Index: trunk/core/kernel/session/session.php
===================================================================
diff -u -N -r3031 -r3137
--- trunk/core/kernel/session/session.php	(.../session.php)	(revision 3031)
+++ trunk/core/kernel/session/session.php	(.../session.php)	(revision 3137)
@@ -283,7 +283,7 @@
 
 		$this->CheckIfCookiesAreOn();
 		if ($this->CookiesEnabled) $_COOKIE['cookies_on'] = 1;
-		
+
 		$this->Checkers = Array();
 		$this->InitStorage();
 		$this->Data =& new Params();
@@ -324,6 +324,9 @@
 
 	function CheckReferer()
 	{
+		if ( !$this->Application->ConfigValue('SessionReferrerCheck') ) {
+			return true;
+		}
 		$path = preg_replace("/admin$/", '', $this->CookiePath); // removing /admin for compatability with in-portal (in-link/admin/add_link.php)
 		$reg = '#^'.preg_quote(PROTOCOL.ltrim($this->CookieDomain, '.').$path).'#';
 		return preg_match($reg, getArrayValue($_SERVER, 'HTTP_REFERER') ) || (defined('IS_POPUP') && IS_POPUP);
@@ -559,7 +562,7 @@
 			$this->CookieDomain,
 			$this->CookieSecure
 		);
-		
+
 		$_COOKIE[$this->CookieName] = $this->SID;	// for compatibility with in-portal
 	}
 
@@ -645,7 +648,7 @@
 			$this->StoreVar('last_template',  $last_template);
 		}
 		$this->StoreVar('last_env', substr($this->Application->BuildEnv($this->Application->GetVar('t'),Array('pass'=>'all')), strlen(ENV_VAR_NAME)+1 ));
-		
+
 		$this->PrintSession('after save');
 		$this->Storage->SaveData($this);
 	}
Index: trunk/core/kernel/application.php
===================================================================
diff -u -N -r3124 -r3137
--- trunk/core/kernel/application.php	(.../application.php)	(revision 3124)
+++ trunk/core/kernel/application.php	(.../application.php)	(revision 3137)
@@ -156,12 +156,12 @@
 
 		// 1. to read configs before doing any recallObject (called from "SetDefaultConstants" anyway)
 		$config_reader =& $this->recallObject('kUnitConfigReader');
-		
+
 		$this->VerifyLanguageId();
 		$this->VerifyThemeId();
-		
+
 		if( $this->GetVar('m_cat_id') === false ) $this->SetVar('m_cat_id', 0);
-		
+
 		$this->Phrases = new PhrasesCache( $this->GetVar('m_lang') );
 
 		$this->SetVar('lang.current_id', $this->GetVar('m_lang') );
@@ -179,7 +179,7 @@
 		}
 
 		if( !$this->RecallVar('curr_iso') ) $this->StoreVar('curr_iso', $this->GetPrimaryCurrency() );
-		
+
 		$this->SetVar('visits_id', $this->RecallVar('visit_id') );
 
 		$this->ValidateLogin(); // TODO: write that method
@@ -197,7 +197,7 @@
 		$this->InitDone = true;
 		return true;
 	}
-	
+
 	/**
 	 * Checks if passed language id if valid and sets it to primary otherwise
 	 *
@@ -211,10 +211,14 @@
 			$id_field = $this->getUnitOption('lang','IDField');
 			$language_ids = $this->DB->GetCol('SELECT '.$id_field.' FROM '.$table);
 		}
-		
-		if(!$language_id || !in_array($language_id, $language_ids) ) $this->SetVar('m_lang', $this->GetDefaultLanguageId() );
+
+		if(!$language_id || !in_array($language_id, $language_ids) ) {
+			$def_lang = $this->GetDefaultLanguageId();
+			$this->SetVar('m_lang', $def_lang );
+			$this->StoreVar('m_lang', $def_lang );
+		}
 	}
-	
+
 	/**
 	 * Checks if passed theme id if valid and sets it to primary otherwise
 	 *
@@ -228,10 +232,10 @@
 			$id_field = $this->getUnitOption('theme','IDField');
 			$theme_ids = $this->DB->GetCol('SELECT '.$id_field.' FROM '.$table);
 		}
-		
+
 		if(!$theme_id || !in_array($theme_id, $theme_ids) ) $this->SetVar('m_theme', $this->GetDefaultThemeId() );
 	}
-	
+
 	function GetDefaultLanguageId()
 	{
 		$table = $this->getUnitOption('lang','TableName');
@@ -696,7 +700,7 @@
 	function HREF($t, $prefix='', $params=null, $index_file=null)
 	{
 		if(!$t) $t = $this->GetVar('t'); // moved from MainProcessor->T()
-		
+
 		if ( $this->IsAdmin() && $prefix == '') $prefix='/admin';
 		if ( $this->IsAdmin() && $prefix == '_FRONT_END_') $prefix = '';
 		$index_file = isset($index_file) ? $index_file : (defined('INDEX_FILE') ? INDEX_FILE : basename($_SERVER['SCRIPT_NAME']));
@@ -887,7 +891,7 @@
 			{
 				$this->Debugger->appendHTML('Apache Responce Headers');
 				$this->Debugger->dumpVars( apache_response_headers() );
-				
+
 				$this->Debugger->appendHTML('Apache Request Headers');
 				$this->Debugger->dumpVars( apache_request_headers() );
 			}*/
@@ -927,9 +931,10 @@
 	 */
 	function ReplaceLanguageTags($text, $force_escape=null)
 	{
+		// !!!!!!!!
 		return $this->Phrases->ReplaceLanguageTags($text,$force_escape);
 	}
-	
+
 	/**
 	 * Checks if user is logged in, and creates
 	 * user object if so. User object can be recalled
@@ -1287,8 +1292,8 @@
 	function NextResourceId()
 	{
 		$table_name = TABLE_PREFIX.'IdGenerator';
-		
-		$this->DB->Query('LOCK TABLES '.$table_name.' WRITE');		
+
+		$this->DB->Query('LOCK TABLES '.$table_name.' WRITE');
 		$this->DB->Query('UPDATE '.$table_name.' SET lastid = lastid + 1');
 		$id = $this->DB->GetOne('SELECT lastid FROM '.$table_name);
 		if($id === false)
Index: trunk/core/kernel/globals.php
===================================================================
diff -u -N -r2853 -r3137
--- trunk/core/kernel/globals.php	(.../globals.php)	(revision 2853)
+++ trunk/core/kernel/globals.php	(.../globals.php)	(revision 3137)
@@ -23,7 +23,7 @@
 			return $paArray1;
 		}
 	}
-	
+
 	/**
 	 * @return int
 	 * @param $array array
@@ -36,7 +36,7 @@
 		$array[0] =& $value;
 		return $return;
 	}
-	
+
 	if (!function_exists('print_pre')) {
 		/**
 		 * Same as print_r, budet designed for viewing in web page
@@ -59,7 +59,7 @@
 			}
 		}
 	}
-	
+
 	if (!function_exists('getArrayValue')) {
 		/**
 		 * Returns array value if key exists
@@ -83,7 +83,7 @@
 			return $ret;
 		}
 	}
-	
+
 	/**
 	 * Rename key in associative array, maintaining keys order
 	 *
@@ -115,17 +115,17 @@
 			if(!defined($const_name)) define($const_name,$const_value);
 		}
 	}
-	
+
 if( !function_exists('parse_portal_ini') )
 {
-	function parse_portal_ini($file, $parse_section = false) 
-	{ 
+	function parse_portal_ini($file, $parse_section = false)
+	{
 			if (!file_exists($file)) return false;
-		
-    	if( file_exists($file) && !is_readable($file) ) die('Could Not Open Ini File'); 
-     
+
+    	if( file_exists($file) && !is_readable($file) ) die('Could Not Open Ini File');
+
     	$contents = file($file);
-    	
+
     	$retval = Array();
     	$section = '';
     	$ln = 1;
@@ -176,44 +176,44 @@
 if( !function_exists('getmicrotime') )
 {
 	function getmicrotime()
-	{ 
-	    list($usec, $sec) = explode(" ",microtime()); 
-	    return ((float)$usec + (float)$sec); 
-	} 
+	{
+	    list($usec, $sec) = explode(" ",microtime());
+	    return ((float)$usec + (float)$sec);
+	}
 }
-	
+
 if( !function_exists('k4_include_once') )
-{	
+{
 	function k4_include_once($file)
 	{
 		if ( defined('DEBUG_MODE') && DEBUG_MODE && defined('DBG_PROFILE_INCLUDES') && DBG_PROFILE_INCLUDES )
 		{
-			
+
 			if ( in_array($file, get_required_files()) ) return;
 			global $debugger;
-			
+
 			$debugger->IncludeLevel++;
 			$before_time = getmicrotime();
 			$before_mem = memory_get_usage();
 			include_once($file);
 			$used_time = getmicrotime() - $before_time;
 			$used_mem = memory_get_usage() - $before_mem;
-			
+
 			$debugger->IncludeLevel--;
 			$debugger->IncludesData['file'][] = str_replace(FULL_PATH, '', $file);
 			$debugger->IncludesData['mem'][] = $used_mem;
 			$debugger->IncludesData['time'][] = $used_time;
 			$debugger->IncludesData['level'][] = $debugger->IncludeLevel;
-			
-			
+
+
 		}
 		else
 		{
 			include_once($file);
 		}
 	}
 }
-	
+
 	/**
 	 * Checks if string passed is serialized array
 	 *
@@ -225,66 +225,66 @@
 		if( is_array($string) ) return false;
 		return preg_match('/a:([\d]+):{/', $string);
 	}
-	
+
 	if (!function_exists('makepassword4')){
-	
+
 		function makepassword4($length=10)
 		{
-		  $pass_length=$length; 
-		
+		  $pass_length=$length;
+
 		  $p1=array('b','c','d','f','g','h','j','k','l','m','n','p','q','r','s','t','v','w','x','y','z');
-		  $p2=array('a','e','i','o','u'); 
-		  $p3=array('1','2','3','4','5','6','7','8','9');   
-		  $p4=array('(','&',')',';','%');    // if you need real strong stuff 
-		
-		  // how much elements in the array 
-		  // can be done with a array count but counting once here is faster 
-		
-		  $s1=21;// this is the count of $p1    
-		  $s2=5; // this is the count of $p2 
-		  $s3=9; // this is the count of $p3 
-		  $s4=5; // this is the count of $p4 
-		
-		  // possible readable combinations 
-		
-		  $c1='121';    // will be like 'bab' 
-		  $c2='212';      // will be like 'aba' 
-		  $c3='12';      // will be like 'ab' 
-		  $c4='3';        // will be just a number '1 to 9'  if you dont like number delete the 3 
-		// $c5='4';        // uncomment to active the strong stuff 
-		
-		  $comb='4'; // the amount of combinations you made above (and did not comment out) 
-		
-		
-		
-		  for ($p=0;$p<$pass_length;) 
-		  { 
-		    mt_srand((double)microtime()*1000000); 
-		    $strpart=mt_rand(1,$comb); 
-		    // checking if the stringpart is not the same as the previous one 
-		    if($strpart<>$previous) 
-		    { 
-		      $pass_structure.=${'c'.$strpart}; 
-		
-		      // shortcutting the loop a bit 
-		      $p=$p+strlen(${'c'.$strpart}); 
-		    } 
-		    $previous=$strpart; 
-		  } 
-		
-		
-		  // generating the password from the structure defined in $pass_structure 
-		  for ($g=0;$g<strlen($pass_structure);$g++) 
-		  { 
-		    mt_srand((double)microtime()*1000000); 
-		    $sel=substr($pass_structure,$g,1); 
-		    $pass.=${'p'.$sel}[mt_rand(0,-1+${'s'.$sel})]; 
-		
-		  } 
-		  return $pass; 
-		}	
+		  $p2=array('a','e','i','o','u');
+		  $p3=array('1','2','3','4','5','6','7','8','9');
+		  $p4=array('(','&',')',';','%');    // if you need real strong stuff
+
+		  // how much elements in the array
+		  // can be done with a array count but counting once here is faster
+
+		  $s1=21;// this is the count of $p1
+		  $s2=5; // this is the count of $p2
+		  $s3=9; // this is the count of $p3
+		  $s4=5; // this is the count of $p4
+
+		  // possible readable combinations
+
+		  $c1='121';    // will be like 'bab'
+		  $c2='212';      // will be like 'aba'
+		  $c3='12';      // will be like 'ab'
+		  $c4='3';        // will be just a number '1 to 9'  if you dont like number delete the 3
+		// $c5='4';        // uncomment to active the strong stuff
+
+		  $comb='4'; // the amount of combinations you made above (and did not comment out)
+
+
+
+		  for ($p=0;$p<$pass_length;)
+		  {
+		    mt_srand((double)microtime()*1000000);
+		    $strpart=mt_rand(1,$comb);
+		    // checking if the stringpart is not the same as the previous one
+		    if($strpart<>$previous)
+		    {
+		      $pass_structure.=${'c'.$strpart};
+
+		      // shortcutting the loop a bit
+		      $p=$p+strlen(${'c'.$strpart});
+		    }
+		    $previous=$strpart;
+		  }
+
+
+		  // generating the password from the structure defined in $pass_structure
+		  for ($g=0;$g<strlen($pass_structure);$g++)
+		  {
+		    mt_srand((double)microtime()*1000000);
+		    $sel=substr($pass_structure,$g,1);
+		    $pass.=${'p'.$sel}[mt_rand(0,-1+${'s'.$sel})];
+
+		  }
+		  return $pass;
+		}
 	}
-	
+
 	if( !function_exists('unhtmlentities') )
 	{
 		function unhtmlentities($string)
@@ -294,7 +294,7 @@
 			return strtr($string, $trans_tbl);
 		}
 	}
-	
+
 	if( !function_exists('curl_post') )
 	{
 		/**
@@ -312,22 +312,27 @@
 				foreach($post as $key => $value) $params_str .= $key.'='.urlencode($value).'&';
 				$post = $params_str;
 			}
-			
+
 			$ch = curl_init($url);
 			curl_setopt($ch, CURLOPT_POST, 1);
 			curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
 			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+			curl_setopt($ch,CURLOPT_REFERER, PROTOCOL.SERVER_NAME);
+			curl_setopt($ch,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);
+			curl_setopt($ch,CURLOPT_FOLLOWLOCATION, 0);
+
 			$ret = curl_exec($ch);
 			curl_close($ch);
 			return $ret;
 		}
 	}
-	
+
 	if( !function_exists('memory_get_usage') )
 	{
 		function memory_get_usage(){ return -1;	}
 	}
-	
+
 	function &ref_call_user_func_array($callable, $args)
 	{
 		if( is_scalar($callable) )