diff --git a/inc/config.php b/inc/config.php
index c61fb5d0..a8bbde53 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -279,6 +279,8 @@
 	$config['mod']['rebuild_timelimit'] = 0;
 	// Server-side confirm button for actions like deleting posts, for when Javascript is disabled or the DOM isn't loaded.
 	$config['mod']['server-side_confirm'] = true;
+	// PM snippet (for ?/inbox) length in characters
+	$config['mod']['snippet_length'] = 75;
 	
 	// Probably best not to change these:
 	if(!defined('JANITOR')) {
diff --git a/inc/display.php b/inc/display.php
index 72983a49..c0d2dde1 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -92,6 +92,24 @@
 		)));
 	}
 	
+	function pm_snippet($body) {
+		global $config;
+		
+		// Replace line breaks with some whitespace
+		$body = str_replace('<br/>', '  ', $body);
+		
+		// Strip tags
+		$body = strip_tags($body);
+		
+		// Unescape HTML characters, to avoid splitting them in half
+		$body = html_entity_decode_utf8($body);
+		
+		$body = substr($body, 0, $config['mod']['snippet_length']) . (strlen($body) > $config['mod']['snippet_length'] ? '…' : '');
+		
+		// Re-escape the characters.
+		return '<em>' . utf8tohtml($body) . '</em>';
+	}
+	
 	function confirmLink($text, $title, $confirm, $href) {
 		global $config, $mod;
 		if($config['mod']['server-side_confirm'])
diff --git a/inc/functions.php b/inc/functions.php
index 1e198b14..5c6b7c72 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1023,6 +1023,37 @@
 		$body = preg_replace("/\n/", '<br/>', $body);
 	}
 
+	function html_entity_decode_utf8($string) {
+		static $trans_tbl;
+		
+		// replace numeric entities
+		$string = preg_replace('~&#x([0-9a-f]+);~ei', 'code2utf(hexdec("\\1"))', $string);
+		$string = preg_replace('~&#([0-9]+);~e', 'code2utf(\\1)', $string);
+
+		// replace literal entities
+		if (!isset($trans_tbl)) {
+			$trans_tbl = array();
+			
+			foreach (get_html_translation_table(HTML_ENTITIES) as $val=>$key)
+				$trans_tbl[$key] = utf8_encode($val);
+		}
+		
+		return strtr($string, $trans_tbl);
+	}
+
+	// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv)
+	function code2utf($num) {
+		if ($num < 128)
+			return chr($num);
+		if ($num < 2048)
+			return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
+		if ($num < 65536)
+			return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
+		if ($num < 2097152)
+			return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
+		return '';
+	}
+
 	function utf8tohtml($utf8, $encodeTags=true) {
 		$result = '';
 		for ($i = 0; $i < strlen($utf8); $i++) {
@@ -1040,7 +1071,7 @@
 			} else if ($ascii < 240) {
 				// three-byte character
 				$ascii1 = ord($utf8[$i+1]);
-				$ascii2 = ord($utf8[$i+2]);
+				$ascii2 = @ord($utf8[$i+2]);
 				$unicode = (15 & $ascii) * 4096 +
 						   (63 & $ascii1) * 64 +
 						   (63 & $ascii2);
diff --git a/mod.php b/mod.php
index 06331a2a..6414ce9a 100644
--- a/mod.php
+++ b/mod.php
@@ -122,6 +122,19 @@
 				}
 				
 				$fieldset['Noticeboard'] .= '<a href="?/noticeboard">View all entires</a></li>';
+				
+				$query = prepare("SELECT COUNT(*) AS `count` FROM `pms` WHERE `to` = :id AND `unread` = 1");
+				$query->bindValue(':id', $mod['id']);
+				$query->execute() or error(db_error($query));
+				$count = $query->fetch();
+				$count = $count['count'];
+				
+				$fieldset['Noticeboard'] .= '<li><a href="?/inbox">PM inbox' . 
+					($count > 0
+					?
+						' <strong>(' . $count . ' unread)</strong>'
+					: '') .
+				'</a></li>';
 			}
 			
 			if($mod['type'] >= $config['mod']['reports']) {
@@ -311,6 +324,39 @@
 				'mod'=>true
 				)
 			);
+		} elseif(preg_match('/^\/inbox$/', $query, $match)) {
+			$query = prepare("SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC");
+			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
+			$query->execute() or error(db_error($query));
+			
+			if($query->rowCount() == 0) {
+				$body = '<p style="text-align:center" class="unimportant">(No private messages for you.)</p>';
+			} else {
+				$unread_pms = 0;
+				
+				$body = '<table class="modlog"><tr><th>ID</th><th>From</th><th>Date</th><th>Message snippet</th></tr>';
+				while($pm = $query->fetch()) {
+					$body .= '<tr' . ($pm['unread'] ? ' style="font-weight:bold"' : '') . '>' . 
+							'<td class="minimal"><a href="?/PM/' . $pm['id'] . '">' . $pm['id'] . '</a></td>' .
+							'<td class="minimal"><a href="?/new_PM/' . $pm['sender'] . '">' . $pm['username'] . '</a></td>' .
+							'<td class="minimal">' . date($config['post_date'], $pm['time']) . '</td>' .
+							'<td><a href="?/PM/' . $pm['id'] . '">' . pm_snippet($pm['message']) . '</a></td>' .
+						'</tr>';
+					
+					if($pm['unread'])
+						$unread_pms++;
+				}
+				$body .= '</table>';
+			}
+			
+			
+			echo Element('page.html', Array(
+				'config'=>$config,
+				'title'=>'PM Inbox (' . ($query->rowCount() == 0 ? 'empty' : $unread_pms . ' unread') . ')',
+				'body'=>$body,
+				'mod'=>true
+				)
+			);
 		} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
 			$id = $match[1];