Per-Forum Permissions work everywhere now.

Removed some unnecessary user parameters from the error handlers.
Added a PreError type for when the user data isn't available yet.

errors.go

@@ -26,12 +26,12 @@ func init_errors() error {
 	return nil
 }
 
-func InternalError(err error, w http.ResponseWriter, r *http.Request, user User) {
+func InternalError(err error, w http.ResponseWriter, r *http.Request) {
 	w.Write(error_internal)
 	log.Fatal(err)
 }
 
-func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user User, is_js string) {
+func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, is_js string) {
 	w.WriteHeader(500)
 	if is_js == "0" {
 		w.Write(error_internal)
@@ -41,11 +41,20 @@ func InternalErrorJSQ(err error, w http.ResponseWriter, r *http.Request, user Us
 	log.Fatal(err)
 }
 
+func PreError(errmsg string, w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(500)
+	user := User{ID:0,Group:6,Perms:GuestPerms,}
+	pi := Page{"Error",user,nList,tList,errmsg}
+	var b bytes.Buffer
+	templates.ExecuteTemplate(&b,"error.html",pi)
+	fmt.Fprintln(w,b.String())
+}
+
 func LocalError(errmsg string, w http.ResponseWriter, r *http.Request, user User) {
 	w.WriteHeader(500)
 	pi := Page{"Local Error",user,nList,tList,errmsg}
 	var b bytes.Buffer
-	templates.ExecuteTemplate(&b,"error.html", pi)
+	templates.ExecuteTemplate(&b,"error.html",pi)
 	fmt.Fprintln(w,b.String())
 }
 
@@ -53,10 +62,23 @@ func LoginRequired(w http.ResponseWriter, r *http.Request, user User) {
 	w.WriteHeader(401)
 	pi := Page{"Local Error",user,nList,tList,"You need to login to do that."}
 	var b bytes.Buffer
-	templates.ExecuteTemplate(&b,"error.html", pi)
+	templates.ExecuteTemplate(&b,"error.html",pi)
 	fmt.Fprintln(w,b.String())
 }
 
+func PreErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, is_js string) {
+	w.WriteHeader(500)
+	if is_js == "0" {
+		user := User{ID:0,Group:6,Perms:GuestPerms,}
+		pi := Page{"Local Error",user,nList,tList,errmsg}
+		var b bytes.Buffer
+		templates.ExecuteTemplate(&b,"error.html", pi)
+		fmt.Fprintln(w,b.String())
+	} else {
+		w.Write([]byte(`{'errmsg': '` + errmsg + `'}`))
+	}
+}
+
 func LocalErrorJSQ(errmsg string, w http.ResponseWriter, r *http.Request, user User, is_js string) {
 	w.WriteHeader(500)
 	if is_js == "0" {
@@ -130,7 +152,7 @@ func SecurityError(w http.ResponseWriter, r *http.Request, user User) {
 	fmt.Fprintln(w,b.String())
 }
 
-func NotFound(w http.ResponseWriter, r *http.Request, user User) {
+func NotFound(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(404)
 	w.Write(error_notfound)
 }

mod_routes.go

@@ -10,14 +10,9 @@ import "database/sql"
 import _ "github.com/go-sql-driver/mysql"
 
 func route_edit_topic(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
-	if !ok {
-		return
-	}
-	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form",w,r,user)
+		PreError("Bad Form",w,r)
 		return          
 	}
 	is_js := r.PostFormValue("js")
@@ -29,30 +24,24 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
 	var fid int
 	tid, err = strconv.Atoi(r.URL.Path[len("/topic/edit/submit/"):])
 	if err != nil {
-		LocalErrorJSQ("The provided TopicID is not a valid number.",w,r,user,is_js)
+		PreErrorJSQ("The provided TopicID is not a valid number.",w,r,is_js)
 		return
 	}
 	
 	err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
 	if err == sql.ErrNoRows {
-		LocalError("The topic you tried to edit doesn't exist.",w,r,user)
+		PreError("The topic you tried to edit doesn't exist.",w,r)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+	user, ok := SimpleForumSessionCheck(w,r,fid)
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
+	if !ok {
 		return
 	}
-	
+	if !user.Perms.ViewTopic || !user.Perms.EditTopic {
-	if groups[user.Group].Forums[fid].Overrides {
-		if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditTopic {
-			NoPermissionsJSQ(w,r,user,is_js)
-			return
-		}
-	} else if !user.Perms.ViewTopic || !user.Perms.EditTopic {
 		NoPermissionsJSQ(w,r,user,is_js)
 		return
 	}
@@ -64,7 +53,7 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
 	topic_content := html.EscapeString(r.PostFormValue("topic_content"))
 	_, err = edit_topic_stmt.Exec(topic_name, preparse_message(topic_content), parse_message(html.EscapeString(preparse_message(topic_content))), is_closed, tid)
 	if err != nil {
-		InternalErrorJSQ(err,w,r,user,is_js)
+		InternalErrorJSQ(err,w,r,is_js)
 		return
 	}
 	
@@ -76,14 +65,9 @@ func route_edit_topic(w http.ResponseWriter, r *http.Request) {
 }
 
 func route_delete_topic(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
-	if !ok {
-		return
-	}
-	
 	tid, err := strconv.Atoi(r.URL.Path[len("/topic/delete/submit/"):])
 	if err != nil {
-		LocalError("The provided TopicID is not a valid number.",w,r,user)
+		PreError("The provided TopicID is not a valid number.",w,r)
 		return
 	}
 	
@@ -92,46 +76,40 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
 	var fid int
 	err = db.QueryRow("select content, createdBy, parentID from topics where tid = ?", tid).Scan(&content, &createdBy, &fid)
 	if err == sql.ErrNoRows {
-		LocalError("The topic you tried to delete doesn't exist.",w,r,user)
+		PreError("The topic you tried to delete doesn't exist.",w,r)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+	user, ok := SimpleForumSessionCheck(w,r,fid)
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
+	if !ok {
 		return
 	}
-	
+	if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
-	if groups[user.Group].Forums[fid].Overrides {
-		if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteTopic {
-			NoPermissions(w,r,user)
-			return
-		}
-	} else if !user.Perms.ViewTopic || !user.Perms.DeleteTopic {
 		NoPermissions(w,r,user)
 		return
 	}
 	
 	_, err = delete_topic_stmt.Exec(tid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	log.Print("The topic '" + strconv.Itoa(tid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
 	http.Redirect(w,r,"/",http.StatusSeeOther)
 	
 	wcount := word_count(content)
-	err = decrease_post_user_stats(wcount, createdBy, true, user)
+	err = decrease_post_user_stats(wcount,createdBy,true,user)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	_, err = remove_topics_from_forum_stmt.Exec(1, fid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -139,104 +117,77 @@ func route_delete_topic(w http.ResponseWriter, r *http.Request) {
 }
 
 func route_stick_topic(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
-	if !ok {
-		return
-	}
-	
 	tid, err := strconv.Atoi(r.URL.Path[len("/topic/stick/submit/"):])
 	if err != nil {
-		LocalError("The provided TopicID is not a valid number.",w,r,user)
+		PreError("The provided TopicID is not a valid number.",w,r)
 		return
 	}
 	
 	var fid int
 	err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
 	if err == sql.ErrNoRows {
-		LocalError("The topic you tried to pin doesn't exist.",w,r,user)
+		PreError("The topic you tried to pin doesn't exist.",w,r)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+	user, ok := SimpleForumSessionCheck(w,r,fid)
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
+	if !ok {
 		return
 	}
-	
+	if !user.Perms.ViewTopic || !user.Perms.PinTopic {
-	if groups[user.Group].Forums[fid].Overrides {
-		if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
-			NoPermissions(w,r,user)
-			return
-		}
-	} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
 		NoPermissions(w,r,user)
 		return
 	}
 	
 	_, err = stick_topic_stmt.Exec(tid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
 }
 
 func route_unstick_topic(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
-	if !ok {
-		return
-	}
-	
 	tid, err := strconv.Atoi(r.URL.Path[len("/topic/unstick/submit/"):])
 	if err != nil {
-		LocalError("The provided TopicID is not a valid number.",w,r,user)
+		PreError("The provided TopicID is not a valid number.",w,r)
 		return
 	}
 	
 	var fid int
 	err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
 	if err == sql.ErrNoRows {
-		LocalError("The topic you tried to unpin doesn't exist.",w,r,user)
+		PreError("The topic you tried to unpin doesn't exist.",w,r)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+	user, ok := SimpleForumSessionCheck(w,r,fid)
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
+	if !ok {
 		return
 	}
-	
+	if !user.Perms.ViewTopic || !user.Perms.PinTopic {
-	if groups[user.Group].Forums[fid].Overrides {
-		if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].PinTopic {
-			NoPermissions(w,r,user)
-			return
-		}
-	} else if !user.Perms.ViewTopic || !user.Perms.PinTopic {
 		NoPermissions(w,r,user)
 		return
 	}
 	
 	_, err = unstick_topic_stmt.Exec(tid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	http.Redirect(w,r,"/topic/" + strconv.Itoa(tid),http.StatusSeeOther)
 }
 
 func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
-	if !ok {
-		return
-	}
-	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		PreError("Bad Form",w,r)
 		return          
 	}
 	is_js := r.PostFormValue("js")
@@ -246,14 +197,14 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 	
 	rid, err := strconv.Atoi(r.URL.Path[len("/reply/edit/submit/"):])
 	if err != nil {
-		LocalError("The provided Reply ID is not a valid number.",w,r,user)
+		PreError("The provided Reply ID is not a valid number.",w,r)
 		return
 	}
 	
 	content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
 	_, err = edit_reply_stmt.Exec(content, parse_message(content), rid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -261,31 +212,25 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 	var tid int
 	err = db.QueryRow("select tid from replies where rid = ?", rid).Scan(&tid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	var fid int
 	err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
 	if err == sql.ErrNoRows {
-		LocalError("The parent topic doesn't exist.",w,r,user)
+		PreError("The parent topic doesn't exist.",w,r)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+	user, ok := SimpleForumSessionCheck(w,r,fid)
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
+	if !ok {
 		return
 	}
-	
+	if !user.Perms.ViewTopic || !user.Perms.EditReply {
-	if groups[user.Group].Forums[fid].Overrides {
-		if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].EditReply {
-			NoPermissions(w,r,user)
-			return
-		}
-	} else if !user.Perms.ViewTopic || !user.Perms.EditReply {
 		NoPermissions(w,r,user)
 		return
 	}
@@ -298,14 +243,9 @@ func route_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 }
 
 func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
-	if !ok {
-		return
-	}
-	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		PreError("Bad Form",w,r)
 		return          
 	}
 	is_js := r.PostFormValue("is_js")
@@ -313,14 +253,9 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
 		is_js = "0"
 	}
 	
-	if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
-		NoPermissionsJSQ(w,r,user,is_js)
-		return
-	}
-	
 	rid, err := strconv.Atoi(r.URL.Path[len("/reply/delete/submit/"):])
 	if err != nil {
-		LocalErrorJSQ("The provided Reply ID is not a valid number.",w,r,user,is_js)
+		PreErrorJSQ("The provided Reply ID is not a valid number.",w,r,is_js)
 		return
 	}
 	
@@ -329,41 +264,35 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
 	var createdBy int
 	err = db.QueryRow("select tid, content, createdBy from replies where rid = ?", rid).Scan(&tid, &content, &createdBy)
 	if err == sql.ErrNoRows {
-		LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
+		PreErrorJSQ("The reply you tried to delete doesn't exist.",w,r,is_js)
 		return
 	} else if err != nil {
-		InternalErrorJSQ(err,w,r,user,is_js)
+		InternalErrorJSQ(err,w,r,is_js)
 		return
 	}
 	
 	var fid int
 	err = db.QueryRow("select parentID from topics where tid = ?", tid).Scan(&fid)
 	if err == sql.ErrNoRows {
-		LocalError("The parent topic doesn't exist.",w,r,user)
+		PreError("The parent topic doesn't exist.",w,r)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+	user, ok := SimpleForumSessionCheck(w,r,fid)
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
+	if !ok {
 		return
 	}
-	
+	if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
-	if groups[user.Group].Forums[fid].Overrides {
-		if !groups[user.Group].Forums[fid].ViewTopic || !groups[user.Group].Forums[fid].DeleteReply {
-			NoPermissions(w,r,user)
-			return
-		}
-	} else if !user.Perms.ViewTopic || !user.Perms.DeleteReply {
 		NoPermissions(w,r,user)
 		return
 	}
 	
 	_, err = delete_reply_stmt.Exec(rid)
 	if err != nil {
-		InternalErrorJSQ(err,w,r,user,is_js)
+		InternalErrorJSQ(err,w,r,is_js)
 		return
 	}
 	log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@@ -376,13 +305,12 @@ func route_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
 	wcount := word_count(content)
 	err = decrease_post_user_stats(wcount, createdBy, false, user)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	_, err = remove_replies_from_topic_stmt.Exec(1,tid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
-		return
 	}
 }
 
@@ -394,7 +322,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		LocalError("Bad Form",w,r,user)
 		return          
 	}
 	is_js := r.PostFormValue("js")
@@ -412,7 +340,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 	var uid int
 	err = db.QueryRow("select uid from users_replies where rid = ?", rid).Scan(&uid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -424,7 +352,7 @@ func route_profile_reply_edit_submit(w http.ResponseWriter, r *http.Request) {
 	content := html.EscapeString(preparse_message(r.PostFormValue("edit_item")))
 	_, err = edit_profile_reply_stmt.Exec(content, parse_message(content), rid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -443,7 +371,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
 	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		LocalError("Bad Form",w,r,user)
 		return          
 	}
 	
@@ -464,7 +392,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
 		LocalErrorJSQ("The reply you tried to delete doesn't exist.",w,r,user,is_js)
 		return
 	} else if err != nil {
-		InternalErrorJSQ(err,w,r,user,is_js)
+		InternalErrorJSQ(err,w,r,is_js)
 		return
 	}
 	
@@ -475,7 +403,7 @@ func route_profile_reply_delete_submit(w http.ResponseWriter, r *http.Request) {
 	
 	_, err = delete_profile_reply_stmt.Exec(rid)
 	if err != nil {
-		InternalErrorJSQ(err,w,r,user,is_js)
+		InternalErrorJSQ(err,w,r,is_js)
 		return
 	}
 	log.Print("The reply '" + strconv.Itoa(rid) + "' was deleted by User ID #" + strconv.Itoa(user.ID) + ".")
@@ -492,7 +420,6 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
 	if !ok {
 		return
 	}
-	
 	if !user.Perms.BanUsers {
 		NoPermissions(w,r,user)
 		return
@@ -510,7 +437,7 @@ func route_ban(w http.ResponseWriter, r *http.Request) {
 		LocalError("The user you're trying to ban no longer exists.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -526,7 +453,6 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
 	if !ok {
 		return
 	}
-	
 	if !user.Perms.BanUsers {
 		NoPermissions(w,r,user)
 		return
@@ -549,7 +475,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
 		LocalError("The user you're trying to ban no longer exists.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -573,7 +499,7 @@ func route_ban_submit(w http.ResponseWriter, r *http.Request) {
 	
 	_, err = change_group_stmt.Exec(4, uid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@@ -588,7 +514,6 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
 		NoPermissions(w,r,user)
 		return
 	}
-	
 	if r.FormValue("session") != user.Session {
 		SecurityError(w,r,user)
 		return
@@ -607,7 +532,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
 		LocalError("The user you're trying to unban no longer exists.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -618,7 +543,7 @@ func route_unban(w http.ResponseWriter, r *http.Request) {
 	
 	_, err = change_group_stmt.Exec(default_group, uid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@@ -646,12 +571,12 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
 	
 	var uname string
 	var active bool
-	err = db.QueryRow("select `name`, `active` from users where `uid` = ?", uid).Scan(&uname, &active)
+	err = db.QueryRow("select `name`,`active` from users where `uid` = ?", uid).Scan(&uname, &active)
 	if err == sql.ErrNoRows {
 		LocalError("The account you're trying to activate no longer exists.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -661,13 +586,13 @@ func route_activate(w http.ResponseWriter, r *http.Request) {
 	}
 	_, err = activate_user_stmt.Exec(uid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	_, err = change_group_stmt.Exec(default_group, uid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	http.Redirect(w,r,"/users/" + strconv.Itoa(uid),http.StatusSeeOther)
@@ -740,7 +665,7 @@ func route_panel_forums_create_submit(w http.ResponseWriter, r *http.Request){
 	
 	fid, err := create_forum(fname,active,fpreset)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -757,11 +682,11 @@ func route_panel_forums_delete(w http.ResponseWriter, r *http.Request){
 		NoPermissions(w,r,user)
 		return
 	}
-	
 	if r.FormValue("session") != user.Session {
 		SecurityError(w,r,user)
 		return
 	}
+	
 	fid, err := strconv.Atoi(r.URL.Path[len("/panel/forums/delete/"):])
 	if err != nil {
 		LocalError("The provided Forum ID is not a valid number.",w,r,user)
@@ -806,7 +731,7 @@ func route_panel_forums_delete_submit(w http.ResponseWriter, r *http.Request) {
 	
 	err = delete_forum(fid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	http.Redirect(w,r,"/panel/forums/",http.StatusSeeOther)
@@ -894,7 +819,7 @@ func route_panel_forums_edit_submit(w http.ResponseWriter, r *http.Request) {
 	
 	_, err = update_forum_stmt.Exec(forum_name,active,forum_preset,fid)
 	if err != nil {
-		InternalErrorJSQ(err,w,r,user,is_js)
+		InternalErrorJSQ(err,w,r,is_js)
 		return
 	}
 	
@@ -930,7 +855,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
 	var settingList map[string]interface{} = make(map[string]interface{})
 	rows, err := db.Query("select name, content, type from settings")
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	defer rows.Close()
@@ -941,7 +866,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
 	for rows.Next() {
 		err := rows.Scan(&sname,&scontent,&stype)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -965,7 +890,7 @@ func route_panel_settings(w http.ResponseWriter, r *http.Request){
 	}
 	err = rows.Err()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -991,7 +916,7 @@ func route_panel_setting(w http.ResponseWriter, r *http.Request){
 		LocalError("The setting you want to edit doesn't exist.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1053,7 +978,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
 		LocalError("The setting you want to edit doesn't exist.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1067,7 +992,7 @@ func route_panel_setting_edit(w http.ResponseWriter, r *http.Request) {
 	
 	_, err = update_setting_stmt.Exec(scontent,sname)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1122,7 +1047,7 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
 	var active bool
 	err := db.QueryRow("select active from plugins where uname = ?", uname).Scan(&active)
 	if err != nil && err != sql.ErrNoRows {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1142,13 +1067,13 @@ func route_panel_plugins_activate(w http.ResponseWriter, r *http.Request){
 		}
 		_, err = update_plugin_stmt.Exec(1,uname)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 	} else {
 		_, err := add_plugin_stmt.Exec(uname,1)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 	}
@@ -1188,7 +1113,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
 		LocalError("The plugin you're trying to deactivate isn't active",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1198,7 +1123,7 @@ func route_panel_plugins_deactivate(w http.ResponseWriter, r *http.Request){
 	}
 	_, err = update_plugin_stmt.Exec(0,uname)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1222,7 +1147,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
 	var userList []interface{}
 	rows, err := db.Query("select `uid`,`name`,`group`,`active`,`is_super_admin`,`avatar` from users")
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	defer rows.Close()
@@ -1231,7 +1156,7 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
 		puser := User{ID: 0,}
 		err := rows.Scan(&puser.ID, &puser.Name, &puser.Group, &puser.Active, &puser.Is_Super_Admin, &puser.Avatar)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -1260,14 +1185,14 @@ func route_panel_users(w http.ResponseWriter, r *http.Request){
 	}
 	err = rows.Err()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	pi := Page{"User Manager",user,noticeList,userList,nil}
 	err = templates.ExecuteTemplate(w,"panel-users.html",pi)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 	}
 }
 
@@ -1296,7 +1221,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
 		LocalError("The user you're trying to edit doesn't exist.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1321,7 +1246,7 @@ func route_panel_users_edit(w http.ResponseWriter, r *http.Request){
 	pi := Page{"User Editor",user,noticeList,groupList,targetUser}
 	err = templates.ExecuteTemplate(w,"panel-user-edit.html",pi)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 	}
 }
 
@@ -1334,7 +1259,6 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
 		NoPermissions(w,r,user)
 		return
 	}
-	
 	if r.FormValue("session") != user.Session {
 		SecurityError(w,r,user)
 		return
@@ -1353,7 +1277,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
 		LocalError("The user you're trying to edit doesn't exist.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1408,7 +1332,7 @@ func route_panel_users_edit_submit(w http.ResponseWriter, r *http.Request){
 	
 	_, err = update_user_stmt.Exec(newname,newemail,newgroup,targetUser.ID)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1488,7 +1412,7 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
 	var isDefault bool
 	err := db.QueryRow("select `default` from `themes` where `uname` = ?", uname).Scan(&isDefault)
 	if err != nil && err != sql.ErrNoRows {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1500,20 +1424,20 @@ func route_panel_themes_default(w http.ResponseWriter, r *http.Request){
 		}
 		_, err = update_theme_stmt.Exec(1, uname)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 	} else {
 		_, err := add_theme_stmt.Exec(uname,1)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 	}
 	
 	_, err = update_theme_stmt.Exec(0, defaultTheme)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	

router.go

@@ -42,8 +42,7 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 	
 	if req.URL.Path[len(req.URL.Path) - 1] == '/' {
-		w.WriteHeader(404)
+		NotFound(w,req)
-		w.Write(error_notfound)
 		return
 	}
 	
@@ -60,7 +59,6 @@ func (router *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 	
-	w.WriteHeader(404)
+	NotFound(w,req)
-	w.Write(error_notfound)
 	return
 }

routes.go

@@ -65,7 +65,7 @@ func route_overview(w http.ResponseWriter, r *http.Request){
 	pi := Page{"Overview",user,noticeList,tList,nil}
 	err := templates.ExecuteTemplate(w,"overview.html",pi)
     if err != nil {
-        InternalError(err,w,r,user)
+        InternalError(err,w,r)
     }
 }
 
@@ -76,13 +76,13 @@ func route_custom_page(w http.ResponseWriter, r *http.Request){
 	}
 	name := r.URL.Path[len("/pages/"):]
 	if templates.Lookup("page_" + name) == nil {
-		NotFound(w,r,user)
+		NotFound(w,r)
 		return
 	}
 	
 	err := templates.ExecuteTemplate(w,"page_" + name,Page{"Page",user,noticeList,tList,nil})
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 	}
 }
 	
@@ -104,7 +104,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
 	rows, err := db.Query("select topics.tid, topics.title, topics.content, topics.createdBy, topics.is_closed, topics.sticky, topics.createdAt, topics.parentID, users.name, users.avatar from topics left join users ON topics.createdBy = users.uid where parentID in("+strings.Join(fidList,",")+") order by topics.sticky DESC, topics.lastReplyAt DESC, topics.createdBy DESC")
 	//rows, err := get_topic_list_stmt.Query()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -112,7 +112,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
 	for rows.Next() {
 		err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -131,7 +131,7 @@ func route_topics(w http.ResponseWriter, r *http.Request){
 	}
 	err = rows.Err()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	rows.Close()
@@ -142,36 +142,25 @@ func route_topics(w http.ResponseWriter, r *http.Request){
 	} else {
 		err = templates.ExecuteTemplate(w,"topics.html",pi)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 		}
 	}
 }
 
 func route_forum(w http.ResponseWriter, r *http.Request){
-	user, noticeList, ok := SessionCheck(w,r)
-	if !ok {
-		return
-	}
-	
 	page, _ := strconv.Atoi(r.FormValue("page"))
 	fid, err := strconv.Atoi(r.URL.Path[len("/forum/"):])
 	if err != nil {
-		LocalError("The provided ForumID is not a valid number.",w,r,user)
+		PreError("The provided ForumID is not a valid number.",w,r)
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
+	user, noticeList, ok := ForumSessionCheck(w,r,fid)
-		NotFound(w,r,user)
+	if !ok {
 		return
 	}
-	
 	//fmt.Printf("%+v\n", groups[user.Group].Forums)
-	if groups[user.Group].Forums[fid].Overrides {
+	if !user.Perms.ViewTopic {
-		if !groups[user.Group].Forums[fid].ViewTopic {
-			NoPermissions(w,r,user)
-			return
-		}
-	} else if !user.Perms.ViewTopic {
 		NoPermissions(w,r,user)
 		return
 	}
@@ -189,7 +178,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
 	}
 	rows, err := get_forum_topics_offset_stmt.Query(fid,offset)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -198,7 +187,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
 	for rows.Next() {
 		err := rows.Scan(&topicItem.ID, &topicItem.Title, &topicItem.Content, &topicItem.CreatedBy, &topicItem.Is_Closed, &topicItem.Sticky, &topicItem.CreatedAt, &topicItem.ParentID, &topicItem.CreatedByName, &topicItem.Avatar)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -217,7 +206,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
 	}
 	err = rows.Err()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	rows.Close()
@@ -228,7 +217,7 @@ func route_forum(w http.ResponseWriter, r *http.Request){
 	} else {
 		err = templates.ExecuteTemplate(w,"forum.html",pi)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 		}
 	}
 }
@@ -255,16 +244,12 @@ func route_forums(w http.ResponseWriter, r *http.Request){
 	} else {
 		err := templates.ExecuteTemplate(w,"forums.html",pi)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 		}
 	}
 }
 	
 func route_topic_id(w http.ResponseWriter, r *http.Request){
-	user, noticeList, ok := SessionCheck(w,r)
-	if !ok {
-		return
-	}
 	var(
 		err error
 		content string
@@ -278,31 +263,25 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
 	topic := TopicUser{Css: no_css_tmpl}
 	topic.ID, err = strconv.Atoi(r.URL.Path[len("/topic/"):])
 	if err != nil {
-		LocalError("The provided TopicID is not a valid number.",w,r,user)
+		PreError("The provided TopicID is not a valid number.",w,r)
 		return
 	}
 	
 	// Get the topic..
 	err = get_topic_user_stmt.QueryRow(topic.ID).Scan(&topic.Title, &content, &topic.CreatedBy, &topic.CreatedAt, &topic.Is_Closed, &topic.Sticky, &topic.ParentID, &topic.IpAddress, &topic.PostCount, &topic.CreatedByName, &topic.Avatar, &group, &topic.URLPrefix, &topic.URLName, &topic.Level)
 	if err == sql.ErrNoRows {
-		NotFound(w,r,user)
+		NotFound(w,r)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	if (topic.ParentID > forumCapCount) || (topic.ParentID < 0) || forums[topic.ParentID].Name=="" {
+	user, noticeList, ok := ForumSessionCheck(w,r,topic.ParentID)
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
+	if !ok {
 		return
 	}
-	
+	if !user.Perms.ViewTopic {
-	if groups[user.Group].Forums[topic.ParentID].Overrides {
-		if !groups[user.Group].Forums[topic.ParentID].ViewTopic {
-			NoPermissions(w,r,user)
-			return
-		}
-	} else if !user.Perms.ViewTopic {
 		NoPermissions(w,r,user)
 		return
 	}
@@ -361,7 +340,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
 		LocalError("Bad Page. Some of the posts may have been deleted or you got here by directly typing in the page number.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -369,7 +348,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
 	for rows.Next() {
 		err := rows.Scan(&replyItem.ID, &replyItem.Content, &replyItem.CreatedBy, &replyItem.CreatedAt, &replyItem.LastEdit, &replyItem.LastEditBy, &replyItem.Avatar, &replyItem.CreatedByName, &group, &replyItem.URLPrefix, &replyItem.URLName, &replyItem.Level, &replyItem.IpAddress)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -410,7 +389,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
 	}
 	err = rows.Err()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	rows.Close()
@@ -421,7 +400,7 @@ func route_topic_id(w http.ResponseWriter, r *http.Request){
 	} else {
 		err = templates.ExecuteTemplate(w,"topic.html", tpage)
 		if err != nil {
-			InternalError(err, w, r, user)
+			InternalError(err,w,r)
 		}
 	}
 }
@@ -464,10 +443,10 @@ func route_profile(w http.ResponseWriter, r *http.Request){
 		// Fetch the user data
 		err = db.QueryRow("select `name`,`group`,`is_super_admin`,`avatar`,`message`,`url_prefix`,`url_name`,`level` from `users` where `uid` = ?", puser.ID).Scan(&puser.Name, &puser.Group, &puser.Is_Super_Admin, &puser.Avatar, &puser.Message, &puser.URLPrefix, &puser.URLName, &puser.Level)
 		if err == sql.ErrNoRows {
-			NotFound(w,r,user)
+			NotFound(w,r)
 			return
 		} else if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -493,7 +472,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
 	// Get the replies..
 	rows, err := db.Query("select users_replies.rid, users_replies.content, users_replies.createdBy, users_replies.createdAt, users_replies.lastEdit, users_replies.lastEditBy, users.avatar, users.name, users.group from users_replies left join users ON users_replies.createdBy = users.uid where users_replies.uid = ?", puser.ID)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	defer rows.Close()
@@ -501,7 +480,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
 	for rows.Next() {
 		err := rows.Scan(&rid, &replyContent, &replyCreatedBy, &replyCreatedAt, &replyLastEdit, &replyLastEditBy, &replyAvatar, &replyCreatedByName, &group)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -530,7 +509,7 @@ func route_profile(w http.ResponseWriter, r *http.Request){
 	}
 	err = rows.Err()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -540,32 +519,32 @@ func route_profile(w http.ResponseWriter, r *http.Request){
 	} else {
 		err = templates.ExecuteTemplate(w,"profile.html",ppage)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 		}
 	}
 }
 
 func route_topic_create(w http.ResponseWriter, r *http.Request){
-	user, noticeList, ok := SessionCheck(w,r)
-	if !ok {
-		return
-	}
-	if !user.Loggedin || !user.Perms.CreateTopic {
-		NoPermissions(w,r,user)
-		return
-	}
-	
 	var fid int
 	var err error
 	sfid := r.URL.Path[len("/topics/create/"):]
 	if sfid != "" {
 		fid, err = strconv.Atoi(sfid)
 		if err != nil {
-			LocalError("The provided ForumID is not a valid number.",w,r,user)
+			PreError("The provided ForumID is not a valid number.",w,r)
 			return
 		}
 	}
 	
+	user, noticeList, ok := ForumSessionCheck(w,r,fid)
+	if !ok {
+		return
+	}
+	if !user.Loggedin || !user.Perms.CreateTopic {
+		NoPermissions(w,r,user)
+		return
+	}
+	
 	var forumList []Forum
 	group := groups[user.Group]
 	for _, fid := range group.CanSee {
@@ -580,14 +559,26 @@ func route_topic_create(w http.ResponseWriter, r *http.Request){
 	} else {
 		err = templates.ExecuteTemplate(w,"create-topic.html",ctpage)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 		}
 	}
 }
 	
 // POST functions. Authorised users only.
 func route_create_topic(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
+	err := r.ParseForm()
+	if err != nil {
+		PreError("Bad Form",w,r)
+		return          
+	}
+	
+	fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
+	if err != nil {
+		PreError("The provided ForumID is not a valid number.",w,r)
+		return
+	}
+	
+	user, ok := SimpleForumSessionCheck(w,r,fid)
 	if !ok {
 		return
 	}
@@ -596,17 +587,6 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	
-	err := r.ParseForm()
-	if err != nil {
-		LocalError("Bad Form",w,r,user)
-		return          
-	}
-	
-	fid, err := strconv.Atoi(r.PostFormValue("topic-board"))
-	if err != nil {
-		LocalError("The provided ForumID is not a valid number.",w,r,user)
-		return
-	}
 	topic_name := html.EscapeString(r.PostFormValue("topic-name"))
 	content := html.EscapeString(preparse_message(r.PostFormValue("topic-content")))
 	ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
@@ -615,33 +595,27 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	
-	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
-		LocalError("The topic's parent forum doesn't exist.",w,r,user)
-		return
-	}
-	
 	res, err := create_topic_stmt.Exec(fid,topic_name,content,parse_message(content),ipaddress,user.ID)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
-	
 	lastId, err := res.LastInsertId()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	_, err = add_topics_to_forum_stmt.Exec(1,fid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	forums[fid].TopicCount -= 1
 	
 	_, err = update_forum_cache_stmt.Exec(topic_name,lastId,user.Name,user.ID,fid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	forums[fid].LastTopic = topic_name
@@ -654,13 +628,35 @@ func route_create_topic(w http.ResponseWriter, r *http.Request) {
 	wcount := word_count(content)
 	err = increase_post_user_stats(wcount,user.ID,true,user)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 }
 
 func route_create_reply(w http.ResponseWriter, r *http.Request) {
-	user, ok := SimpleSessionCheck(w,r)
+	err := r.ParseForm()
+	if err != nil {
+		PreError("Bad Form",w,r)
+		return          
+	}
+	tid, err := strconv.Atoi(r.PostFormValue("tid"))
+	if err != nil {
+		PreError("Failed to convert the TopicID",w,r)
+		return
+	}
+	
+	var topic_name string
+	var fid int
+	err = db.QueryRow("select title, parentID from topics where tid = ?",tid).Scan(&topic_name,&fid)
+	if err == sql.ErrNoRows {
+		PreError("Couldn't find the parent topic",w,r)
+		return
+	} else if err != nil {
+		InternalError(err,w,r)
+		return
+	}
+	
+	user, ok := SimpleForumSessionCheck(w,r,fid)
 	if !ok {
 		return
 	}
@@ -669,17 +665,6 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	
-	err := r.ParseForm()
-	if err != nil {
-		LocalError("Bad Form", w, r, user)
-		return          
-	}
-	tid, err := strconv.Atoi(r.PostFormValue("tid"))
-	if err != nil {
-		LocalError("Failed to convert the TopicID", w, r, user)
-		return
-	}
-	
 	content := preparse_message(html.EscapeString(r.PostFormValue("reply-content")))
 	ipaddress, _, err := net.SplitHostPort(r.RemoteAddr)
 	if err != nil {
@@ -689,36 +674,26 @@ func route_create_reply(w http.ResponseWriter, r *http.Request) {
 	
 	_, err = create_reply_stmt.Exec(tid,content,parse_message(content),ipaddress,user.ID)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
-		return
-	}
-	
-	var topic_name string
-	err = db.QueryRow("select title from topics where tid = ?", tid).Scan(&topic_name)
-	if err == sql.ErrNoRows {
-		LocalError("Couldn't find the parent topic", w, r, user)
-		return
-	} else if err != nil {
-		InternalError(err,w,r,user)
 		return
 	}
 	
 	_, err = add_replies_to_topic_stmt.Exec(1, tid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	_, err = update_forum_cache_stmt.Exec(topic_name, tid, user.Name, user.ID, 1)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	http.Redirect(w, r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
+	http.Redirect(w,r, "/topic/" + strconv.Itoa(tid), http.StatusSeeOther)
 	wcount := word_count(content)
 	err = increase_post_user_stats(wcount, user.ID, false, user)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 }
@@ -735,7 +710,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
 	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		LocalError("Bad Form",w,r,user)
 		return          
 	}
 	uid, err := strconv.Atoi(r.PostFormValue("uid"))
@@ -746,7 +721,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
 	
 	_, err = create_profile_reply_stmt.Exec(uid,html.EscapeString(preparse_message(r.PostFormValue("reply-content"))),parse_message(html.EscapeString(preparse_message(r.PostFormValue("reply-content")))),user.ID)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -756,7 +731,7 @@ func route_profile_reply_create(w http.ResponseWriter, r *http.Request) {
 		LocalError("The profile you're trying to post on doesn't exist.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -806,7 +781,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
 			LocalError("We were unable to find the reported post",w,r,user)
 			return
 		} else if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -815,7 +790,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
 			LocalError("We were unable to find the topic which the reported post is supposed to be in",w,r,user)
 			return
 		} else if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(tid) + "'>" + title + "</a>"
@@ -825,7 +800,7 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
 			LocalError("We were unable to find the reported post",w,r,user)
 			return
 		} else if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -834,17 +809,17 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
 			LocalError("We were unable to find the profile which the reported post is supposed to be on",w,r,user)
 			return
 		} else if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		content = content + "<br><br>Original Post: <a href='/user/" + strconv.Itoa(tid) + "'>" + title + "</a>"
 	} else if item_type == "topic" {
 		err = db.QueryRow("select title, content from topics where tid = ?", item_id).Scan(&title,&content)
 		if err == sql.ErrNoRows {
-			NotFound(w,r,user)
+			NotFound(w,r)
 			return
 		} else if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		content = content + "<br><br>Original Post: <a href='/topic/" + strconv.Itoa(item_id) + "'>" + title + "</a>"
@@ -861,14 +836,14 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
 	var count int
 	rows, err := db.Query("select count(*) as count from topics where data = ? and data != '' and parentID = 1", item_type + "_" + strconv.Itoa(item_id))
 	if err != nil && err != sql.ErrNoRows {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	for rows.Next() {
 		err = rows.Scan(&count)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 	}
@@ -880,24 +855,24 @@ func route_report_submit(w http.ResponseWriter, r *http.Request) {
 	title = "Report: " + title
 	res, err := create_report_stmt.Exec(title,content,content,user.ID,item_type + "_" + strconv.Itoa(item_id))
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	lastId, err := res.LastInsertId()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	_, err = add_topics_to_forum_stmt.Exec(1, fid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	_, err = update_forum_cache_stmt.Exec(title, lastId, user.Name, user.ID, fid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -913,7 +888,7 @@ func route_account_own_edit_critical(w http.ResponseWriter, r *http.Request) {
 		LocalError("You need to login to edit your account.",w,r,user)
 		return
 	}
-	pi := Page{"Edit Password",user,noticeList,tList,0}
+	pi := Page{"Edit Password",user,noticeList,tList,nil}
 	templates.ExecuteTemplate(w,"account-own-edit.html", pi)
 }
 
@@ -929,7 +904,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
 	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		LocalError("Bad Form",w,r,user)
 		return          
 	}
 	
@@ -944,7 +919,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
 		LocalError("Your account no longer exists.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -954,7 +929,7 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
 		LocalError("That's not the correct password.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	if new_password != confirm_password {
@@ -966,12 +941,12 @@ func route_account_own_edit_critical_submit(w http.ResponseWriter, r *http.Reque
 	// Log the user out as a safety precaution
 	_, err = logout_stmt.Exec(user.ID)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
-	noticeList[len(noticeList)] = "Your password was successfully updated"
+	noticeList = append(noticeList,"Your password was successfully updated")
-	pi := Page{"Edit Password",user,noticeList,tList,0}
+	pi := Page{"Edit Password",user,noticeList,tList,nil}
 	templates.ExecuteTemplate(w,"account-own-edit.html", pi)
 }
 
@@ -984,13 +959,13 @@ func route_account_own_edit_avatar(w http.ResponseWriter, r *http.Request) {
 		LocalError("You need to login to edit your account.",w,r,user)
 		return
 	}
-	pi := Page{"Edit Avatar",user,noticeList,tList,0}
+	pi := Page{"Edit Avatar",user,noticeList,tList,nil}
-	templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
+	templates.ExecuteTemplate(w,"account-own-edit-avatar.html",pi)
 }
 
 func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request) {
 	if r.ContentLength > int64(max_request_size) {
-		http.Error(w, "request too large", http.StatusExpectationFailed)
+		http.Error(w,"Request too large",http.StatusExpectationFailed)
 		return
 	}
 	r.Body = http.MaxBytesReader(w, r.Body, int64(max_request_size))
@@ -1006,7 +981,7 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
 	
 	err := r.ParseMultipartForm(int64(max_request_size))
 	if  err != nil {
-		LocalError("Upload failed", w, r, user)
+		LocalError("Upload failed",w,r,user)
 		return
 	}
 	
@@ -1051,14 +1026,14 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
 			
 			outfile, err := os.Create("./uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext);
 			if  err != nil {
-				LocalError("Upload failed [File Creation Failed]", w, r, user)
+				LocalError("Upload failed [File Creation Failed]",w,r,user)
 				return
 			}
 			defer outfile.Close()
 			
 			_, err = io.Copy(outfile, infile);
 			if  err != nil {
-				LocalError("Upload failed [Copy Failed]", w, r, user)
+				LocalError("Upload failed [Copy Failed]",w,r,user)
 				return
 			}
 		}
@@ -1066,13 +1041,13 @@ func route_account_own_edit_avatar_submit(w http.ResponseWriter, r *http.Request
 	
 	_, err = set_avatar_stmt.Exec("." + ext, strconv.Itoa(user.ID))
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + "." + ext
 	noticeList = append(noticeList, "Your avatar was successfully updated")
 	
-	pi := Page{"Edit Avatar",user,noticeList,tList,0}
+	pi := Page{"Edit Avatar",user,noticeList,tList,nil}
 	templates.ExecuteTemplate(w,"account-own-edit-avatar.html", pi)
 }
 
@@ -1085,9 +1060,8 @@ func route_account_own_edit_username(w http.ResponseWriter, r *http.Request) {
 		LocalError("You need to login to edit your account.",w,r,user)
 		return
 	}
-	
 	pi := Page{"Edit Username",user,noticeList,tList,user.Name}
-	templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
+	templates.ExecuteTemplate(w,"account-own-edit-username.html",pi)
 }
 
 func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Request) {
@@ -1101,7 +1075,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
 	}
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		LocalError("Bad Form",w,r,user)
 		return          
 	}
 	
@@ -1114,7 +1088,7 @@ func route_account_own_edit_username_submit(w http.ResponseWriter, r *http.Reque
 	user.Name = new_username
 	
 	noticeList = append(noticeList,"Your username was successfully updated")
-	pi := Page{"Edit Username",user,noticeList,tList,0}
+	pi := Page{"Edit Username",user,noticeList,tList,nil}
 	templates.ExecuteTemplate(w,"account-own-edit-username.html", pi)
 }
 
@@ -1217,7 +1191,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
 	
 	_, err = verify_email_stmt.Exec(user.Email)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1225,7 +1199,7 @@ func route_account_own_edit_email_token_submit(w http.ResponseWriter, r *http.Re
 	if settings["activation_type"] == 2 {
 		_, err = activate_user_stmt.Exec(user.ID)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 	}
@@ -1250,7 +1224,7 @@ func route_logout(w http.ResponseWriter, r *http.Request) {
 	
 	_, err := logout_stmt.Exec(user.ID)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	http.Redirect(w,r, "/", http.StatusSeeOther)
@@ -1265,7 +1239,7 @@ func route_login(w http.ResponseWriter, r *http.Request) {
 		LocalError("You're already logged in.",w,r,user)
 		return
 	}
-	pi := Page{"Login",user,noticeList,tList,0}
+	pi := Page{"Login",user,noticeList,tList,nil}
 	templates.ExecuteTemplate(w,"login.html", pi)
 }
 
@@ -1278,10 +1252,9 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
 		LocalError("You're already logged in.",w,r,user)
 		return
 	}
-	
 	err := r.ParseForm()
 	if err != nil {
-		LocalError("Bad Form", w, r, user)
+		LocalError("Bad Form",w,r,user)
 		return          
 	}
 	
@@ -1297,7 +1270,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
 		LocalError("That username doesn't exist.",w,r,user)
 		return
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1313,7 +1286,7 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
 	} else { // Normal login..
 		password = password + salt
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		
@@ -1322,20 +1295,20 @@ func route_login_submit(w http.ResponseWriter, r *http.Request) {
 			LocalError("That's not the correct password.",w,r,user)
 			return
 		} else if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 	}
 	
 	session, err = GenerateSafeString(sessionLength)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	_, err = update_session_stmt.Exec(session, uid)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1402,7 +1375,7 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
 	// Is this username already taken..?
 	err = username_exists_stmt.QueryRow(username).Scan(&username)
 	if err != nil && err != sql.ErrNoRows {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	} else if err != sql.ErrNoRows {
 		LocalError("This username isn't available. Try another.",w,r,user)
@@ -1411,19 +1384,19 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
 	
 	salt, err := GenerateSafeString(saltLength)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	session, err := GenerateSafeString(sessionLength)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
 	password = password + salt
 	hashed_password, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1439,12 +1412,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
 	
 	res, err := register_stmt.Exec(username,email,string(hashed_password),salt,group,session,active)
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	lastId, err := res.LastInsertId()
 	if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return
 	}
 	
@@ -1452,12 +1425,12 @@ func route_register_submit(w http.ResponseWriter, r *http.Request) {
 	if enable_emails {
 		token, err := GenerateSafeString(80)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		_, err = add_email_stmt.Exec(email, lastId, 0, token)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return
 		}
 		

template_forum.go

@@ -1,7 +1,7 @@
 /* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
 package main
-import "strconv"
 import "io"
+import "strconv"
 
 func init() {
 	template_forum_handle = template_forum

template_profile.go

@@ -1,7 +1,7 @@
 /* This file was automatically generated by the software. Please don't edit it as your changes may be overwritten at any moment. */
 package main
-import "strconv"
 import "io"
+import "strconv"
 
 func init() {
 	template_profile_handle = template_profile

user.go

@@ -73,76 +73,57 @@ func SendValidationEmail(username string, email string, token string) bool {
 	return SendEmail(email, subject, msg)
 }
 
-func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
+func SimpleForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, success bool) {
-	// Are there any session cookies..?
+	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
-	cookie, err := r.Cookie("uid")
+		PreError("The target forum doesn't exist.",w,r)
-	if err != nil {
+		return user, false
-		user.Group = 6
-		user.Perms = GuestPerms
-		return user, noticeList, true
 	}
-	user.ID, err = strconv.Atoi(cookie.Value)
+	user, success = SimpleSessionCheck(w,r)
-	if err != nil {
+	fperms := groups[user.Group].Forums[fid]
-		user.Group = 6
+	if fperms.Overrides && !user.Is_Super_Admin {
-		user.Perms = GuestPerms
+		user.Perms.ViewTopic = fperms.ViewTopic
-		return user, noticeList, true
+		user.Perms.CreateTopic = fperms.CreateTopic
+		user.Perms.EditTopic = fperms.EditTopic
+		user.Perms.DeleteTopic = fperms.DeleteTopic
+		user.Perms.CreateReply = fperms.CreateReply
+		user.Perms.EditReply = fperms.EditReply
+		user.Perms.DeleteReply = fperms.DeleteReply
+		user.Perms.PinTopic = fperms.PinTopic
+		user.Perms.CloseTopic = fperms.CloseTopic
 	}
-	cookie, err = r.Cookie("session")
+	return user, success
-	if err != nil {
+}
-		user.Group = 6
+
-		user.Perms = GuestPerms
+func ForumSessionCheck(w http.ResponseWriter, r *http.Request, fid int) (user User, noticeList []string, success bool) {
-		return user, noticeList, true
+	if (fid > forumCapCount) || (fid < 0) || forums[fid].Name=="" {
-	}
+		NotFound(w,r)
-	
-	// Is this session valid..?
-	err = get_session_stmt.QueryRow(user.ID,cookie.Value).Scan(&user.ID, &user.Name, &user.Group, &user.Is_Super_Admin, &user.Session, &user.Email, &user.Avatar, &user.Message, &user.URLPrefix, &user.URLName, &user.Level, &user.Score, &user.Last_IP)
-	if err == sql.ErrNoRows {
-		user.ID = 0
-		user.Session = ""
-		user.Group = 6
-		user.Perms = GuestPerms
-		return user, noticeList, true
-	} else if err != nil {
-		InternalError(err,w,r,user)
 		return user, noticeList, false
 	}
-	
+	user, success = SimpleSessionCheck(w,r)
-	user.Is_Admin = user.Is_Super_Admin || groups[user.Group].Is_Admin
+	fperms := groups[user.Group].Forums[fid]
-	user.Is_Super_Mod = groups[user.Group].Is_Mod || user.Is_Admin
+	if fperms.Overrides && !user.Is_Super_Admin {
-	user.Is_Mod = user.Is_Super_Mod
+		user.Perms.ViewTopic = fperms.ViewTopic
-	user.Is_Banned = groups[user.Group].Is_Banned
+		user.Perms.CreateTopic = fperms.CreateTopic
-	user.Loggedin = !user.Is_Banned || user.Is_Super_Mod
+		user.Perms.EditTopic = fperms.EditTopic
-	if user.Is_Banned && user.Is_Super_Mod {
+		user.Perms.DeleteTopic = fperms.DeleteTopic
-		user.Is_Banned = false
+		user.Perms.CreateReply = fperms.CreateReply
+		user.Perms.EditReply = fperms.EditReply
+		user.Perms.DeleteReply = fperms.DeleteReply
+		user.Perms.PinTopic = fperms.PinTopic
+		user.Perms.CloseTopic = fperms.CloseTopic
 	}
-	
-	if user.Is_Super_Admin {
-		user.Perms = AllPerms
-	} else {
-		user.Perms = groups[user.Group].Perms
-	}
-	
 	if user.Is_Banned {
-		noticeList = append(noticeList, "Your account has been suspended. Some of your permissions may have been revoked.")
+		noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
 	}
-	
+	return user, noticeList, success
-	if user.Avatar != "" {
+}
-		if user.Avatar[0] == '.' {
+
-			user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + user.Avatar
+func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList []string, success bool) {
-		}
+	user, success = SimpleSessionCheck(w,r)
-	} else {
+	if user.Is_Banned {
-		user.Avatar = strings.Replace(noavatar,"{id}",strconv.Itoa(user.ID),1)
+		noticeList = append(noticeList,"Your account has been suspended. Some of your permissions may have been revoked.")
 	}
-	
+	return user, noticeList, success
-	host, _, err := net.SplitHostPort(r.RemoteAddr)
-	if err != nil {
-		LocalError("Bad IP",w,r,user)
-		return user, noticeList, false
-	}
-	if host != user.Last_IP {
-		go update_last_ip_stmt.Exec(host, user.ID)
-	}
-	return user, noticeList, true
 }
 
 func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, success bool) {
@@ -175,7 +156,7 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
 		user.Perms = GuestPerms
 		return user, true
 	} else if err != nil {
-		InternalError(err,w,r,user)
+		InternalError(err,w,r)
 		return user, false
 	}
 	
@@ -208,10 +189,9 @@ func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, succ
 		return user, false
 	}
 	if host != user.Last_IP {
-		//fmt.Println("Update")
 		_, err = update_last_ip_stmt.Exec(host, user.ID)
 		if err != nil {
-			InternalError(err,w,r,user)
+			InternalError(err,w,r)
 			return user, false
 		}
 	}