Support reporting posts

Resolves #43.
2020-11-13 12:32:42 -08:00 · 2020-11-13 12:32:42 -08:00 · 2a6c8c8dc3
commit 2a6c8c8dc3
parent 20dbe42fbe
18 changed files with 628 additions and 264 deletions
--- a/README.md
+++ b/README.md
@ -18,7 +18,8 @@ See [TinyIB Installations](https://gitlab.com/tslocum/tinyib/wikis/Home) for dem
   - A simple, self-hosted implementation is included.
   - [ReCAPTCHA](https://www.google.com/recaptcha/about/) is supported but [not recommended](https://nearcyan.com/you-probably-dont-need-recaptcha/).
 - Reference links. `>>###`
- - Delete post via password.
+ - Delete posts via password.
 - Report posts.
 - Management panel:
   - Administrators and moderators use separate passwords.
     - Moderators are only able to sticky threads, lock threads, delete posts, and approve posts when necessary.  (See ``TINYIB_REQMOD``)
@ -45,7 +46,7 @@ Please consider supporting the continued development of TinyIB.
 ## Install
 1. Verify the following are installed:
-    - [PHP 5.3+](https://php.net)
+    - [PHP 5.5+](https://php.net)
    - [GD Image Processing Library](https://php.net/gd)
      - This library is usually installed by default.
      - If you plan on disabling image uploads to use TinyIB as a text board only, this library is not required.
@ -54,7 +55,7 @@ Please consider supporting the continued development of TinyIB.
    - `git clone https://gitlab.com/tslocum/tinyib.git ./`
 4. Copy **settings.default.php** to **settings.php**
 5. Configure **settings.php**
-    - When setting ``TINYIB_DBMODE`` to ``flatfile``, note that all post and ban data are exposed as the database is composed of standard text files.  Access to ./inc/database/flatfile/ should be denied.
+    - When setting ``TINYIB_DBMODE`` to ``flatfile``, note that all post, report and ban data are exposed as the database is composed of standard text files.  Access to ./inc/database/flatfile/ should be denied.
    - When setting ``TINYIB_DBMODE`` to ``pdo``, note that only the MySQL and PostgreSQL databases drivers have been tested. Theoretically it will work with any applicable driver, but this is not guaranteed.  If you use an alternative driver, please report back.
    - To require moderation before displaying posts:
      - Set ``TINYIB_REQMOD`` to ``files`` to require moderation for posts with files attached.
@ -99,7 +100,7 @@ Please consider supporting the continued development of TinyIB.
    - Otherwise, [download](https://gitlab.com/tslocum/tinyib/-/archive/master/tinyib-master.zip) and extract a zipped archive.
 2. Note which files were modified.
    - If **settings.default.php** was updated, migrate the changes to **settings.php**
-      - Take care to not change the value of **TINYIB_TRIPSEED**, as it would result in different secure tripcodes.
+      - Take care to not change the value of `TINYIB_TRIPSEED`, as it is used to generate secure tripcodes, hash passwords and hash IP addresses.
    - If other files were updated, and you have made changes yourself:
      - Visit [GitLab](https://gitlab.com/tslocum/tinyib) and review the changes made in the update.
      - Ensure the update does not interfere with your changes.
--- a/imgboard.php
+++ b/imgboard.php
@ -40,20 +40,6 @@ if (function_exists('ob_get_level')) {
 	}
 }
 if (version_compare(phpversion(), '5.3.0', '<')) {
 	if (get_magic_quotes_gpc()) {
 		foreach ($_GET as $key => $val) {
 			$_GET[$key] = stripslashes($val);
 		}
 		foreach ($_POST as $key => $val) {
 			$_POST[$key] = stripslashes($val);
 		}
 	}
 	if (get_magic_quotes_runtime()) {
 		set_magic_quotes_runtime(0);
 	}
 }
 function fancyDie($message) {
 	$back = 'Click here to go back';
 	if (function_exists('__')) {
@ -91,7 +77,7 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
 		"parent" integer NOT NULL,
 		"timestamp" integer NOT NULL,
 		"bumped" integer NOT NULL,
-		"ip" varchar(39) NOT NULL,
+		"ip" varchar(255) NOT NULL,
 		"name" varchar(75) NOT NULL,
 		"tripcode" varchar(10) NOT NULL,
 		"email" varchar(75) NOT NULL,
@ -121,20 +107,27 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
 	$bans_sql = 'CREATE TABLE "' . TINYIB_DBBANS . '" (
 		"id" bigserial NOT NULL,
-		"ip" varchar(39) NOT NULL,
+		"ip" varchar(255) NOT NULL,
 		"timestamp" integer NOT NULL,
 		"expire" integer NOT NULL,
 		"reason" text NOT NULL,
 		PRIMARY KEY	("id")
 	);
 	CREATE INDEX ON "' . TINYIB_DBBANS . '"("ip");';
 	$reports_sql = 'CREATE TABLE "' . TINYIB_DBREPORTS . '" (
 		"id" bigserial NOT NULL,
 		"ip" varchar(255) NOT NULL,
 		"post" integer NOT NULL,
 		PRIMARY KEY	("id")
 	);';
 } else {
 	$posts_sql = "CREATE TABLE `" . TINYIB_DBPOSTS . "` (
 		`id` mediumint(7) unsigned NOT NULL auto_increment,
 		`parent` mediumint(7) unsigned NOT NULL,
 		`timestamp` int(20) NOT NULL,
 		`bumped` int(20) NOT NULL,
-		`ip` varchar(39) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
+		`ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
 		`name` varchar(75) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
 		`tripcode` varchar(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
 		`email` varchar(75) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
@ -163,13 +156,20 @@ if (TINYIB_DBMODE == 'pdo' && TINYIB_DBDRIVER == 'pgsql') {
 	$bans_sql = "CREATE TABLE `" . TINYIB_DBBANS . "` (
 		`id` mediumint(7) unsigned NOT NULL auto_increment,
-		`ip` varchar(39) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
+		`ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
 		`timestamp` int(20) NOT NULL,
 		`expire` int(20) NOT NULL,
 		`reason` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
 		PRIMARY KEY	(`id`),
 		KEY `ip` (`ip`)
 	)";
 	$reports_sql = "CREATE TABLE `" . TINYIB_DBREPORTS . "` (
 		`id` mediumint(7) unsigned NOT NULL auto_increment,
 		`ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
 		`post` int(20) NOT NULL,
 		PRIMARY KEY	(`id`)
 	)";
 }
 // Check directories are writable by the script
@ -200,6 +200,8 @@ if (TINYIB_TIMEZONE != '') {
 	date_default_timezone_set(TINYIB_TIMEZONE);
 }
 $bcrypt_salt = '$2y$12$' . str_replace('+', '.', str_pad(substr(base64_encode(TINYIB_TRIPSEED), 0, 22), 22, "="));
 $redirect = true;
 // Check if the request is to make a post
 if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name']) || isset($_POST['email']) || isset($_POST['subject']) || isset($_POST['message']) || isset($_POST['file']) || isset($_POST['embed']) || isset($_POST['password']))) {
@ -256,7 +258,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		}
 	}
 	if ($rawpost || !in_array('password', $hide_fields)) {
-		$post['password'] = ($_POST['password'] != '') ? md5(md5($_POST['password'])) : '';
+		$post['password'] = ($_POST['password'] != '') ? hashData($_POST['password']) : '';
 	}
 	$post['nameblock'] = nameBlock($post['name'], $post['tripcode'], $post['email'], time(), $rawposttext);
@ -389,6 +391,26 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		echo __('Updating index...') . '<br>';
 		rebuildIndexes();
 	}
 // Check if the request is to report a post
 } elseif (isset($_GET['report']) && !isset($_GET['manage'])) {
 	if (!TINYIB_REPORT) {
 		fancyDie(__('Reporting is disabled.'));
 	}
 	$post = postByID($_GET['report']);
 	if (!$post) {
 		fancyDie(__('Sorry, an invalid post identifier was sent. Please go back, refresh the page, and try again.'));
 	}
 	$report = reportByIP($post['id'], $_SERVER['REMOTE_ADDR']);
 	if (!empty($report)) {
 		fancyDie(__('You have already submitted a report for that post.'));
 	}
 	$report = array('ip' => $_SERVER['REMOTE_ADDR'], 'post' => $post['id']);
 	insertReport($report);
 	fancyDie(__('Post reported.'));
 // Check if the request is to delete a post and/or its associated image
 } elseif (isset($_GET['delete']) && !isset($_GET['manage'])) {
 	if (!isset($_POST['delete'])) {
@ -406,8 +428,8 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		if ($loggedin && $_POST['password'] == '') {
 			// Redirect to post moderation page
 			echo '--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=' . basename($_SERVER['PHP_SELF']) . '?manage&moderate=' . $_POST['delete'] . '">';
-		} elseif ($post['password'] != '' && md5(md5($_POST['password'])) == $post['password']) {
+		} elseif ($post['password'] != '' && (hashData($_POST['password']) == $post['password'] || md5(md5($_POST['password'])) == $post['password'])) {
-			deletePostByID($post['id']);
+			deletePost($post['id']);
 			if ($post['parent'] == TINYIB_NEWTHREAD) {
 				threadUpdated($post['id']);
 			} else {
@ -528,10 +550,11 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 		if (isset($_GET['delete'])) {
 			$post = postByID($_GET['delete']);
 			if ($post) {
-				deletePostByID($post['id']);
+				deletePost($post['id']);
-				rebuildIndexes();
+				if ($post['parent'] == TINYIB_NEWTHREAD) {
-				if ($post['parent'] != TINYIB_NEWTHREAD) {
+					threadUpdated($post['id']);
-					rebuildThread($post['parent']);
+				} else {
 					threadUpdated($post['parent']);
 				}
 				$text .= manageInfo(sprintf(__('Post No.%d deleted.'), $post['id']));
 			} else {
@ -594,6 +617,17 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
 			} else {
 				fancyDie(__('Form data was lost. Please go back and try again.'));
 			}
 		} elseif (isset($_GET['clearreports'])) {
 			if ($_GET['clearreports'] > 0) {
 				$post = postByID($_GET['clearreports']);
 				if ($post) {
 					deleteReportsByPost($post['id']);
 					$text .= manageInfo(__('Reports cleared.'));
 				} else {
 					fancyDie(__("Sorry, there doesn't appear to be a post with that ID."));
 				}
 			}
 		} elseif (isset($_GET["rawpost"])) {
 			$onload = manageOnLoad("rawpost");
 			$text .= buildPostForm(0, true);
--- a/inc/database/flatfile.php
+++ b/inc/database/flatfile.php
@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
-// Post Functions
+// Post functions
 function uniquePosts() {
 	return 0; // Unsupported by this database option
 }
@ -26,7 +26,7 @@ function insertPost($newpost) {
 	$post[POST_PARENT] = $newpost['parent'];
 	$post[POST_TIMESTAMP] = time();
 	$post[POST_BUMPED] = time();
-	$post[POST_IP]                  = $newpost['ip'];
+	$post[POST_IP] = hashData($newpost['ip']);
 	$post[POST_NAME] = $newpost['name'];
 	$post[POST_TRIPCODE] = $newpost['tripcode'];
 	$post[POST_EMAIL] = $newpost['email'];
@ -178,23 +178,7 @@ function latestPosts($moderated = true) {
 }
 function deletePostByID($id) {
-	$posts = postsInThreadByID($id, false);
+	$GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $id, INTEGER_COMPARISON));
 	foreach ($posts as $post) {
 		if ($post['id'] != $id) {
 			deletePostImages($post);
 			$GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $post['id'], INTEGER_COMPARISON));
 		} else {
 			$thispost = $post;
 		}
 	}
 	if (isset($thispost)) {
 		if ($thispost['parent'] == 0) {
 			@unlink('res/' . $thispost['id'] . '.html');
 		}
 		deletePostImages($thispost);
 		$GLOBALS['db']->deleteWhere(POSTS_FILE, new SimpleWhereClause(POST_ID, '=', $thispost['id'], INTEGER_COMPARISON));
 	}
 }
 function trimThreads() {
@ -203,24 +187,30 @@ function trimThreads() {
 		if ($numthreads > TINYIB_MAXTHREADS) {
 			$allthreads = allThreads();
 			for ($i = TINYIB_MAXTHREADS; $i < $numthreads; $i++) {
-				deletePostByID($allthreads[$i]['id']);
+				deletePost($allthreads[$i]['id']);
 			}
 		}
 	}
 }
 function lastPostByIP() {
-	$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON), 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
+	$compClause = new OrWhereClause();
 	$compClause->add(new SimpleWhereClause(POST_IP, '=', $_SERVER['REMOTE_ADDR'], STRING_COMPARISON));
 	$compClause->add(new SimpleWhereClause(POST_IP, '=', hashData($_SERVER['REMOTE_ADDR']), STRING_COMPARISON));
 	$rows = $GLOBALS['db']->selectWhere(POSTS_FILE, $compClause, 1, new OrderBy(POST_ID, DESCENDING, INTEGER_COMPARISON));
 	return convertPostsToSQLStyle($rows, true);
 }
-// Ban Functions
+// Ban functions
 function banByID($id) {
 	return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON), 1), true);
 }
 function banByIP($ip) {
-	return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON), 1), true);
+	$compClause = new OrWhereClause();
 	$compClause->add(new SimpleWhereClause(BAN_IP, '=', $ip, STRING_COMPARISON));
 	$compClause->add(new SimpleWhereClause(BAN_IP, '=', hashData($ip), STRING_COMPARISON));
 	return convertBansToSQLStyle($GLOBALS['db']->selectWhere(BANS_FILE, $compClause, 1), true);
 }
 function allBans() {
@ -249,7 +239,7 @@ function convertBansToSQLStyle($bans, $singleban = false) {
 function insertBan($newban) {
 	$ban = array();
 	$ban[BAN_ID] = '0';
-	$ban[BAN_IP] = $newban['ip'];
+	$ban[BAN_IP] = hashData($newban['ip']);
 	$ban[BAN_TIMESTAMP] = time();
 	$ban[BAN_EXPIRE] = $newban['expire'];
 	$ban[BAN_REASON] = $newban['reason'];
@ -271,3 +261,62 @@ function clearExpiredBans() {
 function deleteBanByID($id) {
 	$GLOBALS['db']->deleteWhere(BANS_FILE, new SimpleWhereClause(BAN_ID, '=', $id, INTEGER_COMPARISON));
 }
 // Report functions
 function reportByIP($post, $ip) {
 	$ipClause = new OrWhereClause();
 	$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', $ip, STRING_COMPARISON));
 	$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', hashData($ip), STRING_COMPARISON));
 	$andClause = new AndWhereClause();
 	$andClause->add(new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON));
 	$andClause->add($ipClause);
 	return convertReportsToSQLStyle($GLOBALS['db']->selectWhere(REPORTS_FILE, $andClause, 1), true);
 }
 function reportsByPost($post) {
 	return convertReportsToSQLStyle($GLOBALS['db']->selectWhere(REPORTS_FILE, new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON), 1), true);
 }
 function allReports() {
 	$rows = $GLOBALS['db']->selectWhere(REPORTS_FILE, NULL, -1, new OrderBy(REPORT_POST, ASCENDING, INTEGER_COMPARISON));
 	return convertReportsToSQLStyle($rows);
 }
 function convertReportsToSQLStyle($reports, $singlereport = false) {
 	$newreports = array();
 	foreach ($reports as $oldreport) {
 		$report = array();
 		$report['id'] = $oldreport[REPORT_ID];
 		$report['ip'] = $oldreport[REPORT_IP];
 		$report['post'] = $oldreport[REPORT_POST];
 		if ($singlereport) {
 			return $report;
 		}
 		$newreports[] = $report;
 	}
 	return $newreports;
 }
 function insertReport($newreport) {
 	$report = array();
 	$report[REPORT_ID] = '0';
 	$report[REPORT_IP] = hashData($newreport['ip']);
 	$report[REPORT_POST] = $newreport['post'];
 	$GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
 }
 function deleteReportsByPost($post) {
 	$GLOBALS['db']->deleteWhere(REPORTS_FILE, new SimpleWhereClause(REPORT_POST, '=', $post, INTEGER_COMPARISON));
 }
 function deleteReportsByIP($ip) {
 	$ipClause = new OrWhereClause();
 	$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', $ip, STRING_COMPARISON));
 	$ipClause->add(new SimpleWhereClause(REPORT_IP, '=', hashData($ip), STRING_COMPARISON));
 	$GLOBALS['db']->deleteWhere(REPORTS_FILE, $ipClause);
 }
--- a/inc/database/flatfile_link.php
+++ b/inc/database/flatfile_link.php
@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
-// Post Structure
+// Posts table
 define('POSTS_FILE', '.posts');
 define('POST_ID', 0);
 define('POST_PARENT', 1);
@ -31,7 +31,7 @@ define('POST_STICKIED', 22);
 define('POST_LOCKED', 23);
 define('POST_MODERATED', 24);
-// Ban Structure
+// Bans table
 define('BANS_FILE', '.bans');
 define('BAN_ID', 0);
 define('BAN_IP', 1);
@ -39,6 +39,12 @@ define('BAN_TIMESTAMP', 2);
 define('BAN_EXPIRE', 3);
 define('BAN_REASON', 4);
 // Reports table
 define('REPORTS_FILE', '.reports');
 define('REPORT_ID', 0);
 define('REPORT_IP', 1);
 define('REPORT_POST', 2);
 require_once 'flatfile/flatfile.php';
 $db = new Flatfile();
 $db->datadir = 'inc/database/flatfile/';
@ -87,4 +93,12 @@ if (function_exists('insertPost')) {
 		$ban[BAN_REASON] = $newban['reason'];
 		$GLOBALS['db']->insertWithAutoId(BANS_FILE, BAN_ID, $ban);
 	}
 	function migrateReport($newreport) {
 		$report = array();
 		$report[REPORT_ID] = $newreport['id'];
 		$report[REPORT_IP] = $newreport['ip'];
 		$report[REPORT_POST] = $newreport['post'];
 		$GLOBALS['db']->insertWithAutoId(REPORTS_FILE, REPORT_ID, $report);
 	}
 }
--- a/inc/database/mysql.php
+++ b/inc/database/mysql.php
@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
-// Post Functions
+// Post functions
 function uniquePosts() {
 	$row = mysql_fetch_row(mysql_query("SELECT COUNT(DISTINCT(`ip`)) FROM " . TINYIB_DBPOSTS));
 	return $row[0];
@ -23,7 +23,7 @@ function threadExistsByID($id) {
 }
 function insertPost($post) {
-	mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "',	'" . mysql_real_escape_string($post['email']) . "',	'" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+	mysql_query("INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "',	'" . mysql_real_escape_string($post['email']) . "',	'" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
 	return mysql_insert_id();
 }
@ -107,22 +107,7 @@ function latestPosts($moderated = true) {
 }
 function deletePostByID($id) {
-	$posts = postsInThreadByID($id, false);
+	mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . mysql_real_escape_string($id) . " LIMIT 1");
 	foreach ($posts as $post) {
 		if ($post['id'] != $id) {
 			deletePostImages($post);
 			mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $post['id'] . " LIMIT 1");
 		} else {
 			$thispost = $post;
 		}
 	}
 	if (isset($thispost)) {
 		if ($thispost['parent'] == TINYIB_NEWTHREAD) {
 			@unlink('res/' . $thispost['id'] . '.html');
 		}
 		deletePostImages($thispost);
 		mysql_query("DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $thispost['id'] . " LIMIT 1");
 	}
 }
 function trimThreads() {
@ -130,14 +115,14 @@ function trimThreads() {
 		$result = mysql_query("SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `stickied` DESC, `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
 		if ($result) {
 			while ($post = mysql_fetch_assoc($result)) {
-				deletePostByID($post['id']);
+				deletePost($post['id']);
 			}
 		}
 	}
 }
 function lastPostByIP() {
-	$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY `id` DESC LIMIT 1");
+	$replies = mysql_query("SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysql_real_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY `id` DESC LIMIT 1");
 	if ($replies) {
 		while ($post = mysql_fetch_assoc($replies)) {
 			return $post;
@ -145,7 +130,7 @@ function lastPostByIP() {
 	}
 }
-// Ban Functions
+// Ban functions
 function banByID($id) {
 	$result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `id` = '" . mysql_real_escape_string($id) . "' LIMIT 1");
 	if ($result) {
@ -156,7 +141,7 @@ function banByID($id) {
 }
 function banByIP($ip) {
-	$result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysql_real_escape_string($ip) . "' LIMIT 1");
+	$result = mysql_query("SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysql_real_escape_string($ip) . "' OR `ip` = '" . mysql_real_escape_string(hashData($ip)) . "' LIMIT 1");
 	if ($result) {
 		while ($ban = mysql_fetch_assoc($result)) {
 			return $ban;
@ -176,7 +161,7 @@ function allBans() {
 }
 function insertBan($ban) {
-	mysql_query("INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysql_real_escape_string($ban['ip']) . "', " . time() . ", '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
+	mysql_query("INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysql_real_escape_string(hashData($ban['ip'])) . "', " . time() . ", '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
 	return mysql_insert_id();
 }
@ -192,3 +177,47 @@ function clearExpiredBans() {
 function deleteBanByID($id) {
 	mysql_query("DELETE FROM `" . TINYIB_DBBANS . "` WHERE `id` = " . mysql_real_escape_string($id) . " LIMIT 1");
 }
 // Report functions
 function reportByIP($post, $ip) {
 	$result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysql_real_escape_string($post) . "' AND (`ip` = '" . mysql_real_escape_string($ip) . "' OR `ip` = '" . mysql_real_escape_string(hashData($ip)) . "') LIMIT 1");
 	if ($result) {
 		while ($report = mysql_fetch_assoc($result)) {
 			return $report;
 		}
 	}
 }
 function reportsByPost($post) {
 	$reports = array();
 	$result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysql_real_escape_string($post) . "'");
 	if ($result) {
 		while ($report = mysql_fetch_assoc($result)) {
 			$reports[] = $report;
 		}
 	}
 	return $reports;
 }
 function allReports() {
 	$reports = array();
 	$result = mysql_query("SELECT * FROM `" . TINYIB_DBREPORTS . "` ORDER BY `post` ASC");
 	if ($result) {
 		while ($report = mysql_fetch_assoc($result)) {
 			$reports[] = $report;
 		}
 	}
 	return $reports;
 }
 function insertReport($report) {
 	mysql_query("INSERT INTO `" . TINYIB_DBREPORTS . "` (`ip`, `post`) VALUES ('" . mysql_real_escape_string(hashData($report['ip'])) . "', '" . mysql_real_escape_string($report['post']) . "')");
 }
 function deleteReportsByPost($post) {
 	mysql_query("DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = " . mysql_real_escape_string($post));
 }
 function deleteReportsByIP($ip) {
 	mysql_query("DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `ip` = " . mysql_real_escape_string($ip) . " OR  `ip` = " . mysql_real_escape_string(hashData($ip)));
 }
--- a/inc/database/mysql_link.php
+++ b/inc/database/mysql_link.php
@ -35,12 +35,19 @@ if (mysql_num_rows(mysql_query("SHOW COLUMNS FROM `" . TINYIB_DBPOSTS . "` LIKE
 	mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
 }
 mysql_query("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 mysql_query("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 if (function_exists('insertPost')) {
 	function migratePost($post) {
 		mysql_query("INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . mysql_real_escape_string($post['ip']) . "', '" . mysql_real_escape_string($post['name']) . "', '" . mysql_real_escape_string($post['tripcode']) . "',	'" . mysql_real_escape_string($post['email']) . "',	'" . mysql_real_escape_string($post['nameblock']) . "', '" . mysql_real_escape_string($post['subject']) . "', '" . mysql_real_escape_string($post['message']) . "', '" . mysql_real_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysql_real_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
 	}
 	function migrateBan($ban) {
-		mysql_query("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . mysql_real_escape_string($ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . mysql_real_escape_string($ban['reason']) . "')");
+		mysql_query("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysql_real_escape_string($ban['id']) . "', '" . mysql_real_escape_string($ban['ip']) . "', '" . mysql_real_escape_string($ban['timestamp']) . "', '" . mysql_real_escape_string($ban['expire']) . "', '" . mysql_real_escape_string($ban['reason']) . "')");
 	}
 	function migrateReport($report) {
 		mysql_query("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysql_real_escape_string($report['id']) . "', '" . mysql_real_escape_string($report['ip']) . "', '" . mysql_real_escape_string($report['post']) . "')");
 	}
 }
--- a/inc/database/mysqli.php
+++ b/inc/database/mysqli.php
@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
-// Post Functions
+// Post functions
 function uniquePosts() {
 	global $link;
 	$row = mysqli_fetch_row(mysqli_query($link, "SELECT COUNT(DISTINCT(`ip`)) FROM " . TINYIB_DBPOSTS));
@ -27,7 +27,7 @@ function threadExistsByID($id) {
 function insertPost($post) {
 	global $link;
-	mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "',	'" . mysqli_real_escape_string($link, $post['email']) . "',	'" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
+	mysqli_query($link, "INSERT INTO `" . TINYIB_DBPOSTS . "` (`parent`, `timestamp`, `bumped`, `ip`, `name`, `tripcode`, `email`, `nameblock`, `subject`, `message`, `password`, `file`, `file_hex`, `file_original`, `file_size`, `file_size_formatted`, `image_width`, `image_height`, `thumb`, `thumb_width`, `thumb_height`, `moderated`) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . mysqli_real_escape_string($link, $post['name']) . "', '" . mysqli_real_escape_string($link, $post['tripcode']) . "',	'" . mysqli_real_escape_string($link, $post['email']) . "',	'" . mysqli_real_escape_string($link, $post['nameblock']) . "', '" . mysqli_real_escape_string($link, $post['subject']) . "', '" . mysqli_real_escape_string($link, $post['message']) . "', '" . mysqli_real_escape_string($link, $post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . mysqli_real_escape_string($link, $post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ")");
 	return mysqli_insert_id($link);
 }
@ -122,22 +122,7 @@ function latestPosts($moderated = true) {
 function deletePostByID($id) {
 	global $link;
-	$posts = postsInThreadByID($id, false);
+	mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . mysqli_real_escape_string($link, $id) . " LIMIT 1");
 	foreach ($posts as $post) {
 		if ($post['id'] != $id) {
 			deletePostImages($post);
 			mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $post['id'] . " LIMIT 1");
 		} else {
 			$thispost = $post;
 		}
 	}
 	if (isset($thispost)) {
 		if ($thispost['parent'] == TINYIB_NEWTHREAD) {
 			@unlink('res/' . $thispost['id'] . '.html');
 		}
 		deletePostImages($thispost);
 		mysqli_query($link, "DELETE FROM `" . TINYIB_DBPOSTS . "` WHERE `id` = " . $thispost['id'] . " LIMIT 1");
 	}
 }
 function trimThreads() {
@ -146,7 +131,7 @@ function trimThreads() {
 		$result = mysqli_query($link, "SELECT `id` FROM `" . TINYIB_DBPOSTS . "` WHERE `parent` = 0 AND `moderated` = 1 ORDER BY `stickied` DESC, `bumped` DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
 		if ($result) {
 			while ($post = mysqli_fetch_assoc($result)) {
-				deletePostByID($post['id']);
+				deletePost($post['id']);
 			}
 		}
 	}
@ -154,7 +139,7 @@ function trimThreads() {
 function lastPostByIP() {
 	global $link;
-	$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY `id` DESC LIMIT 1");
+	$replies = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBPOSTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' OR `ip` = '" . mysqli_real_escape_string($link, $_SERVER['REMOTE_ADDR']) . "' ORDER BY `id` DESC LIMIT 1");
 	if ($replies) {
 		while ($post = mysqli_fetch_assoc($replies)) {
 			return $post;
@ -162,7 +147,7 @@ function lastPostByIP() {
 	}
 }
-// Ban Functions
+// Ban functions
 function banByID($id) {
 	global $link;
 	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `id` = '" . mysqli_real_escape_string($link, $id) . "' LIMIT 1");
@ -175,7 +160,7 @@ function banByID($id) {
 function banByIP($ip) {
 	global $link;
-	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' LIMIT 1");
+	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBBANS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "' LIMIT 1");
 	if ($result) {
 		while ($ban = mysqli_fetch_assoc($result)) {
 			return $ban;
@ -197,7 +182,7 @@ function allBans() {
 function insertBan($ban) {
 	global $link;
-	mysqli_query($link, "INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . time() . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
+	mysqli_query($link, "INSERT INTO `" . TINYIB_DBBANS . "` (`ip`, `timestamp`, `expire`, `reason`) VALUES ('" . mysqli_real_escape_string($link, hashData($ban['ip'])) . "', '" . time() . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
 	return mysqli_insert_id($link);
 }
@ -216,6 +201,57 @@ function deleteBanByID($id) {
 	mysqli_query($link, "DELETE FROM `" . TINYIB_DBBANS . "` WHERE `id` = " . mysqli_real_escape_string($link, $id) . " LIMIT 1");
 }
 // Report functions
 function reportByIP($post, $ip) {
 	global $link;
 	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "' AND (`ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "') LIMIT 1");
 	if ($result) {
 		while ($report = mysqli_fetch_assoc($result)) {
 			return $report;
 		}
 	}
 }
 function reportsByPost($post) {
 	global $link;
 	$reports = array();
 	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "'");
 	if ($result) {
 		while ($report = mysqli_fetch_assoc($result)) {
 			$reports[] = $report;
 		}
 	}
 	return $reports;
 }
 function allReports() {
 	global $link;
 	$reports = array();
 	$result = mysqli_query($link, "SELECT * FROM `" . TINYIB_DBREPORTS . "` ORDER BY `post` ASC");
 	if ($result) {
 		while ($report = mysqli_fetch_assoc($result)) {
 			$reports[] = $report;
 		}
 	}
 	return $reports;
 }
 function insertReport($report) {
 	global $link;
 	mysqli_query($link, "INSERT INTO `" . TINYIB_DBREPORTS . "` (`ip`, `post`) VALUES ('" . mysqli_real_escape_string($link, hashData($report['ip'])) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
 }
 function deleteReportsByPost($post) {
 	global $link;
 	mysqli_query($link, "DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `post` = '" . mysqli_real_escape_string($link, $post) . "'");
 }
 function deleteReportsByIP($ip) {
 	global $link;
 	mysqli_query($link, "DELETE FROM `" . TINYIB_DBREPORTS . "` WHERE `ip` = '" . mysqli_real_escape_string($link, $ip) . "' OR `ip` = '" . mysqli_real_escape_string($link, hashData($ip)) . "'");
 }
 // Utility functions
 function mysqli_result($res, $row, $field = 0) {
 	$res->data_seek($row);
 	$datarow = $res->fetch_array();
--- a/inc/database/mysqli_link.php
+++ b/inc/database/mysqli_link.php
@ -35,6 +35,9 @@ if (mysqli_num_rows(mysqli_query($link, "SHOW COLUMNS FROM `" . TINYIB_DBPOSTS .
 	mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
 }
 mysqli_query($link, "ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 mysqli_query($link, "ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 if (function_exists('insertPost')) {
 	function migratePost($post) {
 		global $link;
@ -43,6 +46,11 @@ if (function_exists('insertPost')) {
 	function migrateBan($ban) {
 		global $link;
-		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
+		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . mysqli_real_escape_string($link, $ban['id']) . "', '" . mysqli_real_escape_string($link, $ban['ip']) . "', '" . mysqli_real_escape_string($link, $ban['timestamp']) . "', '" . mysqli_real_escape_string($link, $ban['expire']) . "', '" . mysqli_real_escape_string($link, $ban['reason']) . "')");
 	}
 	function migrateReport($report) {
 		global $link;
 		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . mysqli_real_escape_string($link, $report['id']) . "', '" . mysqli_real_escape_string($link, $report['ip']) . "', '" . mysqli_real_escape_string($link, $report['post']) . "')");
 	}
 }
--- a/inc/database/pdo.php
+++ b/inc/database/pdo.php
@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
-// Post Functions
+// Post functions
 function uniquePosts() {
 	$result = pdoQuery("SELECT COUNT(DISTINCT(ip)) FROM " . TINYIB_DBPOSTS);
 	return (int)$result->fetchColumn();
@ -26,7 +26,7 @@ function insertPost($post) {
 	$now = time();
 	$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email,   nameblock, subject, message, password,   file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated) " .
 		" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
-	$stm->execute(array($post['parent'], $now, $now, $_SERVER['REMOTE_ADDR'], $post['name'], $post['tripcode'], $post['email'],
+	$stm->execute(array($post['parent'], $now, $now, hashData($_SERVER['REMOTE_ADDR']), $post['name'], $post['tripcode'], $post['email'],
 		$post['nameblock'], $post['subject'], $post['message'], $post['password'],
 		$post['file'], $post['file_hex'], $post['file_original'], $post['file_size'], $post['file_size_formatted'],
 		$post['image_width'], $post['image_height'], $post['thumb'], $post['thumb_width'], $post['thumb_height'], $post['moderated']));
@ -108,22 +108,7 @@ function latestPosts($moderated = true) {
 }
 function deletePostByID($id) {
 	$posts = postsInThreadByID($id, false);
 	foreach ($posts as $post) {
 		if ($post['id'] != $id) {
 			deletePostImages($post);
 	pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($id));
 		} else {
 			$thispost = $post;
 		}
 	}
 	if (isset($thispost)) {
 		if ($thispost['parent'] == TINYIB_NEWTHREAD) {
 			@unlink('res/' . $thispost['id'] . '.html');
 		}
 		deletePostImages($thispost);
 		pdoQuery("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = ?", array($thispost['id']));
 	}
 }
 function trimThreads() {
@ -137,7 +122,7 @@ function trimThreads() {
 		MSSQL: WITH ts AS (SELECT ROWNUMBER() OVER (ORDER BY bumped) AS 'rownum', * FROM $table) SELECT id FROM ts WHERE rownum >= $limit
 		*/
 		foreach ($results as $post) {
-			deletePostByID($post['id']);
+			deletePost($post['id']);
 		}
 	}
 }
@ -147,14 +132,14 @@ function lastPostByIP() {
 	return $result->fetch(PDO::FETCH_ASSOC);
 }
-// Ban Functions
+// Ban functions
 function banByID($id) {
 	$result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE id = ?", array($id));
 	return $result->fetch(PDO::FETCH_ASSOC);
 }
 function banByIP($ip) {
-	$result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = ? LIMIT 1", array($ip));
+	$result = pdoQuery("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = ? OR ip = ? LIMIT 1", array($ip, hashData($ip)));
 	return $result->fetch(PDO::FETCH_ASSOC);
 }
@ -171,7 +156,7 @@ function insertBan($ban) {
 	global $dbh;
 	$now = time();
 	$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES (?, ?, ?, ?)");
-	$stm->execute(array($ban['ip'], $now, $ban['expire'], $ban['reason']));
+	$stm->execute(array(hashData($ban['ip']), $now, $ban['expire'], $ban['reason']));
 	return $dbh->lastInsertId();
 }
@ -183,3 +168,41 @@ function clearExpiredBans() {
 function deleteBanByID($id) {
 	pdoQuery("DELETE FROM " . TINYIB_DBBANS . " WHERE id = ?", array($id));
 }
 // Report functions
 function reportByIP($post, $ip) {
 	$result = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = ? AND (ip = ? OR ip = ?) LIMIT 1", array($post, $ip, hashData($ip)));
 	return $result->fetch(PDO::FETCH_ASSOC);
 }
 function reportsByPost($post) {
 	$reports = array();
 	$results = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = ?", array($post));
 	while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
 		$reports[] = $row;
 	}
 	return $reports;
 }
 function allReports() {
 	$reports = array();
 	$results = pdoQuery("SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC");
 	while ($row = $results->fetch(PDO::FETCH_ASSOC)) {
 		$reports[] = $row;
 	}
 	return $reports;
 }
 function insertReport($report) {
 	global $dbh;
 	$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES (?, ?)");
 	$stm->execute(array(hashData($report['ip']), $report['post']));
 }
 function deleteReportsByPost($post) {
 	pdoQuery("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = ?", array($post));
 }
 function deleteReportsByIP($ip) {
 	pdoQuery("DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = ? OR ip = ?", array($ip, hashData($ip)));
 }
--- a/inc/database/pdo_link.php
+++ b/inc/database/pdo_link.php
@ -89,6 +89,14 @@ if (!$locked_exists) {
 	$dbh->exec("ALTER TABLE `" . TINYIB_DBPOSTS . "` ADD COLUMN locked TINYINT(1) NOT NULL DEFAULT '0'");
 }
 if (TINYIB_DBDRIVER === 'pgsql') {
 	$dbh->query("ALTER TABLE `" . TINYIB_DBPOSTS . "` ALTER COLUMN ip VARCHAR(255) NOT NULL DEFAULT ''");
 	$dbh->query("ALTER TABLE `" . TINYIB_DBBANS . "` ALTER COLUMN ip VARCHAR(255) NOT NULL DEFAULT ''");
 } else {
 	$dbh->query("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 	$dbh->query("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 }
 function pdoQuery($sql, $params = false) {
 	global $dbh;
@ -118,4 +126,10 @@ if (function_exists('insertPost')) {
 		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (?, ?, ?, ?, ?)");
 		$stm->execute(array($ban['id'], $ban['ip'], $ban['timestamp'], $ban['expire'], $ban['reason']));
 	}
 	function migrateReport($report) {
 		global $dbh;
 		$stm = $dbh->prepare("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES (?, ?, ?)");
 		$stm->execute(array($report['id'], $report['ip'], $report['post']));
 	}
 }
--- a/inc/database/sqlite.php
+++ b/inc/database/sqlite.php
@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
-// Post Functions
+// Post functions
 function uniquePosts() {
 	return sqlite_fetch_single(sqlite_query($GLOBALS["db"], "SELECT COUNT(ip) FROM (SELECT DISTINCT ip FROM " . TINYIB_DBPOSTS . ")"));
 }
@ -20,7 +20,7 @@ function threadExistsByID($id) {
 }
 function insertPost($post) {
-	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "',	'" . sqlite_escape_string($post['email']) . "',	'" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "',	'" . sqlite_escape_string($post['email']) . "',	'" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
 	return sqlite_last_insert_rowid($GLOBALS["db"]);
 }
@ -96,41 +96,26 @@ function latestPosts($moderated = true) {
 }
 function deletePostByID($id) {
-	$posts = postsInThreadByID($id, false);
+	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . sqlite_escape_string($id));
 	foreach ($posts as $post) {
 		if ($post['id'] != $id) {
 			deletePostImages($post);
 			sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $post['id']);
 		} else {
 			$thispost = $post;
 		}
 	}
 	if (isset($thispost)) {
 		if ($thispost['parent'] == TINYIB_NEWTHREAD) {
 			@unlink('res/' . $thispost['id'] . '.html');
 		}
 		deletePostImages($thispost);
 		sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $thispost['id']);
 	}
 }
 function trimThreads() {
 	if (TINYIB_MAXTHREADS > 0) {
 		$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY stickied DESC, bumped DESC LIMIT " . TINYIB_MAXTHREADS . ", 10"), SQLITE_ASSOC);
 		foreach ($result as $post) {
-			deletePostByID($post['id']);
+			deletePost($post['id']);
 		}
 	}
 }
 function lastPostByIP() {
-	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
+	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . sqlite_escape_string($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . sqlite_escape_string(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1"), SQLITE_ASSOC);
 	foreach ($result as $post) {
 		return $post;
 	}
 }
-// Ban Functions
+// Ban functions
 function banByID($id) {
 	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE id = '" . sqlite_escape_string($id) . "' LIMIT 1"), SQLITE_ASSOC);
 	foreach ($result as $ban) {
@ -139,7 +124,7 @@ function banByID($id) {
 }
 function banByIP($ip) {
-	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . sqlite_escape_string($ip) . "' LIMIT 1"), SQLITE_ASSOC);
+	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "' LIMIT 1"), SQLITE_ASSOC);
 	foreach ($result as $ban) {
 		return $ban;
 	}
@ -155,7 +140,7 @@ function allBans() {
 }
 function insertBan($ban) {
-	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . sqlite_escape_string($ban['ip']) . "', " . time() . ", '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
+	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . sqlite_escape_string(hashData($ban['ip'])) . "', " . time() . ", '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
 	return sqlite_last_insert_rowid($GLOBALS["db"]);
 }
@ -169,3 +154,41 @@ function clearExpiredBans() {
 function deleteBanByID($id) {
 	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . sqlite_escape_string($id));
 }
 // Report functions
 function reportByIP($post, $ip) {
 	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "' AND (ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "') LIMIT 1"), SQLITE_ASSOC);
 	foreach ($result as $report) {
 		return $report;
 	}
 }
 function reportByPost($post) {
 	$reports = array();
 	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . sqlite_escape_string($post) . "'"), SQLITE_ASSOC);
 	foreach ($result as $report) {
 		$reports[] = $report;
 	}
 	return $reports;
 }
 function allReports() {
 	$reports = array();
 	$result = sqlite_fetch_all(sqlite_query($GLOBALS["db"], "SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC"), SQLITE_ASSOC);
 	foreach ($result as $report) {
 		$reports[] = $report;
 	}
 	return $reports;
 }
 function insertReport($report) {
 	sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES ('" . sqlite_escape_string(hashData($report['ip'])) . "', '" . sqlite_escape_string($report['post']) . "')");
 }
 function deleteReportsByPost($post) {
 	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . sqlite_escape_string($post));
 }
 function deleteReportsByIP($ip) {
 	sqlite_query($GLOBALS["db"], "DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = '" . sqlite_escape_string($ip) . "' OR ip = '" . sqlite_escape_string(hashData($ip)) . "'");
 }
--- a/inc/database/sqlite3.php
+++ b/inc/database/sqlite3.php
@ -3,7 +3,7 @@ if (!defined('TINYIB_BOARD')) {
 	die('');
 }
-// Post Functions
+// Post functions
 function uniquePosts() {
 	global $db;
 	return $db->querySingle("SELECT COUNT(ip) FROM (SELECT DISTINCT ip FROM " . TINYIB_DBPOSTS . ")");
@ -24,7 +24,7 @@ function threadExistsByID($id) {
 function insertPost($post) {
 	global $db;
-	$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . $_SERVER['REMOTE_ADDR'] . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "',	'" . $db->escapeString($post['email']) . "',	'" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
+	$db->exec("INSERT INTO " . TINYIB_DBPOSTS . " (parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height) VALUES (" . $post['parent'] . ", " . time() . ", " . time() . ", '" . hashData($_SERVER['REMOTE_ADDR']) . "', '" . $db->escapeString($post['name']) . "', '" . $db->escapeString($post['tripcode']) . "',	'" . $db->escapeString($post['email']) . "',	'" . $db->escapeString($post['nameblock']) . "', '" . $db->escapeString($post['subject']) . "', '" . $db->escapeString($post['message']) . "', '" . $db->escapeString($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . $db->escapeString($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ")");
 	return $db->lastInsertRowID();
 }
@ -111,22 +111,7 @@ function latestPosts($moderated = true) {
 function deletePostByID($id) {
 	global $db;
-	$posts = postsInThreadByID($id, false);
+	$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $db->escapeString($id));
 	foreach ($posts as $post) {
 		if ($post['id'] != $id) {
 			deletePostImages($post);
 			$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $post['id']);
 		} else {
 			$thispost = $post;
 		}
 	}
 	if (isset($thispost)) {
 		if ($thispost['parent'] == TINYIB_NEWTHREAD) {
 			@unlink('res/' . $thispost['id'] . '.html');
 		}
 		deletePostImages($thispost);
 		$db->exec("DELETE FROM " . TINYIB_DBPOSTS . " WHERE id = " . $thispost['id']);
 	}
 }
 function trimThreads() {
@ -134,20 +119,20 @@ function trimThreads() {
 	if (TINYIB_MAXTHREADS > 0) {
 		$result = $db->query("SELECT id FROM " . TINYIB_DBPOSTS . " WHERE parent = 0 ORDER BY stickied DESC, bumped DESC LIMIT " . TINYIB_MAXTHREADS . ", 10");
 		while ($post = $result->fetchArray()) {
-			deletePostByID($post['id']);
+			deletePost($post['id']);
 		}
 	}
 }
 function lastPostByIP() {
 	global $db;
-	$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' ORDER BY id DESC LIMIT 1");
+	$result = $db->query("SELECT * FROM " . TINYIB_DBPOSTS . " WHERE ip = '" . $db->escapeString($_SERVER['REMOTE_ADDR']) . "' OR ip = '" . $db->escapeString(hashData($_SERVER['REMOTE_ADDR'])) . "' ORDER BY id DESC LIMIT 1");
 	while ($post = $result->fetchArray()) {
 		return $post;
 	}
 }
-// Ban Functions
+// Ban functions
 function banByID($id) {
 	global $db;
 	$result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE id = '" . $db->escapeString($id) . "' LIMIT 1");
@ -158,7 +143,7 @@ function banByID($id) {
 function banByIP($ip) {
 	global $db;
-	$result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . $db->escapeString($ip) . "' LIMIT 1");
+	$result = $db->query("SELECT * FROM " . TINYIB_DBBANS . " WHERE ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "' LIMIT 1");
 	while ($ban = $result->fetchArray()) {
 		return $ban;
 	}
@ -176,7 +161,7 @@ function allBans() {
 function insertBan($ban) {
 	global $db;
-	$db->exec("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . $db->escapeString($ban['ip']) . "', " . time() . ", '" . $db->escapeString($ban['expire']) . "', '" . $db->escapeString($ban['reason']) . "')");
+	$db->exec("INSERT INTO " . TINYIB_DBBANS . " (ip, timestamp, expire, reason) VALUES ('" . $db->escapeString(hashData($ban['ip'])) . "', " . time() . ", '" . $db->escapeString($ban['expire']) . "', '" . $db->escapeString($ban['reason']) . "')");
 	return $db->lastInsertRowID();
 }
@ -192,3 +177,47 @@ function deleteBanByID($id) {
 	global $db;
 	$db->exec("DELETE FROM " . TINYIB_DBBANS . " WHERE id = " . $db->escapeString($id));
 }
 // Report functions
 function reportByIP($post, $ip) {
 	global $db;
 	$result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "' AND (ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "') LIMIT 1");
 	while ($report = $result->fetchArray()) {
 		return $report;
 	}
 }
 function reportsByPost($post) {
 	global $db;
 	$reports = array();
 	$result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " WHERE post = '" . $db->escapeString($post) . "'");
 	while ($report = $result->fetchArray()) {
 		$reports[] = $report;
 	}
 	return $reports;
 }
 function allReports() {
 	global $db;
 	$reports = array();
 	$result = $db->query("SELECT * FROM " . TINYIB_DBREPORTS . " ORDER BY post ASC");
 	while ($report = $result->fetchArray()) {
 		$reports[] = $report;
 	}
 	return $reports;
 }
 function insertReport($report) {
 	global $db;
 	$db->exec("INSERT INTO " . TINYIB_DBREPORTS . " (ip, post) VALUES ('" . $db->escapeString(hashData($report['ip'])) . "', '" . $db->escapeString($report['post']) . "')");
 }
 function deleteReportsByPost($post) {
 	global $db;
 	$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE post = " . $db->escapeString($post));
 }
 function deleteReportsByIP($ip) {
 	global $db;
 	$db->exec("DELETE FROM " . TINYIB_DBREPORTS . " WHERE ip = '" . $db->escapeString($ip) . "' OR ip = '" . $db->escapeString(hashData($ip)) . "'");
 }
--- a/inc/database/sqlite3_link.php
+++ b/inc/database/sqlite3_link.php
@ -65,6 +65,9 @@ if (!$result->fetchArray()) {
 // Add locked column if it isn't present
@$db->exec("ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN locked INTEGER NOT NULL DEFAULT '0'");
@$db->exec("ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
@$db->exec("ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 if (function_exists('insertPost')) {
 	function migratePost($post) {
 		global $db;
@ -73,6 +76,11 @@ if (function_exists('insertPost')) {
 	function migrateBan($ban) {
 		global $db;
-		$db->exec("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . ", '" . $db->escapeString($ban['ip']) . "', " . $ban['timestamp'] . ", " . $ban['expire'] . ", '" . $db->escapeString($ban['reason']) . "')");
+		$db->exec("INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $db->escapeString($ban['id']) . ", '" . $db->escapeString($ban['ip']) . "', " . $db->escapeString($ban['timestamp']) . ", " . $db->escapeString($ban['expire']) . ", '" . $db->escapeString($ban['reason']) . "')");
 	}
 	function migrateReport($report) {
 		global $db;
 		$db->exec("INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . $db->escapeString($report['id']) . "', '" . $db->escapeString($report['ip']) . "', '" . $db->escapeString($report['post']) . "')");
 	}
 }
--- a/inc/database/sqlite_link.php
+++ b/inc/database/sqlite_link.php
@ -64,12 +64,19 @@ sqlite_query($db, "ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN stickied INTEGE
 // Add locked column if it isn't present
 sqlite_query($db, "ALTER TABLE " . TINYIB_DBPOSTS . " ADD COLUMN locked INTEGER NOT NULL DEFAULT '0'");
 sqlite_query($db, "ALTER TABLE `" . TINYIB_DBPOSTS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 sqlite_query($db, "ALTER TABLE `" . TINYIB_DBBANS . "` MODIFY ip VARCHAR(255) NOT NULL DEFAULT ''");
 if (function_exists('insertPost')) {
 	function migratePost($post) {
 		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBPOSTS . " (id, parent, timestamp, bumped, ip, name, tripcode, email, nameblock, subject, message, password, file, file_hex, file_original, file_size, file_size_formatted, image_width, image_height, thumb, thumb_width, thumb_height, moderated, stickied, locked) VALUES (" . $post['id'] . ", " . $post['parent'] . ", " . $post['timestamp'] . ", " . $post['bumped'] . ", '" . sqlite_escape_string($post['ip']) . "', '" . sqlite_escape_string($post['name']) . "', '" . sqlite_escape_string($post['tripcode']) . "',	'" . sqlite_escape_string($post['email']) . "',	'" . sqlite_escape_string($post['nameblock']) . "', '" . sqlite_escape_string($post['subject']) . "', '" . sqlite_escape_string($post['message']) . "', '" . sqlite_escape_string($post['password']) . "', '" . $post['file'] . "', '" . $post['file_hex'] . "', '" . sqlite_escape_string($post['file_original']) . "', " . $post['file_size'] . ", '" . $post['file_size_formatted'] . "', " . $post['image_width'] . ", " . $post['image_height'] . ", '" . $post['thumb'] . "', " . $post['thumb_width'] . ", " . $post['thumb_height'] . ", " . $post['moderated'] . ", " . $post['stickied'] . ", " . $post['locked'] . ")");
 	}
 	function migrateBan($ban) {
-		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . $ban['id'] . "', '" . sqlite_escape_string($ban['ip']) . "', '" . $ban['timestamp'] . "', '" . $ban['expire'] . "', '" . sqlite_escape_string($ban['reason']) . "')");
+		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBBANS . " (id, ip, timestamp, expire, reason) VALUES (" . sqlite_escape_string($ban['id']) . "', '" . sqlite_escape_string($ban['ip']) . "', '" . sqlite_escape_string($ban['timestamp']) . "', '" . sqlite_escape_string($ban['expire']) . "', '" . sqlite_escape_string($ban['reason']) . "')");
 	}
 	function migrateReport($report) {
 		sqlite_query($GLOBALS["db"], "INSERT INTO " . TINYIB_DBREPORTS . " (id, ip, post) VALUES ('" . sqlite_escape_string($report['id']) . "', '" . sqlite_escape_string($report['ip']) . "', '" . sqlite_escape_string($report['post']) . "')");
 	}
 }
--- a/inc/defines.php
+++ b/inc/defines.php
@ -40,6 +40,9 @@ if (!defined('TINYIB_CAPTCHA')) {
 if (!defined('TINYIB_MANAGECAPTCHA')) {
 	define('TINYIB_MANAGECAPTCHA', '');
 }
 if (!defined('TINYIB_REPORT')) {
 	define('TINYIB_REPORT', '');
 }
 if (!defined('TINYIB_REQMOD')) {
 	define('TINYIB_REQMOD', '');
 }
@ -64,6 +67,9 @@ if (!defined('TINYIB_DATEFMT')) {
 if (!defined('TINYIB_DBMIGRATE')) {
 	define('TINYIB_DBMIGRATE', false);
 }
 if (!defined('TINYIB_DBREPORTS')) {
 	define('TINYIB_DBREPORTS', TINYIB_BOARD . '_reports');
 }
 if (!defined('TINYIB_DBPORT')) {
 	define('TINYIB_DBPORT', 3306);
 }
--- a/inc/functions.php
+++ b/inc/functions.php
@ -11,6 +11,14 @@ if (!function_exists('array_column')) {
 	}
 }
 function hashData($data) {
 	global $bcrypt_salt;
 	if (substr($data, 0, 4) == '$2y$') {
 		return $data;
 	}
 	return crypt($data, $bcrypt_salt);
 }
 function cleanString($string) {
 	$search = array("&", "<", ">");
 	$replace = array("&amp;", "&lt;", "&gt;");
@ -196,6 +204,30 @@ function deletePostImages($post) {
 	}
 }
 function deletePost($id) {
 	$id = intval($id);
 	$posts = postsInThreadByID($id, false);
 	$op = array();
 	foreach ($posts as $post) {
 		if ($post['parent'] == TINYIB_NEWTHREAD) {
 			$op = $post;
 			continue;
 		}
 		deletePostImages($post);
 		deleteReportsByPost($post['id']);
 		deletePostByID($post['id']);
 	}
 	if (!empty($op)) {
 		deletePostImages($op);
 		deleteReportsByPost($op['id']);
 		deletePostByID($op['id']);
 	}
 	@unlink('res/' . $id . '.html');
 }
 function checkCAPTCHA($mode) {
 	if ($mode === 'recaptcha') {
 		require_once 'inc/recaptcha/autoload.php';
@ -277,19 +309,19 @@ function manageCheckLogIn() {
 		checkCAPTCHA(TINYIB_MANAGECAPTCHA);
 		if ($_POST['managepassword'] === TINYIB_ADMINPASS) {
-			$_SESSION['tinyib'] = TINYIB_ADMINPASS;
+			$_SESSION['tinyib'] = hashData(TINYIB_ADMINPASS);
 		} elseif (TINYIB_MODPASS != '' && $_POST['managepassword'] === TINYIB_MODPASS) {
-			$_SESSION['tinyib'] = TINYIB_MODPASS;
+			$_SESSION['tinyib'] = hashData(TINYIB_MODPASS);
 		} else {
 			fancyDie(__('Invalid password.'));
 		}
 	}
 	if (isset($_SESSION['tinyib'])) {
-		if ($_SESSION['tinyib'] === TINYIB_ADMINPASS) {
+		if ($_SESSION['tinyib'] === hashData(TINYIB_ADMINPASS)) {
 			$loggedin = true;
 			$isadmin = true;
-		} elseif (TINYIB_MODPASS != '' && $_SESSION['tinyib'] === TINYIB_MODPASS) {
+		} elseif (TINYIB_MODPASS != '' && $_SESSION['tinyib'] === hashData(TINYIB_MODPASS)) {
 			$loggedin = true;
 		}
 	}
--- a/inc/html.php
+++ b/inc/html.php
@ -466,6 +466,10 @@ EOF;
 		$return .= $filehtml;
 	}
 	if (TINYIB_REPORT) {
 		$return .= "&nbsp;[<a href=\"imgboard.php?report=${post["id"]}\">" . __("Report") . "</a>]";
 	}
 	if ($post['parent'] == TINYIB_NEWTHREAD && $res == TINYIB_INDEXPAGE) {
 		$return .= "&nbsp;[<a href=\"res/${post["id"]}.html\">" . __("Reply") . "</a>]";
 	}
@ -680,12 +684,16 @@ function rebuildIndexes() {
 function rebuildThread($id) {
 	$id = intval($id);
 	$htmlposts = "";
 	$posts = postsInThreadByID($id);
 	if (count($posts) == 0) {
 		@unlink('res/' . $id . '.html');
 		return;
 	}
 	$htmlposts = "";
 	foreach ($posts as $post) {
 		$htmlposts .= buildPost($post, TINYIB_RESPAGE);
 	}
 	$htmlposts .= "\n<hr>";
 	writePage('res/' . $id . '.html', fixLinksInRes(buildPage($htmlposts, $id)));
@ -924,6 +932,24 @@ EOF;
 		$txt_delete = __('Delete post');
 	}
 	$txt_ban = __('Ban poster');
 	$report_html = '';
 	$reports = reportsByPost($post['id']);
 	if (TINYIB_REPORT && count($reports) > 0) {
 		$txt_clear_reports = __('Clear reports');
 		$report_info = count($reports) . ' ' . plural(count($reports), __('report'), __('reports'));
 		$report_html = <<<EOF
 <tr><td align="right" width="50%;">
 <form method="get" action="?">
 <input type="hidden" name="manage" value="">
 <input type="hidden" name="clearreports" value="${post['id']}">
 <input type="submit" value="$txt_clear_reports" class="managebutton" style="width: 50%;">
 </form>
 </td><td><small>$report_info</small></td></tr>
 EOF;
 	}
 	return <<<EOF
 	<fieldset>
 	<legend>$txt_moderating</legend>
@ -955,6 +981,8 @@ EOF;
 	$lock_html
 	$report_html
 	</table>
 	</fieldset>
@ -973,15 +1001,20 @@ function manageStatus() {
 	global $isadmin;
 	$threads = countThreads();
 	$bans = count(allBans());
 	$reports = allReports();
 	$info = $threads . ' ' . plural($threads, __('thread'), __('threads'));
 	if (TINYIB_REPORT) {
 		$info .= ', ' . count($reports). ' ' . plural(count($reports), __('report'), __('reports'));
 	}
 	$info .= ', ' . $bans . ' ' . plural($bans, __('ban'), __('bans'));
 	$info = $threads . ' ' . plural($threads, __('thread'), __('threads')) . ', ' . $bans . ' ' . plural($bans, __('ban'), __('bans'));
 	$output = '';
 	if ($isadmin && TINYIB_DBMODE == 'mysql' && function_exists('mysqli_connect')) { // Recommend MySQLi
 		$output .= <<<EOF
 	<fieldset>
 	<legend>Notice</legend>
-	<p><b>TINYIB_DBMODE</b> is currently <b>mysql</b> in <b>settings.php</b>, but <a href="http://www.php.net/manual/en/book.mysqli.php">MySQLi</a> is installed. Please change it to <b>mysqli</b>. This will not affect your data.</p>
+	<p><b>TINYIB_DBMODE</b> is currently set to <b>mysql</b> in <b>settings.php</b>, but <a href="http://www.php.net/manual/en/book.mysqli.php">MySQLi</a> is installed. Please change it to <b>mysqli</b>. This will not affect your data.</p>
 	</fieldset>
 EOF;
 	}
@ -1020,8 +1053,21 @@ EOF;
 		}
 	}
-	$post_html = '';
+	if (TINYIB_REPORT && !empty($reports)) {
 		$posts = array();
 		foreach ($reports as $report) {
 			$post = postByID($report['post']);
 			if (empty($post)) {
 				continue;
 			}
 			$posts[] = $post;
 		}
 		$txt_recent_posts = __('Reported posts');
 	} else {
 		$posts = latestPosts(true);
 		$txt_recent_posts = __('Recent posts');
 	}
 	$post_html = '';
 	foreach ($posts as $post) {
 		if ($post_html != '') {
 			$post_html .= '<tr><td colspan="2"><hr></td></tr>';
@ -1031,7 +1077,6 @@ EOF;
 	$txt_status = __('Status');
 	$txt_info = __('Info');
 	$txt_recent_posts = __('Recent posts');
 	$output .= <<<EOF
 	<fieldset>
 	<legend>$txt_status</legend>
@ -1069,11 +1114,8 @@ function manageInfo($text) {
 }
 function encodeJSON($array) {
 	if (version_compare(phpversion(), '5.4.0', '>')) {
 	return json_encode($array, JSON_PRETTY_PRINT);
 }
 	return json_encode($array);
 }
 function buildSinglePostJSON($post) {
 	$name = $post['name'];
--- a/settings.default.php
+++ b/settings.default.php
@ -25,6 +25,7 @@ define('TINYIB_BOARDDESC', 'TinyIB'); // Displayed at the top of every page
 define('TINYIB_ALWAYSNOKO', false);   // Redirect to thread after posting
 define('TINYIB_CAPTCHA', '');         // Reduce spam by requiring users to pass a CAPTCHA when posting: simple / recaptcha  (click Rebuild All in the management panel after enabling)  ['' to disable]
 define('TINYIB_MANAGECAPTCHA', '');   // Improve security by requiring users to pass a CAPTCHA when logging in to the management panel: simple / recaptcha  ['' to disable]
 define('TINYIB_REPORT', false);       // Allow users to report posts
 define('TINYIB_REQMOD', '');          // Require moderation before displaying posts: files / all  ['' to disable]
 // Board appearance
@ -89,7 +90,7 @@ define('TINYIB_MAXW', 250);           // Width
 define('TINYIB_MAXH', 250);           // Height
 // Tripcode seed - Must not change once set!
-define('TINYIB_TRIPSEED', '');        // Enter some random text  (used when generating secure tripcodes)
+define('TINYIB_TRIPSEED', '');        // Enter some random text  (used when generating secure tripcodes, hashing passwords and hashing IP addresses)
 // CAPTCHA
 //   The following only apply when TINYIB_CAPTCHA is set to recaptcha
@ -104,6 +105,7 @@ define('TINYIB_DBMODE', 'flatfile');  // Mode
 define('TINYIB_DBMIGRATE', false);    // Enable database migration tool  (see README for instructions)
 define('TINYIB_DBBANS', 'bans');      // Bans table name (use the same bans table across boards for global bans)
 define('TINYIB_DBPOSTS', TINYIB_BOARD . '_posts'); // Posts table name
 define('TINYIB_DBREPORTS', TINYIB_BOARD . '_reports'); // Reports table name
 // Database configuration - MySQL / pgSQL
 //   The following only apply when TINYIB_DBMODE is set to mysql, mysqli or pdo with default (blank) TINYIB_DBDSN