From 96495504631d6a4d466b93a835d7d66853e2e12b Mon Sep 17 00:00:00 2001
From: Michael Save <savetheinternet@tinyboard.org>
Date: Fri, 13 Apr 2012 02:11:41 +1000
Subject: [PATCH] start on mod interface rewrite

---
 inc/functions.php                             |    7 +-
 .../Twig/Extensions/Extension/Tinyboard.php   |    2 +-
 inc/mod-old.php                               |  287 ++
 inc/mod.php                                   |  278 +-
 inc/mod/auth.php                              |  124 +
 inc/mod/pages.php                             |  132 +
 mod-old.php                                   | 3128 ++++++++++++++++
 mod.php                                       | 3134 +----------------
 templates/index.html                          |    6 +-
 templates/login.html                          |   27 -
 templates/thread.html                         |    6 +-
 11 files changed, 3722 insertions(+), 3409 deletions(-)
 create mode 100644 inc/mod-old.php
 create mode 100644 inc/mod/auth.php
 create mode 100644 inc/mod/pages.php
 create mode 100644 mod-old.php
 delete mode 100644 templates/login.html

diff --git a/inc/functions.php b/inc/functions.php
index 66fadd5e..34084bd5 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -277,10 +277,13 @@ function setupBoard($array) {
 	
 	$board = array(
 		'uri' => $array['uri'],
-		'name' => $array['title'],
-		'title' => $array['subtitle']
+		'title' => $array['title'],
+		'subtitle' => $array['subtitle']
 	);
 	
+	// older versions
+	$board['name'] = &$board['title'];
+	
 	$board['dir'] = sprintf($config['board_path'], $board['uri']);
 	$board['url'] = sprintf($config['board_abbreviation'], $board['uri']);
 	
diff --git a/inc/lib/Twig/Extensions/Extension/Tinyboard.php b/inc/lib/Twig/Extensions/Extension/Tinyboard.php
index 7e2149e5..cbb2e752 100644
--- a/inc/lib/Twig/Extensions/Extension/Tinyboard.php
+++ b/inc/lib/Twig/Extensions/Extension/Tinyboard.php
@@ -64,7 +64,7 @@ function twig_date_filter($date, $format) {
 	return strftime($format, $date);
 }
 
-function twig_hasPermission_filter($mod, $permission, $board) {
+function twig_hasPermission_filter($mod, $permission, $board = false) {
 	return hasPermission($permission, $board, $mod);
 }
 
diff --git a/inc/mod-old.php b/inc/mod-old.php
new file mode 100644
index 00000000..9065bb82
--- /dev/null
+++ b/inc/mod-old.php
@@ -0,0 +1,287 @@
+<?php
+
+/*
+ *  Copyright (c) 2010-2012 Tinyboard Development Group
+ */
+
+if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
+	// You cannot request this file directly.
+	exit;
+}
+
+// create a hash/salt pair for validate logins
+function mkhash($username, $password, $salt = false) {
+	global $config;
+	
+	if (!$salt) {
+		// create some sort of salt for the hash
+		$salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15);
+		
+		$generated_salt = true;
+	}
+	
+	// generate hash (method is not important as long as it's strong)
+	$hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
+	
+	if (isset($generated_salt))
+		return Array($hash, $salt);
+	else
+		return $hash;
+}
+
+function login($username, $password, $makehash=true) {
+	global $mod;
+	
+	// SHA1 password
+	if ($makehash) {
+		$password = sha1($password);
+	}
+	
+	$query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
+	$query->bindValue(':username', $username);
+	$query->bindValue(':password', $password);
+	$query->execute() or error(db_error($query));
+	
+	if ($user = $query->fetch()) {
+		return $mod = Array(
+			'id' => $user['id'],
+			'type' => $user['type'],
+			'username' => $username,
+			'hash' => mkhash($username, $password),
+			'boards' => explode(',', $user['boards'])
+			);
+	} else return false;
+}
+
+function setCookies() {
+	global $mod, $config;
+	if (!$mod)
+		error('setCookies() was called for a non-moderator!');
+	
+	setcookie($config['cookies']['mod'],
+			$mod['username'] . // username
+			':' . 
+			$mod['hash'][0] . // password
+			':' .
+			$mod['hash'][1], // salt
+		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
+}
+
+function destroyCookies() {
+	global $config;
+	// Delete the cookies
+	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true);
+}
+
+function create_pm_header() {
+	global $mod;
+	$query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1");
+	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+	$query->execute() or error(db_error($query));
+	
+	if ($pm = $query->fetch()) {
+		return Array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
+	}
+	
+	return false;
+}
+
+function modLog($action, $_board=null) {
+	global $mod, $board, $config;
+	$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)");
+	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+	$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+	$query->bindValue(':time', time(), PDO::PARAM_INT);
+	$query->bindValue(':text', $action);
+	if (isset($_board))
+		$query->bindValue(':board', $_board);
+	elseif (isset($board))
+		$query->bindValue(':board', $board['uri']);
+	else
+		$query->bindValue(':board', null, PDO::PARAM_NULL);
+	$query->execute() or error(db_error($query));
+	
+	if ($config['syslog'])
+		_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
+}
+
+// Generates a <ul> element with a list of linked
+// boards and their subtitles. (without the <ul> opening and ending tags)
+function ulBoards() {
+	global $mod, $config;
+	
+	$body = '';
+	
+	// List of boards
+	$boards = listBoards();
+	
+	foreach ($boards as &$b) {
+		$body .= '<li>' . 
+			'<a href="?/' .
+					sprintf($config['board_path'], $b['uri']) . $config['file_index'] .
+					'">' .
+				sprintf($config['board_abbreviation'], $b['uri']) .
+				'</a> - ' .
+				$b['title'] .
+				(isset($b['subtitle']) ? '<span class="unimportant"> — ' . $b['subtitle'] . '</span>' : '') . 
+					($mod['type'] >= $config['mod']['manageboards'] ?
+						' <a href="?/' . $b['uri'] . '/edit" class="unimportant">[manage]</a>' : '') .
+			'</li>';
+	}
+	
+	if ($mod['type'] >= $config['mod']['newboard']) {
+		$body .= '<li style="margin-top:15px;"><a href="?/new"><strong>' . _('Create new board') . '</strong></a></li>';
+	}
+	return $body;
+}
+
+function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false, $allow_public = false) {
+	global $config, $mod;
+	
+	$boards = listBoards();
+	$__boards = '<li><input type="radio" checked="checked" name="board" id="board_*" value=""/> <label style="display:inline" for="board_*"><em>' . _('all boards') . '</em></label></li>';
+	foreach ($boards as &$_board) {
+		$__boards .= '<li>' .
+					'<input type="radio" name="board" id="board_' . $_board['uri'] . '" value="' . $_board['uri'] . '">' .
+					'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
+						($_board['uri'] == '*' ?
+							'<em>"*"</em>'
+						:
+							sprintf($config['board_abbreviation'], $_board['uri'])
+						) .
+						' - ' . $_board['title'] .
+					'</label>' .
+					'</li>';
+	}
+	
+	return '<fieldset><legend>New ban</legend>' . 
+				'<form action="?/ban" method="post">' . 
+					($continue ? '<input type="hidden" name="continue" value="' . htmlentities($continue) . '" />' : '') .
+					($delete || $allow_public ? '<input type="hidden" name="' . (!$allow_public ? 'delete' : 'post') . '" value="' . htmlentities($delete) . '" />' : '') .
+					($board ? '<input type="hidden" name="board" value="' . htmlentities($board) . '" />' : '') .
+					'<table>' .
+					'<tr>' . 
+						'<th><label for="ip">IP ' .
+							($config['ban_cidr'] ? '<span class="unimportant">(or subnet)' : '') .
+						'</span></label></th>' .
+						'<td><input type="text" name="ip" id="ip" size="30" maxlength="30" ' . 
+							(isset($ip) ?
+								'value="' . htmlentities($ip) . '" ' : ''
+							) .
+						'/></td>' .
+					'</tr>' . 
+					'<tr>' . 
+						'<th><label for="reason">Reason</label></th>' .
+						'<td><textarea name="reason" id="reason" rows="5" cols="30">' .
+							htmlentities($reason) .
+						'</textarea></td>' .
+					'</tr>' . 
+					($mod['type'] >= $config['mod']['public_ban'] && $allow_public ?
+						'<tr>' . 
+							'<th><label for="message">Message</label></th>' .
+							'<td><input type="checkbox" id="public_message" name="public_message"/>' .
+							' <input type="text" name="message" id="message" size="35" maxlength="200" value="' . htmlentities($config['mod']['default_ban_message']) . '" />' .
+							' <span class="unimportant">(public; attached to post)</span></td>' .
+								'<script type="text/javascript">' . 
+									'document.getElementById(\'message\').disabled = true;' .
+									'document.getElementById(\'public_message\').onchange = function() {' . 
+										'document.getElementById(\'message\').disabled = !this.checked;' .
+									'}' . 
+									
+								'</script>' .
+						'</tr>'
+					: '') .
+					'<tr>' . 
+						'<th><label for="length">Length</label></th>' .
+						'<td><input type="text" name="length" id="length" size="20" maxlength="40" />' .
+						' <span class="unimportant">(eg. "2d1h30m" or "2 days")</span></td>' .
+					'</tr>' . 
+					
+					'<tr>' . 
+						'<th>Board</th>' .
+						'<td><ul style="list-style:none;padding:2px 5px">' . $__boards . '</tl></td>' .
+					'</tr>' . 
+					
+					'<tr>' . 
+						'<td></td>' . 
+						'<td><input name="new_ban" type="submit" value="New Ban" /></td>' . 
+					'</tr>' . 
+					'</table>' .
+				'</form>' .
+			'</fieldset>';
+}
+
+function form_newBoard() {
+	return '<fieldset><legend>New board</legend>' . 
+				'<form action="?/new" method="post">' . 
+					'<table>' .
+					'<tr>' . 
+						'<th><label for="board">URI</label></th>' .
+						'<td><input type="text" name="uri" id="board" size="10" />' .
+						' <span class="unimportant">(eg. "b"; "mu")</span></td>' .
+					'</tr>' . 
+					'<tr>' . 
+						'<th><label for="title">Title</label></th>' .
+						'<td><input type="text" name="title" id="title" size="25" />' .
+						' <span class="unimportant">(eg. "Random")</span></td>' .
+					'</tr>' . 
+					'<tr>' . 
+						'<th><label for="subtitle">Subtitle</label></th>' .
+						'<td><input type="text" name="subtitle" id="subtitle" size="25" />' .
+						' <span class="unimportant">(optional)</span></td>' .
+					'</tr>' . 
+					'<tr>' . 
+						'<td></td>' . 
+						'<td><input name="new_board" type="submit" value="New Board" /></td>' . 
+					'</tr>' . 
+					'</table>' .
+				'</form>' .
+			'</fieldset>';
+}
+
+
+function removeBan($id) {
+	global $config, $memcached;
+	
+	$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
+	$query->bindValue(':id', $id, PDO::PARAM_INT);
+	$query->execute() or error(db_error($query));
+	
+	//if ($config['memcached']['enabled']) {
+		// Remove cached ban
+		// TODO
+	//	$memcached->delete("ban_{$id}");
+	//}
+}
+
+
+// Validate session
+
+if (isset($_COOKIE[$config['cookies']['mod']])) {
+	// Should be username:hash:salt
+	$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
+	if (count($cookie) != 3) {
+		destroyCookies();
+		error($config['error']['malformed']);
+	}
+	
+	$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1");
+	$query->bindValue(':username', $cookie[0]);
+	$query->execute() or error(db_error($query));
+	$user = $query->fetch();
+	
+	// validate password hash
+	if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
+		// Malformed cookies
+		destroyCookies();
+		error($config['error']['malformed']);
+	}
+	
+	$mod = Array(
+		'id' => $user['id'],
+		'type' => $user['type'],
+		'username' => $cookie[0],
+		'boards' => explode(',', $user['boards'])
+	);
+}
+
diff --git a/inc/mod.php b/inc/mod.php
index 9065bb82..7b95d05d 100644
--- a/inc/mod.php
+++ b/inc/mod.php
@@ -4,284 +4,12 @@
  *  Copyright (c) 2010-2012 Tinyboard Development Group
  */
 
+// WARNING: Including this file is DEPRECIATED. It's only here to support older versions and won't exist forever.
+
 if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
 	// You cannot request this file directly.
 	exit;
 }
 
-// create a hash/salt pair for validate logins
-function mkhash($username, $password, $salt = false) {
-	global $config;
-	
-	if (!$salt) {
-		// create some sort of salt for the hash
-		$salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15);
-		
-		$generated_salt = true;
-	}
-	
-	// generate hash (method is not important as long as it's strong)
-	$hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
-	
-	if (isset($generated_salt))
-		return Array($hash, $salt);
-	else
-		return $hash;
-}
-
-function login($username, $password, $makehash=true) {
-	global $mod;
-	
-	// SHA1 password
-	if ($makehash) {
-		$password = sha1($password);
-	}
-	
-	$query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
-	$query->bindValue(':username', $username);
-	$query->bindValue(':password', $password);
-	$query->execute() or error(db_error($query));
-	
-	if ($user = $query->fetch()) {
-		return $mod = Array(
-			'id' => $user['id'],
-			'type' => $user['type'],
-			'username' => $username,
-			'hash' => mkhash($username, $password),
-			'boards' => explode(',', $user['boards'])
-			);
-	} else return false;
-}
-
-function setCookies() {
-	global $mod, $config;
-	if (!$mod)
-		error('setCookies() was called for a non-moderator!');
-	
-	setcookie($config['cookies']['mod'],
-			$mod['username'] . // username
-			':' . 
-			$mod['hash'][0] . // password
-			':' .
-			$mod['hash'][1], // salt
-		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
-}
-
-function destroyCookies() {
-	global $config;
-	// Delete the cookies
-	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true);
-}
-
-function create_pm_header() {
-	global $mod;
-	$query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1");
-	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
-	$query->execute() or error(db_error($query));
-	
-	if ($pm = $query->fetch()) {
-		return Array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
-	}
-	
-	return false;
-}
-
-function modLog($action, $_board=null) {
-	global $mod, $board, $config;
-	$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)");
-	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
-	$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
-	$query->bindValue(':time', time(), PDO::PARAM_INT);
-	$query->bindValue(':text', $action);
-	if (isset($_board))
-		$query->bindValue(':board', $_board);
-	elseif (isset($board))
-		$query->bindValue(':board', $board['uri']);
-	else
-		$query->bindValue(':board', null, PDO::PARAM_NULL);
-	$query->execute() or error(db_error($query));
-	
-	if ($config['syslog'])
-		_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
-}
-
-// Generates a <ul> element with a list of linked
-// boards and their subtitles. (without the <ul> opening and ending tags)
-function ulBoards() {
-	global $mod, $config;
-	
-	$body = '';
-	
-	// List of boards
-	$boards = listBoards();
-	
-	foreach ($boards as &$b) {
-		$body .= '<li>' . 
-			'<a href="?/' .
-					sprintf($config['board_path'], $b['uri']) . $config['file_index'] .
-					'">' .
-				sprintf($config['board_abbreviation'], $b['uri']) .
-				'</a> - ' .
-				$b['title'] .
-				(isset($b['subtitle']) ? '<span class="unimportant"> — ' . $b['subtitle'] . '</span>' : '') . 
-					($mod['type'] >= $config['mod']['manageboards'] ?
-						' <a href="?/' . $b['uri'] . '/edit" class="unimportant">[manage]</a>' : '') .
-			'</li>';
-	}
-	
-	if ($mod['type'] >= $config['mod']['newboard']) {
-		$body .= '<li style="margin-top:15px;"><a href="?/new"><strong>' . _('Create new board') . '</strong></a></li>';
-	}
-	return $body;
-}
-
-function form_newBan($ip=null, $reason='', $continue=false, $delete=false, $board=false, $allow_public = false) {
-	global $config, $mod;
-	
-	$boards = listBoards();
-	$__boards = '<li><input type="radio" checked="checked" name="board" id="board_*" value=""/> <label style="display:inline" for="board_*"><em>' . _('all boards') . '</em></label></li>';
-	foreach ($boards as &$_board) {
-		$__boards .= '<li>' .
-					'<input type="radio" name="board" id="board_' . $_board['uri'] . '" value="' . $_board['uri'] . '">' .
-					'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
-						($_board['uri'] == '*' ?
-							'<em>"*"</em>'
-						:
-							sprintf($config['board_abbreviation'], $_board['uri'])
-						) .
-						' - ' . $_board['title'] .
-					'</label>' .
-					'</li>';
-	}
-	
-	return '<fieldset><legend>New ban</legend>' . 
-				'<form action="?/ban" method="post">' . 
-					($continue ? '<input type="hidden" name="continue" value="' . htmlentities($continue) . '" />' : '') .
-					($delete || $allow_public ? '<input type="hidden" name="' . (!$allow_public ? 'delete' : 'post') . '" value="' . htmlentities($delete) . '" />' : '') .
-					($board ? '<input type="hidden" name="board" value="' . htmlentities($board) . '" />' : '') .
-					'<table>' .
-					'<tr>' . 
-						'<th><label for="ip">IP ' .
-							($config['ban_cidr'] ? '<span class="unimportant">(or subnet)' : '') .
-						'</span></label></th>' .
-						'<td><input type="text" name="ip" id="ip" size="30" maxlength="30" ' . 
-							(isset($ip) ?
-								'value="' . htmlentities($ip) . '" ' : ''
-							) .
-						'/></td>' .
-					'</tr>' . 
-					'<tr>' . 
-						'<th><label for="reason">Reason</label></th>' .
-						'<td><textarea name="reason" id="reason" rows="5" cols="30">' .
-							htmlentities($reason) .
-						'</textarea></td>' .
-					'</tr>' . 
-					($mod['type'] >= $config['mod']['public_ban'] && $allow_public ?
-						'<tr>' . 
-							'<th><label for="message">Message</label></th>' .
-							'<td><input type="checkbox" id="public_message" name="public_message"/>' .
-							' <input type="text" name="message" id="message" size="35" maxlength="200" value="' . htmlentities($config['mod']['default_ban_message']) . '" />' .
-							' <span class="unimportant">(public; attached to post)</span></td>' .
-								'<script type="text/javascript">' . 
-									'document.getElementById(\'message\').disabled = true;' .
-									'document.getElementById(\'public_message\').onchange = function() {' . 
-										'document.getElementById(\'message\').disabled = !this.checked;' .
-									'}' . 
-									
-								'</script>' .
-						'</tr>'
-					: '') .
-					'<tr>' . 
-						'<th><label for="length">Length</label></th>' .
-						'<td><input type="text" name="length" id="length" size="20" maxlength="40" />' .
-						' <span class="unimportant">(eg. "2d1h30m" or "2 days")</span></td>' .
-					'</tr>' . 
-					
-					'<tr>' . 
-						'<th>Board</th>' .
-						'<td><ul style="list-style:none;padding:2px 5px">' . $__boards . '</tl></td>' .
-					'</tr>' . 
-					
-					'<tr>' . 
-						'<td></td>' . 
-						'<td><input name="new_ban" type="submit" value="New Ban" /></td>' . 
-					'</tr>' . 
-					'</table>' .
-				'</form>' .
-			'</fieldset>';
-}
-
-function form_newBoard() {
-	return '<fieldset><legend>New board</legend>' . 
-				'<form action="?/new" method="post">' . 
-					'<table>' .
-					'<tr>' . 
-						'<th><label for="board">URI</label></th>' .
-						'<td><input type="text" name="uri" id="board" size="10" />' .
-						' <span class="unimportant">(eg. "b"; "mu")</span></td>' .
-					'</tr>' . 
-					'<tr>' . 
-						'<th><label for="title">Title</label></th>' .
-						'<td><input type="text" name="title" id="title" size="25" />' .
-						' <span class="unimportant">(eg. "Random")</span></td>' .
-					'</tr>' . 
-					'<tr>' . 
-						'<th><label for="subtitle">Subtitle</label></th>' .
-						'<td><input type="text" name="subtitle" id="subtitle" size="25" />' .
-						' <span class="unimportant">(optional)</span></td>' .
-					'</tr>' . 
-					'<tr>' . 
-						'<td></td>' . 
-						'<td><input name="new_board" type="submit" value="New Board" /></td>' . 
-					'</tr>' . 
-					'</table>' .
-				'</form>' .
-			'</fieldset>';
-}
-
-
-function removeBan($id) {
-	global $config, $memcached;
-	
-	$query = prepare("DELETE FROM `bans` WHERE `id` = :id");
-	$query->bindValue(':id', $id, PDO::PARAM_INT);
-	$query->execute() or error(db_error($query));
-	
-	//if ($config['memcached']['enabled']) {
-		// Remove cached ban
-		// TODO
-	//	$memcached->delete("ban_{$id}");
-	//}
-}
-
-
-// Validate session
-
-if (isset($_COOKIE[$config['cookies']['mod']])) {
-	// Should be username:hash:salt
-	$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
-	if (count($cookie) != 3) {
-		destroyCookies();
-		error($config['error']['malformed']);
-	}
-	
-	$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1");
-	$query->bindValue(':username', $cookie[0]);
-	$query->execute() or error(db_error($query));
-	$user = $query->fetch();
-	
-	// validate password hash
-	if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
-		// Malformed cookies
-		destroyCookies();
-		error($config['error']['malformed']);
-	}
-	
-	$mod = Array(
-		'id' => $user['id'],
-		'type' => $user['type'],
-		'username' => $cookie[0],
-		'boards' => explode(',', $user['boards'])
-	);
-}
+require 'inc/mod/auth.php';
 
diff --git a/inc/mod/auth.php b/inc/mod/auth.php
new file mode 100644
index 00000000..2e90b757
--- /dev/null
+++ b/inc/mod/auth.php
@@ -0,0 +1,124 @@
+<?php
+
+/*
+ *  Copyright (c) 2010-2012 Tinyboard Development Group
+ */
+
+if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
+	// You cannot request this file directly.
+	exit;
+}
+
+// create a hash/salt pair for validate logins
+function mkhash($username, $password, $salt = false) {
+	global $config;
+	
+	if (!$salt) {
+		// create some sort of salt for the hash
+		$salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15);
+		
+		$generated_salt = true;
+	}
+	
+	// generate hash (method is not important as long as it's strong)
+	$hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
+	
+	if (isset($generated_salt))
+		return Array($hash, $salt);
+	else
+		return $hash;
+}
+
+function login($username, $password, $makehash=true) {
+	global $mod;
+	
+	// SHA1 password
+	if ($makehash) {
+		$password = sha1($password);
+	}
+	
+	$query = prepare("SELECT `id`,`type`,`boards` FROM `mods` WHERE `username` = :username AND `password` = :password LIMIT 1");
+	$query->bindValue(':username', $username);
+	$query->bindValue(':password', $password);
+	$query->execute() or error(db_error($query));
+	
+	if ($user = $query->fetch()) {
+		return $mod = Array(
+			'id' => $user['id'],
+			'type' => $user['type'],
+			'username' => $username,
+			'hash' => mkhash($username, $password),
+			'boards' => explode(',', $user['boards'])
+			);
+	} else return false;
+}
+
+function setCookies() {
+	global $mod, $config;
+	if (!$mod)
+		error('setCookies() was called for a non-moderator!');
+	
+	setcookie($config['cookies']['mod'],
+			$mod['username'] . // username
+			':' . 
+			$mod['hash'][0] . // password
+			':' .
+			$mod['hash'][1], // salt
+		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
+}
+
+function destroyCookies() {
+	global $config;
+	// Delete the cookies
+	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true);
+}
+
+function modLog($action, $_board=null) {
+	global $mod, $board, $config;
+	$query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)");
+	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+	$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
+	$query->bindValue(':time', time(), PDO::PARAM_INT);
+	$query->bindValue(':text', $action);
+	if (isset($_board))
+		$query->bindValue(':board', $_board);
+	elseif (isset($board))
+		$query->bindValue(':board', $board['uri']);
+	else
+		$query->bindValue(':board', null, PDO::PARAM_NULL);
+	$query->execute() or error(db_error($query));
+	
+	if ($config['syslog'])
+		_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
+}
+
+// Validate session
+
+if (isset($_COOKIE[$config['cookies']['mod']])) {
+	// Should be username:hash:salt
+	$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
+	if (count($cookie) != 3) {
+		destroyCookies();
+		error($config['error']['malformed']);
+	}
+	
+	$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1");
+	$query->bindValue(':username', $cookie[0]);
+	$query->execute() or error(db_error($query));
+	$user = $query->fetch();
+	
+	// validate password hash
+	if ($cookie[1] != mkhash($cookie[0], $user['password'], $cookie[2])) {
+		// Malformed cookies
+		destroyCookies();
+		error($config['error']['malformed']);
+	}
+	
+	$mod = Array(
+		'id' => $user['id'],
+		'type' => $user['type'],
+		'username' => $cookie[0],
+		'boards' => explode(',', $user['boards'])
+	);
+}
+
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
new file mode 100644
index 00000000..9d154181
--- /dev/null
+++ b/inc/mod/pages.php
@@ -0,0 +1,132 @@
+<?php
+
+/*
+ *  Copyright (c) 2010-2012 Tinyboard Development Group
+ */
+
+if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
+	// You cannot request this file directly.
+	exit;
+}
+
+function mod_page($title, $template, $args) {
+	global $config, $mod;
+	
+	echo Element('page.html', array(
+		'config' => $config,
+		'mod' => $mod,
+		'title' => $title,
+		'body' => Element($template,
+				array_merge(
+					array('config' => $config, 'mod' => $mod), 
+					$args
+				)
+			)
+		)
+	);
+}
+
+function mod_login() {
+	$args = array();
+	
+	if (isset($_POST['login'])) {
+		// Check if inputs are set and not empty
+		if (!isset($_POST['username'], $_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') {
+			$args['error'] = $config['error']['invalid'];
+		} elseif (!login($_POST['username'], $_POST['password'])) {
+			if ($config['syslog'])
+				_syslog(LOG_WARNING, 'Unauthorized login attempt!');
+			
+			$args['error'] = $config['error']['invalid'];
+		} else {
+			modLog("Logged in.");
+			
+			// Login successful
+			// Set cookies
+			setCookies();
+			
+			header('Location: ?/', true, $config['redirect_http']);
+		}
+	}
+	
+	if (isset($_POST['username']))
+		$args['username'] = $_POST['username'];
+
+	mod_page('Dashboard', 'mod/login.html', $args);
+}
+
+function mod_dashboard() {
+	$args = array();
+	
+	$args['boards'] = listBoards();
+	
+	mod_page('Dashboard', 'mod/dashboard.html', $args);
+}
+
+function mod_view_board($boardName, $page_no = 1) {
+	global $config, $mod;
+	
+	if (!openBoard($boardName))
+		error($config['error']['noboard']);
+	
+	if (!$page = index($page_no, $mod)) {
+		error($config['error']['404']);
+	}
+	
+	$page['pages'] = getPages(true);
+	$page['pages'][$page_no-1]['selected'] = true;
+	$page['btn'] = getPageButtons($page['pages'], true);
+	$page['mod'] = true;
+	$page['config'] = $config;
+	echo Element('index.html', $page);
+}
+
+function mod_view_thread($boardName, $thread) {
+	global $config, $mod;
+	
+	if (!openBoard($boardName))
+		error($config['error']['noboard']);
+	
+	$page = buildThread($thread, true, $mod);
+	echo $page;
+}
+
+function mod_page_ip($ip) {
+	global $config, $mod;
+	
+	$args = array();
+	$args['ip'] = $ip;
+	$args['posts'] = array();
+	
+	$boards = listBoards();
+	foreach ($boards as $board) {
+		$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
+		$query->bindValue(':ip', $ip);
+		$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		while ($post = $query->fetch()) {
+			if (!$post['thread']) {
+				$po = new Thread(
+					$post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'],
+					$post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'],
+					$post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'],
+					$post['sage'], $post['embed'], '?/', $mod, false
+				);
+			} else {
+				$po = new Post(
+					$post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'],
+					$post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'],
+					$post['fileheight'], $post['filesize'], $post['filename'], $post['ip'],  $post['embed'], '?/', $mod
+				);
+			}
+			
+			if (!isset($args['posts'][$board['uri']]))
+				$args['posts'][$board['uri']] = array();
+			$args['posts'][$board['uri']][] = $po->build(true);
+		}
+	}
+	
+	mod_page("IP: $ip", 'mod/view_ip.html', $args);
+}
+
diff --git a/mod-old.php b/mod-old.php
new file mode 100644
index 00000000..31273e39
--- /dev/null
+++ b/mod-old.php
@@ -0,0 +1,3128 @@
+<?php
+
+/*
+ *  Copyright (c) 2010-2012 Tinyboard Development Group
+ */
+
+// WARNING: This file is currently a clusterfuck of code. I will be rewriting it very soon.
+
+require 'inc/functions.php';
+require 'inc/mod.php';
+
+if (get_magic_quotes_gpc()) {
+	function strip_array($var) {
+		return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
+	}
+	
+	$_GET = strip_array($_GET);
+	$_POST = strip_array($_POST);
+}
+
+$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
+
+// If not logged in
+if(!$mod) {
+	if(isset($_POST['login'])) {
+		// Check if inputs are set and not empty
+		if(	!isset($_POST['username']) ||
+			!isset($_POST['password']) ||
+			empty($_POST['username']) ||
+			empty($_POST['password'])
+			) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
+		
+		
+		if(!login($_POST['username'], $_POST['password'])) {
+			if($config['syslog'])
+				_syslog(LOG_WARNING, 'Unauthorized login attempt!');
+			loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
+		}
+		
+		modLog("Logged in.");
+		
+		// Login successful
+		// Set cookies
+		setCookies();
+		
+		// Redirect
+		if(isset($_POST['redirect']))
+			header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
+		else
+			header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
+	} else {
+		loginForm(false, false, '?' . $query);
+	}
+} else {
+	// Redirect (for index pages)
+	if(count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r'])) {
+		header('Location: ' . $_GET['r'], true, $_GET['status']);
+		exit;
+	}
+	
+	// A sort of "cache"
+	// Stops calling preg_quote and str_replace when not needed; only does it once
+	$regex = array(
+		'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
+		'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
+		'img' => preg_quote($config['dir']['img'], '/'),
+		'thumb' => preg_quote($config['dir']['thumb'], '/'),
+		'res' => preg_quote($config['dir']['res'], '/'),
+		'index' => preg_quote($config['file_index'], '/')
+	);
+	
+	if(preg_match('/^\/?$/', $query)) {
+		// Dashboard
+		$fieldset = array(
+			'Boards' => '',
+			'Noticeboard' => '',
+			'Administration' => '',
+			'Themes' => '',
+			'Search' => '',
+			'Update' => '',
+			'Logout' => ''
+		);
+		
+		// Boards
+		$fieldset['Boards'] .= ulBoards();
+		
+		if(hasPermission($config['mod']['noticeboard'])) {
+			if(!$config['cache']['enabled'] || !($fieldset['Noticeboard'] = cache::get('noticeboard_preview'))) {
+				$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
+				$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+			
+				$fieldset['Noticeboard'] .= '<li>';
+			
+				$_body = '';
+				while($notice = $query->fetch()) {					
+					$_body .= '<li><a href="?/noticeboard#' .
+						$notice['id'] .
+					'">' .
+					($notice['subject'] ?
+						$notice['subject']
+					:
+						'<em>' . _('no subject') . '</em>'
+					) .
+				'</a><span class="unimportant"> &mdash; by ' .
+					(isset($notice['username']) ?
+						utf8tohtml($notice['username'])
+					: '<em>???</em>') .
+				' at ' .
+					strftime($config['post_date'], $notice['time']) .
+				'</span></li>';
+				}
+				if(!empty($_body)) {
+					$fieldset['Noticeboard'] .= '<ul>' . $_body . '</ul></li><li>';
+				}
+				if($config['cache']['enabled'])
+					cache::set('noticeboard_preview', $fieldset['Noticeboard']);
+			}
+			
+			$fieldset['Noticeboard'] .= '<a href="?/noticeboard">' . _('View all entries') . '</a></li>';
+		
+			$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
+			$query->bindValue(':id', $mod['id']);
+			$query->execute() or error(db_error($query));
+			$count = $query->fetch();
+			$count = $count['count'];
+		
+			$fieldset['Noticeboard'] .= '<li><a href="?/inbox">' . _('PM Inbox') . 
+				($count > 0
+				?
+					' <strong>(' . $count . ' unread)</strong>'
+				: '') .
+			'</a></li>';
+		
+			$fieldset['Noticeboard'] .= '<li><a href="?/news">' . _('News') . '</a></li>';
+		}
+		
+		
+		if(hasPermission($config['mod']['reports'])) {
+			$fieldset['Administration'] .= 	'<li><a href="?/reports">' . _('Report queue') . '</a></li>';
+		}
+		if(hasPermission($config['mod']['view_banlist'])) {
+			$fieldset['Administration'] .= 	'<li><a href="?/bans">' . _('Ban list') . '</a></li>';
+		}
+		if(hasPermission($config['mod']['manageusers'])) {
+			$fieldset['Administration'] .= 	'<li><a href="?/users">' . _('Manage users') . '</a></li>';
+		} elseif(hasPermission($config['mod']['change_password'])) {
+			$fieldset['Administration'] .= 	'<li><a href="?/users/' . $user['id'] . '">' . _('Change own password') . '</a></li>';
+		}
+		if(hasPermission($config['mod']['modlog'])) {
+			$fieldset['Administration'] .= 	'<li><a href="?/log">' . _('Moderation log') . '</a></li>';
+		}
+		if(hasPermission($config['mod']['rebuild'])) {
+			$fieldset['Administration'] .= 	'<li><a href="?/rebuild">' . _('Rebuild static files') . '</a></li>';
+		}
+		if(hasPermission($config['mod']['rebuild']) && $config['cache']['enabled']) {
+			$fieldset['Administration'] .= 	'<li><a href="?/flush">' . _('Clear cache') . '</a></li>';
+		}
+		if(hasPermission($config['mod']['show_config'])) {
+			$fieldset['Administration'] .= 	'<li><a href="?/config">' . _('Show configuration') . '</a></li>';
+		}
+		
+		if(hasPermission($config['mod']['themes'])) {
+			$fieldset['Themes'] .= 	'<li><a href="?/themes">' . _('Manage themes') . '</a></li>';
+		}
+		
+		if(hasPermission($config['mod']['search'])) {
+			$fieldset['Search'] .= 	'<li><form style="display:inline" action="?/search" method="post">' .
+			'<label style="display:inline" for="search">' . _('Phrase:') . '</label> ' .
+				'<input id="search" name="search" type="text" size="35" />' .
+				'<input type="submit" value="' . _('Search') . '" />' .
+			'</form>' .
+				'<p class="unimportant">' . _('(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)') . '</p>' .
+			'</li>';
+		}
+		
+		if($mod['type'] >= ADMIN && $config['check_updates']) {
+			if(!$config['version'])
+				error(_('Could not find current version! (Check .installed)'));
+			if(isset($_COOKIE['update'])) {
+				$latest = unserialize($_COOKIE['update']);
+			} else {
+				$ctx = stream_context_create(array( 
+					'http' => array(
+						'timeout' => 3
+						) 
+					) 
+				);
+				
+				if($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) {
+					eval($code);
+					if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $m)) {
+						$current = array(
+							'massive' => (int)$m[1],
+							'major' => (int)$m[2],
+							'minor' => (int)$m[3]
+						);
+						if(isset($m[4])) { 
+							// Development versions are always ahead in the versioning numbers
+							$current['minor'] --;
+						}
+					}
+					// Check if it's newer
+					if(	$latest['massive'] > $current['massive'] ||
+						$latest['major'] > $current['major'] ||
+							($latest['massive'] == $current['massive'] &&
+								$latest['major'] == $current['major'] &&
+								$latest['minor'] > $current['minor']
+							)) {
+						$latest = $latest;
+					} else $latest = false;
+				} else {
+					// Couldn't get latest version
+					// TODO: Display some sort of warning message
+					$latest = false;
+				}
+				
+				
+				setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
+			}
+			
+			if($latest) {
+				$fieldset['Update'] .=
+					'<li>A newer version of Tinyboard (<strong>v' .
+						$latest['massive'] . '.' .
+						$latest['major'] . '.' . 
+						$latest['minor'] .
+					'</strong>) is available! See <a href="http://tinyboard.org">http://tinyboard.org/</a> for upgrade instructions.</li>';
+			}
+		}
+		
+		$fieldset['Logout'] .= '<li><a href="?/logout">' . _('Logout') . '</a></li>';
+		
+		// TODO: Statistics, etc, in the dashboard.
+		
+		$body = '';
+		foreach($fieldset as $title => $data) {
+			if($data)
+				$body .= '<fieldset><legend>' . _($title) . '</legend><ul>' . $data . '</ul></fieldset>';
+		}
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('Dashboard'),
+			'body'=>$body,
+			'__mod'=>true
+		));
+	} elseif(preg_match('/^\/logout$/', $query)) {
+		destroyCookies();
+		
+		header('Location: ?/', true, $config['redirect_http']);
+	} elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) {
+		$uri = &$matches[1];
+		
+		$body = '<p style="text-align:center">' .
+		'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
+			'We were unable to serve a confirmation dialog for ' .
+				'<strong>?/' . utf8tohtml($uri) . '</strong>' .
+			', probably due to Javascript being disabled.' .
+		'</p>' .
+		'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . utf8tohtml($uri) . '">Confirm</a></p>';
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'Confirm',
+			'body'=>$body,
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/upgrade$/', $query)) {
+		if($mod['type'] != ADMIN)
+			error($config['error']['noaccess']);
+		
+		if(is_dir('.git')) {
+			// use git instead
+			
+			$body = '<div class="ban"><h2>git pull</h2>';
+			$body .= '<p>' . str_replace("\n", '<br/>', shell_exec('git pull')) . '</p>';
+			$body .= '</div>';
+			echo Element('page.html', array(
+				'config' => $config,
+				'title' => 'Upgraded',
+				'body' => $body
+			));
+			exit;
+		}
+		
+		if(!extension_loaded('curl'))
+			error('You need the cURL PHP extension to do that.');
+		
+		if(!class_exists('ZipArchive'))
+			error('You need <a href="http://php.net/manual/en/class.ziparchive.php">the ZipArchive class</a> to do that.');
+		
+		if(!in_array('zip', stream_get_wrappers()))
+			error('You need the zip:// stream wrapper to do that.');
+		
+		$temp = tempnam($config['tmp'], 'tinyboard');
+		
+		$fp = fopen($temp, 'w+');
+		
+		$curl = curl_init();
+		curl_setopt($curl, CURLOPT_URL, 'https://github.com/savetheinternet/Tinyboard/zipball/master');
+		curl_setopt($curl, CURLOPT_FAILONERROR, true);
+		curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
+		curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
+		curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
+		curl_setopt($curl, CURLOPT_TIMEOUT, 45);
+		curl_setopt($curl, CURLOPT_FILE, $fp);
+		curl_setopt($curl, CURLOPT_WRITEHEADER, $header = tmpfile());
+		curl_setopt($curl, CURLOPT_HEADER, true);
+		
+		curl_exec($curl);
+		
+		if(curl_errno($curl))
+			error('Failed downloading newest revision: ' . curl_error($curl));
+		
+		curl_close($curl);
+		
+		fflush($fp);
+		fclose($fp);
+		
+		fseek($header, 0);
+		$version = false;
+		while($line = fgets($header)) {
+			if(preg_match('/^Content-Disposition: attachment; filename=savetheinternet-Tinyboard-(.+)\.zip\s?$/', $line, $m)) {
+				$version = $m[1];
+			}
+		}
+		fclose($header);
+		
+		$zip = new ZipArchive();
+		if(!$zip->open($temp))
+			error('Could not make sense of the ZIP archive.');
+		
+		$version = preg_replace('/^savetheinternet-Tinyboard-(\w+)\//', '$1', $dir = $zip->getNameIndex(0));
+		
+		$errors = array();
+		for($i = 1; $i < $zip->numFiles; $i++) {
+			$filename = str_replace($dir, '', $zip->getNameIndex($i));
+			
+			if($filename == 'inc/instance-config.php')
+				continue; // don't override config
+			
+			// are we able to write here?
+			if(!((file_exists($filename) && is_writable($filename)) || (!file_exists($filename) && is_writable(dirname($filename))))) {
+				// nope
+				$errors[] = 'Cannot write to ' . $filename . '!';
+			}
+		}
+		
+		$zip->close();
+		
+		if($errors) {
+			$body = '<div class="ban"><h2>Error(s) upgrading</h2><p>Tinyboard can not self-upgrade until the following is fixed:</p><ul>';
+			foreach($errors as $error) {
+				$body .= '<li>' . $error . '</li>';
+			}
+			$body .= '</ul><p>Please fix the above errors and refresh to try again.</p></div>';
+			
+			unlink($temp);
+			
+			echo Element('page.html', array(
+				'config' => $config,
+				'title' => 'Error(s) upgrading',
+				'body' => $body
+			));
+			exit;
+		}
+		
+		// For some reason, reading the ZIP entries in PHP doesn't seem to work very well.
+		// Use shell instead.
+		shell_exec('TEMP_DIR=$(mktemp -d); unzip -q ' . escapeshellarg($temp) . ' -d $TEMP_DIR -x "' . escapeshellarg($dir) . 'inc/instance-config.php"; mv -v $TEMP_DIR/' . escapeshellarg($dir) . '* "' . getcwd() . '"; rm -rf $TEMP_DIR');
+		
+		unlink($temp);
+		
+		echo Element('page.html', array(
+			'config' => $config,
+			'title' => 'Upgraded',
+			'body' => '<p style="text-align:center">Upgrading seems to have gone okay. You are now at revision <strong>' . $version . '</strong>.</p>'
+		));		
+	} elseif(preg_match('/^\/log(\/(\d+))?$/', $query, $match)) {
+		if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
+		
+		$page = isset($match[2]) ? $match[2] : 1;
+		
+		$boards = array();
+		$_boards = listBoards();
+		foreach($_boards as &$_b) {
+			$boards[$_b['id']] = $_b['uri'];
+		}
+		
+		$query = prepare("SELECT `mod` as `id`, `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
+		$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
+		$query->bindValue(':offset', ($page - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		if(!$query->rowCount()) {
+			$body = '<p class="unimportant" style="text-align:center">(Nothing to display.)</p>';
+		} else {
+			$body = '<table class="modlog">' . 
+				'<tr>' . 
+					'<th>' . _('User') . '</th>' . 
+					'<th>' . _('IP address') . '</th>' .
+					'<th>' . _('Ago') . '</th>' . 
+					'<th>' . _('Board') . '</th>' . 
+					'<th>' . _('Action') . '</th>' . 
+				'</tr>';
+			while($log = $query->fetch()) {
+				$log_id = 'log_' . md5($log['text']);
+				
+				if($config['cache']['enabled'] && $_log = cache::get($log_id))
+					$log['text'] = $_log;
+				else {
+				
+					$log['text'] = utf8tohtml($log['text']);
+					$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']);
+				
+					if(isset($boards[$log['board']])) {
+						if(preg_match('/post #(\d+)/', $log['text'], $match)) {
+							$post_query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $boards[$log['board']]));
+							$post_query->bindValue(':id', $match[1], PDO::PARAM_INT);
+							$post_query->execute() or error(db_error($query));
+						
+							if($post = $post_query->fetch()) {
+								$log['text'] = preg_replace('/post (#(\d+))/',
+									'post <a href="' .
+										'?/' .
+										sprintf($config['board_path'], $boards[$log['board']]) .
+										$config['dir']['res'] .
+										($post['thread'] ?
+											sprintf($config['file_page'], $post['thread']) . '#' . $match[1]
+										: sprintf($config['file_page'], $match[1])) .
+									'">$1</a>', $log['text']);
+							} else {
+								$log['text'] = preg_replace('/post (#(\d+))/', 'post <s>$1</s>', $log['text']);
+							}
+							
+							if($config['cache']['enabled'])
+								cache::set($log_id, $log['text']);
+						}
+					}
+				}
+				
+				$body .= '<tr>' .
+				'<td class="minimal">' .
+					($log['username'] ? 
+						'<a href="?/new_PM/' . $log['id'] . '">' . $log['username'] . '</a>'
+					: '<em>' . ($log['id'] < 0 ? 'system' : 'deleted?') . '</em>') .
+				'</td>' .
+				'<td class="minimal">' . ($log['id'] < 0 ? '&ndash;' : '<a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a>') . '</td>' .
+				'<td class="minimal">' . ago($log['time']) . '</td>' .
+				'<td class="minimal">' .
+					($log['board'] ?
+						'<a href="?/' . sprintf($config['board_path'], $log['board']) . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $log['board']) . '</a></td>'
+					: '-') .
+				'<td>' . $log['text'] . '</td>' .
+				'</tr>';
+			}
+		
+			$body .= '</table>';
+			
+			$query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`");
+			$query->execute() or error(db_error($query));
+			$count = $query->fetch();
+			
+			$body .= '<p class="unimportant" style="text-align:center;word-wrap:break-word">';
+			for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) {
+				$body .= '<a href="?/log/' . ($x+1) . '">[' . ($x + 1) . ']</a> ';
+			}
+			$body .= '</p>';
+		}
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('Moderation log'),
+			'body'=>$body,
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
+		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
+		
+		// Clearsettings
+		query("TRUNCATE TABLE `theme_settings`") or error(db_error());
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'No theme',
+			'body'=>'<p style="text-align:center">Successfully uninstalled all themes.</p>' .
+				'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/themes\/([\w\-]+)\/rebuild$/', $query, $match)) {
+		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
+		
+		rebuildTheme($match[1], 'all');
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'Rebuilt',
+			'body'=>'<p style="text-align:center">Successfully rebuilt the <strong>' . $match[1] . '</strong> theme.</p>' .
+				'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) {
+		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
+		
+		$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
+		$query->bindValue(':theme', $match[1]);
+		$query->execute() or error(db_error($query));
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'Uninstalled',
+			'body'=>'<p style="text-align:center">Successfully uninstalled the <strong>' . $match[1] . '</strong> theme.</p>' .
+				'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/themes(\/([\w\-]+))?$/', $query, $match)) {
+		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
+		
+		if(!is_dir($config['dir']['themes']))
+			error(_('Themes directory doesn\'t exist!'));
+		if(!$dir = opendir($config['dir']['themes']))
+			error(_('Cannot open themes directory; check permissions.'));
+		
+		if(isset($match[2])) {
+			$_theme = &$match[2];
+			
+			if(!$theme = loadThemeConfig($_theme)) {
+				error($config['error']['invalidtheme']);
+			}
+			
+			if(isset($_POST['install'])) {
+				// Check if everything is submitted
+				foreach($theme['config'] as &$c) {
+					if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox')
+						error(sprintf($config['error']['required'], $c['title']));
+				}
+				
+				// Clear previous settings
+				$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
+				$query->bindValue(':theme', $_theme);
+				$query->execute() or error(db_error($query));
+				
+				foreach($theme['config'] as &$c) {
+					$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
+					$query->bindValue(':theme', $_theme);
+					$query->bindValue(':name', $c['name']);
+					$query->bindValue(':value', $_POST[$c['name']]);
+					$query->execute() or error(db_error($query));
+				}
+				
+				$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
+				$query->bindValue(':theme', $_theme);
+				$query->execute() or error(db_error($query));
+				
+				$result = true;
+				$body = '';
+				if(isset($theme['install_callback'])) {
+					$ret = $theme['install_callback'](themeSettings($_theme));
+					if($ret && !empty($ret)) {
+						if(is_array($ret) && count($ret) == 2) {
+							$result = $ret[0];
+							$ret = $ret[1];
+						}
+						$body .= '<div style="border:1px dashed maroon;padding:20px;margin:auto;max-width:800px">' . $ret . '</div>';
+					}
+				}
+				
+				if($result) {
+					$body .= '<p style="text-align:center">Successfully installed and built theme.</p>';
+				} else {
+					// install failed
+					$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
+					$query->bindValue(':theme', $_theme);
+					$query->execute() or error(db_error($query));
+				}
+				
+				$body .= '<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>';
+				
+				// Build themes
+				rebuildThemes('all');
+				
+				echo Element('page.html', array(
+					'config'=>$config,
+					'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'),
+					'body'=>$body,
+					'mod'=>true
+					)
+				);
+			} else {
+				$body = '<form action="" method="post">';
+				
+				if(!isset($theme['config']) || empty($theme['config'])) {
+					$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>';
+				} else {
+					$settings = themeSettings($_theme);
+					
+					$body .= '<table>';
+					foreach($theme['config'] as &$c) {
+						$body .= '<tr><th>' . $c['title'] . '</th><td>';
+						switch($c['type']) {
+							case 'text':
+							default:
+								$body .= '<input type="text" name="' . utf8tohtml($c['name']) . '" ' .
+									(isset($settings[$c['name']]) ?
+										' value="' . utf8tohtml($settings[$c['name']]) . '" '
+									:
+										(isset($c['default']) ?
+											'value="' . utf8tohtml($c['default']) . '" '
+										: '')
+									) .
+									(isset($c['size']) ? 'size="' . (int)$c['size'] . '" ' :'') .
+								'/>';
+						}
+						if(isset($c['comment']))
+							$body .= ' <span class="unimportant">' . $c['comment'] . '</span>';
+						$body .= '</td></tr>';
+					}
+					$body .= '</table>';
+				}
+				
+				$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>';
+				
+				echo Element('page.html', array(
+					'config'=>$config,
+					'title'=>'Installing "' . utf8tohtml($theme['name']) . '"',
+					'body'=>$body,
+					'mod'=>true
+					)
+				);
+			}
+		} else {
+			
+			$themes_in_use = array();
+			$query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
+			while($theme = $query->fetch()) {
+				$themes_in_use[$theme['theme']] = true;
+			}
+			
+			// Scan directory for themes
+			$themes = array();
+			while($file = readdir($dir)) {
+				if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
+					$themes[] = $file;
+				}
+			}
+			closedir($dir);
+			
+			$body = '';
+			if(empty($themes)) {
+				$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>';
+			} else {
+				$body .= '<table class="modlog">';
+				foreach($themes as &$_theme) {
+					$theme = loadThemeConfig($_theme);
+					
+					markup($theme['description']);
+					
+					$body .= '<tr>' .
+								'<th class="minimal">' . _('Name') . '</th>' .
+								'<td>' . utf8tohtml($theme['name']) . '</td>' .
+							'</tr>' .
+							'<tr>' .
+								'<th class="minimal">' . _('Version') . '</th>' .
+								'<td>' . utf8tohtml($theme['version']) . '</td>' .
+							'</tr>' .
+							'<tr>' .
+								'<th class="minimal">' . _('Description') . '</th>' .
+								'<td>' . $theme['description'] . '</td>' .
+							'</tr>' .
+							'<tr>' .
+								'<th class="minimal">' . _('Thumbnail') . '</th>' .
+								'<td><img style="float:none;margin:4px' . 
+									(isset($themes_in_use[$_theme]) ?
+										';border:2px solid red;padding:4px'
+									: '') .
+									'" src="' . $config['dir']['themes_uri'] . '/' . $_theme . '/thumb.png" /></td>' .
+							'</tr>' .
+							'<tr>' .
+								'<th class="minimal">' . _('Actions') . '</th>' .
+								'<td><ul style="padding:0 20px">' .
+									'<li><a title="' . _('Use theme') . '" href="?/themes/' . $_theme . '">' .
+										(isset($themes_in_use[$_theme]) ? _('Reconfigure') : _('Install')) .
+									'</a></li>' .
+									(isset($themes_in_use[$_theme]) ?
+										'<li><a href="?/themes/' . $_theme . '/rebuild">' . _('Rebuild') . '</a></li>' .
+										'<li><a href="?/themes/' . $_theme . '/uninstall">' . _('Uninstall') . '</a></li>'
+									:
+										'') .
+								'</ul></td>' .
+							'</tr>' .
+							'<tr style="height:40px"><td colspan="2"><hr/></td></tr>';
+				}
+				$body .= '</table>';
+			}
+			
+			if(!empty($themes_in_use))
+				$body .= '<p style="text-align:center"><a href="?/themes/none">' . _('Uninstall all themes.') . '</a></p>';
+			
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>_('Manage themes'),
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
+		}
+	} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
+		if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
+		
+		$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
+		$query->bindValue(':id', $match[1], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		if($config['cache']['enabled'])
+			cache::delete('noticeboard_preview');
+		
+		header('Location: ?/noticeboard', true, $config['redirect_http']);
+	} elseif(preg_match('/^\/noticeboard$/', $query)) {
+		if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
+		
+		$body = '';
+		
+		if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
+				$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
+				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+				$query->bindvalue(':time', time(), PDO::PARAM_INT);
+				$query->bindValue(':subject', utf8tohtml($_POST['subject']));
+				
+				markup($_POST['body']);
+				$query->bindValue(':body', $_POST['body']);
+				$query->execute() or error(db_error($query));
+				
+				if($config['cache']['enabled'])
+					cache::delete('noticeboard_preview');
+				
+				header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']);
+		} else {
+			
+			if(hasPermission($config['mod']['noticeboard_post'])) {
+				$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
+				'<tr>' .
+					'<th><label for="subject">' . _('Name') . '</label></th>' .
+					'<td>' . $mod['username'] . '</td>' .
+				'</tr><tr>' .
+					'<th>' . _('Subject') . '</th>' .
+					'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
+				'</tr><tr>' .
+					'<th>' . _('Body') . '</th>' .
+					'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
+				'</tr><tr>' .
+					'<td></td><td><input type="submit" value="' . _('Post to noticeboard') . '" /></td>' .
+				'</tr></table>' .
+				'</form></fieldset>';
+			}
+			
+			$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
+			$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			while($notice = $query->fetch()) {
+				$body .= '<div class="ban">' .
+					(hasPermission($config['mod']['noticeboard_delete']) ?
+						'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice['id'] . '">[delete]</a></span>'
+					: '') .
+				'<h2 id="' . $notice['id'] . '">' .
+					($notice['subject'] ?
+						$notice['subject']
+					:
+						'<em>' . _('no subject') . '</em>'
+					) .
+				'<span class="unimportant"> &mdash; by ' .
+					(isset($notice['username']) ?
+						utf8tohtml($notice['username'])
+					:
+						'<em>???</em>'
+					) .
+				' at ' .
+					strftime($config['post_date'], $notice['time']) .
+				'</span></h2><p>' . $notice['body'] . '</p></div>';
+			}
+		
+		
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>_('Noticeboard'),
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
+		}
+	} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
+		if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
+		
+		$query = prepare("DELETE FROM `news` WHERE `id` = :id");
+		$query->bindValue(':id', $match[1], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		rebuildThemes('news');
+		
+		header('Location: ?/news', true, $config['redirect_http']);
+	} elseif(preg_match('/^\/news$/', $query)) {			
+		$body = '';
+		
+		if(hasPermission($config['mod']['news'])) {
+			if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
+				$query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)");
+				
+				if(isset($_POST['name']) && hasPermission($config['mod']['news_custom']))
+					$name = &$_POST['name'];
+				else
+					$name = &$mod['username'];
+				
+				$query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT);
+				$query->bindvalue(':time', time(), PDO::PARAM_INT);
+				$query->bindValue(':subject', utf8tohtml($_POST['subject']));
+				
+				markup($_POST['body']);
+				$query->bindValue(':body', $_POST['body']);
+				$query->execute() or error(db_error($query));
+				
+				rebuildThemes('news');
+			}
+			
+			$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
+			'<tr>' .
+				'<th>' . _('Name') . '</th>' .
+				(hasPermission($config['mod']['news_custom']) ?
+					'<td><input type="text" size="55" name="name" id="name" value="' . utf8tohtml($mod['username']) . '" /></td>'
+				:
+					'<td>' . $mod['username'] . '</td>') .
+			'</tr><tr>' .
+				'<th>' . _('Subject') . '</th>' .
+				'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
+			'</tr><tr>' .
+				'<th>' . _('Body') . '</th>' .
+				'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
+			'</tr><tr>' .
+				'<td></td><td><input type="submit" value="' . _('Post to news') . '" /></td>' .
+			'</tr></table>' .
+			'</form></fieldset>';
+		}
+		
+		$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit");
+		$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		while($news = $query->fetch()) {			
+			$body .= '<div class="ban">' .
+				(hasPermission($config['mod']['news_delete']) ?
+					'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news['id'] . '">[delete]</a></span>'
+				: '') .
+			'<h2 id="' . $news['id'] . '">' .
+				($news['subject'] ?
+					$news['subject']
+				:
+					'<em>' . _('no subject') . '</em>'
+				) .
+			'<span class="unimportant"> &mdash; by ' .
+				$news['name'] .
+			' at ' .
+				strftime($config['post_date'], $news['time']) .
+			'</span></h2><p>' . $news['body'] . '</p></div>';
+		}
+		
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('News'),
+			'body'=>$body,
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/inbox\/readall$/', $query, $match)) {
+		$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `to` = :id");
+		$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		modLog('Marked all PMs as read');
+		
+		header('Location: ?/inbox', true, $config['redirect_http']);
+	} elseif(preg_match('/^\/inbox$/', $query, $match)) {
+		$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
+		$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		if($query->rowCount() == 0) {
+			$body = '<p style="text-align:center" class="unimportant">(' . _('No private messages for you.') . ')</p>';
+		} else {
+			$unread_pms = 0;
+			
+			$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>';
+			while($pm = $query->fetch()) {
+				$body .= '<tr' . ($pm['unread'] ? ' style="font-weight:bold"' : '') . '>' . 
+						'<td class="minimal"><a href="?/PM/' . $pm['id'] . '">' . $pm['id'] . '</a></td>' .
+						'<td class="minimal">' .
+							($pm['username'] ?
+								'<a href="?/new_PM/' . $pm['sender'] . '">' . $pm['username'] . '</a>'
+							: '<em>deleted?</em>') .
+						'</td>' .
+						'<td class="minimal">' . strftime($config['post_date'], $pm['time']) . '</td>' .
+						'<td><a href="?/PM/' . $pm['id'] . '">' . pm_snippet($pm['message']) . '</a></td>' .
+					'</tr>';
+				
+				if($pm['unread'])
+					$unread_pms++;
+			}
+			$body .= '</table>';
+			
+			if($unread_pms) {
+				$body = '<p style="text-align:center" class="unimportant">(<a href="?/inbox/readall">Mark all as read</a>)</p>' . $body;
+			}
+		}
+		
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('PM Inbox') . ' (' . ($query->rowCount() == 0 ? _('empty') : $unread_pms . ' ' . _('unread')) . ')',
+			'body'=>$body,
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
+		$id = &$match[1];
+		
+		if(hasPermission($config['mod']['master_pm'])) {
+			$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
+		} else {
+			$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
+			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+		}
+		
+		$query->bindValue(':id', $id, PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		if(!$pm = $query->fetch()) {
+			// Mod doesn't exist
+			error($config['error']['404']);
+		}
+		
+		if(isset($_POST['delete'])) {
+			$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
+			$query->bindValue(':id', $id, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			modLog('Deleted a PM');
+			
+			header('Location: ?/inbox', true, $config['redirect_http']);
+		} else {
+			if($pm['unread']) {
+				$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
+				$query->bindValue(':id', $id, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				modLog('Read a PM');
+			}
+			
+			if($pm['to'] != $mod['id']) {
+				$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
+				$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				if($_mod = $query->fetch()) {
+					$__to = &$_mod['username'];
+				} else {
+					$__to = false;
+				}
+			}
+			
+			$body = '<form action="" method="post" style="margin:0"><table>' . 
+			
+			'<th>From</th><td>' .
+				(!$pm['username'] ?
+					'<em>???</em>'
+				:
+					'<a href="?/new_PM/' . $pm['sender'] . '">' . utf8tohtml($pm['username']) . '</a>'
+				) .
+			'</td></tr>' .
+			
+			(isset($__to) ?
+				'<th>To</th><td>' .
+					($__to === false ?
+						'<em>???</em>'
+					:
+						'<a href="?/new_PM/' . $pm['to'] . '">' . utf8tohtml($__to) . '</a>'
+					) .
+				'</td></tr>'
+			: '') .
+			
+			'<tr><th>Date</th><td> ' . strftime($config['post_date'], $pm['time']) . '</td></tr>' .
+			
+			'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
+			
+			'</table>' . 
+			
+			'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
+			
+			'</form>' .
+			
+			'<p style="text-align:center"><a href="?/new_PM/' . $pm['sender'] . '/' . $pm['id'] . '">Reply with quote</a></p>';
+			
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'Private message',
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
+		}
+	} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
+		if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
+		
+		$to = &$match[1];
+		
+		$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
+		$query->bindValue(':id', $to, PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		if(!$to = $query->fetch()) {
+			// Mod doesn't exist
+			error($config['error']['404']);
+		}
+		
+		if(isset($_POST['message'])) {
+			// Post message
+			$message = &$_POST['message'];
+			
+			if(empty($message))
+				error($config['error']['tooshort_body']);
+			
+			markup($message);
+			
+			$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
+			$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
+			$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
+			$query->bindValue(':message', $message);
+			$query->bindValue(':time', time(), PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			modLog('Sent a PM to ' . $to['username']);
+			
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'PM sent',
+				'body'=>'<p style="text-align:center">Message sent successfully to ' . utf8tohtml($to['username']) . '.</p>',
+				'mod'=>true
+				)
+			);
+		} else {
+			$value = '';
+			if(isset($match[3])) {
+				$reply = &$match[3];
+				
+				$query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id");
+				$query->bindValue(':sender', $to['id'], PDO::PARAM_INT);
+				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+				$query->bindValue(':id', $reply, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				if($pm = $query->fetch()) {
+					$value = quote($pm['message']);
+				}
+			}
+			
+			
+			$body = '<form action="" method="post">' .
+			
+			'<table>' . 
+			
+			'<tr><th>To</th><td>' .
+				(hasPermission($config['mod']['editusers']) ?
+					'<a href="?/users/' . $to['id'] . '">' . utf8tohtml($to['username']) . '</a>' :
+					utf8tohtml($to['username'])
+				) .
+			'</td>' .
+			
+			'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40">' . $value . '</textarea></td>' .
+			
+			'</table>' .
+			
+			'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
+			
+			'</form>';
+			
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'New PM for ' . utf8tohtml($to['username']),
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
+		}
+	} elseif(preg_match('/^\/search$/', $query)) {
+		if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']);
+		
+		$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
+			'<p><label style="display:inline" for="search">Phrase:</label> ' .
+				'<input id="search" name="search" type="text" size="35" ' .
+					(isset($_POST['search']) ? 'value="' . str_replace('"', '&quot;', utf8tohtml($_POST['search'])) . '" ' : '') .
+				'/>' .
+				'<input type="submit" value="Search" />' .
+			'</p></form>' .
+				'<p><span class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</span></p>' .
+			'</div>';
+		
+		if(isset($_POST['search']) && !empty($_POST['search'])) {
+			$phrase = &$_POST['search'];
+			$_body = '';
+			
+			$filters = array();
+			
+			function search_filters($m) {
+				global $filters;
+				$name = $m[2];
+				$value = isset($m[4]) ? $m[4] : $m[3];
+				
+				if(!in_array($name, array('id', 'thread', 'subject', 'email', 'name', 'trip', 'capcode', 'filename', 'filehash', 'ip'))) {
+					// unknown filter
+					return $m[0];
+				}
+				
+				$filters[$name] = $value;
+				
+				return $m[1];
+			}
+			
+			$phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase));
+			
+			// Escape escape character
+			$phrase = str_replace('!', '!!', $phrase);
+			
+			// Remove SQL wildcard
+			$phrase = str_replace('%', '!%', $phrase);
+			
+			// Use asterisk as wildcard to suit convention
+			$phrase = str_replace('*', '%', $phrase);
+			
+			$like = '';
+			$match = array();
+			
+			// Find exact phrases
+			if(preg_match_all('/"(.+?)"/', $phrase, $m)) {
+				foreach($m[1] as &$quote) {
+					$phrase = str_replace("\"{$quote}\"", '', $phrase);
+					$match[] = $pdo->quote($quote);
+				}
+			}
+			
+			$words = explode(' ', $phrase);
+			foreach($words as &$word) {
+				if(empty($word))
+					continue;
+				$match[] = $pdo->quote($word);
+			}
+			
+			$like = '';
+			foreach($match as &$phrase) {
+				if(!empty($like))
+					$like .= ' AND ';
+				$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
+				$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
+			}
+			
+			foreach($filters as $name => $value) {
+				if(!empty($like))
+					$like .= ' AND ';
+				$like .= '`' . $name . '` = '. $pdo->quote($value);
+			}
+			
+			$like = str_replace('%', '%%', $like);
+			
+			$boards = listBoards();
+			foreach($boards as &$_b) {
+				openBoard($_b['uri']);
+				
+				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
+				$query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				$temp = '';
+				while($post = $query->fetch()) {
+					if(!$post['thread']) {
+						$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
+					} else {
+						$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
+					}
+					$temp .= $po->build(true) . '<hr/>';
+				}
+				
+				if(!empty($temp))
+					$_body .= '<fieldset><legend>' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on <a href="?/' .
+							sprintf($config['board_path'], $board['uri']) . $config['file_index'] .
+					'">' .
+					sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] .
+					'</a></legend>' . $temp . '</fieldset>';
+			}
+			
+			$body .= '<hr/>';
+			if(!empty($_body))
+				$body .= $_body;
+			else
+				$body .= '<p style="text-align:center" class="unimportant">(No results.)</p>';
+		}
+			
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'Search',
+			'body'=>$body,
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/users$/', $query)) {
+		if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']);
+		
+		$body = '<form action="" method="post"><table class="modlog" style="width:auto"><tr><th>' . _('ID') . '</th><th>' . _('Username') . '</th><th>' . _('Type') . '</th><th>' . _('Boards') . '</th><th>' . _('Last action') . '</th><th>&hellip;</th></tr>';
+		
+		$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
+		while($_mod = $query->fetch()) {				
+			$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
+			
+			$_mod['boards'] = explode(',', $_mod['boards']);
+			foreach($_mod['boards'] as &$_board) {
+				if($_board != '*')
+					$_board = '/' . $_board . '/';
+			}
+			
+			$body .= '<tr>' .
+				'<td>' .
+					$_mod['id'] .
+				'</td>' .
+				
+				'<td>' .
+					utf8tohtml($_mod['username']) .
+				'</td>' .
+				
+				'<td>' .
+					$type .
+				'</td>' .
+				
+				'<td>' .
+					implode(', ', $_mod['boards']) .
+				'</td>' .
+				
+				'<td>' .
+					($_mod['last'] ?
+						(hasPermission($config['mod']['modlog']) ?
+							'<span title="' . str_replace('"', '&quot;', utf8tohtml($_mod['action'])) . '">' . ago($_mod['last']) . '</span>'
+						: ago($_mod['last']))
+					: '<em>never</em>') .
+				'</td>' .
+				
+				'<td style="white-space:nowrap">' .
+					(hasPermission($config['mod']['promoteusers']) ?
+						($_mod['type'] != ADMIN ?
+							'<a style="float:left;text-decoration:none" href="?/users/' . $_mod['id'] . '/promote" title="Promote">▲</a>'
+						:'') .
+						($_mod['type'] != JANITOR ?
+							'<a style="float:left;text-decoration:none" href="?/users/' . $_mod['id'] . '/demote" title="Demote">▼</a>'
+						:'')
+					: ''
+					) .
+					(hasPermission($config['mod']['editusers']) ||
+					(hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])?
+						'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
+					: '' ) .
+					(hasPermission($config['mod']['create_pm']) ?
+						'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod['id'] . '">[PM]</a>'
+					: '' ) .
+				'</td></tr>';
+		}
+		
+		$body .= '</table>';
+		
+		if(hasPermission($config['mod']['createusers'])) {
+			$body .= '<p style="text-align:center"><a href="?/users/new">' . _('Create new user') . '</a></p>';
+		}
+		
+		$body .= '</form>';
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('Manage users'),
+			'body'=>$body
+			,'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/users\/new$/', $query)) {
+		if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']);
+		
+		if(isset($_POST['username']) && isset($_POST['password'])) {
+			if(!isset($_POST['type'])) {
+				error(sprintf($config['error']['required'], 'type'));
+			}
+			
+			if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
+				error(sprintf($config['error']['invalidfield'], 'type'));
+			}
+			
+			// Check if already exists
+			$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
+			$query->bindValue(':username', $_POST['username']);
+			$query->execute() or error(db_error($query));
+			
+			if($_mod = $query->fetch()) {
+				error(sprintf($config['error']['modexists'], $_mod['id']));
+			}
+			
+			$boards = array();
+			foreach($_POST as $name => $null) {
+				if(preg_match('/^board_(.+)$/', $name, $m))
+					$boards[] = $m[1];
+			}
+			$boards = implode(',', $boards);
+			
+			$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)");
+			$query->bindValue(':username', $_POST['username']);
+			$query->bindValue(':password', sha1($_POST['password']));
+			$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
+			$query->bindValue(':boards', $boards);
+			$query->execute() or error(db_error($query));
+			
+			modLog('Create a new user: "' . $_POST['username'] . '"');
+			header('Location: ?/users', true, $config['redirect_http']);
+		} else {
+		
+			$__boards = '<ul style="list-style:none;padding:2px 5px">';			
+			$boards = array_merge(
+					array(array('uri' => '*', 'title' => 'All')
+				), listBoards());
+			foreach($boards as &$_board) {
+				$__boards .= '<li>' .
+					'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '">' .
+					'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
+						($_board['uri'] == '*' ?
+							'<em>"*"</em>'
+						:
+							sprintf($config['board_abbreviation'], $_board['uri'])
+						) .
+						' - ' . $_board['title'] .
+					'</label>' .
+					'</li>';
+			}
+		
+			$body = '<fieldset><legend>New user</legend>' . 
+			
+				// Begin form
+				'<form style="text-align:center" action="" method="post">' .
+			
+				'<table>' .
+			
+				'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
+				'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
+				'<tr><th>Type</th><td>' .
+					'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
+					'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
+					'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
+				'</td></tr>' .
+				'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
+				'</table>' .
+			
+				'<input style="margin-top:10px" type="submit" value="Create user" />' .
+			
+				// End form
+				'</form></fieldset>';
+			
+				echo Element('page.html', array(
+					'config'=>$config,
+					'title'=>'New user',
+					'body'=>$body
+					,'mod'=>true
+					)
+				);
+			}
+	} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
+		$modID = &$matches[1];
+		
+		if(isset($matches[2])) {
+			if($matches[3] == 'delete') {
+				if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']);
+				
+				$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
+				$query->bindValue(':id', $modID, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				modLog('Deleted user #' . $modID);
+			} else {
+				// Promote/demote
+				if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']);
+				
+				if($matches[3] == 'promote') {
+					$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
+					$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
+				} else {
+					$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
+					$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
+				}
+				
+				$query->bindValue(':id', $modID, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+			}
+			header('Location: ?/users', true, $config['redirect_http']);
+		} else {
+			// Edit user
+			if(!hasPermission($config['mod']['editusers']) && !hasPermission($config['mod']['change_password']))
+				error($config['error']['noaccess']);
+			
+			$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
+			$query->bindValue(':id', $modID, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if(!$_mod = $query->fetch()) {
+				error($config['error']['404']);
+			}
+			
+			if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true))
+				error($config['error']['noaccess']);
+			
+			if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
+				if(!isset($change_password_only)) {
+					$boards = array();
+					foreach($_POST as $name => $null) {
+						if(preg_match('/^board_(.+)$/', $name, $m))
+							$boards[] = $m[1];
+					}
+					$boards = implode(',', $boards);
+					
+					$query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id");
+					$query->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
+					$query->bindValue(':boards', $boards, PDO::PARAM_STR);
+					$query->bindValue(':id', $modID, PDO::PARAM_INT);
+					$query->execute() or error(db_error($query));
+					modLog('Edited login details for user "' . $_mod['username'] . '"');
+				} else {
+					modLog('Changed own password');
+				}
+				if(!empty($_POST['password'])) {
+					$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
+					$query->bindValue(':password', sha1($_POST['password']));
+					$query->bindValue(':id', $modID, PDO::PARAM_INT);
+					$query->execute() or error(db_error($query));
+				}
+				
+				// Refresh
+				$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
+				$query->bindValue(':id', $modID, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				if(!$_mod = $query->fetch()) {
+					error($config['error']['404']);
+				}
+				
+				if($_mod['id'] == $mod['id']) {
+					// Changed own password. Update cookies
+					
+					if(!login($_mod['username'], $_mod['password'], false, true))
+						error(_('Could not re-login after changing password. (?)'));
+					
+					setCookies();
+				}
+				
+				if(hasPermission($config['mod']['manageusers']))
+					header('Location: ?/users', true, $config['redirect_http']);
+				else
+					header('Location: ?/', true, $config['redirect_http']);
+				exit;
+			}
+			
+			$__boards = '<ul style="list-style:none;padding:2px 5px">';
+			$boards = array_merge(
+					array(array('uri' => '*', 'title' => 'All')
+				), listBoards());
+			
+			$_mod['boards'] = explode(',', $_mod['boards']);
+			foreach($boards as &$_board) {
+				$__boards .= '<li>' .
+					'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"' .
+						(in_array($_board['uri'], $_mod['boards']) ? 
+							' checked="checked"'
+						: '') .
+					'/> ' . 
+					'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
+						($_board['uri'] == '*' ?
+							'<em>"*"</em>'
+						:
+							sprintf($config['board_abbreviation'], $_board['uri'])
+						) .
+						' - ' . $_board['title'] .
+					'</label>' .
+					'</li>';
+			}
+			$__boards .= '</ul>';
+			
+			$body = '<fieldset><legend>Edit user</legend>' . 
+			
+			// Begin form
+			'<form style="text-align:center" action="" method="post">' .
+			
+			'<table>' .
+			
+			'<tr><th>Username</th><td>' . 
+			
+			(isset($change_password_only) ?
+				utf8tohtml($_mod['username'])
+			: '<input size="20" maxlength="30" type="text" name="username" value="' . utf8tohtml($_mod['username']) . '" autocomplete="off" />') .
+			
+			'</td></tr>' .
+			'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
+			
+			(isset($change_password_only) ? '' :
+				'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
+			) .
+			
+			'</table>' .
+			
+			'<input type="submit" value="Save changes" />' .
+			
+			// End form
+			'</form> ' .
+			
+			// Delete button
+			(hasPermission($config['mod']['deleteusers']) ?
+				'<p style="text-align:center"><a href="?/users/' . $_mod['id'] . '/delete">Delete user</a></p>'
+			:'') .
+			
+			'</fieldset>';
+			
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'Edit user',
+				'body'=>$body
+				,'mod'=>true
+				)
+			);
+		}
+	} elseif(preg_match('/^\/reports$/', $query)) {
+		if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']);
+		
+		$body = '';
+		$reports = 0;
+		
+		$query = prepare("SELECT * FROM `reports` ORDER BY `time` DESC LIMIT :limit");
+		$query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		while($report = $query->fetch()) {
+			$p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['board']));
+			$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
+			$p_query->execute() or error(db_error($p_query));
+			
+			if(!$post = $p_query->fetch()) {
+				// Invalid report (post has since been deleted)
+				$p_query = prepare("DELETE FROM `reports` WHERE `post` = :id AND `board` = :board");
+				$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
+				$p_query->bindValue(':board', $report['board']);
+				$p_query->execute() or error(db_error($p_query));
+				continue;
+			}
+			
+			$reports++;
+			openBoard($report['uri']);
+			
+			if(!$post['thread']) {
+				$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
+			} else {
+				$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
+			}
+			
+			$append_html =
+				'<div class="report">' .
+					'<hr/>' .
+					'Board: <a href="?/' . $report['uri'] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $report['uri']) . '</a><br/>' .
+					'Reason: ' . $report['reason'] . '<br/>' .
+					'Report date: ' . strftime($config['post_date'], $report['time']) . '<br/>' .
+					(hasPermission($config['mod']['show_ip']) ?
+						'Reported by: <a href="?/IP/' . $report['ip'] . '">' . $report['ip'] . '</a><br/>'
+					: '') .
+					'<hr/>' .
+						(hasPermission($config['mod']['report_dismiss']) ?
+							'<a title="Discard abuse report" href="?/reports/' . $report['id'] . '/dismiss">Dismiss</a> | ' : '') .
+						(hasPermission($config['mod']['report_dismiss_ip']) ?
+							'<a title="Discard all abuse reports by this user" href="?/reports/' . $report['id'] . '/dismiss/all">Dismiss+</a>' : '') .
+				'</div>';
+			
+			// Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21
+			$po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '<br/>'));
+			
+			if(mb_strlen($po->body) + mb_strlen($append_html) > $config['body_truncate_char']) {
+				// still too long. temporarily increase limit in the config
+				$__old_body_truncate_char = $config['body_truncate_char'];
+				$config['body_truncate_char'] = mb_strlen($po->body) + mb_strlen($append_html);
+			}
+			
+			$po->body .= $append_html;
+			
+			$body .= $po->build(true) . '<hr/>';
+			
+			if(isset($__old_body_truncate_char))
+				$config['body_truncate_char'] = $__old_body_truncate_char;
+		}
+		
+		$query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error());
+		$count = $query->fetch();
+		
+		$body .= '<p class="unimportant" style="text-align:center">Showing ' . 
+			($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.</p>';
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('Report queue') . ' (' . $count['count'] . ')',
+			'body'=>$body,
+			'mod'=>true
+		));
+	} elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) {
+		if(isset($matches[2]) && $matches[2] == '/all') {
+			if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']);
+			
+			$query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id");
+			$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if($report = $query->fetch()) {
+				$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
+				$query->bindValue(':ip', $report['ip'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				modLog('Dismissed all reports by ' . $report['ip']);
+			}
+		} else {
+			if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']);
+			
+			$query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id");
+			$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if($report = $query->fetch()) {
+				modLog('Dismissed a report for post #' . $report['post'], $report['board']);
+				
+				$query = prepare("DELETE FROM `reports` WHERE `post` = :post AND `board` = :board");
+				$query->bindValue(':board', $report['board'], PDO::PARAM_INT);
+				$query->bindValue(':post', $report['post'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+			}
+		}
+		
+		// Redirect
+		header('Location: ?/reports', true, $config['redirect_http']);
+	} elseif(preg_match('/^\/(\w+)\/edit(\/delete)?$/', $query, $matches)) {
+		if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']);
+		
+		if(!openBoard($matches[1]))
+			error($config['error']['noboard']);
+		
+		if(isset($matches[2]) && $matches[2] == '/delete') {
+			if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']);
+			// Delete board
+			
+			modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri']));
+			
+			// Delete entire board directory
+			rrmdir($board['uri'] . '/');
+			
+			// Delete posting table
+			$query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error());
+			
+			// Clear reports
+			$query = prepare("DELETE FROM `reports` WHERE `board` = :id");
+			$query->bindValue(':id', $board['uri'], PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			// Delete from table
+			$query = prepare("DELETE FROM `boards` WHERE `uri` = :uri");
+			$query->bindValue(':uri', $board['uri'], PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if($config['cache']['enabled']) {
+				cache::delete('board_' . $board['uri']);
+				cache::delete('all_boards');
+			}
+			
+			$query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board");
+			$query->bindValue(':board', $board['uri']);
+			$query->execute() or error(db_error($query));
+			while($cite = $query->fetch()) {
+				if($board['uri'] != $cite['board']) {
+					if(!isset($tmp_board))
+						$tmp_board = $board;
+					openBoard($cite['board']);
+					rebuildPost($cite['post']);
+				}
+			}
+			
+			if(isset($tmp_board))
+				$board = $tmp_board;
+			
+			$query = prepare("DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board");
+			$query->bindValue(':board', $board['uri']);
+			$query->execute() or error(db_error($query));
+			
+			$query = prepare("DELETE FROM `antispam` WHERE `board` = :board");
+			$query->bindValue(':board', $board['uri']);
+			$query->execute() or error(db_error($query));
+			
+			$_board = $board;
+			
+			rebuildThemes('boards');
+			
+			$board = $_board;
+			
+			header('Location: ?/', true, $config['redirect_http']);
+		} else {
+			if(isset($_POST['title']) && isset($_POST['subtitle'])) {
+				$query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri");
+				$query->bindValue(':title', utf8tohtml($_POST['title'], true));
+				
+				if(!empty($_POST['subtitle']))
+					$query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true));
+				else
+					$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
+				
+				$query->bindValue(':id', $board['uri'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				if($config['cache']['enabled']) {
+					cache::delete('board_' . $board['uri']);
+					cache::delete('all_boards');
+				}
+				
+				$_board = $board;
+				
+				rebuildThemes('boards');
+				
+				$board = $_board;
+				
+				openBoard($board['uri']);
+			}
+			
+			$body =
+			'<fieldset><legend><a href="?/' .
+			$board['uri'] .	'/' . $config['file_index'] . '">' .
+			sprintf($config['board_abbreviation'], $board['uri']) . '</a>' . 
+			' - ' . $board['name'] . '</legend>' . 
+			
+			// Begin form
+			'<form style="text-align:center" action="" method="post">' .
+			
+			'<table>' .
+			
+			'<tr><th>URI</th><td>' . $board['uri'] . '</td>' .
+			'<tr><th>Title</th><td><input size="20" type="text" name="title" value="' . $board['name'] . '" /></td></tr>' .
+			'<tr><th>Subtitle</th><td><input size="20" type="text" name="subtitle" value="' .
+				(isset($board['title']) ? $board['title'] : '') . '" /></td></tr>' .
+			
+			'</table>' .
+			
+			'<input type="submit" value="Update" />' .
+			
+			// End form
+			'</form> ' .
+			
+			// Delete button
+			(hasPermission($config['mod']['deleteboard']) ?
+				'<p style="text-align:center"><a href="?/' . $board['uri'] . '/edit/delete">Delete board</a></p>'
+			:'') .
+			
+			'</fieldset>';
+			
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'Manage &ndash; ' . sprintf($config['board_abbreviation'], $board['uri']),
+				'body'=>$body,
+				'mod'=>true
+			));
+		}
+	} elseif(preg_match('/^\/bans$/', $query)) {
+		if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']);
+		
+		if(isset($_POST['unban'])) {
+			if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']);
+			
+			foreach($_POST as $post => $value) {
+				if(preg_match('/^ban_(\d+)$/', $post, $m)) {
+					removeBan($m[1]);
+				}
+			}
+		}
+		if(hasPermission($config['mod']['view_banexpired'])) {
+			$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC");
+			$query->bindValue(':time', time(), PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+		} else {
+			// Filter out expired bans
+			$query = prepare("SELECT `bans`.*, `username` FROM `bans` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC");
+			$query->bindValue(':time', time(), PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+		}
+		
+		if($query->rowCount() < 1) {
+			$body = '<p style="text-align:center" class="unimportant">(There are no active bans.)</p>';
+		} else {
+			$body = '<form action="" method="post">';
+			$body .= '<table><tr><th>' . _('IP address') . '</th><th>' . _('Reason') . '</th><th>' . _('Board') . '</th><th>' . _('Set') . '</th><th>' . _('Expires') . '</th><th>' . _('Staff') . '</th></tr>';
+			
+			while($ban = $query->fetch()) {
+				$body .=
+					'<tr' .
+						($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
+							' style="text-decoration:line-through"'
+						:'') .
+					'>' .
+				
+				'<td style="white-space: nowrap">' .
+				
+				// Checkbox
+				'<input type="checkbox" name="ban_' . $ban['id'] . '" id="ban_' . $ban['id'] . '" /> ' .
+				
+				// IP address
+				(preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ?
+					'<a href="?/IP/' .
+						$ban['ip'] .
+					'">'. $ban['ip'] . '</a>'
+				: utf8tohtml($ban['ip'])) .
+				
+				'</td>' .
+				
+				// Reason
+				'<td>' . ($ban['reason'] ? $ban['reason'] : '<em>-</em>') . '</td>' .
+				
+				
+				'<td style="white-space: nowrap">' .
+				(isset($ban['board']) ?
+					sprintf($config['board_abbreviation'], $ban['board'])
+				:
+					'<em>' . _('all boards') . '</em>'
+				) . '</td>' .
+				
+				// Set
+				'<td style="white-space: nowrap">' . strftime($config['post_date'], $ban['set']) . '</td>' .
+				
+				// Expires
+				'<td style="white-space: nowrap">' . 
+					($ban['expires'] == 0 ?
+						'<em>Never</em>'
+					:
+						strftime($config['post_date'], $ban['expires'])
+					) .
+				'</td>' .
+				
+				// Staff
+				'<td>' .
+					(isset($ban['username']) ?
+						(!hasPermission($config['mod']['view_banstaff']) ?
+							($config['mod']['view_banquestionmark'] ?
+								'?'
+							:
+								($ban['type'] == JANITOR ? 'Janitor' :
+								($ban['type'] == MOD ? 'Mod' :
+								($ban['type'] == ADMIN ? 'Admin' :
+								'?')))
+							)
+						:
+							utf8tohtml($ban['username'])
+						)
+					:
+						'<em>deleted?</em>'
+					) .
+				'</td>' .
+				
+				'</tr>';
+			}
+			
+			$body .= '</table>' .
+			
+			(hasPermission($config['mod']['unban']) ?
+				'<p style="text-align:center"><input name="unban" type="submit" value="Unban selected" /></p>'
+			: '') .
+			
+			'</form>';
+		}
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('Ban list'),
+			'body'=>$body,
+			'mod'=>true
+		)
+	);
+	} elseif(preg_match('/^\/flush$/', $query)) {
+		if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
+		if(!$config['cache']['enabled']) error(_('Cache is not enabled.'));
+		
+		if(cache::flush()) {
+			$body = 'Successfully invalidated all items in cache.';
+			modLog('Cleared cache');
+		} else {
+			$body = 'An error occured while trying to flush cache.';
+		}
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'Flushed',
+			'body'=>'<p style="text-align:center">' . $body . '</p>',
+			'mod'=>true
+		));
+	} elseif(preg_match('/^\/rebuild$/', $query)) {
+		if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
+		
+		set_time_limit($config['mod']['rebuild_timelimit']);
+		
+		$body = '<div class="ban"><h2>Rebuilding&hellip;</h2><p>';
+		
+		$body .= 'Clearing template cache&hellip;<br/>';
+		
+		load_twig();
+		$twig->clearCacheFiles();
+	
+		$body .= 'Regenerating theme files&hellip;<br/>';
+		rebuildThemes('all');
+		
+		$body .= 'Generating Javascript file&hellip;<br/>';
+		buildJavascript();
+		
+		$main_js = $config['file_script'];
+		
+		$boards = listBoards();
+		
+		foreach($boards as &$board) {
+			$body .= "<strong style=\"display:inline-block;margin: 15px 0 2px 0;\">Opening board /{$board['uri']}/</strong><br/>";
+			openBoard($board['uri']);
+			
+			$body .= 'Creating index pages<br/>';
+			buildIndex();
+			
+			if($config['file_script'] != $main_js) {
+				// different javascript file
+				$body .= 'Generating Javascript file&hellip;<br/>';
+				buildJavascript();
+			}
+			
+			$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
+			while($post = $query->fetch()) {
+				$body .= "Rebuilding #{$post['id']}<br/>";
+				buildThread($post['id']);
+			}
+		}
+		$body .= 'Complete!</p></div>';
+		
+		unset($board);
+		modLog('Rebuilt everything');
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'Rebuilt',
+			'body'=>$body,
+			'mod'=>true
+		));
+	} elseif(preg_match('/^\/config\/edit$/', $query)) {
+		if(!hasPermission($config['mod']['edit_config']))
+			error($config['error']['noaccess']);
+		
+		// TODO: display "unset variables"
+		// $config_file = file_get_contents('inc/config.php');
+		// preg_match_all('/\$config\[\'(\w+)\']/', $config_file, $matches);
+		// $config_variables = array_unique($matches[1]);
+		
+		$body = '<fieldset><legend>' . _('Configuration') . '</legend><form action="" method="post"><table style="width:100%">';
+		
+		$var_force_string = array('blotter');
+		$var_system = array('version');
+		
+		if(isset($_POST['save_changes'])) {
+			$config_append = '';
+			
+			foreach($config as $name => $original_value) {
+				if(in_array($name, $var_system))
+					continue;
+				$type = gettype($original_value);
+				if($type == 'array' || $type == 'NULL')
+					continue;
+				
+				if($type == 'boolean' && in_array($name, $var_force_string))
+					$type = 'string';
+				
+				if(!isset($_POST[$name]) && $type != 'boolean')
+					continue;
+				
+				if($type == 'boolean')
+					$value = isset($_POST[$name]);
+				else
+					$value = $_POST[$name];
+				
+				if($value != $original_value) {
+					// value has been changed
+					$config_append .= "\$config['" . addslashes($name) . "'] = ";
+					if($type == 'boolean')
+						$config_append .= $value ? 'true' : 'false';
+					elseif($type == 'integer')
+						$config_append .= (int)$value;
+					elseif($type == 'string')
+						$config_append .= '\'' . addslashes($value) . '\'';
+					$config_append .= ";\n";
+				}
+			}
+			
+			if(!empty($config_append)) {
+				$config_append = "\n// Changes made via web editor by \"" . $mod['username'] . "\" @ " . date('r') . ":\n" . $config_append . "\n";
+				if(@file_put_contents('inc/instance-config.php', $config_append, FILE_APPEND)) {
+					header('Location: ?/config' . $b['uri'], true, $config['redirect_http']);
+					exit;
+				} else {
+					$config_append = htmlentities($config_append);
+					
+					if($config['minify_html'])
+						$config_append = str_replace("\n", '&#010;', $config_append);
+					$page = array();
+					$page['title'] = 'Cannot write to file!';
+					$page['config'] = $config;
+					$page['body'] = '
+						<p>Tinyboard could not write to <strong>inc/instance-config.php</strong> with the ammended configuration, probably due to a permissions error.</p>
+						<p>You may proceed with these changes manually by copying and pasting the following code to the bottom of <strong>inc/instance-config.php</strong>:</p>
+						<textarea style="width:700px;height:370px;margin:auto;display:block;background:white;color:black" readonly>' . $config_append . '</textarea>
+					';
+					echo Element('page.html', $page);
+					exit;
+				}
+			}
+		}
+		
+		foreach($config as $name => $value) {
+			$body .= '<tr>';
+			
+			$body .= '<th style="text-align:left" class="minimal">' . utf8tohtml($name) . '</th>';
+			$type = gettype($value);
+			if($type == 'array') {
+				$body .= '<td><a href="?/config/edit/' . utf8tohtml($name) . '">[edit]' . '</a></td>';
+			} else {
+				if($type == 'string' || $type == 'integer') {
+					$body .= '<td><input style="width:100%" type="text" name="' .utf8tohtml($name) . '" value="'. str_replace('"', '&quot;', utf8tohtml($value)) . '"' .
+							(in_array($name, $var_system) ? ' readonly="readonly"' : '') . '></td>';
+				} elseif($type == 'boolean') {
+					if(in_array($name, $var_force_string))
+						$body .= '<td><input style="width:100%" type="text" name="' . utf8tohtml($name) . '" value=""></td>';
+					else
+						$body .= '<td><input type="checkbox" name="' . utf8tohtml($name) . '" ' . ($value ? 'checked' : '') . '></td>';
+				} else {
+					$body .= '<td>' . utf8tohtml($value) . '</td>';
+				}
+			}
+			
+			$body .= '</tr>';
+		}
+		
+		$body .= '</table><div style="text-align:center"><input name="save_changes" type="submit" value="Save changes"></div></form></fieldset>';
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('Configuration'),
+			'body'=>$body,
+			'mod'=>true
+			)
+		);			
+	} elseif(preg_match('/^\/config$/', $query)) {
+		if(!hasPermission($config['mod']['show_config']))
+			error($config['error']['noaccess']);
+		
+		// Show instance-config.php	
+		
+		$data = '';
+		
+		function do_array_part($array, $prefix = '') {
+			global $data, $config;
+			
+			foreach($array as $name => $value) {
+				if(is_array($value)) {
+					do_array_part($value, $prefix . $name . ' → ');
+				} else {
+					if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') {
+						$value = '<em>hidden</em>';
+					} elseif(gettype($value) == 'boolean') {
+						$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>';
+					} elseif(gettype($value) == 'string') {
+						if(empty($value))
+							$value = '<em>empty</em>';
+						else
+							$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (mb_strlen($value) > 110 ? '&hellip;' : '')) . '</span>';
+					} elseif(gettype($value) == 'integer') {
+						$value = '<span style="color:black;">' . $value . '</span>';
+					} elseif(is_object($value) && get_class($value) == 'Closure') {
+						$value = '[callback]';
+					}
+					
+					$data .= 
+							'<tr><th style="text-align:left;">' . 
+								$prefix . (gettype($name) == 'integer' ? '[]' : utf8tohtml($name)) .
+							'</th><td>' .
+								$value .
+							'</td></tr>';
+					}
+				}
+			}
+		
+		do_array_part($config);
+		
+		
+		$body = (hasPermission($config['mod']['edit_config']) ?
+				'<p style="text-align:center" class="unimportant">' .
+					'<a href="?/config/edit">[Edit using web editor]</a>' : '') .
+				'<fieldset><legend>' . _('Configuration') . '</legend><table>' . $data . '</table></fieldset>';
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>_('Configuration'),
+			'body'=>$body,
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/new$/', $query)) {
+		if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']);
+		
+		// New board
+		$body = '';
+		
+		if(isset($_POST['new_board'])) {
+			// Create new board
+			if(	!isset($_POST['uri']) ||
+				!isset($_POST['title']) ||
+				!isset($_POST['subtitle'])
+			)	error($config['error']['missedafield']);
+			
+			$b = array(
+				'uri' => $_POST['uri'],
+				'title' => $_POST['title'],
+				'subtitle' => $_POST['subtitle']
+			);
+			
+			// HTML characters
+			$b['title'] = utf8tohtml($b['title'], true);
+			$b['subtitle'] = utf8tohtml($b['subtitle'], true);
+			
+			// Check required fields
+			if(empty($b['uri']))
+				error(sprintf($config['error']['required'], 'URI'));
+			if(empty($b['title']))
+				error(sprintf($config['error']['required'], 'title'));
+			
+			if(!preg_match('/^\w+$/', $b['uri']))
+				error(sprintf($config['error']['invalidfield'], 'URI'));
+			
+			if(openBoard($b['uri'])) {
+				unset($board);
+				error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
+			}
+			
+			$query = prepare("INSERT INTO `boards` VALUES (:uri, :title, :subtitle)");
+			$query->bindValue(':uri', $b['uri']);
+			$query->bindValue(':title', $b['title']);
+			if(!empty($b['subtitle'])) {
+				$query->bindValue(':subtitle', $b['subtitle']);
+			} else {
+				$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
+			}
+			$query->execute() or error(db_error($query));
+			
+			// Record the action
+			modLog("Created a new board: {$b['title']}");
+			
+			// Open the board
+			openBoard($b['uri']) or error(_("Couldn't open board after creation."));
+			
+			// Create the posts table
+			query(Element('posts.sql', array('board' => $board['uri']))) or error(db_error());
+			
+			if($config['cache']['enabled'])
+				cache::delete('all_boards');
+			
+			// Build the board
+			buildIndex();
+			
+			rebuildThemes('boards');
+			
+			header('Location: ?/' . $b['uri'] . '/' . $config['file_index'], true, $config['redirect_http']);
+		} else {
+			
+			$body .= form_newBoard();
+			
+			// TODO: Statistics, etc, in the dashboard.
+			
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'New board',
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
+		}
+	} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
+		// Board index
+		
+		$boardName = &$matches[1];
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		$page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2];
+		
+		if(!$page = index($page_no, $mod)) {
+			error($config['error']['404']);
+		}
+		
+		$page['pages'] = getPages(true);
+		$page['pages'][$page_no-1]['selected'] = true;
+		$page['btn'] = getPageButtons($page['pages'], true);
+		$page['mod'] = true;
+		echo Element('index.html', $page);
+	} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
+		// View thread
+		
+		$boardName = &$matches[1];
+		$thread = &$matches[2];
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		$page = buildThread($thread, true, $mod);
+		
+		echo $page;
+	} elseif(preg_match('/^\/' . $regex['board'] . 'edit\/(\d+)$/', $query, $matches)) {
+		// Edit post body
+		
+		$boardName = &$matches[1];
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['editpost'], $boardName)) error($config['error']['noaccess']);
+		
+		$postID = &$matches[2];
+		
+		$query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
+		$query->bindValue(':id', $postID, PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		$post = $query->fetch() or error($config['error']['invalidpost']);
+		
+		if(isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) {
+			if(mb_strlen($_POST['subject']) > 100)
+				error(sprintf($config['error']['toolong'], 'subject'));
+			
+			$body = $_POST['body'];
+			$body_nomarkup = $body;
+			
+			wordfilters($body);
+			$tracked_cites = markup($body, true);
+			
+			$query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post");
+			$query->bindValue(':board', $board['uri']);
+			$query->bindValue(':post', $postID, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+		
+			$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri']));
+			$query->bindValue(':id', $postID, PDO::PARAM_INT);
+			$query->bindValue(':body', $body);
+			$query->bindValue(':body_nomarkup', $body_nomarkup);
+			$query->bindValue(':subject', utf8tohtml($_POST['subject']));
+			$query->execute() or error(db_error($query));
+			
+			if(isset($tracked_cites)) {
+				foreach($tracked_cites as $cite) {
+					$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
+					$query->bindValue(':board', $board['uri']);
+					$query->bindValue(':post', $postID, PDO::PARAM_INT);
+					$query->bindValue(':target_board',$cite[0]);
+					$query->bindValue(':target', $cite[1], PDO::PARAM_INT);
+					$query->execute() or error(db_error($query));
+				}
+			}
+	
+			// Record the action
+			modLog("Edited post #{$postID}");
+			
+			buildThread($post['thread'] ? $post['thread'] : $postID);
+			
+			// Rebuild board
+			buildIndex();
+		
+			// Redirect
+			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+			exit;
+		}
+		
+		$post['body_nomarkup'] = utf8tohtml($post['body_nomarkup']);
+		
+		if($config['minify_html'])
+			$post['body_nomarkup'] = str_replace("\n", '&#010;', $post['body_nomarkup']);
+		
+		$body = '<form name="post" action="" method="post">' .
+				'<table>' .
+					'<tr>' .
+						'<th>Name</th>' .
+						'<td>' . utf8tohtml($post['name']) . '</td>' .
+					'</tr>' .
+					'<tr>' .
+						'<th>Subject</th>' .
+						'<td>' .
+							'<input style="float:left;" type="text" name="subject" size="25" maxlength="50" value="' . str_replace('"', '&quot;', $post['subject']) . '"/>' .
+							'<input style="margin-left:2px;" type="submit" name="submit" value="Edit Post"/>' .
+						'</td>' .
+					'</tr>' .
+					'<tr>' .
+						'<th>Body</th>' .
+						'<td>' .
+							'<textarea name="body" rows="8" cols="38">' .
+								 $post['body_nomarkup'] .
+							'</textarea>' .
+						'</td>' .
+					'</tr>' .
+				'</table>' .
+			'</form>';
+		
+		echo Element('page.html', array(
+			'config' => $config,
+			'body' => $body,
+			'title' => 'Edit Post #' . $postID
+		));
+	} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
+		// Delete file from post
+		
+		$boardName = &$matches[1];
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['deletefile'], $boardName)) error($config['error']['noaccess']);
+		
+		$post = &$matches[2];
+		
+		// Delete post
+		deleteFile($post);
+		
+		// Record the action
+		modLog("Removed file from post #{$post}");
+		
+		// Rebuild board
+		buildIndex();
+		
+		// Redirect
+		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+	} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
+		// Delete post
+		
+		$boardName = &$matches[1];
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['delete'], $boardName))
+			error($config['error']['noaccess']);
+		
+		$post = &$matches[2];
+		
+		// Delete post
+		deletePost($post);
+		
+		// Record the action
+		modLog("Deleted post #{$post}");
+		
+		// Rebuild board
+		buildIndex();
+		
+		// Redirect
+		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+	} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
+		// Add/remove sticky
+		
+		$boardName = &$matches[1];
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['sticky'], $boardName)) error($config['error']['noaccess']);
+		
+		$post = &$matches[3];
+		
+		$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
+		$query->bindValue(':id', $post, PDO::PARAM_INT);
+		
+		if($matches[2] == 'un') {
+			// Record the action
+			modLog("Unstickied post #{$post}");
+			$query->bindValue(':sticky', 0, PDO::PARAM_INT);
+		} else {
+			// Record the action
+			modLog("Stickied post #{$post}");
+			$query->bindValue(':sticky', 1, PDO::PARAM_INT);
+		}
+		
+		$query->execute() or error(db_error($query));
+		
+		buildIndex();
+		buildThread($post);
+		
+		
+		// Redirect
+		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+	} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
+		// Lock/Unlock
+		
+		$boardName = &$matches[1];
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']);
+		
+		$post = &$matches[3];
+		
+		$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
+		$query->bindValue(':id', $post, PDO::PARAM_INT);
+		
+		if($matches[2] == 'un') {
+			// Record the action
+			modLog("Unlocked post #{$post}");
+			$query->bindValue(':locked', 0, PDO::PARAM_INT);
+		} else {
+			// Record the action
+			modLog("Locked post #{$post}");
+			$query->bindValue(':locked', 1, PDO::PARAM_INT);
+		}
+		
+		$query->execute() or error(db_error($query));
+		
+		buildIndex();
+		buildThread($post);
+		
+		
+		// Redirect
+		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+	} elseif(preg_match('/^\/' . $regex['board'] . 'bump(un)?lock\/(\d+)$/', $query, $matches)) {
+		// Lock/Unlock
+		
+		$boardName = &$matches[1];
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['bumplock'], $boardName)) error($config['error']['noaccess']);
+		
+		$post = &$matches[3];
+		
+		$query = prepare(sprintf("UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
+		$query->bindValue(':id', $post, PDO::PARAM_INT);
+		
+		if($matches[2] == 'un') {
+			// Record the action
+			modLog("Unbumplocked post #{$post}");
+			$query->bindValue(':bumplocked', 0, PDO::PARAM_INT);
+		} else {
+			// Record the action
+			modLog("Bumplocked post #{$post}");
+			$query->bindValue(':bumplocked', 1, PDO::PARAM_INT);
+		}
+		
+		$query->execute() or error(db_error($query));
+		
+		buildIndex();
+		buildThread($post);
+		
+		
+		// Redirect
+		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+	} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)(\/global)?$/', $query, $matches)) {
+		// Delete all posts by an IP
+		
+		$boardName = &$matches[1];
+		$post = &$matches[2];
+		$global = isset($matches[3]) && $matches[3] == '/global';
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
+		$query->bindValue(':id', $post);
+		$query->execute() or error(db_error($query));
+		
+		if(!$post = $query->fetch())
+			error($config['error']['invalidpost']);
+		
+		$ip = $post['ip'];
+		
+		if($global)
+			$boards = listBoards();
+		else
+			$boards = array(array('uri' => $board['uri']));
+		
+		$query = '';
+		foreach($boards as $_board) {
+			$query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']);
+		}
+		$query = preg_replace('/UNION ALL $/', '', $query);
+		
+		$query = prepare($query);
+		$query->bindValue(':ip', $ip);
+		$query->execute() or error(db_error($query));
+		
+		if($query->rowCount() < 1)
+			error($config['error']['invalidpost']);
+		
+		$boards = array();
+		while($post = $query->fetch()) {
+			openBoard($post['board']);
+			$boards[] = $post['board'];
+			
+			deletePost($post['id'], false);
+		}
+		
+		foreach($boards as &$_board) {
+			openBoard($_board);
+			buildIndex();
+		}
+		
+		// Record the action
+		modLog("Deleted all posts by IP address: {$ip}");
+		
+		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+	} elseif(preg_match('/^\/ban$/', $query)) {
+		if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']);
+		// Ban page
+		
+		if(isset($_POST['new_ban'])) {
+			if(	!isset($_POST['ip']) ||
+				!isset($_POST['reason']) ||
+				!isset($_POST['length'])
+			)	error($config['error']['missedafield']);
+			
+			// Check required fields
+			if(empty($_POST['ip']))
+				error(sprintf($config['error']['required'], 'IP address'));
+			
+			$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)");
+			
+			// 1yr2hrs30mins
+			// 1y2h30m
+			$expire = 0;
+			if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
+				if(isset($m[2])) {
+					// Years
+					$expire += $m[2]*60*60*24*365;
+				}
+				if(isset($m[4])) {
+					// Months
+					$expire += $m[4]*60*60*24*30;
+				}
+				if(isset($m[6])) {
+					// Weeks
+					$expire += $m[6]*60*60*24*7;
+				}
+				if(isset($m[8])) {
+					// Days
+					$expire += $m[8]*60*60*24;
+				}
+				if(isset($m[10])) {
+					// Hours
+					$expire += $m[10]*60*60;
+				}
+				if(isset($m[12])) {
+					// Minutes
+					$expire += $m[12]*60;
+				}
+				if(isset($m[14])) {
+					// Seconds
+					$expire += $m[14];
+				}
+			}
+			if($expire) {
+				$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
+			} else {
+				// Never expire
+				$query->bindValue(':expires', null, PDO::PARAM_NULL);
+			}
+			
+			$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
+			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+			$query->bindValue(':set', time(), PDO::PARAM_INT);
+			
+			
+			
+			if(!empty($_POST['reason'])) {
+				$reason = $_POST['reason'];
+				markup($reason);
+				$query->bindValue(':reason', $reason, PDO::PARAM_STR);
+			} else {
+				$query->bindValue(':reason', null, PDO::PARAM_NULL);
+			}
+			
+			if($_POST['board'] == '') {
+				$query->bindValue(':board', null, PDO::PARAM_NULL);
+			} else {
+				$query->bindValue(':board', $_POST['board'], PDO::PARAM_INT);
+			}
+			
+			// Record the action
+			modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason'));
+			
+			$query->execute() or error(db_error($query));
+			
+			if(isset($_POST['board']))
+				openBoard($_POST['board']);
+			
+			// Delete too
+			if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) {					
+				$post = round($_POST['delete']);
+				
+				deletePost($post);
+				
+				// Record the action
+				modLog("Deleted post #{$post}");
+				
+				// Rebuild board
+				buildIndex();
+			}
+			
+			if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) {					
+				$post = round($_POST['post']);
+				
+				$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri']));
+				$query->bindValue(':id', $post, PDO::PARAM_INT);
+				$query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message'])));
+				$query->execute() or error(db_error($query));
+				
+				// Rebuild thread
+				$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
+				$query->bindValue(':id', $post, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				$thread = $query->fetch();
+				if($thread['thread'])
+					buildThread($thread['thread']);
+				else
+					buildThread($post);
+				
+				// Rebuild board
+				buildIndex();
+				
+				// Record the action
+				modLog("Attached a public ban message for post #{$post}: " . $_POST['message']);
+			}
+			
+			// Redirect
+			if(isset($_POST['continue']))
+				header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
+			elseif(isset($board))
+				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+			else
+				header('Location: ?/', true, $config['redirect_http']);
+		}
+	} elseif(preg_match('/^\/' . $regex['board'] . 'move\/(\d+)$/', $query, $matches)) {
+		
+		$boardName = &$matches[1];
+		$postID = $matches[2];
+		
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['move'], $boardName)) error($config['error']['noaccess']);
+		
+		if(isset($_POST['board'])) {
+			$targetBoard = $_POST['board'];
+			$shadow = isset($_POST['shadow']);
+			
+			if($targetBoard == $boardName)
+				error(_("Target and source board are the same."));
+			
+			// copy() if leaving a shadow thread behind. otherwise, rename().
+			$clone = $shadow ? 'copy' : 'rename';
+			
+			$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id", $board['uri']));
+			$query->bindValue(':id', $postID, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			if(!$post = $query->fetch()) {
+				error($config['error']['nonexistant']);
+			}
+			$post['op'] = true;
+			
+			if($post['file']) {
+				$post['has_file'] = true;
+				$post['width'] = &$post['filewidth'];
+				$post['height'] = &$post['fileheight'];
+				
+				$file_src = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file'];
+				$file_thumb = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb'];
+			} else $post['has_file'] = false;
+			
+			// allow thread to keep its same traits (stickied, locked, etc.)
+			$post['mod'] = true;
+			
+			if(!openBoard($targetBoard))
+				error($config['error']['noboard']);
+			
+			$newID = post($post);
+			
+			if($post['has_file']) {
+				$clone($file_src, sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']);
+				$clone($file_thumb, sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']);
+			}
+			
+			// move replies too...
+			openBoard($boardName);
+			
+			$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`", $board['uri']));
+			$query->bindValue(':id', $postID, PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			$replies = array();
+			while($post = $query->fetch()) {
+				$post['mod'] = true;
+				$post['thread'] = $newID;
+				
+				if($post['file']) {
+					$post['has_file'] = true;
+					$post['width'] = &$post['filewidth'];
+					$post['height'] = &$post['fileheight'];
+					
+					$post['file_src'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file'];
+					$post['file_thumb'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb'];
+				} else $post['has_file'] = false;
+				
+				$replies[] = $post;
+			}
+			
+			$newIDs = array($postID => $newID);
+			
+			openBoard($targetBoard);
+			foreach($replies as &$post) {
+				$query = prepare("SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post");
+				$query->bindValue(':board', $boardName);
+				$query->bindValue(':post', $post['id'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($qurey));
+				while($cite = $query->fetch(PDO::FETCH_ASSOC)) {
+					if(isset($newIDs[$cite['target']])) {
+						$post['body_nomarkup'] = preg_replace(
+								'/(>>(>\/' . preg_quote($boardName, '/') . '\/)?)' . preg_quote($cite['target'], '/') . '/',
+								'>>' . $newIDs[$cite['target']],
+								$post['body_nomarkup']);
+						
+						$post['body'] = $post['body_nomarkup'];
+					}
+				}
+				$post['op'] = false;
+				$post['tracked_cites'] = markup($post['body'], true);
+				
+				$newIDs[$post['id']] = $newPostID = post($post);
+				
+				if($post['has_file']) {
+					$clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']);
+					$clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']);
+				}
+				
+				foreach($post['tracked_cites'] as $cite) {
+					$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
+					$query->bindValue(':board', $board['uri']);
+					$query->bindValue(':post', $newPostID, PDO::PARAM_INT);
+					$query->bindValue(':target_board',$cite[0]);
+					$query->bindValue(':target', $cite[1], PDO::PARAM_INT);
+					$query->execute() or error(db_error($query));
+				}
+			}
+			
+			// build thread
+			buildThread($newID);
+			buildIndex();
+			
+			// trigger themes
+			rebuildThemes('post');
+			
+			openBoard($boardName);
+			
+			if($shadow) {
+				// lock thread
+				$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id", $board['uri']));
+				$query->bindValue(':id', $postID, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				
+				$post = array(
+					'mod' => true,
+					'subject' => '',
+					'email' => '',
+					'name' => $config['mod']['shadow_name'],
+					'capcode' => $config['mod']['shadow_capcode'],
+					'trip' => '',
+					'body' => sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID),
+					'password' => '',
+					'has_file' => false,
+					// attach to original thread
+					'thread' => $postID,
+					'op' => false
+				);
+				
+				markup($post['body']);
+				
+				$botID = post($post);
+				buildThread($postID);
+				
+				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $postID) . '#' . $botID, true, $config['redirect_http']);
+			} else {
+				deletePost($postID);
+				buildIndex();
+				
+				openBoard($targetBoard);
+				header('Location: ?/' . sprintf($config['board_path'], $board['uri']) . $config['dir']['res'] . sprintf($config['file_page'], $newID), true, $config['redirect_http']);
+			}
+		} else {
+		
+			$body = '<fieldset><legend>Move thread</legend>' .
+				'<form action="?/' . $boardName . '/move/' . $postID . '" method="post">' .
+					'<table>'
+				;
+		
+			$boards = listBoards();
+			if(count($boards) <= 1)
+				error(_('No board to move to; there is only one.'));
+			
+			$__boards = '';
+			foreach($boards as &$_board) {
+				if($_board['uri'] == $board['uri'])
+					continue;
+				$__boards .= '<li>' .
+					'<input type="radio" name="board" id="board_' . $_board['uri'] . '" value="' . $_board['uri'] . '">' .
+					'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
+							sprintf($config['board_abbreviation'], $_board['uri']) .
+						' - ' . $_board['title'] .
+					'</label>' .
+					'</li>';
+			}
+		
+			$body .= '<tr>' .
+						'<th>Thread ID</th>' .
+						'<td><input type="text" size="7" value="' . $postID . '" disabled /></td>' .
+					'</tr>' .
+				
+					'<tr>' . 
+						'<th><label for="message">Leave shadow thread</label></th>' .
+						'<td>' .
+							'<input type="checkbox" id="shadow" name="shadow" checked/>' .
+							' <span class="unimportant">(locks thread; replies to it with a link.)</span>' .
+						'</td>' .
+					'</tr>' .
+				
+					'<tr>' .
+						'<th>Target board</th>' .
+						'<td><ul style="list-style:none;padding:2px 5px">' . $__boards . '</tl></td>' .
+					'</tr>' .
+				
+					'<tr>' . 
+						'<td></td>' . 
+						'<td><input type="submit" value="Move thread" /></td>' . 
+					'</tr>' . 
+				'</table>' .
+			'</form></fieldset>';
+	
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'Move #' . $postID,
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
+		}
+	} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
+		
+		// Ban by post
+		
+		$boardName = &$matches[1];
+		// Open board
+		if(!openBoard($boardName))
+			error($config['error']['noboard']);
+		
+		if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']);
+		
+		$delete = isset($matches[2]) && $matches[2] == '&delete';
+		if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
+		
+		$post = $matches[3];
+		
+		$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
+		$query->bindValue(':id', $post, PDO::PARAM_INT);
+		$query->execute() or error(db_error($query));
+		
+		if($query->rowCount() < 1) {
+			error($config['error']['invalidpost']);
+		}
+	
+		$post = $query->fetch();
+		
+		$body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete);
+		
+		echo Element('page.html', array(
+			'config'=>$config,
+			'title'=>'New ban',
+			'body'=>$body,
+			'mod'=>true
+			)
+		);
+	} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P<id>\d+)$/', $query, $matches)) {
+		if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']);
+		
+		$ip = $matches[1];
+		$id = $matches['id'];
+
+		$query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id");
+		$query->bindValue(':ip', $ip);
+		$query->bindValue(':id', $id);
+		$query->execute() or error(db_error($query));
+		
+		header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
+	} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) {
+		// View information on an IP address
+		
+		$ip = $matches[1];
+		$host = $config['mod']['dns_lookup'] ? rDNS($ip) : false;
+		
+		if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) {
+			removeBan($_POST['ban_id']);
+			header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
+		} elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) {
+			$query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)");
+			$query->bindValue(':ip', $ip);
+			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+			$query->bindValue(':time', time(), PDO::PARAM_INT);
+			markup($_POST['note']);
+			$query->bindValue(':body', $_POST['note']);
+			$query->execute() or error(db_error($query));
+			
+			header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
+		} else {
+			$body = '';
+			$boards = listBoards();
+			foreach($boards as &$_board) {
+				openBoard($_board['uri']);
+			
+				$temp = '';
+				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
+				$query->bindValue(':ip', $ip);
+				$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+			
+				while($post = $query->fetch()) {
+					if(!$post['thread']) {
+						$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
+					} else {
+						$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'],  $post['embed'], '?/', $mod);
+					}
+					$temp .= $po->build(true) . '<hr/>';
+				}
+			
+				if(!empty($temp))
+					$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' .
+							sprintf($config['board_path'], $_board['uri']) . $config['file_index'] .
+						'">' .
+						sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
+						'</a></legend>' . $temp . '</fieldset>';
+			}
+		
+			if(hasPermission($config['mod']['view_notes'])) {
+				$query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC");
+				$query->bindValue(':ip', $ip);
+				$query->execute() or error(db_error($query));
+			
+				if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) {
+					$body .= '<fieldset><legend>' .
+							$query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . 
+						'</legend>';
+					if($query->rowCount() > 0) {
+						$body .= '<table class="modlog">' .
+						'<tr><th>Staff</th><th>Note</th><th>Date</th>' .
+							(hasPermission($config['mod']['remove_notes']) ? '<th>Actions</th>' : '') .
+						'</td>';
+						while($note = $query->fetch()) {
+						
+							if($note['mod']) {
+								$_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
+								$_query->bindValue(':id', $note['mod']);
+								$_query->execute() or error(db_error($_query));
+								if($_mod = $_query->fetch()) {
+									$staff = '<a href="?/new_PM/' . $note['mod'] . '">' . utf8tohtml($_mod['username']) . '</a>';
+								} else {
+									$staff = '<em>???</em>';
+								}
+							} else {
+								$staff = '<em>system</em>';
+							}
+							$body .= '<tr>' .
+								'<td class="minimal">' .
+									$staff .
+								'</td><td>' .
+									$note['body'] .
+								'</td><td class="minimal">' .
+									strftime($config['post_date'], $note['time']) .
+								'</td>' .
+								(hasPermission($config['mod']['remove_notes']) ?
+									'<td class="minimal"><a class="unimportant" href="?/IP/' . $ip . '/deletenote/' . $note['id'] . '">[delete]</a></td>'
+								: '') .
+							'</tr>';
+						}
+						$body .= '</table>';
+					}
+		
+					if(hasPermission($config['mod']['create_notes'])) {
+						$body .= '<form action="" method="post" style="text-align:center;margin:0">' . 
+								'<table>' .
+									'<tr>' .
+										'<th>Staff</th>' .
+										'<td>' . $mod['username'] . '</td>' .
+									'</tr>' .
+									'<tr>' .
+										'<th><label for="note">Note</label></th>' .
+										'<td><textarea id="note" name="note" rows="5" cols="30"></textarea></td>' .
+									'</tr>' .
+									'<tr>' .
+										'<td></td>' .
+										'<td><input type="submit" value="New note" /></td>' .
+									'</tr>' .
+								'</table>' .
+							'</form>';
+					}
+				
+					$body .= '</fieldset>';
+				}
+			}
+		
+			if(hasPermission($config['mod']['view_ban'])) {
+				$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
+				$query->bindValue(':ip', $ip);
+				$query->execute() or error(db_error($query));
+			
+				if($query->rowCount() > 0) {
+					$body .= '<fieldset><legend>Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record</legend>';
+				
+					while($ban = $query->fetch()) {
+						$body .= '<form action="" method="post" style="text-align:center">' .
+						'<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' . 
+							($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
+								'Expired'
+							: 'Active') .
+						'</td></tr>' .
+					
+						// IP
+						'<tr><th>IP</th><td>' . $ban['ip'] . '</td></tr>' .
+					
+						// Reason
+						'<tr><th>Reason</th><td>' . $ban['reason'] . '</td></tr>' .
+					
+						// Board
+						'<tr><th>Board</th><td>' .
+						(isset($ban['board']) ?
+							sprintf($config['board_abbreviation'], $ban['board'])
+						:
+							'<em>' . _('all boards') . '</em>'
+						) .
+						'</td></tr>' .
+					
+						// Set
+						'<tr><th>Set</th><td>' . strftime($config['post_date'], $ban['set']) . '</td></tr>' .
+					
+						// Expires
+						'<tr><th>Expires</th><td>' . 
+							($ban['expires'] == 0 ?
+								'<em>Never</em>'
+							:
+								strftime($config['post_date'], $ban['expires'])
+							) .
+						'</td></tr>' .
+					
+						// Staff
+						'<tr><th>Staff</th><td>' .
+							(isset($ban['username']) ?
+								(!hasPermission($config['mod']['view_banstaff']) ?
+									($config['mod']['view_banquestionmark'] ?
+										'?'
+									:
+										($ban['type'] == JANITOR ? 'Janitor' :
+										($ban['type'] == MOD ? 'Mod' :
+										($ban['type'] == ADMIN ? 'Admin' :
+										'?')))
+									)
+								:
+									utf8tohtml($ban['username'])
+								)
+								: '<em>deleted?</em>'
+							) .
+						'</td></tr></table>' .
+						
+						'<input type="hidden" name="ban_id" value="' . $ban['id'] . '" />' .
+						
+						'<input type="submit" name="unban" value="Remove ban" ' .
+							(!hasPermission($config['mod']['unban']) ? 'disabled' : '') .
+						'/></form>';
+					}
+					
+					$body .= '</fieldset>';
+					
+				}
+			}
+		
+			if(hasPermission($config['mod']['ip_banform']))
+				$body .= form_newBan($ip, null, '?/IP/' . $ip);
+		
+			echo Element('page.html', array(
+				'config'=>$config,
+				'title'=>'IP: ' . $ip,
+				'subtitle' => $host,
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
+		}
+	} else {
+		error($config['error']['404']);
+	}
+}
+
diff --git a/mod.php b/mod.php
index 31273e39..6e13cbec 100644
--- a/mod.php
+++ b/mod.php
@@ -4,11 +4,11 @@
  *  Copyright (c) 2010-2012 Tinyboard Development Group
  */
 
-// WARNING: This file is currently a clusterfuck of code. I will be rewriting it very soon.
-
 require 'inc/functions.php';
-require 'inc/mod.php';
+require 'inc/mod/auth.php';
+require 'inc/mod/pages.php';
 
+// Fix for magic quotes
 if (get_magic_quotes_gpc()) {
 	function strip_array($var) {
 		return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
@@ -20,3109 +20,47 @@ if (get_magic_quotes_gpc()) {
 
 $query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
 
-// If not logged in
-if(!$mod) {
-	if(isset($_POST['login'])) {
-		// Check if inputs are set and not empty
-		if(	!isset($_POST['username']) ||
-			!isset($_POST['password']) ||
-			empty($_POST['username']) ||
-			empty($_POST['password'])
-			) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
-		
-		
-		if(!login($_POST['username'], $_POST['password'])) {
-			if($config['syslog'])
-				_syslog(LOG_WARNING, 'Unauthorized login attempt!');
-			loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
-		}
-		
-		modLog("Logged in.");
-		
-		// Login successful
-		// Set cookies
-		setCookies();
-		
-		// Redirect
-		if(isset($_POST['redirect']))
-			header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
-		else
-			header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
-	} else {
-		loginForm(false, false, '?' . $query);
-	}
-} else {
-	// Redirect (for index pages)
-	if(count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r'])) {
-		header('Location: ' . $_GET['r'], true, $_GET['status']);
-		exit;
-	}
-	
-	// A sort of "cache"
-	// Stops calling preg_quote and str_replace when not needed; only does it once
-	$regex = array(
-		'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
-		'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
-		'img' => preg_quote($config['dir']['img'], '/'),
-		'thumb' => preg_quote($config['dir']['thumb'], '/'),
-		'res' => preg_quote($config['dir']['res'], '/'),
-		'index' => preg_quote($config['file_index'], '/')
-	);
+$pages = array(
+	'/^$/'			=> ':?/',		// redirect to dashboard
+	'/^\/$/'		=> 'dashboard',		// dashboard
 	
-	if(preg_match('/^\/?$/', $query)) {
-		// Dashboard
-		$fieldset = array(
-			'Boards' => '',
-			'Noticeboard' => '',
-			'Administration' => '',
-			'Themes' => '',
-			'Search' => '',
-			'Update' => '',
-			'Logout' => ''
-		);
-		
-		// Boards
-		$fieldset['Boards'] .= ulBoards();
-		
-		if(hasPermission($config['mod']['noticeboard'])) {
-			if(!$config['cache']['enabled'] || !($fieldset['Noticeboard'] = cache::get('noticeboard_preview'))) {
-				$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
-				$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-			
-				$fieldset['Noticeboard'] .= '<li>';
-			
-				$_body = '';
-				while($notice = $query->fetch()) {					
-					$_body .= '<li><a href="?/noticeboard#' .
-						$notice['id'] .
-					'">' .
-					($notice['subject'] ?
-						$notice['subject']
-					:
-						'<em>' . _('no subject') . '</em>'
-					) .
-				'</a><span class="unimportant"> &mdash; by ' .
-					(isset($notice['username']) ?
-						utf8tohtml($notice['username'])
-					: '<em>???</em>') .
-				' at ' .
-					strftime($config['post_date'], $notice['time']) .
-				'</span></li>';
-				}
-				if(!empty($_body)) {
-					$fieldset['Noticeboard'] .= '<ul>' . $_body . '</ul></li><li>';
-				}
-				if($config['cache']['enabled'])
-					cache::set('noticeboard_preview', $fieldset['Noticeboard']);
-			}
-			
-			$fieldset['Noticeboard'] .= '<a href="?/noticeboard">' . _('View all entries') . '</a></li>';
-		
-			$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
-			$query->bindValue(':id', $mod['id']);
-			$query->execute() or error(db_error($query));
-			$count = $query->fetch();
-			$count = $count['count'];
-		
-			$fieldset['Noticeboard'] .= '<li><a href="?/inbox">' . _('PM Inbox') . 
-				($count > 0
-				?
-					' <strong>(' . $count . ' unread)</strong>'
-				: '') .
-			'</a></li>';
-		
-			$fieldset['Noticeboard'] .= '<li><a href="?/news">' . _('News') . '</a></li>';
-		}
-		
-		
-		if(hasPermission($config['mod']['reports'])) {
-			$fieldset['Administration'] .= 	'<li><a href="?/reports">' . _('Report queue') . '</a></li>';
-		}
-		if(hasPermission($config['mod']['view_banlist'])) {
-			$fieldset['Administration'] .= 	'<li><a href="?/bans">' . _('Ban list') . '</a></li>';
-		}
-		if(hasPermission($config['mod']['manageusers'])) {
-			$fieldset['Administration'] .= 	'<li><a href="?/users">' . _('Manage users') . '</a></li>';
-		} elseif(hasPermission($config['mod']['change_password'])) {
-			$fieldset['Administration'] .= 	'<li><a href="?/users/' . $user['id'] . '">' . _('Change own password') . '</a></li>';
-		}
-		if(hasPermission($config['mod']['modlog'])) {
-			$fieldset['Administration'] .= 	'<li><a href="?/log">' . _('Moderation log') . '</a></li>';
-		}
-		if(hasPermission($config['mod']['rebuild'])) {
-			$fieldset['Administration'] .= 	'<li><a href="?/rebuild">' . _('Rebuild static files') . '</a></li>';
-		}
-		if(hasPermission($config['mod']['rebuild']) && $config['cache']['enabled']) {
-			$fieldset['Administration'] .= 	'<li><a href="?/flush">' . _('Clear cache') . '</a></li>';
-		}
-		if(hasPermission($config['mod']['show_config'])) {
-			$fieldset['Administration'] .= 	'<li><a href="?/config">' . _('Show configuration') . '</a></li>';
-		}
-		
-		if(hasPermission($config['mod']['themes'])) {
-			$fieldset['Themes'] .= 	'<li><a href="?/themes">' . _('Manage themes') . '</a></li>';
-		}
-		
-		if(hasPermission($config['mod']['search'])) {
-			$fieldset['Search'] .= 	'<li><form style="display:inline" action="?/search" method="post">' .
-			'<label style="display:inline" for="search">' . _('Phrase:') . '</label> ' .
-				'<input id="search" name="search" type="text" size="35" />' .
-				'<input type="submit" value="' . _('Search') . '" />' .
-			'</form>' .
-				'<p class="unimportant">' . _('(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)') . '</p>' .
-			'</li>';
-		}
-		
-		if($mod['type'] >= ADMIN && $config['check_updates']) {
-			if(!$config['version'])
-				error(_('Could not find current version! (Check .installed)'));
-			if(isset($_COOKIE['update'])) {
-				$latest = unserialize($_COOKIE['update']);
-			} else {
-				$ctx = stream_context_create(array( 
-					'http' => array(
-						'timeout' => 3
-						) 
-					) 
-				);
-				
-				if($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) {
-					eval($code);
-					if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $m)) {
-						$current = array(
-							'massive' => (int)$m[1],
-							'major' => (int)$m[2],
-							'minor' => (int)$m[3]
-						);
-						if(isset($m[4])) { 
-							// Development versions are always ahead in the versioning numbers
-							$current['minor'] --;
-						}
-					}
-					// Check if it's newer
-					if(	$latest['massive'] > $current['massive'] ||
-						$latest['major'] > $current['major'] ||
-							($latest['massive'] == $current['massive'] &&
-								$latest['major'] == $current['major'] &&
-								$latest['minor'] > $current['minor']
-							)) {
-						$latest = $latest;
-					} else $latest = false;
-				} else {
-					// Couldn't get latest version
-					// TODO: Display some sort of warning message
-					$latest = false;
-				}
-				
-				
-				setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
-			}
-			
-			if($latest) {
-				$fieldset['Update'] .=
-					'<li>A newer version of Tinyboard (<strong>v' .
-						$latest['massive'] . '.' .
-						$latest['major'] . '.' . 
-						$latest['minor'] .
-					'</strong>) is available! See <a href="http://tinyboard.org">http://tinyboard.org/</a> for upgrade instructions.</li>';
-			}
-		}
-		
-		$fieldset['Logout'] .= '<li><a href="?/logout">' . _('Logout') . '</a></li>';
-		
-		// TODO: Statistics, etc, in the dashboard.
-		
-		$body = '';
-		foreach($fieldset as $title => $data) {
-			if($data)
-				$body .= '<fieldset><legend>' . _($title) . '</legend><ul>' . $data . '</ul></fieldset>';
-		}
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('Dashboard'),
-			'body'=>$body,
-			'__mod'=>true
-		));
-	} elseif(preg_match('/^\/logout$/', $query)) {
-		destroyCookies();
-		
-		header('Location: ?/', true, $config['redirect_http']);
-	} elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) {
-		$uri = &$matches[1];
-		
-		$body = '<p style="text-align:center">' .
-		'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
-			'We were unable to serve a confirmation dialog for ' .
-				'<strong>?/' . utf8tohtml($uri) . '</strong>' .
-			', probably due to Javascript being disabled.' .
-		'</p>' .
-		'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . utf8tohtml($uri) . '">Confirm</a></p>';
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'Confirm',
-			'body'=>$body,
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/upgrade$/', $query)) {
-		if($mod['type'] != ADMIN)
-			error($config['error']['noaccess']);
-		
-		if(is_dir('.git')) {
-			// use git instead
-			
-			$body = '<div class="ban"><h2>git pull</h2>';
-			$body .= '<p>' . str_replace("\n", '<br/>', shell_exec('git pull')) . '</p>';
-			$body .= '</div>';
-			echo Element('page.html', array(
-				'config' => $config,
-				'title' => 'Upgraded',
-				'body' => $body
-			));
-			exit;
-		}
-		
-		if(!extension_loaded('curl'))
-			error('You need the cURL PHP extension to do that.');
-		
-		if(!class_exists('ZipArchive'))
-			error('You need <a href="http://php.net/manual/en/class.ziparchive.php">the ZipArchive class</a> to do that.');
-		
-		if(!in_array('zip', stream_get_wrappers()))
-			error('You need the zip:// stream wrapper to do that.');
-		
-		$temp = tempnam($config['tmp'], 'tinyboard');
-		
-		$fp = fopen($temp, 'w+');
-		
-		$curl = curl_init();
-		curl_setopt($curl, CURLOPT_URL, 'https://github.com/savetheinternet/Tinyboard/zipball/master');
-		curl_setopt($curl, CURLOPT_FAILONERROR, true);
-		curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
-		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
-		curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
-		curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
-		curl_setopt($curl, CURLOPT_TIMEOUT, 45);
-		curl_setopt($curl, CURLOPT_FILE, $fp);
-		curl_setopt($curl, CURLOPT_WRITEHEADER, $header = tmpfile());
-		curl_setopt($curl, CURLOPT_HEADER, true);
-		
-		curl_exec($curl);
-		
-		if(curl_errno($curl))
-			error('Failed downloading newest revision: ' . curl_error($curl));
-		
-		curl_close($curl);
-		
-		fflush($fp);
-		fclose($fp);
-		
-		fseek($header, 0);
-		$version = false;
-		while($line = fgets($header)) {
-			if(preg_match('/^Content-Disposition: attachment; filename=savetheinternet-Tinyboard-(.+)\.zip\s?$/', $line, $m)) {
-				$version = $m[1];
-			}
-		}
-		fclose($header);
-		
-		$zip = new ZipArchive();
-		if(!$zip->open($temp))
-			error('Could not make sense of the ZIP archive.');
-		
-		$version = preg_replace('/^savetheinternet-Tinyboard-(\w+)\//', '$1', $dir = $zip->getNameIndex(0));
-		
-		$errors = array();
-		for($i = 1; $i < $zip->numFiles; $i++) {
-			$filename = str_replace($dir, '', $zip->getNameIndex($i));
-			
-			if($filename == 'inc/instance-config.php')
-				continue; // don't override config
-			
-			// are we able to write here?
-			if(!((file_exists($filename) && is_writable($filename)) || (!file_exists($filename) && is_writable(dirname($filename))))) {
-				// nope
-				$errors[] = 'Cannot write to ' . $filename . '!';
-			}
-		}
-		
-		$zip->close();
-		
-		if($errors) {
-			$body = '<div class="ban"><h2>Error(s) upgrading</h2><p>Tinyboard can not self-upgrade until the following is fixed:</p><ul>';
-			foreach($errors as $error) {
-				$body .= '<li>' . $error . '</li>';
-			}
-			$body .= '</ul><p>Please fix the above errors and refresh to try again.</p></div>';
-			
-			unlink($temp);
-			
-			echo Element('page.html', array(
-				'config' => $config,
-				'title' => 'Error(s) upgrading',
-				'body' => $body
-			));
-			exit;
-		}
-		
-		// For some reason, reading the ZIP entries in PHP doesn't seem to work very well.
-		// Use shell instead.
-		shell_exec('TEMP_DIR=$(mktemp -d); unzip -q ' . escapeshellarg($temp) . ' -d $TEMP_DIR -x "' . escapeshellarg($dir) . 'inc/instance-config.php"; mv -v $TEMP_DIR/' . escapeshellarg($dir) . '* "' . getcwd() . '"; rm -rf $TEMP_DIR');
-		
-		unlink($temp);
-		
-		echo Element('page.html', array(
-			'config' => $config,
-			'title' => 'Upgraded',
-			'body' => '<p style="text-align:center">Upgrading seems to have gone okay. You are now at revision <strong>' . $version . '</strong>.</p>'
-		));		
-	} elseif(preg_match('/^\/log(\/(\d+))?$/', $query, $match)) {
-		if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
-		
-		$page = isset($match[2]) ? $match[2] : 1;
-		
-		$boards = array();
-		$_boards = listBoards();
-		foreach($_boards as &$_b) {
-			$boards[$_b['id']] = $_b['uri'];
-		}
-		
-		$query = prepare("SELECT `mod` as `id`, `username`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
-		$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
-		$query->bindValue(':offset', ($page - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		if(!$query->rowCount()) {
-			$body = '<p class="unimportant" style="text-align:center">(Nothing to display.)</p>';
-		} else {
-			$body = '<table class="modlog">' . 
-				'<tr>' . 
-					'<th>' . _('User') . '</th>' . 
-					'<th>' . _('IP address') . '</th>' .
-					'<th>' . _('Ago') . '</th>' . 
-					'<th>' . _('Board') . '</th>' . 
-					'<th>' . _('Action') . '</th>' . 
-				'</tr>';
-			while($log = $query->fetch()) {
-				$log_id = 'log_' . md5($log['text']);
-				
-				if($config['cache']['enabled'] && $_log = cache::get($log_id))
-					$log['text'] = $_log;
-				else {
-				
-					$log['text'] = utf8tohtml($log['text']);
-					$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']);
-				
-					if(isset($boards[$log['board']])) {
-						if(preg_match('/post #(\d+)/', $log['text'], $match)) {
-							$post_query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $boards[$log['board']]));
-							$post_query->bindValue(':id', $match[1], PDO::PARAM_INT);
-							$post_query->execute() or error(db_error($query));
-						
-							if($post = $post_query->fetch()) {
-								$log['text'] = preg_replace('/post (#(\d+))/',
-									'post <a href="' .
-										'?/' .
-										sprintf($config['board_path'], $boards[$log['board']]) .
-										$config['dir']['res'] .
-										($post['thread'] ?
-											sprintf($config['file_page'], $post['thread']) . '#' . $match[1]
-										: sprintf($config['file_page'], $match[1])) .
-									'">$1</a>', $log['text']);
-							} else {
-								$log['text'] = preg_replace('/post (#(\d+))/', 'post <s>$1</s>', $log['text']);
-							}
-							
-							if($config['cache']['enabled'])
-								cache::set($log_id, $log['text']);
-						}
-					}
-				}
-				
-				$body .= '<tr>' .
-				'<td class="minimal">' .
-					($log['username'] ? 
-						'<a href="?/new_PM/' . $log['id'] . '">' . $log['username'] . '</a>'
-					: '<em>' . ($log['id'] < 0 ? 'system' : 'deleted?') . '</em>') .
-				'</td>' .
-				'<td class="minimal">' . ($log['id'] < 0 ? '&ndash;' : '<a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a>') . '</td>' .
-				'<td class="minimal">' . ago($log['time']) . '</td>' .
-				'<td class="minimal">' .
-					($log['board'] ?
-						'<a href="?/' . sprintf($config['board_path'], $log['board']) . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $log['board']) . '</a></td>'
-					: '-') .
-				'<td>' . $log['text'] . '</td>' .
-				'</tr>';
-			}
-		
-			$body .= '</table>';
-			
-			$query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`");
-			$query->execute() or error(db_error($query));
-			$count = $query->fetch();
-			
-			$body .= '<p class="unimportant" style="text-align:center;word-wrap:break-word">';
-			for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) {
-				$body .= '<a href="?/log/' . ($x+1) . '">[' . ($x + 1) . ']</a> ';
-			}
-			$body .= '</p>';
-		}
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('Moderation log'),
-			'body'=>$body,
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
-		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
-		
-		// Clearsettings
-		query("TRUNCATE TABLE `theme_settings`") or error(db_error());
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'No theme',
-			'body'=>'<p style="text-align:center">Successfully uninstalled all themes.</p>' .
-				'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/themes\/([\w\-]+)\/rebuild$/', $query, $match)) {
-		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
-		
-		rebuildTheme($match[1], 'all');
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'Rebuilt',
-			'body'=>'<p style="text-align:center">Successfully rebuilt the <strong>' . $match[1] . '</strong> theme.</p>' .
-				'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) {
-		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
-		
-		$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
-		$query->bindValue(':theme', $match[1]);
-		$query->execute() or error(db_error($query));
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'Uninstalled',
-			'body'=>'<p style="text-align:center">Successfully uninstalled the <strong>' . $match[1] . '</strong> theme.</p>' .
-				'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/themes(\/([\w\-]+))?$/', $query, $match)) {
-		if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
-		
-		if(!is_dir($config['dir']['themes']))
-			error(_('Themes directory doesn\'t exist!'));
-		if(!$dir = opendir($config['dir']['themes']))
-			error(_('Cannot open themes directory; check permissions.'));
-		
-		if(isset($match[2])) {
-			$_theme = &$match[2];
-			
-			if(!$theme = loadThemeConfig($_theme)) {
-				error($config['error']['invalidtheme']);
-			}
-			
-			if(isset($_POST['install'])) {
-				// Check if everything is submitted
-				foreach($theme['config'] as &$c) {
-					if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox')
-						error(sprintf($config['error']['required'], $c['title']));
-				}
-				
-				// Clear previous settings
-				$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
-				$query->bindValue(':theme', $_theme);
-				$query->execute() or error(db_error($query));
-				
-				foreach($theme['config'] as &$c) {
-					$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
-					$query->bindValue(':theme', $_theme);
-					$query->bindValue(':name', $c['name']);
-					$query->bindValue(':value', $_POST[$c['name']]);
-					$query->execute() or error(db_error($query));
-				}
-				
-				$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
-				$query->bindValue(':theme', $_theme);
-				$query->execute() or error(db_error($query));
-				
-				$result = true;
-				$body = '';
-				if(isset($theme['install_callback'])) {
-					$ret = $theme['install_callback'](themeSettings($_theme));
-					if($ret && !empty($ret)) {
-						if(is_array($ret) && count($ret) == 2) {
-							$result = $ret[0];
-							$ret = $ret[1];
-						}
-						$body .= '<div style="border:1px dashed maroon;padding:20px;margin:auto;max-width:800px">' . $ret . '</div>';
-					}
-				}
-				
-				if($result) {
-					$body .= '<p style="text-align:center">Successfully installed and built theme.</p>';
-				} else {
-					// install failed
-					$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
-					$query->bindValue(':theme', $_theme);
-					$query->execute() or error(db_error($query));
-				}
-				
-				$body .= '<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>';
-				
-				// Build themes
-				rebuildThemes('all');
-				
-				echo Element('page.html', array(
-					'config'=>$config,
-					'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'),
-					'body'=>$body,
-					'mod'=>true
-					)
-				);
-			} else {
-				$body = '<form action="" method="post">';
-				
-				if(!isset($theme['config']) || empty($theme['config'])) {
-					$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>';
-				} else {
-					$settings = themeSettings($_theme);
-					
-					$body .= '<table>';
-					foreach($theme['config'] as &$c) {
-						$body .= '<tr><th>' . $c['title'] . '</th><td>';
-						switch($c['type']) {
-							case 'text':
-							default:
-								$body .= '<input type="text" name="' . utf8tohtml($c['name']) . '" ' .
-									(isset($settings[$c['name']]) ?
-										' value="' . utf8tohtml($settings[$c['name']]) . '" '
-									:
-										(isset($c['default']) ?
-											'value="' . utf8tohtml($c['default']) . '" '
-										: '')
-									) .
-									(isset($c['size']) ? 'size="' . (int)$c['size'] . '" ' :'') .
-								'/>';
-						}
-						if(isset($c['comment']))
-							$body .= ' <span class="unimportant">' . $c['comment'] . '</span>';
-						$body .= '</td></tr>';
-					}
-					$body .= '</table>';
-				}
-				
-				$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>';
-				
-				echo Element('page.html', array(
-					'config'=>$config,
-					'title'=>'Installing "' . utf8tohtml($theme['name']) . '"',
-					'body'=>$body,
-					'mod'=>true
-					)
-				);
-			}
-		} else {
-			
-			$themes_in_use = array();
-			$query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
-			while($theme = $query->fetch()) {
-				$themes_in_use[$theme['theme']] = true;
-			}
-			
-			// Scan directory for themes
-			$themes = array();
-			while($file = readdir($dir)) {
-				if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
-					$themes[] = $file;
-				}
-			}
-			closedir($dir);
-			
-			$body = '';
-			if(empty($themes)) {
-				$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>';
-			} else {
-				$body .= '<table class="modlog">';
-				foreach($themes as &$_theme) {
-					$theme = loadThemeConfig($_theme);
-					
-					markup($theme['description']);
-					
-					$body .= '<tr>' .
-								'<th class="minimal">' . _('Name') . '</th>' .
-								'<td>' . utf8tohtml($theme['name']) . '</td>' .
-							'</tr>' .
-							'<tr>' .
-								'<th class="minimal">' . _('Version') . '</th>' .
-								'<td>' . utf8tohtml($theme['version']) . '</td>' .
-							'</tr>' .
-							'<tr>' .
-								'<th class="minimal">' . _('Description') . '</th>' .
-								'<td>' . $theme['description'] . '</td>' .
-							'</tr>' .
-							'<tr>' .
-								'<th class="minimal">' . _('Thumbnail') . '</th>' .
-								'<td><img style="float:none;margin:4px' . 
-									(isset($themes_in_use[$_theme]) ?
-										';border:2px solid red;padding:4px'
-									: '') .
-									'" src="' . $config['dir']['themes_uri'] . '/' . $_theme . '/thumb.png" /></td>' .
-							'</tr>' .
-							'<tr>' .
-								'<th class="minimal">' . _('Actions') . '</th>' .
-								'<td><ul style="padding:0 20px">' .
-									'<li><a title="' . _('Use theme') . '" href="?/themes/' . $_theme . '">' .
-										(isset($themes_in_use[$_theme]) ? _('Reconfigure') : _('Install')) .
-									'</a></li>' .
-									(isset($themes_in_use[$_theme]) ?
-										'<li><a href="?/themes/' . $_theme . '/rebuild">' . _('Rebuild') . '</a></li>' .
-										'<li><a href="?/themes/' . $_theme . '/uninstall">' . _('Uninstall') . '</a></li>'
-									:
-										'') .
-								'</ul></td>' .
-							'</tr>' .
-							'<tr style="height:40px"><td colspan="2"><hr/></td></tr>';
-				}
-				$body .= '</table>';
-			}
-			
-			if(!empty($themes_in_use))
-				$body .= '<p style="text-align:center"><a href="?/themes/none">' . _('Uninstall all themes.') . '</a></p>';
-			
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>_('Manage themes'),
-				'body'=>$body,
-				'mod'=>true
-				)
-			);
-		}
-	} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
-		if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
-		
-		$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
-		$query->bindValue(':id', $match[1], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		if($config['cache']['enabled'])
-			cache::delete('noticeboard_preview');
-		
-		header('Location: ?/noticeboard', true, $config['redirect_http']);
-	} elseif(preg_match('/^\/noticeboard$/', $query)) {
-		if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
-		
-		$body = '';
-		
-		if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
-				$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
-				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
-				$query->bindvalue(':time', time(), PDO::PARAM_INT);
-				$query->bindValue(':subject', utf8tohtml($_POST['subject']));
-				
-				markup($_POST['body']);
-				$query->bindValue(':body', $_POST['body']);
-				$query->execute() or error(db_error($query));
-				
-				if($config['cache']['enabled'])
-					cache::delete('noticeboard_preview');
-				
-				header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']);
-		} else {
-			
-			if(hasPermission($config['mod']['noticeboard_post'])) {
-				$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
-				'<tr>' .
-					'<th><label for="subject">' . _('Name') . '</label></th>' .
-					'<td>' . $mod['username'] . '</td>' .
-				'</tr><tr>' .
-					'<th>' . _('Subject') . '</th>' .
-					'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
-				'</tr><tr>' .
-					'<th>' . _('Body') . '</th>' .
-					'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
-				'</tr><tr>' .
-					'<td></td><td><input type="submit" value="' . _('Post to noticeboard') . '" /></td>' .
-				'</tr></table>' .
-				'</form></fieldset>';
-			}
-			
-			$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
-			$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			while($notice = $query->fetch()) {
-				$body .= '<div class="ban">' .
-					(hasPermission($config['mod']['noticeboard_delete']) ?
-						'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice['id'] . '">[delete]</a></span>'
-					: '') .
-				'<h2 id="' . $notice['id'] . '">' .
-					($notice['subject'] ?
-						$notice['subject']
-					:
-						'<em>' . _('no subject') . '</em>'
-					) .
-				'<span class="unimportant"> &mdash; by ' .
-					(isset($notice['username']) ?
-						utf8tohtml($notice['username'])
-					:
-						'<em>???</em>'
-					) .
-				' at ' .
-					strftime($config['post_date'], $notice['time']) .
-				'</span></h2><p>' . $notice['body'] . '</p></div>';
-			}
-		
-		
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>_('Noticeboard'),
-				'body'=>$body,
-				'mod'=>true
-				)
-			);
-		}
-	} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
-		if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
-		
-		$query = prepare("DELETE FROM `news` WHERE `id` = :id");
-		$query->bindValue(':id', $match[1], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		rebuildThemes('news');
-		
-		header('Location: ?/news', true, $config['redirect_http']);
-	} elseif(preg_match('/^\/news$/', $query)) {			
-		$body = '';
-		
-		if(hasPermission($config['mod']['news'])) {
-			if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
-				$query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)");
-				
-				if(isset($_POST['name']) && hasPermission($config['mod']['news_custom']))
-					$name = &$_POST['name'];
-				else
-					$name = &$mod['username'];
-				
-				$query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT);
-				$query->bindvalue(':time', time(), PDO::PARAM_INT);
-				$query->bindValue(':subject', utf8tohtml($_POST['subject']));
-				
-				markup($_POST['body']);
-				$query->bindValue(':body', $_POST['body']);
-				$query->execute() or error(db_error($query));
-				
-				rebuildThemes('news');
-			}
-			
-			$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
-			'<tr>' .
-				'<th>' . _('Name') . '</th>' .
-				(hasPermission($config['mod']['news_custom']) ?
-					'<td><input type="text" size="55" name="name" id="name" value="' . utf8tohtml($mod['username']) . '" /></td>'
-				:
-					'<td>' . $mod['username'] . '</td>') .
-			'</tr><tr>' .
-				'<th>' . _('Subject') . '</th>' .
-				'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
-			'</tr><tr>' .
-				'<th>' . _('Body') . '</th>' .
-				'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
-			'</tr><tr>' .
-				'<td></td><td><input type="submit" value="' . _('Post to news') . '" /></td>' .
-			'</tr></table>' .
-			'</form></fieldset>';
-		}
-		
-		$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit");
-		$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		while($news = $query->fetch()) {			
-			$body .= '<div class="ban">' .
-				(hasPermission($config['mod']['news_delete']) ?
-					'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news['id'] . '">[delete]</a></span>'
-				: '') .
-			'<h2 id="' . $news['id'] . '">' .
-				($news['subject'] ?
-					$news['subject']
-				:
-					'<em>' . _('no subject') . '</em>'
-				) .
-			'<span class="unimportant"> &mdash; by ' .
-				$news['name'] .
-			' at ' .
-				strftime($config['post_date'], $news['time']) .
-			'</span></h2><p>' . $news['body'] . '</p></div>';
-		}
-		
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('News'),
-			'body'=>$body,
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/inbox\/readall$/', $query, $match)) {
-		$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `to` = :id");
-		$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		modLog('Marked all PMs as read');
-		
-		header('Location: ?/inbox', true, $config['redirect_http']);
-	} elseif(preg_match('/^\/inbox$/', $query, $match)) {
-		$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
-		$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		if($query->rowCount() == 0) {
-			$body = '<p style="text-align:center" class="unimportant">(' . _('No private messages for you.') . ')</p>';
-		} else {
-			$unread_pms = 0;
-			
-			$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>';
-			while($pm = $query->fetch()) {
-				$body .= '<tr' . ($pm['unread'] ? ' style="font-weight:bold"' : '') . '>' . 
-						'<td class="minimal"><a href="?/PM/' . $pm['id'] . '">' . $pm['id'] . '</a></td>' .
-						'<td class="minimal">' .
-							($pm['username'] ?
-								'<a href="?/new_PM/' . $pm['sender'] . '">' . $pm['username'] . '</a>'
-							: '<em>deleted?</em>') .
-						'</td>' .
-						'<td class="minimal">' . strftime($config['post_date'], $pm['time']) . '</td>' .
-						'<td><a href="?/PM/' . $pm['id'] . '">' . pm_snippet($pm['message']) . '</a></td>' .
-					'</tr>';
-				
-				if($pm['unread'])
-					$unread_pms++;
-			}
-			$body .= '</table>';
-			
-			if($unread_pms) {
-				$body = '<p style="text-align:center" class="unimportant">(<a href="?/inbox/readall">Mark all as read</a>)</p>' . $body;
-			}
-		}
-		
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('PM Inbox') . ' (' . ($query->rowCount() == 0 ? _('empty') : $unread_pms . ' ' . _('unread')) . ')',
-			'body'=>$body,
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
-		$id = &$match[1];
-		
-		if(hasPermission($config['mod']['master_pm'])) {
-			$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
-		} else {
-			$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
-			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
-		}
-		
-		$query->bindValue(':id', $id, PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		if(!$pm = $query->fetch()) {
-			// Mod doesn't exist
-			error($config['error']['404']);
-		}
-		
-		if(isset($_POST['delete'])) {
-			$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
-			$query->bindValue(':id', $id, PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			modLog('Deleted a PM');
-			
-			header('Location: ?/inbox', true, $config['redirect_http']);
-		} else {
-			if($pm['unread']) {
-				$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
-				$query->bindValue(':id', $id, PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				modLog('Read a PM');
-			}
-			
-			if($pm['to'] != $mod['id']) {
-				$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
-				$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				if($_mod = $query->fetch()) {
-					$__to = &$_mod['username'];
-				} else {
-					$__to = false;
-				}
-			}
-			
-			$body = '<form action="" method="post" style="margin:0"><table>' . 
-			
-			'<th>From</th><td>' .
-				(!$pm['username'] ?
-					'<em>???</em>'
-				:
-					'<a href="?/new_PM/' . $pm['sender'] . '">' . utf8tohtml($pm['username']) . '</a>'
-				) .
-			'</td></tr>' .
-			
-			(isset($__to) ?
-				'<th>To</th><td>' .
-					($__to === false ?
-						'<em>???</em>'
-					:
-						'<a href="?/new_PM/' . $pm['to'] . '">' . utf8tohtml($__to) . '</a>'
-					) .
-				'</td></tr>'
-			: '') .
-			
-			'<tr><th>Date</th><td> ' . strftime($config['post_date'], $pm['time']) . '</td></tr>' .
-			
-			'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
-			
-			'</table>' . 
-			
-			'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
-			
-			'</form>' .
-			
-			'<p style="text-align:center"><a href="?/new_PM/' . $pm['sender'] . '/' . $pm['id'] . '">Reply with quote</a></p>';
-			
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'Private message',
-				'body'=>$body,
-				'mod'=>true
-				)
-			);
-		}
-	} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
-		if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
-		
-		$to = &$match[1];
-		
-		$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
-		$query->bindValue(':id', $to, PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		if(!$to = $query->fetch()) {
-			// Mod doesn't exist
-			error($config['error']['404']);
-		}
-		
-		if(isset($_POST['message'])) {
-			// Post message
-			$message = &$_POST['message'];
-			
-			if(empty($message))
-				error($config['error']['tooshort_body']);
-			
-			markup($message);
-			
-			$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
-			$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
-			$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
-			$query->bindValue(':message', $message);
-			$query->bindValue(':time', time(), PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			modLog('Sent a PM to ' . $to['username']);
-			
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'PM sent',
-				'body'=>'<p style="text-align:center">Message sent successfully to ' . utf8tohtml($to['username']) . '.</p>',
-				'mod'=>true
-				)
-			);
-		} else {
-			$value = '';
-			if(isset($match[3])) {
-				$reply = &$match[3];
-				
-				$query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id");
-				$query->bindValue(':sender', $to['id'], PDO::PARAM_INT);
-				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
-				$query->bindValue(':id', $reply, PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				if($pm = $query->fetch()) {
-					$value = quote($pm['message']);
-				}
-			}
-			
-			
-			$body = '<form action="" method="post">' .
-			
-			'<table>' . 
-			
-			'<tr><th>To</th><td>' .
-				(hasPermission($config['mod']['editusers']) ?
-					'<a href="?/users/' . $to['id'] . '">' . utf8tohtml($to['username']) . '</a>' :
-					utf8tohtml($to['username'])
-				) .
-			'</td>' .
-			
-			'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40">' . $value . '</textarea></td>' .
-			
-			'</table>' .
-			
-			'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
-			
-			'</form>';
-			
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'New PM for ' . utf8tohtml($to['username']),
-				'body'=>$body,
-				'mod'=>true
-				)
-			);
-		}
-	} elseif(preg_match('/^\/search$/', $query)) {
-		if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']);
-		
-		$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
-			'<p><label style="display:inline" for="search">Phrase:</label> ' .
-				'<input id="search" name="search" type="text" size="35" ' .
-					(isset($_POST['search']) ? 'value="' . str_replace('"', '&quot;', utf8tohtml($_POST['search'])) . '" ' : '') .
-				'/>' .
-				'<input type="submit" value="Search" />' .
-			'</p></form>' .
-				'<p><span class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</span></p>' .
-			'</div>';
-		
-		if(isset($_POST['search']) && !empty($_POST['search'])) {
-			$phrase = &$_POST['search'];
-			$_body = '';
-			
-			$filters = array();
-			
-			function search_filters($m) {
-				global $filters;
-				$name = $m[2];
-				$value = isset($m[4]) ? $m[4] : $m[3];
-				
-				if(!in_array($name, array('id', 'thread', 'subject', 'email', 'name', 'trip', 'capcode', 'filename', 'filehash', 'ip'))) {
-					// unknown filter
-					return $m[0];
-				}
-				
-				$filters[$name] = $value;
-				
-				return $m[1];
-			}
-			
-			$phrase = trim(preg_replace_callback('/(^|\s)(\w+):("(.*)?"|[^\s]*)/', 'search_filters', $phrase));
-			
-			// Escape escape character
-			$phrase = str_replace('!', '!!', $phrase);
-			
-			// Remove SQL wildcard
-			$phrase = str_replace('%', '!%', $phrase);
-			
-			// Use asterisk as wildcard to suit convention
-			$phrase = str_replace('*', '%', $phrase);
-			
-			$like = '';
-			$match = array();
-			
-			// Find exact phrases
-			if(preg_match_all('/"(.+?)"/', $phrase, $m)) {
-				foreach($m[1] as &$quote) {
-					$phrase = str_replace("\"{$quote}\"", '', $phrase);
-					$match[] = $pdo->quote($quote);
-				}
-			}
-			
-			$words = explode(' ', $phrase);
-			foreach($words as &$word) {
-				if(empty($word))
-					continue;
-				$match[] = $pdo->quote($word);
-			}
-			
-			$like = '';
-			foreach($match as &$phrase) {
-				if(!empty($like))
-					$like .= ' AND ';
-				$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
-				$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
-			}
-			
-			foreach($filters as $name => $value) {
-				if(!empty($like))
-					$like .= ' AND ';
-				$like .= '`' . $name . '` = '. $pdo->quote($value);
-			}
-			
-			$like = str_replace('%', '%%', $like);
-			
-			$boards = listBoards();
-			foreach($boards as &$_b) {
-				openBoard($_b['uri']);
-				
-				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
-				$query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				$temp = '';
-				while($post = $query->fetch()) {
-					if(!$post['thread']) {
-						$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
-					} else {
-						$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
-					}
-					$temp .= $po->build(true) . '<hr/>';
-				}
-				
-				if(!empty($temp))
-					$_body .= '<fieldset><legend>' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on <a href="?/' .
-							sprintf($config['board_path'], $board['uri']) . $config['file_index'] .
-					'">' .
-					sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] .
-					'</a></legend>' . $temp . '</fieldset>';
-			}
-			
-			$body .= '<hr/>';
-			if(!empty($_body))
-				$body .= $_body;
-			else
-				$body .= '<p style="text-align:center" class="unimportant">(No results.)</p>';
-		}
-			
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'Search',
-			'body'=>$body,
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/users$/', $query)) {
-		if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']);
-		
-		$body = '<form action="" method="post"><table class="modlog" style="width:auto"><tr><th>' . _('ID') . '</th><th>' . _('Username') . '</th><th>' . _('Type') . '</th><th>' . _('Boards') . '</th><th>' . _('Last action') . '</th><th>&hellip;</th></tr>';
-		
-		$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
-		while($_mod = $query->fetch()) {				
-			$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
-			
-			$_mod['boards'] = explode(',', $_mod['boards']);
-			foreach($_mod['boards'] as &$_board) {
-				if($_board != '*')
-					$_board = '/' . $_board . '/';
-			}
-			
-			$body .= '<tr>' .
-				'<td>' .
-					$_mod['id'] .
-				'</td>' .
-				
-				'<td>' .
-					utf8tohtml($_mod['username']) .
-				'</td>' .
-				
-				'<td>' .
-					$type .
-				'</td>' .
-				
-				'<td>' .
-					implode(', ', $_mod['boards']) .
-				'</td>' .
-				
-				'<td>' .
-					($_mod['last'] ?
-						(hasPermission($config['mod']['modlog']) ?
-							'<span title="' . str_replace('"', '&quot;', utf8tohtml($_mod['action'])) . '">' . ago($_mod['last']) . '</span>'
-						: ago($_mod['last']))
-					: '<em>never</em>') .
-				'</td>' .
-				
-				'<td style="white-space:nowrap">' .
-					(hasPermission($config['mod']['promoteusers']) ?
-						($_mod['type'] != ADMIN ?
-							'<a style="float:left;text-decoration:none" href="?/users/' . $_mod['id'] . '/promote" title="Promote">▲</a>'
-						:'') .
-						($_mod['type'] != JANITOR ?
-							'<a style="float:left;text-decoration:none" href="?/users/' . $_mod['id'] . '/demote" title="Demote">▼</a>'
-						:'')
-					: ''
-					) .
-					(hasPermission($config['mod']['editusers']) ||
-					(hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])?
-						'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
-					: '' ) .
-					(hasPermission($config['mod']['create_pm']) ?
-						'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod['id'] . '">[PM]</a>'
-					: '' ) .
-				'</td></tr>';
-		}
-		
-		$body .= '</table>';
-		
-		if(hasPermission($config['mod']['createusers'])) {
-			$body .= '<p style="text-align:center"><a href="?/users/new">' . _('Create new user') . '</a></p>';
-		}
-		
-		$body .= '</form>';
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('Manage users'),
-			'body'=>$body
-			,'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/users\/new$/', $query)) {
-		if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']);
-		
-		if(isset($_POST['username']) && isset($_POST['password'])) {
-			if(!isset($_POST['type'])) {
-				error(sprintf($config['error']['required'], 'type'));
-			}
-			
-			if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
-				error(sprintf($config['error']['invalidfield'], 'type'));
-			}
-			
-			// Check if already exists
-			$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
-			$query->bindValue(':username', $_POST['username']);
-			$query->execute() or error(db_error($query));
-			
-			if($_mod = $query->fetch()) {
-				error(sprintf($config['error']['modexists'], $_mod['id']));
-			}
-			
-			$boards = array();
-			foreach($_POST as $name => $null) {
-				if(preg_match('/^board_(.+)$/', $name, $m))
-					$boards[] = $m[1];
-			}
-			$boards = implode(',', $boards);
-			
-			$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)");
-			$query->bindValue(':username', $_POST['username']);
-			$query->bindValue(':password', sha1($_POST['password']));
-			$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
-			$query->bindValue(':boards', $boards);
-			$query->execute() or error(db_error($query));
-			
-			modLog('Create a new user: "' . $_POST['username'] . '"');
-			header('Location: ?/users', true, $config['redirect_http']);
-		} else {
-		
-			$__boards = '<ul style="list-style:none;padding:2px 5px">';			
-			$boards = array_merge(
-					array(array('uri' => '*', 'title' => 'All')
-				), listBoards());
-			foreach($boards as &$_board) {
-				$__boards .= '<li>' .
-					'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '">' .
-					'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
-						($_board['uri'] == '*' ?
-							'<em>"*"</em>'
-						:
-							sprintf($config['board_abbreviation'], $_board['uri'])
-						) .
-						' - ' . $_board['title'] .
-					'</label>' .
-					'</li>';
-			}
-		
-			$body = '<fieldset><legend>New user</legend>' . 
-			
-				// Begin form
-				'<form style="text-align:center" action="" method="post">' .
-			
-				'<table>' .
-			
-				'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
-				'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
-				'<tr><th>Type</th><td>' .
-					'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
-					'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
-					'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
-				'</td></tr>' .
-				'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
-				'</table>' .
-			
-				'<input style="margin-top:10px" type="submit" value="Create user" />' .
-			
-				// End form
-				'</form></fieldset>';
-			
-				echo Element('page.html', array(
-					'config'=>$config,
-					'title'=>'New user',
-					'body'=>$body
-					,'mod'=>true
-					)
-				);
-			}
-	} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
-		$modID = &$matches[1];
-		
-		if(isset($matches[2])) {
-			if($matches[3] == 'delete') {
-				if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']);
-				
-				$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
-				$query->bindValue(':id', $modID, PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				modLog('Deleted user #' . $modID);
-			} else {
-				// Promote/demote
-				if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']);
-				
-				if($matches[3] == 'promote') {
-					$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
-					$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
-				} else {
-					$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
-					$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
-				}
-				
-				$query->bindValue(':id', $modID, PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-			}
-			header('Location: ?/users', true, $config['redirect_http']);
-		} else {
-			// Edit user
-			if(!hasPermission($config['mod']['editusers']) && !hasPermission($config['mod']['change_password']))
-				error($config['error']['noaccess']);
-			
-			$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
-			$query->bindValue(':id', $modID, PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			if(!$_mod = $query->fetch()) {
-				error($config['error']['404']);
-			}
-			
-			if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true))
-				error($config['error']['noaccess']);
-			
-			if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
-				if(!isset($change_password_only)) {
-					$boards = array();
-					foreach($_POST as $name => $null) {
-						if(preg_match('/^board_(.+)$/', $name, $m))
-							$boards[] = $m[1];
-					}
-					$boards = implode(',', $boards);
-					
-					$query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id");
-					$query->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
-					$query->bindValue(':boards', $boards, PDO::PARAM_STR);
-					$query->bindValue(':id', $modID, PDO::PARAM_INT);
-					$query->execute() or error(db_error($query));
-					modLog('Edited login details for user "' . $_mod['username'] . '"');
-				} else {
-					modLog('Changed own password');
-				}
-				if(!empty($_POST['password'])) {
-					$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
-					$query->bindValue(':password', sha1($_POST['password']));
-					$query->bindValue(':id', $modID, PDO::PARAM_INT);
-					$query->execute() or error(db_error($query));
-				}
-				
-				// Refresh
-				$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
-				$query->bindValue(':id', $modID, PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				if(!$_mod = $query->fetch()) {
-					error($config['error']['404']);
-				}
-				
-				if($_mod['id'] == $mod['id']) {
-					// Changed own password. Update cookies
-					
-					if(!login($_mod['username'], $_mod['password'], false, true))
-						error(_('Could not re-login after changing password. (?)'));
-					
-					setCookies();
-				}
-				
-				if(hasPermission($config['mod']['manageusers']))
-					header('Location: ?/users', true, $config['redirect_http']);
-				else
-					header('Location: ?/', true, $config['redirect_http']);
-				exit;
-			}
-			
-			$__boards = '<ul style="list-style:none;padding:2px 5px">';
-			$boards = array_merge(
-					array(array('uri' => '*', 'title' => 'All')
-				), listBoards());
-			
-			$_mod['boards'] = explode(',', $_mod['boards']);
-			foreach($boards as &$_board) {
-				$__boards .= '<li>' .
-					'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"' .
-						(in_array($_board['uri'], $_mod['boards']) ? 
-							' checked="checked"'
-						: '') .
-					'/> ' . 
-					'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
-						($_board['uri'] == '*' ?
-							'<em>"*"</em>'
-						:
-							sprintf($config['board_abbreviation'], $_board['uri'])
-						) .
-						' - ' . $_board['title'] .
-					'</label>' .
-					'</li>';
-			}
-			$__boards .= '</ul>';
-			
-			$body = '<fieldset><legend>Edit user</legend>' . 
-			
-			// Begin form
-			'<form style="text-align:center" action="" method="post">' .
-			
-			'<table>' .
-			
-			'<tr><th>Username</th><td>' . 
-			
-			(isset($change_password_only) ?
-				utf8tohtml($_mod['username'])
-			: '<input size="20" maxlength="30" type="text" name="username" value="' . utf8tohtml($_mod['username']) . '" autocomplete="off" />') .
-			
-			'</td></tr>' .
-			'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
-			
-			(isset($change_password_only) ? '' :
-				'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
-			) .
-			
-			'</table>' .
-			
-			'<input type="submit" value="Save changes" />' .
-			
-			// End form
-			'</form> ' .
-			
-			// Delete button
-			(hasPermission($config['mod']['deleteusers']) ?
-				'<p style="text-align:center"><a href="?/users/' . $_mod['id'] . '/delete">Delete user</a></p>'
-			:'') .
-			
-			'</fieldset>';
-			
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'Edit user',
-				'body'=>$body
-				,'mod'=>true
-				)
-			);
-		}
-	} elseif(preg_match('/^\/reports$/', $query)) {
-		if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']);
-		
-		$body = '';
-		$reports = 0;
-		
-		$query = prepare("SELECT * FROM `reports` ORDER BY `time` DESC LIMIT :limit");
-		$query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		while($report = $query->fetch()) {
-			$p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['board']));
-			$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
-			$p_query->execute() or error(db_error($p_query));
-			
-			if(!$post = $p_query->fetch()) {
-				// Invalid report (post has since been deleted)
-				$p_query = prepare("DELETE FROM `reports` WHERE `post` = :id AND `board` = :board");
-				$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
-				$p_query->bindValue(':board', $report['board']);
-				$p_query->execute() or error(db_error($p_query));
-				continue;
-			}
-			
-			$reports++;
-			openBoard($report['uri']);
-			
-			if(!$post['thread']) {
-				$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
-			} else {
-				$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
-			}
-			
-			$append_html =
-				'<div class="report">' .
-					'<hr/>' .
-					'Board: <a href="?/' . $report['uri'] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $report['uri']) . '</a><br/>' .
-					'Reason: ' . $report['reason'] . '<br/>' .
-					'Report date: ' . strftime($config['post_date'], $report['time']) . '<br/>' .
-					(hasPermission($config['mod']['show_ip']) ?
-						'Reported by: <a href="?/IP/' . $report['ip'] . '">' . $report['ip'] . '</a><br/>'
-					: '') .
-					'<hr/>' .
-						(hasPermission($config['mod']['report_dismiss']) ?
-							'<a title="Discard abuse report" href="?/reports/' . $report['id'] . '/dismiss">Dismiss</a> | ' : '') .
-						(hasPermission($config['mod']['report_dismiss_ip']) ?
-							'<a title="Discard all abuse reports by this user" href="?/reports/' . $report['id'] . '/dismiss/all">Dismiss+</a>' : '') .
-				'</div>';
-			
-			// Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21
-			$po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '<br/>'));
-			
-			if(mb_strlen($po->body) + mb_strlen($append_html) > $config['body_truncate_char']) {
-				// still too long. temporarily increase limit in the config
-				$__old_body_truncate_char = $config['body_truncate_char'];
-				$config['body_truncate_char'] = mb_strlen($po->body) + mb_strlen($append_html);
-			}
-			
-			$po->body .= $append_html;
-			
-			$body .= $po->build(true) . '<hr/>';
-			
-			if(isset($__old_body_truncate_char))
-				$config['body_truncate_char'] = $__old_body_truncate_char;
-		}
-		
-		$query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error());
-		$count = $query->fetch();
-		
-		$body .= '<p class="unimportant" style="text-align:center">Showing ' . 
-			($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.</p>';
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('Report queue') . ' (' . $count['count'] . ')',
-			'body'=>$body,
-			'mod'=>true
-		));
-	} elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) {
-		if(isset($matches[2]) && $matches[2] == '/all') {
-			if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']);
-			
-			$query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id");
-			$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			if($report = $query->fetch()) {
-				$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
-				$query->bindValue(':ip', $report['ip'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				modLog('Dismissed all reports by ' . $report['ip']);
-			}
-		} else {
-			if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']);
-			
-			$query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id");
-			$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			if($report = $query->fetch()) {
-				modLog('Dismissed a report for post #' . $report['post'], $report['board']);
-				
-				$query = prepare("DELETE FROM `reports` WHERE `post` = :post AND `board` = :board");
-				$query->bindValue(':board', $report['board'], PDO::PARAM_INT);
-				$query->bindValue(':post', $report['post'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-			}
-		}
-		
-		// Redirect
-		header('Location: ?/reports', true, $config['redirect_http']);
-	} elseif(preg_match('/^\/(\w+)\/edit(\/delete)?$/', $query, $matches)) {
-		if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']);
-		
-		if(!openBoard($matches[1]))
-			error($config['error']['noboard']);
-		
-		if(isset($matches[2]) && $matches[2] == '/delete') {
-			if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']);
-			// Delete board
-			
-			modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri']));
-			
-			// Delete entire board directory
-			rrmdir($board['uri'] . '/');
-			
-			// Delete posting table
-			$query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error());
-			
-			// Clear reports
-			$query = prepare("DELETE FROM `reports` WHERE `board` = :id");
-			$query->bindValue(':id', $board['uri'], PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			// Delete from table
-			$query = prepare("DELETE FROM `boards` WHERE `uri` = :uri");
-			$query->bindValue(':uri', $board['uri'], PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			if($config['cache']['enabled']) {
-				cache::delete('board_' . $board['uri']);
-				cache::delete('all_boards');
-			}
-			
-			$query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board");
-			$query->bindValue(':board', $board['uri']);
-			$query->execute() or error(db_error($query));
-			while($cite = $query->fetch()) {
-				if($board['uri'] != $cite['board']) {
-					if(!isset($tmp_board))
-						$tmp_board = $board;
-					openBoard($cite['board']);
-					rebuildPost($cite['post']);
-				}
-			}
-			
-			if(isset($tmp_board))
-				$board = $tmp_board;
-			
-			$query = prepare("DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board");
-			$query->bindValue(':board', $board['uri']);
-			$query->execute() or error(db_error($query));
-			
-			$query = prepare("DELETE FROM `antispam` WHERE `board` = :board");
-			$query->bindValue(':board', $board['uri']);
-			$query->execute() or error(db_error($query));
-			
-			$_board = $board;
-			
-			rebuildThemes('boards');
-			
-			$board = $_board;
-			
-			header('Location: ?/', true, $config['redirect_http']);
-		} else {
-			if(isset($_POST['title']) && isset($_POST['subtitle'])) {
-				$query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri");
-				$query->bindValue(':title', utf8tohtml($_POST['title'], true));
-				
-				if(!empty($_POST['subtitle']))
-					$query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true));
-				else
-					$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
-				
-				$query->bindValue(':id', $board['uri'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				if($config['cache']['enabled']) {
-					cache::delete('board_' . $board['uri']);
-					cache::delete('all_boards');
-				}
-				
-				$_board = $board;
-				
-				rebuildThemes('boards');
-				
-				$board = $_board;
-				
-				openBoard($board['uri']);
-			}
-			
-			$body =
-			'<fieldset><legend><a href="?/' .
-			$board['uri'] .	'/' . $config['file_index'] . '">' .
-			sprintf($config['board_abbreviation'], $board['uri']) . '</a>' . 
-			' - ' . $board['name'] . '</legend>' . 
-			
-			// Begin form
-			'<form style="text-align:center" action="" method="post">' .
-			
-			'<table>' .
-			
-			'<tr><th>URI</th><td>' . $board['uri'] . '</td>' .
-			'<tr><th>Title</th><td><input size="20" type="text" name="title" value="' . $board['name'] . '" /></td></tr>' .
-			'<tr><th>Subtitle</th><td><input size="20" type="text" name="subtitle" value="' .
-				(isset($board['title']) ? $board['title'] : '') . '" /></td></tr>' .
-			
-			'</table>' .
-			
-			'<input type="submit" value="Update" />' .
-			
-			// End form
-			'</form> ' .
-			
-			// Delete button
-			(hasPermission($config['mod']['deleteboard']) ?
-				'<p style="text-align:center"><a href="?/' . $board['uri'] . '/edit/delete">Delete board</a></p>'
-			:'') .
-			
-			'</fieldset>';
-			
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'Manage &ndash; ' . sprintf($config['board_abbreviation'], $board['uri']),
-				'body'=>$body,
-				'mod'=>true
-			));
-		}
-	} elseif(preg_match('/^\/bans$/', $query)) {
-		if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']);
-		
-		if(isset($_POST['unban'])) {
-			if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']);
-			
-			foreach($_POST as $post => $value) {
-				if(preg_match('/^ban_(\d+)$/', $post, $m)) {
-					removeBan($m[1]);
-				}
-			}
-		}
-		if(hasPermission($config['mod']['view_banexpired'])) {
-			$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC");
-			$query->bindValue(':time', time(), PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-		} else {
-			// Filter out expired bans
-			$query = prepare("SELECT `bans`.*, `username` FROM `bans` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC");
-			$query->bindValue(':time', time(), PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-		}
-		
-		if($query->rowCount() < 1) {
-			$body = '<p style="text-align:center" class="unimportant">(There are no active bans.)</p>';
-		} else {
-			$body = '<form action="" method="post">';
-			$body .= '<table><tr><th>' . _('IP address') . '</th><th>' . _('Reason') . '</th><th>' . _('Board') . '</th><th>' . _('Set') . '</th><th>' . _('Expires') . '</th><th>' . _('Staff') . '</th></tr>';
-			
-			while($ban = $query->fetch()) {
-				$body .=
-					'<tr' .
-						($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
-							' style="text-decoration:line-through"'
-						:'') .
-					'>' .
-				
-				'<td style="white-space: nowrap">' .
-				
-				// Checkbox
-				'<input type="checkbox" name="ban_' . $ban['id'] . '" id="ban_' . $ban['id'] . '" /> ' .
-				
-				// IP address
-				(preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ?
-					'<a href="?/IP/' .
-						$ban['ip'] .
-					'">'. $ban['ip'] . '</a>'
-				: utf8tohtml($ban['ip'])) .
-				
-				'</td>' .
-				
-				// Reason
-				'<td>' . ($ban['reason'] ? $ban['reason'] : '<em>-</em>') . '</td>' .
-				
-				
-				'<td style="white-space: nowrap">' .
-				(isset($ban['board']) ?
-					sprintf($config['board_abbreviation'], $ban['board'])
-				:
-					'<em>' . _('all boards') . '</em>'
-				) . '</td>' .
-				
-				// Set
-				'<td style="white-space: nowrap">' . strftime($config['post_date'], $ban['set']) . '</td>' .
-				
-				// Expires
-				'<td style="white-space: nowrap">' . 
-					($ban['expires'] == 0 ?
-						'<em>Never</em>'
-					:
-						strftime($config['post_date'], $ban['expires'])
-					) .
-				'</td>' .
-				
-				// Staff
-				'<td>' .
-					(isset($ban['username']) ?
-						(!hasPermission($config['mod']['view_banstaff']) ?
-							($config['mod']['view_banquestionmark'] ?
-								'?'
-							:
-								($ban['type'] == JANITOR ? 'Janitor' :
-								($ban['type'] == MOD ? 'Mod' :
-								($ban['type'] == ADMIN ? 'Admin' :
-								'?')))
-							)
-						:
-							utf8tohtml($ban['username'])
-						)
-					:
-						'<em>deleted?</em>'
-					) .
-				'</td>' .
-				
-				'</tr>';
-			}
-			
-			$body .= '</table>' .
-			
-			(hasPermission($config['mod']['unban']) ?
-				'<p style="text-align:center"><input name="unban" type="submit" value="Unban selected" /></p>'
-			: '') .
-			
-			'</form>';
-		}
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('Ban list'),
-			'body'=>$body,
-			'mod'=>true
-		)
-	);
-	} elseif(preg_match('/^\/flush$/', $query)) {
-		if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
-		if(!$config['cache']['enabled']) error(_('Cache is not enabled.'));
-		
-		if(cache::flush()) {
-			$body = 'Successfully invalidated all items in cache.';
-			modLog('Cleared cache');
-		} else {
-			$body = 'An error occured while trying to flush cache.';
-		}
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'Flushed',
-			'body'=>'<p style="text-align:center">' . $body . '</p>',
-			'mod'=>true
-		));
-	} elseif(preg_match('/^\/rebuild$/', $query)) {
-		if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
-		
-		set_time_limit($config['mod']['rebuild_timelimit']);
-		
-		$body = '<div class="ban"><h2>Rebuilding&hellip;</h2><p>';
-		
-		$body .= 'Clearing template cache&hellip;<br/>';
-		
-		load_twig();
-		$twig->clearCacheFiles();
+	'/^\/IP\/(.+)$/'	=> 'ip',		// view ip address
 	
-		$body .= 'Regenerating theme files&hellip;<br/>';
-		rebuildThemes('all');
-		
-		$body .= 'Generating Javascript file&hellip;<br/>';
-		buildJavascript();
-		
-		$main_js = $config['file_script'];
-		
-		$boards = listBoards();
-		
-		foreach($boards as &$board) {
-			$body .= "<strong style=\"display:inline-block;margin: 15px 0 2px 0;\">Opening board /{$board['uri']}/</strong><br/>";
-			openBoard($board['uri']);
-			
-			$body .= 'Creating index pages<br/>';
-			buildIndex();
-			
-			if($config['file_script'] != $main_js) {
-				// different javascript file
-				$body .= 'Generating Javascript file&hellip;<br/>';
-				buildJavascript();
-			}
-			
-			$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
-			while($post = $query->fetch()) {
-				$body .= "Rebuilding #{$post['id']}<br/>";
-				buildThread($post['id']);
-			}
-		}
-		$body .= 'Complete!</p></div>';
-		
-		unset($board);
-		modLog('Rebuilt everything');
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'Rebuilt',
-			'body'=>$body,
-			'mod'=>true
-		));
-	} elseif(preg_match('/^\/config\/edit$/', $query)) {
-		if(!hasPermission($config['mod']['edit_config']))
-			error($config['error']['noaccess']);
-		
-		// TODO: display "unset variables"
-		// $config_file = file_get_contents('inc/config.php');
-		// preg_match_all('/\$config\[\'(\w+)\']/', $config_file, $matches);
-		// $config_variables = array_unique($matches[1]);
-		
-		$body = '<fieldset><legend>' . _('Configuration') . '</legend><form action="" method="post"><table style="width:100%">';
-		
-		$var_force_string = array('blotter');
-		$var_system = array('version');
-		
-		if(isset($_POST['save_changes'])) {
-			$config_append = '';
-			
-			foreach($config as $name => $original_value) {
-				if(in_array($name, $var_system))
-					continue;
-				$type = gettype($original_value);
-				if($type == 'array' || $type == 'NULL')
-					continue;
-				
-				if($type == 'boolean' && in_array($name, $var_force_string))
-					$type = 'string';
-				
-				if(!isset($_POST[$name]) && $type != 'boolean')
-					continue;
-				
-				if($type == 'boolean')
-					$value = isset($_POST[$name]);
-				else
-					$value = $_POST[$name];
-				
-				if($value != $original_value) {
-					// value has been changed
-					$config_append .= "\$config['" . addslashes($name) . "'] = ";
-					if($type == 'boolean')
-						$config_append .= $value ? 'true' : 'false';
-					elseif($type == 'integer')
-						$config_append .= (int)$value;
-					elseif($type == 'string')
-						$config_append .= '\'' . addslashes($value) . '\'';
-					$config_append .= ";\n";
-				}
-			}
-			
-			if(!empty($config_append)) {
-				$config_append = "\n// Changes made via web editor by \"" . $mod['username'] . "\" @ " . date('r') . ":\n" . $config_append . "\n";
-				if(@file_put_contents('inc/instance-config.php', $config_append, FILE_APPEND)) {
-					header('Location: ?/config' . $b['uri'], true, $config['redirect_http']);
-					exit;
-				} else {
-					$config_append = htmlentities($config_append);
-					
-					if($config['minify_html'])
-						$config_append = str_replace("\n", '&#010;', $config_append);
-					$page = array();
-					$page['title'] = 'Cannot write to file!';
-					$page['config'] = $config;
-					$page['body'] = '
-						<p>Tinyboard could not write to <strong>inc/instance-config.php</strong> with the ammended configuration, probably due to a permissions error.</p>
-						<p>You may proceed with these changes manually by copying and pasting the following code to the bottom of <strong>inc/instance-config.php</strong>:</p>
-						<textarea style="width:700px;height:370px;margin:auto;display:block;background:white;color:black" readonly>' . $config_append . '</textarea>
-					';
-					echo Element('page.html', $page);
-					exit;
-				}
-			}
-		}
-		
-		foreach($config as $name => $value) {
-			$body .= '<tr>';
-			
-			$body .= '<th style="text-align:left" class="minimal">' . utf8tohtml($name) . '</th>';
-			$type = gettype($value);
-			if($type == 'array') {
-				$body .= '<td><a href="?/config/edit/' . utf8tohtml($name) . '">[edit]' . '</a></td>';
-			} else {
-				if($type == 'string' || $type == 'integer') {
-					$body .= '<td><input style="width:100%" type="text" name="' .utf8tohtml($name) . '" value="'. str_replace('"', '&quot;', utf8tohtml($value)) . '"' .
-							(in_array($name, $var_system) ? ' readonly="readonly"' : '') . '></td>';
-				} elseif($type == 'boolean') {
-					if(in_array($name, $var_force_string))
-						$body .= '<td><input style="width:100%" type="text" name="' . utf8tohtml($name) . '" value=""></td>';
-					else
-						$body .= '<td><input type="checkbox" name="' . utf8tohtml($name) . '" ' . ($value ? 'checked' : '') . '></td>';
-				} else {
-					$body .= '<td>' . utf8tohtml($value) . '</td>';
-				}
-			}
-			
-			$body .= '</tr>';
-		}
-		
-		$body .= '</table><div style="text-align:center"><input name="save_changes" type="submit" value="Save changes"></div></form></fieldset>';
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('Configuration'),
-			'body'=>$body,
-			'mod'=>true
-			)
-		);			
-	} elseif(preg_match('/^\/config$/', $query)) {
-		if(!hasPermission($config['mod']['show_config']))
-			error($config['error']['noaccess']);
-		
-		// Show instance-config.php	
-		
-		$data = '';
-		
-		function do_array_part($array, $prefix = '') {
-			global $data, $config;
-			
-			foreach($array as $name => $value) {
-				if(is_array($value)) {
-					do_array_part($value, $prefix . $name . ' → ');
-				} else {
-					if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') {
-						$value = '<em>hidden</em>';
-					} elseif(gettype($value) == 'boolean') {
-						$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>';
-					} elseif(gettype($value) == 'string') {
-						if(empty($value))
-							$value = '<em>empty</em>';
-						else
-							$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (mb_strlen($value) > 110 ? '&hellip;' : '')) . '</span>';
-					} elseif(gettype($value) == 'integer') {
-						$value = '<span style="color:black;">' . $value . '</span>';
-					} elseif(is_object($value) && get_class($value) == 'Closure') {
-						$value = '[callback]';
-					}
-					
-					$data .= 
-							'<tr><th style="text-align:left;">' . 
-								$prefix . (gettype($name) == 'integer' ? '[]' : utf8tohtml($name)) .
-							'</th><td>' .
-								$value .
-							'</td></tr>';
-					}
-				}
-			}
-		
-		do_array_part($config);
-		
-		
-		$body = (hasPermission($config['mod']['edit_config']) ?
-				'<p style="text-align:center" class="unimportant">' .
-					'<a href="?/config/edit">[Edit using web editor]</a>' : '') .
-				'<fieldset><legend>' . _('Configuration') . '</legend><table>' . $data . '</table></fieldset>';
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>_('Configuration'),
-			'body'=>$body,
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/new$/', $query)) {
-		if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']);
-		
-		// New board
-		$body = '';
-		
-		if(isset($_POST['new_board'])) {
-			// Create new board
-			if(	!isset($_POST['uri']) ||
-				!isset($_POST['title']) ||
-				!isset($_POST['subtitle'])
-			)	error($config['error']['missedafield']);
-			
-			$b = array(
-				'uri' => $_POST['uri'],
-				'title' => $_POST['title'],
-				'subtitle' => $_POST['subtitle']
-			);
-			
-			// HTML characters
-			$b['title'] = utf8tohtml($b['title'], true);
-			$b['subtitle'] = utf8tohtml($b['subtitle'], true);
-			
-			// Check required fields
-			if(empty($b['uri']))
-				error(sprintf($config['error']['required'], 'URI'));
-			if(empty($b['title']))
-				error(sprintf($config['error']['required'], 'title'));
-			
-			if(!preg_match('/^\w+$/', $b['uri']))
-				error(sprintf($config['error']['invalidfield'], 'URI'));
-			
-			if(openBoard($b['uri'])) {
-				unset($board);
-				error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
-			}
-			
-			$query = prepare("INSERT INTO `boards` VALUES (:uri, :title, :subtitle)");
-			$query->bindValue(':uri', $b['uri']);
-			$query->bindValue(':title', $b['title']);
-			if(!empty($b['subtitle'])) {
-				$query->bindValue(':subtitle', $b['subtitle']);
-			} else {
-				$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
-			}
-			$query->execute() or error(db_error($query));
-			
-			// Record the action
-			modLog("Created a new board: {$b['title']}");
-			
-			// Open the board
-			openBoard($b['uri']) or error(_("Couldn't open board after creation."));
-			
-			// Create the posts table
-			query(Element('posts.sql', array('board' => $board['uri']))) or error(db_error());
-			
-			if($config['cache']['enabled'])
-				cache::delete('all_boards');
-			
-			// Build the board
-			buildIndex();
-			
-			rebuildThemes('boards');
-			
-			header('Location: ?/' . $b['uri'] . '/' . $config['file_index'], true, $config['redirect_http']);
-		} else {
-			
-			$body .= form_newBoard();
-			
-			// TODO: Statistics, etc, in the dashboard.
-			
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'New board',
-				'body'=>$body,
-				'mod'=>true
-				)
+	// This should always be at the end:
+	'/^\/(\w+)\/' . preg_quote($config['file_index'], '/') . '?$/'					=> 'view_board',
+	'/^\/(\w+)\/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')) . '$/'	=> 'view_board',
+	'/^\/(\w+)\/' . preg_quote($config['dir']['res'], '/') .
+			str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')) . '$/'	=> 'view_thread',
+);
+
+if (!$mod)
+	$pages = array('//' => 'login');
+
+foreach ($pages as $uri => $handler) {
+	if (preg_match($uri, $query, $matches)) {
+		$matches = array_slice($matches, 1);
+		
+		if ($config['debug']) {
+			$debug['mod_page'] = array(
+				'req' => $query,
+				'match' => $uri,
+				'handler' => $handler
 			);
 		}
-	} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
-		// Board index
-		
-		$boardName = &$matches[1];
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		$page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2];
-		
-		if(!$page = index($page_no, $mod)) {
-			error($config['error']['404']);
-		}
-		
-		$page['pages'] = getPages(true);
-		$page['pages'][$page_no-1]['selected'] = true;
-		$page['btn'] = getPageButtons($page['pages'], true);
-		$page['mod'] = true;
-		echo Element('index.html', $page);
-	} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
-		// View thread
-		
-		$boardName = &$matches[1];
-		$thread = &$matches[2];
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		$page = buildThread($thread, true, $mod);
-		
-		echo $page;
-	} elseif(preg_match('/^\/' . $regex['board'] . 'edit\/(\d+)$/', $query, $matches)) {
-		// Edit post body
-		
-		$boardName = &$matches[1];
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['editpost'], $boardName)) error($config['error']['noaccess']);
-		
-		$postID = &$matches[2];
-		
-		$query = prepare(sprintf("SELECT `body_nomarkup`, `name`, `subject`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
-		$query->bindValue(':id', $postID, PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		$post = $query->fetch() or error($config['error']['invalidpost']);
-		
-		if(isset($_POST['submit']) && isset($_POST['body']) && isset($_POST['subject'])) {
-			if(mb_strlen($_POST['subject']) > 100)
-				error(sprintf($config['error']['toolong'], 'subject'));
-			
-			$body = $_POST['body'];
-			$body_nomarkup = $body;
-			
-			wordfilters($body);
-			$tracked_cites = markup($body, true);
-			
-			$query = prepare("DELETE FROM `cites` WHERE `board` = :board AND `post` = :post");
-			$query->bindValue(':board', $board['uri']);
-			$query->bindValue(':post', $postID, PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-		
-			$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body, `body_nomarkup` = :body_nomarkup, `subject` = :subject WHERE `id` = :id", $board['uri']));
-			$query->bindValue(':id', $postID, PDO::PARAM_INT);
-			$query->bindValue(':body', $body);
-			$query->bindValue(':body_nomarkup', $body_nomarkup);
-			$query->bindValue(':subject', utf8tohtml($_POST['subject']));
-			$query->execute() or error(db_error($query));
-			
-			if(isset($tracked_cites)) {
-				foreach($tracked_cites as $cite) {
-					$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
-					$query->bindValue(':board', $board['uri']);
-					$query->bindValue(':post', $postID, PDO::PARAM_INT);
-					$query->bindValue(':target_board',$cite[0]);
-					$query->bindValue(':target', $cite[1], PDO::PARAM_INT);
-					$query->execute() or error(db_error($query));
-				}
-			}
-	
-			// Record the action
-			modLog("Edited post #{$postID}");
-			
-			buildThread($post['thread'] ? $post['thread'] : $postID);
-			
-			// Rebuild board
-			buildIndex();
-		
-			// Redirect
-			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-			exit;
-		}
-		
-		$post['body_nomarkup'] = utf8tohtml($post['body_nomarkup']);
-		
-		if($config['minify_html'])
-			$post['body_nomarkup'] = str_replace("\n", '&#010;', $post['body_nomarkup']);
-		
-		$body = '<form name="post" action="" method="post">' .
-				'<table>' .
-					'<tr>' .
-						'<th>Name</th>' .
-						'<td>' . utf8tohtml($post['name']) . '</td>' .
-					'</tr>' .
-					'<tr>' .
-						'<th>Subject</th>' .
-						'<td>' .
-							'<input style="float:left;" type="text" name="subject" size="25" maxlength="50" value="' . str_replace('"', '&quot;', $post['subject']) . '"/>' .
-							'<input style="margin-left:2px;" type="submit" name="submit" value="Edit Post"/>' .
-						'</td>' .
-					'</tr>' .
-					'<tr>' .
-						'<th>Body</th>' .
-						'<td>' .
-							'<textarea name="body" rows="8" cols="38">' .
-								 $post['body_nomarkup'] .
-							'</textarea>' .
-						'</td>' .
-					'</tr>' .
-				'</table>' .
-			'</form>';
-		
-		echo Element('page.html', array(
-			'config' => $config,
-			'body' => $body,
-			'title' => 'Edit Post #' . $postID
-		));
-	} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
-		// Delete file from post
-		
-		$boardName = &$matches[1];
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['deletefile'], $boardName)) error($config['error']['noaccess']);
-		
-		$post = &$matches[2];
-		
-		// Delete post
-		deleteFile($post);
-		
-		// Record the action
-		modLog("Removed file from post #{$post}");
-		
-		// Rebuild board
-		buildIndex();
-		
-		// Redirect
-		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-	} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
-		// Delete post
-		
-		$boardName = &$matches[1];
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['delete'], $boardName))
-			error($config['error']['noaccess']);
-		
-		$post = &$matches[2];
-		
-		// Delete post
-		deletePost($post);
-		
-		// Record the action
-		modLog("Deleted post #{$post}");
-		
-		// Rebuild board
-		buildIndex();
-		
-		// Redirect
-		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-	} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
-		// Add/remove sticky
-		
-		$boardName = &$matches[1];
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['sticky'], $boardName)) error($config['error']['noaccess']);
-		
-		$post = &$matches[3];
-		
-		$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
-		$query->bindValue(':id', $post, PDO::PARAM_INT);
-		
-		if($matches[2] == 'un') {
-			// Record the action
-			modLog("Unstickied post #{$post}");
-			$query->bindValue(':sticky', 0, PDO::PARAM_INT);
-		} else {
-			// Record the action
-			modLog("Stickied post #{$post}");
-			$query->bindValue(':sticky', 1, PDO::PARAM_INT);
-		}
-		
-		$query->execute() or error(db_error($query));
-		
-		buildIndex();
-		buildThread($post);
-		
-		
-		// Redirect
-		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-	} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
-		// Lock/Unlock
-		
-		$boardName = &$matches[1];
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']);
-		
-		$post = &$matches[3];
-		
-		$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
-		$query->bindValue(':id', $post, PDO::PARAM_INT);
-		
-		if($matches[2] == 'un') {
-			// Record the action
-			modLog("Unlocked post #{$post}");
-			$query->bindValue(':locked', 0, PDO::PARAM_INT);
-		} else {
-			// Record the action
-			modLog("Locked post #{$post}");
-			$query->bindValue(':locked', 1, PDO::PARAM_INT);
-		}
-		
-		$query->execute() or error(db_error($query));
-		
-		buildIndex();
-		buildThread($post);
-		
-		
-		// Redirect
-		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-	} elseif(preg_match('/^\/' . $regex['board'] . 'bump(un)?lock\/(\d+)$/', $query, $matches)) {
-		// Lock/Unlock
 		
-		$boardName = &$matches[1];
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['bumplock'], $boardName)) error($config['error']['noaccess']);
-		
-		$post = &$matches[3];
-		
-		$query = prepare(sprintf("UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
-		$query->bindValue(':id', $post, PDO::PARAM_INT);
-		
-		if($matches[2] == 'un') {
-			// Record the action
-			modLog("Unbumplocked post #{$post}");
-			$query->bindValue(':bumplocked', 0, PDO::PARAM_INT);
+		if ($handler[0] == ':') {
+			header('Location: ' . substr($handler, 1),  true, $config['redirect_http']);
+		} elseif (is_callable("mod_page_$handler")) {
+			call_user_func_array("mod_page_$handler", $matches);
+		} elseif (is_callable("mod_$handler")) {
+			call_user_func_array("mod_$handler", $matches);
 		} else {
-			// Record the action
-			modLog("Bumplocked post #{$post}");
-			$query->bindValue(':bumplocked', 1, PDO::PARAM_INT);
+			error("Mod page '$handler' not found!");
 		}
 		
-		$query->execute() or error(db_error($query));
-		
-		buildIndex();
-		buildThread($post);
-		
-		
-		// Redirect
-		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-	} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)(\/global)?$/', $query, $matches)) {
-		// Delete all posts by an IP
-		
-		$boardName = &$matches[1];
-		$post = &$matches[2];
-		$global = isset($matches[3]) && $matches[3] == '/global';
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
-		$query->bindValue(':id', $post);
-		$query->execute() or error(db_error($query));
-		
-		if(!$post = $query->fetch())
-			error($config['error']['invalidpost']);
-		
-		$ip = $post['ip'];
-		
-		if($global)
-			$boards = listBoards();
-		else
-			$boards = array(array('uri' => $board['uri']));
-		
-		$query = '';
-		foreach($boards as $_board) {
-			$query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']);
-		}
-		$query = preg_replace('/UNION ALL $/', '', $query);
-		
-		$query = prepare($query);
-		$query->bindValue(':ip', $ip);
-		$query->execute() or error(db_error($query));
-		
-		if($query->rowCount() < 1)
-			error($config['error']['invalidpost']);
-		
-		$boards = array();
-		while($post = $query->fetch()) {
-			openBoard($post['board']);
-			$boards[] = $post['board'];
-			
-			deletePost($post['id'], false);
-		}
-		
-		foreach($boards as &$_board) {
-			openBoard($_board);
-			buildIndex();
-		}
-		
-		// Record the action
-		modLog("Deleted all posts by IP address: {$ip}");
-		
-		header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-	} elseif(preg_match('/^\/ban$/', $query)) {
-		if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']);
-		// Ban page
-		
-		if(isset($_POST['new_ban'])) {
-			if(	!isset($_POST['ip']) ||
-				!isset($_POST['reason']) ||
-				!isset($_POST['length'])
-			)	error($config['error']['missedafield']);
-			
-			// Check required fields
-			if(empty($_POST['ip']))
-				error(sprintf($config['error']['required'], 'IP address'));
-			
-			$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)");
-			
-			// 1yr2hrs30mins
-			// 1y2h30m
-			$expire = 0;
-			if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
-				if(isset($m[2])) {
-					// Years
-					$expire += $m[2]*60*60*24*365;
-				}
-				if(isset($m[4])) {
-					// Months
-					$expire += $m[4]*60*60*24*30;
-				}
-				if(isset($m[6])) {
-					// Weeks
-					$expire += $m[6]*60*60*24*7;
-				}
-				if(isset($m[8])) {
-					// Days
-					$expire += $m[8]*60*60*24;
-				}
-				if(isset($m[10])) {
-					// Hours
-					$expire += $m[10]*60*60;
-				}
-				if(isset($m[12])) {
-					// Minutes
-					$expire += $m[12]*60;
-				}
-				if(isset($m[14])) {
-					// Seconds
-					$expire += $m[14];
-				}
-			}
-			if($expire) {
-				$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
-			} else {
-				// Never expire
-				$query->bindValue(':expires', null, PDO::PARAM_NULL);
-			}
-			
-			$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
-			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
-			$query->bindValue(':set', time(), PDO::PARAM_INT);
-			
-			
-			
-			if(!empty($_POST['reason'])) {
-				$reason = $_POST['reason'];
-				markup($reason);
-				$query->bindValue(':reason', $reason, PDO::PARAM_STR);
-			} else {
-				$query->bindValue(':reason', null, PDO::PARAM_NULL);
-			}
-			
-			if($_POST['board'] == '') {
-				$query->bindValue(':board', null, PDO::PARAM_NULL);
-			} else {
-				$query->bindValue(':board', $_POST['board'], PDO::PARAM_INT);
-			}
-			
-			// Record the action
-			modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason'));
-			
-			$query->execute() or error(db_error($query));
-			
-			if(isset($_POST['board']))
-				openBoard($_POST['board']);
-			
-			// Delete too
-			if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) {					
-				$post = round($_POST['delete']);
-				
-				deletePost($post);
-				
-				// Record the action
-				modLog("Deleted post #{$post}");
-				
-				// Rebuild board
-				buildIndex();
-			}
-			
-			if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) {					
-				$post = round($_POST['post']);
-				
-				$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri']));
-				$query->bindValue(':id', $post, PDO::PARAM_INT);
-				$query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message'])));
-				$query->execute() or error(db_error($query));
-				
-				// Rebuild thread
-				$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
-				$query->bindValue(':id', $post, PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				$thread = $query->fetch();
-				if($thread['thread'])
-					buildThread($thread['thread']);
-				else
-					buildThread($post);
-				
-				// Rebuild board
-				buildIndex();
-				
-				// Record the action
-				modLog("Attached a public ban message for post #{$post}: " . $_POST['message']);
-			}
-			
-			// Redirect
-			if(isset($_POST['continue']))
-				header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
-			elseif(isset($board))
-				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-			else
-				header('Location: ?/', true, $config['redirect_http']);
-		}
-	} elseif(preg_match('/^\/' . $regex['board'] . 'move\/(\d+)$/', $query, $matches)) {
-		
-		$boardName = &$matches[1];
-		$postID = $matches[2];
-		
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['move'], $boardName)) error($config['error']['noaccess']);
-		
-		if(isset($_POST['board'])) {
-			$targetBoard = $_POST['board'];
-			$shadow = isset($_POST['shadow']);
-			
-			if($targetBoard == $boardName)
-				error(_("Target and source board are the same."));
-			
-			// copy() if leaving a shadow thread behind. otherwise, rename().
-			$clone = $shadow ? 'copy' : 'rename';
-			
-			$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id", $board['uri']));
-			$query->bindValue(':id', $postID, PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			if(!$post = $query->fetch()) {
-				error($config['error']['nonexistant']);
-			}
-			$post['op'] = true;
-			
-			if($post['file']) {
-				$post['has_file'] = true;
-				$post['width'] = &$post['filewidth'];
-				$post['height'] = &$post['fileheight'];
-				
-				$file_src = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file'];
-				$file_thumb = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb'];
-			} else $post['has_file'] = false;
-			
-			// allow thread to keep its same traits (stickied, locked, etc.)
-			$post['mod'] = true;
-			
-			if(!openBoard($targetBoard))
-				error($config['error']['noboard']);
-			
-			$newID = post($post);
-			
-			if($post['has_file']) {
-				$clone($file_src, sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']);
-				$clone($file_thumb, sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']);
-			}
-			
-			// move replies too...
-			openBoard($boardName);
-			
-			$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`", $board['uri']));
-			$query->bindValue(':id', $postID, PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			
-			$replies = array();
-			while($post = $query->fetch()) {
-				$post['mod'] = true;
-				$post['thread'] = $newID;
-				
-				if($post['file']) {
-					$post['has_file'] = true;
-					$post['width'] = &$post['filewidth'];
-					$post['height'] = &$post['fileheight'];
-					
-					$post['file_src'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file'];
-					$post['file_thumb'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb'];
-				} else $post['has_file'] = false;
-				
-				$replies[] = $post;
-			}
-			
-			$newIDs = array($postID => $newID);
-			
-			openBoard($targetBoard);
-			foreach($replies as &$post) {
-				$query = prepare("SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post");
-				$query->bindValue(':board', $boardName);
-				$query->bindValue(':post', $post['id'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($qurey));
-				while($cite = $query->fetch(PDO::FETCH_ASSOC)) {
-					if(isset($newIDs[$cite['target']])) {
-						$post['body_nomarkup'] = preg_replace(
-								'/(>>(>\/' . preg_quote($boardName, '/') . '\/)?)' . preg_quote($cite['target'], '/') . '/',
-								'>>' . $newIDs[$cite['target']],
-								$post['body_nomarkup']);
-						
-						$post['body'] = $post['body_nomarkup'];
-					}
-				}
-				$post['op'] = false;
-				$post['tracked_cites'] = markup($post['body'], true);
-				
-				$newIDs[$post['id']] = $newPostID = post($post);
-				
-				if($post['has_file']) {
-					$clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']);
-					$clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']);
-				}
-				
-				foreach($post['tracked_cites'] as $cite) {
-					$query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)');
-					$query->bindValue(':board', $board['uri']);
-					$query->bindValue(':post', $newPostID, PDO::PARAM_INT);
-					$query->bindValue(':target_board',$cite[0]);
-					$query->bindValue(':target', $cite[1], PDO::PARAM_INT);
-					$query->execute() or error(db_error($query));
-				}
-			}
-			
-			// build thread
-			buildThread($newID);
-			buildIndex();
-			
-			// trigger themes
-			rebuildThemes('post');
-			
-			openBoard($boardName);
-			
-			if($shadow) {
-				// lock thread
-				$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id", $board['uri']));
-				$query->bindValue(':id', $postID, PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-				
-				$post = array(
-					'mod' => true,
-					'subject' => '',
-					'email' => '',
-					'name' => $config['mod']['shadow_name'],
-					'capcode' => $config['mod']['shadow_capcode'],
-					'trip' => '',
-					'body' => sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID),
-					'password' => '',
-					'has_file' => false,
-					// attach to original thread
-					'thread' => $postID,
-					'op' => false
-				);
-				
-				markup($post['body']);
-				
-				$botID = post($post);
-				buildThread($postID);
-				
-				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $postID) . '#' . $botID, true, $config['redirect_http']);
-			} else {
-				deletePost($postID);
-				buildIndex();
-				
-				openBoard($targetBoard);
-				header('Location: ?/' . sprintf($config['board_path'], $board['uri']) . $config['dir']['res'] . sprintf($config['file_page'], $newID), true, $config['redirect_http']);
-			}
-		} else {
-		
-			$body = '<fieldset><legend>Move thread</legend>' .
-				'<form action="?/' . $boardName . '/move/' . $postID . '" method="post">' .
-					'<table>'
-				;
-		
-			$boards = listBoards();
-			if(count($boards) <= 1)
-				error(_('No board to move to; there is only one.'));
-			
-			$__boards = '';
-			foreach($boards as &$_board) {
-				if($_board['uri'] == $board['uri'])
-					continue;
-				$__boards .= '<li>' .
-					'<input type="radio" name="board" id="board_' . $_board['uri'] . '" value="' . $_board['uri'] . '">' .
-					'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
-							sprintf($config['board_abbreviation'], $_board['uri']) .
-						' - ' . $_board['title'] .
-					'</label>' .
-					'</li>';
-			}
-		
-			$body .= '<tr>' .
-						'<th>Thread ID</th>' .
-						'<td><input type="text" size="7" value="' . $postID . '" disabled /></td>' .
-					'</tr>' .
-				
-					'<tr>' . 
-						'<th><label for="message">Leave shadow thread</label></th>' .
-						'<td>' .
-							'<input type="checkbox" id="shadow" name="shadow" checked/>' .
-							' <span class="unimportant">(locks thread; replies to it with a link.)</span>' .
-						'</td>' .
-					'</tr>' .
-				
-					'<tr>' .
-						'<th>Target board</th>' .
-						'<td><ul style="list-style:none;padding:2px 5px">' . $__boards . '</tl></td>' .
-					'</tr>' .
-				
-					'<tr>' . 
-						'<td></td>' . 
-						'<td><input type="submit" value="Move thread" /></td>' . 
-					'</tr>' . 
-				'</table>' .
-			'</form></fieldset>';
-	
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'Move #' . $postID,
-				'body'=>$body,
-				'mod'=>true
-				)
-			);
-		}
-	} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
-		
-		// Ban by post
-		
-		$boardName = &$matches[1];
-		// Open board
-		if(!openBoard($boardName))
-			error($config['error']['noboard']);
-		
-		if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']);
-		
-		$delete = isset($matches[2]) && $matches[2] == '&delete';
-		if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
-		
-		$post = $matches[3];
-		
-		$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
-		$query->bindValue(':id', $post, PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
-		
-		if($query->rowCount() < 1) {
-			error($config['error']['invalidpost']);
-		}
-	
-		$post = $query->fetch();
-		
-		$body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete);
-		
-		echo Element('page.html', array(
-			'config'=>$config,
-			'title'=>'New ban',
-			'body'=>$body,
-			'mod'=>true
-			)
-		);
-	} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P<id>\d+)$/', $query, $matches)) {
-		if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']);
-		
-		$ip = $matches[1];
-		$id = $matches['id'];
-
-		$query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id");
-		$query->bindValue(':ip', $ip);
-		$query->bindValue(':id', $id);
-		$query->execute() or error(db_error($query));
-		
-		header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
-	} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) {
-		// View information on an IP address
-		
-		$ip = $matches[1];
-		$host = $config['mod']['dns_lookup'] ? rDNS($ip) : false;
-		
-		if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) {
-			removeBan($_POST['ban_id']);
-			header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
-		} elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) {
-			$query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)");
-			$query->bindValue(':ip', $ip);
-			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
-			$query->bindValue(':time', time(), PDO::PARAM_INT);
-			markup($_POST['note']);
-			$query->bindValue(':body', $_POST['note']);
-			$query->execute() or error(db_error($query));
-			
-			header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
-		} else {
-			$body = '';
-			$boards = listBoards();
-			foreach($boards as &$_board) {
-				openBoard($_board['uri']);
-			
-				$temp = '';
-				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
-				$query->bindValue(':ip', $ip);
-				$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
-				$query->execute() or error(db_error($query));
-			
-				while($post = $query->fetch()) {
-					if(!$post['thread']) {
-						$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
-					} else {
-						$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'],  $post['embed'], '?/', $mod);
-					}
-					$temp .= $po->build(true) . '<hr/>';
-				}
-			
-				if(!empty($temp))
-					$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' .
-							sprintf($config['board_path'], $_board['uri']) . $config['file_index'] .
-						'">' .
-						sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
-						'</a></legend>' . $temp . '</fieldset>';
-			}
-		
-			if(hasPermission($config['mod']['view_notes'])) {
-				$query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC");
-				$query->bindValue(':ip', $ip);
-				$query->execute() or error(db_error($query));
-			
-				if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) {
-					$body .= '<fieldset><legend>' .
-							$query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . 
-						'</legend>';
-					if($query->rowCount() > 0) {
-						$body .= '<table class="modlog">' .
-						'<tr><th>Staff</th><th>Note</th><th>Date</th>' .
-							(hasPermission($config['mod']['remove_notes']) ? '<th>Actions</th>' : '') .
-						'</td>';
-						while($note = $query->fetch()) {
-						
-							if($note['mod']) {
-								$_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
-								$_query->bindValue(':id', $note['mod']);
-								$_query->execute() or error(db_error($_query));
-								if($_mod = $_query->fetch()) {
-									$staff = '<a href="?/new_PM/' . $note['mod'] . '">' . utf8tohtml($_mod['username']) . '</a>';
-								} else {
-									$staff = '<em>???</em>';
-								}
-							} else {
-								$staff = '<em>system</em>';
-							}
-							$body .= '<tr>' .
-								'<td class="minimal">' .
-									$staff .
-								'</td><td>' .
-									$note['body'] .
-								'</td><td class="minimal">' .
-									strftime($config['post_date'], $note['time']) .
-								'</td>' .
-								(hasPermission($config['mod']['remove_notes']) ?
-									'<td class="minimal"><a class="unimportant" href="?/IP/' . $ip . '/deletenote/' . $note['id'] . '">[delete]</a></td>'
-								: '') .
-							'</tr>';
-						}
-						$body .= '</table>';
-					}
-		
-					if(hasPermission($config['mod']['create_notes'])) {
-						$body .= '<form action="" method="post" style="text-align:center;margin:0">' . 
-								'<table>' .
-									'<tr>' .
-										'<th>Staff</th>' .
-										'<td>' . $mod['username'] . '</td>' .
-									'</tr>' .
-									'<tr>' .
-										'<th><label for="note">Note</label></th>' .
-										'<td><textarea id="note" name="note" rows="5" cols="30"></textarea></td>' .
-									'</tr>' .
-									'<tr>' .
-										'<td></td>' .
-										'<td><input type="submit" value="New note" /></td>' .
-									'</tr>' .
-								'</table>' .
-							'</form>';
-					}
-				
-					$body .= '</fieldset>';
-				}
-			}
-		
-			if(hasPermission($config['mod']['view_ban'])) {
-				$query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
-				$query->bindValue(':ip', $ip);
-				$query->execute() or error(db_error($query));
-			
-				if($query->rowCount() > 0) {
-					$body .= '<fieldset><legend>Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record</legend>';
-				
-					while($ban = $query->fetch()) {
-						$body .= '<form action="" method="post" style="text-align:center">' .
-						'<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' . 
-							($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
-								'Expired'
-							: 'Active') .
-						'</td></tr>' .
-					
-						// IP
-						'<tr><th>IP</th><td>' . $ban['ip'] . '</td></tr>' .
-					
-						// Reason
-						'<tr><th>Reason</th><td>' . $ban['reason'] . '</td></tr>' .
-					
-						// Board
-						'<tr><th>Board</th><td>' .
-						(isset($ban['board']) ?
-							sprintf($config['board_abbreviation'], $ban['board'])
-						:
-							'<em>' . _('all boards') . '</em>'
-						) .
-						'</td></tr>' .
-					
-						// Set
-						'<tr><th>Set</th><td>' . strftime($config['post_date'], $ban['set']) . '</td></tr>' .
-					
-						// Expires
-						'<tr><th>Expires</th><td>' . 
-							($ban['expires'] == 0 ?
-								'<em>Never</em>'
-							:
-								strftime($config['post_date'], $ban['expires'])
-							) .
-						'</td></tr>' .
-					
-						// Staff
-						'<tr><th>Staff</th><td>' .
-							(isset($ban['username']) ?
-								(!hasPermission($config['mod']['view_banstaff']) ?
-									($config['mod']['view_banquestionmark'] ?
-										'?'
-									:
-										($ban['type'] == JANITOR ? 'Janitor' :
-										($ban['type'] == MOD ? 'Mod' :
-										($ban['type'] == ADMIN ? 'Admin' :
-										'?')))
-									)
-								:
-									utf8tohtml($ban['username'])
-								)
-								: '<em>deleted?</em>'
-							) .
-						'</td></tr></table>' .
-						
-						'<input type="hidden" name="ban_id" value="' . $ban['id'] . '" />' .
-						
-						'<input type="submit" name="unban" value="Remove ban" ' .
-							(!hasPermission($config['mod']['unban']) ? 'disabled' : '') .
-						'/></form>';
-					}
-					
-					$body .= '</fieldset>';
-					
-				}
-			}
-		
-			if(hasPermission($config['mod']['ip_banform']))
-				$body .= form_newBan($ip, null, '?/IP/' . $ip);
-		
-			echo Element('page.html', array(
-				'config'=>$config,
-				'title'=>'IP: ' . $ip,
-				'subtitle' => $host,
-				'body'=>$body,
-				'mod'=>true
-				)
-			);
-		}
-	} else {
-		error($config['error']['404']);
+		exit;
 	}
 }
 
+error($config['error']['404']);
+
diff --git a/templates/index.html b/templates/index.html
index f89199aa..f12e2517 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -35,10 +35,10 @@
 	{% if pm %}<div class="top_notice">You have <a href="?/PM/{{ pm.id }}">an unread PM</a>{% if pm.waiting > 0 %}, plus {{ pm.waiting }} more waiting{% endif %}.</div><hr />{% endif %}
 	{% if config.url_banner %}<img class="banner" src="{{ config.url_banner }}" {% if config.banner_width or config.banner_height %}style="{% if config.banner_width %}width:{{ config.banner_width }}px{% endif %};{% if config.banner_width %}height:{{ config.banner_height }}px{% endif %}" {% endif %}alt="" />{% endif %}
 	<header>
-		<h1>{{ board.url }} - {{ board.name }}</h1>
+		<h1>{{ board.url }} - {{ board.title }}</h1>
 		<div class="subtitle">
-			{% if board.title %}
-				{{ board.title }}
+			{% if board.subtitle %}
+				{{ board.subtitle }}
 			{% endif %}
 			{% if mod %}<p><a href="?/">{% trans %}Return to dashboard{% endtrans %}</a></p>{% endif %}
 		</div>
diff --git a/templates/login.html b/templates/login.html
deleted file mode 100644
index 709bad86..00000000
--- a/templates/login.html
+++ /dev/null
@@ -1,27 +0,0 @@
-{% if error %}<h2 style="text-align:center">{{ error }}</h2>{% endif %}
-<form action="" method="post">
-{% if redirect %}<input type="hidden" name="redirect" value="{{ redirect }}" />{% endif %}
-<table style="margin-top:25px;">
-	<tr>
-		<th>
-			{% trans %}Username{% endtrans %}
-		</th>
-		<td>
-			<input type="text" name="username" size="20" maxlength="30" value="{{ username }}">
-		</td>
-	</tr>
-	<tr>
-		<th>
-			{% trans %}Password{% endtrans %}
-		</th>
-		<td>
-			<input type="password" name="password" size="20" maxlength="30" value="">
-		</td>
-	</tr>
-	<tr>
-		<td></td>
-		<td>
-			<input type="submit" name="login" value="{% trans %}Continue{% endtrans %}" />
-		</td>
-</table>
-</form>
diff --git a/templates/thread.html b/templates/thread.html
index 2708b04d..9a56a50f 100644
--- a/templates/thread.html
+++ b/templates/thread.html
@@ -36,10 +36,10 @@
 	{% if pm %}<div class="top_notice">You have <a href="?/PM/{{ pm.id }}">an unread PM</a>{% if pm.waiting > 0 %}, plus {{ pm.waiting }} more waiting{% endif %}.</div><hr />{% endif %}
 	{% if config.url_banner %}<img class="banner" src="{{ config.url_banner }}" {% if config.banner_width or config.banner_height %}style="{% if config.banner_width %}width:{{ config.banner_width }}px{% endif %};{% if config.banner_width %}height:{{ config.banner_height }}px{% endif %}" {% endif %}alt="" />{% endif %}
 	<header>
-		<h1>{{ board.url }} - {{ board.name }}</h1>
+		<h1>{{ board.url }} - {{ board.title }}</h1>
 		<div class="subtitle">
-			{% if board.title %}
-				{{ board.title }}
+			{% if board.subtitle %}
+				{{ board.subtitle }}
 			{% endif %}
 			{% if mod %}<p><a href="?/">{% trans %}Return to dashboard{% endtrans %}</a></p>{% endif %}
 		</div>