Hi Getox, thank you for sharing this.
I did a quick look through your code, and noticed the following (just trying to help remove any bugs):
In downloads.php:
- Before the global.php add the following lines to prevent people running PHP5 from getting errors:
PHP Code:
$phrasegroups = array();
$specialtemplates = array();
- If a user is member of more then 1 Usergroup and their first group don't have permission, but the second have, the following would still deny them access (not tested, just by a quick look at the code, i could be wrong

):
Edit: On second thought, it only seems to be checking on Primary Usergroup
PHP Code:
$perm = $DB_site->query("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid='$bbuserinfo[usergroupid]' AND candl='0'");
while ($candl = $DB_site->fetch_array($perm))
{
print_no_permission();
}
- On most places you are using addslashes, nice. On the following line you however don't use addslashes or force it to an intval:
PHP Code:
$files = $DB_site->query("SELECT * FROM " . TABLE_PREFIX . "dl_files WHERE id='$_GET[fileid]'");
- In the install file there are places where you don't use table_prefix. Example:
PHP Code:
$DB_site->query("DELETE FROM template WHERE title like LCASE('lite%')");
Just my 2 cents worth.