- finally correctly calculate current time for birthday calculation [Bug #6030]

- allow searching forums with unsearchable subforums [Bug #6056] - addition of an optional HTTP_X_FORWARDED_FOR check in sessions, including bans - do not index forums which have indexing disabled on index recreation [Bug #6060] - properly handle html entities in the theme editor [Bug #6048] - anonymous access is no longer required for the LDAP auth plugin [Bug #6046] - corrected mcp_front queue link to point to approve_details [Bug #6134] - added direct (dis)approval to mcp_front queue items [Bug #6134] - proper mysql version test for fulltext-compatibility [Bug #6054] - added note to style/language "used by" column so it's clear that bots are included - correctly update bot last visit time [Bug #6108] git-svn-id: file:///svn/phpbb/trunk@6740 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-08 04:18:52 +00:00 · 2006-12-10 17:44:45 +00:00 · 2006-12-10 17:44:45 +00:00 · f40e2aba22
commit f40e2aba22
parent 7e47135792
30 changed files with 223 additions and 53 deletions
--- a/phpBB/adm/style/admin.css
+++ b/phpBB/adm/style/admin.css
@ -321,6 +321,7 @@ th {
 	color: #FFA34F;
 	font-weight: bold;
 	background: #006699 url("../images/cellpic3.gif") 0 0 repeat-x;
 	white-space: nowrap;
 }
 td {
--- a/phpBB/adm/style/overall_header.html
+++ b/phpBB/adm/style/overall_header.html
@ -93,7 +93,7 @@ function trace(link)
 function find_username()
 {
 	<!-- IF UA_FIND_USERNAME -->
-	window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=500, resizable=yes, scrollbars=yes, width=740');
+	window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=570, resizable=yes, scrollbars=yes, width=760');
 	<!-- ENDIF -->
 	return false;
 }
--- a/phpBB/adm/style/simple_header.html
+++ b/phpBB/adm/style/simple_header.html
@ -79,7 +79,7 @@ function marklist(id, name, state)
 function find_username()
 {
 	<!-- IF UA_FIND_USERNAME -->
-	window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=500, resizable=yes, scrollbars=yes, width=740');
+	window.open('{UA_FIND_USERNAME}', '_usersearch', 'height=570, resizable=yes, scrollbars=yes, width=760');
 	<!-- ENDIF -->
 	return false;
 }
--- a/phpBB/develop/create_schema_files.php
+++ b/phpBB/develop/create_schema_files.php
@ -1488,6 +1488,7 @@ function get_schema_struct()
 			'session_time'			=> array('TIMESTAMP', 0),
 			'session_ip'			=> array('VCHAR:40', ''),
 			'session_browser'		=> array('VCHAR:150', ''),
 			'session_forwarded_for'	=> array('VCHAR:255', ''),
 			'session_page'			=> array('VCHAR_UNI', ''),
 			'session_viewonline'	=> array('BOOL', 1),
 			'session_autologin'		=> array('BOOL', 0),
--- a/phpBB/develop/ip_regex.php
+++ b/phpBB/develop/ip_regex.php
@ -0,0 +1,37 @@
 <?php
 $dec_octet = '(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])';
 $h16 = '[\dA-F]{1,4}';
 $ipv4 = "(?:$dec_octet\.){3}$dec_octet";
 $ls32 = "(?:$h16:$h16|$ipv4)";
 $ipv6_construct = array(
 	array(false,	'',		'{6}',	$ls32),
 	array(false,	'::',	'{5}',	$ls32),
 	array('',		':',	'{4}',	$ls32),
 	array('{1,2}',	':',	'{3}',	$ls32),
 	array('{1,3}',	':',	'{2}',	$ls32),
 	array('{1,4}',	':',	'',		$ls32),
 	array('{1,5}',	':',	false,	$ls32),
 	array('{1,6}',	':',	false,	$h16),
 	array('{1,7}',	':',	false,	'')
 );
 $ipv6 = '(?:';
 foreach ($ipv6_construct as $ip_type)
 {
 	$ipv6 .= '(?:';
 	if ($ip_type[0] !== false)
 	{
 		$ipv6 .= "(?:$h16:)" . $ip_type[0];
 	}
 	$ipv6 .= $ip_type[1];
 	if ($ip_type[2] !== false)
 	{
 		$ipv6 .= "(?:$h16:)" . $ip_type[2];
 	}
 	$ipv6 .= $ip_type[3] . ')|';
 }
 $ipv6 = substr($ipv6, 0, -1) . ')';
 echo 'IPv4: ' . $ipv4 . "<br />\nIPv6: " . $ipv6;
 ?>
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@ -17,7 +17,7 @@ class acp_search
 	var $state;
 	var $search;
 	var $max_post_id;
-	var $batch_size = 4000;
+	var $batch_size = 5000;
 	function main($id, $mode)
 	{
@ -320,6 +320,16 @@ class acp_search
 				}
 				else
 				{
 					$sql = 'SELECT forum_id, enable_indexing
 						FROM ' . FORUMS_TABLE;
 					$result = $db->sql_query($sql, 3600);
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$forums[$row['forum_id']] = (bool) $row['enable_indexing'];
 					}
 					$db->sql_freeresult($result);
 					$sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id
 						FROM ' . POSTS_TABLE . '
 						WHERE post_id >= ' . (int) ($post_counter + 1) . '
@ -327,9 +337,12 @@ class acp_search
 					$result = $db->sql_query($sql);
 					while ($row = $db->sql_fetchrow($result))
 					{
 						if ($forums[$row['forum_id']])
 						{
 							$this->search->index('post', $row['post_id'], $row['post_text'], $row['post_subject'], $row['poster_id'], $row['forum_id']);
 						}
 					}
 					$db->sql_freeresult($result);
 					$post_counter += $this->batch_size;
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@ -1121,7 +1121,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 							$s_units = '<option value=""' . (($unit == '') ? ' selected="selected"' : '') . '>' . $user->lang['NO_UNIT'] . '</option>' . $s_units;
 							$template->assign_vars(array(
-								strtoupper($var) => $value,
+								strtoupper($var) => htmlspecialchars($value),
 								'S_' . strtoupper($var) . '_UNITS' => $s_units)
 							);
 						break;
@ -1162,7 +1162,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 						default:
 							$template->assign_vars(array(
-								strtoupper($var) => $value)
+								strtoupper($var) => htmlspecialchars($value))
 							);
 					}
 				}
@ -1226,7 +1226,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 						break;
 						default:
-							$value = request_var($var, '');
+							$value = htmlspecialchars_decode(request_var($var, ''));
 					}
 					// use the element mapping to create raw css code
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@ -34,6 +34,14 @@ function init_ldap()
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 	if ($config['ldap_user'] || $config['ldap_password'])
 	{
 		if (!@ldap_bind($ldap, ldap_escape(htmlspecialchars_decode($config['ldap_user'])), htmlspecialchars_decode($config['ldap_password'])))
 		{
 			return $user->lang['LDAP_INCORRECT_USER_PASSWORD'];
 		}
 	}
 	// ldap_connect only checks whether the specified server is valid, so the connection might still fail
 	$search = @ldap_search(
 		$ldap,
@ -95,6 +103,14 @@ function login_ldap(&$username, &$password)
 	@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 	@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
 	if ($config['ldap_user'] || $config['ldap_password'])
 	{
 		if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password'])))
 		{
 			return $user->lang['LDAP_NO_SERVER_CONNECTION'];
 		}
 	}
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
@ -221,6 +237,14 @@ function acp_ldap(&$new)
 		<dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
 		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
@ -238,7 +262,7 @@ function acp_ldap(&$new)
 	// These are fields required in the config table
 	return array(
 		'tpl'		=> $tpl,
-		'config'	=> array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
+		'config'	=> array('ldap_server', 'ldap_user', 'ldap_password', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
 	);
 }
--- a/phpBB/includes/mcp/mcp_front.php
+++ b/phpBB/includes/mcp/mcp_front.php
@ -80,7 +80,7 @@ function mcp_front_view($id, $mode, $action)
 				}
 				$template->assign_block_vars('unapproved', array(
-					'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=post_details&amp;f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']),
+					'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=approve_details&amp;f=' . $row['forum_id'] . '&amp;p=' . $row['post_id']),
 					'U_MCP_FORUM'		=> (!$global_topic) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=forum_view&amp;f=' . $row['forum_id']) : '',
 					'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=topic_view&amp;f=' . $row['forum_id'] . '&amp;t=' . $row['topic_id']),
 					'U_FORUM'			=> (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
@ -88,6 +88,7 @@ function mcp_front_view($id, $mode, $action)
 					'U_AUTHOR'			=> ($row['poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']),
 					'FORUM_NAME'	=> (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
 					'POST_ID'		=> $row['post_id'],
 					'TOPIC_TITLE'	=> $row['topic_title'],
 					'AUTHOR'		=> ($row['poster_id'] == ANONYMOUS) ? (($row['post_username']) ? $row['post_username'] : $user->lang['GUEST']) : $row['username'],
 					'SUBJECT'		=> ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'],
@ -97,6 +98,10 @@ function mcp_front_view($id, $mode, $action)
 			$db->sql_freeresult($result);
 		}
 		$template->assign_vars(array(
 			'S_MCP_QUEUE_ACTION'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue"),
 		));
 		if ($total == 0)
 		{
 			$template->assign_vars(array(
--- a/phpBB/includes/search/fulltext_mysql.php
+++ b/phpBB/includes/search/fulltext_mysql.php
@ -49,16 +49,7 @@ class fulltext_mysql extends search_backend
 	{
 		global $db, $user;
-		if (strpos($db->sql_layer, 'mysql') === false)
+		if ($db->sql_layer != 'mysql4' && $db->sql_layer != 'mysqli')
 		{
 			return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_VERSION'];
 		}
 		$result = $db->sql_query('SELECT VERSION() AS mysql_version');
 		$version = $db->sql_fetchfield('mysql_version');
 		$db->sql_freeresult($result);
 		if (!preg_match('#^4|5|6#s', $version))
 		{
 			return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_VERSION'];
 		}
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@ -18,9 +18,11 @@ class session
 	var $page = array();
 	var $data = array();
 	var $browser = '';
 	var $forwarded_for = '';
 	var $host = '';
 	var $session_id = '';
 	var $ip = '';
 	var $ips = array();
 	var $load = 0;
 	var $time_now = 0;
 	var $update_session_page = true;
@ -145,9 +147,40 @@ class session
 		$this->cookie_data			= array('u' => 0, 'k' => '');
 		$this->update_session_page	= $update_session_page;
 		$this->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? (string) $_SERVER['HTTP_USER_AGENT'] : '';
 		$this->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
 		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
 		$this->page					= $this->extract_current_page($phpbb_root_path);
 		// if the forwarded for header shall be checked we have to validate its contents
 		if ($config['forwarded_for_check'])
 		{
 			$this->forwarded_for = preg_replace('#, +#', ', ', $this->forwarded_for);
 			// Whoa these look impressive!
 			// The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses
 			// can be found in the develop directory
 			$ipv4 = '#^(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])$#';
 			$ipv6 = '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d?\d|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#';
 			// split the list of IPs
 			$ips = explode(', ', $this->forwarded_for);
 			foreach ($ips as $ip)
 			{
 				// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
 				if (!preg_match("#^$ipv4$#", $this->forwarded_for) && !preg_match("#^$ipv6$#", $this->forwarded_for))
 				{
 					if (!defined('DEBUG_EXTRA'))
 					{
 						trigger_error('Hacking attempt!');
 					}
 					else
 					{
 						trigger_error('Invalid HTTP_X_FORWARDED_FOR header detected: ' . htmlspecialchars($this->forwarded_for));
 					}
 				}
 			}
 		}
 		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
 		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
@ -216,7 +249,10 @@ class session
 				$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
 				$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
-				if ($u_ip === $s_ip && $s_browser === $u_browser)
+				$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['forwarded_for'], 0, 254) : '';
 				$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
 				if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
 				{
 					$session_expired = false;
@ -278,7 +314,7 @@ class session
 					// Added logging temporarly to help debug bugs...
 					if (defined('DEBUG_EXTRA'))
 					{
-						add_log('critical', 'LOG_IP_BROWSER_CHECK', $u_ip, $s_ip, $u_browser, $s_browser);
+						add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, $u_forwarded, $s_forwarded);
 					}
 				}
 			}
@ -446,9 +482,18 @@ class session
 		// Is user banned? Are they excluded? Won't return on ban, exists within method
 		if ($this->data['user_type'] != USER_FOUNDER)
 		{
 			if (!$config['forwarded_for_check'])
 			{
 				$this->check_ban($this->data['user_id'], $this->ip);
 			}
 			else
 			{
 				$ips = explode(', ', $this->forwarded_for);
 				$ips[] = $this->ip;
 				$this->check_ban($this->data['user_id'], $ips);
 			}
 		}
 		$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
 		$this->data['is_bot'] = ($bot) ? true : false;
@ -456,14 +501,17 @@ class session
 		// If our friend is a bot, we re-assign a previously assigned session
 		if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id'])
 		{
-			// Only assign the current session if the ip and browser match...
+			// Only assign the current session if the ip, browser and forwarded_for match...
 			$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
 			$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
 			$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
 			$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
-			if ($u_ip === $s_ip && $s_browser === $u_browser)
+			$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
 			$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
 			if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
 			{
 				$this->session_id = $this->data['session_id'];
@ -512,6 +560,7 @@ class session
 			'session_last_visit'	=> (int) $this->data['session_last_visit'],
 			'session_time'			=> (int) $this->time_now,
 			'session_browser'		=> (string) $this->browser,
 			'session_forwarded_for'	=> (string) $this->forwarded_for,
 			'session_ip'			=> (string) $this->ip,
 			'session_autologin'		=> ($session_autologin) ? 1 : 0,
 			'session_admin'			=> ($set_admin) ? 1 : 0,
@ -580,6 +629,14 @@ class session
 		}
 		else
 		{
 			$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
 			// Update the last visit time
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_lastvisit = ' . (int) $this->data['session_time'] . '
 				WHERE user_id = ' . (int) $this->data['user_id'];
 			$db->sql_query($sql);
 			$SID = '?sid=';
 			$_SID = '';
 		}
@ -757,8 +814,10 @@ class session
 	* are passed to the method pre-existing session data is used. If $return is false
 	* this routine does not return on finding a banned user, it outputs a relevant 
 	* message and stops execution.
 	*
 	* @param string|array	$user_ips	Can contain a string with one IP or an array of multiple IPs
 	*/
-	function check_ban($user_id = false, $user_ip = false, $user_email = false, $return = false)
+	function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false)
 	{
 		global $config, $db;
@ -774,14 +833,14 @@ class session
 			$sql .= " AND ban_email = ''";
 		}
-		if ($user_ip === false)
+		if ($user_ips === false)
 		{
-			$sql .= " AND (ban_ip = '' OR (ban_ip <> '' AND ban_exclude = 1))";
+			$sql .= " AND (ban_ip = '' OR ban_exclude = 1)";
 		}
 		if ($user_id === false)
 		{
-			$sql .= ' AND (ban_userid = 0 OR (ban_userid <> 0 AND ban_exclude = 1))';
+			$sql .= ' AND (ban_userid = 0 OR ban_exclude = 1)';
 		}
 		else
 		{
@ -792,7 +851,7 @@ class session
 				$sql .= " OR ban_email <> ''";
 			}
-			if ($user_ip !== false)
+			if ($user_ips !== false)
 			{
 				$sql .= " OR ban_ip <> ''";
 			}
@ -806,7 +865,7 @@ class session
 		while ($row = $db->sql_fetchrow($result))
 		{
 			if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) ||
-				(!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ip)) ||
+				(!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ips)) ||
 				(!empty($row['ban_email']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $user_email)))
 			{
 				if (!empty($row['ban_exclude']))
@ -823,7 +882,7 @@ class session
 					{
 						$ban_triggered_by = 'user';
 					}
-					else if (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ip))
+					else if (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ips))
 					{
 						$ban_triggered_by = 'ip';
 					}
@ -1253,7 +1312,7 @@ class user extends session
 		// Is load exceeded?
 		if ($config['limit_load'] && $this->load !== false)
 		{
-			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_gets('a_', 'm_'))
+			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
 			{
 				trigger_error('BOARD_UNAVAILABLE');
 			}
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@ -468,7 +468,7 @@ function get_user_information($user_id, $user_row)
 	if (!empty($user_row['user_allow_viewemail']) || $auth->acl_get('a_email'))
 	{
-		$user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&amp;u=$user_id") : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $user_row['user_email']);
+		$user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&amp;u=$user_id") : ((($config['board_hide_emails'] && !$auth->acl_get('a_email')) || empty($user_row['user_email'])) ? '' : 'mailto:' . $user_row['user_email']);
 	}
 	else
 	{
--- a/phpBB/index.php
+++ b/phpBB/index.php
@ -61,7 +61,7 @@ $db->sql_freeresult($result);
 $birthday_list = '';
 if ($config['load_birthdays'])
 {
-	$now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600);
+	$now = getdate(time() + $user->timezone + $user->dst - date('Z'));
 	$sql = 'SELECT user_id, username, user_colour, user_birthday
 		FROM ' . USERS_TABLE . "
 		WHERE user_birthday LIKE '" . $db->sql_escape(sprintf('%2d-%2d-', $now['mday'], $now['mon'])) . "%'
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@ -316,6 +316,9 @@ $database_update_info = array(
 			CONFIRM_TABLE		=> array(
 				'seed'					=> array('UINT:10', 0),
 			),
 			SESSIONS_TABLE		=> array(
 				'session_forwarded_for'	=> array('VCHAR:255', 0),
 			),
 		),
 	),
 );
--- a/phpBB/install/schemas/firebird_schema.sql
+++ b/phpBB/install/schemas/firebird_schema.sql
@ -961,6 +961,7 @@ CREATE TABLE phpbb_sessions (
 	session_time INTEGER DEFAULT 0 NOT NULL,
 	session_ip VARCHAR(40) CHARACTER SET NONE DEFAULT '' NOT NULL,
 	session_browser VARCHAR(150) CHARACTER SET NONE DEFAULT '' NOT NULL,
 	session_forwarded_for VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,
 	session_page VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	session_viewonline INTEGER DEFAULT 1 NOT NULL,
 	session_autologin INTEGER DEFAULT 0 NOT NULL,
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
@ -1141,6 +1141,7 @@ CREATE TABLE [phpbb_sessions] (
 	[session_time] [int] DEFAULT (0) NOT NULL ,
 	[session_ip] [varchar] (40) DEFAULT ('') NOT NULL ,
 	[session_browser] [varchar] (150) DEFAULT ('') NOT NULL ,
 	[session_forwarded_for] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[session_page] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[session_viewonline] [int] DEFAULT (1) NOT NULL ,
 	[session_autologin] [int] DEFAULT (0) NOT NULL ,
--- a/phpBB/install/schemas/mysql_40_schema.sql
+++ b/phpBB/install/schemas/mysql_40_schema.sql
@ -662,6 +662,7 @@ CREATE TABLE phpbb_sessions (
 	session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	session_ip varchar(40) DEFAULT '' NOT NULL,
 	session_browser varchar(150) DEFAULT '' NOT NULL,
 	session_forwarded_for varchar(255) DEFAULT '' NOT NULL,
 	session_page text NOT NULL,
 	session_viewonline tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	session_autologin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
--- a/phpBB/install/schemas/mysql_41_schema.sql
+++ b/phpBB/install/schemas/mysql_41_schema.sql
@ -662,6 +662,7 @@ CREATE TABLE phpbb_sessions (
 	session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	session_ip varchar(40) DEFAULT '' NOT NULL,
 	session_browser varchar(150) DEFAULT '' NOT NULL,
 	session_forwarded_for varchar(255) DEFAULT '' NOT NULL,
 	session_page varchar(255) DEFAULT '' NOT NULL,
 	session_viewonline tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	session_autologin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
--- a/phpBB/install/schemas/oracle_schema.sql
+++ b/phpBB/install/schemas/oracle_schema.sql
@ -1280,6 +1280,7 @@ CREATE TABLE phpbb_sessions (
 	session_time number(11) DEFAULT '0' NOT NULL,
 	session_ip varchar2(40) DEFAULT '' ,
 	session_browser varchar2(150) DEFAULT '' ,
 	session_forwarded_for varchar2(255) DEFAULT '' ,
 	session_page varchar2(765) DEFAULT '' ,
 	session_viewonline number(1) DEFAULT '1' NOT NULL,
 	session_autologin number(1) DEFAULT '0' NOT NULL,
--- a/phpBB/install/schemas/postgres_schema.sql
+++ b/phpBB/install/schemas/postgres_schema.sql
@ -876,6 +876,7 @@ CREATE TABLE phpbb_sessions (
 	session_time INT4 DEFAULT '0' NOT NULL CHECK (session_time >= 0),
 	session_ip varchar(40) DEFAULT '' NOT NULL,
 	session_browser varchar(150) DEFAULT '' NOT NULL,
 	session_forwarded_for varchar(255) DEFAULT '' NOT NULL,
 	session_page varchar(255) DEFAULT '' NOT NULL,
 	session_viewonline INT2 DEFAULT '1' NOT NULL CHECK (session_viewonline >= 0),
 	session_autologin INT2 DEFAULT '0' NOT NULL CHECK (session_autologin >= 0),
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@ -86,6 +86,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_post_confir
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval', '15');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('forward_pm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('forwarded_for_check', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('full_folder_action', '2');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('fulltext_mysql_max_word_len', '254');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('fulltext_mysql_min_word_len', '4');
@ -114,8 +115,10 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_resource', '')
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_username', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_email', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_password', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_server', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_uid', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_user', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('limit_load', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('limit_search_load', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_anon_lastread', '0');
--- a/phpBB/install/schemas/sqlite_schema.sql
+++ b/phpBB/install/schemas/sqlite_schema.sql
@ -640,6 +640,7 @@ CREATE TABLE phpbb_sessions (
 	session_time INTEGER UNSIGNED NOT NULL DEFAULT '0',
 	session_ip varchar(40) NOT NULL DEFAULT '',
 	session_browser varchar(150) NOT NULL DEFAULT '',
 	session_forwarded_for varchar(255) NOT NULL DEFAULT '',
 	session_page varchar(255) NOT NULL DEFAULT '',
 	session_viewonline INTEGER UNSIGNED NOT NULL DEFAULT '1',
 	session_autologin INTEGER UNSIGNED NOT NULL DEFAULT '0',
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@ -285,12 +285,17 @@ $lang = array_merge($lang, array(
 	'LDAP_DN_EXPLAIN'				=> 'This is the Distinguished Name, locating the user information, e.g. <samp>o=My Company,c=US</samp>',
 	'LDAP_EMAIL'					=> 'LDAP email attribute',
 	'LDAP_EMAIL_EXPLAIN'			=> 'Set this to the name of your user entry email attribute (if one exists) in order to automatically set the email address for new users. Leaving this empty results in empty email address for users who log in for the first time.',
 	'LDAP_INCORRECT_USER_PASSWORD'	=> 'Binding to LDAP server failed with specified user/password.',
 	'LDAP_NO_EMAIL'					=> 'The specified email attribute does not exist.',
 	'LDAP_NO_IDENTITY'				=> 'Could not find a login identity for %s',
 	'LDAP_PASSWORD'					=> 'LDAP password',
 	'LDAP_PASSWORD_EXPLAIN'			=> 'Leave blank to use anonymous access. Else fill in the password for the above user. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database.',
 	'LDAP_SERVER'					=> 'LDAP server name',
 	'LDAP_SERVER_EXPLAIN'			=> 'If using LDAP this is the name or IP address of the server.',
 	'LDAP_UID'						=> 'LDAP <var>uid</var>',
 	'LDAP_UID_EXPLAIN'				=> 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.',
 	'LDAP_USER'						=> 'LDAP user',
 	'LDAP_USER_EXPLAIN'				=> 'Leave blank to use anonymous access. If filled in phpBB will connect to the LDAP server as the specified user.',
 ));
 // Server Settings
--- a/phpBB/language/en/acp/common.php
+++ b/phpBB/language/en/acp/common.php
@ -510,7 +510,7 @@ $lang = array_merge($lang, array(
 	'LOG_INSTALL_CONVERTED'	=> '<strong>Converted from %1$s to phpBB %2$s</strong>',
 	'LOG_INSTALL_INSTALLED'	=> '<strong>Installed phpBB %s</strong>',
-	'LOG_IP_BROWSER_CHECK'	=> '<strong>Session IP/browser check failed</strong><br />»User IP "<em>%1$s</em>" checked against session IP "<em>%2$s</em>" and user browser string "<em>%3$s</em>" checked against session browser string "<em>%4$s</em>".',
+	'LOG_IP_BROWSER_FORWARDED_CHECK'	=> '<strong>Session IP/browser/X_FORWARDED_FOR check failed</strong><br />»User IP "<em>%1$s</em>" checked against session IP "<em>%2$s</em>", user browser string "<em>%3$s</em>" checked against session browser string "<em>%4$s</em>" and user X_FORWARDED_FOR string "<em>%5$s</em>" checked against session X_FORWARDED_FOR string "<em>%6$s</em>".',
 	'LOG_JAB_CHANGED'			=> '<strong>Jabber account changed</strong>',
 	'LOG_JAB_PASSCHG'			=> '<strong>Jabber password changed</strong>',
--- a/phpBB/language/en/acp/language.php
+++ b/phpBB/language/en/acp/language.php
@ -58,7 +58,7 @@ $lang = array_merge($lang, array(
 	'LANGUAGE_PACK_LOCALNAME'			=> 'Local name',
 	'LANGUAGE_PACK_NAME'				=> 'Name',
 	'LANGUAGE_PACK_NOT_EXIST'			=> 'The selected language pack does not exist.',
-	'LANGUAGE_PACK_USED_BY'				=> 'Used by',
+	'LANGUAGE_PACK_USED_BY'				=> 'Used by (including robots)',
 	'LANGUAGE_VARIABLE'					=> 'Language Variable',
 	'LANG_AUTHOR'						=> 'Language Pack Author',
 	'LANG_ENGLISH_NAME'					=> 'English name',
--- a/phpBB/language/en/acp/styles.php
+++ b/phpBB/language/en/acp/styles.php
@ -354,7 +354,7 @@ $lang = array_merge($lang, array(
 	'STYLE_NAME'				=> 'Style name',
 	'STYLE_TEMPLATE'			=> 'Template',
 	'STYLE_THEME'				=> 'Theme',
-	'STYLE_USED_BY'				=> 'Used by',
+	'STYLE_USED_BY'				=> 'Used by (including robots)',
 	'TEMPLATE_ADDED'			=> 'Template set added and stored on filesystem.',
 	'TEMPLATE_ADDED_DB'			=> 'Template set added and stored in database.',
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -1425,7 +1425,7 @@ function show_profile($data)
 		if ($bday_year)
 		{
-			$now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600);
+			$now = getdate(time() + $user->timezone + $user->dst - date('Z'));
 			$diff = $now['mon'] - $bday_month;
 			if ($diff == 0)
--- a/phpBB/search.php
+++ b/phpBB/search.php
@ -960,6 +960,12 @@ while ($row = $db->sql_fetchrow($result))
 		$holding = '';
 	}
 }
 if ($holding)
 {
 	$s_forums .= $holding;
 }
 $db->sql_freeresult($result);
 unset($pad_store);
--- a/phpBB/styles/subSilver/template/mcp_front.html
+++ b/phpBB/styles/subSilver/template/mcp_front.html
@ -1,9 +1,11 @@
 <!-- INCLUDE mcp_header.html -->
 <!-- IF S_SHOW_UNAPPROVED -->
 	<form name="mcp_queue" method="post" action="{S_MCP_QUEUE_ACTION}">
 	<table class="tablebg" width="100%" cellspacing="1">
 	<tr>
-		<td class="row3" colspan="5" align="center"><b class="gen">{L_LATEST_UNAPPROVED}</b></td>
+		<td class="row3" colspan="6" align="center"><b class="gen">{L_LATEST_UNAPPROVED}</b></td>
 	</tr>
 	<tr>
 		<th>&nbsp;{L_FORUM}&nbsp;</th>
@ -11,6 +13,7 @@
 		<th>&nbsp;{L_SUBJECT}&nbsp;</th>
 		<th>&nbsp;{L_AUTHOR}&nbsp;</th>
 		<th>&nbsp;{L_POST_TIME}&nbsp;</th>
 		<th width="5%">&nbsp;{L_SELECT}&nbsp;</th>
 	</tr>
 	<!-- BEGIN unapproved -->
 		<tr>
@ -19,17 +22,29 @@
 			<td class="row1" valign="top"><span class="gen">{unapproved.SUBJECT}</span><br /><span class="gensmall">[ <a href="{unapproved.U_POST_DETAILS}">{L_VIEW_DETAILS}</a> ]</span></td>
 			<td class="row2" align="center" width="15%" nowrap="nowrap" valign="top"><span class="gen"><!-- IF unapproved.U_AUTHOR --><a href="{unapproved.U_AUTHOR}">{unapproved.AUTHOR}</a><!-- ELSE -->{unapproved.AUTHOR}<!-- ENDIF --></span></td>
 			<td class="row1" align="center" width="15%" nowrap="nowrap" valign="top"><span class="gensmall">{unapproved.POST_TIME}</span></td>
 			<td class="row2" align="center"><input type="checkbox" class="radio" name="post_id_list[]" value="{unapproved.POST_ID}" /></td>
 		</tr>
 	<!-- BEGINELSE -->
 		<tr>
-			<td class="row1" colspan="5" align="center"><span class="gen">{L_UNAPPROVED_POSTS_ZERO_TOTAL}</span></td>
+			<td class="row1" colspan="6" align="center"><span class="gen">{L_UNAPPROVED_POSTS_ZERO_TOTAL}</span></td>
 		</tr>
 	<!-- END unapproved -->
 	<!-- IF S_HAS_UNAPPROVED_POSTS -->
 		<tr>
-			<td class="row3" colspan="5"><span class="gensmall">{L_UNAPPROVED_TOTAL}</span></td>
+			<td class="row3" colspan="6"><span class="gensmall">{L_UNAPPROVED_TOTAL}</span></td>
 		</tr>
 	<!-- ENDIF -->
 	<tr>
 		<td class="cat" colspan="6" align="center"><input class="btnmain" type="submit" name="action[approve]" value="{L_APPROVE}" />&nbsp;&nbsp;<input class="btnlite" type="submit" name="action[disapprove]" value="{L_DISAPPROVE}" /></td>
 	</tr>
 	</table>
 	</form>
 	<table width="100%" cellspacing="2" cellpadding="2" border="0" align="center">
 	<tr>
 		<td align="right" valign="top" nowrap="nowrap"><b class="gensmall"><a href="#" onclick="marklist('mcp_queue', '', true); return false;">{L_MARK_ALL}</a> :: <a href="#" onclick="marklist('mcp_queue', '', false); return false;">{L_UNMARK_ALL}</a></b></td>
 	</tr>
 	</table>
 	<br clear="all" /><br />
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -880,7 +880,7 @@ $sql = $db->sql_build_query('SELECT', array(
 $result = $db->sql_query($sql);
-$now = getdate(time() + $user->timezone + $user->dst - (date('H', time()) - gmdate('H', time())) * 3600);
+$now = getdate(time() + $user->timezone + $user->dst - date('Z'));
 // Posts are stored in the $rowset array while $attach_list, $user_cache
 // and the global bbcode_bitfield are built