diff --git a/.gitignore b/.gitignore
index 3317dca5..866d200a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,14 +1,13 @@
 admin/admin_suggest_articles.php
 admin/archive.php
+admin/custom_statuses.php
+admin/email_templates.php
 admin/generate_spam_question.php
 admin/priority.php
 admin/test_connection.php
 attachments/index.htm
-docs/changelog.html
-docs/docs_style.css
-docs/index.html
-docs/quick-guide.html
-docs/step-by-step-guide.html
+cache/
+docs/
 file_limits.php
 footer.txt
 header.txt
@@ -27,6 +26,7 @@ img/clip.png
 img/code.png
 img/code_off.png
 img/delete.png
+img/delete_off.png
 img/delete_ticket.png
 img/edit.png
 img/error.png
@@ -114,6 +114,7 @@ img/print.png
 img/private.png
 img/public.png
 img/reload.png
+img/refresh.png
 img/roundcornersb.jpg
 img/roundcornerslb.jpg
 img/roundcornerslm.jpg
@@ -156,10 +157,11 @@ inc/calendar/tcal.js
 inc/calendar/tcal.php
 inc/database.inc.php
 inc/database_mysqli.inc.php
-inc/footer.inc.php
 inc/htmlpurifier
 inc/index.htm
+inc/jscolor/
 inc/mail/email_parser.php
+inc/mail/hesk_imap.php
 inc/mail/hesk_pipe.php
 inc/mail/hesk_pop3.php
 inc/mail/index.htm
@@ -184,6 +186,7 @@ inc/recaptcha/recaptchalib.php
 inc/reporting_functions.inc.php
 inc/secimg.inc.php
 inc/setup_functions.inc.php
+inc/statuses.inc.php
 inc/tabs/index.htm
 inc/tabs/tabber-minimized.js
 inc/tabs/tabber.css
diff --git a/admin/admin_main.php b/admin/admin_main.php
index b5d53cdd..0d466735 100644
--- a/admin/admin_main.php
+++ b/admin/admin_main.php
@@ -51,6 +51,7 @@ hesk_isLoggedIn();
 define('CALENDAR', 1);
 define('MAIN_PAGE', 1);
 define('PAGE_TITLE', 'ADMIN_HOME');
+define('AUTO_RELOAD', 1);
 
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
@@ -58,7 +59,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
 /* Reset default settings? */
 if (isset($_GET['reset']) && hesk_token_check()) {
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
     $_SESSION['default_list'] = '';
 } /* Get default settings */
 else {
@@ -81,6 +82,14 @@ else {
             </div>
         </div>
         <div class="box-body">
+            <div class="checkbox">
+                <label>
+                    <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                    <?php echo $hesklang['arp']; ?>
+                    <span id="timer"></span>
+                </label>
+            </div>
+            <script type="text/javascript">heskCheckReloading();</script><br>
             <?php
             /* Print tickets? */
             if (hesk_checkPermission('can_view_tickets', 0)) {
@@ -95,10 +104,8 @@ else {
             ?>
         </div>
     </div>
-    <div class="box">
-        <div class="box-body">
-            <?php
-            $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
+    <?php
+    $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
         CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
         SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
         SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
@@ -116,11 +123,9 @@ else {
         29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
         C9wPic7DQp9DQo=', "\112");
 
-            /* Clean unneeded session variables */
-            hesk_cleanSessionVars('hide');
-            ?>
-        </div>
-    </div>
+    /* Clean unneeded session variables */
+    hesk_cleanSessionVars('hide');
+    ?>
 </section>
 
 <?php
diff --git a/admin/admin_reply_ticket.php b/admin/admin_reply_ticket.php
index 7cd87bff..335b6762 100644
--- a/admin/admin_reply_ticket.php
+++ b/admin/admin_reply_ticket.php
@@ -74,6 +74,11 @@ if (hesk_dbNumRows($result) != 1) {
 $ticket = hesk_dbFetchAssoc($result);
 $trackingID = $ticket['trackid'];
 
+// Do we require owner before allowing to reply?
+if ($hesk_settings['require_owner'] && ! $ticket['owner']) {
+    hesk_process_messages($hesklang['atbr'],'admin_ticket.php?track='.$ticket['trackid'].'&Refresh='.rand(10000,99999));
+}
+
 $hesk_error_buffer = array();
 
 // Get the message
@@ -87,7 +92,7 @@ if (strlen($message)) {
     // Save message for later and ignore the rest?
     if (isset($_POST['save_reply'])) {
         // Delete any existing drafts from this owner for this ticket
-        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
 
         // Save the message draft
         hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` (`owner`, `ticket`, `message`) VALUES (" . intval($_SESSION['id']) . ", " . intval($ticket['id']) . ", '" . hesk_dbEscape($message) . "')");
@@ -237,6 +242,7 @@ $lockedTicketStatus = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID` FROM `" . hesk
 
 // Get new ticket status
 $sql_status = '';
+$change_status = true;
 // -> If locked, keep it resolved
 if ($ticket['locked']) {
     $new_status = $lockedTicketStatus['ID'];
@@ -248,7 +254,7 @@ if ($ticket['locked']) {
         $newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status));
         $newStatus = hesk_dbFetchAssoc($newStatusRs);
 
-        if ($newStatus['IsClosed']) {
+        if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
             $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
             $sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
 
@@ -257,7 +263,7 @@ if ($ticket['locked']) {
                 $sql_status .= " , `locked`='1' ";
             }
         } else {
-            // Ticket isn't being closed, just add the history to the sql query
+            // Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
             $revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
             $sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
         }
@@ -310,12 +316,12 @@ $sql .= " , `replies`=`replies`+1 ";
 $sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
 
 // End and execute the query
-$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
+$sql .= " WHERE `id`='{$replyto}'";
 hesk_dbQuery($sql);
 unset($sql);
 
 /* Update number of replies in the users table */
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
 
 // --> Prepare reply message
 
@@ -357,7 +363,7 @@ elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
 }
 
 // Delete any existing drafts from this owner for this ticket
-hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
+hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
 
 /* Set reply submitted message */
 $_SESSION['HESK_SUCCESS'] = TRUE;
diff --git a/admin/admin_settings.php b/admin/admin_settings.php
index 6e337207..1f003357 100644
--- a/admin/admin_settings.php
+++ b/admin/admin_settings.php
@@ -56,6 +56,10 @@ hesk_isLoggedIn();
 // Check permissions for this feature
 hesk_checkPermission('can_man_settings');
 
+
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // Test languages function
 if (isset($_GET['test_languages'])) {
     hesk_testLanguage(0);
@@ -89,6 +93,9 @@ if (defined('HESK_DEMO')) {
     $hesk_settings['pop3_password'] = $hesklang['hdemo'];
     $hesk_settings['recaptcha_public_key'] = $hesklang['hdemo'];
     $hesk_settings['recaptcha_private_key'] = $hesklang['hdemo'];
+    $hesk_settings['imap_host_name']	= $hesklang['hdemo'];
+    $hesk_settings['imap_user']			= $hesklang['hdemo'];
+    $hesk_settings['imap_password']		= $hesklang['hdemo'];
 }
 
 // Check file attachment limits
@@ -214,89 +221,6 @@ $modsForHesk_settings = mfh_getSettings();
 
         // MISC
 
-        // CUSTOM FIELDS
-        if (d.s_custom1_use.checked && d.s_custom1_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom2_use.checked && d.s_custom2_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom3_use.checked && d.s_custom3_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom4_use.checked && d.s_custom4_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom5_use.checked && d.s_custom5_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom6_use.checked && d.s_custom6_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom7_use.checked && d.s_custom7_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom8_use.checked && d.s_custom8_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom9_use.checked && d.s_custom9_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom10_use.checked && d.s_custom10_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom11_use.checked && d.s_custom11_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom12_use.checked && d.s_custom12_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom13_use.checked && d.s_custom13_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom14_use.checked && d.s_custom14_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom15_use.checked && d.s_custom15_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom16_use.checked && d.s_custom16_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom17_use.checked && d.s_custom17_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom18_use.checked && d.s_custom18_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom19_use.checked && d.s_custom19_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-        if (d.s_custom20_use.checked && d.s_custom20_name.value == '') {
-            alert('<?php echo addslashes($hesklang['err_custname']); ?>');
-            return false;
-        }
-
-
         // DISABLE SUBMIT BUTTON
         d.submitbutton.disabled = true;
         d.submitbutton.value = '<?php echo addslashes($hesklang['saving']); ?>';
@@ -304,21 +228,6 @@ $modsForHesk_settings = mfh_getSettings();
         return true;
     }
 
-    function hesk_customOptions(cID, fID, fTYPE, maxlenID, oldTYPE) {
-        var t = document.getElementById(fTYPE).value;
-        if (t == oldTYPE) {
-            var d = document.getElementById(fID).value;
-            var m = document.getElementById(maxlenID).value;
-        }
-        else {
-            var d = '';
-            var m = 255;
-        }
-        var myURL = "options.php?i=" + cID + "&q=" + encodeURIComponent(d) + "&t=" + t + "&m=" + m;
-        window.open(myURL, "Hesk_window", "height=400,width=500,menubar=0,location=0,toolbar=0,status=0,resizable=1,scrollbars=1");
-        return false;
-    }
-
     function hesk_toggleLayer(nr, setto) {
         if (document.all)
             document.all[nr].style.display = setto;
@@ -380,6 +289,20 @@ $modsForHesk_settings = mfh_getSettings();
         }
         return i;
     }
+
+    function checkRequiredEmail(field) {
+        if (document.getElementById('s_require_email_0').checked && document.getElementById('s_email_view_ticket').checked) {
+            if (field == 's_require_email_0' && confirm('<?php echo addslashes($hesklang['re_confirm1']); ?>')) {
+                document.getElementById('s_email_view_ticket').checked = false;
+                return true;
+            } else if (field == 's_email_view_ticket' && confirm('<?php echo addslashes($hesklang['re_confirm2']); ?>')) {
+                document.getElementById('s_require_email_1').checked = true;
+                return true;
+            }
+            return false;
+        }
+        return true;
+    }
     //-->
 </script>
 <section class="content">
@@ -542,6 +465,31 @@ $modsForHesk_settings = mfh_getSettings();
                         ?>
                     </td>
                 </tr>
+                <tr>
+                    <td class="text-right">
+                        /<?php echo $hesk_settings['cache_dir']; ?>
+                    </td>
+                    <?php
+                    $attachmentsExist = is_dir(HESK_PATH . $hesk_settings['cache_dir']);
+                    $attachmentsWritable = is_writable(HESK_PATH . $hesk_settings['cache_dir']);
+                    $cellClass = $attachmentsExist && $attachmentsWritable ? 'success' : 'danger';
+                    ?>
+                    <td class="pad-right-10 <?php echo $cellClass; ?>">
+                        <?php
+                        if ($attachmentsExist) {
+                            echo '<span class="success">' . $hesklang['exists'] . '</span>, ';
+                            if ($attachmentsWritable) {
+                                $enable_use_attachments = 1;
+                                echo '<span class="success">' . $hesklang['writable'] . '</span>';
+                            } else {
+                                echo '<span class="error">' . $hesklang['not_writable'] . '</span><br>' . $hesklang['e_cdir'];
+                            }
+                        } else {
+                            echo '<span class="error">' . $hesklang['no_exists'] . '</span>, <span class="error">' . $hesklang['not_writable'] . '</span><br>' . $hesklang['e_cdir'];
+                        }
+                        ?>
+                    </td>
+                </tr>
             </table>
         </div>
     </div>
@@ -875,6 +823,20 @@ $modsForHesk_settings = mfh_getSettings();
                                value="<?php echo $hesk_settings['attach_dir']; ?>"/>
                     </div>
                 </div>
+                <div class="form-group">
+                    <label for="s_cache_dir"
+                           class="col-sm-3 control-label"><?php echo $hesklang['cf']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#77','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-9">
+                        <input type="text" class="form-control"
+                               placeholder="<?php echo htmlspecialchars($hesklang['ticket_attach_dir']); ?>"
+                               name="s_cache_dir" size="40" maxlength="255"
+                               value="<?php echo $hesk_settings['cache_dir']; ?>"/>
+                    </div>
+                </div>
                 <div class="form-group">
                     <label for="s_max_listings"
                            class="col-sm-3 control-label"><?php echo $hesklang['max_listings']; ?> <a
@@ -980,6 +942,57 @@ $modsForHesk_settings = mfh_getSettings();
                                 ?>
                             </div>
                         </div>
+                        <div class="form-group">
+                            <label for="s_require_email" class="col-sm-6 control-label"><?php echo $hesklang['req_email']; ?>
+                                <a href="Javascript:void(0)"
+                                   onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#73','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_email'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_email'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" id="s_require_email_0" name="s_require_email" value="0" onclick="return checkRequiredEmail(\'s_require_email_0\');" ' . $off . ' /> ' . $hesklang['off'] . '</div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" id="s_require_email_1" name="s_require_email" value="1" ' . $on . ' /> ' . $hesklang['on'] . '</div>';
+                                ?>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="s_require_owner" class="col-sm-6 control-label"><?php echo $hesklang['fass']; ?>
+                                <a href="Javascript:void(0)"
+                                   onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#70','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_owner'] ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_owner'] ? '' : 'checked="checked"';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_require_owner" value="0" ' . $off . '> ' . $hesklang['off'] . '</div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_owner" value="1" ' . $on . '> ' . $hesklang['on'] . '</div>';
+                                ?>
+                            </div>
+                        </div>
+                        <div class="form-group">
+                            <label for="s_require_message"
+                                   class="col-sm-6 control-label"><?php echo $hesklang['req_msg']; ?> <a
+                                    href="Javascript:void(0)"
+                                    onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#74','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_message'] == 1 ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_message'] == 0 ? 'checked="checked"' : '';
+                                $hide = $hesk_settings['require_message'] == -1 ? 'checked="checked"' : '';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_require_message" value="0" ' . $off . ' /> ' . $hesklang['off'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_message" value="1" ' . $on . ' /> ' . $hesklang['on'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_message" value="-1" ' . $hide . ' /> ' . $hesklang['off-hide'] . '</label></div>';
+                                ?>
+                            </div>
+                        </div>
                         <div class="form-group">
                             <label for="s_custclose" class="col-sm-6 control-label"><?php echo $hesklang['ccct']; ?>
                                 <a href="Javascript:void(0)"
@@ -1189,6 +1202,25 @@ $modsForHesk_settings = mfh_getSettings();
                                 ?>
                             </div>
                         </div>
+                        <div class="form-group">
+                            <label for="s_require_subject"
+                                   class="col-sm-6 control-label"><?php echo $hesklang['req_sub']; ?> <a
+                                    href="Javascript:void(0)"
+                                    onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#72','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6 form-inline">
+                                <?php
+                                $on = $hesk_settings['require_subject'] == 1 ? 'checked="checked"' : '';
+                                $off = $hesk_settings['require_subject'] == 0 ? 'checked="checked"' : '';
+                                $hide = $hesk_settings['require_subject'] == -1 ? 'checked="checked"' : '';
+                                echo '
+                                <div class="radio"><label><input type="radio" name="s_require_subject" value="0" ' . $off . ' /> ' . $hesklang['off'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_subject" value="1" ' . $on . ' /> ' . $hesklang['on'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                                <div class="radio"><label><input type="radio" name="s_require_subject" value="-1" ' . $hide . ' /> ' . $hesklang['off-hide'] . '</label></div>';
+                                ?>
+                            </div>
+                        </div>
                         <div class="form-group">
                             <label for="s_rating" class="col-sm-6 control-label"><?php echo $hesklang['urate']; ?>
                                 <a href="Javascript:void(0)"
@@ -1326,6 +1358,19 @@ $modsForHesk_settings = mfh_getSettings();
                                 ?>
                             </div>
                         </div>
+                        <div class="form-group">
+                            <label for="s_cat_show_select" class="col-sm-6 control-label"><?php echo $hesklang['scat']; ?> <a
+                                    href="Javascript:void(0)"
+                                    onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#71','400','500')"><i
+                                        class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                            <div class="col-sm-6">
+                                <input type="text" class="form-control"
+                                       placeholder="<?php echo htmlspecialchars($hesklang['scat']); ?>" name="s_cat_show_select"
+                                       size="5" maxlength="3" value="<?php echo $hesk_settings['cat_show_select']; ?>">
+                                <?php echo $hesklang['scat2']; ?>
+                            </div>
+                        </div>
                     </div>
                 </div>
 
@@ -1516,12 +1561,48 @@ $modsForHesk_settings = mfh_getSettings();
                     <div class="col-sm-8">
                         <div class="checkbox">
                             <label><input type="checkbox" name="s_email_view_ticket"
+                                          id="s_email_view_ticket" onclick="return checkRequiredEmail('s_email_view_ticket');"
                                           value="1" <?php if ($hesk_settings['email_view_ticket']) {
                                     echo 'checked="checked"';
                                 } ?>/> <?php echo $hesklang['reqetv']; ?></label>
                         </div>
                     </div>
                 </div>
+                <div class="form-group">
+                    <label for="s_x_frame_opt"
+                           class="col-sm-4 control-label"><?php echo $hesklang['frames']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#76','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-8">
+                        <div class="checkbox">
+                            <label><input type="checkbox" name="s_x_frame_opt"
+                                          value="1" <?php if ($hesk_settings['x_frame_opt']) {
+                                    echo 'checked="checked"';} ?>> <?php echo $hesklang['frames2']; ?></label>
+                        </div>
+                    </div>
+                </div>
+                <div class="form-group">
+                    <label for="s_force_ssl"
+                           class="col-sm-4 control-label"><?php echo $hesklang['ssl']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>helpdesk.html#75','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-8">
+                        <div class="checkbox">
+                            <?php if (HESK_SSL): ?>
+                            <label><input type="checkbox" name="s_force_ssl"
+                                          value="1" <?php if ($hesk_settings['force_ssl']) {
+                                    echo 'checked="checked"';} ?>>
+                                <?php echo $hesklang['frames2']; ?>
+                            </label>
+                            <?php else: echo $hesklang['d_ssl']; ?>
+                            <?php endif ?>
+                        </div>
+                    </div>
+                </div>
                 <div class="form-group">
                     <label for="email-verification" class="col-sm-4 col-xs-12 control-label">
                     <span class="label label-primary"
@@ -2071,119 +2152,6 @@ $modsForHesk_settings = mfh_getSettings();
             </div>
         </div>
 
-        <!-- Custom Field Settings -->
-        <div class="box collapsed-box">
-            <div class="box-header with-border">
-                <h1 class="box-title">
-                    <?php echo $hesklang['tab_4']; ?>
-                </h1>
-                <div class="box-tools pull-right">
-                    <button type="button" class="btn btn-box-tool" data-widget="collapse">
-                        <i class="fa fa-plus"></i>
-                    </button>
-                </div>
-            </div>
-            <div class="box-body">
-                <h4 class="bold"><?php echo $hesklang['custom_use']; ?> <a href="Javascript:void(0)"
-                                                                           onclick="Javascript:hesk_window('<?php echo $help_folder; ?>custom.html#41','400','500')"><i
-                            class="fa fa-question-circle settingsquestionmark"></i></a></h4>
-
-
-                <div class="form-group">
-                    <label for="custom-field-setting" class="col-sm-4 col-xs-12 control-label">
-                          <span class="label label-primary"
-                                data-toggle="tooltip"
-                                title="<?php echo $hesklang['added_in_mods_for_hesk']; ?>"><?php echo $hesklang['mods_for_hesk_acronym']; ?></span>
-                        <?php echo $hesklang['custom_field_setting']; ?>
-                        <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
-                           title="<?php echo $hesklang['custom_field_setting']; ?>"
-                           data-content="<?php echo $hesklang['custom_field_setting_help']; ?>"></i>
-                    </label>
-
-                    <div class="col-sm-8 col-xs-12">
-                        <div class="checkbox">
-                            <label>
-                                <input id="custom-field-setting"
-                                       name="custom-field-setting"
-                                       type="checkbox"
-                                       onchange="changeText('fieldNameHeader',
-                                           '<?php echo $hesklang['custom_language_key']; ?>',
-                                           '<?php echo $hesklang['custom_n']; ?>',
-                                           this)"
-                                    <?php if ($modsForHesk_settings['custom_field_setting']) {
-                                        echo 'checked';
-                                    } ?>> <?php echo $hesklang['enable_custom_field_language']; ?>
-                            </label>
-                        </div>
-                    </div>
-                </div>
-                <table class="table table-hover">
-                    <tr>
-                        <th><?php echo $hesklang['enable']; ?></th>
-                        <th><?php echo $hesklang['s_type']; ?></th>
-                        <th><?php echo $hesklang['custom_r']; ?></th>
-                        <th id="fieldNameHeader">
-                            <?php if ($modsForHesk_settings['custom_field_setting']) {
-                                echo $hesklang['custom_language_key'];
-                            } else {
-                                echo $hesklang['custom_n'];
-                            } ?>
-                        </th>
-                        <th><?php echo $hesklang['custom_place']; ?></th>
-                        <th><?php echo $hesklang['opt']; ?></th>
-                    </tr>
-
-                    <?php
-                    for ($i = 1; $i <= 20; $i++) {
-                        $this_field = $hesk_settings['custom_fields']['custom' . $i];
-
-                        $onload_locally = $this_field['use'] ? '' : ' disabled="disabled" ';
-
-                        echo '
-                    <tr>
-                    <td><div class="checkbox"><label><input type="checkbox" name="s_custom' . $i . '_use" value="1" id="c' . $i . '1" ';
-                        if ($this_field['use']) {
-                            echo 'checked="checked"';
-                        }
-                        echo ' onclick="hesk_attach_toggle(\'c' . $i . '1\',new Array(\'s_custom' . $i . '_type\',\'s_custom' . $i . '_req\',\'s_custom' . $i . '_name\',\'c' . $i . '5\',\'c' . $i . '6\'))" /> ' . $hesklang['yes'] . '</label></div></td>
-                    <td>
-                        <select class="form-control" name="s_custom' . $i . '_type" id="s_custom' . $i . '_type" ' . $onload_locally . '>
-                        <option value="text"     ' . ($this_field['type'] == 'text' ? 'selected="selected"' : '') . '>' . $hesklang['stf'] . '</option>
-                        <option value="textarea" ' . ($this_field['type'] == 'textarea' ? 'selected="selected"' : '') . '>' . $hesklang['stb'] . '</option>
-                        <option value="radio"    ' . ($this_field['type'] == 'radio' ? 'selected="selected"' : '') . '>' . $hesklang['srb'] . '</option>
-                        <option value="select"   ' . ($this_field['type'] == 'select' ? 'selected="selected"' : '') . '>' . $hesklang['ssb'] . '</option>
-                        <option value="checkbox" ' . ($this_field['type'] == 'checkbox' ? 'selected="selected"' : '') . '>' . $hesklang['scb'] . '</option>
-                        <option value="date" ' . ($this_field['type'] == 'date' ? 'selected="selected"' : '') . '>' . $hesklang['date_custom_field'] . '</option>
-                        <option value="multiselect" ' . ($this_field['type'] == 'multiselect' ? 'selected="selected"' : '') . '>' . $hesklang['multiple_select_custom_field'] . '</option>
-                        <option value="email" ' . ($this_field['type'] == 'email' ? 'selected="selected"' : '') . '>' . $hesklang['email_custom_field'] . '</option>
-                        <option value="hidden" ' . ($this_field['type'] == 'hidden' ? 'selected="selected"' : '') . '>' . $hesklang['hidden_custom_field'] . '</option>
-                        <option value="readonly" ' . ($this_field['type'] == 'readonly' ? 'selected="selected"' : '') . '>' . $hesklang['readonly_custom_field'] . '</option>
-                        </select>
-                    </td>
-                    <td><div class="checkbox"><label><input type="checkbox" name="s_custom' . $i . '_req" value="1" id="s_custom' . $i . '_req" ';
-                        if ($this_field['req']) {
-                            echo 'checked="checked"';
-                        }
-                        echo $onload_locally . ' /> ' . $hesklang['yes'] . '</label></div></td>
-                    <td><input class="form-control" type="text" name="s_custom' . $i . '_name" size="20" maxlength="255" id="s_custom' . $i . '_name" value="' . $this_field['name'] . '"' . $onload_locally . ' /></td>
-                    <td>
-                        <div class="radio"><label><input type="radio" name="s_custom' . $i . '_place" value="0" id="c' . $i . '5" ' . ($this_field['place'] ? '' : 'checked="checked"') . '  ' . $onload_locally . ' /> ' . $hesklang['place_before'] . '</label></div><br />
-                        <div class="radio"><label><input type="radio" name="s_custom' . $i . '_place" value="1" id="c' . $i . '6" ' . ($this_field['place'] ? 'checked="checked"' : '') . '  ' . $onload_locally . ' /> ' . $hesklang['place_after'] . '</label></div>
-                    </td>
-                    <td>
-                    <input type="hidden" name="s_custom' . $i . '_val" id="s_custom' . $i . '_val" value="' . $this_field['value'] . '" />
-                    <input type="hidden" name="s_custom' . $i . '_maxlen" id="s_custom' . $i . '_maxlen" value="' . $this_field['maxlen'] . '" />
-                    <a href="Javascript:void(0)" onclick="Javascript:return hesk_customOptions(\'custom' . $i . '\',\'s_custom' . $i . '_val\',\'s_custom' . $i . '_type\',\'s_custom' . $i . '_maxlen\',\'' . $this_field['type'] . '\')">' . $hesklang['opt'] . '</a>
-                    </td>
-
-                    </tr>
-                    ';
-                    } // End FOR
-                    ?>
-                </table>
-            </div>
-        </div>
-
         <!-- Email Settings -->
         <div class="box collapsed-box">
             <div class="box-header with-border">
@@ -2696,6 +2664,202 @@ $modsForHesk_settings = mfh_getSettings();
                 </div>
                 <!-- END POP3 SETTINGS DIV -->
 
+                <!-- IMAP Fetching -->
+                <h4 class="bold"><?php echo $hesklang['imap']; ?></h4>
+
+                <div class="form-group">
+                    <label for="s_pop3" class="col-sm-3 control-label"><?php echo $hesklang['imap']; ?> <a
+                            href="Javascript:void(0)"
+                            onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                    <div class="col-sm-9 form-inline">
+                        <?php
+                        $on = '';
+                        $off = '';
+                        $onload_div = 'none';
+                        $onload_status = '';
+
+                        if ($hesk_settings['imap']) {
+                            $on = 'checked';
+                            $onload_div = 'block';
+                        } else {
+                            $off = 'checked';
+                            $onload_status = ' disabled ';
+                        }
+
+                        echo '
+                        <div class="radio"><label><input type="radio" name="s_imap" value="0" onclick="hesk_attach_disable(new Array(\'i0\',\'i1\',\'i2\',\'i3\',\'i4\',\'i5\',\'i6\',\'i7\',\'i8\',\'i9\'))" onchange="hesk_toggleLayerDisplay(\'imap_settings\');" ' . $off . '> ' . $hesklang['off'] . '</label></div>&nbsp;&nbsp;&nbsp;
+                        <div class="radio"><label><input type="radio" name="s_imap" value="1" onclick="hesk_attach_enable(new Array(\'i0\',\'i1\',\'i2\',\'i3\',\'i4\',\'i5\',\'i6\',\'i7\',\'i8\',\'i9\'))" onchange="hesk_toggleLayerDisplay(\'imap_settings\');"  ' . $on . '> ' . $hesklang['on'] . '</label></div>';
+                        ?>
+                        <input type="hidden" name="tmp_imap_host_name" value="<?php echo $hesk_settings['imap_host_name']; ?>">
+                        <input type="hidden" name="tmp_imap_host_port" value="<?php echo $hesk_settings['imap_host_port']; ?>">
+                        <input type="hidden" name="tmp_imap_user" value="<?php echo $hesk_settings['imap_user']; ?>">
+                        <input type="hidden" name="tmp_imap_password" value="<?php echo $hesk_settings['imap_password']; ?>">
+                        <input type="hidden" name="tmp_imap_enc" value="<?php echo $hesk_settings['imap_enc']; ?>">
+                        <input type="hidden" name="tmp_imap_keep" value="<?php echo $hesk_settings['imap_keep']; ?>">
+                    </div>
+                </div>
+                <div id="imap_settings" style="display:<?php echo $onload_div; ?>">
+                    <div class="form-group">
+                        <label for="s_imap_job_wait" class="col-sm-3 control-label"><?php echo $hesklang['pjt']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['pjt']); ?>" id="i0"
+                                   name="s_imap_job_wait" size="5" maxlength="5"
+                                   value="<?php echo $hesk_settings['imap_job_wait']; ?>" <?php echo $onload_status; ?>> <?php echo $hesklang['pjt2']; ?>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_host_name" class="col-sm-3 control-label"><?php echo $hesklang['imaph']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imaph']); ?>" id="i1"
+                                   name="s_imap_host_name" size="40" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_host_name']; ?>" <?php echo $onload_status; ?>>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_host_port" class="col-sm-3 control-label"><?php echo $hesklang['imapp']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imapp']); ?>" id="i2"
+                                   name="s_imap_host_port" size="5" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_host_port']; ?>" <?php echo $onload_status; ?>>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_enc" class="col-sm-3 control-label"><?php echo $hesklang['enc']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9 form-inline">
+                            <?php
+                            $none = $hesk_settings['imap_enc'] == '' ? 'checked' : '';
+                            $ssl = $hesk_settings['imap_enc'] == 'ssl' ? 'checked' : '';
+                            $tls = $hesk_settings['imap_enc'] == 'tls' ? 'checked' : '';
+                            echo '
+		<div class="radio"><label><input type="radio" name="s_imap_enc" value="ssl" id="i9" '.$ssl.' '.$onload_status.'> '.$hesklang['ssl'].'</label></div>&nbsp;&nbsp;&nbsp;
+		<div class="radio"><label><input type="radio" name="s_imap_enc" value="tls" id="i4" '.$tls.' '.$onload_status.'> '.$hesklang['tls'].'</label></div>&nbsp;&nbsp;&nbsp;
+		<div class="radio"><label><input type="radio" name="s_imap_enc" value="" id="i3" '.$none.' '.$onload_status.'> '.$hesklang['none'].'</label></div>
+		';
+                            ?>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_keep" class="col-sm-3 control-label"><?php echo $hesklang['pop3keep']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9 form-inline">
+                            <?php
+                            $on = $hesk_settings['imap_keep'] ? 'checked="checked"' : '';
+                            $off = $hesk_settings['imap_keep'] ? '' : 'checked="checked"';
+                            echo '
+		<div class="radio"><label><input type="radio" name="s_imap_keep" value="0" id="i7" '.$off.' '.$onload_status.'> '.$hesklang['off'].'</label></div>&nbsp;&nbsp;&nbsp;
+		<div class="radio"><label><input type="radio" name="s_imap_keep" value="1" id="i8" '.$on.' '.$onload_status.'> '.$hesklang['on'].'</label></div>
+		';
+                            ?>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_user" class="col-sm-3 control-label"><?php echo $hesklang['imapu']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imapu']); ?>" id="i5"
+                                   name="s_imap_user" size="40" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_user']; ?>" <?php echo $onload_status; ?> autocomplete="off">
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="s_imap_password" class="col-sm-3 control-label"><?php echo $hesklang['imapw']; ?>
+                            <a href="Javascript:void(0)"
+                               onclick="Javascript:hesk_window('<?php echo $help_folder; ?>email.html#67','400','500')"><i
+                                    class="fa fa-question-circle settingsquestionmark"></i></a></label>
+
+                        <div class="col-sm-9">
+                            <input type="password" class="form-control"
+                                   placeholder="<?php echo htmlspecialchars($hesklang['imapw']); ?>" id="i6"
+                                   name="s_imap_password" size="40" maxlength="255"
+                                   value="<?php echo $hesk_settings['imap_password']; ?>" <?php echo $onload_status; ?> autocomplete="off">
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-9 col-sm-offset-3">
+                            <input type="button" class="btn btn-default"
+                                   onclick="hesk_testIMAP()" value="<?php echo $hesklang['imaptest']; ?>">
+                        </div>
+                    </div>
+
+                    <!-- START IMAP TEST -->
+                    <div id="imap_test" style="display:none">
+                    </div>
+
+                    <script language="Javascript" type="text/javascript"><!--
+                        function hesk_testIMAP()
+                        {
+                            var element = document.getElementById('imap_test');
+                            element.innerHTML = '<img src="<?php echo HESK_PATH; ?>img/loading.gif" width="24" height="24" alt="" border="0" style="vertical-align:text-bottom" /> <i><?php echo addslashes($hesklang['contest']); ?></i>';
+                            element.style.display = 'block';
+
+                            var s_imap_host_name = document.getElementById('i1').value;
+                            var s_imap_host_port = document.getElementById('i2').value;
+                            var s_imap_user      = document.getElementById('i5').value;
+                            var s_imap_password  = document.getElementById('i6').value;
+                            var s_imap_enc       = document.getElementById('i4').checked ? 'tls' : (document.getElementById('i9').checked ? 'ssl' : '');
+
+                            var params = "test=imap" +
+                                "&s_imap_host_name="  + encodeURIComponent( s_imap_host_name ) +
+                                "&s_imap_host_port=" + encodeURIComponent( s_imap_host_port ) +
+                                "&s_imap_user="      + encodeURIComponent( s_imap_user ) +
+                                "&s_imap_password="  + encodeURIComponent( s_imap_password ) +
+                                "&s_imap_enc="       + encodeURIComponent( s_imap_enc );
+
+                            xmlHttp=GetXmlHttpObject();
+                            if (xmlHttp==null)
+                            {
+                                return;
+                            }
+
+                            xmlHttp.open('POST','test_connection.php',true);
+                            xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+                            xmlHttp.setRequestHeader("Content-length", params.length);
+                            xmlHttp.setRequestHeader("Connection", "close");
+
+                            xmlHttp.onreadystatechange = function()
+                            {
+                                if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
+                                {
+                                    element.innerHTML = xmlHttp.responseText;
+                                }
+                            }
+
+                            xmlHttp.send(params);
+                        }
+                        //-->
+                    </script>
+                    <!-- END IMAP TEST -->
+
+                </div> <!-- END IMAP SETTINGS DIV -->
+
                 <h4 class="bold"><?php echo $hesklang['loops']; ?></h4>
                 <div class="form-group">
                     <label for="s_loop_hits" class="col-sm-3 control-label"><?php echo $hesklang['looph']; ?> <a
@@ -3323,7 +3487,28 @@ $modsForHesk_settings = mfh_getSettings();
                 </div>
             </div>
             <div class="box-body">
-                <h4 class="bold"><?php echo $hesklang['uiColors']; ?></h4>
+                <h4>Common Properties</h4>
+                <div class="row">
+                    <div class="col-sm-6 col-xs-12">
+                        <div class="form-group">
+                            <label for="questionMarkColor"
+                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['questionMarkColor']; ?>
+                                <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
+                                   data-placement="left"
+                                   title="<?php echo $hesklang['questionMarkColor']; ?>"
+                                   data-content="<?php echo $hesklang['questionMarkColorHelp']; ?>"></i>
+                            </label>
+
+                            <div class="col-sm-5 col-xs-12">
+                                <input type="text" id="questionMarkColor" name="questionMarkColor"
+                                       class="form-control"
+                                       value="<?php echo $modsForHesk_settings['questionMarkColor']; ?>">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+
+                <h4>Customer View</h4>
                 <div class="row">
                     <div class="col-sm-6 col-xs-12">
                         <div class="form-group">
@@ -3486,40 +3671,71 @@ $modsForHesk_settings = mfh_getSettings();
                             </div>
                         </div>
                     </div>
+                </div>
+                <div class="row">
                     <div class="col-sm-6 col-xs-12">
                         <div class="form-group">
-                            <label for="questionMarkColor"
-                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['questionMarkColor']; ?>
+                            <label for="dropdownItemTextHoverBackgroundColor"
+                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>
                                 <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
                                    data-placement="left"
-                                   title="<?php echo $hesklang['questionMarkColor']; ?>"
-                                   data-content="<?php echo $hesklang['questionMarkColorHelp']; ?>"></i>
+                                   title="<?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>"
+                                   data-content="<?php echo $hesklang['dropdownItemTextHoverBackgroundColorHelp']; ?>"></i>
                             </label>
 
                             <div class="col-sm-5 col-xs-12">
-                                <input type="text" id="questionMarkColor" name="questionMarkColor"
-                                       class="form-control"
-                                       value="<?php echo $modsForHesk_settings['questionMarkColor']; ?>">
+                                <input type="text" id="dropdownItemTextHoverBackgroundColor"
+                                       name="dropdownItemTextHoverBackgroundColor" class="form-control"
+                                       value="<?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>">
                             </div>
                         </div>
                     </div>
                 </div>
+                <h4>Admin Panel</h4>
                 <div class="row">
-                    <div class="col-sm-6 col-xs-12">
+                    <div class="col-xs-12">
                         <div class="form-group">
-                            <label for="dropdownItemTextHoverBackgroundColor"
-                                   class="col-sm-7 col-xs-12 control-label"><?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>
+                            <label for="admin-color-scheme"
+                                   class="col-sm-3 col-xs-5 control-label">Color Scheme
                                 <i class="fa fa-question-circle settingsquestionmark" data-toggle="popover"
                                    data-placement="left"
                                    title="<?php echo $hesklang['dropdownItemTextHoverBackgroundColor']; ?>"
                                    data-content="<?php echo $hesklang['dropdownItemTextHoverBackgroundColorHelp']; ?>"></i>
                             </label>
 
-                            <div class="col-sm-5 col-xs-12">
-                                <input type="text" id="dropdownItemTextHoverBackgroundColor"
-                                       name="dropdownItemTextHoverBackgroundColor" class="form-control"
-                                       value="<?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>">
+                            <div class="col-sm-9 col-xs-7">
+                                <select name="admin-color-scheme" class="form-control">
+                                    <option value="skin-blue">Blue</option>
+                                    <option value="skin-blue-light">Blue (Light)</option>
+                                    <option value="skin-yellow">Yellow</option>
+                                    <option value="skin-yellow-light">Yellow (Light)</option>
+                                    <option value="skin-green">Green</option>
+                                    <option value="skin-green-light">Green (Light)</option>
+                                    <option value="skin-purple">Purple</option>
+                                    <option value="skin-purple-light">Purple (Light)</option>
+                                    <option value="skin-red">Red</option>
+                                    <option value="skin-red-light">Red (Light)</option>
+                                    <option value="skin-black">Black</option>
+                                    <option value="skin-black-light">Black (Light)</option>
+                                </select>
                             </div>
+                            <script>
+                                $('select[name="admin-color-scheme"]').change(function() {
+                                    $('body').removeClass('skin-blue')
+                                        .removeClass('skin-blue-light')
+                                        .removeClass('skin-yellow')
+                                        .removeClass('skin-yellow-light')
+                                        .removeClass('skin-green')
+                                        .removeClass('skin-green-light')
+                                        .removeClass('skin-purple')
+                                        .removeClass('skin-purple-light')
+                                        .removeClass('skin-red')
+                                        .removeClass('skin-red-light')
+                                        .removeClass('skin-black')
+                                        .removeClass('skin-black-light')
+                                        .addClass($(this).val());
+                                });
+                            </script>
                         </div>
                     </div>
                 </div>
@@ -3567,8 +3783,8 @@ $modsForHesk_settings = mfh_getSettings();
         global $hesk_settings;
 
         // Do we have a cached version file?
-        if (file_exists(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest.txt')) {
-            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
+        if (file_exists(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest.txt')) {
+            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
                 return $matches[2];
             }
         }
@@ -3601,7 +3817,7 @@ $modsForHesk_settings = mfh_getSettings();
     {
         global $hesk_settings;
 
-        @file_put_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest.txt', time() . '|' . $latest);
+        @file_put_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest.txt', time() . '|' . $latest);
 
         return $latest;
 
@@ -3627,8 +3843,8 @@ $modsForHesk_settings = mfh_getSettings();
         global $hesk_settings;
 
         // Do we have a cached version file?
-        if (file_exists(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest-mfh.txt')) {
-            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest-mfh.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
+        if (file_exists(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest-mfh.txt')) {
+            if (preg_match('/^(\d+)\|([\d.]+)+$/', @file_get_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest-mfh.txt'), $matches) && (time() - intval($matches[1])) < 3600) {
                 return $matches[2];
             }
         }
@@ -3660,7 +3876,7 @@ $modsForHesk_settings = mfh_getSettings();
     {
         global $hesk_settings;
 
-        @file_put_contents(HESK_PATH . $hesk_settings['attach_dir'] . '/__latest-mfh.txt', time() . '|' . $latest);
+        @file_put_contents(HESK_PATH . $hesk_settings['cache_dir'] . '/__latest-mfh.txt', time() . '|' . $latest);
 
         return $latest;
 
@@ -3723,7 +3939,7 @@ $modsForHesk_settings = mfh_getSettings();
                     }
 
                     /* Check if language file is for current version */
-                    if (strpos($tmp, '$hesklang[\'ms01\']') === false) {
+                    if (strpos($tmp, '$hesklang[\'refresh_page\']') === false) {
                         $err .= "              |---->  WRONG VERSION (not " . $hesk_settings['hesk_version'] . ")\n";
                     }
 
diff --git a/admin/admin_settings_save.php b/admin/admin_settings_save.php
index 4b9cb092..3661d17c 100644
--- a/admin/admin_settings_save.php
+++ b/admin/admin_settings_save.php
@@ -85,9 +85,6 @@ if (isset($lang[1]) && in_array($lang[1], hesk_getLanguagesArray(1))) {
     hesk_error($hesklang['err_lang']);
 }
 
-/* --> Database settings */
-hesk_dbClose();
-
 if (hesk_testMySQL()) {
     // Database connection OK
 } elseif ($mysql_log) {
@@ -125,6 +122,7 @@ if ( ! is_writable(HESK_PATH . $set['attach_dir']) )
 }
 */
 
+$set['cache_dir'] = isset($_POST['s_cache_dir']) && ! is_array($_POST['s_cache_dir']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['s_cache_dir']) : 'cache';
 $set['max_listings'] = hesk_checkMinMax(intval(hesk_POST('s_max_listings')), 1, 999, 10);
 $set['print_font_size'] = hesk_checkMinMax(intval(hesk_POST('s_print_font_size')), 1, 99, 12);
 $set['autoclose'] = hesk_checkMinMax(intval(hesk_POST('s_autoclose')), 0, 999, 7);
@@ -135,6 +133,10 @@ $set['reply_top'] = empty($_POST['s_reply_top']) ? 0 : 1;
 /* --> Features */
 $set['autologin'] = empty($_POST['s_autologin']) ? 0 : 1;
 $set['autoassign'] = empty($_POST['s_autoassign']) ? 0 : 1;
+$set['require_email']	= empty($_POST['s_require_email']) ? 0 : 1;
+$set['require_owner']	= empty($_POST['s_require_owner']) ? 0 : 1;
+$set['require_subject']	= hesk_checkMinMax( intval( hesk_POST('s_require_subject') ) , -1, 1, 1);
+$set['require_message']	= hesk_checkMinMax( intval( hesk_POST('s_require_message') ) , -1, 1, 1);
 $set['custclose'] = empty($_POST['s_custclose']) ? 0 : 1;
 $set['custopen'] = empty($_POST['s_custopen']) ? 0 : 1;
 $set['rating'] = empty($_POST['s_rating']) ? 0 : 1;
@@ -147,6 +149,7 @@ $set['debug_mode'] = empty($_POST['s_debug_mode']) ? 0 : 1;
 $set['short_link'] = empty($_POST['s_short_link']) ? 0 : 1;
 $set['select_cat'] = empty($_POST['s_select_cat']) ? 0 : 1;
 $set['select_pri'] = empty($_POST['s_select_pri']) ? 0 : 1;
+$set['cat_show_select'] = hesk_checkMinMax( intval( hesk_POST('s_cat_show_select') ) , 0, 999, 10);
 
 /* --> SPAM prevention */
 $set['secimg_use'] = empty($_POST['s_secimg_use']) ? 0 : (hesk_POST('s_secimg_use') == 2 ? 2 : 1);
@@ -168,7 +171,14 @@ if ($set['attempt_limit'] > 0) {
 }
 $set['attempt_banmin'] = hesk_checkMinMax(intval(hesk_POST('s_attempt_banmin')), 5, 99999, 60);
 $set['reset_pass'] = empty($_POST['s_reset_pass']) ? 0 : 1;
-$set['email_view_ticket'] = empty($_POST['s_email_view_ticket']) ? 0 : 1;
+$set['email_view_ticket'] = ($set['require_email'] == 0) ? 0 : (empty($_POST['s_email_view_ticket']) ? 0 : 1);
+$set['x_frame_opt'] = empty($_POST['s_x_frame_opt']) ? 0 : 1;
+$set['force_ssl'] = HESK_SSL && isset($_POST['s_force_ssl']) && $_POST['s_force_ssl'] == 1 ? 1 : 0;
+
+// Make sure help desk URL starts with https if forcing SSL
+if ($set['force_ssl']) {
+    $set['hesk_url'] = preg_replace('/^http:/i', 'https:', $set['hesk_url']);
+}
 
 /* --> Attachments */
 $set['attachments']['use'] = empty($_POST['s_attach_use']) ? 0 : 1;
@@ -246,7 +256,7 @@ if ($set['smtp']) {
         $set['smtp'] = 0;
     }
 } else {
-    $set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.domain.com'));
+    $set['smtp_host_name'] = hesk_input(hesk_POST('tmp_smtp_host_name', 'mail.example.com'));
     $set['smtp_host_port'] = intval(hesk_POST('tmp_smtp_host_port', 25));
     $set['smtp_timeout'] = intval(hesk_POST('tmp_smtp_timeout', 10));
     $set['smtp_ssl'] = empty($_POST['tmp_smtp_ssl']) ? 0 : 1;
@@ -279,7 +289,7 @@ if ($set['pop3']) {
     }
 } else {
     $set['pop3_job_wait'] = intval(hesk_POST('s_pop3_job_wait', 15));
-    $set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.domain.com'));
+    $set['pop3_host_name'] = hesk_input(hesk_POST('tmp_pop3_host_name', 'mail.example.com'));
     $set['pop3_host_port'] = intval(hesk_POST('tmp_pop3_host_port', 110));
     $set['pop3_tls'] = empty($_POST['tmp_pop3_tls']) ? 0 : 1;
     $set['pop3_keep'] = empty($_POST['tmp_pop3_keep']) ? 0 : 1;
@@ -287,6 +297,32 @@ if ($set['pop3']) {
     $set['pop3_password'] = hesk_input(hesk_POST('tmp_pop3_password'));
 }
 
+/* --> IMAP fetching */
+$imap_OK = true;
+$set['imap'] = empty($_POST['s_imap']) ? 0 : 1;
+
+if ($set['imap']) {
+    // Get IMAP fetching timeout
+    $set['imap_job_wait'] = hesk_checkMinMax( intval( hesk_POST('s_imap_job_wait') ) , 0, 1440, 15);
+
+    // Test IMAP connection
+    $imap_OK = hesk_testIMAP(true);
+
+    // If IMAP not working, disable it
+    if ( ! $imap_OK) {
+        $set['imap'] = 0;
+    }
+} else {
+    $set['imap_job_wait']	= intval( hesk_POST('s_imap_job_wait', 15) );
+    $set['imap_host_name']	= hesk_input( hesk_POST('tmp_imap_host_name', 'mail.example.com') );
+    $set['imap_host_port']	= intval( hesk_POST('tmp_imap_host_port', 110) );
+    $set['imap_enc']		= hesk_POST('tmp_imap_enc');
+    $set['imap_enc']		= ($set['imap_enc'] == 'ssl' || $set['imap_enc'] == 'tls') ? $set['imap_enc'] : '';
+    $set['imap_keep']		= empty($_POST['tmp_imap_keep']) ? 0 : 1;
+    $set['imap_user']		= hesk_input( hesk_POST('tmp_imap_user') );
+    $set['imap_password']	= hesk_input( hesk_POST('tmp_imap_password') );
+}
+
 /* --> Email loops */
 $set['loop_hits'] = hesk_checkMinMax(intval(hesk_POST('s_loop_hits')), 0, 999, 5);
 $set['loop_time'] = hesk_checkMinMax(intval(hesk_POST('s_loop_time')), 1, 86400, 300);
@@ -323,10 +359,10 @@ if (!empty($_POST['s_email_providers']) && !is_array($_POST['s_email_providers']
 
 if (!$set['detect_typos'] || count($set['email_providers']) < 1) {
     $set['detect_typos'] = 0;
-    $set['email_providers'] = array('gmail.com', 'hotmail.com', 'hotmail.co.uk', 'yahoo.com', 'yahoo.co.uk', 'aol.com', 'aol.co.uk', 'msn.com', 'live.com', 'live.co.uk', 'mail.com', 'googlemail.com', 'btinternet.com', 'btopenworld.com');
+    $set['email_providers']=array('aim.com','aol.co.uk','aol.com','att.net','bellsouth.net','blueyonder.co.uk','bt.com','btinternet.com','btopenworld.com','charter.net','comcast.net','cox.net','earthlink.net','email.com','facebook.com','fastmail.fm','free.fr','freeserve.co.uk','gmail.com','gmx.at','gmx.ch','gmx.com','gmx.de','gmx.fr','gmx.net','gmx.us','googlemail.com','hotmail.be','hotmail.co.uk','hotmail.com','hotmail.com.ar','hotmail.com.mx','hotmail.de','hotmail.es','hotmail.fr','hushmail.com','icloud.com','inbox.com','laposte.net','lavabit.com','list.ru','live.be','live.co.uk','live.com','live.com.ar','live.com.mx','live.de','live.fr','love.com','lycos.com','mac.com','mail.com','mail.ru','me.com','msn.com','nate.com','naver.com','neuf.fr','ntlworld.com','o2.co.uk','online.de','orange.fr','orange.net','outlook.com','pobox.com','prodigy.net.mx','qq.com','rambler.ru','rocketmail.com','safe-mail.net','sbcglobal.net','t-online.de','talktalk.co.uk','tiscali.co.uk','verizon.net','virgin.net','virginmedia.com','wanadoo.co.uk','wanadoo.fr','yahoo.co.id','yahoo.co.in','yahoo.co.jp','yahoo.co.kr','yahoo.co.uk','yahoo.com','yahoo.com.ar','yahoo.com.mx','yahoo.com.ph','yahoo.com.sg','yahoo.de','yahoo.fr','yandex.com','yandex.ru','ymail.com');
 }
 
-$set['email_providers'] = count($set['email_providers']) ? "'" . implode("','", $set['email_providers']) . "'" : '';
+$set['email_providers'] = count($set['email_providers']) ?  "'" . implode("','", array_unique($set['email_providers'])) . "'" : '';
 
 
 /* --> Notify customer when */
@@ -386,7 +422,8 @@ foreach ($hesk_settings['possible_ticket_list'] as $key => $title) {
 
 // We need at least one of these: id, trackid, subject
 if (!in_array('id', $set['ticket_list']) && !in_array('trackid', $set['ticket_list']) && !in_array('subject', $set['ticket_list'])) {
-    $set['ticket_list'][] = 'trackid';
+    // None of the required fields are there, add "trackid" as the first one
+    array_unshift($set['ticket_list'], 'trackid');
 }
 
 $set['ticket_list'] = count($set['ticket_list']) ? "'" . implode("','", $set['ticket_list']) . "'" : 'trackid';
@@ -419,49 +456,9 @@ $set['submit_notice'] = empty($_POST['s_submit_notice']) ? 0 : 1;
 $set['online'] = empty($_POST['s_online']) ? 0 : 1;
 $set['online_min'] = hesk_checkMinMax(intval(hesk_POST('s_online_min')), 1, 999, 10);
 $set['check_updates'] = empty($_POST['s_check_updates']) ? 0 : 1;
-
-/*** CUSTOM FIELDS ***/
-
-for ($i = 1; $i <= 20; $i++) {
-    $this_field = 'custom' . $i;
-    $set['custom_fields'][$this_field]['use'] = !empty($_POST['s_custom' . $i . '_use']) ? 1 : 0;
-
-    if ($set['custom_fields'][$this_field]['use']) {
-        $set['custom_fields'][$this_field]['place'] = empty($_POST['s_custom' . $i . '_place']) ? 0 : 1;
-        $set['custom_fields'][$this_field]['type'] = hesk_htmlspecialchars(hesk_POST('s_custom' . $i . '_type', 'text'));
-        $set['custom_fields'][$this_field]['req'] = !empty($_POST['s_custom' . $i . '_req']) ? 1 : 0;
-        $set['custom_fields'][$this_field]['name'] = hesk_input(hesk_POST('s_custom' . $i . '_name'), $hesklang['err_custname']);
-        $set['custom_fields'][$this_field]['maxlen'] = intval(hesk_POST('s_custom' . $i . '_maxlen', 255));
-        $set['custom_fields'][$this_field]['value'] = hesk_input(hesk_POST('s_custom' . $i . '_val'));
-
-        if ($set['custom_fields'][$this_field]['type'] == 'email' && $set['custom_fields'][$this_field]['value'] == '') {
-            // New custom field without any options set. Default to Cc
-            $set['custom_fields'][$this_field]['value'] = 'cc';
-        }
-
-        if (!in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea', 'select', 'radio', 'checkbox', 'date', 'multiselect', 'email', 'hidden', 'readonly'))) {
-            $set['custom_fields'][$this_field]['type'] = 'text';
-        }
-
-        // Try to detect if field type changed to anything except "select"
-        if ($set['custom_fields'][$this_field]['type'] != 'select') {
-            // If type is "radio" or "checkbox" remove "please select", keep other options
-            $set['custom_fields'][$this_field]['value'] = str_replace('{HESK_SELECT}', '', $set['custom_fields'][$this_field]['value']);
-
-            // Field type changed to "text" or "textarea", clear default value if it contains "#HESK#" separator
-            if (in_array($set['custom_fields'][$this_field]['type'], array('text', 'textarea')) && !in_array($hesk_settings['custom_fields'][$this_field]['type'], array('text', 'textarea')) && strpos($set['custom_fields'][$this_field]['value'], '#HESK#') !== false) {
-                $set['custom_fields'][$this_field]['value'] = '';
-            }
-        }
-    } else {
-        $set['custom_fields'][$this_field] = array('use' => 0, 'place' => 0, 'type' => 'text', 'req' => 0, 'name' => 'Custom field ' . $i, 'maxlen' => 255, 'value' => '');
-    }
-}
-
 $set['hesk_version'] = $hesk_settings['hesk_version'];
 
 // Process quick help sections
-hesk_dbConnect();
 hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` SET `show` = '0'");
 $postArray = hesk_POST_array('quick_help_sections');
 foreach ($postArray as $value) {
@@ -516,6 +513,7 @@ $set['dropdownItemTextColor'] = hesk_input(hesk_POST('dropdownItemTextColor'));
 $set['dropdownItemTextHoverColor'] = hesk_input(hesk_POST('dropdownItemTextHoverColor'));
 $set['questionMarkColor'] = hesk_input(hesk_POST('questionMarkColor'));
 $set['dropdownItemTextHoverBackgroundColor'] = hesk_input(hesk_POST('dropdownItemTextHoverBackgroundColor'));
+$set['admin_color_scheme'] = hesk_input(hesk_POST('admin-color-scheme'));
 mfh_updateSetting('rtl', $set['rtl']);
 mfh_updateSetting('show_icons', $set['show-icons']);
 mfh_updateSetting('custom_field_setting', $set['custom-field-setting']);
@@ -552,6 +550,7 @@ mfh_updateSetting('use_mailgun', $set['use_mailgun'], false);
 mfh_updateSetting('enable_calendar', $set['enable_calendar'], false);
 mfh_updateSetting('first_day_of_week', $set['first_day_of_week'], false);
 mfh_updateSetting('default_calendar_view', $set['default_view'], true);
+mfh_updateSetting('admin_color_scheme', $set['admin_color_scheme'], true);
 
 // Prepare settings file and save it
 $settings_file_content = '<?php
@@ -588,6 +587,7 @@ $hesk_settings[\'hesk_title\']=\'' . $set['hesk_title'] . '\';
 $hesk_settings[\'hesk_url\']=\'' . $set['hesk_url'] . '\';
 $hesk_settings[\'admin_dir\']=\'' . $set['admin_dir'] . '\';
 $hesk_settings[\'attach_dir\']=\'' . $set['attach_dir'] . '\';
+$hesk_settings[\'cache_dir\']=\'' . $set['cache_dir'] . '\';
 $hesk_settings[\'max_listings\']=' . $set['max_listings'] . ';
 $hesk_settings[\'print_font_size\']=' . $set['print_font_size'] . ';
 $hesk_settings[\'autoclose\']=' . $set['autoclose'] . ';
@@ -598,6 +598,10 @@ $hesk_settings[\'reply_top\']=' . $set['reply_top'] . ';
 // --> Features
 $hesk_settings[\'autologin\']=' . $set['autologin'] . ';
 $hesk_settings[\'autoassign\']=' . $set['autoassign'] . ';
+$hesk_settings[\'require_email\']=' . $set['require_email'] . ';
+$hesk_settings[\'require_owner\']=' . $set['require_owner'] . ';
+$hesk_settings[\'require_subject\']=' . $set['require_subject'] . ';
+$hesk_settings[\'require_message\']=' . $set['require_message'] . ';
 $hesk_settings[\'custclose\']=' . $set['custclose'] . ';
 $hesk_settings[\'custopen\']=' . $set['custopen'] . ';
 $hesk_settings[\'rating\']=' . $set['rating'] . ';
@@ -610,6 +614,7 @@ $hesk_settings[\'debug_mode\']=' . $set['debug_mode'] . ';
 $hesk_settings[\'short_link\']=' . $set['short_link'] . ';
 $hesk_settings[\'select_cat\']=' . $set['select_cat'] . ';
 $hesk_settings[\'select_pri\']=' . $set['select_pri'] . ';
+$hesk_settings[\'cat_show_select\']=' . $set['cat_show_select'] . ';
 
 // --> SPAM Prevention
 $hesk_settings[\'secimg_use\']=' . $set['secimg_use'] . ';
@@ -626,6 +631,8 @@ $hesk_settings[\'attempt_limit\']=' . $set['attempt_limit'] . ';
 $hesk_settings[\'attempt_banmin\']=' . $set['attempt_banmin'] . ';
 $hesk_settings[\'reset_pass\']=' . $set['reset_pass'] . ';
 $hesk_settings[\'email_view_ticket\']=' . $set['email_view_ticket'] . ';
+$hesk_settings[\'x_frame_opt\']=' . $set['x_frame_opt'] . ';
+$hesk_settings[\'force_ssl\']=' . $set['force_ssl'] . ';
 
 // --> Attachments
 $hesk_settings[\'attachments\']=array (
@@ -635,6 +642,15 @@ $hesk_settings[\'attachments\']=array (
 \'allowed_types\' => array(\'' . implode('\',\'', $set['attachments']['allowed_types']) . '\')
 );
 
+// --> IMAP Fetching
+$hesk_settings[\'imap\']=' . $set['imap'] . ';
+$hesk_settings[\'imap_job_wait\']=' . $set['imap_job_wait'] . ';
+$hesk_settings[\'imap_host_name\']=\'' . $set['imap_host_name'] . '\';
+$hesk_settings[\'imap_host_port\']=' . $set['imap_host_port'] . ';
+$hesk_settings[\'imap_enc\']=\'' . $set['imap_enc'] . '\';
+$hesk_settings[\'imap_keep\']=' . $set['imap_keep'] . ';
+$hesk_settings[\'imap_user\']=\'' . $set['imap_user'] . '\';
+$hesk_settings[\'imap_password\']=\'' . $set['imap_password'] . '\';
 
 // ==> KNOWLEDGEBASE
 
@@ -731,22 +747,6 @@ $hesk_settings[\'online_min\']=' . $set['online_min'] . ';
 $hesk_settings[\'check_updates\']=' . $set['check_updates'] . ';
 
 
-// ==> CUSTOM FIELDS
-
-$hesk_settings[\'custom_fields\']=array (
-';
-
-for ($i = 1; $i <= 20; $i++) {
-    $settings_file_content .= '\'custom' . $i . '\'=>array(\'use\'=>' . $set['custom_fields']['custom' . $i]['use'] . ',\'place\'=>' . $set['custom_fields']['custom' . $i]['place'] . ',\'type\'=>\'' . $set['custom_fields']['custom' . $i]['type'] . '\',\'req\'=>' . $set['custom_fields']['custom' . $i]['req'] . ',\'name\'=>\'' . $set['custom_fields']['custom' . $i]['name'] . '\',\'maxlen\'=>' . $set['custom_fields']['custom' . $i]['maxlen'] . ',\'value\'=>\'' . $set['custom_fields']['custom' . $i]['value'] . '\')';
-    if ($i != 20) {
-        $settings_file_content .= ',
-';
-    }
-}
-
-$settings_file_content .= '
-);
-
 #############################
 #     DO NOT EDIT BELOW     #
 #############################
@@ -796,14 +796,6 @@ function mfh_updateSetting($key, $value, $isString = false)
     hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = " . $formattedValue . " WHERE `Key` = '" . $key . "'");
 }
 
-function hesk_checkMinMax($myint, $min, $max, $defval)
-{
-    if ($myint > $max || $myint < $min) {
-        return $defval;
-    }
-    return $myint;
-} // END hesk_checkMinMax()
-
 
 function hesk_getLanguagesArray($returnArray = 0)
 {
@@ -847,7 +839,7 @@ function hesk_getLanguagesArray($returnArray = 0)
                     $add = 0;
                 } elseif (!preg_match('/\$hesklang\[\'EMAIL_HR\'\]\=\'(.*)\'\;/', $tmp, $hr)) {
                     $add = 0;
-                } elseif (!preg_match('/\$hesklang\[\'ms01\'\]/', $tmp)) {
+                } elseif (!preg_match('/\$hesklang\[\'refresh_page\'\]/', $tmp)) {
                     $add = 0;
                 }
             } else {
diff --git a/admin/admin_submit_ticket.php b/admin/admin_submit_ticket.php
index d6241840..53386536 100644
--- a/admin/admin_submit_ticket.php
+++ b/admin/admin_submit_ticket.php
@@ -62,7 +62,22 @@ if ($hesk_settings['can_sel_lang']) {
     $tmpvar['language'] = hesk_POST('customerLanguage');
 }
 $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
-$tmpvar['email'] = hesk_POST('email');
+$email_available = true;
+
+if ($hesk_settings['require_email']) {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+} else {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+    // Not required, but must be valid if it is entered
+    if ($tmpvar['email'] == '') {
+        $email_available = false;
+
+        if (strlen(hesk_POST('email'))) {
+            $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+        }
+    }
+}
 if ($hesk_settings['multi_eml']) {
     $tmpvar['email'] = str_replace(';',',', $tmpvar['email']);
 }
@@ -80,11 +95,22 @@ if ($tmpvar['priority'] < 0 || $tmpvar['priority'] > 3) {
     }
 }
 
-$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
-$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];
+$tmpvar['subject'] = hesk_input( hesk_POST('subject') );
+if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
+    $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
+}
+
+$tmpvar['message']  = hesk_input( hesk_POST('message') );
+if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+    $hesk_error_buffer['message'] = $hesklang['enter_message'];
+}
 
 // Is category a valid choice?
 if ($tmpvar['category']) {
+    if ( ! hesk_checkPermission('can_submit_any_cat', 0) && ! hesk_okCategory($tmpvar['category'], 0) ) {
+        hesk_process_messages($hesklang['noauth_submit'],'new_ticket.php');
+    }
+
     hesk_verifyCategory(1);
 
     // Is auto-assign of tickets disabled in this category?
@@ -94,19 +120,69 @@ if ($tmpvar['category']) {
 }
 
 // Custom fields
-foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use'] && isset($_POST[$k])) {
-        // Date will be handled by the jQuery datepicker
-        if ($v['type'] == 'date' && $_POST[$k] != '') {
-            $tmpvar[$k] = strtotime($_POST[$k]);
-        } else if (is_array($_POST[$k])) {
-            $tmpvar[$k] = '';
-            foreach ($_POST[$k] as $myCB) {
-                $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
+foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+    if ($v['use'] && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
+        if ($v['type'] == 'checkbox') {
+            $tmpvar[$k]='';
+
+            if (isset($_POST[$k]) && is_array($_POST[$k])) {
+                foreach ($_POST[$k] as $myCB) {
+                    $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
+                }
+                $tmpvar[$k]=substr($tmpvar[$k],0,-6);
+            } else {
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
+                $_POST[$k] = '';
+            }
+        } elseif ($v['type'] == 'date') {
+            $tmpvar[$k] = hesk_POST($k);
+            $_SESSION["as_$k"] = '';
+            if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
+                $date = strtotime($tmpvar[$k] . ' t00:00:00');
+                $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
+                $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
+
+                $_SESSION["as_$k"] = $tmpvar[$k];
+
+                if ($dmin && $dmin > $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+                } elseif ($dmax && $dmax < $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+                } else {
+                    $tmpvar[$k] = $date;
+                }
+            } else {
+                $tmpvar[$k] = '';
+
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
+            }
+        } elseif ($v['type'] == 'email')
+        {
+            $tmp = $hesk_settings['multi_eml'];
+            $hesk_settings['multi_eml'] = $v['value']['multiple'];
+            $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+            $hesk_settings['multi_eml'] = $tmp;
+
+            if ($tmpvar[$k] != '') {
+                $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
+            } else {
+                $_SESSION["as_$k"] = '';
+
+                if ($v['req'] == 2) {
+                    $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+                }
+            }
+        } elseif ($v['req'] == 2) {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            if ($tmpvar[$k] == '') {
+                $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
             }
-            $tmpvar[$k] = substr($tmpvar[$k], 0, -6);
         } else {
-            $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
         }
     } else {
         $tmpvar[$k] = '';
@@ -202,7 +278,6 @@ if (count($hesk_error_buffer) != 0) {
 
     $_SESSION['as_name'] = hesk_POST('name');
     $_SESSION['as_email'] = hesk_POST('email');
-    $_SESSION['as_category'] = hesk_POST('category');
     $_SESSION['as_priority'] = $tmpvar['priority'];
     $_SESSION['as_subject'] = hesk_POST('subject');
     $_SESSION['as_message'] = hesk_POST('message');
@@ -211,7 +286,7 @@ if (count($hesk_error_buffer) != 0) {
     $_SESSION['as_show'] = $show;
 
     foreach ($hesk_settings['custom_fields'] as $k => $v) {
-        if ($v['use']) {
+        if ($v['use'] && ! in_array($v['type'], array('date', 'email'))) {
             $_SESSION["as_$k"] = ($v['type'] == 'checkbox') ? hesk_POST_array($k) : hesk_POST($k);
         }
     }
@@ -228,7 +303,7 @@ if (count($hesk_error_buffer) != 0) {
     }
 
     $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
-    hesk_process_messages($hesk_error_buffer, 'new_ticket.php');
+    hesk_process_messages($hesk_error_buffer,'new_ticket.php?category='.$tmpvar['category']);
 }
 
 if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
@@ -258,7 +333,7 @@ $tmpvar['screen_resolution_width'] = "NULL";
 $ticket = hesk_newTicket($tmpvar);
 
 // Notify the customer about the ticket?
-if ($notify) {
+if ($notify && $email_available) {
     hesk_notifyCustomer($modsForHesk_settings);
 }
 
@@ -288,9 +363,7 @@ hesk_cleanSessionVars('as_owner');
 hesk_cleanSessionVars('as_notify');
 hesk_cleanSessionVars('as_show');
 foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use']) {
-        hesk_cleanSessionVars("as_$k");
-    }
+    hesk_cleanSessionVars("as_$k");
 }
 
 // If ticket has been assigned to the person submitting it lets show a message saying so
@@ -304,5 +377,4 @@ if ($show) {
     hesk_process_messages($hesklang['new_ticket_submitted'], 'admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
 } else {
     hesk_process_messages($hesklang['new_ticket_submitted'] . '. <a href="admin_ticket.php?track=' . $ticket['trackid'] . '&Refresh=' . mt_rand(10000, 99999) . '">' . $hesklang['view_ticket'] . '</a>', 'new_ticket.php', 'SUCCESS');
-}
-?>
+}
\ No newline at end of file
diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index fb6f0698..b14d1ed7 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -60,14 +60,22 @@ $can_archive = hesk_checkPermission('can_add_archive', 0);
 $can_assign_self = hesk_checkPermission('can_assign_self', 0);
 $can_view_unassigned = hesk_checkPermission('can_view_unassigned', 0);
 $can_change_cat = hesk_checkPermission('can_change_cat', 0);
+$can_change_own_cat  = hesk_checkPermission('can_change_own_cat',0);
 $can_ban_emails = hesk_checkPermission('can_ban_emails', 0);
 $can_unban_emails = hesk_checkPermission('can_unban_emails', 0);
 $can_ban_ips = hesk_checkPermission('can_ban_ips', 0);
 $can_unban_ips = hesk_checkPermission('can_unban_ips', 0);
+$can_resolve		 = hesk_checkPermission('can_resolve', 0);
 
 // Get ticket ID
 $trackingID = hesk_cleanID() or print_form();
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
+// Load statuses
+//require_once(HESK_PATH . 'inc/statuses.inc.php');
+
 $_SERVER['PHP_SELF'] = 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999);
 
 /* We will need timer function */
@@ -127,7 +135,20 @@ $managerRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_p
 $managerRow = hesk_dbFetchAssoc($managerRS);
 $isManager = $managerRow['id'] == $category['manager'];
 if ($isManager) {
-    $can_del_notes = $can_reply = $can_delete = $can_edit = $can_archive = $can_assign_self = $can_view_unassigned = $can_change_cat = true;
+    $can_del_notes =
+        $can_reply =
+        $can_delete =
+        $can_edit =
+        $can_archive =
+        $can_assign_self =
+        $can_view_unassigned =
+        $can_change_own_cat =
+        $can_change_cat =
+        $can_ban_emails =
+        $can_unban_emails =
+        $can_ban_ips =
+        $can_unban_ips =
+        $can_resolve = true;
 }
 
 /* Is this user allowed to view tickets inside this category? */
@@ -187,12 +208,12 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
                 }
 
                 /* Delete attachments info from the database */
-                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "' LIMIT 1");
+                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "'");
             }
         }
 
         /* Delete this reply */
-        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` WHERE `id`='" . intval($n) . "' AND `replyto`='" . intval($ticket['id']) . "'");
 
         /* Reply wasn't deleted */
         if (hesk_dbAffectedRows() != 1) {
@@ -239,7 +260,7 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
                     }
                 }
 
-                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='{$last_replier}', `replierid`='" . intval($replier_id) . "', `replies`=`replies`-1 $status_sql $closed_sql $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "'");
             } else {
                 // Update status, closedat and closedby columns as required
                 if ($ticket['locked']) {
@@ -250,7 +271,7 @@ if (isset($_GET['delete_post']) && $can_delete && hesk_token_check()) {
                     $closed_sql = " , `closedat`=NULL, `closedby`=NULL ";
                 }
 
-                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `lastreplier`='0', `status`='$status', `replies`=0 $staffreplies_sql WHERE `id`='" . intval($ticket['id']) . "'");
             }
 
             hesk_process_messages($hesklang['repl'], $_SERVER['PHP_SELF'], 'SUCCESS');
@@ -273,7 +294,7 @@ if (isset($_GET['delnote']) && hesk_token_check()) {
             // Permission to delete note?
             if ($can_del_notes || $note['who'] == $_SESSION['id']) {
                 // Delete note
-                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "' LIMIT 1");
+                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `id`='" . intval($n) . "'");
 
                 // Delete attachments
                 if (strlen($note['attachments'])) {
@@ -435,7 +456,7 @@ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['
 
     /* Update database */
     $revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
 
     /* Show ticket */
     hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
@@ -525,15 +546,14 @@ if (isset($_GET['delatt']) && hesk_token_check()) {
     /* Update ticket or reply in the database */
     $revision = sprintf($hesklang['thist12'], hesk_date(), $att['real_name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
     if ($reply) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`='" . intval($reply) . "' LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "'");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'");
     } elseif ($note) {
         hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`={$note} LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note} LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",','') WHERE `id`={$note}");
     } else {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "'");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'");
     }
 
     hesk_process_messages($hesklang['kb_att_rem'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
@@ -553,7 +573,11 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
 /* List of categories */
 $orderBy = $modsForHesk_settings['category_order_column'];
-$result = hesk_dbQuery("SELECT `id`,`name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `usage` <> 2 ORDER BY `" . $orderBy . "` ASC");
+if ($can_change_cat) {
+    $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `usage` <> 2 ORDER BY `cat_order` ASC");
+} else {
+    $result = hesk_dbQuery("SELECT `id`,`name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `usage` <> 2 AND ".hesk_myCategories('id')." ORDER BY `cat_order` ASC");
+}
 $categories_options = '';
 while ($row = hesk_dbFetchAssoc($result)) {
     $selected = '';
@@ -633,6 +657,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
     <?php
     /* This will handle error, success and notice messages */
     hesk_handle_messages();
+
+    // Prepare special custom fields
+    foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+        if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category']) ) {
+            switch ($v['type']) {
+                case 'date':
+                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                    break;
+            }
+        }
+    }
     ?>
     <h1><?php echo $hesklang['ticket_details']; ?></h1>
     <h2>
@@ -1025,15 +1060,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                             <input type="hidden" name="track" value="' . $trackingID . '">
                             <input type="hidden" name="token" value="' . hesk_token_echo(0) . '">
                             </span>';
+                if ( ! $ticket['owner'])
+                {
+                    echo '<input type="hidden" name="unassigned" value="1">';
+                }
+                echo '</form></div>';
             } else {
                 echo '<p class="ticket-property-text">';
                 echo isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] :
-                    ($can_assign_self ? $hesklang['unas'] . ' [<a href="assign_owner.php?track=' . $trackingID . '&amp;owner=' . $_SESSION['id'] . '&amp;token=' . hesk_token_echo(0) . '">' . $hesklang['asss'] . '</a>]' : $hesklang['unas']);
+                    ($can_assign_self ? $hesklang['unas'] . ' [<a href="assign_owner.php?track=' . $trackingID . '&amp;owner=' . $_SESSION['id'] . '&amp;token=' . hesk_token_echo(0) . '&amp;unassigned=1">' . $hesklang['asss'] . '</a>]' : $hesklang['unas']);
                 echo '</p>';
             }
-            echo '</form></div>';
             echo '<div class="col-md-3 col-sm-12 ticket-cell-admin"><p class="ticket-property-title">' . $hesklang['category'] . '</p>';
-            if ($can_change_cat) {
+            if (strlen($categories_options) && ($can_change_cat || $can_change_own_cat)) {
                 echo '
 
                         <form style="margin-bottom:0;" id="changeCategory" action="move_category.php" method="post">
@@ -1248,7 +1287,7 @@ require_once(HESK_PATH . 'inc/footer.inc.php');
 
 function hesk_getAdminButtons($category_id)
 {
-    global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager;
+    global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve, $isManager;
 
     $options = '';
 
@@ -1330,7 +1369,7 @@ function hesk_getAdminButtons($category_id)
                     </div>
                     <div class="modal-body">
                         <?php if ($hasLocation): ?>
-           '               <div id="map" style="height: 500px"></div><br>
+                            <div id="map" style="height: 500px"></div><br>
                             <address id="friendly-location" style="font-size: 13px"></address>
                             <p id="save-for-address"
                                style="font-size: 13px;display:none"><?php echo $hesklang['save_to_see_updated_address']; ?></p>
@@ -1419,7 +1458,7 @@ function hesk_getAdminButtons($category_id)
     $isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly';
 
     $mgr = $isManager ? '&amp;isManager=1' : '';
-    if ($isTicketClosed == 0 && $isClosable) // Ticket is still open
+    if ($isTicketClosed == 0 && $isClosable && $can_resolve) // Ticket is still open
     {
         $dropdown .= '<li><a href="change_status.php?track=' . $trackingID . $mgr . '&amp;s=' . $staffClosedOptionStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
                     <i class="fa fa-check-circle fa-fw"></i> ' . $hesklang['close_action'] . '</a></li>';
@@ -1429,7 +1468,7 @@ function hesk_getAdminButtons($category_id)
     }
 
     /* Lock ticket button */
-    if ($can_edit) {
+    if ($can_resolve) {
         $template = '<li><a href="lock.php?track=' . $trackingID . '&amp;locked=%s&amp;Refresh=' . mt_rand(10000, 99999) . '&amp;token=' . hesk_token_echo(0) . '"><i class="fa fa-%s fa-fw"></i> %s</a></li>';
         $dropdown .= $ticket['locked']
             ? sprintf($template, 0, 'unlock', $hesklang['tul'])
@@ -1560,7 +1599,7 @@ function mfh_print_message() {
         <div class="timeline-item">
             <span class="time"><i class="fa fa-clock-o"></i> <?php echo $ticket['dt']; ?></span>
             <h3 class="timeline-header"><?php echo $ticket['name']; ?></h3>
-            <div class="timeline-body">
+            <div class="timeline-header header-info">
                 <div class="row">
                     <div class="col-md-3 text-right">
                         <strong><?php echo $hesklang['m_sub']; ?></strong>
@@ -1569,16 +1608,13 @@ function mfh_print_message() {
                         <?php echo $ticket['subject']; ?>
                     </div>
                 </div>
-                <?php foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place'] == 0) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
-                        }
+                <?php
+                foreach ($hesk_settings['custom_fields'] as $k => $v) {
+                    if ($v['use'] && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                         echo '<div class="row">';
                         echo '<div class="col-md-3 text-right"><strong>' . $v['name'] . ':</strong></div>';
-                        if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                            $dt = hesk_date($ticket[$k], false, false);
-                            echo '<div class="col-md-9">' . hesk_dateToString($dt, 0) . '</div>';
+                        if ($v['type'] == 'email') {
+                            echo '<div class="col-md-9"><a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a></div>';
                         } else {
                             echo '<div class="col-md-9">' . $ticket[$k] . '</div>';
                         }
@@ -1586,37 +1622,40 @@ function mfh_print_message() {
                     }
                 }
                 ?>
-                <div class="row push-down-10">
-                    <div class="col-md-3 text-right">
-                        <strong><?php echo $hesklang['message_colon']; ?></strong>
-                    </div>
-                    <div class="col-md-9">
-                        <?php if ($ticket['html']) {
-                            echo hesk_html_entity_decode($ticket['message']);
-                        } else {
-                            echo $ticket['message'];
-                        } ?>
-                    </div>
-                </div>
+            </div>
+            <div class="timeline-body">
                 <?php
-                foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place']) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
-                        }
-                        echo '<div class="row">';
-                        echo '<div class="col-md-3 text-right"><strong>' . $v['name'] . ':</strong></div>';
-                        if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                            $dt = hesk_date($ticket[$k], false, false);
-                            echo '<div class="col-md-9">' . hesk_dateToString($dt, 0) . '</div>';
-                        } else {
-                            echo '<div class="col-md-9">' . $ticket[$k] . '</div>';
-                        }
-                        echo '</div>';
+                if ($ticket['message'] != '') {
+                    if ($ticket['html']) {
+                        echo hesk_html_entity_decode($ticket['message']);
+                    } else {
+                        echo $ticket['message'];
                     }
                 }
                 ?>
             </div>
+            <?php
+            $first = true;
+            foreach ($hesk_settings['custom_fields'] as $k => $v) {
+                if ($v['use'] && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
+                    if ($first) {
+                        echo '<div class="timeline-footer">';
+                        $first = false;
+                    }
+                    echo '<div class="row">';
+                    echo '<div class="col-md-3 text-right"><strong>' . $v['name'] . ':</strong></div>';
+                    if ($v['type'] == 'email') {
+                        echo '<div class="col-md-9"><a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a></div>';
+                    } else {
+                        echo '<div class="col-md-9">' . $ticket[$k] . '</div>';
+                    }
+                    echo '</div>';
+                }
+            }
+            if (!$first) {
+                echo '</div>';
+            }
+            ?>
             <?php if (($hesk_settings['attachments']['use'] && strlen($ticket['attachments']))
                 || ($hesk_settings['kb_enable'] && $hesk_settings['kb_recommendanswers'] && strlen($ticket['articles']))): ?>
                 <div class="timeline-footer">
@@ -1746,6 +1785,13 @@ function hesk_printTicketReplies()
 function hesk_printReplyForm()
 {
     global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $isManager, $modsForHesk_settings;
+
+    // Force assigning a ticket before allowing to reply?
+    if ($hesk_settings['require_owner'] && ! $ticket['owner'])
+    {
+        hesk_show_notice($hesklang['atbr'].($can_assign_self ? '<br /><br /><a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$_SESSION['id'].'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1">'.$hesklang['attm'].'</a>' : ''), $hesklang['owneed']);
+        return '';
+    }
     ?>
     <!-- START REPLY FORM -->
     <?php if ($modsForHesk_settings['rich_text_for_tickets']): ?>
@@ -1944,6 +1990,10 @@ function hesk_printReplyForm()
                             <?php
                             $statuses = mfh_getAllStatuses();
                             foreach ($statuses as $status) {
+                                if ($status['IsClosed'] == '1' && !$can_resolve) {
+                                    continue;
+                                }
+
                                 echo '<li><a>
                                         <button class="dropdown-submit" type="submit" name="submit_as_status" value="' . $status['ID'] . '"">
                                             ' . $hesklang['submit_reply'] . ' ' . $hesklang['and_change_status_to'] . ' <b>
@@ -2026,26 +2076,12 @@ function hesk_printCanned()
             myMsg = myMsg.replace(/%%HESK_NAME%%/g, '<?php echo hesk_jsString($ticket['name']); ?>');
             myMsg = myMsg.replace(/%%HESK_EMAIL%%/g, '<?php echo hesk_jsString($ticket['email']); ?>');
             myMsg = myMsg.replace(/%%HESK_OWNER%%/g, '<?php echo hesk_jsString( isset($admins[$ticket['owner']]) ? $admins[$ticket['owner']] : ''); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom1%%/g, '<?php echo hesk_jsString($ticket['custom1']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom2%%/g, '<?php echo hesk_jsString($ticket['custom2']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom3%%/g, '<?php echo hesk_jsString($ticket['custom3']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom4%%/g, '<?php echo hesk_jsString($ticket['custom4']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom5%%/g, '<?php echo hesk_jsString($ticket['custom5']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom6%%/g, '<?php echo hesk_jsString($ticket['custom6']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom7%%/g, '<?php echo hesk_jsString($ticket['custom7']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom8%%/g, '<?php echo hesk_jsString($ticket['custom8']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom9%%/g, '<?php echo hesk_jsString($ticket['custom9']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom10%%/g, '<?php echo hesk_jsString($ticket['custom10']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom11%%/g, '<?php echo hesk_jsString($ticket['custom11']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom12%%/g, '<?php echo hesk_jsString($ticket['custom12']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom13%%/g, '<?php echo hesk_jsString($ticket['custom13']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom14%%/g, '<?php echo hesk_jsString($ticket['custom14']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom15%%/g, '<?php echo hesk_jsString($ticket['custom15']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom16%%/g, '<?php echo hesk_jsString($ticket['custom16']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom17%%/g, '<?php echo hesk_jsString($ticket['custom17']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom18%%/g, '<?php echo hesk_jsString($ticket['custom18']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom19%%/g, '<?php echo hesk_jsString($ticket['custom19']); ?>');
-            myMsg = myMsg.replace(/%%HESK_custom20%%/g, '<?php echo hesk_jsString($ticket['custom20']); ?>');
+
+            <?php
+            for ($i=1; $i<=50; $i++) {
+                echo 'myMsg = myMsg.replace(/%%HESK_custom'.$i.'%%/g, \''.hesk_jsString($ticket['custom'.$i]).'\');';
+            }
+            ?>
 
             if (document.getElementById) {
                 if (document.getElementById('moderep').checked) {
diff --git a/admin/assign_owner.php b/admin/assign_owner.php
index 1a5fdb59..0bef7af7 100755
--- a/admin/assign_owner.php
+++ b/admin/assign_owner.php
@@ -70,7 +70,7 @@ $owner = intval(hesk_REQUEST('owner'));
 /* If ID is -1 the ticket will be unassigned */
 if ($owner == -1) {
     $revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
 
     hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
 } elseif ($owner < 1) {
@@ -89,10 +89,31 @@ if (!$row['isadmin']) {
     }
 }
 
+// Make sure two people don't assign a ticket to a different user at the same time
+if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned') && hesk_GET('confirm') != 'Y') {
+    $new_owner = ($owner == $_SESSION['id']) ? $hesklang['scoy'] : sprintf($hesklang['scot'], $row['name']);
+
+    $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='{$ticket['owner']}' LIMIT 1");
+
+    if (hesk_dbNumRows($res) == 1) {
+        $row = hesk_dbFetchAssoc($res);
+
+        hesk_process_messages(
+            sprintf($hesklang['taat'], $row['name']) .
+            '<br /><br />' .
+            $new_owner .
+            '<br /><br />' .
+            '<a href="assign_owner.php?track='.$ticket['trackid'].'&amp;owner='.$owner.'&amp;token='.hesk_token_echo(0).'&amp;unassigned=1&amp;confirm=Y">'.$hesklang['ycto'].'</a> | ' .
+            '<a href="admin_ticket.php?track='.$ticket['trackid'].'">'.$hesklang['ncto'].'</a>',
+            $_SERVER['PHP_SELF'], 'NOTICE'
+        );
+    }
+}
+
 /* Assigning to self? */
 if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) {
     $revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
 
     if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
         $_SERVER['PHP_SELF'] = 'admin_main.php';
diff --git a/admin/banned_emails.php b/admin/banned_emails.php
index b1078e61..37107fb5 100644
--- a/admin/banned_emails.php
+++ b/admin/banned_emails.php
@@ -107,6 +107,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             </li>
             ';
                     }
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '<li role="presentation"><a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a></li> ';
+                    }
                     ?>
                 </ul>
                 <div class="tab-content summaryList tabPadding">
@@ -152,8 +155,8 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                             <h6 class="bold"><?php echo $hesklang['banex']; ?></h6>
 
                             <div class="footerWithBorder blankSpace"></div>
-                            <b>john@email.com</b><br/>
-                            <b>@domain.com</b>
+                            <b>john@example.com</b><br/>
+                            <b>@example.com</b>
                         </div>
                     </div>
                     <div class="row">
@@ -307,7 +310,7 @@ function unban_email()
     hesk_token_check();
 
     // Delete from bans
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_emails` WHERE `id`=" . intval(hesk_GET('id')));
 
     // Redirect either to banned emails or ticket page from now on
     $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_emails.php';
diff --git a/admin/banned_ips.php b/admin/banned_ips.php
index d6af3c60..e5f5a7fe 100644
--- a/admin/banned_ips.php
+++ b/admin/banned_ips.php
@@ -110,6 +110,12 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
             </li>
             ';
+                    }
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
+            </li>';
                     }
                     ?>
                 </ul>
@@ -375,7 +381,7 @@ function ban_ip()
 
     // Delete temporary bans from logins table
     if ($ip_to == $ip_from) {
-        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "' LIMIT 1");
+        hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip_display) . "'");
     }
 
     // Redirect either to banned ips or ticket page from now on
@@ -407,7 +413,7 @@ function unban_temp_ip()
     $ip = preg_replace('/[^0-9\.\-\/\*]/', '', hesk_REQUEST('ip'));
 
     // Delete from bans
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "logins` WHERE `ip`='" . hesk_dbEscape($ip) . "'");
 
     // Show success
     hesk_process_messages($hesklang['ip_tempun'], 'banned_ips.php', 'SUCCESS');
@@ -423,7 +429,7 @@ function unban_ip()
     hesk_token_check();
 
     // Delete from bans
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')) . " LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "banned_ips` WHERE `id`=" . intval(hesk_GET('id')));
 
     // Redirect either to banned ips or ticket page from now on
     $redirect_to = ($trackingID = hesk_cleanID()) ? 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999) : 'banned_ips.php';
diff --git a/admin/change_status.php b/admin/change_status.php
index 7a16fd3a..f663a253 100644
--- a/admin/change_status.php
+++ b/admin/change_status.php
@@ -74,6 +74,10 @@ $locked = 0;
 $statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE ID = " . $status));
 if ($statusRow['IsClosed']) // Closed
 {
+    if ( ! hesk_checkPermission('can_resolve', 0)) {
+        hesk_process_messages($hesklang['noauth_resolve'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
+    }
+
     $action = $hesklang['ticket_been'] . ' ' . $hesklang['close'];
     $revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
 
@@ -101,7 +105,7 @@ if ($statusRow['IsClosed']) // Closed
 
     // Log who marked the ticket resolved
     $closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
-} elseif ($statusRow['ID'] != 0) //Ticket is still open, but not new
+} elseif ($statusRow['IsNewTicketStatus'] == '0') //Ticket is still open, but not new
 {
     $action = sprintf($hesklang['tsst'], $status_options[$status]);
     $revision = sprintf($hesklang['thist9'], hesk_date(), $status_options[$status], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
@@ -118,11 +122,10 @@ if ($statusRow['IsClosed']) // Closed
 }
 
 
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
 
 if (hesk_dbAffectedRows() != 1) {
     hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found].");
 }
 
 hesk_process_messages($action, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
-?>
diff --git a/admin/custom_fields.php b/admin/custom_fields.php
new file mode 100755
index 00000000..09f6d65f
--- /dev/null
+++ b/admin/custom_fields.php
@@ -0,0 +1,1317 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * http://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * http://www.hesk.com/eula.php
+ *
+ */
+
+define('IN_SCRIPT',1);
+define('HESK_PATH','../');
+
+define('LOAD_TABS',1);
+define('CALENDAR',1);
+
+// Get all the req files and functions
+require(HESK_PATH . 'hesk_settings.inc.php');
+require(HESK_PATH . 'inc/common.inc.php');
+require(HESK_PATH . 'inc/admin_functions.inc.php');
+require(HESK_PATH . 'inc/setup_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
+hesk_load_database_functions();
+
+hesk_session_start();
+hesk_dbConnect();
+hesk_isLoggedIn();
+
+// Check permissions for this feature
+hesk_checkPermission('can_man_settings');
+
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
+// List of categories
+$hesk_settings['categories'] = array();
+$res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC");
+while ($row=hesk_dbFetchAssoc($res))
+{
+	$hesk_settings['categories'][$row['id']] = $row['name'];
+}
+
+// What should we do?
+if ( $action = hesk_REQUEST('a') )
+{
+	if ($action == 'edit_cf') {edit_cf();}
+	elseif ( defined('HESK_DEMO') ) {hesk_process_messages($hesklang['ddemo'], 'custom_fields.php', 'NOTICE');}
+	elseif ($action == 'new_cf') {new_cf();}
+	elseif ($action == 'save_cf') {save_cf();}
+	elseif ($action == 'order_cf') {order_cf();}
+	elseif ($action == 'remove_cf') {remove_cf();}
+}
+
+// Print header
+require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
+
+// Print main manage users page
+require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+?>
+<section class="content">
+	<?php
+	/* This will handle error, success and notice messages */
+	hesk_handle_messages();
+	?>
+	<div class="box">
+		<div class="box-body">
+			<div class="nav-tabs-custom">
+				<ul class="nav nav-tabs" role="tablist">
+					<?php
+					// Show a link to banned_emails.php if user has permission to do so
+					if (hesk_checkPermission('can_ban_emails', 0)) {
+						echo '
+            <li role="presentation">
+                <a title="' . $hesklang['banemail'] . '" href="banned_emails.php">' . $hesklang['banemail'] . '</a>
+            </li>';
+					}
+
+					// Show a link to banned_ips.php if user has permission to do so
+					if (hesk_checkPermission('can_ban_ips', 0)) {
+						echo '
+						<li role="presentation">
+							<a title="' . $hesklang['banip'] . '" href="banned_ips.php">' . $hesklang['banip'] . '</a>
+						</li>';
+					}
+					// Show a link to status_message.php if user has permission to do so
+					if (hesk_checkPermission('can_service_msg', 0)) {
+						echo '
+						<li role="presentation">
+							<a title="' . $hesklang['sm_title'] . '" href="service_messages.php">' . $hesklang['sm_title'] . '</a>
+						</li>';
+					}
+
+					// Show a link to email tpl management if user has permission to do so
+					if (hesk_checkPermission('can_man_email_tpl', 0)) {
+						echo '
+						<li role="presentation">
+							<a title="' . $hesklang['email_templates'] . '" href="manage_email_templates.php">' . $hesklang['email_templates'] . '</a>
+						</li>
+						';
+					}
+					if (hesk_checkPermission('can_man_ticket_statuses', 0)) {
+						echo '
+						<li role="presentation">
+							<a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
+						</li>
+						';
+					}
+					?>
+					<li role="presentation" class="active">
+						<a title="<?php echo $hesklang['tab_4']; ?>" href="custom_fields.php">
+							<?php echo $hesklang['tab_4']; ?>
+							<i class="fa fa-question-circle settingsquestionmark"
+							   onclick="alert('<?php echo hesk_makeJsString($hesklang['cf_intro']); ?>')"></i>
+						</a>
+					</li>
+				</ul>
+				<div class="tab-content summaryList tabPadding">
+					<?php
+					// Did we reach the custom fields limit?
+					if ($hesk_settings['num_custom_fields'] >= 50 && $action != 'edit_cf')
+					{
+						hesk_show_info($hesklang['cf_limit']);
+					}
+					// Less than 50 custom fields
+					else
+					{
+					?>
+						<div class="panel panel-default">
+							<div class="panel-heading">
+								<h4><a name="new_cf"></a><?php echo hesk_SESSION('edit_cf') ? $hesklang['edit_cf'] : $hesklang['new_cf']; ?></h4>
+							</div>
+							<div class="panel-body">
+								<form action="custom_fields.php" method="post" name="form1" class="form-horizontal">
+									<div class="form-group">
+										<label for="name[]" class="col-sm-3 control-label">
+											<?php echo $hesklang['custom_n']; ?>
+										</label>
+										<?php
+										$names = hesk_SESSION(array('new_cf','names'));
+
+										if ($hesk_settings['can_sel_lang'] && count($hesk_settings['languages']) > 1)
+										{
+											?>
+											<table border="0">
+												<?php foreach ($hesk_settings['languages'] as $lang => $info): ?>
+												<tr>
+												<td><?php echo $lang; ?></td>
+												<td><input type="text" class="form-control" name="name[<?php echo $lang; ?>]" size="30" value="<?php echo (isset($names[$lang]) ? $names[$lang] : ''); ?>"></td>
+												</tr>
+												<?php endforeach; ?>
+											</table>
+											<?php
+
+										}
+										else
+										{
+											?>
+											<div class="col-sm-9">
+												<input type="text" class="form-control" name="name[<?php echo $hesk_settings['language']; ?>]" size="30" value="<?php echo isset($names[$hesk_settings['language']]) ? $names[$hesk_settings['language']] : ''; ?>" />
+											</div>
+											<?php
+										}
+										?>
+									</div>
+									<div class="form-group">
+										<label for="name[]" class="col-sm-3 control-label">
+											<?php echo $hesklang['s_type']; ?>
+										</label>
+										<div class="col-sm-9">
+											<select name="type" class="form-control" onchange="hesk_setType(this.value);">
+												<?php $type = hesk_SESSION(array('new_cf','type'), 'text'); ?>
+												<option value="text"     <?php if ($type == 'text') {echo 'selected';} ?> ><?php echo $hesklang['stf']; ?></option>
+												<option value="textarea" <?php if ($type == 'textarea') {echo 'selected';} ?> ><?php echo $hesklang['stb']; ?></option>
+												<option value="radio"    <?php if ($type == 'radio') {echo 'selected';} ?> ><?php echo $hesklang['srb']; ?></option>
+												<option value="select"   <?php if ($type == 'select') {echo 'selected';} ?> ><?php echo $hesklang['ssb']; ?></option>
+												<option value="checkbox" <?php if ($type == 'checkbox') {echo 'selected';} ?> ><?php echo $hesklang['scb']; ?></option>
+												<option value="date"     <?php if ($type == 'date') {echo 'selected';} ?> ><?php echo $hesklang['date']; ?></option>
+												<option value="email"    <?php if ($type == 'email') {echo 'selected';} ?> ><?php echo $hesklang['email']; ?></option>
+												<option value="readonly"    <?php if ($type == 'readonly') {echo 'selected';} ?> ><?php echo $hesklang['readonly_custom_field']; ?></option>
+												<option value="hidden"   <?php if ($type == 'hidden') {echo 'selected';} ?> ><?php echo $hesklang['sch']; ?></option>
+											</select><br>
+											<?php
+											$value = hesk_SESSION(array('new_cf','value'));
+
+											if (is_string($value))
+											{
+												$value = json_decode($value, true);
+											}
+											?>
+
+											<div id="text" style="display:<?php echo ($type == 'text') ? 'block' : 'none' ?>">
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="max_length">
+														<?php echo $hesklang['custom_l']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="max_length"
+															   value="<?php echo isset($value['max_length']) ? intval($value['max_length']) : '255'; ?>" size="5">
+													</div>
+												</div>
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="default_value">
+														<?php echo $hesklang['defw']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="default_value"
+															   value="<?php echo isset($value['default_value']) ? $value['default_value'] : ''; ?>" size="30">
+													</div>
+												</div>
+											</div>
+
+
+											<div id="readonly" style="display:<?php echo ($type == 'readonly') ? 'block' : 'none' ?>">
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="max_length">
+														<?php echo $hesklang['custom_l']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="max_length"
+															   value="<?php echo isset($value['max_length']) ? intval($value['max_length']) : '255'; ?>" size="5">
+													</div>
+												</div>
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="value">
+														<?php echo $hesklang['defw']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="default_value"
+															   value="<?php echo isset($value['default_value']) ? $value['default_value'] : ''; ?>" size="30">
+													</div>
+												</div>
+											</div>
+
+											<div id="textarea" style="display:<?php echo ($type == 'textarea') ? 'block' : 'none' ?>">
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="rows">
+														<?php echo $hesklang['rows']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="rows"
+															   value="<?php echo isset($value['rows']) ? intval($value['rows']) : '12'; ?>" size="5">
+													</div>
+												</div>
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="cols">
+														<?php echo $hesklang['cols']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="cols"
+															   value="<?php echo isset($value['cols']) ? intval($value['cols']) : '60'; ?>" size="5">
+													</div>
+												</div>
+											</div>
+
+											<div id="radio" style="display:<?php echo ($type == 'radio') ? 'block' : 'none' ?>">
+												<p><?php echo $hesklang['opt2']; ?></p>
+												<p><label><input type="checkbox" name="no_default" id="no_default" value="1" <?php if ( ! empty($value['no_default'])) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['rcheck']; ?> </label></p>
+												<textarea class="form-control" name="radio_options" rows="6" cols="40"><?php echo (isset($value['radio_options']) && is_array($value['radio_options'])) ? implode("\n", $value['radio_options']) : ''; ?></textarea>
+											</div>
+
+											<div id="select" style="display:<?php echo ($type == 'select') ? 'block' : 'none' ?>">
+												<p><?php echo $hesklang['opt3']; ?></p>
+												<p><label><input type="checkbox" name="show_select" id="show_select" value="1" <?php if ( ! empty($value['show_select'])) {echo 'checked="checked"';} ?> /> <?php echo $hesklang['show_select']; ?> </label></p>
+												<textarea class="form-control" name="select_options" rows="6" cols="40"><?php echo isset($value['select_options']) && is_array($value['select_options']) ? implode("\n", $value['select_options']) : ''; ?></textarea>
+											</div>
+
+											<div id="checkbox" style="display:<?php echo ($type == 'checkbox') ? 'block' : 'none' ?>">
+												<p><?php echo $hesklang['opt4']; ?></p>
+												<textarea class="form-control" name="checkbox_options" rows="6" cols="40"><?php echo isset($value['checkbox_options']) && is_array($value['checkbox_options']) ? implode("\n", $value['checkbox_options']) : ''; ?></textarea>
+											</div>
+
+											<div id="date" style="display:<?php echo ($type == 'date') ? 'block' : 'none' ?>">
+												<div class="form-group">
+													<label class="col-sm-3 control-label">
+														<?php echo $hesklang['dmin']; ?>
+													</label>
+													<div class="col-sm-9">
+														<?php
+														$dmin = isset($value['dmin']) ? $value['dmin'] : '';
+
+														// Defaults
+														$dmin_pm = '+';
+														$dmin_num = 1;
+														$dmin_type = 'day';
+
+														// Minimum date is in "+1 day" format
+														if (preg_match("/^([+-]{1})(\d+) (day|week|month|year)$/", $dmin, $matches))
+														{
+															$dmin = '';
+															$dmin_rf = 2;
+															$dmin_pm = $matches[1];
+															$dmin_num = $matches[2];
+															$dmin_type = $matches[3];
+														}
+														// Minimum date is in "MM/DD/YYYY" format
+														elseif (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $dmin))
+														{
+															$dmin_rf = 1;
+														}
+														else
+														{
+															$dmin = '';
+															$dmin_rf = 0;
+														}
+														?>
+
+														<div class="form-inline">
+															<div class="radio">
+																<label>
+																	<input type="radio" name="dmin_rf" id="dmin_rf0" value="0"
+																		<?php if ($dmin_rf == 0) {echo 'checked';} ?>> <?php echo $hesklang['d_any']; ?>
+																</label>
+															</div>
+														</div>
+														<div class="form-inline">
+															<div class="radio">
+																<label>
+																	<input type="radio" name="dmin_rf" id="dmin_rf1" value="1"
+																		<?php if ($dmin_rf == 1) {echo 'checked';} ?>> <?php echo $hesklang['d_fixed']; ?>
+																</label>
+															</div>
+															<input type="text" name="dmin" value="<?php echo $dmin; ?>" id="dmin" class="form-control datepicker" size="10" onfocus="document.getElementById('dmin_rf1').checked = true">
+														</div>
+														<div class="form-inline">
+															<div class="radio">
+																<label>
+																	<input type="radio" name="dmin_rf" id="dmin_rf2" value="2"
+																		<?php if ($dmin_rf == 2) {echo 'checked';} ?>> <?php echo $hesklang['d_relative']; ?>
+																</label>
+															</div>
+															<select name="dmin_pm" class="form-control" onclick="document.getElementById('dmin_rf2').checked = true" onchange="document.getElementById('dmin_rf2').checked = true">
+																<option <?php if ($dmin_pm == '+') {echo 'selected';} ?>>+</option>
+																<option <?php if ($dmin_pm == '-') {echo 'selected';} ?>>-</option>
+															</select>
+															<input type="text" class="form-control" name="dmin_num" value="<?php echo $dmin_num; ?>" size="5" onclick="document.getElementById('dmin_rf2').checked = true" onchange="document.getElementById('dmin_rf2').checked = true">
+															<select class="form-control" name="dmin_type" onclick="document.getElementById('dmin_rf2').checked = true" onchange="document.getElementById('dmin_rf2').checked = true">
+																<option value="day"   <?php if ($dmin_type == 'day') {echo 'selected';} ?>><?php echo $hesklang['d_day']; ?></option>
+																<option value="week"  <?php if ($dmin_type == 'week') {echo 'selected';} ?>><?php echo $hesklang['d_week']; ?></option>
+																<option value="month" <?php if ($dmin_type == 'month') {echo 'selected';} ?>><?php echo $hesklang['d_month']; ?></option>
+																<option value="year"  <?php if ($dmin_type == 'year') {echo 'selected';} ?>><?php echo $hesklang['d_year']; ?></option>
+															</select>
+														</div>
+													</div>
+												</div>
+												<div class="form-group">
+													<label class="col-sm-3 control-label">
+														<?php echo $hesklang['dmax']; ?>
+													</label>
+													<div class="col-sm-9">
+														<?php
+														$dmax = isset($value['dmax']) ? $value['dmax'] : '';
+
+														// Defaults
+														$dmax_pm = '+';
+														$dmax_num = 1;
+														$dmax_type = 'day';
+
+														// Minimum date is in "+1 day" format
+														if (preg_match("/^([+-]{1})(\d+) (day|week|month|year)$/", $dmax, $matches))
+														{
+															$dmax = '';
+															$dmax_rf = 2;
+															$dmax_pm = $matches[1];
+															$dmax_num = $matches[2];
+															$dmax_type = $matches[3];
+														}
+														// Minimum date is in "MM/DD/YYYY" format
+														elseif (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $dmax))
+														{
+															$dmax_rf = 1;
+														}
+														else
+														{
+															$dmax = '';
+															$dmax_rf = 0;
+														}
+														?>
+
+														<div class="form-inline">
+															<div class="radio">
+																<label>
+																	<input type="radio" name="dmax_rf" id="dmax_rf0" value="0"
+																		<?php if ($dmax_rf == 0) {echo 'checked';} ?>> <?php echo $hesklang['d_any']; ?>
+																</label>
+															</div>
+														</div>
+														<div class="form-inline">
+															<div class="radio">
+																<label>
+																	<input type="radio" name="dmax_rf" id="dmax_rf1" value="1"
+																		<?php if ($dmax_rf == 1) {echo 'checked';} ?>> <?php echo $hesklang['d_fixed']; ?>
+																</label>
+															</div>
+															<input type="text" class="form-control datepicker" name="dmax" value="<?php echo $dmax; ?>" id="dmax" size="10" onfocus="document.getElementById('dmax_rf1').checked = true">
+														</div>
+														<div class="form-inline">
+															<div class="radio">
+																<label>
+																	<input type="radio" name="dmax_rf" id="dmax_rf2" value="2"
+																		<?php if ($dmax_rf == 2) {echo 'checked';} ?>> <?php echo $hesklang['d_relative']; ?>
+																</label>
+															</div>
+															<select name="dmax_pm" class="form-control" onclick="document.getElementById('dmax_rf2').checked = true" onchange="document.getElementById('dmax_rf2').checked = true">
+																<option <?php if ($dmax_pm == '+') {echo 'selected="selected"';} ?>>+</option>
+																<option <?php if ($dmax_pm == '-') {echo 'selected="selected"';} ?>>-</option>
+															</select>
+															<input type="text" name="dmax_num" class="form-control" value="<?php echo $dmax_num; ?>" size="5" onclick="document.getElementById('dmax_rf2').checked = true" onchange="document.getElementById('dmax_rf2').checked = true">
+															<select name="dmax_type" class="form-control" onclick="document.getElementById('dmax_rf2').checked = true" onchange="document.getElementById('dmax_rf2').checked = true">
+																<option value="day"   <?php if ($dmax_type == 'day') {echo 'selected';} ?>><?php echo $hesklang['d_day']; ?></option>
+																<option value="week"  <?php if ($dmax_type == 'week') {echo 'selected';} ?>><?php echo $hesklang['d_week']; ?></option>
+																<option value="month" <?php if ($dmax_type == 'month') {echo 'selected';} ?>><?php echo $hesklang['d_month']; ?></option>
+																<option value="year"  <?php if ($dmax_type == 'year') {echo 'selected';} ?>><?php echo $hesklang['d_year']; ?></option>
+															</select>
+														</div>
+													</div>
+												</div>
+												<div class="form-group">
+													<label class="col-sm-3 control-label">
+														<?php echo $hesklang['d_format']; ?>
+													</label>
+													<div class="col-sm-9">
+														<?php
+														$date_format = isset($value['date_format']) ? $value['date_format'] : 'F j, Y';
+
+														$default_formats = array(
+															'm/d/Y',
+															'd/m/Y',
+															'm-d-Y',
+															'd-m-Y',
+															'd.m.Y',
+															'M j Y',
+															'j M Y',
+															'j M y',
+															'F j, Y',
+														);
+
+														$time = mktime(0, 0, 0, 12, 30, date('Y'));
+
+														foreach ($default_formats as $format)
+														{
+															echo '<div class="form-inline"><div class="radio"><label><input type="radio" name="date_format" value="'.$format.'" '.($date_format == $format ? 'checked="checked"' : '').' /> '.date($format, $time).'</label></div></div>';
+														}
+
+														?>
+														<div class="form-inline">
+															<div class="radio">
+																<label>
+																	<input type="radio" name="date_format" value="custom" id="d_custom"
+																		<?php if (!in_array($date_format, $default_formats)) {echo 'checked';} ?>>
+																	<?php echo $hesklang['d_custom']; ?>
+																</label>
+															</div>
+															<input type="text" class="form-control" name="date_format_custom"
+																   value="<?php echo $date_format; ?>" size="10" onclick="document.getElementById('d_custom').checked = true"
+																   onchange="document.getElementById('d_custom').checked = true">
+															<a href="javascript:;" onclick="alert('<?php echo hesk_makeJsString($hesklang['d_ci']); ?>')">
+																<i class="fa fa-question-circle settingsquestionmark"></i>
+															</a>
+														</div>
+													</div>
+												</div>
+											</div>
+
+											<div id="email" style="display:<?php echo ($type == 'email') ? 'block' : 'none' ?>">
+												<div class="form-group">
+													<label for="email_multi" class="col-sm-4 control-label">
+														<?php echo $hesklang['meml3']; ?>
+													</label>
+													<div class="col-sm-8">
+														<?php $email_multi = empty($value['multiple']) ? 0 : 1; ?>
+														<div class="radio">
+															<label>
+																<input type="radio" name="email_multi" id="email_multi0" value="0"
+																	<?php if ($email_multi == 0) {echo 'checked';} ?>>
+																<?php echo $hesklang['no']; ?>
+															</label>
+														</div>
+														<div class="radio">
+															<label>
+																<input type="radio" name="email_multi" id="email_multi1" value="1"
+																	<?php if ($email_multi == 1) {echo 'checked';} ?>>
+																<?php echo $hesklang['yes']; ?>
+															</label>
+														</div>
+													</div>
+												</div>
+												<div class="form-group">
+													<label for="email_type" class="col-sm-4 control-label">
+														<?php echo $hesklang['email_custom_field_label']; ?>
+													</label>
+													<div class="col-sm-8">
+														<?php $address_type = empty($value['email_type']) ? 'none' : $value['email_type']; ?>
+														<div class="radio">
+															<label>
+																<input type="radio" name="email_type" value="none"
+																	<?php if ($address_type == 'none') {echo 'checked';} ?>>
+																<?php echo $hesklang['none']; ?>
+															</label>
+														</div>
+														<div class="radio">
+															<label>
+																<input type="radio" name="email_type" value="cc"
+																	<?php if ($address_type == 'cc') {echo 'checked';} ?>>
+																<?php echo $hesklang['cc']; ?>
+															</label>
+														</div>
+														<div class="radio">
+															<label>
+																<input type="radio" name="email_type" value="bcc"
+																	<?php if ($address_type == 'bcc') {echo 'checked';} ?>>
+																<?php echo $hesklang['bcc']; ?>
+															</label>
+														</div>
+													</div>
+												</div>
+											</div>
+
+											<div id="hidden" style="display:<?php echo ($type == 'hidden') ? 'block' : 'none' ?>">
+												<p><?php echo $hesklang['hidf']; ?></p>
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="hidden_max_length">
+														<?php echo $hesklang['custom_l']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="hidden_max_length"
+															   value="<?php echo isset($value['max_length']) ? intval($value['max_length']) : '255'; ?>" size="5">
+													</div>
+												</div>
+												<div class="form-group">
+													<label class="col-sm-3 control-label" for="hidden_default_value">
+														<?php echo $hesklang['defw']; ?>
+													</label>
+													<div class="col-sm-3">
+														<input type="text" class="form-control" name="hidden_default_value"
+															   value="<?php echo isset($value['default_value']) ? $value['default_value'] : ''; ?>" size="30">
+													</div>
+												</div>
+											</div>
+										</div>
+									</div>
+									<div class="form-group">
+										<label class="col-sm-3 control-label" for="use">
+											<?php echo $hesklang['visibility']; ?>
+										</label>
+										<div class="col-sm-9">
+											<?php $use = hesk_SESSION(array('new_cf','use'), 1); ?>
+											<div class="radio">
+												<label>
+													<input type="radio" name="use" id="use1" value="1"
+														   onchange="hesk_setRadioOptions();" <?php if ($use == 1) {echo 'checked';} ?>>
+													<?php echo $hesklang['cf_public']; ?>
+												</label>
+											</div>
+											<div class="radio">
+												<label>
+													<input type="radio" name="use" id="use2" value="2"
+														   onchange="hesk_setRadioOptions();" <?php if ($use == 2) {echo 'checked';} ?>>
+													<?php echo $hesklang['cf_private']; ?>
+												</label>
+											</div>
+										</div>
+									</div>
+									<div class="form-group">
+										<label for="req" class="col-sm-3 control-label">
+											<?php echo $hesklang['custom_r']; ?>
+										</label>
+										<div class="col-sm-9">
+											<?php $req = hesk_SESSION(array('new_cf','req'), 0); ?>
+											<div class="radio">
+												<label>
+													<input type="radio" name="req" id="req0" value="0"
+														<?php if ($req == 0) {echo 'checked';} ?>>
+													<?php echo $hesklang['no']; ?>
+												</label>
+											</div>
+											<div class="radio">
+												<label>
+													<input type="radio" name="req" id="req2" value="2"
+														<?php if ($req == 2) {echo 'checked';} ?>>
+													<?php echo $hesklang['yes']; ?>
+												</label>
+											</div>
+											<div class="radio">
+												<label id="req_customers" style="display:<?php echo ($use == 2) ? 'none' : 'inline'; ?>">
+													<input type="radio" name="req" id="req1" value="1"
+														<?php if ($req == 1) {echo 'checked';} ?>>
+													<?php echo $hesklang['cf_cust']; ?>
+												</label>
+											</div>
+										</div>
+									</div>
+									<div class="form-group">
+										<label for="place" class="col-sm-3 control-label">
+											<?php echo $hesklang['custom_place']; ?>
+										</label>
+										<div class="col-sm-9">
+											<?php $place = hesk_SESSION(array('new_cf','place')) ? 1 : 0; ?>
+											<div class="radio">
+												<label>
+													<input type="radio" name="place" value="0"
+														<?php if ($place == 0) {echo 'checked';} ?>>
+													<?php echo $hesklang['place_before']; ?>
+												</label>
+											</div>
+											<div class="radio">
+												<label>
+													<input type="radio" name="place" value="1"
+														<?php if ($place == 1) {echo 'checked';} ?>>
+													<?php echo $hesklang['place_after']; ?>
+												</label>
+											</div>
+										</div>
+									</div>
+									<div class="form-group">
+										<label for="category" class="col-sm-3 control-label">
+											<?php echo $hesklang['category']; ?>
+										</label>
+										<div class="col-sm-9">
+											<?php $category = hesk_SESSION(array('new_cf','category')) ? 1 : 0; ?>
+											<div class="radio">
+												<label>
+													<input type="radio" name="category" id="category0" value="0"
+														   onchange="hesk_setRadioOptions();" <?php if ($category == 0) {echo 'checked';} ?>>
+													<?php echo $hesklang['cf_all']; ?>
+												</label>
+											</div>
+											<div class="radio">
+												<label>
+													<input type="radio" name="category" id="category1" value="1"
+														   onchange="hesk_setRadioOptions();" <?php if ($category == 1) {echo 'checked';} ?>>
+													<?php echo $hesklang['cf_cat']; ?>
+												</label>
+											</div>
+											<div id="selcat" style="display:<?php echo $category ? 'block' : 'none'; ?>">
+												<select class="form-control" name="categories[]" multiple="multiple" size="10">
+													<?php
+													$categories = hesk_SESSION(array('new_cf','categories'));
+													$categories = is_array($categories) ? $categories : array();
+
+													foreach ($hesk_settings['categories'] as $cat_id => $cat_name)
+													{
+														echo '<option value="'.$cat_id.'"'.(in_array($cat_id, $categories) ? ' selected' : '').'>'.$cat_name.'</option>';
+													}
+													?>
+												</select>
+												<?php echo $hesklang['cf_ctrl']; ?>
+											</div>
+										</div>
+									</div>
+									<div class="form-group">
+										<div class="col-sm-9 col-sm-offset-3">
+											<?php echo isset($_SESSION['edit_cf']) ? '<input type="hidden" name="a" value="save_cf" /><input type="hidden" name="id" value="'.intval($_SESSION['new_cf']['id']).'" />' : '<input type="hidden" name="a" value="new_cf" />'; ?>
+											<input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+											<input type="submit" value="<?php echo $hesklang['cf_save']; ?>" class="btn btn-default">
+										</div>
+									</div>
+								</form>
+							</div>
+						</div>
+					<?php } ?>
+					<script language="javascript" type="text/javascript"><!--
+						function hesk_toggleLayer(nr,setto) {
+							if (document.all)
+								document.all[nr].style.display = setto;
+							else if (document.getElementById)
+								document.getElementById(nr).style.display = setto;
+						}
+
+						function hesk_setType(myType) {
+							var divs = ["text", "textarea", "radio", "select", "checkbox", "date", "email", "hidden", "readonly"];
+							var index;
+							var setTo;
+
+							for (index = 0; index < divs.length; ++index) {
+								setTo = (myType == divs[index] + "") ? 'block' : 'none';
+								hesk_toggleLayer(divs[index], setTo);
+							}
+						}
+
+						function hesk_setRadioOptions() {
+							if(document.getElementById('use1').checked) {
+								hesk_toggleLayer('req_customers', 'inline');
+							} else {
+								hesk_toggleLayer('req_customers', 'none');
+								if(document.getElementById('req1').checked) {
+									document.getElementById('req0').checked = true;
+								}
+							}
+
+							if(document.getElementById('category1').checked) {
+								hesk_toggleLayer('selcat', 'block');
+							} else {
+								hesk_toggleLayer('selcat', 'none');
+							}
+						}
+						//-->
+					</script>
+					<div class="panel panel-default">
+						<div class="panel-heading">
+							<h4><?php echo $hesklang['ex_cf']; ?></h4>
+						</div>
+						<div class="panel-body">
+							<?php
+							// List existing custom fields
+							if ($hesk_settings['num_custom_fields'] < 1) {
+								echo $hesklang['no_cf'];
+							} else {
+							?>
+								<table border="0" cellspacing="1" cellpadding="3" class="table table-striped" width="100%">
+									<thead>
+									<tr>
+										<th><?php echo $hesklang['id']; ?></th>
+										<th><?php echo $hesklang['custom_n']; ?></th>
+										<th><?php echo $hesklang['s_type']; ?></th>
+										<th><?php echo $hesklang['visibility']; ?></th>
+										<th><?php echo $hesklang['custom_r']; ?></th>
+										<th><?php echo $hesklang['category']; ?></th>
+										<th><?php echo $hesklang['opt']; ?></th>
+									</tr>
+									</thead>
+									<tbody>
+									<?php
+									$before = true;
+									$after = true;
+									$hide_up = false;
+									$num_before = 0;
+									$num_after = 0;
+
+									foreach ($hesk_settings['custom_fields'] as $id => $cf) {
+										if ($cf['place']) {
+											$num_after++;
+										} else {
+											$num_before++;
+										}
+									}
+
+									$k = 1;
+									foreach ($hesk_settings['custom_fields'] as $id => $cf) {
+										$id = intval(str_replace('custom', '', $id));
+
+										if ($hide_up) {
+											$hide_up = false;
+										}
+
+										if ($before && $cf['place'] == 0) {
+											?>
+											<tr>
+												<td colspan="7"><b><i><?php echo $hesklang['place_before']; ?></i></b></td>
+											</tr>
+											<?php
+											$before = false;
+										} elseif ($after && $cf['place'] == 1) {
+											?>
+											<tr>
+												<td colspan="7"><b><i><?php echo $hesklang['place_after']; ?></i></b></td>
+											</tr>
+											<?php
+											$after = false;
+											$hide_up = true;
+										}
+
+										$cf['type'] = hesk_custom_field_type($cf['type']);
+										$cf['use'] = ($cf['use'] == 1) ? $hesklang['cf_public'] : $hesklang['cf_private'];
+										$cf['req'] = ($cf['req'] == 0) ? $hesklang['no'] : ($cf['req'] == 2 ? $hesklang['yes'] : $hesklang['cf_cust']);
+										$cf['category'] = count($cf['category']) ? $hesklang['cf_cat'] : $hesklang['cf_all'];
+										?>
+										<tr>
+											<td><?php echo $id; ?></td>
+											<td><?php echo $cf['name']; ?></td>
+											<td><?php echo $cf['type']; ?></td>
+											<td><?php echo $cf['use']; ?></td>
+											<td><?php echo $cf['req']; ?></td>
+											<td><?php echo $cf['category']; ?></td>
+											<td>
+												<?php
+												if ($hesk_settings['num_custom_fields'] == 2 && $num_before == 1) {
+													// Special case, don't print anything
+												} elseif ($hesk_settings['num_custom_fields'] > 1) {
+													if (($num_before == 1 && $cf['place'] == 0) || ($num_after == 1 && $cf['place'] == 1)) {
+														// Only 1 custom fields in this place, don't print anything
+														?>
+														<i class="fa fa-fw icon-link">&nbsp;</i>
+														<i class="fa fa-fw icon-link">&nbsp;</i>
+														<?php
+													} elseif ($k == 1 || $hide_up) {
+														?>
+														<i class="fa fa-fw icon-link">&nbsp;</i>
+														<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
+															<i class="fa fa-arrow-down fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_dn']; ?>"></i>
+														</a>
+														<?php
+													} elseif ($k == $hesk_settings['num_custom_fields'] || $k == $num_before) {
+														?>
+														<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
+															<i class="fa fa-arrow-up fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i>
+														</a>
+														<i class="fa fa-fw icon-link">&nbsp;</i>
+														<?php
+													} else {
+														?>
+														<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=-15&amp;token=<?php hesk_token_echo(); ?>">
+															<i class="fa fa-arrow-up fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_up']; ?>"></i>
+														</a>
+														<a href="custom_fields.php?a=order_cf&amp;id=<?php echo $id; ?>&amp;move=15&amp;token=<?php hesk_token_echo(); ?>">
+															<i class="fa fa-arrow-down fa-fw icon-link green" data-toggle="tooltip" title="<?php echo $hesklang['move_dn']; ?>"></i>
+														</a>
+														<?php
+													}
+												}
+												?>
+												<a href="custom_fields.php?a=edit_cf&amp;id=<?php echo $id; ?>">
+													<i class="fa fa-pencil fa-fw icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i>
+												</a>
+												<a href="custom_fields.php?a=remove_cf&amp;id=<?php echo $id; ?>&amp;token=<?php hesk_token_echo(); ?>"
+												   onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_cf']); ?>');">
+													<i class="fa fa-times fa-fw icon-link red" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i>
+												</a>
+											</td>
+										</tr>
+										<?php
+										$k++;
+									} // End while
+									?>
+									</tbody>
+								</table>
+							<?php } ?>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+	</div>
+</section>
+<?php
+
+hesk_cleanSessionVars( array('new_cf', 'edit_cf') );
+
+require_once(HESK_PATH . 'inc/footer.inc.php');
+exit();
+
+
+/*** START FUNCTIONS ***/
+
+
+function save_cf()
+{
+	global $hesk_settings, $hesklang;
+	global $hesk_error_buffer;
+
+	// A security check
+	# hesk_token_check('POST');
+
+	// Get custom field ID
+	$id = intval( hesk_POST('id') ) or hesk_error($hesklang['cf_e_id']);
+
+	// Validate inputs
+	if (($cf = cf_validate()) == false)
+	{
+		$_SESSION['edit_cf'] = true;
+		$_SESSION['new_cf']['id'] = $id;
+
+		$tmp = '';
+		foreach ($hesk_error_buffer as $error)
+		{
+			$tmp .= "<li>$error</li>\n";
+		}
+		$hesk_error_buffer = $tmp;
+
+		$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+		hesk_process_messages($hesk_error_buffer,'custom_fields.php');
+	}
+
+	// Add custom field data into database
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET
+	`use`      = '{$cf['use']}',
+	`place`    = '{$cf['place']}',
+	`type`     = '{$cf['type']}',
+	`req`      = '{$cf['req']}',
+	`category` = ".(count($cf['categories']) ? "'".json_encode($cf['categories'])."'" : 'NULL').",
+	`name`     = '".hesk_dbEscape($cf['names'])."',
+	`value`    = ".(strlen($cf['value']) ? "'".hesk_dbEscape($cf['value'])."'" : 'NULL')."
+	WHERE `id`={$id}");
+
+	// Clear cache
+	hesk_purge_cache('cf');
+
+	// Show success
+	$_SESSION['cford'] = $id;
+	hesk_process_messages($hesklang['cf_mdf'],'custom_fields.php','SUCCESS');
+
+} // End save_cf()
+
+
+function edit_cf()
+{
+	global $hesk_settings, $hesklang;
+
+	// Get custom field ID
+	$id = intval( hesk_GET('id') ) or hesk_error($hesklang['cf_e_id']);
+
+	// Get details from the database
+	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `id`={$id} LIMIT 1");
+	if ( hesk_dbNumRows($res) != 1 )
+	{
+		hesk_error($hesklang['cf_not_found']);
+	}
+	$cf = hesk_dbFetchAssoc($res);
+
+	$cf['names'] = json_decode($cf['name'], true);
+	unset($cf['name']);
+
+	if (strlen($cf['category']))
+	{
+		$cf['categories'] = json_decode($cf['category'], true);
+		$cf['category'] = 1;
+	}
+	else
+	{
+		$cf['categories'] = array();
+		$cf['category'] = 0;
+	}
+
+	$_SESSION['new_cf'] = $cf;
+	$_SESSION['edit_cf'] = true;
+
+} // End edit_cf()
+
+
+function order_cf()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Get ID and move parameters
+	$id    = intval( hesk_GET('id') ) or hesk_error($hesklang['cf_e_id']);
+	$move  = intval( hesk_GET('move') );
+	$_SESSION['cford'] = $id;
+
+	// Update article details
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `order`=`order`+".intval($move)." WHERE `id`={$id}");
+
+	// Update order of all custom fields
+	update_cf_order();
+
+	// Clear cache
+	hesk_purge_cache('cf');
+
+	// Finish
+	header('Location: custom_fields.php');
+	exit();
+
+} // End order_cf()
+
+
+function update_cf_order()
+{
+	global $hesk_settings, $hesklang;
+
+	// Get list of current custom fields
+	$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use` IN ('1','2') ORDER BY `place` ASC, `order` ASC");
+
+	// Update database
+	$i = 10;
+	while ( $cf = hesk_dbFetchAssoc($res) )
+	{
+		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `order`=".intval($i)." WHERE `id`='".intval($cf['id'])."'");
+		$i += 10;
+	}
+
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `order`=1000 WHERE `use`='0'");
+
+	return true;
+
+} // END update_cf_order()
+
+
+function remove_cf()
+{
+	global $hesk_settings, $hesklang;
+
+	// A security check
+	hesk_token_check();
+
+	// Get ID
+	$id = intval( hesk_GET('id') ) or hesk_error($hesklang['cf_e_id']);
+
+	// Reset the custom field
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `use`='0', `place`='0', `type`='text', `req`='0', `category`=NULL, `name`='', `value`=NULL, `order`=1000 WHERE `id`={$id}");
+
+	// Were we successful?
+	if ( hesk_dbAffectedRows() == 1 )
+	{
+		// Update order
+		update_cf_order();
+
+		// Clear cache
+		hesk_purge_cache('cf');
+
+		// Delete custom field data from tickets
+		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `custom{$id}`=''");
+
+		// Show success message
+		hesk_process_messages($hesklang['cf_deleted'],'./custom_fields.php','SUCCESS');
+	}
+	else
+	{
+		hesk_process_messages($hesklang['cf_not_found'],'./custom_fields.php');
+	}
+
+} // End remove_cf()
+
+
+function cf_validate()
+{
+	global $hesk_settings, $hesklang;
+	global $hesk_error_buffer;
+
+	$hesk_error_buffer = array();
+
+	// Get names
+	$cf['names'] = hesk_POST_array('name');
+
+	// Make sure only valid names pass
+	foreach ($cf['names'] as $key => $name)
+	{
+		if ( ! isset($hesk_settings['languages'][$key]))
+		{
+			unset($cf['names'][$key]);
+		}
+		else
+		{
+			$name = is_array($name) ? '' : hesk_input($name, 0, 0, HESK_SLASH);
+
+			if (strlen($name) < 1)
+			{
+				unset($cf['names'][$key]);
+			}
+			else
+			{
+				$cf['names'][$key] = stripslashes($name);
+			}
+		}
+	}
+
+	// No name entered?
+	if ( ! count($cf['names']))
+	{
+		$hesk_error_buffer[] = $hesklang['err_custname'];
+	}
+
+	// Get type and values
+	$cf['type'] = hesk_POST('type');
+	switch ($cf['type'])
+	{
+		case 'textarea':
+			$cf['rows'] = hesk_checkMinMax(intval(hesk_POST('rows')), 1, 100, 12);
+			$cf['cols'] = hesk_checkMinMax(intval(hesk_POST('cols')), 1, 500, 60);
+			$cf['value'] = array('rows' => $cf['rows'], 'cols' => $cf['cols']);
+			break;
+
+		case 'radio':
+			$cf['radio_options'] = stripslashes(hesk_input(hesk_POST('radio_options'), 0, 0, HESK_SLASH));
+
+			$options = preg_split("/\\r\\n|\\r|\\n/", $cf['radio_options']);
+
+			$no_default = hesk_POST('no_default') ? 1 : 0;
+
+			$cf['value'] = array('radio_options' => $options, 'no_default' => $no_default);
+
+			if (count($options) < 2)
+			{
+				$hesk_error_buffer[] = $hesklang['atl2'];
+			}
+
+			break;
+
+		case 'select':
+			$cf['select_options'] = stripslashes(hesk_input(hesk_POST('select_options'), 0, 0, HESK_SLASH));
+
+			$options = preg_split("/\\r\\n|\\r|\\n/", $cf['select_options']);
+
+			$show_select = hesk_POST('show_select') ? 1 : 0;
+
+			$cf['value'] = array('show_select' => $show_select, 'select_options' => $options);
+
+			if (count($options) < 2)
+			{
+				$hesk_error_buffer[] = $hesklang['atl2'];
+			}
+
+			break;
+
+		case 'checkbox':
+			$cf['checkbox_options'] = stripslashes(hesk_input(hesk_POST('checkbox_options'), 0, 0, HESK_SLASH));
+
+			$options = preg_split("/\\r\\n|\\r|\\n/", $cf['checkbox_options']);
+
+			$cf['value'] = array('checkbox_options' => $options);
+
+			if ( ! isset($options[0]) || strlen($options[0]) < 1)
+			{
+				$hesk_error_buffer[] = $hesklang['atl1'];
+			}
+
+			break;
+
+		case 'date':
+        	$cf['dmin'] = '';
+            $cf['dmax'] = '';
+
+            // Minimum date
+            $dmin_rf = hesk_POST('dmin_rf');
+
+            if ($dmin_rf == 1)
+            {
+            	$dmin = hesk_POST('dmin');
+
+            	if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $dmin))
+                {
+                	$cf['dmin'] = $dmin;
+                }
+            }
+            elseif ($dmin_rf == 2)
+            {
+				$dmin_pm = hesk_POST('dmin_pm') == '+' ? '+' : '-';
+				$dmin_num = intval(hesk_POST('dmin_num', 0));
+				$dmin_type = hesk_POST('dmin_type');
+                if ( ! in_array($dmin_type, array('day', 'week', 'month', 'year')))
+                {
+                	$dmin_type = 'day';
+                }
+
+                $cf['dmin'] = $dmin_pm . $dmin_num . ' ' . $dmin_type;
+            }
+
+			// Maximum date
+            $dmax_rf = hesk_POST('dmax_rf');
+
+            if ($dmax_rf == 1)
+            {
+            	$dmax = hesk_POST('dmax');
+
+            	if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $dmax))
+                {
+                	$cf['dmax'] = $dmax;
+                }
+            }
+            elseif ($dmax_rf == 2)
+            {
+				$dmax_pm = hesk_POST('dmax_pm') == '+' ? '+' : '-';
+				$dmax_num = intval(hesk_POST('dmax_num', 0));
+				$dmax_type = hesk_POST('dmax_type');
+                if ( ! in_array($dmax_type, array('day', 'week', 'month', 'year')))
+                {
+                	$dmax_type = 'day';
+                }
+
+                $cf['dmax'] = $dmax_pm . $dmax_num . ' ' . $dmax_type;
+            }
+
+            // Minimum date should not be higher than maximum date
+            if (strlen($cf['dmin']) && strlen($cf['dmax']))
+            {
+				if (strtotime($cf['dmin']) > strtotime($cf['dmax']))
+				{
+					$hesk_error_buffer[] = $hesklang['d_mm'];
+				}
+            }
+
+            // Date format
+            $date_format = hesk_POST('date_format');
+            if ($date_format == 'custom')
+            {
+            	$date_format = hesk_POST('date_format_custom');
+            }
+
+            $cf['date_format'] = preg_replace('/[^a-zA-Z0-9 \/\.\_+\-,;:#(){}\[\]\'@*]/', '', $date_format);
+
+            $cf['value'] = array('dmin' => $cf['dmin'], 'dmax' => $cf['dmax'], 'date_format' => $cf['date_format']);
+
+			break;
+
+		case 'email':
+			$cf['email_multi'] = hesk_POST('email_multi') ? 1 : 0;
+			$cf['email_type'] = hesk_POST('email_type', 'none');
+			$cf['value'] = array('multiple' => $cf['email_multi'], 'email_type' => $cf['email_type']);
+			break;
+
+		case 'hidden':
+			$cf['hidden_max_length'] = hesk_checkMinMax(intval(hesk_POST('hidden_max_length')), 1, 10000, 255);
+			$cf['hidden_default_value'] = stripslashes(hesk_input(hesk_POST('hidden_default_value'), 0, 0, HESK_SLASH));
+			$cf['value'] = array('max_length' => $cf['hidden_max_length'], 'default_value' => $cf['hidden_default_value']);
+			break;
+
+		case 'readonly':
+			$max_length = hesk_POST('max_length');
+			$value = hesk_POST('default_value');
+			$cf['value'] = array('default_value' => $value, 'max_length' => $max_length);
+			break;
+
+		default:
+			$cf['type'] = 'text';
+			$cf['max_length'] = hesk_checkMinMax(intval(hesk_POST('max_length')), 1, 10000, 255);
+			$cf['default_value'] = stripslashes(hesk_input(hesk_POST('default_value'), 0, 0, HESK_SLASH));
+			$cf['value'] = array('max_length' => $cf['max_length'], 'default_value' => $cf['default_value']);
+
+	}
+
+	// Enable
+	$cf['use'] = hesk_POST('use') == 2 ? 2 : 1;
+
+	// req
+	$cf['req'] = hesk_POST('req');
+	$cf['req'] = $cf['req'] == 2 ? 2 : ($cf['req'] == 1 ? 1 : 0);
+
+	// Private fields cannot be req for customers
+	if ($cf['use'] == 2 && $cf['req'] == 1)
+	{
+		$cf['req'] = 0;
+	}
+
+	// Located above or below "Message"?
+	$cf['place'] = hesk_POST('place') ? 1 : 0;
+
+	// Get allowed categories
+	if (hesk_POST('category'))
+	{
+		$cf['category'] = 1;
+		$cf['categories'] = hesk_POST_array('categories');
+
+		foreach ($cf['categories'] as $key => $cat_id)
+		{
+			if ( ! isset($hesk_settings['categories'][$cat_id]) )
+			{
+				unset($cf['categories'][$key]);
+			}
+		}
+
+		if ( ! count($cf['categories']))
+		{
+			$hesk_error_buffer[] = $hesklang['cf_nocat'];
+		}
+	}
+	else
+	{
+		$cf['category'] = 0;
+		$cf['categories'] = array();
+	}
+
+	// Any errors?
+	if (count($hesk_error_buffer))
+	{
+		$_SESSION['new_cf'] = $cf;
+		return false;
+	}
+
+	$cf['names'] = addslashes(json_encode($cf['names']));
+	$cf['value'] = $cf['type'] == 'date' ? json_encode($cf['value']) : addslashes(json_encode($cf['value']));
+
+	return $cf;
+} // END cf_validate()
+
+
+function new_cf()
+{
+	global $hesk_settings, $hesklang;
+	global $hesk_error_buffer;
+
+	// A security check
+	# hesk_token_check('POST');
+
+	// Validate inputs
+	if (($cf = cf_validate()) == false)
+	{
+		$tmp = '';
+		foreach ($hesk_error_buffer as $error)
+		{
+			$tmp .= "<li>$error</li>\n";
+		}
+		$hesk_error_buffer = $tmp;
+
+		$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
+		hesk_process_messages($hesk_error_buffer,'custom_fields.php');
+	}
+
+	// Get the lowest available custom field ID
+	$res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use`='0' ORDER BY `id` ASC LIMIT 1");
+	$row = hesk_dbFetchRow($res);
+	$_SESSION['cford'] = intval($row[0]);
+
+	// Insert custom field into database
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET
+	`use`      = '{$cf['use']}',
+	`place`    = '{$cf['place']}',
+	`type`     = '{$cf['type']}',
+	`req`      = '{$cf['req']}',
+	`category` = ".(count($cf['categories']) ? "'".json_encode($cf['categories'])."'" : 'NULL').",
+	`name`     = '".hesk_dbEscape($cf['names'])."',
+	`value`    = ".(strlen($cf['value']) ? "'".hesk_dbEscape($cf['value'])."'" : 'NULL').",
+	`order`    = 990
+	WHERE `id`={$_SESSION['cford']}");
+
+	// Update order
+	update_cf_order();
+
+	// Clear cache
+	hesk_purge_cache('cf');
+
+	// Show success
+	hesk_process_messages($hesklang['cf_added'],'custom_fields.php','SUCCESS');
+
+} // End new_cf()
diff --git a/admin/delete_tickets.php b/admin/delete_tickets.php
index 4880d4cb..b6b8d014 100644
--- a/admin/delete_tickets.php
+++ b/admin/delete_tickets.php
@@ -131,7 +131,7 @@ if (array_key_exists($_POST['a'], $priorities)) {
         hesk_okCategory($ticket['category']);
 
         $revision = sprintf($hesklang['thist8'], hesk_date(), $priority['formatted'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id} LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id}");
 
         $i++;
     }
@@ -223,7 +223,7 @@ elseif ($_POST['a'] == 'tag' || $_POST['a'] == 'untag') {
 
         hesk_okCategory($ticket['category']);
 
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `archive`='$archived' WHERE `id`='" . intval($this_id) . "'");
         $i++;
     }
 
@@ -233,6 +233,7 @@ else {
     /* Check permissions for this feature */
     hesk_checkPermission('can_view_tickets');
     hesk_checkPermission('can_reply_tickets');
+    hesk_checkPermission('can_resolve');
 
     /* A security check */
     hesk_token_check('POST');
@@ -255,7 +256,7 @@ else {
         $closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
         $closedStatus = hesk_dbFetchAssoc($closedStatusRS);
 
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "'");
         $i++;
 
         // Notify customer of closed ticket?
diff --git a/admin/edit_post.php b/admin/edit_post.php
index 7e0f36a0..779c8400 100644
--- a/admin/edit_post.php
+++ b/admin/edit_post.php
@@ -31,12 +31,14 @@
 define('IN_SCRIPT', 1);
 define('HESK_PATH', '../');
 define('WYSIWYG', 1);
+define('VALIDATOR', 1);
 
 /* Get all the required files and functions */
 require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
 require(HESK_PATH . 'inc/mail_functions.inc.php');
+require(HESK_PATH . 'inc/custom_fields.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -56,6 +58,10 @@ $trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['n
 $is_reply = 0;
 $tmpvar = array();
 
+if (!isset($_SESSION['iserror'])) {
+    $_SESSION['iserror'] = array();
+}
+
 /* Get ticket info */
 $result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
 if (hesk_dbNumRows($result) != 1) {
@@ -111,13 +117,29 @@ if (isset($_POST['save'])) {
 
         $tmpvar['html'] = hesk_POST('html');
 
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `html`='" . $tmpvar['html'] . "', `message`='" . hesk_dbEscape($tmpvar['message']) . "' WHERE `id`='" . intval($tmpvar['id']) . "' AND `replyto`='" . intval($ticket['id']) . "'");
     } else {
         $tmpvar['language'] = hesk_POST('customerLanguage');
         $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer[] = $hesklang['enter_your_name'];
-        $tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0);
+
+        if ($hesk_settings['require_email']) {
+            $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+        } else {
+            $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+            // Not required, but must be valid if it is entered
+            if ($tmpvar['email'] == '') {
+                if (strlen(hesk_POST('email'))) {
+                    $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+                }
+            }
+        }
+
         $tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer[] = $hesklang['enter_ticket_subject'];
-        $tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer[] = $hesklang['enter_message'];
+        $tmpvar['message'] = hesk_input( hesk_POST('message') );
+        if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+            $hesk_error_buffer[] = $hesklang['enter_message'];
+        }
         $tmpvar['html'] = hesk_POST('html');
 
         // Demo mode
@@ -125,6 +147,82 @@ if (isset($_POST['save'])) {
             $tmpvar['email'] = 'hidden@demo.com';
         }
 
+        // Custom fields
+        foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+            if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
+                if ($v['req'] == 2) {
+                    $v['req'] = '<span class="important">*</span>';
+                    $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                } else {
+                    $v['req'] = '';
+                    $required_attribute = '';
+                }
+
+                if ($v['type'] == 'checkbox') {
+                    $tmpvar[$k]='';
+
+                    if (isset($_POST[$k]) && is_array($_POST[$k])) {
+                        foreach ($_POST[$k] as $myCB) {
+                            $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br>';
+                        }
+                        $tmpvar[$k]=substr($tmpvar[$k],0,-6);
+                    } else {
+                        if ($v['req'] == 2) {
+                            $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                        }
+                        $_POST[$k] = '';
+                    }
+                } elseif ($v['type'] == 'date') {
+                    $tmpvar[$k] = hesk_POST($k);
+                    $_SESSION["as_$k"] = '';
+
+                    if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
+                        $date = strtotime($tmpvar[$k] . ' t00:00:00');
+                        $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
+                        $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
+
+                        $_SESSION["as_$k"] = $tmpvar[$k];
+
+                        if ($dmin && $dmin > $date) {
+                            $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+                        } elseif ($dmax && $dmax < $date) {
+                            $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+                        } else {
+                            $tmpvar[$k] = $date;
+                        }
+                    } else {
+                        if ($v['req'] == 2) {
+                            $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                        }
+                    }
+                } elseif ($v['type'] == 'email') {
+                    $tmp = $hesk_settings['multi_eml'];
+                    $hesk_settings['multi_eml'] = $v['value']['multiple'];
+                    $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+                    $hesk_settings['multi_eml'] = $tmp;
+
+                    if ($tmpvar[$k] != '') {
+                        $_SESSION["as_$k"] = hesk_input($tmpvar[$k]);
+                    } else {
+                        $_SESSION["as_$k"] = '';
+
+                        if ($v['req'] == 2) {
+                            $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+                        }
+                    }
+                } elseif ($v['req'] == 2) {
+                    $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+                    if ($tmpvar[$k] == '') {
+                        $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                    }
+                } else {
+                    $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
+                }
+            } else {
+                $tmpvar[$k] = '';
+            }
+        }
+
         if (count($hesk_error_buffer)) {
             $myerror = '<ul>';
             foreach ($hesk_error_buffer as $error) {
@@ -139,51 +237,20 @@ if (isset($_POST['save'])) {
             $tmpvar['message'] = nl2br($tmpvar['message']);
         }
 
-        foreach ($hesk_settings['custom_fields'] as $k => $v) {
-            if ($v['use'] && isset($_POST[$k])) {
-                if ($v['type'] == 'date' && $_POST[$k] != '') {
-                    $tmpvar[$k] = strtotime($_POST[$k]);
-                } elseif (is_array($_POST[$k])) {
-                    $tmpvar[$k] = '';
-                    foreach ($_POST[$k] as $myCB) {
-                        $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';
-                    }
-                    $tmpvar[$k] = substr($tmpvar[$k], 0, -6);
-                } else {
-                    $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input($_POST[$k])));
-                }
-            } else {
-                $tmpvar[$k] = '';
-            }
+        $custom_SQL = '';
+        for ($i = 1; $i <= 50; $i++) {
+            $custom_SQL .= '`custom'.$i.'`=' . (isset($tmpvar['custom'.$i]) ? "'".hesk_dbEscape($tmpvar['custom'.$i])."'" : "''") . ',';
         }
+        $custom_SQL = rtrim($custom_SQL, ',');
 
         hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET
 		`name`='" . hesk_dbEscape($tmpvar['name']) . "',
 		`email`='" . hesk_dbEscape($tmpvar['email']) . "',
 		`subject`='" . hesk_dbEscape($tmpvar['subject']) . "',
 		`message`='" . hesk_dbEscape($tmpvar['message']) . "',
-		`custom1`='" . hesk_dbEscape($tmpvar['custom1']) . "',
-		`custom2`='" . hesk_dbEscape($tmpvar['custom2']) . "',
-		`custom3`='" . hesk_dbEscape($tmpvar['custom3']) . "',
-		`custom4`='" . hesk_dbEscape($tmpvar['custom4']) . "',
-		`custom5`='" . hesk_dbEscape($tmpvar['custom5']) . "',
-		`custom6`='" . hesk_dbEscape($tmpvar['custom6']) . "',
-		`custom7`='" . hesk_dbEscape($tmpvar['custom7']) . "',
-		`custom8`='" . hesk_dbEscape($tmpvar['custom8']) . "',
-		`custom9`='" . hesk_dbEscape($tmpvar['custom9']) . "',
-		`custom10`='" . hesk_dbEscape($tmpvar['custom10']) . "',
-		`custom11`='" . hesk_dbEscape($tmpvar['custom11']) . "',
-		`custom12`='" . hesk_dbEscape($tmpvar['custom12']) . "',
-		`custom13`='" . hesk_dbEscape($tmpvar['custom13']) . "',
-		`custom14`='" . hesk_dbEscape($tmpvar['custom14']) . "',
-		`custom15`='" . hesk_dbEscape($tmpvar['custom15']) . "',
-		`custom16`='" . hesk_dbEscape($tmpvar['custom16']) . "',
-		`custom17`='" . hesk_dbEscape($tmpvar['custom17']) . "',
-		`custom18`='" . hesk_dbEscape($tmpvar['custom18']) . "',
-		`custom19`='" . hesk_dbEscape($tmpvar['custom19']) . "',
-		`custom20`='" . hesk_dbEscape($tmpvar['custom20']) . "',
 		`language`='" . hesk_dbEscape($tmpvar['language']) . "',
-		`html`='" . hesk_dbEscape($tmpvar['html']) . "'
+		`html`='" . hesk_dbEscape($tmpvar['html']) . "',
+		$custom_SQL
 		WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
     }
 
@@ -222,15 +289,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             </div>
         </div>
         <div class="box-body">
-            <form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1">
+            <?php
+            $onsubmit = '';
+            if ($modsForHesk_settings['rich_text_for_tickets']) {
+                $onsubmit = 'onsubmit="return validateRichText(\'message-help-block\', \'message-group\', \'message\', \''.htmlspecialchars($hesklang['this_field_is_required']).'\')"';
+            }
+            ?>
+            <form role="form" class="form-horizontal" method="post" action="edit_post.php" name="form1" <?php echo $onsubmit; ?>>
                 <?php
                 /* If it's not a reply edit all the fields */
                 if (!$is_reply) {
                     if ($hesk_settings['can_sel_lang']) {
                         ?>
                         <div class="form-group">
-                            <label for="customerLanguage" class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?>
-                                :</label>
+                            <label for="customerLanguage"
+                                   class="col-sm-3 control-label"><?php echo $hesklang['chol']; ?></label>
 
                             <div class="col-sm-9">
                                 <select name="customerLanguage" id="customerLanguage" class="form-control">
@@ -242,7 +315,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                         echo '<input type="hidden" name="customerLanguage" value="' . $ticket['language'] . '">';
                     } ?>
                     <div class="form-group">
-                        <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>:</label>
+                        <?php
+                        $required = '';
+                        $required_attribute = '';
+                        if ($hesk_settings['require_subject'] == 1) {
+                            $required = ' <span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        }
+                        ?>
+                        <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject'] . $required; ?></label>
 
                         <div class="col-sm-9">
                             <input class="form-control" type="text" name="subject" size="40" maxlength="40"
@@ -251,83 +332,101 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                         </div>
                     </div>
                     <div class="form-group">
-                        <label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>:</label>
+                        <label for="name" class="col-sm-3 control-label">
+                            <?php echo $hesklang['name']; ?>
+                            <span class="important">*</span>
+                        </label>
 
                         <div class="col-sm-9">
                             <input class="form-control" type="text" name="name" size="40" maxlength="30"
                                    value="<?php echo $ticket['name']; ?>"
-                                   placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"/>
+                                   placeholder="<?php echo htmlspecialchars($hesklang['name']); ?>"
+                                   data-error="<?php echo $hesklang['this_field_is_required']; ?>"
+                                   required>
                         </div>
                     </div>
                     <div class="form-group">
-                        <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>:</label>
+                        <?php
+                        $required = '';
+                        $required_attribute = '';
+                        if ($hesk_settings['require_email']) {
+                            $required = ' <span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        }
+                        ?>
+                        <label for="email"
+                               class="col-sm-3 control-label"><?php echo $hesklang['email'] . $required; ?></label>
 
                         <div class="col-sm-9">
                             <input class="form-control" type="text" name="email" size="40" maxlength="1000"
                                    value="<?php echo $ticket['email']; ?>"
-                                   placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"/>
+                                   placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"
+                                <?php echo $required_attribute ?>>
+                            <div class="help-block with-errors"></div>
                         </div>
                     </div>
                     <?php
                     foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                        if ($v['use']) {
-                            if ($modsForHesk_settings['custom_field_setting']) {
-                                $v['name'] = $hesklang[$v['name']];
-                            }
-
+                        if ($v['use'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                             $k_value = $ticket[$k];
 
                             if ($v['type'] == 'checkbox') {
-                                $k_value = explode('<br />', $k_value);
+                                $k_value = explode('<br>', $k_value);
+                            }
+
+                            if ($v['req'] == 2) {
+                                $v['req'] = '<span class="important">*</span>';
+                                $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                            } else {
+                                $v['req'] = '';
+                                $required_attribute = '';
                             }
 
                             switch ($v['type']) {
                                 /* Radio box */
                                 case 'radio':
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
                                     echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-		                        <div class="col-sm-9">';
-
-                                    $options = explode('#HESK#', $v['value']);
-
-                                    foreach ($options as $option) {
-
-                                        if (strlen($k_value) == 0 || $k_value == $option) {
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">';
+                                    foreach ($v['value']['radio_options'] as $option) {
+                                        if (strlen($k_value) == 0) {
+                                            $k_value = $option;
+                                            $checked = empty($v['value']['no_default']) ? 'checked="checked"' : '';
+                                        } elseif ($k_value == $option) {
                                             $k_value = $option;
                                             $checked = 'checked="checked"';
                                         } else {
                                             $checked = '';
                                         }
 
-                                        echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
+                                        echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                     }
+                                    echo '<div class="help-block with-errors"></div></div>
+                    </div>';
 
-                                    echo '</div>
-						        </div>
-						        ';
                                     break;
 
                                 /* Select drop-down box */
                                 case 'select':
-                                    echo '
-						        <div class="form-group">
-						        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-		                        <div class="col-sm-9"><select class="form-control" name="' . $k . '">';
 
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+
+                                    echo '
+                    <div class="form-group">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <select name="' . $k . '" class="form-control" ' . $required_attribute . '>';
                                     // Show "Click to select"?
-                                    $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                    if ($num) {
+                                    if (!empty($v['value']['show_select'])) {
                                         echo '<option value="">' . $hesklang['select'] . '</option>';
                                     }
 
-                                    $options = explode('#HESK#', $v['value']);
-
-                                    foreach ($options as $option) {
-
-                                        if (strlen($k_value) == 0 || $k_value == $option) {
+                                    foreach ($v['value']['select_options'] as $option) {
+                                        if ($k_value == $option) {
                                             $k_value = $option;
-                                            $selected = 'selected="selected"';
+                                            $selected = 'selected';
                                         } else {
                                             $selected = '';
                                         }
@@ -335,154 +434,139 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                         echo '<option ' . $selected . '>' . $option . '</option>';
                                     }
 
-                                    echo '</select></div>
-						        </div>
-						        ';
+                                    echo '</select>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                     break;
 
                                 /* Checkbox */
                                 case 'checkbox':
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
                                     echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-		                            <div class="col-sm-9">';
-
-                                    $options = explode('#HESK#', $v['value']);
-
-                                    foreach ($options as $option) {
-
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">';
+                                    foreach ($v['value']['checkbox_options'] as $option) {
                                         if (in_array($option, $k_value)) {
-                                            $checked = 'checked="checked"';
+                                            $checked = 'checked';
                                         } else {
                                             $checked = '';
                                         }
 
-                                        echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' /> ' . $option . '</label></div>';
+                                        echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                     }
-
-                                    echo '</div>
-						        </div>
-						        ';
+                                    echo '<div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                     break;
 
                                 /* Large text box */
                                 case 'textarea':
-                                    $size = explode('#', $v['value']);
-                                    $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                    $size[1] = empty($size[1]) ? 30 : intval($size[1]);
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
                                     $k_value = hesk_msgToPlain($k_value, 0, 0);
 
                                     echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-						            <div class="col-sm-9">
-                                        <textarea class="form-control" name="' . $k . '" rows="' . $size[0] . '" placeholder="' . htmlspecialchars($v['name']) . '" cols="' . $size[1] . '">' . $k_value . '</textarea>
-						            </div>
-		                        </div>';
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <textarea name="' . $k . '" class="form-control" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                     break;
 
+                                // Date
                                 case 'date':
-                                    if (strlen($k_value) != 0) {
-                                        $v['value'] = $k_value;
+                                    if ($required_attribute !== '') {
+                                        $required_attribute .= '  pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
                                     }
-                                    echo '
-                                <div class="form-group">
-                                    <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-                                    <div class="col-sm-9">
-                                        <input type="text" class="datepicker form-control white-readonly" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $v['name'] . '" name="' . $k . '" size="40"
-                                            maxlength="' . $v['maxlen'] . '" value="' . date('Y-m-d', $v['value']) . '" readonly/>
-                                    </div>
-                                </div>';
-                                    break;
-                                case 'multiselect':
-                                    echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-                                <div class="col-sm-9"><select class="form-control" id="' . $v['name'] . '" name="' . $k . '" multiple>';
-                                    $options = explode('#HESK#', $v['value']);
-                                    foreach ($options as $option) {
-                                        if (strlen($k_value) == 0 || $k_value == $option) {
-                                            $k_value = $option;
-                                            $selected = 'selected="selected"';
-                                        } else {
-                                            $selected = '';
-                                        }
-                                        echo '<option ' . $selected . '>' . $option . '</option>';
-                                    }
-                                    echo '</select>
-                                <div class="btn-group" role="group">
-                                    <button type="button" class="btn btn-default" onclick="selectAll(\'' . $v['name'] . '\')">'.$hesklang['select_all_title_case'].'</button>
-                                    <button type="button" class="btn btn-default" onclick="deselectAll(\'' . $v['name'] . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                                </div></div></div>';
-                                    break;
-
-                                case 'hidden':
-                                    //Clean up multiple dashes or whitespaces
-                                    $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                    if (strlen($k_value) != 0) {
-                                        $v['value'] = $k_value;
-                                    }
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                    echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '"/>';
+                                    $k_value = hesk_custom_date_display_format($k_value, 'Y-m-d');
 
+                                    echo '
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" name="' . $k . '" value="' . $k_value . '" class="datepicker form-control" size="10" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                     break;
 
-                                case 'readonly':
-                                    //Clean up multiple dashes or whitespaces
-                                    $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
+                                // Email
+                                case 'email':
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
 
-                                    if (strlen($k_value) != 0) {
-                                        $v['value'] = $k_value;
-                                    }
-
-                                    echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly></div>
-                                </div>';
+                                    $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\'' . $k . '\', \'' . $k . '_suggestions\', 0, 1' . ($v['value']['multiple'] ? ',1' : '') . ')"' : '';
 
+                                    echo '
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input class="form-control" type="text" name="' . $k . '" id="' . $k . '" value="' . $k_value . '" size="40" ' . $suggest . ' ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    	<div id="' . $k . '_suggestions"></div>
+                    </div>
+					';
                                     break;
 
-                                /* Default text input */
+                                // Hidden (same as text for staff)
+                                case 'hidden':
+                                case 'readonly':
                                 default:
                                     if (strlen($k_value) != 0) {
-                                        $k_value = hesk_msgToPlain($k_value, 0, 0);
-                                        $v['value'] = $k_value;
+                                        $v['value']['default_value'] = $k_value;
                                     }
+
+                                    $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+
                                     echo '
-						        <div class="form-group">
-						            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': </label>
-						            <div class="col-sm-9">
-                                        <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" />
-                                    </div>
-						        </div>
-						        ';
+                    <div class="form-group' . $cls . '">
+                        <label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>
+					';
                             }
                         }
                     }
-                    ?>
+                } ?>
+                    <div class="form-group" id="message-group">
+                        <?php
+                        $required = '';
+                        $required_attribute = '';
+                        if ($hesk_settings['require_message'] == 1) {
+                            $required = ' <span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        }
 
-                <?php } ?>
-                <div class="form-group">
-                    <label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?>:</label>
+                        ?>
+                        <label for="message" class="col-sm-3 control-label"><?php echo $hesklang['message'] . $required; ?></label>
 
-                <div class="col-sm-9">
-                    <?php
-                    $message = $ticket['html'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
-                    ?>
-                    <textarea class="form-control htmlEditor" name="message" rows="12"
-                              placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
-                              cols="60"><?php echo $message; ?></textarea>
-                </div>
-            </div>
+                        <div class="col-sm-9">
+                            <?php
+                            $message = $ticket['html'] ? hesk_html_entity_decode($ticket['message']) : $ticket['message'];
+                            ?>
+                            <textarea class="form-control htmlEditor" name="message" rows="12"
+                                      placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
+                                      cols="60" <?php echo $required_attribute; ?>><?php echo $message; ?></textarea>
+                            <div class="help-block with-errors" id="message-help-block"></div>
+                        </div>
+                    </div>
             <div class="form-group">
-                <input type="hidden" name="save" value="1"/><input type="hidden" name="track"
-                                                                   value="<?php echo $trackingID; ?>"/>
-                <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>"/>
+                <input type="hidden" name="save" value="1">
+                <input type="hidden" name="track" value="<?php echo $trackingID; ?>">
+                <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
                 <?php
                 if ($is_reply) {
                     ?>
-                    <input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>"/>
+                    <input type="hidden" name="reply" value="<?php echo $tmpvar['id']; ?>">
                     <?php
                 }
                 ?>
@@ -492,7 +576,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 $html = $ticket['html'] ? 1 : 0;
                 ?>
                 <input type="hidden" name="html" value="<?php echo $html; ?>">
-                <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default"/>
+                <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default">
                 <?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
                     <input type="hidden" name="isManager" value="1">
                 <?php endif; ?>
@@ -501,6 +585,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
         </form>
     </div>
 </div>
+    <script>
+        buildValidatorForTicketSubmission('form1', "<?php echo addslashes($hesklang['select_at_least_one_value']); ?>");
+    </script>
 <?php if ($ticket['html']): ?>
     <script type="text/javascript">
         /* <![CDATA[ */
diff --git a/admin/export.php b/admin/export.php
index 304e9594..a1ec0899 100644
--- a/admin/export.php
+++ b/admin/export.php
@@ -38,6 +38,7 @@ require(HESK_PATH . 'inc/admin_functions.inc.php');
 require(HESK_PATH . 'inc/reporting_functions.inc.php');
 require(HESK_PATH . 'inc/status_functions.inc.php');
 require(HESK_PATH . 'inc/mail_functions.inc.php');
+require(HESK_PATH . 'inc/custom_fields.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -48,6 +49,13 @@ hesk_isLoggedIn();
 hesk_checkPermission('can_export');
 $modsForHesk_settings = mfh_getSettings();
 
+// Just a delete file action?
+$delete = hesk_GET('delete');
+if (strlen($delete) && preg_match('/^hesk_export_[0-9_\-]+$/', $delete)) {
+    hesk_unlink(HESK_PATH.$hesk_settings['cache_dir'].'/'.$delete.'.zip');
+    hesk_process_messages($hesklang['fd'], 'export.php','SUCCESS');
+}
+
 // Set default values
 define('CALENDAR', 1);
 define('MAIN_PAGE', 1);
@@ -62,23 +70,23 @@ $is_all_time = 0;
 // Default this month to date
 $date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
 $date_to = date('Y-m-d');
-$input_datefrom = date('m/d/Y', strtotime('last month'));
-$input_dateto = date('m/d/Y');
+$input_datefrom = date('Y-m-d', strtotime('last month'));
+$input_dateto = date('Y-m-d');
 
 /* Date */
 if (!empty($_GET['w'])) {
     $df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
     if (strlen($df) == 8) {
-        $date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2);
-        $input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4);
+        $date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
+        $input_datefrom = $date_from;
     } else {
         $date_from = date('Y-m-d', strtotime('last month'));
     }
 
     $dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
     if (strlen($dt) == 8) {
-        $date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
-        $input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
+        $date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
+        $input_dateto = $date_to;
     } else {
         $date_to = date('Y-m-d');
     }
@@ -317,7 +325,7 @@ if (isset($_GET['w'])) {
     }
 
     // This will be the export directory
-    $export_dir = HESK_PATH . $hesk_settings['attach_dir'] . '/export/';
+    $export_dir = HESK_PATH.$hesk_settings['cache_dir'].'/';
 
     // This will be the name of the export and the XML file
     $export_name = 'hesk_export_' . date('Y-m-d_H-i-s') . '_' . mt_rand(10000, 99999);
@@ -331,12 +339,7 @@ if (isset($_GET['w'])) {
 		}
 	
         // Cleanup old files
-        $files = preg_grep('/index\.htm$/', glob($export_dir.'*', GLOB_NOSORT), PREG_GREP_INVERT);
-        if (is_array($files) && count($files)) {
-            foreach ($files as $file) {
-                hesk_unlink($file, 86400);
-            }
-        }
+        hesk_purge_cache('export', 86400);
     } else {
         hesk_error($hesklang['ede']);
     }
@@ -348,6 +351,7 @@ if (isset($_GET['w'])) {
     }
 
     // Start generating the report message and generating the export
+    $success_msg = '';
     $flush_me = '<br /><br />';
     $flush_me .= hesk_date() . " | {$hesklang['inite']} ";
 
@@ -389,6 +393,9 @@ if (isset($_GET['w'])) {
   <Style ss:ID="s62">
    <NumberFormat ss:Format="General Date"/>
   </Style>
+  <Style ss:ID="s63">
+   <NumberFormat ss:Format="Short Date"/>
+  </Style>
   <Style ss:ID="s65">
    <NumberFormat ss:Format="[h]:mm:ss"/>
   </Style>
@@ -440,10 +447,6 @@ if (isset($_GET['w'])) {
 
     foreach ($hesk_settings['custom_fields'] as $k => $v) {
         if ($v['use']) {
-            if ($modsForHesk_settings['custom_field_setting']) {
-                $v['name'] = $hesklang[$v['name']];
-            }
-
             $tmp .= '<Cell><Data ss:Type="String">' . $v['name'] . '</Data></Cell>' . "\n";
         }
     }
@@ -506,14 +509,17 @@ if (isset($_GET['w'])) {
 ';
 
         // Add custom fields
-        foreach ($hesk_settings['custom_fields'] as $k => $v) {
+        foreach ($hesk_settings['custom_fields'] as $k=>$v) {
             if ($v['use']) {
-                $output = $ticket[$k];
-                if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                    $dt = date('Y-m-d', $ticket[$k]);
-                    $output = hesk_dateToString($dt, 0);
+                switch ($v['type']) {
+                    case 'date':
+                        $tmp_dt = hesk_custom_date_display_format($ticket[$k], 'Y-m-d\T00:00:00.000');
+                        $tmp .= strlen($tmp_dt) ? '<Cell ss:StyleID="s63"><Data ss:Type="DateTime">'.$tmp_dt : '<Cell><Data ss:Type="String">';
+                        $tmp .= "</Data></Cell> \n";
+                        break;
+                    default:
+                        $tmp .= '<Cell><Data ss:Type="String"><![CDATA['.hesk_msgToPlain($ticket[$k], 1, 0).']]></Data></Cell>  ' . "\n";
                 }
-                $tmp .= '<Cell><Data ss:Type="String"><![CDATA[' . hesk_msgToPlain($output, 1, 0) . ']]></Data></Cell>  ' . "\n";
             }
         }
 
@@ -637,7 +643,10 @@ if (isset($_GET['w'])) {
 
         // We're done!
         $flush_me .= hesk_date() . " | {$hesklang['fZIP']}<br /><br />";
-        $flush_me .= '<a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . "</a>\n";
+
+        // Success message
+        $success_msg .= $hesk_settings['debug_mode'] ? $flush_me : '<br /><br />';
+        $success_msg .= $hesklang['step1'] . ': <a href="' . $save_to_zip . '">' . $hesklang['ch2d'] . '</a><br /><br />' . $hesklang['step2'] . ': <a href="export.php?delete='.urlencode($export_name).'">' . $hesklang['dffs'] . '</a>';
     } // No tickets exported, cleanup
     else {
         hesk_unlink($save_to);
@@ -673,9 +682,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             hesk_handle_messages();
 
             // If an export was generated, show the link to download
-            if (isset($flush_me)) {
+            if (isset($success_msg)) {
                 if ($tickets_exported > 0) {
-                    hesk_show_success($flush_me);
+                    hesk_show_success($success_msg);
                 } else {
                     hesk_show_notice($hesklang['n2ex']);
                 }
@@ -685,10 +694,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 <div class="form-group">
                     <label for="time" class="control-label col-sm-2"><?php echo $hesklang['dtrg']; ?>:</label>
 
-                    <div class="col-sm-10">
+                    <div class="col-sm-10 form-inline">
                         <!-- START DATE -->
                         <input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
                         <select name="time" onclick="document.getElementById('w0').checked = true"
+                                class="form-control"
                                 onfocus="document.getElementById('w0').checked = true"
                                 style="margin-top:5px;margin-bottom:5px;">
                             <option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
@@ -719,16 +729,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                             <option value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
                         </select>
 
-                        <br/>
+                        <br>
 
                         <input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
                         <?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
                                                                 value="<?php echo $input_datefrom; ?>" id="datefrom"
-                                                                class="tcal" size="10"
+                                                                class="datepicker form-control" size="10"
                                                                 onclick="document.getElementById('w1').checked = true"
                                                                 onfocus="document.getElementById('w1').checked = true;this.focus;"/>
                         <?php echo $hesklang['to']; ?> <input type="text" name="dateto" value="<?php echo $input_dateto; ?>"
-                                                              id="dateto" class="tcal" size="10"
+                                                              id="dateto" class="datepicker form-control" size="10"
                                                               onclick="document.getElementById('w1').checked = true"
                                                               onfocus="document.getElementById('w1').checked = true; this.focus;"/>
                         <!-- END DATE -->
diff --git a/admin/find_tickets.php b/admin/find_tickets.php
index 9f667caf..456c52d1 100644
--- a/admin/find_tickets.php
+++ b/admin/find_tickets.php
@@ -37,6 +37,7 @@ require(HESK_PATH . 'hesk_settings.inc.php');
 require(HESK_PATH . 'inc/common.inc.php');
 require(HESK_PATH . 'inc/admin_functions.inc.php');
 require(HESK_PATH . 'inc/status_functions.inc.php');
+require(HESK_PATH . 'inc/mail_functions.inc.php');
 hesk_load_database_functions();
 
 hesk_session_start();
@@ -51,31 +52,18 @@ hesk_checkPermission('can_view_tickets');
 
 $_SERVER['PHP_SELF'] = './admin_main.php';
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* Print header */
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
 /* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
-?>
-
-</td>
-</tr>
-<tr>
-    <td>
-        <div class="row pad-down-20">
-            <div class="col-md-12">
-                <div class="panel panel-default">
-                    <div class="panel-heading">
-                        <h4><?php echo $hesklang['tickets_found']; ?> <span class="nu-floatRight panel-button"><a
-                                    href="new_ticket.php"
-                                    class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> <?php echo $hesklang['nti']; ?></a></span></h4>
-                    </div>
-
-                    <?php
 
-                    // This SQL code will be used to retrieve results
-                    $sql_final = "SELECT
+// This SQL code will be used to retrieve results
+$sql_final = "SELECT
 `id`,
 `trackid`,
 `name`,
@@ -220,16 +208,11 @@ LEFT(`message`, 400) AS `message`,
                     }
 
                     /* Date */
-                    /* -> Check for compatibility with old date format */
-                    if (preg_match("/(\d{4})-(\d{2})-(\d{2})/", hesk_GET('dt'), $m)) {
-                        $_GET['dt'] = $m[2] . $m[3] . $m[1];
-                    }
-
                     /* -> Now process the date value */
                     $dt = preg_replace('/[^0-9]/', '', hesk_GET('dt'));
                     if (strlen($dt) == 8) {
-                        $date = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
-                        $date_input = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
+                        $date = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
+                        $date_input = $date;
 
                         /* This search is valid even if no query is entered */
                         if ($no_query) {
@@ -247,9 +230,6 @@ LEFT(`message`, 400) AS `message`,
                         hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
                     }
 
-                    /* This will handle error, success and notice messages */
-                    $handle = hesk_handle_messages();
-
                     # echo "$sql<br/>";
 
                     // That's all the SQL we need for count
@@ -258,24 +238,49 @@ LEFT(`message`, 400) AS `message`,
 
                     /* Prepare variables used in search and forms */
                     require_once(HESK_PATH . 'inc/prepare_ticket_search.inc.php');
-
-                    /* If there has been an error message skip searching for tickets */
-                    if ($handle !== FALSE) {
-                        $href = 'find_tickets.php';
-                        require_once(HESK_PATH . 'inc/ticket_list.inc.php');
-                    }
                     ?>
+                    <section class="content">
+                        <div class="box">
+                            <div class="box-header with-border">
+                                <h1 class="box-title">
+                                    <?php echo $hesklang['tickets']; ?>
+                                </h1>
+                                <div class="box-tools pull-right">
+                                    <button type="button" class="btn btn-box-tool" data-widget="collapse">
+                                        <i class="fa fa-minus"></i>
+                                    </button>
+                                </div>
+                            </div>
+                            <div class="box-body">
+                                <?php $handle = hesk_handle_messages(); ?>
+                                <div class="checkbox">
+                                    <label>
+                                        <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                                        <?php echo $hesklang['arp']; ?>
+                                        <span id="timer"></span>
+                                    </label>
+                                </div>
+                                <script type="text/javascript">heskCheckReloading();</script>
+                                <?php
+                                if ($handle !== FALSE) {
+                                    $href = 'find_tickets.php';
+                                    require_once(HESK_PATH . 'inc/ticket_list.inc.php');
+                                    echo '<br>';
+                                }
 
-                    <?php
+                                /* Clean unneeded session variables */
+                                hesk_cleanSessionVars('hide');
 
-                    /* Clean unneeded session variables */
-                    hesk_cleanSessionVars('hide');
+                                /* Show the search form */
+                                require_once(HESK_PATH . 'inc/show_search_form.inc.php');
+                                ?>
+                            </div>
+                        </div>
+                    </section>
+                    <?php
 
-                    /* Show the search form */
-                    require_once(HESK_PATH . 'inc/show_search_form.inc.php');
 
                     /* Print footer */
                     require_once(HESK_PATH . 'inc/footer.inc.php');
                     exit();
-
                     ?>
diff --git a/admin/index.php b/admin/index.php
index 8709a501..be1e4631 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -206,15 +206,15 @@ function do_login()
 
     /* Remember username? */
     if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
-        setcookie('hesk_username', "$user", strtotime('+1 year'));
-        setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
+        hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+        hesk_setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
     } elseif (hesk_POST('remember_user') == 'JUSTUSER') {
-        setcookie('hesk_username', "$user", strtotime('+1 year'));
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+        hesk_setcookie('hesk_p', '');
     } else {
         // Expire cookie if set otherwise
-        setcookie('hesk_username', '');
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', '');
+        hesk_setcookie('hesk_p', '');
     }
 
     /* Close any old tickets here so Cron jobs aren't necessary */
@@ -510,7 +510,7 @@ function logout()
 
     /* Show success message and reset the cookie */
     hesk_process_messages($hesklang['logout_success'], 'NOREDIRECT', 'SUCCESS');
-    setcookie('hesk_p', '');
+    hesk_setcookie('hesk_p', '');
 
     /* Print the login form */
     print_login();
diff --git a/admin/knowledgebase_private.php b/admin/knowledgebase_private.php
index c675f387..372c2941 100644
--- a/admin/knowledgebase_private.php
+++ b/admin/knowledgebase_private.php
@@ -225,7 +225,7 @@ function hesk_show_kb_article($artid)
 	hesk_kb_header($hesk_settings['kb_link'], $article['catid']);
 
     // Update views by 1
-    hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
+    hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
 
 ?>
 	<section class="content">
@@ -329,7 +329,15 @@ function hesk_show_kb_article($artid)
 						<table border="0">
 							<tr>
 								<td><?php echo $hesklang['aid']; ?>: </td>
-								<td><?php echo $article['id']; ?></td>
+								<td>
+									<?php
+									echo $article['id'];
+									if ($article['type'] == 0)
+									{
+										echo ' [<a href="' . $hesk_settings['hesk_url'] . '/knowledgebase.php?article=' . $article['id'] . '">' . $hesklang['public_link'] . '</a>]';
+									}
+									?>
+								</td>
 							</tr>
 							<tr>
 								<td><?php echo $hesklang['category']; ?>: </td>
diff --git a/admin/lock.php b/admin/lock.php
index 9ba669a2..d4b07be6 100644
--- a/admin/lock.php
+++ b/admin/lock.php
@@ -46,6 +46,7 @@ $modsForHesk_settings = mfh_getSettings();
 hesk_checkPermission('can_view_tickets');
 hesk_checkPermission('can_reply_tickets');
 hesk_checkPermission('can_edit_tickets');
+hesk_checkPermission('can_resolve');
 
 /* A security check */
 hesk_token_check();
@@ -98,7 +99,7 @@ $statusRs = hesk_dbQuery($statusSql);
 $statusRow = hesk_dbFetchAssoc($statusRs);
 $statusId = $statusRow['ID'];
 
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "')  WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
 
 /* Back to ticket page and show a success message */
 hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');
\ No newline at end of file
diff --git a/admin/mail.php b/admin/mail.php
index f3a5ac7c..2a5d183e 100644
--- a/admin/mail.php
+++ b/admin/mail.php
@@ -211,10 +211,10 @@ function mail_delete()
     if ($ids) {
         foreach ($ids as $id) {
             /* If both correspondents deleted the mail remove it from database, otherwise mark as deleted by this user */
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0 LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `deletedby`='" . intval($_SESSION['id']) . "' WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`=0");
 
             if (hesk_dbAffectedRows() != 1) {
-                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0 LIMIT 1");
+                hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` WHERE `id`='" . intval($id) . "' AND (`to`='" . intval($_SESSION['id']) . "' OR `from`='" . intval($_SESSION['id']) . "') AND `deletedby`!=0");
             }
         }
 
@@ -236,7 +236,7 @@ function mail_mark_unread()
 
     if ($ids) {
         foreach ($ids as $id) {
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='0' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
         }
 
         hesk_process_messages($hesklang['smmu'], 'NOREDIRECT', 'SUCCESS');
@@ -257,7 +257,7 @@ function mail_mark_read()
 
     if ($ids) {
         foreach ($ids as $id) {
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "' LIMIT 1");
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "mail` SET `read`='1' WHERE `id`='" . intval($id) . "' AND `to`='" . intval($_SESSION['id']) . "'");
         }
 
         hesk_process_messages($hesklang['smmr'], 'NOREDIRECT', 'SUCCESS');
@@ -421,7 +421,7 @@ function show_message()
 	        /* Mark as read */
 	        if ($hesk_settings['mailtmp']['this'] == 'to' && !$pm['read'])
 	        {
-				$res = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."' LIMIT 1");
+				hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."mail` SET `read`='1' WHERE `id`='".intval($id)."'");
 	        }
 
 	        $pm['name'] = isset($admins[$pm[$hesk_settings['mailtmp']['other']]]) ? '<a href="mail.php?a=new&amp;id='.$pm[$hesk_settings['mailtmp']['other']].'">'.$admins[$pm[$hesk_settings['mailtmp']['other']]].'</a>' : (($pm['from'] == 9999) ? '<a href="http://www.hesk.com" target="_blank">HESK.com</a>' : $hesklang['e_udel']);
diff --git a/admin/manage_canned.php b/admin/manage_canned.php
index dd7b4b56..02f22506 100644
--- a/admin/manage_canned.php
+++ b/admin/manage_canned.php
@@ -48,6 +48,9 @@ define('WYSIWYG', 1);
 /* Check permissions for this feature */
 hesk_checkPermission('can_man_canned');
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* What should we do? */
 if ($action = hesk_REQUEST('a')) {
     if (defined('HESK_DEMO')) {
@@ -442,7 +445,7 @@ function edit_saved()
         hesk_process_messages($hesk_error_buffer, 'manage_canned.php?saved_replies=' . $id);
     }
 
-    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1");
+    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
 
     unset($_SESSION['canned']['what']);
     unset($_SESSION['canned']['id']);
@@ -501,7 +504,7 @@ function remove()
 
     $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
 
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` WHERE `id`='" . intval($mysaved) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
     }
@@ -522,7 +525,7 @@ function order_saved()
 
     $reply_move = intval(hesk_GET('move'));
 
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=`reply_order`+" . intval($reply_move) . " WHERE `id`='" . intval($replyid) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_error("$hesklang[int_error]: $hesklang[reply_not_found].");
     }
@@ -532,7 +535,7 @@ function order_saved()
 
     $i = 10;
     while ($myreply = hesk_dbFetchAssoc($result)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "std_replies` SET `reply_order`=" . intval($i) . " WHERE `id`='" . intval($myreply['id']) . "'");
         $i += 10;
     }
 
diff --git a/admin/manage_categories.php b/admin/manage_categories.php
index aaf9df54..2ffa9248 100644
--- a/admin/manage_categories.php
+++ b/admin/manage_categories.php
@@ -549,7 +549,7 @@ function change_priority()
         $priority = 3;
     }
 
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `priority`='{$priority}' WHERE `id`='" . intval($catid) . "'");
 
     hesk_cleanSessionVars('cat_ch_priority');
 
@@ -703,7 +703,7 @@ function update_category()
      `manager` = " . intval($manager) . ",
      `color` = " . $color . ",
      `usage` = " . intval($usage) . "
-     WHERE `id`='" . intval($catid) . "' LIMIT 1");
+     WHERE `id`='" . intval($catid) . "'");
 
     unset($_SESSION['selcat']);
     unset($_SESSION['catname2']);
@@ -726,7 +726,7 @@ function remove()
         hesk_process_messages($hesklang['cant_del_default_cat'], $_SERVER['PHP_SELF']);
     }
 
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($mycat) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
     }
@@ -749,7 +749,7 @@ function order_cat()
 
     $cat_move = intval(hesk_GET('move'));
 
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=`cat_order`+" . intval($cat_move) . " WHERE `id`='" . intval($catid) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_error("$hesklang[int_error]: $hesklang[cat_not_found].");
     }
@@ -759,7 +759,7 @@ function order_cat()
 
     $i = 10;
     while ($mycat = hesk_dbFetchAssoc($res)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `cat_order`=" . intval($i) . " WHERE `id`='" . intval($mycat['id']) . "'");
         $i += 10;
     }
 
@@ -787,7 +787,7 @@ function toggle_autoassign()
     }
 
     /* Update auto-assign settings */
-    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `autoassign`='" . intval($autoassign) . "' WHERE `id`='" . intval($catid) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
     }
@@ -816,7 +816,7 @@ function toggle_type()
     }
 
     /* Update auto-assign settings */
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `type`='{$type}' WHERE `id`='" . intval($catid) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_process_messages($hesklang['int_error'] . ': ' . $hesklang['cat_not_found'], './manage_categories.php');
     }
diff --git a/admin/manage_email_templates.php b/admin/manage_email_templates.php
index e282d05b..8b487e29 100644
--- a/admin/manage_email_templates.php
+++ b/admin/manage_email_templates.php
@@ -103,6 +103,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             </li>
             ';
                     }
+
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+                    <li role="presentation">
+						<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
+                            $hesklang['tab_4']
+                            . '</a>
+					</li>
+                        ';
+                    }
                     ?>
                 </ul>
                 <div class="tab-content summaryList tabPadding">
diff --git a/admin/manage_knowledgebase.php b/admin/manage_knowledgebase.php
index b1b5cb3a..aa8f2652 100644
--- a/admin/manage_knowledgebase.php
+++ b/admin/manage_knowledgebase.php
@@ -473,18 +473,33 @@ if (!isset($_SESSION['hide']['new_article']))
                                 <?php
                                 display_dropzone_field($hesk_settings['hesk_url'] . '/internal-api/admin/knowledgebase/upload-attachment.php');
                             endif; // End attachments
+
+                            // Redirect to the correct page
+                            switch ($from)
+                            {
+                                case 'draft':
+                                    $redirect_action = 'a=list_draft';
+                                    break;
+                                case 'private':
+                                    $redirect_action = 'a=list_private';
+                                    break;
+                                default:
+                                    $redirect_action = 'a=manage_cat&amp;catid='.$catid;
+                                    break;
+                            }
                             ?>
                         </div>
                     </div>
                 </div>
                 <div class="box-footer">
                     <div class="form-group">
-                        <input type="hidden" name="a" value="new_article" />
-                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" />
+                        <input type="hidden" name="a" value="new_article">
+                        <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
+                        <input type="hidden" name="from" value="<?php echo $from; ?>">
 
                         <div class="btn-group">
-                            <input type="submit" value="<?php echo $hesklang['kb_save']; ?>" class="btn btn-primary" />
-                            <a class="btn btn-default" href="manage_knowledgebase.php?a=manage_cat&amp;catid=<?php echo $catid; ?>"><?php echo $hesklang['cancel']; ?></a>
+                            <input type="submit" value="<?php echo $hesklang['kb_save']; ?>" class="btn btn-primary">
+                            <a class="btn btn-default" href="manage_knowledgebase.php?<?php echo $redirect_action; ?>"><?php echo $hesklang['cancel']; ?></a>
                         </div>
                     </div>
                 </div>
@@ -670,8 +685,8 @@ function list_draft() {
                                 <td><?php echo $kb_cat[$article['catid']]; ?></td>
                                 <td style="white-space:nowrap;">
                                     <a href="knowledgebase_private.php?article=<?php echo $article['id']; ?>&amp;back=1<?php if ($article['type'] == 2) {echo '&amp;draft=1';} ?>" target="_blank"><i class="fa fa-file-o" data-toggle="tooltip" title="<?php echo $hesklang['viewart']; ?>"></i></a>
-                                    <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
-                                    <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times icon-link red" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a></td>
+                                    <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>&amp;from=draft"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
+                                    <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>&amp;from=draft" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times icon-link red" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a></td>
                             </tr>
                             <?php
                             $j++;
@@ -820,8 +835,8 @@ function list_private() {
                                     <?php echo $rat; ?>
                                     <td class="text-center">
                                         <a href="knowledgebase_private.php?article=<?php echo $article['id']; ?>&amp;back=1<?php if ($article['type'] == 2) {echo '&amp;draft=1';} ?>" target="_blank"><i class="fa fa-file-o icon-link" data-toggle="tooltip" title="<?php echo $hesklang['viewart']; ?>"></i></a>
-                                        <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
-                                        <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times red icon-link" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp;</td>
+                                        <a href="manage_knowledgebase.php?a=edit_article&amp;id=<?php echo $article['id']; ?>&amp;from=private"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" title="<?php echo $hesklang['edit']; ?>"></i></a>
+                                        <a href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>&amp;from=private" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><i class="fa fa-times red icon-link" data-toggle="tooltip" title="<?php echo $hesklang['delete']; ?>"></i></a>&nbsp;</td>
                                 </tr>
                                 <?php
                                 $j++;
@@ -1001,7 +1016,7 @@ function remove_kb_att()
     // Remove attachment from article
     $art['attachments'] = str_replace($att_id.'#'.$att['real_name'].',','',$art['attachments']);
 
-	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `attachments`='".hesk_dbEscape($art['attachments'])."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($id)."' LIMIT 1");
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `attachments`='".hesk_dbEscape($art['attachments'])."', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `id`='".intval($id)."'");
 
     hesk_process_messages($hesklang['kb_att_rem'],'manage_knowledgebase.php?a=edit_article&id='.$id,'SUCCESS');
 } // END remove_kb_att()
@@ -1074,7 +1089,7 @@ function edit_category()
         }
 
         // Now delete the category
-        hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."' LIMIT 1");
+        hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` WHERE `id`='".intval($catid)."'");
 
 		$_SESSION['hide'] = array(
 			//'treemenu' => 1,
@@ -1085,7 +1100,7 @@ function edit_category()
         hesk_process_messages($hesklang['kb_cat_dlt'],'./manage_knowledgebase.php','SUCCESS');
     }
 
-	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `name`='".hesk_dbEscape($title)."',`parent`=".intval($parent).",`type`='".intval($type)."' WHERE `id`='".intval($catid)."' LIMIT 1");
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `name`='".hesk_dbEscape($title)."',`parent`=".intval($parent).",`type`='".intval($type)."' WHERE `id`='".intval($catid)."'");
 
     unset($_SESSION['hide']);
 
@@ -1111,6 +1126,7 @@ function save_article()
     $old_catid = intval( hesk_POST('old_catid') );
     $old_type  = intval( hesk_POST('old_type') );
     $old_type  = ($old_type < 0 || $old_type > 2) ? 0 : $old_type;
+    $from = hesk_POST('from');
 
     $subject = hesk_input( hesk_POST('subject') ) or $hesk_error_buffer[] = $hesklang['kb_e_subj'];
 
@@ -1124,9 +1140,9 @@ function save_article()
 	    $content = hesk_getHTML( hesk_POST('content') );
 		
 		// Clean the HTML code
-		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-		$purifier = new HTMLPurifier();
-		$content = $purifier->purify($content);
+		require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+		$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+		$content = $purifier->heskPurify($content);
     }
 	else
     {
@@ -1209,7 +1225,7 @@ function save_article()
 		$hesk_error_buffer = $tmp;
 
     	$hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
-    	hesk_process_messages($hesk_error_buffer,'./manage_knowledgebase.php?a=edit_article&id='.$id);
+        hesk_process_messages($hesk_error_buffer,'./manage_knowledgebase.php?a=edit_article&id='.$id.'&from='.$from);
     }
 
 	/* Add to database */
@@ -1236,7 +1252,7 @@ function save_article()
     `html`='".intval($html)."',
     `sticky`='".intval($sticky)."',
     `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."')
-    WHERE `id`='".intval($id)."' LIMIT 1");
+    WHERE `id`='".intval($id)."'");
 
     $_SESSION['artord'] = $id;
 
@@ -1247,7 +1263,20 @@ function save_article()
     // Update article order
     update_article_order($catid);
 
-    hesk_process_messages($hesklang['your_kb_mod'],'./manage_knowledgebase.php?a=manage_cat&catid='.$catid,'SUCCESS');
+    // Redirect to the correct page
+    switch ($from) {
+        case 'draft':
+            $redirect_action = 'a=list_draft';
+            break;
+        case 'private':
+            $redirect_action = 'a=list_private';
+            break;
+        default:
+            $redirect_action = 'a=manage_cat&catid='.$catid;
+            break;
+    }
+
+    hesk_process_messages($hesklang['your_kb_mod'],'./manage_knowledgebase.php?'.$redirect_action,'SUCCESS');
 } // END save_article()
 
 
@@ -1278,6 +1307,8 @@ function edit_article()
 
     $catid = $article['catid'];
 
+    $from = hesk_GET('from');
+
     if (isset($_SESSION['edit_article']))
     {
     	$_SESSION['edit_article'] = hesk_stripArray($_SESSION['edit_article']);
@@ -1373,11 +1404,6 @@ function edit_article()
 	require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 	?>
 
-	</td>
-	</tr>
-	<tr>
-	<td>
-
     <ol class="breadcrumb">
         <li><a href="manage_knowledgebase.php"><?php echo $hesklang['kb']; ?></a></li>
         <li><a href="manage_knowledgebase.php?a=manage_cat&amp;catid=<?php echo $catid; ?>"><?php echo $hesklang['kb_cat_man']; ?></a></li>
@@ -1517,14 +1543,15 @@ function edit_article()
                         </div>
                         <?php endif; //End attachments ?>
                         <div class="form-group">
-                            <input type="hidden" name="a" value="save_article" />
-                            <input type="hidden" name="id" value="<?php echo $id; ?>" />
-                            <input type="hidden" name="old_type" value="<?php echo $article['type']; ?>" />
-                            <input type="hidden" name="old_catid" value="<?php echo $catid; ?>" />
-                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>" /><br>
-                            <div class="btn-group">
+                            <input type="hidden" name="a" value="save_article">
+                            <input type="hidden" name="id" value="<?php echo $id; ?>">
+                            <input type="hidden" name="old_type" value="<?php echo $article['type']; ?>">
+                            <input type="hidden" name="old_catid" value="<?php echo $catid; ?>">
+                            <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
+                            <div class="btn-group-vertical full-width">
                                 <input type="submit" value="<?php echo $hesklang['kb_save']; ?>" class="btn btn-primary" />
                                 <a class="btn btn-default" href="manage_knowledgebase.php?a=manage_cat&amp;catid=<?php echo $catid; ?>"><?php echo $hesklang['cancel']; ?></a>
+                                <a class="btn btn-danger" href="manage_knowledgebase.php?a=remove_article&amp;id=<?php echo $article['id']; ?>&amp;token=<?php hesk_token_echo(); ?>" onclick="return hesk_confirmExecute('<?php echo hesk_makeJsString($hesklang['del_art']); ?>');"><?php echo $hesklang['del_kbaa']; ?></a>
                             </div>
                         </div>
                     </div>
@@ -1984,9 +2011,9 @@ function new_article()
         $content = hesk_getHTML( hesk_POST('content') );
 		
 		// Clean the HTML code
-		require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-		$purifier = new HTMLPurifier();
-		$content = $purifier->purify($content);
+		require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+		$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+		$content = $purifier->heskPurify($content);
     }
 	else
     {
@@ -2136,8 +2163,9 @@ function remove_article()
 
     $article = hesk_dbFetchAssoc($result);
 	$catid = intval($article['catid']);
+    $from = hesk_GET('from');
 
-    $result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."' LIMIT 1");
+    $result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` WHERE `id`='".intval($id)."'");
 
     // Remove any attachments
     delete_kb_attachments($article['attachments']);
@@ -2156,7 +2184,20 @@ function remove_article()
 	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles_draft`=`articles_draft`-1 WHERE `id`='{$catid}'");
 	}
 
-	hesk_process_messages($hesklang['your_kb_deleted'],'./manage_knowledgebase.php?a=manage_cat&catid='.$catid,'SUCCESS');
+    // Redirect to the correct page
+    switch ($from) {
+        case 'draft':
+            $redirect_action = 'a=list_draft';
+            break;
+        case 'private':
+            $redirect_action = 'a=list_private';
+            break;
+        default:
+            $redirect_action = 'a=manage_cat&catid='.$catid;
+            break;
+    }
+
+    hesk_process_messages($hesklang['your_kb_deleted'],'./manage_knowledgebase.php?'.$redirect_action,'SUCCESS');
 } // End remove_article()
 
 
@@ -2172,7 +2213,7 @@ function order_category()
 
     $_SESSION['newcat'] = $catid;
 
-	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=`cat_order`+".intval($move)." WHERE `id`='".intval($catid)."' LIMIT 1");
+	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=`cat_order`+".intval($move)." WHERE `id`='".intval($catid)."'");
 	if (hesk_dbAffectedRows() != 1)
     {
     	hesk_error($hesklang['kb_cat_inv']);
@@ -2198,7 +2239,7 @@ function order_article()
 
     $_SESSION['artord'] = $id;
 
-	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=`art_order`+".intval($move)." WHERE `id`='".intval($id)."' LIMIT 1");
+	$result = hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=`art_order`+".intval($move)." WHERE `id`='".intval($id)."'");
 	if (hesk_dbAffectedRows() != 1)
     {
     	hesk_error($hesklang['kb_art_id']);
@@ -2306,7 +2347,7 @@ function toggle_sticky()
     $_SESSION['artord'] = $id;
 
 	/* Update article "sticky" status */
-	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `sticky`='" . intval($sticky) . " ' WHERE `id`='" . intval($id) . "' LIMIT 1");
+	hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `sticky`='" . intval($sticky) . " ' WHERE `id`='" . intval($id) . "'");
 
     /* Update article order */
     update_article_order($catid);
@@ -2336,7 +2377,7 @@ function update_article_order($catid)
 			$previous_sticky = $article['sticky'];
 		}
 
-	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=".intval($i)." WHERE `id`='".intval($article['id'])."' LIMIT 1");
+	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `art_order`=".intval($i)." WHERE `id`='".intval($article['id'])."'");
 	    $i += 10;
 	}
 
@@ -2356,7 +2397,7 @@ function update_category_order()
 	while ( $category = hesk_dbFetchAssoc($res) )
 	{
 
-	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=".intval($i)." WHERE `id`='".intval($category['id'])."' LIMIT 1");
+	    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `cat_order`=".intval($i)." WHERE `id`='".intval($category['id'])."'");
 	    $i += 10;
 	}
 
@@ -2396,7 +2437,7 @@ function update_count($show_success=0)
     	$value['articles'] = isset($value['articles']) ? $value['articles'] : 0;
     	$value['articles_private'] = isset($value['articles_private']) ? $value['articles_private'] : 0;
     	$value['articles_draft'] = isset($value['articles_draft']) ? $value['articles_draft'] : 0;
-		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}' LIMIT 1");
+		hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_categories` SET `articles`={$value['articles']}, `articles_private`={$value['articles_private']}, `articles_draft`={$value['articles_draft']} WHERE `id`='{$catid}'");
     }
 
 	// Show a success message?
@@ -2469,7 +2510,7 @@ function delete_kb_attachments($attachments)
 			hesk_unlink(HESK_PATH.$hesk_settings['attach_dir'].'/'.$file['saved_name']);
 		}
 
-		$result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."' LIMIT 1");
+		$result = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_attachments` WHERE `att_id`='".intval($att_id)."'");
 	}
 
     return true;
@@ -2485,7 +2526,7 @@ function hesk_stray_article($id)
     $article['catid'] = 1;
 
     // Update database
-    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=1 WHERE `id`='".intval($id)."' LIMIT 1");
+    hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."kb_articles` SET `catid`=1 WHERE `id`='".intval($id)."'");
 
     // Update count of articles in categories
     update_count();
diff --git a/admin/manage_statuses.php b/admin/manage_statuses.php
index 96138f76..1b24074d 100644
--- a/admin/manage_statuses.php
+++ b/admin/manage_statuses.php
@@ -87,6 +87,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                                                             title="<?php echo $hesklang['statuses']; ?>"
                                                                             data-content="<?php echo $hesklang['statuses_intro']; ?>"></i></a>
                     </li>
+                    <?php
+                    if (hesk_checkPermission('can_man_settings', 0)) {
+                        echo '
+                    <li role="presentation">
+						<a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' .
+							$hesklang['tab_4']
+						. '</a>
+					</li>
+                        ';
+                    }
+                    ?>
                 </ul>
                 <div class="tab-content summaryList tabPadding">
                     <div class="row">
diff --git a/admin/manage_ticket_templates.php b/admin/manage_ticket_templates.php
index 5f60a975..b0fca927 100644
--- a/admin/manage_ticket_templates.php
+++ b/admin/manage_ticket_templates.php
@@ -408,7 +408,7 @@ function edit_saved()
         hesk_process_messages($hesk_error_buffer, 'manage_ticket_templates.php?saved_replies=' . $id);
     }
 
-    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "' LIMIT 1");
+    $result = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `title`='" . hesk_dbEscape($savename) . "',`message`='" . hesk_dbEscape($msg) . "' WHERE `id`='" . intval($id) . "'");
 
     unset($_SESSION['canned']['what']);
     unset($_SESSION['canned']['id']);
@@ -467,7 +467,7 @@ function remove()
 
     $mysaved = intval(hesk_GET('id')) or hesk_error($hesklang['id_not_valid']);
 
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "' LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` WHERE `id`='" . intval($mysaved) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
     }
@@ -488,7 +488,7 @@ function order_saved()
 
     $tpl_move = intval(hesk_GET('move'));
 
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=`tpl_order`+" . intval($tpl_move) . " WHERE `id`='" . intval($tplid) . "'");
     if (hesk_dbAffectedRows() != 1) {
         hesk_error("$hesklang[int_error]: $hesklang[ticket_tpl_not_found].");
     }
@@ -498,7 +498,7 @@ function order_saved()
 
     $i = 10;
     while ($mytpl = hesk_dbFetchAssoc($result)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "ticket_templates` SET `tpl_order`=" . intval($i) . " WHERE `id`='" . intval($mytpl['id']) . "'");
         $i += 10;
     }
 
diff --git a/admin/manage_users.php b/admin/manage_users.php
index 767b0da8..7adc89c7 100644
--- a/admin/manage_users.php
+++ b/admin/manage_users.php
@@ -79,13 +79,13 @@ $default_userdata = array(
 
     // Preferences
     'afterreply' => 0,
-    'autorefresh' => 0,
 
     // Defaults
     'autostart' => 1,
     'notify_customer_new' => 1,
     'notify_customer_reply' => 1,
     'show_suggested' => 1,
+    'autoreload' => 0,
     'default_calendar_view' => $default_view,
 
     // Notifications
@@ -276,11 +276,11 @@ if ($action = hesk_REQUEST('a')) {
 
                     /* To edit yourself go to "Profile" page, not here. */
                     if ($myuser['id'] == $_SESSION['id']) {
-                        $edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
+                        $edit_code = '<a href="profile.php"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
                     } elseif ($myuser['id'] == 1) {
                         $edit_code = ' <img src="../img/blank.gif" width="16" height="16" alt="" style="padding:3px;border:none;" />';
                     } else {
-                        $edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
+                        $edit_code = '<a href="manage_users.php?a=edit&amp;id=' . $myuser['id'] . '"><i class="fa fa-pencil icon-link orange" data-toggle="tooltip" data-placement="top" title="' . $hesklang['edit'] . '"></i></a>';
                     }
 
                     if ($myuser['isadmin']) {
@@ -456,27 +456,29 @@ function edit_user()
         <li class="active"><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></li>
     </ol>
 
-    <div class="row pad-down-20">
-        <div class="col-md-8 col-md-offset-2">
-            <?php
-            /* This will handle error, success and notice messages */
-            hesk_handle_messages();
-            ?>
-
-            <h3><?php echo $hesklang['editing_user'] . ' ' . $_SESSION['original_user']; ?></h3>
-            <h6><?php echo $hesklang['req_marked_with']; ?> <font class="important">*</font></h6>
-
-            <div class="footerWithBorder blankSpace"></div>
-
-            <form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
-                <?php hesk_profile_tab('userdata', false, 'edit_user'); ?>
-            </form>
-            <script language="Javascript" type="text/javascript"><!--
-                hesk_checkPassword(document.form1.newpass.value);
-                //-->
-            </script>
+    <section class="content">
+        <div class="box">
+            <div class="box-header with-border">
+                <h1 class="box-title">
+                    <?php echo $hesklang['editing_user'] . ' <b>' . $_SESSION['original_user'] . '</b>'; ?>
+                </h1>
+            </div>
+            <div class="box-body">
+                <?php
+                /* This will handle error, success and notice messages */
+                hesk_handle_messages();
+                ?>
+                <h6><?php echo $hesklang['req_marked_with']; ?> <span class="important">*</span></h6>
+                <form role="form" class="form-horizontal" name="form1" method="post" action="manage_users.php">
+                    <?php hesk_profile_tab('userdata', false, 'edit_user'); ?>
+                </form>
+                <script language="Javascript" type="text/javascript"><!--
+                    hesk_checkPassword(document.form1.newpass.value);
+                    //-->
+                </script>
+            </div>
         </div>
-    </div>
+    </section>
 
     <?php
     require_once(HESK_PATH . 'inc/footer.inc.php');
@@ -521,6 +523,7 @@ function new_user()
 	    `heskprivileges`,
 	    `afterreply`,
         `autostart`,
+        `autoreload`,
         `notify_customer_new`,
         `notify_customer_reply`,
         `show_suggested`,
@@ -533,7 +536,6 @@ function new_user()
         `notify_note`,
         `notify_note_unassigned`,
         `notify_overdue_unassigned`,
-        `autorefresh`,
         `permission_template`,
         `default_calendar_view`) VALUES (
 	'" . hesk_dbEscape($myuser['user']) . "',
@@ -547,6 +549,7 @@ function new_user()
 	'" . hesk_dbEscape($myuser['features']) . "',
 	'" . ($myuser['afterreply']) . "' ,
 	'" . ($myuser['autostart']) . "' ,
+	'" . ($myuser['autoreload']) . "' ,
 	'" . ($myuser['notify_customer_new']) . "' ,
 	'" . ($myuser['notify_customer_reply']) . "' ,
 	'" . ($myuser['show_suggested']) . "' ,
@@ -559,7 +562,6 @@ function new_user()
 	'" . ($myuser['notify_note']) . "',
 	'" . ($myuser['notify_note_unassigned']) . "',
 	'" . ($myuser['notify_overdue_unassigned']) . "',
-	" . intval($myuser['autorefresh']) . ",
 	" . intval($myuser['template']) . ",
 	" . intval($myuser['default_calendar_view']) . ")");
 
@@ -673,6 +675,7 @@ function update_user()
     `heskprivileges`='" . hesk_dbEscape($myuser['features']) . "',
     `afterreply`='" . ($myuser['afterreply']) . "' ,
 	`autostart`='" . ($myuser['autostart']) . "' ,
+	`autoreload`='" . ($myuser['autoreload']) . "' ,
 	`notify_customer_new`='" . ($myuser['notify_customer_new']) . "' ,
 	`notify_customer_reply`='" . ($myuser['notify_customer_reply']) . "' ,
 	`show_suggested`='" . ($myuser['show_suggested']) . "' ,
@@ -685,10 +688,9 @@ function update_user()
 	`notify_note`='" . ($myuser['notify_note']) . "',
 	`notify_note_unassigned`='" . ($myuser['notify_note_unassigned']) . "',
 	`notify_overdue_unassigned`='" . ($myuser['notify_overdue_unassigned']) . "',
-	`autorefresh`=" . intval($myuser['autorefresh']) . ",
 	`permission_template`=" . intval($myuser['template']) . ",
 	`default_calendar_view`=" . intval($myuser['default_calendar_view']) . "
-    WHERE `id`='" . intval($myuser['id']) . "' LIMIT 1");
+    WHERE `id`='" . intval($myuser['id']) . "'");
 
     // If they are now inactive, remove any manager rights
     if (!$myuser['active']) {
@@ -781,13 +783,25 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
     if ($myuser['afterreply'] != 1 && $myuser['afterreply'] != 2) {
         $myuser['afterreply'] = 0;
     }
-    $myuser['autorefresh'] = intval(hesk_POST('autorefresh'));
 
     // Defaults
     $myuser['autostart'] = isset($_POST['autostart']) ? 1 : 0;
     $myuser['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
     $myuser['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
     $myuser['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
+    $myuser['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
+
+    if ($myuser['autoreload']) {
+        $myuser['autoreload'] = intval(hesk_POST('reload_time'));
+
+        if (hesk_POST('secmin') == 'min') {
+            $myuser['autoreload'] *= 60;
+        }
+
+        if ($myuser['autoreload'] < 0 || $myuser['autoreload'] > 65535) {
+            $myuser['autoreload'] = 30;
+        }
+    }
     $myuser['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
 
     /* Notifications */
diff --git a/admin/move_category.php b/admin/move_category.php
index cedd2216..d78b8ab3 100755
--- a/admin/move_category.php
+++ b/admin/move_category.php
@@ -44,7 +44,9 @@ hesk_isLoggedIn();
 $modsForHesk_settings = mfh_getSettings();
 
 /* Check permissions for this feature */
-hesk_checkPermission('can_change_cat');
+if (hesk_checkPermission('can_change_cat', 0)) {
+    hesk_checkPermission('can_change_own_cat');
+}
 
 /* A security check */
 hesk_token_check('POST');
@@ -73,6 +75,11 @@ if (!$row['autoassign']) {
 /* Is user allowed to view tickets in new category? */
 $category_ok = hesk_okCategory($category, 0);
 
+// Is user allowed to move tickets to this category?
+if (!$category_ok && !hesk_checkPermission('can_submit_any_cat', 0)) {
+    hesk_process_messages($hesklang['noauth_move'],'admin_main.php');
+}
+
 /* Get details about the original ticket */
 $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
 if (hesk_dbNumRows($res) != 1) {
@@ -113,7 +120,7 @@ if ($need_to_reassign || !$ticket['owner']) {
     }
 }
 
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
 
 $ticket['category'] = $category;
 
diff --git a/admin/new_ticket.php b/admin/new_ticket.php
index cedc18e8..685f19b4 100644
--- a/admin/new_ticket.php
+++ b/admin/new_ticket.php
@@ -48,6 +48,9 @@ hesk_session_start();
 hesk_dbConnect();
 hesk_isLoggedIn();
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // Pre-populate fields
 // Customer name
 if (isset($_REQUEST['name'])) {
@@ -122,6 +125,35 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 /* Print admin navigation */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
+// Get categories
+$hesk_settings['categories'] = array();
+
+if (hesk_checkPermission('can_submit_any_cat', 0)) {
+    $res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC");
+} else {
+    $res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC");
+}
+
+while ($row = hesk_dbFetchAssoc($res)) {
+    $hesk_settings['categories'][$row['id']] = $row['name'];
+}
+
+$number_of_categories = count($hesk_settings['categories']);
+
+if ($number_of_categories == 0) {
+    $category = 1;
+} elseif ($number_of_categories == 1) {
+    $category = current(array_keys($hesk_settings['categories']));
+} else {
+    $category = isset($_GET['catid']) ? hesk_REQUEST('catid'): hesk_REQUEST('category');
+
+    // Force the customer to select a category?
+    if (!isset($hesk_settings['categories'][$category])) {
+        return print_select_category($number_of_categories);
+    }
+}
+
+
 $showRs = hesk_dbQuery("SELECT `show` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "quick_help_sections` WHERE `id` = 5");
 $show = hesk_dbFetchAssoc($showRs);
 $show_quick_help = $show['show'];
@@ -129,7 +161,12 @@ $show_quick_help = $show['show'];
 
 <ol class="breadcrumb">
     <li><a href="admin_main.php"><?php echo $hesk_settings['hesk_title']; ?></a></li>
-    <li class="active"><?php echo $hesklang['nti2']; ?></li>
+    <?php if ($number_of_categories > 1): ?>
+        <li><a href="new_ticket.php"><?php echo $hesklang['nti2']; ?></a></li>
+        <li class="active"><?php echo $hesk_settings['categories'][$category]; ?></li>
+    <?php else: ?>
+        <li class="active"><?php echo $hesklang['nti2']; ?></li>
+    <?php endif; ?>
 </ol>
 <section class="content">
     <?php
@@ -234,63 +271,33 @@ $show_quick_help = $show['show'];
                     </div>
                 </div>
                 <div class="form-group">
-                    <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?></label>
+                    <label for="email" class="col-sm-3 control-label">
+                        <?php
+                        echo $hesklang['email'];
+                        if ($hesk_settings['require_email']) {
+                            echo '<span class="important">*</span>';
+                        }
+                        ?>
+                    </label>
 
                     <div class="col-sm-9">
-                        <input type="text" class="form-control" name="email" size="40" maxlength="1000" id="email-input"
+                        <input type="text" class="form-control" name="email" size="40" maxlength="1000" id="email"
                                value="<?php if (isset($_SESSION['as_email'])) {
                                    echo stripslashes(hesk_input($_SESSION['as_email']));
                                } else if (isset($_GET['email'])) {
                                    echo hesk_GET('email');
                                } ?>" <?php if ($hesk_settings['detect_typos']) {
-                            echo ' onblur="Javascript:hesk_suggestEmail(1)"';
+                            echo ' onblur="Javascript:Javascript:hesk_suggestEmail(\'email\', \'email_suggestions\', 1, 1)"';
                         } ?>
                                placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"
-                               onkeyup="disableIfEmpty('email-input','notify-email')">
+                               onkeyup="disableIfEmpty('email','notify-email')"
+                                <?php if ($hesk_settings['require_email']) {echo 'data-error="'.htmlspecialchars($hesklang['enter_valid_email']).'" required';} ?>>
+                        <div class="help-block with-errors"></div>
                     </div>
 
                 </div>
                 <div id="email_suggestions"></div>
-                <!-- Department and Priority -->
-                <?php
-                $has_error = '';
-
-                if (in_array('category', $_SESSION['iserror'])) {
-                    $has_error = 'has-error';
-                } elseif (in_array('category', $_SESSION['isnotice'])) {
-                    $has_error = 'has-warning';
-                }
-                ?>
-                <div class="form-group <?php echo $has_error; ?>">
-                    <label for="category" class="col-sm-3 control-label"><?php echo $hesklang['category']; ?><span
-                            class="important">*</span></label>
-
-                    <div class="col-sm-9">
-                        <select name="category" class="form-control"
-                                pattern="[0-9]+"
-                                data-error="<?php echo htmlspecialchars($hesklang['sel_app_cat']); ?>"
-                                required>
-                            <?php
-                            // Show the "Click to select"?
-                            if ($hesk_settings['select_cat']) {
-                                echo '<option value="">' . $hesklang['select'] . '</option>';
-                            }
-                            // List categories
-                            $orderByColumn = $modsForHesk_settings['category_order_column'];
-                            $result = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` WHERE `usage` <> 2 ORDER BY `' . $orderByColumn . '` ASC');
-                            while ($row = hesk_dbFetchAssoc($result)) {
-                                if (isset($_SESSION['as_category']) && $_SESSION['as_category'] == $row['id']) {
-                                    $selected = ' selected="selected"';
-                                } else {
-                                    $selected = '';
-                                }
-                                echo '<option value="' . $row['id'] . '"' . $selected . '>' . $row['name'] . '</option>';
-                            }
-                            ?>
-                        </select>
-                        <div class="help-block with-errors"></div>
-                    </div>
-                </div>
+                <!-- Priority -->
                 <?php
                 $has_error = '';
                 if (in_array('priority', $_SESSION['iserror'])) {
@@ -341,59 +348,62 @@ $show_quick_help = $show['show'];
                 <?php
                 /* custom fields BEFORE comments */
                 foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place'] == 0) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
+                    if ($v['use'] && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $category)) {
+                        if ($v['req'] == 2) {
+                            $v['req']=  '<span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        } else {
+                            $v['req'] = '';
+                            $required_attribute = '';
                         }
 
-                        // $v['req'] = $v['req'] ? '<font class="important">*</font>' : '';
-                        // Staff doesn't need to fill in required custom fields
-                        $v['req'] = '';
-
-                        if ($v['type'] == 'checkbox' && !isset($_GET["c_$k"])) {
+                        if ($v['type'] == 'checkbox') {
                             $k_value = array();
-                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"])) {
-                                foreach ($_SESSION["c_$k"] as $myCB) {
+                            if (isset($_SESSION["as_$k"]) && is_array($_SESSION["as_$k"])) {
+                                foreach ($_SESSION["as_$k"] as $myCB) {
                                     $k_value[] = stripslashes(hesk_input($myCB));
                                 }
                             }
                         } elseif (isset($_SESSION["as_$k"])) {
-                            $k_value = stripslashes(hesk_input($_SESSION["as_$k"]));
-                        } elseif (isset($_GET["as_$k"])) {
-                            if ($v['type'] == 'checkbox') {
-                                $k_value = explode('-CHECKBOX-', $_GET["as_$k"]);
-                            } else {
-                                $k_value = stripslashes(hesk_GET("as_$k"));
-                            }
+                            $k_value  = stripslashes(hesk_input($_SESSION["as_$k"]));
                         } else {
-                            $k_value = '';
+                            $k_value  = '';
                         }
 
                         switch ($v['type']) {
                             /* Radio box */
                             case 'radio':
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] .'</label><div align="left" class="col-sm-9">';
 
-                                foreach ($options as $option) {
+                                foreach ($v['value']['radio_options'] as $option) {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option) {
+                                    if (strlen($k_value) == 0) {
+                                        $k_value = $option;
+                                        $checked = empty($v['value']['no_default']) ? 'checked' : '';
+                                    } elseif ($k_value == $option) {
                                         $k_value = $option;
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                     } else {
                                         $checked = '';
                                     }
 
                                     //Clean up multiple dashes or whitespaces
                                     $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                    $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                    echo '<label style="font-weight: normal;"><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
+
+                                    echo '<div class="radio">
+                                            <label>
+                                                <input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . $required_attribute . '>
+                                                ' . $option . '
+                                            </label>
+                                        </div>';
                                 }
 
-                                echo '</div></div>';
+                                echo '
+                                    <div class="help-block with-errors"></div>
+                                    </div>
+                                </div>';
                                 break;
 
                             /* Select drop-down box */
@@ -401,53 +411,22 @@ $show_quick_help = $show['show'];
 
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] .  '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $cls . '>';
+                                echo '<div class="form-group' . $cls . '"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $required_attribute . '>';
 
                                 // Show "Click to select"?
-                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                if ($num) {
+                                if (!empty($v['value']['show_select'])) {
                                     echo '<option value="">' . $hesklang['select'] . '</option>';
                                 }
 
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
+                                foreach ($v['value']['select_options'] as $option) {
                                     if ($k_value == $option) {
                                         $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
-                                        $selected = '';
-                                    }
-
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
-                                }
-
-                                echo '</select></div></div>';
-                                break;
-
-                            case 'multiselect':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group"><label for="' . $v['name'] . '[]" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '[]" ' . $cls . ' multiple>';
-
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if (strlen($k_value == $option)) {
-                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
+                                        $selected = 'selected';
                                     } else {
                                         $selected = '';
                                     }
@@ -456,146 +435,105 @@ $show_quick_help = $show['show'];
                                 }
 
                                 echo '</select>
-                        <div class="btn-group" role="group">
-                            <button type="button" class="btn btn-default" onclick="selectAll(\'' . $formattedId . '\')">'.$hesklang['select_all_title_case'].'</button>
-                            <button type="button" class="btn btn-default" onclick="deselectAll(\'' . $formattedId . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                        </div></div></div>';
+                                    <div class="help-block with-errors"></div></div></div>';
                                 break;
 
                             /* Checkbox */
                             case 'checkbox':
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                foreach ($options as $option) {
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label><div align="left" class="col-sm-9">';
 
+                                foreach ($v['value']['checkbox_options'] as $option) {
                                     if (in_array($option, $k_value)) {
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                     } else {
                                         $checked = '';
                                     }
 
-                                    echo '<label style="font-weight: normal;"><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    echo '<div class="checkbox"><label><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . $required_attribute . '> ' . $option . '</label></div>';
                                 }
-                                echo '</div></div>';
+                                echo '
+                                    <div class="help-block with-errors"></div></div></div>';
                                 break;
 
                             /* Large text box */
                             case 'textarea':
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $size = explode('#', $v['value']);
-                                $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                $size[1] = empty($size[1]) ? 30 : intval($size[1]);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></div>
-                        </div>';
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
+                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
+                                    <div class="help-block with-errors"></div></div></div>';
                                 break;
 
                             case 'date':
+                                if ($required_attribute != '') {
+                                    $required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
+                                }
+
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
                                 echo '
-                        <div class="form-group">
-                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
+                        <div class="form-group' . $cls . '">
+                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
                             <div class="col-sm-9">
-                                <input type="text" class="datepicker form-control white-readonly ' . $cls . '" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
-                                    maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly/>
-                                <span class="help-block">' . $hesklang['date_format'] . '</span>
+                                <input type="text" class="datepicker form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
+                                    value="' . $k_value . '" ' . $required_attribute . '>
+                                <div class="help-block with-errors"></div>
                             </div>
                         </div>';
                                 break;
-
                             case 'email':
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
                                 $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
 
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                if ($v['value'] == 'cc' || $v['value'] == 'bcc') {
-                                    // (b)cc isn't a valid email but is the "value" used by settings. Just remove it.
-                                    $v['value'] = '';
-                                }
+                                $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : '';
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
-                        </div>';
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.$required_attribute.'>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                        </div><div id="'.$k.'_suggestions"></div>';
 
                                 break;
 
+                            // Hidden and read-only should work the same as text
                             case 'hidden':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' />';
-
-                                break;
-
                             case 'readonly':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' readonly></div>
-                        </div>';
-
-                                break;
-
-                            /* Default text input */
                             default:
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["as_$k"])) {
+                                    $v['value']['default_value'] = $k_value;
                                 }
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $cls . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
                         </div>';
                         }
                     }
@@ -750,17 +688,28 @@ $show_quick_help = $show['show'];
                 $has_error = '';
                 if (in_array('subject', $_SESSION['iserror'])) {
                     $has_error = 'has-error';
-                }?>
+                }
+
+                $red_star = '';
+                $validator = '';
+                if ($hesk_settings['require_subject'] == 1) {
+                    $red_star = '<span class="important">*</span>';
+                    $validator = 'data-error="' . htmlspecialchars($hesklang['enter_subject']) . '"" required';
+                }
+                ?>
                 <div class="form-group <?php echo $has_error; ?>">
-                    <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?><span
-                            class="important">*</span></label>
+                    <label for="subject" class="col-sm-3 control-label">
+                        <?php
+                        echo $hesklang['subject'];
+                        echo $red_star;
+                        ?>
+                    </label>
                     <div class="col-sm-9">
                         <span id="HeskSub"><input class="form-control" type="text" name="subject" id="subject" size="40" maxlength="40"
                           value="<?php if (isset($_SESSION['as_subject']) || isset($_GET['subject'])) {
                               echo stripslashes(hesk_input($_SESSION['as_subject']));
                           } ?>" placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"
-                          data-error="<?php echo htmlspecialchars($hesklang['enter_subject']); ?>"
-                          required></span>
+                          <?php echo $validator; ?>></span>
                         <div class="help-block with-errors"></div>
                     </div>
                 </div>
@@ -768,16 +717,27 @@ $show_quick_help = $show['show'];
                 $has_error = '';
                 if (in_array('message', $_SESSION['iserror'])) {
                     $has_error = 'has-error';
-                } ?>
+                }
+
+                $red_star = '';
+                $validator = '';
+                if ($hesk_settings['require_message'] == 1) {
+                    $red_star = '<span class="important">*</span>';
+                    $validator = 'data-error="' . htmlspecialchars($hesklang['enter_message']) . '"" required';
+                }
+                ?>
                 <div class="form-group <?php echo $has_error; ?>" id="message-group">
-                    <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['message']; ?><span
-                            class="important">*</span></label>
+                    <label for="subject" class="col-sm-3 control-label">
+                        <?php
+                        echo $hesklang['message'];
+                        echo $red_star;
+                        ?>
+                    </label>
                     <div class="col-sm-9">
                     <span id="HeskMsg">
                         <textarea class="form-control htmlEditor" name="message" id="message" rows="12" cols="60"
                                   placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>"
-                                  data-error="<?php echo htmlspecialchars($hesklang['enter_message']); ?>"
-                                  required><?php if (isset($_SESSION['as_message'])) {
+                                  <?php echo $validator; ?>><?php if (isset($_SESSION['as_message'])) {
                                 echo stripslashes(hesk_input($_SESSION['as_message']));
                             } ?></textarea>
                     </span>
@@ -789,79 +749,79 @@ $show_quick_help = $show['show'];
                 /* custom fields AFTER comments */
 
                 foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                    if ($v['use'] && $v['place']) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
+                    if ($v['use'] && $v['place'] == 1 && hesk_is_custom_field_in_category($k, $category)) {
+                        if ($v['req'] == 2) {
+                            $v['req']=  '<span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        } else {
+                            $v['req'] = '';
+                            $required_attribute = '';
                         }
 
-                        // $v['req'] = $v['req'] ? '<font class="important">*</font>' : '';
-                        // Staff doesn't need to fill in required custom fields
-                        $v['req'] = '';
-
                         if ($v['type'] == 'checkbox') {
                             $k_value = array();
-                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"])) {
-                                foreach ($_SESSION["c_$k"] as $myCB) {
+                            if (isset($_SESSION["as_$k"]) && is_array($_SESSION["as_$k"])) {
+                                foreach ($_SESSION["as_$k"] as $myCB) {
                                     $k_value[] = stripslashes(hesk_input($myCB));
                                 }
                             }
-                        } elseif (isset($_SESSION["c_$k"])) {
-                            $k_value = stripslashes(hesk_input($_SESSION["c_$k"]));
+                        } elseif (isset($_SESSION["as_$k"])) {
+                            $k_value  = stripslashes(hesk_input($_SESSION["as_$k"]));
                         } else {
-                            $k_value = '';
+                            $k_value  = '';
                         }
 
                         switch ($v['type']) {
                             /* Radio box */
                             case 'radio':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label><div align="left" class="col-sm-9">';
 
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
 
-                                foreach ($options as $option) {
+                                foreach ($v['value']['radio_options'] as $option) {
 
-                                    if (strlen($k_value) == 0 || $k_value == $option) {
+                                    if (strlen($k_value) == 0) {
+                                        $k_value = $option;
+                                        $checked = empty($v['value']['no_default']) ? 'checked' : '';
+                                    } elseif ($k_value == $option) {
                                         $k_value = $option;
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                     } else {
                                         $checked = '';
                                     }
 
-                                    echo '<label style="font-weight: normal;"><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    //Clean up multiple dashes or whitespaces
+                                    $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
+                                    $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
+
+                                    echo '<div class="radio"><label><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                 }
 
-                                echo '</div></div>';
+                                echo '<div class="help-block with-errors"></div></div></div>';
                                 break;
 
                             /* Select drop-down box */
                             case 'select':
+
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $cls . '>';
+                                echo '<div class="form-group' . $cls . '"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $required_attribute . '>';
 
                                 // Show "Click to select"?
-                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                if ($num) {
+                                if (!empty($v['value']['show_select'])) {
                                     echo '<option value="">' . $hesklang['select'] . '</option>';
                                 }
 
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
+                                foreach ($v['value']['select_options'] as $option) {
                                     if ($k_value == $option) {
                                         $k_value = $option;
-                                        $selected = 'selected="selected"';
+                                        $selected = 'selected';
                                     } else {
                                         $selected = '';
                                     }
@@ -869,175 +829,104 @@ $show_quick_help = $show['show'];
                                     echo '<option ' . $selected . '>' . $option . '</option>';
                                 }
 
-                                echo '</select></div></div>';
+                                echo '</select><div class="help-block with-errors"></div></div></div>';
                                 break;
 
                             /* Checkbox */
                             case 'checkbox':
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                foreach ($options as $option) {
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
+                                echo '<div class="form-group' . $cls . '"><label class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label><div align="left" class="col-sm-9">';
 
+                                foreach ($v['value']['checkbox_options'] as $option) {
                                     if (in_array($option, $k_value)) {
-                                        $checked = 'checked="checked"';
+                                        $checked = 'checked';
                                     } else {
                                         $checked = '';
                                     }
 
-                                    echo '<label style="font-weight: normal;"><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br>';
+                                    echo '<div class="checkbox"><label><input id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
                                 }
-                                echo '</div></div>';
+                                echo '<div class="help-block with-errors"></div></div></div>';
                                 break;
 
                             /* Large text box */
                             case 'textarea':
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $size = explode('#', $v['value']);
-                                $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                $size[1] = empty($size[1]) ? 30 : intval($size[1]);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . '>' . $k_value . '</textarea></div>
+                                echo '<div class="form-group' . $cls . '">
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9"><textarea class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
+                        <div class="help-block with-errors"></div></div>
                         </div>';
                                 break;
 
                             case 'date':
+                                if ($required_attribute != '') {
+                                    $required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
+                                }
+
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
                                 echo '
-                        <div class="form-group">
-                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
+                        <div class="form-group' . $cls . '">
+                            <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
                             <div class="col-sm-9">
-                                <input type="text" class="datepicker form-control white-readonly ' . $cls . '" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
-                                    maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" readonly/>
-                                <span class="help-block">' . $hesklang['date_format'] . '</span>
+                                <input type="text" class="datepicker form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
+                                    value="' . $k_value . '" ' . $required_attribute . '>
+                                <div class="help-block with-errors"></div>
                             </div>
                         </div>';
                                 break;
-
-                            case 'multiselect':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group"><label for="' . $v['name'] . '[]" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '[]" ' . $cls . ' multiple>';
-
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if ($k_value == $option) {
-                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
-                                        $selected = '';
-                                    }
-
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
-                                }
-
-                                echo '</select>
-                        <div class="btn-group" role="group">
-                            <button type="button" class="btn btn-default" onclick="selectAll(\'' . $formattedId . '\')">'.$hesklang['select_all_title_case'].'</button>
-                            <button type="button" class="btn btn-default" onclick="deselectAll(\'' . $formattedId . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                        </div></div></div>';
-                                break;
-
                             case 'email':
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                if ($v['value'] == 'cc' || $v['value'] == 'bcc') {
-                                    // (b)cc isn't a valid email but is the "value" used by settings. Just remove it.
-                                    $v['value'] = '';
-                                }
+                                $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 1'.($v['value']['multiple'] ? ',1' : '').')"' : '';
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError' : '';
 
                                 echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
-                        </div>';
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.' ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                        </div><div id="'.$k.'_suggestions"></div>';
 
                                 break;
 
                             case 'hidden':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' />';
-
-                                break;
-
                             case 'readonly':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' readonly></div>
-                        </div>';
-
-                                break;
-
-                            /* Default text input */
                             default:
                                 //Clean up multiple dashes or whitespaces
                                 $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $v['name']);
+                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["as_$k"])) {
+                                    $v['value']['default_value'] = $k_value;
                                 }
 
                                 $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
 
                                 echo '<div class="form-group">
-                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . '</label>
-                        <div class="col-sm-9"><input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' /></div>
+                        <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
                         </div>';
                         }
                     }
@@ -1145,6 +1034,7 @@ $show_quick_help = $show['show'];
                         <input type="hidden" id="latitude" name="latitude" value="E-0">
                         <input type="hidden" id="longitude" name="longitude" value="E-0">
                         <input type="hidden" name="token" value="<?php hesk_token_echo(); ?>">
+                        <input type="hidden" name="category" value="<?php echo $category; ?>">
                         <input type="submit" value="<?php echo $hesklang['sub_ticket']; ?>" class="btn btn-default">
                     </div>
                 </div>
@@ -1186,4 +1076,100 @@ hesk_cleanSessionVars('isnotice');
 
 require_once(HESK_PATH . 'inc/footer.inc.php');
 exit();
-?>
+
+/*** START FUNCTIONS ***/
+
+
+function print_select_category($number_of_categories) {
+    global $hesk_settings, $hesklang;
+
+    // A category needs to be selected
+    if (isset($_GET['category']) && empty($_GET['category'])) {
+        hesk_process_messages($hesklang['sel_app_cat'],'NOREDIRECT','NOTICE');
+    }
+
+    /* This will handle error, success and notice messages */
+    hesk_handle_messages();
+    ?>
+    <section class="content">
+        <div class="box">
+            <div class="box-header with-border">
+                <h1 class="box-title">
+                    <?php echo $hesklang['select_category_staff']; ?>
+                </h1>
+            </div>
+            <div class="box-body">
+                <div class="select_category">
+                    <?php
+                    // Print a select box if number of categories is large
+                    if ($number_of_categories > $hesk_settings['cat_show_select'])
+                    {
+                        ?>
+                        <form action="new_ticket.php" method="get">
+                            <select name="category" id="select_category" class="form-control">
+                                <?php
+                                if ($hesk_settings['select_cat'])
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
+                                }
+                                foreach ($hesk_settings['categories'] as $k=>$v)
+                                {
+                                    echo '<option value="'.$k.'">'.$v.'</option>';
+                                }
+                                ?>
+                            </select>
+
+                            &nbsp;<br />
+
+                            <div style="text-align:center">
+                                <input type="submit" value="<?php echo $hesklang['c2c']; ?>" class="btn btn-default">
+                            </div>
+                        </form>
+                        <?php
+                    }
+                    // Otherwise print quick links
+                    else
+                    {
+                        // echo '<li><a href="new_ticket.php?a=add&amp;category='.$k.'">&raquo; '.$v.'</a></li>';
+                        $new_row = 1;
+
+                        foreach ($hesk_settings['categories'] as $k=>$v):
+                            if ($new_row == 1) {
+                                echo '<div class="row">';
+                                $new_row = -1;
+                            }
+                            ?>
+                            <div class="col-md-5 col-sm-12 <?php if ($new_row == -1) {echo 'col-md-offset-1';} ?>">
+                                <a href="new_ticket.php?a=add&category=<?php echo $k; ?>" class="button-link">
+                                    <div class="panel panel-default">
+                                        <div class="panel-body">
+                                            <div class="row">
+                                                <div class="col-xs-12">
+                                                    <?php echo $v; ?>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </div>
+                            <?php
+                            $new_row++;
+                            if ($new_row == 1) {
+                                echo '</div>';
+                            }
+                        endforeach;
+                    }
+                    ?>
+                </div>
+            </div>
+        </div>
+    </section>
+
+    <?php
+
+    hesk_cleanSessionVars('iserror');
+    hesk_cleanSessionVars('isnotice');
+
+    require_once(HESK_PATH . 'inc/footer.inc.php');
+    exit();
+} // END print_select_category()
diff --git a/admin/options.php b/admin/options.php
deleted file mode 100644
index beee06fc..00000000
--- a/admin/options.php
+++ /dev/null
@@ -1,393 +0,0 @@
-<?php
-/*******************************************************************************
- *  Title: Help Desk Software HESK
- *  Version: 2.6.8 from 10th August 2016
- *  Author: Klemen Stirn
- *  Website: http://www.hesk.com
- ********************************************************************************
- *  COPYRIGHT AND TRADEMARK NOTICE
- *  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
- *  HESK is a registered trademark of Klemen Stirn.
- *  The HESK may be used and modified free of charge by anyone
- *  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
- *  By using this code you agree to indemnify Klemen Stirn from any
- *  liability that might arise from it's use.
- *  Selling the code for this program, in part or full, without prior
- *  written consent is expressly forbidden.
- *  Using this code, in part or full, to create derivate work,
- *  new scripts or products is expressly forbidden. Obtain permission
- *  before redistributing this software over the Internet or in
- *  any other medium. In all cases copyright and header must remain intact.
- *  This Copyright is in full effect in any country that has International
- *  Trade Agreements with the United States of America or
- *  with the European Union.
- *  Removing any of the copyright notices without purchasing a license
- *  is expressly forbidden. To remove HESK copyright notice you must purchase
- *  a license for this script. For more information on how to obtain
- *  a license please visit the page below:
- *  https://www.hesk.com/buy.php
- *******************************************************************************/
-
-define('IN_SCRIPT', 1);
-define('HESK_PATH', '../');
-
-/* Get all the required files and functions */
-require(HESK_PATH . 'hesk_settings.inc.php');
-require(HESK_PATH . 'inc/common.inc.php');
-require(HESK_PATH . 'inc/admin_functions.inc.php');
-
-$id = hesk_input(hesk_GET('i'));
-$query = hesk_input(hesk_utf8_urldecode(hesk_GET('q')));
-$type = hesk_input(hesk_GET('t', 'text'));
-$maxlen = intval(hesk_GET('m', 255));
-$query = stripslashes($query);
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML; 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
-<head>
-    <title><?php echo $hesklang['opt']; ?></title>
-    <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
-    <style type="text/css">
-        body {
-            margin: 5px 5px;
-            padding: 0;
-            background: #fff;
-            color: black;
-            font: 68.8%/1.5 Verdana, Geneva, Arial, Helvetica, sans-serif;
-            text-align: left;
-        }
-
-        p {
-            color: black;
-            font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
-            font-size: 1.0em;
-        }
-
-        h3 {
-            color: #AF0000;
-            font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
-            font-weight: bold;
-            font-size: 1.0em;
-            text-align: center;
-        }
-
-        .title {
-            color: black;
-            font-family: Verdana, Geneva, Arial, Helvetica, sans-serif;
-            font-weight: bold;
-            font-size: 1.0em;
-        }
-
-        .wrong {
-            color: red;
-        }
-
-        .correct {
-            color: green;
-        }
-    </style>
-</head>
-<body>
-
-<h3><?php echo $hesklang['opt']; ?></h3>
-
-<p><i><?php echo $hesklang['ns']; ?></i></p>
-
-<?php
-
-switch ($type) {
-    case 'text':
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o2\').value;
-            window.opener.document.getElementById(\'s_' . $id . '_maxlen\').value = document.getElementById(\'o1\').value;
-            window.close();
-        }
-        </script>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['custom_l'] . ':<td>
-        <td><input type="text" name="o1" id="o1" value="' . $maxlen . '" size="30" /></td>
-        </tr>
-        <tr>
-        <td>' . $hesklang['defw'] . ':<td>
-        <td><input type="text" name="o2" id="o2" value="' . $query . '" size="30" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'hidden':
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-            window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
-            window.close();
-        }
-        </script>
-        <p>' . $hesklang['hidden_custom_field_help'] . '</p>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['value_colon'] . '<td>
-        <td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'readonly':
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-            window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value;
-            window.close();
-        }
-        </script>
-        <p>' . $hesklang['readonly_custom_field_help'] . '</p>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['value_colon'] . '<td>
-        <td><input type="text" name="o1" id="o1" value="' . $query . '" size="30" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'textarea':
-        if (strpos($query, '#') !== false) {
-            list($rows, $cols) = explode('#', $query);
-        } else {
-            $rows = '';
-            $cols = '';
-        }
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = document.getElementById(\'o1\').value + "#" + document.getElementById(\'o2\').value;
-            window.close();
-        }
-        </script>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['rows'] . ':<td>
-        <td><input type="text" name="o1" id="o1" value="' . $rows . '" size="5" /></td>
-        </tr>
-        <tr>
-        <td>' . $hesklang['cols'] . ':<td>
-        <td><input type="text" name="o2" id="o2" value="' . $cols . '" size="5" /></td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'radio':
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-				else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['opt2'] . '</p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'select':
-        $query = str_replace('{HESK_SELECT}', '', $query, $show_select);
-
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-			else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-			if (document.getElementById(\'show_select\').checked)
-			{
-				text = "{HESK_SELECT}" + text;
-			}
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['opt3'] . '</p>
-        <p><label><input type="checkbox" name="show_select" id="show_select" value="1" ' . ($show_select ? 'checked="checked"' : '') . ' /> ' . $hesklang['show_select'] . '</label></p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'checkbox':
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-			else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['opt4'] . '</p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'date':
-        echo '<p>' . $hesklang['date_custom_field_text'] . '</p>';
-        break;
-    case 'multiselect':
-        $options = str_replace('#HESK#', "\n", $query);
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-        	text = document.getElementById(\'o1\').value;
-            text = text.replace(/^\s\s*/, \'\').replace(/\s\s*$/, \'\');
-			text = escape(text);
-			if(text.indexOf(\'%0D%0A\') > -1)
-			{
-				re_nlchar = /%0D%0A/g ;
-			}
-		    else if(text.indexOf(\'%0A\') > -1)
-			{
-				re_nlchar = /%0A/g ;
-            }
-			else if(text.indexOf(\'%0D\') > -1)
-			{
-				re_nlchar = /%0D/g ;
-			}
-            else
-            {
-            	alert(\'' . addslashes($hesklang['atl2']) . '\');
-                return false;
-            }
-			text = unescape(text.replace(re_nlchar,\'#HESK#\'));
-
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = text;
-            window.close();
-        }
-        </script>
-
-        <p>' . $hesklang['multiple_select_custom_field_text'] . '</p>
-        <textarea name="o1" id="o1" rows="6" cols="40">' . $options . '</textarea>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    case 'email':
-        $ccSelected = $query == 'cc' ? 'selected="selected"' : '';
-        $bccSelected = $query == 'bcc' ? 'selected="selected"' : '';
-        echo '
-        <script language="javascript">
-        function hesk_saveOptions()
-        {
-            var dropdown = document.getElementById(\'o1\');
-        	window.opener.document.getElementById(\'s_' . $id . '_val\').value = dropdown.options[dropdown.selectedIndex].value;
-            window.close();
-        }
-        </script>
-        <p>' . $hesklang['email_custom_field_help'] . '</p>
-		<table border="0">
-        <tr>
-        <td>' . $hesklang['email_custom_field_label'] . ':</td>
-        <td>
-            <select name="o1" id="o1">
-                <option value="cc" ' . $ccSelected . '>' . $hesklang['cc'] . '</option>
-                <option value="bcc" ' . $bccSelected . '>' . $hesklang['bcc'] . '</option>
-            </select>
-        </td>
-        </tr>
-        </table>
-        <p><input type="button" value="  ' . $hesklang['ok'] . '  " onclick="Javascript:hesk_saveOptions()" /></p>
-        ';
-        break;
-    default:
-        die('Invalid type');
-}
-?>
-
-<p align="center"><a href="#" onclick="Javascript:window.close()"><?php echo $hesklang['cwin']; ?></a></p>
-
-<p>&nbsp;</p>
-
-</body>
-
-</html>
-<?php
-exit();
-?>
diff --git a/admin/profile.php b/admin/profile.php
index 83570eec..4d294a3a 100644
--- a/admin/profile.php
+++ b/admin/profile.php
@@ -115,7 +115,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     /* Only update if it's a valid language */
                     if (isset($hesk_settings['languages'][$newlang])) {
                         $newlang = ($newlang == HESK_DEFAULT_LANGUAGE) ? "NULL" : "'" . hesk_dbEscape($newlang) . "'";
-                        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
+                        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `language`=$newlang WHERE `id`='" . intval($_SESSION['id']) . "'");
                     }
                 }
 
@@ -232,6 +232,21 @@ function update_profile()
     $_SESSION['new']['notify_customer_new'] = isset($_POST['notify_customer_new']) ? 1 : 0;
     $_SESSION['new']['notify_customer_reply'] = isset($_POST['notify_customer_reply']) ? 1 : 0;
     $_SESSION['new']['show_suggested'] = isset($_POST['show_suggested']) ? 1 : 0;
+    $_SESSION['new']['autoreload'] = isset($_POST['autoreload']) ? 1 : 0;
+
+    if ($_SESSION['new']['autoreload']) {
+        $_SESSION['new']['autoreload'] = intval(hesk_POST('reload_time'));
+
+        if (hesk_POST('secmin') == 'min') {
+            $_SESSION['new']['autoreload'] *= 60;
+        }
+
+        if ($_SESSION['new']['autoreload'] < 0 || $_SESSION['new']['autoreload'] > 65535) {
+            $_SESSION['new']['autoreload'] = 30;
+        }
+    } else {
+        hesk_setcookie('autorefresh', '');
+    }
 
     /* Auto-start ticket timer */
     $_SESSION['new']['autostart'] = isset($_POST['autostart']) ? 1 : 0;
@@ -239,9 +254,6 @@ function update_profile()
     /* Default calendar view */
     $_SESSION['new']['default_calendar_view'] = hesk_POST('default-calendar-view', 0);
 
-    /* Update auto-refresh time */
-    $_SESSION['new']['autorefresh'] = isset($_POST['autorefresh']) ? $_POST['autorefresh'] : 0;
-
     /* Notifications */
     if (!(!$_SESSION[$session_array]['isadmin'] && isset($_SESSION[$session_array]['heskprivileges'])
         && strpos($_SESSION[$session_array]['heskprivileges'], 'can_change_notification_settings') === false)) {
@@ -274,7 +286,7 @@ function update_profile()
 		$sql_pass ,
 	    `afterreply`='" . intval($_SESSION['new']['afterreply']) . "' ,
         `autostart`='" . intval($_SESSION['new']['autostart']) . "' ,
-        `autorefresh`='" . intval($_SESSION['new']['autorefresh']) . "' ,
+        `autoreload`='".($_SESSION['new']['autoreload'])."' ,
 	    `notify_new_unassigned`='" . intval($_SESSION['new']['notify_new_unassigned']) . "' ,
         `notify_new_my`='" . intval($_SESSION['new']['notify_new_my']) . "' ,
         `notify_reply_unassigned`='" . intval($_SESSION['new']['notify_reply_unassigned']) . "' ,
@@ -288,7 +300,7 @@ function update_profile()
         `notify_overdue_unassigned`='" . $_SESSION['new']['notify_overdue_unassigned'] . "',
         `show_suggested`='" . $_SESSION['new']['show_suggested'] . "',
         `default_calendar_view`=" . intval($_SESSION['new']['default_calendar_view']) . "
-	    WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1"
+	    WHERE `id`='" . intval($_SESSION['id']) . "'"
         );
 
         /* Process the session variables */
diff --git a/admin/reports.php b/admin/reports.php
index 1f8fa928..8322cd6e 100644
--- a/admin/reports.php
+++ b/admin/reports.php
@@ -65,23 +65,23 @@ $is_all_time = 0;
 /* Default this month to date */
 $date_from = date('Y-m-d', mktime(0, 0, 0, date("m"), 1, date("Y")));
 $date_to = date('Y-m-d');
-$input_datefrom = date('m/d/Y', strtotime('last month'));
-$input_dateto = date('m/d/Y');
+$input_datefrom = date('Y-m-d', strtotime('last month'));
+$input_dateto = date('Y-m-d');
 
 /* Date */
 if (!empty($_GET['w'])) {
     $df = preg_replace('/[^0-9]/', '', hesk_GET('datefrom'));
     if (strlen($df) == 8) {
-        $date_from = substr($df, 4, 4) . '-' . substr($df, 0, 2) . '-' . substr($df, 2, 2);
-        $input_datefrom = substr($df, 0, 2) . '/' . substr($df, 2, 2) . '/' . substr($df, 4, 4);
+        $date_from = substr($df, 0, 4) . '-' . substr($df, 4, 2) . '-' . substr($df, 6, 2);
+        $input_datefrom = $date_from;
     } else {
         $date_from = date('Y-m-d', strtotime('last month'));
     }
 
     $dt = preg_replace('/[^0-9]/', '', hesk_GET('dateto'));
     if (strlen($dt) == 8) {
-        $date_to = substr($dt, 4, 4) . '-' . substr($dt, 0, 2) . '-' . substr($dt, 2, 2);
-        $input_dateto = substr($dt, 0, 2) . '/' . substr($dt, 2, 2) . '/' . substr($dt, 4, 4);
+        $date_to = substr($dt, 0, 4) . '-' . substr($dt, 4, 2) . '-' . substr($dt, 6, 2);
+        $input_dateto = $date_to;
     } else {
         $date_to = date('Y-m-d');
     }
@@ -247,9 +247,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 <div class="form-group">
                     <label for="dtrg" class="control-label"><?php echo $hesklang['dtrg']; ?>:</label>
 
-                    <div class="radio move-right-20">
-                        <input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> />
+                    <div class="radio form-inline move-right-20">
+                        <input type="radio" name="w" value="0" id="w0" <?php echo $selected['w'][0]; ?> style="position: relative">
                         <select name="time" onclick="document.getElementById('w0').checked = true"
+                                class="form-control"
                                 onfocus="document.getElementById('w0').checked = true"
                                 style="margin-top:5px;margin-bottom:5px;">
                             <option value="1" <?php echo $selected['time'][1]; ?>><?php echo $hesklang['r1']; ?>
@@ -288,16 +289,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                 value="12" <?php echo $selected['time'][12]; ?>><?php echo $hesklang['r12']; ?></option>
                         </select>
                     </div>
-                    <div class="radio move-right-20">
-                        <input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> />
+                    <div class="radio form-inline move-right-20">
+                        <input type="radio" name="w" value="1" id="w1" <?php echo $selected['w'][1]; ?> style="position: relative">
                         <?php echo $hesklang['from']; ?> <input type="text" name="datefrom"
                                                                 value="<?php echo $input_datefrom; ?>"
-                                                                id="datefrom" class="tcal" size="10"
+                                                                id="datefrom" class="datepicker form-control" size="10"
                                                                 onclick="document.getElementById('w1').checked = true"
                                                                 onfocus="document.getElementById('w1').checked = true;this.focus;"/>
                         <?php echo $hesklang['to']; ?> <input type="text" name="dateto"
                                                               value="<?php echo $input_dateto; ?>" id="dateto"
-                                                              class="tcal" size="10"
+                                                              class="datepicker form-control" size="10"
                                                               onclick="document.getElementById('w1').checked = true"
                                                               onfocus="document.getElementById('w1').checked = true; this.focus;"/>
                     </div>
@@ -530,7 +531,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
                 // Some variables we will need
                 $tickets = array();
-                $totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0);
+                $totals = array('asstickets' => 0, 'resolved' => 0, 'tickets' => 0, 'replies' => 0, 'worked' => 0, 'openedby' => 0);
 
                 // Get list of users
                 $admins = array();
@@ -550,6 +551,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                             'tickets' => 0,
                             'replies' => 0,
                             'worked' => '',
+                            'openedby' => 0,
                         );
                     }
 
@@ -625,10 +627,21 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                 // Convert total seconds worked to HH:MM:SS
                 $totals['worked'] = $hesk_settings['time_worked'] ? hesk_SecondsToHHMMSS($totals['worked']) : 0;
 
+                // Get total opened by tickets
+                $res = hesk_dbQuery("SELECT `openedby`, COUNT(*) AS `cnt` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `openedby` IN ('" . implode("','", array_keys($admins) ) . "') AND DATE(`dt`) BETWEEN '" . hesk_dbEscape($date_from) . "' AND '" . hesk_dbEscape($date_to) . "' GROUP BY `openedby`");
+
+                // -> update ticket list values
+                while ($row = hesk_dbFetchAssoc($res))
+                {
+                    $tickets[$row['openedby']]['openedby'] += $row['cnt'];
+                    $totals['openedby'] += $row['cnt'];
+                }
+
                 ?>
                 <table class="table table-striped table-condensed">
                     <tr>
                         <th><?php echo $hesklang['user']; ?></th>
+                        <th><?php echo $hesklang['numsub']; ?></th>
                         <th><?php echo $hesklang['ticass']; ?></th>
                         <th><?php echo $hesklang['topen']; ?></th>
                         <th><?php echo $hesklang['closed_title']; ?></th>
@@ -647,6 +660,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                         ?>
                         <tr>
                             <td><b><?php echo $hesklang['totals']; ?></b></td>
+                            <td><b><?php echo $totals['openedby']; ?></b></td>
                             <td><b><?php echo $totals['asstickets']; ?></b></td>
                             <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
                             <td><b><?php echo $totals['resolved']; ?></b></td>
@@ -666,6 +680,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                         ?>
                         <tr>
                             <td><?php echo $admins[$k]; ?></td>
+                            <td><?php echo $d['openedby']; ?></td>
                             <td><?php echo $d['asstickets']; ?></td>
                             <td><?php echo $d['asstickets'] - $d['resolved']; ?></td>
                             <td><?php echo $d['resolved']; ?></td>
@@ -682,6 +697,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     ?>
                     <tr>
                         <td><b><?php echo $hesklang['totals']; ?></b></td>
+                        <td><b><?php echo $totals['openedby']; ?></b></td>
                         <td><b><?php echo $totals['asstickets']; ?></b></td>
                         <td><b><?php echo $totals['asstickets'] - $totals['resolved']; ?></b></td>
                         <td><b><?php echo $totals['resolved']; ?></b></td>
diff --git a/admin/service_messages.php b/admin/service_messages.php
index ccd10196..7ee9ba1c 100644
--- a/admin/service_messages.php
+++ b/admin/service_messages.php
@@ -111,22 +111,19 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             <li role="presentation">
                 <a title="' . $hesklang['statuses'] . '" href="manage_statuses.php">' . $hesklang['statuses'] . '</a>
             </li>
+            ';
+                    }
+                    // Show a link to custom_fields.php if user has permission to do so
+                    if ( hesk_checkPermission('can_man_settings',0) ) {
+                        echo '
+            <li role="presentation">
+                <a title="' . $hesklang['tab_4'] . '" href="custom_fields.php">' . $hesklang['tab_4'] . '</a>
+            </li>
             ';
                     }
                     ?>
                 </ul>
                 <div class="tab-content summaryList tabPadding">
-                    <script language="javascript" type="text/javascript"><!--
-                        function confirm_delete() {
-                            if (confirm('<?php echo hesk_makeJsString($hesklang['delban_confirm']); ?>')) {
-                                return true;
-                            }
-                            else {
-                                return false;
-                            }
-                        }
-                        //-->
-                    </script>
                     <div class="row">
                         <div class="col-sm-12">
                             <?php
@@ -494,9 +491,9 @@ function save_sm()
     $message = hesk_getHTML(hesk_POST('message'));
 	
 	// Clean the HTML code
-	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-	$purifier = new HTMLPurifier();
-	$message = $purifier->purify($message);
+	require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+	$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+	$message = $purifier->heskPurify($message);
 
     // Any errors?
     if (count($hesk_error_buffer)) {
@@ -547,7 +544,7 @@ function save_sm()
 	`style` = '{$style}',
 	`type` = '{$type}',
 	`icon` = '{$icon}'
-	WHERE `id`={$id} LIMIT 1");
+	WHERE `id`={$id}");
 
     $_SESSION['smord'] = $id;
     hesk_process_messages($hesklang['sm_mdf'], 'service_messages.php', 'SUCCESS');
@@ -588,7 +585,7 @@ function order_sm()
     $_SESSION['smord'] = $id;
 
     // Update article details
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id} LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=`order`+" . intval($move) . " WHERE `id`={$id}");
 
     // Update order of all service messages
     update_sm_order();
@@ -610,7 +607,7 @@ function update_sm_order()
     // Update database
     $i = 10;
     while ($sm = hesk_dbFetchAssoc($res)) {
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` SET `order`=" . intval($i) . " WHERE `id`='" . intval($sm['id']) . "'");
         $i += 10;
     }
 
@@ -630,7 +627,7 @@ function remove_sm()
     $id = intval(hesk_GET('id')) or hesk_error($hesklang['sm_e_id']);
 
     // Delete the service message
-    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id} LIMIT 1");
+    hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "service_messages` WHERE `id`={$id}");
 
     // Were we successful?
     if (hesk_dbAffectedRows() == 1) {
@@ -663,9 +660,9 @@ function new_sm()
     $message = hesk_getHTML(hesk_POST('message'));
 	
 	// Clean the HTML code
-	require(HESK_PATH . 'inc/htmlpurifier/HTMLPurifier.standalone.php');
-	$purifier = new HTMLPurifier();
-	$message = $purifier->purify($message);
+	require(HESK_PATH . 'inc/htmlpurifier/HeskHTMLPurifier.php');
+	$purifier = new HeskHTMLPurifier($hesk_settings['cache_dir']);
+	$message = $purifier->heskPurify($message);
 
     // Any errors?
     if (count($hesk_error_buffer)) {
diff --git a/admin/show_tickets.php b/admin/show_tickets.php
index 7d510547..caa22758 100644
--- a/admin/show_tickets.php
+++ b/admin/show_tickets.php
@@ -45,6 +45,7 @@ hesk_dbConnect();
 hesk_isLoggedIn();
 
 define('CALENDAR', 1);
+define('AUTO_RELOAD',1);
 
 /* Check permissions for this feature */
 hesk_checkPermission('can_view_tickets');
@@ -69,6 +70,14 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             </div>
         </div>
         <div class="box-body">
+            <div class="checkbox">
+                <label>
+                    <input type="checkbox" onclick="toggleAutoRefresh(this);" id="reloadCB">
+                    <?php echo $hesklang['arp']; ?>
+                    <span id="timer"></span>
+                </label>
+            </div>
+            <script type="text/javascript">heskCheckReloading();</script>
             <?php
             /* Print the list of tickets */
             $is_search = 1;
@@ -84,32 +93,28 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
             ?>
         </div>
     </div>
-    <div class="box">
-        <div class="box-body">
-            <?php
-            $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
-        CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
-        SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
-        SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
-        SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
-        iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
-        CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
-        yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
-        HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
-        FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8aHIgL
-        z48dGFibGUgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+PHRyPjx0ZD48Yj4nLiRoZXNrbGFuZ1sncmVtb
-        3ZlX3N0YXRlbWVudCddLic8L2I+PC90ZD48dGQgc3R5bGU9InRleHQtYWxpZ246cmlnaHQiPjxhIGhyZ
-        WY9IkphdmFzY3JpcHQ6dm9pZCgwKSIgb25jbGljaz0iYWxlcnQoXCcnLiRoZXNrbGFuZ1snc3VwcG9yd
-        F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
-        icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
-        29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
-        C9wPic7DQp9DQo=', "\112");
+    <?php
+    $hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
+CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
+SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
+SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
+SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
+iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
+CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
+yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
+HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
+FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8aHIgL
+z48dGFibGUgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+PHRyPjx0ZD48Yj4nLiRoZXNrbGFuZ1sncmVtb
+3ZlX3N0YXRlbWVudCddLic8L2I+PC90ZD48dGQgc3R5bGU9InRleHQtYWxpZ246cmlnaHQiPjxhIGhyZ
+WY9IkphdmFzY3JpcHQ6dm9pZCgwKSIgb25jbGljaz0iYWxlcnQoXCcnLiRoZXNrbGFuZ1snc3VwcG9yd
+F9ub3RpY2UnXS4nXCcpIj4nLiRoZXNrbGFuZ1snc2gnXS4nPC9hPjwvdGQ+PC90cj48L3RhYmxlPjxwP
+icuJGhlc2tsYW5nWydzdXBwb3J0X3JlbW92ZSddLicuIDxhIGhyZWY9Imh0dHBzOi8vd3d3Lmhlc2suY
+29tL2J1eS5waHAiIHRhcmdldD0iX2JsYW5rIj4nLiRoZXNrbGFuZ1snY2xpY2tfaW5mbyddLic8L2E+P
+C9wPic7DQp9DQo=', "\112");
 
-            /* Clean unneeded session variables */
-            hesk_cleanSessionVars('hide');
-            ?>
-        </div>
-    </div>
+    /* Clean unneeded session variables */
+    hesk_cleanSessionVars('hide');
+    ?>
 </section>
 <?php
 
diff --git a/change_status.php b/change_status.php
index 11b2a48f..4d6ce44b 100644
--- a/change_status.php
+++ b/change_status.php
@@ -107,11 +107,21 @@ hesk_dbConnect();
 // Verify email address match if needed
 hesk_verifyEmailMatch($trackingID);
 
+// Setup required session vars
+$_SESSION['t_track'] = $trackingID;
+$_SESSION['t_email'] = $hesk_settings['e_email'];
+
+// Load statuses
+require_once(HESK_PATH . 'inc/statuses.inc.php');
+
+// Is current ticket status even changeable by customers?
+$ticket = hesk_dbFetchAssoc( hesk_dbQuery( "SELECT `status`, `staffreplies`, `lastreplier` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1") );
+if (!hesk_can_customer_change_status($ticket['status'])) {
+    hesk_process_messages($hesklang['scno'],'ticket.php');
+}
+
 // Lets make status assignment a bit smarter when reopening tickets
 if ($oldStatus == 2) {
-    // Get number of replies and last replier (customer or staff)
-    $ticket = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `staffreplies`, `lastreplier` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1"));
-
     // If ticket has no staff replies set the status to "New"
     if ($ticket['staffreplies'] < 1) {
         $statusRes = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1');
@@ -128,11 +138,11 @@ if ($oldStatus == 2) {
 
 
 // Modify values in the database
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' AND `locked` != '1'");
 
 // Did we modify anything*
 if (hesk_dbAffectedRows() != 1) {
-    hesk_error($hesklang['elocked']);
+    hesk_process_messages($hesklang['elocked'],'ticket.php');
 }
 
 // Show success message
diff --git a/css/mods-for-hesk-new.css b/css/mods-for-hesk-new.css
index c8ed2556..3881aa10 100644
--- a/css/mods-for-hesk-new.css
+++ b/css/mods-for-hesk-new.css
@@ -150,4 +150,30 @@ button.dropdown-submit {
 
 .login-box-body {
     border-radius: 5px;
+}
+
+.button-link {
+    color: #4a5571;
+}
+
+.button-link:hover {
+    text-decoration: none;
+    color: #000;
+}
+
+.button-link .col-xs-1 {
+    margin: 0 auto;
+    padding: 0;
+}
+
+.button-link .panel-body:hover {
+    background-color: #EEE;
+}
+
+.timeline-header.header-info {
+    font-size: 14px !important;
+}
+
+.full-width {
+    width: 100%;
 }
\ No newline at end of file
diff --git a/hesk_javascript.js b/hesk_javascript.js
index 2372420d..fed60f01 100644
--- a/hesk_javascript.js
+++ b/hesk_javascript.js
@@ -241,9 +241,10 @@ function hesk_suggestKBsearch(isAdmin) {
     setTimeout('hesk_suggestKBsearch(' + isAdmin + ');', 2000);
 }
 
-function hesk_suggestEmail(isAdmin) {
-    var email = document.form1.email.value;
-    var element = document.getElementById('email_suggestions');
+function hesk_suggestEmail(emailField, displayDiv, padDiv, isAdmin, allowMultiple) {
+    allowMultiple = allowMultiple || 0;
+    var email = document.getElementById(emailField).value;
+    var element = document.getElementById(displayDiv);
 
     if (isAdmin) {
         var path = '../suggest_email.php';
@@ -253,7 +254,11 @@ function hesk_suggestEmail(isAdmin) {
     }
 
     if (email != '') {
-        var params = "e=" + encodeURIComponent(email);
+        var params = "e=" + encodeURIComponent(email) + "&ef=" + encodeURIComponent(emailField) + "&dd=" + encodeURIComponent(displayDiv) + "&pd=" + encodeURIComponent(padDiv);
+
+        if (allowMultiple) {
+            params += "&am=1";
+        }
 
         xmlHttp = GetXmlHttpObject();
         if (xmlHttp == null) {
@@ -369,7 +374,7 @@ function hesk_contains(password, validChars) {
 }
 
 function setCookie(name, value, expires, path, domain, secure) {
-    document.cookie = name + "=" + escape(value) +
+    document.cookie= name + "=" + escape(value) +
         ((expires) ? "; expires=" + expires.toGMTString() : "") +
         ((path) ? "; path=" + path : "") +
         ((domain) ? "; domain=" + domain : "") +
diff --git a/hesk_style.css b/hesk_style.css
index 99749089..d3b66a4a 100644
--- a/hesk_style.css
+++ b/hesk_style.css
@@ -755,4 +755,60 @@ td.admin_yellow {
 	height:16px; 
 	font-size:12px; 
 	margin-top:2px;
+}
+
+/* New styles in HESK version 2.7 */
+
+div.select_category
+{
+	min-width: 50%;
+	min-height: 300px;
+	display: inline-block;
+	text-align:left;
+	margin-top: 10px;
+}
+
+#select_category {
+	border: 1px solid #111;
+	background: transparent;
+	width: 100%;
+	padding: 5px 35px 5px 5px;
+	font-size: 14px;
+	border: 1px solid #ccc;
+	height: 34px;
+}
+
+#ul_category {
+	list-style-type: none;
+	margin: 0;
+	padding: 0;
+}
+
+#ul_category li {
+	border: 1px solid #d1d5d7;
+	border-top: none;
+	border-radius: 2px;
+}
+
+#ul_category li:first-child {
+	border-top: 1px solid #d1d5d7;
+}
+
+#ul_category li a {
+	display: block;
+	font-size: 14px;
+	padding: 0.75em 0.75em;
+	text-decoration: none;
+	transition: all 0.12s ease;
+	word-wrap: break-word;
+}
+
+#ul_category li a:hover {
+	color: black;
+	background-color: #e9ffdb;
+}
+
+select.multiple {
+	font-size: 12px;
+	height: auto;
 }
\ No newline at end of file
diff --git a/inc/admin_functions.inc.php b/inc/admin_functions.inc.php
index 26e3ee3e..ac790bcb 100644
--- a/inc/admin_functions.inc.php
+++ b/inc/admin_functions.inc.php
@@ -51,13 +51,6 @@ $hesk_settings['possible_ticket_list'] = array(
     'time_worked' => $hesklang['ts'],
 );
 
-// Also possible to display all custom fields
-for ($i = 1; $i <= 20; $i++) {
-    if ($hesk_settings['custom_fields']['custom' . $i]['use']) {
-        $hesk_settings['possible_ticket_list']['custom' . $i] = $hesk_settings['custom_fields']['custom' . $i]['name'];
-    }
-}
-
 /*** FUNCTIONS ***/
 
 
@@ -256,7 +249,7 @@ function hesk_mergeTickets($merge_these, $merge_into)
     }
 
     /* Update history (log) and merged IDs of target ticket */
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "' LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET $replies_sql `time_worked`=ADDTIME(`time_worked`, '" . hesk_dbEscape($sec_worked) . "'), `merged`=CONCAT(`merged`,'" . hesk_dbEscape($merged . '#') . "'), `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `id`='" . intval($merge_into) . "'");
 
     return true;
 
@@ -393,8 +386,8 @@ function hesk_autoLogin($noredirect = 0)
     /* Check username */
     $result = hesk_dbQuery('SELECT * FROM `' . $hesk_settings['db_pfix'] . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
     if (hesk_dbNumRows($result) != 1) {
-        setcookie('hesk_username', '');
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', '');
+        hesk_setcookie('hesk_p', '');
         header('Location: '.$url);
         exit();
     }
@@ -403,8 +396,8 @@ function hesk_autoLogin($noredirect = 0)
 
     /* Check password */
     if ($hash != hesk_Pass2Hash($res['pass'] . strtolower($user) . $res['pass'])) {
-        setcookie('hesk_username', '');
-        setcookie('hesk_p', '');
+        hesk_setcookie('hesk_username', '');
+        hesk_setcookie('hesk_p', '');
         header('Location: '.$url);
         exit();
     }
@@ -437,8 +430,8 @@ function hesk_autoLogin($noredirect = 0)
     }
 
     /* Renew cookies */
-    setcookie('hesk_username', "$user", strtotime('+1 year'));
-    setcookie('hesk_p', "$hash", strtotime('+1 year'));
+    hesk_setcookie('hesk_username', "$user", strtotime('+1 year'));
+    hesk_setcookie('hesk_p', "$hash", strtotime('+1 year'));
 
     /* Close any old tickets here so Cron jobs aren't necessary */
     if ($hesk_settings['autoclose']) {
@@ -646,7 +639,8 @@ function hesk_formatDate($dt, $from_database = true)
 
 function hesk_jsString($str)
 {
-    $str = str_replace(array('\'', '<br />'), array('\\\'', ''), $str);
+    $str  = addslashes($str);
+    $str  = str_replace('<br />' , '' , $str);
     $from = array("/\r\n|\n|\r/", '/\<a href="mailto\:([^"]*)"\>([^\<]*)\<\/a\>/i', '/\<a href="([^"]*)" target="_blank"\>([^\<]*)\<\/a\>/i');
     $to = array("\\r\\n' + \r\n'", "$1", "$1");
     return preg_replace($from, $to, $str);
@@ -715,3 +709,53 @@ function hesk_checkPermission($feature, $showerror = 1)
     }
 
 } // END hesk_checkPermission()
+
+function hesk_purge_cache($type = '', $expire_after_seconds = 0)
+{
+    global $hesk_settings;
+
+    $cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
+
+    if ( ! is_dir($cache_dir))
+    {
+        return false;
+    }
+
+    switch ($type)
+    {
+        case 'export':
+            $files = glob($cache_dir.'hesk_export_*', GLOB_NOSORT);
+            break;
+        case 'status':
+            $files = glob($cache_dir.'status_*', GLOB_NOSORT);
+            break;
+        case 'cf':
+            $files = glob($cache_dir.'cf_*', GLOB_NOSORT);
+            break;
+        default:
+            hesk_rrmdir(trim($cache_dir, '/'), true);
+            return true;
+    }
+
+    if (is_array($files))
+    {
+        array_walk($files, 'hesk_unlink_callable', $expire_after_seconds);
+    }
+
+    return true;
+
+} // END hesk_purge_cache()
+
+
+function hesk_rrmdir($dir, $keep_top_level=false)
+{
+    $files = $keep_top_level ? array_diff(scandir($dir), array('.','..','index.htm')) : array_diff(scandir($dir), array('.','..'));
+
+    foreach ($files as $file)
+    {
+        (is_dir("$dir/$file")) ? hesk_rrmdir("$dir/$file") : @unlink("$dir/$file");
+    }
+
+    return $keep_top_level ? true : @rmdir($dir);
+
+} // END hesk_rrmdir()
diff --git a/inc/common.inc.php b/inc/common.inc.php
index d930433f..92989b15 100644
--- a/inc/common.inc.php
+++ b/inc/common.inc.php
@@ -35,10 +35,20 @@ if (!defined('IN_SCRIPT')) {
 
 #error_reporting(E_ALL);
 
-// Set correct Content-Type header
-if (!defined('NO_HTTP_HEADER')) {
+/*
+ * If code is executed from CLI, don't force SSL
+ * else set correct Content-Type header
+ */
+if (defined('NO_HTTP_HEADER')) {
+    $hesk_settings['force_ssl'] = false;
+} else {
     header('Content-Type: text/html; charset=utf-8');
-	header('X-Frame-Options: SAMEORIGIN');
+
+    // Don't allow HESK to be loaded in a frame on third party domains
+    if ($hesk_settings['x_frame_opt'])
+    {
+        header('X-Frame-Options: SAMEORIGIN');
+    }
 }
 
 // Set backslash options
@@ -56,12 +66,47 @@ if (!defined('ENT_XHTML')) {
     define('ENT_XHTML', 0);
 }
 
+// Is this is a SSL connection?
+if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
+    define('HESK_SSL', true);
+
+    // Use https-only cookies
+    @ini_set('session.cookie_secure', 1);
+} else {
+    // Force redirect?
+    if ($hesk_settings['force_ssl']) {
+        header('HTTP/1.1 301 Moved Permanently');
+        header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+        exit();
+    }
+
+    define('HESK_SSL', false);
+}
+
+// Prevents javascript XSS attacks aimed to steal the session ID
+@ini_set('session.cookie_httponly', 1);
+
+// **PREVENTING SESSION FIXATION**
+// Session ID cannot be passed through URLs
+@ini_set('session.use_only_cookies', 1);
+
+
 // Load language file
 hesk_getLanguage();
 
 
 /*** FUNCTIONS ***/
 
+function hesk_setcookie($name, $value, $expire=0, $path=""){
+    if (HESK_SSL) {
+        setcookie($name, $value, $expire, $path, "", true, true);
+    } else {
+        setcookie($name, $value, $expire, $path, "", false, true);
+    }
+
+    return true;
+} // END hesk_setcookie()
+
 function hesk_service_message($sm)
 {
     $faIcon = $sm['icon'];
@@ -145,6 +190,11 @@ function hesk_clean_utf8($in)
 
 function hesk_load_database_functions()
 {
+    // Already loaded?
+    if (function_exists('hesk_dbQuery')) {
+        return true;
+    }
+
     // Preferrably use the MySQLi functions
     if (function_exists('mysqli_connect')) {
         require(HESK_PATH . 'inc/database_mysqli.inc.php');
@@ -196,6 +246,12 @@ function hesk_unlink($file, $older_than = 0)
 } // END hesk_unlink()
 
 
+function hesk_unlink_callable($file, $key, $older_than=0)
+{
+    return hesk_unlink($file, $older_than);
+} // END hesk_unlink_callable()
+
+
 function hesk_utf8_urldecode($in)
 {
     $in = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($in));
@@ -204,7 +260,11 @@ function hesk_utf8_urldecode($in)
 
 function hesk_SESSION($in, $default = '')
 {
-    return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
+    if (is_array($in)) {
+        return isset($_SESSION[$in[0]][$in[1]]) && ! is_array(isset($_SESSION[$in[0]][$in[1]])) ? $_SESSION[$in[0]][$in[1]] : $default;
+    } else {
+        return isset($_SESSION[$in]) && ! is_array($_SESSION[$in]) ? $_SESSION[$in] : $default;
+    }
 } // END hesk_SESSION();
 
 
@@ -327,7 +387,7 @@ function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $e
 
     /* Email doesn't match, clean cookies and error out */
     if ($error) {
-        setcookie('hesk_myemail', '');
+        hesk_setcookie('hesk_myemail', '');
         hesk_process_messages($hesklang['enmdb'], 'ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999));
     } else {
         return false;
@@ -365,7 +425,7 @@ function hesk_getCustomerEmail($can_remember = 0, $field = '')
     if (isset($_GET['e']) || isset($_POST['e'])) {
         $my_email = hesk_validateEmail(hesk_REQUEST('e'), 'ERR', 0);
     } /* Is email in cookie? */
-    elseif ( isset($_GET['e']) || isset($_POST['e']) ) {
+    elseif (isset($_COOKIE['hesk_myemail'])) {
         $my_email = hesk_validateEmail(hesk_COOKIE('hesk_myemail'), 'ERR', 0);
         if ($can_remember && $my_email) {
             $do_remember = ' checked="checked" ';
@@ -970,7 +1030,7 @@ function hesk_showTopBar($page_title)
     echo $page_title;
 } // END hesk_showTopBar()
 
-function hesk_getLanguagesAsFormIfNecessary()
+function hesk_getLanguagesAsFormIfNecessary($trackingID = false)
 {
 
     global $hesk_settings, $hesklang;
@@ -979,6 +1039,14 @@ function hesk_getLanguagesAsFormIfNecessary()
 
         $str = '<form method="get" action="" role="form" style="margin:0;padding:0;border:0;white-space:nowrap;">';
 
+        if ($trackingID !== false) {
+            $str .= '<input type="hidden" name="track" value="'.hesk_htmlentities($trackingID).'">';
+
+            if ($hesk_settings['email_view_ticket'] && isset($hesk_settings['e_email'])) {
+                $str .= '<input type="hidden" name="e" value="'.hesk_htmlentities($hesk_settings['e_email']).'">';
+            }
+        }
+
         if (!isset($_GET)) {
             $_GET = array();
         }
@@ -1105,7 +1173,7 @@ function hesk_getLanguage()
     }
 
     /* Remember and set the selected language */
-    setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
+    hesk_setcookie('hesk_language', $hesk_settings['language'], time() + 31536000, '/');
     return hesk_returnLanguage();
 } // END hesk_getLanguage()
 
@@ -1113,10 +1181,45 @@ function hesk_getLanguage()
 function hesk_returnLanguage()
 {
     global $hesk_settings, $hesklang;
-    require(HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php');
-    $customLanguagePath = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
-    if (file_exists($customLanguagePath)) {
-        include($customLanguagePath);
+    // Variable that will be set to true if a language file was loaded
+    $language_loaded = false;
+
+    // Load requested language file
+    $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/text.php';
+    if (file_exists($language_file)) {
+        require($language_file);
+        $language_loaded = true;
+    }
+
+    // Requested language file not found, try to load default installed language
+    if (!$language_loaded && $hesk_settings['language'] != HESK_DEFAULT_LANGUAGE) {
+        $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][HESK_DEFAULT_LANGUAGE]['folder'] . '/text.php';
+        if (file_exists($language_file)) {
+            require($language_file);
+            $language_loaded = true;
+            $hesk_settings['language'] = HESK_DEFAULT_LANGUAGE;
+        }
+    }
+
+    // Requested language file not found, can we at least load English?
+    if (!$language_loaded && $hesk_settings['language'] != 'English' && HESK_DEFAULT_LANGUAGE != 'English') {
+        $language_file = HESK_PATH . 'language/en/text.php';
+        if (file_exists($language_file)) {
+            require($language_file);
+            $language_loaded = true;
+            $hesk_settings['language'] = 'English';
+        }
+    }
+
+    // If a language is still not loaded, give up
+    if (!$language_loaded) {
+        die('Count not load a valid language file.');
+    }
+
+    // Load a custom text file if available
+    $language_file = HESK_PATH . 'language/' . $hesk_settings['languages'][$hesk_settings['language']]['folder'] . '/custom-text.php';
+    if (file_exists($language_file)) {
+        require($language_file);
     }
     return true;
 } // END hesk_returnLanguage()
@@ -1637,9 +1740,43 @@ function hesk_check_maintenance($dodie = true)
 
     <div class="alert alert-warning" style="margin: 20px">
         <i class="fa fa-exclamation-triangle"></i>
-        <b><?php echo $hesklang['mm1']; ?></b><br/><br/>
-        <?php echo $hesklang['mm2']; ?><br/><br/>
-        <?php echo $hesklang['mm3']; ?>
+        <?php
+        // Has the help desk been installed yet?
+        if (
+            $hesk_settings['maintenance_mode'] == 0 &&
+            $hesk_settings['question_ans'] == 'PB6YM' &&
+
+            $hesk_settings['site_title'] == 'My Web site' &&
+            $hesk_settings['site_url'] == 'http://www.example.com' &&
+            $hesk_settings['webmaster_mail'] == 'support@example.com' &&
+            $hesk_settings['noreply_mail'] == 'support@example.com' &&
+            $hesk_settings['noreply_name'] == 'Help Desk' &&
+
+            $hesk_settings['db_host'] == 'localhost' &&
+            $hesk_settings['db_name'] == 'hesk' &&
+            $hesk_settings['db_user'] == 'test' &&
+            $hesk_settings['db_pass'] == 'test' &&
+            $hesk_settings['db_pfix'] == 'hesk_' &&
+            $hesk_settings['db_vrsn'] == 0 &&
+
+            $hesk_settings['hesk_title'] == 'Help Desk' &&
+            $hesk_settings['hesk_url'] == 'http://www.example.com/helpdesk'
+        )
+        {
+            echo "
+        <b>{$hesklang['hni1']}</b><br /><br />
+        {$hesklang['hni2']}<br /><br />
+        {$hesklang['hni3']}";
+        }
+        // Hesk appears to be installed, show a "Maintenance in progress" message
+        else
+        {
+            echo "
+        <b>{$hesklang['mm1']}</b><br /><br />
+        {$hesklang['mm2']}<br /><br />
+        {$hesklang['mm3']}";
+        }
+        ?>
     </div>
     <?php
     require_once(HESK_PATH . 'inc/footer.inc.php');
@@ -1769,8 +1906,11 @@ function hesk_getFeatureArray()
         'can_del_tickets',        /* User can delete tickets */
         'can_edit_tickets',        /* User can edit tickets */
         'can_merge_tickets',    /* User can merge tickets */
+        'can_resolve',			/* User can resolve tickets */
+        'can_submit_any_cat',	/* User can submit a ticket to any category/department */
         'can_del_notes',        /* User can delete ticket notes posted by other staff members */
-        'can_change_cat',        /* User can move ticke to a new category/department */
+        'can_change_cat',		/* User can move ticket to any category/department */
+        'can_change_own_cat',	/* User can move ticket to a category/department he/she has access to */
         'can_man_kb',            /* User can manage knowledgebase articles and categories */
         'can_man_users',        /* User can create and edit staff accounts */
         'can_man_cat',            /* User can manage categories/departments */
@@ -1790,7 +1930,7 @@ function hesk_getFeatureArray()
         'can_ban_ips',            /* User can ban IP addresses */
         'can_unban_ips',        /* User can delete IP bans. Also enables "can_ban_ips" */
         'can_service_msg',        /* User can manage service messages shown in customer interface */
-        'can_man_email_tpl',    /* User can manage email templates */
+        'can_email_tpl',    /* User can manage email templates */
         'can_man_ticket_statuses', /* User can manage ticket statuses */
         'can_set_manager', /* User can set category managers */
         'can_man_permission_tpl', /* User can manage permission templates */
diff --git a/inc/custom_fields.inc.php b/inc/custom_fields.inc.php
new file mode 100755
index 00000000..b077c502
--- /dev/null
+++ b/inc/custom_fields.inc.php
@@ -0,0 +1,249 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * http://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * http://www.hesk.com/eula.php
+ *
+ */
+
+/* Check if this is a valid include */
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+// Get and append custom fields setup to the settings
+hesk_load_custom_fields();
+
+// Save number of custom fields
+$hesk_settings['num_custom_fields'] = count($hesk_settings['custom_fields']);
+
+// Load custom fields for admin functions
+if (function_exists('hesk_checkPermission'))
+{
+	foreach ($hesk_settings['custom_fields'] as $k => $v)
+	{
+		$hesk_settings['possible_ticket_list'][$k] = $hesk_settings['custom_fields'][$k]['title'];
+	}
+}
+
+
+/*** FUNCTIONS ***/
+
+
+function hesk_load_custom_fields($category=0, $use_cache=1)
+{
+	global $hesk_settings, $hesklang;
+
+	// Do we have a cached version available
+	$cache_dir = dirname(dirname(__FILE__)).'/'.$hesk_settings['cache_dir'].'/';
+	$cache_file = $cache_dir . 'cf_' . sha1($hesk_settings['language']).'.cache.php';
+
+	if ($use_cache && file_exists($cache_file))
+	{
+		require($cache_file);
+		return true;
+	}
+
+	// Get custom fields from the database
+	$hesk_settings['custom_fields'] = array();
+
+    // Make sure we have database connection
+    hesk_load_database_functions();
+    hesk_dbConnect();
+
+	$res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` WHERE `use` IN ('1', '2') ORDER BY `place` ASC, `order` ASC");
+	while ($row = hesk_dbFetchAssoc($res))
+	{
+		$id = 'custom' . $row['id'];
+		unset($row['id']);
+
+		// Let's set field name for current language (or the first one we find)
+		$names = json_decode($row['name'], true);
+		$row['name'] = (isset($names[$hesk_settings['language']])) ? $names[$hesk_settings['language']] : reset($names);
+
+        // Name for display in ticket list; punctuation removed and shortened
+        $row['title'] = hesk_remove_punctuation($row['name']);
+        $row['title'] = strlen($row['title']) > 30 ?  substr($row['title'], 0, 30) . '...' : $row['title'];
+
+        // A version with forced punctuation
+        $row['name:'] = in_array(substr($row['name'], -1), array(':', '?', '!', '.') ) ? $row['name'] : $row['name'] . ':';
+
+		// Decode categories
+		$row['category'] = strlen($row['category']) ? json_decode($row['category'], true) : array();
+
+		// Decode options
+		$row['value'] = json_decode($row['value'], true);
+
+		// Add to custom_fields array
+		$hesk_settings['custom_fields'][$id] = $row;
+	}
+
+    // Try to cache results
+    if ($use_cache && (is_dir($cache_dir) || ( @mkdir($cache_dir, 0777) && is_writable($cache_dir) ) ) )
+    {
+        // Is there an index.htm file?
+        if ( ! file_exists($cache_dir.'index.htm'))
+        {
+            @file_put_contents($cache_dir.'index.htm', '');
+        }
+
+        // Write data
+        @file_put_contents($cache_file, '<?php if (!defined(\'IN_SCRIPT\')) {die();} $hesk_settings[\'custom_fields\']=' . var_export($hesk_settings['custom_fields'], true) . ';' );
+    }
+
+	return true;
+} // END hesk_load_custom_fields()
+
+
+function hesk_is_custom_field_in_category($custom_id, $category_id)
+{
+	global $hesk_settings;
+
+	return (
+			empty($hesk_settings['custom_fields'][$custom_id]['category']) ||
+			in_array($category_id, $hesk_settings['custom_fields'][$custom_id]['category'])
+			) ? true : false;
+} // END hesk_is_custom_field_in_category()
+
+
+function hesk_custom_field_type($type)
+{
+	global $hesklang;
+
+	switch ($type)
+	{
+		case 'text':
+			return $hesklang['stf'];
+		case 'textarea':
+			return $hesklang['stb'];
+		case 'radio':
+			return $hesklang['srb'];
+		case 'select':
+			return $hesklang['ssb'];
+		case 'checkbox':
+			return $hesklang['scb'];
+		case 'email':
+			return $hesklang['email'];
+		case 'date':
+			return $hesklang['date'];
+		case 'hidden':
+			return $hesklang['sch'];
+		case 'readonly':
+			return $hesklang['readonly'];
+		default:
+			return false;
+	}
+
+} // END hesk_custom_field_type()
+
+
+function hesk_custom_date_display_format($timestamp, $format = 'F j, Y')
+{
+	global $hesklang;
+
+	if ($timestamp == '')
+	{
+		return '';
+	}
+
+    if ( ! is_int($timestamp))
+    {
+        $timestamp = $timestamp * 1;
+    }
+
+	if ($hesklang['LANGUAGE']=='English')
+    {
+		return gmdate($format, $timestamp);
+    }
+
+    // Attempt to translate date for non-English users
+
+	$translate_months = array(
+		'January' => $hesklang['m1'],
+		'February' => $hesklang['m2'],
+		'March' => $hesklang['m3'],
+		'April' => $hesklang['m4'],
+		'May' => $hesklang['m5'],
+		'June' => $hesklang['m6'],
+		'July' => $hesklang['m7'],
+		'August' => $hesklang['m8'],
+		'September' => $hesklang['m9'],
+		'October' => $hesklang['m10'],
+		'November' => $hesklang['m11'],
+		'December' => $hesklang['m12']
+    );
+
+	$translate_months_short = array(
+		'Jan' => $hesklang['ms01'],
+		'Feb' => $hesklang['ms02'],
+		'Mar' => $hesklang['ms03'],
+		'Apr' => $hesklang['ms04'],
+		'May' => $hesklang['ms05'],
+		'Jun' => $hesklang['ms06'],
+		'Jul' => $hesklang['ms07'],
+		'Aug' => $hesklang['ms08'],
+		'Sep' => $hesklang['ms09'],
+		'Oct' => $hesklang['ms10'],
+		'Nov' => $hesklang['ms11'],
+		'Dec' => $hesklang['ms12']
+    );
+
+	$translate_days = array(
+		'Monday' => $hesklang['d1'],
+		'Tuesday' => $hesklang['d2'],
+		'Wednesday' => $hesklang['d3'],
+		'Thursday' => $hesklang['d4'],
+		'Friday' => $hesklang['d5'],
+		'Saturday' => $hesklang['d6'],
+		'Sunday' => $hesklang['d0']
+    );
+
+	$translate_days_short = array(
+		'Mon' => $hesklang['mo'],
+		'Tuw' => $hesklang['tu'],
+		'Wes' => $hesklang['we'],
+		'Thu' => $hesklang['th'],
+		'Fri' => $hesklang['fr'],
+		'Sat' => $hesklang['sa'],
+		'Sun' => $hesklang['su']
+    );
+
+    $date_translate = array();
+
+	if (strpos($format, 'F') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_months);
+    }
+
+	if (strpos($format, 'M') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_months_short);
+    }
+
+	if (strpos($format, 'l') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_days);
+    }
+
+	if (strpos($format, 'D') !== false)
+    {
+    	$date_translate = array_merge($date_translate, $translate_days_short);
+    }
+
+	if (count($date_translate))
+    {
+		return str_replace( array_keys($date_translate), array_values($date_translate), gmdate($format, $timestamp));
+    }
+
+    return gmdate($format, $timestamp);
+
+} // END hesk_custom_date_display_format()
+
+
+function hesk_remove_punctuation($in)
+{
+    return rtrim($in, ':?!.');
+} // END hesk_remove_punctuation()
diff --git a/inc/email_functions.inc.php b/inc/email_functions.inc.php
index 4bb14dc4..7363645e 100644
--- a/inc/email_functions.inc.php
+++ b/inc/email_functions.inc.php
@@ -33,6 +33,9 @@ if (!defined('IN_SCRIPT')) {
     die('Invalid attempt');
 }
 
+// Make sure custom fields are loaded
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* Get includes for SMTP */
 if ($hesk_settings['smtp']) {
     require(HESK_PATH . 'inc/mail/smtp.php');
@@ -63,7 +66,9 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
     // Add Cc / Bcc recipents if needed
     $ccEmails = array();
     $bccEmails = array();
-    foreach ($hesk_settings['custom_fields'] as $k => $v) {
+
+    //TODO Update the email custom field to handle this properly
+    /*foreach ($hesk_settings['custom_fields'] as $k => $v) {
         if ($v['use']) {
             if ($v['type'] == 'email' && !empty($ticket[$k])) {
                 if ($v['value'] == 'cc') {
@@ -75,7 +80,7 @@ function hesk_notifyCustomerForVerifyEmail($email_template = 'verify_email', $ac
                 }
             }
         }
-    }
+    }*/
 
     hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
 }
@@ -106,7 +111,9 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
     // Add Cc / Bcc recipents if needed
     $ccEmails = array();
     $bccEmails = array();
-    foreach ($hesk_settings['custom_fields'] as $k => $v) {
+
+    //TODO Update the email custom field to handle this properly
+    /*foreach ($hesk_settings['custom_fields'] as $k => $v) {
         if ($v['use']) {
             if ($v['type'] == 'email' && !empty($ticket[$k])) {
                 if ($v['value'] == 'cc') {
@@ -116,7 +123,7 @@ function hesk_notifyCustomer($modsForHesk_settings, $email_template = 'new_ticke
                 }
             }
         }
-    }
+    }*/
 
     // Send e-mail
     hesk_mail($ticket['email'], $subject, $message, $htmlMessage, $modsForHesk_settings, $ccEmails, $bccEmails, $hasMessage);
@@ -846,15 +853,24 @@ function hesk_processMessage($msg, $ticket, $is_admin, $is_ticket, $just_message
     $msg = str_replace('%%ID%%', $ticket['id'], $msg);
 
     /* All custom fields */
-    foreach ($hesk_settings['custom_fields'] as $k => $v) {
-        if ($v['use']) {
-            if ($v['type'] == 'checkbox') {
-                $ticket[$k] = str_replace("<br />", "\n", $ticket[$k]);
+    for ($i=1; $i<=50; $i++) {
+        $k = 'custom'.$i;
+
+        if (isset($hesk_settings['custom_fields'][$k])) {
+            $v = $hesk_settings['custom_fields'][$k];
+
+            switch ($v['type']) {
+                case 'checkbox':
+                    $ticket[$k] = str_replace("<br>","\n",$ticket[$k]);
+                    break;
+                case 'date':
+                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                    break;
             }
 
-            $msg = str_replace('%%' . strtoupper($k) . '%%', stripslashes($ticket[$k]), $msg);
+            $msg = str_replace('%%'.strtoupper($k).'%%',stripslashes($ticket[$k]),$msg);
         } else {
-            $msg = str_replace('%%' . strtoupper($k) . '%%', '', $msg);
+            $msg = str_replace('%%'.strtoupper($k).'%%','',$msg);
         }
     }
 
diff --git a/inc/footer.inc.php b/inc/footer.inc.php
new file mode 100644
index 00000000..15259146
--- /dev/null
+++ b/inc/footer.inc.php
@@ -0,0 +1,90 @@
+<?php
+/**
+ *
+ * This file is part of HESK - PHP Help Desk Software.
+ *
+ * (c) Copyright Klemen Stirn. All rights reserved.
+ * http://www.hesk.com
+ *
+ * For the full copyright and license agreement information visit
+ * http://www.hesk.com/eula.php
+ *
+ */
+
+// Check if this is a valid include
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+// Auto-select first empty or error field on non-staff pages?
+if (defined('AUTOFOCUS'))
+{
+?>
+<script language="javascript">
+(function(){
+	var forms = document.forms || [];
+	for(var i = 0; i < forms.length; i++)
+    {
+		for(var j = 0; j < forms[i].length; j++)
+        {
+			if(
+				!forms[i][j].readonly != undefined &&
+				forms[i][j].type != "hidden" &&
+				forms[i][j].disabled != true &&
+				forms[i][j].style.display != 'none' &&
+				(forms[i][j].className == 'isError' || forms[i][j].className == 'isNotice' || forms[i][j].value == '')
+			)
+	        {
+				forms[i][j].focus();
+				return;
+			}
+		}
+	}
+})();
+</script>
+<?php
+}
+
+// Users online
+if (defined('SHOW_ONLINE'))
+{
+	hesk_printOnline();
+}
+
+// The closing div here is to close the content area on each page. Annoying, but necessary.
+if (defined('ADMIN_PAGE')) {
+	echo '
+	</div>
+	<footer class="main-footer">';
+}
+
+
+/*******************************************************************************
+The code below handles HESK licensing. Removing or modifying this code without
+purchasing a HESK license is strictly prohibited.
+
+To purchase a HESK license and support future HESK development please visit:
+https://www.hesk.com/buy.php
+*******************************************************************************/
+$hesk_settings['hesk_license']('HMgPSAxOw0KaWYgKGZpbGVfZXhpc3RzKEhFU0tfUEFUSCAuI
+CdoZXNrX2xpY2Vuc2UucGhwJykpDQp7DQokaCA9ICghZW1wdHkoJF9TRVJWRVJbJ0hUVFBfSE9TVCddK
+SkgPyAkX1NFUlZFUlsnSFRUUF9IT1NUJ10gOiAoKCFlbXB0eSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnX
+SkpID8gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10gOiBnZXRlbnYoJ1NFUlZFUl9OQU1FJykpOw0KJGggP
+SBzdHJfcmVwbGFjZSgnd3d3LicsJycsc3RydG9sb3dlcigkaCkpOw0KaW5jbHVkZShIRVNLX1BBVEggL
+iAnaGVza19saWNlbnNlLnBocCcpOw0KaWYgKGlzc2V0KCRoZXNrX3NldHRpbmdzWydsaWNlbnNlJ10pI
+CYmIHN0cnBvcygkaGVza19zZXR0aW5nc1snbGljZW5zZSddLHNoYTEoJGguJ2gzJkZwMiNMYUEmNTkhd
+yg4LlpjXSordVI1MTInKSkgIT09IGZhbHNlKQ0Kew0KJHMgPSAwOw0KfQ0KZWxzZQ0Kew0KZWNobyAnP
+HAgc3R5bGU9InRleHQtYWxpZ246Y2VudGVyO2NvbG9yOnJlZDsiPklOVkFMSUQgTElDRU5TRSAoTk9UI
+FJFR0lTVEVSRUQgRk9SICcuJGguJykhPC9wPic7DQp9DQp9DQppZiAoJHMpDQp7DQplY2hvICc8cCBzd
+HlsZT0idGV4dC1hbGlnbjpjZW50ZXIiPjxzcGFuIGNsYXNzPSJzbWFsbGVyIj4mbmJzcDs8YnIgLz5Qb
+3dlcmVkIGJ5IDxhIGhyZWY9Imh0dHA6Ly93d3cuaGVzay5jb20iIGNsYXNzPSJzbWFsbGVyIiB0aXRsZ
+T0iRnJlZSBQSFAgSGVscCBEZXNrIFNvZnR3YXJlIj5IZWxwIERlc2sgU29mdHdhcmU8L2E+IDxiPkhFU
+0s8L2I+LCBicm91Z2h0IHRvIHlvdSBieSA8YSBocmVmPSJodHRwczovL3d3dy5zeXNhaWQuY29tLz91d
+G1fc291cmNlPUhlc2smYW1wO3V0bV9tZWRpdW09Y3BjJmFtcDt1dG1fY2FtcGFpZ249SGVza1Byb2R1Y
+3RfVG9fSFAiPlN5c0FpZDwvYT48L3NwYW4+PC9wPic7DQp9DQplY2hvICc8L3RkPjwvdHI+PC90YWJsZ
+T48L2Rpdj4nOw0KaW5jbHVkZShIRVNLX1BBVEggLiAnZm9vdGVyLnR4dCcpOw0KZWNobyAnPC9ib2R5P
+jwvaHRtbD4nOw==',"\112");
+
+if (defined('ADMIN_PAGE')) {
+	echo '</footer>';
+}
+
+exit();
diff --git a/inc/header.inc.php b/inc/header.inc.php
index 1d03dd02..47125c57 100644
--- a/inc/header.inc.php
+++ b/inc/header.inc.php
@@ -40,6 +40,7 @@ if (!function_exists('mfh_getSettings')) {
 
 $modsForHesk_settings = array();
 if (is_dir(HESK_PATH . 'install')) {
+    define('MAINTENANCE_MODE', true);
     $modsForHesk_settings['navbar_title_url'] = 'javascript:;';
     $modsForHesk_settings['rtl'] = 0;
     $modsForHesk_settings['use_bootstrap_theme'] = 1;
@@ -55,14 +56,14 @@ if (is_dir(HESK_PATH . 'install')) {
     $modsForHesk_settings['dropdownItemTextHoverColor'] = '#262626';
     $modsForHesk_settings['dropdownItemTextHoverBackgroundColor'] = '#f5f5f5';
     $modsForHesk_settings['questionMarkColor'] = '#000000';
+    $modsForHesk_settings['enable_calendar'] = 1;
 } else {
     $modsForHesk_settings = mfh_getSettings();
 }
 
 ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
     <title><?php echo(isset($hesk_settings['tmp_title']) ? $hesk_settings['tmp_title'] : $hesk_settings['hesk_title']); ?></title>
     <meta http-equiv="Content-Type" content="text/html;charset=<?php echo $hesklang['ENCODING']; ?>"/>
@@ -283,34 +284,37 @@ if ($modsForHesk_settings['show_icons']) {
         <div class="navbar-collapse collapse">
             <ul class="nav navbar-nav">
                 <?php
-                $active = '';
-                if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_HOME') {
-                    $active = 'class="active"';
-                }
+                if ($hesk_settings['kb_enable'] !== 2 && !defined('MAINTENANCE_MODE')) {
+                    $active = '';
+                    if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_HOME') {
+                        $active = 'class="active"';
+                    }
                 ?>
-                <li <?php echo $active; ?>><a href="<?php echo HESK_PATH; ?>"><i
-                            class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?>
-                    </a></li>
+                    <li <?php echo $active; ?>><a href="<?php echo HESK_PATH; ?>"><i
+                                class="fa fa-home" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['main_page']; ?>
+                        </a></li>
+                    <?php
+                    $active = '';
+                    if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
+                        $active = ' active';
+                    }
+                    ?>
+                    <li class="dropdown<?php echo $active; ?>">
+                        <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i
+                                class="fa fa-ticket" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['ticket'] ?>
+                            <b class="caret"></b></a>
+                        <ul class="dropdown-menu">
+                            <li><a href="<?php echo HESK_PATH; ?>index.php?a=add"><i
+                                        class="fa fa-plus-circle" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['sub_support'] ?>
+                                </a></li>
+                            <li><a href="<?php echo HESK_PATH; ?>ticket.php"><i
+                                        class="fa fa-search" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['view_ticket_nav'] ?>
+                                </a></li>
+                        </ul>
+                    </li>
                 <?php
-                $active = '';
-                if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
-                    $active = ' active';
                 }
-                ?>
-                <li class="dropdown<?php echo $active; ?>">
-                    <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i
-                            class="fa fa-ticket" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['ticket'] ?>
-                        <b class="caret"></b></a>
-                    <ul class="dropdown-menu">
-                        <li><a href="<?php echo HESK_PATH; ?>index.php?a=add"><i
-                                    class="fa fa-plus-circle" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['sub_support'] ?>
-                            </a></li>
-                        <li><a href="<?php echo HESK_PATH; ?>ticket.php"><i
-                                    class="fa fa-search" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['view_ticket_nav'] ?>
-                            </a></li>
-                    </ul>
-                </li>
-                <?php if ($hesk_settings['kb_enable']) {
+                if ($hesk_settings['kb_enable'] && !defined('MAINTENANCE_MODE')) {
                     $active = '';
                     if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_KB') {
                         $active = 'class="active"';
@@ -323,7 +327,7 @@ if ($modsForHesk_settings['show_icons']) {
                 if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_CALENDAR') {
                     $active = ' active';
                 }
-                if ($modsForHesk_settings['enable_calendar'] == 1):
+                if ($modsForHesk_settings['enable_calendar'] == 1 && !defined('MAINTENANCE_MODE')):
                 ?>
                 <li class="<?php echo $active; ?>">
                     <a href="<?php echo HESK_PATH; ?>calendar.php"><i class="fa fa-calendar" <?php echo $iconDisplay; ?>></i>&nbsp;<?php echo $hesklang['calendar_title_case']; ?></a>
@@ -333,7 +337,15 @@ if ($modsForHesk_settings['show_icons']) {
             </ul>
             <?php if ($hesk_settings['can_sel_lang']) { ?>
                 <div class="navbar-form navbar-right" role="search" style="margin-right: 20px; min-width: 80px;">
-                    <?php echo hesk_getLanguagesAsFormIfNecessary(); ?>
+                    <?php
+                    if (!defined('MAINTENANCE_MODE')) {
+                        if (defined('PAGE_TITLE') && PAGE_TITLE == 'CUSTOMER_TICKET') {
+                            hesk_getLanguagesAsFormIfNecessary($trackingID);
+                        } else {
+                            hesk_getLanguagesAsFormIfNecessary();
+                        }
+                    }
+                    ?>
                 </div>
             <?php } ?>
 
diff --git a/inc/headerAdmin.inc.php b/inc/headerAdmin.inc.php
index 53274e4f..db6fb92f 100644
--- a/inc/headerAdmin.inc.php
+++ b/inc/headerAdmin.inc.php
@@ -35,6 +35,8 @@ if (!defined('IN_SCRIPT')) {
     die('Invalid attempt');
 }
 
+define('ADMIN_PAGE', true);
+
 $modsForHesk_settings = mfh_getSettings();
 ?>
 <!DOCTYPE html>
@@ -87,51 +89,6 @@ $modsForHesk_settings = mfh_getSettings();
     }
     ?>
     <style>
-        .navbar-default {
-            background-color: <?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>;
-            background-image: none;
-            filter: none;
-        }
-
-        .navbar-default .navbar-brand {
-            color: <?php echo $modsForHesk_settings['navbarBrandColor']; ?>;
-        }
-
-        .navbar-default .navbar-brand:focus, .navbar-default .navbar-brand:hover {
-            color: <?php echo $modsForHesk_settings['navbarBrandHoverColor']; ?>;
-            background-color: transparent;
-        }
-
-        .navbar-default .navbar-nav > li > a {
-            color: <?php echo $modsForHesk_settings['navbarItemTextColor']; ?>;
-        }
-
-        .navbar-default .navbar-nav > li > a:focus, .navbar-default .navbar-nav > li > a:hover {
-            color: <?php echo $modsForHesk_settings['navbarItemTextHoverColor']; ?>;
-            background-color: transparent;
-        }
-
-        .dropdown-menu > li > a {
-            color: <?php echo $modsForHesk_settings['dropdownItemTextColor']; ?>;
-        }
-
-        .dropdown-menu > li > a:focus, .dropdown-menu > li > a:hover {
-            color: <?php echo $modsForHesk_settings['dropdownItemTextHoverColor']; ?>;
-            text-decoration: none;
-            background-color: <?php echo $modsForHesk_settings['dropdownItemTextHoverBackgroundColor']; ?>;
-        }
-
-        .navbar-default .navbar-nav > .open > a,
-        .navbar-default .navbar-nav > .open > a:focus,
-        .navbar-default .navbar-nav > .open > a:hover,
-        .navbar-default .navbar-nav > .active > a,
-        .navbar-default .navbar-nav > .active > a:focus,
-        .navbar-default .navbar-nav > .active > a:hover {
-            color: <?php echo $modsForHesk_settings['navbarItemTextSelectedColor']; ?>;
-            background-color: <?php echo $modsForHesk_settings['navbarItemSelectedBackgroundColor']; ?>;
-            background-image: none;
-        }
-
         .settingsquestionmark {
             color: <?php echo $modsForHesk_settings['questionMarkColor']; ?>;
             cursor: pointer;
@@ -210,6 +167,50 @@ $modsForHesk_settings = mfh_getSettings();
         }
     }
 
+    // Auto reload
+    if (defined('AUTO_RELOAD') && hesk_checkPermission('can_view_tickets',0) && ! isset($_SESSION['hide']['ticket_list'])) {
+        ?>
+        <script type="text/javascript">
+            var count = <?php echo empty($_SESSION['autoreload']) ? 30 : intval($_SESSION['autoreload']); ?>;
+            var reloadcounter;
+            var countstart = count;
+
+            function heskReloadTimer() {
+                count = count-1;
+                if (count <= 0) {
+                    clearInterval(reloadcounter);
+                    window.location.reload();
+                    return;
+                }
+
+                document.getElementById("timer").innerHTML = "(" + count + ")";
+            }
+
+            function heskCheckReloading() {
+                if (<?php if ($_SESSION['autoreload']) echo "getCookie('autorefresh') == null || "; ?>getCookie('autorefresh') == '1') {
+                    document.getElementById("reloadCB").checked=true;
+                    document.getElementById("timer").innerHTML = "(" + count + ")";
+                    reloadcounter = setInterval(heskReloadTimer, 1000);
+                }
+            }
+
+            function toggleAutoRefresh(cb) {
+                if (cb.checked) {
+                    setCookie('autorefresh', '1');
+                    document.getElementById("timer").innerHTML = "(" + count + ")";
+                    reloadcounter = setInterval(heskReloadTimer, 1000);
+                } else {
+                    setCookie('autorefresh', '0');
+                    count = countstart;
+                    clearInterval(reloadcounter);
+                    document.getElementById("timer").innerHTML = "";
+                }
+            }
+
+        </script>
+        <?php
+    }
+
     if (defined('MFH_CALENDAR')) { ?>
         <script src="<?php echo HESK_PATH; ?>js/calendar/moment.js"></script>
         <script src="<?php echo HESK_PATH; ?>js/calendar/fullcalendar.min.js"></script>
@@ -224,7 +225,7 @@ $modsForHesk_settings = mfh_getSettings();
 
 </head>
 <body onload="<?php echo $onload;
-unset($onload); ?>" class="hold-transition skin-blue sidebar-mini">
+unset($onload); ?>" class="hold-transition <?php echo $modsForHesk_settings['admin_color_scheme']; ?> sidebar-mini">
 
 <?php
 include(HESK_PATH . 'header.txt');
diff --git a/inc/pipe_functions.inc.php b/inc/pipe_functions.inc.php
index 8307cd68..ab7f2aba 100755
--- a/inc/pipe_functions.inc.php
+++ b/inc/pipe_functions.inc.php
@@ -227,7 +227,7 @@ function hesk_email2ticket($results, $pop3 = 0, $set_category = 1, $set_priority
         $ticket['status'] = $ticket['status'] ? $waiting_reply_rs['id'] : $new_status['id'];
 
         // Update ticket as necessary
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(),`status`='{$ticket['status']}',`replies`=`replies`+1,`lastreplier`='0' WHERE `id`='" . intval($ticket['id']) . "'");
 
         // If customer replied, we assume staff replies have been read (no way to be sure if ticket.php hasn't been opened)
         hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `read` = '1' WHERE `replyto` = '" . intval($ticket['id']) . "' AND `staffid` != '0' ");
@@ -475,7 +475,7 @@ function hesk_isEmailLoop($email, $message_hash)
         }
 
         // Update DB entry
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}' LIMIT 1");
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` SET `hits` = `hits` + 1, `message_hash` = '" . hesk_dbEscape($message_hash) . "' WHERE `email` LIKE '{$email_like}'");
     } else {
         // First instance, insert a new database row
         hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "pipe_loops` (`email`, `message_hash`) VALUES ('" . hesk_dbEscape($email) . "', '" . hesk_dbEscape($message_hash) . "')");
diff --git a/inc/posting_functions.inc.php b/inc/posting_functions.inc.php
index be7843e6..adf18065 100644
--- a/inc/posting_functions.inc.php
+++ b/inc/posting_functions.inc.php
@@ -39,6 +39,12 @@ function hesk_newTicket($ticket, $isVerified = true)
 {
     global $hesk_settings, $hesklang, $hesk_db_link;
 
+    // Generate a subject if necessary
+    if (strlen($ticket['subject']) < 1)
+    {
+        $ticket['subject'] = sprintf($hesklang['default_subject'], $ticket['name']);
+    }
+
     // If language is not set or default, set it to NULL.
     if (!isset($ticket['language']) || empty($ticket['language'])) {
         $language = (!$hesk_settings['can_sel_lang']) ? HESK_DEFAULT_LANGUAGE : hesk_dbEscape($hesklang['LANGUAGE']);
@@ -59,6 +65,16 @@ function hesk_newTicket($ticket, $isVerified = true)
         $due_date = "'" . hesk_dbEscape($ticket['due_date']) . "'";
     }
 
+    // Prepare SQL for custom fields
+    $custom_where = '';
+    $custom_what  = '';
+
+    for ($i=1; $i<=50; $i++)
+    {
+        $custom_where .= ", `custom{$i}`";
+        $custom_what  .= ", '" . (isset($ticket['custom'.$i]) ? hesk_dbEscape($ticket['custom'.$i]) : '') . "'";
+    }
+
     // Insert ticket into database
     hesk_dbQuery("
 	INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . $tableName . "`
@@ -79,27 +95,6 @@ function hesk_newTicket($ticket, $isVerified = true)
 		`owner`,
 		`attachments`,
 		`merged`,
-		`history`,
-		`custom1`,
-		`custom2`,
-		`custom3`,
-		`custom4`,
-		`custom5`,
-		`custom6`,
-		`custom7`,
-		`custom8`,
-		`custom9`,
-		`custom10`,
-		`custom11`,
-		`custom12`,
-		`custom13`,
-		`custom14`,
-		`custom15`,
-		`custom16`,
-		`custom17`,
-		`custom18`,
-		`custom19`,
-		`custom20`,
 		`status`,
 		`latitude`,
 		`longitude`,
@@ -107,7 +102,9 @@ function hesk_newTicket($ticket, $isVerified = true)
 		`user_agent`,
 		`screen_resolution_height`,
 		`screen_resolution_width`,
-		`due_date`
+		`due_date`,
+		`history`
+		{$custom_where}
 	)
 	VALUES
 	(
@@ -127,27 +124,6 @@ function hesk_newTicket($ticket, $isVerified = true)
 		'" . intval($ticket['owner']) . "',
 		'" . hesk_dbEscape($ticket['attachments']) . "',
 		'',
-		'" . hesk_dbEscape($ticket['history']) . "',
-		'" . hesk_dbEscape($ticket['custom1']) . "',
-		'" . hesk_dbEscape($ticket['custom2']) . "',
-		'" . hesk_dbEscape($ticket['custom3']) . "',
-		'" . hesk_dbEscape($ticket['custom4']) . "',
-		'" . hesk_dbEscape($ticket['custom5']) . "',
-		'" . hesk_dbEscape($ticket['custom6']) . "',
-		'" . hesk_dbEscape($ticket['custom7']) . "',
-		'" . hesk_dbEscape($ticket['custom8']) . "',
-		'" . hesk_dbEscape($ticket['custom9']) . "',
-		'" . hesk_dbEscape($ticket['custom10']) . "',
-		'" . hesk_dbEscape($ticket['custom11']) . "',
-		'" . hesk_dbEscape($ticket['custom12']) . "',
-		'" . hesk_dbEscape($ticket['custom13']) . "',
-		'" . hesk_dbEscape($ticket['custom14']) . "',
-		'" . hesk_dbEscape($ticket['custom15']) . "',
-		'" . hesk_dbEscape($ticket['custom16']) . "',
-		'" . hesk_dbEscape($ticket['custom17']) . "',
-		'" . hesk_dbEscape($ticket['custom18']) . "',
-		'" . hesk_dbEscape($ticket['custom19']) . "',
-		'" . hesk_dbEscape($ticket['custom20']) . "',
 		'" . intval($ticket['status']) . "',
 		'" . hesk_dbEscape($ticket['latitude']) . "',
 		'" . hesk_dbEscape($ticket['longitude']) . "',
@@ -155,7 +131,9 @@ function hesk_newTicket($ticket, $isVerified = true)
 		'" . hesk_dbEscape($ticket['user_agent']) . "',
 		" . hesk_dbEscape($ticket['screen_resolution_height']) . ",
 		" . hesk_dbEscape($ticket['screen_resolution_width']) . ",
-		{$due_date}
+		{$due_date},
+		'" . hesk_dbEscape($ticket['history']) . "'
+		{$custom_what}
 	)
 	");
 
diff --git a/inc/print_tickets.inc.php b/inc/print_tickets.inc.php
index 38c9656a..c326d470 100644
--- a/inc/print_tickets.inc.php
+++ b/inc/print_tickets.inc.php
@@ -33,6 +33,9 @@ if (!defined('IN_SCRIPT')) {
     die('Invalid attempt');
 }
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // This SQL code will be used to retrieve results
 $sql_final = "SELECT
 `id`,
diff --git a/inc/profile_functions.inc.php b/inc/profile_functions.inc.php
index 9b489263..ded81bee 100644
--- a/inc/profile_functions.inc.php
+++ b/inc/profile_functions.inc.php
@@ -98,6 +98,7 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
 
                         <div class="col-md-9">
                             <input type="text" class="form-control" name="user" size="40" maxlength="20"
+                                   autocomplete="off"
                                    value="<?php echo $_SESSION[$session_array]['user']; ?>"
                                    placeholder="<?php echo htmlspecialchars($hesklang['username']); ?>"
                                    data-error="<?php echo htmlspecialchars($hesklang['enter_username']); ?>"
@@ -297,7 +298,32 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
                                 </div>
                                 <?php
                             }
+
+                            if (empty($_SESSION[$session_array]['autoreload'])) {
+                                $reload_time = 30;
+                                $sec = 'selected';
+                                $min = '';
+                            } else {
+                                $reload_time = intval($_SESSION[$session_array]['autoreload']);
+
+                                if ($reload_time >= 60 && $reload_time % 60 == 0) {
+                                    $reload_time = $reload_time / 60;
+                                    $sec = '';
+                                    $min = 'selected';
+                                } else {
+                                    $sec = 'selected';
+                                    $min = '';
+                                }
+                            }
                             ?>
+                            <div class="checkbox form-inline">
+                                <label><input type="checkbox" name="autoreload" value="1" <?php if (!empty($_SESSION[$session_array]['autoreload'])) {echo 'checked="checked"';}?> /> <?php echo $hesklang['arpp']; ?></label>
+                                <input type="text" class="form-control" name="reload_time" value="<?php echo $reload_time; ?>" size="5" maxlength="5" onkeyup="this.value=this.value.replace(/[^\d]+/,'')" />
+                                <select name="secmin" class="form-control">
+                                    <option value="sec" <?php echo $sec; ?>><?php echo $hesklang['seconds']; ?></option>
+                                    <option value="min" <?php echo $min; ?>><?php echo $hesklang['minutes']; ?></option>
+                                </select>
+                            </div>
                             <div class="checkbox">
                                 <label><input type="checkbox" name="notify_customer_new"
                                               value="1" <?php if (!empty($_SESSION[$session_array]['notify_customer_new'])) {
@@ -337,17 +363,6 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
                         </select>
                     </div>
                 </div>
-                <div class="form-group">
-                    <label for="autoRefresh"
-                           class="col-sm-3 control-label"><?php echo $hesklang['ticket_auto_refresh']; ?></label>
-
-                    <div class="col-sm-9">
-                        <input type="text" class="form-control" id="autorefresh" name="autorefresh"
-                               placeholder="<?php echo htmlspecialchars($hesklang['ticket_auto_refresh']); ?>"
-                               value="<?php echo $_SESSION[$session_array]['autorefresh']; ?>">
-                        <span class="help-block"><?php echo $hesklang['autorefresh_restrictions']; ?></span>
-                    </div>
-                </div>
             </div>
             <div role="tabpanel" class="tab-pane fade" id="notifications">
                 <?php $disabledText =
diff --git a/inc/show_admin_nav.inc.php b/inc/show_admin_nav.inc.php
index 32ea57e6..975a174c 100644
--- a/inc/show_admin_nav.inc.php
+++ b/inc/show_admin_nav.inc.php
@@ -68,7 +68,11 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                         <li class="dropdown messages-menu">
                             <a href="#" class="dropdown-toggle" data-toggle="dropdown">
                                 <i class="fa fa-exclamation-triangle"></i>
-                                <span class="label label-warning"><?php echo $number_of_maintenance_warnings; ?></span>
+                                <?php echo sprintf($hesklang['x_system_warnings'],
+                                    $number_of_maintenance_warnings,
+                                    $number_of_maintenance_warnings == 1
+                                        ? $hesklang['warning_title_case']
+                                        : $hesklang['warnings_title_case']); ?>
                             </a>
                             <ul class="dropdown-menu">
                                 <li class="header"><?php echo sprintf($hesklang['x_system_warnings'],
@@ -81,6 +85,9 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                                         <?php if (hesk_check_maintenance(false)): ?>
                                             <li>
                                                 <a href="#">
+                                                    <div class="pull-left">
+                                                        <i class="fa fa-exclamation-triangle orange fa-2x"></i>
+                                                    </div>
                                                     <h4>
                                                         <?php echo $hesklang['mma1']; ?>
                                                     </h4>
@@ -93,6 +100,9 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                                         ?>
                                             <li>
                                                 <a href="#">
+                                                    <div class="pull-left">
+                                                        <i class="fa fa-exclamation-triangle orange fa-2x"></i>
+                                                    </div>
                                                     <h4>
                                                         <?php echo $hesklang['kbo1']; ?>
                                                     </h4>
@@ -125,10 +135,6 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                                     <?php foreach ($mails as $mail): ?>
                                     <li><!-- start message -->
                                         <a href="mail.php?a=read&id=<?php echo $mail['id']; ?>">
-                                            <!-- TODO User avatars -->
-                                            <!--<div class="pull-left">
-                                                <img src="dist/img/user2-160x160.jpg" class="img-circle" alt="User Image">
-                                            </div>-->
                                             <h4>
                                                 <?php echo $mail['from']; ?>
                                                 <small><i class="fa fa-clock-o"></i> <?php echo hesk_dateToString($mail['date'], 0, 0, 0, true); ?></small>
@@ -382,6 +388,10 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
                     $tools_count++;
                     $dropdown_items['manage_statuses'] = $hesklang['manage_statuses'];
                 }
+                if (hesk_checkPermission('can_man_settings', 0)) {
+                    $tools_count++;
+                    $dropdown_items['custom_fields'] = $hesklang['manage_custom_fields'];
+                }
                 if (hesk_checkPermission('can_view_logs', 0)) {
                     $tools_count++;
                     $dropdown_items['view_message_log'] = $hesklang['view_message_log'];
diff --git a/inc/show_search_form.inc.php b/inc/show_search_form.inc.php
index 1af37a29..a7ce56d8 100644
--- a/inc/show_search_form.inc.php
+++ b/inc/show_search_form.inc.php
@@ -411,10 +411,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                                     <div class="form-group">
                                         <input class="form-control" type="text" name="q" size="30" <?php if (isset($q)) {
                                             echo 'value="' . $q . '"';
-                                        } ?>
-                                           data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
-                                           required>
-                                        <div class="help-block with-errors"></div>
+                                        } ?>>
                                     </div>
                                 </td>
                                 <td class="text-left" style="border: none">
@@ -515,7 +512,7 @@ $more2 = empty($_GET['more2']) ? 0 : 1;
                                 <tr>
                                     <td class="alignMiddle"><b><?php echo $hesklang['date']; ?></b>: &nbsp; </td>
                                     <td class="alignMiddle">
-                                        <div class="col-md-3" style="padding-left: 0px"><input class="form-control tcal"
+                                        <div class="col-md-3" style="padding-left: 0px"><input class="form-control datepicker"
                                                                                                type="text" name="dt"
                                                                                                id="dt"
                                                                                                size="10" <?php if ($date_input) {
diff --git a/inc/ticket_list.inc.php b/inc/ticket_list.inc.php
index 2d51790f..59e27218 100644
--- a/inc/ticket_list.inc.php
+++ b/inc/ticket_list.inc.php
@@ -27,7 +27,6 @@
  *  a license please visit the page below:
  *  https://www.hesk.com/buy.php
  *******************************************************************************/
-define('MINIMUM_REFRESH_THRESHOLD_IN_SECONDS', 1);
 /* Check if this is a valid include */
 if (!defined('IN_SCRIPT')) {
     die('Invalid attempt');
@@ -106,15 +105,7 @@ if ($total > 0) {
     $next_page = ($page + 1 > $pages) ? 0 : $page + 1;
     $autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;
     $autorefresh = '';
-    if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
-        $autorefresh = ' | ' . $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
-        ?>
-        <script>
-            (function () {
-                setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
-            })();
-        </script>
-    <?php }
+
     echo sprintf($hesklang['tickets_on_pages'], $total, $pages) . $autorefresh . ' <br />';
 
     if ($pages > 1) {
@@ -403,14 +394,11 @@ if ($total > 0) {
             // Print custom fields
             foreach ($hesk_settings['custom_fields'] as $key => $value) {
                 if ($value['use'] && hesk_show_column($key)) {
-                    echo '<td class="' . $color . '">';
-                    if ($value['type'] == 'date' && !empty($ticket[$key])) {
-                        $dt = date('Y-m-d h:i:s', $ticket[$key]);
-                        echo hesk_dateToString($dt, 0);
-                    } else {
-                        echo $ticket[$key];
-                    }
-                    echo '</td>';
+                    echo '<td class="'.$color.'">'.
+                        ($value['type'] == 'date'
+                            ? hesk_custom_date_display_format($ticket[$key], $value['value']['date_format'])
+                            : $ticket[$key]).
+                        '</td>';
                 }
             }
 
@@ -439,8 +427,13 @@ if ($total > 0) {
                         <option value="high"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['high']; ?></option>
                         <option
                             value="critical"><?php echo $hesklang['set_pri_to'] . ' ' . $hesklang['critical']; ?></option>
-                        <option value="close"><?php echo $hesklang['close_selected']; ?></option>
                         <?php
+                        if (hesk_checkPermission('can_resolve', 0)) {
+                            ?>
+                            <option value="close"><?php echo $hesklang['close_selected']; ?></option>
+                            <?php
+                        }
+
                         if (hesk_checkPermission('can_add_archive', 0)) {
                             ?>
                             <option value="tag"><?php echo $hesklang['add_archive_quick']; ?></option>
@@ -478,17 +471,6 @@ else {
     echo '<div class="row"><div class="col-sm-12">';
     $autorefreshInSeconds = $_SESSION['autorefresh'] / 1000;
 
-    if ($autorefreshInSeconds >= MINIMUM_REFRESH_THRESHOLD_IN_SECONDS) {
-        echo $hesklang['autorefresh'] . ' ' . $autorefreshInSeconds . ' ' . $hesklang['abbr']['second'];
-        ?>
-        <script>
-            (function () {
-                setTimeout("location.reload(true);", <?php echo $_SESSION['autorefresh']; ?>);
-            })();
-        </script>
-        <?php
-    }
-
     if (isset($is_search) || $href == 'find_tickets.php') {
         hesk_show_notice($hesklang['no_tickets_crit']);
     } else {
diff --git a/index.php b/index.php
index 72a510f1..a674bb80 100644
--- a/index.php
+++ b/index.php
@@ -71,11 +71,116 @@ require_once(HESK_PATH . 'inc/footer.inc.php');
 exit();
 
 /*** START FUNCTIONS ***/
+function print_select_category($number_of_categories)
+{
+    global $hesk_settings, $hesklang;
+
+    // Print header
+    $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['select_category'];
+    require_once(HESK_PATH . 'inc/header.inc.php');
+
+    // A categoy needs to be selected
+    if (isset($_GET['category']) && empty($_GET['category']))
+    {
+        hesk_process_messages($hesklang['sel_app_cat'],'NOREDIRECT','NOTICE');
+    }
+    ?>
+    <ol class="breadcrumb">
+        <li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
+        <li><a href="<?php echo $hesk_settings['hesk_url']; ?>"><?php echo $hesk_settings['hesk_title']; ?></a></li>
+        <li class="active"><?php echo $hesklang['submit_ticket']; ?></li>
+    </ol>
+    <?php
+    /* This will handle error, success and notice messages */
+    hesk_handle_messages();
+    ?>
+
+    <div style="text-align: center">
+
+        <h3><?php echo $hesklang['select_category_text']; ?></h3>
+
+        <div class="select_category">
+            <?php
+            // Print a select box if number of categories is large
+            if ($number_of_categories > $hesk_settings['cat_show_select'])
+            {
+                ?>
+                <form action="index.php" method="get">
+                    <select name="category" id="select_category" class="form-control">
+                        <?php
+                        if ($hesk_settings['select_cat'])
+                        {
+                            echo '<option value="">'.$hesklang['select'].'</option>';
+                        }
+                        foreach ($hesk_settings['categories'] as $k=>$v)
+                        {
+                            echo '<option value="'.$k.'">'.$v.'</option>';
+                        }
+                        ?>
+                    </select>
+
+                    &nbsp;<br />
+
+                    <div style="text-align:center">
+                        <input type="submit" value="<?php echo $hesklang['c2c']; ?>" class="btn btn-default">
+                        <input type="hidden" name="a" value="add" />
+                    </div>
+                </form>
+                <?php
+            }
+            // Otherwise print quick links
+            else
+            {
+                $new_row = 1;
+
+                foreach ($hesk_settings['categories'] as $k=>$v):
+                    if ($new_row == 1) {
+                        echo '<div class="row">';
+                        $new_row = -1;
+                    }
+                ?>
+                    <div class="col-md-5 col-sm-10 col-md-offset-1 col-sm-offset-1">
+                        <a href="index.php?a=add&category=<?php echo $k; ?>" class="button-link">
+                            <div class="panel panel-default">
+                                <div class="panel-body">
+                                    <div class="row">
+                                        <div class="col-xs-12">
+                                            <?php echo $v; ?>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                        </a>
+                    </div>
+                <?php
+                    $new_row++;
+                    if ($new_row == 1) {
+                        echo '</div>';
+                    }
+                endforeach;
+            }
+            ?>
+        </div>
+    </div>
+
+    <?php
+    return true;
+} // END print_select_category()
 
 function print_add_ticket()
 {
     global $hesk_settings, $hesklang, $modsForHesk_settings;
 
+    // Connect to the database
+    hesk_load_database_functions();
+    hesk_dbConnect();
+
+    // Load custom fields
+    require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
+    // Load calendar JS and CSS
+    define('CALENDAR',1);
+
     // Auto-focus first empty or error field
     define('AUTOFOCUS', true);
 
@@ -91,14 +196,6 @@ function print_add_ticket()
         $_SESSION['c_email2'] = $_REQUEST['email'];
     }
 
-    // Category ID
-    if (isset($_REQUEST['catid'])) {
-        $_SESSION['c_category'] = intval($_REQUEST['catid']);
-    }
-    if (isset($_REQUEST['category'])) {
-        $_SESSION['c_category'] = intval($_REQUEST['category']);
-    }
-
     // Priority
     if (isset($_REQUEST['priority'])) {
         $_SESSION['c_priority'] = intval($_REQUEST['priority']);
@@ -116,7 +213,7 @@ function print_add_ticket()
 
     // Custom fields
     foreach ($hesk_settings['custom_fields'] as $k => $v) {
-        if ($v['use'] && isset($_REQUEST[$k])) {
+        if ($v['use']==1 && isset($_REQUEST[$k])) {
             $_SESSION['c_' . $k] = $_REQUEST[$k];
         }
     }
@@ -131,10 +228,6 @@ function print_add_ticket()
         $_SESSION['isnotice'] = array();
     }
 
-    if (!isset($_SESSION['c_category']) && !$hesk_settings['select_cat']) {
-        $_SESSION['c_category'] = 0;
-    }
-
     hesk_cleanSessionVars('already_submitted');
 
     // Tell header to load reCaptcha API if needed
@@ -143,6 +236,29 @@ function print_add_ticket()
     }
 
     define('PAGE_TITLE', 'CUSTOMER_TICKET');
+
+    // Get categories
+    $hesk_settings['categories'] = array();
+    $res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `type`='0' ORDER BY `cat_order` ASC");
+    while ($row=hesk_dbFetchAssoc($res)) {
+        $hesk_settings['categories'][$row['id']] = $row['name'];
+    }
+
+    $number_of_categories = count($hesk_settings['categories']);
+
+    if ($number_of_categories == 0) {
+        $category = 1;
+    } elseif ($number_of_categories == 1) {
+        $category = current(array_keys($hesk_settings['categories']));
+    } else {
+        $category = isset($_GET['catid']) ? hesk_REQUEST('catid'): hesk_REQUEST('category');
+
+        // Force the customer to select a category?
+        if (!isset($hesk_settings['categories'][$category])) {
+            return print_select_category($number_of_categories);
+        }
+    }
+
     // Print header
     $hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' . $hesklang['submit_ticket'];
     require_once(HESK_PATH . 'inc/header.inc.php');
@@ -151,7 +267,16 @@ function print_add_ticket()
     <ol class="breadcrumb">
         <li><a href="<?php echo $hesk_settings['site_url']; ?>"><?php echo $hesk_settings['site_title']; ?></a></li>
         <li><a href="<?php echo $hesk_settings['hesk_url']; ?>"><?php echo $hesk_settings['hesk_title']; ?></a></li>
-        <li class="active"><?php echo $hesklang['sub_support']; ?></li>
+        <?php if ($number_of_categories > 1) { ?>
+            <li>
+                <a href="index.php?a=add">
+                    <?php echo $hesklang['sub_support']; ?>
+                </a>
+            </li>
+            <li class="active"><?php echo $hesk_settings['categories'][$category]; ?></li>
+        <?php } else { ?>
+            <li class="active"><?php echo $hesklang['sub_support']; ?></li>
+        <?php } ?>
     </ol>
 
     <!-- START MAIN LAYOUT -->
@@ -199,8 +324,8 @@ function print_add_ticket()
                   enctype="multipart/form-data" <?php echo $onsubmit; ?>>
                 <!-- Contact info -->
                 <div class="form-group">
-                    <label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?>: <font
-                            class="important">*</font></label>
+                    <label for="name" class="col-sm-3 control-label"><?php echo $hesklang['name']; ?> <span
+                            class="important">*</span></label>
 
                     <div class="col-sm-9">
                         <input type="text" class="form-control" id="name" name="name" size="40" maxlength="30"
@@ -214,8 +339,8 @@ function print_add_ticket()
                     </div>
                 </div>
                 <div class="form-group">
-                    <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email']; ?>: <span
-                            class="important">*</span></label>
+                    <label for="email" class="col-sm-3 control-label"><?php echo $hesklang['email'] .
+                            ($hesk_settings['require_email'] ? ' <span class="important">*</span>' : ''); ?></label>
 
                     <div class="col-sm-9">
                         <input type="text" class="form-control" id="email" name="email" size="40" maxlength="1000"
@@ -226,7 +351,7 @@ function print_add_ticket()
                         } elseif (in_array('email', $_SESSION['isnotice'])) {
                             echo ' class="isNotice" ';
                         } ?> <?php if ($hesk_settings['detect_typos']) {
-                            echo ' onblur="Javascript:hesk_suggestEmail(0)"';
+                            echo ' onblur="Javascript:hesk_suggestEmail(\'email\', \'email_suggestions\', 1, 0)"';
                         } ?> placeholder="<?php echo htmlspecialchars($hesklang['email']); ?>"
                                data-error="<?php echo htmlspecialchars($hesklang['enter_valid_email']); ?>" required>
 
@@ -237,8 +362,8 @@ function print_add_ticket()
                 if ($hesk_settings['confirm_email']) {
                     ?>
                     <div class="form-group">
-                        <label for="email2" class="col-sm-3 control-label"><?php echo $hesklang['confemail']; ?>: <span
-                                class="important">*</span></label>
+                        <label for="email2" class="col-sm-3 control-label"><?php echo $hesklang['confemail']; ?>
+                            <?php echo $hesk_settings['require_email'] ? ' <span class="important">*</span>' : ''; ?></label>
 
                         <div class="col-sm-9">
                             <input type="text" id="email2" class="form-control" name="email2" size="40"
@@ -257,54 +382,14 @@ function print_add_ticket()
                     <?php
                 } ?>
                 <div id="email_suggestions"></div>
-                <!-- Department and priority -->
+                <!-- Priority -->
                 <?php
-                // Get categories
-                hesk_dbConnect();
-                $orderBy = $modsForHesk_settings['category_order_column'];
-                $res = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `type`='0' AND `usage` <> 2 ORDER BY `" . $orderBy . "` ASC");
-
-                if (hesk_dbNumRows($res) == 1) {
-                    // Only 1 public category, no need for a select box
-                    $row = hesk_dbFetchAssoc($res);
-                    echo '<input type="hidden" name="category" value="' . $row['id'] . '" />';
-                } elseif (hesk_dbNumRows($res) < 1) {
-                    // No public categories, set it to default one
-                    echo '<input type="hidden" name="category" value="1" />';
-                } else {
-                    ?>
-                    <div class="form-group">
-                        <label for="category" class="col-sm-3 control-label"><?php echo $hesklang['category']; ?>: <span
-                                class="important">*</span></label>
-
-                        <div class="col-sm-9">
-                            <select name="category" id="category"
-                                    class="form-control" pattern="[0-9]+"
-                                    data-error="<?php echo htmlspecialchars($hesklang['sel_app_cat']); ?>" required
-                                <?php if (in_array('category', $_SESSION['iserror'])) {
-                                    echo ' class="isError" ';
-                                } ?> ><?php
-                                // Show the "Click to select"?
-                                if ($hesk_settings['select_cat']) {
-                                    echo '<option value="">' . $hesklang['select'] . '</option>';
-                                }
-                                // List categories
-                                while ($row = hesk_dbFetchAssoc($res)) {
-                                    echo '<option value="' . $row['id'] . '"' . (($_SESSION['c_category'] == $row['id']) ? ' selected="selected"' : '') . '>' . $row['name'] . '</option>';
-                                } ?>
-                            </select>
-
-                            <div class="help-block with-errors"></div>
-                        </div>
-                    </div>
-                    <?php
-                }
 
                 /* Can customer assign urgency? */
                 if ($hesk_settings['cust_urgency']) {
                     ?>
                     <div class="form-group">
-                        <label for="priority" class="col-sm-3 control-label"><?php echo $hesklang['priority']; ?>: <span
+                        <label for="priority" class="col-sm-3 control-label"><?php echo $hesklang['priority']; ?> <span
                                 class="important">*</span></label>
 
                         <div class="col-sm-9">
@@ -346,270 +431,225 @@ function print_add_ticket()
 
                 /* custom fields BEFORE comments */
 
-                foreach ($hesk_settings['custom_fields'] as $k => $v) {
-
-                    if ($v['use'] && $v['place'] == 0) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
+                $hidden_cf_buffer = '';
+                foreach ($hesk_settings['custom_fields'] as $k=>$v)
+                {
+                    if ($v['use']==1 && $v['place']==0 && hesk_is_custom_field_in_category($k, $category) )
+                    {
+                        if ($v['req']) {
+                            $v['req']=  '<span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        } else {
+                            $v['req'] = '';
+                            $required_attribute = '';
                         }
 
-                        $required = $v['req'] ? 'required' : '';
-                        $v['req'] = $v['req'] ? '<span class="important">*</span>' : '';
-
-                        if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect') {
+                        if ($v['type'] == 'checkbox')
+                        {
                             $k_value = array();
-                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"])) {
-                                foreach ($_SESSION["c_$k"] as $myCB) {
+                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"]))
+                            {
+                                foreach ($_SESSION["c_$k"] as $myCB)
+                                {
                                     $k_value[] = stripslashes(hesk_input($myCB));
                                 }
                             }
-                        } elseif (isset($_SESSION["c_$k"])) {
-                            $k_value = stripslashes(hesk_input($_SESSION["c_$k"]));
-                        } else {
-                            $k_value = '';
+                        }
+                        elseif (isset($_SESSION["c_$k"]))
+                        {
+                            $k_value  = stripslashes(hesk_input($_SESSION["c_$k"]));
+                        }
+                        else
+                        {
+                            $k_value  = '';
                         }
 
-                        switch ($v['type']) {
+                        switch ($v['type'])
+                        {
                             /* Radio box */
                             case 'radio':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                foreach ($options as $option) {
+                                $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : '';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">';
 
-                                    if (strlen($k_value) == 0 || $k_value == $option) {
+                                foreach ($v['value']['radio_options'] as $option) {
+                                    if (strlen($k_value) == 0) {
                                         $k_value = $option;
-                                        $checked = 'checked="checked"';
+                                        $checked = empty($v['value']['no_default']) ? 'checked' : '';
+                                    } elseif ($k_value == $option) {
+                                        $k_value = $option;
+                                        $checked = 'checked';
                                     } else {
                                         $checked = '';
                                     }
 
-                                    echo '<label style="font-weight: normal;"><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' ' . $required . ' > ' . $option . '</label><br />';
+                                    echo '<div class="radio"><label><input type="radio" name="'.$k.'" value="'.$option.'" '.$checked.' ' . $required_attribute . '> '.$option.'</label></div>';
                                 }
-
-                                echo '<div class="help-block with-errors"></div>';
-                                echo '</div></div>';
+                        echo '
+                        <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Select drop-down box */
                             case 'select':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-                                echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-                                <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $cls . '>';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <select name="'.$k.'" class="form-control" ' . $required_attribute . '>';
                                 // Show "Click to select"?
-                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                if ($num) {
-                                    echo '<option value="">' . $hesklang['select'] . '</option>';
+                                if ( ! empty($v['value']['show_select']))
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
                                 }
 
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if ($k_value == $option) {
+                                foreach ($v['value']['select_options'] as $option)
+                                {
+                                    if ($k_value == $option)
+                                    {
                                         $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
+                                        $selected = 'selected';
+                                    }
+                                    else
+                                    {
                                         $selected = '';
                                     }
 
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
+                                    echo '<option '.$selected.'>'.$option.'</option>';
                                 }
 
-                                echo '</select></div></div>';
+                                echo '</select>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Checkbox */
                             case 'checkbox':
-                                $validator = $required == 'required' ? 'data-checkbox="' . $k . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                foreach ($options as $option) {
-
-                                    if (in_array($option, $k_value)) {
-                                        $checked = 'checked="checked"';
-                                    } else {
-                                        $checked = '';
-                                    }
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">';
 
-                                    echo '<label style="font-weight: normal;"><input ' . $validator . ' id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />';
+                            foreach ($v['value']['checkbox_options'] as $option)
+                            {
+                                if (in_array($option,$k_value))
+                                {
+                                    $checked = 'checked';
+                                }
+                                else
+                                {
+                                    $checked = '';
                                 }
-                                echo '<div class="help-block with-errors"></div></div></div>';
+
+                                echo '<div class="checkbox"><label><input type="checkbox" name="'.$k.'[]" value="'.$option.'" '.$checked.' '.$required_attribute.'> '.$option.'</label></div>';
+                            }
+                        echo '
+                        <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Large text box */
                             case 'textarea':
-                                $errorText = $required == 'required' ? 'data-error="' . htmlspecialchars($hesklang['this_field_is_required']) . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                $size = explode('#', $v['value']);
-                                $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                $size[1] = empty($size[1]) ? 30 : intval($size[1]);
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><textarea class="form-control" id="' . $formattedId . '" name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . ' ' . $errorText . ' ' . $required . '>' . $k_value . '</textarea>
-                                <div class="help-block with-errors"></div>
-					            </div>
-                                </div>';
-                                break;
-
-                            case 'multiselect':
-                                $validator = $required == 'required' ? 'data-multiselect="' . $k . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group"><label for="' . $v['name'] . '[]" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-                                <div class="col-sm-9"><select ' . $validator . ' class="form-control" id="' . $formattedId . '" name="' . $k . '[]" ' . $cls . ' multiple>';
-
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if ($k_value == $option) {
-                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
-                                        $selected = '';
-                                    }
-
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
-                                }
-
-                                echo '</select>
-                                <div class="btn-group" role="group">
-                                    <button ' . $validator . ' type="button" class="btn btn-default" onclick="selectAll(\'' . $formattedId . '\')">'.$hesklang['select_all_title_case'].'</button>
-                                    <button ' . $validator . ' type="button" class="btn btn-default" onclick="deselectAll(\'' . $formattedId . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                                </div>
-                                <span class="help-block with-errors"></span>
-                                </div></div>';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <textarea class="form-control" name="'.$k.'" rows="'.intval($v['value']['rows']).'" cols="'.intval($v['value']['cols']).'" '.$required_attribute.'>'.$k_value.'</textarea>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
+                            // Date
                             case 'date':
-                                //Clean up multiple dashes or whitespaces
-                                $errorText = $required == 'required' ? 'data-error="'.htmlspecialchars($hesklang['this_field_is_required']).'"' : '';
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if ($required_attribute != '') {
+                                    $required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
                                 }
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError ' : '';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
                                 echo '
-                                <div class="form-group">
-                                    <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-                                    <div class="col-sm-9">
-                                        <input type="text" class="datepicker form-control white-readonly ' . $cls . '" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
-                                            value="' . $v['value'] . '" '.$errorText. ' '.$required.' readonly>
-                                        <span class="help-block">' . $hesklang['date_format'] . '</span>
-                                    </div>
-                                </div>';
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" name="'.$k.'" value="'.$k_value.'" class="form-control datepicker" size="10" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
+                            // Email
                             case 'email':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                if ($v['value'] == 'cc' || $v['value'] == 'bcc') {
-                                    // (b)cc isn't a valid email but is the "value" used by settings. Just remove it.
-                                    $v['value'] = '';
-                                }
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" data-error="' . htmlspecialchars($hesklang['enter_valid_email']) . '" ' . $cls . ' ' . $required . '>
-					            <div class="help-block with-errors"></div>
-					            </div>
-                                </div>';
+                                $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 0'.($v['value']['multiple'] ? ',1' : '').')"' : '';
 
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" name="'.$k.'" id="'.$k.'" value="'.$k_value.'" size="40" class="form-control" '.$suggest.' '.$required_attribute.'>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                        <div id="'.$k.'_suggestions"></div>
+                    </div>';
                                 break;
 
+                            // Hidden
                             case 'hidden':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["c_$k"]))
+                                {
+                                    $v['value']['default_value'] = $k_value;
                                 }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' />';
-
+                                $hidden_cf_buffer .= '<input type="hidden" name="'.$k.'" value="'.$v['value']['default_value'].'" />';
                                 break;
 
+                            // Readonly
                             case 'readonly':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["c_$k"]))
+                                {
+                                    $v['value']['default_value'] = $k_value;
                                 }
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' readonly></div>
-                                </div>';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control white-readonly" name="'.$k.'" size="40" value="'.$v['value']['default_value'].'" readonly>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Default text input */
                             default:
-                                $errorText = $required == 'required' ? 'data-error="' . htmlspecialchars($hesklang['this_field_is_required']) . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["c_$k"]))
+                                {
+                                    $v['value']['default_value'] = $k_value;
                                 }
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' ' . $errorText . ' ' . $required . '>
-					            <div class="help-block with-errors"></div>
-					            </div>
-                                </div>';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" name="'.$k.'" size="40" maxlength="'.intval($v['value']['max_length']).'" value="'.$v['value']['default_value'].'" '.$required_attribute.'>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                         }
                     }
                 }
@@ -617,33 +657,44 @@ function print_add_ticket()
                 ?>
                 <!-- END CUSTOM BEFORE -->
 
-                <div class="blankSpace"></div>
-                <div align="left" class="h3"><?php echo $hesklang['add_ticket_your_message']; ?></div>
-                <div class="footerWithBorder"></div>
-                <div class="blankSpace"></div>
-                <!-- ticket info -->
-                <div class="form-group">
-                    <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>: <span
-                            class="important">*</span></label>
+                <?php
+                if ($hesk_settings['require_subject'] != -1 || $hesk_settings['require_message'] != -1) {
+                    ?>
+                    <div class="blankSpace"></div>
+                    <div align="left" class="h3"><?php echo $hesklang['add_ticket_your_message']; ?></div>
+                    <div class="footerWithBorder"></div>
+                    <div class="blankSpace"></div>
+                    <!-- ticket info -->
+                    <?php if ($hesk_settings['require_subject'] != -1) { ?>
+                        <div class="form-group">
+                            <label for="subject" class="col-sm-3 control-label"><?php echo $hesklang['subject']; ?>
+                                <?php echo $hesk_settings['require_subject'] ? '<span class="important">*</span>' : ''; ?>
+                            </label>
 
-                    <div class="col-sm-9">
-                        <input type="text" id="subject" class="form-control" name="subject" size="40" maxlength="40"
-                               value="<?php if (isset($_SESSION['c_subject'])) {
-                                   echo stripslashes(hesk_input($_SESSION['c_subject']));
-                               } ?>" <?php if (in_array('subject', $_SESSION['iserror'])) {
-                            echo ' class="isError" ';
-                        } ?> placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"
-                               data-error="<?php echo htmlspecialchars($hesklang['enter_subject']); ?>" required>
+                            <div class="col-sm-9">
+                                <input type="text" id="subject" class="form-control" name="subject" size="40"
+                                       maxlength="40"
+                                       value="<?php if (isset($_SESSION['c_subject'])) {
+                                           echo stripslashes(hesk_input($_SESSION['c_subject']));
+                                       } ?>" <?php if (in_array('subject', $_SESSION['iserror'])) {
+                                    echo ' class="isError" ';
+                                } ?> placeholder="<?php echo htmlspecialchars($hesklang['subject']); ?>"
+                                       data-error="<?php echo htmlspecialchars($hesklang['enter_subject']); ?>"
+                                       required>
 
-                        <div class="help-block with-errors"></div>
-                    </div>
-                </div>
-                <div class="form-group" id="message-group">
-                    <label for="message" class="col-sm-3 control-label">
-                        <?php echo $hesklang['message']; ?>:
-                        <span class="important">*</span>
-                    </label>
-                    <div class="col-sm-9">
+                                <div class="help-block with-errors"></div>
+                            </div>
+                        </div>
+                        <?php
+                    }
+                    if ($hesk_settings['require_message'] != -1) {
+                        ?>
+                        <div class="form-group" id="message-group">
+                            <label for="message" class="col-sm-3 control-label">
+                                <?php echo $hesklang['message']; ?>
+                                <?php echo $hesk_settings['require_message'] ? '<span class="important">*</span>' : ''; ?>
+                            </label>
+                            <div class="col-sm-9">
                         <textarea placeholder="<?php echo htmlspecialchars($hesklang['message']); ?>" name="message"
                                   id="message" class="form-control htmlEditor" rows="12"
                                   cols="60" <?php if (in_array('message', $_SESSION['iserror'])) {
@@ -653,31 +704,35 @@ function print_add_ticket()
                                 echo stripslashes(hesk_input($_SESSION['c_message']));
                             } ?></textarea>
 
-                        <div class="help-block with-errors" id="message-help-block"></div>
-                        <?php if ($modsForHesk_settings['rich_text_for_tickets_for_customers']): ?>
-                            <script type="text/javascript">
-                                /* <![CDATA[ */
-                                tinyMCE.init({
-                                    mode: "textareas",
-                                    editor_selector: "htmlEditor",
-                                    elements: "content",
-                                    theme: "advanced",
-                                    convert_urls: false,
-
-                                    theme_advanced_buttons1: "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
-                                    theme_advanced_buttons2: "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup",
-                                    theme_advanced_buttons3: "",
-
-                                    theme_advanced_toolbar_location: "top",
-                                    theme_advanced_toolbar_align: "left",
-                                    theme_advanced_statusbar_location: "bottom",
-                                    theme_advanced_resizing: true
-                                });
-                                /* ]]> */
-                            </script>
-                        <?php endif; ?>
-                    </div>
-                </div>
+                                <div class="help-block with-errors" id="message-help-block"></div>
+                                <?php if ($modsForHesk_settings['rich_text_for_tickets_for_customers']): ?>
+                                    <script type="text/javascript">
+                                        /* <![CDATA[ */
+                                        tinyMCE.init({
+                                            mode: "textareas",
+                                            editor_selector: "htmlEditor",
+                                            elements: "content",
+                                            theme: "advanced",
+                                            convert_urls: false,
+
+                                            theme_advanced_buttons1: "cut,copy,paste,|,undo,redo,|,formatselect,fontselect,fontsizeselect,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull",
+                                            theme_advanced_buttons2: "sub,sup,|,charmap,|,bullist,numlist,|,outdent,indent,insertdate,inserttime,preview,|,forecolor,backcolor,|,hr,removeformat,visualaid,|,link,unlink,anchor,image,cleanup",
+                                            theme_advanced_buttons3: "",
+
+                                            theme_advanced_toolbar_location: "top",
+                                            theme_advanced_toolbar_align: "left",
+                                            theme_advanced_statusbar_location: "bottom",
+                                            theme_advanced_resizing: true
+                                        });
+                                        /* ]]> */
+                                    </script>
+                                <?php endif; ?>
+                            </div>
+                        </div>
+                        <?php
+                    }
+                }
+                ?>
 
                 <!-- START KNOWLEDGEBASE SUGGEST -->
                 <?php
@@ -703,269 +758,224 @@ function print_add_ticket()
 
                 /* custom fields AFTER comments */
 
-                foreach ($hesk_settings['custom_fields'] as $k => $v) {
-
-                    if ($v['use'] && $v['place']) {
-                        if ($modsForHesk_settings['custom_field_setting']) {
-                            $v['name'] = $hesklang[$v['name']];
+                foreach ($hesk_settings['custom_fields'] as $k=>$v)
+                {
+                    if ($v['use']==1 && $v['place']==1 && hesk_is_custom_field_in_category($k, $category) )
+                    {
+                        if ($v['req']) {
+                            $v['req']=  '<span class="important">*</span>';
+                            $required_attribute = 'data-error="' . $hesklang['this_field_is_required'] . '" required';
+                        } else {
+                            $v['req'] = '';
+                            $required_attribute = '';
                         }
 
-                        $required = $v['req'] ? 'required' : '';
-                        $v['req'] = $v['req'] ? '<span class="important">*</span>' : '';
-
-                        if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect') {
+                        if ($v['type'] == 'checkbox')
+                        {
                             $k_value = array();
-                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"])) {
-                                foreach ($_SESSION["c_$k"] as $myCB) {
+                            if (isset($_SESSION["c_$k"]) && is_array($_SESSION["c_$k"]))
+                            {
+                                foreach ($_SESSION["c_$k"] as $myCB)
+                                {
                                     $k_value[] = stripslashes(hesk_input($myCB));
                                 }
                             }
-                        } elseif (isset($_SESSION["c_$k"])) {
-                            $k_value = stripslashes(hesk_input($_SESSION["c_$k"]));
-                        } else {
-                            $k_value = '';
+                        }
+                        elseif (isset($_SESSION["c_$k"]))
+                        {
+                            $k_value  = stripslashes(hesk_input($_SESSION["c_$k"]));
+                        }
+                        else
+                        {
+                            $k_value  = '';
                         }
 
-                        switch ($v['type']) {
+                        switch ($v['type'])
+                        {
                             /* Radio box */
                             case 'radio':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                foreach ($options as $option) {
+                                $cls = in_array($k,$_SESSION['iserror']) ? ' class="isError" ' : '';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">';
 
-                                    if (strlen($k_value) == 0 || $k_value == $option) {
+                                foreach ($v['value']['radio_options'] as $option) {
+                                    if (strlen($k_value) == 0) {
                                         $k_value = $option;
-                                        $checked = 'checked="checked"';
+                                        $checked = empty($v['value']['no_default']) ? 'checked' : '';
+                                    } elseif ($k_value == $option) {
+                                        $k_value = $option;
+                                        $checked = 'checked';
                                     } else {
                                         $checked = '';
                                     }
 
-                                    echo '<label style="font-weight: normal;"><input type="radio" id="' . $formattedId . '" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />';
+                                    echo '<div class="radio"><label><input type="radio" name="'.$k.'" value="'.$option.'" '.$checked.' '.$required_attribute.'> '.$option.'</label></div>';
                                 }
-
-                                echo '</div></div>';
+                                echo '
+                                <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Select drop-down box */
                             case 'select':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group"><label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-                                <div class="col-sm-9"><select class="form-control" id="' . $formattedId . '" name="' . $k . '" ' . $cls . '>';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <select name="'.$k.'" class="form-control" '.$required_attribute.'>';
                                 // Show "Click to select"?
-                                $v['value'] = str_replace('{HESK_SELECT}', '', $v['value'], $num);
-                                if ($num) {
-                                    echo '<option value="">' . $hesklang['select'] . '</option>';
+                                if ( ! empty($v['value']['show_select']))
+                                {
+                                    echo '<option value="">'.$hesklang['select'].'</option>';
                                 }
 
-
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if ($k_value == $option) {
+                                foreach ($v['value']['select_options'] as $option)
+                                {
+                                    if ($k_value == $option)
+                                    {
                                         $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
+                                        $selected = 'selected';
+                                    }
+                                    else
+                                    {
                                         $selected = '';
                                     }
 
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
+                                    echo '<option '.$selected.'>'.$option.'</option>';
                                 }
 
-                                echo '</select></div></div>';
+                                echo '</select>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Checkbox */
                             case 'checkbox':
-                                $validator = $required == 'required' ? 'data-checkbox="' . $k . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                echo '<div class="form-group"><label class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label><div align="left" class="col-sm-9">';
-
-                                $options = explode('#HESK#', $v['value']);
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                foreach ($options as $option) {
-
-                                    if (in_array($option, $k_value)) {
-                                        $checked = 'checked="checked"';
-                                    } else {
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">';
+
+                                foreach ($v['value']['checkbox_options'] as $option)
+                                {
+                                    if (in_array($option,$k_value))
+                                    {
+                                        $checked = 'checked';
+                                    }
+                                    else
+                                    {
                                         $checked = '';
                                     }
 
-                                    echo '<label style="font-weight: normal;"><input ' . $validator . ' id="' . $formattedId . '" type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $cls . ' /> ' . $option . '</label><br />';
+                                    echo '<div class="checkbox"><label><input type="checkbox" name="'.$k.'[]" value="'.$option.'" '.$checked.' '.$required_attribute.'> '.$option.'</label></div>';
                                 }
-                                echo '<div class="help-block with-errors"></div></div></div>';
+                                echo '
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Large text box */
                             case 'textarea':
-                                $errorText = $required == 'required' ? 'data-error="' . htmlspecialchars($hesklang['this_field_is_required']) . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                $size = explode('#', $v['value']);
-                                $size[0] = empty($size[0]) ? 5 : intval($size[0]);
-                                $size[1] = empty($size[1]) ? 30 : intval($size[1]);
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><textarea class="form-control" id="' . $formattedId . '" name="' . $k . '" rows="' . $size[0] . '" cols="' . $size[1] . '" ' . $cls . ' ' . $errorText . ' ' . $required . '>' . $k_value . '</textarea>
-                                <div class="help-block with-errors"></div>
-                                </div></div>';
-                                break;
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
-                            case 'multiselect':
-                                $validator = $required == 'required' ? 'data-multiselect="' . $k . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group"><label for="' . $v['name'] . '[]" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-                                <div class="col-sm-9"><select class="form-control" ' . $validator . ' id="' . $formattedId . '" name="' . $k . '[]" ' . $cls . ' multiple>';
-
-                                $options = explode('#HESK#', $v['value']);
-
-                                foreach ($options as $option) {
-
-                                    if ($k_value == $option) {
-                                        $k_value = $option;
-                                        $selected = 'selected="selected"';
-                                    } else {
-                                        $selected = '';
-                                    }
-
-                                    echo '<option ' . $selected . '>' . $option . '</option>';
-                                }
-
-                                echo '</select>
-                                <div class="btn-group" role="group">
-                                    <button ' . $validator . ' type="button" class="btn btn-default" onclick="selectAll(\'' . $formattedId . '\')">'.$hesklang['select_all_title_case'].'</button>
-                                    <button ' . $validator . ' type="button" class="btn btn-default" onclick="deselectAll(\'' . $formattedId . '\')">'.$hesklang['deselect_all_title_case'].'</button>
-                                </div>
-                                <span class="help-block with-errors"></span>
-                                </div></div>';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <textarea class="form-control" name="'.$k.'" rows="'.intval($v['value']['rows']).'" cols="'.intval($v['value']['cols']).'" '.$required_attribute.'>'.$k_value.'</textarea>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
+                            // Date
                             case 'date':
-                                $errorText = $required == 'required' ? 'data-error="'.htmlspecialchars($hesklang['this_field_is_required']).'"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if ($required_attribute != '') {
+                                    $required_attribute .= ' pattern="[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])"';
                                 }
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' isError ' : '';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
                                 echo '
-                                <div class="form-group">
-                                    <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-                                    <div class="col-sm-9">
-                                        <input type="text" class="datepicker form-control white-readonly ' . $cls . '" placeholder="' . htmlspecialchars($v['name']) . '" id="' . $formattedId . '" name="' . $k . '" size="40"
-                                            value="' . $v['value'] . '" '.$errorText. ' readonly="readonly" '.$required.'>
-                                        <span class="help-block">' . $hesklang['date_format'] . '</span>
-                                        <span class="help-block with-errors"></span>
-                                    </div>
-                                </div>';
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" name="'.$k.'" value="'.$k_value.'" class="form-control datepicker" size="10" '.$required_attribute.'>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                                 break;
 
+                            // Email
                             case 'email':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
-                                }
-
-                                if ($v['value'] == 'cc' || $v['value'] == 'bcc') {
-                                    // (b)cc isn't a valid email but is the "value" used by settings. Just remove it.
-                                    $v['value'] = '';
-                                }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" data-error="' . htmlspecialchars($hesklang['enter_valid_email']) . '" ' . $cls . ' ' . $required . '>
-					            <div class="help-block with-errors"></div>
-                                </div></div>';
+                                $suggest = $hesk_settings['detect_typos'] ? 'onblur="Javascript:hesk_suggestEmail(\''.$k.'\', \''.$k.'_suggestions\', 0, 0'.($v['value']['multiple'] ? ',1' : '').')"' : '';
 
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" name="'.$k.'" id="'.$k.'" value="'.$k_value.'" size="40" class="form-control" '.$suggest.' '.$required_attribute.'>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                        <div id="'.$k.'_suggestions"></div>
+                    </div>';
                                 break;
 
+                            // Hidden
                             case 'hidden':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["c_$k"]))
+                                {
+                                    $v['value']['default_value'] = $k_value;
                                 }
-
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<input type="hidden" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' />';
-
+                                $hidden_cf_buffer .= '<input type="hidden" name="'.$k.'" value="'.$v['value']['default_value'].'" />';
                                 break;
 
+                            // Readonly
                             case 'readonly':
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["c_$k"]))
+                                {
+                                    $v['value']['default_value'] = $k_value;
                                 }
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
-
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' readonly></div>
-                                </div>';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control white-readonly" name="'.$k.'" size="40" value="'.$v['value']['default_value'].'" readonly>
+                        </div>
+                    </div>';
                                 break;
 
                             /* Default text input */
                             default:
-                                $errorText = $required == 'required' ? 'data-error="' . htmlspecialchars($hesklang['this_field_is_required']) . '"' : '';
-                                //Clean up multiple dashes or whitespaces
-                                $formattedId = preg_replace("/[\s-]+/", " ", $v['name']);
-                                $formattedId = preg_replace("/[\s_]/", "-", $formattedId);
-
-                                if (strlen($k_value) != 0) {
-                                    $v['value'] = $k_value;
+                                if (strlen($k_value) != 0 || isset($_SESSION["c_$k"]))
+                                {
+                                    $v['value']['default_value'] = $k_value;
                                 }
 
-                                $cls = in_array($k, $_SESSION['iserror']) ? ' class="isError" ' : '';
+                                $cls = in_array($k,$_SESSION['iserror']) ? 'isError' : '';
 
-                                echo '<div class="form-group">
-                                <label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ': ' . $v['req'] . '</label>
-					            <div class="col-sm-9"><input type="text" class="form-control" id="' . $formattedId . '" name="' . $k . '" size="40" maxlength="' . $v['maxlen'] . '" value="' . $v['value'] . '" ' . $cls . ' ' . $errorText . ' ' . $required . '>
-					            <div class="help-block with-errors"></div>
-                                </div></div>';
+                                echo '
+                    <div class="form-group '.$cls.'">
+                        <label for="'.$k.'" class="col-sm-3 control-label">'.$v['name'].' '.$v['req'].'</label>
+                        <div class="col-sm-9">
+                            <input type="text" class="form-control" name="'.$k.'" size="40" maxlength="'.intval($v['value']['max_length']).'" value="'.$v['value']['default_value'].'" ' . $required_attribute . '>
+                            <div class="help-block with-errors"></div>
+                        </div>
+                    </div>';
                         }
                     }
                 }
@@ -1164,8 +1174,12 @@ function print_add_ticket()
 
                         <?php
                     } // End ELSE submit_notice
+
+                    // Print custom hidden fields
+                    echo $hidden_cf_buffer;
                     ?>
 
+                    <input type="hidden" name="category" value="<?php echo $category; ?>">
                     <!-- Do not delete or modify the code below, it is used to detect simple SPAM bots -->
                     <input type="hidden" name="hx" value="3"/><input type="hidden" name="hy" value=""/>
                     <!-- >
diff --git a/knowledgebase.php b/knowledgebase.php
index 05fed955..1b72fdc0 100644
--- a/knowledgebase.php
+++ b/knowledgebase.php
@@ -91,7 +91,7 @@ if (isset($_GET['rating'])) {
 					");
     }
 
-    setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000);
+    hesk_setcookie('hesk_kb_rate', $_COOKIE['hesk_kb_rate'] . 'a' . $artid . '%', time() + 2592000);
     header('Location: knowledgebase.php?article=' . $artid . '&rated=1');
     exit();
 }
@@ -263,7 +263,7 @@ if (!$show['show']) {
 
             // Update views by 1 - exclude known bots and reloads because of ratings
             if (!isset($_GET['rated']) && !hesk_detect_bots()) {
-                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid} LIMIT 1");
+                hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "kb_articles` SET `views`=`views`+1 WHERE `id`={$artid}");
             }
             if (!isset($_GET['suggest'])) {
                 $historyNumber = isset($_GET['rated']) ? '-2' : '-1';
diff --git a/language/en/text.php b/language/en/text.php
index 2a39ef5e..3a086070 100644
--- a/language/en/text.php
+++ b/language/en/text.php
@@ -66,6 +66,9 @@ $hesklang['generated_token_colon'] = 'Generated Token:';
 $hesklang['record_this_token_warning'] = 'Please record this token, as this is the only time you will be able to view it!';
 $hesklang['all_tokens_revoked'] = 'All tokens for this user have been revoked';
 $hesklang['staff_login_title'] = 'Staff Login';
+$hesklang['manage_custom_fields'] = 'Manage Custom Fields';
+$hesklang['value'] = 'Value';
+$hesklang['readonly'] = 'Readonly';
 
 // ADDED OR MODIFIED IN Mods for HESK 2.6.0
 $hesklang['search_logs'] = 'Search Logs';
@@ -1397,7 +1400,6 @@ $hesklang['import']='You are importing a <i>private ticket</i> into a <i>public
 $hesklang['tab_1']='General';
 $hesklang['tab_2']='Help Desk';
 $hesklang['tab_3']='Knowledgebase';
-$hesklang['tab_4']='Custom Fields';
 $hesklang['tab_5']='Misc';
 $hesklang['disable']='Disable';
 $hesklang['dat']='Date &amp; Time';
@@ -1763,7 +1765,6 @@ $hesklang['mm3']='We apologize for the inconvenience and ask that you please try
 $hesklang['mma1']='Maintenance mode is active!';
 $hesklang['mma2']='Customers are not able to use the help desk.';
 $hesklang['tools']='Tools';
-$hesklang['banemail']='Banned Emails';
 $hesklang['banemail_intro']='Prevent certain email addresses from submitting tickets to your help desk.';
 $hesklang['no_banemails']='<i>No emails are being banned.</i>';
 $hesklang['eperm']='Permanent email bans:';
@@ -1783,7 +1784,6 @@ $hesklang['can_ban_emails']='Can ban emails';
 $hesklang['can_unban_emails']='Can unban emails (enables Can ban emails)';
 $hesklang['eisban']='This email address is banned.';
 $hesklang['click_unban']='Click here to unban.';
-$hesklang['banip']='Banned IPs';
 $hesklang['banip_intro']='Visitors from banned IP addresses will not be able to view or submit tickets and login into the help desk.';
 $hesklang['ipperm']='Permanent IP bans:';
 $hesklang['iptemp']='Login failure bans:';
@@ -1889,5 +1889,180 @@ $hesklang['rcpv']='Secret key (Private key)';
 // If your language is NOT in the supported langauges, leave 'en'
 $hesklang['RECAPTCHA']='en';
 
+// Added or modified in version 2.7.0
+$hesklang['imap']='IMAP Fetching';
+$hesklang['imaph']='IMAP Host';
+$hesklang['imapp']='IMAP Port';
+$hesklang['enc']='Encryption';
+$hesklang['ssl']='SSL';
+$hesklang['tls']='TLS';
+$hesklang['none']='None';
+$hesklang['imapu']='IMAP Username';
+$hesklang['imapw']='IMAP Password';
+$hesklang['imaptest']='Test IMAP connection';
+$hesklang['ifd']='[HESK] IMAP FETCHING IS DISABLED IN SETTINGS';
+$hesklang['iei']='[HESK] PHP IMAP extension is not installed.';
+$hesklang['ifr']='Another IMAP fetching task is still in progress.';
+$hesklang['arp']='Auto reload page';
+$hesklang['arpp']='Automatically reload page with ticket list every:';
+$hesklang['seconds']='seconds'; // Reload page every X 'seconds'
+$hesklang['minutes']='minutes'; // Reload page every X 'minutes'
+$hesklang['atbr']='This ticket needs to be assigned before it can be replied to.';
+$hesklang['attm']='Assign this ticket to me';
+$hesklang['owneed']='Owner needed';
+$hesklang['taat']='This ticket is already assigned to <b>%s</b>.';
+$hesklang['scoy']='Are you sure you want to assign it to yourself?';
+$hesklang['scot']='Are you sure you want to assign it to %s?';
+$hesklang['ycto']='YES, change the owner';
+$hesklang['ncto']='NO, keep current owner';
+$hesklang['fass']='Require owner';
+$hesklang['req_sub']='Require subject';
+$hesklang['req_msg']='Require message';
+$hesklang['req_email']='Require email';
+$hesklang['default_subject']='Ticket from %s'; // Default ticket subject, %s will be replaced with name
+$hesklang['off-hide']='Hide in customer form';
+$hesklang['ons']='ON - Everyone'; // For admin settings page
+$hesklang['not_valid_email']='Enter a valid email address or leave this field empty';
+$hesklang['write_down']='<span style="color:red">We recommend that you write down your Ticket ID for future reference.</span>';
+$hesklang['re_confirm1']='Disabling this will also disable "Require email to view tickets" under "Security". Proceed?';
+$hesklang['re_confirm2']='Enabling this will also enable "Require email" under "Features". Proceed?';
+$hesklang['can_email_tpl']='Edit email templates'; // Staff permission
+$hesklang['et_title']='Email templates';
+$hesklang['et_intro']='Modify emails that are sent to your staff and customers';
+$hesklang['file']='File';
+$hesklang['efile']='Editing file';
+$hesklang['rdesc']='(Recipient) Description';
+$hesklang['desc_forgot_ticket_id']       = '(Customer) Forgot ticket tracking ID';
+$hesklang['desc_new_reply_by_staff']     = '(Customer) New staff reply';
+$hesklang['desc_new_ticket']             = '(Customer) Ticket received';
+$hesklang['desc_ticket_closed']          = '(Customer) Ticket closed/resolved';
+$hesklang['desc_category_moved']         = '(Staff) Ticket moved to a new category';
+$hesklang['desc_new_reply_by_customer']  = '(Staff) New customer reply';
+$hesklang['desc_new_ticket_staff']       = '(Staff) New ticket submitted';
+$hesklang['desc_ticket_assigned_to_you'] = '(Staff) A ticket was assigned to you';
+$hesklang['desc_new_pm']                 = '(Staff) New private message';
+$hesklang['desc_new_note']               = '(Staff) New note on a ticket assigned to you';
+$hesklang['desc_reset_password']         = '(Staff) Reset your password';
+$hesklang['etfm']='One or more email templates are missing.<br /><br />Make sure you upload all email template files inside your <i>/language/%s/emails</i> folder.';
+$hesklang['etfw']='Some email templates are not writable.<br /><br />
+                    Make sure PHP has permission to write to all files inside your <i>/language/%s/emails</i> folder.<br /><br />
+                    On Unix servers you might need to CHMOD email templates to 666 (rw-rw-rw-)';
+$hesklang['et_e_id']='Missing template ID';
+$hesklang['et_fm']='This email template file is missing';
+$hesklang['et_fw']='This email template file is not writable';
+$hesklang['et_save']='Save email template';
+$hesklang['updated_on']='Updated on';
+$hesklang['ticket_url']='Ticket URL';
+$hesklang['pm_url']='Private message URL';
+$hesklang['et_num']='Number of tickets';
+$hesklang['et_list']='List of support tickets';
+$hesklang['et_empty']='Email template cannot be empty';
+$hesklang['et_saved']='Email template saved';
+$hesklang['source']='Source';
+$hesklang['select_category']='Select a category';
+$hesklang['select_category_text']='What can we help you with?';
+$hesklang['select_category_staff']='Select ticket category';
+$hesklang['scat']='Category select limit';
+$hesklang['scat2']='(a select box will show if category count is higher)';
+$hesklang['new_cf']='New custom field';
+$hesklang['cf_intro']='Use this feature to add custom fields to the Submit a ticket form so you can collect additional data from customers.';
+$hesklang['cf_public']='Public';
+$hesklang['cf_private']='Staff only';
+$hesklang['cf_cust']='For customers';
+$hesklang['cf_all']='All';
+$hesklang['cf_cat']='Selected';
+$hesklang['cf_ctrl']='Tip: hold down CTRL key to select multiple categories';
+$hesklang['visibility']='Visibility';
+$hesklang['cf_save']='Save custom field';
+$hesklang['ex_cf']='Active custom fields';
+$hesklang['no_cf']='No active custom fields';
+$hesklang['del_cf']='Delete this custom field? This will also delete any saved custom field data from the database!';
+$hesklang['cf_e_id']='Invalid ID';
+$hesklang['edit_cf']='Edit custom field';
+$hesklang['cf_deleted']='Custom field deleted';
+$hesklang['cf_not_found']='This custom field does not exist';
+$hesklang['err_custname']='Enter custom field name';
+$hesklang['cf_added']='A new custom field has been added';
+$hesklang['cf_nocat']='Select at least one category for this custom field';
+$hesklang['cf_mdf']='Custom field has been saved';
+$hesklang['opt4']='Options for this checkbox, enter one option per line. Each line will be a choice your customers can choose from, multiple choices are possible.';
+$hesklang['atl1']='Enter at least one option.';
+$hesklang['sch']='Hidden';
+$hesklang['meml3']='Allow multiple emails to be entered';
+$hesklang['dmin']='Minimum accepted date';
+$hesklang['dmax']='Maximum accepted date';
+$hesklang['d_day']='day(s)';
+$hesklang['d_week']='week(s)';
+$hesklang['d_month']='month(s)';
+$hesklang['d_year']='year(s)';
+$hesklang['d_any']='Any date';
+$hesklang['d_fixed']='Fixed date';
+$hesklang['d_relative']='Relative date';
+$hesklang['d_mm']='Minimum date may not be higher than maximum date';
+$hesklang['d_emin']='Minimum date for <i>%s</i> is %s'; // Minimum date for FIELD_NAME is DATE
+$hesklang['d_emax']='Maximum date for <i>%s</i> is %s'; // Maximum date for FIELD_NAME is DATE
+$hesklang['d_format']='Date display format';
+$hesklang['d_custom']='Custom format';
+$hesklang['d_ci']='ADVANCED USERS ONLY: a valid PHP date format, see PHP manual.';
+$hesklang['cf_noe']='Enter a valid email address into <i>%s</i>';
+$hesklang['cf_noem']='Enter one or more valid email addresses into <i>%s</i>';
+$hesklang['cf_limit']='You have 50 active custom fields, no new can be created.';
+$hesklang['can_resolve']='Can resolve tickets';
+$hesklang['can_change_cat']='Change ticket category (to any)';
+$hesklang['can_change_own_cat']='Change ticket category (to allowed)';
+$hesklang['can_submit_any_cat']='Can submit tickets to any category';
+$hesklang['noauth_submit']='You are not authorized to submit tickets to this category!';
+$hesklang['noauth_move']='You are not authorized to move tickets to this category!';
+$hesklang['noauth_resolve']='You are not authorized to resolve tickets!';
+$hesklang['force_ssl']='Force SSL connections';
+$hesklang['d_ssl']='<i>disabled</i> - open this page with https:// to manage this option';
+$hesklang['enn']='Except for tickets from emails if email subject contains:';
+$hesklang['scno']='This status cannot be changed';
+$hesklang['statuses']='Statuses';
+$hesklang['statuses_intro']='Use this tool to add custom ticket statuses to your help desk';
+$hesklang['color']='Color';
+$hesklang['csscl']='CSS class or color';
+$hesklang['clr_view']='Color preview on text';
+$hesklang['cbc']='Changeable by customers';
+$hesklang['ccc']='Can customers change this status?';
+$hesklang['del_status']='Delete this status?';
+$hesklang['ex_status']='Existing statuses';
+$hesklang['status_hesk']='Built-in Statuses (cannot be modified here)';
+$hesklang['status_custom']='Custom Statuses';
+$hesklang['status_custom_none']='No custom statuses. You can add them using the form above.';
+$hesklang['status_save']='Save status';
+$hesklang['list_tkt_status']='List all tickets with this status';
+$hesklang['new_status']='New custom status';
+$hesklang['edit_status']='Edit custom status';
+$hesklang['err_status']='Enter the status name';
+$hesklang['status_added']='A new custom status has been added';
+$hesklang['status_e_id']='Invalid ID';
+$hesklang['status_mdf']='Custom status has been saved';
+$hesklang['status_deleted']='Custom status deleted';
+$hesklang['status_not_found']='This custom status does not exist';
+$hesklang['status_not_empty']='This status cannot be removed because tickets with this status exist';
+$hesklang['status_limit']='You have 100 custom statuses, no new can be created.';
+$hesklang['public_link']='Public link'; // Link to the public KB article in the private KB pages
+$hesklang['frames']='Frames';
+$hesklang['frames2']='Prevent loading HESK in frames on third party domains';
+$hesklang['numsub']='Submitted tickets'; // Will show how many tickets this user submitted
+$hesklang['hidf']='Hidden inputs are not visible to customers on the Submit a ticket form (the value will still be visible on ticket details page if they are set as public). They behave as normal text fields for staff members.';
+$hesklang['rcheck']='Do not select a default option';
+$hesklang['refresh_page']='Refresh this page';
+$hesklang['banemail']='Ban emails';
+$hesklang['banip']='Ban IPs';
+$hesklang['tab_4']='Custom fields';
+$hesklang['del_kba']='Delete this article';
+$hesklang['del_kbaa']='Permanently delete this article';
+$hesklang['hni1']='HESK not installed yet?';
+$hesklang['hni2']='It appears that this help desk has not been properly installed and configured yet.';
+$hesklang['hni3']='To install HESK, follow <a href="docs/">Instructions in the documentation</a>';
+$hesklang['cf']='Cache folder';
+$hesklang['e_cdir']='Hesk will not be able to parse emails or cache results unless the cache folder exists and is writable.';
+$hesklang['step1']='Step 1';
+$hesklang['step2']='Step 2';
+$hesklang['dffs']='When download completes, delete the file from server';
+$hesklang['fd']='Export file deleted from server';
+
 // DO NOT CHANGE BELOW
 if (!defined('IN_SCRIPT')) die('PHP syntax OK!');
diff --git a/print.php b/print.php
index cbe98dad..ebd4b35f 100644
--- a/print.php
+++ b/print.php
@@ -55,6 +55,9 @@ $trackingID = hesk_cleanID('p_track') or die("$hesklang[int_error]: $hesklang[no
 /* Connect to database */
 hesk_dbConnect();
 
+// Load custom fields
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 // Perform additional checks for customers
 if (empty($_SESSION['id'])) {
     // Are we in maintenance mode?
@@ -218,15 +221,17 @@ echo '</tr>';
 $num_cols = 0;
 echo '<tr>';
 foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use']) {
-        if ($modsForHesk_settings['custom_field_setting']) {
-            $v['name'] = $hesklang[$v['name']];
-        }
-
+    if (($v['use'] == 1 || (! empty($_SESSION['id']) && $v['use'] == 2)) && hesk_is_custom_field_in_category($k, $ticket['category'])) {
         if ($num_cols == 3) {
             echo '</tr><tr>';
             $num_cols = 0;
         }
+
+        switch ($v['type']) {
+            case 'date':
+                $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                break;
+        }
         ?>
         <td bgcolor="#EEE"><b><?php echo $v['name']; ?>:</b></td>
         <td bgcolor="#DDD"><?php echo hesk_unhortenUrl($ticket[$k]); ?></td>
@@ -239,11 +244,14 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) {
 echo '</table><br>';
 
 // Print initial ticket message
-$newMessage = hesk_unhortenUrl($ticket['message']);
-if ($ticket['html']) {
-    $newMessage = hesk_html_entity_decode($newMessage);
+if ($ticket['message'] != '') {
+    $newMessage = hesk_unhortenUrl($ticket['message']);
+    if ($ticket['html']) {
+        $newMessage = hesk_html_entity_decode($newMessage);
+    }
+    echo '<p>' . $newMessage . '</p>';
 }
-echo '<p>' . $newMessage . '</p>';
+
 
 // Print replies
 while ($reply = hesk_dbFetchAssoc($res)) {
diff --git a/reply_ticket.php b/reply_ticket.php
index 07829970..20f925b1 100644
--- a/reply_ticket.php
+++ b/reply_ticket.php
@@ -185,17 +185,19 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
 }
 
 // If staff hasn't replied yet, don't change the status; otherwise set it to the status for customer replies.
-$customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
-$defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
-$newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
-$newStatus = hesk_dbFetchAssoc($newStatusRs);
-$defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
-$defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
-
-$ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
+if (hesk_can_customer_change_status($ticket['status'])) {
+    $customerReplyStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsCustomerReplyStatus` = 1';
+    $defaultNewTicketStatusQuery = 'SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsNewTicketStatus` = 1';
+    $newStatusRs = hesk_dbQuery($customerReplyStatusQuery);
+    $newStatus = hesk_dbFetchAssoc($newStatusRs);
+    $defaultNewTicketStatusRs = hesk_dbQuery($defaultNewTicketStatusQuery);
+    $defaultNewTicketStatus = hesk_dbFetchAssoc($defaultNewTicketStatusRs);
+
+    $ticket['status'] = $ticket['status'] == $defaultNewTicketStatus['ID'] ? $defaultNewTicketStatus['ID'] : $newStatus['ID'];
+}
 
 /* Update ticket as necessary */
-$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}' LIMIT 1");
+$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `lastchange`=NOW(), `status`='{$ticket['status']}', `replies`=`replies`+1, `lastreplier`='0' WHERE `id`='{$ticket['id']}'");
 
 // Insert reply into database
 $modsForHesk_settings = mfh_getSettings();
diff --git a/submit_ticket.php b/submit_ticket.php
index 7e6f5e45..0a015ce5 100644
--- a/submit_ticket.php
+++ b/submit_ticket.php
@@ -150,24 +150,46 @@ if ($hesk_settings['secimg_use'] && !isset($_SESSION['img_verified'])) {
 }
 
 $tmpvar['name'] = hesk_input(hesk_POST('name')) or $hesk_error_buffer['name'] = $hesklang['enter_your_name'];
-$tmpvar['email'] = hesk_validateEmail(hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email'] = $hesklang['enter_valid_email'];
+
+$email_available = true;
+
+if ($hesk_settings['require_email']) {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email'];
+} else {
+    $tmpvar['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0);
+
+    // Not required, but must be valid if it is entered
+    if ($tmpvar['email'] == '') {
+        $email_available = false;
+
+        if (strlen(hesk_POST('email'))) {
+            $hesk_error_buffer['email'] = $hesklang['not_valid_email'];
+        }
+
+        // No need to confirm the email
+        $hesk_settings['confirm_email'] = 0;
+        $_POST['email2'] = '';
+        $_SESSION['c_email'] = '';
+        $_SESSION['c_email2'] = '';
+    }
+}
 
 if ($hesk_settings['confirm_email']) {
     $tmpvar['email2'] = hesk_validateEmail(hesk_POST('email2'), 'ERR', 0) or $hesk_error_buffer['email2'] = $hesklang['confemail2'];
 
     // Anything entered as email confirmation?
-    if (strlen($tmpvar['email2'])) {
+    if ($tmpvar['email2'] != '') {
         // Do we have multiple emails?
         if ($hesk_settings['multi_eml']) {
             $tmpvar['email'] = str_replace(';', ',', $tmpvar['email']);
             $tmpvar['email2'] = str_replace(';', ',', $tmpvar['email2']);
 
             if (count(array_diff(explode(',', strtolower($tmpvar['email'])), explode(',', strtolower($tmpvar['email2'])))) == 0) {
-                $_SESSION['c_email2'] = $_POST['email2'];
+                $_SESSION['c_email2'] =  hesk_POST('email2');
             }
         } // Single email address match
         elseif (!$hesk_settings['multi_eml'] && strtolower($tmpvar['email']) == strtolower($tmpvar['email2'])) {
-            $_SESSION['c_email2'] = $_POST['email2'];
+            $_SESSION['c_email2'] =  hesk_POST('email2');
         } else {
             // Invalid match
             $tmpvar['email2'] = '';
@@ -177,7 +199,7 @@ if ($hesk_settings['confirm_email']) {
             $hesk_error_buffer['email2'] = $hesklang['confemaile'];
         }
     } else {
-        $_SESSION['c_email2'] = $_POST['email2'];
+        $_SESSION['c_email2'] =  hesk_POST('email2');
     }
 }
 
@@ -207,8 +229,25 @@ else {
     }
 }
 
-$tmpvar['subject'] = hesk_input(hesk_POST('subject')) or $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
-$tmpvar['message'] = hesk_input(hesk_POST('message')) or $hesk_error_buffer['message'] = $hesklang['enter_message'];;
+if ($hesk_settings['require_subject'] == -1) {
+    $tmpvar['subject'] = '';
+} else {
+    $tmpvar['subject'] = hesk_input( hesk_POST('subject') );
+
+    if ($hesk_settings['require_subject'] == 1 && $tmpvar['subject'] == '') {
+        $hesk_error_buffer['subject'] = $hesklang['enter_ticket_subject'];
+    }
+}
+
+if ($hesk_settings['require_message'] == -1) {
+    $tmpvar['message'] = '';
+} else {
+    $tmpvar['message'] = hesk_input( hesk_POST('message') );
+
+    if ($hesk_settings['require_message'] == 1 && $tmpvar['message'] == '') {
+        $hesk_error_buffer['message'] = $hesklang['enter_message'];
+    }
+}
 
 // Is category a valid choice?
 if ($tmpvar['category']) {
@@ -222,46 +261,72 @@ if ($tmpvar['category']) {
 
 // Custom fields
 $modsForHesk_settings = mfh_getSettings();
-foreach ($hesk_settings['custom_fields'] as $k => $v) {
-    if ($v['use']) {
-        if ($modsForHesk_settings['custom_field_setting']) {
-            $v['name'] = $hesklang[$v['name']];
-        }
-
-        if ($v['type'] == 'checkbox' || $v['type'] == 'multiselect') {
-            $tmpvar[$k] = '';
-
-            if (isset($_POST[$k])) {
-                if (is_array($_POST[$k])) {
-                    foreach ($_POST[$k] as $myCB) {
-                        $tmpvar[$k] .= (is_array($myCB) ? '' : hesk_input($myCB)) . '<br />';;
-                    }
-                    $tmpvar[$k] = substr($tmpvar[$k], 0, -6);
+foreach ($hesk_settings['custom_fields'] as $k=>$v) {
+    if ($v['use']==1 && hesk_is_custom_field_in_category($k, $tmpvar['category'])) {
+        if ($v['type'] == 'checkbox') {
+            $tmpvar[$k]='';
+
+            if (isset($_POST[$k]) && is_array($_POST[$k])) {
+                foreach ($_POST[$k] as $myCB) {
+                    $tmpvar[$k] .= ( is_array($myCB) ? '' : hesk_input($myCB) ) . '<br />';;
                 }
+
+                $tmpvar[$k]=substr($tmpvar[$k],0,-6);
             } else {
                 if ($v['req']) {
-                    $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
                 }
                 $_POST[$k] = '';
             }
 
-            $_SESSION["c_$k"] = hesk_POST_array($k);
-        } elseif ($v['req']) {
-            $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
-            $_SESSION["c_$k"] = hesk_POST($k);
-            if (!strlen($tmpvar[$k])) {
-                $hesk_error_buffer[$k] = $hesklang['fill_all'] . ': ' . $v['name'];
-            }
+            $_SESSION["c_$k"]=hesk_POST_array($k);
+        } elseif ($v['type'] == 'date') {
+            $tmpvar[$k] = hesk_POST($k);
+            $_SESSION["c_$k"] = '';
+
+            if (preg_match("/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/", $tmpvar[$k])) {
+                $date = strtotime($tmpvar[$k] . ' t00:00:00');
+                $dmin = strlen($v['value']['dmin']) ? strtotime($v['value']['dmin'] . ' t00:00:00') : false;
+                $dmax = strlen($v['value']['dmax']) ? strtotime($v['value']['dmax'] . ' t00:00:00') : false;
 
-            if ($v['type'] == 'date') {
-                $tmpvar[$k] = strtotime($_POST[$k]);
+                $_SESSION["c_$k"] = $tmpvar[$k];
+
+                if ($dmin && $dmin > $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emin'], $v['name'], hesk_custom_date_display_format($dmin, $v['value']['date_format']));
+                } elseif ($dmax && $dmax < $date) {
+                    $hesk_error_buffer[$k] = sprintf($hesklang['d_emax'], $v['name'], hesk_custom_date_display_format($dmax, $v['value']['date_format']));
+                } else {
+                    $tmpvar[$k] = $date;
+                }
+            } else {
+                if ($v['req']) {
+                    $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
+                }
             }
-        } else {
-            if ($v['type'] == 'date' && $_POST[$k] != '') {
-                $tmpvar[$k] = strtotime($_POST[$k]);
+        } elseif ($v['type'] == 'email') {
+            $tmp = $hesk_settings['multi_eml'];
+            $hesk_settings['multi_eml'] = $v['value']['multiple'];
+            $tmpvar[$k] = hesk_validateEmail( hesk_POST($k), 'ERR', 0);
+            $hesk_settings['multi_eml'] = $tmp;
+
+            if ($tmpvar[$k] != '') {
+                $_SESSION["c_$k"] = hesk_input($tmpvar[$k]);
             } else {
-                $tmpvar[$k] = hesk_makeURL(nl2br(hesk_input(hesk_POST($k))));
+                $_SESSION["c_$k"] = '';
+
+                if ($v['req']) {
+                    $hesk_error_buffer[$k] = $v['value']['multiple'] ? sprintf($hesklang['cf_noem'], $v['name']) : sprintf($hesklang['cf_noe'], $v['name']);
+                }
+            }
+        } elseif ($v['req']) {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            if ($tmpvar[$k] == '') {
+                $hesk_error_buffer[$k]=$hesklang['fill_all'].': '.$v['name'];
             }
+            $_SESSION["c_$k"]=hesk_POST($k);
+        } else {
+            $tmpvar[$k]=hesk_makeURL(nl2br(hesk_input( hesk_POST($k) )));
+            $_SESSION["c_$k"]=hesk_POST($k);
         }
     } else {
         $tmpvar[$k] = '';
@@ -269,13 +334,13 @@ foreach ($hesk_settings['custom_fields'] as $k => $v) {
 }
 
 // Check bans
-if (!isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
+if ($email_available && ! isset($hesk_error_buffer['email']) && hesk_isBannedEmail($tmpvar['email']) || hesk_isBannedIP($_SERVER['REMOTE_ADDR'])) {
     hesk_error($hesklang['baned_e']);
 }
 
 // Check maximum open tickets limit
 $below_limit = true;
-if ($hesk_settings['max_open'] && !isset($hesk_error_buffer['email'])) {
+if ($email_available && $hesk_settings['max_open'] && ! isset($hesk_error_buffer['email'])) {
     $res = hesk_dbQuery("SELECT COUNT(*) FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `status` IN (SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) AND " . hesk_dbFormatEmail($tmpvar['email']));
     $num = hesk_dbResult($res);
 
@@ -327,7 +392,6 @@ if (count($hesk_error_buffer)) {
 
     $_SESSION['c_name'] = hesk_POST('name');
     $_SESSION['c_email'] = hesk_POST('email');
-    $_SESSION['c_category'] = hesk_POST('category');
     $_SESSION['c_priority'] = hesk_POST('priority');
     $_SESSION['c_subject'] = hesk_POST('subject');
     $_SESSION['c_message'] = hesk_POST('message');
@@ -343,7 +407,7 @@ if (count($hesk_error_buffer)) {
     }
 
     $hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $tmp . '</ul>';
-    hesk_process_messages($hesk_error_buffer, 'index.php?a=add');
+    hesk_process_messages($hesk_error_buffer, 'index.php?a=add&category='.$tmpvar['category']);
 }
 
 if (!$modsForHesk_settings['rich_text_for_tickets_for_customers']) {
@@ -389,7 +453,7 @@ $tmpvar['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
 
 // Should the helpdesk validate emails?
 $createTicket = true;
-if ($modsForHesk_settings['customer_email_verification_required']) {
+if ($modsForHesk_settings['customer_email_verification_required'] && $email_available) {
     $verifiedEmailSql = "SELECT `Email` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "verified_emails` WHERE `Email` = '" . hesk_dbEscape($tmpvar['email']) . "'";
     $verifiedEmailRS = hesk_dbQuery($verifiedEmailSql);
     if ($verifiedEmailRS->num_rows == 0) {
@@ -414,7 +478,7 @@ if ($createTicket) {
     $ticket = hesk_newTicket($tmpvar);
 
     // Notify the customer
-    if ($hesk_settings['notify_new']) {
+    if ($hesk_settings['notify_new'] && $email_available) {
         hesk_notifyCustomer($modsForHesk_settings);
     }
 
@@ -434,7 +498,7 @@ $_SESSION['already_submitted'] = 1;
 
 // Need email to view ticket? If yes, remember it by default
 if ($hesk_settings['email_view_ticket']) {
-    setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
+    hesk_setcookie('hesk_myemail', $tmpvar['email'], strtotime('+1 year'));
 }
 
 // Unset temporary variables
@@ -466,7 +530,8 @@ require_once(HESK_PATH . 'inc/header.inc.php');
 
             $hesklang['ticket_submitted'] . '<br /><br />' .
             $hesklang['ticket_submitted_success'] . ': <b>' . $ticket['trackid'] . '</b><br /><br /> ' .
-            ($hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
+            ( ! $email_available ? $hesklang['write_down'] . '<br /><br />' : '') .
+            ($email_available && $hesk_settings['notify_new'] && $hesk_settings['spam_notice'] ? $hesklang['spam_inbox'] . '<br /><br />' : '') .
             '<a href="' . $hesk_settings['hesk_url'] . '/ticket.php?track=' . $ticket['trackid'] . '">' . $hesklang['view_your_ticket'] . '</a>'
         );
     } else {
diff --git a/suggest_email.php b/suggest_email.php
index ad7cb6c2..f3fa5806 100644
--- a/suggest_email.php
+++ b/suggest_email.php
@@ -48,10 +48,13 @@ header("Pragma: no-cache");
 
 // Get the search query composed of the subject and message
 $address = hesk_REQUEST('e') or die('');
+$email_field = hesk_REQUEST('ef') or die('');
+$display_div = hesk_REQUEST('dd') or die('');
+$pad_div = hesk_REQUEST('pd') ? 1 : 0;
 $div = 1;
 
 // Do we allow multiple emails? If yes, check all
-if ($hesk_settings['multi_eml']) {
+if ($hesk_settings['multi_eml'] || hesk_REQUEST('am')) {
     // Make sure the format is correct
     $address = preg_replace('/\s/', '', $address);
     $address = str_replace(';', ',', $address);
@@ -75,9 +78,9 @@ exit();
 
 function hesk_emailTypoShow($address, $suggest, $div = '')
 {
-    global $hesk_settings, $hesklang;
+    global $hesk_settings, $hesklang, $email_field, $display_div, $pad_div;
     ?>
-    <div id="emailtypo<?php echo $div; ?>" style="display:block">
+    <div id="emailtypo<?php echo $display_div.$div; ?>" style="display:block">
         <table border="0" width="100%">
             <tr>
                 <td width="150">&nbsp;</td>
@@ -85,10 +88,8 @@ function hesk_emailTypoShow($address, $suggest, $div = '')
                     <div class="alert alert-info">
                         <?php echo sprintf($hesklang['didum'], str_replace('@', '@<b>', $suggest . '</b>')); ?>
                         <br/><br/>
-                        <a class="btn btn-default" href="javascript:void();"
-                           onclick="javascript:var eml=document.form1.email.value;document.form1.email.value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['yfix']; ?></a>
-                        <a class="btn btn-default" href="javascript:void();"
-                           onclick="javascript:hesk_toggleLayerDisplay('emailtypo<?php echo $div; ?>');"><?php echo $hesklang['nole']; ?></a>
+                        <a class="btn btn-default" href="javascript:void(0);" onclick="var eml=document.getElementById('<?php echo $email_field; ?>').value;document.getElementById('<?php echo $email_field; ?>').value=eml.replace(/<?php echo preg_quote($address, '/'); ?>/gi, '<?php echo addslashes($suggest); ?>' );document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['yfix']; ?></a>
+                        <a class="btn btn-default" href="javascript:void(0);" onclick="document.getElementById('emailtypo<?php echo $display_div.$div; ?>').style.display='none';"><?php echo $hesklang['nole']; ?></a>
                     </div>
                 </td>
             </tr>
diff --git a/ticket.php b/ticket.php
index e8fce7b8..3542bcc8 100644
--- a/ticket.php
+++ b/ticket.php
@@ -118,6 +118,8 @@ if ($is_form) {
 /* Limit brute force attempts */
 hesk_limitBfAttempts();
 
+require_once(HESK_PATH . 'inc/custom_fields.inc.php');
+
 /* Get ticket info */
 $res = hesk_dbQuery("SELECT `t1`.* , `t2`.name AS `repliername`, `ticketStatus`.`IsClosed` AS `isClosed`, `ticketStatus`.`Key` AS `statusKey`  FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `t1` INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` AS `ticketStatus` ON `t1`.`status` = `ticketStatus`.`ID` LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` AS `t2` ON `t1`.`replierid` = `t2`.`id` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
 
@@ -158,9 +160,9 @@ hesk_cleanBfAttempts();
 /* Remember email address? */
 if ($is_form) {
     if ( strlen($do_remember) ) {
-        setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
+        hesk_setcookie('hesk_myemail', $my_email, strtotime('+1 year'));
     } elseif (isset($_COOKIE['hesk_myemail'])) {
-        setcookie('hesk_myemail', '');
+        hesk_setcookie('hesk_myemail', '');
     }
 }
 
@@ -175,7 +177,7 @@ if ($ticket['lastreplier']) {
 
 // If IP is unknown (tickets via email pipe/pop3 fetching) assume current visitor IP as customer IP
 if ($ticket['ip'] == 'Unknown' || $ticket['ip'] == $hesklang['unknown']) {
-    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']) . " LIMIT 1");
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `ip` = '" . hesk_dbEscape($_SERVER['REMOTE_ADDR']) . "' WHERE `id`=" . intval($ticket['id']));
 }
 
 /* Get category name and ID */
@@ -257,9 +259,15 @@ if (!$show['show']) {
         <div class="blankSpace"></div>
         <div class="table-bordered">
             <div class="row">
-                <div class="col-md-12">
+                <div class="col-md-10">
                     <h2><?php echo $ticket['subject']; ?></h2>
                 </div>
+                <div class="col-md-2 pull-right pad-down-20">
+                    <a href="ticket.php?track=<?php echo $trackingID.$hesk_settings['e_query']; ?>">
+                        <i class="fa fa-refresh"></i>
+                        <?php echo $hesklang['refresh_page']; ?>
+                    </a>
+                </div>
             </div>
             <div class="row">
                 <div class="col-md-3 col-sm-12">
@@ -282,7 +290,8 @@ if (!$show['show']) {
                                 echo '<a href="change_status.php?track=' . $trackingID . $hesk_settings['e_query'] . '&amp;s=3&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '" title="' . $hesklang['close_action'] . '">' . $hesklang['close_action'] . '</a>';
                             }
                         }
-                        ?></p>
+                        ?>
+                    </p>
                 </div>
             </div>
             <div class="row medLowPriority">
@@ -340,7 +349,9 @@ if (!$show['show']) {
         <div class="row ticketMessageContainer">
             <div class="col-md-3 col-xs-12">
                 <div class="ticketName"><?php echo $ticket['name']; ?></div>
-                <div class="ticketEmail"><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a></div>
+                <?php if ($ticket['email'] != '') { ?>
+                    <div class="ticketEmail"><a href="mailto:<?php echo $ticket['email']; ?>"><?php echo $ticket['email']; ?></a></div>
+                <?php } ?>
             </div>
             <div class="col-md-9 col-xs-12 pushMarginLeft">
                 <div class="ticketMessageTop withBorder">
@@ -350,53 +361,53 @@ if (!$show['show']) {
                     <!-- Custom Fields Before Message -->
                     <?php
                     foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                        if ($v['use'] && $v['place'] == 0) {
-                            if ($modsForHesk_settings['custom_field_setting']) {
-                                $v['name'] = $hesklang[$v['name']];
-                            }
-
+                        if ($v['use'] == 1 && $v['place'] == 0 && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                             echo '<p>' . $v['name'] . ': ';
-                            if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                                $dt = date('Y-m-d h:i:s', $ticket[$k]);
-                                echo hesk_dateToString($dt, 0);
-                            } else {
-                                echo $ticket[$k];
+                            switch ($v['type'])
+                            {
+                                case 'email':
+                                    $ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
+                                    break;
+                                case 'date':
+                                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                                    break;
                             }
-                            echo '</p>';
+                            echo $ticket[$k].'</p>';
                         }
                     }
                     ?>
                 </div>
                 <div class="ticketMessageBottom">
-                    <!-- Message -->
-                    <p><b><?php echo $hesklang['message']; ?>:</b></p>
+                    <?php if ($ticket['message'] != '') { ?>
+                        <!-- Message -->
+                        <p><b><?php echo $hesklang['message']; ?>:</b></p>
 
-                    <div class="message">
-                        <?php if ($ticket['html']) {
-                            echo hesk_html_entity_decode($ticket['message']);
-                        } else {
-                            echo $ticket['message'];
-                        }
-                        ?>
-                    </div>
+                        <div class="message">
+                            <?php if ($ticket['html']) {
+                                echo hesk_html_entity_decode($ticket['message']);
+                            } else {
+                                echo $ticket['message'];
+                            }
+                            ?>
+                        </div>
+                    <?php } ?>
                 </div>
                 <div class="ticketMessageTop">
                     <!-- Custom Fields after Message -->
                     <?php
                     foreach ($hesk_settings['custom_fields'] as $k => $v) {
-                        if ($v['use'] && $v['place']) {
-                            if ($modsForHesk_settings['custom_field_setting']) {
-                                $v['name'] = $hesklang[$v['name']];
-                            }
-
+                        if ($v['use'] == 1 && $v['place'] && hesk_is_custom_field_in_category($k, $ticket['category'])) {
                             echo '<p>' . $v['name'] . ': ';
-                            if ($v['type'] == 'date' && !empty($ticket[$k])) {
-                                $dt = date('Y-m-d h:i:s', $ticket[$k]);
-                                echo hesk_dateToString($dt, 0);
-                            } else {
-                                echo $ticket[$k];
+                            switch ($v['type'])
+                            {
+                                case 'email':
+                                    $ticket[$k] = '<a href="mailto:'.$ticket[$k].'">'.$ticket[$k].'</a>';
+                                    break;
+                                case 'date':
+                                    $ticket[$k] = hesk_custom_date_display_format($ticket[$k], $v['value']['date_format']);
+                                    break;
                             }
-                            echo '</p>';
+                            echo $ticket[$k].'</p>';
                         }
                     }
                     /* Attachments */