Version 1.7

Added member only option with global password protection
Made date format configurable
Various improvements

CHANGELOG

@@ -1,3 +1,24 @@
+Version 1.7 - May. 3, 2015
+Added member only option with global password protection
+Made date format configurable
+Various improvements
+
+Version 1.6 - Apr. 26, 2015
+Added option to only allow guests with a global password
+
+Version 1.5 - Apr. 20, 2015
+Added incognito mode
+
+Version 1.4 - Apr. 10, 2015
+Various changes and additions
+
+Version 1.3 - Apr. 4, 2015
+Bugfixes on logout and kicking
+
+Version 1.2 - Apr. 2, 2015
+Include letters when generating captchas not only numbers
+Moved rules to database to make changes more easily in the setup
+
 Version 1.1 - Apr. 2, 2015
 Some simplifications
 Added ignore feature

README

@@ -60,6 +60,7 @@ Then copy the script to your web-server directory and call the script in your br
 	http://(server)/(script-name).php?action=setup
 Now you can create the Superadmin account. With this account you can administer the chat and add new members and set the guest access.
 As soon as you are done with the setup, all necessary database tables will be created and the chat can be used.
+Note: If you updated the script, please visit http://(server)/(script-name).php?action=setup again, to make sure, that any database changes are applied and no errors occure.
 
 TRANSLATING:
 

README.md

@@ -45,6 +45,7 @@ Then copy the script to your web-server directory and call the script in your br
 	http://(server)/(script-name).php?action=setup
 Now you can create the Superadmin account. With this account you can administer the chat and add new members and set the guest access.
 As soon as you are done with the setup, all necessary database tables will be created and the chat can be used.
+Note: If you updated the script, please visit http://(server)/(script-name).php?action=setup again, to make sure, that any database changes are applied and no errors occure.
 
 Translating:
 ------------

chat.php

@@ -18,6 +18,7 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+if($_SERVER['REQUEST_METHOD']=='HEAD') exit; // ignore HEAD requests
 date_default_timezone_set('UTC');
 $U=array();// This user data
 $P=array();// All present users
@@ -55,13 +56,12 @@ if(!isSet($_REQUEST['action'])){
 }elseif($_REQUEST['action']=='post'){
 	check_session();
 	if(isSet($_REQUEST['kick']) && isSet($_REQUEST['sendto']) && valid_nick($_REQUEST['sendto'])){
-		if($U['status']>=5 || ($countmods==0 && $U['status']>=3)){
+		if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){
-			kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message']);
+			if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], true);
-			if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') del_all_messages($_REQUEST['sendto']);
+			else kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], false);
 		}
 	}elseif(isSet($_REQUEST['message']) && isSet($_REQUEST['sendto']) && !preg_match('/^\s*$/',$_REQUEST['message'])){
 		validate_input();
-		add_message();
 	}
 	send_post();
 }elseif($_REQUEST['action']=='login'){
@@ -108,12 +108,8 @@ if(!isSet($_REQUEST['action'])){
 		send_admin();
 	}elseif($_REQUEST['do']=='kick'){
 		if(!isSet($_REQUEST['name'])) send_admin();
-		kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage']);
+		if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], true);
-		if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge'){
+		else kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], false);
-			foreach($_REQUEST['name'] as $name){
-				del_all_messages($name);
-			}
-		}
 		send_admin();
 	}elseif($_REQUEST['do']=='logout'){
 		if(!isSet($_REQUEST['name'])) send_admin();
@@ -137,12 +133,16 @@ if(!isSet($_REQUEST['action'])){
 		approve_session();
 		send_approve_waiting();
 	}elseif($_REQUEST['do']=='guestaccess'){
-		if(isSet($_REQUEST['set']) && preg_match('/^[0123]$/', $_REQUEST['set'])){
+		if(isSet($_REQUEST['set']) && preg_match('/^(-1|[01234])$/', $_REQUEST['set'])){
 			update_setting('guestaccess', $_REQUEST['set']);
 		}
 	}elseif($_REQUEST['do']=='filter'){
 		manage_filter();
 		send_filter();
+	}elseif($_REQUEST['do']=='globalpass'){
+		if(isSet($_REQUEST['globalpass'])){
+			update_setting('globalpass', $_REQUEST['globalpass']);
+		}
 	}
 	send_admin();
 }elseif($_REQUEST['action']=='setup'){
@@ -157,11 +157,24 @@ if(!isSet($_REQUEST['action'])){
 	if(!valid_admin()) send_alogin();
 	if(!isSet($_REQUEST['do'])){
 	}elseif($_REQUEST['do']=='guestaccess'){
-		if(isSet($_REQUEST['set']) && preg_match('/^[0123]$/', $_REQUEST['set'])){
+		if(isSet($_REQUEST['set']) && preg_match('/^(-1|[01234])$/', $_REQUEST['set'])){
 			update_setting('guestaccess', $_REQUEST['set']);
 		}
 	}elseif($_REQUEST['do']=='messages'){
 		update_messages();
+	}elseif($_REQUEST['do']=='rules'){
+		$_REQUEST['rulestxt']=preg_replace("/\r\n/", '<br>', $_REQUEST['rulestxt']);
+		$_REQUEST['rulestxt']=preg_replace("/\n/", '<br>', $_REQUEST['rulestxt']);
+		$_REQUEST['rulestxt']=preg_replace("/\r/", '<br>', $_REQUEST['rulestxt']);
+		update_setting('rulestxt', $_REQUEST['rulestxt']);
+	}elseif($_REQUEST['do']=='globalpass'){
+		if(isSet($_REQUEST['globalpass'])){
+			update_setting('globalpass', $_REQUEST['globalpass']);
+		}
+	}elseif($_REQUEST['do']=='dateformat'){
+		if(isSet($_REQUEST['dateformat'])){
+			update_setting('dateformat', $_REQUEST['dateformat']);
+		}
 	}
 	send_setup();
 }elseif($_REQUEST['action']=='init'){
@@ -243,42 +256,70 @@ function send_redirect(){
 	}
 }
 
-function send_captcha($code){
+function send_captcha(){
-	global $C;
+	global $C, $I, $mysqli;
+	$length=strlen($C['captchachars']);
+	$code='';
+	for($i=0;$i<5;$i++) {
+		$code .= $C['captchachars'][rand(0, $length-1)];
+	}
+	$randid=rand(0, 99999999);
+	$enc=base64_encode(openssl_encrypt("$code, $randid", 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
+	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `captcha` (`id`, `time`) VALUES (?, \''.time().'\')');
+	mysqli_stmt_bind_param($stmt, 'd', $randid);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
 	$im=imagecreatetruecolor(55, 24);
 	$bg=imagecolorallocate($im, 0, 0, 0);
 	$fg=imagecolorallocate($im, 255, 255, 255);
 	imagefill($im, 0, 0, $bg);
 	imagestring($im, 5, 5, 5, $code, $fg);
+	echo "<tr><td align=\"left\">$I[copy]";
+	echo '<img width="55" height="24" src="data:image/gif;base64,';
 	ob_start();
 	imagegif($im);
 	imagedestroy($im);
-	return '<img width="55" height="24" src="data:image/gif;base64,'.base64_encode(ob_get_clean()).'">';
+	echo base64_encode(ob_get_clean()).'">';
+	echo '</td><td align="right">'.hidden('challenge', $enc).'<input type="text" name="captcha" size="15" autocomplete="off"></td></tr>';
 }
 
 function send_setup(){
-	global $H, $I, $mysqli, $C;
+	global $H, $I, $mysqli, $C, $U;
 	$ga=get_setting('guestaccess');
 	print_start();
 	echo "<center><h2>$I[setup]</h2><table cellspacing=\"0\">";
 	thr();
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[guestacc]</b></td><td align=\"right\">";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'guestaccess').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass'])."<table cellspacing=\"0\">";
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'guestaccess').hidden('session', $U['session']).'<table cellspacing="0">';
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set1\" value=\"1\"";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set1" value="1"';
-	if($ga==1) echo " checked";
+	if($ga==1) echo ' checked';
 	echo "><label for=\"set1\">&nbsp;$I[guestallow]</label></td><td>&nbsp;</td><tr>";
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set2\" value=\"2\"";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set2" value="2"';
-	if($ga==2) echo " checked";
+	if($ga==2) echo ' checked';
 	echo "><label for=\"set2\">&nbsp;$I[guestwait]</label></td><td>&nbsp;</td><tr>";
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set3\" value=\"3\"";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set3" value="3"';
-	if($ga==3) echo " checked";
+	if($ga==3) echo ' checked';
 	echo "><label for=\"set3\">&nbsp;$I[adminallow]</label></td><td>&nbsp;</td><tr>";
-	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set0\" value=\"0\"";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set4" value="4"';
-	if($ga==0) echo " checked";
+	if($ga==4) echo ' checked';
-	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr><tr><td>&nbsp;</td><td align=\"right\">".submit($I['change'])."</td></tr></table></form></td></tr></table></td></tr>";
+	echo "><label for=\"set4\">&nbsp;$I[globalpass]</label></td><td>&nbsp;</td></tr>";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set0" value="0"';
+	if($ga==0) echo ' checked';
+	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr>";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set-1" value="-1"';
+	if($ga==-1) echo ' checked';
+	echo "><label for=\"set-1\">&nbsp;$I[memberglobalpass]</label></td><td>&nbsp;</td></tr>";
+	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['change']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
+	if($ga==4 || $ga==-1){
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[globalloginpass]</b></td><td align=\"right\">";
+		echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'globalpass').hidden('session', $U['session']).'<table cellspacing="0">';
+		echo "<tr><td><input type=\"text\" name=\"globalpass\" value=\"".htmlspecialchars(get_setting('globalpass')).'"></td><td>&nbsp;</td>';
+		echo '<td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
+		thr();
+	}
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[sysmessages]</b></td><td align=\"right\">";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'messages').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass'])."<table cellspacing=\"0\">";
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'messages').hidden('session', $U['session']).'<table cellspacing="0">';
 	echo "<tr><td>&nbsp;$I[msgenter]</td><td>&nbsp;<input type=\"text\" name=\"msgenter\" value=\"".get_setting('msgenter').'"></td></tr>';
 	echo "<tr><td>&nbsp;$I[msgexit]</td><td>&nbsp;<input type=\"text\" name=\"msgexit\" value=\"".get_setting('msgexit').'"></td></tr>';
 	echo "<tr><td>&nbsp;$I[msgmemreg]</td><td>&nbsp;<input type=\"text\" name=\"msgmemreg\" value=\"".get_setting('msgmemreg').'"></td></tr>';
@@ -289,7 +330,17 @@ function send_setup(){
 	echo "<tr><td>&nbsp;$I[msgclean]</td><td>&nbsp;<input type=\"text\" name=\"msgclean\" value=\"".get_setting('msgclean').'"></td></tr>';
 	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
-	echo "</table><$H[form]>".hidden('action', 'setup').submit($I['logout']).'</form>';
+	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[rules]</b></td><td align=\"right\">";
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'rules').hidden('session', $U['session']).'<table cellspacing="0">';
+	echo '<tr><td colspan=2><textarea name="rulestxt" rows="4" cols="60">'.htmlspecialchars(get_setting('rulestxt')).'</textarea></td></tr>';
+	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
+	thr();
+	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[dateformat]</b></td><td align=\"right\">";
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'dateformat').hidden('session', $U['session']).'<table cellspacing="0">';
+	echo "<tr><td><input type=\"text\" name=\"dateformat\" value=\"".htmlspecialchars(get_setting('dateformat')).'"></td><td>&nbsp;</td>';
+	echo '<td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
+	thr();
+	echo "</table><$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).submit($I['logout']).'</form>';
 	print_credits();
 	print_end();
 }
@@ -317,11 +368,12 @@ function send_update(){
 }
 
 function send_alogin(){
-	global $H, $I;
+	global $H, $I, $C;
 	print_start();
 	echo "<center><$H[form]>".hidden('action', 'setup').'<table>';
 	echo "<tr><td align=\"left\">$I[nick]</td><td><input type=\"text\" name=\"nick\" size=\"15\"></td></tr>";
 	echo "<tr><td align=\"left\">$I[pass]</td><td><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
+	if($C['enablecaptcha']) send_captcha();
 	echo "<tr><td colspan=\"2\" align=\"right\">".submit($I['login']).'</td></tr></table></form>';
 	print_credits();
 	print_end();
@@ -347,7 +399,7 @@ function send_admin($arg=''){
 	echo submit($I['clean']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
 	echo '<tr><td><table cellspacing="0" width="100%"><tr><td align="left">'.sprintf($I['kickchat'], $C['kickpenalty']).'</td></tr><tr><td align="right">';
-	echo frmadm('kick')."<table cellspacing=\"0\"><tr><td align=\"left\"><nobr>$I[kickmsg]<input type=\"text\" name=\"kickmessage\" size=\"30\"></nobr></td><td>&nbsp;</td><td>&nbsp;</td></tr>";
+	echo frmadm('kick')."<table cellspacing=\"0\"><tr><td align=\"left\">$I[kickmsg]</td><td align=\"right\"><input type=\"text\" name=\"kickmessage\" size=\"30\"></td><td>&nbsp;</td><td>&nbsp;</td></tr>";
 	echo "<tr><td align=\"left\"><input type=\"checkbox\" name=\"what\" value=\"purge\" id=\"purge\"><label for=\"purge\">&nbsp;$I[kickpurge]</label></td><td align=\"right\">$chlist</td><td>";
 	echo submit($I['kick']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
@@ -372,11 +424,23 @@ function send_admin($arg=''){
 	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set3\" value=\"3\"";
 	if($ga==3) echo " checked";
 	echo "><label for=\"set3\">&nbsp;$I[adminallow]</label></td><td>&nbsp;</td><tr>";
+	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set4\" value=\"4\"";
+	if($ga==4) echo " checked";
+	echo "><label for=\"set4\">&nbsp;$I[globalpass]</label></td><td>&nbsp;</td></tr>";
 	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set0\" value=\"0\"";
 	if($ga==0) echo " checked";
 	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr>";
+	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set-1\" value=\"-1\"";
+	if($ga==-1) echo " checked";
+	echo "><label for=\"set-1\">&nbsp;$I[memberglobalpass]</label></td><td>&nbsp;</td></tr>";
 	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['change']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
+	if($ga==4 || $ga==-1){
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[globalloginpass]</b></td><td align=\"right\">";
+		echo frmadm('globalpass').'<table cellspacing="0"><tr><td>&nbsp;</td><td><input type="text" name="globalpass" value="'.htmlspecialchars(get_setting('globalpass')).'"></td>';
+		echo '<td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
+		thr();
+	}
 	if($C['suguests']){
 		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[addsuguest]</b></td><td align=\"right\">";
 		echo frmadm('superguest')."<table cellspacing=\"0\"><tr><td>&nbsp;</td><td valign=\"bottom\"><select name=\"name\" size=\"1\"><option value=\"\">$I[choose]</option>";
@@ -526,7 +590,7 @@ function send_frameset(){
 	if(isSet($_COOKIE['test'])){
 		echo "</head>\n<frameset rows=\"100,*,60\" border=\"3\" frameborder=\"3\" framespacing=\"3\"><frame name=\"post\" src=\"$_SERVER[SCRIPT_NAME]?action=post\"><frame name=\"view\" src=\"$_SERVER[SCRIPT_NAME]?action=view\"><frame name=\"controls\" src=\"$_SERVER[SCRIPT_NAME]?action=controls\"><noframes>$H[begin_body]$I[noframes]$H[backtologin]</body></noframes></frameset></html>";
 	}else{
-		echo "</head>\n<frameset rows=\"100,*,60\" border=\"3\" frameborder=\"3\" framespacing=\"3\"><frame name=\"post\" src=\"$_SERVER[SCRIPT_NAME]?action=post&amp;session=$U[session]\"><frame name=\"view\" src=\"$_SERVER[SCRIPT_NAME]?action=view&amp;session=$U[session]\"><frame name=\"controls\" src=\"$_SERVER[SCRIPT_NAME]?action=controls&amp;session=$U[session]\"><noframes>$H[begin_body]$I[noframes]$H[backtologin]</body></noframes></frameset></html>";
+		echo "</head>\n<frameset rows=\"100,*,60\" border=\"3\" frameborder=\"3\" framespacing=\"3\"><frame name=\"post\" src=\"$_SERVER[SCRIPT_NAME]?action=post&session=$U[session]\"><frame name=\"view\" src=\"$_SERVER[SCRIPT_NAME]?action=view&session=$U[session]\"><frame name=\"controls\" src=\"$_SERVER[SCRIPT_NAME]?action=controls&session=$U[session]\"><noframes>$H[begin_body]$I[noframes]$H[backtologin]</body></noframes></frameset></html>";
 	}
 	exit;
 }
@@ -566,9 +630,11 @@ function send_notes($type){
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_bind_result($stmt, $lastedited, $editedby, $text);
 	if(mysqli_stmt_fetch($stmt)){
-		printf($I['lastedited'], $editedby, date('Y-m-d H:i:s', $lastedited));
+		mysqli_stmt_close($stmt);
+		printf($I['lastedited'], $editedby, date(get_setting('dateformat'), $lastedited));
+	}else{
+		mysqli_stmt_close($stmt);
 	}
-	mysqli_stmt_close($stmt);
 	echo "</p><$H[form]>";
 	if($type=='staff') echo hidden('action', 'notes');
 	else echo hidden('action', 'admnotes');
@@ -608,10 +674,10 @@ function send_waiting_room(){
 		setcookie($C['cookiename'], false);
 		send_error($I['expire']);
 	}
-	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed` FROM `sessions` WHERE `session`=?');
+	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `sessions` WHERE `session`=?');
 	mysqli_stmt_bind_param($stmt, 's', $_REQUEST['session']);
 	mysqli_stmt_execute($stmt);
-	mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed']);
+	mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']);
 	if(mysqli_stmt_fetch($stmt)) add_user_defaults();
 	mysqli_stmt_close($stmt);
 	if(!isSet($U['session'])){
@@ -647,7 +713,7 @@ function send_waiting_room(){
 			echo "</head>$H[begin_body]<center><h2>$I[waitingroom]</h2><p>".sprintf($I['admwaittext'], $U['displayname']).'</p><br><p>'.sprintf($I['waitreload'], $C['defaultrefresh']).'</p><br><br>';
 		}
 		echo "<hr><form action=\"$_SERVER[SCRIPT_NAME]\" method=\"post\">".hidden('action', 'wait').hidden('session', $U['session']).submit($I['reload']).'</form><br>';
-		echo "<h2>$I[rules]</h2><b>$C[rulestxt]</b></center>";
+		echo "<h2>$I[rules]</h2><b>".get_setting('rulestxt').'</b></center>';
 		print_end();
 	}
 }
@@ -708,7 +774,7 @@ function send_post(){
 		}
 	}
 	echo '</select>';
-	if($U['status']>=5 || ($countmods==0 && $U['status']>=3)){
+	if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){
 		echo "<input type=\"checkbox\" name=\"kick\" id=\"kick\" value=\"kick\"><label for=\"kick\">&nbsp;$I[kick]</label>";
 		echo "<input type=\"checkbox\" name=\"what\" id=\"what\" value=\"purge\" checked><label for=\"what\">&nbsp;$I[alsopurge]</label>";
 	}
@@ -729,8 +795,8 @@ function send_post(){
 function send_help(){
 	global $U, $C, $H, $I;
 	print_start();
-	echo "<h2>$I[rules]</h2>$C[rulestxt]<br><br><hr><h2>$I[help]</h2>$I[helpguest]";
+	echo "<h2>$I[rules]</h2>".get_setting('rulestxt')."<br><br><hr><h2>$I[help]</h2>$I[helpguest]";
-	if($C['imgembed'] || $C['vidembed']) echo "<br>$I[helpembed]";
+	if($C['imgembed']) echo "<br>$I[helpembed]";
 	if($U['status']>=3){
 		echo "<br>$I[helpmem]<br>";
 		if($U['status']>=5){
@@ -788,10 +854,10 @@ function send_profile($arg=''){
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[refreshrate]</b></td><td align=\"right\"><table cellspacing=\"0\">";
 	echo "<tr><td>&nbsp;</td><td><input type=\"text\" name=\"refresh\" size=\"3\" maxlength=\"3\" value=\"$U[refresh]\"></td></tr></table></td></tr></table></td></tr>";
 	thr();
-	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[fontcolour]</b> (<a href=\"$_SERVER[SCRIPT_NAME]?action=colours&amp;session=$U[session]\" target=\"view\">$I[viewexample]</a>)</td><td align=\"right\"><table cellspacing=\"0\">";
+	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[fontcolour]</b> (<a href=\"$_SERVER[SCRIPT_NAME]?action=colours&session=$U[session]\" target=\"view\">$I[viewexample]</a>)</td><td align=\"right\"><table cellspacing=\"0\">";
 	echo "<tr><td>&nbsp;</td><td><input type=\"text\" size=\"7\" maxlength=\"6\" value=\"$U[colour]\" name=\"colour\"></td></tr></table></td></tr></table></td></tr>";
 	thr();
-	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[bgcolour]</b> (<a href=\"$_SERVER[SCRIPT_NAME]?action=colours&amp;session=$U[session]\" target=\"view\">$I[viewexample]</a>)</td><td align=\"right\"><table cellspacing=\"0\">";
+	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[bgcolour]</b> (<a href=\"$_SERVER[SCRIPT_NAME]?action=colours&session=$U[session]\" target=\"view\">$I[viewexample]</a>)</td><td align=\"right\"><table cellspacing=\"0\">";
 	echo "<tr><td>&nbsp;</td><td><input type=\"text\" size=\"7\" maxlength=\"6\" value=\"$U[bgcolour]\" name=\"bgcolour\"></td></tr></table></td></tr></table></td></tr>";
 	thr();
 	if($U['status']>=3){
@@ -816,11 +882,20 @@ function send_profile($arg=''){
 	if($U['timestamps']) echo ' checked';
 	echo "></td><td><label for=\"timestamps\"><b>$I[timestamps]</b></label></td></tr></table></td></tr></table></td></tr>";
 	thr();
-	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[embed]</b></td><td align=\"right\"><table cellspacing=\"0\">";
+	if($C['imgembed']){
-	echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"embed\" id=\"embed\" value=\"on\"";
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[embed]</b></td><td align=\"right\"><table cellspacing=\"0\">";
-	if($U['embed']) echo ' checked';
+		echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"embed\" id=\"embed\" value=\"on\"";
-	echo "></td><td><label for=\"embed\"><b>$I[embed]</b></label></td></tr></table></td></tr></table></td></tr>";
+		if($U['embed']) echo ' checked';
-	thr();
+		echo "></td><td><label for=\"embed\"><b>$I[embed]</b></label></td></tr></table></td></tr></table></td></tr>";
+		thr();
+	}
+	if($U['status']>=5 && $C['incognito']){
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[incognito]</b></td><td align=\"right\"><table cellspacing=\"0\">";
+		echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"incognito\" id=\"incognito\" value=\"on\"";
+		if($U['incognito']) echo ' checked';
+		echo "></td><td><label for=\"incognito\"><b>$I[incognito]</b></label></td></tr></table></td></tr></table></td></tr>";
+		thr();
+	}
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[pbsize]</b></td><td align=\"right\"><table cellspacing=\"0\">";
 	echo "<tr><td>&nbsp;</td><td>$I[width]</td><td><input type=\"text\" name=\"boxwidth\" size=\"3\" maxlength=\"3\" value=\"$U[boxwidth]\"></td>";
 	echo "<td>&nbsp;</td><td>$I[height]</td><td><input type=\"text\" name=\"boxheight\" size=\"3\" maxlength=\"3\" value=\"$U[boxheight]\"></td>";
@@ -887,36 +962,38 @@ function send_colours(){
 }
 
 function send_login(){
-	global $C, $H, $I, $mysqli, $L;
+	global $C, $H, $I, $L;
 	setcookie('test', '1');
 	print_start();
+	$ga=get_setting('guestaccess');
 	echo "<center><h1>$C[chatname]</h1><$H[form] target=\"_parent\">".hidden('action', 'login');
-	if($C['enablecaptcha']){
+	if($ga==-1 && isSet($_POST['globalpass'])) echo hidden('globalpass', $_POST['globalpass']);
-		$code=rand(0, 99999);
+	echo '<table border="2" width="1" rules="none">';
-		$randid=rand(0, 99999999);
+	if($ga!=-1 || (isSet($_POST['globalpass']) && $_POST['globalpass']==get_setting('globalpass'))){
-		$enc=base64_encode(openssl_encrypt("$code, $randid", 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
+		echo "<tr><td align=\"left\">$I[nick]</td><td align=\"right\"><input type=\"text\" name=\"nick\" size=\"15\"></td></tr>";
-		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `captcha` (`id`, `time`) VALUES (?, \''.time().'\')');
+		echo "<tr><td align=\"left\">$I[pass]</td><td align=\"right\"><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
-		mysqli_stmt_bind_param($stmt, 'd', $randid);
+		if($C['enablecaptcha']) send_captcha();
-		mysqli_stmt_execute($stmt);
+		if($ga>0){
-		mysqli_stmt_close($stmt);
+			if($ga==4) echo "<tr><td align=\"left\">$I[globalloginpass]</td><td align=\"right\"><input type=\"password\" name=\"globalpass\" size=\"15\"></td></tr>";
-		echo hidden('challenge', $enc);
+			echo "<tr><td colspan=\"2\" align=\"center\">$I[choosecol]<br><select style=\"text-align:center;\" name=\"colour\"><option value=\"\">* $I[randomcol] *</option>";
+			print_colours();
+			echo '</select></td></tr>';
+		}else{
+			echo "<tr><td colspan=\"2\" align=\"center\">$I[noguests]</td></tr>";
+		}
+		echo '<tr><td colspan="2" align="center">'.submit($I['enter']).'</td></tr></table></form>';
+		get_nowchatting();
+		echo "<h2>$I[rules]</h2><b>".get_setting('rulestxt').'</b><br>';
+	}else{
+		echo "<tr><td align=\"left\">$I[globalloginpass]</td><td align=\"right\"><input type=\"password\" name=\"globalpass\" size=\"15\"></td></tr>";
+		echo "<tr><td colspan=\"2\" align=\"center\">$I[noguests]</td></tr>";
+		echo '<tr><td colspan="2" align="center">'.submit($I['enter']).'</td></tr></table></form>';
 	}
-	echo "<table border=\"2\" width=\"1\" rules=\"none\"><tr><td align=\"left\">$I[nick]</td><td align=\"right\"><input type=\"text\" name=\"nick\" size=\"15\"></td></tr>";
+	echo "<p>$I[changelang]";
-	echo "<tr><td align=\"left\">$I[pass]</td><td align=\"right\"><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
-	if($C['enablecaptcha']){
-		echo "<tr><td align=\"left\">$I[copy]";
-		echo send_captcha($code);
-		echo '</td><td align="right"><input type="text" name="captcha" size="15" autocomplete="off"></td></tr>';
-	}
-	echo "<tr><td colspan=\"2\" align=\"center\">$I[choosecol]<br><select style=\"text-align:center;\" name=\"colour\"><option value=\"\">* $I[randomcol] *</option>";
-	print_colours();
-	echo '</select></td></tr>';
-	$nowchatting=get_nowchatting();
-	echo '<tr><td colspan="2" align="center">'.submit($I['enter'])."</td></tr></table></form>$nowchatting";
-	echo "<h2>$I[rules]</h2><b>$C[rulestxt]</b><br><br><p>$I[changelang]";
 	foreach($L as $lang=>$name){
 		echo " <a href=\"$_SERVER[SCRIPT_NAME]?lang=$lang\">$name</a>";
 	}
+	echo '</p>';
 	print_credits();
 	print_end();
 }
@@ -960,16 +1037,17 @@ function print_memberslist(){
 
 //  session management
 
-function create_session(){
+function create_session($setup){
 	global $U, $C, $I, $mysqli;
 	$U['nickname']=cleanup_nick($_REQUEST['nick']);
 	$U['passhash']=md5(sha1(md5($U['nickname'].$_REQUEST['pass'])));
-	$U['colour']=$_REQUEST['colour'];
+	if(isSet($_REQUEST['colour'])) $U['colour']=$_REQUEST['colour'];
+	else $U['colour']=$C['coltxt'];
 	$U['status']=1;
-	if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
 	check_member();
 	add_user_defaults();
-	if($C['enablecaptcha'] && ($U['status']==1 || !$C['dismemcaptcha'])){
+	if($setup) $U['incognito']=true;
+	if($C['enablecaptcha'] && ($U['status']==1 || (!$C['dismemcaptcha'] || $setup))){
 		$captcha=explode(',', openssl_decrypt(base64_decode($_REQUEST['challenge']), 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
 		if(current($captcha)!==$_REQUEST['captcha']) send_error($I['wrongcaptcha']);
 		$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `captcha` WHERE `id`=?');
@@ -985,9 +1063,11 @@ function create_session(){
 		mysqli_stmt_close($stmt);
 	}
 	if($U['status']==1){
-		if(!allowed_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
+		if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
+		if(!valid_pass($_REQUEST['pass'])) send_error(sprintf($I['invalpass'], $C['minpass']));
 		$ga=get_setting('guestaccess');
-		if($ga==0) send_error($I['noguests']);
+		if($ga<=0) send_error($I['noguests']);
+		if($ga==4 && isSet($_REQUEST['globalpass']) && $_REQUEST['globalpass']!=get_setting('globalpass')) send_error($I['wrongpass']);
 	}
 	write_new_session();
 }
@@ -996,35 +1076,37 @@ function write_new_session(){
 	global $U, $C, $I, $mysqli;
 	// read and update current sessions
 	$lines=parse_sessions();
-	$sids; $inuse=0; $reentry=0;
+	$sids; $inuse=false; $reentry=false;
 	if(isSet($lines)){
 		foreach($lines as $temp){
-			$sids[$temp['session']]=1;// collect all existing ids
+			$sids[$temp['session']]=true;// collect all existing ids
 			if($temp['nickname']==$U['nickname']){// nick already here?
 				if($U['passhash']==$temp['passhash']){
 					$U=$temp;
 					add_user_defaults();
 					setcookie($C['cookiename'], $U['session']);
-					$reentry=1;
+					$reentry=true;
+					break;
 				}else{
-					$inuse=1;
+					$inuse=true;
+					break;
 				}
 			}
 		}
 	}
 	// create new session:
-	if($inuse==0 && $reentry==0){
+	if(!$inuse && !$reentry){
 		do{
 			$U['session']=md5(time().rand().$U['nickname']);
 		}while(isSet($sids[$U['session']]));// check for hash collision
-		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `sessions`(`session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `sessions`(`session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-		mysqli_stmt_bind_param($stmt, 'sssddssdsdddssddddd', $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed']);
+		mysqli_stmt_bind_param($stmt, 'sssddssdsdddssdddddd', $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']);
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 		setcookie($C['cookiename'], $U['session']);
-		if($C['msglogin'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgenter'), $U['displayname']));
+		if($C['msglogin'] && $U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgenter'), $U['displayname']));
 	}elseif($inuse){
-		send_error($I['invalpass']);
+		send_error($I['wrongpass']);
 	}elseif($U['status']==0){
 		setcookie($C['cookiename'], false);
 		send_error("$I[kicked]<br>$U[kickmessage]");
@@ -1068,11 +1150,12 @@ function approve_session(){
 
 function check_login(){
 	global $mysqli, $C, $U, $I, $M;
+	$ga=get_setting('guestaccess');
 	if(isSet($_POST['session'])){
-		$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed` FROM `sessions` WHERE `session`=?');
+		$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `sessions` WHERE `session`=?');
 		mysqli_stmt_bind_param($stmt, 's', $_POST['session']);
 		mysqli_stmt_execute($stmt);
-		mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed']);
+		mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']);
 		if(mysqli_stmt_fetch($stmt)){
 			if($U['status']==0){
 				setcookie($C['cookiename'], false);
@@ -1086,11 +1169,12 @@ function check_login(){
 
 		}
 		mysqli_stmt_close($stmt);
+	}elseif($ga==-1 && ((!isSet($_POST['globalpass']) || $_POST['globalpass']!=get_setting('globalpass')) || !(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])))){
+		send_login();
 	}else{
-		create_session();
+		create_session(false);
 	}
 	if($U['status']==1){
-		$ga=get_setting('guestaccess');
 		if(($ga==2 || $ga==3) && count($M)>0){
 			$stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `entry`=\''.time().'\' WHERE `session`=?');
 			mysqli_stmt_bind_param($stmt, 's', $U['session']);
@@ -1126,10 +1210,10 @@ function kill_session(){
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 	}
-	elseif($C['msglogout'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgexit'), $U['displayname']));
+	elseif($C['msglogout'] && $U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgexit'), $U['displayname']));
 }
 
-function kick_chatter($names, $mes){
+function kick_chatter($names, $mes, $purge){
 	global $C, $U, $P, $mysqli;
 	$lonick='';
 	$lines=parse_sessions();
@@ -1141,6 +1225,7 @@ function kick_chatter($names, $mes){
 				if(($temp['nickname']==$U['nickname'] && $U['nickname']==$name) || ($U['status']>$temp['status'] && (($temp['nickname']==$name && $temp['status']>0) || ($name=='&' && $temp['status']==1)))){
 					mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']);
 					mysqli_stmt_execute($stmt);
+					if($purge) del_all_messages($temp['nickname']);
 					$lonick.="$temp[displayname], ";
 					$i++;
 					unset($P[$name]);
@@ -1150,11 +1235,11 @@ function kick_chatter($names, $mes){
 	}
 	mysqli_stmt_close($stmt);
 	if($C['msgkick']){
-		if($names[0]=='&'){
+		if($lonick!==''){
-			add_system_message(get_setting('msgallkick'));
+			if($names[0]=='&'){
-		}else{
+				add_system_message(get_setting('msgallkick'));
-			$lonick=preg_replace('/\,\s$/','',$lonick);
+			}else{
-			if($lonick!==''){
+				$lonick=preg_replace('/\,\s$/','',$lonick);
 				if($i>1){
 					add_system_message(sprintf(get_setting('msgmultikick'), $lonick));
 				}else{
@@ -1163,6 +1248,8 @@ function kick_chatter($names, $mes){
 			}
 		}
 	}
+	if($lonick!=='') return true;
+	return false;
 }
 
 function logout_chatter($names){
@@ -1181,7 +1268,7 @@ function logout_chatter($names){
 					if($temp['status']==1){
 						mysqli_stmt_bind_param($stmt1, 's', $temp['nickname']);
 						mysqli_stmt_bind_param($stmt2, 's', $temp['nickname']);
-						mysqli_stmt_bind_param($stmt3, 's', $temp['nickname'], $temp['nickname']);
+						mysqli_stmt_bind_param($stmt3, 'ss', $temp['nickname'], $temp['nickname']);
 						mysqli_stmt_execute($stmt1);
 						mysqli_stmt_execute($stmt2);
 						mysqli_stmt_execute($stmt3);
@@ -1230,7 +1317,7 @@ function check_session(){
 function get_nowchatting(){
 	global $M, $G, $P, $I;
 	parse_sessions();
-	return sprintf($I['curchat'], count($P)).'<br>'.implode(' &nbsp; ', $M).' &nbsp; '.implode(' &nbsp; ', $G);
+	echo sprintf($I['curchat'], count($P)).'<br>'.implode(' &nbsp; ', $M).' &nbsp; '.implode(' &nbsp; ', $G);
 }
 
 function parse_sessions(){
@@ -1266,6 +1353,7 @@ function parse_sessions(){
 				if($temp['session']==$_REQUEST['session']){
 					$U=$temp;
 					add_user_defaults();
+					break;
 				}
 			}
 		}
@@ -1278,24 +1366,25 @@ function parse_sessions(){
 				$P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']];
 				$G[]=$temp['displayname'];
 			}elseif($temp['status']>2){
-				$P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']];
+				if(!$temp['incognito']){
-				$M[]=$temp['displayname'];
+					$P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']];
+					$M[]=$temp['displayname'];
+				}
 				if($temp['status']>=5) $countmods++;
 			}
 		}
 		return $lines;
 	}
-	return;
 }
 
 //  member handling
 
 function check_member(){
 	global $U, $I, $mysqli;
-	$stmt=mysqli_prepare($mysqli, 'SELECT `nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `fontface`, `fonttags`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed` FROM `members` WHERE `nickname`=?');
+	$stmt=mysqli_prepare($mysqli, 'SELECT `nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `fontface`, `fonttags`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed`, `incognito` FROM `members` WHERE `nickname`=?');
 	mysqli_stmt_bind_param($stmt, 's', $U['nickname']);
 	mysqli_stmt_execute($stmt);
-	mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['colour'], $temp['bgcolour'], $temp['fontface'], $temp['fonttags'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed']);
+	mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['colour'], $temp['bgcolour'], $temp['fontface'], $temp['fonttags'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed'], $U['incognito']);
 	if(mysqli_stmt_fetch($stmt)){
 		mysqli_stmt_close($stmt);
 		if($temp['passhash']==$U['passhash']){
@@ -1305,7 +1394,7 @@ function check_member(){
 			mysqli_stmt_execute($stmt);
 			mysqli_stmt_close($stmt);
 		}else{
-			send_error($I['invalpass']);
+			send_error($I['wrongpass']);
 		}
 	}else{
 		mysqli_stmt_close($stmt);
@@ -1328,10 +1417,10 @@ function register_guest($status){
 	global $P, $U, $C, $I, $mysqli;
 	if($_REQUEST['name']=='') send_admin();
 	if(!isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name']));
-	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `passhash`, `refresh`, `fontinfo`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed` FROM `sessions` WHERE `nickname`=? AND `status`=\'1\'');
+	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `passhash`, `refresh`, `fontinfo`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito` FROM `sessions` WHERE `nickname`=? AND `status`=\'1\'');
 	mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']);
 	mysqli_stmt_execute($stmt);
-	mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['displayname'], $reg['passhash'], $reg['refresh'], $reg['fontinfo'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed']);
+	mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['displayname'], $reg['passhash'], $reg['refresh'], $reg['fontinfo'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 	if(mysqli_stmt_fetch($stmt)){
 		mysqli_stmt_close($stmt);
 		$reg['status']=$status;
@@ -1352,8 +1441,8 @@ function register_guest($status){
 	if(mysqli_stmt_num_rows($stmt)>0) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name']));
 	mysqli_stmt_free_result($stmt);
 	mysqli_stmt_close($stmt);
-	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-	mysqli_stmt_bind_param($stmt, 'ssddssddddsdd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $U['nickname'], $reg['timestamps'], $reg['embed']);
+	mysqli_stmt_bind_param($stmt, 'ssddssddddsddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $U['nickname'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
 	if($reg['status']==3) add_system_message(sprintf(get_setting('msgmemreg'), $reg['displayname']));
@@ -1366,6 +1455,7 @@ function register_new(){
 	if($_REQUEST['name']=='') send_admin();
 	if(isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name']));
 	if(!valid_nick($_REQUEST['name'])) send_admin(sprintf($I['invalnick'], $C['maxname']));
+	if(!valid_pass($_REQUEST['pass'])) send_admin(sprintf($I['invalpass'], $C['minpass']));
 	$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=?');
 	mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']);
 	mysqli_stmt_execute($stmt);
@@ -1386,10 +1476,11 @@ function register_new(){
 		'notesboxheight'=>$C['notesboxheight'],
 		'regedby'	=>$U['nickname'],
 		'timestamps'	=>$C['timestamps'],
-		'embed'		=>$C['embed']
+		'embed'		=>$C['embed'],
+		'incognito'	=>false
 	);
-	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-	mysqli_stmt_bind_param($stmt, 'ssddssddddsdd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed']);
+	mysqli_stmt_bind_param($stmt, 'ssddssddddsddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
 	send_admin(sprintf($I['successreg'], $reg['nickname']));
@@ -1460,6 +1551,8 @@ function amend_profile(){
 	else $U['timestamps']=false;
 	if(isSet($_REQUEST['embed'])) $U['embed']=true;
 	else $U['embed']=false;
+	if($U['status']>=5 && isSet($_REQUEST['incognito'])) $U['incognito']=true;
+	else $U['incognito']=false;
 	if($U['boxwidth']>=1000) $U['boxwidth']=40;
 	if($U['boxheight']>=1000) $U['boxheight']=3;
 	if($U['notesboxwidth']>=1000) $U['notesboxwidth']=80;
@@ -1482,13 +1575,13 @@ function save_profile(){
 	if($U['passhash']!==$U['oldhash']) send_profile($I['wrongpass']);
 	$U['passhash']=$U['newhash'];
 	amend_profile();
-	$stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `refresh`=?, `displayname`=?, `fontinfo`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=? WHERE `session`=?');
+	$stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `refresh`=?, `displayname`=?, `fontinfo`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `session`=?');
-	mysqli_stmt_bind_param($stmt, 'dssssddsdddds', $U['refresh'], $U['displayname'], $U['fontinfo'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['session']);
+	mysqli_stmt_bind_param($stmt, 'dssssddsddddds', $U['refresh'], $U['displayname'], $U['fontinfo'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['session']);
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
 	if($U['status']>=2){
-		$stmt=mysqli_prepare($mysqli, 'UPDATE `members` SET `passhash`=?, `refresh`=?, `colour`=?, `bgcolour`=?, `fontface`=?, `fonttags`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=? WHERE `nickname`=?');
+		$stmt=mysqli_prepare($mysqli, 'UPDATE `members` SET `passhash`=?, `refresh`=?, `colour`=?, `bgcolour`=?, `fontface`=?, `fonttags`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `nickname`=?');
-		mysqli_stmt_bind_param($stmt, 'sdssssdddddds', $U['passhash'], $U['refresh'], $U['colour'], $U['bgcolour'], $U['fontface'], $U['fonttags'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['nickname']);
+		mysqli_stmt_bind_param($stmt, 'sdssssddddddds', $U['passhash'], $U['refresh'], $U['colour'], $U['bgcolour'], $U['fontface'], $U['fonttags'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nickname']);
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 	}
@@ -1535,6 +1628,7 @@ function add_user_defaults(){
 	if(!isSet($U['notesboxheight'])) $U['notesboxheight']=30;
 	if(!isSet($U['timestamps'])) $U['timestamps']=$C['timestamps'];
 	if(!isSet($U['embed'])) $U['embed']=$C['embed'];
+	if(!isSet($U['incognito'])) $U['incognito']=false;
 	if(!isSet($U['lastpost'])) $U['lastpost']=time();
 	if(!isSet($U['entry'])) $U['entry']=0;
 	if(!isSet($U['postid'])) $U['postid']='OOOOOO';
@@ -1546,17 +1640,17 @@ function add_user_defaults(){
 function validate_input(){
 	global $U, $P, $C, $mysqli;
 	$U['message']=substr($_REQUEST['message'], 0, $C['maxmessage']);
-	if(!isSet($U['rejected'])) $U['rejected']=substr($_REQUEST['message'], $C['maxmessage']);
+	$U['rejected']=substr($_REQUEST['message'], $C['maxmessage']);
 	if(preg_match('/&[^;]{0,8}$/', $U['message']) && preg_match('/^([^;]{0,8};)/', $U['rejected'], $match)){
 		$U['message'].=$match[0];
 		$U['rejected']=preg_replace("/^$match[0]", '', $U['rejected']);
 	}
 	if($U['rejected']){
-		$U['rejected']=htmlspecialchars($U['rejected']);
 		$U['rejected']=preg_replace('/<br>(<br>)+/', '<br><br>', $U['rejected']);
 		$U['rejected']=preg_replace('/<br><br>$/', '<br>', $U['rejected']);
 		$U['rejected']=preg_replace('/<br>/', "\n", $U['rejected']);
 		$U['rejected']=preg_replace('/^\s+|\s+$/', '', $U['rejected']);
+		$U['rejected']=htmlspecialchars($U['rejected']);
 	}
 	$U['message']=htmlspecialchars($U['message']);
 	$U['message']=preg_replace("/\r\n/", '<br>', $U['message']);
@@ -1616,6 +1710,7 @@ function validate_input(){
 		if($U['poststatus']==9) apply_filter(true);
 		else apply_filter(false);
 		create_hotlinks();
+		add_message();
 	}
 }
 
@@ -1627,7 +1722,7 @@ function apply_filter($pm){
 			if(!$pm) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count);
 			elseif(!$filter['allowinpm']) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count);
 			if($count>0 && $filter['kick']){
-				kick_chatter(array($U['nickname']), '');
+				kick_chatter(array($U['nickname']), '', false);
 				send_error("$I[kicked]");
 			}
 		}
@@ -1649,7 +1744,6 @@ function create_hotlinks(){
 	// Convert every <<....>> into proper links:
 	$U['message']=preg_replace_callback('/<<([^<>]+)>>/', function ($matches){if(strpos($matches[1], '://')==false){ return "<a href=\"http://$matches[1]\" target=\"_blank\">$matches[1]</a>";}else{ return "<a href=\"$matches[1]\" target=\"_blank\">$matches[1]</a>"; }}, $U['message']);
 	if($C['imgembed']) $U['message']=preg_replace_callback('/\[img\]<a href="(.*?(?="))" target="_blank">(.*?(?=<\/a>))<\/a>/i', function ($matched){ return "<br><a href=\"$matched[1]\" target=\"_blank\"><img src=\"$matched[1]\"></a><br>";}, $U['message']);
-	if($C['vidembed']) $U['message']=preg_replace_callback('/\[vid\]<a href="(.*?(?="))" target="_blank">(.*?(?=<\/a>))<\/a>/i', function ($matched){ return "<br><a href=\"$matched[1]\" target=\"_blank\"><video src=\"$matched[1]\"></a><br>";}, $U['message']);
 	if($C['forceredirect']) $U['message']=preg_replace_callback('/<a href="(.*?(?="))" target="_blank">(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "<a href=\"$C[redirect]".urlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";}, $U['message']);
 	if(preg_match_all('/<a href="(.*?(?="))" target="_blank">(.*?(?=<\/a>))<\/a>/', $U['message'], $matches)){
 		foreach($matches[1] as $match){
@@ -1757,6 +1851,7 @@ function del_last_message(){
 
 function print_messages($delstatus=''){
 	global $U, $C, $mysqli;
+	$dateformat=get_setting('dateformat');
 	mysqli_query($mysqli, 'DELETE FROM `messages` WHERE `postdate`<=\''.(time()-60*$C['messageexpire'])."'");
 	$stmt=mysqli_prepare($mysqli, 'SELECT `postdate`, `postid`, `text`, `delstatus` FROM `messages` WHERE ('.
 	'`id` IN (SELECT * FROM (SELECT `id` FROM `messages` WHERE `poststatus`=\'1\' ORDER BY `postdate` DESC LIMIT ?) AS t) '.
@@ -1775,10 +1870,10 @@ function print_messages($delstatus=''){
 			if(!isSet($_COOKIE[$C['cookiename']]) && !$C['forceredirect']){
 				$message['text']=preg_replace_callback('/<a href="(.*?(?="))" target="_blank">(.*?(?=<\/a>))<\/a>/', function ($matched){ global $C; return "<a href=\"$C[redirect]".urlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";}, $message['text']);
 			}
-				if(!$U['embed'] && preg_match('/<(img|video) src="(.*?(?="))">/', $message['text'], $matches)){
+				if(!$U['embed'] && preg_match('/<img src="(.*?(?="))">/', $message['text'], $matches)){
 				$message['text']=preg_replace_callback("/<$matches[1] src=\"(.*?(?=\"))\">/", function ($matched){ return $matched[1];}, $message['text']);
 			}
-			if($U['timestamps']) echo '<small>'.date('m-d H:i:s', $message['postdate']).' - </small>';
+			if($U['timestamps']) echo '<small>'.date($dateformat, $message['postdate']).' - </small>';
 			echo "$message[text]<br>";
 		}
 	}
@@ -1788,26 +1883,25 @@ function print_messages($delstatus=''){
 // this and that
 
 function valid_admin(){
-	global $mysqli;
+	global $U;
-	if(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){
+	if(isSet($_REQUEST['session'])){
-		$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=? AND `passhash`=? AND `status`>=\'7\'');
+		check_session();
-		mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['nick'], $pass=md5(sha1(md5($_REQUEST['nick'].$_REQUEST['pass']))));
-		mysqli_stmt_execute($stmt);
-		mysqli_stmt_store_result($stmt);
-		if(mysqli_stmt_num_rows($stmt)>0) return true;
-		mysqli_stmt_free_result($stmt);
-		mysqli_stmt_close($stmt);
 	}
-	return false;
+	elseif(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){
+		create_session(true);
+	}
+	if(isSet($U['status']) && $U['status']>=7) return true;
+	else return false;
 }
 
 function valid_nick($nick){
-	return preg_match('/^[a-z0-9]*$/i', $nick);
+	global $C;
+	return preg_match("/^[a-z0-9]{1,$C[maxname]}$/i", $nick);
 }
 
-function allowed_nick($nick){
+function valid_pass($pass){
 	global $C;
-	return preg_match("/^.{1,$C[maxname]}$/", $nick);
+	return preg_match('/^.{'.$C['minpass'].',}$/', $pass);
 }
 
 function cleanup_nick($nick){
@@ -1928,18 +2022,20 @@ function init_chat(){
 		if(mysqli_num_rows($result)>0){
 			$suwrite=$I['initsuexist'];
 		}
-	}elseif(!valid_nick($_REQUEST['sunick']) || $_REQUEST['sunick']==''){
+	}elseif(!valid_nick($_REQUEST['sunick'])){
 		$suwrite=sprintf($I['invalnick'], $C['maxname']);
+	}elseif(!valid_pass($_REQUEST['supass'])){
+		$suwrite=sprintf($I['invalpass'], $C['minpass']);
 	}elseif($_REQUEST['supass']!==$_REQUEST['supassc']){
 		$suwrite=$I['noconfirm'];
 	}else{
 		mysqli_multi_query($mysqli, 	'CREATE TABLE IF NOT EXISTS `captcha` (`id` int(10) unsigned NOT NULL, `time` int(10) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `filter` (`id` tinyint(3) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` text NOT NULL, `allowinpm` tinyint(1) unsigned NOT NULL, `regex` tinyint(1) unsigned NOT NULL, `kick` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `ignored` (`id` int(10) unsigned NOT NULL, `ignored` tinytext NOT NULL, `by` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
-						'CREATE TABLE IF NOT EXISTS `members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `colour` tinytext NOT NULL, `bgcolour` tinytext NOT NULL, `fontface` tinytext NOT NULL, `fonttags` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
+						'CREATE TABLE IF NOT EXISTS `members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `colour` tinytext NOT NULL, `bgcolour` tinytext NOT NULL, `fontface` tinytext NOT NULL, `fonttags` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `messages` (`id` int(10) unsigned NOT NULL, `postdate` int(10) unsigned NOT NULL, `postid` int(10) unsigned NOT NULL, `poststatus` tinyint(3) unsigned NOT NULL, `poster` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `recipient` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL, `delstatus` tinyint(3) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `notes` (`id` int(10) unsigned NOT NULL, `type` tinytext NOT NULL, `lastedited` int(10) unsigned NOT NULL, `editedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
-						'CREATE TABLE IF NOT EXISTS `sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `displayname` text NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `fontinfo` tinytext NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
+						'CREATE TABLE IF NOT EXISTS `sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `displayname` text NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `fontinfo` tinytext NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `settings` (`id` tinyint(3) unsigned NOT NULL, `setting` tinytext NOT NULL, `value` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'ALTER TABLE `captcha` ADD UNIQUE KEY `id` (`id`); '.
 						'ALTER TABLE `filter` ADD PRIMARY KEY (`id`); '.
@@ -1957,6 +2053,9 @@ function init_chat(){
 						'ALTER TABLE `sessions` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; '.
 						'ALTER TABLE `settings` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'guestaccess\',\'0\'); '.
+						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'globalpass\',\'\'); '.
+						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'dateformat\',\'m-d H:i:s\'); '.
+						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'rulestxt\', \'1. YOUR_RULS<br>2. YOUR_RULES\'); '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgenter\',\'%s entered the chat.\'); '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgexit\',\'%s left the chat.\'); '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgmemreg\',\'%s is now a registered member.\'); '.
@@ -1979,17 +2078,18 @@ function init_chat(){
 			'notesboxwidth'	=>$C['notesboxwidth'],
 			'notesboxheight'=>$C['notesboxheight'],
 			'timestamps'	=>$C['timestamps'],
-			'embed'		=>$C['embed']
+			'embed'		=>$C['embed'],
+			'incognito'	=>false
 		);
-		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-		mysqli_stmt_bind_param($stmt, 'ssddssdddddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed']);
+		mysqli_stmt_bind_param($stmt, 'ssddssddddddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 		$suwrite=$I['susuccess'];
 	}
 	print_start();
 	echo "<center><h2>$I[init]</h2><br><h3>$I[sulogin]</h3>$suwrite<br><br><br>";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('nick', $_REQUEST['sunick']).hidden('pass', $_REQUEST['supass']).submit($I['initgosetup']).'</form>';
+	echo "<$H[form]>".hidden('action', 'setup').submit($I['initgosetup']).'</form>';
 	print_credits();
 	print_end();
 }
@@ -2003,6 +2103,19 @@ function update_db(){
 			mysqli_query($mysqli, 'ALTER TABLE `ignored` ADD PRIMARY KEY (`id`)');
 			mysqli_query($mysqli, 'ALTER TABLE `ignored` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT');
 		}
+		if($dbversion<3){
+			mysqli_query($mysqli, 'INSERT INTO `settings` (`setting`, `value`) VALUES (\'rulestxt\', \'1. YOUR_RULS<br>2. YOUR_RULES\')');
+		}
+		if($dbversion<4){
+			mysqli_query($mysqli, 'ALTER TABLE `members` ADD `incognito` TINYINT(1) UNSIGNED NOT NULL');
+			mysqli_query($mysqli, 'ALTER TABLE `sessions` ADD `incognito` TINYINT(1) UNSIGNED NOT NULL');
+		}
+		if($dbversion<5){
+			mysqli_query($mysqli, 'INSERT INTO `settings` (`setting`, `value`) VALUES (\'globalpass\', \'\')');
+		}
+		if($dbversion<6){
+			mysqli_query($mysqli, 'INSERT INTO `settings` (`setting`, `value`) VALUES (\'dateformat\', \'m-d H:i:s\')');
+		}
 		update_setting('dbversion', $C['dbversion']);
 		send_update();
 	}
@@ -2079,7 +2192,7 @@ function check_db(){
 	$mysqli=mysqli_connect($C['dbhost'], $C['dbuser'], $C['dbpass'], $C['dbname']);
 	if(mysqli_connect_errno($mysqli)){
 		if($_REQUEST['action']=='setup'){
-			die($I['nosetupdb']);
+			die($I['nodbsetup']);
 		}else{
 			die($I['nodb']);
 		}
@@ -2105,9 +2218,9 @@ function load_lang(){
 function load_config(){
 	global $C;
 	$C=array(
-		'version'	=>'1.1', // Script version
+		'version'	=>'1.7', // Script version
-		'dbversion'	=>2, // Database version
+		'dbversion'	=>6, // Database version
-		'showcredits'	=>true, // Allow showing credits
+		'showcredits'	=>false, // Allow showing credits
 		'colbg'		=>'000000', // Background colour
 		'coltxt'	=>'FFFFFF', // Default text colour
 		'collnk'	=>'0000FF', // Link colour
@@ -2125,6 +2238,7 @@ function load_config(){
 		'defaultrefresh'=>30, // Seconds to refresh the messages
 		'maxmessage'	=>2000, // Longest number of characters for a message
 		'maxname'	=>20, // Longest number of chatacters for a name
+		'minpass'	=>5, // Shortest number of chatacters for a password
 		'boxwidth'	=>40, // Default post box width
 		'boxheight'	=>3, // Default post box height
 		'notesboxwidth'	=>80, // Default notes box width
@@ -2134,23 +2248,24 @@ function load_config(){
 		'dbpass'	=>'YOUR_DB_PASS', // Database password
 		'dbname'	=>'public_chat', // Database
 		'captchapass'	=>'YOUR_PASS', // Password used for captcha encryption
+		'captchachars'	=>'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', // Characters used for captcha generation
 		'enablecaptcha'	=>true, // Enable captcha? ture/false
 		'dismemcaptcha'	=>false, // Disable captcha for members? ture/false
-		'embed'		=>true, // Default for displaying embedded imgs/vids or turn them into links true/false
+		'embed'		=>true, // Default for displaying embedded imgs or turning them into links true/false
 		'imgembed'	=>true, // Allow image embedding in chat using [img] tag? ture/false Warning: this might leak session data to the image hoster when cookies are disabled.
-		'vidembed'	=>true, // Allow video embedding in chat using [vid] tag? ture/false Warning: this might leak session data to the video hoster when cookies are disabled.
 		'suguests'	=>false, // Adds option to add applicants. They will have a reserved nick protected with a password, but don't count as member true/false
 		'timestamps'	=>true, // Display timestamps in front of the messages by default true/false
+		'incognito'	=>true, // Allow mods and admins to be invisable true/false
 		'forceredirect'	=>false, // Force redirect script or only use when no cookies available? ture/false
 		'msglogout'	=>false, // Add a message on member logout
 		'msglogin'	=>true, // Add a message on member login
 		'msgkick'	=>true, // Add a message when kicking someone
+		'memkick'	=>true, // Let a member kick guests if no mod is present
 		'sendmail'	=>false, // Send mail on new message - only activate on low traffic chat or your inbox will fill up very fast!
 		'mailsender'	=>'www-data <www-data@localhost>', // Send mail using this e-Mail address
 		'mailreceiver'	=>'Webmaster <webmaster@localhost>', // Send mail to this e-Mail address
 		'redirect'	=>"$_SERVER[SCRIPT_NAME]?action=redirect&url=", // Redirect script default: "$_SERVER[SCRIPT_NAME]?action=redirect&url="
-		'lang'		=>'en', // Default language
+		'lang'		=>'en' // Default language
-		'rulestxt'	=>'1. YOUR_RULS<br>2. YOUR_RULES' // Rules - divide multiple rules by <br> to make them appear in a new line
 	);
 }
 ?>

lang_de.php

@@ -20,12 +20,12 @@
 
 $I=array(
 	'nodb' => 'Keine Verbindung zur Datenbank!',
-	'nodsetupb' => 'Keine Verbindung zur Datenbank, bitte erstelle eine Datenbank und bearbeite das Skript, um die korrekte Datenbank mit angegebenem Benutzernamen und Passwort zu benutzen.',
+	'nodbsetup' => 'Keine Verbindung zur Datenbank, bitte erstelle eine Datenbank und bearbeite das Skript, um die korrekte Datenbank mit angegebenem Benutzernamen und Passwort zu benutzen.',
 	'changelang' => 'Sprache ändern:',
 	'expire' => 'Ungültige/abgelaufene Sitzung',
 	'kicked' => 'Rausgeschmissen!',
 	'invalnick' => 'Ungültiger Nickname (Maximal %d Zeichen, keine Sonderzeichen erlaubt)',
-	'invalpass' => 'Falsches Passwort!',
+	'invalpass' => 'Ungültiges Passwort (Mindestens %d Zeichen)',
 	'noconfirm' => 'Passwordbestätigung stimmt nicht überein!',
 	'incorregex' => 'Ungültiger regulärer Ausdruck!',
 	'bottom' => 'Unten',
@@ -52,8 +52,10 @@ $I=array(
 	'msgmultikick' => 'Mehrere rausgeworfen',
 	'msgallkick' => 'Alle rausgeworfen',
 	'msgclean' => 'Raum geleert',
+	'dateformat' => '<a target="_blank" href="http://php.net/manual/de/function.date.php#refsect1-function.date-parameters">Date formating</a>',
 	'nick' => 'Nickname:',
 	'pass' => 'Passwort:',
+	'globalloginpass' => 'Globales Passwort:',
 	'login' => 'Anmelden',
 	'admfunc' => 'Administrative Funktionen',
 	'allguests' => 'Alle Gäste',
@@ -74,7 +76,9 @@ $I=array(
 	'guestallow' => 'Erlauben',
 	'guestwait' => 'Mit Warteraum erlauben',
 	'adminallow' => 'Moderator-Erlaubnis benötigen',
-	'guestdisallow' => 'Verweigern',
+	'globalpass' => 'Mit globalem Passwort erlauben',
+	'memberglobalpass' => 'Nur Mitglieder mit globalem Passwort',
+	'guestdisallow' => 'Nur Mitglieder',
 	'addsuguest' => 'Anwerber hinzufügen',
 	'register' => 'Registrieren',
 	'admmembers' => 'Mitglieder',
@@ -125,7 +129,7 @@ $I=array(
 	'switchmulti' => 'Zu Mehrfach-Zeilen wechseln',
 	'help' => 'Hilfe',
 	'helpguest' => 'Alle Funktionen sollten recht selbsterklärend sein, benutze einfach die Knöpfe. In deinem Profil kannst du die Aktualisierungsrate, Schriftfarbe und deine gewünschte Postboxgröße anpassen.<br><u>Hinweis:</u> Dies ist ein Chat, wenn du also nichts schreibst, wirst du automatisch nach einiger Zeit abgemaldet.',
-	'helpembed' => 'Wenn du ein Bild einbetten möchtest, füge einfach ein [img] vor die Adresse deines Bildes. Beispiel: [img]http://example.com/images/file.jpg bettet das Bild in deinen Beitrag ein. Für Videos gilt das gleiche, nur mit [vid] davor.',
+	'helpembed' => 'Wenn du ein Bild einbetten möchtest, füge einfach ein [img] vor die Adresse deines Bildes. Beispiel: [img]http://example.com/images/file.jpg bettet das Bild in deinen Beitrag ein.',
 	'helpmem' => 'Mitglieder: Du wirst einige zusätzliche Optionen in deinem Profil haben. Du kannst deine Schriftart ändern und du kannst dein Passwort jederzeit ändern.',
 	'helpmod' => 'Moderatoren: Achte auf den Admin-Knof unten. Er bringt eine Seite auf, auf der du Nachrichten löschen kannst, Teilnehmer rausschmeißen kannst, alle aktive Sitzungen anzeigen lassen kannst und den Gastzugriff deaktivieren kannst, falls dies nötig sein sollte.',
 	'helpadm' => 'Admins: Du wirst zusätzlich in der Lage sein Gäste zu registrieren, Mitglieder zu verwalten und neue Nicknanem zu registrieren, ohne dass sie im Raum sind.',
@@ -142,7 +146,8 @@ $I=array(
 	'italic' => 'Kursiv',
 	'fontexample' => 'Beispiel für deine gewählte Schrift',
 	'timestamps' => 'Zeitstempel anzeigen',
-	'embed' => 'Bilder/Videos einbetten',
+	'embed' => 'Bilder einbetten',
+	'incognito' => 'Inkognito Modus',
 	'pbsize' => 'Postboxgröße',
 	'nbsize' => 'Notizboxgröße',
 	'width' => 'Breite:',
@@ -181,7 +186,7 @@ $I=array(
 	'waitempty' => 'Keine weiteren Beitrittsanfragen zu akzeptieren.',
 	'wrongcaptcha' => 'Falsches Captcha',
 	'captchatime' => 'Captcha wurde bereits verwendet oder ist abgelaufen.',
-	'noguests' => 'Keine Gäste zugelassen!',
+	'noguests' => 'Entschuldigung, zur Zeit nur Mitglieder!',
 	'curchat' => 'Zurzeit sind %d Teilnehmer im Raum:',
 	'cantreg' => '%s kann nicht registriert werden',
 	'alreadyreged' => '%s ist bereits registriert.',
@@ -189,7 +194,7 @@ $I=array(
 	'cantchgstat' => 'Der Status von %s kann nicht geändert werden.',
 	'succdel' => '%s wurde erfolgriech aus der Datenbank gelöscht.',
 	'succchg' => 'Status of %s successfully changed.',
-	'wrongpass' => 'Passwort ist falsch.',
+	'wrongpass' => 'Falsches Passwort!',
 	'succprofile' => 'Dein Profil wurde erfolgreich gespeichert.',
 	'backtologin' => 'Zurück zur Anmeldeseite.',
 	'backtochat' => 'Zurück zum Chat.',

lang_en.php

@@ -21,12 +21,12 @@
 //Language: English
 $I=array(
 	'nodb' => 'No Connection to Database!',
-	'nodsetupb' => 'No Connection to Database, please create a database and edit the script to use the correct database with given username and password!',
+	'nodbsetup' => 'No Connection to Database, please create a database and edit the script to use the correct database with given username and password!',
 	'changelang' => 'Change language:',
 	'expire' => 'Invalid/expired session',
 	'kicked' => 'Kicked!',
 	'invalnick' => 'Invalid nickname (%d characters maximum, no special characters allowed)',
-	'invalpass' => 'Invalid password!',
+	'invalpass' => 'Invalid password (At least %d characters)',
 	'noconfirm' => 'Password confirmation does not match!',
 	'incorregex' => 'Incorrect regular expression!',
 	'bottom' => 'Bottom',
@@ -45,6 +45,7 @@ $I=array(
 	'initgosetup' => 'Go to the Setup-Page',
 	'nick' => 'Nickname:',
 	'pass' => 'Password:',
+	'globalloginpass' => 'Global Password:',
 	'login' => 'Login',
 	'dbupdate' => 'Database successfully updated!',
 	'sysmessages' => 'System messages',
@@ -56,6 +57,7 @@ $I=array(
 	'msgmultikick' => 'Multiple kicked',
 	'msgallkick' => 'All kicked',
 	'msgclean' => 'Room cleaned',
+	'dateformat' => '<a target="_blank" href="http://php.net/manual/en/function.date.php#refsect1-function.date-parameters">Date formating</a>',
 	'admfunc' => 'Administrative functions',
 	'allguests' => 'All guests',
 	'cleanmsgs' => 'Clean messages',
@@ -75,7 +77,9 @@ $I=array(
 	'guestallow' => 'Allow',
 	'guestwait' => 'Allow with waitingroom',
 	'adminallow' => 'Require moderator approval',
-	'guestdisallow' => 'Disallow',
+	'globalpass' => 'Allow with global password',
+	'memberglobalpass' => 'Only members with global password',
+	'guestdisallow' => 'Only members',
 	'addsuguest' => 'Add applicant',
 	'register' => 'Register',
 	'admmembers' => 'Members',
@@ -126,7 +130,7 @@ $I=array(
 	'switchmulti' => 'Switch to multi-line',
 	'help' => 'Help',
 	'helpguest' => 'All functions should be pretty much self-explaining, just use the buttons. In your profile you can adjust the refresh rate, font colour and your preferred input box size.<br><u>Note:</u> This is a chat, so if you don\'t keep talking, you will be automatically logged out after a while.',
-	'helpembed' => 'If you want to embed an image in your post, simply put [img] in front of your image URL. Example: [img]http://example.com/images/file.jpg will embed the image in your post. For videos applies the same only with [vid].',
+	'helpembed' => 'If you want to embed an image in your post, simply put [img] in front of your image URL. Example: [img]http://example.com/images/file.jpg will embed the image in your post.',
 	'helpmem' => 'Members: You\'ll have some more options in your profile. You can adjust your font face and you can change your password anytime.',
 	'helpmod' => 'Moderators: Notice the Admin-button at the bottom. It\'ll bring up a page where you can clean the room, kick chatters, view all active sessions and disable guest access completely if needed.',
 	'helpadm' => 'Admins: You\'ll be furthermore able to register guests, edit members and register new nicks without them beeing in the room.',
@@ -143,7 +147,8 @@ $I=array(
 	'italic' => 'Italic',
 	'fontexample' => 'Example for your chosen font',
 	'timestamps' => 'Show Timestamps',
-	'embed' => 'Embed images/videos',
+	'embed' => 'Embed images',
+	'incognito' => 'Incognito mode',
 	'pbsize' => 'Post box size',
 	'nbsize' => 'Notes box size',
 	'width' => 'Width:',
@@ -182,7 +187,7 @@ $I=array(
 	'waitempty' => 'No more entry requests to approve.',
 	'wrongcaptcha' => 'Wrong Captcha',
 	'captchatime' => 'Captcha already used or timed out.',
-	'noguests' => 'No guests allowed!',
+	'noguests' => 'Sorry, currently members only!',
 	'curchat' => 'Currently %d chatter(s) in room:',
 	'cantreg' => 'Can\'t register %s',
 	'alreadyreged' => '%s is already registered.',
@@ -190,7 +195,7 @@ $I=array(
 	'cantchgstat' => 'Can\'t change status of %s',
 	'succdel' => '%s successfully deleted from database.',
 	'succchg' => 'Status of %s successfully changed.',
-	'wrongpass' => 'Password is wrong.',
+	'wrongpass' => 'Wrong Password!',
 	'succprofile' => 'Your profile has successfully been saved.',
 	'backtologin' => 'Back to the login page.',
 	'backtochat' => 'Back to the chat.',