Merge commit 'release-3.0-B2'

2025-06-28 06:08:52 +00:00 · 2010-03-02 01:05:33 +01:00 · 2010-03-02 01:05:33 +01:00 · ee82970d96
commit ee82970d96
parent c9f68f0b5c 108312d52a
306 changed files with 19065 additions and 10043 deletions
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@ -11,6 +11,7 @@
 /**
 */
 define('IN_PHPBB', 1);
 define('ADMIN_START', 1);
 define('NEED_SID', true);
 // Include files
@ -151,7 +152,7 @@ function adm_page_header($page_title)
 	{
 		header('Content-type: text/html; charset: ' . $user->lang['ENCODING']);
 	}
-	header('Cache-Control: private, no-cache="set-cookie", pre-check=0, post-check=0');
+	header('Cache-Control: private, no-cache="set-cookie"');
 	header('Expires: 0');
 	header('Pragma: no-cache');
@ -205,14 +206,7 @@ function adm_page_footer($copyright_html = true)
 	$template->display('body');
-	// Unload cache, must be done before the DB connection if closed
+	garbage_collection();
 	if (!empty($cache))
 	{
 		$cache->unload();
 	}
 	// Close our DB connection.
 	$db->sql_close();
 	exit;
 }
--- a/phpBB/adm/style/acp_bbcodes.html
+++ b/phpBB/adm/style/acp_bbcodes.html
@ -30,6 +30,15 @@
 	</dl>
 	</fieldset>
 	<fieldset>
 		<legend>{L_BBCODE_HELPLINE}</legend>
 		<p>{L_BBCODE_HELPLINE_EXPLAIN}</p>
 	<dl>
 		<dt><label for="bbcode_helpline">{L_BBCODE_HELPLINE_TEXT}</label></dt>
 		<dd><input type="text" id="bbcode_helpline" name="bbcode_helpline" size="60" maxlength="255" value="{BBCODE_HELPLINE}" /></dd>
 	</dl>
 	</fieldset>
 	<fieldset>
 		<legend>{L_SETTINGS}</legend>
 	<dl>
@ -45,7 +54,7 @@
 	<br />
-	<table cellspacing="1">
+	<table cellspacing="1" id="down">
 	<thead>
 	<tr>
 		<th colspan="2">{L_TOKENS}</th>
@ -76,7 +85,7 @@
 	<p>{L_ACP_BBCODES_EXPLAIN}</p>
-	<table cellspacing="1">
+	<table cellspacing="1" id="down">
 	<thead>
 	<tr>
 		<th>{L_BBCODE_TAG}</th>
--- a/phpBB/adm/style/acp_captcha.html
+++ b/phpBB/adm/style/acp_captcha.html
@ -0,0 +1,122 @@
 <!-- INCLUDE overall_header.html -->
 <a name="maincontent"></a>
 <h1>{L_ACP_VC_SETTINGS}</h1>
 <p>{L_ACP_VC_SETTINGS_EXPLAIN}</p>
 <form id="acp_captcha" method="post" action="{U_ACTION}">
 <fieldset>
 	<legend>{L_GENERAL_OPTIONS}</legend>
 <dl>
 	<dt><label for="enable_confirm">{L_VISUAL_CONFIRM_REG}:</label><br /><span>{L_VISUAL_CONFIRM_REG_EXPLAIN}</span></dt>
 	<dd><input type="radio" class="radio" id="enable_confirm" name="enable_confirm" value="1"<!-- IF REG_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_ENABLED}&nbsp; &nbsp;<input type="radio" class="radio" name="enable_confirm" value="0"<!-- IF not REG_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_DISABLED}</dd>
 </dl>
 <dl>
 	<dt><label for="enable_post_confirm">{L_VISUAL_CONFIRM_POST}:</label><br /><span>{L_VISUAL_CONFIRM_POST_EXPLAIN}</span></dt>
 	<dd><input type="radio" class="radio" id="enable_post_confirm" name="enable_post_confirm" value="1"<!-- IF POST_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_ENABLED}&nbsp; &nbsp;<input type="radio" class="radio" name="enable_post_confirm" value="0"<!-- IF not POST_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_DISABLED}</dd>
 </dl>
 </fieldset>
 <!-- IF GD -->
 <fieldset>
 	<legend>{L_CAPTCHA_OVERLAP}</legend>
 <!-- IF TTF -->
 <dl>
 	<dt><label for="policy_overlap">{L_CAPTCHA_OVERLAP}:</label><br /><span>{U_POLICY_OVERLAP}</span></dt>
 	<dd><input id="policy_overlap" name="policy_overlap" value="1" class="radio" type="radio"<!-- IF OVERLAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_overlap" value="0" class="radio" type="radio"<!-- IF not OVERLAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 <dl>
 	<dt><label for="policy_overlap_noise_pixel">{L_OVERLAP_NOISE_PIXEL}:</label></dt>
 	<select id="policy_overlap_noise_pixel" name="policy_overlap_noise_pixel"><option value="0"<!-- IF OVERLAP_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF OVERLAP_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF OVERLAP_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF OVERLAP_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
 </dl>
 <dl>
 	<dt><label for="policy_overlap_noise_line">{L_OVERLAP_NOISE_LINE}:</label></dt>
 	<dd><input id="policy_overlap_noise_line" name="policy_overlap_noise_line" value="1" class="radio" type="radio"<!-- IF OVERLAP_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_overlap_noise_line" value="0" class="radio" type="radio"<!-- IF not OVERLAP_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 </fieldset>
 <!-- ENDIF -->
 <fieldset>
 	<legend>{L_CAPTCHA_ENTROPY}</legend>
 <dl>
 	<dt><label for="policy_entropy">{L_CAPTCHA_ENTROPY}:</label><br /><span>{U_POLICY_ENTROPY}</span></dt>
 	<dd><input id="policy_entropy" name="policy_entropy" value="1" class="radio" type="radio"<!-- IF ENTROPY_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_entropy" value="0" class="radio" type="radio"<!-- IF not ENTROPY_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 <dl>
 	<dt><label for="policy_entropy_noise_pixel">{L_ENTROPY_NOISE_PIXEL}:</label></dt>
 	<select id="policy_entropy_noise_pixel" name="policy_entropy_noise_pixel"><option value="0"<!-- IF ENTROPY_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF ENTROPY_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF ENTROPY_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF ENTROPY_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
 </dl>
 <dl>
 	<dt><label for="policy_entropy_noise_line">{L_ENTROPY_NOISE_LINE}:</label></dt>
 	<dd><input id="policy_entropy_noise_line" name="policy_entropy_noise_line" value="1" class="radio" type="radio"<!-- IF ENTROPY_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_entropy_noise_line" value="0" class="radio" type="radio"<!-- IF not ENTROPY_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 </fieldset>
 <!-- IF TTF -->
 <fieldset>
 	<legend>{L_CAPTCHA_SHAPE}</legend>
 <dl>
 	<dt><label for="policy_shape">{L_CAPTCHA_SHAPE}:</label><br /><span>{U_POLICY_SHAPE}</span></dt>
 	<dd><input id="policy_shape" name="policy_shape" value="1" class="radio" type="radio"<!-- IF SHAPE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_shape" value="0" class="radio" type="radio"<!-- IF not SHAPE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 <dl>
 	<dt><label for="policy_shape_noise_pixel">{L_SHAPE_NOISE_PIXEL}:</label></dt>
 	<select id="policy_shape_noise_pixel" name="policy_shape_noise_pixel"><option value="0"<!-- IF SHAPE_NOISE_PIXEL eq '0' --> selected="selected"<!-- ENDIF -->>{L_NO_NOISE}</option><option value="1"<!-- IF SHAPE_NOISE_PIXEL eq '1' --> selected="selected"<!-- ENDIF -->>{L_LIGHT}</option><option value="2"<!-- IF SHAPE_NOISE_PIXEL eq '2' --> selected="selected"<!-- ENDIF -->>{L_MEDIUM}</option><option value="3"<!-- IF SHAPE_NOISE_PIXEL eq '3' --> selected="selected"<!-- ENDIF -->>{L_HEAVY}</option></select></dd>
 </dl>
 <dl>
 	<dt><label for="policy_shape_noise_line">{L_SHAPE_NOISE_LINE}:</label></dt>
 	<dd><input id="policy_shape_noise_line" name="policy_shape_noise_line" value="1" class="radio" type="radio"<!-- IF SHAPE_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_shape_noise_line" value="0" class="radio" type="radio"<!-- IF not SHAPE_NOISE_LINE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 </fieldset>
 <!-- ENDIF -->
 <fieldset>
 	<legend>{L_CAPTCHA_3DBITMAP}</legend>
 <dl>
 	<dt><label for="policy_3dbitmap">{L_CAPTCHA_3DBITMAP}:</label><br /><span>{U_POLICY_3DBITMAP}</span></dt>
 	<dd><input id="policy_3dbitmap" name="policy_3dbitmap" value="1" class="radio" type="radio"<!-- IF THREEDBITMAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_3dbitmap" value="0" class="radio" type="radio"<!-- IF not THREEDBITMAP_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 </fieldset>
 <!-- IF TTF -->
 <fieldset>
 	<legend>{L_CAPTCHA_CELLS}</legend>
 <dl>
 	<dt><label for="policy_cells">{L_CAPTCHA_CELLS}:</label><br /><span>{U_POLICY_CELLS}</span></dt>
 	<dd><input id="policy_cells" name="policy_cells" value="1" class="radio" type="radio"<!-- IF CELLS_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_cells" value="0" class="radio" type="radio"<!-- IF not CELLS_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 </fieldset>
 <fieldset>
 	<legend>{L_CAPTCHA_STENCIL}</legend>
 <dl>
 	<dt><label for="policy_stencil">{L_CAPTCHA_STENCIL}:</label><br /><span>{U_POLICY_STENCIL}</span></dt>
 	<dd><input id="policy_stencil" name="policy_stencil" value="1" class="radio" type="radio"<!-- IF STENCIL_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_stencil" value="0" class="radio" type="radio"<!-- IF not STENCIL_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 </fieldset>
 <fieldset>
 	<legend>{L_CAPTCHA_COMPOSITE}</legend>
 <dl>
 	<dt><label for="policy_composite">{L_CAPTCHA_COMPOSITE}:</label><br /><span>{U_POLICY_COMPOSITE}</span></dt>
 	<dd><input id="policy_composite" name="policy_composite" value="1" class="radio" type="radio"<!-- IF COMPOSITE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp;&nbsp;<input name="policy_composite" value="0" class="radio" type="radio"<!-- IF not COMPOSITE_ENABLE --> checked="checked"<!-- ENDIF --> />&nbsp;{L_NO}</dd>
 </dl>
 </fieldset>
 <!-- ENDIF -->
 <!-- ENDIF -->
 <fieldset class="submit-buttons">
 	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
 	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
 </fieldset>
 </form>
 <!-- INCLUDE overall_footer.html -->
--- a/phpBB/adm/style/acp_database.html
+++ b/phpBB/adm/style/acp_database.html
@ -54,7 +54,7 @@
 		<legend>{L_BACKUP_OPTIONS}</legend>
 	<dl>
 		<dt><label for="user">{L_BACKUP_TYPE}:</label></dt>
-		<dd><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" />&nbsp;{L_FULL_BACKUP}&nbsp;&nbsp;<input type="radio" name="type" value="structure" id="type" />&nbsp;{L_STRUCTURE_ONLY}&nbsp;&nbsp;<input type="radio" class="radio" name="type" value="data" id="type" />&nbsp;{L_DATA_ONLY}</dd>
+		<dd><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" />&nbsp;{L_FULL_BACKUP}&nbsp;&nbsp;<input type="radio" name="type" class="radio" value="structure" id="type" />&nbsp;{L_STRUCTURE_ONLY}&nbsp;&nbsp;<input type="radio" class="radio" name="type" value="data" id="type" />&nbsp;{L_DATA_ONLY}</dd>
 	</dl>
 	<dl>
 		<dt><label for="user">{L_FILE_TYPE}:</label></dt>
--- a/phpBB/adm/style/acp_forums.html
+++ b/phpBB/adm/style/acp_forums.html
@ -100,12 +100,10 @@
 		<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
 		<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
 	</dl>
 	<!-- IF S_ADD_ACTION -->
 	<dl>
 		<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
 		<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
 	</dl>
 	<!-- ENDIF -->
 	</fieldset>
 	<div id="forum_cat_options"<!-- IF not S_FORUM_CAT --> style="display: none;"<!-- ENDIF -->>
@ -125,6 +123,16 @@
 			<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
 			<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
 		</dl>
 	<!-- IF S_SHOW_DISPLAY_ON_INDEX -->
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_on_index" value="0"<!-- IF not S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 	<!-- ENDIF -->
 		<dl>
 			<dt><label for="enable_post_review">{L_ENABLE_POST_REVIEW}:</label><br /><span>{L_ENABLE_POST_REVIEW_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="enable_post_review" value="1"<!-- IF S_ENABLE_POST_REVIEW --> id="enable_post_review" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_post_review" value="0"<!-- IF not S_ENABLE_POST_REVIEW --> id="enable_post_review" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 		<dl>
 			<dt><label for="enable_indexing">{L_ENABLE_INDEXING}:</label><br /><span>{L_ENABLE_INDEXING_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="enable_indexing" value="1"<!-- IF S_ENABLE_INDEXING --> id="enable_indexing" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_indexing" value="0"<!-- IF not S_ENABLE_INDEXING --> id="enable_indexing" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
@ -133,22 +141,30 @@
 			<dt><label for="enable_icons">{L_ENABLE_TOPIC_ICONS}:</label></dt>
 			<dd><input type="radio" class="radio" name="enable_icons" value="1"<!-- IF S_TOPIC_ICONS --> id="enable_icons" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_icons" value="0"<!-- IF not S_TOPIC_ICONS --> id="enable_icons" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 	<!-- IF S_SHOW_DISPLAY_ON_INDEX -->
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_on_index" value="0"<!-- IF not S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 	<!-- ENDIF -->
 		<dl>
 			<dt><label for="display_recent">{L_ENABLE_RECENT}:</label><br /><span>{L_ENABLE_RECENT_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="display_recent" value="1"<!-- IF S_DISPLAY_ACTIVE_TOPICS --> id="display_recent" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="display_recent" value="0"<!-- IF not S_DISPLAY_ACTIVE_TOPICS --> id="display_recent" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 		<dl>
-			<dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}:</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt>
+			<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}:</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
-			<dd><input type="radio" class="radio" name="enable_prune" onchange="dE('forum_prune_options', 1)" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_prune" onchange="dE('forum_prune_options', -1)" value="0"<!-- IF not S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
+			<dd><input type="text" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" /></dd>
 		</dl>
 		<dl>
 			<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
 			<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
 		</dl>
 		<dl>
 			<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
 			<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
 		</dl>
 		</fieldset>
-	<div id="forum_prune_options"<!-- IF not S_PRUNE_ENABLE --> style="display: none;"<!-- ENDIF -->>
+		<fieldset>
 			<legend>{L_FORUM_PRUNE_SETTINGS}</legend>
 		<dl>
 			<dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}:</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" name="enable_prune" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="enable_prune" value="0"<!-- IF not S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_freq">{L_AUTO_PRUNE_FREQ}:</label><br /><span>{L_AUTO_PRUNE_FREQ_EXPLAIN}</span></dt>
 			<dd><input type="text" id="prune_freq" name="prune_freq" value="{PRUNE_FREQ}" /> {L_DAYS}</dd>
@ -173,20 +189,6 @@
 			<dt><label for="prune_sticky">{L_PRUNE_STICKY}:</label></dt>
 			<dd><input type="radio" class="radio" name="prune_sticky" value="1"<!-- IF S_PRUNE_STICKY --> id="prune_sticky" checked="checked"<!-- ENDIF --> /> {L_YES} &nbsp; <input type="radio" class="radio" name="prune_sticky" value="0"<!-- IF not S_PRUNE_STICKY --> id="prune_sticky" checked="checked"<!-- ENDIF --> /> {L_NO}</dd>
 		</dl>
 	</div>
 		<dl>
 			<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}:</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
 			<dd><input type="text" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" /></dd>
 		</dl>
 		<dl>
 			<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
 			<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
 		</dl>
 		<dl>
 			<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
 			<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
 		</dl>
 		</fieldset>
 	</div>
--- a/phpBB/adm/style/acp_groups.html
+++ b/phpBB/adm/style/acp_groups.html
@ -153,12 +153,16 @@
 	<a href="{U_BACK}" style="float: right">&laquo; {L_BACK}</a>
-	<h1>{L_GROUP_MEMBERS}</h1>
+	<h1>{L_GROUP_MEMBERS} :: {GROUP_NAME}</h1>
 	<p>{L_GROUP_MEMBERS_EXPLAIN}</p>
 	<form id="list" method="post" action="{U_ACTION}">
 	<fieldset class="quick">
 		<a href="{U_DEFAULT_ALL}">&raquo; {L_MAKE_DEFAULT_FOR_ALL}</a>
 	</fieldset>
 	<table cellspacing="1">
 	<thead>
 	<tr>
@ -259,6 +263,13 @@
 	<p>{L_ACP_GROUPS_MANAGE_EXPLAIN}</p>
 	<!-- IF S_ERROR -->
 		<div class="errorbox">
 			<h3>{L_WARNING}</h3>
 			<p>{ERROR_MSG}</p>
 		</div>
 	<!-- ENDIF -->
 	<h1>{L_USER_DEF_GROUPS}</h1>
 	<p>{L_USER_DEF_GROUPS_EXPLAIN}</p>
@ -269,9 +280,10 @@
 		<col class="col1" /><col class="col1" /><col class="col2" /><col class="col2" /><col class="col2" />
 	<thead>
 	<tr>
-		<th style="width: 50%">{L_MANAGE}</th>
+		<th style="width: 50%">{L_GROUP}</th>
 		<th>{L_TOTAL_MEMBERS}</th>
-		<th colspan="3">{L_OPTIONS}</th>
+		<th colspan="2">{L_OPTIONS}</th>
 		<th>{L_ACTION}</th>
 	</tr>
 	</thead>
 	<tbody>
@ -282,10 +294,13 @@
 	<fieldset class="quick">
 		<!-- IF S_GROUP_ADD -->
-			{L_CREATE_GROUP}: <input type="text" name="group_name" value="" /> <input class="button2" type="submit" name="add" value="{L_SUBMIT}" />
+			{L_CREATE_GROUP}: <input type="text" name="group_name" value="" /> <input class="button2" type="submit" name="submit" value="{L_SUBMIT}" />
 			<input type="hidden" name="add" value="1" />
 		<!-- ENDIF -->
 	</fieldset>
 	</form>
 	<h1>{L_SPECIAL_GROUPS}</h1>
 	<p>{L_SPECIAL_GROUPS_EXPLAIN}</p>
@ -294,18 +309,19 @@
 		<col class="col1" /><col class="col1" /><col class="col2" /><col class="col2" /><col class="col2" />
 	<thead>
 	<tr>
-		<th style="width: 50%">{L_MANAGE}</th>
+		<th style="width: 50%">{L_GROUP}</th>
 		<th>{L_TOTAL_MEMBERS}</th>
-		<th colspan="3">{L_OPTIONS}</th>
+		<th colspan="2">{L_OPTIONS}</th>
 		<th>{L_ACTION}</th>
 	</tr>
 	</thead>
 	<tbody>
 		<!-- ELSE -->
 		<tr>
-			<td><a href="{groups.U_LIST}">{groups.GROUP_NAME}</a></td>
+			<td><strong>{groups.GROUP_NAME}</strong></td>
 			<td style="text-align: center;">{groups.TOTAL_MEMBERS}</td>
-			<td style="text-align: center;"><a href="{groups.U_DEFAULT}">{L_GROUP_DEFAULT}</a></td>
+			<td style="text-align: center;"><a href="{groups.U_EDIT}">{L_SETTINGS}</a></td>
-			<td style="text-align: center;"><a href="{groups.U_EDIT}">{L_EDIT}</a></td>
+			<td style="text-align: center;"><a href="{groups.U_LIST}">{L_MEMBERS}</a></td>
 			<td style="text-align: center;"><!-- IF not groups.S_GROUP_SPECIAL and groups.U_DELETE --><a href="{groups.U_DELETE}">{L_DELETE}</a><!-- ELSE -->{L_DELETE}<!-- ENDIF --></td>
 		</tr>
 		<!-- ENDIF -->
@ -313,8 +329,6 @@
 	</tbody>
 	</table>
 	</form>
 <!-- ENDIF -->
 <!-- INCLUDE overall_footer.html -->
--- a/phpBB/adm/style/acp_logs.html
+++ b/phpBB/adm/style/acp_logs.html
@ -70,12 +70,20 @@
 <!-- IF S_CLEARLOGS -->
 	<fieldset class="quick">
-		<b class="small"><a href="#" onclick="marklist('list', 'mark', true);">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></b><br />
+		<b class="small"><a href="javascript: marklist('list', 'mark', true);">{L_MARK_ALL}</a> :: <a href="javascript:marklist('list', 'mark', false);">{L_UNMARK_ALL}</a></b><br />
 		<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />&nbsp;
 		<input class="button2" type="submit" name="delall" value="{L_DELETE_ALL}" />&nbsp;
 	</fieldset>
 <!-- ENDIF -->
 <div class="pagination">
 	<!-- IF PAGINATION -->
 		<a href="javascript:jumpto();" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
 	<!-- ELSE -->
 		{S_ON_PAGE}
 	<!-- ENDIF -->
 </div>
 </form>
 <!-- INCLUDE overall_footer.html -->
--- a/phpBB/adm/style/acp_main.html
+++ b/phpBB/adm/style/acp_main.html
@ -11,6 +11,13 @@
 	</div>
 <!-- ENDIF -->
 <!-- IF S_REMOVE_INSTALL -->
 	<div class="errorbox">
 		<h3>{L_WARNING}</h3>
 		<p>{L_REMOVE_INSTALL}</p>
 	</div>
 <!-- ENDIF -->
 <table cellspacing="1">
 	<caption>{L_FORUM_STATS}</caption>
 	<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />
@ -60,10 +67,10 @@
 	<td><b>{UPLOAD_DIR_SIZE}</b></td>
 </tr>
 <tr>
 	<td>{L_DATABASE_SERVER_INFO}: </td>
 	<td><b>{DATABASE_INFO}</b></td>
 	<td>{L_GZIP_COMPRESSION}: </td>
 	<td><b>{GZIP_COMPRESSION}</b></td>
 	<td>&nbsp;</td>
 	<td>&nbsp;</td>
 </tr>
 </tbody>
 </table>
@ -104,6 +111,10 @@
 	<!-- END log -->
 	</tbody>
 	</table>
 	<br />
 	<div style="text-align: right;"><a href="{U_ADMIN_LOG}">&raquo; {L_VIEW_ADMIN_LOG}</a></div>
 <!-- ENDIF -->
 <!-- IF S_INACTIVE_USERS -->
@ -118,6 +129,7 @@
 	<tr>
 		<th>{L_USERNAME}</th>
 		<th>{L_JOINED}</th>
 		<th>{L_LAST_VISIT}</th>
 		<th>{L_MARK}</th>
 	</tr>
 	</thead>
@ -127,6 +139,7 @@
 			<td><a href="{inactive.U_USER_ADMIN}">{inactive.USERNAME}</a></td>
 			<td>{inactive.DATE}</td>
 			<td>{inactive.LAST_VISIT}</td>
 			<td>&nbsp;<input type="checkbox" class="radio" name="mark[]" value="{inactive.USER_ID}" />&nbsp;</td>
 		</tr>
 	<!-- BEGINELSE -->
--- a/phpBB/adm/style/acp_modules.html
+++ b/phpBB/adm/style/acp_modules.html
@ -93,9 +93,9 @@
 			<label><input type="radio" class="radio" name="module_display" value="0"<!-- IF not MODULE_DISPLAY --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
 		<dl>
-			<dt><label for="module_name">{L_CHOOSE_MODULE}:</label><br />
+			<dt><label for="module_basename">{L_CHOOSE_MODULE}:</label><br />
 			<span>{L_CHOOSE_MODULE_EXPLAIN}</span></dt>
-			<dd><select name="module_name" id="module_name" onchange="display_modes(this.value);">{S_MODULE_NAMES}</select></dd>
+			<dd><select name="module_basename" id="module_basename" onchange="display_modes(this.value);">{S_MODULE_NAMES}</select></dd>
 		</dl>
 		<dl>
 			<dt><label for="module_mode">{L_CHOOSE_MODE}:</label><br />
--- a/phpBB/adm/style/acp_permission_roles.html
+++ b/phpBB/adm/style/acp_permission_roles.html
@ -96,7 +96,7 @@
 	<h1>{L_ACL_TYPE}</h1>
 	<fieldset class="quick">
-		<a href="javascript: mark_options('a_options', 'y');">{L_ALL_YES}</a> &bull; <a href="javascript: mark_options('a_options', 'n');">{L_ALL_NO}</a> &bull; <a href="javascript: mark_options('a_options', 'u');">{L_ALL_UNSET}</a>
+		<a href="javascript: mark_options('a_options', 'y');">{L_ALL_YES}</a> &bull; <a href="javascript: mark_options('a_options', 'n');">{L_ALL_NEVER}</a> &bull; <a href="javascript: mark_options('a_options', 'u');">{L_ALL_NO}</a>
 	</fieldset>
 	<fieldset class="permissions">
@ -114,10 +114,10 @@
 		<!-- BEGIN auth -->
 			<!-- IF auth.S_YES -->
 				<td class="preset preset_yes">
 			<!-- ELSEIF auth.S_NEVER -->
 				<td class="preset preset_never">
 			<!-- ELSEIF auth.S_NO -->
 				<td class="preset preset_no">
 			<!-- ELSEIF auth.S_UNSET -->
 				<td class="preset preset_unset">
 			<!-- ELSE -->
 				<td class="preset preset_custom">
 			<!-- ENDIF -->
@ -132,17 +132,17 @@
 				<tr>
 					<th scope="col" style="text-align: left; padding-left: 0;"><strong>{L_ACL_SETTING} [{auth.CAT_NAME}]</strong></th>
 					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'y');">{L_ACL_YES}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'u');">{L_ACL_UNSET}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'u');">{L_ACL_NO}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'n');">{L_ACL_NO}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{auth.S_ROW_COUNT}', 'n');">{L_ACL_NEVER}</a></th>
 				</tr>
 				</thead>
 				<tbody>
 				<!-- BEGIN mask -->
 					<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 					<th>{auth.mask.PERMISSION}</th>
-					<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
+					<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
-					<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_UNSET --> checked="checked"<!-- ENDIF --> value="-1" /></td>
+					<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></td>
-					<td class="unset"><input id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="0" /></td>
+					<td class="no"><input id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></td>
 				</tr>
 				<!-- END mask -->
 				</tbody>
--- a/phpBB/adm/style/acp_permissions.html
+++ b/phpBB/adm/style/acp_permissions.html
@ -140,8 +140,7 @@
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
-				<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" /> &nbsp;
+				<input type="submit" class="button2" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
 				<input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" />
 			</fieldset>
 			</form>
@ -153,13 +152,12 @@
 				<p>{L_USERNAMES_EXPLAIN}</p>
 			<dl>
 				<dd class="full"><textarea id="username" name="usernames" rows="5" cols="5" style="width: 100%; height: 60px;"></textarea></dd>
-				<dd class="full" style="text-align: left;"><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> &nbsp;{L_SELECT_ANONYMOUS}</dd>
+				<dd class="full" style="text-align: left;"><div style="float: right;">[ <a href="#" onclick="window.open('{U_FIND_USERNAME}', '_phpbbsearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); return false;">{L_FIND_USERNAME}</a> ]</div><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> &nbsp;{L_SELECT_ANONYMOUS}</dd>
 			</dl>
 			</fieldset>
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
 				<input class="button2" type="submit" name="find_username" value="{L_FIND_USERNAME}" onclick="window.open('{U_FIND_USERNAME}', '_phpbbsearch', 'height=500, resizable=yes, scrollbars=yes, width=740'); return false;" /> &nbsp;
 				<input class="button1" type="submit" name="submit_add_options" value="{L_ADD_PERMISSIONS}" />
 			</fieldset>
@ -187,8 +185,7 @@
 			<fieldset class="quick">
 				{S_HIDDEN_FIELDS}
-				<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" />&nbsp;
+				<input class="button2" type="submit" name="action[delete]" value="{L_REMOVE_PERMISSIONS}" style="width: 46% !important;" /> &nbsp; <input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" style="width: 46% !important;" />
 				<input class="button1" type="submit" name="submit_edit_options" value="{L_EDIT_PERMISSIONS}" />
 			</fieldset>
 			</form>
--- a/phpBB/adm/style/acp_profile.html
+++ b/phpBB/adm/style/acp_profile.html
@ -40,7 +40,7 @@
 		<fieldset>
 			<legend>{L_VISIBILITY_OPTION}</legend>
 		<dl>
-			<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label></dt>
+			<dt><label for="field_option_none">{L_DISPLAY_AT_PROFILE}:</label><br /><span>{L_DISPLAY_AT_PROFILE_EXPLAIN}</span></dt>
 			<dd><input type="radio" class="radio" id="field_option_none" name="field_option" value="none"<!-- IF not S_SHOW_ON_REG and not S_FIELD_REQUIRED and not S_FIELD_HIDE --> checked="checked"<!-- ENDIF --> /></dd>
 		</dl>
 		<dl>
@ -81,7 +81,13 @@
 		<!-- ENDIF -->
 		<!-- IF S_BOOL or S_DROPDOWN -->
 			<dl>
-				<dt><label for="lang_options">{L_ENTRIES}:</label><br /><span>{L_LANG_OPTIONS_EXPLAIN}</span></dt>
+				<dt><label for="lang_options">{L_ENTRIES}:</label>
 					<!-- IF S_EDIT_MODE and S_DROPDOWN -->
 						<br /><span>{L_EDIT_DROPDOWN_LANG_EXPLAIN}</span>
 					<!-- ELSE -->
 						<br /><span>{L_LANG_OPTIONS_EXPLAIN}</span>
 					<!-- ENDIF -->
 				</dt>
 			<!-- IF S_DROPDOWN -->
 				<dd><textarea id="lang_options" name="lang_options" rows="5" cols="80">{LANG_OPTIONS}</textarea></dd>
 			<!-- ELSE -->
@ -182,7 +188,8 @@
 	<fieldset class="quick">
 		<input class="small" type="text" name="field_ident" /> <select name="field_type">{S_TYPE_OPTIONS}</select>
-		<input class="button1" type="submit" name="create" value="{L_CREATE_NEW_FIELD}" />
+		<input class="button1" type="submit" name="submit" value="{L_CREATE_NEW_FIELD}" />
 		<input type="hidden" name="create" value="1" />
 	</fieldset>
 	</form>
--- a/phpBB/adm/style/acp_styles.html
+++ b/phpBB/adm/style/acp_styles.html
@ -78,7 +78,7 @@
 				<td class="row1" colspan="2" align="center">
 					<table width="100%" cellspacing="2" cellpadding="2" border="0">
 					<tr>
-						<td width="50%" align="center"><img src="<!-- IF IMAGE_REQUEST neq '' -->{IMAGE_REQUEST}<!-- ELSE -->images/no_image.png<!-- ENDIF -->"/></td>
+						<td width="50%" align="center"><img src="<!-- IF IMAGE_REQUEST -->{IMAGE_REQUEST}<!-- ELSE -->images/no_image.png<!-- ENDIF -->"/></td>
 						<td width="50%" align="center"><img src="images/no_image.png" name="newimg" /></td>
 					</tr>
 					<tr>
@ -94,7 +94,7 @@
 			</tr>
 			<tr>
 				<td class="row1" width="40%"><b>{L_IMAGE}: </b></td>
-				<td class="row2"><select name="imgpath" onchange="update_image(this.options[selectedIndex].value);"><option value=""<!-- IF not IMAGE_SELECT--> selected="selected"<!-- ENDIF -->>{L_NONE}</option>
+				<td class="row2"><select name="imgpath" onchange="update_image(this.options[selectedIndex].value);"><option value=""<!-- IF not IMAGE_SELECT--> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>
 					<!-- BEGIN imagesetlist -->
 					<option class="sep" value=""><!-- IF imagesetlist.TYPE -->{L_LOCALISED_IMAGES}<!-- ELSE -->{L_GLOBAL_IMAGES}<!-- ENDIF --></option>
 						<!-- BEGIN images -->
@ -506,15 +506,16 @@
 	<p>{L_EXPLAIN}</p>
-	<!-- IF S_STYLE --> <!-- DEFINE $COLSPAN = 4 --> <!-- ELSE --> <!-- DEFINE $COLSPAN = 3 --> <!-- ENDIF -->
+	<!-- IF S_STYLE --> <!-- DEFINE $COLSPAN = 5 --> <!-- ELSE --> <!-- DEFINE $COLSPAN = 4 --> <!-- ENDIF -->
 	<table cellspacing="1">
-		<col class="row1" /><!-- IF S_STYLE --><col class="row1" /><!-- ENDIF --><col class="row2" />
+		<col class="row1" /><!-- IF S_STYLE --><col class="row1" /><!-- ENDIF --><col class="row2" /><col class="row2" />
 	<thead>
 	<tr>
 		<th>{L_NAME}</th>
 		<!-- IF S_STYLE --><th>{L_STYLE_USED_BY}</th><!-- ENDIF -->
 		<th>{L_OPTIONS}</th>
 		<th>{L_ACTIONS}</th>
 	</tr>
 	</thead>
 	<tbody>
@ -523,15 +524,18 @@
 	</tr>
 	<!-- BEGIN installed -->
 	<tr>
-		<td><a href="{installed.U_EDIT}">{installed.NAME}</a><!-- IF installed.S_DEFAULT_STYLE --> *<!-- ENDIF --></td>
+		<td><strong>{installed.NAME}</strong></a><!-- IF installed.S_DEFAULT_STYLE --> *<!-- ENDIF --></td>
 		<!-- IF S_STYLE -->
 			<td style="text-align: center;">{installed.STYLE_COUNT}</td>
 		<!-- ENDIF -->
 		<td style="text-align: center;">
 			{installed.S_OPTIONS}
 		</td>
 		<td style="text-align: center;">
 			<!-- IF S_STYLE -->
 				<a href="{installed.U_STYLE_ACT_DEACT}">{installed.L_STYLE_ACT_DEACT}</a> |
 			<!-- ENDIF -->
-			{installed.S_OPTIONS}
+			{installed.S_ACTIONS}
 			<!-- IF S_STYLE -->
 				| <a href="{installed.U_PREVIEW}" onclick="this.target='_preview';">{L_PREVIEW}</a>
 			<!-- ENDIF -->
@ -548,7 +552,7 @@
 	<!-- BEGIN uninstalled -->
 		<tr>
 			<td<!-- IF S_STYLE --> colspan="2"<!-- ENDIF -->><b>{uninstalled.NAME}</b><br /><span>{L_COPYRIGHT}: {uninstalled.COPYRIGHT}</span></td>
-			<td style="text-align: center;"><a href="{uninstalled.U_INSTALL}">{L_INSTALL}</a></td>
+			<td style="text-align: center;" colspan="2"><a href="{uninstalled.U_INSTALL}">{L_INSTALL}</a></td>
 		</tr>
 	<!-- END uninstalled -->
 	</tbody>
--- a/phpBB/adm/style/acp_users.html
+++ b/phpBB/adm/style/acp_users.html
@ -101,6 +101,10 @@
 		<dt><label>{L_LAST_ACTIVE}:</label></dt>
 		<dd><strong>{USER_LASTACTIVE}</strong></dd>
 	</dl>
 	<dl>
 		<dt><label>{L_POSTS}:</label></dt>
 		<dd><strong>{USER_POSTS}</strong></dd>
 	</dl>
 	<dl>
 		<dt><label for="user_founder">{L_FOUNDER}:</label><br /><span>{L_FOUNDER_EXPLAIN}</span></dt>
 		<dd><input type="radio" class="radio" name="user_founder" value="1"<!-- IF S_USER_FOUNDER --> id="user_founder" checked="checked"<!-- ENDIF --><!-- IF not S_FOUNDER --> disabled="disabled"<!-- ENDIF --> />&nbsp;{L_YES}&nbsp; <input type="radio" class="radio" name="user_founder" value="0"<!-- IF not S_USER_FOUNDER --> id="user_founder" checked="checked"<!-- ENDIF --><!-- IF not S_FOUNDER --> disabled="disabled"<!-- ENDIF --> />&nbsp;{L_NO}&nbsp;</dd>
@ -134,12 +138,14 @@
 		<dt><label for="quicktools">{L_QUICK_TOOLS}:</label></dt>
 		<dd><select id="quicktools" name="action">{S_ACTION_OPTIONS}</select></dd>
 	</dl>
 		<!-- IF not S_OWN_ACCOUNT -->
 			<dl>
 				<dt><label for="delete_user">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt>
 				<dd><input type="checkbox" class="radio" name="delete" value="1" /></dd>
 				<dd><select id="delete_user" name="delete_type"><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd>
 			</dl>
 		<!-- ENDIF -->
 	<!-- ENDIF -->
 	</fieldset>
 	<fieldset class="quick">
@ -340,7 +346,7 @@
 	</dl>
 	<dl> 
 		<dt><label for="tz">{L_BOARD_TIMEZONE}:</label></dt>
-		<dd><select id="tz" name="tz">{S_TZ_OPTIONS}</select></dd>
+		<dd><select id="tz" name="tz" style="width: 100%;">{S_TZ_OPTIONS}</select></dd>
 	</dl>
 	<dl> 
 		<dt><label for="dst">{L_BOARD_DST}:</label></dt>
@ -537,7 +543,7 @@
 	// Define the bbCode tags
 	bbcode = new Array();
-	bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]');
+	bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);
 	imageTag = false;
 	// Helpline messages
@ -554,6 +560,8 @@
 	s_help = "{LA_BBCODE_S_HELP}";
 	f_help = "{LA_BBCODE_F_HELP}";
 	e_help = "{LA_BBCODE_E_HELP}";
 	d_help = "{LA_BBCODE_D_HELP}";
 	<!-- BEGIN custom_tags -->cb_{custom_tags.BBCODE_ID}_help = "{custom_tags.BBCODE_HELPLINE}";<!-- END custom_tags -->
 	//-->
 	</script>
@ -572,15 +580,17 @@
 		<legend>{L_SIGNATURE}</legend>
 		<p>{L_SIGNATURE_EXPLAIN}</p>
 		<div id="format-buttons">
-			<input class="button2" type="button" accesskey="b" name="addbbcode0" value=" B " style="font-weight:bold; width: 30px" onclick="bbstyle(0)" onmouseover="helpline('b')" />
+			<input type="button" class="button2" accesskey="b" name="addbbcode0" value=" B " style="font-weight:bold; width: 30px;" onclick="bbstyle(0)" onmouseover="helpline('b')" />
-			<input class="button2" type="button" accesskey="i" name="addbbcode2" value=" i " style="font-style:italic; width: 30px" onclick="bbstyle(2)" onmouseover="helpline('i')" />
+			<input type="button" class="button2" accesskey="i" name="addbbcode2" value=" i " style="font-style:italic; width: 30px;" onclick="bbstyle(2)" onmouseover="helpline('i')" />
-			<input class="button2" type="button" accesskey="u" name="addbbcode4" value=" u " style="text-decoration: underline; width: 30px" onclick="bbstyle(4)" onmouseover="helpline('u')" />
+			<input type="button" class="button2" accesskey="u" name="addbbcode4" value=" u " style="text-decoration: underline; width: 30px;" onclick="bbstyle(4)" onmouseover="helpline('u')" />
-			<input class="button2" type="button" accesskey="q" name="addbbcode6" value="Quote" style="width: 50px" onclick="bbstyle(6)" onmouseover="helpline('q')" />
+			<input type="button" class="button2" accesskey="q" name="addbbcode6" value="Quote" style="width: 50px" onclick="bbstyle(6)" onmouseover="helpline('q')" />
-			<input class="button2" type="button" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" />
+			<input type="button" class="button2" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" />
-			<input class="button2" type="button" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" />
+			<input type="button" class="button2" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" />
-			<input class="button2" type="button" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" />
+			<input type="button" class="button2" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" />
-			<input class="button2" type="button" accesskey="p" name="addbbcode14" value="Img" style="width: 40px"  onclick="bbstyle(14)" onmouseover="helpline('p')" />
+			<!-- IF S_BBCODE_IMG --><input type="button" class="button2" accesskey="p" name="addbbcode14" value="Img" style="width: 40px"  onclick="bbstyle(14)" onmouseover="helpline('p')" /><!-- ENDIF -->
-			<input class="button2" type="button" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onclick="bbstyle(16)" onmouseover="helpline('w')" />
+			<input type="button" class="button2" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onclick="bbstyle(16)" onmouseover="helpline('w')" onmouseover="helpline('d')" />
 			<!-- IF S_BBCODE_FLASH --><input type="button" class="button2" accesskey="d" name="addbbcode18" value="Flash" onclick="bbstyle(18)" onmouseover="helpline('d')" /><!-- ENDIF -->
 			{L_FONT_SIZE}: <select name="addbbcode20" onchange="bbfontstyle('[size=' + this.form.addbbcode20.options[this.form.addbbcode20.selectedIndex].value + ']', '[/size]');this.form.addbbcode20.selectedIndex = 2;" onmouseover="helpline('f')">
 				<option value="7">{L_FONT_TINY}</option>
 				<option value="9">{L_FONT_SMALL}</option>
@ -589,6 +599,13 @@
 				<option  value="24">{L_FONT_HUGE}</option>
 			</select>
 			<a href="javascript:bbstyle(-1)" onmouseover="helpline('a')">{L_CLOSE_TAGS}</a>
 		<!-- IF .custom_tags -->
 			<br /><br />
 			<!-- BEGIN custom_tags -->
 				<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})"<!-- IF custom_tags.BBCODE_HELPLINE !== '' --> onmouseover="helpline('cb_{custom_tags.BBCODE_ID}')"<!-- ENDIF --> />
 			<!-- END custom_tags -->
 		<!-- ENDIF -->
 		</div>
 		<p><input type="text" name="helpbox" value="{L_STYLES_TIP}" class="full" style="border: 0; background: none;" /></p>
 	<dl>
--- a/phpBB/adm/style/acp_words.html
+++ b/phpBB/adm/style/acp_words.html
@ -38,6 +38,15 @@
 	<p>{L_ACP_WORDS_EXPLAIN}</p>
 	<form id="acp_words" method="post" action="{U_ACTION}">
 	<fieldset class="quick">
 		{S_HIDDEN_FIELDS}
 		<input class="button2" name="add" type="submit" value="{L_ADD_WORD}" />
 	</fieldset>
 	</form>
 	<table cellspacing="1">
 	<thead>
 	<tr>
@ -58,15 +67,6 @@
 	</tbody>
 	</table>
 	<form id="acp_words" method="post" action="{U_ACTION}">
 	<fieldset class="quick">
 		{S_HIDDEN_FIELDS}
 		<input class="button2" name="add" type="submit" value="{L_ADD_WORD}" />
 	</fieldset>
 	</form>
 <!-- ENDIF -->
 <!-- INCLUDE overall_footer.html -->
--- a/phpBB/adm/style/admin.css
+++ b/phpBB/adm/style/admin.css
@ -851,12 +851,12 @@ table.pmask td.name {
 	background-color: #40C53D;
 }
-.permissions td.no {
+.permissions td.never {
 	width: 20px;
 	background-color: #EC7181;
 }
-.permissions td.unset {
+.permissions td.no {
 	width: 20px;
 	background-color: transparent;
 }
@ -889,11 +889,11 @@ table.pmask td.name {
 	background: #DAE4EC url("../images/bg_hash2.gif") repeat;
 }
-.preset_no {
+.preset_never {
 	background: #ECD7DA url("../images/bg_hash3.gif") repeat;
 }
-.preset_unset {
+.preset_no {
 	background: #ECD7DA url("../images/bg_hash4.gif") repeat;
 }
--- a/phpBB/adm/style/install_header.html
+++ b/phpBB/adm/style/install_header.html
@ -16,6 +16,14 @@
 <div id="wrap">
 	<div id="page-header">
 		<h1>{L_INSTALL_PANEL}</h1>
 		<!-- IF S_LANG_SELECT -->
 		<br />
 		<form method="post">
 			<label for="language">{L_SELECT_LANG}:</label>
 			{S_LANG_SELECT}
 			<input class="button1" type="submit" id="change_lang" name="change_lang" value="{L_CHANGE}" />
 		</form>
 		<!-- ENDIF -->
 	</div>
 	<div id="page-body">
--- a/phpBB/adm/style/overall_footer.html
+++ b/phpBB/adm/style/overall_footer.html
@ -19,6 +19,7 @@
 	<div id="page-footer">
 		<!-- IF S_COPYRIGHT_HTML -->
 			Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
 			{L_TRANSLATION_INFO}
 		<!-- ENDIF -->
 		<!-- IF DEBUG_OUTPUT -->
--- a/phpBB/adm/style/permission_mask.html
+++ b/phpBB/adm/style/permission_mask.html
@ -115,7 +115,7 @@
 			return;
 		}
-		// Mark all options to unset first...
+		// Mark all options to no (unset) first...
 		mark_options(target_id, 'u');
 		for (var r in settings)
@ -179,10 +179,10 @@
 		<!-- BEGIN category -->
 			<!-- IF p_mask.f_mask.category.S_YES -->
 				<td class="preset preset_yes">
 			<!-- ELSEIF p_mask.f_mask.category.S_NEVER -->
 				<td class="preset preset_never">
 			<!-- ELSEIF p_mask.f_mask.category.S_NO -->
 				<td class="preset preset_no">
 			<!-- ELSEIF p_mask.f_mask.category.S_UNSET -->
 				<td class="preset preset_unset">
 			<!-- ELSE -->
 				<td class="preset preset_custom">
 			<!-- ENDIF -->
@ -200,8 +200,8 @@
 				<div style="float: right; text-align: right; width: 35%;">
 					<p class="small">
 						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'y'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_YES}</a>]<br />
-						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NO}</a>]<br />
+						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NEVER}</a>]<br />
-						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_UNSET}</a>]
+						[<a href="javascript: mark_options('a_options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ALL_NO}</a>]
 					</p>
 				</div>
 			<!-- ELSE -->
@ -218,11 +218,11 @@
 					<th scope="col" style="text-align: left; padding-left: 0;"><strong>{L_ACL_SETTING} [{p_mask.f_mask.category.CAT_NAME}]</strong></th>
 				<!-- IF p_mask.S_VIEW -->
 					<th scope="col">{L_ACL_YES}</th>
-					<th scope="col">{L_ACL_NO}</th>
+					<th scope="col">{L_ACL_NEVER}</th>
 				<!-- ELSE -->
 					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'y'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_YES}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_UNSET}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'u'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NO}</a></th>
-					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NO}</a></th>
+					<th scope="col"><a href="javascript: mark_options('options{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}', 'n'); reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}');">{L_ACL_NEVER}</a></th>
 				<!-- ENDIF -->
 				</tr>
 				</thead>
@ -231,12 +231,12 @@
 					<!-- IF p_mask.f_mask.category.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 					<th><!-- IF p_mask.f_mask.category.mask.U_TRACE --><a href="#" onclick="javascript:trace('{p_mask.f_mask.category.mask.U_TRACE}')" title="{L_TRACE_SETTING}"><img src="images/icon_trace.gif" alt="{L_TRACE_SETTING}" /></a> <!-- ENDIF -->{p_mask.f_mask.category.mask.PERMISSION}</th>
 					<!-- IF p_mask.S_VIEW -->
-						<td<!-- IF p_mask.f_mask.category.mask.S_YES --> class="yes"<!-- ELSE --> class="unset"<!-- ENDIF -->>&nbsp;</td>
+						<td<!-- IF p_mask.f_mask.category.mask.S_YES --> class="yes"<!-- ELSE --> class="no"<!-- ENDIF -->>&nbsp;</td>
-						<td<!-- IF p_mask.f_mask.category.mask.S_NO --> class="no"<!-- ELSE --> class="unset"<!-- ENDIF -->>&nbsp;</td>
+						<td<!-- IF p_mask.f_mask.category.mask.S_NEVER --> class="never"<!-- ELSE --> class="no"<!-- ENDIF -->>&nbsp;</td>
 					<!-- ELSE -->
-						<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_y" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
+						<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_y" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></td>
-						<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_u" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_UNSET --> checked="checked"<!-- ENDIF --> value="-1" /></td>
+						<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_u" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></td>
-						<td class="unset"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_n" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NO --> checked="checked"<!-- ENDIF --> value="0" /></td>
+						<td class="no"><input onchange="reset_role('role{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}')" id="{p_mask.f_mask.category.mask.S_FIELD_NAME}_n" name="{p_mask.f_mask.category.mask.S_FIELD_NAME}" class="radio" type="radio"<!-- IF p_mask.f_mask.category.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></td>
 					<!-- ENDIF -->
 				</tr>
 				<!-- END mask -->
--- a/phpBB/adm/style/permission_trace.html
+++ b/phpBB/adm/style/permission_trace.html
@ -22,20 +22,20 @@
 		<!-- IF trace.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
 		<td style="white-space: nowrap;"><strong>{trace.WHO}</strong></td>
-		<!-- IF trace.S_SETTING_NO -->
+		<!-- IF trace.S_SETTING_NEVER -->
-			<td class="no">{L_ACL_NO}</td>
+			<td class="never">{L_ACL_NEVER}</td>
 		<!-- ELSEIF trace.S_SETTING_YES -->
 			<td class="yes">{L_ACL_YES}</td>
 		<!-- ELSE -->
-			<td class="unset">{L_ACL_UNSET}</td>
+			<td class="no">{L_ACL_NO}</td>
 		<!-- ENDIF -->
-		<!-- IF trace.S_TOTAL_NO -->
+		<!-- IF trace.S_TOTAL_NEVER -->
-			<td class="no">{L_ACL_NO}</td>
+			<td class="never">{L_ACL_NEVER}</td>
 		<!-- ELSEIF trace.S_TOTAL_YES -->
 			<td class="yes">{L_ACL_YES}</td>
 		<!-- ELSE -->
-			<td class="unset">{L_ACL_UNSET}</td>
+			<td class="no">{L_ACL_NO}</td>
 		<!-- ENDIF -->
 		<td>{trace.INFORMATION}</td>
--- a/phpBB/adm/style/simple_footer.html
+++ b/phpBB/adm/style/simple_footer.html
@ -17,6 +17,7 @@
 	<!-- IF S_COPYRIGHT_HTML -->
 		<br />Powered by phpBB {VERSION} &copy; 2006 <a href="http://www.phpbb.com/">phpBB Group</a>
 		{TRANSLATION_INFO}
 	<!-- ENDIF -->
 	<!-- IF DEBUG_OUTPUT -->
--- a/phpBB/adm/swatch.php
+++ b/phpBB/adm/swatch.php
@ -36,13 +36,6 @@ $template->assign_vars(array(
 $template->display('body');
-// Unload cache, must be done before the DB connection if closed
+garbage_collection();
 if (!empty($cache))
 {
 	$cache->unload();
 }
 // Close our DB connection.
 $db->sql_close();
 ?>
--- a/phpBB/common.php
+++ b/phpBB/common.php
@ -104,14 +104,40 @@ if (defined('IN_CRON'))
 if (!file_exists($phpbb_root_path . 'config.' . $phpEx))
 {
-	die("<p>The config.$phpEx file could not be found.</p><p><a href=\"$phpbb_root_path/install/index.$phpEx\">Click here to install phpBB</a></p>");
+	die("<p>The config.$phpEx file could not be found.</p><p><a href=\"{$phpbb_root_path}install/index.$phpEx\">Click here to install phpBB</a></p>");
 }
 require($phpbb_root_path . 'config.' . $phpEx);
 if (!defined('PHPBB_INSTALLED'))
 {
-	header('Location: install/index.' . $phpEx);
+	// Redirect the user to the installer
 	// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
 	// available as used by the redirect function
 	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
 	$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
 	if (!$script_name)
 	{
 		$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
 	}
 	// Replace any number of consecutive backslashes and/or slashes with a single slash
 	// (could happen on some proxy setups and/or Windows servers)
 	$script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx;
 	$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
 	$url = (($secure) ? 'https://' : 'http://') . $server_name;
 	if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
 	{
 		$url .= ':' . $server_port;
 	}
 	$url .= $script_path;
 	header('Location: ' . $url);
 	exit;
 }
@ -165,10 +191,11 @@ unset($dbpasswd);
 $config = $cache->obtain_config();
 $dss_seeded = false;
-// Warn about install/ directory
+// Disable board if the install/ directory is still present
-if (file_exists($phpbb_root_path . 'install'))
+if (file_exists($phpbb_root_path . 'install') && !defined('ADMIN_START'))
 {
-	trigger_error('REMOVE_INSTALL');
+	$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
 	trigger_error($message);
 }
 ?>
--- a/phpBB/develop/add_permissions.php
+++ b/phpBB/develop/add_permissions.php
@ -33,9 +33,9 @@ require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
 require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
 include($phpbb_root_path . 'includes/functions.'.$phpEx);
-define('ACL_NO', 0);
+define('ACL_NEVER', 0);
 define('ACL_YES', 1);
-define('ACL_UNSET', -1);
+define('ACL_NO', -1);
 define('ACL_GROUPS_TABLE', $table_prefix.'acl_groups');
 define('ACL_OPTIONS_TABLE', $table_prefix.'acl_options');
@ -212,14 +212,14 @@ foreach ($prefixes as $prefix)
 			echo "<p><b>Adding $auth_option...</b></p>\n";
-			mass_auth('group', 0, 'guests', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'guests', $auth_option, ACL_NEVER);
-			mass_auth('group', 0, 'inactive', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'inactive', $auth_option, ACL_NEVER);
-			mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NEVER);
-			mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NO);
+			mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NEVER);
-			mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
+			mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
-			mass_auth('group', 0, 'global_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NO));
+			mass_auth('group', 0, 'global_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NEVER));
 			mass_auth('group', 0, 'administrators', $auth_option, ACL_YES);
-			mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NO));
+			mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
 		}
 	}
 }
@ -236,7 +236,7 @@ echo "<p><b>Done</b></p>\n";
 	$forum_id = forum ids (array|int|0) -> 0 == all forums
 	$ug_id = [int] user_id|group_id : [string] usergroup name
 	$acl_list = [string] acl entry : [array] acl entries
-	$setting = ACL_YES|ACL_NO|ACL_UNSET
+	$setting = ACL_YES|ACL_NEVER|ACL_NO
 */
 function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
 {
@ -337,7 +337,7 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
 			switch ($setting)
 			{
-				case ACL_UNSET:
+				case ACL_NO:
 					if (isset($cur_auth[$forum][$auth_option_id]))
 					{
 						$sql_ary['delete'][] = "DELETE FROM $table 
--- a/phpBB/develop/create_schema_files.php
+++ b/phpBB/develop/create_schema_files.php
--- a/phpBB/develop/generate_utf_tables.php
+++ b/phpBB/develop/generate_utf_tables.php
@ -0,0 +1,559 @@
 <?php
 /** 
 *
 * @package phpBB3
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 
 *
 */
 if (php_sapi_name() != 'cli')
 {
 	die("This program must be run from the command line.\n");
 }
 set_time_limit(0);
 define('IN_PHPBB', true);
 $phpbb_root_path = '../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 echo "Checking for required files\n";
 download('http://www.unicode.org/Public/UNIDATA/CompositionExclusions.txt');
 download('http://www.unicode.org/Public/UNIDATA/DerivedNormalizationProps.txt');
 download('http://www.unicode.org/Public/UNIDATA/UnicodeData.txt');
 echo "\n";
 require_once($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
 $file_contents = array();
 /**
 * Generate some Hangul/Jamo stuff
 */
 echo "\nGenerating Hangul and Jamo tables\n";
 for ($i = 0; $i < UNICODE_HANGUL_LCOUNT; ++$i)
 {
 	$utf_char = cp_to_utf(UNICODE_HANGUL_LBASE + $i);
 	$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i * UNICODE_HANGUL_VCOUNT * UNICODE_HANGUL_TCOUNT + UNICODE_HANGUL_SBASE;
 	$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_L;
 }
 for ($i = 0; $i < UNICODE_HANGUL_VCOUNT; ++$i)
 {
 	$utf_char = cp_to_utf(UNICODE_HANGUL_VBASE + $i);
 	$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i * UNICODE_HANGUL_TCOUNT;
 	$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_V;
 }
 for ($i = 0; $i < UNICODE_HANGUL_TCOUNT; ++$i)
 {
 	$utf_char = cp_to_utf(UNICODE_HANGUL_TBASE + $i);
 	$file_contents['utf_normalizer_common']['utf_jamo_index'][$utf_char] = $i;
 	$file_contents['utf_normalizer_common']['utf_jamo_type'][$utf_char] = UNICODE_JAMO_T;
 }
 /**
 * Load the CompositionExclusions table
 */
 echo "Loading CompositionExclusion\n";
 $fp = fopen('CompositionExclusions.txt', 'rt');
 $exclude = array();
 while (!feof($fp))
 {
 	$line = fgets($fp, 1024);
 	if (!strpos(' 0123456789ABCDEFabcdef', $line[0]))
 	{
 		continue;
 	}
 	$cp = strtok($line, ' ');
 	if ($pos = strpos($cp, '..'))
 	{
 		$start = hexdec(substr($cp, 0, $pos));
 		$end = hexdec(substr($cp, $pos + 2));
 		for ($i = $start; $i < $end; ++$i)
 		{
 			$exclude[$i] = 1;
 		}
 	}
 	else
 	{
 		$exclude[hexdec($cp)] = 1;
 	}
 }
 fclose($fp);
 /**
 * Load QuickCheck tables
 */
 echo "Generating QuickCheck tables\n";
 $fp = fopen('DerivedNormalizationProps.txt', 'rt');
 while (!feof($fp))
 {
 	$line = fgets($fp, 1024);
 	if (!strpos(' 0123456789ABCDEFabcdef', $line[0]))
 	{
 		continue;
 	}
 	$p = array_map('trim', explode(';', strtok($line, '#')));
 	/**
 	* Capture only NFC_QC, NFKC_QC
 	*/
 	if (!preg_match('#^NFK?C_QC$#', $p[1]))
 	{
 		continue;
 	}
 	if ($pos = strpos($p[0], '..'))
 	{
 		$start = hexdec(substr($p[0], 0, $pos));
 		$end = hexdec(substr($p[0], $pos + 2));
 	}
 	else
 	{
 		$start = $end = hexdec($p[0]);
 	}
 	if ($start >= UTF8_HANGUL_FIRST && $end <= UTF8_HANGUL_LAST)
 	{
 		/**
 		* We do not store Hangul syllables in the array
 		*/
 		continue;
 	}
 	if ($p[2] == 'M')
 	{
 		$val = UNICODE_QC_MAYBE;
 	}
 	else
 	{
 		$val = UNICODE_QC_NO;
 	}
 	if ($p[1] == 'NFKC_QC')
 	{
 		$file = 'utf_nfkc_qc';
 	}
 	else
 	{
 		$file = 'utf_nfc_qc';
 	}
 	for ($i = $start; $i <= $end; ++$i)
 	{
 		/**
 		* The vars have the same name as the file: $utf_nfc_qc is in utf_nfc_qc.php
 		*/
 		$file_contents[$file][$file][cp_to_utf($i)] = $val;
 	}
 }
 fclose($fp);
 /**
 * Do mappings
 */
 echo "Loading Unicode decomposition mappings\n";
 $fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
 $map = array();
 while (!feof($fp))
 {
 	$p = explode(';', fgets($fp, 1024));
 	$cp = hexdec($p[0]);
 	if (!empty($p[3]))
 	{
 		/**
 		* Store combining class > 0
 		*/
 		$file_contents['utf_normalizer_common']['utf_combining_class'][cp_to_utf($cp)] = (int) $p[3];
 	}
 	if (!isset($p[5]) || !preg_match_all('#[0-9A-F]+#', strip_tags($p[5]), $m))
 	{
 		continue;
 	}
 	if (strpos($p[5], '>'))
 	{
 		$map['NFKD'][$cp] = implode(' ', array_map('hexdec', $m[0]));
 	}
 	else
 	{
 		$map['NFD'][$cp] = $map['NFKD'][$cp] = implode(' ', array_map('hexdec', $m[0]));
 	}
 }
 fclose($fp);
 /**
 * Build the canonical composition table
 */
 echo "Generating the Canonical Composition table\n";
 foreach ($map['NFD'] as $cp => $decomp_seq)
 {
 	if (!strpos($decomp_seq, ' ') || isset($exclude[$cp]))
 	{
 		/**
 		* Singletons are excluded from canonical composition
 		*/
 		continue;
 	}
 	$utf_seq = implode('', array_map('cp_to_utf', explode(' ', $decomp_seq)));
 	if (!isset($file_contents['utf_canonical_comp']['utf_canonical_comp'][$utf_seq]))
 	{
 		$file_contents['utf_canonical_comp']['utf_canonical_comp'][$utf_seq] = cp_to_utf($cp);
 	}
 }
 /**
 * Decompose the NF[K]D mappings recursively and prepare the file contents
 */
 echo "Generating the Canonical and Compatibility Decomposition tables\n\n";
 foreach ($map as $type => $decomp_map)
 {
 	foreach ($decomp_map as $cp => $decomp_seq)
 	{
 		$decomp_map[$cp] = decompose($decomp_map, $decomp_seq);
 	}
 	unset($decomp_seq);
 	if ($type == 'NFKD')
 	{
 		$file = 'utf_compatibility_decomp';
 		$var = 'utf_compatibility_decomp';
 	}
 	else
 	{
 		$file = 'utf_canonical_decomp';
 		$var = 'utf_canonical_decomp';
 	}
 	/**
 	* Generate the corresponding file
 	*/
 	foreach ($decomp_map as $cp => $decomp_seq)
 	{
 		$file_contents[$file][$var][cp_to_utf($cp)] = implode('', array_map('cp_to_utf', explode(' ', $decomp_seq)));
 	}
 }
 /**
 * Generate and/or alter the files
 */
 foreach ($file_contents as $file => $contents)
 {
 	/**
 	* Generate a new file
 	*/
 	echo "Writing to $file.$phpEx\n";
 	if (!$fp = fopen($phpbb_root_path . 'includes/utf/data/' . $file . '.' . $phpEx, 'wb'))
 	{
 		trigger_error('Cannot open ' . $file . ' for write');
 	}
 	fwrite($fp, '<?php');
 	foreach ($contents as $var => $val)
 	{
 		fwrite($fp, "\n\$GLOBALS[" . my_var_export($var) . ']=' . my_var_export($val) . ";");
 	}
 	fclose($fp);
 }
 echo "\n*** UTF-8 normalization tables done\n\n";
 /**
 * Now we'll generate the files needed by the search indexer
 */
 echo "Generating search indexer tables\n";
 $fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
 $map = array();
 while ($line = fgets($fp, 1024))
 {
 	/**
 	* The current line is split, $m[0] hold the codepoint in hexadecimal and
 	* all other fields numbered as in http://www.unicode.org/Public/UNIDATA/UCD.html#UnicodeData.txt
 	*/
 	$m = explode(';', $line);
 	/**
 	* @var	integer	$cp			Current char codepoint
 	* @var	string	$utf_char	UTF-8 representation of current char
 	*/
 	$cp = hexdec($m[0]);
 	$utf_char = cp_to_utf($cp);
 	/**
 	* $m[2] holds the "General Category" of the character
 	* @link http://www.unicode.org/Public/UNIDATA/UCD.html#General_Category_Values
 	*/
 	switch ($m[2][0])
 	{
 		case 'L':
 			/**
 			* We allow all letters and map them to their lowercased counterpart on the fly
 			*/
 			$map_to_hex = (isset($m[13][0])) ? $m[13] : $m[0];
 			if (preg_match('#^LATIN.*(?:LETTER|LIGATURE) ([A-Z]{2}(?![A-Z]))$#', $m[1], $capture))
 			{
 				/**
 				* Special hack for some latin ligatures. Using the name of a character
 				* is bad practice, but for now it works well enough.
 				*
 				* @todo Note that ligatures with combining marks such as U+01E2 are
 				* not supported at this time
 				*/
 				$map[$cp] = strtolower($capture[1]);
 			}
 			elseif (isset($m[13][0]))
 			{
 				/**
 				* If the letter has a lowercased form, use it
 				*/
 				$map[$cp] = hex_to_utf($m[13]);
 			}
 			else
 			{
 				/**
 				* In all other cases, map the letter to itself
 				*/
 				$map[$cp] = $utf_char;
 			}
 			break;
 		case 'M':
 			/**
 			* We allow all marks, they are mapped to themselves
 			*/
 			$map[$cp] = $utf_char;
 			break;
 		case 'N':
 			/**
 			* We allow all numbers, but we map them to their numeric value whenever
 			* possible. The numeric value (field #8) is in ASCII already
 			*
 			* @todo Note that fractions such as U+00BD will be converted to something
 			* like "1/2", with a slash. However, "1/2" entered in ASCII is converted
 			* to "1 2". This will have to be fixed.
 			*/
 			$map[$cp] = (isset($m[8][0])) ? $m[8] : $utf_char;
 			break;
 		default:
 			/**
 			* Everything else is ignored, skip to the next line
 			*/
 			continue 2;
 	}
 }
 fclose($fp);
 /**
 * Add some cheating
 */
 $cheats = array(
 	'00DF'	=>	'ss',		#	German sharp S
 	'00D6'	=>	'oe',		#	Capital O with diaeresis
 	'00F6'	=>	'oe',		#	Small O with diaeresis
 );
 /**
 * Add our "cheat replacements" to the map
 */
 foreach ($cheats as $hex => $map_to)
 {
 	$map[hexdec($hex)] = $map_to;
 }
 /**
 * Split the map into smaller blocks
 */
 $file_contents = array();
 foreach ($map as $cp => $map_to)
 {
 	$file_contents[$cp >> 11][cp_to_utf($cp)] = $map_to;
 }
 unset($map);
 foreach ($file_contents as $idx => $contents)
 {
 	echo "Writing to search_indexer_$idx.$phpEx\n";
 	$fp = fopen($phpbb_root_path . 'includes/utf/data/search_indexer_' . $idx . '.' . $phpEx, 'wb');
 	fwrite($fp, '<?php return ' . my_var_export($contents) . ';');
 	fclose($fp);
 }
 echo "\n*** Search indexer tables done\n\n";
 die("\nAll done!\n");
 ////////////////////////////////////////////////////////////////////////////////
 //                             Internal functions                             //
 ////////////////////////////////////////////////////////////////////////////////
 /**
 * Decompose a sequence recusively
 *
 * @param	array	$decomp_map	Decomposition mapping, passed by reference
 * @param	string	$decomp_seq	Decomposition sequence as decimal codepoints separated with a space
 * @return	string				Decomposition sequence, fully decomposed
 */
 function decompose(&$decomp_map, $decomp_seq)
 {
 	$ret = array();
 	foreach (explode(' ', $decomp_seq) as $cp)
 	{
 		if (isset($decomp_map[$cp]))
 		{
 			$ret[] = decompose($decomp_map, $decomp_map[$cp]);
 		}
 		else
 		{
 			$ret[] = $cp;
 		}
 	}
 	return implode(' ', $ret);
 }
 /**
 * Return a parsable string representation of a variable
 *
 * This is function is limited to array/strings/integers
 *
 * @param	mixed	$var		Variable
 * @return	string				PHP code representing the variable
 */
 function my_var_export($var)
 {
 	if (is_array($var))
 	{
 		$lines = array();
 		foreach ($var as $k => $v)
 		{
 			$lines[] = my_var_export($k) . '=>' . my_var_export($v);
 		}
 		return 'array(' . implode(',', $lines) . ')';
 	}
 	elseif (is_string($var))
 	{
 		return "'" . str_replace(array('\\', "'"), array('\\\\', "\\'"), $var) . "'";
 	}
 	else
 	{
 		return $var;
 	}
 }
 /**
 * Download a file to the develop/ dir
 *
 * @param	string	$url		URL of the file to download
 * @return	void
 */
 function download($url)
 {
 	global $phpbb_root_path;
 	if (file_exists($phpbb_root_path . 'develop/' . basename($url)))
 	{
 		return;
 	}
 	echo 'Downloading from ', $url, ' ';
 	if (!$fpr = fopen($url, 'rb'))
 	{
 		die("Can't download from $url\nPlease download it yourself and put it in the develop/ dir, kthxbai");
 	}
 	if (!$fpw = fopen($phpbb_root_path . 'develop/' . basename($url), 'wb'))
 	{
 		die("Can't open develop/" . basename($url) . " for output... please check your permissions or something");
 	}
 	$i = 0;
 	$chunk = 32768;
 	$done = '';
 	while (!feof($fpr))
 	{
 		$i += fwrite($fpw, fread($fpr, $chunk));
 		echo str_repeat("\x08", strlen($done));
 		$done = ($i >> 10) . ' KiB';
 		echo $done;
 	}
 	fclose($fpr);
 	fclose($fpw);
 	echo "\n";
 }
 /**
 * Convert a codepoint in hexadecimal to a UTF-8 char
 *
 * @param	string	$hex		Codepoint, in hexadecimal
 * @return	string				UTF-8 char
 */
 function hex_to_utf($hex)
 {
 	return cp_to_utf(hexdec($hex));
 }
 /**
 * Return a UTF string formed from a sequence of codepoints in hexadecimal
 *
 * @param	string	$seq		Sequence of codepoints, separated with a space
 * @return	string				UTF-8 string
 */
 function hexseq_to_utf($seq)
 {
 	return implode('', array_map('hex_to_utf', explode(' ', $seq)));
 }
 /**
 * Convert a codepoint to a UTF-8 char
 *
 * @param	integer	$cp			Unicode codepoint
 * @return	string				UTF-8 string
 */
 function cp_to_utf($cp)
 {
 	if ($cp > 0xFFFF)
 	{
 		return chr(0xF0 | ($cp >> 18)) . chr(0x80 | (($cp >> 12) & 0x3F)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
 	}
 	elseif ($cp > 0x7FF)
 	{
 		return chr(0xE0 | ($cp >> 12)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
 	}
 	elseif ($cp > 0x7F)
 	{
 		return chr(0xC0 | ($cp >> 6)) . chr(0x80 | ($cp & 0x3F));
 	}
 	else
 	{
 		return chr($cp);
 	}
 }
--- a/phpBB/develop/utf_normalizer_test.php
+++ b/phpBB/develop/utf_normalizer_test.php
@ -0,0 +1,380 @@
 <?php
 /** 
 *
 * @package phpBB3
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 
 *
 */
 if (php_sapi_name() != 'cli')
 {
 	die("This program must be run from the command line.\n");
 }
 set_time_limit(0);
 error_reporting(E_ALL);
 define('IN_PHPBB', true);
 $phpbb_root_path = '../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 /**
 * Let's download some files we need
 */
 download('http://www.unicode.org/Public/UNIDATA/NormalizationTest.txt');
 download('http://www.unicode.org/Public/UNIDATA/UnicodeData.txt');
 /**
 * Those are the tests we run
 */
 $test_suite = array(
 	/**
 	* NFC
 	*   c2 ==  NFC(c1) ==  NFC(c2) ==  NFC(c3)
 	*   c4 ==  NFC(c4) ==  NFC(c5)
 	*/
 	'NFC'	=>	array(
 		'c2'	=>	array('c1', 'c2', 'c3'),
 		'c4'	=>	array('c4', 'c5')
 	),
 	/**
 	* NFD
 	*   c3 ==  NFD(c1) ==  NFD(c2) ==  NFD(c3)
 	*   c5 ==  NFD(c4) ==  NFD(c5)
 	*/
 	'NFD'	=>	array(
 		'c3'	=>	array('c1', 'c2', 'c3'),
 		'c5'	=>	array('c4', 'c5')
 	),
 	/**
 	* NFKC
 	*   c4 == NFKC(c1) == NFKC(c2) == NFKC(c3) == NFKC(c4) == NFKC(c5)
 	*/
 	'NFKC'	=>	array(
 		'c4'	=>	array('c1', 'c2', 'c3', 'c4', 'c5')
 	),
 	/**
 	* NFKD
 	*   c5 == NFKD(c1) == NFKD(c2) == NFKD(c3) == NFKD(c4) == NFKD(c5)
 	*/
 	'NFKD'	=>	array(
 		'c5'	=>	array('c1', 'c2', 'c3', 'c4', 'c5')
 	)
 );
 require_once($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
 $i = $n = 0;
 $failed = FALSE;
 $tested_chars = array();
 $fp = fopen($phpbb_root_path . 'develop/NormalizationTest.txt', 'rb');
 while (!feof($fp))
 {
 	$line = fgets($fp);
 	++$n;
 	if ($line[0] == '@')
 	{
 		if ($i)
 		{
 			echo "done\n";
 		}
 		$i = 0;
 		echo "\n", substr($line, 1), "\n\n";
 		continue;
 	}
 	if (!strpos(' 0123456789ABCDEF', $line[0]))
 	{
 		continue;
 	}
 	if (++$i % 100 == 0)
 	{
 		echo $i, ' ';
 	}
 	list($c1, $c2, $c3, $c4, $c5) = explode(';', $line);
 	if (!strpos($c1, ' '))
 	{
 		/**
 		* We are currently testing a single character, we add it to the list of
 		* characters we have processed so that we can exclude it when testing
 		* for invariants
 		*/
 		$tested_chars[$c1] = 1;
 	}
 	foreach ($test_suite as $form => $serie)
 	{
 		foreach ($serie as $expected => $tests)
 		{
 			$hex_expected = ${$expected};
 			$utf_expected = hexseq_to_utf($hex_expected);
 			foreach ($tests as $test)
 			{
 				$utf_result = call_user_func(array('utf_normalizer', $form), $utf_expected);
 				if (strcmp($utf_expected, $utf_result))
 				{
 					$failed = TRUE;
 					$hex_result = utf_to_hexseq($utf_result);
 					echo "\nFAILED $expected == $form($test) ($hex_expected != $hex_result)";
 				}
 			}
 		}
 		if ($failed)
 		{
 			die("\n\nFailed at line $n\n");
 		}
 	}
 }
 fclose($fp);
 /**
 * Test for invariants
 */
 echo "\n\nTesting for invariants...\n\n";
 $fp = fopen($phpbb_root_path . 'develop/UnicodeData.txt', 'rt');
 $n = 0;
 while (!feof($fp))
 {
 	if (++$n % 100 == 0)
 	{
 		echo $n, ' ';
 	}
 	$line = fgets($fp, 1024);
 	if (!$pos = strpos($line, ';'))
 	{
 		continue;
 	}
 	$hex_tested = $hex_expected = substr($line, 0, $pos);
 	if (isset($tested_chars[$hex_tested]))
 	{
 		continue;
 	}
 	$utf_expected = hex_to_utf($hex_expected);
 	if ($utf_expected >= UTF8_SURROGATE_FIRST
 	 && $utf_expected <= UTF8_SURROGATE_LAST)
 	{
 		/**
 		* Surrogates are illegal on their own, we expect the normalizer
 		* to return a replacement char
 		*/
 		$utf_expected = UTF8_REPLACEMENT;
 		$hex_expected = utf_to_hexseq($utf_expected);
 	}
 	foreach (array('nfc', 'nfkc', 'nfd', 'nfkd') as $form)
 	{
 		$utf_result = utf_normalizer::$form($utf_expected);
 		$hex_result = utf_to_hexseq($utf_result);
 //		echo "$form($utf_expected) == $utf_result\n";
 		if (strcmp($utf_expected, $utf_result))
 		{
 			$failed = 1;
 			echo "\nFAILED $hex_expected == $form($hex_tested) ($hex_expected != $hex_result)";
 		}
 	}
 	if ($failed)
 	{
 		die("\n\nFailed at line $n\n");
 	}
 }
 fclose($fp);
 die("\n\nALL TESTS PASSED SUCCESSFULLY\n");
 /**
 * Download a file to the develop/ dir
 *
 * @param	string	$url		URL of the file to download
 * @return	void
 */
 function download($url)
 {
 	global $phpbb_root_path;
 	if (file_exists($phpbb_root_path . 'develop/' . basename($url)))
 	{
 		return;
 	}
 	echo 'Downloading from ', $url, ' ';
 	if (!$fpr = fopen($url, 'rb'))
 	{
 		die("Can't download from $url\nPlease download it yourself and put it in the develop/ dir, kthxbai");
 	}
 	if (!$fpw = fopen($phpbb_root_path . 'develop/' . basename($url), 'wb'))
 	{
 		die("Can't open develop/" . basename($url) . " for output... please check your permissions or something");
 	}
 	$i = 0;
 	$chunk = 32768;
 	$done = '';
 	while (!feof($fpr))
 	{
 		$i += fwrite($fpw, fread($fpr, $chunk));
 		echo str_repeat("\x08", strlen($done));
 		$done = ($i >> 10) . ' KiB';
 		echo $done;
 	}
 	fclose($fpr);
 	fclose($fpw);
 	echo "\n";
 }
 /**
 * Convert a UTF string to a sequence of codepoints in hexadecimal
 *
 * @param	string	$utf	UTF string
 * @return	integer			Unicode codepoints in hex
 */
 function utf_to_hexseq($str)
 {
 	$pos = 0;
 	$len = strlen($str);
 	$ret = array();
 	while ($pos < $len)
 	{
 		$c = $str[$pos];
 		switch ($c & "\xF0")
 		{
 			case "\xC0":
 			case "\xD0":
 				$utf_char = substr($str, $pos, 2);
 				$pos += 2;
 				break;
 			case "\xE0":
 				$utf_char = substr($str, $pos, 3);
 				$pos += 3;
 				break;
 			case "\xF0":
 				$utf_char = substr($str, $pos, 4);
 				$pos += 4;
 				break;
 			default:
 				$utf_char = $c;
 				++$pos;
 		}
 		$hex = dechex(utf_to_cp($utf_char));
 		if (!isset($hex[3]))
 		{
 			$hex = substr('000' . $hex, -4);
 		}
 		$ret[] = $hex;
 	}
 	return strtr(implode(' ', $ret), 'abcdef', 'ABCDEF');
 }
 /**
 * Convert a UTF-8 char to its codepoint
 *
 * @param	string	$utf_char	UTF-8 char
 * @return	integer				Unicode codepoint
 */
 function utf_to_cp($utf_char)
 {
 	switch (strlen($utf_char))
 	{
 		case 1:
 			return ord($utf_char);
 		case 2:
 			return ((ord($utf_char[0]) & 0x1F) << 6) | (ord($utf_char[1]) & 0x3F);
 		case 3:
 			return ((ord($utf_char[0]) & 0x0F) << 12) | ((ord($utf_char[1]) & 0x3F) << 6) | (ord($utf_char[2]) & 0x3F);
 		case 4:
 			return ((ord($utf_char[0]) & 0x07) << 18) | ((ord($utf_char[1]) & 0x3F) << 12) | ((ord($utf_char[2]) & 0x3F) << 6) | (ord($utf_char[3]) & 0x3F);
 		default:
 			die('UTF-8 chars can only be 1-4 bytes long');
 	}
 }
 /**
 * Return a UTF string formed from a sequence of codepoints in hexadecimal
 *
 * @param	string	$seq		Sequence of codepoints, separated with a space
 * @return	string				UTF-8 string
 */
 function hexseq_to_utf($seq)
 {
 	return implode('', array_map('hex_to_utf', explode(' ', $seq)));
 }
 /**
 * Convert a codepoint in hexadecimal to a UTF-8 char
 *
 * @param	string	$hex		Codepoint, in hexadecimal
 * @return	string				UTF-8 char
 */
 function hex_to_utf($hex)
 {
 	return cp_to_utf(hexdec($hex));
 }
 /**
 * Convert a codepoint to a UTF-8 char
 *
 * @param	integer	$cp			Unicode codepoint
 * @return	string				UTF-8 string
 */
 function cp_to_utf($cp)
 {
 	if ($cp > 0xFFFF)
 	{
 		return chr(0xF0 | ($cp >> 18)) . chr(0x80 | (($cp >> 12) & 0x3F)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
 	}
 	elseif ($cp > 0x7FF)
 	{
 		return chr(0xE0 | ($cp >> 12)) . chr(0x80 | (($cp >> 6) & 0x3F)) . chr(0x80 | ($cp & 0x3F));
 	}
 	elseif ($cp > 0x7F)
 	{
 		return chr(0xC0 | ($cp >> 6)) . chr(0x80 | ($cp & 0x3F));
 	}
 	else
 	{
 		return chr($cp);
 	}
 }
--- a/phpBB/docs/AUTHORS
+++ b/phpBB/docs/AUTHORS
@ -14,12 +14,12 @@ phpBB Project Manager : theFinn (James Atkinson)
 phpBB Lead Developers : Acyd Burn (Meik Sievertsen)
                        psoTFX (Paul S. Owen) [2001 - 09/2005]
-phpBB Developers      : DavidMJ (David M.)
+phpBB Developers      : Ashe (Ludovic Arnaud) - [10/2002 - 11/2003, 06/2006 - ]
                        DavidMJ (David M.)
                        GrahamJE (Graham Eames)
-                        naderman (Nils Aderman)
+                        naderman (Nils Adermann)
                        subBlue (Tom Beddard)
                        Ashe (Ludovic Arnaud) - [10/2002 - 11/2003]
                        BartVB (Bart van Bragt) - [11/2000 - 03/2006]
--- a/phpBB/download.php
+++ b/phpBB/download.php
@ -17,12 +17,10 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 $download_id = request_var('id', 0);
 // Thumbnails are not handled by this file by default - but for modders this should be interesting. ;)
 $thumbnail = request_var('t', false);
-// Start session management
+// Start session management, do not update session page.
-$user->session_begin();
+$user->session_begin(false);
 $auth->acl($user->data);
 $user->setup('viewtopic');
@ -65,6 +63,19 @@ if (!$attachment['in_message'])
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 	// Global announcement?
 	if (!$row)
 	{
 		$forum_id = request_var('f', 0);
 		$sql = 'SELECT forum_id, forum_password, parent_id
 			FROM ' . FORUMS_TABLE . '
 			WHERE forum_id = ' . $forum_id;
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 	}
 	if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']))
 	{
 		if ($row['forum_password'])
@ -81,7 +92,7 @@ if (!$attachment['in_message'])
 else
 {
 	$row['forum_id'] = 0;
-	if (!$auth->acl_get('u_pm_download') || !$config['auth_download_pm'])
+	if (!$auth->acl_get('u_pm_download'))
 	{
 		trigger_error('SORRY_AUTH_VIEW_ATTACH');
 	}
@ -116,12 +127,13 @@ if (!$attachment)
 $attachment['physical_filename'] = basename($attachment['physical_filename']);
 $display_cat = $extensions[$attachment['extension']]['display_cat'];
 if ($thumbnail)
 {
 	$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
 }
-else
+else if ($display_cat == ATTACHMENT_CATEGORY_NONE)
 {
 	// Update download count
 	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' 
@ -162,51 +174,11 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
 	}
 	// Determine the Browser the User is using, because of some nasty incompatibilities.
 	// borrowed from phpMyAdmin. :)
 	$user_agent = $user->browser;
 	if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[2];
 		$browser_agent = 'opera';
 	}
 	else if (ereg('MSIE ([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'ie';
 	}
 	else if (ereg('OmniWeb/([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'omniweb';
 	}
 	else if (ereg('(Konqueror/)(.*)(;)', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[2];
 		$browser_agent = 'konqueror';
 	}
 	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version) && ereg('Safari/([0-9]*)', $user_agent, $log_version2))
 	{
 		$browser_version = $log_version[1] . '.' . $log_version2[1];
 		$browser_agent = 'safari';
 	}
 	else if (ereg('Mozilla/([0-9].[0-9]{1,2})', $user_agent, $log_version))
 	{
 		$browser_version = $log_version[1];
 		$browser_agent = 'mozilla';
 	}
 	else
 	{
 		$browser_version = 0;
 		$browser_agent = 'other';
 	}
 	// Correct the mime type - we force application/octetstream for all files, except images
 	// Please do not change this, it is a security precaution
 	if ($category == ATTACHMENT_CATEGORY_NONE && strpos($attachment['mimetype'], 'image') === false)
 	{
-		$attachment['mimetype'] = ($browser_agent == 'ie' || $browser_agent == 'opera') ? 'application/octetstream' : 'application/octet-stream';
+		$attachment['mimetype'] = (strpos(strtolower($user->browser), 'msie') !== false || strpos(strtolower($user->browser), 'opera') !== false) ? 'application/octetstream' : 'application/octet-stream';
 	}
 	if (@ob_get_length())
@ -214,31 +186,40 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		@ob_end_clean();
 	}
 	// Now send the File Contents to the Browser
 	$size = @filesize($filename);
 	// Might not be ideal to store the contents, but file_get_contents is binary-safe as well as the recommended method
 	// To correctly display further errors we need to make sure we are using the correct headers for both (unsetting content-length may not work)
 	$contents = @file_get_contents($filename);
 	// Check if headers already sent or not able to get the file contents.
 	if (headers_sent() || $contents === false)
 	{
 		unset($contents);
 		// PHP track_errors setting On?
 		if (!empty($php_errormsg))
 		{
 			trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
 		}
 		trigger_error('UNABLE_TO_DELIVER_FILE');
 	}
 	// Now the tricky part... let's dance
 	header('Pragma: public');
 	// Send out the Headers
-	header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
+	header('Content-type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
 	header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
 	// Now send the File Contents to the Browser
 	$size = @filesize($filename);
 	if ($size)
 	{
 		header("Content-length: $size");
 	}
-	$result = @readfile($filename);
+	echo $contents;
-	
+	unset($contents);
 	if (!$result)
 	{
 		// PHP track_errors setting On?
 		if (!empty($php_errormsg))
 		{
 			trigger_error('Unable to deliver file.<br />Error was: ' . $php_errormsg, E_USER_ERROR);
 		}
 		trigger_error('Unable to deliver file.', E_USER_ERROR);
 	}
 	flush();
 	exit;
@ -256,7 +237,7 @@ function download_allowed()
 		return true;
 	}
-	$url = (getenv('HTTP_REFERER')) ? trim(getenv('HTTP_REFERER')) : trim($_SERVER['HTTP_REFERER']);
+	$url = (!empty($_SERVER['HTTP_REFERER'])) ? trim($_SERVER['HTTP_REFERER']) : trim(getenv('HTTP_REFERER'));
 	if (!$url)
 	{
@ -264,15 +245,21 @@ function download_allowed()
 	}
 	// Split URL into domain and script part
-	$url = explode('?', str_replace(array('http://', 'https://'), array('', ''), $url));
+	$url = @parse_url($url);
-	$hostname = trim($url[0]);
+
 	if ($url === false)
 	{
 		return ($config['secure_allow_empty_referer']) ? true : false;
 	}
 	$hostname = $url['host'];
 	unset($url);
 	$allowed = ($config['secure_allow_deny']) ? false : true;
 	$iplist = array();
-	$ip_ary = gethostbynamel($hostname);
+	if (($ip_ary = @gethostbynamel($hostname)) !== false)
-
+	{
 		foreach ($ip_ary as $ip)
 		{
 			if ($ip)
@ -280,6 +267,7 @@ function download_allowed()
 				$iplist[] = $ip;
 			}
 		}
 	}
 	// Check for own server...
 	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
@ -311,7 +299,7 @@ function download_allowed()
 			{
 				foreach ($iplist as $ip)
 				{
-					if (preg_match('#^' . str_replace('*', '.*?', $site_ip) . '$#i', $ip))
+					if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_ip, '#')) . '$#i', $ip))
 					{
 						if ($row['ip_exclude'])
 						{
@ -328,7 +316,7 @@ function download_allowed()
 			if ($site_hostname)
 			{
-				if (preg_match('#^' . str_replace('*', '.*?', $site_hostname) . '$#i', $hostname))
+				if (preg_match('#^' . str_replace('*', '.*?', preg_quote($site_hostname, '#')) . '$#i', $hostname))
 				{
 					if ($row['ip_exclude'])
 					{
--- a/phpBB/includes/acm/acm_file.php
+++ b/phpBB/includes/acm/acm_file.php
@ -19,6 +19,7 @@ class acm
 	var $is_modified = false;
 	var $sql_rowset = array();
 	var $sql_row_pointer = array();
 	/**
 	* Set cache path
@ -56,6 +57,7 @@ class acm
 		unset($this->vars);
 		unset($this->var_expires);
 		unset($this->sql_rowset);
 		unset($this->sql_row_pointer);
 	}
 	/**
@ -69,7 +71,7 @@ class acm
 		}
 		global $phpEx;
-		$file = '<?php $this->vars=' . $this->format_array($this->vars) . ";\n\$this->var_expires=" . $this->format_array($this->var_expires) . ' ?>';
+		$file = "<?php\n\$this->vars = " . $this->format_array($this->vars) . ";\n\n\$this->var_expires = " . $this->format_array($this->var_expires) . "\n?>";
 		if ($fp = @fopen($this->cache_dir . 'data_global.' . $phpEx, 'wb'))
 		{
@ -255,26 +257,28 @@ class acm
 	/**
 	* Format an array to be stored on filesystem
 	*/
-	function format_array($array)
+	function format_array($array, $tab = '')
 	{
 		$tab .= "\t";
 		$lines = array();
 		foreach ($array as $k => $v)
 		{
 			if (is_array($v))
 			{
-				$lines[] = "\n'$k' => " . $this->format_array($v);
+				$lines[] = "\n{$tab}'$k' => " . $this->format_array($v, $tab);
 			}
 			else if (is_int($v))
 			{
-				$lines[] = "\n'$k' => $v";
+				$lines[] = "\n{$tab}'$k' => $v";
 			}
 			else if (is_bool($v))
 			{
-				$lines[] = "\n'$k' => " . (($v) ? 'true' : 'false');
+				$lines[] = "\n{$tab}'$k' => " . (($v) ? 'true' : 'false');
 			}
 			else
 			{
-				$lines[] = "\n'$k' => '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $v)) . "'";
+				$lines[] = "\n{$tab}'$k' => '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $v)) . "'";
 			}
 		}
@ -309,6 +313,8 @@ class acm
 			return false;
 		}
 		$this->sql_row_pointer[$query_id] = 0;
 		return $query_id;
 	}
@ -329,6 +335,7 @@ class acm
 			$lines = array();
 			$query_id = sizeof($this->sql_rowset);
 			$this->sql_rowset[$query_id] = array();
 			$this->sql_row_pointer[$query_id] = 0;
 			while ($row = $db->sql_fetchrow($query_result))
 			{
@ -359,7 +366,63 @@ class acm
 	*/
 	function sql_fetchrow($query_id)
 	{
-		return array_shift($this->sql_rowset[$query_id]);
+		if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
 		{
 			return $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]++];
 		}
 		return false;
 	}
 	/**
 	* Fetch the number of rows from cache (database)
 	*/
 	function sql_numrows($query_id)
 	{
 		return sizeof($this->sql_rowset[$query_id]);
 	}
 	/**
 	* Fetch a field from the current row of a cached database result (database)
 	*/
 	function sql_fetchfield($query_id, $field)
 	{
 		if ($this->sql_row_pointer[$query_id] < sizeof($this->sql_rowset[$query_id]))
 		{
 			return (isset($this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field])) ? $this->sql_rowset[$query_id][$this->sql_row_pointer[$query_id]][$field] : false;
 		}
 		return false;
 	}
 	/**
 	* Seek a specific row in an a cached database result (database)
 	*/
 	function sql_rowseek($query_id, $rownum)
 	{
 		if ($rownum >= sizeof($this->sql_rowset[$query_id]))
 		{
 			return false;
 		}
 		$this->sql_row_pointer[$query_id] = $rownum;
 		return true;
 	}
 	/**
 	* Free memory used for a cached database result (database)
 	*/
 	function sql_freeresult($query_id)
 	{
 		if (!isset($this->sql_rowset[$query_id]))
 		{
 			return false;
 		}
 		unset($this->sql_rowset[$query_id]);
 		unset($this->sql_row_pointer[$query_id]);
 		return true;
 	}
 }
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@ -78,7 +78,7 @@ class acp_attachments
 				}
 				$db->sql_freeresult($result);
-				$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((sizeof($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode(', ', $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NONE']) . ']';
+				$l_legend_cat_images = $user->lang['SETTINGS_CAT_IMAGES'] . ' [' . $user->lang['ASSIGNED_GROUP'] . ': ' . ((sizeof($s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE])) ? implode(', ', $s_assigned_groups[ATTACHMENT_CATEGORY_IMAGE]) : $user->lang['NO_EXT_GROUP']) . ']';
 				$display_vars = array(
 					'title'	=> 'ACP_ATTACHMENT_SETTINGS',
@ -97,7 +97,7 @@ class acp_attachments
 						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'type' => 'text:3:3', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
-						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERER', 'type' => 'radio:yes_no', 'explain' => true),
+						'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'type' => 'radio:yes_no', 'explain' => true),
 						'legend2'					=> $l_legend_cat_images,
 						'img_display_inlined'		=> array('lang' => 'DISPLAY_INLINED',		'type' => 'radio:yes_no', 'explain' => true),
@ -294,7 +294,7 @@ class acp_attachments
 						{
 							$sql = 'SELECT extension 
 								FROM ' . EXTENSIONS_TABLE . '
-								WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
+								WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 							$result = $db->sql_query($sql);
 							$extension_list = '';
@ -306,7 +306,7 @@ class acp_attachments
 							$sql = 'DELETE 
 								FROM ' . EXTENSIONS_TABLE . '
-								WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
+								WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
 							$db->sql_query($sql);
 							add_log('admin', 'LOG_ATTACH_EXT_DEL', $extension_list);
@ -508,7 +508,7 @@ class acp_attachments
 					{
 						$sql = 'UPDATE ' . EXTENSIONS_TABLE . " 
 							SET group_id = $group_id
-							WHERE extension_id IN (" . implode(', ', $extension_list) . ")";
+							WHERE " . $db->sql_in_set('extension_id', $extension_list);
 						$db->sql_query($sql);
 					}
@ -521,7 +521,7 @@ class acp_attachments
 				}
 				$cat_lang = array(
-					ATTACHMENT_CATEGORY_NONE	=> $user->lang['NONE'],
+					ATTACHMENT_CATEGORY_NONE	=> $user->lang['NO_FILE_CAT'],
 					ATTACHMENT_CATEGORY_IMAGE	=> $user->lang['CAT_IMAGES'],
 					ATTACHMENT_CATEGORY_WM		=> $user->lang['CAT_WM_FILES'],
 					ATTACHMENT_CATEGORY_RM		=> $user->lang['CAT_RM_FILES']
@ -631,12 +631,16 @@ class acp_attachments
 						$img_path = $config['upload_icons_path'];
 						$filename_list = '';
 						$no_image_select = false;
 						$imglist = filelist($phpbb_root_path . $img_path);
 						if (sizeof($imglist))
 						{
 							$imglist = array_values($imglist);
 							$imglist = $imglist[0];
 						$filename_list = '';
 						$no_image_select = false;
 							foreach ($imglist as $key => $img)
 							{
 								if (!$ext_group_row['upload_icon'])
@ -651,6 +655,7 @@ class acp_attachments
 								$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
 							}
 						}
 						$i = 0;
 						$assigned_extensions = '';
@ -701,7 +706,7 @@ class acp_attachments
 						$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
 							FROM ' . FORUMS_TABLE . '
 							ORDER BY left_id ASC';
-						$result = $db->sql_query($sql);
+						$result = $db->sql_query($sql, 600);
 						$right = $cat_right = $padding_inc = 0;
 						$padding = $forum_list = $holding = '';
@ -860,7 +865,7 @@ class acp_attachments
 						$sql = 'SELECT forum_id, topic_id, post_id 
 							FROM ' . POSTS_TABLE . '
-							WHERE post_id IN (' . implode(', ', array_keys($upload_list)) . ')';
+							WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list));
 						$result = $db->sql_query($sql);
 						while ($row = $db->sql_fetchrow($result))
@ -954,7 +959,7 @@ class acp_attachments
 		global $db, $user;
 		$types = array(
-			ATTACHMENT_CATEGORY_NONE	=> $user->lang['NONE'],
+			ATTACHMENT_CATEGORY_NONE	=> $user->lang['NO_FILE_CAT'],
 			ATTACHMENT_CATEGORY_IMAGE	=> $user->lang['CAT_IMAGES'],
 			ATTACHMENT_CATEGORY_WM		=> $user->lang['CAT_WM_FILES'],
 			ATTACHMENT_CATEGORY_RM		=> $user->lang['CAT_RM_FILES']
@ -1097,7 +1102,7 @@ class acp_attachments
 				'in_message'		=> 0,
 				'physical_filename'	=> $filedata['physical_filename'],
 				'real_filename'		=> $filedata['real_filename'],
-				'comment'			=> $message_parser->filename_data['filecomment'],
+				'attach_comment'	=> $message_parser->filename_data['filecomment'],
 				'extension'			=> $filedata['extension'],
 				'mimetype'			=> $filedata['mimetype'],
 				'filesize'			=> $filedata['filesize'],
@ -1145,7 +1150,7 @@ class acp_attachments
 	{
 		$imagick = '';
-		$exe = ((defined('PHP_OS')) && (preg_match('#win#i', PHP_OS))) ? '.exe' : '';
+		$exe = ((defined('PHP_OS')) && (preg_match('#^win#i', PHP_OS))) ? '.exe' : '';
 		$magic_home = getenv('MAGICK_HOME');
@ -1368,16 +1373,16 @@ class acp_attachments
 		}
 		else if (isset($_POST['unsecuresubmit']))
 		{
-			$unip_sql = implode(', ', array_map('intval', $_POST['unip']));
+			$unip_sql = array_map('intval', $_POST['unip']);
-			if ($unip_sql != '')
+			if (sizeof($unip_sql))
 			{
 				$l_unip_list = '';
 				// Grab details of ips for logging information later
 				$sql = 'SELECT site_ip, site_hostname
-					FROM ' . SITELIST_TABLE . "
+					FROM ' . SITELIST_TABLE . '
-					WHERE site_id IN ($unip_sql)";
+					WHERE ' . $db->sql_in_set('site_id', $unip_sql);
 				$result = $db->sql_query($sql);
 				while ($row = $db->sql_fetchrow($result))
@ -1386,8 +1391,8 @@ class acp_attachments
 				}
 				$db->sql_freeresult($result);
-				$sql = 'DELETE FROM ' . SITELIST_TABLE . "
+				$sql = 'DELETE FROM ' . SITELIST_TABLE . '
-					WHERE site_id IN ($unip_sql)";
+					WHERE ' . $db->sql_in_set('site_id', $unip_sql);
 				$db->sql_query($sql);
 				add_log('admin', 'LOG_DOWNLOAD_REMOVE_IP', $l_unip_list);
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@ -33,12 +33,12 @@ class acp_bbcodes
 		switch ($action)
 		{
 			case 'add':
-				$bbcode_match = $bbcode_tpl = '';
+				$bbcode_match = $bbcode_tpl = $bbcode_helpline = '';
 				$display_on_posting = 0;
 			break;
 			case 'edit':
-				$sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting
+				$sql = 'SELECT bbcode_match, bbcode_tpl, display_on_posting, bbcode_helpline
 					FROM ' . BBCODES_TABLE . '
 					WHERE bbcode_id = ' . $bbcode_id;
 				$result = $db->sql_query($sql);
@ -53,6 +53,7 @@ class acp_bbcodes
 				$bbcode_match = $row['bbcode_match'];
 				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
 				$display_on_posting = $row['display_on_posting'];
 				$bbcode_helpline = html_entity_decode($row['bbcode_helpline']);
 			break;
 			case 'modify':
@ -75,6 +76,7 @@ class acp_bbcodes
 				$bbcode_match = request_var('bbcode_match', '');
 				$bbcode_tpl = html_entity_decode(request_var('bbcode_tpl', ''));
 				$bbcode_helpline = htmlspecialchars(request_var('bbcode_helpline', ''));
 			break;
 		}
@ -89,8 +91,10 @@ class acp_bbcodes
 					'U_BACK'			=> $this->u_action,
 					'U_ACTION'			=> $this->u_action . '&amp;action=' . (($action == 'add') ? 'create' : 'modify') . (($bbcode_id) ? "&amp;bbcode=$bbcode_id" : ''),
 					'L_BBCODE_USAGE_EXPLAIN'=> sprintf($user->lang['BBCODE_USAGE_EXPLAIN'], '<a href="#down">', '</a>'),
 					'BBCODE_MATCH'			=> $bbcode_match,
 					'BBCODE_TPL'			=> $bbcode_tpl,
 					'BBCODE_HELPLINE'		=> $bbcode_helpline,
 					'DISPLAY_ON_POSTING'	=> $display_on_posting)
 				);
@ -134,6 +138,7 @@ class acp_bbcodes
 					'bbcode_match'				=> $bbcode_match,
 					'bbcode_tpl'				=> $bbcode_tpl,
 					'display_on_posting'		=> $display_on_posting,
 					'bbcode_helpline'			=> $bbcode_helpline,
 					'first_pass_match'			=> $data['first_pass_match'],
 					'first_pass_replace'		=> $data['first_pass_replace'],
 					'second_pass_match'			=> $data['second_pass_match'],
@ -163,7 +168,7 @@ class acp_bbcodes
 						$bbcode_id = NUM_CORE_BBCODES + 1;
 					}
-					if ($bbcode_id > 31)
+					if ($bbcode_id > 1511)
 					{
 						trigger_error('TOO_MANY_BBCODES');
 					}
@ -278,8 +283,8 @@ class acp_bbcodes
 			{
 				$token_type = $m[1][$n];
-				reset($tokens[$token_type]);
+				reset($tokens[strtoupper($token_type)]);
-				list($match, $replace) = each($tokens[$token_type]);
+				list($match, $replace) = each($tokens[strtoupper($token_type)]);
 				// Pad backreference numbers from tokens
 				if (preg_match_all('/(?<!\\\\)\$([0-9]+)/', $replace, $repad))
@ -337,7 +342,7 @@ class acp_bbcodes
 		}
 		// Lowercase tags
-		$bbcode_tag = preg_replace('/.*?\[([a-z]+=?).*/i', '$1', $bbcode_match);
+		$bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+=?).*/i', '$1', $bbcode_match);
 		$fp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_match);
 		$fp_replace = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $fp_replace);
 		$sp_match = preg_replace('#\[/?' . $bbcode_tag . '#ie', "strtolower('\$0')", $sp_match);
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@ -40,9 +40,9 @@ class acp_board
 						'board_disable_msg'		=> false,
 						'default_lang'			=> array('lang' => 'DEFAULT_LANGUAGE',		'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
 						'default_dateformat'	=> array('lang' => 'DEFAULT_DATE_FORMAT',	'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true),
-						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false),
+						'board_timezone'		=> array('lang' => 'SYSTEM_TIMEZONE',		'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
 						'board_dst'				=> array('lang' => 'SYSTEM_DST',			'type' => 'radio:yes_no', 'explain' => false),
-						'default_style'			=> array('lang' => 'DEFAULT_STYLE',			'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', true), 'explain' => false),
+						'default_style'			=> array('lang' => 'DEFAULT_STYLE',			'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false),
 						'override_user_style'	=> array('lang' => 'OVERRIDE_STYLE',		'type' => 'radio:yes_no', 'explain' => true),
 						'legend2'				=> 'WARNINGS',
@ -71,6 +71,14 @@ class acp_board
 						'allow_sig_smilies'		=> array('lang' => 'ALLOW_SIG_SMILIES',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'type' => 'radio:yes_no', 'explain' => true),
 						'legend2'				=> 'ACP_LOAD_SETTINGS',
 						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',		'type' => 'radio:yes_no', 'explain' => false),
 						'load_moderators'		=> array('lang' => 'YES_MODERATORS',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',		'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_memberlist'	=> array('lang' => 'LOAD_CPF_MEMBERLIST',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewtopic'	=> array('lang' => 'LOAD_CPF_VIEWTOPIC',	'type' => 'radio:yes_no', 'explain' => false),
 					)
 				);
 			break;
@ -104,14 +112,13 @@ class acp_board
 						'pm_max_boxes'			=> array('lang' => 'BOXES_MAX',				'type' => 'text:4:4', 'explain' => true),
 						'pm_max_msgs'			=> array('lang' => 'BOXES_LIMIT',			'type' => 'text:4:4', 'explain' => true),
 						'full_folder_action'	=> array('lang' => 'FULL_FOLDER_ACTION',	'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
-						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'pm_edit_time'			=> array('lang' => 'PM_EDIT_TIME',			'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'allow_mass_pm'			=> array('lang' => 'ALLOW_MASS_PM',			'type' => 'radio:yes_no', 'explain' => false),
 						'auth_bbcode_pm'		=> array('lang' => 'ALLOW_BBCODE_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'auth_smilies_pm'		=> array('lang' => 'ALLOW_SMILIES_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'type' => 'radio:yes_no', 'explain' => false),
 						'auth_download_pm'		=> array('lang' => 'ALLOW_DOWNLOAD_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'allow_sig_pm'			=> array('lang' => 'ALLOW_SIG_PM',			'type' => 'radio:yes_no', 'explain' => false),
 						'print_pm'				=> array('lang' => 'ALLOW_PRINT_PM',		'type' => 'radio:yes_no', 'explain' => false),
 						'forward_pm'			=> array('lang' => 'ALLOW_FORWARD_PM',		'type' => 'radio:yes_no', 'explain' => false),
@ -137,7 +144,7 @@ class acp_board
 						'legend2'				=> 'POSTING',
 						'bump_type'				=> false,
-						'edit_time'				=> array('lang' => 'EDIT_TIME',				'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'edit_time'				=> array('lang' => 'EDIT_TIME',				'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
 						'display_last_edited'	=> array('lang' => 'DISPLAY_LAST_EDITED',	'type' => 'radio:yes_no', 'explain' => true),
 						'flood_interval'		=> array('lang' => 'FLOOD_INTERVAL',		'type' => 'text:3:4', 'explain' => true),
 						'bump_interval'			=> array('lang' => 'BUMP_INTERVAL',			'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
@ -204,33 +211,6 @@ class acp_board
 						'coppa_enable'		=> array('lang' => 'ENABLE_COPPA',		'type' => 'radio:yes_no', 'explain' => true),
 						'coppa_mail'		=> array('lang' => 'COPPA_MAIL',		'type' => 'textarea:5:40', 'explain' => true),
 						'coppa_fax'			=> array('lang' => 'COPPA_FAX',			'type' => 'text:25:100', 'explain' => false),
 						'coppa_hide_groups'	=> array('lang' => 'COPPA_HIDE_GROUPS',	'type' => 'radio:yes_no', 'explain' => true),
 					)
 				);
 			break;
 			case 'visual':
 				$display_vars = array(
 					'title'	=> 'ACP_VC_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'GENERAL_OPTIONS',
 						'enable_confirm'		=> array('lang' => 'VISUAL_CONFIRM_REG',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_post_confirm'	=> array('lang' => 'VISUAL_CONFIRM_POST',	'type' => 'radio:yes_no', 'explain' => true),
 						'legend2'						=> 'CAPTCHA_OPTIONS',
 						'policy_overlap'				=> array('lang' => 'CAPTCHA_OVERLAP',		'type' => 'radio:yes_no', 'explain' => false),
 						'policy_overlap_noise_pixel'	=> array('lang' => 'OVERLAP_NOISE_PIXEL',	'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
 						'policy_overlap_noise_line'		=> array('lang' => 'OVERLAP_NOISE_LINE',	'type' => 'radio:yes_no', 'explain' => false),
 						'policy_entropy'				=> array('lang' => 'CAPTCHA_ENTROPY',		'type' => 'radio:yes_no', 'explain' => false),
 						'policy_entropy_noise_pixel'	=> array('lang' => 'ENTROPY_NOISE_PIXEL',	'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
 						'policy_entropy_noise_line'		=> array('lang' => 'ENTROPY_NOISE_LINE',	'type' => 'radio:yes_no', 'explain' => false),
 						'policy_shape'					=> array('lang' => 'CAPTCHA_SHAPE',			'type' => 'radio:yes_no', 'explain' => false),
 						'policy_shape_noise_pixel'		=> array('lang' => 'SHAPE_NOISE_PIXEL',		'type' => 'select', 'method' => 'captcha_pixel_noise_select', 'explain' => false),
 						'policy_shape_noise_line'		=> array('lang' => 'SHAPE_NOISE_LINE',		'type' => 'radio:yes_no', 'explain' => false),
 						'policy_3dbitmap'				=> array('lang' => 'CAPTCHA_3DBITMAP',		'type' => 'radio:yes_no', 'explain' => false),
 						'policy_cells'					=> array('lang' => 'CAPTCHA_CELLS',			'type' => 'radio:yes_no', 'explain' => false),
 						'policy_stencil'				=> array('lang' => 'CAPTCHA_STENCIL',		'type' => 'radio:yes_no', 'explain' => false),
 						'policy_composite'				=> array('lang' => 'CAPTCHA_COMPOSITE',		'type' => 'radio:yes_no', 'explain' => false),
 					)
 				);
 			break;
@ -261,13 +241,14 @@ class acp_board
 						'legend2'				=> 'GENERAL_OPTIONS',
 						'load_db_track'			=> array('lang' => 'YES_POST_MARKING',		'type' => 'radio:yes_no', 'explain' => true),
 						'load_db_lastread'		=> array('lang' => 'YES_READ_MARKING',		'type' => 'radio:yes_no', 'explain' => true),
 						'load_anon_lastread'	=> array('lang' => 'YES_ANON_READ_MARKING',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_online'			=> array('lang' => 'YES_ONLINE',			'type' => 'radio:yes_no', 'explain' => true),
 						'load_online_guests'	=> array('lang' => 'YES_ONLINE_GUESTS',		'type' => 'radio:yes_no', 'explain' => true),
 						'load_onlinetrack'		=> array('lang' => 'YES_ONLINE_TRACK',		'type' => 'radio:yes_no', 'explain' => true),
 						'load_birthdays'		=> array('lang' => 'YES_BIRTHDAYS',			'type' => 'radio:yes_no', 'explain' => false),
 						'load_moderators'		=> array('lang' => 'YES_MODERATORS',		'type' => 'radio:yes_no', 'explain' => false),
 						'load_jumpbox'			=> array('lang' => 'YES_JUMPBOX',			'type' => 'radio:yes_no', 'explain' => false),
-						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY','type' => 'radio:yes_no', 'explain' => true),
+						'load_user_activity'	=> array('lang' => 'LOAD_USER_ACTIVITY',	'type' => 'radio:yes_no', 'explain' => true),
 						'load_tplcompile'		=> array('lang' => 'RECOMPILE_TEMPLATES',	'type' => 'radio:yes_no', 'explain' => true),
 						'legend3'				=> 'CUSTOM_PROFILE_FIELDS',
@ -322,7 +303,7 @@ class acp_board
 						'browser_check'			=> array('lang' => 'BROWSER_VALID',			'type' => 'radio:yes_no', 'explain' => true),
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
 						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'type' => 'text:3:3', 'explain' => true),
-						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS','type' => 'text:3:3', 'explain' => true),
+						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'type' => 'text:3:3', 'explain' => true),
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'type' => 'radio:yes_no', 'explain' => true),
 					)
 				);
@ -363,7 +344,7 @@ class acp_board
 		}
 		$this->new_config = $config;
-		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config;
+		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : $this->new_config;
 		// We go through the display_vars to make sure no one is trying to set variables he/she is not allowed to...
 		foreach ($display_vars['vars'] as $config_name => $null)
@ -417,7 +398,7 @@ class acp_board
 				{
 					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
-					$method = 'admin_' . $method;
+					$method = 'acp_' . $method;
 					if (function_exists($method))
 					{
 						if ($fields = $method($this->new_config))
@ -545,7 +526,7 @@ class acp_board
 			{
 				if ($method && file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
 				{
-					$method = 'admin_' . $method;
+					$method = 'acp_' . $method;
 					if (function_exists($method))
 					{
 						$fields = $method($this->new_config);
@ -621,22 +602,12 @@ class acp_board
 		return '<option value="1"' . (($value == 1) ? ' selected="selected"' : '') . '>' . $user->lang['DELETE_OLDEST_MESSAGES'] . '</option><option value="2"' . (($value == 2) ? ' selected="selected"' : '') . '>' . $user->lang['HOLD_NEW_MESSAGES_SHORT'] . '</option>';
 	}
 	/**
 	* Select captcha pixel noise
 	*/
 	function captcha_pixel_noise_select($value, $key = '')
 	{
 		global $user;
 		return '<option value="0"' . (($value == 0) ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option><option value="1"' . (($value == 1) ? ' selected="selected"' : '') . '>' . $user->lang['LIGHT'] . '</option><option value="2"' . (($value == 2) ? ' selected="selected"' : '') . '>' . $user->lang['MEDIUM'] . '</option><option value="3"' . (($value == 3) ? ' selected="selected"' : '') . '>' . $user->lang['HEAVY'] . '</option>';
 	}
 	/**
 	* Select ip validation
 	*/
 	function select_ip_check($value, $key = '')
 	{
-		$radio_ary = array(4 => 'ALL', 3 => 'CLASS_C', 2 => 'CLASS_B', 0 => 'NONE');
+		$radio_ary = array(4 => 'ALL', 3 => 'CLASS_C', 2 => 'CLASS_B', 0 => 'NO_IP_VALIDATION');
 		return h_radio('config[ip_check]', $radio_ary, $value, $key);
 	}
--- a/phpBB/includes/acp/acp_bots.php
+++ b/phpBB/includes/acp/acp_bots.php
@ -96,7 +96,7 @@ class acp_bots
 					foreach ($_tables as $table)
 					{
 						$sql = "DELETE FROM $table
-							WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
+							WHERE " . $db->sql_in_set('user_id', $user_id_ary);
 						$db->sql_query($sql);
 					}
--- a/phpBB/includes/acp/acp_captcha.php
+++ b/phpBB/includes/acp/acp_captcha.php
@ -0,0 +1,113 @@
 <?php
 /** 
 *
 * @package acp
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 
 */
 /**
 * @package acp
 */
 class acp_captcha
 {
 	var $u_action;
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		$user->add_lang('acp/board');
 		$config_vars = array('enable_confirm'			=> 'REG_ENABLE',
 						'enable_post_confirm'			=> 'POST_ENABLE',
 						'policy_overlap'				=> 'OVERLAP_ENABLE',
 						'policy_overlap_noise_pixel'	=> 'OVERLAP_NOISE_PIXEL',
 						'policy_overlap_noise_line'		=> 'OVERLAP_NOISE_LINE_ENABLE',
 						'policy_entropy'				=> 'ENTROPY_ENABLE',
 						'policy_entropy_noise_pixel'	=> 'ENTROPY_NOISE_PIXEL',
 						'policy_entropy_noise_line'		=> 'ENTROPY_NOISE_LINE_ENABLE',
 						'policy_shape'					=> 'SHAPE_ENABLE',
 						'policy_shape_noise_pixel'		=> 'SHAPE_NOISE_PIXEL',
 						'policy_shape_noise_line'		=> 'SHAPE_NOISE_LINE_ENABLE',
 						'policy_3dbitmap'				=> 'THREEDBITMAP_ENABLE',
 						'policy_cells'					=> 'CELLS_ENABLE',
 						'policy_stencil'				=> 'STENCIL_ENABLE',
 						'policy_composite'				=> 'COMPOSITE_ENABLE'
 					);
 		$policy_modules = array('policy_entropy', 'policy_3dbitmap', 'policy_overlap', 'policy_shape', 'policy_cells', 'policy_stencil', 'policy_composite');
 		switch ($mode)
 		{
 			case 'visual':
 				$this->tpl_name = 'acp_captcha';
 				$this->page_title = 'ACP_VC_SETTINGS';
 				$submit = request_var('submit', '');
 				if ($submit)
 				{
 					$config_vars = array_keys($config_vars);
 					foreach ($config_vars as $config_var)
 					{
 						set_config($config_var, request_var($config_var, ''));
 					}
 					trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 				}
 				else
 				{
 					$array = array();
 					foreach ($config_vars as $config_var => $template_var)
 					{
 						$array[$template_var] = $config[$config_var];
 					}
 					$template->assign_vars($array);
 					if (@extension_loaded('gd'))
 					{
 						$template->assign_var('GD', true);
 						foreach ($policy_modules as $module_name)
 						{
 							$template->assign_var('U_' . strtoupper($module_name), sprintf($user->lang['CAPTCHA_EXPLAIN'], '<a href="' . append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=captcha&amp;mode=img&amp;policy=' . $module_name) . '" target="_blank">', '</a>'));
 						}
 						if (function_exists('imagettfbbox') && function_exists('imagettftext'))
 						{
 							$template->assign_var('TTF', true);
 						}
 					}
 				}
 			break;
 			case 'img':
 				$policy = request_var('policy', '');
 				if (!@extension_loaded('gd'))
 				{
 					trigger_error($user->lang['NO_GD']);
 				}
 				if (!($policy === 'policy_entropy' || $policy === 'policy_3dbitmap') && (!function_exists('imagettfbbox') || !function_exists('imagettftext')))
 				{
 					trigger_error($user->lang['NO_TTF']);
 				}
 				if (!in_array($policy, $policy_modules))
 				{
 					trigger_error($user->lang['BAD_POLICY']);
 				}
 				$user->add_lang('ucp');
 				include($phpbb_root_path . 'includes/captcha/captcha_gd.' . $phpEx);
 				$captcha = new captcha();
 				$captcha->execute(gen_rand_string(), $policy);
 			break;
 		}
 	}
 }
 ?>
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@ -68,7 +68,7 @@ class acp_database
 						@set_time_limit(1200);
-						$filename = time();
+						$filename = 'backup_' . time();
 						// We set up the info needed for our on-the-fly creation :D
 						switch ($format)
@ -135,6 +135,7 @@ class acp_database
 						{
 							case 'sqlite':
 								$sql_data .= "BEGIN TRANSACTION;\n";
 								$sqlite_version = sqlite_libversion();
 							break;
 							case 'postgres':
@ -143,7 +144,8 @@ class acp_database
 							case 'mssql':
 							case 'mssql_odbc':
-								$sql_data .= "BEGIN TRANSACTION\nGO\n";
+								$sql_data .= "BEGIN TRANSACTION\n";
 								$sql_data .= "GO\n";
 							break;
 						}
@ -157,14 +159,26 @@ class acp_database
 									case 'mysqli':
 									case 'mysql4':
 									case 'mysql':
 									case 'sqlite':
 										$sql_data .= '# Table: ' . $table_name . "\n";
 										$sql_data .= "DROP TABLE IF EXISTS $table_name;\n";
 									break;
 									case 'oracle':
 										$sql_data .= '# Table: ' . $table_name . "\n";
-										$sql_data .= "DROP TABLE $table_name;\n\\\n";
+										$sql_data .= "DROP TABLE $table_name;\n";
 										$sql_data .= '\\' . "\n";
 									break;
 									case 'sqlite':
 										$sql_data .= '# Table: ' . $table_name . "\n";
 										if (version_compare($sqlite_version, '3.0') == -1)
 										{
 											$sql_data .= "DROP TABLE $table_name;\n";
 										}
 										else
 										{
 											$sql_data .= "DROP TABLE IF EXISTS $table_name;\n";
 										}
 									break;
 									case 'postgres':
@ -177,11 +191,33 @@ class acp_database
 									case 'mssql_odbc':
 										$sql_data .= '# Table: ' . $table_name . "\n";
 										$sql_data .= "IF OBJECT_ID(N'$table_name', N'U') IS NOT NULL\n";
-										$sql_data .= "DROP TABLE $table_name;\nGO\n";
+										$sql_data .= "DROP TABLE $table_name;\n";
 										$sql_data .= "GO\n";
 									break;
 								}
 								$sql_data .= $this->get_table_structure($table_name);
 							}
 							// We might wanna empty out all that junk :D
 							else
 							{
 								switch (SQL_LAYER)
 								{
 									case 'mysqli':
 									case 'mysql4':
 									case 'mysql':
 									case 'mssql':
 									case 'mssql_odbc':
 									case 'oracle':
 									case 'postgres':
 									case 'firebird':
 										$sql_data .= 'TRUNCATE TABLE ' . $table_name . ";\n";
 									break;
 									case 'sqlite':
 										$sql_data .= 'DELETE FROM ' . $table_name . ";\n";
 									break;
 								}
 							}
 							// Now write the data for the first time. :)
 							if ($store == true)
 							{
@ -211,7 +247,8 @@ class acp_database
 								{
 									case 'mysqli':
-										$sql = "SELECT * FROM $table_name";
+										$sql = "SELECT *
 											FROM $table_name";
 										$result = mysqli_query($db->db_connect_id, $sql, MYSQLI_USE_RESULT);
 										if ($result != false)
 										{
@ -278,7 +315,8 @@ class acp_database
 									case 'mysql4':
 									case 'mysql':
-										$sql = "SELECT * FROM $table_name";
+										$sql = "SELECT *
 											FROM $table_name";
 										$result = mysql_unbuffered_query($sql, $db->db_connect_id);
 										if ($result != false)
@ -347,12 +385,48 @@ class acp_database
 									break;
 									case 'sqlite':
 										// This is *not* my fault. The PHP guys forgot a call to finalize when they wrote this function. This forces all the tables to stay locked...
 										// They finally fixed it in 5.1.3 but 5.1.2 and under still have this so instead, we go and grab the column types by smashing open the sqlite_master table
 										// and grope around for things that remind us of datatypes...
 										if (version_compare(phpversion(), '5.1.3', '>='))
 										{
 											$col_types = sqlite_fetch_column_types($db->db_connect_id, $table_name);
 										}
 										else
 										{
 											$sql = "SELECT sql
 												FROM sqlite_master 
 												WHERE type = 'table' 
 													AND name = '" . $table_name . "'";
 											$table_data = sqlite_single_query($db->db_connect_id, $sql);
 											$table_data = preg_replace('#CREATE\s+TABLE\s+"?' . $table_name . '"?#i', '', $table_data);
 											$table_data = trim($table_data);
-										$col_types = sqlite_fetch_column_types($table_name, $db->db_connect_id);
+											preg_match('#\((.*)\)#s', $table_data, $matches);
 										$sql = "SELECT * FROM $table_name";
 										$result = $db->sql_query($sql);
-										while ($row = $db->sql_fetchrow($result))
+											$column_list = array();
 											$table_cols = explode(',', trim($matches[1]));
 											foreach($table_cols as $declaration)
 											{
 												$entities = preg_split('#\s+#', trim($declaration));
 												$column_name = preg_replace('/"?([^"]+)"?/', '\1', $entities[0]);
 												// Hit a primary key, those are not what we need :D
 												if (empty($entities[1]))
 												{
 													continue;
 												}
 												$col_types[$column_name] = $entities[1];
 											}
 										}
 										// Unbueffered query and the foreach make this ultra fast, we wait for nothing.
 										$sql = "SELECT *
 											FROM $table_name";
 										$result = sqlite_unbuffered_query($db->db_connect_id, $sql);
 										$rows = sqlite_fetch_all($result, SQLITE_ASSOC);
 										foreach ($rows as $row)
 										{
 											$names = $data = array();
 											foreach ($row as $row_name => $row_data)
@ -405,7 +479,7 @@ class acp_database
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 										$i_num_fields = pg_num_fields($result);
@ -421,14 +495,14 @@ class acp_database
 												FROM pg_attrdef d, pg_class c
 												WHERE (c.relname = '{$table_name}')
 													AND (c.oid = d.adrelid)
-													AND d.adnum = " . strval($i+1);
+													AND d.adnum = " . strval($i + 1);
 											$result2 = $db->sql_query($sql);
 											if ($row = $db->sql_fetchrow($result2))
 											{
 												// Determine if we must reset the sequences
-												if (strpos($row['rowdefault'], 'nextval(\'') === 0)
+												if (strpos($row['rowdefault'], "nextval('") === 0)
 												{
-													$seq .= "SELECT SETVAL('{$table_name}_seq',(select case when max({$ary_name[$i]})>0 then max({$ary_name[$i]})+1 else 1 end from {$table_name}));\n";
+													$seq .= "SELECT SETVAL('{$table_name}_seq',(select case when max({$ary_name[$i]})>0 then max({$ary_name[$i]})+1 else 1 end FROM {$table_name}));\n";
 												}
 											}
 										}
@ -476,7 +550,7 @@ class acp_database
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 											if ($store == true)
 											{
@ -526,7 +600,7 @@ class acp_database
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 										$retrieved_data = odbc_num_rows($result);
@ -597,7 +671,7 @@ class acp_database
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 											if ($store == true)
 											{
@ -637,7 +711,7 @@ class acp_database
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 										$retrieved_data = mssql_num_rows($result);
@ -708,7 +782,7 @@ class acp_database
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 											if ($store == true)
 											{
@ -748,7 +822,7 @@ class acp_database
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 										$i_num_fields = ibase_num_fields($result);
@ -803,7 +877,7 @@ class acp_database
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 											if ($store == true)
 											{
@ -833,7 +907,7 @@ class acp_database
 										// Grab all of the data from current table.
 										$sql = "SELECT *
-											FROM {$table_name}";
+											FROM $table_name";
 										$result = $db->sql_query($sql);
 										$i_num_fields = ocinumcols($result);
@ -887,7 +961,7 @@ class acp_database
 											// Take the ordered fields and their associated data and build it
 											// into a valid sql statement to recreate that field in the data.
-											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES(' . implode(', ', $schema_vals) . ");\n";
+											$sql_data .= "INSERT INTO $table_name (" . implode(', ', $schema_fields) . ') VALUES (' . implode(', ', $schema_vals) . ");\n";
 											if ($store == true)
 											{
@ -987,9 +1061,9 @@ class acp_database
 							break;
 							case 'postgres':
-								$sql = "SELECT relname
+								$sql = 'SELECT relname
 									FROM pg_stat_user_tables
-									ORDER BY relname;";
+									ORDER BY relname';
 								$result = $db->sql_query($sql);
 								while ($row = $db->sql_fetchrow($result))
 								{
@ -1088,7 +1162,7 @@ class acp_database
 						$delete = request_var('delete', '');
 						$file = request_var('file', '');
-						preg_match('#^(\d{10})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches);
+						preg_match('#^(backup_\d{10,})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches);
 						$file_name = $phpbb_root_path . 'store/' . $matches[0];
 						if (!(file_exists($file_name) && is_readable($file_name)))
@ -1144,6 +1218,14 @@ class acp_database
 						{
 							// Strip out sql comments...
 							remove_remarks($data);
 							// SQLite gets improved performance when you shove all of these disk write queries at once :D
 							if (SQL_LAYER == 'sqlite')
 							{
 								$db->sql_query($data);
 							}
 							else
 							{
 								switch (SQL_LAYER)
 								{
 									case 'firebird':
@ -1153,7 +1235,6 @@ class acp_database
 									case 'mysql':
 									case 'mysql4':
 									case 'mysqli':
 								case 'sqlite':
 									case 'postgres':
 										$delim = ';';
 									break;
@ -1180,6 +1261,7 @@ class acp_database
 									}
 								}
 							}
 						}
 						add_log('admin', 'LOG_DB_RESTORE');
 						trigger_error($user->lang['RESTORE_SUCCESS']);
 					break;
@ -1202,7 +1284,7 @@ class acp_database
 						$dh = opendir($dir);
 						while (($file = readdir($dh)) !== false)
 						{
-							if (preg_match('#^(\d{10})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
+							if (preg_match('#^backup_(\d{10,})\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
 							{
 								$supported = in_array($matches[2], $methods);
@ -1278,7 +1360,10 @@ class acp_database
 				}
 				$db->sql_freeresult($result);
-				$result = $db->sql_query("SHOW KEYS FROM $table_name");
+				$sql = "SHOW KEYS
 					FROM $table_name";
 				$result = $db->sql_query($sql);
 				$index = array();
 				while ($row = $db->sql_fetchrow($result))
@ -1403,11 +1488,12 @@ class acp_database
 				// We don't even care about storing the results. We already know the answer if we get rows back.
 				if ($db->sql_fetchrow($result))
 				{
 					$sql_data .= "DROP SEQUENCE {$table_name}_seq;\n";
 					$sql_data .= "CREATE SEQUENCE {$table_name}_seq;\n";
 				}
 				$db->sql_freeresult($result);
-				$field_query = "SELECT a.attnum, a.attname AS field, t.typname as type, a.attlen AS length, a.atttypmod as lengthvar, a.attnotnull as notnull
+				$field_query = "SELECT a.attnum, a.attname as field, t.typname as type, a.attlen as length, a.atttypmod as lengthvar, a.attnotnull as notnull
 					FROM pg_class c, pg_attribute a, pg_type t
 					WHERE c.relname = '" . $db->sql_escape($table_name) . "'
 						AND a.attnum > 0
@ -1477,7 +1563,7 @@ class acp_database
 				// Get the listing of primary keys.
-				$sql_pri_keys = "SELECT ic.relname AS index_name, bc.relname AS tab_name, ta.attname AS column_name, i.indisunique AS unique_key, i.indisprimary AS primary_key
+				$sql_pri_keys = "SELECT ic.relname as index_name, bc.relname as tab_name, ta.attname as column_name, i.indisunique as unique_key, i.indisprimary as primary_key
 					FROM pg_class bc, pg_class ic, pg_index i, pg_attribute ta, pg_attribute ia
 					WHERE (bc.oid = i.indrelid)
 						AND (ic.oid = i.indexrelid)
@ -1486,7 +1572,8 @@ class acp_database
 						AND (bc.relname = '" . $db->sql_escape($table_name) . "')
 						AND (ta.attrelid = i.indrelid)
 						AND (ta.attnum = i.indkey[ia.attnum-1])
-					ORDER BY index_name, tab_name, column_name ";
+					ORDER BY index_name, tab_name, column_name";
 				$result = $db->sql_query($sql_pri_keys);
 				$index_create = $index_rows = $primary_key = array();
@ -1599,7 +1686,7 @@ class acp_database
 					if ($row['COLUMN_DEFAULT'])
 					{
-						$line .= ' CONSTRAINT [DF_' . $table_name . '_' . $row['COLUMN_NAME'] . '] DEFAULT ' . $row['COLUMN_DEFAULT'];
+						$line .= ' DEFAULT ' . $row['COLUMN_DEFAULT'];
 					}
 					$rows[] = $line;
@ -1666,7 +1753,7 @@ class acp_database
 				$sql_data .= "\nCREATE TABLE $table_name (\n";
-				$sql  = 'SELECT DISTINCT R.RDB$FIELD_NAME AS FNAME, R.RDB$NULL_FLAG AS NFLAG, R.RDB$DEFAULT_SOURCE AS DSOURCE, F.RDB$FIELD_TYPE AS FTYPE, F.RDB$FIELD_SUB_TYPE AS STYPE, F.RDB$FIELD_LENGTH AS FLEN
+				$sql  = 'SELECT DISTINCT R.RDB$FIELD_NAME as FNAME, R.RDB$NULL_FLAG as NFLAG, R.RDB$DEFAULT_SOURCE as DSOURCE, F.RDB$FIELD_TYPE as FTYPE, F.RDB$FIELD_SUB_TYPE as STYPE, F.RDB$FIELD_LENGTH as FLEN
 					FROM RDB$RELATION_FIELDS R
 					JOIN RDB$FIELDS F ON R.RDB$FIELD_SOURCE=F.RDB$FIELD_NAME
 					LEFT JOIN RDB$FIELD_DIMENSIONS D ON R.RDB$FIELD_SOURCE = D.RDB$FIELD_NAME
@ -1727,7 +1814,7 @@ class acp_database
 				$db->sql_freeresult($result);
-				$sql = 'SELECT I.RDB$INDEX_NAME AS INAME, I.RDB$UNIQUE_FLAG AS UFLAG, S.RDB$FIELD_NAME AS FNAME
+				$sql = 'SELECT I.RDB$INDEX_NAME as INAME, I.RDB$UNIQUE_FLAG as UFLAG, S.RDB$FIELD_NAME as FNAME
 					FROM RDB$INDICES I JOIN RDB$INDEX_SEGMENTS S ON S.RDB$INDEX_NAME=I.RDB$INDEX_NAME
 					WHERE (I.RDB$SYSTEM_FLAG IS NULL  OR  I.RDB$SYSTEM_FLAG=0)
 						AND I.RDB$FOREIGN_KEY IS NULL
@ -1771,7 +1858,7 @@ class acp_database
 				$result = $db->sql_query($sql);
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$sql = 'SELECT T1.RDB$DEPENDED_ON_NAME AS GEN, T1.RDB$FIELD_NAME, T1.RDB$DEPENDED_ON_TYPE
+					$sql = 'SELECT T1.RDB$DEPENDED_ON_NAME as GEN, T1.RDB$FIELD_NAME, T1.RDB$DEPENDED_ON_TYPE
 						FROM RDB$DEPENDENCIES T1
 						WHERE (T1.RDB$DEPENDENT_NAME = \'' . $row['dname'] . '\')
 							AND (T1.RDB$DEPENDENT_TYPE = 2 AND T1.RDB$DEPENDED_ON_TYPE = 14)
@ -1800,7 +1887,9 @@ class acp_database
 			case 'oracle':
 				$sql_data .= "\nCREATE TABLE $table_name (\n";
-				$sql  = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT from ALL_TAB_COLS where table_name = '{$table_name}'";
+				$sql  = "SELECT COLUMN_NAME, DATA_TYPE, DATA_PRECISION, DATA_LENGTH, NULLABLE, DATA_DEFAULT
 					FROM ALL_TAB_COLS
 					WHERE table_name = '{$table_name}'";
 				$result = $db->sql_query($sql);
 				$rows = array();
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@ -55,13 +55,11 @@ class acp_email
 			{
 				if ($usernames)
 				{
 					$usernames = implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", explode("\n", $usernames)));
 					$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang 
-						FROM ' . USERS_TABLE . " 
+						FROM ' . USERS_TABLE . '
-						WHERE username IN ($usernames)
+						WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
 							AND user_allow_massemail = 1
-						ORDER BY user_lang, user_notify_type"; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
+						ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
 				}
 				else
 				{
@ -85,10 +83,10 @@ class acp_email
 				}
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
 				if (!$row)
 				{
 					$db->sql_freeresult($result);
 					trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action));
 				}
@ -159,6 +157,7 @@ class acp_email
 					$messenger->assign_vars(array(
 						'SITENAME'		=> $config['sitename'],
 						'CONTACT_EMAIL' => $config['board_contact'],
 						'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 						'MESSAGE'		=> html_entity_decode($message))
 					);
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@ -99,10 +99,12 @@ class acp_forums
 						'forum_link_track'		=> request_var('forum_link_track', false),
 						'forum_desc'			=> request_var('forum_desc', '', true),
 						'forum_desc_uid'		=> '',
-						'forum_desc_bitfield'	=> 0,
+						'forum_desc_options'	=> 0,
 						'forum_desc_bitfield'	=> '',
 						'forum_rules'			=> request_var('forum_rules', '', true),
 						'forum_rules_uid'		=> '',
-						'forum_rules_bitfield'	=> 0,
+						'forum_rules_options'	=> 0,
 						'forum_rules_bitfield'	=> '',
 						'forum_rules_link'		=> request_var('forum_rules_link', ''),
 						'forum_image'			=> request_var('forum_image', ''),
 						'forum_style'			=> request_var('forum_style', 0),
@ -111,6 +113,7 @@ class acp_forums
 						'enable_indexing'		=> request_var('enable_indexing',true), 
 						'enable_icons'			=> request_var('enable_icons', false),
 						'enable_prune'			=> request_var('enable_prune', false),
 						'enable_post_review'	=> request_var('enable_post_review', true),
 						'prune_days'			=> request_var('prune_days', 7),
 						'prune_viewed'			=> request_var('prune_viewed', 7),
 						'prune_freq'			=> request_var('prune_freq', 1),
@ -126,13 +129,13 @@ class acp_forums
 					// Get data for forum rules if specified...
 					if ($forum_data['forum_rules'])
 					{
-						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], request_var('rules_parse_bbcode', false), request_var('rules_parse_urls', false), request_var('rules_parse_smilies', false));
+						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options'], request_var('rules_parse_bbcode', false), request_var('rules_parse_urls', false), request_var('rules_parse_smilies', false));
 					}
 					// Get data for forum description if specified
 					if ($forum_data['forum_desc'])
 					{
-						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], request_var('desc_parse_bbcode', false), request_var('desc_parse_urls', false), request_var('desc_parse_smilies', false));
+						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options'], request_var('desc_parse_bbcode', false), request_var('desc_parse_urls', false), request_var('desc_parse_smilies', false));
 					}
 					$errors = $this->update_forum_data($forum_data);
@ -142,8 +145,20 @@ class acp_forums
 						$forum_perm_from = request_var('forum_perm_from', 0);
 						// Copy permissions?
-						if ($forum_perm_from && $action == 'add')
+						if ($forum_perm_from)
 						{
 							// if we edit a forum delete current permissions first
 							if ($action == 'edit')
 							{
 								$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
 								$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
 									WHERE forum_id = ' . (int) $forum_data['forum_id'];
 								$db->sql_query($sql);
 							}
 							// From the mysql documentation:
 							// Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
 							// Due to this we stay on the safe side if we do the insertion "the manual way"
@ -281,7 +296,7 @@ class acp_forums
 					trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id));
 				}
-				$sql = 'SELECT forum_name
+				$sql = 'SELECT forum_name, forum_type
 					FROM ' . FORUMS_TABLE . "
 					WHERE forum_id = $forum_id";
 				$result = $db->sql_query($sql);
@ -312,6 +327,7 @@ class acp_forums
 					$forum_data['forum_flags'] += (request_var('prune_announce', false)) ? 4 : 0;
 					$forum_data['forum_flags'] += (request_var('prune_sticky', false)) ? 8 : 0;
 					$forum_data['forum_flags'] += ($forum_data['show_active']) ? 16 : 0;
 					$forum_data['forum_flags'] += (request_var('enable_post_review', true)) ? 32 : 0;
 				}
 				// Show form to create/modify a forum
@ -326,7 +342,20 @@ class acp_forums
 						$forum_data = $row;
 					}
-					$parents_list = make_forum_select($forum_data['parent_id'], $forum_id, false, false, false);
+					// Make sure there is no forum displayed for parents_list having the current forum id as a parent...
 					$sql = 'SELECT forum_id
 						FROM ' . FORUMS_TABLE . '
 						WHERE parent_id = ' . $forum_id;
 					$result = $db->sql_query($sql);
 					$exclude_forums = array($forum_id);
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$exclude_forums[] = $row['forum_id'];
 					}
 					$db->sql_freeresult($result);
 					$parents_list = make_forum_select($forum_data['parent_id'], $exclude_forums, false, false, false);
 					$forum_data['forum_password_confirm'] = $forum_data['forum_password'];
 				}
@ -390,16 +419,17 @@ class acp_forums
 					{
 						// Before we are able to display the preview and plane text, we need to parse our request_var()'d value...
 						$forum_data['forum_rules_uid'] = '';
-						$forum_data['forum_rules_bitfield'] = 0;
+						$forum_data['forum_rules_bitfield'] = '';
 						$forum_data['forum_rules_options'] = 0;
-						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], request_var('rules_allow_bbcode', false), request_var('rules_allow_urls', false), request_var('rules_allow_smiliess', false));
+						generate_text_for_storage($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options'], request_var('rules_allow_bbcode', false), request_var('rules_allow_urls', false), request_var('rules_allow_smiliess', false));
 					}
 					// Generate preview content
-					$forum_rules_preview = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
+					$forum_rules_preview = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options']);
 					// decode...
-					$forum_rules_data = generate_text_for_edit($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
+					$forum_rules_data = generate_text_for_edit($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_options']);
 				}
 				// Parse desciption if specified
@ -409,13 +439,14 @@ class acp_forums
 					{
 						// Before we are able to display the preview and plane text, we need to parse our request_var()'d value...
 						$forum_data['forum_desc_uid'] = '';
-						$forum_data['forum_desc_bitfield'] = 0;
+						$forum_data['forum_desc_bitfield'] = '';
 						$forum_data['forum_desc_options'] = 0;
-						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], request_var('desc_allow_bbcode', false), request_var('desc_allow_urls', false), request_var('desc_allow_smiliess', false));
+						generate_text_for_storage($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options'], request_var('desc_allow_bbcode', false), request_var('desc_allow_urls', false), request_var('desc_allow_smiliess', false));
 					}
 					// decode...
-					$forum_desc_data = generate_text_for_edit($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield']);
+					$forum_desc_data = generate_text_for_edit($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_options']);
 				}
 				$forum_type_options = '';
@ -468,6 +499,7 @@ class acp_forums
 					'U_BACK'		=> $this->u_action . '&amp;parent_id=' . $this->parent_id,
 					'U_EDIT_ACTION'	=> $this->u_action . "&amp;parent_id={$this->parent_id}&amp;action=$action&amp;f=$forum_id",
 					'L_COPY_PERMISSIONS_EXPLAIN'	=> $user->lang['COPY_PERMISSIONS_' . strtoupper($action) . '_EXPLAIN'],
 					'L_TITLE'						=> $user->lang[$this->page_title],
 					'ERROR_MSG'						=> (sizeof($errors)) ? implode('<br />', $errors) : '',
@ -501,21 +533,22 @@ class acp_forums
 					'S_STATUS_OPTIONS'			=> $statuslist,
 					'S_PARENT_OPTIONS'			=> $parents_list,
 					'S_STYLES_OPTIONS'			=> $styles_list,
-					'S_FORUM_OPTIONS'			=> make_forum_select(false, false, false),
+					'S_FORUM_OPTIONS'			=> make_forum_select(($action == 'add') ? $forum_data['parent_id'] : false, false, false, false, false),
 					'S_SHOW_DISPLAY_ON_INDEX'	=> $s_show_display_on_index,
 					'S_FORUM_POST'				=> ($forum_data['forum_type'] == FORUM_POST) ? true : false,
 					'S_FORUM_ORIG_POST'			=> (isset($old_forum_type) && $old_forum_type == FORUM_POST) ? true : false,
 					'S_FORUM_LINK'				=> ($forum_data['forum_type'] == FORUM_LINK) ? true : false,
 					'S_FORUM_CAT'				=> ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
 					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & 1) ? true : false,
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
 					'S_FORUM_LINK_TRACK'		=> ($forum_data['forum_flags'] & 1) ? true : false,
 					'S_PRUNE_OLD_POLLS'			=> ($forum_data['forum_flags'] & 2) ? true : false,
 					'S_PRUNE_ANNOUNCE'			=> ($forum_data['forum_flags'] & 4) ? true : false,
 					'S_PRUNE_STICKY'			=> ($forum_data['forum_flags'] & 8) ? true : false,
 					'S_DISPLAY_ACTIVE_TOPICS'	=> ($forum_data['forum_flags'] & 16) ? true : false,
 					'S_ENABLE_POST_REVIEW'		=> ($forum_data['forum_flags'] & 32) ? true : false,
 					)
 				);
@ -645,7 +678,7 @@ class acp_forums
 				$template->assign_block_vars('forums', array(
 					'FOLDER_IMAGE'		=> $folder_image,
 					'FORUM_NAME'		=> $row['forum_name'],
-					'FORUM_DESCRIPTION'	=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
+					'FORUM_DESCRIPTION'	=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
 					'FORUM_TOPICS'		=> $row['forum_topics'],
 					'FORUM_POSTS'		=> $row['forum_posts'],
@ -744,12 +777,14 @@ class acp_forums
 		// 4 = prune announcements
 		// 8 = prune stickies
 		// 16 = show active topics
 		// 32 = enable post review
 		$forum_data['forum_flags'] = 0;
 		$forum_data['forum_flags'] += ($forum_data['forum_link_track']) ? 1 : 0;
 		$forum_data['forum_flags'] += ($forum_data['prune_old_polls']) ? 2 : 0;
 		$forum_data['forum_flags'] += ($forum_data['prune_announce']) ? 4 : 0;
 		$forum_data['forum_flags'] += ($forum_data['prune_sticky']) ? 8 : 0;
 		$forum_data['forum_flags'] += ($forum_data['show_active']) ? 16 : 0;
 		$forum_data['forum_flags'] += ($forum_data['enable_post_review']) ? 32 : 0;
 		// Unset data that are not database fields
 		$forum_data_sql = $forum_data;
@ -759,6 +794,7 @@ class acp_forums
 		unset($forum_data_sql['prune_announce']);
 		unset($forum_data_sql['prune_sticky']);
 		unset($forum_data_sql['show_active']);
 		unset($forum_data_sql['enable_post_review']);
 		unset($forum_data_sql['forum_password_confirm']);
 		// What are we going to do tonight Brain? The same thing we do everynight,
@ -935,14 +971,14 @@ class acp_forums
 			$sql = 'UPDATE ' . FORUMS_TABLE . "
 				SET right_id = right_id + $diff, forum_parents = ''
 				WHERE " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
-					AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
 			$db->sql_query($sql);
 			// Resync the righthand side of the tree
 			$sql = 'UPDATE ' . FORUMS_TABLE . "
 				SET left_id = left_id + $diff, right_id = right_id + $diff, forum_parents = ''
 				WHERE left_id > " . $to_data['right_id'] . '
-					AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
 			$db->sql_query($sql);
 			// Resync moved branch
@ -961,7 +997,7 @@ class acp_forums
 		{
 			$sql = 'SELECT MAX(right_id) AS right_id
 				FROM ' . FORUMS_TABLE . '
-				WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $moved_ids, true);
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@ -971,7 +1007,7 @@ class acp_forums
 		$sql = 'UPDATE ' . FORUMS_TABLE . "
 			SET left_id = left_id $diff, right_id = right_id $diff, forum_parents = ''
-			WHERE forum_id IN (" . implode(', ', $moved_ids) . ')';
+			WHERE " . $db->sql_in_set('forum_id', $moved_ids);
 		$db->sql_query($sql);
 	}
@ -982,7 +1018,7 @@ class acp_forums
 	{
 		global $db;
-		$table_ary = array(LOG_TABLE, POSTS_TABLE, TOPICS_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE);
+		$table_ary = array(ACL_GROUPS_TABLE, ACL_USERS_TABLE, LOG_TABLE, POSTS_TABLE, TOPICS_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE);
 		foreach ($table_ary as $table)
 		{
@ -1023,6 +1059,7 @@ class acp_forums
 		$errors = array();
 		$log_action_posts = $log_action_forums = $posts_to_name = $subforums_to_name = '';
 		$forum_ids = array($forum_id);
 		if ($action_posts == 'delete')
 		{
@ -1066,8 +1103,6 @@ class acp_forums
 		if ($action_subforums == 'delete')
 		{
 			$log_action_forums = 'FORUMS';
 			$forum_ids = array($forum_id);
 			$rows = get_forum_branch($forum_id, 'children', 'descending', false);
 			foreach ($rows as $row)
@ -1084,7 +1119,7 @@ class acp_forums
 			$diff = sizeof($forum_ids) * 2;
 			$sql = 'DELETE FROM ' . FORUMS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_ids) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_ids);
 			$db->sql_query($sql);
 		}
 		else if ($action_subforums == 'move')
@ -1159,11 +1194,6 @@ class acp_forums
 			WHERE left_id > {$forum_data['right_id']}";
 		$db->sql_query($sql);
 		if (!isset($forum_ids) || !is_array($forum_ids))
 		{
 			$forum_ids = array($forum_id);
 		}
 		// Delete forum ids from extension groups table
 		$sql = 'SELECT group_id, allowed_forums 
 			FROM ' . EXTENSION_GROUPS_TABLE;
@ -1332,11 +1362,10 @@ class acp_forums
 						if (sizeof($ids))
 						{
 							$start += sizeof($ids);
 							$id_list = implode(', ', $ids);
 							foreach ($tables as $table)
 							{
-								$db->sql_query("DELETE FROM $table WHERE $field IN ($id_list)");
+								$db->sql_query("DELETE FROM $table WHERE " . $db->sql_in_set($field, $id_list));
 							}
 						}
 					}
@ -1364,6 +1393,43 @@ class acp_forums
 		$db->sql_transaction('commit');
 		// Make sure the overall post/topic count is correct...
 		$sql = 'SELECT COUNT(post_id) AS stat 
 			FROM ' . POSTS_TABLE . '
 			WHERE post_approved = 1';
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		set_config('num_posts', (int) $row['stat'], true);
 		$sql = 'SELECT COUNT(topic_id) AS stat
 			FROM ' . TOPICS_TABLE . '
 			WHERE topic_approved = 1';
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		set_config('num_topics', (int) $row['stat'], true);
 		$sql = 'SELECT COUNT(attach_id) as stat
 			FROM ' . ATTACHMENTS_TABLE;
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		set_config('num_files', (int) $row['stat'], true);
 		$sql = 'SELECT SUM(filesize) as stat
 			FROM ' . ATTACHMENTS_TABLE;
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		set_config('upload_dir_size', (int) $row['stat'], true);
 		add_log('admin', 'LOG_RESYNC_STATS');
 		return array();
 	}
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@ -85,7 +85,7 @@ class acp_groups
 					break;
 				}
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action));
+				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
 			break;
 			case 'default':
@ -134,7 +134,7 @@ class acp_groups
 						group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
 					}
-					trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action));
+					trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
 				}
 				else
 				{
@ -176,13 +176,15 @@ class acp_groups
 						break;
 					}
 					$back_link = ($action == 'delete') ? $this->u_action : $this->u_action . '&amp;action=list&amp;g=' . $group_id;
 					if ($error)
 					{
-						trigger_error($user->lang[$error] . adm_back_link($this->u_action));
+						trigger_error($user->lang[$error] . adm_back_link($back_link));
 					}
 					$message = ($action == 'delete') ? 'GROUP_DELETED' : 'GROUP_USERS_REMOVE';
-					trigger_error($user->lang[$message] . adm_back_link($this->u_action));
+					trigger_error($user->lang[$message] . adm_back_link($back_link));
 				}
 				else
 				{
@ -204,7 +206,7 @@ class acp_groups
 				if (!$name_ary)
 				{
-					trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action));
+					trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
 				}
 				$name_ary = array_unique(explode("\n", $name_ary));
@ -212,11 +214,11 @@ class acp_groups
 				// Add user/s to group
 				if ($error = group_user_add($group_id, false, $name_ary, $group_row['group_name'], $default, $leader, 0, $group_row))
 				{
-					trigger_error($user->lang[$error] . adm_back_link($this->u_action));
+					trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
 				}
 				$message = ($action == 'addleaders') ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
-				trigger_error($user->lang[$message] . adm_back_link($this->u_action));
+				trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&amp;action=list&amp;g=' . $group_id));
 			break;
 			case 'edit':
@ -418,7 +420,7 @@ class acp_groups
 				else
 				{
 					$group_name = $group_row['group_name'];
-					$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield']);
+					$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']);
 					$group_type = $group_row['group_type'];
 					$group_rank = $group_row['group_rank'];
 				}
@ -607,10 +609,12 @@ class acp_groups
 					'S_ON_PAGE'		=> on_page($total_members, $config['topics_per_page'], $start),
 					'PAGINATION'	=> generate_pagination($this->u_action . "&amp;action=$action&amp;g=$group_id", $total_members, $config['topics_per_page'], $start, true),
 					'GROUP_NAME'	=> ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'],
 					'U_ACTION'			=> $this->u_action . "&amp;g=$group_id",
 					'U_BACK'			=> $this->u_action,
-					'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=list&amp;field=usernames'))
+					'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=list&amp;field=usernames'),
 					'U_DEFAULT_ALL'		=> "{$this->u_action}&amp;action=default&amp;g=$group_id")
 				);
 				foreach ($group_data['leader'] as $row)
@ -701,7 +705,6 @@ class acp_groups
 				$template->assign_block_vars('groups', array(
 					'U_LIST'		=> "{$this->u_action}&amp;action=list&amp;g=$group_id",
 					'U_DEFAULT'		=> "{$this->u_action}&amp;action=default&amp;g=$group_id",
 					'U_EDIT'		=> "{$this->u_action}&amp;action=edit&amp;g=$group_id",
 					'U_DELETE'		=> ($auth->acl_get('a_groupdel')) ? "{$this->u_action}&amp;action=delete&amp;g=$group_id" : '',
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@ -108,9 +108,7 @@ class acp_icons
 					ORDER BY {$fields}_order " . (($icon_id || $action == 'add') ? 'DESC' : 'ASC');
 				$result = $db->sql_query($sql);
-				if ($row = $db->sql_fetchrow($result))
+				while ($row = $db->sql_fetchrow($result))
 				{
 					do
 				{
 					if ($action == 'add')
 					{
@ -140,12 +138,11 @@ class acp_icons
 						$order_list = '<option value="' . ($row[$fields . '_order']) . '"' . $selected . '>' . sprintf($user->lang['AFTER_' . $lang], ' -&gt; ' . htmlspecialchars($after_txt)) . '</option>' . $order_list;
 					}
 				}
 					while ($row = $db->sql_fetchrow($result));
 				}
 				$db->sql_freeresult($result);
 				$order_list = '<option value="1"' . ((!isset($after)) ? ' selected="selected"' : '') . '>' . $user->lang['FIRST'] . '</option>' . $order_list;
 				$data = array();
 				if ($action == 'add')
 				{
 					$data = $_images;
@ -234,7 +231,7 @@ class acp_icons
 							$fields . '_url'		=> $image,
 							$fields . '_width'		=> $image_width[$image],
 							$fields . '_height'		=> $image_height[$image],
-							'display_on_posting'=>	(isset($image_display_on_posting[$image])) ? 1 : 0,
+							'display_on_posting'	=> (isset($image_display_on_posting[$image])) ? 1 : 0,
 						);
 						if ($mode == 'smilies')
@ -351,7 +348,10 @@ class acp_icons
 						$cur_img = array();
 						$field_sql = ($mode == 'smilies') ? 'code' : 'icons_url';
-						$result = $db->sql_query("SELECT $field_sql FROM $table");
+
 						$sql = "SELECT $field_sql
 							FROM $table";
 						$result = $db->sql_query($sql);
 						while ($row = $db->sql_fetchrow($result))
 						{
@ -371,8 +371,8 @@ class acp_icons
 						$data = array();
 						if (preg_match_all("#'(.*?)', #", $pak_entry, $data))
 						{
-							if ((sizeof($data[1]) != 3 && $mode == 'icons') || 
+							if ((sizeof($data[1]) != 4 && $mode == 'icons') || 
-								(sizeof($data[1]) != 5 && $mode == 'smilies'))
+								(sizeof($data[1]) != 6 && $mode == 'smilies'))
 							{
 								trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action));
 							}
@ -381,11 +381,12 @@ class acp_icons
 							$img = stripslashes($data[1][0]);
 							$width = stripslashes($data[1][1]);
 							$height = stripslashes($data[1][2]);
 							$display_on_posting = stripslashes($data[1][3]);
-							if (isset($data[1][3]) && isset($data[1][4]))
+							if (isset($data[1][4]) && isset($data[1][5]))
 							{
-								$emotion = stripslashes($data[1][3]);
+								$emotion = stripslashes($data[1][4]);
-								$code = stripslashes($data[1][4]);
+								$code = stripslashes($data[1][5]);
 							}
 							if ($current == 'replace' && 
@ -397,12 +398,13 @@ class acp_icons
 									$fields . '_url'		=> $img,
 									$fields . '_height'		=> (int) $height,
 									$fields . '_width'		=> (int) $width,
 									'display_on_posting'	=> (int) $display_on_posting,
 								);
 								if ($mode == 'smilies')
 								{
 									$sql = array_merge($sql, array(
-										'emotion'	=>	$emotion
+										'emotion'				=> $emotion,
 									));
 								}
@ -419,13 +421,14 @@ class acp_icons
 									$fields . '_height'	=> (int) $height,
 									$fields . '_width'	=> (int) $width,
 									$fields . '_order'	=> (int) $order,
 									'display_on_posting'=> (int) $display_on_posting,
 								);
 								if ($mode == 'smilies')
 								{
 									$sql = array_merge($sql, array(
 										'code'				=> $code,
-										'emotion'	=>	$emotion
+										'emotion'			=> $emotion,
 									));
 								}
 								$db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $sql));
@ -492,6 +495,7 @@ class acp_icons
 					$pak .= "'" . addslashes($row[$fields . '_url']) . "', ";
 					$pak .= "'" . addslashes($row[$fields . '_width']) . "', ";
 					$pak .= "'" . addslashes($row[$fields . '_height']) . "', ";
 					$pak .= "'" . addslashes($row['display_on_posting']) . "', ";
 					if ($mode == 'smilies')
 					{
@ -505,7 +509,7 @@ class acp_icons
 				if ($pak != '')
 				{
-					$db->sql_close();
+					garbage_collection();
 					header('Pragma: public');
@ -519,15 +523,16 @@ class acp_icons
 				}
 				else
 				{
-					trigger_error($user->lang['NO_' . $fields . '_EXPORT'] . adm_back_link($this->u_action));
+					trigger_error($user->lang['NO_' . strtoupper($fields) . '_EXPORT'] . adm_back_link($this->u_action));
 				}
 			break;
 			case 'delete':
-				$db->sql_query("DELETE FROM $table 
+				$sql = "DELETE FROM $table
-					WHERE {$fields}_id = $icon_id");
+					WHERE {$fields}_id = $icon_id";
 				$db->sql_query($sql);
 				switch ($mode)
 				{
@ -549,6 +554,9 @@ class acp_icons
 				$notice = $user->lang[$lang . '_DELETED'];
 				$cache->destroy('icons');
 				$cache->destroy('sql', $table);
 			break;
 			case 'move_up':
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@ -71,6 +71,10 @@ class acp_language
 					$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 				break;
 				case 'ftp_fsock':
 					$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 				break;
 				default:
 					trigger_error($user->lang['INVALID_UPLOAD_METHOD']);
 			}
@ -97,23 +101,13 @@ class acp_language
 					));
 				}
-				$entry = $_POST['entry'];
+				$hidden_data = build_hidden_fields(array(
-				foreach ($entry as $key => $value)
+					'file'		=> $this->language_file,
-				{
+					'dir'		=> $this->language_directory,
-					if (is_array($value))
+					'method'	=> $method,
-					{
+					'entry'		=> $_POST['entry']),
-						foreach ($value as $key2 => $data)
+					true
-						{
+				);
 							$entry[$key][$key2] = htmlentities($data);
 						}
 					}
 					else
 					{
 						$entry[$key] = htmlentities($value);
 					}
 				}
 				$hidden_data = build_hidden_fields(array('file' => $this->language_file, 'dir' => $this->language_directory, 'method' => $method, 'entry' => $entry));
 				$template->assign_vars(array(
 					'S_UPLOAD'	=> true,
@ -133,7 +127,8 @@ class acp_language
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
 				}
-				$sql = 'SELECT * FROM ' . LANG_TABLE . "
+				$sql = 'SELECT *
 					FROM ' . LANG_TABLE . "
 					WHERE lang_id = $lang_id";
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@ -168,7 +163,8 @@ class acp_language
 					trigger_error($user->lang['NO_FILE_SELECTED'] . adm_back_link($this->u_action));
 				}
-				$sql = 'SELECT * FROM ' . LANG_TABLE . "
+				$sql = 'SELECT *
 					FROM ' . LANG_TABLE . "
 					WHERE lang_id = $lang_id";
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@ -210,8 +206,7 @@ class acp_language
 				if ($this->language_directory == 'email')
 				{
 					// Email Template
-					$entry = (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry'];
+					$entry = $this->prepare_lang_entry($_POST['entry'], false);
 					$entry = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $entry);
 					fwrite($fp, $entry);
 				}
 				else
@ -229,21 +224,17 @@ class acp_language
 						{
 							if (!is_array($value))
 							{
 								continue;
 							}
-							else
+
 							{
 							$entry = "\tarray(\n";
 							foreach ($value as $_key => $_value)
 							{
-									$_value = (STRIP) ? stripslashes($_value) : $_value;
+								$entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
 									$_value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $_value);
 									$entry .= "\t\t" . (int) $_key . "\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
 							}
 							$entry .= "\t),\n";
 							}
 							fwrite($fp, $entry);
 						}
 					}
@ -255,26 +246,7 @@ class acp_language
 						foreach ($_POST['entry'] as $key => $value)
 						{
-							if (!is_array($value))
+							$entry = $this->format_lang_array($key, $value);
 							{
 								$value = (STRIP) ? stripslashes($value) : $value;
 								$value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $value);
 								$entry = "\t'" . $key . "'\t=> '" . str_replace("'", "\\'", $value) . "',\n";
 							}
 							else
 							{
 								$entry = "\n\t'" . $key . "'\t=> array(\n";
 								foreach ($value as $_key => $_value)
 								{
 									$_value = (STRIP) ? stripslashes($_value) : $_value;
 									$_value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $_value);
 									$entry .= "\t\t'" . $_key . "'\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
 								}
 								$entry .= "\t),\n\n";
 							}
 							fwrite($fp, $entry);
 						}
 					}
@ -302,7 +274,8 @@ class acp_language
 				}
 				else if ($action == 'upload_data')
 				{
-					$sql = 'SELECT lang_iso FROM ' . LANG_TABLE . "
+					$sql = 'SELECT lang_iso
 						FROM ' . LANG_TABLE . "
 						WHERE lang_id = $lang_id";
 					$result = $db->sql_query($sql);
 					$row = $db->sql_fetchrow($result);
@ -322,6 +295,11 @@ class acp_language
 						case 'ftp':
 							$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 						break;
 						case 'ftp_fsock':
 							$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 						break;
 						default:
 							trigger_error($user->lang['INVALID_UPLOAD_METHOD']);
 					}
@ -335,6 +313,9 @@ class acp_language
 					$transfer->copy_file('store/' . $lang_path . $file, $lang_path . $file);
 					$transfer->close_session();
 					// Remove from storage folder
 					@unlink($phpbb_root_path . 'store/' . $lang_path . $file);
 					add_log('admin', 'LOG_LANGUAGE_FILE_REPLACED', $file);
 					trigger_error($user->lang['UPLOAD_COMPLETED']);
@ -353,7 +334,8 @@ class acp_language
 				$this->page_title = 'LANGUAGE_PACK_DETAILS';
-				$sql = 'SELECT * FROM ' . LANG_TABLE . '
+				$sql = 'SELECT *
 					FROM ' . LANG_TABLE . '
 					WHERE lang_id = ' . $lang_id;
 				$result = $db->sql_query($sql);
 				$lang_entries = $db->sql_fetchrow($result);
@ -665,7 +647,8 @@ class acp_language
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
 				}
-				$sql = 'SELECT * FROM ' . LANG_TABLE . '
+				$sql = 'SELECT *
 					FROM ' . LANG_TABLE . '
 					WHERE lang_id = ' . $lang_id;
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@ -707,7 +690,8 @@ class acp_language
 				);
 				unset($file);
-				$sql = 'SELECT lang_iso FROM ' . LANG_TABLE . "
+				$sql = 'SELECT lang_iso
 					FROM ' . LANG_TABLE . "
 					WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
 				$result = $db->sql_query($sql);
@ -746,7 +730,8 @@ class acp_language
 					trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action));
 				}
-				$sql = 'SELECT * FROM ' . LANG_TABLE . '
+				$sql = 'SELECT * 
 					FROM ' . LANG_TABLE . '
 					WHERE lang_id = ' . $lang_id;
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@ -794,7 +779,7 @@ class acp_language
 				include_once($phpbb_root_path . 'includes/functions_compress.' . $phpEx);
-				if ($use_method == 'zip')
+				if ($use_method == '.zip')
 				{
 					$compress = new compress_zip('w', $phpbb_root_path . 'store/lang_' . $row['lang_iso'] . $use_method);
 				}
@ -818,6 +803,17 @@ class acp_language
 				// Add main files
 				$this->add_to_archive($compress, $this->main_files, $row['lang_iso']);
 				// Add search files if they exist...
 				if (file_exists($phpbb_root_path . 'language/' . $row['lang_iso'] . '/search_ignore_words.' . $phpEx))
 				{
 					$this->add_to_archive($compress, array("search_ignore_words.$phpEx"), $row['lang_iso']);
 				}
 				if (file_exists($phpbb_root_path . 'language/' . $row['lang_iso'] . '/search_synonyms.' . $phpEx))
 				{
 					$this->add_to_archive($compress, array("search_synonyms.$phpEx"), $row['lang_iso']);
 				}
 				// Write files in folders
 				$this->add_to_archive($compress, $email_templates, $row['lang_iso'], 'email');
 				$this->add_to_archive($compress, $acp_files, $row['lang_iso'], 'acp');
@ -862,7 +858,8 @@ class acp_language
 		$db->sql_freeresult($result);
 		$sql = 'SELECT *  
-			FROM ' . LANG_TABLE;
+			FROM ' . LANG_TABLE . '
 			ORDER BY lang_english_name';
 		$result = $db->sql_query($sql);
 		$installed = array();
@ -975,8 +972,7 @@ $lang = array_merge($lang, array(
 ';
 		// Language files in language root directory
-		$this->main_files = array("common.$phpEx", "groups.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
+		$this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
 	}
 	/**
@ -1040,6 +1036,35 @@ $lang = array_merge($lang, array(
 				</tr>';
 				foreach ($value as $_key => $_value)
 				{
 					if (is_array($_value))
 					{
 						$tpl .= '
 							<tr>
 								<td class="row3" colspan="2">' . $key_prefix . '&nbsp; &nbsp;<b>' . $_key . '</b></td>
 							</tr>';
 						foreach ($_value as $__key => $__value)
 						{
 							$tpl .= '
 								<tr>
 									<td class="row1" style="white-space: nowrap;">' . $key_prefix . '<b>' . $__key . '</b></td>
 									<td class="row2">';
 							if ($input_field)
 							{
 								$tpl .= '<input type="text" name="entry[' . $key . '][' . $_key . '][' . $__key . ']" value="' . htmlspecialchars($__value) . '" size="50" />';
 							}
 							else
 							{
 								$tpl .= '<b>' . htmlspecialchars($__value) . '</b>';
 							}
 							$tpl .= '</td>
 								</tr>';
 						}
 					}
 					else
 					{
 						$tpl .= '
 							<tr>
@ -1058,6 +1083,7 @@ $lang = array_merge($lang, array(
 						$tpl .= '</td>
 							</tr>';
 					}
 				}
 				$tpl .= '
 				<tr>
@ -1191,6 +1217,49 @@ $lang = array_merge($lang, array(
 		return $return_ary;
 	}
 	/**
 	* Return language string value for storage
 	*/
 	function prepare_lang_entry($text, $store = true)
 	{
 		$text = (STRIP) ? stripslashes($text) : $text;
 		// Adjust for storage...
 		if ($store)
 		{
 			$text = str_replace("'", "\\'", str_replace('\\', '\\\\', $text));
 		}
 		return $text;
 	}
 	/**
 	* Format language array for storage
 	*/
 	function format_lang_array($key, $value, $tabs = "\t")
 	{
 		$entry = '';
 		if (!is_array($value))
 		{
 			$entry .= "{$tabs}'{$key}'\t=> '" . $this->prepare_lang_entry($value) . "',\n";
 		}
 		else
 		{
 			$_tabs = $tabs . "\t";
 			$entry .= "\n{$tabs}'{$key}'\t=> array(\n";
 			foreach ($value as $_key => $_value)
 			{
 				$entry .= $this->format_lang_array($_key, $_value, $_tabs);
 			}
 			$entry .= "{$tabs}),\n\n";
 		}
 		return $entry;
 	}
 }
 ?>
--- a/phpBB/includes/acp/acp_logs.php
+++ b/phpBB/includes/acp/acp_logs.php
@ -42,14 +42,15 @@ class acp_logs
 		if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
 		{
 			$where_sql = '';
-			if ($deletemark && $marked)
+
 			if ($deletemark && sizeof($marked))
 			{
 				$sql_in = array();
 				foreach ($marked as $mark)
 				{
 					$sql_in[] = $mark;
 				}
-				$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+				$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 				unset($sql_in);
 			}
@ -67,7 +68,7 @@ class acp_logs
 		// Sorting
 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 		$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
-		$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
+		$sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 		$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 		gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@ -21,9 +21,9 @@ class acp_main
 		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 		$action = request_var('action', '');
-		$mark	= (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : '';
+		$mark	= (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
-		if ($mark)
+		if (sizeof($mark))
 		{
 			switch ($action)
 			{
@ -36,8 +36,8 @@ class acp_main
 					}
 					$sql = 'SELECT username 
-						FROM ' . USERS_TABLE . "
+						FROM ' . USERS_TABLE . '
-						WHERE user_id IN ($mark)";
+						WHERE ' . $db->sql_in_set('user_id', $mark);
 					$result = $db->sql_query($sql);
 					$user_affected = array();
@ -50,14 +50,13 @@ class acp_main
 					if ($action == 'activate')
 					{
 						include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 						$mark_ary = explode(', ', $mark);
-						foreach ($mark_ary as $user_id)
+						foreach ($mark as $user_id)
 						{
 							user_active_flip($user_id, USER_INACTIVE);
 						}
-						set_config('num_users', $config['num_users'] + sizeof($mark_ary), true);
+						set_config('num_users', $config['num_users'] + sizeof($mark), true);
 						// Update latest username
 						update_last_username();
@ -69,9 +68,9 @@ class acp_main
 							trigger_error($user->lang['NO_ADMIN']);
 						}
-						$sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE user_id IN ($mark)";
+						$sql = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
 						$db->sql_query($sql);
-						$sql = 'DELETE FROM ' . USERS_TABLE . " WHERE user_id IN ($mark)";
+						$sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
 						$db->sql_query($sql);
 						add_log('admin', 'LOG_INDEX_' . strtoupper($action), implode(', ', $user_affected));
@ -91,8 +90,8 @@ class acp_main
 					}
 					$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey 
-						FROM ' . USERS_TABLE . " 
+						FROM ' . USERS_TABLE . ' 
-						WHERE user_id IN ($mark)";
+						WHERE ' . $db->sql_in_set('user_id', $mark);
 					$result = $db->sql_query($sql);
 					if ($row = $db->sql_fetchrow($result))
@ -209,28 +208,9 @@ class acp_main
 					trigger_error($user->lang['NO_ADMIN']);
 				}
 				$post_count_ary = $auth->acl_getf('f_postcount');
 				$forum_read_ary = $auth->acl_getf('f_read');
 				$forum_ary = array();
 				foreach ($post_count_ary as $forum_id => $allowed)
 				{
 					if ($allowed['f_postcount'] && $forum_read_ary[$forum_id]['f_read'])
 					{
 						$forum_ary[] = $forum_id;
 					}
 				}
 				if (!sizeof($forum_ary))
 				{
 					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');
 				}
 				else
 				{
 				$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
 					FROM ' . POSTS_TABLE . '
-						WHERE poster_id <> ' . ANONYMOUS . '
+					WHERE post_postcount = 1
 							AND forum_id IN (' . implode(', ', $forum_ary) . ')
 					GROUP BY poster_id';
 				$result = $db->sql_query($sql);
@ -239,9 +219,9 @@ class acp_main
 					$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['poster_id']}");
 				}
 				$db->sql_freeresult($result);
 				}
 				add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
 			break;
 			case 'date':
@ -412,8 +392,10 @@ class acp_main
 			'DBSIZE'			=> $dbsize,
 			'UPLOAD_DIR_SIZE'	=> $upload_dir_size,
 			'GZIP_COMPRESSION'	=> ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'],
 			'DATABASE_INFO'		=> $db->sql_server_info(),
 			'U_ACTION'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
 			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
 			'S_ACTION_OPTIONS'	=> ($auth->acl_get('a_board')) ? $s_action_options : '',
 			)
@ -439,7 +421,7 @@ class acp_main
 		if ($auth->acl_get('a_user'))
 		{
-			$sql = 'SELECT user_id, username, user_regdate
+			$sql = 'SELECT user_id, username, user_regdate, user_lastvisit
 				FROM ' . USERS_TABLE . ' 
 				WHERE user_type = ' . USER_INACTIVE . ' 
 				ORDER BY user_regdate ASC';
@ -449,6 +431,7 @@ class acp_main
 			{
 				$template->assign_block_vars('inactive', array(
 					'DATE'			=> $user->format_date($row['user_regdate']),
 					'LAST_VISIT'	=> (!$row['user_lastvisit']) ? ' - ' : $user->format_date($row['user_lastvisit']),
 					'USER_ID'		=> $row['user_id'],
 					'USERNAME'		=> $row['username'],
 					'U_USER_ADMIN'	=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&amp;mode=overview&amp;u={$row['user_id']}"))
@ -473,6 +456,12 @@ class acp_main
 			$template->assign_var('S_DEBUG_EXTRA', true);
 		}
 		// Warn if install is still present
 		if (file_exists($phpbb_root_path . 'install'))
 		{
 			$template->assign_var('S_REMOVE_INSTALL', true);
 		}
 		$this->tpl_name = 'acp_main';
 		$this->page_title = 'ACP_MAIN';
 	}
--- a/phpBB/includes/acp/acp_modules.php
+++ b/phpBB/includes/acp/acp_modules.php
@ -144,16 +144,16 @@ class acp_modules
 						break;
 					}
-					list($module_name, $module_mode) = explode('::', $quick_install);
+					list($module_basename, $module_mode) = explode('::', $quick_install);
 					// Check if module name and mode exist...
-					$fileinfo = $this->get_module_infos($module_name);
+					$fileinfo = $this->get_module_infos($module_basename);
-					$fileinfo = $fileinfo[$module_name];
+					$fileinfo = $fileinfo[$module_basename];
 					if (isset($fileinfo['modes'][$module_mode]))
 					{
 						$module_data = array(
-							'module_name'		=> $module_name,
+							'module_basename'	=> $module_basename,
 							'module_enabled'	=> 0,
 							'module_display'	=> (isset($fileinfo['modes'][$module_mode]['display'])) ? $fileinfo['modes'][$module_mode]['display'] : 1,
 							'parent_id'			=> $parent_id,
@ -202,7 +202,7 @@ class acp_modules
 				if ($action == 'add')
 				{
 					$module_row = array(
-						'module_name'		=> '',
+						'module_basename'	=> '',
 						'module_enabled'	=> 0,
 						'module_display'	=> 1,
 						'parent_id'			=> 0,
@ -214,7 +214,7 @@ class acp_modules
 				$module_data = array();
-				$module_data['module_name'] = request_var('module_name', (string) $module_row['module_name']);
+				$module_data['module_basename'] = request_var('module_basename', (string) $module_row['module_basename']);
 				$module_data['module_enabled'] = request_var('module_enabled', (int) $module_row['module_enabled']);
 				$module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']);
 				$module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']);
@ -235,7 +235,7 @@ class acp_modules
 					if ($module_type == 'category')
 					{
-						$module_data['module_name'] = $module_data['module_mode'] = $module_data['module_auth'] = '';
+						$module_data['module_basename'] = $module_data['module_mode'] = $module_data['module_auth'] = '';
 						$module_data['module_display'] = 1;
 					}
@ -245,10 +245,10 @@ class acp_modules
 					}
 					// Adjust auth row
-					if ($module_data['module_name'] && $module_data['module_mode'])
+					if ($module_data['module_basename'] && $module_data['module_mode'])
 					{
-						$fileinfo = $this->get_module_infos($module_data['module_name']);
+						$fileinfo = $this->get_module_infos($module_data['module_basename']);
-						$module_data['module_auth'] = $fileinfo[$module_data['module_name']]['modes'][$module_data['module_mode']]['auth'];
+						$module_data['module_auth'] = $fileinfo[$module_data['module_basename']]['modes'][$module_data['module_mode']]['auth'];
 					}
 					$errors = $this->update_module_data($module_data);
@ -262,7 +262,7 @@ class acp_modules
 				}
 				// Category/not category?
-				$is_cat = (!$module_data['module_name']) ? true : false;
+				$is_cat = (!$module_data['module_basename']) ? true : false;
 				// Get module informations
 				$module_infos = $this->get_module_infos();
@ -271,20 +271,20 @@ class acp_modules
 				$s_name_options = $s_mode_options = '';
 				foreach ($module_infos as $option => $values)
 				{
-					if (!$module_data['module_name'])
+					if (!$module_data['module_basename'])
 					{
-						$module_data['module_name'] = $option;
+						$module_data['module_basename'] = $option;
 					}
 					// Name options
-					$s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_name']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>';
+					$s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_basename']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>';
 					$template->assign_block_vars('m_names', array('NAME' => $option));
 					// Build module modes
 					foreach ($values['modes'] as $m_mode => $m_values)
 					{
-						if ($option == $module_data['module_name'])
+						if ($option == $module_data['module_basename'])
 						{
 							$s_mode_options .= '<option value="' . $m_mode . '"' . (($m_mode == $module_data['module_mode']) ? ' selected="selected"' : '') . '>' . $this->lang_name($m_values['title']) . '</option>';
 						}
@ -387,7 +387,7 @@ class acp_modules
 				}
 				else
 				{
-					$module_image = (!$row['module_name'] || $row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['CATEGORY'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['MODULE'] . '" />';
+					$module_image = (!$row['module_basename'] || $row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['CATEGORY'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['MODULE'] . '" />';
 				}
 				$url = $this->u_action . '&amp;parent_id=' . $parent_id . '&amp;m=' . $row['module_id'];
@ -551,22 +551,10 @@ class acp_modules
 	{
 		global $db, $user, $auth, $config;
-		switch (SQL_LAYER)
+		$sql = 'SELECT module_id, module_enabled, module_basename, parent_id, module_langname, left_id, right_id, module_auth
 		{
 			case 'firebird':
 				$sql = 'SELECT module_id, module_enabled, "module_name", parent_id, module_langname, left_id, right_id, module_auth
 			FROM ' . MODULES_TABLE . "
 			WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 			ORDER BY left_id ASC";
 			break;
 			default:
 				$sql = 'SELECT module_id, module_enabled, module_name, parent_id, module_langname, left_id, right_id, module_auth
 					FROM ' . MODULES_TABLE . "
 					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 					ORDER BY left_id ASC";
 			break;
 		}
 		$result = $db->sql_query($sql);
 		$right = $iteration = 0;
@ -607,13 +595,13 @@ class acp_modules
 			}
 			// empty category
-			if (!$row['module_name'] && ($row['left_id'] + 1 == $row['right_id']) && $ignore_emptycat)
+			if (!$row['module_basename'] && ($row['left_id'] + 1 == $row['right_id']) && $ignore_emptycat)
 			{
 				continue;
 			}
 			// ignore non-category?
-			if ($row['module_name'] && $ignore_noncat)
+			if ($row['module_basename'] && $ignore_noncat)
 			{
 				continue;
 			}
@ -723,8 +711,10 @@ class acp_modules
 					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 						AND module_id = {$module_data['parent_id']}";
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
-				if (!$row = $db->sql_fetchrow($result))
+				if (!$row)
 				{
 					if ($run_inline)
 					{
@ -733,7 +723,6 @@ class acp_modules
 					trigger_error($user->lang['PARENT_NO_EXIST']);
 				}
 				$db->sql_freeresult($result);
 				$sql = 'UPDATE ' . MODULES_TABLE . "
 					SET left_id = left_id + 2, right_id = right_id + 2
@ -777,7 +766,7 @@ class acp_modules
 		{
 			$row = $this->get_module_row($module_data['module_id']);
-			if ($module_data['module_name'] && !$row['module_name'])
+			if ($module_data['module_basename'] && !$row['module_basename'])
 			{
 				// we're turning a category into a module
 				$branch = $this->get_module_branch($module_data['module_id'], 'children', 'descending', false);
@ -793,8 +782,11 @@ class acp_modules
 				$this->move_module($module_data['module_id'], $module_data['parent_id']);
 			}
 			$update_ary = $module_data;
 			unset($update_ary['module_id']);
 			$sql = 'UPDATE ' . MODULES_TABLE . '
-				SET ' . $db->sql_build_array('UPDATE', $module_data) . "
+				SET ' . $db->sql_build_array('UPDATE', $update_ary) . "
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 					AND module_id = {$module_data['module_id']}";
 			$db->sql_query($sql);
@ -849,7 +841,7 @@ class acp_modules
 				SET right_id = right_id + $diff
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 					AND " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
-					AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('module_id', $moved_ids, true);
 			$db->sql_query($sql);
 			// Resync the righthand side of the tree
@ -857,7 +849,7 @@ class acp_modules
 				SET left_id = left_id + $diff, right_id = right_id + $diff
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
 					AND left_id > " . $to_data['right_id'] . '
-					AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
+					AND ' . $db->sql_in_set('module_id', $moved_ids, true);
 			$db->sql_query($sql);
 			// Resync moved branch
@ -876,7 +868,7 @@ class acp_modules
 			$sql = 'SELECT MAX(right_id) AS right_id
 				FROM ' . MODULES_TABLE . "
 				WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-					AND module_id NOT IN (" . implode(', ', $moved_ids) . ')';
+					AND " . $db->sql_in_set('module_id', $moved_ids, true);
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@ -887,7 +879,7 @@ class acp_modules
 		$sql = 'UPDATE ' . MODULES_TABLE . "
 			SET left_id = left_id $diff, right_id = right_id $diff
 			WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
-				AND module_id IN (" . implode(', ', $moved_ids) . ')';
+				AND " . $db->sql_in_set('module_id', $moved_ids);
 		$db->sql_query($sql);
 	}
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@ -239,7 +239,7 @@ class acp_permission_roles
 					$auth_options = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$auth_options[$row['auth_option']] = ACL_UNSET;
+						$auth_options[$row['auth_option']] = ACL_NO;
 					}
 					$db->sql_freeresult($result);
 				}
@ -294,7 +294,7 @@ class acp_permission_roles
 					)
 				);
-				// We need to fill the auth options array with ACL_UNSET options ;)
+				// We need to fill the auth options array with ACL_NO options ;)
 				$sql = 'SELECT auth_option_id, auth_option
 					FROM ' . ACL_OPTIONS_TABLE . "
 					WHERE auth_option LIKE '{$permission_type}%'
@ -306,7 +306,7 @@ class acp_permission_roles
 				{
 					if (!isset($auth_options[$row['auth_option']]))
 					{
-						$auth_options[$row['auth_option']] = ACL_UNSET;
+						$auth_options[$row['auth_option']] = ACL_NO;
 					}
 				}
 				$db->sql_freeresult($result);
@ -447,17 +447,17 @@ class acp_permission_roles
 			$template->assign_block_vars('auth', array(
 				'CAT_NAME'	=> $user->lang['permission_cat'][$cat],
-				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false,
+				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
-				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false,
+				'S_NEVER'	=> ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
-				'S_UNSET'	=> ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false)
+				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false)
 			);
 			foreach ($cat_array['permissions'] as $permission => $allowed)
 			{
 				$template->assign_block_vars('auth.mask', array(
 					'S_YES'		=> ($allowed == ACL_YES) ? true : false,
 					'S_NEVER'	=> ($allowed == ACL_NEVER) ? true : false,
 					'S_NO'		=> ($allowed == ACL_NO) ? true : false,
 					'S_UNSET'	=> ($allowed == ACL_UNSET) ? true : false,
 					'FIELD_NAME'	=> $permission,
 					'PERMISSION'	=> $user->lang['acl_' . $permission]['lang'])
@ -484,7 +484,7 @@ class acp_permission_roles
 		$auth_settings = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$auth_settings[$row['auth_option']] = ACL_UNSET;
+			$auth_settings[$row['auth_option']] = ACL_NO;
 		}
 		$db->sql_freeresult($result);
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@ -59,8 +59,8 @@ class acp_permissions
 		$subforum_id = request_var('subforum_id', 0);
 		$forum_id = request_var('forum_id', array(0));
-		$username = request_var('username', array(''), true);
+		$username = request_var('username', array(''));
-		$usernames = request_var('usernames', '', true);
+		$usernames = request_var('usernames', '');
 		$user_id = request_var('user_id', array(0));
 		$group_id = request_var('group_id', array(0));
@ -70,7 +70,7 @@ class acp_permissions
 		if ($select_all_groups)
 		{
 			// Add default groups to selection
-			$sql_and = ($config['coppa_hide_groups']) ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
+			$sql_and = (!$config['coppa_enable']) ? " AND group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
 			$sql = 'SELECT group_id
 				FROM ' . GROUPS_TABLE . '
@ -213,7 +213,32 @@ class acp_permissions
 			switch ($action)
 			{
 				case 'delete':
 					// All users/groups selected?
 					$all_users = (isset($_POST['all_users'])) ? true : false;
 					$all_groups = (isset($_POST['all_groups'])) ? true : false;
 					if ($all_users || $all_groups)
 					{
 						$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
 						if ($all_users && sizeof($items['user_ids']))
 						{
 							$user_id = $items['user_ids'];
 						}
 						else if ($all_groups && sizeof($items['group_ids']))
 						{
 							$group_id = $items['group_ids'];
 						}
 					}
 					if (sizeof($user_id) || sizeof($group_id))
 					{
 						$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
 					}
 					else
 					{
 						trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action));
 					}
 				break;
 				case 'apply_permissions':
@ -273,7 +298,7 @@ class acp_permissions
 						continue 2;
 					}
-					$forum_list = make_forum_select(false, false, true, false, false, true);
+					$forum_list = make_forum_select(false, false, true, false, false, false, true);
 					// Build forum options
 					$s_forum_options = '';
@ -343,99 +368,30 @@ class acp_permissions
 						continue 2;
 					}
-					$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
+					$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
 					$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
 					$sql = $db->sql_build_query('SELECT_DISTINCT', array(
 						'SELECT'	=> 'u.username, u.user_regdate, u.user_id',
 						'FROM'		=> array(
 							USERS_TABLE			=> 'u',
 							ACL_OPTIONS_TABLE	=> 'o',
 							ACL_USERS_TABLE		=> 'a'
 						),
 						'LEFT_JOIN'	=> array(
 							array(
 								'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
 								'ON'	=> 'a.auth_role_id = r.role_id'
 							)
 						),
 						'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
 							$sql_permission_option
 							$sql_forum_id
 							AND u.user_id = a.user_id",
 						'ORDER_BY'	=> 'u.username, u.user_regdate ASC'
 					));
 					$result = $db->sql_query($sql);
 					$s_defined_user_options = '';
 					$defined_user_ids = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
 						$defined_user_ids[] = $row['user_id'];
 					}
 					$db->sql_freeresult($result);
 					$sql = $db->sql_build_query('SELECT_DISTINCT', array(
 						'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
 						'FROM'		=> array(
 							GROUPS_TABLE		=> 'g',
 							ACL_OPTIONS_TABLE	=> 'o',
 							ACL_GROUPS_TABLE	=> 'a'
 						),
 						'LEFT_JOIN'	=> array(
 							array(
 								'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
 								'ON'	=> 'a.auth_role_id = r.role_id'
 							)
 						),
 						'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
 							$sql_permission_option
 							$sql_forum_id
 							AND g.group_id = a.group_id",
 						'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
 					));
 					$result = $db->sql_query($sql);
 					$s_defined_group_options = '';
 					$defined_group_ids = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$s_defined_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
 						$defined_group_ids[] = $row['group_id'];
 					}
 					$db->sql_freeresult($result);
 					// Now we check the users... because the "all"-selection is different here (all defined users/groups)
 					$all_users = (isset($_POST['all_users'])) ? true : false;
 					$all_groups = (isset($_POST['all_groups'])) ? true : false;
-					if ($all_users && sizeof($defined_user_ids))
+					if ($all_users && sizeof($items['user_ids']))
 					{
-						$user_id = $defined_user_ids;
+						$user_id = $items['user_ids'];
 						continue 2;
 					}
-					if ($all_groups && sizeof($defined_group_ids))
+					if ($all_groups && sizeof($items['group_ids']))
 					{
-						$group_id = $defined_group_ids;
+						$group_id = $items['group_ids'];
 						continue 2;
 					}
 					$template->assign_vars(array(
 						'S_SELECT_USERGROUP'		=> ($victim == 'usergroup') ? true : false,
 						'S_SELECT_USERGROUP_VIEW'	=> ($victim == 'usergroup_view') ? true : false,
-						'S_DEFINED_USER_OPTIONS'	=> $s_defined_user_options,
+						'S_DEFINED_USER_OPTIONS'	=> $items['user_ids_options'],
-						'S_DEFINED_GROUP_OPTIONS'	=> $s_defined_group_options,
+						'S_DEFINED_GROUP_OPTIONS'	=> $items['group_ids_options'],
-						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $defined_group_ids),
+						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids']),
 						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=add_user&amp;field=username'))
 					);
@ -457,7 +413,7 @@ class acp_permissions
 			{
 				$sql = 'SELECT forum_name
 					FROM ' . FORUMS_TABLE . '
-					WHERE forum_id IN (' . implode(', ', $forum_id) . ')
+					WHERE ' . $db->sql_in_set('forum_id', $forum_id) . '
 					ORDER BY forum_name ASC';
 				$result = $db->sql_query($sql);
@ -497,7 +453,7 @@ class acp_permissions
 				'S_SETTING_PERMISSIONS'		=> true)
 			);
-			$hold_ary = $auth_admin->get_mask('set', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_UNSET);
+			$hold_ary = $auth_admin->get_mask('set', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
 			$auth_admin->display_mask('set', $permission_type, $hold_ary, ((sizeof($user_id)) ? 'user' : 'group'), (($permission_scope == 'local') ? true : false));
 		}
 		else
@ -506,7 +462,7 @@ class acp_permissions
 				'S_VIEWING_PERMISSIONS'		=> true)
 			);
-			$hold_ary = $auth_admin->get_mask('view', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NO);
+			$hold_ary = $auth_admin->get_mask('view', (sizeof($user_id)) ? $user_id : false, (sizeof($group_id)) ? $group_id : false, (sizeof($forum_id)) ? $forum_id : false, $permission_type, $permission_scope, ACL_NEVER);
 			$auth_admin->display_mask('view', $permission_type, $hold_ary, ((sizeof($user_id)) ? 'user' : 'group'), (($permission_scope == 'local') ? true : false));
 		}
 	}
@ -598,7 +554,7 @@ class acp_permissions
 		$sql = "SELECT $sql_id
 			FROM $table
-			WHERE $sql_id IN (" . implode(', ', $ids) . ')';
+			WHERE " . $db->sql_in_set($sql_id, $ids);
 		$result = $db->sql_query($sql);
 		$ids = array();
@ -783,10 +739,10 @@ class acp_permissions
 		}
 		$db->sql_freeresult($result);
-		// We need to add any ACL_UNSET setting from auth_settings to compare correctly
+		// We need to add any ACL_NO setting from auth_settings to compare correctly
 		foreach ($auth_settings as $option => $setting)
 		{
-			if ($setting == ACL_UNSET)
+			if ($setting == ACL_NO)
 			{
 				$test_auth_settings[$option] = $setting;
 			}
@ -847,8 +803,8 @@ class acp_permissions
 		}
 		// Logging ... first grab user or groupnames ...
-		$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id';
+		$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE ' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE ';
-		$sql .=  ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
+		$sql .=  $db->sql_in_set(($ug_type == 'group') ? 'group_id' : 'user_id', array_map('intval', $ug_id));
 		$result = $db->sql_query($sql);
 		$l_ug_list = '';
@ -869,7 +825,7 @@ class acp_permissions
 			// Grab the forum details if non-zero forum_id
 			$sql = 'SELECT forum_name  
 				FROM ' . FORUMS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_id);
 			$result = $db->sql_query($sql);
 			$l_forum_list = '';
@ -902,7 +858,7 @@ class acp_permissions
 		if (sizeof($perms))
 		{
 			$sql = 'DELETE FROM ' . ZEBRA_TABLE . ' 
-				WHERE zebra_id IN (' . implode(', ', array_unique($perms)) . ')
+				WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
 					AND foe = 1';
 			$db->sql_query($sql);
 		}
@ -960,8 +916,8 @@ class acp_permissions
 			'WHO'			=> $user->lang['DEFAULT'],
 			'INFORMATION'	=> $user->lang['TRACE_DEFAULT'],
-			'S_SETTING_UNSET'	=> true,
+			'S_SETTING_NO'		=> true,
-			'S_TOTAL_UNSET'		=> true)
+			'S_TOTAL_NO'		=> true)
 		);
 		$sql = 'SELECT DISTINCT g.group_name, g.group_id, g.group_type
@ -976,12 +932,13 @@ class acp_permissions
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$groups[$row['group_id']] = array(
-				'auth_setting'		=> ACL_UNSET,
+				'auth_setting'		=> ACL_NO,
 				'group_name'		=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']
 			);
 		}
 		$db->sql_freeresult($result);
 		$total = ACL_NO;
 		if (sizeof($groups))
 		{
 			// Get group auth settings
@ -993,23 +950,22 @@ class acp_permissions
 			}
 			unset($hold_ary);
 			$total = ACL_UNSET;
 			foreach ($groups as $id => $row)
 			{
 				switch ($row['auth_setting'])
 				{
-					case ACL_UNSET:
+					case ACL_NO:
-						$information = $user->lang['TRACE_GROUP_UNSET'];
+						$information = $user->lang['TRACE_GROUP_NO'];
 					break;
 					case ACL_YES:
-						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_GROUP_YES_TOTAL_NO'] : $user->lang['TRACE_GROUP_YES_TOTAL_UNSET']);
+						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_YES_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_YES_TOTAL_NO']);
-						$total = ($total == ACL_UNSET) ? ACL_YES : $total;
+						$total = ($total == ACL_NO) ? ACL_YES : $total;
 					break;
-					case ACL_NO:
+					case ACL_NEVER:
-						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NO_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_GROUP_NO_TOTAL_NO'] : $user->lang['TRACE_GROUP_NO_TOTAL_UNSET']);
+						$information = ($total == ACL_YES) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_GROUP_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_GROUP_NEVER_TOTAL_NO']);
-						$total = ACL_NO;
+						$total = ACL_NEVER;
 					break;
 				}
@ -1017,35 +973,35 @@ class acp_permissions
 					'WHO'			=> $row['group_name'],
 					'INFORMATION'	=> $information,
 					'S_SETTING_UNSET'	=> ($row['auth_setting'] == ACL_UNSET) ? true : false,
 					'S_SETTING_YES'		=> ($row['auth_setting'] == ACL_YES) ? true : false,
 					'S_SETTING_NO'		=> ($row['auth_setting'] == ACL_NO) ? true : false,
-					'S_TOTAL_UNSET'		=> ($total == ACL_UNSET) ? true : false,
+					'S_SETTING_YES'		=> ($row['auth_setting'] == ACL_YES) ? true : false,
 					'S_SETTING_NEVER'	=> ($row['auth_setting'] == ACL_NEVER) ? true : false,
 					'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false,
 					'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
-					'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false)
+					'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
 				);
 			}
 		}
 		// Get user specific permission...
 		$hold_ary = $auth->acl_user_raw_data($user_id, $permission, $forum_id);
-		$auth_setting = (!sizeof($hold_ary)) ? ACL_UNSET : $hold_ary[$user_id][$forum_id][$permission];
+		$auth_setting = (!sizeof($hold_ary)) ? ACL_NO : $hold_ary[$user_id][$forum_id][$permission];
 		switch ($auth_setting)
 		{
-			case ACL_UNSET:
+			case ACL_NO:
-				$information = ($total == ACL_UNSET) ? $user->lang['TRACE_USER_UNSET_TOTAL_UNSET'] : $user->lang['TRACE_USER_KEPT'];
+				$information = ($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO'] : $user->lang['TRACE_USER_KEPT'];
-				$total = ($total == ACL_UNSET) ? ACL_NO : $total;
+				$total = ($total == ACL_NO) ? ACL_NEVER : $total;
 			break;
 			case ACL_YES:
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_USER_YES_TOTAL_NO'] : $user->lang['TRACE_USER_YES_TOTAL_UNSET']);
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_YES_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_YES_TOTAL_NEVER'] : $user->lang['TRACE_USER_YES_TOTAL_NO']);
-				$total = ($total == ACL_UNSET) ? ACL_YES : $total;
+				$total = ($total == ACL_NO) ? ACL_YES : $total;
 			break;
-			case ACL_NO:
+			case ACL_NEVER:
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NO_TOTAL_YES'] : (($total == ACL_NO) ? $user->lang['TRACE_USER_NO_TOTAL_NO'] : $user->lang['TRACE_USER_NO_TOTAL_UNSET']);
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_NEVER_TOTAL_YES'] : (($total == ACL_NEVER) ? $user->lang['TRACE_USER_NEVER_TOTAL_NEVER'] : $user->lang['TRACE_USER_NEVER_TOTAL_NO']);
-				$total = ACL_NO;
+				$total = ACL_NEVER;
 			break;
 		}
@ -1053,12 +1009,12 @@ class acp_permissions
 			'WHO'			=> $userdata['username'],
 			'INFORMATION'	=> $information,
 			'S_SETTING_UNSET'	=> ($auth_setting == ACL_UNSET) ? true : false,
 			'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
 			'S_SETTING_NO'		=> ($auth_setting == ACL_NO) ? true : false,
-			'S_TOTAL_UNSET'		=> false,
+			'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
 			'S_SETTING_NEVER'	=> ($auth_setting == ACL_NEVER) ? true : false,
 			'S_TOTAL_NO'		=> false,
 			'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
-			'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false)
+			'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
 		);
 		// global permission might overwrite local permission
@ -1077,24 +1033,24 @@ class acp_permissions
 			if ($auth_setting)
 			{
-				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_YES'] : $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_NO'];
+				$information = ($total == ACL_YES) ? $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_YES'] : $user->lang['TRACE_USER_GLOBAL_YES_TOTAL_NEVER'];
 				$total = ACL_YES;
 			}
 			else
 			{
-				$information = $user->lang['TRACE_USER_GLOBAL_NO_TOTAL_KEPT'];
+				$information = $user->lang['TRACE_USER_GLOBAL_NEVER_TOTAL_KEPT'];
 			}
 			$template->assign_block_vars('trace', array(
 				'WHO'			=> sprintf($user->lang['TRACE_GLOBAL_SETTING'], $userdata['username']),
 				'INFORMATION'	=> sprintf($information, '<a href="' . $this->u_action . "&amp;u=$user_id&amp;f=0&amp;auth=$permission&amp;back=$forum_id\">", '</a>'),
-				'S_SETTING_UNSET'	=> false,
+				'S_SETTING_NO'		=> false,
 				'S_SETTING_YES'		=> $auth_setting,
-				'S_SETTING_NO'		=> !$auth_setting,
+				'S_SETTING_NEVER'	=> !$auth_setting,
-				'S_TOTAL_UNSET'		=> false,
+				'S_TOTAL_NO'		=> false,
 				'S_TOTAL_YES'		=> ($total == ACL_YES) ? true : false,
-				'S_TOTAL_NO'		=> ($total == ACL_NO) ? true : false)
+				'S_TOTAL_NEVER'		=> ($total == ACL_NEVER) ? true : false)
 			);
 		}
@ -1105,15 +1061,101 @@ class acp_permissions
 				'WHO'			=> $userdata['username'],
 				'INFORMATION'	=> $user->lang['TRACE_USER_FOUNDER'],
 				'S_SETTING_UNSET'	=> ($auth_setting == ACL_UNSET) ? true : false,
 				'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
 				'S_SETTING_NO'		=> ($auth_setting == ACL_NO) ? true : false,
-				'S_TOTAL_UNSET'		=> false,
+				'S_SETTING_YES'		=> ($auth_setting == ACL_YES) ? true : false,
 				'S_SETTING_NEVER'	=> ($auth_setting == ACL_NEVER) ? true : false,
 				'S_TOTAL_NO'		=> false,
 				'S_TOTAL_YES'		=> true,
-				'S_TOTAL_NO'		=> false)
+				'S_TOTAL_NEVER'		=> false)
 			);
 		}
 	}
 	/**
 	* Get already assigned users/groups
 	*/
 	function retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type)
 	{
 		global $db, $user;
 		$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
 		$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
 		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
 			'SELECT'	=> 'u.username, u.user_regdate, u.user_id',
 			'FROM'		=> array(
 				USERS_TABLE			=> 'u',
 				ACL_OPTIONS_TABLE	=> 'o',
 				ACL_USERS_TABLE		=> 'a'
 			),
 			'LEFT_JOIN'	=> array(
 				array(
 					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
 					'ON'	=> 'a.auth_role_id = r.role_id'
 				)
 			),
 			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
 				$sql_permission_option
 				$sql_forum_id
 				AND u.user_id = a.user_id",
 			'ORDER_BY'	=> 'u.username, u.user_regdate ASC'
 		));
 		$result = $db->sql_query($sql);
 		$s_defined_user_options = '';
 		$defined_user_ids = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
 			$defined_user_ids[] = $row['user_id'];
 		}
 		$db->sql_freeresult($result);
 		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
 			'SELECT'	=> 'g.group_type, g.group_name, g.group_id',
 			'FROM'		=> array(
 				GROUPS_TABLE		=> 'g',
 				ACL_OPTIONS_TABLE	=> 'o',
 				ACL_GROUPS_TABLE	=> 'a'
 			),
 			'LEFT_JOIN'	=> array(
 				array(
 					'FROM'	=> array(ACL_ROLES_DATA_TABLE => 'r'),
 					'ON'	=> 'a.auth_role_id = r.role_id'
 				)
 			),
 			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
 				$sql_permission_option
 				$sql_forum_id
 				AND g.group_id = a.group_id",
 			'ORDER_BY'	=> 'g.group_type DESC, g.group_name ASC'
 		));
 		$result = $db->sql_query($sql);
 		$s_defined_group_options = '';
 		$defined_group_ids = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$s_defined_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
 			$defined_group_ids[] = $row['group_id'];
 		}
 		$db->sql_freeresult($result);
 		return array(
 			'group_ids'			=> $defined_group_ids,
 			'group_ids_options'	=> $s_defined_group_options,
 			'user_ids'			=> $defined_user_ids,
 			'user_ids_options'	=> $s_defined_user_options
 		);
 	}
 }
 ?>
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@ -50,7 +50,8 @@ class acp_profile
 		$lang_defs = array();
 		$sql = 'SELECT lang_id, lang_iso
-			FROM ' . LANG_TABLE;
+			FROM ' . LANG_TABLE . '
 			ORDER BY lang_english_name';
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
@ -119,19 +120,19 @@ class acp_profile
 							$db->sql_freeresult($result);
 							// Create a temp table and populate it, destroy the existing one
-							$db->sql_query(preg_replace('#CREATE\s+TABLE\s+' . PROFILE_FIELDS_DATA_TABLE . '#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
+							$db->sql_query(preg_replace('#CREATE\s+TABLE\s+"?' . PROFILE_FIELDS_DATA_TABLE . '"?#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
 							$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
 							$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
 							preg_match('#\((.*)\)#s', $row['sql'], $matches);
-							$new_table_cols = $matches[1];
+							$new_table_cols = trim($matches[1]);
 							$old_table_cols = explode(',', $new_table_cols);
 							$column_list = array();
 							foreach($old_table_cols as $declaration)
 							{
-								$entities = preg_split('#\s+#', $declaration);
+								$entities = preg_split('#\s+#', trim($declaration));
-								if ($entities[0] !== $field_ident)
+								if ($entities[0] !== '_' . $field_ident)
 								{
 									$column_list[] = $entities[0];
 								}
@ -139,7 +140,7 @@ class acp_profile
 							$columns = implode(',', $column_list);
-							$new_table_cols = preg_replace('/' . $field_ident . '[^,]+,/', '', $new_table_cols);
+							$new_table_cols = preg_replace('/' . '_' . $field_ident . '[^,]+,/', '', $new_table_cols);
 							// create a new table and fill it up. destroy the temp one
 							$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
@ -148,7 +149,7 @@ class acp_profile
 						break;
 						default:
-							$db->sql_query('ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " DROP $field_ident");
+							$db->sql_query('ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " DROP _$field_ident");
 					}
 					$order = 0;
@ -293,7 +294,8 @@ class acp_profile
 					$field_type = $field_row['field_type'];
 					// Get language entries
-					$sql = 'SELECT * FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
+					$sql = 'SELECT *
 						FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
 						WHERE lang_id = ' . $lang_defs['iso'][$config['default_lang']] . "
 							AND field_id = $field_id
 						ORDER BY option_id ASC";
@ -302,7 +304,7 @@ class acp_profile
 					$lang_options = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$lang_options[$row['option_id']] = $row['value'];
+						$lang_options[$row['option_id']] = $row['lang_value'];
 					}
 					$db->sql_freeresult($result);
@ -474,7 +476,8 @@ class acp_profile
 				if ($action == 'edit')
 				{
 					// Get language entries
-					$sql = 'SELECT * FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
+					$sql = 'SELECT *
 						FROM ' . PROFILE_FIELDS_LANG_TABLE . ' 
 						WHERE lang_id <> ' . $lang_defs['iso'][$config['default_lang']] . "
 							AND field_id = $field_id
 						ORDER BY option_id ASC";
@ -483,12 +486,13 @@ class acp_profile
 					$l_lang_options = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
-						$l_lang_options[$row['lang_id']][$row['option_id']] = $row['value'];
+						$l_lang_options[$row['lang_id']][$row['option_id']] = $row['lang_value'];
 					}
 					$db->sql_freeresult($result);
-					$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value FROM ' . PROFILE_LANG_TABLE . ' 
+					$sql = 'SELECT lang_id, lang_name, lang_explain, lang_default_value
 						FROM ' . PROFILE_LANG_TABLE . ' 
 						WHERE lang_id <> ' . $lang_defs['iso'][$config['default_lang']] . "
 							AND field_id = $field_id
 						ORDER BY lang_id ASC";
@ -536,7 +540,7 @@ class acp_profile
 					if ($cp->vars['lang_name'] == '')
 					{
-						$error[] = $user->lang['EMPTY_USER_FIELD_IDENT'];
+						$error[] = $user->lang['EMPTY_USER_FIELD_NAME'];
 					}
 					if ($field_type == FIELD_BOOL || $field_type == FIELD_DROPDOWN)
@ -769,7 +773,8 @@ class acp_profile
 		$sql = 'SELECT lang_id, lang_iso 
 			FROM ' . LANG_TABLE . "
-			WHERE lang_iso <> '" . $config['default_lang'] . "'";
+			WHERE lang_iso <> '" . $config['default_lang'] . "'
 			ORDER BY lang_english_name";
 		$result = $db->sql_query($sql);
 		$languages = array();
@ -928,273 +933,23 @@ class acp_profile
 				'field_active'		=> 1
 			);
-			$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_TABLE . ' ' . $db->sql_build_array('INSERT', $profile_fields));
+			$sql = 'INSERT INTO ' . PROFILE_FIELDS_TABLE . ' ' . $db->sql_build_array('INSERT', $profile_fields);
 			$db->sql_query($sql);
 			$field_id = $db->sql_nextid();
 		}
 		else
 		{
-			$db->sql_query('UPDATE ' . PROFILE_FIELDS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $profile_fields) . "
+			$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . '
-				WHERE field_id = $field_id");
+				SET ' . $db->sql_build_array('UPDATE', $profile_fields) . "
 				WHERE field_id = $field_id";
 			$db->sql_query($sql);
 		}
 		if ($action == 'create')
 		{
-			switch (SQL_LAYER)
+			$field_ident = '_' . $field_ident;
-			{
+			$profile_sql[] = $this->add_field_ident($field_ident, $field_type);
 				case 'mysql':
 				case 'mysql4':
 				case 'mysqli':
 					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD `$field_ident` ";
 					switch ($field_type)
 					{
 						case FIELD_STRING:
 							$sql .= ' VARCHAR(255) ';
 						break;
 						case FIELD_DATE:
 							$sql .= 'VARCHAR(10) ';
 						break;
 						case FIELD_TEXT:
 							$sql .= "TEXT";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
 						break;
 						case FIELD_BOOL:
 							$sql .= 'TINYINT(2) ';
 						break;
 						case FIELD_DROPDOWN:
 							$sql .= 'MEDIUMINT(8) ';
 						break;
 						case FIELD_INT:
 							$sql .= 'BIGINT(20) ';
 						break;
 					}
 				break;
 				case 'sqlite':
 					switch ($field_type)
 					{
 						case FIELD_STRING:
 							$type = ' VARCHAR(255) ';
 						break;
 						case FIELD_DATE:
 							$type = 'VARCHAR(10) ';
 						break;
 						case FIELD_TEXT:
 							$type = "TEXT(65535)";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
 						break;
 						case FIELD_BOOL:
 							$type = 'TINYINT(2) ';
 						break;
 						case FIELD_DROPDOWN:
 							$type = 'MEDIUMINT(8) ';
 						break;
 						case FIELD_INT:
 							$type = 'BIGINT(20) ';
 						break;
 					}
 					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 					if (version_compare(sqlite_libversion(), '3.0') == -1)
 					{
 						$sql = "SELECT sql
 							FROM sqlite_master 
 							WHERE type = 'table' 
 								AND name = '" . PROFILE_FIELDS_DATA_TABLE . "'
 							ORDER BY type DESC, name;";
 						$result = $db->sql_query($sql);
 						$row = $db->sql_fetchrow($result);
 						$db->sql_freeresult($result);
 						// Create a temp table and populate it, destroy the existing one
 						$db->sql_query(preg_replace('#CREATE\s+TABLE\s+' . PROFILE_FIELDS_DATA_TABLE . '#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
 						$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
 						$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
 						preg_match('#\((.*)\)#s', $row['sql'], $matches);
 						$new_table_cols = $matches[1];
 						$old_table_cols = explode(',', $new_table_cols);
 						$column_list = array();
 						foreach($old_table_cols as $declaration)
 						{
 							$entities = preg_split('#\s+#', $declaration);
 							$column_list[] = $entities[0];
 						}
 						$columns = implode(',', $column_list);
 						$new_table_cols = $field_ident . ' ' . $type . ',' . $new_table_cols;
 						// create a new table and fill it up. destroy the temp one
 						$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
 						$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $columns . ') SELECT ' . $columns . ' FROM ' . PROFILE_FIELDS_DATA_TABLE . '_temp;');
 						$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp');
 					}
 					else
 					{
 						$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident $type";
 					}
 				break;
 				case 'mssql':
 				case 'mssql_odbc':
 					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 					$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD $field_ident ";
 					switch ($field_type)
 					{
 						case FIELD_STRING:
 							$sql .= ' [VARCHAR] (255) ';
 						break;
 						case FIELD_DATE:
 							$sql .= '[VARCHAR] (10) ';
 						break;
 						case FIELD_TEXT:
 							$sql .= "[TEXT]";
 		//						ADD {$field_ident}_bbcode_uid [VARCHAR] (5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield [INT] UNSIGNED";
 						break;
 						case FIELD_BOOL:
 						case FIELD_DROPDOWN:
 							$sql .= '[INT] ';
 						break;
 						case FIELD_INT:
 							$sql .= '[FLOAT] ';
 						break;
 					}
 				break;
 				case 'postgres':
 					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD COLUMN $field_ident ";
 					switch ($field_type)
 					{
 						case FIELD_STRING:
 							$sql .= ' VARCHAR(255) ';
 						break;
 						case FIELD_DATE:
 							$sql .= 'VARCHAR(10) ';
 						break;
 						case FIELD_TEXT:
 							$sql .= "TEXT";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INT4 UNSIGNED";
 						break;
 						case FIELD_BOOL:
 							$sql .= 'INT2 ';
 						break;
 						case FIELD_DROPDOWN:
 							$sql .= 'INT4 ';
 						break;
 						case FIELD_INT:
 							$sql .= 'INT8 ';
 						break;
 					}
 				break;
 				case 'firebird':
 					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident ";
 					switch ($field_type)
 					{
 						case FIELD_STRING:
 							$sql .= ' VARCHAR(255) ';
 						break;
 						case FIELD_DATE:
 							$sql .= 'VARCHAR(10) ';
 						break;
 						case FIELD_TEXT:
 							$sql .= "BLOB SUB_TYPE TEXT";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INTEGER UNSIGNED";
 						break;
 						case FIELD_BOOL:
 						case FIELD_DROPDOWN:
 							$sql .= 'INTEGER ';
 						break;
 						case FIELD_INT:
 							$sql .= 'DOUBLE PRECISION ';
 						break;
 					}
 				break;
 				case 'oracle':
 					// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident ";
 					switch ($field_type)
 					{
 						case FIELD_STRING:
 							$sql .= ' VARCHAR2(255) ';
 						break;
 						case FIELD_DATE:
 							$sql .= 'VARCHAR2(10) ';
 						break;
 						case FIELD_TEXT:
 							$sql .= "CLOB";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR2(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield NUMBER(11) UNSIGNED";
 						break;
 						case FIELD_BOOL:
 							$sql .= 'NUMBER(2) ';
 						break;
 						case FIELD_DROPDOWN:
 							$sql .= 'NUMBER(8) ';
 						break;
 						case FIELD_INT:
 							$sql .= 'NUMBER(20) ';
 						break;
 					}
 				break;
 			}
 			$profile_sql[] = $sql;
 		}
 		$sql_ary = array(
@ -1272,7 +1027,7 @@ class acp_profile
 			{
 				$sql_ary = array(
 					'field_type'	=> (int) $field_type,
-					'value'			=> $value
+					'lang_value'	=> $value
 				);
 				if ($action == 'create')
@ -1327,7 +1082,7 @@ class acp_profile
 							'lang_id'		=> (int) $lang_id,
 							'option_id'		=> (int) $option_id,
 							'field_type'	=> (int) $field_type,
-							'value'			=> $value
+							'lang_value'	=> $value
 						);
 					}
 				}
@ -1380,6 +1135,7 @@ class acp_profile
 			}
 		}
 		$db->sql_transaction('begin');
 		if ($action == 'create')
@ -1399,7 +1155,7 @@ class acp_profile
 		}
 		else
 		{
-			add_log('admin', 'LOG_PROFILE_FIELD_CREATE', $field_ident . ':' . $cp->vars['lang_name']);
+			add_log('admin', 'LOG_PROFILE_FIELD_CREATE', substr($field_ident, 1) . ':' . $cp->vars['lang_name']);
 			trigger_error($user->lang['ADDED_PROFILE_FIELD'] . adm_back_link($this->u_action));
 		}
 	}
@ -1451,6 +1207,276 @@ class acp_profile
 			}
 		}
 	}
 	/**
 	* Return sql statement for adding a new field ident (profile field) to the profile fields data table
 	*/
 	function add_field_ident($field_ident, $field_type)
 	{
 		global $db;
 		switch (SQL_LAYER)
 		{
 			case 'mysql':
 			case 'mysql4':
 			case 'mysqli':
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD `$field_ident` ";
 				switch ($field_type)
 				{
 					case FIELD_STRING:
 						$sql .= ' VARCHAR(255) ';
 					break;
 					case FIELD_DATE:
 						$sql .= 'VARCHAR(10) ';
 					break;
 					case FIELD_TEXT:
 						$sql .= "TEXT";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
 					break;
 					case FIELD_BOOL:
 						$sql .= 'TINYINT(2) ';
 					break;
 					case FIELD_DROPDOWN:
 						$sql .= 'MEDIUMINT(8) ';
 					break;
 					case FIELD_INT:
 						$sql .= 'BIGINT(20) ';
 					break;
 				}
 			break;
 			case 'sqlite':
 				switch ($field_type)
 				{
 					case FIELD_STRING:
 						$type = ' VARCHAR(255) ';
 					break;
 					case FIELD_DATE:
 						$type = 'VARCHAR(10) ';
 					break;
 					case FIELD_TEXT:
 						$type = "TEXT(65535)";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INT(11) UNSIGNED";
 					break;
 					case FIELD_BOOL:
 						$type = 'TINYINT(2) ';
 					break;
 					case FIELD_DROPDOWN:
 						$type = 'MEDIUMINT(8) ';
 					break;
 					case FIELD_INT:
 						$type = 'BIGINT(20) ';
 					break;
 				}
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				if (version_compare(sqlite_libversion(), '3.0') == -1)
 				{
 					$sql = "SELECT sql
 						FROM sqlite_master 
 						WHERE type = 'table' 
 							AND name = '" . PROFILE_FIELDS_DATA_TABLE . "'
 						ORDER BY type DESC, name;";
 					$result = $db->sql_query($sql);
 					$row = $db->sql_fetchrow($result);
 					$db->sql_freeresult($result);
 					// Create a temp table and populate it, destroy the existing one
 					$db->sql_query(preg_replace('#CREATE\s+TABLE\s+"?' . PROFILE_FIELDS_DATA_TABLE . '"?#i', 'CREATE TEMPORARY TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp', $row['sql']));
 					$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . '_temp SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE);
 					$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE);
 					preg_match('#\((.*)\)#s', $row['sql'], $matches);
 					$new_table_cols = trim($matches[1]);
 					$old_table_cols = explode(',', $new_table_cols);
 					$column_list = array();
 					foreach ($old_table_cols as $declaration)
 					{
 						$entities = preg_split('#\s+#', trim($declaration));
 						if ($entities == 'PRIMARY')
 						{
 							continue;
 						}
 						$column_list[] = $entities[0];
 					}
 					$columns = implode(',', $column_list);
 					$new_table_cols = $field_ident . ' ' . $type . ',' . $new_table_cols;
 					// create a new table and fill it up. destroy the temp one
 					$db->sql_query('CREATE TABLE ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $new_table_cols . ');');
 					$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' (' . $columns . ') SELECT ' . $columns . ' FROM ' . PROFILE_FIELDS_DATA_TABLE . '_temp;');
 					$db->sql_query('DROP TABLE ' . PROFILE_FIELDS_DATA_TABLE . '_temp');
 				}
 				else
 				{
 					$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD $field_ident [$type]";
 				}
 			break;
 			case 'mssql':
 			case 'mssql_odbc':
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] ";
 				switch ($field_type)
 				{
 					case FIELD_STRING:
 						$sql .= ' [VARCHAR] (255) ';
 					break;
 					case FIELD_DATE:
 						$sql .= '[VARCHAR] (10) ';
 					break;
 					case FIELD_TEXT:
 						$sql .= "[TEXT]";
 		//						ADD {$field_ident}_bbcode_uid [VARCHAR] (5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield [INT] UNSIGNED";
 					break;
 					case FIELD_BOOL:
 					case FIELD_DROPDOWN:
 						$sql .= '[INT] ';
 					break;
 					case FIELD_INT:
 						$sql .= '[FLOAT] ';
 					break;
 				}
 			break;
 			case 'postgres':
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD COLUMN \"$field_ident\" ";
 				switch ($field_type)
 				{
 					case FIELD_STRING:
 						$sql .= ' VARCHAR(255) ';
 					break;
 					case FIELD_DATE:
 						$sql .= 'VARCHAR(10) ';
 					break;
 					case FIELD_TEXT:
 						$sql .= "TEXT";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INT4 UNSIGNED";
 					break;
 					case FIELD_BOOL:
 						$sql .= 'INT2 ';
 					break;
 					case FIELD_DROPDOWN:
 						$sql .= 'INT4 ';
 					break;
 					case FIELD_INT:
 						$sql .= 'INT8 ';
 					break;
 				}
 			break;
 			case 'firebird':
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD \"$field_ident\" ";
 				switch ($field_type)
 				{
 					case FIELD_STRING:
 						$sql .= ' VARCHAR(255) ';
 					break;
 					case FIELD_DATE:
 						$sql .= 'VARCHAR(10) ';
 					break;
 					case FIELD_TEXT:
 						$sql .= "BLOB SUB_TYPE TEXT";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield INTEGER UNSIGNED";
 					break;
 					case FIELD_BOOL:
 					case FIELD_DROPDOWN:
 						$sql .= 'INTEGER ';
 					break;
 					case FIELD_INT:
 						$sql .= 'DOUBLE PRECISION ';
 					break;
 				}
 			break;
 			case 'oracle':
 				// We are defining the biggest common value, because of the possibility to edit the min/max values of each field.
 				$sql = 'ALTER TABLE ' . PROFILE_FIELDS_DATA_TABLE . " ADD \"$field_ident\" ";
 				switch ($field_type)
 				{
 					case FIELD_STRING:
 						$sql .= ' VARCHAR2(255) ';
 					break;
 					case FIELD_DATE:
 						$sql .= 'VARCHAR2(10) ';
 					break;
 					case FIELD_TEXT:
 						$sql .= "CLOB";
 		//						ADD {$field_ident}_bbcode_uid VARCHAR2(5) NOT NULL,
 		//						ADD {$field_ident}_bbcode_bitfield NUMBER(11) UNSIGNED";
 					break;
 					case FIELD_BOOL:
 						$sql .= 'NUMBER(2) ';
 					break;
 					case FIELD_DROPDOWN:
 						$sql .= 'NUMBER(8) ';
 					break;
 					case FIELD_INT:
 						$sql .= 'NUMBER(20) ';
 					break;
 				}
 			break;
 		}
 		return $sql;
 	}
 }
 ?>
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@ -68,7 +68,7 @@ class acp_prune
 				'S_PRUNED'		=> true)
 			);
-			$sql_forum = (sizeof($forum_id)) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : '';
+			$sql_forum = (sizeof($forum_id)) ? ' AND ' . $db->sql_in_set('forum_id', $forum_id) : '';
 			// Get a list of forum's or the data for the forum that we are pruning.
 			$sql = 'SELECT forum_id, forum_name 
@ -148,7 +148,7 @@ class acp_prune
 		{
 			$sql = 'SELECT forum_id, forum_name 
 				FROM ' . FORUMS_TABLE . ' 
-				WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_id);
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
@ -202,19 +202,11 @@ class acp_prune
 				if ($users)
 				{
-					$users = explode("\n", $users);
+					$where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
 					$where_sql = '';
 					foreach ($users as $username)
 					{
 						$where_sql .= (($where_sql != '') ? ', ' : '') . "'" . $db->sql_escape($username) . "'";
 					}
 					$where_sql = " AND username IN ($where_sql)";
 				}
 				else
 				{
-					$username = request_var('username', '', true);
+					$username = request_var('username', '');
 					$email = request_var('email', '');
 					$joined_select = request_var('joined_select', 'lt');
@ -317,7 +309,7 @@ class acp_prune
 					'prune'			=> 1,
 					'users'			=> request_var('users', ''),
-					'username'		=> request_var('username', '', true),
+					'username'		=> request_var('username', ''),
 					'email'			=> request_var('email', ''),
 					'joined_select'	=> request_var('joined_select', ''),
 					'joined'		=> request_var('joined', ''),
--- a/phpBB/includes/acp/acp_ranks.php
+++ b/phpBB/includes/acp/acp_ranks.php
@ -37,7 +37,7 @@ class acp_ranks
 				$rank_title = request_var('title', '', true);
 				$special_rank = request_var('special_rank', 0);
-				$min_posts = ($special_rank) ? -1 : request_var('min_posts', 0);
+				$min_posts = ($special_rank) ? 0 : request_var('min_posts', 0);
 				$rank_image = request_var('rank_image', '');
 				// The rank image has to be a jpg, gif or png
@ -130,7 +130,7 @@ class acp_ranks
 				{
 					foreach ($img_ary as $img)
 					{
-						$img = substr($path, 1) . (($path != '') ? '/' : '') . $img; 
+						$img = $path . $img; 
 						if (!in_array($img, $existing_imgs) || $action == 'edit')
 						{
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@ -76,7 +76,7 @@ class acp_reasons
 					{
 						$sql = 'SELECT reason_id
 							FROM ' . REPORTS_REASONS_TABLE . "
-							WHERE LOWER(reason_title) = '" . strtolower($reason_row['reason_title']) . "'";
+							WHERE LOWER(reason_title) = '" . strtolower($db->sql_escape($reason_row['reason_title'])) . "'";
 						$result = $db->sql_query($sql);
 						$row = $db->sql_fetchrow($result);
 						$db->sql_freeresult($result);
@ -198,10 +198,38 @@ class acp_reasons
 					$other_reason_id = (int) $db->sql_fetchfield('reason_id');
 					$db->sql_freeresult($result);
 					switch (SQL_LAYER)
 					{
 						// The ugly one!
 						case 'mysqli':
 						case 'mysql4':
 						case 'mysql':
 							// Change the reports using this reason to 'other'
 							$sql = 'UPDATE ' . REPORTS_TABLE . '
 								SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)
 								WHERE reason_id = $reason_id";
 						break;
 						// Nearly standard, not quite
 						case 'mssql':
 						case 'mssql_odbc':
 							// Change the reports using this reason to 'other'
 							$sql = 'UPDATE ' . REPORTS_TABLE . '
 								SET reason_id = ' . $other_reason_id . ", report_text = '" . $db->sql_escape($reason_row['reason_description']) . "\n\n' + report_text
 								WHERE reason_id = $reason_id";
 						break;
 						// Teh standard
 						case 'postgres':
 						case 'oracle':
 						case 'firebird':
 						case 'sqlite':
 							// Change the reports using this reason to 'other'
 							$sql = 'UPDATE ' . REPORTS_TABLE . '
 								SET reason_id = ' . $other_reason_id . ", report_text = '" . $db->sql_escape($reason_row['reason_description']) . "\n\n' || report_text
 								WHERE reason_id = $reason_id";
 						break;
 					}
 					$db->sql_query($sql);
 					$db->sql_query('DELETE FROM ' . REPORTS_REASONS_TABLE . ' WHERE reason_id = ' . $reason_id);
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@ -267,23 +267,24 @@ class acp_search
 				}
 				else
 				{
-					$sql = 'SELECT post_id, poster_id
+					$sql = 'SELECT post_id, poster_id, forum_id
 						FROM ' . POSTS_TABLE . '
 						WHERE post_id >= ' . (int) ($post_counter + 1) . '
 							AND post_id < ' . (int) ($post_counter + $this->batch_size);
 					$result = $db->sql_query($sql);
 					$ids = $posters = array();
-					while (false !== ($row = $db->sql_fetchrow($result)))
+					while ($row = $db->sql_fetchrow($result))
 					{
 						$ids[] = $row['post_id'];
 						$posters[] = $row['poster_id'];
 						$forum_ids[] = $row['forum_id'];
 					}
 					$db->sql_freeresult($result);
 					if (sizeof($ids))
 					{
-						$this->search->index_remove($ids, $posters);
+						$this->search->index_remove($ids, $posters, $forum_ids);
 					}
 					$post_counter += $this->batch_size;
@ -318,15 +319,15 @@ class acp_search
 				}
 				else
 				{
-					$sql = 'SELECT post_id, post_subject, post_text, poster_id
+					$sql = 'SELECT post_id, post_subject, post_text, post_encoding, poster_id, forum_id
 						FROM ' . POSTS_TABLE . '
 						WHERE post_id >= ' . (int) ($post_counter + 1) . '
 							AND post_id < ' . (int) ($post_counter + $this->batch_size);
 					$result = $db->sql_query($sql);
-					while (false !== ($row = $db->sql_fetchrow($result)))
+					while ($row = $db->sql_fetchrow($result))
 					{
-						$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id']);
+						$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['post_encoding'], $row['poster_id'], $row['forum_id']);
 					}
 					$db->sql_freeresult($result);
@ -523,6 +524,12 @@ class acp_search
 		include_once("{$phpbb_root_path}includes/search/$type.$phpEx");
 		if (!class_exists($type))
 		{
 			$error = $user->lang['NO_SUCH_SEARCH_MODULE'];
 			return $error;
 		}
 		$error = false;
 		$search = new $type($error);
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@ -27,7 +27,14 @@ class acp_styles
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		// Hardcoded template bitfield to add for new templates
-		define('TEMPLATE_BITFIELD', 6921);
+		$bitfield = new bitfield();
 		$bitfield->set(0);
 		$bitfield->set(3);
 		$bitfield->set(8);
 		$bitfield->set(9);
 		$bitfield->set(11);
 		$bitfield->set(12);
 		define('TEMPLATE_BITFIELD', $bitfield->get_base64());
 		$user->add_lang('acp/styles');
@ -82,7 +89,32 @@ parse_css_file = {PARSE_CSS_FILE}
 pagination_sep = \'{PAGINATION_SEP}\'
 ';
-		$this->imageset_keys = 'site_logo, btn_post, btn_post_pm, btn_reply, btn_reply_pm, btn_locked, btn_profile, btn_pm, btn_delete, btn_info, btn_quote, btn_search, btn_edit, btn_report, btn_email, btn_www, btn_icq, btn_aim, btn_yim, btn_msnm, btn_jabber, btn_online, btn_offline, btn_friend, btn_foe, icon_unapproved, icon_reported, icon_attach, icon_post, icon_post_new, icon_post_latest, icon_post_newest, forum, forum_new, forum_locked, forum_link, sub_forum, sub_forum_new, folder, folder_moved, folder_posted, folder_new, folder_new_posted, folder_hot, folder_hot_posted, folder_hot_new, folder_hot_new_posted, folder_locked, folder_locked_posted, folder_locked_new, folder_locked_new_posted, folder_sticky, folder_sticky_posted, folder_sticky_new, folder_sticky_new_posted, folder_announce, folder_announce_posted, folder_announce_new, folder_announce_new_posted, folder_global, folder_global_posted, folder_global_new, folder_global_new_posted, poll_left, poll_center, poll_right, attach_progress_bar, user_icon1, user_icon2, user_icon3, user_icon4, user_icon5, user_icon6, user_icon7, user_icon8, user_icon9, user_icon10';
+		$this->imageset_keys = array(
 			'logos' => array(
 				'site_logo',
 			),
 			'buttons'	=> array(
 				'icon_contact_aim', 'icon_contact_email', 'icon_contact_icq', 'icon_contact_jabber', 'icon_contact_msnm', 'icon_contact_pm', 'icon_contact_yahoo', 'icon_contact_www', 'icon_post_delete', 'icon_post_edit', 'icon_post_info', 'icon_post_quote', 'icon_post_report', 'icon_user_online', 'icon_user_offline', 'icon_user_profile', 'icon_user_search', 'icon_user_warn', 'button_pm_forward', 'button_pm_new', 'button_pm_reply', 'button_topic_locked', 'button_topic_new', 'button_topic_reply',
 			),
 			'icons'		=> array(
 				'icon_post_target', 'icon_post_target_unread', 'icon_topic_attach', 'icon_topic_latest', 'icon_topic_newest', 'icon_topic_reported', 'icon_topic_unapproved', 'icon_friend', 'icon_foe',
 			),
 			'forums'	=> array(
 				'forum_link', 'forum_read', 'forum_read_locked', 'forum_read_subforum', 'forum_unread', 'forum_unread_locked', 'forum_unread_subforum',
 			),
 			'folders'	=> array(
 				'topic_moved', 'topic_read', 'topic_read_mine', 'topic_read_hot', 'topic_read_hot_mine', 'topic_read_locked', 'topic_read_locked_mine', 'topic_unread', 'topic_unread_mine', 'topic_unread_hot', 'topic_unread_hot_mine', 'topic_unread_locked', 'topic_unread_locked_mine', 'sticky_read', 'sticky_read_mine', 'sticky_read_locked', 'sticky_read_locked_mine', 'sticky_unread', 'sticky_unread_mine', 'sticky_unread_locked', 'sticky_unread_locked_mine', 'announce_read', 'announce_read_mine', 'announce_read_locked', 'announce_read_locked_mine', 'announce_unread', 'announce_unread_mine', 'announce_unread_locked', 'announce_unread_locked_mine', 'global_read', 'global_read_mine', 'global_read_locked', 'global_read_locked_mine', 'global_unread', 'global_unread_mine', 'global_unread_locked', 'global_unread_locked_mine', 'pm_read', 'pm_unread',
 			),
 			'polls'		=> array(
 				'poll_left', 'poll_center', 'poll_right',
 			),
 			'ui'		=> array(
 				'upload_bar',
 			),
 			'user'		=> array(
 				'user_icon1', 'user_icon2', 'user_icon3', 'user_icon4', 'user_icon5', 'user_icon6', 'user_icon7', 'user_icon8', 'user_icon9', 'user_icon10',
 			),
 		);
 		// Execute overall actions
 		switch ($action)
@ -183,7 +215,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					break;
 				}
-				$this->frontend('style', array('details', 'export', 'delete'));
+				$this->frontend('style', array('details'), array('export', 'delete'));
 			break;
 			case 'template':
@ -260,7 +292,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					break;
 				}
-				$this->frontend('template', array('cache', 'details', 'refresh', 'edit', 'export', 'delete'));
+				$this->frontend('template', array('edit', 'cache', 'details'), array('refresh', 'export', 'delete'));
 			break;
 			case 'theme':
@ -303,6 +335,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 								$cache->destroy('sql', STYLES_THEME_TABLE);
 								add_log('admin', 'LOG_THEME_REFRESHED', $theme_row['theme_name']);
 								trigger_error($user->lang['THEME_REFRESHED'] . adm_back_link($this->u_action));
 							}
 						}
@ -318,11 +351,74 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					break;
 				}
-				$this->frontend('theme', array('details', 'refresh', 'edit', 'export', 'delete'));
+				$this->frontend('theme', array('edit', 'details'), array('refresh', 'export', 'delete'));
 			break;
 			case 'imageset':
-				$this->frontend('imageset', array('details', 'edit', 'delete', 'export'));
+
 				switch ($action)
 				{
 					case 'refresh':
 						$sql = 'SELECT *
 							FROM ' . STYLES_IMAGESET_TABLE . "
 							WHERE imageset_id = $style_id";
 						$result = $db->sql_query($sql);
 						$imageset_row = $db->sql_fetchrow($result);
 						$db->sql_freeresult($result);
 						if (!$imageset_row)
 						{
 							trigger_error($user->lang['NO_IMAGESET'] . adm_back_link($this->u_action));
 						}
 						if (confirm_box(true))
 						{
 							$sql_ary = array();
 							$cfg_data = parse_cfg_file("{$phpbb_root_path}styles/{$imageset_row['imageset_path']}/imageset/imageset.cfg");
 							$imageset_definitions = array();
 							foreach ($this->imageset_keys as $topic => $key_array)
 							{
 								$imageset_definitions = array_merge($imageset_definitions, $key_array);
 							}
 							foreach ($cfg_data as $key => $value)
 							{
 								if (strpos($key, 'img_') === 0)
 								{
 									$key = substr($key, 4);
 									if (in_array($key, $imageset_definitions))
 									{
 										$sql_ary[$key] = str_replace('{PATH}', "styles/{$imageset_row['imageset_path']}/imageset/", trim($value));
 									}
 								}
 							}
 							unset($cfg_data);
 							$sql = 'UPDATE ' . STYLES_IMAGESET_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 								WHERE imageset_id = $style_id";
 							$db->sql_query($sql);
 							$cache->destroy('sql', STYLES_IMAGESET_TABLE);
 							add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']);
 							trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action));
 						}
 						else
 						{
 							confirm_box(false, $user->lang['CONFIRM_IMAGESET_REFRESH'], build_hidden_fields(array(
 								'i'			=> $id,
 								'mode'		=> $mode,
 								'action'	=> $action,
 								'id'		=> $style_id
 							)));
 						}
 					break;
 				}
 				$this->frontend('imageset', array('edit', 'details'), array('refresh', 'export', 'delete'));
 			break;
 		}
 	}
@ -330,7 +426,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	/**
 	* Build Frontend with supplied options
 	*/
-	function frontend($mode, $options)
+	function frontend($mode, $options, $actions)
 	{
 		global $user, $template, $db, $config, $phpbb_root_path, $phpEx;
@ -408,12 +504,19 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				$s_options[] = '<a href="' . $this->u_action . "&amp;action=$option&amp;id=" . $row[$mode . '_id'] . '">' . $user->lang[strtoupper($option)] . '</a>';
 			}
 			$s_actions = array();
 			foreach ($actions as $option)
 			{
 				$s_actions[] = '<a href="' . $this->u_action . "&amp;action=$option&amp;id=" . $row[$mode . '_id'] . '">' . $user->lang[strtoupper($option)] . '</a>';
 			}
 			$template->assign_block_vars('installed', array(
 				'S_DEFAULT_STYLE'		=> ($mode == 'style' && $row['style_id'] == $config['default_style']) ? true : false,
 				'U_EDIT'				=> $this->u_action . '&amp;action=' . (($mode == 'style') ? 'details' : 'edit') . '&amp;id=' . $row[$mode . '_id'],
 				'U_STYLE_ACT_DEACT'		=> $this->u_action . '&amp;action=' . $stylevis . '&amp;id=' . $row[$mode . '_id'],
 				'L_STYLE_ACT_DEACT'		=> $user->lang['STYLE_' . strtoupper($stylevis)],
 				'S_OPTIONS'				=> implode(' | ', $s_options),
 				'S_ACTIONS'				=> implode(' | ', $s_actions),
 				'U_PREVIEW'				=> ($mode == 'style') ? append_sid("{$phpbb_root_path}index.$phpEx", "$mode=" . $row[$mode . '_id']) : '',
 				'NAME'					=> $row[$mode . '_name'],
@ -483,15 +586,16 @@ pagination_sep = \'{PAGINATION_SEP}\'
 		$filelist = $filelist_cats = array();
-		$template_data	= (!empty($_POST['template_data'])) ? ((STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data']) : '';
+		// we want newlines no carriage returns!
 		$_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
 		$template_data	= (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
 		$template_file		= request_var('template_file', '');
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
 		$save_changes	= (isset($_POST['save'])) ? true : false;
 		// make sure template_file path doesn't go upwards
 		$template_file = str_replace('..', '.', $template_file);
 		// we want newlines no carriage returns!
 		$template_data = str_replace(array("\n\r", "\r"), array("\n", "\n"), $template_data);
 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name
@ -728,7 +832,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				'FILENAME'	=> str_replace('.', '/', $source) . '.html')
 			);
-			$code = str_replace(array("\n\r", "\r"), array("\n", "\n"), file_get_contents("{$phpbb_root_path}cache/{$cache_prefix}_$source.html.$phpEx"));
+			$code = str_replace(array("\r\n", "\r"), array("\n", "\n"), file_get_contents("{$phpbb_root_path}cache/{$cache_prefix}_$source.html.$phpEx"));
 			$conf = array('highlight.bg', 'highlight.comment', 'highlight.default', 'highlight.html', 'highlight.keyword', 'highlight.string');
 			foreach ($conf as $ini_var)
@ -815,20 +919,20 @@ pagination_sep = \'{PAGINATION_SEP}\'
 		$this->page_title = 'EDIT_THEME';
 		// we want newlines no carriage returns!
 		$_POST['css_data'] = (isset($_POST['css_data']) && !empty($_POST['css_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['css_data']) : '';
 		// get user input
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
 		$hide_css		= request_var('hidecss', false);
 		$show_css		= !$hide_css && request_var('showcss', false);
 		$edit_class		= request_var('css_class', '');
 		$custom_class	= request_var('custom_class', '');
-		$css_data		= (!empty($_POST['css_data'])) ? ((STRIP) ? stripslashes($_POST['css_data']) : $_POST['css_data']) : '';
+		$css_data		= (STRIP) ? stripslashes($_POST['css_data']) : $_POST['css_data'];
 		$submit			= isset($_POST['submit']) ? true : false;
 		$add_custom		= isset($_POST['add_custom']) ? true : false;
 		$matches		= array();
 		// we want newlines no carriage returns!
 		$css_data = str_replace(array("\n\r", "\r"), array("\n", "\n"), $css_data);
 		// Retrieve some information about the theme
 		$sql = 'SELECT theme_storedb, theme_path, theme_name, theme_data
 			FROM ' . STYLES_THEME_TABLE . "
@ -943,7 +1047,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			$css_elements = array_diff(array_map('trim', explode("\n", preg_replace("#;[\n]*#s", "\n", $css_data))), array(''));
 			// Grab list of potential images for the "images" type
-			$imglist = filelist($phpbb_root_path . 'styles/' . $theme_info['theme_name'] . '/theme');
+			$img_filelist = filelist($phpbb_root_path . 'styles/' . $theme_info['theme_name'] . '/theme');
 			foreach ($match_elements as $type => $match_ary)
 			{
@ -1009,7 +1113,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 								$selected = ($unit_option == $unit) ? ' selected="selected"' : '';
 								$s_units .= "<option value=\"$unit_option\"$selected>$unit_option</option>";
 							}
-							$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option>' . $s_units;
+							$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_UNIT'] . '</option>' . $s_units;
 							$template->assign_vars(array(
 								strtoupper($var) => $value,
@ -1020,7 +1124,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 						case 'images':
 							// generate a list of images for this setting
 							$s_imglist = '';
-							foreach ($imglist as $path => $img_ary)
+							foreach ($img_filelist as $path => $img_ary)
 							{
 								foreach ($img_ary as $img)
 								{
@ -1030,7 +1134,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 									$s_imglist .= "<option value=\"$img\"$selected>$img</option>";
 								}
 							}
-							$s_imglist = '<option value=""' . (($value == '') ? ' selected="selected"' : '') . '>' . $user->lang['NONE'] . '</option>' . $s_imglist;
+							$s_imglist = '<option value=""' . (($value == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_IMAGE'] . '</option>' . $s_imglist;
 							$template->assign_vars(array(
 								'S_' . strtoupper($var) => $s_imglist)
@ -1065,7 +1169,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				$s_hidden_fields['cssother'] = implode(' ;; ', $css_elements);
 			}
-			unset($imglist, $css_elements);
+			unset($img_filelist, $css_elements);
 		}
 		// else if we are showing raw css or the user submitted data from the simple view
 		// then we need to turn the given information into raw css
@ -1257,24 +1361,8 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			// Check to see whether the selected image exists in the table
 			$valid_name = ($update) ? false : true;
 			$imglist = array(
 				'logos' => array(
 					'site_logo',
 				),
 				'buttons'	=> array(
 					'btn_post', 'btn_reply', 'btn_locked', 'btn_quote', 'btn_edit', 'btn_delete', 'btn_report', 'btn_post_pm', 'btn_reply_pm', 'btn_profile', 'btn_pm', 'btn_info', 'btn_search', 'btn_email', 'btn_www', 'btn_icq', 'btn_aim', 'btn_yim', 'btn_msnm', 'btn_jabber', 'btn_online', 'btn_offline',
 				),
 				'icons'		=> array(
 					'icon_unapproved', 'icon_reported', 'icon_attach', 'icon_post', 'icon_post_new', 'icon_post_latest', 'icon_post_newest',),
 				'forums'		=> array(
 					'forum', 'forum_new', 'forum_locked', 'forum_link', 'sub_forum', 'sub_forum_new',),
 				'folders'	=> array(
 					'folder', 'folder_posted', 'folder_new', 'folder_new_posted', 'folder_hot', 'folder_hot_posted', 'folder_hot_new', 'folder_hot_new_posted', 'folder_locked', 'folder_locked_posted', 'folder_locked_new', 'folder_locked_new_posted', 'folder_sticky', 'folder_sticky_posted', 'folder_sticky_new', 'folder_sticky_new_posted', 'folder_announce', 'folder_announce_posted', 'folder_announce_new', 'folder_announce_new_posted',),
 				'polls'		=> array(
 					'poll_left', 'poll_center', 'poll_right',),
 			);
-			foreach ($imglist as $category => $img_ary)
+			foreach ($this->imageset_keys as $category => $img_ary)
 			{
 				if (in_array($imgname, $img_ary))
 				{
@ -1317,11 +1405,12 @@ pagination_sep = \'{PAGINATION_SEP}\'
 		// Generate list of image options
 		$img_options = '';
-		foreach ($imglist as $category => $img_ary)
+		foreach ($this->imageset_keys as $category => $img_ary)
 		{
 			$template->assign_block_vars('category', array(
 				'NAME'			=> $user->lang['IMG_CAT_' . strtoupper($category)]
 			));
 			foreach ($img_ary as $img)
 			{
 				$template->assign_block_vars('category.images', array(
@ -1362,6 +1451,10 @@ pagination_sep = \'{PAGINATION_SEP}\'
 		}
 		closedir($dp);
 		// Make sure the list of possible images is sorted alphabetically
 		sort($imagesetlist['nolang']);
 		sort($imagesetlist['lang']);
 		$imagesetlist_options = '';
 		foreach ($imagesetlist as $type => $img_ary)
 		{
@ -1395,7 +1488,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			'IMAGE_OPTIONS'		=> $img_options,
 			'IMAGELIST_OPTIONS'	=> $imagesetlist_options,
 			'IMAGE_SIZE'		=> $imgsize_bool,
-			'IMAGE_REQUEST'		=> (!empty($imgname)) ? '../styles/' . $imageset_path . '/imageset/' . str_replace('{LANG}', $imglang, $img_info[0]) : '',
+			'IMAGE_REQUEST'		=> (!empty($img_info[0])) ? '../styles/' . $imageset_path . '/imageset/' . str_replace('{LANG}', $imglang, $img_info[0]) : '',
 			'U_ACTION'			=> $this->u_action . "&amp;action=edit&amp;id=$imageset_id",
 			'U_BACK'			=> $this->u_action,
 			'NAME'				=> $imageset_name,
@ -1408,7 +1501,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 	*/
 	function remove($mode, $style_id)
 	{
-		global $db, $template, $user, $phpbb_root_path, $cache;
+		global $db, $template, $user, $phpbb_root_path, $cache, $config;
 		$new_id = request_var('new_id', 0);
 		$update = (isset($_POST['update'])) ? true : false;
@ -1489,6 +1582,11 @@ pagination_sep = \'{PAGINATION_SEP}\'
 					SET forum_style = $new_id
 					WHERE forum_style = $style_id";
 				$db->sql_query($sql);
 				if ($style_id == $config['default_style'])
 				{
 					set_config('default_style', $new_id);
 				}
 			}
 			else
 			{
@ -1741,12 +1839,13 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			{
 				$imageset_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['imageset_name'], $style_row['imageset_copyright'], $config['version']), $this->imageset_cfg);
-				$imageset_definitions = explode(', ', $this->imageset_keys);
+				foreach ($this->imageset_keys as $topic => $key_array)
-
+				{
-				foreach ($imageset_definitions as $key)
+					foreach ($key_array as $key)
 					{
 						$imageset_cfg .= "\n" . $key . ' = ' . str_replace("styles/{$style_row['imageset_path']}/imageset/", '{PATH}', $style_row[$key]);
 					}
 				}
 				$files[] = array(
 					'src'		=> "styles/{$style_row['imageset_path']}/imageset/",
@ -1794,7 +1893,14 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			{
 				include($phpbb_root_path . 'includes/functions_compress.' . $phpEx);
 				if ($mode == 'style')
 				{
 					$path = preg_replace('#[^\w-]+#', '_', $style_row['style_name']);
 				}
 				else
 				{
 					$path = $style_row[$mode . '_path'];
 				}
 				if ($format == 'zip')
 				{
@ -2254,7 +2360,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				// heck of a lot of data ...
 				$sql_ary = array(
 					'template_id'			=> $style_id,
-					'template_filename'		=> "$template_pathfile$file",
+					'template_filename'		=> "$pathfile$file",
 					'template_included'		=> (isset($includes[$file])) ? implode(':', $includes[$file]) . ':' : '',
 					'template_mtime'		=> filemtime("{$phpbb_root_path}styles/$template_path$pathfile$file"),
 					'template_data'			=> file_get_contents("{$phpbb_root_path}styles/$template_path$pathfile$file"),
@ -2581,7 +2687,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			{
 				$style_row['style_id'] = 0;
-				$this->install_style($error, 'add', '', $style_row['style_id'], $style_row['style_name'], $style_row['style_copyright'], $style_row['style_active'], $style_row['style_default'], $style_row);
+				$this->install_style($error, 'add', '', $style_row['style_id'], $style_row['style_name'], '', $style_row['style_copyright'], $style_row['style_active'], $style_row['style_default'], $style_row);
 			}
 			if (!sizeof($error))
@ -2867,8 +2973,6 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			$mode . '_path'			=> $path,
 		);
 		if ($mode != 'imageset')
 		{
 		switch ($mode)
 		{
 			case 'template':
@ -2880,27 +2984,43 @@ pagination_sep = \'{PAGINATION_SEP}\'
 			break;
 			case 'theme':
 				// We are only interested in the theme configuration for now
 				$theme_cfg = parse_cfg_file("{$phpbb_root_path}styles/$path/theme/theme.cfg");
 				if (isset($theme_cfg['parse_css_file']) && $theme_cfg['parse_css_file'])
 				{
 					$store_db = 1;
 				}
 				$sql_ary += array(
 					'theme_storedb'	=> $store_db,
-						'theme_data'	=> ($store_db) ? (($root_path) ? $this->db_theme_data($sql_ary, false, $root_path) : '') : '',
+					'theme_data'	=> ($store_db) ? $this->db_theme_data($sql_ary, false, $root_path) : '',
 					'theme_mtime'	=> filemtime("{$phpbb_root_path}styles/$path/theme/stylesheet.css")
 				);
 			break;
-			}
+
-		}
+			case 'imageset':
 		else
 		{
 				$cfg_data = parse_cfg_file("$root_path$mode/imageset.cfg");
 				$imageset_definitions = array();
 				foreach ($this->imageset_keys as $topic => $key_array)
 				{
 					$imageset_definitions = array_merge($imageset_definitions, $key_array);
 				}
 				foreach ($cfg_data as $key => $value)
 				{
 					if (strpos($key, 'img_') === 0)
 					{
 						$key = substr($key, 4);
 						if (in_array($key, $imageset_definitions))
 						{
 							$sql_ary[$key] = str_replace('{PATH}', "styles/$path/imageset/", trim($value));
 						}
 					}
 				}
 				unset($cfg_data);
 			break;
 		}
 		$db->sql_transaction('begin');
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -14,6 +14,12 @@
 class acp_users
 {
 	var $u_action;
 	var $p_master;
 	function acp_users(&$p_master)
 	{
 		$this->p_master = &$p_master;
 	}
 	function main($id, $mode)
 	{
@ -28,7 +34,7 @@ class acp_users
 		include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
 		$error		= array();
-		$username	= request_var('username', '', true);
+		$username	= request_var('username', '');
 		$user_id	= request_var('u', 0);
 		$action		= request_var('action', '');
@ -114,7 +120,7 @@ class acp_users
 		foreach ($forms_ary['modes'] as $value => $ary)
 		{
-			if (!$this->is_authed($ary['auth']))
+			if (!$this->p_master->module_auth($ary['auth']))
 			{
 				continue;
 			}
@ -133,7 +139,7 @@ class acp_users
 		// Prevent normal users/admins change/view founders if they are not a founder by themselves
 		if ($user->data['user_type'] != USER_FOUNDER && $user_row['user_type'] == USER_FOUNDER)
 		{
-			trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action));
+			trigger_error($user->lang['NOT_MANAGE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 		}
 		switch ($mode)
@ -192,6 +198,12 @@ class acp_users
 						case 'banuser':
 						case 'banemail':
 						case 'banip':
 							if ($user_id == $user->data['user_id'])
 							{
 								trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 							}
 							$ban = array();
 							switch ($action)
@ -238,6 +250,11 @@ class acp_users
 						case 'reactivate':
 							if ($user_id == $user->data['user_id'])
 							{
 								trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 							}
 							if ($config['email_enable'])
 							{
 								include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
@ -287,6 +304,12 @@ class acp_users
 						case 'active':
 							if ($user_id == $user->data['user_id'])
 							{
 								// It is only deactivation since the user is already activated (else he would not have reached this page)
 								trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 							}
 							user_active_flip($user_id, $user_row['user_type'], false, $user_row['username']);
 							$message = ($user_row['user_type'] == USER_INACTIVE) ? 'USER_ADMIN_ACTIVATED' : 'USER_ADMIN_DEACTIVED';
@ -376,7 +399,7 @@ class acp_users
 								{
 									$sql = 'SELECT topic_id, topic_replies, topic_replies_real
 										FROM ' . TOPICS_TABLE . '
-										WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+										WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 									$result = $db->sql_query($sql);
 									$del_topic_ary = array();
@ -392,7 +415,7 @@ class acp_users
 									if (sizeof($del_topic_ary))
 									{
 										$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-											WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
+											WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
 										$db->sql_query($sql);
 									}
 								}
@ -478,7 +501,7 @@ class acp_users
 							{
 								$sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real
 									FROM ' . TOPICS_TABLE . '
-									WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+									WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 								$result = $db->sql_query($sql);
 								while ($row = $db->sql_fetchrow($result))
@ -601,8 +624,8 @@ class acp_users
 					// Validation data
 					$var_ary = array(
 						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 						'user_password'		=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 						'password_confirm'	=> array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
 						'warnings'			=> array('num'),
 					);
@ -657,9 +680,34 @@ class acp_users
 								$sql_ary['user_warnings'] = $data['warnings'];
 							}
-							if (($user_row['user_type'] == USER_FOUNDER && !$data['user_founder']) || ($user_row['user_type'] != USER_FOUNDER && $data['user_founder']))
+							// Only allow founders updating the founder status...
 							if ($user->data['user_type'] == USER_FOUNDER)
 							{
-								$sql_ary['user_type'] = ($data['user_founder']) ? USER_FOUNDER : USER_NORMAL;
+								// Setting a normal member to be a founder
 								if ($data['user_founder'] && $user_row['user_type'] != USER_FOUNDER)
 								{
 									$sql_ary['user_type'] = USER_FOUNDER;
 								}
 								else if (!$data['user_founder'] && $user_row['user_type'] == USER_FOUNDER)
 								{
 									// Check if at least one founder is present
 									$sql = 'SELECT user_id
 										FROM ' . USERS_TABLE . '
 										WHERE user_type = ' . USER_FOUNDER . '
 											AND user_id <> ' . $user_id;
 									$result = $db->sql_query_limit($sql, 1);
 									$row = $db->sql_fetchrow($result);
 									$db->sql_freeresult($result);
 									if ($row)
 									{
 										$sql_ary['user_type'] = USER_NORMAL;
 									}
 									else
 									{
 										trigger_error($user->lang['AT_LEAST_ONE_FOUNDER'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
 									}
 								}
 							}
 						}
@ -711,6 +759,9 @@ class acp_users
 							user_update_name($user_row['username'], $update_username);
 						}
 						// Let the users permissions being updated
 						$auth->acl_clear_prefetch($user_id);
 						add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);
 						trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
@ -721,12 +772,20 @@ class acp_users
 				}
 				$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
 				if ($user_id == $user->data['user_id'])
 				{
 					$quick_tool_ary = array('delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
 				}
 				else
 				{
 					$quick_tool_ary = array('banuser' => 'BAN_USER', 'banemail' => 'BAN_EMAIL', 'banip' => 'BAN_IP', 'active' => (($user_row['user_type'] == USER_INACTIVE) ? 'ACTIVATE' : 'DEACTIVATE'), 'delsig' => 'DEL_SIG', 'delavatar' => 'DEL_AVATAR', 'moveposts' => 'MOVE_POSTS', 'delposts' => 'DEL_POSTS', 'delattach' => 'DEL_ATTACH');
 					if ($config['email_enable'])
 					{
 						$quick_tool_ary['reactivate'] = 'FORCE';
 					}
 				}
 				$s_action_options = '<option class="sep" value="">' . $user->lang['SELECT_OPTION'] . '</option>';
 				foreach ($quick_tool_ary as $value => $lang)
@ -743,6 +802,7 @@ class acp_users
 					'S_USER_IP'			=> ($user_row['user_ip']) ? true : false,
 					'S_USER_FOUNDER'	=> ($user_row['user_type'] == USER_FOUNDER) ? true : false,
 					'S_ACTION_OPTIONS'	=> $s_action_options,
 					'S_OWN_ACCOUNT'		=> ($user_id == $user->data['user_id']) ? true : false,
 					'U_SHOW_IP'		=> $this->u_action . "&amp;u=$user_id&amp;ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 					'U_WHOIS'		=> $this->u_action . "&amp;action=whois&amp;user_ip={$user_row['user_ip']}",
@ -755,6 +815,7 @@ class acp_users
 					'USER_LASTACTIVE'	=> ($user_row['user_lastvisit']) ? $user->format_date($user_row['user_lastvisit']) : ' - ',
 					'USER_EMAIL'		=> $user_row['user_email'],
 					'USER_WARNINGS'		=> $user_row['user_warnings'],
 					'USER_POSTS'		=> $user_row['user_posts'],
 					)
 				);
@ -787,7 +848,7 @@ class acp_users
 						{
 							$sql_in[] = $mark;
 						}
-						$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+						$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 						unset($sql_in);
 					}
@ -813,7 +874,7 @@ class acp_users
 				// Sorting
 				$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 				$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
-				$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
+				$sort_by_sql = array('u' => 'l.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 				$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 				gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@ -943,6 +1004,34 @@ class acp_users
 						// Update Custom Fields
 						if (sizeof($cp_data))
 						{
 							switch (SQL_LAYER)
 							{
 								case 'oracle':
 								case 'firebird':
 								case 'postgres':
 									$right_delim = $left_delim = '"';
 								break;
 								case 'sqlite':
 								case 'mssql':
 								case 'mssql_odbc':
 									$right_delim = ']';
 									$left_delim = '[';
 								break;
 								case 'mysql':
 								case 'mysql4':
 								case 'mysqli':
 									$right_delim = $left_delim = '`';
 								break;
 							}
 							foreach ($cp_data as $key => $value)
 							{
 								$cp_data[$right_delim . $key . $left_delim] = $value;
 								unset($cp_data[$key]);
 							}
 							$sql = 'UPDATE ' . PROFILE_FIELDS_DATA_TABLE . '
 								SET ' . $db->sql_build_array('UPDATE', $cp_data) . "
 								WHERE user_id = $user_id";
@ -1077,7 +1166,7 @@ class acp_users
 					$var_ary = array(
 						'dateformat'	=> array('string', false, 3, 30),
-						'lang'			=> array('match', false, '#^[a-z_]{2,}$#i'),
+						'lang'			=> array('match', false, '#^[a-z_\-]{2,}$#i'),
 						'tz'			=> array('num', false, -14, 14),
 						'topic_sk'		=> array('string', false, 1, 1),
@ -1252,7 +1341,7 @@ class acp_users
 					'S_LANG_OPTIONS'	=> language_select($lang),
 					'S_STYLE_OPTIONS'	=> style_select($style),
-					'S_TZ_OPTIONS'		=> tz_select($tz),
+					'S_TZ_OPTIONS'		=> tz_select($tz, true),
 					)
 				);
@ -1449,6 +1538,7 @@ class acp_users
 			case 'sig':
 				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 				include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 				$enable_bbcode	= ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false;
 				$enable_smilies	= ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false;
@ -1520,9 +1610,14 @@ class acp_users
 					'L_SIGNATURE_EXPLAIN'	=> sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
 					'S_BBCODE_ALLOWED'		=> $config['allow_sig_bbcode'], 
-					'S_SMILIES_ALLOWED'		=> $config['allow_sig_smilies'],)
+					'S_SMILIES_ALLOWED'		=> $config['allow_sig_smilies'],
 					'S_BBCODE_IMG'			=> ($config['allow_sig_img']) ? true : false,
 					'S_BBCODE_FLASH'		=> ($config['allow_sig_flash']) ? true : false)
 				);
 				// Assigning custom bbcodes
 				display_custom_bbcodes();
 			break;
 			case 'attach':
@ -1541,7 +1636,7 @@ class acp_users
 					{
 						$sql = 'SELECT real_filename
 							FROM ' . ATTACHMENTS_TABLE . '
-							WHERE attach_id IN (' . implode(', ', $marked) . ')';
+							WHERE ' . $db->sql_in_set('attach_id', $marked);
 						$result = $db->sql_query($sql);
 						$log_attachments = array();
@ -1623,7 +1718,7 @@ class acp_users
 					$template->assign_block_vars('attach', array(
 						'REAL_FILENAME'		=> $row['real_filename'],
-						'COMMENT'			=> nl2br($row['comment']),
+						'COMMENT'			=> nl2br($row['attach_comment']),
 						'EXTENSION'			=> $row['extension'],
 						'SIZE'				=> ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
 						'DOWNLOAD_COUNT'	=> $row['download_count'],
@ -1745,14 +1840,14 @@ class acp_users
 				// Select box for other groups
 				$sql = 'SELECT group_id, group_name, group_type
 					FROM ' . GROUPS_TABLE . '
-					' . ((sizeof($id_ary)) ? 'WHERE group_id NOT IN (' . implode(', ', $id_ary) . ')' : '') . '
+					' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
 					ORDER BY group_type DESC, group_name ASC';
 				$result = $db->sql_query($sql);
 				$s_group_options = '';
 				while ($row = $db->sql_fetchrow($result))
 				{
-					if ($config['coppa_hide_groups'] && in_array($row['group_name'], array('INACTIVE_COPPA', 'REGISTERED_COPPA')))
+					if (!$config['coppa_enable'] && in_array($row['group_name'], array('INACTIVE_COPPA', 'REGISTERED_COPPA')))
 					{
 						continue;
 					}
@ -1809,28 +1904,40 @@ class acp_users
 				// Select auth options
 				$sql = 'SELECT auth_option, is_local, is_global
 					FROM ' . ACL_OPTIONS_TABLE . "
-					WHERE auth_option LIKE '%\_'
+					WHERE auth_option LIKE '%\_'";
-						AND is_global = 1
+
-					ORDER BY auth_option";
+				if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
 				{
 					$sql .= " ESCAPE '\\'";
 				}
 				$sql .= 'AND is_global = 1
 					ORDER BY auth_option';
 				$result = $db->sql_query($sql);
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NO);
+					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'global', ACL_NEVER);
 					$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', false, false);
 				}
 				$db->sql_freeresult($result);
 				$sql = 'SELECT auth_option, is_local, is_global
 					FROM ' . ACL_OPTIONS_TABLE . "
-					WHERE auth_option LIKE '%\_'
+					WHERE auth_option LIKE '%\_'";
-						AND is_local = 1
+
-					ORDER BY is_global DESC, auth_option";
+				if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
 				{
 					$sql .= " ESCAPE '\\'";
 				}
 				$sql .= 'AND is_local = 1
 					ORDER BY is_global DESC, auth_option';
 				$result = $db->sql_query($sql);
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NO);
+					$hold_ary = $auth_admin->get_mask('view', $user_id, false, false, $row['auth_option'], 'local', ACL_NEVER);
 					$auth_admin->display_mask('view', $row['auth_option'], $hold_ary, 'user', true, false);
 				}
 				$db->sql_freeresult($result);
@ -1895,26 +2002,6 @@ class acp_users
 		$var = ($data) ? $data : $user_row['user_options'];
 		return ($var & 1 << $user->keyoptions[$key]) ? true : false;
 	}
 	/**
 	* Check if user is allowed to call this user mode
 	*/
 	function is_authed($module_auth)
 	{
 		global $config, $auth;
 		$module_auth = trim($module_auth);
 		if (!$module_auth)
 		{
 			return true;
 		}
 		$is_auth = false;
 		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', 'true', '(int) $config["\\1"]'), $module_auth) . ');');
 		return $is_auth;
 	}
 }
 ?>
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@ -81,9 +81,9 @@ class auth_admin extends auth
 	* @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
 	* @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
 	* @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
-	* @param ACL_NO|ACL_UNSET|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
+	* @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
 	*/
-	function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NO)
+	function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
 	{
 		global $db, $user;
@ -136,7 +136,7 @@ class auth_admin extends auth
 			$sql = 'SELECT user_id, user_permissions, user_type
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(',', $ug_id) . ')';
+				WHERE ' . $db->sql_in_set('user_id', $ug_id);
 			$result = $db->sql_query($sql);
 			while ($userdata = $db->sql_fetchrow($result))
@ -292,14 +292,14 @@ class auth_admin extends auth
 		{
 			$sql = 'SELECT user_id as ug_id, username as ug_name
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')
+				WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
 				ORDER BY username ASC';
 		}
 		else
 		{
 			$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
 				FROM ' . GROUPS_TABLE . '
-				WHERE group_id IN (' . implode(', ', array_keys($hold_ary)) . ')
+				WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
 				ORDER BY group_type DESC, group_name ASC';
 		}
 		$result = $db->sql_query($sql);
@ -322,7 +322,7 @@ class auth_admin extends auth
 		$forum_names_ary = array();
 		if ($local)
 		{
-			$forum_names_ary = make_forum_select(false, false, true, false, false, true);
+			$forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
 		}
 		else
 		{
@ -361,7 +361,7 @@ class auth_admin extends auth
 			$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
 				FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
 				WHERE o.auth_option_id = r.auth_option_id
-					AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')';
+					AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
 			$result = $db->sql_query($sql);
 			while ($row = $db->sql_fetchrow($result))
@ -584,7 +584,7 @@ class auth_admin extends auth
 		// Get forum names
 		$sql = 'SELECT forum_id, forum_name
 			FROM ' . FORUMS_TABLE . '
-			WHERE forum_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
+			WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary));
 		$result = $db->sql_query($sql);
 		$forum_names = array();
@ -605,7 +605,7 @@ class auth_admin extends auth
 			{
 				$sql = 'SELECT user_id, username
 					FROM ' . USERS_TABLE . '
-					WHERE user_id IN (' . implode(', ', $auth_ary['users']) . ')
+					WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
 					ORDER BY username';
 				$result = $db->sql_query($sql);
@ -624,7 +624,7 @@ class auth_admin extends auth
 			{
 				$sql = 'SELECT group_id, group_name, group_type
 					FROM ' . GROUPS_TABLE . '
-					WHERE group_id IN (' . implode(', ', $auth_ary['groups']) . ')
+					WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
 					ORDER BY group_type ASC, group_name';
 				$result = $db->sql_query($sql);
@ -768,8 +768,8 @@ class auth_admin extends auth
 			$ug_id = array($ug_id);
 		}
-		$ug_id_sql = 'IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
+		$ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
-		$forum_sql = 'IN (' . implode(', ', array_map('intval', $forum_id)) . ') ';
+		$forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
 		// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
 		$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
@ -797,8 +797,8 @@ class auth_admin extends auth
 		}
 		$sql = "DELETE FROM $table
-			WHERE forum_id $forum_sql
+			WHERE $forum_sql
-				AND $id_field $ug_id_sql
+				AND $ug_id_sql
 				AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')';
 		$db->sql_query($sql);
@ -818,17 +818,17 @@ class auth_admin extends auth
 		if (sizeof($role_ids))
 		{
 			$sql = "DELETE FROM $table
-				WHERE forum_id $forum_sql
+				WHERE $forum_sql
-					AND $id_field $ug_id_sql
+					AND $ug_id_sql
 					AND auth_option_id = 0
-					AND auth_role_id IN (" . implode(', ', $role_ids) . ')';
+					AND " . $db->sql_in_set('auth_role_id', $role_ids);
 			$db->sql_query($sql);
 		}
 		// Ok, include the any-flag if one or more auth options are set to yes...
 		foreach ($auth as $auth_option => $setting)
 		{
-			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
+			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
 			{
 				$auth[$flag] = ACL_YES;
 			}
@ -858,7 +858,7 @@ class auth_admin extends auth
 				{
 					$auth_option_id = (int) $this->option_ids[$auth_option];
-					if ($setting != ACL_UNSET)
+					if ($setting != ACL_NO)
 					{
 						foreach ($ug_id as $id)
 						{
@ -920,7 +920,7 @@ class auth_admin extends auth
 		// Re-set any flag...
 		foreach ($auth as $auth_option => $setting)
 		{
-			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NO))
+			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
 			{
 				$auth[$flag] = ACL_YES;
 			}
@ -931,7 +931,7 @@ class auth_admin extends auth
 		{
 			$auth_option_id = (int) $this->option_ids[$auth_option];
-			if ($setting != ACL_UNSET)
+			if ($setting != ACL_NO)
 			{
 				$sql_ary[] = array(
 					'role_id'			=> (int) $role_id,
@ -941,13 +941,13 @@ class auth_admin extends auth
 			}
 		}
-		// If no data is there, we set the any-flag to ACL_NO...
+		// If no data is there, we set the any-flag to ACL_NEVER...
 		if (!sizeof($sql_ary))
 		{
 			$sql_ary[] = array(
 				'role_id'			=> (int) $role_id,
 				'auth_option_id'	=> $this->option_ids[$flag],
-				'auth_setting'		=> ACL_NO
+				'auth_setting'		=> ACL_NEVER
 			);
 		}
@ -995,12 +995,12 @@ class auth_admin extends auth
 		if ($forum_id !== false)
 		{
-			$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : 'forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
+			$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
 		}
 		if ($ug_id !== false)
 		{
-			$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $id_field . ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
+			$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
 		}
 		// There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
@ -1016,7 +1016,7 @@ class auth_admin extends auth
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$option_id_ary[] = $row['auth_option_id'];
-				$auth_id_ary[$row['auth_option']] = ACL_UNSET;
+				$auth_id_ary[$row['auth_option']] = ACL_NO;
 			}
 			$db->sql_freeresult($result);
@ -1043,7 +1043,7 @@ class auth_admin extends auth
 				$sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
 					FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
 					WHERE ao.auth_option_id = rd.auth_option_id
-						AND rd.role_id IN (' . implode(', ', array_keys($cur_role_auth)) . ')';
+						AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
 				$result = $db->sql_query($sql);
 				$auth_settings = array();
@ -1072,7 +1072,7 @@ class auth_admin extends auth
 		// Now, normally remove permissions...
 		if ($permission_type !== false)
 		{
-			$where_sql[] = 'auth_option_id IN (' . implode(', ', array_map('intval', $option_id_ary)) . ')';
+			$where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
 		}
 		$sql = "DELETE FROM $table
@ -1093,9 +1093,9 @@ class auth_admin extends auth
 		foreach ($category_array as $cat => $cat_array)
 		{
 			$template->assign_block_vars($tpl_cat, array(
-				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NO'] && !$cat_array['S_UNSET']) ? true : false,
+				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
-				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_YES'] && !$cat_array['S_UNSET']) ? true : false,
+				'S_NEVER'	=> ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
-				'S_UNSET'	=> ($cat_array['S_UNSET'] && !$cat_array['S_NO'] && !$cat_array['S_YES']) ? true : false,
+				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
 				'CAT_NAME'	=> $user->lang['permission_cat'][$cat])
 			);
@ -1104,8 +1104,8 @@ class auth_admin extends auth
 			{
 				$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
 					'S_YES'		=> ($allowed == ACL_YES) ? true : false,
 					'S_NEVER'	=> ($allowed == ACL_NEVER) ? true : false,
 					'S_NO'		=> ($allowed == ACL_NO) ? true : false,
 					'S_UNSET'	=> ($allowed == ACL_UNSET) ? true : false,
 					'UG_ID'			=> $ug_id,
 					'FORUM_ID'		=> $forum_id,
@ -1166,15 +1166,15 @@ class auth_admin extends auth
 				{
 					$content_array[$forum_id][$cat] = array(
 						'S_YES'			=> false,
 						'S_NEVER'		=> false,
 						'S_NO'			=> false,
 						'S_UNSET'		=> false,
 						'permissions'	=> array(),
 					);
 				}
 				$content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false;
 				$content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false;
 				$content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false;
 				$content_array[$forum_id][$cat]['S_UNSET'] |= ($auth_setting == ACL_UNSET) ? true : false;
 				$content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
 			}
@ -1211,7 +1211,7 @@ class auth_admin extends auth
 		{
 			if (strpos($opt, 'a_') === 0)
 			{
-				$hold_ary[0][$opt] = ACL_NO;
+				$hold_ary[0][$opt] = ACL_NEVER;
 			}
 		}
--- a/phpBB/includes/acp/info/acp_board.php
+++ b/phpBB/includes/acp/info/acp_board.php
@ -27,7 +27,6 @@ class acp_board_info
 				'post'			=> array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'signature'		=> array('title' => 'ACP_SIGNATURE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'registration'	=> array('title' => 'ACP_REGISTER_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'visual'		=> array('title' => 'ACP_VC_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'auth'		=> array('title' => 'ACP_AUTH_SETTINGS', 'auth' => 'acl_a_server', 'cat' => array('ACP_CLIENT_COMMUNICATION')),
 				'email'		=> array('title' => 'ACP_EMAIL_SETTINGS', 'auth' => 'acl_a_server', 'cat' => array('ACP_CLIENT_COMMUNICATION')),
--- a/phpBB/includes/acp/info/acp_captcha.php
+++ b/phpBB/includes/acp/info/acp_captcha.php
@ -0,0 +1,38 @@
 <?php
 /** 
 *
 * @package acp
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 
 *
 */
 /**
 * @package module_install
 */
 class acp_captcha_info
 {
 	function module()
 	{
 		return array(
 			'filename'	=> 'acp_captcha',
 			'title'		=> 'ACP_CAPTCHA',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
 				'visual'		=> array('title' => 'ACP_VC_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')),
 				'img'			=> array('title' => 'ACP_VC_CAPTCHA_DISPLAY', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION'), 'display' => false)
 			),
 		);
 	}
 	function install()
 	{
 	}
 	function uninstall()
 	{
 	}
 }
 ?>
--- a/phpBB/includes/acp/info/acp_permission_roles.php
+++ b/phpBB/includes/acp/info/acp_permission_roles.php
@ -20,10 +20,10 @@ class acp_permission_roles_info
 			'title'		=> 'ACP_PERMISSION_ROLES',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
-				'admin_roles'		=> array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'admin_roles'		=> array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles && acl_a_aauth', 'cat' => array('ACP_PERMISSION_ROLES')),
-				'user_roles'		=> array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'user_roles'		=> array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles && acl_a_uauth', 'cat' => array('ACP_PERMISSION_ROLES')),
-				'mod_roles'			=> array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'mod_roles'			=> array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles && acl_a_mauth', 'cat' => array('ACP_PERMISSION_ROLES')),
-				'forum_roles'		=> array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
+				'forum_roles'		=> array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles && acl_a_fauth', 'cat' => array('ACP_PERMISSION_ROLES')),
 			),
 		);
 	}
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@ -161,7 +161,7 @@ class auth
 				if (sizeof($this->acl))
 				{
-					$sql .= ' WHERE forum_id NOT IN (' . implode(', ', array_keys($this->acl)) . ')';
+					$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
 				}
 				$result = $db->sql_query($sql);
@ -378,14 +378,14 @@ class auth
 						// If one option is allowed, the global permission for this option has to be allowed too
 						// example: if the user has the a_ permission this means he has one or more a_* permissions
-						if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NO))
+						if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
 						{
 							$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
 						}
 					}
 					else
 					{
-						$bitstring[$id] = ACL_NO;
+						$bitstring[$id] = ACL_NEVER;
 					}
 				}
@ -418,7 +418,13 @@ class auth
 	{
 		global $db;
-		$where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
+		$where_sql = '';
 		if ($user_id !== false)
 		{
 			$user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id);
 			$where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id);
 		}
 		$sql = 'UPDATE ' . USERS_TABLE . "
 			SET user_permissions = '',
@ -440,8 +446,8 @@ class auth
 		$sql_id = ($user_type == 'user') ? 'user_id' : 'group_id';
-		$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : "AND a.$sql_id IN (" . implode(', ', $ug_id) . ')') : '';
+		$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 		// Grab assigned roles...
 		$sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id
@ -469,8 +475,8 @@ class auth
 	{
 		global $db;
-		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
+		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 		$sql_opts = '';
@ -482,14 +488,14 @@ class auth
 			}
 			else
 			{
-				$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
+				$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
 			}
 		}
 		$hold_ary = array();
 		// First grab user settings ... each user has only one setting for each
-		// option ... so we shouldn't need any ACL_NO checks ... he says ...
+		// option ... so we shouldn't need any ACL_NEVER checks ... he says ...
 		// Grab assigned roles...
 		$sql = $db->sql_build_query('SELECT', array(
 			'SELECT'	=> 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
@ -522,7 +528,7 @@ class auth
 		}
 		$db->sql_freeresult($result);
-		// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
+		// Now grab group settings ... ACL_NEVER overrides ACL_YES so act appropriatley
 		$sql = $db->sql_build_query('SELECT', array(
 			'SELECT'	=> 'ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
@ -552,13 +558,13 @@ class auth
 		while ($row = $db->sql_fetchrow($result))
 		{
-			if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
+			if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NEVER))
 			{
 				$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
 				$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
-				// Check for existence of ACL_YES if an option got set to NO
+				// Check for existence of ACL_YES if an option got set to ACL_NEVER
-				if ($setting == ACL_NO)
+				if ($setting == ACL_NEVER)
 				{
 					$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
@ -586,8 +592,8 @@ class auth
 	{
 		global $db;
-		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
+		$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 		$sql_opts = '';
@ -599,7 +605,7 @@ class auth
 			}
 			else
 			{
-				$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
+				$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
 			}
 		}
@ -647,8 +653,8 @@ class auth
 	{
 		global $db;
-		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : 'group_id IN (' . implode(', ', $group_id) . ')') : '';
+		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
-		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
 		if ($opts !== false)
 		{
@ -658,7 +664,7 @@ class auth
 			}
 			else
 			{
-				$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
+				$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
 			}
 		}
@ -707,9 +713,6 @@ class auth
 		global $config, $db, $user, $phpbb_root_path, $phpEx;
 		$method = trim(basename($config['auth_method']));
 		if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
 		{
 		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 		$method = 'login_' . $method;
@ -717,6 +720,40 @@ class auth
 		{
 			$login = $method($username, $password);
 			// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
 			if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)
 			{
 				// we are going to use the user_add function so include functions_user.php if it wasn't defined yet
 				if (!function_exists('user_add'))
 				{
 					include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 				}
 				user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false);
 				$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
 					FROM ' . USERS_TABLE . "
 					WHERE username = '" . $db->sql_escape($username) . "'";
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
 				if (!$row)
 				{
 					return array(
 						'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
 						'error_msg'		=> 'AUTH_NO_PROFILE_CREATED',
 						'user_row'		=> array('user_id' => ANONYMOUS),
 					);
 				}
 				$login = array(
 					'status'	=> LOGIN_SUCCESS,
 					'error_msg'	=> false,
 					'user_row'	=> $row,
 				);
 			}
 			// If login succeeded, we will log the user in... else we pass the login array through...
 			if ($login['status'] == LOGIN_SUCCESS)
 			{
@ -741,7 +778,6 @@ class auth
 			return $login;
 		}
 		}
 		trigger_error('Authentication method not found', E_USER_ERROR);
 	}
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@ -4,13 +4,6 @@
 *
 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 *
 * This is for initial authentication via Apaches basic realm authentication methods,
 * user data is then obtained from the integrated user table
 *
 * You can do any kind of checking you like here ... the return data format is
 * either the resulting row of user information, an integer zero (indicating an
 * inactive user) or some error string
 *
 * @package login
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
@ -18,6 +11,24 @@
 *
 */
 /**
 * Checks whether the user is identified to apache
 * Only allow changing authentication to apache if the user is identified
 * Called in acp_board while setting authentication plugins
 *
 * @return boolean|string false if the user is identified and else an error message
 */
 function init_apache()
 {
 	global $user;
 	if (!isset($_SERVER['PHP_AUTH_USER']) || $user->data['username'] !== $_SERVER['PHP_AUTH_USER'])
 	{
 		return $user->lang['APACHE_SETUP_BEFORE_USE'];
 	}
 	return false;
 }
 /**
 * Login function
 */
@ -25,11 +36,29 @@ function login_apache(&$username, &$password)
 {
 	global $db;
 	if (!isset($_SERVER['PHP_AUTH_USER']))
 	{
 		return array(
 			'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
 			'error_msg'		=> 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
 			'user_row'		=> array('user_id' => ANONYMOUS),
 		);
 	}
 	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
 	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
 		if ($php_auth_user !== $username)
 		{
 			return array(
 				'status'	=> LOGIN_ERROR_USERNAME,
 				'error_msg'	=> 'LOGIN_ERROR_USERNAME',
 				'user_row'	=> array('user_id' => ANONYMOUS),
 			);
 		}
 		$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type 
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@ -57,11 +86,11 @@ function login_apache(&$username, &$password)
 			);
 		}
-		// the user does not exist
+		// this is the user's first login so create an empty profile
 		return array(
-			'status'	=> LOGIN_ERROR_USERNAME,
+			'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
-			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
+			'error_msg'		=> false,
-			'user_row'	=> array('user_id' => ANONYMOUS),
+			'user_row'		=> user_row_apache($php_auth_user, $php_auth_pw),
 		);
 	}
@ -82,11 +111,19 @@ function autologin_apache()
 {
 	global $db;
 	if (!isset($_SERVER['PHP_AUTH_USER']))
 	{
 		return array();
 	}
 	$php_auth_user = $_SERVER['PHP_AUTH_USER'];
 	$php_auth_pw = $_SERVER['PHP_AUTH_PW'];
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
 		set_var($php_auth_user, $php_auth_user, 'string');
 		set_var($php_auth_pw, $php_auth_pw, 'string');
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@ -98,11 +135,57 @@ function autologin_apache()
 		{
 			return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
 		}
 		// create the user if he does not exist yet
 		user_add(user_row_apache($php_auth_user, $php_auth_pw));
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		if ($row)
 		{
 			return $row;
 		}
 	}
 	return array();
 }
 /**
 * This function generates an array which can be passed to the user_add function in order to create a user
 */
 function user_row_apache($username, $password)
 {
 	global $db, $config, $user;
 	// first retrieve default group id
 	$sql = 'SELECT group_id
 		FROM ' . GROUPS_TABLE . "
 		WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
 			AND group_type = " . GROUP_SPECIAL;
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 	if (!$row)
 	{
 		trigger_error('NO_GROUP');
 	}
 	// generate user account data
 	return array(
 		'username'		=> $username,
 		'user_password'	=> $password,
 		'user_email'	=> '',
 		'group_id'		=> (int) $row['group_id'],
 		'user_type'		=> USER_NORMAL,
 		'user_ip'		=> $user->ip,
 	);
 }
 /**
 * The session validation function checks whether the user is still logged in
 *
@ -110,7 +193,15 @@ function autologin_apache()
 */
 function validate_session_apache(&$user)
 {
-	return ($_SERVER['PHP_AUTH_USER'] === $user['username']) ? true : false;
+	if (!isset($_SERVER['PHP_AUTH_USER']))
 	{
 		return false;
 	}
 	$php_auth_user = '';
 	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
 	return ($php_auth_user === $user['username']) ? true : false;
 }
 ?>
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@ -6,10 +6,6 @@
 *
 * This is for authentication via the integrated user table
 *
 * You can do any kind of checking you like here ... the return data format is
 * either the resulting row of user information, an integer zero (indicating an
 * inactive user) or some error string
 *
 * @package login
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@ -5,13 +5,6 @@
 *
 * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
 *
 * This is for initial authentication via an LDAP server, user information is then
 * obtained from the integrated user table
 *
 * You can do any kind of checking you like here ... the return data format is
 * either the resulting row of user information, an integer zero (indicating an
 * inactive user) or some error string
 *
 * @package login
 * @version $Id$
 * @copyright (c) 2005 phpBB Group 
@ -39,9 +32,17 @@ function init_ldap()
 	}
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 	// ldap_connect only checks whether the specified server is valid, so the connection might still fail
-	$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $user->data['username'], array($config['ldap_uid']));
+	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
 		'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($user->data['username'])) . ')',
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
 	);
 	if ($search === false)
 	{
@ -52,12 +53,18 @@ function init_ldap()
 	@ldap_close($ldap);
-	if (is_array($result) && sizeof($result) > 1)
+
 	if (!is_array($result) || sizeof($result) < 2)
 	{
-		return false;
+		return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
 	}
-	return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
+	if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
 	{
 		return $user->lang['LDAP_NO_EMAIL'];
 	}
 	return false;
 }
 /**
@ -65,7 +72,7 @@ function init_ldap()
 */
 function login_ldap(&$username, &$password)
 {
-	global $db, $config;
+	global $db, $config, $user;
 	if (!@extension_loaded('ldap'))
 	{
@ -86,13 +93,22 @@ function login_ldap(&$username, &$password)
 	}
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
-	$search = @ldap_search($ldap, $config['ldap_base_dn'], $config['ldap_uid'] . '=' . $username, array($config['ldap_uid']));
+	$search = @ldap_search(
-	$result = @ldap_get_entries($ldap, $search);
+		$ldap,
 		$config['ldap_base_dn'],
 		'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($username)) . ')',
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
 	);
-	if (is_array($result) && sizeof($result) > 1)
+	$ldap_result = @ldap_get_entries($ldap, $search);
 	if (is_array($ldap_result) && sizeof($ldap_result) > 1)
 	{
-		if (@ldap_bind($ldap, $result[0]['dn'], $password))
+		if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password)))
 		{
 			@ldap_close($ldap);
@ -105,6 +121,8 @@ function login_ldap(&$username, &$password)
 			if ($row)
 			{
 				unset($ldap_result);
 				// User inactive...
 				if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
 				{
@ -122,9 +140,45 @@ function login_ldap(&$username, &$password)
 					'user_row'		=> $row,
 				);
 			}
 			else
 			{
 				// retrieve default group id
 				$sql = 'SELECT group_id
 					FROM ' . GROUPS_TABLE . "
 					WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
 						AND group_type = " . GROUP_SPECIAL;
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
 				if (!$row)
 				{
 					trigger_error('NO_GROUP');
 				}
 				// generate user account data
 				$ldap_user_row = array(
 					'username'		=> $username,
 					'user_password'	=> $password,
 					'user_email'	=> (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
 					'group_id'		=> (int) $row['group_id'],
 					'user_type'		=> USER_NORMAL,
 					'user_ip'		=> $user->ip,
 				);
 				unset($ldap_result);
 				// this is the user's first login so create an empty profile
 				return array(
 					'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
 					'error_msg'		=> false,
 					'user_row'		=> $ldap_user_row,
 				);
 			}
 		}
 		else
 		{
 			unset($ldap_result);
 			@ldap_close($ldap);
 			// Give status about wrong password...
@ -145,18 +199,22 @@ function login_ldap(&$username, &$password)
 	);
 }
 /**
 * Escapes an LDAP AttributeValue
 */
 function ldap_escape($string)
 {
 	return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
 }
 /**
 * This function is used to output any required fields in the authentication
 * admin panel. It also defines any required configuration table fields.
 */
-function admin_ldap(&$new)
+function acp_ldap(&$new)
 {
 	global $user;
 	/**
 	* @todo Using same approach as with cfg_build_template?
 	*/
 	$tpl = '
 	<dl>
@ -171,27 +229,17 @@ function admin_ldap(&$new)
 		<dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_uid">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
 	</dl>
 	';
 	// These are fields required in the config table
 	return array(
 		'tpl'		=> $tpl,
-		'config'	=> array('ldap_server', 'ldap_base_dn', 'ldap_uid')
+		'config'	=> array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
 	);
 }
 /**
 * Would be nice to allow syncing of 'appropriate' data when user updates
 * their username, password, etc. ... should be up to the plugin what data
 * is updated.
 *
 * @todo implement this functionality (probably 3.2)
 *
 * @param new|update|delete $mode defining the action to take on user updates
 */
 function usercp_ldap($mode)
 {
 	global $db, $config;
 }
 ?>
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@ -15,7 +15,7 @@
 class bbcode
 {
 	var $bbcode_uid = '';
-	var $bbcode_bitfield = 0;
+	var $bbcode_bitfield = '';
 	var $bbcode_cache = array();
 	var $bbcode_template = array();
@ -28,7 +28,7 @@ class bbcode
 	* Constructor
 	* Init bbcode cache entries if bitfield is specified
 	*/
-	function bbcode($bitfield = 0)
+	function bbcode($bitfield = '')
 	{
 		if ($bitfield)
 		{
@ -69,10 +69,10 @@ class bbcode
 		$str = array('search' => array(), 'replace' => array());
 		$preg = array('search' => array(), 'replace' => array());
-		$bitlen = strlen(decbin($this->bbcode_bitfield));
+		$bitfield = new bitfield($this->bbcode_bitfield);
-		for ($bbcode_id = 0; $bbcode_id < $bitlen; ++$bbcode_id)
+		$bbcodes_set = $bitfield->get_all_set();
-		{
+
-			if ($this->bbcode_bitfield & (1 << $bbcode_id))
+		foreach ($bbcodes_set as $bbcode_id)
 		{
 			if (!empty($this->bbcode_cache[$bbcode_id]))
 			{
@ -98,7 +98,6 @@ class bbcode
 				}
 			}
 		}
 		}
 		// Remove the uid from tags that have not been transformed into HTML
 		$message = str_replace(':' . $this->bbcode_uid, '', $message);
@ -125,13 +124,14 @@ class bbcode
 			}
 		}
-		$sql = '';
+		$bbcode_ids = $rowset = $sql = array();
 		$bbcode_ids = $rowset = array();
 		$bitlen = strlen(decbin($this->bbcode_bitfield));
-		for ($bbcode_id = 0; $bbcode_id < $bitlen; ++$bbcode_id)
+		$bitfield = new bitfield($this->bbcode_bitfield);
 		$bbcodes_set = $bitfield->get_all_set();
 		foreach ($bbcodes_set as $bbcode_id)
 		{
-			if (isset($this->bbcode_cache[$bbcode_id]) || !($this->bbcode_bitfield & (1 << $bbcode_id)))
+			if (isset($this->bbcode_cache[$bbcode_id]))
 			{
 				// do not try to re-cache it if it's already in
 				continue;
@ -140,18 +140,18 @@ class bbcode
 			if ($bbcode_id > NUM_CORE_BBCODES)
 			{
-				$sql .= (($sql) ? ',' : '') . $bbcode_id;
+				$sql[] = $bbcode_id;
 			}
 		}
-		if ($sql)
+		if (sizeof($sql))
 		{
 			global $db;
 			$sql = 'SELECT *
-				FROM ' . BBCODES_TABLE . "
+				FROM ' . BBCODES_TABLE . '
-				WHERE bbcode_id IN ($sql)";
+				WHERE ' . $db->sql_in_set('bbcode_id', $sql);
-			$result = $db->sql_query($sql);
+			$result = $db->sql_query($sql, 3600);
 			while ($row = $db->sql_fetchrow($result))
 			{
@ -232,7 +232,7 @@ class bbcode
 				case 6:
 					$this->bbcode_cache[$bbcode_id] = array(
 						'preg' => array(
-							'!\[color=(#[0-9A-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s'	=> $this->bbcode_tpl('color', $bbcode_id),
+							'!\[color=(#[0-9a-fA-F]{6}|[a-z\-]+):$uid\](.*?)\[/color:$uid\]!s'	=> $this->bbcode_tpl('color', $bbcode_id),
 						)
 					);
 				break;
@ -312,9 +312,13 @@ class bbcode
 				break;
 				default:
 					if (!isset($template_bitfield))
 					{
 						$template_bitfield = new bitfield($this->template_bitfield);
 					}
 					if (isset($rowset[$bbcode_id]))
 					{
-						if ($this->template_bitfield & (1 << $bbcode_id))
+						if ($template_bitfield->get($bbcode_id))
 						{
 							// The bbcode requires a custom template to be loaded
 							if (!$bbcode_tpl = $this->bbcode_tpl($rowset[$bbcode_id]['bbcode_tag'], $bbcode_id))
@ -390,9 +394,10 @@ class bbcode
 				'color'		=> '<span style="color: $1">$2</span>',
 				'email'		=> '<a href="mailto:$1">$2</a>'
 			);
 			$template_bitfield = new bitfield($this->template_bitfield);
 		}
-		if ($bbcode_id != -1 && !($this->template_bitfield & (1 << $bbcode_id)))
+		if ($bbcode_id != -1 && !$template_bitfield->get($bbcode_id))
 		{
 			return (isset($bbcode_hardtpl[$tpl_name])) ? $bbcode_hardtpl[$tpl_name] : false;
 		}
@ -561,7 +566,7 @@ class bbcode
 				$code = str_replace('  ', ' &nbsp;', $code);
 				// remove newline at the beginning
-				if ($code{0} == "\n")
+				if (!empty($code) && $code{0} == "\n")
 				{
 					$code = substr($code, 1);
 				}
--- a/phpBB/includes/captcha/captcha_gd.php
+++ b/phpBB/includes/captcha/captcha_gd.php
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@ -31,14 +31,15 @@ define('USER_FOUNDER', 3);
 //define('USER_GUEST', 4);
 // ACL
-define('ACL_NO', 0);
+define('ACL_NEVER', 0);
 define('ACL_YES', 1);
-define('ACL_UNSET', -1);
+define('ACL_NO', -1);
 // Login error codes
 define('LOGIN_CONTINUE', 1);
 define('LOGIN_BREAK', 2);
 define('LOGIN_SUCCESS', 3);
 define('LOGIN_SUCCESS_CREATE_PROFILE', 20);
 define('LOGIN_ERROR_USERNAME', 10);
 define('LOGIN_ERROR_PASSWORD', 11);
 define('LOGIN_ERROR_ACTIVE', 12);
@ -135,8 +136,8 @@ define('FIELD_DATE', 6);
 // Table names
 define('ACL_GROUPS_TABLE',			$table_prefix . 'acl_groups');
 define('ACL_OPTIONS_TABLE',			$table_prefix . 'acl_options');
 define('ACL_ROLES_TABLE',			$table_prefix . 'acl_roles');
 define('ACL_ROLES_DATA_TABLE',		$table_prefix . 'acl_roles_data');
 define('ACL_ROLES_TABLE',			$table_prefix . 'acl_roles');
 define('ACL_USERS_TABLE',			$table_prefix . 'acl_users');
 define('ATTACHMENTS_TABLE',			$table_prefix . 'attachments');
 define('BANLIST_TABLE',				$table_prefix . 'banlist');
@ -145,10 +146,6 @@ define('BOOKMARKS_TABLE',			$table_prefix . 'bookmarks');
 define('BOTS_TABLE',				$table_prefix . 'bots');
 define('CONFIG_TABLE',				$table_prefix . 'config');
 define('CONFIRM_TABLE',				$table_prefix . 'confirm');
 define('PROFILE_FIELDS_TABLE',		$table_prefix . 'profile_fields');
 define('PROFILE_LANG_TABLE',		$table_prefix . 'profile_lang');
 define('PROFILE_FIELDS_DATA_TABLE',	$table_prefix . 'profile_fields_data');
 define('PROFILE_FIELDS_LANG_TABLE',	$table_prefix . 'profile_fields_lang');
 define('DISALLOW_TABLE',			$table_prefix . 'disallow');
 define('DRAFTS_TABLE',				$table_prefix . 'drafts');
 define('EXTENSIONS_TABLE',			$table_prefix . 'extensions');
@ -163,11 +160,17 @@ define('LANG_TABLE',				$table_prefix . 'lang');
 define('LOG_TABLE',					$table_prefix . 'log');
 define('MODERATOR_CACHE_TABLE',		$table_prefix . 'moderator_cache');
 define('MODULES_TABLE',				$table_prefix . 'modules');
 define('POLL_OPTIONS_TABLE',		$table_prefix . 'poll_options');
 define('POLL_VOTES_TABLE',			$table_prefix . 'poll_votes');
 define('POSTS_TABLE',				$table_prefix . 'posts');
 define('PRIVMSGS_TABLE',			$table_prefix . 'privmsgs');
 define('PRIVMSGS_TO_TABLE',			$table_prefix . 'privmsgs_to');
 define('PRIVMSGS_FOLDER_TABLE',		$table_prefix . 'privmsgs_folder');
 define('PRIVMSGS_RULES_TABLE',		$table_prefix . 'privmsgs_rules');
 define('PRIVMSGS_TO_TABLE',			$table_prefix . 'privmsgs_to');
 define('PROFILE_FIELDS_TABLE',		$table_prefix . 'profile_fields');
 define('PROFILE_FIELDS_DATA_TABLE',	$table_prefix . 'profile_fields_data');
 define('PROFILE_FIELDS_LANG_TABLE',	$table_prefix . 'profile_fields_lang');
 define('PROFILE_LANG_TABLE',		$table_prefix . 'profile_lang');
 define('RANKS_TABLE',				$table_prefix . 'ranks');
 define('RATINGS_TABLE',				$table_prefix . 'ratings');
 define('REPORTS_TABLE',				$table_prefix . 'reports');
@ -186,15 +189,13 @@ define('STYLES_THEME_TABLE',		$table_prefix . 'styles_theme');
 define('STYLES_IMAGESET_TABLE',		$table_prefix . 'styles_imageset');
 define('TOPICS_TABLE',				$table_prefix . 'topics');
 define('TOPICS_POSTED_TABLE',		$table_prefix . 'topics_posted');
 define('TOPICS_WATCH_TABLE',		$table_prefix . 'topics_watch');
 define('TOPICS_TRACK_TABLE',		$table_prefix . 'topics_track');
 define('TOPICS_WATCH_TABLE',		$table_prefix . 'topics_watch');
 define('USER_GROUP_TABLE',			$table_prefix . 'user_group');
 define('USERS_TABLE',				$table_prefix . 'users');
 define('USERS_NOTES_TABLE',			$table_prefix . 'users_notes');
 define('WARNINGS_TABLE',			$table_prefix . 'warnings');
 define('WORDS_TABLE',				$table_prefix . 'words');
 define('POLL_OPTIONS_TABLE',		$table_prefix . 'poll_options');
 define('POLL_VOTES_TABLE',			$table_prefix . 'poll_votes');
 define('ZEBRA_TABLE',				$table_prefix . 'zebra');
 // Additional tables
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@ -177,8 +177,6 @@ class dbal
 	* Idea for this from Ikonboard
 	* Possible query values: INSERT, INSERT_SELECT, MULTI_INSERT, UPDATE, SELECT
 	*
 	* If a key is 'module_name' and firebird used it gets adjusted to '"module_name"'
 	* on INSERT, INSERT_SELECT, UPDATE and SELECT
 	*/
 	function sql_build_array($query, $assoc_ary = false)
 	{
@ -193,24 +191,16 @@ class dbal
 		{
 			foreach ($assoc_ary as $key => $var)
 			{
-				$fields[] = ($key == 'module_name' && SQL_LAYER == 'firebird') ? '"' . $key . '"' : $key;
+				$fields[] = $key;
-				if (is_null($var))
+				if (is_array($var) && is_string($var[0]))
 				{
 					$values[] = 'NULL';
 				}
 				else if (is_string($var))
 				{
 					$values[] = "'" . $this->sql_escape($var) . "'";
 				}
 				else if (is_array($var) && is_string($var[0]))
 				{
 					// This is used for INSERT_SELECT(s)
 					$values[] = $var[0];
 				}
 				else
 				{
-					$values[] = (is_bool($var)) ? intval($var) : $var;
+					$values[] = $this->_sql_validate_value($var);
 				}
 			}
@ -224,18 +214,7 @@ class dbal
 				$values = array();
 				foreach ($sql_ary as $key => $var)
 				{
-					if (is_null($var))
+					$values[] = $this->_sql_validate_value($var);
 					{
 						$values[] = 'NULL';
 					}
 					else if (is_string($var))
 					{
 						$values[] = "'" . $this->sql_escape($var) . "'";
 					}
 					else
 					{
 						$values[] = (is_bool($var)) ? intval($var) : $var;
 					}
 				}
 				$ary[] = '(' . implode(', ', $values) . ')';
 			}
@ -247,20 +226,7 @@ class dbal
 			$values = array();
 			foreach ($assoc_ary as $key => $var)
 			{
-				$key = ($key == 'module_name' && SQL_LAYER == 'firebird') ? '"' . $key . '"' : $key;
+				$values[] = "$key = " . $this->_sql_validate_value($var);
 				if (is_null($var))
 				{
 					$values[] = "$key = NULL";
 				}
 				else if (is_string($var))
 				{
 					$values[] = "$key = '" . $this->sql_escape($var) . "'";
 				}
 				else
 				{
 					$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
 				}
 			}
 			$query = implode(($query == 'UPDATE') ? ', ' : ' AND ', $values);
 		}
@ -268,6 +234,49 @@ class dbal
 		return $query;
 	}
 	function sql_in_set($field, $array, $negate = false)
 	{
 		if (!sizeof($array))
 		{
 			trigger_error('No values specified for SQL IN comparison', E_USER_ERROR);
 		}
 		$values = array();
 		foreach ($array as $var)
 		{
 			$values[] = $this->_sql_validate_value($var);
 		}
 		if (sizeof($values) == 1)
 		{
 			return $field . ($negate ? ' <> ' : ' = ') . $values[0];
 		}
 		else
 		{
 			return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(', ', $values) . ')';
 		}
 	}
 	/**
 	* Function for validating values
 	* @access private
 	*/
 	function _sql_validate_value($var)
 	{
 		if (is_null($var))
 		{
 			return 'NULL';
 		}
 		else if (is_string($var))
 		{
 			return "'" . $this->sql_escape($var) . "'";
 		}
 		else
 		{
 			return (is_bool($var)) ? intval($var) : $var;
 		}
 	}
 	/**
 	* Build sql statement from array for select and select distinct statements
 	*
@ -285,9 +294,19 @@ class dbal
 				$table_array = array();
 				foreach ($array['FROM'] as $table_name => $alias)
 				{
 					if (is_array($alias))
 					{
 						foreach ($alias as $multi_alias)
 						{
 							$table_array[] = $table_name . ' ' . $multi_alias;
 						}
 					}
 					else
 					{
 						$table_array[] = $table_name . ' ' . $alias;
 					}
 				}
 				$sql .= $this->_sql_custom_build('FROM', implode(', ', $table_array));
@ -355,7 +374,7 @@ class dbal
 				// This could happen if the connection could not be established for example (then we are not able to grab the default language)
 				if (!isset($user->lang['SQL_ERROR_OCCURRED']))
 				{
-					$message .= '<br /><br />An sql error occurred while fetching this page. Please contact an administrator if this problem persist.';
+					$message .= '<br /><br />An sql error occurred while fetching this page. Please contact an administrator if this problem persists.';
 				}
 				else
 				{
--- a/phpBB/includes/db/firebird.php
+++ b/phpBB/includes/db/firebird.php
@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'firebird');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * Firebird/Interbase Database Abstraction Layer
@ -32,6 +32,7 @@ if (!defined('SQL_LAYER'))
 class dbal_firebird extends dbal
 {
 	var $last_query_text = '';
 	var $service_handle = false;
 	/**
 	* Connect to server
@ -45,9 +46,24 @@ class dbal_firebird extends dbal
 		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3);
 		$this->service_handle = (function_exists('ibase_service_attach')) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		if ($this->service_handle !== false && function_exists('ibase_server_info'))
 		{
 			return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION);
 		}
 		return 'Firebird/Interbase';
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -74,6 +90,12 @@ class dbal_firebird extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -93,9 +115,16 @@ class dbal_firebird extends dbal
 				}
 				if (!$this->transaction)
 				{
 					if (function_exists('ibase_commit_ret'))
 					{
 						@ibase_commit_ret();
 					}
 					else
 					{
 						@ibase_commit();
 					}
 				}
 				if ($cache_ttl && method_exists($cache, 'sql_save'))
 				{
@ -141,6 +170,18 @@ class dbal_firebird extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return false;
 	}
@ -199,6 +240,8 @@ class dbal_firebird extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -211,6 +254,11 @@ class dbal_firebird extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 			if (isset($cache->sql_rowset[$query_id]))
 			{
 				return $cache->sql_fetchfield($query_id, $field);
 			}
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@ -224,11 +272,18 @@ class dbal_firebird extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		// We do not fetch the row for rownum == 0 because then the next resultset would be the second row
 		for ($i = 0; $i < $rownum; $i++)
 		{
@ -274,11 +329,18 @@ class dbal_firebird extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);
@ -323,6 +385,11 @@ class dbal_firebird extends dbal
 	*/
 	function _sql_close()
 	{
 		if ($this->service_handle !== false)
 		{
 			@ibase_service_detach($this->service_handle);
 		}
 		return @ibase_close($this->db_connect_id);
 	}
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'mssql');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * MSSQL Database Abstraction Layer
@ -55,6 +55,28 @@ class dbal_mssql extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
 		$row = false;
 		if ($result_id)
 		{
 			$row = @mssql_fetch_assoc($result_id);
 			@mssql_free_result($result_id);
 		}
 		if ($row)
 		{
 			return 'MSSQL<br />' . implode(' ', $row);
 		}
 		return 'MSSQL';
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -81,6 +103,12 @@ class dbal_mssql extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -181,11 +209,18 @@ class dbal_mssql extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return ($query_id) ? @mssql_num_rows($query_id) : false;
 	}
@ -234,6 +269,8 @@ class dbal_mssql extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -246,6 +283,11 @@ class dbal_mssql extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 			if (isset($cache->sql_rowset[$query_id]))
 			{
 				return $cache->sql_fetchfield($query_id, $field);
 			}
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@ -259,11 +301,18 @@ class dbal_mssql extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		return ($query_id) ? @mssql_data_seek($query_id, $rownum) : false;
 	}
@ -291,11 +340,18 @@ class dbal_mssql extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		if (isset($this->open_queries[$query_id]))
 		{
 			unset($this->open_queries[$query_id]);
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'mssql_odbc');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * Unified ODBC functions
@ -49,6 +49,28 @@ class dbal_mssql_odbc extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
 		$row = false;
 		if ($result_id)
 		{
 			$row = @odbc_fetch_array($result_id);
 			@odbc_free_result($result_id);
 		}
 		if ($row)
 		{
 			return 'MSSQL (ODBC)<br />' . implode(' ', $row);
 		}
 		return 'MSSQL (ODBC)';
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -79,6 +101,12 @@ class dbal_mssql_odbc extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -183,11 +211,18 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return ($query_id) ? @odbc_num_rows($query_id) : false;
 	}
@ -225,6 +260,8 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -237,6 +274,11 @@ class dbal_mssql_odbc extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 			if (isset($cache->sql_rowset[$query_id]))
 			{
 				return $cache->sql_fetchfield($query_id, $field);
 			}
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@ -250,11 +292,18 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		$this->sql_freeresult($query_id);
 		$query_id = $this->sql_query($this->last_query_text);
@ -301,11 +350,18 @@ class dbal_mssql_odbc extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);
--- a/phpBB/includes/db/mysql.php
+++ b/phpBB/includes/db/mysql.php
@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'mysql');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * MySQL Database Abstraction Layer
@ -55,6 +55,14 @@ class dbal_mysql extends dbal
 		return $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		return 'MySQL ' . @mysql_get_server_info($this->db_connect_id);
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -81,6 +89,12 @@ class dbal_mysql extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -163,11 +177,18 @@ class dbal_mysql extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return ($query_id) ? @mysql_num_rows($query_id) : false;
 	}
@ -205,6 +226,8 @@ class dbal_mysql extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -214,11 +237,22 @@ class dbal_mysql extends dbal
 		{
 			if ($rownum === false)
 			{
 				if (isset($cache->sql_rowset[$query_id]))
 				{
 					return $cache->sql_fetchfield($query_id, $field);
 				}
 				$row = $this->sql_fetchrow($query_id);
 				return isset($row[$field]) ? $row[$field] : false;
 			}
 			else
 			{
 				if (isset($cache->sql_rowset[$query_id]))
 				{
 					$cache->sql_rowseek($query_id, $rownum);
 					return $cache->sql_fetchfield($query_id, $field);
 				}
 				return @mysql_result($query_id, $rownum, $field);
 			}
 		}
@ -232,11 +266,18 @@ class dbal_mysql extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		return ($query_id) ? @mysql_data_seek($query_id, $rownum) : false;
 	}
@ -253,11 +294,18 @@ class dbal_mysql extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);
--- a/phpBB/includes/db/mysql4.php
+++ b/phpBB/includes/db/mysql4.php
@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'mysql4');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * MySQL4 Database Abstraction Layer
@ -57,6 +57,14 @@ class dbal_mysql4 extends dbal
 		return $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		return 'MySQL ' . @mysql_get_server_info($this->db_connect_id);
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -83,6 +91,12 @@ class dbal_mysql4 extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -166,11 +180,18 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return ($query_id) ? @mysql_num_rows($query_id) : false;
 	}
@ -208,6 +229,8 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -217,11 +240,22 @@ class dbal_mysql4 extends dbal
 		{
 			if ($rownum === false)
 			{
 				if (isset($cache->sql_rowset[$query_id]))
 				{
 					return $cache->sql_fetchfield($query_id, $field);
 				}
 				$row = $this->sql_fetchrow($query_id);
 				return isset($row[$field]) ? $row[$field] : false;
 			}
 			else
 			{
 				if (isset($cache->sql_rowset[$query_id]))
 				{
 					$cache->sql_rowseek($query_id, $rownum);
 					return $cache->sql_fetchfield($query_id, $field);
 				}
 				return @mysql_result($query_id, $rownum, $field);
 			}
 		}
@ -235,11 +269,18 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		return ($query_id) ? @mysql_data_seek($query_id, $rownum) : false;
 	}
@ -256,11 +297,18 @@ class dbal_mysql4 extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);
--- a/phpBB/includes/db/mysqli.php
+++ b/phpBB/includes/db/mysqli.php
@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'mysqli');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * MySQLi Database Abstraction Layer
@ -57,6 +57,14 @@ class dbal_mysqli extends dbal
 		return $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		return 'MySQL(i) ' . @mysqli_get_server_info($this->db_connect_id);
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -87,6 +95,12 @@ class dbal_mysqli extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -165,11 +179,18 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return ($query_id) ? @mysqli_num_rows($query_id) : false;
 	}
@ -207,6 +228,8 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -219,6 +242,11 @@ class dbal_mysqli extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 			if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
 			{
 				return $cache->sql_fetchfield($query_id, $field);
 			}
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@ -232,11 +260,18 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		return ($query_id) ? @mysqli_data_seek($query_id, $rownum) : false;
 	}
@ -253,18 +288,19 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
-		// Make sure it is not a cached query
+		if (!is_object($query_id) && isset($cache->sql_rowset[$query_id]))
 		if (is_object($this->query_result))
 		{
-			return @mysqli_free_result($query_id);
+			return $cache->sql_freeresult($query_id);
 		}
-		return false;
+		return @mysqli_free_result($query_id);
 	}
 	/**
--- a/phpBB/includes/db/oracle.php
+++ b/phpBB/includes/db/oracle.php
@ -22,7 +22,7 @@ if(!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'oracle');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * Oracle Database Abstraction Layer
@ -47,6 +47,14 @@ class dbal_oracle extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		return 'Oracle ' . @ociserverversion($this->db_connect_id);
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -73,6 +81,12 @@ class dbal_oracle extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -155,6 +169,52 @@ class dbal_oracle extends dbal
 		{
 			$this->query_result = false; 
 			// Any implicit columns exist?
 			if (strpos($query, '.*') !== false)
 			{
 				// This sucker does a few things for us. It grabs all the explicitly named columns and what tables are being used
 				preg_match('/SELECT (?:DISTINCT )?(.*?)FROM(.*?)(?:WHERE|(ORDER|GROUP) BY|$)/s', $query, $tables);
 				// The prefixes of the explicit columns don't matter, they simply get in the way
 				preg_match_all('/\.(\w+)/', trim($tables[1]), $columns);
 				// Flip lets us do an easy isset() call
 				$columns = array_flip($columns[1]);
 				$table_data = trim($tables[2]);
 				// Grab the implicitly named columns, they need expanding...
 				preg_match_all('/(\w)\.\*/', $query, $info);
 				$cols = array();
 				foreach ($info[1] as $table_alias)
 				{
 					// We need to get the name of the aliased table
 					preg_match('/(\w+) ' . $table_alias . '/', $table_data, $table_name);
 					$table_name = $table_name[1];
 					$sql  = "SELECT column_name
 						FROM all_tab_cols
 						WHERE table_name = '" . strtoupper($table_name) . "'";
 					$result = $this->sql_query($sql);
 					while ($row = $this->sql_fetchrow($result))
 					{
 						if (!isset($columns[strtolower($row['column_name'])]))
 						{
 							$cols[] = $table_alias . '.' . strtolower($row['column_name']);
 						}
 					}
 					$this->sql_freeresult($result);
 					// Remove the implicity .* with it's full expansion
 					$query = str_replace($table_alias . '.*', implode(', ', $cols), $query);
 					unset($cols);
 				}
 			}
 			$query = 'SELECT * FROM (SELECT /*+ FIRST_ROWS */ rownum AS xrownum, a.* FROM (' . $query . ') a WHERE rownum <= ' . ($offset + $total) . ') WHERE xrownum >= ' . $offset;
 			return $this->sql_query($query, $cache_ttl); 
@ -171,11 +231,18 @@ class dbal_oracle extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		$result = @ocifetchstatement($query_id, $this->rowset);
 		// OCIFetchStatment kills our query result so we have to execute the statment again
@ -224,7 +291,7 @@ class dbal_oracle extends dbal
 			// OCI->CLOB?
 			if (is_object($value))
 			{
-				$value = ($value->size()) ? $value->read($value->size()) : '';
+				$value = $value->load();
 			}
 			$result_row[strtolower($key)] = $value;
@ -239,6 +306,8 @@ class dbal_oracle extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -251,6 +320,11 @@ class dbal_oracle extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 			if (isset($cache->sql_rowset[$query_id]))
 			{
 				return $cache->sql_fetchfield($query_id, $field);
 			}
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@ -264,11 +338,18 @@ class dbal_oracle extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		if (!$query_id)
 		{
 			return false;
@ -326,11 +407,18 @@ class dbal_oracle extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);
--- a/phpBB/includes/db/postgres.php
+++ b/phpBB/includes/db/postgres.php
@ -22,7 +22,7 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'postgres');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * PostgreSQL Database Abstraction Layer
@ -84,6 +84,25 @@ class dbal_postgres extends dbal
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		if (version_compare(phpversion(), '5.0.0', '>='))
 		{
 			$version = @pg_version($this->db_connect_id);
 			return 'PostgreSQL' . ((!empty($version)) ? ' ' . $version['client'] : '');
 		}
 		else
 		{
 			$query_id = @pg_query($this->db_connect_id, 'select version()');
 			$row = @pg_fetch_assoc($query_id, null);
 			$version = $row['version'];
 			return ((!empty($version)) ? ' ' . $version : '');
 		}
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -110,6 +129,12 @@ class dbal_postgres extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -202,11 +227,18 @@ class dbal_postgres extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return ($query_id) ? @pg_num_rows($query_id) : false;
 	}
@ -235,7 +267,16 @@ class dbal_postgres extends dbal
 			return $cache->sql_fetchrow($query_id);
 		}
-		return ($query_id) ? @pg_fetch_assoc($query_id, NULL) : false;
+		$row = @pg_fetch_assoc($query_id, null);
 		if ($row)
 		{
 			foreach ($row as $key => $value)
 			{
 				$row[$key] = (strpos($key, 'bitfield') === false) ? $value : pg_unescape_bytea($value);
 			}
 		}
 		return ($query_id) ? $row : false;
 	}
 	/**
@ -244,6 +285,8 @@ class dbal_postgres extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -256,6 +299,11 @@ class dbal_postgres extends dbal
 				$this->sql_rowseek($rownum, $query_id);
 			}
 			if (isset($cache->sql_rowset[$query_id]))
 			{
 				return $cache->sql_fetchfield($query_id, $field);
 			}
 			$row = $this->sql_fetchrow($query_id);
 			return isset($row[$field]) ? $row[$field] : false;
 		}
@ -269,11 +317,18 @@ class dbal_postgres extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		return ($query_id) ? @pg_result_seek($query_id, $rownum) : false;
 	}
@ -311,11 +366,18 @@ class dbal_postgres extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		if (isset($this->open_queries[(int) $query_id]))
 		{
 			unset($this->open_queries[(int) $query_id]);
--- a/phpBB/includes/db/sqlite.php
+++ b/phpBB/includes/db/sqlite.php
@ -22,10 +22,11 @@ if (!defined('SQL_LAYER'))
 {
 	define('SQL_LAYER', 'sqlite');
-	include($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
+	include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 /**
 * Sqlite Database Abstraction Layer
 * Minimum Requirement: 2.8.2+
 * @package dbal
 */
 class dbal_sqlite extends dbal
@ -48,9 +49,18 @@ class dbal_sqlite extends dbal
 			@sqlite_query('PRAGMA short_column_names = 1', $this->db_connect_id);
 		}
 		return ($this->db_connect_id) ? true : array('message' => $error);
 	}
 	/**
 	* Version information about used database
 	*/
 	function sql_server_info()
 	{
 		return 'SQLite ' . @sqlite_libversion();
 	}
 	/**
 	* SQL Transaction
 	* @access: private
@ -77,6 +87,12 @@ class dbal_sqlite extends dbal
 	/**
 	* Base query method
 	*
 	* @param	string	$query		Contains the SQL query which shall be executed
 	* @param	int		$cache_ttl	Either 0 to avoid caching or the time in seconds which the result shall be kept in cache
 	* @return	mixed				When casted to bool the returned value returns true on success and false on failure
 	*
 	* @access	public
 	*/
 	function sql_query($query = '', $cache_ttl = 0)
 	{
@ -159,11 +175,18 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_numrows($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_numrows($query_id);
 		}
 		return ($query_id) ? @sqlite_num_rows($query_id) : false;
 	}
@ -192,7 +215,9 @@ class dbal_sqlite extends dbal
 			return $cache->sql_fetchrow($query_id);
 		}
-		return ($query_id) ? @sqlite_fetch_array($query_id, SQLITE_ASSOC) : false;
+		$row = @sqlite_fetch_array($query_id, SQLITE_ASSOC);
 		return $row;
 	}
 	/**
@ -201,6 +226,8 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_fetchfield($field, $rownum = false, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
@ -208,15 +235,17 @@ class dbal_sqlite extends dbal
 		if ($query_id)
 		{
-			if ($rownum === false)
+			if ($rownum !== false)
 			{
 				return @sqlite_column($query_id, $field);
 			}
 			else
 			{
 				$this->sql_rowseek($rownum, $query_id);
 				return @sqlite_column($query_id, $field);
 			}
 			if (isset($cache->sql_rowset[$query_id]))
 			{
 				return $cache->sql_fetchfield($query_id, $field);
 			}
 			return @sqlite_column($query_id, $field);
 		}
 		return false;
@ -228,11 +257,18 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_rowseek($rownum, $query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_rowseek($query_id, $rownum);
 		}
 		return ($query_id) ? @sqlite_seek($query_id, $rownum) : false;
 	}
@ -249,6 +285,18 @@ class dbal_sqlite extends dbal
 	*/
 	function sql_freeresult($query_id = false)
 	{
 		global $cache;
 		if (!$query_id)
 		{
 			$query_id = $this->query_result;
 		}
 		if (isset($cache->sql_rowset[$query_id]))
 		{
 			return $cache->sql_freeresult($query_id);
 		}
 		return true;
 	}
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -145,7 +145,7 @@ function unique_id($extra = 'c')
 	if ($dss_seeded !== true)
 	{
-		set_config('rand_seed', $config['rand_seed']);
+		set_config('rand_seed', $config['rand_seed'], true);
 		$dss_seeded = true;
 	}
@ -376,6 +376,71 @@ if (!function_exists('stripos'))
 	}
 }
 if (!function_exists('realpath'))
 {
 	/**
 	* Replacement for realpath if it is disabled
 	* This function is from the php manual by nospam at savvior dot com
 	*/
 	function phpbb_realpath($path)
 	{
 		$translated_path = getenv('PATH_TRANSLATED');
 		$translated_path = str_replace('\\', '/', $translated_path);
 		$translated_path = str_replace(basename(getenv('PATH_INFO')), '', $translated_path);
 		$translated_path .= '/';
 		if ($path == '.' || $path == './')
 		{
 			return $translated_path;
 		}
 		// now check for back directory
 		$translated_path .= $path;
 		$dirs = explode('/', $translated_path);
 		foreach ($dirs as $key => $value)
 		{
 			if ($value == '..')
 			{
 				$dirs[$key] = '';
 				$dirs[$key - 2] = '';
 			}
 		}
 		$translated_path = '';
 		foreach ($dirs as $key => $value)
 		{
 			if (strlen($value) > 0)
 			{
 				$translated_path .= $value . '/';
 			}
 		}
 		$translated_path = substr($translated_path, 0, strlen($translated_path) - 1);
 		if (is_dir($translated_path) || is_file($translated_path))
 		{
 			return $translated_path;
 		}
 		return false;
 	}
 }
 else
 {
 	/**
 	* A wrapper for realpath
 	*/
 	function phpbb_realpath($path)
 	{
 		return realpath($path);
 	}
 }
 // functions used for building option fields
 /**
@ -429,13 +494,18 @@ function style_select($default = '', $all = false)
 /**
 * Pick a timezone
 */
-function tz_select($default = '')
+function tz_select($default = '', $truncate = false)
 {
 	global $sys_timezone, $user;
 	$tz_select = '';
 	foreach ($user->lang['tz_zones'] as $offset => $zone)
 	{
 		if ($truncate)
 		{
 			$zone = (strlen($zone) > 70) ? substr($zone, 0, 70) . '...' : $zone;
 		}
 		if (is_numeric($offset))
 		{
 			$selected = ($offset == $default) ? ' selected="selected"' : '';
@ -469,7 +539,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$db->sql_query('DELETE FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
 				$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
 			}
-			else
+			else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 			{
 				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 				$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
@ -506,13 +576,13 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 		{
 			$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . " 
 				WHERE user_id = {$user->data['user_id']}
-					AND forum_id IN (" . implode(', ', $forum_id) . ")";
+					AND " . $db->sql_in_set('forum_id', $forum_id);
 			$db->sql_query($sql);
 			$sql = 'SELECT forum_id
 				FROM ' . FORUMS_TRACK_TABLE . "
 				WHERE user_id = {$user->data['user_id']}
-					AND forum_id IN (" . implode(', ', $forum_id) . ')';
+					AND " . $db->sql_in_set('forum_id', $forum_id);
 			$result = $db->sql_query($sql);
 			$sql_update = array();
@ -527,7 +597,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
 					SET mark_time = ' . time() . "
 					WHERE user_id = {$user->data['user_id']}
-						AND forum_id IN (" . implode(', ', $sql_update) . ')';
+						AND " . $db->sql_in_set('forum_id', $sql_update);
 				$db->sql_query($sql);
 			}
@ -563,7 +633,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				}
 			}
 		}
-		else
+		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
 			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 			$tracking = ($tracking) ? unserialize($tracking) : array();
@ -628,7 +698,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				$db->sql_return_on_error(false);
 			}
 		}
-		else
+		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
 			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 			$tracking = ($tracking) ? unserialize($tracking) : array();
@ -675,7 +745,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
 				if ($user->data['is_registered'])
 				{
-					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10)) . " WHERE user_id = {$user->data['user_id']}");
+					$user->data['user_lastmark'] = intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10));
 					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . $user->data['user_lastmark'] . " WHERE user_id = {$user->data['user_id']}");
 				}
 				else
 				{
@ -817,7 +888,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 		$sql = 'SELECT topic_id, mark_time
 			FROM ' . TOPICS_TRACK_TABLE . "
 			WHERE user_id = {$user->data['user_id']}
-				AND topic_id IN (" . implode(', ', $topic_ids) . ")";
+				AND " . $db->sql_in_set('topic_id', $topic_ids);
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
@ -859,7 +930,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 			}
 		}
 	}
-	else
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 	{
 		global $tracking_topics;
@ -925,6 +996,111 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 	return $last_read;
 }
 /**
 * Check for read forums and update topic tracking info accordingly
 *
 * @param int $forum_id the forum id to check
 * @param int $forum_last_post_time the forums last post time
 * @param int $f_mark_time the forums last mark time if user is registered and load_db_lastread enabled
 * @param int $mark_time_forum false if the mark time needs to be obtained, else the last users forum mark time
 *
 */
 function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)
 {
 	global $db, $tracking_topics, $user, $config;
 	// Determine the users last forum mark time if not given.
 	if ($mark_time_forum === false)
 	{
 		if ($config['load_db_lastread'] && $user->data['is_registered'])
 		{
 			$mark_time_forum = (!empty($f_mark_time)) ? $f_mark_time : $user->data['user_lastmark'];
 		}
 		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
 			if (!isset($tracking_topics) || !sizeof($tracking_topics))
 			{
 				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 				$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
 			}
 			if (!$user->data['is_registered'])
 			{
 				$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
 			}
 			$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark'];
 		}
 	}
 	// Check the forum for any left unread topics.
 	// If there are none, we mark the forum as read.
 	if ($config['load_db_lastread'] && $user->data['is_registered'])
 	{
 		if ($mark_time_forum >= $forum_last_post_time)
 		{
 			// We do not need to mark read, this happened before. Therefore setting this to true
 			$row = true;
 		}
 		else
 		{
 			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
 				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
 				WHERE t.forum_id = ' . $forum_id . '
 					AND t.topic_last_post_time > ' . $mark_time_forum . '
 					AND t.topic_moved_id = 0
 					AND tt.topic_id IS NULL
 				GROUP BY t.forum_id';
 			$result = $db->sql_query_limit($sql, 1);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 		}
 	}
 	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 	{
 		// Get information from cookie
 		$row = false;
 		if (!isset($tracking_topics['tf'][$forum_id]))
 		{
 			// We do not need to mark read, this happened before. Therefore setting this to true
 			$row = true;
 		}
 		else
 		{
 			$sql = 'SELECT topic_id
 				FROM ' . TOPICS_TABLE . '
 				WHERE forum_id = ' . $forum_id . '
 					AND topic_last_post_time > ' . $mark_time_forum . '
 					AND topic_moved_id = 0';
 			$result = $db->sql_query($sql);
 			$check_forum = $tracking_topics['tf'][$forum_id];
 			$unread = false;
 			while ($row = $db->sql_fetchrow($result))
 			{
 				if (!in_array(base_convert($row['topic_id'], 10, 36), array_keys($check_forum)))
 				{
 					$unread = true;
 					break;
 				}
 			}
 			$db->sql_freeresult($result);
 			$row = $unread;
 		}
 	}
 	else
 	{
 		$row = true;
 	}
 	if (!$row)
 	{
 		markread('topics', $forum_id);
 	}
 }
 // Pagination functions
 /**
@ -1095,8 +1271,6 @@ function generate_board_url($without_script_path = false)
 	$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 	$url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name;
 	// Forcing server vars is the only way to specify/override the protocol
 	if ($config['force_server_vars'] || !$server_name)
 	{
@ -1106,6 +1280,12 @@ function generate_board_url($without_script_path = false)
 		$url = $server_protocol . $server_name;
 	}
 	else
 	{
 		// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
 		$cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
 		$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
 	}
 	if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
 	{
@ -1128,15 +1308,12 @@ function redirect($url)
 {
 	global $db, $cache, $config, $user;
-	if (isset($db))
+	if (empty($user->lang))
 	{
-		$db->sql_close();
+		$user->add_lang('common');
 	}
-	if (isset($cache))
+	garbage_collection();
 	{
 		$cache->unload();
 	}
 	// Make sure no &amp;'s are in, this will break the redirect
 	$url = str_replace('&amp;', '&', $url);
@ -1184,8 +1361,8 @@ function redirect($url)
 		else
 		{
 			// Get the realpath of dirname
-			$root_dirs = explode('/', str_replace('\\', '/', realpath('./')));
+			$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
-			$page_dirs = explode('/', str_replace('\\', '/', realpath($pathinfo['dirname'])));
+			$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname'])));
 			$intersection = array_intersect_assoc($root_dirs, $page_dirs);
 			$root_dirs = array_diff_assoc($root_dirs, $intersection);
@ -1445,13 +1622,17 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 	if ($admin && !$auth->acl_get('a_'))
 	{
 		// Not authd
 		// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
 		if ($user->data['is_registered'])
 		{
 			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
 		}
 		trigger_error('NO_AUTH_ADMIN');
 	}
 	if (isset($_POST['login']))
 	{
-		$username	= request_var('username', '', true);
+		$username	= request_var('username', '');
 		$password	= request_var('password', '');
 		$autologin	= (!empty($_POST['autologin'])) ? true : false;
 		$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
@ -1477,10 +1658,15 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
 			}
 			else
 			{
 				// Only log the failed attempt if a real user tried to.
 				// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
 				if ($user->data['is_registered'])
 				{
 					add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
 				}
 			}
 		}
 		// The result parameter is always an array, holding the relevant informations...
 		if ($result['status'] == LOGIN_SUCCESS)
@ -1496,12 +1682,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 			trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
 		}
 		// The user wanted to re-authenticate, but something failed - log this
 		if ($admin)
 		{
 			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
 		}
 		// Something failed, determine what...
 		if ($result['status'] == LOGIN_BREAK)
 		{
@ -1625,13 +1805,13 @@ function login_forum_box($forum_data)
 			$sql_in = array();
 			do
 			{
-				$sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'";
+				$sql_in[] = (string) $row['session_id'];
 			}
 			while ($row = $db->sql_fetchrow($result));
 			// Remove expired sessions
 			$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
-				WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')';
+				WHERE ' . $db->sql_in_set('session_id', $sql_in, true);
 			$db->sql_query($sql);
 		}
 		$db->sql_freeresult($result);
@ -1737,7 +1917,7 @@ function decode_message(&$message, $bbcode_uid = '')
 * For display of custom parsed text on user-facing pages
 * Expects $text to be the value directly from the database (stored value)
 */
-function generate_text_for_display($text, $uid, $bitfield)
+function generate_text_for_display($text, $uid, $bitfield, $flags)
 {
 	global $__bbcode;
@ -1746,13 +1926,6 @@ function generate_text_for_display($text, $uid, $bitfield)
 		return '';
 	}
 	// Get flags... they are always allow_bbcode, allow_smilies and allow_urls
 	$flags = $bitfield;
 	if ($flags >> 3)
 	{
 		$flags = bindec(substr(decbin($flags), strlen(decbin($flags >> 3))));
 	}
 	// Parse bbcode if bbcode uid stored and bbcode enabled
 	if ($uid && ($flags & 1))
 	{
@ -1764,11 +1937,11 @@ function generate_text_for_display($text, $uid, $bitfield)
 		if (empty($__bbcode))
 		{
-			$__bbcode = new bbcode($bitfield >> 3);
+			$__bbcode = new bbcode($bitfield);
 		}
 		else
 		{
-			$__bbcode->bbcode($bitfield >> 3);
+			$__bbcode->bbcode($bitfield);
 		}
 		$__bbcode->bbcode_second_pass($text, $uid);
@ -1785,12 +1958,12 @@ function generate_text_for_display($text, $uid, $bitfield)
 * This function additionally returns the uid and bitfield that needs to be stored.
 * Expects $text to be the value directly from request_var() and in it's non-parsed form
 */
-function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = false, $allow_urls = false, $allow_smilies = false)
+function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bbcode = false, $allow_urls = false, $allow_smilies = false)
 {
 	global $phpbb_root_path, $phpEx;
 	$uid = '';
-	$bitfield = 0;
+	$bitfield = '';
 	if (!$text)
 	{
@ -1815,7 +1988,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = fa
 	}
 	$flags = (($allow_bbcode) ? 1 : 0) + (($allow_smilies) ? 2 : 0) + (($allow_urls) ? 4 : 0);
-	$bitfield = $flags + ($message_parser->bbcode_bitfield << 3);
+	$bitfield = $message_parser->bbcode_bitfield;
 	return;
 }
@ -1824,17 +1997,10 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, $allow_bbcode = fa
 * For decoding custom parsed text for edits as well as extracting the flags
 * Expects $text to be the value directly from the database (pre-parsed content)
 */
-function generate_text_for_edit($text, $uid, $bitfield)
+function generate_text_for_edit($text, $uid, $flags)
 {
 	global $phpbb_root_path, $phpEx;
 	// Get forum flags...
 	$flags = $bitfield;
 	if ($flags >> 3)
 	{
 		$flags = bindec(substr(decbin($flags), strlen(decbin($flags >> 3))));
 	}
 	decode_message($text, $uid);
 	return array(
@ -1880,7 +2046,7 @@ function make_clickable($text, $server_url = false)
 		$magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'";
 		// matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode.
-		$magic_url_match[] = '#(^|[\n ]|\()([a-z0-9&\-_.]+?@[\w\-]+\.(?:[\w\-\.]+\.)?[\w]+)#ie';
+		$magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie';
 		$magic_url_replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
 	}
@ -1999,26 +2165,41 @@ function extension_allowed($forum_id, $extension, &$extensions)
 // Little helpers
 /**
 * Little helper for the build_hidden_fields function
 */
 function _build_hidden_fields($key, $value, $specialchar)
 {
 	$hidden_fields = '';
 	if (!is_array($value))
 	{
 		$key = ($specialchar) ? htmlspecialchars($key) : $key;
 		$value = ($specialchar) ? htmlspecialchars($value) : $value;
 		$hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n";
 	}
 	else
 	{
 		foreach ($value as $_key => $_value)
 		{
 			$hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar);
 		}
 	}
 	return $hidden_fields;
 }
 /**
 * Build simple hidden fields from array
 */
-function build_hidden_fields($field_ary)
+function build_hidden_fields($field_ary, $specialchar = false)
 {
 	$s_hidden_fields = '';
 	foreach ($field_ary as $name => $vars)
 	{
-		if (is_array($vars))
+		$s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar);
 		{
 			foreach ($vars as $key => $value)
 			{
 				$s_hidden_fields .= '<input type="hidden" name="' . $name . '[' . $key . ']" value="' . $value . '" />';
 			}
 		}
 		else
 		{
 			$s_hidden_fields .= '<input type="hidden" name="' . $name . '" value="' . $vars . '" />';
 		}
 	}
 	return $s_hidden_fields;
@ -2139,7 +2320,7 @@ function get_backtrace()
 	$output = '<div style="font-family: monospace;">';
 	$backtrace = debug_backtrace();
-	$path = realpath($phpbb_root_path);
+	$path = phpbb_realpath($phpbb_root_path);
 	foreach ($backtrace as $number => $trace)
 	{
@ -2184,6 +2365,58 @@ function get_backtrace()
 	return $output;
 }
 /**
 * This function returns a regular expression pattern for commonly used expressions
 * Use with / as delimiter
 * mode can be: email|
 */
 function get_preg_expression($mode)
 {
 	switch ($mode)
 	{
 		case 'email':
 			return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+';
 		break;
 	}
 	return '';
 }
 /**
 * Truncates string while retaining special characters if going over the max length
 * The default max length is 60 at the moment
 */
 function truncate_string($string, $max_length = 60)
 {
 	$chars = array();
 	// split the multibyte characters first
 	$string_ary = preg_split('#(&\#[0-9]+;)#', $string, -1, PREG_SPLIT_DELIM_CAPTURE);
 	// Now go through the array and split the other characters
 	foreach ($string_ary as $key => $value)
 	{
 		if (strpos($value, '&#') === 0)
 		{
 			$chars[] = $value;
 			continue;
 		}
 		// decode html entities and put them back later
 		$_chars = str_split(html_entity_decode($value));
 		$chars = array_merge($chars, array_map('htmlspecialchars', $_chars));
 	}
 	// Now check the length ;)
 	if (sizeof($chars) <= $max_length)
 	{
 		return $string;
 	}
 	// Cut off the last elements from the array
 	return implode('', array_slice($chars, 0, $max_length));
 }
 // Handler, header and footer
 /**
@ -2221,8 +2454,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 				if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
 				{
 					// remove complete path to installation, with the risk of changing backslashes meant to be there
-					$errfile = str_replace(array(realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
+					$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
-					$msg_text = str_replace(array(realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
+					$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
 					echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
 				}
@ -2232,15 +2465,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 		case E_USER_ERROR:
-			if (isset($db))
+			garbage_collection();
 			{
 				$db->sql_close();
 			}
 			if (isset($cache))
 			{
 				$cache->unload();
 			}
 			echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
 			echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">';
@ -2390,7 +2615,15 @@ function page_header($page_title = '', $display_online_list = true)
 		if (!empty($_REQUEST['f']))
 		{
 			$f = request_var('f', 0);
-			$reading_sql = " AND s.session_page LIKE '%f=$f%'";
+
 			// Do not change this (it is defined as _f_={forum_id}x within session.php)
 			$reading_sql = " AND s.session_page LIKE '%\_f\_={$f}x%'";
 			// Specify escape character for MSSQL
 			if (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc')
 			{
 				$reading_sql .= " ESCAPE '\\'";
 			}
 		}
 		// Get number of online guests
@ -2463,7 +2696,7 @@ function page_header($page_title = '', $display_online_list = true)
 		if (!$online_userlist)
 		{
-			$online_userlist = $user->lang['NONE'];
+			$online_userlist = $user->lang['NO_ONLINE_USERS'];
 		}
 		if (empty($_REQUEST['f']))
@ -2616,7 +2849,9 @@ function page_header($page_title = '', $display_online_list = true)
 		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
 		'S_USER_LOGGED_IN'		=> ($user->data['user_id'] != ANONYMOUS) ? true : false,
 		'S_BOARD_DISABLED'		=> ($config['board_disable'] && !defined('IN_LOGIN') && $auth->acl_gets('a_', 'm_')) ? true : false,
 		'S_REGISTERED_USER'		=> $user->data['is_registered'],
 		'S_IS_BOT'				=> $user->data['is_bot'],
 		'S_USER_PM_POPUP'		=> $user->optionget('popuppm'),
 		'S_USER_LANG'			=> $user->data['user_lang'],
 		'S_USER_BROWSER'		=> (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
@ -2653,7 +2888,7 @@ function page_header($page_title = '', $display_online_list = true)
 	{
 		header('Content-type: text/html; charset=' . $user->lang['ENCODING']);
 	}
-	header('Cache-Control: private, no-cache="set-cookie", pre-check=0, post-check=0');
+	header('Cache-Control: private, no-cache="set-cookie"');
 	header('Expires: 0');
 	header('Pragma: no-cache');
@ -2726,7 +2961,6 @@ function page_footer()
 		else if (time() - $config['database_gc'] > $config['database_last_gc'])
 		{
 			// Tidy the database
 			// This includes recalculation binary trees, ...
 			$cron_type = 'tidy_database';
 		}
 		else if (time() - $config['search_gc'] > $config['search_last_gc'])
@ -2770,4 +3004,101 @@ function garbage_collection()
 	$db->sql_close();
 }
 /**
 */
 class bitfield
 {
 	var $data;
 	function bitfield($bitfield = '')
 	{
 		$this->data = base64_decode($bitfield);
 	}
 	/**
 	*/
 	function get($n)
 	{
 		// Get the ($n / 8)th char
 		$byte = $n >> 3;
 		if (!isset($this->data[$byte]))
 		{
 			// Of course, if it doesn't exist then the result if FALSE
 			return false;
 		}
 		$c = $this->data[$byte];
 		// Lookup the ($n % 8)th bit of the byte
 		$bit = 7 - ($n & 7);
 		return (bool) (ord($c) & (1 << $bit));
 	}
 	function set($n)
 	{
 		$byte = $n >> 3;
 		$bit = 7 - ($n & 7);
 		if (isset($this->data[$byte]))
 		{
 			$this->data[$byte] = $this->data[$byte] | chr(1 << $bit);
 		}
 		else
 		{
 			if ($byte - strlen($this->data) > 0)
 			{
 				$this->data .= str_repeat("\0", $byte - strlen($this->data));
 			}
 			$this->data .= chr(1 << $bit);
 		}
 	}
 	function clear($n)
 	{
 		$byte = $n >> 3;
 		if (!isset($this->data[$byte]))
 		{
 			return;
 		}
 		$bit = 7 - ($n & 7);
 		$this->data[$byte] = $this->data[$byte] &~ chr(1 << $bit);
 	}
 	function get_blob()
 	{
 		return $this->data;
 	}
 	function get_base64()
 	{
 		return base64_encode($this->data);
 	}
 	function get_bin()
 	{
 		$bin = '';
 		$len = strlen($this->data);
 		for ($i = 0; $i < $len; ++$i)
 		{
 			$bin .= str_pad(decbin(ord($this->data[$i])), 8, '0', STR_PAD_LEFT);
 		}
 		return $bin;
 	}
 	function get_all_set()
 	{
 		return array_keys(array_filter(str_split($this->get_bin())));
 	}
 	function merge($bitfield)
 	{
 		$this->data = $this->data | $bitfield->get_blob();
 	}
 }
 ?>
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@ -10,16 +10,10 @@
 /**
 * Recalculate Binary Tree
 */
 function recalc_btree($sql_id, $sql_table, $module_class = '')
 {
 	global $db;
 	/* Init table, id's, etc...
 	$sql_id = 'module_id'; // 'forum_id'
 	$sql_table = MODULES_TABLE; // FORUMS_TABLE
 	*/
 	if (!$sql_id || !$sql_table)
 	{
 		return;
@ -103,15 +97,16 @@ function recalc_btree($sql_id, $sql_table, $module_class = '')
 	}
 	$db->sql_freeresult($f_result);
 }
 */
 /**
 * Simple version of jumpbox, just lists authed forums
 */
-function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $return_array = false)
+function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $only_acl_post = false, $return_array = false)
 {
 	global $db, $user, $auth;
-	$acl = ($ignore_acl) ? '' : array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel');
+	$acl = ($ignore_acl) ? '' : (($only_acl_post) ? 'f_post' : array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'));
 	// This query is identical to the jumpbox one
 	$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, forum_status, left_id, right_id
@ -211,8 +206,8 @@ function group_select_options($group_id, $exclude_ids = false)
 {
 	global $db, $user, $config;
-	$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE group_id NOT IN (' . implode(', ', array_map('intval', $exclude_ids)) . ')' : '';
+	$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE ' . $db->sql_in_set('group_id', array_map('intval', $exclude_ids), true) : '';
-	$sql_and = ($config['coppa_hide_groups']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
+	$sql_and = (!$config['coppa_enable']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
 	$sql = 'SELECT group_id, group_name, group_type 
 		FROM ' . GROUPS_TABLE . "
@ -245,7 +240,7 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only =
 		// This query is identical to the jumpbox one
 		$expire_time = ($no_cache) ? 0 : 120;
-		$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, left_id, right_id
+		$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
 			FROM ' . FORUMS_TABLE . '
 			ORDER BY left_id ASC';
 		$result = $db->sql_query($sql, $expire_time);
@ -361,7 +356,7 @@ function filelist($rootdir, $dir = '', $type = 'gif|jpg|jpeg|png')
 	return $matches;
 }
-/*
+/**
 * Move topic(s)
 */
 function move_topics($topic_ids, $forum_id, $auto_sync = true)
@ -381,7 +376,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	}
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-		WHERE topic_moved_id IN (' . implode(', ', $topic_ids) . ')
+		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
 			AND forum_id = ' . $forum_id;
 	$db->sql_query($sql);
@ -389,7 +384,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	{
 		$sql = 'SELECT DISTINCT forum_id
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id ' . $sql_where;
+			WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
@ -404,7 +399,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	{
 		$sql = "UPDATE $table
 			SET forum_id = $forum_id
-			WHERE topic_id IN (" . implode(', ', $topic_ids) . ')';
+			WHERE " . $db->sql_in_set('topic_id', $topic_ids);
 		$db->sql_query($sql);
 	}
 	unset($table_ary);
@ -433,7 +428,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 	$sql = 'SELECT DISTINCT topic_id, forum_id
 		FROM ' . POSTS_TABLE . '
-		WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+		WHERE ' . $db->sql_in_set('post_id', $post_ids);
 	$result = $db->sql_query($sql);
 	while ($row = $db->sql_fetchrow($result))
@ -457,12 +452,12 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 	$sql = 'UPDATE ' . POSTS_TABLE . '
 		SET forum_id = ' . $forum_row['forum_id'] . ", topic_id = $topic_id
-		WHERE post_id IN (" . implode(', ', $post_ids) . ')';
+		WHERE " . $db->sql_in_set('post_id', $post_ids);
 	$db->sql_query($sql);
 	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
 		SET topic_id = $topic_id, in_message = 0
-		WHERE post_msg_id IN (" . implode(', ', $post_ids) . ')';
+		WHERE " . $db->sql_in_set('post_msg_id', $post_ids);
 	$db->sql_query($sql);
 	if ($auto_sync)
@ -470,6 +465,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 		$forum_ids[] = $forum_row['forum_id'];
 		sync('topic_reported', 'topic_id', $topic_ids);
 		sync('topic_attachment', 'topic_id', $topic_ids);
 		sync('topic', 'topic_id', $topic_ids, true);
 		sync('forum', 'forum_id', $forum_ids, true);
 	}
@ -483,7 +479,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 */
 function delete_topics($where_type, $where_ids, $auto_sync = true)
 {
-	global $db;
+	global $db, $config;
 	$forum_ids = $topic_ids = array();
@ -491,6 +487,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 	{
 		$where_ids = array_unique($where_ids);
 	}
 	else
 	{
 		$where_ids = array($where_ids);
 	}
 	if (!sizeof($where_ids))
 	{
@ -498,12 +498,12 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 	}
 	$return = array(
-		'posts'	=>	delete_posts($where_type, $where_ids, false, false)
+		'posts'	=>	delete_posts($where_type, $where_ids, false, true)
 	);
 	$sql = 'SELECT topic_id, forum_id
-		FROM ' . TOPICS_TABLE . "
+		FROM ' . TOPICS_TABLE . '
-		WHERE $where_type " . ((!is_array($where_ids)) ? "= $where_ids" : 'IN (' . implode(', ', $where_ids) . ')');
+		WHERE ' . $db->sql_in_set($where_type, $where_ids);
 	$result = $db->sql_query($sql);
 	while ($row = $db->sql_fetchrow($result))
@ -520,8 +520,6 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 		return $return;
 	}
 	$sql_where = ' IN (' . implode(', ', $topic_ids) . ')';
 	$db->sql_transaction('begin');
 	$table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE);
@ -529,13 +527,13 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 	foreach ($table_ary as $table)
 	{
 		$sql = "DELETE FROM $table 
-			WHERE topic_id $sql_where";
+			WHERE " . $db->sql_in_set('topic_id', $topic_ids);
 		$db->sql_query($sql);
 	}
 	unset($table_ary);
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . ' 
-		WHERE topic_moved_id' . $sql_where;
+		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
 	$db->sql_query($sql);
 	$db->sql_transaction('commit');
@ -546,6 +544,8 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
 		sync('topic_reported', $where_type, $where_ids);
 	}
 	set_config('num_topics', $config['num_topics'] - sizeof($return['topics']), true);
 	return $return;
 }
@ -560,17 +560,21 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	{
 		$where_ids = array_unique($where_ids);
 	}
 	else
 	{
 		$where_ids = array($where_ids);
 	}
-	if (empty($where_ids))
+	if (!sizeof($where_ids))
 	{
 		return false;
 	}
-	$post_ids = $topic_ids = $forum_ids = array();
+	$post_ids = $topic_ids = $forum_ids = $post_counts = array();
-	$sql = 'SELECT post_id, poster_id, topic_id, forum_id
+	$sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id
-		FROM ' . POSTS_TABLE . "
+		FROM ' . POSTS_TABLE . '
-		WHERE $where_type " . ((!is_array($where_ids)) ? '= ' . (int) $where_ids : 'IN (' . implode(', ', array_map('intval', $where_ids)) . ')');
+		WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids));
 	$result = $db->sql_query($sql);
 	while ($row = $db->sql_fetchrow($result))
@ -579,6 +583,11 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		$poster_ids[] = $row['poster_id'];
 		$topic_ids[] = $row['topic_id'];
 		$forum_ids[] = $row['forum_id'];
 		if ($row['post_postcount'])
 		{
 			$post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1;
 		}
 	}
 	$db->sql_freeresult($result);
@ -587,8 +596,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		return false;
 	}
 	$sql_where = implode(', ', $post_ids);
 	$db->sql_transaction('begin');
 	$table_ary = array(POSTS_TABLE, REPORTS_TABLE);
@ -596,11 +603,23 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	foreach ($table_ary as $table)
 	{
 		$sql = "DELETE FROM $table 
-			WHERE post_id IN ($sql_where)";
+			WHERE " . $db->sql_in_set('post_id', $post_ids);
 		$db->sql_query($sql);
 	}
 	unset($table_ary);
 	// Adjust users post counts
 	if (sizeof($post_counts))
 	{
 		foreach ($post_counts as $poster_id => $substract)
 		{
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_posts = user_posts - ' . $substract . '
 				WHERE user_id = ' . $poster_id;
 			$db->sql_query($sql);
 		}
 	}
 	// Remove the message from the search index
 	$search_type = basename($config['search_type']);
@ -619,7 +638,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		trigger_error($error);
 	}
-	$search->index_remove($post_ids, $poster_ids);
+	$search->index_remove($post_ids, $poster_ids, $forum_ids);
 	delete_attachments('post', $post_ids, false);
@ -638,6 +657,8 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 		sync('forum', 'forum_id', $forum_ids, true);
 	}
 	set_config('num_posts', $config['num_posts'] - sizeof($post_ids), true);
 	return sizeof($post_ids);
 }
@ -676,7 +697,7 @@ function delete_attachments($mode, $ids, $resync = true)
 	{
 		$sql = 'SELECT post_msg_id as post_id, topic_id, physical_filename, thumbnail, filesize
 			FROM ' . ATTACHMENTS_TABLE . '
-			WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
+			WHERE ' . $db->sql_in_set($sql_id, $ids);
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
@ -692,7 +713,7 @@ function delete_attachments($mode, $ids, $resync = true)
 	{
 		$sql = 'SELECT topic_id, physical_filename, thumbnail, filesize
 			FROM ' . ATTACHMENTS_TABLE . '
-			WHERE post_msg_id IN (' . implode(', ', $ids) . ')
+			WHERE ' . $db->sql_in_set('post_msg_id', $ids) . '
 				AND in_message = 0';
 		$result = $db->sql_query($sql);
@ -706,7 +727,7 @@ function delete_attachments($mode, $ids, $resync = true)
 	// Delete attachments
 	$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
-		WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
+		WHERE ' . $db->sql_in_set($sql_id, $ids);
 	$db->sql_query($sql);
 	$num_deleted = $db->sql_affectedrows();
@ -754,7 +775,7 @@ function delete_attachments($mode, $ids, $resync = true)
 		{
 			$sql = 'UPDATE ' . POSTS_TABLE . ' 
 				SET post_attachment = 0
-				WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+				WHERE ' . $db->sql_in_set('post_id', $post_ids);
 			$db->sql_query($sql);
 		}
@ -764,7 +785,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			$sql = 'SELECT post_msg_id
 				FROM ' . ATTACHMENTS_TABLE . ' 
-				WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
 					AND in_message = 0';
 			$result = $db->sql_query($sql);
@ -780,7 +801,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			{
 				$sql = 'UPDATE ' . POSTS_TABLE . ' 
 					SET post_attachment = 0
-					WHERE post_id IN (' . implode(', ', $unset_ids) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $unset_ids);
 				$db->sql_query($sql);
 			}
@ -788,7 +809,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			$sql = 'SELECT post_msg_id
 				FROM ' . ATTACHMENTS_TABLE . ' 
-				WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
 					AND in_message = 1';
 			$result = $db->sql_query($sql);
@ -804,7 +825,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			{
 				$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' 
 					SET message_attachment = 0
-					WHERE msg_id IN (' . implode(', ', $unset_ids) . ')';
+					WHERE ' . $db->sql_in_set('msg_id', $unset_ids);
 				$db->sql_query($sql);
 			}
 		}
@ -817,7 +838,7 @@ function delete_attachments($mode, $ids, $resync = true)
 		{
 			$sql = 'UPDATE ' . TOPICS_TABLE . '
 				SET topic_attachment = 0
-				WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+				WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 			$db->sql_query($sql);
 		}
@ -827,7 +848,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			$sql = 'SELECT topic_id
 				FROM ' . ATTACHMENTS_TABLE . ' 
-				WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+				WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 			$result = $db->sql_query($sql);
 			while ($row = $db->sql_fetchrow($result))
@ -842,7 +863,7 @@ function delete_attachments($mode, $ids, $resync = true)
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . ' 
 					SET topic_attachment = 0
-					WHERE topic_id IN (' . implode(', ', $unset_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $unset_ids);
 				$db->sql_query($sql);
 			}
 		}
@ -856,7 +877,7 @@ function delete_attachments($mode, $ids, $resync = true)
 */
 function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 {
-	$where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
+	$where = (is_array($forum_id)) ? 'AND ' . $db->sql_in_set('t.forum_id', array_map('intval', $forum_id)) : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
 	switch (SQL_LAYER)
 	{
@ -888,7 +909,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
 			if (sizeof($topic_ids))
 			{
 				$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-					WHERE topic_id IN (' . implode(',', $topic_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 			}
 		break;
@ -915,13 +936,13 @@ function update_posted_info(&$topic_ids)
 	// First of all, let us remove any posted information for these topics
 	$sql = 'DELETE FROM ' . TOPICS_POSTED_TABLE . '
-		WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+		WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 	$db->sql_query($sql);
 	// Now, let us collect the user/topic combos for rebuilding the information
 	$sql = 'SELECT poster_id, topic_id
 		FROM ' . POSTS_TABLE . '
-		WHERE topic_id IN (' . implode(', ', $topic_ids) . ')
+		WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
 			AND poster_id <> ' . ANONYMOUS . '
 		GROUP BY poster_id, topic_id';
 	$result = $db->sql_query($sql);
@ -1041,7 +1062,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			// Limit the topics/forums we are syncing, use specific topic/forum IDs.
 			// $where_type contains the field for the where clause (forum_id, topic_id)
-			$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
+			$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
 			$where_sql_and = $where_sql . "\n\tAND";
 		}
 	}
@ -1053,7 +1074,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 		}
 		// $where_type contains the field for the where clause (forum_id, topic_id)
-		$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
+		$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
 		$where_sql_and = $where_sql . "\n\tAND";
 	}
@ -1091,7 +1112,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					}
 					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-						WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')';
+						WHERE ' . $db->sql_in_set('topic_id', $topic_id_ary);
 					$db->sql_query($sql);
 				break;
@ -1130,7 +1151,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$sql = 'UPDATE ' . TOPICS_TABLE . '
 						SET topic_approved = 1 - topic_approved
-						WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+						WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 					$db->sql_query($sql);
 				break;
 			}
@ -1157,7 +1178,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			$sql = 'SELECT DISTINCT(post_id)
 				FROM ' . REPORTS_TABLE . '
-				WHERE post_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_id', $post_ids) . '
 					AND report_closed = 0';
 			$result = $db->sql_query($sql);
@ -1186,7 +1207,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . POSTS_TABLE . '
 					SET post_reported = 1 - post_reported
-					WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $post_ids);
 				$db->sql_query($sql);
 			}
 		break;
@ -1228,7 +1249,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_reported = 1 - topic_reported
-					WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 			}
 		break;
@ -1254,7 +1275,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			$sql = 'SELECT DISTINCT(post_msg_id)
 				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
 					AND in_message = 0';
 			$result = $db->sql_query($sql);
@ -1283,7 +1304,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . POSTS_TABLE . '
 					SET post_attachment = 1 - post_attachment
-					WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $post_ids);
 				$db->sql_query($sql);
 			}
 		break;
@ -1325,7 +1346,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_attachment = 1 - topic_attachment
-					WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 			}
 		break;
@ -1360,10 +1381,15 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			}
 			$db->sql_freeresult($result);
 			if (!sizeof($forum_ids))
 			{
 				break;
 			}
 			// 2: Get topic counts for each forum
 			$sql = 'SELECT forum_id, topic_approved, COUNT(topic_id) AS forum_topics
 				FROM ' . TOPICS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
+				WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
 				GROUP BY forum_id, topic_approved';
 			$result = $db->sql_query($sql);
@ -1382,7 +1408,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			// 3: Get post count and last_post_id for each forum
 			$sql = 'SELECT forum_id, COUNT(post_id) AS forum_posts, MAX(post_id) AS last_post_id
 				FROM ' . POSTS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
+				WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
 					AND post_approved = 1
 				GROUP BY forum_id';
 			$result = $db->sql_query($sql);
@ -1403,7 +1429,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username
 					FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-					WHERE p.post_id IN (' . implode(', ', $post_ids) . ')
+					WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
 						AND p.poster_id = u.user_id';
 				$result = $db->sql_query($sql);
@ -1469,15 +1495,21 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 		break;
 		case 'topic':
-			$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = array();
+			$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = $moved_topics = array();
-			$sql = 'SELECT t.topic_id, t.forum_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
+			$sql = 'SELECT t.topic_id, t.forum_id, t.topic_moved_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
 				FROM ' . TOPICS_TABLE . " t
 				$where_sql";
 			$result = $db->sql_query($sql);
 			while ($row = $db->sql_fetchrow($result))
 			{
 				if ($row['topic_moved_id'])
 				{
 					$moved_topics[] = $row['topic_id'];
 					continue;
 				}
 				$topic_id = (int) $row['topic_id'];
 				$topic_data[$topic_id] = $row;
 				$topic_data[$topic_id]['replies_real'] = -1;
@ -1581,9 +1613,34 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				unset($delete_topics, $delete_topic_ids);
 			}
 			// Make sure shadow topics do link to existing topics
 			if (sizeof($moved_topics))
 			{
 				$delete_topics = array();
 				$sql = 'SELECT t1.topic_id, t1.topic_moved_id
 					FROM ' . TOPICS_TABLE . ' t1
 					LEFT JOIN ' . TOPICS_TABLE . ' t2 ON (t2.topic_id = t1.topic_moved_id)
 					WHERE ' . $db->sql_in_set('t1.topic_id', $moved_topics) . '
 						AND t2.topic_id IS NULL';
 				$result = $db->sql_query($sql);
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$delete_topics[] = $row['topic_id'];
 				}
 				$db->sql_freeresult($result);
 				if (sizeof($delete_topics))
 				{
 					delete_topics('topic_id', $delete_topics, false);
 				}
 				unset($delete_topics);
 			}
 			$sql = 'SELECT p.post_id, p.topic_id, p.post_approved, p.poster_id, p.post_username, p.post_time, u.username
 				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-				WHERE p.post_id IN (' . implode(',', $post_ids) . ')
+				WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
 					AND u.user_id = p.poster_id';
 			$result = $db->sql_query($sql);
@ -1617,7 +1674,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_approved = 1 - topic_approved
-					WHERE topic_id IN (' . implode(', ', $approved_unapproved_ids) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $approved_unapproved_ids);
 				$db->sql_query($sql);
 			}
 			unset($approved_unapproved_ids);
@ -1704,9 +1761,18 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 {
 	global $db;
-	$sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : ' = ' . (int) $forum_id;
+	if (!is_array($forum_id))
 	{
 		$forum_id = array($forum_id);
 	}
 	if (!sizeof($forum_id))
 	{
 		return;
 	}
 	$sql_and = '';
 	if (!($prune_flags & 4))
 	{
 		$sql_and .= ' AND topic_type <> ' . POST_ANNOUNCE;
@ -1728,8 +1794,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 	}
 	$sql = 'SELECT topic_id
-		FROM ' . TOPICS_TABLE . "
+		FROM ' . TOPICS_TABLE . '
-		WHERE forum_id $sql_forum
+		WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
 			AND poll_start = 0 
 			$sql_and";
 	$result = $db->sql_query($sql);
@ -1744,8 +1810,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 	if ($prune_flags & 2)
 	{
 		$sql = 'SELECT topic_id
-			FROM ' . TOPICS_TABLE . "
+			FROM ' . TOPICS_TABLE . '
-			WHERE forum_id $sql_forum 
+			WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
 				AND poll_start > 0 
 				AND poll_last_vote < $prune_date 
 				$sql_and";
@ -1879,7 +1945,7 @@ function cache_moderators()
 	// Clear table
 	$db->sql_query(((SQL_LAYER != 'sqlite') ? 'TRUNCATE TABLE ' : 'DELETE FROM ') . MODERATOR_CACHE_TABLE);
-	// We add moderators who have forum moderator permissions without an explicit ACL_NO setting
+	// We add moderators who have forum moderator permissions without an explicit ACL_NEVER setting
 	$hold_ary = $ug_id_ary = $sql_ary = array();
 	// Grab all users having moderative options...
@ -1909,12 +1975,13 @@ function cache_moderators()
 			),
 			'WHERE'		=> '(o.auth_option_id = a.auth_option_id OR o.auth_option_id = r.auth_option_id)
-				AND ((a.auth_setting = ' . ACL_NO . ' AND r.auth_setting IS NULL)
+				AND ((a.auth_setting = ' . ACL_NEVER . ' AND r.auth_setting IS NULL)
-					OR r.auth_setting = ' . ACL_NO . ')
+					OR r.auth_setting = ' . ACL_NEVER . ')
 				AND a.group_id = ug.group_id
-				AND ug.user_id IN (' . implode(', ', $ug_id_ary) . ")
+				AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . "
 				AND ug.user_pending = 0
-				AND o.auth_option LIKE 'm\_%'",
+				AND o.auth_option LIKE 'm\_%'" . 
 				((SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : ''),
 		));
 		$result = $db->sql_query($sql);
@ -1932,7 +1999,7 @@ function cache_moderators()
 			// Get usernames...
 			$sql = 'SELECT user_id, username
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
+				WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary));
 			$result = $db->sql_query($sql);
 			$usernames_ary = array();
@ -1967,7 +2034,7 @@ function cache_moderators()
 		// Make sure not hidden or special groups are involved...
 		$sql = 'SELECT group_name, group_id, group_type
 			FROM  ' . GROUPS_TABLE . '
-			WHERE group_id IN (' . implode(', ', $ug_id_ary) . ')';
+			WHERE ' . $db->sql_in_set('group_id', $ug_id_ary);
 		$result = $db->sql_query($sql);
 		$groupnames_ary = array();
@ -2060,7 +2127,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			}
 			else if (is_array($forum_id))
 			{
-				$sql_forum = 'AND l.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
+				$sql_forum = 'AND ' . $db->sql_in_set('l.forum_id', array_map('intval', $forum_id));
 			}
 			else
 			{
@ -2131,12 +2198,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			if (isset($user->lang[$row['log_operation']]))
 			{
-				foreach ($log_data_ary as $log_data)
+				$log[$i]['action'] = vsprintf($log[$i]['action'], $log_data_ary);
-				{
+				$log[$i]['action'] = str_replace("\n", '<br />', censor_text($log[$i]['action']));
 					$log_data = str_replace("\n", '<br />', censor_text($log_data));
 					$log[$i]['action'] = preg_replace('#%s#', $log_data, $log[$i]['action'], 1);
 				}
 			}
 			else
 			{
@ -2156,7 +2219,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 		// although it's also used to determine if the topic still exists in the database
 		$sql = 'SELECT topic_id, forum_id
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')';
+			WHERE ' . $db->sql_in_set('topic_id', array_map('intval', $topic_id_list));
 		$result = $db->sql_query($sql);
 		$default_forum_id = 0;
@ -2454,9 +2517,8 @@ function tidy_warnings()
 	{
 		$db->sql_transaction('begin');
-		$sql_where = ' IN (' . implode(', ', $warning_list) . ')';
+		$sql = 'DELETE FROM ' . WARNINGS_TABLE . '
-		$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
+			WHERE ' . $db->sql_in_set('warning_id', $warning_list);
 			WHERE warning_id $sql_where";
 		$db->sql_query($sql);
 		foreach ($user_list as $user_id => $value)
@ -2479,20 +2541,7 @@ function tidy_database()
 {
 	global $db;
 	// Recalculate binary tree for forums
 	recalc_btree('forum_id', FORUMS_TABLE);
 	// Recalculate binary tree for modules
 	$sql = 'SELECT module_class
 		FROM ' . MODULES_TABLE . '
 		GROUP BY module_class';
 	$result = $db->sql_query($sql);
 	while ($row = $db->sql_fetchrow($result))
 	{	
 		recalc_btree('module_id', MODULES_TABLE, $row['module_class']);
 	}
 	$db->sql_freeresult($result);
 	set_config('database_last_gc', time(), true);
 }
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@ -46,16 +46,16 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	// Display list of active topics for this category?
 	$show_active = (isset($root_data['forum_flags']) && $root_data['forum_flags'] & 16) ? true : false;
 	$sql_from = FORUMS_TABLE . ' f ';
 	$lastread_select = $sql_lastread = '';
 	if ($config['load_db_lastread'] && $user->data['is_registered'])
 	{
 		$sql_from = FORUMS_TABLE . ' f LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id)';
 		$lastread_select = ', ft.mark_time ';
 	}
-	else
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 	{
 		$sql_from = FORUMS_TABLE . ' f ';
 		$lastread_select = $sql_lastread = '';
 		$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
 		$tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array();
@ -116,7 +116,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			$forum_tracking_info[$forum_id] = (!empty($row['mark_time'])) ? $row['mark_time'] : $user->data['user_lastmark'];
 		}
-		else
+		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 		{
 			if (!$user->data['is_registered'])
 			{
@ -156,7 +156,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			$parent_id = $forum_id;
 			$forum_rows[$forum_id] = $row;
-			if (!$row['parent_id'] && $row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
+			if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
 			{
 				$branch_root_id = $forum_id;
 			}
@ -228,13 +228,13 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	foreach ($forum_rows as $row)
 	{
 		// Empty category
-		if (!$row['parent_id'] && $row['forum_type'] == FORUM_CAT)
+		if ($row['parent_id'] == $root_data['forum_id'] && $row['forum_type'] == FORUM_CAT)
 		{
 			$template->assign_block_vars('forumrow', array(
 				'S_IS_CAT'				=> true,
 				'FORUM_ID'				=> $row['forum_id'],
 				'FORUM_NAME'			=> $row['forum_name'],
-				'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
+				'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
 				'FORUM_FOLDER_IMG'		=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang['FORUM_CAT'] . '" />' : '',
 				'FORUM_FOLDER_IMG_SRC'	=> ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
 				'U_VIEWFORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']))
@ -273,14 +273,14 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			}
 			$l_subforums = (sizeof($subforums[$forum_id]) == 1) ? $user->lang['SUBFORUM'] . ': ' : $user->lang['SUBFORUMS'] . ': ';
-			$folder_image = ($forum_unread) ? 'sub_forum_new' : 'sub_forum';
+			$folder_image = ($forum_unread) ? 'forum_unread_subforum' : 'forum_read_subforum';
 		}
 		else
 		{
 			switch ($row['forum_type'])
 			{
 				case FORUM_POST:
-					$folder_image = ($forum_unread) ? 'forum_new' : 'forum';
+					$folder_image = ($forum_unread) ? 'forum_unread' : 'forum_read';
 				break;
 				case FORUM_LINK:
@ -292,7 +292,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		// Which folder should we display?
 		if ($row['forum_status'] == ITEM_LOCKED)
 		{
-			$folder_image = 'forum_locked';
+			$folder_image = ($forum_unread) ? 'forum_unread_locked' : 'forum_read_locked';
 			$folder_alt = 'FORUM_LOCKED';
 		}
 		else
@ -334,7 +334,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'FORUM_ID'				=> $row['forum_id'],
 			'FORUM_NAME'			=> $row['forum_name'],
-			'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']),
+			'FORUM_DESC'			=> generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield'], $row['forum_desc_options']),
 			'TOPICS'				=> $row['forum_topics'],
 			$l_post_click_count		=> $post_click_count,
 			'FORUM_FOLDER_IMG'		=> ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : $user->img($folder_image, $folder_alt),
@ -358,7 +358,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		'U_MARK_FORUMS'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $root_data['forum_id'] . '&amp;mark=forums'),
 		'S_HAS_SUBFORUM'	=> ($visible_forums) ? true : false,
 		'L_SUBFORUM'		=> ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'],
-		'LAST_POST_IMG'		=> $user->img('icon_post_latest', 'VIEW_LATEST_POST'))
+		'LAST_POST_IMG'		=> $user->img('icon_topic_latest', 'VIEW_LATEST_POST'))
 	);
 	if ($return_moderators)
@ -383,7 +383,7 @@ function generate_forum_rules(&$forum_data)
 	if ($forum_data['forum_rules'])
 	{
-		$forum_data['forum_rules'] = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield']);
+		$forum_data['forum_rules'] = generate_text_for_display($forum_data['forum_rules'], $forum_data['forum_rules_uid'], $forum_data['forum_rules_bitfield'], $forum_data['forum_rules_options']);
 	}
 	$template->assign_vars(array(
@ -443,7 +443,7 @@ function generate_forum_nav(&$forum_data)
 	$template->assign_vars(array(
 		'FORUM_ID' 		=> $forum_data['forum_id'],
 		'FORUM_NAME'	=> $forum_data['forum_name'],
-		'FORUM_DESC'	=> generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield']))
+		'FORUM_DESC'	=> generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options']))
 	);
 	return;
@ -556,18 +556,22 @@ function get_moderators(&$forum_moderators, $forum_id = false)
 		return;
 	}
-	if ($forum_id !== false && is_array($forum_id))
+	$forum_sql = '';
 	if ($forum_id !== false)
 	{
 		if (!is_array($forum_id))
 		{
 			$forum_id = array($forum_id);
 		}
 		// If we don't have a forum then we can't have a moderator
 		if (!sizeof($forum_id))
 		{
 			return;
 		}
-		$forum_sql = 'AND forum_id IN (' . implode(', ', $forum_id) . ')';
+
-	}
+		$forum_sql = 'AND ' . $db->sql_in_set('forum_id', $forum_id);
 	else
 	{
 		$forum_sql = ($forum_id !== false) ? 'AND forum_id = ' . $forum_id : '';
 	}
 	$sql = 'SELECT *
@ -626,7 +630,7 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 	if ($topic_row['topic_status'] == ITEM_MOVED)
 	{
 		$topic_type = $user->lang['VIEW_TOPIC_MOVED'];
-		$folder_img = 'folder_moved';
+		$folder_img = 'topic_moved';
 		$folder_alt = 'VIEW_TOPIC_MOVED';
 	}
 	else
@ -634,28 +638,32 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 		switch ($topic_row['topic_type'])
 		{
 			case POST_GLOBAL:
 				$topic_type = $user->lang['VIEW_TOPIC_GLOBAL'];
 				$folder = 'global_read';
 				$folder_new = 'global_unread';
 			break;
 			case POST_ANNOUNCE:
 				$topic_type = $user->lang['VIEW_TOPIC_ANNOUNCEMENT'];
-				$folder = 'folder_announce';
+				$folder = 'announce_read';
-				$folder_new = 'folder_announce_new';
+				$folder_new = 'announce_unread';
 			break;
 			case POST_STICKY:
 				$topic_type = $user->lang['VIEW_TOPIC_STICKY'];
-				$folder = 'folder_sticky';
+				$folder = 'sticky_read';
-				$folder_new = 'folder_sticky_new';
+				$folder_new = 'sticky_unread';
 			break;
 			default:
-				if ($replies >= $config['hot_threshold'])
+				$topic_type = '';
 				$folder = 'topic_read';
 				$folder_new = 'topic_unread';
 				if ($config['hot_threshold'] && $replies >= $config['hot_threshold'])
 				{
-					$folder = 'folder_hot';
+					$folder .= '_hot';
-					$folder_new = 'folder_hot_new';
+					$folder_new .= '_hot';
 				}
 				else
 				{
 					$folder = 'folder';
 					$folder_new = 'folder_new';
 				}
 			break;
 		}
@ -663,17 +671,18 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
 		if ($topic_row['topic_status'] == ITEM_LOCKED)
 		{
 			$topic_type = $user->lang['VIEW_TOPIC_LOCKED'];
-			$folder = 'folder_locked';
+			$folder .= '_locked';
-			$folder_new = 'folder_locked_new';
+			$folder_new .= '_locked';
 		}
 		$folder_img = ($unread_topic) ? $folder_new : $folder;
 		$folder_alt = ($unread_topic) ? 'NEW_POSTS' : (($topic_row['topic_status'] == ITEM_LOCKED) ? 'TOPIC_LOCKED' : 'NO_NEW_POSTS');
 		// Posted image?
 		if (!empty($topic_row['topic_posted']) && $topic_row['topic_posted'])
 		{
-			$folder_img .= '_posted';
+			$folder_img .= '_mine';
 		}
 	}
@ -719,9 +728,9 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 		if (isset($extensions[$attachment['extension']]))
 		{
-			if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
+			if ($user->img('icon_topic_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
 			{
-				$upload_icon = $user->img('icon_attach', '');
+				$upload_icon = $user->img('icon_topic_attach', '');
 			}
 			else if ($extensions[$attachment['extension']]['upload_icon'])
 			{
@ -733,7 +742,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 		$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
 		$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
-		$comment = str_replace("\n", '<br />', censor_text($attachment['comment']));
+		$comment = str_replace("\n", '<br />', censor_text($attachment['attach_comment']));
 		$block_array += array(
 			'UPLOAD_ICON'		=> $upload_icon,
@ -784,12 +793,13 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 				}
 			}
 			$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;f=' . $forum_id) : $filename;
 			switch ($display_cat)
 			{
 				// Images
 				case ATTACHMENT_CATEGORY_IMAGE:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
 					$download_link = $filename;
 					$block_array += array(
 						'S_IMAGE'		=> true,
@ -801,17 +811,24 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 				// Images, but display Thumbnail
 				case ATTACHMENT_CATEGORY_THUMB:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
-					$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
+					$thumbnail_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&amp;t=1&amp;f=' . $forum_id) : $thumbnail_filename;
 					$block_array += array(
 						'S_THUMBNAIL'		=> true,
-						'THUMB_IMAGE'		=> $thumbnail_filename,
+						'THUMB_IMAGE'		=> $thumbnail_link,
 					);
 				break;
 				// Windows Media Streams
 				case ATTACHMENT_CATEGORY_WM:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
 					// The download link is slightly different, because somehow phpBB is not able to get the correct results if called
 					// within the wmp object (cookies are not present).
 					// $download_link = (!$force_physical && $attachment['attach_id']) ? generate_board_url() . append_sid("/download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . $forum_id, false, $user->session_id) : $filename;
 					// Giving the filename directly because within the wm object all variables are in local context making it impossible
 					// to validate against a valid session (all params can differ)
 					$download_link = $filename;
 					$block_array += array(
@ -825,7 +842,6 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 				// Real Media Streams
 				case ATTACHMENT_CATEGORY_RM:
 					$l_downloaded_viewed = $user->lang['VIEWED'];
 					$download_link = $filename;
 					$block_array += array(
 						'S_RM_FILE'		=> true,
@ -856,7 +872,6 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 */
 				default:
 					$l_downloaded_viewed = $user->lang['DOWNLOADED'];
 					$download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename;
 					$block_array += array(
 						'S_FILE'		=> true,
@ -892,6 +907,40 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
 	return $return_tpl;
 }
 /**
 * Assign/Build custom bbcodes for display in screens supporting using of bbcodes
 * The custom bbcodes buttons will be placed within the template block 'custom_codes'
 */
 function display_custom_bbcodes()
 {
 	global $db, $template;
 	// Start counting from 22 for the bbcode ids (every bbcode takes two ids - opening/closing)
 	$num_predefined_bbcodes = 22;
 	/*
 	* @todo while adjusting custom bbcodes, think about caching this query as well as correct ordering
 	*/
 	$sql = 'SELECT bbcode_id, bbcode_tag, bbcode_helpline
 		FROM ' . BBCODES_TABLE . '
 		WHERE display_on_posting = 1';
 	$result = $db->sql_query($sql);
 	$i = 0;
 	while ($row = $db->sql_fetchrow($result))
 	{
 		$template->assign_block_vars('custom_tags', array(
 			'BBCODE_NAME'		=> "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
 			'BBCODE_ID'			=> $num_predefined_bbcodes + ($i * 2),
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
 			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'])
 		);
 		$i++;
 	}
 	$db->sql_freeresult($result);
 }
 /**
 * Display reasons
 */
@ -967,7 +1016,7 @@ function display_user_activity(&$userdata)
 	}
 	$forum_ary = array_unique($forum_ary);
-	$post_count_sql = (sizeof($forum_ary)) ? 'AND f.forum_id NOT IN (' . implode(', ', $forum_ary) . ')' : '';
+	$post_count_sql = (sizeof($forum_ary)) ? 'AND ' . $db->sql_in_set('f.forum_id', $forum_ary, true) : '';
 	// Firebird does not support ORDER BY on aliased columns
 	// MySQL does not support ORDER BY on functions
@ -1073,10 +1122,10 @@ function display_user_activity(&$userdata)
 	$template->assign_vars(array(
 		'ACTIVE_FORUM'			=> $active_f_name,
 		'ACTIVE_FORUM_POSTS'	=> ($active_f_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_f_count),
-		'ACTIVE_FORUM_PCT'		=> sprintf($user->lang['POST_PCT'], $active_f_pct),
+		'ACTIVE_FORUM_PCT'		=> sprintf($user->lang['POST_PCT_ACTIVE'], $active_f_pct),
 		'ACTIVE_TOPIC'			=> censor_text($active_t_name),
 		'ACTIVE_TOPIC_POSTS'	=> ($active_t_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_t_count),
-		'ACTIVE_TOPIC_PCT'		=> sprintf($user->lang['POST_PCT'], $active_t_pct),
+		'ACTIVE_TOPIC_PCT'		=> sprintf($user->lang['POST_PCT_ACTIVE'], $active_t_pct),
 		'U_ACTIVE_FORUM'		=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $active_f_id),
 		'U_ACTIVE_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $active_t_id))
 	);
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@ -352,8 +352,8 @@ class messenger
 		$headers .= "Content-transfer-encoding: 8bit\n";
 		$headers .= "X-Priority: {$this->mail_priority}\n";
 		$headers .= 'X-MSMail-Priority: ' . (($this->mail_priority == MAIL_LOW_PRIORITY) ? 'Low' : (($this->mail_priority == MAIL_NORMAL_PRIORITY) ? 'Normal' : 'High')) . "\n";
-		$headers .= "X-Mailer: PhpBB\n";
+		$headers .= "X-Mailer: PhpBB3\n";
-		$headers .= "X-MimeOLE: phpBB\n";
+		$headers .= "X-MimeOLE: phpBB3\n";
 		$headers .= "X-phpBB-Origin: phpbb://" . str_replace(array('http://', 'https://'), array('', ''), generate_board_url()) . "\n";
 		$headers .= ($this->extra_headers != '') ? $this->extra_headers : '';
@ -363,7 +363,14 @@ class messenger
 			$mail_to = ($to == '') ? 'Undisclosed-Recipient:;' : $to;
 			$err_msg = '';
-			$result = ($config['smtp_delivery']) ? smtpmail($this->addresses, $this->subject, wordwrap($this->msg), $err_msg, $this->encoding, $headers) : @$config['email_function_name']($mail_to, $this->subject, implode("\n", preg_split("/\r?\n/", wordwrap($this->msg))), $headers);
+			if ($config['smtp_delivery'])
 			{
 				$result = smtpmail($this->addresses, $this->subject, wordwrap($this->msg), $err_msg, $this->encoding, $headers);
 			}
 			else
 			{
 				$result = @$config['email_function_name']($mail_to, $this->subject, implode("\n", preg_split("/\r?\n/", wordwrap($this->msg))), $headers);
 			}
 			if (!$result)
 			{
@ -808,8 +815,11 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
 	$smtp = new smtp_class;
 	$errno = 0;
 	$errstr = '';
 	// Ok we have error checked as much as we can to this point let's get on it already.
-	if (!$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
+	if (!$smtp->socket = @fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
 	{
 		$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
 		return false;
--- a/phpBB/includes/functions_module.php
+++ b/phpBB/includes/functions_module.php
@ -20,8 +20,8 @@ class p_master
 	var $p_mode;
 	var $p_parent;
 	var $active_module = false;
 	var $acl_forum_id = false;
 	var $module_ary = array();
 	/**
@ -86,7 +86,7 @@ class p_master
 			}
 			// Category with no members, ignore
-			if (!$row['module_name'] && ($row['left_id'] + 1 == $row['right_id']))
+			if (!$row['module_basename'] && ($row['left_id'] + 1 == $row['right_id']))
 			{
 				unset($this->module_cache['modules'][$key]);
 				continue;
@ -135,7 +135,7 @@ class p_master
 			}
 			// Category with no members on their way down (we have to check every level)
-			if (!$row['module_name'])
+			if (!$row['module_basename'])
 			{
 				$empty_category = true;
@ -145,7 +145,7 @@ class p_master
 					if ($temp_row['left_id'] > $row['left_id'] && $temp_row['left_id'] < $row['right_id'])
 					{
 						// Module there
-						if ($temp_row['module_name'] && $temp_row['module_enabled'])
+						if ($temp_row['module_basename'] && $temp_row['module_enabled'])
 						{
 							$empty_category = false;
 							break;
@ -168,15 +168,15 @@ class p_master
 			// We need to prefix the functions to not create a naming conflict
 			// Function for building 'url_extra'
-			$url_func = '_module_' . $row['module_name'] . '_url';
+			$url_func = '_module_' . $row['module_basename'] . '_url';
 			// Function for building the language name
-			$lang_func = '_module_' . $row['module_name'] . '_lang';
+			$lang_func = '_module_' . $row['module_basename'] . '_lang';
 			// Custom function for calling parameters on module init (for example assigning template variables)
-			$custom_func = '_module_' . $row['module_name'];
+			$custom_func = '_module_' . $row['module_basename'];
-			$names[$row['module_name'] . '_' . $row['module_mode']][] = true;
+			$names[$row['module_basename'] . '_' . $row['module_mode']][] = true;
 			$module_row = array(
 				'depth'		=> $depth,
@ -185,15 +185,15 @@ class p_master
 				'parent'	=> (int) $row['parent_id'],
 				'cat'		=> ($row['right_id'] > $row['left_id'] + 1) ? true : false,
-				'is_duplicate'	=> ($row['module_name'] && sizeof($names[$row['module_name'] . '_' . $row['module_mode']]) > 1) ? true : false,
+				'is_duplicate'	=> ($row['module_basename'] && sizeof($names[$row['module_basename'] . '_' . $row['module_mode']]) > 1) ? true : false,
-				'name'		=> (string) $row['module_name'],
+				'name'		=> (string) $row['module_basename'],
 				'mode'		=> (string) $row['module_mode'],
 				'display'	=> (int) $row['module_display'],
 				'url_extra'	=> (function_exists($url_func)) ? $url_func($row['module_mode']) : '',
-				'lang'		=> ($row['module_name'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),
+				'lang'		=> ($row['module_basename'] && function_exists($lang_func)) ? $lang_func($row['module_mode'], $row['module_langname']) : ((!empty($user->lang[$row['module_langname']])) ? $user->lang[$row['module_langname']] : $row['module_langname']),
 				'langname'	=> $row['module_langname'],
 				'left'		=> $row['left_id'],
@ -239,6 +239,7 @@ class p_master
 	function set_active($id = false, $mode = false)
 	{
 		$icat = false;
 		$this->active_module = false;
 		if (request_var('icat', ''))
 		{
@ -247,20 +248,20 @@ class p_master
 		}
 		$category = false;
-		foreach ($this->module_ary as $row_id => $itep_ary)
+		foreach ($this->module_ary as $row_id => $item_ary)
 		{
 			// If this is a module and it's selected, active
 			// If this is a category and the module is the first within it, active
 			// If this is a module and no mode selected, select first mode
 			// If no category or module selected, go active for first module in first category
 			if (
-				(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (($itep_ary['mode'] == $mode && !$itep_ary['cat']) || ($icat && $itep_ary['cat']))) ||
+				(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (($item_ary['mode'] == $mode && !$item_ary['cat']) || ($icat && $item_ary['cat']))) ||
-				($itep_ary['parent'] === $category && !$itep_ary['cat'] && !$icat) ||
+				($item_ary['parent'] === $category && !$item_ary['cat'] && !$icat) ||
-				(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && !$mode && !$itep_ary['cat']) ||
+				(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && !$mode && !$item_ary['cat']) ||
-				(!$id && !$mode && !$itep_ary['cat'])
+				(!$id && !$mode && !$item_ary['cat'])
 				)
 			{
-				if ($itep_ary['cat'])
+				if ($item_ary['cat'])
 				{
 					$id = $icat;
 					$icat = false;
@ -268,20 +269,21 @@ class p_master
 					continue;
 				}
-				$this->p_id		= $itep_ary['id'];
+				$this->p_id		= $item_ary['id'];
-				$this->p_parent	= $itep_ary['parent'];
+				$this->p_parent	= $item_ary['parent'];
-				$this->p_name	= $itep_ary['name'];
+				$this->p_name	= $item_ary['name'];
-				$this->p_mode 	= $itep_ary['mode'];
+				$this->p_mode 	= $item_ary['mode'];
-				$this->p_left	= $itep_ary['left'];
+				$this->p_left	= $item_ary['left'];
-				$this->p_right	= $itep_ary['right'];
+				$this->p_right	= $item_ary['right'];
 				$this->module_cache['parents'] = $this->module_cache['parents'][$this->p_id];
 				$this->active_module = $item_ary['id'];
 				break;
 			}
-			else if (($itep_ary['cat'] && $itep_ary['id'] === (int) $id) || ($itep_ary['parent'] === $category && $itep_ary['cat']))
+			else if (($item_ary['cat'] && $item_ary['id'] === (int) $id) || ($item_ary['parent'] === $category && $item_ary['cat']))
 			{
-				$category = $itep_ary['id'];
+				$category = $item_ary['id'];
 			}
 		}
 	}
@ -298,6 +300,11 @@ class p_master
 		$module_path = $phpbb_root_path . 'includes/' . $this->p_class;
 		$icat = request_var('icat', '');
 		if ($this->active_module === false)
 		{
 			trigger_error('Module not accessible', E_USER_ERROR);
 		}
 		if (!class_exists("{$this->p_class}_$this->p_name"))
 		{
 			if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx"))
@ -464,10 +471,10 @@ class p_master
 		// 1) In a linear fashion
 		// 2) In a combined tabbed + linear fashion ... tabs for the categories
 		//    and a linear list for subcategories/items
-		foreach ($this->module_ary as $row_id => $itep_ary)
+		foreach ($this->module_ary as $row_id => $item_ary)
 		{
 			// Skip hidden modules
-			if (!$itep_ary['display'])
+			if (!$item_ary['display'])
 			{
 				continue;
 			}
@ -475,7 +482,7 @@ class p_master
 			// Skip branch
 			if ($right_id !== false)
 			{
-				if ($itep_ary['left'] < $right_id)
+				if ($item_ary['left'] < $right_id)
 				{
 					continue;
 				}
@ -484,14 +491,14 @@ class p_master
 			}
 			// Category with no members on their way down (we have to check every level)
-			if (!$itep_ary['name'])
+			if (!$item_ary['name'])
 			{
 				$empty_category = true;
 				// We go through the branch and look for an activated module
 				foreach (array_slice($this->module_ary, $row_id + 1) as $temp_row)
 				{
-					if ($temp_row['left'] > $itep_ary['left'] && $temp_row['left'] < $itep_ary['right'])
+					if ($temp_row['left'] > $item_ary['left'] && $temp_row['left'] < $item_ary['right'])
 					{
 						// Module there and displayed?
 						if ($temp_row['name'] && $temp_row['display'])
@ -507,18 +514,18 @@ class p_master
 				// Skip the branch
 				if ($empty_category)
 				{
-					$right_id = $itep_ary['right'];
+					$right_id = $item_ary['right'];
 					continue;
 				}
 			}
 			// Select first id we can get
-			if (!$current_id && (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id))
+			if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id))
 			{
-				$current_id = $itep_ary['id'];
+				$current_id = $item_ary['id'];
 			}
-			$depth = $itep_ary['depth'];
+			$depth = $item_ary['depth'];
 			if ($depth > $current_depth)
 			{
@ -534,30 +541,30 @@ class p_master
 				}
 			}
-			$u_title = $module_url . $delim . 'i=' . (($itep_ary['cat']) ? $itep_ary['id'] : $itep_ary['name'] . (($itep_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $itep_ary['mode']);
+			$u_title = $module_url . $delim . 'i=' . (($item_ary['cat']) ? $item_ary['id'] : $item_ary['name'] . (($item_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $item_ary['mode']);
-			$u_title .= (!$itep_ary['cat'] && isset($itep_ary['url_extra'])) ? $itep_ary['url_extra'] : '';
+			$u_title .= (!$item_ary['cat'] && isset($item_ary['url_extra'])) ? $item_ary['url_extra'] : '';
 			// Only output a categories items if it's currently selected
-			if (!$depth || ($depth && (in_array($itep_ary['parent'], array_values($this->module_cache['parents'])) || $itep_ary['parent'] == $this->p_parent)))
+			if (!$depth || ($depth && (in_array($item_ary['parent'], array_values($this->module_cache['parents'])) || $item_ary['parent'] == $this->p_parent)))
 			{
 				$use_tabular_offset = (!$depth) ? 't_block1' : $tabular_offset;
 				$tpl_ary = array(
-					'L_TITLE'		=> $itep_ary['lang'],
+					'L_TITLE'		=> $item_ary['lang'],
-					'S_SELECTED'	=> (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
+					'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
 					'U_TITLE'		=> $u_title
 				);
-				$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
+				$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
 			}
 			$tpl_ary = array(
-				'L_TITLE'		=> $itep_ary['lang'],
+				'L_TITLE'		=> $item_ary['lang'],
-				'S_SELECTED'	=> (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
+				'S_SELECTED'	=> (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
 				'U_TITLE'		=> $u_title
 			);
-			$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
+			$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
 			$current_depth = $depth;
 		}
@ -594,6 +601,9 @@ class p_master
 		$this->p_class = $class;
 		$this->p_name = $name;
 		// Set active module to true instead of using the id
 		$this->active_module = true;
 		$this->load_active($mode);
 	}
@ -633,9 +643,9 @@ class p_master
 	*/
 	function set_display($id, $mode = false, $display = true)
 	{
-		foreach ($this->module_ary as $row_id => $itep_ary)
+		foreach ($this->module_ary as $row_id => $item_ary)
 		{
-			if (($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (!$mode || $itep_ary['mode'] === $mode))
+			if (($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (!$mode || $item_ary['mode'] === $mode))
 			{
 				$this->module_ary[$row_id]['display'] = (int) $display;
 			}
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@ -114,9 +114,9 @@ function update_post_information($type, $ids, $return_update_sql = false)
 	$update_sql = $empty_forums = array();
 	$sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id
-		FROM ' . POSTS_TABLE . "
+		FROM ' . POSTS_TABLE . '
 		WHERE post_approved = 1
-			AND {$type}_id IN (" . implode(', ', $ids) . ")
+			AND ' . $db->sql_in_set($type . '_id', $ids) . "
 		GROUP BY {$type}_id";
 	$result = $db->sql_query($sql);
@ -150,7 +150,7 @@ function update_post_information($type, $ids, $return_update_sql = false)
 		$sql = 'SELECT p.' . $type . '_id, p.post_id, p.post_time, p.poster_id, p.post_username, u.user_id, u.username
 			FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
 			WHERE p.poster_id = u.user_id
-				AND p.post_id IN (' . implode(', ', $last_post_ids) . ')';
+				AND ' . $db->sql_in_set('p.post_id', $last_post_ids);
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
@ -339,9 +339,18 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 		$file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);		
 	}
 	// Admins and mods are allowed to exceed the allowed filesize
 	if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id))
 	{
-		$allowed_filesize = ($extensions[$file->get('extension')]['max_filesize'] != 0) ? $extensions[$file->get('extension')]['max_filesize'] : (($is_message) ? $config['max_filesize_pm'] : $config['max_filesize']);
+		if (!empty($extensions[$file->get('extension')]['max_filesize']))
 		{
 			$allowed_filesize = $extensions[$file->get('extension')]['max_filesize'];
 		}
 		else
 		{
 			$allowed_filesize = ($is_message) ? $config['max_filesize_pm'] : $config['max_filesize'];
 		}
 		$file->upload->set_max_filesize($allowed_filesize);
 	}
@ -521,9 +530,10 @@ function create_thumbnail($source, $destination, $mimetype)
 	$used_imagick = false;
-	if ($config['img_imagick']) 
+	// Only use imagemagick if defined and the passthru function not disabled
 	if ($config['img_imagick'] && function_exists('passthru'))
 	{
-		passthru($config['img_imagick'] . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
+		passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
 		if (file_exists($destination))
 		{
 			$used_imagick = true;
@ -572,6 +582,12 @@ function create_thumbnail($source, $destination, $mimetype)
 				imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
 			}
 			// If we are in safe mode create the destination file prior to using the gd functions to circumvent a PHP bug
 			if (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on')
 			{
 				@touch($destination);
 			}
 			switch ($type['format'])
 			{
 				case IMG_GIF:
@ -666,7 +682,7 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
 			$template->assign_block_vars('attach_row', array(
 				'FILENAME'			=> basename($attach_row['real_filename']),
 				'ATTACH_FILENAME'	=> basename($attach_row['physical_filename']),
-				'FILE_COMMENT'		=> $attach_row['comment'],
+				'FILE_COMMENT'		=> $attach_row['attach_comment'],
 				'ATTACH_ID'			=> $attach_row['attach_id'],
 				'ASSOC_INDEX'		=> $count,
@ -741,7 +757,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
 	{
 		$sql = 'SELECT topic_id, forum_id, topic_title
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')';
+			WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids));
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
@ -822,11 +838,11 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		return false;
 	}
-	$bbcode_bitfield = 0;
+	$bbcode_bitfield = '';
 	do
 	{
 		$rowset[] = $row;
-		$bbcode_bitfield |= $row['bbcode_bitfield'];
+		$bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']);
 	}
 	while ($row = $db->sql_fetchrow($result));
 	$db->sql_freeresult($result);
@ -876,7 +892,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		$template->assign_block_vars($mode . '_row', array(
 			'POSTER_NAME'		=> $poster,
 			'POST_SUBJECT'		=> $post_subject,
-			'MINI_POST_IMG'		=> $user->img('icon_post', $user->lang['POST']),
+			'MINI_POST_IMG'		=> $user->img('icon_post_target', $user->lang['POST']),
 			'POST_DATE'			=> $user->format_date($row['post_time']),
 			'MESSAGE'			=> str_replace("\n", '<br />', $message), 
 			'DECODED_MESSAGE'	=> $decoded_message,
@ -891,7 +907,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 	if ($mode == 'topic_review')
 	{
-		$template->assign_var('QUOTE_IMG', $user->img('btn_quote', $user->lang['REPLY_WITH_QUOTE']));
+		$template->assign_var('QUOTE_IMG', $user->img('icon_post_quote', $user->lang['REPLY_WITH_QUOTE']));
 	}
 	return true;
@ -1093,7 +1109,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		$sql = 'UPDATE ' . TOPICS_WATCH_TABLE . "
 			SET notify_status = 1
 			WHERE topic_id = $topic_id
-				AND user_id IN (" . implode(', ', $update_notification['topic']) . ")";
+				AND " . $db->sql_in_set('user_id', $update_notification['topic']);
 		$db->sql_query($sql);
 	}
@ -1102,7 +1118,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 		$sql = 'UPDATE ' . FORUMS_WATCH_TABLE . "
 			SET notify_status = 1
 			WHERE forum_id = $forum_id
-				AND user_id IN (" . implode(', ', $update_notification['forum']) . ")";
+				AND " . $db->sql_in_set('user_id', $update_notification['forum']);
 		$db->sql_query($sql);
 	}
@ -1111,7 +1127,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	{
 		$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "
 			WHERE topic_id = $topic_id
-				AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")";
+				AND " . $db->sql_in_set('user_id', $delete_ids['topic']);
 		$db->sql_query($sql);
 	}
@ -1119,7 +1135,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	{
 		$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . "
 			WHERE forum_id = $forum_id
-				AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")";
+				AND " . $db->sql_in_set('user_id', $delete_ids['forum']);
 		$db->sql_query($sql);
 	}
@ -1165,7 +1181,6 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 	{
 		case 'delete_topic':
 			delete_topics('topic_id', array($topic_id), false);
 			set_config('num_topics', $config['num_topics'] - 1, true);
 			if ($data['topic_type'] != POST_GLOBAL)
 			{
@ -1258,8 +1273,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 		break;
 	}
-	$sql_data[USERS_TABLE] = ($auth->acl_get('f_postcount', $forum_id)) ? 'user_posts = user_posts - 1' : '';
+//	$sql_data[USERS_TABLE] = ($data['post_postcount']) ? 'user_posts = user_posts - 1' : '';
 	set_config('num_posts', $config['num_posts'] - 1, true);
 	$db->sql_transaction('begin');
@ -1338,6 +1352,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 		$post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'edit_topic' : (($data['topic_first_post_id'] == $data['post_id']) ? 'edit_first_post' : (($data['topic_last_post_id'] == $data['post_id']) ? 'edit_last_post' : 'edit'));
 	}
 	// First of all make sure the subject and topic title are having the correct length.
 	// To achive this without cutting off between special chars we convert to an array and then count the elements.
 	$subject = truncate_string($subject);
 	$data['topic_title'] = truncate_string($data['topic_title']);
 	// Collect some basic informations about which tables and which rows to update/insert
 	$sql_data = array();
 	$poster_id = ($mode == 'edit') ? $data['poster_id'] : (int) $user->data['user_id'];
@ -1366,6 +1385,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 				'post_attachment'	=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0,
 				'bbcode_bitfield'	=> $data['bbcode_bitfield'],
 				'bbcode_uid'		=> $data['bbcode_uid'],
 				'post_postcount'	=> ($auth->acl_get('f_postcount', $data['forum_id'])) ? 1 : 0,
 				'post_edit_locked'	=> $data['post_edit_locked']
 			);
 		break;
@ -1529,8 +1549,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			);
 		}
-		$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' .
+		$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' .	$db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
 			$db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
 		$db->sql_query($sql);
 		$data['post_id'] = $db->sql_nextid();
@ -1695,7 +1714,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			{
 				// update entry in db if attachment already stored in db and filespace
 				$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
-					SET comment = '" . $db->sql_escape($attach_row['comment']) . "'
+					SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "'
 					WHERE attach_id = " . (int) $attach_row['attach_id'];
 				$db->sql_query($sql);
 			}
@ -1714,7 +1733,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 					'poster_id'			=> $poster_id,
 					'physical_filename'	=> basename($attach_row['physical_filename']),
 					'real_filename'		=> basename($attach_row['real_filename']),
-					'comment'			=> $attach_row['comment'],
+					'attach_comment'	=> $attach_row['attach_comment'],
 					'extension'			=> $attach_row['extension'],
 					'mimetype'			=> $attach_row['mimetype'],
 					'filesize'			=> $attach_row['filesize'],
@ -1843,7 +1862,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			trigger_error($error);
 		}
-		$search->index($mode, $data['post_id'], $data['message'], $subject, $poster_id);
+		$search->index($mode, $data['post_id'], $data['message'], $subject, $user->lang['ENCODING'], $poster_id, ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id']);
 	}
 	$db->sql_transaction('commit');
@ -1886,6 +1905,35 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	// We do not use post_time here, this is intended (post_time can have a date in the past if editing a message)
 	markread('topic', $data['forum_id'], $data['topic_id'], time());
 	//
 	if ($config['load_db_lastread'] && $user->data['is_registered'])
 	{
 		$sql = 'SELECT mark_time
 			FROM ' . FORUMS_TRACK_TABLE . '
 			WHERE user_id = ' . $user->data['user_id'] . '
 				AND forum_id = ' . $data['forum_id'];
 		$result = $db->sql_query($sql);
 		$f_mark_time = (int) $db->sql_fetchfield('mark_time');
 		$db->sql_freeresult($result);
 	}
 	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 	{
 		$f_mark_time = false;
 	}
 	if ($config['load_db_lastread'] || $config['load_anon_lastread'] || $user->data['is_registered'])
 	{
 		// Update forum info
 		$sql = 'SELECT forum_last_post_time
 			FROM ' . FORUMS_TABLE . '
 			WHERE forum_id = ' . $data['forum_id'];
 		$result = $db->sql_query($sql);
 		$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');
 		$db->sql_freeresult($result);
 		update_forum_tracking_info($data['forum_id'], $forum_last_post_time, $f_mark_time, false);
 	}
 	// Send Notifications
 	if ($mode != 'edit' && $mode != 'delete' && ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])))
 	{
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@ -86,8 +86,8 @@ $global_privmsgs_rules = array(
 	),
 	CHECK_STATUS	=> array(
-		RULE_ANSWERED		=> array('check0' => 'replied', 'function' => '{CHECK0} == 1'),
+		RULE_ANSWERED		=> array('check0' => 'pm_replied', 'function' => '{CHECK0} == 1'),
-		RULE_FORWARDED		=> array('check0' => 'forwarded', 'function' => '{CHECK0} == 1'),
+		RULE_FORWARDED		=> array('check0' => 'pm_forwarded', 'function' => '{CHECK0} == 1'),
 	),
 	CHECK_TO		=> array(
@ -121,7 +121,7 @@ function get_folder($user_id, $folder_id = false)
 	$folder = array();
 	// Get folder informations
-	$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages, SUM(unread) as num_unread
+	$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages, SUM(pm_unread) as num_unread
 		FROM ' . PRIVMSGS_TO_TABLE . "
 		WHERE user_id = $user_id
 			AND folder_id <> " . PRIVMSGS_NO_BOX . '
@ -262,7 +262,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
 	// Replace Rule Literals
 	$evaluate = preg_replace('/{(STRING|USER_ID|GROUP_ID)}/', '$rule_row["rule_" . strtolower("\1")]', $evaluate);
-	// Eval Statement
+	// Evil Statement
 	$result = false;
 	eval('$result = (' . $evaluate . ') ? true : false;');
@ -280,7 +280,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id)
 		case ACTION_MARK_AS_READ:
 		case ACTION_MARK_AS_IMPORTANT:
 		case ACTION_DELETE_MESSAGE:
-			return array('action' => $rule_row['rule_action'], 'unread' => $message_row['unread'], 'marked' => $message_row['marked']);
+			return array('action' => $rule_row['rule_action'], 'pm_unread' => $message_row['pm_unread'], 'pm_marked' => $message_row['pm_marked']);
 		break;
 		default:
@ -387,7 +387,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		{
 			$sql = 'SELECT *
 				FROM ' . USER_GROUP_TABLE . ' 
-				WHERE user_id IN (' . implode(', ', $user_ids) . ')
+				WHERE ' . $db->sql_in_set('user_id', $user_ids) . '
 					AND user_pending = 0';
 			$result = $db->sql_query($sql);
@ -447,18 +447,24 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 			switch ($rule_ary['action'])
 			{
 				case ACTION_PLACE_INTO_FOLDER:
 					// Folder actions have precedence, so we will remove any other ones
 					$folder_action = true;
 					$_folder_id = (int) $rule_ary['folder_id'];
 					$move_into_folder = array();
 					$move_into_folder[$_folder_id][] = $msg_id;
 					$num_new++;
 				break;
 				case ACTION_MARK_AS_READ:
-					if ($rule_ary['unread'])
+					if ($rule_ary['pm_unread'])
 					{
 						$unread_ids[] = $msg_id;
 					}
 					if (!$folder_action)
 					{
 						$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
 					}
 				break;
 				case ACTION_DELETE_MESSAGE:
@ -466,11 +472,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 				break;
 				case ACTION_MARK_AS_IMPORTANT:
-					if (!$rule_ary['marked'])
+					if (!$rule_ary['pm_marked'])
 					{
 						$important_ids[] = $msg_id;
 					}
 					if (!$folder_action)
 					{
 						$move_into_folder[PRIVMSGS_INBOX][] = $msg_id;
 					}
 				break;
 			}
 		}
@ -495,8 +505,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 	if (sizeof($unread_ids))
 	{
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
-			SET unread = 0
+			SET pm_unread = 0
-			WHERE msg_id IN (' . implode(', ', $unread_ids) . ")
+			WHERE ' . $db->sql_in_set('msg_id', $unread_ids) . "
 				AND user_id = $user_id
 				AND folder_id = " . PRIVMSGS_NO_BOX;
 		$db->sql_query($sql);
@ -506,10 +516,10 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 	if (sizeof($important_ids))
 	{
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-			SET marked = !marked
+			SET pm_marked = !pm_marked
 			WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
 				AND user_id = $user_id
-				AND msg_id IN (" . implode(', ', $important_ids) . ')';
+				AND " . $db->sql_in_set('msg_id', $important_ids);
 		$db->sql_query($sql);
 	}
@ -521,9 +531,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		// Determine Full Folder Action - we need the move to folder id later eventually
 		$full_folder_action = ($user->data['user_full_folder'] == FULL_FOLDER_NONE) ? ($config['full_folder_action'] - (FULL_FOLDER_NONE*(-1))) : $user->data['user_full_folder'];
 		$sql_folder = array_keys($move_into_folder);
 		if ($full_folder_action >= 0)
 		{
 			$sql_folder[] = $full_folder_action;
 		}
 		$sql = 'SELECT folder_id, pm_count 
 			FROM ' . PRIVMSGS_FOLDER_TABLE . '
-			WHERE folder_id IN (' . implode(', ', array_keys($move_into_folder)) . (($full_folder_action >= 0) ? ', ' . $full_folder_action : '') . ")
+			WHERE ' . $db->sql_in_set('folder_id', $sql_folder) . "
 				AND user_id = $user_id";
 		$result = $db->sql_query($sql);
@ -533,6 +549,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		}
 		$db->sql_freeresult($result);
 		unset($sql_folder);
 		if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
 		{
 			$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages
@ -586,6 +604,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 					$delete_ids[] = $row['msg_id'];
 				}
 				$db->sql_freeresult($result);
 				delete_pm($user_id, $delete_ids, $dest_folder);
 			}
 		}
@ -594,21 +613,22 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		if ($full_folder_action == FULL_FOLDER_HOLD)
 		{
 			$num_not_moved += sizeof($msg_ary);
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
 				SET folder_id = ' . PRIVMSGS_HOLD_BOX . '
 				WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
 					AND user_id = $user_id
-					AND msg_id IN (" . implode(', ', $msg_ary) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ary);
 			$db->sql_query($sql);
 		}
 		else
 		{
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . " 
-				SET folder_id = $dest_folder, new = 0
+				SET folder_id = $dest_folder, pm_new = 0
 				WHERE folder_id = " . PRIVMSGS_NO_BOX . "
 					AND user_id = $user_id
-					AND new = 1
+					AND pm_new = 1
-					AND msg_id IN (" . implode(', ', $msg_ary) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ary);
 			$db->sql_query($sql);
 			if ($dest_folder != PRIVMSGS_INBOX)
@ -633,7 +653,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
 			SET folder_id = ' . PRIVMSGS_SENTBOX . '
 			WHERE folder_id = ' . PRIVMSGS_OUTBOX . '
-				AND msg_id IN (' . implode(', ', array_keys($action_ary)) . ')';
+				AND ' . $db->sql_in_set('msg_id', array_keys($action_ary));
 		$db->sql_query($sql);
 	}
@ -718,7 +738,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
 			SET folder_id = $dest_folder
 			WHERE folder_id = $cur_folder_id
 				AND user_id = $user_id
-				AND msg_id IN (" . implode(', ', $move_msg_ids) . ')';
+				AND " . $db->sql_in_set('msg_id', $move_msg_ids);
 		$db->sql_query($sql);
 		$num_moved = $db->sql_affectedrows();
@ -761,7 +781,7 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id)
 	global $db;
 	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . " 
-		SET unread = 0
+		SET pm_unread = 0
 		WHERE msg_id = $msg_id
 			AND user_id = $user_id
 			AND folder_id = $folder_id";
@ -794,10 +814,10 @@ function handle_mark_actions($user_id, $mark_action)
 		case 'mark_important':
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
-				SET marked = !marked
+				SET pm_marked = !pm_marked
 				WHERE folder_id = $cur_folder_id
 					AND user_id = $user_id
-					AND msg_id IN (" . implode(', ', $msg_ids) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ids);
 			$db->sql_query($sql);
 		break;
@ -865,9 +885,9 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	}
 	// Get PM Informations for later deleting
-	$sql = 'SELECT msg_id, unread, new
+	$sql = 'SELECT msg_id, pm_unread, pm_new
 		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE msg_id IN (' . implode(', ', array_map('intval', $msg_ids)) . ")
+		WHERE ' . $db->sql_in_set('msg_id', array_map('intval', $msg_ids)) . "
 			AND folder_id = $folder_id
 			AND user_id = $user_id";
 	$result = $db->sql_query($sql);
@ -876,8 +896,8 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	$num_unread = $num_new = $num_deleted = 0;
 	while ($row = $db->sql_fetchrow($result))
 	{
-		$num_unread += (int) $row['unread'];
+		$num_unread += (int) $row['pm_unread'];
-		$num_new += (int) $row['new'];
+		$num_new += (int) $row['pm_new'];
 		$delete_rows[$row['msg_id']] = 1;
 	}
@ -896,19 +916,19 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		// Remove PM from Outbox
 		$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
 			WHERE user_id = $user_id AND folder_id = " . PRIVMSGS_OUTBOX . '
-				AND msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+				AND ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 		// Update PM Information for safety
 		$sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_text = ''
-			WHERE msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
+			WHERE " . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 		// Set delete flag for those intended to receive the PM
 		// We do not remove the message actually, to retain some basic informations (sent time for example)
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-			SET deleted = 1
+			SET pm_deleted = 1
-			WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+			WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 		$num_deleted = $db->sql_affectedrows();
@ -919,7 +939,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
 			WHERE user_id = $user_id
 				AND folder_id = $folder_id
-				AND msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
+				AND " . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 		$num_deleted = $db->sql_affectedrows();
 	}
@ -949,7 +969,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	// Now we have to check which messages we can delete completely	
 	$sql = 'SELECT msg_id 
 		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+		WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 	$result = $db->sql_query($sql);
 	while ($row = $db->sql_fetchrow($result))
@ -958,12 +978,12 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	}
 	$db->sql_freeresult($result);
-	$delete_ids = implode(', ', array_keys($delete_rows));
+	$delete_ids = array_keys($delete_rows);
-	if ($delete_ids)
+	if (sizeof($delete_ids))
 	{
 		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
-			WHERE msg_id IN (' . $delete_ids . ')';
+			WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
 		$db->sql_query($sql);
 	}
@ -1039,7 +1059,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 		{
 			$sql = 'SELECT user_id, username, user_colour 
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(', ', $u) . ')
+				WHERE ' . $db->sql_in_set('user_id', $u) . '
 					AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
 			$result = $db->sql_query($sql);
@ -1066,7 +1086,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 			{
 				$sql = 'SELECT group_name, group_type
 					FROM ' . GROUPS_TABLE . ' 
-						WHERE group_id IN (' . implode(', ', $g) . ')';
+						WHERE ' . $db->sql_in_set('group_id', $g);
 				$result = $db->sql_query($sql);
 				while ($row = $db->sql_fetchrow($result))
@ -1082,7 +1102,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 			{
 				$sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id
 					FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
-						WHERE g.group_id IN (' . implode(', ', $g) . ')
+						WHERE ' . $db->sql_in_set('g.group_id', $g) . '
 						AND g.group_id = ug.group_id
 						AND ug.user_pending = 0';
 				$result = $db->sql_query($sql);
@ -1222,7 +1242,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 		{
 			$sql = 'SELECT group_id, user_id
 				FROM ' . USER_GROUP_TABLE . '
-				WHERE group_id IN (' . implode(', ', array_keys($data['address_list']['g'])) . ')
+				WHERE ' . $db->sql_in_set('group_id', array_keys($data['address_list']['g'])) . '
 					AND user_pending = 0';
 			$result = $db->sql_query($sql);
@ -1250,7 +1270,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 			// Set message_replied switch for this user
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
-				SET replied = 1
+				SET pm_replied = 1
 				WHERE user_id = ' . $data['from_user_id'] . '
 					AND msg_id = ' . $data['reply_from_msg_id'];
@ -1300,6 +1320,8 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 	if (sizeof($sql_data))
 	{
 		$query = '';
 		if ($mode == 'post' || $mode == 'reply' || $mode == 'quote' || $mode == 'quotepost' || $mode == 'forward')
 		{
 			$db->sql_query('INSERT INTO ' . PRIVMSGS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data));
@ -1332,9 +1354,9 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 				'user_id'		=> (int) $user_id,
 				'author_id'		=> (int) $data['from_user_id'],
 				'folder_id'		=> PRIVMSGS_NO_BOX,
-				'new'		=> 1,
+				'pm_new'		=> 1,
-				'unread'	=> 1,
+				'pm_unread'		=> 1,
-				'forwarded'	=> ($mode == 'forward') ? 1 : 0
+				'pm_forwarded'	=> ($mode == 'forward') ? 1 : 0
 			);
 		}
@ -1359,7 +1381,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 		$sql = 'UPDATE ' . USERS_TABLE . ' 
 			SET user_new_privmsg = user_new_privmsg + 1, user_unread_privmsg = user_unread_privmsg + 1, user_last_privmsg = ' . time() . '
-			WHERE user_id IN (' . implode(', ', array_keys($recipients)) . ')';
+			WHERE ' . $db->sql_in_set('user_id', array_keys($recipients));
 		$db->sql_query($sql);
 		// Put PM into outbox
@ -1370,9 +1392,9 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 				'user_id'		=> (int) $data['from_user_id'],
 				'author_id'		=> (int) $data['from_user_id'],
 				'folder_id'		=> PRIVMSGS_OUTBOX,
-				'new'		=> 0,
+				'pm_new'		=> 0,
-				'unread'	=> 0,
+				'pm_unread'		=> 0,
-				'forwarded'	=> ($mode == 'forward') ? 1 : 0))
+				'pm_forwarded'	=> ($mode == 'forward') ? 1 : 0))
 			);
 		}
@ -1401,7 +1423,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 			{
 				// update entry in db if attachment already stored in db and filespace
 				$sql = 'UPDATE ' . ATTACHMENTS_TABLE . " 
-					SET comment = '" . $db->sql_escape($attach_row['comment']) . "' 
+					SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "' 
 					WHERE attach_id = " . (int) $attach_row['attach_id'];
 				$db->sql_query($sql);
 			}
@ -1415,7 +1437,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 					'poster_id'			=> $data['from_user_id'],
 					'physical_filename'	=> basename($attach_row['physical_filename']),
 					'real_filename'		=> basename($attach_row['real_filename']),
-					'comment'			=> $attach_row['comment'],
+					'attach_comment'	=> $attach_row['attach_comment'],
 					'extension'			=> $attach_row['extension'],
 					'mimetype'			=> $attach_row['mimetype'],
 					'filesize'			=> $attach_row['filesize'],
@ -1477,20 +1499,24 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 	$subject = censor_text($subject);
 	unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]);
 	if (!sizeof($recipients))
 	{
 		return;
 	}
 	// Get banned User ID's
 	$sql = 'SELECT ban_userid 
-		FROM ' . BANLIST_TABLE;
+		FROM ' . BANLIST_TABLE . '
 		WHERE ' . $db->sql_in_set('ban_userid', array_map('intval', array_keys($recipients))) . '
 			AND ban_exclude = 0';
 	$result = $db->sql_query($sql);
 	unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]);
 	while ($row = $db->sql_fetchrow($result))
 	{
 		if (isset($row['ban_userid']))
 	{
 		unset($recipients[$row['ban_userid']]);
 	}
 	}
 	$db->sql_freeresult($result);
 	if (!sizeof($recipients))
@ -1498,11 +1524,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 		return;
 	}
 	$recipient_list = implode(', ', array_keys($recipients));
 	$sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber 
-		FROM ' . USERS_TABLE . "
+		FROM ' . USERS_TABLE . '
-		WHERE user_id IN ($recipient_list)";
+		WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($recipients)));
 	$result = $db->sql_query($sql);
 	$msg_list_ary = array();
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@ -230,7 +230,7 @@ class custom_profile
 		}
 		else
 		{
-			$sql = 'SELECT option_id, value
+			$sql = 'SELECT option_id, lang_value
 				FROM ' . PROFILE_FIELDS_LANG_TABLE . "
 					WHERE field_id = $field_id
 					AND lang_id = $lang_id
@ -240,7 +240,7 @@ class custom_profile
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$this->options_lang[$field_id][$lang_id][($row['option_id'] + 1)] = $row['value'];
+				$this->options_lang[$field_id][$lang_id][($row['option_id'] + 1)] = $row['lang_value'];
 			}
 			$db->sql_freeresult($result);
 		}
@ -286,8 +286,8 @@ class custom_profile
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$cp_data[$row['field_ident']] = $this->get_profile_field($row);
+			$cp_data['_' . $row['field_ident']] = $this->get_profile_field($row);
-			$check_value = $cp_data[$row['field_ident']];
+			$check_value = $cp_data['_' . $row['field_ident']];
 			if (($cp_result = $this->validate_profile_field($row['field_type'], $check_value, $row)) !== false)
 			{
@ -358,14 +358,14 @@ class custom_profile
 				$this->build_cache();
 			}
-			if (!implode(', ', $user_id))
+			if (!sizeof($user_id))
 			{
 				return array();
 			}
 			$sql = 'SELECT *
 				FROM ' . PROFILE_FIELDS_DATA_TABLE . '
-				WHERE user_id IN (' . implode(', ', array_map('intval', $user_id)) . ')';
+				WHERE ' . $db->sql_in_set('user_id', array_map('intval', $user_id));
 			$result = $db->sql_query($sql);
 			$field_data = array();
@ -382,7 +382,7 @@ class custom_profile
 			{
 				foreach ($field_data as $user_id => $row)
 				{
-					$user_fields[$user_id][$used_ident]['value'] = $row[$used_ident];
+					$user_fields[$user_id][$used_ident]['value'] = $row['_' . $used_ident];
 					$user_fields[$user_id][$used_ident]['data'] = $this->profile_cache[$used_ident];
 				}
 			}
@ -494,7 +494,15 @@ class custom_profile
 					return NULL;
 				}
-				return $this->options_lang[$field_id][$lang_id][(int) $value];
+				$value = (int) $value;
 				// User not having a value assigned
 				if (!isset($this->options_lang[$field_id][$lang_id][$value]))
 				{
 					return NULL;
 				}
 				return $this->options_lang[$field_id][$lang_id][$value];
 			break;
 			case 'bool':
@ -534,7 +542,7 @@ class custom_profile
 		global $user;
 		$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
-		$user_ident = str_replace('pf_', '', $profile_row['field_ident']);
+		$user_ident = '_' . str_replace('pf_', '', $profile_row['field_ident']);
 		// checkbox - only testing for isset
 		if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2)
@ -601,7 +609,7 @@ class custom_profile
 		global $user, $template;
 		$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];
-		$user_ident = str_replace('pf_', '', $profile_row['field_ident']);
+		$user_ident = '_' . str_replace('pf_', '', $profile_row['field_ident']);
 		$now = getdate();
@ -779,13 +787,13 @@ class custom_profile
 		$sql_not_in = array();
 		foreach ($cp_data as $key => $null)
 		{
-			$sql_not_in[] = "'" . $db->sql_escape($key) . "'";
+			$sql_not_in[] = (strncmp($key, '_', 1) === 0) ? substr($key, 1) : $key;
 		}
 		$sql = 'SELECT f.field_type, f.field_ident, f.field_default_value, l.lang_default_value
 			FROM ' . PROFILE_LANG_TABLE . ' l, ' . PROFILE_FIELDS_TABLE . ' f 
 			WHERE l.lang_id = ' . $user->get_iso_lang_id() . ' 
-				' . ((sizeof($sql_not_in)) ? ' AND f.field_ident NOT IN (' . implode(', ', $sql_not_in) . ')' : '') . '
+				' . ((sizeof($sql_not_in)) ? ' AND ' . $db->sql_in_set('f.field_ident', $sql_not_in, true) : '') . '
 				AND l.field_id = f.field_id';
 		$result = $db->sql_query($sql);
@ -796,7 +804,8 @@ class custom_profile
 				$now = getdate();
 				$row['field_default_value'] = sprintf('%2d-%2d-%4d', $now['mday'], $now['mon'], $now['year']);
 			}
-			$cp_data[$row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
+
 			$cp_data['_' . $row['field_ident']] = (in_array($row['field_type'], array(FIELD_TEXT, FIELD_STRING))) ? $row['lang_default_value'] : $row['field_default_value'];
 		}
 		$db->sql_freeresult($result);
--- a/phpBB/includes/functions_template.php
+++ b/phpBB/includes/functions_template.php
@ -68,6 +68,89 @@ class template_compile
 		$this->compile_write($handle, $this->template->compiled_code[$handle]);
 	}
 	/**
 	* Straight-forward strategy: use PHP's tokenizer to escape everything that
 	* looks like a PHP tag.
 	*
 	* We open/close PHP tags at the beginning of the template to clearly indicate
 	* that we are in HTML mode. If we find a PHP tag, we escape it then we reiterate
 	* over the whole file. That can become quite slow if the file is stuffed with
 	* <?php tags, but there's only so much we can do.
 	*
 	* Known issue: templates need to be rechecked everytime the value of the php.ini
 	* settings asp_tags or short_tags are changed
 	*/
 	function remove_php_tags(&$code)
 	{
 		if (!function_exists('token_get_all'))
 		{
 			/**
 			* If the tokenizer extension is not available, try to load it and if
 			* it's still not available we fall back to some pattern replacement.
 			*
 			* Note that the pattern replacement may affect the well-formedness
 			* of the HTML if a PHP tag is found because even if we escape PHP
 			* opening tags we do NOT escape PHP closing tags and cannot do so
 			* reliably without the use of a full-blown tokenizer.
 			*
 			* The bottom line is, a template should NEVER contain PHP because it
 			* would comprise the security of the installation, that's why we
 			* prevent it from being executed. Our job is to secure the installation,
 			* not fix unsecure templates. if a template contains some PHP then it
 			* should not be used at all.
 			*/
 			@dl('tokenizer');
 			if (!function_exists('token_get_all'))
 			{
 				$match = array(
 					'\\?php[\n\r\s\t]+',
 					'[\\?%]=',
 					'[\\?%][^\w]',
 					'script[\n\r\s\t]+language[\n\r\s\t]*=[\n\r\s\t]*[\'"]php[\'"]'
 				);
 				$code = preg_replace('#<(' . implode('|', $match) . ')#is', '&lt;$1', $code);
 				return;
 			}
 		}
 		do
 		{
 			$tokens = token_get_all('<?php ?>' . $code);
 			$code = '';
 			$php_found = false;
 			foreach ($tokens as $i => $token)
 			{
 				if (!is_array($token))
 				{
 					$code .= $token;
 				}
 				else if ($token[0] == T_OPEN_TAG || $token[0] == T_OPEN_TAG_WITH_ECHO || $token[0] == T_CLOSE_TAG)
 				{
 					if ($i > 1)
 					{
 						$code .= htmlspecialchars($token[1]);
 						$php_found = true;
 					}
 				}
 				else
 				{
 					$code .= $token[1];
 				}
 			}
 			unset($tokens);
 			// Fix for a tokenizer oddity
 			if (!strncmp($code, '<?php ?&gt;', 11))
 			{
 				$code = substr($code, 11);
 			}
 		}
 		while ($php_found);
 	}
 	/**
 	* The all seeing all doing compile method. Parts are inspired by or directly from Smarty
 	* @access: private
@ -86,8 +169,13 @@ class template_compile
 		// php is a no-no. There is a potential issue here in that non-php
 		// content may be removed ... however designers should use entities
 		// if they wish to display < and >
-		$match_php_tags = array('#\<\?php .*?\?\>#is', '#\<\script language="php"\>.*?\<\/script\>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
+/*
 		$match_php_tags = array('#\<\?php.*?\?\>#is', '#<[^\w<]*(script)(((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?(language[^<>\'"]+("[^"]*php[^"]*"|\'[^\']*php[^\']*\'))((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?)?>.*?</script>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s');
 		$code = preg_replace($match_php_tags, '', $code);
 */
 		// An alternative to the above would be calling this function which would be the ultimate solution but also has its drawbacks.
 		$this->remove_php_tags($code);
 		// Pull out all block/statement level elements and seperate plain text
 		preg_match_all('#<!-- PHP -->(.*?)<!-- ENDPHP -->#s', $code, $matches);
@ -464,7 +552,7 @@ class template_compile
 	{
 		preg_match('#^((?:[a-z0-9\-_]+\.)+)?\$(?=[A-Z])([A-Z0-9_\-]*)(?: = (\'?)([^\']*)(\'?))?$#', $tag_args, $match);
-		if (empty($match[2]) || (empty($match[4]) && $op))
+		if (empty($match[2]) || (!isset($match[4]) && $op))
 		{
 			return;
 		}
--- a/phpBB/includes/functions_transfer.php
+++ b/phpBB/includes/functions_transfer.php
@ -245,7 +245,7 @@ class ftp extends transfer
 		// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (/ at the end)
 		$this->root_path	= str_replace('\\', '/', $this->root_path);
-		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
+		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . $root_path . ((substr($root_path, -1, 1) == '/') ? '' : '/');
 		// Init some needed values
 		transfer::transfer();
@ -321,7 +321,7 @@ class ftp extends transfer
 	}
 	/**
-	* Remove directory (RMDIR)
+	* Rename file
 	* @access: private
 	*/
 	function _rename($old_handle, $new_handle)
@ -460,7 +460,7 @@ class ftp_fsock extends transfer
 		// Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end)
 		$this->root_path	= str_replace('\\', '/', $this->root_path);
-		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path;
+		$this->root_path	= (($root_path{0} != '/' ) ? '/' : '') . $root_path . ((substr($root_path, -1, 1) == '/') ? '' : '/');
 		// Init some needed values
 		transfer::transfer();
@ -542,6 +542,16 @@ class ftp_fsock extends transfer
 		return $this->_send_command('RMD', $dir);
 	}
 	/**
 	* Rename File
 	* @access: private
 	*/
 	function _rename($old_handle, $new_handle)
 	{
 		$this->_send_command('RNFR', $old_handle);
 		return $this->_send_command('RNTO', $new_handle);
 	}
 	/**
 	* Change current working directory (CHDIR)
 	* @access: private
@ -562,7 +572,7 @@ class ftp_fsock extends transfer
 	*/
 	function _chmod($file, $perms)
 	{
-		return $this->_send_command('SITE CHMOD', $perms . ' ' . $file);;
+		return $this->_send_command('SITE CHMOD', $perms . ' ' . $file);
 	}
 	/**
@ -579,19 +589,19 @@ class ftp_fsock extends transfer
 			return false;
 		}
 		$this->_putcmd('STOR', $to_file, false);
 		// open the connection to send file over
 		if (!$this->_open_data_connection())
 		{
 			return false;
 		}
 		$this->_send_command('STOR', $to_file, false);
 		// send the file
 		$fp = @fopen($from_file, 'rb');
 		while (!@feof($fp))
 		{
-			@fwrite($$this->data_connection, @fread($fp, 4096));
+			@fwrite($this->data_connection, @fread($fp, 4096));
 		}
 		@fclose($fp);
@ -710,7 +720,7 @@ class ftp_fsock extends transfer
 		{
 			return false;
 		}
-		@stream_set_timeout($$this->data_connection, $this->timeout);
+		@stream_set_timeout($this->data_connection, $this->timeout);
 		return true;
 	}
@ -721,7 +731,7 @@ class ftp_fsock extends transfer
 	*/
 	function _close_data_connection()
 	{
-		return @fclose($this->data_connecton);
+		return @fclose($this->data_connection);
 	}
 	/**
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -34,14 +34,16 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
 		$$which_ary = array($$which_ary);
 	}
-	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary);
+	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary;
 	unset($$which_ary);
 	$user_id_ary = $username_ary = array();
 	// Grab the user id/username records
 	$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username';
 	$sql = 'SELECT user_id, username
-		FROM ' . USERS_TABLE . "
+		FROM ' . USERS_TABLE . '
-		WHERE $sql_where IN (" . implode(', ', $sql_in) . ')';
+		WHERE ' . $db->sql_in_set($sql_where, $sql_in);
 	$result = $db->sql_query($sql);
 	if (!($row = $db->sql_fetchrow($result)))
@ -50,7 +52,6 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
 		return 'NO_USERS';
 	}
 	$user_id_ary = $username_ary = array();
 	do
 	{
 		$username_ary[$row['user_id']] = $row['username'];
@ -115,7 +116,7 @@ function user_update_name($old_name, $new_name)
 	if ($config['newest_username'] == $old_name)
 	{
-		set_config('newest_username', $new_name);
+		set_config('newest_username', $new_name, true);
 	}
 }
@ -140,10 +141,14 @@ function user_add($user_row, $cp_data = false)
 		'user_type'			=> $user_row['user_type'],
 	);
 	/**
 	* @todo user_allow_email is not used anywhere. Think about removing it.
 	*/
 	// These are the additional vars able to be specified
 	$additional_vars = array(
 		'user_permissions'	=> '',
-		'user_timezone'		=> 0,
+		'user_timezone'		=> $config['board_timezone'],
 		'user_dateformat'	=> $config['default_dateformat'],
 		'user_lang'			=> $config['default_lang'],
 		'user_style'		=> $config['default_style'],
@ -181,7 +186,7 @@ function user_add($user_row, $cp_data = false)
 		'user_sig'					=> '',
 		'user_sig_bbcode_uid'		=> '',
-		'user_sig_bbcode_bitfield'	=> 0,
+		'user_sig_bbcode_bitfield'	=> '',
 	);
 	// Now fill the sql array with not required variables
@ -202,8 +207,6 @@ function user_add($user_row, $cp_data = false)
 		}
 	}
 	$db->sql_transaction('begin');
 	$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 	$db->sql_query($sql);
@ -232,7 +235,16 @@ function user_add($user_row, $cp_data = false)
 	);
 	$db->sql_query($sql);
-	$db->sql_transaction('commit');
+	// Now make it the users default group...
 	group_set_user_default($user_row['group_id'], array($user_id));
 	// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
 	if ($user_row['user_type'] == USER_NORMAL)
 	{
 		set_config('newest_user_id', $user_id, true);
 		set_config('newest_username', $user_row['username'], true);
 		set_config('num_users', $config['num_users'] + 1, true);
 	}
 	return $user_id;
 }
@ -295,7 +307,7 @@ function user_delete($mode, $user_id, $post_username = false)
 			{
 				$sql = 'SELECT topic_id, topic_replies, topic_replies_real
 					FROM ' . TOPICS_TABLE . '
-					WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
 				$result = $db->sql_query($sql);
 				$del_topic_ary = array();
@ -311,7 +323,7 @@ function user_delete($mode, $user_id, $post_username = false)
 				if (sizeof($del_topic_ary))
 				{
 					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-						WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
+						WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
 					$db->sql_query($sql);
 				}
 			}
@ -322,7 +334,7 @@ function user_delete($mode, $user_id, $post_username = false)
 		break;
 	}
-	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE);
+	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE);
 	foreach ($table_ary as $table)
 	{
@ -339,6 +351,9 @@ function user_delete($mode, $user_id, $post_username = false)
 	set_config('num_users', $config['num_users'] - 1, true);
 	// Adjust last post info...
 	$db->sql_transaction('commit');
 	return false;
@ -369,10 +384,12 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
 		WHERE user_id = $user_id";
 	$result = $db->sql_query($sql);
 	$group_name = ($user_type == USER_NORMAL) ? 'REGISTERED' : 'INACTIVE';
 	while ($row = $db->sql_fetchrow($result))
 	{
-		if ($group_name = array_search($row['group_id'], $group_id_ary))
+		if ($name = array_search($row['group_id'], $group_id_ary))
 		{
 			$group_name = $name;
 			break;
 		}
 	}
@ -472,6 +489,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 		$ban_end = 0;
 	}
 	$founder = array();
 	if (!$ban_exclude)
 	{
 		// Create a list of founder...
 		$sql = 'SELECT user_id, user_email
 			FROM ' . USERS_TABLE . '
 			WHERE user_type = ' . USER_FOUNDER;
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$founder[$row['user_id']] = $row['user_email'];
 		}
 		$db->sql_freeresult($result);
 	}
 	$banlist_ary = array();
 	switch ($mode)
@ -494,14 +528,25 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 					$username = trim($username);
 					if ($username != '')
 					{
-						$sql_usernames[] = "'" . $db->sql_escape($username) . "'";
+						$sql_usernames[] = strtolower($username);
 					}
 				}
-				$sql_usernames = implode(', ', $sql_usernames);
+
 				// Make sure we have been given someone to ban
 				if (!sizeof($sql_usernames))
 				{
 					trigger_error($user->lang['NO_USER_SPECIFIED']);
 				}
 				$sql = 'SELECT user_id
 					FROM ' . USERS_TABLE . '
-					WHERE username IN (' . $sql_usernames . ')';
+					WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames);
 				if (sizeof($founder))
 				{
 					$sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true);
 				}
 				$result = $db->sql_query($sql);
 				if ($row = $db->sql_fetchrow($result))
@ -618,9 +663,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			foreach ($ban_list as $ban_item)
 			{
-				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item)))
+				$ban_item = trim($ban_item);
 				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
 				{
-					$banlist_ary[] = trim($ban_item);
+					if (!sizeof($founder) || !in_array($ban_item, $founder))
 					{
 						$banlist_ary[] = $ban_item;
 					}
 				}
 			}
@ -711,17 +761,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			switch ($mode)
 			{
 				case 'user':
-					$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE session_user_id IN (' . implode(', ', $banlist_ary) . ')';
+					$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
 				break;
 				case 'ip':
-					$banlist_ary_sql = array();
+					$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
 					foreach ($banlist_ary as $ban_entry)
 					{
 						$banlist_ary_sql[] = "'" . $db->sql_escape($ban_entry) . "'";
 					}
 					$sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_ary_sql) . ')';
 				break;
 				case 'email':
@ -729,12 +773,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 					foreach ($banlist_ary as $ban_entry)
 					{
-						$banlist_ary_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'";
+						$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
 					}
 					$sql = 'SELECT user_id
 						FROM ' . USERS_TABLE . '
-						WHERE user_email IN (' . implode(', ', $banlist_ary_sql) . ')';
+						WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
 					$result = $db->sql_query($sql);
 					$sql_in = array();
@ -747,7 +791,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 						}
 						while ($row = $db->sql_fetchrow($result));
-						$sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")";
+						$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
 					}
 					$db->sql_freeresult($result);
 				break;
@ -758,12 +802,19 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
 					$sql_where";
 				$db->sql_query($sql);
 				if ($mode == 'user')
 				{
 					$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
 					$db->sql_query($sql);
 				}
 			}
 		}
 		// Update log
 		$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
 		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
 		return true;
 	}
@ -789,30 +840,30 @@ function user_unban($mode, $ban)
 		$ban = array($ban);
 	}
-	$unban_sql = implode(', ', array_map('intval', $ban));
+	$unban_sql = array_map('intval', $ban);
-	if ($unban_sql)
+	if (sizeof($unban_sql))
 	{
 		// Grab details of bans for logging information later
 		switch ($mode)
 		{
 			case 'user':
 				$sql = 'SELECT u.username AS unban_info
-					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b
+					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
-					WHERE b.ban_id IN ($unban_sql)
+					WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
-						AND u.user_id = b.ban_userid";
+						AND u.user_id = b.ban_userid';
 			break;
 			case 'email':
 				$sql = 'SELECT ban_email AS unban_info
-					FROM ' . BANLIST_TABLE . "
+					FROM ' . BANLIST_TABLE . '
-					WHERE ban_id IN ($unban_sql)";
+					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
 			break;
 			case 'ip':
 				$sql = 'SELECT ban_ip AS unban_info
-					FROM ' . BANLIST_TABLE . "
+					FROM ' . BANLIST_TABLE . '
-					WHERE ban_id IN ($unban_sql)";
+					WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
 			break;
 		}
 		$result = $db->sql_query($sql);
@ -824,8 +875,8 @@ function user_unban($mode, $ban)
 		}
 		$db->sql_freeresult($result);
-		$sql = 'DELETE FROM ' . BANLIST_TABLE . "
+		$sql = 'DELETE FROM ' . BANLIST_TABLE . '
-			WHERE ban_id IN ($unban_sql)";
+			WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
 		$db->sql_query($sql);
 		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
@ -912,6 +963,8 @@ function validate_data($data, $val_ary)
 /**
 * Validate String
 *
 * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_string($string, $optional = false, $min = 0, $max = 0)
 {
@ -934,6 +987,8 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
 /**
 * Validate Number
 *
 * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 {
@ -956,6 +1011,8 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 /**
 * Validate Match
 *
 * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_match($string, $optional = false, $match)
 {
@ -976,6 +1033,8 @@ function validate_match($string, $optional = false, $match)
 * Check to see if the username has been taken, or if it is disallowed.
 * Also checks if it includes the " character, which we don't allow in usernames.
 * Used for registering, changing names, and posting anonymously with a username
 *
 * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_username($username)
 {
@ -1048,6 +1107,8 @@ function validate_username($username)
 /**
 * Check to see if email address is banned or already present in the DB
 *
 * @return	boolean|string	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
 function validate_email($email)
 {
@ -1058,12 +1119,12 @@ function validate_email($email)
 		return false;
 	}
-	if (!preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email))
+	if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
 	{
 		return 'EMAIL_INVALID';
 	}
-	if ($user->check_ban('', '', $email, true) == true)
+	if ($user->check_ban(false, false, $email, true) == true)
 	{
 		return 'EMAIL_BANNED';
 	}
@ -1122,7 +1183,7 @@ function avatar_remote($data, &$error)
 	// Make sure getimagesize works...
 	if (($image_data = @getimagesize($data['remotelink'])) === false)
 	{
-		$error[] = $user->lang['AVATAR_URL_INVALID'];
+		$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
 		return false;
 	}
@ -1202,7 +1263,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 	if (!file_exists($path) || !is_dir($path))
 	{
-		$avatar_list = array($user->lang['NONE'] => array());
+		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
 	}
 	else
 	{
@ -1242,7 +1303,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 	if (!sizeof($avatar_list))
 	{
-		$avatar_list = array($user->lang['NONE'] => array());
+		$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
 	}
 	@ksort($avatar_list);
@ -1336,14 +1397,14 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 			'group_name'			=> (string) $name,
 			'group_desc'			=> (string) $desc,
 			'group_desc_uid'		=> '',
-			'group_desc_bitfield'	=> 0,
+			'group_desc_bitfield'	=> '',
 			'group_type'			=> (int) $type,
 		);
 		// Parse description
 		if ($desc)
 		{
-			generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
+			generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
 		}
 		if (sizeof($group_attributes))
@ -1361,6 +1422,8 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
 		// Setting the log message before we set the group id (if group gets added)
 		$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
 		$query = '';
 		if ($group_id)
 		{
 			$sql = 'UPDATE ' . GROUPS_TABLE . '
@ -1484,6 +1547,9 @@ function group_delete($group_id, $group_name = false)
 		WHERE group_id = $group_id";
 	$db->sql_query($sql);
 	// Re-cache moderators
 	cache_moderators();
 	add_log('admin', 'LOG_GROUP_DELETE', $group_name);
 	return 'GROUP_DELETED';
@ -1497,9 +1563,9 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 	global $db, $auth;
 	// We need both username and user_id info
-	user_get_id_name($user_id_ary, $username_ary);
+	$result = user_get_id_name($user_id_ary, $username_ary);
-	if (!sizeof($user_id_ary))
+	if (!sizeof($user_id_ary) || $result !== false)
 	{
 		return 'NO_USER';
 	}
@ -1507,7 +1573,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 	// Remove users who are already members of this group
 	$sql = 'SELECT user_id, group_leader
 		FROM ' . USER_GROUP_TABLE . '
-		WHERE user_id IN (' . implode(', ', $user_id_ary) . ")
+		WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
 			AND group_id = $group_id";
 	$result = $db->sql_query($sql);
@ -1563,7 +1629,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 	{
 		$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 			SET group_leader = 1
-			WHERE user_id IN (' . implode(', ', $update_id_ary) . ")
+			WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
 				AND group_id = $group_id";
 		$db->sql_query($sql);
 	}
@ -1600,16 +1666,16 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
 	// We need both username and user_id info
-	user_get_id_name($user_id_ary, $username_ary);
+	$result = user_get_id_name($user_id_ary, $username_ary);
-	if (!sizeof($user_id_ary))
+	if (!sizeof($user_id_ary) || $result !== false)
 	{
 		return 'NO_USER';
 	}
 	$sql = 'SELECT *
 		FROM ' . GROUPS_TABLE . '
-		WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')';
+		WHERE ' . $db->sql_in_set('group_name', $group_order);
 	$result = $db->sql_query($sql);
 	$group_order_id = $special_group_data = array();
@ -1638,7 +1704,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
 	$sql = 'SELECT user_id, group_id
 		FROM ' . USERS_TABLE . '
-		WHERE user_id IN (' . implode(', ', $user_id_ary) . ")";
+		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
 	$result = $db->sql_query($sql);
 	$default_groups = array();
@ -1651,7 +1717,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	// What special group memberships exist for these users?
 	$sql = 'SELECT g.group_id, g.group_name, ug.user_id
 		FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
-		WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ")
+		WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
 			AND g.group_id = ug.group_id
 			AND g.group_id <> $group_id
 			AND g.group_type = " . GROUP_SPECIAL . '
@ -1687,7 +1753,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 				// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
 				$sql = 'SELECT user_id, user_avatar
 					FROM ' . USERS_TABLE . '
-					WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')
+					WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]) . '
 						AND user_avatar_type = ' . AVATAR_UPLOAD;
 				$result = $db->sql_query($sql);
@ -1699,7 +1765,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 			}
 			$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . '
-				WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')';
+				WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]);
 			$db->sql_query($sql);
 		}
 	}
@ -1707,7 +1773,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
 		WHERE group_id = $group_id
-			AND user_id IN (" . implode(', ', $user_id_ary) . ')';
+			AND " . $db->sql_in_set('user_id', $user_id_ary);
 	$db->sql_query($sql);
 	// Clear permissions cache of relevant users
@ -1733,9 +1799,9 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 	global $db, $auth, $phpbb_root_path, $phpEx, $config;
 	// We need both username and user_id info
-	user_get_id_name($user_id_ary, $username_ary);
+	$result = user_get_id_name($user_id_ary, $username_ary);
-	if (!sizeof($user_id_ary))
+	if (!sizeof($user_id_ary) || $result !== false)
 	{
 		return false;
 	}
@ -1752,7 +1818,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . '
 				SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
 				WHERE group_id = $group_id
-					AND user_id IN (" . implode(', ', $user_id_ary) . ')';
+					AND " . $db->sql_in_set('user_id', $user_id_ary);
 			$db->sql_query($sql);
 			$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
@ -1765,7 +1831,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 				WHERE ug.group_id = ' . $group_id . '
 					AND ug.user_pending = 1
 					AND ug.user_id = u.user_id
-					AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')';
+					AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
 			$result = $db->sql_query($sql);
 			$user_id_ary = $email_users = array();
@ -1784,7 +1850,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 			$sql = 'UPDATE ' . USER_GROUP_TABLE . "
 				SET user_pending = 0
 				WHERE group_id = $group_id
-					AND user_id IN (" . implode(', ', $user_id_ary) . ')';
+					AND " . $db->sql_in_set('user_id', $user_id_ary);
 			$db->sql_query($sql);
 			// Send approved email to users...
@ -1840,7 +1906,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 {
 	global $db;
-	if (!$user_id_ary)
+	if (empty($user_id_ary))
 	{
 		return;
 	}
@ -1890,7 +1956,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 		// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
 		$sql = 'SELECT user_id, user_avatar
 			FROM ' . USERS_TABLE . '
-			WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
+			WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
 				AND user_avatar_type = ' . AVATAR_UPLOAD;
 		$result = $db->sql_query($sql);
@ -1902,7 +1968,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
 	}
 	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
-		WHERE user_id IN (' . implode(', ', $user_id_ary) . ')';
+		WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
 	$db->sql_query($sql);
 }
@ -1943,22 +2009,29 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_
 		return true;
 	}
 	if ($user_id_ary)
 	{
 		$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
 	}
 	if ($group_id_ary)
 	{
 		$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
 	}
 	$sql = 'SELECT ug.*, u.username, u.user_email
 		FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
 		WHERE ug.user_id = u.user_id AND ';
-	if ($group_id_ary && $user_id_ary)
+	if ($group_id_ary)
 	{
-		$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary") . "
+		$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
 				AND ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
 	}
-	else if ($group_id_ary)
+
 	if ($user_id_ary)
 	{
-		$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary");
+		$sql .= ($group_id_ary) ? ' AND ' : ' ';
-	}
+		$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
 	else if ($user_id_ary)
 	{
 		$sql .= " ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
 	}
 	$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
--- a/phpBB/includes/mcp/mcp_forum.php
+++ b/phpBB/includes/mcp/mcp_forum.php
@ -16,6 +16,8 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	global $template, $db, $user, $auth, $cache;
 	global $phpEx, $phpbb_root_path, $config;
 	include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 	$url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url());
 	if ($action == 'merge_select')
@ -61,10 +63,10 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	$template->assign_vars(array(
 		'FORUM_NAME'			=> $forum_info['forum_name'],
-		'FORUM_DESCRIPTION'		=> generate_text_for_display($forum_info['forum_desc'], $forum_info['forum_desc_uid'], $forum_info['forum_desc_bitfield']),
+		'FORUM_DESCRIPTION'		=> generate_text_for_display($forum_info['forum_desc'], $forum_info['forum_desc_uid'], $forum_info['forum_desc_bitfield'], $forum_info['forum_desc_options']),
-		'REPORTED_IMG'			=> $user->img('icon_reported', 'TOPIC_REPORTED'),
+		'REPORTED_IMG'			=> $user->img('icon_topic_reported', 'TOPIC_REPORTED'),
-		'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', 'TOPIC_UNAPPROVED'),
+		'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', 'TOPIC_UNAPPROVED'),
 		'S_CAN_DELETE'			=> $auth->acl_get('m_delete', $forum_id),
 		'S_CAN_MOVE'			=> $auth->acl_get('m_move', $forum_id),
@ -107,56 +109,11 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	{
 		$topic_title = '';
-		if ($row['topic_status'] == ITEM_LOCKED)
+		$replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies'];
 		{
 			$folder_img = 'folder_locked';
 			$folder_alt = 'VIEW_TOPIC_LOCKED';
 		}
 		else
 		{
 			if ($row['topic_type'] == POST_ANNOUNCE || $row['topic_type'] == POST_GLOBAL)
 			{
 				$folder_img = 'folder_announce';
 				$folder_alt = 'VIEW_TOPIC_ANNOUNCEMENT';
 			}
 			else if ($row['topic_type'] == POST_STICKY)
 			{
 				$folder_img = 'folder_sticky';
 				$folder_alt = 'VIEW_TOPIC_STICKY';
 			}
 			else if ($row['topic_status'] == ITEM_MOVED)
 			{
 				$folder_img = 'folder_moved';
 				$folder_alt = 'VIEW_TOPIC_MOVED';
 			}
 			else
 			{
 				$folder_img = 'folder';
 				$folder_alt = 'NO_NEW_POSTS';
 			}
 		}
-		if ($row['topic_type'] == POST_ANNOUNCE || $row['topic_type'] == POST_GLOBAL)
+		// Get folder img, topic status/type related informations
-		{
+		$folder_img = $folder_alt = $topic_type = '';
-			$topic_type = $user->lang['VIEW_TOPIC_ANNOUNCEMENT'] . ' ';
+		topic_status($row, $replies, false, $folder_img, $folder_alt, $topic_type);
 		}
 		else if ($row['topic_type'] == POST_STICKY)
 		{
 			$topic_type = $user->lang['VIEW_TOPIC_STICKY'] . ' ';
 		}
 		else if ($row['topic_status'] == ITEM_MOVED)
 		{
 			$topic_type = $user->lang['VIEW_TOPIC_MOVED'] . ' ';
 		}
 		else
 		{
 			$topic_type = '';
 		}
 		if (intval($row['poll_start']))
 		{
 			$topic_type .= $user->lang['VIEW_TOPIC_POLL'] . ' ';
 		}
 		$topic_title = censor_text($row['topic_title']);
@ -172,13 +129,13 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 			'U_MCP_QUEUE'		=> $u_mcp_queue,
 			'U_MCP_REPORT'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=topic_view&amp;t=' . $row['topic_id'] . '&amp;action=reports'),
-			'ATTACH_ICON_IMG'		=> ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
+			'ATTACH_ICON_IMG'		=> ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
 			'TOPIC_FOLDER_IMG'		=> $user->img($folder_img, $folder_alt),
 			'TOPIC_FOLDER_IMG_SRC'	=> $user->img($folder_img, $folder_alt, false, '', 'src'),
 			'TOPIC_ICON_IMG'		=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['img'] : '',
 			'TOPIC_ICON_IMG_WIDTH'	=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '',
 			'TOPIC_ICON_IMG_HEIGHT'	=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '',
-			'UNAPPROVED_IMG'		=> ($topic_unapproved || $posts_unapproved) ? $user->img('icon_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
+			'UNAPPROVED_IMG'		=> ($topic_unapproved || $posts_unapproved) ? $user->img('icon_topic_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
 			'TOPIC_TYPE'		=> $topic_type,
 			'TOPIC_TITLE'		=> $topic_title,
@ -220,7 +177,7 @@ function mcp_resync_topics($topic_ids)
 	$sql = 'SELECT topic_id, forum_id, topic_title
 		FROM ' . TOPICS_TABLE . '
-		WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
+		WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 	$result = $db->sql_query($sql);
 	// Log this action
--- a/phpBB/includes/mcp/mcp_front.php
+++ b/phpBB/includes/mcp/mcp_front.php
@ -41,7 +41,7 @@ function mcp_front_view($id, $mode, $action)
 			$sql = 'SELECT forum_id, forum_name
 				FROM ' . FORUMS_TABLE . '
-				WHERE forum_id IN (' . implode(', ', $forum_list) . ')';
+				WHERE ' . $db->sql_in_set('forum_id', $forum_list);
 			$result = $db->sql_query($sql);
 			while ($row = $db->sql_fetchrow($result))
@ -54,7 +54,7 @@ function mcp_front_view($id, $mode, $action)
 				FROM ' . POSTS_TABLE . '
 				WHERE forum_id IN (0, ' . implode(', ', $forum_list) . ')
 					AND post_approved = 0
-				ORDER BY post_id DESC';
+				ORDER BY post_time DESC';
 			$result = $db->sql_query_limit($sql, 5);
 			while ($row = $db->sql_fetchrow($result))
@ -65,10 +65,10 @@ function mcp_front_view($id, $mode, $action)
 			$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
 				FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t,  ' . USERS_TABLE . ' u
-				WHERE p.post_id IN (' . implode(', ', $post_list) . ')
+				WHERE ' . $db->sql_in_set('p.post_id', $post_list) . '
 					AND t.topic_id = p.topic_id
 					AND p.poster_id = u.user_id
-				ORDER BY p.post_id DESC';
+				ORDER BY p.post_time DESC';
 			$result = $db->sql_query($sql);
 			while ($row = $db->sql_fetchrow($result))
@ -158,7 +158,7 @@ function mcp_front_view($id, $mode, $action)
 					AND r.user_id = u.user_id
 					AND p.forum_id IN (0, ' . implode(', ', $forum_list) . ')',
-				'ORDER_BY'	=> 'p.post_id DESC'
+				'ORDER_BY'	=> 'p.post_time DESC'
 			));
 			$result = $db->sql_query_limit($sql, 5);
--- a/phpBB/includes/mcp/mcp_logs.php
+++ b/phpBB/includes/mcp/mcp_logs.php
@ -43,8 +43,8 @@ class mcp_logs
 		// Set up general vars
 		$start		= request_var('start', 0);
-		$deletemark = (isset($_POST['del_marked'])) ? true : false;
+		$deletemark = ($action == 'del_marked') ? true : false;
-		$deleteall	= (isset($_POST['del_all'])) ? true : false;
+		$deleteall	= ($action == 'del_all') ? true : false;
 		$marked		= request_var('mark', array(0));
 		// Sort keys
@ -84,14 +84,14 @@ class mcp_logs
 					$sql_in[] = $mark;
 				}
-				$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+				$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 				unset($sql_in);
 			}
 			if ($where_sql || $deleteall)
 			{
 				$sql = 'DELETE FROM ' . LOG_TABLE . '
-					WHERE log_type = ' . LOD_MOD . "
+					WHERE log_type = ' . LOG_MOD . "
 					$where_sql";
 				$db->sql_query($sql);
@ -102,7 +102,7 @@ class mcp_logs
 		// Sorting
 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 		$sort_by_text = array('u' => $user->lang['SORT_USERNAME'], 't' => $user->lang['SORT_DATE'], 'i' => $user->lang['SORT_IP'], 'o' => $user->lang['SORT_ACTION']);
-		$sort_by_sql = array('u' => 'l.user_id', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
+		$sort_by_sql = array('u' => 'u.username', 't' => 'l.log_time', 'i' => 'l.log_ip', 'o' => 'l.log_operation');
 		$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 		gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@ -121,6 +121,8 @@ class mcp_logs
 			'TOTAL'				=> ($log_count == 1) ? $user->lang['TOTAL_LOG'] : sprintf($user->lang['TOTAL_LOGS'], $log_count),
 			'PAGINATION'		=> generate_pagination($this->u_action . "&amp;$u_sort_param", $log_count, $config['topics_per_page'], $start),
 			'L_TITLE'			=> $user->lang['MCP_LOGS'],
 			'U_POST_ACTION'			=> $this->u_action,
 			'S_CLEAR_ALLOWED'		=> ($auth->acl_get('a_clearlogs')) ? true : false,
 			'S_SELECT_SORT_DIR'		=> $s_sort_dir,
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@ -224,8 +224,8 @@ function lock_unlock($action, $ids)
 	if (confirm_box(true))
 	{
 		$sql = "UPDATE $table
-			SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . "
+			SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . '
-			WHERE $sql_id IN (" . implode(', ', $ids) . ")";
+			WHERE ' . $db->sql_in_set($sql_id, $ids);
 		$db->sql_query($sql);
 		$data = ($action == 'lock' || $action == 'unlock') ? get_topic_data($ids) : get_post_data($ids);
@ -311,7 +311,7 @@ function change_topic_type($action, $topic_ids)
 		{
 			$sql = 'UPDATE ' . TOPICS_TABLE . "
 				SET topic_type = $new_topic_type
-				WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
+				WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
 					AND forum_id <> 0';
 			$db->sql_query($sql);
@ -320,21 +320,62 @@ function change_topic_type($action, $topic_ids)
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . "
 					SET topic_type = $new_topic_type, forum_id = $forum_id
-						WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
+					WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
 						AND forum_id = 0';
 				$db->sql_query($sql);
 				// Update forum_ids for all posts
 				$sql = 'UPDATE ' . POSTS_TABLE . "
 					SET forum_id = $forum_id
 					WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
 						AND forum_id = 0';
 				$db->sql_query($sql);
 				sync('forum', 'forum_id', $forum_id);
 			}
 		}
 		else
 		{
 			// Get away with those topics already being a global announcement by re-calculating $topic_ids
 			$sql = 'SELECT topic_id
 				FROM ' . TOPICS_TABLE . '
 				WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
 					AND forum_id <> 0';
 			$result = $db->sql_query($sql);
 			$topic_ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$topic_ids[] = $row['topic_id'];
 			}
 			$db->sql_freeresult($result);
 			if (sizeof($topic_ids))
 			{
 				// Delete topic shadows for global announcements
 				$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 					WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
 				$db->sql_query($sql);
 				$sql = 'UPDATE ' . TOPICS_TABLE . "
 					SET topic_type = $new_topic_type, forum_id = 0
-				WHERE topic_id IN (" . implode(', ', $topic_ids) . ")";
+						WHERE " . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 				// Update forum_ids for all posts
 				$sql = 'UPDATE ' . POSTS_TABLE . '
 					SET forum_id = 0
 					WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
 				$db->sql_query($sql);
 				sync('forum', 'forum_id', $forum_id);
 			}
 		}
 		$success_msg = (sizeof($topic_ids) == 1) ? 'TOPIC_TYPE_CHANGED' : 'TOPICS_TYPE_CHANGED';
 		if (sizeof($topic_ids))
 		{
 			$data = get_topic_data($topic_ids);
 			foreach ($data as $topic_id => $row)
@ -342,6 +383,7 @@ function change_topic_type($action, $topic_ids)
 				add_log('mod', $forum_id, $topic_id, 'LOG_TOPIC_TYPE_CHANGED', $row['topic_title']);
 			}
 		}
 	}
 	else
 	{
 		confirm_box(false, $l_new_type, $s_hidden_fields);
@ -480,7 +522,7 @@ function mcp_move_topic($topic_ids)
 	else
 	{
 		$template->assign_vars(array(
-			'S_FORUM_SELECT'		=> make_forum_select($to_forum_id, $forum_id, false, true, true),
+			'S_FORUM_SELECT'		=> make_forum_select($to_forum_id, $forum_id, false, true, true, true),
 			'S_CAN_LEAVE_SHADOW'	=> true,
 			'ADDITIONAL_MSG'		=> $additional_msg)
 		);
@ -541,11 +583,7 @@ function mcp_delete_topic($topic_ids)
 			add_log('mod', $forum_id, 0, 'LOG_TOPIC_DELETED', $row['topic_title']);
 		}
-		$return = delete_topics('topic_id', $topic_ids, true);
+		$return = delete_topics('topic_id', $topic_ids);
 		/**
 		* @todo Adjust total post count (mcp_delete_topic)
 		*/
 	}
 	else
 	{
@ -602,7 +640,7 @@ function mcp_delete_post($post_ids)
 		$sql = 'SELECT DISTINCT topic_id
 			FROM ' . POSTS_TABLE . '
-			WHERE post_id IN (' . implode(', ', $post_ids) . ')';
+			WHERE ' . $db->sql_in_set('post_id', $post_ids);
 		$result = $db->sql_query($sql);
 		$topic_id_list = array();
@ -625,7 +663,7 @@ function mcp_delete_post($post_ids)
 		$sql = 'SELECT COUNT(topic_id) AS topics_left
 			FROM ' . TOPICS_TABLE . '
-			WHERE topic_id IN (' . implode(', ', $topic_id_list) . ')';
+			WHERE ' . $db->sql_in_set('topic_id', $topic_id_list);
 		$result = $db->sql_query_limit($sql, 1);
 		$deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics;
@ -809,7 +847,7 @@ function mcp_fork_topic($topic_ids)
 			$sql = 'SELECT *
 				FROM ' . POSTS_TABLE . "
 				WHERE topic_id = $topic_id
-				ORDER BY post_id ASC";
+				ORDER BY post_time ASC";
 			$result = $db->sql_query($sql);
 			$post_rows = array();
@ -848,7 +886,7 @@ function mcp_fork_topic($topic_ids)
 					'post_checksum'		=> (string) $row['post_checksum'],
 					'post_encoding'		=> (string) $row['post_encoding'],
 					'post_attachment'	=> (int) $row['post_attachment'],
-					'bbcode_bitfield'	=> (int) $row['bbcode_bitfield'],
+					'bbcode_bitfield'	=> $row['bbcode_bitfield'],
 					'bbcode_uid'		=> (string) $row['bbcode_uid'],
 					'post_edit_time'	=> (int) $row['post_edit_time'],
 					'post_edit_count'	=> (int) $row['post_edit_count'],
@ -880,7 +918,7 @@ function mcp_fork_topic($topic_ids)
 							'physical_filename'	=> (string) basename($attach_row['physical_filename']),
 							'real_filename'		=> (string) basename($attach_row['real_filename']),
 							'download_count'	=> (int) $attach_row['download_count'],
-							'comment'			=> (string) $attach_row['comment'],
+							'attach_comment'	=> (string) $attach_row['attach_comment'],
 							'extension'			=> (string) $attach_row['extension'],
 							'mimetype'			=> (string) $attach_row['mimetype'],
 							'filesize'			=> (int) $attach_row['filesize'],
@ -898,8 +936,8 @@ function mcp_fork_topic($topic_ids)
 		// Sync new topics, parent forums and board stats
 		sync('topic', 'topic_id', $new_topic_id_list, true);
 		sync('forum', 'forum_id', $to_forum_id, true);
-		set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list));
+		set_config('num_topics', $config['num_topics'] + sizeof($new_topic_id_list), true);
-		set_config('num_posts', $config['num_posts'] + $total_posts);
+		set_config('num_posts', $config['num_posts'] + $total_posts, true);
 		foreach ($new_topic_id_list as $topic_id => $new_topic_id)
 		{
--- a/phpBB/includes/mcp/mcp_notes.php
+++ b/phpBB/includes/mcp/mcp_notes.php
@ -68,7 +68,7 @@ class mcp_notes
 		global $template, $db, $user, $auth;
 		$user_id = request_var('u', 0);
-		$username = request_var('username', '', true);
+		$username = request_var('username', '');
 		$start = request_var('start', 0);
 		$st	= request_var('st', 0);
 		$sk	= request_var('sk', 'b');
@ -106,7 +106,7 @@ class mcp_notes
 				{
 					$sql_in[] = $mark;
 				}
-				$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+				$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
 				unset($sql_in);
 			}
@ -161,7 +161,7 @@ class mcp_notes
 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
 		$sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_IP'], 'd' => $user->lang['SORT_ACTION']);
-		$sort_by_sql = array('a' => 'l.user_id', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation');
+		$sort_by_sql = array('a' => 'l.username', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation');
 		$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
 		gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
@ -184,6 +184,7 @@ class mcp_notes
 					'REPORT_BY'		=> $row['username'],
 					'REPORT_AT'		=> $user->format_date($row['time']),
 					'ACTION'		=> $row['action'],
 					'IP'			=> $row['ip'],
 					'ID'			=> $row['id'])
 				);
 			}
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@ -59,7 +59,7 @@ function mcp_post_details($id, $mode, $action)
 			if ($action == 'chgposter')
 			{
-				$username = request_var('username', '', true);
+				$username = request_var('username', '');
 				$sql_where = "username = '" . $db->sql_escape($username) . "'";
 			}
 			else
@ -125,13 +125,15 @@ function mcp_post_details($id, $mode, $action)
 		'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;f=' . $post_info['forum_id'] . '&amp;p=' . $post_id),
 		'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']),
 		'U_MCP_WARN_USER'		=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']) : '',
 		'U_VIEW_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 		'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $post_info['user_id']) : '',
 		'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']),
 		'RETURN_TOPIC'			=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$post_info['forum_id']}&amp;p=$post_id") . "#p$post_id\">", '</a>'),
 		'RETURN_FORUM'			=> sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$post_info['forum_id']}&amp;start={$start}") . '">', '</a>'),
-		'REPORTED_IMG'			=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
+		'REPORTED_IMG'			=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
-		'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
+		'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
-		'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
+		'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
 		'POSTER_NAME'			=> $poster,
 		'POST_PREVIEW'			=> $message,
@ -334,31 +336,20 @@ function change_poster(&$post_info, $userdata)
 	$db->sql_query($sql);
 	// Resync topic/forum if needed
-	if ($post_info['topic_last_post_id'] == $post_id || $post_info['forum_last_post_id'] == $post_id)
+	if ($post_info['topic_last_post_id'] == $post_id || $post_info['forum_last_post_id'] == $post_id || $post_info['topic_first_post_id'] == $post_id)
 	{
 		sync('topic', 'topic_id', $post_info['topic_id'], false, false);
 		sync('forum', 'forum_id', $post_info['forum_id'], false, false);
 	}
 	// Adjust post counts
-	$auth_user_from = new auth();
+	if ($post_info['post_postcount'])
 	$auth_user_from->acl($post_info);
 	$auth_user_to = new auth();
 	$auth_user_to->acl($userdata);
 	// Decrease post count by one for the old user
 	if ($auth_user_from->acl_get('f_postcount', $post_info['forum_id']))
 	{
 		$sql = 'UPDATE ' . USERS_TABLE . '
 			SET user_posts = user_posts - 1
 			WHERE user_id = ' . $post_info['user_id'];
 		$db->sql_query($sql);
 	}
 	// Increase post count by one for the new user
 	if ($auth_user_to->acl_get('f_postcount', $post_info['forum_id']))
 	{
 		$sql = 'UPDATE ' . USERS_TABLE . '
 			SET user_posts = user_posts + 1
 			WHERE user_id = ' . $userdata['user_id'];
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@ -131,12 +131,14 @@ class mcp_queue
 					'U_MCP_REPORT'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;f=' . $post_info['forum_id'] . '&amp;p=' . $post_id),
 					'U_MCP_USER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']),
 					'U_MCP_WARN_USER'		=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']) : '',
 					'U_VIEW_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 					'U_VIEW_PROFILE'		=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $post_info['user_id']) : '',
 					'U_VIEW_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']),
 					'RETURN_QUEUE'			=> sprintf($user->lang['RETURN_QUEUE'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue' . (($topic_id) ? '&amp;mode=unapproved_topics' : '&amp;mode=unapproved_posts')) . "&amp;start=$start\">", '</a>'),
-					'REPORTED_IMG'			=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
+					'REPORTED_IMG'			=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
-					'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
+					'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
-					'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
+					'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
 					'POSTER_NAME'			=> $poster,
 					'POST_PREVIEW'			=> $message,
@ -179,6 +181,8 @@ class mcp_queue
 						$forum_list[] = $row['forum_id'];
 					}
 					$global_id = $forum_list[0];
 					if (!($forum_list = implode(', ', $forum_list)))
 					{
 						trigger_error('NOT_MODERATOR');
@ -190,8 +194,6 @@ class mcp_queue
 					$result = $db->sql_query($sql);
 					$forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics');
 					$db->sql_freeresult($result);
 					$global_id = $forum_list[0];
 				}
 				else
 				{
@ -248,11 +250,11 @@ class mcp_queue
 					if (sizeof($post_ids))
 					{
-						$sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_username, p.poster_id, p.post_time, u.username
+						$sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username
-							FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u
+							FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
-							WHERE p.post_id IN (" . implode(', ', $post_ids) . ")
+							WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
 								AND t.topic_id = p.topic_id
-								AND u.user_id = p.poster_id";
+								AND u.user_id = p.poster_id';
 						$result = $db->sql_query($sql);
 						$post_data = $rowset = array();
@ -279,7 +281,7 @@ class mcp_queue
 				}
 				else
 				{
-					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username
+					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, t.topic_title AS post_subject, t.topic_time AS post_time, t.topic_poster AS poster_id, t.topic_first_post_id AS post_id, t.topic_first_poster_name AS username
 						FROM ' . TOPICS_TABLE . " t
 						WHERE topic_approved = 0
 							AND forum_id IN (0, $forum_list)
@ -304,7 +306,7 @@ class mcp_queue
 					// Select the names for the forum_ids
 					$sql = 'SELECT forum_id, forum_name
 						FROM ' . FORUMS_TABLE . '
-						WHERE forum_id IN (' . implode(',', $forum_names) . ')';
+						WHERE ' . $db->sql_in_set('forum_id', $forum_names);
 					$result = $db->sql_query($sql, 3600);
 					$forum_names = array();
@ -334,15 +336,13 @@ class mcp_queue
 					$template->assign_block_vars('postrow', array(
 						'U_VIEWFORUM'		=> (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
-						// Q: Why accessing the topic by a post_id instead of its topic_id?
+						'U_VIEWPOST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
 						// A: To prevent the post from being hidden because of wrong encoding or different charset
 						'U_VIEWTOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''),
 						'U_VIEW_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&amp;start=$start&amp;mode=approve_details&amp;f={$row['forum_id']}&amp;p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&amp;t={$row['topic_id']}" : '')),
 						'U_VIEWPROFILE'		=> ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
 						'POST_ID'		=> $row['post_id'],
 						'FORUM_NAME'	=> (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
-						'TOPIC_TITLE'	=> $row['topic_title'],
+						'POST_SUBJECT'	=> $row['post_subject'],
 						'POSTER'		=> $poster,
 						'POST_TIME'		=> $user->format_date($row['post_time']))
 					);
@ -358,6 +358,7 @@ class mcp_queue
 					'S_FORUM_OPTIONS'		=> $forum_options,
 					'S_MCP_ACTION'			=> build_url(array('t', 'f', 'sd', 'st', 'sk')),
 					'S_TOPICS'				=> ($mode == 'unapproved_posts') ? false : true,
 					'PAGINATION'			=> generate_pagination($this->u_action . "&amp;f=$forum_id", $total, $config['topics_per_page'], $start),
 					'PAGE_NUMBER'			=> on_page($total, $config['topics_per_page'], $start),
@ -448,7 +449,7 @@ function approve_post($post_id_list, $mode)
 		{
 			$sql = 'UPDATE ' . TOPICS_TABLE . '
 				SET topic_approved = 1
-				WHERE topic_id IN (' . implode(', ', $topic_approve_sql) . ')';
+				WHERE ' . $db->sql_in_set('topic_id', $topic_approve_sql);
 			$db->sql_query($sql);
 		}
@ -456,7 +457,7 @@ function approve_post($post_id_list, $mode)
 		{
 			$sql = 'UPDATE ' . POSTS_TABLE . '
 				SET post_approved = 1
-				WHERE post_id IN (' . implode(', ', $post_approve_sql) . ')';
+				WHERE ' . $db->sql_in_set('post_id', $post_approve_sql);
 			$db->sql_query($sql);
 		}
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@ -61,20 +61,14 @@ class mcp_reports
 				$post_id = request_var('p', 0);
-				$post_info = get_post_data(array($post_id), 'm_approve');
+				// closed reports are accessed by report id
 				$report_id = request_var('r', 0);
-				if (!sizeof($post_info))
+				$sql = 'SELECT r.post_id, r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username
-				{
+					FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . ' u
-					trigger_error('NO_POST_SELECTED');
+					WHERE ' . (($report_id) ? 'r.report_id = ' . $report_id : "r.post_id = $post_id AND r.report_closed = 0") . '
 				}
 				$post_info = $post_info[$post_id];
 				$sql = 'SELECT r.user_id, r.report_closed, report_time, r.report_text, rr.reason_title, rr.reason_description, u.username
 					FROM ' . REPORTS_TABLE . ' r, ' . REPORTS_REASONS_TABLE . ' rr, ' . USERS_TABLE . " u
 					WHERE r.post_id = $post_id
 						AND rr.reason_id = r.reason_id
-						AND r.user_id = u.user_id";
+						AND r.user_id = u.user_id';
 				$result = $db->sql_query($sql);
 				$report = $db->sql_fetchrow($result);
 				$db->sql_freeresult($result);
@ -84,6 +78,20 @@ class mcp_reports
 					trigger_error('NO_POST_REPORT');
 				}
 				if ($report_id)
 				{
 					$post_id = $report['post_id'];
 				}
 				$post_info = get_post_data(array($post_id), 'm_report');
 				if (!sizeof($post_info))
 				{
 					trigger_error('NO_POST_SELECTED');
 				}
 				$post_info = $post_info[$post_id];
 				$reason = array('title' => $report['reason_title'], 'description' => $report['reason_description']);
 				if (isset($user->lang['report_reasons']['TITLE'][strtoupper($reason['title'])]) && isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($reason['title'])]))
 				{
@ -134,14 +142,16 @@ class mcp_reports
 					'U_MCP_USER_NOTES'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']),
 					'U_MCP_WARN_REPORTER'		=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $report['user_id']) : '',
 					'U_MCP_WARN_USER'			=> ($auth->acl_getf_global('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']) : '',
 					'U_VIEW_POST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
 					'U_VIEW_PROFILE'			=> ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $post_info['user_id']) : '',
 					'U_VIEW_REPORTER_PROFILE'	=> ($report['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $report['user_id']) : '',
 					'U_VIEW_TOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']),
-					'EDIT_IMG'				=> $user->img('btn_edit', $user->lang['EDIT_POST']),
+					'EDIT_IMG'				=> $user->img('icon_post_edit', $user->lang['EDIT_POST']),
-					'UNAPPROVED_IMG'		=> $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']),
+					'UNAPPROVED_IMG'		=> $user->img('icon_topic_unapproved', $user->lang['POST_UNAPPROVED']),
 					'RETURN_REPORTS'			=> sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&amp;mode=reports' : '&amp;mode=reports_closed') . '&amp;start=' . $start) . '">', '</a>'),
-					'REPORTED_IMG'				=> $user->img('icon_reported', $user->lang['POST_REPORTED']),
+					'REPORTED_IMG'				=> $user->img('icon_topic_reported', $user->lang['POST_REPORTED']),
 					'REPORT_REASON_TITLE'		=> $reason['title'],
 					'REPORT_REASON_DESCRIPTION'	=> $reason['description'],
 					'REPORTER_NAME'				=> ($report['user_id'] == ANONYMOUS) ? $user->lang['GUEST'] : $report['username'],
@ -181,22 +191,25 @@ class mcp_reports
 					$forum_id = $topic_info['forum_id'];
 				}
 				$forum_list = array();
 				if (!$forum_id)
 				{
 					$forum_list = array();
 					foreach ($forum_list_reports as $row)
 					{
 						$forum_list[] = $row['forum_id'];
 					}
-					if (!($forum_list = implode(', ', $forum_list)))
+					$global_id = $forum_list[0];
 					if (!sizeof($forum_list))
 					{
 						trigger_error('NOT_MODERATOR');
 					}
 					$sql = 'SELECT SUM(forum_topics) as sum_forum_topics
-						FROM ' . FORUMS_TABLE . "
+						FROM ' . FORUMS_TABLE . '
-						WHERE forum_id IN ($forum_list)";
+						WHERE ' . $db->sql_in_set('forum_id', $forum_list);
 					$result = $db->sql_query($sql);
 					$forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics');
 					$db->sql_freeresult($result);
@ -211,10 +224,11 @@ class mcp_reports
 					}
 					$forum_info = $forum_info[$forum_id];
-					$forum_list = $forum_id;
+					$forum_list = array($forum_id);
 					$global_id = $forum_id;
 				}
-				$forum_list .= ', 0';
+				$forum_list[] = 0;
 				$forum_data = array();
 				$forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>';
@ -242,9 +256,9 @@ class mcp_reports
 					$report_state = 'AND r.report_closed = 1';
 				}
-				$sql = 'SELECT p.post_id
+				$sql = 'SELECT r.report_id
-					FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . "
+					FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . '
-					WHERE p.forum_id IN ($forum_list)
+					WHERE ' . $db->sql_in_set('p.forum_id', $forum_list) . "
 						$report_state
 						AND r.post_id = p.post_id
 						" . (($sort_order_sql[0] == 'u') ? 'AND u.user_id = p.poster_id' : '') . '
@ -256,36 +270,28 @@ class mcp_reports
 				$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
 				$i = 0;
-				$post_ids = array();
+				$report_ids = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$post_ids[] = $row['post_id'];
+					$report_ids[] = $row['report_id'];
-					$row_num[$row['post_id']] = $i++;
+					$row_num[$row['report_id']] = $i++;
 				}
 				$db->sql_freeresult($result);
-				if (sizeof($post_ids))
+				if (sizeof($report_ids))
 				{
-					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time
+					$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time, r.report_id
-						FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u, ' . USERS_TABLE . " ru
+						FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . ' ru
-						WHERE p.post_id IN (" . implode(', ', $post_ids) . ")
+						WHERE ' . $db->sql_in_set('r.report_id', $report_ids) . '
 							AND t.topic_id = p.topic_id
 							AND r.post_id = p.post_id
 							AND u.user_id = p.poster_id
-							AND ru.user_id = r.user_id";
+							AND ru.user_id = r.user_id';
 					$result = $db->sql_query($sql);
-					$post_data = $rowset = array();
+					$report_data = $rowset = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$post_data[$row['post_id']] = $row;
 					}
 					$db->sql_freeresult($result);
 					foreach ($post_ids as $post_id)
 					{
 						$row = $post_data[$post_id];
 						if ($row['poster_id'] == ANONYMOUS)
 						{
 							$poster = (!empty($row['post_username'])) ? $row['post_username'] : $user->lang['GUEST'];
@ -295,16 +301,20 @@ class mcp_reports
 							$poster = $row['username'];
 						}
 						$global_topic = ($row['forum_id']) ? false : true;
 						if ($global_topic)
 						{
 							$row['forum_id'] = $global_id;
 						}
 						$template->assign_block_vars('postrow', array(
-							'U_VIEWFORUM'				=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
+							'U_VIEWFORUM'				=> (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
-							// Q: Why accessing the topic by a post_id instead of its topic_id?
+							'U_VIEWPOST'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . '#p' . $row['post_id'],
-							// A: To prevent the post from being hidden because of wrong encoding or different charset
+							'U_VIEW_DETAILS'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&amp;start=$start&amp;mode=report_details&amp;f={$row['forum_id']}&amp;r={$row['report_id']}"),
 							'U_VIEWTOPIC'				=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']) . '#p' . $row['post_id'],
 							'U_VIEW_DETAILS'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&amp;start=$start&amp;mode=report_details&amp;f={$forum_id}&amp;p={$row['post_id']}"),
 							'U_VIEW_POSTER_PROFILE'		=> ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']) : '',
 							'U_VIEW_REPORTER_PROFILE'	=> ($row['reporter_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['reporter_id']) : '',
-							'FORUM_NAME'	=> ($row['forum_id']) ? $forum_data[$row['forum_id']]['forum_name'] : $user->lang['ALL_FORUMS'],
+							'FORUM_NAME'	=> (!$global_topic) ? $forum_data[$row['forum_id']]['forum_name'] : $user->lang['GLOBAL_ANNOUNCEMENT'],
 							'POSTER'		=> $poster,
 							'POST_ID'		=> $row['post_id'],
 							'POST_SUBJECT'	=> $row['post_subject'],
@ -314,7 +324,8 @@ class mcp_reports
 							'TOPIC_TITLE'	=> $row['topic_title'])
 						);
 					}
-					unset($post_data, $post_ids, $row);
+					$db->sql_freeresult($result);
 					unset($report_ids, $row);
 				}
 				// Now display the page
@ -377,7 +388,7 @@ function close_report($post_id_list, $mode, $action)
 		$sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type
 			FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u
-			WHERE r.post_id IN (' . implode(',', array_keys($post_info)) . ')
+			WHERE ' . $db->sql_in_set('r.post_id', array_keys($post_info)) . '
 				' . (($action == 'close') ? 'AND r.report_closed = 0' : '') . '
 				AND r.user_id = u.user_id';
 		$result = $db->sql_query($sql);
@ -411,9 +422,9 @@ function close_report($post_id_list, $mode, $action)
 			// Get a list of topics that still contain reported posts
 			$sql = 'SELECT DISTINCT topic_id
 				FROM ' . POSTS_TABLE . '
-				WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')
+				WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
 					AND post_reported = 1
-					AND post_id NOT IN (' . implode(', ', $close_report_posts) . ')';
+					AND ' . $db->sql_in_set('post_id', $close_report_posts, true);
 			$result = $db->sql_query($sql);
 			$keep_report_topics = array();
@ -432,24 +443,27 @@ function close_report($post_id_list, $mode, $action)
 			{
 				$sql = 'UPDATE ' . REPORTS_TABLE . '
 					SET report_closed = 1
-					WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
 			}
 			else
 			{
 				$sql = 'DELETE FROM ' . REPORTS_TABLE . '
-					WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
+					WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
 			}
 			$db->sql_query($sql);
 			$sql = 'UPDATE ' . POSTS_TABLE . '
 				SET post_reported = 0
-				WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
+				WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
 			$db->sql_query($sql);
 			if (sizeof($close_report_topics))
 			{
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_reported = 0
-				WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')';
+					WHERE ' . $db->sql_in_set('topic_id', $close_report_topics);
 				$db->sql_query($sql);
 			}
 			$db->sql_transaction('commit');
 		}
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@ -88,11 +88,11 @@ function mcp_topic_view($id, $mode, $action)
 	$result = $db->sql_query_limit($sql, $posts_per_page, $start);
 	$rowset = array();
-	$bbcode_bitfield = 0;
+	$bbcode_bitfield = '';
 	while ($row = $db->sql_fetchrow($result))
 	{
 		$rowset[] = $row;
-		$bbcode_bitfield |= $row['bbcode_bitfield'];
+		$bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']);
 	}
 	$db->sql_freeresult($result);
@ -132,7 +132,7 @@ function mcp_topic_view($id, $mode, $action)
 			'POST_ID'		=> $row['post_id'],
 			'RETURN_TOPIC'	=> sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) . '">', '</a>'),
-			'MINI_POST_IMG'		=> ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_new', $user->lang['NEW_POST']) : $user->img('icon_post', $user->lang['POST']),
+			'MINI_POST_IMG'		=> ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_target_unread', $user->lang['NEW_POST']) : $user->img('icon_post_target', $user->lang['POST']),
 			'S_POST_REPORTED'	=> ($row['post_reported']) ? true : false,
 			'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true,
@ -186,11 +186,11 @@ function mcp_topic_view($id, $mode, $action)
 		'POSTS_PER_PAGE'	=> $posts_per_page,
 		'ACTION'			=> $action,
-		'REPORTED_IMG'		=> $user->img('icon_reported', 'POST_REPORTED', false, true),
+		'REPORTED_IMG'		=> $user->img('icon_topic_reported', 'POST_REPORTED', false, true),
-		'UNAPPROVED_IMG'	=> $user->img('icon_unapproved', 'POST_UNAPPROVED', false, true),
+		'UNAPPROVED_IMG'	=> $user->img('icon_topic_unapproved', 'POST_UNAPPROVED', false, true),
 		'S_MCP_ACTION'		=> "$url&amp;i=$id&amp;mode=$mode&amp;action=$action&amp;start=$start",
-		'S_FORUM_SELECT'	=> '<select name="to_forum_id">' . (($to_forum_id) ? make_forum_select($to_forum_id) : make_forum_select($topic_info['forum_id'])) . '</select>',
+		'S_FORUM_SELECT'	=> ($to_forum_id) ? make_forum_select($to_forum_id, false, false, true, true, true) : make_forum_select($topic_info['forum_id'], false, false, true, true, true),
 		'S_CAN_SPLIT'		=> ($auth->acl_get('m_split', $topic_info['forum_id'])) ? true : false,
 		'S_CAN_MERGE'		=> ($auth->acl_get('m_merge', $topic_info['forum_id'])) ? true : false,
 		'S_CAN_DELETE'		=> ($auth->acl_get('m_delete', $topic_info['forum_id'])) ? true : false,
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@ -188,6 +188,7 @@ function mcp_warn_post_view($id, $mode, $action)
 	global $template, $db, $user, $auth;
 	$post_id = request_var('p', 0);
 	$forum_id = request_var('f', 0);
 	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
 	$warning = request_var('warning', '', true);
@ -210,6 +211,12 @@ function mcp_warn_post_view($id, $mode, $action)
 		trigger_error($user->lang['CANNOT_WARN_ANONYMOUS']);
 	}
 	// Prevent someone from warning themselves
 	if ($userrow['user_id'] == $user->data['user_id'])
 	{
 		trigger_error($user->lang['CANNOT_WARN_SELF']);
 	}
 	// Check if there is already a warning for this post to prevent multiple
 	// warnings for the same offence
 	$sql = 'SELECT post_id
@ -290,6 +297,8 @@ function mcp_warn_post_view($id, $mode, $action)
 		'AVATAR_IMG'		=> $avatar_img,
 		'RANK_IMG'			=> $rank_img,
 		'L_WARNING_POST_DEFAULT'	=> sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&amp;p=$post_id"),
 		)
 	);
 }
@ -303,7 +312,7 @@ function mcp_warn_user_view($id, $mode, $action)
 	global $template, $db, $user, $auth;
 	$user_id = request_var('u', 0);
-	$username = request_var('username', '', true);
+	$username = request_var('username', '');
 	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
 	$warning = request_var('warning', '', true);
@ -321,6 +330,12 @@ function mcp_warn_user_view($id, $mode, $action)
 		trigger_error('NO_USER');
 	}
 	// Prevent someone from warning themselves
 	if ($userrow['user_id'] == $user->data['user_id'])
 	{
 		trigger_error($user->lang['CANNOT_WARN_SELF']);
 	}
 	$user_id = $userrow['user_id'];
 	if ($warning && $action == 'add_warning')
@ -401,7 +416,7 @@ function add_warning($userrow, $warning, $send_pm = true, $post_id = 0)
 			'enable_smilies'		=> true,
 			'enable_urls'			=> false,
 			'icon_id'				=> 0,
-			'bbcode_bitfield'		=> (int) $message_parser->bbcode_bitfield,
+			'bbcode_bitfield'		=> $message_parser->bbcode_bitfield,
 			'bbcode_uid'			=> $message_parser->bbcode_uid,
 			'message'				=> $message_parser->message,
 			'address_list'			=> array('u' => array($userrow['user_id'] => 'to')),
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@ -43,7 +43,9 @@ class bbcode_firstpass extends bbcode
 		}
 		global $user;
-		$this->bbcode_bitfield = 0;
+
 		$this->bbcode_bitfield = '';
 		$bitfield = new bitfield();
 		$size = strlen($this->message);
 		foreach ($this->bbcodes as $bbcode_name => $bbcode_data)
@ -72,10 +74,29 @@ class bbcode_firstpass extends bbcode
 			$new_size = strlen($this->message);
 			if ($size != $new_size)
 			{
-				$this->bbcode_bitfield |= (1 << $bbcode_data['bbcode_id']);
+				$bitfield->set($bbcode_data['bbcode_id']);
 				$size = $new_size;
 			}
 		}
 		$this->bbcode_bitfield = $bitfield->get_base64();
 	}
 	/**
 	* Prepare some bbcodes for better parsing
 	*/
 	function prepare_bbcodes()
 	{
 		// Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.)
 		if (strpos($this->message, '[quote') !== false)
 		{
 			$in = str_replace("\r\n", "\n", $this->message);
 			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
 			$this->message = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message);
 		}
 		// Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...)
 	}
 	/**
@ -97,7 +118,7 @@ class bbcode_firstpass extends bbcode
 			'url'			=> array('bbcode_id' => 3,	'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")),
 			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](https?://)([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)\[/img\]#ie' => "\$this->bbcode_img('\$1\$2')")),
 			'size'			=> array('bbcode_id' => 5,	'regexp' => array('#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")),
-			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
+			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9A-Fa-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
 			'u'				=> array('bbcode_id' => 7,	'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")),
 			'list'			=> array('bbcode_id' => 9,	'regexp' => array('#\[list(=[a-z|0-9|(?:disc|circle|square))]+)?\].*\[/list\]#ise' => "\$this->bbcode_parse_list('\$0')")),
 			'email'			=> array('bbcode_id' => 10,	'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")),
@ -147,7 +168,7 @@ class bbcode_firstpass extends bbcode
 		$in = str_replace("\r\n", "\n", str_replace('\"', '"', $in));
 		// Trimming here to make sure no empty bbcodes are parsed accidently
-		if (!trim($in))
+		if (trim($in) == '')
 		{
 			return false;
 		}
@ -389,12 +410,11 @@ class bbcode_firstpass extends bbcode
 			switch (strtolower($stx))
 			{
 				case 'php':
 					$code = trim($code);
 					$remove_tags = false;
 					$code = str_replace(array('&lt;', '&gt;'), array('<', '>'), $code);
-					if (!preg_match('/^\<\?.*?\?\>/is', $code))
+					if (!preg_match('/\<\?.*?\?\>/is', $code))
 					{
 						$remove_tags = true;
 						$code = "<?php $code ?>";
@ -417,7 +437,7 @@ class bbcode_firstpass extends bbcode
 					{
 						$str_from[] = '<span class="syntaxdefault">&lt;?php </span>';
 						$str_to[] = '';
-						$str_from[] = '<span class="syntaxdefault">&lt;?php ';
+						$str_from[] = '<span class="syntaxdefault">&lt;?php&nbsp;';
 						$str_to[] = '<span class="syntaxdefault">';
 					}
@ -432,6 +452,12 @@ class bbcode_firstpass extends bbcode
 					$code = preg_replace('#^<span class="[a-z]+"><span class="([a-z]+)">(.*)</span></span>#s', '<span class="$1">$2</span>', $code);
 					$code = preg_replace('#(?:[\n\r\s\t]|&nbsp;)*</span>$#', '</span>', $code);
 					// remove newline at the end
 					if (!empty($code) && $code{strlen($code)-1} == "\n")
 					{
 						$code = substr($code, 0, -1);
 					}
 					$out .= "[code=$stx:" . $this->bbcode_uid . ']' . $code . '[/code:' . $this->bbcode_uid . ']';
 				break;
@ -565,12 +591,6 @@ class bbcode_firstpass extends bbcode
 		$tok = ']';
 		$out = '[';
 		// Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.)
 		$in = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in);
 		$in = preg_replace(array('#\[quote(=&quot;.*?&quot;)?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in);
 		$in = str_replace("\r\n", "\n", str_replace('\"', '"', trim($in)));
 		$in = substr($in, 1);
 		$close_tags = $error_ary = array();
 		$buffer = '';
@ -677,7 +697,8 @@ class bbcode_firstpass extends bbcode
 			else
 			{
 				$out .= $buffer . $tok;
-				$tok = ($tok == '[') ? ']' : '[]';
+				// $tok = ($tok == '[') ? ']' : '[]';
 				$tok = '[]';
 				$buffer = '';
 			}
 		}
@ -709,7 +730,7 @@ class bbcode_firstpass extends bbcode
 		$validated = true;
-		if (!preg_match('!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i', $email))
+		if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
 		{
 			$validated = false;
 		}
@ -792,8 +813,10 @@ class bbcode_firstpass extends bbcode
 	{
 		global $config, $phpEx, $user;
 		$check_path = ($user->page['root_script_path'] != '/') ? substr($user->page['root_script_path'], 0, -1) : '/';
 		// Is the user trying to link to a php file in this domain and script path?
-		if (strpos($url, ".{$phpEx}") !== false && strpos($url, substr($user->page['root_script_path'], 0, -1)) !== false)
+		if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false)
 		{
 			$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
@ -805,7 +828,7 @@ class bbcode_firstpass extends bbcode
 			// Check again in correct order...
 			$pos_ext = strpos($url, ".{$phpEx}");
-			$pos_path = strpos($url, substr($user->page['root_script_path'], 0, -1));
+			$pos_path = strpos($url, $check_path);
 			$pos_domain = strpos($url, $server_name);
 			if ($pos_domain !== false && $pos_path >= $pos_domain && $pos_ext >= $pos_path)
@ -897,15 +920,7 @@ class parse_message extends bbcode_firstpass
 			}
 		}
-		// Parse smilies
+		// Prepare BBcode (just prepares some tags for better parsing)
 		if ($allow_smilies)
 		{
 			$this->smilies($config['max_' . $mode . '_smilies']);
 		}
 		$num_urls = 0;
 		// Parse BBCode
 		if ($allow_bbcode && strpos($this->message, '[') !== false)
 		{
 			$this->bbcode_init();
@ -917,8 +932,22 @@ class parse_message extends bbcode_firstpass
 					$this->bbcodes[$bool]['disabled'] = true;
 				}
 			}
 			$this->parse_bbcode();
 			$this->prepare_bbcodes();
 		}
 		// Parse smilies
 		if ($allow_smilies)
 		{
 			$this->smilies($config['max_' . $mode . '_smilies']);
 		}
 		$num_urls = 0;
 		// Parse BBCode
 		if ($allow_bbcode && strpos($this->message, '[') !== false)
 		{
 			$this->parse_bbcode();
 			$num_urls += $this->parsed_items['url'];
 		}
@ -1129,7 +1158,7 @@ class parse_message extends bbcode_firstpass
 				{
 					$new_entry = array(
 						'physical_filename'	=> $filedata['physical_filename'],
-						'comment'			=> $this->filename_data['filecomment'],
+						'attach_comment'	=> $this->filename_data['filecomment'],
 						'real_filename'		=> $filedata['real_filename'],
 						'extension'			=> $filedata['extension'],
 						'mimetype'			=> $filedata['mimetype'],
@ -1199,7 +1228,7 @@ class parse_message extends bbcode_firstpass
 					$edit_comment = request_var('edit_comment', array(0 => ''));
 					$edit_comment = key($edit_comment);
-					$this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment];
+					$this->attachment_data[$edit_comment]['attach_comment'] = $actual_comment_list[$edit_comment];
 				}
 				if (($add_file || $preview) && $upload_file)
@ -1213,7 +1242,7 @@ class parse_message extends bbcode_firstpass
 						{
 							$new_entry = array(
 								'physical_filename'	=> $filedata['physical_filename'],
-								'comment'			=> $this->filename_data['filecomment'],
+								'attach_comment'	=> $this->filename_data['filecomment'],
 								'real_filename'		=> $filedata['real_filename'],
 								'extension'			=> $filedata['extension'],
 								'mimetype'			=> $filedata['mimetype'],
@ -1279,7 +1308,7 @@ class parse_message extends bbcode_firstpass
 			// Get the data from the attachments
 			$sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
 				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ')
+				WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . '
 					AND poster_id = ' . $check_user_id;
 			$result = $db->sql_query($sql);
@ -1289,7 +1318,7 @@ class parse_message extends bbcode_firstpass
 				{
 					$pos = $attach_ids[$row['attach_id']];
 					$this->attachment_data[$pos] = $row;
-					set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
+					set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
 					unset($attach_ids[$row['attach_id']]);
 				}
@ -1308,8 +1337,8 @@ class parse_message extends bbcode_firstpass
 			include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 			$sql = 'SELECT attach_id
-				FROM ' . ATTACHMENTS_TABLE . "
+				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')";
+				WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames));
 			$result = $db->sql_query_limit($sql, 1);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@ -1329,7 +1358,7 @@ class parse_message extends bbcode_firstpass
 					'thumbnail'			=> (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0,
 				);
-				set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
+				set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
 				set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true);
 				set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int');
@ -1357,21 +1386,21 @@ class parse_message extends bbcode_firstpass
 		// Parse Poll Option text ;)
 		$tmp_message = $this->message;
 		$this->message = $poll['poll_option_text'];
-		$bbcode_bitfield = $this->bbcode_bitfield;
+
 		$poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
-		$this->bbcode_bitfield |= $bbcode_bitfield;
+
 		$this->message = $tmp_message;
 		// Parse Poll Title
 		$tmp_message = $this->message;
 		$this->message = $poll['poll_title'];
-		$bbcode_bitfield = $this->bbcode_bitfield;
+
 		$poll['poll_title'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
-		$this->bbcode_bitfield |= $bbcode_bitfield;
+
 		$this->message = $tmp_message;
 		unset($tmp_message);
--- a/phpBB/includes/search/fulltext_mysql.php
+++ b/phpBB/includes/search/fulltext_mysql.php
@ -27,8 +27,11 @@ include_once($phpbb_root_path . 'includes/search/search.' . $phpEx);
 */
 class fulltext_mysql extends search_backend
 {
-	var $stats;
+	var $stats = array();
-	var $word_length;
+	var $word_length = array();
 	var $split_words = array();
 	var $search_query;
 	var $common_words = array();
 	function fulltext_mysql(&$error)
 	{
@ -98,6 +101,7 @@ class fulltext_mysql extends search_backend
 	/**
 	* Splits keywords entered by a user into an array of words stored in $this->split_words
 	* Stores the tidied search query in $this->search_query
 	*
 	* @param string $keywords Contains the keyword as entered by the user
 	* @param string $terms is either 'all' or 'any'
@ -157,6 +161,8 @@ class fulltext_mysql extends search_backend
 			}
 		}
 		$this->search_query = implode(' ', $this->split_words);
 		if (sizeof($this->split_words))
 		{
 			$this->split_words = array_values($this->split_words);
@ -306,19 +312,19 @@ class fulltext_mysql extends search_backend
 		}
 		else
 		{
-			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id NOT IN (' . implode(', ', $m_approve_fid_ary) . '))';
+			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')';
 		}
 		$sql_select			= (!$result_count) ? 'SQL_CALC_FOUND_ROWS ' : '';
 		$sql_select			= ($type == 'posts') ? $sql_select . 'p.post_id' : 'DISTINCT ' . $sql_select . 't.topic_id';
 		$sql_from			= ($join_topic) ? TOPICS_TABLE . ' t, ' : '';
 		$field				= ($type == 'posts') ? 'post_id' : 'topic_id';
-		$sql_author			= (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(',', $author_ary) . ')';
+		$sql_author			= (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(', ', $author_ary) . ')';
 		$sql_where_options = $sql_sort_join;
 		$sql_where_options .= ($topic_id) ? ' AND p.topic_id = ' . $topic_id : '';
 		$sql_where_options .= ($join_topic) ? ' AND t.topic_id = p.topic_id' : '';
-		$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
+		$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
 		$sql_where_options .= $m_approve_fid_sql;
 		$sql_where_options .= (sizeof($author_ary)) ? ' AND p.poster_id ' . $sql_author : '';
 		$sql_where_options .= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
@ -445,8 +451,8 @@ class fulltext_mysql extends search_backend
 		$id_ary = array();
 		// Create some display specific sql strings
-		$sql_author		= 'p.poster_id ' . ((sizeof($author_ary) > 1) ? 'IN (' . implode(',', $author_ary) . ')' : '= ' . $author_ary[0]);
+		$sql_author		= $db->sql_in_set('p.poster_id', $author_ary);
-		$sql_fora		= (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
+		$sql_fora		= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
 		$sql_topic_id	= ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : '';
 		$sql_time		= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
@ -481,7 +487,7 @@ class fulltext_mysql extends search_backend
 		}
 		else
 		{
-			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id IN (' . implode($m_approve_fid_ary) . '))';
+			$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')';
 		}
 		// If the cache was completely empty count the results
@ -555,7 +561,7 @@ class fulltext_mysql extends search_backend
 	*
 	* @param string $mode contains the post mode: edit, post, reply, quote ...
 	*/
-	function index($mode, $post_id, &$message, &$subject, $poster_id)
+	function index($mode, $post_id, &$message, &$subject, $encoding, $poster_id, $forum_id)
 	{
 		global $db;
@ -606,7 +612,7 @@ class fulltext_mysql extends search_backend
 	/**
 	* Destroy cached results, that might be outdated after deleting a post
 	*/
-	function index_remove($post_ids, $author_ids)
+	function index_remove($post_ids, $author_ids, $forum_ids)
 	{
 		$this->destroy_cache(array(), $author_ids);
 	}
@ -637,7 +643,7 @@ class fulltext_mysql extends search_backend
 			return $error;
 		}
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}
@ -670,7 +676,7 @@ class fulltext_mysql extends search_backend
 			return $error;
 		}
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}
@ -695,7 +701,7 @@ class fulltext_mysql extends search_backend
 	*/
 	function index_created()
 	{
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}
@ -710,7 +716,7 @@ class fulltext_mysql extends search_backend
 	{
 		global $user;
-		if (!is_array($this->stats))
+		if (empty($this->stats))
 		{
 			$this->get_stats();
 		}
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
--- a/phpBB/includes/search/search.php
+++ b/phpBB/includes/search/search.php
@ -33,8 +33,6 @@ class search_backend
 	var $ignore_words = array();
 	var $match_synonym = array();
 	var $replace_synonym = array();
 	var $split_words = array();
 	var $common_words = array();
 	function search_backend(&$error)
 	{
@ -196,7 +194,7 @@ class search_backend
 				}
 				$db->sql_freeresult($result);
 			}
-			//set_config('last_search_time', time());
+
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_last_search = ' . time() . '
 				WHERE user_id = ' . $user->data['user_id'];
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@ -51,7 +51,7 @@ class session
 		// Now, remove the sid and let us get a clean query string...
 		foreach ($args as $key => $argument)
 		{
-			if (strpos($argument, 'sid=') === 0)
+			if (strpos($argument, 'sid=') === 0 || strpos($argument, '_f_=') === 0)
 			{
 				unset($args[$key]);
 				break;
@ -67,8 +67,8 @@ class session
 		$page_name = htmlspecialchars(basename($script_name));
 		// current directory within the phpBB root (for example: adm)
-		$root_dirs = explode('/', str_replace('\\', '/', realpath($root_path)));
+		$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
-		$page_dirs = explode('/', str_replace('\\', '/', realpath('./')));
+		$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
 		$intersection = array_intersect_assoc($root_dirs, $page_dirs);
 		$root_dirs = array_diff_assoc($root_dirs, $intersection);
@ -106,8 +106,8 @@ class session
 			'page_dir'			=> $page_dir,
 			'query_string'		=> $query_string,
-			'script_path'		=> htmlspecialchars($script_path),
+			'script_path'		=> str_replace(' ', '%20', htmlspecialchars($script_path)),
-			'root_script_path'	=> htmlspecialchars($root_script_path),
+			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 			'page'				=> $page
 		);
@ -143,7 +143,8 @@ class session
 		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
 		$this->page					= $this->extract_current_page($phpbb_root_path);
-		$this->page['page'] .= (isset($_POST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . 'f=' . intval($_POST['f']) : '';
+		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
 		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
 		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
 		{
@ -156,6 +157,13 @@ class session
 			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
 			$_SID = (defined('NEED_SID')) ? $this->session_id : '';
 			if (empty($this->session_id))
 			{
 				$this->session_id = $_SID = request_var('sid', '');
 				$SID = '?sid=' . $this->session_id;
 				$this->cookie_data = array('u' => 0, 'k' => '');
 			}
 		}
 		else
 		{
@ -170,8 +178,6 @@ class session
 		// Load limit check (if applicable)
 		if ($config['limit_load'])
 		{
 			if (@file_exists('/proc/loadavg') && @is_readable('/proc/loadavg'))
 		{
 			if ($load = @file_get_contents('/proc/loadavg'))
 			{
@ -183,11 +189,6 @@ class session
 				set_config('limit_load', '0');
 			}
 		}
 			else
 			{
 				set_config('limit_load', '0');
 			}
 		}
 		// Is session_id is set or session_id is set and matches the url param if required
 		if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
@ -219,9 +220,6 @@ class session
 					// Check whether the session is still valid if we have one
 					$method = basename(trim($config['auth_method']));
 					if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
 					{
 					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 					$method = 'validate_session_' . $method;
@ -232,7 +230,6 @@ class session
 							$session_expired = true;
 						}
 					}
 					}
 					if (!$session_expired)
 					{
@ -356,9 +353,6 @@ class session
 		}
 		$method = basename(trim($config['auth_method']));
 		if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
 		{
 		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 		$method = 'autologin_' . $method;
@ -372,7 +366,6 @@ class session
 				$this->cookie_data['u'] = $this->data['user_id'];
 			}
 		}
 		}
 		// If we're presented with an autologin key we'll join against it.
 		// Else if we've been passed a user_id we'll grab data based on that
@ -420,7 +413,7 @@ class session
 			$db->sql_freeresult($result);
 		}
-		if ($this->data['user_id'] != ANONYMOUS)
+		if ($this->data['user_id'] != ANONYMOUS && !$bot)
 		{
 			$this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
 		}
@ -437,7 +430,7 @@ class session
 		// @todo Change to !$this->data['user_type'] & USER_FOUNDER && !$this->data['user_type'] & USER_BOT in time
 		if ($this->data['user_type'] != USER_FOUNDER)
 		{
-			$this->check_ban();
+			$this->check_ban($this->data['user_id'], $this->ip);
 		}
 		//
@ -470,8 +463,10 @@ class session
 		$db->sql_return_on_error(true);
-		$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
+		$sql = 'DELETE
-			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
+			FROM ' . SESSIONS_TABLE . '
 			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'
 				AND session_user_id = ' . ANONYMOUS;
 		if (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows())
 		{
@ -490,6 +485,7 @@ class session
 					trigger_error('BOARD_UNAVAILABLE');
 				}
 			}
 		}
 		$this->session_id = $this->data['session_id'] = md5(unique_id());
@ -498,7 +494,7 @@ class session
 		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		$db->sql_query($sql);
-		}
+
 		$db->sql_return_on_error(false);
 		// Regenerate autologin/persistent login key
@ -507,8 +503,8 @@ class session
 			$this->set_login_key();
 		}
-		$SID = '?sid=';
+		$SID = '?sid=' . $this->session_id;
-		$_SID = '';
+		$_SID = $this->session_id;
 		if (!$bot)
 		{
@ -518,9 +514,6 @@ class session
 			$this->set_cookie('k', $this->cookie_data['k'], $cookie_expire);
 			$this->set_cookie('sid', $this->session_id, $cookie_expire);
 			$SID = '?sid=' . $this->session_id;
 			$_SID = $this->session_id;
 			unset($cookie_expire);
 		}
@ -546,9 +539,6 @@ class session
 		// Allow connecting logout with external auth method logout
 		$method = basename(trim($config['auth_method']));
 		if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
 		{
 		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
 		$method = 'logout_' . $method;
@ -556,7 +546,6 @@ class session
 		{
 			$method($this->data);
 		}
 		}
 		if ($this->data['user_id'] != ANONYMOUS)
 		{
@ -657,7 +646,7 @@ class session
 					WHERE session_time < ' . (int) ($this->time_now - $config['session_length']);
 				$db->sql_query($sql);
-				set_config('session_last_gc', $this->time_now);
+				set_config('session_last_gc', $this->time_now, true);
 			break;
 			default:
@ -669,33 +658,30 @@ class session
 					GROUP BY session_user_id, session_page';
 				$result = $db->sql_query_limit($sql, 5);
-				$del_user_id = '';
+				$del_user_id = array();
 				$del_sessions = 0;
-				if ($row = $db->sql_fetchrow($result))
+
-				{
+				while ($row = $db->sql_fetchrow($result));
 					do
 				{
 					if ($row['session_user_id'] != ANONYMOUS)
 					{
 						$sql = 'UPDATE ' . USERS_TABLE . '
-								SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
+							SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
-								WHERE user_id = " . $row['session_user_id'];
+							WHERE user_id = " . (int) $row['session_user_id'];
 						$db->sql_query($sql);
 					}
-						$del_user_id .= (($del_user_id != '') ? ', ' : '') . (int) $row['session_user_id'];
+					$del_user_id[] = (int) $row['session_user_id'];
 					$del_sessions++;
 				}
 					while ($row = $db->sql_fetchrow($result));
 				}
 				$db->sql_freeresult($result);
-				if ($del_user_id)
+				if (sizeof($del_user_id))
 				{
 					// Delete expired sessions
-					$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
+					$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
-						WHERE session_user_id IN ($del_user_id)
+						WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
-							AND session_time < " . ($this->time_now - $config['session_length']);
+							AND session_time < ' . ($this->time_now - $config['session_length']);
 					$db->sql_query($sql);
 				}
@ -755,16 +741,44 @@ class session
 	{
 		global $config, $db;
 		$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
 		$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
 		$user_email = ($user_email === false) ? $this->data['user_email'] : $user_email;
 		$banned = false;
 		$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
 			FROM ' . BANLIST_TABLE . '
-			WHERE ban_end >= ' . time() . '
+			WHERE (ban_end >= ' . time() . ' OR ban_end = 0)';
-				OR ban_end = 0';
+
 		// Determine which entries to check, only return those
 		if ($user_email === false)
 		{
 			$sql .= " AND ban_email = ''";
 		}
 		if ($user_ip === false)
 		{
 			$sql .= " AND (ban_ip = '' OR (ban_ip <> '' AND ban_exclude = 1))";
 		}
 		if ($user_id === false)
 		{
 			$sql .= ' AND (ban_userid = 0 OR (ban_userid <> 0 AND ban_exclude = 1))';
 		}
 		else
 		{
 			$sql .= ' AND (ban_userid = ' . $user_id;
 			if ($user_email !== false)
 			{
 				$sql .= " OR ban_email <> ''";
 			}
 			if ($user_ip !== false)
 			{
 				$sql .= " OR ban_ip <> ''";
 			}
 			$sql .= ')';
 		}
 		$result = $db->sql_query($sql);
 		while ($row = $db->sql_fetchrow($result))
@ -1066,8 +1080,33 @@ class user extends session
 		{
 			$this->theme['theme_storedb'] = 1;
 			$stylesheet = file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/stylesheet.css");
 			// Match CSS imports
 			$matches = array();
 			preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
 			if (sizeof($matches))
 			{
 				$content = '';
 				foreach ($matches[0] as $idx => $match)
 				{
 					if ($content = @file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/" . $matches[1][$idx]))
 					{
 						$content = trim($content);
 					}
 					else
 					{
 						$content = '';
 					}
 					$stylesheet = str_replace($match, $content, $stylesheet);
 				}
 				unset ($content);
 			}
 			$stylesheet = str_replace('./', 'styles/' . $this->theme['theme_path'] . '/theme/', $stylesheet);
 			$sql_ary = array(
-				'theme_data'	=> implode('', file("{$phpbb_root_path}styles/" . $this->theme['theme_path'] . '/theme/stylesheet.css')),
+				'theme_data'	=> $stylesheet,
 				'theme_mtime'	=> time(),
 				'theme_storedb'	=> 1
 			);
@ -1102,9 +1141,9 @@ class user extends session
 		// Does the user need to change their password? If so, redirect to the
 		// ucp profile reg_details page ... of course do not redirect if we're already in the ucp
-		if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
+		if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['is_registered'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
 		{
-			if (strpos($this->page['query_string'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx")
+			if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx")
 			{
 				redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&amp;mode=reg_details'));
 			}
@ -1205,18 +1244,19 @@ class user extends session
 	*/
 	function format_date($gmepoch, $format = false, $forcedate = false)
 	{
-		static $lang_dates, $midnight;
+		static $midnight;
 		if (empty($lang_dates))
 		{
 			foreach ($this->lang['datetime'] as $match => $replace)
 			{
 				$lang_dates[$match] = $replace;
 			}
 		}
 		$lang_dates = $this->lang['datetime'];
 		$format = (!$format) ? $this->date_format : $format;
 		// Short representation of month in format
 		if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false))
 		{
 			$lang_dates['May'] = $lang_dates['May_short'];
 		}
 		unset($lang_dates['May_short']);
 		if (!$midnight)
 		{
 			list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $this->timezone + $this->dst));
--- a/Show more
+++ b/Show more