");
+ require($phpbb_root_path . 'config.' . $phpEx);
}
-require($phpbb_root_path . 'config.' . $phpEx);
-
if (!defined('PHPBB_INSTALLED'))
{
// Redirect the user to the installer
diff --git a/phpBB/config.php b/phpBB/config.php
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/phpBB/includes/.htaccess b/phpBB/includes/.htaccess
new file mode 100644
index 0000000000..4128d345ab
--- /dev/null
+++ b/phpBB/includes/.htaccess
@@ -0,0 +1,4 @@
+
+ Order Allow,Deny
+ Deny from All
+
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index b672e212bf..f1bc47c393 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -134,7 +134,8 @@ function login_db(&$username, &$password)
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
- WHERE user_id = ' . $row['user_id'];
+ WHERE user_id = ' . (int) $row['user_id'] . '
+ AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
return array(
@@ -194,7 +195,8 @@ function login_db(&$username, &$password)
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
- WHERE user_id = ' . $row['user_id'];
+ WHERE user_id = ' . (int) $row['user_id'] . '
+ AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
// Give status about wrong password...
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index ff572869e2..ebaa342f54 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -69,6 +69,10 @@ define('LOGIN_ERROR_ATTEMPTS', 13);
define('LOGIN_ERROR_EXTERNAL_AUTH', 14);
define('LOGIN_ERROR_PASSWORD_CONVERT', 15);
+// Maximum login attempts
+// The value is arbitrary, but it has to fit into the user_login_attempts field.
+define('LOGIN_ATTEMPTS_MAX', 100);
+
// Group settings
define('GROUP_OPEN', 0);
define('GROUP_CLOSED', 1);
diff --git a/phpBB/language/en/acp/styles.php b/phpBB/language/en/acp/styles.php
index 951c69f915..f161a7e6e6 100644
--- a/phpBB/language/en/acp/styles.php
+++ b/phpBB/language/en/acp/styles.php
@@ -76,13 +76,13 @@ $lang = array_merge($lang, array(
'DEACTIVATE_DEFAULT' => 'You cannot deactivate the default style.',
'DELETE_FROM_FS' => 'Delete from filesystem',
'DELETE_IMAGESET' => 'Delete imageset',
- 'DELETE_IMAGESET_EXPLAIN' => 'Here you can remove the selected imageset from the database. Additionally, if you have permission you can elect to remove the set from the filesystem. Please note that there is no undo capability. When the imageset is deleted it is gone for good. It is recommended that you first export your set for possible future use.',
+ 'DELETE_IMAGESET_EXPLAIN' => 'Here you can remove the selected imageset from the database. Please note that there is no undo capability. It is recommended that you first export your set for possible future use.',
'DELETE_STYLE' => 'Delete style',
- 'DELETE_STYLE_EXPLAIN' => 'Here you can remove the selected style. You cannot remove all the style elements from here. These must be deleted individually via their respective forms. Take care in deleting styles there is no undo facility.',
+ 'DELETE_STYLE_EXPLAIN' => 'Here you can remove the selected style. You cannot remove all the style elements from here. These must be deleted individually via their respective forms. Take care when deleting styles, there is no undo facility.',
'DELETE_TEMPLATE' => 'Delete template',
- 'DELETE_TEMPLATE_EXPLAIN' => 'Here you can remove the selected template set from the database. Additionally, if you have permission you can elect to remove the set from the filesystem. Please note that there is no undo capability. When the templates are deleted they are gone for good. It is recommended that you first export your set for possible future use.',
+ 'DELETE_TEMPLATE_EXPLAIN' => 'Here you can remove the selected template set from the database. Please note that there is no undo capability. It is recommended that you first export your set for possible future use.',
'DELETE_THEME' => 'Delete theme',
- 'DELETE_THEME_EXPLAIN' => 'Here you can remove the selected theme from the database. Additionally, if you have permission you can elect to remove the theme from the filesystem. Please note that there is no undo capability. When the theme is deleted it is gone for good. It is recommended that you first export your theme for possible future use.',
+ 'DELETE_THEME_EXPLAIN' => 'Here you can remove the selected theme from the database. Please note that there is no undo capability. It is recommended that you first export your theme for possible future use.',
'DETAILS' => 'Details',
'DIMENSIONS_EXPLAIN' => 'Selecting yes here will include width/height parameters.',
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 86e953680a..73ff836f01 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -1300,7 +1300,7 @@ $attachment_data = $message_parser->attachment_data;
$filename_data = $message_parser->filename_data;
$post_data['post_text'] = $message_parser->message;
-if (sizeof($post_data['poll_options']) || $post_data['poll_title'])
+if (sizeof($post_data['poll_options']) || !empty($post_data['poll_title']))
{
$message_parser->message = $post_data['poll_title'];
$message_parser->bbcode_uid = $post_data['bbcode_uid'];
diff --git a/phpBB/styles/prosilver/template/login_body.html b/phpBB/styles/prosilver/template/login_body.html
index e52ccd6434..26e425a1d0 100644
--- a/phpBB/styles/prosilver/template/login_body.html
+++ b/phpBB/styles/prosilver/template/login_body.html
@@ -1,5 +1,11 @@
+
+