Release 2.1.5.

Update the changelogs.
Update the inspircd module for recent 1206 protocol changes.
2026-06-17 04:54:45 +02:00 · 2024-05-01 14:16:09 +01:00 · 2024-05-01 14:15:17 +01:00 · 2024-05-01 14:03:11 +01:00 · 2024-04-29 08:36:23 +01:00 · 2024-04-29 08:16:45 +01:00
312 changed files with 9644 additions and 6562 deletions
@@ -4,3 +4,4 @@ updates:
    directory: /
    schedule:
      interval: monthly
+    target-branch: "2.1"
@@ -20,6 +20,7 @@ jobs:
          echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
          apk update
          apk add \
+            argon2-dev \
            clang \
            cmake \
            g++ \
@@ -36,7 +37,7 @@ jobs:

      - name: Enable extras
        run: |
-          for MODULE in ldap ldap_authentication ldap_oper mysql regex_pcre2 regex_posix regex_tre sql_authentication sql_log sql_oper sqlite ssl_gnutls ssl_openssl
+          for MODULE in enc_argon2 enc_posix ldap mysql regex_pcre2 regex_posix regex_tre sqlite ssl_gnutls ssl_openssl
          do
            ln -s $PWD/modules/extra/$MODULE.cpp $PWD/modules
          done
@@ -20,6 +20,7 @@ jobs:
            g++ \
            gettext \
            git \
+            libargon2-dev \
            libgnutls28-dev \
            libldap2-dev \
            libmysqlclient-dev \
@@ -31,7 +32,7 @@ jobs:

      - name: Enable extras
        run: |
-          for MODULE in ldap ldap_authentication ldap_oper mysql regex_pcre2 regex_posix regex_tre sql_authentication sql_log sql_oper sqlite ssl_gnutls ssl_openssl
+          for MODULE in enc_argon2 enc_posix ldap mysql regex_pcre2 regex_posix regex_tre sqlite ssl_gnutls ssl_openssl
          do
            ln -s ${{ github.workspace }}/modules/extra/$MODULE.cpp ${{ github.workspace }}/modules
          done
@@ -2,6 +2,9 @@ name: Windows CI
 on:
  pull_request:
  push:
+  release:
+    types:
+      - published
  schedule:
    - cron: '0 0 * * 0'
 jobs:
@@ -9,7 +12,7 @@ jobs:
    if: "!contains(github.event.head_commit.message, '[skip windows ci]')"
    runs-on: windows-2019
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

      - name: Setup MSBuild
        uses: microsoft/setup-msbuild@v1.3
@@ -17,7 +20,7 @@ jobs:
      - name: Setup Conan
        uses: turtlebrowser/get-conan@v1.2
        with:
-          version: 1.59.0
+          version: 1.64.0

      - name: Install libraries
        run: |
@@ -27,9 +30,17 @@ jobs:
        run: |
          mkdir ${{ github.workspace }}\build
          cd ${{ github.workspace }}\build
-          cmake -A "x64" -G "Visual Studio 16 2019" ..
+          cmake -A "x64" -D "CMAKE_BUILD_TYPE=${{ github.event_name == 'release' && 'Release' || 'Debug' }}" -G "Visual Studio 16 2019" ..

      - name: Build Anope
        working-directory: ${{ github.workspace }}\build
        run: |
-          msbuild PACKAGE.vcxproj /M:3 /P:Configuration=Release /P:Platform=x64 /VERBOSITY:MINIMAL
+          msbuild PACKAGE.vcxproj /M:3 /P:Configuration=${{ github.event_name == 'release' && 'Release' || 'Debug' }} /P:Platform=x64 /VERBOSITY:MINIMAL
+
+      - name: Upload installer
+        if: "${{ github.event_name == 'release' }}"
+        working-directory: ${{ github.workspace }}\build
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release upload ${{ github.event.release.tag_name }} $(Get-ChildItem anope-*.exe)
@@ -1,16 +1,13 @@
 build/
 config.cache
 include/sysconf.h
+modules/enc_argon2.cpp
+modules/enc_posix.cpp
 modules/ldap.cpp
-modules/ldap_authentication.cpp
-modules/ldap_oper.cpp
 modules/mysql.cpp
 modules/regex_pcre2.cpp
 modules/regex_posix.cpp
 modules/regex_tre.cpp
-modules/sql_authentication.cpp
-modules/sql_log.cpp
-modules/sql_oper.cpp
 modules/sqlite.cpp
 modules/ssl_gnutls.cpp
 modules/ssl_openssl.cpp
@@ -170,7 +170,7 @@ if(MSVC)
  string(REPLACE "/GX " "" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})
  string(REPLACE "/W3 " "" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})
  # Set the compile flags to have warnings on the max setting (but disable a few annoying ones), exception handling turned on, the proper defines
-  set(CXXFLAGS "${CXXFLAGS} /W4 /wd4100 /wd4127 /wd4250 /wd4251 /wd4355 /wd4706 /wd4800 /wd4996 /EHs")
+  set(CXXFLAGS "${CXXFLAGS} /W4 /wd4100 /wd4127 /wd4250 /wd4251 /wd4267 /wd4275 /wd4355 /wd4706 /wd4800 /wd4996 /EHs")
  add_definitions(-D_CRT_SECURE_NO_WARNINGS)
 # Otherwise, we're not using Visual Studio
 else()
@@ -183,6 +183,12 @@ if(CMAKE_DL_LIBS)
  list(APPEND LINK_LIBS ${CMAKE_DL_LIBS})
 endif()

+# Find the linker flags required for using threads.
+find_package("Threads" REQUIRED)
+if(CMAKE_THREAD_LIBS_INIT)
+  list(APPEND LINK_LIBS ${CMAKE_THREAD_LIBS_INIT})
+endif()
+
 # Under MinGW, the -shared flag isn't properly set in the module-specific linker flags, add it from the C flags for shared libraries
 if(MINGW)
  set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${CMAKE_SHARED_LIBRARY_CREATE_C_FLAGS}")
@@ -200,29 +206,6 @@ if(NOT MSVC)
  if(HAVE_PIPE_FLAG)
    set(CXXFLAGS "${CXXFLAGS} -pipe")
  endif()
-
-  # The following are additional library checks, they are not required for Windows
-  if(NOT WIN32)
-    # Check if socket is within the socket library (if the library exists), and add it to the linker flags if needed
-    check_library_exists(socket socket "" HAVE_SOCKET_LIB)
-    if(HAVE_SOCKET_LIB)
-      list(APPEND LINK_LIBS socket)
-    endif()
-    # Check if inet_addr is within the nsl library (if the library exists), and add it to the linker flags if needed
-    check_library_exists(nsl inet_addr "" HAVE_NSL_LIB)
-    if(HAVE_NSL_LIB)
-      list(APPEND LINK_LIBS nsl)
-    endif()
-    # Check if pthread_create is within the pthread library (if the library exists), and add it to the linker flags if needed
-    check_library_exists(pthread pthread_create "" HAVE_PTHREAD)
-    if(HAVE_PTHREAD)
-      if(NOT APPLE)
-        set(LDFLAGS "${LDFLAGS} -pthread")
-      endif()
-    else()
-      message(FATAL_ERROR "The pthread library is required to build Anope")
-    endif()
-  endif()
 endif()

 # If DEFUMASK wasn't passed to CMake, set a default depending on if RUNGROUP was passed in or not
@@ -241,6 +224,7 @@ if(CMAKE_BUILD_TYPE STREQUAL "DEBUG" OR CMAKE_BUILD_TYPE STREQUAL "RELWITHDEBINF
 endif()

 # Check for the existence of the following functions
+check_function_exists(clock_gettime HAVE_CLOCK_GETTIME)
 check_function_exists(umask HAVE_UMASK)
 check_function_exists(epoll_wait HAVE_EPOLL)
 check_function_exists(poll HAVE_POLL)
@@ -272,8 +256,8 @@ endif()
 if(NOT BIN_DIR)
  set(BIN_DIR "bin")
 endif()
-if(NOT DB_DIR)
-  set(DB_DIR "data")
+if(NOT DATA_DIR)
+  set(DATA_DIR "data")
 endif()
 if(NOT DOC_DIR)
  set(DOC_DIR "doc")
@@ -281,14 +265,14 @@ endif()
 if(NOT CONF_DIR)
  set(CONF_DIR "conf")
 endif()
-if(NOT LIB_DIR)
-  set(LIB_DIR "lib")
+if(NOT MODULE_DIR)
+  set(MODULE_DIR "modules")
 endif()
 if(NOT LOCALE_DIR)
  set(LOCALE_DIR "locale")
 endif()
-if(NOT LOGS_DIR)
-  set(LOGS_DIR "logs")
+if(NOT LOG_DIR)
+  set(LOG_DIR "logs")
 endif()

 # Version number processing
@@ -366,15 +350,17 @@ set(SERVICES_BINARY "$<TARGET_FILE:${PROGRAM_NAME}>")
 get_filename_component(SERVICES_BINARY ${SERVICES_BINARY} NAME)

 # At install time, create the following additional directories
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DB_DIR}/backups\")")
-install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${LOGS_DIR}\")")
+get_filename_component(ABSOLUTE_DATA_DIR ${DATA_DIR} REALPATH BASE_DIR ${CMAKE_INSTALL_PREFIX})
+get_filename_component(ABSOLUTE_LOG_DIR ${LOG_DIR} REALPATH BASE_DIR ${CMAKE_INSTALL_PREFIX})
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ABSOLUTE_DATA_DIR}/backups\")")
+install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}${ABSOLUTE_LOG_DIR}\")")
 if(WIN32)
-  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DB_DIR}/runtime\")")
+  install(CODE "file(MAKE_DIRECTORY \"\$ENV{DESTDIR}\${ABSOLUTE_DATA_DIR}/runtime\")")
 endif()
 # On non-Windows platforms, if RUNGROUP is set, change the permissions of the below directories, as well as the group of the data directory
 if(NOT WIN32 AND RUNGROUP)
-  install(CODE "execute_process(COMMAND ${CHMOD} 2775 \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\${DB_DIR}/backups\")")
-  install(CODE "execute_process(COMMAND ${CHMOD} 2775 \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\${LOGS_DIR}\")")
+  install(CODE "execute_process(COMMAND ${CHMOD} 2775 \"\$ENV{DESTDIR}${ABSOLUTE_DATA_DIR}/backups\")")
+  install(CODE "execute_process(COMMAND ${CHMOD} 2775 \"\$ENV{DESTDIR}${ABSOLUTE_LOG_DIR}\")")
  install(CODE "execute_process(COMMAND ${CHGRP} -R ${RUNGROUP} \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}\")")
 endif()
 # On Windows platforms, install extra files
@@ -384,7 +370,8 @@ if(WIN32)
  )
 endif()

-install(CODE "file(REMOVE_RECURSE \"$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${LIB_DIR}/modules\")")
+get_filename_component(ABSOLUTE_MODULE_DIR ${MODULE_DIR} REALPATH BASE_DIR ${CMAKE_INSTALL_PREFIX})
+install(CODE "file(REMOVE_RECURSE \"$ENV{DESTDIR}${ABSOLUTE_MODULE_DIR}\")")

 # Only process the CPack section if we have CPack
 if(EXISTS "${CMAKE_ROOT}/Modules/CPack.cmake")
@@ -238,15 +238,15 @@ serverinfo

 	/*
 	 * The filename containing the Anope process ID. The path is relative to the
-	 * services root directory.
+	 * data directory.
 	 */
-	pid = "data/anope.pid"
+	pid = "anope.pid"

 	/*
 	 * The filename containing the Message of the Day. The path is relative to the
-	 * services root directory.
+	 * config directory.
 	 */
-	motd = "conf/motd.txt"
+	motd = "motd.txt"
 }

 /*
@@ -302,30 +302,31 @@ networkinfo
 	/*
 	 * Set this to the maximum allowed nick length on your network.
 	 * Be sure to set this correctly, as setting this wrong can result in
-	 * Anope being disconnected from the network.
+	 * Anope being disconnected from the network. Defaults to 31.
 	 */
-	nicklen = 31
+	#nicklen = 31

 	/* Set this to the maximum allowed ident length on your network.
 	 * Be sure to set this correctly, as setting this wrong can result in
-	 * Anope being disconnected from the network.
+	 * Anope being disconnected from the network. Defaults to 10.
 	 */
-	userlen = 10
+	#userlen = 10

 	/* Set this to the maximum allowed hostname length on your network.
 	 * Be sure to set this correctly, as setting this wrong can result in
-	 * Anope being disconnected from the network.
+	 * Anope being disconnected from the network. Defaults to 64.
 	 */
-	hostlen = 64
+	#hostlen = 64

 	/* Set this to the maximum allowed channel length on your network.
+	 * Defaults to 32.
 	 */
-	chanlen = 32
+	#chanlen = 32

 	/* The maximum number of list modes settable on a channel (such as b, e, I).
-	 * Comment out or set to 0 to disable.
+	 * Set to 0 to disable. Defaults to 100.
 	 */
-	modelistsize = 100
+	#modelistsize = 100

 	/*
 	 * Characters allowed in nicknames. This always includes the characters described
@@ -394,19 +395,6 @@ options
 	 */
 	casemap = "ascii"

-	/*
-	 * This key is used to initiate the random number generator. This number
-	 * MUST be random as you want your passcodes to be random. Don't give this
-	 * key to anyone! Keep it private!
-	 *
-	 * NOTE: If you don't uncomment this or keep the default values, any talented
-	 * programmer would be able to easily "guess" random strings used to mask
-	 * information. Be safe, and come up with a 7-digit number.
-	 *
-	 * This directive is optional, but highly recommended.
-	 */
-	#seed = 9866235
-
 	/*
 	 * Sets the number of invalid password tries before services removes a user
 	 * from the network. If a user enters a number of invalid passwords equal to
@@ -522,6 +510,12 @@ options
 	 */
 	hideregisteredcommands = yes

+	/*
+	 * If set, the maximum difference between an invalid and valid command name to allow
+	 * as a suggestion. Defaults to 4.
+	 */
+	didyoumeandifference = 4
+
 	/* The regex engine to use, as provided by the regex modules.
 	 * Leave commented to disable regex matching.
 	 *
@@ -748,7 +742,6 @@ log
 * You may define groups of commands and privileges, as well as who may use them.
 *
 * This block is recommended, as without it you will be unable to access most oper commands.
- * It replaces the old ServicesRoot directive amongst others.
 *
 * The command names below are defaults and are configured in the *serv.conf's. If you configure
 * additional commands with permissions, such as commands from third party modules, the permissions
@@ -763,14 +756,16 @@ log
 *  chanserv/auspex               - Can see any information with /CHANSERV INFO
 *  chanserv/no-register-limit    - May register an unlimited number of channels and nicknames
 *  chanserv/kick                 - Can kick and ban users from channels through ChanServ
+ *  chanserv/drop/override        - Allows dropping channels without using a confirmation code
 *  memoserv/info                 - Can see any information with /MEMOSERV INFO
 *  memoserv/set-limit            - Can set the limit of max stored memos on any user and channel
 *  memoserv/no-limit             - Can send memos through limits and throttles
- *  nickserv/access               - Can modify other users access and certificate lists
 *  nickserv/alist                - Can see the channel access list of other users
 *  nickserv/auspex               - Can see any information with /NICKSERV INFO
+ *  nickserv/cert                 - Can modify other users certificate lists
 *  nickserv/confirm              - Can confirm other users nicknames
 *  nickserv/drop                 - Can drop other users nicks
+ *  nickserv/drop/override        - Allows dropping nicks without using a confirmation code
 *  nickserv/recover              - Can recover other users nicks
 *  operserv/config               - Can modify services's configuration
 *  operserv/oper/modify          - Can add and remove operators with at most the same privileges
@@ -789,14 +784,14 @@ log
 *
 *   nickserv/getemail         nickserv/suspend       nickserv/ajoin           nickserv/list
 *
- *   nickserv/saset/autoop     nickserv/saset/email   nickserv/saset/greet     nickserv/saset/password
- *   nickserv/saset/display    nickserv/saset/kill    nickserv/saset/language  nickserv/saset/message
- *   nickserv/saset/private    nickserv/saset/secure  nickserv/saset/url       nickserv/saset/noexpire
- *   nickserv/saset/keepmodes  nickserv/saset/neverop
+ *   nickserv/saset/autoop   nickserv/saset/display    nickserv/saset/email    nickserv/saset/greet
+ *   nickserv/saset/kill     nickserv/saset/keepmodes  nickserv/saset/language  nickserv/saset/message
+ *   nickserv/saset/neverop  nickserv/saset/noexpire   nickserv/saset/password  nickserv/saset/private
+ *   nickserv/saset/url
 *
 *   hostserv/set            hostserv/del           hostserv/list
 *
- *   global/global
+ *   global/global         global/queue          global/server
 *
 *   operserv/news         operserv/stats        operserv/kick       operserv/exception    operserv/seen
 *   operserv/mode         operserv/session      operserv/modinfo    operserv/ignore       operserv/chanlist
@@ -925,7 +920,7 @@ opertype
 /*
 * [OPTIONAL] Mail Config
 *
- * This section contains settings related to the use of e-mail from services.
+ * This section contains settings related to the use of email from services.
 * If the usemail directive is set to yes, unless specified otherwise, all other
 * directives are required.
 *
@@ -945,7 +940,7 @@ mail

 	/*
 	 * This is the command-line that will be used to call the mailer to send an
-	 * e-mail. It must be called with all the parameters needed to make it
+	 * email. It must be called with all the parameters needed to make it
 	 * scan the mail input to find the mail recipient; consult your mailer
 	 * documentation.
 	 *
@@ -957,18 +952,18 @@ mail
 	 * If you are running on Windows you should use a Windows sendmail port
 	 * like https://www.glob.com.au/sendmail/ for sending emails.
 	 */
-	sendmailpath = "/usr/sbin/sendmail -t"
+	#sendmailpath = "/usr/sbin/sendmail -it"

 	/*
-	 * This is the e-mail address from which all the e-mails are to be sent from.
+	 * This is the email address from which all the emails are to be sent from.
 	 * It should really exist.
 	 */
 	sendfrom = "services@example.com"

 	/*
 	 * This controls the minimum amount of time a user must wait before sending
-	 * another e-mail after they have sent one. It also controls the minimum time
-	 * a user must wait before they can receive another e-mail.
+	 * another email after they have sent one. It also controls the minimum time
+	 * a user must wait before they can receive another email.
 	 *
 	 * This feature prevents users from being mail bombed using services and
 	 * it is highly recommended that it be used.
@@ -979,10 +974,10 @@ mail

 	/*
 	 * If set, Anope will not put quotes around the TO: fields
-	 * in e-mails.
+	 * in emails.
 	 *
 	 * This directive is optional, and as far as we know, it's only needed
-	 * if you are using ESMTP or QMail to send out e-mails.
+	 * if you are using ESMTP or QMail to send out emails.
 	 */
 	#dontquoteaddresses = yes

@@ -1099,6 +1094,22 @@ mail
 	#hash = "md5"
 }

+/*
+ * db_atheme
+ *
+ * This allows importing databases from Atheme. You should load another database module as
+ * well as this as it can only read Atheme databases not write them.
+ */
+#module
+{
+	name = "db_atheme"
+
+	/*
+	 * The database name db_atheme should use.
+	 */
+	database = "atheme.db"
+}
+
 /*
 * [RECOMMENDED] db_flatfile
 *
@@ -1219,49 +1230,121 @@ module
 /*
 * [RECOMMENDED] Encryption modules.
 *
- * The encryption modules are used when dealing with passwords. This determines how
- * the passwords are stored in the databases, and does not add any security as
- * far as transmitting passwords over the network goes.
- *
- * Without any encryption modules loaded users will not be able to authenticate unless
- * there is another module loaded that provides authentication checking, such as
- * ldap_authentication or sql_authentication.
- *
- * With enc_none, passwords will be stored in plain text, allowing for passwords
- * to be recovered later but it isn't secure and therefore is not recommended.
- *
- * The other encryption modules use one-way encryption, so the passwords can not
- * be recovered later if those are used.
- *
- * The first encryption module loaded is the primary encryption module. All new passwords are
- * encrypted by this module. Old passwords stored in another encryption method are
- * automatically re-encrypted by the primary encryption module on next identify.
- *
- * enc_md5, enc_sha1, and enc_old are deprecated, and are provided for users
- * to upgrade to a newer encryption module. Do not use them as the primary
- * encryption module. They will be removed in a future release.
+ * The encryption modules are used when dealing with passwords. This determines
+ * how the passwords are stored in the databases.
 *
+ * The first encryption module loaded is the primary encryption module. All new
+ * passwords are encrypted by this module. Old passwords encrypted with another
+ * encryption method are automatically re-encrypted with the primary encryption
+ * module the next time the user identifies.
 */

-#module { name = "enc_bcrypt" }
-module { name = "enc_sha256" }
-
- /*
- * [DEPRECATED] Deprecated encryption modules. You can only use these for compatibility with
- * old databases and will need to load one of the above modules as your primary encryption
- * module.
-  */
-#module { name = "enc_md5" }
-#module { name = "enc_none" }
-#module { name = "enc_sha1" }
-
 /*
- * enc_old is Anope's previous (broken) MD5 implementation used from 1.4.x to 1.7.16.
- * If your databases were made using that module, load it here to allow conversion to the primary
- * encryption method.
+ * enc_sha2
+ *
+ * Provides support for encrypting passwords using the HMAC-SHA-2 algorithm. See
+ * https://en.wikipedia.org/wiki/SHA-2 and https://en.wikipedia.org/wiki/HMAC
+ * for more information.
 */
-#module { name = "enc_old" }
+module
+{
+	name = "enc_sha2"

+	/** The sub-algorithm to use. Can be set to sha224 for SHA-224, sha256 for
+	 * SHA-256, sha284 for SHA-384 or sha512 to SHA-512. Defaults to sha256.
+	 */
+	#algorithm = "sha256"
+}
+
+/*
+ * [EXTRA] enc_argon2
+ *
+ * Provides support for encrypting passwords using the Argon2 algorithm. See
+ * https://en.wikipedia.org/wiki/Argon2 for more information.
+ */
+#module
+{
+	name = "enc_argon2"
+
+	/** The sub-algorithm to use. Can be set to argon2d for Argon2d, argon2i for
+	 * Argon2i, or argon2id for Argon2id. Defaults to argon2id.
+	 */
+	#algorithm = "argon2id"
+
+	/** The memory hardness in kibibytes of the Argon2 algorithm. Defaults to
+	 * 128 mebibytes.
+	 */
+	#memory_cost = 121072
+
+	/** The time hardness (iterations) of the Argon2 algorithm. Defaults to 3.
+	 */
+	#time_cost = 3
+
+	/** The amount of parallel threads to use when encrypting passwords.
+	 * Defaults to 1.
+	 */
+	#parallelism = 1
+
+	/** The length in bytes of an Argon2 hash. Defaults to 32. */
+	#hash_length = 32
+
+	/** The length in bytes of an Argon2 salt. Defaults to 32. */
+	#salt_length = 32
+}
+
+/*
+ * enc_bcrypt
+ *
+ * Provides support for encrypting passwords using the Bcrypt algorithm. See
+ * https://en.wikipedia.org/wiki/Bcrypt for more information.
+ */
+#module
+{
+	name = "enc_bcrypt"
+
+	/** The number of Bcrypt rounds to perform on passwords. Can be set to any
+	 * number between 10 and 32 but higher numbers are more CPU intensive and
+	 * may impact performance.
+	 */
+	#rounds = 10
+}
+
+/*
+ * [EXTRA] enc_posix
+ *
+ * Provides verify-only support for passwords encrypted using the POSIX crypt()
+ * function. Load this if you are migrating from another services packages such
+ * as Atheme. See https://en.wikipedia.org/wiki/Crypt_(C) for more information.
+ *
+ * You must load another encryption method before this to re-encrypt passwords
+ * with when a user logs in.
+ */
+#module { name = "enc_posix" }
+
+/*
+ * [DEPRECATED] enc_md5, enc_none, enc_old, enc_sha1, enc_sha256
+ *
+ * Provides verify-only support for passwords encrypted using encryption methods
+ * from older versions of Anope. These methods are no longer considered secure
+ * and will be removed in a future version of Anope. Only load them if you are
+ * upgrading from a previous version of Anope that used them.
+ *
+ * enc_md5:    Verifies passwords encrypted with the MD5 algorithm
+ * enc_none:   Verifies passwords that are not encrypted
+ * enc_sha1:   Verifies passwords encrypted with the SHA1 algorithm
+ * enc_old:    Verifies passwords encrypted with the broken MD5 algorithm used
+ *             before 1.7.17.
+ * enc_sha256: Verifies passwords encrypted with the SHA256 algorithm using a
+ *             custom initialisation vector as a salt.
+ *
+ * You must load another encryption method before this to re-encrypt passwords
+ * with when a user logs in.
+ */
+#module { name = "enc_md5" }
+#module { name = "enc_none" }
+#module { name = "enc_old" }
+#module { name = "enc_sha1" }
+#module { name = "enc_sha256" }

 /* Extra (optional) modules. */
 include
@@ -183,7 +183,7 @@ module
 	/*
 	 * The maximum number of entries a single bad words list can have.
 	 */
-	badwordsmax = 32
+	badwordsmax = 50

 	/*
 	 * If set, BotServ will use case sensitive checking for badwords.
@@ -76,8 +76,6 @@ module
 	 *                     access level or superior
 	 * -     cs_private: Hide the channel from ChanServ's LIST command
 	 * -     restricted: Kick/ban users who are restricted from the channel
-	 * -      cs_secure: Enable channel security, requiring the user to be identified with NickServ in
-	 *                     order to be considered for being on the access list of the channel
 	 * -      secureops: Only allow operator status to be given if the user is on the access list
 	 * -  securefounder: Only allow the real founder of the channel to drop the channel, change its
 	 *                     password, or change the founder or successor
@@ -93,10 +91,10 @@ module
 	 *                   to be a registered nick, otherwise the channel will be dropped.
 	 * -           none: No defaults
 	 *
-	 * This directive is optional, if left blank, the options will default to keeptopic, peace, cs_secure,
+	 * This directive is optional, if left blank, the options will default to keeptopic, peace,
 	 * securefounder, and signkick. If you really want no defaults, use "none" by itself as the option.
 	 */
-	defaults = "keeptopic peace cs_secure securefounder signkick"
+	defaults = "keeptopic peace securefounder signkick"

 	/*
 	 * The maximum number of channels which may be registered to a single nickname.
@@ -116,15 +114,15 @@ module

 	/*
 	 * The maximum number of entries on a channel's access list.
-	 * If not set, the default is 1024. This can be set to 0 for unlimited.
+	 * If not set, the default is 1000. This can be set to 0 for unlimited.
 	 */
-	accessmax = 1024
+	accessmax = 1000

 	/*
 	 * The length of time ChanServ stays in a channel after kicking a user from a channel they are not
 	 * permitted to be in. This only occurs when the user is the only one in the channel.
 	 */
-	inhabit = 15s
+	inhabit = 1m

 	/*
 	 * Allow only IRC Operators to use ChanServ.
@@ -915,7 +913,7 @@ module
 	/*
 	 * The maximum number of entries on a channel's autokick list.
 	 */
-	autokickmax = 32
+	autokickmax = 50

 	/*
 	 * The default reason for an autokick if none is given.
@@ -1128,7 +1126,7 @@ module
 	 *
 	 * This directive is optional.
 	 */
-	max = 32
+	max = 50
 }
 command { service = "ChanServ"; name = "MODE"; command = "chanserv/mode"; group = "chanserv/management"; }

@@ -1249,7 +1247,7 @@ command { service = "ChanServ"; name = "SET NOEXPIRE"; command = "chanserv/saset
 */
 module { name = "cs_set_misc" }
 command { service = "ChanServ"; name = "SET URL"; command = "chanserv/set/misc"; misc_description = _("Associate a URL with the channel"); }
-command { service = "ChanServ"; name = "SET EMAIL"; command = "chanserv/set/misc"; misc_description = _("Associate an E-mail address with the channel"); }
+command { service = "ChanServ"; name = "SET EMAIL"; command = "chanserv/set/misc"; misc_description = _("Associate an email address with the channel"); }

 /*
 * cs_status
@@ -113,3 +113,29 @@ command { service = "Global"; name = "HELP"; command = "generic/help"; }
 */
 module { name = "gl_global" }
 command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; }
+
+/*
+ * gl_queue
+ *
+ * Provides the command global/queue.
+ *
+ * Used for queuing messages to send to every online user.
+ */
+module
+{
+	name = "gl_queue"
+
+	/* The maximum number of messages in a message queue. Defaults to 10. */
+	maxqueue = 10
+}
+command { service = "Global"; name = "QUEUE"; command = "global/queue"; permission = "global/queue"; }
+
+/*
+ * gl_server
+ *
+ * Provides the command global/server.
+ *
+ * Used for sending a message to every online user on a server.
+ */
+module { name = "gl_server" }
+command { service = "Global"; name = "SERVER"; command = "global/server"; permission = "global/server"; }
@@ -83,7 +83,7 @@ module
 	 *
 	 * This directive is optional, but recommended.
 	 */
-	senddelay = 3s
+	senddelay = 30s
 }

 /*
@@ -146,7 +146,7 @@ module
 	 *
 	 * This directive is optional.
 	 */
-	max = 32
+	max = 50
 }
 command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; }

@@ -59,7 +59,7 @@ module { name = "help" }
 	 * SOA record information.
 	 */

-	/* E-mail address of the DNS administrator. */
+	/* Email address of the DNS administrator. */
 	admin = "admin@example.com"

 	/* This should be the names of the public facing nameservers serving the records. */
@@ -254,7 +254,7 @@ module { name = "help" }
 }

 /*
- * ldap_authentication [EXTRA]
+ * ldap_authentication
 *
 * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
 * LDAP to authenticate users. Requires ldap.
@@ -314,7 +314,7 @@ module { name = "help" }
 }

 /*
- * ldap_oper [EXTRA]
+ * ldap_oper
 *
 * This module dynamically ties users to Anope opertypes when they identify
 * via LDAP group membership. Requires ldap.
@@ -580,7 +580,8 @@ module { name = "sasl" }
 	name = "ssl_gnutls"

 	/*
-	 * An optional certificate and key for ssl_gnutls to give to the uplink.
+	 * An optional certificate and key for ssl_gnutls to give to the uplink. All
+	 * paths are relative to the config directory.
 	 *
 	 * You can generate your own certificate and key pair by using:
 	 *
@@ -588,8 +589,8 @@ module { name = "sasl" }
 	 *   certtool --generate-self-signed --load-privkey privkey.pem --outfile fullchain.pem
 	 *
 	 */
-	cert = "data/fullchain.pem"
-	key = "data/privkey.pem"
+	cert = "fullchain.pem"
+	key = "privkey.pem"

 	/*
 	 * Diffie-Hellman parameters to use when acting as a server. This is only
@@ -602,7 +603,7 @@ module { name = "sasl" }
 	 *   certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
 	 *
 	 */
-#	dhparams = "data/dhparams.pem"
+	#dhparams = "dhparams.pem"
 }

 /*
@@ -620,14 +621,15 @@ module { name = "sasl" }

 	/*
 	 * An optional certificate and key for ssl_openssl to give to the uplink.
+	 * All paths are relative to the config directory.
 	 *
 	 * You can generate your own certificate and key pair by using:
 	 *
 	 *   openssl genrsa -out privkey.pem 2048
 	 *   openssl req -new -x509 -key privkey.pem -out fullchain.pem -days 1095
 	 */
-	cert = "data/fullchain.pem"
-	key = "data/privkey.pem"
+	cert = "fullchain.pem"
+	key = "privkey.pem"

 	/*
 	 * If you wish to increase security you can disable support for older
@@ -640,7 +642,7 @@ module { name = "sasl" }
 }

 /*
- * sql_authentication [EXTRA]
+ * sql_authentication
 *
 * This module allows authenticating users against an external SQL database using a custom
 * query.
@@ -691,7 +693,7 @@ module { name = "sasl" }
 }

 /*
- * sql_log [EXTRA]
+ * sql_log
 *
 * This module adds an additional target option to log{} blocks
 * that allows logging Service's logs to SQL. To log to SQL, add
@@ -711,7 +713,7 @@ module { name = "sasl" }
 #module { name = "sql_log" }

 /*
- * sql_oper [EXTRA]
+ * sql_oper
 *
 * This module allows granting users services operator privileges and possibly IRC Operator
 * privileges based on an external SQL database using a custom query.
@@ -772,8 +774,11 @@ module { name = "sasl" }
 	/* Web server to use. */
 	server = "httpd/main";

-	/* Template to use. */
-	template = "default";
+	/*
+	 * The directory containing the webcpanel templates. This is relative to the
+	 * data directory.
+	 */
+	template_dir = "webcpanel/templates/default";

 	/* Page title. */
 	title = "Anope IRC Services";
@@ -783,7 +788,7 @@ module { name = "sasl" }
 * xmlrpc
 *
 * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
- * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
+ * By itself this module does nothing, but allows other modules (xmlrpc_main) to receive and send XMLRPC queries.
 */
 #module
 {
@@ -66,9 +66,9 @@ module
 	client = "NickServ"

 	/*
-	 * Force users to give an e-mail address when they register a nick.
+	 * Requires users to give an email address when they register a nick.
 	 *
-	 * This directive defaults to "yes" and is recommended to be enabled. This is required if e-mail registration is enabled.
+	 * This directive defaults to "yes" and is recommended to be enabled.
 	 */
 	forceemail = yes

@@ -96,10 +96,8 @@ module
 	 *                    option and the killprotect option must be specified with this one
 	 * -    kill_immed: Kill nick immediately if not identified, this one overrides both the killprotect
 	 *                    and kill_quick options and the killprotect option must be specified with this one
-	 * -     ns_secure: Enable nickname security, requiring the nick's password before any operations
-	 *                    can be done on it
 	 * -    ns_private: Hide the nick from NickServ's LIST command
-	 * -    hide_email: Hide the nick's e-mail address from NickServ's INFO command
+	 * -    hide_email: Hide the nick's email address from NickServ's INFO command
 	 * -     hide_mask: Hide the nick's last or current user@host from NickServ's INFO command
 	 * -   hide_status: Hide the nick's services operator access status from NickServ's INFO command
 	 * -     hide_quit: Hide the nick's last quit message from NickServ's INFO command
@@ -112,16 +110,16 @@ module
 	 *                  to be enabled as well
 	 * - ns_keep_modes: Enables keepmodes, which retains user modes across sessions
 	 *
-	 * This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and
+	 * This directive is optional, if left blank, the options will default to memo_signon, and
 	 * memo_receive. If you really want no defaults, use "none" by itself as the option.
 	 */
-	defaults = "killprotect ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop"
+	defaults = "killprotect ns_private hide_email hide_mask memo_signon memo_receive autoop"

 	/*
 	 * The minimum length of time between consecutive uses of NickServ's REGISTER command. This
 	 * directive is optional, but recommended. If not set, this restriction will be disabled.
 	 */
-	regdelay = 30s
+	regdelay = 5m

 	/*
 	 * The length of time before a nick's registration expires.
@@ -211,16 +209,16 @@ module
 	/*
 	 * The minimum length of passwords
 	 *
-	 * This directive is optional. If not set it defaults to 8.
+	 * This directive is optional. If not set it defaults to 10.
 	 */
-	minpasslen = 8
+	minpasslen = 10

 	/*
 	 * The maximum length of passwords
 	 *
-	 * This directive is optional. If not set it defaults to 32.
+	 * This directive is optional. If not set it defaults to 50.
 	 */
-	maxpasslen = 32
+	maxpasslen = 50
 }

 /*
@@ -248,33 +246,6 @@ command_group
 /* Give it a help command. */
 command { service = "NickServ"; name = "HELP"; command = "generic/help"; }

-/*
- * ns_access
- *
- * Provides the command nickserv/access.
- *
- * Used for configuring what hosts have access to your account.
- */
-module
-{
-	name = "ns_access"
-
-	/*
-	 * The maximum number of entries allowed on a nickname's access list.
-	 * If not set, the default is 32. This number cannot be set to 0.
-	 */
-	accessmax = 32
-
-	/*
-	 * If set, Anope will add the usermask of registering users to the access list of their
-	 * newly created account. If not set, users will always have to identify to NickServ before
-	 * being recognized, unless they manually add an address to the access list of their account.
-	 * This directive is optional.
-	 */
-	addaccessonreg = no
-}
-command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; }
-
 /*
 * ns_ajoin
 *
@@ -302,6 +273,7 @@ command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; }
 */
 module { name = "ns_alist" }
 command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; }
+command { service = "NickServ"; name = "ACCESS"; command = "nickserv/alist"; hide = true; }

 /*
 * ns_cert
@@ -358,7 +330,7 @@ module
 	 *
 	 * This directive is optional, but recommended. If not set or set to 0, no limits will be applied.
 	 */
-	maxaliases = 16
+	maxaliases = 10

 	/*
 	 * If set, the NickServ GROUP command won't allow any group changes. This is recommended to
@@ -496,7 +468,7 @@ module
 	 *
 	 * This directive is optional.
 	 */
-	#nickregdelay = 30s
+	nickregdelay = 15s

 	/*
 	 * The length of time a user using an unconfirmed account has
@@ -530,10 +502,9 @@ command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpas
 *   nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection.
 *   nickserv/set/language, nickserv/saset/language - Used for configuring what language services use.
 *   nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you.
- *   nickserv/set/password, nickserv/saset/password  - Used for changing a users password.
- *   nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access.
 *   nickserv/set/neverop, nickserv/saset/neverop - Used to configure whether a user can be added to access lists
 *   nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring.
+ *   nickserv/set/password, nickserv/saset/password  - Used for changing a users password.
 */
 module
 {
@@ -574,9 +545,6 @@ command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/sase
 command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; }
 command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; }

-command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; }
-command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; }
-
 command { service = "NickServ"; name = "SET NEVEROP"; command = "nickserv/set/neverop"; }
 command { service = "NickServ"; name = "SASET NEVEROP"; command = "nickserv/saset/neverop"; permission = "nickserv/saset/neverop"; }

@@ -601,17 +569,6 @@ command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/mi
 #command { service = "NickServ"; name = "SET MASTODON"; command = "nickserv/set/misc"; misc_description = _("Associate a Mastodon account with your account"); }
 #command { service = "NickServ"; name = "SASET MASTODON"; command = "nickserv/saset/misc"; misc_description = _("Associate a Mastodon account with this account"); permission = "nickserv/saset/mastodon"; group = "nickserv/admin"; }

-
-/*
- * ns_status
- *
- * Provides the nickserv/status command.
- *
- * Used to determine if a user is recognized or identified by services.
- */
-module { name = "ns_status" }
-command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; }
-
 /*
 * ns_suspend
 *
@@ -666,7 +623,7 @@ command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; }
 	name = "ns_maxemail"

 	/*
-	 * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
+	 * The limit to how many registered nicks can use the same email address. If set to 0 or left
 	 * commented, there will be no limit enforced when registering new accounts or using
 	 * /msg NickServ SET EMAIL.
 	 */
@@ -503,7 +503,7 @@ command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomn
 *
 * Used to NOOP a server, which prevents users from opering on that server.
 */
-module { name = "os_noop" }
+#module { name = "os_noop" }
 command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; }

 /*
@@ -235,15 +235,15 @@ serverinfo

 	/*
 	 * The filename containing the Anope process ID. The path is relative to the
-	 * services root directory.
+	 * data directory.
 	 */
-	pid = "data/anope.pid"
+	pid = "anope.pid"

 	/*
 	 * The filename containing the Message of the Day. The path is relative to the
-	 * services root directory.
+	 * config directory.
 	 */
-	motd = "conf/motd.txt"
+	motd = "motd.txt"
 }

 /*
@@ -283,25 +283,26 @@ networkinfo
 	/*
 	 * Set this to the maximum allowed nick length on your network.
 	 * Be sure to set this correctly, as setting this wrong can result in
-	 * Anope being disconnected from the network.
+	 * Anope being disconnected from the network. Defaults to 31.
 	 */
-	nicklen = 31
+	#nicklen = 31

 	/* Set this to the maximum allowed ident length on your network.
 	 * Be sure to set this correctly, as setting this wrong can result in
-	 * Anope being disconnected from the network.
+	 * Anope being disconnected from the network. Defaults to 10.
 	 */
-	userlen = 10
+	#userlen = 10

 	/* Set this to the maximum allowed hostname length on your network.
 	 * Be sure to set this correctly, as setting this wrong can result in
-	 * Anope being disconnected from the network.
+	 * Anope being disconnected from the network. Defaults to 64.
 	 */
-	hostlen = 64
+	#hostlen = 64

 	/* Set this to the maximum allowed channel length on your network.
+	 * Defaults to 64.
 	 */
-	chanlen = 32
+	#chanlen = 32

 	/* The maximum number of list modes settable on a channel (such as b, e, I).
 	 * Comment out or set to 0 to disable.
@@ -1,7 +1,68 @@
+Anope Version 2.1.5
+-------------------
+Added an example systemd unit file.
+Added support for BIGLINES on UnrealIRCd.
+Bumped the minimum supported version of Bahamut to 2.0.
+Fixed truncating messages in global/global and global/server.
+Improved building Anope for use as a system package.
+Updated the Turkish translation.
+
+Anope Version 2.1.4
+-------------------
+Added a check for a non-deprecated encryption module on start.
+Added a way for protocol modules to report an error to the uplink.
+Added more account settings to the webcpanel.
+Added self-test functionality for all encryption modules.
+Added support for challenge authentication on InspIRCd.
+Added support for importing databases from Atheme.
+Added support for sending client tags on UnrealIRCd.
+Added support for the InspIRCd 1206 (v4) protocol.
+Added the --nopid option to disable writing a pid file.
+Added the enc_argon2 module to encrypt passwords with Argon2.
+Added the enc_sha2 module to encrypt passwords with HMAC-SHA-2.
+Added the global/queue command for queueing multi-line messages.
+Added the global/server command for sending messages to an individual server.
+Added the PASSWORD category to operserv/stats to view password encryption methods.
+Added the verify-only enc_posix module to validate passwords from Atheme that were encrypted with Argon2.
+Changed nickserv/drop to use confirmation codes to confirm a nickname drop.
+Changed various paths to be relative to the data and config directories.
+Converted some IRCDProto member functions to variables.
+Converted the enc_md5, enc_none, enc_old, enc_sha1, and enc_sha256 modules to be verify-only.
+Deduplicated page headers and footers in the webcpanel templates.
+Deprecated the enc_sha256 module.
+Fixed inconsistent spelling/casing of email, vhost, and vident.
+Fixed various bugs in the inspircd module.
+Improved portability of email sending.
+Improved protocol debug messages.
+Improved the performance and reliability of internal conversion logic.
+Improved the randomness of randomly generated numbers.
+Refactored the enc_bcrypt module and exposed it as an encryption context.
+Removed several duplicate translation strings.
+Replaced the custom MD5 implementation in enc_md5 with a vendored one.
+Replaced the custom SHA256 implementation in enc_sha256 with a vendored one.
+The ldap_authentication, ldap_oper, sql_authentication, sql_log, and sql_oper modules are now always enabled.
+
+Anope Version 2.1.3
+-------------------
+Added alternate command suggestions when a user runs an invalid command.
+Added support for the IRCv3 +draft/channel-context tag.
+Added support for the IRCv3 +draft/reply tag.
+Allow using more than one fingerprint in an oper block.
+Changed chanserv/drop to use confirmation codes to confirm a channel drop.
+Cleaned up more of the codebase to use Modern C++17.
+Enabled using more field limits sent by the IRC server instead of requiring the user to configure them.
+Fixed NickServ lying about the minimum password length.
+Fixed a crash when sending emails.
+Fixed bs_kick not using the correct kick message for automatic kicks.
+Increased the security of randomly generated confirmation codes.
+Removed the ns_access module and associated cs_secure and ns_secure options.
+Removed the ns_status module.
+Reworked how messages are sent in protocol modules to allow sending message tags.
+
 Anope Version 2.1.2
 -------------------
 Bumped the minimum OpenSSL version to 1.1.0.
-Bumped the minumum GnuTLS version to 3.0.0.
+Bumped the minimum GnuTLS version to 3.0.0.
 Disabled SSLv3 support in the m_ssl_openssl module.
 Modernized mutex and thread code to use Modern C++.
 Normalised the program exit codes.
@@ -1,9 +1,54 @@
+Anope Version 2.1.5
+-------------------
+Added the nickserv/drop/override and chanserv/drop/override oper privileges.
+
+Anope Version 2.1.4
+-------------------
+Added the db_atheme module.
+Added the enc_argon2 module.
+Added the enc_posix module.
+Added the enc_sha2 module.
+Added the gl_queue module.
+Added the gl_server module.
+Added the global/queue operator privilege.
+Added the global/server operator privilege.
+Changed serverinfo:motd to be relative to the config directory.
+Changed serverinfo:pid to be relative to the data directory.
+Changed the default value of mail:sendmailpath to "/usr/sbin/sendmail -it".
+Changed the default value of module:accessmax for the chanserv module to 1000.
+Changed the default value of module:inhabit for the chanserv module to 1 minute.
+Changed the default value of module:max for the cs_mode module to 50.
+Changed the default value of module:max for the ms_ignore module to 50.
+Removed options:seed.
+Replaced module:template for the webcpanel module with module:template_dir.
+
+
+Anope Version 2.1.3
+-------------------
+Added options:didyoumeandifference.
+Added support for multiple SSL fingerprints in oper:certfp.
+Added the chanserv/cert oper privilege for modifying other user's certificate lists.
+Changed networkinfo:chanlen to default to 32 if not set.
+Changed networkinfo:hostlen to default to 64 if not set.
+Changed networkinfo:modelistsize to default to 100 if not set.
+Changed networkinfo:nicklen to default to 31 if not set.
+Changed networkinfo:userlen to default to 10 if not set.
+Increased the default maximum password length to 50 characters.
+Increased the default minimum password length to 10 characters.
+Removed the cs_secure option in module:defaults from the chanserv module (now always enabled).
+Removed the nickserv/saset/secure command.
+Removed the nickserv/saset/secure oper privilege.
+Removed the nickserv/set/secure command.
+Removed the nickserv/status command.
+Removed the ns_access module.
+Removed the ns_secure option in module:defaults from the nickserv module (now always enabled).
+
 Anope Version 2.1.2
 -------------------
-Added module:tlsv10 to m_ssl_openssl for configuring whether TLSv1.0 is usable (defaults to no).
-Added module:tlsv11 to m_ssl_openssl for configuring whether TLSv1.0 is usable (defaults to yes).
-Added module:tlsv12 to m_ssl_openssl for configuring whether TLSv1.0 is usable (defaults to yes)
-Removed module:sslv3 from m_ssl_openssl.
+Added module:tlsv10 to the ssl_openssl module for configuring whether TLSv1.0 is usable (defaults to no).
+Added module:tlsv11 to the ssl_openssl module for configuring whether TLSv1.1 is usable (defaults to yes).
+Added module:tlsv12 to the ssl_openssl module for configuring whether TLSv1.2 is usable (defaults to yes).
+Removed module:sslv3 from the ssl_openssl module (now always disabled).
 Removed the m_ prefix from the names of the chanstats, dns, dnsbl, helpchan, httpd, ldap, ldap_oper, mysql, proxyscan, redis, regex_pcre2, regex_posix, regex_stdlib, regex_tre, rewrite, sasl, sql_log, sql_oper, sqlite, ssl_gnutls, ssl_openssl, xmlrpc, and xmlrpc_main modules.

 Anope Version 2.1.1
@@ -33,7 +33,7 @@ Anope Multi Language Support
    po files (especially on Windows).

    If you have finished a language file translation and you want others to use it, please send it to team@anope.org
-    (don't forget to mention clearly your (nick)name, your e-mail and the language name). You'll of course get full credit for it.
+    (don't forget to mention clearly your (nick)name, your email and the language name). You'll of course get full credit for it.

    NOTE: There is no guarantee we will use your work so please do not be offended if we say no thanks.

@@ -166,7 +166,7 @@ Table of Contents

    Anope currently works with:

-        * Bahamut 1.4.27 or later (including 1.8)
+        * Bahamut 2.0 or later
        * ircd-hybrid 8.2.23 or later
        * InspIRCd 3 or later
        * ngIRCd 19.2 or later
@@ -98,7 +98,7 @@ public:
 	NickCore *GetAccount() const;

 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);

 	static const unsigned int MAX_DEPTH = 4;

@@ -107,7 +107,7 @@ public:
 	 * @param nc The account
 	 * @param next Next channel to check if any
 	 */
-	virtual bool Matches(const User *u, const NickCore *nc, ChannelInfo* &next) const;
+	virtual bool Matches(const User *u, const NickCore *nc, ChannelInfo *&next) const;

 	/** Check if this access entry has the given privilege.
 	 * @param name The privilege name
@@ -17,8 +17,8 @@
 #include "memo.h"
 #include "base.h"

-typedef Anope::hash_map<NickAlias *> nickalias_map;
-typedef Anope::hash_map<NickCore *> nickcore_map;
+typedef Anope::unordered_map<NickAlias *> nickalias_map;
+typedef Anope::unordered_map<NickCore *> nickcore_map;
 typedef std::unordered_map<uint64_t, NickCore *> nickcoreid_map;

 extern CoreExport Serialize::Checker<nickalias_map> NickAliasList;
@@ -33,7 +33,7 @@ class CoreExport NickAlias final
 	, public Extensible
 {
 	Anope::string vhost_ident, vhost_host, vhost_creator;
-	time_t vhost_created;
+	time_t vhost_created = 0;

 public:
 	Anope::string nick;
@@ -43,8 +43,9 @@ public:
 	Anope::string last_usermask;
 	/* Last uncloaked usermask, requires nickserv/auspex to see */
 	Anope::string last_realhost;
-	time_t time_registered;
-	time_t last_seen;
+	time_t time_registered = Anope::CurTime;
+	time_t last_seen = Anope::CurTime;
+
 	/* Account this nick is tied to. Multiple nicks can be tied to a single account. */
 	Serialize::Reference<NickCore> nc;

@@ -56,7 +57,7 @@ public:
 	~NickAlias();

 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);

 	/** Set a vhost for the user
 	 * @param ident The ident
@@ -64,36 +65,41 @@ public:
 	 * @param creator Who created the vhost
 	 * @param time When the vhost was created
 	 */
-	void SetVhost(const Anope::string &ident, const Anope::string &host, const Anope::string &creator, time_t created = Anope::CurTime);
+	void SetVHost(const Anope::string &ident, const Anope::string &host, const Anope::string &creator, time_t created = Anope::CurTime);

 	/** Remove a users vhost
 	 **/
-	void RemoveVhost();
+	void RemoveVHost();

 	/** Check if the user has a vhost
 	 * @return true or false
 	 */
-	bool HasVhost() const;
+	bool HasVHost() const;

 	/** Retrieve the vhost ident
 	 * @return the ident
 	 */
-	const Anope::string &GetVhostIdent() const;
+	const Anope::string &GetVHostIdent() const;

 	/** Retrieve the vhost host
 	 * @return the host
 	 */
-	const Anope::string &GetVhostHost() const;
+	const Anope::string &GetVHostHost() const;
+
+	/** Retrieve the vhost mask
+	 * @param the mask
+	 */
+	Anope::string GetVHostMask() const;

 	/** Retrieve the vhost creator
 	 * @return the creator
 	 */
-	const Anope::string &GetVhostCreator() const;
+	const Anope::string &GetVHostCreator() const;

 	/** Retrieve when the vhost was created
 	 * @return the time it was created
 	 */
-	time_t GetVhostCreated() const;
+	time_t GetVHostCreated() const;

 	/** Finds a registered nick
 	 * @param nick The nick to lookup
@@ -122,9 +128,8 @@ public:
 	Anope::string email;
 	/* Locale name of the language of the user. Empty means default language */
 	Anope::string language;
-	/* Access list, contains user@host masks of users who get certain privileges based
-	 * on if NI_SECURE is set and what (if any) kill protection is enabled. */
-	std::vector<Anope::string> access;
+	/* Last time an email was sent to this user */
+	time_t lastmail = 0;
 	MemoInfo memos;
 	std::map<Anope::string, Anope::string> last_modes;

@@ -134,14 +139,12 @@ public:
 	Serialize::Checker<std::vector<NickAlias *> > aliases;

 	/* Set if this user is a services operator. o->ot must exist. */
-	Oper *o;
+	Oper *o = nullptr;

 	/* Unsaved data */

 	/* Number of channels registered by this account */
-	uint16_t channelcount;
-	/* Last time an email was sent to this user */
-	time_t lastmail;
+	uint16_t channelcount = 0;
 	/* Users online now logged into this account */
 	std::list<User *> users;

@@ -153,7 +156,7 @@ public:
 	~NickCore();

 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);

 	/** Changes the display for this account
 	 * @param na The new display, must be grouped to this account.
@@ -165,66 +168,14 @@ public:
 	 */
 	virtual bool IsServicesOper() const;

-	/** Add an entry to the nick's access list
-	 *
-	 * @param entry The nick!ident@host entry to add to the access list
-	 *
-	 * Adds a new entry into the access list.
-	 */
-	void AddAccess(const Anope::string &entry);
-
-	/** Get an entry from the nick's access list by index
-	 *
-	 * @param entry Index in the access list vector to retrieve
-	 * @return The access list entry of the given index if within bounds, an empty string if the vector is empty or the index is out of bounds
-	 *
-	 * Retrieves an entry from the access list corresponding to the given index.
-	 */
-	Anope::string GetAccess(unsigned entry) const;
-
-	/** Get the number of entries on the access list for this account.
-	 */
-	unsigned GetAccessCount() const;
-
 	/** Retrieves the account id for this user */
 	uint64_t GetId();

-	/** Find an entry in the nick's access list
-	 *
-	 * @param entry The nick!ident@host entry to search for
-	 * @return True if the entry is found in the access list, false otherwise
-	 *
-	 * Search for an entry within the access list.
-	 */
-	bool FindAccess(const Anope::string &entry);
-
-	/** Erase an entry from the nick's access list
-	 *
-	 * @param entry The nick!ident@host entry to remove
-	 *
-	 * Removes the specified access list entry from the access list.
-	 */
-	void EraseAccess(const Anope::string &entry);
-
-	/** Clears the entire nick's access list
-	 *
-	 * Deletes all the memory allocated in the access list vector and then clears the vector.
-	 */
-	void ClearAccess();
-
-	/** Is the given user on this accounts access list?
-	 *
-	 * @param u The user
-	 *
-	 * @return true if the user is on the access list
-	 */
-	bool IsOnAccess(const User *u) const;
-
 	/** Finds an account
 	 * @param nick The account name to find
 	 * @return The account, if it exists
 	 */
-	static NickCore* Find(const Anope::string &nick);
+	static NickCore *Find(const Anope::string &nick);

 	void AddChannelReference(ChannelInfo *ci);
 	void RemoveChannelReference(ChannelInfo *ci);
@@ -39,6 +39,7 @@ namespace Anope
 		typedef std::string::reverse_iterator reverse_iterator;
 		typedef std::string::const_reverse_iterator const_reverse_iterator;
 		typedef std::string::size_type size_type;
+		typedef std::string::value_type value_type;
 		static const size_type npos = static_cast<size_type>(-1);

 		/**
@@ -140,8 +141,8 @@ namespace Anope
 		 */
 		inline void push_back(char c) { return this->_string.push_back(c); }

-		inline string& append(const string &s) { this->_string.append(s.str()); return *this; }
-		inline string& append(const char *s, size_t n) { this->_string.append(s, n); return *this; }
+		inline string &append(const string &s) { this->_string.append(s.str()); return *this; }
+		inline string &append(const char *s, size_t n) { this->_string.append(s, n); return *this; }

 		/**
 		 * Resizes the string content to n characters.
@@ -159,21 +160,21 @@ namespace Anope
 		 * Trim leading and trailing white spaces from the string.
 		 */

-		inline string& ltrim(const Anope::string &what = " \t\r\n")
+		inline string &ltrim(const Anope::string &what = " \t\r\n")
 		{
 			while (!this->_string.empty() && what.find(this->_string[0]) != Anope::string::npos)
 				this->_string.erase(this->_string.begin());
 			return *this;
 		}

-		inline string& rtrim(const Anope::string &what = " \t\r\n")
+		inline string &rtrim(const Anope::string &what = " \t\r\n")
 		{
 			while (!this->_string.empty() && what.find(this->_string[this->_string.length() - 1]) != Anope::string::npos)
 				this->_string.erase(this->_string.length() - 1);
 			return *this;
 		}

-		inline string& trim(const Anope::string &what = " \t\r\n")
+		inline string &trim(const Anope::string &what = " \t\r\n")
 		{
 			this->ltrim(what);
 			this->rtrim(what);
@@ -210,9 +211,9 @@ namespace Anope
 		inline size_type find_last_not_of(const string &_str, size_type pos = npos) const { return this->_string.find_last_not_of(_str._string, pos); }
 		inline size_type find_last_not_of_ci(const string &_str, size_type pos = npos) const { return ci::string(this->_string.c_str()).find_last_not_of(ci::string(_str._string.c_str()), pos); }

-		inline int compare(size_t pos, size_t len, const string& str) const { return ci::string(this->_string.c_str()).compare(pos, len, ci::string(str.c_str())); }
-		inline int compare(size_t pos, size_t len, const string& str, size_t subpos, size_type sublen = npos) const { return ci::string(this->_string.c_str()).compare(pos, len, ci::string(str.c_str()), subpos, sublen); }
-		inline int compare(size_t pos, size_t len, const char* s, size_type n = npos) const { return ci::string(this->_string.c_str()).compare(pos, len, s, n); }
+		inline int compare(size_t pos, size_t len, const string &str) const { return ci::string(this->_string.c_str()).compare(pos, len, ci::string(str.c_str())); }
+		inline int compare(size_t pos, size_t len, const string &str, size_t subpos, size_type sublen = npos) const { return ci::string(this->_string.c_str()).compare(pos, len, ci::string(str.c_str()), subpos, sublen); }
+		inline int compare(size_t pos, size_t len, const char *s, size_type n = npos) const { return ci::string(this->_string.c_str()).compare(pos, len, s, n); }

 		/**
 		 * Determine if string consists of only numbers.
@@ -343,7 +344,7 @@ namespace Anope
 	using multimap = std::multimap<string, T, ci::less>;

 	template<typename T>
-	using hash_map = std::unordered_map<string, T, hash_ci, compare>;
+	using unordered_map = std::unordered_map<string, T, hash_ci, compare>;

 #ifndef REPRODUCIBLE_BUILD
 	static const char *const compiled = __TIME__ " " __DATE__;
@@ -366,6 +367,7 @@ namespace Anope
 	 * Use this unless you need very specific time checks
 	 */
 	extern CoreExport time_t CurTime;
+	extern CoreExport long long CurTimeNs;

 	/** The debug level we are running at.
 	 */
@@ -373,7 +375,7 @@ namespace Anope

 	/** Other command line options.
 	 */
-	extern CoreExport bool ReadOnly, NoFork, NoThird, NoExpire, ProtocolDebug;
+	extern CoreExport bool ReadOnly, NoFork, NoThird, NoPID, NoExpire, ProtocolDebug;

 	/** The root of the Anope installation. Usually ~/anope
 	 */
@@ -469,7 +471,7 @@ namespace Anope
 	 * @param src The source string to encrypt
 	 * @param dest The destination where the encrypted string is placed
 	 */
-	extern CoreExport void Encrypt(const Anope::string &src, Anope::string &dest);
+	extern CoreExport bool Encrypt(const Anope::string &src, Anope::string &dest);

 	/** Hashes a buffer with SipHash-2-4
 	 * @param src The start of the buffer to hash
@@ -495,7 +497,7 @@ namespace Anope
 	/** Return the last error, uses errno/GetLastError() to determine this
 	 * @return An error message
 	 */
-	extern CoreExport const string LastError();
+	extern CoreExport string LastError();

 	/** Determines if a path is a file
 	 */
@@ -534,10 +536,18 @@ namespace Anope
 	 */
 	extern CoreExport Anope::string NormalizeBuffer(const Anope::string &);

-	/** Main processing routine. Parses the message and takes the appropriate action.
-	 * @param Raw message from the uplink
+	/** Parses a raw message from the uplink and calls its command handler.
+	 * @param message Raw message from the uplink
 	 */
-	extern void Process(const Anope::string &);
+	extern void Process(const Anope::string &message);
+
+	/** Calls the command handler for an already parsed message.
+	 * @param source Source of the message.
+	 * @param command Command name.
+	 * @param params Any extra parameters.
+	 * @param tags IRCv3 message tags.
+	 */
+	extern CoreExport void ProcessInternal(MessageSource &src, const Anope::string &command, const std::vector<Anope::string> &params, const Anope::map<Anope::string> & tags);

 	/** Does a blocking dns query and returns the first IP.
 	 * @param host host to look up
@@ -557,6 +567,40 @@ namespace Anope
 	 * @param len The length of the string returned
 	 */
 	extern CoreExport Anope::string Random(size_t len);
+
+	/** Generate a random number. */
+	extern CoreExport int RandomNumber();
+
+	/** Calculates the levenshtein distance between two strings.
+	 * @param s1 The first string.
+	 * @param s2 The second string.
+	 */
+	extern CoreExport size_t Distance(const Anope::string &s1, const Anope::string &s2);
+
+	/** Update the current time. */
+	extern CoreExport void UpdateTime();
+
+	/** Expands a path fragment that is relative to the base directory.
+	 * @param base The base directory that it is relative to.
+	 * @param fragment The fragment to expand.
+	 */
+	extern CoreExport Anope::string Expand(const Anope::string &base, const Anope::string &fragment);
+
+	/** Expands a config path. */
+	inline auto ExpandConfig(const Anope::string &path) { return Expand(ConfigDir, path); }
+
+	/** Expands a data path. */
+	inline auto ExpandData(const Anope::string &path) { return Expand(DataDir, path); }
+
+	/** Expands a locale path. */
+	inline auto ExpandLocale(const Anope::string &path) { return Expand(LocaleDir, path); }
+
+	/** Expands a log path. */
+	inline auto ExpandLog(const Anope::string &path) { return Expand(LogDir, path); }
+
+	/** Expands a module path. */
+	inline auto ExpandModule(const Anope::string &path) { return Expand(ModuleDir, path); }
+
 }

 /** sepstream allows for splitting token separated lists.
@@ -584,6 +628,9 @@ public:
 	 */
 	sepstream(const Anope::string &source, char separator, bool allowempty = false);

+	/** Retrieves the underlying string. */
+	const auto &GetString() const { return tokens; }
+
 	/** Fetch the next token from the stream
 	 * @param token The next token from the stream is placed here
 	 * @return True if tokens still remain, false if there are none left
@@ -600,7 +647,7 @@ public:
 	/** Gets every token from this stream
 	 * @param token Tokens are pushed back here
 	 */
-	template<typename T> void GetTokens(T& token)
+	template<typename T> void GetTokens(T &token)
 	{
 		token.clear();
 		Anope::string t;
@@ -623,7 +670,7 @@ public:
 	/** Fetch the entire remaining stream, without tokenizing
 	 * @return The remaining part of the stream
 	 */
-	const Anope::string GetRemaining();
+	Anope::string GetRemaining();

 	/** Returns true if the end of the stream has been reached
 	 * @return True if the end of the stream has been reached, otherwise false
@@ -717,67 +764,6 @@ public:
 	virtual ~ModuleException() noexcept = default;
 };

-class CoreExport ConvertException final
-	: public CoreException
-{
-public:
-	ConvertException(const Anope::string &reason = "") : CoreException(reason) { }
-
-	virtual ~ConvertException() noexcept = default;
-};
-
-/** Convert something to a string
- */
-template<typename T> inline Anope::string stringify(const T &x)
-{
-	std::ostringstream stream;
-
-	if (!(stream << x))
-		throw ConvertException("Stringify fail");
-
-	return stream.str();
-}
-
-template<typename T> inline void convert(const Anope::string &s, T &x, Anope::string &leftover, bool failIfLeftoverChars = true)
-{
-	leftover.clear();
-	std::istringstream i(s.str());
-	char c;
-	if (!(i >> x))
-		throw ConvertException("Convert fail");
-	if (failIfLeftoverChars)
-	{
-		if (i.get(c))
-			throw ConvertException("Convert fail");
-	}
-	else
-	{
-		std::string left;
-		getline(i, left);
-		leftover = left;
-	}
-}
-
-template<typename T> inline void convert(const Anope::string &s, T &x, bool failIfLeftoverChars = true)
-{
-	Anope::string Unused;
-	convert(s, x, Unused, failIfLeftoverChars);
-}
-
-template<typename T> inline T convertTo(const Anope::string &s, Anope::string &leftover, bool failIfLeftoverChars = true)
-{
-	T x;
-	convert(s, x, leftover, failIfLeftoverChars);
-	return x;
-}
-
-template<typename T> inline T convertTo(const Anope::string &s, bool failIfLeftoverChars = true)
-{
-	T x;
-	convert(s, x, failIfLeftoverChars);
-	return x;
-}
-
 /** Casts to be used instead of dynamic_cast, this uses dynamic_cast
 * for debug builds and static_cast on release builds
 * to speed up the program because dynamic_cast relies on RTTI.
@@ -797,3 +783,5 @@ template<typename T, typename O> inline T anope_dynamic_static_cast(O ptr)
 	return static_cast<T>(ptr);
 }
 #endif
+
+#include "convert.h"
@@ -103,14 +103,14 @@ public:
 		return NULL;
 	}

-	inline T* operator->()
+	inline T *operator->()
 	{
 		if (operator bool())
 			return this->ref;
 		return NULL;
 	}

-	inline T* operator*()
+	inline T *operator*()
 	{
 		if (operator bool())
 			return this->ref;
@@ -56,7 +56,7 @@ public:
 	virtual ~BotInfo();

 	void Serialize(Serialize::Data &data) const;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);

 	void GenerateUID();

@@ -108,8 +108,9 @@ public:
 	/** Called when a user messages this bot
 	 * @param u The user
 	 * @param message The users' message
+	 * @params tags Message tags
 	 */
-	virtual void OnMessage(User *u, const Anope::string &message);
+	virtual void OnMessage(User *u, const Anope::string &message, const Anope::map<Anope::string> &tags);

 	/** Link a command name to a command in services
 	 * @param cname The command name
@@ -117,7 +118,7 @@ public:
 	 * @param permission Permission required to execute the command, if any
 	 * @return The commandinfo for the newly created command
 	 */
-	CommandInfo& SetCommand(const Anope::string &cname, const Anope::string &sname, const Anope::string &permission = "");
+	CommandInfo &SetCommand(const Anope::string &cname, const Anope::string &sname, const Anope::string &permission = "");

 	/** Get command info for a command
 	 * @param cname The command name
@@ -130,5 +131,5 @@ public:
 	 * @param nick_only True to only look by nick, and not by UID
 	 * @return The bot, if it exists
 	 */
-	static BotInfo* Find(const Anope::string &nick, bool nick_only = false);
+	static BotInfo *Find(const Anope::string &nick, bool nick_only = false);
 };
@@ -13,7 +13,7 @@
 #include "modes.h"
 #include "serialize.h"

-typedef Anope::hash_map<Channel *> channel_map;
+typedef Anope::unordered_map<Channel *> channel_map;

 extern CoreExport channel_map ChannelList;

@@ -110,7 +110,7 @@ public:
 	 * @param status The status to give the user, if any
 	 * @return The UserContainer for the user
 	 */
-	ChanUserContainer* JoinUser(User *u, const ChannelStatus *status);
+	ChanUserContainer *JoinUser(User *u, const ChannelStatus *status);

 	/** Remove a user internally from the channel
 	 * @param u The user
@@ -302,7 +302,7 @@ public:
 	 * @param name The channel to find
 	 * @return The channel, if found
 	 */
-	static Channel* Find(const Anope::string &name);
+	static Channel *Find(const Anope::string &name);

 	/** Finds or creates a channel
 	 * @param name The channel name
@@ -44,6 +44,7 @@ struct CoreExport CommandReply
 {
 	virtual ~CommandReply() = default;
 	virtual void SendMessage(BotInfo *source, const Anope::string &msg) = 0;
+	virtual void SendMessage(CommandSource &source, const Anope::string &msg);
 };

 /* The source for a command */
@@ -61,15 +62,17 @@ public:
 	/* Where the reply should go */
 	CommandReply *reply;
 	/* Channel the command was executed on (fantasy) */
-	Reference<Channel> c;
+	Reference<Channel> c = nullptr;
 	/* The service this command is on */
 	Reference<BotInfo> service;
 	/* The actual name of the command being executed */
 	Anope::string command;
 	/* The permission of the command being executed */
 	Anope::string permission;
+	/* The unique identifier of the executing message. */
+	Anope::string msgid;

-	CommandSource(const Anope::string &n, User *user, NickCore *core, CommandReply *reply, BotInfo *bi);
+	CommandSource(const Anope::string &n, User *user, NickCore *core, CommandReply *reply, BotInfo *bi, const Anope::string &m = "");

 	const Anope::string &GetNick() const;
 	User *GetUser();
@@ -179,5 +182,5 @@ public:
 	 * @param name If found, is set to the command name, eg REGISTER
 	 * @return true if the given command service exists
 	 */
-	static bool FindCommandFromService(const Anope::string &command_service, BotInfo* &bi, Anope::string &name);
+	static bool FindCommandFromService(const Anope::string &command_service, BotInfo *&bi, Anope::string &name);
 };
@@ -15,7 +15,6 @@
 #include "regchannel.h"
 #include "users.h"
 #include "opertype.h"
-#include <stack>

 namespace Configuration
 {
@@ -42,33 +41,19 @@ namespace Configuration
 		Block(const Anope::string &);
 		const Anope::string &GetName() const;
 		int CountBlock(const Anope::string &name) const;
-		const Block* GetBlock(const Anope::string &name, int num = 0) const;
-		Block* GetMutableBlock(const Anope::string &name, int num = 0);
+		const Block *GetBlock(const Anope::string &name, int num = 0) const;
+		Block *GetMutableBlock(const Anope::string &name, int num = 0);

-		template<typename T> inline T Get(const Anope::string &tag) const
+		template<typename T> T Get(const Anope::string &tag, const Anope::string &def = "") const
 		{
-			return this->Get<T>(tag, "");
-		}
-		/* VS 2008 has an issue with having a default argument here (def = ""), which is why the above
-		 * function exists.
-		 */
-		template<typename T> T Get(const Anope::string &tag, const Anope::string &def) const
-		{
-			const Anope::string &value = this->Get<const Anope::string>(tag, def);
-			if (!value.empty())
-				try
-				{
-					return convertTo<T>(value);
-				}
-				catch (const ConvertException &) { }
-			return T();
+			return Anope::TryConvert<T>(this->Get<const Anope::string>(tag, def)).value_or(T());
 		}

 		bool Set(const Anope::string &tag, const Anope::string &value);
 		const item_map &GetItems() const;
 	};

-	template<> CoreExport const Anope::string Block::Get(const Anope::string &tag, const Anope::string& def) const;
+	template<> CoreExport const Anope::string Block::Get(const Anope::string &tag, const Anope::string &def) const;
 	template<> CoreExport time_t Block::Get(const Anope::string &tag, const Anope::string &def) const;
 	template<> CoreExport bool Block::Get(const Anope::string &tag, const Anope::string &def) const;
 	} // namespace Internal
@@ -0,0 +1,132 @@
+/*
+ *
+ * (C) 2003-2024 Anope Team
+ * Contact us at team@anope.org
+ *
+ * Please read COPYING and README for further details.
+ *
+ * Based on the original code of Epona by Lara.
+ * Based on the original code of Services by Andy Church.
+ */
+
+#pragma once
+
+#include <optional>
+
+namespace Anope
+{
+	/** Attempts to convert a string to any type.
+	 * @param in The value to convert.
+	 * @param leftover If non-nullptr then the location to store leftover data.
+	 */
+	template<typename T>
+	inline std::optional<T> TryConvert(const Anope::string &in, Anope::string *leftover = nullptr)
+	{
+		std::istringstream tmp(in.str());
+		T out;
+		if (!(tmp >> out))
+			return std::nullopt;
+
+		if (leftover)
+		{
+			leftover->clear();
+			std::getline(tmp, leftover->str());
+		}
+		else
+		{
+			char extra;
+			if (tmp >> extra)
+				return std::nullopt;
+		}
+		return out;
+	}
+
+	/** Converts a string to any type.
+	 * @param in The value to convert.
+	 * @param def The default to use if the conversion failed.
+	 * @param leftover If non-nullptr then the location to store leftover data.
+	 */
+	template<typename T>
+	inline T Convert(const Anope::string &in, T def, Anope::string *leftover = nullptr)
+	{
+		return TryConvert<T>(in, leftover).value_or(def);
+	}
+
+	/** Attempts to convert any type to a string.
+	 * @param in The value to convert.
+	 */
+	template <class T>
+	inline std::optional<Anope::string> TryString(const T &in)
+	{
+		std::ostringstream tmp;
+		if (!(tmp << in))
+			return std::nullopt;
+		return tmp.str();
+	}
+
+	/** No-op function that returns the string that was passed to it.
+	 * @param in The string to return.
+	 */
+	inline const string &ToString(const string &in)
+	{
+		return in;
+	}
+
+	/** Converts a std::string to a string.
+	 * @param in The value to convert.
+	 */
+	inline string ToString(const std::string &in)
+	{
+		return in;
+	}
+
+	/** Converts a char array to a string.
+	 * @param in The value to convert.
+	 */
+	inline string ToString(const char *in)
+	{
+		return string(in);
+	}
+
+	/** Converts a char to a string.
+	 * @param in The value to convert.
+	 */
+	inline string ToString(char in)
+	{
+		return string(1, static_cast<string::value_type>(in));
+	}
+
+	/** Converts an unsigned char to a string.
+	 * @param in The value to convert.
+	 */
+	inline string ToString(unsigned char in)
+	{
+		return string(1, static_cast<string::value_type>(in));
+	}
+
+	/** Converts a bool to a string.
+	 * @param in The value to convert.
+	 */
+	inline string ToString(bool in)
+	{
+		return (in ? "1" : "0");
+	}
+
+	/** Converts a type that std::to_string is implemented for to a string.
+	 * @param in The value to convert.
+	 */
+	template<typename Stringable>
+	inline std::enable_if_t<std::is_arithmetic_v<Stringable>, string> ToString(const Stringable &in)
+	{
+		return std::to_string(in);
+	}
+
+	/** Converts any type to a string.
+	 * @param in The value to convert.
+	 */
+	template <class T>
+	inline std::enable_if_t<!std::is_arithmetic_v<T>, string> ToString(const T &in)
+	{
+		return TryString(in).value_or(Anope::string());
+	}
+}
@@ -41,12 +41,12 @@ public:

 	void UnsetExtensibles();

-	template<typename T> T* GetExt(const Anope::string &name) const;
+	template<typename T> T *GetExt(const Anope::string &name) const;
 	bool HasExt(const Anope::string &name) const;

-	template<typename T> T* Extend(const Anope::string &name, const T &what);
-	template<typename T> T* Extend(const Anope::string &name);
-	template<typename T> T* Require(const Anope::string &name);
+	template<typename T> T *Extend(const Anope::string &name, const T &what);
+	template<typename T> T *Extend(const Anope::string &name);
+	template<typename T> T *Require(const Anope::string &name);
 	template<typename T> void Shrink(const Anope::string &name);

 	static void ExtensibleSerialize(const Extensible *, const Serializable *, Serialize::Data &data);
@@ -77,17 +77,17 @@ public:
 		}
 	}

-	T* Set(Extensible *obj, const T &value)
+	T *Set(Extensible *obj, const T &value)
 	{
-		T* t = Set(obj);
+		T *t = Set(obj);
 		if (t)
 			*t = value;
 		return t;
 	}

-	T* Set(Extensible *obj)
+	T *Set(Extensible *obj)
 	{
-		T* t = Create(obj);
+		T *t = Create(obj);
 		Unset(obj);
 		items[obj] = t;
 		obj->extension_items.insert(this);
@@ -102,7 +102,7 @@ public:
 		delete value;
 	}

-	T* Get(const Extensible *obj) const
+	T *Get(const Extensible *obj) const
 	{
 		std::map<Extensible *, void *>::const_iterator it = items.find(const_cast<Extensible *>(obj));
 		if (it != items.end())
@@ -115,9 +115,9 @@ public:
 		return items.find(const_cast<Extensible *>(obj)) != items.end();
 	}

-	T* Require(Extensible *obj)
+	T *Require(Extensible *obj)
 	{
-		T* t = Get(obj);
+		T *t = Get(obj);
 		if (t)
 			return t;

@@ -130,7 +130,7 @@ class ExtensibleItem
 	: public BaseExtensibleItem<T>
 {
 protected:
-	T* Create(Extensible *obj) override
+	T *Create(Extensible *obj) override
 	{
 		return new T(obj);
 	}
@@ -143,7 +143,7 @@ class PrimitiveExtensibleItem
 	: public BaseExtensibleItem<T>
 {
 protected:
-	T* Create(Extensible *obj) override
+	T *Create(Extensible *obj) override
 	{
 		return new T();
 	}
@@ -155,7 +155,7 @@ template<>
 class PrimitiveExtensibleItem<bool> : public BaseExtensibleItem<bool>
 {
 protected:
-	bool* Create(Extensible *) override
+	bool *Create(Extensible *) override
 	{
 		return NULL;
 	}
@@ -172,7 +172,7 @@ public:

 	void ExtensibleSerialize(const Extensible *e, const Serializable *s, Serialize::Data &data) const override
 	{
-		T* t = this->Get(e);
+		T *t = this->Get(e);
 		data[this->name] << *t;
 	}

@@ -216,7 +216,7 @@ struct ExtensibleRef final
 };

 template<typename T>
-T* Extensible::GetExt(const Anope::string &name) const
+T *Extensible::GetExt(const Anope::string &name) const
 {
 	ExtensibleRef<T> ref(name);
 	if (ref)
@@ -227,16 +227,16 @@ T* Extensible::GetExt(const Anope::string &name) const
 }

 template<typename T>
-T* Extensible::Extend(const Anope::string &name, const T &what)
+T *Extensible::Extend(const Anope::string &name, const T &what)
 {
-	T* t = Extend<T>(name);
+	T *t = Extend<T>(name);
 	if (t)
 		*t = what;
 	return t;
 }

 template<typename T>
-T* Extensible::Extend(const Anope::string &name)
+T *Extensible::Extend(const Anope::string &name)
 {
 	ExtensibleRef<T> ref(name);
 	if (ref)
@@ -247,7 +247,7 @@ T* Extensible::Extend(const Anope::string &name)
 }

 template<typename T>
-T* Extensible::Require(const Anope::string &name)
+T *Extensible::Require(const Anope::string &name)
 {
 	if (HasExt(name))
 		return GetExt<T>(name);
@@ -65,11 +65,13 @@ namespace Language
 } // namespace Language

 /* Commonly used language strings */
+#define CONFIRM_DROP			_("Please confirm that you want to drop \002%s\002 with \002%s%s DROP %s %s\002")
+#define SERVICE_UNAVAILABLE		_("Sorry, %s is temporarily unavailable.")
 #define MORE_INFO			_("\002%s%s HELP %s\002 for more information.")
 #define BAD_USERHOST_MASK		_("Mask must be in the form \037user\037@\037host\037.")
 #define BAD_EXPIRY_TIME			_("Invalid expiry time.")
 #define USERHOST_MASK_TOO_WIDE		_("%s coverage is too wide; Please use a more specific mask.")
-#define READ_ONLY_MODE			_("Services are in read-only mode!")
+#define READ_ONLY_MODE			_("Services are temporarily in read-only mode.")
 #define PASSWORD_INCORRECT		_("Password incorrect.")
 #define ACCESS_DENIED			_("Access denied.")
 #define MORE_OBSCURE_PASSWORD		_("Please try again with a more obscure password. Passwords should not be\n" \
@@ -86,12 +88,10 @@ namespace Language
 #define CHAN_X_NOT_REGISTERED		_("Channel \002%s\002 isn't registered.")
 #define CHAN_X_NOT_IN_USE		_("Channel \002%s\002 doesn't exist.")
 #define NICK_IDENTIFY_REQUIRED		_("You must be logged into an account to use that command.")
-#define MAIL_X_INVALID			_("\002%s\002 is not a valid e-mail address.")
+#define MAIL_X_INVALID			_("\002%s\002 is not a valid email address.")
 #define UNKNOWN				_("<unknown>")
 #define NO_EXPIRE			_("does not expire")
 #define LIST_INCORRECT_RANGE		_("Incorrect range specified. The correct syntax is \002#\037from\037-\037to\037\002.")
-#define NICK_IS_REGISTERED		_("This nick is owned by someone else.  Please choose another.\n" \
-						"(If this is your nick, type \002%s%s IDENTIFY \037password\037\002.)")
 #define NICK_IS_SECURE			_("This nickname is registered and protected.  If it is your\n" \
 						"nick, type \002%s%s IDENTIFY \037password\037\002.  Otherwise,\n" \
 						"please choose a different nick.")
@@ -99,7 +99,7 @@ namespace Language
 #define NICK_CANNOT_BE_REGISTERED	_("Nickname \002%s\002 may not be registered.")
 #define NICK_ALREADY_REGISTERED		_("Nickname \002%s\002 is already registered!")
 #define NICK_SET_DISPLAY_CHANGED	_("The new display is now \002%s\002.")
-#define NICK_CONFIRM_INVALID		_("Invalid passcode has been entered, please check the e-mail again, and retry.")
+#define NICK_CONFIRM_INVALID		_("Invalid passcode has been entered, please check the email again, and retry.")
 #define CHAN_NOT_ALLOWED_TO_JOIN	_("You are not permitted to be on this channel.")
 #define CHAN_X_INVALID			_("Channel %s is not a valid channel.")
 #define CHAN_REACHED_CHANNEL_LIMIT	_("Sorry, you have already reached your limit of \002%d\002 channels.")
@@ -116,15 +116,14 @@ namespace Language
 						"Type \002%s%s READ %zu\002 to read it.")
 #define MEMO_HAVE_NO_MEMOS		_("You have no memos.")
 #define MEMO_X_HAS_NO_MEMOS		_("%s has no memos.")
-#define MEMO_SEND_DISABLED		_("Sorry, memo sending is temporarily disabled.")
 #define MEMO_HAVE_NO_NEW_MEMOS		_("You have no new memos.")
 #define MEMO_X_HAS_NO_NEW_MEMOS		_("%s has no new memos.")
 #define BOT_DOES_NOT_EXIST		_("Bot \002%s\002 does not exist.")
 #define BOT_NOT_ASSIGNED		_("You must assign a bot to the channel before using this command.")
 #define BOT_NOT_ON_CHANNEL		_("Bot is not on channel \002%s\002.")
-#define HOST_SET_ERROR			_("A vHost must be in the format of a valid hostname.")
-#define HOST_SET_IDENT_ERROR		_("A vHost ident must be in the format of a valid ident.")
-#define HOST_SET_TOOLONG		_("Error! The vHost is too long, please use a hostname shorter than %d characters.")
-#define HOST_SET_IDENTTOOLONG		_("Error! The vHost ident is too long, please use an ident shorter than %d characters.")
-#define HOST_NOT_ASSIGNED		_("Please contact an Operator to get a vHost assigned to this nick.")
-#define HOST_NO_VIDENT			_("Your IRCd does not support vIdent's, if this is incorrect, please report this as a possible bug")
+#define HOST_SET_ERROR			_("A vhost must be in the format of a valid hostname.")
+#define HOST_SET_IDENT_ERROR		_("A vident must be in the format of a valid ident.")
+#define HOST_SET_TOOLONG		_("Error! The vhost is too long, please use a hostname shorter than %zu characters.")
+#define HOST_SET_IDENTTOOLONG		_("Error! The vident is too long, please use an ident shorter than %zu characters.")
+#define HOST_NOT_ASSIGNED		_("Please contact an Operator to get a vhost assigned to this nick.")
+#define HOST_NO_VIDENT			_("Your IRCd does not support vidents. If this is incorrect please report this as a possible bug.")
@@ -26,6 +26,7 @@ namespace Mail
 		: public Thread
 	{
 	private:
+		Anope::string error;
 		Anope::string sendmail_path;
 		Anope::string send_from;
 		Anope::string mail_to;
@@ -35,7 +36,6 @@ namespace Mail
 		Anope::string content_type;
 		bool dont_quote_addresses;

-		bool success = false;
 	public:
 		/** Construct this message. Once constructed call Thread::Start to launch the mail sending.
 		 * @param sf Config->SendFrom
@@ -25,7 +25,7 @@ public:
 	~Memo();

 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);

 	Anope::string owner;
 	/* When it was sent */
@@ -24,7 +24,7 @@ namespace Message
 	struct CoreExport Away
 		: IRCDMessage
 	{
-		Away(Module *creator, const Anope::string &mname = "AWAY") : IRCDMessage(creator, mname, 0) { SetFlag(IRCDMESSAGE_REQUIRE_USER); SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Away(Module *creator, const Anope::string &mname = "AWAY") : IRCDMessage(creator, mname, 0) { SetFlag(FLAG_REQUIRE_USER); SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -32,7 +32,7 @@ namespace Message
 	struct CoreExport Capab
 		: IRCDMessage
 	{
-		Capab(Module *creator, const Anope::string &mname = "CAPAB") : IRCDMessage(creator, mname, 1) { SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Capab(Module *creator, const Anope::string &mname = "CAPAB") : IRCDMessage(creator, mname, 1) { SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -48,7 +48,7 @@ namespace Message
 	struct CoreExport Invite
 		: IRCDMessage
 	{
-		Invite(Module *creator, const Anope::string &mname = "INVITE") : IRCDMessage(creator, mname, 2) { SetFlag(IRCDMESSAGE_REQUIRE_USER); SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Invite(Module *creator, const Anope::string &mname = "INVITE") : IRCDMessage(creator, mname, 2) { SetFlag(FLAG_REQUIRE_USER); SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -56,7 +56,7 @@ namespace Message
 	struct CoreExport Join
 		: IRCDMessage
 	{
-		Join(Module *creator, const Anope::string &mname = "JOIN") : IRCDMessage(creator, mname, 1) { SetFlag(IRCDMESSAGE_REQUIRE_USER); SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Join(Module *creator, const Anope::string &mname = "JOIN") : IRCDMessage(creator, mname, 1) { SetFlag(FLAG_REQUIRE_USER); SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;

@@ -75,7 +75,7 @@ namespace Message
 	struct CoreExport Kick
 		: IRCDMessage
 	{
-		Kick(Module *creator, const Anope::string &mname = "KICK") : IRCDMessage(creator, mname, 2) { SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Kick(Module *creator, const Anope::string &mname = "KICK") : IRCDMessage(creator, mname, 2) { SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -91,7 +91,7 @@ namespace Message
 	struct CoreExport Mode
 		: IRCDMessage
 	{
-		Mode(Module *creator, const Anope::string &mname = "MODE") : IRCDMessage(creator, mname, 2) { SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Mode(Module *creator, const Anope::string &mname = "MODE") : IRCDMessage(creator, mname, 2) { SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -107,7 +107,7 @@ namespace Message
 	struct CoreExport Notice
 		: IRCDMessage
 	{
-		Notice(Module *creator, const Anope::string &mname = "NOTICE") : IRCDMessage(creator, mname, 2) { SetFlag(IRCDMESSAGE_REQUIRE_USER); }
+		Notice(Module *creator, const Anope::string &mname = "NOTICE") : IRCDMessage(creator, mname, 2) { SetFlag(FLAG_REQUIRE_USER); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -115,7 +115,7 @@ namespace Message
 	struct CoreExport Part
 		: IRCDMessage
 	{
-		Part(Module *creator, const Anope::string &mname = "PART") : IRCDMessage(creator, mname, 1) { SetFlag(IRCDMESSAGE_REQUIRE_USER); SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Part(Module *creator, const Anope::string &mname = "PART") : IRCDMessage(creator, mname, 1) { SetFlag(FLAG_REQUIRE_USER); SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -123,7 +123,7 @@ namespace Message
 	struct CoreExport Ping
 		: IRCDMessage
 	{
-		Ping(Module *creator, const Anope::string &mname = "PING") : IRCDMessage(creator, mname, 1) { SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Ping(Module *creator, const Anope::string &mname = "PING") : IRCDMessage(creator, mname, 1) { SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -131,7 +131,7 @@ namespace Message
 	struct CoreExport Privmsg
 		: IRCDMessage
 	{
-		Privmsg(Module *creator, const Anope::string &mname = "PRIVMSG") : IRCDMessage(creator, mname, 2) { SetFlag(IRCDMESSAGE_REQUIRE_USER); }
+		Privmsg(Module *creator, const Anope::string &mname = "PRIVMSG") : IRCDMessage(creator, mname, 2) { SetFlag(FLAG_REQUIRE_USER); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -139,7 +139,7 @@ namespace Message
 	struct CoreExport Quit
 		: IRCDMessage
 	{
-		Quit(Module *creator, const Anope::string &mname = "QUIT") : IRCDMessage(creator, mname, 1) { SetFlag(IRCDMESSAGE_REQUIRE_USER); }
+		Quit(Module *creator, const Anope::string &mname = "QUIT") : IRCDMessage(creator, mname, 1) { SetFlag(FLAG_REQUIRE_USER); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -155,7 +155,7 @@ namespace Message
 	struct CoreExport Stats
 		: IRCDMessage
 	{
-		Stats(Module *creator, const Anope::string &mname = "STATS") : IRCDMessage(creator, mname, 1) { SetFlag(IRCDMESSAGE_REQUIRE_USER); SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Stats(Module *creator, const Anope::string &mname = "STATS") : IRCDMessage(creator, mname, 1) { SetFlag(FLAG_REQUIRE_USER); SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -163,7 +163,7 @@ namespace Message
 	struct CoreExport Time
 		: IRCDMessage
 	{
-		Time(Module *creator, const Anope::string &mname = "TIME") : IRCDMessage(creator, mname, 0) { SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Time(Module *creator, const Anope::string &mname = "TIME") : IRCDMessage(creator, mname, 0) { SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -171,7 +171,7 @@ namespace Message
 	struct CoreExport Topic
 		: IRCDMessage
 	{
-		Topic(Module *creator, const Anope::string &mname = "TOPIC") : IRCDMessage(creator, mname, 2) { SetFlag(IRCDMESSAGE_REQUIRE_USER); }
+		Topic(Module *creator, const Anope::string &mname = "TOPIC") : IRCDMessage(creator, mname, 2) { SetFlag(FLAG_REQUIRE_USER); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -179,7 +179,7 @@ namespace Message
 	struct CoreExport Version
 		: IRCDMessage
 	{
-		Version(Module *creator, const Anope::string &mname = "VERSION") : IRCDMessage(creator, mname, 0) { SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Version(Module *creator, const Anope::string &mname = "VERSION") : IRCDMessage(creator, mname, 0) { SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -187,7 +187,7 @@ namespace Message
 	struct CoreExport Whois
 		: IRCDMessage
 	{
-		Whois(Module *creator, const Anope::string &mname = "WHOIS") : IRCDMessage(creator, mname, 1) { SetFlag(IRCDMESSAGE_SOFT_LIMIT); }
+		Whois(Module *creator, const Anope::string &mname = "WHOIS") : IRCDMessage(creator, mname, 1) { SetFlag(FLAG_SOFT_LIMIT); }

 		void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) override;
 	};
@@ -419,9 +419,9 @@ public:
 	/** Get the banned mask for this entry
 	 * @return The mask
 	 */
-	const Anope::string GetMask() const;
+	Anope::string GetMask() const;

-	const Anope::string GetNUHMask() const;
+	Anope::string GetNUHMask() const;

 	/** Check if this entry matches a user
 	 * @param u The user
@@ -777,23 +777,6 @@ public:
 	 */
 	virtual void OnChangeCoreDisplay(NickCore *nc, const Anope::string &newdisplay) { throw NotImplementedException(); }

-	/** called from NickCore::ClearAccess()
-	 * @param nc pointer to the NickCore
-	 */
-	virtual void OnNickClearAccess(NickCore *nc) { throw NotImplementedException(); }
-
-	/** Called when a user adds an entry to their access list
-	 * @param nc The nick
-	 * @param entry The entry
-	 */
-	virtual void OnNickAddAccess(NickCore *nc, const Anope::string &entry) { throw NotImplementedException(); }
-
-	/** Called from NickCore::EraseAccess()
-	 * @param nc pointer to the NickCore
-	 * @param entry The access mask
-	 */
-	virtual void OnNickEraseAccess(NickCore *nc, const Anope::string &entry) { throw NotImplementedException(); }
-
 	/** called from NickCore::ClearCert()
 	 * @param nc pointer to the NickCore
 	 */
@@ -855,12 +838,12 @@ public:
 	/** Called when a vhost is deleted
 	 * @param na The nickalias of the vhost
 	 */
-	virtual void OnDeleteVhost(NickAlias *na) { throw NotImplementedException(); }
+	virtual void OnDeleteVHost(NickAlias *na) { throw NotImplementedException(); }

 	/** Called when a vhost is set
 	 * @param na The nickalias of the vhost
 	 */
-	virtual void OnSetVhost(NickAlias *na) { throw NotImplementedException(); }
+	virtual void OnSetVHost(NickAlias *na) { throw NotImplementedException(); }

 	/** Called when a users host changes
 	 * @param u The user
@@ -964,23 +947,26 @@ public:
 	 * @param u The user sending the PRIVMSG
 	 * @param bi The target of the PRIVMSG
 	 * @param message The message
+	 * @param tags Message tags
 	 * @return EVENT_STOP to halt processing
 	 */
-	virtual EventReturn OnBotPrivmsg(User *u, BotInfo *bi, Anope::string &message) { throw NotImplementedException(); }
+	virtual EventReturn OnBotPrivmsg(User *u, BotInfo *bi, Anope::string &message, const Anope::map<Anope::string> &tags) { throw NotImplementedException(); }

 	/** Called when we receive a NOTICE for one of our clients
 	 * @param u The user sending the NOTICE
 	 * @param bi The target of the NOTICE
+	 * @param tags Message tags
 	 * @param message The message
 	 */
-	virtual void OnBotNotice(User *u, BotInfo *bi, Anope::string &message) { throw NotImplementedException(); }
+	virtual void OnBotNotice(User *u, BotInfo *bi, Anope::string &message, const Anope::map<Anope::string> &tags) { throw NotImplementedException(); }

 	/** Called when we receive a PRIVMSG for a registered channel we are in
 	 * @param u The source of the message
 	 * @param c The channel
 	 * @param msg The message
+	 * @param tags Message tags
 	 */
-	virtual void OnPrivmsg(User *u, Channel *c, Anope::string &msg) { throw NotImplementedException(); }
+	virtual void OnPrivmsg(User *u, Channel *c, Anope::string &msg, const Anope::map<Anope::string> &tags) { throw NotImplementedException(); }

 	/** Called when a message is logged
 	 * @param l The log message
@@ -1051,9 +1037,10 @@ public:
 	 * @param source The source of the message
 	 * @param command The command being executed
 	 * @param params Parameters
+	 * @param tags Tags
 	 * @return EVENT_STOP to prevent the protocol module from processing this message
 	 */
-	virtual EventReturn OnMessage(MessageSource &source, Anope::string &command, std::vector<Anope::string> &param) { throw NotImplementedException(); }
+	virtual EventReturn OnMessage(MessageSource &source, Anope::string &command, std::vector<Anope::string> &params, Anope::map<Anope::string> &tagss) { throw NotImplementedException(); }

 	/** Called to determine if a channel mode can be set by a user
 	 * @param u The user
@@ -1075,13 +1062,6 @@ public:
 	 * @return EVENT_STOP to force the user off of the nick
 	 */
 	virtual EventReturn OnNickValidate(User *u, NickAlias *na) { throw NotImplementedException(); }
-
-	/** Called when a certain user has to be unbanned on a certain channel.
-	 * May be used to send protocol-specific messages.
-	 * @param u The user to be unbanned
-	 * @param c The channel that user has to be unbanned on
-	 */
-	virtual void OnChannelUnban(User *u, ChannelInfo *ci) { throw NotImplementedException(); }
 };

 enum Implementation
@@ -1099,15 +1079,15 @@ enum Implementation
 	I_OnCreateChan, I_OnDelChan, I_OnChannelCreate, I_OnChannelDelete, I_OnAkickAdd, I_OnAkickDel, I_OnCheckKick,
 	I_OnChanInfo, I_OnCheckPriv, I_OnGroupCheckPriv, I_OnNickDrop, I_OnNickGroup, I_OnNickIdentify,
 	I_OnUserLogin, I_OnNickLogout, I_OnNickRegister, I_OnNickConfirm, I_OnNickSuspend, I_OnNickUnsuspended, I_OnDelNick, I_OnNickCoreCreate,
-	I_OnDelCore, I_OnChangeCoreDisplay, I_OnNickClearAccess, I_OnNickAddAccess, I_OnNickEraseAccess, I_OnNickClearCert,
+	I_OnDelCore, I_OnChangeCoreDisplay, I_OnNickClearCert,
 	I_OnNickAddCert, I_OnNickEraseCert, I_OnNickInfo, I_OnBotInfo, I_OnCheckAuthentication, I_OnNickUpdate,
-	I_OnFingerprint, I_OnUserAway, I_OnInvite, I_OnDeleteVhost, I_OnSetVhost, I_OnSetDisplayedHost, I_OnMemoSend, I_OnMemoDel,
+	I_OnFingerprint, I_OnUserAway, I_OnInvite, I_OnDeleteVHost, I_OnSetVHost, I_OnSetDisplayedHost, I_OnMemoSend, I_OnMemoDel,
 	I_OnChannelModeSet, I_OnChannelModeUnset, I_OnUserModeSet, I_OnUserModeUnset, I_OnChannelModeAdd, I_OnUserModeAdd,
 	I_OnMLock, I_OnUnMLock, I_OnModuleLoad, I_OnModuleUnload, I_OnServerSync, I_OnUplinkSync, I_OnBotPrivmsg, I_OnBotNotice,
 	I_OnPrivmsg, I_OnLog, I_OnLogMessage, I_OnDnsRequest, I_OnCheckModes, I_OnChannelSync, I_OnSetCorrectModes,
 	I_OnSerializeCheck, I_OnSerializableConstruct, I_OnSerializableDestruct, I_OnSerializableUpdate,
 	I_OnSerializeTypeCreate, I_OnSetChannelOption, I_OnSetNickOption, I_OnMessage, I_OnCanSet, I_OnCheckDelete,
-	I_OnExpireTick, I_OnNickValidate, I_OnChannelUnban,
+	I_OnExpireTick, I_OnNickValidate,
 	I_SIZE
 };

@@ -46,13 +46,13 @@ struct BadWords
 	 * @param type The type (SINGLE START END)
 	 * @return The badword
 	 */
-	virtual BadWord* AddBadWord(const Anope::string &word, BadWordType type) = 0;
+	virtual BadWord *AddBadWord(const Anope::string &word, BadWordType type) = 0;

 	/** Get a badword structure by index
 	 * @param index The index
 	 * @return The badword
 	 */
-	virtual BadWord* GetBadWord(unsigned index) const = 0;
+	virtual BadWord *GetBadWord(unsigned index) const = 0;

 	/** Get how many badwords are on this channel
 	 * @return The number of badwords in the vector
@@ -33,5 +33,5 @@ public:
 			delete (*this)->at(i - 1);
 	}

-	virtual EntryMsg* Create() = 0;
+	virtual EntryMsg *Create() = 0;
 };
@@ -13,26 +13,135 @@

 namespace Encryption
 {
-	typedef std::pair<const unsigned char *, size_t> Hash;
-	typedef std::pair<const uint32_t *, size_t> IV;
-
+	/** Base class for encryption contexts. */
 	class Context
 	{
 	public:
 		virtual ~Context() = default;
+
+		/** Updates the encryption context with the specified data.
+		 * @param str The data to update the context with.
+		 */
+		inline void Update(const Anope::string &str)
+		{
+			Update(reinterpret_cast<const unsigned char *>(str.c_str()), str.length());
+		}
+
+		/** Updates the encryption context with the specified data.
+		 * @param data The data to update the context with.
+		 * @param len The length of the data.
+		 */
 		virtual void Update(const unsigned char *data, size_t len) = 0;
-		virtual void Finalize() = 0;
-		virtual Hash GetFinalizedHash() = 0;
+
+		/** Finalises the encryption context and returns the digest. */
+		virtual Anope::string Finalize() = 0;
 	};

+	/** Provider of encryption contexts. */
 	class Provider
 		: public Service
 	{
 	public:
-		Provider(Module *creator, const Anope::string &sname) : Service(creator, "Encryption::Provider", sname) { }
+		/** The byte size of the block cipher. */
+		const size_t block_size;
+
+		/** The byte size of the resulting digest. */
+		const size_t digest_size;
+
+		/** Creates a provider of encryption contexts.
+		 * @param creator The module that created this provider.
+		 * @param algorithm The name of the encryption algorithm.
+		 * @param bs The byte size of the block cipher.
+		 * @param ds The byte size of the resulting digest.
+		 */
+		Provider(Module *creator, const Anope::string &algorithm, size_t bs, size_t ds)
+			: Service(creator, "Encryption::Provider", algorithm)
+			, block_size(bs)
+			, digest_size(ds)
+		{
+		}
+
 		virtual ~Provider() = default;

-		virtual Context *CreateContext(IV * = NULL) = 0;
-		virtual IV GetDefaultIV() = 0;
+		/** Checks whether a plain text value matches a hash created by this provider. */
+		virtual bool Compare(const Anope::string &hash, const Anope::string &plain)
+		{
+			return !hash.empty() && hash.equals_cs(ToPrintable(Encrypt(plain)));
+		}
+
+		/** Called on initialising a encryption provider to check it works properly. */
+		void Check(const Anope::map<Anope::string> &checks)
+		{
+			for (const auto &[hash, plain] : checks)
+			{
+				if (!Compare(hash, plain))
+					throw ModuleException("BUG: unable to generate " + this->name + " hashes safely! Please report this!");
+			}
+			Log(LOG_DEBUG) << "The " << this->name << " encryption provider appears to be working correctly.";
+		}
+
+		/** Creates a new encryption context. */
+		virtual std::unique_ptr<Context> CreateContext() = 0;
+
+		/** Quickly encrypts the specified values and returns the digest. */
+		template<typename... Args>
+		Anope::string Encrypt(Args &&...args)
+		{
+			auto context = CreateContext();
+			context->Update(std::forward<Args>(args)...);
+			return context->Finalize();
+		}
+
+		/** Calculates the  RFC 2104 hash-based message authentication code for the specified data. */
+		inline Anope::string HMAC(const Anope::string &key, const Anope::string &data)
+		{
+			if (!block_size)
+				return {};
+
+			auto keybuf = key.length() > block_size ? Encrypt(key) : key;
+			keybuf.resize(block_size);
+
+			Anope::string hmac1;
+			Anope::string hmac2;
+			for (size_t i = 0; i < block_size; ++i)
+			{
+				hmac1.push_back(static_cast<char>(keybuf[i] ^ 0x5C));
+				hmac2.push_back(static_cast<char>(keybuf[i] ^ 0x36));
+			}
+			hmac2.append(data);
+			hmac1.append(Encrypt(hmac2));
+
+			return Encrypt(hmac1);
+		}
+
+		/** Converts a hash to its printable form. */
+		virtual Anope::string ToPrintable(const Anope::string &hash)
+		{
+			return Anope::Hex(hash);
+		}
+	};
+
+	/** Helper template for creating simple providers of encryption contexts. */
+	template <typename T>
+	class SimpleProvider final
+		: public Provider
+	{
+	public:
+		/** Creates a simple provider of encryption contexts.
+		 * @param creator The module that created this provider.
+		 * @param algorithm The name of the encryption algorithm.
+		 * @param bs The byte size of the block cipher.
+		 * @param ds The byte size of the resulting digest.
+		 */
+		SimpleProvider(Module *creator, const Anope::string &algorithm, size_t bs, size_t ds)
+			: Provider(creator, algorithm, bs, ds)
+		{
+		}
+
+		/** @copydoc Encryption::Provider::CreateContext. */
+		std::unique_ptr<Context> CreateContext() override
+		{
+			return std::make_unique<T>();
+		}
 	};
 }
@@ -0,0 +1,23 @@
+/*
+ *
+ * (C) 2003-2024 Anope Team
+ * Contact us at team@anope.org
+ *
+ * Please read COPYING and README for further details.
+ */
+
+#pragma once
+
+class HostRequest
+{
+protected:
+	HostRequest() = default;
+
+public:
+	Anope::string nick;
+	Anope::string ident;
+	Anope::string host;
+	time_t time = 0;
+
+	virtual ~HostRequest() = default;
+};
@@ -27,9 +27,9 @@ struct HTTPReply final
 	std::vector<cookie> cookies;

 	HTTPReply() = default;
-	HTTPReply& operator=(const HTTPReply &) = default;
+	HTTPReply &operator=(const HTTPReply &) = default;

-	HTTPReply(const HTTPReply& other) : error(other.error), length(other.length)
+	HTTPReply(const HTTPReply &other) : error(other.error), length(other.length)
 	{
 		content_type = other.content_type;
 		headers = other.headers;
@@ -169,7 +169,7 @@ public:

 	virtual bool RegisterPage(HTTPPage *page) = 0;
 	virtual void UnregisterPage(HTTPPage *page) = 0;
-	virtual HTTPPage* FindPage(const Anope::string &name) = 0;
+	virtual HTTPPage *FindPage(const Anope::string &name) = 0;
 };

 namespace HTTPUtils
@@ -180,7 +180,7 @@ namespace HTTPUtils

 		for (unsigned i = 0; i < url.length(); ++i)
 		{
-			const char& c = url[i];
+			const char &c = url[i];

 			if (c == '%' && i + 2 < url.length())
 			{
@@ -0,0 +1,49 @@
+/*
+ *
+ * (C) 2003-2024 Anope Team
+ * Contact us at team@anope.org
+ *
+ * Please read COPYING and README for further details.
+ */
+
+#pragma once
+
+class OperInfo
+{
+protected:
+	OperInfo() = default;
+
+	OperInfo(const Anope::string &t, const Anope::string &i, const Anope::string &a, time_t c)
+		: target(t)
+		, info(i)
+		, adder(a)
+		, created(c)
+	{
+	}
+
+public:
+	Anope::string target;
+	Anope::string info;
+	Anope::string adder;
+	time_t created = 0;
+
+	virtual ~OperInfo() = default;
+};
+
+class OperInfoList
+	: public Serialize::Checker<std::vector<OperInfo *>>
+{
+public:
+	OperInfoList()
+		: Serialize::Checker<std::vector<OperInfo *>>("OperInfo")
+	{
+	}
+
+	virtual ~OperInfoList()
+	{
+		for (auto *info : *(*this))
+			delete info;
+	}
+
+	virtual OperInfo *Create() = 0;
+};
@@ -54,6 +54,15 @@ public:
 	 */
 	virtual void EraseCert(const Anope::string &entry) = 0;

+	/** Replaces a fingerprint in the nick's certificate list
+	 *
+	 * @param oldentry The old fingerprint to remove
+	 * @param newentry The new fingerprint to add
+	 *
+	 * Replaces the specified fingerprint in the cert list.
+	 */
+	virtual void ReplaceCert(const Anope::string &oldentry, const Anope::string &newentry) = 0;
+
 	/** Clears the entire nick's cert list
 	 *
 	 * Deletes all the memory allocated in the certificate list vector and then clears the vector.
@@ -69,5 +78,5 @@ class CertService
 public:
 	CertService(Module *c) : Service(c, "CertService", "certs") { }

-	virtual NickCore* FindAccountFromCert(const Anope::string &cert) = 0;
+	virtual NickCore *FindAccountFromCert(const Anope::string &cert) = 0;
 };
@@ -41,7 +41,7 @@ public:

 	virtual void RemoveForbid(ForbidData *d) = 0;

-	virtual ForbidData* CreateForbid() = 0;
+	virtual ForbidData *CreateForbid() = 0;

 	virtual ForbidData *FindForbid(const Anope::string &mask, ForbidType type) = 0;

@@ -29,7 +29,7 @@ struct Exception final

 	Exception() : Serializable("Exception") { }
 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data);
 };

 class SessionService
@@ -70,7 +70,7 @@ void Exception::Serialize(Serialize::Data &data) const
 	data["expires"] << this->expires;
 }

-Serializable* Exception::Unserialize(Serializable *obj, Serialize::Data &data)
+Serializable *Exception::Unserialize(Serializable *obj, Serialize::Data &data)
 {
 	if (!session_service)
 		return NULL;
@@ -8,21 +8,68 @@

 #pragma once

+#define GLOBAL_NO_MESSAGE     _("You do not have any messages queued and did not specify a message to send.")
+#define GLOBAL_QUEUE_CONFLICT _("You can not send a single message while you have messages queued.")
+
 class GlobalService
 	: public Service
 {
 public:
-	GlobalService(Module *m) : Service(m, "GlobalService", "Global")
+	GlobalService(Module *m)
+		: Service(m, "GlobalService", "Global")
 	{
 	}

 	/** Retrieves the bot which sends global messages unless otherwise specified. */
-	virtual Reference<BotInfo> GetDefaultSender() = 0;
+	virtual Reference<BotInfo> GetDefaultSender() const = 0;

-	/** Send out a global message to all users
-	 * @param sender Our client which should send the global
-	 * @param source The sender of the global
-	 * @param message The message
+	/** Clears any queued messages for the specified account.
+	 * @param nc The account to clear queued messages for.
 	 */
-	virtual void SendGlobal(BotInfo *sender, const Anope::string &source, const Anope::string &message) = 0;
+	virtual void ClearQueue(NickCore *nc) = 0;
+
+	/** Retrieves the size of the messages queue for the specified user.
+	 * @param nc The account to count queued messages for.
+	 */
+	inline size_t CountQueue(NickCore* nc) const
+	{
+		auto *q = GetQueue(nc);
+		return q ? q->size() : 0;
+	}
+
+	/** Retrieves the messages queue for the specified user.
+	 * @param nc The account to retrieve queued messages for.
+	 */
+	virtual const std::vector<Anope::string> *GetQueue(NickCore* nc) const = 0;
+
+	/** Queues a message to be sent later.
+	 * @param nc The account to queue the message for.
+	 * @param message The message to queue.
+	 * @return The new number of messages in the queue.
+	 */
+	virtual size_t Queue(NickCore *nc, const Anope::string &message) = 0;
+
+	/** Sends a single message to all users on the network.
+	 * @param message The message to send.
+	 * @param source If non-nullptr then the source of the message.
+	 * @param sender If non-nullptr then the bot to send the message from.
+	 * @param server If non-nullptr then the server to send messages to.
+	 * @return If the message was sent then true; otherwise, false.
+	 */
+	virtual bool SendSingle(const Anope::string &message, CommandSource *source = nullptr, BotInfo *sender = nullptr, Server *server = nullptr) = 0;
+
+	/** Sends a message queue to all users on the network.
+	 * @param source The source of the message.
+	 * @param sender If non-nullptr then the bot to send the message from.
+	 * @param server If non-nullptr then the server to send messages to.
+	 * @return If the message queue was sent then true; otherwise, false.
+	 */
+	virtual bool SendQueue(CommandSource &source, BotInfo *sender = nullptr, Server *server = nullptr) = 0;
+
+	/** Unqueues a message from the message queue.
+	 * @param nc The account to unqueue the message from.
+	 * @param idx The index of the item to remove.
+	 * @return Whether the message was removed from the queue.
+	 */
+	virtual bool Unqueue(NickCore *nc, size_t idx) = 0;
 };
@@ -32,7 +32,7 @@ namespace SASL

 		virtual Anope::string GetAgent() = 0;

-		virtual Session* GetSession(const Anope::string &uid) = 0;
+		virtual Session *GetSession(const Anope::string &uid) = 0;

 		virtual void SendMessage(SASL::Session *session, const Anope::string &type, const Anope::string &data) = 0;

@@ -67,7 +67,7 @@ namespace SASL
 	public:
 		Mechanism(Module *o, const Anope::string &sname) : Service(o, "SASL::Mechanism", sname) { }

-		virtual Session* CreateSession(const Anope::string &uid) { return new Session(this, uid); }
+		virtual Session *CreateSession(const Anope::string &uid) { return new Session(this, uid); }

 		virtual void ProcessMessage(Session *session, const Message &) = 0;

@@ -8,6 +8,8 @@

 #pragma once

+#include <stdexcept>
+
 namespace SQL
 {

@@ -24,7 +26,7 @@ namespace SQL
 			Clear();
 		}

-		std::iostream& operator[](const Anope::string &key) override
+		std::iostream &operator[](const Anope::string &key) override
 		{
 			std::stringstream *&ss = data[key];
 			if (!ss)
@@ -107,7 +109,7 @@ namespace SQL
 		Query() { }
 		Query(const Anope::string &q) : query(q) { }

-		Query& operator=(const Anope::string &q)
+		Query &operator=(const Anope::string &q)
 		{
 			this->query = q;
 			this->parameters.clear();
@@ -124,15 +126,14 @@ namespace SQL
 			return !(*this == other);
 		}

-		template<typename T> void SetValue(const Anope::string &key, const T& value, bool escape = true)
+		template<typename T> void SetValue(const Anope::string &key, const T &value, bool escape = true)
 		{
-			try
-			{
-				Anope::string string_value = stringify(value);
-				this->parameters[key].data = string_value;
-				this->parameters[key].escape = escape;
-			}
-			catch (const ConvertException &ex) { }
+			auto str = Anope::TryString(value);
+			if (!str.has_value())
+				return;
+
+			this->parameters[key].data = str.value();
+			this->parameters[key].escape = escape;
 		}
 	};

@@ -18,7 +18,7 @@ public:
 	Anope::string name;
 	Anope::string id;
 	std::deque<Anope::string> data;
-	HTTPReply& r;
+	HTTPReply &r;

 	XMLRPCRequest(HTTPReply &_r) : r(_r) { }
 	inline void reply(const Anope::string &dname, const Anope::string &ddata) { this->replies.emplace(dname, ddata); }
@@ -0,0 +1,35 @@
+/*
+ *
+ * (C) 2003-2024 Anope Team
+ * Contact us at team@anope.org
+ *
+ * Please read COPYING and README for further details.
+ *
+ * Based on the original code of Epona by Lara.
+ * Based on the original code of Services by Andy Church.
+ */
+
+#pragma once
+
+enum
+{
+	RPL_STATSLINKINFO = 211,
+	RPL_ENDOFSTATS    = 219,
+	RPL_STATSUPTIME   = 242,
+	RPL_STATSOLINE    = 243,
+	RPL_STATSCONN     = 250,
+	RPL_WHOISREGNICK  = 307,
+	RPL_WHOISUSER     = 311,
+	RPL_WHOISSERVER   = 312,
+	RPL_WHOISOPERATOR = 313,
+	RPL_WHOISIDLE     = 317,
+	RPL_ENDOFWHOIS    = 318,
+	RPL_VERSION       = 351,
+	RPL_MOTD          = 372,
+	RPL_MOTDSTART     = 375,
+	RPL_ENDOFMOTD     = 376,
+	RPL_YOUREOPER     = 381,
+	RPL_TIME          = 391,
+	ERR_NOSUCHNICK    = 401,
+	ERR_NOMOTD        = 422,
+};
@@ -23,7 +23,7 @@ struct CoreExport Oper
 	/* Whether the user must be an IRC operator (umode +o) to be considered a services operator */
 	bool require_oper = true;
 	Anope::string password;
-	Anope::string certfp;
+	std::vector<Anope::string> certfp;
 	/* Hosts allowed to use this operator block */
 	std::vector<Anope::string> hosts;
 	Anope::string vhost;
@@ -115,10 +115,10 @@ public:
 	/** Gets the icommands for this opertype
 	 * @return A list of commands
 	 */
-	const std::list<Anope::string> GetCommands() const;
+	std::list<Anope::string> GetCommands() const;

 	/** Gets the privileges for this opertype
 	 * @return A list of privileges
 	 */
-	const std::list<Anope::string> GetPrivs() const;
+	std::list<Anope::string> GetPrivs() const;
 };
@@ -16,6 +16,17 @@
 #include "service.h"
 #include "modes.h"

+/** Thrown when a protocol error happens. */
+class CoreExport ProtocolException final
+	: public ModuleException
+{
+public:
+	ProtocolException(const Anope::string &message)
+		: ModuleException(message)
+	{
+	}
+};
+
 /* Encapsulates the IRCd protocol we are speaking. */
 class CoreExport IRCDProto
 	: public Service
@@ -25,61 +36,114 @@ class CoreExport IRCDProto
 protected:
 	IRCDProto(Module *creator, const Anope::string &proto_name);
 public:
+	/** Retrieves the protocol name. */
+	const Anope::string &GetProtocolName() const { return proto_name; }
+
 	virtual ~IRCDProto();

-	virtual void SendSVSKillInternal(const MessageSource &, User *, const Anope::string &);
-	virtual void SendModeInternal(const MessageSource &, const Channel *, const Anope::string &);
-	virtual void SendModeInternal(const MessageSource &, User *, const Anope::string &);
-	virtual void SendKickInternal(const MessageSource &, const Channel *, User *, const Anope::string &);
-	virtual void SendNoticeInternal(const MessageSource &, const Anope::string &dest, const Anope::string &msg);
-	virtual void SendPrivmsgInternal(const MessageSource &, const Anope::string &dest, const Anope::string &buf);
-	virtual void SendQuitInternal(User *, const Anope::string &buf);
-	virtual void SendPartInternal(User *, const Channel *chan, const Anope::string &buf);
-	virtual void SendGlobopsInternal(const MessageSource &, const Anope::string &buf);
+	virtual void SendNoticeInternal(const MessageSource &, const Anope::string &dest, const Anope::string &msg, const Anope::map<Anope::string> &tags = {});
+	virtual void SendPrivmsgInternal(const MessageSource &, const Anope::string &dest, const Anope::string &msg, const Anope::map<Anope::string> &tags = {});
 	virtual void SendCTCPInternal(const MessageSource &, const Anope::string &dest, const Anope::string &buf);
-	virtual void SendNumericInternal(int numeric, const Anope::string &dest, const Anope::string &buf);

-	const Anope::string &GetProtocolName();
-	virtual bool Parse(const Anope::string &, Anope::map<Anope::string> &, Anope::string &, Anope::string &, std::vector<Anope::string> &);
-	virtual Anope::string Format(const Anope::string &source, const Anope::string &message);
+	/** Parses an incoming message from the IRC server.
+	 * @param message The message to parse.
+	 * @param tags The location to store tags.
+	 * @param source The location to store the source.
+	 * @param command The location to store the command name.
+	 * @param params The location to store the parameters.
+	 * @return If the message was well formed then true; otherwise, false.
+	 */
+	virtual bool Parse(const Anope::string &message, Anope::map<Anope::string> &tags, Anope::string &source, Anope::string &command, std::vector<Anope::string> &params);
+
+	/* Formats an outgoing message so it can be sent to the IRC server.
+	 * @param message The location to store the formatted message.
+	 * @param tags IRCv3 message tags.
+	 * @param source Source of the message.
+	 * @param command Command name.
+	 * @param params Any extra parameters.
+	 * @return If the message was formatted then true; otherwise, false.
+	 */
+	virtual bool Format(Anope::string &message, const Anope::map<Anope::string> &tags, const MessageSource &source, const Anope::string &command, const std::vector<Anope::string> &params);

 	/* Modes used by default by our clients */
-	Anope::string DefaultPseudoclientModes;
+	Anope::string DefaultPseudoclientModes = "+io";
+
 	/* Can we force change a users's nick? */
-	bool CanSVSNick;
+	bool CanSVSNick = false;
+
 	/* Can we force join or part users? */
-	bool CanSVSJoin;
-	/* Can we set vhosts/vidents on users? */
-	bool CanSetVHost, CanSetVIdent;
+	bool CanSVSJoin = false;
+
+	/** Can we force servers to remove opers? */
+	bool CanSVSNOOP = false;
+
+	/* Can we set vhosts on users? */
+	bool CanSetVHost = false;
+
+	/* Can we set vidents on users? */
+	bool CanSetVIdent = false;
+
 	/* Can we ban specific gecos from being used? */
-	bool CanSNLine;
+	bool CanSNLine = false;
+
 	/* Can we ban specific nicknames from being used? */
-	bool CanSQLine;
+	bool CanSQLine = false;
+
 	/* Can we ban specific channel names from being used? */
-	bool CanSQLineChannel;
+	bool CanSQLineChannel = false;
+
 	/* Can we ban by IP? */
-	bool CanSZLine;
+	bool CanSZLine = false;
+
 	/* Can we place temporary holds on specific nicknames? */
-	bool CanSVSHold;
+	bool CanSVSHold = false;
+
 	/* See ns_cert */
-	bool CanCertFP;
-	/* Can we send arbitrary message tags? */
-	bool CanSendTags;
+	bool CanCertFP = false;
+
 	/* Can users log out before being fully connected? */
-	bool CanSVSLogout;
+	bool CanSVSLogout = false;
+
 	/* Whether this IRCd requires unique IDs for each user or server. See TS6/P10. */
-	bool RequiresID;
+	bool RequiresID = false;
+
 	/* If this IRCd has unique ids, whether the IDs and nicknames are ambiguous */
-	bool AmbiguousID;
-	/* The maximum number of modes we are allowed to set with one MODE command */
-	unsigned MaxModes;
+	bool AmbiguousID = false;
+
+	/** Can we ask the server to unban a user? */
+	bool CanClearBans = false;
+
+	/* The maximum length of a channel name. */
+	size_t MaxChannel = 0;
+
+	/* The maximum length of a hostname. */
+	size_t MaxHost = 0;
+
 	/* The maximum number of bytes a line may have */
-	unsigned MaxLine;
+	size_t MaxLine = 512;
+
+	/* The maximum number of modes we are allowed to set with one MODE command */
+	size_t MaxModes = 3;
+
+	/* The maximum length of a nickname. */
+	size_t MaxNick = 0;
+
+	/* The maximum length of a username. */
+	size_t MaxUser = 0;
+

 	/* Retrieves the next free UID or SID */
 	virtual Anope::string UID_Retrieve();
 	virtual Anope::string SID_Retrieve();

+	/** Extracts a timestamp from a string. */
+	virtual time_t ExtractTimestamp(const Anope::string &str);
+
+	/** Sends an error to the uplink before disconnecting.
+	 * @param reason The error message.
+	 */
+	virtual void SendError(const Anope::string &reason);
+
 	/** Sets the server in NOOP mode. If NOOP mode is enabled, no users
 	 * will be able to oper on the server.
 	 * @param s The server
@@ -98,8 +162,8 @@ public:
 	 * @param vident The ident to set
 	 * @param vhost The vhost to set
 	 */
-	virtual void SendVhost(User *u, const Anope::string &vident, const Anope::string &vhost) { }
-	virtual void SendVhostDel(User *) { }
+	virtual void SendVHost(User *u, const Anope::string &vident, const Anope::string &vhost) { }
+	virtual void SendVHostDel(User *) { }

 	/** Sets an akill. This is a recursive function that can be called multiple times
 	 * for the same xline, but for different users, if the xline is not one that can be
@@ -127,19 +191,30 @@ public:
 	/** Kills a user
 	 * @param source Who is doing the kill
 	 * @param user The user to be killed
-	 * @param fmt Kill reason
+	 * @param msg Kill reason
 	 */
-	virtual void SendSVSKill(const MessageSource &source, User *user, const char *fmt, ...) ATTR_FORMAT(4, 5);
+	virtual void SendSVSKill(const MessageSource &source, User *user, const Anope::string &msg);

-	virtual void SendMode(const MessageSource &source, const Channel *dest, const char *fmt, ...) ATTR_FORMAT(4, 5);
-	virtual void SendMode(const MessageSource &source, User *u, const char *fmt, ...) ATTR_FORMAT(4, 5);
+	virtual void SendModeInternal(const MessageSource &source, Channel *chan, const Anope::string &modes, const std::vector<Anope::string> &values);
+	template <typename... Args>
+	void SendMode(const MessageSource &source, Channel *chan, const Anope::string &modes, Args &&...args)
+	{
+		SendModeInternal(source, chan, modes, { Anope::ToString(args)... });
+	}
+
+	virtual void SendModeInternal(const MessageSource &source, User *u, const Anope::string &modes, const std::vector<Anope::string> &values);
+	template <typename... Args>
+	void SendMode(const MessageSource &source, User *u, const Anope::string &modes, Args &&...args)
+	{
+		SendModeInternal(source, u, modes, { Anope::ToString(args)... });
+	}

 	/** Introduces a client to the rest of the network
 	 * @param u The client to introduce
 	 */
 	virtual void SendClientIntroduction(User *u) = 0;

-	virtual void SendKick(const MessageSource &source, const Channel *chan, User *user, const char *fmt, ...) ATTR_FORMAT(5, 6);
+	virtual void SendKick(const MessageSource &source, const Channel *chan, User *user, const Anope::string &msg);

 	virtual void SendNotice(const MessageSource &source, const Anope::string &dest, const char *fmt, ...) ATTR_FORMAT(4, 5);
 	virtual void SendPrivmsg(const MessageSource &source, const Anope::string &dest, const char *fmt, ...) ATTR_FORMAT(4, 5);
@@ -149,7 +224,10 @@ public:
 	virtual void SendGlobalNotice(BotInfo *bi, const Server *dest, const Anope::string &msg) = 0;
 	virtual void SendGlobalPrivmsg(BotInfo *bi, const Server *desc, const Anope::string &msg) = 0;

-	virtual void SendQuit(User *u, const char *fmt, ...) ATTR_FORMAT(3, 4);
+	virtual void SendContextNotice(BotInfo *bi, User *target, Channel *context, const Anope::string &msg);
+	virtual void SendContextPrivmsg(BotInfo *bi, User *target, Channel *context, const Anope::string &msg);
+
+	virtual void SendQuit(User *u, const Anope::string &msg);
 	virtual void SendPing(const Anope::string &servname, const Anope::string &who);
 	virtual void SendPong(const Anope::string &servname, const Anope::string &who);

@@ -161,7 +239,7 @@ public:
 	 * stacker to be set "soon".
 	 */
 	virtual void SendJoin(User *u, Channel *c, const ChannelStatus *status) = 0;
-	virtual void SendPart(User *u, const Channel *chan, const char *fmt, ...) ATTR_FORMAT(4, 5);
+	virtual void SendPart(User *u, const Channel *chan, const Anope::string &msg);

 	/** Force joins a user that isn't ours to a channel.
 	 * @param bi The source of the message
@@ -180,7 +258,7 @@ public:
 	virtual void SendSVSPart(const MessageSource &source, User *u, const Anope::string &chan, const Anope::string &param) { }

 	virtual void SendInvite(const MessageSource &source, const Channel *c, User *u);
-	virtual void SendGlobops(const MessageSource &source, const char *fmt, ...) ATTR_FORMAT(3, 4);
+	virtual void SendGlobops(const MessageSource &source, const Anope::string &msg);

 	/** Sends a nick change of one of our clients.
 	 */
@@ -211,7 +289,12 @@ public:
 	virtual void SendServer(const Server *) = 0;
 	virtual void SendSquit(Server *, const Anope::string &message);

-	virtual void SendNumeric(int numeric, const Anope::string &dest, const char *fmt, ...) ATTR_FORMAT(4, 5);
+	virtual void SendNumericInternal(int numeric, const Anope::string &dest, const std::vector<Anope::string> &params);
+	template <typename... Args>
+	void SendNumeric(int numeric, const Anope::string &dest, Args &&...args)
+	{
+		SendNumericInternal(numeric, dest, { Anope::ToString(args)... });
+	}

 	virtual void SendLogin(User *u, NickAlias *na) = 0;
 	virtual void SendLogout(User *u) = 0;
@@ -219,13 +302,15 @@ public:
 	/** Send a channel creation message to the uplink.
 	 * On most TS6 IRCds this is a SJOIN with no nick
 	 */
-	virtual void SendChannel(Channel *c) { }
+	virtual void SendChannel(Channel *c) = 0;

 	/** Make the user an IRC operator
 	 * Normally this is a simple +o, though some IRCds require us to send the oper type
 	 */
 	virtual void SendOper(User *u);

+	virtual void SendClearBans(const MessageSource &user, Channel *c, User* u) { }
+
 	virtual void SendSASLMechanisms(std::vector<Anope::string> &) { }
 	virtual void SendSASLMessage(const SASL::Message &) { }
 	virtual void SendSVSLogin(const Anope::string &uid, NickAlias *na) { }
@@ -235,14 +320,15 @@ public:
 	virtual bool IsIdentValid(const Anope::string &);
 	virtual bool IsHostValid(const Anope::string &);
 	virtual bool IsExtbanValid(const Anope::string &) { return false; }
+	virtual bool IsTagValid(const Anope::string &, const Anope::string &) { return false; }

 	/** Retrieve the maximum number of list modes settable on this channel
 	 * Defaults to Config->ListSize
 	 */
-	virtual unsigned GetMaxListFor(Channel *c);
-	virtual unsigned GetMaxListFor(Channel *c, ChannelMode *cm);
+	virtual size_t GetMaxListFor(Channel *c, ChannelMode *cm);

 	virtual Anope::string NormalizeMask(const Anope::string &mask);
+
 };

 class CoreExport MessageSource final
@@ -252,7 +338,7 @@ class CoreExport MessageSource final
 	Server *s = nullptr;

 public:
-	MessageSource(const Anope::string &);
+	explicit MessageSource(const Anope::string &);
 	MessageSource(User *u);
 	MessageSource(Server *s);
 	const Anope::string &GetName() const;
@@ -262,26 +348,57 @@ public:
 	Server *GetServer() const;
 };

-enum IRCDMessageFlag
-{
-	IRCDMESSAGE_SOFT_LIMIT,
-	IRCDMESSAGE_REQUIRE_SERVER,
-	IRCDMESSAGE_REQUIRE_USER
-};

+/** Base class for protocol module message handlers. */
 class CoreExport IRCDMessage
 	: public Service
 {
-	Anope::string name;
-	unsigned param_count;
-	std::set<IRCDMessageFlag> flags;
 public:
-	IRCDMessage(Module *owner, const Anope::string &n, unsigned p = 0);
-	unsigned GetParamCount() const;
-	virtual void Run(MessageSource &, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) = 0;
+	/** An enumeration of potential flags a command can have. */
+	enum Flag
+		: uint8_t
+	{
+		/** The parameter count is a minimum instead of an exact limit. */
+		FLAG_SOFT_LIMIT,

-	void SetFlag(IRCDMessageFlag f) { flags.insert(f); }
-	bool HasFlag(IRCDMessageFlag f) const { return flags.count(f); }
+		/** The message must come from a server. */
+		FLAG_REQUIRE_SERVER,
+
+		/** The message must come from a user. */
+		FLAG_REQUIRE_USER,
+
+		/** The highest flag possible. */
+		FLAG_MAX,
+	};
+
+private:
+	/** The name of the message (e.g. PRIVMSG). */
+	const Anope::string name;
+
+	/** The number of parameters this command takes. */
+	const size_t param_count;
+
+	/** The flags that are set on the command. */
+	std::bitset<FLAG_MAX> flags;
+
+public:
+	IRCDMessage(Module *o, const Anope::string &n, size_t pc = 0);
+
+	/** Retrieves the parameter count. */
+	inline size_t GetParamCount() const { return param_count; }
+
+	/** Runs the handler for this message.
+	 * @param source Entity that sent the message.
+	 * @param params Message parameters
+	 * @param tags Message tags
+	 */
+	virtual void Run(MessageSource &source, const std::vector<Anope::string> &params, const Anope::map<Anope::string> &tags) = 0;
+
+	/** Sets the flags for this message. */
+	inline void SetFlag(Flag flag, bool value = true) { flags.set(flag, value); }
+
+	/** Determines if a flag is set. */
+	inline bool HasFlag(Flag flag) const { return flags[flag]; }
 };

 /** MessageTokenizer allows tokens in the IRC wire format to be read from a string */
@@ -16,7 +16,7 @@
 #include "serialize.h"
 #include "bots.h"

-typedef Anope::hash_map<ChannelInfo *> registered_channel_map;
+typedef Anope::unordered_map<ChannelInfo *> registered_channel_map;

 extern CoreExport Serialize::Checker<registered_channel_map> RegisteredChannelList;

@@ -39,7 +39,7 @@ public:
 	AutoKick();
 	~AutoKick();
 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);
 };

 /* It matters that Base is here before Extensible (it is inherited by Serializable)
@@ -95,10 +95,10 @@ public:
 	ChannelInfo(const ChannelInfo &ci);

 	~ChannelInfo();
-	ChannelInfo& operator=(const ChannelInfo &) = default;
+	ChannelInfo &operator=(const ChannelInfo &) = default;

 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);

 	/** Change the founder of the channel
 	 * @params nc The new founder
@@ -169,7 +169,7 @@ public:
 	 * @param t The time the akick was added, defaults to now
 	 * @param lu The time the akick was last used, defaults to never
 	 */
-	AutoKick* AddAkick(const Anope::string &user, NickCore *akicknc, const Anope::string &reason, time_t t = Anope::CurTime, time_t lu = 0);
+	AutoKick *AddAkick(const Anope::string &user, NickCore *akicknc, const Anope::string &reason, time_t t = Anope::CurTime, time_t lu = 0);

 	/** Add an akick entry to the channel by reason
 	 * @param user The user who added the akick
@@ -178,13 +178,13 @@ public:
 	 * @param t The time the akick was added, defaults to now
 	 * @param lu The time the akick was last used, defaults to never
 	 */
-	AutoKick* AddAkick(const Anope::string &user, const Anope::string &mask, const Anope::string &reason, time_t t = Anope::CurTime, time_t lu = 0);
+	AutoKick *AddAkick(const Anope::string &user, const Anope::string &mask, const Anope::string &reason, time_t t = Anope::CurTime, time_t lu = 0);

 	/** Get an entry from the channel akick list
 	 * @param index The index in the akick vector
 	 * @return The akick structure, or NULL if not found
 	 */
-	AutoKick* GetAkick(unsigned index) const;
+	AutoKick *GetAkick(unsigned index) const;

 	/** Get the size of the akick vector for this channel
 	 * @return The akick vector size
@@ -238,7 +238,7 @@ public:
 	 * @param name channel name to lookup
 	 * @return the ChannelInfo associated with the channel
 	 */
-	static ChannelInfo* Find(const Anope::string &name);
+	static ChannelInfo *Find(const Anope::string &name);

 	void AddChannelReference(const Anope::string &what);
 	void RemoveChannelReference(const Anope::string &what);
@@ -29,7 +29,7 @@ namespace Serialize

 		virtual ~Data() = default;

-		virtual std::iostream& operator[](const Anope::string &key) = 0;
+		virtual std::iostream &operator[](const Anope::string &key) = 0;
 		virtual std::set<Anope::string> KeySet() const { throw CoreException("Not supported"); }
 		virtual size_t Hash() const { throw CoreException("Not supported"); }

@@ -97,7 +97,7 @@ public:
 	/** Get the type of serializable object this is
 	 * @return The serializable object type
 	 */
-	Serialize::Type* GetSerializableType() const { return this->s_type; }
+	Serialize::Type *GetSerializableType() const { return this->s_type; }

 	virtual void Serialize(Serialize::Data &data) const = 0;

@@ -111,7 +111,7 @@ public:
 class CoreExport Serialize::Type final
 	: public Base
 {
-	typedef Serializable* (*unserialize_func)(Serializable *obj, Serialize::Data &);
+	typedef Serializable *(*unserialize_func)(Serializable *obj, Serialize::Data &);

 	static std::vector<Anope::string> TypeOrder;
 	static std::map<Anope::string, Serialize::Type *> Types;
@@ -168,7 +168,7 @@ public:
 	 */
 	void UpdateTimestamp();

-	Module* GetOwner() const { return this->owner; }
+	Module *GetOwner() const { return this->owner; }

 	static Serialize::Type *Find(const Anope::string &name);

@@ -201,23 +201,23 @@ class Serialize::Checker
 public:
 	Checker(const Anope::string &n) : name(n) { }

-	inline const T* operator->() const
+	inline const T *operator->() const
 	{
 		this->Check();
 		return &this->obj;
 	}
-	inline T* operator->()
+	inline T *operator->()
 	{
 		this->Check();
 		return &this->obj;
 	}

-	inline const T& operator*() const
+	inline const T &operator*() const
 	{
 		this->Check();
 		return this->obj;
 	}
-	inline T& operator*()
+	inline T &operator*()
 	{
 		this->Check();
 		return this->obj;
@@ -305,7 +305,7 @@ public:
 		return NULL;
 	}

-	inline T* operator*() const
+	inline T *operator*() const
 	{
 		if (!this->invalid)
 		{
@@ -318,7 +318,7 @@ public:
 		return NULL;
 	}

-	inline T* operator->() const
+	inline T *operator->() const
 	{
 		if (!this->invalid)
 		{
@@ -25,7 +25,7 @@ namespace Servers
 	 * the only server whose uplink *is* Me that is not a juped server.
 	 * @return Our uplink, or NULL if not uplinked to anything
 	 */
-	extern CoreExport Server* GetUplink();
+	extern CoreExport Server *GetUplink();

 	/* Server maps by name and id */
 	extern CoreExport Anope::map<Server *> ByName;
@@ -11,39 +11,33 @@

 #pragma once

+#include <cstdarg>
+#include <cstddef>
+#include <cstdint>
+#include <cstdio>
+#include <cstdlib>
+
+#include <algorithm>
+#include <bitset>
+#include <deque>
+#include <exception>
+#include <fstream>
+#include <iostream>
+#include <list>
+#include <map>
+#include <set>
+#include <sstream>
+#include <vector>
+
+#ifndef _WIN32
+# include <unistd.h>
+#endif
+
+#include "defs.h"
 #include "sysconf.h"

 #define BUFSIZE 1024

-#include <cstdio>
-#include <cstdlib>
-#include <cstdarg>
-#include <stdexcept>
-
-#include <cstring>
-
-#ifndef _WIN32
-#include <unistd.h>
-#endif
-
-/* Pull in the various bits of STL */
-#include <cstdint>
-#include <cstddef>
-#include <iostream>
-#include <fstream>
-#include <sstream>
-#include <map>
-#include <exception>
-#include <list>
-#include <vector>
-#include <deque>
-#include <bitset>
-#include <set>
-#include <algorithm>
-#include <iterator>
-
-#include "defs.h"
-
 #define _(x) x

 #ifndef _WIN32
@@ -313,7 +313,7 @@ public:

 	/** Gets the new line from the input buffer, if any
 	 */
-	const Anope::string GetLine();
+	Anope::string GetLine();

 	/** Write to the socket
 	* @param message The message
@@ -20,6 +20,24 @@
 // Whether Anope was built in debug mode.
 #cmakedefine01 DEBUG_BUILD

+// The default config directory.
+#define DEFAULT_CONF_DIR "@CONF_DIR@"
+
+// The default data directory.
+#define DEFAULT_DATA_DIR "@DATA_DIR@"
+
+// The default locale directory.
+#define DEFAULT_LOCALE_DIR "@LOCALE_DIR@"
+
+// The default log directory.
+#define DEFAULT_LOG_DIR "@LOG_DIR@"
+
+// The default module directory.
+#define DEFAULT_MODULE_DIR "@MODULE_DIR@"
+
+// Whether the clock_gettime() function is available.
+#cmakedefine01 HAVE_CLOCK_GETTIME
+
 // Whether Anope was built with localization support.
 #cmakedefine01 HAVE_LOCALIZATION

@@ -29,10 +47,6 @@
 #ifdef _WIN32
 # define popen _popen
 # define pclose _pclose
-# ifdef _MSC_VER
-#  define PATH_MAX MAX_PATH
-# endif
-# define sleep(x) Sleep(x * 1000)
 #endif

 #if defined __GNUC__
@@ -26,7 +26,7 @@ private:

 public:
 	/* Handle for this thread */
-	std::thread *handle = nullptr;
+	std::unique_ptr<std::thread> handle;

 	/** Threads destructor
 	 */
@@ -18,7 +18,7 @@ class CoreExport Timer
 private:
 	/** The owner of the timer, if any
 	 */
-	Module *owner;
+	Module *owner = nullptr;

 	/** The triggering time
 	 */
@@ -13,10 +13,36 @@

 #include "sockets.h"
 #include "protocol.h"
+#include "servers.h"

 namespace Uplink
 {
 	extern void Connect();
+	extern CoreExport void SendInternal(const Anope::map<Anope::string> &, const MessageSource &, const Anope::string &, const std::vector<Anope::string> &);
+
+	template<typename... Args>
+	void Send(const Anope::map<Anope::string> &tags, const MessageSource &source, const Anope::string &command, Args &&...args)
+	{
+		SendInternal(tags, source, command, { Anope::ToString(args)... });
+	}
+
+	template<typename... Args>
+	void Send(const Anope::map<Anope::string> &tags, const Anope::string &command, Args &&...args)
+	{
+		SendInternal(tags, Me, command, { Anope::ToString(args)... });
+	}
+
+	template<typename... Args>
+	void Send(const MessageSource &source, const Anope::string &command, Args &&...args)
+	{
+		SendInternal({}, source, command, { Anope::ToString(args)... });
+	}
+
+	template<typename... Args>
+	void Send(const Anope::string &command, Args &&...args)
+	{
+		SendInternal({}, Me, command, { Anope::ToString(args)... });
+	}
 }

 /* This is the socket to our uplink */
@@ -31,22 +57,5 @@ public:
 	bool ProcessRead() override;
 	void OnConnect() override;
 	void OnError(const Anope::string &) override;
-
-	/* A message sent over the uplink socket */
-	class CoreExport Message final
-	{
-		MessageSource source;
-		std::stringstream buffer;
-
-	public:
-		Message();
-		Message(const MessageSource &);
-		~Message();
-		template<typename T> Message &operator<<(const T &val)
-		{
-			this->buffer << val;
-			return *this;
-		}
-	};
 };
 extern CoreExport UplinkSocket *UplinkSock;
@@ -19,7 +19,7 @@
 #include "account.h"
 #include "sockets.h"

-typedef Anope::hash_map<User *> user_map;
+typedef Anope::unordered_map<User *> user_map;

 extern CoreExport user_map UserListByNick, UserListByUID;

@@ -44,8 +44,6 @@ protected:
 	Anope::string vident;
 	Anope::string ident;
 	Anope::string uid;
-	/* If the user is on the access list of the nick they're on */
-	bool on_access;
 	/* Map of user modes and the params this user has (if any) */
 	ModeList modes;
 	/* NickCore account the user is currently logged in as, if they are logged in */
@@ -116,7 +114,7 @@ protected:
 	virtual ~User();

 public:
-	static User* OnIntroduce(const Anope::string &snick, const Anope::string &sident, const Anope::string &shost, const Anope::string &svhost, const Anope::string &sip, Server *sserver, const Anope::string &srealname, time_t ts, const Anope::string &smodes, const Anope::string &suid, NickCore *nc);
+	static User *OnIntroduce(const Anope::string &snick, const Anope::string &sident, const Anope::string &shost, const Anope::string &svhost, const Anope::string &sip, Server *sserver, const Anope::string &srealname, time_t ts, const Anope::string &smodes, const Anope::string &suid, NickCore *nc);

 	/** Update the nickname of a user record accordingly, should be
 	 * called from ircd protocol.
@@ -193,6 +191,7 @@ public:
 	 */
 	void SendMessage(BotInfo *source, const char *fmt, ...) ATTR_FORMAT(3, 4);
 	void SendMessage(BotInfo *source, const Anope::string &msg) override;
+	void SendMessage(CommandSource &source, const Anope::string &msg) override;

 	/** Identify the user to a nick.
 	 * updates last_seen, logs the user in,
@@ -222,12 +221,6 @@ public:
 	 */
 	bool IsIdentified(bool check_nick = false) const;

-	/** Check if the user is recognized for their nick (on the nicks access list)
-	 * @param check_secure Only returns true if the user has secure off
-	 * @return true or false
-	 */
-	bool IsRecognized(bool check_secure = true) const;
-
 	/** Check if the user is connected securely.
 	 * @return True if the user is connected securely; otherwise, false.
 	 */
@@ -250,8 +243,7 @@ public:
 	  */
 	bool HasPriv(const Anope::string &privstr);

-	/** Update the last usermask stored for a user, and check to see if they are recognized
-	 */
+	/** Update the last usermask stored for a user. */
 	void UpdateHost();

 	/** Check if the user has a mode
@@ -368,12 +360,15 @@ public:
 	 */
 	bool BadPassword();

+	/** Determines whether this user should receive a PRIVMSG instead of a NOTICE. */
+	bool ShouldPrivmsg() const;
+
 	/** Finds a user by nick, or possibly UID
 	 * @param name The nick, or possibly UID, to lookup
 	 * @param nick_only set to true to only look up by nick, not UID
 	 * @return the user, if they exist
 	 */
-	static User* Find(const Anope::string &name, bool nick_only = false);
+	static User *Find(const Anope::string &name, bool nick_only = false);

 	/** Quits all users who are pending to be quit
 	 */
@@ -42,7 +42,7 @@ static std::string get_git_hash(const std::string &git_dir)
 	}
 	fd.close();

-	return "g" + filebuf.substr(0, 7);
+	return filebuf.substr(0, 7);
 }

 static bool read_version_sh(const std::string &version_sh, std::map<std::string, std::string> &versions)
@@ -45,7 +45,7 @@ public:
 	bool IsRegex() const;

 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data);
 };

 /* Managers XLines. There is one XLineManager per type of XLine. */
@@ -125,7 +125,7 @@ public:
 	 * @param index The index
 	 * @return The XLine, or NULL if the index is out of bounds
 	 */
-	XLine* GetEntry(unsigned index);
+	XLine *GetEntry(unsigned index);

 	/** Clear the XLine vector
 	 * Note: This does not remove the XLines from the IRCd
@@ -145,7 +145,7 @@ public:
 	 * @param mask The mask
 	 * @return The XLine the user matches, or NULL
 	 */
-	XLine* HasEntry(const Anope::string &mask);
+	XLine *HasEntry(const Anope::string &mask);

 	/** Check a user against all of the xlines in this XLineManager
 	 * @param u The user
@@ -7,9 +7,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Anope\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-01-08 13:20+0000\n"
-"PO-Revision-Date: 2024-01-08 13:33+0000\n"
-"Last-Translator: Thomas Fargeix <t.fargeix@gmail.com>\n"
+"POT-Creation-Date: 2024-02-22 16:34+0000\n"
+"PO-Revision-Date: 2024-02-22 16:36+0000\n"
+"Last-Translator: Val Lorentz <progval+git@progval.net>\n"
 "Language-Team: French\n"
 "Language: fr_FR\n"
 "MIME-Version: 1.0\n"
@@ -2640,15 +2640,15 @@ msgid "Bot bans will no longer automatically expire."
 msgstr "Le bans du bot n'expireront plus automatiquement."

 #, c-format
-msgid "Bot hosts may only be %d characters long."
-msgstr "Les hosts des bots ne doivent contenir que %d caractères."
+msgid "Bot hosts may only be %zu characters long."
+msgstr "Les hosts des bots ne doivent contenir que %zu caractères."

 msgid "Bot hosts may only contain valid host characters."
 msgstr "Les hosts des bots ne doivent contenir que des caractères valides pour un host."

 #, c-format
-msgid "Bot idents may only be %d characters long."
-msgstr "Les ident des bots ne doivent contenir que %d caractères."
+msgid "Bot idents may only be %zu characters long."
+msgstr "Les ident des bots ne doivent contenir que %zu caractères."

 msgid "Bot idents may only contain valid ident characters."
 msgstr "Les ident des bots ne doivent contenir que des caractères valides pour un ident."
@@ -2664,8 +2664,8 @@ msgid "Bot nick"
 msgstr "Pseudo du bot"

 #, c-format
-msgid "Bot nicks may only be %d characters long."
-msgstr "Les pseudos des bots ne doivent contenir que %d caractères."
+msgid "Bot nicks may only be %zu characters long."
+msgstr "Les pseudos des bots ne doivent contenir que %zu caractères."

 msgid "Bot nicks may only contain valid nick characters."
 msgstr "Les pseudos des bots ne peuvent contenir que des caractères valides."
@@ -3949,12 +3949,12 @@ msgid "Error reloading configuration file: %s"
 msgstr "Erreur en rechargeant le fichier de configuration : %s"

 #, c-format
-msgid "Error! The vHost ident is too long, please use an ident shorter than %d characters."
-msgstr "Erreur ! L'ident du vHost est trop long, merci d'utiliser un ident plus court que %d caractères."
+msgid "Error! The vHost ident is too long, please use an ident shorter than %zu characters."
+msgstr "Erreur ! L'ident du vHost est trop long, merci d'utiliser un ident plus court que %zu caractères."

 #, c-format
-msgid "Error! The vHost is too long, please use a hostname shorter than %d characters."
-msgstr "Erreur ! Le vHost est trop long, merci d'utiliser un hostname plus court que %d caractères."
+msgid "Error! The vHost is too long, please use a hostname shorter than %zu characters."
+msgstr "Erreur ! Le vHost est trop long, merci d'utiliser un hostname plus court que %zu caractères."

 msgid ""
 "Examples:\n"
@@ -5140,8 +5140,8 @@ msgid "Nick %s isn't registered."
 msgstr "Le pseudo %s n'est pas enregistré."

 #, c-format
-msgid "Nick %s was truncated to %u characters."
-msgstr "Le pseudo %s a été tronqué à %u caractères."
+msgid "Nick %s was truncated to %zu characters."
+msgstr "Le pseudo %s a été tronqué à %zu caractères."

 #, c-format
 msgid "Nick %s will expire."
@@ -5184,8 +5184,8 @@ msgid "Nick %s is now suspended."
 msgstr "Le pseudo %s a été suspendu."

 #, c-format
-msgid "Nick too long, max length is %u characters."
-msgstr "Pseudo trop long, la taille maximale est de %u caractères."
+msgid "Nick too long, max length is %zu characters."
+msgstr "Pseudo trop long, la taille maximale est de %zu caractères."

 #, c-format
 msgid "Nickname %s has been dropped."
@@ -5714,7 +5714,7 @@ msgid ""
 "your nickname as a password is a much worse idea ;) and,\n"
 "in fact, %s will not allow it. Also, short\n"
 "passwords are vulnerable to trial-and-error searches, so\n"
-"you should choose a password at least 5 characters long.\n"
+"you should choose a password at least %u characters long.\n"
 "Finally, the space character cannot be used in passwords."
 msgstr ""
 "Enregistre votre pseudo dans la base de données de %s.\n"
@@ -5735,7 +5735,7 @@ msgstr ""
 "ne vous laissera pas faire.. De même, les mots de passe\n"
 "courts sont vulnérables aux recherches méthodiques,\n"
 "donc vous devez choisir un mot de passe d'au moins \n"
-"5 caractères. Le caractère espace ne peut pas être \n"
+"%u caractères. Le caractère espace ne peut pas être \n"
 "utilisé dans les mots de passe."

 msgid "Registration is currently disabled."
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Anope\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-01-08 13:20+0000\n"
-"PO-Revision-Date: 2024-01-08 13:40+0000\n"
+"POT-Creation-Date: 2024-02-22 16:34+0000\n"
+"PO-Revision-Date: 2024-02-22 16:38+0000\n"
 "Last-Translator: Dragone2 <dragone2@risposteinformatiche.it>\n"
 "Language-Team: Italian\n"
 "Language: it_IT\n"
@@ -2637,15 +2637,15 @@ msgid "Bot bans will no longer automatically expire."
 msgstr "I ban del bot non scadranno automaticamente."

 #, c-format
-msgid "Bot hosts may only be %d characters long."
-msgstr "Gli host dei bot possono contenere solamente %d caratteri."
+msgid "Bot hosts may only be %zu characters long."
+msgstr "Gli host dei bot possono contenere solamente %zu caratteri."

 msgid "Bot hosts may only contain valid host characters."
 msgstr "Gli host dei bot possono contenere unicamente caratteri validi."

 #, c-format
-msgid "Bot idents may only be %d characters long."
-msgstr "Le ident dei bot possono contenere solamente %d caratteri."
+msgid "Bot idents may only be %zu characters long."
+msgstr "Le ident dei bot possono contenere solamente %zu caratteri."

 msgid "Bot idents may only contain valid ident characters."
 msgstr "Le ident dei bot possono contenere unicamente caratteri validi."
@@ -2661,8 +2661,8 @@ msgid "Bot nick"
 msgstr "Bot nick"

 #, c-format
-msgid "Bot nicks may only be %d characters long."
-msgstr "I nick dei Bot possono contenere solamente %d caratteri."
+msgid "Bot nicks may only be %zu characters long."
+msgstr "I nick dei Bot possono contenere solamente %zu caratteri."

 msgid "Bot nicks may only contain valid nick characters."
 msgstr "I nick dei bot possono contenere unicamente caratteri validi."
@@ -3942,12 +3942,12 @@ msgid "Error reloading configuration file: %s"
 msgstr "Errore durante il ricaricamento del file di configurazione: %s"

 #, c-format
-msgid "Error! The vHost ident is too long, please use an ident shorter than %d characters."
-msgstr "Errore! L'ident del vHost è troppo lunga, usa una ident più corta di %d caratteri."
+msgid "Error! The vHost ident is too long, please use an ident shorter than %zu characters."
+msgstr "Errore! L'ident del vHost è troppo lunga, usa una ident più corta di %zu caratteri."

 #, c-format
-msgid "Error! The vHost is too long, please use a hostname shorter than %d characters."
-msgstr "Errore! Il vHost è troppo lungo, usa un hostname più corto di %d caratteri."
+msgid "Error! The vHost is too long, please use a hostname shorter than %zu characters."
+msgstr "Errore! Il vHost è troppo lungo, usa un hostname più corto di %zu caratteri."

 msgid ""
 "Examples:\n"
@@ -5143,8 +5143,8 @@ msgid "Nick %s isn't registered."
 msgstr "Il nick %s non è registrato."

 #, c-format
-msgid "Nick %s was truncated to %u characters."
-msgstr "Il nick %s è stato troncato a %u caratteri."
+msgid "Nick %s was truncated to %zu characters."
+msgstr "Il nick %s è stato troncato a %zu caratteri."

 #, c-format
 msgid "Nick %s will expire."
@@ -5187,8 +5187,8 @@ msgid "Nick %s is now suspended."
 msgstr "Il nick %s è ora sospeso."

 #, c-format
-msgid "Nick too long, max length is %u characters."
-msgstr "Nick troppo lungo, lunghezza massima consentita %u caratteri."
+msgid "Nick too long, max length is %zu characters."
+msgstr "Nick troppo lungo, lunghezza massima consentita %zu caratteri."

 #, c-format
 msgid "Nickname %s has been dropped."
@@ -5716,7 +5716,7 @@ msgid ""
 "your nickname as a password is a much worse idea ;) and,\n"
 "in fact, %s will not allow it. Also, short\n"
 "passwords are vulnerable to trial-and-error searches, so\n"
-"you should choose a password at least 5 characters long.\n"
+"you should choose a password at least %u characters long.\n"
 "Finally, the space character cannot be used in passwords."
 msgstr ""
 "Registra il tuo nick nel database di %s. Quando il\n"
@@ -5737,7 +5737,7 @@ msgstr ""
 "anche peggiore, infatti %s non ti permetterà di farlo.\n"
 "Inoltre, le password brevi sono facili da indovinare con\n"
 "meno tentativi, pertanto è necessario scegliere una password \n"
-"di almeno 5 caratteri. Infine, gli spazi non possono essere \n"
+"di almeno %u caratteri. Infine, gli spazi non possono essere \n"
 "usati all'interno di una password."

 msgid "Registration is currently disabled."
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Anope\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-01-30 04:54+0100\n"
-"PO-Revision-Date: 2024-01-31 05:55+0100\n"
+"POT-Creation-Date: 2024-02-22 16:34+0000\n"
+"PO-Revision-Date: 2024-02-22 16:39+0000\n"
 "Last-Translator: Robby <robby@chatbelgie.be>\n"
 "Language-Team: Dutch\n"
 "Language: nl_NL\n"
@@ -16,6 +16,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 3.4\n"

 #, c-format
 msgid "%d channel(s) cleared, and %d channel(s) dropped."
@@ -2643,15 +2644,15 @@ msgid "Bot bans will no longer automatically expire."
 msgstr "Bot bans zullen niet langer automatisch verlopen."

 #, c-format
-msgid "Bot hosts may only be %d characters long."
-msgstr "Bot hosts mogen maximaal %d karakters bevatten."
+msgid "Bot hosts may only be %zu characters long."
+msgstr "Bot hosts mogen maximaal %zu karakters bevatten."

 msgid "Bot hosts may only contain valid host characters."
 msgstr "Bot hosts mogen alleen geldige host-karakters bevatten."

 #, c-format
-msgid "Bot idents may only be %d characters long."
-msgstr "Bot idents mogen maximaal %d karakters bevatten."
+msgid "Bot idents may only be %zu characters long."
+msgstr "Bot idents mogen maximaal %zu karakters bevatten."

 msgid "Bot idents may only contain valid ident characters."
 msgstr "Bot idents mogen alleen geldige ident-karakters bevatten."
@@ -2667,8 +2668,8 @@ msgid "Bot nick"
 msgstr "Bot nick"

 #, c-format
-msgid "Bot nicks may only be %d characters long."
-msgstr "Bot nicks mogen maximaal %d karakters bevatten."
+msgid "Bot nicks may only be %zu characters long."
+msgstr "Bot nicks mogen maximaal %zu karakters bevatten."

 msgid "Bot nicks may only contain valid nick characters."
 msgstr "Bot nicks mogen alleen geldige nick-karakters bevatten."
@@ -3953,12 +3954,12 @@ msgid "Error reloading configuration file: %s"
 msgstr "Fout bij laden configuratiebestand: %s"

 #, c-format
-msgid "Error! The vHost ident is too long, please use an ident shorter than %d characters."
-msgstr "Fout! De vHost ident is te lang, gelieve een ident korter dan %d karakters op te geven."
+msgid "Error! The vHost ident is too long, please use an ident shorter than %zu characters."
+msgstr "Fout! De vHost ident is te lang, gelieve een ident korter dan %zu karakters op te geven."

 #, c-format
-msgid "Error! The vHost is too long, please use a hostname shorter than %d characters."
-msgstr "Fout! De vHost is te lang, gelieve een host korter dan %d karakters op te geven."
+msgid "Error! The vHost is too long, please use a hostname shorter than %zu characters."
+msgstr "Fout! De vHost is te lang, gelieve een host korter dan %zu karakters op te geven."

 msgid ""
 "Examples:\n"
@@ -5156,8 +5157,8 @@ msgid "Nick %s isn't registered."
 msgstr "Nick %s is niet geregistreerd."

 #, c-format
-msgid "Nick %s was truncated to %u characters."
-msgstr "Nick %s werd verkort naar %u karakters."
+msgid "Nick %s was truncated to %zu characters."
+msgstr "Nick %s werd verkort naar %zu karakters."

 #, c-format
 msgid "Nick %s will expire."
@@ -5200,8 +5201,8 @@ msgid "Nick %s is now suspended."
 msgstr "Nick %s is nu geschorst."

 #, c-format
-msgid "Nick too long, max length is %u characters."
-msgstr "Nick te lang, maximum lengte is %u karakters."
+msgid "Nick too long, max length is %zu characters."
+msgstr "Nick te lang, maximum lengte is %zu karakters."

 #, c-format
 msgid "Nickname %s has been dropped."
@@ -5730,7 +5731,7 @@ msgid ""
 "your nickname as a password is a much worse idea ;) and,\n"
 "in fact, %s will not allow it. Also, short\n"
 "passwords are vulnerable to trial-and-error searches, so\n"
-"you should choose a password at least 5 characters long.\n"
+"you should choose a password at least %u characters long.\n"
 "Finally, the space character cannot be used in passwords."
 msgstr ""
 "Registreert je nick in de %s database. Wanneer je nick\n"
@@ -5749,7 +5750,7 @@ msgstr ""
 "nick als een wachtwoord gebruiken is een veel slechter idee ;)\n"
 "en in feite, %s staat het niet toe. Bovendien zijn korte wachtwoorden\n"
 "kwetsbaar voor zoekacties, dus kies je best een wachtwoord\n"
-"dat minstens 5 karakters lang is. Als laatste, de spatie kan niet\n"
+"dat minstens %u karakters lang is. Als laatste, de spatie kan niet\n"
 "gebruikt worden in wachtwoorden."

 msgid "Registration is currently disabled."
@@ -7,9 +7,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Anope\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-01-08 13:20+0000\n"
-"PO-Revision-Date: 2024-01-08 13:46+0000\n"
-"Last-Translator: Adam <adam@anope.org>\n"
+"POT-Creation-Date: 2024-02-22 16:34+0000\n"
+"PO-Revision-Date: 2024-02-22 16:42+0000\n"
+"Last-Translator: k4be <k4be@pirc.pl>\n"
 "Language-Team: Polish\n"
 "Language: pl_PL\n"
 "MIME-Version: 1.0\n"
@@ -2632,15 +2632,15 @@ msgid "Bot bans will no longer automatically expire."
 msgstr "Bany zakładane przez bota nie będą już się przedawniały."

 #, c-format
-msgid "Bot hosts may only be %d characters long."
-msgstr "Host bota może się składać maksymalnie z %d znaków."
+msgid "Bot hosts may only be %zu characters long."
+msgstr "Host bota może się składać maksymalnie z %zu znaków."

 msgid "Bot hosts may only contain valid host characters."
 msgstr "Host bota może zawierać tylko prawidłowe znaki."

 #, c-format
-msgid "Bot idents may only be %d characters long."
-msgstr "Ident bota może się składać maksymalnie z %d znaków."
+msgid "Bot idents may only be %zu characters long."
+msgstr "Ident bota może się składać maksymalnie z %zu znaków."

 msgid "Bot idents may only contain valid ident characters."
 msgstr "Ident bota może zawierać tylko prawidłowe znaki."
@@ -2656,8 +2656,8 @@ msgid "Bot nick"
 msgstr "Nick bota"

 #, c-format
-msgid "Bot nicks may only be %d characters long."
-msgstr "Nick bota może się składać maksymalnie z %d znaków."
+msgid "Bot nicks may only be %zu characters long."
+msgstr "Nick bota może się składać maksymalnie z %zu znaków."

 msgid "Bot nicks may only contain valid nick characters."
 msgstr "Nick bota może zawierać tylko prawidłowe znaki."
@@ -3926,12 +3926,12 @@ msgid "Error reloading configuration file: %s"
 msgstr "Błąd przeładowywania pliku konfiguracyjnego: %s"

 #, c-format
-msgid "Error! The vHost ident is too long, please use an ident shorter than %d characters."
-msgstr "Błąd: podany wirtualny ident jest zbyt długi. Proszę użyć nazwy krótszej niż %d znaków."
+msgid "Error! The vHost ident is too long, please use an ident shorter than %zu characters."
+msgstr "Błąd: podany wirtualny ident jest zbyt długi. Proszę użyć nazwy krótszej niż %zu znaków."

 #, c-format
-msgid "Error! The vHost is too long, please use a hostname shorter than %d characters."
-msgstr "Błąd: podany vHost jest zbyt długi. Proszę użyć nazwy krótszej niż %d znaków."
+msgid "Error! The vHost is too long, please use a hostname shorter than %zu characters."
+msgstr "Błąd: podany vHost jest zbyt długi. Proszę użyć nazwy krótszej niż %zu znaków."

 msgid ""
 "Examples:\n"
@@ -5126,8 +5126,8 @@ msgid "Nick %s isn't registered."
 msgstr "Nick %s nie jest zarejestrowany."

 #, c-format
-msgid "Nick %s was truncated to %u characters."
-msgstr "Nick %s został skrócony do %u znaków."
+msgid "Nick %s was truncated to %zu characters."
+msgstr "Nick %s został skrócony do %zu znaków."

 #, c-format
 msgid "Nick %s will expire."
@@ -5170,8 +5170,8 @@ msgid "Nick %s is now suspended."
 msgstr "Nick %s został zawieszony."

 #, c-format
-msgid "Nick too long, max length is %u characters."
-msgstr "Zbyt długi nick. Maksymalna długość to %u znaków."
+msgid "Nick too long, max length is %zu characters."
+msgstr "Zbyt długi nick. Maksymalna długość to %zu znaków."

 #, c-format
 msgid "Nickname %s has been dropped."
@@ -5697,7 +5697,7 @@ msgid ""
 "your nickname as a password is a much worse idea ;) and,\n"
 "in fact, %s will not allow it. Also, short\n"
 "passwords are vulnerable to trial-and-error searches, so\n"
-"you should choose a password at least 5 characters long.\n"
+"you should choose a password at least %u characters long.\n"
 "Finally, the space character cannot be used in passwords."
 msgstr ""
 "Rejestruje aktualnie używany nick w bazie %s.\n"
@@ -5714,7 +5714,7 @@ msgstr ""
 "jako haseł jest niewskazane. Nie wolno użyć hasła takiego\n"
 "samego, jak nick (a %s na to nie pozwoli). Bardzo krótkie\n"
 "hasło może zostać odgadnięte metodą prób i błędów.\n"
-"Twoje hasło musi mieć długość co najmniej 5 znaków.\n"
+"Twoje hasło musi mieć długość co najmniej %u znaków.\n"
 "Znak spacji nie może być użyty w haśle."

 msgid "Registration is currently disabled."
@@ -19,18 +19,13 @@ if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/../conanbuildinfo.cmake")
    file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/extra/${NAME}.cpp" DESTINATION "${CMAKE_CURRENT_SOURCE_DIR}")
  endfunction()

+  enable_extra("enc_argon2" "ARGON2")
  enable_extra("mysql" "LIBMYSQLCLIENT")
  enable_extra("regex_pcre2" "PCRE2")
  enable_extra("sqlite" "SQLITE3")
  enable_extra("ssl_openssl" "OPENSSL")
  # this uses Wldap so should always be available
  copy_extra("ldap")
-  # these don't actually have extra dependencies, but require a module which does
-  copy_extra("sql_authentication")
-  copy_extra("sql_log")
-  copy_extra("sql_oper")
-  copy_extra("ldap_authentication")
-  copy_extra("ldap_oper")

  # Package extra dlls
  file(GLOB EXTRA_DLLS "${Anope_SOURCE_DIR}/extradll/bin/*.dll" "${Anope_SOURCE_DIR}/extradll/lib/*.dll")
@@ -99,7 +94,9 @@ macro(build_modules SRC)
            target_link_libraries(${SO} ${PROGRAM_NAME})
          endif()
          # Set the module to be installed to the module directory under the data directory
-          install(TARGETS ${SO} DESTINATION ${LIB_DIR}/modules)
+          install(TARGETS ${SO}
+            DESTINATION ${MODULE_DIR}
+            LIBRARY)
        endif()
      endif()
    endforeach()
@@ -173,7 +170,9 @@ macro(build_subdir)
  endif()

  # Set the module to be installed to the module directory under the data directory
-  install(TARGETS ${SO} DESTINATION ${LIB_DIR}/modules)
+  install(TARGETS ${SO}
+    DESTINATION ${MODULE_DIR}
+    LIBRARY)
 endmacro()

 include_directories(${CMAKE_CURRENT_SOURCE_DIR})
@@ -67,12 +67,8 @@ public:

 			Anope::string Limit;
 			unsigned limit = 0;
-			try
-			{
-				if (c->GetParam("LIMIT", Limit))
-					limit = convertTo<unsigned>(Limit);
-			}
-			catch (const ConvertException &) { }
+			if (c->GetParam("LIMIT", Limit))
+				limit = Anope::Convert<unsigned>(Limit, limit);

 			/* Should we be invited? */
 			if (c->HasMode("INVITE") || (limit && c->users.size() >= limit))
@@ -28,7 +28,7 @@ public:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, bot assignment is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -97,7 +97,7 @@ public:
 	{
 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, bot assignment is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -164,7 +164,7 @@ public:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, bot modification is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -26,7 +26,7 @@ struct BadWordImpl final
 		data.SetType("type", Serialize::Data::DT_INT); data["type"] << this->type;
 	}

-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &);
 };

 struct BadWordsImpl final
@@ -40,7 +40,7 @@ struct BadWordsImpl final

 	~BadWordsImpl() override;

-	BadWord* AddBadWord(const Anope::string &word, BadWordType type) override
+	BadWord *AddBadWord(const Anope::string &word, BadWordType type) override
 	{
 		auto *bw = new BadWordImpl();
 		bw->chan = ci->name;
@@ -54,7 +54,7 @@ struct BadWordsImpl final
 		return bw;
 	}

-	BadWord* GetBadWord(unsigned index) const override
+	BadWord *GetBadWord(unsigned index) const override
 	{
 		if (this->badwords->empty() || index >= this->badwords->size())
 			return NULL;
@@ -117,7 +117,7 @@ BadWordImpl::~BadWordImpl()
 	}
 }

-Serializable* BadWordImpl::Unserialize(Serializable *obj, Serialize::Data &data)
+Serializable *BadWordImpl::Unserialize(Serializable *obj, Serialize::Data &data)
 {
 	Anope::string sci, sword;

@@ -222,7 +222,7 @@ private:

 					const BadWord *b = bw->GetBadWord(Number - 1);
 					ListFormatter::ListEntry entry;
-					entry["Number"] = stringify(Number);
+					entry["Number"] = Anope::ToString(Number);
 					entry["Word"] = b->word;
 					entry["Type"] = b->type == BW_SINGLE ? "(SINGLE)" : (b->type == BW_START ? "(START)" : (b->type == BW_END ? "(END)" : ""));
 					this->list.AddEntry(entry);
@@ -241,7 +241,7 @@ private:
 					continue;

 				ListFormatter::ListEntry entry;
-				entry["Number"] = stringify(i + 1);
+				entry["Number"] = Anope::ToString(i + 1);
 				entry["Word"] = b->word;
 				entry["Type"] = b->type == BW_SINGLE ? "(SINGLE)" : (b->type == BW_START ? "(START)" : (b->type == BW_END ? "(END)" : ""));
 				list.AddEntry(entry);
@@ -407,7 +407,7 @@ public:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, bad words list modification is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -28,23 +28,21 @@ private:
 			return;
 		}

-		Configuration::Block *networkinfo = Config->GetBlock("networkinfo");
-
-		if (nick.length() > networkinfo->Get<unsigned>("nicklen"))
+		if (nick.length() > IRCD->MaxNick)
 		{
-			source.Reply(_("Bot nicks may only be %d characters long."), networkinfo->Get<unsigned>("nicklen"));
+			source.Reply(_("Bot nicks may only be %zu characters long."), IRCD->MaxNick);
 			return;
 		}

-		if (user.length() > networkinfo->Get<unsigned>("userlen"))
+		if (user.length() > IRCD->MaxUser)
 		{
-			source.Reply(_("Bot idents may only be %d characters long."), networkinfo->Get<unsigned>("userlen"));
+			source.Reply(_("Bot idents may only be %zu characters long."), IRCD->MaxUser);
 			return;
 		}

-		if (host.length() > networkinfo->Get<unsigned>("hostlen"))
+		if (host.length() > IRCD->MaxHost)
 		{
-			source.Reply(_("Bot hosts may only be %d characters long."), networkinfo->Get<unsigned>("hostlen"));
+			source.Reply(_("Bot hosts may only be %zu characters long."), IRCD->MaxHost);
 			return;
 		}

@@ -120,23 +118,22 @@ private:
 			return;
 		}

-		Configuration::Block *networkinfo = Config->GetBlock("networkinfo");
-
-		if (nick.length() > networkinfo->Get<unsigned>("nicklen"))
+		if (nick.length() > IRCD->MaxNick)
 		{
-			source.Reply(_("Bot nicks may only be %d characters long."), networkinfo->Get<unsigned>("nicklen"));
+			source.Reply(_("Bot nicks may only be %zu characters long."), IRCD->MaxNick);
 			return;
 		}

-		if (user.length() > networkinfo->Get<unsigned>("userlen"))
+		if (user.length() > IRCD->MaxUser)
 		{
-			source.Reply(_("Bot idents may only be %d characters long."), networkinfo->Get<unsigned>("userlen"));
+			source.Reply(_("Bot idents may only be %zu characters long."), IRCD->MaxUser);
 			return;
 		}

-		if (host.length() > networkinfo->Get<unsigned>("hostlen"))
+		if (host.length() > IRCD->MaxHost)
 		{
-			source.Reply(_("Bot hosts may only be %d characters long."), networkinfo->Get<unsigned>("hostlen"));
+			source.Reply(_("Bot hosts may only be %zu characters long."), IRCD->MaxHost
+				);
 			return;
 		}

@@ -279,7 +276,7 @@ public:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, bot modification is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -15,7 +15,7 @@ class CommandBSInfo final
 	: public Command
 {
 private:
-	void send_bot_channels(std::vector<Anope::string> &buffers, const BotInfo *bi)
+	static void send_bot_channels(std::vector<Anope::string> &buffers, const BotInfo *bi)
 	{
 		Anope::string buf;
 		for (const auto &[_, ci] : *RegisteredChannelList)
@@ -55,7 +55,7 @@ public:
 			info[_("Real name")] = bi->realname;
 			info[_("Created")] = Anope::strftime(bi->created, source.GetAccount());
 			info[_("Options")] = bi->oper_only ? _("Private") : _("None");
-			info[_("Used on")] = stringify(bi->GetChannelCount()) + " channel(s)";
+			info[_("Used on")] = Anope::ToString(bi->GetChannelCount()) + " channel(s)";

 			FOREACH_MOD(OnBotInfo, (source, bi, ci, info));

@@ -106,11 +106,10 @@ struct KickerDataImpl final
 			data["ttb"] >> ttb;
 			spacesepstream sep(ttb);
 			for (int i = 0; sep.GetToken(tok) && i < TTB_SIZE; ++i)
-				try
-				{
-					kd->ttb[i] = convertTo<int16_t>(tok);
-				}
-				catch (const ConvertException &) { }
+			{
+				if (auto n = Anope::TryConvert<int16_t>(tok))
+					kd->ttb[i] = n.value();
+			}

 			kd->Check(ci);
 		}
@@ -175,7 +174,7 @@ public:
 	bool OnHelp(CommandSource &source, const Anope::string &subcommand) override = 0;

 protected:
-	bool CheckArguments(CommandSource &source, const std::vector<Anope::string> &params, ChannelInfo* &ci)
+	bool CheckArguments(CommandSource &source, const std::vector<Anope::string> &params, ChannelInfo *&ci)
 	{
 		const Anope::string &chan = params[0];
 		const Anope::string &option = params[1];
@@ -183,7 +182,7 @@ protected:
 		ci = ChannelInfo::Find(chan);

 		if (Anope::ReadOnly)
-			source.Reply(_("Sorry, kicker configuration is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 		else if (ci == NULL)
 			source.Reply(CHAN_X_NOT_REGISTERED, params[0].c_str());
 		else if (option.empty())
@@ -206,21 +205,13 @@ protected:
 		{
 			if (!ttb.empty())
 			{
-				int16_t i;
-
-				try
-				{
-					i = convertTo<int16_t>(ttb);
-					if (i < 0)
-						throw ConvertException();
-				}
-				catch (const ConvertException &)
+				kd->ttb[ttb_idx] = Anope::Convert<int16_t>(ttb, -1);
+				if (kd->ttb[ttb_idx] < 0)
 				{
+					kd->ttb[ttb_idx] = 0;
 					source.Reply(_("\002%s\002 cannot be taken as times to ban."), ttb.c_str());
 					return;
 				}
-
-				kd->ttb[ttb_idx] = i;
 			}
 			else
 				kd->ttb[ttb_idx] = 0;
@@ -386,13 +377,8 @@ public:

 			if (!ttb.empty())
 			{
-				try
-				{
-					kd->ttb[TTB_CAPS] = convertTo<int16_t>(ttb);
-					if (kd->ttb[TTB_CAPS] < 0)
-						throw ConvertException();
-				}
-				catch (const ConvertException &)
+				kd->ttb[TTB_CAPS] = Anope::Convert<int16_t>(ttb, -1);
+				if (kd->ttb[TTB_CAPS] < 0)
 				{
 					kd->ttb[TTB_CAPS] = 0;
 					source.Reply(_("\002%s\002 cannot be taken as times to ban."), ttb.c_str());
@@ -402,21 +388,11 @@ public:
 			else
 				kd->ttb[TTB_CAPS] = 0;

-			kd->capsmin = 10;
-			try
-			{
-				kd->capsmin = convertTo<int16_t>(min);
-			}
-			catch (const ConvertException &) { }
+			kd->capsmin = Anope::Convert(min, 0);
 			if (kd->capsmin < 1)
 				kd->capsmin = 10;

-			kd->capspercent = 25;
-			try
-			{
-				kd->capspercent = convertTo<int16_t>(percent);
-			}
-			catch (const ConvertException &) { }
+			kd->capspercent = Anope::Convert(percent, 0);
 			if (kd->capspercent < 1 || kd->capspercent > 100)
 				kd->capspercent = 25;

@@ -518,42 +494,25 @@ public:

 			if (!ttb.empty())
 			{
-				int16_t i;
-
-				try
-				{
-					i = convertTo<int16_t>(ttb);
-					if (i < 0)
-						throw ConvertException();
-				}
-				catch (const ConvertException &)
+				kd->ttb[TTB_FLOOD] = Anope::Convert<int16_t>(ttb, -1);
+				if (kd->ttb[TTB_FLOOD] < 0)
 				{
+					kd->ttb[TTB_FLOOD] = 0;
 					source.Reply(_("\002%s\002 cannot be taken as times to ban."), ttb.c_str());
 					return;
 				}
-
-				kd->ttb[TTB_FLOOD] = i;
 			}
 			else
 				kd->ttb[TTB_FLOOD] = 0;

-			kd->floodlines = 6;
-			try
-			{
-				kd->floodlines = convertTo<int16_t>(lines);
-			}
-			catch (const ConvertException &) { }
+			kd->floodlines = Anope::Convert(lines, -1);
 			if (kd->floodlines < 2)
 				kd->floodlines = 6;

-			kd->floodsecs = 10;
-			try
-			{
-				kd->floodsecs = convertTo<int16_t>(secs);
-			}
-			catch (const ConvertException &) { }
+			kd->floodsecs = Anope::Convert(secs, -1);
 			if (kd->floodsecs < 1)
 				kd->floodsecs = 10;
+
 			if (kd->floodsecs > Config->GetModule(me)->Get<time_t>("keepdata"))
 				kd->floodsecs = Config->GetModule(me)->Get<time_t>("keepdata");

@@ -651,31 +610,18 @@ public:

 			if (!ttb.empty())
 			{
-				int16_t i;
-
-				try
-				{
-					i = convertTo<int16_t>(ttb);
-					if (i < 0)
-						throw ConvertException();
-				}
-				catch (const ConvertException &)
+				kd->ttb[TTB_REPEAT] = Anope::Convert(ttb, -1);
+				if (kd->ttb[TTB_REPEAT] < 0)
 				{
+					kd->ttb[TTB_REPEAT] = 0;
 					source.Reply(_("\002%s\002 cannot be taken as times to ban."), ttb.c_str());
 					return;
 				}
-
-				kd->ttb[TTB_REPEAT] = i;
 			}
 			else
 				kd->ttb[TTB_REPEAT] = 0;

-			kd->repeattimes = 3;
-			try
-			{
-				kd->repeattimes = convertTo<int16_t>(times);
-			}
-			catch (const ConvertException &) { }
+			kd->repeattimes = Anope::Convert<int16_t>(times, -1);
 			if (kd->repeattimes < 1)
 				kd->repeattimes = 3;

@@ -826,7 +772,7 @@ public:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, bot option setting is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -892,7 +838,7 @@ public:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, bot option setting is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -1091,7 +1037,7 @@ class BSKick final
 		}
 	}

-	void bot_kick(ChannelInfo *ci, User *u, const char *message, ...) ATTR_FORMAT(4, 5)
+	static void bot_kick(ChannelInfo *ci, User *u, const char *message, ...) ATTR_FORMAT(3, 4)
 	{
 		va_list args;
 		char buf[1024];
@@ -1104,7 +1050,7 @@ class BSKick final
 		vsnprintf(buf, sizeof(buf), fmt.c_str(), args);
 		va_end(args);

-		ci->c->Kick(ci->bi, u, "%s", buf);
+		ci->c->Kick(ci->bi, u, Anope::string(buf));
 	}

 public:
@@ -1241,7 +1187,7 @@ public:
 			info.AddOption(_("Voices protection"));
 	}

-	void OnPrivmsg(User *u, Channel *c, Anope::string &msg) override
+	void OnPrivmsg(User *u, Channel *c, Anope::string &msg, const Anope::map<Anope::string> &tags) override
 	{
 		/* Now we can make kicker stuff. We try to order the checks
 		 * from the fastest one to the slowest one, since there's
@@ -118,7 +118,7 @@ public:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, changing bot options is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -52,7 +52,7 @@ public:
 			 * @param chan The channel
 			 */
 			ChanServTimer(Reference<BotInfo> &cs, ExtensibleItem<bool> &i, Module *m, Channel *chan)
-				: Timer(m, Config->GetModule(m)->Get<time_t>("inhabit", "15s"))
+				: Timer(m, Config->GetModule(m)->Get<time_t>("inhabit", "1m"))
 				, ChanServ(cs)
 				, inhabit(i)
 				, c(chan)
@@ -116,12 +116,11 @@ public:

 		ChanServ = bi;

-		spacesepstream(conf->GetModule(this)->Get<const Anope::string>("defaults", "keeptopic peace cs_secure securefounder signkick")).GetTokens(defaults);
+		spacesepstream(conf->GetModule(this)->Get<const Anope::string>("defaults", "keeptopic peace securefounder signkick")).GetTokens(defaults);
 		if (defaults.empty())
 		{
 			defaults.emplace_back("KEEPTOPIC");
 			defaults.emplace_back("PEACE");
-			defaults.emplace_back("CS_SECURE");
 			defaults.emplace_back("SECUREFOUNDER");
 			defaults.emplace_back("SIGNKICK");
 		}
@@ -137,7 +136,7 @@ public:
 			ChanServ = NULL;
 	}

-	EventReturn OnBotPrivmsg(User *u, BotInfo *bi, Anope::string &message) override
+	EventReturn OnBotPrivmsg(User *u, BotInfo *bi, Anope::string &message, const Anope::map<Anope::string> &tags) override
 	{
 		if (bi == ChanServ && Config->GetModule(this)->Get<bool>("opersonly") && !u->HasMode("OPER"))
 		{
@@ -37,18 +37,13 @@ public:

 	Anope::string AccessSerialize() const override
 	{
-		return stringify(this->level);
+		return Anope::ToString(this->level);
 	}

 	void AccessUnserialize(const Anope::string &data) override
 	{
-		try
-		{
-			this->level = convertTo<int>(data);
-		}
-		catch (const ConvertException &)
-		{
-		}
+		if (auto l = Anope::TryConvert<int>(data))
+			this->level = l.value();
 	}

 	bool operator>(const ChanAccess &other) const override
@@ -84,7 +79,7 @@ public:
 		return new AccessChanAccess(this);
 	}
 };
-AccessAccessProvider* AccessAccessProvider::me;
+AccessAccessProvider *AccessAccessProvider::me;

 class CommandCSAccess final
 	: public Command
@@ -95,11 +90,9 @@ class CommandCSAccess final
 		Privilege *p = NULL;
 		int level = ACCESS_INVALID;

-		try
-		{
-			level = convertTo<int>(params[3]);
-		}
-		catch (const ConvertException &)
+		if (auto lvl = Anope::TryConvert<int>(params[3]))
+			level = lvl.value();
+		else
 		{
 			p = PrivilegeManager::FindPrivilege(params[3]);
 			if (p != NULL && defaultLevels[p->name])
@@ -207,7 +200,7 @@ class CommandCSAccess final
 			}
 		}

-		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1024");
+		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1000");
 		if (access_max && ci->GetDeepAccessCount() >= access_max)
 		{
 			source.Reply(_("Sorry, you can only have %d access entries on a channel, including access entries from other channels."), access_max);
@@ -402,7 +395,7 @@ class CommandCSAccess final
 					}

 					ListFormatter::ListEntry entry;
-					entry["Number"] = stringify(number);
+					entry["Number"] = Anope::ToString(number);
 					entry["Level"] = access->AccessSerialize();
 					entry["Mask"] = access->Mask();
 					entry["By"] = access->creator;
@@ -442,7 +435,7 @@ class CommandCSAccess final
 				}

 				ListFormatter::ListEntry entry;
-				entry["Number"] = stringify(i + 1);
+				entry["Number"] = Anope::ToString(i + 1);
 				entry["Level"] = access->AccessSerialize();
 				entry["Mask"] = access->Mask();
 				entry["By"] = access->creator;
@@ -567,7 +560,7 @@ public:
 		else if (!has_access)
 			source.Reply(ACCESS_DENIED);
 		else if (Anope::ReadOnly && !is_list)
-			source.Reply(_("Sorry, channel access list modification is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 		else if (cmd.equals_ci("ADD"))
 			this->DoAdd(source, ci, params);
 		else if (cmd.equals_ci("DEL"))
@@ -652,11 +645,9 @@ class CommandCSLevels final
 			level = ACCESS_FOUNDER;
 		else
 		{
-			try
-			{
-				level = convertTo<int>(lev);
-			}
-			catch (const ConvertException &)
+			if (auto lvl = Anope::TryConvert<int>(lev))
+				level = lvl.value();
+			else
 			{
 				this->OnSyntaxError(source, "SET");
 				return;
@@ -713,7 +704,7 @@ class CommandCSLevels final
 		source.Reply(_("Setting \002%s\002 not known.  Type \002%s%s HELP LEVELS\002 for a list of valid settings."), what.c_str(), Config->StrictPrivmsg.c_str(), source.service->nick.c_str());
 	}

-	void DoList(CommandSource &source, ChannelInfo *ci)
+	static void DoList(CommandSource &source, ChannelInfo *ci)
 	{
 		source.Reply(_("Access level settings for channel %s:"), ci->name.c_str());

@@ -734,7 +725,7 @@ class CommandCSLevels final
 			else if (j == ACCESS_FOUNDER)
 				entry["Level"] = Language::Translate(source.GetAccount(), _("(founder only)"));
 			else
-				entry["Level"] = stringify(j);
+				entry["Level"] = Anope::ToString(j);

 			list.AddEntry(entry);
 		}
@@ -311,7 +311,7 @@ class CommandCSAKick final
 						lastused = UNKNOWN;

 					ListFormatter::ListEntry entry;
-					entry["Number"] = stringify(number);
+					entry["Number"] = Anope::ToString(number);
 					if (akick->nc)
 						entry["Mask"] = akick->nc->display;
 					else
@@ -351,7 +351,7 @@ class CommandCSAKick final
 					lastused = UNKNOWN;

 				ListFormatter::ListEntry entry;
-				entry["Number"] = stringify(i + 1);
+				entry["Number"] = Anope::ToString(i + 1);
 				if (akick->nc)
 					entry["Mask"] = akick->nc->display;
 				else
@@ -466,7 +466,7 @@ public:
 		else if (!has_access)
 			source.Reply(ACCESS_DENIED);
 		else if (!cmd.equals_ci("LIST") && !cmd.equals_ci("VIEW") && !cmd.equals_ci("ENFORCE") && Anope::ReadOnly)
-			source.Reply(_("Sorry, channel autokick list modification is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 		else if (cmd.equals_ci("ADD"))
 			this->DoAdd(source, ci, params);
 		else if (cmd.equals_ci("DEL"))
@@ -15,16 +15,16 @@
 class CommandCSClone final
 	: public Command
 {
-	void CopySetting(ChannelInfo *ci, ChannelInfo *target_ci, const Anope::string &setting)
+	static void CopySetting(ChannelInfo *ci, ChannelInfo *target_ci, const Anope::string &setting)
 	{
 		if (ci->HasExt(setting))
 			target_ci->Extend<bool>(setting);
 	}

-	void CopyAccess(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
+	static void CopyAccess(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
 	{
 		std::set<Anope::string> masks;
-		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1024");
+		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1000");
 		unsigned count = 0;

 		for (unsigned i = 0; i < target_ci->GetAccessCount(); ++i)
@@ -58,7 +58,7 @@ class CommandCSClone final
 		source.Reply(_("%d access entries from \002%s\002 have been cloned to \002%s\002."), count, ci->name.c_str(), target_ci->name.c_str());
 	}

-	void CopyAkick(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
+	static void CopyAkick(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
 	{
 		target_ci->ClearAkick();
 		for (unsigned i = 0; i < ci->GetAkickCount(); ++i)
@@ -73,7 +73,7 @@ class CommandCSClone final
 		source.Reply(_("All akick entries from \002%s\002 have been cloned to \002%s\002."), ci->name.c_str(), target_ci->name.c_str());
 	}

-	void CopyBadwords(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
+	static void CopyBadwords(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
 	{
 		BadWords *target_badwords = target_ci->Require<BadWords>("badwords"),
 			*badwords = ci->Require<BadWords>("badwords");
@@ -98,7 +98,7 @@ class CommandCSClone final
 		source.Reply(_("All badword entries from \002%s\002 have been cloned to \002%s\002."), ci->name.c_str(), target_ci->name.c_str());
 	}

-	void CopyLevels(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
+	static void CopyLevels(CommandSource &source, ChannelInfo *ci, ChannelInfo *target_ci)
 	{
 		for (const auto &[priv, level] : ci->GetLevelEntries())
 		{
@@ -196,7 +196,7 @@ public:
 				target_ci->last_topic_setter = source.service->nick;

 			const Anope::string settings[] = { "NOAUTOOP", "CS_KEEP_MODES", "PEACE", "PERSIST", "RESTRICTED",
-				"CS_SECURE", "SECUREFOUNDER", "SECUREOPS", "SIGNKICK", "SIGNKICK_LEVEL", "CS_NO_EXPIRE" };
+				"SECUREFOUNDER", "SECUREOPS", "SIGNKICK", "SIGNKICK_LEVEL", "CS_NO_EXPIRE" };

 			for (const auto &setting : settings)
 				CopySetting(ci, target_ci, setting);
@@ -14,11 +14,16 @@
 class CommandCSDrop final
 	: public Command
 {
+private:
+	PrimitiveExtensibleItem<Anope::string> dropcode;
+
 public:
-	CommandCSDrop(Module *creator) : Command(creator, "chanserv/drop", 1, 2)
+	CommandCSDrop(Module *creator)
+		: Command(creator, "chanserv/drop", 1, 2)
+		, dropcode(creator, "channel-dropcode")
 	{
 		this->SetDesc(_("Cancel the registration of a channel"));
-		this->SetSyntax(_("\037channel\037 \037channel\037"));
+		this->SetSyntax(_("\037channel\037 [\037code\037]"));
 	}

 	void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
@@ -27,7 +32,7 @@ public:

 		if (Anope::ReadOnly && !source.HasPriv("chanserv/administration"))
 		{
-			source.Reply(_("Sorry, channel de-registration is temporarily disabled.")); // XXX: READ_ONLY_MODE?
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -38,22 +43,33 @@ public:
 			return;
 		}

-		if (params.size() < 2 || !chan.equals_ci(params[1]))
-		{
-			source.Reply(_("You must enter the channel name twice as a confirmation that you wish to drop \002%s\002."), chan.c_str());
-			return;
-		}
-
 		if ((ci->HasExt("SECUREFOUNDER") ? !source.IsFounder(ci) : !source.AccessFor(ci).HasPriv("FOUNDER")) && !source.HasCommand("chanserv/drop"))
 		{
 			source.Reply(ACCESS_DENIED);
 			return;
 		}

+		auto *code = dropcode.Get(ci);
+		if (params.size() < 2 || ((!code || !code->equals_ci(params[1])) && (!source.HasPriv("chanserv/drop/override") || params[1] != "OVERRIDE")))
+		{
+			if (!code)
+			{
+				code = ci->Extend<Anope::string>("channel-dropcode");
+				*code = Anope::Random(15);
+			}
+
+			source.Reply(CONFIRM_DROP, ci->name.c_str(), Config->StrictPrivmsg.c_str(),
+				source.service->nick.c_str(), ci->name.c_str(), code->c_str());
+			return;
+		}
+
 		EventReturn MOD_RESULT;
 		FOREACH_RESULT(OnChanDrop, MOD_RESULT, (source, ci));
 		if (MOD_RESULT == EVENT_STOP)
+		{
+			dropcode.Unset(ci);
 			return;
+		}

 		bool override = (ci->HasExt("SECUREFOUNDER") ? !source.IsFounder(ci) : !source.AccessFor(ci).HasPriv("FOUNDER"));
 		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "(founder was: " << (ci->GetFounder() ? ci->GetFounder()->display : "none") << ")";
@@ -78,6 +94,10 @@ public:
 			source.Reply(_("Unregisters the named channel.  Can only be used by\n"
 					"the \002channel founder\002."));

+		source.Reply(" ");
+		if (source.HasPriv("chanserv/drop/override"))
+			source.Reply(_("Additionally, Services Operators with the \037chanserv/drop/override\037 permission can\n"
+				"replace \037code\037 with \002OVERRIDE\002 to drop without a confirmation code."));
 		return true;
 	}
 };
@@ -166,14 +166,8 @@ private:
 			return;
 		}

-		int l;
-		try
-		{
-			l = convertTo<int>(l_str);
-			if (l < 0)
-				throw ConvertException();
-		}
-		catch (const ConvertException &)
+		auto l = Anope::Convert<int>(l_str, -1);
+		if (l < 0)
 		{
 			source.Reply(_("The limit on %s is not valid."), ci->name.c_str());
 			return;
@@ -38,7 +38,7 @@ struct EntryMsgImpl final
 		data.SetType("when", Serialize::Data::DT_INT); data["when"] << this->when;
 	}

-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data);
 };

 struct EntryMessageListImpl final
@@ -46,7 +46,7 @@ struct EntryMessageListImpl final
 {
 	EntryMessageListImpl(Extensible *) { }

-	EntryMsg* Create() override
+	EntryMsg *Create() override
 	{
 		return new EntryMsgImpl();
 	}
@@ -68,7 +68,7 @@ EntryMsgImpl::~EntryMsgImpl()
 }


-Serializable* EntryMsgImpl::Unserialize(Serializable *obj, Serialize::Data &data)
+Serializable *EntryMsgImpl::Unserialize(Serializable *obj, Serialize::Data &data)
 {
 	Anope::string sci, screator, smessage;
 	time_t swhen;
@@ -104,7 +104,7 @@ class CommandEntryMessage final
 	: public Command
 {
 private:
-	void DoList(CommandSource &source, ChannelInfo *ci)
+	static void DoList(CommandSource &source, ChannelInfo *ci)
 	{
 		EntryMessageList *messages = ci->Require<EntryMessageList>("entrymsg");

@@ -123,7 +123,7 @@ private:
 			EntryMsg *msg = (*messages)->at(i);

 			ListFormatter::ListEntry entry;
-			entry["Number"] = stringify(i + 1);
+			entry["Number"] = Anope::ToString(i + 1);
 			entry["Creator"] = msg->creator;
 			entry["Created"] = Anope::strftime(msg->when, NULL, true);
 			entry["Message"] = msg->message;
@@ -162,21 +162,16 @@ private:
 			source.Reply(_("Entry message list for \002%s\002 is empty."), ci->name.c_str());
 		else
 		{
-			try
+			auto i = Anope::Convert<unsigned>(message, 0);
+			if (i > 0 && i <= (*messages)->size())
 			{
-				unsigned i = convertTo<unsigned>(message);
-				if (i > 0 && i <= (*messages)->size())
-				{
-					delete (*messages)->at(i - 1);
-					if ((*messages)->empty())
-						ci->Shrink<EntryMessageList>("entrymsg");
-					Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to remove a message";
-					source.Reply(_("Entry message \002%i\002 for \002%s\002 deleted."), i, ci->name.c_str());
-				}
-				else
-					throw ConvertException();
+				delete (*messages)->at(i - 1);
+				if ((*messages)->empty())
+					ci->Shrink<EntryMessageList>("entrymsg");
+				Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to remove a message";
+				source.Reply(_("Entry message \002%i\002 for \002%s\002 deleted."), i, ci->name.c_str());
 			}
-			catch (const ConvertException &)
+			else
 			{
 				source.Reply(_("Entry message \002%s\002 not found on channel \002%s\002."), message.c_str(), ci->name.c_str());
 			}
@@ -283,10 +278,16 @@ public:
 		if (u && c && c->ci && u->server->IsSynced())
 		{
 			EntryMessageList *messages = c->ci->GetExt<EntryMessageList>("entrymsg");
+			if (!messages)
+				return;

-			if (messages != NULL)
-				for (const auto &message : *(*messages))
-					u->SendMessage(c->ci->WhoSends(), "[%s] %s", c->ci->name.c_str(), message->message.c_str());
+			for (const auto &message : *(*messages))
+			{
+				if (u->ShouldPrivmsg())
+					IRCD->SendContextPrivmsg(c->ci->WhoSends(), u, c, message->message);
+				else
+					IRCD->SendContextNotice(c->ci->WhoSends(), u, c, message->message);
+			}
 		}
 	}
 };
@@ -26,9 +26,7 @@ public:
 	bool HasPriv(const Anope::string &priv) const override
 	{
 		std::map<Anope::string, char>::iterator it = defaultFlags.find(priv);
-		if (it != defaultFlags.end() && this->flags.count(it->second) > 0)
-			return true;
-		return false;
+		return it != defaultFlags.end() && this->flags.count(it->second) > 0;
 	}

 	Anope::string AccessSerialize() const override
@@ -76,7 +74,7 @@ public:
 		return new FlagsChanAccess(this);
 	}
 };
-FlagsAccessProvider* FlagsAccessProvider::ap;
+FlagsAccessProvider *FlagsAccessProvider::ap;

 class CommandCSFlags final
 	: public Command
@@ -177,7 +175,7 @@ class CommandCSFlags final
 			}
 		}

-		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1024");
+		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1000");
 		if (access_max && ci->GetDeepAccessCount() >= access_max)
 		{
 			source.Reply(_("Sorry, you can only have %d access entries on a channel, including access entries from other channels."), access_max);
@@ -296,7 +294,7 @@ class CommandCSFlags final
 			source.Reply(_("Flags for \002%s\002 on %s set to +\002%s\002"), access->Mask().c_str(), ci->name.c_str(), access->AccessSerialize().c_str());
 	}

-	void DoList(CommandSource &source, ChannelInfo *ci, const std::vector<Anope::string> &params)
+	static void DoList(CommandSource &source, ChannelInfo *ci, const std::vector<Anope::string> &params)
 	{
 		const Anope::string &arg = params.size() > 2 ? params[2] : "";

@@ -324,7 +322,7 @@ class CommandCSFlags final
 					for (size_t j = 1; j < arg.length(); ++j)
 						if (flags.find(arg[j]) == Anope::string::npos)
 							pass = false;
-					if (pass == false)
+					if (!pass)
 						continue;
 				}
 				else if (!Anope::Match(access->Mask(), arg))
@@ -333,7 +331,7 @@ class CommandCSFlags final

 			ListFormatter::ListEntry entry;
 			++count;
-			entry["Number"] = stringify(i + 1);
+			entry["Number"] = Anope::ToString(i + 1);
 			entry["Mask"] = access->Mask();
 			entry["Flags"] = flags;
 			entry["Creator"] = access->creator;
@@ -413,7 +411,7 @@ public:
 		if (!has_access)
 			source.Reply(ACCESS_DENIED);
 		else if (Anope::ReadOnly && !is_list)
-			source.Reply(_("Sorry, channel access list modification is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 		else if (is_list)
 			this->DoList(source, ci, params);
 		else if (cmd.equals_ci("CLEAR"))
@@ -58,7 +58,7 @@ public:

 		if (show_all)
 		{
-			info[_("Ban type")] = stringify(ci->bantype);
+			info[_("Ban type")] = Anope::ToString(ci->bantype);
 		}

 		FOREACH_MOD(OnChanInfo, (source, ci, info, show_all));
@@ -36,12 +36,10 @@ public:
 			sepstream(pattern.substr(1), '-').GetToken(n1, 0);
 			sepstream(pattern, '-').GetToken(n2, 1);

-			try
-			{
-				from = convertTo<int>(n1);
-				to = convertTo<int>(n2);
-			}
-			catch (const ConvertException &)
+			auto num1 = Anope::TryConvert<int>(n1);
+			auto num2 = Anope::TryConvert<int>(n2);
+
+			if (!num1.has_value() || !num2.has_value())
 			{
 				source.Reply(LIST_INCORRECT_RANGE);
 				source.Reply(_("To search for channels starting with #, search for the channel\n"
@@ -49,6 +47,8 @@ public:
 				return;
 			}

+			from = num1.value();
+			to = num2.value();
 			pattern = "*";
 		}

@@ -47,7 +47,7 @@ struct LogSettingImpl final
 		data.SetType("created", Serialize::Data::DT_INT); data["created"] << created;
 	}

-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data)
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data)
 	{
 		Anope::string sci;
 		data["ci"] >> sci;
@@ -135,7 +135,7 @@ public:
 					const LogSetting *log = (*ls)->at(i);

 					ListFormatter::ListEntry entry;
-					entry["Number"] = stringify(i + 1);
+					entry["Number"] = Anope::ToString(i + 1);
 					entry["Service"] = log->command_service;
 					entry["Command"] = !log->command_name.empty() ? log->command_name : log->service_name;
 					entry["Method"] = log->method;
@@ -32,7 +32,7 @@ struct ModeLockImpl final
 	}

 	void Serialize(Serialize::Data &data) const override;
-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data);
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data);
 };

 struct ModeLocksImpl final
@@ -213,7 +213,7 @@ void ModeLockImpl::Serialize(Serialize::Data &data) const
 	data.SetType("created", Serialize::Data::DT_INT); data["created"] << this->created;
 }

-Serializable* ModeLockImpl::Unserialize(Serializable *obj, Serialize::Data &data)
+Serializable *ModeLockImpl::Unserialize(Serializable *obj, Serialize::Data &data)
 {
 	Anope::string sci;

@@ -247,7 +247,7 @@ Serializable* ModeLockImpl::Unserialize(Serializable *obj, Serialize::Data &data
 class CommandCSMode final
 	: public Command
 {
-	bool CanSet(CommandSource &source, ChannelInfo *ci, ChannelMode *cm, bool self)
+	static bool CanSet(CommandSource &source, ChannelInfo *ci, ChannelMode *cm, bool self)
 	{
 		if (!ci || !cm || cm->type != MODE_STATUS)
 			return false;
@@ -336,7 +336,7 @@ class CommandCSMode final
 							continue;
 						}

-						if (modelocks->GetMLock().size() >= Config->GetModule(this->owner)->Get<unsigned>("max", "32"))
+						if (modelocks->GetMLock().size() >= Config->GetModule(this->owner)->Get<unsigned>("max", "50"))
 						{
 							source.Reply(_("The mode lock list of \002%s\002 is full."), ci->name.c_str());
 							continue;
@@ -716,7 +716,7 @@ class CommandCSMode final
 		std::vector<Anope::string> new_params;
 		new_params.push_back(params[0]);
 		new_params.emplace_back("SET");
-		new_params.push_back("-" + stringify(cm->mchar));
+		new_params.push_back("-" + Anope::ToString(cm->mchar));
 		new_params.emplace_back("*");
 		this->DoSet(source, ci, new_params);
 	}
@@ -33,7 +33,7 @@ public:
 		ChannelInfo *ci = ChannelInfo::Find(params[0]);

 		if (Anope::ReadOnly)
-			source.Reply(_("Sorry, channel registration is temporarily disabled."));
+			source.Reply(READ_ONLY_MODE);
 		else if (nc->HasExt("UNCONFIRMED"))
 			source.Reply(_("You must confirm your account before you can register a channel."));
 		else if (chan[0] == '&')
@@ -19,7 +19,7 @@ enum TypeInfo
 static bool simple;
 struct SeenInfo;
 static SeenInfo *FindInfo(const Anope::string &nick);
-typedef Anope::hash_map<SeenInfo *> database_map;
+typedef Anope::unordered_map<SeenInfo *> database_map;
 database_map database;

 struct SeenInfo final
@@ -55,7 +55,7 @@ struct SeenInfo final
 		data.SetType("last", Serialize::Data::DT_INT); data["last"] << last;
 	}

-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data)
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data)
 	{
 		Anope::string snick;

@@ -66,7 +66,7 @@ struct SeenInfo final
 			s = anope_dynamic_static_cast<SeenInfo *>(obj);
 		else
 		{
-			SeenInfo* &info = database[snick];
+			SeenInfo *&info = database[snick];
 			if (!info)
 				info = new SeenInfo();
 			s = info;
@@ -185,7 +185,7 @@ public:
 class CommandSeen final
 	: public Command
 {
-	void SimpleSeen(CommandSource &source, const std::vector<Anope::string> &params)
+	static void SimpleSeen(CommandSource &source, const std::vector<Anope::string> &params)
 	{
 		if (!source.c || !source.c->ci)
 		{
@@ -270,9 +270,9 @@ public:
 		if (simple)
 			return this->SimpleSeen(source, params);

-		if (target.length() > Config->GetBlock("networkinfo")->Get<unsigned>("nicklen"))
+		if (target.length() > IRCD->MaxNick)
 		{
-			source.Reply(_("Nick too long, max length is %u characters."), Config->GetBlock("networkinfo")->Get<unsigned>("nicklen"));
+			source.Reply(_("Nick too long, max length is %zu characters."), IRCD->MaxNick);
 			return;
 		}

@@ -440,12 +440,12 @@ public:
 	}

 private:
-	void UpdateUser(const User *u, const TypeInfo Type, const Anope::string &nick, const Anope::string &nick2, const Anope::string &channel, const Anope::string &message)
+	static void UpdateUser(const User *u, const TypeInfo Type, const Anope::string &nick, const Anope::string &nick2, const Anope::string &channel, const Anope::string &message)
 	{
 		if (simple || !u->server->IsSynced())
 			return;

-		SeenInfo* &info = database[nick];
+		SeenInfo *&info = database[nick];
 		if (!info)
 			info = new SeenInfo();
 		info->nick = nick;
@@ -165,19 +165,16 @@ public:
 			return;
 		}

-		try
-		{
-			int16_t new_type = convertTo<int16_t>(params[1]);
-			if (new_type < 0 || new_type > 3)
-				throw ConvertException("Invalid range");
-			Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to change the ban type to " << new_type;
-			ci->bantype = new_type;
-			source.Reply(_("Ban type for channel %s is now #%d."), ci->name.c_str(), ci->bantype);
-		}
-		catch (const ConvertException &)
+		auto new_type = Anope::Convert<int16_t>(params[1], -1);
+		if (new_type < 0 || new_type > 3)
 		{
 			source.Reply(_("\002%s\002 is not a valid ban type."), params[1].c_str());
+			return;
 		}
+
+		Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to change the ban type to " << new_type;
+		ci->bantype = new_type;
+		source.Reply(_("Ban type for channel %s is now #%d."), ci->name.c_str(), ci->bantype);
 	}

 	bool OnHelp(CommandSource &source, const Anope::string &) override
@@ -682,70 +679,6 @@ public:
 	}
 };

-class CommandCSSetSecure final
-	: public Command
-{
-public:
-	CommandCSSetSecure(Module *creator, const Anope::string &cname = "chanserv/set/secure") : Command(creator, cname, 2, 2)
-	{
-		this->SetDesc(_("Activate security features"));
-		this->SetSyntax(_("\037channel\037 {ON | OFF}"));
-	}
-
-	void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
-	{
-		if (Anope::ReadOnly)
-		{
-			source.Reply(READ_ONLY_MODE);
-			return;
-		}
-
-		ChannelInfo *ci = ChannelInfo::Find(params[0]);
-		if (ci == NULL)
-		{
-			source.Reply(CHAN_X_NOT_REGISTERED, params[0].c_str());
-			return;
-		}
-
-		EventReturn MOD_RESULT;
-		FOREACH_RESULT(OnSetChannelOption, MOD_RESULT, (source, this, ci, params[1]));
-		if (MOD_RESULT == EVENT_STOP)
-			return;
-
-		if (MOD_RESULT != EVENT_ALLOW && !source.AccessFor(ci).HasPriv("SET") && source.permission.empty() && !source.HasPriv("chanserv/administration"))
-		{
-			source.Reply(ACCESS_DENIED);
-			return;
-		}
-
-		if (params[1].equals_ci("ON"))
-		{
-			Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to enable secure";
-			ci->Extend<bool>("CS_SECURE");
-			source.Reply(_("Secure option for %s is now \002on\002."), ci->name.c_str());
-		}
-		else if (params[1].equals_ci("OFF"))
-		{
-			Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to disable secure";
-			ci->Shrink<bool>("CS_SECURE");
-			source.Reply(_("Secure option for %s is now \002off\002."), ci->name.c_str());
-		}
-		else
-			this->OnSyntaxError(source, "SECURE");
-	}
-
-	bool OnHelp(CommandSource &source, const Anope::string &) override
-	{
-		this->SendSyntax(source);
-		source.Reply(" ");
-		source.Reply(_("Enables or disables security features for a\n"
-			"channel. When \002SECURE\002 is set, only users who have\n"
-			"identified to services, and are not only recognized, will be\n"
-			"given access to channels from account-based access entries."));
-		return true;
-	}
-};
-
 class CommandCSSetSecureFounder final
 	: public Command
 {
@@ -1110,7 +1043,7 @@ class CSSet final
 	: public Module
 {
 	SerializableExtensibleItem<bool> noautoop, peace, securefounder,
-		restricted, secure, secureops, signkick, signkick_level, noexpire,
+		restricted, secureops, signkick, signkick_level, noexpire,
 		persist;

 	struct KeepModes final
@@ -1169,7 +1102,6 @@ class CSSet final
 	CommandCSSetPeace commandcssetpeace;
 	CommandCSSetPersist commandcssetpersist;
 	CommandCSSetRestricted commandcssetrestricted;
-	CommandCSSetSecure commandcssetsecure;
 	CommandCSSetSecureFounder commandcssetsecurefounder;
 	CommandCSSetSecureOps commandcssetsecureops;
 	CommandCSSetSignKick commandcssetsignkick;
@@ -1184,7 +1116,7 @@ public:
 	CSSet(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, VENDOR),
 		noautoop(this, "NOAUTOOP"), peace(this, "PEACE"),
 		securefounder(this, "SECUREFOUNDER"), restricted(this, "RESTRICTED"),
-		secure(this, "CS_SECURE"), secureops(this, "SECUREOPS"), signkick(this, "SIGNKICK"),
+		secureops(this, "SECUREOPS"), signkick(this, "SIGNKICK"),
 		signkick_level(this, "SIGNKICK_LEVEL"), noexpire(this, "CS_NO_EXPIRE"),
 		persist(this, "PERSIST"),
 		keep_modes(this, "CS_KEEP_MODES"),
@@ -1192,7 +1124,7 @@ public:
 		commandcsset(this), commandcssetautoop(this), commandcssetbantype(this),
 		commandcssetdescription(this), commandcssetfounder(this), commandcssetkeepmodes(this),
 		commandcssetpeace(this), commandcssetpersist(this), commandcssetrestricted(this),
-		commandcssetsecure(this), commandcssetsecurefounder(this), commandcssetsecureops(this), commandcssetsignkick(this),
+		commandcssetsecurefounder(this), commandcssetsecureops(this), commandcssetsignkick(this),
 		commandcssetsuccessor(this), commandcssetnoexpire(this),

 		inhabit("inhabit")
@@ -1304,8 +1236,6 @@ public:
 			info.AddOption(_("Peace"));
 		if (restricted.HasExt(ci))
 			info.AddOption(_("Restricted access"));
-		if (secure.HasExt(ci))
-			info.AddOption(_("Security"));
 		if (securefounder.HasExt(ci))
 			info.AddOption(_("Secure founder"));
 		if (secureops.HasExt(ci))
@@ -21,7 +21,7 @@ static Anope::map<ExtensibleItem<CSMiscData> *> items;

 static ExtensibleItem<CSMiscData> *GetItem(const Anope::string &name)
 {
-	ExtensibleItem<CSMiscData>* &it = items[name];
+	ExtensibleItem<CSMiscData> *&it = items[name];
 	if (!it)
 		try
 		{
@@ -51,7 +51,7 @@ struct CSMiscData final
 		sdata["data"] << this->data;
 	}

-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data)
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data)
 	{
 		Anope::string sci, sname, sdata;

@@ -27,7 +27,7 @@ struct CSSuspendInfo final
 		data["expires"] << expires;
 	}

-	static Serializable* Unserialize(Serializable *obj, Serialize::Data &data)
+	static Serializable *Unserialize(Serializable *obj, Serialize::Data &data)
 	{
 		Anope::string schan;
 		data["chan"] >> schan;
@@ -214,6 +214,13 @@ class CSSuspend final
 		}
 	};

+	void Expire(ChannelInfo *ci)
+	{
+		suspend.Unset(ci);
+		Log(this) << "Expiring suspend for " << ci->name;
+	}
+
+
 	bool Show(CommandSource &source, const Anope::string &what) const
 	{
 		return source.IsOper() || std::find(show.begin(), show.end(), what) != show.end();
@@ -259,23 +266,28 @@ public:

 		expire = false;

-		if (!si->expires)
-			return;
-
-		if (si->expires < Anope::CurTime)
+		if (!Anope::NoExpire && si->expires && si->expires < Anope::CurTime)
 		{
 			ci->last_used = Anope::CurTime;
-			suspend.Unset(ci);
-
-			Log(this) << "Expiring suspend for " << ci->name;
+			Expire(ci);
 		}
 	}

 	EventReturn OnCheckKick(User *u, Channel *c, Anope::string &mask, Anope::string &reason) override
 	{
-		if (u->HasMode("OPER") || !c->ci || !suspend.HasExt(c->ci))
+		if (u->HasMode("OPER") || !c->ci)
 			return EVENT_CONTINUE;

+		CSSuspendInfo *si = suspend.Get(c->ci);
+		if (!si)
+			return EVENT_CONTINUE;
+
+		if (!Anope::NoExpire && si->expires && si->expires < Anope::CurTime)
+		{
+			Expire(c->ci);
+			return EVENT_CONTINUE;
+		}
+
 		reason = Language::Translate(u, _("This channel may not be used."));
 		return EVENT_STOP;
 	}
@@ -262,7 +262,7 @@ public:

 		ModeLocks *ml = ci->GetExt<ModeLocks>("modelocks");
 		const ModeLock *secret = ml ? ml->GetMLock("SECRET") : NULL;
-		if (!ci->last_topic.empty() && (show_all || ((!secret || secret->set == false) && (!ci->c || !ci->c->HasMode("SECRET")))))
+		if (!ci->last_topic.empty() && (show_all || ((!secret || !secret->set) && (!ci->c || !ci->c->HasMode("SECRET")))))
 		{
 			info[_("Last topic")] = ci->last_topic;
 			info[_("Topic set by")] = ci->last_topic_setter;
@@ -44,7 +44,12 @@ public:
 				if (!ci->c || !(source.AccessFor(ci).HasPriv("UNBAN") || source.AccessFor(ci).HasPriv("UNBANME")))
 					continue;

-				FOREACH_MOD(OnChannelUnban, (source.GetUser(), ci));
+				if (IRCD->CanClearBans)
+				{
+					IRCD->SendClearBans(ci->WhoSends(), ci->c, source.GetUser());
+					count++;
+					continue;
+				}

 				for (const auto *mode : modes)
 					if (ci->c->Unban(source.GetUser(), mode->name, true))
@@ -81,7 +86,7 @@ public:
 		}

 		if (!source.AccessFor(ci).HasPriv("UNBAN") &&
-			!(u2 == source.GetUser() && source.AccessFor(ci).HasPriv("UNBANME")) &&
+			(u2 != source.GetUser() || !source.AccessFor(ci).HasPriv("UNBANME")) &&
 			!source.HasPriv("chanserv/kick"))
 		{
 			source.Reply(ACCESS_DENIED);
@@ -91,10 +96,15 @@ public:
 		bool override = !source.AccessFor(ci).HasPriv("UNBAN") && source.HasPriv("chanserv/kick");
 		Log(override ? LOG_OVERRIDE : LOG_COMMAND, source, this, ci) << "to unban " << u2->nick;

-		FOREACH_MOD(OnChannelUnban, (u2, ci));

-		for (const auto *mode : modes)
-			ci->c->Unban(u2, mode->name, source.GetUser() == u2);
+		if (IRCD->CanClearBans)
+			IRCD->SendClearBans(ci->WhoSends(), ci->c, source.GetUser());
+		else
+		{
+			for (const auto *mode : modes)
+				ci->c->Unban(u2, mode->name, source.GetUser() == u2);
+		}
+
 		if (u2 == source.GetUser())
 			source.Reply(_("You have been unbanned from \002%s\002."), ci->c->name.c_str());
 		else
@@ -14,7 +14,7 @@
 class CommandCSUp final
 	: public Command
 {
-	void SetModes(User *u, Channel *c)
+	static void SetModes(User *u, Channel *c)
 	{
 		if (!c->ci)
 			return;
@@ -133,7 +133,7 @@ public:
 class CommandCSDown final
 	: public Command
 {
-	void RemoveAll(User *u, Channel *c)
+	static void RemoveAll(User *u, Channel *c)
 	{
 		ChanUserContainer *cu = c->FindUser(u);
 		if (cu != NULL)
@@ -116,7 +116,7 @@ private:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, channel %s list modification is temporarily disabled."), source.command.c_str());
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -208,7 +208,7 @@ private:
 			}
 		}

-		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1024");
+		unsigned access_max = Config->GetModule("chanserv")->Get<unsigned>("accessmax", "1000");
 		if (access_max && ci->GetDeepAccessCount() >= access_max)
 		{
 			source.Reply(_("Sorry, you can only have %d access entries on a channel, including access entries from other channels."), access_max);
@@ -246,7 +246,7 @@ private:

 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, channel %s list modification is temporarily disabled."), source.command.c_str());
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -420,7 +420,7 @@ private:
 						return;

 					ListFormatter::ListEntry entry;
-					entry["Number"] = stringify(Number);
+					entry["Number"] = Anope::ToString(Number);
 					entry["Mask"] = a->Mask();
 					entry["Description"] = a->description;
 					this->list.AddEntry(entry);
@@ -440,7 +440,7 @@ private:
 					continue;

 				ListFormatter::ListEntry entry;
-				entry["Number"] = stringify(i + 1);
+				entry["Number"] = Anope::ToString(i + 1);
 				entry["Mask"] = a->Mask();
 				entry["Description"] = a->description;
 				list.AddEntry(entry);
@@ -464,7 +464,7 @@ private:
 	{
 		if (Anope::ReadOnly)
 		{
-			source.Reply(_("Sorry, channel %s list modification is temporarily disabled."), source.command.c_str());
+			source.Reply(READ_ONLY_MODE);
 			return;
 		}

@@ -189,14 +189,14 @@ class MChanstats final
 			sql->Run(&sqlinterface, q);
 	}

-	size_t CountWords(const Anope::string &msg)
+	static size_t CountWords(const Anope::string &msg)
 	{
 		size_t words = 0;
 		for (size_t pos = 0; pos != Anope::string::npos; pos = msg.find(" ", pos+1))
 			words++;
 		return words;
 	}
-	size_t CountSmileys(const Anope::string &msg, const Anope::string &smileylist)
+	static size_t CountSmileys(const Anope::string &msg, const Anope::string &smileylist)
 	{
 		size_t smileys = 0;
 		spacesepstream sep(smileylist);
@@ -210,7 +210,7 @@ class MChanstats final
 		return smileys;
 	}

-	const Anope::string GetDisplay(User *u)
+	Anope::string GetDisplay(User *u)
 	{
 		if (u && u->Account() && ns_stats.HasExt(u->Account()))
 			return u->Account()->display;
@@ -581,7 +581,7 @@ public:
 		this->RunQuery(query);
 	}

-	void OnPrivmsg(User *u, Channel *c, Anope::string &msg) override
+	void OnPrivmsg(User *u, Channel *c, Anope::string &msg, const Anope::map<Anope::string> &tags) override
 	{
 		if (!c->ci || !cs_stats.HasExt(c->ci))
 			return;
--- a/Show More
+++ b/Show More