diff --git a/go.mod b/go.mod
index 5192dc8..66b6607 100644
--- a/go.mod
+++ b/go.mod
@@ -10,18 +10,18 @@ require (
 	fornaxian.tech/pixeldrain_api_client v0.0.0-20220503161309-06b62641c05d
 	fornaxian.tech/util v0.0.0-20220603201140-7b74b1181b98
 	github.com/julienschmidt/httprouter v1.3.0
-	github.com/microcosm-cc/bluemonday v1.0.18
+	github.com/microcosm-cc/bluemonday v1.0.21
 	github.com/russross/blackfriday/v2 v2.1.0
 )
 
 require (
-	github.com/BurntSushi/toml v1.1.0 // indirect
+	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
-	github.com/gocql/gocql v1.1.0 // indirect
+	github.com/gocql/gocql v1.2.1 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
-	golang.org/x/net v0.0.0-20220531201128-c960675eff93 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/net v0.1.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 4eefc95..40836b1 100644
--- a/go.sum
+++ b/go.sum
@@ -6,6 +6,8 @@ fornaxian.tech/util v0.0.0-20220603201140-7b74b1181b98 h1:d0FsJgwiHunT4X6Hyz7FRB
 fornaxian.tech/util v0.0.0-20220603201140-7b74b1181b98/go.mod h1:lCmtcb4/SVt2ol55/EHDWGySY7o0ONbj97RR9CdsN4M=
 github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 h1:mXoPYz/Ul5HYEDvkta6I8/rnYM5gSdSV2tJ6XbZuEtY=
@@ -15,6 +17,8 @@ github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dR
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gocql/gocql v1.1.0 h1:ow36yzymDGsuKqnkecq2zR3prFkkbdzC/af5zTyPXNc=
 github.com/gocql/gocql v1.1.0/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8=
+github.com/gocql/gocql v1.2.1 h1:G/STxUzD6pGvRHzG0Fi7S04SXejMKBbRZb7pwre1edU=
+github.com/gocql/gocql v1.2.1/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -31,6 +35,8 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/microcosm-cc/bluemonday v1.0.18 h1:6HcxvXDAi3ARt3slx6nTesbvorIc3QeTzBNRvWktHBo=
 github.com/microcosm-cc/bluemonday v1.0.18/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM=
+github.com/microcosm-cc/bluemonday v1.0.21 h1:dNH3e4PSyE4vNX+KlRGHT5KrSvjeUkoNPwEORjffHJg=
+github.com/microcosm-cc/bluemonday v1.0.21/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -38,9 +44,13 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220531201128-c960675eff93 h1:MYimHLfoXEpOhqd/zgoA/uoXzHB86AEky4LAx5ij9xA=
 golang.org/x/net v0.0.0-20220531201128-c960675eff93/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
diff --git a/svelte/src/admin_panel/AbuseReporterTable.svelte b/svelte/src/admin_panel/AbuseReporterTable.svelte
index 599e11a..4b3d1ec 100644
--- a/svelte/src/admin_panel/AbuseReporterTable.svelte
+++ b/svelte/src/admin_panel/AbuseReporterTable.svelte
@@ -31,6 +31,16 @@ export let reporters = []
 				<button on:click|preventDefault={() => {dispatch("edit", rep)}} class="button round">
 					<i class="icon">edit</i>
 				</button>
+				{#if rep.status !== "trusted"}
+					<button on:click|preventDefault={() => {dispatch("approve", rep)}} class="button button_highlight round">
+						<i class="icon">check</i>
+					</button>
+				{/if}
+				{#if rep.status !== "rejected"}
+					<button on:click|preventDefault={() => {dispatch("spam", rep)}} class="button button_red round">
+						<i class="icon">block</i>
+					</button>
+				{/if}
 				<button on:click|preventDefault={() => {dispatch("delete", rep)}} class="button button_red round">
 					<i class="icon">delete</i>
 				</button>
diff --git a/svelte/src/admin_panel/EmailReporters.svelte b/svelte/src/admin_panel/EmailReporters.svelte
index df49a28..76168a5 100644
--- a/svelte/src/admin_panel/EmailReporters.svelte
+++ b/svelte/src/admin_panel/EmailReporters.svelte
@@ -86,6 +86,47 @@ const create_reporter = async () => {
 	get_reporters();
 }
 
+const approve_reporter = async reporter => {
+	try {
+		const form = new FormData()
+		form.append("from_address", reporter.from_address)
+		form.append("mail_server", reporter.mail_server)
+		form.append("name", reporter.name)
+		form.append("status", "trusted")
+
+		const resp = await fetch(
+			window.api_endpoint+"/admin/abuse_reporter",
+			{ method: "POST", body: form }
+		);
+		if(resp.status >= 400) {
+			throw new Error(await resp.text());
+		}
+	} catch (err) {
+		alert("Failed to add abuse reporter! "+err)
+	}
+	get_reporters();
+}
+const spam_reporter = async reporter => {
+	try {
+		const form = new FormData()
+		form.append("from_address", reporter.from_address)
+		form.append("mail_server", reporter.mail_server)
+		form.append("name", reporter.name)
+		form.append("status", "rejected")
+
+		const resp = await fetch(
+			window.api_endpoint+"/admin/abuse_reporter",
+			{ method: "POST", body: form }
+		);
+		if(resp.status >= 400) {
+			throw new Error(await resp.text());
+		}
+	} catch (err) {
+		alert("Failed to add abuse reporter! "+err)
+	}
+	get_reporters();
+}
+
 const edit_reporter = async reporter => {
 	edit_button.scrollIntoView()
 	creating = true
@@ -160,6 +201,8 @@ onMount(get_reporters);
 	<AbuseReporterTable
 		reporters={reporters_pending}
 		on:edit={e => edit_reporter(e.detail)}
+		on:approve={e => approve_reporter(e.detail)}
+		on:spam={e => spam_reporter(e.detail)}
 		on:delete={e => delete_reporter(e.detail)}>
 	</AbuseReporterTable>
 
@@ -168,6 +211,8 @@ onMount(get_reporters);
 	<AbuseReporterTable
 		reporters={reporters_trusted}
 		on:edit={e => edit_reporter(e.detail)}
+		on:approve={e => approve_reporter(e.detail)}
+		on:spam={e => spam_reporter(e.detail)}
 		on:delete={e => delete_reporter(e.detail)}>
 	</AbuseReporterTable>
 
@@ -175,6 +220,8 @@ onMount(get_reporters);
 	<AbuseReporterTable
 		reporters={reporters_rejected}
 		on:edit={e => edit_reporter(e.detail)}
+		on:approve={e => approve_reporter(e.detail)}
+		on:spam={e => spam_reporter(e.detail)}
 		on:delete={e => delete_reporter(e.detail)}>
 	</AbuseReporterTable>
 </div>
diff --git a/svelte/src/home_page/FeatureTable.svelte b/svelte/src/home_page/FeatureTable.svelte
index 809b12f..e4d95d7 100644
--- a/svelte/src/home_page/FeatureTable.svelte
+++ b/svelte/src/home_page/FeatureTable.svelte
@@ -15,7 +15,7 @@ onMount(() => {
 	<div>
 		<div></div>
 		<div class="feat_normal round_tl">Free</div>
-		<div class="feat_pro round_tr">Pro</div>
+		<div class="feat_pro round_tr pro_header">Pro</div>
 	</div>
 	<div>
 		<div class="feat_label">Size limit per file</div>
@@ -276,6 +276,13 @@ onMount(() => {
 .text_highlight {
 	font-weight: bold;
 }
+.feat_table > div > .pro_header {
+	background-image: url("/res/img/benefit_1.webp");
+	background-size: cover;
+	font-size: 1.2em;
+	text-shadow: 1px 1px 2px #000000;
+	color: #ffffff;
+}
 
 .feat_table > div > div.round_tl { border-top-left-radius:     0.5em; }
 .feat_table > div > div.round_tr { border-top-right-radius:    0.5em; }
diff --git a/svelte/src/user_home/AccountSettings.svelte b/svelte/src/user_home/AccountSettings.svelte
index 08d545d..bd5cd2e 100644
--- a/svelte/src/user_home/AccountSettings.svelte
+++ b/svelte/src/user_home/AccountSettings.svelte
@@ -1,113 +1,73 @@
 <script>
-import { onMount } from "svelte";
-import FilePicker from "../file_viewer/FilePicker.svelte";
-import SuccessMessage from "../util/SuccessMessage.svelte";
-import ThemePicker from "../util/ThemePicker.svelte";
 import Form from "./../util/Form.svelte";
 
-let password_change = {
-	name: "password_change",
+let account_settings = {
+	name: "account_settings",
 	fields: [
 		{
-			name: "old_password",
-			label: "Current password",
-			type: "current_password",
-		}, {
-			name: "new_password",
-			label: "New password",
-			type: "new_password",
-		}, {
-			name: "new_password2",
-			label: "New password again",
-			type: "new_password",
-			description: "we need you to repeat your password so you " +
-					"won't be locked out of your account if you make a " +
-					"typing error"
-		},
-	],
-	submit_label: `<i class="icon">save</i> Save`,
-	on_submit: async fields => {
-		if (fields.new_password != fields.new_password2) {
-			return {success: false, message: "Passwords do not match! Please enter the same password in both fields"}
-		}
-
-		const form = new FormData()
-		form.append("old_password", fields.old_password)
-		form.append("new_password", fields.new_password)
-
-		const resp = await fetch(
-			window.api_endpoint+"/user/password",
-			{ method: "PUT", body: form }
-		);
-		if(resp.status >= 400) {
-			return {error_json: await resp.json()}
-		}
-		return {success: true, message: "Success! Your password has been updated"}
-	},
-}
-
-let email_change = {
-	name: "email_change",
-	fields: [
-		{
-			name: "new_email",
+			name: "email",
 			label: "E-mail address",
 			type: "email",
 			default_value: window.user.email,
-			description: `we will send an e-mail to the new address to
-					verify that it's real. The address will be saved once the
-					link in the message is clicked. If the e-mail doesn't arrive
-					right away please check your spam box too. Leave the field
-					empty to remove your current e-mail address from your
-					account`,
-		},
-	],
-	submit_label: `<i class="icon">save</i> Save`,
-	on_submit: async fields => {
-		const form = new FormData()
-		form.append("new_email", fields.new_email)
-
-		const resp = await fetch(
-			window.api_endpoint+"/user/email_reset",
-			{ method: "PUT", body: form }
-		);
-		if(resp.status >= 400) {
-			return {error_json: await resp.json()}
-		}
-		return {success: true, message: "Success! E-mail sent. Click the link in the message to verify your new address"}
-	},
-}
-
-let name_change = {
-	name: "name_change",
-	fields: [
-		{
-			name: "new_username",
+			description: `We will send an e-mail to the new address to verify
+				that it's real. The address will be saved once the link in the
+				message is clicked. If the e-mail doesn't arrive right away
+				please check your spam box too. Leave the field empty to remove
+				your current e-mail address from your account`,
+			separator: true
+		}, {
+			name: "password_old",
+			label: "Current password",
+			type: "current_password",
+			discription: `Enter your password here if you would like to change
+				your password.`
+		}, {
+			name: "password_new1",
+			label: "New password",
+			type: "new_password",
+		}, {
+			name: "password_new2",
+			label: "New password again",
+			type: "new_password",
+			description: `We need you to repeat your password so you won't be
+				locked out of your account if you make a typing error`,
+			separator: true,
+		}, {
+			name: "username",
 			label: "Name",
 			type: "username",
 			default_value: window.user.username,
-			description: `changing your username also changes the name used to
+			description: `Changing your username also changes the name used to
 				log in. If you forget your username you can still log in using
 				your e-mail address if you have one configured`,
 		},
 	],
 	submit_label: `<i class="icon">save</i> Save`,
 	on_submit: async fields => {
+		if (fields.password_new1 != fields.password_new2) {
+			return {
+				success: false,
+				message: "Passwords do not match! Please enter the same password in both fields"
+			}
+		}
+
 		const form = new FormData()
-		form.append("new_username", fields.new_username)
+		form.append("email", fields.email)
+		form.append("password_old", fields.password_old)
+		form.append("password_new", fields.password_new1)
+		form.append("username", fields.username)
 
 		const resp = await fetch(
-			window.api_endpoint+"/user/username",
+			window.api_endpoint+"/user",
 			{ method: "PUT", body: form }
 		);
 		if(resp.status >= 400) {
 			return {error_json: await resp.json()}
 		}
-		return {success: true, message: "Success! You are now known as "+fields.new_username}
+		return {success: true, message: "Success! Your changes have been saved"}
 	},
 }
 
-
 let delete_account = {
 	name: "delete_account",
 	fields: [
@@ -144,23 +104,10 @@ let delete_account = {
 <section>
 	<br/>
 	<div class="highlight_border">
-		<h3>Change password</h3>
-		<Form config={password_change}></Form>
+		<h3>Account settings</h3>
+		<Form config={account_settings}></Form>
 	</div>
 	<br/>
-
-	<div class="highlight_border">
-		<h3>Change e-mail address</h3>
-		<Form config={email_change}></Form>
-	</div>
-	<br/>
-
-	<div class="highlight_border">
-		<h3>Change name</h3>
-		<Form config={name_change}></Form>
-	</div>
-	<br/>
-
 	<div class="highlight_border">
 		<h3>Delete account</h3>
 		<Form config={delete_account}></Form>
diff --git a/svelte/src/user_home/BandwidthSharing.svelte b/svelte/src/user_home/BandwidthSharing.svelte
index 9f9b26f..1ebba44 100644
--- a/svelte/src/user_home/BandwidthSharing.svelte
+++ b/svelte/src/user_home/BandwidthSharing.svelte
@@ -7,18 +7,21 @@ import SuccessMessage from "../util/SuccessMessage.svelte";
 
 let loading = false
 let success_message
+let hotlinking = window.user.hotlinking_enabled
+let transfer_cap = window.user.monthly_transfer_cap / 1e9
+let skip_viewer = window.user.skip_file_viewer
 
 const update = async () => {
 	loading = true
 
 	const form = new FormData()
-	form.append("update", "limits")
 	form.append("hotlinking_enabled", hotlinking)
 	form.append("transfer_cap", transfer_cap*1e9)
+	form.append("skip_file_viewer", skip_viewer)
 
 	try {
 		const resp = await fetch(
-			window.api_endpoint+"/user/subscription",
+			window.api_endpoint+"/user",
 			{ method: "PUT", body: form },
 		)
 		if(resp.status >= 400) {
@@ -37,13 +40,11 @@ const update = async () => {
 	}
 }
 
-let hotlinking = window.user.hotlinking_enabled
 let toggle_hotlinking = () => {
 	hotlinking = !hotlinking
 	update()
 }
 
-let transfer_cap = window.user.monthly_transfer_cap / 1e9
 let transfer_used = 0
 let load_transfer_used = () => {
 	let today = new Date()
@@ -65,6 +66,11 @@ let load_transfer_used = () => {
 	})
 }
 
+let toggle_skip_viewer = () => {
+	skip_viewer = !skip_viewer
+	update()
+}
+
 onMount(() => {
 	load_transfer_used()
 })
@@ -118,6 +124,26 @@ onMount(() => {
 		mostly useful for prepaid plans, but it works for patreon plans too.
 		Set to 0 to disable the limit.
 	</p>
+
+	<h2>Skip download page</h2>
+	<p>
+		This setting only applies to your account, others will still see the
+		download page when visiting your files. When this is enabled you will be
+		redirected to the file download API when clicking a pixeldrain link.
+		This means that images, videos and PDF files will be opened directly in
+		your browser, and other files are immediately downloaded to your device.
+		This only works for single file links, not albums.
+	</p>
+	<p>
+		You will need a Pro subscription to use this feature.
+	</p>
+	<button on:click={toggle_skip_viewer}>
+		{#if skip_viewer}
+			<i class="icon green">check</i> ON (click to turn off)
+		{:else}
+			<i class="icon red">close</i> OFF (click to turn on)
+		{/if}
+	</button>
 </section>
 
 <style>
diff --git a/svelte/src/user_home/EmbeddingControls.svelte b/svelte/src/user_home/EmbeddingControls.svelte
index f165e75..f5b22cc 100644
--- a/svelte/src/user_home/EmbeddingControls.svelte
+++ b/svelte/src/user_home/EmbeddingControls.svelte
@@ -12,11 +12,11 @@ let embed_domains = ""
 const save_embed = async () => {
 	loading = true
 	const form = new FormData()
-	form.append("domains", embed_domains)
+	form.append("embed_domains", embed_domains)
 
 	try {
 		const resp = await fetch(
-			window.api_endpoint+"/user/file_embed",
+			window.api_endpoint+"/user",
 			{ method: "PUT", body: form }
 		);
 		if(resp.status >= 400) {
diff --git a/svelte/src/user_home/Subscription.svelte b/svelte/src/user_home/Subscription.svelte
index 7b7d67b..625369b 100644
--- a/svelte/src/user_home/Subscription.svelte
+++ b/svelte/src/user_home/Subscription.svelte
@@ -11,12 +11,11 @@ const update = async () => {
 	loading = true
 
 	const form = new FormData()
-	form.append("update", "subscription")
 	form.append("subscription", subscription)
 
 	try {
 		const resp = await fetch(
-			window.api_endpoint+"/user/subscription",
+			window.api_endpoint+"/user",
 			{ method: "PUT", body: form },
 		)
 		if(resp.status >= 400) {
diff --git a/webcontroller/file_viewer.go b/webcontroller/file_viewer.go
index d068c8b..8a0172d 100644
--- a/webcontroller/file_viewer.go
+++ b/webcontroller/file_viewer.go
@@ -93,6 +93,11 @@ func (wc *WebController) serveFileViewer(w http.ResponseWriter, r *http.Request,
 		return
 	}
 
+	if files[0].SkipFileViewer {
+		http.Redirect(w, r, "/api/file/"+p.ByName("id"), http.StatusSeeOther)
+		return
+	}
+
 	templateData.OGData = wc.metadataFromFile(files[0].FileInfo)
 
 	var vd = fileViewerData{