Added option to only allow guests with a global password

Also fixed an error in valid_admin() introduced in the previous version

CHANGELOG

@@ -1,3 +1,15 @@
+Version 1.6 - Apr. 26, 2015
+Added option to only allow guests with a global password
+
+Version 1.5 - Apr. 20, 2015
+Added incognito mode
+
+Version 1.4 - Apr. 10, 2015
+Various changes and additions
+
+Version 1.3 - Apr. 4, 2015
+Bugfixes on logout and kicking
+
 Version 1.2 - Apr. 2, 2015
 Include letters when generating captchas not only numbers
 Moved rules to database to make changes more easily in the setup

chat.php

@@ -55,9 +55,9 @@ if(!isSet($_REQUEST['action'])){
 }elseif($_REQUEST['action']=='post'){
 	check_session();
 	if(isSet($_REQUEST['kick']) && isSet($_REQUEST['sendto']) && valid_nick($_REQUEST['sendto'])){
-		if($U['status']>=5 || ($countmods==0 && $U['status']>=3)){
+		if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){
-			kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message']);
+			if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], true);
-			if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') del_all_messages($_REQUEST['sendto']);
+			else kick_chatter(array($_REQUEST['sendto']), $_REQUEST['message'], false);
 		}
 	}elseif(isSet($_REQUEST['message']) && isSet($_REQUEST['sendto']) && !preg_match('/^\s*$/',$_REQUEST['message'])){
 		validate_input();
@@ -108,12 +108,8 @@ if(!isSet($_REQUEST['action'])){
 		send_admin();
 	}elseif($_REQUEST['do']=='kick'){
 		if(!isSet($_REQUEST['name'])) send_admin();
-		kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage']);
+		if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge') kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], true);
-		if(isSet($_REQUEST['what']) && $_REQUEST['what']=='purge'){
+		else kick_chatter($_REQUEST['name'], $_REQUEST['kickmessage'], false);
-			foreach($_REQUEST['name'] as $name){
-				del_all_messages($name);
-			}
-		}
 		send_admin();
 	}elseif($_REQUEST['do']=='logout'){
 		if(!isSet($_REQUEST['name'])) send_admin();
@@ -137,12 +133,16 @@ if(!isSet($_REQUEST['action'])){
 		approve_session();
 		send_approve_waiting();
 	}elseif($_REQUEST['do']=='guestaccess'){
-		if(isSet($_REQUEST['set']) && preg_match('/^[0123]$/', $_REQUEST['set'])){
+		if(isSet($_REQUEST['set']) && preg_match('/^[01234]$/', $_REQUEST['set'])){
 			update_setting('guestaccess', $_REQUEST['set']);
 		}
 	}elseif($_REQUEST['do']=='filter'){
 		manage_filter();
 		send_filter();
+	}elseif($_REQUEST['do']=='globalpass'){
+		if(isSet($_REQUEST['globalpass'])){
+			update_setting('globalpass', $_REQUEST['globalpass']);
+		}
 	}
 	send_admin();
 }elseif($_REQUEST['action']=='setup'){
@@ -157,7 +157,7 @@ if(!isSet($_REQUEST['action'])){
 	if(!valid_admin()) send_alogin();
 	if(!isSet($_REQUEST['do'])){
 	}elseif($_REQUEST['do']=='guestaccess'){
-		if(isSet($_REQUEST['set']) && preg_match('/^[0123]$/', $_REQUEST['set'])){
+		if(isSet($_REQUEST['set']) && preg_match('/^[01234]$/', $_REQUEST['set'])){
 			update_setting('guestaccess', $_REQUEST['set']);
 		}
 	}elseif($_REQUEST['do']=='messages'){
@@ -167,6 +167,10 @@ if(!isSet($_REQUEST['action'])){
 		$_REQUEST['rulestxt']=preg_replace("/\n/", '<br>', $_REQUEST['rulestxt']);
 		$_REQUEST['rulestxt']=preg_replace("/\r/", '<br>', $_REQUEST['rulestxt']);
 		update_setting('rulestxt', $_REQUEST['rulestxt']);
+	}elseif($_REQUEST['do']=='globalpass'){
+		if(isSet($_REQUEST['globalpass'])){
+			update_setting('globalpass', $_REQUEST['globalpass']);
+		}
 	}
 	send_setup();
 }elseif($_REQUEST['action']=='init'){
@@ -248,27 +252,41 @@ function send_redirect(){
 	}
 }
 
-function send_captcha($code){
+function send_captcha(){
-	global $C;
+	global $C, $I, $mysqli;
+	$length=strlen($C['captchachars']);
+	$code='';
+	for($i=0;$i<5;$i++) {
+		$code .= $C['captchachars'][rand(0, $length-1)];
+	}
+	$randid=rand(0, 99999999);
+	$enc=base64_encode(openssl_encrypt("$code, $randid", 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
+	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `captcha` (`id`, `time`) VALUES (?, \''.time().'\')');
+	mysqli_stmt_bind_param($stmt, 'd', $randid);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
 	$im=imagecreatetruecolor(55, 24);
 	$bg=imagecolorallocate($im, 0, 0, 0);
 	$fg=imagecolorallocate($im, 255, 255, 255);
 	imagefill($im, 0, 0, $bg);
 	imagestring($im, 5, 5, 5, $code, $fg);
+	echo "<tr><td align=\"left\">$I[copy]";
+	echo '<img width="55" height="24" src="data:image/gif;base64,';
 	ob_start();
 	imagegif($im);
 	imagedestroy($im);
-	return '<img width="55" height="24" src="data:image/gif;base64,'.base64_encode(ob_get_clean()).'">';
+	echo base64_encode(ob_get_clean()).'">';
+	echo '</td><td align="right">'.hidden('challenge', $enc).'<input type="text" name="captcha" size="15" autocomplete="off"></td></tr>';
 }
 
 function send_setup(){
-	global $H, $I, $mysqli, $C;
+	global $H, $I, $mysqli, $C, $U;
 	$ga=get_setting('guestaccess');
 	print_start();
 	echo "<center><h2>$I[setup]</h2><table cellspacing=\"0\">";
 	thr();
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[guestacc]</b></td><td align=\"right\">";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'guestaccess').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass']).'<table cellspacing="0">';
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'guestaccess').hidden('session', $U['session']).'<table cellspacing="0">';
 	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set1" value="1"';
 	if($ga==1) echo ' checked';
 	echo "><label for=\"set1\">&nbsp;$I[guestallow]</label></td><td>&nbsp;</td><tr>";
@@ -278,12 +296,23 @@ function send_setup(){
 	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set3" value="3"';
 	if($ga==3) echo ' checked';
 	echo "><label for=\"set3\">&nbsp;$I[adminallow]</label></td><td>&nbsp;</td><tr>";
+	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set4" value="4"';
+	if($ga==4) echo ' checked';
+	echo "><label for=\"set4\">&nbsp;$I[globalpass]</label></td><td>&nbsp;</td></tr>";
 	echo '<tr><td align="left">&nbsp;<input type="radio" name="set" id="set0" value="0"';
 	if($ga==0) echo ' checked';
-	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr><tr><td>&nbsp;</td><td align=\"right\">".submit($I['change']).'</td></tr></table></form></td></tr></table></td></tr>';
+	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr>";
+	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['change']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
+	if($ga==4){
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[globalloginpass]</b></td><td align=\"right\">";
+		echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'globalpass').hidden('session', $U['session']).'<table cellspacing="0">';
+		echo "<tr><td><input type=\"text\" name=\"globalpass\" value=\"".get_setting('globalpass').'"></td><td>&nbsp;</td>';
+		echo '<td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
+		thr();
+	}
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[sysmessages]</b></td><td align=\"right\">";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'messages').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass']).'<table cellspacing="0">';
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'messages').hidden('session', $U['session']).'<table cellspacing="0">';
 	echo "<tr><td>&nbsp;$I[msgenter]</td><td>&nbsp;<input type=\"text\" name=\"msgenter\" value=\"".get_setting('msgenter').'"></td></tr>';
 	echo "<tr><td>&nbsp;$I[msgexit]</td><td>&nbsp;<input type=\"text\" name=\"msgexit\" value=\"".get_setting('msgexit').'"></td></tr>';
 	echo "<tr><td>&nbsp;$I[msgmemreg]</td><td>&nbsp;<input type=\"text\" name=\"msgmemreg\" value=\"".get_setting('msgmemreg').'"></td></tr>';
@@ -295,11 +324,11 @@ function send_setup(){
 	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[rules]</b></td><td align=\"right\">";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'rules').hidden('nick', $_REQUEST['nick']).hidden('pass', $_REQUEST['pass']).'<table cellspacing="0">';
+	echo "<$H[form]>".hidden('action', 'setup').hidden('do', 'rules').hidden('session', $U['session']).'<table cellspacing="0">';
 	echo '<tr><td colspan=2><textarea name="rulestxt" rows="4" cols="60">'.htmlspecialchars(get_setting('rulestxt')).'</textarea></td></tr>';
 	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
-	echo "</table><$H[form]>".hidden('action', 'setup').submit($I['logout']).'</form>';
+	echo "</table><$H[form]>".hidden('action', 'logout').hidden('session', $U['session']).submit($I['logout']).'</form>';
 	print_credits();
 	print_end();
 }
@@ -327,11 +356,12 @@ function send_update(){
 }
 
 function send_alogin(){
-	global $H, $I;
+	global $H, $I, $C;
 	print_start();
 	echo "<center><$H[form]>".hidden('action', 'setup').'<table>';
 	echo "<tr><td align=\"left\">$I[nick]</td><td><input type=\"text\" name=\"nick\" size=\"15\"></td></tr>";
 	echo "<tr><td align=\"left\">$I[pass]</td><td><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
+	if($C['enablecaptcha']) send_captcha();
 	echo "<tr><td colspan=\"2\" align=\"right\">".submit($I['login']).'</td></tr></table></form>';
 	print_credits();
 	print_end();
@@ -382,11 +412,20 @@ function send_admin($arg=''){
 	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set3\" value=\"3\"";
 	if($ga==3) echo " checked";
 	echo "><label for=\"set3\">&nbsp;$I[adminallow]</label></td><td>&nbsp;</td><tr>";
+	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set4\" value=\"4\"";
+	if($ga==4) echo " checked";
+	echo "><label for=\"set4\">&nbsp;$I[globalpass]</label></td><td>&nbsp;</td></tr>";
 	echo "<tr><td align=\"left\">&nbsp;<input type=\"radio\" name=\"set\" id=\"set0\" value=\"0\"";
 	if($ga==0) echo " checked";
 	echo "><label for=\"set0\">&nbsp;$I[guestdisallow]</label></td><td>&nbsp;</td></tr>";
 	echo '<tr><td>&nbsp;</td><td align="right">'.submit($I['change']).'</td></tr></table></form></td></tr></table></td></tr>';
 	thr();
+	if($ga==4){
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[globalloginpass]</b></td><td align=\"right\">";
+		echo frmadm('globalpass').'<table cellspacing="0"><tr><td>&nbsp;</td><td><input type="text" name="globalpass" value="'.get_setting('globalpass').'"></td>';
+		echo '<td>&nbsp;</td><td align="right">'.submit($I['apply']).'</td></tr></table></form></td></tr></table></td></tr>';
+		thr();
+	}
 	if($C['suguests']){
 		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[addsuguest]</b></td><td align=\"right\">";
 		echo frmadm('superguest')."<table cellspacing=\"0\"><tr><td>&nbsp;</td><td valign=\"bottom\"><select name=\"name\" size=\"1\"><option value=\"\">$I[choose]</option>";
@@ -618,10 +657,10 @@ function send_waiting_room(){
 		setcookie($C['cookiename'], false);
 		send_error($I['expire']);
 	}
-	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed` FROM `sessions` WHERE `session`=?');
+	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `sessions` WHERE `session`=?');
 	mysqli_stmt_bind_param($stmt, 's', $_REQUEST['session']);
 	mysqli_stmt_execute($stmt);
-	mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed']);
+	mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']);
 	if(mysqli_stmt_fetch($stmt)) add_user_defaults();
 	mysqli_stmt_close($stmt);
 	if(!isSet($U['session'])){
@@ -718,7 +757,7 @@ function send_post(){
 		}
 	}
 	echo '</select>';
-	if($U['status']>=5 || ($countmods==0 && $U['status']>=3)){
+	if($U['status']>=5 || ($C['memkick'] && $countmods==0 && $U['status']>=3)){
 		echo "<input type=\"checkbox\" name=\"kick\" id=\"kick\" value=\"kick\"><label for=\"kick\">&nbsp;$I[kick]</label>";
 		echo "<input type=\"checkbox\" name=\"what\" id=\"what\" value=\"purge\" checked><label for=\"what\">&nbsp;$I[alsopurge]</label>";
 	}
@@ -826,11 +865,20 @@ function send_profile($arg=''){
 	if($U['timestamps']) echo ' checked';
 	echo "></td><td><label for=\"timestamps\"><b>$I[timestamps]</b></label></td></tr></table></td></tr></table></td></tr>";
 	thr();
-	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[embed]</b></td><td align=\"right\"><table cellspacing=\"0\">";
+	if($C['imgembed'] || $C['vidembed']){
-	echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"embed\" id=\"embed\" value=\"on\"";
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[embed]</b></td><td align=\"right\"><table cellspacing=\"0\">";
-	if($U['embed']) echo ' checked';
+		echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"embed\" id=\"embed\" value=\"on\"";
-	echo "></td><td><label for=\"embed\"><b>$I[embed]</b></label></td></tr></table></td></tr></table></td></tr>";
+		if($U['embed']) echo ' checked';
-	thr();
+		echo "></td><td><label for=\"embed\"><b>$I[embed]</b></label></td></tr></table></td></tr></table></td></tr>";
+		thr();
+	}
+	if($U['status']>=5 && $C['incognito']){
+		echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[incognito]</b></td><td align=\"right\"><table cellspacing=\"0\">";
+		echo "<tr><td>&nbsp;</td><td><input type=\"checkbox\" name=\"incognito\" id=\"incognito\" value=\"on\"";
+		if($U['incognito']) echo ' checked';
+		echo "></td><td><label for=\"incognito\"><b>$I[incognito]</b></label></td></tr></table></td></tr></table></td></tr>";
+		thr();
+	}
 	echo "<tr><td><table cellspacing=\"0\" width=\"100%\"><tr><td align=\"left\"><b>$I[pbsize]</b></td><td align=\"right\"><table cellspacing=\"0\">";
 	echo "<tr><td>&nbsp;</td><td>$I[width]</td><td><input type=\"text\" name=\"boxwidth\" size=\"3\" maxlength=\"3\" value=\"$U[boxwidth]\"></td>";
 	echo "<td>&nbsp;</td><td>$I[height]</td><td><input type=\"text\" name=\"boxheight\" size=\"3\" maxlength=\"3\" value=\"$U[boxheight]\"></td>";
@@ -897,40 +945,23 @@ function send_colours(){
 }
 
 function send_login(){
-	global $C, $H, $I, $mysqli, $L;
+	global $C, $H, $I, $L;
 	setcookie('test', '1');
 	print_start();
 	echo "<center><h1>$C[chatname]</h1><$H[form] target=\"_parent\">".hidden('action', 'login');
-	if($C['enablecaptcha']){
-		$length=strlen($C['captchachars']);
-		$code='';
-		for($i=0;$i<5;$i++) {
-			$code .= $C['captchachars'][rand(0, $length-1)];
-		}
-		$randid=rand(0, 99999999);
-		$enc=base64_encode(openssl_encrypt("$code, $randid", 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
-		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `captcha` (`id`, `time`) VALUES (?, \''.time().'\')');
-		mysqli_stmt_bind_param($stmt, 'd', $randid);
-		mysqli_stmt_execute($stmt);
-		mysqli_stmt_close($stmt);
-		echo hidden('challenge', $enc);
-	}
 	echo "<table border=\"2\" width=\"1\" rules=\"none\"><tr><td align=\"left\">$I[nick]</td><td align=\"right\"><input type=\"text\" name=\"nick\" size=\"15\"></td></tr>";
 	echo "<tr><td align=\"left\">$I[pass]</td><td align=\"right\"><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
-	if($C['enablecaptcha']){
+	if($C['enablecaptcha']) send_captcha();
-		echo "<tr><td align=\"left\">$I[copy]";
-		echo send_captcha($code);
-		echo '</td><td align="right"><input type="text" name="captcha" size="15" autocomplete="off"></td></tr>';
-	}
 	if(get_setting('guestaccess')>0){
+		if(get_setting('guestaccess')==4) echo "<tr><td align=\"left\">$I[globalloginpass]</td><td align=\"right\"><input type=\"password\" name=\"globalpass\" size=\"15\"></td></tr>";
 		echo "<tr><td colspan=\"2\" align=\"center\">$I[choosecol]<br><select style=\"text-align:center;\" name=\"colour\"><option value=\"\">* $I[randomcol] *</option>";
 		print_colours();
 		echo '</select></td></tr>';
 	}else{
 		echo "<tr><td colspan=\"2\" align=\"center\">$I[noguests]</td></tr>";
 	}
-	$nowchatting=get_nowchatting();
+	echo '<tr><td colspan="2" align="center">'.submit($I['enter'])."</td></tr></table></form>";
-	echo '<tr><td colspan="2" align="center">'.submit($I['enter'])."</td></tr></table></form>$nowchatting";
+	get_nowchatting();
 	echo "<h2>$I[rules]</h2><b>".get_setting('rulestxt')."</b><br><br><p>$I[changelang]";
 	foreach($L as $lang=>$name){
 		echo " <a href=\"$_SERVER[SCRIPT_NAME]?lang=$lang\">$name</a>";
@@ -978,16 +1009,17 @@ function print_memberslist(){
 
 //  session management
 
-function create_session(){
+function create_session($setup){
 	global $U, $C, $I, $mysqli;
 	$U['nickname']=cleanup_nick($_REQUEST['nick']);
 	$U['passhash']=md5(sha1(md5($U['nickname'].$_REQUEST['pass'])));
-	$U['colour']=$_REQUEST['colour'];
+	if(isSet($_REQUEST['colour'])) $U['colour']=$_REQUEST['colour'];
+	else $U['colour']=$C['coltxt'];
 	$U['status']=1;
-	if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
 	check_member();
 	add_user_defaults();
-	if($C['enablecaptcha'] && ($U['status']==1 || !$C['dismemcaptcha'])){
+	if($setup) $U['incognito']=true;
+	if($C['enablecaptcha'] && ($U['status']==1 || (!$C['dismemcaptcha'] || $setup))){
 		$captcha=explode(',', openssl_decrypt(base64_decode($_REQUEST['challenge']), 'aes-128-cbc', $C['captchapass'], 0, '1234567890123456'));
 		if(current($captcha)!==$_REQUEST['captcha']) send_error($I['wrongcaptcha']);
 		$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `captcha` WHERE `id`=?');
@@ -1003,9 +1035,11 @@ function create_session(){
 		mysqli_stmt_close($stmt);
 	}
 	if($U['status']==1){
-		if(!allowed_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
+		if(!valid_nick($U['nickname'])) send_error(sprintf($I['invalnick'], $C['maxname']));
+		if(!valid_pass($_REQUEST['pass'])) send_error(sprintf($I['invalpass'], $C['minpass']));
 		$ga=get_setting('guestaccess');
 		if($ga==0) send_error($I['noguests']);
+		if($ga==4 && isSet($_REQUEST['globalpass']) && $_REQUEST['globalpass']!=get_setting('globalpass')) send_error($I['wrongpass']);
 	}
 	write_new_session();
 }
@@ -1035,14 +1069,14 @@ function write_new_session(){
 		do{
 			$U['session']=md5(time().rand().$U['nickname']);
 		}while(isSet($sids[$U['session']]));// check for hash collision
-		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `sessions`(`session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `sessions`(`session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `bgcolour`, `notesboxwidth`, `notesboxheight`, `entry`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-		mysqli_stmt_bind_param($stmt, 'sssddssdsdddssddddd', $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed']);
+		mysqli_stmt_bind_param($stmt, 'sssddssdsdddssdddddd', $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']);
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 		setcookie($C['cookiename'], $U['session']);
-		if($C['msglogin'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgenter'), $U['displayname']));
+		if($C['msglogin'] && $U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgenter'), $U['displayname']));
 	}elseif($inuse){
-		send_error($I['invalpass']);
+		send_error($I['wrongpass']);
 	}elseif($U['status']==0){
 		setcookie($C['cookiename'], false);
 		send_error("$I[kicked]<br>$U[kickmessage]");
@@ -1087,10 +1121,10 @@ function approve_session(){
 function check_login(){
 	global $mysqli, $C, $U, $I, $M;
 	if(isSet($_POST['session'])){
-		$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed` FROM `sessions` WHERE `session`=?');
+		$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `status`, `refresh`, `fontinfo`, `style`, `lastpost`, `passhash`, `postid`, `boxwidth`, `boxheight`, `useragent`, `kickmessage`, `bgcolour`, `notesboxheight`, `notesboxwidth`, `entry`, `timestamps`, `embed`, `incognito` FROM `sessions` WHERE `session`=?');
 		mysqli_stmt_bind_param($stmt, 's', $_POST['session']);
 		mysqli_stmt_execute($stmt);
-		mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed']);
+		mysqli_stmt_bind_result($stmt, $U['session'], $U['nickname'], $U['displayname'], $U['status'], $U['refresh'], $U['fontinfo'], $U['style'], $U['lastpost'], $U['passhash'], $U['postid'], $U['boxwidth'], $U['boxheight'], $U['useragent'], $U['kickmessage'], $U['bgcolour'], $U['notesboxheight'], $U['notesboxwidth'], $U['entry'], $U['timestamps'], $U['embed'], $U['incognito']);
 		if(mysqli_stmt_fetch($stmt)){
 			if($U['status']==0){
 				setcookie($C['cookiename'], false);
@@ -1105,7 +1139,7 @@ function check_login(){
 		}
 		mysqli_stmt_close($stmt);
 	}else{
-		create_session();
+		create_session(false);
 	}
 	if($U['status']==1){
 		$ga=get_setting('guestaccess');
@@ -1144,10 +1178,10 @@ function kill_session(){
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 	}
-	elseif($C['msglogout'] && $U['status']>=3) add_system_message(sprintf(get_setting('msgexit'), $U['displayname']));
+	elseif($C['msglogout'] && $U['status']>=3 && !$U['incognito']) add_system_message(sprintf(get_setting('msgexit'), $U['displayname']));
 }
 
-function kick_chatter($names, $mes){
+function kick_chatter($names, $mes, $purge){
 	global $C, $U, $P, $mysqli;
 	$lonick='';
 	$lines=parse_sessions();
@@ -1159,6 +1193,7 @@ function kick_chatter($names, $mes){
 				if(($temp['nickname']==$U['nickname'] && $U['nickname']==$name) || ($U['status']>$temp['status'] && (($temp['nickname']==$name && $temp['status']>0) || ($name=='&' && $temp['status']==1)))){
 					mysqli_stmt_bind_param($stmt, 'ss', $mes, $temp['session']);
 					mysqli_stmt_execute($stmt);
+					if($purge) del_all_messages($temp['nickname']);
 					$lonick.="$temp[displayname], ";
 					$i++;
 					unset($P[$name]);
@@ -1168,11 +1203,11 @@ function kick_chatter($names, $mes){
 	}
 	mysqli_stmt_close($stmt);
 	if($C['msgkick']){
-		if($names[0]=='&'){
+		if($lonick!==''){
-			add_system_message(get_setting('msgallkick'));
+			if($names[0]=='&'){
-		}else{
+				add_system_message(get_setting('msgallkick'));
-			$lonick=preg_replace('/\,\s$/','',$lonick);
+			}else{
-			if($lonick!==''){
+				$lonick=preg_replace('/\,\s$/','',$lonick);
 				if($i>1){
 					add_system_message(sprintf(get_setting('msgmultikick'), $lonick));
 				}else{
@@ -1181,6 +1216,8 @@ function kick_chatter($names, $mes){
 			}
 		}
 	}
+	if($lonick!=='') return true;
+	return false;
 }
 
 function logout_chatter($names){
@@ -1199,7 +1236,7 @@ function logout_chatter($names){
 					if($temp['status']==1){
 						mysqli_stmt_bind_param($stmt1, 's', $temp['nickname']);
 						mysqli_stmt_bind_param($stmt2, 's', $temp['nickname']);
-						mysqli_stmt_bind_param($stmt3, 's', $temp['nickname'], $temp['nickname']);
+						mysqli_stmt_bind_param($stmt3, 'ss', $temp['nickname'], $temp['nickname']);
 						mysqli_stmt_execute($stmt1);
 						mysqli_stmt_execute($stmt2);
 						mysqli_stmt_execute($stmt3);
@@ -1248,7 +1285,7 @@ function check_session(){
 function get_nowchatting(){
 	global $M, $G, $P, $I;
 	parse_sessions();
-	return sprintf($I['curchat'], count($P)).'<br>'.implode(' &nbsp; ', $M).' &nbsp; '.implode(' &nbsp; ', $G);
+	echo sprintf($I['curchat'], count($P)).'<br>'.implode(' &nbsp; ', $M).' &nbsp; '.implode(' &nbsp; ', $G);
 }
 
 function parse_sessions(){
@@ -1296,8 +1333,10 @@ function parse_sessions(){
 				$P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']];
 				$G[]=$temp['displayname'];
 			}elseif($temp['status']>2){
-				$P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']];
+				if(!$temp['incognito']){
-				$M[]=$temp['displayname'];
+					$P[$temp['nickname']]=[$temp['nickname'], $temp['status'], $temp['style']];
+					$M[]=$temp['displayname'];
+				}
 				if($temp['status']>=5) $countmods++;
 			}
 		}
@@ -1310,10 +1349,10 @@ function parse_sessions(){
 
 function check_member(){
 	global $U, $I, $mysqli;
-	$stmt=mysqli_prepare($mysqli, 'SELECT `nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `fontface`, `fonttags`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed` FROM `members` WHERE `nickname`=?');
+	$stmt=mysqli_prepare($mysqli, 'SELECT `nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `fontface`, `fonttags`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `lastlogin`, `timestamps`, `embed`, `incognito` FROM `members` WHERE `nickname`=?');
 	mysqli_stmt_bind_param($stmt, 's', $U['nickname']);
 	mysqli_stmt_execute($stmt);
-	mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['colour'], $temp['bgcolour'], $temp['fontface'], $temp['fonttags'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed']);
+	mysqli_stmt_bind_result($stmt, $temp['nickname'], $temp['passhash'], $temp['status'], $temp['refresh'], $temp['colour'], $temp['bgcolour'], $temp['fontface'], $temp['fonttags'], $temp['boxwidth'], $temp['boxheight'], $temp['notesboxwidth'], $temp['notesboxheight'], $temp['lastlogin'], $temp['timestamps'], $temp['embed'], $U['incognito']);
 	if(mysqli_stmt_fetch($stmt)){
 		mysqli_stmt_close($stmt);
 		if($temp['passhash']==$U['passhash']){
@@ -1323,7 +1362,7 @@ function check_member(){
 			mysqli_stmt_execute($stmt);
 			mysqli_stmt_close($stmt);
 		}else{
-			send_error($I['invalpass']);
+			send_error($I['wrongpass']);
 		}
 	}else{
 		mysqli_stmt_close($stmt);
@@ -1346,10 +1385,10 @@ function register_guest($status){
 	global $P, $U, $C, $I, $mysqli;
 	if($_REQUEST['name']=='') send_admin();
 	if(!isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name']));
-	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `passhash`, `refresh`, `fontinfo`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed` FROM `sessions` WHERE `nickname`=? AND `status`=\'1\'');
+	$stmt=mysqli_prepare($mysqli, 'SELECT `session`, `nickname`, `displayname`, `passhash`, `refresh`, `fontinfo`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito` FROM `sessions` WHERE `nickname`=? AND `status`=\'1\'');
 	mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']);
 	mysqli_stmt_execute($stmt);
-	mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['displayname'], $reg['passhash'], $reg['refresh'], $reg['fontinfo'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed']);
+	mysqli_stmt_bind_result($stmt, $reg['session'], $reg['nickname'], $reg['displayname'], $reg['passhash'], $reg['refresh'], $reg['fontinfo'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 	if(mysqli_stmt_fetch($stmt)){
 		mysqli_stmt_close($stmt);
 		$reg['status']=$status;
@@ -1370,8 +1409,8 @@ function register_guest($status){
 	if(mysqli_stmt_num_rows($stmt)>0) send_admin(sprintf($I['alreadyreged'], $_REQUEST['name']));
 	mysqli_stmt_free_result($stmt);
 	mysqli_stmt_close($stmt);
-	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-	mysqli_stmt_bind_param($stmt, 'ssddssddddsdd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $U['nickname'], $reg['timestamps'], $reg['embed']);
+	mysqli_stmt_bind_param($stmt, 'ssddssddddsddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $U['nickname'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
 	if($reg['status']==3) add_system_message(sprintf(get_setting('msgmemreg'), $reg['displayname']));
@@ -1384,6 +1423,7 @@ function register_new(){
 	if($_REQUEST['name']=='') send_admin();
 	if(isSet($P[$_REQUEST['name']])) send_admin(sprintf($I['cantreg'], $_REQUEST['name']));
 	if(!valid_nick($_REQUEST['name'])) send_admin(sprintf($I['invalnick'], $C['maxname']));
+	if(!valid_pass($_REQUEST['pass'])) send_admin(sprintf($I['invalpass'], $C['minpass']));
 	$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=?');
 	mysqli_stmt_bind_param($stmt, 's', $_REQUEST['name']);
 	mysqli_stmt_execute($stmt);
@@ -1404,10 +1444,11 @@ function register_new(){
 		'notesboxheight'=>$C['notesboxheight'],
 		'regedby'	=>$U['nickname'],
 		'timestamps'	=>$C['timestamps'],
-		'embed'		=>$C['embed']
+		'embed'		=>$C['embed'],
+		'incognito'	=>false
 	);
-	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+	$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members`(`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`,`notesboxwidth`, `notesboxheight`, `regedby`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-	mysqli_stmt_bind_param($stmt, 'ssddssddddsdd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed']);
+	mysqli_stmt_bind_param($stmt, 'ssddssddddsddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['regedby'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
 	send_admin(sprintf($I['successreg'], $reg['nickname']));
@@ -1478,6 +1519,8 @@ function amend_profile(){
 	else $U['timestamps']=false;
 	if(isSet($_REQUEST['embed'])) $U['embed']=true;
 	else $U['embed']=false;
+	if($U['status']>=5 && isSet($_REQUEST['incognito'])) $U['incognito']=true;
+	else $U['incognito']=false;
 	if($U['boxwidth']>=1000) $U['boxwidth']=40;
 	if($U['boxheight']>=1000) $U['boxheight']=3;
 	if($U['notesboxwidth']>=1000) $U['notesboxwidth']=80;
@@ -1500,13 +1543,13 @@ function save_profile(){
 	if($U['passhash']!==$U['oldhash']) send_profile($I['wrongpass']);
 	$U['passhash']=$U['newhash'];
 	amend_profile();
-	$stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `refresh`=?, `displayname`=?, `fontinfo`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=? WHERE `session`=?');
+	$stmt=mysqli_prepare($mysqli, 'UPDATE `sessions` SET `refresh`=?, `displayname`=?, `fontinfo`=?, `style`=?, `passhash`=?, `boxwidth`=?, `boxheight`=?, `bgcolour`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `session`=?');
-	mysqli_stmt_bind_param($stmt, 'dssssddsdddds', $U['refresh'], $U['displayname'], $U['fontinfo'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['session']);
+	mysqli_stmt_bind_param($stmt, 'dssssddsddddds', $U['refresh'], $U['displayname'], $U['fontinfo'], $U['style'], $U['passhash'], $U['boxwidth'], $U['boxheight'], $U['bgcolour'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['session']);
 	mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
 	if($U['status']>=2){
-		$stmt=mysqli_prepare($mysqli, 'UPDATE `members` SET `passhash`=?, `refresh`=?, `colour`=?, `bgcolour`=?, `fontface`=?, `fonttags`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=? WHERE `nickname`=?');
+		$stmt=mysqli_prepare($mysqli, 'UPDATE `members` SET `passhash`=?, `refresh`=?, `colour`=?, `bgcolour`=?, `fontface`=?, `fonttags`=?, `boxwidth`=?, `boxheight`=?, `notesboxwidth`=?, `notesboxheight`=?, `timestamps`=?, `embed`=?, `incognito`=? WHERE `nickname`=?');
-		mysqli_stmt_bind_param($stmt, 'sdssssdddddds', $U['passhash'], $U['refresh'], $U['colour'], $U['bgcolour'], $U['fontface'], $U['fonttags'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['nickname']);
+		mysqli_stmt_bind_param($stmt, 'sdssssddddddds', $U['passhash'], $U['refresh'], $U['colour'], $U['bgcolour'], $U['fontface'], $U['fonttags'], $U['boxwidth'], $U['boxheight'], $U['notesboxwidth'], $U['notesboxheight'], $U['timestamps'], $U['embed'], $U['incognito'], $U['nickname']);
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 	}
@@ -1553,6 +1596,7 @@ function add_user_defaults(){
 	if(!isSet($U['notesboxheight'])) $U['notesboxheight']=30;
 	if(!isSet($U['timestamps'])) $U['timestamps']=$C['timestamps'];
 	if(!isSet($U['embed'])) $U['embed']=$C['embed'];
+	if(!isSet($U['incognito'])) $U['incognito']=false;
 	if(!isSet($U['lastpost'])) $U['lastpost']=time();
 	if(!isSet($U['entry'])) $U['entry']=0;
 	if(!isSet($U['postid'])) $U['postid']='OOOOOO';
@@ -1645,7 +1689,7 @@ function apply_filter($pm){
 			if(!$pm) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count);
 			elseif(!$filter['allowinpm']) $U['message']=preg_replace("/$filter[match]/i", $filter['replace'], $U['message'], -1, $count);
 			if($count>0 && $filter['kick']){
-				kick_chatter(array($U['nickname']), '');
+				kick_chatter(array($U['nickname']), '', false);
 				send_error("$I[kicked]");
 			}
 		}
@@ -1806,26 +1850,25 @@ function print_messages($delstatus=''){
 // this and that
 
 function valid_admin(){
-	global $mysqli;
+	global $U;
-	if(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){
+	if(isSet($_REQUEST['session'])){
-		$stmt=mysqli_prepare($mysqli, 'SELECT * FROM `members` WHERE `nickname`=? AND `passhash`=? AND `status`>=\'7\'');
+		check_session();
-		mysqli_stmt_bind_param($stmt, 'ss', $_REQUEST['nick'], $pass=md5(sha1(md5($_REQUEST['nick'].$_REQUEST['pass']))));
-		mysqli_stmt_execute($stmt);
-		mysqli_stmt_store_result($stmt);
-		if(mysqli_stmt_num_rows($stmt)>0) return true;
-		mysqli_stmt_free_result($stmt);
-		mysqli_stmt_close($stmt);
 	}
-	return false;
+	elseif(isSet($_REQUEST['nick']) && isSet($_REQUEST['pass'])){
+		create_session(true);
+	}
+	if(isSet($U['status']) && $U['status']>=7) return true;
+	else return false;
 }
 
 function valid_nick($nick){
-	return preg_match('/^[a-z0-9]*$/i', $nick);
+	global $C;
+	return preg_match("/^[a-z0-9]{1,$C[maxname]}$/i", $nick);
 }
 
-function allowed_nick($nick){
+function valid_pass($pass){
 	global $C;
-	return preg_match("/^.{1,$C[maxname]}$/", $nick);
+	return preg_match('/^.{'.$C['minpass'].',}$/', $pass);
 }
 
 function cleanup_nick($nick){
@@ -1946,18 +1989,20 @@ function init_chat(){
 		if(mysqli_num_rows($result)>0){
 			$suwrite=$I['initsuexist'];
 		}
-	}elseif(!valid_nick($_REQUEST['sunick']) || $_REQUEST['sunick']==''){
+	}elseif(!valid_nick($_REQUEST['sunick'])){
 		$suwrite=sprintf($I['invalnick'], $C['maxname']);
+	}elseif(!valid_pass($_REQUEST['supass'])){
+		$suwrite=sprintf($I['invalpass'], $C['minpass']);
 	}elseif($_REQUEST['supass']!==$_REQUEST['supassc']){
 		$suwrite=$I['noconfirm'];
 	}else{
 		mysqli_multi_query($mysqli, 	'CREATE TABLE IF NOT EXISTS `captcha` (`id` int(10) unsigned NOT NULL, `time` int(10) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `filter` (`id` tinyint(3) unsigned NOT NULL, `match` tinytext NOT NULL, `replace` text NOT NULL, `allowinpm` tinyint(1) unsigned NOT NULL, `regex` tinyint(1) unsigned NOT NULL, `kick` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `ignored` (`id` int(10) unsigned NOT NULL, `ignored` tinytext NOT NULL, `by` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
-						'CREATE TABLE IF NOT EXISTS `members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `colour` tinytext NOT NULL, `bgcolour` tinytext NOT NULL, `fontface` tinytext NOT NULL, `fonttags` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
+						'CREATE TABLE IF NOT EXISTS `members` (`id` tinyint(3) unsigned NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `passhash` tinytext NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `colour` tinytext NOT NULL, `bgcolour` tinytext NOT NULL, `fontface` tinytext NOT NULL, `fonttags` tinytext NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `regedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `lastlogin` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `messages` (`id` int(10) unsigned NOT NULL, `postdate` int(10) unsigned NOT NULL, `postid` int(10) unsigned NOT NULL, `poststatus` tinyint(3) unsigned NOT NULL, `poster` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `recipient` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL, `delstatus` tinyint(3) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `notes` (`id` int(10) unsigned NOT NULL, `type` tinytext NOT NULL, `lastedited` int(10) unsigned NOT NULL, `editedby` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `text` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
-						'CREATE TABLE IF NOT EXISTS `sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `displayname` text NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `fontinfo` tinytext NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
+						'CREATE TABLE IF NOT EXISTS `sessions` (`id` int(10) unsigned NOT NULL, `session` tinytext NOT NULL, `nickname` tinytext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, `displayname` text NOT NULL, `status` tinyint(3) unsigned NOT NULL, `refresh` tinyint(3) unsigned NOT NULL, `fontinfo` tinytext NOT NULL, `style` text NOT NULL, `lastpost` int(10) unsigned NOT NULL, `passhash` tinytext NOT NULL, `postid` int(10) unsigned NOT NULL, `boxwidth` tinyint(3) unsigned NOT NULL, `boxheight` tinyint(3) unsigned NOT NULL, `useragent` text NOT NULL, `kickmessage` text NOT NULL, `bgcolour` tinytext NOT NULL, `notesboxheight` tinyint(3) unsigned NOT NULL, `notesboxwidth` tinyint(3) unsigned NOT NULL, `entry` int(10) unsigned NOT NULL, `timestamps` tinyint(1) unsigned NOT NULL, `embed` tinyint(1) unsigned NOT NULL, `incognito` tinyint(1) unsigned NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'CREATE TABLE IF NOT EXISTS `settings` (`id` tinyint(3) unsigned NOT NULL, `setting` tinytext NOT NULL, `value` tinytext NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8; '.
 						'ALTER TABLE `captcha` ADD UNIQUE KEY `id` (`id`); '.
 						'ALTER TABLE `filter` ADD PRIMARY KEY (`id`); '.
@@ -1975,6 +2020,8 @@ function init_chat(){
 						'ALTER TABLE `sessions` MODIFY `id` int(10) unsigned NOT NULL AUTO_INCREMENT; '.
 						'ALTER TABLE `settings` MODIFY `id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT; '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'guestaccess\',\'0\'); '.
+						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'globalpass\',\'\'); '.
+						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'rulestxt\', \'1. YOUR_RULS<br>2. YOUR_RULES\'); '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgenter\',\'%s entered the chat.\'); '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgexit\',\'%s left the chat.\'); '.
 						'INSERT INTO `settings` (`setting`,`value`) VALUES (\'msgmemreg\',\'%s is now a registered member.\'); '.
@@ -1997,17 +2044,18 @@ function init_chat(){
 			'notesboxwidth'	=>$C['notesboxwidth'],
 			'notesboxheight'=>$C['notesboxheight'],
 			'timestamps'	=>$C['timestamps'],
-			'embed'		=>$C['embed']
+			'embed'		=>$C['embed'],
+			'incognito'	=>false
 		);
-		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+		$stmt=mysqli_prepare($mysqli, 'INSERT INTO `members` (`nickname`, `passhash`, `status`, `refresh`, `colour`, `bgcolour`, `boxwidth`, `boxheight`, `notesboxwidth`, `notesboxheight`, `timestamps`, `embed`, `incognito`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
-		mysqli_stmt_bind_param($stmt, 'ssddssdddddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed']);
+		mysqli_stmt_bind_param($stmt, 'ssddssddddddd', $reg['nickname'], $reg['passhash'], $reg['status'], $reg['refresh'], $reg['colour'], $reg['bgcolour'], $reg['boxwidth'], $reg['boxheight'], $reg['notesboxwidth'], $reg['notesboxheight'], $reg['timestamps'], $reg['embed'], $reg['incognito']);
 		mysqli_stmt_execute($stmt);
 		mysqli_stmt_close($stmt);
 		$suwrite=$I['susuccess'];
 	}
 	print_start();
 	echo "<center><h2>$I[init]</h2><br><h3>$I[sulogin]</h3>$suwrite<br><br><br>";
-	echo "<$H[form]>".hidden('action', 'setup').hidden('nick', $_REQUEST['sunick']).hidden('pass', $_REQUEST['supass']).submit($I['initgosetup']).'</form>';
+	echo "<$H[form]>".hidden('action', 'setup').submit($I['initgosetup']).'</form>';
 	print_credits();
 	print_end();
 }
@@ -2024,6 +2072,13 @@ function update_db(){
 		if($dbversion<3){
 			mysqli_query($mysqli, 'INSERT INTO `settings` (`setting`, `value`) VALUES (\'rulestxt\', \'1. YOUR_RULS<br>2. YOUR_RULES\')');
 		}
+		if($dbversion<4){
+			mysqli_query($mysqli, 'ALTER TABLE `members` ADD `incognito` TINYINT(1) UNSIGNED NOT NULL');
+			mysqli_query($mysqli, 'ALTER TABLE `sessions` ADD `incognito` TINYINT(1) UNSIGNED NOT NULL');
+		}
+		if($dbversion<5){
+			mysqli_query($mysqli, 'INSERT INTO `settings` (`setting`, `value`) VALUES (\'globalpass\', \'\')');
+		}
 		update_setting('dbversion', $C['dbversion']);
 		send_update();
 	}
@@ -2126,8 +2181,8 @@ function load_lang(){
 function load_config(){
 	global $C;
 	$C=array(
-		'version'	=>'1.2', // Script version
+		'version'	=>'1.6', // Script version
-		'dbversion'	=>3, // Database version
+		'dbversion'	=>5, // Database version
 		'showcredits'	=>false, // Allow showing credits
 		'colbg'		=>'000000', // Background colour
 		'coltxt'	=>'FFFFFF', // Default text colour
@@ -2146,6 +2201,7 @@ function load_config(){
 		'defaultrefresh'=>30, // Seconds to refresh the messages
 		'maxmessage'	=>2000, // Longest number of characters for a message
 		'maxname'	=>20, // Longest number of chatacters for a name
+		'minpass'	=>5, // Shortest number of chatacters for a password
 		'boxwidth'	=>40, // Default post box width
 		'boxheight'	=>3, // Default post box height
 		'notesboxwidth'	=>80, // Default notes box width
@@ -2160,13 +2216,15 @@ function load_config(){
 		'dismemcaptcha'	=>false, // Disable captcha for members? ture/false
 		'embed'		=>true, // Default for displaying embedded imgs/vids or turn them into links true/false
 		'imgembed'	=>true, // Allow image embedding in chat using [img] tag? ture/false Warning: this might leak session data to the image hoster when cookies are disabled.
-		'vidembed'	=>true, // Allow video embedding in chat using [vid] tag? ture/false Warning: this might leak session data to the video hoster when cookies are disabled.
+		'vidembed'	=>false, // Allow video embedding in chat using [vid] tag? ture/false Warning: this might leak session data to the video hoster when cookies are disabled.
 		'suguests'	=>false, // Adds option to add applicants. They will have a reserved nick protected with a password, but don't count as member true/false
 		'timestamps'	=>true, // Display timestamps in front of the messages by default true/false
+		'incognito'	=>true, // Allow mods and admins to be invisable true/false
 		'forceredirect'	=>false, // Force redirect script or only use when no cookies available? ture/false
 		'msglogout'	=>false, // Add a message on member logout
 		'msglogin'	=>true, // Add a message on member login
 		'msgkick'	=>true, // Add a message when kicking someone
+		'memkick'	=>true, // Let a member kick guests if no mod is present
 		'sendmail'	=>false, // Send mail on new message - only activate on low traffic chat or your inbox will fill up very fast!
 		'mailsender'	=>'www-data <www-data@localhost>', // Send mail using this e-Mail address
 		'mailreceiver'	=>'Webmaster <webmaster@localhost>', // Send mail to this e-Mail address

lang_de.php

@@ -25,7 +25,7 @@ $I=array(
 	'expire' => 'Ungültige/abgelaufene Sitzung',
 	'kicked' => 'Rausgeschmissen!',
 	'invalnick' => 'Ungültiger Nickname (Maximal %d Zeichen, keine Sonderzeichen erlaubt)',
-	'invalpass' => 'Falsches Passwort!',
+	'invalpass' => 'Ungültiges Passwort (Mindestens %d Zeichen)',
 	'noconfirm' => 'Passwordbestätigung stimmt nicht überein!',
 	'incorregex' => 'Ungültiger regulärer Ausdruck!',
 	'bottom' => 'Unten',
@@ -54,6 +54,7 @@ $I=array(
 	'msgclean' => 'Raum geleert',
 	'nick' => 'Nickname:',
 	'pass' => 'Passwort:',
+	'globalloginpass' => 'Globales Passwort:',
 	'login' => 'Anmelden',
 	'admfunc' => 'Administrative Funktionen',
 	'allguests' => 'Alle Gäste',
@@ -74,6 +75,7 @@ $I=array(
 	'guestallow' => 'Erlauben',
 	'guestwait' => 'Mit Warteraum erlauben',
 	'adminallow' => 'Moderator-Erlaubnis benötigen',
+	'globalpass' => 'Globales Passwort',
 	'guestdisallow' => 'Verweigern',
 	'addsuguest' => 'Anwerber hinzufügen',
 	'register' => 'Registrieren',
@@ -143,6 +145,7 @@ $I=array(
 	'fontexample' => 'Beispiel für deine gewählte Schrift',
 	'timestamps' => 'Zeitstempel anzeigen',
 	'embed' => 'Bilder/Videos einbetten',
+	'incognito' => 'Inkognito Modus',
 	'pbsize' => 'Postboxgröße',
 	'nbsize' => 'Notizboxgröße',
 	'width' => 'Breite:',
@@ -189,7 +192,7 @@ $I=array(
 	'cantchgstat' => 'Der Status von %s kann nicht geändert werden.',
 	'succdel' => '%s wurde erfolgriech aus der Datenbank gelöscht.',
 	'succchg' => 'Status of %s successfully changed.',
-	'wrongpass' => 'Passwort ist falsch.',
+	'wrongpass' => 'Falsches Passwort!',
 	'succprofile' => 'Dein Profil wurde erfolgreich gespeichert.',
 	'backtologin' => 'Zurück zur Anmeldeseite.',
 	'backtochat' => 'Zurück zum Chat.',

lang_en.php

@@ -26,7 +26,7 @@ $I=array(
 	'expire' => 'Invalid/expired session',
 	'kicked' => 'Kicked!',
 	'invalnick' => 'Invalid nickname (%d characters maximum, no special characters allowed)',
-	'invalpass' => 'Invalid password!',
+	'invalpass' => 'Invalid password (At least %d characters)',
 	'noconfirm' => 'Password confirmation does not match!',
 	'incorregex' => 'Incorrect regular expression!',
 	'bottom' => 'Bottom',
@@ -45,6 +45,7 @@ $I=array(
 	'initgosetup' => 'Go to the Setup-Page',
 	'nick' => 'Nickname:',
 	'pass' => 'Password:',
+	'globalloginpass' => 'Global Password:',
 	'login' => 'Login',
 	'dbupdate' => 'Database successfully updated!',
 	'sysmessages' => 'System messages',
@@ -75,6 +76,7 @@ $I=array(
 	'guestallow' => 'Allow',
 	'guestwait' => 'Allow with waitingroom',
 	'adminallow' => 'Require moderator approval',
+	'globalpass' => 'Global Password',
 	'guestdisallow' => 'Disallow',
 	'addsuguest' => 'Add applicant',
 	'register' => 'Register',
@@ -144,6 +146,7 @@ $I=array(
 	'fontexample' => 'Example for your chosen font',
 	'timestamps' => 'Show Timestamps',
 	'embed' => 'Embed images/videos',
+	'incognito' => 'Incognito mode',
 	'pbsize' => 'Post box size',
 	'nbsize' => 'Notes box size',
 	'width' => 'Width:',
@@ -190,7 +193,7 @@ $I=array(
 	'cantchgstat' => 'Can\'t change status of %s',
 	'succdel' => '%s successfully deleted from database.',
 	'succchg' => 'Status of %s successfully changed.',
-	'wrongpass' => 'Password is wrong.',
+	'wrongpass' => 'Wrong Password!',
 	'succprofile' => 'Your profile has successfully been saved.',
 	'backtologin' => 'Back to the login page.',
 	'backtochat' => 'Back to the chat.',