diff --git a/index.php b/index.php
index 07a96e82..c110dc5f 100644
--- a/index.php
+++ b/index.php
@@ -22,6 +22,7 @@ require './lib/init.php';
 use Froxlor\Database\Database;
 use Froxlor\Settings;
 use Froxlor\FroxlorLogger;
+use Froxlor\UI\Panel\UI;
 
 if ($action == '') {
 	$action = 'login';
@@ -32,14 +33,14 @@ if (session_status() == PHP_SESSION_NONE) {
 	ini_set("url_rewriter.tags", "");
 	ini_set("session.use_cookies", false);
 	ini_set("session.cookie_httponly", true);
-	ini_set("session.cookie_secure", $is_ssl);
+	ini_set("session.cookie_secure", UI::$SSL_REQ);
 	session_id('login');
 	session_start();
 }
 
 if ($action == '2fa_entercode') {
 	// page for entering the 2FA code after successful login
-	if (! isset($_SESSION) || ! isset($_SESSION['secret_2fa'])) {
+	if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
 		// no session - redirect to index
 		\Froxlor\UI\Response::redirectTo('index.php');
 		exit();
@@ -48,7 +49,7 @@ if ($action == '2fa_entercode') {
 	eval("echo \"" . \Froxlor\UI\Template::getTemplate('2fa/entercode', true) . "\";");
 } elseif ($action == '2fa_verify') {
 	// verify code from 2fa code-enter form
-	if (! isset($_SESSION) || ! isset($_SESSION['secret_2fa'])) {
+	if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
 		// no session - redirect to index
 		\Froxlor\UI\Response::redirectTo('index.php');
 		exit();
@@ -89,7 +90,7 @@ if ($action == '2fa_entercode') {
 		$userinfo['userid'] = $uid;
 
 		// if not successful somehow - start again
-		if (! finishLogin($userinfo)) {
+		if (!finishLogin($userinfo)) {
 			\Froxlor\UI\Response::redirectTo('index.php', array(
 				'showmessage' => '2'
 			));
@@ -173,7 +174,7 @@ if ($action == '2fa_entercode') {
 					"loginname" => $loginname
 				));
 				$row = $stmt->fetch(PDO::FETCH_ASSOC);
-				if (! isset($row['admin'])) {
+				if (!isset($row['admin'])) {
 					// not an admin who can see updates
 					\Froxlor\UI\Response::redirectTo('index.php');
 					exit();
@@ -230,8 +231,8 @@ if ($action == '2fa_entercode') {
 				// login correct
 				// reset loginfail_counter, set lastlogin_succ
 				$stmt = Database::prepare("UPDATE $table
-		              SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
-		              WHERE `$uid`= :uid");
+					  SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
+					  WHERE `$uid`= :uid");
 				Database::pexecute($stmt, array(
 					"lastlogin_succ" => time(),
 					"uid" => $userinfo[$uid]
@@ -323,7 +324,7 @@ if ($action == '2fa_entercode') {
 			exit();
 		}
 
-		if (! finishLogin($userinfo)) {
+		if (!finishLogin($userinfo)) {
 			\Froxlor\UI\Response::redirectTo('index.php', array(
 				'showmessage' => '2'
 			));
@@ -369,9 +370,9 @@ if ($action == '2fa_entercode') {
 				break;
 		}
 
-		$update_in_progress = '';
+		$update_in_progress = false;
 		if (\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) {
-			$update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin'];
+			$update_in_progress = true;
 		}
 
 		// Pass the last used page if needed
@@ -381,7 +382,7 @@ if ($action == '2fa_entercode') {
 			$lastscript = str_replace("..", "", $lastscript);
 			$lastscript = htmlspecialchars($lastscript, ENT_QUOTES);
 
-			if (! file_exists(__DIR__ . "/" . $lastscript)) {
+			if (!file_exists(__DIR__ . "/" . $lastscript)) {
 				$lastscript = "";
 			}
 		}
@@ -390,7 +391,15 @@ if ($action == '2fa_entercode') {
 			$lastqrystr = htmlspecialchars($_REQUEST['qrystr'], ENT_QUOTES);
 		}
 
-		eval("echo \"" . \Froxlor\UI\Template::getTemplate('login') . "\";");
+		UI::TwigBuffer('login/login.html.twig', [
+			'pagetitle' => 'Login',
+			'lastscript' => $lastscript,
+			'lastqrystr' => $lastqrystr,
+			'upd_in_progress' => $update_in_progress,
+			'message' => $message,
+			'successmsg' => $successmessage
+		]);
+		UI::TwigOutputBuffer();
 	}
 }
 
@@ -441,7 +450,7 @@ if ($action == 'forgotpwd') {
 					// build a activation code
 					$timestamp = time();
 					$first = substr(md5($user['loginname'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), 0, 15);
-					$third = substr(md5($user['email'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), - 15);
+					$third = substr(md5($user['email'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), -15);
 					$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
 
 					// Drop all existing activation codes for this user
@@ -683,7 +692,7 @@ function finishLogin($userinfo)
 			$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');
 			if ($language == 'profile') {
 				$language = $userinfo['def_language'];
-			} elseif (! isset($languages[$language])) {
+			} elseif (!isset($languages[$language])) {
 				$language = Settings::Get('panel.standardlanguage');
 			}
 		} else {
diff --git a/lib/Froxlor/UI/Panel/UI.php b/lib/Froxlor/UI/Panel/UI.php
index e66475c4..37296458 100644
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -37,6 +37,8 @@ class UI
 
 	private static $install_mode = false;
 
+	public static $SSL_REQ = false;
+
 	/**
 	 * send various security related headers
 	 */
@@ -80,6 +82,7 @@ class UI
 		 * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
 		 */
 		if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+			self::$SSL_REQ = true;
 			$maxage = \Froxlor\Settings::Get('system.hsts_maxage');
 			if (empty($maxage)) {
 				$maxage = 0;
diff --git a/lib/init.php b/lib/init.php
index fa01bb8d..61eea5c2 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -294,6 +294,8 @@ if ($language != 'English') {
 // last but not least include language references file
 include_once \Froxlor\FileDir::makeSecurePath('lng/lng_references.php');
 
+UI::setLng($lng);
+
 // Initialize our new link - class
 $linker = new \Froxlor\UI\Linker('index.php', $s);
 
@@ -317,15 +319,14 @@ if (preg_match("/([a-z0-9\.\-]+)_([a-z0-9\.\-]+)/i", $theme, $matches)) {
 }
 
 // check for existence of the theme
-if (!file_exists('templates/' . $theme . '/config.json')) {
-	// Fallback
-	$theme = $_deftheme;
+if (@file_exists('templates/' . $theme . '/config.json')) {
+	$_themeoptions = json_decode(file_get_contents('templates/' . $theme . '/config.json'), true);
+} else {
+	$_themeoptions = null;
 }
 
-$_themeoptions = json_decode(file_get_contents('templates/' . $theme . '/config.json'), true);
-
 // check for existence of variant in theme
-if (!array_key_exists('variants', $_themeoptions) || !array_key_exists($themevariant, $_themeoptions['variants'])) {
+if (is_array($_themeoptions) && (!array_key_exists('variants', $_themeoptions) || !array_key_exists($themevariant, $_themeoptions['variants']))) {
 	$themevariant = "default";
 }
 
@@ -425,7 +426,7 @@ if (AREA == 'admin' || AREA == 'customer') {
 }
 
 $js = "";
-if (array_key_exists('js', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['js'])) {
+if (is_array($_themeoptions) && array_key_exists('js', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['js'])) {
 	foreach ($_themeoptions['variants'][$themevariant]['js'] as $jsfile) {
 		if (file_exists('templates/' . $theme . '/assets/js/' . $jsfile)) {
 			$js .= '<script type="text/javascript" src="templates/' . $theme . '/assets/js/' . $jsfile . '"></script>' . "\n";
@@ -434,7 +435,7 @@ if (array_key_exists('js', $_themeoptions['variants'][$themevariant]) && is_arra
 }
 
 $css = "";
-if (array_key_exists('css', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['css'])) {
+if (is_array($_themeoptions) && array_key_exists('css', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['css'])) {
 	foreach ($_themeoptions['variants'][$themevariant]['css'] as $cssfile) {
 		if (file_exists('templates/' . $theme . '/assets/css/' . $cssfile)) {
 			$css .= '<link href="templates/' . $theme . '/assets/css/' . $cssfile . '" rel="stylesheet" type="text/css" />' . "\n";
diff --git a/templates/Froxlor/config.json b/templates/Froxlor/config.json
new file mode 100644
index 00000000..ddd80c12
--- /dev/null
+++ b/templates/Froxlor/config.json
@@ -0,0 +1,28 @@
+{
+	"variants": {
+		"default": {
+			"css": [
+				"main.css",
+				"custom.css"
+			],
+			"js": [
+				"main.js",
+				"apikey.js"
+			],
+			"description": "Default"
+		},
+		"dark": {
+			"css": [
+				"main.css",
+				"dark.css",
+                "custom.css"
+			],
+			"js": [
+				"main.js",
+				"apikey.js"
+			],
+			"description": "Darkmode"
+		}
+	},
+	"author": "Froxlor"
+}
diff --git a/templates/Froxlor/login/login.html.twig b/templates/Froxlor/login/login.html.twig
new file mode 100644
index 00000000..651cc048
--- /dev/null
+++ b/templates/Froxlor/login/login.html.twig
@@ -0,0 +1,47 @@
+{% extends "Froxlor/base.html.twig" %}
+
+{% block body %}
+	<div class="container p-3 bg-light border border-top-0">
+		<img src="{{ basehref|default('') }}templates/Froxlor/assets/img/logo.png" alt="Froxlor Server Management Panel"/>
+		<section class="mt-4">
+			<h3 class="text-center mb-3">{{ pagetitle }}</h3>
+			{% if upd_in_progress %}
+				<div class="alert alert-warning" role="alert">
+					{{ lng('update.updateinprogress_onlyadmincanlogin')|raw }}
+				</div>
+			{% elseif successmsg is not empty %}
+				<div class="alert alert-success" role="alert">
+					<h4 class="alert-heading">{{ lng('success.success') }}</h4>
+					<p>{{ successmsg|raw }}</p>
+				</div>
+			{% elseif message is not empty %}
+				<div class="alert alert-danger" role="alert">
+					<h4 class="alert-heading">{{ lng('error.error') }}</h4>
+					<p>{{ message|raw }}</p>
+				</div>
+			{% endif %}
+			<form action="index.php" method="post" enctype="application/x-www-form-urlencoded">
+				<div class="row mb-3">
+					<label for="loginname" class="col-sm-4 col-form-label">{{ lng('login.username') }}</label>
+					<div class="col-sm-8">
+						<input class="form-control" type="text" name="loginname" id="loginname" value="" required/>
+					</div>
+				</div>
+				<div class="row mb-3">
+					<label for="password" class="col-sm-4 col-form-label">{{ lng('login.password') }}</label>
+					<div class="col-sm-8">
+						<input class="form-control" type="password" name="password" id="password" value="" required/>
+					</div>
+				</div>
+				<strong>language stuff noch</strong>
+				<aside class="text-end">
+					<input type="hidden" name="script" value="{{ lastscript }}" />
+					<input type="hidden" name="qrystr" value="{{ lastqrystr }}" />
+					<input type="hidden" name="send" value="send" />
+					<button class="btn btn-sm btn-primary" type="submit" name="dologin">{{ lng('login.login') }}</button>
+				</aside>
+			</form>
+			<strong>passwort vergessen stuff noch</strong>
+		</section>
+	</div>
+{% endblock %}