case 3:
-                //alert('Right Mouse button pressed.');
-                break;
-            default:
-                //alert('You have a strange Mouse!');
-        }
-    });
-</script>
\ No newline at end of file
diff --git a/lab/templates/lab/export.html b/lab/templates/lab/export.html
index e115bbc..ac2116c 100644
--- a/lab/templates/lab/export.html
+++ b/lab/templates/lab/export.html
@@ -18,6 +18,10 @@
 
 <script>
     $('#id_nav_btn_export').click(function() {
-        location.href = "/export/{{ content }}/";
+        if ('{{ content }}' === 'reagents') {
+            location.href = "/export/{{ content }}/{% if content_dynamic %}{{ content_dynamic }}{% endif %}/"
+        } else {
+            location.href = "/export/{{ content }}/";
+        }
     })
 </script>
\ No newline at end of file
diff --git a/lab/templates/lab/index.html b/lab/templates/lab/index.html
index a68b346..6ed7372 100644
--- a/lab/templates/lab/index.html
+++ b/lab/templates/lab/index.html
@@ -122,7 +122,7 @@
                 </ul>
             </div>
             <div class="sidebar-bottom">
-                Version: 0.1.0-alpha.1
+                Version: 0.1.0-alpha.2
             </div>
         </div>
     {% endif %}
@@ -313,7 +313,7 @@
                     <!--<button id="id_nav_btn_filter" type="button" class="btn btn-default disabled">
                         <i class="fas fa-filter"></i></button>-->
             </div>
-            <form style="float: left; padding-left: 5px;">
+            <form style="float: left; padding-left: 5px;" onsubmit="return false">
                 <div class="input-group" style="height: 46px;">
                     <span class="input-group-addon" id="basic-addon1"><i class="fas fa-search"></i></span>
                     <input id="id_search" style="height: 46px;" type="text" class="form-control" placeholder="Search"
@@ -365,6 +365,9 @@
                     {% endblock %}
                 </tbody>
             </table>
+            <div id="id_search_error" class="container-fluid search-error" style="display: none">
+                <h1>no records have been found ...</h1>
+            </div>
             <!-- NEW -->
             {% if content != 'movement_log' and content != 'home' and content != 'login_log' %}
                 <div class="modal fade" id="id_modal_new" tabindex="-1" role="dialog" aria-labelledby="id_modal_new">
@@ -830,17 +833,21 @@ <h4 class="modal-title" id="id_modal_password_users">Password</h4>
             integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa"
             crossorigin="anonymous"></script>
 
-
-    {% include "lab/core.html" %}
-    {% include "lab/sidebar.html" %}
-    {% include "lab/logout.html" %}
-    {% include "lab/export.html" %}
-    {% include "lab/import.html" %}
+    <!-- JS imports -->
     <script>
-        {% include "lab/js/search.js" %}
+        {% include "lab/js/csrf.js" %}
+        {% include "lab/js/core.js" %}
     </script>
 
+    {% include "lab/logout.html" %}
+
     {% if tables %}
+        {% include "lab/export.html" %}
+        {% include "lab/import.html" %}
+        {% include "lab/sidebar.html" %}
+        <script>
+            {% include "lab/js/search.js" %}
+        </script>
         {% if content != 'movement_log' and content != 'home' and content != 'login_log' and content != 'boxing_log' %}
             {% include "lab/audittrail.html" %}
             {% include "lab/new.html" %}
@@ -855,12 +862,6 @@ <h4 class="modal-title" id="id_modal_password_users">Password</h4>
         {% include "lab/label.html" %}
     {% endif %}
 
-    {% if content == 'home' %}
-        {% include "lab/movement.html" %}
-        {% include "lab/boxing.html" %}
-        {% include "lab/form.html" %}
-    {% endif %}
-
     {% if content == 'overview' %}
         {% include "lab/overview_boxing.html" %}
         {% include "lab/movement.html" %}
diff --git a/lab/templates/lab/js/core.js b/lab/templates/lab/js/core.js
new file mode 100644
index 0000000..1eaf33d
--- /dev/null
+++ b/lab/templates/lab/js/core.js
@@ -0,0 +1,185 @@
+/*
+turtle-lab.org
+Copyright (C) 2018  Henrik Baran
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+// cover
+$(window).on('load', function() {
+   $("#cover").hide();
+});
+
+// VARIABLES
+var table_row_color = "#98ccff";
+var count_selected, i, index_unique, index_selected_old, index_selected_actual, all_tr, has_class;
+
+//table
+var table = $('#id_table');
+
+// buttons
+var button_delete = $("#id_nav_btn_delete");
+var button_edit = $("#id_nav_btn_edit");
+var button_duplicate = $("#id_nav_btn_duplicate");
+var button_log_record = $("#id_nav_btn_audit_trail");
+var button_movement = $("#id_nav_btn_movement");
+var button_boxing = $("#id_nav_btn_overview_boxing");
+var button_barcode = $("#id_nav_btn_barcode");
+var button_password = $("#id_nav_btn_password");
+var button_active = $("#id_nav_btn_active");
+
+// functions for button control
+function enable_all() {
+    button_delete.removeClass('disabled').removeClass('btn-default').addClass('btn-danger');
+    button_edit.removeClass('disabled').removeClass('btn-default').addClass('btn-primary');
+    button_duplicate.removeClass('disabled').removeClass('btn-default').addClass('btn-success');
+    button_log_record.removeClass('disabled').removeClass('btn-default').addClass('btn-warning');
+    button_movement.removeClass('disabled').removeClass('btn-default').addClass('btn-info');
+    button_boxing.removeClass('disabled').removeClass('btn-default').addClass('btn-primary');
+    button_barcode.removeClass('disabled').removeClass('btn-default').addClass('btn-info');
+    button_password.removeClass('disabled').removeClass('btn-default').addClass('btn-info');
+    button_active.removeClass('disabled').removeClass('btn-default').addClass('btn-success');
+}
+
+function disable_all(del) {
+    if (!del) {
+       button_delete.addClass('disabled').removeClass('btn-danger').addClass('btn-default');
+    }
+    button_edit.addClass('disabled').removeClass('btn-primary').addClass('btn-default');
+    button_duplicate.addClass('disabled').removeClass('btn-success').addClass('btn-default');
+    button_log_record.addClass('disabled').removeClass('btn-warning').addClass('btn-default');
+    button_movement.addClass('disabled').removeClass('btn-info').addClass('btn-default');
+    button_boxing.addClass('disabled').removeClass('btn-primary').addClass('btn-default');
+    button_barcode.addClass('disabled').removeClass('btn-info').addClass('btn-default');
+    button_password.addClass('disabled').removeClass('btn-info').addClass('btn-default');
+    button_active.addClass('disabled').removeClass('btn-success').addClass('btn-default');
+}
+
+// click handling
+$(table).find('tbody tr').mousedown (function(event) {
+    count_selected = $('.selected').length;
+    event.preventDefault();
+    document.getSelection().removeAllRanges();
+    index_selected_old = $(table).find('.selected').index();
+    enable_all();
+    if (event.ctrlKey) {
+        if (count_selected === 0) {
+            $(this).addClass('selected').css("background-color", table_row_color).attr('id', 'id_unique');
+        } else {
+            if ($(this).hasClass('selected')) {
+                $(this).removeClass('selected').css("background-color", "").attr('id', '');
+                count_selected = $('.selected').length;
+                if (count_selected > 1) {
+                    disable_all(true);
+                } else if (count_selected === 1) {
+                    enable_all();
+                } else {
+                    disable_all();
+                }
+            } else {
+                $(this).addClass('selected').css("background-color", table_row_color);
+                disable_all(true);
+            }
+        }
+    } else if (event.shiftKey) {
+        // all until next selected
+        index_selected_actual = $(this).index();
+        index_unique = $(table).find('#id_unique').index();
+        // just click
+        if (count_selected === 0) {
+            $(this).addClass('selected').css("background-color", table_row_color).attr('id', 'id_unique');
+        } else {
+            // reduce
+            if ($(this).hasClass('selected')) {
+                // above
+                if (index_selected_actual < index_unique) {
+                    all_tr = $(this).prevAll('tr').addBack();
+                    for (i = 0; i < index_selected_actual; i++) {
+                        $(all_tr[i]).removeClass('selected').css("background-color", "");
+                    }
+                    disable_all(true);
+                // below
+                } else if (index_selected_actual > index_unique) {
+                    all_tr = $(this).nextAll('tr').addBack();
+                    for (i = 1; i < all_tr.length; i++) {
+                        $(all_tr[i]).removeClass('selected').css("background-color", "");
+                    }
+                    disable_all(true);
+                    // equal
+                } else if (index_selected_actual === index_unique) {
+                    $(this).siblings().removeClass('selected').css("background-color", "");
+                    if (count_selected > 1) {
+                        enable_all();
+                    } else {
+                        $(this).removeClass('selected').css("background-color", "").attr('id', '');
+                        disable_all();
+                    }
+                }
+            // add
+            } else {
+                // above
+                if (index_selected_actual < index_selected_old) {
+                    // first remove all below
+                    all_tr = $(table).find('#id_unique').nextAll('tr');
+                    for (i = 0; i < all_tr.length; i++) {
+                        $(all_tr[i]).removeClass('selected').css("background-color", "");
+                    }
+                    // then add all above
+                    all_tr = $(this).nextAll('tr').addBack();
+                    for (i = 0; i < all_tr.length; i++) {
+                        has_class = $(all_tr[i]).attr('class');
+                        if (has_class !== 'selected') {
+                            $(all_tr[i]).addClass('selected').css("background-color", table_row_color);
+                        } else {
+                            break;
+                        }
+                    }
+                // below
+                } else if (index_selected_actual > index_selected_old) {
+                    // first remove all above
+                    all_tr = $(table).find('#id_unique').prevAll('tr');
+                    for (i = 0; i < index_unique; i++) {
+                        $(all_tr[i]).removeClass('selected').css("background-color", "");
+                    }
+                    // then add all below
+                    all_tr = $(this).prevAll('tr').addBack();
+                    for (i = all_tr.length; i > 0; i--) {
+                        has_class = $(all_tr[i]).attr('class');
+                        if (has_class !== 'selected') {
+                            $(all_tr[i]).addClass('selected').css("background-color", table_row_color);
+                        } else {
+                            break;
+                        }
+                    }
+                }
+            disable_all(true);
+            }
+        }
+    } else {
+        if ($(this).hasClass('selected')) {
+            $(this).removeClass('selected').css("background-color", "").attr('id', '');
+            count_selected = $('.selected').length;
+            if (count_selected > 0) {
+                $(this).addClass('selected').siblings().removeClass('selected').attr('id', '').css("background-color", "");
+                $(this).css("background-color", table_row_color).attr('id', 'id_unique');
+            } else {
+                disable_all();
+            }
+        } else {
+            $(this).addClass('selected').siblings().removeClass('selected').attr('id', '').css("background-color", "");
+            $(this).css("background-color", table_row_color).attr('id', 'id_unique');
+        }
+    }
+});
\ No newline at end of file
diff --git a/lab/templates/lab/js/csrf.js b/lab/templates/lab/js/csrf.js
new file mode 100644
index 0000000..9432259
--- /dev/null
+++ b/lab/templates/lab/js/csrf.js
@@ -0,0 +1,35 @@
+/*
+turtle-lab.org
+Copyright (C) 2018  Henrik Baran
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+// define csrf token according to https://docs.djangoproject.com/en/1.11/ref/csrf/
+var csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();
+
+
+function csrfSafeMethod(method) {
+    // these HTTP methods do not require CSRF protection
+    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+}
+
+$.ajaxSetup({
+    beforeSend: function(xhr, settings) {
+        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+            xhr.setRequestHeader("X-CSRFToken", csrftoken);
+        }
+    }
+});
\ No newline at end of file
diff --git a/lab/templates/lab/js/search.js b/lab/templates/lab/js/search.js
index b1cc8d8..eec6f14 100644
--- a/lab/templates/lab/js/search.js
+++ b/lab/templates/lab/js/search.js
@@ -54,8 +54,17 @@ function search(id_search, call) {
         // hide if no hit
         if (finder > 0) {
             row[i].style.display = "";
+            $('#id_search_error').hide();
         } else {
             row[i].style.display = "none";
         }
     }
+
+    var count = row.filter(function() {
+        return $(this).css('display') !== 'none';
+    }).length;
+    if (count === 0) {
+        window.scrollTo(0, 0);
+        $('#id_search_error').show();
+    }
 }
diff --git a/lab/urls.py b/lab/urls.py
index 2a64ce5..22cf310 100644
--- a/lab/urls.py
+++ b/lab/urls.py
@@ -24,6 +24,7 @@
 urlpatterns = [
     # export
     url(r'^export/(?P<dialog>\w+)/$', views.export, name='export'),
+    url(r'^export/(?P<dialog>\w+)/(?P<reagent>\w+)/$', views.export_reagents, name='export reagents'),
     # url(r'^import/(?P<dialog>\w+)/$', views.import_data, name='import'),
     # others
     url(r'^offset/$', views.offset, name='offset'),
@@ -74,9 +75,8 @@
     # reagents
     url(r'^reagents/new/(?P<reagent>\w+)/$', views.reagents_new, name='reagents new'),
     url(r'^reagents/edit/(?P<reagent>\w+)/$', views.reagents_edit, name='reagents edit'),
-    # url(r'^reagents/edit/$', views.reagents_edit, name='reagents edit'),
     url(r'^reagents/delete/$', views.reagents_delete, name='reagents delete'),
-    url(r'^reagents/audit_trail/$', views.reagents_audit_trail, name='reagents audit trail'),
+    url(r'^reagents/audit_trail/(?P<reagent>\w+)/$', views.reagents_audit_trail, name='reagents audit trail'),
     url(r'^reagents/label/$', views.reagents_label, name='reagents label'),
     url(r'^reagents/(?P<reagent>\w+)/$', views.reagents, name='reagents'),
     # logs
diff --git a/lab/views.py b/lab/views.py
index e142f3a..a9481a8 100644
--- a/lab/views.py
+++ b/lab/views.py
@@ -1183,7 +1183,9 @@ def reagents(request, reagent):
                  'user': request.user.username,
                  'perm': request.user.permissions},
         get_standard=framework.GetDynamic(table=models.Reagents, dynamic_table=models.DynamicReagents, type=reagent),
-        get_audit_trail=framework.GetAuditTrail(table=models.ReagentsAuditTrail, dt=request.session['offset']),
+        get_audit_trail=framework.GetDynamicAuditTrail(table=models.ReagentsAuditTrail,
+                                                       dynamic_table=models.DynamicReagentsAuditTrail,
+                                                       type=reagent, dt=request.session['offset']),
         form_render_new=forms.ReagentsFormNew(),
         form_render_edit=forms.ReagentsFormEdit())
     return render(request, 'lab/index.html', context)
@@ -1193,9 +1195,10 @@ def reagents(request, reagent):
 @login_required
 @decorators.permission('re_r', 're_w', 're_d', 're_l')
 @decorators.require_ajax
-def reagents_audit_trail(request):
-    response, data = framework.GetAuditTrail(
-        table=models.ReagentsAuditTrail, dt=request.session['offset']).get(
+def reagents_audit_trail(request, reagent):
+    response, data = framework.GetDynamicAuditTrail(table=models.ReagentsAuditTrail,
+                                                    dynamic_table=models.DynamicReagentsAuditTrail,
+                                                    type=reagent, dt=request.session['offset']).get(
         id_ref=models.Reagents.objects.id(request.GET.get('unique')))
     data = {'response': response,
             'data': data}
@@ -1283,8 +1286,18 @@ def reagents_edit(request, reagent):
 def reagents_delete(request):
         manipulation = framework.TableManipulation(table=models.Reagents,
                                                    table_audit_trail=models.ReagentsAuditTrail)
-        response = manipulation.delete_multiple(records=json.loads(request.POST.get('items')),
-                                                user=request.user.username)
+        manipulation_boxing = framework.TableManipulation(table=models.Boxing)
+        # individual loop for deleting reagents to clear boxing list
+        _success_list = list()
+        for item in json.loads(request.POST.get('items')):
+            box = models.Overview.objects.box(unique=item)
+            position = models.Overview.objects.position(unique=item)
+            response = manipulation.delete_at(record=item, user=request.user.username)
+            if box and response:
+                response = manipulation_boxing.clear_boxing(box=box, object='', position=position)
+            _success_list.append(response)
+        response = custom.check_equal(_success_list)
+
         """if response:
             manipulation_dynamic = framework.TableManipulation(table=models.DynamicReagents,
                                                                table_audit_trail=models.DynamicReagentsAuditTrail)
@@ -1603,35 +1616,75 @@ def overview_locate(request):
         return JsonResponse(data)
     _type = models.Overview.objects.type(unique=request.GET.get('unique'))
     box_count = models.Boxes.objects.count_box_by_type(type=_type)
-    if box_count == 0:
-        box = '---'
-        location = '---'
-        position = '---'
+    count_mixed = models.Boxes.objects.count_box_by_type(type='')
+    if box_count == 0 and count_mixed == 0:
         data = {'response': True,
-                'location': location,
-                'box': box,
-                'position': position}
+                'location': '---',
+                'box': '---',
+                'position': '---'}
         return JsonResponse(data)
-    for x in range(box_count):
-        box = models.Boxes.objects.box_by_type(type=_type, count=x)
-        position = models.Boxing.objects.next_position(box=box[:7])
-        location = models.Overview.objects.location(unique=box[:7])
-        if not location:
-            location = '---'
-        if position:
-            data = {'response': True,
-                    'location': location,
-                    'box': box,
-                    'position': position}
-            return JsonResponse(data)
-        else:
-            if x == box_count:
-                position = '---'
+    else:
+        # if dedicated boxes exist first check them
+        if box_count > 0:
+            # check dedicated boxes
+            for x in range(box_count):
+                box = models.Boxes.objects.box_by_type(type=_type, count=x)
+                position = models.Boxing.objects.next_position(box=box[:7])
+                location = models.Overview.objects.location(unique=box[:7])
+                if not location:
+                    location = '---'
+                if position:
+                    data = {'response': True,
+                            'location': location,
+                            'box': box,
+                            'position': position}
+                    return JsonResponse(data)
+            # if no return happened, check if mixes boxes exist
+            if count_mixed > 0:
+                for x in range(count_mixed):
+                    box = models.Boxes.objects.box_by_type(type='', count=x)
+                    position = models.Boxing.objects.next_position(box=box[:7])
+                    location = models.Overview.objects.location(unique=box[:7])
+                    if not location:
+                        location = '---'
+                    if position:
+                        data = {'response': True,
+                                'location': location,
+                                'box': box,
+                                'position': position}
+                        return JsonResponse(data)
+                # no position in mixed boxes return nothing
+                data = {'response': True,
+                        'location': '---',
+                        'box': '---',
+                        'position': '---'}
+                return JsonResponse(data)
+            # return nothing if no mixed boxes available
+            else:
                 data = {'response': True,
-                        'location': location,
-                        'box': box,
-                        'position': position}
+                        'location': '---',
+                        'box': '---',
+                        'position': '---'}
                 return JsonResponse(data)
+        if count_mixed > 0:
+            for x in range(count_mixed):
+                box = models.Boxes.objects.box_by_type(type='', count=x)
+                position = models.Boxing.objects.next_position(box=box[:7])
+                location = models.Overview.objects.location(unique=box[:7])
+                if not location:
+                    location = '---'
+                if position:
+                    data = {'response': True,
+                            'location': location,
+                            'box': box,
+                            'position': position}
+                    return JsonResponse(data)
+            # no position in mixed boxes return nothing
+            data = {'response': True,
+                    'location': '---',
+                    'box': '---',
+                    'position': '---'}
+            return JsonResponse(data)
 
 
 @require_POST
@@ -1686,6 +1739,21 @@ def export(request, dialog):
     return response
 
 
+@require_GET
+@login_required
+@decorators.export_permission
+def export_reagents(request, reagent, dialog):
+    queryset = framework.GetDynamic(table=models.Reagents, dynamic_table=models.DynamicReagents, type=reagent)
+    data = queryset.export
+    # write pseudo buffer for streaming
+    pseudo_buffer = custom.Echo()
+    writer = csv.writer(pseudo_buffer, delimiter=';')
+    # response
+    response = StreamingHttpResponse((writer.writerow(row) for row in data), content_type="text/csv")
+    response['Content-Disposition'] = 'attachment; filename="{}.csv"'.format(reagent)
+    return response
+
+
 """"@require_POST
 @login_required
 def import_data(request, dialog):
diff --git a/postgres/overview.sql b/postgres/overview.sql
index 332cae8..df85ebf 100644
--- a/postgres/overview.sql
+++ b/postgres/overview.sql
@@ -1,3 +1,11 @@
+DROP VIEW IF EXISTS overview;
+DROP VIEW IF EXISTS tmp_overview_loc_merged;
+DROP VIEW IF EXISTS tmp_overview_box_loc;
+DROP VIEW IF EXISTS tmp_overview_loc;
+DROP VIEW IF EXISTS tmp_overview_box;
+DROP VIEW IF EXISTS tmp_overview;
+
+
 CREATE OR REPLACE VIEW public.tmp_overview as
 	SELECT
 		b.box AS object,
diff --git a/static/custom.css b/static/custom.css
index 875c9ea..41e66f2 100644
--- a/static/custom.css
+++ b/static/custom.css
@@ -206,4 +206,9 @@ html, body {
 
 .sidebar-active a svg {
     color: white;
+}
+
+.search-error {
+    text-align: center;
+    color: red;
 }
\ No newline at end of file
diff --git a/turtle/settings/settings.py b/turtle/settings/settings.py
index 15674d4..1ecce0f 100644
--- a/turtle/settings/settings.py
+++ b/turtle/settings/settings.py
@@ -246,7 +246,7 @@ def _require_file(path, file_name):
 
 # security settings of type bool
 CSRF_COOKIE_SECURE = custom.value_to_bool(os.environ.get('CSRF_COOKIE_SECURE', 0))
-CSRF_USE_SESSIONS = custom.value_to_bool(os.environ.get('CSRF_USE_SESSIONS', 0))
+CSRF_USE_SESSIONS = custom.value_to_bool(os.environ.get('CSRF_USE_SESSIONS', 1))
 SESSION_COOKIE_SECURE = custom.value_to_bool(os.environ.get('SESSION_COOKIE_SECURE', 0))
 SECURE_CONTENT_TYPE_NOSNIFF = custom.value_to_bool(os.environ.get('SECURE_CONTENT_TYPE_NOSNIFF', 0))
 SECURE_BROWSER_XSS_FILTER = custom.value_to_bool(os.environ.get('SECURE_BROWSER_XSS_FILTER', 0))