Fixes:

Ability to remotely post topics
  * impersonate any user
  * create stickys 
  * create locked 

Ability to comment on non-existant posts

Ability to remotely post comments
  * impersonate any user 
  * able to comment on locked threads 

Ability to look at non-existant posts

Ability to edit any users information

New posts to not get a value for email

New posts do not require form values
  * allows empty topics
  * allows empty threads

New comments do not require values
  * allows empty messages

view_topic.php
  #108-109 input (reset) html not properly closed 





Some other comments:

You are storing the users email in the question and
answer tables ( I fixed it so it actually works ).
However, you should consider fetching it on demand
from the user table, in case they should ever change
the value. I couldn't find where it was actually used
yet, so I did not change anything.