<?php
	require 'inc/functions.php';
	require 'inc/display.php';
	require 'inc/template.php';
	require 'inc/database.php';
	require 'inc/user.php';
	
	// Check if banned
	checkBan();
			
	require 'inc/mod.php';
	
	if (get_magic_quotes_gpc()) {
		function strip_array($var) {
			return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
		}
		
		$_GET = strip_array($_GET);
		$_POST = strip_array($_POST);
	}
	
	$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
	
	// If not logged in
	if(!$mod) {
		if(isset($_POST['login'])) {
			// Check if inputs are set and not empty
			if(	!isset($_POST['username']) ||
				!isset($_POST['password']) ||
				empty($_POST['username']) ||
				empty($_POST['password'])
				) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
			
			
			if(!login($_POST['username'], $_POST['password'])) {
				if($config['syslog'])
					_syslog(LOG_WARNING, 'Unauthorized login attempt!');
				loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
			}
			
			modLog("Logged in.");
			
			// Login successful
			// Set cookies
			setCookies();
			
			// Redirect
			if(isset($_POST['redirect']))
				header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
			else
				header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
		} else {
			loginForm(false, false, '?' . $query);
		}
	} else {
		// Redirect (for index pages)
		if(count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r'])) {
			header('Location: ' . $_GET['r'], true, $_GET['status']);
			exit;
		}
		
		// A sort of "cache"
		// Stops calling preg_quote and str_replace when not needed; only does it once
		$regex = Array(
			'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
			'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
			'img' => preg_quote($config['dir']['img'], '/'),
			'thumb' => preg_quote($config['dir']['thumb'], '/'),
			'res' => preg_quote($config['dir']['res'], '/'),
			'index' => preg_quote($config['file_index'], '/')
		);
		
		if(preg_match('/^\/?$/', $query)) {
			// Dashboard
			$fieldset = Array(
				'Boards' => '',
				'Noticeboard' => '',
				'Administration' => '',
				'Themes' => '',
				'Search' => '',
				'Update' => '',
				'Logout' => ''
			);
			
			// Boards
			$fieldset['Boards'] .= ulBoards();
			
			if(hasPermission($config['mod']['noticeboard'])) {
				if(!$config['cache']['enabled'] || !($fieldset['Noticeboard'] = cache::get('noticeboard_preview'))) {
					$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
					$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
				
					$fieldset['Noticeboard'] .= '<li>';
				
					$_body = '';
					while($notice = $query->fetch()) {					
						$_body .= '<li><a href="?/noticeboard#' .
							$notice['id'] .
						'">' .
						($notice['subject'] ?
							$notice['subject']
						:
							'<em>' . _('no subject') . '</em>'
						) .
					'</a><span class="unimportant"> &mdash; by ' .
						(isset($notice['username']) ?
							utf8tohtml($notice['username'])
						: '<em>???</em>') .
					' at ' .
						strftime($config['post_date'], $notice['time']) .
					'</span></li>';
					}
					if(!empty($_body)) {
						$fieldset['Noticeboard'] .= '<ul>' . $_body . '</ul></li><li>';
					}
					if($config['cache']['enabled'])
						cache::set('noticeboard_preview', $fieldset['Noticeboard']);
				}
				
				$fieldset['Noticeboard'] .= '<a href="?/noticeboard">' . _('View all entries') . '</a></li>';
			
				$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
				$query->bindValue(':id', $mod['id']);
				$query->execute() or error(db_error($query));
				$count = $query->fetch();
				$count = $count['count'];
			
				$fieldset['Noticeboard'] .= '<li><a href="?/inbox">' . _('PM Inbox') . 
					($count > 0
					?
						' <strong>(' . $count . ' unread)</strong>'
					: '') .
				'</a></li>';
			
				$fieldset['Noticeboard'] .= '<li><a href="?/news">' . _('News') . '</a></li>';
			}
			
			
			if(hasPermission($config['mod']['reports'])) {
				$fieldset['Administration'] .= 	'<li><a href="?/reports">' . _('Report queue') . '</a></li>';
			}
			if(hasPermission($config['mod']['view_banlist'])) {
				$fieldset['Administration'] .= 	'<li><a href="?/bans">' . _('Ban list') . '</a></li>';
			}
			if(hasPermission($config['mod']['manageusers'])) {
				$fieldset['Administration'] .= 	'<li><a href="?/users">' . _('Manage users') . '</a></li>';
			} elseif(hasPermission($config['mod']['change_password'])) {
				$fieldset['Administration'] .= 	'<li><a href="?/users/' . $user['id'] . '">' . _('Change own password') . '</a></li>';
			}
			if(hasPermission($config['mod']['modlog'])) {
				$fieldset['Administration'] .= 	'<li><a href="?/log">' . _('Moderation log') . '</a></li>';
			}
			if(hasPermission($config['mod']['rebuild'])) {
				$fieldset['Administration'] .= 	'<li><a href="?/rebuild">' . _('Rebuild static files') . '</a></li>';
			}
			if(hasPermission($config['mod']['rebuild']) && $config['cache']['enabled']) {
				$fieldset['Administration'] .= 	'<li><a href="?/flush">' . _('Clear cache') . '</a></li>';
			}
			if(hasPermission($config['mod']['show_config'])) {
				$fieldset['Administration'] .= 	'<li><a href="?/config">' . _('Show configuration') . '</a></li>';
			}
			
			if(hasPermission($config['mod']['themes'])) {
				$fieldset['Themes'] .= 	'<li><a href="?/themes">' . _('Manage themes') . '</a></li>';
			}
			
			if(hasPermission($config['mod']['search'])) {
				$fieldset['Search'] .= 	'<li><form style="display:inline" action="?/search" method="post">' .
				'<label style="display:inline" for="search">' . _('Phrase:') . '</label> ' .
					'<input id="search" name="search" type="text" size="35" />' .
					'<input type="submit" value="' . _('Search') . '" />' .
				'</form>' .
					'<p class="unimportant">' . _('(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)') . '</p>' .
				'</li>';
			}
			
			if($mod['type'] >= ADMIN && $config['check_updates']) {
				if(!$config['version'])
					error('Could not find current version! (Check .installed)');
				if(isset($_COOKIE['update'])) {
					$latest = unserialize($_COOKIE['update']);
				} else {
					$ctx = stream_context_create(array( 
						'http' => array(
							'timeout' => 3
							) 
						) 
					);
					
					if($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) {
						eval($code);
						if(preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $m)) {
							$current = Array(
								'massive' => (int)$m[1],
								'major' => (int)$m[2],
								'minor' => (int)$m[3]
							);
							if(isset($m[4])) { 
								// Development versions are always ahead in the versioning numbers
								$current['minor'] --;
							}
						}
						// Check if it's newer
						if(	$latest['massive'] > $current['massive'] ||
							$latest['major'] > $current['major'] ||
								($latest['massive'] == $current['massive'] &&
									$latest['major'] == $current['major'] &&
									$latest['minor'] > $current['minor']
								)) {
							$latest = $latest;
						} else $latest = false;
					} else {
						// Couldn't get latest version
						// TODO: Display some sort of warning message
						$latest = false;
					}
					
					
					setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
				}
				
				if($latest) {
					$fieldset['Update'] .=
						'<li>A newer version of Tinyboard (<strong>v' .
							$latest['massive'] . '.' .
							$latest['major'] . '.' . 
							$latest['minor'] .
						'</strong>) is available! See <a href="http://tinyboard.org">http://tinyboard.org/</a> for upgrade instructions.</li>';
				}
			}
			
			$fieldset['Logout'] .= '<li><a href="?/logout">' . _('Logout') . '</a></li>';
			
			// TODO: Statistics, etc, in the dashboard.
			
			$body = '';
			foreach($fieldset as $title => $data) {
				if($data)
					$body .= '<fieldset><legend>' . _($title) . '</legend><ul>' . $data . '</ul></fieldset>';
			}
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('Dashboard'),
				'body'=>$body,
				'__mod'=>true
			));
		} elseif(preg_match('/^\/logout$/', $query)) {
			destroyCookies();
			
			header('Location: ?/', true, $config['redirect_http']);
		} elseif(preg_match('/^\/confirm\/(.+)$/', $query, $matches)) {
			$uri = &$matches[1];
			
			$body = '<p style="text-align:center">' .
			'<span class="heading" style="margin-bottom:6px">Are you sure you want to do that?</span>' .
				'We were unable to serve a confirmation dialog for ' .
					'<strong>?/' . utf8tohtml($uri) . '</strong>' .
				', probably due to Javascript being disabled.' .
			'</p>' .
			'<p style="text-align:center"><a style="margin:block;font-size:150%;font-weight:bold" href="?/' . utf8tohtml($uri) . '">Confirm</a></p>';
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'Confirm',
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/log(\/(\d+))?$/', $query, $match)) {
			if(!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']);
			
			$page = isset($match[2]) ? $match[2] : 1;
			
			$boards = Array();
			$_boards = listBoards();
			foreach($_boards as &$_b) {
				$boards[$_b['id']] = $_b['uri'];
			}
			
			$query = prepare("SELECT `mods`.`id`,`username`,`ip`,`board`,`time`,`text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit");
			$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
			$query->bindValue(':offset', ($page - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if(!$query->rowCount()) {
				$body = '<p class="unimportant" style="text-align:center">(Nothing to display.)</p>';
			} else {
				$body = '<table class="modlog">' . 
					'<tr>' . 
						'<th>' . _('User') . '</th>' . 
						'<th>' . _('IP address') . '</th>' .
						'<th>' . _('Ago') . '</th>' . 
						'<th>' . _('Board') . '</th>' . 
						'<th>' . _('Action') . '</th>' . 
					'</tr>';
				while($log = $query->fetch()) {
					$log_id = 'log_' . md5($log['text']);
					
					if($config['cache']['enabled'] && $_log = cache::get($log_id))
						$log['text'] = $_log;
					else {
					
						$log['text'] = utf8tohtml($log['text']);
						$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']);
					
						if(isset($boards[$log['board']])) {
							if(preg_match('/post #(\d+)/', $log['text'], $match)) {
								$post_query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $boards[$log['board']]));
								$post_query->bindValue(':id', $match[1], PDO::PARAM_INT);
								$post_query->execute() or error(db_error($query));
							
								if($post = $post_query->fetch()) {
									$log['text'] = preg_replace('/post (#(\d+))/',
										'post <a href="' .
											'?/' .
											sprintf($config['board_path'], $boards[$log['board']]) .
											$config['dir']['res'] .
											($post['thread'] ?
												sprintf($config['file_page'], $post['thread']) . '#' . $match[1]
											: sprintf($config['file_page'], $match[1])) .
										'">$1</a>', $log['text']);
								} else {
									$log['text'] = preg_replace('/post (#(\d+))/', 'post <s>$1</s>', $log['text']);
								}
								
								if($config['cache']['enabled'])
									cache::set($log_id, $log['text']);
							}
						}
					}
					
					$body .= '<tr>' .
					'<td class="minimal">' .
						($log['username'] ? 
							'<a href="?/new_PM/' . $log['id'] . '">' . $log['username'] . '</a>'
						: '<em>deleted?</em>') .
					'</td>' .
					'<td class="minimal"><a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a></td>' .
					'<td class="minimal">' . ago($log['time']) . '</td>' .
					'<td class="minimal">' .
						($log['board'] ?
							(isset($boards[$log['board']]) ?
								'<a href="?/' . sprintf($config['board_path'], $boards[$log['board']]) . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $boards[$log['board']]) . '</a></td>'
							: '<em>deleted?</em>')
						: '-') .
					'<td>' . $log['text'] . '</td>' .
					'</tr>';
				}
			
				$body .= '</table>';
				
				$query = prepare("SELECT COUNT(*) AS `count` FROM `modlogs`");
				$query->execute() or error(db_error($query));
				$count = $query->fetch();
				
				$body .= '<p class="unimportant" style="text-align:center;word-wrap:break-word">';
				for($x = 0; $x < $count['count'] / $config['mod']['modlog_page']; $x ++) {
					$body .= '<a href="?/log/' . ($x+1) . '">[' . ($x + 1) . ']</a> ';
				}
				$body .= '</p>';
			}
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('Moderation log'),
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/themes\/none$/', $query, $match)) {
			if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
			
			// Clearsettings
			query("TRUNCATE TABLE `theme_settings`") or error(db_error());
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'No theme',
				'body'=>'<p style="text-align:center">Successfully uninstalled all themes.</p>' .
					'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/themes\/([\w\-]+)\/rebuild$/', $query, $match)) {
			if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
			
			rebuildTheme($match[1], 'all');
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'Rebuilt',
				'body'=>'<p style="text-align:center">Successfully rebuilt the <strong>' . $match[1] . '</strong> theme.</p>' .
					'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/themes\/(\w+)\/uninstall$/', $query, $match)) {
			if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
			
			$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
			$query->bindValue(':theme', $match[1]);
			$query->execute() or error(db_error($query));
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'Uninstalled',
				'body'=>'<p style="text-align:center">Successfully uninstalled the <strong>' . $match[1] . '</strong> theme.</p>' .
					'<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>',
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/themes(\/([\w\-]+))?$/', $query, $match)) {
			if(!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']);
			
			if(!is_dir($config['dir']['themes']))
				error('Themes directory doesn\'t exist!');
			if(!$dir = opendir($config['dir']['themes']))
				error('Cannot open themes directory; check permissions.');
			
			if(isset($match[2])) {
				$_theme = &$match[2];
				
				if(!$theme = loadThemeConfig($_theme)) {
					error($config['error']['invalidtheme']);
				}
				
				if(isset($_POST['install'])) {
					// Check if everything is submitted
					foreach($theme['config'] as &$c) {
						if(!isset($_POST[$c['name']]) && $c['type'] != 'checkbox')
							error(sprintf($config['error']['required'], $c['title']));
					}
					
					// Clear previous settings
					$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
					$query->bindValue(':theme', $_theme);
					$query->execute() or error(db_error($query));
					
					foreach($theme['config'] as &$c) {
						$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)");
						$query->bindValue(':theme', $_theme);
						$query->bindValue(':name', $c['name']);
						$query->bindValue(':value', $_POST[$c['name']]);
						$query->execute() or error(db_error($query));
					}
					
					$query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)");
					$query->bindValue(':theme', $_theme);
					$query->execute() or error(db_error($query));
					
					$result = true;
					$body = '';
					if(isset($theme['install_callback'])) {
						$ret = $theme['install_callback'](themeSettings($_theme));
						if($ret && !empty($ret)) {
							if(is_array($ret) && count($ret) == 2) {
								$result = $ret[0];
								$ret = $ret[1];
							}
							$body .= '<div style="border:1px dashed maroon;padding:20px;margin:auto;max-width:800px">' . $ret . '</div>';
						}
					}
					
					if($result) {
						$body .= '<p style="text-align:center">Successfully installed and built theme.</p>';
					} else {
						// install failed
						$query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme");
						$query->bindValue(':theme', $_theme);
						$query->execute() or error(db_error($query));
					}
					
					$body .= '<p style="text-align:center"><a href="?/themes">Go back to themes</a>.</p>';
					
					// Build themes
					rebuildThemes('all');
					
					echo Element('page.html', Array(
						'config'=>$config,
						'title'=>($result ? 'Installed "' . utf8tohtml($theme['name']) . '"' : 'Installation failed!'),
						'body'=>$body,
						'mod'=>true
						)
					);
				} else {
					$body = '<form action="" method="post">';
					
					if(!isset($theme['config']) || empty($theme['config'])) {
						$body .= '<p style="text-align:center" class="unimportant">(No configuration required.)</p>';
					} else {
						$settings = themeSettings($_theme);
						
						$body .= '<table>';
						foreach($theme['config'] as &$c) {
							$body .= '<tr><th>' . $c['title'] . '</th><td>';
							switch($c['type']) {
								case 'text':
								default:
									$body .= '<input type="text" name="' . utf8tohtml($c['name']) . '" ' .
										(isset($settings[$c['name']]) ?
											' value="' . utf8tohtml($settings[$c['name']]) . '" '
										:
											(isset($c['default']) ?
												'value="' . utf8tohtml($c['default']) . '" '
											: '')
										) .
										(isset($c['size']) ? 'size="' . (int)$c['size'] . '" ' :'') .
									'/>';
							}
							if(isset($c['comment']))
								$body .= ' <span class="unimportant">' . $c['comment'] . '</span>';
							$body .= '</td></tr>';
						}
						$body .= '</table>';
					}
					
					$body .= '<p style="text-align:center"><input name="install" type="submit" value="Install theme" /></p></form>';
					
					echo Element('page.html', Array(
						'config'=>$config,
						'title'=>'Installing "' . utf8tohtml($theme['name']) . '"',
						'body'=>$body,
						'mod'=>true
						)
					);
				}
			} else {
				
				$themes_in_use = Array();
				$query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
				while($theme = $query->fetch()) {
					$themes_in_use[$theme['theme']] = true;
				}
				
				// Scan directory for themes
				$themes = Array();
				while($file = readdir($dir)) {
					if($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
						$themes[] = $file;
					}
				}
				closedir($dir);
				
				$body = '';
				if(empty($themes)) {
					$body = '<p style="text-align:center" class="unimportant">(No themes installed.)</p>';
				} else {
					$body .= '<table class="modlog">';
					foreach($themes as &$_theme) {
						$theme = loadThemeConfig($_theme);
						
						markup($theme['description']);
						
						$body .= '<tr>' .
									'<th class="minimal">' . _('Name') . '</th>' .
									'<td>' . utf8tohtml($theme['name']) . '</td>' .
								'</tr>' .
								'<tr>' .
									'<th class="minimal">' . _('Version') . '</th>' .
									'<td>' . utf8tohtml($theme['version']) . '</td>' .
								'</tr>' .
								'<tr>' .
									'<th class="minimal">' . _('Description') . '</th>' .
									'<td>' . $theme['description'] . '</td>' .
								'</tr>' .
								'<tr>' .
									'<th class="minimal">' . _('Thumbnail') . '</th>' .
									'<td><img style="float:none;margin:4px' . 
										(isset($themes_in_use[$_theme]) ?
											';border:2px solid red;padding:4px'
										: '') .
										'" src="' . $config['dir']['themes_uri'] . '/' . $_theme . '/thumb.png" /></td>' .
								'</tr>' .
								'<tr>' .
									'<th class="minimal">' . _('Actions') . '</th>' .
									'<td><ul style="padding:0 20px">' .
										'<li><a title="' . _('Use theme') . '" href="?/themes/' . $_theme . '">' .
											(isset($themes_in_use[$_theme]) ? _('Reconfigure') : _('Install')) .
										'</a></li>' .
										(isset($themes_in_use[$_theme]) ?
											'<li><a href="?/themes/' . $_theme . '/rebuild">' . _('Rebuild') . '</a></li>' .
											'<li><a href="?/themes/' . $_theme . '/uninstall">' . _('Uninstall') . '</a></li>'
										:
											'') .
									'</ul></td>' .
								'</tr>' .
								'<tr style="height:40px"><td colspan="2"><hr/></td></tr>';
					}
					$body .= '</table>';
				}
				
				if(!empty($themes_in_use))
					$body .= '<p style="text-align:center"><a href="?/themes/none">' . _('Uninstall all themes.') . '</a></p>';
				
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>_('Manage themes'),
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/noticeboard\/delete\/(\d+)$/', $query, $match)) {
			if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
			
			$query = prepare("DELETE FROM `noticeboard` WHERE `id` = :id");
			$query->bindValue(':id', $match[1], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if($config['cache']['enabled'])
				cache::delete('noticeboard_preview');
			
			header('Location: ?/noticeboard', true, $config['redirect_http']);
		} elseif(preg_match('/^\/noticeboard$/', $query)) {
			if(!hasPermission($config['mod']['noticeboard'])) error($config['error']['noaccess']);
			
			$body = '';
			
			if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
					$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
					$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
					$query->bindvalue(':time', time(), PDO::PARAM_INT);
					$query->bindValue(':subject', utf8tohtml($_POST['subject']));
					
					markup($_POST['body']);
					$query->bindValue(':body', $_POST['body']);
					$query->execute() or error(db_error($query));
					
					if($config['cache']['enabled'])
						cache::delete('noticeboard_preview');
					
					header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']);
			} else {
				
				if(hasPermission($config['mod']['noticeboard_post'])) {
					$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
					'<tr>' .
						'<th><label for="subject">' . _('Name') . '</label></th>' .
						'<td>' . $mod['username'] . '</td>' .
					'</tr><tr>' .
						'<th>' . _('Subject') . '</th>' .
						'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
					'</tr><tr>' .
						'<th>' . _('Body') . '</th>' .
						'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
					'</tr><tr>' .
						'<td></td><td><input type="submit" value="' . _('Post to noticeboard') . '" /></td>' .
					'</tr></table>' .
					'</form></fieldset>';
				}
				
				$query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
				$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				while($notice = $query->fetch()) {
					$body .= '<div class="ban">' .
						(hasPermission($config['mod']['noticeboard_delete']) ?
							'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice['id'] . '">[delete]</a></span>'
						: '') .
					'<h2 id="' . $notice['id'] . '">' .
						($notice['subject'] ?
							$notice['subject']
						:
							'<em>' . _('no subject') . '</em>'
						) .
					'<span class="unimportant"> &mdash; by ' .
						(isset($notice['username']) ?
							utf8tohtml($notice['username'])
						:
							'<em>???</em>'
						) .
					' at ' .
						strftime($config['post_date'], $notice['time']) .
					'</span></h2><p>' . $notice['body'] . '</p></div>';
				}
			
			
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>_('Noticeboard'),
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
			if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);
			
			$query = prepare("DELETE FROM `news` WHERE `id` = :id");
			$query->bindValue(':id', $match[1], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			rebuildThemes('news');
			
			header('Location: ?/news', true, $config['redirect_http']);
		} elseif(preg_match('/^\/news$/', $query)) {			
			$body = '';
			
			if(hasPermission($config['mod']['news'])) {
				if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
					$query = prepare("INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)");
					
					if(isset($_POST['name']) && hasPermission($config['mod']['news_custom']))
						$name = &$_POST['name'];
					else
						$name = &$mod['username'];
					
					$query->bindValue(':name', utf8tohtml($name), PDO::PARAM_INT);
					$query->bindvalue(':time', time(), PDO::PARAM_INT);
					$query->bindValue(':subject', utf8tohtml($_POST['subject']));
					
					markup($_POST['body']);
					$query->bindValue(':body', $_POST['body']);
					$query->execute() or error(db_error($query));
					
					rebuildThemes('news');
				}
				
				$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
				'<tr>' .
					'<th>' . _('Name') . '</th>' .
					(hasPermission($config['mod']['news_custom']) ?
						'<td><input type="text" size="55" name="name" id="name" value="' . utf8tohtml($mod['username']) . '" /></td>'
					:
						'<td>' . $mod['username'] . '</td>') .
				'</tr><tr>' .
					'<th>' . _('Subject') . '</th>' .
					'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
				'</tr><tr>' .
					'<th>' . _('Body') . '</th>' .
					'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
				'</tr><tr>' .
					'<td></td><td><input type="submit" value="' . _('Post to news') . '" /></td>' .
				'</tr></table>' .
				'</form></fieldset>';
			}
			
			$query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :limit");
			$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			while($news = $query->fetch()) {			
				$body .= '<div class="ban">' .
					(hasPermission($config['mod']['news_delete']) ?
						'<span style="float:right;padding:2px"><a class="unimportant" href="?/news/delete/' . $news['id'] . '">[delete]</a></span>'
					: '') .
				'<h2 id="' . $news['id'] . '">' .
					($news['subject'] ?
						$news['subject']
					:
						'<em>' . _('no subject') . '</em>'
					) .
				'<span class="unimportant"> &mdash; by ' .
					$news['name'] .
				' at ' .
					strftime($config['post_date'], $news['time']) .
				'</span></h2><p>' . $news['body'] . '</p></div>';
			}
			
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('News'),
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/inbox\/readall$/', $query, $match)) {
			$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `to` = :id");
			$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			modLog('Marked all PMs as read');
			
			header('Location: ?/inbox', true, $config['redirect_http']);
		} elseif(preg_match('/^\/inbox$/', $query, $match)) {
			$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if($query->rowCount() == 0) {
				$body = '<p style="text-align:center" class="unimportant">(' . _('No private messages for you.') . ')</p>';
			} else {
				$unread_pms = 0;
				
				$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>';
				while($pm = $query->fetch()) {
					$body .= '<tr' . ($pm['unread'] ? ' style="font-weight:bold"' : '') . '>' . 
							'<td class="minimal"><a href="?/PM/' . $pm['id'] . '">' . $pm['id'] . '</a></td>' .
							'<td class="minimal">' .
								($pm['username'] ?
									'<a href="?/new_PM/' . $pm['sender'] . '">' . $pm['username'] . '</a>'
								: '<em>deleted?</em>') .
							'</td>' .
							'<td class="minimal">' . strftime($config['post_date'], $pm['time']) . '</td>' .
							'<td><a href="?/PM/' . $pm['id'] . '">' . pm_snippet($pm['message']) . '</a></td>' .
						'</tr>';
					
					if($pm['unread'])
						$unread_pms++;
				}
				$body .= '</table>';
				
				if($unread_pms) {
					$body = '<p style="text-align:center" class="unimportant">(<a href="?/inbox/readall">Mark all as read</a>)</p>' . $body;
				}
			}
			
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('PM Inbox') . ' (' . ($query->rowCount() == 0 ? _('empty') : $unread_pms . ' ' . _('unread')) . ')',
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
			$id = &$match[1];
			
			if(hasPermission($config['mod']['master_pm'])) {
				$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id");
			} else {
				$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `unread`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
			}
			
			$query->bindValue(':id', $id, PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if(!$pm = $query->fetch()) {
				// Mod doesn't exist
				error($config['error']['404']);
			}
			
			if(isset($_POST['delete'])) {
				$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
				$query->bindValue(':id', $id, PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				modLog('Deleted a PM');
				
				header('Location: ?/inbox', true, $config['redirect_http']);
			} else {
				if($pm['unread']) {
					$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
					$query->bindValue(':id', $id, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					modLog('Read a PM');
				}
				
				if($pm['to'] != $mod['id']) {
					$query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
					$query->bindValue(':id', $pm['to'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					if($_mod = $query->fetch()) {
						$__to = &$_mod['username'];
					} else {
						$__to = false;
					}
				}
				
				$body = '<form action="" method="post" style="margin:0"><table>' . 
				
				'<th>From</th><td>' .
					(!$pm['username'] ?
						'<em>???</em>'
					:
						'<a href="?/new_PM/' . $pm['sender'] . '">' . utf8tohtml($pm['username']) . '</a>'
					) .
				'</td></tr>' .
				
				(isset($__to) ?
					'<th>To</th><td>' .
						($__to === false ?
							'<em>???</em>'
						:
							'<a href="?/new_PM/' . $pm['to'] . '">' . utf8tohtml($__to) . '</a>'
						) .
					'</td></tr>'
				: '') .
				
				'<tr><th>Date</th><td> ' . strftime($config['post_date'], $pm['time']) . '</td></tr>' .
				
				'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
				
				'</table>' . 
				
				'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
				
				'</form>' .
				
				'<p style="text-align:center"><a href="?/new_PM/' . $pm['sender'] . '/' . $pm['id'] . '">Reply with quote</a></p>';
				
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'Private message',
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/new_PM\/(\d+)(\/(\d+))?$/', $query, $match)) {
			if(!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']);
			
			$to = &$match[1];
			
			$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
			$query->bindValue(':id', $to, PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if(!$to = $query->fetch()) {
				// Mod doesn't exist
				error($config['error']['404']);
			}
			
			if(isset($_POST['message'])) {
				// Post message
				$message = &$_POST['message'];
				
				if(empty($message))
					error($config['error']['tooshort_body']);
				
				markup($message);
				
				$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
				$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
				$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
				$query->bindValue(':message', $message);
				$query->bindValue(':time', time(), PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				modLog('Sent a PM to ' . $to['username']);
				
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'PM sent',
					'body'=>'<p style="text-align:center">Message sent successfully to ' . utf8tohtml($to['username']) . '.</p>',
					'mod'=>true
					)
				);
			} else {
				$value = '';
				if(isset($match[3])) {
					$reply = &$match[3];
					
					$query = prepare("SELECT `message` FROM `pms` WHERE `sender` = :sender AND `to` = :mod AND `id` = :id");
					$query->bindValue(':sender', $to['id'], PDO::PARAM_INT);
					$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
					$query->bindValue(':id', $reply, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					if($pm = $query->fetch()) {
						$value = quote($pm['message']);
					}
				}
				
				
				$body = '<form action="" method="post">' .
				
				'<table>' . 
				
				'<tr><th>To</th><td>' .
					(hasPermission($config['mod']['editusers']) ?
						'<a href="?/users/' . $to['id'] . '">' . utf8tohtml($to['username']) . '</a>' :
						utf8tohtml($to['username'])
					) .
				'</td>' .
				
				'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40">' . $value . '</textarea></td>' .
				
				'</table>' .
				
				'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
				
				'</form>';
				
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'New PM for ' . utf8tohtml($to['username']),
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/search$/', $query)) {
			if(!hasPermission($config['mod']['search'])) error($config['error']['noaccess']);
			
			$body = '<div class="ban"><h2>Search</h2><form style="display:inline" action="?/search" method="post">' .
				'<p><label style="display:inline" for="search">Phrase:</label> ' .
					'<input id="search" name="search" type="text" size="35" ' .
						(isset($_POST['search']) ? 'value="' . utf8tohtml($_POST['search']) . '" ' : '') .
					'/>' .
					'<input type="submit" value="Search" />' .
				'</p></form>' .
					'<p><span class="unimportant">(Search is case-insensitive, and based on keywords. To match exact phrases, use "quotes". Use an asterisk (*) for wildcard.)</span></p>' .
				'</div>';
			
			if(isset($_POST['search']) && !empty($_POST['search'])) {
				$phrase = &$_POST['search'];
				$_body = '';
				
				// Escape escape character
				$phrase = str_replace('!', '!!', $phrase);
				
				// Remove SQL wildcard
				$phrase = str_replace('%', '!%', $phrase);
				
				// Use asterisk as wildcard to suit convention
				$phrase = str_replace('*', '%', $phrase);
				
				$like = '';
				$match = Array();
				
				// Find exact phrases
				if(preg_match_all('/"(.+?)"/', $phrase, $m)) {
					foreach($m[1] as &$quote) {
						$phrase = str_replace("\"{$quote}\"", '', $phrase);
						$match[] = $pdo->quote($quote);
					}
				}
				
				$words = explode(' ', $phrase);
				foreach($words as &$word) {
					if(empty($word))
						continue;
					$match[] = $pdo->quote($word);
				}
				
				$like = '';
				foreach($match as &$phrase) {
					if(!empty($like))
						$like .= ' AND ';
					$phrase = preg_replace('/^\'(.+)\'$/', '\'%$1%\'', $phrase);
					$like .= '`body` LIKE ' . $phrase . ' ESCAPE \'!\'';
				}
				
				$like = str_replace('%', '%%', $like);
				
				$boards = listBoards();
				foreach($boards as &$_b) {
					openBoard($_b['uri']);
					
					$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
					$query->bindValue(':limit', $config['mod']['search_results'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					$temp = '';
					while($post = $query->fetch()) {
						if(!$post['thread']) {
							$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
						} else {
							$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
						}
						$temp .= $po->build(true) . '<hr/>';
					}
					
					if(!empty($temp))
						$_body .= '<fieldset><legend>' . $query->rowCount() . ' result' . ($query->rowCount() != 1 ? 's' : '') . ' on <a href="?/' .
								sprintf($config['board_path'], $board['uri']) . $config['file_index'] .
						'">' .
						sprintf($config['board_abbreviation'], $board['uri']) . ' - ' . $board['title'] .
						'</a></legend>' . $temp . '</fieldset>';
				}
				
				$body .= '<hr/>';
				if(!empty($_body))
					$body .= $_body;
				else
					$body .= '<p style="text-align:center" class="unimportant">(No results.)</p>';
			}
				
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'Search',
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/users$/', $query)) {
			if(!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']);
			
			$body = '<form action="" method="post"><table class="modlog" style="width:auto"><tr><th>' . _('ID') . '</th><th>' . _('Username') . '</th><th>' . _('Type') . '</th><th>' . _('Boards') . '</th><th>' . _('Last action') . '</th><th>&hellip;</th></tr>';
			
			$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
			while($_mod = $query->fetch()) {				
				$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
				
				$_mod['boards'] = explode(',', $_mod['boards']);
				foreach($_mod['boards'] as &$_board) {
					if($_board != '*')
						$_board = '/' . $_board . '/';
				}
				
				$body .= '<tr>' .
					'<td>' .
						$_mod['id'] .
					'</td>' .
					
					'<td>' .
						utf8tohtml($_mod['username']) .
					'</td>' .
					
					'<td>' .
						$type .
					'</td>' .
					
					'<td>' .
						implode(', ', $_mod['boards']) .
					'</td>' .
					
					'<td>' .
						($_mod['last'] ?
							(hasPermission($config['mod']['modlog']) ?
								'<span title="' . str_replace('"', '&quot;', utf8tohtml($_mod['action'])) . '">' . ago($_mod['last']) . '</span>'
							: ago($_mod['last']))
						: '<em>never</em>') .
					'</td>' .
					
					'<td style="white-space:nowrap">' .
						(hasPermission($config['mod']['promoteusers']) ?
							($_mod['type'] != ADMIN ?
								'<a style="float:left;text-decoration:none" href="?/users/' . $_mod['id'] . '/promote" title="Promote">▲</a>'
							:'') .
							($_mod['type'] != JANITOR ?
								'<a style="float:left;text-decoration:none" href="?/users/' . $_mod['id'] . '/demote" title="Demote">▼</a>'
							:'')
						: ''
						) .
						(hasPermission($config['mod']['editusers']) ||
						(hasPermission($config['mod']['change_password']) && $_mod['id'] == $mod['id'])?
							'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
						: '' ) .
						(hasPermission($config['mod']['create_pm']) ?
							'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod['id'] . '">[PM]</a>'
						: '' ) .
					'</td></tr>';
			}
			
			$body .= '</table>';
			
			if(hasPermission($config['mod']['createusers'])) {
				$body .= '<p style="text-align:center"><a href="?/users/new">' . _('Create new user') . '</a></p>';
			}
			
			$body .= '</form>';
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('Manage users'),
				'body'=>$body
				,'mod'=>true
				)
			);
		} elseif(preg_match('/^\/users\/new$/', $query)) {
			if(!hasPermission($config['mod']['createusers'])) error($config['error']['noaccess']);
			
			if(isset($_POST['username']) && isset($_POST['password'])) {
				if(!isset($_POST['type'])) {
					error(sprintf($config['error']['required'], 'type'));
				}
				
				if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
					error(sprintf($config['error']['invalidfield'], 'type'));
				}
				
				// Check if already exists
				$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
				$query->bindValue(':username', $_POST['username']);
				$query->execute() or error(db_error($query));
				
				if($_mod = $query->fetch()) {
					error(sprintf($config['error']['modexists'], $_mod['id']));
				}
				
				$boards = Array();
				foreach($_POST as $name => $null) {
					if(preg_match('/^board_(.+)$/', $name, $m))
						$boards[] = $m[1];
				}
				$boards = implode(',', $boards);
				
				$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type, :boards)");
				$query->bindValue(':username', $_POST['username']);
				$query->bindValue(':password', sha1($_POST['password']));
				$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
				$query->bindValue(':boards', $boards);
				$query->execute() or error(db_error($query));
				
				modLog('Create a new user: "' . $_POST['username'] . '"');
				header('Location: ?/users', true, $config['redirect_http']);
			} else {
			
				$__boards = '<ul style="list-style:none;padding:2px 5px">';			
				$boards = array_merge(
						Array(Array('uri' => '*', 'title' => 'All')
					), listBoards());
				foreach($boards as &$_board) {
					$__boards .= '<li>' .
						'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '">' .
						'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
							($_board['uri'] == '*' ?
								'<em>"*"</em>'
							:
								sprintf($config['board_abbreviation'], $_board['uri'])
							) .
							' - ' . $_board['title'] .
						'</label>' .
						'</li>';
				}
			
				$body = '<fieldset><legend>New user</legend>' . 
				
					// Begin form
					'<form style="text-align:center" action="" method="post">' .
				
					'<table>' .
				
					'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
					'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
					'<tr><th>Type</th><td>' .
						'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
						'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
						'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
					'</td></tr>' .
					'<tr><th>Boards</th><td>' . $__boards . '</td></tr>' .
					'</table>' .
				
					'<input style="margin-top:10px" type="submit" value="Create user" />' .
				
					// End form
					'</form></fieldset>';
				
					echo Element('page.html', Array(
						'config'=>$config,
						'title'=>'New user',
						'body'=>$body
						,'mod'=>true
						)
					);
				}
		} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
			$modID = &$matches[1];
			
			if(isset($matches[2])) {
				if($matches[3] == 'delete') {
					if(!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']);
					
					$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
					$query->bindValue(':id', $modID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					modLog('Deleted user #' . $modID);
				} else {
					// Promote/demote
					if(!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']);
					
					if($matches[3] == 'promote') {
						$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
						$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
					} else {
						$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
						$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
					}
					
					$query->bindValue(':id', $modID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
				}
				header('Location: ?/users', true, $config['redirect_http']);
			} else {
				// Edit user
				if(!hasPermission($config['mod']['editusers']) && !hasPermission($config['mod']['change_password']))
					error($config['error']['noaccess']);
				
				$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
				$query->bindValue(':id', $modID, PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				if(!$_mod = $query->fetch()) {
					error($config['error']['404']);
				}
				
				if(!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $mod['id'] == $_mod['id'] && $change_password_only = true))
					error($config['error']['noaccess']);
				
				if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
					if(!isset($change_password_only)) {
						$boards = Array();
						foreach($_POST as $name => $null) {
							if(preg_match('/^board_(.+)$/', $name, $m))
								$boards[] = $m[1];
						}
						$boards = implode(',', $boards);
						
						$query = prepare("UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id");
						$query->bindValue(':username', $_POST['username'], PDO::PARAM_STR);
						$query->bindValue(':boards', $boards, PDO::PARAM_STR);
						$query->bindValue(':id', $modID, PDO::PARAM_INT);
						$query->execute() or error(db_error($query));
						modLog('Edited login details for user "' . $_mod['username'] . '"');
					} else {
						modLog('Changed own password');
					}
					if(!empty($_POST['password'])) {
						$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
						$query->bindValue(':password', sha1($_POST['password']));
						$query->bindValue(':id', $modID, PDO::PARAM_INT);
						$query->execute() or error(db_error($query));
					}
					
					// Refresh
					$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
					$query->bindValue(':id', $modID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					if(!$_mod = $query->fetch()) {
						error($config['error']['404']);
					}
					
					if($_mod['id'] == $mod['id']) {
						// Changed own password. Update cookies
						
						if(!login($_mod['username'], $_mod['password'], false, true))
							error('Could not re-login after changing password. (?)');
						
						setCookies();
					}
					
					if(hasPermission($config['mod']['manageusers']))
						header('Location: ?/users', true, $config['redirect_http']);
					else
						header('Location: ?/', true, $config['redirect_http']);
					exit;
				}
				
				$__boards = '<ul style="list-style:none;padding:2px 5px">';
				$boards = array_merge(
						Array(Array('uri' => '*', 'title' => 'All')
					), listBoards());
				
				$_mod['boards'] = explode(',', $_mod['boards']);
				foreach($boards as &$_board) {
					$__boards .= '<li>' .
						'<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"' .
							(in_array($_board['uri'], $_mod['boards']) ? 
								' checked="checked"'
							: '') .
						'/> ' . 
						'<label style="display:inline" for="board_' . $_board['uri'] . '">' .
							($_board['uri'] == '*' ?
								'<em>"*"</em>'
							:
								sprintf($config['board_abbreviation'], $_board['uri'])
							) .
							' - ' . $_board['title'] .
						'</label>' .
						'</li>';
				}
				$__boards .= '</ul>';
				
				$body = '<fieldset><legend>Edit user</legend>' . 
				
				// Begin form
				'<form style="text-align:center" action="" method="post">' .
				
				'<table>' .
				
				'<tr><th>Username</th><td>' . 
				
				(isset($change_password_only) ?
					utf8tohtml($_mod['username'])
				: '<input size="20" maxlength="30" type="text" name="username" value="' . utf8tohtml($_mod['username']) . '" autocomplete="off" />') .
				
				'</td></tr>' .
				'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
				
				(isset($change_password_only) ? '' :
					'<tr><th>Boards</th><td>' . $__boards . '</td></tr>'
				) .
				
				'</table>' .
				
				'<input type="submit" value="Save changes" />' .
				
				// End form
				'</form> ' .
				
				// Delete button
				(hasPermission($config['mod']['deleteusers']) ?
					'<p style="text-align:center"><a href="?/users/' . $_mod['id'] . '/delete">Delete user</a></p>'
				:'') .
				
				'</fieldset>';
				
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'Edit user',
					'body'=>$body
					,'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/reports$/', $query)) {
			if(!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']);
			
			$body = '';
			$reports = 0;
			
			$query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit");
			$query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			while($report = $query->fetch()) {
				$p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri']));
				$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
				$p_query->execute() or error(db_error($query));
				
				if(!$post = $p_query->fetch()) {
					// Invalid report (post has since been deleted)
					$p_query = prepare("DELETE FROM `reports` WHERE `post` = :id");
					$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
					$p_query->execute() or error(db_error($query));
					continue;
				}
				
				$reports++;
				openBoard($report['uri']);
				
				if(!$post['thread']) {
					$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
				} else {
					$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['embed'], '?/', $mod);
				}
				
				$append_html =
					'<div class="report">' .
						'<hr/>' .
						'Board: <a href="?/' . $report['uri'] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $report['uri']) . '</a><br/>' .
						'Reason: ' . $report['reason'] . '<br/>' .
						'Report date: ' . strftime($config['post_date'], $report['time']) . '<br/>' .
						(hasPermission($config['mod']['show_ip']) ?
							'Reported by: <a href="?/IP/' . $report['ip'] . '">' . $report['ip'] . '</a><br/>'
						: '') .
						'<hr/>' .
							(hasPermission($config['mod']['report_dismiss']) ?
								'<a title="Discard abuse report" href="?/reports/' . $report['id'] . '/dismiss">Dismiss</a> | ' : '') .
							(hasPermission($config['mod']['report_dismiss_ip']) ?
								'<a title="Discard all abuse reports by this user" href="?/reports/' . $report['id'] . '/dismiss/all">Dismiss+</a>' : '') .
					'</div>';
				
				// Bug fix for https://github.com/savetheinternet/Tinyboard/issues/21
				$po->body = truncate($po->body, $po->link(), $config['body_truncate'] - substr_count($append_html, '<br/>'));
				
				if(mb_strlen($po->body) + mb_strlen($append_html) > $config['body_truncate_char']) {
					// still too long. temporarily increase limit in the config
					$__old_body_truncate_char = $config['body_truncate_char'];
					$config['body_truncate_char'] = mb_strlen($po->body) + mb_strlen($append_html);
				}
				
				$po->body .= $append_html;
				
				$body .= $po->build(true) . '<hr/>';
				
				if(isset($__old_body_truncate_char))
					$config['body_truncate_char'] = $__old_body_truncate_char;
			}
			
			$query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error());
			$count = $query->fetch();
			
			$body .= '<p class="unimportant" style="text-align:center">Showing ' . 
				($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.</p>';
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('Report queue') . ' (' . $count['count'] . ')',
				'body'=>$body,
				'mod'=>true
			));
		} elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) {
			if(isset($matches[2]) && $matches[2] == '/all') {
				if(!hasPermission($config['mod']['report_dismiss_ip'])) error($config['error']['noaccess']);
				
				$query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id");
				$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				if($report = $query->fetch()) {
					$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
					$query->bindValue(':ip', $report['ip'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					modLog('Dismissed all reports by ' . $report['ip']);
				}
			} else {
				if(!hasPermission($config['mod']['report_dismiss'])) error($config['error']['noaccess']);
				
				$query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id");
				$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				if($report = $query->fetch()) {
					modLog('Dismissed a report for post #' . $report['post'], $report['board']);
					
					$query = prepare("DELETE FROM `reports` WHERE `post` = :post");
					$query->bindValue(':post', $report['post'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
				}
			}
			
			// Redirect
			header('Location: ?/reports', true, $config['redirect_http']);
		} elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) {
			if(!hasPermission($config['mod']['manageboards'])) error($config['error']['noaccess']);
			
			if(!openBoard($matches[1]))
				error($config['error']['noboard']);
			
			if(isset($matches[2]) && $matches[2] == '/delete') {
				if(!hasPermission($config['mod']['deleteboard'])) error($config['error']['noaccess']);
				// Delete board
				
				modLog('Deleted board ' . sprintf($config['board_abbreviation'], $board['uri']));
				
				// Delete entire board directory
				rrmdir($board['uri'] . '/');
				
				// Delete posting table
				$query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error());
				
				// Clear reports
				$query = prepare("DELETE FROM `reports` WHERE `board` = :id");
				$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				// Delete from table
				$query = prepare("DELETE FROM `boards` WHERE `id` = :id");
				$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				if($config['cache']['enabled']) {
					cache::delete('board_' . $board['uri']);
					cache::delete('all_boards');
				}
				
				$query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board");
				$query->bindValue(':board', $board['uri']);
				$query->execute() or error(db_error($query));
				while($cite = $query->fetch()) {
					if($board['uri'] != $cite['board']) {
						if(!isset($tmp_board))
							$tmp_board = $board;
						openBoard($cite['board']);
						rebuildPost($cite['post']);
					}
				}
				
				if(isset($tmp_board))
					$board = $tmp_board;
				
				$query = prepare("DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board");
				$query->bindValue(':board', $board['uri']);
				$query->execute() or error(db_error($query));
				
				rebuildThemes('boards');
				
				header('Location: ?/', true, $config['redirect_http']);
			} else {
				if(isset($_POST['title']) && isset($_POST['subtitle'])) {
					$query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id");
					$query->bindValue(':title', utf8tohtml($_POST['title'], true));
					
					if(!empty($_POST['subtitle']))
						$query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true));
					else
						$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
					
					$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					if($config['cache']['enabled']) {
						cache::delete('board_' . $board['uri']);
						cache::delete('all_boards');
					}
					
					rebuildThemes('boards');
					
					openBoard($board['uri']);
				}
				
				$body =
				'<fieldset><legend><a href="?/' .
				$board['uri'] .	'/' . $config['file_index'] . '">' .
				sprintf($config['board_abbreviation'], $board['uri']) . '</a>' . 
				' - ' . $board['name'] . '</legend>' . 
				
				// Begin form
				'<form style="text-align:center" action="" method="post">' .
				
				'<table>' .
				
				'<tr><th>URI</th><td>' . $board['uri'] . '</td>' .
				'<tr><th>Title</th><td><input size="20" maxlength="20" type="text" name="title" value="' . $board['name'] . '" /></td></tr>' .
				'<tr><th>Subtitle</th><td><input size="20" maxlength="40" type="text" name="subtitle" value="' .
					(isset($board['title']) ? $board['title'] : '') . '" /></td></tr>' .
				
				'</table>' .
				
				'<input type="submit" value="Update" />' .
				
				// End form
				'</form> ' .
				
				// Delete button
				(hasPermission($config['mod']['deleteboard']) ?
					'<p style="text-align:center"><a href="?/board/' . $board['uri'] . '/delete">Delete board</a></p>'
				:'') .
				
				'</fieldset>';
				
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'Manage &ndash; ' . sprintf($config['board_abbreviation'], $board['uri']),
					'body'=>$body,
					'mod'=>true
				));
			}
		} elseif(preg_match('/^\/bans$/', $query)) {
			if(!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']);
			
			if(isset($_POST['unban'])) {
				if(!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']);
				
				foreach($_POST as $post => $value) {
					if(preg_match('/^ban_(\d+)$/', $post, $m)) {
						removeBan($m[1]);
					}
				}
			}
			if(hasPermission($config['mod']['view_banexpired'])) {
				$query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC");
				$query->bindValue(':time', time(), PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
			} else {
				// Filter out expired bans
				$query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC");
				$query->bindValue(':time', time(), PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
			}
			
			if($query->rowCount() < 1) {
				$body = '<p style="text-align:center" class="unimportant">(There are no active bans.)</p>';
			} else {
				$body = '<form action="" method="post">';
				$body .= '<table><tr><th>' . _('IP address') . '</th><th>' . _('Reason') . '</th><th>' . _('Board') . '</th><th>' . _('Set') . '</th><th>' . _('Expires') . '</th><th>' . _('Staff') . '</th></tr>';
				
				while($ban = $query->fetch()) {
					$body .=
						'<tr' .
							($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
								' style="text-decoration:line-through"'
							:'') .
						'>' .
					
					'<td style="white-space: nowrap">' .
					
					// Checkbox
					'<input type="checkbox" name="ban_' . $ban['id'] . '" id="ban_' . $ban['id'] . '" /> ' .
					
					// IP address
					(preg_match('/^(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $ban['ip']) ?
						'<a href="?/IP/' .
							$ban['ip'] .
						'">'. $ban['ip'] . '</a>'
					: utf8tohtml($ban['ip'])) .
					
					'</td>' .
					
					// Reason
					'<td>' . ($ban['reason'] ? $ban['reason'] : '<em>-</em>') . '</td>' .
					
					
					'<td style="white-space: nowrap">' .
					(isset($ban['uri']) ?
						sprintf($config['board_abbreviation'], $ban['uri'])
					:
						'<em>' . _('all boards') . '</em>'
					) . '</td>' .
					
					// Set
					'<td style="white-space: nowrap">' . strftime($config['post_date'], $ban['set']) . '</td>' .
					
					// Expires
					'<td style="white-space: nowrap">' . 
						($ban['expires'] == 0 ?
							'<em>Never</em>'
						:
							strftime($config['post_date'], $ban['expires'])
						) .
					'</td>' .
					
					// Staff
					'<td>' .
						(isset($ban['username']) ?
							(!hasPermission($config['mod']['view_banstaff']) ?
								($config['mod']['view_banquestionmark'] ?
									'?'
								:
									($ban['type'] == JANITOR ? 'Janitor' :
									($ban['type'] == MOD ? 'Mod' :
									($ban['type'] == ADMIN ? 'Admin' :
									'?')))
								)
							:
								utf8tohtml($ban['username'])
							)
						:
							'<em>deleted?</em>'
						) .
					'</td>' .
					
					'</tr>';
				}
				
				$body .= '</table>' .
				
				(hasPermission($config['mod']['unban']) ?
					'<p style="text-align:center"><input name="unban" type="submit" value="Unban selected" /></p>'
				: '') .
				
				'</form>';
			}
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('Ban list'),
				'body'=>$body,
				'mod'=>true
			)
		);
		} elseif(preg_match('/^\/flush$/', $query)) {
			if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
			if(!$config['cache']['enabled']) error('Cache is not enabled.');
			
			if(cache::flush()) {
				$body = 'Successfully invalidated all items in cache.';
				modLog('Cleared cache');
			} else {
				$body = 'An error occured while trying to flush cache.';
			}
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'Flushed',
				'body'=>'<p style="text-align:center">' . $body . '</p>',
				'mod'=>true
			));
		} elseif(preg_match('/^\/rebuild$/', $query)) {
			if(!hasPermission($config['mod']['rebuild'])) error($config['error']['noaccess']);
			
			set_time_limit($config['mod']['rebuild_timelimit']);
			
			$body = '<div class="ban"><h2>Rebuilding&hellip;</h2><p>';
			
			$body .= 'Clearing template cache&hellip;<br/>';
			$twig = new Twig_Environment($loader, Array(
				'cache' => "{$config['dir']['template']}/cache"
			));
			$twig->clearCacheFiles();
		
			$body .= 'Regenerating theme files&hellip;<br/>';
			rebuildThemes('all');
			
			$body .= 'Generating Javascript file&hellip;<br/>';
			buildJavascript();
			
			$boards = listBoards();
			
			foreach($boards as &$board) {
				$body .= "<strong style=\"display:inline-block;margin: 15px 0 2px 0;\">Opening board /{$board['uri']}/</strong><br/>";
				openBoard($board['uri']);
				
				$body .= 'Creating index pages<br/>';
				buildIndex();
				
				$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
				while($post = $query->fetch()) {
					$body .= "Rebuilding #{$post['id']}<br/>";
					buildThread($post['id']);
				}
			}
			$body .= 'Complete!</p></div>';
			
			unset($board);
			modLog('Rebuilt everything');
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'Rebuilt',
				'body'=>$body,
				'mod'=>true
			));
		} elseif(preg_match('/^\/config$/', $query)) {
			if(!hasPermission($config['mod']['show_config'])) error($config['error']['noaccess']);
			
			// Show instance-config.php	
			
			$data = '';
			
			function do_array_part($array, $prefix = '') {
				global $data, $config;
				
				foreach($array as $name => $value) {
					if(is_array($value)) {
						do_array_part($value, $prefix . $name . ' → ');
					} else {
						if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') {
							$value = '<em>hidden</em>';
						} elseif(gettype($value) == 'boolean') {
							$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>';
						} elseif(gettype($value) == 'string') {
							if(empty($value))
								$value = '<em>empty</em>';
							else
								$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (mb_strlen($value) > 110 ? '&hellip;' : '')) . '</span>';
						} elseif(gettype($value) == 'integer') {
							$value = '<span style="color:black;">' . $value . '</span>';
						}
						
						$data .= 
								'<tr><th style="text-align:left;">' . 
									$prefix . (gettype($name) == 'integer' ? '[]' : $name) .
								'</th><td>' .
									$value .
								'</td></tr>';
						}
					}
				}
			
			do_array_part($config);				
			
			$body = '<fieldset><legend>' . _('Configuration') . '</legend><table>' . $data . '</table></fieldset>';
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>_('Configuration'),
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/new$/', $query)) {
			if(!hasPermission($config['mod']['newboard'])) error($config['error']['noaccess']);
			
			// New board
			$body = '';
			
			if(isset($_POST['new_board'])) {
				// Create new board
				if(	!isset($_POST['uri']) ||
					!isset($_POST['title']) ||
					!isset($_POST['subtitle'])
				)	error($config['error']['missedafield']);
				
				$b = Array(
					'uri' => $_POST['uri'],
					'title' => $_POST['title'],
					'subtitle' => $_POST['subtitle']
				);
				
				// HTML characters
				$b['title'] = utf8tohtml($b['title'], true);
				$b['subtitle'] = utf8tohtml($b['subtitle'], true);
				
				// Check required fields
				if(empty($b['uri']))
					error(sprintf($config['error']['required'], 'URI'));
				if(empty($b['title']))
					error(sprintf($config['error']['required'], 'title'));
				
				// Check string lengths
				if(mb_strlen($b['uri']) > 8)
					error(sprintf($config['error']['toolong'], 'URI'));
				if(mb_strlen($b['title']) > 20)
					error(sprintf($config['error']['toolong'], 'title'));
				if(mb_strlen($b['subtitle']) > 40)
					error(sprintf($config['error']['toolong'], 'subtitle'));
				
				if(!preg_match('/^\w+$/', $b['uri']))
					error(sprintf($config['error']['invalidfield'], 'URI'));
				
				if(openBoard($b['uri'])) {
					unset($board);
					error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
				}
				
				$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
				$query->bindValue(':uri', $b['uri']);
				$query->bindValue(':title', $b['title']);
				if(!empty($b['subtitle'])) {
					$query->bindValue(':subtitle', $b['subtitle']);
				} else {
					$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
				}
				$query->execute() or error(db_error($query));
				
				// Record the action
				modLog("Created a new board: {$b['title']}");
				
				// Open the board
				openBoard($b['uri']) or error("Couldn't open board after creation.");
				
				// Create the posts table
				query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
				
				if($config['cache']['enabled'])
					cache::delete('all_boards');
				
				// Build the board
				buildIndex();
				
				rebuildThemes('boards');
				
				header('Location: ?/board/' . $b['uri'], true, $config['redirect_http']);
			} else {
				
				$body .= form_newBoard();
				
				// TODO: Statistics, etc, in the dashboard.
				
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'New board',
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
			// Board index
			
			$boardName = &$matches[1];
			
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2];
			
			if(!$page = index($page_no, $mod)) {
				error($config['error']['404']);
			}
			
			$page['pages'] = getPages(true);
			$page['pages'][$page_no-1]['selected'] = true;
			$page['btn'] = getPageButtons($page['pages'], true);
			$page['mod'] = true;
			
			echo Element('index.html', $page);
		} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
			// View thread
			
			$boardName = &$matches[1];
			$thread = &$matches[2];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$page = buildThread($thread, true, $mod);
			
			echo $page;
		} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
			// Delete file from post
			
			$boardName = &$matches[1];
			
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			if(!hasPermission($config['mod']['deletefile'], $boardName)) error($config['error']['noaccess']);
			
			$post = &$matches[2];
			
			// Delete post
			deleteFile($post);
			
			// Record the action
			modLog("Removed file from post #{$post}");
			
			// Rebuild board
			buildIndex();
			
			
			// Redirect
			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
			// Delete post
			
			$boardName = &$matches[1];
			
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			if(!hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
			
			$post = &$matches[2];
			
			// Delete post
			deletePost($post);
			
			// Record the action
			modLog("Deleted post #{$post}");
			
			// Rebuild board
			buildIndex();
			
			// Redirect
			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
			// Add/remove sticky
			
			$boardName = &$matches[1];
			
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			if(!hasPermission($config['mod']['sticky'], $boardName)) error($config['error']['noaccess']);
			
			$post = &$matches[3];
			
			$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
			$query->bindValue(':id', $post, PDO::PARAM_INT);
			
			if($matches[2] == 'un') {
				// Record the action
				modLog("Unstickied post #{$post}");
				$query->bindValue(':sticky', 0, PDO::PARAM_INT);
			} else {
				// Record the action
				modLog("Stickied post #{$post}");
				$query->bindValue(':sticky', 1, PDO::PARAM_INT);
			}
			
			$query->execute() or error(db_error($query));
			
			buildIndex();
			buildThread($post);
			
			
			// Redirect
			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
			// Lock/Unlock
			
			$boardName = &$matches[1];
			
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			if(!hasPermission($config['mod']['lock'], $boardName)) error($config['error']['noaccess']);
			
			$post = &$matches[3];
			
			$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
			$query->bindValue(':id', $post, PDO::PARAM_INT);
			
			if($matches[2] == 'un') {
				// Record the action
				modLog("Unlocked post #{$post}");
				$query->bindValue(':locked', 0, PDO::PARAM_INT);
			} else {
				// Record the action
				modLog("Locked post #{$post}");
				$query->bindValue(':locked', 1, PDO::PARAM_INT);
			}
			
			$query->execute() or error(db_error($query));
			
			buildIndex();
			buildThread($post);
			
			
			// Redirect
			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . 'bump(un)?lock\/(\d+)$/', $query, $matches)) {
			// Lock/Unlock
			
			$boardName = &$matches[1];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			if(!hasPermission($config['mod']['bumplock'], $boardName)) error($config['error']['noaccess']);
			
			$post = &$matches[3];
			
			$query = prepare(sprintf("UPDATE `posts_%s` SET `sage` = :bumplocked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
			$query->bindValue(':id', $post, PDO::PARAM_INT);
			
			if($matches[2] == 'un') {
				// Record the action
				modLog("Unbumplocked post #{$post}");
				$query->bindValue(':bumplocked', 0, PDO::PARAM_INT);
			} else {
				// Record the action
				modLog("Bumplocked post #{$post}");
				$query->bindValue(':bumplocked', 1, PDO::PARAM_INT);
			}
			
			$query->execute() or error(db_error($query));
			
			buildIndex();
			buildThread($post);
			
			
			// Redirect
			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) {
			// Delete all posts by an IP
			
			$boardName = &$matches[1];
			$post = &$matches[2];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
			$query->bindValue(':id', $post);
			$query->execute() or error(db_error($query));
			
			if(!$post = $query->fetch())
				error($config['error']['invalidpost']);
			
			$ip = $post['ip'];
			
			$boards = listBoards();
			$query = '';
			foreach($boards as &$_board) {
				$query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']);
			}
			$query = preg_replace('/UNION ALL $/', '', $query);
			
			$query = prepare($query);
			$query->bindValue(':ip', $ip);
			$query->execute() or error(db_error($query));
			
			if($query->rowCount() < 1)
				error($config['error']['invalidpost']);
			
			$boards = Array();
			while($post = $query->fetch()) {
				openBoard($post['board']);
				$boards[] = $post['board'];
				
				deletePost($post['id'], false);
			}
			
			foreach($boards as &$_board) {
				openBoard($_board);
				buildIndex();
			}
			
			// Record the action
			modLog("Deleted all posts by IP address: {$ip}");
			
			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/ban$/', $query)) {
			if(!hasPermission($config['mod']['ban'])) error($config['error']['noaccess']);
			// Ban page
			
			if(isset($_POST['new_ban'])) {
				if(	!isset($_POST['ip']) ||
					!isset($_POST['reason']) ||
					!isset($_POST['length']) ||
					!isset($_POST['board_id'])
				)	error($config['error']['missedafield']);
				
				// Check required fields
				if(empty($_POST['ip']))
					error(sprintf($config['error']['required'], 'IP address'));
				
				$query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board)");
				
				// 1yr2hrs30mins
				// 1y2h30m
				$expire = 0;
				if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
					if(isset($m[2])) {
						// Years
						$expire += $m[2]*60*60*24*365;
					}
					if(isset($m[4])) {
						// Months
						$expire += $m[4]*60*60*24*30;
					}
					if(isset($m[6])) {
						// Weeks
						$expire += $m[6]*60*60*24*7;
					}
					if(isset($m[8])) {
						// Days
						$expire += $m[8]*60*60*24;
					}
					if(isset($m[10])) {
						// Hours
						$expire += $m[10]*60*60;
					}
					if(isset($m[12])) {
						// Minutes
						$expire += $m[12]*60;
					}
					if(isset($m[14])) {
						// Seconds
						$expire += $m[14];
					}
				}
				if($expire) {
					$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
				} else {
					// Never expire
					$query->bindValue(':expires', null, PDO::PARAM_NULL);
				}
				
				$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
				$query->bindValue(':set', time(), PDO::PARAM_INT);
				
				
				
				if(!empty($_POST['reason'])) {
					$reason = $_POST['reason'];
					markup($reason);
					$query->bindValue(':reason', $reason, PDO::PARAM_STR);
				} else {
					$query->bindValue(':reason', null, PDO::PARAM_NULL);
				}
				
				if($_POST['board_id'] < 0) {
					$query->bindValue(':board', null, PDO::PARAM_NULL);
				} else {
					$query->bindValue(':board', (int)$_POST['board_id'], PDO::PARAM_INT);
				}
				
				// Record the action
				modLog('Created a ' . ($expire ? $expire . ' second' : 'permanent') . " ban for {$_POST['ip']} with " . (!empty($_POST['reason']) ? "reason \"${reason}\"" : 'no reason'));
				
				$query->execute() or error(db_error($query));
				
				if(isset($_POST['board']))
					openBoard($_POST['board']);
				
				// Delete too
				if(isset($_POST['delete']) && isset($_POST['board']) && hasPermission($config['mod']['delete'], $_POST['board'])) {					
					$post = round($_POST['delete']);
					
					deletePost($post);
					
					// Record the action
					modLog("Deleted post #{$post}");
					
					// Rebuild board
					buildIndex();
				}
				
				if(hasPermission($config['mod']['public_ban']) && isset($_POST['post']) && isset($_POST['board']) && isset($_POST['public_message']) && isset($_POST['message'])) {					
					$post = round($_POST['post']);
					
					$query = prepare(sprintf("UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id", $board['uri']));
					$query->bindValue(':id', $post, PDO::PARAM_INT);
					$query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message'])));
					$query->execute() or error(db_error($query));
					
					// Rebuild thread
					$query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
					$query->bindValue(':id', $post, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					$thread = $query->fetch();
					if($thread['thread'])
						buildThread($thread['thread']);
					else
						buildThread($post);
					
					// Rebuild board
					buildIndex();
					
					// Record the action
					modLog("Attached a public ban message for post #{$post}: " . $_POST['message']);
				}
				
				// Redirect
				if(isset($_POST['continue']))
					header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
				elseif(isset($board))
					header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
				else
					header('Location: ?/', true, $config['redirect_http']);
			}
		} elseif(preg_match('/^\/' . $regex['board'] . 'move\/(\d+)$/', $query, $matches)) {
			
			$boardName = &$matches[1];
			$postID = $matches[2];
			
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			if(!hasPermission($config['mod']['move'], $boardName)) error($config['error']['noaccess']);
			
			if(isset($_POST['board'])) {
				$targetBoard = $_POST['board'];
				$shadow = isset($_POST['shadow']);
				
				if($targetBoard == $boardName)
					error("Target and source board are the same.");
				
				// copy() if leaving a shadow thread behind. otherwise, rename().
				$clone = $shadow ? 'copy' : 'rename';
				
				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL AND `id` = :id", $board['uri']));
				$query->bindValue(':id', $postID, PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				if(!$post = $query->fetch()) {
					error($config['error']['nonexistant']);
				}
				
				if($post['file']) {
					$post['has_file'] = true;
					$post['width'] = &$post['filewidth'];
					$post['height'] = &$post['fileheight'];
					
					$file_src = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file'];
					$file_thumb = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb'];
				} else $post['has_file'] = false;
				
				// allow thread to keep its same traits (stickied, locked, etc.)
				$post['mod'] = true;
				
				if(!openBoard($targetBoard))
					error($config['error']['noboard']);
				
				$newID = post($post, true);
				
				if($post['has_file']) {
					$clone($file_src, sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']);
					$clone($file_thumb, sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']);
				}
				
				// move replies too...
				openBoard($boardName);
				
				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`", $board['uri']));
				$query->bindValue(':id', $postID, PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				$replies = Array();
				while($post = $query->fetch()) {
					$post['mod'] = true;
					$post['thread'] = $newID;
					
					if($post['file']) {
						$post['has_file'] = true;
						$post['width'] = &$post['filewidth'];
						$post['height'] = &$post['fileheight'];
						
						$post['file_src'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file'];
						$post['file_thumb'] = sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb'];
					} else $post['has_file'] = false;
					
					$replies[] = $post;
				}
				
				openBoard($targetBoard);
				foreach($replies as &$post) {
					post($post, false);
					if($post['has_file']) {
						$clone($post['file_src'], sprintf($config['board_path'], $board['uri']) . $config['dir']['img'] . $post['file']);
						$clone($post['file_thumb'], sprintf($config['board_path'], $board['uri']) . $config['dir']['thumb'] . $post['thumb']);
					}
				}
				
				// build thread
				buildThread($newID);
				buildIndex();
				
				// trigger themes
				rebuildThemes('post');
				
				openBoard($boardName);
				
				if($shadow) {
					// lock thread
					$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id", $board['uri']));
					$query->bindValue(':id', $postID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					$post = Array(
						'mod' => true,
						'subject' => '',
						'email' => '',
						'name' => $config['mod']['shadow_name'],
						'capcode' => $config['mod']['shadow_capcode'],
						'trip' => '',
						'body' => sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID),
						'password' => '',
						'has_file' => false,
						// attach to original thread
						'thread' => $postID
					);
					
					markup($post['body']);
					
					$botID = post($post, false);
					
					header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $postID) . '#' . $botID, true, $config['redirect_http']);
				} else {
					deletePost($postID);
					buildIndex();
					
					openBoard($targetBoard);					
					header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['dir']['res'] . sprintf($config['file_page'], $newID), true, $config['redirect_http']);
				}
			} else {
			
				$body = '<fieldset><legend>Move thread</legend>' .
					'<form action="?/' . $boardName . '/move/' . $postID . '" method="post">' .
						'<table>'
					;
			
				$boards = listBoards();
				if(count($boards) <= 1)
					error('No board to move to; there is only one.');
				
				$__boards = '';
				foreach($boards as &$_board) {
					if($_board['uri'] == $board['uri'])
						continue;
					$__boards .= '<li>' .
						'<input type="radio" name="board" id="board_' . $_board['uri'] . '" value="' . $_board['uri'] . '">' .
						'<label style="display:inline" for="board_' . $_board['uri'] . '"> ' .
								sprintf($config['board_abbreviation'], $_board['uri']) .
							' - ' . $_board['title'] .
						'</label>' .
						'</li>';
				}
			
				$body .= '<tr>' .
							'<th>Thread ID</th>' .
							'<td><input type="text" size="7" value="' . $postID . '" disabled /></td>' .
						'</tr>' .
					
						'<tr>' . 
							'<th><label for="message">Leave shadow thread</label></th>' .
							'<td>' .
								'<input type="checkbox" id="shadow" name="shadow" checked/>' .
								' <span class="unimportant">(locks thread; replies to it with a link.)</span>' .
							'</td>' .
						'</tr>' .
					
						'<tr>' .
							'<th>Target board</th>' .
							'<td><ul style="list-style:none;padding:2px 5px">' . $__boards . '</tl></td>' .
						'</tr>' .
					
						'<tr>' . 
							'<td></td>' . 
							'<td><input type="submit" value="Move thread" /></td>' . 
						'</tr>' . 
					'</table>' .
				'</form></fieldset>';
		
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'Move #' . $postID,
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
			
			// Ban by post
			
			$boardName = &$matches[1];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			if(!hasPermission($config['mod']['ban'], $boardName)) error($config['error']['noaccess']);
			
			$delete = isset($matches[2]) && $matches[2] == '&delete';
			if($delete && !hasPermission($config['mod']['delete'], $boardName)) error($config['error']['noaccess']);
			
			$post = $matches[3];
			
			$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
			$query->bindValue(':id', $post, PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if($query->rowCount() < 1) {
				error($config['error']['invalidpost']);
			}
		
			$post = $query->fetch();
			
			$body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete);
			
			echo Element('page.html', Array(
				'config'=>$config,
				'title'=>'New ban',
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')\/deletenote\/(?P<id>\d+)$/', $query, $matches)) {
			if(!hasPermission($config['mod']['remove_notes'])) error($config['error']['noaccess']);
			
			$ip = $matches[1];
			$id = $matches['id'];

			$query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id");
			$query->bindValue(':ip', $ip);
			$query->bindValue(':id', $id);
			$query->execute() or error(db_error($query));
			
			header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
		} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) {
			// View information on an IP address
			
			$ip = $matches[1];
			$host = $config['mod']['dns_lookup'] ? rDNS($ip) : false;
			
			if(hasPermission($config['mod']['unban']) && isset($_POST['unban']) && isset($_POST['ban_id'])) {
				removeBan($_POST['ban_id']);
				header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
			} elseif(hasPermission($config['mod']['create_notes']) && isset($_POST['note'])) {
				$query = prepare("INSERT INTO `ip_notes` VALUES(NULL, :ip, :mod, :time, :body)");
				$query->bindValue(':ip', $ip);
				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
				$query->bindValue(':time', time(), PDO::PARAM_INT);
				markup($_POST['note']);
				$query->bindValue(':body', $_POST['note']);
				$query->execute() or error(db_error($query));
				
				header('Location: ?/IP/' . $ip, true, $config['redirect_http']);
			} else {
				$body = '';
				$boards = listBoards();
				foreach($boards as &$_board) {
					openBoard($_board['uri']);
				
					$temp = '';
					$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
					$query->bindValue(':ip', $ip);
					$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
				
					while($post = $query->fetch()) {
						if(!$post['thread']) {
							$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], '?/', $mod, false);
						} else {
							$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['capcode'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'],  $post['embed'], '?/', $mod);
						}
						$temp .= $po->build(true) . '<hr/>';
					}
				
					if(!empty($temp))
						$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' .
								sprintf($config['board_path'], $_board['uri']) . $config['file_index'] .
							'">' .
							sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
							'</a></legend>' . $temp . '</fieldset>';
				}
			
				if(hasPermission($config['mod']['view_notes'])) {
					$query = prepare("SELECT * FROM `ip_notes` WHERE `ip` = :ip ORDER BY `id` DESC");
					$query->bindValue(':ip', $ip);
					$query->execute() or error(db_error($query));
				
					if($query->rowCount() > 0 || hasPermission($config['mod']['create_notes'])) {
						$body .= '<fieldset><legend>' .
								$query->rowCount() . ' note' . ($query->rowCount() == 1 ?'' : 's') . ' on record' . 
							'</legend>';
						if($query->rowCount() > 0) {
							$body .= '<table class="modlog">' .
							'<tr><th>Staff</th><th>Note</th><th>Date</th>' .
								(hasPermission($config['mod']['remove_notes']) ? '<th>Actions</th>' : '') .
							'</td>';
							while($note = $query->fetch()) {
							
								if($note['mod']) {
									$_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
									$_query->bindValue(':id', $note['mod']);
									$_query->execute() or error(db_error($_query));
									if($_mod = $_query->fetch()) {
										$staff = '<a href="?/new_PM/' . $note['mod'] . '">' . utf8tohtml($_mod['username']) . '</a>';
									} else {
										$staff = '<em>???</em>';
									}
								} else {
									$staff = '<em>system</em>';
								}
								$body .= '<tr>' .
									'<td class="minimal">' .
										$staff .
									'</td><td>' .
										$note['body'] .
									'</td><td class="minimal">' .
										strftime($config['post_date'], $note['time']) .
									'</td>' .
									(hasPermission($config['mod']['remove_notes']) ?
										'<td class="minimal"><a class="unimportant" href="?/IP/' . $ip . '/deletenote/' . $note['id'] . '">[delete]</a></td>'
									: '') .
								'</tr>';
							}
							$body .= '</table>';
						}
			
						if(hasPermission($config['mod']['create_notes'])) {
							$body .= '<form action="" method="post" style="text-align:center;margin:0">' . 
									'<table>' .
										'<tr>' .
											'<th>Staff</th>' .
											'<td>' . $mod['username'] . '</td>' .
										'</tr>' .
										'<tr>' .
											'<th><label for="note">Note</label></th>' .
											'<td><textarea id="note" name="note" rows="5" cols="30"></textarea></td>' .
										'</tr>' .
										'<tr>' .
											'<td></td>' .
											'<td><input type="submit" value="New note" /></td>' .
										'</tr>' .
									'</table>' .
								'</form>';
						}
					
						$body .= '</fieldset>';
					}
				}
			
				if(hasPermission($config['mod']['view_ban'])) {
					$query = prepare("SELECT `bans`.*, `username`, `uri` FROM `bans` LEFT JOIN `boards` ON `boards`.`id` = `board` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip");
					$query->bindValue(':ip', $ip);
					$query->execute() or error(db_error($query));
				
					if($query->rowCount() > 0) {
						$body .= '<fieldset><legend>Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record</legend>';
					
						while($ban = $query->fetch()) {
							$body .= '<form action="" method="post" style="text-align:center">' .
							'<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' . 
								($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
									'Expired'
								: 'Active') .
							'</td></tr>' .
						
							// IP
							'<tr><th>IP</th><td>' . $ban['ip'] . '</td></tr>' .
						
							// Reason
							'<tr><th>Reason</th><td>' . $ban['reason'] . '</td></tr>' .
						
							// Board
							'<tr><th>Board</th><td>' .
							(isset($ban['board']) ?
								(isset($ban['uri']) ?
									sprintf($config['board_abbreviation'], $ban['uri'])
								:
									'<em>deleted?</em>'
								)
							:
								'<em>' . _('all boards') . '</em>'
							) .
							'</td></tr>' .
						
							// Set
							'<tr><th>Set</th><td>' . strftime($config['post_date'], $ban['set']) . '</td></tr>' .
						
							// Expires
							'<tr><th>Expires</th><td>' . 
								($ban['expires'] == 0 ?
									'<em>Never</em>'
								:
									strftime($config['post_date'], $ban['expires'])
								) .
							'</td></tr>' .
						
							// Staff
							'<tr><th>Staff</th><td>' .
								(isset($ban['username']) ?
									(!hasPermission($config['mod']['view_banstaff']) ?
										($config['mod']['view_banquestionmark'] ?
											'?'
										:
											($ban['type'] == JANITOR ? 'Janitor' :
											($ban['type'] == MOD ? 'Mod' :
											($ban['type'] == ADMIN ? 'Admin' :
											'?')))
										)
									:
										utf8tohtml($ban['username'])
									)
									: '<em>deleted?</em>'
								) .
							'</td></tr></table>' .
							
							'<input type="hidden" name="ban_id" value="' . $ban['id'] . '" />' .
							
							'<input type="submit" name="unban" value="Remove ban" ' .
								(!hasPermission($config['mod']['unban']) ? 'disabled' : '') .
							'/></form>';
						}
						
						$body .= '</fieldset>';
						
					}
				}
			
				if(hasPermission($config['mod']['ip_banform']))
					$body .= form_newBan($ip, null, '?/IP/' . $ip);
			
				echo Element('page.html', Array(
					'config'=>$config,
					'title'=>'IP: ' . $ip,
					'subtitle' => $host,
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} else {
			error($config['error']['404']);
		}
	}

?>