diff --git a/admin.php b/admin.php
index a5fcabe..74def0a 100644
--- a/admin.php
+++ b/admin.php
@@ -19,9 +19,6 @@
 */
 
 header('Content-Type: text/html; charset=UTF-8');
-header('Pragma: no-cache');
-header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
-header('Expires: 0');
 if($_SERVER['REQUEST_METHOD']==='HEAD'){
 	exit; // headers sent, no further processing needed
 }
@@ -38,7 +35,7 @@ echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
 echo '<meta name=viewport content="width=device-width, initial-scale=1">';
 echo '<style type="text/css">.red{color:red;} .green{color:green;}</style>';
 echo '</head><body>';
-echo "<h2>$I[admintitle]</h2>";
+echo "<h1>$I[admintitle]</h1>";
 print_langs();
 
 //check password
@@ -74,7 +71,7 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 	if(!empty($_REQUEST['desc'])){
 		echo htmlspecialchars(trim($_REQUEST['desc']));
 	}elseif(isSet($_REQUEST['addr'])){
-		if(preg_match('~(^(https?://)?([a-z2-7]{16})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+		if(preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
 			$addr=strtolower($addr[3]);
 			$md5=md5($addr, true);
 			$stmt=$db->prepare('SELECT description, category FROM ' . PREFIX . 'onions WHERE md5sum=?;');
@@ -118,7 +115,7 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 	echo '</form><br>';
 
 	if(!empty($_POST['addr'])){
-		if(!preg_match('~(^(https?://)?([a-z2-7]{16})(\.onion(/.*)?)?$)~i', trim($_POST['addr']), $addr)){
+		if(!preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_POST['addr']), $addr)){
 			echo "<p class=\"red\">$I[invalonion]</p>";
 		}else{
 			$addr=strtolower($addr[3]);
@@ -163,7 +160,7 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 					$desc=preg_replace("/(\r?\n|\r\n?)/", '<br>', $desc);
 				}
 				if(!$stmt->fetch(PDO::FETCH_ASSOC)){ //not yet there, add it
-					$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded) VALUES (?, ?, ?, ?, ?);');
+					$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked) VALUES (?, ?, ?, ?, ?, 1);');
 					$stmt->execute([$addr, $desc, $md5, $category, time()]);
 					echo "<p class=\"green\">$I[succadd]</p>";
 				}elseif($desc!=''){ //update description+category
@@ -171,14 +168,14 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 					$stmt->execute([$desc, $category, $md5]);
 					echo "<p class=\"green\">$I[succupddesc]</p>";
 				}elseif($category!=0){ //only update category
-					$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=? WHERE md5sum=?;');
+					$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=?, locked=1 WHERE md5sum=?;');
 					$stmt->execute([$category, $md5]);
 					echo "<p class=\"green\">$I[succupdcat]!</p>";
 				}else{ //no description or category change and already known
 					echo "<p class=\"green\">$I[alreadyknown]</p>";
 				}
 			}elseif($_POST['action']===$I['phishing']){//mark as phishing clone
-				if($_POST['original']!=='' && !preg_match('~(^(https?://)?([a-z2-7]{16})(\.onion(/.*)?)?$)~i', $_POST['original'], $orig)){
+				if($_POST['original']!=='' && !preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST['original'], $orig)){
 					echo "<p class=\"red\">$I[invalonion]</p>";
 				}else{
 					if(isset($orig[3])){
@@ -189,6 +186,8 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 					if($orig!==$addr){
 						$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);');
 						$stmt->execute([$addr, $orig]);
+						$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE address=?;');
+						$stmt->execute([$addr]);
 						echo "<p class=\"green\">$I[succaddphish]</p>";
 					}else{
 						echo "<p class=\"red\">$I[samephish]</p>";
@@ -206,4 +205,3 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 }
 echo '<br><p style="text-align:center;font-size:small;"><a target="_blank" href="https://github.com/DanWin/onion-link-list">Onion Link List - ' . VERSION . '</a></p>';
 echo '</body></html>';
-?>
diff --git a/background_tests.php b/background_tests.php
index c6d6273..591ba90 100644
--- a/background_tests.php
+++ b/background_tests.php
@@ -77,4 +77,3 @@ foreach($offline as $tmp){
 //	$error_stmt->execute($tmp);
 //}
 $db->commit();
-?>
diff --git a/common_config.php b/common_config.php
index a0bfac8..ba5eafa 100644
--- a/common_config.php
+++ b/common_config.php
@@ -30,13 +30,13 @@ define('PROXY', '127.0.0.1:9050'); // Socks5 Proxy to connect to (Tor)
 define('USERAGENT', 'Daniels Online-Test http://tt3j2x4k5ycaa5zt.onion/test.php'); // User-Agent to use when testing a site
 define('LANG', 'en'); // Default language
 define('PROMOTEPRICE', 0.025); // Price to promote a site for PROMOTETIME long
-define('PROMOTETIME', 864000); // Time (in seconds) to promote a site payed with PROMOTEPRICE - 864000 equals 10 days
+define('PROMOTETIME', 2592000); // Time (in seconds) to promote a site payed with PROMOTEPRICE - 864000 equals 10 days
 define('PER_PAGE', 50); // Sites listed per page
 define('VERSION', '1'); // Script version
-define('DBVERSION', 2); // Database layout version
+define('DBVERSION', 3); // Database layout version
 //Categories - new links will always be put into the first one, leave it to Unsorted
 //once configured, only add new categories at the end or you have to manually adjust the database.
-$categories=['Unsorted', 'Adult/Porn', 'Communication/Social', 'Cryptocurrencies', 'Empty/Error/Unknown', 'Forums', 'Hacking', 'Hosting', 'Libraries/Wikis', 'Link Lists', 'Market/Shop/Store', 'Other', 'Personal Sites/Blogs', 'Scam', 'Security/Privacy', 'Whistleblowing'];
+$categories=['Unsorted', 'Adult/Porn', 'Communication/Social', 'Forums', 'Hacking/Programming/Software', 'Hosting', 'Libraries/Wikis', 'Link Lists', 'Market/Shop/Store', 'Other', 'Personal Sites/Blogs', 'Security/Privacy/Encryption', 'Whistleblowing', 'Empty/Error/Unknown', 'Cryptocurrencies', 'Scams', 'Fun/Joke', 'Search', 'Autodetected scam (unchecked)'];
 
 
 // Language selection
@@ -55,9 +55,9 @@ if(isSet($_REQUEST['lang']) && isSet($L[$_REQUEST['lang']])){
 }else{
 	$language=LANG;
 }
-include_once('lang_en.php'); //always include English
+require_once('lang_en.php'); //always include English
 if($language!=='en'){
-	include_once("lang_$language.php"); //replace with translation if available
+	require_once("lang_$language.php"); //replace with translation if available
 	foreach($T as $name=>$translation){
 		$I[$name]=$translation;
 	}
@@ -66,9 +66,14 @@ if($language!=='en'){
 function print_langs(){
 	global $I, $L;
 	echo "<small>$I[language]: ";
+	$query=preg_replace('/(&?lang=[a-z_\-]*)/i', '', $_SERVER['QUERY_STRING']);
 	foreach($L as $code=>$name){
-		echo " <a href=\"?lang=$code\">$name</a>";
+		if($query===''){
+			$uri="?lang=$code";
+		}else{
+			$uri='?'.htmlspecialchars($query)."&amp;lang=$code";
+		}
+		echo " <a href=\"$uri\">$name</a>";
 	}
 	echo '</small>';
 }
-?>
diff --git a/lang_de.php b/lang_de.php
index d4e799e..e3418e8 100644
--- a/lang_de.php
+++ b/lang_de.php
@@ -17,8 +17,6 @@
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-
-//Native language name: Deutsch
 $T=[
 	'all'		=>	'Alle',
 	'lastadded'	=>	'Zuletzt hinzugefügt',
@@ -86,12 +84,5 @@ $T=[
 	'unknown'	=>	'Unbekannt',
 	'language'	=>	'Sprache',
 	'format'	=>	'Format',
-	'pdo_mysqlextrequired' => 'Die pdo_mysql Erweiterung von PHP wird benötigt. Bitte installieren Sie diese zuerst.',
-	'pcreextrequired' =>	'Die pcre Erweiterung von PHP wird benötigt. Bitte installieren Sie diese zuerst.',
-	'jsonextrequired' =>	'Die json Erweiterung von PHP wird benötigt. Bitte installieren Sie diese zuerst.',
-	'curlextrequired' =>	'Die curl Erweiterung von PHP wird benötigt. Bitte installieren Sie diese zuerst.',
-	'dateextrequired' =>	'Die date Erweiterung von PHP wird benötigt. Bitte installieren Sie diese zuerst.',
-	'succdbcreate'	=>	'Die Datenbank wurde erfolgreich erstellt!',
-	'statusok'	=>	'Status: OK',
+	'hidelocked'	=>	'Gesperrte nicht anzeigen',
 ];
-?>
diff --git a/lang_en.php b/lang_en.php
index 55d48f3..fff0872 100644
--- a/lang_en.php
+++ b/lang_en.php
@@ -17,7 +17,6 @@
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-
 $I=[
 	'all'		=>	'All',
 	'lastadded'	=>	'Last added',
@@ -85,12 +84,5 @@ $I=[
 	'unknown'	=>	'Unknown',
 	'language'	=>	'Language',
 	'format'	=>	'Format',
-	'pdo_mysqlextrequired' => 'The pdo_mysql extension of PHP is required. Please install it first.',
-	'pcreextrequired' => 'The pcre extension of PHP is required. Please install it first.',
-	'jsonextrequired' => 'The json extension of PHP is required. Please install it first.',
-	'curlextrequired' => 'The curl extension of PHP is required. Please install it first.',
-	'dateextrequired' => 'The date extension of PHP is required. Please install it first.',
-	'succdbcreate'	=>	'The database has successfully been created!',
-	'statusok'	=>	'Status: OK',
+	'hidelocked'	=>	'Hide locked',
 ];
-?>
diff --git a/lang_update.php b/lang_update.php
index 9c3fada..400ee84 100644
--- a/lang_update.php
+++ b/lang_update.php
@@ -39,7 +39,6 @@ foreach($T as $id=>$value){
 foreach($I as $id=>$value){
 	echo "\t'$id' => '".str_replace("'", "\'", $value)."',\n";
 }
-echo "];\n?>\n";
+echo "];\n";
 $file=ob_get_clean();
 file_put_contents("lang_$code.php", $file);
-?>
diff --git a/onions.php b/onions.php
index b024a48..59b2e41 100644
--- a/onions.php
+++ b/onions.php
@@ -44,7 +44,7 @@ function send_html(){
 	asort($categories);
 	//sql for special categories
 	$special=[
-		$I['all']=>"address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800',
+		$I['all']=>"address!='' AND category!=15 AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800',
 		$I['lastadded']=>"address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing)',
 		$I['offline']=>"address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff>604800'
 	];
@@ -61,10 +61,11 @@ function send_html(){
 	echo '<!DOCTYPE html><html><head>';
 	echo "<title>$I[title]</title>";
 	echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
-	echo '<meta name=viewport content="width=device-width, initial-scale=1">';
-	echo '<style type="text/css">.red{color:red;} .green{color:green;} .up td+td+td{background-color:#aaff88;} .down td+td+td{background-color:#ff4444;} .promo{outline:medium solid #FFD700;} .list{display: inline-block; padding: 0px; margin: 0px;} .list li{display:inline;} .active{font-weight:bold;} .down td+td+td+td+td,.up td+td+td+td+td{background-color:unset;}</style>';
+	echo '<meta name="author" content="Daniel Winzen">';
+	echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
+	echo '<style type="text/css">.red{color:red;} .green{color:green;} .up td+td+td{background-color:#aaff88;} .down td+td+td{background-color:#ff4444;} .promo{outline:medium solid #FFD700;} .list{display: inline-block; padding: 0px; margin: 0px;} .list li{display:inline;} .active{font-weight:bold;} .down td+td+td+td+td,.up td+td+td+td+td{background-color:unset;} #maintable td+td{word-break:break-all;} #maintable td+td+td{word-break:unset;}</style>';
 	echo '</head><body>';
-	echo "<h2>$I[title]</h2>";
+	echo "<h1>$I[title]</h1>";
 	print_langs();
 	echo "<br><small>$I[format]: <a href=\"?format=text\">Text</a> <a href=\"?format=json\">JSON</a></small>";
 	if(!isSet($db)){
@@ -72,6 +73,7 @@ function send_html(){
 		echo '</body></html>';
 		exit;
 	}
+	echo '<p>I\'m not responsible for any content of websites linked here. Be careful and use your brain.</p>';
 	//update onions description form
 	echo "<table><tr valign=\"top\"><td><form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
 	echo "<input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\">";
@@ -85,7 +87,7 @@ function send_html(){
 	if(!empty($_REQUEST['desc'])){//use posted description
 		echo htmlspecialchars(trim($_REQUEST['desc']));
 	}elseif(!empty($_REQUEST['addr'])){//fetch description from database
-		if(preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+		if(preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
 			$addr=strtolower($addr[4]);
 			$md5=md5($addr, true);
 			$stmt=$db->prepare('SELECT description, category FROM ' . PREFIX . 'onions WHERE md5sum=?;');
@@ -113,6 +115,7 @@ function send_html(){
 		echo ">$name</option>";
 	}
 	echo '</select></p>';
+	send_captcha();
 	echo "<input type=\"submit\" name=\"action\" value=\"$I[update]\"></form></td>";
 	//search from
 	echo "<td><form action=\"$_SERVER[SCRIPT_NAME]\" method=\"post\">";
@@ -122,7 +125,26 @@ function send_html(){
 	if(isSet($_REQUEST['q'])){
 		echo htmlspecialchars($_REQUEST['q']);
 	}
-	echo '" required></p>';
+	echo '"></p>';
+	echo "<p>$I[category]: <select name=\"cat\">";
+	echo '<option value="'.count($categories).'"';
+	if($category>=count($categories)){
+		echo ' selected';
+	}
+	echo ">$I[all]</option>";
+	foreach($categories as $cat=>$name){
+		echo "<option value=\"$cat\"";
+		if($category==$cat){
+			echo ' selected';
+		}
+		echo ">$name</option>";
+	}
+	echo '</select></p>';
+	echo '<p><label><input type="checkbox" name="hidelocked" value="1"';
+	if(isset($_REQUEST['hidelocked'])){
+		echo ' checked';
+	}
+	echo ">$I[hidelocked]</label></p>";
 	echo "<input type=\"submit\" name=\"action\" value=\"$I[search]\"></form></td>";
 	echo '</tr></table><br>';
 	//List special categories
@@ -166,10 +188,27 @@ function send_html(){
 	}
 	echo '</ul><br><br>';
 	if($_SERVER['REQUEST_METHOD']==='POST' && !empty($_REQUEST['addr'])){
-		if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+		if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
 			echo "<p class=\"red\">$I[invalonion]</p>";
 			echo "<p>$I[valid]: http://tt3j2x4k5ycaa5zt.onion</p>";
 		}else{
+			if(!isset($_REQUEST['challenge'])){
+				send_error('Error: Wrong Captcha');
+			}
+			$stmt=$db->prepare('SELECT code FROM ' . PREFIX . 'captcha WHERE id=?;');
+			$stmt->execute([$_REQUEST['challenge']]);
+			$stmt->bindColumn(1, $code);
+			if(!$stmt->fetch(PDO::FETCH_BOUND)){
+				send_error('Error: Captcha expired');
+			}
+			$time=time();
+			$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'captcha WHERE id=? OR time<?;');
+			$stmt->execute([$_REQUEST['challenge'], $time-3600]);
+			if($_REQUEST['captcha']!==$code){
+				if(strrev($_REQUEST['captcha'])!==$code){
+					send_error('Error: Wrong captcha');
+				}
+			}
 			$addr=strtolower($addr[4]);
 			$md5=md5($addr, true);
 			$stmt=$db->prepare('SELECT locked FROM ' . PREFIX . 'onions WHERE md5sum=?;');
@@ -204,17 +243,27 @@ function send_html(){
 			}
 		}
 	}
-	if($pages>1 && empty($_REQUEST['q'])){
+	if($pages>1 && !isset($_REQUEST['q'])){
 		$pagination=get_pagination($category, $pages);
 		echo $pagination;
 	}else{
 		$pagination='';
 	}
-	if(!empty($_REQUEST['q'])){//run search query
-		$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 AND (description LIKE ? OR address LIKE ?) ORDER BY address;');
+	if(isset($_REQUEST['q'])){//run search query
 		$query=htmlspecialchars($_REQUEST['q']);
 		$query="%$query%";
-		$stmt->execute([$query, $query]);
+		if(isset($_REQUEST['hidelocked'])){
+			$hidelocked='AND locked=0';
+		}else{
+			$hidelocked='';
+		}
+		if($category>=count($categories)){
+			$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
+			$stmt->execute([$query, $query]);
+		}else{
+			$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
+			$stmt->execute([$category, $query, $query]);
+		}
 		$table=get_table($stmt, $numrows);
 		printf("<p><b>$I[searchresult]</b></p>", $_REQUEST['q'], $numrows);
 		echo $table;
@@ -232,7 +281,7 @@ function send_html(){
 			$query.=' ORDER BY address';
 			if($_REQUEST['pg']>0){
 				$offset=PER_PAGE*($_REQUEST['pg']-1);
-				$query.=' LIMIT ' . PER_PAGE . " OFFSET $offset";
+				$query.=' LIMIT ' . PER_PAGE ." OFFSET $offset";
 			}
 		}
 		$stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $query;");
@@ -258,7 +307,7 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
 	global $I, $db, $language;
 	$time=time();
 	ob_start();
-	echo "<table border=\"1\"><tr><th>$I[link]</th><th>$I[description]</th><th>$I[lasttested]</th><th>$I[lastup]</th><th>$I[timeadded]</th><th>$I[actions]</th></tr>";
+	echo "<table id=\"maintable\" border=\"1\"><tr><th>$I[link]</th><th>$I[description]</th><th>$I[lasttested]</th><th>$I[lastup]</th><th>$I[timeadded]</th><th>$I[actions]</th></tr>";
 	if($promoted){//print promoted links at the top
 		$time=time();
 		$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
@@ -310,6 +359,7 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
 			$edit="<form target=\"_blank\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[edit]\" type=\"submit\"></form>";
 		}
 		echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\" target=\"_blank\">$link[address].onion</a></td><td>$link[description]</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td>$edit <form target=\"_blank\" method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
+//		echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\" target=\"_blank\">$link[address].onion</a></td><td>$link[description]</td><td>$edit</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td><form target=\"_blank\" method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
 		++$numrows;
 	}
 	echo '</table>';
@@ -342,7 +392,7 @@ function print_phishing_table(){
 }
 
 function send_text(){
-	global $db;
+	global $I, $db;
 	if(!isSet($db)){
 		die("$I[error]: $I[nodb]");
 	}
@@ -354,7 +404,7 @@ function send_text(){
 }
 
 function send_json(){
-	global $db, $categories;
+	global $I, $db, $categories;
 	if(!isSet($db)){
 		die("$I[error]: $I[nodb]");
 	}
@@ -390,4 +440,54 @@ function get_pagination($category, $pages){
 	echo "</ul><br><br>";
 	return ob_get_clean();
 }
-?>
+
+function send_captcha(){
+	global $I, $db, $memcached;
+	$difficulty=2;
+	if($difficulty===0 || !extension_loaded('gd')){
+		return;
+	}
+	$captchachars='ABCDEFGHJKMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789';
+	$length=strlen($captchachars)-1;
+	$code='';
+	for($i=0;$i<5;++$i){
+		$code.=$captchachars[mt_rand(0, $length)];
+	}
+	$randid=mt_rand();
+	$time=time();
+	$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'captcha (id, time, code) VALUES (?, ?, ?);');
+	$stmt->execute([$randid, $time, $code]);
+	echo "<p>Copy: ";
+	if($difficulty===1){
+		$im=imagecreatetruecolor(55, 24);
+		$bg=imagecolorallocate($im, 0, 0, 0);
+		$fg=imagecolorallocate($im, 255, 255, 255);
+		imagefill($im, 0, 0, $bg);
+		imagestring($im, 5, 5, 5, $code, $fg);
+		echo '<img width="55" height="24" src="data:image/gif;base64,';
+	}else{
+		$im=imagecreatetruecolor(55, 24);
+		$bg=imagecolorallocate($im, 0, 0, 0);
+		$fg=imagecolorallocate($im, 255, 255, 255);
+		imagefill($im, 0, 0, $bg);
+		imagestring($im, 5, 5, 5, $code, $fg);
+		$line=imagecolorallocate($im, 255, 255, 255);
+		for($i=0;$i<2;++$i){
+			imageline($im, 0, mt_rand(0, 24), 55, mt_rand(0, 24), $line);
+		}
+		$dots=imagecolorallocate($im, 255, 255, 255);
+		for($i=0;$i<100;++$i){
+			imagesetpixel($im, mt_rand(0, 55), mt_rand(0, 24), $dots);
+		}
+		echo '<img width="55" height="24" src="data:image/gif;base64,';
+	}
+	ob_start();
+	imagegif($im);
+	imagedestroy($im);
+	echo base64_encode(ob_get_clean()).'">';
+	echo "<input type=\"hidden\" name=\"challenge\" value=\"$randid\"><input type=\"text\" name=\"captcha\" size=\"15\" autocomplete=\"off\"></p>";
+}
+
+function send_error($msg){
+	die("<p style=\"color:red;\">$msg</p></div></body></html>");
+}
diff --git a/phishing_tests.php b/phishing_tests.php
index f983544..0cf3a73 100644
--- a/phishing_tests.php
+++ b/phishing_tests.php
@@ -65,4 +65,3 @@ function check($link, $phishing_link){
 		}
 	}
 }
-?>
diff --git a/setup.php b/setup.php
index 2e2b868..2d0b0b8 100644
--- a/setup.php
+++ b/setup.php
@@ -17,7 +17,6 @@
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-
 include('common_config.php');
 if(!extension_loaded('pdo_mysql')){
 	die($I['pdo_mysqlextrequired']);
@@ -51,8 +50,8 @@ try{
 }
 if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){
 	//create tables
-	$db->exec('CREATE TABLE ' . PREFIX . 'onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(16) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL, lastup int(10) UNSIGNED NOT NULL, timediff int(10) UNSIGNED NOT NULL, timeadded int(10) UNSIGNED NOT NULL, description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL, locked smallint(6) NOT NULL, special int(10) UNSIGNED NOT NULL, INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special));');
-	$db->exec('CREATE TABLE ' . PREFIX . 'phishing (onion_id int(10) UNSIGNED NOT NULL PRIMARY_KEY, original varchar(16) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, FOREIGN KEY (onion_id) REFERENCES onions(id) ON DELETE CASCADE ON UPDATE CASCADE);');
+	$db->exec('CREATE TABLE ' . PREFIX . "onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', lastup int(10) UNSIGNED NOT NULL DEFAULT '0', timediff int(10) UNSIGNED NOT NULL DEFAULT '0', timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL DEFAULT '0', locked smallint(6) NOT NULL DEFAULT '0', special int(10) UNSIGNED NOT NULL DEFAULT '0', INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special));");
+	$db->exec('CREATE TABLE ' . PREFIX . 'phishing (onion_id int(10) UNSIGNED NOT NULL PRIMARY KEY, original varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, FOREIGN KEY (onion_id) REFERENCES onions(id) ON DELETE CASCADE ON UPDATE CASCADE);');
 	$db->exec('CREATE TABLE ' . PREFIX . 'settings (setting varchar(50) NOT NULL PRIMARY KEY, value varchar(20000) NOT NULL);');
 	$stmt=$db->prepare('INSERT INTO ' . PREFIX . "settings (setting, value) VALUES ('version', ?);");
 	$stmt->execute([DBVERSION]);
@@ -79,8 +78,14 @@ if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){
 			$stmt->execute($phishing);
 		}
 	}
+	if($version<3){
+		$db->exec('ALTER TABLE ' . PREFIX . 'onions CHANGE address address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL;');
+		$db->exec('ALTER TABLE ' . PREFIX . 'phishing CHANGE original original varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL;');
+	}
+	if($version<4){
+		$db->exec("ALTER TABLE " . PREFIX . "onions CHANGE lasttest lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', CHANGE lastup lastup int(10) UNSIGNED NOT NULL DEFAULT '0', CHANGE timediff timediff int(10) UNSIGNED NOT NULL DEFAULT '0', CHANGE timeadded timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', CHANGE category category smallint(6) NOT NULL DEFAULT '0', CHANGE locked locked smallint(6) NOT NULL DEFAULT '0', CHANGE special special int(10) UNSIGNED NOT NULL DEFAULT '0'");
+	}
 	$stmt=$db->prepare('UPDATE ' . PREFIX . "settings SET value=? WHERE setting='version';");
 	$stmt->execute([DBVERSION]);
 	echo "$I[statusok]\n";
 }
-?>
diff --git a/test.php b/test.php
index 9ae29bb..3611b8e 100644
--- a/test.php
+++ b/test.php
@@ -17,19 +17,19 @@
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-
 header('Content-Type: text/html; charset=UTF-8');
 if($_SERVER['REQUEST_METHOD']==='HEAD'){
 	exit; // headers sent, no further processing needed
 }
 include('common_config.php');
 echo '<!DOCTYPE html><html><head>';
-echo "<title>Daniel - $I[testtitle]</title>";
+echo "<title>$I[testtitle]</title>";
 echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
-echo '<meta name=viewport content="width=device-width, initial-scale=1">';
+echo '<meta name="author" content="Daniel Winzen">';
+echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
 echo '<style type="text/css">.red{color:red;} .green{color:green;}</style>';
 echo '</head><body>';
-echo '<h2>Online-Test</h2>';
+echo '<h1>Online-Test</h1>';
 print_langs();
 echo "<p>$I[testdesc]</p>";
 echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
@@ -49,8 +49,9 @@ if(!empty($_REQUEST['addr'])){
 	try{
 		$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
 	}catch(PDOException $e){
+		die('No DB connection');
 	}
-	if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+	if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
 		echo "<p class=\"red\">$I[invalonion]</p>";
 		echo "<p>$I[valid]: http://tt3j2x4k5ycaa5zt.onion</p>";
 	}else{
@@ -61,6 +62,7 @@ if(!empty($_REQUEST['addr'])){
 		curl_setopt($ch, CURLOPT_PROXY, PROXY);
 		curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
 		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
+		curl_setopt($ch, CURLOPT_ENCODING, '');
 		curl_setopt($ch, CURLOPT_URL, "http://$addr[4].onion/");
 		$addr=strtolower($addr[4]);
 		$md5=md5($addr, true);
@@ -70,10 +72,14 @@ if(!empty($_REQUEST['addr'])){
 		if($orig=$phishing->fetch(PDO::FETCH_NUM)){
 			printf("<p class=\"red\">$I[testphishing]</p>", "<a href=\"http://$orig[0].onion\">$orig[0].onion</a>");
 		}
-		if(curl_exec($ch)!==false){
+		$stmt=$db->prepare('SELECT null FROM ' . PREFIX . 'onions WHERE md5sum=? AND timediff=0 AND lasttest>?;');
+		$stmt->execute([$md5, time()-60]);
+		if($stmt->fetch(PDO::FETCH_NUM)){
+			echo "<p class=\"green\">$I[testonline]</p>";
+		}elseif(curl_exec($ch)!==false){
 			if(isSet($db)){
 				//update entry in database
-				$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;');
+				$stmt=$db->prepare('SELECT null FROM ' . PREFIX . 'onions WHERE md5sum=?;');
 				$stmt->execute([$md5]);
 				if(!$stmt->fetch(PDO::FETCH_NUM)){
 					$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded) VALUES (?, ?, ?);')->execute([$addr, $md5, time()]);
@@ -93,4 +99,3 @@ if(!empty($_REQUEST['addr'])){
 }
 echo '<br><p style="text-align:center;font-size:small;"><a target="_blank" href="https://github.com/DanWin/onion-link-list">Onion Link List - ' . VERSION . '</a></p>';
 echo '</body></html>';
-?>
diff --git a/update.php b/update.php
index f3d3541..4353a15 100644
--- a/update.php
+++ b/update.php
@@ -18,28 +18,37 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-// Executed every 24 hours via cron - checks for new sites.
+// Executed daily via cronjob - checks for new sites.
 include('common_config.php');
 try{
-	$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
+	$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
 }catch(PDOException $e){
 	die($I['nodb']);
 }
 $ch=curl_init();
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
 curl_setopt($ch, CURLOPT_PROXY, PROXY);
 curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 25);
 curl_setopt($ch, CURLOPT_TIMEOUT, 30);
+curl_setopt($ch, CURLOPT_ENCODING, '');
 $onions=[];
 
 //sources to get links from
 check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.to/antanistaticmap/stats/yesterday');
 check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.tor2web.org/antanistaticmap/stats/yesterday');
-check_links($onions, $ch, 'http://tt3j2x4k5ycaa5zt.onion/onions.php?format=text');
-check_links($onions, $ch, 'http://skunksworkedp2cg.onion/sites.txt');
-check_links($onions, $ch, 'http://7cbqhjnlkivmigxf.onion/');
+check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.link/antanistaticmap/stats/yesterday');
+check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.rip/antanistaticmap/stats/yesterday');
+check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.sh/antanistaticmap/stats/yesterday');
+check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.tor2web.io/antanistaticmap/stats/yesterday');
 check_links($onions, $ch, 'http://visitorfi5kl7q7i.onion/address/');
+check_links($onions, $ch, 'https://onion.cab/list.php?a=list');
+check_links($onions, $ch, 'http://zlal32teyptf4tvi.onion/json/all');
+check_links($onions, $ch, 'http://7cbqhjnlkivmigxf.onion/');
+check_links($onions, $ch, 'http://dhosting4okcs22v.onion/list.php');
+check_links($onions, $ch, 'http://hostdanyyyf65r4b.onion/list.php');
+check_links($onions, $ch, 'http://cb3robuo3hobodw6.onion/darknet/');
 
 //add them to the database
 add_onions($onions, $db);
@@ -49,7 +58,7 @@ $db->exec('DELETE FROM ' . PREFIX . "onions WHERE address!='' AND timediff>24192
 function check_links(&$onions, &$ch, $link){
 	curl_setopt($ch, CURLOPT_URL, $link);
 	$links=curl_exec($ch);
-	if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}).onion(/[^\s><"]*)?~i', $links, $addr)){
+	if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $links, $addr)){
 		foreach($addr[3] as $link){
 			$link=strtolower($link);
 			$onions[md5($link, true)]=$link;
@@ -57,7 +66,7 @@ function check_links(&$onions, &$ch, $link){
 	}
 }
 
-function add_onions(&$onions, PDO $db){
+function add_onions(&$onions, $db){
 	$stmt=$db->query('SELECT md5sum FROM ' . PREFIX . 'onions;');
 	while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
 		if(isSet($onions[$tmp[0]])){
@@ -72,4 +81,3 @@ function add_onions(&$onions, PDO $db){
 	}
 	$db->commit();
 }
-?>

$I[link]	$I[description]	$I[lasttested]	$I[lastup]	$I[timeadded]	$I[actions]
$link[address].onion	$link[description]	$lasttest	$lastup	$timeadded	$edit
$link[address].onion	$link[description]	$edit	$lasttest	$lastup	$timeadded