diff --git a/.gitignore b/.gitignore
index bdfa288b..7689f581 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,7 @@ docs/docs_style.css
 docs/index.html
 docs/quick-guide.html
 docs/step-by-step-guide.html
+download_attachment.php
 file_limits.php
 footer.txt
 header.txt
diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index c7a74042..7f680d12 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -39,7 +39,6 @@ define('HESK_PATH','../');
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
-require(HESK_PATH . 'inc/posting_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -239,31 +238,7 @@ if (isset($_POST['notemsg']) && hesk_token_check('POST'))
     {
     	/* Add note to database */
     	$msg = nl2br(hesk_makeURL($msg));
-        hesk_dbInsertID();
 		hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."notes` (`ticket`,`who`,`dt`,`message`) VALUES ('".intval($ticket['id'])."','".intval($_SESSION['id'])."',NOW(),'".hesk_dbEscape($msg)."')");
-        $noteId = hesk_dbInsertID();
-
-        /* Upload attachments to database */
-        if ($hesk_settings['attachments']['use'])
-        {
-            require(HESK_PATH . 'inc/attachments.inc.php');
-            $attachments = array();
-            for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
-            {
-                $att = hesk_uploadFile($i);
-                if ($att !== false && !empty($att))
-                {
-                    $attachments[$i] = $att;
-                }
-            }
-        }
-        if ($hesk_settings['attachments']['use'] && !empty($attachments))
-        {
-            foreach ($attachments as $myatt)
-            {
-                hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` (`note_id`,`saved_name`,`real_name`,`size`) VALUES ('".hesk_dbEscape($noteId)."','".hesk_dbEscape($myatt['saved_name'])."','".hesk_dbEscape($myatt['real_name'])."','".intval($myatt['size'])."')");
-            }
-        }
 
 
         /* Notify assigned staff that a note has been added if needed */
@@ -427,45 +402,6 @@ if (isset($_GET['delatt']) && hesk_token_check())
 	hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
 }
 
-/* Delete note attachment option */
-if (isset($_GET['delete-note-att']) && hesk_token_check()) {
-    if ( ! $can_delete || ! $can_edit)
-    {
-        hesk_process_messages($hesklang['no_permission'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
-    }
-
-    $att_id = intval( hesk_GET('delete-note-att') ) or hesk_error($hesklang['inv_att_id']);
-
-    $reply = intval( hesk_GET('reply', 0) );
-    if ($reply < 1)
-    {
-        $reply = 0;
-    }
-
-    /* Get attachment info */
-    $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
-    if (hesk_dbNumRows($res) != 1)
-    {
-        hesk_process_messages($hesklang['id_not_valid'].' (att_id)','admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
-    }
-    $att = hesk_dbFetchAssoc($res);
-
-    /* Is note ID valid for this attachment? */
-    if (!isset($_GET['note_id']) || $att['note_id'] != $_GET['note_id'])
-    {
-        hesk_process_messages($hesklang['trackID_not_found'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999));
-    }
-
-    /* Delete file from server */
-    hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$att['saved_name']);
-
-    /* Delete attachment from database */
-    hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='".intval($att_id)."'");
-
-    hesk_process_messages($hesklang['kb_att_rem'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
-}
-
-
 if (isset($_POST['note_message'])) {
     $n = $_POST['note_id'];
     if ($can_del_notes)
@@ -911,31 +847,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                         </div>
                     <?php }?>
                     <p><i><?php echo $hesklang['noteby']; ?> <b><?php echo ($note['name'] ? $note['name'] : $hesklang['e_udel']); ?></b></i> - <?php echo hesk_date($note['dt']); ?></p>
-                    <div class="row" style="margin-top: 23px;">
-                        <div class="col-md-7">
-                            <p id="note-<?php echo $note['id']; ?>-p"><?php echo $note['message']; ?></p>
-
-                            <form style="display: none" id="note-<?php echo $note['id']; ?>-form" role="form" method="post"
-                                  action="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;token=<?php hesk_token_echo(); ?>">
-                                <textarea style="margin-bottom: 5px;" class="form-control" id="note-<?php echo $note['id']; ?>-textarea" name="note_message"><?php echo $note['message']; ?></textarea>
-                                <input type="hidden" name="note_id" value="<?php echo $note['id']; ?>">
-                                <button style="margin-bottom: 5px;" class="btn btn-success btn-sm" type="submit"><i class="fa fa-check"></i> <?php echo $hesklang['save']; ?></button>
-                                <a style="margin-bottom: 5px;" class="btn btn-danger btn-sm" href="javascript:void(0)" onclick="toggleNote(<?php echo $note['id']; ?>, false)">
-                                    <i class="fa fa-times"></i> <?php echo $hesklang['cancel']; ?>
-                                </a>
-                            </form>
-                        </div>
-                        <div class="col-md-4">
-                            <?php
-                            $noteAttachmentRS = hesk_dbQuery("SELECT `att_id`, `real_name`, `note_id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `note_id` = ".intval($note['id']));
-
-                            while ($noteAttachment = hesk_dbFetchAssoc($noteAttachmentRS)) {
-                                echo '<a href="admin_ticket.php?delete-note-att='.$noteAttachment['att_id'].'&amp;note_id='.$noteAttachment['note_id'].'&amp;track='.$trackingID.'&amp;'.$tmp.'&amp;Refresh='.mt_rand(10000,99999).'&amp;token='.hesk_token_echo(0).'" onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['pda']).'\');"><i class="fa fa-times" style="color: #FF0000"></i></a>
-                                      <a href="../download_attachment.php?att_id='.$noteAttachment['att_id'].'&amp;note='.$noteAttachment['note_id'].'"><i class="fa fa-paperclip"></i></a>
-                                      <a href="../download_attachment.php?att_id='.$noteAttachment['att_id'].'&amp;note='.$noteAttachment['note_id'].'">'.$noteAttachment['real_name'].'</a><br />';
-                            } ?>
-                        </div>
-                    </div>
+                    <p id="note-<?php echo $note['id']; ?>-p"><?php echo $note['message']; ?></p>
+                    <form style="display: none" id="note-<?php echo $note['id']; ?>-form" role="form" method="post"
+                          action="admin_ticket.php?track=<?php echo $trackingID; ?>&amp;Refresh=<?php echo mt_rand(10000,99999); ?>&amp;token=<?php hesk_token_echo(); ?>">
+                        <textarea style="margin-bottom: 5px;" class="form-control" id="note-<?php echo $note['id']; ?>-textarea" name="note_message"><?php echo $note['message']; ?></textarea>
+                        <input type="hidden" name="note_id" value="<?php echo $note['id']; ?>">
+                        <button style="margin-bottom: 5px;" class="btn btn-success btn-sm" type="submit"><i class="fa fa-check"></i> <?php echo $hesklang['save']; ?></button>
+                        <a style="margin-bottom: 5px;" class="btn btn-danger btn-sm" href="javascript:void(0)" onclick="toggleNote(<?php echo $note['id']; ?>, false)">
+                            <i class="fa fa-times"></i> <?php echo $hesklang['cancel']; ?>
+                        </a>
+                    </form>
                     <?php if ($note['number_of_edits'] > 0) { ?>
                         <p><i><?php echo sprintf($hesklang['note_last_edit'], hesk_date($note['edit_date'])); echo ' | '.sprintf($hesklang['total_number_of_edits'], $note['number_of_edits']); ?></i></p>
                     <?php } ?>
@@ -946,6 +867,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
         ?>
         <div class="row">
             <div class="col-md-12">
+                <b><i><?php echo $hesklang['notes']; ?>: </i></b>
                 <?php
                 if ($can_reply)
                 {
@@ -956,35 +878,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 ?>
 
                 <div id="notesform" style="display:none">
-                    <form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;" enctype="multipart/form-data">
-                        <div class="row" style="margin-bottom: 10px;">
-                            <div class="col-md-7">
-                                <h5><?php echo $hesklang['message']; ?></h5>
-                                <div class="footerWithBorder" style="margin-bottom: 10px;"></div>
-                                <textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea>
-                            </div>
-                            <div class="col-md-5">
-                                <h5><?php echo $hesklang['attachments']; ?></h5>
-                                <div class="footerWithBorder" style="margin-bottom: 10px;"></div>
-                                <span style="display: none" id="number-of-file-dialogs">2</span>
-                                <div id="files-for-notes">
-                                    <?php for ($i=1;$i<=$hesk_settings['attachments']['max_number'];$i++)
-                                    {
-                                        echo '<input type="file" name="attachment['.$i.']" size="50" /><br />';
-                                    }
-
-                                    echo '<a href="Javascript:void(0)" onclick="Javascript:hesk_window(\'../file_limits.php\',250,500);return false;">' . $hesklang['ful'] . '</a>';
-                                    ?>
-                                </div>
-                            </div>
-                        </div>
-                        <div class="row">
-                            <div class="col-md-12">
-                                <input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>"  /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
-                                <i><?php echo $hesklang['nhid']; ?></i>
-                                <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
-                            </div>
-                        </div>
+                    <form method="post" action="admin_ticket.php" style="margin:0px; padding:0px;">
+                        <textarea class="form-control" name="notemsg" rows="6" cols="60"></textarea><br />
+                        <input class="btn btn-default" type="submit" value="<?php echo $hesklang['s']; ?>"  /><input type="hidden" name="track" value="<?php echo $trackingID; ?>" />
+                        <i><?php echo $hesklang['nhid']; ?></i>
+                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
                     </form>
                 </div>
             </div>
diff --git a/download_attachment.php b/download_attachment.php
deleted file mode 100644
index a7b713b1..00000000
--- a/download_attachment.php
+++ /dev/null
@@ -1,174 +0,0 @@
-<?php
-/*******************************************************************************
-*  Title: Help Desk Software HESK
-*  Version: 2.5.3 from 16th March 2014
-*  Author: Klemen Stirn
-*  Website: http://www.hesk.com
-********************************************************************************
-*  COPYRIGHT AND TRADEMARK NOTICE
-*  Copyright 2005-2014 Klemen Stirn. All Rights Reserved.
-*  HESK is a registered trademark of Klemen Stirn.
-
-*  The HESK may be used and modified free of charge by anyone
-*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
-*  By using this code you agree to indemnify Klemen Stirn from any
-*  liability that might arise from it's use.
-
-*  Selling the code for this program, in part or full, without prior
-*  written consent is expressly forbidden.
-
-*  Using this code, in part or full, to create derivate work,
-*  new scripts or products is expressly forbidden. Obtain permission
-*  before redistributing this software over the Internet or in
-*  any other medium. In all cases copyright and header must remain intact.
-*  This Copyright is in full effect in any country that has International
-*  Trade Agreements with the United States of America or
-*  with the European Union.
-
-*  Removing any of the copyright notices without purchasing a license
-*  is expressly forbidden. To remove HESK copyright notice you must purchase
-*  a license for this script. For more information on how to obtain
-*  a license please visit the page below:
-*  https://www.hesk.com/buy.php
-*******************************************************************************/
-
-define('IN_SCRIPT',1);
-define('HESK_PATH','./');
-
-// Get all the required files and functions
-require(HESK_PATH . 'hesk_settings.inc.php');
-require(HESK_PATH . 'inc/common.inc.php');
-hesk_load_database_functions();
-
-hesk_session_start();
-
-// Knowledgebase attachments
-if ( isset($_GET['kb_att']) )
-{
-	// Attachment ID
-	$att_id = intval( hesk_GET('kb_att') ) or hesk_error($hesklang['id_not_valid']);
-
-	// Connect to database
-	hesk_dbConnect();
-
-	// Get attachment info
-	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
-	if (hesk_dbNumRows($res) != 1)
-	{
-		hesk_error($hesklang['id_not_valid'].' (att_id)');
-	}
-	$file = hesk_dbFetchAssoc($res);
-
-    // Is this person allowed access to this attachment?
-	$res = hesk_dbQuery("SELECT `t1`.`type` as `cat_type`, `t2`.`type` as `art_type`
-						FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` AS `t2`
-                        JOIN `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` AS `t1`
-                        ON `t2`.`catid` = `t1`.`id`
-                        WHERE (`t2`.`attachments` LIKE '{$att_id}#%' OR `t2`.`attachments` LIKE '%,{$att_id}#%' )
-                        LIMIT 1");
-
-    // If no attachment found, throw an error
-	if (hesk_dbNumRows($res) != 1)
-	{
-		hesk_error($hesklang['id_not_valid'].' (no_art)');
-	}
-	$row = hesk_dbFetchAssoc($res);
-
-    // Private or draft article or category?
-    if ($row['cat_type'] || $row['art_type'])
-    {
-		if ( empty($_SESSION['id']) )
-		{
-			// This is a staff-only attachment
-			hesk_error($hesklang['attpri']);
-		}
-		elseif ($row['art_type'] == 2)
-		{
-			// Need permission to manage KB to access draft attachments
-			require(HESK_PATH . 'inc/admin_functions.inc.php');
-			hesk_checkPermission('can_man_kb');
-		}
-    }
-}
-
-// Ticket attachments
-else
-{
-	// Attachmend ID and ticket tracking ID
-    $att_id = intval( hesk_GET('att_id', 0) ) or die($hesklang['id_not_valid']);
-
-    $type = '';
-    if (isset($_GET['track'])) {
-        $tic_id = hesk_cleanID() or die("$hesklang[int_error]: $hesklang[no_trackID]");
-        $type = 'ticket';
-    } elseif (isset($_GET['note'])) {
-        $tic_id = intval($_GET['note']) || die ("$hesklang[int_error]: $hesklang[no_noteID]");
-        $type = 'note';
-    }
-
-	// Connect to database
-	hesk_dbConnect();
-
-	// Get attachment info
-	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` WHERE `att_id`='{$att_id}' LIMIT 1");
-	if (hesk_dbNumRows($res) != 1)
-	{
-		hesk_error($hesklang['id_not_valid'].' (att_id)');
-	}
-	$file = hesk_dbFetchAssoc($res);
-
-	// Is ticket/note ID valid for this attachment?
-	if ($type == 'ticket' && $file['ticket_id'] != $tic_id)
-	{
-	    hesk_error($hesklang['trackID_not_found']);
-	} elseif ($type == 'note' && $file['note_id'] != $tic_id)
-    {
-        hesk_error($hesklang['note_id_not_found']);
-    }
-
-	// Verify email address match if needed
-	if ( empty($_SESSION['id']) )
-    {
-    	hesk_verifyEmailMatch($tic_id);
-    }
-}
-
-// Path of the file on the server
-$realpath = $hesk_settings['attach_dir'] . '/' . $file['saved_name'];
-
-// Perhaps the file has been deleted?
-if ( ! file_exists($realpath))
-{
-	hesk_error($hesklang['attdel']);
-}
-
-// Send the file as an attachment to prevent malicious code from executing
-header("Pragma: "); # To fix a bug in IE when running https
-header("Cache-Control: "); # To fix a bug in IE when running https
-header('Content-Description: File Transfer');
-header('Content-Type: application/octet-stream');
-header('Content-Length: ' . $file['size']);
-header('Content-Disposition: attachment; filename=' . $file['real_name']);
-
-// For larger files use chunks, smaller ones can be read all at once
-$chunksize = 1048576; // = 1024 * 1024 (1 Mb)
-if ($file['size'] > $chunksize)
-{
-	$handle = fopen($realpath, 'rb');
-	$buffer = '';
-	while ( ! feof($handle))
-    {
-        set_time_limit(300);
-		$buffer = fread($handle, $chunksize);
-		echo $buffer;
-		flush();
-	}
-	fclose($handle);
-}
-else
-{
-	readfile($realpath);
-}
-
-exit();
-?>
diff --git a/install/updateTo1-7-0.php b/install/updateTo1-7-0.php
index 1808270f..5adb55d0 100644
--- a/install/updateTo1-7-0.php
+++ b/install/updateTo1-7-0.php
@@ -90,16 +90,11 @@ if (!file_put_contents(HESK_PATH.'modsForHesk_settings.inc.php', $file))
 
     <code>//-- Set this to 1 to enable email verification for new customers
         $modsForHesk_settings[\'customer_email_verification_required\'] = 0;</code>
-
-    <br><br>
-    <p>Now you can delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>';
+        
+    <p>After you have done this, <a href="updateTo2-0-0.php">click this link to continue installation</a></p>';
 
 }
 
 if ($updateSuccess) {
-?>
-
-<h1>Installation / Update complete!</h1>
-<p>Please delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>
-
-<?php } ?>
\ No newline at end of file
+    header('Location: updateTo2-0-0.php');
+} ?>
\ No newline at end of file
diff --git a/install/updateTo2-0-0.php b/install/updateTo2-0-0.php
new file mode 100644
index 00000000..6dff80aa
--- /dev/null
+++ b/install/updateTo2-0-0.php
@@ -0,0 +1,19 @@
+<?php
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+require(HESK_PATH . 'install/install_functions.inc.php');
+require(HESK_PATH . 'hesk_settings.inc.php');
+
+$updateSuccess = true;
+
+hesk_dbConnect();
+hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."attachments` DROP COLUMN `note_id`");
+
+
+if ($updateSuccess) {
+?>
+
+<h1>Installation / Update complete!</h1>
+<p>Please delete the <b>install</b> folder for security reasons, and then proceed back to the <a href="../">Help Desk</a></p>
+
+<?php } ?>
\ No newline at end of file
diff --git a/language/en/text.php b/language/en/text.php
index ba17d865..4c9f1c0d 100644
--- a/language/en/text.php
+++ b/language/en/text.php
@@ -61,8 +61,6 @@ $hesklang['note_last_edit'] = 'Note last edited on: %s'; // %s: timestamp of las
 $hesklang['total_number_of_edits'] = 'Total number of edits: %s'; // %s: total number of edits
 $hesklang['add_row'] = 'Add row';
 $hesklang['addnote'] = 'Add note';
-$hesklang['no_noteID'] = 'No Note ID';
-$hesklang['note_id_not_found'] = 'Note ID not found';
 $hesklang['mods_for_hesk'] = 'Mods for HESK';
 $hesklang['err_modsForHesk_settings'] = 'Can\'t open file <b>modsForHesk_settings.inc.php</b> for writing. Please CHMOD this file to 666 (rw-rw-rw-)';
 $hesklang['mods_for_hesk_version'] = 'Mods for HESK Version';