This commit was manufactured by cvs2svn to create tag

'release_2_0_20'. git-svn-id: file:///svn/phpbb/tags/release_2_0_20@5762 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-09-14 01:52:06 +02:00 · 2006-04-05 12:42:23 +00:00
51 changed files with 903 additions and 408 deletions
--- a/phpBB/admin/admin_board.php
+++ b/phpBB/admin/admin_board.php
@@ -16,7 +16,7 @@ define('IN_PHPBB', 1);
 if( !empty($setmodules) )
 {
 	$file = basename(__FILE__);
-	$module['General']['Configuration'] = "$file";
+	$module['General']['Configuration'] = $file;
 	return;
 }

@@ -49,7 +49,14 @@ else

 		if ($config_name == 'cookie_name')
 		{
-			$cookie_name = str_replace('.', '_', $new['cookie_name']);
+			$new['cookie_name'] = str_replace('.', '_', $new['cookie_name']);
+		}
+
+		// Attempt to prevent a common mistake with this value,
+		// http:// is the protocol and not part of the server name
+		if ($config_name == 'server_name')
+		{
+			$new['server_name'] = str_replace('http://', '', $new['server_name']);
 		}

 		if( isset($HTTP_POST_VARS['submit']) )
@@ -191,6 +198,16 @@ $template->assign_vars(array(
 	"L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'],
 	"L_FLOOD_INTERVAL" => $lang['Flood_Interval'],
 	"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], 
+	"L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
+	"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], 
+
+	'L_MAX_LOGIN_ATTEMPTS'			=> $lang['Max_login_attempts'],
+	'L_MAX_LOGIN_ATTEMPTS_EXPLAIN'	=> $lang['Max_login_attempts_explain'],
+	'L_LOGIN_RESET_TIME'			=> $lang['Login_reset_time'],
+	'L_LOGIN_RESET_TIME_EXPLAIN'	=> $lang['Login_reset_time_explain'],
+	'MAX_LOGIN_ATTEMPTS'			=> $new['max_login_attempts'],
+	'LOGIN_RESET_TIME'				=> $new['login_reset_time'],
+
 	"L_BOARD_EMAIL_FORM" => $lang['Board_email_form'], 
 	"L_BOARD_EMAIL_FORM_EXPLAIN" => $lang['Board_email_form_explain'], 
 	"L_TOPICS_PER_PAGE" => $lang['Topics_per_page'],
@@ -268,6 +285,7 @@ $template->assign_vars(array(
 	"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, 
 	"MAX_POLL_OPTIONS" => $new['max_poll_options'], 
 	"FLOOD_INTERVAL" => $new['flood_interval'],
+	"SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],
 	"TOPICS_PER_PAGE" => $new['topics_per_page'],
 	"POSTS_PER_PAGE" => $new['posts_per_page'],
 	"HOT_TOPIC" => $new['hot_threshold'],
--- a/phpBB/admin/admin_db_utilities.php
+++ b/phpBB/admin/admin_db_utilities.php
@@ -499,9 +499,9 @@ function get_table_content_postgresql($table, $handler)

 	while($row = $db->sql_fetchrow($result))
 	{
-		unset($schema_vals);
-		unset($schema_fields);
-		unset($schema_insert);
+		$schema_vals = '';
+		$schema_fields = '';
+		$schema_insert = '';
 		//
 		// Build the SQL statement to recreate the data.
 		//
@@ -516,7 +516,7 @@ function get_table_content_postgresql($table, $handler)
 			}
 			elseif (eregi("date|timestamp", $aryType[$i]))
 			{
-				if ($empty($strVal))
+				if (empty($strVal))
 				{
 					$strQuote = "";
 				}
@@ -693,7 +693,7 @@ if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
 				include('./page_footer_admin.'.$phpEx);
 			}

-			$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm');
+			$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys');

 			$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );

--- a/phpBB/admin/admin_disallow.php
+++ b/phpBB/admin/admin_disallow.php
@@ -25,7 +25,7 @@ define('IN_PHPBB', 1);
 if( !empty($setmodules) )
 {
 	$filename = basename(__FILE__);
-	$module['Users']['Disallow'] = append_sid($filename);
+	$module['Users']['Disallow'] = $filename;

 	return;
 }
--- a/phpBB/admin/admin_forums.php
+++ b/phpBB/admin/admin_forums.php
@@ -39,8 +39,8 @@ include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
 $forum_auth_ary = array(
 	"auth_view" => AUTH_ALL, 
 	"auth_read" => AUTH_ALL, 
-	"auth_post" => AUTH_ALL, 
-	"auth_reply" => AUTH_ALL, 
+	"auth_post" => AUTH_REG, 
+	"auth_reply" => AUTH_REG, 
 	"auth_edit" => AUTH_REG, 
 	"auth_delete" => AUTH_REG, 
 	"auth_sticky" => AUTH_MOD, 
--- a/phpBB/admin/admin_groups.php
+++ b/phpBB/admin/admin_groups.php
@@ -104,21 +104,26 @@ if ( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
 	//
 	// Ok, now we know everything about them, let's show the page.
 	//
-	$sql = "SELECT user_id, username
-		FROM " . USERS_TABLE . "
-		WHERE user_id <> " . ANONYMOUS . "
-		ORDER BY username";
-	if ( !($result = $db->sql_query($sql)) )
+	if ($group_info['group_moderator'] != '')
 	{
-		message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
-	}
-
-	while ( $row = $db->sql_fetchrow($result) )
-	{
-		if ( $row['user_id'] == $group_info['group_moderator'] ) 
+		$sql = "SELECT user_id, username
+			FROM " . USERS_TABLE . "
+			WHERE user_id = " . $group_info['group_moderator'];
+		if ( !($result = $db->sql_query($sql)) )
 		{
-			$group_moderator = $row['username'];
+			message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
 		}
+
+		if ( !($row = $db->sql_fetchrow($result)) )
+		{
+			message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
+		}
+
+		$group_moderator = $row['username'];
+	}
+	else
+	{
+		$group_moderator = '';
 	}

 	$group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : '';
@@ -250,7 +255,7 @@ else if ( isset($HTTP_POST_VARS['group_update']) )
 	else
 	{
 		$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
-		$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
+		$group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
 		$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
 		$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
 		$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;
--- a/phpBB/admin/admin_ranks.php
+++ b/phpBB/admin/admin_ranks.php
@@ -19,15 +19,15 @@
 *
 ***************************************************************************/

-define('IN_PHPBB', 1);
-
 if( !empty($setmodules) )
 {
 	$file = basename(__FILE__);
-	$module['Users']['Ranks'] = "$file";
+	$module['Users']['Ranks'] = $file;
 	return;
 }

+define('IN_PHPBB', 1);
+
 //
 // Let's set the root dir for phpBB
 //
@@ -37,7 +37,7 @@ require('./pagestart.' . $phpEx);

 if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 {
-	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
+	$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
 	$mode = htmlspecialchars($mode);
 }
 else 
@@ -59,6 +59,8 @@ else
 	}
 }

+// Restrict mode input to valid options
+$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';

 if( $mode != "" )
 {
@@ -213,8 +215,10 @@ if( $mode != "" )
 		{
 			$rank_id = 0;
 		}
+
+		$confirm = isset($HTTP_POST_VARS['confirm']);
 		
-		if( $rank_id )
+		if( $rank_id && $confirm )
 		{
 			$sql = "DELETE FROM " . RANKS_TABLE . "
 				WHERE rank_id = $rank_id";
@@ -238,135 +242,95 @@ if( $mode != "" )
 			message_die(GENERAL_MESSAGE, $message);

 		}
+		elseif( $rank_id && !$confirm)
+		{
+			// Present the confirmation screen to the user
+			$template->set_filenames(array(
+				'body' => 'admin/confirm_body.tpl')
+			);
+
+			$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $rank_id . '" />';
+
+			$template->assign_vars(array(
+				'MESSAGE_TITLE' => $lang['Confirm'],
+				'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],
+
+				'L_YES' => $lang['Yes'],
+				'L_NO' => $lang['No'],
+
+				'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
+				'S_HIDDEN_FIELDS' => $hidden_fields)
+			);
+		}
 		else
 		{
 			message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
 		}
 	}
-	else
-	{
-		//
-		// They didn't feel like giving us any information. Oh, too bad, we'll just display the
-		// list then...
-		//
-		$template->set_filenames(array(
-			"body" => "admin/ranks_list_body.tpl")
-		);
-		
-		$sql = "SELECT * FROM " . RANKS_TABLE . "
-			ORDER BY rank_min, rank_title";
-		if( !$result = $db->sql_query($sql) )
-		{
-			message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
-		}
-		
-		$rank_rows = $db->sql_fetchrowset($result);
-		$rank_count = count($rank_rows);
-		
-		$template->assign_vars(array(
-			"L_RANKS_TITLE" => $lang['Ranks_title'],
-			"L_RANKS_TEXT" => $lang['Ranks_explain'],
-			"L_RANK" => $lang['Rank_title'],
-			"L_RANK_MINIMUM" => $lang['Rank_minimum'],
-			"L_SPECIAL_RANK" => $lang['Special_rank'],
-			"L_EDIT" => $lang['Edit'],
-			"L_DELETE" => $lang['Delete'],
-			"L_ADD_RANK" => $lang['Add_new_rank'],
-			"L_ACTION" => $lang['Action'],
-			
-			"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
-		);
-		
-		for( $i = 0; $i < $rank_count; $i++)
-		{
-			$rank = $rank_rows[$i]['rank_title'];
-			$special_rank = $rank_rows[$i]['rank_special'];
-			$rank_id = $rank_rows[$i]['rank_id'];
-			$rank_min = $rank_rows[$i]['rank_min'];

-			if($special_rank)
-			{
-				$rank_min = $rank_max = "-";
-			}
-			
-			$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
-			$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
-	
-			$template->assign_block_vars("ranks", array(
-				"ROW_COLOR" => "#" . $row_color,
-				"ROW_CLASS" => $row_class,
-				"RANK" => $rank,
-				"RANK_MIN" => $rank_min,
+	$template->pparse("body");

-				"SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
-
-				"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
-				"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
-			);
-		}
-	}
+	include('./page_footer_admin.'.$phpEx);
 }
-else
+
+//
+// Show the default page
+//
+$template->set_filenames(array(
+	"body" => "admin/ranks_list_body.tpl")
+);
+
+$sql = "SELECT * FROM " . RANKS_TABLE . "
+	ORDER BY rank_min ASC, rank_special ASC";
+if( !$result = $db->sql_query($sql) )
 {
-	//
-	// Show the default page
-	//
-	$template->set_filenames(array(
-		"body" => "admin/ranks_list_body.tpl")
-	);
+	message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
+}
+$rank_count = $db->sql_numrows($result);
+
+$rank_rows = $db->sql_fetchrowset($result);
+
+$template->assign_vars(array(
+	"L_RANKS_TITLE" => $lang['Ranks_title'],
+	"L_RANKS_TEXT" => $lang['Ranks_explain'],
+	"L_RANK" => $lang['Rank_title'],
+	"L_RANK_MINIMUM" => $lang['Rank_minimum'],
+	"L_SPECIAL_RANK" => $lang['Rank_special'],
+	"L_EDIT" => $lang['Edit'],
+	"L_DELETE" => $lang['Delete'],
+	"L_ADD_RANK" => $lang['Add_new_rank'],
+	"L_ACTION" => $lang['Action'],
 	
-	$sql = "SELECT * FROM " . RANKS_TABLE . "
-		ORDER BY rank_min ASC, rank_special ASC";
-	if( !$result = $db->sql_query($sql) )
+	"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
+);
+
+for($i = 0; $i < $rank_count; $i++)
+{
+	$rank = $rank_rows[$i]['rank_title'];
+	$special_rank = $rank_rows[$i]['rank_special'];
+	$rank_id = $rank_rows[$i]['rank_id'];
+	$rank_min = $rank_rows[$i]['rank_min'];
+	
+	if( $special_rank == 1 )
 	{
-		message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
+		$rank_min = $rank_max = "-";
 	}
-	$rank_count = $db->sql_numrows($result);

-	$rank_rows = $db->sql_fetchrowset($result);
+	$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+	$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+
+	$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
 	
-	$template->assign_vars(array(
-		"L_RANKS_TITLE" => $lang['Ranks_title'],
-		"L_RANKS_TEXT" => $lang['Ranks_explain'],
-		"L_RANK" => $lang['Rank_title'],
-		"L_RANK_MINIMUM" => $lang['Rank_minimum'],
-		"L_SPECIAL_RANK" => $lang['Rank_special'],
-		"L_EDIT" => $lang['Edit'],
-		"L_DELETE" => $lang['Delete'],
-		"L_ADD_RANK" => $lang['Add_new_rank'],
-		"L_ACTION" => $lang['Action'],
-		
-		"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
+	$template->assign_block_vars("ranks", array(
+		"ROW_COLOR" => "#" . $row_color,
+		"ROW_CLASS" => $row_class,
+		"RANK" => $rank,
+		"SPECIAL_RANK" => $rank_is_special,
+		"RANK_MIN" => $rank_min,
+
+		"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
+		"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
 	);
-	
-	for($i = 0; $i < $rank_count; $i++)
-	{
-		$rank = $rank_rows[$i]['rank_title'];
-		$special_rank = $rank_rows[$i]['rank_special'];
-		$rank_id = $rank_rows[$i]['rank_id'];
-		$rank_min = $rank_rows[$i]['rank_min'];
-		
-		if( $special_rank == 1 )
-		{
-			$rank_min = $rank_max = "-";
-		}
-
-		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
-		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
-
-		$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
-		
-		$template->assign_block_vars("ranks", array(
-			"ROW_COLOR" => "#" . $row_color,
-			"ROW_CLASS" => $row_class,
-			"RANK" => $rank,
-			"SPECIAL_RANK" => $rank_is_special,
-			"RANK_MIN" => $rank_min,
-
-			"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
-			"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
-		);
-	}
 }

 $template->pparse("body");
--- a/phpBB/admin/admin_smilies.php
+++ b/phpBB/admin/admin_smilies.php
@@ -316,17 +316,43 @@ else if ( $mode != "" )
 			$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
 			$smiley_id = intval($smiley_id);

-			$sql = "DELETE FROM " . SMILIES_TABLE . "
-				WHERE smilies_id = " . $smiley_id;
-			$result = $db->sql_query($sql);
-			if( !$result )
+			$confirm = isset($HTTP_POST_VARS['confirm']);
+
+			if( $confirm )
 			{
-				message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
+				$sql = "DELETE FROM " . SMILIES_TABLE . "
+					WHERE smilies_id = " . $smiley_id;
+				$result = $db->sql_query($sql);
+				if( !$result )
+				{
+					message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
+				}
+
+				$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+				message_die(GENERAL_MESSAGE, $message);
 			}
+			else
+			{
+				// Present the confirmation screen to the user
+				$template->set_filenames(array(
+					'body' => 'admin/confirm_body.tpl')
+				);

-			$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+				$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $smiley_id . '" />';

-			message_die(GENERAL_MESSAGE, $message);
+				$template->assign_vars(array(
+					'MESSAGE_TITLE' => $lang['Confirm'],
+					'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],
+
+					'L_YES' => $lang['Yes'],
+					'L_NO' => $lang['No'],
+
+					'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
+					'S_HIDDEN_FIELDS' => $hidden_fields)
+				);
+				$template->pparse('body');
+			}
 			break;

 		case 'edit':
@@ -402,11 +428,13 @@ else if ( $mode != "" )
 			// Get the submitted data, being careful to ensure that we only
 			// accept the data we are looking for.
 			//
-			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
-			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
+			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : '';
+			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
 			$smile_url = phpbb_ltrim(basename($smile_url), "'");
-			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
-			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
+			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
+			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
+			$smile_code = trim($smile_code);
+			$smile_url = trim($smile_url);

 			// If no code was entered complain ...
 			if ($smile_code == '' || $smile_url == '')
@@ -445,13 +473,12 @@ else if ( $mode != "" )
 			// Get the submitted data being careful to ensure the the data
 			// we recieve and process is only the data we are looking for.
 			//
-			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
-			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
+			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : '';
+			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
 			$smile_url = phpbb_ltrim(basename($smile_url), "'");
-			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
+			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
 			$smile_code = trim($smile_code);
 			$smile_url = trim($smile_url);
-			$smile_emotion = trim($smile_emotion);

 			// If no code was entered complain ...
 			if ($smile_code == '' || $smile_url == '')
--- a/phpBB/admin/admin_styles.php
+++ b/phpBB/admin/admin_styles.php
@@ -27,7 +27,7 @@ if( !empty($setmodules) )
 	$file = basename(__FILE__);
 	$module['Styles']['Add_new'] = "$file?mode=addnew";
 	$module['Styles']['Create_new'] = "$file?mode=create";
-	$module['Styles']['Manage'] = "$file";
+	$module['Styles']['Manage'] = $file;
 	$module['Styles']['Export'] = "$file?mode=export";
 	return;
 }
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@@ -177,6 +177,20 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 				message_die(GENERAL_ERROR, 'Could not delete user from banlist table', '', __LINE__, __FILE__, $sql);
 			}

+			$sql = "DELETE FROM " . SESSIONS_TABLE . "
+				WHERE session_user_id = $user_id";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not delete sessions for this user', '', __LINE__, __FILE__, $sql);
+			}
+			
+			$sql = "DELETE FROM " . SESSIONS_KEYS_TABLE . "
+				WHERE user_id = $user_id";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not delete auto-login keys for this user', '', __LINE__, __FILE__, $sql);
+			}
+
 			$sql = "SELECT privmsgs_id
 				FROM " . PRIVMSGS_TABLE . "
 				WHERE privmsgs_from_userid = $user_id 
@@ -217,7 +231,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 			message_die(GENERAL_MESSAGE, $message);
 		}

-		$username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))) : '';
+		$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
 		$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : '';

 		$password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : '';
@@ -247,10 +261,9 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 		$allowbbcode = ( isset( $HTTP_POST_VARS['allowbbcode']) ) ? intval( $HTTP_POST_VARS['allowbbcode'] ) : $board_config['allow_bbcode'];
 		$allowsmilies = ( isset( $HTTP_POST_VARS['allowsmilies']) ) ? intval( $HTTP_POST_VARS['allowsmilies'] ) : $board_config['allow_smilies'];

-		$user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
+		$user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
 		$user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
 		$user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];
-		$user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];
 		$user_dateformat = ( $HTTP_POST_VARS['dateformat'] ) ? trim( $HTTP_POST_VARS['dateformat'] ) : $board_config['default_dateformat'];

 		$user_avatar_local = ( isset( $HTTP_POST_VARS['avatarselect'] ) && !empty($HTTP_POST_VARS['submitavatar'] ) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset( $HTTP_POST_VARS['avatarlocal'] )  ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
@@ -390,9 +403,9 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 		{
 			if( $this_userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $this_userdata['user_avatar'] != "" )
 			{
-				if( @file_exists(@phpbb_realpath("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
+				if( @file_exists(@phpbb_realpath('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar'])) )
 				{
-					@unlink("./" . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
+					@unlink('./../' . $board_config['avatar_path'] . "/" . $this_userdata['user_avatar']);
 				}
 			}
 			$avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
@@ -682,13 +695,19 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 						message_die(GENERAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
 					}
 				}
+
+				// We remove all stored login keys since the password has been updated
+				// and change the current one (if applicable)
+				if ( !empty($passwd_sql) )
+				{
+					session_reset_keys($user_id, $user_ip);
+				}
 				
 				$message .= $lang['Admin_user_updated'];
 			}
 			else
 			{
-				$error = TRUE;
-				$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
+				message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);
 			}

 			$message .= '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
--- a/phpBB/admin/admin_words.php
+++ b/phpBB/admin/admin_words.php
@@ -20,15 +20,15 @@
 *
 ***************************************************************************/

-define('IN_PHPBB', 1);
-
 if( !empty($setmodules) )
 {
 	$file = basename(__FILE__);
-	$module['General']['Word_Censor'] = "$file";
+	$module['General']['Word_Censor'] = $file;
 	return;
 }

+define('IN_PHPBB', 1);
+
 //
 // Load default header
 //
@@ -38,7 +38,7 @@ require('./pagestart.' . $phpEx);

 if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 {
-	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
+	$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
 	$mode = htmlspecialchars($mode);
 }
 else 
@@ -60,6 +60,9 @@ else
 	}
 }

+// Restrict mode input to valid options
+$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
+
 if( $mode != "" )
 {
 	if( $mode == "edit" || $mode == "add" )
@@ -70,6 +73,7 @@ if( $mode != "" )
 			"body" => "admin/words_edit_body.tpl")
 		);

+		$word_info = array('word' => '', 'replacement' => '');
 		$s_hidden_fields = '';

 		if( $mode == "edit" )
@@ -158,7 +162,9 @@ if( $mode != "" )
 			$word_id = 0;
 		}

-		if( $word_id )
+		$confirm = isset($HTTP_POST_VARS['confirm']);
+
+		if( $word_id && $confirm )
 		{
 			$sql = "DELETE FROM " . WORDS_TABLE . " 
 				WHERE word_id = $word_id";
@@ -172,6 +178,26 @@ if( $mode != "" )

 			message_die(GENERAL_MESSAGE, $message);
 		}
+		elseif( $word_id && !$confirm)
+		{
+			// Present the confirmation screen to the user
+			$template->set_filenames(array(
+				'body' => 'admin/confirm_body.tpl')
+			);
+
+			$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />';
+
+			$template->assign_vars(array(
+				'MESSAGE_TITLE' => $lang['Confirm'],
+				'MESSAGE_TEXT' => $lang['Confirm_delete_word'],
+
+				'L_YES' => $lang['Yes'],
+				'L_NO' => $lang['No'],
+
+				'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
+				'S_HIDDEN_FIELDS' => $hidden_fields)
+			);
+		}
 		else
 		{
 			message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
@@ -193,6 +219,7 @@ else
 	}

 	$word_rows = $db->sql_fetchrowset($result);
+	$db->sql_freeresult($result);
 	$word_count = count($word_rows);

 	$template->assign_vars(array(
--- a/phpBB/admin/index.php
+++ b/phpBB/admin/index.php
@@ -60,7 +60,7 @@ if( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'left' )
 	{
 		if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) )
 		{
-			include($file);
+			include('./' . $file);
 		}
 	}

@@ -234,9 +234,9 @@ elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
 			$row = $db->sql_fetchrow($result);
 			$version = $row['mysql_version'];

-			if( preg_match("/^(3\.23|4\.)/", $version) )
+			if( preg_match("/^(3\.23|4\.|5\.)/", $version) )
 			{
-				$db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname;
+				$db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)|(5\.)/", $version) ) ? "`$dbname`" : $dbname;

 				$sql = "SHOW TABLE STATUS 
 					FROM " . $db_name;
--- a/phpBB/admin/page_header_admin.php
+++ b/phpBB/admin/page_header_admin.php
@@ -132,6 +132,18 @@ $template->assign_vars(array(
 	'T_SPAN_CLASS3' => $theme['span_class3'])
 );

+// Work around for "current" Apache 2 + PHP module which seems to not
+// cope with private cache control setting
+if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
+{
+	header ('Cache-Control: no-cache, pre-check=0, post-check=0');
+}
+else
+{
+	header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+}
+header ('Expires: 0');
+header ('Pragma: no-cache');

 $template->pparse('header');

--- a/phpBB/admin/pagestart.php
+++ b/phpBB/admin/pagestart.php
@@ -49,13 +49,6 @@ else if ($userdata['user_level'] != ADMIN)

 if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
 {
-	$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
-	$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
-	$url = str_replace('//', '/', $url);
-	$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
-	$url = preg_replace('/\?$/', '', $url);
-	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
-
 	redirect("index.$phpEx?sid=" . $userdata['session_id']);
 }

--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -170,6 +170,7 @@ $theme = array();
 $images = array();
 $lang = array();
 $nav_links = array();
+$dss_seeded = false;
 $gen_simple_header = FALSE;

 include($phpbb_root_path . 'config.'.$phpEx);
@@ -220,7 +221,7 @@ while ( $row = $db->sql_fetchrow($result) )

 if (file_exists('install') || file_exists('contrib'))
 {
-	message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
+	message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
 }

 //
--- a/phpBB/db/mssql.php
+++ b/phpBB/db/mssql.php
@@ -289,7 +289,7 @@ class sql_db

 			while( list($key, $value) = @each($row) )
 			{
-				$row[$key] = stripslashes($value);
+				$row[$key] = ($value === ' ') ? '' : stripslashes($value);
 			}
 			@reset($row);

@@ -317,7 +317,7 @@ class sql_db
 			{
 				while( list($key, $value) = @each($row) )
 				{
-					$rowset[$i][$key] = stripslashes($value);
+					$rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value);
 				}
 				$i++;
 			}
@@ -356,7 +356,7 @@ class sql_db
 				if( empty($this->row[$query_id]) )
 				{
 					$this->row[$query_id] = @mssql_fetch_array($query_id);
-					$result = stripslashes($this->row[$query_id][$field]);
+					$result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]);
 				}
 			}

--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -32,6 +32,8 @@ p,ul,td {font-size:10pt;}
 <ol>
 <li><a href="#changelog">Changelog</a></li>
 <ol type="i">
+	<li><a href="#2019">Changes since 2.0.19</a></li>
+	<li><a href="#2018">Changes since 2.0.18</a></li>
 	<li><a href="#2017">Changes since 2.0.17</a></li>
 	<li><a href="#2016">Changes since 2.0.16</a></li>
 	<li><a href="#2015">Changes since 2.0.15</a></li>
@@ -63,12 +65,62 @@ p,ul,td {font-size:10pt;}

 <p>This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.</p>

-<a name="2017"></a><h3 class="h3">l.i. Changes since 2.0.17</h3>
+<a name="2019"></a><h3 class="h3">l.i. Changes since 2.0.19</h3>
+
+<ul>
+<li>[Fix] Prevent login attempts from incrementing for inactive users</li>
+<li>[Fix] Do not check maximum login attempts on re-authentication to the admin panel - tomknight</li>
+<li>[Fix] Regenerate session keys on password change</li>
+<li>[Fix] retrieving category rows in index.php (Bug #90)</li>
+<li>[Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)</li>
+<li>[Fix] Better handling of short usernames within the search (bug #105)</li>
+<li>[Fix] Send a no-cache header on admin pages as well as normal board pages (Bug #149)</li>
+<li>[Fix] Apply word censors to the message when quoting it (Bug #405)</li>
+<li>[Fix] Improved performance of query in admin_groups (Bug #753)</li>
+<li>[Fix] Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)</li>
+<li>[Fix] Correct use of default_style config value (Bug #861)</li>
+<li>[Fix] Replace unneeded unset calls in admin_db_utilities.php - vanderaj</li>
+<li>[Fix] Improved error handling in modcp.php</li>
+<li>[Fix] Improved handling of forums to which the user does not have any explicit permissions - vanderaj</li>
+<li>[Fix] Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions</li>
+<li>[Fix] Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions</li>
+<li>[Fix] Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions</li>
+<li>[Fix] Escape group names in admin_groups.php</li>
+<li>[Sec] Replace strip_tags with htmlspecialchars in private message subject</li>
+<li>[Sec] Some changes to HTML handling if enabled</li>
+<li>[Sec] Escape any special characters in reverse dns - Anthrax101</li>
+<li>[Sec] Typecast poll id values - Anthrax101</li>
+<li>[Sec] Added configurable search flood control to reduce the effect of DoS style attacks</li>
+<li>[Sec] Changed the way we create "random" values for use as keys - chinchilla/Anthrax101</li>
+<li>[Change] Changed handling of the case where a selected style doesn't exist in the database</li>
+<li>[Change] Changed handling of topic pruning to improve performance</li>
+<li>[Change] Changed default forum permissions to only allow registered users to post in new forums</li>
+</ul>
+
+
+<a name="2018"></a><h3 class="h3">l.ii. Changes since 2.0.18</h3>
+
+<ul>
+<li>[Fix] corrected index on session keys table under MS SQL</li>
+<li>[Fix] added session keys table to backup</li>
+<li>[Fix] delete session keys entries when deleting user</li>
+<li>[Fix] changes to support MySQL 5.0</li>
+<li>[Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu</li>
+<li>[Fix] change truncation of username length in usercp_register.php - BFUK</li>
+<li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li>
+<li>[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez</li>
+<li>[Fix] fixed captcha for those not having the zlib extension enabled</li>
+<li>[Change] Placed version information above who is online in admin panel for better visual presence</li>
+<li>[Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode</li>
+<li>[Sec] fixed XSS issue if html tags are allowed and enabled</li>
+<li>[Sec] added configurable maximum login attempts to prevent dictionary attacks</li>
+</ul>
+
+
+<a name="2017"></a><h3 class="h3">l.iii. Changes since 2.0.17</h3>

 <ul>
 <li>[Fix] incorrect handling of password resets if admin activation is enabled (Bug #88)</li>
-<li>[Fix] retrieving category rows in index.php (Bug #90)</li>
-<li>[Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)</li>
 <li>[Fix] wrong topic redirection after login redirect (Bug #94)</li>
 <li>[Fix] improved handling of username lists in admin_ug_auth.php (Bug #98)</li>
 <li>[Fix] incorrect removal of bbcode_uid values if bbcode has been turned off (Bug #100)</li>
@@ -113,7 +165,7 @@ p,ul,td {font-size:10pt;}
 <li>[Sec] compare imagetype on avatar uploading to match the file extension from uploaded file</li>
 </ul>

-<a name="2016"></a><h3 class="h3">l.ii. Changes since 2.0.16</h3>
+<a name="2016"></a><h3 class="h3">l.iv. Changes since 2.0.16</h3>

 <ul>
 <li>Added extra checks to the deletion code in privmsg.php - reported by party_fan</li>
@@ -129,7 +181,7 @@ p,ul,td {font-size:10pt;}
 <li>Correctly set username on posts when deleting a user from the admin panel</li>
 </ul>

-<a name="2015"></a><h3 class="h3">l.iii. Changes since 2.0.15</h3>
+<a name="2015"></a><h3 class="h3">l.v. Changes since 2.0.15</h3>

 <ul>
 <li>Fixed critical issue with highlighting - <b>Discovered and fix provided by Ron van Daal</b></li>
@@ -141,7 +193,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set</li>
 </ul>

-<a name="2014"></a><h3 class="h3">l.iv. Changes since 2.0.14</h3>
+<a name="2014"></a><h3 class="h3">l.vi. Changes since 2.0.14</h3>

 <ul>
 <li>Fixed moderator status removal in groupcp.php</li>
@@ -163,7 +215,7 @@ p,ul,td {font-size:10pt;}
 <li>Empty url/img bbcodes no longer get parsed</li>
 </ul>

-<a name="2013"></a><h3 class="h3">l.v. Changes since 2.0.13</h3>
+<a name="2013"></a><h3 class="h3">l.vii. Changes since 2.0.13</h3>

 <ul>
 <li>Hardened author and keyword search a bit to not allow very server intensive searches</li>
@@ -180,7 +232,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed case-sensitivity issues in postgres7.php - <b>R45</b></li>
 </ul>

-<a name="2012"></a><h3 class="h3">l.vi. Changes since 2.0.12</h3>
+<a name="2012"></a><h3 class="h3">l.viii. Changes since 2.0.12</h3>

 <ul>
 <li>Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party</li>
@@ -188,7 +240,7 @@ p,ul,td {font-size:10pt;}
 <li>Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.</li>
 </ul>

-<a name="2011"></a><h3 class="h3">l.vii. Changes since 2.0.11</h3>
+<a name="2011"></a><h3 class="h3">l.ix. Changes since 2.0.11</h3>

 <ul>
 <li>Added confirm table to admin_db_utilities.php</li>
@@ -203,7 +255,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - <b>matrix_killer</b></li>
 </ul>

-<a name="2010"></a><h3 class="h3">l.viii. Changes since 2.0.10</h3>
+<a name="2010"></a><h3 class="h3">l.x. Changes since 2.0.10</h3>

 <ul>
 <li>Fixed vulnerability in highlighting code (<b>very high severity, please update your installation as soon as possible</b>)</li>
@@ -214,7 +266,7 @@ p,ul,td {font-size:10pt;}
 <li>Added visual confirmation mod to code base</li>
 </ul>

-<a name="209"></a><h3 class="h3">l.ix. Changes since 2.0.9</h3>
+<a name="209"></a><h3 class="h3">l.xi. Changes since 2.0.9</h3>

 <ul>
 <li>Fixed deleting of styles in admin_styles.php</li>
@@ -227,7 +279,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed visual confirmation code. The image was not created due to a wrong regular expression.</li>
 </ul>

-<a name="208"></a><h3 class="h3">l.x. Changes since 2.0.8</h3>
+<a name="208"></a><h3 class="h3">l.xii. Changes since 2.0.8</h3>

 <ul>
 <li>Fixed one vulnerability in admin_board.php - <b>Xore</b></li>
@@ -246,7 +298,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed problem with SID not delivered to next page in groupcp.php</li>
 </ul>

-<a name="207"></a><h3 class="h3">l.xi. Changes since 2.0.7</h3>
+<a name="207"></a><h3 class="h3">l.xiii. Changes since 2.0.7</h3>

 <ul>
 <li>Fixed several vulnerabilities in admin pages</li>
@@ -258,7 +310,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed sql injection vulnerability in privmsg - 2.0.8a</li>
 </ul>

-<a name="206"></a><h3 class="h3">1.xii. Changes since 2.0.6</h3>
+<a name="206"></a><h3 class="h3">1.xiv. Changes since 2.0.6</h3>

 <ul>
 <li>Fixed several vulnerabilities in modcp - <b>Robert Lavierck</b></li>
@@ -272,7 +324,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed potential vulnerability in avatar gallery</li>
 </ul>

-<a name="205"></a><h3 class="h3">1.xiii. Changes since 2.0.5</h3>
+<a name="205"></a><h3 class="h3">1.xv. Changes since 2.0.5</h3>

 <ul>
 <li>Fixed various email issues</li>
@@ -288,7 +340,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed sql injection with reset date format field in profile - <b>tendor</b></li>
 </ul>

-<a name="204"></a><h3 class="h3">1.xiv. Changes since 2.0.4</h3>
+<a name="204"></a><h3 class="h3">1.xvi. Changes since 2.0.4</h3>

 <ul>
 <li>Removed user facing session_id checks</li>
@@ -360,7 +412,7 @@ p,ul,td {font-size:10pt;}
 <li>Default English support for visual confirmation - translators are encouraged to support this</li>
 </ul>

-<a name="203"></a><h3 class="h3">1.xv. Changes since 2.0.3</h3>
+<a name="203"></a><h3 class="h3">1.xvii. Changes since 2.0.3</h3>

 <ul>
 <li>Fixed cross-browser scripting issue with highlight param</li>
@@ -487,7 +539,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed potential SQL vulnerability with marking of private messages - <b>Ulf Harnhammar</b></li>
 </ul>

-<a name="202"></a><h3 class="h3">1.xvi. Changes since 2.0.2</h3>
+<a name="202"></a><h3 class="h3">1.xviii. Changes since 2.0.2</h3>

 <ul>
 <li>Fixed potential cross-site scripting vulnerability with avatars - <b>Showscout</b></li>
@@ -496,7 +548,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed (hopefully) issue with MS Access and multiple pages</li>
 </ul>

-<a name="201"></a><h3 class="h3">1.xvii. Changes since 2.0.1</h3>
+<a name="201"></a><h3 class="h3">1.xix. Changes since 2.0.1</h3>

 <ul>
 <li>Fixed missing "username" lang variable in user admin template</li>
@@ -531,7 +583,7 @@ p,ul,td {font-size:10pt;}
 <li>Fix emailer to allow sending emails with language-specific character sets</li>
 </ul>

-<a name="200"></a><h3 class="h3">1.xviii. Changes since 2.0.0</h3>
+<a name="200"></a><h3 class="h3">1.xx. Changes since 2.0.0</h3>

 <ul>
 <li>Fixed delete image bug for normal users</li>
@@ -588,7 +640,7 @@ p,ul,td {font-size:10pt;}
 <li>Added database closure to admin frameset page</li>
 </ul>

-<a name="final"></a><h3 class="h3">1.xix. Changes since RC-4</h3>
+<a name="final"></a><h3 class="h3">1.xxi. Changes since RC-4</h3>

 <ul>
 <li>Fixed improper report of general error when posting messages containing errors</li>
@@ -618,7 +670,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed various remaining usergroup display issues</li>
 </ul>

-<a name="rc4"></a><h3 class="h3">1.xx. Changes since RC-3</h3>
+<a name="rc4"></a><h3 class="h3">1.xxii. Changes since RC-3</h3>

 <ul>
 <li>Addressed serious security issue with included files</li>
@@ -649,7 +701,7 @@ p,ul,td {font-size:10pt;}
 <li>Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver</li>
 </ul>

-<a name="rc3"></a><h3 class="h3">1.xxi. Changes since RC-2</h3>
+<a name="rc3"></a><h3 class="h3">1.xxiii. Changes since RC-2</h3>

 <ul>
 <li>Fixed infamous install parse error</li>
@@ -682,7 +734,7 @@ p,ul,td {font-size:10pt;}
 <li>Hidden usergroups are now completely hidden from view</li>
 </ul>

-<a name="rc2"></a><h3 class="h3">1.xxii. Changes since RC-1</h3>
+<a name="rc2"></a><h3 class="h3">1.xxiv. Changes since RC-1</h3>

 <ul>
 <li>Fixed numerous PostgreSQL related issues</li>
@@ -702,7 +754,7 @@ p,ul,td {font-size:10pt;}
 <li>Various other fixes and updates</li>
 </ul>

-<a name="rc1"></a><h3 class="h3">1.xxiii. Changes since RC-1 (pre)</h3>
+<a name="rc1"></a><h3 class="h3">1.xxv. Changes since RC-1 (pre)</h3>

 <ul>
 <li>Upgrade script completed for initial fully functional release</li>
--- a/phpBB/docs/INSTALL.html
+++ b/phpBB/docs/INSTALL.html
@@ -194,7 +194,7 @@ p,ul,td {font-size:10pt;}

 <a name="upgradeSTABLE_files"></a><h3 class="h3">7.ii. Changed files only</h3>

-<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.17 you should select the phpBB-2.0.17_to_2.0.18.zip/tar.gz file.</p>
+<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.19 you should select the phpBB-2.0.19_to_2.0.20.zip/tar.gz file.</p>

 <p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any Mods these files will overwrite the originals possibly destroying them in the process. You will need to re-add Mods to any affected file before uploading.</p>

@@ -204,7 +204,7 @@ p,ul,td {font-size:10pt;}

 <p>The patch file is probably the best solution for those with many Mods or other changes who do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <b>patch</b> application.</p>

-<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.17 you need the phpBB-2.0.17_to_2.0.18.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.19 you need the phpBB-2.0.19_to_2.0.20.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>

 <p>If you do get failures you should look at using the <a href="#upgradeSTABLE_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Mods to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>

--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -234,6 +234,7 @@ function auth($type, $forum_id, $userdata, $f_access = '')
 			{
 				$value = $f_access[$k][$key];
 				$f_forum_id = $f_access[$k]['forum_id'];
+				$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();

 				switch( $value )
 				{
@@ -282,6 +283,7 @@ function auth($type, $forum_id, $userdata, $f_access = '')
 		for($k = 0; $k < count($f_access); $k++)
 		{
 			$f_forum_id = $f_access[$k]['forum_id'];
+			$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();

 			$auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
 		}
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -196,15 +196,15 @@ function bbencode_second_pass($text, $uid)

 	// [img]image_url_here[/img] code..
 	// This one gets first-passed..
-	$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
+	$patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i";
 	$replacements[] = $bbcode_tpl['img'];

 	// matches a [url]xxxx://www.phpbb.com[/url] code..
-	$patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
+	$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
 	$replacements[] = $bbcode_tpl['url1'];

 	// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
-	$patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
+	$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
 	$replacements[] = $bbcode_tpl['url2'];

 	// [url=xxxx://www.phpbb.com]phpBB[/url] code..
@@ -235,7 +235,7 @@ function make_bbcode_uid()
 {
 	// Unique ID for this message..

-	$uid = md5(mt_rand());
+	$uid = dss_rand();
 	$uid = substr($uid, 0, BBCODE_UID_LEN);

 	return $uid;
@@ -252,7 +252,7 @@ function bbencode_first_pass($text, $uid)

 	// [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
 	$text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, '');
-	$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
+	$text = bbencode_first_pass_pda($text, $uid, '/\[quote=\\\\&quot;(.*?)\\\\&quot;\]/is', '[/quote]', '', false, '', "[quote:$uid=\\\"\\1\\\"]");

 	// [list] and [list=x] for (un)ordered lists.
 	$open_tag = array();
@@ -389,15 +389,15 @@ function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_
 				//
 				// We're going to try and catch usernames with "[' characters.
 				//
-				if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
+				if( preg_match('#\[quote=\\\&quot;#si', $possible_start, $match) && !preg_match('#\[quote=\\\&quot;(.*?)\\\&quot;\]#si', $possible_start) )
 				{
 					// OK we are in a quote tag that probably contains a ] bracket.
 					// Grab a bit more of the string to hopefully get all of it..
-					if ($close_pos = strpos($text, '"]', $curr_pos + 9))
+					if ($close_pos = strpos($text, '&quot;]', $curr_pos + 14))
 					{
-						if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false)
+						if (strpos(substr($text, $curr_pos + 14, $close_pos - ($curr_pos + 14)), '[quote') === false)
 						{
-							$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2);
+							$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 7);
 						}
 					}
 				}
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -139,6 +139,37 @@ function phpbb_rtrim($str, $charlist = false)
 	return $str;
 }

+/**
+* Our own generator of random values
+* This uses a constantly changing value as the base for generating the values
+* The board wide setting is updated once per page if this code is called
+* With thanks to Anthrax101 for the inspiration on this one
+* Added in phpBB 2.0.20
+*/
+function dss_rand()
+{
+	global $db, $board_config, $dss_seeded;
+
+	$val = $board_config['rand_seed'] . microtime();
+	$val = md5($val);
+	$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');
+   
+	if($dss_seeded !== true)
+	{
+		$sql = "UPDATE " . CONFIG_TABLE . " SET
+			config_value = '" . $board_config['rand_seed'] . "'
+			WHERE config_name = 'rand_seed'";
+		
+		if( !$db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql);
+		}
+
+		$dss_seeded = true;
+	}
+
+	return substr($val, 16);
+}
 //
 // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
 //
@@ -158,7 +189,7 @@ function get_userdata($user, $force_str = false)
 	$sql = "SELECT *
 		FROM " . USERS_TABLE . " 
 		WHERE ";
-	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  $user . "'" ) . " AND user_id <> " . ANONYMOUS;
+	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
 	if ( !($result = $db->sql_query($sql)) )
 	{
 		message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
@@ -372,7 +403,40 @@ function setup_style($style)

 	if ( !($row = $db->sql_fetchrow($result)) )
 	{
-		message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
+		// We are trying to setup a style which does not exist in the database
+		// Try to fallback to the board default (if the user had a custom style)
+		// and then any users using this style to the default if it succeeds
+		if ( $style != $board_config['default_style'])
+		{
+			$sql = 'SELECT *
+				FROM ' . THEMES_TABLE . '
+				WHERE themes_id = ' . $board_config['default_style'];
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(CRITICAL_ERROR, 'Could not query database for theme info');
+			}
+
+			if ( $row = $db->sql_fetchrow($result) )
+			{
+				$db->sql_freeresult($result);
+
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_style = ' . $board_config['default_style'] . "
+					WHERE user_style = $style";
+				if ( !($result = $db->sql_query($sql)) )
+				{
+					message_die(CRITICAL_ERROR, 'Could not update user theme info');
+				}
+			}
+			else
+			{
+				message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
+			}
+		}
+		else
+		{
+			message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
+		}
 	}

 	$template_path = 'templates/' ;
@@ -634,7 +698,7 @@ function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '',

 		if ( $err_line != '' && $err_file != '' )
 		{
-			$debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
+			$debug_text .= '<br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
 		}
 	}

@@ -661,11 +725,7 @@ function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '',
 			}
 		}

-		if ( empty($template) )
-		{
-			$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
-		}
-		if ( empty($theme) )
+		if ( empty($template) || empty($theme) )
 		{
 			$theme = setup_style($board_config['default_style']);
 		}
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@@ -25,8 +25,8 @@ if (!defined('IN_PHPBB'))
 	die('Hacking attempt');
 }

-$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
-$html_entities_replace = array('&amp;', '&lt;', '&gt;');
+$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
+$html_entities_replace = array('&amp;', '&lt;', '&gt;', '&quot;');

 $unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
 $unhtml_specialchars_replace = array('>', '<', '"', '&');
@@ -46,57 +46,25 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid

 	if ($html_on)
 	{
-		$allowed_html_tags = split(',', $board_config['allow_html_tags']);
+		// If HTML is on, we try to make it safe
+		// This approach is quite agressive and anything that does not look like a valid tag
+		// is going to get converted to HTML entities
+		$message = stripslashes($message);
+		$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
+		$matches = array();

-		$end_html = 0;
-		$start_html = 1;
-		$tmp_message = '';
-		$message = ' ' . $message . ' ';
+		$message_split = preg_split($html_match, $message);
+		preg_match_all($html_match, $message, $matches);

-		while ($start_html = strpos($message, '<', $start_html))
+		$message = '';
+
+		foreach ($message_split as $part)
 		{
-			$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
-
-			if ($end_html = strpos($message, '>', $start_html))
-			{
-				$length = $end_html - $start_html + 1;
-				$hold_string = substr($message, $start_html, $length);
-
-				if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
-				{
-					$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
-					$hold_string = substr($hold_string, $unclosed_open - 1);
-				}
-
-				$tagallowed = false;
-				for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
-				{
-					$match_tag = trim($allowed_html_tags[$i]);
-					if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
-					{
-						$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
-					}
-				}
-
-				$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
-
-				$start_html += $length;
-			}
-			else
-			{
-				$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
-
-				$start_html = strlen($message);
-				$end_html = $start_html;
-			}
+			$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
+			$message .= htmlspecialchars($part) . clean_html($tag);
 		}

-		if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
-		{
-			$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
-		}
-
-		$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
+		$message = addslashes($message);
 	}
 	else
 	{
@@ -187,7 +155,7 @@ function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on,
 				$option_text = trim($option_text);
 				if (!empty($option_text))
 				{
-					$temp_option_text[$option_id] = htmlspecialchars($option_text);
+					$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
 				}
 			}
 			$option_text = $temp_option_text;
@@ -850,4 +818,66 @@ function generate_smilies($mode, $page_id)
 	}
 }

+/**
+* Called from within prepare_message to clean included HTML tags if HTML is
+* turned on for that post
+* @param array $tag Matching text from the message to parse
+*/
+function clean_html($tag)
+{
+	global $board_config;
+
+	if (empty($tag[0]))
+	{
+		return '';
+	}
+
+	$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
+	$disallowed_attributes = '/^(?:style|on)/i';
+
+	// Check if this is an end tag
+	preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
+	if (sizeof($matches))
+	{
+		if (in_array(strtolower($matches[1]), $allowed_html_tags))
+		{
+			return  '</' . $matches[1] . '>';
+		}
+		else
+		{
+			return  htmlspecialchars('</' . $matches[1] . '>');
+		}
+	}
+
+	// Check if this is an allowed tag
+	if (in_array(strtolower($tag[1]), $allowed_html_tags))
+	{
+		$attributes = '';
+		if (!empty($tag[2]))
+		{
+			preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
+			for ($i = 0; $i < sizeof($test[0]); $i++)
+			{
+				if (preg_match($disallowed_attributes, $test[1][$i]))
+				{
+					continue;
+				}
+				$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('&#91;', '&#93;'), htmlspecialchars($test[3][$i])) . $test[2][$i];
+			}
+		}
+		if (in_array(strtolower($tag[1]), $allowed_html_tags))
+		{
+			return '<' . $tag[1] . $attributes . '>';
+		}
+		else
+		{
+			return htmlspecialchars('<' . $tag[1] . $attributes . '>');
+		}
+	}
+	// Finally, this is not an allowed tag so strip all the attibutes and escape it
+	else
+	{
+		return htmlspecialchars('<' .   $tag[1] . '>');
+	}
+}
 ?>
--- a/phpBB/includes/prune.php
+++ b/phpBB/includes/prune.php
@@ -31,6 +31,21 @@ function prune($forum_id, $prune_date, $prune_all = false)
 {
 	global $db, $lang;

+	// Before pruning, lets try to clean up the invalid topic entries
+	$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . '
+		WHERE topic_last_post_id = 0';
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql);
+	}
+
+	while( $row = $db->sql_fetchrow($result) )
+	{
+		sync('topic', $row['topic_id']);
+	}
+
+	$db->sql_freeresult($result);
+
 	$prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE;
 	//
 	// Those without polls and announcements ... unless told otherwise!
@@ -39,8 +54,7 @@ function prune($forum_id, $prune_date, $prune_all = false)
 		FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t
 		WHERE t.forum_id = $forum_id
 			$prune_all 
-			AND ( p.post_id = t.topic_last_post_id 
-				OR t.topic_last_post_id = 0 )";
+			AND p.post_id = t.topic_last_post_id";
 	if ( $prune_date != '' )
 	{
 		$sql .= " AND p.post_time < $prune_date";
--- a/phpBB/includes/sessions.php
+++ b/phpBB/includes/sessions.php
@@ -177,9 +177,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
 			AND session_ip = '$user_ip'";
 	if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
 	{
-		list($sec, $usec) = explode(' ', microtime());
-		mt_srand((float) $sec + ((float) $usec * 100000));
-		$session_id = md5(uniqid(mt_rand(), true));
+		$session_id = md5(dss_rand());

 		$sql = "INSERT INTO " . SESSIONS_TABLE . "
 			(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
@@ -212,9 +210,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
 		//
 		if ($enable_autologin)
 		{
-			list($sec, $usec) = explode(' ', microtime());
-			mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
-			$auto_login_key = uniqid(mt_rand(), true);
+			$auto_login_key = dss_rand() . dss_rand();
 			
 			if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
 			{
@@ -496,6 +492,65 @@ function session_clean($session_id)
 	return true;
 }

+/**
+* Reset all login keys for the specified user
+* Called on password changes
+*/
+function session_reset_keys($user_id, $user_ip)
+{
+	global $db, $userdata;
+
+	$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
+
+	$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
+		WHERE user_id = ' . (int) $user_id . "
+			$key_sql";
+
+	if ( !$db->sql_query($sql) )
+	{
+		message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
+	}
+
+	$where_sql = 'session_user_id = ' . (int) $user_id;
+	$where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
+	$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
+		WHERE $where_sql";
+	if ( !$db->sql_query($sql) )
+	{
+		message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
+	}
+
+	if ( !empty($key_sql) )
+	{
+		$auto_login_key = dss_rand() . dss_rand();
+
+		$current_time = time();
+		
+		$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
+			SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
+			WHERE key_id = '" . md5($userdata['session_key']) . "'";
+		
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
+		}
+
+		// And now rebuild the cookie
+		$sessiondata['userid'] = $user_id;
+		$sessiondata['autologinid'] = $autologin_id;
+		$cookiename = $board_config['cookie_name'];
+		$cookiepath = $board_config['cookie_path'];
+		$cookiedomain = $board_config['cookie_domain'];
+		$cookiesecure = $board_config['cookie_secure'];
+
+		setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
+		
+		$userdata['session_key'] = $auto_login_key;
+		unset($sessiondata);
+		unset($auto_login_key);
+	}
+}
+
 //
 // Append $SID to a url. Borrowed from phplib and modified. This is an
 // extra routine utilised by the session code above and acts as a wrapper
--- a/phpBB/includes/usercp_avatar.php
+++ b/phpBB/includes/usercp_avatar.php
@@ -100,6 +100,8 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
 		$avatar_filename = 'http://' . $avatar_filename;
 	}

+	$avatar_filename = substr($avatar_filename, 0, 100);
+
 	if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
 	{
 		$error = true;
--- a/phpBB/includes/usercp_confirm.php
+++ b/phpBB/includes/usercp_confirm.php
@@ -153,18 +153,17 @@ if (@extension_loaded('zlib'))
 }
 else
 {
-	if (!empty($HTTP_GET_VARS['c']))
-	{
-		$_png = define_raw_pngs();
+	$_png = define_raw_pngs();

-		$char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1);
-		header('Content-Type: image/png');
-		header('Cache-control: no-cache, no-store');
-		echo base64_decode($_png[$char]);
+	$c = intval($HTTP_GET_VARS['c']);
+	$char = substr($code, $c - 1, 1);
+	
+	header('Content-Type: image/png');
+	header('Cache-control: no-cache, no-store');
+	echo base64_decode($_png[$char]);

-		unset($_png);
-		exit;
-	}
+	unset($_png);
+	exit;
 }

 exit;
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -107,8 +107,7 @@ if (
 		$current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
 	}

-	$strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');
-	$strip_var_list['confirm_code'] = 'confirm_code';
+	$strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'confirm_code' => 'confirm_code');

 	// Strip all tags from data ... may p**s some people off, bah, strip_tags is
 	// doing the job but can still break HTML output ... have no choice, have
@@ -121,6 +120,8 @@ if (
 		}
 	}

+	$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
+
 	$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');

 	while( list($var, $param) = @each($trim_var_list) )
@@ -131,7 +132,8 @@ if (
 		}
 	}

-	$signature = str_replace('<br />', "\n", $signature);
+	$signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
+	$signature_bbcode_uid = '';

 	// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
 	// empty strings if they fail.
@@ -520,6 +522,13 @@ if ( isset($HTTP_POST_VARS['submit']) )
 				message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
 			}

+			// We remove all stored login keys since the password has been updated
+			// and change the current one (if applicable)
+			if ( !empty($passwd_sql) )
+			{
+				session_reset_keys($user_id, $user_ip);
+			}
+
 			if ( !$user_active )
 			{
 				//
@@ -762,6 +771,7 @@ if ( $error )
 	//
 	$username = stripslashes($username);
 	$email = stripslashes($email);
+	$cur_password = '';
 	$new_password = '';
 	$password_confirm = '';

@@ -786,6 +796,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
 	$user_id = $userdata['user_id'];
 	$username = $userdata['username'];
 	$email = $userdata['user_email'];
+	$cur_password = '';
 	$new_password = '';
 	$password_confirm = '';

@@ -977,17 +988,10 @@ else
 		}
 		$db->sql_freeresult($result);
 		
-		$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',  'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',  'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
-
-		list($usec, $sec) = explode(' ', microtime()); 
-		mt_srand($sec * $usec); 
-
-		$max_chars = count($confirm_chars) - 1;
-		$code = '';
-		for ($i = 0; $i < 6; $i++)
-		{
-			$code .= $confirm_chars[mt_rand(0, $max_chars)];
-		}
+		// Generate the required confirmation code
+		// NB 0 (zero) could get confused with O (the letter) so we make change it
+		$code = dss_rand();
+		$code = strtoupper(str_replace('0', 'o', substr($code, 6)));

 		$confirm_id = md5(uniqid($user_ip));

@@ -1015,11 +1019,11 @@ else
 	$form_enctype = ( @$ini_val('file_uploads') == '0' || strtolower(@$ini_val('file_uploads') == 'off') || phpversion() == '4.0.4pl1' || !$board_config['allow_avatar_upload'] || ( phpversion() < '4.0.3' && @$ini_val('open_basedir') != '' ) ) ? '' : 'enctype="multipart/form-data"';

 	$template->assign_vars(array(
-		'USERNAME' => $username,
-		'CUR_PASSWORD' => $cur_password,
-		'NEW_PASSWORD' => $new_password,
-		'PASSWORD_CONFIRM' => $password_confirm,
-		'EMAIL' => $email,
+		'USERNAME' => isset($username) ? $username : '',
+		'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
+		'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
+		'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
+		'EMAIL' => isset($email) ? $email : '',
 		'CONFIRM_IMG' => $confirm_image, 
 		'YIM' => $yim,
 		'ICQ' => $icq,
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -119,7 +119,10 @@ if( !($result = $db->sql_query($sql)) )
 }

 $category_rows = array();
-while( $category_rows[] = $db->sql_fetchrow($result) );
+while ($row = $db->sql_fetchrow($result))
+{
+	$category_rows[] = $row;
+}
 $db->sql_freeresult($result);

 if( ( $total_categories = count($category_rows) ) )
@@ -299,6 +302,19 @@ if( ( $total_categories = count($category_rows) ) )
 		'U_MARK_READ' => append_sid("index.$phpEx?mark=forums"))
 	);

+	//
+	// Let's decide which categories we should display
+	//
+	$display_categories = array();
+
+	for ($i = 0; $i < $total_forums; $i++ )
+	{
+		if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view'])
+		{
+			$display_categories[$forum_data[$i]['cat_id']] = true;
+		}
+	}
+
 	//
 	// Okay, let's build the index
 	//
@@ -306,23 +322,11 @@ if( ( $total_categories = count($category_rows) ) )
 	{
 		$cat_id = $category_rows[$i]['cat_id'];

-		//
-		// Should we display this category/forum set?
-		//
-		$display_forums = false;
-		for($j = 0; $j < $total_forums; $j++)
-		{
-			if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id )
-			{
-				$display_forums = true;
-			}
-		}
-
 		//
 		// Yes, we should, so first dump out the category
 		// title, then, if appropriate the forum list
 		//
-		if ( $display_forums )
+		if (isset($display_categories[$cat_id]) && $display_categories[$cat_id])
 		{
 			$template->assign_block_vars('catrow', array(
 				'CAT_ID' => $cat_id,
--- a/phpBB/install/install.php
+++ b/phpBB/install/install.php
@@ -333,7 +333,7 @@ $available_dbms = array(
 		'COMMENTS'		=> 'remove_remarks'
 	), 
 	'mysql4' => array(
-		'LABEL'			=> 'MySQL 4.x',
+		'LABEL'			=> 'MySQL 4.x/5.x',
 		'SCHEMA'		=> 'mysql', 
 		'DELIM'			=> ';', 
 		'DELIM_BASIC'	=> ';',
--- a/phpBB/install/schemas/ms_access_primer.zip
+++ b/phpBB/install/schemas/ms_access_primer.zip
--- a/phpBB/install/schemas/mssql_basic.sql
+++ b/phpBB/install/schemas/mssql_basic.sql
@@ -41,7 +41,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sentbox_privms
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_savebox_privmsgs','50');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_email_sig','Thanks, The Management');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_email','youraddress@yourdomain.com');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_autologin','1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_autologin_time','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_delivery','0');
@@ -51,6 +51,9 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_password','')
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('sendmail_fix','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval','15');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_flood_interval','15');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_email_form','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_filesize','6144');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_max_width','80');
@@ -71,7 +74,8 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www.yourdomain.tld');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.18');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');

 /*
  -- Categories
@@ -86,7 +90,7 @@ SET IDENTITY_INSERT phpbb_categories OFF;
 /*
  -- Forums
 */
-INSERT INTO phpbb_forums (forum_id, cat_id, forum_name, forum_desc, forum_status, forum_order, forum_posts, forum_topics, forum_last_post_id, prune_next, prune_enable, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 1, 'Test Forum 1', 'This is just a test forum, nothing special here.', '', 1, 1, 1, 1, '', 1, '', '', '', '', 1, 1, 3, 3, 1, 1, 3);
+INSERT INTO phpbb_forums (forum_id, cat_id, forum_name, forum_desc, forum_status, forum_order, forum_posts, forum_topics, forum_last_post_id, prune_next, prune_enable, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 1, 'Test Forum 1', 'This is just a test forum, nothing special here.', '', 1, 1, 1, 1, '', 1, '', '', 1, 1, 1, 1, 3, 3, 1, 1, 3);

 /*
  -- Users
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
@@ -165,6 +165,7 @@ GO
 CREATE TABLE [phpbb_search_results] (
 	[search_id] [int] NOT NULL ,
 	[session_id] [char] (32) NOT NULL ,
+	[search_time] [int] NOT NULL ,
 	[search_array] [text] NOT NULL
 ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
 GO
@@ -342,6 +343,8 @@ CREATE TABLE [phpbb_users] (
 	[user_new_privmsg] [smallint] NOT NULL ,
 	[user_unread_privmsg] [smallint] NOT NULL ,
 	[user_last_privmsg] [int] NOT NULL ,
+	[user_login_tries] [smallint] NOT NULL ,
+	[user_last_login_try] [int] NOT NULL ,
 	[user_emailtime] [int] NOT NULL ,
 	[user_viewemail] [smallint] NULL ,
 	[user_attachsig] [smallint] NULL ,
@@ -591,6 +594,10 @@ ALTER TABLE [phpbb_posts] WITH NOCHECK ADD
 	CONSTRAINT [DF_phpbb_posts_post_edit_count] DEFAULT (0) FOR [post_edit_count]
 GO

+ALTER TABLE [phpbb_search_results] WITH NOCHECK ADD
+	CONSTRAINT [DF_phpbb_search_results_search_time] DEFAULT (0) FOR [search_time]
+GO
+
 ALTER TABLE [phpbb_search_wordlist] WITH NOCHECK ADD
 	CONSTRAINT [DF_phpbb_search_wordlist_word_common] DEFAULT (0) FOR [word_common]
 GO
@@ -613,6 +620,8 @@ ALTER TABLE [phpbb_users] WITH NOCHECK ADD
 	CONSTRAINT [DF_phpbb_users_user_new_privmsg] DEFAULT (0) FOR [user_new_privmsg],
 	CONSTRAINT [DF_phpbb_users_user_unread_privmsg] DEFAULT (0) FOR [user_unread_privmsg],
 	CONSTRAINT [DF_phpbb_users_user_last_privmsg] DEFAULT (0) FOR [user_last_privmsg],
+	CONSTRAINT [DF_phpbb_users_user_login_tries] DEFAULT (0) FOR [user_login_tries],
+	CONSTRAINT [DF_phpbb_users_user_last_login_try] DEFAULT (0) FOR [user_last_login_try],
 	CONSTRAINT [DF_phpbb_users_user_emailtime] DEFAULT (0) FOR [user_emailtime],
 	CONSTRAINT [DF_phpbb_users_user_viewemail] DEFAULT (1) FOR [user_viewemail],
 	CONSTRAINT [DF_phpbb_users_user_attachsig] DEFAULT (1) FOR [user_attachsig],
@@ -679,7 +688,7 @@ GO
 CREATE  INDEX [IX_phpbb_sessions_keys] ON [phpbb_sessions_keys]([key_id], [user_id]) ON [PRIMARY]
 GO

- CREATE  INDEX [IX_phpbb_sessions_keys] ON [phpbb_sessions_keys]([last_login]) ON [PRIMARY]
+ CREATE  INDEX [IX_phpbb_sessions_keys_1] ON [phpbb_sessions_keys]([last_login]) ON [PRIMARY]
 GO

 CREATE  INDEX [IX_phpbb_topics] ON [phpbb_topics]([forum_id], [topic_type], [topic_first_post_id], [topic_last_post_id]) ON [PRIMARY]
--- a/phpBB/install/schemas/mysql_basic.sql
+++ b/phpBB/install/schemas/mysql_basic.sql
@@ -23,7 +23,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_theme_create
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_local','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_remote','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_upload','0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_autologin','1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_autologin_time','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('override_user_style','0');
@@ -44,6 +44,9 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_password','')
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('sendmail_fix','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval','15');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_flood_interval','15');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_email_form','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_filesize','6144');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_max_width','80');
@@ -64,7 +67,8 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www.myserver.tld');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.18');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');


 # -- Categories
@@ -72,7 +76,7 @@ INSERT INTO phpbb_categories (cat_id, cat_title, cat_order) VALUES (1, 'Test cat


 # -- Forums
-INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 'Test Forum 1', 'This is just a test forum.', 1, 10, 1, 1, 1, 0, 0, 0, 0, 1, 1, 3, 3, 1, 1, 3);
+INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 'Test Forum 1', 'This is just a test forum.', 1, 10, 1, 1, 1, 0, 0, 1, 1, 1, 1, 3, 3, 1, 1, 3);


 # -- Users
--- a/phpBB/install/schemas/mysql_schema.sql
+++ b/phpBB/install/schemas/mysql_schema.sql
@@ -194,7 +194,7 @@ CREATE TABLE phpbb_posts (
 #
 CREATE TABLE phpbb_posts_text (
   post_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
-   bbcode_uid char(10) NOT NULL,
+   bbcode_uid char(10) DEFAULT '' NOT NULL,
   post_subject char(60),
   post_text text,
   PRIMARY KEY (post_id)
@@ -256,6 +256,7 @@ CREATE TABLE phpbb_ranks (
 CREATE TABLE phpbb_search_results (
  search_id int(11) UNSIGNED NOT NULL default '0',
  session_id char(32) NOT NULL default '',
+  search_time int(11) DEFAULT '0' NOT NULL,
  search_array text NOT NULL,
  PRIMARY KEY  (search_id),
  KEY session_id (session_id)
@@ -492,6 +493,8 @@ CREATE TABLE phpbb_users (
   user_new_privmsg smallint(5) UNSIGNED DEFAULT '0' NOT NULL,
   user_unread_privmsg smallint(5) UNSIGNED DEFAULT '0' NOT NULL,
   user_last_privmsg int(11) DEFAULT '0' NOT NULL,
+   user_login_tries smallint(5) UNSIGNED DEFAULT '0' NOT NULL,
+   user_last_login_try int(11) DEFAULT '0' NOT NULL,
   user_emailtime int(11),
   user_viewemail tinyint(1),
   user_attachsig tinyint(1),
--- a/phpBB/install/schemas/postgres_basic.sql
+++ b/phpBB/install/schemas/postgres_basic.sql
@@ -24,7 +24,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_theme_create
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_local','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_remote','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_upload','0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_autologin','1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_autologin_time','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('override_user_style','0');
@@ -45,6 +45,9 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_password','')
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('sendmail_fix','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval','15');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_flood_interval','15');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_login_attempts', '5');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('login_reset_time', '30');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_email_form','0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_filesize','6144');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_max_width','80');
@@ -65,14 +68,15 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www.yourdomain.tld');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.18');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');

 -- Categories
 INSERT INTO phpbb_categories (cat_id, cat_title, cat_order) VALUES (1, 'Test category 1', 10);


 -- Forums
-INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 'Test Forum 1', 'This is just a test forum.', 1, 10, 1, 1, 1, 0, 0, 0, 0, 1, 1, 3, 3, 1, 1, 3);
+INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 'Test Forum 1', 'This is just a test forum.', 1, 10, 1, 1, 1, 0, 0, 1, 1, 1, 1, 3, 3, 1, 1, 3);

 -- Users
 INSERT INTO phpbb_users (user_id, username, user_level, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_viewemail, user_style, user_aim, user_yim, user_msnm, user_posts, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_pm, user_notify_pm, user_allow_viewonline, user_rank, user_avatar, user_lang, user_timezone, user_dateformat, user_actkey, user_newpasswd, user_notify, user_active) VALUES ( -1, 'Anonymous', 0, 0, '', '', '', '', '', '', '', '', 0, NULL, '', '', '', 0, 0, 1, 1, 1, 0, 1, 1, NULL, '', '', 0, '', '', '', 0, 0);
--- a/phpBB/install/schemas/postgres_schema.sql
+++ b/phpBB/install/schemas/postgres_schema.sql
@@ -248,6 +248,7 @@ CREATE TABLE phpbb_ranks (
 CREATE TABLE phpbb_search_results (
  search_id int4 NOT NULL default '0',
  session_id char(32) NOT NULL default '',
+  search_time int4 DEFAULT '0' NOT NULL,
  search_array text NOT NULL,
  CONSTRAINT phpbb_search_results_pkey PRIMARY KEY (search_id)
 );
@@ -488,6 +489,8 @@ CREATE TABLE phpbb_users (
   user_new_privmsg int2 DEFAULT '0' NOT NULL,
   user_unread_privmsg int2 DEFAULT '0' NOT NULL,
   user_last_privmsg int4 DEFAULT '0' NOT NULL,
+   user_login_tries int2 DEFAULT '0' NOT NULL,
+   user_last_login_try int4 DEFAULT '0' NOT NULL,
   user_emailtime int4,
   user_viewemail int2,
   user_attachsig int2,
@@ -502,7 +505,7 @@ CREATE TABLE phpbb_users (
   user_avatar_type int2 DEFAULT '0' NOT NULL,
   user_level int4 DEFAULT '0',
   user_lang varchar(255),
-   user_timezone decimal(5) DEFAULT '0' NOT NULL,
+   user_timezone decimal(5,2) DEFAULT '0.0' NOT NULL,
   user_dateformat varchar(14) DEFAULT 'd M Y H:i' NOT NULL,
   user_notify_pm int2 DEFAULT '0' NOT NULL,
   user_popup_pm int2 DEFAULT '0' NOT NULL,
--- a/phpBB/install/update_to_latest.php
+++ b/phpBB/install/update_to_latest.php
@@ -59,7 +59,7 @@ include($phpbb_root_path . 'includes/db.'.$phpEx);
 //
 //
 //
-$updates_to_version = '.0.18';
+$updates_to_version = '.0.20';
 //
 //
 //
@@ -570,7 +570,7 @@ switch ($row['config_value'])
 				$sql[] = 'CREATE TABLE [' . $table_prefix . 'sessions_keys] ([key_id] [char] (32) NOT NULL , [user_id] [int] NOT NULL , [last_ip] [char] (8) NOT NULL , [last_login] [int] NOT NULL) ON [PRIMARY]';

 				$sql[] = 'CREATE INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([key_id], [user_id]) ON [PRIMARY]';
-				$sql[] = 'CREATE  INDEX [IX_' . $table_prefix . 'sessions_keys] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]';
+				$sql[] = 'CREATE  INDEX [IX_' . $table_prefix . 'sessions_keys_1] ON [' . $table_prefix . 'sessions_keys]([last_login]) ON [PRIMARY]';
 				break;

 			case 'msaccess':
@@ -584,6 +584,79 @@ switch ($row['config_value'])
 				break;
 		}

+	case '.0.18':
+
+		// Add login columns to user table
+		switch (SQL_LAYER)
+		{
+			case 'mysql':
+			case 'mysql4':
+				$sql[] = "ALTER TABLE " . USERS_TABLE . "
+					ADD COLUMN user_login_tries smallint(5) UNSIGNED DEFAULT '0' NOT NULL";
+				$sql[] = "ALTER TABLE " . USERS_TABLE . "
+					ADD COLUMN user_last_login_try int(11) DEFAULT '0' NOT NULL";
+				break;
+
+			case 'postgresql':
+				$sql[] = "ALTER TABLE " . USERS_TABLE . "
+					ADD COLUMN user_login_tries int2";
+				$sql[] = "ALTER TABLE " . USERS_TABLE . "
+					ALTER COLUMN user_login_tries SET DEFAULT '0'";
+				$sql[] = "ALTER TABLE " . USERS_TABLE . "
+					ADD COLUMN user_last_login_try int4";
+				$sql[] = "ALTER TABLE " . USERS_TABLE . "
+					ALTER COLUMN user_last_login_try SET DEFAULT '0'";
+				break;
+
+			case 'mssql-odbc':
+			case 'mssql':
+				$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
+					user_login_tries smallint NOT NULL,
+					CONSTRAINT [DF_" . $table_prefix . "users_user_login_tries] DEFAULT (0) FOR [user_login_tries]";
+				$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
+					user_last_login_try int NOT NULL,
+					CONSTRAINT [DF_" . $table_prefix . "users_user_last_login_try] DEFAULT (0) FOR [user_last_login_try]";
+				break;
+
+			case 'msaccess':
+				$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
+					user_login_tries smallint NOT NULL";
+				$sql[] = "ALTER TABLE " . USERS_TABLE . " ADD
+					user_last_login_try int NOT NULL";
+				break;
+		}
+
+	case '.0.19':
+
+		// Add search time to the search table
+		switch (SQL_LAYER)
+		{
+			case 'mysql':
+			case 'mysql4':
+				$sql[] = "ALTER TABLE " . SEARCH_TABLE . "
+					ADD COLUMN search_time int(11) DEFAULT '0' NOT NULL";
+				break;
+
+			case 'postgresql':
+				$sql[] = "ALTER TABLE " . SEARCH_TABLE . "
+					ADD COLUMN search_time int4";
+				$sql[] = "ALTER TABLE " . SEARCH_TABLE . "
+					ALTER COLUMN search_time SET DEFAULT '0'";
+				break;
+
+			case 'mssql-odbc':
+			case 'mssql':
+				$sql[] = "ALTER TABLE " . SEARCH_TABLE . " ADD
+					search_time int NOT NULL,
+					CONSTRAINT [DF_" . $table_prefix . "search_results_search_time] DEFAULT (0) FOR [search_time]";
+				break;
+
+			case 'msaccess':
+				$sql[] = "ALTER TABLE " . SEARCH_TABLE . " ADD
+					search_time int NOT NULL";
+				break;
+		}
+
 		break;
 }

@@ -999,9 +1072,34 @@ switch ($row['config_value'])
 			VALUES ('max_autologin_time', '0')";
 		_sql($sql, $errored, $error_ary);
 		
+	case '.0.18':
+
+		$sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value)
+			VALUES ('max_login_attempts', '5')";
+		_sql($sql, $errored, $error_ary);
+
+		$sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value)
+			VALUES ('login_reset_time', '30')";
+		_sql($sql, $errored, $error_ary);
+
+	case '.0.19':
+
+		$sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value)
+			VALUES ('search_flood_interval', '15')";
+		_sql($sql, $errored, $error_ary);
+
+		$sql = 'INSERT INTO ' . CONFIG_TABLE . " (config_name, config_value)
+			VALUES ('rand_seed', '0')";
+		_sql($sql, $errored, $error_ary);
+
 		// We reset those having autologin enabled and forcing the re-assignment of a session id
+		// since there have been changes to the way these are handled from previous versions
 		$sql = 'DELETE FROM ' . SESSIONS_TABLE;
 		_sql($sql, $errored, $error_ary);
+
+		$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE;
+		_sql($sql, $errored, $error_ary);
+
 		break;

 	default:
@@ -1026,7 +1124,7 @@ switch (SQL_LAYER)
 {
 	case 'mysql':
 	case 'mysql4':
-		$sql = 'OPTIMIZE TABLE ' . $table_prefix . 'auth_access, ' . $table_prefix . 'banlist, ' . $table_prefix . 'categories, ' . $table_prefix . 'config, ' . $table_prefix . 'disallow, ' . $table_prefix . 'forum_prune, ' . $table_prefix . 'forums, ' . $table_prefix . 'groups, ' . $table_prefix . 'posts, ' . $table_prefix . 'posts_text, ' . $table_prefix . 'privmsgs, ' . $table_prefix . 'privmsgs_text, ' . $table_prefix . 'ranks, ' . $table_prefix . 'search_results, ' . $table_prefix . 'search_wordlist, ' . $table_prefix . 'search_wordmatch, ' . $table_prefix . 'smilies, ' . $table_prefix . 'themes, ' . $table_prefix . 'themes_name, ' . $table_prefix . 'topics, ' . $table_prefix . 'topics_watch, ' . $table_prefix . 'user_group, ' . $table_prefix . 'users, ' . $table_prefix . 'vote_desc, ' . $table_prefix . 'vote_results, ' . $table_prefix . 'vote_voters, ' . $table_prefix . 'words';
+		$sql = 'OPTIMIZE TABLE ' . $table_prefix . 'auth_access, ' . $table_prefix . 'banlist, ' . $table_prefix . 'categories, ' . $table_prefix . 'config, ' . $table_prefix . 'disallow, ' . $table_prefix . 'forum_prune, ' . $table_prefix . 'forums, ' . $table_prefix . 'groups, ' . $table_prefix . 'posts, ' . $table_prefix . 'posts_text, ' . $table_prefix . 'privmsgs, ' . $table_prefix . 'privmsgs_text, ' . $table_prefix . 'ranks, ' . $table_prefix . 'search_results, ' . $table_prefix . 'search_wordlist, ' . $table_prefix . 'search_wordmatch, ' . $table_prefix . 'sessions_keys' . $table_prefix . 'smilies, ' . $table_prefix . 'themes, ' . $table_prefix . 'themes_name, ' . $table_prefix . 'topics, ' . $table_prefix . 'topics_watch, ' . $table_prefix . 'user_group, ' . $table_prefix . 'users, ' . $table_prefix . 'vote_desc, ' . $table_prefix . 'vote_results, ' . $table_prefix . 'vote_voters, ' . $table_prefix . 'words';
 		_sql($sql, $errored, $error_ary);
 		break;

--- a/phpBB/language/lang_english/email/group_request.tpl
+++ b/phpBB/language/lang_english/email/group_request.tpl
@@ -3,7 +3,7 @@ Charset: iso-8859-1

 Dear {GROUP_MODERATOR},

-A user has requested to join a group you moderator on {SITENAME}.
+A user has requested to join a group you moderate on {SITENAME}.
 To approve or deny this request for group membership please visit the following link:

 {U_GROUPCP}
--- a/phpBB/language/lang_english/email/user_activate_passwd.tpl
+++ b/phpBB/language/lang_english/email/user_activate_passwd.tpl
@@ -9,7 +9,7 @@ To use the new password you need to activate it. To do this click the link provi

 {U_ACTIVATE}

-If sucessful you will be able to login using the following password:
+If successful you will be able to login using the following password:

 Password: {PASSWORD}

--- a/phpBB/language/lang_english/lang_admin.php
+++ b/phpBB/language/lang_english/lang_admin.php
@@ -341,6 +341,10 @@ $lang['Allow_autologin_explain'] = 'Determines whether users are allowed to sele
 $lang['Autologin_time'] = 'Automatic login key expiry';
 $lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.';

+// Search Flood Control - added 2.0.20
+$lang['Search_Flood_Interval'] = 'Search Flood Interval';
+$lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests'; 
+
 //
 // Forum Management
 //
@@ -425,6 +429,7 @@ $lang['smiley_import_success'] = 'The Smiley Pack was imported successfully!';
 $lang['smiley_del_success'] = 'The Smiley was successfully removed';
 $lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration';

+$lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?';

 //
 // User Management
@@ -518,6 +523,8 @@ $lang['Word_removed'] = 'The selected word censor has been successfully removed'

 $lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration';

+$lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?';
+

 //
 // Mass Email
@@ -557,6 +564,7 @@ $lang['No_update_ranks'] = 'The rank was successfully deleted. However, user acc

 $lang['Click_return_rankadmin'] = 'Click %sHere%s to return to Rank Administration';

+$lang['Confirm_delete_rank'] = 'Are you sure you want to delete this rank?';

 //
 // Disallow Username Admin
@@ -743,6 +751,14 @@ $lang['Socket_functions_disabled'] = 'Unable to use socket functions.';
 $lang['Mailing_list_subscribe_reminder'] = 'For the latest information on updates to phpBB, why not <a href="http://www.phpbb.com/support/" target="_new">subscribe to our mailing list</a>.';
 $lang['Version_information'] = 'Version Information';

+//
+// Login attempts configuration
+//
+$lang['Max_login_attempts'] = 'Allowed login attempts';
+$lang['Max_login_attempts_explain'] = 'The number of allowed board login attempts.';
+$lang['Login_reset_time'] = 'Login lock time';
+$lang['Login_reset_time_explain'] = 'Time in minutes the user have to wait until he is allowed to login again after exceeding the number of allowed login attempts.';
+
 //
 // That's all Folks!
 // -------------------------------------------------
--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@@ -784,6 +784,7 @@ $lang['No_searchable_forums'] = 'You do not have permissions to search any forum
 $lang['No_search_match'] = 'No topics or posts met your search criteria';
 $lang['Found_search_match'] = 'Search found %d match'; // eg. Search found 1 match
 $lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches
+$lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.';

 $lang['Close_window'] = 'Close Window';

@@ -1014,6 +1015,8 @@ $lang['An_error_occured'] = 'An Error Occurred';
 $lang['A_critical_error'] = 'A Critical Error Occurred';

 $lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.';
+$lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.';
+$lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted';

 //
 // That's all, Folks!
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -57,7 +57,7 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 		$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
 		$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

-		$sql = "SELECT user_id, username, user_password, user_active, user_level
+		$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
 			FROM " . USERS_TABLE . "
 			WHERE username = '" . str_replace("\\'", "''", $username) . "'";
 		if ( !($result = $db->sql_query($sql)) )
@@ -73,6 +73,20 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 			}
 			else
 			{
+				// If the last login is more than x minutes ago, then reset the login tries/time
+				if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
+				{
+					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
+					$row['user_last_login_try'] = $row['user_login_tries'] = 0;
+				}
+				
+				// Check to see if user is allowed to login again... if his tries are exceeded
+				if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && 
+					$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
+				{
+					message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
+				}
+
 				if( md5($password) == $row['user_password'] && $row['user_active'] )
 				{
 					$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
@@ -80,6 +94,9 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 					$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
 					$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);

+					// Reset login tries
+					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
+
 					if( $session_id )
 					{
 						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
@@ -90,8 +107,18 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 						message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
 					}
 				}
-				else
+				// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
+				elseif( $row['user_active'] )
 				{
+					// Save login tries and last login
+					if ($row['user_id'] != ANONYMOUS)
+					{
+						$sql = 'UPDATE ' . USERS_TABLE . '
+							SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
+							WHERE user_id = ' . $row['user_id'];
+						$db->sql_query($sql);
+					}
+					
 					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
 					$redirect = str_replace('?', '&', $redirect);

--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -228,8 +228,8 @@ if ( $row = $db->sql_fetchrow($result) )
 		$yim = ( $row['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&amp;.src=pg">' . $lang['YIM'] . '</a>' : '';

 		$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&amp;showresults=posts");
-		$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
-		$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';
+		$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username) . '" title="' . sprintf($lang['Search_user_posts'], $username) . '" border="0" /></a>';
+		$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username) . '</a>';

 		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
 		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
--- a/phpBB/modcp.php
+++ b/phpBB/modcp.php
@@ -230,6 +230,11 @@ switch( $mode )

 		if ( $confirm )
 		{
+  			if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
+			{
+				message_die(GENERAL_MESSAGE, $lang['None_selected']);
+			}
+
 			include($phpbb_root_path . 'includes/functions_search.'.$phpEx);

 			$topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id);
@@ -256,6 +261,11 @@ switch( $mode )
 			}
 			$db->sql_freeresult($result);

+			if ( $topic_id_sql == '')
+			{
+				message_die(GENERAL_MESSAGE, $lang['None_selected']);
+			}
+
 			$sql = "SELECT poster_id, COUNT(post_id) AS posts 
 				FROM " . POSTS_TABLE . " 
 				WHERE topic_id IN ($topic_id_sql) 
@@ -737,6 +747,11 @@ switch( $mode )
 			}
 			$db->sql_freeresult($result);

+			if ($post_id_sql == '')
+			{
+				message_die(GENERAL_MESSAGE, $lang['None_selected']);
+			}
+
 			$sql = "SELECT post_id, poster_id, topic_id, post_time
 				FROM " . POSTS_TABLE . "
 				WHERE post_id IN ($post_id_sql) 
@@ -987,7 +1002,7 @@ switch( $mode )
 		}

 		$ip_this_post = decode_ip($post_row['poster_ip']);
-		$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post;
+		$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post;

 		$poster_id = $post_row['poster_id'];

@@ -1033,7 +1048,7 @@ switch( $mode )
 				}

 				$ip = decode_ip($row['poster_ip']);
-				$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip;
+				$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip;

 				$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
 				$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -627,7 +627,7 @@ if( $refresh || isset($HTTP_POST_VARS['del_poll_option']) || $error_msg != '' )
 			}
 			else if ( !empty($option_text) ) 
 			{
-				$poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));
+				$poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text)));
 			}
 		}
 	}
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@@ -35,8 +35,8 @@ if ( !empty($board_config['privmsg_disable']) )
 	message_die(GENERAL_MESSAGE, 'PM_disabled');
 }

-$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
-$html_entities_replace = array('&amp;', '&lt;', '&gt;');
+$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
+$html_entities_replace = array('&amp;', '&lt;', '&gt;', '&quot;');

 //
 // Parameters
@@ -1187,7 +1187,7 @@ else if ( $submit || $refresh || $mode != '' )
 			$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['No_to_user'];
 		}

-		$privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject']));
+		$privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
 		if ( empty($privmsg_subject) )
 		{
 			$error = TRUE;
@@ -1309,7 +1309,7 @@ else if ( $submit || $refresh || $mode != '' )

 		if ( !$db->sql_query($sql, END_TRANSACTION) )
 		{
-			message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);
+			message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql);
 		}

 		if ( $mode != 'edit' )
@@ -1374,7 +1374,7 @@ else if ( $submit || $refresh || $mode != '' )
 		//
 		$to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : '';

-		$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : '';
+		$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';
 		$privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : '';
 		$privmsg_message = preg_replace('#<textarea>#si', '&lt;textarea&gt;', $privmsg_message);
 		if ( !$preview )
@@ -1507,7 +1507,11 @@ else if ( $submit || $refresh || $mode != '' )
 				redirect(append_sid("privmsg.$phpEx?folder=$folder", true));
 			}

+			$orig_word = $replacement_word = array();
+			obtain_word_list($orig_word, $replace_word);
+
 			$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
+			$privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);

 			$to_username = $privmsg['username'];
 			$to_userid = $privmsg['user_id'];
@@ -1520,6 +1524,7 @@ else if ( $submit || $refresh || $mode != '' )
 				$privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message);
 				$privmsg_message = str_replace('<br />', "\n", $privmsg_message);
 				$privmsg_message = preg_replace('#</textarea>#si', '&lt;/textarea&gt;', $privmsg_message);
+				$privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);
 				
 				$msg_date =  create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); 

@@ -1741,9 +1746,6 @@ else if ( $submit || $refresh || $mode != '' )
 	//
 	generate_smilies('inline', PAGE_PRIVMSGS);

-	$privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject);
-	$privmsg_subject = str_replace('"', '&quot;', $privmsg_subject);
-
 	$template->assign_vars(array(
 		'SUBJECT' => $privmsg_subject, 
 		'USERNAME' => $to_username,
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -60,18 +60,9 @@ $server_url = $server_protocol . $server_name . $server_port . $script_name;
 //
 function gen_rand_string($hash)
 {
-	$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J',  'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T',  'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');
-	
-	$max_chars = count($chars) - 1;
-	srand( (double) microtime()*1000000);
-	
-	$rand_str = '';
-	for($i = 0; $i < 8; $i++)
-	{
-		$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
-	}
+	$rand_str = dss_rand();

-	return ( $hash ) ? md5($rand_str) : $rand_str;
+	return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);
 }
 //
 // End page specific functions
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -153,12 +153,31 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 	//
 	// Search ID Limiter, decrease this value if you experience further timeout problems with searching forums
 	$limiter = 5000;
+	$current_time = time();

 	//
 	// Cycle through options ...
 	//
 	if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
 	{
+		//
+		// Flood control
+		//
+		$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id'];
+		$sql = 'SELECT MAX(sr.search_time) AS last_search_time
+			FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se
+			WHERE sr.session_id = se.session_id
+				AND $where_sql";
+		if ($result = $db->sql_query($sql))
+		{
+			if ($row = $db->sql_fetchrow($result))
+			{
+				if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval']))
+				{
+					message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
+				}
+			}
+		}
 		if ( $search_id == 'newposts' || $search_id == 'egosearch' || ( $search_author != '' && $search_keywords == '' )  )
 		{
 			if ( $search_id == 'newposts' )
@@ -197,13 +216,13 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 			}
 			else
 			{
-				if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
+				$search_author = str_replace('*', '%', trim($search_author));
+
+				if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
 				{
 					$search_author = '';
 				}

-				$search_author = str_replace('*', '%', trim($search_author));
-				
 				$sql = "SELECT user_id
 					FROM " . USERS_TABLE . "
 					WHERE username LIKE '" . str_replace("\'", "''", $search_author) . "'";
@@ -420,12 +439,12 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		//
 		if ( $search_author != '' )
 		{
-			if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
+			$search_author = str_replace('*', '%', trim($search_author));
+
+			if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
 			{
 				$search_author = '';
 			}
-
-			$search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author)));
 		}

 		if ( $total_match_count )
@@ -629,28 +648,13 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		}

 		//
-		// Finish building query (for all combinations)
-		// and run it ...
+		// Delete old data from the search result table
 		//
-		$sql = "SELECT session_id 
-			FROM " . SESSIONS_TABLE;
-		if ( $result = $db->sql_query($sql) )
+		$sql = 'DELETE FROM ' . SEARCH_TABLE . '
+			WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
+		if ( !$result = $db->sql_query($sql) )
 		{
-			$delete_search_ids = array();
-			while( $row = $db->sql_fetchrow($result) )
-			{
-				$delete_search_ids[] = "'" . $row['session_id'] . "'";
-			}
-
-			if ( count($delete_search_ids) )
-			{
-				$sql = "DELETE FROM " . SEARCH_TABLE . " 
-					WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
-				if ( !$result = $db->sql_query($sql) )
-				{
-					message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
-				}
-			}
+			message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
 		}

 		//
@@ -691,12 +695,12 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		$search_id = mt_rand();

 		$sql = "UPDATE " . SEARCH_TABLE . " 
-			SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "'
+			SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "'
 			WHERE session_id = '" . $userdata['session_id'] . "'";
 		if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
 		{
-			$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) 
-				VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";
+			$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array) 
+				VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')";
 			if ( !($result = $db->sql_query($sql)) )
 			{
 				message_die(GENERAL_ERROR, 'Could not insert search results', '', __LINE__, __FILE__, $sql);
--- a/phpBB/templates/subSilver/admin/board_config_body.tpl
+++ b/phpBB/templates/subSilver/admin/board_config_body.tpl
@@ -55,6 +55,18 @@
 		<td class="row1">{L_FLOOD_INTERVAL} <br /><span class="gensmall">{L_FLOOD_INTERVAL_EXPLAIN}</span></td>
 		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="flood_interval" value="{FLOOD_INTERVAL}" /></td>
 	</tr>
+	<tr>
+		<td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td>
+		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td>
+	</tr>
+	<tr>
+		<td class="row1">{L_MAX_LOGIN_ATTEMPTS}<br /><span class="gensmall">{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></td>
+		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></td>
+	</tr>
+	<tr>
+		<td class="row1">{L_LOGIN_RESET_TIME}<br /><span class="gensmall">{L_LOGIN_RESET_TIME_EXPLAIN}</span></td>
+		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="login_reset_time" value="{LOGIN_RESET_TIME}" /></td>
+	</tr>
 	<tr>
 		<td class="row1">{L_TOPICS_PER_PAGE}</td>
 		<td class="row2"><input class="post" type="text" name="topics_per_page" size="3" maxlength="4" value="{TOPICS_PER_PAGE}" /></td>
--- a/phpBB/templates/subSilver/admin/confirm_body.tpl
+++ b/phpBB/templates/subSilver/admin/confirm_body.tpl
@@ -0,0 +1,11 @@
+ 
+<table class="forumline" width="100%" cellspacing="1" cellpadding="4" border="0">
+	<tr>
+		<th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th>
+	</tr>
+	<tr>
+		<td class="row1" align="center"><form action="{S_CONFIRM_ACTION}" method="post"><span class="gen"><br />{MESSAGE_TEXT}<br /><br />{S_HIDDEN_FIELDS}<input type="submit" name="confirm" value="{L_YES}" class="mainoption" />&nbsp;&nbsp;<input type="submit" name="cancel" value="{L_NO}" class="liteoption" /></span></form></td>
+	</tr>
+</table>
+
+<br clear="all" />
--- a/phpBB/templates/subSilver/admin/index_body.tpl
+++ b/phpBB/templates/subSilver/admin/index_body.tpl
@@ -43,6 +43,13 @@
 	<td class="row2"><b>{GZIP_COMPRESSION}</b></td>
  </tr>
 </table>
+
+<h1>{L_VERSION_INFORMATION}</h1>
+
+{VERSION_INFO}
+
+<br />
+
 <h1>{L_WHO_IS_ONLINE}</h1>

 <table width="100%" cellpadding="4" cellspacing="1" border="0" class="forumline">
@@ -77,9 +84,3 @@
 </table>

 <br />
-
-<h1>{L_VERSION_INFORMATION}</h1>
-
-{VERSION_INFO}
-
-<br />
--- a/phpBB/templates/subSilver/confirm_body.tpl
+++ b/phpBB/templates/subSilver/confirm_body.tpl
@@ -7,7 +7,7 @@

 <table class="forumline" width="100%" cellspacing="1" cellpadding="3" border="0">
 	<tr>
-		<th class="thHead" height="25" valign="middle"><span class="tableTitle">{MESSAGE_TITLE}</span></th>
+		<th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th>
 	</tr>
 	<tr>
 		<td class="row1" align="center"><form action="{S_CONFIRM_ACTION}" method="post"><span class="gen"><br />{MESSAGE_TEXT}<br /><br />{S_HIDDEN_FIELDS}<input type="submit" name="confirm" value="{L_YES}" class="mainoption" />&nbsp;&nbsp;<input type="submit" name="cancel" value="{L_NO}" class="liteoption" /></span></form></td>