- User mail is not working
 (seems to be fixed, but we still can't delete the mails...)
  Anyway move whole mail handling out of nodes.php (?)

- Registration process is not working
  (rewrite sending of reg. mails) (TEST)
  (during registration we should generate GnuPG keypair to user_gpg_prv and user_gpg_pub fields in table users)

- SQL injections (many fixed, but some should be still there)

- remove absolute paths from all source files (!)

- User images (icons) seems to be broken somehow

- remove hard-coded hostname from:
  ( registration mails )
  ( scripts in "scripts" directory (system paths))

- Fix https vs http problem (url) 

- Suspected security holes:
  ( cron/process-img.sh )
  ( ./inc/eventz/spamuj_ubik.inc )
  ( ./inc/eventz/upload_own_template.inc ) (is even needed?)

- Remove/fix not working eventz
  ( ./inc/eventz/addClass.inc  )
  ( ./inc/eventz/addEvent.inc )
  ( ./inc/eventz/addAjax.inc )
  ( ./inc/eventz/addPlugin.inc )
  ( ./inc/eventz/kyberia.inc ) (wtf)
 
- Refactor directory structure

- Deprecated PHP features
  ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )

- keep fixing XSS

- Test & scale logarithmic threading

- some templates are fixed only in .tpl, not in sql database
  => synchronize .tpl vs SQL templates (permanently)

- Clean code => fix uninitialized variables

- documentation/installation guide (see README)

- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)

- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
  (We really need this... I've cracked Hromi's password in few seconds (even when it was relatively secure))
  (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)