diff --git a/setup.sh b/setup.sh
index 3bee6a6..8fd69c3 100644
--- a/setup.sh
+++ b/setup.sh
@@ -163,25 +163,26 @@ EOL
 
 # app.py (the main app)
 cat <<'PYTHON_END' > app.py
-# Standards
+# Standard library imports
 import atexit
 import csv
 import io
-import locale
+import locale # Note: locale was in your imports but not standard for typical web apps unless specific use.
 import logging
 import os
 import random
 import re
 import secrets
-import sqlite3
+import sqlite3 # Note: direct sqlite3 import is unusual if you're using SQLAlchemy for all DB ops.
 import time
 import traceback
 from datetime import datetime, timedelta
 from functools import wraps
-from io import BytesIO
-from time import sleep
+from io import BytesIO # Note: io.BytesIO is good, no need for direct BytesIO import if io is already imported.
+from time import sleep # Note: time.sleep is fine, no need for direct 'sleep' import if 'time' is imported.
 from urllib.parse import urlparse
 from zoneinfo import ZoneInfo
+import warnings 
 
 # 3rd-Provider-Modules
 import pytz
@@ -254,6 +255,7 @@ def enable_foreign_keys(dbapi_connection, connection_record):
         cursor.execute("PRAGMA foreign_keys=ON;")
         cursor.close()
 
+ITAD_API_KEY_PLACEHOLDER = "your_api_key_here"
 TZ = os.getenv('TZ', 'UTC')
 os.environ['TZ'] = TZ
 app = Flask(__name__)
@@ -346,6 +348,7 @@ app.config.update(
     SESSION_COOKIE_SAMESITE = 'Lax',
     PERMANENT_SESSION_LIFETIME = timedelta(days=30),
 
+
     # LOGIN COOKIE STUFF
     REMEMBER_COOKIE_DURATION=timedelta(days=30),
     REMEMBER_COOKIE_HTTPONLY=True,
@@ -618,7 +621,8 @@ def parse_steam_release_date(date_str):
 
 def fetch_itad_slug(steam_appid: int) -> str | None:
     api_key = os.getenv("ITAD_API_KEY")
-    if not api_key:
+    if not api_key or api_key.strip() == "your-secret-key-here":
+        app.logger.warning("ITAD-API-Key ist nicht gesetzt oder ist ein Platzhalter.")
         return None
     try:
         response = requests.get(
@@ -635,8 +639,8 @@ def fetch_itad_slug(steam_appid: int) -> str | None:
 
 def fetch_itad_game_id(steam_appid: int) -> str | None:
     api_key = os.getenv("ITAD_API_KEY")
-    if not api_key:
-        app.logger.error("ITAD_API_KEY nicht gesetzt")
+    if not api_key or api_key.strip() == "your-secret-key-here":
+        app.logger.warning("ITAD-API-Key ist nicht gesetzt oder ist ein Platzhalter.")
         return None
 
     try:
@@ -655,11 +659,12 @@ def fetch_itad_game_id(steam_appid: int) -> str | None:
         app.logger.error(f"ITAD Error: {str(e)}")
         return None
 
-
 def fetch_itad_prices(game_id: str) -> dict | None:
     api_key = os.getenv("ITAD_API_KEY")
     country = os.getenv("ITAD_COUNTRY", "DE")
-    if not api_key:
+
+    if not api_key or api_key.strip() == "your-secret-key-here":
+        app.logger.warning("ITAD-API-Key ist nicht gesetzt oder ist ein Platzhalter.")
         return None
 
     try:
@@ -677,7 +682,7 @@ def fetch_itad_prices(game_id: str) -> dict | None:
         )
         response.raise_for_status()
         return response.json()[0]
-    
+
     except Exception as e:
         app.logger.error(f"ITAD-Preisabfrage fehlgeschlagen: {str(e)}")
         return None
@@ -1770,7 +1775,7 @@ cat <<HTML_END > templates/login.html
 {% block content %}
 <div class="row justify-content-center">
   <div class="col-md-6 col-lg-4">
-    <h1 class="mb-4">{{ _('Login') }}</h1>
+    <h1 class="mb-4 text-center">{{ _('Login') }}</h1>
     <form method="POST" aria-label="{{ _('Login form') }}" autocomplete="on">
       <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
       <div class="mb-3">
@@ -1794,23 +1799,29 @@ cat <<HTML_END > templates/login.html
                autocomplete="current-password"
                aria-required="true">
       </div>
-      {% if error %}
+      <div class="mb-3 form-check">
+        <input type="checkbox" class="form-check-input" id="remember_me" name="remember_me" value="true">
+        <label class="form-check-label" for="remember_me">{{ _('Remember me') }}</label>
+      </div>
+      {# Flash messages are handled in base.html, so the specific error block here can be removed #}
+      {# {% if error %}
       <div class="alert alert-danger" role="alert">
         {{ error }}
       </div>
-      {% endif %}
-      <button type="submit" class="btn btn-primary w-100">{{ _('Login') }}</button>
+      {% endif %} #}
+
+      <button type="submit" class="btn btn-primary w-100 mb-3">{{ _('Login') }}</button>
     </form>
+
+    {% if config.REGISTRATION_ENABLED %}
     <div class="mt-3 text-center">
-      {% if config['REGISTRATION_ENABLED'] %}
-        <a href="{{ url_for('register') }}">{{ _('No account? Register here!') }}</a>
-      {% endif %}
+      <a href="{{ url_for('register') }}">{{ _('No account? Register here!') }}</a>
     </div>
+    {% endif %}
   </div>
 </div>
 {% endblock %}
 
-
 HTML_END
 
 # Register Template