This is a mass commit ... expect trouble! Changes made here are primarily to how login is handled, schema changes necessary!

git-svn-id: file:///svn/phpbb/trunk@4970 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2004-09-01 15:47:46 +00:00 · 2004-09-01 15:47:46 +00:00 · 070cbefa46
commit 070cbefa46
parent 3c8e36b458
27 changed files with 1785 additions and 2654 deletions
--- a/phpBB/adm/pagestart.php
+++ b/phpBB/adm/pagestart.php
@ -11,27 +11,40 @@
 //
 // -------------------------------------------------------------
-if (!defined('IN_PHPBB') || !isset($phpbb_root_path))
+if (!defined('IN_PHPBB'))
 {
-	die('Hacking attempt');
+	exit;
 }
 define('NEED_SID', true);
 define('IN_ADMIN', true);
 require($phpbb_root_path . 'common.'.$phpEx);
 require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
 // Start session management
 $user->start();
 $auth->acl($user->data);
 $user->setup('admin');
 // End session management
 // Did user forget to login? Give 'em a chance to here ...
 if ($user->data['user_id'] == ANONYMOUS)
 {
-	login_box("./adm/index.$phpEx$SID", '', $user->lang['LOGIN_ADMIN']);
+	login_box('', $user->lang['LOGIN_ADMIN'], $user->lang['LOGIN_ADMIN_SUCCESS'], true);
 }
-$auth->acl($user->data);
+// Have they authenticated (again) as an admin for this session?
-$user->setup('admin');
+if (!$user->data['session_admin'])
-// End session management
+{
 	login_box('', $user->lang['LOGIN_ADMIN_CONFIRM'], $user->lang['LOGIN_ADMIN_SUCCESS'], true, false);
 }
 // Is user any type of admin? No, then stop here, each script needs to
 // check specific permissions but this is a catchall
 if (!$auth->acl_get('a_'))
 {
 	trigger_error($user->lang['NO_ADMIN']);
 }
 // Some oft used variables
 $safe_mode	= (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
@ -257,6 +270,68 @@ function adm_page_confirm($title, $message)
 }
 function build_cfg_template($tpl_type, $config_key, $options = '')
 {
 	global $new, $user;
 	$tpl = '';
 	$name = 'config[' . $config_key . ']';
 	switch ($tpl_type[0])
 	{
 		case 'text':
 		case 'password':
 			$size = (int) $tpl_type[1];
 			$maxlength = (int) $tpl_type[2];
 			$tpl = '<input class="post" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '" />';
 			break;
 		case 'dimension':
 			$size = (int) $tpl_type[1];
 			$maxlength = (int) $tpl_type[2];
 			$tpl = '<input class="post" type="text"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" /> x <input class="post" type="text"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" />';
 			break;
 		case 'textarea':
 			$rows = (int) $tpl_type[1];
 			$cols = (int) $tpl_type[2];
 			$tpl = '<textarea name="' . $name . '" rows="' . $rows . '" cols="' . $cols . '">' . $new[$config_key] . '</textarea>';
 			break;
 		case 'radio':
 			$key_yes	= ($new[$config_key]) ? ' checked="checked"' : '';
 			$key_no		= (!$new[$config_key]) ? ' checked="checked"' : '';
 			$tpl_type_cond = explode('_', $tpl_type[1]);
 			$type_no = ($tpl_type_cond[0] == 'disabled' || $tpl_type_cond[0] == 'enabled') ? false : true;
 			$tpl_no = '<input type="radio" name="' . $name . '" value="0"' . $key_no . ' />' . (($type_no) ? $user->lang['NO'] : $user->lang['DISABLED']);
 			$tpl_yes = '<input type="radio" name="' . $name . '" value="1"' . $key_yes . ' />' . (($type_no) ? $user->lang['YES'] : $user->lang['ENABLED']);
 			$tpl = ($tpl_type_cond[0] == 'yes' || $tpl_type_cond[0] == 'enabled') ? $tpl_yes . '&nbsp;&nbsp;' . $tpl_no : $tpl_no . '&nbsp;&nbsp;' . $tpl_yes;
 			break;
 		case 'select':
 			eval('$s_options = ' . str_replace('{VALUE}', $new[$config_key], $options) . ';');
 			$tpl = '<select name="' . $name . '">' . $s_options . '</select>';
 			break;
 		case 'custom':
 			eval('$tpl = ' . str_replace('{VALUE}', $new[$config_key], $options) . ';');
 			break;
 		default:
 			break;
 	}
 	return $tpl;
 }
 // General ACP module class
 class module
 {
--- a/phpBB/common.php
+++ b/phpBB/common.php
@ -13,7 +13,7 @@
 if (!defined('IN_PHPBB'))
 {
-	die('Hacking attempt');
+	exit;
 }
 $starttime = explode(' ', microtime());
--- a/phpBB/groupcp.php
+++ b/phpBB/groupcp.php
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -293,7 +293,7 @@ function get_moderators(&$forum_moderators, $forum_id = false)
 	while ($row = $db->sql_fetchrow($result))
 	{
-		$forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="memberlist.' . $phpEx . $SID . '&amp;mode=viewprofile&amp;u=' . $row['user_id'] . '">' . $row['username'] . '</a>' : '<a href="groupcp.' . $phpEx . $SID . '&amp;g=' . $row['group_id'] . '">' . $row['groupname'] . '</a>';
+		$forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="memberlist.' . $phpEx . $SID . '&amp;mode=viewprofile&amp;u=' . $row['user_id'] . '">' . $row['username'] . '</a>' : '<a href="memberlist.' . $phpEx . $SID . '&amp;mode=group&amp;g=' . $row['group_id'] . '">' . $row['groupname'] . '</a>';
 	}
 	$db->sql_freeresult($result);
@ -601,7 +601,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
 		{
 			if ($_GET['unwatch'] == $mode)
 			{
-				login_box($user->cur_page);
+				login_box();
 			}
 		}
 		else
@ -1139,25 +1139,28 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 }
 // Generate login box or verify password
-function login_box($s_action, $s_hidden_fields = '', $login_explain = '', $ucp_login = false)
+function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
 {
 	global $SID, $db, $user, $template, $auth, $phpEx, $phpbb_root_path;
 	$err = '';
 	if (isset($_POST['login']))
 	{
 		$username	= request_var('username', '');
 		$password	= request_var('password', '');
 		$autologin	= (!empty($_POST['autologin'])) ? TRUE : FALSE;
 		$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
 		$admin 		= ($admin) ? 1 : 0;
-		if (($result = $auth->login($username, $password, $autologin, $viewonline)) === true)
+		// If authentication is successful we redirect user to previous page
 		if (($result = $auth->login($username, $password, $autologin, $viewonline, $admin)) === true)
 		{
-			// TODO
+			$redirect = request_var('redirect', "index.$phpEx$SID");
-			// Force change password ... plugin for EVENT_LOGIN in future
+			meta_refresh(3, $redirect);
 			// but for now we'll do it here
-			return true;
+			$message = (($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT']) . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> ');
 			trigger_error($message);
 		}
 		// If we get a non-numeric (e.g. string) value we output an error
@ -1170,19 +1173,35 @@ function login_box($s_action, $s_hidden_fields = '', $login_explain = '', $ucp_l
 		$err = ($result === 0) ? $user->lang['ACTIVE_ERROR'] :  $user->lang['LOGIN_ERROR'];
 	}
-	$s_hidden_fields .= ($ucp_login && !empty($_SERVER['HTTP_REFERER'])) ? '<input type="hidden" name="redirect" value="' . htmlspecialchars($_SERVER['HTTP_REFERER']) . '" />' : '<input type="hidden" name="redirect" value="' . $s_action . '" />';
+	if (!$redirect)
 	{
 		$split_page = array();
 		preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?(.*?)$#i', $user->page, $split_page, PREG_SET_ORDER);
 		// No script name set? Assume index
 		if (empty($split_page[0][1]))
 		{
 			$split_page[0][1] = 'index';
 		}
 		// Current page correctly formatted for (login) redirects
 		$redirect = htmlspecialchars($split_page[0][1] . '.' . $phpEx . $SID . ((!empty($split_page[0][2])) ? '&' . $split_page[0][2] : ''));
 	}
 	$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $redirect . '" />';
 	$s_hidden_fields .= '<input type="hidden" name="sid" value="' . $SID . '" />';
 	$template->assign_vars(array(
 		'LOGIN_ERROR'		=> $err,
-		'LOGIN_EXPLAIN'		=> $login_explain, 
+		'LOGIN_EXPLAIN'		=> $l_explain,
 		'U_SEND_PASSWORD' 	=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=sendpassword",
 		'U_TERMS_USE'		=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=terms",
 		'U_PRIVACY'			=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=privacy",
-		'S_LOGIN_ACTION'	=> "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=login",
+		'S_DISPLAY_FULL_LOGIN'	=> ($s_display) ? true : false,
-		'S_HIDDEN_FIELDS' 	=> $s_hidden_fields)
+		'S_LOGIN_ACTION'		=> $redirect_page,
 		'S_HIDDEN_FIELDS' 		=> $s_hidden_fields)
 	);
 	page_header($user->lang['LOGIN']);
@ -1410,7 +1429,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			if (!defined('HEADER_INC'))
 			{
-				if (defined('IN_ADMIN'))
+				if (defined('IN_ADMIN') && !empty($user->data['session_admin']))
 				{
 					adm_page_header('', '', false);
 				}
@ -1425,7 +1444,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			$display_header = (!isset($display_header)) ? false : (bool) $display_header;
 			$show_prev_info = (!isset($show_prev_info)) ? true : (bool) $show_prev_info;
-			if (defined('IN_ADMIN'))
+			if (defined('IN_ADMIN') && !empty($user->data['session_admin']))
 			{
 				adm_page_message($msg_title, $msg_text, $display_header, $show_prev_info);
 				adm_page_footer();
@ -1445,6 +1464,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			}
 			exit;
 			break;
 		default:
 			if (defined('DEBUG_EXTRA'))
 			{
@ -1503,7 +1523,7 @@ function page_header($page_title = '')
 			$reading_sql = "AND s.session_page LIKE '%f=$f%'";
 		}
-		$sql = 'SELECT u.username, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_ip, s.session_allow_viewonline
+		$sql = 'SELECT u.username, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_ip, s.session_viewonline
 			FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . ' s
 			WHERE s.session_time >= ' . (time() - (intval($config['load_online_time']) * 60)) . "
 				$reading_sql
@ -1666,8 +1686,9 @@ function page_header($page_title = '')
 		'SITENAME' 						=> $config['sitename'],
 		'SITE_DESCRIPTION' 				=> $config['site_desc'],
 		'PAGE_TITLE' 					=> $page_title,
 		'SCRIPT_NAME'					=> substr($user->page, 0, strpos($user->page, '.')),
 		'LAST_VISIT_DATE' 				=> sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit),
-		'CURRENT_TIME' 					=> sprintf($user->lang['CURRENT_TIME'], $user->format_date(time())),
+		'CURRENT_TIME' 					=> sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)),
 		'TOTAL_USERS_ONLINE' 			=> $l_online_users,
 		'LOGGED_IN_USER_LIST' 			=> $online_userlist,
 		'RECORD_USERS' 					=> $l_online_record,
@ -1685,7 +1706,6 @@ function page_header($page_title = '')
 		'U_MEMBERLIST' 			=> "{$phpbb_root_path}memberlist.$phpEx$SID",
 		'U_VIEWONLINE' 			=> "{$phpbb_root_path}viewonline.$phpEx$SID",
 		'U_MEMBERSLIST'			=> "{$phpbb_root_path}memberlist.$phpEx$SID",
 		'U_GROUP_CP' 			=> "{$phpbb_root_path}groupcp.$phpEx$SID",
 		'U_LOGIN_LOGOUT'		=> $u_login_logout,
 		'U_INDEX' 				=> "{$phpbb_root_path}index.$phpEx$SID",
 		'U_SEARCH' 				=> "{$phpbb_root_path}search.$phpEx$SID",
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@ -30,28 +30,9 @@ class session
 		$current_time = time();
 		$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : $_ENV['HTTP_USER_AGENT'];
 		$this->page = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : $_ENV['REQUEST_URI'];
-
+		$this->page = preg_replace('#^.*?\/?(\/adm\/)?([a-z]+?\.' . $phpEx . '\?)sid=[a-z0-9]*&?(.*?)$#i', '\1\2\3', $this->page);
 		$split_page = array();
 		preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', $this->page, $split_page, PREG_SET_ORDER);
 		// Take care of SID
 		if (!isset($split_page[0][1]))
 		{
 			$split_page[0][1] = substr(strrchr($this->page, '/'), 1);
 		}
 		// Page for session_page value
 		$this->page = $split_page[0][1] . ((isset($split_page[0][2])) ? $split_page[0][2] : '');
 		$this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '';
 		// Current page correctly formatted for (login) redirects
 		$this->cur_page = str_replace('&amp;', '&', htmlspecialchars($split_page[0][1] . '.' . $phpEx . ((isset($split_page[0][2])) ? '?' . $split_page[0][2] : '')));
 		// Current page filename for use in template (index, viewtopic, viewforum...)
 		$this->current_page_filename = $split_page[0][1];
 		unset($split_page);
 		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data']))
 		{
 			$sessiondata = (!empty($_COOKIE[$config['cookie_name'] . '_data'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : array();
@ -145,12 +126,13 @@ class session
 	}
 	// Create a new session
-	function create(&$user_id, &$autologin, $set_autologin = false, $viewonline = 1)
+	function create(&$user_id, &$autologin, $set_autologin = false, $viewonline = 1, $admin = 0)
 	{
 		global $SID, $db, $config;
 		$sessiondata = array();
 		$current_time = time();
 		$current_user = $this->data['user_id'];
 		$bot = false;
 		// Pull bot information from DB and loop through it
@ -290,38 +272,45 @@ class session
 		// Create or update the session
 		$db->sql_return_on_error(true);
-		$sql = 'UPDATE ' . SESSIONS_TABLE . "
+		$sql_ary = array(
-			SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '" . $db->sql_escape($this->browser) . "', session_page = '" . $db->sql_escape($this->page) . "', session_allow_viewonline = $viewonline
+			'session_user_id'		=> (int) $user_id,
 			'session_start'			=> (int) $current_time,
 			'session_last_visit'	=> (int) $this->data['session_last_visit'],
 			'session_time'			=> (int) $current_time,
 			'session_browser'		=> (string) $this->browser,
 			'session_page'			=> (string) $this->page,
 			'session_viewonline'	=> (int) $viewonline,
 			'session_admin'			=> (int) $admin,
 		);
 		$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
 		if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows())
 		{
 			$db->sql_return_on_error(false);
 			$this->session_id = md5(uniqid($this->ip));
-			$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
+			$sql_ary['session_id'] = (string) $this->session_id;
-				'session_id'				=> (string) $this->session_id,
+
-				'session_user_id'			=> (int) $user_id,
+			$db->sql_query('INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
 				'session_start'				=> (int) $current_time,
 				'session_last_visit'		=> (int) $this->data['session_last_visit'],
 				'session_time'				=> (int) $current_time,
 				'session_ip'				=> (string) $this->ip,
 				'session_browser'			=> (string) $this->browser,
 				'session_page'				=> (string) $this->page,
 				'session_allow_viewonline'	=> (int) $viewonline
 			));
 			$db->sql_query($sql);
 		}
 		$db->sql_return_on_error(false);
 		if (!$bot)
 		{
 			$this->data['session_id'] = $this->session_id;
-			$sessiondata['autologinid'] = ($autologin && $user_id != ANONYMOUS) ? $autologin : '';
+			// Don't set cookies if we're an admin re-authenticating
-			$sessiondata['userid'] = $user_id;
+			if (!$admin || ($admin && $current_user == ANONYMOUS))
 			{
 				$sessiondata['userid'] = $user_id;
 				$sessiondata['autologinid'] = ($autologin && $user_id != ANONYMOUS) ? $autologin : '';
 				$this->set_cookie('data', serialize($sessiondata), $current_time + 31536000);
 				$this->set_cookie('sid', $this->session_id, 0);
 			}
 			$this->set_cookie('data', serialize($sessiondata), $current_time + 31536000);
 			$this->set_cookie('sid', $this->session_id, 0);
 			$SID = '?sid=' . $this->session_id;
 			if ($this->data['user_id'] != ANONYMOUS)
@ -359,12 +348,12 @@ class session
 				AND session_user_id = " . $this->data['user_id'];
 		$db->sql_query($sql);
-		$this->session_id = '';
+		// Reset some basic data immediately
 		$this->session_id = $this->data['username'] = '';
 		$this->data['user_id'] = ANONYMOUS;
 		$this->data['session_admin'] = 0;
-		if ($this->data['user_id'] != ANONYMOUS)
+		// Trigger EVENT_END_SESSION
 		{
 			// Trigger EVENT_END_SESSION
 		}
 		return true;
 	}
@ -1159,9 +1148,9 @@ class auth
 	}
 	// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
-	function login($username, $password, $autologin = false, $viewonline = 1)
+	function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
 	{
-		global $config, $user, $phpbb_root_path, $phpEx;
+		global $config, $db, $user, $phpbb_root_path, $phpEx;
 		$method = trim($config['auth_method']);
@ -1182,8 +1171,7 @@ class auth
 				$autologin = (!empty($autologin)) ? md5($password) : '';
-				// Trigger EVENT_LOGIN
+				return $user->create($login['user_id'], $autologin, true, $viewonline, $admin);
 				return $user->create($login['user_id'], $autologin, true, $viewonline);
 			}
 		}
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@ -0,0 +1,126 @@
 <?php
 // -------------------------------------------------------------
 //
 // $Id$
 //
 // FILENAME  : ucp_groups.php
 // STARTED   : Sun Jun 6, 2004
 // COPYRIGHT : © 2001, 2004 phpBB Group
 // WWW       : http://www.phpbb.com/
 // LICENCE   : GPL vs2.0 [ see /docs/COPYING ]
 //
 // -------------------------------------------------------------
 class ucp_groups extends module
 {
 	function ucp_groups($id, $mode)
 	{
 		global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
 		$user->add_lang('groups');
 		$submit		= (!empty($_POST['submit'])) ? true : false;
 		$delete		= (!empty($_POST['delete'])) ? true : false;
 		$error = $data = array();
 		switch ($mode)
 		{
 			case 'membership':
 				$sql = 'SELECT g.group_id, g.group_name, g.group_description, g.group_type, ug.group_leader, ug.user_pending
 					FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
 					WHERE ug.user_id = ' . $user->data['user_id'] . '
 						AND g.group_id = ug.group_id
 					ORDER BY g.group_type DESC, g.group_name';
 				$result = $db->sql_query($sql);
 				$group_id_ary = array();
 				$leader_count = $member_count = $pending_count = 0;
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$block = ($row['group_leader']) ? 'leader' : (($row['user_pending']) ? 'pending' : 'member');
 					$template->assign_block_vars($block, array(
 						'GROUP_ID'		=> $row['group_id'],
 						'GROUP_NAME'	=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
 						'GROUP_DESC'	=> ($row['group_type'] <> GROUP_SPECIAL) ? $row['group_description'] : $user->lang['GROUP_IS_SPECIAL'],
 						'GROUP_SPECIAL'	=> ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
 						'U_VIEW_GROUP'	=> "memberlist.$phpEx$SID&amp;mode=group&amp;g=" . $row['group_id'],
 						'S_GROUP_DEFAULT'	=> ($row['group_id'] == $user->data['group_id']) ? true : false,
 						'S_ROW_COUNT'		=> ${$block . '_count'}++,)
 					);
 					$group_id_ary[] = $row['group_id'];
 				}
 				$db->sql_freeresult($result);
 				// Hide hidden groups unless user is an admin with group privileges
 				$sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')';
 				$sql = 'SELECT group_id, group_name, group_description, group_type
 					FROM ' . GROUPS_TABLE . '
 					WHERE group_id NOT IN (' . implode(', ', $group_id_ary) . ")
 						AND group_type $sql_and
 					ORDER BY group_type DESC, group_name";
 				$result = $db->sql_query($sql);
 				$nonmember_count = 0;
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$template->assign_block_vars('nonmember', array(
 						'GROUP_ID'		=> $row['group_id'],
 						'GROUP_NAME'	=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
 						'GROUP_DESC'	=> $row['group_description'],
 						'GROUP_SPECIAL'	=> ($row['group_type'] <> GROUP_SPECIAL) ? false : true,
 						'GROUP_CLOSED'	=> ($row['group_type'] <> GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? false : true,
 						'U_VIEW_GROUP'	=> "memberlist.$phpEx$SID&amp;mode=group&amp;g=" . $row['group_id'],
 						'S_ROW_COUNT'	=> $nonmember_count++,)
 					);
 				}
 				$db->sql_freeresult($result);
 				$template->assign_vars(array(
 					'S_CHANGE_DEFAULT'	=> ($auth->acl_get('u_chggrp')) ? true : false,
 					'S_LEADER_COUNT'	=> $leader_count,
 					'S_MEMBER_COUNT'	=> $member_count,
 					'S_PENDING_COUNT'	=> $pending_count,
 					'S_NONMEMBER_COUNT'	=> $nonmember_count,)
 				);
 				break;
 			case 'manage':
 				break;
 		}
 		$this->display($user->lang['UCP_GROUPS'], 'ucp_groups_' . $mode . '.html');
 	}
 }
 /*
 	include($phpbb_root_path . 'includes/emailer.'.$phpEx);
 	$emailer = new emailer($config['smtp_delivery']);
 	$email_headers = 'From: ' . $config['board_email'] . "\nReturn-Path: " . $config['board_email'] . "\r\n";
 	$emailer->use_template('group_request', $moderator['user_lang']);
 	$emailer->email_address($moderator['user_email']);
 	$emailer->set_subject();//$lang['Group_request']
 	$emailer->extra_headers($email_headers);
 	$emailer->assign_vars(array(
 		'SITENAME' => $config['sitename'],
 		'GROUP_MODERATOR' => $moderator['username'],
 		'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 		'U_GROUPCP' => $server_url . '?' . 'g' . "=$group_id&validate=true")
 	);
 	$emailer->send();
 	$emailer->reset();
 */
 ?>
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@ -433,7 +433,6 @@ class ucp_profile extends module
 				$html_status = ($config['allow_html']) ? true : false;
 				$bbcode_status = ($config['allow_bbcode']) ? true : false;
 				$smilies_status = ($config['allow_smilies']) ? true : false;
 				// NOTE: allow_img and allow_flash do not exist in config table
 				$img_status = ($config['allow_img']) ? true : false;
 				$flash_status = ($config['allow_flash']) ? true : false;
--- a/phpBB/install/schemas/mysql_schema.sql
+++ b/phpBB/install/schemas/mysql_schema.sql
@ -602,7 +602,8 @@ CREATE TABLE phpbb_sessions (
   session_ip varchar(40) DEFAULT '0' NOT NULL,
   session_browser varchar(100) DEFAULT '' NULL,
   session_page varchar(100) DEFAULT '' NOT NULL,
-   session_allow_viewonline tinyint(1) DEFAULT '1' NOT NULL,
+   session_viewonline tinyint(1) DEFAULT '1' NOT NULL,
   session_admin tinyint(1) DEFAULT '0' NOT NULL,
   PRIMARY KEY (session_id),
   KEY session_time (session_time),
   KEY session_user_id (session_user_id)
--- a/phpBB/language/en/admin.php
+++ b/phpBB/language/en/admin.php
@ -28,9 +28,11 @@ if (empty($lang) || !is_array($lang))
 // in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine
 $lang += array(
-	'LOGIN_ADMIN'	=> 'You must be a registered, logged in user before attempting to administer the board.', 
+	'LOGIN_ADMIN'			=> 'To administer the board you must be an authenticated user.',
-	'NO_ADMIN'		=> 'You are not authorised to administer this board.',
+	'LOGIN_ADMIN_CONFIRM'	=> 'To administer the board you must re-authenticate yourself.',
-	'NO_FRAMES'		=> 'Sorry, your browser does not support frames.',
+	'LOGIN_ADMIN_SUCCESS'	=> 'You have successfully authenticated and will now be redirected to the Administration Control Panel',
 	'NO_ADMIN'				=> 'You are not authorised to administer this board.',
 	'NO_FRAMES'				=> 'Sorry, your browser does not support frames.',
 	'ADMIN_TITLE'	=> 'Administration Panel',
 	'ADMIN'			=> 'Administration',
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@ -32,7 +32,7 @@ $lang += array(
 	'DIRECTION'		=> 'ltr',
 	'LEFT'			=> 'left',
 	'RIGHT'			=> 'right',
-	'DATE_FORMAT'	=> 'd M Y',
+	'DATE_FORMAT'	=> '|d M Y|',
 	'1_DAY'					=> '1 Day',
@ -415,6 +415,9 @@ $lang += array(
 	'YOU_NO_NEW_PM'		=> 'No new private messages are waiting for you',
 	'datetime'			=> array(
 		'TODAY'		=> 'Today, ',
 		'YESTERDAY'	=> 'Yesterday, ',
 		'Sunday'	=> 'Sunday',
 		'Monday'	=> 'Monday',
 		'Tuesday'	=> 'Tuesday',
--- a/phpBB/language/en/groups.php
+++ b/phpBB/language/en/groups.php
@ -28,17 +28,23 @@ if (empty($lang) || !is_array($lang))
 // in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine
 $lang += array(
 	'GROUP_AVATAR'		=> 'Group avatar', 
 	'GROUP_CLOSED'		=> 'Closed',
 	'GROUP_DESC'		=> 'Group description',
 	'GROUP_HIDDEN'		=> 'Hidden',
 	'GROUP_INFORMATION'	=> 'Usergroup Information', 
 	'GROUP_MEMBERS'		=> 'Group members',
 	'GROUP_NAME'		=> 'Group name',
 	'GROUP_OPEN'		=> 'Open',
 	'GROUP_RANK'		=> 'Group rank', 
 	'GROUP_TYPE'		=> 'Group type',
 	'GROUP_IS_CLOSED'	=> 'This is a closed group, new members cannot automatically join.',
 	'GROUP_IS_OPEN'		=> 'This is an open group, members can apply to join.',
 	'GROUP_IS_HIDDEN'	=> 'This is a hidden group, only members of this group can view its membership.',
 	'GROUP_IS_FREE'		=> 'This is a freely open group, all new members are welcome.', 
 	'GROUP_IS_SPECIAL'	=> 'This is a special group, special groups are managed by the board administrators.', 
-	'No_groups_exist'	=> 'No Groups Exist',
+	'REMOVE_SELECTED'	=> 'Remove selected',
 	'REMOVE_SELECTED'	=> 'Remove selected'
 );
 ?>
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@ -362,8 +362,27 @@ $lang += array(
 		'REPORTED'		=> 'Reported',
 		'TO_GROUP'		=> 'Usergroup',
 		'TO_ME'			=> 'Me'
-	)
+	),
 	'UCP_GROUPS_MEMBERSHIP'	=> 'Memberships', 
 	'UCP_GROUPS_MANAGE'		=> 'Manage groups', 
 	'GROUPS_EXPLAIN'		=> 'Usergroups enable board admins to better administer users. By default you will be placed in a specific group, this is your default group. This group defines how you may appear to other users, for example your username colouration, avatar, rank, etc. Depending on whether the administrator allows it you may be allowed to change your default group. You may also be placed in or allowed to join other groups. Some groups may give you extra rights to view content or increase your capabilities in other areas.', 
 	'GROUP_LEADER'		=> 'Leaderships', 
 	'GROUP_MEMBER'		=> 'Memberships', 
 	'GROUP_PENDING'		=> 'Pending memberships', 
 	'GROUP_NONMEMBER'	=> 'Non-memberships', 
 	'GROUP_DETAILS'		=> 'Group details', 
 	'NO_LEADER'		=> 'No group leaderships',
 	'NO_MEMBER'		=> 'No group memberships', 
 	'NO_PENDING'	=> 'No pending memberships', 
 	'NO_NONMEMBER'	=> 'No non-member groups', 
 	'QUIT_ALL'		=> 'Quit all', 
 	'QUIT_MARKED'	=> 'Quit marked', 
 	'JOIN_ALL'		=> 'Join all', 
 	'JOIN_MARKED'	=> 'Join marked', 
 );
 ?>
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@ -356,7 +356,7 @@ if ($mode == 'approve' || $mode == 'disapprove')
 // Only Moderators can go beyond this point
 if ($user->data['user_id'] == ANONYMOUS)
 {
-	login_box("{$phpbb_root_path}mcp.$phpEx$SID&amp;mode=$mode&amp;i=$module", '', $user->lang['LOGIN_EXPLAIN_MCP']);
+	login_box('', $user->lang['LOGIN_EXPLAIN_MCP']);
 	if ($user->data['user_id'] == ANONYMOUS)
 	{
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -13,10 +13,7 @@
 // TODO
 // Add permission check for IM clients
 // Combine Jabber and email contact capabilities?
 // When registering a new jabber user the message doesn't get sent first time
 define('IN_PHPBB', true);
 $phpbb_root_path = './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.'.$phpEx);
@ -24,12 +21,13 @@ include($phpbb_root_path . 'common.'.$phpEx);
 // Start session management
 $user->start();
 $auth->acl($user->data);
-$user->setup('memberlist');
+$user->setup(array('memberlist', 'groups'));
 // Grab data
 $mode		= request_var('mode', '');
 $action		= request_var('action', '');
 $user_id	= request_var('u', ANONYMOUS);
 $group_id	= request_var('g', 0);
 $topic_id	= request_var('t', 0);
 switch ($mode)
@ -46,7 +44,7 @@ switch ($mode)
 				trigger_error($user->lang['NO_VIEW_USERS']);
 			}
-			login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
+			login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
 		}
 		break;
 }
@ -68,6 +66,7 @@ obtain_ranks($ranks);
 switch ($mode)
 {
 	case 'leaders':
 		// TODO
 		// Display a listing of board admins, moderators?
 		$user_ary = $auth->acl_get_list(false, array('a_', 'm_'), false);
@ -406,7 +405,7 @@ switch ($mode)
 			'JABBER_IMG'	=> $user->img('btn_jabber', $user->lang['JABBER']),
 			'SEARCH_IMG'	=> $user->img('btn_search', $user->lang['SEARCH']),
-			'S_PROFILE_ACTION'	=> "groupcp.$phpEx$SID", 
+			'S_PROFILE_ACTION'	=> "memberlist.$phpEx$SID&amp;mode=group",
 			'S_GROUP_OPTIONS'	=> $group_options,
 			'U_ADD_FRIEND'		=> "ucp.$phpEx$SID&amp;i=zebra&amp;add=" . urlencode($member['username']),
@ -603,6 +602,7 @@ switch ($mode)
 		);
 		break;
 	case 'group':
 	default:
 		// The basic memberlist
 		$page_title = $user->lang['MEMBERLIST'];
@ -610,7 +610,7 @@ switch ($mode)
 		// Sorting
 		$sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'e' => $user->lang['SORT_EMAIL'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['SORT_LAST_ACTIVE'], 'l' => $user->lang['SORT_RANK']);
-		$sort_key_sql = array('a' => 'username', 'b' => 'user_from', 'c' => 'user_regdate', 'd' => 'user_posts', 'e' => 'user_email', 'f' => 'user_website', 'g' => 'user_icq', 'h' => 'user_aim', 'i' => 'user_msnm', 'j' => 'user_yim', 'k' => 'user_lastvisit', 'l' => 'user_rank DESC, user_posts');
+		$sort_key_sql = array('a' => 'u.username', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'e' => 'u.user_email', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_lastvisit', 'l' => 'u.user_rank DESC, u.user_posts');
 		$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
@ -676,15 +676,15 @@ switch ($mode)
 				$s_find_active_time .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
 			}
-			$where_sql .= ($username) ? " AND username LIKE '" . str_replace('*', '%', $db->sql_escape($username)) ."'" : '';
+			$sql_where .= ($username) ? " AND u.username LIKE '" . str_replace('*', '%', $db->sql_escape($username)) ."'" : '';
-			$where_sql .= ($email) ? " AND user_email LIKE '" . str_replace('*', '%', $db->sql_escape($email)) ."' " : '';
+			$sql_where .= ($email) ? " AND u.user_email LIKE '" . str_replace('*', '%', $db->sql_escape($email)) ."' " : '';
-			$where_sql .= ($icq) ? " AND user_icq LIKE '" . str_replace('*', '%', $db->sql_escape($icq)) ."' " : '';
+			$sql_where .= ($icq) ? " AND u.user_icq LIKE '" . str_replace('*', '%', $db->sql_escape($icq)) ."' " : '';
-			$where_sql .= ($aim) ? " AND user_aim LIKE '" . str_replace('*', '%', $db->sql_escape($aim)) ."' " : '';
+			$sql_where .= ($aim) ? " AND u.user_aim LIKE '" . str_replace('*', '%', $db->sql_escape($aim)) ."' " : '';
-			$where_sql .= ($yahoo) ? " AND user_yim LIKE '" . str_replace('*', '%', $db->sql_escape($yahoo)) ."' " : '';
+			$sql_where .= ($yahoo) ? " AND u.user_yim LIKE '" . str_replace('*', '%', $db->sql_escape($yahoo)) ."' " : '';
-			$where_sql .= ($msn) ? " AND user_msnm LIKE '" . str_replace('*', '%', $db->sql_escape($msn)) ."' " : '';
+			$sql_where .= ($msn) ? " AND u.user_msnm LIKE '" . str_replace('*', '%', $db->sql_escape($msn)) ."' " : '';
-			$where_sql .= ($count) ? " AND user_posts " . $find_key_match[$count_select] . " $count " : '';
+			$sql_where .= ($count) ? " AND u.user_posts " . $find_key_match[$count_select] . " $count " : '';
-			$where_sql .= (sizeof($joined) > 1) ? " AND user_regdate " . $find_key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, intval($joined[1]), intval($joined[2]), intval($joined[0])) : '';
+			$sql_where .= (sizeof($joined) > 1) ? " AND u.user_regdate " . $find_key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, intval($joined[1]), intval($joined[2]), intval($joined[0])) : '';
-			$where_sql .= (sizeof($active) > 1) ? " AND user_lastvisit " . $find_key_match[$active_select] . ' ' . gmmktime(0, 0, 0, $active[1], intval($active[2]), intval($active[0])) : '';
+			$sql_where .= (sizeof($active) > 1) ? " AND u.user_lastvisit " . $find_key_match[$active_select] . ' ' . gmmktime(0, 0, 0, $active[1], intval($active[2]), intval($active[0])) : '';
 			if ($ipdomain)
 			{
@ -704,26 +704,102 @@ switch ($mode)
 					}
 					while ($row = $db->sql_fetchrow($result));
-					$where_sql .= ' AND user_id IN (' . implode(', ', $ip_sql) . ')';
+					$sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')';
 				}
 				else
 				{
 					// A minor fudge but it does the job :D
-					$where_sql .= " AND user_id IN ('-1')";
+					$sql_where .= " AND u.user_id IN ('-1')";
 				}
 			}
 		}
 		// Are we looking at a usergroup? If so, fetch additional info
 		// and further restrict the user info query
 		$sql_from = '';
 		if ($mode == 'group')
 		{
 			$sql = 'SELECT *
 				FROM ' . GROUPS_TABLE . "
 				WHERE group_id = $group_id";
 			$result = $db->sql_query($sql);
 			if (!extract($db->sql_fetchrow($result)))
 			{
 				trigger_error($user->lang['NO_GROUP']);
 			}
 			$db->sql_freeresult($result);
 			switch ($group_type)
 			{
 				case GROUP_OPEN:
 					$group_type = 'OPEN';
 					break;
 				case GROUP_CLOSED:
 					$group_type = 'CLOSED';
 					break;
 				case GROUP_HIDDEN:
 					$group_type = 'HIDDEN';
 					break;
 				case GROUP_SPECIAL:
 					$group_type = 'SPECIAL';
 					break;
 				case GROUP_FREE:
 					$group_type = 'FREE';
 					break;
 			}
 			$avatar_img = '';
 			if ($group_avatar)
 			{
 				switch ($group_avatar_type)
 				{
 					case AVATAR_UPLOAD:
 						$avatar_img = $phpbb_root_path . $config['avatar_path'] . '/';
 						break;
 					case AVATAR_GALLERY:
 						$avatar_img = $phpbb_root_path . $config['avatar_gallery_path'] . '/';
 						break;
 				}
 				$avatar_img .= $group_avatar;
 				$avatar_img = '<img src="' . $avatar_img . '" width="' . $group_avatar_width . '" height="' . $group_avatar_height . '" border="0" alt="" />';
 			}
 			$rank_title = $rank_img = '';
 			if (!empty($group_rank))
 			{
 				$rank_title = $ranks['special'][$group_rank]['rank_title'];
 				$rank_img = (!empty($ranks['special'][$group_rank]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$group_rank]['rank_image'] . '" border="0" alt="' . $ranks['special'][$group_rank]['rank_title'] . '" title="' . $ranks['special'][$group_rank]['rank_title'] . '" /><br />' : '';
 			}
 			$template->assign_vars(array(
 				'GROUP_DESC'	=> $group_description,
 				'GROUP_NAME'	=> $group_name,
 				'GROUP_COLOR'	=> $group_colour,
 				'GROUP_TYPE'	=> $user->lang['GROUP_IS_' . $group_type],
 				'GROUP_RANK'	=> $rank_title,
 				'AVATAR_IMG'	=> $avatar_img,
 				'RANK_IMG'		=> $rank_img,
 				'U_PM'			=> ($auth->acl_get('u_sendpm')) ? "ucp.$phpEx$SID&amp;i=pm&amp;mode=compose&amp;address_list[g][$group_id]=to" : '',)
 			);
 			$sql_from = ', ' . USER_GROUP_TABLE . ' ug ';
 			$sql_where .= " AND u.user_id = ug.user_id AND ug.group_id = $group_id";
 		}
 		// Sorting and order
 		$order_by = $sort_key_sql[$sort_key] . '  ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
 		// Count the users ...
-		if ($where_sql)
+		if ($sql_where)
 		{
-			$sql = 'SELECT COUNT(user_id) AS total_users
+			$sql = 'SELECT COUNT(u.user_id) AS total_users
-				FROM ' . USERS_TABLE . '
+				FROM ' . USERS_TABLE . " u$sql_from
-				WHERE user_type <> ' . USER_IGNORE . "
+				WHERE u.user_type <> " . USER_IGNORE . "
-				$where_sql";
+				$sql_where";
 			$result = $db->sql_query($sql);
 			$total_users = ($row = $db->sql_fetchrow($result)) ? $row['total_users'] : 0;
@ -733,6 +809,10 @@ switch ($mode)
 			$total_users = $config['num_users'];
 		}
 		// Pagination string
 		$pagination_url = "memberlist.$phpEx$SID&amp;mode=$mode";
@ -747,6 +827,9 @@ switch ($mode)
 			$pagination_url .= '&amp;' . $key . '=' . urlencode(htmlspecialchars($var));
 		}
 		// Some search user specific data
 		if ($mode == 'searchuser' && ($config['load_search'] || $auth->acl_get('a_')))
 		{
@ -774,8 +857,6 @@ switch ($mode)
 			);
 		}
 		// TODO
 		// ?????????
 		$sql = 'SELECT session_user_id, MAX(session_time) AS session_time
 			FROM ' . SESSIONS_TABLE . '
 			WHERE session_time >= ' . (time() - 300) . '
@ -791,10 +872,10 @@ switch ($mode)
 		$db->sql_freeresult($result);
 		// Do the SQL thang
-		$sql = 'SELECT username, user_id, user_colour, user_allow_viewemail, user_posts, user_regdate, user_rank, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_lastvisit
+		$sql = 'SELECT u.username, u.user_id, u.user_colour, u.user_allow_viewemail, u.user_posts, u.user_regdate, u.user_rank, u.user_from, u.user_website, u.user_email, u.user_icq, u.user_aim, u.user_yim, u.user_msnm, u.user_avatar, u.user_avatar_type, u.user_lastvisit
-			FROM ' . USERS_TABLE . ' 
+			FROM ' . USERS_TABLE . " u$sql_from
-			WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
+			WHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")
-				$where_sql 
+				$sql_where
 			ORDER BY $order_by";
 		$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
@ -807,6 +888,7 @@ switch ($mode)
 				$template->assign_block_vars('memberrow', array_merge(show_profile($row), array(
 					'ROW_NUMBER'	=> $i + ($start + 1),
 					'U_VIEWPROFILE'		=> "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $row['user_id']))
 				);
@ -846,9 +928,10 @@ switch ($mode)
 		'U_SORT_ACTIVE'		=> "memberlist.$phpEx$SID&amp;sk=k&amp;sd=" . (($sort_key == 'k' && $sort_dir == 'a') ? 'd' : 'a'),
 		'U_SORT_RANK'		=> "memberlist.$phpEx$SID&amp;sk=l&amp;sd=" . (($sort_key == 'l' && $sort_dir == 'a') ? 'd' : 'a'),
-		'S_MODE_SELECT' => $s_sort_key,
+		'S_SHOW_GROUP'		=> ($mode == 'group') ? true : false,
-		'S_ORDER_SELECT'=> $s_sort_dir,
+		'S_MODE_SELECT'		=> $s_sort_key,
-		'S_MODE_ACTION' => "memberlist.$phpEx$SID&amp;mode=$mode&amp;form=$form")
+		'S_ORDER_SELECT'	=> $s_sort_dir,
 		'S_MODE_ACTION'		=> $pagination_url . "&amp;form=$form")
 	);
 }
@ -914,7 +997,7 @@ function show_profile($data)
 		'U_PROFILE'		=> "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=$user_id",
 		'U_SEARCH_USER'	=> ($auth->acl_get('u_search')) ? "search.$phpEx$SID&amp;search_author=" . urlencode($username) . "&amp;show_results=posts" : '',
-		'U_PM'			=> ($auth->acl_get('u_sendpm')) ? "ucp.$phpEx$SID&amp;i=pm&amp;mode=compose&amp;u=$user_id" : '',
+		'U_PM'			=> ($auth->acl_get('u_sendpm')) ? "ucp.$phpEx$SID&amp;mode=pm&amp;action=send&amp;u=$user_id" : '',
 		'U_EMAIL'		=> $email,
 		'U_WWW'			=> (!empty($data['user_website'])) ? $data['user_website'] : '',
 		'U_ICQ'			=> ($data['user_icq']) ? "memberlist.$phpEx$SID&amp;mode=contact&amp;action=icq&amp;u=$user_id" : '',
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@ -265,7 +265,7 @@ if (!$auth->acl_get('f_' . $mode, $forum_id) && $forum_type == FORUM_POST)
 		trigger_error('USER_CANNOT_' . strtoupper($mode));
 	}
-	login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
+	login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
 }
@ -276,26 +276,29 @@ if (($forum_status == ITEM_LOCKED || $topic_status == ITEM_LOCKED) && !$auth->ac
 	trigger_error($message);
 }
-// Can we edit this post?
+// Can we edit this post ... if we're a moderator with rights then always yes
 // else it depends on editing times, lock status and if we're the correct user
 // !$preview && !$refresh && !$submit &&
 if ($mode == 'edit' && !$preview && !$refresh && !$submit && !$auth->acl_get('m_edit', $forum_id))
 {
 	if ($user->data['user_id'] != $poster_id)
 	{
 		trigger_error('USER_CANNOT_EDIT');
 	}
 	if (!($post_time > time() - $config['edit_time'] || !$config['edit_time']))
 	{
 		trigger_error('CANNOT_EDIT_TIME');
 	}
 }
 // Do we want to edit our post ?
 if ($mode == 'edit' && !$auth->acl_get('m_edit', $forum_id) && ($user->data['user_id'] != $poster_id || $post_edit_locked))
 {
 	if ($post_edit_locked)
 	{
 		trigger_error('CANNOT_EDIT_POST_LOCKED');
 	}
 	trigger_error('USER_CANNOT_EDIT');
 }
 // Do we want to edit our post ?
 if ($mode == 'edit')
 {
 	$message_parser->bbcode_uid = $bbcode_uid;
--- a/phpBB/search.php
+++ b/phpBB/search.php
@ -21,35 +21,33 @@ define('IN_PHPBB', true);
 $phpbb_root_path = './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.'.$phpEx);
 include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
 // Define initial vars
 $mode		= (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : false;
 $search_id	= (isset($_REQUEST['search_id'])) ? htmlspecialchars($_REQUEST['search_id']) : false;
 $start		= (isset($_REQUEST['start'])) ? intval($_REQUEST['start']) : 0;
 $post_id	= (isset($_GET['p'])) ? max(intval($_GET['p']), 0) : 0;
 $view		= (isset($_GET['view'])) ? htmlspecialchars($_GET['view']) : false;
 $search_keywords	= (!empty($_REQUEST['search_keywords'])) ? $_REQUEST['search_keywords'] : false;
 $search_author		= (!empty($_REQUEST['search_author'])) ? htmlspecialchars($_REQUEST['search_author']) : false;
 $show_results		= (isset($_REQUEST['show_results'])) ? htmlspecialchars($_REQUEST['show_results']) : 'posts';
 $search_terms		= (isset($_REQUEST['search_terms'])) ? (($_REQUEST['search_terms'] == 'all') ? 1 : 0) : 1;
 $search_fields		= (isset($_REQUEST['search_fields'])) ? $_REQUEST['search_fields'] : 'all';
 $search_child		= (!empty($_REQUEST['search_child'])) ? true : false;
 $return_chars	= (isset($_REQUEST['return_chars'])) ? intval($_REQUEST['return_chars']) : 200;
 $search_forum	= (!empty($_GET['f'])) ? array(intval($_GET['f'])) : ((isset($_REQUEST['search_forum'])) ? array_map('intval', $_REQUEST['search_forum']) : array());
 $search_time	= (isset($_REQUEST['search_time'])) ? (time() - intval($_REQUEST['search_time'])) * 86400 : 0;
 $sort_days	= (!empty($_REQUEST['st'])) ? intval($_REQUEST['st']) : 0;
 $sort_key	= (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 't';
 $sort_dir	= (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'd';
 // Start session management
 $user->start();
 $auth->acl($user->data);
 $user->setup('search');
 // Define initial vars
 $mode		= request_var('mode', '');
 $search_id	= request_var('search_id', '');
 $start		= request_var('start', 0);
 $post_id	= request_var('p', 0);
 $view		= request_var('view', '');
 $search_keywords	= request_var('search_keywords', '');
 $search_author		= request_var('search_author', '');
 $show_results		= request_var('show_results', 'posts');
 $search_terms		= request_var('search_terms', 'all');
 $search_fields		= request_var('search_fields', 'all');
 $search_child		= request_var('search_child', true);
 $return_chars	= request_var('return_chars', 200);
 $search_forum	= request_var('f', 0);
 $sort_days	= request_var('st', 0);
 $sort_key	= request_var('sk', 't');
 $sort_dir	= request_var('sd', 'd');
 // Is user able to search? Has search been disabled?
 if (!$auth->acl_get('u_search') || !$config['load_search'])
 {
@ -100,11 +98,9 @@ if ($search_keywords || $search_author || $search_id)
 	$sql_forums = array();
 	while ($row = $db->sql_fetchrow($result))
 	{
 //		echo "<br />" . $row['forum_id'] . " -> " . $row['forum_name'] . " :: " . $auth->acl_get('f_read', $row['forum_id']) . " && " . ((!$row['forum_password'] || $row['user_id'] == $user->data['user_id']));
 		if ($search_child)
 		{
-			if (in_array($row['forum_id'], $search_forum) && $row['right_id'] > $right_id)
+			if (!$search_forum || (in_array($row['forum_id'], $search_forum) && $row['right_id'] > $right_id))
 			{
 				$right_id = $row['right_id'];
 			}
@ -320,13 +316,15 @@ if ($search_keywords || $search_author || $search_id)
 	}
-	if ($search_keywords && sizeof($split_words) && array_diff($split_words, $old_split_words))
+	if (sizeof($split_words) && array_diff($split_words, $old_split_words))
 	{
 		// This "entire" section may be switched out to allow for alternative search systems
 		// such as that built-in to MySQL, MSSQL, etc. or external solutions which provide
 		// an appropriate API
-		$bool = ($search_terms) ? 'AND' : 'OR';
+		$bool = ($search_terms == 'all') ? 'AND' : 'OR';
 		$sql_words = '';
 		foreach ($split_words as $word)
 		{
@ -342,8 +340,9 @@ if ($search_keywords || $search_author || $search_id)
 					$bool = 'OR';
 					continue;
 				default:
 					$bool = ($search_terms != 'all') ? 'OR' : $bool;
 					$sql_words[$bool][] = "'" . preg_replace('#\*+#', '%', trim($word)) . "'";
-					$bool = ($search_terms) ? 'AND' : 'OR';
+					$bool = ($search_terms == 'all') ? 'AND' : 'OR';
 			}
 		}
@ -486,6 +485,8 @@ if ($search_keywords || $search_author || $search_id)
 		$post_id_ary = array_unique($post_id_ary);
 		if (!sizeof($post_id_ary))
 		{
 			trigger_error($user->lang['NO_SEARCH_RESULTS']);
@ -579,6 +580,8 @@ if ($search_keywords || $search_author || $search_id)
 		unset($data);
 	}
 	// Include the bbcode parser
 	include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
 	// Look up data ...
 	$per_page = ($show_results == 'posts') ? $config['posts_per_page'] : $config['topics_per_page'];
@ -598,8 +601,8 @@ if ($search_keywords || $search_author || $search_id)
 	$template->assign_vars(array(
 		'SEARCH_MATCHES'	=> $l_search_matches,
 		'SEARCH_WORDS'		=> $split_words, 
-		'IGNORED_WORDS'		=> ($ignored_words) ? $ignored_words : 'No words', 
+		'IGNORED_WORDS'		=> ($ignored_words) ? $ignored_words : $user->lang['NO_IGNORE_WORDS'], 
-		'PAGINATION'		=> generate_pagination("search.$phpEx$SID&amp;search_id=$search_id&amp;sk=$sort_key&amp;sd=$sort_dir&amp;st=$sort_days", $total_match_count, $per_page, $start),
+		'PAGINATION'		=> generate_pagination("search.$phpEx$SID&amp;search_id=$search_id&amp;hilit=$hilit&amp;sk=$sort_key&amp;sd=$sort_dir&amp;st=$sort_days", $total_match_count, $per_page, $start),
 		'PAGE_NUMBER'		=> on_page($total_match_count, $start),
 		'S_SELECT_SORT_DIR'		=> $s_sort_dir,
--- a/phpBB/styles/subSilver/template/login_body.html
+++ b/phpBB/styles/subSilver/template/login_body.html
@ -35,6 +35,7 @@
 				<td><b class="gensmall">{L_PASSWORD}:</b></td>
 				<td><input class="post" type="password" name="password" size="25" maxlength="25" tabindex="2" /><br /><a class="gensmall" href="{U_SEND_PASSWORD}">{L_FORGOT_PASS}</a></td>
 			</tr>
 			<!-- IF S_DISPLAY_FULL_LOGIN -->
 			<tr>
 				<td>&nbsp;</td>
 				<td><input type="checkbox" name="autologin" tabindex="4" /> <span class="gensmall">{L_LOG_ME_IN}</span></td>
@ -43,6 +44,7 @@
 				<td>&nbsp;</td>
 				<td><input type="checkbox" name="viewonline" tabindex="5" /> <span class="gensmall">{L_HIDE_ME}</span></td>
 			</tr>
 			<!-- ENDIF -->
 		</table></td>
 	</tr>
 	<tr>
--- a/phpBB/styles/subSilver/template/memberlist_body.html
+++ b/phpBB/styles/subSilver/template/memberlist_body.html
@ -4,10 +4,10 @@
 	<div id="pagecontent">
 <!-- You should retain this javascript in your own template! -->
 <!-- IF S_SEARCH_USER --><!-- INCLUDE memberlist_search.html --><!-- ENDIF -->
 <!-- IF S_SHOW_GROUP --><!-- INCLUDE memberlist_group.html --><!-- ENDIF -->
 		<!-- IF S_SEARCH_USER -->
 			<form method="post" name="results" action="{S_MODE_ACTION}" onsubmit="insert_marked(this.user);return false">
 		<!-- ELSEIF U_FIND_MEMBER-->
@ -41,7 +41,7 @@
 			<!-- ENDIF -->
 				<td class="gen" align="center">&nbsp;{memberrow.ROW_NUMBER}&nbsp;</td>
-				<td class="gen" align="center"><a href="{memberrow.U_VIEWPROFILE}"><!-- IF memberrow.USER_COLOR --><b style="color:{memberrow.USER_COLOR}"><!-- ELSE --><b><!-- ENDIF -->{memberrow.USERNAME}</b></a></td>
+				<td class="gen" align="center"><strong><a<!-- IF memberrow.USER_COLOR --> style="color:#{memberrow.USER_COLOR}"<!-- ENDIF --> href="{memberrow.U_VIEWPROFILE}">{memberrow.USERNAME}</a></strong></td>
 				<td class="gensmall" align="center" nowrap="nowrap">&nbsp;{memberrow.JOINED}&nbsp;</td>
 				<td class="gen" align="center">{memberrow.POSTS}</td>
 				<td class="gen" align="center">{memberrow.RANK_IMG}</td>
--- a/phpBB/styles/subSilver/template/memberlist_search.html
+++ b/phpBB/styles/subSilver/template/memberlist_search.html
@ -1,4 +1,6 @@
 <!-- You should retain this javascript in your own template! -->
 <script language="javascript" type="text/javascript">
 <!--
 function insert_user(user)
--- a/phpBB/styles/subSilver/template/memberlist_view.html
+++ b/phpBB/styles/subSilver/template/memberlist_view.html
@ -4,7 +4,7 @@
 	<div id="pagecontent">
-		<table class="tablebg" width="100%" cellspacing="1">
+		<form method="post" action="{S_PROFILE_ACTION}"><table class="tablebg" width="100%" cellspacing="1">
 			<tr> 
 				<th colspan="2" nowrap="nowrap">{L_VIEWING_PROFILE}</th>
 			</tr>
--- a/phpBB/styles/subSilver/theme/stylesheet.css
+++ b/phpBB/styles/subSilver/theme/stylesheet.css
@ -86,13 +86,16 @@ p.postapprove { margin: 1px 0px; color: green; }
 /* 
 	TABLE
 */
-th { height: 28px; color: #FFA34F; font-size: 70%; font-weight: bold; background-color: #006699; background-image: url('./images/cellpic3.gif'); white-space: nowrap; }
+th { height: 28px; color: #FFA34F; font-size: 70%; font-weight: bold; background-color: #006699; background-image: url('./images/cellpic3.gif'); white-space: nowrap; padding-left: 5px; padding-right: 5px; }
 .tablebg { background-color: #A9B8C2; }
 .catdiv { height: 28px; margin: 0px; padding: 0px; border: 0px; background-color: white; background-image: url('./images/cellpic2.jpg'); background-repeat: repeat-y; }
 .cat { height: 28px; margin: 0px; padding: 0px; border: 0px; background-color: #C7D0D7; background-image: url('./images/cellpic1.gif'); text-indent: 4px; }
 .row1 { background-color: #ECECEC; padding: 4px; }
 .row2 { background-color: #DCE1E5; padding: 4px; }
-.row3 { background-color: #C7CFD7; padding: 4px; }
+.row3 { background-color: #C0C8D0; padding: 4px; }
 .rowgood { background-color: #C2D6CD; padding: 4px; }
 .rowneutral { background-color: #CAC1D7; padding: 4px; }
 .rowbad { background-color: #D7C1C3; padding: 4px; }
 .spacer { background-color: #D1D7DC; }
 hr { height: 1px; border-width: 0px; background-color: #D1D7DC; color: #D1D7DC }
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@ -289,13 +289,7 @@ switch ($mode)
 			redirect("index.$phpEx$SID");
 		}
-		login_box("ucp.$phpEx$SID&amp;mode=login", '', '', true);
+		login_box("index.$phpEx$SID");
 		$redirect = request_var('redirect', "index.$phpEx$SID");
 		meta_refresh(3, $redirect);
 		$message = $user->lang['LOGIN_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> ');
 		trigger_error($message);
 		break;
 	case 'logout':
@ -304,10 +298,9 @@ switch ($mode)
 			$user->destroy();
 		}
-		$redirect = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : "index.$phpEx$SID";
+		meta_refresh(3, "index.$phpEx$SID");
 		meta_refresh(3, $redirect);
-		$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a> ');
+		$message = $user->lang['LOGOUT_REDIRECT'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . "index.$phpEx$SID" . '">', '</a> ');
 		trigger_error($message);
 		break;
@ -353,7 +346,7 @@ if ($user->data['user_id'] == ANONYMOUS || $user->data['user_type'] == USER_INAC
 		redirect("index.$phpEx$SID");
 	}
-	login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_UCP']);
+	login_box('', $user->lang['LOGIN_EXPLAIN_UCP']);
 }
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@ -109,7 +109,7 @@ if ($forum_data['forum_link'])
 		$db->sql_query($sql);
 	}
-	redirect($forum_data['forum_link']);
+	redirect(str_replace('&amp;', '&', $forum_data['forum_link']));
 }
 // Configure style, language, etc.
--- a/phpBB/viewonline.php
+++ b/phpBB/viewonline.php
@ -83,7 +83,7 @@ $db->sql_freeresult($result);
 // Get user list
-$sql = 'SELECT u.user_id, u.username, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_id, s.session_time, s.session_page, s.session_ip, s.session_allow_viewonline
+$sql = 'SELECT u.user_id, u.username, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_id, s.session_time, s.session_page, s.session_ip, s.session_viewonline
 	FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . ' s
 	WHERE u.user_id = s.session_user_id
 		AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) . '
@ -105,7 +105,7 @@ while ($row = $db->sql_fetchrow($result))
 			$username = '<b style="color:#' . $row['user_colour'] . '">' . $username . '</b>';
 		}
-		if (!$row['user_allow_viewonline'] || !$row['session_allow_viewonline'])
+		if (!$row['user_allow_viewonline'] || !$row['session_viewonline'])
 		{
 			$view_online = ($auth->acl_gets('u_viewonline')) ? true : false;
 			$logged_hidden_online++;
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -258,7 +258,7 @@ if (!$auth->acl_get('f_read', $forum_id))
 		trigger_error($user->lang['SORRY_AUTH_READ']);
 	}
-	login_box($user->cur_page, '', $user->lang['LOGIN_VIEWTOPIC']);
+	login_box('', $user->lang['LOGIN_VIEWFORUM']);
 }
 // Forum is passworded ... check whether access has been granted to this