Moved login procedure to a function enabling "inline" login links ... no more "messy" redirects ... install will be broken for now, at least when it comes to redirecting after completion. Moved "front-end" login to ucp.php

git-svn-id: file:///svn/phpbb/trunk@3650 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 14:18:52 +00:00 · 2003-03-17 00:53:38 +00:00 · 2003-03-17 00:53:38 +00:00 · e975227cff
commit e975227cff
parent 391c4bff08
10 changed files with 309 additions and 212 deletions
--- a/phpBB/adm/pagestart.php
+++ b/phpBB/adm/pagestart.php
@ -32,6 +32,13 @@ require_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
 // Start session management
 $user->start($update);
 $user->setup();
 // Did user forget to login? Give 'em a chance to here ...
 if ($user->data['user_id'] == ANONYMOUS)
 {
 	login_box("index.$phpEx$SID", '', $user->lang['LOGIN_ADMIN']);
 }
 $auth->acl($user->data);
 // End session management
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -444,7 +444,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
 					'META' => '<meta http-equiv="refresh" content="3;url=' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">')
 				);
-				$message = $user->lang['No_longer_watching_' . $mode] . '<br /><br />' . sprintf($user->lang['Click_return_' . $mode], '<a href="' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">', '</a>');
+				$message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">', '</a>');
 				trigger_error($message);
 			}
 			else
@ -478,7 +478,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
 					'META' => '<meta http-equiv="refresh" content="3;url=' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">')
 				);
-				$message = $user->lang['You_are_watching_' . $mode] . '<br /><br />' . sprintf($user->lang['Click_return_' . $mode], '<a href="' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">', '</a>');
+				$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&amp;" . $u_url . "=$match_id&amp;start=$start" . '">', '</a>');
 				trigger_error($message);
 			}
 			else
@ -493,7 +493,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
 		{
 			if ($_GET['unwatch'] == $mode)
 			{
-				redirect("login.$phpEx$SID&redirect=view$mode.$phpEx&" . $u_url . "=$match_id&unwatch=forum");
+				login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])));
 			}
 		}
 		else
@ -505,7 +505,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $mat
 	if ($can_watch)
 	{
-		$s_watching = ($is_watching) ? '<a href="' . "view$mode." . $phpEx . $SID . '&amp;' . $u_url . "=$match_id&amp;unwatch=$mode&amp;start=$start" . '">' . $user->lang['Stop_watching_' . $mode] . '</a>' : '<a href="' . "view$mode." . $phpEx . $SID . '&amp;' . $u_url . "=$match_id&amp;watch=$mode&amp;start=$start" . '">' . $user->lang['Start_watching_' . $mode] . '</a>';
+		$s_watching = ($is_watching) ? '<a href="' . "view$mode." . $phpEx . $SID . '&amp;' . $u_url . "=$match_id&amp;unwatch=$mode&amp;start=$start" . '">' . $user->lang['STOP_WATCHING_' . strtoupper($mode)] . '</a>' : '<a href="' . "view$mode." . $phpEx . $SID . '&amp;' . $u_url . "=$match_id&amp;watch=$mode&amp;start=$start" . '">' . $user->lang['START_WATCHING_' . strtoupper($mode)] . '</a>';
 	}
 	return;
@ -840,6 +840,56 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
 	return;
 }
 // Generate login box or verify password
 function login_box($s_action, $s_hidden_fields = '', $login_explain = '')
 {
 	global $SID, $db, $user, $template, $auth, $phpbb_root_path, $phpEx;
 	$err = '';
 	if (isset($_POST['login']))
 	{
 		$autologin = (!empty($_POST['autologin'])) ? TRUE : FALSE;
 		$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
 		if (($result = $auth->login($_POST['username'], $_POST['password'], $autologin, $viewonline)) === true)
 		{
 			return true;
 		}
 		// If we get a non-numeric (e.g. string) value we output an error
 		if (is_string($result))
 		{
 			trigger_error($result, E_USER_ERROR);
 		}
 		// If we get an integer zero then we are inactive, else the username/password is wrong
 		$err = ($result === 0) ? $user->lang['ACTIVE_ERROR'] :  $user->lang['LOGIN_ERROR'];
 	}
 	$template->assign_vars(array(
 		'LOGIN_ERROR'		=> $err, 
 		'LOGIN_EXPLAIN'		=> $login_explain, 
 		'U_SEND_PASSWORD' 	=> "ucp.$phpEx$SID&amp;mode=sendpassword",
 		'U_TERMS_USE'		=> "ucp.$phpEx$SID&amp;mode=terms", 
 		'U_PRIVACY'			=> "ucp.$phpEx$SID&amp;mode=privacy", 
 		'S_LOGIN_ACTION'	=> $s_action, 
 		'S_HIDDEN_FIELDS' 	=> $s_hidden_fields)
 	);
 	$page_title = $user->lang['LOGIN'];
 	include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 	$template->set_filenames(array(
 		'body' => 'login_body.html')
 	);
 	make_jumpbox('viewforum.'.$phpEx);
 	include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
 }
 // Error and message handler, call with trigger_error if reqd
 function msg_handler($errno, $msg_text, $errfile, $errline)
 {
--- a/phpBB/includes/page_header.php
+++ b/phpBB/includes/page_header.php
@ -38,12 +38,12 @@ if ($config['gzip_compress'])
 // Generate logged in/logged out status
 if ($user->data['user_id'] != ANONYMOUS)
 {
-	$u_login_logout = 'login.'.$phpEx. $SID . '&amp;logout=true';
+	$u_login_logout = 'ucp.'.$phpEx. $SID . '&amp;mode=logout';
 	$l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']);
 }
 else
 {
-	$u_login_logout = 'login.'.$phpEx . $SID;
+	$u_login_logout = 'ucp.'.$phpEx . $SID . '&amp;mode=login';
 	$l_login_logout = $user->lang['LOGIN'];
 }
@ -304,7 +304,6 @@ $template->assign_vars(array(
 	'S_CONTENT_ENCODING' 	=> $user->lang['ENCODING'],
 	'S_CONTENT_DIR_LEFT' 	=> $user->lang['LEFT'],
 	'S_CONTENT_DIR_RIGHT' 	=> $user->lang['RIGHT'],
 	'S_LOGIN_ACTION' 		=> 'login.'.$phpEx.$SID,
 	'S_TIMEZONE' 			=> ($user->data['user_dst']) ? sprintf($user->lang['All_times'], $user->lang[$tz], $user->lang['tz']['dst']) : sprintf($user->lang['All_times'], $user->lang[$tz], ''),
 	'T_STYLESHEET_DATA'	=> $user->theme['css_data'],
@ -312,6 +311,7 @@ $template->assign_vars(array(
 	'NAV_LINKS' => $nav_links_html)
 );
 //	'S_LOGIN_ACTION' 		=> 'login.'.$phpEx.$SID,
 /*if ($config['send_encoding'])
 {
--- a/phpBB/language/en/lang_admin.php
+++ b/phpBB/language/en/lang_admin.php
@ -22,6 +22,7 @@
 $lang = array_merge($lang, array(
 	'ADMIN_TITLE'	=> 'Administration Panel',
 	'ADMIN'			=> 'Administration',
 	'LOGIN_ADMIN'	=> 'You must be a registered, logged in user before attempting to administer the board.', 
 	'NO_ADMIN'		=> 'You are not authorised to administer this board.',
 	'NO_FRAMES'		=> 'Sorry, your browser does not support frames.',
 	'RETURN_TO'		=> 'Return to ...',
--- a/phpBB/language/en/lang_main.php
+++ b/phpBB/language/en/lang_main.php
@ -201,6 +201,11 @@ $lang = array(
 	'POST_TOPIC_LOCKED' => 'Topic is locked', 
 	'FOUND_USERS_TOTAL'	=> '%s Users', 
 	'FOUND_TOPIC_TOTAL'	=> '%s Topics', 
 	'FOUND_POSTS_TOTAL'	=> '%s Posts', 
 	'LOGIN'			=> 'Login',
 	'TERMS_USE'		=> 'Terms of Use', 
 	'PRIVACY'		=> 'Privacy Policy', 
@ -258,18 +263,20 @@ $lang = array(
 	'NO_POST'	=> 'The requested post does not exist.', 
 	'NO_USER'	=> 'The requested user does not exist.', 
 	'Stop_watching_forum' => 'Stop watching this forum',
 	'Start_watching_forum' => 'Watch this forum for new posts',
 	'No_longer_watching_forum' => 'You are no longer watching this forum',
 	'You_are_watching_forum' => 'You are now watching this forum',
-	'View_topic' => 'View topic',
+	'LOGIN_VIEWFORUM'	=> 'The board administrator requires you to be registered and logged in to view this forum.', 
 	'STOP_WATCHING_FORUM'	=> 'Stop watching this forum',
 	'START_WATCHING_FORUM'	=> 'Watch this forum for new posts',
 	'NOT_WATCHING_FORUM'	=> 'You are no longer watching this forum',
 	'ARE_WATCHING_FORUM'	=> 'You are now watching this forum',
 	'POST_SUBJECT' => 'Post subject',
 	'VIEW_TOPIC'			=> 'View topic',
 	'LOGIN_VIEWTOPIC'		=> 'The board administrator requires you to be registered and logged in to view this topic.', 
 	'PRINT_TOPIC'			=> 'Printable version',
 	'VIEW_NEXT_TOPIC'		=> 'View next topic',
 	'VIEW_PREVIOUS_TOPIC'	=> 'View previous topic',
 	'NO_NEWER_TOPICS'	=> 'There are no newer topics in this forum',
 	'NO_OLDER_TOPICS'	=> 'There are no older topics in this forum', 
 	'POST_IGNORE'		=> 'This post was made by <b>%1$s</b> who is on your ignore list. To display this post click %sHERE%s.', 
@ -279,6 +286,7 @@ $lang = array(
 	'ALL_POSTS'			=> 'All Posts',
 	'BACK_TO_TOP'		=> 'Back to top',
 	'POST_SUBJECT'		=> 'Post subject',
 	'READ_PROFILE'		=> 'Profile',
 	'SEND_EMAIL'		=> 'Email',
 	'VISIT_WEBSITE'		=> 'WWW',
@ -288,20 +296,19 @@ $lang = array(
 	'DELETE_POST'		=> 'Delete',
 	'DELETE_POST_WARN'	=> 'Once deleted the post cannot be recovered',
 	'REPORT_TO_ADMIN'	=> 'Report this post',
 	'EDITED_TIME_TOTAL'		=> 'Last edited by %1$s on %2$s, edited %3$d time in total',
 	'EDITED_TIMES_TOTAL'	=> 'Last edited by %1$s on %2$s, edited %3$d times in total',
 	'POST_BEEN_REPORTED'		=> 'This post has been reported',
 	'POST_NOT_BEEN_APPROVED'	=> 'This post has not been approved',
 	'TOPIC_BEEN_REPORTED'		=> 'This topic has been reported',
 	'TOPIC_NOT_BEEN_APPROVED'	=> 'This topic has not been approved',
 	'APPROVE_POST'				=> 'Approve this post',
 	'READ_REPORTS'				=> 'Read post reports',
-	'wrote' => 'wrote',
+	'WROTE'	=> 'wrote',
-	'Quote' => 'Quote',
+	'QUOTE'	=> 'Quote',
-	'Code' => 'Code',
+	'CODE'	=> 'Code',
 	'EDITED_TIME_TOTAL' => 'Last edited by %1$s on %2$s, edited %3$d time in total',
 	'EDITED_TIMES_TOTAL' => 'Last edited by %1$s on %2$s, edited %3$d times in total',
 	'QUICK_MOD' => 'Quick-mod tools',
 	'LOCK_TOPIC' => 'Lock topic',
@ -312,12 +319,12 @@ $lang = array(
 	'MERGE_TOPIC' => 'Merge topic',
 	'CHANGE_TOPIC_TYPE'	=> 'Change topic type to: ',
-	'Stop_watching_topic' => 'Stop watching this topic',
+	'STOP_WATCHING_TOPIC'	=> 'Stop watching this topic',
-	'Start_watching_topic' => 'Watch this topic for replies',
+	'START_WATCHING_TOPIC'	=> 'Watch this topic for replies',
-	'No_longer_watching_topic' => 'You are no longer watching this topic',
+	'NOT_WATCHING_TOPIC'	=> 'You are no longer watching this topic',
-	'You_are_watching_topic' => 'You are now watching this topic',
+	'NOW_WATCHING_TOPIC'	=> 'You are now watching this topic',
-	'Total_votes' => 'Total Votes',
+	'TOTAL_VOTES'	=> 'Total Votes',
 	'VIEW_RESULTS'	=> 'View Results',
@ -624,6 +631,7 @@ $lang = array(
 	'NO_MEMBERS'	=> 'No members found for this search criteria', 
 	'SEND_MESSAGE'	=> 'Message', 
 	'POST_IP'		=> 'Posted from IP/domain', 
 	'LAST_ACTIVE'	=> 'Last active', 
 	'SELECT_SORT_METHOD'=> 'Select sort method',
 	'SORT'				=> 'Sort',
 	'ORDER'				=> 'Order',
@ -735,7 +743,7 @@ $lang = array(
 	'Search_author' => 'Search for Author',
 	'Search_author_explain' => 'Use * as a wildcard for partial matches',
 	'Last_active' => 'Last active',
-	'Select_marked' => 'Select Marked',
+	'SELECT_MARKED' => 'Select Marked',
 	'Search_for_any' => 'Search for any terms or use query as entered',
 	'Search_for_all' => 'Search for all terms',
 	'Search_title_msg' => 'Search topic title and message text',
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -28,45 +28,43 @@ include($phpbb_root_path . 'common.'.$phpEx);
 $user->start();
 $user->setup();
 $auth->acl($user->data);
 // End session management
 // Grab data
-$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : '';
+$mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : '';
 $user_id = (isset($_GET['u'])) ? intval($_GET['u']) : ANONYMOUS;
 // Can this user view profiles/memberslist?
 if (!$auth->acl_gets('u_viewprofile', 'a_'))
 {
-	if ($user->data['user_id'] == ANONYMOUS)
+	if ($user->data['user_id'] != ANONYMOUS)
 	{
 		redirect("login.$phpEx$SID&redirect=memberlist&mode=$mode&u=$user_id");
 	}
 		trigger_error($user->lang['NO_VIEW_USERS']);
 	}
 	login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])));
 }
 $start = (isset($_GET['start'])) ? intval($_GET['start']) : 0;
-$form = (!empty($_GET['form'])) ? $_GET['form'] : 0;
+$form = (!empty($_GET['form'])) ? htmlspecialchars($_GET['form']) : 0;
-$field = (isset($_GET['field'])) ? $_GET['field'] : 'username';
+$field = (isset($_GET['field'])) ? htmlspecialchars($_GET['field']) : 'username';
 $sort_key = (!empty($_REQUEST['sk'])) ? htmlspecialchars($_REQUEST['sk']) : 'c';
 $sort_dir = (!empty($_REQUEST['sd'])) ? htmlspecialchars($_REQUEST['sd']) : 'a';
-$username = (!empty($_REQUEST['username'])) ? trim($_REQUEST['username']) : '';
+$username = (!empty($_REQUEST['username'])) ? trim(htmlspecialchars($_REQUEST['username'])) : '';
-$email = (!empty($_REQUEST['email'])) ? trim($_REQUEST['email']) : '';
+$email = (!empty($_REQUEST['email'])) ? trim(htmlspecialchars($_REQUEST['email'])) : '';
-$icq = (!empty($_REQUEST['icq'])) ? intval($_REQUEST['icq']) : '';
+$icq = (!empty($_REQUEST['icq'])) ? intval(htmlspecialchars($_REQUEST['icq'])) : '';
-$aim = (!empty($_REQUEST['aim'])) ? trim($_REQUEST['aim']) : '';
+$aim = (!empty($_REQUEST['aim'])) ? trim(htmlspecialchars($_REQUEST['aim'])) : '';
-$yahoo = (!empty($_REQUEST['yahoo'])) ? trim($_REQUEST['yahoo']) : '';
+$yahoo = (!empty($_REQUEST['yahoo'])) ? trim(htmlspecialchars($_REQUEST['yahoo'])) : '';
-$msn = (!empty($_REQUEST['msn'])) ? trim($_REQUEST['msn']) : '';
+$msn = (!empty($_REQUEST['msn'])) ? trim(htmlspecialchars($_REQUEST['msn'])) : '';
-$joined_select = (!empty($_REQUEST['joined_select'])) ? $_REQUEST['joined_select'] : 'lt';
+$joined_select = (!empty($_REQUEST['joined_select'])) ? htmlspecialchars($_REQUEST['joined_select']) : 'lt';
-$active_select = (!empty($_REQUEST['active_select'])) ? $_REQUEST['active_select'] : 'lt';
+$active_select = (!empty($_REQUEST['active_select'])) ? htmlspecialchars($_REQUEST['active_select']) : 'lt';
-$count_select = (!empty($_REQUEST['count_select'])) ? $_REQUEST['count_select'] : 'eq';
+$count_select = (!empty($_REQUEST['count_select'])) ? htmlspecialchars($_REQUEST['count_select']) : 'eq';
-$joined = (!empty($_REQUEST['joined'])) ? explode('-', trim($_REQUEST['joined'])) : array();
+$joined = (!empty($_REQUEST['joined'])) ? explode('-', trim(htmlspecialchars($_REQUEST['joined']))) : array();
-$active = (!empty($_REQUEST['active'])) ? explode('-', trim($_REQUEST['active'])) : array();
+$active = (!empty($_REQUEST['active'])) ? explode('-', trim(htmlspecialchars($_REQUEST['active']))) : array();
 $count = (!empty($_REQUEST['count'])) ? intval($_REQUEST['count']) : '';
-$ipdomain = (!empty($_REQUEST['ip'])) ? trim($_REQUEST['ip']) : '';
+$ipdomain = (!empty($_REQUEST['ip'])) ? trim(htmlspecialchars($_REQUEST['ip'])) : '';
 // Grab rank information for later
 $sql = "SELECT * 
@ -81,9 +79,13 @@ while ($row = $db->sql_fetchrow($result))
 }
 $db->sql_freeresult($result);
-
+// What do you want to do today? ... oops, I think that line is taken ...
 switch ($mode)
 {
 	case 'leaders':
 		// Display a listing of board admins, moderators
 		break;
 	case 'viewprofile':
 		// Display a profile
 		$page_title = sprintf($user->lang['VIEWING_PROFILE'], $row['username']);
@ -145,6 +147,7 @@ switch ($mode)
 		$active_t_row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		// We left join on the session table to see if the user is currently online
 		$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_lastvisit, MAX(session_time) AS session_time  
 			FROM " . USERS_TABLE . " 
 			LEFT JOIN " . SESSIONS_TABLE . " ON session_user_id = user_id 
@ -219,7 +222,7 @@ switch ($mode)
 			trigger_error($user->lang['NO_USER']);
 		}
-		if (empty($config['board_email_form']) || empty($config['email_enable']) || !$auth->acl_gets('u_sendemail', 'a_'))
+		if (empty($config['board_email_form']) || empty($config['email_enable']) || !$auth->acl_gets('u_sendemail', 'a_user'))
 		{
 			trigger_error($user->lang['NO_EMAIL']);
 		}
@ -237,7 +240,7 @@ switch ($mode)
 		}
 		// Can we send email to this user?
-		if (empty($row['user_viewemail']) && !$auth->acl_get('a_'))
+		if (empty($row['user_viewemail']) && !$auth->acl_get('a_user'))
 		{
 			trigger_error($user->lang['NO_EMAIL']);
 		}
@ -340,21 +343,19 @@ switch ($mode)
 		$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
-		$s_sort_key = '<select name="sk">';
+		$s_sort_key = '';
 		foreach ($sort_key_text as $key => $value)
 		{
 			$selected = ($sort_key == $key) ? ' selected="selected"' : '';
 			$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
 		}
 		$s_sort_key .= '</select>';
-		$s_sort_dir = '<select name="sd">';
+		$s_sort_dir = '';
 		foreach ($sort_dir_text as $key => $value)
 		{
 			$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
 			$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
 		}
 		$s_sort_dir .= '</select>';
 		// Additional sorting options for user search
 		$where_sql = '';
@ -440,11 +441,22 @@ switch ($mode)
 		$total_users = ($row = $db->sql_fetchrow($result)) ? $row['total_users'] : 0;
 		// Pagination string
-		$pagination_url = ($mode == 'searchuser') ? "memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=$form&amp;field=$field&amp;username=" . urlencode($username) . "&amp;email=" . urlencode($email) . "&amp;icq=$icq&amp;aim=" . urlencode($aim) . "&amp;yahoo=" . urlencode($yahoo) . "&amp;msn=" . urlencode($msn) . "&amp;joined=" . urlencode(implode('-', $joined)) . "&amp;active=" . urlencode(implode('-', $active)) . "&amp;count=$count&amp;ip=" . urlencode($ipdomain)  . "&amp;sd=$sort_dir&amp;sk=$sort_key&amp;joined_select=$joined_select&amp;active_select=$active_select&amp;count_select=$count_select" : "memberlist.$phpEx$SID&amp;mode=$mode&amp;sk=$sort_key&amp;sd=$sort_dir";
+		$pagination_url = "memberlist.$phpEx$SID&amp;mode=$mode";
 		// Some search user specific data
 		if ($mode == 'searchuser')
 		{
 			// Build a relevant pagination_url
 			$global_var = (isset($_POST['submit'])) ? '_POST' : '_GET';
 			foreach ($$global_var as $key => $var)
 			{
 				if (in_array($key, array('submit', 'start', 'mode')) || $var == '')
 				{
 					continue;
 				}
 				$pagination_url .= '&amp;' . $key . '=' . urlencode($var);
 			}
 			$template->assign_vars(array(
 				'USERNAME'	=> $username,
 				'EMAIL'		=> $email,
@ -487,6 +499,7 @@ switch ($mode)
 		$sql = "SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_rank, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_lastvisit
 			FROM " . USERS_TABLE . " 
 			WHERE user_id <> " . ANONYMOUS . " 
 				$where_sql 
 			ORDER BY $order_by 
 			LIMIT $start, " . $config['topics_per_page'];
 		$result = $db->sql_query($sql);
@ -515,6 +528,7 @@ switch ($mode)
 	$template->assign_vars(array(
 		'PAGINATION' 	=> generate_pagination($pagination_url, $total_users, $config['topics_per_page'], $start),
 		'PAGE_NUMBER' 	=> on_page($total_users, $config['topics_per_page'], $start), 
 		'TOTAL_USERS'	=> sprintf($user->lang['FOUND_USERS_TOTAL'], $total_users), 
 		'U_FIND_MEMBER'		=> "memberlist.$phpEx$SID&amp;mode=searchuser", 
 		'U_SORT_USERNAME'	=> "memberlist.$phpEx$SID&amp;sk=a&amp;sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), 
--- a/phpBB/templates/subSilver/login_body.html
+++ b/phpBB/templates/subSilver/login_body.html
@ -11,11 +11,18 @@
 	<tr> 
 		<th height="25">{L_LOGIN}</th>
 	</tr>
 	<!-- IF LOGIN_EXPLAIN neq '' -->
 	<tr>
-		<td class="row3" align="center"><span class="gensmall"><a href="{U_TERMS_USE}">{L_TERMS_USE}</a> &nbsp;<a href="{U_PRIVACY}">{L_PRIVACY}</a></span></td>
+		<td class="row3" align="center"><span class="gensmall">{LOGIN_EXPLAIN}</td>
 	</tr>
 	<!-- ENDIF -->
 	<tr> 
 		<td class="row1" align="center"><table cellspacing="1" cellpadding="2" border="0">
 			<!-- IF LOGIN_ERROR neq '' -->
 			<tr>
 				<td class="gensmall" colspan="2" align="center"><span style="color:red">{LOGIN_ERROR}</span></td>
 			</tr>
 			<!-- ENDIF -->
 			<tr> 
 				<td><b class="gensmall">{L_USERNAME}:</b></td>
 				<td><input class="post" type="text" name="username" size="25" maxlength="40" value="{USERNAME}" /><br /><a class="gensmall" href="{U_REGISTER}">{L_REGISTER}</a></td>
@ -32,6 +39,9 @@
 				<td>&nbsp;</td>
 				<td><input type="checkbox" name="viewonline" /> <span class="gensmall">{L_HIDE_ME}</span></td>
 			</tr>
 			<tr>
 				<td colspan="2" align="center"><span class="gensmall"><a href="{U_TERMS_USE}">{L_TERMS_USE}</a> | <a href="{U_PRIVACY}">{L_PRIVACY}</a></span></td>
 			</tr>
 		</table></td>
 	</tr>
 	<tr> 
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@ -69,87 +69,99 @@ include($phpbb_root_path . 'common.'.$phpEx);
 $user->start();
 $user->setup();
 $auth->acl($user->data);
 // End session management
 // -----------------------
 // Page specific functions
 //
-if($_GET['mode'] || $_POST['mode'])
+if (!empty($_REQUEST['mode']))
 {
-	$mode = (!empty($_GET['mode'])) ? $_GET['mode'] : $_POST['mode'];
+	$mode = $_REQUEST['mode'];
-	if($mode == 'viewprofile')
+	switch ($mode)
 	{
 		include($phpbb_root_path . 'ucp/usercp_viewprofile.'.$phpEx);
 		exit;
 	}
 	else if($mode == 'activate')
 	{
 		case 'activate':
 			include($phpbb_root_path . 'ucp/usercp_activate.'.$phpEx);
-	}
+			break;
-	else if($mode == 'register')
+
-	{
+		case 'register':
 			if ($user->data['user_id'] != ANONYMOUS)
 			{
 				redirect("index.$phpEx$SID");
 			}
 		else
 		{
 			include($phpbb_root_path . 'ucp/usercp_register.'.$phpEx);
-			exit;
+			break;
 		case 'login':
 			if ($user->data['user_id'] != ANONYMOUS)
 			{
 				redirect("index.$phpEx$SID");
 			}
 			define('IN_LOGIN', true);
 			login_box("ucp.$phpEx$SID&amp;mode=login");
 			redirect("index.$phpEx$SID");
 			break;
 		case 'logout':
 			if ($user->data['user_id'] != ANONYMOUS)
 			{
 				$user->destroy();
 			}
 			redirect("index.$phpEx$SID");
 			break;
 	}
 }
 // Database based module handing
 $selected_module = ($_GET['module_id']) ? $_GET['module_id'] : $_POST['module_id'];
 $sql = "SELECT module_id, module_name, module_filename FROM " . UCP_MODULES_TABLE . " ORDER BY module_order";
 // Some basic template vars
 $template->assign_vars(array(
 	'UCP_WELCOME_MSG'	=> $user->lang['UCP_WELCOME_MESSAGE'])
 );
 // Word censors $censors['match'] & $censors['replace']
 $censors = array();
 obtain_word_list($censors);
 // "Home" module
 $template->assign_block_vars('ucp_sections', array(
 	'U_SECTION'	=> "ucp.$phpEx$SID",
 	'SECTION'	=> $user->lang['UCP_Main'])
 );
 // Grab the other enabled UCP modules
 $selected_module = (!empty($_REQUEST['module_id'])) ? $_REQUEST['module_id'] : '';
 $sql = "SELECT module_id, module_name, module_filename 
 	FROM " . UCP_MODULES_TABLE . " 
 	ORDER BY module_order";
 $result = $db->sql_query($sql);
-$rowset = $db->sql_fetchrowset($result);
+while ($row = $db->sql_fetchrow($result))
 // Default UCP link
 $template->assign_block_vars('ucp_sections', array('U_SECTION' => "ucp.$phpEx$SID",
 	'SECTION' => $user->lang['UCP_Main']));
 foreach($rowset as $section)
 {
-	$template->assign_block_vars('ucp_sections', array('U_SECTION' => "ucp.$phpEx$SID&amp;module_id=" . $section['module_id'] ,
+	$template->assign_block_vars('ucp_sections', array(
-		'SECTION' => $section['module_name']));
+		'U_SECTION'	=> "ucp.$phpEx$SID&amp;module_id=" . $row['module_id'],
 		'SECTION'	=> $row['module_name'])
 	);
-	if($section['module_id'] == $selected_module)
+	if ($row['module_id'] == $selected_module)
 	{
-		$module_to_include = $section['module_filename'] . "." . $phpEx;
+		$module_to_include = $row['module_filename'] . '.' . $phpEx;
 		include($phpbb_root_path . $module_to_include);
 	}
 }
 $db->sql_freeresult($result);
 $page_title = $user->lang['User_control_panel'] . ' - ' . $this_section;
 include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 // Setup word censor
 $orig_word = array();
 $replacement_word = array();
 obtain_word_list($orig_word, $replacement_word);
 $template->assign_vars(array('L_SUBSCRIBED_TOPICS' => $user->lang['SUBSCRIBED_TOPICS'],
 	'L_SUBSCRIBED_FORUMS' => $user->lang['SUBSCRIBED_FORUMS'],
 	'L_WELCOME_USERCP' => $user->lang['WELCOME_USERCP'],
 	'UCP_WELCOME_MSG' => $user->lang['UCP_WELCOME_MESSAGE'],
 	'L_ONLINE_BUDDIES' => $user->lang['ONLINE_BUDDIES'],
 	'L_UNREAD_PM' => $user->lang['UNREAD_PM']));
 //
 // Subscribed Topics
-//
+$sql = "SELECT tw.topic_id, t.topic_title, t.topic_last_post_time, t.poll_start, t.topic_replies, t.topic_type, t.forum_id 
-$sql = "SELECT tw.topic_id, t.topic_title, t.topic_last_post_time, t.poll_start, t.topic_replies, t.topic_type, t.forum_id FROM " . TOPICS_TABLE . " t, " . TOPICS_WATCH_TABLE . " tw
+	FROM " . TOPICS_TABLE . " t, " . TOPICS_WATCH_TABLE . " tw
-	WHERE t.topic_id = tw.topic_id AND tw.user_id = " . $user->data['user_id'] . " ORDER BY t.topic_last_post_time DESC";
+	WHERE t.topic_id = tw.topic_id 
-
+		AND tw.user_id = " . $user->data['user_id'] . " 
 	ORDER BY t.topic_last_post_time DESC";
 $result = $db->sql_query($sql);
 $topic_count = 0;
@ -166,15 +178,18 @@ while($row = $db->sql_fetchrow($result))
 			$folder = 'folder_announce';
 			$folder_new = 'folder_announce_new';
 			break;
 		case POST_STICKY:
 			$topic_type = $user->lang['Topic_Sticky'] . ' ';
 			$folder = 'folder_sticky';
 			$folder_new = 'folder_sticky_new';
 			break;
 		case ITEM_LOCKED:
 			$folder = 'folder_locked';
 			$folder_new = 'folder_locked_new';
 			break;
 		default:
 			if ($replies >= intval($config['hot_threshold']))
 			{
@ -200,34 +215,34 @@ while($row = $db->sql_fetchrow($result))
 	$folder_alt = ($unread_topic) ? 'New_posts' : (($row['topic_status'] == ITEM_LOCKED) ? 'Topic_locked' : 'No_new_posts');
 	$view_topic_url = 'viewtopic.' . $phpEx . $SID . '&amp;f=' . $forum_id . '&amp;t=' . $topic_id;
 	// Needs to be handled within this code rather than going out of UCP
 	$unsubscribe_img = '<a href="viewtopic.' . $phpEx . $SID . '&amp;t=' . $topic_id . '&amp;unwatch=topic">' . $user->img('icon_delete', 'Stop_watching_topic', FALSE) . '</a>';
-	$template->assign_block_vars('subscribed_topics', array('TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt),
+	$template->assign_block_vars('subscribed_topics', array(
 		'TOPIC_FOLDER_IMG'	=> $user->img($folder_img, $folder_alt),
 		'NEWEST_POST_IMG'	=> $newest_post_img,
 		'TOPIC_TITLE' => (count($orig_word)) ? preg_replace($orig_word, $replacement_word, $row['topic_title']) : $row['topic_title'],
 		'UNSUBSCRIBE_IMG'	=> $unsubscribe_img,	
 		'TOPIC_TITLE'	=> (!empty($censors)) ? preg_replace($censors['match'], $censors['replace'], $row['topic_title']) : $row['topic_title'],
 		'U_TOPIC'	=> $view_topic_url)
 	);
 }
 $db->sql_freeresult($result);
 // 
 // End Subscribed Topics
 //
 //
 // Subscribed Forums
-//
+$sql = "SELECT f.forum_id, f.forum_last_post_time, f.forum_last_post_id, f.left_id, f.right_id, f.forum_status, f.forum_name, f.forum_desc 
-$sql = "SELECT f.forum_id, f.forum_last_post_time, f.forum_last_post_id, f.left_id, f.right_id, f.forum_status, f.forum_name, f.forum_desc FROM " . FORUMS_TABLE . " f, " . FORUMS_WATCH_TABLE . " fw
+	FROM " . FORUMS_TABLE . " f, " . FORUMS_WATCH_TABLE . " fw
-	WHERE f.forum_id = fw.forum_id AND fw.user_id = " . $user->data['user_id'] . " ORDER BY f.forum_last_post_time DESC";
+	WHERE f.forum_id = fw.forum_id 
-
+		AND fw.user_id = " . $user->data['user_id'] . " 
 	ORDER BY f.forum_last_post_time DESC";
 $result = $db->sql_query($sql);
 while ($row = $db->sql_fetchrow($result))
 {
 	$forum_id = $row['forum_id'];
 	$unread_topics = ($user->data['user_id'] && $row['forum_last_post_time'] > $user->data['user_lastvisit']) ? TRUE : FALSE;
@ -252,47 +267,41 @@ while($row = $db->sql_fetchrow($result))
 	}
 	$last_post = '<a href="viewtopic.' . $phpEx . $SID . '&amp;f=' . $row['forum_id'] . '&amp;p=' . $row['forum_last_post_id'] . '#' . $row['forum_last_post_id'] . '">' . $user->img('goto_post_latest', 'View_latest_post') . '</a>';
 	// Needs to be handled within this code rather than going out of UCP
 	$unsubscribe_img = '<a href="viewforum.' . $phpEx . $SID . '&amp;f=' . $forum_id . '&amp;unwatch=forum">' . $user->img('icon_delete', 'Stop_watching_forum', FALSE) . '</a>';	
-	$template->assign_block_vars('subscribed_forums', array('FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt),
+	$template->assign_block_vars('subscribed_forums', array(
 		'FORUM_FOLDER_IMG'		=> $user->img($folder_image, $folder_alt),
 		'NEWEST_FORUM_POST_IMG' => $last_post,
 		'FORUM_NAME' => $row['forum_name'],
 		'UNSUBSCRIBE_IMG'		=> $unsubscribe_img,
 		'FORUM_NAME'	=> $row['forum_name'],
 		'U_FORUM'	=> 'viewforum.' . $phpEx . $SID . '&amp;f=' . $row['forum_id'])
 	);
 }
-
+$db->sql_freeresult($result);
 //
 // End Subscribed forums
 //
-//
+
 // Buddy List
 //
 //
 // End Buddy List
 //
 //
 // Private Messages
 //
 // 
 // End Private Messages
 //
 // Output the page
 $page_title = $user->lang['User_control_panel'] . ' - ' . $this_section;
 include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 $template->set_filenames(array(
-	'body' => 'usercp_main.html'
+	'body' => 'usercp_main.html')
-));
+);
 include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@ -103,12 +103,12 @@ $auth->acl($user->data, $forum_id);
 // Permissions check
 if (!$auth->acl_gets('f_read', 'm_', 'a_', $forum_id))
 {
-	if ($user->data['user_id'] == ANONYMOUS)
+	if ($user->data['user_id'] != ANONYMOUS)
 	{
-		redirect("login.$phpEx$SID&redirect=viewforum.$phpEx&f=$forum_id" . ((isset($start)) ? "&start=$start" : ''));
+		trigger_error('SORRY_AUTH_READ');
 	}
-	trigger_error('SORRY_AUTH_READ');
+	login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])), '', $user->lang['LOGIN_VIEWFORUM']);
 }
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -173,14 +173,12 @@ extract($topic_data);
 // Start auth check
 if (!$auth->acl_gets('f_read', 'm_', 'a_', $forum_id))
 {
-	if ($user->data['user_id'] == ANONYMOUS)
+	if ($user->data['user_id'] != ANONYMOUS)
 	{
-		$redirect = (isset($post_id)) ? "p=$post_id" : "t=$topic_id";
+		trigger_error($user->lang['SORRY_AUTH_READ']);
 		$redirect .= (isset($start)) ? "&start=$start" : '';
 		redirect('login.' . $phpEx . $SID . '&redirect=viewtopic.' . $phpEx . '&' . $redirect);
 	}
-	trigger_error($user->lang['SORRY_AUTH_READ']);
+	login_box(preg_replace('#.*?([a-z]+?\.' . $phpEx . '.*?)$#i', '\1', htmlspecialchars($_SERVER['REQUEST_URI'])), '', $user->lang['LOGIN_VIEWFORUM']);
 }