This commit was manufactured by cvs2svn to create tag

'release_2_0_15'.

git-svn-id: file:///svn/phpbb/tags/release_2_0_15@5150 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/admin/admin_board.php

@@ -1,27 +1,329 @@
 <?php
-/***************************************************************************  
- *                                 
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$                                                           
- *                                                            
- * 
- ***************************************************************************/ 
+/***************************************************************************
+ *                              admin_board.php
+ *                            -------------------
+ *   begin                : Thursday, Jul 12, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
 
+define('IN_PHPBB', 1);
 
-/***************************************************************************  
- *                                                     
- *   This program is free software; you can redistribute it and/or modify    
- *   it under the terms of the GNU General Public License as published by   
- *   the Free Software Foundation; either version 2 of the License, or  
- *   (at your option) any later version.                      
- *                                                          
- * 
- ***************************************************************************/ 
+if( !empty($setmodules) )
+{
+	$file = basename(__FILE__);
+	$module['General']['Configuration'] = "$file";
+	return;
+}
 
+//
+// Let's set the root dir for phpBB
+//
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
 
+//
+// Pull all config data
+//
+$sql = "SELECT *
+	FROM " . CONFIG_TABLE;
+if(!$result = $db->sql_query($sql))
+{
+	message_die(CRITICAL_ERROR, "Could not query config information in admin_board", "", __LINE__, __FILE__, $sql);
+}
+else
+{
+	while( $row = $db->sql_fetchrow($result) )
+	{
+		$config_name = $row['config_name'];
+		$config_value = $row['config_value'];
+		$default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;
+		
+		$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
+
+		if ($config_name == 'cookie_name')
+		{
+			$cookie_name = str_replace('.', '_', $new['cookie_name']);
+		}
+
+		if( isset($HTTP_POST_VARS['submit']) )
+		{
+			$sql = "UPDATE " . CONFIG_TABLE . " SET
+				config_value = '" . str_replace("\'", "''", $new[$config_name]) . "'
+				WHERE config_name = '$config_name'";
+			if( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Failed to update general configuration for $config_name", "", __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	if( isset($HTTP_POST_VARS['submit']) )
+	{
+		$message = $lang['Config_updated'] . "<br /><br />" . sprintf($lang['Click_return_config'], "<a href=\"" . append_sid("admin_board.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+		message_die(GENERAL_MESSAGE, $message);
+	}
+}
+
+$style_select = style_select($new['default_style'], 'default_style', "../templates");
+$lang_select = language_select($new['default_lang'], 'default_lang', "language");
+$timezone_select = tz_select($new['board_timezone'], 'board_timezone');
+
+$disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : "";
+$disable_board_no = ( !$new['board_disable'] ) ? "checked=\"checked\"" : "";
+
+$cookie_secure_yes = ( $new['cookie_secure'] ) ? "checked=\"checked\"" : "";
+$cookie_secure_no = ( !$new['cookie_secure'] ) ? "checked=\"checked\"" : "";
+
+$html_tags = $new['allow_html_tags'];
+
+$override_user_style_yes = ( $new['override_user_style'] ) ? "checked=\"checked\"" : "";
+$override_user_style_no = ( !$new['override_user_style'] ) ? "checked=\"checked\"" : "";
+
+$html_yes = ( $new['allow_html'] ) ? "checked=\"checked\"" : "";
+$html_no = ( !$new['allow_html'] ) ? "checked=\"checked\"" : "";
+
+$bbcode_yes = ( $new['allow_bbcode'] ) ? "checked=\"checked\"" : "";
+$bbcode_no = ( !$new['allow_bbcode'] ) ? "checked=\"checked\"" : "";
+
+$activation_none = ( $new['require_activation'] == USER_ACTIVATION_NONE ) ? "checked=\"checked\"" : "";
+$activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : "";
+$activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : "";
+
+$confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : '';
+$confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';
+
+$board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : "";
+$board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : "";
+
+$gzip_yes = ( $new['gzip_compress'] ) ? "checked=\"checked\"" : "";
+$gzip_no = ( !$new['gzip_compress'] ) ? "checked=\"checked\"" : "";
+
+$privmsg_on = ( !$new['privmsg_disable'] ) ? "checked=\"checked\"" : "";
+$privmsg_off = ( $new['privmsg_disable'] ) ? "checked=\"checked\"" : "";
+
+$prune_yes = ( $new['prune_enable'] ) ? "checked=\"checked\"" : "";
+$prune_no = ( !$new['prune_enable'] ) ? "checked=\"checked\"" : "";
+
+$smile_yes = ( $new['allow_smilies'] ) ? "checked=\"checked\"" : "";
+$smile_no = ( !$new['allow_smilies'] ) ? "checked=\"checked\"" : "";
+
+$sig_yes = ( $new['allow_sig'] ) ? "checked=\"checked\"" : "";
+$sig_no = ( !$new['allow_sig'] ) ? "checked=\"checked\"" : "";
+
+$namechange_yes = ( $new['allow_namechange'] ) ? "checked=\"checked\"" : "";
+$namechange_no = ( !$new['allow_namechange'] ) ? "checked=\"checked\"" : "";
+
+$avatars_local_yes = ( $new['allow_avatar_local'] ) ? "checked=\"checked\"" : "";
+$avatars_local_no = ( !$new['allow_avatar_local'] ) ? "checked=\"checked\"" : "";
+$avatars_remote_yes = ( $new['allow_avatar_remote'] ) ? "checked=\"checked\"" : "";
+$avatars_remote_no = ( !$new['allow_avatar_remote'] ) ? "checked=\"checked\"" : "";
+$avatars_upload_yes = ( $new['allow_avatar_upload'] ) ? "checked=\"checked\"" : "";
+$avatars_upload_no = ( !$new['allow_avatar_upload'] ) ? "checked=\"checked\"" : "";
+
+$smtp_yes = ( $new['smtp_delivery'] ) ? "checked=\"checked\"" : "";
+$smtp_no = ( !$new['smtp_delivery'] ) ? "checked=\"checked\"" : "";
+
+$template->set_filenames(array(
+	"body" => "admin/board_config_body.tpl")
+);
+
+//
+// Escape any quotes in the site description for proper display in the text
+// box on the admin page 
+//
+$new['site_desc'] = str_replace('"', '&quot;', $new['site_desc']);
+$new['sitename'] = str_replace('"', '&quot;', strip_tags($new['sitename']));
+$template->assign_vars(array(
+	"S_CONFIG_ACTION" => append_sid("admin_board.$phpEx"),
+
+	"L_YES" => $lang['Yes'],
+	"L_NO" => $lang['No'],
+	"L_CONFIGURATION_TITLE" => $lang['General_Config'],
+	"L_CONFIGURATION_EXPLAIN" => $lang['Config_explain'],
+	"L_GENERAL_SETTINGS" => $lang['General_settings'],
+	"L_SERVER_NAME" => $lang['Server_name'], 
+	"L_SERVER_NAME_EXPLAIN" => $lang['Server_name_explain'], 
+	"L_SERVER_PORT" => $lang['Server_port'], 
+	"L_SERVER_PORT_EXPLAIN" => $lang['Server_port_explain'], 
+	"L_SCRIPT_PATH" => $lang['Script_path'], 
+	"L_SCRIPT_PATH_EXPLAIN" => $lang['Script_path_explain'], 
+	"L_SITE_NAME" => $lang['Site_name'],
+	"L_SITE_DESCRIPTION" => $lang['Site_desc'],
+	"L_DISABLE_BOARD" => $lang['Board_disable'], 
+	"L_DISABLE_BOARD_EXPLAIN" => $lang['Board_disable_explain'], 
+	"L_ACCT_ACTIVATION" => $lang['Acct_activation'], 
+	"L_NONE" => $lang['Acc_None'], 
+	"L_USER" => $lang['Acc_User'], 
+	"L_ADMIN" => $lang['Acc_Admin'], 
+	"L_VISUAL_CONFIRM" => $lang['Visual_confirm'], 
+	"L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], 
+	"L_COOKIE_SETTINGS" => $lang['Cookie_settings'], 
+	"L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'], 
+	"L_COOKIE_DOMAIN" => $lang['Cookie_domain'],
+	"L_COOKIE_NAME" => $lang['Cookie_name'], 
+	"L_COOKIE_PATH" => $lang['Cookie_path'], 
+	"L_COOKIE_SECURE" => $lang['Cookie_secure'], 
+	"L_COOKIE_SECURE_EXPLAIN" => $lang['Cookie_secure_explain'], 
+	"L_SESSION_LENGTH" => $lang['Session_length'], 
+	"L_PRIVATE_MESSAGING" => $lang['Private_Messaging'], 
+	"L_INBOX_LIMIT" => $lang['Inbox_limits'], 
+	"L_SENTBOX_LIMIT" => $lang['Sentbox_limits'], 
+	"L_SAVEBOX_LIMIT" => $lang['Savebox_limits'], 
+	"L_DISABLE_PRIVATE_MESSAGING" => $lang['Disable_privmsg'], 
+	"L_ENABLED" => $lang['Enabled'], 
+	"L_DISABLED" => $lang['Disabled'], 
+	"L_ABILITIES_SETTINGS" => $lang['Abilities_settings'],
+	"L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'],
+	"L_FLOOD_INTERVAL" => $lang['Flood_Interval'],
+	"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], 
+	"L_BOARD_EMAIL_FORM" => $lang['Board_email_form'], 
+	"L_BOARD_EMAIL_FORM_EXPLAIN" => $lang['Board_email_form_explain'], 
+	"L_TOPICS_PER_PAGE" => $lang['Topics_per_page'],
+	"L_POSTS_PER_PAGE" => $lang['Posts_per_page'],
+	"L_HOT_THRESHOLD" => $lang['Hot_threshold'],
+	"L_DEFAULT_STYLE" => $lang['Default_style'],
+	"L_OVERRIDE_STYLE" => $lang['Override_style'],
+	"L_OVERRIDE_STYLE_EXPLAIN" => $lang['Override_style_explain'],
+	"L_DEFAULT_LANGUAGE" => $lang['Default_language'],
+	"L_DATE_FORMAT" => $lang['Date_format'],
+	"L_SYSTEM_TIMEZONE" => $lang['System_timezone'],
+	"L_ENABLE_GZIP" => $lang['Enable_gzip'],
+	"L_ENABLE_PRUNE" => $lang['Enable_prune'],
+	"L_ALLOW_HTML" => $lang['Allow_HTML'],
+	"L_ALLOW_BBCODE" => $lang['Allow_BBCode'],
+	"L_ALLOWED_TAGS" => $lang['Allowed_tags'],
+	"L_ALLOWED_TAGS_EXPLAIN" => $lang['Allowed_tags_explain'],
+	"L_ALLOW_SMILIES" => $lang['Allow_smilies'],
+	"L_SMILIES_PATH" => $lang['Smilies_path'],
+	"L_SMILIES_PATH_EXPLAIN" => $lang['Smilies_path_explain'],
+	"L_ALLOW_SIG" => $lang['Allow_sig'],
+	"L_MAX_SIG_LENGTH" => $lang['Max_sig_length'],
+	"L_MAX_SIG_LENGTH_EXPLAIN" => $lang['Max_sig_length_explain'],
+	"L_ALLOW_NAME_CHANGE" => $lang['Allow_name_change'],
+	"L_AVATAR_SETTINGS" => $lang['Avatar_settings'],
+	"L_ALLOW_LOCAL" => $lang['Allow_local'],
+	"L_ALLOW_REMOTE" => $lang['Allow_remote'],
+	"L_ALLOW_REMOTE_EXPLAIN" => $lang['Allow_remote_explain'],
+	"L_ALLOW_UPLOAD" => $lang['Allow_upload'],
+	"L_MAX_FILESIZE" => $lang['Max_filesize'],
+	"L_MAX_FILESIZE_EXPLAIN" => $lang['Max_filesize_explain'],
+	"L_MAX_AVATAR_SIZE" => $lang['Max_avatar_size'],
+	"L_MAX_AVATAR_SIZE_EXPLAIN" => $lang['Max_avatar_size_explain'],
+	"L_AVATAR_STORAGE_PATH" => $lang['Avatar_storage_path'],
+	"L_AVATAR_STORAGE_PATH_EXPLAIN" => $lang['Avatar_storage_path_explain'],
+	"L_AVATAR_GALLERY_PATH" => $lang['Avatar_gallery_path'],
+	"L_AVATAR_GALLERY_PATH_EXPLAIN" => $lang['Avatar_gallery_path_explain'],
+	"L_COPPA_SETTINGS" => $lang['COPPA_settings'],
+	"L_COPPA_FAX" => $lang['COPPA_fax'],
+	"L_COPPA_MAIL" => $lang['COPPA_mail'],
+	"L_COPPA_MAIL_EXPLAIN" => $lang['COPPA_mail_explain'],
+	"L_EMAIL_SETTINGS" => $lang['Email_settings'],
+	"L_ADMIN_EMAIL" => $lang['Admin_email'],
+	"L_EMAIL_SIG" => $lang['Email_sig'],
+	"L_EMAIL_SIG_EXPLAIN" => $lang['Email_sig_explain'],
+	"L_USE_SMTP" => $lang['Use_SMTP'],
+	"L_USE_SMTP_EXPLAIN" => $lang['Use_SMTP_explain'],
+	"L_SMTP_SERVER" => $lang['SMTP_server'], 
+	"L_SMTP_USERNAME" => $lang['SMTP_username'], 
+	"L_SMTP_USERNAME_EXPLAIN" => $lang['SMTP_username_explain'], 
+	"L_SMTP_PASSWORD" => $lang['SMTP_password'], 
+	"L_SMTP_PASSWORD_EXPLAIN" => $lang['SMTP_password_explain'], 
+	"L_SUBMIT" => $lang['Submit'], 
+	"L_RESET" => $lang['Reset'], 
+	
+	"SERVER_NAME" => $new['server_name'], 
+	"SCRIPT_PATH" => $new['script_path'], 
+	"SERVER_PORT" => $new['server_port'], 
+	"SITENAME" => $new['sitename'],
+	"SITE_DESCRIPTION" => $new['site_desc'], 
+	"S_DISABLE_BOARD_YES" => $disable_board_yes,
+	"S_DISABLE_BOARD_NO" => $disable_board_no,
+	"ACTIVATION_NONE" => USER_ACTIVATION_NONE, 
+	"ACTIVATION_NONE_CHECKED" => $activation_none,
+	"ACTIVATION_USER" => USER_ACTIVATION_SELF, 
+	"ACTIVATION_USER_CHECKED" => $activation_user,
+	"ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN, 
+	"ACTIVATION_ADMIN_CHECKED" => $activation_admin, 
+	"CONFIRM_ENABLE" => $confirm_yes,
+	"CONFIRM_DISABLE" => $confirm_no,
+	"ACTIVATION_NONE_CHECKED" => $activation_none,
+	"BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes, 
+	"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, 
+	"MAX_POLL_OPTIONS" => $new['max_poll_options'], 
+	"FLOOD_INTERVAL" => $new['flood_interval'],
+	"TOPICS_PER_PAGE" => $new['topics_per_page'],
+	"POSTS_PER_PAGE" => $new['posts_per_page'],
+	"HOT_TOPIC" => $new['hot_threshold'],
+	"STYLE_SELECT" => $style_select,
+	"OVERRIDE_STYLE_YES" => $override_user_style_yes,
+	"OVERRIDE_STYLE_NO" => $override_user_style_no,
+	"LANG_SELECT" => $lang_select,
+	"L_DATE_FORMAT_EXPLAIN" => $lang['Date_format_explain'],
+	"DEFAULT_DATEFORMAT" => $new['default_dateformat'],
+	"TIMEZONE_SELECT" => $timezone_select,
+	"S_PRIVMSG_ENABLED" => $privmsg_on, 
+	"S_PRIVMSG_DISABLED" => $privmsg_off, 
+	"INBOX_LIMIT" => $new['max_inbox_privmsgs'], 
+	"SENTBOX_LIMIT" => $new['max_sentbox_privmsgs'],
+	"SAVEBOX_LIMIT" => $new['max_savebox_privmsgs'],
+	"COOKIE_DOMAIN" => $new['cookie_domain'], 
+	"COOKIE_NAME" => $new['cookie_name'], 
+	"COOKIE_PATH" => $new['cookie_path'], 
+	"SESSION_LENGTH" => $new['session_length'], 
+	"S_COOKIE_SECURE_ENABLED" => $cookie_secure_yes, 
+	"S_COOKIE_SECURE_DISABLED" => $cookie_secure_no, 
+	"GZIP_YES" => $gzip_yes,
+	"GZIP_NO" => $gzip_no,
+	"PRUNE_YES" => $prune_yes,
+	"PRUNE_NO" => $prune_no, 
+	"HTML_TAGS" => $html_tags, 
+	"HTML_YES" => $html_yes,
+	"HTML_NO" => $html_no,
+	"BBCODE_YES" => $bbcode_yes,
+	"BBCODE_NO" => $bbcode_no,
+	"SMILE_YES" => $smile_yes,
+	"SMILE_NO" => $smile_no,
+	"SIG_YES" => $sig_yes,
+	"SIG_NO" => $sig_no,
+	"SIG_SIZE" => $new['max_sig_chars'], 
+	"NAMECHANGE_YES" => $namechange_yes,
+	"NAMECHANGE_NO" => $namechange_no,
+	"AVATARS_LOCAL_YES" => $avatars_local_yes,
+	"AVATARS_LOCAL_NO" => $avatars_local_no,
+	"AVATARS_REMOTE_YES" => $avatars_remote_yes,
+	"AVATARS_REMOTE_NO" => $avatars_remote_no,
+	"AVATARS_UPLOAD_YES" => $avatars_upload_yes,
+	"AVATARS_UPLOAD_NO" => $avatars_upload_no,
+	"AVATAR_FILESIZE" => $new['avatar_filesize'],
+	"AVATAR_MAX_HEIGHT" => $new['avatar_max_height'],
+	"AVATAR_MAX_WIDTH" => $new['avatar_max_width'],
+	"AVATAR_PATH" => $new['avatar_path'], 
+	"AVATAR_GALLERY_PATH" => $new['avatar_gallery_path'], 
+	"SMILIES_PATH" => $new['smilies_path'], 
+	"INBOX_PRIVMSGS" => $new['max_inbox_privmsgs'], 
+	"SENTBOX_PRIVMSGS" => $new['max_sentbox_privmsgs'], 
+	"SAVEBOX_PRIVMSGS" => $new['max_savebox_privmsgs'], 
+	"EMAIL_FROM" => $new['board_email'],
+	"EMAIL_SIG" => $new['board_email_sig'],
+	"SMTP_YES" => $smtp_yes,
+	"SMTP_NO" => $smtp_no,
+	"SMTP_HOST" => $new['smtp_host'],
+	"SMTP_USERNAME" => $new['smtp_username'],
+	"SMTP_PASSWORD" => $new['smtp_password'],
+	"COPPA_MAIL" => $new['coppa_mail'],
+	"COPPA_FAX" => $new['coppa_fax'])
+);
+
+$template->pparse("body");
+
+include('./page_footer_admin.'.$phpEx);
 
 ?>

phpBB/admin/admin_disallow.php

@@ -0,0 +1,146 @@
+<?php
+/***************************************************************************
+ *                            admin_disallow.php
+ *                            -------------------
+ *   begin                : Tuesday, Oct 05, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['Users']['Disallow'] = append_sid($filename);
+
+	return;
+}
+
+//
+// Include required files, get $phpEx and check permissions
+//
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+if( isset($HTTP_POST_VARS['add_name']) )
+{
+	include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
+
+	$disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);
+
+	if ($disallowed_user == '')
+	{
+		message_die(MESSAGE, $lang['Fields_empty']);
+	}
+	if( !validate_username($disallowed_user) )
+	{
+		$message = $lang['Disallowed_already'];
+	}
+	else
+	{
+		$sql = "INSERT INTO " . DISALLOW_TABLE . " (disallow_username) 
+			VALUES('" . str_replace("\'", "''", $disallowed_user) . "')";
+		$result = $db->sql_query( $sql );
+		if ( !$result )
+		{
+			message_die(GENERAL_ERROR, "Could not add disallowed user.", "",__LINE__, __FILE__, $sql);
+		}
+		$message = $lang['Disallow_successful'];
+	}
+
+	$message .= "<br /><br />" . sprintf($lang['Click_return_disallowadmin'], "<a href=\"" . append_sid("admin_disallow.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+	message_die(GENERAL_MESSAGE, $message);
+}
+else if( isset($HTTP_POST_VARS['delete_name']) )
+{
+	$disallowed_id = ( isset($HTTP_POST_VARS['disallowed_id']) ) ? intval( $HTTP_POST_VARS['disallowed_id'] ) : intval( $HTTP_GET_VARS['disallowed_id'] );
+	
+	$sql = "DELETE FROM " . DISALLOW_TABLE . " 
+		WHERE disallow_id = $disallowed_id";
+	$result = $db->sql_query($sql);
+	if( !$result )
+	{
+		message_die(GENERAL_ERROR, "Couldn't removed disallowed user.", "",__LINE__, __FILE__, $sql);
+	}
+
+	$message .= $lang['Disallowed_deleted'] . "<br /><br />" . sprintf($lang['Click_return_disallowadmin'], "<a href=\"" . append_sid("admin_disallow.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+	message_die(GENERAL_MESSAGE, $message);
+
+}
+
+//
+// Grab the current list of disallowed usernames...
+//
+$sql = "SELECT * 
+	FROM " . DISALLOW_TABLE;
+$result = $db->sql_query($sql);
+if( !$result )
+{
+	message_die(GENERAL_ERROR, "Couldn't get disallowed users.", "", __LINE__, __FILE__, $sql );
+}
+
+$disallowed = $db->sql_fetchrowset($result);
+
+//
+// Ok now generate the info for the template, which will be put out no matter
+// what mode we are in.
+//
+$disallow_select = '<select name="disallowed_id">';
+
+if( trim($disallowed) == "" )
+{
+	$disallow_select .= '<option value="">' . $lang['no_disallowed'] . '</option>';
+}
+else 
+{
+	$user = array();
+	for( $i = 0; $i < count($disallowed); $i++ )
+	{
+		$disallow_select .= '<option value="' . $disallowed[$i]['disallow_id'] . '">' . $disallowed[$i]['disallow_username'] . '</option>';
+	}
+}
+
+$disallow_select .= '</select>';
+
+$template->set_filenames(array(
+	"body" => "admin/disallow_body.tpl")
+);
+
+$template->assign_vars(array(
+	"S_DISALLOW_SELECT" => $disallow_select,
+	"S_FORM_ACTION" => append_sid("admin_disallow.$phpEx"),
+
+	"L_INFO" => $output_info,
+	"L_DISALLOW_TITLE" => $lang['Disallow_control'],
+	"L_DISALLOW_EXPLAIN" => $lang['Disallow_explain'],
+	"L_DELETE" => $lang['Delete_disallow'],
+	"L_DELETE_DISALLOW" => $lang['Delete_disallow_title'],
+	"L_DELETE_EXPLAIN" => $lang['Delete_disallow_explain'],
+	"L_ADD" => $lang['Add_disallow'],
+	"L_ADD_DISALLOW" => $lang['Add_disallow_title'],
+	"L_ADD_EXPLAIN" => $lang['Add_disallow_explain'],
+	"L_USERNAME" => $lang['Username'])
+);
+
+$template->pparse("body");
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_forum_prune.php

@@ -0,0 +1,199 @@
+<?php
+/***************************************************************************
+*                             admin_forum_prune.php
+*                              -------------------
+*     begin                : Mon Jul 31, 2001
+*     copyright            : (C) 2001 The phpBB Group
+*     email                : support@phpbb.com
+*
+*     $Id$
+*
+****************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', true);
+
+if ( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['Forums']['Prune'] = $filename;
+
+	return;
+}
+
+//
+// Load default header
+//
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+require($phpbb_root_path . 'includes/prune.'.$phpEx);
+require($phpbb_root_path . 'includes/functions_admin.'.$phpEx); 
+
+//
+// Get the forum ID for pruning
+//
+if( isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]) )
+{
+	$forum_id = ( isset($HTTP_POST_VARS[POST_FORUM_URL]) ) ? $HTTP_POST_VARS[POST_FORUM_URL] : $HTTP_GET_VARS[POST_FORUM_URL];
+
+	if( $forum_id == -1 )
+	{
+		$forum_sql = '';
+	}
+	else
+	{
+		$forum_id = intval($forum_id);
+		$forum_sql = "AND forum_id = $forum_id";
+	}
+}
+else
+{
+	$forum_id = '';
+	$forum_sql = '';
+}
+//
+// Get a list of forum's or the data for the forum that we are pruning.
+//
+$sql = "SELECT f.*
+	FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
+	WHERE c.cat_id = f.cat_id
+	$forum_sql
+	ORDER BY c.cat_order ASC, f.forum_order ASC";
+if( !($result = $db->sql_query($sql)) )
+{
+	message_die(GENERAL_ERROR, 'Could not obtain list of forums for pruning', '', __LINE__, __FILE__, $sql);
+}
+
+$forum_rows = array();
+while( $row = $db->sql_fetchrow($result) )
+{
+	$forum_rows[] = $row;
+}
+
+//
+// Check for submit to be equal to Prune. If so then proceed with the pruning.
+//
+if( isset($HTTP_POST_VARS['doprune']) )
+{
+	$prunedays = ( isset($HTTP_POST_VARS['prunedays']) ) ? intval($HTTP_POST_VARS['prunedays']) : 0;
+
+	// Convert days to seconds for timestamp functions...
+	$prunedate = time() - ( $prunedays * 86400 );
+
+	$template->set_filenames(array(
+		'body' => 'admin/forum_prune_result_body.tpl')
+	);
+
+	for($i = 0; $i < count($forum_rows); $i++)
+	{
+		$p_result = prune($forum_rows[$i]['forum_id'], $prunedate);
+		sync('forum', $forum_rows[$i]['forum_id']);
+	
+		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+	
+		$template->assign_block_vars('prune_results', array(
+			'ROW_COLOR' => '#' . $row_color, 
+			'ROW_CLASS' => $row_class, 
+			'FORUM_NAME' => $forum_rows[$i]['forum_name'],
+			'FORUM_TOPICS' => $p_result['topics'],
+			'FORUM_POSTS' => $p_result['posts'])
+		);
+	}
+
+	$template->assign_vars(array(
+		'L_FORUM_PRUNE' => $lang['Forum_Prune'],
+		'L_FORUM' => $lang['Forum'],
+		'L_TOPICS_PRUNED' => $lang['Topics_pruned'],
+		'L_POSTS_PRUNED' => $lang['Posts_pruned'],
+		'L_PRUNE_RESULT' => $lang['Prune_success'])
+	);
+}
+else
+{
+	//
+	// If they haven't selected a forum for pruning yet then
+	// display a select box to use for pruning.
+	//
+	if( empty($HTTP_POST_VARS[POST_FORUM_URL]) )
+	{
+		//
+		// Output a selection table if no forum id has been specified.
+		//
+		$template->set_filenames(array(
+			'body' => 'admin/forum_prune_select_body.tpl')
+		);
+
+		$select_list = '<select name="' . POST_FORUM_URL . '">';
+		$select_list .= '<option value="-1">' . $lang['All_Forums'] . '</option>';
+
+		for($i = 0; $i < count($forum_rows); $i++)
+		{
+			$select_list .= '<option value="' . $forum_rows[$i]['forum_id'] . '">' . $forum_rows[$i]['forum_name'] . '</option>';
+		}
+		$select_list .= '</select>';
+
+		//
+		// Assign the template variables.
+		//
+		$template->assign_vars(array(
+			'L_FORUM_PRUNE' => $lang['Forum_Prune'],
+			'L_SELECT_FORUM' => $lang['Select_a_Forum'], 
+			'L_LOOK_UP' => $lang['Look_up_Forum'],
+
+			'S_FORUMPRUNE_ACTION' => append_sid("admin_forum_prune.$phpEx"),
+			'S_FORUMS_SELECT' => $select_list)
+		);
+	}
+	else
+	{
+		$forum_id = intval($HTTP_POST_VARS[POST_FORUM_URL]);
+		
+		//
+		// Output the form to retrieve Prune information.
+		//
+		$template->set_filenames(array(
+			'body' => 'admin/forum_prune_body.tpl')
+		);
+
+		$forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name'];
+
+		$prune_data = $lang['Prune_topics_not_posted'] . " "; 
+		$prune_data .= '<input class="post" type="text" name="prunedays" size="4"> ' . $lang['Days'];
+
+		$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';
+
+		//
+		// Assign the template variables.
+		//
+		$template->assign_vars(array(
+			'FORUM_NAME' => $forum_name,
+
+			'L_FORUM' => $lang['Forum'], 
+			'L_FORUM_PRUNE' => $lang['Forum_Prune'], 
+			'L_FORUM_PRUNE_EXPLAIN' => $lang['Forum_Prune_explain'], 
+			'L_DO_PRUNE' => $lang['Do_Prune'],
+
+			'S_FORUMPRUNE_ACTION' => append_sid("admin_forum_prune.$phpEx"),
+			'S_PRUNE_DATA' => $prune_data,
+			'S_HIDDEN_VARS' => $hidden_input)
+		);
+	}
+}
+//
+// Actually output the page here.
+//
+$template->pparse('body');
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_forumauth.php

@@ -0,0 +1,328 @@
+<?php
+/***************************************************************************
+ *                            admin_forumauth.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['Forums']['Permissions']   = $filename;
+
+	return;
+}
+
+//
+// Load default header
+//
+$no_page_header = TRUE;
+$phpbb_root_path = './../';
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+//
+// Start program - define vars
+//
+//                View      Read      Post      Reply     Edit     Delete    Sticky   Announce    Vote      Poll
+$simple_auth_ary = array(
+	0  => array(AUTH_ALL, AUTH_ALL, AUTH_ALL, AUTH_ALL, AUTH_REG, AUTH_REG, AUTH_MOD, AUTH_MOD, AUTH_REG, AUTH_REG),
+	1  => array(AUTH_ALL, AUTH_ALL, AUTH_REG, AUTH_REG, AUTH_REG, AUTH_REG, AUTH_MOD, AUTH_MOD, AUTH_REG, AUTH_REG),
+	2  => array(AUTH_REG, AUTH_REG, AUTH_REG, AUTH_REG, AUTH_REG, AUTH_REG, AUTH_MOD, AUTH_MOD, AUTH_REG, AUTH_REG),
+	3  => array(AUTH_ALL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_MOD, AUTH_ACL, AUTH_ACL),
+	4  => array(AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_ACL, AUTH_MOD, AUTH_ACL, AUTH_ACL),
+	5  => array(AUTH_ALL, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD),
+	6  => array(AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD),
+);
+
+$simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . ' [' . $lang['Hidden'] . ']', $lang['Private'], $lang['Private'] . ' [' . $lang['Hidden'] . ']', $lang['Moderators'], $lang['Moderators'] . ' [' . $lang['Hidden'] . ']');
+
+$forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
+
+$field_names = array(
+	'auth_view' => $lang['View'],
+	'auth_read' => $lang['Read'],
+	'auth_post' => $lang['Post'],
+	'auth_reply' => $lang['Reply'],
+	'auth_edit' => $lang['Edit'],
+	'auth_delete' => $lang['Delete'],
+	'auth_sticky' => $lang['Sticky'],
+	'auth_announce' => $lang['Announce'], 
+	'auth_vote' => $lang['Vote'], 
+	'auth_pollcreate' => $lang['Pollcreate']);
+
+$forum_auth_levels = array('ALL', 'REG', 'PRIVATE', 'MOD', 'ADMIN');
+$forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN);
+
+if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]))
+{
+	$forum_id = (isset($HTTP_POST_VARS[POST_FORUM_URL])) ? intval($HTTP_POST_VARS[POST_FORUM_URL]) : intval($HTTP_GET_VARS[POST_FORUM_URL]);
+	$forum_sql = "AND forum_id = $forum_id";
+}
+else
+{
+	unset($forum_id);
+	$forum_sql = '';
+}
+
+if( isset($HTTP_GET_VARS['adv']) )
+{
+	$adv = intval($HTTP_GET_VARS['adv']);
+}
+else
+{
+	unset($adv);
+}
+
+//
+// Start program proper
+//
+if( isset($HTTP_POST_VARS['submit']) )
+{
+	$sql = '';
+
+	if(!empty($forum_id))
+	{
+		if(isset($HTTP_POST_VARS['simpleauth']))
+		{
+			$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
+
+			for($i = 0; $i < count($simple_ary); $i++)
+			{
+				$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
+			}
+
+			if (is_array($simple_ary))
+			{
+				$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
+			}
+		}
+		else
+		{
+			for($i = 0; $i < count($forum_auth_fields); $i++)
+			{
+				$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
+
+				if ( $forum_auth_fields[$i] == 'auth_vote' )
+				{
+					if ( $HTTP_POST_VARS['auth_vote'] == AUTH_ALL )
+					{
+						$value = AUTH_REG;
+					}
+				}
+
+				$sql .= ( ( $sql != '' ) ? ', ' : '' ) .$forum_auth_fields[$i] . ' = ' . $value;
+			}
+
+			$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
+		}
+
+		if ( $sql != '' )
+		{
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not update auth table', '', __LINE__, __FILE__, $sql);
+			}
+		}
+
+		$forum_sql = '';
+		$adv = 0;
+	}
+
+	$template->assign_vars(array(
+		'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">')
+	);
+	$message = $lang['Forum_auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_forumauth'],  '<a href="' . append_sid("admin_forumauth.$phpEx") . '">', "</a>");
+	message_die(GENERAL_MESSAGE, $message);
+
+} // End of submit
+
+//
+// Get required information, either all forums if
+// no id was specified or just the requsted if it
+// was
+//
+$sql = "SELECT f.*
+	FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
+	WHERE c.cat_id = f.cat_id
+	$forum_sql
+	ORDER BY c.cat_order ASC, f.forum_order ASC";
+if ( !($result = $db->sql_query($sql)) )
+{
+	message_die(GENERAL_ERROR, "Couldn't obtain forum list", "", __LINE__, __FILE__, $sql);
+}
+
+$forum_rows = $db->sql_fetchrowset($result);
+$db->sql_freeresult($result);
+
+if( empty($forum_id) )
+{
+	//
+	// Output the selection table if no forum id was
+	// specified
+	//
+	$template->set_filenames(array(
+		'body' => 'admin/auth_select_body.tpl')
+	);
+
+	$select_list = '<select name="' . POST_FORUM_URL . '">';
+	for($i = 0; $i < count($forum_rows); $i++)
+	{
+		$select_list .= '<option value="' . $forum_rows[$i]['forum_id'] . '">' . $forum_rows[$i]['forum_name'] . '</option>';
+	}
+	$select_list .= '</select>';
+
+	$template->assign_vars(array(
+		'L_AUTH_TITLE' => $lang['Auth_Control_Forum'],
+		'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'],
+		'L_AUTH_SELECT' => $lang['Select_a_Forum'],
+		'L_LOOK_UP' => $lang['Look_up_Forum'],
+
+		'S_AUTH_ACTION' => append_sid("admin_forumauth.$phpEx"),
+		'S_AUTH_SELECT' => $select_list)
+	);
+
+}
+else
+{
+	//
+	// Output the authorisation details if an id was
+	// specified
+	//
+	$template->set_filenames(array(
+		'body' => 'admin/auth_forum_body.tpl')
+	);
+
+	$forum_name = $forum_rows[0]['forum_name'];
+
+	@reset($simple_auth_ary);
+	while( list($key, $auth_levels) = each($simple_auth_ary))
+	{
+		$matched = 1;
+		for($k = 0; $k < count($auth_levels); $k++)
+		{
+			$matched_type = $key;
+
+			if ( $forum_rows[0][$forum_auth_fields[$k]] != $auth_levels[$k] )
+			{
+				$matched = 0;
+			}
+		}
+
+		if ( $matched )
+		{
+			break;
+		}
+	}
+
+	//
+	// If we didn't get a match above then we
+	// automatically switch into 'advanced' mode
+	//
+	if ( !isset($adv) && !$matched )
+	{
+		$adv = 1;
+	}
+
+	$s_column_span == 0;
+
+	if ( empty($adv) )
+	{
+		$simple_auth = '<select name="simpleauth">';
+
+		for($j = 0; $j < count($simple_auth_types); $j++)
+		{
+			$selected = ( $matched_type == $j ) ? ' selected="selected"' : '';
+			$simple_auth .= '<option value="' . $j . '"' . $selected . '>' . $simple_auth_types[$j] . '</option>';
+		}
+
+		$simple_auth .= '</select>';
+
+		$template->assign_block_vars('forum_auth_titles', array(
+			'CELL_TITLE' => $lang['Simple_mode'])
+		);
+		$template->assign_block_vars('forum_auth_data', array(
+			'S_AUTH_LEVELS_SELECT' => $simple_auth)
+		);
+
+		$s_column_span++;
+	}
+	else
+	{
+		//
+		// Output values of individual
+		// fields
+		//
+		for($j = 0; $j < count($forum_auth_fields); $j++)
+		{
+			$custom_auth[$j] = '&nbsp;<select name="' . $forum_auth_fields[$j] . '">';
+
+			for($k = 0; $k < count($forum_auth_levels); $k++)
+			{
+				$selected = ( $forum_rows[0][$forum_auth_fields[$j]] == $forum_auth_const[$k] ) ? ' selected="selected"' : '';
+				$custom_auth[$j] .= '<option value="' . $forum_auth_const[$k] . '"' . $selected . '>' . $lang['Forum_' . $forum_auth_levels[$k]] . '</option>';
+			}
+			$custom_auth[$j] .= '</select>&nbsp;';
+
+			$cell_title = $field_names[$forum_auth_fields[$j]];
+
+			$template->assign_block_vars('forum_auth_titles', array(
+				'CELL_TITLE' => $cell_title)
+			);
+			$template->assign_block_vars('forum_auth_data', array(
+				'S_AUTH_LEVELS_SELECT' => $custom_auth[$j])
+			);
+
+			$s_column_span++;
+		}
+	}
+
+	$adv_mode = ( empty($adv) ) ? '1' : '0';
+	$switch_mode = append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=" . $forum_id . "&adv=". $adv_mode);
+	$switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
+	$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
+
+	$s_hidden_fields = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">';
+
+	$template->assign_vars(array(
+		'FORUM_NAME' => $forum_name,
+
+		'L_FORUM' => $lang['Forum'], 
+		'L_AUTH_TITLE' => $lang['Auth_Control_Forum'],
+		'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'],
+		'L_SUBMIT' => $lang['Submit'],
+		'L_RESET' => $lang['Reset'],
+
+		'U_SWITCH_MODE' => $u_switch_mode,
+
+		'S_FORUMAUTH_ACTION' => append_sid("admin_forumauth.$phpEx"),
+		'S_COLUMN_SPAN' => $s_column_span,
+		'S_HIDDEN_FIELDS' => $s_hidden_fields)
+	);
+
+}
+
+include('./page_header_admin.'.$phpEx);
+
+$template->pparse('body');
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_groups.php

@@ -0,0 +1,412 @@
+<?php
+/***************************************************************************
+ *                             admin_groups.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if ( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['Groups']['Manage'] = $filename;
+
+	return;
+}
+
+//
+// Load default header
+//
+$phpbb_root_path = './../';
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+if ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
+{
+	$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
+}
+else
+{
+	$group_id = 0;
+}
+
+if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
+{
+	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+	$mode = htmlspecialchars($mode);
+}
+else
+{
+	$mode = '';
+}
+
+if ( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
+{
+	//
+	// Ok they are editing a group or creating a new group
+	//
+	$template->set_filenames(array(
+		'body' => 'admin/group_edit_body.tpl')
+	);
+
+	if ( isset($HTTP_POST_VARS['edit']) )
+	{
+		//
+		// They're editing. Grab the vars.
+		//
+		$sql = "SELECT *
+			FROM " . GROUPS_TABLE . "
+			WHERE group_single_user <> " . TRUE . "
+			AND group_id = $group_id";
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
+		}
+
+		if ( !($group_info = $db->sql_fetchrow($result)) )
+		{
+			message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
+		}
+
+		$mode = 'editgroup';
+		$template->assign_block_vars('group_edit', array());
+
+	}
+	else if ( isset($HTTP_POST_VARS['new']) )
+	{
+		$group_info = array (
+			'group_name' => '',
+			'group_description' => '',
+			'group_moderator' => '',
+			'group_type' => GROUP_OPEN);
+		$group_open = ' checked="checked"';
+
+		$mode = 'newgroup';
+
+	}
+
+	//
+	// Ok, now we know everything about them, let's show the page.
+	//
+	$sql = "SELECT user_id, username
+		FROM " . USERS_TABLE . "
+		WHERE user_id <> " . ANONYMOUS . "
+		ORDER BY username";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
+	}
+
+	while ( $row = $db->sql_fetchrow($result) )
+	{
+		if ( $row['user_id'] == $group_info['group_moderator'] ) 
+		{
+			$group_moderator = $row['username'];
+		}
+	}
+
+	$group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : '';
+	$group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? ' checked="checked"' : '';
+	$group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? ' checked="checked"' : '';
+
+	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
+
+	$template->assign_vars(array(
+		'GROUP_NAME' => $group_info['group_name'],
+		'GROUP_DESCRIPTION' => $group_info['group_description'], 
+		'GROUP_MODERATOR' => $group_moderator, 
+
+		'L_GROUP_TITLE' => $lang['Group_administration'],
+		'L_GROUP_EDIT_DELETE' => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'], 
+		'L_GROUP_NAME' => $lang['group_name'],
+		'L_GROUP_DESCRIPTION' => $lang['group_description'],
+		'L_GROUP_MODERATOR' => $lang['group_moderator'], 
+		'L_FIND_USERNAME' => $lang['Find_username'], 
+		'L_GROUP_STATUS' => $lang['group_status'],
+		'L_GROUP_OPEN' => $lang['group_open'],
+		'L_GROUP_CLOSED' => $lang['group_closed'],
+		'L_GROUP_HIDDEN' => $lang['group_hidden'],
+		'L_GROUP_DELETE' => $lang['group_delete'],
+		'L_GROUP_DELETE_CHECK' => $lang['group_delete_check'],
+		'L_SUBMIT' => $lang['Submit'],
+		'L_RESET' => $lang['Reset'],
+		'L_DELETE_MODERATOR' => $lang['delete_group_moderator'],
+		'L_DELETE_MODERATOR_EXPLAIN' => $lang['delete_moderator_explain'],
+		'L_YES' => $lang['Yes'],
+
+		'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"), 
+
+		'S_GROUP_OPEN_TYPE' => GROUP_OPEN,
+		'S_GROUP_CLOSED_TYPE' => GROUP_CLOSED,
+		'S_GROUP_HIDDEN_TYPE' => GROUP_HIDDEN,
+		'S_GROUP_OPEN_CHECKED' => $group_open,
+		'S_GROUP_CLOSED_CHECKED' => $group_closed,
+		'S_GROUP_HIDDEN_CHECKED' => $group_hidden,
+		'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
+		'S_HIDDEN_FIELDS' => $s_hidden_fields)
+	);
+
+	$template->pparse('body');
+
+}
+else if ( isset($HTTP_POST_VARS['group_update']) )
+{
+	//
+	// Ok, they are submitting a group, let's save the data based on if it's new or editing
+	//
+	if ( isset($HTTP_POST_VARS['group_delete']) )
+	{
+		//
+		// Reset User Moderator Level
+		//
+
+		// Is Group moderating a forum ?
+		$sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . " 
+			WHERE group_id = " . $group_id;
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql);
+		}
+
+		$row = $db->sql_fetchrow($result);
+		if (intval($row['auth_mod']) == 1)
+		{
+			// Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums
+			$sql = "SELECT user_id FROM " . USER_GROUP_TABLE . "
+				WHERE group_id = " . $group_id;
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql);
+			}
+
+			$rows = $db->sql_fetchrowset($result);
+			for ($i = 0; $i < count($rows); $i++)
+			{
+				$sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
+				WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id) 
+					AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")";
+				if ( !($result = $db->sql_query($sql)) )
+				{
+					message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql);
+				}
+
+				if ($db->sql_numrows($result) == 0)
+				{
+					$sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " 
+					WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']);
+					
+					if ( !$db->sql_query($sql) )
+					{
+						message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql);
+					}
+				}
+			}
+		}
+
+		//
+		// Delete Group
+		//
+		$sql = "DELETE FROM " . GROUPS_TABLE . "
+			WHERE group_id = " . $group_id;
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
+		}
+
+		$sql = "DELETE FROM " . USER_GROUP_TABLE . "
+			WHERE group_id = " . $group_id;
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, 'Could not update user_group', '', __LINE__, __FILE__, $sql);
+		}
+
+		$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
+			WHERE group_id = " . $group_id;
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, 'Could not update auth_access', '', __LINE__, __FILE__, $sql);
+		}
+
+		$message = $lang['Deleted_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
+
+		message_die(GENERAL_MESSAGE, $message);
+	}
+	else
+	{
+		$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
+		$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
+		$group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
+		$group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
+		$delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;
+
+		if ( $group_name == '' )
+		{
+			message_die(GENERAL_MESSAGE, $lang['No_group_name']);
+		}
+		else if ( $group_moderator == '' )
+		{
+			message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
+		}
+		
+		$this_userdata = get_userdata($group_moderator, true);
+		$group_moderator = $this_userdata['user_id'];
+
+		if ( !$group_moderator )
+		{
+			message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
+		}
+				
+		if( $mode == "editgroup" )
+		{
+			$sql = "SELECT *
+				FROM " . GROUPS_TABLE . "
+				WHERE group_single_user <> " . TRUE . "
+				AND group_id = " . $group_id;
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
+			}
+
+			if( !($group_info = $db->sql_fetchrow($result)) )
+			{
+				message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
+			}
+		
+			if ( $group_info['group_moderator'] != $group_moderator )
+			{
+				if ( $delete_old_moderator )
+				{
+					$sql = "DELETE FROM " . USER_GROUP_TABLE . "
+						WHERE user_id = " . $group_info['group_moderator'] . " 
+							AND group_id = " . $group_id;
+					if ( !$db->sql_query($sql) )
+					{
+						message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
+					}
+				}
+
+				$sql = "SELECT user_id 
+					FROM " . USER_GROUP_TABLE . " 
+					WHERE user_id = $group_moderator 
+						AND group_id = $group_id";
+				if ( !($result = $db->sql_query($sql)) )
+				{
+					message_die(GENERAL_ERROR, 'Failed to obtain current group moderator info', '', __LINE__, __FILE__, $sql);
+				}
+
+				if ( !($row = $db->sql_fetchrow($result)) )
+				{
+					$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
+						VALUES (" . $group_id . ", " . $group_moderator . ", 0)";
+					if ( !$db->sql_query($sql) )
+					{
+						message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
+					}
+				}
+			}
+
+			$sql = "UPDATE " . GROUPS_TABLE . "
+				SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator 
+				WHERE group_id = $group_id";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
+			}
+	
+			$message = $lang['Updated_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');;
+
+			message_die(GENERAL_MESSAGE, $message);
+		}
+		else if( $mode == 'newgroup' )
+		{
+			$sql = "INSERT INTO " . GROUPS_TABLE . " (group_type, group_name, group_description, group_moderator, group_single_user) 
+				VALUES ($group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator,	'0')";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
+			}
+			$new_group_id = $db->sql_nextid();
+
+			$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
+				VALUES ($new_group_id, $group_moderator, 0)";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not insert new user-group info', '', __LINE__, __FILE__, $sql);
+			}
+			
+			$message = $lang['Added_new_group'] . '<br /><br />' . sprintf($lang['Click_return_groupsadmin'], '<a href="' . append_sid("admin_groups.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');;
+
+			message_die(GENERAL_MESSAGE, $message);
+
+		}
+		else
+		{
+			message_die(GENERAL_MESSAGE, $lang['No_group_action']);
+		}
+	}
+}
+else
+{
+	$sql = "SELECT group_id, group_name
+		FROM " . GROUPS_TABLE . "
+		WHERE group_single_user <> " . TRUE . "
+		ORDER BY group_name";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not obtain group list', '', __LINE__, __FILE__, $sql);
+	}
+
+	$select_list = '';
+	if ( $row = $db->sql_fetchrow($result) )
+	{
+		$select_list .= '<select name="' . POST_GROUPS_URL . '">';
+		do
+		{
+			$select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+		}
+		while ( $row = $db->sql_fetchrow($result) );
+		$select_list .= '</select>';
+	}
+
+	$template->set_filenames(array(
+		'body' => 'admin/group_select_body.tpl')
+	);
+
+	$template->assign_vars(array(
+		'L_GROUP_TITLE' => $lang['Group_administration'],
+		'L_GROUP_EXPLAIN' => $lang['Group_admin_explain'],
+		'L_GROUP_SELECT' => $lang['Select_group'],
+		'L_LOOK_UP' => $lang['Look_up_group'],
+		'L_CREATE_NEW_GROUP' => $lang['New_group'],
+
+		'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
+		'S_GROUP_SELECT' => $select_list)
+	);
+
+	if ( $select_list != '' )
+	{
+		$template->assign_block_vars('select_box', array());
+	}
+
+	$template->pparse('body');
+}
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_mass_email.php

@@ -0,0 +1,213 @@
+<?php
+/***************************************************************************
+*                             admin_mass_email.php
+*                              -------------------
+*     begin                : Thu May 31, 2001
+*     copyright            : (C) 2001 The phpBB Group
+*     email                : support@phpbb.com
+*
+*     $Id$
+*
+****************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['General']['Mass_Email'] = $filename;
+	
+	return;
+}
+
+//
+// Load default header
+//
+$no_page_header = TRUE;
+$phpbb_root_path = './../';
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+//
+// Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't
+// allowed.
+//
+@set_time_limit(1200);
+
+$message = '';
+$subject = '';
+
+//
+// Do the job ...
+//
+if ( isset($HTTP_POST_VARS['submit']) )
+{
+	$subject = stripslashes(trim($HTTP_POST_VARS['subject']));
+	$message = stripslashes(trim($HTTP_POST_VARS['message']));
+	
+	$error = FALSE;
+	$error_msg = '';
+
+	if ( empty($subject) )
+	{
+		$error = true;
+		$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
+	}
+
+	if ( empty($message) )
+	{
+		$error = true;
+		$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
+	}
+
+	$group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]);
+
+	$sql = ( $group_id != -1 ) ? "SELECT u.user_email FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug WHERE ug.group_id = $group_id AND ug.user_pending <> " . TRUE . " AND u.user_id = ug.user_id" : "SELECT user_email FROM " . USERS_TABLE;
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not select group members', '', __LINE__, __FILE__, $sql);
+	}
+
+	if ( $row = $db->sql_fetchrow($result) )
+	{
+		$bcc_list = array();
+		do
+		{
+			$bcc_list[] = $row['user_email'];
+		}
+		while ( $row = $db->sql_fetchrow($result) );
+
+		$db->sql_freeresult($result);
+	}
+	else
+	{
+		$message = ( $group_id != -1 ) ? $lang['Group_not_exist'] : $lang['No_such_user'];
+
+		$error = true;
+		$error_msg .= ( !empty($error_msg) ) ? '<br />' . $message : $message;
+	}
+
+	if ( !$error )
+	{
+		include($phpbb_root_path . 'includes/emailer.'.$phpEx);
+
+		//
+		// Let's do some checking to make sure that mass mail functions
+		// are working in win32 versions of php.
+		//
+		if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
+		{
+			$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
+
+			// We are running on windows, force delivery to use our smtp functions
+			// since php's are broken by default
+			$board_config['smtp_delivery'] = 1;
+			$board_config['smtp_host'] = @$ini_val('SMTP');
+		}
+
+		$emailer = new emailer($board_config['smtp_delivery']);
+	
+		$emailer->from($board_config['board_email']);
+		$emailer->replyto($board_config['board_email']);
+
+		for ($i = 0; $i < count($bcc_list); $i++)
+		{
+			$emailer->bcc($bcc_list[$i]);
+		}
+
+		$email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
+		$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
+		$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
+		$email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
+
+		$emailer->use_template('admin_send_email');
+		$emailer->email_address($board_config['board_email']);
+		$emailer->set_subject($subject);
+		$emailer->extra_headers($email_headers);
+
+		$emailer->assign_vars(array(
+			'SITENAME' => $board_config['sitename'], 
+			'BOARD_EMAIL' => $board_config['board_email'], 
+			'MESSAGE' => $message)
+		);
+		$emailer->send();
+		$emailer->reset();
+
+		message_die(GENERAL_MESSAGE, $lang['Email_sent'] . '<br /><br />' . sprintf($lang['Click_return_admin_index'],  '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'));
+	}
+}	
+
+if ( $error )
+{
+	$template->set_filenames(array(
+		'reg_header' => 'error_body.tpl')
+	);
+	$template->assign_vars(array(
+		'ERROR_MESSAGE' => $error_msg)
+	);
+	$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
+}
+
+//
+// Initial selection
+//
+
+$sql = "SELECT group_id, group_name 
+	FROM ".GROUPS_TABLE . "  
+	WHERE group_single_user <> 1";
+if ( !($result = $db->sql_query($sql)) ) 
+{
+	message_die(GENERAL_ERROR, 'Could not obtain list of groups', '', __LINE__, __FILE__, $sql);
+}
+
+$select_list = '<select name = "' . POST_GROUPS_URL . '"><option value = "-1">' . $lang['All_users'] . '</option>';
+if ( $row = $db->sql_fetchrow($result) )
+{
+	do
+	{
+		$select_list .= '<option value = "' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+	}
+	while ( $row = $db->sql_fetchrow($result) );
+}
+$select_list .= '</select>';
+
+//
+// Generate page
+//
+include('./page_header_admin.'.$phpEx);
+
+$template->set_filenames(array(
+	'body' => 'admin/user_email_body.tpl')
+);
+
+$template->assign_vars(array(
+	'MESSAGE' => $message,
+	'SUBJECT' => $subject, 
+
+	'L_EMAIL_TITLE' => $lang['Email'],
+	'L_EMAIL_EXPLAIN' => $lang['Mass_email_explain'],
+	'L_COMPOSE' => $lang['Compose'],
+	'L_RECIPIENTS' => $lang['Recipients'],
+	'L_EMAIL_SUBJECT' => $lang['Subject'],
+	'L_EMAIL_MSG' => $lang['Message'],
+	'L_EMAIL' => $lang['Email'],
+	'L_NOTICE' => $notice,
+
+	'S_USER_ACTION' => append_sid('admin_mass_email.'.$phpEx),
+	'S_GROUP_SELECT' => $select_list)
+);
+
+$template->pparse('body');
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_ranks.php

@@ -0,0 +1,376 @@
+<?php
+/***************************************************************************
+ *                              admin_ranks.php
+ *                            -------------------
+ *   begin                : Thursday, Jul 12, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if( !empty($setmodules) )
+{
+	$file = basename(__FILE__);
+	$module['Users']['Ranks'] = "$file";
+	return;
+}
+
+//
+// Let's set the root dir for phpBB
+//
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+{
+	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
+	$mode = htmlspecialchars($mode);
+}
+else 
+{
+	//
+	// These could be entered via a form button
+	//
+	if( isset($HTTP_POST_VARS['add']) )
+	{
+		$mode = "add";
+	}
+	else if( isset($HTTP_POST_VARS['save']) )
+	{
+		$mode = "save";
+	}
+	else
+	{
+		$mode = "";
+	}
+}
+
+
+if( $mode != "" )
+{
+	if( $mode == "edit" || $mode == "add" )
+	{
+		//
+		// They want to add a new rank, show the form.
+		//
+		$rank_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
+		
+		$s_hidden_fields = "";
+		
+		if( $mode == "edit" )
+		{
+			if( empty($rank_id) )
+			{
+				message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
+			}
+
+			$sql = "SELECT * FROM " . RANKS_TABLE . "
+				WHERE rank_id = $rank_id";
+			if(!$result = $db->sql_query($sql))
+			{
+				message_die(GENERAL_ERROR, "Couldn't obtain rank data", "", __LINE__, __FILE__, $sql);
+			}
+			
+			$rank_info = $db->sql_fetchrow($result);
+			$s_hidden_fields .= '<input type="hidden" name="id" value="' . $rank_id . '" />';
+
+		}
+		else
+		{
+			$rank_info['rank_special'] = 0;
+		}
+
+		$s_hidden_fields .= '<input type="hidden" name="mode" value="save" />';
+
+		$rank_is_special = ( $rank_info['rank_special'] ) ? "checked=\"checked\"" : "";
+		$rank_is_not_special = ( !$rank_info['rank_special'] ) ? "checked=\"checked\"" : "";
+		
+		$template->set_filenames(array(
+			"body" => "admin/ranks_edit_body.tpl")
+		);
+
+		$template->assign_vars(array(
+			"RANK" => $rank_info['rank_title'],
+			"SPECIAL_RANK" => $rank_is_special,
+			"NOT_SPECIAL_RANK" => $rank_is_not_special,
+			"MINIMUM" => ( $rank_is_special ) ? "" : $rank_info['rank_min'],
+			"IMAGE" => ( $rank_info['rank_image'] != "" ) ? $rank_info['rank_image'] : "",
+			"IMAGE_DISPLAY" => ( $rank_info['rank_image'] != "" ) ? '<img src="../' . $rank_info['rank_image'] . '" />' : "",
+			
+			"L_RANKS_TITLE" => $lang['Ranks_title'],
+			"L_RANKS_TEXT" => $lang['Ranks_explain'],
+			"L_RANK_TITLE" => $lang['Rank_title'],
+			"L_RANK_SPECIAL" => $lang['Rank_special'],
+			"L_RANK_MINIMUM" => $lang['Rank_minimum'],
+			"L_RANK_IMAGE" => $lang['Rank_image'],
+			"L_RANK_IMAGE_EXPLAIN" => $lang['Rank_image_explain'],
+			"L_SUBMIT" => $lang['Submit'],
+			"L_RESET" => $lang['Reset'],
+			"L_YES" => $lang['Yes'],
+			"L_NO" => $lang['No'],
+			
+			"S_RANK_ACTION" => append_sid("admin_ranks.$phpEx"),
+			"S_HIDDEN_FIELDS" => $s_hidden_fields)
+		);
+		
+	}
+	else if( $mode == "save" )
+	{
+		//
+		// Ok, they sent us our info, let's update it.
+		//
+		
+		$rank_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
+		$rank_title = ( isset($HTTP_POST_VARS['title']) ) ? trim($HTTP_POST_VARS['title']) : "";
+		$special_rank = ( $HTTP_POST_VARS['special_rank'] == 1 ) ? TRUE : 0;
+		$min_posts = ( isset($HTTP_POST_VARS['min_posts']) ) ? intval($HTTP_POST_VARS['min_posts']) : -1;
+		$rank_image = ( (isset($HTTP_POST_VARS['rank_image'])) ) ? trim($HTTP_POST_VARS['rank_image']) : "";
+
+		if( $rank_title == "" )
+		{
+			message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
+		}
+
+		if( $special_rank == 1 )
+		{
+			$max_posts = -1;
+			$min_posts = -1;
+		}
+
+		//
+		// The rank image has to be a jpg, gif or png
+		//
+		if($rank_image != "")
+		{
+			if ( !preg_match("/(\.gif|\.png|\.jpg)$/is", $rank_image))
+			{
+				$rank_image = "";
+			}
+		}
+
+		if ($rank_id)
+		{
+			if (!$special_rank)
+			{
+				$sql = "UPDATE " . USERS_TABLE . " 
+					SET user_rank = 0 
+					WHERE user_rank = $rank_id";
+
+				if( !$result = $db->sql_query($sql) ) 
+				{
+					message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql);
+				}
+			}
+			$sql = "UPDATE " . RANKS_TABLE . "
+				SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "'
+				WHERE rank_id = $rank_id";
+
+			$message = $lang['Rank_updated'];
+		}
+		else
+		{
+			$sql = "INSERT INTO " . RANKS_TABLE . " (rank_title, rank_special, rank_min, rank_image)
+				VALUES ('" . str_replace("\'", "''", $rank_title) . "', $special_rank, $min_posts, '" . str_replace("\'", "''", $rank_image) . "')";
+
+			$message = $lang['Rank_added'];
+		}
+		
+		if( !$result = $db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't update/insert into ranks table", "", __LINE__, __FILE__, $sql);
+		}
+
+		$message .= "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . append_sid("admin_ranks.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+		message_die(GENERAL_MESSAGE, $message);
+
+	}
+	else if( $mode == "delete" )
+	{
+		//
+		// Ok, they want to delete their rank
+		//
+		
+		if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
+		{
+			$rank_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : intval($HTTP_GET_VARS['id']);
+		}
+		else
+		{
+			$rank_id = 0;
+		}
+		
+		if( $rank_id )
+		{
+			$sql = "DELETE FROM " . RANKS_TABLE . "
+				WHERE rank_id = $rank_id";
+			
+			if( !$result = $db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't delete rank data", "", __LINE__, __FILE__, $sql);
+			}
+			
+			$sql = "UPDATE " . USERS_TABLE . " 
+				SET user_rank = 0 
+				WHERE user_rank = $rank_id";
+
+			if( !$result = $db->sql_query($sql) ) 
+			{
+				message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql);
+			}
+
+			$message = $lang['Rank_removed'] . "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . append_sid("admin_ranks.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+
+		}
+		else
+		{
+			message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
+		}
+	}
+	else
+	{
+		//
+		// They didn't feel like giving us any information. Oh, too bad, we'll just display the
+		// list then...
+		//
+		$template->set_filenames(array(
+			"body" => "admin/ranks_list_body.tpl")
+		);
+		
+		$sql = "SELECT * FROM " . RANKS_TABLE . "
+			ORDER BY rank_min, rank_title";
+		if( !$result = $db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
+		}
+		
+		$rank_rows = $db->sql_fetchrowset($result);
+		$rank_count = count($rank_rows);
+		
+		$template->assign_vars(array(
+			"L_RANKS_TITLE" => $lang['Ranks_title'],
+			"L_RANKS_TEXT" => $lang['Ranks_explain'],
+			"L_RANK" => $lang['Rank_title'],
+			"L_RANK_MINIMUM" => $lang['Rank_minimum'],
+			"L_SPECIAL_RANK" => $lang['Special_rank'],
+			"L_EDIT" => $lang['Edit'],
+			"L_DELETE" => $lang['Delete'],
+			"L_ADD_RANK" => $lang['Add_new_rank'],
+			"L_ACTION" => $lang['Action'],
+			
+			"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
+		);
+		
+		for( $i = 0; $i < $rank_count; $i++)
+		{
+			$rank = $rank_rows[$i]['rank_title'];
+			$special_rank = $rank_rows[$i]['rank_special'];
+			$rank_id = $rank_rows[$i]['rank_id'];
+			$rank_min = $rank_rows[$i]['rank_min'];
+
+			if($special_rank)
+			{
+				$rank_min = $rank_max = "-";
+			}
+			
+			$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+			$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+	
+			$template->assign_block_vars("ranks", array(
+				"ROW_COLOR" => "#" . $row_color,
+				"ROW_CLASS" => $row_class,
+				"RANK" => $rank,
+				"RANK_MIN" => $rank_min,
+
+				"SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
+
+				"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
+				"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
+			);
+		}
+	}
+}
+else
+{
+	//
+	// Show the default page
+	//
+	$template->set_filenames(array(
+		"body" => "admin/ranks_list_body.tpl")
+	);
+	
+	$sql = "SELECT * FROM " . RANKS_TABLE . "
+		ORDER BY rank_min ASC, rank_special ASC";
+	if( !$result = $db->sql_query($sql) )
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
+	}
+	$rank_count = $db->sql_numrows($result);
+
+	$rank_rows = $db->sql_fetchrowset($result);
+	
+	$template->assign_vars(array(
+		"L_RANKS_TITLE" => $lang['Ranks_title'],
+		"L_RANKS_TEXT" => $lang['Ranks_explain'],
+		"L_RANK" => $lang['Rank_title'],
+		"L_RANK_MINIMUM" => $lang['Rank_minimum'],
+		"L_SPECIAL_RANK" => $lang['Rank_special'],
+		"L_EDIT" => $lang['Edit'],
+		"L_DELETE" => $lang['Delete'],
+		"L_ADD_RANK" => $lang['Add_new_rank'],
+		"L_ACTION" => $lang['Action'],
+		
+		"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
+	);
+	
+	for($i = 0; $i < $rank_count; $i++)
+	{
+		$rank = $rank_rows[$i]['rank_title'];
+		$special_rank = $rank_rows[$i]['rank_special'];
+		$rank_id = $rank_rows[$i]['rank_id'];
+		$rank_min = $rank_rows[$i]['rank_min'];
+		
+		if( $special_rank == 1 )
+		{
+			$rank_min = $rank_max = "-";
+		}
+
+		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+
+		$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
+		
+		$template->assign_block_vars("ranks", array(
+			"ROW_COLOR" => "#" . $row_color,
+			"ROW_CLASS" => $row_class,
+			"RANK" => $rank,
+			"SPECIAL_RANK" => $rank_is_special,
+			"RANK_MIN" => $rank_min,
+
+			"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
+			"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
+		);
+	}
+}
+
+$template->pparse("body");
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_smilies.php

@@ -0,0 +1,559 @@
+<?php
+/***************************************************************************
+*                               admin_smilies.php
+*                              -------------------
+*     begin                : Thu May 31, 2001
+*     copyright            : (C) 2001 The phpBB Group
+*     email                : support@phpbb.com
+*
+*     $Id$
+*
+****************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+/**************************************************************************
+*	This file will be used for modifying the smiley settings for a board.
+**************************************************************************/
+
+define('IN_PHPBB', 1);
+
+//
+// First we do the setmodules stuff for the admin cp.
+//
+if( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['General']['Smilies'] = $filename;
+
+	return;
+}
+
+//
+// Load default header
+//
+if( isset($HTTP_GET_VARS['export_pack']) )
+{
+	if ( $HTTP_GET_VARS['export_pack'] == "send" )
+	{	
+		$no_page_header = true;
+	}
+}
+
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+//
+// Check to see what mode we should operate in.
+//
+if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
+{
+	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+	$mode = htmlspecialchars($mode);
+}
+else
+{
+	$mode = "";
+}
+
+$delimeter  = '=+:';
+
+//
+// Read a listing of uploaded smilies for use in the add or edit smliey code...
+//
+$dir = @opendir($phpbb_root_path . $board_config['smilies_path']);
+
+while($file = @readdir($dir))
+{
+	if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) )
+	{
+		$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file);
+
+		if( $img_size[0] && $img_size[1] )
+		{
+			$smiley_images[] = $file;
+		}
+		else if( eregi('.pak$', $file) )
+		{	
+			$smiley_paks[] = $file;
+		}
+	}
+}
+
+@closedir($dir);
+
+//
+// Select main mode
+//
+if( isset($HTTP_GET_VARS['import_pack']) || isset($HTTP_POST_VARS['import_pack']) )
+{
+	//
+	// Import a list a "Smiley Pack"
+	//
+	$smile_pak = ( isset($HTTP_POST_VARS['smile_pak']) ) ? $HTTP_POST_VARS['smile_pak'] : $HTTP_GET_VARS['smile_pak'];
+	$clear_current = ( isset($HTTP_POST_VARS['clear_current']) ) ? $HTTP_POST_VARS['clear_current'] : $HTTP_GET_VARS['clear_current'];
+	$replace_existing = ( isset($HTTP_POST_VARS['replace']) ) ? $HTTP_POST_VARS['replace'] : $HTTP_GET_VARS['replace'];
+
+	if ( !empty($smile_pak) )
+	{
+		//
+		// The user has already selected a smile_pak file.. Import it.
+		//
+		if( !empty($clear_current)  )
+		{
+			$sql = "DELETE 
+				FROM " . SMILIES_TABLE;
+			if( !$result = $db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't delete current smilies", "", __LINE__, __FILE__, $sql);
+			}
+		}
+		else
+		{
+			$sql = "SELECT code 
+				FROM ". SMILIES_TABLE;
+			if( !$result = $db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't get current smilies", "", __LINE__, __FILE__, $sql);
+			}
+
+			$cur_smilies = $db->sql_fetchrowset($result);
+
+			for( $i = 0; $i < count($cur_smilies); $i++ )
+			{
+				$k = $cur_smilies[$i]['code'];
+				$smiles[$k] = 1;
+			}
+		}
+
+		$fcontents = @file($phpbb_root_path . $board_config['smilies_path'] . '/'. $smile_pak);
+
+		if( empty($fcontents) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't read smiley pak file", "", __LINE__, __FILE__, $sql);
+		}
+
+		for( $i = 0; $i < count($fcontents); $i++ )
+		{
+			$smile_data = explode($delimeter, trim(addslashes($fcontents[$i])));
+
+			for( $j = 2; $j < count($smile_data); $j++)
+			{
+				//
+				// Replace > and < with the proper html_entities for matching.
+				//
+				$smile_data[$j] = str_replace("<", "&lt;", $smile_data[$j]);
+				$smile_data[$j] = str_replace(">", "&gt;", $smile_data[$j]);
+				$k = $smile_data[$j];
+
+				if( $smiles[$k] == 1 )
+				{
+					if( !empty($replace_existing) )
+					{
+						$sql = "UPDATE " . SMILIES_TABLE . " 
+							SET smile_url = '" . str_replace("\'", "''", $smile_data[0]) . "', emoticon = '" . str_replace("\'", "''", $smile_data[1]) . "' 
+							WHERE code = '" . str_replace("\'", "''", $smile_data[$j]) . "'";
+					}
+					else
+					{
+						$sql = '';
+					}
+				}
+				else
+				{
+					$sql = "INSERT INTO " . SMILIES_TABLE . " (code, smile_url, emoticon)
+						VALUES('" . str_replace("\'", "''", $smile_data[$j]) . "', '" . str_replace("\'", "''", $smile_data[0]) . "', '" . str_replace("\'", "''", $smile_data[1]) . "')";
+				}
+
+				if( $sql != '' )
+				{
+					$result = $db->sql_query($sql);
+					if( !$result )
+					{
+						message_die(GENERAL_ERROR, "Couldn't update smilies!", "", __LINE__, __FILE__, $sql);
+					}
+				}
+			}
+		}
+
+		$message = $lang['smiley_import_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+		message_die(GENERAL_MESSAGE, $message);
+		
+	}
+	else
+	{
+		//
+		// Display the script to get the smile_pak cfg file...
+		//
+		$smile_paks_select = "<select name='smile_pak'><option value=''>" . $lang['Select_pak'] . "</option>";
+		while( list($key, $value) = @each($smiley_paks) )
+		{
+			if ( !empty($value) ) 
+			{
+				$smile_paks_select .= "<option>" . $value . "</option>";
+			}
+		}
+		$smile_paks_select .= "</select>";
+
+		$hidden_vars = "<input type='hidden' name='mode' value='import'>";	
+
+		$template->set_filenames(array(
+			"body" => "admin/smile_import_body.tpl")
+		);
+
+		$template->assign_vars(array(
+			"L_SMILEY_TITLE" => $lang['smiley_title'],
+			"L_SMILEY_EXPLAIN" => $lang['smiley_import_inst'],
+			"L_SMILEY_IMPORT" => $lang['smiley_import'],
+			"L_SELECT_LBL" => $lang['choose_smile_pak'],
+			"L_IMPORT" => $lang['import'],
+			"L_CONFLICTS" => $lang['smile_conflicts'],
+			"L_DEL_EXISTING" => $lang['del_existing_smileys'], 
+			"L_REPLACE_EXISTING" => $lang['replace_existing'], 
+			"L_KEEP_EXISTING" => $lang['keep_existing'], 
+
+			"S_SMILEY_ACTION" => append_sid("admin_smilies.$phpEx"),
+			"S_SMILE_SELECT" => $smile_paks_select,
+			"S_HIDDEN_FIELDS" => $hidden_vars)
+		);
+
+		$template->pparse("body");
+	}
+}
+else if( isset($HTTP_POST_VARS['export_pack']) || isset($HTTP_GET_VARS['export_pack']) )
+{
+	//
+	// Export our smiley config as a smiley pak...
+	//
+	if ( $HTTP_GET_VARS['export_pack'] == "send" )
+	{	
+		$sql = "SELECT * 
+			FROM " . SMILIES_TABLE;
+		if( !$result = $db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql);
+		}
+
+		$resultset = $db->sql_fetchrowset($result);
+
+		$smile_pak = "";
+		for($i = 0; $i < count($resultset); $i++ )
+		{
+			$smile_pak .= $resultset[$i]['smile_url'] . $delimeter;
+			$smile_pak .= $resultset[$i]['emoticon'] . $delimeter;
+			$smile_pak .= $resultset[$i]['code'] . "\n";
+		}
+
+		header("Content-Type: text/x-delimtext; name=\"smiles.pak\"");
+		header("Content-disposition: attachment; filename=smiles.pak");
+
+		echo $smile_pak;
+
+		exit;
+	}
+
+	$message = sprintf($lang['export_smiles'], "<a href=\"" . append_sid("admin_smilies.$phpEx?export_pack=send", true) . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+	message_die(GENERAL_MESSAGE, $message);
+
+}
+else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add']) )
+{
+	//
+	// Admin has selected to add a smiley.
+	//
+
+	$template->set_filenames(array(
+		"body" => "admin/smile_edit_body.tpl")
+	);
+
+	$filename_list = "";
+	for( $i = 0; $i < count($smiley_images); $i++ )
+	{
+		$filename_list .= '<option value="' . $smiley_images[$i] . '">' . $smiley_images[$i] . '</option>';
+	}
+
+	$s_hidden_fields = '<input type="hidden" name="mode" value="savenew" />';
+
+	$template->assign_vars(array(
+		"L_SMILEY_TITLE" => $lang['smiley_title'],
+		"L_SMILEY_CONFIG" => $lang['smiley_config'],
+		"L_SMILEY_EXPLAIN" => $lang['smile_desc'],
+		"L_SMILEY_CODE" => $lang['smiley_code'],
+		"L_SMILEY_URL" => $lang['smiley_url'],
+		"L_SMILEY_EMOTION" => $lang['smiley_emot'],
+		"L_SUBMIT" => $lang['Submit'],
+		"L_RESET" => $lang['Reset'],
+
+		"SMILEY_IMG" => $phpbb_root_path . $board_config['smilies_path'] . '/' . $smiley_images[0], 
+
+		"S_SMILEY_ACTION" => append_sid("admin_smilies.$phpEx"), 
+		"S_HIDDEN_FIELDS" => $s_hidden_fields, 
+		"S_FILENAME_OPTIONS" => $filename_list, 
+		"S_SMILEY_BASEDIR" => $phpbb_root_path . $board_config['smilies_path'])
+	);
+
+	$template->pparse("body");
+}
+else if ( $mode != "" )
+{
+	switch( $mode )
+	{
+		case 'delete':
+			//
+			// Admin has selected to delete a smiley.
+			//
+
+			$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+			$smiley_id = intval($smiley_id);
+
+			$sql = "DELETE FROM " . SMILIES_TABLE . "
+				WHERE smilies_id = " . $smiley_id;
+			$result = $db->sql_query($sql);
+			if( !$result )
+			{
+				message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
+			}
+
+			$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+			break;
+
+		case 'edit':
+			//
+			// Admin has selected to edit a smiley.
+			//
+
+			$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+			$smiley_id = intval($smiley_id);
+
+			$sql = "SELECT *
+				FROM " . SMILIES_TABLE . "
+				WHERE smilies_id = " . $smiley_id;
+			$result = $db->sql_query($sql);
+			if( !$result )
+			{
+				message_die(GENERAL_ERROR, 'Could not obtain emoticon information', "", __LINE__, __FILE__, $sql);
+			}
+			$smile_data = $db->sql_fetchrow($result);
+
+			$filename_list = "";
+			for( $i = 0; $i < count($smiley_images); $i++ )
+			{
+				if( $smiley_images[$i] == $smile_data['smile_url'] )
+				{
+					$smiley_selected = "selected=\"selected\"";
+					$smiley_edit_img = $smiley_images[$i];
+				}
+				else
+				{
+					$smiley_selected = "";
+				}
+
+				$filename_list .= '<option value="' . $smiley_images[$i] . '"' . $smiley_selected . '>' . $smiley_images[$i] . '</option>';
+			}
+
+			$template->set_filenames(array(
+				"body" => "admin/smile_edit_body.tpl")
+			);
+
+			$s_hidden_fields = '<input type="hidden" name="mode" value="save" /><input type="hidden" name="smile_id" value="' . $smile_data['smilies_id'] . '" />';
+
+			$template->assign_vars(array(
+				"SMILEY_CODE" => $smile_data['code'],
+				"SMILEY_EMOTICON" => $smile_data['emoticon'],
+
+				"L_SMILEY_TITLE" => $lang['smiley_title'],
+				"L_SMILEY_CONFIG" => $lang['smiley_config'],
+				"L_SMILEY_EXPLAIN" => $lang['smile_desc'],
+				"L_SMILEY_CODE" => $lang['smiley_code'],
+				"L_SMILEY_URL" => $lang['smiley_url'],
+				"L_SMILEY_EMOTION" => $lang['smiley_emot'],
+				"L_SUBMIT" => $lang['Submit'],
+				"L_RESET" => $lang['Reset'],
+
+				"SMILEY_IMG" => $phpbb_root_path . $board_config['smilies_path'] . '/' . $smiley_edit_img, 
+
+				"S_SMILEY_ACTION" => append_sid("admin_smilies.$phpEx"),
+				"S_HIDDEN_FIELDS" => $s_hidden_fields, 
+				"S_FILENAME_OPTIONS" => $filename_list, 
+				"S_SMILEY_BASEDIR" => $phpbb_root_path . $board_config['smilies_path'])
+			);
+
+			$template->pparse("body");
+			break;
+
+		case "save":
+			//
+			// Admin has submitted changes while editing a smiley.
+			//
+
+			//
+			// Get the submitted data, being careful to ensure that we only
+			// accept the data we are looking for.
+			//
+			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
+			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
+			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
+			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
+
+			// If no code was entered complain ...
+			if ($smile_code == '' || $smile_url == '')
+			{
+				message_die(MESSAGE, $lang['Fields_empty']);
+			}
+
+			//
+			// Convert < and > to proper htmlentities for parsing.
+			//
+			$smile_code = str_replace('<', '&lt;', $smile_code);
+			$smile_code = str_replace('>', '&gt;', $smile_code);
+
+			//
+			// Proceed with updating the smiley table.
+			//
+			$sql = "UPDATE " . SMILIES_TABLE . "
+				SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "'
+				WHERE smilies_id = $smile_id";
+			if( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql);
+			}
+
+			$message = $lang['smiley_edit_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+			break;
+
+		case "savenew":
+			//
+			// Admin has submitted changes while adding a new smiley.
+			//
+
+			//
+			// Get the submitted data being careful to ensure the the data
+			// we recieve and process is only the data we are looking for.
+			//
+			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
+			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
+			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
+			$smile_code = trim($smile_code);
+			$smile_url = trim($smile_url);
+			$smile_emotion = trim($smile_emotion);
+
+			// If no code was entered complain ...
+			if ($smile_code == '' || $smile_url == '')
+			{
+				message_die(MESSAGE, $lang['Fields_empty']);
+			}
+
+			//
+			// Convert < and > to proper htmlentities for parsing.
+			//
+			$smile_code = str_replace('<', '&lt;', $smile_code);
+			$smile_code = str_replace('>', '&gt;', $smile_code);
+
+			//
+			// Save the data to the smiley table.
+			//
+			$sql = "INSERT INTO " . SMILIES_TABLE . " (code, smile_url, emoticon)
+				VALUES ('" . str_replace("\'", "''", $smile_code) . "', '" . str_replace("\'", "''", $smile_url) . "', '" . str_replace("\'", "''", $smile_emotion) . "')";
+			$result = $db->sql_query($sql);
+			if( !$result )
+			{
+				message_die(GENERAL_ERROR, "Couldn't insert new smiley", "", __LINE__, __FILE__, $sql);
+			}
+
+			$message = $lang['smiley_add_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+			break;
+	}
+}
+else
+{
+
+	//
+	// This is the main display of the page before the admin has selected
+	// any options.
+	//
+	$sql = "SELECT *
+		FROM " . SMILIES_TABLE;
+	$result = $db->sql_query($sql);
+	if( !$result )
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain smileys from database", "", __LINE__, __FILE__, $sql);
+	}
+
+	$smilies = $db->sql_fetchrowset($result);
+
+	$template->set_filenames(array(
+		"body" => "admin/smile_list_body.tpl")
+	);
+
+	$template->assign_vars(array(
+		"L_ACTION" => $lang['Action'],
+		"L_SMILEY_TITLE" => $lang['smiley_title'],
+		"L_SMILEY_TEXT" => $lang['smile_desc'],
+		"L_DELETE" => $lang['Delete'],
+		"L_EDIT" => $lang['Edit'],
+		"L_SMILEY_ADD" => $lang['smile_add'],
+		"L_CODE" => $lang['Code'],
+		"L_EMOT" => $lang['Emotion'],
+		"L_SMILE" => $lang['Smile'],
+		"L_IMPORT_PACK" => $lang['import_smile_pack'],
+		"L_EXPORT_PACK" => $lang['export_smile_pack'],
+		
+		"S_HIDDEN_FIELDS" => $s_hidden_fields, 
+		"S_SMILEY_ACTION" => append_sid("admin_smilies.$phpEx"))
+	);
+
+	//
+	// Loop throuh the rows of smilies setting block vars for the template.
+	//
+	for($i = 0; $i < count($smilies); $i++)
+	{
+		//
+		// Replace htmlentites for < and > with actual character.
+		//
+		$smilies[$i]['code'] = str_replace('&lt;', '<', $smilies[$i]['code']);
+		$smilies[$i]['code'] = str_replace('&gt;', '>', $smilies[$i]['code']);
+		
+		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+
+		$template->assign_block_vars("smiles", array(
+			"ROW_COLOR" => "#" . $row_color,
+			"ROW_CLASS" => $row_class,
+			
+			"SMILEY_IMG" =>  $phpbb_root_path . $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'], 
+			"CODE" => $smilies[$i]['code'],
+			"EMOT" => $smilies[$i]['emoticon'],
+			
+			"U_SMILEY_EDIT" => append_sid("admin_smilies.$phpEx?mode=edit&amp;id=" . $smilies[$i]['smilies_id']), 
+			"U_SMILEY_DELETE" => append_sid("admin_smilies.$phpEx?mode=delete&amp;id=" . $smilies[$i]['smilies_id']))
+		);
+	}
+
+	//
+	// Spit out the page.
+	//
+	$template->pparse("body");
+}
+
+//
+// Page Footer
+//
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_styles.php

@@ -0,0 +1,940 @@
+<?php
+/***************************************************************************
+ *                              admin_styles.php
+ *                            -------------------
+ *   begin                : Thursday, Jul 12, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if( !empty($setmodules) )
+{
+	$file = basename(__FILE__);
+	$module['Styles']['Add_new'] = "$file?mode=addnew";
+	$module['Styles']['Create_new'] = "$file?mode=create";
+	$module['Styles']['Manage'] = "$file";
+	$module['Styles']['Export'] = "$file?mode=export";
+	return;
+}
+
+//
+// Load default header
+//
+//
+// Check if the user has cancled a confirmation message.
+//
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+
+$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
+$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
+
+$no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE;
+
+require('./pagestart.' . $phpEx);
+
+$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
+$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
+
+if ($cancel)
+{
+	redirect('admin/' . append_sid("admin_styles.$phpEx", true));
+}
+
+if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+{
+	$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
+	$mode = htmlspecialchars($mode);
+}
+else 
+{
+	$mode = "";
+}
+
+switch( $mode )
+{
+	case "addnew":
+		$install_to = ( isset($HTTP_GET_VARS['install_to']) ) ? urldecode($HTTP_GET_VARS['install_to']) : $HTTP_POST_VARS['install_to'];
+		$style_name = ( isset($HTTP_GET_VARS['style']) ) ? urldecode($HTTP_GET_VARS['style']) : $HTTP_POST_VARS['style'];
+	
+		if( isset($install_to) )
+		{
+
+			include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg");
+
+			$template_name = $$install_to;
+			$found = FALSE; 
+			
+			for($i = 0; $i < count($template_name) && !$found; $i++)
+			{
+				if( $template_name[$i]['style_name'] == $style_name )
+				{
+					while(list($key, $val) = each($template_name[$i]))
+					{
+						$db_fields[] = $key;
+						$db_values[] = str_replace("\'", "''" , $val);
+					}
+				}
+			}
+					
+			$sql = "INSERT INTO " . THEMES_TABLE . " (";
+
+			for($i = 0; $i < count($db_fields); $i++)
+			{
+				$sql .= $db_fields[$i];
+				if($i != (count($db_fields) - 1))
+				{
+					$sql .= ", ";
+				}
+				
+			}
+
+			$sql .= ") VALUES (";
+
+			for($i = 0; $i < count($db_values); $i++)
+			{
+				$sql .= "'" . $db_values[$i] . "'";
+				if($i != (count($db_values) - 1))
+				{
+					$sql .= ", ";
+				}
+			}
+			$sql .= ")";
+			
+			if( !$result = $db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Could not insert theme data!", "", __LINE__, __FILE__, $sql);
+			}
+			
+			$message = $lang['Theme_installed'] . "<br /><br />" . sprintf($lang['Click_return_styleadmin'], "<a href=\"" . append_sid("admin_styles.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+		}
+		else
+		{
+			
+			$installable_themes = array();
+			
+			if( $dir = @opendir($phpbb_root_path. "templates/") )
+			{
+				while( $sub_dir = @readdir($dir) )
+				{
+					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
+					{
+						if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) )
+						{
+							include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg");
+							
+							for($i = 0; $i < count($$sub_dir); $i++)
+							{
+								$working_data = $$sub_dir;
+								
+								$style_name = $working_data[$i]['style_name'];
+														
+								$sql = "SELECT themes_id 
+									FROM " . THEMES_TABLE . " 
+									WHERE style_name = '" . str_replace("\'", "''", $style_name) . "'";
+								if(!$result = $db->sql_query($sql))
+								{
+									message_die(GENERAL_ERROR, "Could not query themes table!", "", __LINE__, __FILE__, $sql);
+								}
+
+								if(!$db->sql_numrows($result))
+								{
+									$installable_themes[] = $working_data[$i];
+								}
+							}
+						}
+					}
+				}
+				
+				$template->set_filenames(array(
+					"body" => "admin/styles_addnew_body.tpl")
+				);
+				
+				$template->assign_vars(array(
+					"L_STYLES_TITLE" => $lang['Styles_admin'],
+					"L_STYLES_ADD_TEXT" => $lang['Styles_addnew_explain'],
+					"L_STYLE" => $lang['Style'],
+					"L_TEMPLATE" => $lang['Template'],
+					"L_INSTALL" => $lang['Install'],
+					"L_ACTION" => $lang['Action'])
+				);
+					
+				for($i = 0; $i < count($installable_themes); $i++)
+				{
+					$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+					$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+		
+					$template->assign_block_vars("styles", array(
+						"ROW_CLASS" => $row_class,
+						"ROW_COLOR" => "#" . $row_color,
+						"STYLE_NAME" => $installable_themes[$i]['style_name'],
+						"TEMPLATE_NAME" => $installable_themes[$i]['template_name'],
+
+						"U_STYLES_INSTALL" => append_sid("admin_styles.$phpEx?mode=addnew&amp;style=" . urlencode($installable_themes[$i]['style_name']) . "&amp;install_to=" . urlencode($installable_themes[$i]['template_name'])))
+					);
+				
+				}
+				$template->pparse("body");
+					
+			}
+			closedir($dir);
+		}
+		break;
+	
+	case "create":
+	case "edit":
+		$submit = ( isset($HTTP_POST_VARS['submit']) ) ? TRUE : 0;
+		
+		if( $submit )
+		{
+			//	
+			// DAMN! Thats alot of data to validate...
+			//
+			$updated['style_name'] = $HTTP_POST_VARS['style_name'];
+			$updated['template_name'] = $HTTP_POST_VARS['template_name'];
+			$updated['head_stylesheet'] = $HTTP_POST_VARS['head_stylesheet'];
+			$updated['body_background'] = $HTTP_POST_VARS['body_background'];
+			$updated['body_bgcolor'] = $HTTP_POST_VARS['body_bgcolor'];
+			$updated['body_text'] = $HTTP_POST_VARS['body_text'];
+			$updated['body_link'] = $HTTP_POST_VARS['body_link'];
+			$updated['body_vlink'] = $HTTP_POST_VARS['body_vlink'];
+			$updated['body_alink'] = $HTTP_POST_VARS['body_alink'];
+			$updated['body_hlink'] = $HTTP_POST_VARS['body_hlink'];
+			$updated['tr_color1'] = $HTTP_POST_VARS['tr_color1'];
+			$updated_name['tr_color1_name'] =  $HTTP_POST_VARS['tr_color1_name'];
+			$updated['tr_color2'] = $HTTP_POST_VARS['tr_color2'];
+			$updated_name['tr_color2_name'] = $HTTP_POST_VARS['tr_color2_name'];
+			$updated['tr_color3'] = $HTTP_POST_VARS['tr_color3'];
+			$updated_name['tr_color3_name'] = $HTTP_POST_VARS['tr_color3_name'];
+			$updated['tr_class1'] = $HTTP_POST_VARS['tr_class1'];
+			$updated_name['tr_class1_name'] = $HTTP_POST_VARS['tr_class1_name'];
+			$updated['tr_class2'] = $HTTP_POST_VARS['tr_class2'];
+			$updated_name['tr_class2_name'] = $HTTP_POST_VARS['tr_class2_name'];
+			$updated['tr_class3'] = $HTTP_POST_VARS['tr_class3'];
+			$updated_name['tr_class3_name'] = $HTTP_POST_VARS['tr_class3_name'];
+			$updated['th_color1'] = $HTTP_POST_VARS['th_color1'];
+			$updated_name['th_color1_name'] = $HTTP_POST_VARS['th_color1_name'];
+			$updated['th_color2'] = $HTTP_POST_VARS['th_color2'];
+			$updated_name['th_color2_name'] = $HTTP_POST_VARS['th_color2_name'];
+			$updated['th_color3'] = $HTTP_POST_VARS['th_color3'];
+			$updated_name['th_color3_name'] = $HTTP_POST_VARS['th_color3_name'];
+			$updated['th_class1'] = $HTTP_POST_VARS['th_class1'];
+			$updated_name['th_class1_name'] = $HTTP_POST_VARS['th_class1_name'];
+			$updated['th_class2'] = $HTTP_POST_VARS['th_class2'];
+			$updated_name['th_class2_name'] = $HTTP_POST_VARS['th_class2_name'];
+			$updated['th_class3'] = $HTTP_POST_VARS['th_class3'];
+			$updated_name['th_class3_name'] = $HTTP_POST_VARS['th_class3_name'];
+			$updated['td_color1'] = $HTTP_POST_VARS['td_color1'];
+			$updated_name['td_color1_name'] = $HTTP_POST_VARS['td_color1_name'];
+			$updated['td_color2'] = $HTTP_POST_VARS['td_color2'];
+			$updated_name['td_color2_name'] = $HTTP_POST_VARS['td_color2_name'];
+			$updated['td_color3'] = $HTTP_POST_VARS['td_color3'];
+			$updated_name['td_color3_name'] = $HTTP_POST_VARS['td_color3_name'];
+			$updated['td_class1'] = $HTTP_POST_VARS['td_class1'];
+			$updated_name['td_class1_name'] = $HTTP_POST_VARS['td_class1_name'];
+			$updated['td_class2'] = $HTTP_POST_VARS['td_class2'];
+			$updated_name['td_class2_name'] = $HTTP_POST_VARS['td_class2_name'];
+			$updated['td_class3'] = $HTTP_POST_VARS['td_class3'];
+			$updated_name['td_class3_name'] = $HTTP_POST_VARS['td_class3_name'];
+			$updated['fontface1'] = $HTTP_POST_VARS['fontface1'];
+			$updated_name['fontface1_name'] = $HTTP_POST_VARS['fontface1_name'];
+			$updated['fontface2'] = $HTTP_POST_VARS['fontface2'];
+			$updated_name['fontface2_name'] = $HTTP_POST_VARS['fontface2_name'];
+			$updated['fontface3'] = $HTTP_POST_VARS['fontface3'];
+			$updated_name['fontface3_name'] = $HTTP_POST_VARS['fontface3_name'];
+			$updated['fontsize1'] = intval($HTTP_POST_VARS['fontsize1']);
+			$updated_name['fontsize1_name'] = $HTTP_POST_VARS['fontsize1_name'];
+			$updated['fontsize2'] = intval($HTTP_POST_VARS['fontsize2']);
+			$updated_name['fontsize2_name'] = $HTTP_POST_VARS['fontsize2_name'];
+			$updated['fontsize3'] = intval($HTTP_POST_VARS['fontsize3']);
+			$updated_name['fontsize3_name'] = $HTTP_POST_VARS['fontsize3_name'];
+			$updated['fontcolor1'] = $HTTP_POST_VARS['fontcolor1'];
+			$updated_name['fontcolor1_name'] = $HTTP_POST_VARS['fontcolor1_name'];
+			$updated['fontcolor2'] = $HTTP_POST_VARS['fontcolor2'];
+			$updated_name['fontcolor2_name'] = $HTTP_POST_VARS['fontcolor2_name'];
+			$updated['fontcolor3'] = $HTTP_POST_VARS['fontcolor3'];
+			$updated_name['fontcolor3_name'] = $HTTP_POST_VARS['fontcolor3_name'];
+			$updated['span_class1'] = $HTTP_POST_VARS['span_class1'];
+			$updated_name['span_class1_name'] = $HTTP_POST_VARS['span_class1_name'];
+			$updated['span_class2'] = $HTTP_POST_VARS['span_class2'];
+			$updated_name['span_class2_name'] = $HTTP_POST_VARS['span_class2_name'];
+			$updated['span_class3'] = $HTTP_POST_VARS['span_class3'];
+			$updated_name['span_class3_name'] = $HTTP_POST_VARS['span_class3_name'];
+			$style_id = intval($HTTP_POST_VARS['style_id']);
+			//
+			// Wheeeew! Thank heavens for copy and paste and search and replace :D
+			//
+			
+			if($mode == "edit")
+			{
+				$sql = "UPDATE " . THEMES_TABLE . " SET ";
+				$count = 0;
+
+				while(list($key, $val) = each($updated))
+				{
+					if($count != 0)
+					{
+						$sql .= ", ";
+					}
+
+					//
+					// I don't like this but it'll keep MSSQL from throwing
+					// an error and save me alot of typing
+					//
+					$sql .= ( stristr($key, "fontsize") ) ? "$key = $val" : "$key = '" . str_replace("\'", "''", $val) . "'";
+
+					$count++;
+				}
+				
+				$sql .= " WHERE themes_id = $style_id";
+				
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not update themes table!", "", __LINE__, __FILE__, $sql);
+				}
+				
+				//
+				// Check if there's a names table entry for this style
+				//
+				$sql = "SELECT themes_id 
+					FROM " . THEMES_NAME_TABLE . " 
+					WHERE themes_id = $style_id";
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not get data from themes_name table", "", __LINE__, __FILE__, $sql);
+				}
+				
+				if($db->sql_numrows($result) > 0)
+				{
+					$sql = "UPDATE " . THEMES_NAME_TABLE . " 
+						SET ";
+					$count = 0;
+					while(list($key, $val) = each($updated_name))
+					{
+						if($count != 0)
+						{
+							$sql .= ", ";
+						}
+			
+						$sql .= "$key = '$val'";
+			
+						$count++;
+					}
+					
+					$sql .= " WHERE themes_id = $style_id";
+				}
+				else
+				{
+					//
+					// Nope, no names entry so we create a new one.
+					//
+					$sql = "INSERT INTO " . THEMES_NAME_TABLE . " (themes_id, ";
+					while(list($key, $val) = each($updated_name))
+					{
+						$fields[] = $key;
+						$vals[] = str_replace("\'", "''", $val);
+					}
+
+					for($i = 0; $i < count($fields); $i++)
+					{
+						if($i > 0)
+						{
+							$sql .= ", ";
+						}
+						$sql .= $fields[$i];
+					}
+					
+					$sql .= ") VALUES ($style_id, ";
+					for($i = 0; $i < count($vals); $i++)
+					{
+						if($i > 0)
+						{
+							$sql .= ", ";
+						}
+						$sql .= "'" . $vals[$i] . "'";
+					}
+					
+					$sql .= ")";
+				}
+										
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not update themes name table!", "", __LINE__, __FILE__, $sql);
+				}
+							
+				$message = $lang['Theme_updated'] . "<br /><br />" . sprintf($lang['Click_return_styleadmin'], "<a href=\"" . append_sid("admin_styles.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+				message_die(GENERAL_MESSAGE, $message);
+			}
+			else
+			{
+				//
+				// First, check if we already have a style by this name
+				//
+				$sql = "SELECT themes_id 
+					FROM " . THEMES_TABLE . " 
+					WHERE style_name = '" . str_replace("\'", "''", $updated['style_name']) . "'";
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not query themes table", "", __LINE__, __FILE__, $sql);
+				}
+				
+				if($db->sql_numrows($result))
+				{
+					message_die(GENERAL_ERROR, $lang['Style_exists'], $lang['Error']);
+				}				
+				
+				while(list($key, $val) = each($updated))
+				{
+					$field_names[] = $key;
+
+					if(stristr($key, "fontsize"))
+					{
+						$values[] = "$val";
+					}
+					else
+					{
+						$values[] = "'" . str_replace("\'", "''", $val) . "'";
+					}
+				}
+				
+				$sql = "INSERT 
+					INTO " . THEMES_TABLE . " (";
+				for($i = 0; $i < count($field_names); $i++)
+				{
+					if($i != 0)
+					{
+						$sql .= ", ";
+					}
+					$sql .= $field_names[$i];
+				}
+				
+				$sql .= ") VALUES (";
+				for($i = 0; $i < count($values); $i++)
+				{
+					if($i != 0)
+					{
+						$sql .= ", ";
+					}
+					$sql .= $values[$i];
+				}
+				$sql .= ")";
+				
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not update themes table!", "", __LINE__, __FILE__, $sql);
+				}
+				
+				$style_id = $db->sql_nextid();
+				
+				// 
+				// Insert names data
+				//
+				$sql = "INSERT INTO " . THEMES_NAME_TABLE . " (themes_id, ";
+				while(list($key, $val) = each($updated_name))
+				{
+					$fields[] = $key;
+					$vals[] = $val;
+				}
+
+				for($i = 0; $i < count($fields); $i++)
+				{
+					if($i > 0)
+					{
+						$sql .= ", ";
+					}
+					$sql .= $fields[$i];
+				}
+				
+				$sql .= ") VALUES ($style_id, ";
+				for($i = 0; $i < count($vals); $i++)
+				{
+					if($i > 0)
+					{
+					$sql .= ", ";
+					}
+				$sql .= "'" . $vals[$i] . "'";
+				}
+				
+				$sql .= ")";
+										
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not insert themes name table!", "", __LINE__, __FILE__, $sql);
+				}
+				
+				$message = $lang['Theme_created'] . "<br /><br />" . sprintf($lang['Click_return_styleadmin'], "<a href=\"" . append_sid("admin_styles.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+				message_die(GENERAL_MESSAGE, $message);
+			}
+		}
+		else
+		{
+			if($mode == "edit")
+			{
+				$themes_title = $lang['Edit_theme'];
+				$themes_explain = $lang['Edit_theme_explain'];
+				
+				$style_id = intval($HTTP_GET_VARS['style_id']);
+				
+				$selected_names = array();
+				$selected_values = array();
+				// 
+				// Fetch the Theme Info from the db
+				//
+				$sql = "SELECT * 
+					FROM " . THEMES_TABLE . " 
+					WHERE themes_id = $style_id";
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not get data from themes table", "", __LINE__, __FILE__, $sql);
+				}
+				
+				if ( $selected_values = $db->sql_fetchrow($result) )
+				{
+					while(list($key, $val) = @each($selected_values))
+					{
+						$selected[$key] = $val;
+					}
+				}
+				
+				//
+				// Fetch the Themes Name data
+				//
+				$sql = "SELECT * 
+					FROM " . THEMES_NAME_TABLE . " 
+					WHERE themes_id = $style_id";
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not get data from themes name table", "", __LINE__, __FILE__, $sql);
+				}
+				
+				if ( $selected_names = $db->sql_fetchrow($result) )
+				{
+					while(list($key, $val) = @each($selected_names))
+					{
+						$selected[$key] = $val;
+					}
+				}
+
+				$s_hidden_fields = '<input type="hidden" name="style_id" value="' . $style_id . '" />';
+			}
+			else
+			{
+				$themes_title = $lang['Create_theme'];
+				$themes_explain = $lang['Create_theme_explain'];
+			}
+			
+			$template->set_filenames(array(
+				"body" => "admin/styles_edit_body.tpl")
+			);
+			
+			if( $dir = @opendir($phpbb_root_path . 'templates/') )
+			{	
+				$s_template_select = '<select name="template_name">';
+				while( $file = @readdir($dir) )
+				{	
+					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && $file != "." && $file != ".." && $file != "CVS" )
+					{
+						if($file == $selected['template_name'])
+						{
+							$s_template_select .= '<option value="' . $file . '" selected="selected">' . $file . "</option>\n";
+						}
+						else
+						{
+							$s_template_select .= '<option value="' . $file . '">' . $file . "</option>\n";
+						}
+					}
+				}
+				$s_template_select .= '</select>';
+			}
+			else
+			{
+				message_die(GENERAL_MESSAGE, $lang['No_template_dir']);
+			}
+
+			$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
+
+			$template->assign_vars(array(
+				"L_THEMES_TITLE" => $themes_title,
+				"L_THEMES_EXPLAIN" => $themes_explain,
+				"L_THEME_NAME" => $lang['Theme_name'],
+				"L_TEMPLATE" => $lang['Template'],
+				"L_THEME_SETTINGS" => $lang['Theme_settings'],
+				"L_THEME_ELEMENT" => $lang['Theme_element'],
+				"L_SIMPLE_NAME" => $lang['Simple_name'],
+				"L_VALUE" => $lang['Value'],
+				"L_STYLESHEET" => $lang['Stylesheet'],
+				"L_BACKGROUND_IMAGE" => $lang['Background_image'],
+				"L_BACKGROUND_COLOR" => $lang['Background_color'],
+				"L_BODY_TEXT_COLOR" => $lang['Text_color'],
+				"L_BODY_LINK_COLOR" => $lang['Link_color'],
+				"L_BODY_VLINK_COLOR" => $lang['VLink_color'],
+				"L_BODY_ALINK_COLOR" => $lang['ALink_color'],
+				"L_BODY_HLINK_COLOR" => $lang['HLink_color'],
+				"L_TR_COLOR1" => $lang['Tr_color1'],
+				"L_TR_COLOR2" => $lang['Tr_color2'],
+				"L_TR_COLOR3" => $lang['Tr_color3'],
+				"L_TR_CLASS1" => $lang['Tr_class1'],
+				"L_TR_CLASS2" => $lang['Tr_class2'],
+				"L_TR_CLASS3" => $lang['Tr_class3'],
+				"L_TH_COLOR1" => $lang['Th_color1'],
+				"L_TH_COLOR2" => $lang['Th_color2'],
+				"L_TH_COLOR3" => $lang['Th_color3'],
+				"L_TH_CLASS1" => $lang['Th_class1'],
+				"L_TH_CLASS2" => $lang['Th_class2'],
+				"L_TH_CLASS3" => $lang['Th_class3'],
+				"L_TD_COLOR1" => $lang['Td_color1'],
+				"L_TD_COLOR2" => $lang['Td_color2'],
+				"L_TD_COLOR3" => $lang['Td_color3'],
+				"L_TD_CLASS1" => $lang['Td_class1'],
+				"L_TD_CLASS2" => $lang['Td_class2'],
+				"L_TD_CLASS3" => $lang['Td_class3'],
+				"L_FONTFACE_1" => $lang['fontface1'],
+				"L_FONTFACE_2" => $lang['fontface2'],
+				"L_FONTFACE_3" => $lang['fontface3'],
+				"L_FONTSIZE_1" => $lang['fontsize1'],
+				"L_FONTSIZE_2" => $lang['fontsize2'],
+				"L_FONTSIZE_3" => $lang['fontsize3'],
+				"L_FONTCOLOR_1" => $lang['fontcolor1'],
+				"L_FONTCOLOR_2" => $lang['fontcolor2'],
+				"L_FONTCOLOR_3" => $lang['fontcolor3'],
+				"L_SPAN_CLASS_1" => $lang['span_class1'],
+				"L_SPAN_CLASS_2" => $lang['span_class2'],
+				"L_SPAN_CLASS_3" => $lang['span_class3'],
+				"L_SAVE_SETTINGS" => $lang['Save_Settings'], 
+				"THEME_NAME" => $selected['style_name'],
+				"HEAD_STYLESHEET" => $selected['head_stylesheet'],
+				"BODY_BACKGROUND" => $selected['body_background'],
+				"BODY_BGCOLOR" => $selected['body_bgcolor'],
+				"BODY_TEXT_COLOR" => $selected['body_text'],
+				"BODY_LINK_COLOR" => $selected['body_link'],
+				"BODY_VLINK_COLOR" => $selected['body_vlink'],
+				"BODY_ALINK_COLOR" => $selected['body_alink'],
+				"BODY_HLINK_COLOR" => $selected['body_hlink'],
+				"TR_COLOR1" => $selected['tr_color1'],
+				"TR_COLOR2" => $selected['tr_color2'],
+				"TR_COLOR3" => $selected['tr_color3'],
+				"TR_CLASS1" => $selected['tr_class1'],
+				"TR_CLASS2" => $selected['tr_class2'],
+				"TR_CLASS3" => $selected['tr_class3'],
+				"TH_COLOR1" => $selected['th_color1'],
+				"TH_COLOR2" => $selected['th_color2'],
+				"TH_COLOR3" => $selected['th_color3'],
+				"TH_CLASS1" => $selected['th_class1'],
+				"TH_CLASS2" => $selected['th_class2'],
+				"TH_CLASS3" => $selected['th_class3'],
+				"TD_COLOR1" => $selected['td_color1'],
+				"TD_COLOR2" => $selected['td_color2'],
+				"TD_COLOR3" => $selected['td_color3'],
+				"TD_CLASS1" => $selected['td_class1'],
+				"TD_CLASS2" => $selected['td_class2'],
+				"TD_CLASS3" => $selected['td_class3'],
+				"FONTFACE1" => $selected['fontface1'],
+				"FONTFACE2" => $selected['fontface2'],
+				"FONTFACE3" => $selected['fontface3'],
+				"FONTSIZE1" => $selected['fontsize1'],
+				"FONTSIZE2" => $selected['fontsize2'],
+				"FONTSIZE3" => $selected['fontsize3'],
+				"FONTCOLOR1" => $selected['fontcolor1'],
+				"FONTCOLOR2" => $selected['fontcolor2'],
+				"FONTCOLOR3" => $selected['fontcolor3'],
+				"SPAN_CLASS1" => $selected['span_class1'],
+				"SPAN_CLASS2" => $selected['span_class2'],
+				"SPAN_CLASS3" => $selected['span_class3'],
+
+				"TR_COLOR1_NAME" => $selected['tr_color1_name'],
+				"TR_COLOR2_NAME" => $selected['tr_color2_name'],
+				"TR_COLOR3_NAME" => $selected['tr_color3_name'],
+				"TR_CLASS1_NAME" => $selected['tr_class1_name'],
+				"TR_CLASS2_NAME" => $selected['tr_class2_name'],
+				"TR_CLASS3_NAME" => $selected['tr_class3_name'],
+				"TH_COLOR1_NAME" => $selected['th_color1_name'],
+				"TH_COLOR2_NAME" => $selected['th_color2_name'],
+				"TH_COLOR3_NAME" => $selected['th_color3_name'],
+				"TH_CLASS1_NAME" => $selected['th_class1_name'],
+				"TH_CLASS2_NAME" => $selected['th_class2_name'],
+				"TH_CLASS3_NAME" => $selected['th_class3_name'],
+				"TD_COLOR1_NAME" => $selected['td_color1_name'],
+				"TD_COLOR2_NAME" => $selected['td_color2_name'],
+				"TD_COLOR3_NAME" => $selected['td_color3_name'],
+				"TD_CLASS1_NAME" => $selected['td_class1_name'],
+				"TD_CLASS2_NAME" => $selected['td_class2_name'],
+				"TD_CLASS3_NAME" => $selected['td_class3_name'],
+				"FONTFACE1_NAME" => $selected['fontface1_name'],
+				"FONTFACE2_NAME" => $selected['fontface2_name'],
+				"FONTFACE3_NAME" => $selected['fontface3_name'],
+				"FONTSIZE1_NAME" => $selected['fontsize1_name'],
+				"FONTSIZE2_NAME" => $selected['fontsize2_name'],
+				"FONTSIZE3_NAME" => $selected['fontsize3_name'],
+				"FONTCOLOR1_NAME" => $selected['fontcolor1_name'],
+				"FONTCOLOR2_NAME" => $selected['fontcolor2_name'],
+				"FONTCOLOR3_NAME" => $selected['fontcolor3_name'],
+				"SPAN_CLASS1_NAME" => $selected['span_class1_name'],
+				"SPAN_CLASS2_NAME" => $selected['span_class2_name'],
+				"SPAN_CLASS3_NAME" => $selected['span_class3_name'],
+				
+				"S_THEME_ACTION" => append_sid("admin_styles.$phpEx"),
+				"S_TEMPLATE_SELECT" => $s_template_select,
+				"S_HIDDEN_FIELDS" => $s_hidden_fields)
+			);
+			
+			$template->pparse("body");
+		}
+		break;
+
+	case "export";
+		if($HTTP_POST_VARS['export_template'])
+		{
+			$template_name = $HTTP_POST_VARS['export_template'];
+
+			$sql = "SELECT * 
+				FROM " . THEMES_TABLE . " 
+				WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
+			if(!$result = $db->sql_query($sql))
+			{
+				message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql);
+			}
+			
+			$theme_rowset = $db->sql_fetchrowset($result);
+			
+			if( count($theme_rowset) == 0 )
+			{
+				message_die(GENERAL_MESSAGE, $lang['No_themes']);
+			}
+			
+			$theme_data = '<?php'."\n\n";
+			$theme_data .= "//\n// phpBB 2.x auto-generated theme config file for $template_name\n// Do not change anything in this file!\n//\n\n";
+
+			for($i = 0; $i < count($theme_rowset); $i++)
+			{
+				while(list($key, $val) = each($theme_rowset[$i]))
+				{
+					if(!intval($key) && $key != "0" && $key != "themes_id")
+					{
+						$theme_data .= '$' . $template_name . "[$i]['$key'] = \"" . addslashes($val) . "\";\n";
+					}
+				}
+				$theme_data .= "\n";
+			}
+			
+			$theme_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!
+			
+			@umask(0111);
+
+			$fp = @fopen($phpbb_root_path . 'templates/' . basename($template_name) . '/theme_info.cfg', 'w');
+
+			if( !$fp )
+			{
+				//
+				// Unable to open the file writeable do something here as an attempt
+				// to get around that...
+				//
+				$s_hidden_fields = '<input type="hidden" name="theme_info" value="' . htmlspecialchars($theme_data) . '" />';
+				$s_hidden_fields .= '<input type="hidden" name="send_file" value="1" /><input type="hidden" name="mode" value="export" />';
+				
+				$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input class="mainoption" type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;
+
+				$template->set_filenames(array(
+					"body" => "message_body.tpl")
+				);
+
+				$template->assign_vars(array(
+					"MESSAGE_TITLE" => $lang['Export_themes'],
+					"MESSAGE_TEXT" => $lang['Download_theme_cfg'] . "<br /><br />" . $download_form)
+				);
+
+				$template->pparse('body');
+				exit();
+			}
+
+			$result = @fputs($fp, $theme_data, strlen($theme_data));
+			fclose($fp);
+			
+			$message = $lang['Theme_info_saved'] . "<br /><br />" . sprintf($lang['Click_return_styleadmin'], "<a href=\"" . append_sid("admin_styles.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+
+		}
+		else if($HTTP_POST_VARS['send_file'])
+		{
+			
+			header("Content-Type: text/x-delimtext; name=\"theme_info.cfg\"");
+			header("Content-disposition: attachment; filename=theme_info.cfg");
+
+			echo stripslashes($HTTP_POST_VARS['theme_info']);
+		}
+		else
+		{
+			$template->set_filenames(array(
+				"body" => "admin/styles_exporter.tpl")
+			);
+			
+			if( $dir = @opendir($phpbb_root_path . 'templates/') )
+			{	
+				$s_template_select = '<select name="export_template">';
+				while( $file = @readdir($dir) )
+				{	
+					if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' . $file)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$file)) && $file != "." && $file != ".." && $file != "CVS" )
+					{
+						$s_template_select .= '<option value="' . $file . '">' . $file . "</option>\n";
+					}
+				}
+				$s_template_select .= '</select>';
+			}
+			else
+			{
+				message_die(GENERAL_MESSAGE, $lang['No_template_dir']);
+			}
+			
+			$template->assign_vars(array(
+				"L_STYLE_EXPORTER" => $lang['Export_themes'],
+				"L_EXPORTER_EXPLAIN" => $lang['Export_explain'],
+				"L_TEMPLATE_SELECT" => $lang['Select_template'],
+				"L_SUBMIT" => $lang['Submit'], 
+
+				"S_EXPORTER_ACTION" => append_sid("admin_styles.$phpEx?mode=export"),
+				"S_TEMPLATE_SELECT" => $s_template_select)
+			);
+			
+			$template->pparse("body");
+			
+		}
+		break;
+
+	case "delete":
+		$style_id = ( isset($HTTP_GET_VARS['style_id']) ) ? intval($HTTP_GET_VARS['style_id']) : intval($HTTP_POST_VARS['style_id']);
+		
+		if( !$confirm )
+		{
+			if($style_id == $board_config['default_style'])
+			{
+				message_die(GENERAL_MESSAGE, $lang['Cannot_remove_style']);
+			}
+			
+			$hidden_fields = '<input type="hidden" name="mode" value="'.$mode.'" /><input type="hidden" name="style_id" value="'.$style_id.'" />';
+			
+			//
+			// Set template files
+			//
+			$template->set_filenames(array(
+				"confirm" => "confirm_body.tpl")
+			);
+
+			$template->assign_vars(array(
+				"MESSAGE_TITLE" => $lang['Confirm'],
+				"MESSAGE_TEXT" => $lang['Confirm_delete_style'],
+
+				"L_YES" => $lang['Yes'],
+				"L_NO" => $lang['No'],
+
+				"S_CONFIRM_ACTION" => append_sid("admin_styles.$phpEx"),
+				"S_HIDDEN_FIELDS" => $hidden_fields)
+			);
+
+			$template->pparse("confirm");
+
+		}
+		else
+		{
+			//
+			// The user has confirmed the delete. Remove the style, the style element
+			// names and update any users who might be using this style
+			//
+			$sql = "DELETE FROM " . THEMES_TABLE . " 
+				WHERE themes_id = $style_id";
+			if(!$result = $db->sql_query($sql, BEGIN_TRANSACTION))
+			{
+				message_die(GENERAL_ERROR, "Could not remove style data!", "", __LINE__, __FILE__, $sql);
+			}
+			
+			//
+			// There may not be any theme name data so don't throw an error
+			// if the SQL dosan't work
+			//
+			$sql = "DELETE FROM " . THEMES_NAME_TABLE . " 
+				WHERE themes_id = $style_id";
+			$db->sql_query($sql);
+
+			$sql = "UPDATE " . USERS_TABLE . " 
+				SET user_style = " . $board_config['default_style'] . " 
+				WHERE user_style = $style_id";
+			if(!$result = $db->sql_query($sql, END_TRANSACTION))
+			{
+				message_die(GENERAL_ERROR, "Could not update user style information", "", __LINE__, __FILE__, $sql);
+			}
+			
+			$message = $lang['Style_removed'] . "<br /><br />" . sprintf($lang['Click_return_styleadmin'], "<a href=\"" . append_sid("admin_styles.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+		}
+		break;
+
+	default:
+		
+		$sql = "SELECT themes_id, template_name, style_name 
+			FROM " . THEMES_TABLE . " 
+			ORDER BY template_name";
+		if(!$result = $db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, "Could not get style information!", "", __LINE__, __FILE__, $sql);
+		}
+		
+		$style_rowset = $db->sql_fetchrowset($result);
+		
+		$template->set_filenames(array(
+			"body" => "admin/styles_list_body.tpl")
+		);
+
+		$template->assign_vars(array(
+			"L_STYLES_TITLE" => $lang['Styles_admin'],
+			"L_STYLES_TEXT" => $lang['Styles_explain'],
+			"L_STYLE" => $lang['Style'],
+			"L_TEMPLATE" => $lang['Template'],
+			"L_EDIT" => $lang['Edit'],
+			"L_DELETE" => $lang['Delete'])
+		);
+					
+		for($i = 0; $i < count($style_rowset); $i++)
+		{
+			$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+			$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+
+			$template->assign_block_vars("styles", array(
+				"ROW_CLASS" => $row_class,
+				"ROW_COLOR" => $row_color,
+				"STYLE_NAME" => $style_rowset[$i]['style_name'],
+				"TEMPLATE_NAME" => $style_rowset[$i]['template_name'],
+
+				"U_STYLES_EDIT" => append_sid("admin_styles.$phpEx?mode=edit&amp;style_id=" . $style_rowset[$i]['themes_id']),
+				"U_STYLES_DELETE" => append_sid("admin_styles.$phpEx?mode=delete&amp;style_id=" . $style_rowset[$i]['themes_id']))
+			);
+		}
+		
+		$template->pparse("body");	
+		break;
+}
+
+if (empty($HTTP_POST_VARS['send_file']))
+{
+	include('./page_footer_admin.'.$phpEx);
+}
+
+?>

phpBB/admin/admin_ug_auth.php

@@ -0,0 +1,990 @@
+<?php
+/***************************************************************************
+ *                            admin_ug_auth.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['Users']['Permissions'] = $filename . "?mode=user";
+	$module['Groups']['Permissions'] = $filename . "?mode=group";
+
+	return;
+}
+
+//
+// Load default header
+//
+$no_page_header = TRUE;
+
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+$params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv');
+
+while( list($var, $param) = @each($params) )
+{
+	if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) )
+	{
+		$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];
+	}
+	else
+	{
+		$$var = "";
+	}
+}
+
+$user_id = intval($user_id);
+$group_id = intval($group_id);
+$adv = intval($adv);
+$mode = htmlspecialchars($mode);
+
+//
+// Start program - define vars
+//
+$forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
+
+$auth_field_match = array(
+	'auth_view' => AUTH_VIEW,
+	'auth_read' => AUTH_READ,
+	'auth_post' => AUTH_POST,
+	'auth_reply' => AUTH_REPLY,
+	'auth_edit' => AUTH_EDIT,
+	'auth_delete' => AUTH_DELETE,
+	'auth_sticky' => AUTH_STICKY,
+	'auth_announce' => AUTH_ANNOUNCE, 
+	'auth_vote' => AUTH_VOTE, 
+	'auth_pollcreate' => AUTH_POLLCREATE);
+
+$field_names = array(
+	'auth_view' => $lang['View'],
+	'auth_read' => $lang['Read'],
+	'auth_post' => $lang['Post'],
+	'auth_reply' => $lang['Reply'],
+	'auth_edit' => $lang['Edit'],
+	'auth_delete' => $lang['Delete'],
+	'auth_sticky' => $lang['Sticky'],
+	'auth_announce' => $lang['Announce'], 
+	'auth_vote' => $lang['Vote'], 
+	'auth_pollcreate' => $lang['Pollcreate']);
+
+// ---------------
+// Start Functions
+//
+function check_auth($type, $key, $u_access, $is_admin)
+{
+	$auth_user = 0;
+
+	if( count($u_access) )
+	{
+		for($j = 0; $j < count($u_access); $j++)
+		{
+			$result = 0;
+			switch($type)
+			{
+				case AUTH_ACL:
+					$result = $u_access[$j][$key];
+
+				case AUTH_MOD:
+					$result = $result || $u_access[$j]['auth_mod'];
+
+				case AUTH_ADMIN:
+					$result = $result || $is_admin;
+					break;
+			}
+
+			$auth_user = $auth_user || $result;
+		}
+	}
+	else
+	{
+		$auth_user = $is_admin;
+	}
+
+	return $auth_user;
+}
+//
+// End Functions
+// -------------
+
+if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || ( $mode == 'group' && $group_id ) ) )
+{
+	$user_level = '';
+	if ( $mode == 'user' )
+	{
+		//
+		// Get group_id for this user_id
+		//
+		$sql = "SELECT g.group_id, u.user_level
+			FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g
+			WHERE u.user_id = $user_id 
+				AND ug.user_id = u.user_id 
+				AND g.group_id = ug.group_id 
+				AND g.group_single_user = " . TRUE;
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql);
+		}
+
+		$row = $db->sql_fetchrow($result);
+
+		$group_id = $row['group_id'];
+		$user_level = $row['user_level'];
+
+		$db->sql_freeresult($result);
+	}
+
+	//
+	// Carry out requests
+	//
+	if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN )
+	{
+		//
+		// Make user an admin (if already user)
+		//
+		if ( $userdata['user_id'] != $user_id )
+		{
+			$sql = "UPDATE " . USERS_TABLE . "
+				SET user_level = " . ADMIN . "
+				WHERE user_id = $user_id";
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
+			}
+
+			$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
+				WHERE group_id = $group_id 
+					AND auth_mod = 0";
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql);
+			}
+
+			//
+			// Delete any entries in auth_access, they are not required if user is becoming an
+			// admin
+			//
+			$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
+				SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
+				WHERE group_id = $group_id"; 
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql);
+			}
+		}
+
+		$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
+		message_die(GENERAL_MESSAGE, $message);
+	}
+	else
+	{
+		if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN )
+		{
+			//
+			// Make admin a user (if already admin) ... ignore if you're trying
+			// to change yourself from an admin to user!
+			//
+			if ( $userdata['user_id'] != $user_id )
+			{
+				$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
+					SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
+					WHERE group_id = $group_id";
+				if ( !($result = $db->sql_query($sql)) )
+				{
+					message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql);
+				}
+
+				//
+				// Update users level, reset to USER
+				//
+				$sql = "UPDATE " . USERS_TABLE . "
+					SET user_level = " . USER . "
+					WHERE user_id = $user_id";
+				if ( !($result = $db->sql_query($sql)) )
+				{
+					message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
+				}
+			}
+
+			$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
+		}
+		else
+		{
+	
+			$change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : false;
+
+			if ( empty($adv) )
+			{
+				$change_acl_list = ( isset($HTTP_POST_VARS['private']) ) ? $HTTP_POST_VARS['private'] : false;
+			}
+			else
+			{
+				$change_acl_list = array();
+				for($j = 0; $j < count($forum_auth_fields); $j++)
+				{
+					$auth_field = $forum_auth_fields[$j];
+
+					while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) )
+					{
+						$change_acl_list[$forum_id][$auth_field] = $value;
+					}
+				}
+			}
+
+			$sql = "SELECT * 
+				FROM " . FORUMS_TABLE . " f
+				ORDER BY forum_order";
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
+			}
+
+			$forum_access = array();
+			while( $row = $db->sql_fetchrow($result) )
+			{
+				$forum_access[] = $row;
+			}
+			$db->sql_freeresult($result);
+
+			$sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
+			}
+
+			$auth_access = array();
+			while( $row = $db->sql_fetchrow($result) )
+			{
+				$auth_access[$row['forum_id']] = $row;
+			}
+			$db->sql_freeresult($result);
+
+			$forum_auth_action = array();
+			$update_acl_status = array();
+			$update_mod_status = array();
+
+			for($i = 0; $i < count($forum_access); $i++)
+			{
+				$forum_id = $forum_access[$i]['forum_id'];
+
+				if ( 
+					( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) || 
+					( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) ) 
+				)
+				{
+					$update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod'];
+
+					if ( !$update_mod_status[$forum_id] )
+					{
+						$forum_auth_action[$forum_id] = 'delete';
+					}
+					else if ( !isset($auth_access[$forum_id]['auth_mod']) )
+					{
+						$forum_auth_action[$forum_id] = 'insert';
+					}
+					else
+					{
+						$forum_auth_action[$forum_id] = 'update';
+					}
+				}
+
+				for($j = 0; $j < count($forum_auth_fields); $j++)
+				{
+					$auth_field = $forum_auth_fields[$j];
+
+					if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) )
+					{
+						if ( ( empty($auth_access[$forum_id]['auth_mod']) && 
+							( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) || 
+							( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) ||
+							!empty($update_mod_status[$forum_id])
+						)
+						{
+							$update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 :  $change_acl_list[$forum_id][$auth_field];
+
+							if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' )
+							{
+								$forum_auth_action[$forum_id] = 'delete';
+							}
+							else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) )
+							{
+								$forum_auth_action[$forum_id] = 'insert';
+							}
+							else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) ) 
+							{
+								$forum_auth_action[$forum_id] = 'update';
+							}
+						}
+						else if ( ( empty($auth_access[$forum_id]['auth_mod']) && 
+							( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' )
+						{
+							$forum_auth_action[$forum_id] = 'update';
+						}
+					}
+				}
+			}
+
+			//
+			// Checks complete, make updates to DB
+			//
+			$delete_sql = '';
+			while( list($forum_id, $action) = @each($forum_auth_action) )
+			{
+				if ( $action == 'delete' )
+				{
+					$delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id;
+				}
+				else
+				{
+					if ( $action == 'insert' )
+					{
+						$sql_field = '';
+						$sql_value = '';
+						while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
+						{
+							$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type;
+							$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value;
+						}
+						$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod';
+						$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
+
+						$sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field) 
+							VALUES ($forum_id, $group_id, $sql_value)";
+					}
+					else
+					{
+						$sql_values = '';
+						while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
+						{
+							$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value;
+						}
+						$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
+
+						$sql = "UPDATE " . AUTH_ACCESS_TABLE . " 
+							SET $sql_values 
+							WHERE group_id = $group_id 
+								AND forum_id = $forum_id";
+					}
+					if( !($result = $db->sql_query($sql)) )
+					{
+						message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql);
+					}
+				}
+			}
+
+			if ( $delete_sql != '' )
+			{
+				$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 
+					WHERE group_id = $group_id 
+						AND forum_id IN ($delete_sql)";
+				if( !($result = $db->sql_query($sql)) )
+				{
+					message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql);
+				}
+			}
+
+			$l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth'];
+			$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
+		}
+
+		//
+		// Update user level to mod for appropriate users
+		// 
+		$sql = "SELECT u.user_id 
+			FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u  
+			WHERE ug.group_id = aa.group_id 
+				AND u.user_id = ug.user_id 
+				AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") 
+			GROUP BY u.user_id 
+			HAVING SUM(aa.auth_mod) > 0";
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
+		}
+
+		$set_mod = '';
+		while( $row = $db->sql_fetchrow($result) )
+		{
+			$set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id'];
+		}
+		$db->sql_freeresult($result);
+
+		//
+		// Update user level to user for appropriate users
+		// 
+		switch ( SQL_LAYER )
+		{
+			case 'postgresql':
+				$sql = "SELECT u.user_id 
+					FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
+					WHERE ug.user_id = u.user_id 
+						AND aa.group_id = ug.group_id 
+						AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
+					GROUP BY u.user_id 
+					HAVING SUM(aa.auth_mod) = 0 
+					UNION (
+						SELECT u.user_id  
+						FROM " . USERS_TABLE . " u 
+						WHERE NOT EXISTS ( 
+							SELECT aa.auth_mod 
+							FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 
+							WHERE ug.user_id = u.user_id 
+								AND aa.group_id = ug.group_id
+						)
+						AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")  
+						GROUP BY u.user_id
+					)";
+				break;
+			case 'oracle':
+				$sql = "SELECT u.user_id 
+					FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 
+					WHERE ug.user_id = u.user_id(+)
+						AND aa.group_id = ug.group_id(+) 
+						AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
+					GROUP BY u.user_id 
+					HAVING SUM(aa.auth_mod) = 0";
+				break;
+			default:
+				$sql = "SELECT u.user_id 
+					FROM ( ( " . USERS_TABLE . " u  
+					LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id ) 
+					LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id ) 
+					WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ")
+					GROUP BY u.user_id 
+					HAVING SUM(aa.auth_mod) = 0";
+				break;
+		}
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
+		}
+
+		$unset_mod = "";
+		while( $row = $db->sql_fetchrow($result) )
+		{
+			$unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id'];
+		}
+		$db->sql_freeresult($result);
+
+		if ( $set_mod != '' )
+		{
+			$sql = "UPDATE " . USERS_TABLE . " 
+				SET user_level = " . MOD . " 
+				WHERE user_id IN ($set_mod)";
+			if( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
+			}
+		}
+
+		if ( $unset_mod != '' )
+		{
+			$sql = "UPDATE " . USERS_TABLE . " 
+				SET user_level = " . USER . " 
+				WHERE user_id IN ($unset_mod)";
+			if( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
+			}
+		}
+
+		$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
+			WHERE group_id = $group_id";
+		$result = $db->sql_query($sql);
+
+		$group_user = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$group_user[$row['user_id']] = $row['user_id'];
+		}
+		$db->sql_freeresult($result);
+
+		$sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod 
+			FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug 
+			WHERE ug.user_id IN (" . implode(', ', $group_user) . ") 
+				AND aa.group_id = ug.group_id 
+				AND aa.auth_mod = 1
+			GROUP BY ug.user_id";
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
+		}
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			if ($row['is_auth_mod'])
+			{
+				unset($group_user[$row['user_id']]);
+			}
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($group_user))
+		{
+			$sql = "UPDATE " . USERS_TABLE . " 
+				SET user_level = " . USER . " 
+				WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
+			}
+		}
+
+		message_die(GENERAL_MESSAGE, $message);
+	}
+}
+else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) )
+{
+	if ( isset($HTTP_POST_VARS['username']) )
+	{
+		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
+		if ( !is_array($this_userdata) )
+		{
+			message_die(GENERAL_MESSAGE, $lang['No_such_user']);
+		}
+		$user_id = $this_userdata['user_id'];
+	}
+
+	//
+	// Front end
+	//
+	$sql = "SELECT * 
+		FROM " . FORUMS_TABLE . " f
+		ORDER BY forum_order";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
+	}
+
+	$forum_access = array();
+	while( $row = $db->sql_fetchrow($result) )
+	{
+		$forum_access[] = $row;
+	}
+	$db->sql_freeresult($result);
+
+	if( empty($adv) )
+	{
+		for($i = 0; $i < count($forum_access); $i++)
+		{
+			$forum_id = $forum_access[$i]['forum_id'];
+
+			$forum_auth_level[$forum_id] = AUTH_ALL;
+
+			for($j = 0; $j < count($forum_auth_fields); $j++)
+			{
+				$forum_access[$i][$forum_auth_fields[$j]] . ' :: ';
+				if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL )
+				{
+					$forum_auth_level[$forum_id] = AUTH_ACL;
+					$forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j];
+				}
+			}
+		}
+	}
+
+	$sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
+	$sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql);
+	}
+	$ug_info = array();
+	while( $row = $db->sql_fetchrow($result) )
+	{
+		$ug_info[] = $row;
+	}
+	$db->sql_freeresult($result);
+
+	$sql = ( $mode == 'user' ) ? "SELECT aa.*, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
+	}
+
+	$auth_access = array();
+	$auth_access_count = array();
+	while( $row = $db->sql_fetchrow($result) )
+	{
+		$auth_access[$row['forum_id']][] = $row; 
+		$auth_access_count[$row['forum_id']]++;
+	}
+	$db->sql_freeresult($result);
+
+	$is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0;
+
+	for($i = 0; $i < count($forum_access); $i++)
+	{
+		$forum_id = $forum_access[$i]['forum_id'];
+
+		unset($prev_acl_setting);
+		for($j = 0; $j < count($forum_auth_fields); $j++)
+		{
+			$key = $forum_auth_fields[$j];
+			$value = $forum_access[$i][$key];
+
+			switch( $value )
+			{
+				case AUTH_ALL:
+				case AUTH_REG:
+					$auth_ug[$forum_id][$key] = 1;
+					break;
+
+				case AUTH_ACL:
+					$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0;
+					$auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key];
+
+					if ( isset($prev_acl_setting) )
+					{
+						if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) )
+						{
+							$adv = 1;
+						}
+					}
+
+					$prev_acl_setting = $auth_ug[$forum_id][$key];
+
+					break;
+
+				case AUTH_MOD:
+					$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0;
+					break;
+
+				case AUTH_ADMIN:
+					$auth_ug[$forum_id][$key] = $is_admin;
+					break;
+
+				default:
+					$auth_ug[$forum_id][$key] = 0;
+					break;
+			}
+		}
+
+		//
+		// Is user a moderator?
+		//
+		$auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0;
+	}
+	
+	$i = 0;
+	@reset($auth_ug);
+	while( list($forum_id, $user_ary) = @each($auth_ug) )
+	{
+		if ( empty($adv) )
+		{
+			if ( $forum_auth_level[$forum_id] == AUTH_ACL )
+			{
+				$allowed = 1;
+
+				for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++)
+				{
+					if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] )
+					{
+						$allowed = 0;
+					}
+				}
+
+				$optionlist_acl = '<select name="private[' . $forum_id . ']">';
+
+				if ( $is_admin || $user_ary['auth_mod'] )
+				{
+					$optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>';
+				}
+				else if ( $allowed )
+				{
+					$optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>';
+				}
+				else
+				{
+					$optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>';
+				}
+
+				$optionlist_acl .= '</select>';
+			}
+			else
+			{
+				$optionlist_acl = '&nbsp;';
+			}
+		}
+		else
+		{
+			for($j = 0; $j < count($forum_access); $j++)
+			{
+				if ( $forum_access[$j]['forum_id'] == $forum_id )
+				{
+					for($k = 0; $k < count($forum_auth_fields); $k++)
+					{
+						$field_name = $forum_auth_fields[$k];
+
+						if( $forum_access[$j][$field_name] == AUTH_ACL )
+						{
+							$optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">';
+
+							if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) )
+							{
+								if( !$auth_field_acl[$forum_id][$field_name] )
+								{
+									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
+								}
+								else
+								{
+									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>';
+								}
+							}
+							else
+							{
+								if( $is_admin || $user_ary['auth_mod'] )
+								{
+									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>';
+								}
+								else
+								{
+									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
+								}
+							}
+
+							$optionlist_acl_adv[$forum_id][$k] .= '</select>';
+
+						}
+					}
+				}
+			}
+		}
+
+		$optionlist_mod = '<select name="moderator[' . $forum_id . ']">';
+		$optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>';
+		$optionlist_mod .= '</select>';
+
+		$row_class = ( !( $i % 2 ) ) ? 'row2' : 'row1';
+		$row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2'];
+
+		$template->assign_block_vars('forums', array(
+			'ROW_COLOR' => '#' . $row_color,
+			'ROW_CLASS' => $row_class,
+			'FORUM_NAME' => $forum_access[$i]['forum_name'],
+
+			'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
+
+			'S_MOD_SELECT' => $optionlist_mod)
+		);
+
+		if( !$adv )
+		{
+			$template->assign_block_vars('forums.aclvalues', array(
+				'S_ACL_SELECT' => $optionlist_acl)
+			);
+		}
+		else
+		{
+			for($j = 0; $j < count($forum_auth_fields); $j++)
+			{
+				$template->assign_block_vars('forums.aclvalues', array(
+					'S_ACL_SELECT' => $optionlist_acl_adv[$forum_id][$j])
+				);
+			}
+		}
+
+		$i++;
+	}
+	@reset($auth_user);
+	
+	if ( $mode == 'user' )
+	{
+		$t_username = $ug_info[0]['username'];
+		$s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>';
+	}
+	else
+	{
+		$t_groupname = $ug_info[0]['group_name'];
+	}
+
+	$name = array();
+	$id = array();
+	for($i = 0; $i < count($ug_info); $i++)
+	{
+		if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) || $mode == 'group' )
+		{
+			$name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] :  $ug_info[$i]['username'];
+			$id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']);
+		}
+	}
+
+	if( count($name) )
+	{
+		$t_usergroup_list = '';
+		for($i = 0; $i < count($ug_info); $i++)
+		{
+			$ug = ( $mode == 'user' ) ? 'group&amp;' . POST_GROUPS_URL : 'user&amp;' . POST_USERS_URL;
+
+			$t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
+		}
+	}
+	else
+	{
+		$t_usergroup_list = $lang['None'];
+	}
+
+	$s_column_span = 2; // Two columns always present
+	if( !$adv )
+	{
+		$template->assign_block_vars('acltype', array(
+			'L_UG_ACL_TYPE' => $lang['Simple_Permission'])
+		);
+		$s_column_span++;
+	}
+	else
+	{
+		for($i = 0; $i < count($forum_auth_fields); $i++)
+		{
+			$cell_title = $field_names[$forum_auth_fields[$i]];
+
+			$template->assign_block_vars('acltype', array(
+				'L_UG_ACL_TYPE' => $cell_title)
+			);
+			$s_column_span++;
+		}
+	}
+
+	//
+	// Dump in the page header ...
+	//
+	include('./page_header_admin.'.$phpEx);
+
+	$template->set_filenames(array(
+		"body" => 'admin/auth_ug_body.tpl')
+	);
+
+	$adv_switch = ( empty($adv) ) ? 1 : 0;
+	$u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id;
+	$switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&amp;" . $u_ug_switch . "&amp;adv=$adv_switch");
+	$switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
+	$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
+
+	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />';
+	$s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
+
+	if ( $mode == 'user' )
+	{
+		$template->assign_block_vars('switch_user_auth', array());
+
+		$template->assign_vars(array(
+			'USERNAME' => $t_username,
+			'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type,
+			'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list)
+		);
+	}
+	else
+	{
+		$template->assign_block_vars("switch_group_auth", array());
+
+		$template->assign_vars(array(
+			'USERNAME' => $t_groupname,
+			'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list)
+		);
+	}
+
+	$template->assign_vars(array(
+		'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'],
+
+		'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
+		'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
+		'L_MODERATOR_STATUS' => $lang['Moderator_status'],
+		'L_PERMISSIONS' => $lang['Permissions'],
+		'L_SUBMIT' => $lang['Submit'],
+		'L_RESET' => $lang['Reset'], 
+		'L_FORUM' => $lang['Forum'], 
+
+		'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"),
+		'U_SWITCH_MODE' => $u_switch_mode,
+
+		'S_COLUMN_SPAN' => $s_column_span,
+		'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"), 
+		'S_HIDDEN_FIELDS' => $s_hidden_fields)
+	);
+}
+else
+{
+	//
+	// Select a user/group
+	//
+	include('./page_header_admin.'.$phpEx);
+
+	$template->set_filenames(array(
+		'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl')
+	);
+
+	if ( $mode == 'user' )
+	{
+		$template->assign_vars(array(
+			'L_FIND_USERNAME' => $lang['Find_username'],
+
+			'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"))
+		);
+	}
+	else
+	{
+		$sql = "SELECT group_id, group_name
+			FROM " . GROUPS_TABLE . "
+			WHERE group_single_user <> " . TRUE;
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql);
+		}
+
+		if ( $row = $db->sql_fetchrow($result) )
+		{
+			$select_list = '<select name="' . POST_GROUPS_URL . '">';
+			do
+			{
+				$select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+			}
+			while ( $row = $db->sql_fetchrow($result) );
+			$select_list .= '</select>';
+		}
+
+		$template->assign_vars(array(
+			'S_AUTH_SELECT' => $select_list)
+		);
+	}
+
+	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
+
+	$l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH';
+
+	$template->assign_vars(array(
+		'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
+		'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
+		'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'],
+		'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'],
+
+		'S_HIDDEN_FIELDS' => $s_hidden_fields, 
+		'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx"))
+	);
+
+}
+
+$template->pparse('body');
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_user_ban.php

@@ -0,0 +1,452 @@
+<?php
+/***************************************************************************
+ *                            admin_user_ban.php
+ *                            -------------------
+ *   begin                : Tuesday, Jul 31, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if ( !empty($setmodules) )
+{
+	$filename = basename(__FILE__);
+	$module['Users']['Ban_Management'] = $filename;
+
+	return;
+}
+
+//
+// Load default header
+//
+$phpbb_root_path = './../';
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+//
+// Start program
+//
+if ( isset($HTTP_POST_VARS['submit']) )
+{
+	$user_bansql = '';
+	$email_bansql = '';
+	$ip_bansql = '';
+
+	$user_list = array();
+	if ( !empty($HTTP_POST_VARS['username']) )
+	{
+		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
+		if( !$this_userdata )
+		{
+			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
+		}
+
+		$user_list[] = $this_userdata['user_id'];
+	}
+
+	$ip_list = array();
+	if ( isset($HTTP_POST_VARS['ban_ip']) )
+	{
+		$ip_list_temp = explode(',', $HTTP_POST_VARS['ban_ip']);
+
+		for($i = 0; $i < count($ip_list_temp); $i++)
+		{
+			if ( preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', trim($ip_list_temp[$i]), $ip_range_explode) )
+			{
+				//
+				// Don't ask about all this, just don't ask ... !
+				//
+				$ip_1_counter = $ip_range_explode[1];
+				$ip_1_end = $ip_range_explode[5];
+
+				while ( $ip_1_counter <= $ip_1_end )
+				{
+					$ip_2_counter = ( $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[2] : 0;
+					$ip_2_end = ( $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[6];
+
+					if ( $ip_2_counter == 0 && $ip_2_end == 254 )
+					{
+						$ip_2_counter = 255;
+						$ip_2_fragment = 255;
+
+						$ip_list[] = encode_ip("$ip_1_counter.255.255.255");
+					}
+
+					while ( $ip_2_counter <= $ip_2_end )
+					{
+						$ip_3_counter = ( $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[3] : 0;
+						$ip_3_end = ( $ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end ) ? 254 : $ip_range_explode[7];
+
+						if ( $ip_3_counter == 0 && $ip_3_end == 254 )
+						{
+							$ip_3_counter = 255;
+							$ip_3_fragment = 255;
+
+							$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.255.255");
+						}
+
+						while ( $ip_3_counter <= $ip_3_end )
+						{
+							$ip_4_counter = ( $ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1] ) ? $ip_range_explode[4] : 0;
+							$ip_4_end = ( $ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end ) ? 254 : $ip_range_explode[8];
+
+							if ( $ip_4_counter == 0 && $ip_4_end == 254 )
+							{
+								$ip_4_counter = 255;
+								$ip_4_fragment = 255;
+
+								$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.255");
+							}
+
+							while ( $ip_4_counter <= $ip_4_end )
+							{
+								$ip_list[] = encode_ip("$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter");
+								$ip_4_counter++;
+							}
+							$ip_3_counter++;
+						}
+						$ip_2_counter++;
+					}
+					$ip_1_counter++;
+				}
+			}
+			else if ( preg_match('/^([\w\-_]\.?){2,}$/is', trim($ip_list_temp[$i])) )
+			{
+				$ip = gethostbynamel(trim($ip_list_temp[$i]));
+
+				for($j = 0; $j < count($ip); $j++)
+				{
+					if ( !empty($ip[$j]) )
+					{
+						$ip_list[] = encode_ip($ip[$j]);
+					}
+				}
+			}
+			else if ( preg_match('/^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$/', trim($ip_list_temp[$i])) )
+			{
+				$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
+			}
+		}
+	}
+
+	$email_list = array();
+	if ( isset($HTTP_POST_VARS['ban_email']) )
+	{
+		$email_list_temp = explode(',', $HTTP_POST_VARS['ban_email']);
+
+		for($i = 0; $i < count($email_list_temp); $i++)
+		{
+			//
+			// This ereg match is based on one by php@unreelpro.com
+			// contained in the annotated php manual at php.com (ereg
+			// section)
+			//
+			if (preg_match('#^(([a-z0-9&.-_+])|(\*))+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$#is', trim($email_list_temp[$i])))
+			{
+				$email_list[] = trim($email_list_temp[$i]);
+			}
+		}
+	}
+
+	$sql = "SELECT *
+		FROM " . BANLIST_TABLE;
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain banlist information", "", __LINE__, __FILE__, $sql);
+	}
+
+	$current_banlist = $db->sql_fetchrowset($result);
+	$db->sql_freeresult($result);
+
+	$kill_session_sql = '';
+	for($i = 0; $i < count($user_list); $i++)
+	{
+		$in_banlist = false;
+		for($j = 0; $j < count($current_banlist); $j++)
+		{
+			if ( $user_list[$i] == $current_banlist[$j]['ban_userid'] )
+			{
+				$in_banlist = true;
+			}
+		}
+
+		if ( !$in_banlist )
+		{
+			$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . "session_user_id = " . $user_list[$i];
+
+			$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_userid)
+				VALUES (" . $user_list[$i] . ")";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't insert ban_userid info into database", "", __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	for($i = 0; $i < count($ip_list); $i++)
+	{
+		$in_banlist = false;
+		for($j = 0; $j < count($current_banlist); $j++)
+		{
+			if ( $ip_list[$i] == $current_banlist[$j]['ban_ip'] )
+			{
+				$in_banlist = true;
+			}
+		}
+
+		if ( !$in_banlist )
+		{
+			if ( preg_match('/(ff\.)|(\.ff)/is', chunk_split($ip_list[$i], 2, '.')) )
+			{
+				$kill_ip_sql = "session_ip LIKE '" . str_replace('.', '', preg_replace('/(ff\.)|(\.ff)/is', '%', chunk_split($ip_list[$i], 2, "."))) . "'";
+			}
+			else
+			{
+				$kill_ip_sql = "session_ip = '" . $ip_list[$i] . "'";
+			}
+
+			$kill_session_sql .= ( ( $kill_session_sql != '' ) ? ' OR ' : '' ) . $kill_ip_sql;
+
+			$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip)
+				VALUES ('" . $ip_list[$i] . "')";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	//
+	// Now we'll delete all entries from the session table with any of the banned
+	// user or IP info just entered into the ban table ... this will force a session
+	// initialisation resulting in an instant ban
+	//
+	if ( $kill_session_sql != '' )
+	{
+		$sql = "DELETE FROM " . SESSIONS_TABLE . "
+			WHERE $kill_session_sql";
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql);
+		}
+	}
+
+	for($i = 0; $i < count($email_list); $i++)
+	{
+		$in_banlist = false;
+		for($j = 0; $j < count($current_banlist); $j++)
+		{
+			if ( $email_list[$i] == $current_banlist[$j]['ban_email'] )
+			{
+				$in_banlist = true;
+			}
+		}
+
+		if ( !$in_banlist )
+		{
+			$sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email)
+				VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	$where_sql = '';
+
+	if ( isset($HTTP_POST_VARS['unban_user']) )
+	{
+		$user_list = $HTTP_POST_VARS['unban_user'];
+
+		for($i = 0; $i < count($user_list); $i++)
+		{
+			if ( $user_list[$i] != -1 )
+			{
+				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
+			}
+		}
+	}
+
+	if ( isset($HTTP_POST_VARS['unban_ip']) )
+	{
+		$ip_list = $HTTP_POST_VARS['unban_ip'];
+
+		for($i = 0; $i < count($ip_list); $i++)
+		{
+			if ( $ip_list[$i] != -1 )
+			{
+				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
+			}
+		}
+	}
+
+	if ( isset($HTTP_POST_VARS['unban_email']) )
+	{
+		$email_list = $HTTP_POST_VARS['unban_email'];
+
+		for($i = 0; $i < count($email_list); $i++)
+		{
+			if ( $email_list[$i] != -1 )
+			{
+				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
+			}
+		}
+	}
+
+	if ( $where_sql != '' )
+	{
+		$sql = "DELETE FROM " . BANLIST_TABLE . "
+			WHERE ban_id IN ($where_sql)";
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql);
+		}
+	}
+
+	$message = $lang['Ban_update_sucessful'] . '<br /><br />' . sprintf($lang['Click_return_banadmin'], '<a href="' . append_sid("admin_user_ban.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
+
+	message_die(GENERAL_MESSAGE, $message);
+
+}
+else
+{
+	$template->set_filenames(array(
+		'body' => 'admin/user_ban_body.tpl')
+	);
+
+	$template->assign_vars(array(
+		'L_BAN_TITLE' => $lang['Ban_control'],
+		'L_BAN_EXPLAIN' => $lang['Ban_explain'],
+		'L_BAN_EXPLAIN_WARN' => $lang['Ban_explain_warn'],
+		'L_IP_OR_HOSTNAME' => $lang['IP_hostname'],
+		'L_EMAIL_ADDRESS' => $lang['Email_address'],
+		'L_SUBMIT' => $lang['Submit'],
+		'L_RESET' => $lang['Reset'],
+
+		'S_BANLIST_ACTION' => append_sid("admin_user_ban.$phpEx"))
+	);
+
+	$template->assign_vars(array(
+		'L_BAN_USER' => $lang['Ban_username'],
+		'L_BAN_USER_EXPLAIN' => $lang['Ban_username_explain'],
+		'L_BAN_IP' => $lang['Ban_IP'],
+		'L_BAN_IP_EXPLAIN' => $lang['Ban_IP_explain'],
+		'L_BAN_EMAIL' => $lang['Ban_email'],
+		'L_BAN_EMAIL_EXPLAIN' => $lang['Ban_email_explain'])
+	);
+
+	$userban_count = 0;
+	$ipban_count = 0;
+	$emailban_count = 0;
+
+	$sql = "SELECT b.ban_id, u.user_id, u.username
+		FROM " . BANLIST_TABLE . " b, " . USERS_TABLE . " u
+		WHERE u.user_id = b.ban_userid
+			AND b.ban_userid <> 0
+			AND u.user_id <> " . ANONYMOUS . "
+		ORDER BY u.user_id ASC";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not select current user_id ban list', '', __LINE__, __FILE__, $sql);
+	}
+
+	$user_list = $db->sql_fetchrowset($result);
+	$db->sql_freeresult($result);
+
+	$select_userlist = '';
+	for($i = 0; $i < count($user_list); $i++)
+	{
+		$select_userlist .= '<option value="' . $user_list[$i]['ban_id'] . '">' . $user_list[$i]['username'] . '</option>';
+		$userban_count++;
+	}
+
+	if( $select_userlist == '' )
+	{
+		$select_userlist = '<option value="-1">' . $lang['No_banned_users'] . '</option>';
+	}
+
+	$select_userlist = '<select name="unban_user[]" multiple="multiple" size="5">' . $select_userlist . '</select>';
+
+	$sql = "SELECT ban_id, ban_ip, ban_email
+		FROM " . BANLIST_TABLE;
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not select current ip ban list', '', __LINE__, __FILE__, $sql);
+	}
+
+	$banlist = $db->sql_fetchrowset($result);
+	$db->sql_freeresult($result);
+
+	$select_iplist = '';
+	$select_emaillist = '';
+
+	for($i = 0; $i < count($banlist); $i++)
+	{
+		$ban_id = $banlist[$i]['ban_id'];
+
+		if ( !empty($banlist[$i]['ban_ip']) )
+		{
+			$ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));
+			$select_iplist .= '<option value="' . $ban_id . '">' . $ban_ip . '</option>';
+			$ipban_count++;
+		}
+		else if ( !empty($banlist[$i]['ban_email']) )
+		{
+			$ban_email = $banlist[$i]['ban_email'];
+			$select_emaillist .= '<option value="' . $ban_id . '">' . $ban_email . '</option>';
+			$emailban_count++;
+		}
+	}
+
+	if ( $select_iplist == '' )
+	{
+		$select_iplist = '<option value="-1">' . $lang['No_banned_ip'] . '</option>';
+	}
+
+	if ( $select_emaillist == '' )  
+	{
+		$select_emaillist = '<option value="-1">' . $lang['No_banned_email'] . '</option>';
+	}
+
+	$select_iplist = '<select name="unban_ip[]" multiple="multiple" size="5">' . $select_iplist . '</select>';
+	$select_emaillist = '<select name="unban_email[]" multiple="multiple" size="5">' . $select_emaillist . '</select>';
+
+	$template->assign_vars(array(
+		'L_UNBAN_USER' => $lang['Unban_username'],
+		'L_UNBAN_USER_EXPLAIN' => $lang['Unban_username_explain'],
+		'L_UNBAN_IP' => $lang['Unban_IP'],
+		'L_UNBAN_IP_EXPLAIN' => $lang['Unban_IP_explain'],
+		'L_UNBAN_EMAIL' => $lang['Unban_email'],
+		'L_UNBAN_EMAIL_EXPLAIN' => $lang['Unban_email_explain'], 
+		'L_USERNAME' => $lang['Username'], 
+		'L_LOOK_UP' => $lang['Look_up_User'],
+		'L_FIND_USERNAME' => $lang['Find_username'],
+
+		'U_SEARCH_USER' => append_sid("./../search.$phpEx?mode=searchuser"), 
+		'S_UNBAN_USERLIST_SELECT' => $select_userlist,
+		'S_UNBAN_IPLIST_SELECT' => $select_iplist,
+		'S_UNBAN_EMAILLIST_SELECT' => $select_emaillist,
+		'S_BAN_ACTION' => append_sid("admin_user_ban.$phpEx"))
+	);
+}
+
+$template->pparse('body');
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/admin_words.php

@@ -0,0 +1,237 @@
+<?php
+/***************************************************************************
+ *                              admin_words.php
+ *                            -------------------
+ *   begin                : Thursday, Jul 12, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', 1);
+
+if( !empty($setmodules) )
+{
+	$file = basename(__FILE__);
+	$module['General']['Word_Censor'] = "$file";
+	return;
+}
+
+//
+// Load default header
+//
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
+
+if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+{
+	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
+	$mode = htmlspecialchars($mode);
+}
+else 
+{
+	//
+	// These could be entered via a form button
+	//
+	if( isset($HTTP_POST_VARS['add']) )
+	{
+		$mode = "add";
+	}
+	else if( isset($HTTP_POST_VARS['save']) )
+	{
+		$mode = "save";
+	}
+	else
+	{
+		$mode = "";
+	}
+}
+
+if( $mode != "" )
+{
+	if( $mode == "edit" || $mode == "add" )
+	{
+		$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
+
+		$template->set_filenames(array(
+			"body" => "admin/words_edit_body.tpl")
+		);
+
+		$s_hidden_fields = '';
+
+		if( $mode == "edit" )
+		{
+			if( $word_id )
+			{
+				$sql = "SELECT * 
+					FROM " . WORDS_TABLE . " 
+					WHERE word_id = $word_id";
+				if(!$result = $db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, "Could not query words table", "Error", __LINE__, __FILE__, $sql);
+				}
+
+				$word_info = $db->sql_fetchrow($result);
+				$s_hidden_fields .= '<input type="hidden" name="id" value="' . $word_id . '" />';
+			}
+			else
+			{
+				message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
+			}
+		}
+
+		$template->assign_vars(array(
+			"WORD" => $word_info['word'],
+			"REPLACEMENT" => $word_info['replacement'],
+
+			"L_WORDS_TITLE" => $lang['Words_title'],
+			"L_WORDS_TEXT" => $lang['Words_explain'],
+			"L_WORD_CENSOR" => $lang['Edit_word_censor'],
+			"L_WORD" => $lang['Word'],
+			"L_REPLACEMENT" => $lang['Replacement'],
+			"L_SUBMIT" => $lang['Submit'],
+
+			"S_WORDS_ACTION" => append_sid("admin_words.$phpEx"),
+			"S_HIDDEN_FIELDS" => $s_hidden_fields)
+		);
+
+		$template->pparse("body");
+
+		include('./page_footer_admin.'.$phpEx);
+	}
+	else if( $mode == "save" )
+	{
+		$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
+		$word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : "";
+		$replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : "";
+
+		if($word == "" || $replacement == "")
+		{
+			message_die(GENERAL_MESSAGE, $lang['Must_enter_word']);
+		}
+
+		if( $word_id )
+		{
+			$sql = "UPDATE " . WORDS_TABLE . " 
+				SET word = '" . str_replace("\'", "''", $word) . "', replacement = '" . str_replace("\'", "''", $replacement) . "' 
+				WHERE word_id = $word_id";
+			$message = $lang['Word_updated'];
+		}
+		else
+		{
+			$sql = "INSERT INTO " . WORDS_TABLE . " (word, replacement) 
+				VALUES ('" . str_replace("\'", "''", $word) . "', '" . str_replace("\'", "''", $replacement) . "')";
+			$message = $lang['Word_added'];
+		}
+
+		if(!$result = $db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, "Could not insert data into words table", $lang['Error'], __LINE__, __FILE__, $sql);
+		}
+
+		$message .= "<br /><br />" . sprintf($lang['Click_return_wordadmin'], "<a href=\"" . append_sid("admin_words.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+		message_die(GENERAL_MESSAGE, $message);
+	}
+	else if( $mode == "delete" )
+	{
+		if( isset($HTTP_POST_VARS['id']) ||  isset($HTTP_GET_VARS['id']) )
+		{
+			$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+			$word_id = intval($word_id);
+		}
+		else
+		{
+			$word_id = 0;
+		}
+
+		if( $word_id )
+		{
+			$sql = "DELETE FROM " . WORDS_TABLE . " 
+				WHERE word_id = $word_id";
+
+			if(!$result = $db->sql_query($sql))
+			{
+				message_die(GENERAL_ERROR, "Could not remove data from words table", $lang['Error'], __LINE__, __FILE__, $sql);
+			}
+
+			$message = $lang['Word_removed'] . "<br /><br />" . sprintf($lang['Click_return_wordadmin'], "<a href=\"" . append_sid("admin_words.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
+
+			message_die(GENERAL_MESSAGE, $message);
+		}
+		else
+		{
+			message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
+		}
+	}
+}
+else
+{
+	$template->set_filenames(array(
+		"body" => "admin/words_list_body.tpl")
+	);
+
+	$sql = "SELECT * 
+		FROM " . WORDS_TABLE . " 
+		ORDER BY word";
+	if( !$result = $db->sql_query($sql) )
+	{
+		message_die(GENERAL_ERROR, "Could not query words table", $lang['Error'], __LINE__, __FILE__, $sql);
+	}
+
+	$word_rows = $db->sql_fetchrowset($result);
+	$word_count = count($word_rows);
+
+	$template->assign_vars(array(
+		"L_WORDS_TITLE" => $lang['Words_title'],
+		"L_WORDS_TEXT" => $lang['Words_explain'],
+		"L_WORD" => $lang['Word'],
+		"L_REPLACEMENT" => $lang['Replacement'],
+		"L_EDIT" => $lang['Edit'],
+		"L_DELETE" => $lang['Delete'],
+		"L_ADD_WORD" => $lang['Add_new_word'],
+		"L_ACTION" => $lang['Action'],
+
+		"S_WORDS_ACTION" => append_sid("admin_words.$phpEx"),
+		"S_HIDDEN_FIELDS" => '')
+	);
+
+	for($i = 0; $i < $word_count; $i++)
+	{
+		$word = $word_rows[$i]['word'];
+		$replacement = $word_rows[$i]['replacement'];
+		$word_id = $word_rows[$i]['word_id'];
+
+		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+
+		$template->assign_block_vars("words", array(
+			"ROW_COLOR" => "#" . $row_color,
+			"ROW_CLASS" => $row_class,
+			"WORD" => $word,
+			"REPLACEMENT" => $replacement,
+
+			"U_WORD_EDIT" => append_sid("admin_words.$phpEx?mode=edit&amp;id=$word_id"),
+			"U_WORD_DELETE" => append_sid("admin_words.$phpEx?mode=delete&amp;id=$word_id"))
+		);
+	}
+}
+
+$template->pparse("body");
+
+include('./page_footer_admin.'.$phpEx);
+
+?>

phpBB/admin/index.php

@@ -1,27 +1,657 @@
 <?php
-/***************************************************************************  
- *                                 
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$                                                           
- *                                                            
- * 
- ***************************************************************************/ 
+/***************************************************************************
+ *                             (admin) index.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
 
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
 
-/***************************************************************************  
- *                                                     
- *   This program is free software; you can redistribute it and/or modify    
- *   it under the terms of the GNU General Public License as published by   
- *   the Free Software Foundation; either version 2 of the License, or  
- *   (at your option) any later version.                      
- *                                                          
- * 
- ***************************************************************************/ 
+define('IN_PHPBB', 1);
 
+//
+// Load default header
+//
+$no_page_header = TRUE;
+$phpbb_root_path = "./../";
+require($phpbb_root_path . 'extension.inc');
+require('./pagestart.' . $phpEx);
 
+// ---------------
+// Begin functions
+//
+function inarray($needle, $haystack)
+{ 
+	for($i = 0; $i < sizeof($haystack); $i++ )
+	{ 
+		if( $haystack[$i] == $needle )
+		{ 
+			return true; 
+		} 
+	} 
+	return false; 
+}
+//
+// End functions
+// -------------
 
-?>
+//
+// Generate relevant output
+//
+if( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'left' )
+{
+	$dir = @opendir(".");
+
+	$setmodules = 1;
+	while( $file = @readdir($dir) )
+	{
+		if( preg_match("/^admin_.*?\." . $phpEx . "$/", $file) )
+		{
+			include($file);
+		}
+	}
+
+	@closedir($dir);
+
+	unset($setmodules);
+
+	include('./page_header_admin.'.$phpEx);
+
+	$template->set_filenames(array(
+		"body" => "admin/index_navigate.tpl")
+	);
+
+	$template->assign_vars(array(
+		"U_FORUM_INDEX" => append_sid("../index.$phpEx"),
+		"U_ADMIN_INDEX" => append_sid("index.$phpEx?pane=right"),
+
+		"L_FORUM_INDEX" => $lang['Main_index'],
+		"L_ADMIN_INDEX" => $lang['Admin_Index'], 
+		"L_PREVIEW_FORUM" => $lang['Preview_forum'])
+	);
+
+	ksort($module);
+
+	while( list($cat, $action_array) = each($module) )
+	{
+		$cat = ( !empty($lang[$cat]) ) ? $lang[$cat] : preg_replace("/_/", " ", $cat);
+
+		$template->assign_block_vars("catrow", array(
+			"ADMIN_CATEGORY" => $cat)
+		);
+
+		ksort($action_array);
+
+		$row_count = 0;
+		while( list($action, $file)	= each($action_array) )
+		{
+			$row_color = ( !($row_count%2) ) ? $theme['td_color1'] : $theme['td_color2'];
+			$row_class = ( !($row_count%2) ) ? $theme['td_class1'] : $theme['td_class2'];
+
+			$action = ( !empty($lang[$action]) ) ? $lang[$action] : preg_replace("/_/", " ", $action);
+
+			$template->assign_block_vars("catrow.modulerow", array(
+				"ROW_COLOR" => "#" . $row_color,
+				"ROW_CLASS" => $row_class, 
+
+				"ADMIN_MODULE" => $action,
+				"U_ADMIN_MODULE" => append_sid($file))
+			);
+			$row_count++;
+		}
+	}
+
+	$template->pparse("body");
+
+	include('./page_footer_admin.'.$phpEx);
+}
+elseif( isset($HTTP_GET_VARS['pane']) && $HTTP_GET_VARS['pane'] == 'right' )
+{
+
+	include('./page_header_admin.'.$phpEx);
+
+	$template->set_filenames(array(
+		"body" => "admin/index_body.tpl")
+	);
+
+	$template->assign_vars(array(
+		"L_WELCOME" => $lang['Welcome_phpBB'],
+		"L_ADMIN_INTRO" => $lang['Admin_intro'],
+		"L_FORUM_STATS" => $lang['Forum_stats'],
+		"L_WHO_IS_ONLINE" => $lang['Who_is_Online'],
+		"L_USERNAME" => $lang['Username'],
+		"L_LOCATION" => $lang['Location'],
+		"L_LAST_UPDATE" => $lang['Last_updated'],
+		"L_IP_ADDRESS" => $lang['IP_Address'],
+		"L_STATISTIC" => $lang['Statistic'],
+		"L_VALUE" => $lang['Value'],
+		"L_NUMBER_POSTS" => $lang['Number_posts'],
+		"L_POSTS_PER_DAY" => $lang['Posts_per_day'],
+		"L_NUMBER_TOPICS" => $lang['Number_topics'],
+		"L_TOPICS_PER_DAY" => $lang['Topics_per_day'],
+		"L_NUMBER_USERS" => $lang['Number_users'],
+		"L_USERS_PER_DAY" => $lang['Users_per_day'],
+		"L_BOARD_STARTED" => $lang['Board_started'],
+		"L_AVATAR_DIR_SIZE" => $lang['Avatar_dir_size'],
+		"L_DB_SIZE" => $lang['Database_size'], 
+		"L_FORUM_LOCATION" => $lang['Forum_Location'],
+		"L_STARTED" => $lang['Login'],
+		"L_GZIP_COMPRESSION" => $lang['Gzip_compression'])
+	);
+
+	//
+	// Get forum statistics
+	//
+	$total_posts = get_db_stat('postcount');
+	$total_users = get_db_stat('usercount');
+	$total_topics = get_db_stat('topiccount');
+
+	$start_date = create_date($board_config['default_dateformat'], $board_config['board_startdate'], $board_config['board_timezone']);
+
+	$boarddays = ( time() - $board_config['board_startdate'] ) / 86400;
+
+	$posts_per_day = sprintf("%.2f", $total_posts / $boarddays);
+	$topics_per_day = sprintf("%.2f", $total_topics / $boarddays);
+	$users_per_day = sprintf("%.2f", $total_users / $boarddays);
+
+	$avatar_dir_size = 0;
+
+	if ($avatar_dir = @opendir($phpbb_root_path . $board_config['avatar_path']))
+	{
+		while( $file = @readdir($avatar_dir) )
+		{
+			if( $file != "." && $file != ".." )
+			{
+				$avatar_dir_size += @filesize($phpbb_root_path . $board_config['avatar_path'] . "/" . $file);
+			}
+		}
+		@closedir($avatar_dir);
+
+		//
+		// This bit of code translates the avatar directory size into human readable format
+		// Borrowed the code from the PHP.net annoted manual, origanally written by:
+		// Jesse (jesse@jess.on.ca)
+		//
+		if($avatar_dir_size >= 1048576)
+		{
+			$avatar_dir_size = round($avatar_dir_size / 1048576 * 100) / 100 . " MB";
+		}
+		else if($avatar_dir_size >= 1024)
+		{
+			$avatar_dir_size = round($avatar_dir_size / 1024 * 100) / 100 . " KB";
+		}
+		else
+		{
+			$avatar_dir_size = $avatar_dir_size . " Bytes";
+		}
+
+	}
+	else
+	{
+		// Couldn't open Avatar dir.
+		$avatar_dir_size = $lang['Not_available'];
+	}
+
+	if($posts_per_day > $total_posts)
+	{
+		$posts_per_day = $total_posts;
+	}
+
+	if($topics_per_day > $total_topics)
+	{
+		$topics_per_day = $total_topics;
+	}
+
+	if($users_per_day > $total_users)
+	{
+		$users_per_day = $total_users;
+	}
+
+	//
+	// DB size ... MySQL only
+	//
+	// This code is heavily influenced by a similar routine
+	// in phpMyAdmin 2.2.0
+	//
+	if( preg_match("/^mysql/", SQL_LAYER) )
+	{
+		$sql = "SELECT VERSION() AS mysql_version";
+		if($result = $db->sql_query($sql))
+		{
+			$row = $db->sql_fetchrow($result);
+			$version = $row['mysql_version'];
+
+			if( preg_match("/^(3\.23|4\.)/", $version) )
+			{
+				$db_name = ( preg_match("/^(3\.23\.[6-9])|(3\.23\.[1-9][1-9])|(4\.)/", $version) ) ? "`$dbname`" : $dbname;
+
+				$sql = "SHOW TABLE STATUS 
+					FROM " . $db_name;
+				if($result = $db->sql_query($sql))
+				{
+					$tabledata_ary = $db->sql_fetchrowset($result);
+
+					$dbsize = 0;
+					for($i = 0; $i < count($tabledata_ary); $i++)
+					{
+						if( $tabledata_ary[$i]['Type'] != "MRG_MyISAM" )
+						{
+							if( $table_prefix != "" )
+							{
+								if( strstr($tabledata_ary[$i]['Name'], $table_prefix) )
+								{
+									$dbsize += $tabledata_ary[$i]['Data_length'] + $tabledata_ary[$i]['Index_length'];
+								}
+							}
+							else
+							{
+								$dbsize += $tabledata_ary[$i]['Data_length'] + $tabledata_ary[$i]['Index_length'];
+							}
+						}
+					}
+				} // Else we couldn't get the table status.
+			}
+			else
+			{
+				$dbsize = $lang['Not_available'];
+			}
+		}
+		else
+		{
+			$dbsize = $lang['Not_available'];
+		}
+	}
+	else if( preg_match("/^mssql/", SQL_LAYER) )
+	{
+		$sql = "SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize 
+			FROM sysfiles"; 
+		if( $result = $db->sql_query($sql) )
+		{
+			$dbsize = ( $row = $db->sql_fetchrow($result) ) ? intval($row['dbsize']) : $lang['Not_available'];
+		}
+		else
+		{
+			$dbsize = $lang['Not_available'];
+		}
+	}
+	else
+	{
+		$dbsize = $lang['Not_available'];
+	}
+
+	if ( is_integer($dbsize) )
+	{
+		if( $dbsize >= 1048576 )
+		{
+			$dbsize = sprintf("%.2f MB", ( $dbsize / 1048576 ));
+		}
+		else if( $dbsize >= 1024 )
+		{
+			$dbsize = sprintf("%.2f KB", ( $dbsize / 1024 ));
+		}
+		else
+		{
+			$dbsize = sprintf("%.2f Bytes", $dbsize);
+		}
+	}
+
+	$template->assign_vars(array(
+		"NUMBER_OF_POSTS" => $total_posts,
+		"NUMBER_OF_TOPICS" => $total_topics,
+		"NUMBER_OF_USERS" => $total_users,
+		"START_DATE" => $start_date,
+		"POSTS_PER_DAY" => $posts_per_day,
+		"TOPICS_PER_DAY" => $topics_per_day,
+		"USERS_PER_DAY" => $users_per_day,
+		"AVATAR_DIR_SIZE" => $avatar_dir_size,
+		"DB_SIZE" => $dbsize, 
+		"GZIP_COMPRESSION" => ( $board_config['gzip_compress'] ) ? $lang['ON'] : $lang['OFF'])
+	);
+	//
+	// End forum statistics
+	//
+
+	//
+	// Get users online information.
+	//
+	$sql = "SELECT u.user_id, u.username, u.user_session_time, u.user_session_page, s.session_logged_in, s.session_ip, s.session_start 
+		FROM " . USERS_TABLE . " u, " . SESSIONS_TABLE . " s
+		WHERE s.session_logged_in = " . TRUE . " 
+			AND u.user_id = s.session_user_id 
+			AND u.user_id <> " . ANONYMOUS . " 
+			AND s.session_time >= " . ( time() - 300 ) . " 
+		ORDER BY u.user_session_time DESC";
+	if(!$result = $db->sql_query($sql))
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain regd user/online information.", "", __LINE__, __FILE__, $sql);
+	}
+	$onlinerow_reg = $db->sql_fetchrowset($result);
+
+	$sql = "SELECT session_page, session_logged_in, session_time, session_ip, session_start   
+		FROM " . SESSIONS_TABLE . "
+		WHERE session_logged_in = 0
+			AND session_time >= " . ( time() - 300 ) . "
+		ORDER BY session_time DESC";
+	if(!$result = $db->sql_query($sql))
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain guest user/online information.", "", __LINE__, __FILE__, $sql);
+	}
+	$onlinerow_guest = $db->sql_fetchrowset($result);
+
+	$sql = "SELECT forum_name, forum_id
+		FROM " . FORUMS_TABLE;
+	if($forums_result = $db->sql_query($sql))
+	{
+		while($forumsrow = $db->sql_fetchrow($forums_result))
+		{
+			$forum_data[$forumsrow['forum_id']] = $forumsrow['forum_name'];
+		}
+	}
+	else
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain user/online forums information.", "", __LINE__, __FILE__, $sql);
+	}
+
+	$reg_userid_ary = array();
+
+	if( count($onlinerow_reg) )
+	{
+		$registered_users = 0;
+
+		for($i = 0; $i < count($onlinerow_reg); $i++)
+		{
+			if( !inarray($onlinerow_reg[$i]['user_id'], $reg_userid_ary) )
+			{
+				$reg_userid_ary[] = $onlinerow_reg[$i]['user_id'];
+
+				$username = $onlinerow_reg[$i]['username'];
+
+				if( $onlinerow_reg[$i]['user_allow_viewonline'] || $userdata['user_level'] == ADMIN )
+				{
+					$registered_users++;
+					$hidden = FALSE;
+				}
+				else
+				{
+					$hidden_users++;
+					$hidden = TRUE;
+				}
+
+				if( $onlinerow_reg[$i]['user_session_page'] < 1 )
+				{
+					switch($onlinerow_reg[$i]['user_session_page'])
+					{
+						case PAGE_INDEX:
+							$location = $lang['Forum_index'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_POSTING:
+							$location = $lang['Posting_message'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_LOGIN:
+							$location = $lang['Logging_on'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_SEARCH:
+							$location = $lang['Searching_forums'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_PROFILE:
+							$location = $lang['Viewing_profile'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_VIEWONLINE:
+							$location = $lang['Viewing_online'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_VIEWMEMBERS:
+							$location = $lang['Viewing_member_list'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_PRIVMSGS:
+							$location = $lang['Viewing_priv_msgs'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						case PAGE_FAQ:
+							$location = $lang['Viewing_FAQ'];
+							$location_url = "index.$phpEx?pane=right";
+							break;
+						default:
+							$location = $lang['Forum_index'];
+							$location_url = "index.$phpEx?pane=right";
+					}
+				}
+				else
+				{
+					$location_url = append_sid("admin_forums.$phpEx?mode=editforum&amp;" . POST_FORUM_URL . "=" . $onlinerow_reg[$i]['user_session_page']);
+					$location = $forum_data[$onlinerow_reg[$i]['user_session_page']];
+				}
+
+				$row_color = ( $registered_users % 2 ) ? $theme['td_color1'] : $theme['td_color2'];
+				$row_class = ( $registered_users % 2 ) ? $theme['td_class1'] : $theme['td_class2'];
+
+				$reg_ip = decode_ip($onlinerow_reg[$i]['session_ip']);
+
+				$template->assign_block_vars("reg_user_row", array(
+					"ROW_COLOR" => "#" . $row_color,
+					"ROW_CLASS" => $row_class,
+					"USERNAME" => $username, 
+					"STARTED" => create_date($board_config['default_dateformat'], $onlinerow_reg[$i]['session_start'], $board_config['board_timezone']), 
+					"LASTUPDATE" => create_date($board_config['default_dateformat'], $onlinerow_reg[$i]['user_session_time'], $board_config['board_timezone']),
+					"FORUM_LOCATION" => $location,
+					"IP_ADDRESS" => $reg_ip, 
+
+					"U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$reg_ip", 
+					"U_USER_PROFILE" => append_sid("admin_users.$phpEx?mode=edit&amp;" . POST_USERS_URL . "=" . $onlinerow_reg[$i]['user_id']),
+					"U_FORUM_LOCATION" => append_sid($location_url))
+				);
+			}
+		}
+
+	}
+	else
+	{
+		$template->assign_vars(array(
+			"L_NO_REGISTERED_USERS_BROWSING" => $lang['No_users_browsing'])
+		);
+	}
+
+	//
+	// Guest users
+	//
+	if( count($onlinerow_guest) )
+	{
+		$guest_users = 0;
+
+		for($i = 0; $i < count($onlinerow_guest); $i++)
+		{
+			$guest_userip_ary[] = $onlinerow_guest[$i]['session_ip'];
+			$guest_users++;
+
+			if( $onlinerow_guest[$i]['session_page'] < 1 )
+			{
+				switch( $onlinerow_guest[$i]['session_page'] )
+				{
+					case PAGE_INDEX:
+						$location = $lang['Forum_index'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_POSTING:
+						$location = $lang['Posting_message'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_LOGIN:
+						$location = $lang['Logging_on'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_SEARCH:
+						$location = $lang['Searching_forums'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_PROFILE:
+						$location = $lang['Viewing_profile'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_VIEWONLINE:
+						$location = $lang['Viewing_online'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_VIEWMEMBERS:
+						$location = $lang['Viewing_member_list'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_PRIVMSGS:
+						$location = $lang['Viewing_priv_msgs'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					case PAGE_FAQ:
+						$location = $lang['Viewing_FAQ'];
+						$location_url = "index.$phpEx?pane=right";
+						break;
+					default:
+						$location = $lang['Forum_index'];
+						$location_url = "index.$phpEx?pane=right";
+				}
+			}
+			else
+			{
+				$location_url = append_sid("admin_forums.$phpEx?mode=editforum&amp;" . POST_FORUM_URL . "=" . $onlinerow_guest[$i]['session_page']);
+				$location = $forum_data[$onlinerow_guest[$i]['session_page']];
+			}
+
+			$row_color = ( $guest_users % 2 ) ? $theme['td_color1'] : $theme['td_color2'];
+			$row_class = ( $guest_users % 2 ) ? $theme['td_class1'] : $theme['td_class2'];
+
+			$guest_ip = decode_ip($onlinerow_guest[$i]['session_ip']);
+
+			$template->assign_block_vars("guest_user_row", array(
+				"ROW_COLOR" => "#" . $row_color,
+				"ROW_CLASS" => $row_class,
+				"USERNAME" => $lang['Guest'],
+				"STARTED" => create_date($board_config['default_dateformat'], $onlinerow_guest[$i]['session_start'], $board_config['board_timezone']), 
+				"LASTUPDATE" => create_date($board_config['default_dateformat'], $onlinerow_guest[$i]['session_time'], $board_config['board_timezone']),
+				"FORUM_LOCATION" => $location,
+				"IP_ADDRESS" => $guest_ip, 
+
+				"U_WHOIS_IP" => "http://network-tools.com/default.asp?host=$guest_ip", 
+				"U_FORUM_LOCATION" => append_sid($location_url))
+			);
+		}
+
+	}
+	else
+	{
+		$template->assign_vars(array(
+			"L_NO_GUESTS_BROWSING" => $lang['No_users_browsing'])
+		);
+	}
+
+	// Check for new version
+	$current_version = explode('.', '2' . $board_config['version']);
+	$minor_revision = (int) $current_version[2];
+
+	$errno = 0;
+	$errstr = $version_info = '';
+
+	if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr))
+	{
+		@fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n");
+		@fputs($fsock, "HOST: www.phpbb.com\r\n");
+		@fputs($fsock, "Connection: close\r\n\r\n");
+
+		$get_info = false;
+		while (!@feof($fsock))
+		{
+			if ($get_info)
+			{
+				$version_info .= @fread($fsock, 1024);
+			}
+			else
+			{
+				if (@fgets($fsock, 1024) == "\r\n")
+				{
+					$get_info = true;
+				}
+			}
+		}
+		@fclose($fsock);
+
+		$version_info = explode("\n", $version_info);
+		$latest_head_revision = (int) $version_info[0];
+		$latest_minor_revision = (int) $version_info[2];
+		$latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2];
+
+		if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision)
+		{
+			$version_info = '<p style="color:green">' . $lang['Version_up_to_date'] . '</p>';
+		}
+		else
+		{
+			$version_info = '<p style="color:red">' . $lang['Version_not_up_to_date'];
+			$version_info .= '<br />' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '</p>';
+		}
+	}
+	else
+	{
+		if ($errstr)
+		{
+			$version_info = '<p style="color:red">' . sprintf($lang['Connect_socket_error'], $errstr) . '</p>';
+		}
+		else
+		{
+			$version_info = '<p>' . $lang['Socket_functions_disabled'] . '</p>';
+		}
+	}
+	
+	$version_info .= '<p>' . $lang['Mailing_list_subscribe_reminder'] . '</p>';
+	
+
+	$template->assign_vars(array(
+		'VERSION_INFO'	=> $version_info,
+		'L_VERSION_INFORMATION'	=> $lang['Version_information'])
+	);
+
+	$template->pparse("body");
+
+	include('./page_footer_admin.'.$phpEx);
+
+}
+else
+{
+	//
+	// Generate frameset
+	//
+	$template->set_filenames(array(
+		"body" => "admin/index_frameset.tpl")
+	);
+
+	$template->assign_vars(array(
+		"S_FRAME_NAV" => append_sid("index.$phpEx?pane=left"),
+		"S_FRAME_MAIN" => append_sid("index.$phpEx?pane=right"))
+	);
+
+	header ("Expires: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
+	header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+
+	$template->pparse("body");
+
+	$db->sql_close();
+	exit;
+
+}
+
+?>

phpBB/admin/page_footer_admin.php

@@ -0,0 +1,73 @@
+<?php
+/***************************************************************************
+ *                           page_footer_admin.php
+ *                            -------------------
+ *   begin                : Saturday, Jul 14, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
+//
+// Show the overall footer.
+//
+$template->set_filenames(array(
+	'page_footer' => 'admin/page_footer.tpl')
+);
+
+$template->assign_vars(array(
+	'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', 
+	'TRANSLATION_INFO' => $lang['TRANSLATION_INFO'])
+);
+
+$template->pparse('page_footer');
+
+//
+// Close our DB connection.
+//
+$db->sql_close();
+
+//
+// Compress buffered output if required
+// and send to browser
+//
+if( $do_gzip_compress )
+{
+	//
+	// Borrowed from php.net!
+	//
+	$gzip_contents = ob_get_contents();
+	ob_end_clean();
+
+	$gzip_size = strlen($gzip_contents);
+	$gzip_crc = crc32($gzip_contents);
+
+	$gzip_contents = gzcompress($gzip_contents, 9);
+	$gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
+
+	echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
+	echo $gzip_contents;
+	echo pack('V', $gzip_crc);
+	echo pack('V', $gzip_size);
+}
+
+exit;
+
+?>

phpBB/admin/page_header_admin.php

@@ -0,0 +1,138 @@
+<?php
+/***************************************************************************
+ *                           page_header_admin.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
+define('HEADER_INC', true);
+
+//
+// gzip_compression
+//
+$do_gzip_compress = FALSE;
+if ( $board_config['gzip_compress'] )
+{
+	$phpver = phpversion();
+
+	$useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT');
+
+	if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) )
+	{
+		if ( extension_loaded('zlib') )
+		{
+			ob_start('ob_gzhandler');
+		}
+	}
+	else if ( $phpver > '4.0' )
+	{
+		if ( strstr($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip') )
+		{
+			if ( extension_loaded('zlib') )
+			{
+				$do_gzip_compress = TRUE;
+				ob_start();
+				ob_implicit_flush(0);
+
+				header('Content-Encoding: gzip');
+			}
+		}
+	}
+}
+
+$template->set_filenames(array(
+	'header' => 'admin/page_header.tpl')
+);
+
+// Format Timezone. We are unable to use array_pop here, because of PHP3 compatibility
+$l_timezone = explode('.', $board_config['board_timezone']);
+$l_timezone = (count($l_timezone) > 1 && $l_timezone[count($l_timezone)-1] != 0) ? $lang[sprintf('%.1f', $board_config['board_timezone'])] : $lang[number_format($board_config['board_timezone'])];
+
+//
+// The following assigns all _common_ variables that may be used at any point
+// in a template. Note that all URL's should be wrapped in append_sid, as
+// should all S_x_ACTIONS for forms.
+//
+$template->assign_vars(array(
+	'SITENAME' => $board_config['sitename'],
+	'PAGE_TITLE' => $page_title,
+
+	'L_ADMIN' => $lang['Admin'], 
+	'L_INDEX' => sprintf($lang['Forum_Index'], $board_config['sitename']),
+	'L_FAQ' => $lang['FAQ'],
+
+	'U_INDEX' => append_sid('../index.'.$phpEx),
+
+	'S_TIMEZONE' => sprintf($lang['All_times'], $l_timezone),
+	'S_LOGIN_ACTION' => append_sid('../login.'.$phpEx),
+	'S_JUMPBOX_ACTION' => append_sid('../viewforum.'.$phpEx),
+	'S_CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), 
+	'S_CONTENT_DIRECTION' => $lang['DIRECTION'], 
+	'S_CONTENT_ENCODING' => $lang['ENCODING'], 
+	'S_CONTENT_DIR_LEFT' => $lang['LEFT'], 
+	'S_CONTENT_DIR_RIGHT' => $lang['RIGHT'], 
+
+	'T_HEAD_STYLESHEET' => $theme['head_stylesheet'],
+	'T_BODY_BACKGROUND' => $theme['body_background'],
+	'T_BODY_BGCOLOR' => '#'.$theme['body_bgcolor'],
+	'T_BODY_TEXT' => '#'.$theme['body_text'],
+	'T_BODY_LINK' => '#'.$theme['body_link'],
+	'T_BODY_VLINK' => '#'.$theme['body_vlink'],
+	'T_BODY_ALINK' => '#'.$theme['body_alink'],
+	'T_BODY_HLINK' => '#'.$theme['body_hlink'],
+	'T_TR_COLOR1' => '#'.$theme['tr_color1'],
+	'T_TR_COLOR2' => '#'.$theme['tr_color2'],
+	'T_TR_COLOR3' => '#'.$theme['tr_color3'],
+	'T_TR_CLASS1' => $theme['tr_class1'],
+	'T_TR_CLASS2' => $theme['tr_class2'],
+	'T_TR_CLASS3' => $theme['tr_class3'],
+	'T_TH_COLOR1' => '#'.$theme['th_color1'],
+	'T_TH_COLOR2' => '#'.$theme['th_color2'],
+	'T_TH_COLOR3' => '#'.$theme['th_color3'],
+	'T_TH_CLASS1' => $theme['th_class1'],
+	'T_TH_CLASS2' => $theme['th_class2'],
+	'T_TH_CLASS3' => $theme['th_class3'],
+	'T_TD_COLOR1' => '#'.$theme['td_color1'],
+	'T_TD_COLOR2' => '#'.$theme['td_color2'],
+	'T_TD_COLOR3' => '#'.$theme['td_color3'],
+	'T_TD_CLASS1' => $theme['td_class1'],
+	'T_TD_CLASS2' => $theme['td_class2'],
+	'T_TD_CLASS3' => $theme['td_class3'],
+	'T_FONTFACE1' => $theme['fontface1'],
+	'T_FONTFACE2' => $theme['fontface2'],
+	'T_FONTFACE3' => $theme['fontface3'],
+	'T_FONTSIZE1' => $theme['fontsize1'],
+	'T_FONTSIZE2' => $theme['fontsize2'],
+	'T_FONTSIZE3' => $theme['fontsize3'],
+	'T_FONTCOLOR1' => '#'.$theme['fontcolor1'],
+	'T_FONTCOLOR2' => '#'.$theme['fontcolor2'],
+	'T_FONTCOLOR3' => '#'.$theme['fontcolor3'],
+	'T_SPAN_CLASS1' => $theme['span_class1'],
+	'T_SPAN_CLASS2' => $theme['span_class2'],
+	'T_SPAN_CLASS3' => $theme['span_class3'])
+);
+
+
+$template->pparse('header');
+
+?>

phpBB/admin/pagestart.php

@@ -0,0 +1,74 @@
+<?php
+/***************************************************************************
+ *                               pagestart.php
+ *                            -------------------
+ *   begin                : Thursday, Aug 2, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if (!defined('IN_PHPBB'))
+{
+	die("Hacking attempt");
+}
+
+define('IN_ADMIN', true);
+// Include files
+include($phpbb_root_path . 'common.'.$phpEx);
+
+//
+// Start session management
+//
+$userdata = session_pagestart($user_ip, PAGE_INDEX);
+init_userprefs($userdata);
+//
+// End session management
+//
+
+if (!$userdata['session_logged_in'])
+{
+	redirect(append_sid("login.$phpEx?redirect=admin/", true));
+}
+else if ($userdata['user_level'] != ADMIN)
+{
+	message_die(GENERAL_MESSAGE, $lang['Not_admin']);
+}
+
+if ($HTTP_GET_VARS['sid'] != $userdata['session_id'])
+{
+	$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
+	$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
+	$url = str_replace('//', '/', $url);
+	$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
+	$url = preg_replace('/\?$/', '', $url);
+	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
+
+	redirect("index.$phpEx?sid=" . $userdata['session_id']);
+}
+
+if (!$userdata['session_admin'])
+{
+	redirect(append_sid("login.$phpEx?redirect=admin/&admin=1", true));
+}
+
+if (empty($no_page_header))
+{
+	// Not including the pageheader can be neccesarry if META tags are
+	// needed in the calling script.
+	include('./page_header_admin.'.$phpEx);
+}
+
+?>

phpBB/common.php

@@ -0,0 +1,240 @@
+<?php
+/***************************************************************************
+ *                                common.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 23, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
+//
+error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
+set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
+
+// The following code (unsetting globals) was contributed by Matt Kavanagh
+
+// PHP5 with register_long_arrays off?
+if (!isset($HTTP_POST_VARS) && isset($_POST))
+{
+	$HTTP_POST_VARS = $_POST;
+	$HTTP_GET_VARS = $_GET;
+	$HTTP_SERVER_VARS = $_SERVER;
+	$HTTP_COOKIE_VARS = $_COOKIE;
+	$HTTP_ENV_VARS = $_ENV;
+	$HTTP_POST_FILES = $_FILES;
+
+	// _SESSION is the only superglobal which is conditionally set
+	if (isset($_SESSION))
+	{
+		$HTTP_SESSION_VARS = $_SESSION;
+	}
+}
+
+if (@phpversion() < '4.0.0')
+{
+	// PHP3 path; in PHP3, globals are _always_ registered
+	
+	// We 'flip' the array of variables to test like this so that
+	// we can validate later with isset($test[$var]) (no in_array())
+	$test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL);
+
+	// Loop through each input array
+	@reset($test);
+	while (list($input,) = @each($test))
+	{
+		while (list($var,) = @each($$input))
+		{
+			// Validate the variable to be unset
+			if (!isset($test[$var]) && $var != 'test' && $var != 'input')
+			{
+				unset($$var);
+			}
+		}
+	}
+}
+else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
+{
+	// PHP4+ path
+	$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
+
+	// Not only will array_merge give a warning if a parameter
+	// is not an array, it will actually fail. So we check if
+	// HTTP_SESSION_VARS has been initialised.
+	if (!isset($HTTP_SESSION_VARS))
+	{
+		$HTTP_SESSION_VARS = array();
+	}
+
+	// Merge all into one extremely huge array; unset
+	// this later
+	$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
+
+	unset($input['input']);
+	unset($input['not_unset']);
+
+	while (list($var,) = @each($input))
+	{
+		if (!in_array($var, $not_unset))
+		{
+			unset($$var);
+		}
+	}
+   
+	unset($input);
+}
+
+//
+// addslashes to vars if magic_quotes_gpc is off
+// this is a security precaution to prevent someone
+// trying to break out of a SQL statement.
+//
+if( !get_magic_quotes_gpc() )
+{
+	if( is_array($HTTP_GET_VARS) )
+	{
+		while( list($k, $v) = each($HTTP_GET_VARS) )
+		{
+			if( is_array($HTTP_GET_VARS[$k]) )
+			{
+				while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) )
+				{
+					$HTTP_GET_VARS[$k][$k2] = addslashes($v2);
+				}
+				@reset($HTTP_GET_VARS[$k]);
+			}
+			else
+			{
+				$HTTP_GET_VARS[$k] = addslashes($v);
+			}
+		}
+		@reset($HTTP_GET_VARS);
+	}
+
+	if( is_array($HTTP_POST_VARS) )
+	{
+		while( list($k, $v) = each($HTTP_POST_VARS) )
+		{
+			if( is_array($HTTP_POST_VARS[$k]) )
+			{
+				while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) )
+				{
+					$HTTP_POST_VARS[$k][$k2] = addslashes($v2);
+				}
+				@reset($HTTP_POST_VARS[$k]);
+			}
+			else
+			{
+				$HTTP_POST_VARS[$k] = addslashes($v);
+			}
+		}
+		@reset($HTTP_POST_VARS);
+	}
+
+	if( is_array($HTTP_COOKIE_VARS) )
+	{
+		while( list($k, $v) = each($HTTP_COOKIE_VARS) )
+		{
+			if( is_array($HTTP_COOKIE_VARS[$k]) )
+			{
+				while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) )
+				{
+					$HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2);
+				}
+				@reset($HTTP_COOKIE_VARS[$k]);
+			}
+			else
+			{
+				$HTTP_COOKIE_VARS[$k] = addslashes($v);
+			}
+		}
+		@reset($HTTP_COOKIE_VARS);
+	}
+}
+
+//
+// Define some basic configuration arrays this also prevents
+// malicious rewriting of language and otherarray values via
+// URI params
+//
+$board_config = array();
+$userdata = array();
+$theme = array();
+$images = array();
+$lang = array();
+$nav_links = array();
+$gen_simple_header = FALSE;
+
+include($phpbb_root_path . 'config.'.$phpEx);
+
+if( !defined("PHPBB_INSTALLED") )
+{
+	header("Location: install/install.$phpEx");
+	exit;
+}
+
+include($phpbb_root_path . 'includes/constants.'.$phpEx);
+include($phpbb_root_path . 'includes/template.'.$phpEx);
+include($phpbb_root_path . 'includes/sessions.'.$phpEx);
+include($phpbb_root_path . 'includes/auth.'.$phpEx);
+include($phpbb_root_path . 'includes/functions.'.$phpEx);
+include($phpbb_root_path . 'includes/db.'.$phpEx);
+
+//
+// Obtain and encode users IP
+//
+// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
+// private range IP's appearing instead of the guilty routable IP, tough, don't
+// even bother complaining ... go scream and shout at the idiots out there who feel
+// "clever" is doing harm rather than good ... karma is a great thing ... :)
+//
+$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );
+$user_ip = encode_ip($client_ip);
+
+//
+// Setup forum wide options, if this fails
+// then we output a CRITICAL_ERROR since
+// basic forum information is not available
+//
+$sql = "SELECT *
+	FROM " . CONFIG_TABLE;
+if( !($result = $db->sql_query($sql)) )
+{
+	message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
+}
+
+while ( $row = $db->sql_fetchrow($result) )
+{
+	$board_config[$row['config_name']] = $row['config_value'];
+}
+
+if (file_exists('install') || file_exists('contrib'))
+{
+	message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
+}
+
+//
+// Show 'Board is disabled' message if needed.
+//
+if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") )
+{
+	message_die(GENERAL_MESSAGE, 'Board_disable', 'Information');
+}
+
+?>

phpBB/config.php

@@ -1,27 +0,0 @@
-<?php
-/***************************************************************************  
- *                                 
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$                                                           
- *                                                            
- * 
- ***************************************************************************/ 
-
-
-/***************************************************************************  
- *                                                     
- *   This program is free software; you can redistribute it and/or modify    
- *   it under the terms of the GNU General Public License as published by   
- *   the Free Software Foundation; either version 2 of the License, or  
- *   (at your option) any later version.                      
- *                                                          
- * 
- ***************************************************************************/ 
-
-
-
-?>

phpBB/db.php

@@ -1,27 +0,0 @@
-<?php
-/***************************************************************************  
- *                                 
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$                                                           
- *                                                            
- * 
- ***************************************************************************/ 
-
-
-/***************************************************************************  
- *                                                     
- *   This program is free software; you can redistribute it and/or modify    
- *   it under the terms of the GNU General Public License as published by   
- *   the Free Software Foundation; either version 2 of the License, or  
- *   (at your option) any later version.                      
- *                                                          
- * 
- ***************************************************************************/ 
-
-
-
-?>

phpBB/db/db2.php

@@ -0,0 +1,421 @@
+<?php
+/***************************************************************************
+ *                                 db2.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if(!defined("SQL_LAYER"))
+{
+
+define("SQL_LAYER","db2");
+
+class sql_db
+{
+
+	var $db_connect_id;
+	var $query_result;
+	var $query_resultset;
+	var $query_numrows;
+	var $next_id;
+	var $row = array();
+	var $rowset = array();
+	var $row_index;
+	var $num_queries = 0;
+
+	//
+	// Constructor
+	//
+	function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	{
+		$this->persistency = $persistency;
+		$this->user = $sqluser;
+		$this->password = $sqlpassword;
+		$this->dbname = $database;
+
+		$this->server = $sqlserver;
+
+		if($this->persistency)
+		{
+			$this->db_connect_id = odbc_pconnect($this->server, "", "");
+		}
+		else
+		{
+			$this->db_connect_id = odbc_connect($this->server, "", "");
+		}
+
+		if($this->db_connect_id)
+		{
+			@odbc_autocommit($this->db_connect_id, off);
+
+			return $this->db_connect_id;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if($this->db_connect_id)
+		{
+			if($this->query_result)
+			{
+				@odbc_free_result($this->query_result);
+			}
+			$result = @odbc_close($this->db_connect_id);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+
+	//
+	// Query method
+	//
+	function sql_query($query = "", $transaction = FALSE)
+	{
+		//
+		// Remove any pre-existing queries
+		//
+		unset($this->query_result);
+		unset($this->row);
+		if($query != "")
+		{
+			$this->num_queries++;
+
+			if(!eregi("^INSERT ",$query))
+			{
+				if(eregi("LIMIT", $query))
+				{
+					preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits);
+
+					$query = $limits[1];
+					if($limits[3])
+					{
+						$row_offset = $limits[2];
+						$num_rows = $limits[3];
+					}
+					else
+					{
+						$row_offset = 0;
+						$num_rows = $limits[2];
+					}
+
+					$query .= " FETCH FIRST ".($row_offset+$num_rows)." ROWS ONLY OPTIMIZE FOR ".($row_offset+$num_rows)." ROWS";
+
+					$this->query_result = odbc_exec($this->db_connect_id, $query);
+
+					$query_limit_offset = $row_offset;
+					$this->result_numrows[$this->query_result] = $num_rows;
+				}
+				else
+				{
+					$this->query_result = odbc_exec($this->db_connect_id, $query);
+
+					$row_offset = 0;
+					$this->result_numrows[$this->query_result] = 5E6;
+				}
+
+				$result_id = $this->query_result;
+				if($this->query_result && eregi("^SELECT", $query))
+				{
+
+					for($i = 1; $i < odbc_num_fields($result_id)+1; $i++)
+					{
+						$this->result_field_names[$result_id][] = odbc_field_name($result_id, $i);
+					}
+
+					$i =  $row_offset + 1;
+					$k = 0;
+					while(odbc_fetch_row($result_id, $i) && $k < $this->result_numrows[$result_id])
+					{
+
+						for($j = 1; $j < count($this->result_field_names[$result_id])+1; $j++)
+						{
+							$this->result_rowset[$result_id][$k][$this->result_field_names[$result_id][$j-1]] = odbc_result($result_id, $j);
+						}
+						$i++;
+						$k++;
+					}
+
+					$this->result_numrows[$result_id] = $k;
+					$this->row_index[$result_id] = 0;
+				}
+				else
+				{
+					$this->result_numrows[$result_id] = @odbc_num_rows($result_id);
+					$this->row_index[$result_id] = 0;
+				}
+			}
+			else
+			{
+				if(eregi("^(INSERT|UPDATE) ", $query))
+				{
+					$query = preg_replace("/\\\'/s", "''", $query);
+				}
+
+				$this->query_result = odbc_exec($this->db_connect_id, $query);
+
+				if($this->query_result)
+				{
+					$sql_id = "VALUES(IDENTITY_VAL_LOCAL())";
+
+					$id_result = odbc_exec($this->db_connect_id, $sql_id);
+					if($id_result)
+					{
+						$row_result = odbc_fetch_row($id_result);
+						if($row_result)
+						{
+							$this->next_id[$this->query_result] = odbc_result($id_result, 1);
+						}
+					}
+				}
+
+				odbc_commit($this->db_connect_id);
+
+				$this->query_limit_offset[$this->query_result] = 0;
+				$this->result_numrows[$this->query_result] = 0;
+			}
+
+			return $this->query_result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	//
+	// Other query methods
+	//
+	function sql_numrows($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			return $this->result_numrows[$query_id];
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_affectedrows($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			return $this->result_numrows[$query_id];
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_numfields($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = count($this->result_field_names[$query_id]);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fieldname($offset, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = $this->result_field_names[$query_id][$offset];
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fieldtype($offset, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = @odbc_field_type($query_id, $offset);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fetchrow($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			if($this->row_index[$query_id] < $this->result_numrows[$query_id])
+			{
+				$result = $this->result_rowset[$query_id][$this->row_index[$query_id]];
+				$this->row_index[$query_id]++;
+				return $result;
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fetchrowset($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$this->row_index[$query_id] = $this->result_numrows[$query_id];
+			return $this->result_rowset[$query_id];
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fetchfield($field, $row = -1, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			if($row < $this->result_numrows[$query_id])
+			{
+				if($row == -1)
+				{
+					$getrow = $this->row_index[$query_id]-1;
+				}
+				else
+				{
+					$getrow = $row;
+				}
+
+				return $this->result_rowset[$query_id][$getrow][$this->result_field_names[$query_id][$field]];
+
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_rowseek($offset, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$this->row_index[$query_id] = 0;
+			return true;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_nextid($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			return $this->next_id[$query_id];
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_freeresult($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = @odbc_free_result($query_id);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_error($query_id = 0)
+	{
+//		$result['code'] = @odbc_error($this->db_connect_id);
+//		$result['message'] = @odbc_errormsg($this->db_connect_id);
+
+		return "";
+	}
+
+} // class sql_db
+
+} // if ... define
+
+?>

phpBB/db/index.htm

@@ -0,0 +1,10 @@
+<html>
+<head>
+<title></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#FFFFFF" text="#000000">
+
+</body>
+</html>

phpBB/db/msaccess.php

@@ -0,0 +1,389 @@
+<?php
+/***************************************************************************
+ *                               msaccess.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if(!defined("SQL_LAYER"))
+{
+
+define("SQL_LAYER","msaccess");
+
+class sql_db
+{
+
+	var $db_connect_id;
+	var $result_ids = array();
+	var $result;
+
+	var $next_id;
+
+	var $num_rows = array();
+	var $current_row = array();
+	var $field_names = array();
+	var $field_types = array();
+	var $result_rowset = array();
+
+	var $num_queries = 0;
+
+	//
+	// Constructor
+	//
+	function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	{
+		$this->persistency = $persistency;
+		$this->server = $sqlserver;
+		$this->user = $sqluser;
+		$this->password = $sqlpassword;
+		$this->dbname = $database;
+
+		$this->db_connect_id = ($this->persistency) ? odbc_pconnect($this->server, $this->user, $this->password) : odbc_connect($this->server, $this->user, $this->password);
+
+		return ( $this->db_connect_id ) ? $this->db_connect_id : false;
+	}
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if($this->db_connect_id)
+		{
+			if( $this->in_transaction )
+			{
+				@odbc_commit($this->db_connect_id);
+			}
+
+			if( count($this->result_rowset) )
+			{
+				unset($this->result_rowset);
+				unset($this->field_names);
+				unset($this->field_types);
+				unset($this->num_rows);
+				unset($this->current_row);
+			}
+
+			return @odbc_close($this->db_connect_id);
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	//
+	// Query method
+	//
+	function sql_query($query = "", $transaction = FALSE)
+	{
+		if( $query != "" )
+		{
+			$this->num_queries++;
+
+			if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
+			{
+				if( !odbc_autocommit($this->db_connect_id, false) )
+				{
+					return false;
+				}
+				$this->in_transaction = TRUE;
+			}
+
+			$query = str_replace("LOWER(", "LCASE(", $query);
+
+			if( preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits) )
+			{
+				$query = $limits[1];
+
+				if( !empty($limits[2]) )
+				{
+					$row_offset = ( $limits[4] ) ? $limits[3] : "";
+					$num_rows = ( $limits[4] ) ? $limits[4] : $limits[3];
+
+					$query = "TOP " . ( $row_offset + $num_rows ) . $query;
+				}
+
+				$this->result = odbc_exec($this->db_connect_id, "SELECT $query");
+
+				if( $this->result )
+				{
+					if( empty($this->field_names[$this->result]) )
+					{
+						for($i = 1; $i < odbc_num_fields($this->result) + 1; $i++)
+						{
+							$this->field_names[$this->result][] = odbc_field_name($this->result, $i);
+							$this->field_types[$this->result][] = odbc_field_type($this->result, $i);
+						}
+					}
+
+					$this->current_row[$this->result] = 0;
+					$this->result_rowset[$this->result] = array();
+
+					$row_outer = ( isset($row_offset) ) ? $row_offset + 1 : 1;
+					$row_outer_max = ( isset($num_rows) ) ? $row_offset + $num_rows + 1 : 1E9;
+					$row_inner = 0;
+
+					while( odbc_fetch_row($this->result, $row_outer) && $row_outer < $row_outer_max )
+					{
+						for($j = 0; $j < count($this->field_names[$this->result]); $j++)
+						{
+							$this->result_rowset[$this->result][$row_inner][$this->field_names[$this->result][$j]] = stripslashes(odbc_result($this->result, $j + 1));
+						}
+
+						$row_outer++;
+						$row_inner++;
+					}
+
+					$this->num_rows[$this->result] = count($this->result_rowset[$this->result]);
+
+					odbc_free_result($this->result);
+				}
+
+			}
+			else if( eregi("^INSERT ", $query) )
+			{
+				$this->result = odbc_exec($this->db_connect_id, $query);
+
+				if( $this->result )
+				{
+					$result_id = odbc_exec($this->db_connect_id, "SELECT @@IDENTITY");
+					if( $result_id )
+					{
+						if( odbc_fetch_row($result_id) )
+						{
+							$this->next_id[$this->db_connect_id] = odbc_result($result_id, 1);
+							$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
+						}
+					}
+				}
+			}
+			else
+			{
+				$this->result = odbc_exec($this->db_connect_id, $query);
+
+				if( $this->result )
+				{
+					$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
+				}
+			}
+
+			if( !$this->result )
+			{
+				if( $this->in_transaction )
+				{
+					odbc_rollback($this->db_connect_id);
+					odbc_autocommit($this->db_connect_id, true);
+					$this->in_transaction = FALSE;
+				}
+
+				return false;
+			}
+
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$this->in_transaction = FALSE;
+
+				if ( !@odbc_commit($this->db_connect_id) )
+				{
+					odbc_rollback($this->db_connect_id);
+					odbc_autocommit($this->db_connect_id, true);
+					return false;
+				}
+				odbc_autocommit($this->db_connect_id, true);
+			}
+
+			return $this->result;
+		}
+		else
+		{
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$this->in_transaction = FALSE;
+
+				if ( !@odbc_commit($this->db_connect_id) )
+				{
+					odbc_rollback($this->db_connect_id);
+					odbc_autocommit($this->db_connect_id, true);
+					return false;
+				}
+				odbc_autocommit($this->db_connect_id, true);
+			}
+
+			return true;
+		}
+	}
+
+	//
+	// Other query methods
+	//
+	function sql_numrows($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? $this->num_rows[$query_id] : false;
+	}
+
+	function sql_numfields($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? count($this->field_names[$query_id]) : false;
+	}
+
+	function sql_fieldname($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? $this->field_names[$query_id][$offset] : false;
+	}
+
+	function sql_fieldtype($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? $this->field_types[$query_id][$offset] : false;
+	}
+
+	function sql_fetchrow($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			return ( $this->num_rows[$query_id] && $this->current_row[$query_id] < $this->num_rows[$query_id] ) ? $this->result_rowset[$query_id][$this->current_row[$query_id]++] : false;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchrowset($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			return ( $this->num_rows[$query_id] ) ? $this->result_rowset[$query_id] : false;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchfield($field, $row = -1, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			if( $row < $this->num_rows[$query_id] )
+			{
+				$getrow = ($row == -1) ? $this->current_row[$query_id] - 1 : $row;
+
+				return $this->result_rowset[$query_id][$getrow][$this->field_names[$query_id][$field]];
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_rowseek($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			$this->current_row[$query_id] = $offset - 1;
+			return true;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_nextid()
+	{
+		return ( $this->next_id[$this->db_connect_id] ) ? $this->next_id[$this->db_connect_id] : false;
+	}
+
+	function sql_affectedrows()
+	{
+		return ( $this->affected_rows[$this->db_connect_id] ) ? $this->affected_rows[$this->db_connect_id] : false;
+	}
+
+	function sql_freeresult($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		unset($this->num_rows[$query_id]);
+		unset($this->current_row[$query_id]);
+		unset($this->result_rowset[$query_id]);
+		unset($this->field_names[$query_id]);
+		unset($this->field_types[$query_id]);
+
+		return true;
+	}
+
+	function sql_error()
+	{
+		$error['code'] = "";//odbc_error($this->db_connect_id);
+		$error['message'] = "Error";//odbc_errormsg($this->db_connect_id);
+
+		return $error;
+	}
+
+} // class sql_db
+
+} // if ... define
+
+?>

phpBB/db/mssql-odbc.php

@@ -0,0 +1,387 @@
+<?php
+/***************************************************************************
+ *                              mssql-odbc.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if(!defined("SQL_LAYER"))
+{
+
+define("SQL_LAYER","mssql-odbc");
+
+class sql_db
+{
+
+	var $db_connect_id;
+	var $result;
+
+	var $next_id;
+
+	var $num_rows = array();
+	var $current_row = array();
+	var $field_names = array();
+	var $field_types = array();
+	var $result_rowset = array();
+
+	var $num_queries = 0;
+
+	//
+	// Constructor
+	//
+	function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	{
+		$this->persistency = $persistency;
+		$this->server = $sqlserver;
+		$this->user = $sqluser;
+		$this->password = $sqlpassword;
+		$this->dbname = $database;
+
+		$this->db_connect_id = ($this->persistency) ? odbc_pconnect($this->server, $this->user, $this->password) : odbc_connect($this->server, $this->user, $this->password);
+
+		return ( $this->db_connect_id ) ? $this->db_connect_id : false;
+	}
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if($this->db_connect_id)
+		{
+			if( $this->in_transaction )
+			{
+				@odbc_commit($this->db_connect_id);
+			}
+
+			if( count($this->result_rowset) )
+			{
+				unset($this->result_rowset);
+				unset($this->field_names);
+				unset($this->field_types);
+				unset($this->num_rows);
+				unset($this->current_row);
+			}
+
+			return @odbc_close($this->db_connect_id);
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	//
+	// Query method
+	//
+	function sql_query($query = "", $transaction = FALSE)
+	{
+		if( $query != "" )
+		{
+			$this->num_queries++;
+
+			if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
+			{
+				if( !odbc_autocommit($this->db_connect_id, false) )
+				{
+					return false;
+				}
+				$this->in_transaction = TRUE;
+			}
+
+			if( preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits) )
+			{
+				$query = $limits[1];
+
+				if( !empty($limits[2]) )
+				{
+					$row_offset = ( $limits[4] ) ? $limits[3] : "";
+					$num_rows = ( $limits[4] ) ? $limits[4] : $limits[3];
+
+					$query = "TOP " . ( $row_offset + $num_rows ) . $query;
+				}
+
+				$this->result = odbc_exec($this->db_connect_id, "SELECT $query"); 
+
+				if( $this->result )
+				{
+					if( empty($this->field_names[$this->result]) )
+					{
+						for($i = 1; $i < odbc_num_fields($this->result) + 1; $i++)
+						{
+							$this->field_names[$this->result][] = odbc_field_name($this->result, $i);
+							$this->field_types[$this->result][] = odbc_field_type($this->result, $i);
+						}
+					}
+
+					$this->current_row[$this->result] = 0;
+					$this->result_rowset[$this->result] = array();
+
+					$row_outer = ( isset($row_offset) ) ? $row_offset + 1 : 1;
+					$row_outer_max = ( isset($num_rows) ) ? $row_offset + $num_rows + 1 : 1E9;
+					$row_inner = 0;
+
+					while( odbc_fetch_row($this->result, $row_outer) && $row_outer < $row_outer_max )
+					{
+						for($j = 0; $j < count($this->field_names[$this->result]); $j++)
+						{
+							$this->result_rowset[$this->result][$row_inner][$this->field_names[$this->result][$j]] = stripslashes(odbc_result($this->result, $j + 1));
+						}
+
+						$row_outer++;
+						$row_inner++;
+					}
+
+					$this->num_rows[$this->result] = count($this->result_rowset[$this->result]);	
+				}
+
+			}
+			else if( eregi("^INSERT ", $query) )
+			{
+				$this->result = odbc_exec($this->db_connect_id, $query);
+
+				if( $this->result )
+				{
+					$result_id = odbc_exec($this->db_connect_id, "SELECT @@IDENTITY");
+					if( $result_id )
+					{
+						if( odbc_fetch_row($result_id) )
+						{
+							$this->next_id[$this->db_connect_id] = odbc_result($result_id, 1);	
+							$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
+						}
+					}
+				}
+			}
+			else
+			{
+				$this->result = odbc_exec($this->db_connect_id, $query);
+
+				if( $this->result )
+				{
+					$this->affected_rows[$this->db_connect_id] = odbc_num_rows($this->result);
+				}
+			}
+
+			if( !$this->result )
+			{
+				if( $this->in_transaction )
+				{
+					odbc_rollback($this->db_connect_id);
+					odbc_autocommit($this->db_connect_id, true);
+					$this->in_transaction = FALSE;
+				}
+
+				return false;
+			}
+
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$this->in_transaction = FALSE;
+
+				if ( !odbc_commit($this->db_connect_id) )
+				{
+					odbc_rollback($this->db_connect_id);
+					odbc_autocommit($this->db_connect_id, true);
+					return false;
+				}
+				odbc_autocommit($this->db_connect_id, true);
+			}
+
+			odbc_free_result($this->result);
+
+			return $this->result;
+		}
+		else
+		{
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$this->in_transaction = FALSE;
+
+				if ( !@odbc_commit($this->db_connect_id) )
+				{
+					odbc_rollback($this->db_connect_id);
+					odbc_autocommit($this->db_connect_id, true);
+					return false;
+				}
+				odbc_autocommit($this->db_connect_id, true);
+			}
+
+			return true;
+		}
+	}
+
+	//
+	// Other query methods
+	//
+	function sql_numrows($query_id = 0)
+	{
+		if( !$query_id ) 
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? $this->num_rows[$query_id] : false;
+	}
+
+	function sql_numfields($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? count($this->field_names[$query_id]) : false;
+	}
+
+	function sql_fieldname($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? $this->field_names[$query_id][$offset] : false;
+	}
+
+	function sql_fieldtype($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? $this->field_types[$query_id][$offset] : false;
+	}
+
+	function sql_fetchrow($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			return ( $this->num_rows[$query_id] && $this->current_row[$query_id] < $this->num_rows[$query_id] ) ? $this->result_rowset[$query_id][$this->current_row[$query_id]++] : false;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchrowset($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			return ( $this->num_rows[$query_id] ) ? $this->result_rowset[$query_id] : false;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchfield($field, $row = -1, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			if( $row < $this->num_rows[$query_id] )
+			{
+				$getrow = ( $row == -1 ) ? $this->current_row[$query_id] - 1 : $row;
+
+				return $this->result_rowset[$query_id][$getrow][$this->field_names[$query_id][$field]];
+
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_rowseek($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			$this->current_row[$query_id] = $offset - 1;
+			return true;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_nextid()
+	{
+		return ( $this->next_id[$this->db_connect_id] ) ? $this->next_id[$this->db_connect_id] : false;
+	}
+
+	function sql_affectedrows()
+	{
+		return ( $this->affected_rows[$this->db_connect_id] ) ? $this->affected_rows[$this->db_connect_id] : false;
+	}
+
+	function sql_freeresult($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		unset($this->num_rows[$query_id]);
+		unset($this->current_row[$query_id]);
+		unset($this->result_rowset[$query_id]);
+		unset($this->field_names[$query_id]);
+		unset($this->field_types[$query_id]);
+
+		return true;
+	}
+
+	function sql_error()
+	{
+		$error['code'] = odbc_error($this->db_connect_id);
+		$error['message'] = odbc_errormsg($this->db_connect_id);
+
+		return $error;
+	}
+
+} // class sql_db
+
+} // if ... define
+
+?>

phpBB/db/mssql.php

@@ -4,7 +4,7 @@
  *                            -------------------
  *   begin                : Saturday, Feb 13, 2001
  *   copyright            : (C) 2001 The phpBB Group
- *   email                : support@phpbb.com
+ *   email                : supportphpbb.com
  *
  *   $Id$
  *
@@ -18,191 +18,401 @@
  *   (at your option) any later version.
  *
  ***************************************************************************/
-if(!defined("SQL_LAYER")){
+
+if(!defined("SQL_LAYER"))
+{
 
 define("SQL_LAYER","mssql");
 
-class sql_db {
+class sql_db
+{
 
-   var $db_connect_id;
-   var $query_result;
-   var $row;
+	var $db_connect_id;
+	var $result;
 
-   //
-   // Constructor
-   //
-   function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency=false){
+	var $next_id;
+	var $in_transaction = 0;
 
-      $this->persistency = $persistency;
-      $this->user = $sqluser;
-      $this->password = $sqlpassword;
-      $this->host = $sqlserver;
-      $this->dbname = $database;
+	var $row = array();
+	var $rowset = array();
+	var $limit_offset;
+	var $query_limit_success;
 
-      if($this->persistency){
-         $this->db_connect_id = @mssql_pconnect($this->server,$this->user,$this->password);
-      } else {
-         $this->db_connect_id = @mssql_connect($this->server,$this->user,$this->password);
-      }
-      if($this->db_connect_id){
-         if($this->dbname != ""){
-            $dbselect = @mssql_select_db($this->dbname);
-            if(!$dbselect){
-               @mssql_close($this->db_connect_id);
-               $this->db_connect_id = $dbselect;
-            }
-         }
-      }
-      return $this->db_connect_id;
-   }
-   //
-   // Other base methods
-   //
-   function sql_setdb($database){
-      $this->dbname = $database;
-      $dbselect = @mssql_select_db($this->dbname);
-      if(!$dbselect){
-         sql_close();
-         $this->db_connect_id = $dbselect;
-      }
-      return $this->db_connect_id;
-   }
-   function sql_close(){
-      if($this->db_connect_id){
-         if($this->query_result){
-            @mssql_free_result($this->query_result);
-         }
-         $result = @mssql_close($this->db_connect_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
+	var $num_queries = 0;
+
+	//
+	// Constructor
+	//
+	function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	{
+		$this->persistency = $persistency;
+		$this->user = $sqluser;
+		$this->password = $sqlpassword;
+		$this->server = $sqlserver;
+		$this->dbname = $database;
+
+		$this->db_connect_id = ( $this->persistency ) ? @mssql_pconnect($this->server, $this->user, $this->password) : @mssql_connect($this->server, $this->user, $this->password);
+
+		if( $this->db_connect_id && $this->dbname != "" )
+		{
+			if( !mssql_select_db($this->dbname, $this->db_connect_id) )
+			{
+				mssql_close($this->db_connect_id);
+				return false;
+			}
+		}
+
+		return $this->db_connect_id;
+	}
+
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if($this->db_connect_id)
+		{
+			//
+			// Commit any remaining transactions
+			//
+			if( $this->in_transaction )
+			{
+				@mssql_query("COMMIT", $this->db_connect_id);
+			}
+
+			return @mssql_close($this->db_connect_id);
+		}
+		else
+		{
+			return false;
+		}
+	}
 
 
-   //
-   // Query method
-   //
-   function sql_query($query=""){
-      // Remove any pre-existing queries
-      unset($this->query_result);
-      unset($this->row);
-      if($query != ""){
-         // Does query contain any LIMIT code?
-         // If so pull out relevant start and num_results
-         // This isn't terribly easy with MSSQL, the best way is
-         // to use a temporary table.
-         if(eregi("LIMIT ",$query){
-            eregi("LIMIT ([0-9]+)[, ]+([0-9]+)", $query, $limits);
-            $row_offset = $limits[1];
-            if($limits[2])
-               $num_rows = $limits[2];
-         } else {
-            $this->query_result = @mssql_query($query, $this->db_connect_id);
-         }
-         return $this->query_result;
-      } else {
-         return 0;
-      }
-   }
-   //
-   // Other query methods
-   //
-   function sql_numrows(){
-      if($this->query_result){
-         $result = @mssql_num_rows($this->query_result);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_numfields(){
-      if($this->query_result){
-         $result = @mssql_num_fields($this->query_result);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fieldname($offset){
-      if($this->query_result){
-         $result = @mssql_field_name($this->query_result, $offset);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fieldtype($offset){
-      if($this->query_result){
-         $result = @mssql_field_type($this->query_result, $offset);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchrow(){
-      if($this->query_result){
-         $this->row = @mssql_fetch_array($this->query_result);
-         return $this->row;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchrowset(){
-      if($this->query_result){
-         empty($this->rowset);
-         while($this->rowset = @mssql_fetch_array($this->query_result)){
-            $result[] = $this->rowset;
-         }
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchfield($field, $row=-1) {
-      if($this->query_result){
-         if($row != -1){
-            $result=@mssql_result($this->query_result, $row, $field);
-         } else {
-            if(empty($this->row))
-               $this->row = @mssql_fetch_array($this->query_result);
-            $result = $this->row[$field];
-         }
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_rowseek($offset){
-      if($this->query_result){
-         $result = @mssql_data_seek($this->query_result, $rownum);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_nextid(){
-      if($this->query_result){
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_freeresult(){
-      if($this->query_result){
-         @mssql_free_result($this->query_result);
-         return;
-      } else {
-         return false;
-      }
-   }
-   function sql_error(){
-      $result[message] = @mssql_get_last_message();
-      return $result;
-   }
+	//
+	// Query method
+	//
+	function sql_query($query = '', $transaction = FALSE)
+	{
+		//
+		// Remove any pre-existing queries
+		//
+		unset($this->result);
+		unset($this->row);
+
+		if ( $query != '' )
+		{
+			$this->num_queries++;
+
+			if ( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
+			{
+				if ( !@mssql_query('BEGIN TRANSACTION', $this->db_connect_id) )
+				{
+					return false;
+				}
+				$this->in_transaction = TRUE;
+			}
+
+			//
+			// Does query contain any LIMIT code? If so pull out relevant start and num_results
+			// This isn't terribly easy with MSSQL, whatever you do will potentially impact
+			// performance compared to an 'in-built' limit
+			//
+			// Another issue is the 'lack' of a returned true value when a query is valid but has
+			// no result set (as with all the other DB interfaces). It seems though that it's
+			// 'fair' to say that if a query returns a false result (ie. no resource id) then the
+			// SQL was valid but had no result set. If the query returns nothing but the rowcount
+			// returns something then there's a problem. This may well be a false assumption though
+			// ... needs checking under Windows itself.
+			//
+			if( preg_match('#^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$#s', $query, $limits) )
+			{
+				$query = $limits[1];
+
+				if( !empty($limits[2]) )
+				{
+					$row_offset = ( $limits[4] ) ? $limits[3] : "";
+					$num_rows = ( $limits[4] ) ? $limits[4] : $limits[3];
+
+					$query = 'TOP ' . ( $row_offset + $num_rows ) . $query;
+				}
+
+				$this->result = @mssql_query("SELECT $query", $this->db_connect_id); 
+
+				if( $this->result )
+				{
+					$this->limit_offset[$this->result] = ( !empty($row_offset) ) ? $row_offset : 0;
+
+					if( $row_offset > 0 )
+					{
+						@mssql_data_seek($this->result, $row_offset);
+					}
+				}
+			}
+			else if( preg_match('#^INSERT #i', $query) )
+			{
+				if( @mssql_query($query, $this->db_connect_id) )
+				{
+					$this->result = time() + microtime();
+
+					$result_id = @mssql_query('SELECT @@IDENTITY AS id, @@ROWCOUNT as affected', $this->db_connect_id);
+					if( $result_id )
+					{
+						if( $row = @mssql_fetch_array($result_id) )
+						{
+							$this->next_id[$this->db_connect_id] = $row['id'];	
+							$this->affected_rows[$this->db_connect_id] = $row['affected'];
+						}
+					}
+				}
+			}
+			else
+			{
+				if( @mssql_query($query, $this->db_connect_id) )
+				{
+					$this->result = time() + microtime();
+
+					$result_id = @mssql_query('SELECT @@ROWCOUNT as affected', $this->db_connect_id);
+					if( $result_id )
+					{
+						if( $row = @mssql_fetch_array($result_id) )
+						{
+							$this->affected_rows[$this->db_connect_id] = $row['affected'];
+						}
+					}
+				}
+			}
+
+			if( !$this->result )
+			{
+				if( $this->in_transaction )
+				{
+					@mssql_query('ROLLBACK', $this->db_connect_id);
+					$this->in_transaction = FALSE;
+				}
+
+				return false;
+			}
+
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$this->in_transaction = FALSE;
+
+				if( !@mssql_query('COMMIT', $this->db_connect_id) )
+				{
+					@mssql_query("ROLLBACK", $this->db_connect_id);
+					return false;
+				}
+			}
+
+			return $this->result;
+		}
+		else
+		{
+			if( $transaction == END_TRANSACTION && $this->in_transaction  )
+			{
+				$this->in_transaction = FALSE;
+
+				if( !@mssql_query('COMMIT', $this->db_connect_id) )
+				{
+					@mssql_query('ROLLBACK', $this->db_connect_id);
+					return false;
+				}
+			}
+
+			return true;
+		}
+	}
+
+	//
+	// Other query methods
+	//
+	function sql_numrows($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id);
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_numfields($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? @mssql_num_fields($query_id) : false;
+	}
+
+	function sql_fieldname($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? @mssql_field_name($query_id, $offset) : false;
+	}
+
+	function sql_fieldtype($offset, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? @mssql_field_type($query_id, $offset) : false;
+	}
+
+	function sql_fetchrow($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			empty($row);
+
+			$row = @mssql_fetch_array($query_id);
+
+			while( list($key, $value) = @each($row) )
+			{
+				$row[$key] = stripslashes($value);
+			}
+			@reset($row);
+
+			return $row;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchrowset($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			$i = 0;
+			empty($rowset);
+
+			while( $row = @mssql_fetch_array($query_id))
+			{
+				while( list($key, $value) = @each($row) )
+				{
+					$rowset[$i][$key] = stripslashes($value);
+				}
+				$i++;
+			}
+			@reset($rowset);
+
+			return $rowset;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchfield($field, $row = -1, $query_id)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			if( $row != -1 )
+			{
+				if( $this->limit_offset[$query_id] > 0 )
+				{
+					$result = ( !empty($this->limit_offset[$query_id]) ) ? @mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false;
+				}
+				else
+				{
+					$result = @mssql_result($this->result, $row, $field);
+				}
+			}
+			else
+			{
+				if( empty($this->row[$query_id]) )
+				{
+					$this->row[$query_id] = @mssql_fetch_array($query_id);
+					$result = stripslashes($this->row[$query_id][$field]);
+				}
+			}
+
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_rowseek($rownum, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		if( $query_id )
+		{
+			return ( !empty($this->limit_offset[$query_id]) ) ? @mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : @mssql_data_seek($query_id, $rownum);
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_nextid()
+	{
+		return ( $this->next_id[$this->db_connect_id] ) ? $this->next_id[$this->db_connect_id] : false;
+	}
+
+	function sql_affectedrows()
+	{
+		return ( $this->affected_rows[$this->db_connect_id] ) ? $this->affected_rows[$this->db_connect_id] : false;
+	}
+
+	function sql_freeresult($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->result;
+		}
+
+		return ( $query_id ) ? @mssql_free_result($query_id) : false;
+	}
+
+	function sql_error($query_id = 0)
+	{
+		$result['message'] = @mssql_get_last_message();
+		return $result;
+	}
 
 } // class sql_db
 
 } // if ... define
 
-?>
+?>

phpBB/db/mysql.php

@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *                                 mysql.php 
+ *                                 mysql.php
  *                            -------------------
  *   begin                : Saturday, Feb 13, 2001
  *   copyright            : (C) 2001 The phpBB Group
@@ -19,217 +19,317 @@
  *
  ***************************************************************************/
 
-if(!defined("SQL_LAYER")){
+if(!defined("SQL_LAYER"))
+{
 
 define("SQL_LAYER","mysql");
 
-class sql_db {
+class sql_db
+{
 
-   var $db_connect_id;
-   var $query_result;
-   var $row;
+	var $db_connect_id;
+	var $query_result;
+	var $row = array();
+	var $rowset = array();
+	var $num_queries = 0;
 
-   //
-   // Constructor
-   //
-   function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency=true){
+	//
+	// Constructor
+	//
+	function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	{
 
-      $this->persistency = $persistency;
-      $this->user = $sqluser;
-      $this->password = $sqlpassword;
-      $this->host = $sqlserver;
+		$this->persistency = $persistency;
+		$this->user = $sqluser;
+		$this->password = $sqlpassword;
+		$this->server = $sqlserver;
+		$this->dbname = $database;
 
-      if($this->persistency){
-         $this->db_connect_id = @mysql_pconnect($this->server, $this->user, $this->password);
-      } else {
-         $this->db_connect_id = @mysql_connect($this->server, $this->user, $this->password);
-      }
-      if($this->db_connect_id){
-         if($database != ""){
-            $this->dbname = $database;
-            $dbselect = @mysql_select_db($this->dbname);
-            if(!$dbselect){
-               mysql_close($this->db_connect_id);
-               $this->db_connect_id = $dbselect;
-            }
-         }
-      }
-      return $this->db_connect_id;
-   }
-   //
-   // Other base methods
-   //
-   function sql_setdb($database){
-      if($database != ""){
-         $this->dbname = $database;
-         $dbselect = @mysql_select_db($this->dbname);
-         if(!$dbselect){
-            sql_close();
-            $this->db_connect_id = $dbselect;
-         }
-         return $this->db_connect_id;
-      } else {
-         return false;
-      }
-   }
-   function sql_close(){
-      if($this->db_connect_id){
-         if($this->query_result){
-            @mysql_free_result($this->query_result);
-         }
-         $result = @mysql_close($this->db_connect_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
+		if($this->persistency)
+		{
+			$this->db_connect_id = @mysql_pconnect($this->server, $this->user, $this->password);
+		}
+		else
+		{
+			$this->db_connect_id = @mysql_connect($this->server, $this->user, $this->password);
+		}
+		if($this->db_connect_id)
+		{
+			if($database != "")
+			{
+				$this->dbname = $database;
+				$dbselect = @mysql_select_db($this->dbname);
+				if(!$dbselect)
+				{
+					@mysql_close($this->db_connect_id);
+					$this->db_connect_id = $dbselect;
+				}
+			}
+			return $this->db_connect_id;
+		}
+		else
+		{
+			return false;
+		}
+	}
 
-   //
-   // Base query method
-   //
-   function sql_query($query=""){
-      // Remove any pre-existing queries
-      unset($this->query_result);
-      if($query != ""){
-         $this->query_result = @mysql_query($query, $this->db_connect_id);
-      }
-      if($this->query_result){
-         unset($this->row[$this->query_result]);
-         unset($this->rowset[$this->query_result]);
-         return $this->query_result;
-      } else {
-         return false;
-      }
-   }
-   //
-   // Other query methods
-   //
-   function sql_numrows($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @mysql_num_rows($query_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_numfields($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @mysql_num_fields($query_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fieldname($offset, $query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @mysql_field_name($query_id, $offset);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fieldtype($offset, $query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @mysql_field_type($query_id, $offset);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchrow($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $this->row[$query_id] = @mysql_fetch_array($query_id);
-         return $this->row[$query_id];
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchrowset($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         unset($this->rowset[$query_id]);
-         unset($this->row[$query_id]);
-         while($this->rowset[$query_id] = @mysql_fetch_array($query_id)){
-            $result[] = $this->rowset[$query_id];
-         }
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchfield($field, $rownum=-1, $query_id = 0) {
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         if($rownum > -1){
-            $result = @mysql_result($query_id, $rownum, $field);
-         } else {
-            if(empty($this->row[$query_id]) && empty($this->rowset[$query_id])){
-               if($this->sql_fetchrow())
-                  $result = $this->row[$query_id][$field];
-            } else {
-               if($this->rowset[$query_id]){
-                  $result = $this->rowset[$query_id][$field];
-               } else if($this->row[$query_id]){
-                  $result = $this->row[$query_id][$field];
-               }
-            }
-         }
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_rowseek($rownum, $query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @mysql_data_seek($query_id, $rownum);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_nextid(){
-      if($this->db_connection_id){
-         $result = @mysql_insert_id();
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_freeresult($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @mysql_free_result($query_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_error($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      $result[message] = @mysql_error($query_id);
-      $result[code] = @mysql_errno($query_id);
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if($this->db_connect_id)
+		{
+			if($this->query_result)
+			{
+				@mysql_free_result($this->query_result);
+			}
+			$result = @mysql_close($this->db_connect_id);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
 
-      return $result;
-   }
+	//
+	// Base query method
+	//
+	function sql_query($query = "", $transaction = FALSE)
+	{
+		// Remove any pre-existing queries
+		unset($this->query_result);
+		if($query != "")
+		{
+			$this->num_queries++;
+
+			$this->query_result = @mysql_query($query, $this->db_connect_id);
+		}
+		if($this->query_result)
+		{
+			unset($this->row[$this->query_result]);
+			unset($this->rowset[$this->query_result]);
+			return $this->query_result;
+		}
+		else
+		{
+			return ( $transaction == END_TRANSACTION ) ? true : false;
+		}
+	}
+
+	//
+	// Other query methods
+	//
+	function sql_numrows($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = @mysql_num_rows($query_id);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_affectedrows()
+	{
+		if($this->db_connect_id)
+		{
+			$result = @mysql_affected_rows($this->db_connect_id);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_numfields($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = @mysql_num_fields($query_id);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fieldname($offset, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = @mysql_field_name($query_id, $offset);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fieldtype($offset, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = @mysql_field_type($query_id, $offset);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fetchrow($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$this->row[$query_id] = @mysql_fetch_array($query_id);
+			return $this->row[$query_id];
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fetchrowset($query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			unset($this->rowset[$query_id]);
+			unset($this->row[$query_id]);
+			while($this->rowset[$query_id] = @mysql_fetch_array($query_id))
+			{
+				$result[] = $this->rowset[$query_id];
+			}
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_fetchfield($field, $rownum = -1, $query_id = 0)
+	{
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			if($rownum > -1)
+			{
+				$result = @mysql_result($query_id, $rownum, $field);
+			}
+			else
+			{
+				if(empty($this->row[$query_id]) && empty($this->rowset[$query_id]))
+				{
+					if($this->sql_fetchrow())
+					{
+						$result = $this->row[$query_id][$field];
+					}
+				}
+				else
+				{
+					if($this->rowset[$query_id])
+					{
+						$result = $this->rowset[$query_id][$field];
+					}
+					else if($this->row[$query_id])
+					{
+						$result = $this->row[$query_id][$field];
+					}
+				}
+			}
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_rowseek($rownum, $query_id = 0){
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+		if($query_id)
+		{
+			$result = @mysql_data_seek($query_id, $rownum);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_nextid(){
+		if($this->db_connect_id)
+		{
+			$result = @mysql_insert_id($this->db_connect_id);
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_freeresult($query_id = 0){
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ( $query_id )
+		{
+			unset($this->row[$query_id]);
+			unset($this->rowset[$query_id]);
+
+			@mysql_free_result($query_id);
+
+			return true;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	function sql_error($query_id = 0)
+	{
+		$result["message"] = @mysql_error($this->db_connect_id);
+		$result["code"] = @mysql_errno($this->db_connect_id);
+
+		return $result;
+	}
 
 } // class sql_db
 
 } // if ... define
 
-?>
+?>

phpBB/db/mysql4.php

@@ -0,0 +1,340 @@
+<?php
+/***************************************************************************
+ *                                 mysql4.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : supportphpbb.com
+ *
+ *   $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if(!defined("SQL_LAYER"))
+{
+
+define("SQL_LAYER","mysql4");
+
+class sql_db
+{
+
+	var $db_connect_id;
+	var $query_result;
+	var $row = array();
+	var $rowset = array();
+	var $num_queries = 0;
+	var $in_transaction = 0;
+
+	//
+	// Constructor
+	//
+	function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	{
+		$this->persistency = $persistency;
+		$this->user = $sqluser;
+		$this->password = $sqlpassword;
+		$this->server = $sqlserver;
+		$this->dbname = $database;
+
+		$this->db_connect_id = ($this->persistency) ? mysql_pconnect($this->server, $this->user, $this->password) : mysql_connect($this->server, $this->user, $this->password);
+
+		if( $this->db_connect_id )
+		{
+			if( $database != "" )
+			{
+				$this->dbname = $database;
+				$dbselect = mysql_select_db($this->dbname);
+
+				if( !$dbselect )
+				{
+					mysql_close($this->db_connect_id);
+					$this->db_connect_id = $dbselect;
+				}
+			}
+
+			return $this->db_connect_id;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if( $this->db_connect_id )
+		{
+			//
+			// Commit any remaining transactions
+			//
+			if( $this->in_transaction )
+			{
+				mysql_query("COMMIT", $this->db_connect_id);
+			}
+
+			return mysql_close($this->db_connect_id);
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	//
+	// Base query method
+	//
+	function sql_query($query = "", $transaction = FALSE)
+	{
+		//
+		// Remove any pre-existing queries
+		//
+		unset($this->query_result);
+
+		if( $query != "" )
+		{
+			$this->num_queries++;
+			if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
+			{
+				$result = mysql_query("BEGIN", $this->db_connect_id);
+				if(!$result)
+				{
+					return false;
+				}
+				$this->in_transaction = TRUE;
+			}
+
+			$this->query_result = mysql_query($query, $this->db_connect_id);
+		}
+		else
+		{
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$result = mysql_query("COMMIT", $this->db_connect_id);
+			}
+		}
+
+		if( $this->query_result )
+		{
+			unset($this->row[$this->query_result]);
+			unset($this->rowset[$this->query_result]);
+
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$this->in_transaction = FALSE;
+
+				if ( !mysql_query("COMMIT", $this->db_connect_id) )
+				{
+					mysql_query("ROLLBACK", $this->db_connect_id);
+					return false;
+				}
+			}
+			
+			return $this->query_result;
+		}
+		else
+		{
+			if( $this->in_transaction )
+			{
+				mysql_query("ROLLBACK", $this->db_connect_id);
+				$this->in_transaction = FALSE;
+			}
+			return false;
+		}
+	}
+
+	//
+	// Other query methods
+	//
+	function sql_numrows($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? mysql_num_rows($query_id) : false;
+	}
+
+	function sql_affectedrows()
+	{
+		return ( $this->db_connect_id ) ? mysql_affected_rows($this->db_connect_id) : false;
+	}
+
+	function sql_numfields($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? mysql_num_fields($query_id) : false;
+	}
+
+	function sql_fieldname($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? mysql_field_name($query_id, $offset) : false;
+	}
+
+	function sql_fieldtype($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? mysql_field_type($query_id, $offset) : false;
+	}
+
+	function sql_fetchrow($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		if( $query_id )
+		{
+			$this->row[$query_id] = mysql_fetch_array($query_id, MYSQL_ASSOC);
+			return $this->row[$query_id];
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchrowset($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		if( $query_id )
+		{
+			unset($this->rowset[$query_id]);
+			unset($this->row[$query_id]);
+
+			while($this->rowset[$query_id] = mysql_fetch_array($query_id, MYSQL_ASSOC))
+			{
+				$result[] = $this->rowset[$query_id];
+			}
+
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_fetchfield($field, $rownum = -1, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		if( $query_id )
+		{
+			if( $rownum > -1 )
+			{
+				$result = mysql_result($query_id, $rownum, $field);
+			}
+			else
+			{
+				if( empty($this->row[$query_id]) && empty($this->rowset[$query_id]) )
+				{
+					if( $this->sql_fetchrow() )
+					{
+						$result = $this->row[$query_id][$field];
+					}
+				}
+				else
+				{
+					if( $this->rowset[$query_id] )
+					{
+						$result = $this->rowset[$query_id][$field];
+					}
+					else if( $this->row[$query_id] )
+					{
+						$result = $this->row[$query_id][$field];
+					}
+				}
+			}
+
+			return $result;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_rowseek($rownum, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? mysql_data_seek($query_id, $rownum) : false;
+	}
+
+	function sql_nextid()
+	{
+		return ( $this->db_connect_id ) ? mysql_insert_id($this->db_connect_id) : false;
+	}
+
+	function sql_freeresult($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		if ( $query_id )
+		{
+			unset($this->row[$query_id]);
+			unset($this->rowset[$query_id]);
+
+			mysql_free_result($query_id);
+
+			return true;
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	function sql_error()
+	{
+		$result['message'] = mysql_error($this->db_connect_id);
+		$result['code'] = mysql_errno($this->db_connect_id);
+
+		return $result;
+	}
+
+} // class sql_db
+
+} // if ... define
+
+?>

phpBB/db/postgres7.php

@@ -1,278 +1,397 @@
 <?php
   /***************************************************************************
-   *                                 postgres7.php
+   *                               postgres7.php
    *                            -------------------
    *   begin                : Saturday, Feb 13, 2001
    *   copyright            : (C) 2001 The phpBB Group
-   *   email                : support@phpbb.com
+   *   email                : supportphpbb.com
    *
    *   $Id$
    *
    ***************************************************************************/
 
-  /***************************************************************************
-   *
-   *   This program is free software; you can redistribute it and/or modify
-   *   it under the terms of the GNU General Public License as published by
-   *   the Free Software Foundation; either version 2 of the License, or
-   *   (at your option) any later version.
-   *
-   ***************************************************************************/
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
 
-if(!defined("SQL_LAYER")){
+if(!defined("SQL_LAYER"))
+{
 
 define("SQL_LAYER","postgresql");
 
-class sql_db {
+class sql_db
+{
 
-   var $db_connect_id;
-   var $query_result;
-   var $row;
-   var $rownum = array();
-   //
-   // Constructor
-   //
-   function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency=true){
+	var $db_connect_id;
+	var $query_result;
+	var $in_transaction = 0;
+	var $row = array();
+	var $rowset = array();
+	var $rownum = array();
+	var $num_queries = 0;
 
-      $this->connect_string = "";
-      if($sqluser){
-         $this->connect_string .= "user=$sqluser ";
-      }
-      if($sqlpassword){
-         $this->connect_string .= "password=$sqlpassword ";
-      }
-      if($sqlserver){
-         if(ereg(":",$sqlserver)){
-            list($sqlserver,$sqlport) = split(":",$sqlserver);
-            $this->connect_string .= "host=$sqlserver port=$sqlport ";
-         } else {
-            $this->connect_string .= "host=$sqlserver ";
-         }
-      }
-      if($database){
-         $this->dbname = $database;
-         $make_connect = $this->connect_string . "dbname=$database";
-      } else {
-         $make_connect = $this->connect_string;
-      }
-      $this->persistency = $persistency;
+	//
+	// Constructor
+	//
+	function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
+	{
+		$this->connect_string = "";
 
-      if($this->persistency){
-         $this->db_connect_id = @pg_pconnect($make_connect);
-      } else {
-         $this->db_connect_id = @pg_connect($make_connect);
-      }
-      return $this->db_connect_id;
-   }
-   //
-   // Other base methods
-   //
-   function sql_setdb($database){
-      if($this->db_connect_id){
-         if($this->query_result){
-            @pg_freeresult($this->query_result);
-            unset($this->query_result);
-            unset($this->row);
-         }
-         $result = @pg_close($this->db_connect_id);
-         if($result){
-            $this->dbname = $database;
-            $make_connect = $this->connect_string . "dbname=$database";
-            if($this->persistency){
-               $this->db_connect_id = @pg_pconnect($make_connect);
-            } else {
-               $this->db_connect_id = @pg_connect($make_connect);
-            }
-         }
-      }
-      return $this->db_connect_id;
-   }
-   function sql_close(){
-      if($this->db_connect_id){
-         if($this->query_result){
-            @pg_freeresult($this->query_result);
-         }
-         $result = @pg_close($this->db_connect_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
+		if( $sqluser )
+		{
+			$this->connect_string .= "user=$sqluser ";
+		}
 
+		if( $sqlpassword )
+		{
+			$this->connect_string .= "password=$sqlpassword ";
+		}
 
-   //
-   // Query method
-   //
-   function sql_query($query=""){
-      // Remove any pre-existing queries
-      unset($this->query_result);
-      if($query != ""){
-         $this->query_result = @pg_exec($this->db_connect_id, $query);
-         if($this->query_result){
+		if( $sqlserver )
+		{
+			if( ereg(":", $sqlserver) )
+			{
+				list($sqlserver, $sqlport) = split(":", $sqlserver);
+				$this->connect_string .= "host=$sqlserver port=$sqlport ";
+			}
+			else
+			{
+				if( $sqlserver != "localhost" )
+				{
+					$this->connect_string .= "host=$sqlserver ";
+				}
+			}
+		}
 
-            $this->last_query_text[$this->query_result] = $query;
-            $this->rownum[$this->query_result] = 0;
-            unset($this->row[$this->query_result]);
-            unset($this->rowset[$this->query_result]);
+		if( $database )
+		{
+			$this->dbname = $database;
+			$this->connect_string .= "dbname=$database";
+		}
 
-            return $this->query_result;
-         } else {
-            return false;
-         }
-      } else {
-         return 0;
-      }
-   }
-   //
-   // Other query methods
-   //
-   function sql_numrows($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @pg_numrows($query_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_numfields($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @pg_numfields($query_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fieldname($offset, $query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @pg_fieldname($query_id, $offset);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fieldtype($offset, $query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @pg_fieldtype($query_id, $offset);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchrow($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $this->row = @pg_fetch_array($query_id, $this->rownum[$query_id]);
-         if($this->row)
-            $this->rownum[$query_id]++;
-         return $this->row;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchrowset($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         unset($this->rowset[$query_id]);
-         unset($this->row[$query_id]);
-         $this->rownum[$query_id] = 0;
-         while($this->rowset = @pg_fetch_array($query_id, $this->rownum[$query_id])){
-            $result[] = $this->rowset;
-            $this->rownum[$query_id]++;
-         }
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_fetchfield($field, $row_offset=-1, $query_id = 0) {
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         if($row_offset != -1){
-            $this->row = @pg_fetch_array($query_id, $row_offset);
-         } else {
-            if($this->rownum[$query_id]){
-               $this->row = @pg_fetch_array($query_id, $this->rownum[$query_id]-1);
-            } else {
-               $this->row = @pg_fetch_array($query_id, $this->rownum[$query_id]);
-               if($this->row)
-                  $this->rownum[$query_id]++;
-            }
-         }
-         $result = $this->row[$field];
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_rowseek($offset, $query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         if($offset>-1){
-            $this->rownum[$query_id] = $offset;
-            return true;
-         } else {
-            return false;
-         }
-      } else {
-         return false;
-      }
-   }
-   function sql_nextid($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id && $this->last_query_text[$query_id] != ""){
-         if(eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([[:alnum:]]+)[\"]?", $this->last_query_text[$query_id], $tablename);
-            $query = "SELECT last_value FROM ".$tablename[2]."_id_seq";
-            $temp_q_id =  @pg_exec($this->db_connect_id, $query);
-            if($query_id){
-               $temp_result = @pg_fetch_array($temp_q_id, 0);
-               if($temp_result){
-                  return $temp_result["last_value"]+1;
-               } else {
-                  return false;
-               }
-            } else {
-               return false;
-            }
-         } else {
-            return false;
-         }
-      } else {
-         return false;
-      }
-   }
-   function sql_freeresult($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      if($query_id){
-         $result = @pg_freeresult($query_id);
-         return $result;
-      } else {
-         return false;
-      }
-   }
-   function sql_error($query_id = 0){
-      if(!$query_id)
-         $query_id = $this->query_result;
-      $result[message] = @pg_errormessage($query_id);
-      $result[code] = -1;
-      return $result;
-   }
+		$this->persistency = $persistency;
+
+		$this->db_connect_id = ( $this->persistency ) ? pg_pconnect($this->connect_string) : pg_connect($this->connect_string);
+
+		return ( $this->db_connect_id ) ? $this->db_connect_id : false;
+	}
+
+	//
+	// Other base methods
+	//
+	function sql_close()
+	{
+		if( $this->db_connect_id )
+		{
+			//
+			// Commit any remaining transactions
+			//
+			if( $this->in_transaction )
+			{
+				@pg_exec($this->db_connect_id, "COMMIT");
+			}
+
+			if( $this->query_result )
+			{
+				@pg_freeresult($this->query_result);
+			}
+
+			return @pg_close($this->db_connect_id);
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	//
+	// Query method
+	//
+	function sql_query($query = "", $transaction = false)
+	{
+		//
+		// Remove any pre-existing queries
+		//
+		unset($this->query_result);
+		if( $query != "" )
+		{
+			$this->num_queries++;
+
+			$query = preg_replace("/LIMIT ([0-9]+),([ 0-9]+)/", "LIMIT \\2 OFFSET \\1", $query);
+
+			if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
+			{
+				$this->in_transaction = TRUE;
+
+				if( !@pg_exec($this->db_connect_id, "BEGIN") )
+				{
+					return false;
+				}
+			}
+
+			$this->query_result = @pg_exec($this->db_connect_id, $query);
+			if( $this->query_result )
+			{
+				if( $transaction == END_TRANSACTION )
+				{
+					$this->in_transaction = FALSE;
+
+					if( !@pg_exec($this->db_connect_id, "COMMIT") )
+					{
+						@pg_exec($this->db_connect_id, "ROLLBACK");
+						return false;
+					}
+				}
+
+				$this->last_query_text[$this->query_result] = $query;
+				$this->rownum[$this->query_result] = 0;
+
+				unset($this->row[$this->query_result]);
+				unset($this->rowset[$this->query_result]);
+
+				return $this->query_result;
+			}
+			else
+			{
+				if( $this->in_transaction )
+				{
+					@pg_exec($this->db_connect_id, "ROLLBACK");
+				}
+				$this->in_transaction = FALSE;
+
+				return false;
+			}
+		}
+		else
+		{
+			if( $transaction == END_TRANSACTION && $this->in_transaction )
+			{
+				$this->in_transaction = FALSE;
+
+				if( !@pg_exec($this->db_connect_id, "COMMIT") )
+				{
+					@pg_exec($this->db_connect_id, "ROLLBACK");
+					return false;
+				}
+			}
+
+			return true;
+		}
+	}
+
+	//
+	// Other query methods
+	//
+	function sql_numrows($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? @pg_numrows($query_id) : false;
+	}
+
+	function sql_numfields($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? @pg_numfields($query_id) : false;
+	}
+
+	function sql_fieldname($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? @pg_fieldname($query_id, $offset) : false;
+	}
+
+	function sql_fieldtype($offset, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? @pg_fieldtype($query_id, $offset) : false;
+	}
+
+	function sql_fetchrow($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		if($query_id)
+		{
+			$this->row = @pg_fetch_array($query_id, $this->rownum[$query_id]);
+
+			if( $this->row )
+			{
+				$this->rownum[$query_id]++;
+				return $this->row;
+			}
+		}
+
+		return false;
+	}
+
+	function sql_fetchrowset($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		if( $query_id )
+		{
+			unset($this->rowset[$query_id]);
+			unset($this->row[$query_id]);
+			$this->rownum[$query_id] = 0;
+
+			while( $this->rowset = @pg_fetch_array($query_id, $this->rownum[$query_id], PGSQL_ASSOC) )
+			{
+				$result[] = $this->rowset;
+				$this->rownum[$query_id]++;
+			}
+
+			return $result;
+		}
+
+		return false;
+	}
+
+	function sql_fetchfield($field, $row_offset=-1, $query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		if( $query_id )
+		{
+			if( $row_offset != -1 )
+			{
+				$this->row = @pg_fetch_array($query_id, $row_offset, PGSQL_ASSOC);
+			}
+			else
+			{
+				if( $this->rownum[$query_id] )
+				{
+					$this->row = @pg_fetch_array($query_id, $this->rownum[$query_id]-1, PGSQL_ASSOC);
+				}
+				else
+				{
+					$this->row = @pg_fetch_array($query_id, $this->rownum[$query_id], PGSQL_ASSOC);
+
+					if( $this->row )
+					{
+						$this->rownum[$query_id]++;
+					}
+				}
+			}
+
+			return $this->row[$field];
+		}
+
+		return false;
+	}
+
+	function sql_rowseek($offset, $query_id = 0)
+	{
+
+		if(!$query_id)
+		{
+			$query_id = $this->query_result;
+		}
+
+		if( $query_id )
+		{
+			if( $offset > -1 )
+			{
+				$this->rownum[$query_id] = $offset;
+				return true;
+			}
+			else
+			{
+				return false;
+			}
+		}
+
+		return false;
+	}
+
+	function sql_nextid()
+	{
+		$query_id = $this->query_result;
+
+		if($query_id && $this->last_query_text[$query_id] != "")
+		{
+			if( preg_match("/^INSERT[\t\n ]+INTO[\t\n ]+([a-z0-9\_\-]+)/is", $this->last_query_text[$query_id], $tablename) )
+			{
+				$query = "SELECT currval('" . $tablename[1] . "_id_seq') AS last_value";
+				$temp_q_id =  @pg_exec($this->db_connect_id, $query);
+				if( !$temp_q_id )
+				{
+					return false;
+				}
+
+				$temp_result = @pg_fetch_array($temp_q_id, 0, PGSQL_ASSOC);
+
+				return ( $temp_result ) ? $temp_result['last_value'] : false;
+			}
+		}
+
+		return false;
+	}
+
+	function sql_affectedrows($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? @pg_cmdtuples($query_id) : false;
+	}
+
+	function sql_freeresult($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		return ( $query_id ) ? @pg_freeresult($query_id) : false;
+	}
+
+	function sql_error($query_id = 0)
+	{
+		if( !$query_id )
+		{
+			$query_id = $this->query_result;
+		}
+
+		$result['message'] = @pg_errormessage($this->db_connect_id);
+		$result['code'] = -1;
+
+		return $result;
+	}
 
 } // class ... db_sql
 
 } // if ... defined
 
-?>
+?>

phpBB/develop/bbcode_conversion.php

@@ -0,0 +1,218 @@
+<?php
+/***************************************************************************  
+ *                           bbcode_conversion.php  
+ *                            -------------------                         
+ *   begin                : Tuesday, March 20, 2001 
+ *   copyright            : (C) 2001 The phpBB Group        
+ *   email                : support@phpbb.com                           
+ *                                                          
+ *   $Id:
+ *                                                            
+ * 
+ ***************************************************************************/ 
+
+
+/***************************************************************************  
+ *                                                     
+ *   This program is free software; you can redistribute it and/or modify    
+ *   it under the terms of the GNU General Public License as published by   
+ *   the Free Software Foundation; either version 2 of the License, or  
+ *   (at your option) any later version.                      
+ *                                                          
+ * 
+ ***************************************************************************/ 
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+ 
+include('../extension.inc');
+include('../config.'.$phpEx);
+include('../includes/constants.'.$phpEx);
+include('../functions/functions.'.$phpEx);
+include('../includes/db.'.$phpEx);
+include('../functions/bbcode.'.$phpEx);
+ 
+set_time_limit(60*60);  // Increase maximum execution time to 60 minutes. 
+ 
+
+
+$backup_name = "backup_post_text";
+$table_name = POSTS_TEXT_TABLE;
+$sql = "CREATE TABLE $backup_name (
+   post_id int(10) DEFAULT '0' NOT NULL,
+   post_text text,
+   PRIMARY KEY (post_id)
+);";
+
+echo "<p>Creating backup table.. </p>\n";
+flush();
+
+$result = $db->sql_query($sql);
+if (!$result) 
+{
+	$db_error = $db->sql_error();
+	die("Error doing DB backup table creation. Reason: " . $db_error["message"]);
+}
+
+$sql = "insert into $backup_name select * from $table_name";
+
+echo "<p>Populating backup table.. </p>\n";
+flush();
+
+$result = $db->sql_query($sql);
+if (!$result) 
+{
+	$db_error = $db->sql_error();
+	die("Error doing DB backup table data moving. Reason: " . $db_error["message"]);
+}
+
+
+$sql = "SELECT p.post_id, t.post_text FROM " . POSTS_TABLE . " p, " . POSTS_TEXT_TABLE . " t WHERE (p.post_id = t.post_id)";
+if(!$result = $db->sql_query($sql))
+{
+   die("error getting posts to work on");
+}
+if(!$total_rows = $db->sql_numrows($result))
+{
+   die("error getting rowcount");
+}
+
+echo "<p><b>Found $total_rows total rows to work on. </b></p>\n";
+flush();
+
+$row = $db->sql_fetchrowset($result);
+
+for($i = 0; $i < $total_rows; $i++)
+{
+	$post_id = $row[$i]['post_id'];
+	$text = $row[$i]['post_text'];
+
+	// undo 1.2.x encoding..
+	$text = bbdecode($text);
+	$text = undo_make_clickable($text);
+	$text = str_replace("<BR>", "\n", $text);
+	
+	// make a uid
+	$uid = make_bbcode_uid();
+	
+	// do 2.x first-pass encoding..
+	$text = bbencode_first_pass($text, $uid);
+	
+	$text = addslashes($text);
+	
+	// put the uid in the database.
+	$sql = "UPDATE " . POSTS_TABLE . " SET bbcode_uid='" . $uid . "' WHERE (post_id = $post_id)";
+	$result = $db->sql_query($sql);
+  if (!$result) 
+	{
+		$db_error = $db->sql_error();
+		die("Error doing DB update in posts table. Reason: " . $db_error["message"] . " sql: $sql");
+	}
+	// Put the post text back in the database.
+	$sql = "UPDATE " . POSTS_TEXT_TABLE . " SET post_text='" . $text . "' WHERE (post_id = $post_id)";
+	$result = $db->sql_query($sql);
+  if (!$result) 
+	{
+		$db_error = $db->sql_error();
+		die("Error doing DB update in post text table. Reason: " . $db_error["message"] . " sql: $sql");
+	}
+	
+	if (($i % 100) == 0)
+	{
+		echo "Done post: <b> $i </b><br>\n";
+		flush();
+	}
+	
+	
+}
+
+
+
+echo "<p><b>Done.</b></p>\n";
+
+
+
+// -------------------------------------------------------------------------------
+// Everything below here is 1.x BBCode functions.
+// -------------------------------------------------------------------------------
+
+
+function bbdecode($message) {
+
+		// Undo [code]
+		$code_start_html = "<!-- BBCode Start --><TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font size=-1>Code:</font><HR></TD></TR><TR><TD><FONT SIZE=-1><PRE>";
+		$code_end_html = "</PRE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE><!-- BBCode End -->";
+		$message = str_replace($code_start_html, "[code]", $message);
+		$message = str_replace($code_end_html, "[/code]", $message);
+
+		// Undo [quote]
+		$quote_start_html = "<!-- BBCode Quote Start --><TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font size=-1>Quote:</font><HR></TD></TR><TR><TD><FONT SIZE=-1><BLOCKQUOTE>";
+		$quote_end_html = "</BLOCKQUOTE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE><!-- BBCode Quote End -->";
+		$message = str_replace($quote_start_html, "[quote]", $message);
+		$message = str_replace($quote_end_html, "[/quote]", $message);
+		
+		// Undo [b] and [i]
+		$message = preg_replace("#<!-- BBCode Start --><B>(.*?)</B><!-- BBCode End -->#s", "[b]\\1[/b]", $message);
+		$message = preg_replace("#<!-- BBCode Start --><I>(.*?)</I><!-- BBCode End -->#s", "[i]\\1[/i]", $message);
+		
+		// Undo [url] (long form)
+		$message = preg_replace("#<!-- BBCode u2 Start --><A HREF=\"([a-z]+?://)(.*?)\" TARGET=\"_blank\">(.*?)</A><!-- BBCode u2 End -->#s", "[url=\\1\\2]\\3[/url]", $message);
+		
+		// Undo [url] (short form)
+		$message = preg_replace("#<!-- BBCode u1 Start --><A HREF=\"([a-z]+?://)(.*?)\" TARGET=\"_blank\">(.*?)</A><!-- BBCode u1 End -->#s", "[url]\\3[/url]", $message);
+		
+		// Undo [email]
+		$message = preg_replace("#<!-- BBCode Start --><A HREF=\"mailto:(.*?)\">(.*?)</A><!-- BBCode End -->#s", "[email]\\1[/email]", $message);
+		
+		// Undo [img]
+		$message = preg_replace("#<!-- BBCode Start --><IMG SRC=\"(.*?)\" BORDER=\"0\"><!-- BBCode End -->#s", "[img]\\1[/img]", $message);
+		
+		// Undo lists (unordered/ordered)
+	
+		// <li> tags:
+		$message = str_replace("<!-- BBCode --><LI>", "[*]", $message);
+		
+		// [list] tags:
+		$message = str_replace("<!-- BBCode ulist Start --><UL>", "[list]", $message);
+		
+		// [list=x] tags:
+		$message = preg_replace("#<!-- BBCode olist Start --><OL TYPE=([A1])>#si", "[list=\\1]", $message);
+		
+		// [/list] tags:
+		$message = str_replace("</UL><!-- BBCode ulist End -->", "[/list]", $message);
+		$message = str_replace("</OL><!-- BBCode olist End -->", "[/list]", $message);
+
+		return($message);
+}
+
+
+/**
+ * Nathan Codding - Feb 6, 2001
+ * Reverses the effects of make_clickable(), for use in editpost.
+ * - Does not distinguish between "www.xxxx.yyyy" and "http://aaaa.bbbb" type URLs.
+ *
+ */
+ 
+function undo_make_clickable($text) {
+	
+	$text = preg_replace("#<!-- BBCode auto-link start --><a href=\"(.*?)\" target=\"_blank\">.*?</a><!-- BBCode auto-link end -->#i", "\\1", $text);
+	$text = preg_replace("#<!-- BBcode auto-mailto start --><a href=\"mailto:(.*?)\">.*?</a><!-- BBCode auto-mailto end -->#i", "\\1", $text);
+	
+	return $text;
+	
+}
+
+
+
+ 
+?>

phpBB/develop/benchmark.php

@@ -0,0 +1,443 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+define('IN_PHPBB', true);
+$phpbb_root_path = "../";
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'common.'.$phpEx);
+include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
+include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
+
+srand ((double) microtime() * 1000000);
+set_time_limit(240*60);
+
+// Here's the text we stick in posts..
+$bigass_text = ' 
+phpBB BBCode test suite v0.0.2
+auto-linkification:
+http://something.com
+www.something.com
+nate@phpbb.com
+http://something.com/foo.php?this=that&theother=some%20encoded%20string is a link.
+[code]
+Simple code block with some <html> <tags>.
+[/code]
+[b]bolded[/b], [i]italic[/i]
+[email]james@totalgeek.org[/email]
+[url=http://www.totalgeek.org]totalgeek.org[/url]
+[url]www.totalgeek.org[/url] 
+[list] 
+[*] This is the first bulleted item.
+[*] This is the second bulleted item.
+[/list] 
+[list=A] 
+[*] This is the first bulleted item.
+[*] This is the second bulleted item.
+[/list] 
+[quote]
+And a quote!
+[/quote]
+';
+
+$users = intval($HTTP_GET_VARS['users']);
+$posts = intval($HTTP_GET_VARS['posts']);
+$size = intval($HTTP_GET_VARS['size']);
+
+// The script expects the ID's in the tables to sequential (1,2,3,4,5), 
+// so no holes please (1,4,5,8)...
+$nr_of_users  = nrof(USERS_TABLE);
+$nr_of_cats   = nrof(CATEGORIES_TABLE);
+$nr_of_forums = nrof(FORUMS_TABLE);
+$nr_of_posts  = nrof(POSTS_TABLE);
+
+$u = $users;
+
+$starttime = microtime();
+
+$usercreationcount = 0;
+while($users > 0)
+{
+
+	$name = "testuser_" . substr(md5(uniqid(rand())), 0, 10);
+	if (make_user($name))
+	{
+		$usercreationcount++;
+		$users--;
+	}
+	if (($usercreationcount % 500) == 0)
+	{
+		echo "status: $usercreationcount <br>\n";
+		flush();
+	}
+	
+}
+
+if ($posts > 0)
+{
+	filldb($posts);
+}
+
+$endtime = microtime();
+
+$submit = (isset($HTTP_GET_VARS['submit'])) ? true : false;
+
+if (!$submit)
+{
+    ?>
+Hello, welcome to this little phpBB Benchmarking script :)<p>
+
+At the moment there are:<br>
+
+<table>
+<tr><td align="right"><?php echo $nr_of_users?></td><td>Users</td></tr>
+<tr><td align="right"><?php echo $nr_of_forums?></td><td>Forums</td></tr>
+<tr><td align="right"><?php echo $nr_of_posts?></td><td>Posts</td></tr>
+</table>
+<p>
+What do you want to create?<p>
+
+<form method="get" action="<?php echo $PHP_SELF?>">
+<input type="text" name="users" size="3"> Users<br>
+<input type="text" name="posts" size="3"> Posts/topics (optional: post size in <input type="text" name="size" size="3"> bytes)<br>
+<input type="submit" name="submit">
+</form>
+
+    <?php
+} 
+else 
+{
+
+	list ($starttime_msec,$starttime_sec) = explode(" ",$starttime);
+	list ($endtime_msec,$endtime_sec) = explode(" ",$endtime);
+	$timetaken_sec = ($endtime_sec+$endtime_msec) - ($starttime_sec+$starttime_msec);
+	print "<B>TIME TAKEN : ".$timetaken_sec."s</B><BR>\n"; 
+
+	print "<p>\n<a href=\"$PHP_SELF\">Back to the overview page</a>\n";
+}
+
+
+function filldb($newposts)
+{
+	global $nr_of_forums;
+	global $nr_of_users;
+  
+	$forum_topic_counts = array();
+  
+	for ($i = 1; $i <= $nr_of_forums; $i++)
+	{
+  		$forum_topic_counts[$i] = get_topic_count($i);
+	}
+  
+	for($i = 0; $i < $newposts; $i++)
+	{
+		$userid   = rand(2, $nr_of_users - 1);
+		$forum    = rand(1,$nr_of_forums);
+		
+		if ((rand(0,30) < 1) || ($forum_topic_count[$forum] == 0))
+		{
+			// create a new topic 1 in 30 times (or when there are none);
+			$topic = make_topic($userid, "Testing topic $i", $forum);
+			$forum_topic_count[$forum]++;
+		} 
+		else 
+		{
+			// Otherwise create a reply(posting) somewhere.
+			$topic = get_smallest_topic($forum);
+			create_posting($userid, $topic, $forum, "reply");
+		}
+		
+		if (($i % 1000) == 0)
+		{
+			echo "status: $i <br>";
+			flush();
+		}
+	 
+	}
+}
+
+
+function get_smallest_topic($forum_id)
+{
+	global $db;
+	
+	$sql = "SELECT topic_id
+		FROM " . TOPICS_TABLE . "
+		WHERE (forum_id = $forum_id)
+		ORDER BY topic_replies ASC LIMIT 1";
+	if($result = $db->sql_query($sql))
+	{
+		$row = $db->sql_fetchrow($result);
+		$topic_id = $row['topic_id'];
+
+		unset($result);
+		unset($row);
+		return $topic_id;
+	}
+	else
+	{
+		message_die(GENERAL_ERROR, "Couldn't get smallest topic.", "", __LINE__, __FILE__, $sql);
+	}
+	
+}
+
+
+function get_topic_count($forum_id)
+{
+	global $db;
+	
+	$sql = "SELECT forum_topics
+		FROM " . FORUMS_TABLE . "
+		WHERE (forum_id = $forum_id)";
+	if($result = $db->sql_query($sql))
+	{
+		$row = $db->sql_fetchrow($result);
+		$topic_count = $row['forum_topics'];
+
+		unset($result);
+		unset($row);
+		return $topic_count;
+	}
+	else
+	{
+		message_die(GENERAL_ERROR, "Couldn't get topic count.", "", __LINE__, __FILE__, $sql);
+	}
+	
+}
+
+
+function make_topic($user_id, $subject, $forum_id)
+{
+	global $db;
+	$topic_type = POST_NORMAL;
+	$topic_vote = 0;
+	$current_time = time();
+	
+	$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) 
+		VALUES ('$subject', $user_id, $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)";
+
+	if( $result = $db->sql_query($sql) )
+	{
+		$new_topic_id = $db->sql_nextid();
+	}
+	else
+	{
+		message_die(GENERAL_ERROR, "Error inserting data into topics table", "", __LINE__, __FILE__, $sql);
+	}
+	
+	create_posting($user_id, $new_topic_id, $forum_id);
+	
+	return $new_topic_id;
+}
+
+
+
+function create_posting($userid, $topic_id, $forum, $mode = 'newtopic')
+{
+	$message = generatepost();
+
+	return make_post($topic_id, $forum, $userid, "", $message, $mode);
+}
+
+function make_post($new_topic_id, $forum_id, $user_id, $post_username, $text, $mode = 'newtopic')
+{
+	global $db;
+	$current_time = time();
+	$user_ip = "ac100202";
+	$bbcode_on = 1;
+	$html_on = 1;
+	$smilies_on = 1;
+	$attach_sig = 1;
+	$bbcode_uid = make_bbcode_uid();
+	
+	$post_subject = 'random subject';
+	
+	$post_message = prepare_message($text, $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
+	
+	$sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) 
+		VALUES ($new_topic_id, $forum_id, $user_id, '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)";
+	$result = $db->sql_query($sql);
+	
+	if($result)
+	{
+		$new_post_id = $db->sql_nextid();
+	
+		$sql = "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) 
+			VALUES ($new_post_id, '$post_subject', '$bbcode_uid', '$post_message')";
+	
+		if($db->sql_query($sql))
+		{
+			$post_data = array();
+			$post_data['first_post'] = false;
+			$post_data['last_post'] = true;
+
+			$sql = "SELECT SUM(post_id) as total FROM " . POSTS_TABLE . " WHERE topic_id = " . $new_topic_id;
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$total = intval($row['total']);
+
+			if ($total == 1)
+			{
+				$post_data['first_post'] = true;
+			}
+			
+			$sql = "SELECT forum_last_post_id
+				FROM " . FORUMS_TABLE . "
+				WHERE forum_id = $forum_id";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$post_data['last_topic'] = ( $row['forum_last_post_id'] == $new_post_id ) ? true : false;
+
+			update_post_stats($mode, $post_data, $forum_id, $new_topic_id, $new_post_id, $user_id);
+		}
+		else
+		{
+			// Rollback
+			if(SQL_LAYER == "mysql")
+			{
+				$sql = "DELETE FROM " . POSTS_TABLE . "
+					WHERE post_id = $new_post_id";
+				$db->sql_query($sql);
+			}
+			message_die(GENERAL_ERROR, "Error inserting data into posts text table", "", __LINE__, __FILE__, $sql);
+		}
+	}
+	else
+	{
+		message_die(GENERAL_ERROR, "Error inserting data into posts table", "", __LINE__, __FILE__, $sql);
+	}	
+}
+
+
+function generatepost($size = 850)
+{
+   global $bigass_text;
+   // Returns a string with a length between $size and $size*0.2
+   $size = rand(0.2*$size, $size);
+   
+   $textsize = strlen($bigass_text);
+   $currentsize = 0;
+   // Add whole $text multiple times
+   while($currentsize < $size && $size-$currentsize <= $textsize)
+   {
+      $message .= $bigass_text;
+      $currentsize += $textsize;
+   }
+   // Add the remainder number of chars and return it.
+   $message .= substr($bigass_text, 0, $size-$currentsize);
+
+   return (addslashes($message));
+}
+   
+      
+function nrof($table)
+{
+	global $db;
+	$sql = "SELECT count(*) AS counted FROM $table";
+	$result = $db->sql_query($sql);
+	$topics = $db->sql_fetchrow($result);
+	return $topics[counted];
+}
+
+
+function make_user($username)
+{
+	global $db, $board_config;
+
+	$password = md5("benchpass");
+	$email = "nobody@localhost";
+	$icq = "12345678";
+	$website = "http://www.phpbb.com";
+	$occupation = "phpBB tester";
+	$location = "phpBB world hq";
+	$interests = "Eating, sleeping, living, and breathing phpBB";
+	$signature = "$username: phpBB tester.";
+	$signature_bbcode_uid = "";
+	$avatar_filename = "";
+	$viewemail = 0;
+	$aim = 0;
+	$yim = 0;
+	$msn = 0;
+	$attachsig = 1;
+	$allowsmilies = 1;
+	$allowhtml = 1;
+	$allowbbcode = 1;
+	$allowviewonline = 1;
+	$notifyreply = 0;
+	$notifypm = 0;
+	$user_timezone = $board_config['board_timezone'];
+	$user_dateformat = $board_config['default_dateformat'];
+	$user_lang = $board_config['default_lang'];
+	$user_style = $board_config['default_style'];
+
+
+	$sql = "SELECT MAX(user_id) AS total
+		FROM " . USERS_TABLE;
+	if($result = $db->sql_query($sql))
+	{
+		$row = $db->sql_fetchrow($result);
+		$new_user_id = $row['total'] + 1;
+
+		unset($result);
+		unset($row);
+	}
+	else
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtained next user_id information.", "", __LINE__, __FILE__, $sql);
+	}
+
+	$sql = "INSERT INTO " . USERS_TABLE . "	(user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)
+		VALUES ($new_user_id, '$username', " . time() . ", '$password', '$email', '$icq', '$website', '$occupation', '$location', '$interests', '$signature', '$signature_bbcode_uid', '$avatar_filename', $viewemail, '$aim', '$yim', '$msn', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $user_timezone, '$user_dateformat', '$user_lang', $user_style, 0, 1, ";
+
+	
+	$sql .= "1, '')";
+	
+	if($result = $db->sql_query($sql, BEGIN_TRANSACTION))
+	{
+		$sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
+			VALUES ('', 'Personal User', 1, 0)";
+		if($result = $db->sql_query($sql))
+		{
+			$group_id = $db->sql_nextid();
+			
+			$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
+				VALUES ($new_user_id, $group_id, 0)";
+			if($result = $db->sql_query($sql, END_TRANSACTION))
+			{
+				
+				// SUCCESS.
+				return true;
+			}
+			else
+			{
+				message_die(GENERAL_ERROR, "Couldn't insert data into user_group table", "", __LINE__, __FILE__, $sql);
+			}
+		}
+		else
+		{
+			message_die(GENERAL_ERROR, "Couldn't insert data into groups table", "", __LINE__, __FILE__, $sql);
+		}
+	}
+	else
+	{
+		message_die(GENERAL_ERROR, "Couldn't insert data into users table", "", __LINE__, __FILE__, $sql);
+	}
+
+}
+
+
+
+ 
+  
+?>

phpBB/develop/convert_avatars.php

@@ -0,0 +1,65 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+
+$phpbb_root_path = "../";
+
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'config.'.$phpEx);
+include($phpbb_root_path . 'includes/constants.'.$phpEx);
+include($phpbb_root_path . 'includes/db.'.$phpEx);
+
+
+$sql = "ALTER TABLE " . USERS_TABLE . " 
+	ADD user_avatar_type TINYINT(4) DEFAULT '0' NOT NULL";
+if( !$result = $db->sql_query($sql) )
+{
+	die("Couldn't alter users table");
+}
+
+$sql = "SELECT user_id, user_avatar 
+	FROM " . USERS_TABLE;
+if( $result = $db->sql_query($sql) )
+{
+	$rowset = $db->sql_fetchrowset($result);
+
+	for($i = 0; $i < count($rowset); $i++)
+	{
+		if( ereg("^http", $rowset[$i]['user_avatar']))
+		{
+			$sql_type = USER_AVATAR_REMOTE;
+		}
+		else if( $rowset[$i]['user_avatar'] != "" )
+		{
+			$sql_type = USER_AVATAR_UPLOAD;
+		}
+		else
+		{
+			$sql_type = USER_AVATAR_NONE;
+		}
+
+		$sql = "UPDATE " . USERS_TABLE . " 
+			SET user_avatar_type = $sql_type 
+			WHERE user_id = " . $rowset[$i]['user_id'];
+		if( !$result = $db->sql_query($sql) )
+		{
+			die("Couldn't update users table- " . $i);
+		}
+	}
+}
+
+echo "<BR><BR>COMPLETE<BR>";
+
+?>

phpBB/develop/convert_bbcodeuid.php

@@ -0,0 +1,96 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+
+$phpbb_root_path = "../";
+
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'config.'.$phpEx);
+include($phpbb_root_path . 'includes/constants.'.$phpEx);
+include($phpbb_root_path . 'includes/db.'.$phpEx);
+
+function query($sql, $errormsg)
+{
+	global $db;
+	if(!$result = $db->sql_query($sql))
+	{
+		print "<br><font color=\"red\">\n";
+		print "$errormsg<br>";
+		$sql_error = $db->sql_error();
+		print $sql_error['code'] .": ". $sql_error['message']. "<br>\n";
+		print "<pre>$sql</pre>";
+		print "</font>\n";
+		return FALSE;
+	}
+	else
+	{
+		return $result;
+	}
+}
+
+if($HTTP_GET_VARS['delete'] == 'true')
+{
+	$sql = "ALTER TABLE ".POSTS_TABLE."
+		DROP bbcode_uid";
+	query($sql, "Didn't manage to drop the bbcode_uid table in ".POSTS_TABLE);
+	print "All done now. Deleted the bbcode_uid column from the posts table.<p>";
+	exit;
+}
+
+
+$sql = "ALTER TABLE ".POSTS_TEXT_TABLE." 
+	ADD bbcode_uid char(10) NOT NULL";
+print "Adding bbcode_uid field to ".POSTS_TEXT_TABLE.".<br>\n";
+$result = query($sql, "Couldn't get add bbcode_uid field to ".POSTS_TEXT_TABLE.".");
+
+$sql = "
+	SELECT 
+		count(*) as total,
+		max(post_id) as maxid 
+	FROM ". POSTS_TABLE;
+$result = query($sql, "Couldn't get max post_id.");
+$maxid = $db->sql_fetchrow($result);
+$totalposts = $maxid['total'];
+$maxid = $maxid['maxid'];
+
+$batchsize = 200;
+print "Going to convert BBcode in posts with $batchsize messages at a time and $totalposts in total.<br>\n";
+for($i = 0; $i <= $maxid; $i += $batchsize)
+{
+	$batchstart = $i + 1;
+	$batchend = $i + $batchsize;
+	
+	print "Moving BBcode UID in post number $batchstart to $batchend<br>\n";
+	flush();
+	$sql = "
+		SELECT 
+			post_id,
+			bbcode_uid
+		FROM "
+			.POSTS_TABLE."
+		WHERE
+			post_id BETWEEN $batchstart AND $batchend";
+	$result = query($sql, "Couldn't get ". POSTS_TABLE .".post_id $batchstart to $batchend");
+	while($row = mysql_fetch_array($result))
+	{
+		query("UPDATE ".POSTS_TEXT_TABLE." set bbcode_uid = '". $row['bbcode_uid']. "' WHERE post_id = ".$row['post_id'], "Was unable to update the posts text table with the BBcode_uid");
+	}
+}
+
+echo "Click <a href=\"$PHP_SELF?delete=true\">HERE</a> to remove the bbcode_uid table from the POSTS table (if you didn't get any serious error messages).<p>";
+
+$db->sql_close();
+
+?>

phpBB/develop/convert_conf.php

@@ -0,0 +1,110 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+
+$phpbb_root_path = "../";
+
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'config.'.$phpEx);
+include($phpbb_root_path . 'includes/constants.'.$phpEx);
+include($phpbb_root_path . 'includes/db.'.$phpEx);
+
+$sql = "SELECT *
+	FROM " . CONFIG_TABLE;
+if(!$result = $db->sql_query($sql))
+{
+	message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
+}
+else
+{
+	$board_config = $db->sql_fetchrow($result);
+}
+
+$newconfigtable = $table_prefix . "newconfig";
+
+$sql = "SELECT config_name, config_value FROM ". CONFIG_TABLE;
+if( $result = $db->sql_query($sql) )
+{
+	die("Don't run this script twice!<br>\n");
+}
+
+$sql = "	CREATE TABLE $newconfigtable (
+				config_name varchar(255) NOT NULL,
+				config_value varchar(255) NOT NULL,
+			   PRIMARY KEY (config_name)
+			)";
+print "Creating temporary table: $newconfigtable<p>\n";
+if( !$result = $db->sql_query($sql) )
+{
+	print("Couldn't create new config table<br>\n");
+}
+
+$error = 0;
+while (list($name, $value) = each($board_config))
+{
+	if(is_int($name))
+	{
+		// Skip numeric array elements (we only want the associative array)
+		continue;
+	}
+
+	// Rename sys_template
+	if ($name == 'sys_template')
+	{
+		$name = 'board_template';
+	}
+	// Rename system_timezone
+	if ($name == 'system_timezone')
+	{
+		$name = 'board_timezone';
+	}
+	print "$name = $value<br>\n";
+	$value = addslashes($value);
+	$sql = "INSERT INTO $newconfigtable (config_name, config_value) VALUES ('$name', '$value')";
+	if( !$result = $db->sql_query($sql) )
+	{
+		print("Couldn't insert '$name' into new config table");
+		$error = 1;
+	}
+}
+
+if ($error != 1)
+{
+	print "Dropping old table<p>\n";
+	$sql = "DROP TABLE ". CONFIG_TABLE;
+	if( !$result = $db->sql_query($sql) )
+	{
+		die("Couldn't drop old table");
+	}
+	print "Renaming $newconfigtable to ".CONFIG_TABLE."<p>\n";
+	$sql = "ALTER TABLE $newconfigtable RENAME ".CONFIG_TABLE;
+	if( !$result = $db->sql_query($sql) )
+	{
+		die("Couldn't rename new config table");
+	}
+	print "Renaming ".SESSIONS_TABLE." to ".$table_prefix."sessions<br>\n";
+	$sql = "ALTER TABLE ".SESSIONS_TABLE." RENAME ".$table_prefix."sessions";
+	if( !$result = $db->sql_query($sql) )
+	{
+		die("Couldn't rename session table");
+	}
+	
+}
+
+$db->sql_close();
+
+	echo "<BR><BR>COMPLETE<BR>";
+
+?>

phpBB/develop/convert_privmsgs.php

@@ -0,0 +1,181 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+
+$phpbb_root_path = "../";
+
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'config.'.$phpEx);
+include($phpbb_root_path . 'includes/constants.'.$phpEx);
+include($phpbb_root_path . 'includes/db.'.$phpEx);
+
+//
+// Alter table ...
+//
+echo "Alter tables  ... ";
+
+echo $sql = "ALTER TABLE " . PRIVMSGS_TABLE . " 
+	ADD privmsgs_enable_bbcode TINYINT(1) DEFAULT '1' NOT NULL, 
+	ADD privmsgs_enable_html TINYINT(1) DEFAULT '0' NOT NULL, 
+	ADD privmsgs_enable_smilies TINYINT(1) DEFAULT '1' NOT NULL, 
+	ADD privmsgs_attach_sig TINYINT(1) DEFAULT '1' NOT NULL";
+if( !$result = $db->sql_query($sql) )
+{
+	die("Couldn't alter privmsgs table");
+}
+echo $sql = "ALTER TABLE " . PRIVMSGS_TEXT_TABLE . " 
+	ADD privmsgs_bbcode_uid CHAR(10) AFTER privmsgs_text_id";
+if( !$result = $db->sql_query($sql) )
+{
+	die("Couldn't alter privmsgs text table");
+}
+echo "COMPLETE<BR>";
+
+//
+// Move bbcode ...
+//
+echo "Move bbcode uid's ... ";
+
+$sql = "SELECT privmsgs_id, privmsgs_bbcode_uid 
+	FROM " . PRIVMSGS_TABLE;
+if( $result = $db->sql_query($sql) )
+{
+	$rowset = $db->sql_fetchrowset($result);
+
+	for($i = 0; $i < count($rowset); $i++)
+	{
+		$sql = "UPDATE " . PRIVMSGS_TEXT_TABLE . " 
+			SET privmsgs_bbcode_uid = '" . $rowset[$i]['privmsgs_bbcode_uid'] . "' 
+			WHERE privmsgs_text_id = " . $rowset[$i]['privmsgs_id'];
+		if( !$result = $db->sql_query($sql) )
+		{
+			die("Couldn't update privmsgs text bbcode - " . $i);
+		}
+	}
+
+	$sql = "ALTER TABLE " . PRIVMSGS_TABLE . " 
+		DROP privmsgs_bbcode_uid";
+	if( !$result = $db->sql_query($sql) )
+	{
+		die("Couldn't alter privmsgs table - drop privmsgs_bbcode_uid");
+	}
+}
+
+echo "COMPLETE<BR>";
+
+//
+// Stripslashes from titles
+//
+echo "Strip subject slashes ... ";
+
+$sql = "SELECT privmsgs_subject , privmsgs_id, privmsgs_to_userid, privmsgs_from_userid   
+	FROM " . PRIVMSGS_TABLE;
+if( $result = $db->sql_query($sql) )
+{
+	$rowset = $db->sql_fetchrowset($result);
+
+	for($i = 0; $i < count($rowset); $i++)
+	{
+		$sql = "UPDATE " . PRIVMSGS_TABLE . " 
+			SET privmsgs_subject = '" . addslashes(stripslashes($rowset[$i]['privmsgs_subject'])) . "'  
+			WHERE privmsgs_id = " . $rowset[$i]['privmsgs_id'];
+		if( !$result = $db->sql_query($sql) )
+		{
+			die("Couldn't update subjects - $i");
+		}
+	}
+}
+echo "COMPLETE<BR>";				
+
+//
+// Update sigs
+//
+echo "Remove [addsig], stripslashes and update privmsgs table sig enable ...";
+
+$sql = "SELECT privmsgs_text_id , privmsgs_text 
+	FROM " . PRIVMSGS_TEXT_TABLE;
+if( $result = $db->sql_query($sql) )
+{
+	$rowset = $db->sql_fetchrowset($result);
+
+	$attach_sql = "";
+	$non_attach_sql = "";
+
+	for($i = 0; $i < count($rowset); $i++)
+	{
+		if( ereg("\[addsig]$", $rowset[$i]['privmsgs_text']))
+		{
+			if( $attach_sql != "" )
+			{
+				$attach_sql .= ", ";
+			}
+			$attach_sql .= $rowset[$i]['privmsgs_text_id'];
+
+			$sql = "UPDATE " . PRIVMSGS_TEXT_TABLE . " 
+				SET privmsgs_text = '" . addslashes(preg_replace("/\[addsig\]/is", "", stripslashes($rowset[$i]['privmsgs_text']))) . "'  
+				WHERE privmsgs_text_id = " . $rowset[$i]['privmsgs_text_id'];
+			if( !$result = $db->sql_query($sql) )
+			{
+				die("Couldn't update privmsgs text - " . $i);
+			}
+
+		}
+		else
+		{
+			$sql = "UPDATE " . PRIVMSGS_TEXT_TABLE . " 
+				SET privmsgs_text = '" . addslashes(stripslashes($rowset[$i]['privmsgs_text'])) . "'  
+				WHERE privmsgs_text_id = " . $rowset[$i]['privmsgs_text_id'];
+			if( !$result = $db->sql_query($sql) )
+			{
+				die("Couldn't update privmsgs text - " . $i);
+			}
+
+			if( $non_attach_sql != "" )
+			{
+				$non_attach_sql .= ", ";
+			}
+			$non_attach_sql .= $rowset[$i]['privmsgs_text_id'];
+		}
+	}
+
+	if( $attach_sql != "" )
+	{
+		$sql = "UPDATE " . PRIVMSGS_TABLE . " 
+			SET privmsgs_attach_sig = 1 
+			WHERE privmsgs_id IN ($attach_sql)";
+		if( !$result = $db->sql_query($sql) )
+		{
+			die("Couldn't update privmsgs table attach_sig - ");
+		}
+	}
+
+	if( $non_attach_sql != "" )
+	{
+		$sql = "UPDATE " . PRIVMSGS_TABLE . " 
+			SET privmsgs_attach_sig = 0 
+			WHERE privmsgs_id IN ($non_attach_sql)";
+		if( !$result = $db->sql_query($sql) )
+		{
+			die("Couldn't update privmsgs table non_attach_sig - ");
+		}
+	}
+
+}
+
+echo "COMPLETE<BR>";
+
+$db->sql_close();
+
+?>

phpBB/develop/convert_sigs.php

@@ -0,0 +1,93 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+$phpbb_root_path = "../";
+
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'config.'.$phpEx);
+include($phpbb_root_path . 'includes/constants.'.$phpEx);
+include($phpbb_root_path . 'includes/db.'.$phpEx);
+
+$sql = "SELECT post_id, post_text 
+	FROM " . POSTS_TEXT_TABLE;
+if( $result = $db->sql_query($sql) )
+{
+	$rowset = $db->sql_fetchrowset($result);
+
+	$attach_sql = "";
+	$non_attach_sql = "";
+
+	for($i = 0; $i < count($rowset); $i++)
+	{
+		if( ereg("\[addsig]$", $rowset[$i]['post_text']))
+		{
+			if( $attach_sql != "" )
+			{
+				$attach_sql .= ", ";
+			}
+			$attach_sql .= $rowset[$i]['post_id'];
+
+			$sql = "UPDATE " . POSTS_TEXT_TABLE . " 
+				SET post_text = '" . addslashes(preg_replace("/\[addsig\]/is", "", $rowset[$i]['post_text'])) . "'  
+				WHERE post_id = " . $rowset[$i]['post_id'];
+			if( !$result = $db->sql_query($sql) )
+			{
+				die("Couldn't update post_text - " . $i);
+			}
+
+		}
+		else
+		{
+			if( $non_attach_sql != "" )
+			{
+				$non_attach_sql .= ", ";
+			}
+			$non_attach_sql .= $rowset[$i]['post_id'];
+		}
+	}
+
+	echo "<BR>";
+
+	if( $attach_sql != "" )
+	{
+		echo $sql = "UPDATE " . POSTS_TABLE . " 
+			SET enable_sig = 1 
+			WHERE post_id IN ($attach_sql)";
+		if( !$result = $db->sql_query($sql) )
+		{
+			die("Couldn't update post table attach_sig - ");
+		}
+	}
+
+	echo "<BR>";
+
+	if( $non_attach_sql != "" )
+	{
+		echo $sql = "UPDATE " . POSTS_TABLE . " 
+			SET enable_sig = 0 
+			WHERE post_id IN ($non_attach_sql)";
+		if( !$result = $db->sql_query($sql) )
+		{
+			die("Couldn't update post table non_attach_sig - ");
+		}
+	}
+
+}
+
+$db->sql_close();
+
+	echo "<BR><BR>COMPLETE<BR>";
+
+?>

phpBB/develop/convert_user_regdates.php

@@ -0,0 +1,84 @@
+<html>
+<body>
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+
+chdir("../");
+
+include('extension.inc');
+include('config.'.$phpEx);
+include('includes/constants.'.$phpEx);
+include('includes/db.'.$phpEx);
+
+	$months = array(
+		"Jan" => 1,
+		"Feb" => 2,
+		"Mar" => 3,
+		"Apr" => 4,
+		"May" => 5,
+		"Jun" => 6,
+		"Jul" => 7,
+		"Aug" => 8,
+		"Sep" => 9,
+		"Oct" => 10,
+		"Nov" => 11,
+		"Dec" => 12 
+	);
+
+	$sql = "SELECT user_id, user_regdate FROM ".USERS_TABLE;
+	$result = $db->sql_query($sql);
+	if(!$result)
+	{
+		die("OOpppps, that didn't work!");
+	}
+
+	$all_old_dates = $db->sql_fetchrowset($result);
+
+	$sql = "ALTER TABLE ".USERS_TABLE."
+		CHANGE user_regdate user_regdate INT (11) NOT NULL";
+	$result = $db->sql_query($sql);
+	if(!$result)
+	{
+		die("Opps, that didn't work either ... oh damn!");
+	}
+
+
+	for($i = 0; $i < count($all_old_dates); $i++)
+	{
+		if(is_string($all_old_dates[$i]['user_regdate']))
+		{
+			if(eregi("^([a-zA-Z]{3}) ([0-9]+), ([0-9]{4})", $all_old_dates[$i]['user_regdate'], $result))
+			{
+				echo $all_old_dates[$i]['user_regdate']." : ";
+				echo $new_time = gmmktime(0, 1, 0, $months[$result[1]], $result[2], $result[3]);
+				echo " : ".gmdate("M d, Y", $new_time)."<br>";
+				$sql = "UPDATE phpbb_users 
+					SET user_regdate = '$new_time' 
+					WHERE user_id = '".$all_old_dates[$i]['user_id']."'";
+				$result = $db->sql_query($sql);
+				if(!$result)
+				{
+					die("Oh damn it, now that's really broken it!");
+				}
+			}
+		}
+	}
+		
+	echo "<br>That's All Folks!";
+
+?>
+</body>
+</html>

phpBB/develop/convert_usernames.php

@@ -0,0 +1,67 @@
+<html>
+<body>
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+
+//
+// Convert 2.0.x Usernames to the new 2.0.5 Username format.
+//
+
+chdir("../");
+
+define('IN_PHPBB', true);
+include('extension.inc');
+include('config.'.$phpEx);
+include('includes/constants.'.$phpEx);
+include('includes/db.'.$phpEx);
+
+$sql = "SELECT user_id, username 
+	FROM " . USERS_TABLE;
+$result = $db->sql_query($sql);
+
+if(!$result)
+{
+	die("Unable to get users");
+}
+
+while ($row = $db->sql_fetchrow($result))
+{
+	if (!preg_match('#(&gt;)|(&lt;)|(&quot)|(&amp;)#', $row['username']))
+	{
+		if ($row['username'] != htmlspecialchars($row['username']))
+		{
+			flush();
+			$sql = "UPDATE " . USERS_TABLE . "
+				SET username = '" . str_replace("'", "''", htmlspecialchars($row['username'])) . "'
+				WHERE user_id = " . $row['user_id'];
+			if (!$db->sql_query($sql))
+			{
+				echo "ERROR: Unable to rename user " . htmlspecialchars($row['username']) . " with ID " . $row['user_id'] . "<br>";
+				echo "<pre>" . print_r($db->sql_error()) . "</pre><br />$sql";
+			}
+			else
+			{
+				echo "Renamed User " . htmlspecialchars($row['username']) . " with ID " . $row['user_id'] . "<br>";
+			}
+		}
+	}
+}
+
+echo "<br>That's All Folks!";
+
+?>
+</body>
+</html>

phpBB/develop/encoding_emails.php

@@ -0,0 +1,73 @@
+<?php
+/***************************************************************************
+ *                            revar_lang_files.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+//die("Please read the first lines of this script for instructions on how to enable it");
+
+$dirname = "./../language";
+$dir = opendir($dirname);
+
+while ( $file = readdir($dir) )
+{
+	if ( ereg('^lang_', $file) && !is_file(phpbb_realpath($dirname . '/' . $file)) && !is_link(phpbb_realpath($dirname . '/' . $file)) )
+	{
+		include($dirname . '/' . $file . '/lang_main.php');
+
+		$lang_dir = opendir($dirname . '/' . $file . '/email');
+
+		while ( $email = readdir($lang_dir) )
+		{
+			if ( ereg('\.tpl$', $email) && is_file(phpbb_realpath($dirname . '/' . $file . '/email/' . $email)) )
+			{
+				$fp = fopen($dirname . '/' . $file . '/email/' . $email, 'r+');
+
+				$email_file = "";
+				while ( $line = fread($fp, 100000) )
+				{
+					$email_file .= $line;
+				}
+
+				if ( !preg_match('/^Charset: .*?$/m', $email_file) )
+				{
+					$email_file = preg_replace('/^((Subject: .*?\n)(\n))?/i', "\\2Charset: " . $lang['ENCODING'] . "\n\n", $email_file);
+				}
+		
+				echo '<b>' . $dirname . '/' . $file . '/email/' . $email . "</b><br />\n";
+				echo nl2br($email_file);
+				echo "\n\n<br /><br />\n\n";
+
+				fseek($fp, 0);
+				fwrite($fp, $email_file);
+				fclose($fp);
+			}
+		}
+		echo "\n\n<hr />\n\n";
+	}
+}
+
+?>

phpBB/develop/fix_files.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# 
+# Remove all those annoying ^M characters that Winblows editor's like to add
+# from all files in the current directory and all subdirectories.
+#
+# Written by: Jonathan Haase.
+#
+# UPDATE: 7/31/2001: fix so that it doesn't touch things in the images directory
+#
+
+find . > FILELIST.$$
+grep -sv FILELIST FILELIST.$$ > FILELIST2.$$
+grep -sv $(basename $0) FILELIST2.$$ > FILELIST.$$
+grep -sv "^\.$" FILELIST.$$ > FILELIST2.$$
+grep -sv "images" FILELIST2.$$ > FILELIST
+rm FILELIST2.$$
+rm FILELIST.$$
+
+for i in $(cat FILELIST); do
+	if [ -f $i ]; then  	 
+  		sed -e s/
+//g $i > $i.tmp
+  		mv $i.tmp $i
+	fi	
+done
+rm FILELIST

phpBB/develop/insert_server_info.php

@@ -0,0 +1,64 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+$phpbb_root_path = "../";
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'common.'.$phpEx);
+
+echo "Inserting new config vars<br /><br />\n";
+
+echo "server_name :: ";
+flush();
+$sql = "INSERT INTO " . CONFIG_TABLE . "
+	(config_name, config_value) VALUES ('server_name', 'www.myserver.tld')";
+if( !$db->sql_query($sql) )
+{  
+	print "Failed inserting server_name config ... probably exists already<br />\n";
+}
+else
+{
+	echo "DONE<br />\n";
+}
+
+echo "script_path :: ";
+flush();
+$sql = "INSERT INTO " . CONFIG_TABLE . "
+	(config_name, config_value) VALUES ('script_path', '/phpBB2/')";
+if( !$db->sql_query($sql) )
+{  
+	print "Failed inserting script_path config ... probably exists already<br />\n";
+}
+else
+{
+	echo "DONE<br />\n";
+}
+
+echo "server_port :: ";
+flush();
+$sql = "INSERT INTO " . CONFIG_TABLE . "
+	(config_name, config_value) VALUES ('server_port', '80')";
+if( !$db->sql_query($sql) )
+{  
+	print "Failed inserting server_port config ... probably exists already<br />\n";
+}
+else
+{
+	echo "DONE<br />\n";
+}
+
+$db->sql_close();
+
+echo "<br />COMPLETE<br />\n";
+
+?>

phpBB/develop/most_users_update.php

@@ -0,0 +1,42 @@
+<html>
+<body>
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+	$phpbb_root_path = "../";
+
+	include($phpbb_root_path . 'extension.inc');
+	include($phpbb_root_path . 'common.'.$phpEx);
+
+	echo "\n<br >\n" . $sql = "INSERT INTO " . CONFIG_TABLE . "
+		(config_name, config_value) VALUES ('record_online_users', '1')";
+	if( !$result = $db->sql_query($sql) )
+	{
+
+		message_die(GENERAL_ERROR, "Couldn't insert config key 'record_online_users'", "", __LINE__, __FILE__, $sql);
+	}
+
+	echo "\n<br >\n" . $sql = "INSERT INTO " . CONFIG_TABLE . "
+		(config_name, config_value) VALUES ('record_online_date', '".time()."')";
+	if( !$result = $db->sql_query($sql) )
+	{  
+		message_die(GENERAL_ERROR, "Couldn't insert config key 'record_online_date'", "", __LINE__, __FILE__, $sql);
+	}
+
+	echo "\n<br />\nCOMPLETE";
+
+?>
+</body>
+</html>

phpBB/develop/nuke-db.php

@@ -0,0 +1,58 @@
+<?php
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+//
+// Do not change anything below this line.
+//
+
+
+// Just a handy script to completely wipe out the contents of a 
+// database.. Use with caution :)
+
+
+if(!isset($submit))
+{
+	?>
+	<FORM ACTION="<?php echo $PHP_SELF?>" METHOD="post" >
+	<table>
+	<tr>
+		<td>DB host:</td>
+		<td><INPUT TYPE="text" name="dbhost" value="localhost"></td>
+	</tr><tr>
+		<td>DB name:</td>
+		<td><INPUT TYPE="text" name="dbname" value="phpBB"></td>
+	</tr><tr>
+		<td>DB username:</td>
+		<td><INPUT TYPE="text" name="dbuser" value="root"></td>
+	</tr><tr>
+		<td>DB password:</td>
+		<td><INPUT TYPE="password" name="dbpass"></td>
+	</tr></table>
+	<INPUT TYPE="submit" name="submit" value="Submit">
+	</FORM>
+	<?php
+}
+else
+{
+	mysql_connect($dbhost, $dbuser, $dbpass) || die(mysql_error());
+	mysql_select_db($dbname);
+
+	$result = mysql_query("SHOW TABLES");
+	while($row = mysql_fetch_row($result)){
+		$table = $row[0];
+		print "Going to drop $table...";
+		mysql_query("DROP TABLE $table") || die();
+		print "Done.<br>\n";
+		flush();
+	}
+}
+?>
+

phpBB/develop/revar_lang_files.php

@@ -0,0 +1,82 @@
+<?php
+/***************************************************************************
+ *                            revar_lang_files.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+die("Please read the first lines of this script for instructions on how to enable it");
+
+$vars = array('lang_main' => 'lang', 'lang_admin' => 'lang', 'lang_faq' => 'faq', 'lang_bbcode' => 'faq');
+
+$dirname = "./../language";
+$dir = opendir($dirname);
+
+while ( $file = readdir($dir) )
+{
+	if ( ereg("^lang_", $file) && !is_file(realpath($dirname . "/" . $file)) && !is_link(realpath($dirname . "/" . $file)) )
+	{
+		foreach($vars as $lang_file => $lang_var)
+		{
+			$$lang_var = array();
+
+			include($dirname . "/" . $file . "/" . $lang_file . '.php');
+
+			$store = "";
+			while( list($key, $value) = each($$lang_var) )
+			{
+				if ( !is_array($value) )
+				{
+					$key = ( is_string($key) ) ? "'$key'" : $key;
+					$store .=  ( ( $store != "" ) ? ", \n\t" : "" ) . "$key => '" . addslashes($value) . "'";
+				}
+				else
+				{
+					$key = ( is_string($key) ) ? "'$key'" : $key;
+					$store .= ( ( $store != "" ) ? ", \n\t" : "" ) . "$key => array(\n\t\t";
+
+					$store2 = "";
+					while( list($key2, $value2) = each($value) )
+					{
+						$key2 = ( is_string($key) ) ? "'$key2'" : $key2;
+						$store2 .= ( ( $store2 != "" ) ? ", \n\t\t" : "" ) . "$key2 => '" . addslashes($value2) . "'";
+					}
+					$store .= $store2 . "\n\t)";
+				}
+			}
+
+			$store = "<?php\n\$$lang_var = array(\n\t$store\n);\n?".">";
+
+			$fp = fopen($dirname . "/" . $file . "/" . $lang_file . '.php', 'w');
+
+			fwrite($fp, $store);
+
+			fclose($fp);
+
+		}
+	}
+}
+
+?>

phpBB/develop/search_fill.php

@@ -0,0 +1,193 @@
+<?php 
+
+//
+// Security message:
+//
+// This script is potentially dangerous.
+// Remove or comment the next line (die(".... ) to enable this script.
+// Do NOT FORGET to either remove this script or disable it after you have used it.
+//
+
+//
+// Do not change anything below this line.
+//
+set_time_limit(0);
+
+$phpbb_root_path = "../";
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'common.'.$phpEx);
+include($phpbb_root_path . 'includes/search.'.$phpEx);
+
+$common_percent = 0.4; // Percentage of posts in which a word has to appear to be marked as common
+
+print "<html>\n<body>\n";
+
+//
+// Try and load stopword and synonym files
+//
+// This needs fixing! Shouldn't be hardcoded to English files!
+$stopword_array = file($phpbb_root_path . "language/lang_english/search_stopwords.txt"); 
+$synonym_array = file($phpbb_root_path . "language/lang_english/search_synonyms.txt"); 
+
+//
+// Fetch a batch of posts_text entries
+//
+$sql = "SELECT COUNT(*) as total, MAX(post_id) as max_post_id 
+	FROM ". POSTS_TEXT_TABLE;
+if ( !($result = $db->sql_query($sql)) ) 
+{
+	$error = $db->sql_error();
+	die("Couldn't get maximum post ID :: " . $sql . " :: " . $error['message']);
+}
+
+$max_post_id = $db->sql_fetchrow($result);
+
+$totalposts = $max_post_id['total'];
+$max_post_id = $max_post_id['max_post_id'];
+
+$postcounter = (!isset($HTTP_GET_VARS['batchstart'])) ? 0 : $HTTP_GET_VARS['batchstart'];
+
+$batchsize = 200; // Process this many posts per loop
+$batchcount = 0;
+for(;$postcounter <= $max_post_id; $postcounter += $batchsize)
+{
+	$batchstart = $postcounter + 1;
+	$batchend = $postcounter + $batchsize;
+	$batchcount++;
+	
+	$sql = "SELECT * 
+		FROM " . POSTS_TEXT_TABLE . " 
+		WHERE post_id 
+			BETWEEN $batchstart 
+				AND $batchend";
+	if( !($result = $db->sql_query($sql)) )
+	{
+		$error = $db->sql_error();
+		die("Couldn't get post_text :: " . $sql . " :: " . $error['message']);
+	}
+
+	$rowset = $db->sql_fetchrowset($result);
+	$db->sql_freeresult($result);
+
+	$post_rows = count($rowset);
+	
+	if( $post_rows )
+	{
+
+	//	$sql = "LOCK TABLES ".POST_TEXT_TABLE." WRITE";
+	//	$result = $db->sql_query($sql); 
+		print "\n<p>\n<a href='$PHP_SELF?batchstart=$batchstart'>Restart from posting $batchstart</a><br>\n";
+
+		// For every post in the batch:
+		for($post_nr = 0; $post_nr < $post_rows; $post_nr++ )
+		{ 
+			print ".";
+			flush();
+
+			$post_id = $rowset[$post_nr]['post_id']; 
+
+			$matches = array();
+			$matches['text'] = split_words(clean_words("post", $rowset[$post_nr]['post_text'], $stopword_array, $synonym_array));
+			$matches['title'] = split_words(clean_words("post", $rowset[$post_nr]['post_subject'], $stopword_array, $synonym_array));
+
+			while( list($match_type, $match_ary) = @each($matches) )
+			{
+				$title_match = ( $match_type == 'title' ) ? 1 : 0;
+
+				$num_matches = count($match_ary);
+
+				if ( $num_matches < 1 )
+				{
+					// Skip this post if no words where found
+					continue;
+				}
+
+				// For all words in the posting
+				$sql_in = "";
+
+				$sql_insert = '';
+				$sql_select = '';
+
+				$word = array();
+				$word_count = array();
+
+				for($j = 0; $j < $num_matches; $j++)
+				{
+					$this_word = strtolower(trim($match_ary[$j]));
+					if ( $this_word != '' )
+					{
+						$word_count[$this_word] = ( isset($word_count[$this_word]) ) ? $word_count[$this_word] + 1 : 0;
+						$comma = ($sql_insert != '')? ', ': '';
+					
+						$sql_insert .= "$comma('" . $this_word . "')";
+						$sql_select .= "$comma'" . $this_word . "'";
+					}
+				}
+
+				if ( $sql_insert == '' )
+				{
+					die("no words found");
+				}
+					
+				$sql = 'INSERT IGNORE INTO ' . SEARCH_WORD_TABLE . "
+					(word_text)
+					VALUES $sql_insert";
+				if ( !$result = $db->sql_query($sql) )
+				{
+					$error = $db->sql_error();
+					die("Couldn't INSERT words :: " . $sql . " :: " . $error['message']);
+				}
+
+				// Get the word_id's out of the DB (to see if they are already there)
+				$sql = "SELECT word_id, word_text
+					FROM " . SEARCH_WORD_TABLE . " 
+					WHERE word_text IN ($sql_select)
+					GROUP BY word_text";
+				$result = $db->sql_query($sql);
+				if ( !$result )
+				{
+					$error = $db->sql_error();
+					die("Couldn't select words :: " . $sql . " :: " . $error['message']);
+				}
+
+				$sql_insert = array();
+				while( $row = $db->sql_fetchrow($result) )
+				{
+					$sql_insert[] = "($post_id, " . $row['word_id'] . ", $title_match)";
+				}
+
+				$db->sql_freeresult($result);
+
+				$sql = "INSERT INTO " . SEARCH_MATCH_TABLE . "
+					(post_id, word_id, title_match)
+					VALUES " . implode(", ", $sql_insert);
+				$result = $db->sql_query($sql); 
+				if ( !$result )
+				{
+					$error = $db->sql_error();
+					die("Couldn't insert new word match :: " . $sql . " :: " . $error['message']);
+				}
+
+			} // All posts
+		}
+
+	//	$sql = "UNLOCK TABLES";
+	//	$result = $db->sql_query($sql); 
+
+	}
+
+	// Remove common words after the first 2 batches and after every 4th batch after that.
+	if( $batchcount % 4 == 3 )
+	{
+		print "<br>Removing common words (words that appear in more than $common_percent of the posts)<br>\n";
+		flush();
+		print "Removed ". remove_common("global", $common_percent) ." words that where too common.<br>";
+	}
+}
+
+echo "<br>Done";
+
+?>
+
+</body>
+</html>

phpBB/docs/AUTHORS

@@ -0,0 +1 @@
+Please see: http://www.phpbb.com/about.php for a list of all the people involved in phpBB.

phpBB/docs/CHANGELOG.html

@@ -0,0 +1,668 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html">
+<meta http-equiv="Content-Style-Type" content="text/css">
+<title>phpBB 2.0.15 :: Changelog</title>
+<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
+<style type="text/css">
+<!--
+p,ul,td {font-size:10pt;}
+.h2 {font-size:15pt;font-weight:bold;color:red}
+.h3 {font-size:12pt;color:blue}
+//-->
+</style>
+</head>
+<body bgcolor="#E5E5E5" text="#000000" link="#006699" vlink="#006699">
+
+<table width="100%" border="0" cellspacing="0" cellpadding="10" align="center">
+	<tr>
+		<td class="bodyline"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+	<tr>
+		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.15 CHANGELOG</span></td>
+	</tr>
+</table>
+
+<!-- BEGIN DOCUMENT -->
+<ol>
+<li><a href="#changelog">Changelog</a></li>
+<ol type="i">
+	<li><a href="#2014">Changes since 2.0.14</a></li>
+	<li><a href="#2013">Changes since 2.0.13</a></li>
+	<li><a href="#2012">Changes since 2.0.12</a></li>
+	<li><a href="#2011">Changes since 2.0.11</a></li>
+	<li><a href="#2010">Changes since 2.0.10</a></li>
+	<li><a href="#209">Changes since 2.0.9</a></li>
+	<li><a href="#208">Changes since 2.0.8</a></li>
+	<li><a href="#207">Changes since 2.0.7</a></li>
+	<li><a href="#206">Changes since 2.0.6</a></li>
+	<li><a href="#205">Changes since 2.0.5</a></li>
+	<li><a href="#204">Changes since 2.0.4</a></li>
+	<li><a href="#203">Changes since 2.0.3</a></li>
+	<li><a href="#202">Changes since 2.0.2</a></li>
+	<li><a href="#201">Changes since 2.0.1</a></li>
+	<li><a href="#200">Changes since 2.0.0</a></li>
+	<li><a href="#final">Changes since RC-4</a></li>
+	<li><a href="#rc4">Changes since RC-3</a></li>
+	<li><a href="#rc3">Changes since RC-2</a></li>
+	<li><a href="#rc2">Changes since RC-1</a></li>
+	<li><a href="#rc1">Changes since RC-1 (pre)</a></li>
+</ol>
+<li><a href="#disclaimer">Disclaimer</a></li>
+</ol>
+
+<a name="changelog"></a><h2 class="h2"><u>1. Changelog</u></h2>
+
+<p>This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.</p>
+
+<a name="2014"></a><h3 class="h3">l.i. Changes since 2.0.14</h3>
+
+<ul>
+<li>Fixed moderator status removal in groupcp.php</li>
+<li>Removed newlines after ?&gt; on some files - <b>Thoul</b></li>
+<li>Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus</li>
+<li>Fixed vulnerability in url/bbcode handling functions - <b>PapaDos and Paul/Zhen-Xjell from CastleCops</b></li>
+<li>Fixed issue in admin/admin_forums.php</li>
+<li>Suppressed warning message for fsockopen in /includes/smtp.php - <b>Thoul</b></li>
+<li>Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - <b>Exy</b></li>
+<li>Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)</li>
+<li>Updated the readme file</li>
+<li>Added one new language variable</li>
+<li>Added general error if accessing profile for a non-existent user</li>
+<li>Changed session id generation to be more unique - <b>Henno Joosep</b></li>
+<li>Fixed bug in highlight code to escape characters correctly</li>
+<li>Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.</li>
+<li>Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file</li>
+<li>Fixed bypassing of validate_username on registration - Yen</li>
+<li>Empty url/img bbcodes no longer get parsed</li>
+</ul>
+
+<a name="2013"></a><h3 class="h3">l.ii. Changes since 2.0.13</h3>
+
+<ul>
+<li>Hardened author and keyword search a bit to not allow very server intensive searches</li>
+<li>Fixed full path disclosure in bad word parsing</li>
+<li>Resetting complete userdata array in session code if authentication fails</li>
+<li>Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error</li>
+<li>Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error</li>
+<li>Fixed html handling in signatures if html is turned off globally</li>
+<li>Fixed install.php problem with PHP5 register_long_arrays option turned off</li>
+<li>Fixed potential issues with styling system</li>
+<li>Added correct class to login_body template file</li>
+<li>Removed file db/oracle.php from package</li>
+<li>Removed version number from message body page in /admin (if user is not an admin) - <b>mikelbeck</b></li>
+<li>Fixed case-sensitivity issues in postgres7.php - <b>R45</b></li>
+</ul>
+
+<a name="2012"></a><h3 class="h3">l.iii. Changes since 2.0.12</h3>
+
+<ul>
+<li>Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party</li>
+<li>Fixed high severity issue in session handling allowing everyone gaining administrator rights. Please update as soon as possible.</li>
+<li>Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.</li>
+</ul>
+
+<a name="2011"></a><h3 class="h3">l.iv. Changes since 2.0.11</h3>
+
+<ul>
+<li>Added confirm table to admin_db_utilities.php</li>
+<li>Prevented full path display on critical messages</li>
+<li>Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug - <b>AnthraX101</b></li>
+<li>Added exclude list to unsetting globals (if register_globals is on) - <b>SpoofedExistence</b></li>
+<li>Fixed arbitrary file disclosure vulnerability in avatar handling functions - <b>AnthraX101</b></li>
+<li>Fixed arbitrary file unlink vulnerability in avatar handling functions - <b>AnthraX101</b></li>
+<li>Removed version number from powered by line</li>
+<li>Merged database update files to update_to_latest.php file</li>
+<li>Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101's discovery)</li>
+<li>Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - <b>matrix_killer</b></li>
+</ul>
+
+<a name="2010"></a><h3 class="h3">l.v. Changes since 2.0.10</h3>
+
+<ul>
+<li>Fixed vulnerability in highlighting code (<b>very high severity, please update your installation as soon as possible</b>)</li>
+<li>Fixed unsetting global vars - <b>Matt Kavanagh</b></li>
+<li>Fixed XSS vulnerability in username handling - <b>AnthraX101</b></li>
+<li>Fixed not confirmed sql injection in username handling - <b>warmth</b></li>
+<li>Added check for empty topic id in topic_review function</li>
+<li>Added visual confirmation mod to code base</li>
+</ul>
+
+<a name="209"></a><h3 class="h3">l.vi. Changes since 2.0.9</h3>
+
+<ul>
+<li>Fixed deleting of styles in admin_styles.php</li>
+<li>Fixed wrong unsetting of variables introduced in phpBB 2.0.9, making the board non-functional for users with specific php.ini settings</li>
+<li>Added code to let phpBB work with PHP5 for those having register_long_arrays set to off (default settings) - running phpBB 2.0.x with PHP5 is not supported at http://www.phpbb.com.</li>
+<li>Fixed bug in admin_board.php for board settings having single quotes in it</li>
+<li>Fixed "search by author" in search.php. Now it is possible to search for users with special chars in their name too</li>
+<li>Fixed forum jumpbox propagating session id in moderator control pages</li>
+<li>Added check for newlines at redirecting pages, to prevent http response splitting attacks - <b>Ory Segal and Amit Klein</b></li>
+<li>Fixed visual confirmation code. The image was not created due to a wrong regular expression.</li>
+</ul>
+
+<a name="208"></a><h3 class="h3">l.vii. Changes since 2.0.8</h3>
+
+<ul>
+<li>Fixed one vulnerability in admin_board.php - <b>Xore</b></li>
+<li>Added checking for proper session id characters to sessions and viewtopic to prevent injections - <b>Bartlomiej Korupczynski</b></li>
+<li>Fixed injection vulnerabilities possible with linked avatars</li>
+<li>Implemented unsetting globalised variables</li>
+<li>Limited confirm switch to POST variable in posting</li>
+<li>Changed IP code in common.php to prevent IP spoofing, which might introduce some problems with private IP Ranges showing up. - <b>Wang Products</b></li>
+<li>Updated visual confirmation mod [pre-edited files]</li>
+<li>Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by <b>R45</b></li>
+<li>Added the ability to link to https/ftps sites using the img bbcode tag</li>
+<li>Fixed user online information in admin/index.php</li>
+<li>Fixed getting group moderator in groupcp.php if running oracle backend - spotted by <b>pakman</b></li>
+<li>Fixed use of non-existing result variable in modcp (poster_id instead of user_id)</li>
+<li>Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - <b>Matthew C. Kavanagh, Janek Vind</b></li>
+<li>Fixed problem with SID not delivered to next page in groupcp.php</li>
+</ul>
+
+<a name="207"></a><h3 class="h3">l.viii. Changes since 2.0.7</h3>
+
+<ul>
+<li>Fixed several vulnerabilities in admin pages</li>
+<li>Fixed sid checking code in admin/pagestart.php</li>
+<li>Fixed injection vulnerabilities possible with the img bbcode tag</li>
+<li>Limited allowed images in img bbcode tag to jpg, jpeg, gif and png</li>
+<li>Fixed redirect problems - 2.0.7a</li>
+<li>Fixed sql injection vulnerability in search - 2.0.7a</li>
+<li>Fixed sql injection vulnerability in privmsg - 2.0.8a</li>
+</ul>
+
+<a name="206"></a><h3 class="h3">1.ix. Changes since 2.0.6</h3>
+
+<ul>
+<li>Fixed several vulnerabilities in modcp - <b>Robert Lavierck</b></li>
+<li>Changed whois lookup address within admin index</li>
+<li>Fixed potential vulnerability in viewtopic postorder - 2.0.6d</li>
+<li>Updates to cope with Zend Optimizer 2.5 problems - 2.0.6d - <b>jetset</b></li>
+<li>Force specialcharing of redirect variable in login - <b>Pit</b></li>
+<li>Fixed potential vulnerability in viewtopic postdays - <b>GulfTech Security Research</b></li>
+<li>Fixed potential vulnerability in viewforum topicdays - <b>GulfTech Security Research</b></li>
+<li>Fixed potential vulnerability in modcp</li>
+<li>Fixed potential vulnerability in avatar gallery</li>
+</ul>
+
+<a name="205"></a><h3 class="h3">1.x. Changes since 2.0.5</h3>
+
+<ul>
+<li>Fixed various email issues</li>
+<li>Fixed registration email bug with Administrator Confirmation used</li>
+<li>Fixed mass emailer</li>
+<li>Fixed long post time issue</li>
+<li>Fixed bug with usernames containing single quotes</li>
+<li>Fixed word list bug - Word boundaries were not considered</li>
+<li>Fixed vulnerability in style admin</li>
+<li>Fixed sql injection vulnerability in viewtopic</li>
+<li>Fixed vulnerability allowing server side variable access in search - <b>tendor</b></li>
+<li>Fixed potential vulnerability in 2.0.5 login username entry - <b>throw away/eomer</b></li>
+<li>Fixed sql injection with reset date format field in profile - <b>tendor</b></li>
+</ul>
+
+<a name="204"></a><h3 class="h3">1.xi. Changes since 2.0.4</h3>
+
+<ul>
+<li>Removed user facing session_id checks</li>
+<li>Fixed user self-activation after deactivation</li>
+<li>Fixed incorrect functioning of phpbb_realpath</li>
+<li>Fixed wrong path to database schema files within the upgrade script</li>
+<li>Fixed double quote problem with username validation</li>
+<li>Allow & within email addresses</li>
+<li>Fixed email validation for banned email addresses</li>
+<li>Removed underline from email domain validation</li>
+<li>Fixed redirection for sentbox folder, installation and email</li>
+<li>Fixed poll deletion</li>
+<li>Fixed Mozilla navigation bar</li>
+<li>Fixed URL bbcode parsing</li>
+<li>Fixed database timeouts while searching the forums</li>
+<li>Fixed wrong email return path in admin mass mailing - <b>netclectic</b></li>
+<li>Fixed MS-SQL failures within the update script</li>
+<li>Fixed memberlist sort order</li>
+<li>Fixed not showing leading spaces within Code BBCode</li>
+<li>Fixed problem with adding double quotes to subject titles</li>
+<li>Remove username input field from profile when user cannot change name</li>
+<li>Fixed pagination error with highlighting</li>
+<li>Fixed errors if no smilies are installed</li>
+<li>Fixed CSS issues with IE 5.2 on MacOS X</li>
+<li>Fixed missing sid propagation problem within the Moderator Control Panel</li>
+<li>Fixed language variables within Authentication error output</li>
+<li>Removed doubled CSS class definitions within input fields</li>
+<li>Fixed username change within the Administration Panel</li>
+<li>Added missing &lt;tr&gt; tags to index_body.tpl</li>
+<li>Added missing username language variable to admin index page</li>
+<li>Fixed moderator status update if a usergroup got deleted</li>
+<li>Fixed poll handling upon post edit</li>
+<li>Fixed remove common words from search table if post get pruned - <b>Nuttzy99</b></li>
+<li>Fixed behaviour on splitting topics if no checkbox is selected</li>
+<li>Anonymous is no longer displayed within Username dropdown boxes</li>
+<li>Fixed viewprofile redirection if an invalid mode was specified</li>
+<li>Fixed fraction settings within determining common words - <b>Novan</b></li>
+<li>Prevent admin change usernames to his own within the ACP</li>
+<li>Activation email is sent to all admins</li>
+<li>Fixed conversion of &amp; to &amp;amp; in appropriate cases</li>
+<li>Fixed display of "greater than topics per page" announcements preventing display of normal posts</li>
+<li>Added variable checks to database backup and restore screen</li>
+<li>Prevented pm popup window from resetting after visiting avatar gallery</li>
+<li>Fixed special character handling with word censor</li>
+<li>Added SID to jumpbox</li>
+<li>Fixed problems with usernames using html special chars</li>
+<li>Added GMT + 13 to English lang_main, all translators are encouraged to do likewise</li>
+<li>Deleted doubled 'U_MEMBERLIST' assignment from page_header.php</li>
+<li>Fixed wrong display of Signature Checkbox while editing Private Message</li>
+<li>Fixed disappearing post text if emoticon was inserted directly after pressing a BBCode button</li>
+<li>Display correct alt-tag for smilies within postings</li>
+<li>Prevented the ability to apply BBCode to website contents</li>
+<li>Fixed maxlength issue with password field in login_body.tpl</li>
+<li>Fixed possible username duplication issue with validation and username length</li>
+<li>Fixed split words function to handle additional foreign characters</li>
+<li>Changed empty email To Field to use a non-disclosure delimiter</li>
+<li>Fixed wrong language var in install.php - FTP Config screen</li>
+<li>Fixed alt tag for locked topic images in viewforum_body.tpl</li>
+<li>Fixed typo in groupcp.php - $lang['Unsub_success'] instead of $lang['Usub_success']</li>
+<li>Fixed timezone display</li>
+<li>Fixed wrong display of author quote tag within profile - <b>Cl1mh4224rd</b></li>
+<li>Added deletion of sessions of users whose account is deactivated</li>
+<li>Added mail header X-MimeOLE to the emailer class</li>
+<li>Prevent registration if user is logged in or user trying to register again</li>
+<li>Prevent usage of char(255) in usernames</li>
+<li>Added check for additional FORWARDED_FOR IP's - <b>cosmos</b></li>
+<li>Fixed handling of non-selection of option when voting</li>
+<li>Fixed potential xss issue with memberslist mode</li>
+<li>Default English support for visual confirmation - translators are encouraged to support this</li>
+</ul>
+
+<a name="203"></a><h3 class="h3">1.xii. Changes since 2.0.3</h3>
+
+<ul>
+<li>Fixed cross-browser scripting issue with highlight param</li>
+<li>Back-ported highlighting code from phpBB 2.2</li>
+<li>Add session id validation to posting, profile, email, voting - <b>Edwin van Vliet</b></li>
+<li>Added {S_HIDDEN_FIELDS} template var to profile_send_email.tpl</li>
+<li>Added "intval" fix for flood check, may resolve some issues</li>
+<li>Added missing index to post_id for search_wordmatch</li>
+<li>Fixed spelling error in search add words preventing use of stopword list</li>
+<li>Fixed issue with search common words not being run</li>
+<li>Introduce viewtopic resync patch by Ashe</li>
+<li>Replace a for n in templating code</li>
+<li>Fixed ordering in memberslist</li>
+<li>Fixed group_id sequence issues with pgsql and msaccess</li>
+<li>Fixed assumption of word censors in user notification</li>
+<li>Fixed incorrect display of quotes in user management fields</li>
+<li>Fixed entry of special chars in all profile fields - note this may cause temporary issues</li>
+<li>Fixed incorrect display of quotes when using avatar gallery</li>
+<li>Fixed missing username in email sent to users when admin activated</li>
+<li>Added check for non-empty smiley code and url in smiley admin</li>
+<li>Prevent display of -- sig seperator in emails when no board sig exists</li>
+<li>Fixed URL propagated sid issues with jumpbox</li>
+<li>Fixed wrong mode name check (polldelete) in functions_post</li>
+<li>Added missing root path to l10n image path check</li>
+<li>Remove validation of fields when deleting a user</li>
+<li>Fixed sort mode select box in memberslist to default to current mode</li>
+<li>Deny inline topic review listing to users without auth_read permissions</li>
+<li>Prevent display of topic notification checkbox if user cannot read forum</li>
+<li>Remove incorrect pre-pending of IP to uploaded avatars</li>
+<li>Fixed deletion of uploaded avatars when changing to remote/gallery</li>
+<li>Added check for non-blank line during install schema/basic sql ops</li>
+<li>Added sort ordering to Top Ten poster listing by request</li>
+<li>Fixed incorrect error report when altering case of username</li>
+<li>Added jumpbox output to modcp {JUMPBOX} will now work</li>
+<li>Fixed non-updating of users with MOD levels when deleting a forum</li>
+<li>Remove email to group moderator when approving new members</li>
+<li>Fixed non-handling of HTML in poll options</li>
+<li>Fixed non-deletion of polls when deleting forum and its posts</li>
+<li>Fixed moved shadow topic from being bumped upon reply</li>
+<li>Changed field size of timezone to decimal(5,2) where applicable</li>
+<li>Fixed missing sid append to URL when redirecting to newest reply</li>
+<li>Fixed missing slashes in private IP preg check</li>
+<li>Fixed session not setting userdata['user_id'] to ANON as appropriate</li>
+<li>Added check for non-empty name in disallow admin</li>
+<li>Fixed validation of SSL website addresses in profile</li>
+<li>Fixed inability of admins to upload avatars via user admin panel</li>
+<li>Fixed non-deletion of private message text upon full box overwrite</li>
+<li>Fixed incorrect error message in smiley admin</li>
+<li>Fixed incorrect alt-text for "Stop Watching Topic" image</li>
+<li>Temporary fix for missing lang strings in forum admin - translators should update their packages if not done already</li>
+<li>Use selected localisation during later stages of installation</li>
+<li>Fixed non-check of permissions when deleting a topic via Moderator Control Panel</li>
+<li>Fixed non-update of banlist upon user deletion</li>
+<li>Check approved users boxes by default in usergroup approve form</li>
+<li>Fixed non-appending of sid to backup meta refresh</li>
+<li>Fixed non-notification of no support for certain databases in backup/restore</li>
+<li>Added $images var to message die global declaration</li>
+<li>Fixed wrong string, Private_message in Private Messaging</li>
+<li>Add mail send result to error output</li>
+<li>Fixed non-appending of sid to Mozilla nav bar menu items</li>
+<li>Fixed incorrect profile linking from MSNM url in private messaging</li>
+<li>Grammatical errors in English lang_main fixed - <b>Cluster</b></li>
+<li>Allow deletion of avatar and simultaneous upload/linking/gallery selection</li>
+<li>Fixed non-updating of user rank when changing from special to normal rank in rank admin</li>
+<li>Changed user topic notification default in schemas to 0 (off)</li>
+<li>Fixed non-XHTML compliant img tags in privmsg.php</li>
+<li>Fixed non-deletion of announcements and polls when removing forum contents in forum admin</li>
+<li>Fixed non-pruning of watched topics table when pruning related topics</li>
+<li>Enable GET redirect on logout</li>
+<li>Added check for IE6.x to viewtopic ICQ indicator javascript</li>
+<li>Fixed empty username quoting with MS-SQL</li>
+<li>Fixed BBCode url, magic url and img tags to allow most chars beyond domain names</li>
+<li>Prevent parsing of -ve size values in BBCode size tag</li>
+<li>Back ported HTML handler from 2.2, this may impact some boards which allow complex HTML - existing parser remains but commented out</li>
+<li>Fixed parsing of word censors to not censor words within &lt; and &gt; tag delimiters</li>
+<li>Fixed database utilities failing to backup data with MySQL</li>
+<li>Fixed signature parsing in User Admin</li>
+<li>Fixed missing class="post" tags in subSilver Admin templates</li>
+<li>Fixes for paths under Apache2</li>
+<li>Added wrap text with tag support for posting in Mozilla 1.1+</li>
+<li>Fixed use of missing CSS classes in modcp_split, group_info_body, error_body and agreement</li>
+<li>Fixed ability of users to edit polls even after they have received votes</li>
+<li>Fixed header Location to be absolute URL as per HTTP 1.1 spec - noted by <b>PhilippK</b></li>
+<li>Added additional session_id checks to MCP, topic subscription, PM and similar items</li>
+<li>Fixed colour select box in posting_body to reset to Default colour after selection</li>
+<li>Altered PM icon to show new image until messages have been read</li>
+<li>Fixed incomplete deletion of PMs when removing the associated user</li>
+<li>Fixed unread and new PM user counters to decrement appropriately in all situations</li>
+<li>Fixed possible cross-site scripting issue with username search</li>
+<li>Fixed some problems with gzip in combination with newer PHP versions and Mozilla</li>
+<li>Fixed wrong maxlength in modcp_split.tpl subject field</li>
+<li>Fixed inability to edit username of guest poster - <b>vHiker</b></li>
+<li>Fixed ability for guests to post with certain registered usernames</li>
+<li>Fixed various HTML issues to improve XHTML compliance - <b>Daz</b></li>
+<li>Fixed missing template var {L_PM} for memberslist - <b>Daz</b></li>
+<li>Fixed wrong key name for $images['Topic_un_watch'] - <b>Daz</b></li>
+<li>Fixed missing template var {S_WATCH_TOPIC_IMG} for viewtopic - <b>Daz</b></li>
+<li>Fixed missing default constraints for post table under MSSQL</li>
+<li>Fixed incorrect field size for forum pruning - preventing days > 256</li>
+<li>Fixed continuing redirect issues for broken web servers, e.g. IIS+CGI PHP</li>
+<li>Fixed inability to use ftp as a protocol for the [img] tag</li>
+<li>Fixed incorrect handling of [img] tags containing %20 encoded spaces</li>
+<li>Added check for . within cookie_name, change to _ if present</li>
+<li>Added SHOW_ONLINE constant to limit "users online" code operation to index and viewforum</li>
+<li>Added "temporary" workaround for Apache2 + PHP module ignoring "private" cache header</li>
+<li>Added workaround for modcp IP lookup and links to Anonymous user profile</li>
+<li>Fixed broken bbcode parsing of quotes containing bbcode in the "username"</li>
+<li>Fixed excess slashes in [quote=""] first pass encoding</li>
+<li>Fixed rendering issue with quote button under Mozilla - <b>Daz</b></li>
+<li>Grammatical errors in remaining core lang files fixed - <b>Cluster</b></li>
+<li>Fixed bbcode quote breaking when username contained ] before [</li>
+<li>Fixed duplicate group_id error during upgrade of users from phpBB 1.x</li>
+<li>Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x</li>
+<li>Rejiggled validation code, may eliminate "Username disallowed" issues</li>
+<li>Fixed differing initial "public" setting of forum permissions between different files</li>
+<li>Added check for invalid (non-compliant) email addresses to upgrade script</li>
+<li>Further redirect workarounds for broken servers, please direct further issues to the vendors</li>
+<li>Added GMT + 13 to English lang_main, all translators are encouraged to do likewise</li>
+<li>Added switch to default_lang email template if user lang template no longer exists</li>
+<li>Fixed javascript error when selecting smiley containing a single quote</li>
+<li>Update users watched topic if a post they made is split into a new topic</li>
+<li>Fixed situations where email templates contain incorrect or missing subject lines</li>
+<li>Fixed error when searching for posts and no forums exist</li>
+<li>Fixed potential SQL vulnerability with marking of private messages - <b>Ulf Harnhammar</b></li>
+</ul>
+
+<a name="202"></a><h3 class="h3">1.xiii. Changes since 2.0.2</h3>
+
+<ul>
+<li>Fixed potential cross-site scripting vulnerability with avatars - <b>Showscout</b></li>
+<li>Fixed potential SQL rewrite issue in page header - <b>missing contrib</b></li>
+<li>Fixed potential CSS/HTML rewrite on viewing in login - <b>Marc Rees</b></li>
+<li>Fixed (hopefully) issue with MS Access and multiple pages</li>
+</ul>
+
+<a name="201"></a><h3 class="h3">1.xiv. Changes since 2.0.1</h3>
+
+<ul>
+<li>Fixed missing "username" lang variable in user admin template</li>
+<li>Session work around for users behind rotating IPs - <b>vHiker</b></li>
+<li>Fixed potential session user_id re-write - <b>Ashe</b></li>
+<li>Fixed potential cross-browser scripting issue with BBCode URLs</li>
+<li>Fixed potential gallery avatar exploit - <b>Ashe</b></li>
+<li>Fix sorting of smileys on each function call - <b>Ashe/psoTFX</b></li>
+<li>Clear topic_mod text output in viewtopic - <b>Lars</b></li>
+<li>Fix regex for avatar remote urls</li>
+<li>Fix non-updating of user post counts when deleting whole topics</li>
+<li>Increase time limit when sending topic reply notifications</li>
+<li>Set default forum when splitting topics</li>
+<li>Fix non-deletion of uploaded avatars when switching to gallery</li>
+<li>Removed various closing newlines from included files</li>
+<li>Add MAX_ROWS to HEAP table alter in install/upgrade - <b>Ashe</b></li>
+<li>Update username maxlength for subSilver templates</li>
+<li>Allow <b>(</b> and <b>)</b> in BBCode [url] tags</li>
+<li>Fix non-quoting of <b>#</b> in username validation regexs</li>
+<li>Fix overlooked global var in private messaging</li>
+<li>Possible fix for \r\n email templates issues</li>
+<li>Fix missing str_replace for category title forum admin SQL</li>
+<li>Fix trailing <b>,</b> when sending emails via smtp</li>
+<li>Fix avatar issues in user admin</li>
+<li>Fix improper checking of email address ban in sessions</li>
+<li>Fix use of hard coded language strings in forum admin</li>
+<li>Fix missing closing <b>)</b> in smilies admin</li>
+<li>Fix missing Username label in user admin</li>
+<li>Fix upgrade.php bug where conversion would not complete (and updated other scripts to match the changes)</li>
+<li>Fix problem with redirect and login.php</li>
+<li>Fix typo that could cause problems with sorting in the memberlist</li>
+<li>Fix emailer to allow sending emails with language-specific character sets</li>
+</ul>
+
+<a name="200"></a><h3 class="h3">1.xv. Changes since 2.0.0</h3>
+
+<ul>
+<li>Fixed delete image bug for normal users</li>
+<li>Fixed group control panel image links</li>
+<li>Fixed missing L_POST variable in group control panel</li>
+<li>Fixed missing user id when redirecting to email form after login</li>
+<li>Fixed (a)ppend_sid function name error in group control panel</li>
+<li>Fixed reset of post type when previewing a post</li>
+<li>Fixed mass emailer include path error</li>
+<li>Fixed potential SQL exploit</li>
+<li>Fixed several minor subSilver issues</li>
+<li>Fixed [quote] breaking HTML problem</li>
+<li>Fixed problem with unclosed nested quotes</li>
+<li>Fixed bad handling of automagic links at end of quotes</li>
+<li>Fixed potential BBCode and avatar remote exploit</li>
+<li>Altered email validation check to allow + in username as per RFC</li>
+<li>Fixed incorrect behaviour with wildcards in disallowed usernames</li>
+<li>Added missing append_sid for search view results as posts</li>
+<li>Fixed incorrect clearing of current sessions for logged in users</li>
+<li>Fixed user_timezone (cannot update user profile) problem</li>
+<li>Added correct setting of moderator status for users during upgrade</li>
+<li>Fixed handling of uploaded avatars if gallery avatar currently used</li>
+<li>Fixed use of existing username for uploaded avatars</li>
+<li>Fixed updating of topic reply stats when post is deleted</li>
+<li>Fixed irrelevant error message when activating already active account</li>
+<li>Fixed gzip compression problems with Netscape and some PHP versions</li>
+<li>Fixed MS Access layer errors when using latest PHP versions</li>
+<li>Fixed styles admin editing problems with MSSQL Server</li>
+<li>Fixed logout issue when cancelling certain actions</li>
+<li>Fixed missing text in certain admin links</li>
+<li>Fixed opening of frame within frame when logging into admin</li>
+<li>Fixed incorrect ordering of search results by time</li>
+<li>Fixed fulltext searching failure with MS Access</li>
+<li>Hopefully fixed fulltext search with non-latin single byte charsets</li>
+<li>Enabled work-around support for some multi-byte charsets - <b>OOHOO</b></li>
+<li>Re-enabled search indexing of all-numeric character sequences</li>
+<li>Updated email banning to properly implement wildcards</li>
+<li>Fixed missing extension in links from groupcp</li>
+<li>Fixed lack of re-validation when changing email address</li>
+<li>Added additional IP check when using HTTP_X_FORWARDED_FOR</li>
+<li>Fixed non-display of delete icon when on second or greater topic page</li>
+<li>Fixed problems with users/groups assigned multiple permissions</li>
+<li>Fixed problem with - and + in search words - <b>Matthijs</b></li>
+<li>Fixed improper handling for deletion of words from search table</li>
+<li>Fixed support for <b>,</b> in automagic URLs as per RFC</li>
+<li>Fixed circular reference SQL errors when deleting posts under MS Access</li>
+<li>Fixed nested [code] problems</li>
+<li>Added charset encoding headers for emails - <b>romutis</b></li>
+<li>Fixed "Copy to self" emails to use correct language</li>
+<li>Fixed pagination error when limiting previous days for viewforum</li>
+<li>Decreased minimum search word size to 3 chars</li>
+<li>Fixed deletion of one or more options from all polls when editing just one</li>
+<li>Fixed checking of group memberships when promoting/demoting group moderators</li>
+<li>Added database closure to admin frameset page</li>
+</ul>
+
+<a name="final"></a><h3 class="h3">1.xvi. Changes since RC-4</h3>
+
+<ul>
+<li>Fixed improper report of general error when posting messages containing errors</li>
+<li>Fixed post text being doubled up if it contained one or more &lt; without closing &gt;</li>
+<li>Fixed pruning errors due to search function name change</li>
+<li>Hopefully fixed various issues which led to incorrect reply and excess page counts</li>
+<li>Fixed groupcp not displaying all email buttons to group moderator or admin</li>
+<li>Fixed failure to display error notice when uploading oversized avatars</li>
+<li>Hopefully corrected problem with viewonline displaying too few/many users online</li>
+<li>Partially addressed issue with activation URLs >76 chars</li>
+<li>Fixed additional search facilities failing to work or working incorrectly</li>
+<li>Fixed search syntax highlighting</li>
+<li>Addressed various webservers handling of page redirects</li>
+<li>Fixed word censor not replacing first or last words</li>
+<li>Fixed avatar height and width check for locally uploaded images</li>
+<li>Hopefully fixed cache control header</li>
+<li>Added check for PM box size limit of 0 to prevent div0 error</li>
+<li>Fixed failure to fully delete PMs in outbox</li>
+<li>Fixed display problem with polls</li>
+<li>Fixed problem with guest username not being displayed for topic results in search</li>
+<li>Fixed problem with quotes in various profile fields</li>
+<li>Fixed schema problem with user_timezone</li>
+<li>Fixed page display issue with MS Access</li>
+<li>Fixed user level issue when altering user from user to admin and vice versa</li>
+<li>Fixed incorrect parseing of some email templates</li>
+<li>Reduced size of MS Access primer</li>
+<li>Fixed various remaining usergroup display issues</li>
+</ul>
+
+<a name="rc4"></a><h3 class="h3">1.xvii. Changes since RC-3</h3>
+
+<ul>
+<li>Addressed serious security issue with included files</li>
+<li>Fixed non-use of database table prefix name during upgrade</li>
+<li>Split functions and profile into separate modules</li>
+<li>Fixed (hopefully) remaining issues with colourisation of moderator usernames</li>
+<li>Updated install to include entry of additional, required, information</li>
+<li>Fixed (hopefully) AOL incompatibilities</li>
+<li>Fixed non-display of moderators in index/viewforum</li>
+<li>Fixed group control panel 'no groups exist' problems</li>
+<li>Fix HTTP_X_FORWARDED_FOR spoofing possibility</li>
+<li>Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR</li>
+<li>Enable multiple wildcard email banning, eg. *name*@somewhere.tld</li>
+<li>Fix problems with posts being truncated if containing &lt; and &gt; characters</li>
+<li>Prevent URL, BBCode and most smiley parseing in [code][/code]</li>
+<li>Fix problems with use of certain reserved chars in word censor list</li>
+<li>Fix default search useage to be as described (was doing AND by default)</li>
+<li>Fix various avatar issues with profile, gallery and viewtopic</li>
+<li>Enable safe mode support for uploading avatars</li>
+<li>Fix broken modcp IP view issue</li>
+<li>Fix potential session_id re-write vulnerability</li>
+<li>Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)</li>
+<li>Remove link to external subSilver stylesheet from default subSilver templates</li>
+<li>Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)</li>
+<li>Fix checkbox resetting problem while previewing posts</li>
+<li>Fix a login redirect issue</li>
+<li>Remove some additional unused fields during upgrade</li>
+<li>Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver</li>
+</ul>
+
+<a name="rc3"></a><h3 class="h3">1.xviii. Changes since RC-2</h3>
+
+<ul>
+<li>Fixed infamous install parse error</li>
+<li>Major update of posting and related search functions (fixing various issues and increasing speed)</li>
+<li>Fixed display of author and last poster names when both are different guest users</li>
+<li>Fixed upgrade stall issues (hopefully!) and improved output</li>
+<li>Fixed highlighting code for viewtopic and search</li>
+<li>Reduced size of several files and functions</li>
+<li>Moved localised images to sub-directories</li>
+<li>Improved user feedback of disallowed usernames</li>
+<li>Fixed various MSSQL bugs</li>
+<li>Fixed installation of MSSQL/MSSQL-ODBC</li>
+<li>Fixed security issue with upgrade.php</li>
+<li>Finished implemention of various additional features</li>
+<li>Fixed various user, group and forum permissions problems</li>
+<li>Fixed issues with BBCode [ and ] (hopefully!)</li>
+<li>Fixed autologin problems with MS IIS</li>
+<li>Hopefully fixed problems with URIs in emails on some server configs</li>
+<li>Fixed 'blank' profile and DB utilities problems on submit</li>
+<li>Fixed incorrect language being used in email subjects</li>
+<li>Fixed issues with incorrect private message new/unread counts</li>
+<li>Fixed various PostgreSQL related errors</li>
+<li>Automatically forward users to login screen in more situations</li>
+<li>AEnabled (coloured) online indication of moderators and admins</li>
+<li>Enabled maximum online user count</li>
+<li>Altered online user count to ignore duplicate IPs (will now underestimate rather than overestimate)</li>
+<li>Enabled viewing of users browsing each forum</li>
+<li>Fixed (hopefully) display of overlayed ICQ icon in Netscape using subSilver</li>
+<li>Fixed display of guest usernames for last post and author</li>
+<li>Hidden usergroups are now completely hidden from view</li>
+</ul>
+
+<a name="rc2"></a><h3 class="h3">1.xix. Changes since RC-1</h3>
+
+<ul>
+<li>Fixed numerous PostgreSQL related issues</li>
+<li>Significant updates and additions to the upgrade script</li>
+<li>Various (missed) hard coded language strings fixed</li>
+<li>Fixed viewforum error when no forum id specified</li>
+<li>Fixed old constant name useage in search system</li>
+<li>Fixed display of moved posts when viewing unanswered posts</li>
+<li>Fixed failure of search for user and keyword when displaying as posts</li>
+<li>Fixed PM popup notification</li>
+<li>Fixed view more emoticon session page problem</li>
+<li>Fixed view profile email links</li>
+<li>Fixed display of websites in profile</li>
+<li>Fixed backup database failure</li>
+<li>Fixed MS Access schema error when posting topics</li>
+<li>Fixed problem with hypenated/dotted DB names in MySQL 3.23.6+</li>
+<li>Various other fixes and updates</li>
+</ul>
+
+<a name="rc1"></a><h3 class="h3">1.xx. Changes since RC-1 (pre)</h3>
+
+<ul>
+<li>Upgrade script completed for initial fully functional release</li>
+<li>Sessions code updated</li>
+<li>Mark read code updated and hopefully fixed</li>
+<li>Significant changes to properly deal with \' for non-MySQL boards</li>
+<li>mssql, msaccess and mssql-odbc DB classes re-written</li>
+<li>Avatar issues addressed and fixed</li>
+<li>Search (INSERT) bug using MySQL fixed</li>
+<li>Search highlighting issues addressed</li>
+<li>Search own/other users posts fixed</li>
+<li>BBCode fixes for magic URIs and other issues</li>
+<li>Template updates for subSilver</li>
+<li>User and group permissions problems fixed</li>
+<li>Forum management problems (deletion of forum causing category not to display) fixed</li>
+<li>Pagination problem with groupcp fixed</li>
+<li>Backslash issues with posting and profile fixed</li>
+<li>Backslash issues with emails fixed</li>
+<li>preg_quote problems fixed</li>
+<li>User management updated with full avatar control and missing fields</li>
+<li>Private messaging box limits fixed</li>
+<li>Private messaging ?folder= strangeness fixed</li>
+<li>Forum pruning code updated to cope with search system</li>
+<li>Emoticon system in posting updated</li>
+<li>BBCode FAQ link added to posting form</li>
+<li>Language file updates to address concerns of translators</li>
+<li>Various other bug fixes and updates</li>
+</ul>
+
+<p>Note that a full list of fixed bugs can be found at the bug tracker (see section on bug reporting <a href="README.html#bugs">here</a>)</p>
+
+<a name="disclaimer"></a><h2 class="h2"><u>2. Copyright and disclaimer</u></h2>
+
+<p>This application is opensource software released under the <a href="http://www.gnu.org/licenses/gpl.html" target="_new">GPL</a>. Please see source code and the Docs directory for more details. This package and its contents are Copyright <20> 2002 <a href="http://www.phpbb.com/" target="_new">phpBB Group</a>, All Rights Reserved.</p>
+
+<!-- END DOCUMENT -->
+				</td>
+			</tr>
+		</table></td>
+	</tr>
+</table>
+
+</body>
+</html>

phpBB/docs/COPYING

@@ -0,0 +1,281 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          675 Mass Ave, Cambridge, MA 02139, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+

phpBB/docs/FAQ.html

@@ -0,0 +1,206 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html">
+<meta http-equiv="Content-Style-Type" content="text/css">
+<title>phpBB 2.0.x :: FAQ</title>
+<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
+<style type="text/css">
+<!--
+p,ul,td {font-size:10pt;}
+h2 {font-size:15pt;font-weight:bold;}
+h3 {font-size:12pt;}
+//-->
+</style>
+</head>
+<body bgcolor="#E5E5E5" text="#000000" link="#006699" vlink="#006699">
+
+<table width="100%" border="0" cellspacing="0" cellpadding="10" align="center">
+	<tr>
+		<td class="bodyline"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+	<tr>
+		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.x FAQ</span></td>
+	</tr>
+</table>
+
+<!-- BEGIN DOCUMENT -->
+<p>This is a very basic Frequently Asked Questions (FAQ) page which attempts to answer some of the more commonly asked questions. It is by no means exhaustive and should be used in combination with the 'built-in' User FAQ within phpBB2, the community forums (particularly the Tutorials forum) and our IRC channel (see <a href="README.html">README</a> for details).</p>
+
+<ol>
+
+<li><b>I cannot install this it is too difficult! Will you do it?</b></li>
+
+<p>Simple answer, no we will not. We are not being difficult when we say this we are actually trying to help you. phpBB has a reputation for being easy to install, that reputation is we believe well deserved. It is a simple process of unarchiving a single file, uploading the resulting directory/files to their intended location and entering some data in a web based form. The sequence of events, what to type where, etc. is covered in detail in the accompanying <a href="INSTALL.html">INSTALL.html</a> documentation. If you cannot install phpBB 2.0.x the chances are you will be unable to administer or update it.</p>
+
+<p>There are people, companies (unrelated to your hosting provider), etc. that will install your forum, either for free or for a payment. We do not recommend you make use of these offers. Unless the service is provided by your hosting company you will have to divulge passwords and other sensitive details. If you did not know how to use an ATM would you give a passer-by your bank card and PIN and ask them to show you what to do? No, probably not! The same applies to your hosting account details!</p>
+
+<p>We think a better solution is for you to carefully read the enclosed documentation, read our tutorials forum at www.phpbb.com and if necessary ask for help on any thing you get stuck on. However, the decision is yours but please note we may not offer support if we believe you have had the board installed by a third party. In such cases you should direct your questions to that company or person/s.</p>
+
+<li><b>How do I install this board on Lycos/coolfreepages/other free host?</b></li>
+
+<p>The old addage "You get what you pay for" is particularly true for hosting services! However if you must use a free service (and recognise its limitations) you will find details on common pitfalls in our tutorials forum at <a href="http://www.phpbb.com/phpBB/">http://www.phpbb.com/phpBB/</a>.</p>
+
+<li><b>I am having problems with the admin at a certain board, help!</b></li>
+<li><b>A board has ripped off my graphics/software/etc., stop them!</b></li>
+<li><b>A board is dealing in warez/porn/etc., you need to prevent them doing this!</b></li>
+
+<p>We provide the software, we have absolutely nothing to do with any board that runs it (beyond phpbb.com of course!). The GPL grants the user an unlimited right of use subject to their adherence of that licence. Therefore we cannot prevent, dictate, control or otherwise limit the use of phpBB 2 software. So please do not contact us for such matters.</p>
+
+<p>If you have a problem with a given board please take it up with them, not us. We are not and cannot be held legally responsible for any third party use of this software (much like Microsoft et al cannot be held responsible for the use of Windows in illegal activities, etc.). Additionally we do <b>not</b> track the use of phpBB software in any way. So please do not ask us for details on a "given" board we will not be able to help you. If any law firms or lawyers out there send us writs, Cease and Desist orders, etc. for third party website use of this software we reserve the right to charge for time wasted dealing with such issues ...</p>
+
+<li><b>According to viewonline a user is doing/reading something they should not be able to!</b></li>
+
+<p>No, they probably are not. phpBB uses sessions to keep track of users as they move between pages. The session information tells us who this user is. Therefore in order to determine what a user can do on a page we first need the session details. Once this data is available we can check whether the user is permitted to do whatever it is they are trying to do. This can result in it appearing as if a user is reading a topic in a forum they should not be able to access. Or perhaps viewing private messages when they are only guests, etc. In practice the user is not doing these things, they are viewing a "You are not permitted to do this" type message. The session data has simply been updated before we were able to determine what the user could or could not do.</p>
+
+<p>Of course this only applies where permissions have been set correctly!</p>
+
+<li><b>I keep getting Mail sending errors when I (or my users) post/send PM's/etc.!</b></li>
+
+<p>This error will occur if phpBB cannot send mail. phpBB can send email two ways; using the PHP mail() function or directly via SMTP. Some hosting providers limit the mail() function to prevent its use in spamming, others may rename it or limit its functionality. In either case you may need to make use of SMTP. This requires that you have access to such a facility, e.g. your hosting provider may provide one (perhaps requiring specific written authorisation), etc. Note that if your provider requires authorisation we only support the simple AUTH method using plaintext username/password. We do not support secure sockets layer (SSL), POP3 send or any other method. Please see <a href="http://www.phpbb.com/phpBB/" target="_blank">http://www.phpbb.com/phpBB/</a> for additional help on this matter.</p>
+
+<p>If you do require SMTP services please do not ask (on our forums or elsewhere) for someone to provide you with one. Open relays are now things of the past thanks to the unthinking spammers out there. Therefore you are unlikely to find someone willing to offer you (free) services.</p>
+
+<li><b>My users are complaining that emails are not in their selected language!</b></li>
+
+<p>You must have deleted a language pack or the language pack is incomplete. phpBB will try to send emails in the users selected language. If it cannot find a suitable email template it will switch to the boards default language.</p>
+
+<li><b>The first four letters of my text disappeared when I hit submit!</b></li>
+
+<p>Some forms in phpBB make use of arrays to "post" or submit data, e.g. polls, forum management, etc. A bug exists in PHP 4.2.3 (and perhaps older versions) which can cause such data to lose the first four characters of text. This bug is related to the presence of the mbstring module and certain compile time parameters (the problem exists for both compiled in and modular version of mbstring). Please see: <a href="http://bugs.php.net/bug.php?id=19460" target="_blank">http://bugs.php.net/bug.php?id=19460</a> for more details. Note the bug is fixed in PHP CVS and thus future versions should be immune. Remember, this is <b>not</b> a bug in phpBB 2.</p>
+
+<li><b>My AOL based users keep getting logged out!</b></li>
+
+<p>phpBB2 uses sessions to keep track of users as they browse the board. These sessions use a combination of a unique session id and the users IP to identify each user. We make use of the IP as an extra safe-guard to help prevent sessions being hijacked (by discovering the unique session id).</p>
+
+<p>Unfortunately this only works when the users IP is constant as they browse the board. For most users this will be the case. However certain providers route their users via a cluster of proxys. In some cases, particularly AOL this results in different IPs being forwarded as the user moves between pages. We take account of this by not checking the entire IP but only the first "three quads". Again in most cases this will be fine. However again AOL uses IPs which can vary so much that checking only the first two quads results in a fairly static IP being available for session validation.</p>
+
+<p>If you are experiencing problems related to this you can make a small change to the code. Please note that reducing the IP validation length does potentially increase the risk of sessions being hijacked (this is something for you to consider, phpBB Group takes no responsibility should anything happen!). The change requires you to open the file sessions.php in the includes/ directory of the distribution. Find line 250, it contains the following <pre>$ip_check_s = substr($userdata['session_ip'], 0, 6);</pre>change this to: <pre>$ip_check_s = substr($userdata['session_ip'], 0, <b>4</b>);</pre>You need to make exactly the same change to the number 6 in the next line. Save the file (and upload it if required). This should reduce or eliminate the problem noted.</p></li>
+
+<li><b>I selected X for my timezone but the time is not correct!</b></li>
+
+<p>I suspect the time is correct but that you may have switched (locally) to daylight savings time. At present we do not support daylight savings only standard local times. Therefore during summer months (depending on whether your nation/state switches to daylight savings) the board times may appear to be <b>one hour</b> behind the <i>real</i> local time. The solution is to either put up with it (just let your users know) or to move the timezone of everyone who is affected (remember that not all your users may be from nations who have switched to daylight savings) on one hour, eg. GMT becomes GMT+1. This requires running some SQL and you should search our forums for information.</p>
+
+<p>If this is not the case then I suspect your servers time is at fault. phpBB 2 stores all times in the form of a unix timestamp. This is a 32bit integer value containing the number of seconds since the unix epoch event, 1st January 1970 00:00:00 GMT. This value is global in nature and will be the same wherever you are in the world. So, if your time is incorrect and you have selected the appropriate timezone chances are your server time is off.</p></li>
+
+<li><b>I am seeing &amp;#nnnn; sequences output instead of what I typed!</b></li>
+
+<p>To enable compliance with HTML and XHTML specifications as well as enabling browsers to automatically support a users selected language we enable a <i>charset</i> tag to be output to the browser. This identifies the primary character set the user has selected, eg. iso-8859-1 for Western European languages (English, German, French, etc.), windows-1251 for Cyrillic alphabets (Russian, Bulgarian, etc.) and so on. The downside to doing this is that most modern browsers (such as Internet Explorer) convert any character not present in that character set into what are termed <i>Numerical Character References</i> or NCR's. These take the form of &amp;#nnnn; where nnnn is the hexadecimal number of that characters UNICODE reference.</p>
+
+<p>Unfortunately PHP (which effectively supports only iso-8859-1 at this time) does not appear to attempt to process this data back into normal characters. Therefore phpBB treats them as text the user has entered and wishes to <i>see</i>. phpBB enables this  by turning the &amp; into &amp;amp;. This results in the characters appearing as they do. Although we could ignore &amp;#nnnn; (there are pro's and of course con's to doing so) at present we don't.</p>
+
+<p>If you are finding this to be problem the solution is to remove the <pre>charset={S_CONTENT_ENCODING}</pre> text from <b>all</b> the _header.tpl template files in all templates. The downside to this is a users browser will not automatically switch its charset to that selected by the user (however this is unlikely to be a big problem since users typically run their browser by default in the language they wish to use). Alternatively you can modify the $lang['ENCODING'] entry in the appropriate language file. Until PHP (and all browsers!) trully support UNICODE these problems will persist across all boards.</p></li>
+
+<li><b>I cannot search for certain words!</b>
+
+<p>phpBB 2 uses a Fulltext search system, this has both advantages and disadvantages. The advantage is that on large or busy forums it has far less impact on server load than <i>standard</i> search methods as used by many alternative forums (including phpBB 1.x). The disadvantage is that to reduce the size of the database (every post is examined and unique words stored in a table) we have to limit the size and type of words we store. By default words must contain at least three characters but no more than 25, they must be either alpha or combinations of alpha and numerals (numbers alone are not stored). In addition all non-alphanumeric characters are removed, eg. _, +, -, etc. This is standard practice for fulltext search solutions.</p>
+
+<p>A further downside is that non-latin alphabets, eg. Cyrillic, Greek, etc. require proper locale support to be compiled in and available on the server your board is running on. If this is not the case it is quite likely that words will not be properly indexed for storage. In many cases this can be recified by altering the setlocale(LC_ALL, '[LOCALE_HERE]'); statement in the appropriate language file. If you are experiencing problems you should change whatever is currently in place of [LOCALE_HERE] with the locale as available on your server. If you do not know this please ask your hosting provider. Some examples may be ru_RU.WIN_CP_1251 for the codepage used for the Russian translation, ko.KOI8 for Korean, etc.</p>
+
+<p>Please note that support for multibyte character sets remains very limited in PHP4 and therefore Japanese, Chinese, etc. may have difficulty getting the fulltext search working correctly at all.</p>
+
+<li><b>My screen is filled with errors when I try to view the forum!</b>
+
+<p>Are they errors? Are you sure they are not warnings? They probably are ... What you're seeing is PHP warn you about unset variables. Great care has been taken with phpBB 2.0 to ensure it is secure. Unset variables while being a potential security risk really shouldn't be in 2.0. Unfortunately some hosting providers have decided that any unset variables equal security problems and force PHP to output these warnings even though phpBB 2.0 is set to ignore them.</p>
+
+<p>We have worked some way toward checking and/or setting all variables before use but this will take time to complete (if it can be). Therefore I am afraid for the time being you will have to manually modify the code or ask your hosting provider to be more realistic with their setup.</p></li>
+
+<li><b>How do I use the avatar settings?</b>
+
+<p>There are three types of avatar; upload, remote and local.</p>
+<p><ul>
+<li>Upload types require you to create a directory (the default is images/avatars) and to set this to public read/write (ie. chmod a+rw), users can then upload avatars (subject to width, height and size limits definable by you).</li>
+<li>Remote avatars allow the user to supply a URI pointing to an image available on the internet, <b>PLEASE NOTE</b> that size limits do not apply to remote avatars!</li>
+<li>Local avatars allow you to upload your own avatars to a set directory, users can then pick from this avatar gallery. The default location for this is images/avatars/gallery. PLEASE NOTE that avatars are categorised according to sub-folders in this location! ie. you <b>MUST</b> place your avatars in subdirectories, eg. images/avatars/gallery/cartoons, images/avatars/gallery/real-life, etc.</li>
+</ul></p></li>
+
+<li><b>No matter what I set the uploadable avatars to I cannot upload one from my computer!</b>
+
+<p>There are two possibilities here, the first is you have not created the directory you specified as the storage location for avatars, ie. as specified in the Admin->General Configuration->Avatars section. If the directory does not exist uploadeable avatars are automatically disabled. You should create the required directory (ensuring it has global write access or other appropriate permissions to allow the webserver to write files to it).</p>
+
+<p>The second possibility is that your provider has disabled file_upload support, possibly because of a recently found serious security issue with PHP before version 4.1.2. You should contact your provider and ask them if this is the case. It may be unrelated to the security issue and your provider has simply decided to disable such things in general. In either case I'm afraid there is not a lot you can do, there are still three other avatar settings left to choose from including uploading via a URL which will work fine</p></li>
+
+<li><b>I just cannot get gallery avatars to appear!</b>
+
+<p>Chances are you have not followed our instructions above. phpBB 2 categorises gallery avatars and it does this by reading through folders contained in the location you specified as being the gallery path. For example, if you set the gallery path to "images/avatars/gallery" phpBB 2 will expect to find a series of folders within that path, eg. "images/avatars/gallery/moviestars", "images/avatars/gallery/cartoons", "images/avatars/gallery/misc", etc. Placing images directly in "images/avatars/gallery/" will result in nothing being listed in your gallery.</p></li>
+
+<li><b>How do I set forum permissions?</b>
+
+<p>You set forum permissions from the administration control panel -> Forums -> Permissions. This system has two modes of operation; Simple and Advanced. Simple uses a set of pre-defined authorisation levels, these set each type of authorisation setting to a specific level. Advanced settings allow you to specify individual levels for each operation in each forum. Experiment!</p></li>
+
+<li><b>How do I set user and group permissions?</b>
+
+<p>These are set from Admin -> Users (Groups) -> Permissions. The system may appear strange but it's very powerful. When you look up a user or group it will give you basic information (at the top of the page) followed by the available forum listing and current settings for this user. You can assign moderator status to users and groups and if you have PRIVATE forums (or forums with any of their individual operations set to PRIVATE) you can also assign access.</p></li>
+
+<li><b>How do I set a user (group) as moderator?</b>
+
+<p>See above</p></li>
+
+<li><b>Why are there no entries in the user (group) permission "Allow Access" column?</b>
+
+<p>You can only allow (or deny) users access to PRIVATE forums, or forums which have one or more operations set to PRIVATE</p></li>
+
+<li><b>How come I cannot set "Vote" to ALL?</b></li>
+
+<p>phpBB does not by default allow guest voting. This was done to prevent guest users (who cannot be reliably tracked) from voting time and time again in the same poll. There is a Mod available if you really need this feature, please see our Mod forums at <a href="http://www.phpbb.com/phpBB/">http://www.phpbb.com/phpBB/</a>.</p>
+
+<li><b>I (or my users) cannot stay logged in to the forum!</b>
+
+<p>If you (or your users) are, after attempting a login, being returned to the index (or other page) without appearing to be logged in the most likely problem is incorrect cookie settings. phpBB 2 uses cookies to store a session id and a small amount of user data. For this data to be stored correctly the cookie domain, path and secure settings must be correct. You can check this in Admin->General Configuration->Cookie settings. Typically the cookie domain can be left blank and the cookie path set to / (a single forward slash). Do <b>not</b> set the cookie as being secure unless your board is running over a secure sockets layer connection, ie. https://</p>
+
+<p>If you still have problems try setting the cookie domain to your full domain name, eg. www.mysystem.tld, www.something.mydomain.tld. You <b>must</b> ensure the domain name contains at least two dots or browsers will be unlikely to recognise the cookie, eg. .mydomain.com, mydomain.com. Do <b>not</b> add http:// or anything else to the domain name!</p></li>
+
+<li><b>My users are complaining about being logged out too quickly!</b>
+
+<p>You can increase the default length of sessions (ie. how long before a users session is considered 'dead') in Admin->General->Configuration->Cookie Settings->Session Length. Set it to whatever value your users feel comfortable with, remember that security issues may affect your decision (ie. having too long a session may allow non-users to abuse your board should a user forget to logout or otherwise leave a current session on a public workstation).</p></li>
+
+<li><b>I am having problems with HTML!</b>
+
+<p>If you want to allow your users to make use of HTML in posts you need to do two things. Firstly enable HTML in Admin -> General -> Configuration. Secondly to need to make sure that the tags your users will post are in the Allowed HTML Tags field (again Admin -> General -> Configuration). If users post using tags not on this list they won't be displayed as HTML! eg. to enable someone to post Flash you could add the embed tag to this field. Be careful which tags you allow, it is very easy to break the boards own output if the wrong tags are used in posts. </p></p></li>
+
+<li><b>Can I suggest a feature for phpBB 2.2?</b>
+
+<p>Yes you most certainly can, phpBB 2.0.0 is now feature frozen and only bug fix releases will be made from this line. However, work has already started on the next release of phpBB, phpBB 2.2. We already have a number of features in mind and these are listed on our task manager:</p>
+
+<p><a href="http://sourceforge.net/pm/task.php?group_project_id=13524&group_id=7885&func=browse" target="_tasks">http://sourceforge.net/pm/task.php?group_project_id=13524&group_id=7885&func=browse</a>.</p>
+
+<p>Some of these features will also be discussed on forums at <a href="http://www.phpbb.com/phpBB/">http://www.phpbb.com/phpBB/</a>.</p>
+
+<p>To suggest a feature first consult the task list mentioned above, if your idea is already listed then the chances are good that it will appear in 2.2. If your suggestion is not listed please submit it to our feature request tracker:</p>
+
+<p><a href="http://sourceforge.net/tracker/index.php?group_id=7885&atid=357885" target="_features">http://sourceforge.net/tracker/index.php?group_id=7885&atid=357885</a>.</p>
+
+<p>Before submitting please read through the already present suggestions, if one matches or is similar to yours please add to it rather than creating a new entry.</p>
+
+<p>We make no promises to the inclusion of features but we will endeavour to introduce the most requested or most interesting ones.</p></li>
+
+<li><b>Why is phpBB 1.x faster than phpBB 2.0?</b>
+
+<p>The original phpBB 1.0 saw a very large decrease in page generation times from version 1.0/1.2 to 1.4. This was achieved by rewriting many of the SQL queries and splitting the database. These changes came about from work on phpBB 2.0. With phpBB 2.0 we have introduced numerous additional functions and features, not least of which is full templating (the separation of page design from code). This results in a slowdown from phpBB 1.4, we suspect though that the new features will outweigh the small difference in page generation times.</p></p></li>
+
+
+<li><b>My question isn't answered here!</b>
+
+Feel free to search our community forum for the information you require. <b>PLEASE DO NOT</b> post your question without having first used search, chances are someone has already asked and answered your question. You can find our board here:</p>
+
+<p><a href="http://www.phpbb.com/phpBB/" target="_new">http://www.phpbb.com/phpBB/</a></p></li>
+
+</ol>
+
+<h2><u>Copyright and disclaimer</u></h2>
+
+<p>This application is opensource software released under the <a href="http://www.gnu.org/licenses/gpl.html" target="_new">GPL</a>. Please see source code and the Docs directory for more details. This package and its contents are Copyright <20> 2002 <a href="http://www.phpbb.com/" target="_new">phpBB Group</a>, All Rights Reserved.</p>
+<!-- END DOCUMENT -->
+
+				</td>
+			</tr>
+		</table></td>
+	</tr>
+</table>
+
+</body>
+</html>

phpBB/docs/INSTALL.html

@@ -0,0 +1,259 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html">
+<meta http-equiv="Content-Style-Type" content="text/css">
+<title>phpBB 2.0.15 :: Install</title>
+<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css">
+<style type="text/css">
+<!--
+p,ul,td {font-size:10pt;}
+.h2 {font-size:15pt;font-weight:bold;color:red}
+.h3 {font-size:12pt;color:blue}
+//-->
+</style>
+</head>
+<body bgcolor="#E5E5E5" text="#000000" link="#006699" vlink="#006699">
+
+<table width="100%" border="0" cellspacing="0" cellpadding="10" align="center">
+	<tr>
+		<td class="bodyline"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+	<tr>
+		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.15 INSTALL</span></td>
+	</tr>
+</table>
+
+<!-- BEGIN DOCUMENT -->
+<p align="center"><b>Please read this document completely before proceeding with installation.</b></p>
+
+<p>Please note these instructions are not fully comprehensive, a more thorough userguide will be available on the phpBB website in the near future. However, this document will walk you through the basics on installing the forum software.</p>
+
+<p>A basic overview of running phpBB 2.0.15 can be found in the accompanying <a href="README.html">README</a> documentation. Please ensure you read that document in addition to this! For more detailed information on using phpBB 2 you should read <a href="http://www.phpbb.com/support/guide/" target="_new">Userguide</a> now available online.</p>
+
+<ol>
+<li><a href="#quickinstall">Quick Install</a></li>
+<li><a href="#require">Requirements</a></li>
+<li><a href="#install">New Installations</a></li>
+<ol type="i">
+<li><a href="#fileext">Changing the file extension</a></li>
+<li><a href="#phpBB1x">Replacing an old phpBB 1.x install</a></li>
+<li><a href="#nonaccess">Installing on MySQL 3 and 4, PostgreSQL 7.x, MS SQL 7/2000 (inc. via ODBC)</a></li>
+<li><a href="#access">Installing on MS Access 2000/XP</a></li>
+<li><a href="#requireddata">Entering required data</a></li>
+<li><a href="#completeinstall">Completing installation</a></li>
+</ol>
+<li><a href="#upgrade1.x">Upgrade from phpBB 1.4.x</a></li>
+<li><a href="#upgradeb1">Upgrade from phpBB 2.0 beta-1</a></li>
+<li><a href="#upgradeRC">Upgrade from previous Release Candidate versions of phpBB 2</a></li>
+<ol type="i">
+<li><a href="#langtempchanges">Changes in language pack format and templates</a></li>
+</ol>
+<li><a href="#upgradeSTABLE">Upgrade from stable releases of phpBB 2.0.x</a></li>
+<ol>
+	<li><a href="#upgradeSTABLE_full">Full package</a></li>
+	<li><a href="#upgradeSTABLE_files">Changed files only</a></li>
+	<li><a href="#upgradeSTABLE_patch">Patch file</a></li>
+	<li><a href="#upgradeSTABLE_all">All package types</a></li>
+</ol>
+<li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a></li>
+<ol type="i">
+<li><a href="#avatars">Uploadable avatars</a></li>
+<li><a href="#safemode">Safe Mode</a></li>
+<li><a href="#extras">Optional extras</a></li>
+</ol>
+<li><a href="#disclaimer">Disclaimer</a></li>
+</ol>
+
+<a name="quickinstall"></a><h2 class="h2"><u>1. Quick Install</u></h2>
+
+<p>If you have basic knowledge of using FTP and are sure your hosting service or server will run phpBB 2 you can use these steps to quickly get started. For a more detailed explanation you should skip this and go to <a href="#require">section 2</a> below.</p>
+
+<ol>
+<li>Decompress the phpBB 2 archive to a local directory on your system.</li>
+<li>Upload all the files contained in this archive (retaining the directory structure) to a web accessible directory on your server or hosting account.
+<li>Change the permissions on config.php to be writeable by all (666 or -rw-rw-rw- within your FTP Client)</li>
+<li>Using your web browser visit the location you placed phpBB 2 with the addition of install/install.php, e.g. http://www.mydomain.com/phpBB2/install/install.php, http://www.mydomain.com/forum/install/install.php etc.
+<li>Fill out all the requested information and hit <i>Submit</i></li>
+<li>Change the permissions on config.php to be writeable only by yourself (644 or -rw-r--r-- within your FTP Client)</li>
+<li>Click the <i>Complete Installation</i> button or revisit the location you entered above.</li>
+<li>phpBB 2 should now be available, please <b>MAKE SURE</b> you read at least <a href="#postinstall">Section 8</a> below for important, security related post-installation instructions.</li>
+</ol>
+
+<p>If you experienced problems or do not know how to proceed with any of the steps above please read the rest of this document.</p>
+
+<a name="require"></a><h2 class="h2"><u>2. Requirements</u></h2>
+
+<p>Installation of phpBB2 requires the following:</p>
+<ul>
+<li>A webserver or web hosting account running on any major Operating System</li>
+<li>A SQL database system, <b>one of</b>:
+	<ul>
+		<li>MySQL (3.22 or higher)</li>
+		<li>PostgreSQL 7.0.3 or higher (preferably 7.1.x or 7.2.x)</li>
+		<li>MS SQL Server (7 or 2000) directly or via ODBC</li>
+		<li>MS Access (2000 or XP) via ODBC</li>
+	</ul>
+</li>
+<li>PHP (4.0.3 and above) with support for the database you intend to use above</li>
+</ul>
+
+<p>If your server or hosting account does not meet the requirements above I am afraid phpBB 2.0 is not for you.</p>
+
+<a name="install"></a><h2 class="h2"><u>3. New Installations</u></h2>
+
+<p>Installation of phpBB 2 will vary according to your server and database. If you have <i>shell access</i> to your account (via telnet or ssh for example) you may want to upload the entire phpBB 2 archive (in binary mode!) to a directory on your host and unarchive it there.</p>
+
+<p>If you do not have shell access or do not wish to use it you will need to decompress the phpBB 2 archive to a local directory on your system using your favourite compression program, e.g. winzip, rar, zip, etc. From there you must FTP <b>ALL</b> the files it contains (being sure to retain the directory structure and filenames) to your host. Please ensure that the cases of filenames are retained, do <b>NOT</b> force filenames to all lower or upper case doing so will cause errors later.</p>
+
+<p>All .php, .inc, .sql, .cfg and .htm files should be uploaded in <b>ASCII</b> mode, while all graphics should be uploaded in <b>BINARY</b> mode. If you are unfamiliar with what this means please refer to your FTP client documentation. In most cases this is all handled transparantly by your ftp client but if you encounter problems later you should be sure the files where uploaded correctly as described here.</p>
+
+<p>phpBB2 comes supplied with English as its standard language. However a number of seperate packs for different languages are available. If you are not a native English speaker you may wish to install one or more of these packages before continuing. The installation process below will allow you to select a default language from those available (you can of course change this default at a later stage). For more details of language packs, where to obtain them and how to install them please see the <a href="README.html#i18n">README</a>.</p>
+
+<p>Once all the files have been uploaded to your site you should point your browser at this location with the addition of install/install.php (please note that if you changed the extension from php, see <a href="#fileext">Section 3.i</a> below, you should alter install.php appropriately). For example if your domain name is <i>www.mydomain.tld</i> and you placed phpBB 2 in a directory /phpBB2 off your web root you would enter <i>http://www.mydomain.tld/phpBB2/install/install.php</i> into your browser. When you have done this you should see the phpBB 2 Installation screen appear.</p>
+
+<a name="fileext"></a><h3 class="h3">3.i. Changing the file extension</h3>
+
+<p>If the file extension used to execute PHP scripts on your server is <b>NOT</b> .php but for example .php3 or .phtml you should first rename <b>ALL</b> files ending in .php and change the value of $phpEx in <u>extension.inc</u>. In the vast majority of cases this step will be unncessary.</p>
+
+<a name="phpBB1x"></a><h3 class="h3">3.ii. Replacing an old phpBB 1.x install</h3>
+
+<p><b>NOTE</b>, you should <b>NOT</b> place phpBB 2 files into the same directory as any previous installation of phpBB 1.x! Create a new directory (or move your old phpBB 1.x out of the way), failure to do this will result in runtime errors.</p>
+
+<a name="nonaccess"></a><h3 class="h3">3.iii. Installing on MySQL 3 and 4, PostgreSQL 7.x, MS SQL 7/2000 (inc. via ODBC)</h3>
+
+<p><b>Before proceeding</b> with installation you should ensure you have a database available. Most good hosting accounts now come with at least one database as part of the basic package although it may need to be setup before first use. Ask your provider for details if you are unsure whether you do or not. If you are running your own server and are unsure how to create a database you should refer to your SQL servers documentation or website, e.g. <a href="http://www.mysql.com/doc/" target="_new">http://www.mysql.com/doc/</a>, <a href="http://www.postgresql.org/users-lounge/" target="_new">http://www.postgresql.org/users-lounge/</a>, etc.</p>
+
+<p>If your database server is MySQL <b>PLEASE</b> ensure you select the appropriate version from the dropdown box. Do <b>NOT</b> select MySQL 4.x if you have MySQL 3.x (the most common type) installed, if in doubt select MySQL 3.x.</p>
+
+<a name="access"></a><h3 class="h3">3.iv. Installing on MS Access 2000/XP</h3>
+
+<p>Before you install phpBB 2 you need to create a <b>Data Source Name</b> or <b>DSN</b>. The exact way to do this will depend on your hosting provider, if you are unsure you should check with them before proceeding. In general though you should create a System DSN which points to the location where you have stored an unarchived copy of the ms_access_primer.mdb file (this is contained in the ms_access_primer.zip which can be found in <u>install/schemas/</u>). The name you give this DSN will be used during installation. Do not proceed until this step is complete!</p>
+
+<p>Please note that MS Access support is not designed for busy boards. If you anticipate more than one or two users being online at any given time you should upgrade to a more robust server solution.</p>
+
+<a name="requireddata"></a><h3 class="h3">3.v. Entering required data</h3>
+
+<p>Once you have reached the installation page you need to fill out several fields. Be sure to select the right <u>database type</u>! If you do not have or do not know the <u>database name</u>, <u>database server</u>, etc. please check with your hosting provider. For <b>non-ODBC</b> databases the database server is typically localhost but this is <b>NOT</b> universal! If you are using an ODBC based database (such as MS Access or MSSQL via ODBC) you should enter the DSN here (see 2.iv.).</p>
+
+<p>The <u>database prefix</u> allows you to enter a few characters, short name, etc. which all tables used by this installation will be prefixed with. The default (phpbb_) will usually be fine. However if you have more than one copy of phpBB 2 using the same database be sure to alter it or you will receive errors during installation.</p>
+
+<p>The remaining information is personal to you and your site. You will need to enter a <u>username</u> and <u>password</u> for the initial administration account (more administrators can be created later). The <u>server name</u>, <u>server port</u> and <u>script path</u> are essential because all emails containing URLs will use these values. The installer will guess initial values, however they may not be correct so be sure to check them!</p>
+
+<p>Remember that a domain (or server) name does <b>NOT</b> include http://! Enter just the domain name, eg. <i>www.mydomain.tld</i> and <b>NOT</b> <i>http://www.mydomain.tld/</i>. The server port can, in the great majority of cases be left as 80, this is the standard http port. However if your web server listens to a different port because for example port 80 is blocked then alter this appropriately. The script path is the relative path from your webroot where phpBB 2 is installed, e.g. if you install phpBB 2 into phpBB 2/ in your webroot then enter phpBB 2 (or /phpBB 2/) as the script path.</p>
+
+<a name="completeinstall"></a><h3 class="h3">3.vi. Completing installation</h3>
+
+<p>Once you have checked all the data press submit. The installation script will create and populate all the necessary tables. It will then attempt to write to the <u>config.php</u> file which will contain the basic configuration data used to run phpBB 2. If the installer cannot write <u>config.php</u> directly you will be given the option of either downloading the file or even FTPing it to the correct location. If you choose to download you should then re-upload the file to your server, overwriting the existing <u>config.php</u> in the process. If you attempt to FTP via the install script you should supply the requested information. Should FTP fail you will be able to download the file and then re-upload as described earlier.</p>
+
+<p>During the installation procedure phpBB 2 will check to ensure the relevant PHP database module is available and will not proceed if it cannot be found. Should this happen be sure to check you have selected the correct database and/or ask your hosting provider for advice.</p>
+
+<p><b>Do not</b> proceed untill the installation is completed and (if necessary) you have uploaded the <u>config.php</u> file.</p>
+
+<a name="upgrade1.x"></a><h2 class="h2"><u>4. Upgrade from phpBB 1.4.x</u></h2>
+
+<p>Before upgrading we heavily recommend you do a <u>full backup of your database</u>! If you are unsure how to achieve this please ask your hosting provider for advice. One you have backed up your database you should follow the basic instructions given for <a href="#install">New Installations</a> above. <b>However</b> instead of selecting <u>Install</u> as the <i>Installation Method</i> you should select <u>Upgrade</u>.</p>
+
+<p>As with install the upgrade is automated. The config.php will be written automatically (if possible, else you will be able to download a copy as with New Installation above). Once the config.php is in place everything should proceed without error. Please note that this upgrading process may take quite some time and depending on your hosting provider this may result in it failing (due to web server or other timeout issues). If this is the case you should ask your provider if they are willing to allow the upgrade script to temporarily exceed their limits (be nice and they will probably be quite helpful).</p>
+
+<p>Once completed your board should be immediately available. If you encountered errors you should restore your original database and report the problems to our bug tracker or seek help via our forums (see <a href="README.html">README</a> for details).</p>
+
+<a name="upgradeb1"></a><h2 class="h2"><u>5. Upgrade from phpBB 2.0 beta-1</u></h2>
+
+<p>Sorry but no direct upgrade is available from beta-1 (we did warn you!). If you are reasonably confident with the use of SQL, etc. you may be able to make the required changes to the database manually. You will need to examine the CVS check-ins to determine what needs changing where.</p>
+
+<a name="upgradeRC"></a><h2 class="h2"><u>6. Upgrade from previous Release Candidate versions of phpBB 2</u></h2>
+
+<p>Upgrading from these versions is generally quite easy. First you should make a copy of your existing <u>config.php</u>, keep it in a safe place! Next delete all the existing phpBB 2 files, do not leave any in place otherwise you may encounter errors later. You can leave alternative templates in-place but you should note they may not function correctly with the final release. It is therefore recommended you switch back to subSilver if you are currently using a different style. With this complete you can upload the new phpBB 2.0.0 files (see <a href="#install">New Installations</a> for details if necessary). Once complete copy back your saved <u>config.php</u>, replacing the new one.</p>
+
+<p>You should now run <b>install/update_to_latest.php</b> which, depending on your previous version, will make a number of database changes. You may receive <u>FAILURES</u> during this procedure, they should not be a cause for concern unless you see an actual <u>ERROR</u>, in which case the script will stop (in this case you should seek help via our forums or bug tracker).</p>
+
+<p><b>RC-2 and below MSSQL users</b>, please note that during the update procedure your existing forums table will be dropped and re-created. All data in standard fields will be retained. However if you have modified the forums table and added additional fields or altered existing ones these changes <b>WILL</b> be lost. If this is a significant issue for you we advise you comment out the "DROP FORUM TABLE" section in update_to_latest.php and instead, manually alter the forum_id column to remove the IDENTITY setting (if it exists).</p>
+
+<p>Once the update_to_latest.php has completed you <b>MUST</b> proceed to the Administration General Configuration panel and check all the values in General Configuration. This is essential if you were running any version before RC-3 since extra information needs to be entered to enable correct URLs to be output in emails.</p>
+
+<a name="langtempchanges"></a><h3 class="h3">6.i. Changes in language pack format and templates</h3>
+
+<p>Please note that changes have been made to the format of language, image localisations and templates from previous RC's to FINAL. If you were running a release candidate prior to RC-3 you will <b>need</b> to download new language and image localisation packs. You can safely delete any existing <u>*_lang.gif</u> files in the subSilver/images directory since these are no longer utilised. If you are using or have installed any 3rd party template set you must either remove it or update it. Changes have been made to a number of template variables which will result in these not working unless they have been updated to meet phpBB 2.0.x standards.</p>
+
+<a name="upgradeSTABLE"></a><h2 class="h2"><u>7. Upgrade from previous stable (released) versions of phpBB 2</u></h2>
+
+<p>If you are currently using a stable release of phpBB 2 updating to this version is straightforward. You would have downloaded one of three packages and your choice determines what you need to do. <b>Please Note</b>: That before upgrading we heavily recommend you do a <u>full backup of your database and existing phpBB2 source files</u>! If you are unsure how to achieve this please ask your hosting provider for advice.</p>
+
+<p><b>MySQL Users Please Note</b>: Changes introduced in 2.0.4 may increase the size of your database, more specifically the search_wordmatch table. There are other changes in that release which are designed to reduce the database size. However these additional changes may not apply to all types of forum (particularly non-English boards). While any increases will be relatively small compared to the overall database size it may be an issue for some users. In particular users on hosting plans which limit database size and where the database is near that limit.</p>
+
+<p><b>Please make sure you update your phpBB2 source files too, even if you run the update_to_latest.php file.</b></p>
+
+<a name="#upgradeSTABLE_full"></a><h3 class="h3">7.i. Full package</h3>
+
+<p>If you have downloaded the full package you should follow the same general upgrade path as for "<a href="#upgradeRC">Upgrade from previous Release Candidate versions of phpBB 2</a>". The exception to this being the need to switch or update styles. In addition there is generally little need to visit the admin panel (though it is adviseable).</p>
+
+<a name="#upgradeSTABLE_files"></a><h3 class="h3">7.ii. Changed files only</h3>
+
+<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.14 you should select the phpBB-2.0.14_to_2.0.15.zip/tar.gz file.</p>
+
+<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any Mods these files will overwrite the originals possibly destroying them in the process. You will need to re-add Mods to any affected file before uploading.</p>
+
+<p>As for the other upgrade procedures you should run <b>install/update_to_latest.php</b> after you have finished updating the files. This will update your database schema and increment the version number.</p>
+
+<a name="#upgradeSTABLE_patch"></a><h3 class="h3">7.iii. Patch file</h3>
+
+<p>The patch file is probably the best solution for those with many Mods or other changes who do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <b>patch</b> application.</p>
+
+<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.14 you need the phpBB-2.0.14_to_2.0.15.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+
+<p>If you do get failures you should look at using the <a href="#upgradeSTABLE_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Mods to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
+
+<p>You should of course delete the patch file (or files) after use. As for the other upgrade procedures you should run <b>install/update_to_latest.php</b> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number.</p>
+
+<a name="#upgradeSTABLE_all"></a><h3 class="h3">7.iv. All package types</h3>
+
+<p>If you have non-English language packs installed you may want to see if a new version has been made available. A number of missing strings have been added which, though not essential, may be beneficial to users. Please note that at this time not all language packs have been updated so you should be prepared to periodically check for updates.</p>
+
+<a name="postinstall"></a><h2 class="h2"><u>8. Important (security related) post-Install tasks for all installation methods</u></h2>
+
+<p>Once you have succssfully installed phpBB 2.0.x you <b>MUST</b> ensure you remove the entire install/ and contrib/ directories. Leaving these in place is a <u>very serious potential security issue</u> which may lead to deletion or alteration of files, etc. Please note that until these directories are remove phpBB2 will not operate and a warning message will be displayed. Beyond these <b>essential</b> deletions you may also wish to delete the docs/ directories if you wish.</p>
+
+<p>With these directories deleted you should proceed to the administration panel. Depending on how the installation completed you may have been directed there automatically. If not, login as the administrator you specified during install/upgrade and click the "<b>Administration Panel</b>" link at the bottom of any page. Ensure that details specified in General -> Configuration are correct!</p>
+
+<a name="avatars"></a><h3 class="h3">8.i. Uploadable avatars</h3>
+
+<p>phpBB 2 supports several methods for allowing users to select their own <i>avatar</i> (an avatar is a small image generally unique to a user and displayed just below their username in posts).</p>
+
+<p>Two of these options allow users to upload an avatar from their machine or a remote location (via a URL). If you wish to enable this function you should first ensure the correct paths for uploadeable avatars is set in Admin -> General -> Configuration -> Avatars. By default this is <u>images/avatars</u> but you can set it to whatever you like, just ensure the configuration setting is updated. You must also ensure this directory can be written to by the webserver. Usually this means you have to alter its permissions to allow anyone to read and write to. Exactly how you should do this depends on your ftp client or server operating system.</p>
+
+<p>On UNIX systems for example you set the directory to a+rwx (or ugo+rwx or even 777). This can be done from a command line on your server using chmod or via your FTP client (using the Change Permissions, chmod or other Permissions dialoge box, see your FTP clients documentation for help). Most FTP clients list permissions in the form of User (Read, Write, Execute), Group (Read, Write, Execute) and Other (Read, Write, Execute). You need to tick all of these boxes to set correct permissions.</p>
+
+<p>On Windows system you need to ensure the directory is not write-protected and that it has global write permissions (see your servers documentation or contact your hosting provider if you are unsure on how to achieve this).</p>
+
+<p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there out to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p>
+
+<a name="safemode"></a><h3 class="h3">8.ii. Safe Mode</h3>
+
+<p>phpBB 2.0.x includes support for using uploadable avatars on systems running PHP in safe mode. If this applies to your hosting service you will need to create a sub-directory called <u>tmp</u> in the directory you specified for storage of uploaded avatars (by default this is images/avatars as explained above). Give it the same access rights as for uploadable avatars above.</p>
+
+<p>This safe mode support includes compatibility with various directory restrictions your host may impose (assuming they are not too restrictive and that the PHP installed is version 4.0.3 or later). There is generally no need for any manual setup for safe mode support it is typically handled transparantly.</p>
+
+<a name="extras"></a><h3 class="h3">8.iii. Optional extras</h3>
+
+<p>Included with this package are two extra (optional) files, you will find them in the <u>contrib/</u> directory. These extras, <i>template_file_cache.php</i> and <i>template_db_cache.php</i> address concerns over server load and page generation times on slower or heavily loaded systems. These updated template modules compile each template and uses this rather than compiling each file everytime it is viewed. Tests seem to indicate a noticeable decrease in page generation times and more importantly a significant decrease in overall server load in virtual hosting environments.</p>
+
+<p>You should see the <a href="../contrib/README.html">README</a> contained within the contrib directory for more details.</p>
+
+<a name="disclaimer"></a><h2 class="h2"><u>9. Copyright and disclaimer</u></h2>
+
+<p>This application is opensource software released under the <a href="http://www.gnu.org/licenses/gpl.html" target="_new">GPL</a>. Please see source code and the Docs directory for more details. This package and its contents are Copyright <20> 2002 <a href="http://www.phpbb.com/" target="_new">phpBB Group</a>, All Rights Reserved.</p>
+<!-- END DOCUMENT -->
+
+				</td>
+			</tr>
+		</table></td>
+	</tr>
+</table>
+
+</body>
+</html>

phpBB/docs/README.html

@@ -0,0 +1,224 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html">
+<meta http-equiv="Content-Style-Type" content="text/css">
+<title>phpBB 2.0.15 :: Readme</title>
+<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
+<style type="text/css">
+<!--
+p,ul,td {font-size:10pt;}
+.h2 {font-size:15pt;font-weight:bold;color:red}
+.h3 {font-size:12pt;color:blue}
+//-->
+</style>
+</head>
+<body bgcolor="#E5E5E5" text="#000000" link="#006699" vlink="#006699">
+
+<table width="100%" border="0" cellspacing="0" cellpadding="10" align="center">
+	<tr>
+		<td class="bodyline"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+			<tr>
+				<td>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="0">
+	<tr>
+		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.15 README</span></td>
+	</tr>
+</table>
+
+<!-- BEGIN DOCUMENT -->
+<p>Thank you for downloading phpBB 2, the long awaited re-write of the popular phpBB 1.x online community forum. This README will guide through the basics of installation and operation of phpBB 2. Please ensure you read this and the accompanying documentation fully <b>before</b> proceeding with the installation.</p>
+
+<ol>
+<li><a href="#install">Installing phpBB 2</a></li>
+<li><a href="#run">Running phpBB 2</a></li>
+<ol type="i">
+	<li><a href="#i18n">Internationalisation (i18n)</a></li>
+	<li><a href="#styles">Styles</a></li>
+	<li><a href="#mods">Mods</a></li>
+</ol>
+<li><a href="#help">Getting help with phpBB 2</a></li>
+<ol type="i">
+	<li><a href="#userguide">Userguide</a></li>
+	<li><a href="#website">Community Forums</a></li>
+	<li><a href="#irc">Internet Relay Chat</a></li>
+</ol>
+<li><a href="#status">Status of this version</a></li>
+<li><a href="#bugs">Reporting Bugs</a></li>
+<ol>
+	<li><a href="#securitybugs">Security related bugs</a></li>
+</ol>
+<li><a href="#curbugs">Overview of current bug list</a></li>
+<li><a href="#php">PHP compatibility issues</a></li>
+<ol type="i">
+	<li><a href="#phpsec">Notice on PHP security issues</a></li>
+</ol>
+<li><a href="#disclaimer">Disclaimer</a></li>
+</ol>
+
+<a name="install"></a><h2 class="h2"><u>1. Installing phpBB 2</u></h2>
+
+<p>Installation and upgrade instructions can be found in the <a href="INSTALL.html">INSTALL</a> document contained in this distribution. If you are intending to upgrade from a previous phpBB 1.4.x installation we highly recommend you backup any existing data before proceeding!</p>
+
+<p><b>Please note</b> that users of Release Candidate (RC) versions of phpBB 2 should run the update_to_latest.php script <b>BEFORE</b> attempting to access your board. Failing to do so may result in errors and unexpected behaviour! While these won't do any damage they will prevent you using your board.</p>
+
+<p>If you are using RC-1 (pre) you may find some other DB changes have occured and should examine the schemas to see if your installation requires any modifications (note that most of these have already been discussed on the phpBB 2 forums and are handled by the update script). If you are uncomfortable doing any of this we recommend you re-install (you may backup your existing data if you wish, re-install phpBB 2 and then insert your backup).</p>
+
+<p>Users of phpBB 2.0 Beta-1 cannot directly upgrade to phpBB 2.0 RC-2, 3 or 4, sorry.</p>
+
+<a name="run"></a><h2 class="h2"><u>2. Running phpBB 2</u></h2>
+
+<p>Once installed phpBB 2.0 is easily managed by both admin and moderator control panels. If you need help or advice with phpBB 2 please see <a href="#help">Section 3</a> below.</p>
+
+<a name="i18n"></a><h3 class="h3">2.i. Internationalisation, i18n</h3>
+
+<p>A number of language packs and subSilver localisations are now available. You can find them on our official download page:</p>
+
+<p><a href="http://www.phpbb.com/downloads.php#lang" target="_new">http://www.phpbb.com/downloads.php</a></p>
+
+<p>This is the <i>Official</i> location for all support language sets. If you download a package from a 3rd party site you do so with the understanding that we cannot offer support. So please, do not ask for help in these cases!</p>
+
+<p>Installation of these packages is straightforward, simply download the required language pack and unarchive it into the languages/ folder. Please ensure you retain the directory structure when doing this! To install the subSilver image packs you should unarchive the file/s into the templates/subSilver/images directory, again you must retain the directory structure. Once installed the languages will become immediately available.</p>
+
+<p>If your language is not available please visit our forums where you will find a topic listing translations currently available or in preparation. This topic also gives you information should you wish to volunteer to translate a language not currently listed</p>
+
+<p><b>Please note</b> that users who have upgraded to the latest version from versions prior to RC-3 should will <b>need</b> to download new versions of the language/subSilver image packs. Any package downloaded prior to the availability of RC-3 will <b>not</b> function correctly with this version of phpBB 2.</p>
+
+<p>If you have upgraded from 2.0.0 and make use of non-English language packs you will benefit from downloading updated versions which will become available shortly. These introduce a number of strings which went missing from the first version plus a few updates and additions.</p>
+
+<a name="styles"></a><h3 class="h3">2.ii. Styles</h3>
+
+<p>Although phpBB Group are rather proud of the subSilver style (which has influenced many of our competitors boards <i>updated</i> designs!) we realise that it may not be to everyones tastes. Therefore phpBB 2 allows styles to be switched with relative ease. Firstly you need to locate and download a style you like. We maintain such a site at</p>
+
+<p><a href="http://www.phpbb.com/styles/" target="_new">http://www.phpbb.com/styles/</a></p>
+
+<p><b>Please note</b> that 3rd party styles downloaded for versions of phpBB 2 prior to its final (2.0.x) release will <b>not</b> function correctly. You should either remove these styles or (if available) update them to meet changes in 2.0.x.</p>
+
+<p>Once you have downloaded a style the usual next step is to unarchive (or upload the unarchived contents of) the package into your templates/ directory. You then need to visit Administration -> Styles -> Add, you should see the new style available, click add and it will become available for all your users.</p>
+
+<a name="mods"></a><h3 class="h3">2.iii. Mods</h3>
+
+<p>Although not officially supported by phpBB Group, phpBB 2 has a thriving mod (formerly known as <i>hacks</i>) scene. These third party modifications to the standard phpBB 2 extend its capabilities still further and can be found at:</p>
+
+<p><a href="http://www.phpbb.com/mods" target="_new">http://www.phpbb.com/mods</a></p>
+
+<p><b>Please remember</b> that any bugs or other issues that occur after you have added any modification should <b>NOT</b> be reported to the bug tracker (see below). First remove the modification and see if the problem is resolved.</p>
+
+<p>Also remember that any modifications which modify the database in any way may render upgrading your forum to future versions more difficult unless we state otherwise. With all this said many users have and continue to utilise many of the mods already available with great success</p>
+
+<a name="help"></a><h2 class="h2"><u>3. Getting help with phpBB 2</u></h2>
+
+<p>phpBB 2 can seem a little daunting to new users in places, particularly with regard the permission system. The first thing you should do is check the <a href="FAQ.html">FAQ</a> which covers a few basic getting started questions. If you need additional help there are several places you should look.</p>
+
+<a name="userguide"></a><h3 class="h3">3.i. phpBB 2 Userguide</h3>
+
+<p>A comprehensive userguide is now available online and can be accessed from the following location:</p>
+
+<p><a href="http://www.phpbb.com/support/guide/" target="_new">http://www.phpbb.com/support/guide/</a></p>
+
+<p>This covers everything from installation through setting permissions and managing users.</p>
+
+<a name="website"></a><h3 class="h3">3.ii. Community Forums</h3>
+
+<p>phpBB Group maintains a thriving community where a number of people have generously decided to donate their time to help support users. This site can be found at:</p>
+
+<p><a href="http://www.phpbb.com/" target="_new">http://www.phpbb.com/</a></p>
+
+<p>If you do seek help via our forums please be sure to do a Search before posting. This may well save both you and us time and allow the developer, moderator and support groups to spend more time responding to people with unknown issues and problems. Please also remember that phpBB is an entirely volunteer effort, no one receives any compensation for the time they give, this includes moderators as well as developers. So please be respectful and mindful when awaiting responses.</p>
+
+<a name="irc"></a><h3 class="h3">3.iii Internet Relay Chat</h3>
+
+<p>Another place you may find help is our IRC channel. This operates on the Freenode IRC network, <b>irc.freenode.net</b>  and the channel is <b>#phpbb</b> and can be accessed by any good IRC client such as mIRC, XChat, etc. Again, please do not abuse this service and be respectful of other users.</p>
+
+<a name="status"></a><h2 class="h2"><u>4. Status of this version</u></h2>
+
+<p>This is the second stable release of phpBB 2. The 2.0.x line is essentially feature frozen, point releases will see only bugs and such like fixed. Our next major release will be phpBB 3.0 and work is progressing on this (the unstable development version is 2.1). Please do not post questions asking when 3.0 will be available, no release date has been set. phpBB 3.0 is now feature frozen, please feel free to suggest new features for phpBB 3.2 using our feature request tracker. We do not guarantee that all these will appear in 3.2 but we will do our best!:</p>
+
+<p><a href="http://sourceforge.net/tracker/?atid=580201&group_id=7885&func=browse" target="_new">http://sourceforge.net/tracker/?atid=580201&group_id=7885&func=browse</a></p>
+
+<p>Before submitting your idea please <b>ensure</b> you have read through the entries in that list. If your idea is similar to an existing one please feel free to add a comment to it. Please <b>do not</b> submit duplicate suggestions!</p>
+
+<p>For some suggestions we may ask for your feedback via our forums. For those interested in the development of phpBB 3.0 you should keep an eye on the community forums (particularly the Feature Discussion forum) where you may be able to influence the direction we take with certain new features. Finally you may like to visit our development forum to see how things are progressing:</p>
+
+<p><a href="http://area51.phpbb.com/phpBB/" target="_new">http://area51.phpbb.com/phpBB/</a></p>
+
+<p>Please note that this forum should <b>NOT</b> be used to obtain support for or ask questions about phpBB 2.0.x, the main community forums are the place for this. Any such posts will be locked and go unanswered.</p>
+
+<a name="bugs"></a><h2 class="h2"><u>5. Reporting Bugs</u></h2>
+
+<p>The phpBB Group uses a bug tracking system to store, list and manage all reported bugs, it can be found at the location listed below. Please <b>DO NOT</b> post bug reports to our forums, they will be locked. In addition please <b>DO NOT</b> use the bug tracker for support requests. Posting such a request will only see you directed to the support forums (while taking time away from working on real bugs).</p>
+
+<p><a href="http://www.phpbb.com/bugs/" target="_new">http://www.phpbb.com/bugs/</a></p>
+
+<p>While we very much appreciate receiving bug reports (the more reports the more stable phpBB 2 will be) we ask you carry out a few steps before adding new entries:</p>
+<ul>
+<li>Firstly determine if your bug is reproduceable, how to determine this depends on the bug in question. Only if the bug is reproduceable is it likely to be a problem with phpBB 2.0 (or in some way connected). If something cannot be reproduced it may turn out to have been your hosting provider working on something, a user doing something silly, etc. Bug reports for non-reproduceable events can slow down our attempts to fix real, reproduceable issues<br /><br /></li>
+<li>Next please read or search through the existing bug reports (remember to check open <b>AND</b> closed reports!) to see if <i>your</i> bug (or one very similar to it) is already listed. If it is please add to that existing bug rather than creating a new duplicate entry (all this does is slow us down).<br /><br /></li>
+<li>Check the forums (use search!) to see if people have discussed anything that sounds similar to what you are seeing. However, as noted above please <b>DO NOT</b> post your particular bug to the forum unless it's non-reproduceable or you are sure it's related to something you have done rather phpBB 2.0<br /><br /></li>
+<li>If no existing bug exists then please feel free to add it</li>
+</ul>
+
+<p>If you do post a new bug (i.e. one that isn't already listed in the bug tracker) firstly make sure you have logged in (your username and password are the same as for the community forums) then please include the following details:</p>
+<ul>
+<li>Your server type/version, eg. Apache 1.2.22, IIS 4, Sambar, etc.</li>
+<li>PHP version and mode of operation, eg. PHP 4.1.1 as a module, PHP 4.0.1 running as CGI, etc.</li>
+<li>DB type/version, eg. MySQL 3.23.32, PostgreSQL 7.1.2, MSSQL Server 2000 SP1, etc.</li>
+</ul>
+
+<p>Please also be as detailed as you can in your report, if possible list the steps required to duplicate the problem. If you have a fix which you are <b>VERY SURE</b> works (and is consistent with our coding guidelines) and does not introduce further problems or incompatibilities please let us know. However only include it in the bug report if you really must, if we need it we'll ask you for it.</p>
+
+<p>Once a bug has been submitted you will be emailed any follow up comments added to it. <b>Please</b> if you are requested to supply additional information, <b>do so</b>! It is <u>extremely frustrating</u> for us to receive bug reports, ask for additional information but get nothing. In these cases we have a policy of <u>closing the bug</u>, which may leave a very real problem in place. Obviously we would rather not have this situation arise.</p>
+
+<a name="securitybugs"></a><h3 class="h3">5.i. Security related bugs</h3>
+
+<p>If you find a potential security related vulnerability in phpBB 2 please <b>DO NOT</b> post it to the bug tracker, public forums, mailing lists, etc.! Doing so may allow unscrupulous users to take advantage of it before we have time to put a fix in place. All security related bugs should be sent to our security tracker:</p>
+
+<p><a href="http://www.phpbb.com/security/" target="_new">http://www.phpbb.com/security/</a></p>
+
+<a name="curbugs"></a><h2 class="h2"><u>6. Overview of current bug list</u></h2>
+
+<p>This list is not complete (see above link for full list) but does represent those bugs which may effect users on a wider scale. Other bugs listed in the tracker have typically been shown to be limited to certain setups or methods of installation/upgrade.</p>
+
+<ul>
+<li>First four characters of some posted content disappears - this is an issue with PHP not phpBB</li>
+<li>Cannot post very large messages when using PostgreSQL 7.0.x (limitation of Postgresql 7.0.x)</li>
+<li>By default cannot post very large messages with MSSQL (this can be configured within MSSQL)</li>
+<li>Use of non-latin charsets with MSSQL may result in post data being cropped unexpectedly</li>
+<li>Upgrade may fail to complete on large boards under some hosts</li>
+<li>Case-sensitivity on usernames and emails with PostgreSQL 7.x. A fix is provided by a user <a href="http://www.phpbb.com/kb/article.php?article_id=201" target="_new">within our knowledge base</a></li>
+</ul>
+
+<a name="php"></a><h2 class="h2"><u>7. PHP compatibility issues</u></h2>
+
+<p>phpBB is no longer supported on PHP3 due to several compatibility issues and we recommend that you upgrade to the  latest stable release of PHP4 to run phpBB.</p>
+
+<p>Please remember that running any application on a developmental version of PHP can lead to strange/unexpected results which may appear to be bugs in the application (which may not be true). Therefore we recommend you upgrade to the newest stable version of PHP before running phpBB 2. If you are running a developmental version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
+
+<p>This board has been developed and tested under Linux and Windows (amongst others) running IIS and Apache using MySQL 3.23 and 4.0.0, MSSQL Server 2000, MS Access 2000 and XP and PostgreSQL 7.x. Versions of PHP used range from 4.0.6 to 4.3.8 without problem. There may be unconfirmed issues with PHP 4.0.1 including patch level releases. If you experience problems with phpBB and have this PHP version installed it is recommended you upgrade it before posting bug reports.</p>
+
+<p>With the recent release of the official version of PHP 5, people and hosts may be switching to the latest PHP version. At this moment, the phpBB Team does not officially support running phpBB on PHP 5, as phpBB2.0.x was not written with PHP 5 in mind. However, many users have reported using it sucessfully on PHP 5 having made a configuration change in PHP to enable support for the deprecated HTTP_*_VARS arrays which is turned off by default in new PHP 5 installations. The relevant configuration option is register_long_arrays and it is decribed in the PHP Manual. phpBB 2.0.x makes use of these arrays in order to maintain backwards compatibility with early versions of PHP 4.x which is part of the original specification.<br />
+For this reason we do not support PHP 5 as platform for phpBB. It has been reported working, so you can try it. It's a risk you will be taking though.</p>
+
+<a name="phpsec"></a><h3 class="h3">7.i. Notice on PHP security issues</h3>
+
+<p>At the end of February 2002 a <a href="http://security.e-matters.de/advisories/012002.html" target="_new">major security issue</a> was found with PHP 3 and 4 which has resulted in many hosting providers disabling file uploads (although patches fixing the security issues are available and new versions of PHP 4 have been released).</p>
+
+<p>Because of this, and to cope with situations where hosts didn't allow such uploads anyway we have implemented various checks in phpBB 2. These checks prevent you from enabling or making use of functions which will not operate correctly on PHP as installed on your server. At this time this includes locally uploaded avatars and DB restore.</p>
+
+<p>Third party mods may also be effected but these are outside our control, you should contact the mod writer for more information.</p>
+
+<a name="disclaimer"></a><h2 class="h2"><u>8. Copyright and disclaimer</u></h2>
+
+<p>This application is opensource software released under the <a href="http://www.gnu.org/licenses/gpl.html" target="_new">GPL</a>. Please see source code and the Docs directory for more details. This package and its contents are Copyright <20> 2002 <a href="http://www.phpbb.com/" target="_new">phpBB Group</a>, All Rights Reserved.</p>
+<!-- END DOCUMENT -->
+
+				</td>
+			</tr>
+		</table></td>
+	</tr>
+</table>
+
+</body>
+</html>

phpBB/docs/coding-guidelines.txt

@@ -0,0 +1,26 @@
+CODING GUIDELINES : Initials by psoTFX (July 2001)
+-----------------
+
+* The coding style is defined in the codingstandards.html file, all attempts should be made to follow it as closely as possible
+
+* All SQL should be cross-DB compatible, if DB specific SQL is used alternatives must be provided which work on all supported DB's (MySQL, MSSQL (7.0 and 2000), PostgreSQL (7.0+), Oracle8, ODBC (generalised if possible, otherwise MS Access, DB2))
+
+* All SQL commands should utilise the DataBase Abstraction Layer (DBAL)
+
+* All URL's (and form actions) _must_ be wrapped in append_sid, this ensures the session_id is propagated when cookies aren't available
+
+* The minimum amount of data should be passed via GET or POST, checking should occur within individual scripts (to prevent spoofing of information)
+
+* The auth function should be used for all authorisation checking
+
+* Sessions should be initiated on each page, as near the top as possible using the session_pagestart function (userdata should be obtained by calling the init_userprefs immediately after session initialisation)
+
+* Login checks should be forwarded to the login page (supplying a page to forward onto once check is complete if required)
+
+* All template variables should be named appropriately (using underscores for spaces), language entries should be prefixed with L_, system data with S_, urls with U_, all other variables should be presented 'as is'.
+
+* Functions used by more than page should be placed in functions.php, functions specific to one page should be placed on that page (at the top to maintain compatibility with PHP3) surrounded by comments indicating the start and end of the function block
+
+* All messages/errors should be output by the message_die function using the appropriate message type (see function for details)
+
+* No attempt should be made to remove any copyright information (either contained within the source or displayed interactively when the source is run/compiled), neither should the copyright information be altered in any way (it may be added to)

phpBB/docs/codingstandards.htm

@@ -0,0 +1,327 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<!-- saved from url=(0044) -->
+<HTML><HEAD><TITLE>phpBB Coding Standard Guidelines</TITLE>
+<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
+<META content="MSHTML 5.00.2920.0" name=GENERATOR></HEAD>
+<BODY aLink=#cccccc bgColor=#ffffff link=#0000ff text=#000000 
+vLink=#0000ff><FONT face=verdana,arial,tahoma size=-1><A name=top></A>
+<H2>phpBB Coding Standard Guidelines</H2>Comments or suggestions? email <A 
+href="mailto:nate@phpbb.com">nate@phpbb.com</A><BR><BR><A 
+href="#editor">Editor 
+Settings</A><BR><A 
+href="#naming">Naming 
+Conventions</A><BR><A 
+href="#layout">Code Layout</A><BR><A 
+href="#general">General 
+Guidelines</A><BR><BR><BR><A name=editor></A><A 
+href="#top">top</A> 
+<H3>Editor Settings</H3>
+<P><B>Tabs vs Spaces:</B> In order to make this as simple as possible, we will 
+be using tabs, not spaces. Feel free to set how many spaces your editor uses 
+when it <B>displays</B> tabs, but make sure that when you <B>save</B> the file, 
+it's saving tabs and not spaces. This way, we can each have the code be 
+displayed the way we like it, without breaking the layout of the actual files. 
+</P>
+<P><B>Linefeeds:</B> Ensure that your editor is saving files in the UNIX format. 
+This means lines are terminated with a newline, not with a CR/LF combo as they 
+are on Win32, or whatever the Mac uses. Any decent Win32 editor should be able 
+to do this, but it might not always be the default. Know your editor. If you 
+want advice on Windows text editors, just ask one of the developers. Some of 
+them do their editing on Win32. </P><BR><BR><A name=naming></A><A 
+href="#top">top</A> 
+<H3>Naming Conventions</H3>
+<P>We will not be using any form of hungarian notation in our naming 
+conventions. Many of us believe that hungarian naming is one of the primary code 
+obfuscation techniques currently in use. </P>
+<P><B>Variable Names:</B> Variable names should be in all lowercase, with words 
+separated by an underscore. <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;Example: <CODE><FONT 
+size=+1>$current_user</FONT></CODE> is right, but <CODE><FONT 
+size=+1>$currentuser</FONT></CODE> and <CODE><FONT 
+size=+1>$currentUser</FONT></CODE> are not. <BR><BR>Names should be descriptive, 
+but concise. We don't want huge sentences as our variable names, but typing an 
+extra couple of characters is always better than wondering what exactly a 
+certain variable is for. </P>
+<P><B>Loop Indices:</B> The <I>only</I> situation where a one-character variable 
+name is allowed is when it's the index for some looping construct. In this case, 
+the index of the outer loop should always be $i. If there's a loop inside that 
+loop, its index should be $j, followed by $k, and so on. If the loop is being 
+indexed by some already-existing variable with a meaningful name, this guideline 
+does not apply. <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;Example: <PRE><FONT size=+1>
+		for ($i = 0; $i &lt; $outer_size; $i++) 
+		{
+		   for ($j = 0; $j &lt; $inner_size; $j++) 
+		   {
+		      foo($i, $j);
+		   }
+		} </FONT></PRE>
+<P></P>
+<P><B>Function Names:</B> Functions should also be named descriptively. We're 
+not programming in C here, we don't want to write functions called things like 
+"stristr()". Again, all lower-case names with words separated by a single 
+underscore character. Function names should preferably have a verb in them 
+somewhere. Good function names are <CODE><FONT 
+size=+1>print_login_status()</FONT></CODE>, <CODE><FONT 
+size=+1>get_user_data()</FONT></CODE>, etc.. </P>
+<P><B>Function Arguments:</B> Arguments are subject to the same guidelines as 
+variable names. We don't want a bunch of functions like: <CODE><FONT 
+size=+1>do_stuff($a, $b, $c)</FONT></CODE>. In most cases, we'd like to be able 
+to tell how to use a function by just looking at its declaration. </P>
+<P><B>Summary:</B> The basic philosophy here is to not hurt code clarity for the 
+sake of laziness. This has to be balanced by a little bit of common sense, 
+though; <CODE><FONT size=+1>print_login_status_for_a_given_user()</FONT></CODE> 
+goes too far, for example -- that function would be better named <CODE><FONT 
+size=+1>print_user_login_status()</FONT></CODE> , or just <CODE><FONT 
+size=+1>print_login_status()</FONT></CODE>. </P><BR><BR><A name=layout></A><A 
+href="#top">top</A> 
+<H3>Code Layout</H3>
+<P><B>Standard header for new files:</B> Here a template of the header that must 
+be included at the start of all phpBB files: <PRE><FONT size=+1>
+		/***************************************************************************
+		                                filename.php
+		                             -------------------
+		    begin                : Sat June 17 2000
+		    copyright            : (C) 2000 The phpBB Group
+		    email                : support@phpBB.com
+		
+		    $Id$
+		
+		 ***************************************************************************/
+		
+		/***************************************************************************
+		 *                                         				                                
+		 *   This program is free software; you can redistribute it and/or modify  	
+		 *   it under the terms of the GNU General Public License as published by  
+		 *   the Free Software Foundation; either version 2 of the License, or	    	
+		 *   (at your option) any later version.
+		 *
+		 ***************************************************************************/
+	</FONT></PRE>
+<P></P>
+<P><B>Always include the braces:</B> This is another case of being too lazy to 
+type 2 extra characters causing problems with code clarity. Even if the body of 
+some construct is only one line long, do <I>not</I> drop the braces. Just don't. 
+<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* These are all wrong. */
+		if (condition)	do_stuff();
+		if (condition)
+			do_stuff();
+		while (condition) 
+			do_stuff();
+		for ($i = 0; $i &lt; size; $i++)
+			do_stuff($i);
+		
+		/* These are right. */
+		if (condition) 
+		{
+			do_stuff();
+		}
+		while (condition) 
+		{
+			do_stuff();
+		}
+		for ($i = 0; $i &lt; size; $i++) 
+		{
+			do_stuff();
+		}
+	</FONT></PRE>
+<P></P>
+<P><B>Where to put the braces:</B> This one is a bit of a holy war, but we're 
+going to use a style that can be summed up in one sentence: Braces always go on 
+their own line. The closing brace should also always be at the same column as 
+the corresponding opening brace. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		if (condition) 
+		{
+			while (condition2)
+			{
+				...
+			}
+		}
+		else 
+		{
+			...
+		}
+
+		for ($i = 0; $i &lt; $size; $i++) 
+		{
+			...
+		}
+		
+		while (condition) 
+		{
+			...
+		}
+		
+		function do_stuff() 
+		{
+			...
+		}
+	</FONT></PRE>
+<P></P>
+<P><B>Use spaces between tokens:</B> This is another simple, easy step that 
+helps keep code readable without much effort. Whenever you write an assignment, 
+expression, etc.. Always leave <I>one</I> space between the tokens. Basically, 
+write code as if it was English. Put spaces between variable names and 
+operators. Don't put spaces just after an opening bracket or before a closing 
+bracket. Don't put spaces just before a comma or a semicolon. This is best shown 
+with a few examples. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* Each pair shows the wrong way followed by the right way. */
+		
+		$i=0;
+		$i = 0;
+		
+		if($i&lt;7) ...
+		if ($i &lt; 7) ...
+		
+		if ( ($i &lt; 7)&amp;&amp;($j &gt; 8) ) ...
+		if (($i &lt; 7) &amp;&amp; ($j &gt; 8)) ...
+		
+		do_stuff( $i, "foo", $b );
+		do_stuff($i, "foo", $b);
+		
+		for($i=0; $i&lt;$size; $i++) ...
+		for($i = 0; $i &lt; $size; $i++) ... 
+		
+		$i=($j &lt; $size)?0:1;
+		$i = ($j &lt; $size) ? 0 : 1;
+	</FONT></PRE>
+<P></P>
+<P><B>Operator precedence:</B> Do you know the exact precedence of all the 
+operators in PHP? Neither do I. Don't guess. Always make it obvious by using 
+brackets to force the precedence of an equation so you know what it does. 
+<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* what's the result? who knows. */
+		$bool = ($i &lt; 7 &amp;&amp; $j &gt; 8 || $k == 4);
+		
+		/* now you can be certain what I'm doing here. */
+		$bool = (($i &lt; 7) &amp;&amp; (($j &lt; 8) || ($k == 4)))
+		</FONT></PRE>
+<P></P>
+<P><B>SQL code layout:</B> Since we'll all be using different editor settings, 
+don't try to do anything complex like aligning columns in SQL code. Do, however, 
+break statements onto their own lines. Here's a sample of how SQL code should 
+look. Note where the lines break, the capitalization, and the use of brackets. 
+<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		SELECT field1 AS something, field2, field3
+		FROM table a, table b
+		WHERE (this = that) AND (this2 = that2)
+		</FONT></PRE>
+<P></P>
+<P><B>SQL insert statements:</B> SQL INSERT statements can be written in two 
+different ways. Either you specify explicitly the columns being inserted, or
+you rely on knowing the order of the columns in the database and do not
+specify them. We want to use the former approach, where it is explicitly
+stated whcih columns are being inserted. This means our application-level code
+will not depend on the order of the fields in the database, and will not be broken
+if we add additional fields (unless they're specified as NOT NULL, of course).
+<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		# This is not what we want.
+		INSERT INTO mytable
+		VALUES ('something', 1, 'else')
+		
+		# This is correct.
+		INSERT INTO mytable (column1, column2, column3)
+		VALUES ('something', 1, 'else')
+		</FONT></PRE>		
+<P></P><BR><BR><A name=general></A><A 
+href="#top">top</A> 
+<H3>General Guidelines</H3>
+<P><B>Quoting strings:</B> There are two different ways to quote strings in PHP 
+- either with single quotes or with double quotes. The main difference is that 
+the parser does variable interpolation in double-quoted strings, but not in 
+single quoted strings. Because of this, you should <I>always</I> use single 
+quotes <I>unless</I> you specifically need variable interpolation to be done on 
+that string. This way, we can save the parser the trouble of parsing a bunch of 
+strings where no interpolation needs to be done. Also, if you are using a string 
+variable as part of a function call, you do not need to enclose that variable in 
+quotes. Again, this will just make unnecessary work for the parser. Note, 
+however, that nearly all of the escape sequences that exist for double-quoted 
+strings will not work with single-quoted strings. Be careful, and feel free to 
+break this guideline if it's making your code harder to read. 
+<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* wrong */
+		$str = "This is a really long string with no variables for the parser to find.";
+		do_stuff("$str");
+		
+		/* right */
+		$str = 'This is a really long string with no variables for the parser to find.';
+		do_stuff($str);
+		</FONT></PRE>
+<P></P>
+<P><B>Associative array keys:</B> In PHP, it's legal to use a literal string as 
+a key to an associative array without quoting that string. We don't want to do 
+this -- the string should always be quoted to avoid confusion. Note that this is 
+only when we're using a literal, not when we're using a variable. 
+<BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* wrong */
+		$foo = $assoc_array[blah];
+		
+		/* right */
+		$foo = $assoc_array['blah'];
+		</FONT></PRE>
+<P></P>
+<P><B>Comments:</B> Each function should be preceded by a comment that tells a 
+programmer everything they need to know to use that function. The meaning of 
+every parameter, the expected input, and the output are required as a minimal 
+comment. The function's behaviour in error conditions (and what those error 
+conditions are) should also be present. Nobody should have to look at the actual 
+source of a function in order to be able to call it with confidence in their own 
+code. <BR><BR>In addition, commenting any tricky, obscure, or otherwise 
+not-immediately-obvious code is clearly something we should be doing. Especially 
+important to document are any assumptions your code makes, or preconditions for 
+its proper operation. Any one of the developers should be able to look at any 
+part of the application and figure out what's going on in a reasonable amount of 
+time. </P>
+<P><B>Magic numbers:</B> Don't use them. Use named constants for any literal 
+value other than obvious special cases. Basically, it's OK to check if an array 
+has 0 elements by using the literal 0. It's not OK to assign some special 
+meaning to a number and then use it everywhere as a literal. This hurts 
+readability AND maintainability. Included in this guideline is that we should be 
+using the constants TRUE and FALSE in place of the literals 1 and 0 -- even 
+though they have the same values, it's more obvious what the actual logic is 
+when you use the named constants. </P>
+<P><B>Shortcut operators:</B> The only shortcut operators that cause readability 
+problems are the shortcut increment ($i++) and decrement ($j--) operators. These 
+operators should not be used as part of an expression. They can, however, be 
+used on their own line. Using them in expressions is just not worth the 
+headaches when debugging. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* wrong */
+		$array[++$i] = $j;
+		$array[$i++] = $k;
+		
+		
+		/* right */
+		$i++;
+		$array[$i] = $j;
+		
+		$array[$i] = $k;
+		$i++;
+		</FONT></PRE>
+<P></P>
+<P><B>Inline conditionals:</B> Inline conditionals should only be used to do 
+very simple things. Preferably, they will only be used to do assignments, and 
+not for function calls or anything complex at all. They can be harmful to 
+readability if used incorrectly, so don't fall in love with saving typing by 
+using them. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* Bad place to use them */
+		(($i &lt; $size) &amp;&amp; ($j &gt; $size)) ? do_stuff($foo) : do_stuff($bar);
+		
+		
+		/* OK place to use them */
+		$min = ($i &lt; $j) ? $i : $j;
+		</FONT></PRE>
+<P></P>
+<P><B>Don't use uninitialized variables.</B> for phpBB 2, we intend to use a 
+higher level of run-time error reporting. This will mean that the use of an 
+uninitialized variable will be reported as an error. This will come up most 
+often when checking which HTML form variables were passed. These errors can be 
+avoided by using the built-in isset() function to check whether a variable has 
+been set. <BR><BR>&nbsp;&nbsp;&nbsp;Examples:<PRE><FONT size=+1>
+		/* Old way */
+		if ($forum) ...
+		
+		
+		/* New way */
+		if (isset($forum)) ...
+		</FONT></PRE>
+<P></P><BR><BR><A href="#top">Return 
+to top</A> </FONT></BODY></HTML>

phpBB/extension.inc

@@ -0,0 +1,26 @@
+<?php
+/***************************************************************************  
+ *                               extension.inc
+ *                            -------------------                         
+ *   begin                : Saturday, Feb 13, 2001 
+ *   copyright            : (C) 2001 The phpBB Group        
+ *   email                : support@phpbb.com                           
+ *                                                          
+ *   $Id$
+ *                                                            
+ * 
+ ***************************************************************************/ 
+
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
+//
+// Change this if your extension is not .php!
+//
+$phpEx = "php";
+
+$starttime = 0;
+
+?>

phpBB/faq.php

@@ -0,0 +1,150 @@
+<?php
+/***************************************************************************
+ *                                  faq.php
+ *                            -------------------
+ *   begin                : Sunday, Jul 8, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+define('IN_PHPBB', true);
+$phpbb_root_path = './';
+include($phpbb_root_path . 'extension.inc');
+include($phpbb_root_path . 'common.'.$phpEx);
+
+//
+// Start session management
+//
+$userdata = session_pagestart($user_ip, PAGE_FAQ);
+init_userprefs($userdata);
+//
+// End session management
+//
+
+// Set vars to prevent naughtiness
+$faq = array();
+
+//
+// Load the appropriate faq file
+//
+if( isset($HTTP_GET_VARS['mode']) )
+{
+	switch( $HTTP_GET_VARS['mode'] )
+	{
+		case 'bbcode':
+			$lang_file = 'lang_bbcode';
+			$l_title = $lang['BBCode_guide'];
+			break;
+		default:
+			$lang_file = 'lang_faq';
+			$l_title = $lang['FAQ'];
+			break;
+	}
+}
+else
+{
+	$lang_file = 'lang_faq';
+	$l_title = $lang['FAQ'];
+}
+include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/' . $lang_file . '.' . $phpEx);
+
+//
+// Pull the array data from the lang pack
+//
+$j = 0;
+$counter = 0;
+$counter_2 = 0;
+$faq_block = array();
+$faq_block_titles = array();
+
+for($i = 0; $i < count($faq); $i++)
+{
+	if( $faq[$i][0] != '--' )
+	{
+		$faq_block[$j][$counter]['id'] = $counter_2;
+		$faq_block[$j][$counter]['question'] = $faq[$i][0];
+		$faq_block[$j][$counter]['answer'] = $faq[$i][1];
+
+		$counter++;
+		$counter_2++;
+	}
+	else
+	{
+		$j = ( $counter != 0 ) ? $j + 1 : 0;
+
+		$faq_block_titles[$j] = $faq[$i][1];
+
+		$counter = 0;
+	}
+}
+
+//
+// Lets build a page ...
+//
+$page_title = $l_title;
+include($phpbb_root_path . 'includes/page_header.'.$phpEx);
+
+$template->set_filenames(array(
+	'body' => 'faq_body.tpl')
+);
+make_jumpbox('viewforum.'.$phpEx);
+
+$template->assign_vars(array(
+	'L_FAQ_TITLE' => $l_title, 
+	'L_BACK_TO_TOP' => $lang['Back_to_top'])
+);
+
+for($i = 0; $i < count($faq_block); $i++)
+{
+	if( count($faq_block[$i]) )
+	{
+		$template->assign_block_vars('faq_block', array(
+			'BLOCK_TITLE' => $faq_block_titles[$i])
+		);
+		$template->assign_block_vars('faq_block_link', array( 
+			'BLOCK_TITLE' => $faq_block_titles[$i])
+		);
+
+		for($j = 0; $j < count($faq_block[$i]); $j++)
+		{
+			$row_color = ( !($j % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+			$row_class = ( !($j % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
+
+			$template->assign_block_vars('faq_block.faq_row', array(
+				'ROW_COLOR' => '#' . $row_color,
+				'ROW_CLASS' => $row_class,
+				'FAQ_QUESTION' => $faq_block[$i][$j]['question'], 
+				'FAQ_ANSWER' => $faq_block[$i][$j]['answer'], 
+
+				'U_FAQ_ID' => $faq_block[$i][$j]['id'])
+			);
+
+			$template->assign_block_vars('faq_block_link.faq_row_link', array(
+				'ROW_COLOR' => '#' . $row_color,
+				'ROW_CLASS' => $row_class,
+				'FAQ_LINK' => $faq_block[$i][$j]['question'], 
+
+				'U_FAQ_LINK' => '#' . $faq_block[$i][$j]['id'])
+			);
+		}
+	}
+}
+
+$template->pparse('body');
+
+include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
+
+?>

phpBB/functions/auth.php

@@ -1,27 +0,0 @@
-<?php
-/***************************************************************************  
- *                                 
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$                                                           
- *                                                            
- * 
- ***************************************************************************/ 
-
-
-/***************************************************************************  
- *                                                     
- *   This program is free software; you can redistribute it and/or modify    
- *   it under the terms of the GNU General Public License as published by   
- *   the Free Software Foundation; either version 2 of the License, or  
- *   (at your option) any later version.                      
- *                                                          
- * 
- ***************************************************************************/ 
-
-
-
-?>

phpBB/functions/post.php

@@ -1,27 +0,0 @@
-<?php
-/***************************************************************************  
- *                                 
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$                                                           
- *                                                            
- * 
- ***************************************************************************/ 
-
-
-/***************************************************************************  
- *                                                     
- *   This program is free software; you can redistribute it and/or modify    
- *   it under the terms of the GNU General Public License as published by   
- *   the Free Software Foundation; either version 2 of the License, or  
- *   (at your option) any later version.                      
- *                                                          
- * 
- ***************************************************************************/ 
-
-
-
-?>

phpBB/functions/sessions.php

@@ -1,27 +0,0 @@
-<?php
-/***************************************************************************  
- *                                 
- *                            -------------------                         
- *   begin                : Saturday, Feb 13, 2001 
- *   copyright            : (C) 2001 The phpBB Group        
- *   email                : support@phpbb.com                           
- *                                                          
- *   $Id$                                                           
- *                                                            
- * 
- ***************************************************************************/ 
-
-
-/***************************************************************************  
- *                                                     
- *   This program is free software; you can redistribute it and/or modify    
- *   it under the terms of the GNU General Public License as published by   
- *   the Free Software Foundation; either version 2 of the License, or  
- *   (at your option) any later version.                      
- *                                                          
- * 
- ***************************************************************************/ 
-
-
-
-?>

phpBB/images/avatars/gallery/index.htm

@@ -0,0 +1,10 @@
+<html>
+<head>
+<title></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#FFFFFF" text="#000000">
+
+</body>
+</html>

phpBB/images/avatars/index.htm

@@ -0,0 +1,10 @@
+<html>
+<head>
+<title></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#FFFFFF" text="#000000">
+
+</body>
+</html>

phpBB/images/index.htm

@@ -0,0 +1,10 @@
+<html>
+<head>
+<title></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#FFFFFF" text="#000000">
+
+</body>
+</html>

phpBB/includes/auth.php

@@ -0,0 +1,326 @@
+<?php
+/***************************************************************************
+ *                                 auth.php
+ *                            -------------------                         
+ *   begin                : Saturday, Feb 13, 2001 
+ *   copyright            : (C) 2001 The phpBB Group        
+ *   email                : support@phpbb.com                           
+ *                                                          
+ *   $Id$                                                           
+ *                                                            
+ * 
+ ***************************************************************************/ 
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+/*
+	$type's accepted (pre-pend with AUTH_):
+	VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE
+
+	Possible options ($type/forum_id combinations):
+
+	* If you include a type and forum_id then a specific lookup will be done and
+	the single result returned
+
+	* If you set type to AUTH_ALL and specify a forum_id an array of all auth types
+	will be returned
+
+	* If you provide a forum_id a specific lookup on that forum will be done
+
+	* If you set forum_id to AUTH_LIST_ALL and specify a type an array listing the
+	results for all forums will be returned
+
+	* If you set forum_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional
+	array containing the auth permissions for all types and all forums for that
+	user is returned
+
+	All results are returned as associative arrays, even when a single auth type is
+	specified.
+
+	If available you can send an array (either one or two dimensional) containing the
+	forum auth levels, this will prevent the auth function having to do its own
+	lookup
+*/
+function auth($type, $forum_id, $userdata, $f_access = '')
+{
+	global $db, $lang;
+
+	switch( $type )
+	{
+		case AUTH_ALL:
+			$a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate';
+			$auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
+			break;
+
+		case AUTH_VIEW:
+			$a_sql = 'a.auth_view';
+			$auth_fields = array('auth_view');
+			break;
+
+		case AUTH_READ:
+			$a_sql = 'a.auth_read';
+			$auth_fields = array('auth_read');
+			break;
+		case AUTH_POST:
+			$a_sql = 'a.auth_post';
+			$auth_fields = array('auth_post');
+			break;
+		case AUTH_REPLY:
+			$a_sql = 'a.auth_reply';
+			$auth_fields = array('auth_reply');
+			break;
+		case AUTH_EDIT:
+			$a_sql = 'a.auth_edit';
+			$auth_fields = array('auth_edit');
+			break;
+		case AUTH_DELETE:
+			$a_sql = 'a.auth_delete';
+			$auth_fields = array('auth_delete');
+			break;
+
+		case AUTH_ANNOUNCE:
+			$a_sql = 'a.auth_announce';
+			$auth_fields = array('auth_announce');
+			break;
+		case AUTH_STICKY:
+			$a_sql = 'a.auth_sticky';
+			$auth_fields = array('auth_sticky');
+			break;
+
+		case AUTH_POLLCREATE:
+			$a_sql = 'a.auth_pollcreate';
+			$auth_fields = array('auth_pollcreate');
+			break;
+		case AUTH_VOTE:
+			$a_sql = 'a.auth_vote';
+			$auth_fields = array('auth_vote');
+			break;
+		case AUTH_ATTACH:
+			break;
+
+		default:
+			break;
+	}
+
+	//
+	// If f_access has been passed, or auth is needed to return an array of forums
+	// then we need to pull the auth information on the given forum (or all forums)
+	//
+	if ( empty($f_access) )
+	{
+		$forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = $forum_id" : '';
+
+		$sql = "SELECT a.forum_id, $a_sql
+			FROM " . FORUMS_TABLE . " a
+			$forum_match_sql";
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
+		}
+
+		$sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset';
+
+		if ( !($f_access = $db->$sql_fetchrow($result)) )
+		{
+			$db->sql_freeresult($result);
+			return array();
+		}
+		$db->sql_freeresult($result);
+	}
+
+	//
+	// If the user isn't logged on then all we need do is check if the forum
+	// has the type set to ALL, if yes they are good to go, if not then they
+	// are denied access
+	//
+	$u_access = array();
+	if ( $userdata['session_logged_in'] )
+	{
+		$forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = $forum_id" : '';
+
+		$sql = "SELECT a.forum_id, $a_sql, a.auth_mod 
+			FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug 
+			WHERE ug.user_id = ".$userdata['user_id']. " 
+				AND ug.user_pending = 0 
+				AND a.group_id = ug.group_id
+				$forum_match_sql";
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
+		}
+
+		if ( $row = $db->sql_fetchrow($result) )
+		{
+			do
+			{
+				if ( $forum_id != AUTH_LIST_ALL)
+				{
+					$u_access[] = $row;
+				}
+				else
+				{
+					$u_access[$row['forum_id']][] = $row;
+				}
+			}
+			while( $row = $db->sql_fetchrow($result) );
+		}
+		$db->sql_freeresult($result);
+	}
+
+	$is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0;
+
+	$auth_user = array();
+	for($i = 0; $i < count($auth_fields); $i++)
+	{
+		$key = $auth_fields[$i];
+
+		//
+		// If the user is logged on and the forum type is either ALL or REG then the user has access
+		//
+		// If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions
+		// to do whatever it is they want to do ... to do this we pull relevant information for the
+		// user (and any groups they belong to)
+		//
+		// Now we compare the users access level against the forums. We assume here that a moderator
+		// and admin automatically have access to an ACL forum, similarly we assume admins meet an
+		// auth requirement of MOD
+		//
+		if ( $forum_id != AUTH_LIST_ALL )
+		{
+			$value = $f_access[$key];
+
+			switch( $value )
+			{
+				case AUTH_ALL:
+					$auth_user[$key] = TRUE;
+					$auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users'];
+					break;
+
+				case AUTH_REG:
+					$auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
+					$auth_user[$key . '_type'] = $lang['Auth_Registered_Users'];
+					break;
+
+				case AUTH_ACL:
+					$auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
+					$auth_user[$key . '_type'] = $lang['Auth_Users_granted_access'];
+					break;
+
+				case AUTH_MOD:
+					$auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
+					$auth_user[$key . '_type'] = $lang['Auth_Moderators'];
+					break;
+
+				case AUTH_ADMIN:
+					$auth_user[$key] = $is_admin;
+					$auth_user[$key . '_type'] = $lang['Auth_Administrators'];
+					break;
+
+				default:
+					$auth_user[$key] = 0;
+					break;
+			}
+		}
+		else
+		{
+			for($k = 0; $k < count($f_access); $k++)
+			{
+				$value = $f_access[$k][$key];
+				$f_forum_id = $f_access[$k]['forum_id'];
+
+				switch( $value )
+				{
+					case AUTH_ALL:
+						$auth_user[$f_forum_id][$key] = TRUE;
+						$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users'];
+						break;
+
+					case AUTH_REG:
+						$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
+						$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Registered_Users'];
+						break;
+
+					case AUTH_ACL:
+						$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0;
+						$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Users_granted_access'];
+						break;
+
+					case AUTH_MOD:
+						$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
+						$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Moderators'];
+						break;
+
+					case AUTH_ADMIN:
+						$auth_user[$f_forum_id][$key] = $is_admin;
+						$auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Administrators'];
+						break;
+
+					default:
+						$auth_user[$f_forum_id][$key] = 0;
+						break;
+				}
+			}
+		}
+	}
+
+	//
+	// Is user a moderator?
+	//
+	if ( $forum_id != AUTH_LIST_ALL )
+	{
+		$auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
+	}
+	else
+	{
+		for($k = 0; $k < count($f_access); $k++)
+		{
+			$f_forum_id = $f_access[$k]['forum_id'];
+
+			$auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
+		}
+	}
+
+	return $auth_user;
+}
+
+function auth_check_user($type, $key, $u_access, $is_admin)
+{
+	$auth_user = 0;
+
+	if ( count($u_access) )
+	{
+		for($j = 0; $j < count($u_access); $j++)
+		{
+			$result = 0;
+			switch($type)
+			{
+				case AUTH_ACL:
+					$result = $u_access[$j][$key];
+
+				case AUTH_MOD:
+					$result = $result || $u_access[$j]['auth_mod'];
+
+				case AUTH_ADMIN:
+					$result = $result || $is_admin;
+					break;
+			}
+
+			$auth_user = $auth_user || $result;
+		}
+	}
+	else
+	{
+		$auth_user = $is_admin;
+	}
+
+	return $auth_user;
+}
+
+?>

phpBB/includes/bbcode.php

@@ -0,0 +1,788 @@
+<?php
+/***************************************************************************
+ *                              bbcode.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
+define("BBCODE_UID_LEN", 10);
+
+// global that holds loaded-and-prepared bbcode templates, so we only have to do
+// that stuff once.
+
+$bbcode_tpl = null;
+
+/**
+ * Loads bbcode templates from the bbcode.tpl file of the current template set.
+ * Creates an array, keys are bbcode names like "b_open" or "url", values
+ * are the associated template.
+ * Probably pukes all over the place if there's something really screwed
+ * with the bbcode.tpl file.
+ *
+ * Nathan Codding, Sept 26 2001.
+ */
+function load_bbcode_template()
+{
+	global $template;
+	$tpl_filename = $template->make_filename('bbcode.tpl');
+	$tpl = fread(fopen($tpl_filename, 'r'), filesize($tpl_filename));
+
+	// replace \ with \\ and then ' with \'.
+	$tpl = str_replace('\\', '\\\\', $tpl);
+	$tpl  = str_replace('\'', '\\\'', $tpl);
+
+	// strip newlines.
+	$tpl  = str_replace("\n", '', $tpl);
+
+	// Turn template blocks into PHP assignment statements for the values of $bbcode_tpls..
+	$tpl = preg_replace('#<!-- BEGIN (.*?) -->(.*?)<!-- END (.*?) -->#', "\n" . '$bbcode_tpls[\'\\1\'] = \'\\2\';', $tpl);
+
+	$bbcode_tpls = array();
+
+	eval($tpl);
+
+	return $bbcode_tpls;
+}
+
+
+/**
+ * Prepares the loaded bbcode templates for insertion into preg_replace()
+ * or str_replace() calls in the bbencode_second_pass functions. This
+ * means replacing template placeholders with the appropriate preg backrefs
+ * or with language vars. NOTE: If you change how the regexps work in
+ * bbencode_second_pass(), you MUST change this function.
+ *
+ * Nathan Codding, Sept 26 2001
+ *
+ */
+function prepare_bbcode_template($bbcode_tpl)
+{
+	global $lang;
+
+	$bbcode_tpl['olist_open'] = str_replace('{LIST_TYPE}', '\\1', $bbcode_tpl['olist_open']);
+
+	$bbcode_tpl['color_open'] = str_replace('{COLOR}', '\\1', $bbcode_tpl['color_open']);
+
+	$bbcode_tpl['size_open'] = str_replace('{SIZE}', '\\1', $bbcode_tpl['size_open']);
+
+	$bbcode_tpl['quote_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_open']);
+
+	$bbcode_tpl['quote_username_open'] = str_replace('{L_QUOTE}', $lang['Quote'], $bbcode_tpl['quote_username_open']);
+	$bbcode_tpl['quote_username_open'] = str_replace('{L_WROTE}', $lang['wrote'], $bbcode_tpl['quote_username_open']);
+	$bbcode_tpl['quote_username_open'] = str_replace('{USERNAME}', '\\1', $bbcode_tpl['quote_username_open']);
+
+	$bbcode_tpl['code_open'] = str_replace('{L_CODE}', $lang['Code'], $bbcode_tpl['code_open']);
+
+	$bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']);
+
+	// We do URLs in several different ways..
+	$bbcode_tpl['url1'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']);
+	$bbcode_tpl['url1'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url1']);
+
+	$bbcode_tpl['url2'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']);
+	$bbcode_tpl['url2'] = str_replace('{DESCRIPTION}', '\\1', $bbcode_tpl['url2']);
+
+	$bbcode_tpl['url3'] = str_replace('{URL}', '\\1', $bbcode_tpl['url']);
+	$bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url3']);
+
+	$bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']);
+	$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']);
+
+	$bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']);
+
+	define("BBCODE_TPL_READY", true);
+
+	return $bbcode_tpl;
+}
+
+
+/**
+ * Does second-pass bbencoding. This should be used before displaying the message in
+ * a thread. Assumes the message is already first-pass encoded, and we are given the
+ * correct UID as used in first-pass encoding.
+ */
+function bbencode_second_pass($text, $uid)
+{
+	global $lang, $bbcode_tpl;
+
+	$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1&#058;", $text);
+
+	// pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0).
+	// This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it.
+	$text = " " . $text;
+
+	// First: If there isn't a "[" and a "]" in the message, don't bother.
+	if (! (strpos($text, "[") && strpos($text, "]")) )
+	{
+		// Remove padding, return.
+		$text = substr($text, 1);
+		return $text;
+	}
+
+	// Only load the templates ONCE..
+	if (!defined("BBCODE_TPL_READY"))
+	{
+		// load templates from file into array.
+		$bbcode_tpl = load_bbcode_template();
+
+		// prepare array for use in regexps.
+		$bbcode_tpl = prepare_bbcode_template($bbcode_tpl);
+	}
+
+	// [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts.
+	$text = bbencode_second_pass_code($text, $uid, $bbcode_tpl);
+
+	// [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
+	$text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text);
+	$text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text);
+
+	// New one liner to deal with opening quotes with usernames...
+	// replaces the two line version that I had here before..
+	$text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text);
+
+	// [list] and [list=x] for (un)ordered lists.
+	// unordered lists
+	$text = str_replace("[list:$uid]", $bbcode_tpl['ulist_open'], $text);
+	// li tags
+	$text = str_replace("[*:$uid]", $bbcode_tpl['listitem'], $text);
+	// ending tags
+	$text = str_replace("[/list:u:$uid]", $bbcode_tpl['ulist_close'], $text);
+	$text = str_replace("[/list:o:$uid]", $bbcode_tpl['olist_close'], $text);
+	// Ordered lists
+	$text = preg_replace("/\[list=([a1]):$uid\]/si", $bbcode_tpl['olist_open'], $text);
+
+	// colours
+	$text = preg_replace("/\[color=(\#[0-9A-F]{6}|[a-z]+):$uid\]/si", $bbcode_tpl['color_open'], $text);
+	$text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text);
+
+	// size
+	$text = preg_replace("/\[size=([1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text);
+	$text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text);
+
+	// [b] and [/b] for bolding text.
+	$text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text);
+	$text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text);
+
+	// [u] and [/u] for underlining text.
+	$text = str_replace("[u:$uid]", $bbcode_tpl['u_open'], $text);
+	$text = str_replace("[/u:$uid]", $bbcode_tpl['u_close'], $text);
+
+	// [i] and [/i] for italicizing text.
+	$text = str_replace("[i:$uid]", $bbcode_tpl['i_open'], $text);
+	$text = str_replace("[/i:$uid]", $bbcode_tpl['i_close'], $text);
+
+	// Patterns and replacements for URL and email tags..
+	$patterns = array();
+	$replacements = array();
+
+	// [img]image_url_here[/img] code..
+	// This one gets first-passed..
+	$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
+	$replacements[] = $bbcode_tpl['img'];
+
+	// matches a [url]xxxx://www.phpbb.com[/url] code..
+	$patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is";
+	$replacements[] = $bbcode_tpl['url1'];
+
+	// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
+	$patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is";
+	$replacements[] = $bbcode_tpl['url2'];
+
+	// [url=xxxx://www.phpbb.com]phpBB[/url] code..
+	$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
+	$replacements[] = $bbcode_tpl['url3'];
+
+	// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
+	$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
+	$replacements[] = $bbcode_tpl['url4'];
+
+	// [email]user@domain.tld[/email] code..
+	$patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si";
+	$replacements[] = $bbcode_tpl['email'];
+
+	$text = preg_replace($patterns, $replacements, $text);
+
+	// Remove our padding from the string..
+	$text = substr($text, 1);
+
+	return $text;
+
+} // bbencode_second_pass()
+
+// Need to initialize the random numbers only ONCE
+mt_srand( (double) microtime() * 1000000);
+
+function make_bbcode_uid()
+{
+	// Unique ID for this message..
+
+	$uid = md5(mt_rand());
+	$uid = substr($uid, 0, BBCODE_UID_LEN);
+
+	return $uid;
+}
+
+function bbencode_first_pass($text, $uid)
+{
+	// pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0).
+	// This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it.
+	$text = " " . $text;
+
+	// [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts.
+	$text = bbencode_first_pass_pda($text, $uid, '[code]', '[/code]', '', true, '');
+
+	// [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
+	$text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, '');
+	$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
+
+	// [list] and [list=x] for (un)ordered lists.
+	$open_tag = array();
+	$open_tag[0] = "[list]";
+
+	// unordered..
+	$text = bbencode_first_pass_pda($text, $uid, $open_tag, "[/list]", "[/list:u]", false, 'replace_listitems');
+
+	$open_tag[0] = "[list=1]";
+	$open_tag[1] = "[list=a]";
+
+	// ordered.
+	$text = bbencode_first_pass_pda($text, $uid, $open_tag, "[/list]", "[/list:o]",  false, 'replace_listitems');
+
+	// [color] and [/color] for setting text color
+	$text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text);
+
+	// [size] and [/size] for setting text size
+	$text = preg_replace("#\[size=([1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text);
+
+	// [b] and [/b] for bolding text.
+	$text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text);
+
+	// [u] and [/u] for underlining text.
+	$text = preg_replace("#\[u\](.*?)\[/u\]#si", "[u:$uid]\\1[/u:$uid]", $text);
+
+	// [i] and [/i] for italicizing text.
+	$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);
+
+	// [img]image_url_here[/img] code..
+	$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
+
+	// Remove our padding from the string..
+	return substr($text, 1);;
+
+} // bbencode_first_pass()
+
+/**
+ * $text - The text to operate on.
+ * $uid - The UID to add to matching tags.
+ * $open_tag - The opening tag to match. Can be an array of opening tags.
+ * $close_tag - The closing tag to match.
+ * $close_tag_new - The closing tag to replace with.
+ * $mark_lowest_level - boolean - should we specially mark the tags that occur
+ * 					at the lowest level of nesting? (useful for [code], because
+ *						we need to match these tags first and transform HTML tags
+ *						in their contents..
+ * $func - This variable should contain a string that is the name of a function.
+ *				That function will be called when a match is found, and passed 2
+ *				parameters: ($text, $uid). The function should return a string.
+ *				This is used when some transformation needs to be applied to the
+ *				text INSIDE a pair of matching tags. If this variable is FALSE or the
+ *				empty string, it will not be executed.
+ * If open_tag is an array, then the pda will try to match pairs consisting of
+ * any element of open_tag followed by close_tag. This allows us to match things
+ * like [list=A]...[/list] and [list=1]...[/list] in one pass of the PDA.
+ *
+ * NOTES:	- this function assumes the first character of $text is a space.
+ *				- every opening tag and closing tag must be of the [...] format.
+ */
+function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_new, $mark_lowest_level, $func, $open_regexp_replace = false)
+{
+	$open_tag_count = 0;
+
+	if (!$close_tag_new || ($close_tag_new == ''))
+	{
+		$close_tag_new = $close_tag;
+	}
+
+	$close_tag_length = strlen($close_tag);
+	$close_tag_new_length = strlen($close_tag_new);
+	$uid_length = strlen($uid);
+
+	$use_function_pointer = ($func && ($func != ''));
+
+	$stack = array();
+
+	if (is_array($open_tag))
+	{
+		if (0 == count($open_tag))
+		{
+			// No opening tags to match, so return.
+			return $text;
+		}
+		$open_tag_count = count($open_tag);
+	}
+	else
+	{
+		// only one opening tag. make it into a 1-element array.
+		$open_tag_temp = $open_tag;
+		$open_tag = array();
+		$open_tag[0] = $open_tag_temp;
+		$open_tag_count = 1;
+	}
+
+	$open_is_regexp = false;
+
+	if ($open_regexp_replace)
+	{
+		$open_is_regexp = true;
+		if (!is_array($open_regexp_replace))
+		{
+			$open_regexp_temp = $open_regexp_replace;
+			$open_regexp_replace = array();
+			$open_regexp_replace[0] = $open_regexp_temp;
+		}
+	}
+
+	if ($mark_lowest_level && $open_is_regexp)
+	{
+		message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda().");
+	}
+
+	// Start at the 2nd char of the string, looking for opening tags.
+	$curr_pos = 1;
+	while ($curr_pos && ($curr_pos < strlen($text)))
+	{
+		$curr_pos = strpos($text, "[", $curr_pos);
+
+		// If not found, $curr_pos will be 0, and the loop will end.
+		if ($curr_pos)
+		{
+			// We found a [. It starts at $curr_pos.
+			// check if it's a starting or ending tag.
+			$found_start = false;
+			$which_start_tag = "";
+			$start_tag_index = -1;
+
+			for ($i = 0; $i < $open_tag_count; $i++)
+			{
+				// Grab everything until the first "]"...
+				$possible_start = substr($text, $curr_pos, strpos($text, ']', $curr_pos + 1) - $curr_pos + 1);
+
+				//
+				// We're going to try and catch usernames with "[' characters.
+				//
+				if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
+				{
+					// OK we are in a quote tag that probably contains a ] bracket.
+					// Grab a bit more of the string to hopefully get all of it..
+					if ($close_pos = strpos($text, '"]', $curr_pos + 9))
+					{
+						if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false)
+						{
+							$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2);
+						}
+					}
+				}
+
+				// Now compare, either using regexp or not.
+				if ($open_is_regexp)
+				{
+					$match_result = array();
+					if (preg_match($open_tag[$i], $possible_start, $match_result))
+					{
+						$found_start = true;
+						$which_start_tag = $match_result[0];
+						$start_tag_index = $i;
+						break;
+					}
+				}
+				else
+				{
+					// straightforward string comparison.
+					if (0 == strcasecmp($open_tag[$i], $possible_start))
+					{
+						$found_start = true;
+						$which_start_tag = $open_tag[$i];
+						$start_tag_index = $i;
+						break;
+					}
+				}
+			}
+
+			if ($found_start)
+			{
+				// We have an opening tag.
+				// Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right.
+				$match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index);
+				bbcode_array_push($stack, $match);
+				//
+				// Rather than just increment $curr_pos
+				// Set it to the ending of the tag we just found
+				// Keeps error in nested tag from breaking out
+				// of table structure..
+				//
+				$curr_pos += strlen($possible_start);
+			}
+			else
+			{
+				// check for a closing tag..
+				$possible_end = substr($text, $curr_pos, $close_tag_length);
+				if (0 == strcasecmp($close_tag, $possible_end))
+				{
+					// We have an ending tag.
+					// Check if we've already found a matching starting tag.
+					if (sizeof($stack) > 0)
+					{
+						// There exists a starting tag.
+						$curr_nesting_depth = sizeof($stack);
+						// We need to do 2 replacements now.
+						$match = bbcode_array_pop($stack);
+						$start_index = $match['pos'];
+						$start_tag = $match['tag'];
+						$start_length = strlen($start_tag);
+						$start_tag_index = $match['index'];
+
+						if ($open_is_regexp)
+						{
+							$start_tag = preg_replace($open_tag[$start_tag_index], $open_regexp_replace[$start_tag_index], $start_tag);
+						}
+
+						// everything before the opening tag.
+						$before_start_tag = substr($text, 0, $start_index);
+
+						// everything after the opening tag, but before the closing tag.
+						$between_tags = substr($text, $start_index + $start_length, $curr_pos - $start_index - $start_length);
+
+						// Run the given function on the text between the tags..
+						if ($use_function_pointer)
+						{
+							$between_tags = $func($between_tags, $uid);
+						}
+
+						// everything after the closing tag.
+						$after_end_tag = substr($text, $curr_pos + $close_tag_length);
+
+						// Mark the lowest nesting level if needed.
+						if ($mark_lowest_level && ($curr_nesting_depth == 1))
+						{
+							if ($open_tag[0] == '[code]')
+							{
+								$code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#\(#', '#\)#', '#\{#', '#\}#');
+								$code_entities_replace = array('&lt;', '&gt;', '&quot;', '&#58;', '&#91;', '&#93;', '&#40;', '&#41;', '&#123;', '&#125;');
+								$between_tags = preg_replace($code_entities_match, $code_entities_replace, $between_tags);
+							}
+							$text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$curr_nesting_depth:$uid]";
+							$text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$curr_nesting_depth:$uid]";
+						}
+						else
+						{
+							if ($open_tag[0] == '[code]')
+							{
+								$text = $before_start_tag . '&#91;code&#93;';
+								$text .= $between_tags . '&#91;/code&#93;';
+							}
+							else
+							{
+								if ($open_is_regexp)
+								{
+									$text = $before_start_tag . $start_tag;
+								}
+								else
+								{
+									$text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]";
+								}
+								$text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]";
+							}
+						}
+
+						$text .= $after_end_tag;
+
+						// Now.. we've screwed up the indices by changing the length of the string.
+						// So, if there's anything in the stack, we want to resume searching just after it.
+						// otherwise, we go back to the start.
+						if (sizeof($stack) > 0)
+						{
+							$match = bbcode_array_pop($stack);
+							$curr_pos = $match['pos'];
+//							bbcode_array_push($stack, $match);
+//							++$curr_pos;
+						}
+						else
+						{
+							$curr_pos = 1;
+						}
+					}
+					else
+					{
+						// No matching start tag found. Increment pos, keep going.
+						++$curr_pos;
+					}
+				}
+				else
+				{
+					// No starting tag or ending tag.. Increment pos, keep looping.,
+					++$curr_pos;
+				}
+			}
+		}
+	} // while
+
+	return $text;
+
+} // bbencode_first_pass_pda()
+
+/**
+ * Does second-pass bbencoding of the [code] tags. This includes
+ * running htmlspecialchars() over the text contained between
+ * any pair of [code] tags that are at the first level of
+ * nesting. Tags at the first level of nesting are indicated
+ * by this format: [code:1:$uid] ... [/code:1:$uid]
+ * Other tags are in this format: [code:$uid] ... [/code:$uid]
+ */
+function bbencode_second_pass_code($text, $uid, $bbcode_tpl)
+{
+	global $lang;
+
+	$code_start_html = $bbcode_tpl['code_open'];
+	$code_end_html =  $bbcode_tpl['code_close'];
+
+	// First, do all the 1st-level matches. These need an htmlspecialchars() run,
+	// so they have to be handled differently.
+	$match_count = preg_match_all("#\[code:1:$uid\](.*?)\[/code:1:$uid\]#si", $text, $matches);
+
+	for ($i = 0; $i < $match_count; $i++)
+	{
+		$before_replace = $matches[1][$i];
+		$after_replace = $matches[1][$i];
+
+		// Replace 2 spaces with "&nbsp; " so non-tabbed code indents without making huge long lines.
+		$after_replace = str_replace("  ", "&nbsp; ", $after_replace);
+		// now Replace 2 spaces with " &nbsp;" to catch odd #s of spaces.
+		$after_replace = str_replace("  ", " &nbsp;", $after_replace);
+
+		// Replace tabs with "&nbsp; &nbsp;" so tabbed code indents sorta right without making huge long lines.
+		$after_replace = str_replace("\t", "&nbsp; &nbsp;", $after_replace);
+
+		// now Replace space occurring at the beginning of a line
+		$after_replace = preg_replace("/^ {1}/m", '&nbsp;', $after_replace);
+
+		$str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]";
+
+		$replacement = $code_start_html;
+		$replacement .= $after_replace;
+		$replacement .= $code_end_html;
+
+		$text = str_replace($str_to_match, $replacement, $text);
+	}
+
+	// Now, do all the non-first-level matches. These are simple.
+	$text = str_replace("[code:$uid]", $code_start_html, $text);
+	$text = str_replace("[/code:$uid]", $code_end_html, $text);
+
+	return $text;
+
+} // bbencode_second_pass_code()
+
+/**
+ * Rewritten by Nathan Codding - Feb 6, 2001.
+ * - Goes through the given string, and replaces xxxx://yyyy with an HTML <a> tag linking
+ * 	to that URL
+ * - Goes through the given string, and replaces www.xxxx.yyyy[zzzz] with an HTML <a> tag linking
+ * 	to http://www.xxxx.yyyy[/zzzz]
+ * - Goes through the given string, and replaces xxxx@yyyy with an HTML mailto: tag linking
+ *		to that email address
+ * - Only matches these 2 patterns either after a space, or at the beginning of a line
+ *
+ * Notes: the email one might get annoying - it's easy to make it more restrictive, though.. maybe
+ * have it require something like xxxx@yyyy.zzzz or such. We'll see.
+ */
+function make_clickable($text)
+{
+	$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1&#058;", $text);
+
+	// pad it with a space so we can match things at the start of the 1st line.
+	$ret = ' ' . $text;
+
+	// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
+	// xxxx can only be alpha characters.
+	// yyyy is anything up to the first space, newline, comma, double quote or <
+	$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
+
+	// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
+	// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
+	// zzzz is optional.. will contain everything up to the first space, newline, 
+	// comma, double quote or <.
+	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);
+
+	// matches an email@domain type address at the start of a line, or after a space.
+	// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
+	$ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret);
+
+	// Remove our padding..
+	$ret = substr($ret, 1);
+
+	return($ret);
+}
+
+/**
+ * Nathan Codding - Feb 6, 2001
+ * Reverses the effects of make_clickable(), for use in editpost.
+ * - Does not distinguish between "www.xxxx.yyyy" and "http://aaaa.bbbb" type URLs.
+ *
+ */
+function undo_make_clickable($text)
+{
+	$text = preg_replace("#<!-- BBCode auto-link start --><a href=\"(.*?)\" target=\"_blank\">.*?</a><!-- BBCode auto-link end -->#i", "\\1", $text);
+	$text = preg_replace("#<!-- BBcode auto-mailto start --><a href=\"mailto:(.*?)\">.*?</a><!-- BBCode auto-mailto end -->#i", "\\1", $text);
+
+	return $text;
+
+}
+
+/**
+ * Nathan Codding - August 24, 2000.
+ * Takes a string, and does the reverse of the PHP standard function
+ * htmlspecialchars().
+ */
+function undo_htmlspecialchars($input)
+{
+	$input = preg_replace("/&gt;/i", ">", $input);
+	$input = preg_replace("/&lt;/i", "<", $input);
+	$input = preg_replace("/&quot;/i", "\"", $input);
+	$input = preg_replace("/&amp;/i", "&", $input);
+
+	return $input;
+}
+
+/**
+ * This is used to change a [*] tag into a [*:$uid] tag as part
+ * of the first-pass bbencoding of [list] tags. It fits the
+ * standard required in order to be passed as a variable
+ * function into bbencode_first_pass_pda().
+ */
+function replace_listitems($text, $uid)
+{
+	$text = str_replace("[*]", "[*:$uid]", $text);
+
+	return $text;
+}
+
+/**
+ * Escapes the "/" character with "\/". This is useful when you need
+ * to stick a runtime string into a PREG regexp that is being delimited
+ * with slashes.
+ */
+function escape_slashes($input)
+{
+	$output = str_replace('/', '\/', $input);
+	return $output;
+}
+
+/**
+ * This function does exactly what the PHP4 function array_push() does
+ * however, to keep phpBB compatable with PHP 3 we had to come up with our own
+ * method of doing it.
+ */
+function bbcode_array_push(&$stack, $value)
+{
+   $stack[] = $value;
+   return(sizeof($stack));
+}
+
+/**
+ * This function does exactly what the PHP4 function array_pop() does
+ * however, to keep phpBB compatable with PHP 3 we had to come up with our own
+ * method of doing it.
+ */
+function bbcode_array_pop(&$stack)
+{
+   $arrSize = count($stack);
+   $x = 1;
+
+   while(list($key, $val) = each($stack))
+   {
+      if($x < count($stack))
+      {
+	 		$tmpArr[] = $val;
+      }
+      else
+      {
+	 		$return_val = $val;
+      }
+      $x++;
+   }
+   $stack = $tmpArr;
+
+   return($return_val);
+}
+
+//
+// Smilies code ... would this be better tagged on to the end of bbcode.php?
+// Probably so and I'll move it before B2
+//
+function smilies_pass($message)
+{
+	static $orig, $repl;
+
+	if (!isset($orig))
+	{
+		global $db, $board_config;
+		$orig = $repl = array();
+
+		$sql = 'SELECT * FROM ' . SMILIES_TABLE;
+		if( !$result = $db->sql_query($sql) )
+		{
+			message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql);
+		}
+		$smilies = $db->sql_fetchrowset($result);
+
+		if (count($smilies))
+		{
+			usort($smilies, 'smiley_sort');
+		}
+
+		for ($i = 0; $i < count($smilies); $i++)
+		{
+			$orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/";
+			$repl[] = '<img src="'. $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['emoticon'] . '" border="0" />';
+		}
+	}
+
+	if (count($orig))
+	{
+		$message = preg_replace($orig, $repl, ' ' . $message . ' ');
+		$message = substr($message, 1, -1);
+	}
+	
+	return $message;
+}
+
+function smiley_sort($a, $b)
+{
+	if ( strlen($a['code']) == strlen($b['code']) )
+	{
+		return 0;
+	}
+
+	return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1;
+}
+
+?>

phpBB/includes/constants.php

@@ -0,0 +1,182 @@
+<?php
+/***************************************************************************
+ *                               constants.php
+ *                            -------------------
+ *   begin                : Saturday', Feb 13', 2001
+ *   copyright            : ('C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License', or
+ *   ('at your option) any later version.
+ *
+ ***************************************************************************/
+
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
+// Debug Level
+//define('DEBUG', 1); // Debugging on
+define('DEBUG', 1); // Debugging off
+
+
+// User Levels <- Do not change the values of USER or ADMIN
+define('DELETED', -1);
+define('ANONYMOUS', -1);
+
+define('USER', 0);
+define('ADMIN', 1);
+define('MOD', 2);
+
+
+// User related
+define('USER_ACTIVATION_NONE', 0);
+define('USER_ACTIVATION_SELF', 1);
+define('USER_ACTIVATION_ADMIN', 2);
+
+define('USER_AVATAR_NONE', 0);
+define('USER_AVATAR_UPLOAD', 1);
+define('USER_AVATAR_REMOTE', 2);
+define('USER_AVATAR_GALLERY', 3);
+
+
+// Group settings
+define('GROUP_OPEN', 0);
+define('GROUP_CLOSED', 1);
+define('GROUP_HIDDEN', 2);
+
+
+// Forum state
+define('FORUM_UNLOCKED', 0);
+define('FORUM_LOCKED', 1);
+
+
+// Topic status
+define('TOPIC_UNLOCKED', 0);
+define('TOPIC_LOCKED', 1);
+define('TOPIC_MOVED', 2);
+define('TOPIC_WATCH_NOTIFIED', 1);
+define('TOPIC_WATCH_UN_NOTIFIED', 0);
+
+
+// Topic types
+define('POST_NORMAL', 0);
+define('POST_STICKY', 1);
+define('POST_ANNOUNCE', 2);
+define('POST_GLOBAL_ANNOUNCE', 3);
+
+
+// SQL codes
+define('BEGIN_TRANSACTION', 1);
+define('END_TRANSACTION', 2);
+
+
+// Error codes
+define('GENERAL_MESSAGE', 200);
+define('GENERAL_ERROR', 202);
+define('CRITICAL_MESSAGE', 203);
+define('CRITICAL_ERROR', 204);
+
+
+// Private messaging
+define('PRIVMSGS_READ_MAIL', 0);
+define('PRIVMSGS_NEW_MAIL', 1);
+define('PRIVMSGS_SENT_MAIL', 2);
+define('PRIVMSGS_SAVED_IN_MAIL', 3);
+define('PRIVMSGS_SAVED_OUT_MAIL', 4);
+define('PRIVMSGS_UNREAD_MAIL', 5);
+
+
+// URL PARAMETERS
+define('POST_TOPIC_URL', 't');
+define('POST_CAT_URL', 'c');
+define('POST_FORUM_URL', 'f');
+define('POST_USERS_URL', 'u');
+define('POST_POST_URL', 'p');
+define('POST_GROUPS_URL', 'g');
+
+// Session parameters
+define('SESSION_METHOD_COOKIE', 100);
+define('SESSION_METHOD_GET', 101);
+
+
+// Page numbers for session handling
+define('PAGE_INDEX', 0);
+define('PAGE_LOGIN', -1);
+define('PAGE_SEARCH', -2);
+define('PAGE_REGISTER', -3);
+define('PAGE_PROFILE', -4);
+define('PAGE_VIEWONLINE', -6);
+define('PAGE_VIEWMEMBERS', -7);
+define('PAGE_FAQ', -8);
+define('PAGE_POSTING', -9);
+define('PAGE_PRIVMSGS', -10);
+define('PAGE_GROUPCP', -11);
+define('PAGE_TOPIC_OFFSET', 5000);
+
+
+// Auth settings
+define('AUTH_LIST_ALL', 0);
+define('AUTH_ALL', 0);
+
+define('AUTH_REG', 1);
+define('AUTH_ACL', 2);
+define('AUTH_MOD', 3);
+define('AUTH_ADMIN', 5);
+
+define('AUTH_VIEW', 1);
+define('AUTH_READ', 2);
+define('AUTH_POST', 3);
+define('AUTH_REPLY', 4);
+define('AUTH_EDIT', 5);
+define('AUTH_DELETE', 6);
+define('AUTH_ANNOUNCE', 7);
+define('AUTH_STICKY', 8);
+define('AUTH_POLLCREATE', 9);
+define('AUTH_VOTE', 10);
+define('AUTH_ATTACH', 11);
+
+
+// Table names
+define('CONFIRM_TABLE', $table_prefix.'confirm');
+define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access');
+define('BANLIST_TABLE', $table_prefix.'banlist');
+define('CATEGORIES_TABLE', $table_prefix.'categories');
+define('CONFIG_TABLE', $table_prefix.'config');
+define('DISALLOW_TABLE', $table_prefix.'disallow');
+define('FORUMS_TABLE', $table_prefix.'forums');
+define('GROUPS_TABLE', $table_prefix.'groups');
+define('POSTS_TABLE', $table_prefix.'posts');
+define('POSTS_TEXT_TABLE', $table_prefix.'posts_text');
+define('PRIVMSGS_TABLE', $table_prefix.'privmsgs');
+define('PRIVMSGS_TEXT_TABLE', $table_prefix.'privmsgs_text');
+define('PRIVMSGS_IGNORE_TABLE', $table_prefix.'privmsgs_ignore');
+define('PRUNE_TABLE', $table_prefix.'forum_prune');
+define('RANKS_TABLE', $table_prefix.'ranks');
+define('SEARCH_TABLE', $table_prefix.'search_results');
+define('SEARCH_WORD_TABLE', $table_prefix.'search_wordlist');
+define('SEARCH_MATCH_TABLE', $table_prefix.'search_wordmatch');
+define('SESSIONS_TABLE', $table_prefix.'sessions');
+define('SMILIES_TABLE', $table_prefix.'smilies');
+define('THEMES_TABLE', $table_prefix.'themes');
+define('THEMES_NAME_TABLE', $table_prefix.'themes_name');
+define('TOPICS_TABLE', $table_prefix.'topics');
+define('TOPICS_WATCH_TABLE', $table_prefix.'topics_watch');
+define('USER_GROUP_TABLE', $table_prefix.'user_group');
+define('USERS_TABLE', $table_prefix.'users');
+define('WORDS_TABLE', $table_prefix.'words');
+define('VOTE_DESC_TABLE', $table_prefix.'vote_desc');
+define('VOTE_RESULTS_TABLE', $table_prefix.'vote_results');
+define('VOTE_USERS_TABLE', $table_prefix.'vote_voters');
+
+?>

phpBB/includes/db.php

@@ -0,0 +1,66 @@
+<?php
+/***************************************************************************
+ *                                 db.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if ( !defined('IN_PHPBB') )
+{
+	die("Hacking attempt");
+}
+
+switch($dbms)
+{
+	case 'mysql':
+		include($phpbb_root_path . 'db/mysql.'.$phpEx);
+		break;
+
+	case 'mysql4':
+		include($phpbb_root_path . 'db/mysql4.'.$phpEx);
+		break;
+
+	case 'postgres':
+		include($phpbb_root_path . 'db/postgres7.'.$phpEx);
+		break;
+
+	case 'mssql':
+		include($phpbb_root_path . 'db/mssql.'.$phpEx);
+		break;
+
+	case 'oracle':
+		include($phpbb_root_path . 'db/oracle.'.$phpEx);
+		break;
+
+	case 'msaccess':
+		include($phpbb_root_path . 'db/msaccess.'.$phpEx);
+		break;
+
+	case 'mssql-odbc':
+		include($phpbb_root_path . 'db/mssql-odbc.'.$phpEx);
+		break;
+}
+
+// Make the database connection.
+$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);
+if(!$db->db_connect_id)
+{
+   message_die(CRITICAL_ERROR, "Could not connect to the database");
+}
+
+?>

phpBB/includes/emailer.php

@@ -0,0 +1,373 @@
+<?php
+/***************************************************************************
+                                emailer.php
+                             -------------------
+    begin                : Sunday Aug. 12, 2001
+    copyright            : (C) 2001 The phpBB Group
+    email                : support@phpbb.com
+
+    $Id$
+
+***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+//
+// The emailer class has support for attaching files, that isn't implemented
+// in the 2.0 release but we can probable find some way of using it in a future
+// release
+//
+class emailer
+{
+	var $msg, $subject, $extra_headers;
+	var $addresses, $reply_to, $from;
+	var $use_smtp;
+
+	var $tpl_msg = array();
+
+	function emailer($use_smtp)
+	{
+		$this->reset();
+		$this->use_smtp = $use_smtp;
+		$this->reply_to = $this->from = '';
+	}
+
+	// Resets all the data (address, template file, etc etc to default
+	function reset()
+	{
+		$this->addresses = array();
+		$this->vars = $this->msg = $this->extra_headers = '';
+	}
+
+	// Sets an email address to send to
+	function email_address($address)
+	{
+		$this->addresses['to'] = trim($address);
+	}
+
+	function cc($address)
+	{
+		$this->addresses['cc'][] = trim($address);
+	}
+
+	function bcc($address)
+	{
+		$this->addresses['bcc'][] = trim($address);
+	}
+
+	function replyto($address)
+	{
+		$this->reply_to = trim($address);
+	}
+
+	function from($address)
+	{
+		$this->from = trim($address);
+	}
+
+	// set up subject for mail
+	function set_subject($subject = '')
+	{
+		$this->subject = trim(preg_replace('#[\n\r]+#s', '', $subject));
+	}
+
+	// set up extra mail headers
+	function extra_headers($headers)
+	{
+		$this->extra_headers .= trim($headers) . "\n";
+	}
+
+	function use_template($template_file, $template_lang = '')
+	{
+		global $board_config, $phpbb_root_path;
+
+		if (trim($template_file) == '')
+		{
+			message_die(GENERAL_ERROR, 'No template file set', '', __LINE__, __FILE__);
+		}
+
+		if (trim($template_lang) == '')
+		{
+			$template_lang = $board_config['default_lang'];
+		}
+
+		if (empty($this->tpl_msg[$template_lang . $template_file]))
+		{
+			$tpl_file = $phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl';
+
+			if (!@file_exists(@phpbb_realpath($tpl_file)))
+			{
+				$tpl_file = $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/email/' . $template_file . '.tpl';
+
+				if (!@file_exists(@phpbb_realpath($tpl_file)))
+				{
+					message_die(GENERAL_ERROR, 'Could not find email template file :: ' . $template_file, '', __LINE__, __FILE__);
+				}
+			}
+
+			if (!($fd = @fopen($tpl_file, 'r')))
+			{
+				message_die(GENERAL_ERROR, 'Failed opening template file :: ' . $tpl_file, '', __LINE__, __FILE__);
+			}
+
+			$this->tpl_msg[$template_lang . $template_file] = fread($fd, filesize($tpl_file));
+			fclose($fd);
+		}
+
+		$this->msg = $this->tpl_msg[$template_lang . $template_file];
+
+		return true;
+	}
+
+	// assign variables
+	function assign_vars($vars)
+	{
+		$this->vars = (empty($this->vars)) ? $vars : $this->vars . $vars;
+	}
+
+	// Send the mail out to the recipients set previously in var $this->address
+	function send()
+	{
+		global $board_config, $lang, $phpEx, $phpbb_root_path, $db;
+
+    	// Escape all quotes, else the eval will fail.
+		$this->msg = str_replace ("'", "\'", $this->msg);
+		$this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg);
+
+		// Set vars
+		reset ($this->vars);
+		while (list($key, $val) = each($this->vars)) 
+		{
+			$$key = $val;
+		}
+
+		eval("\$this->msg = '$this->msg';");
+
+		// Clear vars
+		reset ($this->vars);
+		while (list($key, $val) = each($this->vars)) 
+		{
+			unset($$key);
+		}
+
+		// We now try and pull a subject from the email body ... if it exists,
+		// do this here because the subject may contain a variable
+		$drop_header = '';
+		$match = array();
+		if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match))
+		{
+			$this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject');
+			$drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#');
+		}
+		else
+		{
+			$this->subject = (($this->subject != '') ? $this->subject : 'No Subject');
+		}
+
+		if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match))
+		{
+			$this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']);
+			$drop_header .= '[\r\n]*?' . phpbb_preg_quote($match[1], '#');
+		}
+		else
+		{
+			$this->encoding = trim($lang['ENCODING']);
+		}
+
+		if ($drop_header != '')
+		{
+			$this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg));
+		}
+
+		$to = $this->addresses['to'];
+
+		$cc = (count($this->addresses['cc'])) ? implode(', ', $this->addresses['cc']) : '';
+		$bcc = (count($this->addresses['bcc'])) ? implode(', ', $this->addresses['bcc']) : '';
+
+		// Build header
+		$this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $board_config['board_email'] . "\n") . "Return-Path: " . $board_config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . $board_config['server_name'] . ">\nMIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\nX-Mailer: PHP\nX-MimeOLE: Produced By phpBB2\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '')  . (($bcc != '') ? "Bcc: $bcc\n" : ''); 
+
+		// Send message ... removed $this->encode() from subject for time being
+		if ( $this->use_smtp )
+		{
+			if ( !defined('SMTP_INCLUDED') ) 
+			{
+				include($phpbb_root_path . 'includes/smtp.' . $phpEx);
+			}
+
+			$result = smtpmail($to, $this->subject, $this->msg, $this->extra_headers);
+		}
+		else
+		{
+			$empty_to_header = ($to == '') ? TRUE : FALSE;
+			$to = ($to == '') ? (($board_config['sendmail_fix']) ? ' ' : 'Undisclosed-recipients:;') : $to;
+	
+			$result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers);
+			
+			if (!$result && !$board_config['sendmail_fix'] && $empty_to_header)
+			{
+				$to = ' ';
+
+				$sql = "UPDATE " . CONFIG_TABLE . " 
+					SET config_value = '1'
+					WHERE config_name = 'sendmail_fix'";
+				if (!$db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, 'Unable to update config table', '', __LINE__, __FILE__, $sql);
+				}
+
+				$board_config['sendmail_fix'] = 1;
+				$result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers);
+			}
+		}
+
+		// Did it work?
+		if (!$result)
+		{
+			message_die(GENERAL_ERROR, 'Failed sending email :: ' . (($this->use_smtp) ? 'SMTP' : 'PHP') . ' :: ' . $result, '', __LINE__, __FILE__);
+		}
+
+		return true;
+	}
+
+	// Encodes the given string for proper display for this encoding ... nabbed 
+	// from php.net and modified. There is an alternative encoding method which 
+	// may produce lesd output but it's questionable as to its worth in this 
+	// scenario IMO
+	function encode($str)
+	{
+		if ($this->encoding == '')
+		{
+			return $str;
+		}
+
+		// define start delimimter, end delimiter and spacer
+		$end = "?=";
+		$start = "=?$this->encoding?B?";
+		$spacer = "$end\r\n $start";
+
+		// determine length of encoded text within chunks and ensure length is even
+		$length = 75 - strlen($start) - strlen($end);
+		$length = floor($length / 2) * 2;
+
+		// encode the string and split it into chunks with spacers after each chunk
+		$str = chunk_split(base64_encode($str), $length, $spacer);
+
+		// remove trailing spacer and add start and end delimiters
+		$str = preg_replace('#' . phpbb_preg_quote($spacer, '#') . '$#', '', $str);
+
+		return $start . $str . $end;
+	}
+
+	//
+	// Attach files via MIME.
+	//
+	function attachFile($filename, $mimetype = "application/octet-stream", $szFromAddress, $szFilenameToDisplay)
+	{
+		global $lang;
+		$mime_boundary = "--==================_846811060==_";
+
+		$this->msg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"" . $lang['ENCODING'] . "\"\n\n" . $this->msg;
+
+		if ($mime_filename)
+		{
+			$filename = $mime_filename;
+			$encoded = $this->encode_file($filename);
+		}
+
+		$fd = fopen($filename, "r");
+		$contents = fread($fd, filesize($filename));
+
+		$this->mimeOut = "--" . $mime_boundary . "\n";
+		$this->mimeOut .= "Content-Type: " . $mimetype . ";\n\tname=\"$szFilenameToDisplay\"\n";
+		$this->mimeOut .= "Content-Transfer-Encoding: quoted-printable\n";
+		$this->mimeOut .= "Content-Disposition: attachment;\n\tfilename=\"$szFilenameToDisplay\"\n\n";
+
+		if ( $mimetype == "message/rfc822" )
+		{
+			$this->mimeOut .= "From: ".$szFromAddress."\n";
+			$this->mimeOut .= "To: ".$this->emailAddress."\n";
+			$this->mimeOut .= "Date: ".date("D, d M Y H:i:s") . " UT\n";
+			$this->mimeOut .= "Reply-To:".$szFromAddress."\n";
+			$this->mimeOut .= "Subject: ".$this->mailSubject."\n";
+			$this->mimeOut .= "X-Mailer: PHP/".phpversion()."\n";
+			$this->mimeOut .= "MIME-Version: 1.0\n";
+		}
+
+		$this->mimeOut .= $contents."\n";
+		$this->mimeOut .= "--" . $mime_boundary . "--" . "\n";
+
+		return $out;
+		// added -- to notify email client attachment is done
+	}
+
+	function getMimeHeaders($filename, $mime_filename="")
+	{
+		$mime_boundary = "--==================_846811060==_";
+
+		if ($mime_filename)
+		{
+			$filename = $mime_filename;
+		}
+
+		$out = "MIME-Version: 1.0\n";
+		$out .= "Content-Type: multipart/mixed;\n\tboundary=\"$mime_boundary\"\n\n";
+		$out .= "This message is in MIME format. Since your mail reader does not understand\n";
+		$out .= "this format, some or all of this message may not be legible.";
+
+		return $out;
+	}
+
+	//
+   // Split string by RFC 2045 semantics (76 chars per line, end with \r\n).
+	//
+	function myChunkSplit($str)
+	{
+		$stmp = $str;
+		$len = strlen($stmp);
+		$out = "";
+
+		while ($len > 0)
+		{
+			if ($len >= 76)
+			{
+				$out .= substr($stmp, 0, 76) . "\r\n";
+				$stmp = substr($stmp, 76);
+				$len = $len - 76;
+			}
+			else
+			{
+				$out .= $stmp . "\r\n";
+				$stmp = "";
+				$len = 0;
+			}
+		}
+		return $out;
+	}
+
+	//
+   // Split the specified file up into a string and return it
+	//
+	function encode_file($sourcefile)
+	{
+		if (is_readable(phpbb_realpath($sourcefile)))
+		{
+			$fd = fopen($sourcefile, "r");
+			$contents = fread($fd, filesize($sourcefile));
+	      $encoded = $this->myChunkSplit(base64_encode($contents));
+	      fclose($fd);
+		}
+
+		return $encoded;
+	}
+
+} // class emailer
+
+?>

phpBB/includes/functions.php

@@ -0,0 +1,807 @@
+<?php
+/***************************************************************************
+ *                               functions.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ *
+ ***************************************************************************/
+
+function get_db_stat($mode)
+{
+	global $db;
+
+	switch( $mode )
+	{
+		case 'usercount':
+			$sql = "SELECT COUNT(user_id) AS total
+				FROM " . USERS_TABLE . "
+				WHERE user_id <> " . ANONYMOUS;
+			break;
+
+		case 'newestuser':
+			$sql = "SELECT user_id, username
+				FROM " . USERS_TABLE . "
+				WHERE user_id <> " . ANONYMOUS . "
+				ORDER BY user_id DESC
+				LIMIT 1";
+			break;
+
+		case 'postcount':
+		case 'topiccount':
+			$sql = "SELECT SUM(forum_topics) AS topic_total, SUM(forum_posts) AS post_total
+				FROM " . FORUMS_TABLE;
+			break;
+	}
+
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		return false;
+	}
+
+	$row = $db->sql_fetchrow($result);
+
+	switch ( $mode )
+	{
+		case 'usercount':
+			return $row['total'];
+			break;
+		case 'newestuser':
+			return $row;
+			break;
+		case 'postcount':
+			return $row['post_total'];
+			break;
+		case 'topiccount':
+			return $row['topic_total'];
+			break;
+	}
+
+	return false;
+}
+
+// added at phpBB 2.0.11 to properly format the username
+function phpbb_clean_username($username)
+{
+	$username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25);
+	$username = phpbb_rtrim($username, "\\");	
+	$username = str_replace("'", "\'", $username);
+
+	return $username;
+}
+
+// added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0)
+function phpbb_rtrim($str, $charlist = false)
+{
+	if ($charlist === false)
+	{
+		return rtrim($str);
+	}
+	
+	$php_version = explode('.', PHP_VERSION);
+
+	// php version < 4.1.0
+	if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1))
+	{
+		while ($str{strlen($str)-1} == $charlist)
+		{
+			$str = substr($str, 0, strlen($str)-1);
+		}
+	}
+	else
+	{
+		$str = rtrim($str, $charlist);
+	}
+
+	return $str;
+}
+
+//
+// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
+//
+function get_userdata($user, $force_str = false)
+{
+	global $db;
+
+	if (intval($user) == 0 || $force_str)
+	{
+		$user = phpbb_clean_username($user);
+	}
+	else
+	{
+		$user = intval($user);
+	}
+
+	$sql = "SELECT *
+		FROM " . USERS_TABLE . " 
+		WHERE ";
+	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  $user . "'" ) . " AND user_id <> " . ANONYMOUS;
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
+	}
+
+	return ( $row = $db->sql_fetchrow($result) ) ? $row : false;
+}
+
+function make_jumpbox($action, $match_forum_id = 0)
+{
+	global $template, $userdata, $lang, $db, $nav_links, $phpEx, $SID;
+
+//	$is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
+
+	$sql = "SELECT c.cat_id, c.cat_title, c.cat_order
+		FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f
+		WHERE f.cat_id = c.cat_id
+		GROUP BY c.cat_id, c.cat_title, c.cat_order
+		ORDER BY c.cat_order";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, "Couldn't obtain category list.", "", __LINE__, __FILE__, $sql);
+	}
+	
+	$category_rows = array();
+	while ( $row = $db->sql_fetchrow($result) )
+	{
+		$category_rows[] = $row;
+	}
+
+	if ( $total_categories = count($category_rows) )
+	{
+		$sql = "SELECT *
+			FROM " . FORUMS_TABLE . "
+			ORDER BY cat_id, forum_order";
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Could not obtain forums information', '', __LINE__, __FILE__, $sql);
+		}
+
+		$boxstring = '<select name="' . POST_FORUM_URL . '" onchange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"><option value="-1">' . $lang['Select_forum'] . '</option>';
+
+		$forum_rows = array();
+		while ( $row = $db->sql_fetchrow($result) )
+		{
+			$forum_rows[] = $row;
+		}
+
+		if ( $total_forums = count($forum_rows) )
+		{
+			for($i = 0; $i < $total_categories; $i++)
+			{
+				$boxstring_forums = '';
+				for($j = 0; $j < $total_forums; $j++)
+				{
+					if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG )
+					{
+
+//					if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $is_auth[$forum_rows[$j]['forum_id']]['auth_view'] )
+//					{
+						$selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : '';
+						$boxstring_forums .=  '<option value="' . $forum_rows[$j]['forum_id'] . '"' . $selected . '>' . $forum_rows[$j]['forum_name'] . '</option>';
+
+						//
+						// Add an array to $nav_links for the Mozilla navigation bar.
+						// 'chapter' and 'forum' can create multiple items, therefore we are using a nested array.
+						//
+						$nav_links['chapter forum'][$forum_rows[$j]['forum_id']] = array (
+							'url' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=" . $forum_rows[$j]['forum_id']),
+							'title' => $forum_rows[$j]['forum_name']
+						);
+								
+					}
+				}
+
+				if ( $boxstring_forums != '' )
+				{
+					$boxstring .= '<option value="-1">&nbsp;</option>';
+					$boxstring .= '<option value="-1">' . $category_rows[$i]['cat_title'] . '</option>';
+					$boxstring .= '<option value="-1">----------------</option>';
+					$boxstring .= $boxstring_forums;
+				}
+			}
+		}
+
+		$boxstring .= '</select>';
+	}
+	else
+	{
+		$boxstring .= '<select name="' . POST_FORUM_URL . '" onchange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>';
+	}
+
+	// Let the jumpbox work again in sites having additional session id checks.
+//	if ( !empty($SID) )
+//	{
+		$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
+//	}
+
+	$template->set_filenames(array(
+		'jumpbox' => 'jumpbox.tpl')
+	);
+	$template->assign_vars(array(
+		'L_GO' => $lang['Go'],
+		'L_JUMP_TO' => $lang['Jump_to'],
+		'L_SELECT_FORUM' => $lang['Select_forum'],
+
+		'S_JUMPBOX_SELECT' => $boxstring,
+		'S_JUMPBOX_ACTION' => append_sid($action))
+	);
+	$template->assign_var_from_handle('JUMPBOX', 'jumpbox');
+
+	return;
+}
+
+//
+// Initialise user settings on page load
+function init_userprefs($userdata)
+{
+	global $board_config, $theme, $images;
+	global $template, $lang, $phpEx, $phpbb_root_path;
+	global $nav_links;
+
+	if ( $userdata['user_id'] != ANONYMOUS )
+	{
+		if ( !empty($userdata['user_lang']))
+		{
+			$board_config['default_lang'] = $userdata['user_lang'];
+		}
+
+		if ( !empty($userdata['user_dateformat']) )
+		{
+			$board_config['default_dateformat'] = $userdata['user_dateformat'];
+		}
+
+		if ( isset($userdata['user_timezone']) )
+		{
+			$board_config['board_timezone'] = $userdata['user_timezone'];
+		}
+	}
+
+	if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) )
+	{
+		$board_config['default_lang'] = 'english';
+	}
+
+	include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx);
+
+	if ( defined('IN_ADMIN') )
+	{
+		if( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx)) )
+		{
+			$board_config['default_lang'] = 'english';
+		}
+
+		include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.' . $phpEx);
+	}
+
+	//
+	// Set up style
+	//
+	if ( !$board_config['override_user_style'] )
+	{
+		if ( $userdata['user_id'] != ANONYMOUS && $userdata['user_style'] > 0 )
+		{
+			if ( $theme = setup_style($userdata['user_style']) )
+			{
+				return;
+			}
+		}
+	}
+
+	$theme = setup_style($board_config['default_style']);
+
+	//
+	// Mozilla navigation bar
+	// Default items that should be valid on all pages.
+	// Defined here to correctly assign the Language Variables
+	// and be able to change the variables within code.
+	//
+	$nav_links['top'] = array ( 
+		'url' => append_sid($phpbb_root_path . 'index.' . $phpEx),
+		'title' => sprintf($lang['Forum_Index'], $board_config['sitename'])
+	);
+	$nav_links['search'] = array ( 
+		'url' => append_sid($phpbb_root_path . 'search.' . $phpEx),
+		'title' => $lang['Search']
+	);
+	$nav_links['help'] = array ( 
+		'url' => append_sid($phpbb_root_path . 'faq.' . $phpEx),
+		'title' => $lang['FAQ']
+	);
+	$nav_links['author'] = array ( 
+		'url' => append_sid($phpbb_root_path . 'memberlist.' . $phpEx),
+		'title' => $lang['Memberlist']
+	);
+
+	return;
+}
+
+function setup_style($style)
+{
+	global $db, $board_config, $template, $images, $phpbb_root_path;
+
+	$sql = "SELECT *
+		FROM " . THEMES_TABLE . "
+		WHERE themes_id = $style";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(CRITICAL_ERROR, 'Could not query database for theme info');
+	}
+
+	if ( !($row = $db->sql_fetchrow($result)) )
+	{
+		message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
+	}
+
+	$template_path = 'templates/' ;
+	$template_name = $row['template_name'] ;
+
+	$template = new Template($phpbb_root_path . $template_path . $template_name);
+
+	if ( $template )
+	{
+		$current_template_path = $template_path . $template_name;
+		@include($phpbb_root_path . $template_path . $template_name . '/' . $template_name . '.cfg');
+
+		if ( !defined('TEMPLATE_CONFIG') )
+		{
+			message_die(CRITICAL_ERROR, "Could not open $template_name template config file", '', __LINE__, __FILE__);
+		}
+
+		$img_lang = ( file_exists(@phpbb_realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english';
+
+		while( list($key, $value) = @each($images) )
+		{
+			if ( !is_array($value) )
+			{
+				$images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value);
+			}
+		}
+	}
+
+	return $row;
+}
+
+function encode_ip($dotquad_ip)
+{
+	$ip_sep = explode('.', $dotquad_ip);
+	return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
+}
+
+function decode_ip($int_ip)
+{
+	$hexipbang = explode('.', chunk_split($int_ip, 2, '.'));
+	return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
+}
+
+//
+// Create date/time from format and timezone
+//
+function create_date($format, $gmepoch, $tz)
+{
+	global $board_config, $lang;
+	static $translate;
+
+	if ( empty($translate) && $board_config['default_lang'] != 'english' )
+	{
+		@reset($lang['datetime']);
+		while ( list($match, $replace) = @each($lang['datetime']) )
+		{
+			$translate[$match] = $replace;
+		}
+	}
+
+	return ( !empty($translate) ) ? strtr(@gmdate($format, $gmepoch + (3600 * $tz)), $translate) : @gmdate($format, $gmepoch + (3600 * $tz));
+}
+
+//
+// Pagination routine, generates
+// page number sequence
+//
+function generate_pagination($base_url, $num_items, $per_page, $start_item, $add_prevnext_text = TRUE)
+{
+	global $lang;
+
+	$total_pages = ceil($num_items/$per_page);
+
+	if ( $total_pages == 1 )
+	{
+		return '';
+	}
+
+	$on_page = floor($start_item / $per_page) + 1;
+
+	$page_string = '';
+	if ( $total_pages > 10 )
+	{
+		$init_page_max = ( $total_pages > 3 ) ? 3 : $total_pages;
+
+		for($i = 1; $i < $init_page_max + 1; $i++)
+		{
+			$page_string .= ( $i == $on_page ) ? '<b>' . $i . '</b>' : '<a href="' . append_sid($base_url . "&amp;start=" . ( ( $i - 1 ) * $per_page ) ) . '">' . $i . '</a>';
+			if ( $i <  $init_page_max )
+			{
+				$page_string .= ", ";
+			}
+		}
+
+		if ( $total_pages > 3 )
+		{
+			if ( $on_page > 1  && $on_page < $total_pages )
+			{
+				$page_string .= ( $on_page > 5 ) ? ' ... ' : ', ';
+
+				$init_page_min = ( $on_page > 4 ) ? $on_page : 5;
+				$init_page_max = ( $on_page < $total_pages - 4 ) ? $on_page : $total_pages - 4;
+
+				for($i = $init_page_min - 1; $i < $init_page_max + 2; $i++)
+				{
+					$page_string .= ($i == $on_page) ? '<b>' . $i . '</b>' : '<a href="' . append_sid($base_url . "&amp;start=" . ( ( $i - 1 ) * $per_page ) ) . '">' . $i . '</a>';
+					if ( $i <  $init_page_max + 1 )
+					{
+						$page_string .= ', ';
+					}
+				}
+
+				$page_string .= ( $on_page < $total_pages - 4 ) ? ' ... ' : ', ';
+			}
+			else
+			{
+				$page_string .= ' ... ';
+			}
+
+			for($i = $total_pages - 2; $i < $total_pages + 1; $i++)
+			{
+				$page_string .= ( $i == $on_page ) ? '<b>' . $i . '</b>'  : '<a href="' . append_sid($base_url . "&amp;start=" . ( ( $i - 1 ) * $per_page ) ) . '">' . $i . '</a>';
+				if( $i <  $total_pages )
+				{
+					$page_string .= ", ";
+				}
+			}
+		}
+	}
+	else
+	{
+		for($i = 1; $i < $total_pages + 1; $i++)
+		{
+			$page_string .= ( $i == $on_page ) ? '<b>' . $i . '</b>' : '<a href="' . append_sid($base_url . "&amp;start=" . ( ( $i - 1 ) * $per_page ) ) . '">' . $i . '</a>';
+			if ( $i <  $total_pages )
+			{
+				$page_string .= ', ';
+			}
+		}
+	}
+
+	if ( $add_prevnext_text )
+	{
+		if ( $on_page > 1 )
+		{
+			$page_string = ' <a href="' . append_sid($base_url . "&amp;start=" . ( ( $on_page - 2 ) * $per_page ) ) . '">' . $lang['Previous'] . '</a>&nbsp;&nbsp;' . $page_string;
+		}
+
+		if ( $on_page < $total_pages )
+		{
+			$page_string .= '&nbsp;&nbsp;<a href="' . append_sid($base_url . "&amp;start=" . ( $on_page * $per_page ) ) . '">' . $lang['Next'] . '</a>';
+		}
+
+	}
+
+	$page_string = $lang['Goto_page'] . ' ' . $page_string;
+
+	return $page_string;
+}
+
+//
+// This does exactly what preg_quote() does in PHP 4-ish
+// If you just need the 1-parameter preg_quote call, then don't bother using this.
+//
+function phpbb_preg_quote($str, $delimiter)
+{
+	$text = preg_quote($str);
+	$text = str_replace($delimiter, '\\' . $delimiter, $text);
+	
+	return $text;
+}
+
+//
+// Obtain list of naughty words and build preg style replacement arrays for use by the
+// calling script, note that the vars are passed as references this just makes it easier
+// to return both sets of arrays
+//
+function obtain_word_list(&$orig_word, &$replacement_word)
+{
+	global $db;
+
+	//
+	// Define censored word matches
+	//
+	$sql = "SELECT word, replacement
+		FROM  " . WORDS_TABLE;
+	if( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not get censored words from database', '', __LINE__, __FILE__, $sql);
+	}
+
+	if ( $row = $db->sql_fetchrow($result) )
+	{
+		do 
+		{
+			$orig_word[] = '#\b(' . str_replace('\*', '\w*?', phpbb_preg_quote($row['word'], '#')) . ')\b#i';
+			$replacement_word[] = $row['replacement'];
+		}
+		while ( $row = $db->sql_fetchrow($result) );
+	}
+
+	return true;
+}
+
+//
+// This is general replacement for die(), allows templated
+// output in users (or default) language, etc.
+//
+// $msg_code can be one of these constants:
+//
+// GENERAL_MESSAGE : Use for any simple text message, eg. results 
+// of an operation, authorisation failures, etc.
+//
+// GENERAL ERROR : Use for any error which occurs _AFTER_ the 
+// common.php include and session code, ie. most errors in 
+// pages/functions
+//
+// CRITICAL_MESSAGE : Used when basic config data is available but 
+// a session may not exist, eg. banned users
+//
+// CRITICAL_ERROR : Used when config data cannot be obtained, eg
+// no database connection. Should _not_ be used in 99.5% of cases
+//
+function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '', $err_file = '', $sql = '')
+{
+	global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header, $images;
+	global $userdata, $user_ip, $session_length;
+	global $starttime;
+
+	if(defined('HAS_DIED'))
+	{
+		die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?");
+	}
+	
+	define(HAS_DIED, 1);
+	
+
+	$sql_store = $sql;
+	
+	//
+	// Get SQL error if we are debugging. Do this as soon as possible to prevent 
+	// subsequent queries from overwriting the status of sql_error()
+	//
+	if ( DEBUG && ( $msg_code == GENERAL_ERROR || $msg_code == CRITICAL_ERROR ) )
+	{
+		$sql_error = $db->sql_error();
+
+		$debug_text = '';
+
+		if ( $sql_error['message'] != '' )
+		{
+			$debug_text .= '<br /><br />SQL Error : ' . $sql_error['code'] . ' ' . $sql_error['message'];
+		}
+
+		if ( $sql_store != '' )
+		{
+			$debug_text .= "<br /><br />$sql_store";
+		}
+
+		if ( $err_line != '' && $err_file != '' )
+		{
+			$debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
+		}
+	}
+
+	if( empty($userdata) && ( $msg_code == GENERAL_MESSAGE || $msg_code == GENERAL_ERROR ) )
+	{
+		$userdata = session_pagestart($user_ip, PAGE_INDEX);
+		init_userprefs($userdata);
+	}
+
+	//
+	// If the header hasn't been output then do it
+	//
+	if ( !defined('HEADER_INC') && $msg_code != CRITICAL_ERROR )
+	{
+		if ( empty($lang) )
+		{
+			if ( !empty($board_config['default_lang']) )
+			{
+				include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx);
+			}
+			else
+			{
+				include($phpbb_root_path . 'language/lang_english/lang_main.'.$phpEx);
+			}
+		}
+
+		if ( empty($template) )
+		{
+			$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
+		}
+		if ( empty($theme) )
+		{
+			$theme = setup_style($board_config['default_style']);
+		}
+
+		//
+		// Load the Page Header
+		//
+		if ( !defined('IN_ADMIN') )
+		{
+			include($phpbb_root_path . 'includes/page_header.'.$phpEx);
+		}
+		else
+		{
+			include($phpbb_root_path . 'admin/page_header_admin.'.$phpEx);
+		}
+	}
+
+	switch($msg_code)
+	{
+		case GENERAL_MESSAGE:
+			if ( $msg_title == '' )
+			{
+				$msg_title = $lang['Information'];
+			}
+			break;
+
+		case CRITICAL_MESSAGE:
+			if ( $msg_title == '' )
+			{
+				$msg_title = $lang['Critical_Information'];
+			}
+			break;
+
+		case GENERAL_ERROR:
+			if ( $msg_text == '' )
+			{
+				$msg_text = $lang['An_error_occured'];
+			}
+
+			if ( $msg_title == '' )
+			{
+				$msg_title = $lang['General_Error'];
+			}
+			break;
+
+		case CRITICAL_ERROR:
+			//
+			// Critical errors mean we cannot rely on _ANY_ DB information being
+			// available so we're going to dump out a simple echo'd statement
+			//
+			include($phpbb_root_path . 'language/lang_english/lang_main.'.$phpEx);
+
+			if ( $msg_text == '' )
+			{
+				$msg_text = $lang['A_critical_error'];
+			}
+
+			if ( $msg_title == '' )
+			{
+				$msg_title = 'phpBB : <b>' . $lang['Critical_Error'] . '</b>';
+			}
+			break;
+	}
+
+	//
+	// Add on DEBUG info if we've enabled debug mode and this is an error. This
+	// prevents debug info being output for general messages should DEBUG be
+	// set TRUE by accident (preventing confusion for the end user!)
+	//
+	if ( DEBUG && ( $msg_code == GENERAL_ERROR || $msg_code == CRITICAL_ERROR ) )
+	{
+		if ( $debug_text != '' )
+		{
+			$msg_text = $msg_text . '<br /><br /><b><u>DEBUG MODE</u></b>' . $debug_text;
+		}
+	}
+
+	if ( $msg_code != CRITICAL_ERROR )
+	{
+		if ( !empty($lang[$msg_text]) )
+		{
+			$msg_text = $lang[$msg_text];
+		}
+
+		if ( !defined('IN_ADMIN') )
+		{
+			$template->set_filenames(array(
+				'message_body' => 'message_body.tpl')
+			);
+		}
+		else
+		{
+			$template->set_filenames(array(
+				'message_body' => 'admin/admin_message_body.tpl')
+			);
+		}
+
+		$template->assign_vars(array(
+			'MESSAGE_TITLE' => $msg_title,
+			'MESSAGE_TEXT' => $msg_text)
+		);
+		$template->pparse('message_body');
+
+		if ( !defined('IN_ADMIN') )
+		{
+			include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
+		}
+		else
+		{
+			include($phpbb_root_path . 'admin/page_footer_admin.'.$phpEx);
+		}
+	}
+	else
+	{
+		echo "<html>\n<body>\n" . $msg_title . "\n<br /><br />\n" . $msg_text . "</body>\n</html>";
+	}
+
+	exit;
+}
+
+//
+// This function is for compatibility with PHP 4.x's realpath()
+// function.  In later versions of PHP, it needs to be called
+// to do checks with some functions.  Older versions of PHP don't
+// seem to need this, so we'll just return the original value.
+// dougk_ff7 <October 5, 2002>
+function phpbb_realpath($path)
+{
+	global $phpbb_root_path, $phpEx;
+
+	return (!@function_exists('realpath') || !@realpath($phpbb_root_path . 'includes/functions.'.$phpEx)) ? $path : @realpath($path);
+}
+
+function redirect($url)
+{
+	global $db, $board_config;
+
+	if (!empty($db))
+	{
+		$db->sql_close();
+	}
+
+	if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
+	{
+		message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
+	}
+
+	$server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
+	$server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name']));
+	$server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : '';
+	$script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path']));
+	$script_name = ($script_name == '') ? $script_name : '/' . $script_name;
+	$url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url));
+
+	// Redirect via an HTML form for PITA webservers
+	if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')))
+	{
+		header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url);
+		echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="refresh" content="0; url=' . $server_protocol . $server_name . $server_port . $script_name . $url . '"><title>Redirect</title></head><body><div align="center">If your browser does not support meta redirection please click <a href="' . $server_protocol . $server_name . $server_port . $script_name . $url . '">HERE</a> to be redirected</div></body></html>';
+		exit;
+	}
+
+	// Behave as per HTTP/1.1 spec for others
+	header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url);
+	exit;
+}
+
+?>

phpBB/includes/functions_admin.php

@@ -0,0 +1,155 @@
+<?php
+/***************************************************************************
+ *                            functions_admin.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ *
+ ***************************************************************************/
+
+//
+// Simple version of jumpbox, just lists authed forums
+//
+function make_forum_select($box_name, $ignore_forum = false, $select_forum = '')
+{
+	global $db, $userdata;
+
+	$is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata);
+
+	$sql = "SELECT forum_id, forum_name
+		FROM " . FORUMS_TABLE . " 
+		ORDER BY cat_id, forum_order";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Couldn not obtain forums information', '', __LINE__, __FILE__, $sql);
+	}
+
+	$forum_list = '';
+	while( $row = $db->sql_fetchrow($result) )
+	{
+		if ( $is_auth_ary[$row['forum_id']]['auth_read'] && $ignore_forum != $row['forum_id'] )
+		{
+			$selected = ( $select_forum == $row['forum_id'] ) ? ' selected="selected"' : '';
+			$forum_list .= '<option value="' . $row['forum_id'] . '"' . $selected .'>' . $row['forum_name'] . '</option>';
+		}
+	}
+
+	$forum_list = ( $forum_list == '' ) ? '<option value="-1">-- ! No Forums ! --</option>' : '<select name="' . $box_name . '">' . $forum_list . '</select>';
+
+	return $forum_list;
+}
+
+//
+// Synchronise functions for forums/topics
+//
+function sync($type, $id = false)
+{
+	global $db;
+
+	switch($type)
+	{
+		case 'all forums':
+			$sql = "SELECT forum_id
+				FROM " . FORUMS_TABLE;
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not get forum IDs', '', __LINE__, __FILE__, $sql);
+			}
+
+			while( $row = $db->sql_fetchrow($result) )
+			{
+				sync('forum', $row['forum_id']);
+			}
+		   	break;
+
+		case 'all topics':
+			$sql = "SELECT topic_id
+				FROM " . TOPICS_TABLE;
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not get topic ID', '', __LINE__, __FILE__, $sql);
+			}
+
+			while( $row = $db->sql_fetchrow($result) )
+			{
+				sync('topic', $row['topic_id']);
+			}
+			break;
+
+	  	case 'forum':
+			$sql = "SELECT MAX(post_id) AS last_post, COUNT(post_id) AS total 
+				FROM " . POSTS_TABLE . "  
+				WHERE forum_id = $id";
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql);
+			}
+
+			if ( $row = $db->sql_fetchrow($result) )
+			{
+				$last_post = ( $row['last_post'] ) ? $row['last_post'] : 0;
+				$total_posts = ($row['total']) ? $row['total'] : 0;
+			}
+			else
+			{
+				$last_post = 0;
+				$total_posts = 0;
+			}
+
+			$sql = "SELECT COUNT(topic_id) AS total
+				FROM " . TOPICS_TABLE . "
+				WHERE forum_id = $id";
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not get topic count', '', __LINE__, __FILE__, $sql);
+			}
+
+			$total_topics = ( $row = $db->sql_fetchrow($result) ) ? ( ( $row['total'] ) ? $row['total'] : 0 ) : 0;
+
+			$sql = "UPDATE " . FORUMS_TABLE . "
+				SET forum_last_post_id = $last_post, forum_posts = $total_posts, forum_topics = $total_topics
+				WHERE forum_id = $id";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not update forum', '', __LINE__, __FILE__, $sql);
+			}
+			break;
+
+		case 'topic':
+			$sql = "SELECT MAX(post_id) AS last_post, MIN(post_id) AS first_post, COUNT(post_id) AS total_posts
+				FROM " . POSTS_TABLE . "
+				WHERE topic_id = $id";
+			if ( !($result = $db->sql_query($sql)) )
+			{
+				message_die(GENERAL_ERROR, 'Could not get post ID', '', __LINE__, __FILE__, $sql);
+			}
+
+			if ( $row = $db->sql_fetchrow($result) )
+			{
+				$sql = ( $row['total_posts'] ) ? "UPDATE " . TOPICS_TABLE . " SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . " WHERE topic_id = $id" : "DELETE FROM " . TOPICS_TABLE . " WHERE topic_id = $id";
+				if ( !$db->sql_query($sql) )
+				{
+					message_die(GENERAL_ERROR, 'Could not update topic', '', __LINE__, __FILE__, $sql);
+				}
+			}
+			break;
+	}
+	
+	return true;
+}
+
+?>

phpBB/includes/functions_post.php

@@ -0,0 +1,862 @@
+<?php
+/***************************************************************************
+ *                            functions_post.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+if (!defined('IN_PHPBB'))
+{
+	die('Hacking attempt');
+}
+
+$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
+$html_entities_replace = array('&amp;', '&lt;', '&gt;');
+
+$unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
+$unhtml_specialchars_replace = array('>', '<', '"', '&');
+
+//
+// This function will prepare a posted message for
+// entry into the database.
+//
+function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
+{
+	global $board_config, $html_entities_match, $html_entities_replace;
+
+	//
+	// Clean up the message
+	//
+	$message = trim($message);
+
+	if ($html_on)
+	{
+		$allowed_html_tags = split(',', $board_config['allow_html_tags']);
+
+		$end_html = 0;
+		$start_html = 1;
+		$tmp_message = '';
+		$message = ' ' . $message . ' ';
+
+		while ($start_html = strpos($message, '<', $start_html))
+		{
+			$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
+
+			if ($end_html = strpos($message, '>', $start_html))
+			{
+				$length = $end_html - $start_html + 1;
+				$hold_string = substr($message, $start_html, $length);
+
+				if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
+				{
+					$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
+					$hold_string = substr($hold_string, $unclosed_open - 1);
+				}
+
+				$tagallowed = false;
+				for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
+				{
+					$match_tag = trim($allowed_html_tags[$i]);
+					if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
+					{
+						$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
+					}
+				}
+
+				$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
+
+				$start_html += $length;
+			}
+			else
+			{
+				$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
+
+				$start_html = strlen($message);
+				$end_html = $start_html;
+			}
+		}
+
+		if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
+		{
+			$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
+		}
+
+		$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
+	}
+	else
+	{
+		$message = preg_replace($html_entities_match, $html_entities_replace, $message);
+	}
+
+	if($bbcode_on && $bbcode_uid != '')
+	{
+		$message = bbencode_first_pass($message, $bbcode_uid);
+	}
+
+	return $message;
+}
+
+function unprepare_message($message)
+{
+	global $unhtml_specialchars_match, $unhtml_specialchars_replace;
+
+	return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message);
+}
+
+//
+// Prepare a message for posting
+// 
+function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length)
+{
+	global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;
+
+	// Check username
+	if (!empty($username))
+	{
+		$username = phpbb_clean_username($username);
+
+		if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username']))
+		{
+			include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
+
+			$result = validate_username($username);
+			if ($result['error'])
+			{
+				$error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg'];
+			}
+		}
+		else
+		{
+			$username = '';
+		}
+	}
+
+	// Check subject
+	if (!empty($subject))
+	{
+		$subject = htmlspecialchars(trim($subject));
+	}
+	else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
+	{
+		$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
+	}
+
+	// Check message
+	if (!empty($message))
+	{
+		$bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : '';
+		$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
+	}
+	else if ($mode != 'delete' && $mode != 'poll_delete') 
+	{
+		$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
+	}
+
+	//
+	// Handle poll stuff
+	//
+	if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
+	{
+		$poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0;
+
+		if (!empty($poll_title))
+		{
+			$poll_title = htmlspecialchars(trim($poll_title));
+		}
+
+		if(!empty($poll_options))
+		{
+			$temp_option_text = array();
+			while(list($option_id, $option_text) = @each($poll_options))
+			{
+				$option_text = trim($option_text);
+				if (!empty($option_text))
+				{
+					$temp_option_text[$option_id] = htmlspecialchars($option_text);
+				}
+			}
+			$option_text = $temp_option_text;
+
+			if (count($poll_options) < 2)
+			{
+				$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
+			}
+			else if (count($poll_options) > $board_config['max_poll_options']) 
+			{
+				$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
+			}
+			else if ($poll_title == '')
+			{
+				$error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
+			}
+		}
+	}
+
+	return;
+}
+
+//
+// Post a new topic/reply/poll or edit existing post/poll
+//
+function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, &$post_username, &$post_subject, &$post_message, &$poll_title, &$poll_options, &$poll_length)
+{
+	global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
+	global $userdata, $user_ip;
+
+	include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
+
+	$current_time = time();
+
+	if ($mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost') 
+	{
+		//
+		// Flood control
+		//
+		$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id'];
+		$sql = "SELECT MAX(post_time) AS last_post_time
+			FROM " . POSTS_TABLE . "
+			WHERE $where_sql";
+		if ($result = $db->sql_query($sql))
+		{
+			if ($row = $db->sql_fetchrow($result))
+			{
+				if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval']))
+				{
+					message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
+				}
+			}
+		}
+	}
+
+	if ($mode == 'editpost')
+	{
+		remove_search_post($post_id);
+	}
+
+	if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
+	{
+		$topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0;
+
+		$sql  = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . " WHERE topic_id = $topic_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+		}
+
+		if ($mode == 'newtopic')
+		{
+			$topic_id = $db->sql_nextid();
+		}
+	}
+
+	$edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : "";
+	$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
+	if (!$db->sql_query($sql, BEGIN_TRANSACTION))
+	{
+		message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+	}
+
+	if ($mode != 'editpost')
+	{
+		$post_id = $db->sql_nextid();
+	}
+
+	$sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message',  bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
+	if (!$db->sql_query($sql))
+	{
+		message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+	}
+
+	add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));
+
+	//
+	// Add poll
+	// 
+	if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2)
+	{
+		$sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+		}
+
+		$delete_option_sql = '';
+		$old_poll_result = array();
+		if ($mode == 'editpost' && $post_data['has_poll'])
+		{
+			$sql = "SELECT vote_option_id, vote_result  
+				FROM " . VOTE_RESULTS_TABLE . " 
+				WHERE vote_id = $poll_id 
+				ORDER BY vote_option_id ASC";
+			if (!($result = $db->sql_query($sql)))
+			{
+				message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
+			}
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$old_poll_result[$row['vote_option_id']] = $row['vote_result'];
+
+				if (!isset($poll_options[$row['vote_option_id']]))
+				{
+					$delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];
+				}
+			}
+		}
+		else
+		{
+			$poll_id = $db->sql_nextid();
+		}
+
+		@reset($poll_options);
+
+		$poll_option_id = 1;
+		while (list($option_id, $option_text) = each($poll_options))
+		{
+			if (!empty($option_text))
+			{
+				$option_text = str_replace("\'", "''", htmlspecialchars($option_text));
+				$poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;
+
+				$sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
+				if (!$db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+				}
+				$poll_option_id++;
+			}
+		}
+
+		if ($delete_option_sql != '')
+		{
+			$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " 
+				WHERE vote_option_id IN ($delete_option_sql) 
+					AND vote_id = $poll_id";
+			if (!$db->sql_query($sql))
+			{
+				message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">';
+	$message = $lang['Stored'] . '<br /><br />' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
+
+	return false;
+}
+
+//
+// Update post stats and details
+//
+function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id)
+{
+	global $db;
+
+	$sign = ($mode == 'delete') ? '- 1' : '+ 1';
+	$forum_update_sql = "forum_posts = forum_posts $sign";
+	$topic_update_sql = '';
+
+	if ($mode == 'delete')
+	{
+		if ($post_data['last_post'])
+		{
+			if ($post_data['first_post'])
+			{
+				$forum_update_sql .= ', forum_topics = forum_topics - 1';
+			}
+			else
+			{
+
+				$topic_update_sql .= 'topic_replies = topic_replies - 1';
+
+				$sql = "SELECT MAX(post_id) AS last_post_id
+					FROM " . POSTS_TABLE . " 
+					WHERE topic_id = $topic_id";
+				if (!($result = $db->sql_query($sql)))
+				{
+					message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+				}
+
+				if ($row = $db->sql_fetchrow($result))
+				{
+					$topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id'];
+				}
+			}
+
+			if ($post_data['last_topic'])
+			{
+				$sql = "SELECT MAX(post_id) AS last_post_id
+					FROM " . POSTS_TABLE . " 
+					WHERE forum_id = $forum_id"; 
+				if (!($result = $db->sql_query($sql)))
+				{
+					message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+				}
+
+				if ($row = $db->sql_fetchrow($result))
+				{
+					$forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0';
+				}
+			}
+		}
+		else if ($post_data['first_post']) 
+		{
+			$sql = "SELECT MIN(post_id) AS first_post_id
+				FROM " . POSTS_TABLE . " 
+				WHERE topic_id = $topic_id";
+			if (!($result = $db->sql_query($sql)))
+			{
+				message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+			}
+
+			if ($row = $db->sql_fetchrow($result))
+			{
+				$topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id'];
+			}
+		}
+		else
+		{
+			$topic_update_sql .= 'topic_replies = topic_replies - 1';
+		}
+	}
+	else if ($mode != 'poll_delete')
+	{
+		$forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : ""); 
+		$topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id");
+	}
+	else 
+	{
+		$topic_update_sql .= 'topic_vote = 0';
+	}
+
+	$sql = "UPDATE " . FORUMS_TABLE . " SET 
+		$forum_update_sql 
+		WHERE forum_id = $forum_id";
+	if (!$db->sql_query($sql))
+	{
+		message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+	}
+
+	if ($topic_update_sql != '')
+	{
+		$sql = "UPDATE " . TOPICS_TABLE . " SET 
+			$topic_update_sql 
+			WHERE topic_id = $topic_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+		}
+	}
+
+	if ($mode != 'poll_delete')
+	{
+		$sql = "UPDATE " . USERS_TABLE . "
+			SET user_posts = user_posts $sign 
+			WHERE user_id = $user_id";
+		if (!$db->sql_query($sql, END_TRANSACTION))
+		{
+			message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
+		}
+	}
+
+	return;
+}
+
+//
+// Delete a post/poll
+//
+function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id)
+{
+	global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
+	global $userdata, $user_ip;
+
+	if ($mode != 'poll_delete')
+	{
+		include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
+
+		$sql = "DELETE FROM " . POSTS_TABLE . " 
+			WHERE post_id = $post_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+		}
+
+		$sql = "DELETE FROM " . POSTS_TEXT_TABLE . " 
+			WHERE post_id = $post_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+		}
+
+		if ($post_data['last_post'])
+		{
+			if ($post_data['first_post'])
+			{
+				$forum_update_sql .= ', forum_topics = forum_topics - 1';
+				$sql = "DELETE FROM " . TOPICS_TABLE . " 
+					WHERE topic_id = $topic_id 
+						OR topic_moved_id = $topic_id";
+				if (!$db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+				}
+
+				$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
+					WHERE topic_id = $topic_id";
+				if (!$db->sql_query($sql))
+				{
+					message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+				}
+			}
+		}
+
+		remove_search_post($post_id);
+	}
+
+	if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll'])
+	{
+		$sql = "DELETE FROM " . VOTE_DESC_TABLE . " 
+			WHERE topic_id = $topic_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
+		}
+
+		$sql = "DELETE FROM " . VOTE_RESULTS_TABLE . " 
+			WHERE vote_id = $poll_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
+		}
+
+		$sql = "DELETE FROM " . VOTE_USERS_TABLE . " 
+			WHERE vote_id = $poll_id";
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
+		}
+	}
+
+	if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post'])
+	{
+		$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $forum_id) . '">';
+		$message = $lang['Deleted'];
+	}
+	else
+	{
+		$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id) . '">';
+		$message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
+	}
+
+	$message .=  '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');
+
+	return;
+}
+
+//
+// Handle user notification on new post
+//
+function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user)
+{
+	global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
+	global $userdata, $user_ip;
+
+	$current_time = time();
+
+	if ($mode == 'delete')
+	{
+		$delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : '';
+		$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql;
+		if (!$db->sql_query($sql))
+		{
+			message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql);
+		}
+	}
+	else 
+	{
+		if ($mode == 'reply')
+		{
+			$sql = "SELECT ban_userid 
+				FROM " . BANLIST_TABLE;
+			if (!($result = $db->sql_query($sql)))
+			{
+				message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql);
+			}
+
+			$user_id_sql = '';
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if (isset($row['ban_userid']) && !empty($row['ban_userid']))
+				{
+					$user_id_sql .= ', ' . $row['ban_userid'];
+				}
+			}
+
+			$sql = "SELECT u.user_id, u.user_email, u.user_lang 
+				FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u 
+				WHERE tw.topic_id = $topic_id 
+					AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ") 
+					AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . " 
+					AND u.user_id = tw.user_id";
+			if (!($result = $db->sql_query($sql)))
+			{
+				message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql);
+			}
+
+			$update_watched_sql = '';
+			$bcc_list_ary = array();
+			
+			if ($row = $db->sql_fetchrow($result))
+			{
+				// Sixty second limit
+				@set_time_limit(60);
+
+				do
+				{
+					if ($row['user_email'] != '')
+					{
+						$bcc_list_ary[$row['user_lang']][] = $row['user_email'];
+					}
+					$update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id'];
+				}
+				while ($row = $db->sql_fetchrow($result));
+
+				//
+				// Let's do some checking to make sure that mass mail functions
+				// are working in win32 versions of php.
+				//
+				if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
+				{
+					$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
+
+					// We are running on windows, force delivery to use our smtp functions
+					// since php's are broken by default
+					$board_config['smtp_delivery'] = 1;
+					$board_config['smtp_host'] = @$ini_val('SMTP');
+				}
+
+				if (sizeof($bcc_list_ary))
+				{
+					include($phpbb_root_path . 'includes/emailer.'.$phpEx);
+					$emailer = new emailer($board_config['smtp_delivery']);
+
+					$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
+					$script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx;
+					$server_name = trim($board_config['server_name']);
+					$server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
+					$server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/';
+
+					$orig_word = array();
+					$replacement_word = array();
+					obtain_word_list($orig_word, $replacement_word);
+
+					$emailer->from($board_config['board_email']);
+					$emailer->replyto($board_config['board_email']);
+
+					$topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title);
+
+					@reset($bcc_list_ary);
+					while (list($user_lang, $bcc_list) = each($bcc_list_ary))
+					{
+						$emailer->use_template('topic_notify', $user_lang);
+		
+						for ($i = 0; $i < count($bcc_list); $i++)
+						{
+							$emailer->bcc($bcc_list[$i]);
+						}
+
+						// The Topic_reply_notification lang string below will be used
+						// if for some reason the mail template subject cannot be read 
+						// ... note it will not necessarily be in the posters own language!
+						$emailer->set_subject($lang['Topic_reply_notification']); 
+						
+						// This is a nasty kludge to remove the username var ... till (if?)
+						// translators update their templates
+						$emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg);
+
+						$emailer->assign_vars(array(
+							'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
+							'SITENAME' => $board_config['sitename'],
+							'TOPIC_TITLE' => $topic_title, 
+
+							'U_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_POST_URL . "=$post_id#$post_id",
+							'U_STOP_WATCHING_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_TOPIC_URL . "=$topic_id&unwatch=topic")
+						);
+
+						$emailer->send();
+						$emailer->reset();
+					}
+				}
+			}
+			$db->sql_freeresult($result);
+
+			if ($update_watched_sql != '')
+			{
+				$sql = "UPDATE " . TOPICS_WATCH_TABLE . "
+					SET notify_status = " . TOPIC_WATCH_NOTIFIED . "
+					WHERE topic_id = $topic_id
+						AND user_id IN ($update_watched_sql)";
+				$db->sql_query($sql);
+			}
+		}
+
+		$sql = "SELECT topic_id 
+			FROM " . TOPICS_WATCH_TABLE . "
+			WHERE topic_id = $topic_id
+				AND user_id = " . $userdata['user_id'];
+		if (!($result = $db->sql_query($sql)))
+		{
+			message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql);
+		}
+
+		$row = $db->sql_fetchrow($result);
+
+		if (!$notify_user && !empty($row['topic_id']))
+		{
+			$sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
+				WHERE topic_id = $topic_id
+					AND user_id = " . $userdata['user_id'];
+			if (!$db->sql_query($sql))
+			{
+				message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql);
+			}
+		}
+		else if ($notify_user && empty($row['topic_id']))
+		{
+			$sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)
+				VALUES (" . $userdata['user_id'] . ", $topic_id, 0)";
+			if (!$db->sql_query($sql))
+			{
+				message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+}
+
+//
+// Fill smiley templates (or just the variables) with smileys
+// Either in a window or inline
+//
+function generate_smilies($mode, $page_id)
+{
+	global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
+	global $user_ip, $session_length, $starttime;
+	global $userdata;
+
+	$inline_columns = 4;
+	$inline_rows = 5;
+	$window_columns = 8;
+
+	if ($mode == 'window')
+	{
+		$userdata = session_pagestart($user_ip, $page_id);
+		init_userprefs($userdata);
+
+		$gen_simple_header = TRUE;
+
+		$page_title = $lang['Emoticons'] . " - $topic_title";
+		include($phpbb_root_path . 'includes/page_header.'.$phpEx);
+
+		$template->set_filenames(array(
+			'smiliesbody' => 'posting_smilies.tpl')
+		);
+	}
+
+	$sql = "SELECT emoticon, code, smile_url   
+		FROM " . SMILIES_TABLE . " 
+		ORDER BY smilies_id";
+	if ($result = $db->sql_query($sql))
+	{
+		$num_smilies = 0;
+		$rowset = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			if (empty($rowset[$row['smile_url']]))
+			{
+				$rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code']));
+				$rowset[$row['smile_url']]['emoticon'] = $row['emoticon'];
+				$num_smilies++;
+			}
+		}
+
+		if ($num_smilies)
+		{
+			$smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies;
+			$smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1;
+
+			$s_colspan = 0;
+			$row = 0;
+			$col = 0;
+
+			while (list($smile_url, $data) = @each($rowset))
+			{
+				if (!$col)
+				{
+					$template->assign_block_vars('smilies_row', array());
+				}
+
+				$template->assign_block_vars('smilies_row.smilies_col', array(
+					'SMILEY_CODE' => $data['code'],
+					'SMILEY_IMG' => $board_config['smilies_path'] . '/' . $smile_url,
+					'SMILEY_DESC' => $data['emoticon'])
+				);
+
+				$s_colspan = max($s_colspan, $col + 1);
+
+				if ($col == $smilies_split_row)
+				{
+					if ($mode == 'inline' && $row == $inline_rows - 1)
+					{
+						break;
+					}
+					$col = 0;
+					$row++;
+				}
+				else
+				{
+					$col++;
+				}
+			}
+
+			if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns)
+			{
+				$template->assign_block_vars('switch_smilies_extra', array());
+
+				$template->assign_vars(array(
+					'L_MORE_SMILIES' => $lang['More_emoticons'], 
+					'U_MORE_SMILIES' => append_sid("posting.$phpEx?mode=smilies"))
+				);
+			}
+
+			$template->assign_vars(array(
+				'L_EMOTICONS' => $lang['Emoticons'], 
+				'L_CLOSE_WINDOW' => $lang['Close_window'], 
+				'S_SMILIES_COLSPAN' => $s_colspan)
+			);
+		}
+	}
+
+	if ($mode == 'window')
+	{
+		$template->pparse('smiliesbody');
+
+		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
+	}
+}
+
+?>

phpBB/includes/functions_search.php

@@ -0,0 +1,498 @@
+<?php
+/***************************************************************************
+*                              functions_search.php
+*                              -------------------
+*     begin                : Wed Sep 05 2001
+*     copyright            : (C) 2002 The phpBB Group
+*     email                : support@phpbb.com
+*
+*     $Id$
+*
+****************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+function clean_words($mode, &$entry, &$stopword_list, &$synonym_list)
+{
+	static $drop_char_match =   array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!');
+	static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '',  '',   ' ', ' ', ' ', ' ', '',  ' ', ' ', '',  ' ',  ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ',  ' ', ' ');
+
+	$entry = ' ' . strip_tags(strtolower($entry)) . ' ';
+
+	if ( $mode == 'post' )
+	{
+		// Replace line endings by a space
+		$entry = preg_replace('/[\n\r]/is', ' ', $entry); 
+		// HTML entities like &nbsp;
+		$entry = preg_replace('/\b&[a-z]+;\b/', ' ', $entry); 
+		// Remove URL's
+		$entry = preg_replace('/\b[a-z0-9]+:\/\/[a-z0-9\.\-]+(\/[a-z0-9\?\.%_\-\+=&\/]+)?/', ' ', $entry); 
+		// Quickly remove BBcode.
+		$entry = preg_replace('/\[img:[a-z0-9]{10,}\].*?\[\/img:[a-z0-9]{10,}\]/', ' ', $entry); 
+		$entry = preg_replace('/\[\/?url(=.*?)?\]/', ' ', $entry);
+		$entry = preg_replace('/\[\/?[a-z\*=\+\-]+(\:?[0-9a-z]+)?:[a-z0-9]{10,}(\:[a-z0-9]+)?=?.*?\]/', ' ', $entry);
+	}
+	else if ( $mode == 'search' ) 
+	{
+		$entry = str_replace(' +', ' and ', $entry);
+		$entry = str_replace(' -', ' not ', $entry);
+	}
+
+	//
+	// Filter out strange characters like ^, $, &, change "it's" to "its"
+	//
+	for($i = 0; $i < count($drop_char_match); $i++)
+	{
+		$entry =  str_replace($drop_char_match[$i], $drop_char_replace[$i], $entry);
+	}
+
+	if ( $mode == 'post' )
+	{
+		$entry = str_replace('*', ' ', $entry);
+
+		// 'words' that consist of <3 or >20 characters are removed.
+		$entry = preg_replace('/[ ]([\S]{1,2}|[\S]{21,})[ ]/',' ', $entry);
+	}
+
+	if ( !empty($stopword_list) )
+	{
+		for ($j = 0; $j < count($stopword_list); $j++)
+		{
+			$stopword = trim($stopword_list[$j]);
+
+			if ( $mode == 'post' || ( $stopword != 'not' && $stopword != 'and' && $stopword != 'or' ) )
+			{
+				$entry = str_replace(' ' . trim($stopword) . ' ', ' ', $entry);
+			}
+		}
+	}
+
+	if ( !empty($synonym_list) )
+	{
+		for ($j = 0; $j < count($synonym_list); $j++)
+		{
+			list($replace_synonym, $match_synonym) = split(' ', trim(strtolower($synonym_list[$j])));
+			if ( $mode == 'post' || ( $match_synonym != 'not' && $match_synonym != 'and' && $match_synonym != 'or' ) )
+			{
+				$entry =  str_replace(' ' . trim($match_synonym) . ' ', ' ' . trim($replace_synonym) . ' ', $entry);
+			}
+		}
+	}
+
+	return $entry;
+}
+
+function split_words(&$entry, $mode = 'post')
+{
+	// If you experience problems with the new method, uncomment this block.
+/*	
+	$rex = ( $mode == 'post' ) ? "/\b([\w<><77>-<2D>][\w<><77>-<2D>']*[\w<><77>-<2D>]+|[\w<><77>-<2D>]+?)\b/" : '/(\*?[a-z0-9<><39>-<2D>]+\*?)|\b([a-z0-9<><39>-<2D>]+)\b/';
+	preg_match_all($rex, $entry, $split_entries);
+
+	return $split_entries[1];
+*/
+	// Trim 1+ spaces to one space and split this trimmed string into words.
+	return explode(' ', trim(preg_replace('#\s+#', ' ', $entry)));
+}
+
+function add_search_words($mode, $post_id, $post_text, $post_title = '')
+{
+	global $db, $phpbb_root_path, $board_config, $lang;
+
+	$stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); 
+	$synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); 
+
+	$search_raw_words = array();
+	$search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array));
+	$search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array));
+
+	@set_time_limit(0);
+
+	$word = array();
+	$word_insert_sql = array();
+	while ( list($word_in, $search_matches) = @each($search_raw_words) )
+	{
+		$word_insert_sql[$word_in] = '';
+		if ( !empty($search_matches) )
+		{
+			for ($i = 0; $i < count($search_matches); $i++)
+			{ 
+				$search_matches[$i] = trim($search_matches[$i]);
+
+				if( $search_matches[$i] != '' ) 
+				{
+					$word[] = $search_matches[$i];
+					if ( !strstr($word_insert_sql[$word_in], "'" . $search_matches[$i] . "'") )
+					{
+						$word_insert_sql[$word_in] .= ( $word_insert_sql[$word_in] != "" ) ? ", '" . $search_matches[$i] . "'" : "'" . $search_matches[$i] . "'";
+					}
+				} 
+			}
+		}
+	}
+
+	if ( count($word) )
+	{
+		sort($word);
+
+		$prev_word = '';
+		$word_text_sql = '';
+		$temp_word = array();
+		for($i = 0; $i < count($word); $i++)
+		{
+			if ( $word[$i] != $prev_word )
+			{
+				$temp_word[] = $word[$i];
+				$word_text_sql .= ( ( $word_text_sql != '' ) ? ', ' : '' ) . "'" . $word[$i] . "'";
+			}
+			$prev_word = $word[$i];
+		}
+		$word = $temp_word;
+
+		$check_words = array();
+		switch( SQL_LAYER )
+		{
+			case 'postgresql':
+			case 'msaccess':
+			case 'mssql-odbc':
+			case 'oracle':
+			case 'db2':
+				$sql = "SELECT word_id, word_text     
+					FROM " . SEARCH_WORD_TABLE . " 
+					WHERE word_text IN ($word_text_sql)";
+				if ( !($result = $db->sql_query($sql)) )
+				{
+					message_die(GENERAL_ERROR, 'Could not select words', '', __LINE__, __FILE__, $sql);
+				}
+
+				while ( $row = $db->sql_fetchrow($result) )
+				{
+					$check_words[$row['word_text']] = $row['word_id'];
+				}
+				break;
+		}
+
+		$value_sql = '';
+		$match_word = array();
+		for ($i = 0; $i < count($word); $i++)
+		{ 
+			$new_match = true;
+			if ( isset($check_words[$word[$i]]) )
+			{
+				$new_match = false;
+			}
+
+			if ( $new_match )
+			{
+				switch( SQL_LAYER )
+				{
+					case 'mysql':
+					case 'mysql4':
+						$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)';
+						break;
+					case 'mssql':
+					case 'mssql-odbc':
+						$value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "', 0";
+						break;
+					default:
+						$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) 
+							VALUES ('" . $word[$i] . "', 0)"; 
+						if( !$db->sql_query($sql) )
+						{
+							message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql);
+						}
+						break;
+				}
+			}
+		}
+
+		if ( $value_sql != '' )
+		{
+			switch ( SQL_LAYER )
+			{
+				case 'mysql':
+				case 'mysql4':
+					$sql = "INSERT IGNORE INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) 
+						VALUES $value_sql"; 
+					break;
+				case 'mssql':
+				case 'mssql-odbc':
+					$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) 
+						$value_sql"; 
+					break;
+			}
+
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	while( list($word_in, $match_sql) = @each($word_insert_sql) )
+	{
+		$title_match = ( $word_in == 'title' ) ? 1 : 0;
+
+		if ( $match_sql != '' )
+		{
+			$sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match) 
+				SELECT $post_id, word_id, $title_match  
+					FROM " . SEARCH_WORD_TABLE . " 
+					WHERE word_text IN ($match_sql)"; 
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not insert new word matches', '', __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	if ($mode == 'single')
+	{
+		remove_common('single', 4/10, $word);
+	}
+
+	return;
+}
+
+//
+// Check if specified words are too common now
+//
+function remove_common($mode, $fraction, $word_id_list = array())
+{
+	global $db;
+
+	$sql = "SELECT COUNT(post_id) AS total_posts 
+		FROM " . POSTS_TABLE;
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Could not obtain post count', '', __LINE__, __FILE__, $sql);
+	}
+
+	$row = $db->sql_fetchrow($result);
+
+	if ( $row['total_posts'] >= 100 )
+	{
+		$common_threshold = floor($row['total_posts'] * $fraction);
+
+		if ( $mode == 'single' && count($word_id_list) )
+		{
+			$word_id_sql = '';
+			for($i = 0; $i < count($word_id_list); $i++)
+			{
+				$word_id_sql .= ( ( $word_id_sql != '' ) ? ', ' : '' ) . "'" . $word_id_list[$i] . "'";
+			}
+
+			$sql = "SELECT m.word_id 
+				FROM " . SEARCH_MATCH_TABLE . " m, " . SEARCH_WORD_TABLE . " w 
+				WHERE w.word_text IN ($word_id_sql)  
+					AND m.word_id = w.word_id 
+				GROUP BY m.word_id 
+				HAVING COUNT(m.word_id) > $common_threshold";
+		}
+		else 
+		{
+			$sql = "SELECT word_id 
+				FROM " . SEARCH_MATCH_TABLE . " 
+				GROUP BY word_id 
+				HAVING COUNT(word_id) > $common_threshold";
+		}
+
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Could not obtain common word list', '', __LINE__, __FILE__, $sql);
+		}
+
+		$common_word_id = '';
+		while ( $row = $db->sql_fetchrow($result) )
+		{
+			$common_word_id .= ( ( $common_word_id != '' ) ? ', ' : '' ) . $row['word_id'];
+		}
+		$db->sql_freeresult($result);
+
+		if ( $common_word_id != '' )
+		{
+			$sql = "UPDATE " . SEARCH_WORD_TABLE . "
+				SET word_common = " . TRUE . " 
+				WHERE word_id IN ($common_word_id)";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not delete word list entry', '', __LINE__, __FILE__, $sql);
+			}
+
+			$sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "  
+				WHERE word_id IN ($common_word_id)";
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not delete word match entry', '', __LINE__, __FILE__, $sql);
+			}
+		}
+	}
+
+	return;
+}
+
+function remove_search_post($post_id_sql)
+{
+	global $db;
+
+	$words_removed = false;
+
+	switch ( SQL_LAYER )
+	{
+		case 'mysql':
+		case 'mysql4':
+			$sql = "SELECT word_id 
+				FROM " . SEARCH_MATCH_TABLE . " 
+				WHERE post_id IN ($post_id_sql) 
+				GROUP BY word_id";
+			if ( $result = $db->sql_query($sql) )
+			{
+				$word_id_sql = '';
+				while ( $row = $db->sql_fetchrow($result) )
+				{
+					$word_id_sql .= ( $word_id_sql != '' ) ? ', ' . $row['word_id'] : $row['word_id']; 
+				}
+
+				$sql = "SELECT word_id 
+					FROM " . SEARCH_MATCH_TABLE . " 
+					WHERE word_id IN ($word_id_sql) 
+					GROUP BY word_id 
+					HAVING COUNT(word_id) = 1";
+				if ( $result = $db->sql_query($sql) )
+				{
+					$word_id_sql = '';
+					while ( $row = $db->sql_fetchrow($result) )
+					{
+						$word_id_sql .= ( $word_id_sql != '' ) ? ', ' . $row['word_id'] : $row['word_id']; 
+					}
+
+					if ( $word_id_sql != '' )
+					{
+						$sql = "DELETE FROM " . SEARCH_WORD_TABLE . " 
+							WHERE word_id IN ($word_id_sql)";
+						if ( !$db->sql_query($sql) )
+						{
+							message_die(GENERAL_ERROR, 'Could not delete word list entry', '', __LINE__, __FILE__, $sql);
+						}
+
+						$words_removed = $db->sql_affectedrows();
+					}
+				}
+			}
+			break;
+
+		default:
+			$sql = "DELETE FROM " . SEARCH_WORD_TABLE . " 
+				WHERE word_id IN ( 
+					SELECT word_id 
+					FROM " . SEARCH_MATCH_TABLE . " 
+					WHERE word_id IN ( 
+						SELECT word_id 
+						FROM " . SEARCH_MATCH_TABLE . " 
+						WHERE post_id IN ($post_id_sql) 
+						GROUP BY word_id 
+					) 
+					GROUP BY word_id 
+					HAVING COUNT(word_id) = 1
+				)"; 
+			if ( !$db->sql_query($sql) )
+			{
+				message_die(GENERAL_ERROR, 'Could not delete old words from word table', '', __LINE__, __FILE__, $sql);
+			}
+
+			$words_removed = $db->sql_affectedrows();
+
+			break;
+	}
+
+	$sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "  
+		WHERE post_id IN ($post_id_sql)";
+	if ( !$db->sql_query($sql) )
+	{
+		message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
+	}
+
+	return $words_removed;
+}
+
+//
+// Username search
+//
+function username_search($search_match)
+{
+	global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
+	global $starttime, $gen_simple_header;
+	
+	$gen_simple_header = TRUE;
+
+	$username_list = '';
+	if ( !empty($search_match) )
+	{
+		$username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match));
+
+		$sql = "SELECT username 
+			FROM " . USERS_TABLE . " 
+			WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' AND user_id <> " . ANONYMOUS . "
+			ORDER BY username";
+		if ( !($result = $db->sql_query($sql)) )
+		{
+			message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql);
+		}
+
+		if ( $row = $db->sql_fetchrow($result) )
+		{
+			do
+			{
+				$username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>';
+			}
+			while ( $row = $db->sql_fetchrow($result) );
+		}
+		else
+		{
+			$username_list .= '<option>' . $lang['No_match']. '</option>';
+		}
+		$db->sql_freeresult($result);
+	}
+
+	$page_title = $lang['Search'];
+	include($phpbb_root_path . 'includes/page_header.'.$phpEx);
+
+	$template->set_filenames(array(
+		'search_user_body' => 'search_username.tpl')
+	);
+
+	$template->assign_vars(array(
+		'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '', 
+
+		'L_CLOSE_WINDOW' => $lang['Close_window'], 
+		'L_SEARCH_USERNAME' => $lang['Find_username'], 
+		'L_UPDATE_USERNAME' => $lang['Select_username'], 
+		'L_SELECT' => $lang['Select'], 
+		'L_SEARCH' => $lang['Search'], 
+		'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 
+		'L_CLOSE_WINDOW' => $lang['Close_window'], 
+
+		'S_USERNAME_OPTIONS' => $username_list, 
+		'S_SEARCH_ACTION' => append_sid("search.$phpEx?mode=searchuser"))
+	);
+
+	if ( $username_list != '' )
+	{
+		$template->assign_block_vars('switch_select_name', array());
+	}
+
+	$template->pparse('search_user_body');
+
+	include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
+
+	return;
+}
+
+?>

phpBB/includes/functions_selects.php

@@ -0,0 +1,111 @@
+<?php
+/***************************************************************************
+ *                            function_selects.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ *
+ ***************************************************************************/
+
+//
+// Pick a language, any language ...
+//
+function language_select($default, $select_name = "language", $dirname="language")
+{
+	global $phpEx, $phpbb_root_path;
+
+	$dir = opendir($phpbb_root_path . $dirname);
+
+	$lang = array();
+	while ( $file = readdir($dir) )
+	{
+		if (preg_match('#^lang_#i', $file) && !is_file(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file)) && !is_link(@phpbb_realpath($phpbb_root_path . $dirname . '/' . $file)))
+		{
+			$filename = trim(str_replace("lang_", "", $file));
+			$displayname = preg_replace("/^(.*?)_(.*)$/", "\\1 [ \\2 ]", $filename);
+			$displayname = preg_replace("/\[(.*?)_(.*)\]/", "[ \\1 - \\2 ]", $displayname);
+			$lang[$displayname] = $filename;
+		}
+	}
+
+	closedir($dir);
+
+	@asort($lang);
+	@reset($lang);
+
+	$lang_select = '<select name="' . $select_name . '">';
+	while ( list($displayname, $filename) = @each($lang) )
+	{
+		$selected = ( strtolower($default) == strtolower($filename) ) ? ' selected="selected"' : '';
+		$lang_select .= '<option value="' . $filename . '"' . $selected . '>' . ucwords($displayname) . '</option>';
+	}
+	$lang_select .= '</select>';
+
+	return $lang_select;
+}
+
+//
+// Pick a template/theme combo, 
+//
+function style_select($default_style, $select_name = "style", $dirname = "templates")
+{
+	global $db;
+
+	$sql = "SELECT themes_id, style_name
+		FROM " . THEMES_TABLE . "
+		ORDER BY template_name, themes_id";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, "Couldn't query themes table", "", __LINE__, __FILE__, $sql);
+	}
+
+	$style_select = '<select name="' . $select_name . '">';
+	while ( $row = $db->sql_fetchrow($result) )
+	{
+		$selected = ( $row['themes_id'] == $default_style ) ? ' selected="selected"' : '';
+
+		$style_select .= '<option value="' . $row['themes_id'] . '"' . $selected . '>' . $row['style_name'] . '</option>';
+	}
+	$style_select .= "</select>";
+
+	return $style_select;
+}
+
+//
+// Pick a timezone
+//
+function tz_select($default, $select_name = 'timezone')
+{
+	global $sys_timezone, $lang;
+
+	if ( !isset($default) )
+	{
+		$default == $sys_timezone;
+	}
+	$tz_select = '<select name="' . $select_name . '">';
+
+	while( list($offset, $zone) = @each($lang['tz']) )
+	{
+		$selected = ( $offset == $default ) ? ' selected="selected"' : '';
+		$tz_select .= '<option value="' . $offset . '"' . $selected . '>' . $zone . '</option>';
+	}
+	$tz_select .= '</select>';
+
+	return $tz_select;
+}
+
+?>

phpBB/includes/functions_validate.php

@@ -0,0 +1,207 @@
+<?php
+/***************************************************************************
+ *                          functions_validate.php
+ *                            -------------------
+ *   begin                : Saturday, Feb 13, 2001
+ *   copyright            : (C) 2001 The phpBB Group
+ *   email                : support@phpbb.com
+ *
+ *   $Id$
+ *
+ *
+ ***************************************************************************/
+
+/***************************************************************************
+ *
+ *   This program is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ ***************************************************************************/
+
+//
+// Check to see if the username has been taken, or if it is disallowed.
+// Also checks if it includes the " character, which we don't allow in usernames.
+// Used for registering, changing names, and posting anonymously with a username
+//
+function validate_username($username)
+{
+	global $db, $lang, $userdata;
+
+	// Remove doubled up spaces
+	$username = preg_replace('#\s+#', ' ', $username); 
+	// Limit username length
+	$username = substr(str_replace("\'", "'", $username), 0, 25);
+	$username = str_replace("'", "''", $username);
+
+	$sql = "SELECT username 
+		FROM " . USERS_TABLE . " 
+		WHERE LOWER(username) = '" . strtolower($username) . "'";
+	if ($result = $db->sql_query($sql))
+	{
+		if ($row = $db->sql_fetchrow($result))
+		{
+			if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
+			{
+				$db->sql_freeresult($result);
+				return array('error' => true, 'error_msg' => $lang['Username_taken']);
+			}
+		}
+	}
+	$db->sql_freeresult($result);
+
+	$sql = "SELECT group_name
+		FROM " . GROUPS_TABLE . " 
+		WHERE LOWER(group_name) = '" . strtolower($username) . "'";
+	if ($result = $db->sql_query($sql))
+	{
+		if ($row = $db->sql_fetchrow($result))
+		{
+			$db->sql_freeresult($result);
+			return array('error' => true, 'error_msg' => $lang['Username_taken']);
+		}
+	}
+	$db->sql_freeresult($result);
+
+	$sql = "SELECT disallow_username
+		FROM " . DISALLOW_TABLE;
+	if ($result = $db->sql_query($sql))
+	{
+		if ($row = $db->sql_fetchrow($result))
+		{
+			do
+			{
+				if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
+				{
+					$db->sql_freeresult($result);
+					return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
+				}
+			}
+			while($row = $db->sql_fetchrow($result));
+		}
+	}
+	$db->sql_freeresult($result);
+
+	$sql = "SELECT word 
+		FROM  " . WORDS_TABLE;
+	if ($result = $db->sql_query($sql))
+	{
+		if ($row = $db->sql_fetchrow($result))
+		{
+			do
+			{
+				if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
+				{
+					$db->sql_freeresult($result);
+					return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
+				}
+			}
+			while ($row = $db->sql_fetchrow($result));
+		}
+	}
+	$db->sql_freeresult($result);
+
+	// Don't allow " and ALT-255 in username.
+	if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)))
+	{
+		return array('error' => true, 'error_msg' => $lang['Username_invalid']);
+	}
+
+	return array('error' => false, 'error_msg' => '');
+}
+
+//
+// Check to see if email address is banned
+// or already present in the DB
+//
+function validate_email($email)
+{
+	global $db, $lang;
+
+	if ($email != '')
+	{
+		if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
+		{
+			$sql = "SELECT ban_email
+				FROM " . BANLIST_TABLE;
+			if ($result = $db->sql_query($sql))
+			{
+				if ($row = $db->sql_fetchrow($result))
+				{
+					do
+					{
+						$match_email = str_replace('*', '.*?', $row['ban_email']);
+						if (preg_match('/^' . $match_email . '$/is', $email))
+						{
+							$db->sql_freeresult($result);
+							return array('error' => true, 'error_msg' => $lang['Email_banned']);
+						}
+					}
+					while($row = $db->sql_fetchrow($result));
+				}
+			}
+			$db->sql_freeresult($result);
+
+			$sql = "SELECT user_email
+				FROM " . USERS_TABLE . "
+				WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
+			if (!($result = $db->sql_query($sql)))
+			{
+				message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
+			}
+		
+			if ($row = $db->sql_fetchrow($result))
+			{
+				return array('error' => true, 'error_msg' => $lang['Email_taken']);
+			}
+			$db->sql_freeresult($result);
+
+			return array('error' => false, 'error_msg' => '');
+		}
+	}
+
+	return array('error' => true, 'error_msg' => $lang['Email_invalid']);
+}
+
+//
+// Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
+// to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
+//
+function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
+{
+	$check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
+
+	for($i = 0; $i < count($check_var_length); $i++)
+	{
+		if (strlen($$check_var_length[$i]) < 2)
+		{
+			$$check_var_length[$i] = '';
+		}
+	}
+
+	// ICQ number has to be only numbers.
+	if (!preg_match('/^[0-9]+$/', $icq))
+	{
+		$icq = '';
+	}
+	
+	// website has to start with http://, followed by something with length at least 3 that
+	// contains at least one dot.
+	if ($website != "")
+	{
+		if (!preg_match('#^http[s]?:\/\/#i', $website))
+		{
+			$website = 'http://' . $website;
+		}
+
+		if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
+		{
+			$website = '';
+		}
+	}
+
+	return;
+}
+
+?>

phpBB/includes/index.htm

@@ -0,0 +1,10 @@
+<html>
+<head>
+<title></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#FFFFFF" text="#000000">
+
+</body>
+</html>