diff --git a/.gitignore b/.gitignore
index 096135f6..cc5bce11 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,7 +15,6 @@ download_attachment.php
 file_limits.php
 footer.txt
 header.txt
-hesk_javascript_v25.js
 hesk_settings.inc.php
 img/add_article.png
 img/add_category.png
@@ -147,7 +146,6 @@ img/tag_off.png
 img/unlock.png
 img/vertical.jpg
 img/view.png
-inc/admin_functions.inc.php
 inc/assignment_search.inc.php
 inc/attachments.inc.php
 inc/calendar/img/cal.gif
@@ -268,3 +266,10 @@ robots.txt
 .idea/
 attachments/__latest.txt
 attachments
+img/ban.png
+img/banned.png
+img/ico_tools.png
+inc/recaptcha/recaptchalib_v2.php
+ip_whois.php
+language/en/emails/reset_password.txt
+language/en/help_files/ticket_list.html
\ No newline at end of file
diff --git a/admin/admin_main.php b/admin/admin_main.php
index 4b72cc43..4fe6e7c2 100644
--- a/admin/admin_main.php
+++ b/admin/admin_main.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
diff --git a/admin/admin_reply_ticket.php b/admin/admin_reply_ticket.php
index c4b11321..bb93285d 100644
--- a/admin/admin_reply_ticket.php
+++ b/admin/admin_reply_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -83,10 +83,54 @@ $hesk_error_buffer = array();
 // Get the message
 $message = hesk_input(hesk_POST('message'));
 
+// Submit as customer?
+$submit_as_customer = isset($_POST['submit_as_customer']) ? true : false;
+
 if (strlen($message))
 {
-	// Attach signature to the message?
-	if ( ! empty($_POST['signature']))
+    // Save message for later and ignore the rest?
+    if ( isset($_POST['save_reply']) )
+    {
+        // Delete any existing drafts from this owner for this ticket
+        hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
+
+        // Save the message draft
+        hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (`owner`, `ticket`, `message`) VALUES (".intval($_SESSION['id']).", ".intval($ticket['id']).", '".hesk_dbEscape($message)."')");
+
+        /* Set reply submitted message */
+        $_SESSION['HESK_SUCCESS'] = TRUE;
+        $_SESSION['HESK_MESSAGE'] = $hesklang['reply_saved'];
+
+        /* What to do after reply? */
+        if ($_SESSION['afterreply'] == 1)
+        {
+            header('Location: admin_main.php');
+        }
+        elseif ($_SESSION['afterreply'] == 2)
+        {
+            /* Get the next open ticket that needs a reply */
+            $res  = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('0','".intval($_SESSION['id'])."') AND " . hesk_myCategories() . " AND `status` IN ('0','1') ORDER BY `owner` DESC, `priority` ASC LIMIT 1");
+
+            if (hesk_dbNumRows($res) == 1)
+            {
+                $row = hesk_dbFetchAssoc($res);
+                $_SESSION['HESK_MESSAGE'] .= '<br /><br />'.$hesklang['rssn'];
+                header('Location: admin_ticket.php?track='.$row['trackid'].'&Refresh='.rand(10000,99999));
+            }
+            else
+            {
+                header('Location: admin_main.php');
+            }
+        }
+        else
+        {
+            header('Location: admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
+        }
+        exit();
+    }
+
+    // Attach signature to the message?
+    if ( ! $submit_as_customer && ! empty($_POST['signature']))
 	{
 	    $message .= "\n\n" . addslashes($_SESSION['signature']) . "\n";
 	}
@@ -153,8 +197,15 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments))
     }
 }
 
-/* Add reply */
-$result = hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
+// Add reply
+if ($submit_as_customer)
+{
+    hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($ticket['name']))."','".hesk_dbEscape($message."<br /><br /><i>{$hesklang['creb']} {$_SESSION['name']}</i>")."',NOW(),'".hesk_dbEscape($myattachments)."')");
+}
+else
+{
+    hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`) VALUES ('".intval($replyto)."','".hesk_dbEscape(addslashes($_SESSION['name']))."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."','".intval($_SESSION['id'])."')");
+}
 
 /* Track ticket status changes for history */
 $revision = '';
@@ -189,15 +240,61 @@ $defaultStatusReplyStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClos
 $staffClosedCheckboxStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1 LIMIT 1"));
 $lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `LockedTicketStatus` = 1 LIMIT 1"));
 
-$new_status = empty($_POST['close']) ? $defaultStatusReplyStatus['ID'] : $staffClosedCheckboxStatus['ID'];
-
-/* --> If a ticket is locked keep it closed */
+// Get new ticket status
+$sql_status = '';
+// -> If locked, keep it resolved
 if ($ticket['locked'])
 {
 	$new_status = $lockedTicketStatus['ID'];
 }
+elseif (isset($_POST['submit_as_status']))
+{
+    $new_status = $_POST['submit_as_status'];
+
+    if ($ticket['status'] != $new_status)
+    {
+        // Does this status close the ticket?
+        $newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `ShortNameContentKey` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `ID` = '.hesk_dbEscape($new_status));
+        $newStatus = hesk_dbFetchAssoc($newStatusRs);
+
+        if ($newStatus['IsClosed'])
+        {
+            $revision   = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+            $sql_status = " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
+
+            // Lock the ticket if customers are not allowed to reopen tickets
+            if ($hesk_settings['custopen'] != 1)
+            {
+                $sql_status .= " , `locked`='1' ";
+            }
+        } else
+        {
+            // Ticket isn't being closed, just add the history to the sql query
+            $revision   = sprintf($hesklang['thist9'],hesk_date(),$hesklang[$newStatus['ShortNameContentKey']],$_SESSION['name'].' ('.$_SESSION['user'].')');
+            $sql_status = " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
+        }
+    }
+}
+// -> Submit as Customer reply
+elseif ($submit_as_customer)
+{
+    //Get the status ID for customer replies
+    $customerReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsCustomerReplyStatus` = 1 LIMIT 1');
+    $customerReplyStatus = hesk_dbFetchAssoc($customerReplyStatusRs);
+    $new_status = $customerReplyStatus['ID'];
+}
+// -> Default: submit as "Replied by staff"
+else
+{
+    //Get the status ID for staff replies
+    $staffReplyStatusRs = hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsDefaultStaffReplyStatus` = 1 LIMIT 1');
+    $staffReplyStatus = hesk_dbFetchAssoc($staffReplyStatusRs);
+    $new_status = $staffReplyStatus['ID'];
+}
+
+$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}',";
+$sql.= $submit_as_customer ? "`lastreplier`='0', `replierid`='0' " : "`lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' ";
 
-$sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$new_status}', `lastreplier`='1', `replierid`='".intval($_SESSION['id'])."' ";
 
 /* Update time_worked or force update lastchange */
 if ($time_worked == '00:00:00')
@@ -216,19 +313,19 @@ if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0)
 }
 
 $sql .= " $priority_sql ";
+$sql .= " $sql_status ";
 
 
-$isNewStatusClosed = empty($_POST['close']) ? $defaultStatusReplyStatus['IsClosed'] : $staffClosedCheckboxStatus['IsClosed'];
-if ($isNewStatusClosed)
+if ( ! $ticket['firstreplyby'] )
 {
-    $revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
-    $sql .= " , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
-
-    if ($hesk_settings['custopen'] != 1)
-    {
-		$sql .= " , `locked`='1' ";
-    }
+    $sql .= " , `firstreply`=NOW(), `firstreplyby`=".intval($_SESSION['id'])." ";
 }
+
+// Keep track of replies to this ticket for easier reporting
+$sql .= " , `replies`=`replies`+1 ";
+$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
+
+// End and execute the query
 $sql .= " WHERE `id`='{$replyto}' LIMIT 1";
 hesk_dbQuery($sql);
 unset($sql);
@@ -247,12 +344,13 @@ $info = array(
 'trackid'		=> $ticket['trackid'],
 'status'		=> $new_status,
 'name'			=> $ticket['name'],
-'lastreplier'	=> $_SESSION['name'],
+'lastreplier'	=> ($submit_as_customer ? $ticket['name'] : $_SESSION['name']),
 'subject'		=> $ticket['subject'],
 'message'		=> stripslashes($message),
 'attachments'	=> $myattachments,
 'dt'			=> hesk_date($ticket['dt'], true),
 'lastchange'	=> hesk_date($ticket['lastchange'], true),
+'id'			=> $ticket['id'],
 );
 
 // 2. Add custom fields to the array
@@ -264,19 +362,26 @@ foreach ($hesk_settings['custom_fields'] as $k => $v)
 // 3. Make sure all values are properly formatted for email
 $ticket = hesk_ticketToPlain($info, 1, 0);
 
-// Notify the customer
-if ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1)
+// Notify the assigned staff?
+if ($submit_as_customer)
+{
+    if ($ticket['owner'] && $ticket['owner'] != $_SESSION['id'])
+    {
+        hesk_notifyAssignedStaff(false, 'new_reply_by_customer', 'notify_reply_my');
+    }
+}
+// Notify customer?
+elseif ( ! isset($_POST['no_notify']) || intval( hesk_POST('no_notify') ) != 1)
 {
 	hesk_notifyCustomer('new_reply_by_staff');
 }
 
+// Delete any existing drafts from this owner for this ticket
+hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
+
 /* Set reply submitted message */
 $_SESSION['HESK_SUCCESS'] = TRUE;
 $_SESSION['HESK_MESSAGE'] = $hesklang['reply_submitted'];
-if (!empty($_POST['close']))
-{
-    $_SESSION['HESK_MESSAGE'] .= '<br /><br />'.$hesklang['ticket_marked'].' <span class="resolved">'.$hesklang['closed'].'</span>';
-}
 
 /* What to do after reply? */
 if ($_SESSION['afterreply'] == 1)
diff --git a/admin/admin_settings.php b/admin/admin_settings.php
index d2cd8f43..b474eb2b 100644
--- a/admin/admin_settings.php
+++ b/admin/admin_settings.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -395,44 +395,6 @@ if ( defined('HESK_DEMO') )
           }
         };
 
-
-        function setCookie(name, value, expires, path, domain, secure)
-        {
-            document.cookie= name + "=" + escape(value) +
-                ((expires) ? "; expires=" + expires.toGMTString() : "") +
-                ((path) ? "; path=" + path : "") +
-                ((domain) ? "; domain=" + domain : "") +
-                ((secure) ? "; secure" : "");
-        }
-
-        function getCookie(name)
-        {
-            var dc = document.cookie;
-            var prefix = name + "=";
-            var begin = dc.indexOf("; " + prefix);
-            if (begin == -1) {
-                begin = dc.indexOf(prefix);
-                if (begin != 0) return null;
-            } else {
-                begin += 2;
-            }
-            var end = document.cookie.indexOf(";", begin);
-            if (end == -1) {
-                end = dc.length;
-            }
-            return unescape(dc.substring(begin + prefix.length, end));
-        }
-
-        function deleteCookie(name, path, domain)
-        {
-            if (getCookie(name)) {
-                document.cookie = name + "=" +
-                    ((path) ? "; path=" + path : "") +
-                    ((domain) ? "; domain=" + domain : "") +
-                    "; expires=Thu, 01-Jan-70 00:00:01 GMT";
-            }
-        }
-
         var server_time = "<?php echo $server_time; ?>";
         var today = new Date();
         today.setHours(server_time.substr(0,server_time.indexOf(":")));
@@ -475,6 +437,7 @@ if ( defined('HESK_DEMO') )
               <li><a href="#knowledgebase" data-toggle="tab"><?php echo $hesklang['tab_3']; ?></a></li>
               <li><a href="#customFields" data-toggle="tab"><?php echo $hesklang['tab_4']; ?></a></li>
               <li><a href="#email" data-toggle="tab"><?php echo $hesklang['tab_6']; ?></a></li>
+              <li><a href="#ticket-list" data-toggle="tab"><?php echo $hesklang['tab_7']; ?></a></li>
               <li><a href="#misc" data-toggle="tab"><?php echo $hesklang['tab_5']; ?></a></li>
               <li class="dropdown">
                   <a href="#" id="modsForHeskDropdown" class="dropdown-toggle" data-toggle="dropdown">
@@ -732,6 +695,18 @@ if ( defined('HESK_DEMO') )
                                 ?>    
                             </div>
                         </div>
+                        <div class="form-group">
+                            <label for="s_custclose" class="col-sm-6 control-label"><?php echo $hesklang['ccct']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#67','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['custclose'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['custclose'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_custclose" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_custclose" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
+                                ?>
+                            </div>
+                        </div>
                         <div class="form-group">
                             <label for="s_custopen" class="col-sm-6 control-label"><?php echo $hesklang['s_ucrt']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#16','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
                             <div class="col-sm-6 form-inline">
@@ -756,6 +731,30 @@ if ( defined('HESK_DEMO') )
                                 ?>    
                             </div>
                         </div>
+                        <div class="form-group">
+                            <label for="s_time_worked" class="col-sm-6 control-label"><?php echo $hesklang['ts']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#66','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['time_worked'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['time_worked'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_time_worked" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_time_worked" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
+                                ?>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="s_spam_notice" class="col-sm-6 control-label"><?php echo $hesklang['spamn']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#68','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['spam_notice'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['spam_notice'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_spam_notice" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_spam_notice" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
+                                ?>
+                            </div>
+                        </div>
                         <div class="form-group">
                             <label for="s_list_users" class="col-sm-6 control-label"><?php echo $hesklang['lu']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#14','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
                             <div class="col-sm-6 form-inline">
@@ -768,18 +767,6 @@ if ( defined('HESK_DEMO') )
                                 ?>
                             </div>
                         </div>
-                        <div class="form-group">
-                            <label for="s_short_link" class="col-sm-6 control-label"><?php echo $hesklang['shu']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#63','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
-                            <div class="col-sm-6 form-inline">
-                                <?php
-                                $on = $hesk_settings['short_link'] ? 'checked="checked"' : '';
-                                $off = $hesk_settings['short_link'] ? '' : 'checked="checked"';
-                                echo '
-                                <div class="radio"><label><input type="radio" name="s_short_link" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
-                                <div class="radio"><label><input type="radio" name="s_short_link" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
-                                ?>    
-                            </div>
-                        </div>
                     </div>
                     <!-- Second column -->
                     <div class="col-md-6">
@@ -831,6 +818,29 @@ if ( defined('HESK_DEMO') )
                                 ?>    
                             </div>
                         </div>
+                        <div class="form-group">
+                            <label for="s_short_link" class="col-sm-6 control-label"><?php echo $hesklang['shu']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#63','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['short_link'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['short_link'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_short_link" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_short_link" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
+                                ?>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label class="col-sm-6 control-label"><?php echo $hesklang['select']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#65','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                            <div class="col-sm-6">
+                                <div class="checkbox">
+                                    <label><input type="checkbox" name="s_select_cat" value="1" <?php if ($hesk_settings['select_cat']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['category']; ?></label>
+                                </div>
+                                <div class="checkbox">
+                                    <label><input type="checkbox" name="s_select_pri" value="1" <?php if ($hesk_settings['select_pri']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['priority']; ?></label>
+                                </div>
+                            </div>
+                        </div>
                     </div>
                 </div>
 
@@ -862,13 +872,18 @@ if ( defined('HESK_DEMO') )
                         <?php
 
                         $on  = '';
+                        $on2 = '';
                         $off = '';
                         $div = 'block';
 
-                        if ($hesk_settings['recaptcha_use'])
+                        if ($hesk_settings['recaptcha_use'] == 1)
                         {
                             $on = 'checked="checked"';
                         }
+                        elseif ($hesk_settings['recaptcha_use'] == 2)
+                        {
+                            $on2 = 'checked="checked"';
+                        }
                         else
                         {
                             $off = 'checked="checked"';
@@ -877,6 +892,7 @@ if ( defined('HESK_DEMO') )
                         ?>
 
                         <div class="radio"><label><input type="radio" name="s_recaptcha_use" value="0" onclick="javascript:hesk_toggleLayer('recaptcha','none')" <?php echo $off; ?> /> <?php echo $hesklang['sis']; ?></label></div><br/>
+                        <div class="radio"><label><input type="radio" name="s_recaptcha_use" value="2" onclick="javascript:hesk_toggleLayer('recaptcha','block')" <?php echo $on2; ?> /> <?php echo $hesklang['sir2']; ?></label> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></div> <br />
                         <div class="radio"><label><input type="radio" name="s_recaptcha_use" value="1" onclick="javascript:hesk_toggleLayer('recaptcha','block')" <?php echo $on; ?> /> <?php echo $hesklang['sir']; ?></label> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></div> <br />
 
                             <div id="recaptcha" style="display: <?php echo $div; ?>;">
@@ -884,24 +900,13 @@ if ( defined('HESK_DEMO') )
                                 &nbsp;<br />
 
                                 <label for="s_recaptcha_public_key" class="control-label"><?php echo $hesklang['rcpb']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
-                                <input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpb']; ?>" name="s_recaptcha_public_key" size="40" maxlength="255" value="<?php echo $hesk_settings['recaptcha_public_key']; ?>" /><br />
+                                <input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpb']; ?>" name="s_recaptcha_public_key" size="50" maxlength="255" value="<?php echo $hesk_settings['recaptcha_public_key']; ?>" /><br />
                                 &nbsp;<br />
 
                                 <label for="s_recaptcha_private_key" class="control-label"><?php echo $hesklang['rcpv']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
-                                <input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpv']; ?>" name="s_recaptcha_private_key" size="40" maxlength="255" value="<?php echo $hesk_settings['recaptcha_private_key']; ?>" /><br />
+                                <input type="text" class="form-control" placeholder="<?php echo $hesklang['rcpv']; ?>" name="s_recaptcha_private_key" size="50" maxlength="255" value="<?php echo $hesk_settings['recaptcha_private_key']; ?>" /><br />
                                 &nbsp;<br />
-
-                                <label for="s_recaptcha_ssl" class="control-label"><?php echo $hesklang['rcsl']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
-                                <?php
-                                $on = $hesk_settings['recaptcha_ssl'] ? 'checked="checked"' : '';
-                                $off = $hesk_settings['recaptcha_ssl'] ? '' : 'checked="checked"';
-                                echo '
-                                <div class="radio"><label><input type="radio" name="s_recaptcha_ssl" value="0" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
-                                <div class="radio"><label><input type="radio" name="s_recaptcha_ssl" value="1" '.$on.' /> '.$hesklang['on'].'</label></div>';
-                                ?>
-
                             </div>
-
                     </div>
                 </div>
             </div>
@@ -958,6 +963,14 @@ if ( defined('HESK_DEMO') )
                     <input type="text" class="form-control" placeholder="<?php echo $hesklang['banmin']; ?>" name="s_attempt_banmin" size="5" maxlength="3" value="<?php echo $hesk_settings['attempt_banmin']; ?>" />    
                 </div>
             </div>
+            <div class="form-group">
+                <label for="s_reset_pass" class="col-sm-3 control-label"><?php echo $hesklang['passr']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#69','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                <div class="col-sm-9">
+                    <div class="checkbox">
+                        <label><input type="checkbox" name="s_reset_pass" value="1" <?php if ($hesk_settings['reset_pass']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['passa']; ?></label>
+                    </div>
+                </div>
+            </div>
             <div class="form-group">
                 <label for="s_email_view_ticket" class="col-sm-3 control-label"><?php echo $hesklang['viewvtic']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#46','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
                 <div class="col-sm-9">
@@ -1059,18 +1072,19 @@ if ( defined('HESK_DEMO') )
         </div>
 
               <div class="tab-pane fade in" id="knowledgebase">
-                <h6 style="font-weight: bold"><?php echo $hesklang['kb_text']; ?></h6>
+                <h6 style="font-weight: bold"><?php echo $hesklang['kb_set']; ?></h6>
                 <div class="footerWithBorder blankSpace"></div>
-
                 <div class="form-group">
                     <label for="s_kb_enable" class="col-sm-3 control-label"><?php echo $hesklang['s_ekb']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>knowledgebase.html#22','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
                     <div class="col-sm-9 form-inline">
                         <?php
-                        $on = $hesk_settings['kb_enable'] ? 'checked="checked"' : '';
+                        $on = $hesk_settings['kb_enable'] == 1 ? 'checked="checked"' : '';
                         $off = $hesk_settings['kb_enable'] ? '' : 'checked="checked"';
+                        $only = $hesk_settings['kb_enable'] == 2 ? 'checked="checked"' : '';
                         echo '
-                        <div class="radio"><label><input type="radio" name="s_kb_enable" value="0" '.$off.' /> '.$hesklang['disable'].'</label></div>&nbsp;&nbsp;&nbsp;
-                        <div class="radio"><label><input type="radio" name="s_kb_enable" value="1" '.$on.' /> '.$hesklang['enable'].'</label></div>';
+                        <div class="radio"><label><input type="radio" name="s_kb_enable" value="1" '.$on.' /> '.$hesklang['enable'].'</label></div>&nbsp;&nbsp;&nbsp;
+                        <div class="radio"><label><input type="radio" name="s_kb_enable" value="2" '.$only.' /> '.$hesklang['ekb_o'].'</label></div>&nbsp;&nbsp;&nbsp;
+                        <div class="radio"><label><input type="radio" name="s_kb_enable" value="0" '.$off.' /> '.$hesklang['ekb_n'].'</label></div>';
                         ?>
                     </div>
                 </div>
@@ -1081,8 +1095,8 @@ if ( defined('HESK_DEMO') )
                         $on = $hesk_settings['kb_wysiwyg'] ? 'checked="checked"' : '';
                         $off = $hesk_settings['kb_wysiwyg'] ? '' : 'checked="checked"';
                         echo '
-                        <div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="0" '.$off.' /> '.$hesklang['disable'].'</label></div>&nbsp;&nbsp;&nbsp;
-                        <div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="1" '.$on.' /> '.$hesklang['enable'].'</label></div>';
+                        <div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="0" '.$off.' /> '.$hesklang['no'].'</label></div>&nbsp;&nbsp;&nbsp;
+                        <div class="radio"><label><input type="radio" name="s_kb_wysiwyg" value="1" '.$on.' /> '.$hesklang['yes'].'</label></div>';
                         ?>
                     </div>
                 </div>
@@ -1208,6 +1222,15 @@ if ( defined('HESK_DEMO') )
                         <p class="form-control-static"><?php echo $hesklang['s_onkb']; ?></p>
                     </div>
                 </div>
+                <div class="form-group">
+                    <label for="s_kb_related" class="col-sm-3 control-label"><?php echo $hesklang['s_relart']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>knowledgebase.html#60','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                    <div class="col-sm-3">
+                        <input type="text" class="form-control" placeholder="<?php echo $hesklang['s_relart']; ?>" name="s_kb_related" size="5" maxlength="2" value="<?php echo $hesk_settings['kb_related']; ?>" />
+                    </div>
+                    <div class="col-sm-6" style="padding-left:0px">
+                        <p class="form-control-static"><?php echo $hesklang['s_onin']; ?></p>
+                    </div>
+                </div>
               </div>
 
                 <!-- Custom Fields Tab -->
@@ -1466,8 +1489,8 @@ if ( defined('HESK_DEMO') )
                         }
 
                         echo '
-                        <div class="radio"><label><input type="radio" name="s_pop3" value="0" onclick="hesk_attach_disable(new Array(\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
-                        <div class="radio"><label><input type="radio" name="s_pop3" value="1" onclick="hesk_attach_enable(new Array(\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');"  '.$on.' /> '.$hesklang['on'].'</label></div>';
+                        <div class="radio"><label><input type="radio" name="s_pop3" value="0" onclick="hesk_attach_disable(new Array(\'p0\',\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');" '.$off.' /> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
+                        <div class="radio"><label><input type="radio" name="s_pop3" value="1" onclick="hesk_attach_enable(new Array(\'p0\',\'p1\',\'p2\',\'p3\',\'p4\',\'p5\',\'p6\',\'p7\',\'p8\'))" onchange="hesk_toggleLayerDisplay(\'pop3_settings\');"  '.$on.' /> '.$hesklang['on'].'</label></div>';
                         ?>
                         <input type="hidden" name="tmp_pop3_host_name" value="<?php echo $hesk_settings['pop3_host_name']; ?>" />
                         <input type="hidden" name="tmp_pop3_host_port" value="<?php echo $hesk_settings['pop3_host_port']; ?>" />
@@ -1478,6 +1501,12 @@ if ( defined('HESK_DEMO') )
                     </div>
                 </div>
                 <div id="pop3_settings" style="display:<?php echo $onload_div; ?>">
+                    <div class="form-group">
+                        <label for="s_pop3_job_wait" class="col-sm-3 control-label"><?php echo $hesklang['pjt']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#59','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="<?php echo $hesklang['pjt']; ?>" id="p0" name="s_pop3_job_wait" size="40" maxlength="255" value="<?php echo $hesk_settings['pop3_job_wait']; ?>" <?php echo $onload_status; ?> /> <?php echo $hesklang['pjt2']; ?>
+                        </div>
+                    </div>
                     <div class="form-group">
                         <label for="s_pop3_host_name" class="col-sm-3 control-label"><?php echo $hesklang['pop3h']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#59','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
                         <div class="col-sm-9">
@@ -1612,7 +1641,7 @@ if ( defined('HESK_DEMO') )
                         </div>
                     </div>
 
-                    <h6 syle="font-weight: bold"><?php echo $hesklang['suge']; ?></h6>
+                    <h6 style="font-weight: bold"><?php echo $hesklang['suge']; ?></h6>
                     <div class="footerWithBorder blankSpace"></div>
 
                     <div class="form-group">
@@ -1655,6 +1684,36 @@ if ( defined('HESK_DEMO') )
                         </tr>
                         </table>
                     </div>
+
+                    <h6 style="font-weight: bold"><?php echo $hesklang['custnot']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#65','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></h6>
+                    <div class="footerWithBorder blankSpace"></div>
+                    <div class="form-group">
+                        <label for="s_notify_new" class="col-sm-3 control-label"><?php echo $hesklang['notnew']; ?></label>
+                        <div class="col-sm-9">
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="s_notify_new" value="1" onchange="hesk_toggleLayerDisplay('skip_notify');" <?php if ($hesk_settings['notify_new']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['enable']; ?></label>
+                            </div>
+                        </div>
+                    </div>
+                    <div id="skip_notify" style="display:<?php echo $hesk_settings['notify_new'] ? 'block' : 'none'; ?>">
+                        <div class="form-group">
+                            <div class="col-sm-9 col-sm-offset-3">
+                                <div class="checkbox">
+                                    <label><input type="checkbox" name="s_notify_new" value="1" <?php if ($hesk_settings['notify_skip_spam']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['enn']; ?></label>
+                                </div>
+                                <textarea name="s_notify_spam_tags" rows="5" cols="40" class="form-control" /><?php echo hesk_htmlspecialchars( implode("\n", $hesk_settings['notify_spam_tags']) ); ?></textarea>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_notify_closed" class="col-sm-3 control-label"><?php echo $hesklang['notclo']; ?></label>
+                        <div class="col-sm-9">
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="s_notify_closed" value="1" <?php if ($hesk_settings['notify_closed']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['enable']; ?></label>
+                            </div>
+                        </div>
+                    </div>
+
                     <h6 style="font-weight: bold"><?php echo $hesklang['other']; ?></h6>
                     <div class="footerWithBorder blankSpace"></div>
 
@@ -1666,6 +1725,14 @@ if ( defined('HESK_DEMO') )
                             </div>    
                         </div>
                     </div>
+                    <div class="form-group">
+                        <label for="s_eml_req_msg" class="col-sm-3 control-label"><?php echo $hesklang['emlreqmsg']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#66','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                        <div class="col-sm-9">
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="s_eml_req_msg" value="1" <?php if ($hesk_settings['eml_req_msg']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['emlreqmsg2']; ?></label>
+                            </div>
+                        </div>
+                    </div>
                     <div class="form-group">
                         <label for="s_save_embedded" class="col-sm-3 control-label"><?php echo $hesklang['embed']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#64','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
                         <div class="col-sm-9">
@@ -1717,6 +1784,39 @@ if ( defined('HESK_DEMO') )
                     </div>
               </div>
 
+              <!-- Ticket List Tab -->
+              <div class="tab-pane fade in" id="ticket-list">
+                  <div class="form-group">
+                      <label for="s_open_only" class="col-sm-3 control-label"><?php echo $hesklang['fitl']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>ticket_list.html#1','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                      <div class="col-sm-9">
+                          <?php
+                          // List available fields
+                          foreach ($hesk_settings['possible_ticket_list'] as $key => $title)
+                          {
+                              echo '
+                              <div class="checkbox">
+                                  <label><input type="checkbox" name="s_tl_'.$key.'" value="1" '.( in_array($key, $hesk_settings['ticket_list']) ? 'checked="checked"' : '' ).'/> '.$title.'</label>
+                              </div>
+                              ';
+                          }
+                          ?>
+                      </div>
+                  </div>
+                  <div class="blankSpace"></div>
+                  <div class="form-group">
+                      <label for="s_open_only" class="col-sm-3 control-label"><?php echo $hesklang['lcf']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>ticket_list.html#2','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                      <div class="col-sm-9 form-inline">
+                          <?php
+
+                          echo '
+                          <div class="radio"><label><input type="radio" name="s_updatedformat" value="2" '.($hesk_settings['updatedformat'] == 2 ? 'checked="checked"' : '').' /> '.$hesklang['lcf2'].'</label></div><br>
+                          <div class="radio"><label><input type="radio" name="s_updatedformat" value="1" '.($hesk_settings['updatedformat'] == 1 ? 'checked="checked"' : '').' /> '.$hesklang['lcf1'].'</label></div><br>
+                          <div class="radio"><label><input type="radio" name="s_updatedformat" value="0" '.($hesk_settings['updatedformat'] == 0 ? 'checked="checked"' : '').' /> '.$hesklang['lcf0'].'</label></div>';
+                          ?>
+                      </div>
+                  </div>
+              </div>
+
                 <!-- Miscellaneous Tab -->
               <div class="tab-pane fade in" id="misc">
                 <h6 style="font-weight: bold"><?php echo $hesklang['dat']; ?></h6>
@@ -1772,6 +1872,21 @@ if ( defined('HESK_DEMO') )
                 <h6 style="font-weight: bold"><?php echo $hesklang['other']; ?></h6>
                 <div class="footerWithBorder blankSpace"></div>
 
+                <div class="form-group">
+                    <label for="s_ip_whois" class="col-sm-3 control-label"><?php echo $hesklang['ip_whois']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>misc.html#61','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                    <div class="col-sm-9">
+                        <input type="text" class="form-control" name="s_ip_whois" size="40" maxlength="255" value="<?php echo $hesk_settings['ip_whois']; ?>" />
+                    </div>
+                </div>
+                <br>
+                <div class="form-group">
+                    <label for="s_maintenance_mode" class="col-sm-3 control-label"><?php echo $hesklang['mms']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>misc.html#62','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
+                    <div class="col-sm-9">
+                        <div class="checkbox">
+                            <label><input type="checkbox" name="s_maintenance_mode" value="1" <?php if ($hesk_settings['maintenance_mode']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['mmd']; ?></label>
+                        </div>
+                    </div>
+                </div>
                 <div class="form-group">
                     <label for="s_alink" class="col-sm-3 control-label"><?php echo $hesklang['al']; ?> <a href="Javascript:void(0)" onclick="Javascript:hesk_window('<?php echo $help_folder; ?>misc.html#21','400','500')"><i class="fa fa-question-circle settingsquestionmark"></i></a></label>
                     <div class="col-sm-9">
@@ -2367,7 +2482,7 @@ function hesk_testLanguage($return_options = 0)
 	            }
 
                 /* Check if language file is for current version */
-	            if (strpos($tmp,'$hesklang[\'recaptcha_error\']') === false)
+                if (strpos($tmp,'$hesklang[\'ms01\']') === false)
 	            {
 	            	$err .= "              |---->  WRONG VERSION (not ".$hesk_settings['hesk_version'].")\n";
 	            }
diff --git a/admin/admin_settings_save.php b/admin/admin_settings_save.php
index 510e0be9..68e1a293 100644
--- a/admin/admin_settings_save.php
+++ b/admin/admin_settings_save.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -158,13 +158,18 @@ $set['reply_top']		= empty($_POST['s_reply_top']) ? 0 : 1;
 /* --> Features */
 $set['autologin']		= empty($_POST['s_autologin']) ? 0 : 1;
 $set['autoassign']		= empty($_POST['s_autoassign']) ? 0 : 1;
+$set['custclose']		= empty($_POST['s_custclose']) ? 0 : 1;
 $set['custopen']		= empty($_POST['s_custopen']) ? 0 : 1;
 $set['rating']			= empty($_POST['s_rating']) ? 0 : 1;
 $set['cust_urgency']	= empty($_POST['s_cust_urgency']) ? 0 : 1;
 $set['sequential']		= empty($_POST['s_sequential']) ? 0 : 1;
+$set['time_worked']		= empty($_POST['s_time_worked']) ? 0 : 1;
+$set['spam_notice']		= empty($_POST['s_spam_notice']) ? 0 : 1;
 $set['list_users']		= empty($_POST['s_list_users']) ? 0 : 1;
 $set['debug_mode']		= empty($_POST['s_debug_mode']) ? 0 : 1;
 $set['short_link']		= empty($_POST['s_short_link']) ? 0 : 1;
+$set['select_cat']		= empty($_POST['s_select_cat']) ? 0 : 1;
+$set['select_pri']		= empty($_POST['s_select_pri']) ? 0 : 1;
 
 /* --> SPAM prevention */
 $set['secimg_use']		= empty($_POST['s_secimg_use']) ? 0 : ( hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@@ -173,8 +178,7 @@ for ($i=1;$i<=10;$i++)
 {
     $set['secimg_sum'] .= substr('AEUYBDGHJLMNPQRSTVWXZ123456789', rand(0,29), 1);
 }
-$set['recaptcha_use']	= empty($_POST['s_recaptcha_use']) ? 0 : 1;
-$set['recaptcha_ssl']	= empty($_POST['s_recaptcha_ssl']) ? 0 : 1;
+$set['recaptcha_use']	= hesk_checkMinMax( intval( hesk_POST('s_recaptcha_use') ) , 0, 2, 0);
 $set['recaptcha_public_key']	= hesk_input( hesk_POST('s_recaptcha_public_key') );
 $set['recaptcha_private_key']	= hesk_input( hesk_POST('s_recaptcha_private_key') );
 $set['question_use']	= empty($_POST['s_question_use']) ? 0 : 1;
@@ -188,6 +192,7 @@ if ($set['attempt_limit'] > 0)
 	$set['attempt_limit']++;
 }
 $set['attempt_banmin']	= hesk_checkMinMax( intval( hesk_POST('s_attempt_banmin') ) , 5, 99999, 60);
+$set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
 $set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1;
 
 /* --> Attachments */
@@ -233,7 +238,7 @@ else
 /*** KNOWLEDGEBASE ***/
 
 /* --> Knowledgebase settings */
-$set['kb_enable']			= empty($_POST['s_kb_enable']) ? 0 : 1;
+$set['kb_enable']			= hesk_checkMinMax( intval( hesk_POST('s_kb_enable') ) , 0, 2, 1);
 $set['kb_wysiwyg']			= empty($_POST['s_kb_wysiwyg']) ? 0 : 1;
 $set['kb_search']			= empty($_POST['s_kb_search']) ? 0 : ( hesk_POST('s_kb_search') == 2 ? 2 : 1);
 $set['kb_recommendanswers']	= empty($_POST['s_kb_recommendanswers']) ? 0 : 1;
@@ -248,6 +253,7 @@ $set['kb_popart']			= intval( hesk_POST('s_kb_popart') ); // Popular articles on
 $set['kb_latest']			= intval( hesk_POST('s_kb_latest') ); // Popular articles on main category page
 $set['kb_index_popart']		= intval( hesk_POST('s_kb_index_popart') );
 $set['kb_index_latest']		= intval( hesk_POST('s_kb_index_latest') );
+$set['kb_related']			= intval( hesk_POST('s_kb_related') );
 
 
 /*** EMAIL ***/
@@ -258,7 +264,7 @@ $set['smtp'] = empty($_POST['s_smtp']) ? 0 : 1;
 if ($set['smtp'])
 {
 	// Test SMTP connection
-    $smtp_OK = hesk_testSMTP();
+    $smtp_OK = hesk_testSMTP(true);
 
 	// If SMTP not working, disable it
 	if ( ! $smtp_OK)
@@ -268,7 +274,7 @@ if ($set['smtp'])
 }
 else
 {
-	$set['smtp_host_name']	= hesk_input( hesk_POST('tmp_smtp_host_name', 'localhost') );
+	$set['smtp_host_name']	= hesk_input( hesk_POST('tmp_smtp_host_name', 'mail.domain.com') );
 	$set['smtp_host_port']	= intval( hesk_POST('tmp_smtp_host_port', 25) );
 	$set['smtp_timeout']	= intval( hesk_POST('tmp_smtp_timeout', 10) );
 	$set['smtp_ssl']		= empty($_POST['tmp_smtp_ssl']) ? 0 : 1;
@@ -285,8 +291,11 @@ $pop3_OK = true;
 $set['pop3'] = empty($_POST['s_pop3']) ? 0 : 1;
 if ($set['pop3'])
 {
+    // Get POP3 fetching timeout
+    $set['pop3_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_pop3_job_wait') ) , 1, 1440, 15);
+
 	// Test POP3 connection
-    $pop3_OK = hesk_testPOP3();
+    $pop3_OK = hesk_testPOP3(true);
 
 	// If POP3 not working, disable it
 	if ( ! $pop3_OK)
@@ -296,6 +305,7 @@ if ($set['pop3'])
 }
 else
 {
+    $set['pop3_job_wait']	= intval( hesk_POST('s_pop3_job_wait', 15) );
 	$set['pop3_host_name']	= hesk_input( hesk_POST('tmp_pop3_host_name', 'mail.domain.com') );
 	$set['pop3_host_port']	= intval( hesk_POST('tmp_pop3_host_port', 110) );
 	$set['pop3_tls']		= empty($_POST['tmp_pop3_tls']) ? 0 : 1;
@@ -351,13 +361,78 @@ if ( ! $set['detect_typos'] || count($set['email_providers']) < 1 )
 
 $set['email_providers'] = count($set['email_providers']) ?  "'" . implode("','", $set['email_providers']) . "'" : '';
 
+
+/* --> Notify customer when */
+$set['notify_new']		= empty($_POST['s_notify_new']) ? 0 : 1;
+$set['notify_closed']	= empty($_POST['s_notify_closed']) ? 0 : 1;
+
+// SPAM tags
+$set['notify_skip_spam'] = empty($_POST['s_notify_skip_spam']) ? 0 : 1;
+$set['notify_spam_tags'] = array();
+
+if ( ! empty($_POST['s_notify_spam_tags']) && ! is_array($_POST['s_notify_spam_tags']) )
+{
+    $lines = preg_split('/$\R?^/m', $_POST['s_notify_spam_tags']);
+
+    foreach ($lines as $tag)
+    {
+        // Remove dangerous tags just as an extra precaution
+        $tag = str_replace( array('<?php', '<?', '<%', '<script'), '', $tag);
+
+        // Remove excess spaces
+        $tag = trim($tag);
+
+        // Remove anything not utf-8
+        $tag = hesk_clean_utf8($tag);
+
+        // Limit tag length
+        if ( strlen($tag) < 1 || strlen($tag) > 50)
+        {
+            continue;
+        }
+
+        // Escape single quotes and backslashes
+        $set['notify_spam_tags'][] = str_replace( array("\\", "'"), array("\\\\", "\\'"), $tag); // '
+    }
+}
+
+if ( count($set['notify_spam_tags']) < 1 )
+{
+    $set['notify_skip_spam'] = 0;
+    $set['notify_spam_tags'] = array('Spam?}','***SPAM***','[SPAM]','SPAM-LOW:','SPAM-MED:');
+}
+
+$set['notify_spam_tags'] = count($set['notify_spam_tags']) ?  "'" . implode("','", $set['notify_spam_tags']) . "'" : '';
+
 /* --> Other */
 $set['strip_quoted']	= empty($_POST['s_strip_quoted']) ? 0 : 1;
+$set['eml_req_msg']		= empty($_POST['s_eml_req_msg']) ? 0 : 1;
 $set['save_embedded']	= empty($_POST['s_save_embedded']) ? 0 : 1;
 $set['multi_eml']		= empty($_POST['s_multi_eml']) ? 0 : 1;
 $set['confirm_email']	= empty($_POST['s_confirm_email']) ? 0 : 1;
 $set['open_only']		= empty($_POST['s_open_only']) ? 0 : 1;
 
+/*** TICKET LIST ***/
+
+$set['ticket_list'] = array();
+foreach ($hesk_settings['possible_ticket_list'] as $key => $title)
+{
+    if ( hesk_POST('s_tl_'.$key, 0) == 1)
+    {
+        $set['ticket_list'][] = $key;
+    }
+}
+
+// We need at least one of these: id, trackid, subject
+if ( ! in_array('id', $set['ticket_list']) && ! in_array('trackid', $set['ticket_list']) && ! in_array('subject', $set['ticket_list']) )
+{
+    $set['ticket_list'][] = 'trackid';
+}
+
+$set['ticket_list'] = count($set['ticket_list']) ?  "'" . implode("','", $set['ticket_list']) . "'" : 'trackid';
+
+/* --> Other */
+$set['updatedformat']	= hesk_checkMinMax( intval( hesk_POST('s_updatedformat') ) , 0, 2, 2);
 
 /*** MISC ***/
 
@@ -368,6 +443,19 @@ $set['daylight']		= empty($_POST['s_daylight']) ? 0 : 1;
 $set['timeformat']		= hesk_input( hesk_POST('s_timeformat') ) or $set['timeformat'] = 'Y-m-d H:i:s';
 
 /* --> Other */
+$set['ip_whois']		= hesk_input( hesk_POST('s_ip_whois', 'http://whois.domaintools.com/{IP}') );
+
+// If no {IP} tag append it to the end
+if ( strlen($set['ip_whois']) == 0 )
+{
+    $set['ip_whois'] = 'http://whois.domaintools.com/{IP}';
+}
+elseif ( strpos($set['ip_whois'], '{IP}') === false )
+{
+    $set['ip_whois'] .= '{IP}';
+}
+
+$set['maintenance_mode']= empty($_POST['s_maintenance_mode']) ? 0 : 1;
 $set['alink']			= empty($_POST['s_alink']) ? 0 : 1;
 $set['submit_notice']	= empty($_POST['s_submit_notice']) ? 0 : 1;
 $set['online']			= empty($_POST['s_online']) ? 0 : 1;
@@ -599,19 +687,23 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
 // --> Features
 $hesk_settings[\'autologin\']=' . $set['autologin'] . ';
 $hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
+$hesk_settings[\'custclose\']=' . $set['custclose'] . ';
 $hesk_settings[\'custopen\']=' . $set['custopen'] . ';
 $hesk_settings[\'rating\']=' . $set['rating'] . ';
 $hesk_settings[\'cust_urgency\']=' . $set['cust_urgency'] . ';
 $hesk_settings[\'sequential\']=' . $set['sequential'] . ';
+$hesk_settings[\'time_worked\']=' . $set['time_worked'] . ';
+$hesk_settings[\'spam_notice\']=' . $set['spam_notice'] . ';
 $hesk_settings[\'list_users\']=' . $set['list_users'] . ';
 $hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
 $hesk_settings[\'short_link\']=' . $set['short_link'] . ';
+$hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
+$hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
 
 // --> SPAM Prevention
 $hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
 $hesk_settings[\'secimg_sum\']=\'' . $set['secimg_sum'] . '\';
 $hesk_settings[\'recaptcha_use\']=' . $set['recaptcha_use'] . ';
-$hesk_settings[\'recaptcha_ssl\']=' . $set['recaptcha_ssl'] . ';
 $hesk_settings[\'recaptcha_public_key\']=\'' . $set['recaptcha_public_key'] . '\';
 $hesk_settings[\'recaptcha_private_key\']=\'' . $set['recaptcha_private_key'] . '\';
 $hesk_settings[\'question_use\']=' . $set['question_use'] . ';
@@ -621,6 +713,7 @@ $hesk_settings[\'question_ans\']=\'' . $set['question_ans'] . '\';
 // --> Security
 $hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
 $hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
+$hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
 $hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
 
 // --> Attachments
@@ -650,6 +743,7 @@ $hesk_settings[\'kb_popart\']=' . $set['kb_popart'] . ';
 $hesk_settings[\'kb_latest\']=' . $set['kb_latest'] . ';
 $hesk_settings[\'kb_index_popart\']=' . $set['kb_index_popart'] . ';
 $hesk_settings[\'kb_index_latest\']=' . $set['kb_index_latest'] . ';
+$hesk_settings[\'kb_related\']=' . $set['kb_related'] . ';
 
 
 // ==> EMAIL
@@ -669,6 +763,7 @@ $hesk_settings[\'email_piping\']=' . $set['email_piping'] . ';
 
 // --> POP3 Fetching
 $hesk_settings[\'pop3\']=' . $set['pop3'] . ';
+$hesk_settings[\'pop3_job_wait\']=' . $set['pop3_job_wait'] . ';
 $hesk_settings[\'pop3_host_name\']=\'' . $set['pop3_host_name'] . '\';
 $hesk_settings[\'pop3_host_port\']=' . $set['pop3_host_port'] . ';
 $hesk_settings[\'pop3_tls\']=' . $set['pop3_tls'] . ';
@@ -684,13 +779,27 @@ $hesk_settings[\'loop_time\']=' . $set['loop_time'] . ';
 $hesk_settings[\'detect_typos\']=' . $set['detect_typos'] . ';
 $hesk_settings[\'email_providers\']=array(' . $set['email_providers'] . ');
 
+// --> Notify customer when
+$hesk_settings[\'notify_new\']=' . $set['notify_new'] . ';
+$hesk_settings[\'notify_skip_spam\']=' . $set['notify_skip_spam'] . ';
+$hesk_settings[\'notify_spam_tags\']=array(' . $set['notify_spam_tags'] . ');
+$hesk_settings[\'notify_closed\']=' . $set['notify_closed'] . ';
+
 // --> Other
 $hesk_settings[\'strip_quoted\']=' . $set['strip_quoted'] . ';
+$hesk_settings[\'eml_req_msg\']=' . $set['eml_req_msg'] . ';
 $hesk_settings[\'save_embedded\']=' . $set['save_embedded'] . ';
 $hesk_settings[\'multi_eml\']=' . $set['multi_eml'] . ';
 $hesk_settings[\'confirm_email\']=' . $set['confirm_email'] . ';
 $hesk_settings[\'open_only\']=' . $set['open_only'] . ';
 
+// ==> TICKET LIST
+
+$hesk_settings[\'ticket_list\']=array(' . $set['ticket_list'] . ');
+
+// --> Other
+$hesk_settings[\'updatedformat\']=\'' . $set['updatedformat'] . '\';
+
 
 // ==> MISC
 
@@ -701,6 +810,8 @@ $hesk_settings[\'daylight\']=' . $set['daylight'] . ';
 $hesk_settings[\'timeformat\']=\'' . $set['timeformat'] . '\';
 
 // --> Other
+$hesk_settings[\'ip_whois\']=\'' . $set['ip_whois'] . '\';
+$hesk_settings[\'maintenance_mode\']=' . $set['maintenance_mode'] . ';
 $hesk_settings[\'alink\']=' . $set['alink'] . ';
 $hesk_settings[\'submit_notice\']=' . $set['submit_notice'] . ';
 $hesk_settings[\'online\']=' . $set['online'] . ';
@@ -835,7 +946,7 @@ function hesk_getLanguagesArray($returnArray=0)
                 {
                 	$add = 0;
                 }
-                elseif ( ! preg_match('/\$hesklang\[\'recaptcha_error\'\]/', $tmp) )
+                elseif ( ! preg_match('/\$hesklang\[\'ms01\'\]/', $tmp) )
                 {
                 	$add = 0;
                 }
diff --git a/admin/admin_submit_ticket.php b/admin/admin_submit_ticket.php
index a0d347af..9adf7319 100644
--- a/admin/admin_submit_ticket.php
+++ b/admin/admin_submit_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -65,11 +65,21 @@ $hesk_error_buffer = array();
 $tmpvar['name']	    = hesk_input( hesk_POST('name') ) or $hesk_error_buffer['name']=$hesklang['enter_your_name'];
 $tmpvar['email']	= hesk_POST('email');
 $tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat'];
-$tmpvar['priority'] = intval( hesk_POST('priority') );
+$tmpvar['priority'] = hesk_POST('priority');
+$tmpvar['priority'] = strlen($tmpvar['priority']) ? intval($tmpvar['priority']) : -1;
 
 if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3)
 {
-    $hesk_error_buffer['priority']=$hesklang['sel_app_priority'];
+    // If we are showing "Click to select" priority needs to be selected
+    if ($hesk_settings['select_pri'])
+    {
+        $tmpvar['priority'] = -1;
+        $hesk_error_buffer['priority'] = $hesklang['select_priority'];
+    }
+    else
+    {
+        $tmpvar['priority'] = 3;
+    }
 }
 
 $tmpvar['subject']  = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer['subject']=$hesklang['enter_ticket_subject'];
@@ -121,6 +131,7 @@ $tmpvar['trackid'] = hesk_createID();
 
 // Log who submitted ticket
 $tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), $_SESSION['name'].' ('.$_SESSION['user'].')');
+$tmpvar['openedby'] = $_SESSION['id'];
 
 // Owner
 $tmpvar['owner'] = 0;
@@ -214,7 +225,7 @@ if (count($hesk_error_buffer)!=0)
     $_SESSION['as_name']     =  hesk_POST('name');
     $_SESSION['as_email']    =  hesk_POST('email');
     $_SESSION['as_category'] =  hesk_POST('category');
-    $_SESSION['as_priority'] =  hesk_POST('priority');
+    $_SESSION['as_priority'] = $tmpvar['priority'];
     $_SESSION['as_subject']  =  hesk_POST('subject');
     $_SESSION['as_message']  =  hesk_POST('message');
     $_SESSION['as_owner']    = $tmpvar['owner'];
@@ -225,7 +236,7 @@ if (count($hesk_error_buffer)!=0)
 	{
 		if ($v['use'])
 		{
-			$_SESSION["as_$k"] =  hesk_POST($k);
+            $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
 		}
 	}
 
diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index ed4fd551..d44b4efe 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -55,6 +55,10 @@ $can_archive		 = hesk_checkPermission('can_add_archive',0);
 $can_assign_self	 = hesk_checkPermission('can_assign_self',0);
 $can_view_unassigned = hesk_checkPermission('can_view_unassigned',0);
 $can_change_cat		 = hesk_checkPermission('can_change_cat',0);
+$can_ban_emails		 = hesk_checkPermission('can_ban_emails', 0);
+$can_unban_emails	 = hesk_checkPermission('can_unban_emails', 0);
+$can_ban_ips		 = hesk_checkPermission('can_ban_ips', 0);
+$can_unban_ips		 = hesk_checkPermission('can_unban_ips', 0);
 
 // Get ticket ID
 $trackingID = hesk_cleanID() or print_form();
@@ -118,12 +122,12 @@ else
 }
 
 /* Get category name and ID */
-$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
+$result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
 
 /* If this category has been deleted use the default category with ID 1 */
 if (hesk_dbNumRows($result) != 1)
 {
-	$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
+    $result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
 }
 
 $category = hesk_dbFetchAssoc($result);
@@ -141,17 +145,54 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check())
 		$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` DESC LIMIT 1");
         $last_reply_id = hesk_dbResult($res,0,0);
 
-		/* Does this post have any attachments? */
-		$res = hesk_dbQuery("SELECT `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `id`='".intval($n)."' AND `replyto`='".intval($ticket['id'])."' LIMIT 1");
-		$attachments = hesk_dbResult($res,0,0);
+        // Was this post submitted by staff and does it have any attachments?
+        $res = hesk_dbQuery("SELECT `dt`, `staffid`, `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `id`='".intval($n)."' AND `replyto`='".intval($ticket['id'])."' LIMIT 1");
+        $reply = hesk_dbFetchAssoc($res);
+
+        // If the reply was by a staff member update the appropriate columns
+        if ( $reply['staffid'] )
+        {
+            // Is this the only staff reply? Delete "firstreply" and "firstreplyby" columns
+            if ($ticket['staffreplies'] <= 1)
+            {
+                $staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 ';
+            }
+            // Are we deleting the first staff reply? Update "firstreply" and "firstreplyby" columns
+            elseif ($reply['dt'] == $ticket['firstreply'] && $reply['staffid'] == $ticket['firstreplyby'])
+            {
+                // Get the new first reply info
+                $res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' AND `id`!='".intval($n)."' AND `staffid`!=0 ORDER BY `id` ASC LIMIT 1");
+
+                // Did we find the new first reply?
+                if ( hesk_dbNumRows($res) )
+                {
+                    $firstreply = hesk_dbFetchAssoc($res);
+                    $staffreplies_sql = " , `firstreply`='".hesk_dbEscape($firstreply['dt'])."', `firstreplyby`='".hesk_dbEscape($firstreply['staffid'])."', `staffreplies`=`staffreplies`-1 ";
+                }
+                // The count must have been wrong, update it
+                else
+                {
+                    $staffreplies_sql = ' , `firstreply`=NULL, `firstreplyby`=NULL, `staffreplies`=0 ';
+                }
+            }
+            // OK, this is not the first and not the only staff reply, just reduce number
+            else
+            {
+                $staffreplies_sql = ' , `staffreplies`=`staffreplies`-1 ';
+            }
+        }
+        else
+        {
+            $staffreplies_sql = '';
+        }
 
 		/* Delete any attachments to this post */
-		if ( strlen($attachments) )
+        if ( strlen($reply['attachments']) )
 		{
         	$hesk_settings['server_path'] = dirname(dirname(__FILE__));
 
 			/* List of attachments */
-			$att=explode(',',substr($attachments, 0, -1));
+            $att=explode(',',substr($reply['attachments'], 0, -1));
 			foreach ($att as $myatt)
 			{
 				list($att_id, $att_name) = explode('#', $myatt);
@@ -178,27 +219,68 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check())
         }
         else
         {
+            $closed_sql = '';
+            $changeStatusRs = hesk_dbQuery('SELECT `id`, `LockedTicketStatus`, `IsCustomerReplyStatus`, `IsDefaultStaffReplyStatus`, `IsNewTicketStatus`
+                                                  FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses`
+                                                  WHERE `LockedTicketStatus` = 1
+                                                    OR `IsCustomerReplyStatus` = 1
+                                                    OR `IsDefaultStaffReplyStatus` = 1
+                                                    OR `IsNewTicketStatus` = 1');
+            $lockedTicketStatus = '';
+            $customerReplyStatus = '';
+            $defaultStaffReplyStatus = '';
+            $newTicketStatus = '';
+            while ($row = hesk_dbFetchAssoc($changeStatusRs))
+            {
+                if ($row['LockedTicketStatus']) {
+                    $lockedTicketStatus = $row['id'];
+                } elseif ($row['IsCustomerReplyStatus']) {
+                    $customerReplyStatus = $row['id'];
+                } elseif ($row['IsDefaultStaffReplyStatus']) {
+                    $defaultStaffReplyStatus = $row['id'];
+                } elseif ($row['IsNewTicketStatus']) {
+                    $newTicketStatus = $row['id'];
+                }
+            }
+
 			/* Reply deleted. Need to update status and last replier? */
-			$res = hesk_dbQuery("SELECT `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` DESC LIMIT 1");
+            $res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` DESC LIMIT 1");
 			if (hesk_dbNumRows($res))
 			{
-				$replier_id = hesk_dbResult($res,0,0);
+                $replier_id = hesk_dbResult($res,0,1);
                 $last_replier = $replier_id ? 1 : 0;
 
 				/* Change status? */
                 $status_sql = '';
 				if ($last_reply_id == $n)
 				{
-					$status = $ticket['locked'] ? 3 : ($last_replier ? 2 : 1);
+					$status = $ticket['locked'] ? $lockedTicketStatus : ($last_replier ? $defaultStaffReplyStatus : $customerReplyStatus);
                     $status_sql = " , `status`='".intval($status)."' ";
+
+                    // Update closedat and closedby columns as required
+                    if ($status == $lockedTicketStatus)
+                    {
+                        $closed_sql = " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id'])." ";
+                    }
 				}
 
-				hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='".intval($replier_id)."' $status_sql WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
+                hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='".intval($replier_id)."', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
 			}
 			else
 			{
-            	$status = $ticket['locked'] ? 3 : 0;
-				hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status' WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
+                // Update status, closedat and closedby columns as required
+                if ($ticket['locked'])
+                {
+                    $status = $lockedTicketStatus;
+                    $closed_sql = " , `closedat`=NOW(), `closedby`=".intval($_SESSION['id'])." ";
+                }
+                else
+                {
+                    $status = $newTicketStatus;
+                    $closed_sql = " , `closedat`=NULL, `closedby`=NULL ";
+                }
+
+                hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
 			}
 
 			hesk_process_messages($hesklang['repl'],$_SERVER['PHP_SELF'],'SUCCESS');
@@ -216,15 +298,47 @@ if (isset($_GET['delnote']) && hesk_token_check())
 	$n = intval( hesk_GET('delnote') );
     if ($n)
     {
-    	if ($can_del_notes)
+        // Get note info
+        $res = hesk_dbQuery("SELECT `who`, `attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$n}");
+
+        if ( hesk_dbNumRows($res) )
         {
-			hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`='".intval($n)."' LIMIT 1");
-        }
-        else
-        {
-        	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`='".intval($n)."' AND `who`='".intval($_SESSION['id'])."' LIMIT 1");
+            $note = hesk_dbFetchAssoc($res);
+
+            // Permission to delete note?
+            if ($can_del_notes || $note['who'] == $_SESSION['id'])
+            {
+                // Delete note
+                hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`='".intval($n)."' LIMIT 1");
+
+                // Delete attachments
+                if ( strlen($note['attachments']) )
+                {
+                    $hesk_settings['server_path'] = dirname(dirname(__FILE__));
+
+                    $attachments = array();
+
+                    $att=explode(',',substr($note['attachments'], 0, -1));
+                    foreach ($att as $myatt)
+                    {
+                        list($att_id, $att_name) = explode('#', $myatt);
+                        $attachments[] = intval($att_id);
+                    }
+
+                    if ( count($attachments) )
+                    {
+                        $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id` IN (".implode(',', $attachments).") ");
+                        while ($file = hesk_dbFetchAssoc($res))
+                        {
+                            hesk_unlink($hesk_settings['server_path'].'/'.$hesk_settings['attach_dir'].'/'.$file['saved_name']);
+                        }
+                        hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id` IN (".implode(',', $attachments).") ");
+                    }
+                }
+            }
         }
     }
+
     header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
     exit();
 }
@@ -232,14 +346,67 @@ if (isset($_GET['delnote']) && hesk_token_check())
 /* Add a note action */
 if (isset($_POST['notemsg']) && hesk_token_check('POST'))
 {
+    // Error buffer
+    $hesk_error_buffer = array();
+
+    // Get message
 	$msg = hesk_input( hesk_POST('notemsg') );
 
-    if ($msg)
+    // Get attachments
+    if ($hesk_settings['attachments']['use'])
     {
-    	/* Add note to database */
-    	$msg = nl2br(hesk_makeURL($msg));
-		hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."')");
+        require(HESK_PATH . 'inc/posting_functions.inc.php');
+        require(HESK_PATH . 'inc/attachments.inc.php');
+        $attachments = array();
+        for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
+        {
+            $att = hesk_uploadFile($i);
+            if ($att !== false && !empty($att))
+            {
+                $attachments[$i] = $att;
+            }
+        }
+    }
+    $myattachments='';
 
+    // We need message and/or attachments to accept note
+    if ( count($attachments) || strlen($msg) || count($hesk_error_buffer) )
+    {
+        // Any errors?
+        if ( count($hesk_error_buffer) != 0 )
+        {
+            $_SESSION['note_message'] = hesk_POST('notemsg');
+
+            // Remove any successfully uploaded attachments
+            if ($hesk_settings['attachments']['use'])
+            {
+                hesk_removeAttachments($attachments);
+            }
+
+            $tmp = '';
+            foreach ($hesk_error_buffer as $error)
+            {
+                $tmp .= "<li>$error</li>\n";
+            }
+            $hesk_error_buffer = $tmp;
+
+            $hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+            hesk_process_messages($hesk_error_buffer,'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
+        }
+
+        // Process attachments
+        if ($hesk_settings['attachments']['use'] && ! empty($attachments) )
+        {
+            foreach ($attachments as $myatt)
+            {
+                hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`ticket_id`,`saved_name`,`real_name`,`size`,`type`) VALUES ('".hesk_dbEscape($trackingID)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."', '1')");
+                $myattachments .= hesk_dbInsertID() . '#' . $myatt['real_name'] .',';
+            }
+        }
+
+        // Add note to database
+        $msg = nl2br(hesk_makeURL($msg));
+        hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."','".hesk_dbEscape($myattachments)."')");
 
         /* Notify assigned staff that a note has been added if needed */
         $users = hesk_dbQuery("SELECT `email`, `notify_note` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE (`id`='".intval($ticket['owner'])."' OR (`isadmin` = '1' AND `notify_note_unassigned` = '1')) AND `id` <> '".intval($_SESSION['id'])."'");
@@ -260,6 +427,8 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
             'message'		=> stripslashes($msg),
             'dt'            => hesk_date($ticket['dt'], true),
             'lastchange'    => hesk_date($ticket['lastchange'], true),
+            'attachments'	=> $myattachments,
+            'id'			=> $ticket['id'],
             );
 
             // 2. Add custom fields to the array
@@ -289,7 +458,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
 }
 
 /* Update time worked */
-if ( ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST'))
+if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['h']) && isset($_POST['m']) && isset($_POST['s']) && hesk_token_check('POST'))
 {
 	$h = intval( hesk_POST('h') );
 	$m = intval( hesk_POST('m') );
@@ -367,7 +536,13 @@ if (isset($_GET['delatt']) && hesk_token_check())
 		$reply = 0;
 	}
 
-	/* Get attachment info */
+    $note = intval( hesk_GET('note', 0) );
+    if ($note < 1)
+    {
+        $note = 0;
+    }
+
+    /* Get attachment info */
 	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
 	if (hesk_dbNumRows($res) != 1)
 	{
@@ -394,6 +569,10 @@ if (isset($_GET['delatt']) && hesk_token_check())
 		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`='".intval($reply)."' LIMIT 1");
 		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
 	}
+    elseif ($note)
+    {
+        hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",','') WHERE `id`={$note} LIMIT 1");
+    }
 	else
 	{
 		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `attachments`=REPLACE(`attachments`,'".hesk_dbEscape($att_id.'#'.$att['real_name']).",',''), `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($ticket['id'])."' LIMIT 1");
@@ -417,7 +596,7 @@ while ($row=hesk_dbFetchAssoc($result))
 
 /* List of users */
 $admins = array();
-$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `id` ASC");
+$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `name` ASC");
 while ($row=hesk_dbFetchAssoc($result))
 {
 	/* Is this an administrator? */
@@ -442,9 +621,15 @@ while ($row=hesk_dbFetchAssoc($result))
 }
 
 /* Get replies */
-$reply = '';
-$result  = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') );
-$replies = hesk_dbNumRows($result);
+if ($ticket['replies'])
+{
+    $reply = '';
+    $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($ticket['id'])."' ORDER BY `id` " . ($hesk_settings['new_top'] ? 'DESC' : 'ASC') );
+}
+else
+{
+    $reply = false;
+}
 
 // Demo mode
 if ( defined('HESK_DEMO') )
@@ -475,7 +660,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 </li>
                 <li class="list-group-item">
                     <strong><?php echo $hesklang['replies']; ?></strong><br/>
-                    <?php echo $replies; ?>
+                    <?php echo $ticket['replies']; ?>
                 </li>
                 <li class="list-group-item">
                     <strong><?php echo $hesklang['owner']; ?></strong><br/>
@@ -496,6 +681,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <strong><?php echo $hesklang['last_replier']; ?></strong><br/>
                     <?php echo $ticket['repliername']; ?>
                 </li>
+                <?php
+                if ($hesk_settings['time_worked']) {
+                ?>
                 <li class="list-group-item">
                     <strong><?php echo $hesklang['ts']; ?></strong><br/>
                     <?php
@@ -543,6 +731,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     }
                     ?>
                 </li>
+                <?php } // End if time_worked ?>
                 <li class="list-group-item">
                     <strong><?php echo $hesklang['parent']; ?></strong>
                     <p><?php
@@ -816,9 +1005,66 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             ?>
             <div class="row">
                 <div class="col-md-12 alert-warning">
-                    <?php if ($can_del_notes || $note['who'] == $_SESSION['id']) { ?><p><a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;delnote=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['delnote']).'?'; ?>');"><i class="fa fa-times"></i> Delete Note</a></p><?php }?>
-                    <p><i><?php echo $hesklang['noteby']; ?> <b><?php echo ($note['name'] ? $note['name'] : $hesklang['e_udel']); ?></b></i> - <?php echo hesk_date($note['dt']); ?></p>
-                    <p><?php echo $note['message']; ?></p>
+                    <div class="row" style="padding-top: 10px; padding-bottom: 10px">
+                        <div class="col-md-8">
+                            <p><i><?php echo $hesklang['noteby']; ?> <b><?php echo ($note['name'] ? $note['name'] : $hesklang['e_udel']); ?></b></i> - <?php echo hesk_date($note['dt']); ?></p>
+                            <?php
+                            // Message
+                            echo $note['message'];
+
+                            // Attachments
+                            if ( $hesk_settings['attachments']['use'] && strlen($note['attachments']) )
+                            {
+                                echo strlen($note['message']) ? '<br /><br />' : '';
+
+                                $att = explode(',', substr($note['attachments'], 0, -1) );
+                                $num = count($att);
+                                foreach ($att as $myatt)
+                                {
+                                    list($att_id, $att_name) = explode('#', $myatt);
+
+                                    // Can edit and delete note (attachments)?
+                                    if ($can_del_notes || $note['who'] == $_SESSION['id'])
+                                    {
+                                        // If this is the last attachment and no message, show "delete ticket" link
+                                        if ($num == 1 && strlen($note['message']) == 0)
+                                        {
+                                            echo '<a href="admin_ticket.php?delnote='.$note['id'].'&amp;track='.$trackingID.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');">
+                                                    <i class="fa fa-times" style="font-size:16px;color:red;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['dela'].'"></i>
+                                                </a> ';
+                                        }
+                                        // Show "delete attachment" link
+                                        else
+                                        {
+                                            echo '<a href="admin_ticket.php?delatt='.$att_id.'&amp;note='.$note['id'].'&amp;track='.$trackingID.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');">
+                                                    <i class="fa fa-times" style="font-size:16px;color:red;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['dela'].'"></i>
+                                                </a> ';
+                                        }
+                                    }
+
+                                    echo '
+                                        <a href="../download_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">
+                                            <i class="fa fa-paperclip" style="font-size:16px;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['dnl'].' '.$att_name.'"></i>
+                                        </a>
+                                        <a href="../download_attachment.php?att_id='.$att_id.'&amp;track='.$trackingID.'">'.$att_name.'</a><br />
+                                    ';
+                                }
+                            }
+                            ?>
+                        </div>
+                        <div class="col-md-4 text-right">
+                            <?php if ($can_del_notes || $note['who'] == $_SESSION['id']) { ?>
+                                <div class="btn-group" role="group">
+                                    <a href="edit_note.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;note=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" class="btn btn-warning">
+                                        <i class="fa fa-pencil"></i>&nbsp;<?php echo $hesklang['ednote']; ?>
+                                    </a>
+                                    <a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;delnote=<?php echo $note['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" class="btn btn-danger">
+                                        <i class="fa fa-times"></i>&nbsp;<?php echo $hesklang['delnote']; ?>
+                                    </a>
+                                </div>
+                            <?php }?>
+                        </div>
+                    </div>
                 </div>
             </div>
         <?php
@@ -836,9 +1082,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 }
                 ?>
 
-                <div id="notesform" style="display:none">
-                    <form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;">
-                        <textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea><br />
+                <div id="notesform" style="display:<?php echo isset($_SESSION['note_message']) ? 'block' : 'none'; ?>">
+                    <form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;" enctype="multipart/form-data">
+                        <textarea class="form-control" name="notemsg" rows="6" cols="60"><?php echo isset($_SESSION['note_message']) ? stripslashes(hesk_input($_SESSION['note_message'])) : ''; ?></textarea><br />
+                        <?php
+                        // attachments
+                        if ($hesk_settings['attachments']['use'])
+                        {
+                            echo '<br />';
+                            for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
+                            {
+                                echo '<input type="file" name="attachment['.$i.']" size="50" /><br />';
+                            }
+                            echo '<br />';
+                        }
+                        ?>
                         <input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>"  /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
                         <i><?php echo $hesklang['nhid']; ?></i>
                         <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
@@ -876,8 +1134,69 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
         <div class="row ticketMessageContainer">
             <div class="col-md-3 col-xs-12">
                 <div class="ticketName"><?php echo $ticket['name']; ?></div>
-                <div class="ticketEmail"><?php echo $ticket['email']; ?></div>
-                <div class="ticketEmail"><?php echo $hesklang['ip']; ?>: <?php echo $ticket['ip']; ?></div>
+                <div class="ticketEmail">
+                    <?php
+                    if ($can_ban_emails && !empty($ticket['email']))
+                    {
+                        if ( $email_id = hesk_isBannedEmail($ticket['email']) )
+                        {
+                            if ($can_unban_emails)
+                            {
+                                echo '<a href="banned_emails.php?a=unban&amp;track='.$trackingID.'&amp;id='.intval($email_id).'&amp;token='.hesk_token_echo(0).'">
+                                        <i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['eisban'].' '.$hesklang['click_unban'].'"></i>
+                                    </a> ';
+                            }
+                            else
+                            {
+                                echo '<i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['eisban'].'"></i>';
+                            }
+                        }
+                        else
+                        {
+                            echo '<a href="banned_emails.php?a=ban&amp;track='.$trackingID.'&amp;email='.urlencode($ticket['email']).'&amp;token='.hesk_token_echo(0).'">
+                                    <i class="fa fa-ban" style="font-size:16px;color:grey" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['savebanemail'].'"></i>
+                                </a> ';
+                        }
+                    }
+                    ?><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a>
+                </div>
+                <div class="ticketEmail"><?php echo $hesklang['ip']; ?>:
+                    <?php
+
+                    // Format IP for lookup
+                    if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown'])
+                    {
+                        echo $hesklang['unknown'];
+                    }
+                    else
+                    {
+                        if ($can_ban_ips)
+                        {
+                            if ( $ip_id = hesk_isBannedIP($ticket['ip']) )
+                            {
+                                if ($can_unban_ips)
+                                {
+                                    echo '<a href="banned_ips.php?a=unban&amp;track='.$trackingID.'&amp;id='.intval($ip_id).'&amp;token='.hesk_token_echo(0).'">
+                                            <i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['ipisban'].' '.$hesklang['click_unban'].'"></i>
+                                        </a> ';
+                                }
+                                else
+                                {
+                                    echo '<i class="fa fa-ban" style="font-size:16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['ipisban'].'"></i>';
+                                }
+                            }
+                            else
+                            {
+                                echo '<a href="banned_ips.php?a=ban&amp;track='.$trackingID.'&amp;ip='.urlencode($ticket['ip']).'&amp;token='.hesk_token_echo(0).'">
+                                        <i class="fa fa-ban" style="font-size:16px;color:grey" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['savebanip'].'"></i>
+                                    </a> ';
+                            }
+                        }
+
+                        echo '<a href="../ip_whois.php?ip=' . urlencode($ticket['ip']) . '">' . $ticket['ip'] . '</a>';
+                    }
+                    ?>
+                </div>
             </div>
             <div class="col-md-9 col-xs-12 pushMarginLeft">
                 <div class="ticketMessageTop withBorder">
@@ -943,6 +1262,37 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 		                    }
 	    	                /* Attachments */
     		                hesk_listAttachments($ticket['attachments'], $i);
+
+                         // Show suggested KB articles
+                         if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && strlen($ticket['articles']) )
+                         {
+                             $suggested = array();
+                             $suggested_list = '';
+
+                             // Get article info from the database
+                             $articles = hesk_dbQuery("SELECT `id`,`subject` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id` IN (".preg_replace('/[^0-9\,]/', '', $ticket['articles']).")");
+                             while ($article=hesk_dbFetchAssoc($articles))
+                             {
+                                 $suggested[$article['id']] = '<a href="../knowledgebase.php?article='.$article['id'].'">'.$article['subject'].'</a><br />';
+                             }
+
+                             // Loop through the IDs to preserve the order they were suggested in
+                             $articles = explode(',', $ticket['articles']);
+                             foreach ($articles as $article)
+                             {
+                                 if ( isset($suggested[$article]) )
+                                 {
+                                     $suggested_list .= $suggested[$article];
+                                 }
+                             }
+
+                             // Finally print suggested articles
+                             if ( strlen($suggested_list) )
+                             {
+                                 $suggested_list = '<hr /><i>'.$hesklang['taws'].'</i><br />' . $suggested_list . '&nbsp;';
+                                 echo $_SESSION['show_suggested'] ? $suggested_list : '<a href="Javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay(\'suggested_articles\')">'.$hesklang['sska'].'</a><span id="suggested_articles" style="display:none">'.$suggested_list.'</span>';
+                             }
+                         }
 		                ?>
                  </div>
             </div>
@@ -978,6 +1328,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 /* Clear unneeded session variables */
 hesk_cleanSessionVars('ticket_message');
 hesk_cleanSessionVars('time_worked');
+hesk_cleanSessionVars('note_message');
 
 require_once(HESK_PATH . 'inc/footer.inc.php');
 
@@ -1009,7 +1360,7 @@ function hesk_listAttachments($attachments='', $reply=0, $white=1)
         /* Can edit and delete tickets? */
         if ($can_edit && $can_delete)
         {
-        	echo '<a href="admin_ticket.php?delatt='.$att_id.'&amp;reply='.$reply.'&amp;track='.$trackingID.'&amp;'.$tmp.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');"><i class="fa fa-times"></i></a> ';
+        	echo '<a href="admin_ticket.php?delatt='.$att_id.'&amp;reply='.$reply.'&amp;track='.$trackingID.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');"><i class="fa fa-times"></i></a> ';
         }
 
 		echo '
@@ -1234,6 +1585,11 @@ function hesk_printTicketReplies() {
 
 	$i = $hesk_settings['new_top'] ? 0 : 1;
 
+    if ($reply === false)
+    {
+        return $i;
+	}
+
 	while ($reply = hesk_dbFetchAssoc($result))
 	{
 		$color = 'class="ticketMessageContainer"';
@@ -1310,20 +1666,26 @@ function hesk_printReplyForm() {
     	        hesk_show_notice($hesklang['tislock']);
             }
 
-            ?>
+            // Track time worked?
+            if ($hesk_settings['time_worked']) {
+                ?>
 
-            <div class="form-group">
-                <label for="time_worked" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?>:</label>
-                <div class="col-sm-6">
-                    <input type="text" class="form-control" name="time_worked" id="time_worked" size="10" value="<?php echo ( isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00'); ?>" />
+                <div class="form-group">
+                    <label for="time_worked" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?>:</label>
+
+                    <div class="col-sm-6">
+                        <input type="text" class="form-control" name="time_worked" id="time_worked" size="10"
+                               value="<?php echo(isset($_SESSION['time_worked']) ? hesk_getTime($_SESSION['time_worked']) : '00:00:00'); ?>"/>
+                    </div>
+                    <div class="col-sm-3 text-right">
+                        <input type="button" class="btn btn-success" onclick="ss()" id="startb"
+                               value="<?php echo $hesklang['start']; ?>"/>
+                        <input type="button" class="btn btn-danger" onclick="r()"
+                               value="<?php echo $hesklang['reset']; ?>"/>
+                    </div>
                 </div>
-                <div class="col-sm-3 text-right">
-                    <input type="button" class="btn btn-success" onclick="ss()" id="startb" value="<?php echo $hesklang['start']; ?>" />
-		            <input type="button" class="btn btn-danger" onclick="r()" value="<?php echo $hesklang['reset']; ?>" />
-                </div>
-            </div>
             <?php
-
+            }
             /* Do we have any canned responses? */
             if (strlen($can_options))
             {
@@ -1345,7 +1707,25 @@ function hesk_printReplyForm() {
             <div class="form-group">
                 <label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>: <font class="important">*</font></label>
                 <div class="col-sm-9">
-                    <span id="HeskMsg"><textarea class="form-control" name="message" id="message" rows="12" placeholder="<?php echo $hesklang['message']; ?>" cols="72"><?php if (isset($_SESSION['ticket_message'])) {echo stripslashes(hesk_input($_SESSION['ticket_message']));} ?></textarea></span>     
+                    <span id="HeskMsg">
+                        <textarea class="form-control" name="message" id="message" rows="12" placeholder="<?php echo $hesklang['message']; ?>" cols="72"><?php
+
+                            // Do we have any message stored in session?
+                            if ( isset($_SESSION['ticket_message']) )
+                            {
+                                echo stripslashes( hesk_input( $_SESSION['ticket_message'] ) );
+                            }
+                            // Perhaps a message stored in reply drafts?
+                            else
+                            {
+                                $res = hesk_dbQuery("SELECT `message` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `owner`=".intval($_SESSION['id'])." AND `ticket`=".intval($ticket['id'])." LIMIT 1");
+                                if (hesk_dbNumRows($res) == 1)
+                                {
+                                    echo hesk_dbResult($res);
+                                }
+                            }
+
+                            ?></textarea></span>
                 </div>
             </div>
             <?php
@@ -1389,10 +1769,6 @@ function hesk_printReplyForm() {
                    $staffClosedOptionStatus = array();
                    $staffClosedOptionStatus['ID'] = $statusRow['ID'];
 
-	                if ($ticket['status'] != $staffClosedOptionStatus['ID'])
-	                {
-		                echo '<label><input type="checkbox" name="close" value="1" /> '.$hesklang['close_this_ticket'].'</label><br />';
-	                }
 	                ?>
 	                <div class="form-inline"><label><input type="checkbox" name="set_priority" value="1" /> <?php echo $hesklang['change_priority']; ?> </label>
 	                <select class="form-control" name="priority">
@@ -1400,13 +1776,44 @@ function hesk_printReplyForm() {
 	                </select></div><br />
 	                <label><input type="checkbox" name="signature" value="1" checked="checked" /> <?php echo $hesklang['attach_sign']; ?></label>
 	                (<a href="profile.php"><?php echo $hesklang['profile_settings']; ?></a>)<br />
-                    <label><input type="checkbox" name="no_notify" value="1" <?php if (empty($ticket['email'])) { echo 'checked="checked" disabled'; } ?>> <?php echo $hesklang['dsen']; ?></label><br/><br/>
+                    <label><input type="checkbox" name="no_notify" value="1" <?php echo ($_SESSION['notify_customer_reply'] && !empty($ticket['email'])) ? '' : 'checked="checked" '; ?> <?php if (empty($ticket['email'])) { echo 'disabled'; } ?>> <?php echo $hesklang['dsen']; ?></label><br/><br/>
                     <?php if (empty($ticket['email'])) {
                         echo '<input type="hidden" name="no_notify" value="1">';
                     } ?>
                     <input type="hidden" name="orig_id" value="<?php echo $ticket['id']; ?>" />
                     <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
-                    <input class="btn btn-default" type="submit" value="<?php echo $hesklang['submit_reply']; ?>" />
+                    <div class="btn-group">
+                        <input class="btn btn-primary" type="submit" value="<?php echo $hesklang['submit_reply']; ?>">
+                        <button type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-expanded="false">
+                            <span class="caret"></span>
+                            <span class="sr-only">Toggle Dropdown</span>
+                        </button>
+                        <ul class="dropdown-menu" role="menu">
+                            <li><a>
+                                <button class="dropdown-submit" type="submit" name="submit_as_customer">
+                                    <?php echo $hesklang['sasc']; ?>
+                                </button>
+                            </a></li>
+                            <li class="divider"></li>
+                            <?php
+                            $allStatusesRs = hesk_dbQuery('SELECT `ID`, `ShortNameContentKey`, `TextColor` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses`');
+                            $statuses = array();
+                            while ($row = hesk_dbFetchAssoc($allStatusesRs)) {
+                                array_push($statuses, $row);
+                            }
+
+                            foreach ($statuses as $status) {
+                                echo '<li><a>
+                                        <button class="dropdown-submit" type="submit" name="submit_as_status" value="'.$status['ID'].'"">
+                                            '.$hesklang['submit_reply'].' '.$hesklang['and_change_status_to'].' <b>
+                                            <span style="color:'.$status['TextColor'].'">'.$hesklang[$status['ShortNameContentKey']].'</span></b>
+                                        </button>
+                                    </a></li>';
+                            }
+                            ?>
+                        </ul>
+                    </div>
+                    <input class="btn btn-default" type="submit" name="save_reply" value="<?php echo $hesklang['save_reply']; ?>"
    
                 </div>
             </div>
diff --git a/admin/banned_emails.php b/admin/banned_emails.php
new file mode 100644
index 00000000..d6063edd
--- /dev/null
+++ b/admin/banned_emails.php
@@ -0,0 +1,338 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_ban_emails');
+$can_unban = hesk_checkPermission('can_unban_emails', 0);
+
+// Define required constants
+define('LOAD_TABS',1);
+
+// What should we do?
+if ( $action = hesk_REQUEST('a') )
+{
+	if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'banned_emails.php', 'NOTICE');}
+	elseif ($action == 'ban')   {ban_email();}
+	elseif ($action == 'unban' && $can_unban) {unban_email();}
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+
+<div class="row" style="padding: 20px">
+    <ul class="nav nav-tabs" role="tablist">
+        <li role="presentation" class="active">
+            <a href="#"><?php echo $hesklang['banemail']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banemail_intro']); ?>')"></i></a>
+        </li>
+        <?php
+        // Show a link to banned_ips.php if user has permission to do so
+        if ( hesk_checkPermission('can_ban_ips',0) )
+        {
+            echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banip'] . '" href="banned_ips.php">'.$hesklang['banip'].'</a>
+            </li>';
+        }
+        // Show a link to status_message.php if user has permission to do so
+        if ( hesk_checkPermission('can_service_msg',0) )
+        {
+            echo '
+            <li role="presentation">
+                <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
+            </li>';
+        }
+        ?>
+    </ul>
+    <div class="tab-content summaryList tabPadding">
+        <script language="javascript" type="text/javascript"><!--
+            function confirm_delete()
+            {
+                if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
+                else {return false;}
+            }
+            //-->
+        </script>
+        <div class="row">
+            <div class="col-md-8">
+                <br><br>
+                <?php
+                /* This will handle error, success and notice messages */
+                hesk_handle_messages();
+                ?>
+                <form action="banned_emails.php" method="post" name="form1" role="form" class="form-horizontal">
+                    <div class="form-group">
+                        <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['bananemail']; ?></label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" name="email" size="30" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>">
+                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                            <input type="hidden" name="a" value="ban" />
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-9 col-sm-offset-3">
+                            <input type="submit" value="<?php echo $hesklang['savebanemail']; ?>" class="btn btn-default">
+                        </div>
+                    </div>
+                </form>
+            </div>
+            <div class="col-md-4">
+                <h6 style="font-weight: bold"><?php echo $hesklang['banex']; ?></h6>
+                <div class="footerWithBorder blankSpace"></div>
+                <b>john@email.com</b><br />
+                <b>@domain.com</b>
+            </div>
+        </div>
+        <div class="row">
+            <?php
+
+            // Get banned emails from database
+            $res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'banned_emails` ORDER BY `email` ASC');
+            $num = hesk_dbNumRows($res);
+
+            echo '<h4>'.$hesklang['eperm'].'</h4>';
+            if ($num < 1)
+            {
+                echo '<p>'.$hesklang['no_banemails'].'</p>';
+            }
+            else
+            {
+                // List of staff
+                if ( ! isset($admins) )
+                {
+                    $admins = array();
+                    $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
+                    while ($row=hesk_dbFetchAssoc($res2))
+                    {
+                        $admins[$row['id']]=$row['name'];
+                    }
+                }
+
+                ?>
+                <table class="table table-hover">
+                    <thead>
+                        <tr>
+                            <th><?php echo $hesklang['email']; ?></th>
+                            <th><?php echo $hesklang['banby']; ?></th>
+                            <th><?php echo $hesklang['date']; ?></th>
+                            <?php
+                            if ($can_unban)
+                            {
+                                ?>
+                                <th><?php echo $hesklang['opt']; ?></th>
+                            <?php
+                            }
+                            ?>
+                        </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+                        while ($ban=hesk_dbFetchAssoc($res))
+                        {
+                        $color = '';
+                        if (isset($_SESSION['ban_email']['id']) && $ban['id'] == $_SESSION['ban_email']['id'])
+                        {
+                        $color = 'success';
+                        unset($_SESSION['ban_email']['id']);
+                        }
+
+                        echo '
+                        <tr>
+                            <td class="'.$color.'" style="text-align:left">'.$ban['email'].'</td>
+                            <td class="'.$color.'" style="text-align:left">'.(isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']).'</td>
+                            <td class="'.$color.'" style="text-align:left">'.$ban['dt'].'</td>
+                            ';
+
+                            if ($can_unban)
+                            {
+                            echo '
+                            <td class="'.$color.'" style="text-align:left;">
+                                <a href="banned_emails.php?a=unban&amp;id='.$ban['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();"
+                                    data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'">
+                                    <i class="fa fa-times" style="color: red; font-size: 16px;"></i>
+                                </a>
+                            </td>
+                            ';
+                            }
+
+                            echo '</tr>';
+                        } // End while
+                    ?>
+                    </tbody>
+                </table>
+                <div align="center">
+                    <table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
+                        <?php
+
+
+
+                        ?>
+                    </table>
+                </div>
+            <?php
+            }
+
+            ?>
+        </div>
+    </div>
+</div>
+
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+function ban_email()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Get the email
+	$email = strtolower( hesk_input( hesk_REQUEST('email') ) );
+
+	// Nothing entered?
+	if ( ! strlen($email) )
+	{
+    	hesk_process_messages($hesklang['enterbanemail'],'banned_emails.php');
+	}
+
+	// Only allow one email to be entered
+	$email = ($index = strpos($email, ',')) ? substr($email, 0,  $index) : $email;
+	$email = ($index = strpos($email, ';')) ? substr($email, 0,  $index) : $email;
+
+	// Validate email address
+	$hesk_settings['multi_eml'] = 0;
+
+	if ( ! hesk_validateEmail($email, '', 0) && ! verify_email_domain($email) )
+	{
+		hesk_process_messages($hesklang['validbanemail'],'banned_emails.php');
+	}
+
+	// Redirect either to banned emails or ticket page from now on
+	$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_emails.php';
+
+	// Prevent duplicate rows
+	if ( $_SESSION['ban_email']['id'] = hesk_isBannedEmail($email) )
+	{
+    	hesk_process_messages( sprintf($hesklang['emailbanexists'], $email) ,$redirect_to,'NOTICE');
+	}
+
+	// Insert the email address into database
+	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` (`email`,`banned_by`) VALUES ('".hesk_dbEscape($email)."','".intval($_SESSION['id'])."')");
+
+	// Remember email that got banned
+	$_SESSION['ban_email']['id'] = hesk_dbInsertID();
+
+	// Show success
+    hesk_process_messages( sprintf($hesklang['email_banned'], $email) ,$redirect_to,'SUCCESS');
+
+} // End ban_email()
+
+
+function unban_email()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Delete from bans
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` WHERE `id`=" . intval( hesk_GET('id') ) . " LIMIT 1");
+
+	// Redirect either to banned emails or ticket page from now on
+	$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_emails.php';
+
+	// Show success
+    hesk_process_messages($hesklang['email_unbanned'],$redirect_to,'SUCCESS');
+
+} // End unban_email()
+
+
+function verify_email_domain($domain)
+{
+    // Does it start with an @?
+	$atIndex = strrpos($domain, "@");
+	if ($atIndex !== 0)
+	{
+		return false;
+	}
+
+	// Get the domain and domain length
+	$domain = substr($domain, 1);
+	$domainLen = strlen($domain);
+
+    // Check domain part length
+	if ($domainLen < 1 || $domainLen > 254)
+	{
+		return false;
+	}
+
+    // Check domain part characters
+	if ( ! preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain) )
+	{
+		return false;
+	}
+
+	// Domain part mustn't have two consecutive dots
+	if ( strpos($domain, '..') !== false )
+	{
+		return false;
+	}
+
+	// All OK
+	return true;
+
+} // END verify_email_domain()
+
+?>
diff --git a/admin/banned_ips.php b/admin/banned_ips.php
new file mode 100644
index 00000000..55db2f73
--- /dev/null
+++ b/admin/banned_ips.php
@@ -0,0 +1,449 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_ban_ips');
+$can_unban = hesk_checkPermission('can_unban_ips', 0);
+
+// Define required constants
+define('LOAD_TABS',1);
+
+// What should we do?
+if ( $action = hesk_REQUEST('a') )
+{
+	if ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'banned_ips.php', 'NOTICE');}
+	elseif ($action == 'ban')   {ban_ip();}
+	elseif ($action == 'unban' && $can_unban) {unban_ip();}
+	elseif ($action == 'unbantemp' && $can_unban) {unban_temp_ip();}
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+
+<div class="row" style="padding: 20px">
+    <ul class="nav nav-tabs" role="tablist">
+        <?php
+        // Show a link to banned_emails.php if user has permission to do so
+        if ( hesk_checkPermission('can_ban_emails',0) )
+        {
+            echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
+            </li>';
+        }
+        ?>
+        <li role="presentation" class="active">
+            <a href="#"><?php echo $hesklang['banip']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['banip_intro']); ?>')"></i></a>
+        </li>
+        <?php
+        // Show a link to status_message.php if user has permission to do so
+        if ( hesk_checkPermission('can_service_msg',0) )
+        {
+            echo '
+            <li role="presentation">
+                <a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
+            </li>';
+        }
+        ?>
+    </ul>
+    <div class="tab-content summaryList tabPadding">
+        <script language="javascript" type="text/javascript"><!--
+            function confirm_delete()
+            {
+                if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
+                else {return false;}
+            }
+            //-->
+        </script>
+        <div class="row">
+            <div class="col-md-8">
+                <?php
+                /* This will handle error, success and notice messages */
+                hesk_handle_messages();
+                ?>
+                <form action="banned_ips.php" method="post" name="form1" role="form" class="form-horizontal">
+                    <div class="form-group">
+                        <label for="ip" class="col-sm-3 control-label"><?php echo $hesklang['bananip']; ?></label>
+                        <div class="col-sm-9">
+                            <input type="text" name="ip" size="30" maxlength="255" class="form-control" placeholder="<?php echo $hesklang['iprange']; ?>">
+                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                            <input type="hidden" name="a" value="ban" />
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-9 col-sm-offset-3">
+                            <input type="submit" value="<?php echo $hesklang['savebanip']; ?>" class="btn btn-default">
+                        </div>
+                    </div>
+                </form>
+            </div>
+            <div class="col-md-4">
+                <h6 style="font-weight: bold"><?php echo $hesklang['banex']; ?></h6>
+                <div class="footerWithBorder blankSpace"></div>
+                <b>123.0.0.0</b><br />
+                <b>123.0.0.1 - 123.0.0.53</b><br />
+                <b>123.0.0.0/24</b><br />
+                <b>123.0.*.*</b>
+            </div>
+        </div>
+        <div class="row">
+            <?php
+
+            // Get login failures
+            $res = hesk_dbQuery("SELECT `ip`, TIMESTAMPDIFF(MINUTE, NOW(), DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE) ) AS `minutes` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `number` >= ".intval($hesk_settings['attempt_limit'])." AND `last_attempt` > (NOW() -  INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE)");
+            $num = hesk_dbNumRows($res);
+
+            echo '<h4>'.$hesklang['iptemp'].'</h4>';
+
+            if ($num > 0)
+            {
+                ?>
+                <table class="table table-hover">
+                    <thead>
+                        <tr>
+                            <th><?php echo $hesklang['ip']; ?></th>
+                            <th><?php echo $hesklang['m2e']; ?></th>
+                            <?php
+                            if ($can_unban)
+                            {
+                                ?>
+                                <th><?php echo $hesklang['opt']; ?></th>
+                            <?php
+                            }
+                            ?>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <?php
+                        while ($ban=hesk_dbFetchAssoc($res))
+                        {
+                            echo '
+                                    <tr>
+                                    <td>'.$ban['ip'].'</td>
+                                    <td>'.$ban['minutes'].'</td>
+                                ';
+
+                            if ($can_unban)
+                            {
+                                echo '
+                                    <td>
+                                        <a href="banned_ips.php?a=ban&amp;ip='.urlencode($ban['ip']).'&amp;token='.hesk_token_echo(0).'"
+                                            data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['ippermban'].'">
+                                            <i class="fa fa-ban" style="color: red; font-size: 16px"></i></a>
+                                        <a href="banned_ips.php?a=unbantemp&amp;ip='.urlencode($ban['ip']).'&amp;token='.hesk_token_echo(0).'"
+                                            data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'" onclick="return confirm_delete();">
+                                            <i class="fa fa-times" style="color: red; font-size: 16px"></i></a>
+                                    </td>
+                                    ';
+                            }
+
+                            echo '</tr>';
+                        } // End while
+
+                        ?>
+                    </tbody>
+                </table>
+            <?php
+            } else
+            {
+                echo '<p>'.$hesklang['no_banips'].'</p>';
+            }
+
+            // Get banned ips from database
+            $res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'banned_ips` ORDER BY `ip_from` ASC');
+            $num = hesk_dbNumRows($res);
+
+            echo '<br><h4>'.$hesklang['ipperm'].'</h4>';
+
+            if ($num < 1)
+            {
+                echo '<p>'.$hesklang['no_banips'].'</p>';
+            }
+            else
+            {
+                // List of staff
+                if ( ! isset($admins) )
+                {
+                    $admins = array();
+                    $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
+                    while ($row=hesk_dbFetchAssoc($res2))
+                    {
+                        $admins[$row['id']]=$row['name'];
+                    }
+                }
+
+                ?>
+                <table class="table table-hover">
+                    <thead>
+                        <tr>
+                            <th><?php echo $hesklang['ip']; ?></th>
+                            <th><?php echo $hesklang['iprange']; ?></th>
+                            <th><?php echo $hesklang['banby']; ?></th>
+                            <th><?php echo $hesklang['date']; ?></th>
+                            <?php
+                            if ($can_unban)
+                            {
+                                ?>
+                                <th><?php echo $hesklang['opt']; ?></th>
+                            <?php
+                            }
+                            ?>
+                        </tr>
+                    </thead>
+                    <tbody>
+                    <?php
+                    while ($ban=hesk_dbFetchAssoc($res))
+                    {
+                        $color = '';
+                        if (isset($_SESSION['ban_ip']['id']) && $ban['id'] == $_SESSION['ban_ip']['id'])
+                        {
+                            $color = 'success';
+                            unset($_SESSION['ban_ip']['id']);
+                        }
+
+                        echo '
+                                <tr>
+                                    <td class="'.$color.'">'.$ban['ip_display'].'</td>
+                                    <td class="'.$color.'">'.( ($ban['ip_to'] == $ban['ip_from']) ? long2ip($ban['ip_to']) : long2ip($ban['ip_from']).' - '.long2ip($ban['ip_to']) ).'</td>
+                                    <td class="'.$color.'">'.(isset($admins[$ban['banned_by']]) ? $admins[$ban['banned_by']] : $hesklang['e_udel']).'</td>
+                                    <td class="'.$color.'">'.$ban['dt'].'</td>
+                            ';
+
+                        if ($can_unban)
+                        {
+                            echo '
+                                <td class="'.$color.'" style="text-align:left;">
+                                    <a href="banned_ips.php?a=unban&amp;id='.$ban['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();"
+                                        data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delban'].'">
+                                        <i class="fa fa-times" style="color: red; font-size: 16px"></i></a>
+                                </td>
+                            ';
+                        }
+
+                        echo '</tr>';
+                    } // End while
+                    ?>
+                    </tbody>
+                </table>
+            <?php
+            }
+
+            ?>
+        </div>
+    </div>
+</div>
+
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+function ban_ip()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Get the ip
+	$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') );
+	$ip_display = str_replace('-', ' - ', $ip);
+
+	// Nothing entered?
+	if ( ! strlen($ip) )
+	{
+    	hesk_process_messages($hesklang['enterbanip'],'banned_ips.php');
+	}
+
+	// Convert asterisk to ranges
+	if ( strpos($ip, '*') !== false )
+	{
+		$ip = str_replace('*', '0', $ip) . '-' . str_replace('*', '255', $ip);
+	}
+
+	$ip_regex = '(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])';
+
+	// Is this a single IP address?
+	if ( preg_match('/^'.$ip_regex.'$/', $ip) )
+	{
+    	$ip_from = ip2long($ip);
+		$ip_to   = $ip_from;
+	}
+    // Is this an IP range?
+	elseif ( preg_match('/^'.$ip_regex.'\-'.$ip_regex.'$/', $ip) )
+	{
+    	list($ip_from, $ip_to) = explode('-', $ip);
+		$ip_from = ip2long($ip_from);
+		$ip_to   = ip2long($ip_to);
+	}
+    // Is this an IP with CIDR?
+	elseif ( preg_match('/^'.$ip_regex.'\/([0-9]{1,2})$/', $ip, $matches) && $matches[4] >= 0 && $matches[4] <= 32)
+	{
+    	list($ip_from, $ip_to) = hesk_cidr_to_range($ip);
+	}
+	// Not a valid input
+	else
+	{
+    	hesk_process_messages($hesklang['validbanip'],'banned_ips.php');
+	}
+
+	// Make sure we have valid ranges
+	if ($ip_from < 0)
+	{
+		$ip_from += 4294967296;
+	}
+	elseif ($ip_from > 4294967296)
+	{
+    	$ip_from = 4294967296;
+	}
+	if ($ip_to < 0)
+	{
+		$ip_to += 4294967296;
+	}
+	elseif ($ip_to > 4294967296)
+	{
+    	$ip_to = 4294967296;
+	}
+
+	// Make sure $ip_to is not lower that $ip_from
+	if ($ip_to < $ip_from)
+	{
+		$tmp    = $ip_to;
+    	$ip_to   = $ip_from;
+		$ip_from = $tmp;
+	}
+
+	// Is this IP address already banned?
+	$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE {$ip_from} BETWEEN `ip_from` AND `ip_to` AND {$ip_to} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
+	if ( hesk_dbNumRows($res) == 1 )
+	{
+		$_SESSION['ban_ip']['id'] = hesk_dbResult($res);
+		$hesklang['ipbanexists'] = ($ip_to == $ip_from) ? sprintf($hesklang['ipbanexists'], long2ip($ip_to) ) : sprintf($hesklang['iprbanexists'], long2ip($ip_from).' - '.long2ip($ip_to) );
+    	hesk_process_messages($hesklang['ipbanexists'],'banned_ips.php','NOTICE');
+	}
+
+	// Delete any duplicate banned IP or ranges that are within the new banned range
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `ip_from` >= {$ip_from} AND `ip_to` <= {$ip_to}");
+
+	// Delete temporary bans from logins table
+	if ($ip_to == $ip_from)
+	{
+		hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip_display)."' LIMIT 1");
+	}
+
+	// Redirect either to banned ips or ticket page from now on
+	$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php';
+
+	// Insert the ip address into database
+	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` (`ip_from`,`ip_to`,`ip_display`,`banned_by`) VALUES ({$ip_from}, {$ip_to},'".hesk_dbEscape($ip_display)."','".intval($_SESSION['id'])."')");
+
+	// Remember ip that got banned
+	$_SESSION['ban_ip']['id'] = hesk_dbInsertID();
+
+    // Generate success message
+	$hesklang['ip_banned'] = ($ip_to == $ip_from) ? sprintf($hesklang['ip_banned'], long2ip($ip_to) ) : sprintf($hesklang['ip_rbanned'], long2ip($ip_from).' - '.long2ip($ip_to) );
+
+	// Show success
+    hesk_process_messages( sprintf($hesklang['ip_banned'], $ip) ,$redirect_to,'SUCCESS');
+
+} // End ban_ip()
+
+
+function unban_temp_ip()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Get the ip
+	$ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip') );
+
+	// Delete from bans
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
+
+	// Show success
+    hesk_process_messages($hesklang['ip_tempun'],'banned_ips.php','SUCCESS');
+
+} // End unban_temp_ip()
+
+
+function unban_ip()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Delete from bans
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE `id`=" . intval( hesk_GET('id') ) . " LIMIT 1");
+
+	// Redirect either to banned ips or ticket page from now on
+	$redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999) : 'banned_ips.php';
+
+	// Show success
+    hesk_process_messages($hesklang['ip_unbanned'],$redirect_to,'SUCCESS');
+
+} // End unban_ip()
+
+
+function hesk_cidr_to_range($cidr)
+{
+	$range = array();
+	$cidr = explode('/', $cidr);
+	$range[0] = (ip2long($cidr[0])) & ((-1 << (32 - (int)$cidr[1])));
+	$range[1] = (ip2long($cidr[0])) + pow(2, (32 - (int)$cidr[1])) - 1;
+	return $range;
+} // END hesk_cidr_to_range()
+
+?>
diff --git a/admin/change_status.php b/admin/change_status.php
index 4598eb3f..3b2dd317 100644
--- a/admin/change_status.php
+++ b/admin/change_status.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -84,20 +84,47 @@ if ($statusRow['IsClosed']) // Closed
     {
     	$locked = 1;
     }
+
+    // Notify customer of closed ticket?
+    if ($hesk_settings['notify_closed'])
+    {
+        // Get ticket info
+        $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
+        if (hesk_dbNumRows($result) != 1)
+        {
+            hesk_error($hesklang['ticket_not_found']);
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+        $ticket['dt'] = hesk_date($ticket['dt'], true);
+        $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+
+        // Notify customer
+        require(HESK_PATH . 'inc/email_functions.inc.php');
+        hesk_notifyCustomer('ticket_closed');
+    }
+
+    // Log who marked the ticket resolved
+    $closedby_sql = ' , `closedat`=NOW(), `closedby`='.intval($_SESSION['id']).' ';
 }
 elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new
 {
 	$action = sprintf($hesklang['tsst'],$status_options[$status]);
     $revision = sprintf($hesklang['thist9'],hesk_date(),$status_options[$status],$_SESSION['name'].' ('.$_SESSION['user'].')');
+
+    // Ticket is not resolved
+    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
 }
 else // Ticket is marked as "NEW"
 {
 	$action = $hesklang['ticket_been'] . ' ' . $hesklang['opened'];
     $revision = sprintf($hesklang['thist4'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+
+    // Ticket is not resolved
+    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
 }
 
 
-hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
+hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
 
 if (hesk_dbAffectedRows() != 1)
 {
diff --git a/admin/delete_tickets.php b/admin/delete_tickets.php
index e7b7390a..52b1f774 100644
--- a/admin/delete_tickets.php
+++ b/admin/delete_tickets.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -114,8 +114,56 @@ elseif ( ! isset($_POST['a']) )
 
 $i=0;
 
+// Possible priorities
+$priorities = array(
+    'critical'	=> array('value' => 0, 'text' => $hesklang['critical'],	'formatted' => '<font class="critical">'.$hesklang['critical'].'</font>'),
+    'high'		=> array('value' => 1, 'text' => $hesklang['high'],		'formatted' => '<font class="important">'.$hesklang['high'].'</font>'),
+    'medium'	=> array('value' => 2, 'text' => $hesklang['medium'],	'formatted' => '<font class="medium">'.$hesklang['medium'].'</font>'),
+    'low'		=> array('value' => 3, 'text' => $hesklang['low'],		'formatted' => $hesklang['low']),
+);
+
+// Change priority
+if ( array_key_exists($_POST['a'], $priorities) )
+{
+    // A security check
+    hesk_token_check('POST');
+
+    // Priority info
+    $priority = $priorities[$_POST['a']];
+
+    foreach ($_POST['id'] as $this_id)
+    {
+        if ( is_array($this_id) )
+        {
+            continue;
+        }
+
+        $this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+        $result = hesk_dbQuery("SELECT `priority`, `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`={$this_id} LIMIT 1");
+        if (hesk_dbNumRows($result) != 1)
+        {
+            continue;
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+
+        if ($ticket['priority'] == $priority['value'])
+        {
+            continue;
+        }
+
+        hesk_okCategory($ticket['category']);
+
+        $revision = sprintf($hesklang['thist8'],hesk_date(),$priority['formatted'],$_SESSION['name'].' ('.$_SESSION['user'].')');
+        hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`={$this_id} LIMIT 1");
+
+        $i++;
+    }
+
+    hesk_process_messages($hesklang['pri_set_to'].' '.$priority['formatted'],$referer,'SUCCESS');
+}
+
 /* DELETE */
-if ($_POST['a']=='delete')
+elseif ($_POST['a']=='delete')
 {
     /* Check permissions for this feature */
 	hesk_checkPermission('can_del_tickets');
@@ -123,6 +171,14 @@ if ($_POST['a']=='delete')
 	/* A security check */
 	hesk_token_check('POST');
 
+    // Will we need ticket notifications?
+    if ($hesk_settings['notify_closed'])
+    {
+        require(HESK_PATH . 'inc/email_functions.inc.php');
+    }
+
+    $revision = sprintf($hesklang['thist3'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+
     foreach ($_POST['id'] as $this_id)
     {
     	if ( is_array($this_id) )
@@ -246,8 +302,16 @@ else
         $closedStatusRS = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsStaffClosedOption` = 1");
         $closedStatus = hesk_dbFetchAssoc($closedStatusRS);
 
-		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='".$closedStatus['ID']."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."' LIMIT 1");
+        hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='".$closedStatus['ID']."', `closedat`=NOW(), `closedby`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($this_id)."' LIMIT 1");
 		$i++;
+
+        // Notify customer of closed ticket?
+        if ($hesk_settings['notify_closed'])
+        {
+            $ticket['dt'] = hesk_date($ticket['dt'], true);
+            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+            hesk_notifyCustomer('ticket_closed');
+        }
 	}
 
     hesk_process_messages(sprintf($hesklang['num_tickets_closed'],$i),$referer,'SUCCESS');
@@ -285,6 +349,9 @@ function hesk_fullyDeleteTicket()
     /* Delete ticket notes */
 	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($ticket['id'])."'");
 
+    /* Delete ticket reply drafts */
+    hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` WHERE `ticket`=".intval($ticket['id']));
+
     return true;
 }
 ?>
diff --git a/admin/edit_note.php b/admin/edit_note.php
new file mode 100644
index 00000000..739cc01d
--- /dev/null
+++ b/admin/edit_note.php
@@ -0,0 +1,144 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_view_tickets');
+
+// Ticket ID
+$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
+
+// Note ID
+$noteID = intval( hesk_REQUEST('note') ) or die($hesklang['int_error'].': '.$hesklang['mis_note']);
+
+// Get ticket info
+$result = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
+if (hesk_dbNumRows($result) != 1)
+{
+	hesk_error($hesklang['ticket_not_found']);
+}
+$ticket = hesk_dbFetchAssoc($result);
+
+// Get note info
+$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$noteID}");
+if (hesk_dbNumRows($result) != 1)
+{
+	hesk_error($hesklang['no_note']);
+}
+$note = hesk_dbFetchAssoc($result);
+
+// Make sure the note matches the ticket and the user has permission to edit it
+if ($note['ticket'] != $ticket['id'] || ( ! hesk_checkPermission('can_del_notes',0) && $note['who'] != $_SESSION['id']) )
+{
+	hesk_error($hesklang['perm_deny']);
+}
+
+// Save changes?
+if (isset($_POST['save']))
+{
+	// A security check
+	hesk_token_check('POST');
+
+	// Get message
+	$tmpvar['message'] = nl2br( hesk_makeURL( hesk_input( hesk_POST('message') ) ) );
+
+	// If we have message or attachments do the update
+	if ( strlen($tmpvar['message']) || strlen($note['attachments']) )
+	{
+		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` SET `message`='".hesk_dbEscape($tmpvar['message'])."' WHERE `id`={$noteID}");
+		hesk_process_messages($hesklang['ednote2'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
+	}
+	// If not, delete the note
+	else
+	{
+		hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `id`={$noteID}");
+		header('Location: admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
+		exit();
+	}
+}
+
+$note['message'] = hesk_msgToPlain($note['message'],0,0);
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print admin navigation */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<ol class="breadcrumb">
+    <li><a href="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>"><?php echo $hesklang['ticket'].' '.$trackingID; ?></a></li>
+    <li class="active"><?php echo $hesklang['ednote']; ?></li>
+</ol>
+
+<div class="row">
+    <div class="col-md-8 col-md-offset-2">
+        <h3><?php echo $hesklang['ednote']; ?></h3>
+        <div class="footerWithBorder blankSpace"></div>
+
+        <form method="post" action="edit_note.php" name="form1" class="form-horizontal" role="form">
+            <div class="form-group">
+                <label for="message" class="col-md-2 control-label"><?php echo $hesklang['message']; ?></label>
+                <div class="col-md-10">
+                    <textarea name="message" class="form-control" rows="12" cols="60"><?php echo $note['message']; ?></textarea>
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="col-md-10 col-md-offset-2">
+                    <input type="hidden" name="save" value="1" /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
+                    <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                    <input type="hidden" name="note" value="<?php echo $noteID; ?>" />
+                    <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-primary">
+                    <a href="javascript:history.go(-1)" class="btn btn-default"><?php echo $hesklang['back']; ?></a>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>
+
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+?>
diff --git a/admin/edit_post.php b/admin/edit_post.php
index f75c02b9..92b25bc1 100644
--- a/admin/edit_post.php
+++ b/admin/edit_post.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -241,7 +241,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 <div class="form-group">
                     <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>:</label>
                     <div class="col-sm-9">
-                        <input class="form-control" type="text" name="email" size="40" maxlength="255" value="<?php echo $ticket['email'];?>" placeholder="<?php echo $hesklang['email']; ?>" />
+                        <input class="form-control" type="text" name="email" size="40" maxlength="1000" value="<?php echo $ticket['email'];?>" placeholder="<?php echo $hesklang['email']; ?>" />
                     </div>
                 </div>
                 <?php
@@ -300,6 +300,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 						        <label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': </label>
 		                        <div class="col-sm-9"><select class="form-control" name="'.$k.'">';
 
+                                // Show "Click to select"?
+                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
+                                if ($num)
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+
 		            	        $options = explode('#HESK#',$v['value']);
 
 		                        foreach ($options as $option)
diff --git a/admin/export.php b/admin/export.php
index abf577f6..8bc22a8b 100644
--- a/admin/export.php
+++ b/admin/export.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -343,7 +343,7 @@ if (isset($_GET['w']))
 
 	// Get staff names
 	$admins = array();
-	$result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
+    $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
 	while ($row=hesk_dbFetchAssoc($result))
 	{
 		$admins[$row['id']]=$row['name'];
@@ -528,6 +528,7 @@ if (isset($_GET['w']))
 		$ticket['message'] = hesk_msgToPlain($ticket['message'], 1);
         $ticket['subject'] = hesk_msgToPlain($ticket['subject'], 1);
         $ticket['owner'] = isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : '';
+        $ticket['category'] = isset($my_cat[$ticket['category']]) ? $my_cat[$ticket['category']] : '';
         
         // Format for export dates
         $hesk_settings['timeformat'] = "Y-m-d\TH:i:s\.000";
@@ -541,7 +542,7 @@ if (isset($_GET['w']))
 <Cell ss:StyleID="s62"><Data ss:Type="DateTime">'.hesk_date($ticket['lastchange'], true).'</Data></Cell>
 <Cell><Data ss:Type="String"><![CDATA['.hesk_msgToPlain($ticket['name'], 1).']]></Data></Cell>
 <Cell><Data ss:Type="String"><![CDATA['.$ticket['email'].']]></Data></Cell>
-<Cell><Data ss:Type="String"><![CDATA['.$my_cat[$ticket['category']].']]></Data></Cell>
+<Cell><Data ss:Type="String"><![CDATA['.$ticket['category'].']]></Data></Cell>
 <Cell><Data ss:Type="String"><![CDATA['.$ticket['priority'].']]></Data></Cell>
 <Cell><Data ss:Type="String"><![CDATA['.$ticket['status'].']]></Data></Cell>
 <Cell><Data ss:Type="String"><![CDATA['.$ticket['subject'].']]></Data></Cell>
diff --git a/admin/find_tickets.php b/admin/find_tickets.php
index 24974da9..2db17adc 100644
--- a/admin/find_tickets.php
+++ b/admin/find_tickets.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -75,7 +75,42 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 <?php
 
 // This SQL code will be used to retrieve results
-$sql_final = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
+$sql_final = "SELECT
+`id`,
+`trackid`,
+`name`,
+`email`,
+`category`,
+`priority`,
+`subject`,
+LEFT(`message`, 400) AS `message`,
+`dt`,
+`lastchange`,
+`firstreply`,
+`closedat`,
+`status`,
+`openedby`,
+`firstreplyby`,
+`closedby`,
+`replies`,
+`staffreplies`,
+`owner`,
+`time_worked`,
+`lastreplier`,
+`replierid`,
+`archive`,
+`locked`
+";
+
+foreach ($hesk_settings['custom_fields'] as $k=>$v)
+{
+    if ($v['use'])
+    {
+        $sql_final .= ", `".$k."`";
+    }
+}
+
+$sql_final.= " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
 
 // This code will be used to count number of results
 $sql_count = "SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
@@ -187,6 +222,18 @@ if ( ! $no_query)
 	}
 }
 
+// Owner
+if ( $tmp = intval( hesk_GET('owner', 0) ) )
+{
+    $sql .= " AND `owner`={$tmp} ";
+    $owner_input = $tmp;
+    $hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
+}
+else
+{
+    $owner_input = 0;
+}
+
 /* Date */
 /* -> Check for compatibility with old date format */
 if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m))
@@ -207,7 +254,7 @@ if (strlen($dt) == 8)
 		$hesk_error_buffer = str_replace($hesklang['fsq'],'',$hesk_error_buffer);
 	}
 
-	$sql .= " AND (`dt` LIKE '".hesk_dbEscape($date)."%' OR `lastchange` LIKE '".hesk_dbEscape($date)."%') ";
+    $sql .= " AND `dt` BETWEEN '{$date} 00:00:00' AND '{$date} 23:59:59' ";
 }
 else
 {
diff --git a/admin/index.php b/admin/index.php
index 25f222b6..a1951042 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -91,7 +91,7 @@ function do_login()
 	if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified']))
 	{
 		// Using ReCaptcha?
-		if ($hesk_settings['recaptcha_use'])
+		if ($hesk_settings['recaptcha_use'] == 1)
 		{
 			require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
 
@@ -110,6 +110,29 @@ function do_login()
 				$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
 			}
 		}
+        // Using ReCaptcha API v2?
+        elseif ($hesk_settings['recaptcha_use'] == 2)
+        {
+            require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
+
+            $resp = null;
+            $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
+
+            // Was there a reCAPTCHA response?
+            if ( isset($_POST["g-recaptcha-response"]) )
+            {
+                $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
+            }
+
+            if ($resp != null && $resp->success)
+            {
+                $_SESSION['img_a_verified']=true;
+            }
+            else
+            {
+                $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
+            }
+        }
 		// Using PHP generated image
 		else
 		{
@@ -235,33 +258,39 @@ function do_login()
 	if ($hesk_settings['autoclose'])
     {
     	$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
-		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='3', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."')  WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape( date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400) )."'");
-    }
+        $dt  = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
 
-	/* Redirect to the destination page */
-	if ( hesk_isREQUEST('goto') )
-	{
-    	$url = hesk_REQUEST('goto');
-	    $url = str_replace('&amp;','&',$url);
-
-        /* goto parameter can be set to the local domain only */
-        $myurl = parse_url($hesk_settings['hesk_url']);
-        $goto  = parse_url($url);
-
-        if (isset($myurl['host']) && isset($goto['host']))
+        // Notify customer of closed ticket?
+        if ($hesk_settings['notify_closed'])
         {
-        	if ( str_replace('www.','',strtolower($myurl['host'])) != str_replace('www.','',strtolower($goto['host'])) )
+            //TODO Change status ID to the ID which customer's replies update the status to.
+            // Get list of tickets
+            $result = hesk_dbQuery("SELECT * FROM `".$hesk_settings['db_pfix']."tickets` WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
+            if (hesk_dbNumRows($result) > 0)
             {
-            	$url = 'admin_main.php';
+                global $ticket;
+
+                // Load required functions?
+                if ( ! function_exists('hesk_notifyCustomer') )
+                {
+                    require(HESK_PATH . 'inc/email_functions.inc.php');
+                }
+
+                while ($ticket = hesk_dbFetchAssoc($result))
+                {
+                    $ticket['dt'] = hesk_date($ticket['dt'], true);
+                    $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+                    hesk_notifyCustomer('ticket_closed');
+                }
             }
         }
 
-	    header('Location: '.$url);
-	}
-	else
-	{
-	    header('Location: admin_main.php');
-	}
+        // Update ticket statuses and history in database
+        hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
+    }
+
+    /* Redirect to the destination page */
+    header('Location: ' . hesk_verifyGoto() );
 	exit();
 } // End do_login()
 
@@ -269,6 +298,13 @@ function do_login()
 function print_login()
 {
 	global $hesk_settings, $hesklang;
+
+    // Tell header to load reCaptcha API if needed
+    if ($hesk_settings['recaptcha_use'] == 2)
+    {
+        define('RECAPTCHA',1);
+    }
+
     $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login'];
 	require_once(HESK_PATH . 'inc/header.inc.php');
 
@@ -327,7 +363,7 @@ function print_login()
 				    if ($hesk_settings['list_users'])
 				    {
 				        echo '<select class="form-control" name="user" '.$cls.'>';
-				        $res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
+                        $res = hesk_dbQuery('SELECT `user` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `user` ASC');
 				        while ($row=hesk_dbFetchAssoc($res))
 				        {
 				            $sel = (strtolower($savedUser) == strtolower($row['user'])) ? 'selected="selected"' : '';
@@ -359,7 +395,7 @@ function print_login()
 					echo '<img src="'.HESK_PATH.'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> '.$hesklang['vrfy'];
 				}
 				// Not verified yet, should we use Recaptcha?
-				elseif ($hesk_settings['recaptcha_use'])
+				elseif ($hesk_settings['recaptcha_use'] == 1)
 				{
 					?>
 					<script type="text/javascript">
@@ -376,13 +412,20 @@ function print_login()
 						play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
 						cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
 						incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
-						image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
-					},
+						image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>"
+					}
 					};
 					</script>
 					<?php
 					require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
-					echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
+                    echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
+                }
+                // Use reCaptcha API v2?
+                elseif ($hesk_settings['recaptcha_use'] == 2)
+                {
+                    ?>
+                    <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
+                <?php
 				}
 				// At least use some basic PHP generated image (better than nothing)
 				else
@@ -435,6 +478,12 @@ function print_login()
 		        {
 			        echo '<input type="hidden" name="goto" value="'.$url.'" />';
 		        }
+
+                // Do we allow staff password reset?
+                if ($hesk_settings['reset_pass'])
+                {
+                    echo '<br />&nbsp;<br /><a href="password.php" class="smaller">'.$hesklang['fpass'].'</a>';
+                }
 		        ?>
             </div>
         </div>
diff --git a/admin/knowledgebase_private.php b/admin/knowledgebase_private.php
index 24d23267..52c8759b 100644
--- a/admin/knowledgebase_private.php
+++ b/admin/knowledgebase_private.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -156,7 +156,7 @@ function hesk_kb_search($query)
 	require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 	hesk_kb_header($hesk_settings['kb_link']);
 
-	$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, t1.`content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
+    $res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` AS t2 ON t1.`catid` = t2.`id` '." WHERE t1.`type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
     $num = hesk_dbNumRows($res);
 
     ?>
@@ -236,7 +236,7 @@ function hesk_show_kb_article($artid)
 	hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
 
     // Update views by 1
-	hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`='".intval($artid)."' LIMIT 1");
+    hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
 
     echo '<h3>'.$article['subject'].'</h3>
         <div class="footerWithBorder blankSpace"></div>
@@ -258,6 +258,51 @@ function hesk_show_kb_article($artid)
 		echo '</p>';
     }
 
+    // TODO Check how this looks
+    // Related articles
+    if ($hesk_settings['kb_related'])
+    {
+        require(HESK_PATH . 'inc/mail/email_parser.php');
+
+        $query = hesk_dbEscape( $article['subject'] . ' ' . convert_html_to_text($article['content']) );
+
+        // Get relevant articles from the database
+        $res = hesk_dbQuery("SELECT `id`, `subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `type` IN ('0','1') AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT ".intval($hesk_settings['kb_related']+1));
+
+        // Array with related articles
+        $related_articles = array();
+
+        while ($related = hesk_dbFetchAssoc($res))
+        {
+            // Get base match score from the first (this) article
+            if ( ! isset($base_score) )
+            {
+                $base_score = $related['score'];
+                continue;
+            }
+
+            // Stop when articles reach less than 10% of base score
+            if ($related['score'] / $base_score < 0.10)
+            {
+                break;
+            }
+
+            // This is a valid related article
+            $related_articles[$related['id']] = $related['subject'];
+        }
+
+        // Print related articles if we have any valid matches
+        if ( count($related_articles) )
+        {
+            echo '<fieldset><legend>'.$hesklang['relart'].'</legend>';
+            foreach ($related_articles as $id => $subject)
+            {
+                echo '<img src="'.HESK_PATH.'img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase_private.php?article='.$id.'">'.$subject.'</a><br />';
+            }
+            echo '</fieldset>';
+        }
+    }
+
 
     if ($article['catid']==1)
     {
@@ -322,7 +367,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
 	    }
     }
 
-	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
+    $res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
     $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
 
 	if ($thiscat['parent'])
@@ -333,7 +378,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
         <div class="footerWithBorder blankSpace"></div>';
 	}
 
-	$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
+    $result = hesk_dbQuery("SELECT `id`,`name`,`articles`,`type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='".intval($catid)."' ORDER BY `parent` ASC, `cat_order` ASC");
 	if (hesk_dbNumRows($result) > 0)
 	{
         ?>
@@ -442,7 +487,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
 	<td>
 
 	<?php
-	$res = hesk_dbQuery("SELECT `id`, `subject`, `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
+    $res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating`, `type` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='".intval($catid)."' AND `type` IN ('0','1') ORDER BY `sticky` DESC, `art_order` ASC");
 	if (hesk_dbNumRows($res) == 0)
 	{
 		echo '<p><i>'.$hesklang['noac'].'</i></p>';
diff --git a/admin/lock.php b/admin/lock.php
index 26c30c2a..ed03cf36 100644
--- a/admin/lock.php
+++ b/admin/lock.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -56,18 +56,43 @@ hesk_token_check();
 /* Ticket ID */
 $trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
 
-/* New archived status */
+/* New locked status */
 if (empty($_GET['locked']))
 {
 	$status = 0;
 	$tmp = $hesklang['tunlock'];                                                                      
     $revision = sprintf($hesklang['thist6'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
 }
 else
 {
 	$status = 1;
 	$tmp = $hesklang['tlock'];
     $revision = sprintf($hesklang['thist5'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')');
+    $closedby_sql = ' , `closedat`=NOW(), `closedby`='.intval($_SESSION['id']).' ';
+
+    // Notify customer of closed ticket?
+    if ($hesk_settings['notify_closed'])
+    {
+        // Get ticket info
+        $result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
+        if (hesk_dbNumRows($result) != 1)
+        {
+            hesk_error($hesklang['ticket_not_found']);
+        }
+        $ticket = hesk_dbFetchAssoc($result);
+
+        //TODO Update this to look at any "closed" status; not just ID 3
+        // Notify customer, but only if ticket is not already closed
+        if ($ticket['status'] != 3)
+        {
+            require(HESK_PATH . 'inc/email_functions.inc.php');
+
+            $ticket['dt'] = hesk_date($ticket['dt'], true);
+            $ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+            hesk_notifyCustomer('ticket_closed');
+        }
+    }
 }
 
 /* Update database */
@@ -75,7 +100,7 @@ $statusSql = 'SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'stat
 $statusRow = hesk_dbQuery($statusSql)->fetch_assoc();
 $statusId = $statusRow['ID'];
 
-hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$statusId}',`locked`='{$status}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."')  WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
+hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$statusId}',`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."')  WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1");
 
 /* Back to ticket page and show a success message */
 hesk_process_messages($tmp,'admin_ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999),'SUCCESS');
diff --git a/admin/mail.php b/admin/mail.php
index ea056d11..6ff15c02 100644
--- a/admin/mail.php
+++ b/admin/mail.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -48,7 +48,7 @@ hesk_isLoggedIn();
 
 /* List of staff */
 $admins = array();
-$res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
+$res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
 while ($row=hesk_dbFetchAssoc($res))
 {
 	$admins[$row['id']]=$row['name'];
@@ -572,7 +572,7 @@ function mail_list_messages()
 		} // end PAGES > 1
 
 		// Get messages from the database
-		$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."' ORDER BY `id` DESC LIMIT ".intval($limit_down)." , ".intval($maxresults)." ");
+        $res = hesk_dbQuery("SELECT `id`, `from`, `to`, `subject`, `dt`, `read` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `".hesk_dbEscape($hesk_settings['mailtmp']['this'])."`='".intval($_SESSION['id'])."' AND `deletedby`!='".intval($_SESSION['id'])."' ORDER BY `id` DESC LIMIT ".intval($limit_down)." , ".intval($maxresults)." ");
 		?>
 
 		<form action="mail.php<?php if ($hesk_settings['mailtmp']['folder'] == 'outbox') {echo '?folder=outbox';} ?>" name="form1" method="post">
diff --git a/admin/manage_canned.php b/admin/manage_canned.php
index cb1a8958..d0cc2a8a 100644
--- a/admin/manage_canned.php
+++ b/admin/manage_canned.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -68,7 +68,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 <script language="javascript" type="text/javascript"><!--
 function confirm_delete()
 {
-if (confirm('<?php echo addslashes($hesklang['delete_saved']); ?>')) {return true;}
+    if (confirm('<?php echo hesk_makeJsString($hesklang['delete_saved']); ?>')) {return true;}
 else {return false;}
 }
 
@@ -299,7 +299,7 @@ myField.value += myValue;
             </div>
             <div class="form-group" style="text-align: center">
                 <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
-                <input type="submit" value="<?php echo $hesklang['save_reply']; ?>" class="btn btn-default" />   
+                <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default" />
             </div>          
         </form>
     </div>
diff --git a/admin/manage_categories.php b/admin/manage_categories.php
index d3a596ce..ff017cdf 100644
--- a/admin/manage_categories.php
+++ b/admin/manage_categories.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -48,6 +48,14 @@ hesk_isLoggedIn();
 /* Check permissions for this feature */
 hesk_checkPermission('can_man_cat');
 
+// Possible priorities
+$priorities = array(
+    3 => array('value' => 3, 'text' => $hesklang['low'],		'formatted' => $hesklang['low']),
+    2 => array('value' => 2, 'text' => $hesklang['medium'],		'formatted' => '<font class="medium">'.$hesklang['medium'].'</font>'),
+    1 => array('value' => 1, 'text' => $hesklang['high'],		'formatted' => '<font class="important">'.$hesklang['high'].'</font>'),
+    0 => array('value' => 0, 'text' => $hesklang['critical'],	'formatted' => '<font class="critical">'.$hesklang['critical'].'</font>'),
+);
+
 /* What should we do? */
 if ( $action = hesk_REQUEST('a') )
 {
@@ -59,6 +67,7 @@ if ( $action = hesk_REQUEST('a') )
 	elseif ($action == 'order')      {order_cat();}
 	elseif ($action == 'autoassign') {toggle_autoassign();}
 	elseif ($action == 'type')       {toggle_type();}
+    elseif ($action == 'priority')   {change_priority();}
 }
 
 /* Print header */
@@ -71,7 +80,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 <script language="Javascript" type="text/javascript"><!--
 function confirm_delete()
 {
-if (confirm('<?php echo addslashes($hesklang['confirm_del_cat']); ?>')) {return true;}
+    if (confirm('<?php echo hesk_makeJsString($hesklang['confirm_del_cat']); ?>')) {return true;}
 else {return false;}
 }
 //-->
@@ -92,6 +101,7 @@ else {return false;}
         <ul class="nav nav-tabs">
             <li class="active"><a href="#addCat" data-toggle="tab"><?php echo $hesklang['add_cat']; ?></a></li>
             <li><a href="#renameCat" data-toggle="tab"><?php echo $hesklang['ren_cat']; ?></a></li>
+            <li><a href="#changePriority" data-toggle="tab"><?php echo $hesklang['ch_cat_pri']; ?></a></li>
         </ul>
         <div class="tab-content summaryList tabPadding">
             <div class="tab-pane fade in active" id="addCat">
@@ -112,6 +122,27 @@ else {return false;}
                             />    
                         </div>   
                     </div>
+                    <div class="form-group">
+                        <label for="priority" class="col-sm-4 control-label" style="font-size: .87em"><?php echo $hesklang['def_pri']; ?> <a href="#" onclick="alert('<?php echo hesk_makeJsString($hesklang['cat_pri']); ?>')"><i class="fa fa-question-circle settingsquestionmark"></i> </a> </label>
+                        <div class="col-sm-8">
+                                <select name="priority" class="form-control">
+                                    <?php
+                                    // Default priority: low
+                                    if ( ! isset($_SESSION['cat_priority']) )
+                                    {
+                                        $_SESSION['cat_priority'] = 3;
+                                    }
+
+                                    // List possible priorities
+                                    foreach ($priorities as $value => $info)
+                                    {
+                                        echo '<option value="'.$value.'"'.($_SESSION['cat_priority'] == $value ? ' selected="selected"' : '').'>'.$info['text'].'</option>';
+                                    }
+                                    ?>
+                                </select></p>
+
+                        </div>
+                    </div>
                     <div class="form-group">
                         <label for="options" class="col-sm-4 control-label"><?php echo $hesklang['opt']; ?>:</label>
                         <div class="col-sm-8">
@@ -160,6 +191,45 @@ else {return false;}
                     </div>
                 </form>
             </div>
+            <div class="tab-pane fade" id="changePriority">
+                <form action="manage_categories.php" method="post" role="form" class="form-horizontal">
+                    <h4><?php echo $hesklang['ch_cat_pri']; ?></h4>
+                    <div class="footerWithBorder blankSpace"></div>
+                    <div class="form-group">
+                        <label for="catid" class="col-sm-4 control-label"><?php echo $hesklang['category']; ?></label>
+                        <div class="col-sm-8">
+                            <select name="catid" class="form-control"><?php echo $options; ?></select>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="priority" class="col-sm-4 control-label"><?php echo $hesklang['priority']; ?></label>
+                        <div class="col-sm-8">
+                            <select name="priority" class="form-control">
+                                <?php
+                                // Default priority: low
+                                if ( ! isset($_SESSION['cat_ch_priority']) )
+                                {
+                                    $_SESSION['cat_ch_priority'] = 3;
+                                }
+
+                                // List possible priorities
+                                foreach ($priorities as $value => $info)
+                                {
+                                    echo '<option value="'.$value.'"'.($_SESSION['cat_ch_priority'] == $value ? ' selected="selected"' : '').'>'.$info['text'].'</option>';
+                                }
+                                ?>
+                            </select>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-8 col-sm-offset-4">
+                            <input type="hidden" name="a" value="priority" />
+                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                            <input type="submit" value="<?php echo $hesklang['ch_cat_pri']; ?>" class="btn btn-default">
+                        </div>
+                    </div>
+                </form>
+            </div>
         </div>
 
         <script>
@@ -173,6 +243,11 @@ else {return false;}
         <?php
             /* This will handle error, success and notice messages */
             hesk_handle_messages();
+
+            if ($hesk_settings['cust_urgency'])
+            {
+                hesk_show_notice($hesklang['cat_pri_info'] . ' ' . $hesklang['cpri']);
+            }
         ?>
         <h3><?php echo $hesklang['manage_cat']; ?> <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['cat_intro']); ?>')"><i class="fa fa-question-circle settingsquestionmark"></i></a></h3>
         <div class="footerWithBorder blankSpace"></div>
@@ -180,6 +255,7 @@ else {return false;}
             <tr>
                 <th><?php echo $hesklang['id']; ?></th>
                 <th><?php echo $hesklang['cat_name']; ?></th>
+                <th><?php echo $hesklang['priority']; ?></th>
                 <th><?php echo $hesklang['not']; ?></th>
                 <th><?php echo $hesklang['graph']; ?></th>
                 <th><?php echo $hesklang['opt']; ?></th>
@@ -271,10 +347,13 @@ else {return false;}
                 <tr>
                 <td>'.$mycat['id'].'</td>
                 <td>'.$mycat['name'].'</td>
-                <td>'.$all.'</td>
+                <td width="1" style="white-space: nowrap;">'.$priorities[$mycat['priority']]['formatted'].'</td>
+                <td><a href="show_tickets.php?category='.$mycat['id'].'&amp;s_all=1&amp;s_my=1&amp;s_ot=1&amp;s_un=1" alt="'.$hesklang['list_tickets_cat'].'" title="'.$hesklang['list_tickets_cat'].'">'.$all.'</a></td>
                 <td>
-                <div class="progress-container" style="width: 160px" title="'.sprintf($hesklang['perat'],$width_all.'%').'">
-                <div style="width: '.$width_all.'%;float:left;"></div>
+                <div class="progress" style="width: 160px; margin-bottom: 0" title="'.sprintf($hesklang['perat'],$width_all.'%').'">
+                    <div class="progress-bar progress-bar-success" role="progressbar" aria-valuenow="40" aria-valuemin="0" aria-valuemax="100" style="width: '.$width_all.'%">
+                        <span class="sr-only">40% Complete (success)</span>
+                    </div>
                 </div>
                 </td>
                 <td>
@@ -320,6 +399,33 @@ exit();
 /*** START FUNCTIONS ***/
 
 
+function change_priority()
+{
+    global $hesk_settings, $hesklang, $priorities;
+
+    /* A security check */
+    hesk_token_check('POST');
+
+    $_SERVER['PHP_SELF'] = 'manage_categories.php?catid='.intval( hesk_POST('catid') );
+
+    $catid = hesk_isNumber( hesk_POST('catid'), $hesklang['choose_cat_ren'], $_SERVER['PHP_SELF']);
+    $_SESSION['selcat'] = $catid;
+    $_SESSION['selcat2'] = $catid;
+
+    $priority = intval( hesk_POST('priority', 3));
+    if ( ! array_key_exists($priority, $priorities) )
+    {
+        $priority = 3;
+    }
+
+    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` SET `priority`='{$priority}' WHERE `id`='".intval($catid)."' LIMIT 1");
+
+    hesk_cleanSessionVars('cat_ch_priority');
+
+    hesk_process_messages($hesklang['cat_pri_ch'].' '.$priorities[$priority]['formatted'],$_SERVER['PHP_SELF'],'SUCCESS');
+} // END change_priority()
+
+
 function generate_link_code() {
 	global $hesk_settings, $hesklang;
 	?>
@@ -397,6 +503,13 @@ function new_cat()
     $_SESSION['cat_autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
     $_SESSION['cat_type'] = hesk_POST('type') == 'Y' ? 1 : 0;
 
+    // Default priority
+    $_SESSION['cat_priority'] = intval( hesk_POST('priority', 3) );
+    if ($_SESSION['cat_priority'] < 0 || $_SESSION['cat_priority'] > 3)
+    {
+        $_SESSION['cat_priority'] = 3;
+    }
+
     /* Category name */
 	$catname = hesk_input( hesk_POST('name') , $hesklang['enter_cat_name'], 'manage_categories.php');
 
@@ -413,11 +526,12 @@ function new_cat()
 	$row = hesk_dbFetchRow($res);
 	$my_order = $row[0]+10;
 
-	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`name`,`cat_order`,`autoassign`,`type`) VALUES ('".hesk_dbEscape($catname)."','".intval($my_order)."','".intval($_SESSION['cat_autoassign'])."','".intval($_SESSION['cat_type'])."')");
+    hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`name`,`cat_order`,`autoassign`,`type`, `priority`) VALUES ('".hesk_dbEscape($catname)."','".intval($my_order)."','".intval($_SESSION['cat_autoassign'])."','".intval($_SESSION['cat_type'])."','{$_SESSION['cat_priority']}')");
 
     hesk_cleanSessionVars('catname');
     hesk_cleanSessionVars('cat_autoassign');
     hesk_cleanSessionVars('cat_type');
+    hesk_cleanSessionVars('cat_priority');
 
     $_SESSION['selcat2'] = hesk_dbInsertID();
 
diff --git a/admin/manage_knowledgebase.php b/admin/manage_knowledgebase.php
index 2787301a..bd3f164b 100644
--- a/admin/manage_knowledgebase.php
+++ b/admin/manage_knowledgebase.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -609,6 +609,12 @@ function list_draft() {
 				$color = $i ? 'admin_white' : 'admin_gray';
 			}
 
+            // Check for articles with no existing parent category
+            if ( ! isset($kb_cat[$article['catid']]) )
+            {
+                $article['catid'] = hesk_stray_article($article['id']);
+            }
+
 			$tmp   = $i ? 'White' : 'Blue';
 			$style = 'class="option'.$tmp.'OFF" onmouseover="this.className=\'option'.$tmp.'ON\'" onmouseout="this.className=\'option'.$tmp.'OFF\'"';
 			$i     = $i ? 0 : 1;
@@ -737,6 +743,12 @@ function list_private() {
 				$color = $i ? 'admin_white' : 'admin_gray';
 			}
 
+            // Check for articles with no existing parent category
+            if ( ! isset($kb_cat[$article['catid']]) )
+            {
+                $article['catid'] = hesk_stray_article($article['id']);
+            }
+
 			$tmp   = $i ? 'White' : 'Blue';
 			$style = 'class="option'.$tmp.'OFF" onmouseover="this.className=\'option'.$tmp.'ON\'" onmouseout="this.className=\'option'.$tmp.'OFF\'"';
 			$i     = $i ? 0 : 1;
@@ -1540,8 +1552,6 @@ function manage_category() {
 
 	</td>
 	</tr>
-	<tr>
-	<td>
 
     <ol class="breadcrumb">
         <li><a href="manage_knowledgebase.php"><?php echo $hesklang['kb']; ?></a></li>
@@ -2355,4 +2365,23 @@ function delete_kb_attachments($attachments)
     return true;
 
 } // delete_kb_attachments()
+
+
+function hesk_stray_article($id)
+{
+    global $hesk_settings, $hesklang, $article;
+
+    // Set article to category ID 1
+    $article['catid'] = 1;
+
+    // Update database
+    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=1 WHERE `id`='".intval($id)."' LIMIT 1");
+
+    // Update count of articles in categories
+    update_count();
+
+    // Return new category ID
+    return 1;
+
+} // END hesk_stray_article()
 ?>
diff --git a/admin/manage_ticket_templates.php b/admin/manage_ticket_templates.php
new file mode 100644
index 00000000..c961022d
--- /dev/null
+++ b/admin/manage_ticket_templates.php
@@ -0,0 +1,417 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_man_ticket_tpl');
+
+// Define required constants
+define('LOAD_TABS',1);
+
+/* What should we do? */
+if ( $action = hesk_REQUEST('a') )
+{
+	if ( defined('HESK_DEMO') )  {hesk_process_messages($hesklang['ddemo'], 'manage_ticket_templates.php', 'NOTICE');}
+	elseif ($action == 'new')    {new_saved();}
+	elseif ($action == 'edit')   {edit_saved();}
+	elseif ($action == 'remove') {remove();}
+	elseif ($action == 'order')  {order_saved();}
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+
+<div class="row">
+
+</div>
+
+<script language="javascript" type="text/javascript"><!--
+function confirm_delete()
+{
+if (confirm('<?php echo hesk_makeJsString($hesklang['delete_tpl']); ?>')) {return true;}
+else {return false;}
+}
+//-->
+</script>
+
+<?php
+// Get canned responses from database
+$result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC');
+$options='';
+$javascript_messages='';
+$javascript_titles='';
+
+$i=1;
+$j=0;
+$num = hesk_dbNumRows($result);
+?>
+<div class="row" style="margin-top: 20px;">
+    <div class="col-md-4">
+        <div class="panel panel-default">
+            <div class="panel-heading">
+                <?php echo $hesklang['saved_ticket_tpl']; ?>
+            </div>
+            <div class="panel-body">
+                <?php if ($num < 1) {
+                    echo '<p>'.$hesklang['no_ticket_tpl'].'</p>';
+                } else {
+                    ?>
+                    <table class="table table-hover">
+                        <thead>
+                            <tr>
+                                <th><?php echo $hesklang['ticket_tpl_title']; ?></th>
+                                <th><?php echo $hesklang['opt']; ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        <?php
+
+                        while ($mysaved=hesk_dbFetchAssoc($result))
+                        {
+                            $j++;
+                            $color = '';
+                            if (isset($_SESSION['canned']['selcat2']) && $mysaved['id'] == $_SESSION['canned']['selcat2'])
+                            {
+                                $color = 'success';
+                                unset($_SESSION['canned']['selcat2']);
+                            }
+
+                            $options .= '<option class="form-control" value="'.$mysaved['id'].'"';
+                            $options .= (isset($_SESSION['canned']['id']) && $_SESSION['canned']['id'] == $mysaved['id']) ? ' selected="selected" ' : '';
+                            $options .= '>'.$mysaved['title'].'</option>';
+
+
+                            $javascript_messages.='myMsgTxt['.$mysaved['id'].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved['message']) )."';\n";
+                            $javascript_titles.='myTitle['.$mysaved['id'].']=\''.addslashes($mysaved['title'])."';\n";
+
+                            echo '
+                                    <tr>
+                                    <td>'.$mysaved['title'].'</td>
+                                    <td style="text-align:left;">
+                                    ';
+
+                            if ($num > 1)
+                            {
+                                if ($j == 1)
+                                {
+                                    echo'<img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
+                                        <a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=15&amp;token='.hesk_token_echo(0).'">
+                                            <i class="fa fa-arrow-down" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_dn'].'"></i></a>';
+                                }
+                                elseif ($j == $num)
+                                {
+                                    echo'<a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=-15&amp;token='.hesk_token_echo(0).'"><i class="fa fa-arrow-up" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_up'].'"></i></a> <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
+                                }
+                                else
+                                {
+                                    echo'
+                                        <a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=-15&amp;token='.hesk_token_echo(0).'"><i class="fa fa-arrow-up" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_up'].'"></i></a>
+                                        <a href="manage_ticket_templates.php?a=order&amp;replyid='.$mysaved['id'].'&amp;move=15&amp;token='.hesk_token_echo(0).'"><i class="fa fa-arrow-down" style="font-size:16px;color:green;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['move_dn'].'"></i></a>
+                                        ';
+                                }
+                            }
+                            else
+                            {
+                                echo '';
+                            }
+
+                            echo '
+                                    <a href="manage_ticket_templates.php?a=remove&amp;id='.$mysaved['id'].'&amp;token='.hesk_token_echo(0).'" onclick="return confirm_delete();"><i class="fa fa-times" style="font-size:16px;color:red;" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['delete'].'"></i></a></td>
+                                    </tr>
+                                    ';
+                        } // End while
+
+                        ?>
+                        </tbody>
+                    </table>
+                <?php
+                }
+                ?>
+            </div>
+        </div>
+    </div>
+    <div class="col-md-8">
+        <?php
+        /* This will handle error, success and notice messages */
+        hesk_handle_messages();
+        ?>
+        <form class="form-horizontal" action="manage_ticket_templates.php" method="post" name="form1" role="form">
+            <h3><?php echo $hesklang['new_ticket_tpl']; ?> <a href="javascript:void(0)" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['ticket_tpl_intro']); ?>')"><i class="fa fa-question-circle settingsquestionmark"></i></a></h3>
+            <div class="footerWithBorder blankSpace"></div>
+            <?php
+            if ($num > 0)
+            {
+                ?>
+                <div class="form-group">
+                    <div class="col-sm-12">
+                        <div class="radio">
+                            <label>
+                                <input type="radio" name="a" value="new" <?php echo (!isset($_SESSION['canned']['what']) || $_SESSION['canned']['what'] != 'EDIT') ? 'checked=' : ''; ?>>
+                                <?php echo $hesklang['ticket_tpl_add']; ?>
+                            </label>
+                        </div>
+                    </div>
+                    <div class="row">
+                        <div class="col-sm-6">
+                            <div class="radio">
+                                <label>
+                                    <input type="radio" name="a" value="edit" <?php echo (isset($_SESSION['canned']['what']) && $_SESSION['canned']['what'] == 'EDIT') ? 'checked' : ''; ?>>
+                                    <?php echo $hesklang['ticket_tpl_edit']; ?>
+                                </label>
+                            </div>
+                        </div>
+                        <div class="col-sm-6">
+                            <select class="form-control" name="saved_replies" onchange="setMessage(this.value)"><option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option><?php echo $options; ?></select>
+                        </div>
+                    </div>
+                </div>
+            <?php
+            }
+            else
+            {
+                echo '<p><input type="hidden" name="a" value="new" /> ' . $hesklang['ticket_tpl_add'] . '</label></p>';
+            }
+            ?>
+            <div class="form-group">
+                <label for="name" class="col-sm-2 control-label"><?php echo $hesklang['ticket_tpl_title']; ?></label>
+                <div class="col-sm-10">
+                    <span id="HeskTitle">
+                        <input class="form-control" type="text" name="name" size="40" maxlength="50" placeholder="<?php echo $hesklang['ticket_tpl_title']; ?>"
+                            <?php if (isset($_SESSION['canned']['name'])) {echo ' value="'.stripslashes($_SESSION['canned']['name']).'" ';} ?>>
+                    </span>
+                </div>
+            </div>
+            <div class="form-group">
+                <label for="msg" class="col-sm-2 control-label"><?php echo $hesklang['message']; ?></label>
+                <div class="col-sm-10">
+                    <span id="HeskMsg">
+                        <textarea class="form-control" placeholder="<?php echo $hesklang['message']; ?>" name="msg" rows="15" cols="70"><?php
+                            if (isset($_SESSION['canned']['msg']))
+                            {
+                                echo stripslashes($_SESSION['canned']['msg']);
+                            }
+                            ?></textarea>
+                    </span>
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="col-sm-10 col-sm-offset-2">
+                    <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                    <input type="submit" value="<?php echo $hesklang['save_ticket_tpl']; ?>" class="btn btn-default">
+                </div>
+            </div>
+        </form>
+    </div>
+</div>
+
+<script language="javascript" type="text/javascript"><!--
+var myMsgTxt = new Array();
+myMsgTxt[0]='';
+var myTitle = new Array();
+myTitle[0]='';
+
+<?php
+echo $javascript_titles;
+echo $javascript_messages;
+?>
+
+function setMessage(msgid) {
+    if (document.getElementById) {
+        document.getElementById('HeskMsg').innerHTML='<textarea class="form-control" name="msg" rows="15" cols="70">'+myMsgTxt[msgid]+'</textarea>';
+        document.getElementById('HeskTitle').innerHTML='<input class="form-control" type="text" name="name" size="40" maxlength="50" value="'+myTitle[msgid]+'">';
+    } else {
+        document.form1.msg.value=myMsgTxt[msgid];
+        document.form1.name.value=myTitle[msgid];
+    }
+
+    if (msgid==0) {
+        document.form1.a[0].checked=true;
+    } else {
+        document.form1.a[1].checked=true;
+    }
+}
+//-->
+</script>
+
+<?php
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+function edit_saved()
+{
+	global $hesk_settings, $hesklang;
+
+	/* A security check */
+	hesk_token_check('POST');
+
+    $hesk_error_buffer = '';
+
+	$id = intval( hesk_POST('saved_replies') ) or $hesk_error_buffer .= '<li>' . $hesklang['sel_ticket_tpl'] . '</li>';
+	$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
+	$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
+
+	// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
+	$msg = preg_replace('/\R/u', "\r\n", $msg);
+    
+	$_SESSION['canned']['what'] = 'EDIT';
+    $_SESSION['canned']['id'] = $id;
+    $_SESSION['canned']['name'] = $savename;
+    $_SESSION['canned']['msg'] = $msg;
+
+    /* Any errors? */
+    if (strlen($hesk_error_buffer))
+    {
+    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+    	hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php?saved_replies='.$id);
+    }
+
+	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `title`='".hesk_dbEscape($savename)."',`message`='".hesk_dbEscape($msg)."' WHERE `id`='".intval($id)."' LIMIT 1");
+
+	unset($_SESSION['canned']['what']);
+    unset($_SESSION['canned']['id']);
+    unset($_SESSION['canned']['name']);
+    unset($_SESSION['canned']['msg']);
+
+    hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php?saved_replies='.$id,'SUCCESS');
+} // End edit_saved()
+
+
+function new_saved()
+{
+	global $hesk_settings, $hesklang;
+
+	/* A security check */
+	hesk_token_check('POST');
+
+    $hesk_error_buffer = '';
+	$savename = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_title'] . '</li>';
+	$msg = hesk_input( hesk_POST('msg') ) or $hesk_error_buffer .= '<li>' . $hesklang['ent_ticket_tpl_msg'] . '</li>';
+
+	// Avoid problems with utf-8 newline chars in Javascript code, detect and remove them
+	$msg = preg_replace('/\R/u', "\r\n", $msg);
+
+	$_SESSION['canned']['what'] = 'NEW';
+    $_SESSION['canned']['name'] = $savename;
+    $_SESSION['canned']['msg'] = $msg;
+
+    /* Any errors? */
+    if (strlen($hesk_error_buffer))
+    {
+    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+    	hesk_process_messages($hesk_error_buffer,'manage_ticket_templates.php');
+    }
+
+	/* Get the latest tpl_order */
+	$result = hesk_dbQuery('SELECT `tpl_order` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` DESC LIMIT 1');
+	$row = hesk_dbFetchRow($result);
+	$my_order = $row[0]+10;
+
+	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (`title`,`message`,`tpl_order`) VALUES ('".hesk_dbEscape($savename)."','".hesk_dbEscape($msg)."','".intval($my_order)."')");
+
+	unset($_SESSION['canned']['what']);
+    unset($_SESSION['canned']['name']);
+    unset($_SESSION['canned']['msg']);
+
+    hesk_process_messages($hesklang['ticket_tpl_saved'],'manage_ticket_templates.php','SUCCESS');
+} // End new_saved()
+
+
+function remove()
+{
+	global $hesk_settings, $hesklang;
+
+	/* A security check */
+	hesk_token_check();
+
+	$mysaved = intval( hesk_GET('id') ) or hesk_error($hesklang['id_not_valid']);
+
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` WHERE `id`='".intval($mysaved)."' LIMIT 1");
+	if (hesk_dbAffectedRows() != 1)
+    {
+    	hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
+    }
+
+    hesk_process_messages($hesklang['ticket_tpl_removed'],'manage_ticket_templates.php','SUCCESS');
+} // End remove()
+
+
+function order_saved()
+{
+	global $hesk_settings, $hesklang;
+
+	/* A security check */
+	hesk_token_check();
+
+	$tplid = intval( hesk_GET('replyid') ) or hesk_error($hesklang['ticket_tpl_id']);
+    $_SESSION['canned']['selcat2'] = $tplid;
+
+	$tpl_move = intval( hesk_GET('move') );
+
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=`tpl_order`+".intval($tpl_move)." WHERE `id`='".intval($tplid)."' LIMIT 1");
+	if (hesk_dbAffectedRows() != 1) {hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");}
+
+	/* Update all category fields with new order */
+	$result = hesk_dbQuery('SELECT `id` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'ticket_templates` ORDER BY `tpl_order` ASC');
+
+	$i = 10;
+	while ($mytpl=hesk_dbFetchAssoc($result))
+	{
+	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` SET `tpl_order`=".intval($i)." WHERE `id`='".intval($mytpl['id'])."' LIMIT 1");
+	    $i += 10;
+	}
+
+	header('Location: manage_ticket_templates.php');
+	exit();
+} // End order_saved()
+
+?>
diff --git a/admin/manage_users.php b/admin/manage_users.php
index f7cbea07..2df6b106 100644
--- a/admin/manage_users.php
+++ b/admin/manage_users.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -39,6 +39,7 @@ define('HESK_PATH','../');
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/profile_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -61,6 +62,7 @@ $hesk_settings['features'] = array(
 'can_man_users',		/* User can create and edit staff accounts */
 'can_man_cat',			/* User can manage categories/departments */
 'can_man_canned',		/* User can manage canned responses */
+'can_man_ticket_tpl',	/* User can manage ticket templates */
 'can_add_archive',		/* User can mark tickets as "Tagged" */
 'can_assign_self',		/* User can assign tickets to himself/herself */
 'can_assign_others',	/* User can assign tickets to other staff members */
@@ -70,20 +72,51 @@ $hesk_settings['features'] = array(
 'can_run_reports_full', /* User can run reports and see statistics (unrestricted) */
 'can_export',			/* User can export own tickets to Excel */
 'can_view_online',		/* User can view what staff members are currently online */
+'can_ban_emails',		/* User can ban email addresses */
+'can_unban_emails',		/* User can delete email address bans. Also enables "can_ban_emails" */
+'can_ban_ips',			/* User can ban IP addresses */
+'can_unban_ips',		/* User can delete IP bans. Also enables "can_ban_ips" */
+'can_service_msg',		/* User can manage service messages shown in customer interface */
 );
 
 /* Set default values */
 $default_userdata = array(
+
+    // Profile info
 	'name' => '',
 	'email' => '',
-	'user' => '',
+    'cleanpass' => '',
+    'user' => '',
+    'autoassign' => 'Y',
+
+    // Signature
 	'signature' => '',
+
+    // Permissions
 	'isadmin' => 1,
     'active' => 1,
 	'categories' => array('1'),
 	'features' => array('can_view_tickets','can_reply_tickets','can_change_cat','can_assign_self','can_view_unassigned','can_view_online'),
-	'signature' => '',
-	'cleanpass' => '',
+
+    // Preferences
+    'afterreply' => 0,
+    'autorefresh' => 0,
+
+    // Defaults
+    'autostart' => 1,
+    'notify_customer_new' => 1,
+    'notify_customer_reply' => 1,
+    'show_suggested' => 1,
+
+    // Notifications
+    'notify_new_unassigned' => 1,
+    'notify_new_my' => 1,
+    'notify_reply_unassigned' => 1,
+    'notify_reply_my' => 1,
+    'notify_assigned' => 1,
+    'notify_note' => 1,
+    'notify_pm' => 1,
+    'notify_note_unassigned' => 1,
 );
 
 /* A list of all categories */
@@ -101,7 +134,10 @@ while ($row=hesk_dbFetchAssoc($res))
 if ( ! $_SESSION['isadmin'])
 {
 	/* Can't create admin users */
-    $_POST['isadmin'] = 0;
+    if ( isset($_POST['isadmin']) )
+    {
+        unset($_POST['isadmin']);
+    }
 
     /* Can only add features he/she has access to */
 	$hesk_settings['features'] = array_intersect( explode(',', $_SESSION['heskprivileges']) , $hesk_settings['features']);
@@ -166,149 +202,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 ?>
 
 <div style="margin-top: 20px" class="row">
-    <div class="col-md-4">
-        <div class="panel panel-default">
-            <div class="panel-heading"><?php echo $hesklang['add_user']; ?></div>
-            <div class="panel-body">
-                <h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
-                <div class="footerWithBorder blankSpace"></div>
-
-                <form class="form-horizontal" name="form1" action="manage_users.php" method="post">
-                    <div class="form-group">
-                        <label for="name" class="col-sm-5 control-label"><?php echo $hesklang['real_name']; ?>: <font class="important">*</font></label>
-                        <div class="col-sm-7">
-                            <input type="text" class="form-control" name="name" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['name']; ?>" placeholder="<?php echo $hesklang['real_name']; ?>" />
-                        </div>     
-                    </div>
-                    <div class="form-group">
-                        <label for="email" class="col-sm-5 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
-                        <div class="col-sm-7">
-                            <input type="text" class="form-control" name="email" size="40" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>" value="<?php echo $_SESSION['userdata']['email']; ?>" />    
-                        </div>
-                    </div>
-                    <div class="form-group">
-                        <label for="user" class="col-sm-5 control-label"><?php echo $hesklang['username']; ?>: <font class="important">*</font></label>
-                        <div class="col-sm-7">
-                            <input type="text" class="form-control" name="user" size="40" maxlength="20" value="<?php echo $_SESSION['userdata']['user']; ?>" placeholder="<?php echo $hesklang['username']; ?>" />
-                        </div>
-                    </div>
-                    <div class="form-group">
-                        <label for="pass" class="col-sm-5 control-label"><?php echo $hesklang['pass']; ?>: <font class="important">*</font></label>
-                        <div class="col-sm-7">
-                            <input type="password" class="form-control" name="newpass" autocomplete="off" size="40" placeholder="<?php echo $hesklang['pass']; ?>" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" onkeyup="javascript:hesk_checkPassword(this.value)" />     
-                        </div>
-                    </div>
-                    <div class="form-group">
-                        <label for="confirmPass" class="col-sm-5 control-label" style="font-size: .9em"><?php echo $hesklang['confirm_pass']; ?>: <font class="important">*</font></label>     
-                        <div class="col-sm-7">
-                            <input type="password" name="newpass2" class="form-control" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" size="40" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" />
-                        </div>
-                    </div>
-                    <div class="form-group">
-                        <label for="pwStrength" class="col-sm-5 control-label" style="font-size: .9em"><?php echo $hesklang['pwdst']; ?>:</label>
-                        <div class="col-sm-7">
-                            <div style="border: 1px solid gray; width: 100px;">
-                                <div id="progressBar"
-                                    style="font-size: 1px; height: 22px; width: 0px; border: 1px solid white;">
-                                </div>
-                            </div> 
-                        </div>     
-                    </div>
-                    <div class="form-group">
-                        <label for="administrator" class="col-sm-5 control-label"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></label>
-                        <div class="col-sm-7">
-                            <?php
-                            /* Only administrators can create new administrator accounts */
-                            if ($_SESSION['isadmin'])
-                            {
-                                ?>
-                                <div class="radio"><label><input type="radio" name="isadmin" value="1" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['yes'].' '.$hesklang['admin_can']; ?></label></div>
-                                <div class="radio"><label><input type="radio" name="isadmin" value="0" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['no'].' '.$hesklang['staff_can']; ?></label></div>
-                                <?php
-                            }
-                            else
-                            {
-                                echo $hesklang['no'].' '.$hesklang['staff_can'];
-                            }
-                            ?>
-                        </div>
-                    </div>
-                    <div id="options" style="display: <?php echo ($_SESSION['isadmin'] && $_SESSION['userdata']['isadmin']) ? 'none' : 'block'; ?>">
-                        <div class="form-group">
-                            <label for="categories" class="col-sm-5 control-label"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></label>
-                            <div class="col-sm-7">
-                                 <?php
-                                    foreach ($hesk_settings['categories'] as $catid => $catname)
-                                    {
-                                        echo '<div class="checkbox"><label><input type="checkbox" name="categories[]" value="' . $catid . '" ';
-                                        if ( in_array($catid,$_SESSION['userdata']['categories']) )
-                                        {
-                                            echo ' checked="checked" ';
-                                        }
-                                        echo ' />' . $catname . '</label></div> ';
-                                    }
-                                ?>
-                            </div>     
-                        </div>
-                        <div class="form-group">
-                            <label for="permissions" class="col-sm-5 control-label"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></label>
-                            <div class="col-sm-7">
-                                 <?php
-                                    foreach ($hesk_settings['features'] as $k)
-                                    {
-                                        echo '<div class="checkbox"><label><input type="checkbox" name="features[]" value="' . $k . '" ';
-                                        if (in_array($k,$_SESSION['userdata']['features']))
-                                        {
-                                            echo ' checked="checked" ';
-                                        }
-                                        echo ' />' . $hesklang[$k] . '</label></div> ';
-                                    }
-                                ?>
-                                <div class="checkbox">
-                                    <label><input type="checkbox" name="can_change_notification_settings" checked> <?php echo $hesklang['can_change_notification_settings']; ?> </label>
-                                </div>
-                            </div>     
-                        </div> 
-                    </div>
-                    <div class="form-group">
-                        <label for="auto-assign" class="col-sm-5 control-label"><?php echo $hesklang['opt']; ?>:</label>
-                        <div class="col-sm-7">
-                            <?php
-                            if ($hesk_settings['autoassign'])
-                            {
-                            ?>
-                            <div class="checkbox">
-                                <label><input type="checkbox" name="autoassign" value="Y" <?php if ( ! isset($_SESSION['userdata']['autoassign']) || $_SESSION['userdata']['autoassign'] == 1 ) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['user_aa']; ?></label>
-                            </div>
-                            <?php } if ($_SESSION['can_manage_settings']) { ?>
-                            <div class="checkbox">
-                                    <label><input type="checkbox" name="manage_settings"> <?php echo $hesklang['can_man_settings']; ?></label>
-                            </div>
-                            <?php } ?>
-                        </div>
-                    </div>
-                    <div class="form-group">
-                        <label for="signature" class="col-sm-5 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
-
-                        <div class="col-sm-7">
-                            <textarea class="form-control" name="signature" rows="6" placeholder="<?php echo $hesklang['sig']; ?>" cols="40"><?php echo $_SESSION['userdata']['signature']; ?></textarea>
-                            <?php echo $hesklang['sign_extra']; ?>
-                        </div>     
-                    </div>
-                    <div class="form-group">
-                        <div class="col-sm-12 text-right">
-                            <input type="hidden" name="a" value="new" />
-                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
-                            <input type="submit" class="btn btn-default" value="<?php echo $hesklang['create_user']; ?>" />
-                            <a class="btn btn-default" href="manage_users.php?a=reset_form"><?php echo $hesklang['refi']; ?></a>     
-                        </div>     
-                    </div>
-
-                </form>
-            </div>
-        </div>
-	</div>
-    <div class="col-md-8">
+    <div class="col-md-10 col-md-offset-1">
          <script language="Javascript" type="text/javascript"><!--
             function confirm_delete()
             {
@@ -345,7 +239,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             </tr>
 <!-- I can't get this block to tab over without breaking, so it will be awkwardly sticking out for now :( -->
 <?php
-$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `id` ASC');
+$res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` ORDER BY `name` ASC');
 
 $i=1;
 $cannot_manage = array();
@@ -470,7 +364,18 @@ EOC;
 {
     echo '&nbsp;&nbsp;&nbsp;<i style="color: green" class="fa fa-circle"></i> '.$hesklang['online'].' &nbsp;&nbsp;&nbsp; <i style="color: gray" class="fa fa-circle"></i> '.$hesklang['offline'];
 }?>
-    </div>     
+    </div>
+</div>
+<div class="row">
+    <div class="col-md-10 col-md-offset-1">
+        <h3><?php echo $hesklang['add_user']; ?></h3>
+        <h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
+        <div class="footerWithBorder blankSpace"></div>
+
+        <form name="form1" method="post" action="manage_users.php" class="form-horizontal" role="form">
+        <?php hesk_profile_tab('userdata', false, 'create_user'); ?>
+        </form>
+    </div>
 </div>
 
 <script language="Javascript" type="text/javascript"><!--
@@ -554,7 +459,7 @@ function edit_user()
 
     if ( ! isset($_SESSION['save_userdata']))
     {
-		$res = hesk_dbQuery("SELECT `user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges` AS `features`, `can_manage_settings`, `active`, `can_change_notification_settings`
+		$res = hesk_dbQuery("SELECT *,`heskprivileges` AS `features`, `can_manage_settings`, `active`, `can_change_notification_settings`
                             FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($id)."' LIMIT 1");
     	$_SESSION['userdata'] = hesk_dbFetchAssoc($res);
 
@@ -605,157 +510,7 @@ function edit_user()
             <div class="footerWithBorder blankSpace"></div>
             
             <form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
-                <!-- Contact info -->
-                <div class="form-group">
-                    <label for="name" class="col-sm-3 control-label"><?php echo $hesklang['real_name']; ?>: <font class="important">*</font></label>
-                    <div class="col-sm-9">
-                        <input class="form-control" placeholder="<?php echo $hesklang['real_name']; ?>" type="text" name="name" size="40" maxlength="50" value="<?php echo $_SESSION['userdata']['name']; ?>" />
-                    </div>
-                </div>
-                <div class="form-group">
-                    <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
-                    <div class="col-sm-9">
-                        <input class="form-control" placeholder="<?php echo $hesklang['email']; ?>"  type="text" name="email" size="40" maxlength="255" value="<?php echo $_SESSION['userdata']['email']; ?>" />
-                    </div>
-                </div>
-                <div class="form-group">
-                    <label for="user" class="col-sm-3 control-label"><?php echo $hesklang['username']; ?>: <font class="important">*</font></label>
-                    <div class="col-sm-9">
-                        <input class="form-control" placeholder="<?php echo $hesklang['username']; ?>" type="text" name="user" size="40" maxlength="20" value="<?php echo $_SESSION['userdata']['user']; ?>" />
-                    </div>     
-                </div>
-                <div class="form-group">
-                    <label for="newpass" class="col-sm-3 control-label"><?php echo $hesklang['pass']; ?>:</label>
-                    <div class="col-sm-9">
-                        <input type="password" class="form-control" placeholder="<?php echo $hesklang['pass']; ?>"  name="newpass" autocomplete="off" size="40" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" onkeyup="javascript:hesk_checkPassword(this.value)" />         
-                    </div>
-                </div>
-                <div class="form-group">
-                    <label for="newpass2" class="col-sm-3 control-label"><?php echo $hesklang['confirm_pass']; ?>:</label>
-                    <div class="col-sm-9">
-                        <input type="password" class="form-control" placeholder="<?php echo $hesklang['confirm_pass']; ?>"  name="newpass2" autocomplete="off" size="40" value="<?php echo $_SESSION['userdata']['cleanpass']; ?>" />
-                    </div>     
-                </div>
-                <div class="form-group">
-                    <label for="pwdst" class="col-sm-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
-                    <div class="col-sm-9">
-                        <div style="border: 1px solid gray; width: 100px;">
-	                        <div id="progressBar"
-	                             style="font-size: 1px; height: 14px; width: 0px; border: 1px solid white;">
-	                        </div>
-                        </div>
-                    </div>   
-                </div>
-                <div class="form-group">
-                    <label for="isadmin" class="col-sm-3 control-label"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></label>
-                    <div class="col-sm-9">
-                        <?php
-	                    /* Only administrators can create new administrator accounts */
-	                    if ($_SESSION['isadmin'])
-	                    {
-		                    ?>
-	                        <div class="radio"><label><input type="radio" name="isadmin" value="1" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['yes'].' '.$hesklang['admin_can']; ?></label></div>
-		                    <div class="radio"><label><input type="radio" name="isadmin" value="0" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION['userdata']['isadmin']) echo 'checked="checked"'; ?> /> <?php echo $hesklang['no'].' '.$hesklang['staff_can']; ?></label></div>
-	                        <?php
-	                    }
-	                    else
-	                    {
-		                    echo $hesklang['no'].' '.$hesklang['staff_can'];
-	                    }
-	                    ?>        
-                    </div>     
-                </div>
-                <div class="form-group" id="options" style="display: <?php echo ($_SESSION['isadmin'] && $_SESSION['userdata']['isadmin']) ? 'none' : ''; ?>">
-                   <div class="row">
-                        <label for="cats" class="control-label col-sm-3"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></label>
-                        <div class="col-sm-6">
-                            <?php
-	                            foreach ($hesk_settings['categories'] as $catid => $catname)
-	                            {
-	        	                    echo '<div class="checkbox"><label><input type="checkbox" name="categories[]" value="' . $catid . '" ';
-	                                if ( in_array($catid,$_SESSION['userdata']['categories']) )
-	                                {
-	            	                    echo ' checked="checked" ';
-	                                }
-	                                echo ' />' . $catname . '</label></div> ';
-	                            }
-			                ?>         
-                        </div>
-                    </div>
-                    <div class="row">
-                        <label for="feats" class="control-label col-sm-3"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></label>
-                        <div class="col-sm-6">
-                            <?php
-			                    foreach ($hesk_settings['features'] as $k)
-	                            {
-	        	                    echo '<div class="checkbox"><label><input type="checkbox" name="features[]" value="' . $k . '" ';
-	                                if (in_array($k,$_SESSION['userdata']['features']))
-	                                {
-	            	                    echo ' checked="checked" ';
-	                                }
-	                                echo ' />' . $hesklang[$k] . '</label></div> ';
-	                            }
-
-                                $manageNotificationCheckboxState = '';
-                                if (
-                                    isset($_SESSION['userdata']['can_change_notification_settings'])
-                                    && $_SESSION['userdata']['can_change_notification_settings'] == 1)
-                                {
-                                    $manageNotificationCheckboxState = 'checked';
-                                }
-
-	                        ?>
-                            <div class="checkbox">
-                                <label><input type="checkbox" name="can_change_notification_settings" <?php echo $manageNotificationCheckboxState; ?>>
-                                        <?php echo $hesklang['can_change_notification_settings']; ?>
-                                </label>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-                <div class="form-group">
-                    <label for="autoassign" class="col-sm-3 control-label"><?php echo $hesklang['opt']; ?>:</label>
-                    <div class="col-sm-9">
-                        <?php if ($hesk_settings['autoassign'])
-                        {    ?>
-                        <div class="checkbox">
-                            <label><input type="checkbox" name="autoassign" value="Y" <?php if ( isset($_SESSION['userdata']['autoassign']) && $_SESSION['userdata']['autoassign'] == 1 ) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['user_aa']; ?></label>
-                        </div>
-                        <?php } if ($_GET['id'] != 1) { ?>
-                            <div class="checkbox">
-                                <?php if (isset($_SESSION['userdata']['can_manage_settings'])) { ?>
-                                    <label><input type="checkbox" name="manage_settings"
-                                            <?php if ($_SESSION['userdata']['can_manage_settings']) { echo 'checked="checked"';} ?>
-                                            <?php if (!$_SESSION['can_manage_settings']) { echo 'disabled'; } ?>> <?php echo $hesklang['can_man_settings']; ?></label>
-                                    <?php if (!$_SESSION['can_manage_settings'] && $_SESSION['userdata']['can_manage_settings']) {
-                                        echo '<input type="hidden" name="manage_settings" value="1">';
-                                    } ?>
-                                <?php } ?>
-                            </div>
-                        <?php } else { ?>
-                            <input type="hidden" name="manage_settings" value="1">
-                        <?php } ?>
-                        <div class="checkbox">
-                            <label><input type="checkbox" name="active" <?php if ($_SESSION['userdata']['active']) { echo 'checked';} ?>> <?php echo $hesklang['active_user']; ?></label>
-                        </div>
-                    </div>
-                </div>
-                <div class="form-group">
-                    <label for="signature" class="col-sm-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
-                    <div class="col-sm-9">
-                        <textarea class="form-control" placeholder="<?php echo $hesklang['sig']; ?>" name="signature" rows="6" cols="40"><?php echo $_SESSION['userdata']['signature']; ?></textarea><br />
-	                    <?php echo $hesklang['sign_extra']; ?>    
-                    </div>    
-                </div>
-
-                <!-- Submit -->
-                <div class="form-group" style="text-align: center">
-                    <input type="hidden" name="a" value="save" />
-                    <input type="hidden" name="userid" value="<?php echo $id; ?>" />
-                    <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
-	                <input class="btn btn-default" type="submit" value="<?php echo $hesklang['save_changes']; ?>" />
-                    <a class="btn btn-default" href="manage_users.php"><?php echo $hesklang['dich']; ?></a>         
-                </div>
+                <?php hesk_profile_tab('userdata',false,'edit_user'); ?>
             </form>
             <script language="Javascript" type="text/javascript"><!--
 	            hesk_checkPassword(document.form1.newpass.value);
@@ -779,18 +534,6 @@ function new_user()
 
 	$myuser = hesk_validateUserInfo();
 
-	/* Can view unassigned tickets? */
-	if ( in_array('can_view_unassigned', $myuser['features']) )
-	{
-		$sql_where = '';
-		$sql_what = '';
-	}
-	else
-	{
-		$sql_where = ' , `notify_new_unassigned`, `notify_reply_unassigned` ';
-		$sql_what = " , '0', '0' ";
-	}
-
     /* Categories and Features will be stored as a string */
     $myuser['categories'] = implode(',',$myuser['categories']);
     $myuser['features'] = implode(',',$myuser['features']);
@@ -810,7 +553,30 @@ function new_user()
     }
 
 	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
-	    `user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges`, `can_manage_settings`, `can_change_notification_settings` $sql_where) VALUES (
+	    `user`,
+	    `pass`,
+	    `isadmin`,
+	    `name`,
+	    `email`,
+	    `signature`,
+	    `categories`,
+	    `autoassign`,
+	    `heskprivileges`,
+	    `can_manage_settings`,
+	    `can_change_notification_settings`,
+	    `afterreply`,
+        `autostart`,
+        `notify_customer_new`,
+        `notify_customer_reply`,
+        `show_suggested`,
+        `notify_new_unassigned`,
+        `notify_new_my`,
+        `notify_reply_unassigned`,
+        `notify_reply_my`,
+        `notify_assigned`,
+        `notify_pm`,
+        `notify_note`,
+        `notify_note_unassigned`) VALUES (
 	'".hesk_dbEscape($myuser['user'])."',
 	'".hesk_dbEscape($myuser['pass'])."',
 	'".intval($myuser['isadmin'])."',
@@ -821,8 +587,21 @@ function new_user()
 	'".intval($myuser['autoassign'])."',
 	'".hesk_dbEscape($myuser['features'])."',
 	'".hesk_dbEscape($myuser['can_manage_settings'])."',
-	'".hesk_dbEscape($myuser['can_change_notification_settings'])."'
-	$sql_what )" );
+	'".hesk_dbEscape($myuser['can_change_notification_settings'])."',
+	'".($myuser['afterreply'])."' ,
+	'".($myuser['autostart'])."' ,
+	'".($myuser['notify_customer_new'])."' ,
+	'".($myuser['notify_customer_reply'])."' ,
+	'".($myuser['show_suggested'])."' ,
+	'".($myuser['notify_new_unassigned'])."' ,
+	'".($myuser['notify_new_my'])."' ,
+	'".($myuser['notify_reply_unassigned'])."' ,
+	'".($myuser['notify_reply_my'])."' ,
+	'".($myuser['notify_assigned'])."' ,
+	'".($myuser['notify_pm'])."',
+	'".($myuser['notify_note'])."',
+	'".($myuser['notify_note_unassigned'])."'
+	)" );
 
     $_SESSION['seluser'] = hesk_dbInsertID();
 
@@ -854,16 +633,16 @@ function update_user()
     $myuser['id'] = $tmp;
 
     /* Only active users can be assigned tickets */
-    if ($myuser['active']) {
-        /* If can't view assigned changes this */
-        if (in_array('can_view_unassigned', $myuser['features'])) {
-            $sql_where = "";
-        } else {
-            $sql_where = " , `notify_new_unassigned`='0', `notify_reply_unassigned`='0' ";
-        }
-    } else {
+    if (!$myuser['active']) {
         $myuser['autoassign'] = 0;
-        $sql_where = " , `notify_new_unassigned`='0', `notify_new_my`='0', `notify_reply_unassigned`='0', `notify_reply_my`='0', `notify_assigned`='0', `notify_pm`='0', `notify_note`='0' ";
+        $myuser['notify_new_unassigned'] = 0;
+        $myuser['notify_new_my'] = 0;
+        $myuser['notify_reply_unassigned'] = 0;
+        $myuser['notify_reply_my'] = 0;
+        $myuser['notify_assigned'] = 0;
+        $myuser['notify_pm'] = 0;
+        $myuser['notify_note'] = 0;
+        $myuser['notify_note_unassigned'] = 0;
     }
 
     /* Check for duplicate usernames */
@@ -914,8 +693,20 @@ function update_user()
     `autoassign`='".intval($myuser['autoassign'])."',
     `heskprivileges`='".hesk_dbEscape($myuser['features'])."',
     `can_manage_settings`='".hesk_dbEscape($myuser['can_manage_settings'])."',
-    `can_change_notification_settings`='".hesk_dbEscape($myuser['can_change_notification_settings'])."'
-    $sql_where
+    `can_change_notification_settings`='".hesk_dbEscape($myuser['can_change_notification_settings'])."',
+    `afterreply`='".($myuser['afterreply'])."' ,
+	`autostart`='".($myuser['autostart'])."' ,
+	`notify_customer_new`='".($myuser['notify_customer_new'])."' ,
+	`notify_customer_reply`='".($myuser['notify_customer_reply'])."' ,
+	`show_suggested`='".($myuser['show_suggested'])."' ,
+	`notify_new_unassigned`='".($myuser['notify_new_unassigned'])."' ,
+	`notify_new_my`='".($myuser['notify_new_my'])."' ,
+	`notify_reply_unassigned`='".($myuser['notify_reply_unassigned'])."' ,
+	`notify_reply_my`='".($myuser['notify_reply_my'])."' ,
+	`notify_assigned`='".($myuser['notify_assigned'])."' ,
+	`notify_pm`='".($myuser['notify_pm'])."',
+	`notify_note`='".($myuser['notify_note'])."',
+	`notify_note_unassigned`='".($myuser['notify_note_unassigned'])."'
     WHERE `id`='".intval($myuser['id'])."' LIMIT 1");
 
     unset($_SESSION['save_userdata']);
@@ -1022,6 +813,22 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
         }
 	}
 
+    // Defaults
+    $myuser['autostart']				= isset($_POST['autostart']) ? 1 : 0;
+    $myuser['notify_customer_new']		= isset($_POST['notify_customer_new']) ? 1 : 0;
+    $myuser['notify_customer_reply']	= isset($_POST['notify_customer_reply']) ? 1 : 0;
+    $myuser['show_suggested']			= isset($_POST['show_suggested']) ? 1 : 0;
+
+    /* Notifications */
+    $myuser['notify_new_unassigned']	= empty($_POST['notify_new_unassigned']) ? 0 : 1;
+    $myuser['notify_new_my'] 			= empty($_POST['notify_new_my']) ? 0 : 1;
+    $myuser['notify_reply_unassigned']	= empty($_POST['notify_reply_unassigned']) ? 0 : 1;
+    $myuser['notify_reply_my']			= empty($_POST['notify_reply_my']) ? 0 : 1;
+    $myuser['notify_assigned']			= empty($_POST['notify_assigned']) ? 0 : 1;
+    $myuser['notify_note']				= empty($_POST['notify_note']) ? 0 : 1;
+    $myuser['notify_pm']				= empty($_POST['notify_pm']) ? 0 : 1;
+    $myuser['notify_note_unassigned']   = empty($_POST['notify_note_unassigned']) ? 0 : 1;
+
     /* Save entered info in session so we don't loose it in case of errors */
 	$_SESSION['userdata'] = $myuser;
 
diff --git a/admin/new_ticket.php b/admin/new_ticket.php
index 33f51c9d..55050de3 100644
--- a/admin/new_ticket.php
+++ b/admin/new_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -48,6 +48,57 @@ hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
 
+// Pre-populate fields
+// Customer name
+if ( isset($_REQUEST['name']) )
+{
+    $_SESSION['as_name'] = $_REQUEST['name'];
+}
+
+// Customer email address
+if ( isset($_REQUEST['email']) )
+{
+    $_SESSION['as_email']  = $_REQUEST['email'];
+    $_SESSION['as_email2'] = $_REQUEST['email'];
+}
+
+// Category ID
+if ( isset($_REQUEST['catid']) )
+{
+    $_SESSION['as_category'] = intval($_REQUEST['catid']);
+}
+if ( isset($_REQUEST['category']) )
+{
+    $_SESSION['as_category'] = intval($_REQUEST['category']);
+}
+
+// Priority
+if ( isset($_REQUEST['priority']) )
+{
+    $_SESSION['as_priority'] = intval($_REQUEST['priority']);
+}
+
+// Subject
+if ( isset($_REQUEST['subject']) )
+{
+    $_SESSION['as_subject'] = $_REQUEST['subject'];
+}
+
+// Message
+if ( isset($_REQUEST['message']) )
+{
+    $_SESSION['as_message'] = $_REQUEST['message'];
+}
+
+// Custom fields
+foreach ($hesk_settings['custom_fields'] as $k=>$v)
+{
+    if ($v['use'] && isset($_REQUEST[$k]) )
+    {
+        $_SESSION['as_'.$k] = $_REQUEST[$k];
+    }
+}
+
 /* Varibles for coloring the fields in case of errors */
 if (!isset($_SESSION['iserror']))
 {
@@ -61,7 +112,7 @@ if (!isset($_SESSION['isnotice']))
 
 /* List of users */
 $admins = array();
-$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `id` ASC");
+$result = hesk_dbQuery("SELECT `id`,`name`,`isadmin`,`categories`,`heskprivileges` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `active` = '1' ORDER BY `name` ASC");
 while ($row=hesk_dbFetchAssoc($result))
 {
 	/* Is this an administrator? */
@@ -125,7 +176,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 <div class="form-group">
                     <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: </label>
                     <div class="col-sm-9">
-                        <input type="text" class="form-control" name="email" size="40" maxlength="255"
+                        <input type="text" class="form-control" name="email" size="40" maxlength="1000"
                                value="<?php if (isset($_SESSION['as_email'])) {echo stripslashes(hesk_input($_SESSION['as_email']));}
                                    else if (isset($_GET['email'])) {echo hesk_GET('email');} ?>" <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(1)"'; } ?>
                                placeholder="<?php echo $hesklang['email']; ?>">
@@ -140,11 +191,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <div class="col-sm-9">
                         <select name="category" class="form-control">
                             <?php
-	                            if (!empty($_GET['catid']))
+                                // Show the "Click to select"?
+                                if ($hesk_settings['select_cat'])
 	                            {
-		                            $_SESSION['as_category'] = intval( hesk_GET('catid') );
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
 	                            }
 
+                                // List categories
 	                            $result = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC');
 	                            while ($row=hesk_dbFetchAssoc($result))
 	                            {
@@ -160,6 +213,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <label for="priority" class="col-sm-3 control-label"><?php echo $hesklang['priority']; ?>: <font class="important">*</font></label>
                     <div class="col-sm-9">
                         <select name="priority" class="form-control">
+                            <?php
+                            // Show the "Click to select"?
+                            if ($hesk_settings['select_pri'])
+                            {
+                                echo '<option value="">'.$hesklang['select'].'</option>';
+                            }
+                            ?>
                             <option value="3" <?php
                                 if((isset($_SESSION['as_priority']) && $_SESSION['as_priority']==3)
                                     || (isset($_GET['priority']) && $_GET['priority']==3)) {echo 'selected="selected"';} ?>><?php echo $hesklang['low']; ?></option>
@@ -259,12 +319,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 					            echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
                                 <div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
 
+                                // Show "Click to select"?
+                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
+                                if ($num)
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+
 	            	            $options = explode('#HESK#',$v['value']);
 
 	                            foreach ($options as $option)
 	                            {
 
-		            	            if (strlen($k_value) == 0 || $k_value == $option)
+		            	            if ($k_value == $option)
 		                            {
 	                    	            $k_value = $option;
 	                                    $selected = 'selected="selected"';
@@ -291,7 +358,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                 foreach ($options as $option)
                                 {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option)
+                                    if (strlen($k_value == $option))
                                     {
                                         $k_value = $option;
                                         $selected = 'selected="selected"';
@@ -386,15 +453,142 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 ?>
                 <!-- End custom before -->
                 <!-- Ticket Info -->
+                <?php
+                // Lets handle ticket templates
+                $can_options = '';
+
+                // Get ticket templates from the database
+                $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` ORDER BY `tpl_order` ASC");
+
+                // If we have any templates print them out
+                if ( hesk_dbNumRows($res) )
+                {
+                    ?>
+                    <script language="javascript" type="text/javascript"><!--
+                        // -->
+                        var myMsgTxt = new Array();
+                        var mySubjectTxt = new Array();
+                        myMsgTxt[0]='';
+                        mySubjectTxt[0]='';
+
+                        <?php
+                        while ($mysaved = hesk_dbFetchRow($res))
+                        {
+                            $can_options .= '<option value="' . $mysaved[0] . '">' . $mysaved[1]. "</option>\n";
+                            echo 'myMsgTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[2]))."';\n";
+                            echo 'mySubjectTxt['.$mysaved[0].']=\''.str_replace("\r\n","\\r\\n' + \r\n'", addslashes($mysaved[1]))."';\n";
+                        }
+
+                        ?>
+
+                        function setMessage(msgid)
+                        {
+                            var myMsg=myMsgTxt[msgid];
+                            var mySubject=mySubjectTxt[msgid];
+
+                            if (myMsg == '')
+                            {
+                                if (document.form1.mode[1].checked)
+                                {
+                                    document.getElementById('message').value = '';
+                                    document.getElementById('subject').value = '';
+                                }
+                                return true;
+                            }
+                            if (document.getElementById)
+                            {
+                                if (document.getElementById('moderep').checked)
+                                {
+                                    document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="60">'+myMsg+'</textarea>';
+                                    document.getElementById('HeskSub').innerHTML='<input type="text" name="subject" id="subject" size="40" maxlength="40" value="'+mySubject+'" />';
+                                }
+                                else
+                                {
+                                    var oldMsg = document.getElementById('message').value;
+                                    document.getElementById('HeskMsg').innerHTML='<textarea name="message" id="message" rows="12" cols="60">'+oldMsg+myMsg+'</textarea>';
+                                    if (document.getElementById('subject').value == '')
+                                    {
+                                        document.getElementById('HeskSub').innerHTML='<input type="text" name="subject" id="subject" size="40" maxlength="40" value="'+mySubject+'" />';
+                                    }
+                                }
+                            }
+                            else
+                            {
+                                if (document.form1.mode[0].checked)
+                                {
+                                    document.form1.message.value=myMsg;
+                                    document.form1.subject.value=mySubject;
+                                }
+                                else
+                                {
+                                    var oldMsg = document.form1.message.value;
+                                    document.form1.message.value=oldMsg+myMsg;
+                                    if (document.form1.subject.value == '')
+                                    {
+                                        document.form1.subject.value=mySubject;
+                                    }
+                                }
+                            }
+
+                        }
+                        //-->
+                    </script>
+                <?php
+                } // END fetchrows
+
+                // Print templates
+                if ( strlen($can_options) )
+                {
+                    ?>
+                    <tr>
+                        <td style="text-align:right" width="150" valign="top">&nbsp;</td>
+                        <td width="80%">
+                            <div align="center">
+                                <table class="white" style="width:100%">
+                                    <tr>
+                                        <td class="admin_gray" colspan="2"><b>&raquo;<?php echo $hesklang['ticket_tpl']; ?></b> <?php echo hesk_checkPermission('can_man_ticket_tpl', 0) ? '(<a href="manage_ticket_templates.php">' . $hesklang['ticket_tpl_man'] . '</a>)' : ''; ?></td>
+                                    </tr>
+                                    <tr>
+                                        <td class="admin_gray">
+                                            <label><input type="radio" name="mode" id="modeadd" value="1" checked="checked" /> <?php echo $hesklang['madd']; ?></label><br />
+                                            <label><input type="radio" name="mode" id="moderep" value="0" /> <?php echo $hesklang['mrep']; ?></label>
+                                        </td>
+                                        <td class="admin_gray">
+                                            <?php echo $hesklang['select_ticket_tpl']; ?>:<br />
+                                            <select name="saved_replies" onchange="setMessage(this.value)">
+                                                <option value="0"> - <?php echo $hesklang['select_empty']; ?> - </option>
+                                                <?php echo $can_options; ?>
+                                            </select>
+                                        </td>
+                                    </tr>
+                                </table>
+                            </div>
+                        </td>
+                    </tr>
+                <?php
+                } // END printing templates
+                elseif ( hesk_checkPermission('can_man_ticket_tpl', 0) )
+                {
+                    ?>
+                    <tr>
+                        <td style="text-align:right" width="150">&nbsp;</td>
+                        <td width="80%"><a href="manage_ticket_templates.php"><?php echo $hesklang['ticket_tpl_man']; ?></a></td>
+                    </tr>
+                <?php
+                }
+                ?>
+
                 <?php if (in_array('subject',$_SESSION['iserror'])) {echo '<div class="form-group has-error">';} else {echo '<div class="form-group">';} ?>
                     <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>: <font class="important">*</font></label>
                     <div class="col-sm-9">
-                        <input class="form-control" type="text" name="subject" size="40" maxlength="40" value="<?php if (isset($_SESSION['as_subject']) || isset($_GET['subject'])) {echo stripslashes(hesk_input($_SESSION['as_subject']));} ?>" placeholder="<?php echo $hesklang['subject']; ?>" />
+                        <span id="HeskSub"><input class="form-control" type="text" name="subject" id="subject" size="40" maxlength="40" value="<?php if (isset($_SESSION['as_subject']) || isset($_GET['subject'])) {echo stripslashes(hesk_input($_SESSION['as_subject']));} ?>" placeholder="<?php echo $hesklang['subject']; ?>" /></span>
                     </div>         
                 </div>
                 <?php if (in_array('message',$_SESSION['iserror'])) {echo '<div class="form-group has-error">';} else {echo '<div class="form-group">';} ?>
                     <div class="col-sm-12">
-                        <textarea class="form-control" name="message" rows="12" cols="60" placeholder="<?php echo $hesklang['message']; ?>" ><?php if (isset($_SESSION['as_message'])) {echo stripslashes(hesk_input($_SESSION['as_message']));} ?></textarea>
+                        <span id="HeskSub">
+                            <textarea class="form-control" name="message" id="message" rows="12" cols="60" placeholder="<?php echo $hesklang['message']; ?>" ><?php if (isset($_SESSION['as_message'])) {echo stripslashes(hesk_input($_SESSION['as_message']));} ?></textarea>
+                        </span>
                     </div>
                 </div>
                 <hr/>
@@ -472,12 +666,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 					            echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
                                 <div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
 
+                                // Show "Click to select"?
+                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
+                                if ($num)
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+
 	            	            $options = explode('#HESK#',$v['value']);
 
 	                            foreach ($options as $option)
 	                            {
 
-		            	            if (strlen($k_value) == 0 || $k_value == $option)
+		            	            if ($k_value == $option)
 		                            {
 	                    	            $k_value = $option;
 	                                    $selected = 'selected="selected"';
@@ -561,7 +762,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                 foreach ($options as $option)
                                 {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option)
+                                    if ($k_value == $option)
                                     {
                                         $k_value = $option;
                                         $selected = 'selected="selected"';
@@ -620,10 +821,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 	            }
 	            ?> 
                 <!-- Admin options -->
+                <?php
+                if ( ! isset($_SESSION['as_notify']) )
+                {
+                    $_SESSION['as_notify'] = $_SESSION['notify_customer_new'] ? 1 : 0;
+                }
+                ?>
                 <div class="form-group">
                     <label class="col-sm-3 control-label"><?php echo $hesklang['addop']; ?>:</label>
                     <div class="col-sm-9">
-                        <label><input type="checkbox" name="notify" value="1" <?php echo (!isset($_SESSION['as_notify']) || !empty($_SESSION['as_notify'])) ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['seno']; ?></label><br />
+                        <label><input type="checkbox" name="notify" value="1" <?php echo empty($_SESSION['as_notify']) ? '' : 'checked="checked"'; ?> /> <?php echo $hesklang['seno']; ?></label><br />
                         <label><input type="checkbox" name="show" value="1" <?php echo (!isset($_SESSION['as_show']) || !empty($_SESSION['as_show'])) ? 'checked="checked"' : ''; ?> /> <?php echo $hesklang['otas']; ?></label><br />
                         <hr />     
                     </div>
diff --git a/admin/options.php b/admin/options.php
index 95d05481..ba42c6ef 100644
--- a/admin/options.php
+++ b/admin/options.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -190,6 +190,8 @@ switch ($type)
         ';
     	break;
     case 'select':
+        $query = str_replace('{HESK_SELECT}', '', $query, $show_select);
+
     	$options=str_replace('#HESK#',"\n",$query);
     	echo '
         <script language="javascript">
@@ -217,12 +219,18 @@ switch ($type)
             }
 			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
 
+			if (document.getElementById(\'show_select\').checked)
+			{
+				text = "{HESK_SELECT}" + text;
+			}
+
         	window.opener.document.getElementById(\'s_'.$id.'_val\').value = text;
             window.close();
         }
         </script>
 
         <p>'.$hesklang['opt3'].'</p>
+        <p><label><input type="checkbox" name="show_select" id="show_select" value="1" ' . ($show_select ? 'checked="checked"' : '') . ' /> ' . $hesklang['show_select'] . '</label></p>
         <textarea name="o1" id="o1" rows="6" cols="40">'.$options.'</textarea>
         <p><input type="button" value="  '.$hesklang['ok'].'  " onclick="Javascript:hesk_saveOptions()" /></p>
         ';
diff --git a/admin/password.php b/admin/password.php
new file mode 100644
index 00000000..79b745be
--- /dev/null
+++ b/admin/password.php
@@ -0,0 +1,361 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+
+// Is the password reset function enabled?
+if ( ! $hesk_settings['reset_pass'])
+{
+	die($hesklang['attempt']);
+}
+
+// Allow additional 5 attempts in case the user is already blocked
+$hesk_settings['attempt_limit'] += 5;
+
+// Start session
+hesk_session_start();
+
+if (!isset($_SESSION['a_iserror']))
+{
+	$_SESSION['a_iserror'] = array();
+}
+
+$hesk_error_buffer = array();
+
+// If this is a POST method, check input
+if ($_SERVER['REQUEST_METHOD'] == 'POST')
+{
+	// Verify security image
+	if ($hesk_settings['secimg_use'])
+	{
+		// Using ReCaptcha?
+		if ($hesk_settings['recaptcha_use'] == 1)
+		{
+			require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
+
+			$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'],
+			$_SERVER['REMOTE_ADDR'],
+			hesk_POST('recaptcha_challenge_field', ''),
+			hesk_POST('recaptcha_response_field', '')
+            );
+
+			if ($resp->is_valid)
+			{
+				//$_SESSION['img_a_verified']=true;
+			}
+			else
+			{
+				$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
+			}
+		}
+		// Using ReCaptcha API v2?
+		elseif ($hesk_settings['recaptcha_use'] == 2)
+		{
+			require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
+
+			$resp = null;
+			$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
+
+			// Was there a reCAPTCHA response?
+			if ( isset($_POST["g-recaptcha-response"]) )
+			{
+				$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
+			}
+
+			if ($resp != null && $resp->success)
+			{
+				//$_SESSION['img_a_verified']=true;
+			}
+			else
+			{
+				$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
+			}
+		}
+		// Using PHP generated image
+		else
+		{
+			$mysecnum = intval( hesk_POST('mysecnum', 0) );
+
+			if ( empty($mysecnum) )
+			{
+				$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
+			}
+			else
+			{
+				require(HESK_PATH . 'inc/secimg.inc.php');
+				$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
+				if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) )
+				{
+					//$_SESSION['img_a_verified'] = true;
+				}
+				else
+				{
+					$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
+				}
+			}
+		}
+	}
+
+	// Connect to database and check for brute force attempts
+	hesk_load_database_functions();
+	hesk_dbConnect();
+	hesk_limitBfAttempts();
+
+	// Get email
+	$email = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+
+	// Any errors?
+	if (count($hesk_error_buffer)!=0)
+	{
+		$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
+
+		$tmp = '';
+		foreach ($hesk_error_buffer as $error)
+		{
+			$tmp .= "<li>$error</li>\n";
+		}
+		$hesk_error_buffer = $tmp;
+
+		$hesk_error_buffer = $hesklang['pcer'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+		hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
+	}
+	else
+	{
+		// Get user data from the database
+		$res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($email)."' LIMIT 1");
+		if (hesk_dbNumRows($res) != 1)
+		{
+			hesk_process_messages($hesklang['noace'],'NOREDIRECT');
+		}
+		else
+		{
+			$row = hesk_dbFetchAssoc($res);
+			$hash = sha1(microtime() . $_SERVER['REMOTE_ADDR'] . mt_rand() . $row['id'] . $row['name'] . $row['pass']);
+
+			// Insert the verification hash into the database
+			hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (`user`, `hash`, `ip`) VALUES (".intval($row['id']).", '{$hash}', '".hesk_dbEscape($_SERVER['REMOTE_ADDR'])."') ");
+
+			// Prepare and send email
+			require(HESK_PATH . 'inc/email_functions.inc.php');
+
+			// Get the email message
+			$msg = hesk_getEmailMessage('reset_password',array(),1,0,1);
+
+			// Replace message special tags
+			$msg = str_replace('%%NAME%%',				hesk_msgToPlain($row['name'],1,1),	$msg);
+			$msg = str_replace('%%SITE_URL%%',			$hesk_settings['site_url'],			$msg);
+			$msg = str_replace('%%SITE_TITLE%%',   		$hesk_settings['site_title'],		$msg);
+			$msg = str_replace('%%PASSWORD_RESET%%',	$hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash, $msg);
+
+			// Send email
+			hesk_mail($email, $hesklang['reset_password'], $msg);
+
+			// Show success
+			hesk_process_messages($hesklang['pemls'],'NOREDIRECT','SUCCESS');
+		}
+	}
+}
+// If the "h" parameter is set verify it and reset the password
+elseif ( isset($_GET['h']) )
+{
+	// Get the hash
+	$hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']);
+
+	// Connect to database
+	hesk_load_database_functions();
+	hesk_dbConnect();
+
+	// Expire verification hashes older than 2 hours
+	hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)");
+
+	// Verify the hash exists
+	$res = hesk_dbQuery("SELECT `user`, `ip` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `hash` = '{$hash}' LIMIT 1");
+	if (hesk_dbNumRows($res) != 1)
+	{
+		// Not a valid hash
+		hesk_limitBfAttempts();
+		hesk_process_messages($hesklang['ehash'],'NOREDIRECT');
+	}
+	else
+	{
+		// Get info from database
+		$row = hesk_dbFetchAssoc($res);
+
+		// Only allow resetting password from the same IP address that submitted password reset request
+		if ($row['ip'] != $_SERVER['REMOTE_ADDR'])
+		{
+			hesk_limitBfAttempts();
+			hesk_process_messages($hesklang['ehaip'],'NOREDIRECT');
+		}
+		else
+		{
+			// Expire all verification hashes for this user
+			hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user']));
+
+			// Get user details
+			$res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1");
+			$row = hesk_dbFetchAssoc($res);
+			foreach ($row as $k=>$v)
+			{
+				$_SESSION[$k]=$v;
+			}
+			unset($_SESSION['pass']);
+
+			// Clean brute force attempts
+			hesk_cleanBfAttempts();
+
+			// Regenerate session ID (security)
+			hesk_session_regenerate_id();
+
+			// Get allowed categories
+			if (empty($_SESSION['isadmin']))
+			{
+				$_SESSION['categories']=explode(',',$_SESSION['categories']);
+			}
+
+			// Redirect to the profile page
+			hesk_process_messages($hesklang['resim'],'profile.php','NOTICE');
+			exit();
+
+		} // End IP matches
+	}
+}
+
+// Tell header to load reCaptcha API if needed
+if ($hesk_settings['recaptcha_use'] == 2)
+{
+	define('RECAPTCHA',1);
+}
+
+$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['passr'];
+require_once(HESK_PATH . 'inc/header.inc.php');
+?>
+<ol class="breadcrumb">
+    <li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
+    <li><a href="index.php"><?php echo $hesklang['admin_login']; ?></a></li>
+    <li class="active"><?php echo $hesklang['passr']; ?></li>
+</ol>
+
+<div class="row">
+    <div class="col-md-10 col-md-offset-1">
+        <form action="password.php" method="post" name="form1" class="form-signin form-horizontal" role="form">
+            <?php
+            /* This will handle error, success and notice messages */
+            hesk_handle_messages();
+            ?>
+            <h2><span <?php echo $iconDisplay; ?>><span class="mega-octicon octicon-sign-in"></span>&nbsp;</span><?php echo $hesklang['passr']; ?></h2>
+            <div class="footerWithBorder blankSpace"></div>
+            <div class="form-group <?php echo in_array('email',$_SESSION['a_iserror']) ? 'has-error' : ''; ?>">
+                <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?></label>
+                <div class="col-sm-9">
+                    <input type="text" name="email" size="35" value="<?php if (isset($email)) {echo stripslashes(hesk_input($email));} ?>" class="form-control" placeholder="<?php echo $hesklang['email']; ?>">
+                </div>
+            </div>
+            <?php
+            if ($hesk_settings['secimg_use'])
+            {
+                ?>
+                <div class="form-group">
+                    <div class="col-sm-11 col-sm-offset-1">
+                        <?php
+                        // Should we use Recaptcha?
+                        if ($hesk_settings['recaptcha_use'] == 1)
+                        {
+                            ?>
+                            <script type="text/javascript">
+                                var RecaptchaOptions = {
+                                    theme : '<?php echo ( isset($_SESSION['a_iserror']) && in_array('mysecnum',$_SESSION['a_iserror']) ) ? 'red' : 'white'; ?>',
+                                    custom_translations : {
+                                        visual_challenge : "<?php echo hesk_slashJS($hesklang['visual_challenge']); ?>",
+                                        audio_challenge : "<?php echo hesk_slashJS($hesklang['audio_challenge']); ?>",
+                                        refresh_btn : "<?php echo hesk_slashJS($hesklang['refresh_btn']); ?>",
+                                        instructions_visual : "<?php echo hesk_slashJS($hesklang['instructions_visual']); ?>",
+                                        instructions_context : "<?php echo hesk_slashJS($hesklang['instructions_context']); ?>",
+                                        instructions_audio : "<?php echo hesk_slashJS($hesklang['instructions_audio']); ?>",
+                                        help_btn : "<?php echo hesk_slashJS($hesklang['help_btn']); ?>",
+                                        play_again : "<?php echo hesk_slashJS($hesklang['play_again']); ?>",
+                                        cant_hear_this : "<?php echo hesk_slashJS($hesklang['cant_hear_this']); ?>",
+                                        incorrect_try_again : "<?php echo hesk_slashJS($hesklang['incorrect_try_again']); ?>",
+                                        image_alt_text : "<?php echo hesk_slashJS($hesklang['image_alt_text']); ?>",
+                                    },
+                                };
+                            </script>
+                            <?php
+                            require_once(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
+                            echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
+                        }
+                        // Use reCaptcha API v2?
+                        elseif ($hesk_settings['recaptcha_use'] == 2)
+                        {
+                            ?>
+                            <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
+                        <?php
+                        }
+                        // At least use some basic PHP generated image (better than nothing)
+                        else
+                        {
+                            $cls = in_array('mysecnum',$_SESSION['a_iserror']) ? ' class="isError" ' : '';
+
+                            echo $hesklang['sec_enter'].'<br />&nbsp;<br /><img src="'.HESK_PATH.'print_sec_img.php?'.rand(10000,99999).'" width="150" height="40" alt="'.$hesklang['sec_img'].'" title="'.$hesklang['sec_img'].'" border="1" name="secimg" style="vertical-align:text-bottom" /> '.
+                                '<a href="javascript:void(0)" onclick="javascript:document.form1.secimg.src=\''.HESK_PATH.'print_sec_img.php?\'+ ( Math.floor((90000)*Math.random()) + 10000);"><img src="'.HESK_PATH.'img/reload.png" height="24" width="24" alt="'.$hesklang['reload'].'" title="'.$hesklang['reload'].'" border="0" style="vertical-align:text-bottom" /></a>'.
+                                '<br />&nbsp;<br /><input type="text" name="mysecnum" size="20" maxlength="5" '.$cls.' />';
+                        }
+                        ?>
+                    </div>
+                </div>
+            <?php
+            }
+            ?>
+            <div class="form-group">
+                <div class="col-sm-10 col-sm-offset-1">
+                    <input type="submit" value="<?php echo $hesklang['passs']; ?>" class="btn btn-default">
+                </div>
+            </div>
+        </form>
+    </div>
+</div>
+
+<?php
+// Clean session errors
+hesk_cleanSessionVars('a_iserror');
+hesk_cleanSessionVars('img_a_verified');
+
+// Print footer
+require_once(HESK_PATH . 'inc/footer.inc.php');
+?>
diff --git a/admin/profile.php b/admin/profile.php
index 21082c12..d8a09d16 100644
--- a/admin/profile.php
+++ b/admin/profile.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -39,6 +39,7 @@ define('HESK_PATH','../');
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/profile_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -167,178 +168,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
     ?>
 
         <form role="form" class="form-horizontal" method="post" action="profile.php" name="form1">
-            <h4><?php echo $hesklang['pinfo']; ?></h4>
-            <div class="footerWithBorder blankSpace"></div>
-            <!-- Contact info -->
-            <div class="form-group">
-                <label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>: <font class="important">*</font></label>
-                <div class="col-sm-9">
-                    <input class="form-control" type="text" name="name" size="30" maxlength="50" value="<?php echo $_SESSION['new']['name']; ?>" placeholder="<?php echo $hesklang['name']; ?>" />
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label> 
-                <div class="col-sm-9">
-                    <input type="text" class="form-control" name="email" size="30" maxlength="255" value="<?php echo $_SESSION['new']['email']; ?>" placeholder="<?php echo $hesklang['email']; ?>"/>    
-                </div>    
-            </div>
-            <?php
-            // Let admins change their username
-            if ($_SESSION['isadmin'])
-            {
-	        ?>
-	        <div class="form-group">
-	            <label for="user" class="col-sm-3 control-label"><?php echo $hesklang['username']; ?>: <font class="important">*</font></label>
-	            <div class="col-sm-9">
-                    <input type="text" class="form-control" name="user" size="30" maxlength="50" value="<?php echo $_SESSION['new']['user']; ?>" autocomplete="off" placeholder="<?php echo $hesklang['username']; ?>" />
-                </div>
-	        </div>
-            <?php
-            }
-            ?>
-            <div class="form-group">
-                <label for="newpass" class="col-sm-3 control-label"><?php echo $hesklang['new_pass']; ?>:</label>
-                <div class="col-sm-9">
-                    <input type="password" class="form-control" name="newpass" size="30" onkeyup="javascript:hesk_checkPassword(this.value)" autocomplete="off" placeholder="<?php echo $hesklang['new_pass']; ?>" />     
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="newpass2" class="col-sm-3 control-label"><?php echo $hesklang['confirm_pass']; ?>:</label>
-                <div class="col-sm-9">
-                    <input type="password" class="form-control" name="newpass2" size="30" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" />     
-                </div>     
-            </div>
-            <div class="form-group">
-                <label for="pwdStrength" class="col-sm-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
-                <div class="col-sm-9">
-                    <div style="border: 1px solid gray; width: 100px;">
-	                    <div id="progressBar"
-	                         style="font-size: 1px; height: 14px; width: 0px; border: 1px solid white;">
-	                    </div>
-	                </div>         
-                </div>     
-            </div>
-            <h4><?php echo $hesklang['sig']; ?></h4>
-            <div class="footerWithBorder blankSpace"></div>
-            <!-- Signature -->
-            <div class="form-group">
-                <label for="signature" class="col-sm-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
-                <div class="col-sm-9">
-                    <textarea class="form-control" name="signature" rows="6" cols="40" placholder="<?php echo $hesklang['sig']; ?>"><?php echo $_SESSION['new']['signature']; ?></textarea><br />
-	                <?php echo $hesklang['sign_extra']; ?>
-                </div>
-            </div>
-            <h4><?php echo $hesklang['pref']; ?></h4>
-            <?php
-            if ($can_reply_tickets)                
-            {
-            ?>
-            <div class="footerWithBorder blankSpace"></div>
-            <div class="form-group">
-                <label for="afterreply" class="col-sm-3 control-label"><?php echo $hesklang['aftrep']; ?>:</label>
-                <div class="col-sm-9">
-                    <div class="radio">
-                        <label><input type="radio" name="afterreply" value="0" <?php if (!$_SESSION['new']['afterreply']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['showtic']; ?></label>
-                    </div>
-                    <div class="radio">
-                        <label><input type="radio" name="afterreply" value="1" <?php if ($_SESSION['new']['afterreply'] == 1) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['gomain']; ?></label>
-                    </div>
-                    <div class="radio">    
-                        <label><input type="radio" name="afterreply" value="2" <?php if ($_SESSION['new']['afterreply'] == 2) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['shownext']; ?></label>
-                    </div>
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="autostart" class="col-sm-3 control-label"><?php echo $hesklang['ts']; ?>:</label>
-                <div class="col-sm-9">
-                    <div class="checkbox">
-                        <label><input type="checkbox" name="autostart" value="1" <?php if (!empty($_SESSION['new']['autostart'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['autoss']; ?></label>     
-                    </div>     
-                </div>     
-            </div>
-            <?php } ?>
-            <div class="form-group">
-                <label for="autoRefresh" class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
-                <div class="col-sm-9">
-                    <input type="text" class="form-control" id="autorefresh" name="autorefresh" value="<?php echo $_SESSION['new']['autorefresh']; ?>">
-                    <span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
-                </div>
-            </div>
-            <h4><?php echo $hesklang['notn']; ?></h4>
-            <h6><?php echo $hesklang['nomw']; ?></h6>
-            <div class="footerWithBorder blankSpace"></div>
-            <?php $disabledText = isset($_SESSION['new']['can_change_notification_settings']) && $_SESSION['new']['can_change_notification_settings'] ? '' : 'disabled';
-                if ($disabledText == 'disabled') { ?>
-                    <div class="alert alert-info"><?php echo $hesklang['notifications_disabled_info']; ?></div>
-               <?php }
-            ?>
-            <div class="form-group">
-                <?php
-                if ($can_view_tickets)
-                {
-                    if ($can_view_unassigned)
-                    {
-                        ?>
-                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_new_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
-                    <?php
-                        if ($disabledText == 'disabled')
-                        { ?>
-                            <input type="hidden" name="notify_new_unassigned" value="<?php echo !empty($_SESSION['new']['notify_new_unassigned']) ? '1' :  '0'; ?>">
-                        <?php }
-                    }
-                    else
-                    {
-                        ?>
-                        <input type="hidden" name="notify_new_unassigned" value="0" />
-                    <?php
-                    }
-                    ?>
-                    <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_my" value="1" <?php if (!empty($_SESSION['new']['notify_new_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
-                    <?php
-                    if ($disabledText == 'disabled')
-                    { ?>
-                        <input type="hidden" name="notify_new_my" value="<?php echo !empty($_SESSION['new']['notify_new_my']) ? '1' : '0'; ?>">
-                    <?php }
-
-                    if ($can_view_unassigned)
-                    {
-                    ?>
-                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_reply_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
-                    <?php
-                        if ($disabledText == 'disabled')
-                        { ?>
-                            <input type="hidden" name="notify_reply_unassigned" value="<?php echo !empty($_SESSION['new']['notify_reply_unassigned']) ? '1' : '0'; ?>">
-                        <?php }
-                    }
-                    else
-                    {
-                        ?>
-                        <input type="hidden" name="notify_reply_unassigned" value="0" />
-                    <?php
-                    }
-                        ?>
-                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_my" value="1" <?php if (!empty($_SESSION['new']['notify_reply_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
-                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_assigned" value="1" <?php if (!empty($_SESSION['new']['notify_assigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntam']; ?></label></div></div>
-                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note" value="1" <?php if (!empty($_SESSION['new']['notify_note'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntnote']; ?></label></div></div>
-                        <?php
-                        if ($disabledText == 'disabled')
-                        { ?>
-                            <input type="hidden" name="notify_reply_my" value="<?php echo !empty($_SESSION['new']['notify_reply_my']) ? '1' : '0'; ?>">
-                            <input type="hidden" name="notify_assigned" value="<?php echo !empty($_SESSION['new']['notify_assigned']) ? '1' : '0'; ?>">
-                            <input type="hidden" name="notify_note" value="<?php echo !empty($_SESSION['new']['notify_note']) ? '1' : '0'; ?>">
-                        <?php }
-
-                        if ($_SESSION['isadmin']) { ?>
-                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note_unassigned" value="1" <?php if (!empty($_SESSION['new']['notify_note_unassigned'])) {echo 'checked="checked"';}?>> <?php echo $hesklang['notify_note_unassigned']; ?></label></div> </div>
-                    <?php
-                    }
-                }
-
-                ?>
-            </div>
-            <input type="hidden" name="action" value="update" />
-            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" /> 
-	        <div style="text-align: center"><input type="submit" class="btn btn-default" value="<?php echo $hesklang['update_profile']; ?>" /></div>
+            <?php hesk_profile_tab('new'); ?>
         </form>
     </div>
 </div>
diff --git a/admin/reports.php b/admin/reports.php
index 917b4134..33da6eb6 100644
--- a/admin/reports.php
+++ b/admin/reports.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -221,6 +221,9 @@ if (isset($selected['type'][$type]))
 	$selected['type'][$type] = 'selected="selected"';
 }
 
+// Setup date SQL so we don't have to call functions several times
+$hesk_settings['dt_sql'] = " `dt` BETWEEN '" . hesk_dbEscape($date_from) . " 00:00:00' AND '" . hesk_dbEscape($date_to) . " 23:59:59' ";
+
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
@@ -371,24 +374,22 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             /* SQL query for category stats */
-            $res = hesk_dbQuery("
-            SELECT DISTINCT `t1`.`category`, `t2`.`num_tickets`, `t2`.`seconds_worked` AS `seconds_worked`, IFNULL(`t3`.`all_replies`,0) AS `all_replies`, IFNULL(`t4`.`staff_replies`,0) AS `staff_replies` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1`
-            LEFT JOIN (SELECT COUNT(*) AS `num_tickets`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`, `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1` WHERE DATE(`t1`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' " . ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" ) . " GROUP BY `category`) AS `t2` ON `t1`.`category`=`t2`.`category`
-            LEFT JOIN (SELECT COUNT(*) AS `all_replies`, `t1`.`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1`, `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` AS `t5` WHERE `t1`.`id`=`t5`.`replyto` AND DATE(`t5`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' " . ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" ) . " GROUP BY `t1`.`category`) AS `t3` ON `t1`.`category`=`t3`.`category`
-            LEFT JOIN (SELECT COUNT(*) AS `staff_replies`, `t1`.`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` AS `t1`, `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` AS `t5` WHERE `t1`.`id`=`t5`.`replyto` AND " . ( $can_run_reports_full ? "`t5`.`staffid` > 0" : "`t5`.`staffid` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`t5`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `t1`.`category`) AS `t4` ON `t1`.`category`=`t4`.`category`
-            WHERE DATE(`t1`.`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'" .
-            ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" )
-            );
+            $res = hesk_dbQuery("SELECT `category`, COUNT(*) AS `num_tickets`, ".($hesk_settings['time_worked'] ? "SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`," : '')." SUM(`replies`) AS `all_replies`, SUM(staffreplies) AS `staff_replies` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE {$hesk_settings['dt_sql']} " . ( $can_run_reports_full ? "" : " AND `t1`.`owner` = '" . intval($_SESSION['id']) . "'" ) . " GROUP BY `category`");
 
             /* Update ticket values */
             while ($row = hesk_dbFetchAssoc($res))
             {
+                if ( ! $hesk_settings['time_worked'])
+                {
+                    $row['seconds_worked'] = 0;
+                }
+
                 if (isset($cat[$row['category']]))
                 {
                     $tickets[$row['category']]['num_tickets'] += $row['num_tickets'];
                     $tickets[$row['category']]['all_replies'] += $row['all_replies'];
                     $tickets[$row['category']]['staff_replies'] += $row['staff_replies'];
-                    $tickets[$row['category']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
+                    $tickets[$row['category']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
                 }
                 else
                 {
@@ -414,7 +415,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             // Get number of resolved tickets
-            $res = hesk_dbQuery("SELECT COUNT(*) AS `num_tickets` , `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) " . ( $can_run_reports_full ? "" : " AND `owner` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `category`");
+            $res = hesk_dbQuery("SELECT COUNT(*) AS `num_tickets` , `category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) " . ( $can_run_reports_full ? "" : " AND `owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `category`");
 
             // Update number of open and resolved tickets
             while ($row = hesk_dbFetchAssoc($res))
@@ -433,10 +434,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             // Convert total seconds worked to HH:MM:SS
-            $totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
+            $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
             if ( isset($tickets[9999]) )
             {
-                $tickets[9999]['worked'] = hesk_SecondsToHHMMSS($tickets[9999]['worked']);
+                $tickets[9999]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($tickets[9999]['worked']) : 0;
             }
 
             ?>
@@ -445,10 +446,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <th><?php echo $hesklang['category']; ?></th>
                     <th><?php echo $hesklang['tickets']; ?></th>
                     <th><?php echo $hesklang['topen']; ?></th>
-                    <th><?php echo $hesklang['closed']; ?></th>
+                    <th><?php echo $hesklang['closed_title']; ?></th>
                     <th><?php echo $hesklang['replies'] . ' (' . $hesklang['all'] .')'; ?></th>
                     <th><?php echo $hesklang['replies'] . ' (' . $hesklang['staff'] .')'; ?></th>
-                    <th><?php echo $hesklang['ts']; ?></th>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<th>'.$hesklang['ts'].'</th>';
+                      }
+                      ?>
                   </tr>
 
             <?php
@@ -463,7 +469,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><b><?php echo $totals['resolved']; ?></b></td>
                     <td><b><?php echo $totals['all_replies']; ?></b></td>
                     <td><b><?php echo $totals['staff_replies']; ?></b></td>
-                    <td><b><?php echo $totals['worked']; ?></b></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td>'.$totals['worked'].'</td>';
+                      }
+                      ?>
                   </tr>
             <?php
             }
@@ -480,7 +491,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><?php echo $d['resolved']; ?></td>
                     <td><?php echo $d['all_replies']; ?></td>
                     <td><?php echo $d['staff_replies']; ?></td>
-                    <td><?php echo $d['worked']; ?></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td>'.$d['worked'].'</td>';
+                      }
+                      ?>
                   </tr>
                 <?php
             }
@@ -492,7 +508,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><b><?php echo $totals['resolved']; ?></b></td>
                     <td><b><?php echo $totals['all_replies']; ?></b></td>
                     <td><b><?php echo $totals['staff_replies']; ?></b></td>
-                    <td><b><?php echo $totals['worked']; ?></b></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td>'.$totals['worked'].'</td>';
+                      }
+                      ?>
                   </tr>
                 </table>
             <?php
@@ -514,7 +535,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             if ($_SESSION['isadmin'] || hesk_checkPermission('can_run_reports_full', 0) )
             {
                 // -> get list of users
-                $res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
+                $res = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
 
                 // -> populate $admins and $tickets arrays
                 while ($row=hesk_dbFetchAssoc($res))
@@ -531,19 +552,24 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 }
 
                 // -> get list of tickets
-                $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `owner`");
+                $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND {$hesk_settings['dt_sql']} GROUP BY `owner`");
 
                 // -> update ticket list values
                 while ($row = hesk_dbFetchAssoc($res))
                 {
+                    if ( ! $hesk_settings['time_worked'])
+                    {
+                        $row['seconds_worked'] = 0;
+                    }
+
                     $tickets[$row['owner']]['asstickets'] += $row['cnt'];
                     $totals['asstickets'] += $row['cnt'];
-                    $tickets[$row['owner']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
+                    $tickets[$row['owner']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
                     $totals['worked'] += $row['seconds_worked'];
                 }
 
                 // -> get list of resolved tickets
-                $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `owner`");
+                $res = hesk_dbQuery("SELECT `owner`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` IN ('" . implode("','", array_keys($admins) ) . "') AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']} GROUP BY `owner`");
 
                 // -> update resolved ticket list values
                 while ($row = hesk_dbFetchAssoc($res))
@@ -553,7 +579,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 }
 
                 // -> get number of replies
-                $res = hesk_dbQuery("SELECT `staffid`, COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `staffid`");
+                $res = hesk_dbQuery("SELECT `staffid`, COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` IN ('" . implode("','", array_keys($admins) ) . "') AND {$hesk_settings['dt_sql']} GROUP BY `staffid`");
 
                 // -> update number of replies values
                 while ($row = hesk_dbFetchAssoc($res))
@@ -571,17 +597,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 $admins[$_SESSION['id']] = $_SESSION['name'];
 
                 // -> get list of tickets
-                $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'");
+                $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}");
                 $row = hesk_dbFetchAssoc($res);
 
                 // -> update ticket values
                 $tickets[$_SESSION['id']]['asstickets'] = $row['cnt'];
                 $totals['asstickets'] = $row['cnt'];
-                $tickets[$_SESSION['id']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
+                $tickets[$_SESSION['id']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
                 $totals['worked'] += $row['seconds_worked'];
 
                 // -> get list of resolved tickets
-                $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND `status`='3' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'");
+                $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `owner` = '" . intval($_SESSION['id']) . "' AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']}");
                 $row = hesk_dbFetchAssoc($res);
 
                 // -> update resolved ticket values
@@ -589,7 +615,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 $totals['resolved'] = $row['cnt'];
 
                 // -> get number of replies
-                $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` = '" . intval($_SESSION['id']) . "' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "'");
+                $res = hesk_dbQuery("SELECT COUNT(*) AS `cnt`, COUNT(DISTINCT `replyto`) AS `tcnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `staffid` = '" . intval($_SESSION['id']) . "' AND {$hesk_settings['dt_sql']}");
                 $row = hesk_dbFetchAssoc($res);
 
                 $tickets[$_SESSION['id']]['tickets'] = $row['tcnt'];
@@ -601,7 +627,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             // Convert total seconds worked to HH:MM:SS
-            $totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
+            $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
 
             ?>
                 <table class="table table-striped table-condensed">
@@ -609,10 +635,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <th><?php echo $hesklang['user']; ?></th>
                     <th><?php echo $hesklang['ticass']; ?></th>
                     <th><?php echo $hesklang['topen']; ?></th>
-                    <th><?php echo $hesklang['closed']; ?></th>
+                    <th><?php echo $hesklang['closed_title']; ?></th>
                     <th><?php echo $hesklang['ticall']; ?></th>
                     <th><?php echo $hesklang['replies']; ?></th>
-                    <th><?php echo $hesklang['ts']; ?></th>
+                      <?php
+                      	if ($hesk_settings['time_worked'])
+                      	{
+                      		echo '<th>'.$hesklang['ts'].'</th>';
+                        }
+                      ?>
                   </tr>
 
             <?php
@@ -627,7 +658,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><b><?php echo $totals['resolved']; ?></b></td>
                     <td><b><?php echo $totals['tickets']; ?></b></td>
                     <td><b><?php echo $totals['replies']; ?></b></td>
-                    <td><b><?php echo $totals['worked']; ?></b></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td><b>'.$totals['worked'].'</b></td>';
+                      }
+                      ?>
                   </tr>
             <?php
             }
@@ -643,7 +679,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><?php echo $d['resolved']; ?></td>
                     <td><?php echo $d['tickets']; ?></td>
                     <td><?php echo $d['replies']; ?></td>
-                    <td><?php echo $d['worked']; ?></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td>'.$d['worked'].'</td>';
+                      }
+                      ?>
                   </tr>
                 <?php
             }
@@ -655,7 +696,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><b><?php echo $totals['resolved']; ?></b></td>
                     <td><b><?php echo $totals['tickets']; ?></b></td>
                     <td><b><?php echo $totals['replies']; ?></b></td>
-                    <td><b><?php echo $totals['worked']; ?></b></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td><b>'.$totals['worked'].'</b></td>';
+                      }
+                      ?>
                   </tr>
                 </table>
             <?php
@@ -681,20 +727,25 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             // SQL query for all
-            $res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `myyear`,`mymonth`");
+            $res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `myyear`,`mymonth`");
 
             // Update ticket values
             while ($row = hesk_dbFetchAssoc($res))
             {
+                if ( ! $hesk_settings['time_worked'])
+                {
+                    $row['seconds_worked'] = 0;
+                }
+
                 $row['mymonth'] = sprintf('%02d',$row['mymonth']);
                 $tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['all'] += $row['cnt'];
-                $tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
+                $tickets[$row['myyear'].'-'.$row['mymonth'].'-01']['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
                 $totals['all'] += $row['cnt'];
                 $totals['worked'] += $row['seconds_worked'];
             }
 
             // SQL query for resolved
-            $res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` = '3' AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `myyear`,`mymonth`");
+            $res = hesk_dbQuery("SELECT YEAR(`dt`) AS `myyear`, MONTH(`dt`) AS `mymonth`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']} GROUP BY `myyear`,`mymonth`");
 
             // Update ticket values
             while ($row = hesk_dbFetchAssoc($res))
@@ -705,7 +756,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             // Convert total seconds worked to HH:MM:SS
-            $totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
+            $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
 
             ?>
                 <table class="table table-striped table-condensed">
@@ -713,8 +764,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <th><?php echo $hesklang['month']; ?></th>
                     <th><?php echo $hesklang['atik']; ?></th>
                     <th><?php echo $hesklang['topen']; ?></th>
-                    <th><?php echo $hesklang['closed']; ?></th>
-                    <th><?php echo $hesklang['ts']; ?></th>
+                    <th><?php echo $hesklang['closed_title']; ?></th>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<th>'.$hesklang['ts'].'</th>';
+                      }
+                      ?>
                   </tr>
 
             <?php
@@ -727,7 +783,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <th><b><?php echo $totals['all']; ?></b></th>
                     <th><b><?php echo $totals['all']-$totals['resolved']; ?></b></th>
                     <th><b><?php echo $totals['resolved']; ?></b></th>
-                    <th><b><?php echo $totals['worked']; ?></b></th>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<th><b>'.$totals['worked'].'</b></th>';
+                      }
+                      ?>
                   </tr>
             <?php
             }
@@ -741,7 +802,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><?php echo $d['all']; ?></td>
                     <td><?php echo $d['all']-$d['resolved']; ?></td>
                     <td><?php echo $d['resolved']; ?></td>
-                    <td><?php echo $d['worked']; ?></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td>'.$d['worked'].'</td>';
+                      }
+                      ?>
                   </tr>
                 <?php
             }
@@ -751,7 +817,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><b><?php echo $totals['all']; ?></b></td>
                     <td><b><?php echo $totals['all']-$totals['resolved']; ?></b></td>
                     <td><b><?php echo $totals['resolved']; ?></b></td>
-                    <td><b><?php echo $totals['worked']; ?></b></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td><b>'.$d['worked'].'</b></td>';
+                      }
+                      ?>
                   </tr>
                 </table>
 
@@ -778,19 +849,24 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             // SQL query for all
-            $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt`, SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `mydt`");
+            $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt`".($hesk_settings['time_worked'] ? ", SUM( TIME_TO_SEC(`time_worked`) ) AS `seconds_worked`" : '')." FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND {$hesk_settings['dt_sql']} GROUP BY `mydt`");
 
             // Update ticket values
             while ($row = hesk_dbFetchAssoc($res))
             {
+                if ( ! $hesk_settings['time_worked'])
+                {
+                	$row['seconds_worked'] = 0;
+                }
+
                 $tickets[$row['mydt']]['all'] += $row['cnt'];
-                $tickets[$row['mydt']]['worked'] = hesk_SecondsToHHMMSS($row['seconds_worked']);
+                $tickets[$row['mydt']]['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($row['seconds_worked']) : 0;
                 $totals['all'] += $row['cnt'];
                 $totals['worked'] += $row['seconds_worked'];
             }
 
             // SQL query for resolved
-            $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `mydt`");
+            $res = hesk_dbQuery("SELECT DATE(`dt`) AS `mydt`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE " . ( $can_run_reports_full ? '1' : "`owner` = '" . intval($_SESSION['id']) . "'" ) . " AND `status` IN (SELECT `ID` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE `IsClosed` = 1) AND {$hesk_settings['dt_sql']} GROUP BY `mydt`");
 
             // Update ticket values
             while ($row = hesk_dbFetchAssoc($res))
@@ -800,7 +876,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             }
 
             // Convert total seconds worked to HH:MM:SS
-            $totals['worked'] = hesk_SecondsToHHMMSS($totals['worked']);
+            $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
 
             ?>
                 <table class="table table-striped table-condensed">
@@ -808,8 +884,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <th><?php echo $hesklang['date']; ?></th>
                     <th><?php echo $hesklang['atik']; ?></th>
                     <th><?php echo $hesklang['topen']; ?></th>
-                    <th><?php echo $hesklang['closed']; ?></th>
-                    <th><?php echo $hesklang['ts']; ?></th>
+                    <th><?php echo $hesklang['closed_title']; ?></th>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<th>'.$hesklang['ts'].'</th>';
+                      }
+                      ?>
                   </tr>
 
             <?php
@@ -822,7 +903,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><b><?php echo $totals['all']; ?></b></td>
                     <td><b><?php echo $totals['all']-$totals['resolved']; ?></b></td>
                     <td><b><?php echo $totals['resolved']; ?></b></td>
-                    <td><b><?php echo $totals['worked']; ?></b></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td><b>'.$totals['worked'].'</b></td>';
+                      }
+                      ?>
                   </tr>
             <?php
             }
@@ -836,7 +922,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><?php echo $d['all']; ?></td>
                     <td><?php echo $d['all']-$d['resolved']; ?></td>
                     <td><?php echo $d['resolved']; ?></td>
-                    <td><?php echo $d['worked']; ?></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td>'.$d['worked'].'</td>';
+                      }
+                      ?>
                   </tr>
                 <?php
             }
@@ -846,7 +937,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td><b><?php echo $totals['all']; ?></b></td>
                     <td><b><?php echo $totals['all']-$totals['resolved']; ?></b></td>
                     <td><b><?php echo $totals['resolved']; ?></b></td>
-                    <td><b><?php echo $totals['worked']; ?></b></td>
+                      <?php
+                      if ($hesk_settings['time_worked'])
+                      {
+                          echo '<td>'.$totals['worked'].'</td>';
+                      }
+                      ?>
                   </tr>
                 </table>
             <?php
diff --git a/admin/service_messages.php b/admin/service_messages.php
new file mode 100644
index 00000000..40939492
--- /dev/null
+++ b/admin/service_messages.php
@@ -0,0 +1,653 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+/* Get all the required files and functions */
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+/* Check permissions for this feature */
+hesk_checkPermission('can_service_msg');
+
+// Define required constants
+define('LOAD_TABS',1);
+define('WYSIWYG',1);
+
+// What should we do?
+if ( $action = hesk_REQUEST('a') )
+{
+	if ($action == 'edit_sm') {edit_sm();}
+	elseif ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'service_messages.php', 'NOTICE');}
+	elseif ($action == 'new_sm') {new_sm();}
+	elseif ($action == 'save_sm') {save_sm();}
+	elseif ($action == 'order_sm') {order_sm();}
+	elseif ($action == 'remove_sm') {remove_sm();}
+}
+
+/* Print header */
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+/* Print main manage users page */
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+
+<div class="row" style="padding: 20px">
+    <ul class="nav nav-tabs" role="tablist">
+        <?php
+        // Show a link to banned_emails.php if user has permission to do so
+        if ( hesk_checkPermission('can_ban_emails',0) )
+        {
+            echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">'.$hesklang['banemail'].'</a>
+            </li>';
+        }
+        if ( hesk_checkPermission('can_ban_ips',0) )
+        {
+            echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banip'] . '" href="banned_ips.php">'.$hesklang['banip'].'</a>
+            </li>';
+        }
+        ?>
+        <li role="presentation" class="active">
+            <a href="#"><?php echo $hesklang['sm_title']; ?> <i class="fa fa-question-circle settingsquestionmark" onclick="javascript:alert('<?php echo hesk_makeJsString($hesklang['sm_intro']); ?>')"></i></a>
+        </li>
+    </ul>
+    <div class="tab-content summaryList tabPadding">
+        <script language="javascript" type="text/javascript"><!--
+            function confirm_delete()
+            {
+                if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {return true;}
+                else {return false;}
+            }
+            //-->
+        </script>
+        <div class="row">
+            <?php
+            /* This will handle error, success and notice messages */
+            hesk_handle_messages();
+
+            if ( isset($_SESSION['new_sm']) )
+            {
+                $_SESSION['new_sm'] = hesk_stripArray($_SESSION['new_sm']);
+            }
+
+            if ( isset($_SESSION['preview_sm']) )
+            {
+                hesk_service_message($_SESSION['new_sm']);
+            }
+
+            if ($hesk_settings['kb_wysiwyg'])
+            {
+                ?>
+                <script type="text/javascript">
+                    tinyMCE.init({
+                        mode : "exact",
+                        elements : "content",
+                        theme : "advanced",
+                        convert_urls : false,
+                        gecko_spellcheck: true,
+
+                        theme_advanced_buttons1 : "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
+                        theme_advanced_buttons2 : "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup,code",
+                        theme_advanced_buttons3 : "",
+
+                        theme_advanced_toolbar_location : "top",
+                        theme_advanced_toolbar_align : "left",
+                        theme_advanced_statusbar_location : "bottom",
+                        theme_advanced_resizing : true
+                    });
+                </script>
+            <?php
+            }
+            ?>
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <h4><?php echo $hesklang['ex_sm']; ?></h4>
+                </div>
+                <div class="panel-body">
+                    <?php
+
+                    // Get banned ips from database
+                    $res = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'service_messages` ORDER BY `order` ASC');
+                    $num = hesk_dbNumRows($res);
+
+                    if ($num < 1)
+                    {
+                        echo '<p>'.$hesklang['no_sm'].'</p>';
+                    }
+                    else
+                    {
+                        // List of staff
+                        if ( ! isset($admins) )
+                        {
+                            $admins = array();
+                            $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users`");
+                            while ($row=hesk_dbFetchAssoc($res2))
+                            {
+                                $admins[$row['id']]=$row['name'];
+                            }
+                        }
+
+                        ?>
+                        <table class="table table-hover">
+                            <thead>
+                                <tr>
+                                    <th><?php echo $hesklang['sm_mtitle']; ?></th>
+                                    <th><?php echo $hesklang['sm_author']; ?></th>
+                                    <th><?php echo $hesklang['sm_type']; ?></th>
+                                    <th>&nbsp;<?php echo $hesklang['opt']; ?>&nbsp;</th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                <?php
+                                $j = 1;
+                                $k = 1;
+
+                                while ($sm=hesk_dbFetchAssoc($res))
+                                {
+                                    $faIcon = "";
+                                    switch ($sm['style'])
+                                    {
+                                        case 1:
+                                            $sm_style = "alert alert-success";
+                                            $faIcon = "fa fa-check-circle";
+                                            break;
+                                        case 2:
+                                            $sm_style = "alert alert-info";
+                                            $faIcon = "fa fa-comment";
+                                            break;
+                                        case 3:
+                                            $sm_style = "alert alert-warning";
+                                            $faIcon = "fa fa-exclamation-triangle";
+                                            break;
+                                        case 4:
+                                            $sm_style = "alert alert-danger";
+                                            $faIcon = "fa fa-times-circle";
+                                            break;
+                                        default:
+                                            $sm_style = "none";
+                                    }
+
+                                    $type = $sm['type'] ? $hesklang['sm_draft']: $hesklang['sm_published'];
+
+                                    ?>
+                                    <tr>
+                                        <td>
+                                            <div class="<?php echo $sm_style; ?>">
+                                                <i class="<?php echo $faIcon; ?>"></i>
+                                                <b><?php echo $sm['title']; ?></b>
+                                            </div>
+                                        </td>
+                                        <td><?php echo (isset($admins[$sm['author']]) ? $admins[$sm['author']] : $hesklang['e_udel']); ?></td>
+                                        <td><?php echo $type; ?></td>
+                                        <td>
+                                            <?php
+                                            if ($num > 1)
+                                            {
+                                                if ($k == 1)
+                                                {
+                                                    ?>
+                                                    <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
+                                                    <a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
+                                                        <i class="fa fa-arrow-down" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
+                                                <?php
+                                                }
+                                                elseif ($k == $num)
+                                                {
+                                                    ?>
+                                                    <a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
+                                                        <i class="fa fa-arrow-up" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
+                                                    <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />
+                                                <?php
+                                                }
+                                                else
+                                                {
+                                                    ?>
+                                                    <a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
+                                                        <i class="fa fa-arrow-up" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_up']; ?>"></i></a>
+                                                    <a href="service_messages.php?a=order_sm&amp;id=<?php echo $sm['id']; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
+                                                        <i class="fa fa-arrow-down" style="font-size: 16px; color: green" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['move_dn']; ?>"></i></a>
+                                                <?php
+                                                }
+                                            }
+                                            ?>
+                                            <a href="service_messages.php?a=edit_sm&amp;id=<?php echo $sm['id']; ?>">
+                                                <i class="fa fa-pencil" style="font-size: 16px;color:orange" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['edit']; ?>"></i></a>
+                                            <a href="service_messages.php?a=remove_sm&amp;id=<?php echo $sm['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_sm']); ?>');">
+                                                <i class="fa fa-times" style="font-size: 16px;color:red" data-toggle="tooltip" data-placement="top" data-original-title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp;</td>
+                                    </tr>
+                                    <?php
+                                    $j++;
+                                    $k++;
+                                } // End while
+
+                                ?>
+                            </tbody>
+                        </table>
+                        <div align="center">
+                            <table border="0" cellspacing="1" cellpadding="3" class="white" width="100%">
+
+
+                            </table>
+                        </div>
+                    <?php
+                    }
+
+                    ?>
+                </div>
+            </div>
+
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <h4><a name="new_article"></a><?php echo $hesklang['new_sm']; ?></h4>
+                </div>
+                <div class="panel-body">
+                    <form action="service_messages.php" method="post" name="form1" role="form" class="form-horizontal">
+                        <div class="form-group">
+                            <label for="style" class="col-md-2 control-label"><?php echo $hesklang['sm_style']; ?></label>
+                            <div class="col-md-2">
+                                <div class="radio alert" style="box-shadow: none; padding: 5px; border-radius: 4px;">
+                                    <label>
+                                        <input type="radio" name="style" value="0"
+                                            <?php if (!isset($_SESSION['new_sm']['style']) || (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 0) ) {echo 'checked';} ?>>
+                                        <?php echo $hesklang['sm_none']; ?>
+                                    </label>
+                                </div>
+                            </div>
+                            <div class="col-md-2">
+                                <div class="radio alert alert-success" style="padding: 5px;">
+                                    <label style="margin-top: -5px">
+                                        <input type="radio" name="style" value="1"
+                                            <?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 1 ) {echo 'checked';} ?>>
+                                        <?php echo $hesklang['sm_success']; ?>
+                                    </label>
+                                </div>
+                            </div>
+                            <div class="col-md-2">
+                                <div class="radio alert alert-info" style="padding: 5px">
+                                    <label style="margin-top: -5px">
+                                        <input type="radio" name="style" value="2"
+                                            <?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 2) {echo 'checked';} ?>>
+                                        <?php echo $hesklang['sm_info']; ?>
+                                    </label>
+                                </div>
+                            </div>
+                            <div class="col-md-2">
+                                <div class="radio alert alert-warning" style="padding: 5px">
+                                    <label style="margin-top: -5px">
+                                        <input type="radio" name="style" value="3"
+                                            <?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 3) {echo 'checked';} ?>>
+                                        <?php echo $hesklang['sm_notice']; ?>
+                                    </label>
+                                </div>
+                            </div>
+                            <div class="col-md-2">
+                                <div class="radio alert alert-danger" style="padding: 5px">
+                                    <label style="margin-top: -5px">
+                                        <input type="radio" name="style" value="4"
+                                            <?php if (isset($_SESSION['new_sm']['style']) && $_SESSION['new_sm']['style'] == 4) {echo 'checked';} ?> >
+                                        <?php echo $hesklang['sm_error']; ?>
+                                    </label>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="type" class="col-md-2 control-label"><?php echo $hesklang['sm_type']; ?></label>
+                            <div class="col-md-2">
+                                <div class="radio" style="padding: 5px">
+                                    <label>
+                                        <input type="radio" name="type" value="0"
+                                            <?php if (!isset($_SESSION['new_sm']['type']) || (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 0) ) {echo 'checked';} ?> >
+                                        <?php echo $hesklang['sm_published']; ?>
+                                    </label>
+                                </div>
+                            </div>
+                            <div class="col-md-2">
+                                <div class="radio" style="padding: 5px">
+                                    <label>
+                                        <input type="radio" name="type" value="1"
+                                            <?php if (isset($_SESSION['new_sm']['type']) && $_SESSION['new_sm']['type'] == 1) {echo 'checked';} ?> >
+                                        <?php echo $hesklang['sm_draft']; ?>
+                                    </label>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="title" class="col-md-2 control-label"><?php echo $hesklang['sm_mtitle']; ?></label>
+                            <div class="col-md-10">
+                                <input class="form-control" placeholder="<?php echo $hesklang['sm_mtitle']; ?>"
+                                       type="text" name="title" size="70" maxlength="255"
+                                    <?php if (isset($_SESSION['new_sm']['title'])) {echo 'value="'.$_SESSION['new_sm']['title'].'"';} ?>>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="message" class="col-md-2 control-label"><?php echo $hesklang['sm_msg']; ?></label>
+                            <div class="col-md-10">
+                                <textarea placeholder="<?php echo $hesklang['sm_msg']; ?>" class="form-control" name="message" rows="25" cols="70" id="content">
+                                    <?php if (isset($_SESSION['new_sm']['message'])) {echo $_SESSION['new_sm']['message'];} ?>
+                                </textarea>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <?php echo isset($_SESSION['edit_sm']) ? '<input type="hidden" name="a" value="save_sm" /><input type="hidden" name="id" value="'.intval($_SESSION['new_sm']['id']).'" />' : '<input type="hidden" name="a" value="new_sm" />'; ?>
+                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                            <div class="col-md-10 col-md-offset-2">
+                                <div class="btn-group" role="group">
+                                    <input type="submit" name="sm_save" value="<?php echo $hesklang['sm_save']; ?>" class="btn btn-default">
+                                    <input type="submit" name="sm_preview" value="<?php echo $hesklang['sm_preview']; ?>" class="btn btn-default">
+                                </div>
+                            </div>
+                        </div>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+
+hesk_cleanSessionVars( array('new_sm', 'preview_sm', 'edit_sm') );
+
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+
+function save_sm()
+{
+	global $hesk_settings, $hesklang, $listBox;
+    global $hesk_error_buffer;
+
+	// A security check
+	# hesk_token_check('POST');
+
+    $hesk_error_buffer = array();
+
+	// Get service messageID
+	$id = intval( hesk_POST('id') ) or hesk_error($hesklang['sm_e_id']);
+
+	$style = intval( hesk_POST('style', 0) );
+	if ($style > 4 || $style < 0)
+	{
+    	$style = 0;
+	}
+
+    $type  = empty($_POST['type']) ? 0 : 1;
+    $title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
+	$message = hesk_getHTML( hesk_POST('message') );
+
+    // Any errors?
+    if (count($hesk_error_buffer))
+    {
+		$_SESSION['edit_sm'] = true;
+		$hesklang['new_sm'] = $hesklang['edit_sm'];
+
+		$_SESSION['new_sm'] = array(
+		'id' => $id,
+		'style' => $style,
+		'type' => $type,
+		'title' => $title,
+		'message' => hesk_input( hesk_POST('message') ),
+		);
+
+		$tmp = '';
+		foreach ($hesk_error_buffer as $error)
+		{
+			$tmp .= "<li>$error</li>\n";
+		}
+		$hesk_error_buffer = $tmp;
+
+    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+    	hesk_process_messages($hesk_error_buffer,'service_messages.php');
+    }
+
+	// Just preview the message?
+	if ( isset($_POST['sm_preview']) )
+	{
+    	$_SESSION['preview_sm'] = true;
+		$_SESSION['edit_sm'] = true;
+		$hesklang['new_sm'] = $hesklang['edit_sm'];
+
+		$_SESSION['new_sm'] = array(
+		'id' => $id,
+		'style' => $style,
+		'type' => $type,
+		'title' => $title,
+		'message' => $message,
+		);
+
+		header('Location: service_messages.php');
+		exit;
+	}
+
+	// Update the service message in the database
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET
+	`author` = '".intval($_SESSION['id'])."',
+	`title` = '".hesk_dbEscape($title)."',
+	`message` = '".hesk_dbEscape($message)."',
+	`style` = '{$style}',
+	`type` = '{$type}'
+	WHERE `id`={$id} LIMIT 1");
+
+    $_SESSION['smord'] = $id;
+    hesk_process_messages($hesklang['sm_mdf'],'service_messages.php','SUCCESS');
+
+} // End save_sm()
+
+
+function edit_sm()
+{
+	global $hesk_settings, $hesklang;
+
+	// Get service messageID
+	$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
+
+	// Get details from the database
+	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id} LIMIT 1");
+	if ( hesk_dbNumRows($res) != 1 )
+	{
+    	hesk_error($hesklang['sm_not_found']);
+	}
+	$sm = hesk_dbFetchAssoc($res);
+
+	$_SESSION['new_sm'] = $sm;
+	$_SESSION['edit_sm'] = true;
+
+	$hesklang['new_sm'] = $hesklang['edit_sm'];
+
+} // End edit_sm()
+
+
+function order_sm()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Get ID and move parameters
+	$id    = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
+	$move  = intval( hesk_GET('move') );
+    $_SESSION['smord'] = $id;
+
+	// Update article details
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=`order`+".intval($move)." WHERE `id`={$id} LIMIT 1");
+
+    // Update order of all service messages
+    update_sm_order();
+
+	// Finish
+	header('Location: service_messages.php');
+	exit();
+
+} // End order_sm()
+
+
+function update_sm_order()
+{
+	global $hesk_settings, $hesklang;
+
+	// Get list of current service messages
+	$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` ASC");
+
+	// Update database
+	$i = 10;
+	while ( $sm = hesk_dbFetchAssoc($res) )
+	{
+		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` SET `order`=".intval($i)." WHERE `id`='".intval($sm['id'])."' LIMIT 1");
+		$i += 10;
+	}
+
+	return true;
+
+} // END update_sm_order()
+
+
+function remove_sm()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Get ID
+	$id = intval( hesk_GET('id') ) or hesk_error($hesklang['sm_e_id']);
+
+	// Delete the service message
+    hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `id`={$id} LIMIT 1");
+
+	// Were we successful?
+    if ( hesk_dbAffectedRows() == 1 )
+	{
+		hesk_process_messages($hesklang['sm_deleted'],'./service_messages.php','SUCCESS');
+	}
+	else
+	{
+		hesk_process_messages($hesklang['sm_not_found'],'./service_messages.php');
+	}
+
+} // End remove_sm()
+
+
+function new_sm()
+{
+	global $hesk_settings, $hesklang, $listBox;
+    global $hesk_error_buffer;
+
+	// A security check
+	# hesk_token_check('POST');
+
+    $hesk_error_buffer = array();
+
+	$style = intval( hesk_POST('style', 0) );
+	if ($style > 4 || $style < 0)
+	{
+    	$style = 0;
+	}
+
+    $type  = empty($_POST['type']) ? 0 : 1;
+    $title = hesk_input( hesk_POST('title') ) or $hesk_error_buffer[] = $hesklang['sm_e_title'];
+	$message = hesk_getHTML( hesk_POST('message') );
+
+    // Any errors?
+    if (count($hesk_error_buffer))
+    {
+		$_SESSION['new_sm'] = array(
+		'style' => $style,
+		'type' => $type,
+		'title' => $title,
+		'message' => hesk_input( hesk_POST('message') ),
+		);
+
+		$tmp = '';
+		foreach ($hesk_error_buffer as $error)
+		{
+			$tmp .= "<li>$error</li>\n";
+		}
+		$hesk_error_buffer = $tmp;
+
+    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+    	hesk_process_messages($hesk_error_buffer,'service_messages.php');
+    }
+
+	// Just preview the message?
+	if ( isset($_POST['sm_preview']) )
+	{
+    	$_SESSION['preview_sm'] = true;
+
+		$_SESSION['new_sm'] = array(
+		'style' => $style,
+		'type' => $type,
+		'title' => $title,
+		'message' => $message,
+		);
+
+		header('Location: service_messages.php');
+		exit;
+	}
+
+	// Get the latest service message order
+	$res = hesk_dbQuery("SELECT `order` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` ORDER BY `order` DESC LIMIT 1");
+	$row = hesk_dbFetchRow($res);
+	$my_order = intval($row[0]) + 10;
+
+    // Insert service message into database
+	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` (`author`,`title`,`message`,`style`,`type`,`order`) VALUES (
+    '".intval($_SESSION['id'])."',
+    '".hesk_dbEscape($title)."',
+    '".hesk_dbEscape($message)."',
+    '{$style}',
+    '{$type}',
+    '{$my_order}'
+    )");
+
+    $_SESSION['smord'] = hesk_dbInsertID();
+    hesk_process_messages($hesklang['sm_added'],'service_messages.php','SUCCESS');
+
+} // End new_sm()
+
+?>
diff --git a/change_status.php b/change_status.php
index c3b480e6..c773c1d2 100644
--- a/change_status.php
+++ b/change_status.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -38,8 +38,11 @@ define('HESK_PATH','./');
 // Get all the required files and functions
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
-hesk_load_database_functions();
 
+// Are we in maintenance mode?
+hesk_check_maintenance();
+
+hesk_load_database_functions();
 hesk_session_start();
 
 // A security check
@@ -58,6 +61,12 @@ hesk_dbConnect();
 
 if ($status == 3) // Closed
 {
+    // Is customer closing tickets enabled?
+    if ( ! $hesk_settings['custclose'])
+    {
+        hesk_error($hesklang['attempt']);
+    }
+
     //-- They want to close the ticket, so get the status that is the default for client-side closes
     $statusRow = hesk_dbFetchAssoc(hesk_dbQuery('SELECT `ID` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'statuses` WHERE `IsClosedByClient` = 1'));
 
@@ -69,6 +78,9 @@ if ($status == 3) // Closed
     {
     	$locked = 1;
     }
+
+    // Mark that customer resolved the ticket
+    $closedby_sql = ' , `closedat`=NOW(), `closedby`=0 ';
 }
 elseif ($status == 2) // Opened
 {
@@ -83,6 +95,9 @@ elseif ($status == 2) // Opened
 
 	// We will ask the customer why is the ticket being reopened
 	$_SESSION['force_form_top'] = true;
+
+    // Ticket is not resolved
+    $closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
 }
 else
 {
@@ -96,7 +111,7 @@ hesk_dbConnect();
 hesk_verifyEmailMatch($trackingID);
 
 // Modify values in the database
-hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND `locked` != '1' LIMIT 1");
+hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `trackid`='".hesk_dbEscape($trackingID)."' AND `locked` != '1' LIMIT 1");
 
 // Did we modify anything*
 if (hesk_dbAffectedRows() != 1)
diff --git a/css/hesk_newStyle.php b/css/hesk_newStyle.php
index ac673961..aecade8e 100644
--- a/css/hesk_newStyle.php
+++ b/css/hesk_newStyle.php
@@ -123,6 +123,7 @@
 .settingsquestionmark {
     color: <?php echo $questionMarkColor; ?>;
     font-size: 14px;
+    cursor: pointer;
 }
 .h3questionmark {
     color: <?php echo $questionMarkColor; ?>;
@@ -363,3 +364,12 @@ div.setupButtons {
     cursor: text !important;
     background-color: #fff !important;
 }
+
+button.btn.dropdown-toggle {
+    height: 34px;
+}
+
+button.dropdown-submit {
+    background:none!important;
+    border:none;
+}
diff --git a/css/hesk_newStyleRTL.php b/css/hesk_newStyleRTL.php
index 3c699673..d5a0e365 100644
--- a/css/hesk_newStyleRTL.php
+++ b/css/hesk_newStyleRTL.php
@@ -123,6 +123,7 @@
 .settingsquestionmark {
     color: <?php echo $questionMarkColor; ?>;
     font-size: 14px;
+    cursor: pointer;
 }
 .settingsquestionmark:hover {
     text-decoration: underline;
@@ -356,4 +357,15 @@ div.setupButtons {
     margin-right: auto;
     margin-left: auto;
     width: 90%;
+}
+.white-readonly {
+    cursor: text !important;
+    background-color: #fff !important;
+}
+button.btn.dropdown-toggle {
+    height: 34px;
+}
+button.dropdown-submit {
+    background:none!important;
+    border:none;
 }
\ No newline at end of file
diff --git a/hesk_javascript.js b/hesk_javascript.js
new file mode 100644
index 00000000..facdd230
--- /dev/null
+++ b/hesk_javascript.js
@@ -0,0 +1,446 @@
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+function hesk_insertTag(tag) {
+var text_to_insert = '%%'+tag+'%%';
+hesk_insertAtCursor(document.form1.msg, text_to_insert);
+document.form1.message.focus();
+}
+
+function hesk_insertAtCursor(myField, myValue) {
+if (document.selection) {
+myField.focus();
+sel = document.selection.createRange();
+sel.text = myValue;
+}
+else if (myField.selectionStart || myField.selectionStart == '0') {
+var startPos = myField.selectionStart;
+var endPos = myField.selectionEnd;
+myField.value = myField.value.substring(0, startPos)
++ myValue
++ myField.value.substring(endPos, myField.value.length);
+} else {
+myField.value += myValue;
+}
+}
+
+function hesk_changeAll(myID) {
+  var d = document.form1;
+  var setTo = myID.checked ? true : false;
+
+  for (var i = 0; i < d.elements.length; i++)
+  {
+    if(d.elements[i].type == 'checkbox' && d.elements[i].name != 'checkall')
+    {
+     d.elements[i].checked = setTo;
+    }
+  }
+}
+
+function hesk_attach_disable(ids) {
+ for($i=0;$i<ids.length;$i++) {
+      if (ids[$i]=='c11'||ids[$i]=='c21'||ids[$i]=='c31'||ids[$i]=='c41'||ids[$i]=='c51') {
+            document.getElementById(ids[$i]).checked=false;
+      }
+      document.getElementById(ids[$i]).disabled=true;
+ }
+}
+
+function hesk_attach_enable(ids) {
+ for($i=0;$i<ids.length;$i++) {
+      document.getElementById(ids[$i]).disabled=false;
+ }
+}
+
+function hesk_attach_toggle(control,ids) {
+ if (document.getElementById(control).checked) {
+     hesk_attach_enable(ids);
+ } else {
+     hesk_attach_disable(ids);
+ }
+}
+
+function hesk_window(PAGE,HGT,WDT)
+{
+ var HeskWin = window.open(PAGE,"Hesk_window","height="+HGT+",width="+WDT+",menubar=0,location=0,toolbar=0,status=0,resizable=1,scrollbars=1");
+ HeskWin.focus();
+}
+
+function hesk_toggleLayerDisplay(nr) {
+        if (document.all)
+                document.all[nr].style.display = (document.all[nr].style.display == 'none') ? 'block' : 'none';
+        else if (document.getElementById)
+                document.getElementById(nr).style.display = (document.getElementById(nr).style.display == 'none') ? 'block' : 'none';
+}
+
+function hesk_confirmExecute(myText) {
+         if (confirm(myText))
+         {
+          return true;
+         }
+         return false;
+}
+
+function hesk_deleteIfSelected(myField,myText) {
+         if(document.getElementById(myField).checked)
+         {
+          return hesk_confirmExecute(myText);
+         }
+}
+
+function hesk_rate(url,element_id)
+{
+        if (url.length==0)
+        {
+                return false;
+        }
+
+        var element = document.getElementById(element_id);
+
+        xmlHttp=GetXmlHttpObject();
+        if (xmlHttp==null)
+        {
+                alert ("Your browser does not support AJAX!");
+                return;
+        }
+
+        xmlHttp.open("GET",url,true);
+
+        xmlHttp.onreadystatechange = function()
+        {
+         if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
+         {
+          element.innerHTML = xmlHttp.responseText;
+         }
+        }
+
+        xmlHttp.send(null);
+}
+
+function stateChanged()
+{
+        if (xmlHttp.readyState==4)
+        {
+                document.getElementById("rating").innerHTML=xmlHttp.responseText;
+        }
+}
+
+function GetXmlHttpObject()
+{
+        var xmlHttp=null;
+        try
+        {
+                // Firefox, Opera 8.0+, Safari
+                xmlHttp=new XMLHttpRequest();
+        }
+        catch (e)
+        {
+                // Internet Explorer
+                try
+                {
+                        xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
+                }
+                catch (e)
+                {
+                        xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
+                }
+        }
+        return xmlHttp;
+}
+
+var heskKBquery = '';
+var heskKBfailed = false;
+
+function hesk_suggestKB()
+{
+ var d = document.form1;
+ var s = d.subject.value;
+ var m = d.message.value;
+ var element = document.getElementById('kb_suggestions');
+
+ if (s != '' && m != '' && (heskKBquery != s + " " + m || heskKBfailed == true) )
+ {
+  element.style.display = 'block';
+  var params = "p=1&" + "q=" + encodeURIComponent( s + " " + m );
+  heskKBquery = s + " " + m;
+
+   xmlHttp=GetXmlHttpObject();
+   if (xmlHttp==null)
+   {
+     return;
+   }
+
+   xmlHttp.open('POST','suggest_articles.php',true);
+   xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+
+   xmlHttp.onreadystatechange = function()
+   {
+      if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
+      {
+       element.innerHTML = xmlHttp.responseText;
+       heskKBfailed = false;
+      }
+      else
+      {
+       heskKBfailed = true;
+      }
+   }
+
+   xmlHttp.send(params);
+ }
+
+ setTimeout('hesk_suggestKB();', 2000);
+
+}
+
+function hesk_suggestKBsearch(isAdmin)
+{
+ var d = document.searchform;
+ var s = d.search.value;
+ var element = document.getElementById('kb_suggestions');
+
+ if (isAdmin)
+ {
+  var path = 'admin_suggest_articles.php';
+ }
+ else
+ {
+  var path = 'suggest_articles.php';
+ }
+
+ if (s != '' && (heskKBquery != s || heskKBfailed == true) )
+ {
+  element.style.display = 'block';
+  var params = "q=" + encodeURIComponent( s );
+  heskKBquery = s;
+
+   xmlHttp=GetXmlHttpObject();
+   if (xmlHttp==null)
+   {
+     return;
+   }
+
+   xmlHttp.open('POST', path, true);
+   xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+
+   xmlHttp.onreadystatechange = function()
+   {
+      if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
+      {
+       element.innerHTML = unescape(xmlHttp.responseText);
+       heskKBfailed = false;
+      }
+      else
+      {
+       heskKBfailed = true;
+      }
+   }
+
+   xmlHttp.send(params);
+ }
+
+ setTimeout('hesk_suggestKBsearch('+isAdmin+');', 2000);
+}
+
+function hesk_suggestEmail(isAdmin)
+{
+ var email = document.form1.email.value;
+ var element = document.getElementById('email_suggestions');
+
+ if (isAdmin)
+ {
+  var path = '../suggest_email.php';
+ }
+ else
+ {
+  var path = 'suggest_email.php';
+ }
+
+ if (email != '')
+ {
+  var params = "e=" + encodeURIComponent( email );
+
+   xmlHttp=GetXmlHttpObject();
+   if (xmlHttp==null)
+   {
+     return;
+   }
+
+   xmlHttp.open('POST', path, true);
+   xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+
+   xmlHttp.onreadystatechange = function()
+   {
+      if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
+      {
+       element.innerHTML = unescape(xmlHttp.responseText);
+       element.style.display = 'block';
+      }
+   }
+
+   xmlHttp.send(params);
+ }
+}
+
+function hesk_btn(Elem, myClass)
+{
+        Elem.className = myClass;
+}
+
+function hesk_checkPassword(password)
+{
+
+    var numbers = "0123456789";
+    var lowercase = "abcdefghijklmnopqrstuvwxyz";
+    var uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    var punctuation = "!.@$L#*()%~<>{}[]";
+
+    var combinations = 0;
+
+    if (hesk_contains(password, numbers) > 0) {
+        combinations += 10;
+    }
+
+    if (hesk_contains(password, lowercase) > 0) {
+        combinations += 26;
+    }
+
+    if (hesk_contains(password, uppercase) > 0) {
+        combinations += 26;
+    }
+
+    if (hesk_contains(password, punctuation) > 0) {
+        combinations += punctuation.length;
+    }
+
+    var totalCombinations = Math.pow(combinations, password.length);
+    var timeInSeconds = (totalCombinations / 200) / 2;
+    var timeInDays = timeInSeconds / 86400
+    var lifetime = 3650;
+    var percentage = timeInDays / lifetime;
+
+    var friendlyPercentage = hesk_cap(Math.round(percentage * 100), 98);
+
+    if (friendlyPercentage < (password.length * 5)) {
+        friendlyPercentage += password.length * 5;
+    }
+
+    var friendlyPercentage = hesk_cap(friendlyPercentage, 98);
+
+    var progressBar = document.getElementById("progressBar");
+    progressBar.style.width = friendlyPercentage + "%";
+
+    if (percentage > 1) {
+        // strong password
+        progressBar.classList.remove('progress-bar-danger');
+        progressBar.classList.remove('progress-bar-warning');
+        progressBar.classList.add('progress-bar-success');
+        return;
+    }
+
+    if (percentage > 0.5) {
+        // reasonable password
+        progressBar.classList.remove('progress-bar-danger');
+        progressBar.classList.remove('progress-bar-success');
+        progressBar.classList.add('progress-bar-warning');
+        return;
+    }
+
+    if (percentage > 0.10 || percentage <= 0.10) {
+        // weak password
+        progressBar.classList.remove('progress-bar-warning');
+        progressBar.classList.remove('progress-bar-success');
+        progressBar.classList.add('progress-bar-danger');
+        return;
+    }
+
+}
+
+function hesk_cap(number, max) {
+    if (number > max) {
+        return max;
+    } else {
+        return number;
+    }
+}
+
+function hesk_contains(password, validChars) {
+
+    count = 0;
+
+    for (i = 0; i < password.length; i++) {
+        var char = password.charAt(i);
+        if (validChars.indexOf(char) > -1) {
+            count++;
+        }
+    }
+
+    return count;
+}
+
+function setCookie(name, value, expires, path, domain, secure)
+{
+	document.cookie= name + "=" + escape(value) +
+		((expires) ? "; expires=" + expires.toGMTString() : "") +
+		((path) ? "; path=" + path : "") +
+		((domain) ? "; domain=" + domain : "") +
+		((secure) ? "; secure" : "");
+}
+
+function getCookie(name)
+{
+	var dc = document.cookie;
+	var prefix = name + "=";
+	var begin = dc.indexOf("; " + prefix);
+	if (begin == -1) {
+		begin = dc.indexOf(prefix);
+		if (begin != 0) return null;
+	} else {
+		begin += 2;
+	}
+	var end = document.cookie.indexOf(";", begin);
+	if (end == -1) {
+		end = dc.length;
+	}
+	return unescape(dc.substring(begin + prefix.length, end));
+}
+
+function deleteCookie(name, path, domain)
+{
+	if (getCookie(name)) {
+		document.cookie = name + "=" +
+			((path) ? "; path=" + path : "") +
+			((domain) ? "; domain=" + domain : "") +
+			"; expires=Thu, 01-Jan-70 00:00:01 GMT";
+	}
+}
diff --git a/hesk_style_v25.css b/hesk_style.css
similarity index 97%
rename from hesk_style_v25.css
rename to hesk_style.css
index 4a13d368..56c11b6f 100644
--- a/hesk_style_v25.css
+++ b/hesk_style.css
@@ -14,7 +14,7 @@ table.enclosing {
 	color : #4a5571;
 	font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
 	font-size: 12px;
-	width: 770px;
+	width: 960px;
 }
 
 
@@ -216,7 +216,7 @@ fieldset {
 	background-color:white;
 	position:relative;
 	display:block;
-	padding: 0px 10px 10px 10px;
+	padding: 15px 10px 10px 10px;
 	margin:20px 0px 20px 0px;
 }
 
@@ -232,10 +232,8 @@ legend {
 	background-position: left top;
 	display:block;
 	width: auto;
-	padding:4px 5px;
-	margin:0px 0px 10px 0px;
+	padding:5px 5px;
 	position:relative;
-	top: -12px;
 	width:130px;	
 }
 
@@ -551,10 +549,25 @@ td.admin_critical {
 	font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
 	font-size: 11px;
 	border: 1px solid #ff66ff;
-	border-top: 2px dashed #ff66ff;
 	padding: 1px;
 }
 
+/* New styles in HESK version 2.6 */
+
+div.info {
+	border: 1px solid #9acfea; 
+	background: #d9edf7; 
+	color: #363636;
+	padding: 10px;
+	vertical-align: middle;
+}
+
+div.none {
+	color: #363636;
+	padding: 10px;
+	vertical-align: middle;
+}
+
 .isError {
 	color: black;
 	background-color: #fff9f7;
diff --git a/hesk_style_v25RTL.css b/hesk_style_RTL.css
similarity index 97%
rename from hesk_style_v25RTL.css
rename to hesk_style_RTL.css
index a22825b3..d866def8 100644
--- a/hesk_style_v25RTL.css
+++ b/hesk_style_RTL.css
@@ -14,7 +14,7 @@ table.enclosing {
 	color : #4a5571;
 	font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
 	font-size: 12px;
-	width: 770px;
+	width: 960px;
 }
 
 
@@ -216,7 +216,7 @@ fieldset {
 	background-color:white;
 	position:relative;
 	display:block;
-	padding: 0px 10px 10px 10px;
+	padding: 15px 10px 10px 10px;
 	margin:20px 0px 20px 0px;
 }
 
@@ -232,10 +232,8 @@ legend {
 	background-position: right top;
 	display:block;
 	width: auto;
-	padding:4px 5px;
-	margin:0px 0px 10px 0px;
+	padding:5px 5px;
 	position:relative;
-	top: -12px;
 	width:130px;	
 }
 
@@ -551,7 +549,6 @@ td.admin_critical {
 	font-family : Verdana, Geneva, Arial, Helvetica, sans-serif;
 	font-size: 11px;
 	border: 1px solid #ff66ff;
-	border-top: 2px dashed #ff66ff;
 	padding: 1px;
 }
 
@@ -691,6 +688,22 @@ td.admin_yellow {
 	padding: 1px;	
 }
 
+/* New styles in HESK version 2.6 */
+
+div.info {
+	border: 1px solid #9acfea; 
+	background: #d9edf7; 
+	color: #363636;
+	padding: 10px;
+	vertical-align: middle;
+}
+
+div.none {
+	color: #363636;
+	padding: 10px;
+	vertical-align: middle;
+}
+
 /* New styles in HESK version 2.5 */
 
 .kb_published {
diff --git a/inc/admin_functions.inc.php b/inc/admin_functions.inc.php
new file mode 100644
index 00000000..18c60720
--- /dev/null
+++ b/inc/admin_functions.inc.php
@@ -0,0 +1,738 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+/* Check if this is a valid include */
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+// Possible fields to be displayed in ticket list
+$hesk_settings['possible_ticket_list'] = array(
+'id' => $hesklang['id'],
+'trackid' => $hesklang['trackID'],
+'dt' => $hesklang['submitted'],
+'lastchange' => $hesklang['last_update'],
+'category' => $hesklang['category'],
+'name' => $hesklang['name'],
+'email' => $hesklang['email'],
+'subject' => $hesklang['subject'],
+'status' => $hesklang['status'],
+'owner' => $hesklang['owner'],
+'replies' => $hesklang['replies'],
+'staffreplies' => $hesklang['replies'] . ' (' . $hesklang['staff'] .')',
+'lastreplier' => $hesklang['last_replier'],
+'time_worked' => $hesklang['ts'],
+);
+
+// Also possible to display all custom fields
+for ($i=1;$i<=20;$i++)
+{
+	if ($hesk_settings['custom_fields']['custom'.$i]['use'])
+	{
+		$hesk_settings['possible_ticket_list']['custom'.$i] = $hesk_settings['custom_fields']['custom'.$i]['name'];
+	}
+}
+
+/*** FUNCTIONS ***/
+
+
+function hesk_show_column($column)
+{
+	global $hesk_settings;
+
+	return in_array($column, $hesk_settings['ticket_list']) ? true : false;
+
+} // END hesk_show_column()
+
+
+function hesk_getHHMMSS($in)
+{
+	$in = hesk_getTime($in);
+    return explode(':', $in);
+} // END hesk_getHHMMSS();
+
+
+function hesk_getTime($in)
+{
+	$in = trim($in);
+
+	/* If everything is OK this simple check should return true */
+    if ( preg_match('/^([0-9]{2,3}):([0-5][0-9]):([0-5][0-9])$/', $in) )
+    {
+    	return $in;
+    }
+
+	/* No joy, let's try to figure out the correct values to use... */
+    $h = 0;
+    $m = 0;
+    $s = 0;
+
+    /* How many parts do we have? */
+    $parts = substr_count($in, ':');
+
+    switch ($parts)
+    {
+    	/* Only two parts, let's assume minutes and seconds */
+		case 1:
+	        list($m, $s) = explode(':', $in);
+	        break;
+
+        /* Three parts, so explode to hours, minutes and seconds */
+        case 2:
+	        list($h, $m, $s) = explode(':', $in);
+	        break;
+
+        /* Something other was entered, let's assume just minutes */
+        default:
+	        $m = $in;
+    }
+
+	/* Make sure all inputs are integers */
+	$h = intval($h);
+    $m = intval($m);
+    $s = intval($s);
+
+	/* Convert seconds to minutes if 60 or more seconds */
+    if ($s > 59)
+    {
+    	$m = floor($s / 60) + $m;
+        $s = intval($s % 60);
+    }
+
+	/* Convert minutes to hours if 60 or more minutes */
+    if ($m > 59)
+    {
+    	$h = floor($m / 60) + $h;
+        $m = intval($m % 60);
+    }
+
+    /* MySQL accepts max time value of 838:59:59 */
+    if ($h > 838)
+    {
+    	return '838:59:59';
+    }    
+
+	/* That's it, let's send out formatted time string */
+    return str_pad($h, 2, "0", STR_PAD_LEFT) . ':' . str_pad($m, 2, "0", STR_PAD_LEFT) . ':' . str_pad($s, 2, "0", STR_PAD_LEFT);
+
+} // END hesk_getTime();
+
+
+function hesk_mergeTickets($merge_these, $merge_into)
+{
+	global $hesk_settings, $hesklang, $hesk_db_link;
+
+    /* Target ticket must not be in the "merge these" list */
+    if ( in_array($merge_into, $merge_these) )
+    {
+        $merge_these = array_diff($merge_these, array( $merge_into ) );
+    }
+
+    /* At least 1 ticket needs to be merged with target ticket */
+    if ( count($merge_these) < 1 )
+    {
+    	$_SESSION['error'] = $hesklang['merr1'];
+    	return false;
+    }
+
+    /* Make sure target ticket exists */
+	$res = hesk_dbQuery("SELECT `id`,`trackid`,`category` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($merge_into)."' LIMIT 1");
+	if (hesk_dbNumRows($res) != 1)
+	{
+    	$_SESSION['error'] = $hesklang['merr2'];
+		return false;
+	}
+	$ticket = hesk_dbFetchAssoc($res);
+
+	/* Make sure user has access to ticket category */
+	if ( ! hesk_okCategory($ticket['category'], 0) )
+	{
+    	$_SESSION['error'] = $hesklang['merr3'];
+		return false;
+	}
+
+    /* Set some variables for later */
+    $merge['attachments'] = '';
+	$merge['replies'] = array();
+    $merge['notes'] = array();
+    $sec_worked = 0;
+    $history = '';
+    $merged = '';
+
+	/* Get messages, replies, notes and attachments of tickets that will be merged */
+    foreach ($merge_these as $this_id)
+    {
+		/* Validate ID */
+    	if ( is_array($this_id) )
+        {
+        	continue;
+        }
+    	$this_id = intval($this_id) or hesk_error($hesklang['id_not_valid']);
+
+        /* Get required ticket information */
+        $res = hesk_dbQuery("SELECT `id`,`trackid`,`category`,`name`,`message`,`dt`,`time_worked`,`attachments` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($this_id)."' LIMIT 1");
+		if (hesk_dbNumRows($res) != 1)
+		{
+			continue;
+		}
+        $row = hesk_dbFetchAssoc($res);
+
+        /* Has this user access to the ticket category? */
+        if ( ! hesk_okCategory($row['category'], 0) )
+        {
+        	continue;
+        }
+
+        /* Insert ticket message as a new reply to target ticket */
+		hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($row['name'])."','".hesk_dbEscape($row['message'])."','".hesk_dbEscape($row['dt'])."','".hesk_dbEscape($row['attachments'])."')");
+
+		/* Update attachments  */
+		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` SET `ticket_id`='".hesk_dbEscape($ticket['trackid'])."' WHERE `ticket_id`='".hesk_dbEscape($row['trackid'])."'");
+
+        /* Get old ticket replies and insert them as new replies */
+        $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."' ORDER BY `id` ASC");
+        while ( $reply = hesk_dbFetchAssoc($res) )
+        {
+			hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`rating`,`read`) VALUES ('".intval($ticket['id'])."','".hesk_dbEscape($reply['name'])."','".hesk_dbEscape($reply['message'])."','".hesk_dbEscape($reply['dt'])."','".hesk_dbEscape($reply['attachments'])."','".intval($reply['staffid'])."','".intval($reply['rating'])."','".intval($reply['read'])."')");
+        }
+
+		/* Delete replies to the old ticket */
+		hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`='".intval($row['id'])."'");
+
+        /* Get old ticket notes and insert them as new notes */
+        $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."' ORDER BY `id` ASC");
+        while ( $note = hesk_dbFetchAssoc($res) )
+        {
+			hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`,`attachments`) VALUES ('".intval($ticket['id'])."','".intval($note['who'])."','".hesk_dbEscape($note['dt'])."','".hesk_dbEscape($note['message'])."','".hesk_dbEscape($note['attachments'])."')");
+        }
+
+		/* Delete replies to the old ticket */
+		hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` WHERE `ticket`='".intval($row['id'])."'");
+
+	    /* Delete old ticket */
+		hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `id`='".intval($row['id'])."'");
+
+		/* Log that ticket has been merged */
+		$history .= sprintf($hesklang['thist13'],hesk_date(),$row['trackid'],$_SESSION['name'].' ('.$_SESSION['user'].')');
+
+        /* Add old ticket ID to target ticket "merged" field */
+        $merged .= '#' . $row['trackid'];
+
+		/* Convert old ticket "time worked" to seconds and add to $sec_worked variable */
+		list ($hr, $min, $sec) = explode(':', $row['time_worked']);
+		$sec_worked += (((int)$hr) * 3600) + (((int)$min) * 60) + ((int)$sec);
+    }
+
+	/* Convert seconds to HHH:MM:SS */
+	$sec_worked = hesk_getTime('0:'.$sec_worked);
+
+	// Get number of replies
+	$total			= 0;
+	$staffreplies	= 0;
+
+	$res = hesk_dbQuery("SELECT COUNT(*) as `cnt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`=".intval($ticket['id'])." GROUP BY CASE WHEN `staffid` = 0 THEN 0 ELSE 1 END ASC");
+	while ( $row = hesk_dbFetchAssoc($res) )
+	{
+		$total += $row['cnt'];
+		$staffreplies += ($row['staffid'] ? $row['cnt'] : 0);
+	}
+
+	$replies_sql = " `replies`={$total}, `staffreplies`={$staffreplies} , ";
+
+	// Get first staff reply
+	if ($staffreplies)
+	{
+		$res = hesk_dbQuery("SELECT `dt`, `staffid` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` WHERE `replyto`=".intval($ticket['id'])." AND `staffid`>0 ORDER BY `dt` ASC LIMIT 1");
+		$reply = hesk_dbFetchAssoc($res);
+		$replies_sql = " `firstreply`='".hesk_dbEscape($reply['dt'])."', `firstreplyby`=".intval($reply['staffid'])." , ";
+	}
+
+    /* Update history (log) and merged IDs of target ticket */
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '".hesk_dbEscape($sec_worked)."'), `merged`=CONCAT(`merged`,'".hesk_dbEscape($merged . '#')."'), `history`=CONCAT(`history`,'".hesk_dbEscape($history)."') WHERE `id`='".intval($merge_into)."' LIMIT 1");
+
+    return true;
+
+} // END hesk_mergeTickets()
+
+
+function hesk_updateStaffDefaults()
+{
+	global $hesk_settings, $hesklang;
+
+	// Demo mode
+	if ( defined('HESK_DEMO') )
+	{
+		return true;
+	}
+	// Remove the part that forces saving as default - we don't need it every time
+    $default_list = str_replace('&def=1','',$_SERVER['QUERY_STRING']);
+
+    // Update database
+	$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `default_list`='".hesk_dbEscape($default_list)."' WHERE `id`='".intval($_SESSION['id'])."'");
+
+    // Update session values so the changes take effect immediately
+    $_SESSION['default_list'] = $default_list;
+
+    return true;
+    
+} // END hesk_updateStaffDefaults()
+
+
+function hesk_makeJsString($in)
+{
+	return addslashes(preg_replace("/\s+/",' ',$in));
+} // END hesk_makeJsString()
+
+
+function hesk_checkNewMail()
+{
+	global $hesk_settings, $hesklang;
+
+	$res = hesk_dbQuery("SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` WHERE `to`='".intval($_SESSION['id'])."' AND `read`='0' AND `deletedby`!='".intval($_SESSION['id'])."' ");
+	$num = hesk_dbResult($res,0,0);
+
+	return $num;
+} // END hesk_checkNewMail()
+
+
+function hesk_getCategoriesArray($kb = 0) {
+	global $hesk_settings, $hesklang, $hesk_db_link;
+
+	$categories = array();
+    if ($kb)
+    {
+    	$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_categories` ORDER BY `cat_order` ASC');
+    }
+    else
+    {
+		$result = hesk_dbQuery('SELECT `id`, `name` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC');
+    }
+
+	while ($row=hesk_dbFetchAssoc($result))
+	{
+		$categories[$row['id']] = $row['name'];
+	}
+
+    return $categories;
+} // END hesk_getCategoriesArray()
+
+
+function hesk_getHTML($in)
+{
+	global $hesk_settings, $hesklang;
+
+	$replace_from = array("\t","<?","?>","$","<%","%>");
+	$replace_to   = array("","&lt;?","?&gt;","\$","&lt;%","%&gt;");
+
+	$in = trim($in);
+	$in = str_replace($replace_from,$replace_to,$in);
+	$in = preg_replace('/\<script(.*)\>(.*)\<\/script\>/Uis',"<script$1></script>",$in);
+	$in = preg_replace('/\<\!\-\-(.*)\-\-\>/Uis',"<!-- comments have been removed -->",$in);
+
+	if (HESK_SLASH === true)
+	{
+		$in = addslashes($in);
+	}
+    $in = str_replace('\"','"',$in);
+
+	return $in;
+} // END hesk_getHTML()
+
+
+function hesk_autoLogin($noredirect=0)
+{
+	global $hesk_settings, $hesklang, $hesk_db_link;
+
+	if (!$hesk_settings['autologin'])
+    {
+    	return false;
+    }
+
+    $user = hesk_htmlspecialchars( hesk_COOKIE('hesk_username') );
+    $hash = hesk_htmlspecialchars( hesk_COOKIE('hesk_p') );
+    define('HESK_USER', $user);
+
+	if (empty($user) || empty($hash))
+    {
+    	return false;
+    }
+
+	/* Login cookies exist, now lets limit brute force attempts */
+	hesk_limitBfAttempts();
+
+	/* Check username */
+	$result = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
+	if (hesk_dbNumRows($result) != 1)
+	{
+        setcookie('hesk_username', '');
+        setcookie('hesk_p', '');
+        header('Location: index.php?a=login&notice=1');
+        exit();
+	}
+
+	$res=hesk_dbFetchAssoc($result);
+	foreach ($res as $k=>$v)
+	{
+	    $_SESSION[$k]=$v;
+	}
+
+	/* Check password */
+	if ($hash != hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']) )
+    {
+        setcookie('hesk_username', '');
+        setcookie('hesk_p', '');
+        header('Location: index.php?a=login&notice=1');
+        exit();
+	}
+
+    /* Check if default password */
+    if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
+    {
+    	hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
+    }
+
+	unset($_SESSION['pass']);
+
+	/* Login successful, clean brute force attempts */
+	hesk_cleanBfAttempts();
+
+	/* Regenerate session ID (security) */
+	hesk_session_regenerate_id();
+
+	/* Get allowed categories */
+	if (empty($_SESSION['isadmin']))
+	{
+	    $_SESSION['categories']=explode(',',$_SESSION['categories']);
+	}
+
+	/* Renew cookies */
+	setcookie('hesk_username', "$user", strtotime('+1 year'));
+	setcookie('hesk_p', "$hash", strtotime('+1 year'));
+
+    /* Close any old tickets here so Cron jobs aren't necessary */
+	if ($hesk_settings['autoclose'])
+    {
+    	$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
+    	$dt  = date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400);
+
+		// Notify customer of closed ticket?
+		if ($hesk_settings['notify_closed'])
+		{
+			// Get list of tickets
+			$result = hesk_dbQuery("SELECT * FROM `".$hesk_settings['db_pfix']."tickets` WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
+			if (hesk_dbNumRows($result) > 0)
+			{
+				global $ticket;
+
+				// Load required functions?
+				if ( ! function_exists('hesk_notifyCustomer') )
+				{
+					require(HESK_PATH . 'inc/email_functions.inc.php');
+				}
+
+				while ($ticket = hesk_dbFetchAssoc($result))
+				{
+					$ticket['dt'] = hesk_date($ticket['dt'], true);
+					$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
+					hesk_notifyCustomer('ticket_closed');
+				}
+			}
+		}
+
+		// Update ticket statuses and history in database
+		hesk_dbQuery("UPDATE `".$hesk_settings['db_pfix']."tickets` SET `status`='3', `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape($dt)."' ");
+    }
+
+	/* If session expired while a HESK page is open just continue using it, don't redirect */
+    if ($noredirect)
+    {
+    	return true;
+    }
+
+	/* Redirect to the destination page */
+	header('Location: ' . hesk_verifyGoto() );
+	exit();
+} // END hesk_autoLogin()
+
+
+function hesk_isLoggedIn()
+{
+	global $hesk_settings;
+
+	$referer = hesk_input($_SERVER['REQUEST_URI']);
+	$referer = str_replace('&amp;','&',$referer);
+
+    if (empty($_SESSION['id']))
+    {
+    	if ($hesk_settings['autologin'] && hesk_autoLogin(1) )
+        {
+			// Users online
+        	if ($hesk_settings['online'])
+            {
+            	require(HESK_PATH . 'inc/users_online.inc.php');
+                hesk_initOnline($_SESSION['id']);
+            }
+
+        	return true;
+        }
+
+        $url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
+        header('Location: '.$url);
+        exit();
+    }
+    else
+    {
+        hesk_session_regenerate_id();
+
+        // Need to update permissions?
+		if ( empty($_SESSION['isadmin']) )
+		{
+			$res = hesk_dbQuery("SELECT `isadmin`, `categories`, `heskprivileges` FROM `".$hesk_settings['db_pfix']."users` WHERE `id` = '".intval($_SESSION['id'])."' LIMIT 1");
+			if (hesk_dbNumRows($res) == 1)
+			{
+				$me = hesk_dbFetchAssoc($res);
+				foreach ($me as $k => $v)
+				{
+					$_SESSION[$k]=$v;
+				}
+
+				// Get allowed categories
+				if  (empty($_SESSION['isadmin']) )
+				{
+					$_SESSION['categories']=explode(',',$_SESSION['categories']);
+				}
+			}
+            else
+            {
+				hesk_session_stop();
+				$url = 'index.php?a=login&notice=1&goto='.urlencode($referer);
+				header('Location: '.$url);
+				exit();
+            }
+		}
+
+		// Users online
+		if ($hesk_settings['online'])
+		{
+			require(HESK_PATH . 'inc/users_online.inc.php');
+            hesk_initOnline($_SESSION['id']);
+		}
+
+        return true;
+    }
+
+} // END hesk_isLoggedIn()
+
+
+function hesk_verifyGoto()
+{
+	// Default redirect URL
+	$url_default = 'admin_main.php';
+
+	// If no "goto" parameter is set, redirect to the default page
+	if ( ! hesk_isREQUEST('goto') )
+	{
+		return $url_default;
+	}
+
+	// Get the "goto" parameter
+	$url = hesk_REQUEST('goto');
+
+	// Fix encoded "&"
+	$url = str_replace('&amp;', '&', $url);
+
+	// Parse the URL for verification
+	$url_parts = parse_url($url);
+
+	// The "path" part is required
+	if ( ! isset($url_parts['path']) )
+	{
+		return $url_default;
+	}
+
+	// Extract the file name from path
+	$url = basename($url_parts['path']);
+
+	// Allowed files for redirect
+	$OK_urls = array(
+		'admin_main.php' => '',
+		'admin_settings.php' => '',
+		'admin_settings_save.php' => 'admin_settings.php',
+		'admin_ticket.php' => '',
+		'archive.php' => '',
+		'assign_owner.php' => '',
+		'change_status.php' => '',
+		'edit_post.php' => '',
+		'export.php' => '',
+		'find_tickets.php' => '',
+		'generate_spam_question.php' => '',
+		'knowledgebase_private.php' => '',
+		'lock.php' => '',
+		'mail.php' => '',
+		'manage_canned.php' => '',
+		'manage_categories.php' => '',
+		'manage_knowledgebase.php' => '',
+		'manage_users.php' => '',
+		'new_ticket.php' => '',
+		'profile.php' => '',
+		'reports.php' => '',
+		'show_tickets.php' => '',
+	);
+
+	// URL must match one of the allowed ones
+	if ( ! isset($OK_urls[$url]) )
+	{
+		return $url_default;
+	}
+
+	// Modify redirect?
+	if ( strlen($OK_urls[$url]) )
+	{
+		$url = $OK_urls[$url];
+	}
+
+	// All OK, return the URL with query if set
+	return isset($url_parts['query']) ? $url.'?'.$url_parts['query'] : $url;
+
+} // END hesk_verifyGoto()
+
+
+function hesk_Pass2Hash($plaintext) {
+    $majorsalt  = '';
+    $len = strlen($plaintext);
+    for ($i=0;$i<$len;$i++)
+    {
+        $majorsalt .= sha1(substr($plaintext,$i,1));
+    }
+    $corehash = sha1($majorsalt);
+    return $corehash;
+} // END hesk_Pass2Hash()
+
+
+function hesk_formatDate($dt, $from_database=true)
+{
+    $dt=hesk_date($dt, $from_database);
+	$dt=str_replace(' ','<br />',$dt);
+    return $dt;
+} // End hesk_formatDate()
+
+
+function hesk_jsString($str)
+{
+	$str  = str_replace( array('\'','<br />') , array('\\\'','') ,$str);
+    $from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
+    $to   = array("\\r\\n' + \r\n'", "$1", "$1");
+    return preg_replace($from,$to,$str);
+} // END hesk_jsString()
+
+
+function hesk_myCategories($what='category')
+{
+    if ( ! empty($_SESSION['isadmin']) )
+    {
+        return '1';
+    }
+    else
+    {
+        return " `".hesk_dbEscape($what)."` IN ('" . implode("','", array_map('intval', $_SESSION['categories']) ) . "')";
+    }
+} // END hesk_myCategories()
+
+
+function hesk_okCategory($cat,$error=1,$user_isadmin=false,$user_cat=false)
+{
+	global $hesklang;
+
+	/* Checking for current user or someone else? */
+    if ($user_isadmin === false)
+    {
+		$user_isadmin = $_SESSION['isadmin'];
+    }
+
+    if ($user_cat === false)
+    {
+		$user_cat = $_SESSION['categories'];
+    }
+
+    /* Is admin? */
+    if ($user_isadmin)
+    {
+        return true;
+    }
+    /* Staff with access? */
+    elseif (in_array($cat,$user_cat))
+    {
+        return true;
+    }
+    /* No access */
+    else
+    {
+        if ($error)
+        {
+        	hesk_error($hesklang['not_authorized_tickets']);
+        }
+        else
+        {
+        	return false;
+        }
+    }
+
+} // END hesk_okCategory()
+
+
+function hesk_checkPermission($feature,$showerror=1) {
+	global $hesklang;
+
+    /* Admins have full access to all features */
+    if ($_SESSION['isadmin'])
+    {
+        return true;
+    }
+
+    /* Check other staff for permissions */
+    if (strpos($_SESSION['heskprivileges'], $feature) === false)
+    {
+    	if ($showerror)
+        {
+        	hesk_error($hesklang['no_permission'].'<p>&nbsp;</p><p align="center"><a href="index.php">'.$hesklang['click_login'].'</a>');
+        }
+        else
+        {
+        	return false;
+        }
+    }
+    else
+    {
+        return true;
+    }
+
+} // END hesk_checkPermission()
diff --git a/inc/common.inc.php b/inc/common.inc.php
index 1ba32f78..f0548935 100644
--- a/inc/common.inc.php
+++ b/inc/common.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -63,6 +63,66 @@ hesk_getLanguage();
 
 /*** FUNCTIONS ***/
 
+function hesk_service_message($sm)
+{
+    $faIcon = "";
+    switch ($sm['style'])
+    {
+        case 1:
+            $style = "alert alert-success";
+            $faIcon = "fa fa-check-circle";
+            break;
+        case 2:
+            $style = "alert alert-info";
+            $faIcon = "fa fa-comment";
+            break;
+        case 3:
+            $style = "alert alert-warning";
+            $faIcon = "fa fa-exclamation-triangle";
+            break;
+        case 4:
+            $style = "alert alert-danger";
+            $faIcon = "fa fa-times-circle";
+            break;
+        default:
+            $style = "none";
+    }
+
+    ?>
+    <div class="<?php echo $style; ?>">
+        <?php echo $style == 'none' ? '' : '<i class="'.$faIcon.'"></i> '; ?>
+        <b><?php echo $sm['title']; ?></b><?php echo $sm['message']; ?>
+    </div>
+    <br />
+<?php
+} // END hesk_service_message()
+
+
+function hesk_isBannedIP($ip)
+{
+    global $hesk_settings, $hesklang, $hesk_db_link;
+
+    $ip = ip2long($ip) or $ip = 0;
+
+    $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` WHERE {$ip} BETWEEN `ip_from` AND `ip_to` LIMIT 1");
+
+    return ( hesk_dbNumRows($res) == 1 ) ? hesk_dbResult($res) : false;
+
+} // END hesk_isBannedIP()
+
+
+function hesk_isBannedEmail($email)
+{
+    global $hesk_settings, $hesklang, $hesk_db_link;
+
+    $email = strtolower($email);
+
+    $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` WHERE `email` IN ('".hesk_dbEscape($email)."', '".hesk_dbEscape( substr($email, strrpos($email, "@") ) )."') LIMIT 1");
+
+    return ( hesk_dbNumRows($res) == 1 ) ? hesk_dbResult($res) : false;
+
+} // END hesk_isBannedEmail()
+
 
 function hesk_clean_utf8($in)
 {
@@ -127,6 +187,11 @@ function hesk_POST($in, $default = '')
 	return isset($_POST[$in]) && ! is_array($_POST[$in]) ? $_POST[$in] : $default;
 } // END hesk_POST()
 
+function hesk_POST_array($in, $default = array() )
+{
+    return isset($_POST[$in]) && is_array($_POST[$in]) ? $_POST[$in] : $default;
+} // END hesk_POST_array()
+
 
 function hesk_REQUEST($in, $default = false)
 {
@@ -559,7 +624,13 @@ function hesk_limitBfAttempts($showError=1)
 {
 	global $hesk_settings, $hesklang;
 
-	/* If this feature is disabled or already called, return false */
+    // Check if this IP is banned permanently
+    if ( hesk_isBannedIP($_SERVER['REMOTE_ADDR']) )
+    {
+        hesk_error($hesklang['baned_ip'], 0);
+    }
+
+    /* If this feature is disabled or already called, return false */
     if ( ! $hesk_settings['attempt_limit'] || defined('HESK_BF_LIMIT') )
     {
     	return false;
@@ -571,7 +642,7 @@ function hesk_limitBfAttempts($showError=1)
 	$ip = $_SERVER['REMOTE_ADDR'];
 
     /* Get number of failed attempts from the database */
-	$res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD( last_attempt, INTERVAL " . hesk_dbEscape($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW( ) THEN 1 ELSE 0 END) AS `banned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip)."' LIMIT 1");
+    $res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD(`last_attempt`, INTERVAL ".intval($hesk_settings['attempt_banmin'])." MINUTE ) > NOW() THEN 1 ELSE 0 END) AS `banned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip)."' LIMIT 1");
 
     /* Not in the database yet? Add first one and return false */
 	if (hesk_dbNumRows($res) != 1)
@@ -702,6 +773,9 @@ function hesk_process_messages($message,$redirect_to,$type='ERROR')
         case 'NOTICE':
         	$_SESSION['HESK_NOTICE'] = TRUE;
             break;
+        case 'INFO':
+            $_SESSION['HESK_INFO'] = TRUE;
+            break;
         default:
         	$_SESSION['HESK_ERROR'] = TRUE;
     }
@@ -741,6 +815,10 @@ function hesk_handle_messages()
 		{
 			hesk_show_notice($_SESSION['HESK_MESSAGE']);
 		}
+        elseif ( isset($_SESSION['HESK_INFO']) )
+        {
+            hesk_show_info($_SESSION['HESK_MESSAGE']);
+        }
 
 		hesk_cleanSessionVars('HESK_MESSAGE');
 	}
@@ -749,6 +827,7 @@ function hesk_handle_messages()
 	hesk_cleanSessionVars('HESK_ERROR');
 	hesk_cleanSessionVars('HESK_SUCCESS');
 	hesk_cleanSessionVars('HESK_NOTICE');
+    hesk_cleanSessionVars('HESK_INFO');
 
 	// Secondary message
 	if ( isset($_SESSION['HESK_2ND_NOTICE']) && isset($_SESSION['HESK_2ND_MESSAGE']) )
@@ -762,39 +841,54 @@ function hesk_handle_messages()
 } // END hesk_handle_messages()
 
 
-function hesk_show_error($message,$title='') {
+function hesk_show_error($message,$title='',$append_colon=true) {
 	global $hesk_settings, $hesklang;
     $title = $title ? $title : $hesklang['error'];
+    $title = $append_colon ? $title . ':' : $title;
 	?>
 	<div align="left" class="alert alert-danger">
-		<b><?php echo $title; ?>:</b> <?php echo $message; ?>
+		<b><?php echo $title; ?></b> <?php echo $message; ?>
 	</div>
 	<?php
 } // END hesk_show_error()
 
 
-function hesk_show_success($message,$title='') {
+function hesk_show_success($message,$title='',$append_colon=true) {
 	global $hesk_settings, $hesklang;
     $title = $title ? $title : $hesklang['success'];
+    $title = $append_colon ? $title . ':' : $title;
 	?>
 	<div align="left" class="alert alert-success">
-		<b><?php echo $title; ?>:</b> <?php echo $message; ?>
+		<b><?php echo $title; ?></b> <?php echo $message; ?>
 	</div>
 	<?php
 } // END hesk_show_success()
 
 
-function hesk_show_notice($message,$title='') {
+function hesk_show_notice($message,$title='',$append_colon=true) {
 	global $hesk_settings, $hesklang;
     $title = $title ? $title : $hesklang['note'];
+    $title = $append_colon ? $title . ':' : $title;
 	?>
 	<div class="alert alert-warning">
-		<b><?php echo $title; ?>:</b> <?php echo $message; ?>
+		<b><?php echo $title; ?></b> <?php echo $message; ?>
 	</div>
-    <br />
 	<?php
 } // END hesk_show_notice()
 
+function hesk_show_info($message,$title='',$append_colon=true)
+{
+    global $hesk_settings, $hesklang;
+    $title = $title ? $title : $hesklang['info'];
+    $title = $append_colon ? $title . ':' : $title;
+    ?>
+    <div class="info">
+        <img src="<?php echo HESK_PATH; ?>img/info.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" />
+        <b><?php echo $title; ?></b> <?php echo $message; ?>
+    </div>
+    <br />
+<?php
+} // END hesk_show_info()
 
 function hesk_token_echo($do_echo = 1)
 {
@@ -1080,7 +1174,7 @@ function hesk_returnLanguage()
 } // END hesk_returnLanguage()
 
 
-function hesk_date($dt='', $from_database=false)
+function hesk_date($dt='', $from_database=false, $is_str=true, $return_str=true)
 {
 	global $hesk_settings;
 
@@ -1088,7 +1182,7 @@ function hesk_date($dt='', $from_database=false)
     {
     	$dt = time();
     }
-    else
+    elseif ($is_str)
     {
     	$dt = strtotime($dt);
     }
@@ -1117,7 +1211,7 @@ function hesk_date($dt='', $from_database=false)
 	}
 
     // Return formatted date
-	return date($hesk_settings['timeformat'], $dt);
+    return $return_str ? date($hesk_settings['timeformat'], $dt) : $dt;
     
 } // End hesk_date()
 
@@ -1634,6 +1728,56 @@ function hesk_slashArray($a)
     return ($a);
 } // END hesk_slashArray()
 
+function hesk_check_kb_only($redirect = true)
+{
+    global $hesk_settings;
+
+    if ($hesk_settings['kb_enable'] != 2)
+    {
+        return false;
+    }
+    elseif ($redirect)
+    {
+        header('Location:knowledgebase.php');
+        exit;
+    }
+    else
+    {
+        return true;
+    }
+
+} // END hesk_check_kb_only()
+
+
+function hesk_check_maintenance($dodie = true)
+{
+    global $hesk_settings, $hesklang;
+
+    // No maintenance mode - return true
+    if ( ! $hesk_settings['maintenance_mode'] && ! is_dir(HESK_PATH . 'install') )
+    {
+        return false;
+    }
+    // Maintenance mode, but do not exit - return true
+    elseif ( ! $dodie)
+    {
+        return true;
+    }
+
+    // Maintenance mode - show notice and exit
+    require_once(HESK_PATH . 'inc/header.inc.php');
+    ?>
+
+    <div class="alert alert-warning" style="margin: 20px">
+        <i class="fa fa-exclamation-triangle"></i>
+        <b><?php echo $hesklang['mm1']; ?></b><br /><br />
+        <?php echo $hesklang['mm2']; ?><br /><br />
+        <?php echo $hesklang['mm3']; ?>
+    </div>
+    <?php
+    require_once(HESK_PATH . 'inc/footer.inc.php');
+    exit();
+} // END hesk_check_maintenance()
 
 function hesk_error($error,$showback=1) {
 global $hesk_settings, $hesklang;
@@ -1709,3 +1853,55 @@ function hesk_round_to_half($num)
     	return $half;
     }
 } // END hesk_round_to_half()
+
+function hesk_dateToString($dt, $returnName=1, $returnTime=0, $returnMonth=0, $from_database=false)
+{
+    global $hesk_settings, $hesklang;
+
+    $dt = strtotime($dt);
+
+    // Adjust MySQL time if different from PHP time
+    if ($from_database)
+    {
+        if ( ! defined('MYSQL_TIME_DIFF') )
+        {
+            define('MYSQL_TIME_DIFF', time()-hesk_dbTime() );
+        }
+
+        if (MYSQL_TIME_DIFF != 0)
+        {
+            $dt += MYSQL_TIME_DIFF;
+        }
+
+        // Add HESK set time difference
+        $dt += 3600*$hesk_settings['diff_hours'] + 60*$hesk_settings['diff_minutes'];
+
+        // Daylight saving?
+        if ($hesk_settings['daylight'] && date('I', $dt))
+        {
+            $dt += 3600;
+        }
+    }
+
+    list($y,$m,$n,$d,$G,$i,$s) = explode('-', date('Y-n-j-w-G-i-s', $dt) );
+
+    $m = $hesklang['m'.$m];
+    $d = $hesklang['d'.$d];
+
+    if ($returnName)
+    {
+        return "$d, $m $n, $y";
+    }
+
+    if ($returnTime)
+    {
+        return "$d, $m $n, $y $G:$i:$s";
+    }
+
+    if ($returnMonth)
+    {
+        return "$m $y";
+    }
+
+    return "$m $n, $y";
+} // End hesk_dateToString()
diff --git a/inc/email_functions.inc.php b/inc/email_functions.inc.php
index 9470d819..173934ca 100644
--- a/inc/email_functions.inc.php
+++ b/inc/email_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -244,6 +244,9 @@ function hesk_validEmails()
         // --> Verify email
         'verify_email' => $hesklang['verify_email'],
 
+        // --> Ticket closed
+        'ticket_closed' => $hesklang['ticket_closed'],
+
 
 		/*** Emails sent to STAFF ***/
 
@@ -265,6 +268,9 @@ function hesk_validEmails()
 		// --> New note by someone to a ticket assigned to you
 		'new_note' => $hesklang['new_note'],
 
+        // --> Staff password reset email
+        'reset_password' => $hesklang['reset_password'],
+
     );
 } // END hesk_validEmails()
 
@@ -585,6 +591,7 @@ function hesk_getEmailMessage($eml_file, $ticket, $is_admin=0, $is_ticket=1, $ju
     $msg = str_replace('%%EMAIL%%',		$ticket['email']			,$msg);
     $msg = str_replace('%%CREATED%%',	$ticket['dt']				,$msg);
     $msg = str_replace('%%UPDATED%%',	$ticket['lastchange']		,$msg);
+    $msg = str_replace('%%ID%%',		$ticket['id']				,$msg);
 
 	/* All custom fields */
 	foreach ($hesk_settings['custom_fields'] as $k=>$v)
diff --git a/inc/header.inc.php b/inc/header.inc.php
index 6f440217..baa5fe71 100644
--- a/inc/header.inc.php
+++ b/inc/header.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -37,15 +37,16 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
 require(HESK_PATH . 'modsForHesk_settings.inc.php');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title><?php echo (isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
 	<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>" />
     <meta name="viewport" content="width=device-width, user-scalable=no">
+    <meta name="theme-color" content="<?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>">
     <?php if ($modsForHesk_settings['rtl']) { ?>
     <link href="<?php echo HESK_PATH; ?>hesk_style_v25RTL.css" type="text/css" rel="stylesheet" />
     <?php } else { ?>
-	<link href="<?php echo HESK_PATH; ?>hesk_style_v25.css" type="text/css" rel="stylesheet" />
+	<link href="<?php echo HESK_PATH; ?>hesk_style.css" type="text/css" rel="stylesheet" />
     <?php } ?>
     <link href="<?php echo HESK_PATH; ?>css/datepicker.css" type="text/css" rel="stylesheet" />
 	<link href="<?php echo HESK_PATH; ?>css/bootstrap.css" type="text/css" rel="stylesheet" />
@@ -59,7 +60,7 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
     <link href="//netdna.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.css" rel="stylesheet">
     <link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/octicons.css" type="text/css">
 	<script src="<?php echo HESK_PATH; ?>js/jquery-1.10.2.min.js"></script>
-	<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript_v25.js"></script>
+	<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript.js"></script>
 	<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap.min.js"></script>
     <script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/modsForHesk-javascript.js"></script>
     <script language="JavaScript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap-datepicker.js"></script>
@@ -127,6 +128,12 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
 			$onload .= "ss();";
 		}
 	}
+
+    // Use ReCaptcha API v2?
+    if (defined('RECAPTCHA'))
+    {
+        echo '<script src="https://www.google.com/recaptcha/api.js?hl='.$hesklang['RECAPTCHA'].'" async defer></script>';
+    }
     ?>
 
 </head>
diff --git a/inc/headerAdmin.inc.php b/inc/headerAdmin.inc.php
index 1088af73..94fdb109 100644
--- a/inc/headerAdmin.inc.php
+++ b/inc/headerAdmin.inc.php
@@ -42,10 +42,11 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
 	<title><?php echo (isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
 	<meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>" />
     <meta name="viewport" content="width=device-width, user-scalable=no">
+    <meta name="theme-color" content="<?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>">
 	<?php if ($modsForHesk_settings['rtl']) { ?>
-    <link href="<?php echo HESK_PATH; ?>hesk_style_v25RTL.css" type="text/css" rel="stylesheet" />
+    <link href="<?php echo HESK_PATH; ?>hesk_style_RTL.css" type="text/css" rel="stylesheet" />
     <?php } else { ?>
-	<link href="<?php echo HESK_PATH; ?>hesk_style_v25.css" type="text/css" rel="stylesheet" />
+	<link href="<?php echo HESK_PATH; ?>hesk_style.css" type="text/css" rel="stylesheet" />
     <?php } ?>
     <link href="<?php echo HESK_PATH; ?>css/datepicker.css" type="text/css" rel="stylesheet" />
 	<link href="<?php echo HESK_PATH; ?>css/bootstrap.css" type="text/css" rel="stylesheet" />
@@ -59,7 +60,7 @@ require(HESK_PATH . 'modsForHesk_settings.inc.php');
     <link href="//netdna.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.css" rel="stylesheet">
     <link rel="stylesheet" href="<?php echo HESK_PATH; ?>css/octicons.css" type="text/css">
 	<script src="<?php echo HESK_PATH; ?>js/jquery-1.10.2.min.js"></script>
-	<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript_v25.js"></script>
+	<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>hesk_javascript.js"></script>
     <script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/modsForHesk-javascript.js"></script>
 	<script language="Javascript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap.min.js"></script>
     <script language="JavaScript" type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap-datepicker.js"></script>
diff --git a/inc/knowledgebase_functions.inc.php b/inc/knowledgebase_functions.inc.php
index 1796c358..87068dca 100644
--- a/inc/knowledgebase_functions.inc.php
+++ b/inc/knowledgebase_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -99,7 +99,7 @@ function hesk_kbTopArticles($how_many, $index = 1)
 
 	<?php
     /* Get list of articles from the database */
-    $res = hesk_dbQuery("SELECT `t1`.* FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
+    $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`views` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
 			LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
 			WHERE `t1`.`type`='0' AND `t2`.`type`='0'
 			ORDER BY `t1`.`sticky` DESC, `t1`.`views` DESC, `t1`.`art_order` ASC LIMIT ".intval($how_many));
@@ -116,7 +116,7 @@ function hesk_kbTopArticles($how_many, $index = 1)
 
 	<?php
     /* Get list of articles from the database */
-    $res = hesk_dbQuery("SELECT `t1`.* FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
+    $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`subject`,`t1`.`dt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t1`
 			LEFT JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t2` ON `t1`.`catid` = `t2`.`id`
 			WHERE `t1`.`type`='0' AND `t2`.`type`='0'
 			ORDER BY `t1`.`sticky` DESC, `t1`.`views` DESC, `t1`.`art_order` ASC LIMIT ".intval($how_many));
diff --git a/inc/print_tickets.inc.php b/inc/print_tickets.inc.php
index b6204a27..1605a249 100644
--- a/inc/print_tickets.inc.php
+++ b/inc/print_tickets.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -36,7 +36,42 @@
 if (!defined('IN_SCRIPT')) {die('Invalid attempt');} 
 
 // This SQL code will be used to retrieve results
-$sql_final = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
+$sql_final = "SELECT
+`id`,
+`trackid`,
+`name`,
+`email`,
+`category`,
+`priority`,
+`subject`,
+LEFT(`message`, 400) AS `message`,
+`dt`,
+`lastchange`,
+`firstreply`,
+`closedat`,
+`status`,
+`openedby`,
+`firstreplyby`,
+`closedby`,
+`replies`,
+`staffreplies`,
+`owner`,
+`time_worked`,
+`lastreplier`,
+`replierid`,
+`archive`,
+`locked`
+";
+
+foreach ($hesk_settings['custom_fields'] as $k=>$v)
+{
+    if ($v['use'])
+    {
+        $sql_final .= ", `".$k."`";
+    }
+}
+
+$sql_final.= " FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
 
 // This code will be used to count number of results
 $sql_count = "SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE ";
@@ -87,11 +122,15 @@ while ($row = $results->fetch_assoc())
 }
 $status = $possible_status;
 
-foreach ($status as $k => $v)
+// Process statuses unless overridden with "s_all" variable
+if ( ! hesk_GET('s_all') )
 {
-	if (empty($_GET['s'.$k]))
+    foreach ($status as $k => $v)
     {
-    	unset($status[$k]);
+        if (empty($_GET['s' . $k]))
+        {
+            unset($status[$k]);
+        }
     }
 }
 
diff --git a/inc/profile_functions.inc.php b/inc/profile_functions.inc.php
new file mode 100644
index 00000000..225fb204
--- /dev/null
+++ b/inc/profile_functions.inc.php
@@ -0,0 +1,382 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.0 beta 1 from 30th December 2014
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+/* Check if this is a valid include */
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+
+function hesk_profile_tab($session_array='new',$is_profile_page=true,$action='profile_page')
+{
+	global $hesk_settings, $hesklang, $can_reply_tickets, $can_view_tickets, $can_view_unassigned;
+	?>
+    <div role="tabpanel">
+
+        <!-- Nav tabs -->
+        <ul class="nav nav-tabs" role="tablist">
+            <li role="presentation" class="active"><a href="#profile-info" aria-controls="profile-info" role="tab" data-toggle="tab"><?php echo $hesklang['pinfo']; ?></a></li>
+            <?php
+            if (!$is_profile_page)
+            {
+            ?>
+                <li role="presentation"><a href="#permissions" aria-controls="permissions" role="tab" data-toggle="tab"><?php echo $hesklang['permissions']; ?></a></li>
+            <?php
+            }
+            ?>
+            <li role="presentation"><a href="#signature" aria-controls="signature" role="tab" data-toggle="tab"><?php echo $hesklang['sig']; ?></a></li>
+            <li role="presentation"><a href="#preferences" aria-controls="preferences" role="tab" data-toggle="tab"><?php echo $hesklang['pref']; ?></a></li>
+            <li role="presentation"><a href="#notifications" aria-controls="notifications" role="tab" data-toggle="tab"><?php echo $hesklang['notn']; ?></a></li>
+        </ul>
+
+        <!-- Tab panes -->
+        <div class="tab-content summaryList tabPadding">
+            <div role="tabpanel" class="tab-pane fade in active" id="profile-info">
+                <div class="form-group">
+                    <label for="name" class="col-md-3 control-label"><?php echo $hesklang['real_name']; ?>: <font class="important">*</font></label>
+                    <div class="col-md-9">
+                        <input type="text" class="form-control" name="name" size="40" maxlength="50" value="<?php echo $_SESSION[$session_array]['name']; ?>" placeholder="<?php echo $hesklang['real_name']; ?>" />
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label for="email" class="col-md-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
+                    <div class="col-md-9">
+                        <input type="text" class="form-control" name="email" size="40" maxlength="255" placeholder="<?php echo $hesklang['email']; ?>" value="<?php echo $_SESSION[$session_array]['email']; ?>" />
+                    </div>
+                </div>
+                <?php
+                if ( ! $is_profile_page || $_SESSION['isadmin']) {
+                    ?>
+                    <div class="form-group">
+                        <label for="user" class="col-md-3 control-label"><?php echo $hesklang['username']; ?>: <font
+                                class="important">*</font></label>
+                        <div class="col-md-9">
+                            <input type="text" class="form-control" name="user" size="40" maxlength="20"
+                                   value="<?php echo $_SESSION[$session_array]['user']; ?>"
+                                   placeholder="<?php echo $hesklang['username']; ?>"/>
+                        </div>
+                    </div>
+                <?php
+                }
+                $passwordRequiredSpan = $action == 'create_user' ? '' : 'display:none';
+                ?>
+                <div class="form-group">
+                    <label for="pass" class="col-md-3 control-label"><?php echo $is_profile_page ? $hesklang['new_pass'] : $hesklang['pass']; ?>: <span class="important" style="<?php echo $passwordRequiredSpan; ?>">*</span></label>
+                    <div class="col-md-9">
+                        <input type="password" class="form-control" name="newpass" autocomplete="off" size="40" placeholder="<?php echo $hesklang['pass']; ?>" value="<?php echo $_SESSION[$session_array]['cleanpass']; ?>" onkeyup="javascript:hesk_checkPassword(this.value)" />
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label for="confirmPass" class="col-md-3 control-label"><?php echo $hesklang['confirm_pass']; ?>: <span class="important" style="<?php echo $passwordRequiredSpan; ?>">*</span></label>
+                    <div class="col-md-9">
+                        <input type="password" name="newpass2" class="form-control" autocomplete="off" placeholder="<?php echo $hesklang['confirm_pass']; ?>" size="40" value="<?php echo $_SESSION[$session_array]['cleanpass']; ?>" />
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label for="pwStrength" class="col-md-3 control-label"><?php echo $hesklang['pwdst']; ?>:</label>
+                    <div class="col-md-9">
+                        <div class="progress">
+                            <div id="progressBar" class="progress-bar progress-bar-danger" role="progressbar" aria-valuemin="0" aria-valuemax="100" style="width: 0%">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <?php
+                if ( ! $is_profile_page && $hesk_settings['autoassign']) {
+                    ?>
+                    <div class="blankSpace"></div>
+                    <div class="form-group">
+                        <div class="col-md-9 col-md-offset-3">
+                            <?php
+                            if ($hesk_settings['autoassign']) {
+                                ?>
+                                <div class="checkbox">
+                                    <label><input type="checkbox" name="autoassign"
+                                                  value="Y" <?php if (!isset($_SESSION[$session_array]['autoassign']) || $_SESSION[$session_array]['autoassign'] == 1) {
+                                            echo 'checked="checked"';
+                                        } ?> /> <?php echo $hesklang['user_aa']; ?></label>
+                                </div>
+                            <?php }
+                            if ($_SESSION['can_manage_settings']) { ?>
+                                <div class="checkbox">
+                                    <label><input type="checkbox"
+                                                  name="manage_settings" <?php if (!isset($_SESSION[$session_array]['autoassign']) || $_SESSION[$session_array]['can_manage_settings'] == 1) {
+                                            echo 'checked="checked"';
+                                        } ?>> <?php echo $hesklang['can_man_settings']; ?>
+                                    </label>
+                                </div>
+                            <?php } ?>
+                        </div>
+                    </div>
+                <?php
+                }
+                ?>
+            </div>
+            <?php
+            if (!$is_profile_page) {
+                ?>
+                <div role="tabpanel" class="tab-pane fade" id="permissions">
+                    <div class="form-group">
+                        <label for="administrator" class="col-md-3 control-label"><?php echo $hesklang['administrator']; ?>: <font class="important">*</font></label>
+                        <div class="col-md-9">
+                            <?php
+                            /* Only administrators can create new administrator accounts */
+                            if ($_SESSION['isadmin'])
+                            {
+                                ?>
+                                <div class="radio"><label><input type="radio" name="isadmin" value="1" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if ($_SESSION[$session_array]['isadmin']) echo 'checked="checked"'; ?> /> <b><?php echo $hesklang['administrator'].'</b> '.$hesklang['admin_can']; ?></label></div>
+                                <div class="radio"><label><input type="radio" name="isadmin" value="0" onchange="Javascript:hesk_toggleLayerDisplay('options')" <?php if (!$_SESSION[$session_array]['isadmin']) echo 'checked="checked"'; ?> /> <b><?php echo $hesklang['astaff'].'</b> '.$hesklang['staff_can']; ?></label></div>
+                            <?php
+                            }
+                            else
+                            {
+                                echo '<b>'.$hesklang['astaff'].'</b> '.$hesklang['staff_can'];
+                            }
+                            ?>
+                        </div>
+                    </div>
+                    <div id="options" style="display: <?php echo ($_SESSION['isadmin'] && $_SESSION[$session_array]['isadmin']) ? 'none' : 'block'; ?>">
+                        <div class="form-group">
+                            <label for="categories" class="col-md-3 control-label"><?php echo $hesklang['allowed_cat']; ?>: <font class="important">*</font></label>
+                            <div class="col-md-9">
+                                <?php
+                                foreach ($hesk_settings['categories'] as $catid => $catname)
+                                {
+                                    echo '<div class="checkbox"><label><input type="checkbox" name="categories[]" value="' . $catid . '" ';
+                                    if ( in_array($catid,$_SESSION[$session_array]['categories']) )
+                                    {
+                                        echo ' checked="checked" ';
+                                    }
+                                    echo ' />' . $catname . '</label></div> ';
+                                }
+                                ?>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="permissions" class="col-md-3 control-label"><?php echo $hesklang['allow_feat']; ?>: <font class="important">*</font></label>
+                            <div class="col-md-9">
+                                <?php
+                                foreach ($hesk_settings['features'] as $k)
+                                {
+                                    echo '<div class="checkbox"><label><input type="checkbox" name="features[]" value="' . $k . '" ';
+                                    if (in_array($k,$_SESSION[$session_array]['features']))
+                                    {
+                                        echo ' checked="checked" ';
+                                    }
+                                    echo ' />' . $hesklang[$k] . '</label></div> ';
+                                }
+                                ?>
+                                <div class="checkbox">
+                                    <label><input type="checkbox" name="can_change_notification_settings" checked> <?php echo $hesklang['can_change_notification_settings']; ?> </label>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            <?php
+            }
+            ?>
+            <div role="tabpanel" class="tab-pane fade" id="signature">
+                <div class="form-group">
+                    <label for="signature" class="col-md-3 control-label"><?php echo $hesklang['signature_max']; ?>:</label>
+
+                    <div class="col-md-9">
+                        <textarea class="form-control" name="signature" rows="6" placeholder="<?php echo $hesklang['sig']; ?>" cols="40"><?php echo $_SESSION[$session_array]['signature']; ?></textarea>
+                        <?php echo $hesklang['sign_extra']; ?>
+                    </div>
+                </div>
+            </div>
+            <div role="tabpanel" class="tab-pane fade" id="preferences">
+                <?php
+                if ( ! $is_profile_page || $can_reply_tickets )
+                {
+                    ?>
+                    <div class="form-group">
+                        <label for="afterreply" class="col-sm-3 control-label"><?php echo $hesklang['aftrep']; ?>:</label>
+                        <div class="col-sm-9">
+                            <div class="radio">
+                                <label><input type="radio" name="afterreply" value="0" <?php if (!$_SESSION[$session_array]['afterreply']) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['showtic']; ?></label>
+                            </div>
+                            <div class="radio">
+                                <label><input type="radio" name="afterreply" value="1" <?php if ($_SESSION[$session_array]['afterreply'] == 1) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['gomain']; ?></label>
+                            </div>
+                            <div class="radio">
+                                <label><input type="radio" name="afterreply" value="2" <?php if ($_SESSION[$session_array]['afterreply'] == 2) {echo 'checked="checked"';} ?>/> <?php echo $hesklang['shownext']; ?></label>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label class="col-sm-3 control-label"><?php echo $hesklang['defaults']; ?>:</label>
+                        <div class="col-sm-9">
+                            <?php
+                            if ($hesk_settings['time_worked'])
+                            {
+                                ?>
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="autostart" value="1" <?php if (!empty($_SESSION[$session_array]['autostart'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['autoss']; ?></label>
+                            </div>
+                            <?php
+                            }
+                            ?>
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="notify_customer_new" value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pncn']; ?></label><br />
+                            </div>
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="notify_customer_reply" value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_reply'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pncr']; ?></label><br />
+                            </div>
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="show_suggested" value="1" <?php if (!empty($_SESSION[$session_array]['show_suggested'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['pssy']; ?></label><br />
+                            </div>
+                        </div>
+                    </div>
+                <?php }?>
+                <div class="form-group">
+                    <label for="autoRefresh" class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
+                    <div class="col-sm-9">
+                        <input type="text" class="form-control" id="autorefresh" name="autorefresh" value="<?php echo $_SESSION[$session_array]['autorefresh']; ?>">
+                        <span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
+                    </div>
+                </div>
+            </div>
+            <div role="tabpanel" class="tab-pane fade" id="notifications">
+                <?php $disabledText = isset($_SESSION[$session_array]['can_change_notification_settings']) && $_SESSION[$session_array]['can_change_notification_settings'] ? '' : 'disabled';
+                if (!$is_profile_page) {
+                    $disabledText = '';
+                }
+                if ($disabledText == 'disabled') { ?>
+                    <div class="alert alert-info"><?php echo $hesklang['notifications_disabled_info']; ?></div>
+                <?php }
+                ?>
+                <div class="form-group">
+                    <?php
+                    if (! $is_profile_page || $can_view_tickets)
+                    {
+                        if (! $is_profile_page || $can_view_unassigned)
+                        {
+                            ?>
+                            <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_new_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
+
+                            <?php
+                            if ($disabledText == 'disabled')
+                            { ?>
+                                <input type="hidden" name="notify_new_unassigned" value="<?php echo !empty($_SESSION[$session_array]['notify_new_unassigned']) ? '1' :  '0'; ?>">
+                            <?php }
+                        }
+                        else
+                        {
+                            ?>
+                            <input type="hidden" name="notify_new_unassigned" value="0" />
+                        <?php
+                        }
+                        ?>
+                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_new_my" value="1" <?php if (!empty($_SESSION[$session_array]['notify_new_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['nwts']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
+                        <?php
+                        if ($disabledText == 'disabled')
+                        { ?>
+                            <input type="hidden" name="notify_new_my" value="<?php echo !empty($_SESSION[$session_array]['notify_new_my']) ? '1' : '0'; ?>">
+                        <?php }
+
+                        if ( ! $is_profile_page || $can_view_unassigned)
+                        {
+                            ?>
+                            <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_reply_unassigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['unas']; ?></label></div></div>
+                            <?php
+                            if ($disabledText == 'disabled')
+                            { ?>
+                                <input type="hidden" name="notify_reply_unassigned" value="<?php echo !empty($_SESSION[$session_array]['notify_reply_unassigned']) ? '1' : '0'; ?>">
+                            <?php }
+                        }
+                        else
+                        {
+                            ?>
+                            <input type="hidden" name="notify_reply_unassigned" value="0" />
+                        <?php
+                        }
+                        ?>
+                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_reply_my" value="1" <?php if (!empty($_SESSION[$session_array]['notify_reply_my'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ncrt']; ?> <?php echo $hesklang['s_my']; ?></label></div></div>
+                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_assigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_assigned'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntam']; ?></label></div></div>
+                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note" value="1" <?php if (!empty($_SESSION[$session_array]['notify_note'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['ntnote']; ?></label></div></div>
+                        <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_pm" value="1" <?php if (!empty($_SESSION[$session_array]['notify_pm'])) {echo 'checked="checked"';} echo ' '.$disabledText ?> /> <?php echo $hesklang['npms']; ?></label></div></div>
+                        <?php
+                        if ($disabledText == 'disabled')
+                        { ?>
+                            <input type="hidden" name="notify_reply_my" value="<?php echo !empty($_SESSION[$session_array]['notify_reply_my']) ? '1' : '0'; ?>">
+                            <input type="hidden" name="notify_assigned" value="<?php echo !empty($_SESSION[$session_array]['notify_assigned']) ? '1' : '0'; ?>">
+                            <input type="hidden" name="notify_note" value="<?php echo !empty($_SESSION[$session_array]['notify_note']) ? '1' : '0'; ?>">
+                            <input type="hidden" name="notify_pm" value="<?php echo !empty($_SESSION[$session_array]['notify_pm']) ? '1' : '0'; ?>">
+                        <?php }
+
+                        if ($_SESSION['isadmin']) { ?>
+                            <div class="col-md-9 col-md-offset-3"><div class="checkbox"><label><input type="checkbox" name="notify_note_unassigned" value="1" <?php if (!empty($_SESSION[$session_array]['notify_note_unassigned'])) {echo 'checked="checked"';}?>> <?php echo $hesklang['notify_note_unassigned']; ?></label></div> </div>
+                        <?php
+                        }
+                    }
+
+                    ?>
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="col-md-9 col-md-offset-3">
+                    <?php
+                    if ($action == 'profile_page')
+                    { ?>
+                        <input type="submit" class="btn btn-default" value="<?php echo $hesklang['update_profile']; ?>" />
+                    <?php
+                    } elseif ($action == 'create_user')
+                    { ?>
+                        <input type="hidden" name="a" value="new" />
+                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                        <input type="submit" value="<?php echo $hesklang['create_user']; ?>" class="btn btn-default">
+                        <a href="manage_users.php?a=reset_form" class="btn btn-danger"><?php echo $hesklang['refi']; ?></a></p>
+                    <?php
+                    } elseif ($action == 'edit_user')
+                    { ?>
+                        <input type="hidden" name="a" value="save" />
+                        <input type="hidden" name="userid" value="<?php echo intval( hesk_GET('id') ); ?>" />
+                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                        <input class="btn btn-default" type="submit" value="<?php echo $hesklang['save_changes']; ?>" />
+                        <a class="btn btn-danger" href="manage_users.php"><?php echo $hesklang['dich']; ?></a>
+                    <?php
+                    }
+                    ?>
+                </div>
+            </div>
+        </div>
+    </div>
+
+	<script language="Javascript" type="text/javascript"><!--
+	hesk_checkPassword(document.form1.newpass.value);
+	//-->
+	</script>
+
+	<?php
+} // END hesk_profile_tab()
diff --git a/inc/show_admin_nav.inc.php b/inc/show_admin_nav.inc.php
index 69b1546f..7f9475c4 100644
--- a/inc/show_admin_nav.inc.php
+++ b/inc/show_admin_nav.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -37,7 +37,23 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
 
 $num_mail = hesk_checkNewMail();
 ?>
+<?php
+// Show a notice if we are in maintenance mode
+if ( hesk_check_maintenance(false) )
+{
+    echo '<div style="margin-bottom: -20px">';
+    hesk_show_notice($hesklang['mma2'], $hesklang['mma1'], false);
+    echo '</div>';
+}
 
+// Show a notice if we are in "Knowledgebase only" mode
+if ( hesk_check_kb_only(false) )
+{
+    echo '<div style="margin-bottom: -20px">';
+    hesk_show_notice($hesklang['kbo2'], $hesklang['kbo1'], false);
+    echo '</div>';
+}
+?>
 <div class="enclosing">
     <nav class="navbar navbar-default navbar-static-top" role="navigation">
 	    <div class="navbar-header">
@@ -52,14 +68,48 @@ $num_mail = hesk_checkNewMail();
 	    <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
         <ul class="nav navbar-nav">
           <li><a href="admin_main.php"><i class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?></a></li>
-          <?php if (hesk_checkPermission('can_man_users',0)){echo '<li><a href="manage_users.php"><i class="fa fa-users" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_users'].'</a></li>';}
-                if (hesk_checkPermission('can_man_cat',0))  {echo '<li><a href="manage_categories.php"><i class="fa fa-pie-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_cat'].'</a></li>';}
-                if (hesk_checkPermission('can_man_canned',0)) {echo '<li><a href="manage_canned.php"><i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'</a></li>';}
-                if (hesk_checkPermission('can_man_kb',0)) {echo '<li><a href="manage_knowledgebase.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';}
-                    else {echo '<li><a href="knowledgebase_private.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';}
-                if (hesk_checkPermission('can_run_reports',0)) {echo '<li><a href="reports.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';}
-                    elseif (hesk_checkPermission('can_export',0)) {echo '<li><a href="export.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';}
-                if (hesk_checkPermission('can_manage_settings',0)) {echo '<li><a href="admin_settings.php"><i class="fa fa-cog" '.$iconDisplay.'></i>&nbsp;'.$hesklang['settings'].'</a></li>';} ?>
+          <?php if (hesk_checkPermission('can_man_users',0)) {
+                    echo '<li><a href="manage_users.php"><i class="fa fa-users" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_users'].'</a></li>';
+                }
+                if (hesk_checkPermission('can_man_cat',0))  {
+                    echo '<li><a href="manage_categories.php"><i class="fa fa-pie-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_cat'].'</a></li>';
+                }
+                if (hesk_checkPermission('can_man_canned', 0) && hesk_checkPermission('can_man_ticket_tpl',0)) {
+                    echo '<li class="dropdown">
+                              <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">
+                                  <i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'<span class="caret"></span>
+                              </a>
+                              <ul class="dropdown-menu" role="menu">
+                                  <li><a href="manage_canned.php">'.$hesklang['can_man_canned'].'</a></li>
+                                  <li><a href="manage_ticket_templates.php">'.$hesklang['ticket_tpl_man'].'</a></li>
+                              </ul>
+                          </li>';
+                } elseif (hesk_checkPermission('can_man_canned',0)) {
+                    echo '<li><a href="manage_canned.php"><i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'</a></li>';
+                } elseif (hesk_checkPermission('can_man_ticket_tpl',0)) {
+                    echo '<li><a href="manage_ticket_templates.php"><i class="fa fa-file-text-o" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_can'].'</a></li>';
+                }
+                if (hesk_checkPermission('can_man_kb',0)) {
+                    echo '<li><a href="manage_knowledgebase.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';
+                } else {
+                    echo '<li><a href="knowledgebase_private.php"><i class="fa fa-book" '.$iconDisplay.'></i>&nbsp;'.$hesklang['menu_kb'].'</a></li>';
+                }
+                if (hesk_checkPermission('can_run_reports',0)) {
+                    echo '<li><a href="reports.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';
+                } elseif (hesk_checkPermission('can_export',0)) {
+                    echo '<li><a href="export.php"><i class="fa fa-line-chart" '.$iconDisplay.'></i>&nbsp;'.$hesklang['reports'].'</a></li>';
+                }
+                if (hesk_checkPermission('can_ban_emails',0)) {
+                    echo '<li><a href="banned_emails.php"><i class="fa fa-wrench" '.$iconDisplay.'></i>&nbsp;'.$hesklang['tools'].'</a> </li>';
+                } elseif (hesk_checkPermission('can_ban_ips',0)) {
+                    echo '<li><a href="banned_ips.php"><i class="fa fa-wrench" '.$iconDisplay.'></i>&nbsp;'.$hesklang['tools'].'</a> </li>';
+                } elseif (hesk_checkPermission('can_service_msg',0)) {
+                    echo '<li><a href="service_messages.php"><i class="fa fa-wrench" '.$iconDisplay.'></i>&nbsp;'.$hesklang['tools'].'</a> </li>';
+                }
+                if (hesk_checkPermission('can_manage_settings',0)) {
+                    echo '<li><a href="admin_settings.php"><i class="fa fa-cog" '.$iconDisplay.'></i>&nbsp;'.$hesklang['settings'].'</a></li>';
+                }
+          ?>
           <li><a href="profile.php"><i class="fa fa-user" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_profile']; ?></a></li>
           <li><a href="mail.php"><i class="fa fa-envelope-o" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['menu_msg']; ?>
               <?php if ($num_mail != 0)
diff --git a/inc/show_search_form.inc.php b/inc/show_search_form.inc.php
index 24c61c5d..0d551691 100644
--- a/inc/show_search_form.inc.php
+++ b/inc/show_search_form.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
  *  Title: Help Desk Software HESK
- *  Version: 2.5.5 from 5th August 2014
+ *  Version: 2.6.0 beta 1 from 30th December 2014
  *  Author: Klemen Stirn
  *  Website: http://www.hesk.com
  ********************************************************************************
@@ -60,6 +60,11 @@ if ( ! isset($what) )
     $what = 'trackid';
 }
 
+if ( ! isset($owner_input) )
+{
+	$owner_input = 0;
+}
+
 if ( ! isset($date_input) )
 {
     $date_input = '';
@@ -91,6 +96,17 @@ else
     }
 }
 
+/* List of staff */
+if ($can_view_ass_others && ! isset($admins) )
+{
+    $admins = array();
+    $res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
+    while ($row=hesk_dbFetchAssoc($res2))
+    {
+        $admins[$row['id']]=$row['name'];
+    }
+}
+
 $more = empty($_GET['more']) ? 0 : 1;
 $more2 = empty($_GET['more2']) ? 0 : 1;
 
@@ -145,10 +161,10 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                 </table>
 
                 <div id="topSubmit" style="display:<?php echo $more ? 'none' : 'block' ; ?>">
-                    &nbsp;<br />
-                    <input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
-                    <a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='1';"><?php echo $hesklang['mopt']; ?></a>
-                    <br />&nbsp;<br />
+                    <div class="btn-group">
+                        <input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
+                        <a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='1';"><?php echo $hesklang['mopt']; ?></a>
+                    </div>
                 </div>
 
                 <div id="divShow" style="display:<?php echo $more ? 'block' : 'none' ; ?>">
@@ -214,24 +230,54 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                             <td class="borderTop alignTop"><b><?php echo $hesklang['sort_by']; ?></b>: &nbsp; </td>
                             <td class="borderTop">
                                 <table border="0" cellpadding="0" cellspacing="0" width="100%">
-                                    <tr>
-                                        <td width="33%"><label><input type="radio" name="sort" value="priority"  <?php if ($sort == 'priority') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['priority']; ?></label></td>
-                                        <td width="33%"><label><input type="radio" name="sort" value="lastchange" <?php if ($sort == 'lastchange') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['last_update']; ?></label></td>
-                                        <td width="34%"><label><input type="radio" name="sort" value="name" <?php if ($sort == 'name') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['name']; ?></label></td>
-                                    </tr>
-                                    <tr>
-                                        <td width="33%"><label><input type="radio" name="sort" value="subject" <?php if ($sort == 'subject') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['subject']; ?></label></td>
-                                        <td width="33%"><label><input type="radio" name="sort" value="status" <?php if ($sort == 'status') {echo 'checked="checked"';} ?> /> <?php echo $hesklang['status']; ?></label></td>
-                                        <td width="34%">&nbsp;</td>
-                                    </tr>
+                                    <?php
+                                    array_unshift($hesk_settings['ticket_list'], 'priority');
+                                    $hesk_settings['possible_ticket_list']['priority'] = $hesklang['priority'];
+
+                                    $column = 1;
+
+                                    foreach ($hesk_settings['ticket_list'] as $key)
+                                    {
+                                        if ($column == 1)
+                                        {
+                                            echo '<tr><td width="34%">';
+                                        }
+                                        else
+                                        {
+                                            echo '<td width="33%">';
+                                        }
+
+                                        echo '<label><input type="radio" name="sort" value="'.$key.'" '.($sort == $key ? 'checked="checked"' : '').' /> '.$hesk_settings['possible_ticket_list'][$key].'</label></td>';
+
+                                        if ($column == 3)
+                                        {
+                                            echo '</tr>';
+                                            $column = 1;
+                                        }
+                                        else
+                                        {
+                                            $column++;
+                                        }
+                                    }
+
+                                    // End table if needed
+                                    if ($column == 3)
+                                    {
+                                        echo '<td width="33%">&nbsp;</td></tr>';
+                                    }
+                                    elseif ($column == 2)
+                                    {
+                                        echo '<td width="33%">&nbsp;</td><td width="33%">&nbsp;</td></tr>';
+                                    }
+                                    ?>
                                 </table>
 
                             </td>
                         </tr>
 
                         <tr>
-                            <td class="borderTop alignTop"><b><?php echo $hesklang['gb']; ?></b>: &nbsp; </td>
-                            <td class="borderTop">
+                            <td class="alignTop"><b><?php echo $hesklang['gb']; ?></b>: &nbsp; </td>
+                            <td>
                                 <table border="0" cellpadding="0" cellspacing="0" width="100%">
                                     <tr>
                                         <td width="33%"><label><input type="radio" name="g" value=""  <?php if ( ! $group) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['dg']; ?></label></td>
@@ -261,8 +307,8 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                         </tr>
 
                         <tr>
-                            <td class="borderTop alignMiddle"><b><?php echo $hesklang['category']; ?></b>: &nbsp; </td>
-                            <td class="borderTop alignMiddle">
+                            <td class="alignMiddle"><b><?php echo $hesklang['category']; ?></b>: &nbsp; </td>
+                            <td class="alignMiddle">
                                 <div class="col-md-4" style="padding-left: 0px"><select class="form-control" name="category">
                                         <option value="0" ><?php echo $hesklang['any_cat']; ?></option>
                                         <?php echo $category_options; ?>
@@ -271,20 +317,20 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                         </tr>
 
                         <tr>
-                            <td class="borderTop"><b><?php echo $hesklang['display']; ?></b>: &nbsp; </td>
-                            <td class="borderTop"><div class="col-md-2" style="padding-left: 0px; padding-right:0px"><input type="text" class="form-control" name="limit" value="<?php echo $maxresults; ?>" size="4" /></div><div class="col-md-3" style="line-height: 40px"><?php echo $hesklang['tickets_page']; ?></div></td>
+                            <td><b><?php echo $hesklang['display']; ?></b>: &nbsp; </td>
+                            <td><div class="col-md-2" style="padding-left: 0px; padding-right:0px"><input type="text" class="form-control" name="limit" value="<?php echo $maxresults; ?>" size="4" /></div><div class="col-md-3" style="line-height: 40px"><?php echo $hesklang['tickets_page']; ?></div></td>
                         </tr>
                         <tr>
-                            <td class="borderTop alignMiddle"><b><?php echo $hesklang['order']; ?></b>: &nbsp; </td>
-                            <td class="borderTop alignMiddle">
+                            <td class="alignMiddle"><b><?php echo $hesklang['order']; ?></b>: &nbsp; </td>
+                            <td class="alignMiddle">
                                 <label><input type="radio" name="asc" value="1" <?php if ($asc) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['ascending']; ?></label>
                                 |
                                 <label><input type="radio" name="asc" value="0" <?php if (!$asc) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['descending']; ?></label></td>
                         </tr>
 
                         <tr>
-                            <td class="borderTop alignTop"><b><?php echo $hesklang['opt']; ?></b>: &nbsp; </td>
-                            <td class="borderTop">
+                            <td class="alignTop"><b><?php echo $hesklang['opt']; ?></b>: &nbsp; </td>
+                            <td>
 
                                 <label><input type="checkbox" name="cot" value="1" <?php if ($cot) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['cot']; ?></label><br />
                                 <label><input type="checkbox" name="def" value="1" /> <?php echo $hesklang['def']; ?></label> (<a href="admin_main.php?reset=1&amp;token=<?php echo hesk_token_echo(0); ?>"><?php echo $hesklang['redv']; ?></a>)
@@ -293,9 +339,11 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
 
                     </table>
 
-                    <p><input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
-                        <input type="hidden" name="more" value="<?php echo $more ? 1 : 0 ; ?>" /><a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='0';"><?php echo $hesklang['lopt']; ?></a></p>
-
+                    <div class="btn-group">
+                        <input class="btn btn-default" type="submit" value="<?php echo $hesklang['show_tickets']; ?>" />
+                        <a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow');Javascript:hesk_toggleLayerDisplay('topSubmit');document.showt.more.value='0';"><?php echo $hesklang['lopt']; ?></a>
+                    </div>
+                    <input type="hidden" name="more" value="<?php echo $more ? 1 : 0 ; ?>" />
                 </div>
 
             </form>
@@ -323,26 +371,26 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
 
                         <table class="table" style="width: auto" border="0" cellpadding="3" cellspacing="0">
                             <tr>
-                                <td class="text-left" style="border-top: 0px">
+                                <td class="text-left" style="border-top: 0px;padding-right:0">
                                     <b style="color: #000"><?php echo $hesklang['s_for']; ?></b><br />
-                                    <input class="form-control" type="text" name="q" size="30" <?php if (isset($q)) {echo 'value="'.$q.'"';} ?> />
+                                    <input class="form-control" style="border-bottom-right-radius: 0;border-top-right-radius: 0; border-right: 0" type="text" name="q" size="30" <?php if (isset($q)) {echo 'value="'.$q.'"';} ?> />
                                 </td>
-                                <td class="text-left" style="border-top: 0px">
+                                <td class="text-left" style="border-top: 0px;padding-left:0">
                                     <b style="color: #000"><?php echo $hesklang['s_in']; ?></b><br />
-                                    <select class="form-control" name="what">
-                                        <option value="trackid" <?php if ($what=='trackid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['trackID']; ?></option>
+                                    <select class="form-control btn btn-default" name="what" style="border-bottom-left-radius: 0; border-top-left-radius: 0">
+                                        <option style="background: #ffffff" value="trackid" <?php if ($what=='trackid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['trackID']; ?></option>
                                         <?php
                                         if ($hesk_settings['sequential'])
                                         {
                                             ?>
-                                            <option value="seqid" <?php if ($what=='seqid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['seqid']; ?></option>
+                                            <option style="background: #ffffff" value="seqid" <?php if ($what=='seqid') {echo 'selected="selected"';} ?> ><?php echo $hesklang['seqid']; ?></option>
                                         <?php
                                         }
                                         ?>
-                                        <option value="name"    <?php if ($what=='name') {echo 'selected="selected"';} ?> ><?php echo $hesklang['name']; ?></option>
-                                        <option value="email"	<?php if ($what=='email') {echo 'selected="selected"';} ?> ><?php echo $hesklang['email']; ?></option>
-                                        <option value="subject" <?php if ($what=='subject') {echo 'selected="selected"';} ?> ><?php echo $hesklang['subject']; ?></option>
-                                        <option value="message" <?php if ($what=='message') {echo 'selected="selected"';} ?> ><?php echo $hesklang['message']; ?></option>
+                                        <option style="background: #ffffff" value="name"    <?php if ($what=='name') {echo 'selected="selected"';} ?> ><?php echo $hesklang['name']; ?></option>
+                                        <option style="background: #ffffff" value="email"	<?php if ($what=='email') {echo 'selected="selected"';} ?> ><?php echo $hesklang['email']; ?></option>
+                                        <option style="background: #ffffff" value="subject" <?php if ($what=='subject') {echo 'selected="selected"';} ?> ><?php echo $hesklang['subject']; ?></option>
+                                        <option style="background: #ffffff" value="message" <?php if ($what=='message') {echo 'selected="selected"';} ?> ><?php echo $hesklang['message']; ?></option>
                                         <?php
                                         foreach ($hesk_settings['custom_fields'] as $k=>$v)
                                         {
@@ -355,21 +403,21 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                                                 }
 
                                                 $v['name'] = (strlen($v['name']) > 30) ? substr($v['name'],0,30) . '...' : $v['name'];
-                                                echo '<option value="'.$k.'" '.$selected.'>'.$v['name'].'</option>';
+                                                echo '<option style="background: #ffffff" value="'.$k.'" '.$selected.'>'.$v['name'].'</option>';
                                             }
                                         }
                                         ?>
-                                        <option value="notes" <?php if ($what=='notes') {echo 'selected="selected"';} ?> ><?php echo $hesklang['notes']; ?></option>
+                                        <option style="background: #ffffff" value="notes" <?php if ($what=='notes') {echo 'selected="selected"';} ?> ><?php echo $hesklang['notes']; ?></option>
                                     </select>
                                 </td>
                             </tr>
                         </table>
 
                         <div id="topSubmit2" style="display:<?php echo $more2 ? 'none' : 'block' ; ?>">
-                            &nbsp;<br />
-                            <input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
-                            <a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='1';"><?php echo $hesklang['mopt']; ?></a>
-                            <br />&nbsp;<br />
+                            <div class="btn-group">
+                                <input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
+                                <a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='1';"><?php echo $hesklang['mopt']; ?></a>
+                            </div>
                         </div>
 
                         <div id="divShow2" style="display:<?php echo $more2 ? 'block' : 'none' ; ?>">
@@ -386,6 +434,27 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                                         </select>
                                     </td>
                                 </tr>
+                                <?php
+                                if ($can_view_ass_others)
+                                {
+                                    ?>
+                                    <tr>
+                                        <td class="alignMiddle"><b><?php echo $hesklang['owner']; ?></b>: &nbsp; </td>
+                                        <td class="alignMiddle">
+                                            <select class="form-control" name="owner">
+                                                <option value="0" ><?php echo $hesklang['anyown']; ?></option>
+                                                <?php
+                                                foreach ($admins as $id => $name)
+                                                {
+                                                    echo '<option value="'.$id.'" '.($owner_input == $id ? 'selected="selected"' : '').'>'.$name.'</option>';
+                                                }
+                                                ?>
+                                            </select>
+                                        </td>
+                                    </tr>
+                                <?php
+                                }
+                                ?>
                                 <tr>
                                     <td class="alignMiddle"><b><?php echo $hesklang['date']; ?></b>: &nbsp; </td>
                                     <td class="alignMiddle">
@@ -422,12 +491,12 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                                     <td><div class="col-md-2 text-right" style="padding-left: 0px; padding-right: 0px;"><input class="form-control" type="text" name="limit" value="<?php echo $maxresults; ?>" size="4" /></div><div class="col-md-10" style="line-height: 40px"><?php echo $hesklang['results_page']; ?></div></td>
                                 </tr>
                             </table>
-
-                            <p><input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
-                                <input type="hidden" name="more2" value="<?php echo $more2 ? 1 : 0 ; ?>" /><a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='0';"><?php echo $hesklang['lopt']; ?></a></p>
-
+                            <div class="btn-group">
+                                <input class="btn btn-default" type="submit" value="<?php echo $hesklang['find_ticket']; ?>" />
+                                <a class="btn btn-default" href="javascript:void(0)" onclick="Javascript:hesk_toggleLayerDisplay('divShow2');Javascript:hesk_toggleLayerDisplay('topSubmit2');document.findby.more2.value='0';"><?php echo $hesklang['lopt']; ?></a>
+                            </div>
+                            <input type="hidden" name="more2" value="<?php echo $more2 ? 1 : 0 ; ?>" />
                         </div>
-
                     </form>
                 </td>
             </tr>
diff --git a/inc/ticket_list.inc.php b/inc/ticket_list.inc.php
index 32c32b8e..138a1472 100644
--- a/inc/ticket_list.inc.php
+++ b/inc/ticket_list.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -39,7 +39,7 @@ if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
 if (!isset($admins))
 {
 	$admins = array();
-	$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `id` ASC");
+	$res2 = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC");
 	while ($row=hesk_dbFetchAssoc($res2))
 	{
 		$admins[$row['id']]=$row['name'];
@@ -260,6 +260,7 @@ if ($total > 0)
 	while ($ticket=hesk_dbFetchAssoc($result))
 	{
 
+        // Are we grouping tickets?
 		if ($group)
         {
 			require(HESK_PATH . 'inc/print_group.inc.php');
@@ -284,15 +285,7 @@ if ($total > 0)
             $first_line = $hesklang['taso3'] . ' ' . $admins[$ticket['owner']] . " \n\n";
 		}
 
-        $tagged = '';
-        if ($ticket['archive'])
-        {
-			$tagged = '<i class="fa fa-tag" data-toggle="tooltip" data-placement="top" title="'.$hesklang['archived2'].'"></i> ';
-        }
-
-        $statusName = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ShortNameContentKey`, `TextColor` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE ID = ".$ticket['status']));
-        $ticket['status']='<span style="color: '.$statusName['TextColor'].'">'.$hesklang[$statusName['ShortNameContentKey']].'</span>';
-
+        // Prepare ticket priority
 		switch ($ticket['priority'])
 		{
 			case 0:
@@ -310,35 +303,151 @@ if ($total > 0)
 				$ticket['priority']='<span style="color: blue; font-size:1.3em" class="glyphicon glyphicon-flag" data-toggle="tooltip" data-placement="top" title="'.$hesklang['low'].'"></span>';
 		}
 
-        $ticket['lastchange']=hesk_time_since(strtotime($ticket['lastchange']));
+        // Set message (needed for row title)
+        $ticket['message'] = $first_line . substr(strip_tags($ticket['message']),0,200).'...';
 
-		if ($ticket['lastreplier'])
+        // Start ticket row
+        echo '
+		<tr title="'.$ticket['message'].'">
+		<td class="'.$color.'" style="text-align:left; white-space:nowrap;"><input type="checkbox" name="id[]" value="'.$ticket['id'].'" />&nbsp;</td>
+		';
+
+        // Print sequential ID and link it to the ticket page
+        if ( hesk_show_column('id') )
+        {
+            echo '<td class="'.$color.'" style="text-align:left; white-space:nowrap;"><a href="admin_ticket.php?track='.$ticket['trackid'].'&amp;Refresh='.$random.'">'.$ticket['id'].'</a></td>';
+        }
+
+        // Print tracking ID and link it to the ticket page
+        if ( hesk_show_column('trackid') )
+        {
+            echo '<td class="'.$color.'" style="text-align:left; white-space:nowrap;"><a href="admin_ticket.php?track='.$ticket['trackid'].'&amp;Refresh='.$random.'">'.$ticket['trackid'].'</a></td>';
+        }
+
+        // Print date submitted
+        if ( hesk_show_column('dt') )
+        {
+            switch ($hesk_settings['updatedformat'])
+            {
+                case 1:
+                    $ticket['dt'] = hesk_formatDate($ticket['dt']);
+                    break;
+                case 2:
+                    $ticket['dt'] = hesk_time_lastchange($ticket['dt']);
+                    break;
+                default:
+                    $ticket['dt'] = hesk_time_since( strtotime($ticket['dt']) );
+            }
+            echo '<td class="'.$color.'">'.$ticket['dt'].'</td>';
+        }
+
+        // Print last modified
+        if ( hesk_show_column('lastchange') )
 		{
-			$ticket['repliername'] = isset($admins[$ticket['replierid']]) ? $admins[$ticket['replierid']] : $hesklang['staff'];
-		}
-		else
-		{
-			$ticket['repliername'] = $ticket['name'];
+            switch ($hesk_settings['updatedformat'])
+            {
+                case 1:
+                    $ticket['lastchange'] = hesk_formatDate($ticket['lastchange']);
+                    break;
+                case 2:
+                    $ticket['lastchange'] = hesk_time_lastchange($ticket['lastchange']);
+                    break;
+                default:
+                    $ticket['lastchange'] = hesk_time_since( strtotime($ticket['lastchange']) );
+            }
+            echo '<td class="'.$color.'">'.$ticket['lastchange'].'</td>';
 		}
 
-		$ticket['archive'] = !($ticket['archive']) ? $hesklang['no'] : $hesklang['yes'];
+        // Print ticket category
+        if ( hesk_show_column('category') )
+		{
+            $ticket['category'] = isset($hesk_settings['categories'][$ticket['category']]) ? $hesk_settings['categories'][$ticket['category']] : $hesklang['catd'];
+            echo '<td class="'.$color.'">'.$ticket['category'].'</td>';
+		}
 
-		$ticket['message'] = $first_line . substr(strip_tags($ticket['message']),0,200).'...';
-        
+        // Print customer name
+        if ( hesk_show_column('name') )
+        {
+            echo '<td class="'.$color.'">'.$ticket['name'].'</td>';
+        }
 
-		echo <<<EOC
-		<tr class="$color" id="$ticket[id]" title="$ticket[message]">
-		<td><input type="checkbox" id="check$ticket[id]" name="id[]" value="$ticket[id]" />&nbsp;</td>
-        <td><a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[trackid]</a></td>
-        <td>$ticket[lastchange]</td>
-        <td>$ticket[name]</td>
-        <td>$tagged$owner<a href="admin_ticket.php?track=$ticket[trackid]&amp;Refresh=$random">$ticket[subject]</a></td>
-        <td>$ticket[status]&nbsp;</td>
-        <td>$ticket[repliername]</td>
-        <td>$ticket[priority]&nbsp;</td>
-		</tr>
+        // Print customer email
+        if ( hesk_show_column('email') )
+        {
+            echo '<td class="'.$color.'"><a href="mailto:'.$ticket['email'].'">'.$hesklang['clickemail'].'</a></td>';
+        }
 
-EOC;
+        // Print subject and link to the ticket page
+        if ( hesk_show_column('subject') )
+        {
+            echo '<td class="'.$color.'">'.($ticket['archive'] ? '<i class="fa fa-tag" style="font-size: 14px;color:#000" data-toggle="tooltip" data-placement="top" data-original-title="'.$hesklang['archived'].'"></i> ' : '').$owner.'<a href="admin_ticket.php?track='.$ticket['trackid'].'&amp;Refresh='.$random.'">'.$ticket['subject'].'</a></td>';
+        }
+
+        // Print ticket status
+        if ( hesk_show_column('status') )
+        {
+            $statusName = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ShortNameContentKey`, `TextColor` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."statuses` WHERE ID = ".$ticket['status']));
+            $ticket['status']='<span style="color: '.$statusName['TextColor'].'">'.$hesklang[$statusName['ShortNameContentKey']].'</span>';
+            echo '<td class="'.$color.'">'.$ticket['status'].'&nbsp;</td>';
+        }
+
+        // Print ticket owner
+        if ( hesk_show_column('owner') )
+        {
+            if ($ticket['owner'])
+            {
+                $ticket['owner'] = isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : $hesklang['unas'];
+            }
+            else
+            {
+                $ticket['owner'] = $hesklang['unas'];
+            }
+            echo '<td class="'.$color.'">'.$ticket['owner'].'</td>';
+        }
+
+        // Print number of all replies
+        if ( hesk_show_column('replies') )
+        {
+            echo '<td class="'.$color.'">'.$ticket['replies'].'</td>';
+        }
+
+        // Print number of staff replies
+        if ( hesk_show_column('staffreplies') )
+        {
+            echo '<td class="'.$color.'">'.$ticket['staffreplies'].'</td>';
+        }
+
+        // Print last replier
+        if ( hesk_show_column('lastreplier') )
+        {
+            if ($ticket['lastreplier'])
+            {
+                $ticket['repliername'] = isset($admins[$ticket['replierid']]) ? $admins[$ticket['replierid']] : $hesklang['staff'];
+            }
+            else
+            {
+                $ticket['repliername'] = $ticket['name'];
+            }
+            echo '<td class="'.$color.'">'.$ticket['repliername'].'</td>';
+        }
+
+        // Print time worked
+        if ( hesk_show_column('time_worked') )
+        {
+            echo '<td class="'.$color.'">'.$ticket['time_worked'].'</td>';
+        }
+
+        // Print custom fields
+        foreach ($hesk_settings['custom_fields'] as $key => $value)
+        {
+            if ($value['use'] && hesk_show_column($key) )
+                echo '<td class="'.$color.'">'.$ticket[$key].'</td>';
+        }
+
+        // End ticket row
+        echo '
+		<td class="'.$color.'" style="text-align:center; white-space:nowrap;">'.$ticket['priority'].'&nbsp;</td>
+		</tr>';
 	} // End while
 	?>
 	</table>
@@ -349,7 +458,11 @@ EOC;
     <tr>
     <td width="50%" class="text-right" style="vertical-align:top">
 		<select class="form-control" name="a">
-		<option value="close" selected="selected"><?php echo $hesklang['close_selected']; ?></option>
+        <option value="low" selected="selected"><?php echo $hesklang['set_pri_to'].' '.$hesklang['low']; ?></option>
+        <option value="medium"><?php echo $hesklang['set_pri_to'].' '.$hesklang['medium']; ?></option>
+        <option value="high"><?php echo $hesklang['set_pri_to'].' '.$hesklang['high']; ?></option>
+        <option value="critical"><?php echo $hesklang['set_pri_to'].' '.$hesklang['critical']; ?></option>
+        <option value="close"><?php echo $hesklang['close_selected']; ?></option>
 		<?php
 		if ( hesk_checkPermission('can_add_archive', 0) )
 		{
@@ -406,11 +519,11 @@ else
     
     if (isset($is_search) || $href == 'find_tickets.php')
     {
-        hesk_show_notice($hesklang['no_tickets_crit'].'<span style="float: right"><a href="new_ticket.php">'.$hesklang['nti'].'</a></span>');
+        hesk_show_notice($hesklang['no_tickets_crit']);
     }
     else
     {
-        hesk_show_notice($hesklang['no_tickets_open'].'<span style="float: right"><a href="new_ticket.php">'.$hesklang['nti'].'</a></span>');
+        hesk_show_notice($hesklang['no_tickets_open']);
     }
     
     echo '</div></div>';
@@ -421,19 +534,19 @@ echo '</div>
 
 function hesk_print_list_head()
 {
-	global $href, $query, $sort_possible, $hesklang, $hesk_settings;
+    global $hesk_settings, $href, $query, $sort_possible, $hesklang;
 	?>
 	<div class="table-responsive">
 	<table id="ticket-table" class="table table-hover">
         <thead>
 	        <tr>
 	        <th><input type="checkbox" id="checkall" name="checkall" value="2" onclick="hesk_changeAll(this)" /></th>
-            <th><a href="<?php echo $href . '?' . $query . $sort_possible['trackid'] . '&amp;sort='; ?>trackid"><?php echo $hesklang['trackID']; ?></a></th>
-	        <th><a href="<?php echo $href . '?' . $query . $sort_possible['lastchange'] . '&amp;sort='; ?>lastchange"><?php echo $hesklang['last_update']; ?></a></th>
-            <th><a href="<?php echo $href . '?' . $query . $sort_possible['name'] . '&amp;sort='; ?>name"><?php echo $hesklang['name']; ?></a></th>
-            <th><a href="<?php echo $href . '?' . $query . $sort_possible['subject'] . '&amp;sort='; ?>subject"><?php echo $hesklang['subject']; ?></a></th>
-            <th><a href="<?php echo $href . '?' . $query . $sort_possible['status'] . '&amp;sort='; ?>status"><?php echo $hesklang['status']; ?></a></th>
-            <th><a href="<?php echo $href . '?' . $query . $sort_possible['lastreplier'] . '&amp;sort='; ?>lastreplier"><?php echo $hesklang['last_replier']; ?></a></th>
+            <?php
+            foreach ($hesk_settings['ticket_list'] as $field)
+            {
+                echo '<th><a href="' . $href . '?' . $query . $sort_possible[$field] . '&amp;sort=' . $field . '">' . $hesk_settings['possible_ticket_list'][$field] . '</a></th>';
+            }
+            ?>
             <th><a href="<?php echo $href . '?' . $query . $sort_possible['priority'] . '&amp;sort='; ?>priority"><i class="fa fa-sort-<?php echo (($sort_possible['priority']) ? 'asc' : 'desc'); ?>"></i></a></th>
 	        </tr>
         </thead>
@@ -492,3 +605,50 @@ function hesk_time_since($original)
     }
     return $print;
 } // END hesk_time_since()
+
+
+function hesk_time_lastchange($original)
+{
+    global $hesk_settings, $hesklang;
+
+    // Save time format setting so we can restore it later
+    $copy = $hesk_settings['timeformat'];
+
+    // We need this time format for this function
+    $hesk_settings['timeformat'] = 'Y-m-d H:i:s';
+
+    // Get HESK time-adjusted start of today if not already
+    if ( ! defined('HESK_TIME_TODAY') )
+    {
+        // Adjust for HESK time and define constants for alter use
+        define('HESK_TIME_TODAY',		date('Y-m-d 00:00:00', hesk_date(NULL, false, false, false) ) );
+        define('HESK_TIME_YESTERDAY',	date('Y-m-d 00:00:00', strtotime(HESK_TIME_TODAY)-86400) ) ;
+    }
+
+    // Adjust HESK time difference and get day name
+    $ticket_time = hesk_date($original, true);
+
+    if ($ticket_time >= HESK_TIME_TODAY)
+    {
+        // For today show HH:MM
+        $day = substr($ticket_time, 11, 5);
+    }
+    elseif ($ticket_time >= HESK_TIME_YESTERDAY)
+    {
+        // For yesterday show word "Yesterday"
+        $day = $hesklang['r2'];
+    }
+    else
+    {
+        // For other days show DD MMM YY
+        list($y, $m, $d) = explode('-', substr($ticket_time, 0, 10) );
+        $day = '<span style="white-space: nowrap;">' . $d . ' ' . $hesklang['ms'.$m] . ' ' . substr($y, 2) . '</span>';
+    }
+
+    // Restore original time format setting
+    $hesk_settings['timeformat'] = $copy;
+
+    // Return value to display
+    return $day;
+
+} // END hesk_time_lastchange()
\ No newline at end of file
diff --git a/index.php b/index.php
index 27d6349c..0ab86966 100644
--- a/index.php
+++ b/index.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -39,6 +39,12 @@ define('HESK_PATH','./');
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 
+// Are we in maintenance mode?
+hesk_check_maintenance();
+
+// Are we in "Knowledgebase only" mode?
+hesk_check_kb_only();
+
 // What should we do?
 $action = hesk_REQUEST('a');
 
@@ -71,7 +77,59 @@ function print_add_ticket()
 	// Auto-focus first empty or error field
 	define('AUTOFOCUS', true);
 
-	// Varibles for coloring the fields in case of errors
+    // Pre-populate fields
+    // Customer name
+    if ( isset($_REQUEST['name']) )
+    {
+        $_SESSION['c_name'] = $_REQUEST['name'];
+    }
+
+    // Customer email address
+    if ( isset($_REQUEST['email']) )
+    {
+        $_SESSION['c_email']  = $_REQUEST['email'];
+        $_SESSION['c_email2'] = $_REQUEST['email'];
+    }
+
+    // Category ID
+    if ( isset($_REQUEST['catid']) )
+    {
+        $_SESSION['c_category'] = intval($_REQUEST['catid']);
+    }
+    if ( isset($_REQUEST['category']) )
+    {
+        $_SESSION['c_category'] = intval($_REQUEST['category']);
+    }
+
+    // Priority
+    if ( isset($_REQUEST['priority']) )
+    {
+        $_SESSION['c_priority'] = intval($_REQUEST['priority']);
+    }
+
+    // Subject
+    if ( isset($_REQUEST['subject']) )
+    {
+        $_SESSION['c_subject'] = $_REQUEST['subject'];
+    }
+
+    // Message
+    if ( isset($_REQUEST['message']) )
+    {
+        $_SESSION['c_message'] = $_REQUEST['message'];
+    }
+
+    // Custom fields
+    foreach ($hesk_settings['custom_fields'] as $k=>$v)
+    {
+        if ($v['use'] && isset($_REQUEST[$k]) )
+        {
+            $_SESSION['c_'.$k] = $_REQUEST[$k];
+        }
+    }
+
+
+    // Variables for coloring the fields in case of errors
 	if ( ! isset($_SESSION['iserror']))
 	{
 		$_SESSION['iserror'] = array();
@@ -82,13 +140,19 @@ function print_add_ticket()
 		$_SESSION['isnotice'] = array();
 	}
 
-    if ( ! isset($_SESSION['c_category']))
+if ( ! isset($_SESSION['c_category']) && ! $hesk_settings['select_cat'])
     {
     	$_SESSION['c_category'] = 0;
     }
 
 	hesk_cleanSessionVars('already_submitted');
 
+    // Tell header to load reCaptcha API if needed
+    if ($hesk_settings['recaptcha_use'] == 2)
+    {
+        define('RECAPTCHA',1);
+    }
+
 	// Print header
 	$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['submit_ticket'];
 	require_once(HESK_PATH . 'inc/header.inc.php');
@@ -135,7 +199,7 @@ function print_add_ticket()
 		            <div class="form-group">
 			            <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <font class="important">*</font></label>
 			            <div class="col-sm-9"> 
-                            <input type="text" class="form-control" id="email" name="email" size="40" maxlength="255" value="<?php if (isset($_SESSION['c_email'])) {echo stripslashes(hesk_input($_SESSION['c_email']));} ?>" <?php if (in_array('email',$_SESSION['iserror'])) {echo ' class="isError" ';} elseif (in_array('email',$_SESSION['isnotice'])) {echo ' class="isNotice" ';} ?> <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(0)"'; } ?> placeholder="<?php echo $hesklang['email']; ?>" />
+                            <input type="text" class="form-control" id="email" name="email" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email'])) {echo stripslashes(hesk_input($_SESSION['c_email']));} ?>" <?php if (in_array('email',$_SESSION['iserror'])) {echo ' class="isError" ';} elseif (in_array('email',$_SESSION['isnotice'])) {echo ' class="isNotice" ';} ?> <?php if($hesk_settings['detect_typos']) { echo ' onblur="Javascript:hesk_suggestEmail(0)"'; } ?> placeholder="<?php echo $hesklang['email']; ?>" />
 		                </div>
                     </div>
                     <?php
@@ -145,7 +209,7 @@ function print_add_ticket()
 		            <div class="form-group">
                         <label for="email2" class="col-sm-3 control-label"><?php echo $hesklang['confemail']; ?>: <font class="important">*</font></label>
                         <div class="col-sm-9">
-                            <input type="text" id="email2" class="form-control" name="email2" size="40" maxlength="255" value="<?php if (isset($_SESSION['c_email2'])) {echo stripslashes(hesk_input($_SESSION['c_email2']));} ?>" <?php if (in_array('email2',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> placeholder="<?php echo $hesklang['confemail']; ?>" />
+                            <input type="text" id="email2" class="form-control" name="email2" size="40" maxlength="1000" value="<?php if (isset($_SESSION['c_email2'])) {echo stripslashes(hesk_input($_SESSION['c_email2']));} ?>" <?php if (in_array('email2',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> placeholder="<?php echo $hesklang['confemail']; ?>" />
                         </div>
                     </div>
                     <?php
@@ -174,12 +238,6 @@ function print_add_ticket()
                         }
                         else
                         {
-		                    // Is the category ID preselected?
-		                    if ( ! empty($_GET['catid']) )
-		                    {
-			                    $_SESSION['c_category'] = intval( hesk_GET('catid') );
-		                    }
-
 		                    // List available categories
 		                    $is_table = 1;
 		            ?>
@@ -187,6 +245,12 @@ function print_add_ticket()
                         <label for="category" class="col-sm-3 control-label"><?php echo $hesklang['category']; ?>: <font class="important">*</font></label>
                         <div class="col-sm-9">
                             <select name="category" id="category" class="form-control" <?php if (in_array('category',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> ><?php
+                                // Show the "Click to select"?
+                                if ($hesk_settings['select_cat'])
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+                                // List categories
 		                        while ($row = hesk_dbFetchAssoc($res))
 		                        {
 			                        echo '<option value="' . $row['id'] . '"' . (($_SESSION['c_category'] == $row['id']) ? ' selected="selected"' : '') . '>' . $row['name'] . '</option>';
@@ -205,6 +269,13 @@ function print_add_ticket()
                         <label for="priority" class="col-sm-3 control-label"><?php echo $hesklang['priority']; ?>: <font class="important">*</font></label>
                         <div class="col-sm-9">   
                             <select id="priority" class="form-control" name="priority" <?php if (in_array('priority',$_SESSION['iserror'])) {echo ' class="isError" ';} ?> >
+                                <?php
+                                // Show the "Click to select"?
+                                if ($hesk_settings['select_pri'])
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+                                ?>
 		                        <option value="3" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==3) {echo 'selected="selected"';} ?>><?php echo $hesklang['low']; ?></option>
 		                        <option value="2" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==2) {echo 'selected="selected"';} ?>><?php echo $hesklang['medium']; ?></option>
 		                        <option value="1" <?php if(isset($_SESSION['c_priority']) && $_SESSION['c_priority']==1) {echo 'selected="selected"';} ?>><?php echo $hesklang['high']; ?></option>
@@ -288,12 +359,19 @@ function print_add_ticket()
 					            echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
                                 <div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
 
-	            	            $options = explode('#HESK#',$v['value']);
+                                // Show "Click to select"?
+                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
+                                if ($num)
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+
+                                $options = explode('#HESK#',$v['value']);
 
 	                            foreach ($options as $option)
 	                            {
 
-		            	            if (strlen($k_value) == 0 || $k_value == $option)
+                                    if ($k_value == $option)
 		                            {
 	                    	            $k_value = $option;
 	                                    $selected = 'selected="selected"';
@@ -358,7 +436,7 @@ function print_add_ticket()
                                 foreach ($options as $option)
                                 {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option)
+                                    if ($k_value == $option)
                                     {
                                         $k_value = $option;
                                         $selected = 'selected="selected"';
@@ -528,12 +606,20 @@ function print_add_ticket()
 					            echo '<div class="form-group"><label for="'.$v['name'].'" class="col-sm-3 control-label">'.$v['name'].': '.$v['req'].'</label>
                                 <div class="col-sm-9"><select class="form-control" id="'.$v['name'].'" name="'.$k.'" '.$cls.'>';
 
-	            	            $options = explode('#HESK#',$v['value']);
+                                // Show "Click to select"?
+                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
+                                if ($num)
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+
+
+                                $options = explode('#HESK#',$v['value']);
 
 	                            foreach ($options as $option)
 	                            {
 
-		            	            if (strlen($k_value) == 0 || $k_value == $option)
+		            	            if ($k_value == $option)
 		                            {
 	                    	            $k_value = $option;
 	                                    $selected = 'selected="selected"';
@@ -598,7 +684,7 @@ function print_add_ticket()
                                 foreach ($options as $option)
                                 {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option)
+                                    if ($k_value == $option)
                                     {
                                         $k_value = $option;
                                         $selected = 'selected="selected"';
@@ -715,7 +801,7 @@ function print_add_ticket()
 				                echo '<img src="'.HESK_PATH.'img/success.png" width="16" height="16" border="0" alt="" style="vertical-align:text-bottom" /> '.$hesklang['vrfy'];
 			                }
 			                // Not verified yet, should we use Recaptcha?
-			                elseif ($hesk_settings['recaptcha_use'])
+			                elseif ($hesk_settings['recaptcha_use'] == 1)
 			                {
 				                ?>
 				                <script type="text/javascript">
@@ -738,7 +824,14 @@ function print_add_ticket()
 				                </script>
 				                <?php
 				                require(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
-				                echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, $hesk_settings['recaptcha_ssl']);
+                                echo recaptcha_get_html($hesk_settings['recaptcha_public_key'], null, true);
+                            }
+                            // Use reCaptcha API v2?
+                            elseif ($hesk_settings['recaptcha_use'] == 2)
+                            {
+                                ?>
+                                <div class="g-recaptcha" data-sitekey="<?php echo $hesk_settings['recaptcha_public_key']; ?>"></div>
+                            <?php
 			                }
 			                // At least use some basic PHP generated image (better than nothing)
 			                else
@@ -794,6 +887,13 @@ function print_add_ticket()
 	                <?php
                 } // End ELSE submit_notice
                 ?>
+
+                <!-- Do not delete or modify the code below, it is used to detect simple SPAM bots -->
+                <input type="hidden" name="hx" value="3" /><input type="hidden" name="hy" value="" />
+                <!-- >
+                <input type="text" name="phone" value="3" />
+                < -->
+
                 </form>
             </div>
                  <!-- END FORM -->
@@ -814,10 +914,12 @@ function print_start()
 	if ($hesk_settings['kb_enable'])
 	{
         require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
-		hesk_load_database_functions();
-	    hesk_dbConnect();
 	}
 
+    // Connect to database
+    hesk_load_database_functions();
+    hesk_dbConnect();
+
 	/* Print header */
 	require_once(HESK_PATH . 'inc/header.inc.php');
 
@@ -827,6 +929,23 @@ function print_start()
   <li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
   <li class="active"><?php echo $hesk_settings['hesk_title']; ?></li>
 </ol>
+    <?php
+    // Service messages
+    $res = hesk_dbQuery('SELECT `title`, `message`, `style` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `type`='0' ORDER BY `order` ASC");
+    if (hesk_dbNumRows($res) > 0)
+    {
+    ?>
+    <div class="row">
+        <div class="col-md-12">
+            <?php
+            while ($sm=hesk_dbFetchAssoc($res))
+            {
+                hesk_service_message($sm);
+            }
+            ?>
+        </div>
+    </div>
+    <?php } ?>
 	<div class="row">
 		<div class="col-md-4">
             <div class="panel panel-default">
@@ -939,6 +1058,11 @@ function forgot_tid()
 
 	$email = hesk_validateEmail( hesk_POST('email'), 'ERR' ,0) or hesk_process_messages($hesklang['enter_valid_email'],'ticket.php?remind=1');
 
+    if ( isset($_POST['open_only']) )
+    {
+        $hesk_settings['open_only'] = $_POST['open_only'] == 1 ? 1 : 0;
+    }
+
 	/* Prepare ticket statuses */
 	$my_status = array(
 	    0 => $hesklang['open'],
diff --git a/install/index.php b/install/index.php
index a02321e2..f8eb1ce0 100644
--- a/install/index.php
+++ b/install/index.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
diff --git a/install/install.php b/install/install.php
index bf31bbb1..f516c62b 100644
--- a/install/install.php
+++ b/install/install.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -93,6 +93,8 @@ if ($_SESSION['step'] == 3 && isset($_POST['dbtest']))
     // Generate HESK table names
 	$hesk_tables = array(
 		$hesk_settings['db_pfix'].'attachments',
+        $hesk_settings['db_pfix'].'banned_emails',
+        $hesk_settings['db_pfix'].'banned_ips',
 		$hesk_settings['db_pfix'].'categories',
 		$hesk_settings['db_pfix'].'kb_articles',
 		$hesk_settings['db_pfix'].'kb_attachments',
@@ -103,8 +105,12 @@ if ($_SESSION['step'] == 3 && isset($_POST['dbtest']))
 		$hesk_settings['db_pfix'].'online',
 		$hesk_settings['db_pfix'].'pipe_loops',
 		$hesk_settings['db_pfix'].'replies',
+        $hesk_settings['db_pfix'].'reply_drafts',
+        $hesk_settings['db_pfix'].'reset_password',
+        $hesk_settings['db_pfix'].'service_messages',
 		$hesk_settings['db_pfix'].'std_replies',
 		$hesk_settings['db_pfix'].'tickets',
+        $hesk_settings['db_pfix'].'ticket_templates',
 		$hesk_settings['db_pfix'].'users',
 	);
 
@@ -204,30 +210,57 @@ function hesk_iTables()
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (
   `att_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
-  `ticket_id` varchar(13) NOT NULL DEFAULT '',
-  `saved_name` varchar(255) NOT NULL DEFAULT '',
-  `real_name` varchar(255) NOT NULL DEFAULT '',
+  `ticket_id` varchar(13) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `saved_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `real_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
   `size` int(10) unsigned NOT NULL DEFAULT '0',
+  `type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
   PRIMARY KEY (`att_id`),
   KEY `ticket_id` (`ticket_id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
 ");
 
+// -> Banned emails
+    hesk_dbQuery("
+CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_emails` (
+  `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
+  `email` varchar(255) NOT NULL,
+  `banned_by` smallint(5) unsigned NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`),
+  KEY `email` (`email`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8
+");
+
+// -> Banned IPs
+    hesk_dbQuery("
+CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."banned_ips` (
+  `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
+  `ip_from` int(10) unsigned NOT NULL DEFAULT '0',
+  `ip_to` int(10) unsigned NOT NULL DEFAULT '0',
+  `ip_display` varchar(100) NOT NULL,
+  `banned_by` smallint(5) unsigned NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8
+");
+
 // -> Categories
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (
   `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
-  `name` varchar(60) NOT NULL DEFAULT '',
+  `name` varchar(60) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
   `cat_order` smallint(5) unsigned NOT NULL DEFAULT '0',
-  `autoassign` enum('0','1') NOT NULL DEFAULT '1',
-  `type` enum('0','1') NOT NULL DEFAULT '0',
+  `autoassign` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `priority` enum('0','1','2','3') COLLATE utf8_unicode_ci NOT NULL DEFAULT '3',
   PRIMARY KEY (`id`),
   KEY `type` (`type`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
 ");
 
 // ---> Insert default category
-hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`id`, `name`, `cat_order`, `autoassign`, `type`) VALUES (1, 'General', 10, '1', '0')");
+hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` (`id`, `name`, `cat_order`) VALUES (1, 'General', 10)");
 
 // -> KB Articles
 hesk_dbQuery("
@@ -236,22 +269,22 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` (
   `catid` smallint(5) unsigned NOT NULL,
   `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
   `author` smallint(5) unsigned NOT NULL,
-  `subject` varchar(255) NOT NULL,
-  `content` mediumtext NOT NULL,
-  `keywords` mediumtext NOT NULL,
+  `subject` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
+  `content` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `keywords` mediumtext COLLATE utf8_unicode_ci NOT NULL,
   `rating` float NOT NULL DEFAULT '0',
   `votes` mediumint(8) unsigned NOT NULL DEFAULT '0',
   `views` mediumint(8) unsigned NOT NULL DEFAULT '0',
-  `type` enum('0','1','2') NOT NULL DEFAULT '0',
-  `html` enum('0','1') NOT NULL DEFAULT '0',
-  `sticky` enum('0','1') NOT NULL DEFAULT '0',
+  `type` enum('0','1','2') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `html` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `sticky` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
   `art_order` smallint(5) unsigned NOT NULL DEFAULT '0',
-  `history` mediumtext NOT NULL,
-  `attachments` mediumtext NOT NULL,
+  `history` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `attachments` mediumtext COLLATE utf8_unicode_ci NOT NULL,
   PRIMARY KEY (`id`),
   KEY `catid` (`catid`),
-  KEY `type` (`type`),
   KEY `sticky` (`sticky`),
+  KEY `type` (`type`),
   FULLTEXT KEY `subject` (`subject`,`content`,`keywords`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
 ");
@@ -260,8 +293,8 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` (
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` (
   `att_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
-  `saved_name` varchar(255) NOT NULL DEFAULT '',
-  `real_name` varchar(255) NOT NULL DEFAULT '',
+  `saved_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `real_name` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
   `size` int(10) unsigned NOT NULL DEFAULT '0',
   PRIMARY KEY (`att_id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@@ -271,13 +304,13 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` (
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (
   `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
-  `name` varchar(255) NOT NULL,
+  `name` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
   `parent` smallint(5) unsigned NOT NULL,
   `articles` smallint(5) unsigned NOT NULL DEFAULT '0',
   `articles_private` smallint(5) unsigned NOT NULL DEFAULT '0',
   `articles_draft` smallint(5) unsigned NOT NULL DEFAULT '0',
   `cat_order` smallint(5) unsigned NOT NULL,
-  `type` enum('0','1') NOT NULL,
+  `type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`),
   KEY `type` (`type`),
   KEY `parent` (`parent`)
@@ -285,12 +318,12 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (
 ");
 
 // ---> Insert default KB category
-hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (`id`, `name`, `parent`, `articles`, `cat_order`, `type`) VALUES (1, 'Knowledgebase', 0, 0, 10, '0')");
+hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` (`id`, `name`, `parent`, `cat_order`, `type`) VALUES (1, 'Knowledgebase', 0, 10, '0')");
 
 // -> Login attempts
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` (
-  `ip` varchar(46) NOT NULL,
+  `ip` varchar(45) COLLATE utf8_unicode_ci NOT NULL,
   `number` tinyint(3) unsigned NOT NULL DEFAULT '1',
   `last_attempt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
   UNIQUE KEY `ip` (`ip`)
@@ -303,14 +336,14 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
   `from` smallint(5) unsigned NOT NULL,
   `to` smallint(5) unsigned NOT NULL,
-  `subject` varchar(255) NOT NULL,
-  `message` mediumtext NOT NULL,
-  `dt` datetime NOT NULL,
-  `read` enum('0','1') NOT NULL DEFAULT '0',
+  `subject` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
+  `message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `read` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
   `deletedby` smallint(5) unsigned NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`),
-  KEY `to` (`to`,`read`,`deletedby`),
-  KEY `from` (`from`)
+  KEY `from` (`from`),
+  KEY `to` (`to`,`read`,`deletedby`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
 ");
 
@@ -318,7 +351,7 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (
 hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (1, 9999, 1, 'Rate this script', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p style=\"color:green;font-weight:bold\">Enjoy using HESK? Please let others know!</p>\r\n\r\n<p>You are invited to rate HESK or even write a short review here:<br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://www.hotscripts.com/Detailed/46973.html\" target=\"_blank\">Rate this script @ Hot Scripts</a><br />&nbsp;<br /><img src=\"../img/link.png\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" style=\"vertical-align:text-bottom\" /> <a href=\"http://php.resourceindex.com/detail/04946.html\" target=\"_blank\">Rate this script @ The PHP Resource Index</a></p>\r\n\r\n<p>Thank you,<br />&nbsp;<br />Klemen,<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p>&nbsp;</p>', NOW(), '0', 9999)");
 
 // ---> Insert welcome email
-hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (2, 9999, 1, 'Welcome to HESK!', '<div style=\"text-align:justify;padding:3px\">\r\n\r\n<p style=\"color:green;font-weight:bold\">Congratulations for installing HESK, a lightweight and easy-to-use ticket support system!</p>\r\n\r\n<p>I am sure you are eager to use your <b>HESK&trade;</b> helpdesk to improve your customer support and reduce your workload, so check the rest of this message for some quick  &quot;Getting Started&quot; tips.</p>\r\n\r\n<p>Once you have learned the power of <b>HESK&trade;</b>, please consider supporting its future enhancement by purchasing an <a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">inexpensive license</a>. Having a site license will remove the &quot;Powered by Help Desk Software HESK&quot; links from the bottom of your screens to make it look even more professional.</p>\r\n\r\n<p>Enjoy using HESK&trade; - and I value receiving your constructive feedback and feature suggestions.</p>\r\n\r\n<p>Klemen Stirn,<br />\r\nHESK owner and author<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>\r\n\r\n<p>&nbsp;</p>\r\n\r\n<p style=\"text-align:center;font-weight:bold\">*** Quick &quot;Getting Started&quot; Tips ***</p>\r\n\r\n<ul style=\"padding-left:20px;padding-right:10px\">\r\n<li>Click the profile link to set your Profile name, e-mail, signature, and *CHANGE YOUR PASSWORD*.<br />&nbsp;</li>\r\n<li>Click the settings link in the top menu to get to the Settings page. Take some time and get familiar with all the available settings. Most should be self-explanatory; for additional information about each setting, click the [?] link for help about the current setting.<br />&nbsp;</li>\r\n<li>Create new staff accounts on the Users page. The default user (Administrator) cannot be deleted, but you can change the password on the Profile page.<br />&nbsp;</li>\r\n<li>Add new categories (departments) on the Categories page. The default category cannot be deleted, but it can be renamed.<br />&nbsp;</li>\r\n<li>Use the integrated Knowledgebase - it is one of the most powerful support tools as it gives self-help resources to your customers. A comprehensive and well-written knowledgebase can drastically reduce the number of support tickets you receive and save a lot of your time in the long run. Arrange answers to frequently asked questions and articles into categories.<br />&nbsp;</li>\r\n<li>Create canned responses on the Canned Responses page. These are pre-written replies to common support questions. However, you should also contribute by adding answers to other typical questions in the Knowledgebase.<br />&nbsp;</li>\r\n<li>Subscribe to the <a href=\"http://www.hesk.com/newsletter.php\" target=\"_blank\">HESK Newsletter</a> to be notified of updates and new versions.<br />&nbsp;</li>\r\n<li><a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">Buy a license</a> to remove the &quot;<span class=\"smaller\">Powered by Help Desk Software HESK</span>&quot; links from the bottom of your help desk.<br />&nbsp;</li></ul>\r\n\r\n</div>', NOW(), '0', 9999)");
+hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` (`id`, `from`, `to`, `subject`, `message`, `dt`, `read`, `deletedby`) VALUES (2, 9999, 1, 'Welcome to HESK! Here are some quick tips...', '<p style=\"color:green;font-weight:bold\">HESK quick &quot;Getting Started&quot; tips:<br />&nbsp;</p>\r\n\r\n<ol style=\"padding-left:20px;padding-right:10px;text-align:justify\">\r\n<li>Click the Profile link to set your name, email, signature and password.<br />&nbsp;</li>\r\n<li>Click the Settings link in the top menu to get to the Settings page. For additional information about each setting, click the [?] link.<br />&nbsp;</li>\r\n<li>Add new categories (departments) on the Categories page. The default category cannot be deleted, but it can be renamed.<br />&nbsp;</li>\r\n<li>Create new staff accounts on the Users page. You can give them unlimited (Administrator) or restricted (Staff) access.<br />&nbsp;</li>\r\n<li>Use the integrated Knowledgebase. A comprehensive and well-written knowledgebase can drastically reduce the number of support tickets you receive and save a lot of your time in the long run.<br />&nbsp;</li>\r\n<li>You can create response and new ticket templates on the Canned page.<br />&nbsp;</li>\r\n<li>Subscribe to the <a href=\"http://www.hesk.com/newsletter.php\" target=\"_blank\">HESK Newsletter</a> to be notified of updates and new versions.<br />&nbsp;</li>\r\n<li>You should follow HESK on Twitter <a href=\"https://twitter.com/HESKdotCOM\" target=\"_blank\">here</a>.<br />&nbsp;</li>\r\n<li>To remove the &quot;<span class=\"smaller\">Powered by Help Desk Software HESK</span>&quot; links from the bottom of your help desk <a href=\"https://www.hesk.com/buy.php\" target=\"_blank\">buy a license here</a>.<br />&nbsp;</li></ol>\r\n\r\n<p>Enjoy using HESK and please feel free to share your constructive feedback and feature suggestions.</p>\r\n\r\n<p>Klemen Stirn<br />\r\nHESK owner and author<br />\r\n<a href=\"http://www.hesk.com/\" target=\"_blank\">www.hesk.com</a>', NOW(), '0', 9999)");
 
 // -> Notes
 hesk_dbQuery("
@@ -326,8 +359,9 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (
   `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
   `ticket` mediumint(8) unsigned NOT NULL,
   `who` smallint(5) unsigned NOT NULL,
-  `dt` datetime NOT NULL,
-  `message` mediumtext NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `attachments` mediumtext COLLATE utf8_unicode_ci NOT NULL,
   PRIMARY KEY (`id`),
   KEY `ticketid` (`ticket`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@@ -347,9 +381,9 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."online` (
 // -> Pipe loops
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."pipe_loops` (
-  `email` varchar(255) NOT NULL,
+  `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
   `hits` smallint(1) unsigned NOT NULL DEFAULT '0',
-  `message_hash` char(32) NOT NULL,
+  `message_hash` char(32) COLLATE utf8_unicode_ci NOT NULL,
   `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
   KEY `email` (`email`,`hits`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@@ -360,24 +394,67 @@ hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (
   `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
   `replyto` mediumint(8) unsigned NOT NULL DEFAULT '0',
-  `name` varchar(50) NOT NULL DEFAULT '',
-  `message` mediumtext NOT NULL,
-  `dt` datetime DEFAULT NULL,
-  `attachments` mediumtext,
+  `name` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `attachments` mediumtext COLLATE utf8_unicode_ci,
   `staffid` smallint(5) unsigned NOT NULL DEFAULT '0',
-  `rating` enum('0','1','5') NOT NULL DEFAULT '0',
-  `read` enum('0','1') NOT NULL DEFAULT '0',
+  `rating` enum('1','5') COLLATE utf8_unicode_ci DEFAULT NULL,
+  `read` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`),
-  KEY `replyto` (`replyto`)
+  KEY `replyto` (`replyto`),
+  KEY `dt` (`dt`),
+  KEY `staffid` (`staffid`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
 ");
 
+// -> Reply drafts
+hesk_dbQuery("
+CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."reply_drafts` (
+  `owner` smallint(5) unsigned NOT NULL,
+  `ticket` mediumint(8) unsigned NOT NULL,
+  `message` mediumtext CHARACTER SET utf8 NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  KEY `owner` (`owner`),
+  KEY `ticket` (`ticket`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
+");
+
+// -> Reset password
+    hesk_dbQuery("
+CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (
+  `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
+  `user` smallint(5) unsigned NOT NULL,
+  `hash` char(40) NOT NULL,
+  `ip` varchar(45) NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`),
+  KEY `user` (`user`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+");
+
+// -> Service messages
+    hesk_dbQuery("
+CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` (
+  `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
+  `dt` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `author` smallint(5) unsigned NOT NULL,
+  `title` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
+  `message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `style` enum('0','1','2','3','4') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `type` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `order` smallint(5) unsigned NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  KEY `type` (`type`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
+");
+
 // -> Canned Responses
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (
   `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
-  `title` varchar(100) NOT NULL DEFAULT '',
-  `message` mediumtext NOT NULL,
+  `title` varchar(100) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
   `reply_order` smallint(5) unsigned NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
@@ -387,80 +464,104 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."std_replies` (
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` (
   `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
-  `trackid` varchar(13) NOT NULL,
-  `name` varchar(50) NOT NULL DEFAULT '',
-  `email` varchar(255) NOT NULL DEFAULT '',
+  `trackid` varchar(13) COLLATE utf8_unicode_ci NOT NULL,
+  `name` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `email` varchar(1000) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
   `category` smallint(5) unsigned NOT NULL DEFAULT '1',
-  `priority` enum('0','1','2','3') NOT NULL DEFAULT '3',
-  `subject` varchar(70) NOT NULL DEFAULT '',
-  `message` mediumtext NOT NULL,
-  `dt` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `priority` enum('0','1','2','3') COLLATE utf8_unicode_ci NOT NULL DEFAULT '3',
+  `subject` varchar(70) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `dt` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
   `lastchange` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-  `ip` varchar(46) NOT NULL DEFAULT '',
-  `language` varchar(50) DEFAULT NULL,
-  `status` enum('0','1','2','3','4','5') NOT NULL DEFAULT '0',
+  `firstreply` timestamp NULL DEFAULT NULL,
+  `closedat` timestamp NULL DEFAULT NULL,
+  `articles` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
+  `ip` varchar(45) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `language` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
+  `status` enum('0','1','2','3','4','5') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `openedby` smallint(5) unsigned DEFAULT '0',
+  `firstreplyby` smallint(5) unsigned DEFAULT NULL,
+  `closedby` smallint(5) unsigned DEFAULT NULL,
+  `replies` smallint(5) unsigned NOT NULL DEFAULT '0',
+  `staffreplies` smallint(5) unsigned NOT NULL DEFAULT '0',
   `owner` smallint(5) unsigned NOT NULL DEFAULT '0',
   `time_worked` time NOT NULL DEFAULT '00:00:00',
-  `lastreplier` enum('0','1') NOT NULL DEFAULT '0',
+  `lastreplier` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
   `replierid` smallint(5) unsigned DEFAULT NULL,
-  `archive` enum('0','1') NOT NULL DEFAULT '0',
-  `locked` enum('0','1') NOT NULL DEFAULT '0',
-  `attachments` mediumtext NOT NULL,
-  `merged` mediumtext NOT NULL,
-  `history` mediumtext NOT NULL,
-  `custom1` mediumtext NOT NULL,
-  `custom2` mediumtext NOT NULL,
-  `custom3` mediumtext NOT NULL,
-  `custom4` mediumtext NOT NULL,
-  `custom5` mediumtext NOT NULL,
-  `custom6` mediumtext NOT NULL,
-  `custom7` mediumtext NOT NULL,
-  `custom8` mediumtext NOT NULL,
-  `custom9` mediumtext NOT NULL,
-  `custom10` mediumtext NOT NULL,
-  `custom11` mediumtext NOT NULL,
-  `custom12` mediumtext NOT NULL,
-  `custom13` mediumtext NOT NULL,
-  `custom14` mediumtext NOT NULL,
-  `custom15` mediumtext NOT NULL,
-  `custom16` mediumtext NOT NULL,
-  `custom17` mediumtext NOT NULL,
-  `custom18` mediumtext NOT NULL,
-  `custom19` mediumtext NOT NULL,
-  `custom20` mediumtext NOT NULL,
+  `archive` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `locked` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `attachments` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `merged` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `history` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom1` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom2` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom3` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom4` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom5` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom6` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom7` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom8` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom9` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom10` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom11` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom12` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom13` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom14` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom15` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom16` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom17` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom18` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom19` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `custom20` mediumtext COLLATE utf8_unicode_ci NOT NULL,
   PRIMARY KEY (`id`),
   KEY `trackid` (`trackid`),
   KEY `archive` (`archive`),
   KEY `categories` (`category`),
   KEY `statuses` (`status`),
-  KEY `owner` (`owner`)
+  KEY `owner` (`owner`),
+  KEY `openedby` (`openedby`,`firstreplyby`,`closedby`),
+  KEY `dt` (`dt`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
 ");
 
+// -> Ticket templates
+    hesk_dbQuery("
+CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."ticket_templates` (
+  `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
+  `title` varchar(100) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `message` mediumtext COLLATE utf8_unicode_ci NOT NULL,
+  `tpl_order` smallint(5) unsigned NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
+");
+
 // -> Users
 hesk_dbQuery("
 CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
   `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
-  `user` varchar(20) NOT NULL DEFAULT '',
-  `pass` char(40) NOT NULL,
-  `isadmin` enum('0','1') NOT NULL DEFAULT '0',
-  `name` varchar(50) NOT NULL DEFAULT '',
-  `email` varchar(255) NOT NULL DEFAULT '',
-  `signature` varchar(255) NOT NULL DEFAULT '',
-  `language` varchar(50) DEFAULT NULL,
-  `categories` varchar(255) NOT NULL DEFAULT '',
-  `afterreply` enum('0','1','2') NOT NULL DEFAULT '0',
-  `autostart` enum('0','1') NOT NULL DEFAULT '1',
-  `notify_new_unassigned` enum('0','1') NOT NULL DEFAULT '1',
-  `notify_new_my` enum('0','1') NOT NULL DEFAULT '1',
-  `notify_reply_unassigned` enum('0','1') NOT NULL DEFAULT '1',
-  `notify_reply_my` enum('0','1') NOT NULL DEFAULT '1',
-  `notify_assigned` enum('0','1') NOT NULL DEFAULT '1',
-  `notify_pm` enum('0','1') NOT NULL DEFAULT '1',
-  `notify_note` enum('0','1') NOT NULL DEFAULT '1',
-  `default_list` varchar(255) NOT NULL DEFAULT '',
-  `autoassign` enum('0','1') NOT NULL DEFAULT '1',
-  `heskprivileges` mediumtext NOT NULL,
+  `user` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `pass` char(40) COLLATE utf8_unicode_ci NOT NULL,
+  `isadmin` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `name` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `signature` varchar(1000) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `language` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
+  `categories` varchar(500) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `afterreply` enum('0','1','2') COLLATE utf8_unicode_ci NOT NULL DEFAULT '0',
+  `autostart` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_customer_new` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_customer_reply` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `show_suggested` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_new_unassigned` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_new_my` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_reply_unassigned` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_reply_my` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_assigned` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_pm` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `notify_note` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `default_list` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+  `autoassign` enum('0','1') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
+  `heskprivileges` varchar(1000) COLLATE utf8_unicode_ci DEFAULT NULL,
   `ratingneg` mediumint(8) unsigned NOT NULL DEFAULT '0',
   `ratingpos` mediumint(8) unsigned NOT NULL DEFAULT '0',
   `rating` float NOT NULL DEFAULT '0',
@@ -470,7 +571,7 @@ CREATE TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci
 ");
 
-hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (`id`, `user`, `pass`, `isadmin`, `name`, `email`, `signature`, `heskprivileges`) VALUES (1, '".hesk_dbEscape($_SESSION['admin_user'])."', '".hesk_dbEscape($_SESSION['admin_hash'])."', '1', 'Your name', 'you@me.com', 'Sincerely,\r\n\r\nYour name\r\nYour website\r\nhttp://www.yourwebsite.com', '')");
+    hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (`id`, `user`, `pass`, `isadmin`, `name`, `email`, `heskprivileges`) VALUES (1, '".hesk_dbEscape($_SESSION['admin_user'])."', '".hesk_dbEscape($_SESSION['admin_hash'])."', '1', 'Your name', 'you@me.com', '')");
 
 	return true;
 
@@ -512,11 +613,10 @@ function hesk_iSaveSettings()
 	}
 	$set['debug_mode'] = 0;
 
-	$set['email_providers'] = count($set['email_providers']) ?  "'" . implode("','", $set['email_providers']) . "'" : '';
+    $set['notify_spam_tags'] = count($set['notify_spam_tags']) ?  "'" . implode("','", $set['notify_spam_tags']) . "'" : '';
 
-    // Check if PHP version is 5.2.3+ and MySQL is 5.0.7+
-	$res = hesk_dbQuery('SELECT VERSION() AS version');
-	$set['db_vrsn'] = (version_compare(PHP_VERSION, '5.2.3') >= 0 && version_compare( hesk_dbResult($res) , '5.0.7') >= 0) ? 1 : 0;
+    // Check if PHP version is 5.2.3+
+    $set['db_vrsn'] = (version_compare(PHP_VERSION, '5.2.3') >= 0) ? 1 : 0;
 
 	hesk_iSaveSettingsFile($set);
 
diff --git a/install/install_functions.inc.php b/install/install_functions.inc.php
index 98704d30..3867d43c 100644
--- a/install/install_functions.inc.php
+++ b/install/install_functions.inc.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -36,8 +36,10 @@
 if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
 
 // We will be installing this HESK version:
-define('HESK_NEW_VERSION','2.5.5');
+define('HESK_NEW_VERSION','2.6.0 beta 1');
 define('MODS_FOR_HESK_NEW_VERSION','1.7.0');
+define('REQUIRE_PHP_VERSION','5.0.0');
+define('REQUIRE_MYSQL_VERSION','5.0.7');
 
 // Other required files and settings
 define('INSTALL',1);
@@ -134,6 +136,13 @@ function hesk_iTestDatabaseConnection()
 		hesk_iDatabase(1);
     }
 
+    // Check MySQL version
+    define('MYSQL_VERSION', hesk_dbResult( hesk_dbQuery('SELECT VERSION() AS version') ) );
+    if ( version_compare(MYSQL_VERSION,REQUIRE_MYSQL_VERSION,'<') )
+    {
+        hesk_iDatabase(5);
+    }
+
     return $hesk_db_link;
 } // END hesk_iTestDatabaseConnection()
 
@@ -187,19 +196,23 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
 // --> Features
 $hesk_settings[\'autologin\']=' . $set['autologin'] . ';
 $hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
+$hesk_settings[\'custclose\']=' . $set['custclose'] . ';
 $hesk_settings[\'custopen\']=' . $set['custopen'] . ';
 $hesk_settings[\'rating\']=' . $set['rating'] . ';
 $hesk_settings[\'cust_urgency\']=' . $set['cust_urgency'] . ';
 $hesk_settings[\'sequential\']=' . $set['sequential'] . ';
+$hesk_settings[\'time_worked\']=' . $set['time_worked'] . ';
+$hesk_settings[\'spam_notice\']=' . $set['spam_notice'] . ';
 $hesk_settings[\'list_users\']=' . $set['list_users'] . ';
 $hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
 $hesk_settings[\'short_link\']=' . $set['short_link'] . ';
+$hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
+$hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
 
 // --> SPAM Prevention
 $hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
 $hesk_settings[\'secimg_sum\']=\'' . $set['secimg_sum'] . '\';
 $hesk_settings[\'recaptcha_use\']=' . $set['recaptcha_use'] . ';
-$hesk_settings[\'recaptcha_ssl\']=' . $set['recaptcha_ssl'] . ';
 $hesk_settings[\'recaptcha_public_key\']=\'' . $set['recaptcha_public_key'] . '\';
 $hesk_settings[\'recaptcha_private_key\']=\'' . $set['recaptcha_private_key'] . '\';
 $hesk_settings[\'question_use\']=' . $set['question_use'] . ';
@@ -209,6 +222,7 @@ $hesk_settings[\'question_ans\']=\'' . $set['question_ans'] . '\';
 // --> Security
 $hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
 $hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
+$hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
 $hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
 
 // --> Attachments
@@ -238,6 +252,7 @@ $hesk_settings[\'kb_popart\']=' . $set['kb_popart'] . ';
 $hesk_settings[\'kb_latest\']=' . $set['kb_latest'] . ';
 $hesk_settings[\'kb_index_popart\']=' . $set['kb_index_popart'] . ';
 $hesk_settings[\'kb_index_latest\']=' . $set['kb_index_latest'] . ';
+$hesk_settings[\'kb_related\']=' . $set['kb_related'] . ';
 
 
 // ==> EMAIL
@@ -257,6 +272,7 @@ $hesk_settings[\'email_piping\']=' . $set['email_piping'] . ';
 
 // --> POP3 Fetching
 $hesk_settings[\'pop3\']=' . $set['pop3'] . ';
+$hesk_settings[\'pop3_job_wait\']=' . $set['pop3_job_wait'] . ';
 $hesk_settings[\'pop3_host_name\']=\'' . $set['pop3_host_name'] . '\';
 $hesk_settings[\'pop3_host_port\']=' . $set['pop3_host_port'] . ';
 $hesk_settings[\'pop3_tls\']=' . $set['pop3_tls'] . ';
@@ -272,14 +288,29 @@ $hesk_settings[\'loop_time\']=' . $set['loop_time'] . ';
 $hesk_settings[\'detect_typos\']=' . $set['detect_typos'] . ';
 $hesk_settings[\'email_providers\']=array(' . $set['email_providers'] . ');
 
+// --> Notify customer when
+$hesk_settings[\'notify_new\']=' . $set['notify_new'] . ';
+$hesk_settings[\'notify_skip_spam\']=' . $set['notify_skip_spam'] . ';
+$hesk_settings[\'notify_spam_tags\']=array(' . $set['notify_spam_tags'] . ');
+$hesk_settings[\'notify_closed\']=' . $set['notify_closed'] . ';
+
 // --> Other
 $hesk_settings[\'strip_quoted\']=' . $set['strip_quoted'] . ';
+$hesk_settings[\'eml_req_msg\']=' . $set['eml_req_msg'] . ';
 $hesk_settings[\'save_embedded\']=' . $set['save_embedded'] . ';
 $hesk_settings[\'multi_eml\']=' . $set['multi_eml'] . ';
 $hesk_settings[\'confirm_email\']=' . $set['confirm_email'] . ';
 $hesk_settings[\'open_only\']=' . $set['open_only'] . ';
 
 
+// ==> TICKET LIST
+
+$hesk_settings[\'ticket_list\']=array(\'' . implode('\',\'',$set['ticket_list']) . '\');
+
+// --> Other
+$hesk_settings[\'updatedformat\']=\'' . $set['updatedformat'] . '\';
+
+
 // ==> MISC
 
 // --> Date & Time
@@ -289,6 +320,8 @@ $hesk_settings[\'daylight\']=' . $set['daylight'] . ';
 $hesk_settings[\'timeformat\']=\'' . $set['timeformat'] . '\';
 
 // --> Other
+$hesk_settings[\'ip_whois\']=\'' . $set['ip_whois'] . '\';
+$hesk_settings[\'maintenance_mode\']=' . $set['maintenance_mode'] . ';
 $hesk_settings[\'alink\']=' . $set['alink'] . ';
 $hesk_settings[\'submit_notice\']=' . $set['submit_notice'] . ';
 $hesk_settings[\'online\']=' . $set['online'] . ';
@@ -388,6 +421,12 @@ function hesk_iDatabase($problem=0)
                         To install a new copy of HESK use the <a href="index.php">New install</a> option instead.';
                 echo '</div>';
             }
+            elseif ($problem == 5)
+            {
+                hesk_show_error('MySQL version <b>'.REQUIRE_MYSQL_VERSION.'+</b> required, you are using: <b>' . MYSQL_VERSION . '</b><br /><br />
+		            You are using and old and insecure MySQL version with known bugs, security issues and outdated functionality.<br /><br />
+		            Ask your hosting company to update your MySQL version.');
+            }
             ?>
         
             <div class="form-group">
@@ -446,10 +485,10 @@ function hesk_iCheckSetup()
     $correct_these = array();
 
     // 1. PHP 5+ required
-    if ( function_exists('version_compare') && version_compare(PHP_VERSION,'5.0.0','<') )
+    if ( function_exists('version_compare') && version_compare(PHP_VERSION,REQUIRE_PHP_VERSION,'<') )
     {
 		$correct_these[] = '
-		PHP version <b>5.0+</b> required, you are using: <b>' . PHP_VERSION . '</b><br /><br />
+		PHP version <b>'.REQUIRE_PHP_VERSION.'+</b> required, you are using: <b>' . PHP_VERSION . '</b><br /><br />
 		You are using and old and insecure PHP version with known bugs, security issues and outdated functionality.<br /><br />
 		Ask your hosting company to update your PHP version.
 		';
@@ -548,16 +587,19 @@ function hesk_iCheckSetup()
 		'emails/','language/english.php',
 
 	    // pre-2.3 files
-	    'secimg.inc.php','hesk_style.css',
+        'secimg.inc.php',
 
 	    // pre-2.4 files
-	    'hesk_style_v23.css','hesk_javascript.js','help_files/','TreeMenu.js',
+        'hesk_style_v23.css','help_files/','TreeMenu.js',
 
         // malicious files that were found on some websites illegally redistributing HESK
         'inc/tiny_mce/utils/r00t10.php', 'language/en/help_files/r00t10.php',
 
         // pre-2.5 files
         'hesk_style_v24.css', 'hesk_javascript_v24.js',
+
+        // pre-2.6 files
+        'hesk_style_v25.css', 'hesk_javascript_v25.js',
 	    );
 
 	sort($old_files);
@@ -782,11 +824,11 @@ function hesk_iHeader()
 	<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 	<link rel="stylesheet" href="../css/bootstrap.css">
     <link rel="stylesheet" href="../css/bootstrap-theme.css">
-	<link href="../css/hesk_style_v25.css" type="text/css" rel="stylesheet" />
+    <link href="../hesk_style.css?<?php echo HESK_NEW_VERSION; ?>" type="text/css" rel="stylesheet" />
 	<link href="../css/hesk_newStyle.php" type="text/css" rel="stylesheet" />
 	<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
     <script src="../js/jquery-1.10.2.min.js"></script>
-	<script language="Javascript" type="text/javascript" src="../hesk_javascript_v25.js"></script>
+    <script language="Javascript" type="text/javascript" src="../hesk_javascript.js?<?php echo HESK_NEW_VERSION; ?>"></script>
 	<script language="Javascript" type="text/javascript" src="../js/bootstrap.min.js"></script>
 	
 	
diff --git a/knowledgebase.php b/knowledgebase.php
index a192a293..22bea8b0 100644
--- a/knowledgebase.php
+++ b/knowledgebase.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -39,6 +39,11 @@ define('HESK_PATH','./');
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/knowledgebase_functions.inc.php');
+
+// Are we in maintenance mode?
+hesk_check_maintenance();
+
+// Load Knowledgebase-related functions
 hesk_load_database_functions();
 
 /* Is Knowledgebase enabled? */
@@ -182,7 +187,7 @@ function hesk_kb_search($query) {
 	require_once(HESK_PATH . 'inc/header.inc.php');
 	hesk_kb_header($hesk_settings['kb_link']);
 
-	$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, t1.`content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1
+    $res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, LEFT(`t1`.`content`, '.max(200, $hesk_settings['kb_substrart'] * 2).') AS `content`, t1.`rating` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1
     					LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id`
 						WHERE t1.`type`='0' AND t2.`type`='0' AND  MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT " . intval($hesk_settings['kb_search_limit']));
     $num = hesk_dbNumRows($res);
@@ -269,7 +274,7 @@ function hesk_show_kb_article($artid)
     // Update views by 1 - exclude known bots and reloads because of ratings
     if ( ! isset($_GET['rated']) && ! hesk_detect_bots())
     {
-		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`='".intval($artid)."' LIMIT 1");
+        hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
     }
 
     echo '<h3 class="text-left">'.$article['subject'].'</h3>
@@ -290,6 +295,7 @@ function hesk_show_kb_article($artid)
 		echo '</p>';
     }
 
+    // Article rating
 	if ($hesk_settings['kb_rating'] && strpos( hesk_COOKIE('hesk_kb_rate'),'a'.$artid.'%')===false )
 	{
 		echo '
@@ -300,6 +306,55 @@ function hesk_show_kb_article($artid)
         ';
 	}
 
+    // Related articles
+    if ($hesk_settings['kb_related'])
+    {
+        require(HESK_PATH . 'inc/mail/email_parser.php');
+
+        $query = hesk_dbEscape( $article['subject'] . ' ' . convert_html_to_text($article['content']) );
+
+        // Get relevant articles from the database
+        $res = hesk_dbQuery("SELECT t1.`id`, t1.`subject`, MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') AS `score` FROM `".hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id` WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('{$query}') LIMIT ".intval($hesk_settings['kb_related']+1));
+
+        // Array with related articles
+        $related_articles = array();
+
+        while ($related = hesk_dbFetchAssoc($res))
+        {
+            // Get base match score from the first article
+            if ( ! isset($base_score) )
+            {
+                $base_score = $related['score'];
+            }
+
+            // Ignore this article
+            if ( $related['id'] == $artid )
+            {
+                continue;
+            }
+
+            // Stop when articles reach less than 10% of base score
+            if ($related['score'] / $base_score < 0.10)
+            {
+                break;
+            }
+
+            // This is a valid related article
+            $related_articles[$related['id']] = $related['subject'];
+        }
+
+        // Print related articles if we have any valid matches
+        if ( count($related_articles) )
+        {
+            echo '<fieldset><legend>'.$hesklang['relart'].'</legend>';
+            foreach ($related_articles as $id => $subject)
+            {
+                echo '<img src="img/article_text.png" width="16" height="16" border="0" alt="" style="vertical-align:middle;padding:2px;" /> <a href="knowledgebase.php?article='.$id.'">'.$subject.'</a><br />';
+            }
+            echo '</fieldset>';
+        }
+    }
+
     if ($article['catid']==1)
     {
     	$link = 'knowledgebase.php';
@@ -361,7 +416,7 @@ function hesk_show_kb_article($artid)
 function hesk_show_kb_category($catid, $is_search = 0) {
 	global $hesk_settings, $hesklang;
 
-	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='{$catid}' AND `type`='0' LIMIT 1");
+    $res = hesk_dbQuery("SELECT `name`,`parent` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='{$catid}' AND `type`='0' LIMIT 1");
     $thiscat = hesk_dbFetchAssoc($res) or hesk_error($hesklang['kb_cat_inv']);
 
     if ($is_search == 0)
@@ -372,6 +427,17 @@ function hesk_show_kb_category($catid, $is_search = 0) {
 		hesk_kb_header($hesk_settings['kb_link']);
     }
 
+    // If we are in "Knowledgebase only" mode show system messages
+    if ($catid == 1 && hesk_check_kb_only(false) )
+    {
+        // Service messages
+        $res = hesk_dbQuery('SELECT `title`, `message`, `style` FROM `'.hesk_dbEscape($hesk_settings['db_pfix'])."service_messages` WHERE `type`='0' ORDER BY `order` ASC");
+        while ($sm=hesk_dbFetchAssoc($res))
+        {
+            hesk_service_message($sm);
+        }
+    }
+
 	if ($thiscat['parent'])
 	{
 		$link = ($thiscat['parent'] == 1) ? 'knowledgebase.php' : 'knowledgebase.php?category='.$thiscat['parent'];
@@ -382,7 +448,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
 		';
 	}
 
-	$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='{$catid}' AND `type`='0' ORDER BY `parent` ASC, `cat_order` ASC");
+    $result = hesk_dbQuery("SELECT `id`,`name`,`articles` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `parent`='{$catid}' AND `type`='0' ORDER BY `cat_order` ASC");
 	if (hesk_dbNumRows($result) > 0)
 	{
         ?>
@@ -486,7 +552,7 @@ function hesk_show_kb_category($catid, $is_search = 0) {
 	<td>
 
 	<?php
-	$res = hesk_dbQuery("SELECT `id`, `subject`, `content`, `rating` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='{$catid}' AND `type`='0' ORDER BY `sticky` DESC, `art_order` ASC");
+    $res = hesk_dbQuery("SELECT `id`, `subject`, LEFT(`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, `rating` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `catid`='{$catid}' AND `type`='0' ORDER BY `sticky` DESC, `art_order` ASC");
 	if (hesk_dbNumRows($res) == 0)
 	{
 		echo '<p><i>'.$hesklang['noac'].'</i></p>';
diff --git a/language/en/text.php b/language/en/text.php
index 2cdbbcc9..8b9e88e0 100644
--- a/language/en/text.php
+++ b/language/en/text.php
@@ -2,11 +2,11 @@
 /*
 * Language file for Help Desk Software HESK (www.hesk.com)
 * Language: ENGLISH
-* Version: 2.5.5
+* Version: 2.6.0 beta 1 from 30th December 2014
 * Author: Klemen Stirn (http://www.hesk.com)
 *
 * !!! This file must be saved in UTF-8 encoding without byte order mark (BOM) !!!
-* Test chars: àáâãäåæ 
+* Test chars: àáâãäåæ
 */
 
 // Change "English" to the name of your language
@@ -21,6 +21,13 @@ $hesklang['_COLLATE']='utf8_unicode_ci';
 // This is the email break line that will be used in email piping
 $hesklang['EMAIL_HR']='------ Reply above this line ------';
 
+// ADDED OR MODIFIED IN Mods For HESK 2.0.0
+$hesklang['saved_ticket_tpl'] = 'Saved Templates';
+$hesklang['new_ticket_tpl']='Add or Edit a Ticket Template';
+$hesklang['and_change_status_to'] = 'and change status to'; // Used in combination with $hesklang['submit_reply'] (Reads as "Submit reply and change status to")
+$hesklang['closed_title'] = 'Closed';
+
+
 // ADDED OR MODIFIED IN Mods For HESK 1.7.0
 $hesklang['date_custom_field'] = 'Date';
 $hesklang['date_custom_field_text'] = 'No options for this custom field type.';
@@ -182,6 +189,7 @@ $hesklang['category_moved']         = '[#%%TRACK_ID%%] Ticket moved: %%SUBJECT%%
 $hesklang['new_note']               = '[#%%TRACK_ID%%] Note added to: %%SUBJECT%%';
 $hesklang['new_pm']                 = 'New private message: %%SUBJECT%%';
 $hesklang['forgot_ticket_id']       = 'List of your support tickets';
+$hesklang['ticket_closed']			= '[#%%TRACK_ID%%] Ticket closed/resolved'; // New in 2.6.0
 
 // ERROR MESSAGES
 $hesklang['cant_connect_db']='Can\'t connect to database!';
@@ -224,7 +232,6 @@ $hesklang['enter_real_name']='Please enter user real name';
 $hesklang['enter_valid_email']='Please enter a valid email address';
 $hesklang['enter_username']='Please enter username (login)';
 $hesklang['asign_one_cat']='Please assign user to at least one category!';
-$hesklang['signature_long']='User signature is too long! Please limit the signature to 255 chars';
 $hesklang['confirm_user_pass']='Please confirm password';
 $hesklang['passwords_not_same']='The two passwords entered are not the same!';
 $hesklang['cant_del_admin']='You cannot delete the default administrator!';
@@ -335,7 +342,6 @@ $hesklang['edit']='Edit';
 $hesklang['add_user']='Add new user';
 $hesklang['req_marked_with']='Required fields are marked with';
 $hesklang['real_name']='Real name';
-$hesklang['signature_max']='Signature<br/> (max 255 chars)';
 $hesklang['sign_extra']='HTML code is not allowed. Links will be clickable.';
 $hesklang['create_user']='Create user';
 $hesklang['editing_user']='Editing user';
@@ -656,7 +662,6 @@ $hesklang['t_m']='minutes';
 $hesklang['day']='Daylight saving';
 $hesklang['tfor']='Time format';
 $hesklang['prefix']='Table prefix';
-$hesklang['s_ekb']='Knowledgebase (KB)';
 $hesklang['s_kbs']='Enable KB search';
 $hesklang['s_kbr']='Enable KB rating';
 $hesklang['s_maxsr']='Max search results';
@@ -1266,10 +1271,6 @@ $hesklang['n2ex']='No tickets found matching your criteria, nothing to export!';
 $hesklang['sp']='SPAM Prevention'; // For settings page
 $hesklang['sit']='-&gt; Image Type';
 $hesklang['sis']='Simple image';
-$hesklang['sir']='ReCaptcha';
-$hesklang['rcpb']='Public key';
-$hesklang['rcpv']='Private key';
-$hesklang['rcsl']='Use SSL';
 $hesklang['pop3keep']='Keep a copy';
 $hesklang['err_dbconn']='Could not connect to MySQL database using provided information!';
 $hesklang['s_inle']='Testing the language folder for valid languages. Only languages that pass all tests are properly installed.';
@@ -1316,6 +1317,206 @@ $hesklang['incorrect_try_again']='Incorrect. Try again.';
 $hesklang['image_alt_text']='reCAPTCHA challenge image';
 $hesklang['recaptcha_error']='Incorrect SPAM Prevention answer, please try again.';
 
+// Added or modified in version 2.6.0
+$hesklang['ms01']='Jan';
+$hesklang['ms02']='Feb';
+$hesklang['ms03']='Mar';
+$hesklang['ms04']='Apr';
+$hesklang['ms05']='May';
+$hesklang['ms06']='Jun';
+$hesklang['ms07']='Jul';
+$hesklang['ms08']='Aug';
+$hesklang['ms09']='Sep';
+$hesklang['ms10']='Oct';
+$hesklang['ms11']='Nov';
+$hesklang['ms12']='Dec';
+$hesklang['lcf']='List date format';
+$hesklang['lcf0']='Short descriptive';
+$hesklang['lcf1']='Date and time';
+$hesklang['lcf2']='HESK style';
+$hesklang['ticket_tpl']='Ticket templates';
+$hesklang['can_man_ticket_tpl']='Manage ticket templates'; // Permission title
+$hesklang['ticket_tpl_man']='Manage ticket templates'; // Page/link title
+$hesklang['ticket_tpl_intro']='Create and edit ticket templates that you can use to quickly submit new tickets from the admin interface.';
+$hesklang['no_ticket_tpl']='No ticket templates';
+$hesklang['ticket_tpl_title']='Title';
+$hesklang['delete_tpl']='Are you sure you want to delete this template?';
+$hesklang['ticket_tpl_add']='Create a new ticket template';
+$hesklang['ticket_tpl_edit']='Edit selected ticket template';
+$hesklang['save_ticket_tpl']='Save ticket template';
+$hesklang['ticket_tpl_saved']='Your ticket template has been saved for future use';
+$hesklang['ticket_tpl_removed']='Selected ticket template has been removed from the database';
+$hesklang['ticket_tpl_not_found']='Ticket template not found';
+$hesklang['sel_ticket_tpl']='Select the ticket template you would like to edit';
+$hesklang['ent_ticket_tpl_title']='Please enter reply title';
+$hesklang['ent_ticket_tpl_msg']='Please enter reply message';
+$hesklang['ticket_tpl_id']='Missing ticket template ID';
+$hesklang['select_ticket_tpl']='Select a ticket template';
+$hesklang['list_tickets_cat']='List all tickets in this category';
+$hesklang['def_msg']='[No message]';
+$hesklang['emlreqmsg']='Require message';
+$hesklang['emlreqmsg2']='Ignore piped/fetched emails with no message';
+$hesklang['relart']='Related articles'; // Title of related articles box
+$hesklang['s_relart']='Related articles'; // On settings page
+$hesklang['tab_7']='Ticket list';
+$hesklang['fitl']='Fields in ticket list';
+$hesklang['submitted']='Submitted';
+$hesklang['clickemail']='View';
+$hesklang['set_pri_to']='Set priority to:'; // Action below the ticket list
+$hesklang['pri_set_to']='Priority has been set to:';
+$hesklang['cat_pri']='The category priority will be used when customers are not allowed to select priority and a ticket is submitted from the customer interface.';
+$hesklang['cat_pri_info']='Your customers are allowed to select priority, so category priority will be ignored.<br /><br />To use category priority instead, turn OFF the following feature in HESK settings:';
+$hesklang['def_pri']='Category priority:';
+$hesklang['ch_cat_pri']='Set category priority';
+$hesklang['cat_pri_ch']='Category priority has been set to:';
+$hesklang['err_dbversion']='Too old MySQL version:'; // %s will be replaced with MySQL version
+$hesklang['signature_max']='Signature (max 1000 chars)';
+$hesklang['signature_long']='User signature is too long! Please limit the signature to 1000 chars';
+$hesklang['ip_whois']='IP whois';
+$hesklang['ednote']='Edit note message';
+$hesklang['ednote2']='Note message saved';
+$hesklang['perm_deny']='Permission denied';
+$hesklang['mis_note']='Missing note ID';
+$hesklang['no_note']='Note with this ID not found';
+$hesklang['save_reply']='Save and continue later';
+$hesklang['reply_saved']='Your reply message has been saved for later.';
+$hesklang['submit_as']='Submit as:';
+$hesklang['sasc']='Submit as Customer reply';
+$hesklang['creb']='Customer reply entered by:';
+$hesklang['show_select']='Show &quot;Click to select&quot; as default option';
+// Settings
+$hesklang['mms']='Maintenance mode';
+$hesklang['mmd']='Enable maintenance mode';
+// Customer notice
+$hesklang['mm1']='Maintenance in progress';
+$hesklang['mm2']='In order to perform scheduled maintenance, our help desk has shut down temporarily.';
+$hesklang['mm3']='We apologize for the inconvenience and ask that you please try again later.';
+// Staff notice
+$hesklang['mma1']='Maintenance mode is active!';
+$hesklang['mma2']='Customers are not able to use the help desk.';
+$hesklang['tools']='Tools';
+$hesklang['banemail']='Banned Emails';
+$hesklang['banemail_intro']='Prevent certain email addresses from submitting tickets to your help desk.';
+$hesklang['no_banemails']='<i>No emails are being banned.</i>';
+$hesklang['eperm']='Permanent email bans:';
+$hesklang['bananemail']='Email address to ban';
+$hesklang['savebanemail']='Ban this email';
+$hesklang['enterbanemail']='Enter the email address you wish to ban.';
+$hesklang['validbanemail']='Enter a valid email address (<i>john.doe@domain.com</i>) or email domain (<i>@domain.com</i>)';
+$hesklang['email_banned']='The email address <i>%s</i> was banned and HESK will no longer accept tickets from this address.'; // %s will be replaced with email
+$hesklang['emailbanexists']='The email address <i>%s</i> is already banned.'; // %s will be replaced with email
+$hesklang['email_unbanned']='Email ban deleted';
+$hesklang['banby']='Banned by';
+$hesklang['delban']='Delete ban';
+$hesklang['delban_confirm']='Delete this ban?';
+$hesklang['baned_e']='You have been banned from submiting new support tickets.';
+$hesklang['baned_ip']='You have been banned from this help desk';
+$hesklang['can_ban_emails']='Can ban emails';
+$hesklang['can_unban_emails']='Can unban emails (enables Can ban emails)';
+$hesklang['eisban']='This email address is banned.';
+$hesklang['click_unban']='Click here to unban.';
+$hesklang['banip']='Banned IPs';
+$hesklang['banip_intro']='Visitors from banned IP addresses will not be able to view or submit tickets and login into the help desk.';
+$hesklang['ipperm']='Permanent IP bans:';
+$hesklang['iptemp']='Login failure bans:';
+$hesklang['savebanip']='Ban this IP';
+$hesklang['no_banips']='<i>No IPs are being banned.</i>';
+$hesklang['bananip']='IP address to ban';
+$hesklang['banex']='Examples:';
+$hesklang['iprange']='IP range';
+$hesklang['savebanip']='Ban this IP';
+$hesklang['ippermban']='Ban this IP permanently';
+$hesklang['enterbanip']='Enter the IP address or range you wish to ban.';
+$hesklang['validbanip']='Enter a valid IP address or IP range';
+$hesklang['ip_banned']='The IP address <i>%s</i> was banned and HESK will no longer accept tickets from this IP address.'; // %s will be replaced with ip
+$hesklang['ip_rbanned']='The IP range <i>%s</i> was banned and HESK will no longer accept tickets from this IP range.'; // %s will be replaced with ip
+$hesklang['ipbanexists']='The IP address <i>%s</i> is already banned.'; // %s will be replaced with ip
+$hesklang['iprbanexists']='The IP range <i>%s</i> is already banned.'; // %s will be replaced with ip
+$hesklang['ip_unbanned']='IP ban deleted';
+$hesklang['ip_tempun']='Temporary IP ban deleted';
+$hesklang['can_ban_ips']='Can ban ips';
+$hesklang['can_unban_ips']='Can unban ips (enables Can ban ips)';
+$hesklang['ipisban']='This IP address is banned.';
+$hesklang['m2e']='Expires in (minutes)';
+$hesklang['info']='Info';
+$hesklang['sm_title']='Service messages';
+$hesklang['sm_intro']='Display a service message in the customer area, for example to notify them about known issues and important news.';
+$hesklang['can_service_msg']='Edit service messages';
+$hesklang['new_sm']='New service message';
+$hesklang['edit_sm']='Edit service message';
+$hesklang['ex_sm']='Existing service messages';
+$hesklang['sm_author']='Author';
+$hesklang['sm_type']='Type';
+$hesklang['sm_published']='Published';
+$hesklang['sm_draft']='Draft';
+$hesklang['sm_style']='Style';
+$hesklang['sm_none']='None';
+$hesklang['sm_success']='Success';
+$hesklang['sm_info']='Info';
+$hesklang['sm_notice']='Notice';
+$hesklang['sm_error']='Error';
+$hesklang['sm_save']='Save service message';
+$hesklang['sm_preview']='Preview service message';
+$hesklang['sm_mtitle']='Title';
+$hesklang['sm_msg']='Message';
+$hesklang['sm_e_title']='Enter service message title';
+$hesklang['sm_e_msg']='Enter service message';
+$hesklang['sm_e_id']='Missing message ID';
+$hesklang['sm_added']='A new service message has been added';
+$hesklang['sm_deleted']='Service message deleted';
+$hesklang['sm_not_found']='This service message does not exist';
+$hesklang['no_sm']='No service messages';
+$hesklang['del_sm']='Delete this service message?';
+$hesklang['sm_mdf']='Service message has been saved';
+$hesklang['sska']='Show suggested articles';
+$hesklang['taws']='These articles were suggested:';
+$hesklang['defaults']='Defaults';
+$hesklang['pncn']='Select notify customer option in the new ticket form';
+$hesklang['pncr']='Select notify customer option in the ticket reply form';
+$hesklang['pssy']='Show what knowledgebase articles were suggested to customers';
+$hesklang['ccct']='Customer resolve';
+$hesklang['custnot']='Notify customers when';
+$hesklang['notnew']='A new support ticket is submitted';
+$hesklang['notclo']='A support ticket is marked Resolved';
+$hesklang['enn']='Except for Email piping/POP3 fetching if email subject contains:';
+$hesklang['spamn']='SPAM notice';
+$hesklang['spam_inbox']='<span style="color:red"><b>No confirmation email?</b><br />We sent a confirmation message to your email address. If you do not receive it within a few minutes, please check your Junk, Bulk or Spam folders. Mark the message as <b>Not SPAM</b> to avoid problems receiving our correspondence in the future.</span>';
+$hesklang['s_ekb']='Enable Knowledgebase';
+$hesklang['ekb_n']='<b>NO</b>, disable Knowledgebase';
+$hesklang['ekb_y']='<b>YES</b>, enable Knowledgebase';
+$hesklang['ekb_o']='<b>YES</b>, use HESK as a Knowledgebase only (<i>disable help desk</i>)';
+$hesklang['kb_set']='Knowledgebase settings';
+$hesklang['kbo1']='Knowledgebase-only mode';
+$hesklang['kbo2']='<br /><br />Visitors cannot submit new support tickets and are taken directly to the knowledgebase.';
+$hesklang['fpass']='Forgot your password?';
+$hesklang['passr']='Password reset';
+$hesklang['passa']='Allow users to reset a forgot password over email';
+$hesklang['passe']='Enter your email address';
+$hesklang['passs']='Send me password reset link';
+$hesklang['noace']='No account with that email address was found';
+$hesklang['pemls']='We sent you an email with instructions on how to reset your password';
+$hesklang['reset_password']='Reset your help desk password'; // Email subject
+$hesklang['ehash']='Invalid or expired password reset link';
+$hesklang['ehaip']='Wrong IP address. Passwords may only be reset from the IP address that requested password reset.';
+$hesklang['resim']='<b>Setup your new password in the form below!</b>';
+$hesklang['permissions']='Permissions';
+$hesklang['atype']='Account type';
+$hesklang['astaff']='Staff';
+$hesklang['oon1']='Send me only open tickets';
+$hesklang['oon2']='Send me all my tickets';
+$hesklang['anyown']='Any owner';
+$hesklang['pfr']='Another POP3 fetching task is still in progress.';
+$hesklang['pjt']='Task timeout';
+$hesklang['pjt2']='minutes after start';
+$hesklang['sir']='ReCaptcha V1 API (old)';
+$hesklang['sir2']='ReCaptcha V2 API (recommended)';
+$hesklang['rcpb']='Site key (Public key)';
+$hesklang['rcpv']='Secret key (Private key)';
+
+// Language for Google reCaptcha API version 2
+// Supported language codes: https://developers.google.com/recaptcha/docs/language
+// If your language is NOT in the supported langauges, leave 'en'
+$hesklang['RECAPTCHA']='en';
 
 // DO NOT CHANGE BELOW
 if (!defined('IN_SCRIPT')) die('PHP syntax OK!');
diff --git a/modsForHesk_settings.inc.php b/modsForHesk_settings.inc.php
index 3335dc4e..2541aa65 100644
--- a/modsForHesk_settings.inc.php
+++ b/modsForHesk_settings.inc.php
@@ -23,4 +23,4 @@ $modsForHesk_settings['show_icons'] = 0;
 $modsForHesk_settings['custom_field_setting'] = 0;
 
 //-- Set this to 1 to enable email verification for new customers
-$modsForHesk_settings['customer_email_verification_required'] = 0;$modsForHesk_settings['show_icons'] = 0;
\ No newline at end of file
+$modsForHesk_settings['customer_email_verification_required'] = 0;
\ No newline at end of file
diff --git a/print.php b/print.php
index 4b0fb8f8..b66f6a91 100644
--- a/print.php
+++ b/print.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -49,9 +49,13 @@ $trackingID = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]
 /* Connect to database */
 hesk_dbConnect();
 
-/* Verify email address match if needed */
+// Perform additional checks for customers
 if ( empty($_SESSION['id']) )
 {
+    // Are we in maintenance mode?
+    hesk_check_maintenance();
+
+    // Verify email address match
 	hesk_verifyEmailMatch($trackingID);
 }
 
diff --git a/reply_ticket.php b/reply_ticket.php
index 7c09275c..7bcec0da 100644
--- a/reply_ticket.php
+++ b/reply_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -38,6 +38,10 @@ define('HESK_PATH','./');
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
+
+// Are we in maintenance mode?
+hesk_check_maintenance();
+
 hesk_load_database_functions();
 require(HESK_PATH . 'inc/email_functions.inc.php');
 require(HESK_PATH . 'inc/posting_functions.inc.php');
@@ -169,7 +173,7 @@ $defaultNewTicketStatus = hesk_dbQuery($defaultNewTicketStatusQuery)->fetch_asso
 $ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
 
 /* Update ticket as necessary */
-$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}',`lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
+$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
 
 // Insert reply into database
 hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."replies` (`replyto`,`name`,`message`,`dt`,`attachments`) VALUES ({$ticket['id']},'".hesk_dbEscape($ticket['name'])."','".hesk_dbEscape($message)."',NOW(),'".hesk_dbEscape($myattachments)."')");
@@ -194,6 +198,7 @@ $info = array(
 'attachments'	=> $myattachments,
 'dt'			=> hesk_date($ticket['dt'], true),
 'lastchange'	=> hesk_date($ticket['lastchange'], true),
+'id'			=> $ticket['id'],
 );
 
 // 2. Add custom fields to the array
diff --git a/submit_ticket.php b/submit_ticket.php
index b1cab6fa..51fd7a32 100644
--- a/submit_ticket.php
+++ b/submit_ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -35,10 +35,24 @@
 define('IN_SCRIPT',1);
 define('HESK_PATH','./');
 
+// Try to detect some simple SPAM bots
+if ( ! isset($_POST['hx']) || $_POST['hx'] != 3 || ! isset($_POST['hy']) || $_POST['hy'] != '' || isset($_POST['phone']) )
+{
+    header('HTTP/1.1 403 Forbidden');
+    exit();
+}
+
 // Get all the required files and functions
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'modsForHesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
+
+// Are we in maintenance mode?
+hesk_check_maintenance();
+
+// Are we in "Knowledgebase only" mode?
+hesk_check_kb_only();
+
 hesk_load_database_functions();
 require(HESK_PATH . 'inc/email_functions.inc.php');
 require(HESK_PATH . 'inc/posting_functions.inc.php');
@@ -102,7 +116,7 @@ if ($hesk_settings['question_use'])
 if ($hesk_settings['secimg_use'] && ! isset($_SESSION['img_verified']))
 {
 	// Using ReCaptcha?
-	if ($hesk_settings['recaptcha_use'])
+	if ($hesk_settings['recaptcha_use'] == 1)
 	{
 		require(HESK_PATH . 'inc/recaptcha/recaptchalib.php');
 
@@ -119,7 +133,31 @@ if ($hesk_settings['secimg_use'] && ! isset($_SESSION['img_verified']))
 		{
 			$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
 		}
+
 	}
+    // Using ReCaptcha API v2?
+    elseif ($hesk_settings['recaptcha_use'] == 2)
+    {
+        require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php');
+
+        $resp = null;
+        $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
+
+        // Was there a reCAPTCHA response?
+        if ( isset($_POST["g-recaptcha-response"]) )
+        {
+            $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") );
+        }
+
+        if ($resp != null && $resp->success)
+        {
+            $_SESSION['img_verified']=true;
+        }
+        else
+        {
+            $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
+        }
+    }
 	// Using PHP generated image
 	else
 	{
@@ -167,12 +205,39 @@ if ($hesk_settings['confirm_email'])
 }
 
 $tmpvar['category'] = intval( hesk_POST('category') ) or $hesk_error_buffer['category']=$hesklang['sel_app_cat'];
-$tmpvar['priority'] = $hesk_settings['cust_urgency'] ? intval( hesk_POST('priority') ) : 3;
 
-// Is priority a valid choice?
-if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3)
+// Do we allow customer to select priority?
+if ($hesk_settings['cust_urgency'])
 {
-	$hesk_error_buffer['priority'] = $hesklang['sel_app_priority'];
+    $tmpvar['priority'] = intval( hesk_POST('priority') );
+
+    // We don't allow customers select "Critical". If priority is not valid set it to "low".
+    if ($tmpvar['priority'] < 1 || $tmpvar['priority'] > 3)
+    {
+        // If we are showing "Click to select" priority needs to be selected
+        if ($hesk_settings['select_pri'])
+        {
+            $tmpvar['priority'] = -1;
+            $hesk_error_buffer['priority'] = $hesklang['select_priority'];
+        }
+        else
+        {
+            $tmpvar['priority'] = 3;
+        }
+    }
+}
+// Priority will be selected based on the category selected
+else
+{
+    $res = hesk_dbQuery("SELECT `priority` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`=".intval($tmpvar['category']));
+    if ( hesk_dbNumRows($res) == 1 )
+    {
+        $tmpvar['priority'] = intval( hesk_dbResult($res) );
+    }
+    else
+    {
+        $tmpvar['priority'] = 3;
+    }
 }
 
 $tmpvar['subject']  = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer['subject']=$hesklang['enter_ticket_subject'];
@@ -223,10 +288,13 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
                 }
             	$_POST[$k] = '';
             }
+
+            $_SESSION["c_$k"]=hesk_POST_array($k);
         }
 		elseif ($v['req'])
         {
         	$tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            $_SESSION["c_$k"]=hesk_POST($k);
             if (!strlen($tmpvar[$k]))
             {
             	$hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
@@ -247,7 +315,6 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
                 $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
             }
         }
-		$_SESSION["c_$k"]=hesk_POST($k);
 	}
     else
     {
@@ -255,6 +322,12 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v)
     }
 }
 
+// Check bans
+if ( ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR']) )
+{
+    hesk_error($hesklang['baned_e']);
+}
+
 // Check maximum open tickets limit
 $below_limit = true;
 if ($hesk_settings['max_open'] && ! isset($hesk_error_buffer['email']) )
@@ -326,6 +399,12 @@ if (count($hesk_error_buffer))
 $tmpvar['message']=hesk_makeURL($tmpvar['message']);
 $tmpvar['message']=nl2br($tmpvar['message']);
 
+// Track suggested knowledgebase articles
+if ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && isset($_POST['suggested']) && is_array($_POST['suggested']) )
+{
+    $tmpvar['articles'] = implode(',', array_unique( array_map('intval', $_POST['suggested']) ) );
+}
+
 // All good now, continue with ticket creation
 $tmpvar['owner']   = 0;
 $tmpvar['history'] = sprintf($hesklang['thist15'], hesk_date(), $tmpvar['name']);
@@ -378,7 +457,10 @@ if ($createTicket)
     $ticket = hesk_newTicket($tmpvar);
 
     // Notify the customer
-    hesk_notifyCustomer();
+    if ($hesk_settings['notify_new'])
+    {
+        hesk_notifyCustomer();
+    }
 
     // Need to notify staff?
     // --> From autoassign?
@@ -431,9 +513,9 @@ require_once(HESK_PATH . 'inc/header.inc.php');
         hesk_show_success(
 
             $hesklang['ticket_submitted'] . '<br /><br />' .
-            $hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br />
-        <a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
-
+            $hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br /> ' .
+            ($hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
+            '<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
         );
     } else
     {
diff --git a/suggest_articles.php b/suggest_articles.php
index 09c7e8ed..37245fab 100644
--- a/suggest_articles.php
+++ b/suggest_articles.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -49,7 +49,11 @@ $query = hesk_REQUEST('q') or die('');
 hesk_dbConnect();
 
 /* Get relevant articles from the database */
-$res = hesk_dbQuery('SELECT t1.`id`, t1.`subject`, t1.`content` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1 LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id`  WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') LIMIT ".intval($hesk_settings['kb_search_limit']));
+$res = hesk_dbQuery("SELECT t1.`id`, t1.`subject`, LEFT(t1.`content`, ".max(200, $hesk_settings['kb_substrart'] * 2).") AS `content`, MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."') AS `score`
+					FROM `".hesk_dbEscape($hesk_settings['db_pfix']).'kb_articles` AS t1
+					LEFT JOIN `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS t2 ON t1.`catid` = t2.`id`
+					WHERE t1.`type`='0' AND t2.`type`='0' AND MATCH(`subject`,`content`,`keywords`) AGAINST ('".hesk_dbEscape($query)."')
+					LIMIT ".intval($hesk_settings['kb_search_limit']));
 $num = hesk_dbNumRows($res);
 
 /* Solve some spacing issues */
@@ -69,9 +73,20 @@ if ( hesk_isREQUEST('p') )
 	}
     else
     {
+        $max_score = 0;
 		while ($article = hesk_dbFetchAssoc($res))
 		{
-			$txt = strip_tags($article['content']);
+            if ($article['score'] > $max_score)
+            {
+                $max_score = $article['score'];
+            }
+
+            if ($max_score && ($article['score'] / $max_score) < 0.25)
+            {
+                break;
+            }
+
+            $txt = strip_tags($article['content']);
 			if (strlen($txt) > $hesk_settings['kb_substrart'])
 			{
 				$txt = substr($txt, 0, $hesk_settings['kb_substrart']).'...';
@@ -79,6 +94,7 @@ if ( hesk_isREQUEST('p') )
 
 			echo '
 			<a href="knowledgebase.php?article='.$article['id'].'&amp;suggest=1" target="_blank">'.$article['subject'].'</a>
+			<input type="hidden" name="suggested[]" value="'.$article['id'].'|'.stripslashes( hesk_input($article['subject']) ).'">
 		    <br />'.$txt.'<br /><br />';
 		}
     }
diff --git a/suggest_email.php b/suggest_email.php
index 9ee9b227..ddea7695 100644
--- a/suggest_email.php
+++ b/suggest_email.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
diff --git a/ticket.php b/ticket.php
index 18c4c008..8b5c6ba5 100644
--- a/ticket.php
+++ b/ticket.php
@@ -1,7 +1,7 @@
 <?php
 /*******************************************************************************
 *  Title: Help Desk Software HESK
-*  Version: 2.5.5 from 5th August 2014
+*  Version: 2.6.0 beta 1 from 30th December 2014
 *  Author: Klemen Stirn
 *  Website: http://www.hesk.com
 ********************************************************************************
@@ -39,6 +39,10 @@ define('HESK_NO_ROBOTS',1);
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
+
+// Are we in maintenance mode?
+hesk_check_maintenance();
+
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -175,12 +179,12 @@ else
 }
 
 /* Get category name and ID */
-$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
+$result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
 
 /* If this category has been deleted use the default category with ID 1 */
 if (hesk_dbNumRows($result) != 1)
 {
-	$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
+    $result = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
 }
 
 $category = hesk_dbFetchAssoc($result);
@@ -262,7 +266,7 @@ require_once(HESK_PATH . 'inc/header.inc.php');
                 <div class="col-md-2 col-md-offset-4 col-sm-12 close-ticket">
                     <p><?php $random=rand(10000,99999);
                         if ($ticket['isClosed'] == true && $ticket['locked'] != 1 && $hesk_settings['custopen']) {echo '<a href="change_status.php?track='.$trackingID.$hesk_settings['e_query'].'&amp;s=2&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['open_action'].'">'.$hesklang['open_action'].'</a>';}
-                        else {echo '<a href="change_status.php?track='.$trackingID.$hesk_settings['e_query'].'&amp;s=3&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['close_action'].'">'.$hesklang['close_action'].'</a>';} ?></p>
+                        elseif ($hesk_settings['custclose']) {echo '<a href="change_status.php?track='.$trackingID.$hesk_settings['e_query'].'&amp;s=3&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'" title="'.$hesklang['close_action'].'">'.$hesklang['close_action'].'</a>';} ?></p>
                 </div>
             </div>
             <div class="row medLowPriority">
@@ -508,6 +512,20 @@ function print_form()
                         <input type="text" id="email" class="form-control" name="email" size="35" value="<?php echo $my_email; ?>" placeholder="<?php echo $hesklang['email']; ?>"/><input type="hidden" name="a" value="forgot_tid" />
                     </div>
                 </div>
+                <div class="form-group">
+                    <div class="col-sm-12">
+                        <div class="radio">
+                            <label>
+                                <input type="radio" name="open_only" value="1" <?php echo $hesk_settings['open_only'] ? 'checked="checked"' : ''; ?> /><?php echo $hesklang['oon1']; ?>
+                            </label>
+                        </div>
+                        <div class="radio">
+                            <label>
+                                <input type="radio" name="open_only" value="0" <?php echo ! $hesk_settings['open_only'] ? 'checked="checked"' : ''; ?> /><?php echo $hesklang['oon2']; ?>
+                            </label>
+                        </div>
+                    </div>
+                </div>
                 <div class="form-group">
                     <div class="col-sm-offset-3 col-sm-9">
                         <button type="submit" class="btn btn-default" value="<?php echo $hesklang['tid_send']; ?>"><?php echo $hesklang['tid_send']; ?></button>