<?php
	require 'inc/functions.php';
	require 'inc/display.php';
	require 'inc/template.php';
	require 'inc/database.php';
	require 'inc/user.php';
	
	sql_open();
	
	// Check if banned
	checkBan();
			
	require 'inc/mod.php';
	
	// Fix some encoding issues
	header('Content-Type: text/html; charset=utf-8', true);
	
	if (get_magic_quotes_gpc()) {
		function strip_array($var) {
			return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
		}
		
		$_SESSION = strip_array($_SESSION);
		$_GET = strip_array($_GET);
		$_POST = strip_array($_POST);
	}
	
	$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
	
	// If not logged in
	if(!$mod) {
		if(isset($_POST['login'])) {
			// Check if inputs are set and not empty
			if(	!isset($_POST['username']) ||
				!isset($_POST['password']) ||
				empty($_POST['username']) ||
				empty($_POST['password'])
				) loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
			
			
			if(!login($_POST['username'], $_POST['password']))
				loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
			
			modLog("Logged in.");
			
			// Login successful
			// Set cookies
			setCookies();
			
			// Redirect
			if(isset($_POST['redirect']))
				header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
			else
				header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
			
			// Close connection
			sql_close();
		} else {
			loginForm(false, false, '?' . $query);
		}
	} else {
		// Redirect (for index pages)
		if(count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r']))
			header('Location: ' . $_GET['r'], true, $_GET['status']);
		
		// A sort of "cache"
		// Stops calling preg_quote and str_replace when not needed; only does it once
		$regex = Array(
			'board' => str_replace('%s', '(\w{1,8})', preg_quote($config['board_path'], '/')),
			'page' => str_replace('%d', '(\d+)', preg_quote($config['file_page'], '/')),
			'img' => preg_quote($config['dir']['img'], '/'),
			'thumb' => preg_quote($config['dir']['thumb'], '/'),
			'res' => preg_quote($config['dir']['res'], '/'),
			'index' => preg_quote($config['file_index'], '/')
		);
		
		if(preg_match('/^\/?$/', $query)) {
			// Dashboard
			$fieldset = Array(
				'Boards' => '',
				'Administration' => ''
			);
			
			// Boards
			$fieldset['Boards'] .= ulBoards();
			
			if($mod['type'] >= $config['mod']['reports']) {
				$fieldset['Administration'] .= 	'<li><a href="?/reports">Report queue</a></li>';
			}
			if($mod['type'] >= $config['mod']['view_banlist']) {
				$fieldset['Administration'] .= 	'<li><a href="?/bans">Ban list</a></li>';
			}
			if($mod['type'] >= $config['mod']['manageusers']) {
				$fieldset['Administration'] .= 	'<li><a href="?/users">Manage users</a></li>';
			}
			if($mod['type'] >= $config['mod']['modlog']) {
				$fieldset['Administration'] .= 	'<li><a href="?/log">Moderation log</a></li>';
			}
			if($mod['type'] >= $config['mod']['show_config']) {
				$fieldset['Administration'] .= 	'<li><a href="?/config">Show configuration</a></li>';
			}
			
			// TODO: Statistics, etc, in the dashboard.
			
			$body = '';
			foreach($fieldset as $title => $data) {
				if($data)
					$body .= "<fieldset><legend>{$title}</legend><ul>{$data}</ul></fieldset>";
			}
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'Dashboard',
				'body'=>$body
				//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
				)
			);
		} elseif(preg_match('/^\/log$/', $query)) {
			if($mod['type'] < $config['mod']['modlog']) error($config['error']['noaccess']);
			
			$body = '<table class="modlog"><tr><th>User</th><th>IP address</th><th>Ago</th><th>Action</th></tr>';
			
			$query = prepare("SELECT `id`,`username`,`ip`,`time`,`text` FROM `modlogs` INNER JOIN `mods` ON `mod` = `id` ORDER BY `time` DESC LIMIT :limit");
			$query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			while($log = $query->fetch()) {
				$log['text'] = htmlentities($log['text']);
				$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']);
				
				
				$body .= '<tr>' .
				'<td class="minimal"><a href="?/users/' . $log['id'] . '">' . $log['username'] . '</a></td>' .
				'<td class="minimal"><a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a></td>' .
				'<td class="minimal">' . ago($log['time']) . '</td>' .
				'<td>' . $log['text'] . '</td>' .
				'</tr>';
			}
			
			$body .= '</table>';
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'Moderation log',
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) {
			$id = $match[1];
			
			$query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod");
			$query->bindValue(':id', $id, PDO::PARAM_INT);
			$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if(!$pm = $query->fetch()) {
				// Mod doesn't exist
				error($config['error']['404']);
			}
			
			if(isset($_POST['delete'])) {
				$query = prepare("DELETE FROM `pms` WHERE `id` = :id");
				$query->bindValue(':id', $id, PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				header('Location: ?/', true, $config['redirect_http']);
			} else {
				$query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id");
				$query->bindValue(':id', $id, PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				$body = '<form action="" method="post"><table><th>From</th><td>' .
					($mod['type'] >= $config['mod']['editusers'] ?
						'<a href="?/users/' . $pm['sender'] . '">' . htmlentities($pm['username']) . '</a>' :
						htmlentities($pm['username'])
					) .
				'</td></tr>' .
				
				'<tr><th>Date</th><td> ' . date($config['post_date'], $pm['time']) . '</td></tr>' .
				
				'<tr><th>Message</th><td> ' . $pm['message'] . '</td></tr>' .
				
				'</table>' . 
				
				'<p style="text-align:center"><input type="submit" name="delete" value="Delete forever" /></p>' .
				
				'</form>';
				
				echo Element('page.html', Array(
					'index'=>$config['root'],
					'title'=>'Private message',
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/new_PM\/(\d+)$/', $query, $match)) {
			if($mod['type'] < $config['mod']['create_pm']) error($config['error']['noaccess']);
			
			$to = $match[1];
			
			$query = prepare("SELECT `username`,`id` FROM `mods` WHERE `id` = :id");
			$query->bindValue(':id', $to, PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if(!$to = $query->fetch()) {
				// Mod doesn't exist
				error($config['error']['404']);
			}
			
			if(isset($_POST['message'])) {
				// Post message
				$message = $_POST['message'];
				
				if(empty($message))
					error($config['error']['tooshort_body']);
				
				markup($message);
				
				$query = prepare("INSERT INTO `pms` VALUES (NULL, :sender, :to, :message, :time, 1)");
				$query->bindValue(':sender', $mod['id'], PDO::PARAM_INT);
				$query->bindValue(':to', $to['id'], PDO::PARAM_INT);
				$query->bindValue(':message', $message);
				$query->bindValue(':time', time(), PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				echo Element('page.html', Array(
					'index'=>$config['root'],
					'title'=>'PM sent',
					'body'=>'<p style="text-align:center">Message sent successfully to ' . htmlentities($to['username']) . '.</p>',
					'mod'=>true
					)
				);
			} else {
				$body = '<form action="" method="post">' .
				
				'<table>' . 
				
				'<tr><th>To</th><td>' .
					($mod['type'] >= $config['mod']['editusers'] ?
						'<a href="?/users/' . $to['id'] . '">' . htmlentities($to['username']) . '</a>' :
						htmlentities($to['username'])
					) .
				'</td>' .
				
				'<tr><th>Message</th><td><textarea name="message" rows="10" cols="40"></textarea></td>' .
				
				'</table>' .
				
				'<p style="text-align:center"><input type="submit" value="Send message" /></p>' .
				
				'</form>';
				
				echo Element('page.html', Array(
					'index'=>$config['root'],
					'title'=>'New PM for ' . htmlentities($to['username']),
					'body'=>$body
					,'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/users$/', $query)) {
			if($mod['type'] < $config['mod']['manageusers']) error($config['error']['noaccess']);
			
			$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Last action</th><th>…</th></tr>';
			
			$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
			while($_mod = $query->fetch()) {				
				$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
				$body .= '<tr>' .
					'<td>' .
						$_mod['id'] .
					'</td>' .
					
					'<td>' .
						$_mod['username'] .
					'</td>' .
					
					'<td>' .
						$type .
					'</td>' .
					
					'<td>' .
						($_mod['last'] ?
							'<span title="' . htmlentities($_mod['action']) . '">' . ago($_mod['last']) . '</span>'
						: '<em>never</em>') .
					'</td>' .
					
					'<td style="white-space:nowrap">' .
						($mod['type'] >= $config['mod']['promoteusers'] ?
							($_mod['type'] != ADMIN ?
								'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/promote" title="Promote">▲</a>'
							:'') .
							($_mod['type'] != JANITOR ?
								'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/demote" title="Demote">▼</a>'
							:'')
						: ''
						) .
						($mod['type'] >= $config['mod']['editusers'] ?
							'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
						: '' ) .
						($mod['type'] >= $config['mod']['create_pm'] ?
							'<a class="unimportant" style="margin-left:5px;float:right" href="?/new_PM/' . $_mod['id'] . '">[PM]</a>'
						: '' ) .
					'</td></tr>';
			}
			
			$body .= '</table>';
			
			if($mod['type'] >= $config['mod']['createusers']) {
				$body .= '<p style="text-align:center"><a href="?/users/new">Create new user</a></p>';
			}
			
			$body .= '</form>';
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'Manage users',
				'body'=>$body
				,'mod'=>true
				)
			);
		} elseif(preg_match('/^\/users\/new$/', $query)) {
			if($mod['type'] < $config['mod']['createusers']) error($config['error']['noaccess']);
			
			if(isset($_POST['username']) && isset($_POST['password'])) {
				if(!isset($_POST['type'])) {
					error(sprintf($config['error']['required'], 'type'));
				}
				
				if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
					error(sprintf($config['error']['invalidfield'], 'type'));
				}
				
				// Check if already exists
				$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
				$query->bindValue(':username', $_POST['username']);
				$query->execute() or error(db_error($query));
				
				if($_mod = $query->fetch()) {
					error(sprintf($config['error']['modexists'], $_mod['id']));
				}
				
				$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type)");
				$query->bindValue(':username', $_POST['username']);
				$query->bindValue(':password', sha1($_POST['password']));
				$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				modLog('Create a new user: "' . $_POST['username'] . '"');
			}
			
			$body = '<fieldset><legend>New user</legend>' . 
				
				// Begin form
				'<form style="text-align:center" action="" method="post">' .
				
				'<table>' .
				
				'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
				'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
				'<tr><th>Type</th><td>' .
					'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
					'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
					'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
				'</td></tr>' .
				'</table>' .
				
				'<input style="margin-top:10px" type="submit" value="Create user" />' .
				
				// End form
				'</form></fieldset>';
				
				echo Element('page.html', Array(
					'index'=>$config['root'],
					'title'=>'New user',
					'body'=>$body
					,'mod'=>true
					)
				);
		} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
			$modID = $matches[1];
			
			if(isset($matches[2])) {
				if($matches[3] == 'delete') {
					if($mod['type'] < $config['mod']['deleteusers']) error($config['error']['noaccess']);
					
					$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
					$query->bindValue(':id', $modID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
				} else {
					// Promote/demote
					if($mod['type'] < $config['mod']['promoteusers']) error($config['error']['noaccess']);
					
					if($matches[3] == 'promote') {
						$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
						$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
					} else {
						$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
						$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
					}
					
					$query->bindValue(':id', $modID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
				}
				header('Location: ?/users', true, $config['redirect_http']);
			} else {
				// Edit user
				if($mod['type'] < $config['mod']['editusers']) error($config['error']['noaccess']);
				
				$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
				$query->bindValue(':id', $modID, PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				if(!$_mod = $query->fetch()) {
					error($config['error']['404']);
				}
				
				if(isset($_POST['username']) && isset($_POST['password'])) {
					$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
					$query->bindValue(':username', $_POST['username']);
					$query->bindValue(':id', $modID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					if(!empty($_POST['password'])) {
						$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
						$query->bindValue(':password', sha1($_POST['password']));
						$query->bindValue(':id', $modID, PDO::PARAM_INT);
						$query->execute() or error(db_error($query));
					}
					
					// Refresh
					$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
					$query->bindValue(':id', $modID, PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					$_mod = $query->fetch();
				}
				
				$body = '<fieldset><legend>Edit user</legend>' . 
				
				// Begin form
				'<form style="text-align:center" action="" method="post">' .
				
				'<table>' .
				
				'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" /></td></tr>' .
				'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
				'</table>' .
				
				'<input type="submit" value="Save changes" />' .
				
				// End form
				'</form> ' .
				
				// Delete button
				($mod['type'] >= $config['mod']['deleteusers'] ?
					'<p style="text-align:center"><a href="?/users/' . $_mod['id'] . '/delete">Delete user</a></p>'
				:'') .
				
				'</fieldset>';
				
				echo Element('page.html', Array(
					'index'=>$config['root'],
					'title'=>'Edit user',
					'body'=>$body
					,'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/reports$/', $query)) {
			if($mod['type'] < $config['mod']['reports']) error($config['error']['noaccess']);
			
			$body = '';
			$reports = 0;
			
			$query = prepare("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC LIMIT :limit");
			$query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			while($report = $query->fetch()) {
				$p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri']));
				$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
				$p_query->execute() or error(db_error($query));
				
				if(!$post = $p_query->fetch()) {
					// Invalid report (post has since been deleted)
					$p_query = prepare("DELETE FROM `reports` WHERE `post` = :id");
					$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
					$p_query->execute() or error(db_error($query));
					continue;
				}
				
				$reports++;
				openBoard($report['uri']);
				
				if(!$post['thread']) {
					$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], '?/', $mod, false);
				} else {
					$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], '?/', $mod);
				}
				
				$po->body .=
					'<div class="report">' .
						'<hr/>' .
						'Board: <a href="?/' . $report['uri'] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $report['uri']) . '</a><br/>' .
						'Reason: ' . $report['reason'] . '<br/>' .
						'Reported by: <a href="?/IP/' . $report['ip'] . '">' . $report['ip'] . '</a><br/>' .
						'<hr/>' .
							($mod['type'] >= $config['mod']['report_dismiss'] ?
								'<a title="Discard abuse report" href="?/reports/' . $report['id'] . '/dismiss">Dismiss</a> | ' : '') .
							($mod['type'] >= $config['mod']['report_dismiss_ip'] ?
								'<a title="Discard all abuse reports by this user" href="?/reports/' . $report['id'] . '/dismiss/all">Dismiss+</a>' : '') .
					'</div>';
				$body .= $po->build(true) . '<hr/>';
			}
			
			$query = query("SELECT COUNT(`id`) AS `count` FROM `reports`") or error(db_error());
			$count = $query->fetch();
			
			$body .= '<p class="unimportant" style="text-align:center">Showing ' . 
				($reports == $count['count'] ? 'all ' . $reports . ' reports' : $reports . ' of ' . $count['count'] . ' reports') . '.</p>';
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'Report queue',
				'body'=>$body,
				'mod'=>true
			));
		} elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) {
			if(isset($matches[2]) && $matches[2] == '/all') {
				if($mod['type'] < $config['mod']['report_dismiss_ip']) error($config['error']['noaccess']);
				
				$query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id");
				$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				if($report = $query->fetch()) {
					$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
					$query->bindValue(':ip', $report['ip'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					modLog('Dismissed all reports by ' . $report['ip']);
				}
			} else {
				if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']);
				
				$query = prepare("SELECT `post` FROM `reports` WHERE `id` = :id");
				$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				if($report = $query->fetch()) {
					modLog('Dismissed a report for post #' . $report['post']);
					
					$query = prepare("DELETE FROM `reports` WHERE `post` = :post");
					$query->bindValue(':post', $report['post'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
				}
			}
			
			// Redirect
			if(isset($_SERVER['HTTP_REFERER']))
				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
			else
				header('Location: ?/reports', true, $config['redirect_http']);
		} elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) {
			if($mod['type'] < $config['mod']['manageboards']) error($config['error']['noaccess']);
			
			if(!openBoard($matches[1]))
				error($config['error']['noboard']);
			
			if(isset($matches[2]) && $matches[2] == '/delete') {
				if($mod['type'] < $config['mod']['deleteboard']) error($config['error']['noaccess']);
				// Delete board
				
				// Delete entire board directory
				rrmdir($board['uri'] . '/');
				
				// Delete posting table
				$query = query(sprintf("DROP TABLE IF EXISTS `posts_%s`", $board['uri'])) or error(db_error());
				
				// Clear reports
				$query = prepare("DELETE FROM `reports` WHERE `board` = :id");
				$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				// Delete from table
				$query = prepare("DELETE FROM `boards` WHERE `id` = :id");
				$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				header('Location: ?/', true, $config['redirect_http']);
			} else {
				if(isset($_POST['title']) && isset($_POST['subtitle'])) {
					$query = prepare("UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `id` = :id");
					$query->bindValue(':title', utf8tohtml($_POST['title'], true));
					
					if(!empty($_POST['subtitle']))
						$query->bindValue(':subtitle', utf8tohtml($_POST['subtitle'], true));
					else
						$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
					
					$query->bindValue(':id', $board['id'], PDO::PARAM_INT);
					$query->execute() or error(db_error($query));
					
					openBoard($board['uri']);
				}
				
				$body =
				'<fieldset><legend><a href="?/' .
				$board['uri'] .	'/' . $config['file_index'] . '">' .
				sprintf($config['board_abbreviation'], $board['uri']) . '</a>' . 
				' - ' . $board['name'] . '</legend>' . 
				
				// Begin form
				'<form style="text-align:center" action="" method="post">' .
				
				'<table>' .
				
				'<tr><th>URI</th><td>' . $board['uri'] . '</td>' .
				'<tr><th>Title</th><td><input size="20" maxlength="20" type="text" name="title" value="' . $board['name'] . '" /></td></tr>' .
				'<tr><th>Subtitle</th><td><input size="20" maxlength="40" type="text" name="subtitle" value="' .
					(isset($board['title']) ? $board['title'] : '') . '" /></td></tr>' .
				
				'</table>' .
				
				'<input type="submit" value="Update" />' .
				
				// End form
				'</form> ' .
				
				// Delete button
				($mod['type'] >= $config['mod']['deleteboard'] ?
					'<p style="text-align:center"><a href="?/board/' . $board['uri'] . '/delete">Delete board</a></p>'
				:'') .
				
				'</fieldset>';
				
				echo Element('page.html', Array(
					'index'=>$config['root'],
					'title'=>'Manage – ' . sprintf($config['board_abbreviation'], $board['uri']),
					'body'=>$body,
					'mod'=>true
				));
			}
		} elseif(preg_match('/^\/bans$/', $query)) {
			if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']);
			
			if($mod['type'] >= $config['mod']['view_banexpired']) {
				$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` ORDER BY `expires` < :time, `set` DESC");
				$query->bindValue(':time', time(), PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
			} else {
				// Filter out expired bans
				$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` GROUP BY `ip` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC");
				$query->bindValue(':time', time(), PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
			}
			
			if($query->rowCount() < 1) {
				$body = '(There are no active bans.)';
			} else {
				$body = '<form action="" method="post">';
				$body .= '<table><tr><th>IP address</th><th>Reason</th><th>Set</th><th>Expires</th><th>Staff</th><th>Actions</th></tr>';
				
				while($ban = $query->fetch()) {
					$body .=
						'<tr' .
							($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
								' style="text-decoration:line-through"'
							:'') .
						'>' .
					
					'<td style="white-space: nowrap">' .
					
					// Checkbox
					'<input type="checkbox" name="ban_' . $ban['ip'] . '" id="ban_' . $ban['ip'] . '" /> ' .
					
					// IP address
					'<a href="?/IP/' .
						$ban['ip'] .
					'">'. $ban['ip'] . '</a></td>' .
					
					// Reason
					'<td>' . $ban['reason'] . '</td>' .
					
					// Set
					'<td style="white-space: nowrap">' . date($config['post_date'], $ban['set']) . '</td>' .
					
					// Expires
					'<td style="white-space: nowrap">' . 
						($ban['expires'] == 0 ?
							'<em>Never</em>'
						:
							date($config['post_date'], $ban['expires'])
						) .
					'</td>' .
					
					// Staff
					'<td>' .
						($mod['type'] < $config['mod']['view_banstaff'] ?
							($config['mod']['view_banquestionmark'] ?
								'?'
							:
								($ban['type'] == JANITOR ? 'Janitor' :
								($ban['type'] == MOD ? 'Mod' :
								($ban['type'] == ADMIN ? 'Admin' :
								'?')))
							)
						:
							$ban['username']
						) .
					'</td>' .
					
					'<td></td>' .
					
					'</tr>';
				}
				
				$body .= '</table></form>';
			}
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'Ban list',
				'body'=>$body,
				'mod'=>true
			)
		);
		} elseif(preg_match('/^\/rebuild$/', $query)) {
			// For debugging
			set_time_limit(0);
			
			header('Content-Type: text/plain');
			if($mod['type'] != ADMIN) die('Admins only!');
			
			$boards = listBoards();
			
			foreach($boards as &$board) {
				echo "Opening board /{$board['uri']}/\n";
				openBoard($board['uri']);
				
				echo "Creating index pages\n";
				buildIndex();
				
				$query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error());
				while($post = $query->fetch()) {
					echo "Rebuilding #{$post['id']}\n";
					buildThread($post['id']);
				}
			}
			echo "Complete!\n";
		} elseif(preg_match('/^\/config$/', $query)) {
			if($mod['type'] < $config['mod']['show_config']) error($config['error']['noaccess']);
			
			// Show instance-config.php	
			
			$data = '';
			
			function do_array_part($array, $prefix = '') {
				global $data, $config;
				
				foreach($array as $name => $value) {
					if(is_array($value)) {
						do_array_part($value, $prefix . $name . ' → ');
					} else {
						if($config['mod']['never_reveal_password'] && $prefix == 'db → ' && $name == 'password') {
							$value = '<em>hidden</em>';
						} elseif(gettype($value) == 'boolean') {
							$value = $value ? '<span style="color:green;">On</span>' : '<span style="color:red;">Off</span>';
						} elseif(gettype($value) == 'string') {
							if(empty($value))
								$value = '<em>empty</em>';
							else
								$value = '<span style="color:maroon;">' . utf8tohtml(substr($value, 0, 110) . (strlen($value) > 110 ? '…' : '')) . '</span>';
						} elseif(gettype($value) == 'integer') {
							$value = '<span style="color:black;">' . $value . '</span>';
						}
						
						$data .= 
								'<tr><th style="text-align:left;">' . 
									$prefix . (gettype($name) == 'integer' ? '[]' : $name) .
								'</th><td>' .
									$value .
								'</td></tr>';
						}
					}
				}
			
			do_array_part($config);				
			
			$body = '<fieldset><legend>Configuration</legend><table>' . $data . '</table></fieldset>';
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'Configuration',
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/new$/', $query)) {
			if($mod['type'] < $config['mod']['newboard']) error($config['error']['noaccess']);
			
			// New board
			$body = '';
			
			if(isset($_POST['new_board'])) {
				// Create new board
				if(	!isset($_POST['uri']) ||
					!isset($_POST['title']) ||
					!isset($_POST['subtitle'])
				)	error($config['error']['missedafield']);
				
				$b = Array(
					'uri' => $_POST['uri'],
					'title' => $_POST['title'],
					'subtitle' => $_POST['subtitle']
				);
				
				// HTML characters
				$b['title'] = utf8tohtml($b['title'], true);
				$b['subtitle'] = utf8tohtml($b['subtitle'], true);
				
				// Check required fields
				if(empty($b['uri']))
					error(sprintf($config['error']['required'], 'URI'));
				if(empty($b['title']))
					error(sprintf($config['error']['required'], 'title'));
				
				// Check string lengths
				if(strlen($b['uri']) > 8)
					error(sprintf($config['error']['toolong'], 'URI'));
				if(strlen($b['title']) > 20)
					error(sprintf($config['error']['toolong'], 'title'));
				if(strlen($b['subtitle']) > 40)
					error(sprintf($config['error']['toolong'], 'subtitle'));
				
				if(!preg_match('/^\w+$/', $b['uri']))
					error(sprintf($config['error']['invalidfield'], 'URI'));
				
				if(openBoard($b['uri'])) {
					unset($board);
					error(sprintf($config['error']['boardexists'], sprintf($config['board_abbreviation'], $b['uri'])));
				}
				
				$query = prepare("INSERT INTO `boards` VALUES (NULL, :uri, :title, :subtitle)");
				$query->bindValue(':uri', $b['uri']);
				$query->bindValue(':title', $b['title']);
				if(!empty($b['subtitle'])) {
					$query->bindValue(':subtitle', $b['subtitle']);
				} else {
					$query->bindValue(':subtitle', null, PDO::PARAM_NULL);
				}
				$query->execute() or error(db_error($query));
				
				// Record the action
				modLog("Created a new board: {$b['title']}");
				
				// Open the board
				openBoard($b['uri']) or error("Couldn't open board after creation.");
				
				// Create the posts table
				query(Element('posts.sql', Array('board' => $board['uri']))) or error(db_error());
				
				// Build the board
				buildIndex();
				
				header('Location: ?/board/' . $board['uri'], true, $config['redirect_http']);
			} else {
				
				$body .= form_newBoard();
				
				// TODO: Statistics, etc, in the dashboard.
				
				echo Element('page.html', Array(
					'index'=>$config['root'],
					'title'=>'New board',
					'body'=>$body,
					'mod'=>true
					)
				);
			}
		} elseif(preg_match('/^\/' . $regex['board'] . '(' . $regex['index'] . '|' . $regex['page'] . ')?$/', $query, $matches)) {
			// Board index
			
			$boardName = $matches[1];
			
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$page_no = empty($matches[2]) || $matches[2] == $config['file_index'] ? 1 : $matches[2];
			
			if(!$page = index($page_no, $mod)) {
				error($config['error']['404']);
			}
			
			$page['pages'] = getPages(true);
			$page['pages'][$page_no-1]['selected'] = true;
			$page['btn'] = getPageButtons($page['pages'], true);
			$page['hidden_inputs'] = createHiddenInputs();
			$page['mod'] = true;
			
			echo Element('index.html', $page);
		} elseif(preg_match('/^\/' . $regex['board'] . $regex['res'] . $regex['page'] . '$/', $query, $matches)) {
			// View thread
			
			$boardName = $matches[1];
			$thread = $matches[2];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$page = buildThread($thread, true, $mod);
			
			echo $page;
		} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
			if($mod['type'] < $config['mod']['deletefile']) error($config['error']['noaccess']);
			// Delete file from post
			
			$boardName = $matches[1];
			$post = $matches[2];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			// Delete post
			deleteFile($post);
			
			// Record the action
			modLog("Removed file from post #{$post}");
			
			// Rebuild board
			buildIndex();
			
			
			// Redirect
			if(isset($_SERVER['HTTP_REFERER']))
				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
			else
				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
			if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
			// Delete post
			
			$boardName = $matches[1];
			$post = $matches[2];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			// Delete post
			deletePost($post);
			
			// Record the action
			modLog("Deleted post #{$post}");
			
			// Rebuild board
			buildIndex();
			
			// Redirect
			if(isset($_SERVER['HTTP_REFERER']))
				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
			else
				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
			if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']);
			// Add/remove sticky
			
			$boardName = $matches[1];
			$post = $matches[3];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$query = prepare(sprintf("UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
			$query->bindValue(':id', $post, PDO::PARAM_INT);
			
			if($matches[2] == 'un') {
				// Record the action
				modLog("Unstickied post #{$post}");
				$query->bindValue(':sticky', 0, PDO::PARAM_INT);
			} else {
				// Record the action
				modLog("Stickied post #{$post}");
				$query->bindValue(':sticky', 1, PDO::PARAM_INT);
			}
			
			$query->execute() or error(db_error($query));
			
			buildIndex();
			buildThread($post);
			
			
			// Redirect
			if(isset($_SERVER['HTTP_REFERER']))
				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
			else
				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
			if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']);
			// Lock/Unlock
			
			$boardName = $matches[1];
			$post = $matches[3];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$query = prepare(sprintf("UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL", $board['uri']));
			$query->bindValue(':id', $post, PDO::PARAM_INT);
			
			if($matches[2] == 'un') {
				// Record the action
				modLog("Unlocked post #{$post}");
				$query->bindValue(':locked', 0, PDO::PARAM_INT);
			} else {
				// Record the action
				modLog("Locked post #{$post}");
				$query->bindValue(':locked', 1, PDO::PARAM_INT);
			}
			
			$query->execute() or error(db_error($query));
			
			buildIndex();
			buildThread($post);
			
			
			// Redirect
			if(isset($_SERVER['HTTP_REFERER']))
				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
			else
				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) {
			// Delete all posts by an IP
			
			$boardName = $matches[1];
			$post = $matches[2];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$query = prepare(sprintf("SELECT `ip` FROM `posts_%s` WHERE `id` = :id", $board['uri']));
			$query->bindValue(':id', $post);
			$query->execute() or error(db_error($query));
			
			if(!$post = $query->fetch())
				error($config['error']['invalidpost']);
			
			$ip = $post['ip'];
			
			// Record the action
			modLog("Deleted all posts by IP address: {$ip}");
			
			$query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `ip` = :ip", $board['uri']));
			$query->bindValue(':ip', $ip);
			$query->execute() or error(db_error($query));
			
			if($query->rowCount() < 1)
				error($config['error']['invalidpost']);
			
			while($post = $query->fetch()) {
				deletePost($post['id'], false);
			}
			
			if(isset($_SERVER['HTTP_REFERER']))
				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
			else
				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
		} elseif(preg_match('/^\/ban$/', $query)) {
			// Ban page
			
			if(isset($_POST['new_ban'])) {
				if(	!isset($_POST['ip']) ||
					!isset($_POST['reason']) ||
					!isset($_POST['length'])
				)	error($config['error']['missedafield']);
				
				// Check required fields
				if(empty($_POST['ip']))
					error(sprintf($config['error']['required'], 'IP address'));
				
				$query = prepare("INSERT INTO `bans` VALUES (:ip, :mod, :set, :expires, :reason)");
				
				// 1yr2hrs30mins
				// 1y2h30m
				$expire = 0;
				if(preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $_POST['length'], $m)) {
					if(isset($m[2])) {
						// Years
						$expire += $m[2]*60*60*24*365;
					}
					if(isset($m[4])) {
						// Months
						$expire += $m[4]*60*60*24*30;
					}
					if(isset($m[6])) {
						// Weeks
						$expire += $m[6]*60*60*24*7;
					}
					if(isset($m[8])) {
						// Days
						$expire += $m[8]*60*60*24;
					}
					if(isset($m[10])) {
						// Hours
						$expire += $m[10]*60*60;
					}
					if(isset($m[12])) {
						// Minutes
						$expire += $m[12]*60;
					}
					if(isset($m[14])) {
						// Seconds
						$expire += $m[14];
					}
				}
				if($expire) {
					$query->bindValue(':expires', time()+$expire, PDO::PARAM_INT);
				} else {
					// Never expire
					$query->bindValue(':expires', null, PDO::PARAM_NULL);
				}
				
				$query->bindValue(':ip', $_POST['ip'], PDO::PARAM_STR);
				$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
				$query->bindValue(':set', time(), PDO::PARAM_INT);
				
				if(isset($_POST['reason'])) {
					$query->bindValue(':reason', $_POST['reason'], PDO::PARAM_STR);
				} else {
					$query->bindValue(':reason', null, PDO::PARAM_NULL);
				}
				
				// Record the action
				modLog("Created a ban for {$_POST['ip']} with reason {$_POST['reason']}");
				
				$query->execute() or error(db_error($query));
				
				// Delete too
				if($mod['type'] >= $config['mod']['delete'] && isset($_POST['delete']) && isset($_POST['board'])) {
					openBoard($_POST['board']);
					
					$post = round($_POST['delete']);
					
					deletePost($post);
					
					// Record the action
					modLog("Deleted post #{$post}");
					
					// Rebuild board
					buildIndex();
				}
				
				// Redirect
				if(isset($_POST['continue']))
					header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
				elseif(isset($board))
					header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
				elseif(isset($_SERVER['HTTP_REFERER']))
					header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
				else
					header('Location: ?/', true, $config['redirect_http']);
			}
		} elseif(preg_match('/^\/' . $regex['board'] . 'ban(&delete)?\/(\d+)$/', $query, $matches)) {
			if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
			// Ban by post
			
			$boardName = $matches[1];
			$delete = isset($matches[2]) && $matches[2] == '&delete';
			$post = $matches[3];
			// Open board
			if(!openBoard($boardName))
				error($config['error']['noboard']);
			
			$query = prepare(sprintf("SELECT `ip`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri']));
			$query->bindValue(':id', $post, PDO::PARAM_INT);
			$query->execute() or error(db_error($query));
			
			if($query->rowCount() < 1) {
				error($config['error']['invalidpost']);
			}
		
			$post = $query->fetch();
			
			$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $delete ? $post['id'] : false, $delete ? $boardName : false);
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'New ban',
				'body'=>$body,
				'mod'=>true
				)
			);
		} elseif(preg_match('/^\/IP\/(\d+\.\d+\.\d+\.\d+|' . $config['ipv6_regex'] . ')$/', $query, $matches)) {
			// View information on an IP address
			
			$ip = $matches[1];
			$host = $config['mod']['dns_lookup'] ? gethostbyaddr($ip) : false;
			
			if($mod['type'] >= $config['mod']['unban'] && isset($_POST['unban'])) {
				$query = prepare("DELETE FROM `bans` WHERE `ip` = :ip");
				$query->bindValue(':ip', $ip);
				$query->execute() or error(db_error($query));
			}
				
			
			$body = '';
			$boards = listBoards();
			foreach($boards as &$_board) {
				openBoard($_board['uri']);
				
				$temp = '';
				$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `time` DESC LIMIT :limit", $_board['uri']));
				$query->bindValue(':ip', $ip);
				$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
				$query->execute() or error(db_error($query));
				
				while($post = $query->fetch()) {
					if(!$post['thread']) {
						$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], '?/', $mod, false);
					} else {
						$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], '?/', $mod);
					}
					$temp .= $po->build(true) . '<hr/>';
				}
				
				if(!empty($temp))
					$body .= '<fieldset><legend>Last ' . $query->rowCount() . ' posts on <a href="?/' .
							sprintf($config['board_path'], $_board['uri']) . $config['file_index'] .
						'">' .
						sprintf($config['board_abbreviation'], $_board['uri']) . ' - ' . $_board['title'] .
						'</a></legend>' . $temp . '</fieldset>';
			}
			
			if($mod['type'] >= $config['mod']['view_ban']) {
				$query = prepare("SELECT * FROM `bans` INNER JOIN `mods` ON `mod` = `id` WHERE `ip` = :ip");
				$query->bindValue(':ip', $ip);
				$query->execute() or error(db_error($query));
				
				if($query->rowCount() > 0) {
					$body .= '<fieldset><legend>Ban' . ($query->rowCount() == 1 ? '' : 's') . ' on record</legend><form action="" method="post" style="text-align:center">';
					
					while($ban = $query->fetch()) {
						$body .= '<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px"><tr><th>Status</th><td>' . 
							($config['mod']['view_banexpired'] && $ban['expires'] != 0 && $ban['expires'] < time() ?
								'Expired'
							: 'Active') .
						'</td></tr>' .
						
						// IP
						'<tr><th>IP</th><td>' . $ban['ip'] . '</td></tr>' .
						
						// Reason
						'<tr><th>Reason</th><td>' . $ban['reason'] . '</td></tr>' .
						
						// Set
						'<tr><th>Set</th><td>' . date($config['post_date'], $ban['set']) . '</td></tr>' .
						
						// Expires
						'<tr><th>Expires</th><td>' . 
							($ban['expires'] == 0 ?
								'<em>Never</em>'
							:
								date($config['post_date'], $ban['expires'])
							) .
						'</td></tr>' .
						
						// Staff
						'<tr><th>Staff</th><td>' .
							($mod['type'] < $config['mod']['view_banstaff'] ?
								($config['mod']['view_banquestionmark'] ?
									'?'
								:
									($ban['type'] == JANITOR ? 'Janitor' :
									($ban['type'] == MOD ? 'Mod' :
									($ban['type'] == ADMIN ? 'Admin' :
									'?')))
								)
							:
								$ban['username']
							) .
						'</td></tr>' .
						
						'</tr></table>';
					}
					
					$body .= '<input type="submit" name="unban" value="Remove ban' . ($query->rowCount() == 1 ? '' : 's') . '" ' .
						($mod['type'] < $config['mod']['unban'] ? 'disabled' : '') .
					'/></form></fieldset>';
				}
			}
			
			if($mod['type'] >= $config['mod']['ip_banform'])
				$body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false);
			
			echo Element('page.html', Array(
				'index'=>$config['root'],
				'title'=>'IP: ' . $ip,
				'subtitle' => $host,
				'body'=>$body,
				'mod'=>true
				)
			);
		} else {
			error($config['error']['404']);
		}
	}
	
	// Close the connection in-case it's still open
	sql_close();
?>