General

as a cure for both security and cookie setting, go for PHP sessions and keep all hypo-data on the server (db?)
page expiry date should be set to time of last message (cunning 4 caching)
review caching stuff thoroughly, cos it’s shit (is it required at all?)
add target=“_blank” to all off-site urls
try and find a workaround for very long “words”
I am lame and have forgotten my password, please de-lame me via my email address
how are you going to fix that nasty bug in the message summary code where you split the message halfway through a tag? eh?
cut admin/archive/profile to given number of messages, set by user in profile
2cols lpage situation needs CHECKING, complex one that
login failed screen offers chance to be mailed your password
Crazy REGEX generation time is NEAR!
more user fields: description, tea grade, general courtesy personalisation stuff
check for odd numbers of quotes in posts, as this really fucks the browser over
more functions!!
image gallery
microsites box - links to other hypothetical network content.

Threads

new fields: parent thread, public/private, aggregation yes/no, write userlist
thread owners can set read and write user lists and kick messages to other threads (maybe only parent)
whole gamut of thread management tools in admin page, tools for thread owners in profile page (“Your threads”)
user levels for creating threads?
editthread.php: parent thread select box, public check box, aggregate check, + a whole set of checks for setting up user read + write lists

WAP

Number of messages, rather than chronological period. Homepage more like archive
Logging in, posting messages most urgent.
when CENSORING for FILESIZE, always provide a link to next content group

and anything posted in messages and everything in the Yet to come… box