Merge branch 'hesk-2-7-0-update' into '3-0-0'

HESK 2.7.0 Update See merge request !28
8 years ago · 642adb4a75
parent ccb8931157 74beb8d6bc
commit 642adb4a75
60 changed files with 4854 additions and 2443 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,14 +1,13 @@
 admin/admin_suggest_articles.php
 admin/archive.php
+admin/custom_statuses.php
+admin/email_templates.php
 admin/generate_spam_question.php
 admin/priority.php
 admin/test_connection.php
 attachments/index.htm
-docs/changelog.html
-docs/docs_style.css
-docs/index.html
-docs/quick-guide.html
-docs/step-by-step-guide.html
+cache/
+docs/
 file_limits.php
 footer.txt
 header.txt
@ -27,6 +26,7 @@ img/clip.png
 img/code.png
 img/code_off.png
 img/delete.png
+img/delete_off.png
 img/delete_ticket.png
 img/edit.png
 img/error.png
@ -114,6 +114,7 @@ img/print.png
 img/private.png
 img/public.png
 img/reload.png
+img/refresh.png
 img/roundcornersb.jpg
 img/roundcornerslb.jpg
 img/roundcornerslm.jpg
@ -156,10 +157,11 @@ inc/calendar/tcal.js
 inc/calendar/tcal.php
 inc/database.inc.php
 inc/database_mysqli.inc.php
-inc/footer.inc.php
 inc/htmlpurifier
 inc/index.htm
+inc/jscolor/
 inc/mail/email_parser.php
+inc/mail/hesk_imap.php
 inc/mail/hesk_pipe.php
 inc/mail/hesk_pop3.php
 inc/mail/index.htm
@ -184,6 +186,7 @@ inc/recaptcha/recaptchalib.php
 inc/reporting_functions.inc.php
 inc/secimg.inc.php
 inc/setup_functions.inc.php
+inc/statuses.inc.php
 inc/tabs/index.htm
 inc/tabs/tabber-minimized.js
 inc/tabs/tabber.css
--- a/admin/admin_main.php
+++ b/admin/admin_main.php
@ -51,6 +51,7 @@ hesk_isLoggedIn();
 define('CALENDAR', 1);
 define('MAIN_PAGE', 1);
 define('PAGE_TITLE', 'ADMIN_HOME');
+define('AUTO_RELOAD', 1);

 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
@ -58,7 +59,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');

 /* Reset default settings? */
 if (isset($_GET['reset']) && hesk_token_check()) {
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
    $_SESSION['default_list'] = '';
 } /* Get default settings */
 else {
@ -81,6 +82,14 @@ else {
            </div>
        </div>
        <div class="box-body">
+            <div class="checkbox">
+                <label>
+                    <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                    <?php echo $hesklang['arp']; ?>
+                    <span id="timer"></span>
+                </label>
+            </div>
+            <script type="text/javascript">heskCheckReloading();</script><br>
            <?php
            /* Print tickets? */
            if (hesk_checkPermission('can_view_tickets', 0)) {
@ -95,10 +104,8 @@ else {
            ?>
        </div>
    </div>
-    <div class="box">
-        <div class="box-body">
-            <?php
-            $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
+    <?php
+    $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
        CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
        SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
        SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
@ -116,11 +123,9 @@ else {
        29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
        C9wPic7DQp9DQo=', "\112");

-            /* Clean unneeded session variables */
-            hesk_cleanSessionVars('hide');
-            ?>
-        </div>
-    </div>
+    /* Clean unneeded session variables */
+    hesk_cleanSessionVars('hide');
+    ?>
 </section>

 <?php
--- a/admin/admin_reply_ticket.php
+++ b/admin/admin_reply_ticket.php
@ -74,6 +74,11 @@ if (hesk_dbNumRows($result) != 1) {
 $ticket = hesk_dbFetchAssoc($result);
 $trackingID = $ticket['trackid'];

+// Do we require owner before allowing to reply?
+if ($hesk_settings['require_owner'] && ! $ticket['owner']) {
+    hesk_process_messages($hesklang['atbr'],'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
+}
+
 $hesk_error_buffer = array();

 // Get the message
@ -87,7 +92,7 @@ if (strlen($message)) {
    // Save message for later and ignore the rest?
    if (isset($_POST['save_reply'])) {
        // Delete any existing drafts from this owner for this ticket
-        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));

        // Save the message draft
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')");
@ -237,6 +242,7 @@ $lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `" . hesk

 // Get new ticket status
 $sql_status = '';
+$change_status = true;
 // -> If locked, keep it resolved
 if ($ticket['locked']) {
    $new_status = $lockedTicketStatus['ID'];
@ -248,7 +254,7 @@ if ($ticket['locked']) {
        $newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status));
        $newStatus = hesk_dbFetchAssoc($newStatusRs);

-        if ($newStatus['IsClosed']) {
+        if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
            $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
            $sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";

@ -257,7 +263,7 @@ if ($ticket['locked']) {
                $sql_status .= " , `locked`='1' ";
            }
        } else {
-            // Ticket isn't being closed, just add the history to the sql query
+            // Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
            $revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
            $sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
        }
@ -310,12 +316,12 @@ $sql .= " , `replies`=`replies`+1 ";
 $sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";

 // End and execute the query
-$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
+$sql .= " WHERE `id`='{$replyto}'";
 hesk_dbQuery($sql);
 unset($sql);

 /* Update number of replies in the users table */
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");

 // --> Prepare reply message

@ -357,7 +363,7 @@ elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
 }

 // Delete any existing drafts from this owner for this ticket
-hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
+hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));

 /* Set reply submitted message */
 $_SESSION['HESK_SUCCESS'] = TRUE;
--- a/admin/admin_settings.php
+++ b/admin/admin_settings.php
@ -56,6 +56,10 @@ hesk_isLoggedIn();
 // Check permissions for this feature
 hesk_checkPermission('can_man_settings');

+
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // Test languages function
 if (isset($_GET['test_languages'])) {
    hesk_testLanguage(0);
@ -89,6 +93,9 @@ if (defined('HESK_DEMO')) {
    $hesk_settings['pop3_password'] = $hesklang['hdemo'];
    $hesk_settings['recaptcha_public_key'] = $hesklang['hdemo'];
    $hesk_settings['recaptcha_private_key'] = $hesklang['hdemo'];
+    $hesk_settings['imap_host_name']	= $hesklang['hdemo'];
+    $hesk_settings['imap_user']			= $hesklang['hdemo'];
+    $hesk_settings['imap_password']		= $hesklang['hdemo'];
 }

 // Check file attachment limits
@ -214,89 +221,6 @@ $modsForHesk_settings = mfh_getSettings();

        // MISC

-        // CUSTOM FIELDS
-        if (d.s_custom1_use.checked && d.s_custom1_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom2_use.checked && d.s_custom2_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom3_use.checked && d.s_custom3_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom4_use.checked && d.s_custom4_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom5_use.checked && d.s_custom5_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom6_use.checked && d.s_custom6_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom7_use.checked && d.s_custom7_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom8_use.checked && d.s_custom8_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom9_use.checked && d.s_custom9_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom10_use.checked && d.s_custom10_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom11_use.checked && d.s_custom11_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom12_use.checked && d.s_custom12_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom13_use.checked && d.s_custom13_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom14_use.checked && d.s_custom14_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom15_use.checked && d.s_custom15_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom16_use.checked && d.s_custom16_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom17_use.checked && d.s_custom17_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom18_use.checked && d.s_custom18_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom19_use.checked && d.s_custom19_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom20_use.checked && d.s_custom20_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-
-
        // DISABLE SUBMIT BUTTON
        d.submitbutton.disabled = true;
        d.submitbutton.value = '<?php echo addslashes($hesklang['saving']); ?>';
@ -304,21 +228,6 @@ $modsForHesk_settings = mfh_getSettings();
        return true;
    }

-    function hesk_customOptions(cID, fID, fTYPE, maxlenID, oldTYPE) {
-        var t = document.getElementById(fTYPE).value;
-        if (t == oldTYPE) {
-            var d = document.getElementById(fID).value;
-            var m = document.getElementById(maxlenID).value;
-        }
-        else {
-            var d = '';
-            var m = 255;
-        }
-        var myURL = "options.php?i=" + cID + "&q=" + encodeURIComponent(d) + "&t=" + t + "&m=" + m;
-        window.open(myURL, "Hesk_window", "height=400,width=500,menubar=0,location=0,toolbar=0,status=0,resizable=1,scrollbars=1");
-        return false;
-    }
-
    function hesk_toggleLayer(nr, setto) {
        if (document.all)
            document.all[nr].style.display = setto;
@ -380,6 +289,20 @@ $modsForHesk_settings = mfh_getSettings();
        }
        return i;
    }
+
+    function checkRequiredEmail(field) {
+        if (document.getElementById('s_require_email_0').checked && document.getElementById('s_email_view_ticket').checked) {
+            if (field == 's_require_email_0' && confirm('<?php echo addslashes($hesklang['re_confirm1']); ?>')) {
+                document.getElementById('s_email_view_ticket').checked = false;
+                return true;
+            } else if (field == 's_email_view_ticket' && confirm('<?php echo addslashes($hesklang['re_confirm2']); ?>')) {
+                document.getElementById('s_require_email_1').checked = true;
+                return true;
+            }
+            return false;
+        }
+        return true;
+    }
    //-->
 </script>
 <section class="content">
@ -542,6 +465,31 @@ $modsForHesk_settings = mfh_getSettings();
                        ?>
                    </td>
                </tr>
+                <tr>
+                    <td class="text-right">
+                        /<?php echo $hesk_settings['cache_dir']; ?>
+                    </td>
+                    <?php
+                    $attachmentsExist = is_dir(HESK_PATH . $hesk_settings['cache_dir']);
+                    $attachmentsWritable = is_writable(HESK_PATH . $hesk_settings['cache_dir']);
+                    $cellClass = $attachmentsExist && $attachmentsWritable ? 'success' : 'danger';
+                    ?>
+                    <td class="pad-right-10 <?php echo $cellClass; ?>">
+                        <?php
+                        if ($attachmentsExist) {
+                            echo '<span class="success">' . $hesklang['exists'] . '</span>, ';
+                            if ($attachmentsWritable) {
+                                $enable_use_attachments = 1;
+                                echo '<span class="success">' . $hesklang['writable'] . '</span>';
+                            } else {
+                                echo '<span class="error">' . $hesklang['not_writable'] . '</span><br>' . $hesklang['e_cdir'];
+                            }
+                        } else {
+                            echo '<span class="error">' . $hesklang['no_exists'] . '</span>, <span class="error">' . $hesklang['not_writable'] . '</span><br>' . $hesklang['e_cdir'];
+                        }
+                        ?>
+                    </td>
+                </tr>
            </table>
        </div>
    </div>
@ -875,6 +823,20 @@ $modsForHesk_settings = mfh_getSettings();
                               value="<?php echo $hesk_settings['attach_dir']; ?>"/>
                    </div>
                </div>
+                <div class="form-group">
+                    <label for="s_cache_dir"
+                           class="col-sm-3 control-label"><?php echo $hesklang['cf']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#77','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-9">
+                        <input type="text" class="form-control"
+                               placeholder="<?php echo htmlspecialchars($hesklang['ticket_attach_dir']); ?>"
+                               name="s_cache_dir" size="40" maxlength="255"
+                               value="<?php echo $hesk_settings['cache_dir']; ?>"/>
+                    </div>
+                </div>
                <div class="form-group">
                    <label for="s_max_listings"
                           class="col-sm-3 control-label"><?php echo $hesklang['max_listings']; ?> <a
@ -980,6 +942,57 @@ $modsForHesk_settings = mfh_getSettings();
                                ?>
                            </div>
                        </div>
+                        <div class="form-group">
+                            <label for="s_require_email" class="col-sm-6 control-label"><?php echo $hesklang['req_email']; ?>
+                                <a href="Javascript:void(0)"
+                                   onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#73','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_email'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_email'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" id="s_require_email_0" name="s_require_email" value="0" onclick="return checkRequiredEmail(\'s_require_email_0\');" ' . $off . ' /> ' . $hesklang['off'] . '</div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" id="s_require_email_1" name="s_require_email" value="1" ' . $on . ' /> ' . $hesklang['on'] . '</div>';
+                                ?>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="s_require_owner" class="col-sm-6 control-label"><?php echo $hesklang['fass']; ?>
+                                <a href="Javascript:void(0)"
+                                   onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#70','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_owner'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_owner'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_require_owner" value="0" ' . $off . '> ' . $hesklang['off'] . '</div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_owner" value="1" ' . $on . '> ' . $hesklang['on'] . '</div>';
+                                ?>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="s_require_message"
+                                   class="col-sm-6 control-label"><?php echo $hesklang['req_msg']; ?> <a
+                                    href="Javascript:void(0)"
+                                    onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#74','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_message'] == 1 ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_message'] == 0 ? 'checked="checked"' : '';
+                                $hide = $hesk_settings['require_message'] == -1 ? 'checked="checked"' : '';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_require_message" value="0" ' . $off . ' /> ' . $hesklang['off'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_message" value="1" ' . $on . ' /> ' . $hesklang['on'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_message" value="-1" ' . $hide . ' /> ' . $hesklang['off-hide'] . '</label></div>';
+                                ?>
+                            </div>
+                        </div>
                        <div class="form-group">
                            <label for="s_custclose" class="col-sm-6 control-label"><?php echo $hesklang['ccct']; ?>
                                <a href="Javascript:void(0)"
@ -1189,6 +1202,25 @@ $modsForHesk_settings = mfh_getSettings();
                                ?>
                            </div>
                        </div>
+                        <div class="form-group">
+                            <label for="s_require_subject"
+                                   class="col-sm-6 control-label"><?php echo $hesklang['req_sub']; ?> <a
+                                    href="Javascript:void(0)"
+                                    onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#72','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_subject'] == 1 ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_subject'] == 0 ? 'checked="checked"' : '';
+                                $hide = $hesk_settings['require_subject'] == -1 ? 'checked="checked"' : '';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_require_subject" value="0" ' . $off . ' /> ' . $hesklang['off'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_subject" value="1" ' . $on . ' /> ' . $hesklang['on'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_subject" value="-1" ' . $hide . ' /> ' . $hesklang['off-hide'] . '</label></div>';
+                                ?>
+                            </div>
+                        </div>
                        <div class="form-group">
                            <label for="s_rating" class="col-sm-6 control-label"><?php echo $hesklang['urate']; ?>
                                <a href="Javascript:void(0)"
@ -1326,6 +1358,19 @@ $modsForHesk_settings = mfh_getSettings();
                                ?>
                            </div>
                        </div>
+                        <div class="form-group">
+                            <label for="s_cat_show_select" class="col-sm-6 control-label"><?php echo $hesklang['scat']; ?> <a
+                                    href="Javascript:void(0)"
+                                    onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#71','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6">
+                                <input type="text" class="form-control"
+                                       placeholder="<?php echo htmlspecialchars($hesklang['scat']); ?>" name="s_cat_show_select"
+                                       size="5" maxlength="3" value="<?php echo $hesk_settings['cat_show_select']; ?>">
+                                <?php echo $hesklang['scat2']; ?>
+                            </div>
+                        </div>
                    </div>
                </div>

@ -1516,12 +1561,48 @@ $modsForHesk_settings = mfh_getSettings();
                    <div class="col-sm-8">
                        <div class="checkbox">
                            <label><input type="checkbox" name="s_email_view_ticket"
+                                          id="s_email_view_ticket" onclick="return checkRequiredEmail('s_email_view_ticket');"
                                          value="1" <?php if ($hesk_settings['email_view_ticket']) {
                                    echo 'checked="checked"';
                                } ?>/> <?php echo $hesklang['reqetv']; ?></label>
                        </div>
                    </div>
                </div>
+                <div class="form-group">
+                    <label for="s_x_frame_opt"
+                           class="col-sm-4 control-label"><?php echo $hesklang['frames']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#76','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-8">
+                        <div class="checkbox">
+                            <label><input type="checkbox" name="s_x_frame_opt"
+                                          value="1" <?php if ($hesk_settings['x_frame_opt']) {
+                                    echo 'checked="checked"';} ?>> <?php echo $hesklang['frames2']; ?></label>
+                        </div>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label for="s_force_ssl"
+                           class="col-sm-4 control-label"><?php echo $hesklang['ssl']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#75','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-8">
+                        <div class="checkbox">
+                            <?php if (HESK_SSL): ?>
+                            <label><input type="checkbox" name="s_force_ssl"
+                                          value="1" <?php if ($hesk_settings['force_ssl']) {
+                                    echo 'checked="checked"';} ?>>
+                                <?php echo $hesklang['frames2']; ?>
+                            </label>
+                            <?php else: echo $hesklang['d_ssl']; ?>
+                            <?php endif ?>
+                        </div>
+                    </div>
+                </div>
                <div class="form-group">
                    <label for="email-verification" class="col-sm-4 col-xs-12 control-label">
                    <span class="label label-primary"
@ -2071,119 +2152,6 @@ $modsForHesk_settings = mfh_getSettings();
            </div>
        </div>

-        <!-- Custom Field Settings -->
-        <div class="box collapsed-box">
-            <div class="box-header with-border">
-                <h1 class="box-title">
-                    <?php echo $hesklang['tab_4']; ?>
-                </h1>
-                <div class="box-tools pull-right">
-                    <button type="button" class="btn btn-box-tool" data-widget="collapse">
-                        <i class="fa fa-plus"></i>
-                    </button>
-                </div>
-            </div>
-            <div class="box-body">
-                <h4 class="bold"><?php echo $hesklang['custom_use']; ?> <a href="Javascript:void(0)"
-                                                                           onclick="Javascript:hesk_window('<?php echo $help_folder; ?>custom.html#41','400','500')"><i
-                            class="fa fa-question-circle settingsquestionmark"></i></a></h4>
-
-
-                <div class="form-group">
-                    <label for="custom-field-setting" class="col-sm-4 col-xs-12 control-label">
-                          <span class="label label-primary"
-                                data-toggle="tooltip"
-                                title="<?php echo $hesklang['added_in_mods_for_hesk']; ?>"><?php echo $hesklang['mods_for_hesk_acronym']; ?></span>
-                        <?php echo $hesklang['custom_field_setting']; ?>
-                        <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
-                           title="<?php echo $hesklang['custom_field_setting']; ?>"
-                           data-content="<?php echo $hesklang['custom_field_setting_help']; ?>"></i>
-                    </label>
-
-                    <div class="col-sm-8 col-xs-12">
-                        <div class="checkbox">
-                            <label>
-                                <input id="custom-field-setting"
-                                       name="custom-field-setting"
-                                       type="checkbox"
-                                       onchange="changeText('fieldNameHeader',
-                                           '<?php echo $hesklang['custom_language_key']; ?>',
-                                           '<?php echo $hesklang['custom_n']; ?>',
-                                           this)"
-                                    <?php if ($modsForHesk_settings['custom_field_setting']) {
-                                        echo 'checked';
-                                    } ?>> <?php echo $hesklang['enable_custom_field_language']; ?>
-                            </label>
-                        </div>
-                    </div>
-                </div>
-                <table class="table table-hover">
-                    <tr>
-                        <th><?php echo $hesklang['enable']; ?></th>
-                        <th><?php echo $hesklang['s_type']; ?></th>
-                        <th><?php echo $hesklang['custom_r']; ?></th>
-                        <th id="fieldNameHeader">
-                            <?php if ($modsForHesk_settings['custom_field_setting']) {
-                                echo $hesklang['custom_language_key'];
-                            } else {
-                                echo $hesklang['custom_n'];
-                            } ?>
-                        </th>
-                        <th><?php echo $hesklang['custom_place']; ?></th>
-                        <th><?php echo $hesklang['opt']; ?></th>
-                    </tr>
-
-                    <?php
-                    for ($i = 1; $i <= 20; $i++) {
-                        $this_field = $hesk_settings['custom_fields']['custom' . $i];
-
-                        $onload_locally = $this_field['use'] ? '' : ' disabled="disabled" ';
-
-                        echo '
-                    <tr>
-                    <td><div class="checkbox"><label><input type="checkbox" name="s_custom' . $i . '_use" value="1" id="c' . $i . '1" ';
-                        if ($this_field['use']) {
-                            echo 'checked="checked"';
-                        }
-                        echo ' onclick="hesk_attach_toggle(\'c' . $i . '1\',new Array(\'s_custom' . $i . '_type\',\'s_custom' . $i . '_req\',\'s_custom' . $i . '_name\',\'c' . $i . '5\',\'c' . $i . '6\'))" /> ' . $hesklang['yes'] . '</label></div></td>
-                    <td>
-                        <select class="form-control" name="s_custom' . $i . '_type" id="s_custom' . $i . '_type" ' . $onload_locally . '>
-                        <option value="text"     ' . ($this_field['type'] == 'text' ? 'selected="selected"' : '') . '>' . $hesklang['stf'] . '</option>
-                        <option value="textarea" ' . ($this_field['type'] == 'textarea' ? 'selected="selected"' : '') . '>' . $hesklang['stb'] . '</option>
-                        <option value="radio"    ' . ($this_field['type'] == 'radio' ? 'selected="selected"' : '') . '>' . $hesklang['srb'] . '</option>
-                        <option value="select"   ' . ($this_field['type'] == 'select' ? 'selected="selected"' : '') . '>' . $hesklang['ssb'] . '</option>
-                        <option value="checkbox" ' . ($this_field['type'] == 'checkbox' ? 'selected="selected"' : '') . '>' . $hesklang['scb'] . '</option>
-                        <option value="date" ' . ($this_field['type'] == 'date' ? 'selected="selected"' : '') . '>' . $hesklang['date_custom_field'] . '</option>
-                        <option value="multiselect" ' . ($this_field['type'] == 'multiselect' ? 'selected="selected"' : '') . '>' . $hesklang['multiple_select_custom_field'] . '</option>
-                        <option value="email" ' . ($this_field['type'] == 'email' ? 'selected="selected"' : '') . '>' . $hesklang['email_custom_field'] . '</option>
-                        <option value="hidden" ' . ($this_field['type'] == 'hidden' ? 'selected="selected"' : '') . '>' . $hesklang['hidden_custom_field'] . '</option>
-                        <option value="readonly" ' . ($this_field['type'] == 'readonly' ? 'selected="selected"' : '') . '>' . $hesklang['readonly_custom_field'] . '</option>
-                        </select>
-                    </td>
-                    <td><div class="checkbox"><label><input type="checkbox" name="s_custom' . $i . '_req" value="1" id="s_custom' . $i . '_req" ';
-                        if ($this_field['req']) {
-                            echo 'checked="checked"';
-                        }
-                        echo $onload_locally . ' /> ' . $hesklang['yes'] . '</label></div></td>
-                    <td><input class="form-control" type="text" name="s_custom' . $i . '_name" size="20" maxlength="255" id="s_custom' . $i . '_name" value="' . $this_field['name'] . '"' . $onload_locally . ' /></td>
-                    <td>
-                        <div class="radio"><label><input type="radio" name="s_custom' . $i . '_place" value="0" id="c' . $i . '5" ' . ($this_field['place'] ? '' : 'checked="checked"') . '  ' . $onload_locally . ' /> ' . $hesklang['place_before'] . '</label></div><br />
-                        <div class="radio"><label><input type="radio" name="s_custom' . $i . '_place" value="1" id="c' . $i . '6" ' . ($this_field['place'] ? 'checked="checked"' : '') . '  ' . $onload_locally . ' /> ' . $hesklang['place_after'] . '</label></div>
-                    </td>
-                    <td>
-                    <input type="hidden" name="s_custom' . $i . '_val" id="s_custom' . $i . '_val" value="' . $this_field['value'] . '" />
-                    <input type="hidden" name="s_custom' . $i . '_maxlen" id="s_custom' . $i . '_maxlen" value="' . $this_field['maxlen'] . '" />
-                    <a href="Javascript:void(0)" onclick="Javascript:return hesk_customOptions(\'custom' . $i . '\',\'s_custom' . $i . '_val\',\'s_custom' . $i . '_type\',\'s_custom' . $i . '_maxlen\',\'' . $this_field['type'] . '\')">' . $hesklang['opt'] . '</a>
-                    </td>
-
-                    </tr>
-                    ';
-                    } // End FOR
-                    ?>
-                </table>
-            </div>
-        </div>
-
        <!-- Email Settings -->
        <div class="box collapsed-box">
            <div class="box-header with-border">
@ -2696,6 +2664,202 @@ $modsForHesk_settings = mfh_getSettings();
                </div>
                <!-- END POP3 SETTINGS DIV -->

+                <!-- IMAP Fetching -->
+                <h4 class="bold"><?php echo $hesklang['imap']; ?></h4>
+
+                <div class="form-group">
+                    <label for="s_pop3" class="col-sm-3 control-label"><?php echo $hesklang['imap']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-9 form-inline">
+                        <?php
+                        $on = '';
+                        $off = '';
+                        $onload_div = 'none';
+                        $onload_status = '';
+
+                        if ($hesk_settings['imap']) {
+                            $on = 'checked';
+                            $onload_div = 'block';
+                        } else {
+                            $off = 'checked';
+                            $onload_status = ' disabled ';
+                        }
+
+                        echo '
+                        <div class="radio"><label><input type="radio" name="s_imap" value="0" onclick="hesk_attach_disable(new Array(\'i0\',\'i1\',\'i2\',\'i3\',\'i4\',\'i5\',\'i6\',\'i7\',\'i8\',\'i9\'))" onchange="hesk_toggleLayerDisplay(\'imap_settings\');" ' . $off . '> ' . $hesklang['off'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                        <div class="radio"><label><input type="radio" name="s_imap" value="1" onclick="hesk_attach_enable(new Array(\'i0\',\'i1\',\'i2\',\'i3\',\'i4\',\'i5\',\'i6\',\'i7\',\'i8\',\'i9\'))" onchange="hesk_toggleLayerDisplay(\'imap_settings\');"  ' . $on . '> ' . $hesklang['on'] . '</label></div>';
+                        ?>
+                        <input type="hidden" name="tmp_imap_host_name" value="<?php echo $hesk_settings['imap_host_name']; ?>">
+                        <input type="hidden" name="tmp_imap_host_port" value="<?php echo $hesk_settings['imap_host_port']; ?>">
+                        <input type="hidden" name="tmp_imap_user" value="<?php echo $hesk_settings['imap_user']; ?>">
+                        <input type="hidden" name="tmp_imap_password" value="<?php echo $hesk_settings['imap_password']; ?>">
+                        <input type="hidden" name="tmp_imap_enc" value="<?php echo $hesk_settings['imap_enc']; ?>">
+                        <input type="hidden" name="tmp_imap_keep" value="<?php echo $hesk_settings['imap_keep']; ?>">
+                    </div>
+                </div>
+                <div id="imap_settings" style="display:<?php echo $onload_div; ?>">
+                    <div class="form-group">
+                        <label for="s_imap_job_wait" class="col-sm-3 control-label"><?php echo $hesklang['pjt']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['pjt']); ?>" id="i0"
+                                   name="s_imap_job_wait" size="5" maxlength="5"
+                                   value="<?php echo $hesk_settings['imap_job_wait']; ?>" <?php echo $onload_status; ?>> <?php echo $hesklang['pjt2']; ?>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_host_name" class="col-sm-3 control-label"><?php echo $hesklang['imaph']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imaph']); ?>" id="i1"
+                                   name="s_imap_host_name" size="40" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_host_name']; ?>" <?php echo $onload_status; ?>>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_host_port" class="col-sm-3 control-label"><?php echo $hesklang['imapp']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imapp']); ?>" id="i2"
+                                   name="s_imap_host_port" size="5" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_host_port']; ?>" <?php echo $onload_status; ?>>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_enc" class="col-sm-3 control-label"><?php echo $hesklang['enc']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9 form-inline">
+                            <?php
+                            $none = $hesk_settings['imap_enc'] == '' ? 'checked' : '';
+                            $ssl = $hesk_settings['imap_enc'] == 'ssl' ? 'checked' : '';
+                            $tls = $hesk_settings['imap_enc'] == 'tls' ? 'checked' : '';
+                            echo '
+		<div class="radio"><label><input type="radio" name="s_imap_enc" value="ssl" id="i9" '.$ssl.' '.$onload_status.'> '.$hesklang['ssl'].'</label></div>&nbsp;&nbsp;&nbsp;
+		<div class="radio"><label><input type="radio" name="s_imap_enc" value="tls" id="i4" '.$tls.' '.$onload_status.'> '.$hesklang['tls'].'</label></div>&nbsp;&nbsp;&nbsp;
+		<div class="radio"><label><input type="radio" name="s_imap_enc" value="" id="i3" '.$none.' '.$onload_status.'> '.$hesklang['none'].'</label></div>
+		';
+                            ?>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_keep" class="col-sm-3 control-label"><?php echo $hesklang['pop3keep']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9 form-inline">
+                            <?php
+                            $on = $hesk_settings['imap_keep'] ? 'checked="checked"' : '';
+                            $off = $hesk_settings['imap_keep'] ? '' : 'checked="checked"';
+                            echo '
+		<div class="radio"><label><input type="radio" name="s_imap_keep" value="0" id="i7" '.$off.' '.$onload_status.'> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
+		<div class="radio"><label><input type="radio" name="s_imap_keep" value="1" id="i8" '.$on.' '.$onload_status.'> '.$hesklang['on'].'</label></div>
+		';
+                            ?>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_user" class="col-sm-3 control-label"><?php echo $hesklang['imapu']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imapu']); ?>" id="i5"
+                                   name="s_imap_user" size="40" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_user']; ?>" <?php echo $onload_status; ?> autocomplete="off">
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_password" class="col-sm-3 control-label"><?php echo $hesklang['imapw']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="password" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imapw']); ?>" id="i6"
+                                   name="s_imap_password" size="40" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_password']; ?>" <?php echo $onload_status; ?> autocomplete="off">
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-9 col-sm-offset-3">
+                            <input type="button" class="btn btn-default"
+                                   onclick="hesk_testIMAP()" value="<?php echo $hesklang['imaptest']; ?>">
+                        </div>
+                    </div>
+
+                    <!-- START IMAP TEST -->
+                    <div id="imap_test" style="display:none">
+                    </div>
+
+                    <script language="Javascript" type="text/javascript"><!--
+                        function hesk_testIMAP()
+                        {
+                            var element = document.getElementById('imap_test');
+                            element.innerHTML = '<img src="<?php echo HESK_PATH; ?>img/loading.gif" width="24" height="24" alt="" border="0" style="vertical-align:text-bottom" /> <i><?php echo addslashes($hesklang['contest']); ?></i>';
+                            element.style.display = 'block';
+
+                            var s_imap_host_name = document.getElementById('i1').value;
+                            var s_imap_host_port = document.getElementById('i2').value;
+                            var s_imap_user      = document.getElementById('i5').value;
+                            var s_imap_password  = document.getElementById('i6').value;
+                            var s_imap_enc       = document.getElementById('i4').checked ? 'tls' : (document.getElementById('i9').checked ? 'ssl' : '');
+
+                            var params = "test=imap" +
+                                "&s_imap_host_name="  + encodeURIComponent( s_imap_host_name ) +
+                                "&s_imap_host_port=" + encodeURIComponent( s_imap_host_port ) +
+                                "&s_imap_user="      + encodeURIComponent( s_imap_user ) +
+                                "&s_imap_password="  + encodeURIComponent( s_imap_password ) +
+                                "&s_imap_enc="       + encodeURIComponent( s_imap_enc );
+
+                            xmlHttp=GetXmlHttpObject();
+                            if (xmlHttp==null)
+                            {
+                                return;
+                            }
+
+                            xmlHttp.open('POST','test_connection.php',true);
+                            xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+                            xmlHttp.setRequestHeader("Content-length", params.length);
+                            xmlHttp.setRequestHeader("Connection", "close");
+
+                            xmlHttp.onreadystatechange = function()
+                            {
+                                if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
+                                {
+                                    element.innerHTML = xmlHttp.responseText;
+                                }
+                            }
+
+                            xmlHttp.send(params);
+                        }
+                        //-->
+                    </script>
+                    <!-- END IMAP TEST -->
+
+                </div> <!-- END IMAP SETTINGS DIV -->
+
                <h4 class="bold"><?php echo $hesklang['loops']; ?></h4>
                <div class="form-group">
                    <label for="s_loop_hits" class="col-sm-3 control-label"><?php echo $hesklang['looph']; ?> <a
@ -3323,7 +3487,28 @@ $modsForHesk_settings = mfh_getSettings();
                </div>
            </div>
            <div class="box-body">
-                <h4 class="bold"><?php echo $hesklang['uiColors']; ?></h4>
+                <h4>Common Properties</h4>
+                <div class="row">
+                    <div class="col-sm-6 col-xs-12">
+                        <div class="form-group">
+                            <label for="questionMarkColor"
+                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['questionMarkColor']; ?>
+                                <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
+                                   data-placement="left"
+                                   title="<?php echo $hesklang['questionMarkColor']; ?>"
+                                   data-content="<?php echo $hesklang['questionMarkColorHelp']; ?>"></i>
+                            </label>
+
+                            <div class="col-sm-5 col-xs-12">
+                                <input type="text" id="questionMarkColor" name="questionMarkColor"
+                                       class="form-control"
+                                       value="<?php echo $modsForHesk_settings['questionMarkColor']; ?>">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+
+                <h4>Customer View</h4>
                <div class="row">
                    <div class="col-sm-6 col-xs-12">
                        <div class="form-group">
@ -3486,40 +3671,71 @@ $modsForHesk_settings = mfh_getSettings();
                            </div>
                        </div>
                    </div>
+                </div>
+                <div class="row">
                    <div class="col-sm-6 col-xs-12">
                        <div class="form-group">
-                            <label for="questionMarkColor"
-                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['questionMarkColor']; ?>
+                            <label for="dropdownItemTextHoverBackgroundColor"
+                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>
                                <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
                                   data-placement="left"
-                                   title="<?php echo $hesklang['questionMarkColor']; ?>"
-                                   data-content="<?php echo $hesklang['questionMarkColorHelp']; ?>"></i>
+                                   title="<?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>"
+                                   data-content="<?php echo $hesklang['dropdownItemTextHoverBackgroundColorHelp']; ?>"></i>
                            </label>

                            <div class="col-sm-5 col-xs-12">
-                                <input type="text" id="questionMarkColor" name="questionMarkColor"
-                                       class="form-control"
-                                       value="<?php echo $modsForHesk_settings['questionMarkColor']; ?>">
+                                <input type="text" id="dropdownItemTextHoverBackgroundColor"
+                                       name="dropdownItemTextHoverBackgroundColor" class="form-control"
+                                       value="<?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>">
                            </div>
                        </div>
                    </div>
                </div>
+                <h4>Admin Panel</h4>
                <div class="row">
-                    <div class="col-sm-6 col-xs-12">
+                    <div class="col-xs-12">
                        <div class="form-group">
-                            <label for="dropdownItemTextHoverBackgroundColor"
-                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>
+                            <label for="admin-color-scheme"
+                                   class="col-sm-3 col-xs-5 control-label">Color Scheme
                                <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
                                   data-placement="left"
                                   title="<?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>"
                                   data-content="<?php echo $hesklang['dropdownItemTextHoverBackgroundColorHelp']; ?>"></i>
                            </label>

-                            <div class="col-sm-5 col-xs-12">
-                                <input type="text" id="dropdownItemTextHoverBackgroundColor"
-                                       name="dropdownItemTextHoverBackgroundColor" class="form-control"
-                                       value="<?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>">
+                            <div class="col-sm-9 col-xs-7">
+                                <select name="admin-color-scheme" class="form-control">
+                                    <option value="skin-blue">Blue</option>
+                                    <option value="skin-blue-light">Blue (Light)</option>
+                                    <option value="skin-yellow">Yellow</option>
+                                    <option value="skin-yellow-light">Yellow (Light)</option>
+                                    <option value="skin-green">Green</option>
+                                    <option value="skin-green-light">Green (Light)</option>
+                                    <option value="skin-purple">Purple</option>
+                                    <option value="skin-purple-light">Purple (Light)</option>
+                                    <option value="skin-red">Red</option>
+                                    <option value="skin-red-light">Red (Light)</option>
+                                    <option value="skin-black">Black</option>
+                                    <option value="skin-black-light">Black (Light)</option>
+                                </select>
                            </div>
+                            <script>
+                                $('select[name="admin-color-scheme"]').change(function() {
+                                    $('body').removeClass('skin-blue')
+                                        .removeClass('skin-blue-light')
+                                        .removeClass('skin-yellow')
+                                        .removeClass('skin-yellow-light')
+                                        .removeClass('skin-green')
+                                        .removeClass('skin-green-light')
+                                        .removeClass('skin-purple')
+                                        .removeClass('skin-purple-light')
+                                        .removeClass('skin-red')
+                                        .removeClass('skin-red-light')
+                                        .removeClass('skin-black')
+                                        .removeClass('skin-black-light')
+                                        .addClass($(this).val());
+                                });
+                            </script>
                        </div>
                    </div>
                </div>
@ -3567,8 +3783,8 @@ $modsForHesk_settings = mfh_getSettings();
        global $hesk_settings;

        // Do we have a cached version file?
-        if (file_exists(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest.txt')) {
-            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
+        if (file_exists(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest.txt')) {
+            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
                return $matches[2];
            }
        }
@ -3601,7 +3817,7 @@ $modsForHesk_settings = mfh_getSettings();
    {
        global $hesk_settings;

-        @file_put_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest.txt', time() . '|' . $latest);
+        @file_put_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest.txt', time() . '|' . $latest);

        return $latest;

@ -3627,8 +3843,8 @@ $modsForHesk_settings = mfh_getSettings();
        global $hesk_settings;

        // Do we have a cached version file?
-        if (file_exists(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest-mfh.txt')) {
-            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest-mfh.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
+        if (file_exists(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest-mfh.txt')) {
+            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest-mfh.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
                return $matches[2];
            }
        }
@ -3660,7 +3876,7 @@ $modsForHesk_settings = mfh_getSettings();
    {
        global $hesk_settings;

-        @file_put_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest-mfh.txt', time() . '|' . $latest);
+        @file_put_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest-mfh.txt', time() . '|' . $latest);

        return $latest;

@ -3723,7 +3939,7 @@ $modsForHesk_settings = mfh_getSettings();
                    }

                    /* Check if language file is for current version */
-                    if (strpos($tmp, '$hesklang[\'ms01\']') === false) {
+                    if (strpos($tmp, '$hesklang[\'refresh_page\']') === false) {
                        $err .= "              |---->  WRONG VERSION (not " . $hesk_settings['hesk_version'] . ")\n";
                    }

--- a/admin/admin_settings_save.php
+++ b/admin/admin_settings_save.php
@ -85,9 +85,6 @@ if (isset($lang[1]) && in_array($lang[1], hesk_getLanguagesArray(1))) {
    hesk_error($hesklang['err_lang']);
 }

-/* --> Database settings */
-hesk_dbClose();
-
 if (hesk_testMySQL()) {
    // Database connection OK
 } elseif ($mysql_log) {
@ -125,6 +122,7 @@ if ( ! is_writable(HESK_PATH . $set['attach_dir']) )
 }
 */

+$set['cache_dir'] = isset($_POST['s_cache_dir']) && ! is_array($_POST['s_cache_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_cache_dir']) : 'cache';
 $set['max_listings'] = hesk_checkMinMax(intval(hesk_POST('s_max_listings')), 1, 999, 10);
 $set['print_font_size'] = hesk_checkMinMax(intval(hesk_POST('s_print_font_size')), 1, 99, 12);
 $set['autoclose'] = hesk_checkMinMax(intval(hesk_POST('s_autoclose')), 0, 999, 7);
@ -135,6 +133,10 @@ $set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1;
 /* --> Features */
 $set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1;
 $set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1;
+$set['require_email']	= empty($_POST['s_require_email']) ? 0 : 1;
+$set['require_owner']	= empty($_POST['s_require_owner']) ? 0 : 1;
+$set['require_subject']	= hesk_checkMinMax( intval( hesk_POST('s_require_subject') ) , -1, 1, 1);
+$set['require_message']	= hesk_checkMinMax( intval( hesk_POST('s_require_message') ) , -1, 1, 1);
 $set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1;
 $set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1;
 $set['rating'] = empty($_POST['s_rating']) ? 0 : 1;
@ -147,6 +149,7 @@ $set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1;
 $set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1;
 $set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1;
 $set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1;
+$set['cat_show_select'] = hesk_checkMinMax( intval( hesk_POST('s_cat_show_select') ) , 0, 999, 10);

 /* --> SPAM prevention */
 $set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : (hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@ -168,7 +171,14 @@ if ($set['attempt_limit'] > 0) {
 }
 $set['attempt_banmin'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_banmin')), 5, 99999, 60);
 $set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
-$set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1;
+$set['email_view_ticket'] = ($set['require_email'] == 0) ? 0 : (empty($_POST['s_email_view_ticket']) ? 0 : 1);
+$set['x_frame_opt'] = empty($_POST['s_x_frame_opt']) ? 0 : 1;
+$set['force_ssl'] = HESK_SSL && isset($_POST['s_force_ssl']) && $_POST['s_force_ssl'] == 1 ? 1 : 0;
+
+// Make sure help desk URL starts with https if forcing SSL
+if ($set['force_ssl']) {
+    $set['hesk_url'] = preg_replace('/^http:/i', 'https:', $set['hesk_url']);
+}

 /* --> Attachments */
 $set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1;
@ -246,7 +256,7 @@ if ($set['smtp']) {
        $set['smtp'] = 0;
    }
 } else {
-    $set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.domain.com'));
+    $set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.example.com'));
    $set['smtp_host_port'] = intval(hesk_POST('tmp_smtp_host_port', 25));
    $set['smtp_timeout'] = intval(hesk_POST('tmp_smtp_timeout', 10));
    $set['smtp_ssl'] = empty($_POST['tmp_smtp_ssl']) ? 0 : 1;
@ -279,7 +289,7 @@ if ($set['pop3']) {
    }
 } else {
    $set['pop3_job_wait'] = intval(hesk_POST('s_pop3_job_wait', 15));
-    $set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.domain.com'));
+    $set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.example.com'));
    $set['pop3_host_port'] = intval(hesk_POST('tmp_pop3_host_port', 110));
    $set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1;
    $set['pop3_keep'] = empty($_POST['tmp_pop3_keep']) ? 0 : 1;
@ -287,6 +297,32 @@ if ($set['pop3']) {
    $set['pop3_password'] = hesk_input(hesk_POST('tmp_pop3_password'));
 }

+/* --> IMAP fetching */
+$imap_OK = true;
+$set['imap'] = empty($_POST['s_imap']) ? 0 : 1;
+
+if ($set['imap']) {
+    // Get IMAP fetching timeout
+    $set['imap_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_imap_job_wait') ) , 0, 1440, 15);
+
+    // Test IMAP connection
+    $imap_OK = hesk_testIMAP(true);
+
+    // If IMAP not working, disable it
+    if ( ! $imap_OK) {
+        $set['imap'] = 0;
+    }
+} else {
+    $set['imap_job_wait']	= intval( hesk_POST('s_imap_job_wait', 15) );
+    $set['imap_host_name']	= hesk_input( hesk_POST('tmp_imap_host_name', 'mail.example.com') );
+    $set['imap_host_port']	= intval( hesk_POST('tmp_imap_host_port', 110) );
+    $set['imap_enc']		= hesk_POST('tmp_imap_enc');
+    $set['imap_enc']		= ($set['imap_enc'] == 'ssl' || $set['imap_enc'] == 'tls') ? $set['imap_enc'] : '';
+    $set['imap_keep']		= empty($_POST['tmp_imap_keep']) ? 0 : 1;
+    $set['imap_user']		= hesk_input( hesk_POST('tmp_imap_user') );
+    $set['imap_password']	= hesk_input( hesk_POST('tmp_imap_password') );
+}
+
 /* --> Email loops */
 $set['loop_hits'] = hesk_checkMinMax(intval(hesk_POST('s_loop_hits')), 0, 999, 5);
 $set['loop_time'] = hesk_checkMinMax(intval(hesk_POST('s_loop_time')), 1, 86400, 300);
@ -323,10 +359,10 @@ if (!empty($_POST['s_email_providers']) && !is_array($_POST['s_email_providers']

 if (!$set['detect_typos'] || count($set['email_providers']) < 1) {
    $set['detect_typos'] = 0;
-    $set['email_providers'] = array('gmail.com', 'hotmail.com', 'hotmail.co.uk', 'yahoo.com', 'yahoo.co.uk', 'aol.com', 'aol.co.uk', 'msn.com', 'live.com', 'live.co.uk', 'mail.com', 'googlemail.com', 'btinternet.com', 'btopenworld.com');
+    $set['email_providers']=array('aim.com','aol.co.uk','aol.com','att.net','bellsouth.net','blueyonder.co.uk','bt.com','btinternet.com','btopenworld.com','charter.net','comcast.net','cox.net','earthlink.net','email.com','facebook.com','fastmail.fm','free.fr','freeserve.co.uk','gmail.com','gmx.at','gmx.ch','gmx.com','gmx.de','gmx.fr','gmx.net','gmx.us','googlemail.com','hotmail.be','hotmail.co.uk','hotmail.com','hotmail.com.ar','hotmail.com.mx','hotmail.de','hotmail.es','hotmail.fr','hushmail.com','icloud.com','inbox.com','laposte.net','lavabit.com','list.ru','live.be','live.co.uk','live.com','live.com.ar','live.com.mx','live.de','live.fr','love.com','lycos.com','mac.com','mail.com','mail.ru','me.com','msn.com','nate.com','naver.com','neuf.fr','ntlworld.com','o2.co.uk','online.de','orange.fr','orange.net','outlook.com','pobox.com','prodigy.net.mx','qq.com','rambler.ru','rocketmail.com','safe-mail.net','sbcglobal.net','t-online.de','talktalk.co.uk','tiscali.co.uk','verizon.net','virgin.net','virginmedia.com','wanadoo.co.uk','wanadoo.fr','yahoo.co.id','yahoo.co.in','yahoo.co.jp','yahoo.co.kr','yahoo.co.uk','yahoo.com','yahoo.com.ar','yahoo.com.mx','yahoo.com.ph','yahoo.com.sg','yahoo.de','yahoo.fr','yandex.com','yandex.ru','ymail.com');
 }

-$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : '';
+$set['email_providers'] = count($set['email_providers']) ?  "'" . implode("','", array_unique($set['email_providers'])) . "'" : '';


 /* --> Notify customer when */
@ -386,7 +422,8 @@ foreach ($hesk_settings['possible_ticket_list'] as $key => $title) {

 // We need at least one of these: id, trackid, subject
 if (!in_array('id', $set['ticket_list']) && !in_array('trackid', $set['ticket_list']) && !in_array('subject', $set['ticket_list'])) {
-    $set['ticket_list'][] = 'trackid';
+    // None of the required fields are there, add "trackid" as the first one
+    array_unshift($set['ticket_list'], 'trackid');
 }

 $set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid';
@ -419,49 +456,9 @@ $set['submit_notice'] = empty($_POST['s_submit_notice']) ? 0 : 1;
 $set['online'] = empty($_POST['s_online']) ? 0 : 1;
 $set['online_min'] = hesk_checkMinMax(intval(hesk_POST('s_online_min')), 1, 999, 10);
 $set['check_updates'] = empty($_POST['s_check_updates']) ? 0 : 1;
-
-/*** CUSTOM FIELDS ***/
-
-for ($i = 1; $i <= 20; $i++) {
-    $this_field = 'custom' . $i;
-    $set['custom_fields'][$this_field]['use'] = !empty($_POST['s_custom' . $i . '_use']) ? 1 : 0;
-
-    if ($set['custom_fields'][$this_field]['use']) {
-        $set['custom_fields'][$this_field]['place'] = empty($_POST['s_custom' . $i . '_place']) ? 0 : 1;
-        $set['custom_fields'][$this_field]['type'] = hesk_htmlspecialchars(hesk_POST('s_custom' . $i . '_type', 'text'));
-        $set['custom_fields'][$this_field]['req'] = !empty($_POST['s_custom' . $i . '_req']) ? 1 : 0;
-        $set['custom_fields'][$this_field]['name'] = hesk_input(hesk_POST('s_custom' . $i . '_name'), $hesklang['err_custname']);
-        $set['custom_fields'][$this_field]['maxlen'] = intval(hesk_POST('s_custom' . $i . '_maxlen', 255));
-        $set['custom_fields'][$this_field]['value'] = hesk_input(hesk_POST('s_custom' . $i . '_val'));
-
-        if ($set['custom_fields'][$this_field]['type'] == 'email' && $set['custom_fields'][$this_field]['value'] == '') {
-            // New custom field without any options set. Default to Cc
-            $set['custom_fields'][$this_field]['value'] = 'cc';
-        }
-
-        if (!in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea', 'select', 'radio', 'checkbox', 'date', 'multiselect', 'email', 'hidden', 'readonly'))) {
-            $set['custom_fields'][$this_field]['type'] = 'text';
-        }
-
-        // Try to detect if field type changed to anything except "select"
-        if ($set['custom_fields'][$this_field]['type'] != 'select') {
-            // If type is "radio" or "checkbox" remove "please select", keep other options
-            $set['custom_fields'][$this_field]['value'] = str_replace('{HESK_SELECT}', '', $set['custom_fields'][$this_field]['value']);
-
-            // Field type changed to "text" or "textarea", clear default value if it contains "#HESK#" separator
-            if (in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea')) && !in_array($hesk_settings['custom_fields'][$this_field]['type'], array('text', 'textarea')) && strpos($set['custom_fields'][$this_field]['value'], '#HESK#') !== false) {
-                $set['custom_fields'][$this_field]['value'] = '';
-            }
-        }
-    } else {
-        $set['custom_fields'][$this_field] = array('use' => 0, 'place' => 0, 'type' => 'text', 'req' => 0, 'name' => 'Custom field ' . $i, 'maxlen' => 255, 'value' => '');
-    }
-}
-
 $set['hesk_version'] = $hesk_settings['hesk_version'];

 // Process quick help sections
-hesk_dbConnect();
 hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` SET `show` = '0'");
 $postArray = hesk_POST_array('quick_help_sections');
 foreach ($postArray as $value) {
@ -516,6 +513,7 @@ $set['dropdownItemTextColor'] = hesk_input(hesk_POST('dropdownItemTextColor'));
 $set['dropdownItemTextHoverColor'] = hesk_input(hesk_POST('dropdownItemTextHoverColor'));
 $set['questionMarkColor'] = hesk_input(hesk_POST('questionMarkColor'));
 $set['dropdownItemTextHoverBackgroundColor'] = hesk_input(hesk_POST('dropdownItemTextHoverBackgroundColor'));
+$set['admin_color_scheme'] = hesk_input(hesk_POST('admin-color-scheme'));
 mfh_updateSetting('rtl', $set['rtl']);
 mfh_updateSetting('show_icons', $set['show-icons']);
 mfh_updateSetting('custom_field_setting', $set['custom-field-setting']);
@ -552,6 +550,7 @@ mfh_updateSetting('use_mailgun', $set['use_mailgun'], false);
 mfh_updateSetting('enable_calendar', $set['enable_calendar'], false);
 mfh_updateSetting('first_day_of_week', $set['first_day_of_week'], false);
 mfh_updateSetting('default_calendar_view', $set['default_view'], true);
+mfh_updateSetting('admin_color_scheme', $set['admin_color_scheme'], true);

 // Prepare settings file and save it
 $settings_file_content = '<?php
@ -588,6 +587,7 @@ $hesk_settings[\'hesk_title\']=\'' . $set['hesk_title'] . '\';
 $hesk_settings[\'hesk_url\']=\'' . $set['hesk_url'] . '\';
 $hesk_settings[\'admin_dir\']=\'' . $set['admin_dir'] . '\';
 $hesk_settings[\'attach_dir\']=\'' . $set['attach_dir'] . '\';
+$hesk_settings[\'cache_dir\']=\'' . $set['cache_dir'] . '\';
 $hesk_settings[\'max_listings\']=' . $set['max_listings'] . ';
 $hesk_settings[\'print_font_size\']=' . $set['print_font_size'] . ';
 $hesk_settings[\'autoclose\']=' . $set['autoclose'] . ';
@ -598,6 +598,10 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
 // --> Features
 $hesk_settings[\'autologin\']=' . $set['autologin'] . ';
 $hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
+$hesk_settings[\'require_email\']=' . $set['require_email'] . ';
+$hesk_settings[\'require_owner\']=' . $set['require_owner'] . ';
+$hesk_settings[\'require_subject\']=' . $set['require_subject'] . ';
+$hesk_settings[\'require_message\']=' . $set['require_message'] . ';
 $hesk_settings[\'custclose\']=' . $set['custclose'] . ';
 $hesk_settings[\'custopen\']=' . $set['custopen'] . ';
 $hesk_settings[\'rating\']=' . $set['rating'] . ';
@ -610,6 +614,7 @@ $hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
 $hesk_settings[\'short_link\']=' . $set['short_link'] . ';
 $hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
 $hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
+$hesk_settings[\'cat_show_select\']=' . $set['cat_show_select'] . ';

 // --> SPAM Prevention
 $hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
@ -626,6 +631,8 @@ $hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
 $hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
 $hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
 $hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
+$hesk_settings[\'x_frame_opt\']=' . $set['x_frame_opt'] . ';
+$hesk_settings[\'force_ssl\']=' . $set['force_ssl'] . ';

 // --> Attachments
 $hesk_settings[\'attachments\']=array (
@ -635,6 +642,15 @@ $hesk_settings[\'attachments\']=array (
 \'allowed_types\' => array(\'' . implode('\',\'', $set['attachments']['allowed_types']) . '\')
 );

+// --> IMAP Fetching
+$hesk_settings[\'imap\']=' . $set['imap'] . ';
+$hesk_settings[\'imap_job_wait\']=' . $set['imap_job_wait'] . ';
+$hesk_settings[\'imap_host_name\']=\'' . $set['imap_host_name'] . '\';
+$hesk_settings[\'imap_host_port\']=' . $set['imap_host_port'] . ';
+$hesk_settings[\'imap_enc\']=\'' . $set['imap_enc'] . '\';
+$hesk_settings[\'imap_keep\']=' . $set['imap_keep'] . ';
+$hesk_settings[\'imap_user\']=\'' . $set['imap_user'] . '\';
+$hesk_settings[\'imap_password\']=\'' . $set['imap_password'] . '\';

 // ==> KNOWLEDGEBASE

@ -731,22 +747,6 @@ $hesk_settings[\'online_min\']=' . $set['online_min'] . ';
 $hesk_settings[\'check_updates\']=' . $set['check_updates'] . ';


-// ==> CUSTOM FIELDS
-
-$hesk_settings[\'custom_fields\']=array (
-';
-
-for ($i = 1; $i <= 20; $i++) {
-    $settings_file_content .= '\'custom' . $i . '\'=>array(\'use\'=>' . $set['custom_fields']['custom' . $i]['use'] . ',\'place\'=>' . $set['custom_fields']['custom' . $i]['place'] . ',\'type\'=>\'' . $set['custom_fields']['custom' . $i]['type'] . '\',\'req\'=>' . $set['custom_fields']['custom' . $i]['req'] . ',\'name\'=>\'' . $set['custom_fields']['custom' . $i]['name'] . '\',\'maxlen\'=>' . $set['custom_fields']['custom' . $i]['maxlen'] . ',\'value\'=>\'' . $set['custom_fields']['custom' . $i]['value'] . '\')';
-    if ($i != 20) {
-        $settings_file_content .= ',
-';
-    }
-}
-
-$settings_file_content .= '
-);
-
 #############################
 #     DO NOT EDIT BELOW     #
 #############################
@ -796,14 +796,6 @@ function mfh_updateSetting($key, $value, $isString = false)
    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = " . $formattedValue . " WHERE `Key` = '" . $key . "'");
 }

-function hesk_checkMinMax($myint, $min, $max, $defval)
-{
-    if ($myint > $max || $myint < $min) {
-        return $defval;
-    }
-    return $myint;
-} // END hesk_checkMinMax()
-

 function hesk_getLanguagesArray($returnArray = 0)
 {
@ -847,7 +839,7 @@ function hesk_getLanguagesArray($returnArray = 0)
                    $add = 0;
                } elseif (!preg_match('/\$hesklang\[\'EMAIL_HR\'\]\=\'(.*)\'\;/', $tmp, $hr)) {
                    $add = 0;
-                } elseif (!preg_match('/\$hesklang\[\'ms01\'\]/', $tmp)) {
+                } elseif (!preg_match('/\$hesklang\[\'refresh_page\'\]/', $tmp)) {
                    $add = 0;
                }
            } else {
--- a/admin/admin_submit_ticket.php
+++ b/admin/admin_submit_ticket.php
@ -62,7 +62,22 @@ if ($hesk_settings['can_sel_lang']) {
    $tmpvar['language'] = hesk_POST('customerLanguage');
 }
 $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
-$tmpvar['email'] = hesk_POST('email');
+$email_available = true;
+
+if ($hesk_settings['require_email']) {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+} else {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+    // Not required, but must be valid if it is entered
+    if ($tmpvar['email'] == '') {
+        $email_available = false;
+
+        if (strlen(hesk_POST('email'))) {
+            $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+        }
+    }
+}
 if ($hesk_settings['multi_eml']) {
    $tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
 }
@ -80,11 +95,22 @@ if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
    }
 }

-$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
-$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];
+$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
+if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
+    $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
+}
+
+$tmpvar['message']  = hesk_input( hesk_POST('message') );
+if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+    $hesk_error_buffer['message'] = $hesklang['enter_message'];
+}

 // Is category a valid choice?
 if ($tmpvar['category']) {
+    if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
+        hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
+    }
+
    hesk_verifyCategory(1);

    // Is auto-assign of tickets disabled in this category?
@ -94,19 +120,69 @@ if ($tmpvar['category']) {
 }

 // Custom fields
-foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use'] && isset($_POST[$k])) {
-        // Date will be handled by the jQuery datepicker
-        if ($v['type'] == 'date' && $_POST[$k] != '') {
-            $tmpvar[$k] = strtotime($_POST[$k]);
-        } else if (is_array($_POST[$k])) {
-            $tmpvar[$k] = '';
-            foreach ($_POST[$k] as $myCB) {
-                $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
+foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+    if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
+        if ($v['type'] == 'checkbox') {
+            $tmpvar[$k]='';
+
+            if (isset($_POST[$k]) && is_array($_POST[$k])) {
+                foreach ($_POST[$k] as $myCB) {
+                    $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
+                }
+                $tmpvar[$k]=substr($tmpvar[$k],0,-6);
+            } else {
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
+                $_POST[$k] = '';
+            }
+        } elseif ($v['type'] == 'date') {
+            $tmpvar[$k] = hesk_POST($k);
+            $_SESSION["as_$k"] = '';
+            if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
+                $date = strtotime($tmpvar[$k] . ' t00:00:00');
+                $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
+                $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
+
+                $_SESSION["as_$k"] = $tmpvar[$k];
+
+                if ($dmin && $dmin > $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+                } elseif ($dmax && $dmax < $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+                } else {
+                    $tmpvar[$k] = $date;
+                }
+            } else {
+                $tmpvar[$k] = '';
+
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
+            }
+        } elseif ($v['type'] == 'email')
+        {
+            $tmp = $hesk_settings['multi_eml'];
+            $hesk_settings['multi_eml'] = $v['value']['multiple'];
+            $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+            $hesk_settings['multi_eml'] = $tmp;
+
+            if ($tmpvar[$k] != '') {
+                $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
+            } else {
+                $_SESSION["as_$k"] = '';
+
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+                }
+            }
+        } elseif ($v['req'] == 2) {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            if ($tmpvar[$k] == '') {
+                $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
            }
-            $tmpvar[$k] = substr($tmpvar[$k], 0, -6);
        } else {
-            $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
        }
    } else {
        $tmpvar[$k] = '';
@ -202,7 +278,6 @@ if (count($hesk_error_buffer) != 0) {

    $_SESSION['as_name'] = hesk_POST('name');
    $_SESSION['as_email'] = hesk_POST('email');
-    $_SESSION['as_category'] = hesk_POST('category');
    $_SESSION['as_priority'] = $tmpvar['priority'];
    $_SESSION['as_subject'] = hesk_POST('subject');
    $_SESSION['as_message'] = hesk_POST('message');
@ -211,7 +286,7 @@ if (count($hesk_error_buffer) != 0) {
    $_SESSION['as_show'] = $show;

    foreach ($hesk_settings['custom_fields'] as $k => $v) {
-        if ($v['use']) {
+        if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
            $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
        }
    }
@ -228,7 +303,7 @@ if (count($hesk_error_buffer) != 0) {
    }

    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
-    hesk_process_messages($hesk_error_buffer, 'new_ticket.php');
+    hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
 }

 if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
@ -258,7 +333,7 @@ $tmpvar['screen_resolution_width'] = "NULL";
 $ticket = hesk_newTicket($tmpvar);

 // Notify the customer about the ticket?
-if ($notify) {
+if ($notify && $email_available) {
    hesk_notifyCustomer($modsForHesk_settings);
 }

@ -288,9 +363,7 @@ hesk_cleanSessionVars('as_owner');
 hesk_cleanSessionVars('as_notify');
 hesk_cleanSessionVars('as_show');
 foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use']) {
-        hesk_cleanSessionVars("as_$k");
-    }
+    hesk_cleanSessionVars("as_$k");
 }

 // If ticket has been assigned to the person submitting it lets show a message saying so
@ -304,5 +377,4 @@ if ($show) {
    hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
 } else {
    hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
-}
-?>
+}
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@ -60,14 +60,22 @@ $can_archive = hesk_checkPermission('can_add_archive', 0);
 $can_assign_self = hesk_checkPermission('can_assign_self', 0);
 $can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);
 $can_change_cat = hesk_checkPermission('can_change_cat', 0);
+$can_change_own_cat  = hesk_checkPermission('can_change_own_cat',0);
 $can_ban_emails = hesk_checkPermission('can_ban_emails', 0);
 $can_unban_emails = hesk_checkPermission('can_unban_emails', 0);
 $can_ban_ips = hesk_checkPermission('can_ban_ips', 0);
 $can_unban_ips = hesk_checkPermission('can_unban_ips', 0);
+$can_resolve		 = hesk_checkPermission('can_resolve', 0);

 // Get ticket ID
 $trackingID = hesk_cleanID() or print_form();

+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
+// Load statuses
+//require_once(HESK_PATH . 'inc/statuses.inc.php');
+
 $_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999);

 /* We will need timer function */
@ -127,7 +135,20 @@ $managerRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_p
 $managerRow = hesk_dbFetchAssoc($managerRS);
 $isManager = $managerRow['id'] == $category['manager'];
 if ($isManager) {
-    $can_del_notes = $can_reply = $can_delete = $can_edit = $can_archive = $can_assign_self = $can_view_unassigned = $can_change_cat = true;
+    $can_del_notes =
+        $can_reply =
+        $can_delete =
+        $can_edit =
+        $can_archive =
+        $can_assign_self =
+        $can_view_unassigned =
+        $can_change_own_cat =
+        $can_change_cat =
+        $can_ban_emails =
+        $can_unban_emails =
+        $can_ban_ips =
+        $can_unban_ips =
+        $can_resolve = true;
 }

 /* Is this user allowed to view tickets inside this category? */
@ -187,12 +208,12 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
                }

                /* Delete attachments info from the database */
-                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
+                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "'");
            }
        }

        /* Delete this reply */
-        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "'");

        /* Reply wasn't deleted */
        if (hesk_dbAffectedRows() != 1) {
@ -239,7 +260,7 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
                    }
                }

-                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "'");
            } else {
                // Update status, closedat and closedby columns as required
                if ($ticket['locked']) {
@ -250,7 +271,7 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
                    $closed_sql = " , `closedat`=NULL, `closedby`=NULL ";
                }

-                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "'");
            }

            hesk_process_messages($hesklang['repl'], $_SERVER['PHP_SELF'], 'SUCCESS');
@ -273,7 +294,7 @@ if (isset($_GET['delnote']) && hesk_token_check()) {
            // Permission to delete note?
            if ($can_del_notes || $note['who'] == $_SESSION['id']) {
                // Delete note
-                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "' LIMIT 1");
+                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "'");

                // Delete attachments
                if (strlen($note['attachments'])) {
@ -435,7 +456,7 @@ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['

    /* Update database */
    $revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");

    /* Show ticket */
    hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
@ -525,15 +546,14 @@ if (isset($_GET['delatt']) && hesk_token_check()) {
    /* Update ticket or reply in the database */
    $revision = sprintf($hesklang['thist12'], hesk_date(), $att['real_name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
    if ($reply) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "'");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'");
    } elseif ($note) {
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`={$note} LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note} LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note}");
    } else {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "'");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'");
    }

    hesk_process_messages($hesklang['kb_att_rem'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
@ -553,7 +573,11 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');

 /* List of categories */
 $orderBy = $modsForHesk_settings['category_order_column'];
-$result = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `usage` <> 2 ORDER BY `" . $orderBy . "` ASC");
+if ($can_change_cat) {
+    $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `usage` <> 2 ORDER BY `cat_order` ASC");
+} else {
+    $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `usage` <> 2 AND ".hesk_myCategories('id')." ORDER BY `cat_order` ASC");
+}
 $categories_options = '';
 while ($row = hesk_dbFetchAssoc($result)) {
    $selected = '';
@ -633,6 +657,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
    <?php
    /* This will handle error, success and notice messages */
    hesk_handle_messages();
+
+    // Prepare special custom fields
+    foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+        if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) {
+            switch ($v['type']) {
+                case 'date':
+                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                    break;
+            }
+        }
+    }
    ?>
    <h1><?php echo $hesklang['ticket_details']; ?></h1>
    <h2>
@ -1025,15 +1060,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                            <input type="hidden" name="track" value="' . $trackingID . '">
                            <input type="hidden" name="token" value="' . hesk_token_echo(0) . '">
                            </span>';
+                if ( ! $ticket['owner'])
+                {
+                    echo '<input type="hidden" name="unassigned" value="1">';
+                }
+                echo '</form></div>';
            } else {
                echo '<p class="ticket-property-text">';
                echo isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] :
-                    ($can_assign_self ? $hesklang['unas'] . ' [<a href="assign_owner.php?track=' . $trackingID . '&amp;owner=' . $_SESSION['id'] . '&amp;token=' . hesk_token_echo(0) . '">' . $hesklang['asss'] . '</a>]' : $hesklang['unas']);
+                    ($can_assign_self ? $hesklang['unas'] . ' [<a href="assign_owner.php?track=' . $trackingID . '&amp;owner=' . $_SESSION['id'] . '&amp;token=' . hesk_token_echo(0) . '&amp;unassigned=1">' . $hesklang['asss'] . '</a>]' : $hesklang['unas']);
                echo '</p>';
            }
-            echo '</form></div>';
            echo '<div class="col-md-3 col-sm-12 ticket-cell-admin"><p class="ticket-property-title">' . $hesklang['category'] . '</p>';
-            if ($can_change_cat) {
+            if (strlen($categories_options) && ($can_change_cat || $can_change_own_cat)) {
                echo '

                        <form style="margin-bottom:0;" id="changeCategory" action="move_category.php" method="post">
@ -1248,7 +1287,7 @@ require_once(HESK_PATH . 'inc/footer.inc.php');

 function hesk_getAdminButtons($category_id)
 {
-    global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager;
+    global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve, $isManager;

    $options = '';

@ -1330,7 +1369,7 @@ function hesk_getAdminButtons($category_id)
                    </div>
                    <div class="modal-body">
                        <?php if ($hasLocation): ?>
-           '               <div id="map" style="height: 500px"></div><br>
+                            <div id="map" style="height: 500px"></div><br>
                            <address id="friendly-location" style="font-size: 13px"></address>
                            <p id="save-for-address"
                               style="font-size: 13px;display:none"><?php echo $hesklang['save_to_see_updated_address']; ?></p>
@ -1419,7 +1458,7 @@ function hesk_getAdminButtons($category_id)
    $isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly';

    $mgr = $isManager ? '&amp;isManager=1' : '';
-    if ($isTicketClosed == 0 && $isClosable) // Ticket is still open
+    if ($isTicketClosed == 0 && $isClosable && $can_resolve) // Ticket is still open
    {
        $dropdown .= '<li><a href="change_status.php?track=' . $trackingID . $mgr . '&amp;s=' . $staffClosedOptionStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
                    <i class="fa fa-check-circle fa-fw"></i> ' . $hesklang['close_action'] . '</a></li>';
@ -1429,7 +1468,7 @@ function hesk_getAdminButtons($category_id)
    }

    /* Lock ticket button */
-    if ($can_edit) {
+    if ($can_resolve) {
        $template = '<li><a href="lock.php?track=' . $trackingID . '&amp;locked=%s&amp;Refresh=' . mt_rand(10000, 99999) . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-%s fa-fw"></i> %s</a></li>';
        $dropdown .= $ticket['locked']
            ? sprintf($template, 0, 'unlock', $hesklang['tul'])
@ -1560,7 +1599,7 @@ function mfh_print_message() {
        <div class="timeline-item">
            <span class="time"><i class="fa fa-clock-o"></i> <?php echo $ticket['dt']; ?></span>
            <h3 class="timeline-header"><?php echo $ticket['name']; ?></h3>
-            <div class="timeline-body">
+            <div class="timeline-header header-info">
                <div class="row">
                    <div class="col-md-3 text-right">
                        <strong><?php echo $hesklang['m_sub']; ?></strong>
@ -1569,16 +1608,13 @@ function mfh_print_message() {
                        <?php echo $ticket['subject']; ?>
                    </div>
                </div>
-                <?php foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place'] == 0) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
-                        }
+                <?php
+                foreach ($hesk_settings['custom_fields'] as $k => $v) {
+                    if ($v['use'] && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                        echo '<div class="row">';
                        echo '<div class="col-md-3 text-right"><strong>' . $v['name'] . ':</strong></div>';
-                        if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                            $dt = hesk_date($ticket[$k], false, false);
-                            echo '<div class="col-md-9">' . hesk_dateToString($dt, 0) . '</div>';
+                        if ($v['type'] == 'email') {
+                            echo '<div class="col-md-9"><a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a></div>';
                        } else {
                            echo '<div class="col-md-9">' . $ticket[$k] . '</div>';
                        }
@ -1586,37 +1622,40 @@ function mfh_print_message() {
                    }
                }
                ?>
-                <div class="row push-down-10">
-                    <div class="col-md-3 text-right">
-                        <strong><?php echo $hesklang['message_colon']; ?></strong>
-                    </div>
-                    <div class="col-md-9">
-                        <?php if ($ticket['html']) {
-                            echo hesk_html_entity_decode($ticket['message']);
-                        } else {
-                            echo $ticket['message'];
-                        } ?>
-                    </div>
-                </div>
+            </div>
+            <div class="timeline-body">
                <?php
-                foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place']) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
-                        }
-                        echo '<div class="row">';
-                        echo '<div class="col-md-3 text-right"><strong>' . $v['name'] . ':</strong></div>';
-                        if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                            $dt = hesk_date($ticket[$k], false, false);
-                            echo '<div class="col-md-9">' . hesk_dateToString($dt, 0) . '</div>';
-                        } else {
-                            echo '<div class="col-md-9">' . $ticket[$k] . '</div>';
-                        }
-                        echo '</div>';
+                if ($ticket['message'] != '') {
+                    if ($ticket['html']) {
+                        echo hesk_html_entity_decode($ticket['message']);
+                    } else {
+                        echo $ticket['message'];
                    }
                }
                ?>
            </div>
+            <?php
+            $first = true;
+            foreach ($hesk_settings['custom_fields'] as $k => $v) {
+                if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
+                    if ($first) {
+                        echo '<div class="timeline-footer">';
+                        $first = false;
+                    }
+                    echo '<div class="row">';
+                    echo '<div class="col-md-3 text-right"><strong>' . $v['name'] . ':</strong></div>';
+                    if ($v['type'] == 'email') {
+                        echo '<div class="col-md-9"><a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a></div>';
+                    } else {
+                        echo '<div class="col-md-9">' . $ticket[$k] . '</div>';
+                    }
+                    echo '</div>';
+                }
+            }
+            if (!$first) {
+                echo '</div>';
+            }
+            ?>
            <?php if (($hesk_settings['attachments']['use'] && strlen($ticket['attachments']))
                || ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && strlen($ticket['articles']))): ?>
                <div class="timeline-footer">
@ -1746,6 +1785,13 @@ function hesk_printTicketReplies()
 function hesk_printReplyForm()
 {
    global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $isManager, $modsForHesk_settings;
+
+    // Force assigning a ticket before allowing to reply?
+    if ($hesk_settings['require_owner'] && ! $ticket['owner'])
+    {
+        hesk_show_notice($hesklang['atbr'].($can_assign_self ? '<br /><br /><a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$_SESSION['id'].'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1">'.$hesklang['attm'].'</a>' : ''), $hesklang['owneed']);
+        return '';
+    }
    ?>
    <!-- START REPLY FORM -->
    <?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
@ -1944,6 +1990,10 @@ function hesk_printReplyForm()
                            <?php
                            $statuses = mfh_getAllStatuses();
                            foreach ($statuses as $status) {
+                                if ($status['IsClosed'] == '1' && !$can_resolve) {
+                                    continue;
+                                }
+
                                echo '<li><a>
                                        <button class="dropdown-submit" type="submit" name="submit_as_status" value="' . $status['ID'] . '"">
                                            ' . $hesklang['submit_reply'] . ' ' . $hesklang['and_change_status_to'] . ' <b>
@ -2026,26 +2076,12 @@ function hesk_printCanned()
            myMsg = myMsg.replace(/%%HESK_NAME%%/g, '<?php echo hesk_jsString($ticket['name']); ?>');
            myMsg = myMsg.replace(/%%HESK_EMAIL%%/g, '<?php echo hesk_jsString($ticket['email']); ?>');
            myMsg = myMsg.replace(/%%HESK_OWNER%%/g, '<?php echo hesk_jsString( isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : ''); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom1%%/g, '<?php echo hesk_jsString($ticket['custom1']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom2%%/g, '<?php echo hesk_jsString($ticket['custom2']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom3%%/g, '<?php echo hesk_jsString($ticket['custom3']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom4%%/g, '<?php echo hesk_jsString($ticket['custom4']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom5%%/g, '<?php echo hesk_jsString($ticket['custom5']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom6%%/g, '<?php echo hesk_jsString($ticket['custom6']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom7%%/g, '<?php echo hesk_jsString($ticket['custom7']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom8%%/g, '<?php echo hesk_jsString($ticket['custom8']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom9%%/g, '<?php echo hesk_jsString($ticket['custom9']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom10%%/g, '<?php echo hesk_jsString($ticket['custom10']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom11%%/g, '<?php echo hesk_jsString($ticket['custom11']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom12%%/g, '<?php echo hesk_jsString($ticket['custom12']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom13%%/g, '<?php echo hesk_jsString($ticket['custom13']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom14%%/g, '<?php echo hesk_jsString($ticket['custom14']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom15%%/g, '<?php echo hesk_jsString($ticket['custom15']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom16%%/g, '<?php echo hesk_jsString($ticket['custom16']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom17%%/g, '<?php echo hesk_jsString($ticket['custom17']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom18%%/g, '<?php echo hesk_jsString($ticket['custom18']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom19%%/g, '<?php echo hesk_jsString($ticket['custom19']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom20%%/g, '<?php echo hesk_jsString($ticket['custom20']); ?>');
+
+            <?php
+            for ($i=1; $i<=50; $i++) {
+                echo 'myMsg = myMsg.replace(/%%HESK_custom'.$i.'%%/g, \''.hesk_jsString($ticket['custom'.$i]).'\');';
+            }
+            ?>

            if (document.getElementById) {
                if (document.getElementById('moderep').checked) {
--- a/admin/assign_owner.php
+++ b/admin/assign_owner.php
@ -70,7 +70,7 @@ $owner = intval(hesk_REQUEST('owner'));
 /* If ID is -1 the ticket will be unassigned */
 if ($owner == -1) {
    $revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");

    hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
 } elseif ($owner < 1) {
@ -89,10 +89,31 @@ if (!$row['isadmin']) {
    }
 }

+// Make sure two people don't assign a ticket to a different user at the same time
+if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y') {
+    $new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']);
+
+    $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$ticket['owner']}' LIMIT 1");
+
+    if (hesk_dbNumRows($res) == 1) {
+        $row = hesk_dbFetchAssoc($res);
+
+        hesk_process_messages(
+            sprintf($hesklang['taat'], $row['name']) .
+            '<br /><br />' .
+            $new_owner .
+            '<br /><br />' .
+            '<a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$owner.'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1&amp;confirm=Y">'.$hesklang['ycto'].'</a> | ' .
+            '<a href="admin_ticket.php?track='.$ticket['trackid'].'">'.$hesklang['ncto'].'</a>',
+            $_SERVER['PHP_SELF'], 'NOTICE'
+        );
+    }
+}
+
 /* Assigning to self? */
 if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) {
    $revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");

    if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
        $_SERVER['PHP_SELF'] = 'admin_main.php';
--- a/admin/banned_emails.php
+++ b/admin/banned_emails.php
@ -107,6 +107,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            </li>
            ';
                    }
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
+                    }
                    ?>
                </ul>
                <div class="tab-content summaryList tabPadding">
@ -152,8 +155,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                            <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>

                            <div class="footerWithBorder blankSpace"></div>
-                            <b>john@email.com</b><br/>
-                            <b>@domain.com</b>
+                            <b>john@example.com</b><br/>
+                            <b>@example.com</b>
                        </div>
                    </div>
                    <div class="row">
@ -307,7 +310,7 @@ function unban_email()
    hesk_token_check();

    // Delete from bans
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));

    // Redirect either to banned emails or ticket page from now on
    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
--- a/admin/banned_ips.php
+++ b/admin/banned_ips.php
@ -110,6 +110,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
            </li>
            ';
+                    }
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
+            </li>';
                    }
                    ?>
                </ul>
@ -375,7 +381,7 @@ function ban_ip()

    // Delete temporary bans from logins table
    if ($ip_to == $ip_from) {
-        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1");
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "'");
    }

    // Redirect either to banned ips or ticket page from now on
@ -407,7 +413,7 @@ function unban_temp_ip()
    $ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip'));

    // Delete from bans
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "'");

    // Show success
    hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS');
@ -423,7 +429,7 @@ function unban_ip()
    hesk_token_check();

    // Delete from bans
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')));

    // Redirect either to banned ips or ticket page from now on
    $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';
--- a/admin/change_status.php
+++ b/admin/change_status.php
@ -74,6 +74,10 @@ $locked = 0;
 $statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE ID = " . $status));
 if ($statusRow['IsClosed']) // Closed
 {
+    if ( ! hesk_checkPermission('can_resolve', 0)) {
+        hesk_process_messages($hesklang['noauth_resolve'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
+    }
+
    $action = $hesklang['ticket_been'] . ' ' . $hesklang['close'];
    $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');

@ -101,7 +105,7 @@ if ($statusRow['IsClosed']) // Closed

    // Log who marked the ticket resolved
    $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
-} elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new
+} elseif ($statusRow['IsNewTicketStatus'] == '0') //Ticket is still open, but not new
 {
    $action = sprintf($hesklang['tsst'], $status_options[$status]);
    $revision = sprintf($hesklang['thist9'], hesk_date(), $status_options[$status], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
@ -118,11 +122,10 @@ if ($statusRow['IsClosed']) // Closed
 }


-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");

 if (hesk_dbAffectedRows() != 1) {
    hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found].");
 }

 hesk_process_messages($action, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
-?>
--- a/admin/custom_fields.php
+++ b/admin/custom_fields.php
--- a/admin/delete_tickets.php
+++ b/admin/delete_tickets.php
@ -131,7 +131,7 @@ if (array_key_exists($_POST['a'], $priorities)) {
        hesk_okCategory($ticket['category']);

        $revision = sprintf($hesklang['thist8'], hesk_date(), $priority['formatted'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id} LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id}");

        $i++;
    }
@ -223,7 +223,7 @@ elseif ($_POST['a'] == 'tag' || $_POST['a'] == 'untag') {

        hesk_okCategory($ticket['category']);

-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "'");
        $i++;
    }

@ -233,6 +233,7 @@ else {
    /* Check permissions for this feature */
    hesk_checkPermission('can_view_tickets');
    hesk_checkPermission('can_reply_tickets');
+    hesk_checkPermission('can_resolve');

    /* A security check */
    hesk_token_check('POST');
@ -255,7 +256,7 @@ else {
        $closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
        $closedStatus = hesk_dbFetchAssoc($closedStatusRS);

-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "'");
        $i++;

        // Notify customer of closed ticket?
--- a/admin/edit_post.php
+++ b/admin/edit_post.php
@ -31,12 +31,14 @@
 define('IN_SCRIPT', 1);
 define('HESK_PATH', '../');
 define('WYSIWYG', 1);
+define('VALIDATOR', 1);

 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
 require(HESK_PATH . 'inc/mail_functions.inc.php');
+require(HESK_PATH . 'inc/custom_fields.inc.php');
 hesk_load_database_functions();

 hesk_session_start();
@ -56,6 +58,10 @@ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['n
 $is_reply = 0;
 $tmpvar = array();

+if (!isset($_SESSION['iserror'])) {
+    $_SESSION['iserror'] = array();
+}
+
 /* Get ticket info */
 $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
 if (hesk_dbNumRows($result) != 1) {
@ -111,13 +117,29 @@ if (isset($_POST['save'])) {

        $tmpvar['html'] = hesk_POST('html');

-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "'");
    } else {
        $tmpvar['language'] = hesk_POST('customerLanguage');
        $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
-        $tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0);
+
+        if ($hesk_settings['require_email']) {
+            $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+        } else {
+            $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+            // Not required, but must be valid if it is entered
+            if ($tmpvar['email'] == '') {
+                if (strlen(hesk_POST('email'))) {
+                    $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+                }
+            }
+        }
+
        $tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
-        $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
+        $tmpvar['message'] = hesk_input( hesk_POST('message') );
+        if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+            $hesk_error_buffer[] = $hesklang['enter_message'];
+        }
        $tmpvar['html'] = hesk_POST('html');

        // Demo mode
@ -125,6 +147,82 @@ if (isset($_POST['save'])) {
            $tmpvar['email'] = 'hidden@demo.com';
        }

+        // Custom fields
+        foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+            if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
+                if ($v['req'] == 2) {
+                    $v['req'] = '<span class="important">*</span>';
+                    $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                } else {
+                    $v['req'] = '';
+                    $required_attribute = '';
+                }
+
+                if ($v['type'] == 'checkbox') {
+                    $tmpvar[$k]='';
+
+                    if (isset($_POST[$k]) && is_array($_POST[$k])) {
+                        foreach ($_POST[$k] as $myCB) {
+                            $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br>';
+                        }
+                        $tmpvar[$k]=substr($tmpvar[$k],0,-6);
+                    } else {
+                        if ($v['req'] == 2) {
+                            $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                        }
+                        $_POST[$k] = '';
+                    }
+                } elseif ($v['type'] == 'date') {
+                    $tmpvar[$k] = hesk_POST($k);
+                    $_SESSION["as_$k"] = '';
+
+                    if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
+                        $date = strtotime($tmpvar[$k] . ' t00:00:00');
+                        $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
+                        $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
+
+                        $_SESSION["as_$k"] = $tmpvar[$k];
+
+                        if ($dmin && $dmin > $date) {
+                            $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+                        } elseif ($dmax && $dmax < $date) {
+                            $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+                        } else {
+                            $tmpvar[$k] = $date;
+                        }
+                    } else {
+                        if ($v['req'] == 2) {
+                            $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                        }
+                    }
+                } elseif ($v['type'] == 'email') {
+                    $tmp = $hesk_settings['multi_eml'];
+                    $hesk_settings['multi_eml'] = $v['value']['multiple'];
+                    $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+                    $hesk_settings['multi_eml'] = $tmp;
+
+                    if ($tmpvar[$k] != '') {
+                        $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
+                    } else {
+                        $_SESSION["as_$k"] = '';
+
+                        if ($v['req'] == 2) {
+                            $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+                        }
+                    }
+                } elseif ($v['req'] == 2) {
+                    $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+                    if ($tmpvar[$k] == '') {
+                        $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                    }
+                } else {
+                    $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
+                }
+            } else {
+                $tmpvar[$k] = '';
+            }
+        }
+
        if (count($hesk_error_buffer)) {
            $myerror = '<ul>';
            foreach ($hesk_error_buffer as $error) {
@ -139,51 +237,20 @@ if (isset($_POST['save'])) {
            $tmpvar['message'] = nl2br($tmpvar['message']);
        }

-        foreach ($hesk_settings['custom_fields'] as $k => $v) {
-            if ($v['use'] && isset($_POST[$k])) {
-                if ($v['type'] == 'date' && $_POST[$k] != '') {
-                    $tmpvar[$k] = strtotime($_POST[$k]);
-                } elseif (is_array($_POST[$k])) {
-                    $tmpvar[$k] = '';
-                    foreach ($_POST[$k] as $myCB) {
-                        $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
-                    }
-                    $tmpvar[$k] = substr($tmpvar[$k], 0, -6);
-                } else {
-                    $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
-                }
-            } else {
-                $tmpvar[$k] = '';
-            }
+        $custom_SQL = '';
+        for ($i = 1; $i <= 50; $i++) {
+            $custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ',';
        }
+        $custom_SQL = rtrim($custom_SQL, ',');

        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET
 		`name`='" . hesk_dbEscape($tmpvar['name']) . "',
 		`email`='" . hesk_dbEscape($tmpvar['email']) . "',
 		`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',
 		`message`='" . hesk_dbEscape($tmpvar['message']) . "',
-		`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',
-		`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',
-		`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',
-		`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',
-		`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',
-		`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',
-		`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',
-		`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',
-		`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',
-		`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',
-		`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',
-		`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',
-		`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',
-		`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',
-		`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',
-		`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',
-		`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',
-		`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',
-		`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',
-		`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "',
 		`language`='" . hesk_dbEscape($tmpvar['language']) . "',
-		`html`='" . hesk_dbEscape($tmpvar['html']) . "'
+		`html`='" . hesk_dbEscape($tmpvar['html']) . "',
+		$custom_SQL
 		WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
    }

@ -222,15 +289,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            </div>
        </div>
        <div class="box-body">
-            <form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1">
+            <?php
+            $onsubmit = '';
+            if ($modsForHesk_settings['rich_text_for_tickets']) {
+                $onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
+            }
+            ?>
+            <form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1" <?php echo $onsubmit; ?>>
                <?php
                /* If it's not a reply edit all the fields */
                if (!$is_reply) {
                    if ($hesk_settings['can_sel_lang']) {
                        ?>
                        <div class="form-group">
-                            <label for="customerLanguage" class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?>
-                                :</label>
+                            <label for="customerLanguage"
+                                   class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?></label>

                            <div class="col-sm-9">
                                <select name="customerLanguage" id="customerLanguage" class="form-control">
@ -242,7 +315,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                        echo '<input type="hidden" name="customerLanguage" value="' . $ticket['language'] . '">';
                    } ?>
                    <div class="form-group">
-                        <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>:</label>
+                        <?php
+                        $required = '';
+                        $required_attribute = '';
+                        if ($hesk_settings['require_subject'] == 1) {
+                            $required = ' <span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        }
+                        ?>
+                        <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject'] . $required; ?></label>

                        <div class="col-sm-9">
                            <input class="form-control" type="text" name="subject" size="40" maxlength="40"
@ -251,83 +332,101 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                        </div>
                    </div>
                    <div class="form-group">
-                        <label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>:</label>
+                        <label for="name" class="col-sm-3 control-label">
+                            <?php echo $hesklang['name']; ?>
+                            <span class="important">*</span>
+                        </label>

                        <div class="col-sm-9">
                            <input class="form-control" type="text" name="name" size="40" maxlength="30"
                                   value="<?php echo $ticket['name']; ?>"
-                                   placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"/>
+                                   placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"
+                                   data-error="<?php echo $hesklang['this_field_is_required']; ?>"
+                                   required>
                        </div>
                    </div>
                    <div class="form-group">
-                        <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>:</label>
+                        <?php
+                        $required = '';
+                        $required_attribute = '';
+                        if ($hesk_settings['require_email']) {
+                            $required = ' <span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        }
+                        ?>
+                        <label for="email"
+                               class="col-sm-3 control-label"><?php echo $hesklang['email'] . $required; ?></label>

                        <div class="col-sm-9">
                            <input class="form-control" type="text" name="email" size="40" maxlength="1000"
                                   value="<?php echo $ticket['email']; ?>"
-                                   placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"/>
+                                   placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"
+                                <?php echo $required_attribute ?>>
+                            <div class="help-block with-errors"></div>
                        </div>
                    </div>
                    <?php
                    foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                        if ($v['use']) {
-                            if ($modsForHesk_settings['custom_field_setting']) {
-                                $v['name'] = $hesklang[$v['name']];
-                            }
-
+                        if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                            $k_value = $ticket[$k];

                            if ($v['type'] == 'checkbox') {
-                                $k_value = explode('<br />', $k_value);
+                                $k_value = explode('<br>', $k_value);
+                            }
+
+                            if ($v['req'] == 2) {
+                                $v['req'] = '<span class="important">*</span>';
+                                $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                            } else {
+                                $v['req'] = '';
+                                $required_attribute = '';
                            }

                            switch ($v['type']) {
                                /* Radio box */
                                case 'radio':
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
                                    echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-		                        <div class="col-sm-9">';
-
-                                    $options = explode('#HESK#', $v['value']);
-
-                                    foreach ($options as $option) {
-
-                                        if (strlen($k_value) == 0 || $k_value == $option) {
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">';
+                                    foreach ($v['value']['radio_options'] as $option) {
+                                        if (strlen($k_value) == 0) {
+                                            $k_value = $option;
+                                            $checked = empty($v['value']['no_default']) ? 'checked="checked"' : '';
+                                        } elseif ($k_value == $option) {
                                            $k_value = $option;
                                            $checked = 'checked="checked"';
                                        } else {
                                            $checked = '';
                                        }

-                                        echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
+                                        echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                    }
+                                    echo '<div class="help-block with-errors"></div></div>
+                    </div>';

-                                    echo '</div>
-						        </div>
-						        ';
                                    break;

                                /* Select drop-down box */
                                case 'select':
-                                    echo '
-						        <div class="form-group">
-						        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-		                        <div class="col-sm-9"><select class="form-control" name="' . $k . '">';

+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+
+                                    echo '
+                    <div class="form-group">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <select name="' . $k . '" class="form-control" ' . $required_attribute . '>';
                                    // Show "Click to select"?
-                                    $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                    if ($num) {
+                                    if (!empty($v['value']['show_select'])) {
                                        echo '<option value="">' . $hesklang['select'] . '</option>';
                                    }

-                                    $options = explode('#HESK#', $v['value']);
-
-                                    foreach ($options as $option) {
-
-                                        if (strlen($k_value) == 0 || $k_value == $option) {
+                                    foreach ($v['value']['select_options'] as $option) {
+                                        if ($k_value == $option) {
                                            $k_value = $option;
-                                            $selected = 'selected="selected"';
+                                            $selected = 'selected';
                                        } else {
                                            $selected = '';
                                        }
@ -335,154 +434,139 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                        echo '<option ' . $selected . '>' . $option . '</option>';
                                    }

-                                    echo '</select></div>
-						        </div>
-						        ';
+                                    echo '</select>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                    break;

                                /* Checkbox */
                                case 'checkbox':
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
                                    echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-		                            <div class="col-sm-9">';
-
-                                    $options = explode('#HESK#', $v['value']);
-
-                                    foreach ($options as $option) {
-
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">';
+                                    foreach ($v['value']['checkbox_options'] as $option) {
                                        if (in_array($option, $k_value)) {
-                                            $checked = 'checked="checked"';
+                                            $checked = 'checked';
                                        } else {
                                            $checked = '';
                                        }

-                                        echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
+                                        echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                    }
-
-                                    echo '</div>
-						        </div>
-						        ';
+                                    echo '<div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                    break;

                                /* Large text box */
                                case 'textarea':
-                                    $size = explode('#', $v['value']);
-                                    $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                    $size[1] = empty($size[1]) ? 30 : intval($size[1]);
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
                                    $k_value = hesk_msgToPlain($k_value, 0, 0);

                                    echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-						            <div class="col-sm-9">
-                                        <textarea class="form-control" name="' . $k . '" rows="' . $size[0] . '" placeholder="' . htmlspecialchars($v['name']) . '" cols="' . $size[1] . '">' . $k_value . '</textarea>
-						            </div>
-		                        </div>';
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <textarea name="' . $k . '" class="form-control" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                    break;

+                                // Date
                                case 'date':
-                                    if (strlen($k_value) != 0) {
-                                        $v['value'] = $k_value;
+                                    if ($required_attribute !== '') {
+                                        $required_attribute .= '  pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
                                    }
-                                    echo '
-                                <div class="form-group">
-                                    <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-                                    <div class="col-sm-9">
-                                        <input type="text" class="datepicker form-control white-readonly" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $v['name'] . '" name="' . $k . '" size="40"
-                                            maxlength="' . $v['maxlen'] . '" value="' . date('Y-m-d', $v['value']) . '" readonly/>
-                                    </div>
-                                </div>';
-                                    break;
-                                case 'multiselect':
-                                    echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-                                <div class="col-sm-9"><select class="form-control" id="' . $v['name'] . '" name="' . $k . '" multiple>';
-                                    $options = explode('#HESK#', $v['value']);
-                                    foreach ($options as $option) {
-                                        if (strlen($k_value) == 0 || $k_value == $option) {
-                                            $k_value = $option;
-                                            $selected = 'selected="selected"';
-                                        } else {
-                                            $selected = '';
-                                        }
-                                        echo '<option ' . $selected . '>' . $option . '</option>';
-                                    }
-                                    echo '</select>
-                                <div class="btn-group" role="group">
-                                    <button type="button" class="btn btn-default" onclick="selectAll(\'' . $v['name'] . '\')">'.$hesklang['select_all_title_case'].'</button>
-                                    <button type="button" class="btn btn-default" onclick="deselectAll(\'' . $v['name'] . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                                </div></div></div>';
-                                    break;
-
-                                case 'hidden':
-                                    //Clean up multiple dashes or whitespaces
-                                    $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                    if (strlen($k_value) != 0) {
-                                        $v['value'] = $k_value;
-                                    }
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                    echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '"/>';
+                                    $k_value = hesk_custom_date_display_format($k_value, 'Y-m-d');

+                                    echo '
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" name="' . $k . '" value="' . $k_value . '" class="datepicker form-control" size="10" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                    break;

-                                case 'readonly':
-                                    //Clean up multiple dashes or whitespaces
-                                    $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
+                                // Email
+                                case 'email':
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';

-                                    if (strlen($k_value) != 0) {
-                                        $v['value'] = $k_value;
-                                    }
-
-                                    echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly></div>
-                                </div>';
+                                    $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\'' . $k . '\', \'' . $k . '_suggestions\', 0, 1' . ($v['value']['multiple'] ? ',1' : '') . ')"' : '';

+                                    echo '
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input class="form-control" type="text" name="' . $k . '" id="' . $k . '" value="' . $k_value . '" size="40" ' . $suggest . ' ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    	<div id="' . $k . '_suggestions"></div>
+                    </div>
+					';
                                    break;

-                                /* Default text input */
+                                // Hidden (same as text for staff)
+                                case 'hidden':
+                                case 'readonly':
                                default:
                                    if (strlen($k_value) != 0) {
-                                        $k_value = hesk_msgToPlain($k_value, 0, 0);
-                                        $v['value'] = $k_value;
+                                        $v['value']['default_value'] = $k_value;
                                    }
+
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+
                                    echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-						            <div class="col-sm-9">
-                                        <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" />
-                                    </div>
-						        </div>
-						        ';
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>
+					';
                            }
                        }
                    }
-                    ?>
+                } ?>
+                    <div class="form-group" id="message-group">
+                        <?php
+                        $required = '';
+                        $required_attribute = '';
+                        if ($hesk_settings['require_message'] == 1) {
+                            $required = ' <span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        }

-                <?php } ?>
-                <div class="form-group">
-                    <label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>:</label>
+                        ?>
+                        <label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message'] . $required; ?></label>

-                <div class="col-sm-9">
-                    <?php
-                    $message = $ticket['html'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
-                    ?>
-                    <textarea class="form-control htmlEditor" name="message" rows="12"
-                              placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
-                              cols="60"><?php echo $message; ?></textarea>
-                </div>
-            </div>
+                        <div class="col-sm-9">
+                            <?php
+                            $message = $ticket['html'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
+                            ?>
+                            <textarea class="form-control htmlEditor" name="message" rows="12"
+                                      placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
+                                      cols="60" <?php echo $required_attribute; ?>><?php echo $message; ?></textarea>
+                            <div class="help-block with-errors" id="message-help-block"></div>
+                        </div>
+                    </div>
            <div class="form-group">
-                <input type="hidden" name="save" value="1"/><input type="hidden" name="track"
-                                                                   value="<?php echo $trackingID; ?>"/>
-                <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
+                <input type="hidden" name="save" value="1">
+                <input type="hidden" name="track" value="<?php echo $trackingID; ?>">
+                <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
                <?php
                if ($is_reply) {
                    ?>
-                    <input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>"/>
+                    <input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>">
                    <?php
                }
                ?>
@ -492,7 +576,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                $html = $ticket['html'] ? 1 : 0;
                ?>
                <input type="hidden" name="html" value="<?php echo $html; ?>">
-                <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/>
+                <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default">
                <?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
                    <input type="hidden" name="isManager" value="1">
                <?php endif; ?>
@ -501,6 +585,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
        </form>
    </div>
 </div>
+    <script>
+        buildValidatorForTicketSubmission('form1', "<?php echo addslashes($hesklang['select_at_least_one_value']); ?>");
+    </script>
 <?php if ($ticket['html']): ?>
    <script type="text/javascript">
        /* <![CDATA[ */
--- a/admin/export.php
+++ b/admin/export.php
@ -38,6 +38,7 @@ require(HESK_PATH . 'inc/admin_functions.inc.php');
 require(HESK_PATH . 'inc/reporting_functions.inc.php');
 require(HESK_PATH . 'inc/status_functions.inc.php');
 require(HESK_PATH . 'inc/mail_functions.inc.php');
+require(HESK_PATH . 'inc/custom_fields.inc.php');
 hesk_load_database_functions();

 hesk_session_start();
@ -48,6 +49,13 @@ hesk_isLoggedIn();
 hesk_checkPermission('can_export');
 $modsForHesk_settings = mfh_getSettings();

+// Just a delete file action?
+$delete = hesk_GET('delete');
+if (strlen($delete) && preg_match('/^hesk_export_[0-9_\-]+$/', $delete)) {
+    hesk_unlink(HESK_PATH.$hesk_settings['cache_dir'].'/'.$delete.'.zip');
+    hesk_process_messages($hesklang['fd'], 'export.php','SUCCESS');
+}
+
 // Set default values
 define('CALENDAR', 1);
 define('MAIN_PAGE', 1);
@ -62,23 +70,23 @@ $is_all_time = 0;
 // Default this month to date
 $date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
 $date_to = date('Y-m-d');
-$input_datefrom = date('m/d/Y', strtotime('last month'));
-$input_dateto = date('m/d/Y');
+$input_datefrom = date('Y-m-d', strtotime('last month'));
+$input_dateto = date('Y-m-d');

 /* Date */
 if (!empty($_GET['w'])) {
    $df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
    if (strlen($df) == 8) {
-        $date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2);
-        $input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4);
+        $date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
+        $input_datefrom = $date_from;
    } else {
        $date_from = date('Y-m-d', strtotime('last month'));
    }

    $dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
    if (strlen($dt) == 8) {
-        $date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
-        $input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
+        $date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
+        $input_dateto = $date_to;
    } else {
        $date_to = date('Y-m-d');
    }
@ -317,7 +325,7 @@ if (isset($_GET['w'])) {
    }

    // This will be the export directory
-    $export_dir = HESK_PATH . $hesk_settings['attach_dir'] . '/export/';
+    $export_dir = HESK_PATH.$hesk_settings['cache_dir'].'/';

    // This will be the name of the export and the XML file
    $export_name = 'hesk_export_' . date('Y-m-d_H-i-s') . '_' . mt_rand(10000, 99999);
@ -331,12 +339,7 @@ if (isset($_GET['w'])) {
 		}
 	
        // Cleanup old files
-        $files = preg_grep('/index\.htm$/', glob($export_dir.'*', GLOB_NOSORT), PREG_GREP_INVERT);
-        if (is_array($files) && count($files)) {
-            foreach ($files as $file) {
-                hesk_unlink($file, 86400);
-            }
-        }
+        hesk_purge_cache('export', 86400);
    } else {
        hesk_error($hesklang['ede']);
    }
@ -348,6 +351,7 @@ if (isset($_GET['w'])) {
    }

    // Start generating the report message and generating the export
+    $success_msg = '';
    $flush_me = '<br /><br />';
    $flush_me .= hesk_date() . " | {$hesklang['inite']} ";

@ -389,6 +393,9 @@ if (isset($_GET['w'])) {
  <Style ss:ID="s62">
   <NumberFormat ss:Format="General Date"/>
  </Style>
+  <Style ss:ID="s63">
+   <NumberFormat ss:Format="Short Date"/>
+  </Style>
  <Style ss:ID="s65">
   <NumberFormat ss:Format="[h]:mm:ss"/>
  </Style>
@ -440,10 +447,6 @@ if (isset($_GET['w'])) {

    foreach ($hesk_settings['custom_fields'] as $k => $v) {
        if ($v['use']) {
-            if ($modsForHesk_settings['custom_field_setting']) {
-                $v['name'] = $hesklang[$v['name']];
-            }
-
            $tmp .= '<Cell><Data ss:Type="String">' . $v['name'] . '</Data></Cell>' . "\n";
        }
    }
@ -506,14 +509,17 @@ if (isset($_GET['w'])) {
 ';

        // Add custom fields
-        foreach ($hesk_settings['custom_fields'] as $k => $v) {
+        foreach ($hesk_settings['custom_fields'] as $k=>$v) {
            if ($v['use']) {
-                $output = $ticket[$k];
-                if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                    $dt = date('Y-m-d', $ticket[$k]);
-                    $output = hesk_dateToString($dt, 0);
+                switch ($v['type']) {
+                    case 'date':
+                        $tmp_dt = hesk_custom_date_display_format($ticket[$k], 'Y-m-d\T00:00:00.000');
+                        $tmp .= strlen($tmp_dt) ? '<Cell ss:StyleID="s63"><Data ss:Type="DateTime">'.$tmp_dt : '<Cell><Data ss:Type="String">';
+                        $tmp .= "</Data></Cell> \n";
+                        break;
+                    default:
+                        $tmp .= '<Cell><Data ss:Type="String"><![CDATA['.hesk_msgToPlain($ticket[$k], 1, 0).']]></Data></Cell>  ' . "\n";
                }
-                $tmp .= '<Cell><Data ss:Type="String"><![CDATA[' . hesk_msgToPlain($output, 1, 0) . ']]></Data></Cell>  ' . "\n";
            }
        }

@ -637,7 +643,10 @@ if (isset($_GET['w'])) {

        // We're done!
        $flush_me .= hesk_date() . " | {$hesklang['fZIP']}<br /><br />";
-        $flush_me .= '<a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . "</a>\n";
+
+        // Success message
+        $success_msg .= $hesk_settings['debug_mode'] ? $flush_me : '<br /><br />';
+        $success_msg .= $hesklang['step1'] . ': <a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . '</a><br /><br />' . $hesklang['step2'] . ': <a href="export.php?delete='.urlencode($export_name).'">' . $hesklang['dffs'] . '</a>';
    } // No tickets exported, cleanup
    else {
        hesk_unlink($save_to);
@ -673,9 +682,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            hesk_handle_messages();

            // If an export was generated, show the link to download
-            if (isset($flush_me)) {
+            if (isset($success_msg)) {
                if ($tickets_exported > 0) {
-                    hesk_show_success($flush_me);
+                    hesk_show_success($success_msg);
                } else {
                    hesk_show_notice($hesklang['n2ex']);
                }
@ -685,10 +694,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                <div class="form-group">
                    <label for="time" class="control-label col-sm-2"><?php echo $hesklang['dtrg']; ?>:</label>

-                    <div class="col-sm-10">
+                    <div class="col-sm-10 form-inline">
                        <!-- START DATE -->
                        <input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
                        <select name="time" onclick="document.getElementById('w0').checked = true"
+                                class="form-control"
                                onfocus="document.getElementById('w0').checked = true"
                                style="margin-top:5px;margin-bottom:5px;">
                            <option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
@ -719,16 +729,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                            <option value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
                        </select>

-                        <br/>
+                        <br>

                        <input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
                        <?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
                                                                value="<?php echo $input_datefrom; ?>" id="datefrom"
-                                                                class="tcal" size="10"
+                                                                class="datepicker form-control" size="10"
                                                                onclick="document.getElementById('w1').checked = true"
                                                                onfocus="document.getElementById('w1').checked = true;this.focus;"/>
                        <?php echo $hesklang['to']; ?> <input type="text" name="dateto" value="<?php echo $input_dateto; ?>"
-                                                              id="dateto" class="tcal" size="10"
+                                                              id="dateto" class="datepicker form-control" size="10"
                                                              onclick="document.getElementById('w1').checked = true"
                                                              onfocus="document.getElementById('w1').checked = true; this.focus;"/>
                        <!-- END DATE -->
--- a/admin/find_tickets.php
+++ b/admin/find_tickets.php
@ -37,6 +37,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
 require(HESK_PATH . 'inc/status_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();

 hesk_session_start();
@ -51,31 +52,18 @@ hesk_checkPermission('can_view_tickets');

 $_SERVER['PHP_SELF'] = './admin_main.php';

+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');

 /* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');

-?>
-
-</td>
-</tr>
-<tr>
-    <td>
-        <div class="row pad-down-20">
-            <div class="col-md-12">
-                <div class="panel panel-default">
-                    <div class="panel-heading">
-                        <h4><?php echo $hesklang['tickets_found']; ?> <span class="nu-floatRight panel-button"><a
-                                    href="new_ticket.php"
-                                    class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> <?php echo $hesklang['nti']; ?></a></span></h4>
-                    </div>
-
-                    <?php

-                    // This SQL code will be used to retrieve results
-                    $sql_final = "SELECT
+// This SQL code will be used to retrieve results
+$sql_final = "SELECT
 `id`,
 `trackid`,
 `name`,
@ -220,16 +208,11 @@ LEFT(`message`, 400) AS `message`,
                    }

                    /* Date */
-                    /* -> Check for compatibility with old date format */
-                    if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m)) {
-                        $_GET['dt'] = $m[2] . $m[3] . $m[1];
-                    }
-
                    /* -> Now process the date value */
                    $dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
                    if (strlen($dt) == 8) {
-                        $date = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
-                        $date_input = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
+                        $date = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
+                        $date_input = $date;

                        /* This search is valid even if no query is entered */
                        if ($no_query) {
@ -247,9 +230,6 @@ LEFT(`message`, 400) AS `message`,
                        hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
                    }

-                    /* This will handle error, success and notice messages */
-                    $handle = hesk_handle_messages();
-
                    # echo "$sql<br/>";

                    // That's all the SQL we need for count
@ -258,24 +238,49 @@ LEFT(`message`, 400) AS `message`,

                    /* Prepare variables used in search and forms */
                    require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
-
-                    /* If there has been an error message skip searching for tickets */
-                    if ($handle !== FALSE) {
-                        $href = 'find_tickets.php';
-                        require_once(HESK_PATH . 'inc/ticket_list.inc.php');
-                    }
                    ?>
+                    <section class="content">
+                        <div class="box">
+                            <div class="box-header with-border">
+                                <h1 class="box-title">
+                                    <?php echo $hesklang['tickets']; ?>
+                                </h1>
+                                <div class="box-tools pull-right">
+                                    <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                                        <i class="fa fa-minus"></i>
+                                    </button>
+                                </div>
+                            </div>
+                            <div class="box-body">
+                                <?php $handle = hesk_handle_messages(); ?>
+                                <div class="checkbox">
+                                    <label>
+                                        <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                                        <?php echo $hesklang['arp']; ?>
+                                        <span id="timer"></span>
+                                    </label>
+                                </div>
+                                <script type="text/javascript">heskCheckReloading();</script>
+                                <?php
+                                if ($handle !== FALSE) {
+                                    $href = 'find_tickets.php';
+                                    require_once(HESK_PATH . 'inc/ticket_list.inc.php');
+                                    echo '<br>';
+                                }

-                    <?php
+                                /* Clean unneeded session variables */
+                                hesk_cleanSessionVars('hide');

-                    /* Clean unneeded session variables */
-                    hesk_cleanSessionVars('hide');
+                                /* Show the search form */
+                                require_once(HESK_PATH . 'inc/show_search_form.inc.php');
+                                ?>
+                            </div>
+                        </div>
+                    </section>
+                    <?php

-                    /* Show the search form */
-                    require_once(HESK_PATH . 'inc/show_search_form.inc.php');

                    /* Print footer */
                    require_once(HESK_PATH . 'inc/footer.inc.php');
                    exit();
-
                    ?>
--- a/admin/index.php
+++ b/admin/index.php
@ -206,15 +206,15 @@ function do_login()

    /* Remember username? */
    if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
-        setcookie('hesk_username', "$user", strtotime('+1 year'));
-        setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
+        hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+        hesk_setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
    } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
-        setcookie('hesk_username', "$user", strtotime('+1 year'));
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+        hesk_setcookie('hesk_p', '');
    } else {
        // Expire cookie if set otherwise
-        setcookie('hesk_username', '');
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', '');
+        hesk_setcookie('hesk_p', '');
    }

    /* Close any old tickets here so Cron jobs aren't necessary */
@ -510,7 +510,7 @@ function logout()

    /* Show success message and reset the cookie */
    hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
-    setcookie('hesk_p', '');
+    hesk_setcookie('hesk_p', '');

    /* Print the login form */
    print_login();
--- a/admin/knowledgebase_private.php
+++ b/admin/knowledgebase_private.php
@ -225,7 +225,7 @@ function hesk_show_kb_article($artid)
 	hesk_kb_header($hesk_settings['kb_link'], $article['catid']);

    // Update views by 1
-    hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
+    hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");

 ?>
 	<section class="content">
@ -329,7 +329,15 @@ function hesk_show_kb_article($artid)
 						<table border="0">
 							<tr>
 								<td><?php echo $hesklang['aid']; ?>: </td>
-								<td><?php echo $article['id']; ?></td>
+								<td>
+									<?php
+									echo $article['id'];
+									if ($article['type'] == 0)
+									{
+										echo ' [<a href="' . $hesk_settings['hesk_url'] . '/knowledgebase.php?article=' . $article['id'] . '">' . $hesklang['public_link'] . '</a>]';
+									}
+									?>
+								</td>
 							</tr>
 							<tr>
 								<td><?php echo $hesklang['category']; ?>: </td>
--- a/admin/lock.php
+++ b/admin/lock.php
@ -46,6 +46,7 @@ $modsForHesk_settings = mfh_getSettings();
 hesk_checkPermission('can_view_tickets');
 hesk_checkPermission('can_reply_tickets');
 hesk_checkPermission('can_edit_tickets');
+hesk_checkPermission('can_resolve');

 /* A security check */
 hesk_token_check();
@ -98,7 +99,7 @@ $statusRs = hesk_dbQuery($statusSql);
 $statusRow = hesk_dbFetchAssoc($statusRs);
 $statusId = $statusRow['ID'];

-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");

 /* Back to ticket page and show a success message */
 hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
--- a/admin/mail.php
+++ b/admin/mail.php
@ -211,10 +211,10 @@ function mail_delete()
    if ($ids) {
        foreach ($ids as $id) {
            /* If both correspondents deleted the mail remove it from database, otherwise mark as deleted by this user */
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0 LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0");

            if (hesk_dbAffectedRows() != 1) {
-                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0 LIMIT 1");
+                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0");
            }
        }

@ -236,7 +236,7 @@ function mail_mark_unread()

    if ($ids) {
        foreach ($ids as $id) {
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
        }

        hesk_process_messages($hesklang['smmu'], 'NOREDIRECT', 'SUCCESS');
@ -257,7 +257,7 @@ function mail_mark_read()

    if ($ids) {
        foreach ($ids as $id) {
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
        }

        hesk_process_messages($hesklang['smmr'], 'NOREDIRECT', 'SUCCESS');
@ -421,7 +421,7 @@ function show_message()
 	        /* Mark as read */
 	        if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read'])
 	        {
-				$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."' LIMIT 1");
+				hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."'");
 	        }

 	        $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id='.$pm[$hesk_settings['mailtmp']['other']].'">'.$admins[$pm[$hesk_settings['mailtmp']['other']]].'</a>' : (($pm['from'] == 9999) ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
--- a/admin/manage_canned.php
+++ b/admin/manage_canned.php
@ -48,6 +48,9 @@ define('WYSIWYG', 1);
 /* Check permissions for this feature */
 hesk_checkPermission('can_man_canned');

+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* What should we do? */
 if ($action = hesk_REQUEST('a')) {
    if (defined('HESK_DEMO')) {
@ -442,7 +445,7 @@ function edit_saved()
        hesk_process_messages($hesk_error_buffer, 'manage_canned.php?saved_replies=' . $id);
    }

-    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1");
+    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");

    unset($_SESSION['canned']['what']);
    unset($_SESSION['canned']['id']);
@ -501,7 +504,7 @@ function remove()

    $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);

-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
    }
@ -522,7 +525,7 @@ function order_saved()

    $reply_move = intval(hesk_GET('move'));

-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
    }
@ -532,7 +535,7 @@ function order_saved()

    $i = 10;
    while ($myreply = hesk_dbFetchAssoc($result)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "'");
        $i += 10;
    }

--- a/admin/manage_categories.php
+++ b/admin/manage_categories.php
@ -549,7 +549,7 @@ function change_priority()
        $priority = 3;
    }

-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "'");

    hesk_cleanSessionVars('cat_ch_priority');

@ -703,7 +703,7 @@ function update_category()
     `manager` = " . intval($manager) . ",
     `color` = " . $color . ",
     `usage` = " . intval($usage) . "
-     WHERE `id`='" . intval($catid) . "' LIMIT 1");
+     WHERE `id`='" . intval($catid) . "'");

    unset($_SESSION['selcat']);
    unset($_SESSION['catname2']);
@ -726,7 +726,7 @@ function remove()
        hesk_process_messages($hesklang['cant_del_default_cat'], $_SERVER['PHP_SELF']);
    }

-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
    }
@ -749,7 +749,7 @@ function order_cat()

    $cat_move = intval(hesk_GET('move'));

-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
    }
@ -759,7 +759,7 @@ function order_cat()

    $i = 10;
    while ($mycat = hesk_dbFetchAssoc($res)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "'");
        $i += 10;
    }

@ -787,7 +787,7 @@ function toggle_autoassign()
    }

    /* Update auto-assign settings */
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
    }
@ -816,7 +816,7 @@ function toggle_type()
    }

    /* Update auto-assign settings */
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
    }
--- a/admin/manage_email_templates.php
+++ b/admin/manage_email_templates.php
@ -103,6 +103,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            </li>
            ';
                    }
+
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+                    <li role="presentation">
+						<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
+                            $hesklang['tab_4']
+                            . '</a>
+					</li>
+                        ';
+                    }
                    ?>
                </ul>
                <div class="tab-content summaryList tabPadding">
--- a/admin/manage_knowledgebase.php
+++ b/admin/manage_knowledgebase.php
@ -473,18 +473,33 @@ if (!isset($_SESSION['hide']['new_article']))
                                <?php
                                display_dropzone_field($hesk_settings['hesk_url'] . '/internal-api/admin/knowledgebase/upload-attachment.php');
                            endif; // End attachments
+
+                            // Redirect to the correct page
+                            switch ($from)
+                            {
+                                case 'draft':
+                                    $redirect_action = 'a=list_draft';
+                                    break;
+                                case 'private':
+                                    $redirect_action = 'a=list_private';
+                                    break;
+                                default:
+                                    $redirect_action = 'a=manage_cat&amp;catid='.$catid;
+                                    break;
+                            }
                            ?>
                        </div>
                    </div>
                </div>
                <div class="box-footer">
                    <div class="form-group">
-                        <input type="hidden" name="a" value="new_article" />
-                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                        <input type="hidden" name="a" value="new_article">
+                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
+                        <input type="hidden" name="from" value="<?php echo $from; ?>">

                        <div class="btn-group">
-                            <input type="submit" value="<?php echo $hesklang['kb_save']; ?>" class="btn btn-primary" />
-                            <a class="btn btn-default" href="manage_knowledgebase.php?a=manage_cat&amp;catid=<?php echo $catid; ?>"><?php echo $hesklang['cancel']; ?></a>
+                            <input type="submit" value="<?php echo $hesklang['kb_save']; ?>" class="btn btn-primary">
+                            <a class="btn btn-default" href="manage_knowledgebase.php?<?php echo $redirect_action; ?>"><?php echo $hesklang['cancel']; ?></a>
                        </div>
                    </div>
                </div>
@ -670,8 +685,8 @@ function list_draft() {
                                <td><?php echo $kb_cat[$article['catid']]; ?></td>
                                <td style="white-space:nowrap;">
                                    <a href="knowledgebase_private.php?article=<?php echo $article['id']; ?>&amp;back=1<?php if ($article['type'] == 2) {echo '&amp;draft=1';} ?>" target="_blank"><i class="fa fa-file-o" data-toggle="tooltip" title="<?php echo $hesklang['viewart']; ?>"></i></a>
-                                    <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
-                                    <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times icon-link red" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a></td>
+                                    <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>&amp;from=draft"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
+                                    <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>&amp;from=draft" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times icon-link red" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a></td>
                            </tr>
                            <?php
                            $j++;
@ -820,8 +835,8 @@ function list_private() {
                                    <?php echo $rat; ?>
                                    <td class="text-center">
                                        <a href="knowledgebase_private.php?article=<?php echo $article['id']; ?>&amp;back=1<?php if ($article['type'] == 2) {echo '&amp;draft=1';} ?>" target="_blank"><i class="fa fa-file-o icon-link" data-toggle="tooltip" title="<?php echo $hesklang['viewart']; ?>"></i></a>
-                                        <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
-                                        <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times red icon-link" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp;</td>
+                                        <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>&amp;from=private"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
+                                        <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>&amp;from=private" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times red icon-link" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp;</td>
                                </tr>
                                <?php
                                $j++;
@ -1001,7 +1016,7 @@ function remove_kb_att()
    // Remove attachment from article
    $art['attachments'] = str_replace($att_id.'#'.$att['real_name'].',','',$art['attachments']);

-	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `attachments`='".hesk_dbEscape($art['attachments'])."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($id)."' LIMIT 1");
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `attachments`='".hesk_dbEscape($art['attachments'])."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($id)."'");

    hesk_process_messages($hesklang['kb_att_rem'],'manage_knowledgebase.php?a=edit_article&id='.$id,'SUCCESS');
 } // END remove_kb_att()
@ -1074,7 +1089,7 @@ function edit_category()
        }

        // Now delete the category
-        hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
+        hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."'");

 		$_SESSION['hide'] = array(
 			//'treemenu' => 1,
@ -1085,7 +1100,7 @@ function edit_category()
        hesk_process_messages($hesklang['kb_cat_dlt'],'./manage_knowledgebase.php','SUCCESS');
    }

-	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `name`='".hesk_dbEscape($title)."',`parent`=".intval($parent).",`type`='".intval($type)."' WHERE `id`='".intval($catid)."' LIMIT 1");
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `name`='".hesk_dbEscape($title)."',`parent`=".intval($parent).",`type`='".intval($type)."' WHERE `id`='".intval($catid)."'");

    unset($_SESSION['hide']);

@ -1111,6 +1126,7 @@ function save_article()
    $old_catid = intval( hesk_POST('old_catid') );
    $old_type  = intval( hesk_POST('old_type') );
    $old_type  = ($old_type < 0 || $old_type > 2) ? 0 : $old_type;
+    $from = hesk_POST('from');

    $subject = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];

@ -1124,9 +1140,9 @@ function save_article()
 	    $content = hesk_getHTML( hesk_POST('content') );
 		
 		// Clean the HTML code
-		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-		$purifier = new HTMLPurifier();
-		$content = $purifier->purify($content);
+		require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+		$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+		$content = $purifier->heskPurify($content);
    }
 	else
    {
@ -1209,7 +1225,7 @@ function save_article()
 		$hesk_error_buffer = $tmp;

    	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-    	hesk_process_messages($hesk_error_buffer,'./manage_knowledgebase.php?a=edit_article&id='.$id);
+        hesk_process_messages($hesk_error_buffer,'./manage_knowledgebase.php?a=edit_article&id='.$id.'&from='.$from);
    }

 	/* Add to database */
@ -1236,7 +1252,7 @@ function save_article()
    `html`='".intval($html)."',
    `sticky`='".intval($sticky)."',
    `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."')
-    WHERE `id`='".intval($id)."' LIMIT 1");
+    WHERE `id`='".intval($id)."'");

    $_SESSION['artord'] = $id;

@ -1247,7 +1263,20 @@ function save_article()
    // Update article order
    update_article_order($catid);

-    hesk_process_messages($hesklang['your_kb_mod'],'./manage_knowledgebase.php?a=manage_cat&catid='.$catid,'SUCCESS');
+    // Redirect to the correct page
+    switch ($from) {
+        case 'draft':
+            $redirect_action = 'a=list_draft';
+            break;
+        case 'private':
+            $redirect_action = 'a=list_private';
+            break;
+        default:
+            $redirect_action = 'a=manage_cat&catid='.$catid;
+            break;
+    }
+
+    hesk_process_messages($hesklang['your_kb_mod'],'./manage_knowledgebase.php?'.$redirect_action,'SUCCESS');
 } // END save_article()


@ -1278,6 +1307,8 @@ function edit_article()

    $catid = $article['catid'];

+    $from = hesk_GET('from');
+
    if (isset($_SESSION['edit_article']))
    {
    	$_SESSION['edit_article'] = hesk_stripArray($_SESSION['edit_article']);
@ -1373,11 +1404,6 @@ function edit_article()
 	require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 	?>

-	</td>
-	</tr>
-	<tr>
-	<td>
-
    <ol class="breadcrumb">
        <li><a href="manage_knowledgebase.php"><?php echo $hesklang['kb']; ?></a></li>
        <li><a href="manage_knowledgebase.php?a=manage_cat&amp;catid=<?php echo $catid; ?>"><?php echo $hesklang['kb_cat_man']; ?></a></li>
@ -1517,14 +1543,15 @@ function edit_article()
                        </div>
                        <?php endif; //End attachments ?>
                        <div class="form-group">
-                            <input type="hidden" name="a" value="save_article" />
-                            <input type="hidden" name="id" value="<?php echo $id; ?>" />
-                            <input type="hidden" name="old_type" value="<?php echo $article['type']; ?>" />
-                            <input type="hidden" name="old_catid" value="<?php echo $catid; ?>" />
-                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" /><br>
-                            <div class="btn-group">
+                            <input type="hidden" name="a" value="save_article">
+                            <input type="hidden" name="id" value="<?php echo $id; ?>">
+                            <input type="hidden" name="old_type" value="<?php echo $article['type']; ?>">
+                            <input type="hidden" name="old_catid" value="<?php echo $catid; ?>">
+                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
+                            <div class="btn-group-vertical full-width">
                                <input type="submit" value="<?php echo $hesklang['kb_save']; ?>" class="btn btn-primary" />
                                <a class="btn btn-default" href="manage_knowledgebase.php?a=manage_cat&amp;catid=<?php echo $catid; ?>"><?php echo $hesklang['cancel']; ?></a>
+                                <a class="btn btn-danger" href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><?php echo $hesklang['del_kbaa']; ?></a>
                            </div>
                        </div>
                    </div>
@ -1984,9 +2011,9 @@ function new_article()
        $content = hesk_getHTML( hesk_POST('content') );
 		
 		// Clean the HTML code
-		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-		$purifier = new HTMLPurifier();
-		$content = $purifier->purify($content);
+		require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+		$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+		$content = $purifier->heskPurify($content);
    }
 	else
    {
@ -2136,8 +2163,9 @@ function remove_article()

    $article = hesk_dbFetchAssoc($result);
 	$catid = intval($article['catid']);
+    $from = hesk_GET('from');

-    $result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."' LIMIT 1");
+    $result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."'");

    // Remove any attachments
    delete_kb_attachments($article['attachments']);
@ -2156,7 +2184,20 @@ function remove_article()
 	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_draft`=`articles_draft`-1 WHERE `id`='{$catid}'");
 	}

-	hesk_process_messages($hesklang['your_kb_deleted'],'./manage_knowledgebase.php?a=manage_cat&catid='.$catid,'SUCCESS');
+    // Redirect to the correct page
+    switch ($from) {
+        case 'draft':
+            $redirect_action = 'a=list_draft';
+            break;
+        case 'private':
+            $redirect_action = 'a=list_private';
+            break;
+        default:
+            $redirect_action = 'a=manage_cat&catid='.$catid;
+            break;
+    }
+
+    hesk_process_messages($hesklang['your_kb_deleted'],'./manage_knowledgebase.php?'.$redirect_action,'SUCCESS');
 } // End remove_article()


@ -2172,7 +2213,7 @@ function order_category()

    $_SESSION['newcat'] = $catid;

-	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=`cat_order`+".intval($move)." WHERE `id`='".intval($catid)."' LIMIT 1");
+	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=`cat_order`+".intval($move)." WHERE `id`='".intval($catid)."'");
 	if (hesk_dbAffectedRows() != 1)
    {
    	hesk_error($hesklang['kb_cat_inv']);
@ -2198,7 +2239,7 @@ function order_article()

    $_SESSION['artord'] = $id;

-	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=`art_order`+".intval($move)." WHERE `id`='".intval($id)."' LIMIT 1");
+	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=`art_order`+".intval($move)." WHERE `id`='".intval($id)."'");
 	if (hesk_dbAffectedRows() != 1)
    {
    	hesk_error($hesklang['kb_art_id']);
@ -2306,7 +2347,7 @@ function toggle_sticky()
    $_SESSION['artord'] = $id;

 	/* Update article "sticky" status */
-	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `sticky`='" . intval($sticky) . " ' WHERE `id`='" . intval($id) . "' LIMIT 1");
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `sticky`='" . intval($sticky) . " ' WHERE `id`='" . intval($id) . "'");

    /* Update article order */
    update_article_order($catid);
@ -2336,7 +2377,7 @@ function update_article_order($catid)
 			$previous_sticky = $article['sticky'];
 		}

-	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=".intval($i)." WHERE `id`='".intval($article['id'])."' LIMIT 1");
+	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=".intval($i)." WHERE `id`='".intval($article['id'])."'");
 	    $i += 10;
 	}

@ -2356,7 +2397,7 @@ function update_category_order()
 	while ( $category = hesk_dbFetchAssoc($res) )
 	{

-	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=".intval($i)." WHERE `id`='".intval($category['id'])."' LIMIT 1");
+	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=".intval($i)." WHERE `id`='".intval($category['id'])."'");
 	    $i += 10;
 	}

@ -2396,7 +2437,7 @@ function update_count($show_success=0)
    	$value['articles'] = isset($value['articles']) ? $value['articles'] : 0;
    	$value['articles_private'] = isset($value['articles_private']) ? $value['articles_private'] : 0;
    	$value['articles_draft'] = isset($value['articles_draft']) ? $value['articles_draft'] : 0;
-		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}' LIMIT 1");
+		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}'");
    }

 	// Show a success message?
@ -2469,7 +2510,7 @@ function delete_kb_attachments($attachments)
 			hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$file['saved_name']);
 		}

-		$result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
+		$result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."'");
 	}

    return true;
@ -2485,7 +2526,7 @@ function hesk_stray_article($id)
    $article['catid'] = 1;

    // Update database
-    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=1 WHERE `id`='".intval($id)."' LIMIT 1");
+    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=1 WHERE `id`='".intval($id)."'");

    // Update count of articles in categories
    update_count();
--- a/admin/manage_statuses.php
+++ b/admin/manage_statuses.php
@ -87,6 +87,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                                                            title="<?php echo $hesklang['statuses']; ?>"
                                                                            data-content="<?php echo $hesklang['statuses_intro']; ?>"></i></a>
                    </li>
+                    <?php
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+                    <li role="presentation">
+						<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
+							$hesklang['tab_4']
+						. '</a>
+					</li>
+                        ';
+                    }
+                    ?>
                </ul>
                <div class="tab-content summaryList tabPadding">
                    <div class="row">
--- a/admin/manage_ticket_templates.php
+++ b/admin/manage_ticket_templates.php
@ -408,7 +408,7 @@ function edit_saved()
        hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php?saved_replies=' . $id);
    }

-    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1");
+    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");

    unset($_SESSION['canned']['what']);
    unset($_SESSION['canned']['id']);
@ -467,7 +467,7 @@ function remove()

    $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);

-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
    }
@ -488,7 +488,7 @@ function order_saved()

    $tpl_move = intval(hesk_GET('move'));

-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "'");
    if (hesk_dbAffectedRows() != 1) {
        hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
    }
@ -498,7 +498,7 @@ function order_saved()

    $i = 10;
    while ($mytpl = hesk_dbFetchAssoc($result)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "'");
        $i += 10;
    }

--- a/admin/manage_users.php
+++ b/admin/manage_users.php
@ -79,13 +79,13 @@ $default_userdata = array(

    // Preferences
    'afterreply' => 0,
-    'autorefresh' => 0,

    // Defaults
    'autostart' => 1,
    'notify_customer_new' => 1,
    'notify_customer_reply' => 1,
    'show_suggested' => 1,
+    'autoreload' => 0,
    'default_calendar_view' => $default_view,

    // Notifications
@ -276,11 +276,11 @@ if ($action = hesk_REQUEST('a')) {

                    /* To edit yourself go to "Profile" page, not here. */
                    if ($myuser['id'] == $_SESSION['id']) {
-                        $edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
+                        $edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
                    } elseif ($myuser['id'] == 1) {
                        $edit_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
                    } else {
-                        $edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
+                        $edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
                    }

                    if ($myuser['isadmin']) {
@ -456,27 +456,29 @@ function edit_user()
        <li class="active"><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></li>
    </ol>

-    <div class="row pad-down-20">
-        <div class="col-md-8 col-md-offset-2">
-            <?php
-            /* This will handle error, success and notice messages */
-            hesk_handle_messages();
-            ?>
-
-            <h3><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></h3>
-            <h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
-
-            <div class="footerWithBorder blankSpace"></div>
-
-            <form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
-                <?php hesk_profile_tab('userdata', false, 'edit_user'); ?>
-            </form>
-            <script language="Javascript" type="text/javascript"><!--
-                hesk_checkPassword(document.form1.newpass.value);
-                //-->
-            </script>
+    <section class="content">
+        <div class="box">
+            <div class="box-header with-border">
+                <h1 class="box-title">
+                    <?php echo $hesklang['editing_user'] . ' <b>' . $_SESSION['original_user'] . '</b>'; ?>
+                </h1>
+            </div>
+            <div class="box-body">
+                <?php
+                /* This will handle error, success and notice messages */
+                hesk_handle_messages();
+                ?>
+                <h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
+                <form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
+                    <?php hesk_profile_tab('userdata', false, 'edit_user'); ?>
+                </form>
+                <script language="Javascript" type="text/javascript"><!--
+                    hesk_checkPassword(document.form1.newpass.value);
+                    //-->
+                </script>
+            </div>
        </div>
-    </div>
+    </section>

    <?php
    require_once(HESK_PATH . 'inc/footer.inc.php');
@ -521,6 +523,7 @@ function new_user()
 	    `heskprivileges`,
 	    `afterreply`,
        `autostart`,
+        `autoreload`,
        `notify_customer_new`,
        `notify_customer_reply`,
        `show_suggested`,
@ -533,7 +536,6 @@ function new_user()
        `notify_note`,
        `notify_note_unassigned`,
        `notify_overdue_unassigned`,
-        `autorefresh`,
        `permission_template`,
        `default_calendar_view`) VALUES (
 	'" . hesk_dbEscape($myuser['user']) . "',
@ -547,6 +549,7 @@ function new_user()
 	'" . hesk_dbEscape($myuser['features']) . "',
 	'" . ($myuser['afterreply']) . "' ,
 	'" . ($myuser['autostart']) . "' ,
+	'" . ($myuser['autoreload']) . "' ,
 	'" . ($myuser['notify_customer_new']) . "' ,
 	'" . ($myuser['notify_customer_reply']) . "' ,
 	'" . ($myuser['show_suggested']) . "' ,
@ -559,7 +562,6 @@ function new_user()
 	'" . ($myuser['notify_note']) . "',
 	'" . ($myuser['notify_note_unassigned']) . "',
 	'" . ($myuser['notify_overdue_unassigned']) . "',
-	" . intval($myuser['autorefresh']) . ",
 	" . intval($myuser['template']) . ",
 	" . intval($myuser['default_calendar_view']) . ")");

@ -673,6 +675,7 @@ function update_user()
    `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "',
    `afterreply`='" . ($myuser['afterreply']) . "' ,
 	`autostart`='" . ($myuser['autostart']) . "' ,
+	`autoreload`='" . ($myuser['autoreload']) . "' ,
 	`notify_customer_new`='" . ($myuser['notify_customer_new']) . "' ,
 	`notify_customer_reply`='" . ($myuser['notify_customer_reply']) . "' ,
 	`show_suggested`='" . ($myuser['show_suggested']) . "' ,
@ -685,10 +688,9 @@ function update_user()
 	`notify_note`='" . ($myuser['notify_note']) . "',
 	`notify_note_unassigned`='" . ($myuser['notify_note_unassigned']) . "',
 	`notify_overdue_unassigned`='" . ($myuser['notify_overdue_unassigned']) . "',
-	`autorefresh`=" . intval($myuser['autorefresh']) . ",
 	`permission_template`=" . intval($myuser['template']) . ",
 	`default_calendar_view`=" . intval($myuser['default_calendar_view']) . "
-    WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1");
+    WHERE `id`='" . intval($myuser['id']) . "'");

    // If they are now inactive, remove any manager rights
    if (!$myuser['active']) {
@ -781,13 +783,25 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
    if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) {
        $myuser['afterreply'] = 0;
    }
-    $myuser['autorefresh'] = intval(hesk_POST('autorefresh'));

    // Defaults
    $myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
    $myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
    $myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
    $myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
+    $myuser['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
+
+    if ($myuser['autoreload']) {
+        $myuser['autoreload'] = intval(hesk_POST('reload_time'));
+
+        if (hesk_POST('secmin') == 'min') {
+            $myuser['autoreload'] *= 60;
+        }
+
+        if ($myuser['autoreload'] < 0 || $myuser['autoreload'] > 65535) {
+            $myuser['autoreload'] = 30;
+        }
+    }
    $myuser['default_calendar_view'] = hesk_POST('default-calendar-view', 0);

    /* Notifications */
--- a/admin/move_category.php
+++ b/admin/move_category.php
@ -44,7 +44,9 @@ hesk_isLoggedIn();
 $modsForHesk_settings = mfh_getSettings();

 /* Check permissions for this feature */
-hesk_checkPermission('can_change_cat');
+if (hesk_checkPermission('can_change_cat', 0)) {
+    hesk_checkPermission('can_change_own_cat');
+}

 /* A security check */
 hesk_token_check('POST');
@ -73,6 +75,11 @@ if (!$row['autoassign']) {
 /* Is user allowed to view tickets in new category? */
 $category_ok = hesk_okCategory($category, 0);

+// Is user allowed to move tickets to this category?
+if (!$category_ok && !hesk_checkPermission('can_submit_any_cat', 0)) {
+    hesk_process_messages($hesklang['noauth_move'],'admin_main.php');
+}
+
 /* Get details about the original ticket */
 $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
 if (hesk_dbNumRows($res) != 1) {
@ -113,7 +120,7 @@ if ($need_to_reassign || !$ticket['owner']) {
    }
 }

-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");

 $ticket['category'] = $category;

--- a/admin/new_ticket.php
+++ b/admin/new_ticket.php
@ -48,6 +48,9 @@ hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();

+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // Pre-populate fields
 // Customer name
 if (isset($_REQUEST['name'])) {
@ -122,6 +125,35 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 /* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');

+// Get categories
+$hesk_settings['categories'] = array();
+
+if (hesk_checkPermission('can_submit_any_cat', 0)) {
+    $res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC");
+} else {
+    $res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC");
+}
+
+while ($row = hesk_dbFetchAssoc($res)) {
+    $hesk_settings['categories'][$row['id']] = $row['name'];
+}
+
+$number_of_categories = count($hesk_settings['categories']);
+
+if ($number_of_categories == 0) {
+    $category = 1;
+} elseif ($number_of_categories == 1) {
+    $category = current(array_keys($hesk_settings['categories']));
+} else {
+    $category = isset($_GET['catid']) ? hesk_REQUEST('catid'): hesk_REQUEST('category');
+
+    // Force the customer to select a category?
+    if (!isset($hesk_settings['categories'][$category])) {
+        return print_select_category($number_of_categories);
+    }
+}
+
+
 $showRs = hesk_dbQuery("SELECT `show` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` WHERE `id` = 5");
 $show = hesk_dbFetchAssoc($showRs);
 $show_quick_help = $show['show'];
@ -129,7 +161,12 @@ $show_quick_help = $show['show'];

 <ol class="breadcrumb">
    <li><a href="admin_main.php"><?php echo $hesk_settings['hesk_title']; ?></a></li>
-    <li class="active"><?php echo $hesklang['nti2']; ?></li>
+    <?php if ($number_of_categories > 1): ?>
+        <li><a href="new_ticket.php"><?php echo $hesklang['nti2']; ?></a></li>
+        <li class="active"><?php echo $hesk_settings['categories'][$category]; ?></li>
+    <?php else: ?>
+        <li class="active"><?php echo $hesklang['nti2']; ?></li>
+    <?php endif; ?>
 </ol>
 <section class="content">
    <?php
@ -234,63 +271,33 @@ $show_quick_help = $show['show'];
                    </div>
                </div>
                <div class="form-group">
-                    <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?></label>
+                    <label for="email" class="col-sm-3 control-label">
+                        <?php
+                        echo $hesklang['email'];
+                        if ($hesk_settings['require_email']) {
+                            echo '<span class="important">*</span>';
+                        }
+                        ?>
+                    </label>

                    <div class="col-sm-9">
-                        <input type="text" class="form-control" name="email" size="40" maxlength="1000" id="email-input"
+                        <input type="text" class="form-control" name="email" size="40" maxlength="1000" id="email"
                               value="<?php if (isset($_SESSION['as_email'])) {
                                   echo stripslashes(hesk_input($_SESSION['as_email']));
                               } else if (isset($_GET['email'])) {
                                   echo hesk_GET('email');
                               } ?>" <?php if ($hesk_settings['detect_typos']) {
-                            echo ' onblur="Javascript:hesk_suggestEmail(1)"';
+                            echo ' onblur="Javascript:Javascript:hesk_suggestEmail(\'email\', \'email_suggestions\', 1, 1)"';
                        } ?>
                               placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"
-                               onkeyup="disableIfEmpty('email-input','notify-email')">
+                               onkeyup="disableIfEmpty('email','notify-email')"
+                                <?php if ($hesk_settings['require_email']) {echo 'data-error="'.htmlspecialchars($hesklang['enter_valid_email']).'" required';} ?>>
+                        <div class="help-block with-errors"></div>
                    </div>

                </div>
                <div id="email_suggestions"></div>
-                <!-- Department and Priority -->
-                <?php
-                $has_error = '';
-
-                if (in_array('category', $_SESSION['iserror'])) {
-                    $has_error = 'has-error';
-                } elseif (in_array('category', $_SESSION['isnotice'])) {
-                    $has_error = 'has-warning';
-                }
-                ?>
-                <div class="form-group <?php echo $has_error; ?>">
-                    <label for="category" class="col-sm-3 control-label"><?php echo $hesklang['category']; ?><span
-                            class="important">*</span></label>
-
-                    <div class="col-sm-9">
-                        <select name="category" class="form-control"
-                                pattern="[0-9]+"
-                                data-error="<?php echo htmlspecialchars($hesklang['sel_app_cat']); ?>"
-                                required>
-                            <?php
-                            // Show the "Click to select"?
-                            if ($hesk_settings['select_cat']) {
-                                echo '<option value="">' . $hesklang['select'] . '</option>';
-                            }
-                            // List categories
-                            $orderByColumn = $modsForHesk_settings['category_order_column'];
-                            $result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` WHERE `usage` <> 2 ORDER BY `' . $orderByColumn . '` ASC');
-                            while ($row = hesk_dbFetchAssoc($result)) {
-                                if (isset($_SESSION['as_category']) && $_SESSION['as_category'] == $row['id']) {
-                                    $selected = ' selected="selected"';
-                                } else {
-                                    $selected = '';
-                                }
-                                echo '<option value="' . $row['id'] . '"' . $selected . '>' . $row['name'] . '</option>';
-                            }
-                            ?>
-                        </select>
-                        <div class="help-block with-errors"></div>
-                    </div>
-                </div>
+                <!-- Priority -->
                <?php
                $has_error = '';
                if (in_array('priority', $_SESSION['iserror'])) {
@ -341,59 +348,62 @@ $show_quick_help = $show['show'];
                <?php
                /* custom fields BEFORE comments */
                foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place'] == 0) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
+                    if ($v['use'] && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $category)) {
+                        if ($v['req'] == 2) {
+                            $v['req']=  '<span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        } else {
+                            $v['req'] = '';
+                            $required_attribute = '';
                        }

-                        // $v['req'] = $v['req'] ? '<font class="important">*</font>' : '';
-                        // Staff doesn't need to fill in required custom fields
-                        $v['req'] = '';
-
-                        if ($v['type'] == 'checkbox' && !isset($_GET["c_$k"])) {
+                        if ($v['type'] == 'checkbox') {
                            $k_value = array();
-                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"])) {
-                                foreach ($_SESSION["c_$k"] as $myCB) {
+                            if (isset($_SESSION["as_$k"]) && is_array($_SESSION["as_$k"])) {
+                                foreach ($_SESSION["as_$k"] as $myCB) {
                                    $k_value[] = stripslashes(hesk_input($myCB));
                                }
                            }
                        } elseif (isset($_SESSION["as_$k"])) {
-                            $k_value = stripslashes(hesk_input($_SESSION["as_$k"]));
-                        } elseif (isset($_GET["as_$k"])) {
-                            if ($v['type'] == 'checkbox') {
-                                $k_value = explode('-CHECKBOX-', $_GET["as_$k"]);
-                            } else {
-                                $k_value = stripslashes(hesk_GET("as_$k"));
-                            }
+                            $k_value  = stripslashes(hesk_input($_SESSION["as_$k"]));
                        } else {
-                            $k_value = '';
+                            $k_value  = '';
                        }

                        switch ($v['type']) {
                            /* Radio box */
                            case 'radio':
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] .'</label><div align="left" class="col-sm-9">';

-                                foreach ($options as $option) {
+                                foreach ($v['value']['radio_options'] as $option) {

-                                    if (strlen($k_value) == 0 || $k_value == $option) {
+                                    if (strlen($k_value) == 0) {
+                                        $k_value = $option;
+                                        $checked = empty($v['value']['no_default']) ? 'checked' : '';
+                                    } elseif ($k_value == $option) {
                                        $k_value = $option;
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                    } else {
                                        $checked = '';
                                    }

                                    //Clean up multiple dashes or whitespaces
                                    $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                    $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                    echo '<label style="font-weight: normal;"><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
+
+                                    echo '<div class="radio">
+                                            <label>
+                                                <input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . $required_attribute . '>
+                                                ' . $option . '
+                                            </label>
+                                        </div>';
                                }

-                                echo '</div></div>';
+                                echo '
+                                    <div class="help-block with-errors"></div>
+                                    </div>
+                                </div>';
                                break;

                            /* Select drop-down box */
@ -401,53 +411,22 @@ $show_quick_help = $show['show'];

                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] .  '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $cls . '>';
+                                echo '<div class="form-group' . $cls . '"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $required_attribute . '>';

                                // Show "Click to select"?
-                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                if ($num) {
+                                if (!empty($v['value']['show_select'])) {
                                    echo '<option value="">' . $hesklang['select'] . '</option>';
                                }

-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
+                                foreach ($v['value']['select_options'] as $option) {
                                    if ($k_value == $option) {
                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
-                                        $selected = '';
-                                    }
-
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
-                                }
-
-                                echo '</select></div></div>';
-                                break;
-
-                            case 'multiselect':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group"><label for="' . $v['name'] . '[]" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '[]" ' . $cls . ' multiple>';
-
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if (strlen($k_value == $option)) {
-                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
+                                        $selected = 'selected';
                                    } else {
                                        $selected = '';
                                    }
@ -456,146 +435,105 @@ $show_quick_help = $show['show'];
                                }

                                echo '</select>
-                        <div class="btn-group" role="group">
-                            <button type="button" class="btn btn-default" onclick="selectAll(\'' . $formattedId . '\')">'.$hesklang['select_all_title_case'].'</button>
-                            <button type="button" class="btn btn-default" onclick="deselectAll(\'' . $formattedId . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                        </div></div></div>';
+                                    <div class="help-block with-errors"></div></div></div>';
                                break;

                            /* Checkbox */
                            case 'checkbox':
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                foreach ($options as $option) {
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label><div align="left" class="col-sm-9">';

+                                foreach ($v['value']['checkbox_options'] as $option) {
                                    if (in_array($option, $k_value)) {
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                    } else {
                                        $checked = '';
                                    }

-                                    echo '<label style="font-weight: normal;"><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    echo '<div class="checkbox"><label><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . $required_attribute . '> ' . $option . '</label></div>';
                                }
-                                echo '</div></div>';
+                                echo '
+                                    <div class="help-block with-errors"></div></div></div>';
                                break;

                            /* Large text box */
                            case 'textarea':
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $size = explode('#', $v['value']);
-                                $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                $size[1] = empty($size[1]) ? 30 : intval($size[1]);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></div>
-                        </div>';
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
+                                    <div class="help-block with-errors"></div></div></div>';
                                break;

                            case 'date':
+                                if ($required_attribute != '') {
+                                    $required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
+                                }
+
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

                                echo '
-                        <div class="form-group">
-                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
+                        <div class="form-group' . $cls . '">
+                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
                            <div class="col-sm-9">
-                                <input type="text" class="datepicker form-control white-readonly ' . $cls . '" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
-                                    maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly/>
-                                <span class="help-block">' . $hesklang['date_format'] . '</span>
+                                <input type="text" class="datepicker form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
+                                    value="' . $k_value . '" ' . $required_attribute . '>
+                                <div class="help-block with-errors"></div>
                            </div>
                        </div>';
                                break;
-
                            case 'email':
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);

-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                if ($v['value'] == 'cc' || $v['value'] == 'bcc') {
-                                    // (b)cc isn't a valid email but is the "value" used by settings. Just remove it.
-                                    $v['value'] = '';
-                                }
+                                $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : '';

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
-                        </div>';
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.$required_attribute.'>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                        </div><div id="'.$k.'_suggestions"></div>';

                                break;

+                            // Hidden and read-only should work the same as text
                            case 'hidden':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' />';
-
-                                break;
-
                            case 'readonly':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' readonly></div>
-                        </div>';
-
-                                break;
-
-                            /* Default text input */
                            default:
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["as_$k"])) {
+                                    $v['value']['default_value'] = $k_value;
                                }

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $cls . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
                        </div>';
                        }
                    }
@ -750,17 +688,28 @@ $show_quick_help = $show['show'];
                $has_error = '';
                if (in_array('subject', $_SESSION['iserror'])) {
                    $has_error = 'has-error';
-                }?>
+                }
+
+                $red_star = '';
+                $validator = '';
+                if ($hesk_settings['require_subject'] == 1) {
+                    $red_star = '<span class="important">*</span>';
+                    $validator = 'data-error="' . htmlspecialchars($hesklang['enter_subject']) . '"" required';
+                }
+                ?>
                <div class="form-group <?php echo $has_error; ?>">
-                    <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?><span
-                            class="important">*</span></label>
+                    <label for="subject" class="col-sm-3 control-label">
+                        <?php
+                        echo $hesklang['subject'];
+                        echo $red_star;
+                        ?>
+                    </label>
                    <div class="col-sm-9">
                        <span id="HeskSub"><input class="form-control" type="text" name="subject" id="subject" size="40" maxlength="40"
                          value="<?php if (isset($_SESSION['as_subject']) || isset($_GET['subject'])) {
                              echo stripslashes(hesk_input($_SESSION['as_subject']));
                          } ?>" placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"
-                          data-error="<?php echo htmlspecialchars($hesklang['enter_subject']); ?>"
-                          required></span>
+                          <?php echo $validator; ?>></span>
                        <div class="help-block with-errors"></div>
                    </div>
                </div>
@ -768,16 +717,27 @@ $show_quick_help = $show['show'];
                $has_error = '';
                if (in_array('message', $_SESSION['iserror'])) {
                    $has_error = 'has-error';
-                } ?>
+                }
+
+                $red_star = '';
+                $validator = '';
+                if ($hesk_settings['require_message'] == 1) {
+                    $red_star = '<span class="important">*</span>';
+                    $validator = 'data-error="' . htmlspecialchars($hesklang['enter_message']) . '"" required';
+                }
+                ?>
                <div class="form-group <?php echo $has_error; ?>" id="message-group">
-                    <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?><span
-                            class="important">*</span></label>
+                    <label for="subject" class="col-sm-3 control-label">
+                        <?php
+                        echo $hesklang['message'];
+                        echo $red_star;
+                        ?>
+                    </label>
                    <div class="col-sm-9">
                    <span id="HeskMsg">
                        <textarea class="form-control htmlEditor" name="message" id="message" rows="12" cols="60"
                                  placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
-                                  data-error="<?php echo htmlspecialchars($hesklang['enter_message']); ?>"
-                                  required><?php if (isset($_SESSION['as_message'])) {
+                                  <?php echo $validator; ?>><?php if (isset($_SESSION['as_message'])) {
                                echo stripslashes(hesk_input($_SESSION['as_message']));
                            } ?></textarea>
                    </span>
@ -789,79 +749,79 @@ $show_quick_help = $show['show'];
                /* custom fields AFTER comments */

                foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place']) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
+                    if ($v['use'] && $v['place'] == 1 && hesk_is_custom_field_in_category($k, $category)) {
+                        if ($v['req'] == 2) {
+                            $v['req']=  '<span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        } else {
+                            $v['req'] = '';
+                            $required_attribute = '';
                        }

-                        // $v['req'] = $v['req'] ? '<font class="important">*</font>' : '';
-                        // Staff doesn't need to fill in required custom fields
-                        $v['req'] = '';
-
                        if ($v['type'] == 'checkbox') {
                            $k_value = array();
-                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"])) {
-                                foreach ($_SESSION["c_$k"] as $myCB) {
+                            if (isset($_SESSION["as_$k"]) && is_array($_SESSION["as_$k"])) {
+                                foreach ($_SESSION["as_$k"] as $myCB) {
                                    $k_value[] = stripslashes(hesk_input($myCB));
                                }
                            }
-                        } elseif (isset($_SESSION["c_$k"])) {
-                            $k_value = stripslashes(hesk_input($_SESSION["c_$k"]));
+                        } elseif (isset($_SESSION["as_$k"])) {
+                            $k_value  = stripslashes(hesk_input($_SESSION["as_$k"]));
                        } else {
-                            $k_value = '';
+                            $k_value  = '';
                        }

                        switch ($v['type']) {
                            /* Radio box */
                            case 'radio':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label><div align="left" class="col-sm-9">';

-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';

-                                foreach ($options as $option) {
+                                foreach ($v['value']['radio_options'] as $option) {

-                                    if (strlen($k_value) == 0 || $k_value == $option) {
+                                    if (strlen($k_value) == 0) {
+                                        $k_value = $option;
+                                        $checked = empty($v['value']['no_default']) ? 'checked' : '';
+                                    } elseif ($k_value == $option) {
                                        $k_value = $option;
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                    } else {
                                        $checked = '';
                                    }

-                                    echo '<label style="font-weight: normal;"><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    //Clean up multiple dashes or whitespaces
+                                    $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
+                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
+
+                                    echo '<div class="radio"><label><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                }

-                                echo '</div></div>';
+                                echo '<div class="help-block with-errors"></div></div></div>';
                                break;

                            /* Select drop-down box */
                            case 'select':
+
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $cls . '>';
+                                echo '<div class="form-group' . $cls . '"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $required_attribute . '>';

                                // Show "Click to select"?
-                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                if ($num) {
+                                if (!empty($v['value']['show_select'])) {
                                    echo '<option value="">' . $hesklang['select'] . '</option>';
                                }

-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
+                                foreach ($v['value']['select_options'] as $option) {
                                    if ($k_value == $option) {
                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
+                                        $selected = 'selected';
                                    } else {
                                        $selected = '';
                                    }
@ -869,175 +829,104 @@ $show_quick_help = $show['show'];
                                    echo '<option ' . $selected . '>' . $option . '</option>';
                                }

-                                echo '</select></div></div>';
+                                echo '</select><div class="help-block with-errors"></div></div></div>';
                                break;

                            /* Checkbox */
                            case 'checkbox':
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                foreach ($options as $option) {
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label><div align="left" class="col-sm-9">';

+                                foreach ($v['value']['checkbox_options'] as $option) {
                                    if (in_array($option, $k_value)) {
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                    } else {
                                        $checked = '';
                                    }

-                                    echo '<label style="font-weight: normal;"><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    echo '<div class="checkbox"><label><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                }
-                                echo '</div></div>';
+                                echo '<div class="help-block with-errors"></div></div></div>';
                                break;

                            /* Large text box */
                            case 'textarea':
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $size = explode('#', $v['value']);
-                                $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                $size[1] = empty($size[1]) ? 30 : intval($size[1]);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></div>
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
+                        <div class="help-block with-errors"></div></div>
                        </div>';
                                break;

                            case 'date':
+                                if ($required_attribute != '') {
+                                    $required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
+                                }
+
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

                                echo '
-                        <div class="form-group">
-                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
+                        <div class="form-group' . $cls . '">
+                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
                            <div class="col-sm-9">
-                                <input type="text" class="datepicker form-control white-readonly ' . $cls . '" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
-                                    maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly/>
-                                <span class="help-block">' . $hesklang['date_format'] . '</span>
+                                <input type="text" class="datepicker form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
+                                    value="' . $k_value . '" ' . $required_attribute . '>
+                                <div class="help-block with-errors"></div>
                            </div>
                        </div>';
                                break;
-
-                            case 'multiselect':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group"><label for="' . $v['name'] . '[]" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '[]" ' . $cls . ' multiple>';
-
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if ($k_value == $option) {
-                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
-                                        $selected = '';
-                                    }
-
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
-                                }
-
-                                echo '</select>
-                        <div class="btn-group" role="group">
-                            <button type="button" class="btn btn-default" onclick="selectAll(\'' . $formattedId . '\')">'.$hesklang['select_all_title_case'].'</button>
-                            <button type="button" class="btn btn-default" onclick="deselectAll(\'' . $formattedId . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                        </div></div></div>';
-                                break;
-
                            case 'email':
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                if ($v['value'] == 'cc' || $v['value'] == 'bcc') {
-                                    // (b)cc isn't a valid email but is the "value" used by settings. Just remove it.
-                                    $v['value'] = '';
-                                }
+                                $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : '';

-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';

                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
-                        </div>';
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.' ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                        </div><div id="'.$k.'_suggestions"></div>';

                                break;

                            case 'hidden':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' />';
-
-                                break;
-
                            case 'readonly':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' readonly></div>
-                        </div>';
-
-                                break;
-
-                            /* Default text input */
                            default:
                                //Clean up multiple dashes or whitespaces
                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);

-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["as_$k"])) {
+                                    $v['value']['default_value'] = $k_value;
                                }

                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';

                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
                        </div>';
                        }
                    }
@ -1145,6 +1034,7 @@ $show_quick_help = $show['show'];
                        <input type="hidden" id="latitude" name="latitude" value="E-0">
                        <input type="hidden" id="longitude" name="longitude" value="E-0">
                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
+                        <input type="hidden" name="category" value="<?php echo $category; ?>">
                        <input type="submit" value="<?php echo $hesklang['sub_ticket']; ?>" class="btn btn-default">
                    </div>
                </div>
@ -1186,4 +1076,100 @@ hesk_cleanSessionVars('isnotice');

 require_once(HESK_PATH . 'inc/footer.inc.php');
 exit();
-?>
+
+/*** START FUNCTIONS ***/
+
+
+function print_select_category($number_of_categories) {
+    global $hesk_settings, $hesklang;
+
+    // A category needs to be selected
+    if (isset($_GET['category']) && empty($_GET['category'])) {
+        hesk_process_messages($hesklang['sel_app_cat'],'NOREDIRECT','NOTICE');
+    }
+
+    /* This will handle error, success and notice messages */
+    hesk_handle_messages();
+    ?>
+    <section class="content">
+        <div class="box">
+            <div class="box-header with-border">
+                <h1 class="box-title">
+                    <?php echo $hesklang['select_category_staff']; ?>
+                </h1>
+            </div>
+            <div class="box-body">
+                <div class="select_category">
+                    <?php
+                    // Print a select box if number of categories is large
+                    if ($number_of_categories > $hesk_settings['cat_show_select'])
+                    {
+                        ?>
+                        <form action="new_ticket.php" method="get">
+                            <select name="category" id="select_category" class="form-control">
+                                <?php
+                                if ($hesk_settings['select_cat'])
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+                                foreach ($hesk_settings['categories'] as $k=>$v)
+                                {
+                                    echo '<option value="'.$k.'">'.$v.'</option>';
+                                }
+                                ?>
+                            </select>
+
+                            &nbsp;<br />
+
+                            <div style="text-align:center">
+                                <input type="submit" value="<?php echo $hesklang['c2c']; ?>" class="btn btn-default">
+                            </div>
+                        </form>
+                        <?php
+                    }
+                    // Otherwise print quick links
+                    else
+                    {
+                        // echo '<li><a href="new_ticket.php?a=add&amp;category='.$k.'">&raquo; '.$v.'</a></li>';
+                        $new_row = 1;
+
+                        foreach ($hesk_settings['categories'] as $k=>$v):
+                            if ($new_row == 1) {
+                                echo '<div class="row">';
+                                $new_row = -1;
+                            }
+                            ?>
+                            <div class="col-md-5 col-sm-12 <?php if ($new_row == -1) {echo 'col-md-offset-1';} ?>">
+                                <a href="new_ticket.php?a=add&category=<?php echo $k; ?>" class="button-link">
+                                    <div class="panel panel-default">
+                                        <div class="panel-body">
+                                            <div class="row">
+                                                <div class="col-xs-12">
+                                                    <?php echo $v; ?>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </div>
+                            <?php
+                            $new_row++;
+                            if ($new_row == 1) {
+                                echo '</div>';
+                            }
+                        endforeach;
+                    }
+                    ?>
+                </div>
+            </div>
+        </div>
+    </section>
+
+    <?php
+
+    hesk_cleanSessionVars('iserror');
+    hesk_cleanSessionVars('isnotice');
+
+    require_once(HESK_PATH . 'inc/footer.inc.php');
+    exit();
+} // END print_select_category()
--- a/admin/options.php
+++ b/admin/options.php
@ -1,393 +0,0 @@
-<?php
-/*******************************************************************************
- *  Title: Help Desk Software HESK
- *  Version: 2.6.8 from 10th August 2016
- *  Author: Klemen Stirn
- *  Website: http://www.hesk.com
- ********************************************************************************
- *  COPYRIGHT AND TRADEMARK NOTICE
- *  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
- *  HESK is a registered trademark of Klemen Stirn.
- *  The HESK may be used and modified free of charge by anyone
- *  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
- *  By using this code you agree to indemnify Klemen Stirn from any
- *  liability that might arise from it's use.
- *  Selling the code for this program, in part or full, without prior
- *  written consent is expressly forbidden.
- *  Using this code, in part or full, to create derivate work,
- *  new scripts or products is expressly forbidden. Obtain permission
- *  before redistributing this software over the Internet or in
- *  any other medium. In all cases copyright and header must remain intact.
- *  This Copyright is in full effect in any country that has International
- *  Trade Agreements with the United States of America or
- *  with the European Union.
- *  Removing any of the copyright notices without purchasing a license
- *  is expressly forbidden. To remove HESK copyright notice you must purchase
- *  a license for this script. For more information on how to obtain
- *  a license please visit the page below:
- *  https://www.hesk.com/buy.php
- *******************************************************************************/
-
-define('IN_SCRIPT', 1);
-define('HESK_PATH', '../');
-
-/* Get all the required files and functions */
-require(HESK_PATH . 'hesk_settings.inc.php');
-require(HESK_PATH . 'inc/common.inc.php');
-require(HESK_PATH . 'inc/admin_functions.inc.php');
-
-$id = hesk_input(hesk_GET('i'));
-$query = hesk_input(hesk_utf8_urldecode(hesk_GET('q')));
-$type = hesk_input(hesk_GET('t', 'text'));
-$maxlen = intval(hesk_GET('m', 255));
-$query = stripslashes($query);
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
-<head>
-    <title><?php echo $hesklang['opt']; ?></title>
-    <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
-    <style type="text/css">
-        body {
-            margin: 5px 5px;
-            padding: 0;
-            background: #fff;
-            color: black;
-            font: 68.8%/1.5 Verdana, Geneva, Arial, Helvetica, sans-serif;
-            text-align: left;
-        }
-
-        p {
-            color: black;
-            font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
-            font-size: 1.0em;
-        }
-
-        h3 {
-            color: #AF0000;
-            font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
-            font-weight: bold;
-            font-size: 1.0em;
-            text-align: center;
-        }
-
-        .title {
-            color: black;
-            font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
-            font-weight: bold;
-            font-size: 1.0em;
-        }
-
-        .wrong {
-            color: red;
-        }
-
-        .correct {
-            color: green;
-        }
-    </style>
-</head>
-<body>
-
-<h3><?php echo $hesklang['opt']; ?></h3>
-
-<p><i><?php echo $hesklang['ns']; ?></i></p>
-
-<?php
-
-switch ($type) {
-    case 'text':
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o2\').value;
-            window.opener.document.getElementById(\'s_' . $id . '_maxlen\').value = document.getElementById(\'o1\').value;
-            window.close();
-        }
-        </script>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['custom_l'] . ':<td>
-        <td><input type="text" name="o1" id="o1" value="' . $maxlen . '" size="30" /></td>
-        </tr>
-        <tr>
-        <td>' . $hesklang['defw'] . ':<td>
-        <td><input type="text" name="o2" id="o2" value="' . $query . '" size="30" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'hidden':
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-            window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
-            window.close();
-        }
-        </script>
-        <p>' . $hesklang['hidden_custom_field_help'] . '</p>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['value_colon'] . '<td>
-        <td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'readonly':
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-            window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
-            window.close();
-        }
-        </script>
-        <p>' . $hesklang['readonly_custom_field_help'] . '</p>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['value_colon'] . '<td>
-        <td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'textarea':
-        if (strpos($query, '#') !== false) {
-            list($rows, $cols) = explode('#', $query);
-        } else {
-            $rows = '';
-            $cols = '';
-        }
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value + "#" + document.getElementById(\'o2\').value;
-            window.close();
-        }
-        </script>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['rows'] . ':<td>
-        <td><input type="text" name="o1" id="o1" value="' . $rows . '" size="5" /></td>
-        </tr>
-        <tr>
-        <td>' . $hesklang['cols'] . ':<td>
-        <td><input type="text" name="o2" id="o2" value="' . $cols . '" size="5" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'radio':
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-				else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['opt2'] . '</p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'select':
-        $query = str_replace('{HESK_SELECT}', '', $query, $show_select);
-
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-			else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-			if (document.getElementById(\'show_select\').checked)
-			{
-				text = "{HESK_SELECT}" + text;
-			}
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['opt3'] . '</p>
-        <p><label><input type="checkbox" name="show_select" id="show_select" value="1" ' . ($show_select ? 'checked="checked"' : '') . ' /> ' . $hesklang['show_select'] . '</label></p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'checkbox':
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-			else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['opt4'] . '</p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'date':
-        echo '<p>' . $hesklang['date_custom_field_text'] . '</p>';
-        break;
-    case 'multiselect':
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-			else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['multiple_select_custom_field_text'] . '</p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'email':
-        $ccSelected = $query == 'cc' ? 'selected="selected"' : '';
-        $bccSelected = $query == 'bcc' ? 'selected="selected"' : '';
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-            var dropdown = document.getElementById(\'o1\');
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = dropdown.options[dropdown.selectedIndex].value;
-            window.close();
-        }
-        </script>
-        <p>' . $hesklang['email_custom_field_help'] . '</p>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['email_custom_field_label'] . ':</td>
-        <td>
-            <select name="o1" id="o1">
-                <option value="cc" ' . $ccSelected . '>' . $hesklang['cc'] . '</option>
-                <option value="bcc" ' . $bccSelected . '>' . $hesklang['bcc'] . '</option>
-            </select>
-        </td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    default:
-        die('Invalid type');
-}
-?>
-
-<p align="center"><a href="#" onclick="Javascript:window.close()"><?php echo $hesklang['cwin']; ?></a></p>
-
-<p>&nbsp;</p>
-
-</body>
-
-</html>
-<?php
-exit();
-?>
--- a/admin/profile.php
+++ b/admin/profile.php
@ -115,7 +115,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                    /* Only update if it's a valid language */
                    if (isset($hesk_settings['languages'][$newlang])) {
                        $newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
-                        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
+                        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "'");
                    }
                }

@ -232,6 +232,21 @@ function update_profile()
    $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
    $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
    $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
+    $_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
+
+    if ($_SESSION['new']['autoreload']) {
+        $_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time'));
+
+        if (hesk_POST('secmin') == 'min') {
+            $_SESSION['new']['autoreload'] *= 60;
+        }
+
+        if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) {
+            $_SESSION['new']['autoreload'] = 30;
+        }
+    } else {
+        hesk_setcookie('autorefresh', '');
+    }

    /* Auto-start ticket timer */
    $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
@ -239,9 +254,6 @@ function update_profile()
    /* Default calendar view */
    $_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0);

-    /* Update auto-refresh time */
-    $_SESSION['new']['autorefresh'] = isset($_POST['autorefresh']) ? $_POST['autorefresh'] : 0;
-
    /* Notifications */
    if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges'])
        && strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) {
@ -274,7 +286,7 @@ function update_profile()
 		$sql_pass ,
 	    `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,
        `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,
-        `autorefresh`='" . intval($_SESSION['new']['autorefresh']) . "' ,
+        `autoreload`='".($_SESSION['new']['autoreload'])."' ,
 	    `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,
        `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,
        `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,
@ -288,7 +300,7 @@ function update_profile()
        `notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "',
        `show_suggested`='" . $_SESSION['new']['show_suggested'] . "',
        `default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . "
-	    WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"
+	    WHERE `id`='" . intval($_SESSION['id']) . "'"
        );

        /* Process the session variables */
--- a/admin/reports.php
+++ b/admin/reports.php
@ -65,23 +65,23 @@ $is_all_time = 0;
 /* Default this month to date */
 $date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
 $date_to = date('Y-m-d');
-$input_datefrom = date('m/d/Y', strtotime('last month'));
-$input_dateto = date('m/d/Y');
+$input_datefrom = date('Y-m-d', strtotime('last month'));
+$input_dateto = date('Y-m-d');

 /* Date */
 if (!empty($_GET['w'])) {
    $df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
    if (strlen($df) == 8) {
-        $date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2);
-        $input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4);
+        $date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
+        $input_datefrom = $date_from;
    } else {
        $date_from = date('Y-m-d', strtotime('last month'));
    }

    $dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
    if (strlen($dt) == 8) {
-        $date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
-        $input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
+        $date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
+        $input_dateto = $date_to;
    } else {
        $date_to = date('Y-m-d');
    }
@ -247,9 +247,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                <div class="form-group">
                    <label for="dtrg" class="control-label"><?php echo $hesklang['dtrg']; ?>:</label>

-                    <div class="radio move-right-20">
-                        <input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
+                    <div class="radio form-inline move-right-20">
+                        <input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> style="position: relative">
                        <select name="time" onclick="document.getElementById('w0').checked = true"
+                                class="form-control"
                                onfocus="document.getElementById('w0').checked = true"
                                style="margin-top:5px;margin-bottom:5px;">
                            <option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
@ -288,16 +289,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
                        </select>
                    </div>
-                    <div class="radio move-right-20">
-                        <input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
+                    <div class="radio form-inline move-right-20">
+                        <input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> style="position: relative">
                        <?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
                                                                value="<?php echo $input_datefrom; ?>"
-                                                                id="datefrom" class="tcal" size="10"
+                                                                id="datefrom" class="datepicker form-control" size="10"
                                                                onclick="document.getElementById('w1').checked = true"
                                                                onfocus="document.getElementById('w1').checked = true;this.focus;"/>
                        <?php echo $hesklang['to']; ?> <input type="text" name="dateto"
                                                              value="<?php echo $input_dateto; ?>" id="dateto"
-                                                              class="tcal" size="10"
+                                                              class="datepicker form-control" size="10"
                                                              onclick="document.getElementById('w1').checked = true"
                                                              onfocus="document.getElementById('w1').checked = true; this.focus;"/>
                    </div>
@ -530,7 +531,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');

                // Some variables we will need
                $tickets = array();
-                $totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0);
+                $totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0, 'openedby' => 0);

                // Get list of users
                $admins = array();
@ -550,6 +551,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                            'tickets' => 0,
                            'replies' => 0,
                            'worked' => '',
+                            'openedby' => 0,
                        );
                    }

@ -625,10 +627,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                // Convert total seconds worked to HH:MM:SS
                $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;

+                // Get total opened by tickets
+                $res = hesk_dbQuery("SELECT `openedby`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `openedby` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `openedby`");
+
+                // -> update ticket list values
+                while ($row = hesk_dbFetchAssoc($res))
+                {
+                    $tickets[$row['openedby']]['openedby'] += $row['cnt'];
+                    $totals['openedby'] += $row['cnt'];
+                }
+
                ?>
                <table class="table table-striped table-condensed">
                    <tr>
                        <th><?php echo $hesklang['user']; ?></th>
+                        <th><?php echo $hesklang['numsub']; ?></th>
                        <th><?php echo $hesklang['ticass']; ?></th>
                        <th><?php echo $hesklang['topen']; ?></th>
                        <th><?php echo $hesklang['closed_title']; ?></th>
@ -647,6 +660,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                        ?>
                        <tr>
                            <td><b><?php echo $hesklang['totals']; ?></b></td>
+                            <td><b><?php echo $totals['openedby']; ?></b></td>
                            <td><b><?php echo $totals['asstickets']; ?></b></td>
                            <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
                            <td><b><?php echo $totals['resolved']; ?></b></td>
@ -666,6 +680,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                        ?>
                        <tr>
                            <td><?php echo $admins[$k]; ?></td>
+                            <td><?php echo $d['openedby']; ?></td>
                            <td><?php echo $d['asstickets']; ?></td>
                            <td><?php echo $d['asstickets'] - $d['resolved']; ?></td>
                            <td><?php echo $d['resolved']; ?></td>
@ -682,6 +697,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                    ?>
                    <tr>
                        <td><b><?php echo $hesklang['totals']; ?></b></td>
+                        <td><b><?php echo $totals['openedby']; ?></b></td>
                        <td><b><?php echo $totals['asstickets']; ?></b></td>
                        <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
                        <td><b><?php echo $totals['resolved']; ?></b></td>
--- a/admin/service_messages.php
+++ b/admin/service_messages.php
@ -111,22 +111,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            <li role="presentation">
                <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
            </li>
+            ';
+                    }
+                    // Show a link to custom_fields.php if user has permission to do so
+                    if ( hesk_checkPermission('can_man_settings',0) ) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
+            </li>
            ';
                    }
                    ?>
                </ul>
                <div class="tab-content summaryList tabPadding">
-                    <script language="javascript" type="text/javascript"><!--
-                        function confirm_delete() {
-                            if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
-                                return true;
-                            }
-                            else {
-                                return false;
-                            }
-                        }
-                        //-->
-                    </script>
                    <div class="row">
                        <div class="col-sm-12">
                            <?php
@ -494,9 +491,9 @@ function save_sm()
    $message = hesk_getHTML(hesk_POST('message'));
 	
 	// Clean the HTML code
-	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-	$purifier = new HTMLPurifier();
-	$message = $purifier->purify($message);
+	require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+	$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+	$message = $purifier->heskPurify($message);

    // Any errors?
    if (count($hesk_error_buffer)) {
@ -547,7 +544,7 @@ function save_sm()
 	`style` = '{$style}',
 	`type` = '{$type}',
 	`icon` = '{$icon}'
-	WHERE `id`={$id} LIMIT 1");
+	WHERE `id`={$id}");

    $_SESSION['smord'] = $id;
    hesk_process_messages($hesklang['sm_mdf'], 'service_messages.php', 'SUCCESS');
@ -588,7 +585,7 @@ function order_sm()
    $_SESSION['smord'] = $id;

    // Update article details
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id} LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id}");

    // Update order of all service messages
    update_sm_order();
@ -610,7 +607,7 @@ function update_sm_order()
    // Update database
    $i = 10;
    while ($sm = hesk_dbFetchAssoc($res)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "'");
        $i += 10;
    }

@ -630,7 +627,7 @@ function remove_sm()
    $id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']);

    // Delete the service message
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id}");

    // Were we successful?
    if (hesk_dbAffectedRows() == 1) {
@ -663,9 +660,9 @@ function new_sm()
    $message = hesk_getHTML(hesk_POST('message'));
 	
 	// Clean the HTML code
-	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-	$purifier = new HTMLPurifier();
-	$message = $purifier->purify($message);
+	require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+	$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+	$message = $purifier->heskPurify($message);

    // Any errors?
    if (count($hesk_error_buffer)) {
--- a/admin/show_tickets.php
+++ b/admin/show_tickets.php
@ -45,6 +45,7 @@ hesk_dbConnect();
 hesk_isLoggedIn();

 define('CALENDAR', 1);
+define('AUTO_RELOAD',1);

 /* Check permissions for this feature */
 hesk_checkPermission('can_view_tickets');
@ -69,6 +70,14 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            </div>
        </div>
        <div class="box-body">
+            <div class="checkbox">
+                <label>
+                    <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                    <?php echo $hesklang['arp']; ?>
+                    <span id="timer"></span>
+                </label>
+            </div>
+            <script type="text/javascript">heskCheckReloading();</script>
            <?php
            /* Print the list of tickets */
            $is_search = 1;
@ -84,32 +93,28 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            ?>
        </div>
    </div>
-    <div class="box">
-        <div class="box-body">
-            <?php
-            $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
-        CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
-        SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
-        SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
-        SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
-        iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
-        CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
-        yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
-        HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
-        FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8aHIgL
-        z48dGFibGUgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+PHRyPjx0ZD48Yj4nLiRoZXNrbGFuZ1sncmVtb
-        3ZlX3N0YXRlbWVudCddLic8L2I+PC90ZD48dGQgc3R5bGU9InRleHQtYWxpZ246cmlnaHQiPjxhIGhyZ
-        WY9IkphdmFzY3JpcHQ6dm9pZCgwKSIgb25jbGljaz0iYWxlcnQoXCcnLiRoZXNrbGFuZ1snc3VwcG9yd
-        F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
-        icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
-        29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
-        C9wPic7DQp9DQo=', "\112");
+    <?php
+    $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
+CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
+SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
+SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
+SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
+iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
+CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
+yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
+HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
+FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8aHIgL
+z48dGFibGUgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+PHRyPjx0ZD48Yj4nLiRoZXNrbGFuZ1sncmVtb
+3ZlX3N0YXRlbWVudCddLic8L2I+PC90ZD48dGQgc3R5bGU9InRleHQtYWxpZ246cmlnaHQiPjxhIGhyZ
+WY9IkphdmFzY3JpcHQ6dm9pZCgwKSIgb25jbGljaz0iYWxlcnQoXCcnLiRoZXNrbGFuZ1snc3VwcG9yd
+F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
+icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
+29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
+C9wPic7DQp9DQo=', "\112");

-            /* Clean unneeded session variables */
-            hesk_cleanSessionVars('hide');
-            ?>
-        </div>
-    </div>
+    /* Clean unneeded session variables */
+    hesk_cleanSessionVars('hide');
+    ?>
 </section>
 <?php

--- a/change_status.php
+++ b/change_status.php
@ -107,11 +107,21 @@ hesk_dbConnect();
 // Verify email address match if needed
 hesk_verifyEmailMatch($trackingID);

+// Setup required session vars
+$_SESSION['t_track'] = $trackingID;
+$_SESSION['t_email'] = $hesk_settings['e_email'];
+
+// Load statuses
+require_once(HESK_PATH . 'inc/statuses.inc.php');
+
+// Is current ticket status even changeable by customers?
+$ticket = hesk_dbFetchAssoc( hesk_dbQuery( "SELECT `status`, `staffreplies`, `lastreplier` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1") );
+if (!hesk_can_customer_change_status($ticket['status'])) {
+    hesk_process_messages($hesklang['scno'],'ticket.php');
+}
+
 // Lets make status assignment a bit smarter when reopening tickets
 if ($oldStatus == 2) {
-    // Get number of replies and last replier (customer or staff)
-    $ticket = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `staffreplies`, `lastreplier` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"));
-
    // If ticket has no staff replies set the status to "New"
    if ($ticket['staffreplies'] < 1) {
        $statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1');
@ -128,11 +138,11 @@ if ($oldStatus == 2) {


 // Modify values in the database
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1'");

 // Did we modify anything*
 if (hesk_dbAffectedRows() != 1) {
-    hesk_error($hesklang['elocked']);
+    hesk_process_messages($hesklang['elocked'],'ticket.php');
 }

 // Show success message
--- a/css/mods-for-hesk-new.css
+++ b/css/mods-for-hesk-new.css
@ -150,4 +150,30 @@ button.dropdown-submit {

 .login-box-body {
    border-radius: 5px;
+}
+
+.button-link {
+    color: #4a5571;
+}
+
+.button-link:hover {
+    text-decoration: none;
+    color: #000;
+}
+
+.button-link .col-xs-1 {
+    margin: 0 auto;
+    padding: 0;
+}
+
+.button-link .panel-body:hover {
+    background-color: #EEE;
+}
+
+.timeline-header.header-info {
+    font-size: 14px !important;
+}
+
+.full-width {
+    width: 100%;
 }
--- a/hesk_javascript.js
+++ b/hesk_javascript.js
@ -241,9 +241,10 @@ function hesk_suggestKBsearch(isAdmin) {
    setTimeout('hesk_suggestKBsearch(' + isAdmin + ');', 2000);
 }

-function hesk_suggestEmail(isAdmin) {
-    var email = document.form1.email.value;
-    var element = document.getElementById('email_suggestions');
+function hesk_suggestEmail(emailField, displayDiv, padDiv, isAdmin, allowMultiple) {
+    allowMultiple = allowMultiple || 0;
+    var email = document.getElementById(emailField).value;
+    var element = document.getElementById(displayDiv);

    if (isAdmin) {
        var path = '../suggest_email.php';
@ -253,7 +254,11 @@ function hesk_suggestEmail(isAdmin) {
    }

    if (email != '') {
-        var params = "e=" + encodeURIComponent(email);
+        var params = "e=" + encodeURIComponent(email) + "&ef=" + encodeURIComponent(emailField) + "&dd=" + encodeURIComponent(displayDiv) + "&pd=" + encodeURIComponent(padDiv);
+
+        if (allowMultiple) {
+            params += "&am=1";
+        }

        xmlHttp = GetXmlHttpObject();
        if (xmlHttp == null) {
@ -369,7 +374,7 @@ function hesk_contains(password, validChars) {
 }

 function setCookie(name, value, expires, path, domain, secure) {
-    document.cookie = name + "=" + escape(value) +
+    document.cookie= name + "=" + escape(value) +
        ((expires) ? "; expires=" + expires.toGMTString() : "") +
        ((path) ? "; path=" + path : "") +
        ((domain) ? "; domain=" + domain : "") +
--- a/hesk_style.css
+++ b/hesk_style.css
@ -755,4 +755,60 @@ td.admin_yellow {
 	height:16px; 
 	font-size:12px; 
 	margin-top:2px;
+}
+
+/* New styles in HESK version 2.7 */
+
+div.select_category
+{
+	min-width: 50%;
+	min-height: 300px;
+	display: inline-block;
+	text-align:left;
+	margin-top: 10px;
+}
+
+#select_category {
+	border: 1px solid #111;
+	background: transparent;
+	width: 100%;
+	padding: 5px 35px 5px 5px;
+	font-size: 14px;
+	border: 1px solid #ccc;
+	height: 34px;
+}
+
+#ul_category {
+	list-style-type: none;
+	margin: 0;
+	padding: 0;
+}
+
+#ul_category li {
+	border: 1px solid #d1d5d7;
+	border-top: none;
+	border-radius: 2px;
+}
+
+#ul_category li:first-child {
+	border-top: 1px solid #d1d5d7;
+}
+
+#ul_category li a {
+	display: block;
+	font-size: 14px;
+	padding: 0.75em 0.75em;
+	text-decoration: none;
+	transition: all 0.12s ease;
+	word-wrap: break-word;
+}
+
+#ul_category li a:hover {
+	color: black;
+	background-color: #e9ffdb;
+}
+
+select.multiple {
+	font-size: 12px;
+	height: auto;
 }
--- a/inc/admin_functions.inc.php
+++ b/inc/admin_functions.inc.php
@ -51,13 +51,6 @@ $hesk_settings['possible_ticket_list'] = array(
    'time_worked' => $hesklang['ts'],
 );

-// Also possible to display all custom fields
-for ($i = 1; $i <= 20; $i++) {
-    if ($hesk_settings['custom_fields']['custom' . $i]['use']) {
-        $hesk_settings['possible_ticket_list']['custom' . $i] = $hesk_settings['custom_fields']['custom' . $i]['name'];
-    }
-}
-
 /*** FUNCTIONS ***/


@ -256,7 +249,7 @@ function hesk_mergeTickets($merge_these, $merge_into)
    }

    /* Update history (log) and merged IDs of target ticket */
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "'");

    return true;

@ -393,8 +386,8 @@ function hesk_autoLogin($noredirect = 0)
    /* Check username */
    $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
    if (hesk_dbNumRows($result) != 1) {
-        setcookie('hesk_username', '');
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', '');
+        hesk_setcookie('hesk_p', '');
        header('Location: '.$url);
        exit();
    }
@ -403,8 +396,8 @@ function hesk_autoLogin($noredirect = 0)

    /* Check password */
    if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
-        setcookie('hesk_username', '');
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', '');
+        hesk_setcookie('hesk_p', '');
        header('Location: '.$url);
        exit();
    }
@ -437,8 +430,8 @@ function hesk_autoLogin($noredirect = 0)
    }

    /* Renew cookies */
-    setcookie('hesk_username', "$user", strtotime('+1 year'));
-    setcookie('hesk_p', "$hash", strtotime('+1 year'));
+    hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+    hesk_setcookie('hesk_p', "$hash", strtotime('+1 year'));

    /* Close any old tickets here so Cron jobs aren't necessary */
    if ($hesk_settings['autoclose']) {
@ -646,7 +639,8 @@ function hesk_formatDate($dt, $from_database = true)

 function hesk_jsString($str)
 {
-    $str = str_replace(array('\'', '<br />'), array('\\\'', ''), $str);
+    $str  = addslashes($str);
+    $str  = str_replace('<br />' , '' , $str);
    $from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
    $to = array("\\r\\n' + \r\n'", "$1", "$1");
    return preg_replace($from, $to, $str);
@ -715,3 +709,53 @@ function hesk_checkPermission($feature, $showerror = 1)
    }

 } // END hesk_checkPermission()
+
+function hesk_purge_cache($type = '', $expire_after_seconds = 0)
+{
+    global $hesk_settings;
+
+    $cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
+
+    if ( ! is_dir($cache_dir))
+    {
+        return false;
+    }
+
+    switch ($type)
+    {
+        case 'export':
+            $files = glob($cache_dir.'hesk_export_*', GLOB_NOSORT);
+            break;
+        case 'status':
+            $files = glob($cache_dir.'status_*', GLOB_NOSORT);
+            break;
+        case 'cf':
+            $files = glob($cache_dir.'cf_*', GLOB_NOSORT);
+            break;
+        default:
+            hesk_rrmdir(trim($cache_dir, '/'), true);
+            return true;
+    }
+
+    if (is_array($files))
+    {
+        array_walk($files, 'hesk_unlink_callable', $expire_after_seconds);
+    }
+
+    return true;
+
+} // END hesk_purge_cache()
+
+
+function hesk_rrmdir($dir, $keep_top_level=false)
+{
+    $files = $keep_top_level ? array_diff(scandir($dir), array('.','..','index.htm')) : array_diff(scandir($dir), array('.','..'));
+
+    foreach ($files as $file)
+    {
+        (is_dir("$dir/$file")) ? hesk_rrmdir("$dir/$file") : @unlink("$dir/$file");
+    }
+
+    return $keep_top_level ? true : @rmdir($dir);
+
+} // END hesk_rrmdir()
--- a/inc/common.inc.php
+++ b/inc/common.inc.php
@ -35,10 +35,20 @@ if (!defined('IN_SCRIPT')) {

 #error_reporting(E_ALL);

-// Set correct Content-Type header
-if (!defined('NO_HTTP_HEADER')) {
+/*
+ * If code is executed from CLI, don't force SSL
+ * else set correct Content-Type header
+ */
+if (defined('NO_HTTP_HEADER')) {
+    $hesk_settings['force_ssl'] = false;
+} else {
    header('Content-Type: text/html; charset=utf-8');
-	header('X-Frame-Options: SAMEORIGIN');
+
+    // Don't allow HESK to be loaded in a frame on third party domains
+    if ($hesk_settings['x_frame_opt'])
+    {
+        header('X-Frame-Options: SAMEORIGIN');
+    }
 }

 // Set backslash options
@ -56,12 +66,47 @@ if (!defined('ENT_XHTML')) {
    define('ENT_XHTML', 0);
 }

+// Is this is a SSL connection?
+if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
+    define('HESK_SSL', true);
+
+    // Use https-only cookies
+    @ini_set('session.cookie_secure', 1);
+} else {
+    // Force redirect?
+    if ($hesk_settings['force_ssl']) {
+        header('HTTP/1.1 301 Moved Permanently');
+        header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+        exit();
+    }
+
+    define('HESK_SSL', false);
+}
+
+// Prevents javascript XSS attacks aimed to steal the session ID
+@ini_set('session.cookie_httponly', 1);
+
+// **PREVENTING SESSION FIXATION**
+// Session ID cannot be passed through URLs
+@ini_set('session.use_only_cookies', 1);
+
+
 // Load language file
 hesk_getLanguage();


 /*** FUNCTIONS ***/

+function hesk_setcookie($name, $value, $expire=0, $path=""){
+    if (HESK_SSL) {
+        setcookie($name, $value, $expire, $path, "", true, true);
+    } else {
+        setcookie($name, $value, $expire, $path, "", false, true);
+    }
+
+    return true;
+} // END hesk_setcookie()
+
 function hesk_service_message($sm)
 {
    $faIcon = $sm['icon'];
@ -145,6 +190,11 @@ function hesk_clean_utf8($in)

 function hesk_load_database_functions()
 {
+    // Already loaded?
+    if (function_exists('hesk_dbQuery')) {
+        return true;
+    }
+
    // Preferrably use the MySQLi functions
    if (function_exists('mysqli_connect')) {
        require(HESK_PATH . 'inc/database_mysqli.inc.php');
@ -196,6 +246,12 @@ function hesk_unlink($file, $older_than = 0)
 } // END hesk_unlink()


+function hesk_unlink_callable($file, $key, $older_than=0)
+{
+    return hesk_unlink($file, $older_than);
+} // END hesk_unlink_callable()
+
+
 function hesk_utf8_urldecode($in)
 {
    $in = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($in));
@ -204,7 +260,11 @@ function hesk_utf8_urldecode($in)

 function hesk_SESSION($in, $default = '')
 {
-    return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
+    if (is_array($in)) {
+        return isset($_SESSION[$in[0]][$in[1]]) && ! is_array(isset($_SESSION[$in[0]][$in[1]])) ? $_SESSION[$in[0]][$in[1]] : $default;
+    } else {
+        return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
+    }
 } // END hesk_SESSION();


@ -327,7 +387,7 @@ function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $e

    /* Email doesn't match, clean cookies and error out */
    if ($error) {
-        setcookie('hesk_myemail', '');
+        hesk_setcookie('hesk_myemail', '');
        hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
    } else {
        return false;
@ -365,7 +425,7 @@ function hesk_getCustomerEmail($can_remember = 0, $field = '')
    if (isset($_GET['e']) || isset($_POST['e'])) {
        $my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0);
    } /* Is email in cookie? */
-    elseif ( isset($_GET['e']) || isset($_POST['e']) ) {
+    elseif (isset($_COOKIE['hesk_myemail'])) {
        $my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0);
        if ($can_remember && $my_email) {
            $do_remember = ' checked="checked" ';
@ -970,7 +1030,7 @@ function hesk_showTopBar($page_title)
    echo $page_title;
 } // END hesk_showTopBar()

-function hesk_getLanguagesAsFormIfNecessary()
+function hesk_getLanguagesAsFormIfNecessary($trackingID = false)
 {

    global $hesk_settings, $hesklang;
@ -979,6 +1039,14 @@ function hesk_getLanguagesAsFormIfNecessary()

        $str = '<form method="get" action="" role="form" style="margin:0;padding:0;border:0;white-space:nowrap;">';

+        if ($trackingID !== false) {
+            $str .= '<input type="hidden" name="track" value="'.hesk_htmlentities($trackingID).'">';
+
+            if ($hesk_settings['email_view_ticket'] && isset($hesk_settings['e_email'])) {
+                $str .= '<input type="hidden" name="e" value="'.hesk_htmlentities($hesk_settings['e_email']).'">';
+            }
+        }
+
        if (!isset($_GET)) {
            $_GET = array();
        }
@ -1105,7 +1173,7 @@ function hesk_getLanguage()
    }

    /* Remember and set the selected language */
-    setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
+    hesk_setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
    return hesk_returnLanguage();
 } // END hesk_getLanguage()

@ -1113,10 +1181,45 @@ function hesk_getLanguage()
 function hesk_returnLanguage()
 {
    global $hesk_settings, $hesklang;
-    require(HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php');
-    $customLanguagePath = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
-    if (file_exists($customLanguagePath)) {
-        include($customLanguagePath);
+    // Variable that will be set to true if a language file was loaded
+    $language_loaded = false;
+
+    // Load requested language file
+    $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php';
+    if (file_exists($language_file)) {
+        require($language_file);
+        $language_loaded = true;
+    }
+
+    // Requested language file not found, try to load default installed language
+    if (!$language_loaded && $hesk_settings['language'] != HESK_DEFAULT_LANGUAGE) {
+        $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][HESK_DEFAULT_LANGUAGE]['folder'] . '/text.php';
+        if (file_exists($language_file)) {
+            require($language_file);
+            $language_loaded = true;
+            $hesk_settings['language'] = HESK_DEFAULT_LANGUAGE;
+        }
+    }
+
+    // Requested language file not found, can we at least load English?
+    if (!$language_loaded && $hesk_settings['language'] != 'English' && HESK_DEFAULT_LANGUAGE != 'English') {
+        $language_file = HESK_PATH . 'language/en/text.php';
+        if (file_exists($language_file)) {
+            require($language_file);
+            $language_loaded = true;
+            $hesk_settings['language'] = 'English';
+        }
+    }
+
+    // If a language is still not loaded, give up
+    if (!$language_loaded) {
+        die('Count not load a valid language file.');
+    }
+
+    // Load a custom text file if available
+    $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
+    if (file_exists($language_file)) {
+        require($language_file);
    }
    return true;
 } // END hesk_returnLanguage()
@ -1637,9 +1740,43 @@ function hesk_check_maintenance($dodie = true)

    <div class="alert alert-warning" style="margin: 20px">
        <i class="fa fa-exclamation-triangle"></i>
-        <b><?php echo $hesklang['mm1']; ?></b><br/><br/>
-        <?php echo $hesklang['mm2']; ?><br/><br/>
-        <?php echo $hesklang['mm3']; ?>
+        <?php
+        // Has the help desk been installed yet?
+        if (
+            $hesk_settings['maintenance_mode'] == 0 &&
+            $hesk_settings['question_ans'] == 'PB6YM' &&
+
+            $hesk_settings['site_title'] == 'My Web site' &&
+            $hesk_settings['site_url'] == 'http://www.example.com' &&
+            $hesk_settings['webmaster_mail'] == 'support@example.com' &&
+            $hesk_settings['noreply_mail'] == 'support@example.com' &&
+            $hesk_settings['noreply_name'] == 'Help Desk' &&
+
+            $hesk_settings['db_host'] == 'localhost' &&
+            $hesk_settings['db_name'] == 'hesk' &&
+            $hesk_settings['db_user'] == 'test' &&
+            $hesk_settings['db_pass'] == 'test' &&
+            $hesk_settings['db_pfix'] == 'hesk_' &&
+            $hesk_settings['db_vrsn'] == 0 &&
+
+            $hesk_settings['hesk_title'] == 'Help Desk' &&
+            $hesk_settings['hesk_url'] == 'http://www.example.com/helpdesk'
+        )
+        {
+            echo "
+        <b>{$hesklang['hni1']}</b><br /><br />
+        {$hesklang['hni2']}<br /><br />
+        {$hesklang['hni3']}";
+        }
+        // Hesk appears to be installed, show a "Maintenance in progress" message
+        else
+        {
+            echo "
+        <b>{$hesklang['mm1']}</b><br /><br />
+        {$hesklang['mm2']}<br /><br />
+        {$hesklang['mm3']}";
+        }
+        ?>
    </div>
    <?php
    require_once(HESK_PATH . 'inc/footer.inc.php');
@ -1769,8 +1906,11 @@ function hesk_getFeatureArray()
        'can_del_tickets',        /* User can delete tickets */
        'can_edit_tickets',        /* User can edit tickets */
        'can_merge_tickets',    /* User can merge tickets */
+        'can_resolve',			/* User can resolve tickets */
+        'can_submit_any_cat',	/* User can submit a ticket to any category/department */
        'can_del_notes',        /* User can delete ticket notes posted by other staff members */
-        'can_change_cat',        /* User can move ticke to a new category/department */
+        'can_change_cat',		/* User can move ticket to any category/department */
+        'can_change_own_cat',	/* User can move ticket to a category/department he/she has access to */
        'can_man_kb',            /* User can manage knowledgebase articles and categories */
        'can_man_users',        /* User can create and edit staff accounts */
        'can_man_cat',            /* User can manage categories/departments */
@ -1790,7 +1930,7 @@ function hesk_getFeatureArray()
        'can_ban_ips',            /* User can ban IP addresses */
        'can_unban_ips',        /* User can delete IP bans. Also enables "can_ban_ips" */
        'can_service_msg',        /* User can manage service messages shown in customer interface */
-        'can_man_email_tpl',    /* User can manage email templates */
+        'can_email_tpl',    /* User can manage email templates */
        'can_man_ticket_statuses', /* User can manage ticket statuses */
        'can_set_manager', /* User can set category managers */
        'can_man_permission_tpl', /* User can manage permission templates */
--- a/inc/custom_fields.inc.php
+++ b/inc/custom_fields.inc.php
@ -0,0 +1,249 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * http://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * http://www.hesk.com/eula.php
+ *
+ */
+
+/* Check if this is a valid include */
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+// Get and append custom fields setup to the settings
+hesk_load_custom_fields();
+
+// Save number of custom fields
+$hesk_settings['num_custom_fields'] = count($hesk_settings['custom_fields']);
+
+// Load custom fields for admin functions
+if (function_exists('hesk_checkPermission'))
+{
+	foreach ($hesk_settings['custom_fields'] as $k => $v)
+	{
+		$hesk_settings['possible_ticket_list'][$k] = $hesk_settings['custom_fields'][$k]['title'];
+	}
+}
+
+
+/*** FUNCTIONS ***/
+
+
+function hesk_load_custom_fields($category=0, $use_cache=1)
+{
+	global $hesk_settings, $hesklang;
+
+	// Do we have a cached version available
+	$cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
+	$cache_file = $cache_dir . 'cf_' . sha1($hesk_settings['language']).'.cache.php';
+
+	if ($use_cache && file_exists($cache_file))
+	{
+		require($cache_file);
+		return true;
+	}
+
+	// Get custom fields from the database
+	$hesk_settings['custom_fields'] = array();
+
+    // Make sure we have database connection
+    hesk_load_database_functions();
+    hesk_dbConnect();
+
+	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use` IN ('1', '2') ORDER BY `place` ASC, `order` ASC");
+	while ($row = hesk_dbFetchAssoc($res))
+	{
+		$id = 'custom' . $row['id'];
+		unset($row['id']);
+
+		// Let's set field name for current language (or the first one we find)
+		$names = json_decode($row['name'], true);
+		$row['name'] = (isset($names[$hesk_settings['language']])) ? $names[$hesk_settings['language']] : reset($names);
+
+        // Name for display in ticket list; punctuation removed and shortened
+        $row['title'] = hesk_remove_punctuation($row['name']);
+        $row['title'] = strlen($row['title']) > 30 ?  substr($row['title'], 0, 30) . '...' : $row['title'];
+
+        // A version with forced punctuation
+        $row['name:'] = in_array(substr($row['name'], -1), array(':', '?', '!', '.') ) ? $row['name'] : $row['name'] . ':';
+
+		// Decode categories
+		$row['category'] = strlen($row['category']) ? json_decode($row['category'], true) : array();
+
+		// Decode options
+		$row['value'] = json_decode($row['value'], true);
+
+		// Add to custom_fields array
+		$hesk_settings['custom_fields'][$id] = $row;
+	}
+
+    // Try to cache results
+    if ($use_cache && (is_dir($cache_dir) || ( @mkdir($cache_dir, 0777) && is_writable($cache_dir) ) ) )
+    {
+        // Is there an index.htm file?
+        if ( ! file_exists($cache_dir.'index.htm'))
+        {
+            @file_put_contents($cache_dir.'index.htm', '');
+        }
+
+        // Write data
+        @file_put_contents($cache_file, '<?php if (!defined(\'IN_SCRIPT\')) {die();} $hesk_settings[\'custom_fields\']=' . var_export($hesk_settings['custom_fields'], true) . ';' );
+    }
+
+	return true;
+} // END hesk_load_custom_fields()
+
+
+function hesk_is_custom_field_in_category($custom_id, $category_id)
+{
+	global $hesk_settings;
+
+	return (
+			empty($hesk_settings['custom_fields'][$custom_id]['category']) ||
+			in_array($category_id, $hesk_settings['custom_fields'][$custom_id]['category'])
+			) ? true : false;
+} // END hesk_is_custom_field_in_category()
+
+
+function hesk_custom_field_type($type)
+{
+	global $hesklang;
+
+	switch ($type)
+	{
+		case 'text':
+			return $hesklang['stf'];
+		case 'textarea':
+			return $hesklang['stb'];
+		case 'radio':
+			return $hesklang['srb'];
+		case 'select':
+			return $hesklang['ssb'];
+		case 'checkbox':
+			return $hesklang['scb'];
+		case 'email':
+			return $hesklang['email'];
+		case 'date':
+			return $hesklang['date'];
+		case 'hidden':
+			return $hesklang['sch'];
+		case 'readonly':
+			return $hesklang['readonly'];
+		default:
+			return false;
+	}
+
+} // END hesk_custom_field_type()
+
+
+function hesk_custom_date_display_format($timestamp, $format = 'F j, Y')
+{
+	global $hesklang;
+
+	if ($timestamp == '')
+	{
+		return '';
+	}
+
+    if ( ! is_int($timestamp))
+    {
+        $timestamp = $timestamp * 1;
+    }
+
+	if ($hesklang['LANGUAGE']=='English')
+    {
+		return gmdate($format, $timestamp);
+    }
+
+    // Attempt to translate date for non-English users
+
+	$translate_months = array(
+		'January' => $hesklang['m1'],
+		'February' => $hesklang['m2'],
+		'March' => $hesklang['m3'],
+		'April' => $hesklang['m4'],
+		'May' => $hesklang['m5'],
+		'June' => $hesklang['m6'],
+		'July' => $hesklang['m7'],
+		'August' => $hesklang['m8'],
+		'September' => $hesklang['m9'],
+		'October' => $hesklang['m10'],
+		'November' => $hesklang['m11'],
+		'December' => $hesklang['m12']
+    );
+
+	$translate_months_short = array(
+		'Jan' => $hesklang['ms01'],
+		'Feb' => $hesklang['ms02'],
+		'Mar' => $hesklang['ms03'],
+		'Apr' => $hesklang['ms04'],
+		'May' => $hesklang['ms05'],
+		'Jun' => $hesklang['ms06'],
+		'Jul' => $hesklang['ms07'],
+		'Aug' => $hesklang['ms08'],
+		'Sep' => $hesklang['ms09'],
+		'Oct' => $hesklang['ms10'],
+		'Nov' => $hesklang['ms11'],
+		'Dec' => $hesklang['ms12']
+    );
+
+	$translate_days = array(
+		'Monday' => $hesklang['d1'],
+		'Tuesday' => $hesklang['d2'],
+		'Wednesday' => $hesklang['d3'],
+		'Thursday' => $hesklang['d4'],
+		'Friday' => $hesklang['d5'],
+		'Saturday' => $hesklang['d6'],
+		'Sunday' => $hesklang['d0']
+    );
+
+	$translate_days_short = array(
+		'Mon' => $hesklang['mo'],
+		'Tuw' => $hesklang['tu'],
+		'Wes' => $hesklang['we'],
+		'Thu' => $hesklang['th'],
+		'Fri' => $hesklang['fr'],
+		'Sat' => $hesklang['sa'],
+		'Sun' => $hesklang['su']
+    );
+
+    $date_translate = array();
+
+	if (strpos($format, 'F') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_months);
+    }
+
+	if (strpos($format, 'M') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_months_short);
+    }
+
+	if (strpos($format, 'l') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_days);
+    }
+
+	if (strpos($format, 'D') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_days_short);
+    }
+
+	if (count($date_translate))
+    {
+		return str_replace( array_keys($date_translate), array_values($date_translate), gmdate($format, $timestamp));
+    }
+
+    return gmdate($format, $timestamp);
+
+} // END hesk_custom_date_display_format()
+
+
+function hesk_remove_punctuation($in)
+{
+    return rtrim($in, ':?!.');
+} // END hesk_remove_punctuation()
--- a/inc/email_functions.inc.php
+++ b/inc/email_functions.inc.php
@ -33,6 +33,9 @@ if (!defined('IN_SCRIPT')) {
    die('Invalid attempt');
 }

+// Make sure custom fields are loaded
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* Get includes for SMTP */
 if ($hesk_settings['smtp']) {
    require(HESK_PATH . 'inc/mail/smtp.php');
@ -63,7 +66,9 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
    // Add Cc / Bcc recipents if needed
    $ccEmails = array();
    $bccEmails = array();
-    foreach ($hesk_settings['custom_fields'] as $k => $v) {
+
+    //TODO Update the email custom field to handle this properly
+    /*foreach ($hesk_settings['custom_fields'] as $k => $v) {
        if ($v['use']) {
            if ($v['type'] == 'email' && !empty($ticket[$k])) {
                if ($v['value'] == 'cc') {
@ -75,7 +80,7 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
                }
            }
        }
-    }
+    }*/

    hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
 }
@ -106,7 +111,9 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
    // Add Cc / Bcc recipents if needed
    $ccEmails = array();
    $bccEmails = array();
-    foreach ($hesk_settings['custom_fields'] as $k => $v) {
+
+    //TODO Update the email custom field to handle this properly
+    /*foreach ($hesk_settings['custom_fields'] as $k => $v) {
        if ($v['use']) {
            if ($v['type'] == 'email' && !empty($ticket[$k])) {
                if ($v['value'] == 'cc') {
@ -116,7 +123,7 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
                }
            }
        }
-    }
+    }*/

    // Send e-mail
    hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
@ -846,15 +853,24 @@ function hesk_processMessage($msg, $ticket, $is_admin, $is_ticket, $just_message
    $msg = str_replace('%%ID%%', $ticket['id'], $msg);

    /* All custom fields */
-    foreach ($hesk_settings['custom_fields'] as $k => $v) {
-        if ($v['use']) {
-            if ($v['type'] == 'checkbox') {
-                $ticket[$k] = str_replace("<br />", "\n", $ticket[$k]);
+    for ($i=1; $i<=50; $i++) {
+        $k = 'custom'.$i;
+
+        if (isset($hesk_settings['custom_fields'][$k])) {
+            $v = $hesk_settings['custom_fields'][$k];
+
+            switch ($v['type']) {
+                case 'checkbox':
+                    $ticket[$k] = str_replace("<br>","\n",$ticket[$k]);
+                    break;
+                case 'date':
+                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                    break;
            }

-            $msg = str_replace('%%' . strtoupper($k) . '%%', stripslashes($ticket[$k]), $msg);
+            $msg = str_replace('%%'.strtoupper($k).'%%',stripslashes($ticket[$k]),$msg);
        } else {
-            $msg = str_replace('%%' . strtoupper($k) . '%%', '', $msg);
+            $msg = str_replace('%%'.strtoupper($k).'%%','',$msg);
        }
    }

--- a/inc/footer.inc.php
+++ b/inc/footer.inc.php
@ -0,0 +1,90 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * http://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * http://www.hesk.com/eula.php
+ *
+ */
+
+// Check if this is a valid include
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+// Auto-select first empty or error field on non-staff pages?
+if (defined('AUTOFOCUS'))
+{
+?>
+<script language="javascript">
+(function(){
+	var forms = document.forms || [];
+	for(var i = 0; i < forms.length; i++)
+    {
+		for(var j = 0; j < forms[i].length; j++)
+        {
+			if(
+				!forms[i][j].readonly != undefined &&
+				forms[i][j].type != "hidden" &&
+				forms[i][j].disabled != true &&
+				forms[i][j].style.display != 'none' &&
+				(forms[i][j].className == 'isError' || forms[i][j].className == 'isNotice' || forms[i][j].value == '')
+			)
+	        {
+				forms[i][j].focus();
+				return;
+			}
+		}
+	}
+})();
+</script>
+<?php
+}
+
+// Users online
+if (defined('SHOW_ONLINE'))
+{
+	hesk_printOnline();
+}
+
+// The closing div here is to close the content area on each page. Annoying, but necessary.
+if (defined('ADMIN_PAGE')) {
+	echo '
+	</div>
+	<footer class="main-footer">';
+}
+
+
+/*******************************************************************************
+The code below handles HESK licensing. Removing or modifying this code without
+purchasing a HESK license is strictly prohibited.
+
+To purchase a HESK license and support future HESK development please visit:
+https://www.hesk.com/buy.php
+*******************************************************************************/
+$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
+CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
+SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
+SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
+SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
+iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
+CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
+yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
+HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
+FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8cCBzd
+HlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxzcGFuIGNsYXNzPSJzbWFsbGVyIj4mbmJzcDs8YnIgLz5Qb
+3dlcmVkIGJ5IDxhIGhyZWY9Imh0dHA6Ly93d3cuaGVzay5jb20iIGNsYXNzPSJzbWFsbGVyIiB0aXRsZ
+T0iRnJlZSBQSFAgSGVscCBEZXNrIFNvZnR3YXJlIj5IZWxwIERlc2sgU29mdHdhcmU8L2E+IDxiPkhFU
+0s8L2I+LCBicm91Z2h0IHRvIHlvdSBieSA8YSBocmVmPSJodHRwczovL3d3dy5zeXNhaWQuY29tLz91d
+G1fc291cmNlPUhlc2smYW1wO3V0bV9tZWRpdW09Y3BjJmFtcDt1dG1fY2FtcGFpZ249SGVza1Byb2R1Y
+3RfVG9fSFAiPlN5c0FpZDwvYT48L3NwYW4+PC9wPic7DQp9DQplY2hvICc8L3RkPjwvdHI+PC90YWJsZ
+T48L2Rpdj4nOw0KaW5jbHVkZShIRVNLX1BBVEggLiAnZm9vdGVyLnR4dCcpOw0KZWNobyAnPC9ib2R5P
+jwvaHRtbD4nOw==',"\112");
+
+if (defined('ADMIN_PAGE')) {
+	echo '</footer>';
+}
+
+exit();
--- a/inc/header.inc.php
+++ b/inc/header.inc.php
@ -40,6 +40,7 @@ if (!function_exists('mfh_getSettings')) {

 $modsForHesk_settings = array();
 if (is_dir(HESK_PATH . 'install')) {
+    define('MAINTENANCE_MODE', true);
    $modsForHesk_settings['navbar_title_url'] = 'javascript:;';
    $modsForHesk_settings['rtl'] = 0;
    $modsForHesk_settings['use_bootstrap_theme'] = 1;
@ -55,14 +56,14 @@ if (is_dir(HESK_PATH . 'install')) {
    $modsForHesk_settings['dropdownItemTextHoverColor'] = '#262626';
    $modsForHesk_settings['dropdownItemTextHoverBackgroundColor'] = '#f5f5f5';
    $modsForHesk_settings['questionMarkColor'] = '#000000';
+    $modsForHesk_settings['enable_calendar'] = 1;
 } else {
    $modsForHesk_settings = mfh_getSettings();
 }

 ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
    <title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
    <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
@ -283,34 +284,37 @@ if ($modsForHesk_settings['show_icons']) {
        <div class="navbar-collapse collapse">
            <ul class="nav navbar-nav">
                <?php
-                $active = '';
-                if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_HOME') {
-                    $active = 'class="active"';
-                }
+                if ($hesk_settings['kb_enable'] !== 2 && !defined('MAINTENANCE_MODE')) {
+                    $active = '';
+                    if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_HOME') {
+                        $active = 'class="active"';
+                    }
                ?>
-                <li <?php echo $active; ?>><a href="<?php echo HESK_PATH; ?>"><i
-                            class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?>
-                    </a></li>
+                    <li <?php echo $active; ?>><a href="<?php echo HESK_PATH; ?>"><i
+                                class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?>
+                        </a></li>
+                    <?php
+                    $active = '';
+                    if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
+                        $active = ' active';
+                    }
+                    ?>
+                    <li class="dropdown<?php echo $active; ?>">
+                        <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i
+                                class="fa fa-ticket" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['ticket'] ?>
+                            <b class="caret"></b></a>
+                        <ul class="dropdown-menu">
+                            <li><a href="<?php echo HESK_PATH; ?>index.php?a=add"><i
+                                        class="fa fa-plus-circle" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['sub_support'] ?>
+                                </a></li>
+                            <li><a href="<?php echo HESK_PATH; ?>ticket.php"><i
+                                        class="fa fa-search" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['view_ticket_nav'] ?>
+                                </a></li>
+                        </ul>
+                    </li>
                <?php
-                $active = '';
-                if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
-                    $active = ' active';
                }
-                ?>
-                <li class="dropdown<?php echo $active; ?>">
-                    <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i
-                            class="fa fa-ticket" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['ticket'] ?>
-                        <b class="caret"></b></a>
-                    <ul class="dropdown-menu">
-                        <li><a href="<?php echo HESK_PATH; ?>index.php?a=add"><i
-                                    class="fa fa-plus-circle" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['sub_support'] ?>
-                            </a></li>
-                        <li><a href="<?php echo HESK_PATH; ?>ticket.php"><i
-                                    class="fa fa-search" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['view_ticket_nav'] ?>
-                            </a></li>
-                    </ul>
-                </li>
-                <?php if ($hesk_settings['kb_enable']) {
+                if ($hesk_settings['kb_enable'] && !defined('MAINTENANCE_MODE')) {
                    $active = '';
                    if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_KB') {
                        $active = 'class="active"';
@ -323,7 +327,7 @@ if ($modsForHesk_settings['show_icons']) {
                if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_CALENDAR') {
                    $active = ' active';
                }
-                if ($modsForHesk_settings['enable_calendar'] == 1):
+                if ($modsForHesk_settings['enable_calendar'] == 1 && !defined('MAINTENANCE_MODE')):
                ?>
                <li class="<?php echo $active; ?>">
                    <a href="<?php echo HESK_PATH; ?>calendar.php"><i class="fa fa-calendar" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['calendar_title_case']; ?></a>
@ -333,7 +337,15 @@ if ($modsForHesk_settings['show_icons']) {
            </ul>
            <?php if ($hesk_settings['can_sel_lang']) { ?>
                <div class="navbar-form navbar-right" role="search" style="margin-right: 20px; min-width: 80px;">
-                    <?php echo hesk_getLanguagesAsFormIfNecessary(); ?>
+                    <?php
+                    if (!defined('MAINTENANCE_MODE')) {
+                        if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
+                            hesk_getLanguagesAsFormIfNecessary($trackingID);
+                        } else {
+                            hesk_getLanguagesAsFormIfNecessary();
+                        }
+                    }
+                    ?>
                </div>
            <?php } ?>

--- a/inc/headerAdmin.inc.php
+++ b/inc/headerAdmin.inc.php
@ -35,6 +35,8 @@ if (!defined('IN_SCRIPT')) {
    die('Invalid attempt');
 }

+define('ADMIN_PAGE', true);
+
 $modsForHesk_settings = mfh_getSettings();
 ?>
 <!DOCTYPE html>
@ -87,51 +89,6 @@ $modsForHesk_settings = mfh_getSettings();
    }
    ?>
    <style>
-        .navbar-default {
-            background-color: <?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>;
-            background-image: none;
-            filter: none;
-        }
-
-        .navbar-default .navbar-brand {
-            color: <?php echo $modsForHesk_settings['navbarBrandColor']; ?>;
-        }
-
-        .navbar-default .navbar-brand:focus, .navbar-default .navbar-brand:hover {
-            color: <?php echo $modsForHesk_settings['navbarBrandHoverColor']; ?>;
-            background-color: transparent;
-        }
-
-        .navbar-default .navbar-nav > li > a {
-            color: <?php echo $modsForHesk_settings['navbarItemTextColor']; ?>;
-        }
-
-        .navbar-default .navbar-nav > li > a:focus, .navbar-default .navbar-nav > li > a:hover {
-            color: <?php echo $modsForHesk_settings['navbarItemTextHoverColor']; ?>;
-            background-color: transparent;
-        }
-
-        .dropdown-menu > li > a {
-            color: <?php echo $modsForHesk_settings['dropdownItemTextColor']; ?>;
-        }
-
-        .dropdown-menu > li > a:focus, .dropdown-menu > li > a:hover {
-            color: <?php echo $modsForHesk_settings['dropdownItemTextHoverColor']; ?>;
-            text-decoration: none;
-            background-color: <?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>;
-        }
-
-        .navbar-default .navbar-nav > .open > a,
-        .navbar-default .navbar-nav > .open > a:focus,
-        .navbar-default .navbar-nav > .open > a:hover,
-        .navbar-default .navbar-nav > .active > a,
-        .navbar-default .navbar-nav > .active > a:focus,
-        .navbar-default .navbar-nav > .active > a:hover {
-            color: <?php echo $modsForHesk_settings['navbarItemTextSelectedColor']; ?>;
-            background-color: <?php echo $modsForHesk_settings['navbarItemSelectedBackgroundColor']; ?>;
-            background-image: none;
-        }
-
        .settingsquestionmark {
            color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>;
            cursor: pointer;
@ -210,6 +167,50 @@ $modsForHesk_settings = mfh_getSettings();
        }
    }

+    // Auto reload
+    if (defined('AUTO_RELOAD') && hesk_checkPermission('can_view_tickets',0) && ! isset($_SESSION['hide']['ticket_list'])) {
+        ?>
+        <script type="text/javascript">
+            var count = <?php echo empty($_SESSION['autoreload']) ? 30 : intval($_SESSION['autoreload']); ?>;
+            var reloadcounter;
+            var countstart = count;
+
+            function heskReloadTimer() {
+                count = count-1;
+                if (count <= 0) {
+                    clearInterval(reloadcounter);
+                    window.location.reload();
+                    return;
+                }
+
+                document.getElementById("timer").innerHTML = "(" + count + ")";
+            }
+
+            function heskCheckReloading() {
+                if (<?php if ($_SESSION['autoreload']) echo "getCookie('autorefresh') == null || "; ?>getCookie('autorefresh') == '1') {
+                    document.getElementById("reloadCB").checked=true;
+                    document.getElementById("timer").innerHTML = "(" + count + ")";
+                    reloadcounter = setInterval(heskReloadTimer, 1000);
+                }
+            }
+
+            function toggleAutoRefresh(cb) {
+                if (cb.checked) {
+                    setCookie('autorefresh', '1');
+                    document.getElementById("timer").innerHTML = "(" + count + ")";
+                    reloadcounter = setInterval(heskReloadTimer, 1000);
+                } else {
+                    setCookie('autorefresh', '0');
+                    count = countstart;
+                    clearInterval(reloadcounter);
+                    document.getElementById("timer").innerHTML = "";
+                }
+            }
+
+        </script>
+        <?php
+    }
+
    if (defined('MFH_CALENDAR')) { ?>
        <script src="<?php echo HESK_PATH; ?>js/calendar/moment.js"></script>
        <script src="<?php echo HESK_PATH; ?>js/calendar/fullcalendar.min.js"></script>
@ -224,7 +225,7 @@ $modsForHesk_settings = mfh_getSettings();

 </head>
 <body onload="<?php echo $onload;
-unset($onload); ?>" class="hold-transition skin-blue sidebar-mini">
+unset($onload); ?>" class="hold-transition <?php echo $modsForHesk_settings['admin_color_scheme']; ?> sidebar-mini">

 <?php
 include(HESK_PATH . 'header.txt');
--- a/inc/pipe_functions.inc.php
+++ b/inc/pipe_functions.inc.php
@ -227,7 +227,7 @@ function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority
        $ticket['status'] = $ticket['status'] ? $waiting_reply_rs['id'] : $new_status['id'];

        // Update ticket as necessary
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "'");

        // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
@ -475,7 +475,7 @@ function hesk_isEmailLoop($email, $message_hash)
        }

        // Update DB entry
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}'");
    } else {
        // First instance, insert a new database row
        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')");
--- a/inc/posting_functions.inc.php
+++ b/inc/posting_functions.inc.php
@ -39,6 +39,12 @@ function hesk_newTicket($ticket, $isVerified = true)
 {
    global $hesk_settings, $hesklang, $hesk_db_link;

+    // Generate a subject if necessary
+    if (strlen($ticket['subject']) < 1)
+    {
+        $ticket['subject'] = sprintf($hesklang['default_subject'], $ticket['name']);
+    }
+
    // If language is not set or default, set it to NULL.
    if (!isset($ticket['language']) || empty($ticket['language'])) {
        $language = (!$hesk_settings['can_sel_lang']) ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']);
@ -59,6 +65,16 @@ function hesk_newTicket($ticket, $isVerified = true)
        $due_date = "'" . hesk_dbEscape($ticket['due_date']) . "'";
    }

+    // Prepare SQL for custom fields
+    $custom_where = '';
+    $custom_what  = '';
+
+    for ($i=1; $i<=50; $i++)
+    {
+        $custom_where .= ", `custom{$i}`";
+        $custom_what  .= ", '" . (isset($ticket['custom'.$i]) ? hesk_dbEscape($ticket['custom'.$i]) : '') . "'";
+    }
+
    // Insert ticket into database
    hesk_dbQuery("
 	INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`
@ -79,27 +95,6 @@ function hesk_newTicket($ticket, $isVerified = true)
 		`owner`,
 		`attachments`,
 		`merged`,
-		`history`,
-		`custom1`,
-		`custom2`,
-		`custom3`,
-		`custom4`,
-		`custom5`,
-		`custom6`,
-		`custom7`,
-		`custom8`,
-		`custom9`,
-		`custom10`,
-		`custom11`,
-		`custom12`,
-		`custom13`,
-		`custom14`,
-		`custom15`,
-		`custom16`,
-		`custom17`,
-		`custom18`,
-		`custom19`,
-		`custom20`,
 		`status`,
 		`latitude`,
 		`longitude`,
@ -107,7 +102,9 @@ function hesk_newTicket($ticket, $isVerified = true)
 		`user_agent`,
 		`screen_resolution_height`,
 		`screen_resolution_width`,
-		`due_date`
+		`due_date`,
+		`history`
+		{$custom_where}
 	)
 	VALUES
 	(
@ -127,27 +124,6 @@ function hesk_newTicket($ticket, $isVerified = true)
 		'" . intval($ticket['owner']) . "',
 		'" . hesk_dbEscape($ticket['attachments']) . "',
 		'',
-		'" . hesk_dbEscape($ticket['history']) . "',
-		'" . hesk_dbEscape($ticket['custom1']) . "',
-		'" . hesk_dbEscape($ticket['custom2']) . "',
-		'" . hesk_dbEscape($ticket['custom3']) . "',
-		'" . hesk_dbEscape($ticket['custom4']) . "',
-		'" . hesk_dbEscape($ticket['custom5']) . "',
-		'" . hesk_dbEscape($ticket['custom6']) . "',
-		'" . hesk_dbEscape($ticket['custom7']) . "',
-		'" . hesk_dbEscape($ticket['custom8']) . "',
-		'" . hesk_dbEscape($ticket['custom9']) . "',
-		'" . hesk_dbEscape($ticket['custom10']) . "',
-		'" . hesk_dbEscape($ticket['custom11']) . "',
-		'" . hesk_dbEscape($ticket['custom12']) . "',
-		'" . hesk_dbEscape($ticket['custom13']) . "',
-		'" . hesk_dbEscape($ticket['custom14']) . "',
-		'" . hesk_dbEscape($ticket['custom15']) . "',
-		'" . hesk_dbEscape($ticket['custom16']) . "',
-		'" . hesk_dbEscape($ticket['custom17']) . "',
-		'" . hesk_dbEscape($ticket['custom18']) . "',
-		'" . hesk_dbEscape($ticket['custom19']) . "',
-		'" . hesk_dbEscape($ticket['custom20']) . "',
 		'" . intval($ticket['status']) . "',
 		'" . hesk_dbEscape($ticket['latitude']) . "',
 		'" . hesk_dbEscape($ticket['longitude']) . "',
@ -155,7 +131,9 @@ function hesk_newTicket($ticket, $isVerified = true)
 		'" . hesk_dbEscape($ticket['user_agent']) . "',
 		" . hesk_dbEscape($ticket['screen_resolution_height']) . ",
 		" . hesk_dbEscape($ticket['screen_resolution_width']) . ",
-		{$due_date}
+		{$due_date},
+		'" . hesk_dbEscape($ticket['history']) . "'
+		{$custom_what}
 	)
 	");

--- a/inc/print_tickets.inc.php
+++ b/inc/print_tickets.inc.php
@ -33,6 +33,9 @@ if (!defined('IN_SCRIPT')) {
    die('Invalid attempt');
 }

+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // This SQL code will be used to retrieve results
 $sql_final = "SELECT
 `id`,
--- a/inc/profile_functions.inc.php
+++ b/inc/profile_functions.inc.php
@ -98,6 +98,7 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti

                        <div class="col-md-9">
                            <input type="text" class="form-control" name="user" size="40" maxlength="20"
+                                   autocomplete="off"
                                   value="<?php echo $_SESSION[$session_array]['user']; ?>"
                                   placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>"
                                   data-error="<?php echo htmlspecialchars($hesklang['enter_username']); ?>"
@ -297,7 +298,32 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
                                </div>
                                <?php
                            }
+
+                            if (empty($_SESSION[$session_array]['autoreload'])) {
+                                $reload_time = 30;
+                                $sec = 'selected';
+                                $min = '';
+                            } else {
+                                $reload_time = intval($_SESSION[$session_array]['autoreload']);
+
+                                if ($reload_time >= 60 && $reload_time % 60 == 0) {
+                                    $reload_time = $reload_time / 60;
+                                    $sec = '';
+                                    $min = 'selected';
+                                } else {
+                                    $sec = 'selected';
+                                    $min = '';
+                                }
+                            }
                            ?>
+                            <div class="checkbox form-inline">
+                                <label><input type="checkbox" name="autoreload" value="1" <?php if (!empty($_SESSION[$session_array]['autoreload'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['arpp']; ?></label>
+                                <input type="text" class="form-control" name="reload_time" value="<?php echo $reload_time; ?>" size="5" maxlength="5" onkeyup="this.value=this.value.replace(/[^\d]+/,'')" />
+                                <select name="secmin" class="form-control">
+                                    <option value="sec" <?php echo $sec; ?>><?php echo $hesklang['seconds']; ?></option>
+                                    <option value="min" <?php echo $min; ?>><?php echo $hesklang['minutes']; ?></option>
+                                </select>
+                            </div>
                            <div class="checkbox">
                                <label><input type="checkbox" name="notify_customer_new"
                                              value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) {
@ -337,17 +363,6 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
                        </select>
                    </div>
                </div>
-                <div class="form-group">
-                    <label for="autoRefresh"
-                           class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
-
-                    <div class="col-sm-9">
-                        <input type="text" class="form-control" id="autorefresh" name="autorefresh"
-                               placeholder="<?php echo htmlspecialchars($hesklang['ticket_auto_refresh']); ?>"
-                               value="<?php echo $_SESSION[$session_array]['autorefresh']; ?>">
-                        <span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
-                    </div>
-                </div>
            </div>
            <div role="tabpanel" class="tab-pane fade" id="notifications">
                <?php $disabledText =
--- a/inc/show_admin_nav.inc.php
+++ b/inc/show_admin_nav.inc.php
@ -68,7 +68,11 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                        <li class="dropdown messages-menu">
                            <a href="#" class="dropdown-toggle" data-toggle="dropdown">
                                <i class="fa fa-exclamation-triangle"></i>
-                                <span class="label label-warning"><?php echo $number_of_maintenance_warnings; ?></span>
+                                <?php echo sprintf($hesklang['x_system_warnings'],
+                                    $number_of_maintenance_warnings,
+                                    $number_of_maintenance_warnings == 1
+                                        ? $hesklang['warning_title_case']
+                                        : $hesklang['warnings_title_case']); ?>
                            </a>
                            <ul class="dropdown-menu">
                                <li class="header"><?php echo sprintf($hesklang['x_system_warnings'],
@ -81,6 +85,9 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                                        <?php if (hesk_check_maintenance(false)): ?>
                                            <li>
                                                <a href="#">
+                                                    <div class="pull-left">
+                                                        <i class="fa fa-exclamation-triangle orange fa-2x"></i>
+                                                    </div>
                                                    <h4>
                                                        <?php echo $hesklang['mma1']; ?>
                                                    </h4>
@ -93,6 +100,9 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                                        ?>
                                            <li>
                                                <a href="#">
+                                                    <div class="pull-left">
+                                                        <i class="fa fa-exclamation-triangle orange fa-2x"></i>
+                                                    </div>
                                                    <h4>
                                                        <?php echo $hesklang['kbo1']; ?>
                                                    </h4>
@ -125,10 +135,6 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                                    <?php foreach ($mails as $mail): ?>
                                    <li><!-- start message -->
                                        <a href="mail.php?a=read&id=<?php echo $mail['id']; ?>">
-                                            <!-- TODO User avatars -->
-                                            <!--<div class="pull-left">
-                                                <img src="dist/img/user2-160x160.jpg" class="img-circle" alt="User Image">
-                                            </div>-->
                                            <h4>
                                                <?php echo $mail['from']; ?>
                                                <small><i class="fa fa-clock-o"></i> <?php echo hesk_dateToString($mail['date'], 0, 0, 0, true); ?></small>
@ -382,6 +388,10 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                    $tools_count++;
                    $dropdown_items['manage_statuses'] = $hesklang['manage_statuses'];
                }
+                if (hesk_checkPermission('can_man_settings', 0)) {
+                    $tools_count++;
+                    $dropdown_items['custom_fields'] = $hesklang['manage_custom_fields'];
+                }
                if (hesk_checkPermission('can_view_logs', 0)) {
                    $tools_count++;
                    $dropdown_items['view_message_log'] = $hesklang['view_message_log'];
--- a/inc/show_search_form.inc.php
+++ b/inc/show_search_form.inc.php
@ -411,10 +411,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                                    <div class="form-group">
                                        <input class="form-control" type="text" name="q" size="30" <?php if (isset($q)) {
                                            echo 'value="' . $q . '"';
-                                        } ?>
-                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
-                                           required>
-                                        <div class="help-block with-errors"></div>
+                                        } ?>>
                                    </div>
                                </td>
                                <td class="text-left" style="border: none">
@ -515,7 +512,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                                <tr>
                                    <td class="alignMiddle"><b><?php echo $hesklang['date']; ?></b>: &nbsp; </td>
                                    <td class="alignMiddle">
-                                        <div class="col-md-3" style="padding-left: 0px"><input class="form-control tcal"
+                                        <div class="col-md-3" style="padding-left: 0px"><input class="form-control datepicker"
                                                                                               type="text" name="dt"
                                                                                               id="dt"
                                                                                               size="10" <?php if ($date_input) {
--- a/inc/ticket_list.inc.php
+++ b/inc/ticket_list.inc.php
@ -27,7 +27,6 @@
 *  a license please visit the page below:
 *  https://www.hesk.com/buy.php
 *******************************************************************************/
-define('MINIMUM_REFRESH_THRESHOLD_IN_SECONDS', 1);
 /* Check if this is a valid include */
 if (!defined('IN_SCRIPT')) {
    die('Invalid attempt');
@ -106,15 +105,7 @@ if ($total > 0) {
    $next_page = ($page + 1 > $pages) ? 0 : $page + 1;
    $autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;
    $autorefresh = '';
-    if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
-        $autorefresh = ' | ' . $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
-        ?>
-        <script>
-            (function () {
-                setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
-            })();
-        </script>
-    <?php }
+
    echo sprintf($hesklang['tickets_on_pages'], $total, $pages) . $autorefresh . ' <br />';

    if ($pages > 1) {
@ -403,14 +394,11 @@ if ($total > 0) {
            // Print custom fields
            foreach ($hesk_settings['custom_fields'] as $key => $value) {
                if ($value['use'] && hesk_show_column($key)) {
-                    echo '<td class="' . $color . '">';
-                    if ($value['type'] == 'date' && !empty($ticket[$key])) {
-                        $dt = date('Y-m-d h:i:s', $ticket[$key]);
-                        echo hesk_dateToString($dt, 0);
-                    } else {
-                        echo $ticket[$key];
-                    }
-                    echo '</td>';
+                    echo '<td class="'.$color.'">'.
+                        ($value['type'] == 'date'
+                            ? hesk_custom_date_display_format($ticket[$key], $value['value']['date_format'])
+                            : $ticket[$key]).
+                        '</td>';
                }
            }

@ -439,8 +427,13 @@ if ($total > 0) {
                        <option value="high"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['high']; ?></option>
                        <option
                            value="critical"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['critical']; ?></option>
-                        <option value="close"><?php echo $hesklang['close_selected']; ?></option>
                        <?php
+                        if (hesk_checkPermission('can_resolve', 0)) {
+                            ?>
+                            <option value="close"><?php echo $hesklang['close_selected']; ?></option>
+                            <?php
+                        }
+
                        if (hesk_checkPermission('can_add_archive', 0)) {
                            ?>
                            <option value="tag"><?php echo $hesklang['add_archive_quick']; ?></option>
@ -478,17 +471,6 @@ else {
    echo '<div class="row"><div class="col-sm-12">';
    $autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;

-    if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
-        echo $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
-        ?>
-        <script>
-            (function () {
-                setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
-            })();
-        </script>
-        <?php
-    }
-
    if (isset($is_search) || $href == 'find_tickets.php') {
        hesk_show_notice($hesklang['no_tickets_crit']);
    } else {
--- a/index.php
+++ b/index.php
--- a/knowledgebase.php
+++ b/knowledgebase.php
@ -91,7 +91,7 @@ if (isset($_GET['rating'])) {
 					");
    }

-    setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000);
+    hesk_setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000);
    header('Location: knowledgebase.php?article=' . $artid . '&rated=1');
    exit();
 }
@ -263,7 +263,7 @@ if (!$show['show']) {

            // Update views by 1 - exclude known bots and reloads because of ratings
            if (!isset($_GET['rated']) && !hesk_detect_bots()) {
-                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
+                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
            }
            if (!isset($_GET['suggest'])) {
                $historyNumber = isset($_GET['rated']) ? '-2' : '-1';
--- a/language/en/text.php
+++ b/language/en/text.php
@ -66,6 +66,9 @@ $hesklang['generated_token_colon'] = 'Generated Token:';
 $hesklang['record_this_token_warning'] = 'Please record this token, as this is the only time you will be able to view it!';
 $hesklang['all_tokens_revoked'] = 'All tokens for this user have been revoked';
 $hesklang['staff_login_title'] = 'Staff Login';
+$hesklang['manage_custom_fields'] = 'Manage Custom Fields';
+$hesklang['value'] = 'Value';
+$hesklang['readonly'] = 'Readonly';

 // ADDED OR MODIFIED IN Mods for HESK 2.6.0
 $hesklang['search_logs'] = 'Search Logs';
@ -1397,7 +1400,6 @@ $hesklang['import']='You are importing a <i>private ticket</i> into a <i>public
 $hesklang['tab_1']='General';
 $hesklang['tab_2']='Help Desk';
 $hesklang['tab_3']='Knowledgebase';
-$hesklang['tab_4']='Custom Fields';
 $hesklang['tab_5']='Misc';
 $hesklang['disable']='Disable';
 $hesklang['dat']='Date &amp; Time';
@ -1763,7 +1765,6 @@ $hesklang['mm3']='We apologize for the inconvenience and ask that you please try
 $hesklang['mma1']='Maintenance mode is active!';
 $hesklang['mma2']='Customers are not able to use the help desk.';
 $hesklang['tools']='Tools';
-$hesklang['banemail']='Banned Emails';
 $hesklang['banemail_intro']='Prevent certain email addresses from submitting tickets to your help desk.';
 $hesklang['no_banemails']='<i>No emails are being banned.</i>';
 $hesklang['eperm']='Permanent email bans:';
@ -1783,7 +1784,6 @@ $hesklang['can_ban_emails']='Can ban emails';
 $hesklang['can_unban_emails']='Can unban emails (enables Can ban emails)';
 $hesklang['eisban']='This email address is banned.';
 $hesklang['click_unban']='Click here to unban.';
-$hesklang['banip']='Banned IPs';
 $hesklang['banip_intro']='Visitors from banned IP addresses will not be able to view or submit tickets and login into the help desk.';
 $hesklang['ipperm']='Permanent IP bans:';
 $hesklang['iptemp']='Login failure bans:';
@ -1889,5 +1889,180 @@ $hesklang['rcpv']='Secret key (Private key)';
 // If your language is NOT in the supported langauges, leave 'en'
 $hesklang['RECAPTCHA']='en';

+// Added or modified in version 2.7.0
+$hesklang['imap']='IMAP Fetching';
+$hesklang['imaph']='IMAP Host';
+$hesklang['imapp']='IMAP Port';
+$hesklang['enc']='Encryption';
+$hesklang['ssl']='SSL';
+$hesklang['tls']='TLS';
+$hesklang['none']='None';
+$hesklang['imapu']='IMAP Username';
+$hesklang['imapw']='IMAP Password';
+$hesklang['imaptest']='Test IMAP connection';
+$hesklang['ifd']='[HESK] IMAP FETCHING IS DISABLED IN SETTINGS';
+$hesklang['iei']='[HESK] PHP IMAP extension is not installed.';
+$hesklang['ifr']='Another IMAP fetching task is still in progress.';
+$hesklang['arp']='Auto reload page';
+$hesklang['arpp']='Automatically reload page with ticket list every:';
+$hesklang['seconds']='seconds'; // Reload page every X 'seconds'
+$hesklang['minutes']='minutes'; // Reload page every X 'minutes'
+$hesklang['atbr']='This ticket needs to be assigned before it can be replied to.';
+$hesklang['attm']='Assign this ticket to me';
+$hesklang['owneed']='Owner needed';
+$hesklang['taat']='This ticket is already assigned to <b>%s</b>.';
+$hesklang['scoy']='Are you sure you want to assign it to yourself?';
+$hesklang['scot']='Are you sure you want to assign it to %s?';
+$hesklang['ycto']='YES, change the owner';
+$hesklang['ncto']='NO, keep current owner';
+$hesklang['fass']='Require owner';
+$hesklang['req_sub']='Require subject';
+$hesklang['req_msg']='Require message';
+$hesklang['req_email']='Require email';
+$hesklang['default_subject']='Ticket from %s'; // Default ticket subject, %s will be replaced with name
+$hesklang['off-hide']='Hide in customer form';
+$hesklang['ons']='ON - Everyone'; // For admin settings page
+$hesklang['not_valid_email']='Enter a valid email address or leave this field empty';
+$hesklang['write_down']='<span style="color:red">We recommend that you write down your Ticket ID for future reference.</span>';
+$hesklang['re_confirm1']='Disabling this will also disable "Require email to view tickets" under "Security". Proceed?';
+$hesklang['re_confirm2']='Enabling this will also enable "Require email" under "Features". Proceed?';
+$hesklang['can_email_tpl']='Edit email templates'; // Staff permission
+$hesklang['et_title']='Email templates';
+$hesklang['et_intro']='Modify emails that are sent to your staff and customers';
+$hesklang['file']='File';
+$hesklang['efile']='Editing file';
+$hesklang['rdesc']='(Recipient) Description';
+$hesklang['desc_forgot_ticket_id']       = '(Customer) Forgot ticket tracking ID';
+$hesklang['desc_new_reply_by_staff']     = '(Customer) New staff reply';
+$hesklang['desc_new_ticket']             = '(Customer) Ticket received';
+$hesklang['desc_ticket_closed']          = '(Customer) Ticket closed/resolved';
+$hesklang['desc_category_moved']         = '(Staff) Ticket moved to a new category';
+$hesklang['desc_new_reply_by_customer']  = '(Staff) New customer reply';
+$hesklang['desc_new_ticket_staff']       = '(Staff) New ticket submitted';
+$hesklang['desc_ticket_assigned_to_you'] = '(Staff) A ticket was assigned to you';
+$hesklang['desc_new_pm']                 = '(Staff) New private message';
+$hesklang['desc_new_note']               = '(Staff) New note on a ticket assigned to you';
+$hesklang['desc_reset_password']         = '(Staff) Reset your password';
+$hesklang['etfm']='One or more email templates are missing.<br /><br />Make sure you upload all email template files inside your <i>/language/%s/emails</i> folder.';
+$hesklang['etfw']='Some email templates are not writable.<br /><br />
+                    Make sure PHP has permission to write to all files inside your <i>/language/%s/emails</i> folder.<br /><br />
+                    On Unix servers you might need to CHMOD email templates to 666 (rw-rw-rw-)';
+$hesklang['et_e_id']='Missing template ID';
+$hesklang['et_fm']='This email template file is missing';
+$hesklang['et_fw']='This email template file is not writable';
+$hesklang['et_save']='Save email template';
+$hesklang['updated_on']='Updated on';
+$hesklang['ticket_url']='Ticket URL';
+$hesklang['pm_url']='Private message URL';
+$hesklang['et_num']='Number of tickets';
+$hesklang['et_list']='List of support tickets';
+$hesklang['et_empty']='Email template cannot be empty';
+$hesklang['et_saved']='Email template saved';
+$hesklang['source']='Source';
+$hesklang['select_category']='Select a category';
+$hesklang['select_category_text']='What can we help you with?';
+$hesklang['select_category_staff']='Select ticket category';
+$hesklang['scat']='Category select limit';
+$hesklang['scat2']='(a select box will show if category count is higher)';
+$hesklang['new_cf']='New custom field';
+$hesklang['cf_intro']='Use this feature to add custom fields to the Submit a ticket form so you can collect additional data from customers.';
+$hesklang['cf_public']='Public';
+$hesklang['cf_private']='Staff only';
+$hesklang['cf_cust']='For customers';
+$hesklang['cf_all']='All';
+$hesklang['cf_cat']='Selected';
+$hesklang['cf_ctrl']='Tip: hold down CTRL key to select multiple categories';
+$hesklang['visibility']='Visibility';
+$hesklang['cf_save']='Save custom field';
+$hesklang['ex_cf']='Active custom fields';
+$hesklang['no_cf']='No active custom fields';
+$hesklang['del_cf']='Delete this custom field? This will also delete any saved custom field data from the database!';
+$hesklang['cf_e_id']='Invalid ID';
+$hesklang['edit_cf']='Edit custom field';
+$hesklang['cf_deleted']='Custom field deleted';
+$hesklang['cf_not_found']='This custom field does not exist';
+$hesklang['err_custname']='Enter custom field name';
+$hesklang['cf_added']='A new custom field has been added';
+$hesklang['cf_nocat']='Select at least one category for this custom field';
+$hesklang['cf_mdf']='Custom field has been saved';
+$hesklang['opt4']='Options for this checkbox, enter one option per line. Each line will be a choice your customers can choose from, multiple choices are possible.';
+$hesklang['atl1']='Enter at least one option.';
+$hesklang['sch']='Hidden';
+$hesklang['meml3']='Allow multiple emails to be entered';
+$hesklang['dmin']='Minimum accepted date';
+$hesklang['dmax']='Maximum accepted date';
+$hesklang['d_day']='day(s)';
+$hesklang['d_week']='week(s)';
+$hesklang['d_month']='month(s)';
+$hesklang['d_year']='year(s)';
+$hesklang['d_any']='Any date';
+$hesklang['d_fixed']='Fixed date';
+$hesklang['d_relative']='Relative date';
+$hesklang['d_mm']='Minimum date may not be higher than maximum date';
+$hesklang['d_emin']='Minimum date for <i>%s</i> is %s'; // Minimum date for FIELD_NAME is DATE
+$hesklang['d_emax']='Maximum date for <i>%s</i> is %s'; // Maximum date for FIELD_NAME is DATE
+$hesklang['d_format']='Date display format';
+$hesklang['d_custom']='Custom format';
+$hesklang['d_ci']='ADVANCED USERS ONLY: a valid PHP date format, see PHP manual.';
+$hesklang['cf_noe']='Enter a valid email address into <i>%s</i>';
+$hesklang['cf_noem']='Enter one or more valid email addresses into <i>%s</i>';
+$hesklang['cf_limit']='You have 50 active custom fields, no new can be created.';
+$hesklang['can_resolve']='Can resolve tickets';
+$hesklang['can_change_cat']='Change ticket category (to any)';
+$hesklang['can_change_own_cat']='Change ticket category (to allowed)';
+$hesklang['can_submit_any_cat']='Can submit tickets to any category';
+$hesklang['noauth_submit']='You are not authorized to submit tickets to this category!';
+$hesklang['noauth_move']='You are not authorized to move tickets to this category!';
+$hesklang['noauth_resolve']='You are not authorized to resolve tickets!';
+$hesklang['force_ssl']='Force SSL connections';
+$hesklang['d_ssl']='<i>disabled</i> - open this page with https:// to manage this option';
+$hesklang['enn']='Except for tickets from emails if email subject contains:';
+$hesklang['scno']='This status cannot be changed';
+$hesklang['statuses']='Statuses';
+$hesklang['statuses_intro']='Use this tool to add custom ticket statuses to your help desk';
+$hesklang['color']='Color';
+$hesklang['csscl']='CSS class or color';
+$hesklang['clr_view']='Color preview on text';
+$hesklang['cbc']='Changeable by customers';
+$hesklang['ccc']='Can customers change this status?';
+$hesklang['del_status']='Delete this status?';
+$hesklang['ex_status']='Existing statuses';
+$hesklang['status_hesk']='Built-in Statuses (cannot be modified here)';
+$hesklang['status_custom']='Custom Statuses';
+$hesklang['status_custom_none']='No custom statuses. You can add them using the form above.';
+$hesklang['status_save']='Save status';
+$hesklang['list_tkt_status']='List all tickets with this status';
+$hesklang['new_status']='New custom status';
+$hesklang['edit_status']='Edit custom status';
+$hesklang['err_status']='Enter the status name';
+$hesklang['status_added']='A new custom status has been added';
+$hesklang['status_e_id']='Invalid ID';
+$hesklang['status_mdf']='Custom status has been saved';
+$hesklang['status_deleted']='Custom status deleted';
+$hesklang['status_not_found']='This custom status does not exist';
+$hesklang['status_not_empty']='This status cannot be removed because tickets with this status exist';
+$hesklang['status_limit']='You have 100 custom statuses, no new can be created.';
+$hesklang['public_link']='Public link'; // Link to the public KB article in the private KB pages
+$hesklang['frames']='Frames';
+$hesklang['frames2']='Prevent loading HESK in frames on third party domains';
+$hesklang['numsub']='Submitted tickets'; // Will show how many tickets this user submitted
+$hesklang['hidf']='Hidden inputs are not visible to customers on the Submit a ticket form (the value will still be visible on ticket details page if they are set as public). They behave as normal text fields for staff members.';
+$hesklang['rcheck']='Do not select a default option';
+$hesklang['refresh_page']='Refresh this page';
+$hesklang['banemail']='Ban emails';
+$hesklang['banip']='Ban IPs';
+$hesklang['tab_4']='Custom fields';
+$hesklang['del_kba']='Delete this article';
+$hesklang['del_kbaa']='Permanently delete this article';
+$hesklang['hni1']='HESK not installed yet?';
+$hesklang['hni2']='It appears that this help desk has not been properly installed and configured yet.';
+$hesklang['hni3']='To install HESK, follow <a href="docs/">Instructions in the documentation</a>';
+$hesklang['cf']='Cache folder';
+$hesklang['e_cdir']='Hesk will not be able to parse emails or cache results unless the cache folder exists and is writable.';
+$hesklang['step1']='Step 1';
+$hesklang['step2']='Step 2';
+$hesklang['dffs']='When download completes, delete the file from server';
+$hesklang['fd']='Export file deleted from server';
+
 // DO NOT CHANGE BELOW
 if (!defined('IN_SCRIPT')) die('PHP syntax OK!');
--- a/print.php
+++ b/print.php
@ -55,6 +55,9 @@ $trackingID = hesk_cleanID('p_track') or die("$hesklang[int_error]: $hesklang[no
 /* Connect to database */
 hesk_dbConnect();

+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // Perform additional checks for customers
 if (empty($_SESSION['id'])) {
    // Are we in maintenance mode?
@ -218,15 +221,17 @@ echo '</tr>';
 $num_cols = 0;
 echo '<tr>';
 foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use']) {
-        if ($modsForHesk_settings['custom_field_setting']) {
-            $v['name'] = $hesklang[$v['name']];
-        }
-
+    if (($v['use'] == 1 || (! empty($_SESSION['id']) && $v['use'] == 2)) && hesk_is_custom_field_in_category($k, $ticket['category'])) {
        if ($num_cols == 3) {
            echo '</tr><tr>';
            $num_cols = 0;
        }
+
+        switch ($v['type']) {
+            case 'date':
+                $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                break;
+        }
        ?>
        <td bgcolor="#EEE"><b><?php echo $v['name']; ?>:</b></td>
        <td bgcolor="#DDD"><?php echo hesk_unhortenUrl($ticket[$k]); ?></td>
@ -239,11 +244,14 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) {
 echo '</table><br>';

 // Print initial ticket message
-$newMessage = hesk_unhortenUrl($ticket['message']);
-if ($ticket['html']) {
-    $newMessage = hesk_html_entity_decode($newMessage);
+if ($ticket['message'] != '') {
+    $newMessage = hesk_unhortenUrl($ticket['message']);
+    if ($ticket['html']) {
+        $newMessage = hesk_html_entity_decode($newMessage);
+    }
+    echo '<p>' . $newMessage . '</p>';
 }
-echo '<p>' . $newMessage . '</p>';
+

 // Print replies
 while ($reply = hesk_dbFetchAssoc($res)) {
--- a/reply_ticket.php
+++ b/reply_ticket.php
@ -185,17 +185,19 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
 }

 // If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies.
-$customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
-$defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
-$newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
-$newStatus = hesk_dbFetchAssoc($newStatusRs);
-$defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
-$defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
-
-$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
+if (hesk_can_customer_change_status($ticket['status'])) {
+    $customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
+    $defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
+    $newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
+    $newStatus = hesk_dbFetchAssoc($newStatusRs);
+    $defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
+    $defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
+
+    $ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
+}

 /* Update ticket as necessary */
-$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
+$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}'");

 // Insert reply into database
 $modsForHesk_settings = mfh_getSettings();
--- a/submit_ticket.php
+++ b/submit_ticket.php
@ -150,24 +150,46 @@ if ($hesk_settings['secimg_use'] && !isset($_SESSION['img_verified'])) {
 }

 $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
-$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
+
+$email_available = true;
+
+if ($hesk_settings['require_email']) {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+} else {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+    // Not required, but must be valid if it is entered
+    if ($tmpvar['email'] == '') {
+        $email_available = false;
+
+        if (strlen(hesk_POST('email'))) {
+            $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+        }
+
+        // No need to confirm the email
+        $hesk_settings['confirm_email'] = 0;
+        $_POST['email2'] = '';
+        $_SESSION['c_email'] = '';
+        $_SESSION['c_email2'] = '';
+    }
+}

 if ($hesk_settings['confirm_email']) {
    $tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2'];

    // Anything entered as email confirmation?
-    if (strlen($tmpvar['email2'])) {
+    if ($tmpvar['email2'] != '') {
        // Do we have multiple emails?
        if ($hesk_settings['multi_eml']) {
            $tmpvar['email'] = str_replace(';', ',', $tmpvar['email']);
            $tmpvar['email2'] = str_replace(';', ',', $tmpvar['email2']);

            if (count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) {
-                $_SESSION['c_email2'] = $_POST['email2'];
+                $_SESSION['c_email2'] =  hesk_POST('email2');
            }
        } // Single email address match
        elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) {
-            $_SESSION['c_email2'] = $_POST['email2'];
+            $_SESSION['c_email2'] =  hesk_POST('email2');
        } else {
            // Invalid match
            $tmpvar['email2'] = '';
@ -177,7 +199,7 @@ if ($hesk_settings['confirm_email']) {
            $hesk_error_buffer['email2'] = $hesklang['confemaile'];
        }
    } else {
-        $_SESSION['c_email2'] = $_POST['email2'];
+        $_SESSION['c_email2'] =  hesk_POST('email2');
    }
 }

@ -207,8 +229,25 @@ else {
    }
 }

-$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
-$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];;
+if ($hesk_settings['require_subject'] == -1) {
+    $tmpvar['subject'] = '';
+} else {
+    $tmpvar['subject'] = hesk_input( hesk_POST('subject') );
+
+    if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
+        $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
+    }
+}
+
+if ($hesk_settings['require_message'] == -1) {
+    $tmpvar['message'] = '';
+} else {
+    $tmpvar['message'] = hesk_input( hesk_POST('message') );
+
+    if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+        $hesk_error_buffer['message'] = $hesklang['enter_message'];
+    }
+}

 // Is category a valid choice?
 if ($tmpvar['category']) {
@ -222,46 +261,72 @@ if ($tmpvar['category']) {

 // Custom fields
 $modsForHesk_settings = mfh_getSettings();
-foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use']) {
-        if ($modsForHesk_settings['custom_field_setting']) {
-            $v['name'] = $hesklang[$v['name']];
-        }
-
-        if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect') {
-            $tmpvar[$k] = '';
-
-            if (isset($_POST[$k])) {
-                if (is_array($_POST[$k])) {
-                    foreach ($_POST[$k] as $myCB) {
-                        $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';;
-                    }
-                    $tmpvar[$k] = substr($tmpvar[$k], 0, -6);
+foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+    if ($v['use']==1 && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
+        if ($v['type'] == 'checkbox') {
+            $tmpvar[$k]='';
+
+            if (isset($_POST[$k]) && is_array($_POST[$k])) {
+                foreach ($_POST[$k] as $myCB) {
+                    $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
                }
+
+                $tmpvar[$k]=substr($tmpvar[$k],0,-6);
            } else {
                if ($v['req']) {
-                    $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
                }
                $_POST[$k] = '';
            }

-            $_SESSION["c_$k"] = hesk_POST_array($k);
-        } elseif ($v['req']) {
-            $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
-            $_SESSION["c_$k"] = hesk_POST($k);
-            if (!strlen($tmpvar[$k])) {
-                $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
-            }
+            $_SESSION["c_$k"]=hesk_POST_array($k);
+        } elseif ($v['type'] == 'date') {
+            $tmpvar[$k] = hesk_POST($k);
+            $_SESSION["c_$k"] = '';
+
+            if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
+                $date = strtotime($tmpvar[$k] . ' t00:00:00');
+                $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
+                $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;

-            if ($v['type'] == 'date') {
-                $tmpvar[$k] = strtotime($_POST[$k]);
+                $_SESSION["c_$k"] = $tmpvar[$k];
+
+                if ($dmin && $dmin > $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+                } elseif ($dmax && $dmax < $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+                } else {
+                    $tmpvar[$k] = $date;
+                }
+            } else {
+                if ($v['req']) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
            }
-        } else {
-            if ($v['type'] == 'date' && $_POST[$k] != '') {
-                $tmpvar[$k] = strtotime($_POST[$k]);
+        } elseif ($v['type'] == 'email') {
+            $tmp = $hesk_settings['multi_eml'];
+            $hesk_settings['multi_eml'] = $v['value']['multiple'];
+            $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+            $hesk_settings['multi_eml'] = $tmp;
+
+            if ($tmpvar[$k] != '') {
+                $_SESSION["c_$k"] = hesk_input($tmpvar[$k]);
            } else {
-                $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
+                $_SESSION["c_$k"] = '';
+
+                if ($v['req']) {
+                    $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+                }
+            }
+        } elseif ($v['req']) {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            if ($tmpvar[$k] == '') {
+                $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
            }
+            $_SESSION["c_$k"]=hesk_POST($k);
+        } else {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            $_SESSION["c_$k"]=hesk_POST($k);
        }
    } else {
        $tmpvar[$k] = '';
@ -269,13 +334,13 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) {
 }

 // Check bans
-if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
+if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
    hesk_error($hesklang['baned_e']);
 }

 // Check maximum open tickets limit
 $below_limit = true;
-if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) {
+if ($email_available && $hesk_settings['max_open'] && ! isset($hesk_error_buffer['email'])) {
    $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " . hesk_dbFormatEmail($tmpvar['email']));
    $num = hesk_dbResult($res);

@ -327,7 +392,6 @@ if (count($hesk_error_buffer)) {

    $_SESSION['c_name'] = hesk_POST('name');
    $_SESSION['c_email'] = hesk_POST('email');
-    $_SESSION['c_category'] = hesk_POST('category');
    $_SESSION['c_priority'] = hesk_POST('priority');
    $_SESSION['c_subject'] = hesk_POST('subject');
    $_SESSION['c_message'] = hesk_POST('message');
@ -343,7 +407,7 @@ if (count($hesk_error_buffer)) {
    }

    $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $tmp . '</ul>';
-    hesk_process_messages($hesk_error_buffer, 'index.php?a=add');
+    hesk_process_messages($hesk_error_buffer, 'index.php?a=add&category='.$tmpvar['category']);
 }

 if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) {
@ -389,7 +453,7 @@ $tmpvar['user_agent'] = $_SERVER['HTTP_USER_AGENT'];

 // Should the helpdesk validate emails?
 $createTicket = true;
-if ($modsForHesk_settings['customer_email_verification_required']) {
+if ($modsForHesk_settings['customer_email_verification_required'] && $email_available) {
    $verifiedEmailSql = "SELECT `Email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "verified_emails` WHERE `Email` = '" . hesk_dbEscape($tmpvar['email']) . "'";
    $verifiedEmailRS = hesk_dbQuery($verifiedEmailSql);
    if ($verifiedEmailRS->num_rows == 0) {
@ -414,7 +478,7 @@ if ($createTicket) {
    $ticket = hesk_newTicket($tmpvar);

    // Notify the customer
-    if ($hesk_settings['notify_new']) {
+    if ($hesk_settings['notify_new'] && $email_available) {
        hesk_notifyCustomer($modsForHesk_settings);
    }

@ -434,7 +498,7 @@ $_SESSION['already_submitted'] = 1;

 // Need email to view ticket? If yes, remember it by default
 if ($hesk_settings['email_view_ticket']) {
-    setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
+    hesk_setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
 }

 // Unset temporary variables
@ -466,7 +530,8 @@ require_once(HESK_PATH . 'inc/header.inc.php');

            $hesklang['ticket_submitted'] . '<br /><br />' .
            $hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br /> ' .
-            ($hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
+            ( ! $email_available ? $hesklang['write_down'] . '<br /><br />' : '') .
+            ($email_available && $hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
            '<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
        );
    } else {
--- a/suggest_email.php
+++ b/suggest_email.php
@ -48,10 +48,13 @@ header("Pragma: no-cache");

 // Get the search query composed of the subject and message
 $address = hesk_REQUEST('e') or die('');
+$email_field = hesk_REQUEST('ef') or die('');
+$display_div = hesk_REQUEST('dd') or die('');
+$pad_div = hesk_REQUEST('pd') ? 1 : 0;
 $div = 1;

 // Do we allow multiple emails? If yes, check all
-if ($hesk_settings['multi_eml']) {
+if ($hesk_settings['multi_eml'] || hesk_REQUEST('am')) {
    // Make sure the format is correct
    $address = preg_replace('/\s/', '', $address);
    $address = str_replace(';', ',', $address);
@ -75,9 +78,9 @@ exit();

 function hesk_emailTypoShow($address, $suggest, $div = '')
 {
-    global $hesk_settings, $hesklang;
+    global $hesk_settings, $hesklang, $email_field, $display_div, $pad_div;
    ?>
-    <div id="emailtypo<?php echo $div; ?>" style="display:block">
+    <div id="emailtypo<?php echo $display_div.$div; ?>" style="display:block">
        <table border="0" width="100%">
            <tr>
                <td width="150">&nbsp;</td>
@ -85,10 +88,8 @@ function hesk_emailTypoShow($address, $suggest, $div = '')
                    <div class="alert alert-info">
                        <?php echo sprintf($hesklang['didum'], str_replace('@', '@<b>', $suggest . '</b>')); ?>
                        <br/><br/>
-                        <a class="btn btn-default" href="javascript:void();"
-                           onclick="javascript:var eml=document.form1.email.value;document.form1.email.value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['yfix']; ?></a>
-                        <a class="btn btn-default" href="javascript:void();"
-                           onclick="javascript:hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['nole']; ?></a>
+                        <a class="btn btn-default" href="javascript:void(0);" onclick="var eml=document.getElementById('<?php echo $email_field; ?>').value;document.getElementById('<?php echo $email_field; ?>').value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['yfix']; ?></a>
+                        <a class="btn btn-default" href="javascript:void(0);" onclick="document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['nole']; ?></a>
                    </div>
                </td>
            </tr>
--- a/ticket.php
+++ b/ticket.php
@ -118,6 +118,8 @@ if ($is_form) {
 /* Limit brute force attempts */
 hesk_limitBfAttempts();

+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* Get ticket info */
 $res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`, `ticketStatus`.`IsClosed` AS `isClosed`, `ticketStatus`.`Key` AS `statusKey`  FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` AS `ticketStatus` ON `t1`.`status` = `ticketStatus`.`ID` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");

@ -158,9 +160,9 @@ hesk_cleanBfAttempts();
 /* Remember email address? */
 if ($is_form) {
    if ( strlen($do_remember) ) {
-        setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
+        hesk_setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
    } elseif (isset($_COOKIE['hesk_myemail'])) {
-        setcookie('hesk_myemail', '');
+        hesk_setcookie('hesk_myemail', '');
    }
 }

@ -175,7 +177,7 @@ if ($ticket['lastreplier']) {

 // If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP
 if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) {
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']) . " LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']));
 }

 /* Get category name and ID */
@ -257,9 +259,15 @@ if (!$show['show']) {
        <div class="blankSpace"></div>
        <div class="table-bordered">
            <div class="row">
-                <div class="col-md-12">
+                <div class="col-md-10">
                    <h2><?php echo $ticket['subject']; ?></h2>
                </div>
+                <div class="col-md-2 pull-right pad-down-20">
+                    <a href="ticket.php?track=<?php echo $trackingID.$hesk_settings['e_query']; ?>">
+                        <i class="fa fa-refresh"></i>
+                        <?php echo $hesklang['refresh_page']; ?>
+                    </a>
+                </div>
            </div>
            <div class="row">
                <div class="col-md-3 col-sm-12">
@ -282,7 +290,8 @@ if (!$show['show']) {
                                echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
                            }
                        }
-                        ?></p>
+                        ?>
+                    </p>
                </div>
            </div>
            <div class="row medLowPriority">
@ -340,7 +349,9 @@ if (!$show['show']) {
        <div class="row ticketMessageContainer">
            <div class="col-md-3 col-xs-12">
                <div class="ticketName"><?php echo $ticket['name']; ?></div>
-                <div class="ticketEmail"><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a></div>
+                <?php if ($ticket['email'] != '') { ?>
+                    <div class="ticketEmail"><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a></div>
+                <?php } ?>
            </div>
            <div class="col-md-9 col-xs-12 pushMarginLeft">
                <div class="ticketMessageTop withBorder">
@ -350,53 +361,53 @@ if (!$show['show']) {
                    <!-- Custom Fields Before Message -->
                    <?php
                    foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                        if ($v['use'] && $v['place'] == 0) {
-                            if ($modsForHesk_settings['custom_field_setting']) {
-                                $v['name'] = $hesklang[$v['name']];
-                            }
-
+                        if ($v['use'] == 1 && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                            echo '<p>' . $v['name'] . ': ';
-                            if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                                $dt = date('Y-m-d h:i:s', $ticket[$k]);
-                                echo hesk_dateToString($dt, 0);
-                            } else {
-                                echo $ticket[$k];
+                            switch ($v['type'])
+                            {
+                                case 'email':
+                                    $ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
+                                    break;
+                                case 'date':
+                                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                                    break;
                            }
-                            echo '</p>';
+                            echo $ticket[$k].'</p>';
                        }
                    }
                    ?>
                </div>
                <div class="ticketMessageBottom">
-                    <!-- Message -->
-                    <p><b><?php echo $hesklang['message']; ?>:</b></p>
+                    <?php if ($ticket['message'] != '') { ?>
+                        <!-- Message -->
+                        <p><b><?php echo $hesklang['message']; ?>:</b></p>

-                    <div class="message">
-                        <?php if ($ticket['html']) {
-                            echo hesk_html_entity_decode($ticket['message']);
-                        } else {
-                            echo $ticket['message'];
-                        }
-                        ?>
-                    </div>
+                        <div class="message">
+                            <?php if ($ticket['html']) {
+                                echo hesk_html_entity_decode($ticket['message']);
+                            } else {
+                                echo $ticket['message'];
+                            }
+                            ?>
+                        </div>
+                    <?php } ?>
                </div>
                <div class="ticketMessageTop">
                    <!-- Custom Fields after Message -->
                    <?php
                    foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                        if ($v['use'] && $v['place']) {
-                            if ($modsForHesk_settings['custom_field_setting']) {
-                                $v['name'] = $hesklang[$v['name']];
-                            }
-
+                        if ($v['use'] == 1 && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                            echo '<p>' . $v['name'] . ': ';
-                            if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                                $dt = date('Y-m-d h:i:s', $ticket[$k]);
-                                echo hesk_dateToString($dt, 0);
-                            } else {
-                                echo $ticket[$k];
+                            switch ($v['type'])
+                            {
+                                case 'email':
+                                    $ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
+                                    break;
+                                case 'date':
+                                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                                    break;
                            }
-                            echo '</p>';
+                            echo $ticket[$k].'</p>';
                        }
                    }
                    /* Attachments */