From 5f35bc9bc1c062bdab2d01678c464a41759488bb Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Sun, 23 Nov 2003 22:25:46 +0000
Subject: [PATCH] my attempt to break things...

git-svn-id: file:///svn/phpbb/trunk@4682 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/adm/admin_board.php              | 320 ++++++++++++++++++++++++-
 phpBB/common.php                       |   1 +
 phpBB/download.php                     | 100 ++++++++
 phpBB/includes/functions_messenger.php |  20 +-
 phpBB/includes/message_parser.php      |   8 +-
 phpBB/install/schemas/mysql_schema.sql |   9 +
 phpBB/install/schemas/schema_data.sql  |   4 +
 phpBB/language/en/lang_admin.php       |  32 ++-
 phpBB/language/en/lang_main.php        |   4 +
 phpBB/posting.php                      | 210 +++++++---------
 10 files changed, 556 insertions(+), 152 deletions(-)
diff --git a/phpBB/adm/admin_board.php b/phpBB/adm/admin_board.php
index 27cb9b04cd..cc71837402 100644
--- a/phpBB/adm/admin_board.php
+++ b/phpBB/adm/admin_board.php
@@ -113,7 +113,12 @@ while ($row = $db->sql_fetchrow($result))
 
 	if ($config_name == 'bump_interval' && $submit)
 	{
-		$new['bump_interval'] = request_var('bump_interval', 0) . request_var('bump_type', '');
+		$new['bump_interval'] = request_var('bump_interval', 2) . request_var('bump_type', 'd');
+	}
+
+	if ($config_name == 'email_function_name')
+	{
+		$new['email_function_name'] = (empty($new['email_function_name']) || !function_exists($new['email_function_name'])) ? 'mail' : str_replace(array('(', ')'), array('', ''), trim($new['email_function_name']));
 	}
 
 	if ($mode == 'attach')
@@ -172,6 +177,11 @@ while ($row = $db->sql_fetchrow($result))
 	}
 }
 
+if ($mode == 'attach')
+{
+	perform_site_list();
+}
+
 if ($submit)
 {
 	add_log('admin', 'LOG_' . strtoupper($mode) . '_CONFIG');
@@ -180,7 +190,6 @@ if ($submit)
 	{
 		// Check Settings
 		test_upload($error, $new['upload_dir'], false);
-//		test_upload($error, $new['upload_dir'] . '/thumbs', true);
 	}
 
 	if (!sizeof($error))
@@ -252,6 +261,15 @@ switch ($mode)
 		$create_thumbnail_yes = ($new['img_create_thumbnail']) ? 'checked="checked"' : '';
 		$create_thumbnail_no = (!$new['img_create_thumbnail']) ? 'checked="checked"' : '';
 
+		$secure_downloads_yes = ($new['secure_downloads']) ? 'checked="checked"' : '';
+		$secure_downloads_no = (!$new['secure_downloads']) ? 'checked="checked"' : '';
+
+		$secure_allow_deny_yes = ($new['secure_allow_deny']) ? 'checked="checked"' : '';
+		$secure_allow_deny_no = (!$new['secure_allow_deny']) ? 'checked="checked"' : '';
+	
+		$secure_allow_empty_referer_yes = ($new['secure_allow_empty_referer']) ? 'checked="checked"' : '';
+		$secure_allow_empty_referer_no = (!$new['secure_allow_empty_referer']) ? 'checked="checked"' : '';
+
 ?>
 
 	<tr>
@@ -282,6 +300,18 @@ switch ($mode)
 		<td class="row1"><b><?php echo $user->lang['MAX_ATTACHMENTS_PM'] ?>: </b></td>
 		<td class="row2"><input type="text" size="3" maxlength="3" name="max_attachments_pm" class="post" value="<?php echo $new['max_attachments_pm']; ?>" /></td>
 	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['SECURE_DOWNLOADS']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['SECURE_DOWNLOADS_EXPLAIN']; ?></span></td>
+		<td class="row2"><input type="radio" name="secure_downloads" value="1" <?php echo $secure_downloads_yes ?> /> <?php echo $user->lang['YES']; ?>&nbsp;&nbsp;<input type="radio" name="secure_downloads" value="0" <?php echo $secure_downloads_no ?> /> <?php echo $user->lang['NO']; ?></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['SECURE_ALLOW_DENY']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['SECURE_ALLOW_DENY_EXPLAIN']; ?></span></td>
+		<td class="row2"><input type="radio" name="secure_allow_deny" value="1" <?php echo $secure_allow_deny_yes ?> /> <?php echo $user->lang['ORDER_ALLOW_DENY']; ?>&nbsp;&nbsp;<input type="radio" name="secure_allow_deny" value="0" <?php echo $secure_allow_deny_no ?> /> <?php echo $user->lang['ORDER_DENY_ALLOW']; ?></td>
+	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['SECURE_EMPTY_REFERER']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['SECURE_EMPTY_REFERER_EXPLAIN']; ?></span></td>
+		<td class="row2"><input type="radio" name="secure_allow_empty_referer" value="1" <?php echo $secure_allow_empty_referer_yes ?> /> <?php echo $user->lang['YES']; ?>&nbsp;&nbsp;<input type="radio" name="secure_allow_empty_referer" value="0" <?php echo $secure_allow_empty_referer_no ?> /> <?php echo $user->lang['NO']; ?></td>
+	</tr>
 	<tr>
 	  <th align="center" colspan="2"><?php echo $user->lang['SETTINGS_CAT_IMAGES']; ?></th>
 	</tr>
@@ -294,13 +324,13 @@ switch ($mode)
 	</tr>
 <?php
 	
-	// Check Thumbnail Support
-	if (!$new['img_imagick'] && !count(get_supported_image_types()))
-	{
-		$new['img_create_thumbnail'] = '0';
-	}
-	else
-	{
+		// Check Thumbnail Support
+		if (!$new['img_imagick'] && !count(get_supported_image_types()))
+		{
+			$new['img_create_thumbnail'] = '0';
+		}
+		else
+		{
 
 ?>
 	<tr>
@@ -313,7 +343,7 @@ switch ($mode)
 	</tr>
 <?php
 
-	}
+		}
 
 ?>
 	<tr>
@@ -328,7 +358,86 @@ switch ($mode)
 		<td class="row1"><b><?php echo $user->lang['IMAGE_LINK_SIZE']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['IMAGE_LINK_SIZE_EXPLAIN']; ?></span></td>
 		<td class="row2"><input type="text" size="3" maxlength="4" name="img_link_width" value="<?php echo $new['img_link_width']; ?>" class="post" /> px X <input type="text" size="3" maxlength="4" name="img_link_height" value="<?php echo $new['img_link_height']; ?>" class="post" /> px</td>
 	</tr>
-	
+	<tr>
+		<td class="cat" colspan="2" align="center"><input type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp;&nbsp;<input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /></td>
+	</tr>
+	</table>
+<?php
+		// Secure Download Options - Same procedure as with banning
+		if ($new['secure_downloads'])
+		{
+			$allow_deny = ($new['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
+		
+			$sql = 'SELECT *
+				FROM ' . SITELIST_TABLE;
+			$result = $db->sql_query($sql);
+
+			$defined_ips = '';
+			$ips = array();
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$value = ($row['site_ip']) ? $row['site_ip'] : $row['site_hostname'];
+				if ($value)
+				{
+					$defined_ips .=  '<option' . (($row['ip_exclude']) ? ' class="sep"' : '') . ' value="' . $row['site_id'] . '">' . $value . '</option>';
+					$ips[$row['site_id']] = $value;
+				}
+			}
+			$db->sql_freeresult($result);
+?>
+	<br />
+	<table class="bg" width="95%" cellspacing="1" cellpadding="4" border="0" align="center">
+		<tr>
+			<th colspan="2"><?php echo $user->lang['DEFINE_' . $allow_deny . '_IPS']; ?></th>
+		</tr>
+		<tr>
+			<td colspan="2" class="row3"><?php echo $user->lang['DOWNLOAD_ADD_IPS_EXPLAIN']; ?></td>
+		<tr>
+			<td class="row1" width="45%"><b><?php echo $user->lang['IP_HOSTNAME']; ?>: </b></td>
+			<td class="row2"><textarea cols="40" rows="3" name="ips"></textarea></td>
+		</tr>
+		<tr>
+			<td class="row1" width="45%"><b><?php echo $user->lang['EXCLUDE_FROM_' . $allow_deny . '_IP']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['EXCLUDE_ENTERED_IP']; ?></span></td>
+			<td class="row2"><input type="radio" name="ipexclude" value="1" /> <?php echo $user->lang['YES']; ?> &nbsp; <input type="radio" name="ipexclude" value="0" checked="checked" /> <?php echo $user->lang['NO']; ?></td>
+		</tr>
+		<tr>
+			<td class="cat" colspan="2" align="center"> <input type="submit" name="securesubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" />&nbsp; </td>
+		</tr>
+		<tr>
+			<th colspan="2"><?php echo $user->lang['REMOVE_' . $allow_deny . '_IPS']; ?></th>
+		</tr>
+<?php
+
+			if ($defined_ips != '')
+			{
+
+?>
+		<tr>
+			<td colspan="2" class="row3"><?php echo $user->lang['DOWNLOAD_REMOVE_IPS_EXPLAIN']; ?></td>
+		<tr>
+		<tr>
+			<td class="row1" width="45%"><?php echo $user->lang['IP_HOSTNAME']; ?>: <br /></td>
+			<td class="row2"> <select name="unip[]" multiple="multiple" size="10"><?php echo $defined_ips; ?></select></td>
+		</tr>
+		<tr>
+			<td class="cat" colspan="2" align="center"><input type="submit" name="unsecuresubmit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp; <input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /></td>
+		</tr>
+<?php
+
+			}
+			else
+			{
+
+?>
+		<tr>
+			<td class="row1" colspan="2" align="center"><?php echo $user->lang['NO_IPS_DEFINED']; ?></td>
+		</tr>
+<?php
+			}
+		}
+?>
+	</table>
 <?php
 
 		break;
@@ -676,6 +785,10 @@ switch ($mode)
 		<td class="row1"><b><?php echo $user->lang['BOARD_EMAIL_FORM']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['BOARD_EMAIL_FORM_EXPLAIN']; ?></span></td>
 		<td class="row2"><input type="radio" name="board_email_form" value="1" <?php echo $board_email_form_yes; ?> /> <?php echo $user->lang['ENABLED']; ?>&nbsp;&nbsp;<input type="radio" name="board_email_form" value="0" <?php echo $board_email_form_no; ?> /> <?php echo $user->lang['DISABLED']; ?></td>
 	</tr>
+	<tr>
+		<td class="row1"><b><?php echo $user->lang['EMAIL_FUNCTION_NAME']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['EMAIL_FUNCTION_NAME_EXPLAIN']; ?></span></td>
+		<td class="row2"><input class="post" type="text" size="20" maxlength="50" name="email_function_name" value="<?php echo $new['email_function_name']; ?>" /></td>
+	</tr>
 	<tr>
 		<td class="row1"><b><?php echo $user->lang['EMAIL_PACKAGE_SIZE']; ?>: </b><br /><span class="gensmall"><?php echo $user->lang['EMAIL_PACKAGE_SIZE_EXPLAIN']; ?></span></td>
 		<td class="row2"><input class="post" type="text" size="5" maxlength="5" name="email_package_size" value="<?php echo $new['email_package_size']; ?>" /></td>
@@ -971,11 +1084,17 @@ switch ($mode)
 		break;
 }
 
+	if ($mode != 'attach')
+	{
 ?>
 	<tr>
 		<td class="cat" colspan="2" align="center"><input type="submit" name="submit" value="<?php echo $user->lang['SUBMIT']; ?>" class="btnmain" />&nbsp;&nbsp;<input type="reset" value="<?php echo $user->lang['RESET']; ?>" class="btnlite" /></td>
 	</tr>
-</table></form>
+</table>
+<?php
+	}
+?>
+</form>
 
 <?php
 
@@ -1049,4 +1168,181 @@ function test_upload(&$error, $upload_dir, $create_directory = false)
 	}
 }
 
+function perform_site_list()
+{
+	global $db, $user;
+
+	if (isset($_REQUEST['securesubmit']))
+	{
+		// Grab the list of entries
+		$ips = request_var('ips', '');
+		$ip_list = array_unique(explode("\n", $ips));
+		$ip_list_log = implode(', ', $ip_list);
+
+		$ip_exclude = (!empty($_POST['ipexclude'])) ? 1 : 0;
+
+		$iplist = array();
+		$hostlist = array();
+
+		foreach ($ip_list as $item)
+		{
+			if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($item), $ip_range_explode))
+			{
+				// Don't ask about all this, just don't ask ... !
+				$ip_1_counter = $ip_range_explode[1];
+				$ip_1_end = $ip_range_explode[5];
+
+				while ($ip_1_counter <= $ip_1_end)
+				{
+					$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
+					$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
+
+					if($ip_2_counter == 0 && $ip_2_end == 254)
+					{
+						$ip_2_counter = 256;
+						$ip_2_fragment = 256;
+
+						$iplist[] = "'$ip_1_counter.*'";
+					}
+
+					while ($ip_2_counter <= $ip_2_end)
+					{
+						$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
+						$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
+
+						if ($ip_3_counter == 0 && $ip_3_end == 254)
+						{
+							$ip_3_counter = 256;
+							$ip_3_fragment = 256;
+
+							$iplist[] = "'$ip_1_counter.$ip_2_counter.*'";
+						}
+
+						while ($ip_3_counter <= $ip_3_end)
+						{
+							$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
+							$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
+
+							if ($ip_4_counter == 0 && $ip_4_end == 254)
+							{
+								$ip_4_counter = 256;
+								$ip_4_fragment = 256;
+
+								$iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.*'";
+							}
+
+							while ($ip_4_counter <= $ip_4_end)
+							{
+								$iplist[] = "'$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter'";
+								$ip_4_counter++;
+							}
+							$ip_3_counter++;
+						}
+						$ip_2_counter++;
+					}
+					$ip_1_counter++;
+				}
+			}
+			else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($item)))
+			{
+				$iplist[] = "'" . trim($item) . "'";
+			}
+			else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($item)))
+			{
+				$hostlist[] = "'" . trim($item) . "'";
+			}
+			else if (preg_match("#^([a-z0-9\-\*\._/]+?)$#is", trim($item)))
+			{
+				$hostlist[] = "'" . trim($item) . "'";
+			}
+		}
+
+		$sql = 'SELECT site_ip, site_hostname
+			FROM ' . SITELIST_TABLE . "
+			WHERE ip_exclude = $ip_exclude";
+		$result = $db->sql_query($sql);
+
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$iplist_tmp = array();
+			$hostlist_tmp = array();
+			do
+			{
+				if ($row['site_ip'])
+				{
+					$iplist_tmp[] = "'" . $row['site_ip'] . "'";
+				}
+				else if ($row['site_hostname'])
+				{
+					$hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
+				}
+				break;
+			}
+			while ($row = $db->sql_fetchrow($result));
+
+			$iplist = array_unique(array_diff($iplist, $iplist_tmp));
+			$hostlist = array_unique(array_diff($hostlist, $hostlist_tmp));
+			unset($iplist_tmp);
+			unset($hostlist_tmp);
+		}
+
+		if (sizeof($iplist))
+		{
+			foreach ($iplist as $ip_entry)
+			{
+				$sql = 'INSERT INTO ' . SITELIST_TABLE . " (site_ip, ip_exclude)
+					VALUES ($ip_entry, $ip_exclude)";
+				$db->sql_query($sql);
+			}
+		}
+
+		if (sizeof($hostlist))
+		{
+			foreach ($hostlist as $host_entry)
+			{
+				$sql = 'INSERT INTO ' . SITELIST_TABLE . ' (site_hostname, ip_exclude)
+					VALUES ($host_entry, $ip_exclude)";
+				$db->sql_query($sql);
+			}
+		}
+		
+		if (!empty($ip_list_log))
+		{
+			// Update log
+			$log_entry = ($ip_exclude) ? 'LOG_DOWNLOAD_EXCLUDE_IP' : 'LOG_DOWNLOAD_IP';
+			add_log('admin', $log_entry, $ip_list_log);
+		}
+
+		trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCESSFUL']);
+	}
+	else if (isset($_POST['unsecuresubmit']))
+	{
+		$unip_sql = implode(', ', array_map('intval', $_POST['unip']));
+
+		if ($unip_sql != '')
+		{
+			$l_unip_list = '';
+		
+			// Grab details of ips for logging information later
+			$sql = 'SELECT site_ip, site_hostname
+				FROM ' . SITELIST_TABLE . "
+				WHERE site_id IN ($unip_sql)";
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$l_unip_list .= (($l_unip_list != '') ? ', ' : '') . (($row['site_ip']) ? $row['site_ip'] : $row['site_hostname']);
+			}
+
+			$sql = 'DELETE FROM ' . SITELIST_TABLE . "
+				WHERE site_id IN ($unip_sql)";
+			$db->sql_query($sql);
+
+			add_log('admin', 'LOG_DOWNLOAD_REMOVE_IP', $l_unip_list);
+		}
+
+		trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCESSFUL']);
+	}
+}
+
 ?>
\ No newline at end of file
diff --git a/phpBB/common.php b/phpBB/common.php
index bd595b65c5..d3c912df4b 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -181,6 +181,7 @@ define('SEARCH_TABLE', $table_prefix.'search_results');
 define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist');
 define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch');
 define('SESSIONS_TABLE', $table_prefix.'sessions');
+define('SITELIST_TABLE', $table_prefix.'sitelist');
 define('SMILIES_TABLE', $table_prefix.'smilies');
 define('STYLES_TABLE', $table_prefix.'styles');
 define('STYLES_TPL_TABLE', $table_prefix.'styles_template');
diff --git a/phpBB/download.php b/phpBB/download.php
index ad82f0534c..362c07fa80 100644
--- a/phpBB/download.php
+++ b/phpBB/download.php
@@ -77,6 +77,11 @@ if (!in_array($attachment['extension'], $extensions['_allowed_']))
 	trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
 }
 
+if (!download_allowed())
+{
+	trigger_error($user->lang['LINKAGE_FORBIDDEN']);
+}
+
 $download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
 
 if ($thumbnail)
@@ -197,6 +202,101 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	flush();
 	exit;
 }
+
+function download_allowed()
+{
+	global $config, $user, $db;
+
+	if (!$config['secure_downloads'])
+	{
+		return true;
+	}
+
+	$url = trim(getenv('HTTP_REFERER'));
+	if ($url == '')
+	{
+		$url = trim($_SERVER['HTTP_REFERER']);
+	}
+
+	if ($url == '')
+	{
+		return ($config['secure_allow_empty_referer']) ? true : false;
+	}
+
+	// Split URL into domain and script part
+	$url = explode('?', str_replace(array('http://', 'https://'), array('', ''), $url));
+	$hostname = trim($url[0]);
+	unset($url);
+
+	$allowed = ($config['secure_allow_deny']) ? FALSE : TRUE;
+	$iplist = array();
+
+	$ip_ary = gethostbynamel($hostname);
+
+	foreach ($ip_ary as $ip)
+	{
+		if (!empty($ip))
+		{
+			$iplist[] = $ip;
+		}
+	}
+	
+	// Check for own server...
+	if (preg_match('#^.*?' . $config['server_name'] . '.*?$#i', $hostname))
+	{
+		$allowed = true;
+	}
+	
+	// Get IP's and Hostnames
+	if (!$allowed)
+	{
+		$sql = 'SELECT site_ip, site_hostname, ip_exclude
+			FROM ' . SITELIST_TABLE;
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			if (!empty($row['site_ip']))
+			{
+				foreach ($iplist as $ip)
+				{
+					if (preg_match('#^' . str_replace('*', '.*?', $row['site_ip']) . '$#i', $ip))
+					{
+						if (!empty($row['ip_exclude']))
+						{
+							$allowed = ($config['secure_allow_deny']) ? false : true;
+							break 2;
+						}
+						else
+						{
+							$allowed = ($config['secure_allow_deny']) ? true : false;
+						}
+					}
+				}
+			}
+
+			if (!empty($row['site_hostname']))
+			{
+				if (preg_match('#^' . str_replace('*', '.*?', $row['site_hostname']) . '$#i', $hostname))
+				{
+					if (!empty($row['ip_exclude']))
+					{
+						$allowed = ($config['secure_allow_deny']) ? false : true;
+						break;
+					}
+					else
+					{
+						$allowed = ($config['secure_allow_deny']) ? true : false;
+					}
+				}
+			}
+		}
+		$db->sql_freeresult($result);
+	}
+	
+	return $allowed;
+}
+
 //
 // FUNCTIONS
 // ---------
diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php
index fea4b3767c..cda1dd7e8c 100644
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -272,8 +272,10 @@ class messenger
 		$headers .= 'Date: ' . gmdate('D, d M Y H:i:s T', time()) . "\n";
 		$headers .= "X-Priority: 3\n";
 		$headers .= "X-MSMail-Priority: Normal\n";
-		$headers .= "X-Mailer: PHP\n";
-		$headers .= "X-MimeOLE: Produced By phpBB2\n";
+		$headers .= "X-Mailer: PhpBB\n";
+		$headers .= "X-MimeOLE: phpBB\n";
+		$headers .= "X-phpBB-Origin: phpbb://" . str_replace(array('http://', 'https://'), array('', ''), generate_board_url()) . "\n";
+
 		$headers .= ($this->extra_headers != '') ? $this->extra_headers : '';
 		$headers .= "Content-type: text/plain; charset=" . $this->encoding . "\n";
 		$headers .= "Content-transfer-encoding: 8bit\n";
@@ -281,9 +283,9 @@ class messenger
 		// Send message ... removed $this->encode() from subject for time being
 		if (!$use_queue)
 		{
-			$mail_to = ($to == '') ? 'Undisclosed-Recipients:;' : $to;
+			$mail_to = ($to == '') ? 'Undisclosed-Recipient:;' : $to;
 			$err_msg = '';
-			$result = ($config['smtp_delivery']) ? smtpmail($this->addresses, $this->subject, $this->msg, $err_msg, $headers) : @mail($mail_to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $headers);
+			$result = ($config['smtp_delivery']) ? smtpmail($this->addresses, $this->subject, $this->msg, $err_msg, $headers) : @$config['mail_function_name']($mail_to, $this->subject, implode("\n", preg_split("/\r?\n/", $this->msg)), $headers);
 
 			if (!$result)
 			{
@@ -406,7 +408,7 @@ class queue
 		$this->data[$object]['data'][] = $scope;
 	}
 
-	// Thinking about a lock file...
+	// Using lock file...
 	function process()
 	{
 		global $db, $config, $phpEx, $phpbb_root_path;
@@ -483,10 +485,10 @@ class queue
 				{
 					case 'email':
 						$err_msg = '';
-						$to = (!$to) ? 'Undisclosed-Recipients:;' : $to;
+						$to = (!$to) ? 'Undisclosed-Recipient:;' : $to;
+
+						$result = ($config['smtp_delivery']) ? smtpmail($addresses, $subject, $msg, $err_msg, $headers) : 					$config['email_function_name']($to, $subject, implode("\n", preg_split("/\r?\n/", $msg)), $headers);
 
-						$result = ($config['smtp_delivery']) ? smtpmail($addresses, $subject, $msg, $err_msg, $headers) : mail($to, $subject, preg_replace("#(?<!\r)\n#s", "\r\n", $msg), $headers);
-				
 						if (!$result)
 						{
 							@unlink($this->cache_file . '.lock');
@@ -562,7 +564,7 @@ class queue
 		
 		$file = '<?php $this->queue_data = ' . $this->format_array($this->data) . '; ?>';
 
-		if ($fp = @fopen($this->cache_file, 'w'))
+		if ($fp = fopen($this->cache_file, 'w'))
 		{
 			@flock($fp, LOCK_EX);
 			fwrite($fp, $file);
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 83518123b6..07f7a3519d 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -752,13 +752,7 @@ class parse_message
 				unset($this->attachment_data[$index]);
 				
 				// Reindex Array
-				$attachment_data = $this->attachment_data;
-				unset($this->attachment_data);
-				foreach ($attachment_data as $element)
-				{
-					$this->attachment_data[] = $element;
-				}
-				unset($attachment_data);
+				$this->attachment_data = array_values($this->attachment_data);
 			}
 			else if ($edit_comment || $add_file || $preview)
 			{
diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql
index 64af877777..d289578f71 100644
--- a/phpBB/install/schemas/mysql_schema.sql
+++ b/phpBB/install/schemas/mysql_schema.sql
@@ -481,6 +481,15 @@ CREATE TABLE phpbb_sessions (
    KEY session_user_id (session_user_id) 
 );
 
+# Table: 'phpbb_sitelist'
+CREATE TABLE phpbb_sitelist (
+   site_id mediumint(8) UNSIGNED NOT NULL auto_increment,
+   site_ip varchar(40) DEFAULT '' NOT NULL,
+   site_hostname varchar(255) DEFAULT '' NOT NULL,
+   ip_exclude tinyint(1) DEFAULT '0' NOT NULL,
+   PRIMARY KEY (site_id)
+)
+
 # Table: 'phpbb_smilies'
 CREATE TABLE phpbb_smilies (
    smile_id tinyint(4) UNSIGNED NOT NULL auto_increment,
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index fa48031312..bef113dd44 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -91,6 +91,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('display_last_edite
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_email_sig','Thanks, The Management');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_email','address@yourdomain.tld');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_contact','contact@yourdomain.tld');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_function_name','mail');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_package_size','50');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_delivery','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_host','');
@@ -143,6 +144,9 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_attachments_pm
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_pm_attach', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_dir', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_display_inlined','1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('secure_downloads', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('secure_allow_deny', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('secure_allow_empty_referer', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_max_width','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_max_height','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_link_width','0');
diff --git a/phpBB/language/en/lang_admin.php b/phpBB/language/en/lang_admin.php
index 88ac92c295..b144fcade4 100644
--- a/phpBB/language/en/lang_admin.php
+++ b/phpBB/language/en/lang_admin.php
@@ -127,6 +127,10 @@ $lang += array(
 	'LOG_UNBAN_IP'			=> '<b>Unbanned ip</b><br />&#187; %s',
 	'LOG_UNBAN_EMAIL'		=> '<b>Unbanned email</b><br />&#187; %s',
 
+	'LOG_DOWNLOAD_EXCLUDE_IP'	=> '<b>Exluded ip/hostname from download list</b><br />&#187; %s',
+	'LOG_DOWNLOAD_IP'			=> '<b>Added ip/hostname to download list</b><br />&#187; %s',
+	'LOG_DOWNLOAD_REMOVE_IP'	=> '<b>Removed ip/hostname from download list</b><br />&#187; %s',
+	
 	'LOG_SERVER_CONFIG'		=> '<b>Altered server settings</b>',
 	'LOG_DEFAULT_CONFIG'	=> '<b>Altered board defaults</b>',
 	'LOG_SETTING_CONFIG'	=> '<b>Altered board settings</b>',
@@ -669,6 +673,8 @@ $lang += array(
 	'ENABLE_EMAIL_EXPLAIN'		=> 'If this is set to disabled no emails will be sent by the board at all.',
 	'BOARD_EMAIL_FORM'			=> 'Users send email via board',
 	'BOARD_EMAIL_FORM_EXPLAIN'	=> 'This function keeps email addresses completely private.',
+	'EMAIL_FUNCTION_NAME'		=> 'Email Function Name',
+	'EMAIL_FUNCTION_NAME_EXPLAIN' => 'The email function used to send mails through PHP.',
 	'EMAIL_PACKAGE_SIZE'		=> 'Email Package Size',
 	'EMAIL_PACKAGE_SIZE_EXPLAIN' => 'This is the number of emails sent in one package.',
 	'ADMIN_EMAIL'				=> 'Return Email Address',
@@ -1687,14 +1693,36 @@ $lang += array(
 	'NOT_ASSIGNED'				=> 'Not assigned',
 
 	'ORPHAN_ATTACHMENTS'		=> 'Orphan Attachments', // Title
-	'ORPHAN_ATTACHMENTS_EXPLAIN'=> 'Here you are able to see files within the Attachments upload directory but not assigned to posts. This happens mostly if users are attaching files but not submitting the post. You are able to delete the files or attach them to existing posts. Attaching to posts requires a valid post id, you have to determine this id by yourself, this feature is mainly for those people wanting to upload files with another program and assigning those (mostly large) files to an existing post.',
+	'ORPHAN_ATTACHMENTS_EXPLAIN' => 'Here you are able to see files within the Attachments upload directory but not assigned to posts. This happens mostly if users are attaching files but not submitting the post. You are able to delete the files or attach them to existing posts. Attaching to posts requires a valid post id, you have to determine this id by yourself, this feature is mainly for those people wanting to upload files with another program and assigning those (mostly large) files to an existing post.',
 	'UPLOADING_FILES'			=> 'Uploading Files',
 	'UPLOADING_FILE_TO'			=> 'Uploading File "%1$s" to Post Number %2$d...',
 	'UPLOAD_DENIED_FORUM'		=> 'You do not have the permission to upload files to forum "%s"',
 	'ATTACH_POST_ID'			=> 'Post ID',
 	'ATTACH_TO_POST'			=> 'Attach file to post',
 	'SUCCESSFULLY_UPLOADED'		=> 'Succeessfully uploaded',
-	'ADMIN_UPLOAD_ERROR'		=> 'Errors while trying to attach file: %s' 
+	'ADMIN_UPLOAD_ERROR'		=> 'Errors while trying to attach file: %s',
+
+	'SECURE_DOWNLOADS'				=> 'Enable secure downloads',
+	'SECURE_DOWNLOADS_EXPLAIN'		=> 'With this option enabled, downloads are limited to ip\'s/hostnames you defined.',
+	'SECURE_ALLOW_DENY'				=> 'Allow/Deny Order',
+	'SECURE_ALLOW_DENY_EXPLAIN'		=> 'This setting only applies to downloading files',
+	'ORDER_ALLOW_DENY'				=> 'Allow listed IPs, deny all others',
+	'ORDER_DENY_ALLOW'				=> 'Deny listed IPs, allow all others',
+	'SECURE_EMPTY_REFERER'			=> 'Allow empty referer',
+	'SECURE_EMPTY_REFERER_EXPLAIN'	=> 'Secure downloads are based on referers. Do you want to allow downloads for those ommitting the referer?',
+
+	'DEFINE_ALLOWED_IPS'			=> 'Define allowed IPs/Hostnames',
+	'DEFINE_DISALLOWED_IPS'			=> 'Define disallowed IPs/Hostnames',
+	'EXCLUDE_FROM_ALLOWED_IP'		=> 'Exclude IP from allowed IPs/Hostnames',
+	'EXCLUDE_FROM_DISALLOWED_IP'	=> 'Exclude IP from disallowed IPs/Hostnames',
+	'REMOVE_ALLOWED_IPS'			=> 'Remove or Un-exclude allowed IPs/Hostnames',
+	'REMOVE_DISALLOWED_IPS'			=> 'Remove or Un-exclude disallowed IPs/Hostnames',
+	'DOWNLOAD_ADD_IPS_EXPLAIN'		=> 'To specify several different IP\'s or hostnames enter each on a new line. To specify a range of IP addresses separate the start and end with a hyphen (-), to specify a wildcard use *',
+	'DOWNLOAD_REMOVE_IPS_EXPLAIN'	=> 'You can remove (or un-exclude) multiple IP addresses in one go using the appropriate combination of mouse and keyboard for your computer and browser. Excluded IP\'s have a blue background.',
+	'EXCLUDE_ENTERED_IP'			=> 'Enable this to exclude the entered IP/Hostname.',
+	'NO_IPS_DEFINED'				=> 'No IPs or Hostnames defined',
+
+	'SECURE_DOWNLOAD_UPDATE_SUCESSFUL' => 'The IP list has been updated successfully'
 );
 
 // Installation
diff --git a/phpBB/language/en/lang_main.php b/phpBB/language/en/lang_main.php
index e291195f3d..58dba4962f 100644
--- a/phpBB/language/en/lang_main.php
+++ b/phpBB/language/en/lang_main.php
@@ -684,6 +684,10 @@ $lang += array(
 	'DOWNLOAD_NONE'			=> '0 Times',	// replace %d with count
 	'DOWNLOAD_COUNT'		=> '%d Time',	// replace %d with count
 	'DOWNLOAD_COUNTS'		=> '%d Times',	// replace %d with count
+
+	'LINKAGE_FORBIDDEN'		=> 'You are not authorized to view, download or link from/to this Site.',
+	'NO_ATTACHMENT_SELECTED' => 'You haven\'t selected an attachment to download or view.',
+	'ERROR_NO_ATTACHMENT'	=> 'The selected Attachment does not exist anymore'
 );
 
 // ucp_main
diff --git a/phpBB/posting.php b/phpBB/posting.php
index e45bc497bf..18fbf6a534 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -511,7 +511,7 @@ if ($submit || $preview || $refresh)
 	$enable_bbcode 		= (!$bbcode_status || !empty($_POST['disable_bbcode'])) ? FALSE : TRUE;
 	$enable_smilies		= (!$smilies_status || !empty($_POST['disable_smilies'])) ? FALSE : TRUE;
 	$enable_urls 		= (isset($_POST['disable_magic_url'])) ? 0 : 1;
-	$enable_sig			= (!$config['allow_sig']) ? FALSE : ((!empty($_POST['attach_sig'])) ? TRUE : FALSE);
+	$enable_sig			= (!$config['allow_sig']) ? FALSE : ((!empty($_POST['attach_sig']) && $user->data['user_id'] != ANONYMOUS) ? TRUE : FALSE);
 
 	$notify				= (!empty($_POST['notify'])) ? TRUE : FALSE;
 	$topic_lock			= (isset($_POST['lock_topic'])) ? TRUE : FALSE;
@@ -1034,7 +1034,7 @@ $template->assign_vars(array(
 	'S_BBCODE_CHECKED' 		=> ($bbcode_checked) ? ' checked="checked"' : '',
 	'S_SMILIES_ALLOWED'		=> $smilies_status,
 	'S_SMILIES_CHECKED' 	=> ($smilies_checked) ? ' checked="checked"' : '',
-	'S_SIG_ALLOWED'			=> ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig']) ? TRUE : FALSE,
+	'S_SIG_ALLOWED'			=> ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['user_id'] != ANONYMOUS) ? TRUE : FALSE,
 	'S_SIGNATURE_CHECKED' 	=> ($sig_checked) ? ' checked="checked"' : '',
 	'S_NOTIFY_ALLOWED'		=> ($user->data['user_id'] != ANONYMOUS) ? TRUE : FALSE,
 	'S_NOTIFY_CHECKED' 		=> ($notify_checked) ? ' checked="checked"' : '',
@@ -1151,7 +1151,7 @@ page_footer();
 // User Notification
 function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id, $topic_id, $post_id)
 {
-	global $db, $user, $censors, $config, $phpbb_root_path, $phpEx;
+	global $db, $user, $censors, $config, $phpbb_root_path, $phpEx, $auth;
 
 	$topic_notification = ($mode == 'reply' || $mode == 'quote') ? TRUE : FALSE;
 	$forum_notification = ($mode == 'post') ? TRUE : FALSE;
@@ -1251,25 +1251,23 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		return;
 	}
 
-/*
-	foreach (discover_auth(array_keys($notify_rows), array('f_read'), $forum_id) as $user_id => $forum_ary)
+	foreach ($auth->acl_get_list(array_keys($notify_rows), 'f_read', $forum_id) as $forum_id => $forum_ary)
 	{
-		foreach ($forum_ary as $forum_id => $option_ary)
+		foreach ($forum_ary as $auth_option => $user_ary)
 		{
-			if (array_sum(array_values($option_ary)))
+			foreach ($user_ary as $user_id)
 			{
 				$notify_rows[$user_id]['allowed'] = true;
-				break;
 			}
 		}
 	}
-*/
+
 
 	// Now, we have to do a little step before really sending, we need to distinguish our users a little bit. ;)
 	$email_users = $delete_ids = $update_notification = array();
 	foreach ($notify_rows as $user_id => $row)
-	{//!$row['allowed'] || 
-		if (!trim($row['user_email']))
+	{
+		if (!$row['allowed'] || !trim($row['user_email']))
 		{
 			$delete_ids[$row['notify_type']][] = $row['user_id'];
 		}
@@ -1281,10 +1279,6 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	}
 	unset($notify_rows);
 
-
-
-
-
 	// Now, we are able to really send out notifications
 	if (sizeof($msg_users))
 	{
@@ -1298,11 +1292,11 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		{ 
 			$pos = sizeof($msg_list_ary[$row['template']]);
 
-			$msg_list_ary[$row['template']][$pos]['method'] = $row['method'];
-			$msg_list_ary[$row['template']][$pos]['email'] = $row['user_email'];
-			$msg_list_ary[$row['template']][$pos]['jabber'] = $row['user_jabber'];
-			$msg_list_ary[$row['template']][$pos]['name'] = $row['username'];
-			$msg_list_ary[$row['template']][$pos]['lang'] = $row['user_lang'];
+			$msg_list_ary[$row['template']][$pos]['method']	= $row['method'];
+			$msg_list_ary[$row['template']][$pos]['email']	= $row['user_email'];
+			$msg_list_ary[$row['template']][$pos]['jabber']	= $row['user_jabber'];
+			$msg_list_ary[$row['template']][$pos]['name']	= $row['username'];
+			$msg_list_ary[$row['template']][$pos]['lang']	= $row['user_lang'];
 		}
 		unset($email_users);
 
@@ -1523,7 +1517,7 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $data)
 	$db->sql_transaction('commit');
 
 	// Collect the necessary informations for updating the tables
-	$sql_data['forum'] = '';
+	$sql_data[FORUMS_TABLE] = '';
 	switch ($post_mode)
 	{
 		case 'delete_topic':
@@ -1532,16 +1526,13 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $data)
 
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data['forum'] .= 'forum_posts = forum_posts - 1, forum_topics_real = forum_topics_real - 1';
-				$sql_data['forum'] .= ($data['topic_approved']) ? ', forum_topics = forum_topics - 1' : '';
+				$sql_data[FORUMS_TABLE] .= 'forum_posts = forum_posts - 1, forum_topics_real = forum_topics_real - 1';
+				$sql_data[FORUMS_TABLE] .= ($data['topic_approved']) ? ', forum_topics = forum_topics - 1' : '';
 			}
 
-			$update = update_last_post_information('forum', $forum_id);
-			if (sizeof($update))
-			{
-				$sql_data['forum'] .= ($sql_data['forum'] != '') ? ', ' . implode(', ', $update) : implode(', ', $update);
-			}
-			$sql_data['topic'] = 'topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
+			$sql_data[FORUMS_TABLE] .= ($sql_data[FORUMS_TABLE] != '') ? ', ' : '';
+			$sql_data[FORUMS_TABLE] .= implode(', ', update_last_post_information('forum', $forum_id));
+			$sql_data[TOPICS_TABLE] = 'topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
 			break;
 
 		case 'delete_first_post':
@@ -1557,11 +1548,11 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $data)
 
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data['forum'] = 'forum_posts = forum_posts - 1';
+				$sql_data[FORUMS_TABLE] = 'forum_posts = forum_posts - 1';
 			}
 
-			$sql_data['topic'] = 'topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
-			$sql_data['topic'] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
+			$sql_data[TOPICS_TABLE] = 'topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
+			$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
 
 			$next_post_id = (int) $row['post_id'];
 			break;
@@ -1569,20 +1560,17 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $data)
 		case 'delete_last_post':
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data['forum'] = 'forum_posts = forum_posts - 1';
+				$sql_data[FORUMS_TABLE] = 'forum_posts = forum_posts - 1';
 			}
 
-			$update = update_last_post_information('forum', $forum_id);
-			if (sizeof($update))
-			{
-				$sql_data['forum'] .= ($sql_data['forum'] != '') ? ', ' . implode(', ', $update) : implode(', ', $update);
-			}
-			$sql_data['topic'] = 'topic_bumped = 0, topic_bumper = 0, topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
+			$sql_data[FORUMS_TABLE] .= ($sql_data[FORUMS_TABLE] != '') ? ', ' : '';
+			$sql_data[FORUMS_TABLE] .= implode(', ', update_last_post_information('forum', $forum_id));
+			$sql_data[TOPICS_TABLE] = 'topic_bumped = 0, topic_bumper = 0, topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
+
 			$update = update_last_post_information('topic', $topic_id);
-
 			if (sizeof($update))
 			{
-				$sql_data['topic'] .= ', ' . implode(', ', $update);
+				$sql_data[TOPICS_TABLE] .= ', ' . implode(', ', $update);
 				$next_post_id = (int) str_replace('topic_last_post_id = ', '', $update[0]);
 			}
 			else
@@ -1613,37 +1601,26 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $data)
 
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
-				$sql_data['forum'] = 'forum_posts = forum_posts - 1';
+				$sql_data[FORUMS_TABLE] = 'forum_posts = forum_posts - 1';
 			}
 
-			$sql_data['topic'] = 'topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
+			$sql_data[TOPICS_TABLE] = 'topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
 			$next_post_id = (int) $row['post_id'];
 	}
 				
-	$sql_data['user'] = ($auth->acl_get('f_postcount', $forum_id)) ? 'user_posts = user_posts - 1' : '';
+	$sql_data[USERS_TABLE] = ($auth->acl_get('f_postcount', $forum_id)) ? 'user_posts = user_posts - 1' : '';
 	set_config('num_posts', $config['num_posts'] - 1, TRUE);
 
 	$db->sql_transaction();
 
-	if (isset($sql_data['forum']) && $sql_data['forum'] != '')
-	{
-		$db->sql_query('UPDATE ' . FORUMS_TABLE . ' 
-			SET ' . $sql_data['forum'] . "
-			WHERE forum_id = $forum_id");
-	}
+	$where_sql = array(FORUMS_TABLE => "forum_id = $forum_id", TOPICS_TABLE => "topic_id = $topic_id", USERS_TABLE => 'user_id = ' . $data['poster_id']);
 
-	if (isset($sql_data['topic']) && $sql_data['topic'] != '')
+	foreach ($sql_data as $table => $update_sql)
 	{
-		$db->sql_query('UPDATE ' . TOPICS_TABLE . ' 
-			SET ' . $sql_data['topic'] . "
-			WHERE topic_id = $topic_id");
-	}
-
-	if (isset($sql_data['user']) && $sql_data['user'] != '')
-	{
-		$db->sql_query('UPDATE ' . USERS_TABLE . ' 
-			SET ' . $sql_data['user'] . ' 
-			WHERE user_id = ' . $data['poster_id']);
+		if ($update_sql != '')
+		{
+			$db->sql_query("UPDATE $table SET $update_sql WHERE " . $where_sql[$table]);
+		}
 	}
 
 	$db->sql_transaction('commit');
@@ -1688,7 +1665,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 	{
 		case 'post':
 		case 'reply':
-			$sql_data['post']['sql'] = array(
+			$sql_data[POSTS_TABLE]['sql'] = array(
 				'forum_id' 			=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'poster_id' 		=> (int) $user->data['user_id'],
 				'icon_id'			=> $data['icon_id'], 
@@ -1716,17 +1693,17 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 		case 'edit':
 			if (!$auth->acl_gets('m_', 'a_'))
 			{
-				$sql_data['post']['sql'] = array(
+				$sql_data[POSTS_TABLE]['sql'] = array(
 					'post_edit_time'	=> $current_time
 				);
 	
-				$sql_data['post']['stat'][] = 'post_edit_count = post_edit_count + 1';
+				$sql_data[POSTS_TABLE]['stat'][] = 'post_edit_count = post_edit_count + 1';
 			}
 
 		case 'edit_topic':
 		case 'edit_last_post':
 		
-			$sql_data['post']['sql'] = array_merge($sql_data['post']['sql'], array(
+			$sql_data[POSTS_TABLE]['sql'] = array_merge($sql_data[POSTS_TABLE]['sql'], array(
 				'forum_id' 			=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'poster_id' 		=> $data['poster_id'],
 				'icon_id'			=> $data['icon_id'],
@@ -1753,7 +1730,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 	switch ($post_mode)
 	{
 		case 'post':
-			$sql_data['topic']['sql'] = array(
+			$sql_data[TOPICS_TABLE]['sql'] = array(
 				'topic_poster'		=> (int) $user->data['user_id'],
 				'topic_time'		=> $current_time,
 				'forum_id' 			=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
@@ -1768,7 +1745,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 
 			if (!empty($poll['poll_options']))
 			{
-				$sql_data['topic']['sql'] = array_merge($sql_data['topic']['sql'], array(
+				$sql_data[TOPICS_TABLE]['sql'] = array_merge($sql_data[TOPICS_TABLE]['sql'], array(
 					'poll_title'		=> $poll['poll_title'],
 					'poll_start'		=> ($poll['poll_start']) ? $poll['poll_start'] : $current_time, 
 					'poll_max_options'	=> $poll['poll_max_options'], 
@@ -1776,22 +1753,21 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 				);
 			}
 			
-			$sql_data['user']['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
-			$sql_data['forum']['stat'][] = 'forum_posts = forum_posts + 1'; //(!$auth->acl_get('f_moderate', $data['forum_id'])) ? 'forum_posts = forum_posts + 1' : '';
-			$sql_data['forum']['stat'][] = 'forum_topics_real = forum_topics_real + 1' . ((!$auth->acl_get('f_moderate', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : '');
+			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
+			$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1'; //(!$auth->acl_get('f_moderate', $data['forum_id'])) ? 'forum_posts = forum_posts + 1' : '';
+			$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . ((!$auth->acl_get('f_moderate', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : '');
 			break;
 			
 		case 'reply':
-			$sql_data['topic']['stat'][] = 'topic_replies_real = topic_replies_real + 1' . ((!$auth->acl_get('f_moderate', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : '');
-			$sql_data['topic']['stat'][] = 'topic_bumped = 0, topic_bumper = 0';
-			$sql_data['user']['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
-			$sql_data['forum']['stat'][] = 'forum_posts = forum_posts + 1'; //(!$auth->acl_get('f_moderate', $data['forum_id'])) ? 'forum_posts = forum_posts + 1' : '';
+			$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . ((!$auth->acl_get('f_moderate', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : '');
+			$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
+			$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1'; //(!$auth->acl_get('f_moderate', $data['forum_id'])) ? 'forum_posts = forum_posts + 1' : '';
 			break;
 
 		case 'edit_topic':
 		case 'edit_first_post':
 
-			$sql_data['topic']['sql'] = array(
+			$sql_data[TOPICS_TABLE]['sql'] = array(
 				'forum_id' 					=> ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
 				'icon_id'					=> $data['icon_id'],
 				'topic_approved'			=> ($auth->acl_get('f_moderate', $data['forum_id'])) ? 0 : 1, 
@@ -1815,15 +1791,15 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 	if ($post_mode == 'post')
 	{
 		$sql = 'INSERT INTO ' . TOPICS_TABLE . ' ' . 
-			$db->sql_build_array('INSERT', $sql_data['topic']['sql']);
+			$db->sql_build_array('INSERT', $sql_data[TOPICS_TABLE]['sql']);
 		$db->sql_query($sql);
 
 		$data['topic_id'] = $db->sql_nextid();
 
-		$sql_data['post']['sql'] = array_merge($sql_data['post']['sql'], array(
+		$sql_data[POSTS_TABLE]['sql'] = array_merge($sql_data[POSTS_TABLE]['sql'], array(
 			'topic_id' => $data['topic_id'])
 		);
-		unset($sql_data['topic']['sql']);
+		unset($sql_data[TOPICS_TABLE]['sql']);
 	}
 
 	// Submit new post
@@ -1831,19 +1807,19 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 	{
 		if ($post_mode == 'reply')
 		{
-			$sql_data['post']['sql'] = array_merge($sql_data['post']['sql'], array(
+			$sql_data[POSTS_TABLE]['sql'] = array_merge($sql_data[POSTS_TABLE]['sql'], array(
 				'topic_id' => $data['topic_id'])
 			);
 		}
 
 		$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' .
-			$db->sql_build_array('INSERT', $sql_data['post']['sql']);
+			$db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
 		$db->sql_query($sql);
 		$data['post_id'] = $db->sql_nextid();
 
 		if ($post_mode == 'post')
 		{
-			$sql_data['topic']['sql'] = array(
+			$sql_data[TOPICS_TABLE]['sql'] = array(
 				'topic_first_post_id' => $data['post_id'],
 				'topic_last_post_id' => $data['post_id'],
 				'topic_last_post_time' => $current_time,
@@ -1852,7 +1828,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 			);
 		}
 
-		unset($sql_data['post']['sql']);
+		unset($sql_data[POSTS_TABLE]['sql']);
 	}
 
 	$make_global = FALSE;
@@ -1872,36 +1848,36 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 		{
 			// Decrement topic/post count
 			$make_global = TRUE;
-			$sql_data['forum']['stat'] = array();
+			$sql_data[FORUMS_TABLE]['stat'] = array();
 
-			$sql_data['forum']['stat'][] = 'forum_posts = forum_posts - ' . ($row['topic_replies_real'] + 1);
-			$sql_data['forum']['stat'][] = 'forum_topics_real = forum_topics_real - 1' . (($row['topic_approved']) ? ', forum_topics = forum_topics - 1' : '');
+			$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts - ' . ($row['topic_replies_real'] + 1);
+			$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real - 1' . (($row['topic_approved']) ? ', forum_topics = forum_topics - 1' : '');
 		}
 		// unglobalise
 		else if ((int)$row['topic_type'] == POST_GLOBAL && $topic_type != POST_GLOBAL)
 		{
 			// Increment topic/post count
 			$make_global = TRUE;
-			$sql_data['forum']['stat'] = array();
+			$sql_data[FORUMS_TABLE]['stat'] = array();
 
-			$sql_data['forum']['stat'][] = 'forum_posts = forum_posts + ' . ($row['topic_replies_real'] + 1);
-			$sql_data['forum']['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($row['topic_approved']) ? ', forum_topics = forum_topics + 1' : '');
+			$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + ' . ($row['topic_replies_real'] + 1);
+			$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($row['topic_approved']) ? ', forum_topics = forum_topics + 1' : '');
 		}
 	}
 
 	// Update the topics table
-	if (isset($sql_data['topic']['sql']))
+	if (isset($sql_data[TOPICS_TABLE]['sql']))
 	{
 		$db->sql_query('UPDATE ' . TOPICS_TABLE . ' 
-			SET ' . $db->sql_build_array('UPDATE', $sql_data['topic']['sql']) . '
+			SET ' . $db->sql_build_array('UPDATE', $sql_data[TOPICS_TABLE]['sql']) . '
 			WHERE topic_id = ' . $data['topic_id']);
 	}
 
 	// Update the posts table
-	if (isset($sql_data['post']['sql']))
+	if (isset($sql_data[POSTS_TABLE]['sql']))
 	{
 		$db->sql_query('UPDATE ' . POSTS_TABLE . '
-			SET ' . $db->sql_build_array('UPDATE', $sql_data['post']['sql']) . '
+			SET ' . $db->sql_build_array('UPDATE', $sql_data[POSTS_TABLE]['sql']) . '
 			WHERE post_id = ' . $data['post_id']);
 	}
 
@@ -2017,7 +1993,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 			// We get the last post information not for posting or replying, we can assume the correct params here, which is much faster
 			if ($post_mode == 'edit_last_post')
 			{
-				$sql_data['forum']['stat'][] = implode(', ', update_last_post_information('forum', $data['forum_id']));
+				$sql_data[FORUMS_TABLE]['stat'][] = implode(', ', update_last_post_information('forum', $data['forum_id']));
 			}
 			else if (!$auth->acl_get('f_moderate', $data['forum_id']))
 			{
@@ -2025,24 +2001,32 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 				$update_sql .= ", forum_last_post_time = $current_time";
 				$update_sql .= ', forum_last_poster_id = ' . $user->data['user_id'];
 				$update_sql .= ", forum_last_poster_name = '" . (($user->data['user_id'] == ANONYMOUS) ? $db->sql_escape(stripslashes($username)) : $db->sql_escape($user->data['username'])) . "'";
-				$sql_data['forum']['stat'][] = $update_sql;
+				$sql_data[FORUMS_TABLE]['stat'][] = $update_sql;
 			}
 		}
-		$sql_data['topic']['stat'][] = implode(', ', update_last_post_information('topic', $data['topic_id']));
+
+		$update = update_last_post_information('topic', $data['topic_id']);
+		if (sizeof($update))
+		{
+			$sql_data[TOPICS_TABLE]['stat'][] = implode(', ', $update);
+		}
 	}
 
 	if ($make_global)
 	{
-		$sql_data['forum']['stat'][] = implode(', ', update_last_post_information('forum', $data['forum_id']));
+		$sql_data[FORUMS_TABLE]['stat'][] = implode(', ', update_last_post_information('forum', $data['forum_id']));
 	}
 
 	if ($post_mode == 'edit_topic')
 	{
-		$sql_data['topic']['stat'] = implode(', ', update_last_post_information('topic', $data['topic_id']));
+		$update = update_last_post_information('topic', $data['topic_id']);
+		if (sizeof($update))
+		{
+			$sql_data[TOPICS_TABLE]['stat'][] = implode(', ', $update);
+		}
 	}
 
 	// Update total post count, do not consider moderated posts/topics
-	// Mental Note: adjust Resync Stats in admin index if you delete these comments.
 	if (!$auth->acl_get('f_moderate', $data['forum_id']))
 	{
 		if ($post_mode == 'post')
@@ -2060,32 +2044,14 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
 	// Update forum stats
 	$db->sql_transaction();
 
-	if (implode('', $sql_data['post']['stat']) != '')
-	{
-		$db->sql_query('UPDATE ' . POSTS_TABLE . ' 
-			SET ' . implode(', ', $sql_data['post']['stat']) . '
-			WHERE post_id = ' . $data['post_id']);
-	}
+	$where_sql = array(POSTS_TABLE => 'post_id = ' . $data['post_id'], TOPICS_TABLE => 'topic_id = ' . $data['topic_id'], FORUMS_TABLE => 'forum_id = ' . $data['forum_id'], USERS_TABLE => 'user_id = ' . $user->data['user_id']);
 
-	if (implode('', $sql_data['topic']['stat']) != '')
+	foreach ($sql_data as $table => $update_ary)
 	{
-		$db->sql_query('UPDATE ' . TOPICS_TABLE . ' 
-			SET ' . implode(', ', $sql_data['topic']['stat']) . '
-			WHERE topic_id = ' . $data['topic_id']);
-	}
-
-	if (implode('', $sql_data['forum']['stat']) != '')
-	{
-		$db->sql_query('UPDATE ' . FORUMS_TABLE . ' 
-			SET ' . implode(', ', $sql_data['forum']['stat']) . '
-			WHERE forum_id = ' . $data['forum_id']);
-	}
-
-	if (implode('', $sql_data['user']['stat']) != '')
-	{
-		$db->sql_query('UPDATE ' . USERS_TABLE . ' 
-			SET ' . implode(', ', $sql_data['user']['stat']) . '
-			WHERE user_id = ' . $user->data['user_id']);
+		if (implode('', $update_ary['stat']) != '')
+		{
+			$db->sql_query("UPDATE $table SET " . implode(', ', $update_ary['stat']) . ' WHERE ' . $where_sql[$table]);
+		}
 	}
 
 	// Fulltext parse

lang['DEFINE_' . $allow_deny . '_IPS']; ?>
lang['DOWNLOAD_ADD_IPS_EXPLAIN']; ?>
lang['IP_HOSTNAME']; ?>:
lang['EXCLUDE_FROM_' . $allow_deny . '_IP']; ?>: lang['EXCLUDE_ENTERED_IP']; ?>	lang['YES']; ?> lang['NO']; ?>

lang['REMOVE_' . $allow_deny . '_IPS']; ?>
lang['DOWNLOAD_REMOVE_IPS_EXPLAIN']; ?>
lang['IP_HOSTNAME']; ?>:

lang['NO_IPS_DEFINED']; ?>