kostenloser Webspace werbefrei: lima-city


Phpbb3 Forum buggt total rum?

lima-cityForumProgrammiersprachenPHP, MySQL & .htaccess

  1. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    Guten abend liebe Community,

    ich setze gerade zum 3. mal mein phpbb3-Forum auf. Aber immer nach ein paar Stunden sieht die Seite total verbuggt aus, in etwa so:

    http://schinkenmedia.de/

    Woran kann das liegen? Was kann ich dagegen tun?

    mfg
  2. Diskutiere mit und stelle Fragen: Jetzt kostenlos anmelden!

    lima-city: Gratis werbefreier Webspace für deine eigene Homepage

  3. schinkenmedia schrieb:
    Guten abend liebe Community,

    ich setze gerade zum 3. mal mein phpbb3-Forum auf. Aber immer nach ein paar Stunden sieht die Seite total verbuggt aus, in etwa so:

    http://schinkenmedia.de/

    Woran kann das liegen? Was kann ich dagegen tun?

    mfg


    Immer nach ein paar Stunden?


    Sieht es am Anfang gut aus?
    Was hast du seit dem verändert?
    Irgendein Plugin Installiert?
    Welche PHPBB3 Version nutzt du?

    Und:
    Ist "register_globals" auf deiner Domain an oder aus?
  4. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    kill-a-teddy schrieb:
    schinkenmedia schrieb:
    Guten abend liebe Community,

    ich setze gerade zum 3. mal mein phpbb3-Forum auf. Aber immer nach ein paar Stunden sieht die Seite total verbuggt aus, in etwa so:

    http://schinkenmedia.de/

    Woran kann das liegen? Was kann ich dagegen tun?

    mfg


    Immer nach ein paar Stunden?


    Sieht es am Anfang gut aus?
    Was hast du seit dem verändert?
    Irgendein Plugin Installiert?
    Welche PHPBB3 Version nutzt du?

    Und:
    Ist "register_globals" auf deiner Domain an oder aus?



    Ich habe es mit der neusten Version und (aktuell) der 3.9er versucht. Ich habe einen Style installiert und im Overall_Header ein bisschen verändert. Ich würde es darauf schieben, aber ich habe das auch schon früher gemacht. Und dann kam vor 3 Tagen der Fehler, davor hat alles funktioniert. Ich hatte letztens eine große Spammerwelle, habe aber nur den Chapta verändert, sonst nichts, daran kann es auch nicht liegen. Und was ist "register_globals"?

    mfg
  5. schinkenmedia schrieb:
    kill-a-teddy schrieb:
    schinkenmedia schrieb:
    Guten abend liebe Community,

    ich setze gerade zum 3. mal mein phpbb3-Forum auf. Aber immer nach ein paar Stunden sieht die Seite total verbuggt aus, in etwa so:

    http://schinkenmedia.de/

    Woran kann das liegen? Was kann ich dagegen tun?

    mfg


    Immer nach ein paar Stunden?


    Sieht es am Anfang gut aus?
    Was hast du seit dem verändert?
    Irgendein Plugin Installiert?
    Welche PHPBB3 Version nutzt du?

    Und:
    Ist "register_globals" auf deiner Domain an oder aus?



    Ich habe es mit der neusten Version und (aktuell) der 3.9er versucht. Ich habe einen Style installiert und im Overall_Header ein bisschen verändert. Ich würde es darauf schieben, aber ich habe das auch schon früher gemacht. Und dann kam vor 3 Tagen der Fehler, davor hat alles funktioniert. Ich hatte letztens eine große Spammerwelle, habe aber nur den Chapta verändert, sonst nichts, daran kann es auch nicht liegen. Und was ist "register_globals"?

    mfg



    In der Verwaltung unter "Domains" klick einfach deine Domain an, dort steht dann ob register_globals an oder aus ist. ;)
    Was genau hast du im Overall_Header verändert?


    Lass dir Zeit, bin ma rauchen..
  6. schinkenmedia schrieb:

    Ich habe es mit der neusten Version und (aktuell) der 3.9er versucht. Ich habe einen Style installiert und im Overall_Header ein bisschen verändert. Ich würde es darauf schieben, aber ich habe das auch schon früher gemacht. Und dann kam vor 3 Tagen der Fehler, davor hat alles funktioniert. Ich hatte letztens eine große Spammerwelle, habe aber nur den Chapta verändert, sonst nichts, daran kann es auch nicht liegen. Und was ist "register_globals"?

    mfg


    Kann durchaus an daran liegen, dass du im "Overall_Header" etwas verändert hast. Immerhin weißen die PHP-Fehlermeldungen darauf hin, dass eine Ausgabe vor dem Senden von Headerinformationen stattfindet.

    Also am besten mal alles was du verändert hast zurückbauen und überprüfen ob/wann der Fehler verschwindet...
  7. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    Ich habe den Banner vom style gelöscht und einen eigenen via <img> eingefügt...

    EDIT: Hab den alten header wieder eingefügt, aber ich kann mich nicht einloggen um den chache zu löschen, da er mich nach der anmeldungsofort wieder rauswirft.

    Beitrag zuletzt geändert: 14.2.2012 21:34:35 von schinkenmedia
  8. schinkenmedia schrieb:
    Ich habe den Banner vom style gelöscht und einen eigenen via <img> eingefügt...

    EDIT: Hab den alten header wieder eingefügt, aber ich kann mich nicht einloggen um den chache zu löschen, da er mich nach der anmeldungsofort wieder rauswirft.


    Der Fehler ist eh noch nicht weg..
    Wir machen des jetzt ganz einfach:


    Magst du die php Datei functions.php und session.php mal auf deinen Download-Server legen? Ich schau mir das an und kill die Bugs..
  9. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    kill-a-teddy schrieb:
    schinkenmedia schrieb:
    Ich habe den Banner vom style gelöscht und einen eigenen via <img> eingefügt...

    EDIT: Hab den alten header wieder eingefügt, aber ich kann mich nicht einloggen um den chache zu löschen, da er mich nach der anmeldungsofort wieder rauswirft.


    Der Fehler ist eh noch nicht weg..
    Wir machen des jetzt ganz einfach:


    Magst du die php Datei functions.php und session.php mal auf deinen Download-Server legen? Ich schau mir das an und kill die Bugs..



    Da ich scheinbar kein Downloadvolum mehr habe hier einfach zum kopieren ;)

    functions.php:

    <?php
    /**
    *
    * @package phpBB3
    * @version $Id$
    * @copyright (c) 2005 phpBB Group
    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    *
    */
    
    /**
    * @ignore
    */
    if (!defined('IN_PHPBB'))
    {
    	exit;
    }
    
    // Common global functions
    
    /**
    * set_var
    *
    * Set variable, used by {@link request_var the request_var function}
    *
    * @access private
    */
    function set_var(&$result, $var, $type, $multibyte = false)
    {
    	settype($var, $type);
    	$result = $var;
    
    	if ($type == 'string')
    	{
    		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
    
    		if (!empty($result))
    		{
    			// Make sure multibyte characters are wellformed
    			if ($multibyte)
    			{
    				if (!preg_match('/^./u', $result))
    				{
    					$result = '';
    				}
    			}
    			else
    			{
    				// no multibyte, allow only ASCII (0-127)
    				$result = preg_replace('/[\x80-\xFF]/', '?', $result);
    			}
    		}
    
    		$result = (STRIP) ? stripslashes($result) : $result;
    	}
    }
    
    /**
    * request_var
    *
    * Used to get passed variable
    */
    function request_var($var_name, $default, $multibyte = false, $cookie = false)
    {
    	if (!$cookie && isset($_COOKIE[$var_name]))
    	{
    		if (!isset($_GET[$var_name]) && !isset($_POST[$var_name]))
    		{
    			return (is_array($default)) ? array() : $default;
    		}
    		$_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name];
    	}
    
    	$super_global = ($cookie) ? '_COOKIE' : '_REQUEST';
    	if (!isset($GLOBALS[$super_global][$var_name]) || is_array($GLOBALS[$super_global][$var_name]) != is_array($default))
    	{
    		return (is_array($default)) ? array() : $default;
    	}
    
    	$var = $GLOBALS[$super_global][$var_name];
    	if (!is_array($default))
    	{
    		$type = gettype($default);
    	}
    	else
    	{
    		list($key_type, $type) = each($default);
    		$type = gettype($type);
    		$key_type = gettype($key_type);
    		if ($type == 'array')
    		{
    			reset($default);
    			$default = current($default);
    			list($sub_key_type, $sub_type) = each($default);
    			$sub_type = gettype($sub_type);
    			$sub_type = ($sub_type == 'array') ? 'NULL' : $sub_type;
    			$sub_key_type = gettype($sub_key_type);
    		}
    	}
    
    	if (is_array($var))
    	{
    		$_var = $var;
    		$var = array();
    
    		foreach ($_var as $k => $v)
    		{
    			set_var($k, $k, $key_type);
    			if ($type == 'array' && is_array($v))
    			{
    				foreach ($v as $_k => $_v)
    				{
    					if (is_array($_v))
    					{
    						$_v = null;
    					}
    					set_var($_k, $_k, $sub_key_type, $multibyte);
    					set_var($var[$k][$_k], $_v, $sub_type, $multibyte);
    				}
    			}
    			else
    			{
    				if ($type == 'array' || is_array($v))
    				{
    					$v = null;
    				}
    				set_var($var[$k], $v, $type, $multibyte);
    			}
    		}
    	}
    	else
    	{
    		set_var($var, $var, $type, $multibyte);
    	}
    
    	return $var;
    }
    
    /**
    * Set config value. Creates missing config entry.
    */
    function set_config($config_name, $config_value, $is_dynamic = false)
    {
    	global $db, $cache, $config;
    
    	$sql = 'UPDATE ' . CONFIG_TABLE . "
    		SET config_value = '" . $db->sql_escape($config_value) . "'
    		WHERE config_name = '" . $db->sql_escape($config_name) . "'";
    	$db->sql_query($sql);
    
    	if (!$db->sql_affectedrows() && !isset($config[$config_name]))
    	{
    		$sql = 'INSERT INTO ' . CONFIG_TABLE . ' ' . $db->sql_build_array('INSERT', array(
    			'config_name'	=> $config_name,
    			'config_value'	=> $config_value,
    			'is_dynamic'	=> ($is_dynamic) ? 1 : 0));
    		$db->sql_query($sql);
    	}
    
    	$config[$config_name] = $config_value;
    
    	if (!$is_dynamic)
    	{
    		$cache->destroy('config');
    	}
    }
    
    /**
    * Set dynamic config value with arithmetic operation.
    */
    function set_config_count($config_name, $increment, $is_dynamic = false)
    {
    	global $db, $cache;
    
    	switch ($db->sql_layer)
    	{
    		case 'firebird':
    			// Precision must be from 1 to 18
    			$sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
    		break;
    
    		case 'postgres':
    			// Need to cast to text first for PostgreSQL 7.x
    			$sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
    		break;
    
    		// MySQL, SQlite, mssql, mssql_odbc, oracle
    		default:
    			$sql_update = 'config_value + ' . (int) $increment;
    		break;
    	}
    
    	$db->sql_query('UPDATE ' . CONFIG_TABLE . ' SET config_value = ' . $sql_update . " WHERE config_name = '" . $db->sql_escape($config_name) . "'");
    
    	if (!$is_dynamic)
    	{
    		$cache->destroy('config');
    	}
    }
    
    /**
    * Generates an alphanumeric random string of given length
    *
    * @return string
    */
    function gen_rand_string($num_chars = 8)
    {
    	// [a, z] + [0, 9] = 36
    	return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars);
    }
    
    /**
    * Generates a user-friendly alphanumeric random string of given length
    * We remove 0 and O so users cannot confuse those in passwords etc.
    *
    * @return string
    */
    function gen_rand_string_friendly($num_chars = 8)
    {
    	$rand_str = unique_id();
    
    	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
    	// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
    	$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
    
    	return substr($rand_str, 0, $num_chars);
    }
    
    /**
    * Return unique id
    * @param string $extra additional entropy
    */
    function unique_id($extra = 'c')
    {
    	static $dss_seeded = false;
    	global $config;
    
    	$val = $config['rand_seed'] . microtime();
    	$val = md5($val);
    	$config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
    
    	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
    	{
    		set_config('rand_seed_last_update', time(), true);
    		set_config('rand_seed', $config['rand_seed'], true);
    		$dss_seeded = true;
    	}
    
    	return substr($val, 4, 16);
    }
    
    /**
    * Wrapper for mt_rand() which allows swapping $min and $max parameters.
    *
    * PHP does not allow us to swap the order of the arguments for mt_rand() anymore.
    * (since PHP 5.3.4, see http://bugs.php.net/46587)
    *
    * @param int $min		Lowest value to be returned
    * @param int $max		Highest value to be returned
    *
    * @return int			Random integer between $min and $max (or $max and $min)
    */
    function phpbb_mt_rand($min, $max)
    {
    	return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max);
    }
    
    /**
    * Return formatted string for filesizes
    *
    * @param int	$value			filesize in bytes
    * @param bool	$string_only	true if language string should be returned
    * @param array	$allowed_units	only allow these units (data array indexes)
    *
    * @return mixed					data array if $string_only is false
    * @author bantu
    */
    function get_formatted_filesize($value, $string_only = true, $allowed_units = false)
    {
    	global $user;
    
    	$available_units = array(
    		'gb' => array(
    			'min' 		=> 1073741824, // pow(2, 30)
    			'index'		=> 3,
    			'si_unit'	=> 'GB',
    			'iec_unit'	=> 'GIB',
    		),
    		'mb' => array(
    			'min'		=> 1048576, // pow(2, 20)
    			'index'		=> 2,
    			'si_unit'	=> 'MB',
    			'iec_unit'	=> 'MIB',
    		),
    		'kb' => array(
    			'min'		=> 1024, // pow(2, 10)
    			'index'		=> 1,
    			'si_unit'	=> 'KB',
    			'iec_unit'	=> 'KIB',
    		),
    		'b' => array(
    			'min'		=> 0,
    			'index'		=> 0,
    			'si_unit'	=> 'BYTES', // Language index
    			'iec_unit'	=> 'BYTES',  // Language index
    		),
    	);
    
    	foreach ($available_units as $si_identifier => $unit_info)
    	{
    		if (!empty($allowed_units) && $si_identifier != 'b' && !in_array($si_identifier, $allowed_units))
    		{
    			continue;
    		}
    
    		if ($value >= $unit_info['min'])
    		{
    			$unit_info['si_identifier'] = $si_identifier;
    
    			break;
    		}
    	}
    	unset($available_units);
    
    	for ($i = 0; $i < $unit_info['index']; $i++)
    	{
    		$value /= 1024;
    	}
    	$value = round($value, 2);
    
    	// Lookup units in language dictionary
    	$unit_info['si_unit'] = (isset($user->lang[$unit_info['si_unit']])) ? $user->lang[$unit_info['si_unit']] : $unit_info['si_unit'];
    	$unit_info['iec_unit'] = (isset($user->lang[$unit_info['iec_unit']])) ? $user->lang[$unit_info['iec_unit']] : $unit_info['iec_unit'];
    
    	// Default to IEC
    	$unit_info['unit'] = $unit_info['iec_unit'];
    
    	if (!$string_only)
    	{
    		$unit_info['value'] = $value;
    
    		return $unit_info;
    	}
    
    	return $value  . ' ' . $unit_info['unit'];
    }
    
    /**
    * Determine whether we are approaching the maximum execution time. Should be called once
    * at the beginning of the script in which it's used.
    * @return	bool	Either true if the maximum execution time is nearly reached, or false
    *					if some time is still left.
    */
    function still_on_time($extra_time = 15)
    {
    	static $max_execution_time, $start_time;
    
    	$time = explode(' ', microtime());
    	$current_time = $time[0] + $time[1];
    
    	if (empty($max_execution_time))
    	{
    		$max_execution_time = (function_exists('ini_get')) ? (int) @ini_get('max_execution_time') : (int) @get_cfg_var('max_execution_time');
    
    		// If zero, then set to something higher to not let the user catch the ten seconds barrier.
    		if ($max_execution_time === 0)
    		{
    			$max_execution_time = 50 + $extra_time;
    		}
    
    		$max_execution_time = min(max(10, ($max_execution_time - $extra_time)), 50);
    
    		// For debugging purposes
    		// $max_execution_time = 10;
    
    		global $starttime;
    		$start_time = (empty($starttime)) ? $current_time : $starttime;
    	}
    
    	return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
    }
    
    /**
    *
    * @version Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)
    *
    * Portable PHP password hashing framework.
    *
    * Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
    * the public domain.
    *
    * There's absolutely no warranty.
    *
    * The homepage URL for this framework is:
    *
    *	http://www.openwall.com/phpass/
    *
    * Please be sure to update the Version line if you edit this file in any way.
    * It is suggested that you leave the main version number intact, but indicate
    * your project name (after the slash) and add your own revision information.
    *
    * Please do not change the "private" password hashing method implemented in
    * here, thereby making your hashes incompatible.  However, if you must, please
    * change the hash type identifier (the "$P$") to something different.
    *
    * Obviously, since this code is in the public domain, the above are not
    * requirements (there can be none), but merely suggestions.
    *
    *
    * Hash the password
    */
    function phpbb_hash($password)
    {
    	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    
    	$random_state = unique_id();
    	$random = '';
    	$count = 6;
    
    	if (($fh = @fopen('/dev/urandom', 'rb')))
    	{
    		$random = fread($fh, $count);
    		fclose($fh);
    	}
    
    	if (strlen($random) < $count)
    	{
    		$random = '';
    
    		for ($i = 0; $i < $count; $i += 16)
    		{
    			$random_state = md5(unique_id() . $random_state);
    			$random .= pack('H*', md5($random_state));
    		}
    		$random = substr($random, 0, $count);
    	}
    
    	$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
    
    	if (strlen($hash) == 34)
    	{
    		return $hash;
    	}
    
    	return md5($password);
    }
    
    /**
    * Check for correct password
    *
    * @param string $password The password in plain text
    * @param string $hash The stored password hash
    *
    * @return bool Returns true if the password is correct, false if not.
    */
    function phpbb_check_hash($password, $hash)
    {
    	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    	if (strlen($hash) == 34)
    	{
    		return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
    	}
    
    	return (md5($password) === $hash) ? true : false;
    }
    
    /**
    * Generate salt for hash generation
    */
    function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
    {
    	if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
    	{
    		$iteration_count_log2 = 8;
    	}
    
    	$output = '$H$';
    	$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
    	$output .= _hash_encode64($input, 6, $itoa64);
    
    	return $output;
    }
    
    /**
    * Encode hash
    */
    function _hash_encode64($input, $count, &$itoa64)
    {
    	$output = '';
    	$i = 0;
    
    	do
    	{
    		$value = ord($input[$i++]);
    		$output .= $itoa64[$value & 0x3f];
    
    		if ($i < $count)
    		{
    			$value |= ord($input[$i]) << 8;
    		}
    
    		$output .= $itoa64[($value >> 6) & 0x3f];
    
    		if ($i++ >= $count)
    		{
    			break;
    		}
    
    		if ($i < $count)
    		{
    			$value |= ord($input[$i]) << 16;
    		}
    
    		$output .= $itoa64[($value >> 12) & 0x3f];
    
    		if ($i++ >= $count)
    		{
    			break;
    		}
    
    		$output .= $itoa64[($value >> 18) & 0x3f];
    	}
    	while ($i < $count);
    
    	return $output;
    }
    
    /**
    * The crypt function/replacement
    */
    function _hash_crypt_private($password, $setting, &$itoa64)
    {
    	$output = '*';
    
    	// Check for correct hash
    	if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')
    	{
    		return $output;
    	}
    
    	$count_log2 = strpos($itoa64, $setting[3]);
    
    	if ($count_log2 < 7 || $count_log2 > 30)
    	{
    		return $output;
    	}
    
    	$count = 1 << $count_log2;
    	$salt = substr($setting, 4, 8);
    
    	if (strlen($salt) != 8)
    	{
    		return $output;
    	}
    
    	/**
    	* We're kind of forced to use MD5 here since it's the only
    	* cryptographic primitive available in all versions of PHP
    	* currently in use.  To implement our own low-level crypto
    	* in PHP would result in much worse performance and
    	* consequently in lower iteration counts and hashes that are
    	* quicker to crack (by non-PHP code).
    	*/
    	if (PHP_VERSION >= 5)
    	{
    		$hash = md5($salt . $password, true);
    		do
    		{
    			$hash = md5($hash . $password, true);
    		}
    		while (--$count);
    	}
    	else
    	{
    		$hash = pack('H*', md5($salt . $password));
    		do
    		{
    			$hash = pack('H*', md5($hash . $password));
    		}
    		while (--$count);
    	}
    
    	$output = substr($setting, 0, 12);
    	$output .= _hash_encode64($hash, 16, $itoa64);
    
    	return $output;
    }
    
    /**
    * Hashes an email address to a big integer
    *
    * @param string $email		Email address
    *
    * @return string			Unsigned Big Integer
    */
    function phpbb_email_hash($email)
    {
    	return sprintf('%u', crc32(strtolower($email))) . strlen($email);
    }
    
    /**
    * Global function for chmodding directories and files for internal use
    *
    * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions.
    * The function determines owner and group from common.php file and sets the same to the provided file.
    * The function uses bit fields to build the permissions.
    * The function sets the appropiate execute bit on directories.
    *
    * Supported constants representing bit fields are:
    *
    * CHMOD_ALL - all permissions (7)
    * CHMOD_READ - read permission (4)
    * CHMOD_WRITE - write permission (2)
    * CHMOD_EXECUTE - execute permission (1)
    *
    * NOTE: The function uses POSIX extension and fileowner()/filegroup() functions. If any of them is disabled, this function tries to build proper permissions, by calling is_readable() and is_writable() functions.
    *
    * @param string	$filename	The file/directory to be chmodded
    * @param int	$perms		Permissions to set
    *
    * @return bool	true on success, otherwise false
    * @author faw, phpBB Group
    */
    function phpbb_chmod($filename, $perms = CHMOD_READ)
    {
    	static $_chmod_info;
    
    	// Return if the file no longer exists.
    	if (!file_exists($filename))
    	{
    		return false;
    	}
    
    	// Determine some common vars
    	if (empty($_chmod_info))
    	{
    		if (!function_exists('fileowner') || !function_exists('filegroup'))
    		{
    			// No need to further determine owner/group - it is unknown
    			$_chmod_info['process'] = false;
    		}
    		else
    		{
    			global $phpbb_root_path, $phpEx;
    
    			// Determine owner/group of common.php file and the filename we want to change here
    			$common_php_owner = @fileowner($phpbb_root_path . 'common.' . $phpEx);
    			$common_php_group = @filegroup($phpbb_root_path . 'common.' . $phpEx);
    
    			// And the owner and the groups PHP is running under.
    			$php_uid = (function_exists('posix_getuid')) ? @posix_getuid() : false;
    			$php_gids = (function_exists('posix_getgroups')) ? @posix_getgroups() : false;
    
    			// If we are unable to get owner/group, then do not try to set them by guessing
    			if (!$php_uid || empty($php_gids) || !$common_php_owner || !$common_php_group)
    			{
    				$_chmod_info['process'] = false;
    			}
    			else
    			{
    				$_chmod_info = array(
    					'process'		=> true,
    					'common_owner'	=> $common_php_owner,
    					'common_group'	=> $common_php_group,
    					'php_uid'		=> $php_uid,
    					'php_gids'		=> $php_gids,
    				);
    			}
    		}
    	}
    
    	if ($_chmod_info['process'])
    	{
    		$file_uid = @fileowner($filename);
    		$file_gid = @filegroup($filename);
    
    		// Change owner
    		if (@chown($filename, $_chmod_info['common_owner']))
    		{
    			clearstatcache();
    			$file_uid = @fileowner($filename);
    		}
    
    		// Change group
    		if (@chgrp($filename, $_chmod_info['common_group']))
    		{
    			clearstatcache();
    			$file_gid = @filegroup($filename);
    		}
    
    		// If the file_uid/gid now match the one from common.php we can process further, else we are not able to change something
    		if ($file_uid != $_chmod_info['common_owner'] || $file_gid != $_chmod_info['common_group'])
    		{
    			$_chmod_info['process'] = false;
    		}
    	}
    
    	// Still able to process?
    	if ($_chmod_info['process'])
    	{
    		if ($file_uid == $_chmod_info['php_uid'])
    		{
    			$php = 'owner';
    		}
    		else if (in_array($file_gid, $_chmod_info['php_gids']))
    		{
    			$php = 'group';
    		}
    		else
    		{
    			// Since we are setting the everyone bit anyway, no need to do expensive operations
    			$_chmod_info['process'] = false;
    		}
    	}
    
    	// We are not able to determine or change something
    	if (!$_chmod_info['process'])
    	{
    		$php = 'other';
    	}
    
    	// Owner always has read/write permission
    	$owner = CHMOD_READ | CHMOD_WRITE;
    	if (is_dir($filename))
    	{
    		$owner |= CHMOD_EXECUTE;
    
    		// Only add execute bit to the permission if the dir needs to be readable
    		if ($perms & CHMOD_READ)
    		{
    			$perms |= CHMOD_EXECUTE;
    		}
    	}
    
    	switch ($php)
    	{
    		case 'owner':
    			$result = @chmod($filename, ($owner << 6) + (0 << 3) + (0 << 0));
    
    			clearstatcache();
    
    			if (is_readable($filename) && phpbb_is_writable($filename))
    			{
    				break;
    			}
    
    		case 'group':
    			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + (0 << 0));
    
    			clearstatcache();
    
    			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename)))
    			{
    				break;
    			}
    
    		case 'other':
    			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + ($perms << 0));
    
    			clearstatcache();
    
    			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename)))
    			{
    				break;
    			}
    
    		default:
    			return false;
    		break;
    	}
    
    	return $result;
    }
    
    /**
    * Test if a file/directory is writable
    *
    * This function calls the native is_writable() when not running under
    * Windows and it is not disabled.
    *
    * @param string $file Path to perform write test on
    * @return bool True when the path is writable, otherwise false.
    */
    function phpbb_is_writable($file)
    {
    	if (strtolower(substr(PHP_OS, 0, 3)) === 'win' || !function_exists('is_writable'))
    	{
    		if (file_exists($file))
    		{
    			// Canonicalise path to absolute path
    			$file = phpbb_realpath($file);
    
    			if (is_dir($file))
    			{
    				// Test directory by creating a file inside the directory
    				$result = @tempnam($file, 'i_w');
    
    				if (is_string($result) && file_exists($result))
    				{
    					unlink($result);
    
    					// Ensure the file is actually in the directory (returned realpathed)
    					return (strpos($result, $file) === 0) ? true : false;
    				}
    			}
    			else
    			{
    				$handle = @fopen($file, 'r+');
    
    				if (is_resource($handle))
    				{
    					fclose($handle);
    					return true;
    				}
    			}
    		}
    		else
    		{
    			// file does not exist test if we can write to the directory
    			$dir = dirname($file);
    
    			if (file_exists($dir) && is_dir($dir) && phpbb_is_writable($dir))
    			{
    				return true;
    			}
    		}
    
    		return false;
    	}
    	else
    	{
    		return is_writable($file);
    	}
    }
    
    // Compatibility functions
    
    if (!function_exists('array_combine'))
    {
    	/**
    	* A wrapper for the PHP5 function array_combine()
    	* @param array $keys contains keys for the resulting array
    	* @param array $values contains values for the resulting array
    	*
    	* @return Returns an array by using the values from the keys array as keys and the
    	* 	values from the values array as the corresponding values. Returns false if the
    	* 	number of elements for each array isn't equal or if the arrays are empty.
    	*/
    	function array_combine($keys, $values)
    	{
    		$keys = array_values($keys);
    		$values = array_values($values);
    
    		$n = sizeof($keys);
    		$m = sizeof($values);
    		if (!$n || !$m || ($n != $m))
    		{
    			return false;
    		}
    
    		$combined = array();
    		for ($i = 0; $i < $n; $i++)
    		{
    			$combined[$keys[$i]] = $values[$i];
    		}
    		return $combined;
    	}
    }
    
    if (!function_exists('str_split'))
    {
    	/**
    	* A wrapper for the PHP5 function str_split()
    	* @param array $string contains the string to be converted
    	* @param array $split_length contains the length of each chunk
    	*
    	* @return  Converts a string to an array. If the optional split_length parameter is specified,
    	*  	the returned array will be broken down into chunks with each being split_length in length,
    	*  	otherwise each chunk will be one character in length. FALSE is returned if split_length is
    	*  	less than 1. If the split_length length exceeds the length of string, the entire string is
    	*  	returned as the first (and only) array element.
    	*/
    	function str_split($string, $split_length = 1)
    	{
    		if ($split_length < 1)
    		{
    			return false;
    		}
    		else if ($split_length >= strlen($string))
    		{
    			return array($string);
    		}
    		else
    		{
    			preg_match_all('#.{1,' . $split_length . '}#s', $string, $matches);
    			return $matches[0];
    		}
    	}
    }
    
    if (!function_exists('stripos'))
    {
    	/**
    	* A wrapper for the PHP5 function stripos
    	* Find position of first occurrence of a case-insensitive string
    	*
    	* @param string $haystack is the string to search in
    	* @param string $needle is the string to search for
    	*
    	* @return mixed Returns the numeric position of the first occurrence of needle in the haystack string. Unlike strpos(), stripos() is case-insensitive.
    	* Note that the needle may be a string of one or more characters.
    	* If needle is not found, stripos() will return boolean FALSE.
    	*/
    	function stripos($haystack, $needle)
    	{
    		if (preg_match('#' . preg_quote($needle, '#') . '#i', $haystack, $m))
    		{
    			return strpos($haystack, $m[0]);
    		}
    
    		return false;
    	}
    }
    
    /**
    * Checks if a path ($path) is absolute or relative
    *
    * @param string $path Path to check absoluteness of
    * @return boolean
    */
    function is_absolute($path)
    {
    	return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:[/\\\]#i', $path))) ? true : false;
    }
    
    /**
    * @author Chris Smith <chris@project-minerva.org>
    * @copyright 2006 Project Minerva Team
    * @param string $path The path which we should attempt to resolve.
    * @return mixed
    */
    function phpbb_own_realpath($path)
    {
    	// Now to perform funky shizzle
    
    	// Switch to use UNIX slashes
    	$path = str_replace(DIRECTORY_SEPARATOR, '/', $path);
    	$path_prefix = '';
    
    	// Determine what sort of path we have
    	if (is_absolute($path))
    	{
    		$absolute = true;
    
    		if ($path[0] == '/')
    		{
    			// Absolute path, *NIX style
    			$path_prefix = '';
    		}
    		else
    		{
    			// Absolute path, Windows style
    			// Remove the drive letter and colon
    			$path_prefix = $path[0] . ':';
    			$path = substr($path, 2);
    		}
    	}
    	else
    	{
    		// Relative Path
    		// Prepend the current working directory
    		if (function_exists('getcwd'))
    		{
    			// This is the best method, hopefully it is enabled!
    			$path = str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . '/' . $path;
    			$absolute = true;
    			if (preg_match('#^[a-z]:#i', $path))
    			{
    				$path_prefix = $path[0] . ':';
    				$path = substr($path, 2);
    			}
    			else
    			{
    				$path_prefix = '';
    			}
    		}
    		else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME']))
    		{
    			// Warning: If chdir() has been used this will lie!
    			// Warning: This has some problems sometime (CLI can create them easily)
    			$path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path;
    			$absolute = true;
    			$path_prefix = '';
    		}
    		else
    		{
    			// We have no way of getting the absolute path, just run on using relative ones.
    			$absolute = false;
    			$path_prefix = '.';
    		}
    	}
    
    	// Remove any repeated slashes
    	$path = preg_replace('#/{2,}#', '/', $path);
    
    	// Remove the slashes from the start and end of the path
    	$path = trim($path, '/');
    
    	// Break the string into little bits for us to nibble on
    	$bits = explode('/', $path);
    
    	// Remove any . in the path, renumber array for the loop below
    	$bits = array_values(array_diff($bits, array('.')));
    
    	// Lets get looping, run over and resolve any .. (up directory)
    	for ($i = 0, $max = sizeof($bits); $i < $max; $i++)
    	{
    		// @todo Optimise
    		if ($bits[$i] == '..' )
    		{
    			if (isset($bits[$i - 1]))
    			{
    				if ($bits[$i - 1] != '..')
    				{
    					// We found a .. and we are able to traverse upwards, lets do it!
    					unset($bits[$i]);
    					unset($bits[$i - 1]);
    					$i -= 2;
    					$max -= 2;
    					$bits = array_values($bits);
    				}
    			}
    			else if ($absolute) // ie. !isset($bits[$i - 1]) && $absolute
    			{
    				// We have an absolute path trying to descend above the root of the filesystem
    				// ... Error!
    				return false;
    			}
    		}
    	}
    
    	// Prepend the path prefix
    	array_unshift($bits, $path_prefix);
    
    	$resolved = '';
    
    	$max = sizeof($bits) - 1;
    
    	// Check if we are able to resolve symlinks, Windows cannot.
    	$symlink_resolve = (function_exists('readlink')) ? true : false;
    
    	foreach ($bits as $i => $bit)
    	{
    		if (@is_dir("$resolved/$bit") || ($i == $max && @is_file("$resolved/$bit")))
    		{
    			// Path Exists
    			if ($symlink_resolve && is_link("$resolved/$bit") && ($link = readlink("$resolved/$bit")))
    			{
    				// Resolved a symlink.
    				$resolved = $link . (($i == $max) ? '' : '/');
    				continue;
    			}
    		}
    		else
    		{
    			// Something doesn't exist here!
    			// This is correct realpath() behaviour but sadly open_basedir and safe_mode make this problematic
    			// return false;
    		}
    		$resolved .= $bit . (($i == $max) ? '' : '/');
    	}
    
    	// @todo If the file exists fine and open_basedir only has one path we should be able to prepend it
    	// because we must be inside that basedir, the question is where...
    	// @internal The slash in is_dir() gets around an open_basedir restriction
    	if (!@file_exists($resolved) || (!@is_dir($resolved . '/') && !is_file($resolved)))
    	{
    		return false;
    	}
    
    	// Put the slashes back to the native operating systems slashes
    	$resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved);
    
    	// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
    	if (substr($resolved, -1) == DIRECTORY_SEPARATOR)
    	{
    		return substr($resolved, 0, -1);
    	}
    
    	return $resolved; // We got here, in the end!
    }
    
    if (!function_exists('realpath'))
    {
    	/**
    	* A wrapper for realpath
    	* @ignore
    	*/
    	function phpbb_realpath($path)
    	{
    		return phpbb_own_realpath($path);
    	}
    }
    else
    {
    	/**
    	* A wrapper for realpath
    	*/
    	function phpbb_realpath($path)
    	{
    		$realpath = realpath($path);
    
    		// Strangely there are provider not disabling realpath but returning strange values. :o
    		// We at least try to cope with them.
    		if ($realpath === $path || $realpath === false)
    		{
    			return phpbb_own_realpath($path);
    		}
    
    		// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
    		if (substr($realpath, -1) == DIRECTORY_SEPARATOR)
    		{
    			$realpath = substr($realpath, 0, -1);
    		}
    
    		return $realpath;
    	}
    }
    
    if (!function_exists('htmlspecialchars_decode'))
    {
    	/**
    	* A wrapper for htmlspecialchars_decode
    	* @ignore
    	*/
    	function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT)
    	{
    		return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
    	}
    }
    
    // functions used for building option fields
    
    /**
    * Pick a language, any language ...
    */
    function language_select($default = '')
    {
    	global $db;
    
    	$sql = 'SELECT lang_iso, lang_local_name
    		FROM ' . LANG_TABLE . '
    		ORDER BY lang_english_name';
    	$result = $db->sql_query($sql);
    
    	$lang_options = '';
    	while ($row = $db->sql_fetchrow($result))
    	{
    		$selected = ($row['lang_iso'] == $default) ? ' selected="selected"' : '';
    		$lang_options .= '<option value="' . $row['lang_iso'] . '"' . $selected . '>' . $row['lang_local_name'] . '</option>';
    	}
    	$db->sql_freeresult($result);
    
    	return $lang_options;
    }
    
    /**
    * Pick a template/theme combo,
    */
    function style_select($default = '', $all = false)
    {
    	global $db;
    
    	$sql_where = (!$all) ? 'WHERE style_active = 1 ' : '';
    	$sql = 'SELECT style_id, style_name
    		FROM ' . STYLES_TABLE . "
    		$sql_where
    		ORDER BY style_name";
    	$result = $db->sql_query($sql);
    
    	$style_options = '';
    	while ($row = $db->sql_fetchrow($result))
    	{
    		$selected = ($row['style_id'] == $default) ? ' selected="selected"' : '';
    		$style_options .= '<option value="' . $row['style_id'] . '"' . $selected . '>' . $row['style_name'] . '</option>';
    	}
    	$db->sql_freeresult($result);
    
    	return $style_options;
    }
    
    /**
    * Pick a timezone
    */
    function tz_select($default = '', $truncate = false)
    {
    	global $user;
    
    	$tz_select = '';
    	foreach ($user->lang['tz_zones'] as $offset => $zone)
    	{
    		if ($truncate)
    		{
    			$zone_trunc = truncate_string($zone, 50, 255, false, '...');
    		}
    		else
    		{
    			$zone_trunc = $zone;
    		}
    
    		if (is_numeric($offset))
    		{
    			$selected = ($offset == $default) ? ' selected="selected"' : '';
    			$tz_select .= '<option title="' . $zone . '" value="' . $offset . '"' . $selected . '>' . $zone_trunc . '</option>';
    		}
    	}
    
    	return $tz_select;
    }
    
    // Functions handling topic/post tracking/marking
    
    /**
    * Marks a topic/forum as read
    * Marks a topic as posted to
    *
    * @param int $user_id can only be used with $mode == 'post'
    */
    function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0)
    {
    	global $db, $user, $config;
    
    	if ($mode == 'all')
    	{
    		if ($forum_id === false || !sizeof($forum_id))
    		{
    			if ($config['load_db_lastread'] && $user->data['is_registered'])
    			{
    				// Mark all forums read (index page)
    				$db->sql_query('DELETE FROM ' . TOPICS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
    				$db->sql_query('DELETE FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
    				$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
    			}
    			else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    			{
    				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    				$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    
    				unset($tracking_topics['tf']);
    				unset($tracking_topics['t']);
    				unset($tracking_topics['f']);
    				$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
    
    				$user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);
    				$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics);
    
    				unset($tracking_topics);
    
    				if ($user->data['is_registered'])
    				{
    					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
    				}
    			}
    		}
    
    		return;
    	}
    	else if ($mode == 'topics')
    	{
    		// Mark all topics in forums read
    		if (!is_array($forum_id))
    		{
    			$forum_id = array($forum_id);
    		}
    
    		// Add 0 to forums array to mark global announcements correctly
    		// $forum_id[] = 0;
    
    		if ($config['load_db_lastread'] && $user->data['is_registered'])
    		{
    			$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . "
    				WHERE user_id = {$user->data['user_id']}
    					AND " . $db->sql_in_set('forum_id', $forum_id);
    			$db->sql_query($sql);
    
    			$sql = 'SELECT forum_id
    				FROM ' . FORUMS_TRACK_TABLE . "
    				WHERE user_id = {$user->data['user_id']}
    					AND " . $db->sql_in_set('forum_id', $forum_id);
    			$result = $db->sql_query($sql);
    
    			$sql_update = array();
    			while ($row = $db->sql_fetchrow($result))
    			{
    				$sql_update[] = (int) $row['forum_id'];
    			}
    			$db->sql_freeresult($result);
    
    			if (sizeof($sql_update))
    			{
    				$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
    					SET mark_time = ' . time() . "
    					WHERE user_id = {$user->data['user_id']}
    						AND " . $db->sql_in_set('forum_id', $sql_update);
    				$db->sql_query($sql);
    			}
    
    			if ($sql_insert = array_diff($forum_id, $sql_update))
    			{
    				$sql_ary = array();
    				foreach ($sql_insert as $f_id)
    				{
    					$sql_ary[] = array(
    						'user_id'	=> (int) $user->data['user_id'],
    						'forum_id'	=> (int) $f_id,
    						'mark_time'	=> time()
    					);
    				}
    
    				$db->sql_multi_insert(FORUMS_TRACK_TABLE, $sql_ary);
    			}
    		}
    		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    		{
    			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
    
    			foreach ($forum_id as $f_id)
    			{
    				$topic_ids36 = (isset($tracking['tf'][$f_id])) ? $tracking['tf'][$f_id] : array();
    
    				if (isset($tracking['tf'][$f_id]))
    				{
    					unset($tracking['tf'][$f_id]);
    				}
    
    				foreach ($topic_ids36 as $topic_id36)
    				{
    					unset($tracking['t'][$topic_id36]);
    				}
    
    				if (isset($tracking['f'][$f_id]))
    				{
    					unset($tracking['f'][$f_id]);
    				}
    
    				$tracking['f'][$f_id] = base_convert(time() - $config['board_startdate'], 10, 36);
    			}
    
    			if (isset($tracking['tf']) && empty($tracking['tf']))
    			{
    				unset($tracking['tf']);
    			}
    
    			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
    			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
    
    			unset($tracking);
    		}
    
    		return;
    	}
    	else if ($mode == 'topic')
    	{
    		if ($topic_id === false || $forum_id === false)
    		{
    			return;
    		}
    
    		if ($config['load_db_lastread'] && $user->data['is_registered'])
    		{
    			$sql = 'UPDATE ' . TOPICS_TRACK_TABLE . '
    				SET mark_time = ' . (($post_time) ? $post_time : time()) . "
    				WHERE user_id = {$user->data['user_id']}
    					AND topic_id = $topic_id";
    			$db->sql_query($sql);
    
    			// insert row
    			if (!$db->sql_affectedrows())
    			{
    				$db->sql_return_on_error(true);
    
    				$sql_ary = array(
    					'user_id'		=> (int) $user->data['user_id'],
    					'topic_id'		=> (int) $topic_id,
    					'forum_id'		=> (int) $forum_id,
    					'mark_time'		=> ($post_time) ? (int) $post_time : time(),
    				);
    
    				$db->sql_query('INSERT INTO ' . TOPICS_TRACK_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    				$db->sql_return_on_error(false);
    			}
    		}
    		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    		{
    			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
    
    			$topic_id36 = base_convert($topic_id, 10, 36);
    
    			if (!isset($tracking['t'][$topic_id36]))
    			{
    				$tracking['tf'][$forum_id][$topic_id36] = true;
    			}
    
    			$post_time = ($post_time) ? $post_time : time();
    			$tracking['t'][$topic_id36] = base_convert($post_time - $config['board_startdate'], 10, 36);
    
    			// If the cookie grows larger than 10000 characters we will remove the smallest value
    			// This can result in old topics being unread - but most of the time it should be accurate...
    			if (isset($_COOKIE[$config['cookie_name'] . '_track']) && strlen($_COOKIE[$config['cookie_name'] . '_track']) > 10000)
    			{
    				//echo 'Cookie grown too large' . print_r($tracking, true);
    
    				// We get the ten most minimum stored time offsets and its associated topic ids
    				$time_keys = array();
    				for ($i = 0; $i < 10 && sizeof($tracking['t']); $i++)
    				{
    					$min_value = min($tracking['t']);
    					$m_tkey = array_search($min_value, $tracking['t']);
    					unset($tracking['t'][$m_tkey]);
    
    					$time_keys[$m_tkey] = $min_value;
    				}
    
    				// Now remove the topic ids from the array...
    				foreach ($tracking['tf'] as $f_id => $topic_id_ary)
    				{
    					foreach ($time_keys as $m_tkey => $min_value)
    					{
    						if (isset($topic_id_ary[$m_tkey]))
    						{
    							$tracking['f'][$f_id] = $min_value;
    							unset($tracking['tf'][$f_id][$m_tkey]);
    						}
    					}
    				}
    
    				if ($user->data['is_registered'])
    				{
    					$user->data['user_lastmark'] = intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10));
    					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . $user->data['user_lastmark'] . " WHERE user_id = {$user->data['user_id']}");
    				}
    				else
    				{
    					$tracking['l'] = max($time_keys);
    				}
    			}
    
    			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
    			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
    		}
    
    		return;
    	}
    	else if ($mode == 'post')
    	{
    		if ($topic_id === false)
    		{
    			return;
    		}
    
    		$use_user_id = (!$user_id) ? $user->data['user_id'] : $user_id;
    
    		if ($config['load_db_track'] && $use_user_id != ANONYMOUS)
    		{
    			$db->sql_return_on_error(true);
    
    			$sql_ary = array(
    				'user_id'		=> (int) $use_user_id,
    				'topic_id'		=> (int) $topic_id,
    				'topic_posted'	=> 1
    			);
    
    			$db->sql_query('INSERT INTO ' . TOPICS_POSTED_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    			$db->sql_return_on_error(false);
    		}
    
    		return;
    	}
    }
    
    /**
    * Get topic tracking info by using already fetched info
    */
    function get_topic_tracking($forum_id, $topic_ids, &$rowset, $forum_mark_time, $global_announce_list = false)
    {
    	global $config, $user;
    
    	$last_read = array();
    
    	if (!is_array($topic_ids))
    	{
    		$topic_ids = array($topic_ids);
    	}
    
    	foreach ($topic_ids as $topic_id)
    	{
    		if (!empty($rowset[$topic_id]['mark_time']))
    		{
    			$last_read[$topic_id] = $rowset[$topic_id]['mark_time'];
    		}
    	}
    
    	$topic_ids = array_diff($topic_ids, array_keys($last_read));
    
    	if (sizeof($topic_ids))
    	{
    		$mark_time = array();
    
    		// Get global announcement info
    		if ($global_announce_list && sizeof($global_announce_list))
    		{
    			if (!isset($forum_mark_time[0]))
    			{
    				global $db;
    
    				$sql = 'SELECT mark_time
    					FROM ' . FORUMS_TRACK_TABLE . "
    					WHERE user_id = {$user->data['user_id']}
    						AND forum_id = 0";
    				$result = $db->sql_query($sql);
    				$row = $db->sql_fetchrow($result);
    				$db->sql_freeresult($result);
    
    				if ($row)
    				{
    					$mark_time[0] = $row['mark_time'];
    				}
    			}
    			else
    			{
    				if ($forum_mark_time[0] !== false)
    				{
    					$mark_time[0] = $forum_mark_time[0];
    				}
    			}
    		}
    
    		if (!empty($forum_mark_time[$forum_id]) && $forum_mark_time[$forum_id] !== false)
    		{
    			$mark_time[$forum_id] = $forum_mark_time[$forum_id];
    		}
    
    		$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user->data['user_lastmark'];
    
    		foreach ($topic_ids as $topic_id)
    		{
    			if ($global_announce_list && isset($global_announce_list[$topic_id]))
    			{
    				$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    			}
    			else
    			{
    				$last_read[$topic_id] = $user_lastmark;
    			}
    		}
    	}
    
    	return $last_read;
    }
    
    /**
    * Get topic tracking info from db (for cookie based tracking only this function is used)
    */
    function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_list = false)
    {
    	global $config, $user;
    
    	$last_read = array();
    
    	if (!is_array($topic_ids))
    	{
    		$topic_ids = array($topic_ids);
    	}
    
    	if ($config['load_db_lastread'] && $user->data['is_registered'])
    	{
    		global $db;
    
    		$sql = 'SELECT topic_id, mark_time
    			FROM ' . TOPICS_TRACK_TABLE . "
    			WHERE user_id = {$user->data['user_id']}
    				AND " . $db->sql_in_set('topic_id', $topic_ids);
    		$result = $db->sql_query($sql);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$last_read[$row['topic_id']] = $row['mark_time'];
    		}
    		$db->sql_freeresult($result);
    
    		$topic_ids = array_diff($topic_ids, array_keys($last_read));
    
    		if (sizeof($topic_ids))
    		{
    			$sql = 'SELECT forum_id, mark_time
    				FROM ' . FORUMS_TRACK_TABLE . "
    				WHERE user_id = {$user->data['user_id']}
    					AND forum_id " .
    					(($global_announce_list && sizeof($global_announce_list)) ? "IN (0, $forum_id)" : "= $forum_id");
    			$result = $db->sql_query($sql);
    
    			$mark_time = array();
    			while ($row = $db->sql_fetchrow($result))
    			{
    				$mark_time[$row['forum_id']] = $row['mark_time'];
    			}
    			$db->sql_freeresult($result);
    
    			$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user->data['user_lastmark'];
    
    			foreach ($topic_ids as $topic_id)
    			{
    				if ($global_announce_list && isset($global_announce_list[$topic_id]))
    				{
    					$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    				}
    				else
    				{
    					$last_read[$topic_id] = $user_lastmark;
    				}
    			}
    		}
    	}
    	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    	{
    		global $tracking_topics;
    
    		if (!isset($tracking_topics) || !sizeof($tracking_topics))
    		{
    			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    		}
    
    		if (!$user->data['is_registered'])
    		{
    			$user_lastmark = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0;
    		}
    		else
    		{
    			$user_lastmark = $user->data['user_lastmark'];
    		}
    
    		foreach ($topic_ids as $topic_id)
    		{
    			$topic_id36 = base_convert($topic_id, 10, 36);
    
    			if (isset($tracking_topics['t'][$topic_id36]))
    			{
    				$last_read[$topic_id] = base_convert($tracking_topics['t'][$topic_id36], 36, 10) + $config['board_startdate'];
    			}
    		}
    
    		$topic_ids = array_diff($topic_ids, array_keys($last_read));
    
    		if (sizeof($topic_ids))
    		{
    			$mark_time = array();
    			if ($global_announce_list && sizeof($global_announce_list))
    			{
    				if (isset($tracking_topics['f'][0]))
    				{
    					$mark_time[0] = base_convert($tracking_topics['f'][0], 36, 10) + $config['board_startdate'];
    				}
    			}
    
    			if (isset($tracking_topics['f'][$forum_id]))
    			{
    				$mark_time[$forum_id] = base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'];
    			}
    
    			$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user_lastmark;
    
    			foreach ($topic_ids as $topic_id)
    			{
    				if ($global_announce_list && isset($global_announce_list[$topic_id]))
    				{
    					$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    				}
    				else
    				{
    					$last_read[$topic_id] = $user_lastmark;
    				}
    			}
    		}
    	}
    
    	return $last_read;
    }
    
    /**
    * Get list of unread topics
    *
    * @param int $user_id			User ID (or false for current user)
    * @param string $sql_extra		Extra WHERE SQL statement
    * @param string $sql_sort		ORDER BY SQL sorting statement
    * @param string $sql_limit		Limits the size of unread topics list, 0 for unlimited query
    * @param string $sql_limit_offset  Sets the offset of the first row to search, 0 to search from the start
    *
    * @return array[int][int]		Topic ids as keys, mark_time of topic as value
    */
    function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001, $sql_limit_offset = 0)
    {
    	global $config, $db, $user;
    
    	$user_id = ($user_id === false) ? (int) $user->data['user_id'] : (int) $user_id;
    
    	// Data array we're going to return
    	$unread_topics = array();
    
    	if (empty($sql_sort))
    	{
    		$sql_sort = 'ORDER BY t.topic_last_post_time DESC';
    	}
    
    	if ($config['load_db_lastread'] && $user->data['is_registered'])
    	{
    		// Get list of the unread topics
    		$last_mark = (int) $user->data['user_lastmark'];
    
    		$sql_array = array(
    			'SELECT'		=> 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time',
    
    			'FROM'			=> array(TOPICS_TABLE => 't'),
    
    			'LEFT_JOIN'		=> array(
    				array(
    					'FROM'	=> array(TOPICS_TRACK_TABLE => 'tt'),
    					'ON'	=> "tt.user_id = $user_id AND t.topic_id = tt.topic_id",
    				),
    				array(
    					'FROM'	=> array(FORUMS_TRACK_TABLE => 'ft'),
    					'ON'	=> "ft.user_id = $user_id AND t.forum_id = ft.forum_id",
    				),
    			),
    
    			'WHERE'			=> "
    				 t.topic_last_post_time > $last_mark AND
    				(
    				(tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR
    				(tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR
    				(tt.mark_time IS NULL AND ft.mark_time IS NULL)
    				)
    				$sql_extra
    				$sql_sort",
    		);
    
    		$sql = $db->sql_build_query('SELECT', $sql_array);
    		$result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$topic_id = (int) $row['topic_id'];
    			$unread_topics[$topic_id] = ($row['topic_mark_time']) ? (int) $row['topic_mark_time'] : (($row['forum_mark_time']) ? (int) $row['forum_mark_time'] : $last_mark);
    		}
    		$db->sql_freeresult($result);
    	}
    	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    	{
    		global $tracking_topics;
    
    		if (empty($tracking_topics))
    		{
    			$tracking_topics = request_var($config['cookie_name'] . '_track', '', false, true);
    			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    		}
    
    		if (!$user->data['is_registered'])
    		{
    			$user_lastmark = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0;
    		}
    		else
    		{
    			$user_lastmark = (int) $user->data['user_lastmark'];
    		}
    
    		$sql = 'SELECT t.topic_id, t.forum_id, t.topic_last_post_time
    			FROM ' . TOPICS_TABLE . ' t
    			WHERE t.topic_last_post_time > ' . $user_lastmark . "
    			$sql_extra
    			$sql_sort";
    		$result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$forum_id = (int) $row['forum_id'];
    			$topic_id = (int) $row['topic_id'];
    			$topic_id36 = base_convert($topic_id, 10, 36);
    
    			if (isset($tracking_topics['t'][$topic_id36]))
    			{
    				$last_read = base_convert($tracking_topics['t'][$topic_id36], 36, 10) + $config['board_startdate'];
    
    				if ($row['topic_last_post_time'] > $last_read)
    				{
    					$unread_topics[$topic_id] = $last_read;
    				}
    			}
    			else if (isset($tracking_topics['f'][$forum_id]))
    			{
    				$mark_time = base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'];
    
    				if ($row['topic_last_post_time'] > $mark_time)
    				{
    					$unread_topics[$topic_id] = $mark_time;
    				}
    			}
    			else
    			{
    				$unread_topics[$topic_id] = $user_lastmark;
    			}
    		}
    		$db->sql_freeresult($result);
    	}
    
    	return $unread_topics;
    }
    
    /**
    * Check for read forums and update topic tracking info accordingly
    *
    * @param int $forum_id the forum id to check
    * @param int $forum_last_post_time the forums last post time
    * @param int $f_mark_time the forums last mark time if user is registered and load_db_lastread enabled
    * @param int $mark_time_forum false if the mark time needs to be obtained, else the last users forum mark time
    *
    * @return true if complete forum got marked read, else false.
    */
    function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)
    {
    	global $db, $tracking_topics, $user, $config;
    
    	// Determine the users last forum mark time if not given.
    	if ($mark_time_forum === false)
    	{
    		if ($config['load_db_lastread'] && $user->data['is_registered'])
    		{
    			$mark_time_forum = (!empty($f_mark_time)) ? $f_mark_time : $user->data['user_lastmark'];
    		}
    		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    		{
    			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    
    			if (!$user->data['is_registered'])
    			{
    				$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
    			}
    
    			$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark'];
    		}
    	}
    
    	// Check the forum for any left unread topics.
    	// If there are none, we mark the forum as read.
    	if ($config['load_db_lastread'] && $user->data['is_registered'])
    	{
    		if ($mark_time_forum >= $forum_last_post_time)
    		{
    			// We do not need to mark read, this happened before. Therefore setting this to true
    			$row = true;
    		}
    		else
    		{
    			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
    				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
    				WHERE t.forum_id = ' . $forum_id . '
    					AND t.topic_last_post_time > ' . $mark_time_forum . '
    					AND t.topic_moved_id = 0
    					AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)
    				GROUP BY t.forum_id';
    			$result = $db->sql_query_limit($sql, 1);
    			$row = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    	}
    	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    	{
    		// Get information from cookie
    		$row = false;
    
    		if (!isset($tracking_topics['tf'][$forum_id]))
    		{
    			// We do not need to mark read, this happened before. Therefore setting this to true
    			$row = true;
    		}
    		else
    		{
    			$sql = 'SELECT topic_id
    				FROM ' . TOPICS_TABLE . '
    				WHERE forum_id = ' . $forum_id . '
    					AND topic_last_post_time > ' . $mark_time_forum . '
    					AND topic_moved_id = 0';
    			$result = $db->sql_query($sql);
    
    			$check_forum = $tracking_topics['tf'][$forum_id];
    			$unread = false;
    
    			while ($row = $db->sql_fetchrow($result))
    			{
    				if (!isset($check_forum[base_convert($row['topic_id'], 10, 36)]))
    				{
    					$unread = true;
    					break;
    				}
    			}
    			$db->sql_freeresult($result);
    
    			$row = $unread;
    		}
    	}
    	else
    	{
    		$row = true;
    	}
    
    	if (!$row)
    	{
    		markread('topics', $forum_id);
    		return true;
    	}
    
    	return false;
    }
    
    /**
    * Transform an array into a serialized format
    */
    function tracking_serialize($input)
    {
    	$out = '';
    	foreach ($input as $key => $value)
    	{
    		if (is_array($value))
    		{
    			$out .= $key . ':(' . tracking_serialize($value) . ');';
    		}
    		else
    		{
    			$out .= $key . ':' . $value . ';';
    		}
    	}
    	return $out;
    }
    
    /**
    * Transform a serialized array into an actual array
    */
    function tracking_unserialize($string, $max_depth = 3)
    {
    	$n = strlen($string);
    	if ($n > 10010)
    	{
    		die('Invalid data supplied');
    	}
    	$data = $stack = array();
    	$key = '';
    	$mode = 0;
    	$level = &$data;
    	for ($i = 0; $i < $n; ++$i)
    	{
    		switch ($mode)
    		{
    			case 0:
    				switch ($string[$i])
    				{
    					case ':':
    						$level[$key] = 0;
    						$mode = 1;
    					break;
    					case ')':
    						unset($level);
    						$level = array_pop($stack);
    						$mode = 3;
    					break;
    					default:
    						$key .= $string[$i];
    				}
    			break;
    
    			case 1:
    				switch ($string[$i])
    				{
    					case '(':
    						if (sizeof($stack) >= $max_depth)
    						{
    							die('Invalid data supplied');
    						}
    						$stack[] = &$level;
    						$level[$key] = array();
    						$level = &$level[$key];
    						$key = '';
    						$mode = 0;
    					break;
    					default:
    						$level[$key] = $string[$i];
    						$mode = 2;
    					break;
    				}
    			break;
    
    			case 2:
    				switch ($string[$i])
    				{
    					case ')':
    						unset($level);
    						$level = array_pop($stack);
    						$mode = 3;
    					break;
    					case ';':
    						$key = '';
    						$mode = 0;
    					break;
    					default:
    						$level[$key] .= $string[$i];
    					break;
    				}
    			break;
    
    			case 3:
    				switch ($string[$i])
    				{
    					case ')':
    						unset($level);
    						$level = array_pop($stack);
    					break;
    					case ';':
    						$key = '';
    						$mode = 0;
    					break;
    					default:
    						die('Invalid data supplied');
    					break;
    				}
    			break;
    		}
    	}
    
    	if (sizeof($stack) != 0 || ($mode != 0 && $mode != 3))
    	{
    		die('Invalid data supplied');
    	}
    
    	return $level;
    }
    
    // Pagination functions
    
    /**
    * Pagination routine, generates page number sequence
    * tpl_prefix is for using different pagination blocks at one page
    */
    function generate_pagination($base_url, $num_items, $per_page, $start_item, $add_prevnext_text = false, $tpl_prefix = '')
    {
    	global $template, $user;
    
    	// Make sure $per_page is a valid value
    	$per_page = ($per_page <= 0) ? 1 : $per_page;
    
    	$seperator = '<span class="page-sep">' . $user->lang['COMMA_SEPARATOR'] . '</span>';
    	$total_pages = ceil($num_items / $per_page);
    
    	if ($total_pages == 1 || !$num_items)
    	{
    		return false;
    	}
    
    	$on_page = floor($start_item / $per_page) + 1;
    	$url_delim = (strpos($base_url, '?') === false) ? '?' : ((strpos($base_url, '?') === strlen($base_url) - 1) ? '' : '&amp;');
    
    	$page_string = ($on_page == 1) ? '<strong>1</strong>' : '<a href="' . $base_url . '">1</a>';
    
    	if ($total_pages > 5)
    	{
    		$start_cnt = min(max(1, $on_page - 4), $total_pages - 5);
    		$end_cnt = max(min($total_pages, $on_page + 4), 6);
    
    		$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator;
    
    		for ($i = $start_cnt + 1; $i < $end_cnt; $i++)
    		{
    			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';
    			if ($i < $end_cnt - 1)
    			{
    				$page_string .= $seperator;
    			}
    		}
    
    		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator;
    	}
    	else
    	{
    		$page_string .= $seperator;
    
    		for ($i = 2; $i < $total_pages; $i++)
    		{
    			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';
    			if ($i < $total_pages)
    			{
    				$page_string .= $seperator;
    			}
    		}
    	}
    
    	$page_string .= ($on_page == $total_pages) ? '<strong>' . $total_pages . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($total_pages - 1) * $per_page) . '">' . $total_pages . '</a>';
    
    	if ($add_prevnext_text)
    	{
    		if ($on_page != 1)
    		{
    			$page_string = '<a href="' . $base_url . "{$url_delim}start=" . (($on_page - 2) * $per_page) . '">' . $user->lang['PREVIOUS'] . '</a>&nbsp;&nbsp;' . $page_string;
    		}
    
    		if ($on_page != $total_pages)
    		{
    			$page_string .= '&nbsp;&nbsp;<a href="' . $base_url . "{$url_delim}start=" . ($on_page * $per_page) . '">' . $user->lang['NEXT'] . '</a>';
    		}
    	}
    
    	$template->assign_vars(array(
    		$tpl_prefix . 'BASE_URL'		=> $base_url,
    		'A_' . $tpl_prefix . 'BASE_URL'	=> addslashes($base_url),
    		$tpl_prefix . 'PER_PAGE'		=> $per_page,
    
    		$tpl_prefix . 'PREVIOUS_PAGE'	=> ($on_page == 1) ? '' : $base_url . "{$url_delim}start=" . (($on_page - 2) * $per_page),
    		$tpl_prefix . 'NEXT_PAGE'		=> ($on_page == $total_pages) ? '' : $base_url . "{$url_delim}start=" . ($on_page * $per_page),
    		$tpl_prefix . 'TOTAL_PAGES'		=> $total_pages,
    	));
    
    	return $page_string;
    }
    
    /**
    * Return current page (pagination)
    */
    function on_page($num_items, $per_page, $start)
    {
    	global $template, $user;
    
    	// Make sure $per_page is a valid value
    	$per_page = ($per_page <= 0) ? 1 : $per_page;
    
    	$on_page = floor($start / $per_page) + 1;
    
    	$template->assign_vars(array(
    		'ON_PAGE'		=> $on_page)
    	);
    
    	return sprintf($user->lang['PAGE_OF'], $on_page, max(ceil($num_items / $per_page), 1));
    }
    
    // Server functions (building urls, redirecting...)
    
    /**
    * Append session id to url.
    * This function supports hooks.
    *
    * @param string $url The url the session id needs to be appended to (can have params)
    * @param mixed $params String or array of additional url parameters
    * @param bool $is_amp Is url using &amp; (true) or & (false)
    * @param string $session_id Possibility to use a custom session id instead of the global one
    *
    * Examples:
    * <code>
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1&amp;f=2");
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&amp;f=2');
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2', false);
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx", array('t' => 1, 'f' => 2));
    * </code>
    *
    */
    function append_sid($url, $params = false, $is_amp = true, $session_id = false)
    {
    	global $_SID, $_EXTRA_URL, $phpbb_hook;
    
    	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately.
    	// They could mimic most of what is within this function
    	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id))
    	{
    		if ($phpbb_hook->hook_return(__FUNCTION__))
    		{
    			return $phpbb_hook->hook_return_result(__FUNCTION__);
    		}
    	}
    
    	$params_is_array = is_array($params);
    
    	// Get anchor
    	$anchor = '';
    	if (strpos($url, '#') !== false)
    	{
    		list($url, $anchor) = explode('#', $url, 2);
    		$anchor = '#' . $anchor;
    	}
    	else if (!$params_is_array && strpos($params, '#') !== false)
    	{
    		list($params, $anchor) = explode('#', $params, 2);
    		$anchor = '#' . $anchor;
    	}
    
    	// Handle really simple cases quickly
    	if ($_SID == '' && $session_id === false && empty($_EXTRA_URL) && !$params_is_array && !$anchor)
    	{
    		if ($params === false)
    		{
    			return $url;
    		}
    
    		$url_delim = (strpos($url, '?') === false) ? '?' : (($is_amp) ? '&amp;' : '&');
    		return $url . ($params !== false ? $url_delim. $params : '');
    	}
    
    	// Assign sid if session id is not specified
    	if ($session_id === false)
    	{
    		$session_id = $_SID;
    	}
    
    	$amp_delim = ($is_amp) ? '&amp;' : '&';
    	$url_delim = (strpos($url, '?') === false) ? '?' : $amp_delim;
    
    	// Appending custom url parameter?
    	$append_url = (!empty($_EXTRA_URL)) ? implode($amp_delim, $_EXTRA_URL) : '';
    
    	// Use the short variant if possible ;)
    	if ($params === false)
    	{
    		// Append session id
    		if (!$session_id)
    		{
    			return $url . (($append_url) ? $url_delim . $append_url : '') . $anchor;
    		}
    		else
    		{
    			return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . 'sid=' . $session_id . $anchor;
    		}
    	}
    
    	// Build string if parameters are specified as array
    	if (is_array($params))
    	{
    		$output = array();
    
    		foreach ($params as $key => $item)
    		{
    			if ($item === NULL)
    			{
    				continue;
    			}
    
    			if ($key == '#')
    			{
    				$anchor = '#' . $item;
    				continue;
    			}
    
    			$output[] = $key . '=' . $item;
    		}
    
    		$params = implode($amp_delim, $output);
    	}
    
    	// Append session id and parameters (even if they are empty)
    	// If parameters are empty, the developer can still append his/her parameters without caring about the delimiter
    	return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . $params . ((!$session_id) ? '' : $amp_delim . 'sid=' . $session_id) . $anchor;
    }
    
    /**
    * Generate board url (example: http://www.example.com/phpBB)
    *
    * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
    *
    * @return string the generated board url
    */
    function generate_board_url($without_script_path = false)
    {
    	global $config, $user;
    
    	$server_name = $user->host;
    	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
    
    	// Forcing server vars is the only way to specify/override the protocol
    	if ($config['force_server_vars'] || !$server_name)
    	{
    		$server_protocol = ($config['server_protocol']) ? $config['server_protocol'] : (($config['cookie_secure']) ? 'https://' : 'http://');
    		$server_name = $config['server_name'];
    		$server_port = (int) $config['server_port'];
    		$script_path = $config['script_path'];
    
    		$url = $server_protocol . $server_name;
    		$cookie_secure = $config['cookie_secure'];
    	}
    	else
    	{
    		// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
    		$cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
    		$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
    
    		$script_path = $user->page['root_script_path'];
    	}
    
    	if ($server_port && (($cookie_secure && $server_port <> 443) || (!$cookie_secure && $server_port <> 80)))
    	{
    		// HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true)
    		if (strpos($server_name, ':') === false)
    		{
    			$url .= ':' . $server_port;
    		}
    	}
    
    	if (!$without_script_path)
    	{
    		$url .= $script_path;
    	}
    
    	// Strip / from the end
    	if (substr($url, -1, 1) == '/')
    	{
    		$url = substr($url, 0, -1);
    	}
    
    	return $url;
    }
    
    /**
    * Redirects the user to another page then exits the script nicely
    * This function is intended for urls within the board. It's not meant to redirect to cross-domains.
    *
    * @param string $url The url to redirect to
    * @param bool $return If true, do not redirect but return the sanitized URL. Default is no return.
    * @param bool $disable_cd_check If true, redirect() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
    */
    function redirect($url, $return = false, $disable_cd_check = false)
    {
    	global $db, $cache, $config, $user, $phpbb_root_path;
    
    	$failover_flag = false;
    
    	if (empty($user->lang))
    	{
    		$user->add_lang('common');
    	}
    
    	if (!$return)
    	{
    		garbage_collection();
    	}
    
    	// Make sure no &amp;'s are in, this will break the redirect
    	$url = str_replace('&amp;', '&', $url);
    
    	// Determine which type of redirect we need to handle...
    	$url_parts = @parse_url($url);
    
    	if ($url_parts === false)
    	{
    		// Malformed url, redirect to current page...
    		$url = generate_board_url() . '/' . $user->page['page'];
    	}
    	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
    	{
    		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
    		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
    		{
    			$url = generate_board_url();
    		}
    	}
    	else if ($url[0] == '/')
    	{
    		// Absolute uri, prepend direct url...
    		$url = generate_board_url(true) . $url;
    	}
    	else
    	{
    		// Relative uri
    		$pathinfo = pathinfo($url);
    
    		if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))
    		{
    			$url = str_replace('../', '', $url);
    			$pathinfo = pathinfo($url);
    
    			if (!file_exists($pathinfo['dirname'] . '/'))
    			{
    				// fallback to "last known user page"
    				// at least this way we know the user does not leave the phpBB root
    				$url = generate_board_url() . '/' . $user->page['page'];
    				$failover_flag = true;
    			}
    		}
    
    		if (!$failover_flag)
    		{
    			// Is the uri pointing to the current directory?
    			if ($pathinfo['dirname'] == '.')
    			{
    				$url = str_replace('./', '', $url);
    
    				// Strip / from the beginning
    				if ($url && substr($url, 0, 1) == '/')
    				{
    					$url = substr($url, 1);
    				}
    
    				if ($user->page['page_dir'])
    				{
    					$url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url;
    				}
    				else
    				{
    					$url = generate_board_url() . '/' . $url;
    				}
    			}
    			else
    			{
    				// Used ./ before, but $phpbb_root_path is working better with urls within another root path
    				$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path)));
    				$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname'])));
    				$intersection = array_intersect_assoc($root_dirs, $page_dirs);
    
    				$root_dirs = array_diff_assoc($root_dirs, $intersection);
    				$page_dirs = array_diff_assoc($page_dirs, $intersection);
    
    				$dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
    
    				// Strip / from the end
    				if ($dir && substr($dir, -1, 1) == '/')
    				{
    					$dir = substr($dir, 0, -1);
    				}
    
    				// Strip / from the beginning
    				if ($dir && substr($dir, 0, 1) == '/')
    				{
    					$dir = substr($dir, 1);
    				}
    
    				$url = str_replace($pathinfo['dirname'] . '/', '', $url);
    
    				// Strip / from the beginning
    				if (substr($url, 0, 1) == '/')
    				{
    					$url = substr($url, 1);
    				}
    
    				$url = (!empty($dir) ? $dir . '/' : '') . $url;
    				$url = generate_board_url() . '/' . $url;
    			}
    		}
    	}
    
    	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
    	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
    	{
    		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
    	}
    
    	// Now, also check the protocol and for a valid url the last time...
    	$allowed_protocols = array('http', 'https', 'ftp', 'ftps');
    	$url_parts = parse_url($url);
    
    	if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
    	{
    		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
    	}
    
    	if ($return)
    	{
    		return $url;
    	}
    
    	// Redirect via an HTML form for PITA webservers
    	if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
    	{
    		header('Refresh: 0; URL=' . $url);
    
    		echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
    		echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '" xml:lang="' . $user->lang['USER_LANG'] . '">';
    		echo '<head>';
    		echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
    		echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
    		echo '<title>' . $user->lang['REDIRECT'] . '</title>';
    		echo '</head>';
    		echo '<body>';
    		echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&amp;', $url) . '">', '</a>') . '</div>';
    		echo '</body>';
    		echo '</html>';
    
    		exit;
    	}
    
    	// Behave as per HTTP/1.1 spec for others
    	header('Location: ' . $url);
    	exit;
    }
    
    /**
    * Re-Apply session id after page reloads
    */
    function reapply_sid($url)
    {
    	global $phpEx, $phpbb_root_path;
    
    	if ($url === "index.$phpEx")
    	{
    		return append_sid("index.$phpEx");
    	}
    	else if ($url === "{$phpbb_root_path}index.$phpEx")
    	{
    		return append_sid("{$phpbb_root_path}index.$phpEx");
    	}
    
    	// Remove previously added sid
    	if (strpos($url, 'sid=') !== false)
    	{
    		// All kind of links
    		$url = preg_replace('/(\?)?(&amp;|&)?sid=[a-z0-9]+/', '', $url);
    		// if the sid was the first param, make the old second as first ones
    		$url = preg_replace("/$phpEx(&amp;|&)+?/", "$phpEx?", $url);
    	}
    
    	return append_sid($url);
    }
    
    /**
    * Returns url from the session/current page with an re-appended SID with optionally stripping vars from the url
    */
    function build_url($strip_vars = false)
    {
    	global $user, $phpbb_root_path;
    
    	// Append SID
    	$redirect = append_sid($user->page['page'], false, false);
    
    	// Add delimiter if not there...
    	if (strpos($redirect, '?') === false)
    	{
    		$redirect .= '?';
    	}
    
    	// Strip vars...
    	if ($strip_vars !== false && strpos($redirect, '?') !== false)
    	{
    		if (!is_array($strip_vars))
    		{
    			$strip_vars = array($strip_vars);
    		}
    
    		$query = $_query = array();
    
    		$args = substr($redirect, strpos($redirect, '?') + 1);
    		$args = ($args) ? explode('&', $args) : array();
    		$redirect = substr($redirect, 0, strpos($redirect, '?'));
    
    		foreach ($args as $argument)
    		{
    			$arguments = explode('=', $argument);
    			$key = $arguments[0];
    			unset($arguments[0]);
    
    			if ($key === '')
    			{
    				continue;
    			}
    
    			$query[$key] = implode('=', $arguments);
    		}
    
    		// Strip the vars off
    		foreach ($strip_vars as $strip)
    		{
    			if (isset($query[$strip]))
    			{
    				unset($query[$strip]);
    			}
    		}
    
    		// Glue the remaining parts together... already urlencoded
    		foreach ($query as $key => $value)
    		{
    			$_query[] = $key . '=' . $value;
    		}
    		$query = implode('&', $_query);
    
    		$redirect .= ($query) ? '?' . $query : '';
    	}
    
    	// We need to be cautious here.
    	// On some situations, the redirect path is an absolute URL, sometimes a relative path
    	// For a relative path, let's prefix it with $phpbb_root_path to point to the correct location,
    	// else we use the URL directly.
    	$url_parts = @parse_url($redirect);
    
    	// URL
    	if ($url_parts !== false && !empty($url_parts['scheme']) && !empty($url_parts['host']))
    	{
    		return str_replace('&', '&amp;', $redirect);
    	}
    
    	return $phpbb_root_path . str_replace('&', '&amp;', $redirect);
    }
    
    /**
    * Meta refresh assignment
    * Adds META template variable with meta http tag.
    *
    * @param int $time Time in seconds for meta refresh tag
    * @param string $url URL to redirect to. The url will go through redirect() first before the template variable is assigned
    * @param bool $disable_cd_check If true, meta_refresh() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
    */
    function meta_refresh($time, $url, $disable_cd_check = false)
    {
    	global $template;
    
    	$url = redirect($url, true, $disable_cd_check);
    	$url = str_replace('&', '&amp;', $url);
    
    	// For XHTML compatibility we change back & to &amp;
    	$template->assign_vars(array(
    		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
    	);
    
    	return $url;
    }
    
    /**
    * Outputs correct status line header.
    *
    * Depending on php sapi one of the two following forms is used:
    *
    * Status: 404 Not Found
    *
    * HTTP/1.x 404 Not Found
    *
    * HTTP version is taken from HTTP_VERSION environment variable,
    * and defaults to 1.0.
    *
    * Sample usage:
    *
    * send_status_line(404, 'Not Found');
    *
    * @param int $code HTTP status code
    * @param string $message Message for the status code
    * @return void
    */
    function send_status_line($code, $message)
    {
    	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
    	{
    		// in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though
    		header("Status: $code $message", true, $code);
    	}
    	else
    	{
    		if (!empty($_SERVER['SERVER_PROTOCOL']))
    		{
    			$version = $_SERVER['SERVER_PROTOCOL'];
    		}
    		else if (!empty($_SERVER['HTTP_VERSION']))
    		{
    			// I cannot remember where I got this from.
    			// This code path may never be reachable in reality.
    			$version = $_SERVER['HTTP_VERSION'];
    		}
    		else
    		{
    			$version = 'HTTP/1.0';
    		}
    		header("$version $code $message", true, $code);
    	}
    }
    
    //Form validation
    
    
    /**
    * Add a secret hash   for use in links/GET requests
    * @param string  $link_name The name of the link; has to match the name used in check_link_hash, otherwise no restrictions apply
    * @return string the hash
    
    */
    function generate_link_hash($link_name)
    {
    	global $user;
    
    	if (!isset($user->data["hash_$link_name"]))
    	{
    		$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
    	}
    
    	return $user->data["hash_$link_name"];
    }
    
    
    /**
    * checks a link hash - for GET requests
    * @param string $token the submitted token
    * @param string $link_name The name of the link
    * @return boolean true if all is fine
    */
    function check_link_hash($token, $link_name)
    {
    	return $token === generate_link_hash($link_name);
    }
    
    /**
    * Add a secret token to the form (requires the S_FORM_TOKEN template variable)
    * @param string  $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
    */
    function add_form_key($form_name)
    {
    	global $config, $template, $user;
    
    	$now = time();
    	$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
    	$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
    
    	$s_fields = build_hidden_fields(array(
    		'creation_time' => $now,
    		'form_token'	=> $token,
    	));
    
    	$template->assign_vars(array(
    		'S_FORM_TOKEN'	=> $s_fields,
    	));
    }
    
    /**
    * Check the form key. Required for all altering actions not secured by confirm_box
    * @param string  $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply
    * @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
    * @param string $return_page The address for the return link
    * @param bool $trigger If true, the function will triger an error when encountering an invalid form
    */
    function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false)
    {
    	global $config, $user;
    
    	if ($timespan === false)
    	{
    		// we enforce a minimum value of half a minute here.
    		$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
    	}
    
    	if (isset($_POST['creation_time']) && isset($_POST['form_token']))
    	{
    		$creation_time	= abs(request_var('creation_time', 0));
    		$token = request_var('form_token', '');
    
    		$diff = time() - $creation_time;
    
    		// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
    		if ($diff && ($diff <= $timespan || $timespan === -1))
    		{
    			$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
    			$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
    
    			if ($key === $token)
    			{
    				return true;
    			}
    		}
    	}
    
    	if ($trigger)
    	{
    		trigger_error($user->lang['FORM_INVALID'] . $return_page);
    	}
    
    	return false;
    }
    
    // Message/Login boxes
    
    /**
    * Build Confirm box
    * @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box
    * @param string $title Title/Message used for confirm box.
    *		message text is _CONFIRM appended to title.
    *		If title cannot be found in user->lang a default one is displayed
    *		If title_CONFIRM cannot be found in user->lang the text given is used.
    * @param string $hidden Hidden variables
    * @param string $html_body Template used for confirm box
    * @param string $u_action Custom form action
    */
    function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
    {
    	global $user, $template, $db;
    	global $phpEx, $phpbb_root_path;
    
    	if (isset($_POST['cancel']))
    	{
    		return false;
    	}
    
    	$confirm = false;
    	if (isset($_POST['confirm']))
    	{
    		// language frontier
    		if ($_POST['confirm'] === $user->lang['YES'])
    		{
    			$confirm = true;
    		}
    	}
    
    	if ($check && $confirm)
    	{
    		$user_id = request_var('confirm_uid', 0);
    		$session_id = request_var('sess', '');
    		$confirm_key = request_var('confirm_key', '');
    
    		if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || !$confirm_key || !$user->data['user_last_confirm_key'] || $confirm_key != $user->data['user_last_confirm_key'])
    		{
    			return false;
    		}
    
    		// Reset user_last_confirm_key
    		$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = ''
    			WHERE user_id = " . $user->data['user_id'];
    		$db->sql_query($sql);
    
    		return true;
    	}
    	else if ($check)
    	{
    		return false;
    	}
    
    	$s_hidden_fields = build_hidden_fields(array(
    		'confirm_uid'	=> $user->data['user_id'],
    		'sess'			=> $user->session_id,
    		'sid'			=> $user->session_id,
    	));
    
    	// generate activation key
    	$confirm_key = gen_rand_string(10);
    
    	if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    	{
    		adm_page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);
    	}
    	else
    	{
    		page_header(((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]), false);
    	}
    
    	$template->set_filenames(array(
    		'body' => $html_body)
    	);
    
    	// If activation key already exist, we better do not re-use the key (something very strange is going on...)
    	if (request_var('confirm_key', ''))
    	{
    		// This should not occur, therefore we cancel the operation to safe the user
    		return false;
    	}
    
    	// re-add sid / transform & to &amp; for user->page (user->page is always using &)
    	$use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&amp;', $user->page['page']);
    	$u_action = reapply_sid($use_page);
    	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;
    
    	$template->assign_vars(array(
    		'MESSAGE_TITLE'		=> (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title],
    		'MESSAGE_TEXT'		=> (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'],
    
    		'YES_VALUE'			=> $user->lang['YES'],
    		'S_CONFIRM_ACTION'	=> $u_action,
    		'S_HIDDEN_FIELDS'	=> $hidden . $s_hidden_fields)
    	);
    
    	$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "'
    		WHERE user_id = " . $user->data['user_id'];
    	$db->sql_query($sql);
    
    	if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    	{
    		adm_page_footer();
    	}
    	else
    	{
    		page_footer();
    	}
    }
    
    /**
    * Generate login box or verify password
    */
    function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
    {
    	global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
    
    	if (!class_exists('phpbb_captcha_factory'))
    	{
    		include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
    	}
    
    	$err = '';
    
    	// Make sure user->setup() has been called
    	if (empty($user->lang))
    	{
    		$user->setup();
    	}
    
    	// Print out error if user tries to authenticate as an administrator without having the privileges...
    	if ($admin && !$auth->acl_get('a_'))
    	{
    		// Not authd
    		// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
    		if ($user->data['is_registered'])
    		{
    			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    		}
    		trigger_error('NO_AUTH_ADMIN');
    	}
    
    	if (isset($_POST['login']))
    	{
    		// Get credential
    		if ($admin)
    		{
    			$credential = request_var('credential', '');
    
    			if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32)
    			{
    				if ($user->data['is_registered'])
    				{
    					add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    				}
    				trigger_error('NO_AUTH_ADMIN');
    			}
    
    			$password	= request_var('password_' . $credential, '', true);
    		}
    		else
    		{
    			$password	= request_var('password', '', true);
    		}
    
    		$username	= request_var('username', '', true);
    		$autologin	= (!empty($_POST['autologin'])) ? true : false;
    		$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
    		$admin 		= ($admin) ? 1 : 0;
    		$viewonline = ($admin) ? $user->data['session_viewonline'] : $viewonline;
    
    		// Check if the supplied username is equal to the one stored within the database if re-authenticating
    		if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username']))
    		{
    			// We log the attempt to use a different username...
    			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
    		}
    
    		// If authentication is successful we redirect user to previous page
    		$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
    
    		// If admin authentication and login, we will log if it was a success or not...
    		// We also break the operation on the first non-success login - it could be argued that the user already knows
    		if ($admin)
    		{
    			if ($result['status'] == LOGIN_SUCCESS)
    			{
    				add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
    			}
    			else
    			{
    				// Only log the failed attempt if a real user tried to.
    				// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
    				if ($user->data['is_registered'])
    				{
    					add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    				}
    			}
    		}
    
    		// The result parameter is always an array, holding the relevant information...
    		if ($result['status'] == LOGIN_SUCCESS)
    		{
    			$redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");
    			$message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT'];
    			$l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "{$phpbb_root_path}index.$phpEx" || $redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
    
    			// append/replace SID (may change during the session for AOL users)
    			$redirect = reapply_sid($redirect);
    
    			// Special case... the user is effectively banned, but we allow founders to login
    			if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER)
    			{
    				return;
    			}
    
    			$redirect = meta_refresh(3, $redirect);
    			trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
    		}
    
    		// Something failed, determine what...
    		if ($result['status'] == LOGIN_BREAK)
    		{
    			trigger_error($result['error_msg']);
    		}
    
    		// Special cases... determine
    		switch ($result['status'])
    		{
    			case LOGIN_ERROR_ATTEMPTS:
    
    				$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
    				$captcha->init(CONFIRM_LOGIN);
    				// $captcha->reset();
    
    				$template->assign_vars(array(
    					'CAPTCHA_TEMPLATE'			=> $captcha->get_template(),
    				));
    
    				$err = $user->lang[$result['error_msg']];
    			break;
    
    			case LOGIN_ERROR_PASSWORD_CONVERT:
    				$err = sprintf(
    					$user->lang[$result['error_msg']],
    					($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
    					($config['email_enable']) ? '</a>' : '',
    					($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
    					($config['board_contact']) ? '</a>' : ''
    				);
    			break;
    
    			// Username, password, etc...
    			default:
    				$err = $user->lang[$result['error_msg']];
    
    				// Assign admin contact to some error messages
    				if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
    				{
    					$err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
    				}
    
    			break;
    		}
    	}
    
    	// Assign credential for username/password pair
    	$credential = ($admin) ? md5(unique_id()) : false;
    
    	$s_hidden_fields = array(
    		'sid'		=> $user->session_id,
    	);
    
    	if ($redirect)
    	{
    		$s_hidden_fields['redirect'] = $redirect;
    	}
    
    	if ($admin)
    	{
    		$s_hidden_fields['credential'] = $credential;
    	}
    
    	$s_hidden_fields = build_hidden_fields($s_hidden_fields);
    
    	$template->assign_vars(array(
    		'LOGIN_ERROR'		=> $err,
    		'LOGIN_EXPLAIN'		=> $l_explain,
    
    		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '',
    		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
    		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
    		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
    
    		'S_DISPLAY_FULL_LOGIN'	=> ($s_display) ? true : false,
    		'S_HIDDEN_FIELDS' 		=> $s_hidden_fields,
    
    		'S_ADMIN_AUTH'			=> $admin,
    		'USERNAME'				=> ($admin) ? $user->data['username'] : '',
    
    		'USERNAME_CREDENTIAL'	=> 'username',
    		'PASSWORD_CREDENTIAL'	=> ($admin) ? 'password_' . $credential : 'password',
    	));
    
    	page_header($user->lang['LOGIN'], false);
    
    	$template->set_filenames(array(
    		'body' => 'login_body.html')
    	);
    	make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
    
    	page_footer();
    }
    
    /**
    * Generate forum login box
    */
    function login_forum_box($forum_data)
    {
    	global $db, $config, $user, $template, $phpEx;
    
    	$password = request_var('password', '', true);
    
    	$sql = 'SELECT forum_id
    		FROM ' . FORUMS_ACCESS_TABLE . '
    		WHERE forum_id = ' . $forum_data['forum_id'] . '
    			AND user_id = ' . $user->data['user_id'] . "
    			AND session_id = '" . $db->sql_escape($user->session_id) . "'";
    	$result = $db->sql_query($sql);
    	$row = $db->sql_fetchrow($result);
    	$db->sql_freeresult($result);
    
    	if ($row)
    	{
    		return true;
    	}
    
    	if ($password)
    	{
    		// Remove expired authorised sessions
    		$sql = 'SELECT f.session_id
    			FROM ' . FORUMS_ACCESS_TABLE . ' f
    			LEFT JOIN ' . SESSIONS_TABLE . ' s ON (f.session_id = s.session_id)
    			WHERE s.session_id IS NULL';
    		$result = $db->sql_query($sql);
    
    		if ($row = $db->sql_fetchrow($result))
    		{
    			$sql_in = array();
    			do
    			{
    				$sql_in[] = (string) $row['session_id'];
    			}
    			while ($row = $db->sql_fetchrow($result));
    
    			// Remove expired sessions
    			$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
    				WHERE ' . $db->sql_in_set('session_id', $sql_in);
    			$db->sql_query($sql);
    		}
    		$db->sql_freeresult($result);
    
    		if (phpbb_check_hash($password, $forum_data['forum_password']))
    		{
    			$sql_ary = array(
    				'forum_id'		=> (int) $forum_data['forum_id'],
    				'user_id'		=> (int) $user->data['user_id'],
    				'session_id'	=> (string) $user->session_id,
    			);
    
    			$db->sql_query('INSERT INTO ' . FORUMS_ACCESS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    			return true;
    		}
    
    		$template->assign_var('LOGIN_ERROR', $user->lang['WRONG_PASSWORD']);
    	}
    
    	page_header($user->lang['LOGIN'], false);
    
    	$template->assign_vars(array(
    		'S_LOGIN_ACTION'		=> build_url(array('f')),
    		'S_HIDDEN_FIELDS'		=> build_hidden_fields(array('f' => $forum_data['forum_id'])))
    	);
    
    	$template->set_filenames(array(
    		'body' => 'login_forum.html')
    	);
    
    	page_footer();
    }
    
    // Little helpers
    
    /**
    * Little helper for the build_hidden_fields function
    */
    function _build_hidden_fields($key, $value, $specialchar, $stripslashes)
    {
    	$hidden_fields = '';
    
    	if (!is_array($value))
    	{
    		$value = ($stripslashes) ? stripslashes($value) : $value;
    		$value = ($specialchar) ? htmlspecialchars($value, ENT_COMPAT, 'UTF-8') : $value;
    
    		$hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n";
    	}
    	else
    	{
    		foreach ($value as $_key => $_value)
    		{
    			$_key = ($stripslashes) ? stripslashes($_key) : $_key;
    			$_key = ($specialchar) ? htmlspecialchars($_key, ENT_COMPAT, 'UTF-8') : $_key;
    
    			$hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar, $stripslashes);
    		}
    	}
    
    	return $hidden_fields;
    }
    
    /**
    * Build simple hidden fields from array
    *
    * @param array $field_ary an array of values to build the hidden field from
    * @param bool $specialchar if true, keys and values get specialchared
    * @param bool $stripslashes if true, keys and values get stripslashed
    *
    * @return string the hidden fields
    */
    function build_hidden_fields($field_ary, $specialchar = false, $stripslashes = false)
    {
    	$s_hidden_fields = '';
    
    	foreach ($field_ary as $name => $vars)
    	{
    		$name = ($stripslashes) ? stripslashes($name) : $name;
    		$name = ($specialchar) ? htmlspecialchars($name, ENT_COMPAT, 'UTF-8') : $name;
    
    		$s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar, $stripslashes);
    	}
    
    	return $s_hidden_fields;
    }
    
    /**
    * Parse cfg file
    */
    function parse_cfg_file($filename, $lines = false)
    {
    	$parsed_items = array();
    
    	if ($lines === false)
    	{
    		$lines = file($filename);
    	}
    
    	foreach ($lines as $line)
    	{
    		$line = trim($line);
    
    		if (!$line || $line[0] == '#' || ($delim_pos = strpos($line, '=')) === false)
    		{
    			continue;
    		}
    
    		// Determine first occurrence, since in values the equal sign is allowed
    		$key = strtolower(trim(substr($line, 0, $delim_pos)));
    		$value = trim(substr($line, $delim_pos + 1));
    
    		if (in_array($value, array('off', 'false', '0')))
    		{
    			$value = false;
    		}
    		else if (in_array($value, array('on', 'true', '1')))
    		{
    			$value = true;
    		}
    		else if (!trim($value))
    		{
    			$value = '';
    		}
    		else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))
    		{
    			$value = substr($value, 1, sizeof($value)-2);
    		}
    
    		$parsed_items[$key] = $value;
    	}
    
    	return $parsed_items;
    }
    
    /**
    * Add log event
    */
    function add_log()
    {
    	global $db, $user;
    
    	// In phpBB 3.1.x i want to have logging in a class to be able to control it
    	// For now, we need a quite hakish approach to circumvent logging for some actions
    	// @todo implement cleanly
    	if (!empty($GLOBALS['skip_add_log']))
    	{
    		return false;
    	}
    
    	$args = func_get_args();
    
    	$mode			= array_shift($args);
    	$reportee_id	= ($mode == 'user') ? intval(array_shift($args)) : '';
    	$forum_id		= ($mode == 'mod') ? intval(array_shift($args)) : '';
    	$topic_id		= ($mode == 'mod') ? intval(array_shift($args)) : '';
    	$action			= array_shift($args);
    	$data			= (!sizeof($args)) ? '' : serialize($args);
    
    	$sql_ary = array(
    		'user_id'		=> (empty($user->data)) ? ANONYMOUS : $user->data['user_id'],
    		'log_ip'		=> $user->ip,
    		'log_time'		=> time(),
    		'log_operation'	=> $action,
    		'log_data'		=> $data,
    	);
    
    	switch ($mode)
    	{
    		case 'admin':
    			$sql_ary['log_type'] = LOG_ADMIN;
    		break;
    
    		case 'mod':
    			$sql_ary += array(
    				'log_type'	=> LOG_MOD,
    				'forum_id'	=> $forum_id,
    				'topic_id'	=> $topic_id
    			);
    		break;
    
    		case 'user':
    			$sql_ary += array(
    				'log_type'		=> LOG_USERS,
    				'reportee_id'	=> $reportee_id
    			);
    		break;
    
    		case 'critical':
    			$sql_ary['log_type'] = LOG_CRITICAL;
    		break;
    
    		default:
    			return false;
    	}
    
    	$db->sql_query('INSERT INTO ' . LOG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    	return $db->sql_nextid();
    }
    
    /**
    * Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com)
    */
    function get_backtrace()
    {
    	global $phpbb_root_path;
    
    	$output = '<div style="font-family: monospace;">';
    	$backtrace = debug_backtrace();
    	$path = phpbb_realpath($phpbb_root_path);
    
    	foreach ($backtrace as $number => $trace)
    	{
    		// We skip the first one, because it only shows this file/function
    		if ($number == 0)
    		{
    			continue;
    		}
    
    		// Strip the current directory from path
    		if (empty($trace['file']))
    		{
    			$trace['file'] = '';
    		}
    		else
    		{
    			$trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']);
    			$trace['file'] = substr($trace['file'], 1);
    		}
    		$args = array();
    
    		// If include/require/include_once is not called, do not show arguments - they may contain sensible information
    		if (!in_array($trace['function'], array('include', 'require', 'include_once')))
    		{
    			unset($trace['args']);
    		}
    		else
    		{
    			// Path...
    			if (!empty($trace['args'][0]))
    			{
    				$argument = htmlspecialchars($trace['args'][0]);
    				$argument = str_replace(array($path, '\\'), array('', '/'), $argument);
    				$argument = substr($argument, 1);
    				$args[] = "'{$argument}'";
    			}
    		}
    
    		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
    		$trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];
    
    		$output .= '<br />';
    		$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />';
    		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
    
    		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />';
    	}
    	$output .= '</div>';
    	return $output;
    }
    
    /**
    * This function returns a regular expression pattern for commonly used expressions
    * Use with / as delimiter for email mode and # for url modes
    * mode can be: email|bbcode_htm|url|url_inline|www_url|www_url_inline|relative_url|relative_url_inline|ipv4|ipv6
    */
    function get_preg_expression($mode)
    {
    	switch ($mode)
    	{
    		case 'email':
    			// Regex written by James Watts and Francisco Jose Martin Moreno
    			// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
    			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
    		break;
    
    		case 'bbcode_htm':
    			return array(
    				'#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
    				'#<!\-\- l \-\-><a (?:class="[\w-]+" )?href="(.*?)(?:(&amp;|\?)sid=[0-9a-f]{32})?">.*?</a><!\-\- l \-\->#',
    				'#<!\-\- ([mw]) \-\-><a (?:class="[\w-]+" )?href="(.*?)">.*?</a><!\-\- \1 \-\->#',
    				'#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
    				'#<!\-\- .*? \-\->#s',
    				'#<.*?>#s',
    			);
    		break;
    
    		// Whoa these look impressive!
    		// The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses
    		// can be found in the develop directory
    		case 'ipv4':
    			return '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#';
    		break;
    
    		case 'ipv6':
    			return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i';
    		break;
    
    		case 'url':
    		case 'url_inline':
    			$inline = ($mode == 'url') ? ')' : '';
    			$scheme = ($mode == 'url') ? '[a-z\d+\-.]' : '[a-z\d+]'; // avoid automatic parsing of "word" in "last word.http://..."
    			// generated with regex generation file in the develop folder
    			return "[a-z]$scheme*:/{2}(?:(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
    		break;
    
    		case 'www_url':
    		case 'www_url_inline':
    			$inline = ($mode == 'www_url') ? ')' : '';
    			return "www\.(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})+(?::\d*)?(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
    		break;
    
    		case 'relative_url':
    		case 'relative_url_inline':
    			$inline = ($mode == 'relative_url') ? ')' : '';
    			return "(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
    		break;
    	}
    
    	return '';
    }
    
    /**
    * Generate regexp for naughty words censoring
    * Depends on whether installed PHP version supports unicode properties
    *
    * @param string	$word			word template to be replaced
    * @param bool	$use_unicode	whether or not to take advantage of PCRE supporting unicode
    *
    * @return string $preg_expr		regex to use with word censor
    */
    function get_censor_preg_expression($word, $use_unicode = true)
    {
    	static $unicode_support = null;
    
    	// Check whether PHP version supports unicode properties
    	if (is_null($unicode_support))
    	{
    		$unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
    	}
    
    	// Unescape the asterisk to simplify further conversions
    	$word = str_replace('\*', '*', preg_quote($word, '#'));
    
    	if ($use_unicode && $unicode_support)
    	{
    		// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes
    		$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);
    
    		// Generate the final substitution
    		$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu';
    	}
    	else
    	{
    		// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
    		$word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word);
    
    		// Generate the final substitution
    		$preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu';
    	}
    
    	return $preg_expr;
    }
    
    /**
    * Returns the first block of the specified IPv6 address and as many additional
    * ones as specified in the length paramater.
    * If length is zero, then an empty string is returned.
    * If length is greater than 3 the complete IP will be returned
    */
    function short_ipv6($ip, $length)
    {
    	if ($length < 1)
    	{
    		return '';
    	}
    
    	// extend IPv6 addresses
    	$blocks = substr_count($ip, ':') + 1;
    	if ($blocks < 9)
    	{
    		$ip = str_replace('::', ':' . str_repeat('0000:', 9 - $blocks), $ip);
    	}
    	if ($ip[0] == ':')
    	{
    		$ip = '0000' . $ip;
    	}
    	if ($length < 4)
    	{
    		$ip = implode(':', array_slice(explode(':', $ip), 0, 1 + $length));
    	}
    
    	return $ip;
    }
    
    /**
    * Wrapper for php's checkdnsrr function.
    *
    * @param string $host	Fully-Qualified Domain Name
    * @param string $type	Resource record type to lookup
    *						Supported types are: MX (default), A, AAAA, NS, TXT, CNAME
    *						Other types may work or may not work
    *
    * @return mixed		true if entry found,
    *					false if entry not found,
    *					null if this function is not supported by this environment
    *
    * Since null can also be returned, you probably want to compare the result
    * with === true or === false,
    *
    * @author bantu
    */
    function phpbb_checkdnsrr($host, $type = 'MX')
    {
    	// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
    	if (substr($host, -1) == '.')
    	{
    		$host_fqdn = $host;
    		$host = substr($host, 0, -1);
    	}
    	else
    	{
    		$host_fqdn = $host . '.';
    	}
    	// $host		has format	some.host.example.com
    	// $host_fqdn	has format	some.host.example.com.
    
    	// If we're looking for an A record we can use gethostbyname()
    	if ($type == 'A' && function_exists('gethostbyname'))
    	{
    		return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true;
    	}
    
    	// checkdnsrr() is available on Windows since PHP 5.3,
    	// but until 5.3.3 it only works for MX records
    	// See: http://bugs.php.net/bug.php?id=51844
    
    	// Call checkdnsrr() if
    	// we're looking for an MX record or
    	// we're not on Windows or
    	// we're running a PHP version where #51844 has been fixed
    
    	// checkdnsrr() supports AAAA since 5.0.0
    	// checkdnsrr() supports TXT since 5.2.4
    	if (
    		($type == 'MX' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.3', '>=')) &&
    		($type != 'AAAA' || version_compare(PHP_VERSION, '5.0.0', '>=')) &&
    		($type != 'TXT' || version_compare(PHP_VERSION, '5.2.4', '>=')) &&
    		function_exists('checkdnsrr')
    	)
    	{
    		return checkdnsrr($host_fqdn, $type);
    	}
    
    	// dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows,
    	// but on Windows it does not work reliable for AAAA records before PHP 5.3.1
    
    	// Call dns_get_record() if
    	// we're not looking for an AAAA record or
    	// we're not on Windows or
    	// we're running a PHP version where AAAA lookups work reliable
    	if (
    		($type != 'AAAA' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.1', '>=')) &&
    		function_exists('dns_get_record')
    	)
    	{
    		// dns_get_record() expects an integer as second parameter
    		// We have to convert the string $type to the corresponding integer constant.
    		$type_constant = 'DNS_' . $type;
    		$type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY;
    
    		// dns_get_record() might throw E_WARNING and return false for records that do not exist
    		$resultset = @dns_get_record($host_fqdn, $type_param);
    
    		if (empty($resultset) || !is_array($resultset))
    		{
    			return false;
    		}
    		else if ($type_param == DNS_ANY)
    		{
    			// $resultset is a non-empty array
    			return true;
    		}
    
    		foreach ($resultset as $result)
    		{
    			if (
    				isset($result['host']) && $result['host'] == $host &&
    				isset($result['type']) && $result['type'] == $type
    			)
    			{
    				return true;
    			}
    		}
    
    		return false;
    	}
    
    	// If we're on Windows we can still try to call nslookup via exec() as a last resort
    	if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec'))
    	{
    		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output);
    
    		// If output is empty, the nslookup failed
    		if (empty($output))
    		{
    			return NULL;
    		}
    
    		foreach ($output as $line)
    		{
    			$line = trim($line);
    
    			if (empty($line))
    			{
    				continue;
    			}
    
    			// Squash tabs and multiple whitespaces to a single whitespace.
    			$line = preg_replace('/\s+/', ' ', $line);
    
    			switch ($type)
    			{
    				case 'MX':
    					if (stripos($line, "$host MX") === 0)
    					{
    						return true;
    					}
    				break;
    
    				case 'NS':
    					if (stripos($line, "$host nameserver") === 0)
    					{
    						return true;
    					}
    				break;
    
    				case 'TXT':
    					if (stripos($line, "$host text") === 0)
    					{
    						return true;
    					}
    				break;
    
    				case 'CNAME':
    					if (stripos($line, "$host canonical name") === 0)
    					{
    						return true;
    					}
    
    				default:
    				case 'A':
    				case 'AAAA':
    					if (!empty($host_matches))
    					{
    						// Second line
    						if (stripos($line, "Address: ") === 0)
    						{
    							return true;
    						}
    						else
    						{
    							$host_matches = false;
    						}
    					}
    					else if (stripos($line, "Name: $host") === 0)
    					{
    						// First line
    						$host_matches = true;
    					}
    				break;
    			}
    		}
    
    		return false;
    	}
    
    	return NULL;
    }
    
    // Handler, header and footer
    
    /**
    * Error and message handler, call with trigger_error if reqd
    */
    function msg_handler($errno, $msg_text, $errfile, $errline)
    {
    	global $cache, $db, $auth, $template, $config, $user;
    	global $phpEx, $phpbb_root_path, $msg_title, $msg_long_text;
    
    	// Do not display notices if we suppress them via @
    	if (error_reporting() == 0 && $errno != E_USER_ERROR && $errno != E_USER_WARNING && $errno != E_USER_NOTICE)
    	{
    		return;
    	}
    
    	// Message handler is stripping text. In case we need it, we are possible to define long text...
    	if (isset($msg_long_text) && $msg_long_text && !$msg_text)
    	{
    		$msg_text = $msg_long_text;
    	}
    
    	if (!defined('E_DEPRECATED'))
    	{
    		define('E_DEPRECATED', 8192);
    	}
    
    	switch ($errno)
    	{
    		case E_NOTICE:
    		case E_WARNING:
    
    			// Check the error reporting level and return if the error level does not match
    			// If DEBUG is defined the default level is E_ALL
    			if (($errno & ((defined('DEBUG')) ? E_ALL : error_reporting())) == 0)
    			{
    				return;
    			}
    
    			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
    			{
    				// remove complete path to installation, with the risk of changing backslashes meant to be there
    				$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
    				$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
    				$error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';
    				echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
    
    				// we are writing an image - the user won't see the debug, so let's place it in the log
    				if (defined('IMAGE_OUTPUT') || defined('IN_CRON'))
    				{
    					add_log('critical', 'LOG_IMAGE_GENERATION_ERROR', $errfile, $errline, $msg_text);
    				}
    				// echo '<br /><br />BACKTRACE<br />' . get_backtrace() . '<br />' . "\n";
    			}
    
    			return;
    
    		break;
    
    		case E_USER_ERROR:
    
    			if (!empty($user) && !empty($user->lang))
    			{
    				$msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text;
    				$msg_title = (!isset($msg_title)) ? $user->lang['GENERAL_ERROR'] : ((!empty($user->lang[$msg_title])) ? $user->lang[$msg_title] : $msg_title);
    
    				$l_return_index = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $phpbb_root_path . '">', '</a>');
    				$l_notify = '';
    
    				if (!empty($config['board_contact']))
    				{
    					$l_notify = '<p>' . sprintf($user->lang['NOTIFY_ADMIN_EMAIL'], $config['board_contact']) . '</p>';
    				}
    			}
    			else
    			{
    				$msg_title = 'General Error';
    				$l_return_index = '<a href="' . $phpbb_root_path . '">Return to index page</a>';
    				$l_notify = '';
    
    				if (!empty($config['board_contact']))
    				{
    					$l_notify = '<p>Please notify the board administrator or webmaster: <a href="mailto:' . $config['board_contact'] . '">' . $config['board_contact'] . '</a></p>';
    				}
    			}
    
    			if ((defined('DEBUG') || defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db))
    			{
    				// let's avoid loops
    				$db->sql_return_on_error(true);
    				add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $msg_text);
    				$db->sql_return_on_error(false);
    			}
    
    			// Do not send 200 OK, but service unavailable on errors
    			send_status_line(503, 'Service Unavailable');
    
    			garbage_collection();
    
    			// Try to not call the adm page data...
    
    			echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
    			echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">';
    			echo '<head>';
    			echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
    			echo '<title>' . $msg_title . '</title>';
    			echo '<style type="text/css">' . "\n" . '/* <![CDATA[ */' . "\n";
    			echo '* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } ';
    			echo 'a:link, a:active, a:visited { color: #006699; text-decoration: none; } a:hover { color: #DD6900; text-decoration: underline; } ';
    			echo '#wrap { padding: 0 20px 15px 20px; min-width: 615px; } #page-header { text-align: right; height: 40px; } #page-footer { clear: both; font-size: 1em; text-align: center; } ';
    			echo '.panel { margin: 4px 0; background-color: #FFFFFF; border: solid 1px  #A9B8C2; } ';
    			echo '#errorpage #page-header a { font-weight: bold; line-height: 6em; } #errorpage #content { padding: 10px; } #errorpage #content h1 { line-height: 1.2em; margin-bottom: 0; color: #DF075C; } ';
    			echo '#errorpage #content div { margin-top: 20px; margin-bottom: 5px; border-bottom: 1px solid #CCCCCC; padding-bottom: 5px; color: #333333; font: bold 1.2em "Lucida Grande", Arial, Helvetica, sans-serif; text-decoration: none; line-height: 120%; text-align: left; } ';
    			echo "\n" . '/* ]]> */' . "\n";
    			echo '</style>';
    			echo '</head>';
    			echo '<body id="errorpage">';
    			echo '<div id="wrap">';
    			echo '	<div id="page-header">';
    			echo '		' . $l_return_index;
    			echo '	</div>';
    			echo '	<div id="acp">';
    			echo '	<div class="panel">';
    			echo '		<div id="content">';
    			echo '			<h1>' . $msg_title . '</h1>';
    
    			echo '			<div>' . $msg_text . '</div>';
    
    			echo $l_notify;
    
    			echo '		</div>';
    			echo '	</div>';
    			echo '	</div>';
    			echo '	<div id="page-footer">';
    			echo '		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
    			echo '	</div>';
    			echo '</div>';
    			echo '</body>';
    			echo '</html>';
    
    			exit_handler();
    
    			// On a fatal error (and E_USER_ERROR *is* fatal) we never want other scripts to continue and force an exit here.
    			exit;
    		break;
    
    		case E_USER_WARNING:
    		case E_USER_NOTICE:
    
    			define('IN_ERROR_HANDLER', true);
    
    			if (empty($user->data))
    			{
    				$user->session_begin();
    			}
    
    			// We re-init the auth array to get correct results on login/logout
    			$auth->acl($user->data);
    
    			if (empty($user->lang))
    			{
    				$user->setup();
    			}
    
    			if ($msg_text == 'ERROR_NO_ATTACHMENT' || $msg_text == 'NO_FORUM' || $msg_text == 'NO_TOPIC' || $msg_text == 'NO_USER')
    			{
    				send_status_line(404, 'Not Found');
    			}
    
    			$msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text;
    			$msg_title = (!isset($msg_title)) ? $user->lang['INFORMATION'] : ((!empty($user->lang[$msg_title])) ? $user->lang[$msg_title] : $msg_title);
    
    			if (!defined('HEADER_INC'))
    			{
    				if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    				{
    					adm_page_header($msg_title);
    				}
    				else
    				{
    					page_header($msg_title, false);
    				}
    			}
    
    			$template->set_filenames(array(
    				'body' => 'message_body.html')
    			);
    
    			$template->assign_vars(array(
    				'MESSAGE_TITLE'		=> $msg_title,
    				'MESSAGE_TEXT'		=> $msg_text,
    				'S_USER_WARNING'	=> ($errno == E_USER_WARNING) ? true : false,
    				'S_USER_NOTICE'		=> ($errno == E_USER_NOTICE) ? true : false)
    			);
    
    			// We do not want the cron script to be called on error messages
    			define('IN_CRON', true);
    
    			if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    			{
    				adm_page_footer();
    			}
    			else
    			{
    				page_footer();
    			}
    
    			exit_handler();
    		break;
    
    		// PHP4 compatibility
    		case E_DEPRECATED:
    			return true;
    		break;
    	}
    
    	// If we notice an error not handled here we pass this back to PHP by returning false
    	// This may not work for all php versions
    	return false;
    }
    
    /**
    * Queries the session table to get information about online guests
    * @param int $item_id Limits the search to the item with this id
    * @param string $item The name of the item which is stored in the session table as session_{$item}_id
    * @return int The number of active distinct guest sessions
    */
    function obtain_guest_count($item_id = 0, $item = 'forum')
    {
    	global $db, $config;
    
    	if ($item_id)
    	{
    		$reading_sql = ' AND s.session_' . $item . '_id = ' . (int) $item_id;
    	}
    	else
    	{
    		$reading_sql = '';
    	}
    	$time = (time() - (intval($config['load_online_time']) * 60));
    
    	// Get number of online guests
    
    	if ($db->sql_layer === 'sqlite')
    	{
    		$sql = 'SELECT COUNT(session_ip) as num_guests
    			FROM (
    				SELECT DISTINCT s.session_ip
    				FROM ' . SESSIONS_TABLE . ' s
    				WHERE s.session_user_id = ' . ANONYMOUS . '
    					AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
    				$reading_sql .
    			')';
    	}
    	else
    	{
    		$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests
    			FROM ' . SESSIONS_TABLE . ' s
    			WHERE s.session_user_id = ' . ANONYMOUS . '
    				AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
    			$reading_sql;
    	}
    	$result = $db->sql_query($sql);
    	$guests_online = (int) $db->sql_fetchfield('num_guests');
    	$db->sql_freeresult($result);
    
    	return $guests_online;
    }
    
    /**
    * Queries the session table to get information about online users
    * @param int $item_id Limits the search to the item with this id
    * @param string $item The name of the item which is stored in the session table as session_{$item}_id
    * @return array An array containing the ids of online, hidden and visible users, as well as statistical info
    */
    function obtain_users_online($item_id = 0, $item = 'forum')
    {
    	global $db, $config, $user;
    
    	$reading_sql = '';
    	if ($item_id !== 0)
    	{
    		$reading_sql = ' AND s.session_' . $item . '_id = ' . (int) $item_id;
    	}
    
    	$online_users = array(
    		'online_users'			=> array(),
    		'hidden_users'			=> array(),
    		'total_online'			=> 0,
    		'visible_online'		=> 0,
    		'hidden_online'			=> 0,
    		'guests_online'			=> 0,
    	);
    
    	if ($config['load_online_guests'])
    	{
    		$online_users['guests_online'] = obtain_guest_count($item_id, $item);
    	}
    
    	// a little discrete magic to cache this for 30 seconds
    	$time = (time() - (intval($config['load_online_time']) * 60));
    
    	$sql = 'SELECT s.session_user_id, s.session_ip, s.session_viewonline
    		FROM ' . SESSIONS_TABLE . ' s
    		WHERE s.session_time >= ' . ($time - ((int) ($time % 30))) .
    			$reading_sql .
    		' AND s.session_user_id <> ' . ANONYMOUS;
    	$result = $db->sql_query($sql);
    
    	while ($row = $db->sql_fetchrow($result))
    	{
    		// Skip multiple sessions for one user
    		if (!isset($online_users['online_users'][$row['session_user_id']]))
    		{
    			$online_users['online_users'][$row['session_user_id']] = (int) $row['session_user_id'];
    			if ($row['session_viewonline'])
    			{
    				$online_users['visible_online']++;
    			}
    			else
    			{
    				$online_users['hidden_users'][$row['session_user_id']] = (int) $row['session_user_id'];
    				$online_users['hidden_online']++;
    			}
    		}
    	}
    	$online_users['total_online'] = $online_users['guests_online'] + $online_users['visible_online'] + $online_users['hidden_online'];
    	$db->sql_freeresult($result);
    
    	return $online_users;
    }
    
    /**
    * Uses the result of obtain_users_online to generate a localized, readable representation.
    * @param mixed $online_users result of obtain_users_online - array with user_id lists for total, hidden and visible users, and statistics
    * @param int $item_id Indicate that the data is limited to one item and not global
    * @param string $item The name of the item which is stored in the session table as session_{$item}_id
    * @return array An array containing the string for output to the template
    */
    function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum')
    {
    	global $config, $db, $user, $auth;
    
    	$user_online_link = $online_userlist = '';
    	// Need caps version of $item for language-strings
    	$item_caps = strtoupper($item);
    
    	if (sizeof($online_users['online_users']))
    	{
    		$sql = 'SELECT username, username_clean, user_id, user_type, user_allow_viewonline, user_colour
    				FROM ' . USERS_TABLE . '
    				WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . '
    				ORDER BY username_clean ASC';
    		$result = $db->sql_query($sql);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			// User is logged in and therefore not a guest
    			if ($row['user_id'] != ANONYMOUS)
    			{
    				if (isset($online_users['hidden_users'][$row['user_id']]))
    				{
    					$row['username'] = '<em>' . $row['username'] . '</em>';
    				}
    
    				if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline'))
    				{
    					$user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
    					$online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
    				}
    			}
    		}
    		$db->sql_freeresult($result);
    	}
    
    	if (!$online_userlist)
    	{
    		$online_userlist = $user->lang['NO_ONLINE_USERS'];
    	}
    
    	if ($item_id === 0)
    	{
    		$online_userlist = $user->lang['REGISTERED_USERS'] . ' ' . $online_userlist;
    	}
    	else if ($config['load_online_guests'])
    	{
    		$l_online = ($online_users['guests_online'] === 1) ? $user->lang['BROWSING_' . $item_caps . '_GUEST'] : $user->lang['BROWSING_' . $item_caps . '_GUESTS'];
    		$online_userlist = sprintf($l_online, $online_userlist, $online_users['guests_online']);
    	}
    	else
    	{
    		$online_userlist = sprintf($user->lang['BROWSING_' . $item_caps], $online_userlist);
    	}
    	// Build online listing
    	$vars_online = array(
    		'ONLINE'	=> array('total_online', 'l_t_user_s', 0),
    		'REG'		=> array('visible_online', 'l_r_user_s', !$config['load_online_guests']),
    		'HIDDEN'	=> array('hidden_online', 'l_h_user_s', $config['load_online_guests']),
    		'GUEST'		=> array('guests_online', 'l_g_user_s', 0)
    	);
    
    	foreach ($vars_online as $l_prefix => $var_ary)
    	{
    		if ($var_ary[2])
    		{
    			$l_suffix = '_AND';
    		}
    		else
    		{
    			$l_suffix = '';
    		}
    		switch ($online_users[$var_ary[0]])
    		{
    			case 0:
    				${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_ZERO_TOTAL' . $l_suffix];
    			break;
    
    			case 1:
    				${$var_ary[1]} = $user->lang[$l_prefix . '_USER_TOTAL' . $l_suffix];
    			break;
    
    			default:
    				${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_TOTAL' . $l_suffix];
    			break;
    		}
    	}
    	unset($vars_online);
    
    	$l_online_users = sprintf($l_t_user_s, $online_users['total_online']);
    	$l_online_users .= sprintf($l_r_user_s, $online_users['visible_online']);
    	$l_online_users .= sprintf($l_h_user_s, $online_users['hidden_online']);
    
    	if ($config['load_online_guests'])
    	{
    		$l_online_users .= sprintf($l_g_user_s, $online_users['guests_online']);
    	}
    
    
    
    	return array(
    		'online_userlist'	=> $online_userlist,
    		'l_online_users'	=> $l_online_users,
    	);
    }
    
    /**
    * Get option bitfield from custom data
    *
    * @param int	$bit		The bit/value to get
    * @param int	$data		Current bitfield to check
    * @return bool	Returns true if value of constant is set in bitfield, else false
    */
    function phpbb_optionget($bit, $data)
    {
    	return ($data & 1 << (int) $bit) ? true : false;
    }
    
    /**
    * Set option bitfield
    *
    * @param int	$bit		The bit/value to set/unset
    * @param bool	$set		True if option should be set, false if option should be unset.
    * @param int	$data		Current bitfield to change
    *
    * @return int	The new bitfield
    */
    function phpbb_optionset($bit, $set, $data)
    {
    	if ($set && !($data & 1 << $bit))
    	{
    		$data += 1 << $bit;
    	}
    	else if (!$set && ($data & 1 << $bit))
    	{
    		$data -= 1 << $bit;
    	}
    
    	return $data;
    }
    
    /**
    * Login using http authenticate.
    *
    * @param array	$param		Parameter array, see $param_defaults array.
    *
    * @return void
    */
    function phpbb_http_login($param)
    {
    	global $auth, $user;
    	global $config;
    
    	$param_defaults = array(
    		'auth_message'	=> '',
    
    		'autologin'		=> false,
    		'viewonline'	=> true,
    		'admin'			=> false,
    	);
    
    	// Overwrite default values with passed values
    	$param = array_merge($param_defaults, $param);
    
    	// User is already logged in
    	// We will not overwrite his session
    	if (!empty($user->data['is_registered']))
    	{
    		return;
    	}
    
    	// $_SERVER keys to check
    	$username_keys = array(
    		'PHP_AUTH_USER',
    		'Authorization',
    		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
    		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
    		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
    		'AUTH_USER',
    	);
    
    	$password_keys = array(
    		'PHP_AUTH_PW',
    		'REMOTE_PASSWORD',
    		'AUTH_PASSWORD',
    	);
    
    	$username = null;
    	foreach ($username_keys as $k)
    	{
    		if (isset($_SERVER[$k]))
    		{
    			$username = $_SERVER[$k];
    			break;
    		}
    	}
    
    	$password = null;
    	foreach ($password_keys as $k)
    	{
    		if (isset($_SERVER[$k]))
    		{
    			$password = $_SERVER[$k];
    			break;
    		}
    	}
    
    	// Decode encoded information (IIS, CGI, FastCGI etc.)
    	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
    	{
    		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
    	}
    
    	if (!is_null($username) && !is_null($password))
    	{
    		set_var($username, $username, 'string', true);
    		set_var($password, $password, 'string', true);
    
    		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
    
    		if ($auth_result['status'] == LOGIN_SUCCESS)
    		{
    			return;
    		}
    		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
    		{
    			send_status_line(401, 'Unauthorized');
    
    			trigger_error('NOT_AUTHORISED');
    		}
    	}
    
    	// Prepend sitename to auth_message
    	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
    
    	// We should probably filter out non-ASCII characters - RFC2616
    	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
    
    	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
    	send_status_line(401, 'Unauthorized');
    
    	trigger_error('NOT_AUTHORISED');
    }
    
    /**
    * Generate page header
    */
    function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
    {
    	global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path;
    
    	if (defined('HEADER_INC'))
    	{
    		return;
    	}
    
    	define('HEADER_INC', true);
    
    	// gzip_compression
    	if ($config['gzip_compress'])
    	{
    		// to avoid partially compressed output resulting in blank pages in
    		// the browser or error messages, compression is disabled in a few cases:
    		//
    		// 1) if headers have already been sent, this indicates plaintext output
    		//    has been started so further content must not be compressed
    		// 2) the length of the current output buffer is non-zero. This means
    		//    there is already some uncompressed content in this output buffer
    		//    so further output must not be compressed
    		// 3) if more than one level of output buffering is used because we
    		//    cannot test all output buffer level content lengths. One level
    		//    could be caused by php.ini output_buffering. Anything
    		//    beyond that is manual, so the code wrapping phpBB in output buffering
    		//    can easily compress the output itself.
    		//
    		if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)
    		{
    			ob_start('ob_gzhandler');
    		}
    	}
    
    	// Generate logged in/logged out status
    	if ($user->data['user_id'] != ANONYMOUS)
    	{
    		$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id);
    		$l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']);
    	}
    	else
    	{
    		$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login');
    		$l_login_logout = $user->lang['LOGIN'];
    	}
    
    	// Last visit date/time
    	$s_last_visit = ($user->data['user_id'] != ANONYMOUS) ? $user->format_date($user->data['session_last_visit']) : '';
    
    	// Get users online list ... if required
    	$l_online_users = $online_userlist = $l_online_record = $l_online_time = '';
    
    	if ($config['load_online'] && $config['load_online_time'] && $display_online_list)
    	{
    		/**
    		* Load online data:
    		* For obtaining another session column use $item and $item_id in the function-parameter, whereby the column is session_{$item}_id.
    		*/
    		$item_id = max($item_id, 0);
    
    		$online_users = obtain_users_online($item_id, $item);
    		$user_online_strings = obtain_users_online_string($online_users, $item_id, $item);
    
    		$l_online_users = $user_online_strings['l_online_users'];
    		$online_userlist = $user_online_strings['online_userlist'];
    		$total_online_users = $online_users['total_online'];
    
    		if ($total_online_users > $config['record_online_users'])
    		{
    			set_config('record_online_users', $total_online_users, true);
    			set_config('record_online_date', time(), true);
    		}
    
    		$l_online_record = sprintf($user->lang['RECORD_ONLINE_USERS'], $config['record_online_users'], $user->format_date($config['record_online_date'], false, true));
    
    		$l_online_time = ($config['load_online_time'] == 1) ? 'VIEW_ONLINE_TIME' : 'VIEW_ONLINE_TIMES';
    		$l_online_time = sprintf($user->lang[$l_online_time], $config['load_online_time']);
    	}
    
    	$l_privmsgs_text = $l_privmsgs_text_unread = '';
    	$s_privmsg_new = false;
    
    	// Obtain number of new private messages if user is logged in
    	if (!empty($user->data['is_registered']))
    	{
    		if ($user->data['user_new_privmsg'])
    		{
    			$l_message_new = ($user->data['user_new_privmsg'] == 1) ? $user->lang['NEW_PM'] : $user->lang['NEW_PMS'];
    			$l_privmsgs_text = sprintf($l_message_new, $user->data['user_new_privmsg']);
    
    			if (!$user->data['user_last_privmsg'] || $user->data['user_last_privmsg'] > $user->data['session_last_visit'])
    			{
    				$sql = 'UPDATE ' . USERS_TABLE . '
    					SET user_last_privmsg = ' . $user->data['session_last_visit'] . '
    					WHERE user_id = ' . $user->data['user_id'];
    				$db->sql_query($sql);
    
    				$s_privmsg_new = true;
    			}
    			else
    			{
    				$s_privmsg_new = false;
    			}
    		}
    		else
    		{
    			$l_privmsgs_text = $user->lang['NO_NEW_PM'];
    			$s_privmsg_new = false;
    		}
    
    		$l_privmsgs_text_unread = '';
    
    		if ($user->data['user_unread_privmsg'] && $user->data['user_unread_privmsg'] != $user->data['user_new_privmsg'])
    		{
    			$l_message_unread = ($user->data['user_unread_privmsg'] == 1) ? $user->lang['UNREAD_PM'] : $user->lang['UNREAD_PMS'];
    			$l_privmsgs_text_unread = sprintf($l_message_unread, $user->data['user_unread_privmsg']);
    		}
    	}
    
    	$forum_id = request_var('f', 0);
    	$topic_id = request_var('t', 0);
    
    	$s_feed_news = false;
    
    	// Get option for news
    	if ($config['feed_enable'])
    	{
    		$sql = 'SELECT forum_id
    			FROM ' . FORUMS_TABLE . '
    			WHERE ' . $db->sql_bit_and('forum_options', FORUM_OPTION_FEED_NEWS, '<> 0');
    		$result = $db->sql_query_limit($sql, 1, 0, 600);
    		$s_feed_news = (int) $db->sql_fetchfield('forum_id');
    		$db->sql_freeresult($result);
    	}
    
    	// Determine board url - we may need it later
    	$board_url = generate_board_url() . '/';
    	$web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $phpbb_root_path;
    
    	// Which timezone?
    	$tz = ($user->data['user_id'] != ANONYMOUS) ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone']));
    
    	// Send a proper content-language to the output
    	$user_lang = $user->lang['USER_LANG'];
    	if (strpos($user_lang, '-x-') !== false)
    	{
    		$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
    	}
    
    	$s_search_hidden_fields = array();
    	if ($_SID)
    	{
    		$s_search_hidden_fields['sid'] = $_SID;
    	}
    
    	// The following assigns all _common_ variables that may be used at any point in a template.
    	$template->assign_vars(array(
    		'SITENAME'						=> $config['sitename'],
    		'SITE_DESCRIPTION'				=> $config['site_desc'],
    		'PAGE_TITLE'					=> $page_title,
    		'SCRIPT_NAME'					=> str_replace('.' . $phpEx, '', $user->page['page_name']),
    		'LAST_VISIT_DATE'				=> sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit),
    		'LAST_VISIT_YOU'				=> $s_last_visit,
    		'CURRENT_TIME'					=> sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)),
    		'TOTAL_USERS_ONLINE'			=> $l_online_users,
    		'LOGGED_IN_USER_LIST'			=> $online_userlist,
    		'RECORD_USERS'					=> $l_online_record,
    		'PRIVATE_MESSAGE_INFO'			=> $l_privmsgs_text,
    		'PRIVATE_MESSAGE_INFO_UNREAD'	=> $l_privmsgs_text_unread,
    
    		'S_USER_NEW_PRIVMSG'			=> $user->data['user_new_privmsg'],
    		'S_USER_UNREAD_PRIVMSG'			=> $user->data['user_unread_privmsg'],
    		'S_USER_NEW'					=> $user->data['user_new'],
    
    		'SID'				=> $SID,
    		'_SID'				=> $_SID,
    		'SESSION_ID'		=> $user->session_id,
    		'ROOT_PATH'			=> $phpbb_root_path,
    		'BOARD_URL'			=> $board_url,
    
    		'L_LOGIN_LOGOUT'	=> $l_login_logout,
    		'L_INDEX'			=> $user->lang['FORUM_INDEX'],
    		'L_ONLINE_EXPLAIN'	=> $l_online_time,
    
    		'U_PRIVATEMSGS'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
    		'U_RETURN_INBOX'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
    		'U_POPUP_PM'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup'),
    		'UA_POPUP_PM'			=> addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup')),
    		'U_MEMBERLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
    		'U_VIEWONLINE'			=> ($auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) ? append_sid("{$phpbb_root_path}viewonline.$phpEx") : '',
    		'U_LOGIN_LOGOUT'		=> $u_login_logout,
    		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
    		'U_SEARCH'				=> append_sid("{$phpbb_root_path}search.$phpEx"),
    		'U_REGISTER'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
    		'U_PROFILE'				=> append_sid("{$phpbb_root_path}ucp.$phpEx"),
    		'U_MODCP'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", false, true, $user->session_id),
    		'U_FAQ'					=> append_sid("{$phpbb_root_path}faq.$phpEx"),
    		'U_SEARCH_SELF'			=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=egosearch'),
    		'U_SEARCH_NEW'			=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=newposts'),
    		'U_SEARCH_UNANSWERED'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
    		'U_SEARCH_UNREAD'		=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'),
    		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
    		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
    		'U_TEAM'				=> ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'),
    		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
    		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
    		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
    		'U_FEED'				=> generate_board_url() . "/feed.$phpEx",
    
    		'S_USER_LOGGED_IN'		=> ($user->data['user_id'] != ANONYMOUS) ? true : false,
    		'S_AUTOLOGIN_ENABLED'	=> ($config['allow_autologin']) ? true : false,
    		'S_BOARD_DISABLED'		=> ($config['board_disable']) ? true : false,
    		'S_REGISTERED_USER'		=> (!empty($user->data['is_registered'])) ? true : false,
    		'S_IS_BOT'				=> (!empty($user->data['is_bot'])) ? true : false,
    		'S_USER_PM_POPUP'		=> $user->optionget('popuppm'),
    		'S_USER_LANG'			=> $user_lang,
    		'S_USER_BROWSER'		=> (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
    		'S_USERNAME'			=> $user->data['username'],
    		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
    		'S_CONTENT_FLOW_BEGIN'	=> ($user->lang['DIRECTION'] == 'ltr') ? 'left' : 'right',
    		'S_CONTENT_FLOW_END'	=> ($user->lang['DIRECTION'] == 'ltr') ? 'right' : 'left',
    		'S_CONTENT_ENCODING'	=> 'UTF-8',
    		'S_TIMEZONE'			=> ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''),
    		'S_DISPLAY_ONLINE_LIST'	=> ($l_online_time) ? 1 : 0,
    		'S_DISPLAY_SEARCH'		=> (!$config['load_search']) ? 0 : (isset($auth) ? ($auth->acl_get('u_search') && $auth->acl_getf_global('f_search')) : 1),
    		'S_DISPLAY_PM'			=> ($config['allow_privmsg'] && !empty($user->data['is_registered']) && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
    		'S_DISPLAY_MEMBERLIST'	=> (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0,
    		'S_NEW_PM'				=> ($s_privmsg_new) ? 1 : 0,
    		'S_REGISTER_ENABLED'	=> ($config['require_activation'] != USER_ACTIVATION_DISABLE) ? true : false,
    		'S_FORUM_ID'			=> $forum_id,
    		'S_TOPIC_ID'			=> $topic_id,
    
    		'S_LOGIN_ACTION'		=> ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)),
    		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => build_url())),
    
    		'S_ENABLE_FEEDS'			=> ($config['feed_enable']) ? true : false,
    		'S_ENABLE_FEEDS_OVERALL'	=> ($config['feed_overall']) ? true : false,
    		'S_ENABLE_FEEDS_FORUMS'		=> ($config['feed_overall_forums']) ? true : false,
    		'S_ENABLE_FEEDS_TOPICS'		=> ($config['feed_topics_new']) ? true : false,
    		'S_ENABLE_FEEDS_TOPICS_ACTIVE'	=> ($config['feed_topics_active']) ? true : false,
    		'S_ENABLE_FEEDS_NEWS'		=> ($s_feed_news) ? true : false,
    
    		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
    
    		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
    
    		'T_THEME_PATH'			=> "{$web_path}styles/" . $user->theme['theme_path'] . '/theme',
    		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . $user->theme['template_path'] . '/template',
    		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template',
    		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset',
    		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name,
    		'T_IMAGES_PATH'			=> "{$web_path}images/",
    		'T_SMILIES_PATH'		=> "{$web_path}{$config['smilies_path']}/",
    		'T_AVATAR_PATH'			=> "{$web_path}{$config['avatar_path']}/",
    		'T_AVATAR_GALLERY_PATH'	=> "{$web_path}{$config['avatar_gallery_path']}/",
    		'T_ICONS_PATH'			=> "{$web_path}{$config['icons_path']}/",
    		'T_RANKS_PATH'			=> "{$web_path}{$config['ranks_path']}/",
    		'T_UPLOAD_PATH'			=> "{$web_path}{$config['upload_path']}/",
    		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name),
    		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'],
    
    		'T_THEME_NAME'			=> $user->theme['theme_path'],
    		'T_TEMPLATE_NAME'		=> $user->theme['template_path'],
    		'T_SUPER_TEMPLATE_NAME'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path'],
    		'T_IMAGESET_NAME'		=> $user->theme['imageset_path'],
    		'T_IMAGESET_LANG_NAME'	=> $user->data['user_lang'],
    		'T_IMAGES'				=> 'images',
    		'T_SMILIES'				=> $config['smilies_path'],
    		'T_AVATAR'				=> $config['avatar_path'],
    		'T_AVATAR_GALLERY'		=> $config['avatar_gallery_path'],
    		'T_ICONS'				=> $config['icons_path'],
    		'T_RANKS'				=> $config['ranks_path'],
    		'T_UPLOAD'				=> $config['upload_path'],
    
    		'SITE_LOGO_IMG'			=> $user->img('site_logo'),
    
    		'A_COOKIE_SETTINGS'		=> addslashes('; path=' . $config['cookie_path'] . ((!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']) . ((!$config['cookie_secure']) ? '' : '; secure')),
    	));
    
    	// application/xhtml+xml not used because of IE
    	header('Content-type: text/html; charset=UTF-8');
    
    	header('Cache-Control: private, no-cache="set-cookie"');
    	header('Expires: 0');
    	header('Pragma: no-cache');
    
    	return;
    }
    
    /**
    * Generate page footer
    */
    function page_footer($run_cron = true)
    {
    	global $db, $config, $template, $user, $auth, $cache, $starttime, $phpbb_root_path, $phpEx;
    
    	// Output page creation time
    	if (defined('DEBUG'))
    	{
    		$mtime = explode(' ', microtime());
    		$totaltime = $mtime[0] + $mtime[1] - $starttime;
    
    		if (!empty($_REQUEST['explain']) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))
    		{
    			$db->sql_report('display');
    		}
    
    		$debug_output = sprintf('Time : %.3fs | ' . $db->sql_num_queries() . ' Queries | GZIP : ' . (($config['gzip_compress'] && @extension_loaded('zlib')) ? 'On' : 'Off') . (($user->load) ? ' | Load : ' . $user->load : ''), $totaltime);
    
    		if ($auth->acl_get('a_') && defined('DEBUG_EXTRA'))
    		{
    			if (function_exists('memory_get_usage'))
    			{
    				if ($memory_usage = memory_get_usage())
    				{
    					global $base_memory_usage;
    					$memory_usage -= $base_memory_usage;
    					$memory_usage = get_formatted_filesize($memory_usage);
    
    					$debug_output .= ' | Memory Usage: ' . $memory_usage;
    				}
    			}
    
    			$debug_output .= ' | <a href="' . build_url() . '&amp;explain=1">Explain</a>';
    		}
    	}
    
    	$template->assign_vars(array(
    		'DEBUG_OUTPUT'			=> (defined('DEBUG')) ? $debug_output : '',
    		'TRANSLATION_INFO'		=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
    
    		'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
    	);
    
    	// Call cron-type script
    	$call_cron = false;
    	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])
    	{
    		$call_cron = true;
    		$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
    
    		// Any old lock present?
    		if (!empty($config['cron_lock']))
    		{
    			$cron_time = explode(' ', $config['cron_lock']);
    
    			// If 1 hour lock is present we do not call cron.php
    			if ($cron_time[0] + 3600 >= $time_now)
    			{
    				$call_cron = false;
    			}
    		}
    	}
    
    	// Call cron job?
    	if ($call_cron)
    	{
    		$cron_type = '';
    
    		if ($time_now - $config['queue_interval'] > $config['last_queue_run'] && !defined('IN_ADMIN') && file_exists($phpbb_root_path . 'cache/queue.' . $phpEx))
    		{
    			// Process email queue
    			$cron_type = 'queue';
    		}
    		else if (method_exists($cache, 'tidy') && $time_now - $config['cache_gc'] > $config['cache_last_gc'])
    		{
    			// Tidy the cache
    			$cron_type = 'tidy_cache';
    		}
    		else if ($config['warnings_expire_days'] && ($time_now - $config['warnings_gc'] > $config['warnings_last_gc']))
    		{
    			$cron_type = 'tidy_warnings';
    		}
    		else if ($time_now - $config['database_gc'] > $config['database_last_gc'])
    		{
    			// Tidy the database
    			$cron_type = 'tidy_database';
    		}
    		else if ($time_now - $config['search_gc'] > $config['search_last_gc'])
    		{
    			// Tidy the search
    			$cron_type = 'tidy_search';
    		}
    		else if ($time_now - $config['session_gc'] > $config['session_last_gc'])
    		{
    			$cron_type = 'tidy_sessions';
    		}
    
    		if ($cron_type)
    		{
    			$template->assign_var('RUN_CRON_TASK', '<img src="' . append_sid($phpbb_root_path . 'cron.' . $phpEx, 'cron_type=' . $cron_type) . '" width="1" height="1" alt="cron" />');
    		}
    	}
    
    	$template->display('body');
    
    	garbage_collection();
    	exit_handler();
    }
    
    /**
    * Closing the cache object and the database
    * Cool function name, eh? We might want to add operations to it later
    */
    function garbage_collection()
    {
    	global $cache, $db;
    
    	// Unload cache, must be done before the DB connection if closed
    	if (!empty($cache))
    	{
    		$cache->unload();
    	}
    
    	// Close our DB connection.
    	if (!empty($db))
    	{
    		$db->sql_close();
    	}
    }
    
    /**
    * Handler for exit calls in phpBB.
    * This function supports hooks.
    *
    * Note: This function is called after the template has been outputted.
    */
    function exit_handler()
    {
    	global $phpbb_hook, $config;
    
    	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__))
    	{
    		if ($phpbb_hook->hook_return(__FUNCTION__))
    		{
    			return $phpbb_hook->hook_return_result(__FUNCTION__);
    		}
    	}
    
    	// As a pre-caution... some setups display a blank page if the flush() is not there.
    	(ob_get_level() > 0) ? @ob_flush() : @flush();
    
    	exit;
    }
    
    /**
    * Handler for init calls in phpBB. This function is called in user::setup();
    * This function supports hooks.
    */
    function phpbb_user_session_handler()
    {
    	global $phpbb_hook;
    
    	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__))
    	{
    		if ($phpbb_hook->hook_return(__FUNCTION__))
    		{
    			return $phpbb_hook->hook_return_result(__FUNCTION__);
    		}
    	}
    
    	return;
    }
    
    ?>


    session.php:

    <?php
    /**
    *
    * @package phpBB3
    * @version $Id$
    * @copyright (c) 2005 phpBB Group
    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    *
    */
    
    /**
    * @ignore
    */
    if (!defined('IN_PHPBB'))
    {
    	exit;
    }
    
    /**
    * Session class
    * @package phpBB3
    */
    class session
    {
    	var $cookie_data = array();
    	var $page = array();
    	var $data = array();
    	var $browser = '';
    	var $forwarded_for = '';
    	var $host = '';
    	var $session_id = '';
    	var $ip = '';
    	var $load = 0;
    	var $time_now = 0;
    	var $update_session_page = true;
    
    	/**
    	* Extract current session page
    	*
    	* @param string $root_path current root path (phpbb_root_path)
    	*/
    	function extract_current_page($root_path)
    	{
    		$page_array = array();
    
    		// First of all, get the request uri...
    		$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
    		$args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&', $_SERVER['QUERY_STRING']) : explode('&', getenv('QUERY_STRING'));
    
    		// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
    		if (!$script_name)
    		{
    			$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
    			$script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name;
    			$page_array['failover'] = 1;
    		}
    
    		// Replace backslashes and doubled slashes (could happen on some proxy setups)
    		$script_name = str_replace(array('\\', '//'), '/', $script_name);
    
    		// Now, remove the sid and let us get a clean query string...
    		$use_args = array();
    
    		// Since some browser do not encode correctly we need to do this with some "special" characters...
    		// " -> %22, ' => %27, < -> %3C, > -> %3E
    		$find = array('"', "'", '<', '>');
    		$replace = array('%22', '%27', '%3C', '%3E');
    
    		foreach ($args as $key => $argument)
    		{
    			if (strpos($argument, 'sid=') === 0)
    			{
    				continue;
    			}
    
    			$use_args[] = str_replace($find, $replace, $argument);
    		}
    		unset($args);
    
    		// The following examples given are for an request uri of {path to the phpbb directory}/adm/index.php?i=10&b=2
    
    		// The current query string
    		$query_string = trim(implode('&', $use_args));
    
    		// basenamed page name (for example: index.php)
    		$page_name = (substr($script_name, -1, 1) == '/') ? '' : basename($script_name);
    		$page_name = urlencode(htmlspecialchars($page_name));
    
    		// current directory within the phpBB root (for example: adm)
    		$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
    		$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
    		$intersection = array_intersect_assoc($root_dirs, $page_dirs);
    
    		$root_dirs = array_diff_assoc($root_dirs, $intersection);
    		$page_dirs = array_diff_assoc($page_dirs, $intersection);
    
    		$page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
    
    		if ($page_dir && substr($page_dir, -1, 1) == '/')
    		{
    			$page_dir = substr($page_dir, 0, -1);
    		}
    
    		// Current page from phpBB root (for example: adm/index.php?i=10&b=2)
    		$page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : '');
    
    		// The script path from the webroot to the current directory (for example: /phpBB3/adm/) : always prefixed with / and ends in /
    		$script_path = trim(str_replace('\\', '/', dirname($script_name)));
    
    		// The script path from the webroot to the phpBB root (for example: /phpBB3/)
    		$script_dirs = explode('/', $script_path);
    		array_splice($script_dirs, -sizeof($page_dirs));
    		$root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : '');
    
    		// We are on the base level (phpBB root == webroot), lets adjust the variables a bit...
    		if (!$root_script_path)
    		{
    			$root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path;
    		}
    
    		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
    		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
    
    		$page_array += array(
    			'page_name'			=> $page_name,
    			'page_dir'			=> $page_dir,
    
    			'query_string'		=> $query_string,
    			'script_path'		=> str_replace(' ', '%20', htmlspecialchars($script_path)),
    			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
    
    			'page'				=> $page,
    			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
    		);
    
    		return $page_array;
    	}
    
    	/**
    	* Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.
    	*/
    	function extract_current_hostname()
    	{
    		global $config;
    
    		// Get hostname
    		$host = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
    
    		// Should be a string and lowered
    		$host = (string) strtolower($host);
    
    		// If host is equal the cookie domain or the server name (if config is set), then we assume it is valid
    		if ((isset($config['cookie_domain']) && $host === $config['cookie_domain']) || (isset($config['server_name']) && $host === $config['server_name']))
    		{
    			return $host;
    		}
    
    		// Is the host actually a IP? If so, we use the IP... (IPv4)
    		if (long2ip(ip2long($host)) === $host)
    		{
    			return $host;
    		}
    
    		// Now return the hostname (this also removes any port definition). The http:// is prepended to construct a valid URL, hosts never have a scheme assigned
    		$host = @parse_url('http://' . $host);
    		$host = (!empty($host['host'])) ? $host['host'] : '';
    
    		// Remove any portions not removed by parse_url (#)
    		$host = str_replace('#', '', $host);
    
    		// If, by any means, the host is now empty, we will use a "best approach" way to guess one
    		if (empty($host))
    		{
    			if (!empty($config['server_name']))
    			{
    				$host = $config['server_name'];
    			}
    			else if (!empty($config['cookie_domain']))
    			{
    				$host = (strpos($config['cookie_domain'], '.') === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain'];
    			}
    			else
    			{
    				// Set to OS hostname or localhost
    				$host = (function_exists('php_uname')) ? php_uname('n') : 'localhost';
    			}
    		}
    
    		// It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set)
    		return $host;
    	}
    
    	/**
    	* Start session management
    	*
    	* This is where all session activity begins. We gather various pieces of
    	* information from the client and server. We test to see if a session already
    	* exists. If it does, fine and dandy. If it doesn't we'll go on to create a
    	* new one ... pretty logical heh? We also examine the system load (if we're
    	* running on a system which makes such information readily available) and
    	* halt if it's above an admin definable limit.
    	*
    	* @param bool $update_session_page if true the session page gets updated.
    	*			This can be set to circumvent certain scripts to update the users last visited page.
    	*/
    	function session_begin($update_session_page = true)
    	{
    		global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
    
    		// Give us some basic information
    		$this->time_now				= time();
    		$this->cookie_data			= array('u' => 0, 'k' => '');
    		$this->update_session_page	= $update_session_page;
    		$this->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
    		$this->referer				= (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
    		$this->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']) : '';
    
    		$this->host					= $this->extract_current_hostname();
    		$this->page					= $this->extract_current_page($phpbb_root_path);
    
    		// if the forwarded for header shall be checked we have to validate its contents
    		if ($config['forwarded_for_check'])
    		{
    			$this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));
    
    			// split the list of IPs
    			$ips = explode(' ', $this->forwarded_for);
    			foreach ($ips as $ip)
    			{
    				// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
    				if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
    				{
    					// contains invalid data, don't use the forwarded for header
    					$this->forwarded_for = '';
    					break;
    				}
    			}
    		}
    		else
    		{
    			$this->forwarded_for = '';
    		}
    
    		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
    		{
    			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
    			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
    			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '', false, true);
    
    			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
    			$_SID = (defined('NEED_SID')) ? $this->session_id : '';
    
    			if (empty($this->session_id))
    			{
    				$this->session_id = $_SID = request_var('sid', '');
    				$SID = '?sid=' . $this->session_id;
    				$this->cookie_data = array('u' => 0, 'k' => '');
    			}
    		}
    		else
    		{
    			$this->session_id = $_SID = request_var('sid', '');
    			$SID = '?sid=' . $this->session_id;
    		}
    
    		$_EXTRA_URL = array();
    
    		// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
    		// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
    		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
    		$this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
    
    		// split the list of IPs
    		$ips = explode(' ', trim($this->ip));
    
    		// Default IP if REMOTE_ADDR is invalid
    		$this->ip = '127.0.0.1';
    
    		foreach ($ips as $ip)
    		{
    			if (preg_match(get_preg_expression('ipv4'), $ip))
    			{
    				$this->ip = $ip;
    			}
    			else if (preg_match(get_preg_expression('ipv6'), $ip))
    			{
    				// Quick check for IPv4-mapped address in IPv6
    				if (stripos($ip, '::ffff:') === 0)
    				{
    					$ipv4 = substr($ip, 7);
    
    					if (preg_match(get_preg_expression('ipv4'), $ipv4))
    					{
    						$ip = $ipv4;
    					}
    				}
    
    				$this->ip = $ip;
    			}
    			else
    			{
    				// We want to use the last valid address in the chain
    				// Leave foreach loop when address is invalid
    				break;
    			}
    		}
    
    		$this->load = false;
    
    		// Load limit check (if applicable)
    		if ($config['limit_load'] || $config['limit_search_load'])
    		{
    			if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg'))))
    			{
    				$this->load = array_slice($load, 0, 1);
    				$this->load = floatval($this->load[0]);
    			}
    			else
    			{
    				set_config('limit_load', '0');
    				set_config('limit_search_load', '0');
    			}
    		}
    
    		// Is session_id is set or session_id is set and matches the url param if required
    		if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
    		{
    			$sql = 'SELECT u.*, s.*
    				FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
    				WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'
    					AND u.user_id = s.session_user_id";
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    
    			// Did the session exist in the DB?
    			if (isset($this->data['user_id']))
    			{
    				// Validate IP length according to admin ... enforces an IP
    				// check on bots if admin requires this
    //				$quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
    
    				if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false)
    				{
    					$s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']);
    					$u_ip = short_ipv6($this->ip, $config['ip_check']);
    				}
    				else
    				{
    					$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
    					$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
    				}
    
    				$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
    				$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
    
    				$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
    				$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
    
    				// referer checks
    				// The @ before $config['referer_validation'] suppresses notices present while running the updater
    				$check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH);
    				$referer_valid = true;
    
    				// we assume HEAD and TRACE to be foul play and thus only whitelist GET
    				if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
    				{
    					$referer_valid = $this->validate_referer($check_referer_path);
    				}
    
    				if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid)
    				{
    					$session_expired = false;
    
    					// Check whether the session is still valid if we have one
    					$method = basename(trim($config['auth_method']));
    					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
    
    					$method = 'validate_session_' . $method;
    					if (function_exists($method))
    					{
    						if (!$method($this->data))
    						{
    							$session_expired = true;
    						}
    					}
    
    					if (!$session_expired)
    					{
    						// Check the session length timeframe if autologin is not enabled.
    						// Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide.
    						if (!$this->data['session_autologin'])
    						{
    							if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60))
    							{
    								$session_expired = true;
    							}
    						}
    						else if (!$config['allow_autologin'] || ($config['max_autologin_time'] && $this->data['session_time'] < $this->time_now - (86400 * (int) $config['max_autologin_time']) + 60))
    						{
    							$session_expired = true;
    						}
    					}
    
    					if (!$session_expired)
    					{
    						// Only update session DB a minute or so after last update or if page changes
    						if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
    						{
    							$sql_ary = array('session_time' => $this->time_now);
    
    							if ($this->update_session_page)
    							{
    								$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
    								$sql_ary['session_forum_id'] = $this->page['forum'];
    							}
    
    							$db->sql_return_on_error(true);
    
    							$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
    								WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
    							$result = $db->sql_query($sql);
    
    							$db->sql_return_on_error(false);
    
    							// If the database is not yet updated, there will be an error due to the session_forum_id
    							// @todo REMOVE for 3.0.2
    							if ($result === false)
    							{
    								unset($sql_ary['session_forum_id']);
    
    								$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
    									WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
    								$db->sql_query($sql);
    							}
    
    							if ($this->data['user_id'] != ANONYMOUS && !empty($config['new_member_post_limit']) && $this->data['user_new'] && $config['new_member_post_limit'] <= $this->data['user_posts'])
    							{
    								$this->leave_newly_registered();
    							}
    						}
    
    						$this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
    						$this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
    						$this->data['user_lang'] = basename($this->data['user_lang']);
    
    						return true;
    					}
    				}
    				else
    				{
    					// Added logging temporarly to help debug bugs...
    					if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS)
    					{
    						if ($referer_valid)
    						{
    							add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for));
    						}
    						else
    						{
    							add_log('critical', 'LOG_REFERER_INVALID', $this->referer);
    						}
    					}
    				}
    			}
    		}
    
    		// If we reach here then no (valid) session exists. So we'll create a new one
    		return $this->session_create();
    	}
    
    	/**
    	* Create a new session
    	*
    	* If upon trying to start a session we discover there is nothing existing we
    	* jump here. Additionally this method is called directly during login to regenerate
    	* the session for the specific user. In this method we carry out a number of tasks;
    	* garbage collection, (search)bot checking, banned user comparison. Basically
    	* though this method will result in a new session for a specific user.
    	*/
    	function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
    	{
    		global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx;
    
    		$this->data = array();
    
    		/* Garbage collection ... remove old sessions updating user information
    		// if necessary. It means (potentially) 11 queries but only infrequently
    		if ($this->time_now > $config['session_last_gc'] + $config['session_gc'])
    		{
    			$this->session_gc();
    		}*/
    
    		// Do we allow autologin on this board? No? Then override anything
    		// that may be requested here
    		if (!$config['allow_autologin'])
    		{
    			$this->cookie_data['k'] = $persist_login = false;
    		}
    
    		/**
    		* Here we do a bot check, oh er saucy! No, not that kind of bot
    		* check. We loop through the list of bots defined by the admin and
    		* see if we have any useragent and/or IP matches. If we do, this is a
    		* bot, act accordingly
    		*/
    		$bot = false;
    		$active_bots = $cache->obtain_bots();
    
    		foreach ($active_bots as $row)
    		{
    			if ($row['bot_agent'] && preg_match('#' . str_replace('\*', '.*?', preg_quote($row['bot_agent'], '#')) . '#i', $this->browser))
    			{
    				$bot = $row['user_id'];
    			}
    
    			// If ip is supplied, we will make sure the ip is matching too...
    			if ($row['bot_ip'] && ($bot || !$row['bot_agent']))
    			{
    				// Set bot to false, then we only have to set it to true if it is matching
    				$bot = false;
    
    				foreach (explode(',', $row['bot_ip']) as $bot_ip)
    				{
    					$bot_ip = trim($bot_ip);
    
    					if (!$bot_ip)
    					{
    						continue;
    					}
    
    					if (strpos($this->ip, $bot_ip) === 0)
    					{
    						$bot = (int) $row['user_id'];
    						break;
    					}
    				}
    			}
    
    			if ($bot)
    			{
    				break;
    			}
    		}
    
    		$method = basename(trim($config['auth_method']));
    		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
    
    		$method = 'autologin_' . $method;
    		if (function_exists($method))
    		{
    			$this->data = $method();
    
    			if (sizeof($this->data))
    			{
    				$this->cookie_data['k'] = '';
    				$this->cookie_data['u'] = $this->data['user_id'];
    			}
    		}
    
    		// If we're presented with an autologin key we'll join against it.
    		// Else if we've been passed a user_id we'll grab data based on that
    		if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
    		{
    			$sql = 'SELECT u.*
    				FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
    				WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
    					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
    					AND k.user_id = u.user_id
    					AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    			$bot = false;
    		}
    		else if ($user_id !== false && !sizeof($this->data))
    		{
    			$this->cookie_data['k'] = '';
    			$this->cookie_data['u'] = $user_id;
    
    			$sql = 'SELECT *
    				FROM ' . USERS_TABLE . '
    				WHERE user_id = ' . (int) $this->cookie_data['u'] . '
    					AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    			$bot = false;
    		}
    
    		// Bot user, if they have a SID in the Request URI we need to get rid of it
    		// otherwise they'll index this page with the SID, duplicate content oh my!
    		if ($bot && isset($_GET['sid']))
    		{
    			send_status_line(301, 'Moved Permanently');
    			redirect(build_url(array('sid')));
    		}
    
    		// If no data was returned one or more of the following occurred:
    		// Key didn't match one in the DB
    		// User does not exist
    		// User is inactive
    		// User is bot
    		if (!sizeof($this->data) || !is_array($this->data))
    		{
    			$this->cookie_data['k'] = '';
    			$this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS;
    
    			if (!$bot)
    			{
    				$sql = 'SELECT *
    					FROM ' . USERS_TABLE . '
    					WHERE user_id = ' . (int) $this->cookie_data['u'];
    			}
    			else
    			{
    				// We give bots always the same session if it is not yet expired.
    				$sql = 'SELECT u.*, s.*
    					FROM ' . USERS_TABLE . ' u
    					LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
    					WHERE u.user_id = ' . (int) $bot;
    			}
    
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    
    		if ($this->data['user_id'] != ANONYMOUS && !$bot)
    		{
    			$this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
    		}
    		else
    		{
    			$this->data['session_last_visit'] = $this->time_now;
    		}
    
    		// Force user id to be integer...
    		$this->data['user_id'] = (int) $this->data['user_id'];
    
    		// At this stage we should have a filled data array, defined cookie u and k data.
    		// data array should contain recent session info if we're a real user and a recent
    		// session exists in which case session_id will also be set
    
    		// Is user banned? Are they excluded? Won't return on ban, exists within method
    		if ($this->data['user_type'] != USER_FOUNDER)
    		{
    			if (!$config['forwarded_for_check'])
    			{
    				$this->check_ban($this->data['user_id'], $this->ip);
    			}
    			else
    			{
    				$ips = explode(' ', $this->forwarded_for);
    				$ips[] = $this->ip;
    				$this->check_ban($this->data['user_id'], $ips);
    			}
    		}
    
    		$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
    		$this->data['is_bot'] = ($bot) ? true : false;
    
    		// If our friend is a bot, we re-assign a previously assigned session
    		if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id'])
    		{
    			// Only assign the current session if the ip, browser and forwarded_for match...
    			if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false)
    			{
    				$s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']);
    				$u_ip = short_ipv6($this->ip, $config['ip_check']);
    			}
    			else
    			{
    				$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
    				$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
    			}
    
    			$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
    			$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
    
    			$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
    			$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
    
    			if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
    			{
    				$this->session_id = $this->data['session_id'];
    
    				// Only update session DB a minute or so after last update or if page changes
    				if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
    				{
    					$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
    
    					$sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0);
    
    					if ($this->update_session_page)
    					{
    						$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
    						$sql_ary['session_forum_id'] = $this->page['forum'];
    					}
    
    					$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
    						WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
    					$db->sql_query($sql);
    
    					// Update the last visit time
    					$sql = 'UPDATE ' . USERS_TABLE . '
    						SET user_lastvisit = ' . (int) $this->data['session_time'] . '
    						WHERE user_id = ' . (int) $this->data['user_id'];
    					$db->sql_query($sql);
    				}
    
    				$SID = '?sid=';
    				$_SID = '';
    				return true;
    			}
    			else
    			{
    				// If the ip and browser does not match make sure we only have one bot assigned to one session
    				$db->sql_query('DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $this->data['user_id']);
    			}
    		}
    
    		$session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false;
    		$set_admin = ($set_admin && $this->data['is_registered']) ? true : false;
    
    		// Create or update the session
    		$sql_ary = array(
    			'session_user_id'		=> (int) $this->data['user_id'],
    			'session_start'			=> (int) $this->time_now,
    			'session_last_visit'	=> (int) $this->data['session_last_visit'],
    			'session_time'			=> (int) $this->time_now,
    			'session_browser'		=> (string) trim(substr($this->browser, 0, 149)),
    			'session_forwarded_for'	=> (string) $this->forwarded_for,
    			'session_ip'			=> (string) $this->ip,
    			'session_autologin'		=> ($session_autologin) ? 1 : 0,
    			'session_admin'			=> ($set_admin) ? 1 : 0,
    			'session_viewonline'	=> ($viewonline) ? 1 : 0,
    		);
    
    		if ($this->update_session_page)
    		{
    			$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
    			$sql_ary['session_forum_id'] = $this->page['forum'];
    		}
    
    		$db->sql_return_on_error(true);
    
    		$sql = 'DELETE
    			FROM ' . SESSIONS_TABLE . '
    			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'
    				AND session_user_id = ' . ANONYMOUS;
    
    		if (!defined('IN_ERROR_HANDLER') && (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows()))
    		{
    			// Limit new sessions in 1 minute period (if required)
    			if (empty($this->data['session_time']) && $config['active_sessions'])
    			{
    //				$db->sql_return_on_error(false);
    
    				$sql = 'SELECT COUNT(session_id) AS sessions
    					FROM ' . SESSIONS_TABLE . '
    					WHERE session_time >= ' . ($this->time_now - 60);
    				$result = $db->sql_query($sql);
    				$row = $db->sql_fetchrow($result);
    				$db->sql_freeresult($result);
    
    				if ((int) $row['sessions'] > (int) $config['active_sessions'])
    				{
    					send_status_line(503, 'Service Unavailable');
    					trigger_error('BOARD_UNAVAILABLE');
    				}
    			}
    		}
    
    		// Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
    		// Commented out because it will not allow forums to update correctly
    //		$db->sql_return_on_error(false);
    
    		// Something quite important: session_page always holds the *last* page visited, except for the *first* visit.
    		// We are not able to simply have an empty session_page btw, therefore we need to tell phpBB how to detect this special case.
    		// If the session id is empty, we have a completely new one and will set an "identifier" here. This identifier is able to be checked later.
    		if (empty($this->data['session_id']))
    		{
    			// This is a temporary variable, only set for the very first visit
    			$this->data['session_created'] = true;
    		}
    
    		$this->session_id = $this->data['session_id'] = md5(unique_id());
    
    		$sql_ary['session_id'] = (string) $this->session_id;
    		$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
    		$sql_ary['session_forum_id'] = $this->page['forum'];
    
    		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
    		$db->sql_query($sql);
    
    		$db->sql_return_on_error(false);
    
    		// Regenerate autologin/persistent login key
    		if ($session_autologin)
    		{
    			$this->set_login_key();
    		}
    
    		// refresh data
    		$SID = '?sid=' . $this->session_id;
    		$_SID = $this->session_id;
    		$this->data = array_merge($this->data, $sql_ary);
    
    		if (!$bot)
    		{
    			$cookie_expire = $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000);
    
    			$this->set_cookie('u', $this->cookie_data['u'], $cookie_expire);
    			$this->set_cookie('k', $this->cookie_data['k'], $cookie_expire);
    			$this->set_cookie('sid', $this->session_id, $cookie_expire);
    
    			unset($cookie_expire);
    
    			$sql = 'SELECT COUNT(session_id) AS sessions
    					FROM ' . SESSIONS_TABLE . '
    					WHERE session_user_id = ' . (int) $this->data['user_id'] . '
    					AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
    			$result = $db->sql_query($sql);
    			$row = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    
    			if ((int) $row['sessions'] <= 1 || empty($this->data['user_form_salt']))
    			{
    				$this->data['user_form_salt'] = unique_id();
    				// Update the form key
    				$sql = 'UPDATE ' . USERS_TABLE . '
    					SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\'
    					WHERE user_id = ' . (int) $this->data['user_id'];
    				$db->sql_query($sql);
    			}
    		}
    		else
    		{
    			$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
    
    			// Update the last visit time
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $this->data['session_time'] . '
    				WHERE user_id = ' . (int) $this->data['user_id'];
    			$db->sql_query($sql);
    
    			$SID = '?sid=';
    			$_SID = '';
    		}
    
    		return true;
    	}
    
    	/**
    	* Kills a session
    	*
    	* This method does what it says on the tin. It will delete a pre-existing session.
    	* It resets cookie information (destroying any autologin key within that cookie data)
    	* and update the users information from the relevant session data. It will then
    	* grab guest user information.
    	*/
    	function session_kill($new_session = true)
    	{
    		global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx;
    
    		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
    			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
    				AND session_user_id = " . (int) $this->data['user_id'];
    		$db->sql_query($sql);
    
    		// Allow connecting logout with external auth method logout
    		$method = basename(trim($config['auth_method']));
    		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
    
    		$method = 'logout_' . $method;
    		if (function_exists($method))
    		{
    			$method($this->data, $new_session);
    		}
    
    		if ($this->data['user_id'] != ANONYMOUS)
    		{
    			// Delete existing session, update last visit info first!
    			if (!isset($this->data['session_time']))
    			{
    				$this->data['session_time'] = time();
    			}
    
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $this->data['session_time'] . '
    				WHERE user_id = ' . (int) $this->data['user_id'];
    			$db->sql_query($sql);
    
    			if ($this->cookie_data['k'])
    			{
    				$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
    					WHERE user_id = ' . (int) $this->data['user_id'] . "
    						AND key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
    				$db->sql_query($sql);
    			}
    
    			// Reset the data array
    			$this->data = array();
    
    			$sql = 'SELECT *
    				FROM ' . USERS_TABLE . '
    				WHERE user_id = ' . ANONYMOUS;
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    
    		$cookie_expire = $this->time_now - 31536000;
    		$this->set_cookie('u', '', $cookie_expire);
    		$this->set_cookie('k', '', $cookie_expire);
    		$this->set_cookie('sid', '', $cookie_expire);
    		unset($cookie_expire);
    
    		$SID = '?sid=';
    		$this->session_id = $_SID = '';
    
    		// To make sure a valid session is created we create one for the anonymous user
    		if ($new_session)
    		{
    			$this->session_create(ANONYMOUS);
    		}
    
    		return true;
    	}
    
    	/**
    	* Session garbage collection
    	*
    	* This looks a lot more complex than it really is. Effectively we are
    	* deleting any sessions older than an admin definable limit. Due to the
    	* way in which we maintain session data we have to ensure we update user
    	* data before those sessions are destroyed. In addition this method
    	* removes autologin key information that is older than an admin defined
    	* limit.
    	*/
    	function session_gc()
    	{
    		global $db, $config, $phpbb_root_path, $phpEx;
    
    		$batch_size = 10;
    
    		if (!$this->time_now)
    		{
    			$this->time_now = time();
    		}
    
    		// Firstly, delete guest sessions
    		$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
    			WHERE session_user_id = ' . ANONYMOUS . '
    				AND session_time < ' . (int) ($this->time_now - $config['session_length']);
    		$db->sql_query($sql);
    
    		// Get expired sessions, only most recent for each user
    		$sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time
    			FROM ' . SESSIONS_TABLE . '
    			WHERE session_time < ' . ($this->time_now - $config['session_length']) . '
    			GROUP BY session_user_id, session_page';
    		$result = $db->sql_query_limit($sql, $batch_size);
    
    		$del_user_id = array();
    		$del_sessions = 0;
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
    				WHERE user_id = " . (int) $row['session_user_id'];
    			$db->sql_query($sql);
    
    			$del_user_id[] = (int) $row['session_user_id'];
    			$del_sessions++;
    		}
    		$db->sql_freeresult($result);
    
    		if (sizeof($del_user_id))
    		{
    			// Delete expired sessions
    			$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
    				WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
    					AND session_time < ' . ($this->time_now - $config['session_length']);
    			$db->sql_query($sql);
    		}
    
    		if ($del_sessions < $batch_size)
    		{
    			// Less than 10 users, update gc timer ... else we want gc
    			// called again to delete other sessions
    			set_config('session_last_gc', $this->time_now, true);
    
    			if ($config['max_autologin_time'])
    			{
    				$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
    					WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time']));
    				$db->sql_query($sql);
    			}
    
    			// only called from CRON; should be a safe workaround until the infrastructure gets going
    			if (!class_exists('phpbb_captcha_factory'))
    			{
    				include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);
    			}
    			phpbb_captcha_factory::garbage_collect($config['captcha_plugin']);
    
    			$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
    				WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
    			$db->sql_query($sql);
    		}
    
    		return;
    	}
    
    	/**
    	* Sets a cookie
    	*
    	* Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.
    	*
    	* @param string $name		Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.
    	* @param string $cookiedata	The data to hold within the cookie
    	* @param int $cookietime	The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.
    	*/
    	function set_cookie($name, $cookiedata, $cookietime)
    	{
    		global $config;
    
    		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
    		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
    		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
    
    		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
    	}
    
    	/**
    	* Check for banned user
    	*
    	* Checks whether the supplied user is banned by id, ip or email. If no parameters
    	* are passed to the method pre-existing session data is used. If $return is false
    	* this routine does not return on finding a banned user, it outputs a relevant
    	* message and stops execution.
    	*
    	* @param string|array	$user_ips	Can contain a string with one IP or an array of multiple IPs
    	*/
    	function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false)
    	{
    		global $config, $db;
    
    		if (defined('IN_CHECK_BAN'))
    		{
    			return;
    		}
    
    		$banned = false;
    		$cache_ttl = 3600;
    		$where_sql = array();
    
    		$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
    			FROM ' . BANLIST_TABLE . '
    			WHERE ';
    
    		// Determine which entries to check, only return those
    		if ($user_email === false)
    		{
    			$where_sql[] = "ban_email = ''";
    		}
    
    		if ($user_ips === false)
    		{
    			$where_sql[] = "(ban_ip = '' OR ban_exclude = 1)";
    		}
    
    		if ($user_id === false)
    		{
    			$where_sql[] = '(ban_userid = 0 OR ban_exclude = 1)';
    		}
    		else
    		{
    			$cache_ttl = ($user_id == ANONYMOUS) ? 3600 : 0;
    			$_sql = '(ban_userid = ' . $user_id;
    
    			if ($user_email !== false)
    			{
    				$_sql .= " OR ban_email <> ''";
    			}
    
    			if ($user_ips !== false)
    			{
    				$_sql .= " OR ban_ip <> ''";
    			}
    
    			$_sql .= ')';
    
    			$where_sql[] = $_sql;
    		}
    
    		$sql .= (sizeof($where_sql)) ? implode(' AND ', $where_sql) : '';
    		$result = $db->sql_query($sql, $cache_ttl);
    
    		$ban_triggered_by = 'user';
    		while ($row = $db->sql_fetchrow($result))
    		{
    			if ($row['ban_end'] && $row['ban_end'] < time())
    			{
    				continue;
    			}
    
    			$ip_banned = false;
    			if (!empty($row['ban_ip']))
    			{
    				if (!is_array($user_ips))
    				{
    					$ip_banned = preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ips);
    				}
    				else
    				{
    					foreach ($user_ips as $user_ip)
    					{
    						if (preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ip))
    						{
    							$ip_banned = true;
    							break;
    						}
    					}
    				}
    			}
    
    			if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) ||
    				$ip_banned ||
    				(!empty($row['ban_email']) && preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_email'], '#')) . '$#i', $user_email)))
    			{
    				if (!empty($row['ban_exclude']))
    				{
    					$banned = false;
    					break;
    				}
    				else
    				{
    					$banned = true;
    					$ban_row = $row;
    
    					if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id)
    					{
    						$ban_triggered_by = 'user';
    					}
    					else if ($ip_banned)
    					{
    						$ban_triggered_by = 'ip';
    					}
    					else
    					{
    						$ban_triggered_by = 'email';
    					}
    
    					// Don't break. Check if there is an exclude rule for this user
    				}
    			}
    		}
    		$db->sql_freeresult($result);
    
    		if ($banned && !$return)
    		{
    			global $template;
    
    			// If the session is empty we need to create a valid one...
    			if (empty($this->session_id))
    			{
    				// This seems to be no longer needed? - #14971
    //				$this->session_create(ANONYMOUS);
    			}
    
    			// Initiate environment ... since it won't be set at this stage
    			$this->setup();
    
    			// Logout the user, banned users are unable to use the normal 'logout' link
    			if ($this->data['user_id'] != ANONYMOUS)
    			{
    				$this->session_kill();
    			}
    
    			// We show a login box here to allow founders accessing the board if banned by IP
    			if (defined('IN_LOGIN') && $this->data['user_id'] == ANONYMOUS)
    			{
    				global $phpEx;
    
    				$this->setup('ucp');
    				$this->data['is_registered'] = $this->data['is_bot'] = false;
    
    				// Set as a precaution to allow login_box() handling this case correctly as well as this function not being executed again.
    				define('IN_CHECK_BAN', 1);
    
    				login_box("index.$phpEx");
    
    				// The false here is needed, else the user is able to circumvent the ban.
    				$this->session_kill(false);
    			}
    
    			// Ok, we catch the case of an empty session id for the anonymous user...
    			// This can happen if the user is logging in, banned by username and the login_box() being called "again".
    			if (empty($this->session_id) && defined('IN_CHECK_BAN'))
    			{
    				$this->session_create(ANONYMOUS);
    			}
    
    
    			// Determine which message to output
    			$till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : '';
    			$message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
    
    			$message = sprintf($this->lang[$message], $till_date, '<a href="mailto:' . $config['board_contact'] . '">', '</a>');
    			$message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : '';
    			$message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>';
    
    			// To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
    			$this->session_kill(false);
    
    			// A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
    			if (defined('IN_CRON'))
    			{
    				garbage_collection();
    				exit_handler();
    				exit;
    			}
    
    			trigger_error($message);
    		}
    
    		return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned;
    	}
    
    	/**
    	* Check if ip is blacklisted
    	* This should be called only where absolutly necessary
    	*
    	* Only IPv4 (rbldns does not support AAAA records/IPv6 lookups)
    	*
    	* @author satmd (from the php manual)
    	* @param string $mode register/post - spamcop for example is ommitted for posting
    	* @return false if ip is not blacklisted, else an array([checked server], [lookup])
    	*/
    	function check_dnsbl($mode, $ip = false)
    	{
    		if ($ip === false)
    		{
    			$ip = $this->ip;
    		}
    
    		// Neither Spamhaus nor Spamcop supports IPv6 addresses.
    		if (strpos($ip, ':') !== false)
    		{
    			return false;
    		}
    
    		$dnsbl_check = array(
    			'sbl.spamhaus.org'	=> 'http://www.spamhaus.org/query/bl?ip=',
    		);
    
    		if ($mode == 'register')
    		{
    			$dnsbl_check['bl.spamcop.net'] = 'http://spamcop.net/bl.shtml?';
    		}
    
    		if ($ip)
    		{
    			$quads = explode('.', $ip);
    			$reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
    
    			// Need to be listed on all servers...
    			$listed = true;
    			$info = array();
    
    			foreach ($dnsbl_check as $dnsbl => $lookup)
    			{
    				if (phpbb_checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true)
    				{
    					$info = array($dnsbl, $lookup . $ip);
    				}
    				else
    				{
    					$listed = false;
    				}
    			}
    
    			if ($listed)
    			{
    				return $info;
    			}
    		}
    
    		return false;
    	}
    
    	/**
    	* Check if URI is blacklisted
    	* This should be called only where absolutly necessary, for example on the submitted website field
    	* This function is not in use at the moment and is only included for testing purposes, it may not work at all!
    	* This means it is untested at the moment and therefore commented out
    	*
    	* @param string $uri URI to check
    	* @return true if uri is on blacklist, else false. Only blacklist is checked (~zero FP), no grey lists
    	function check_uribl($uri)
    	{
    		// Normally parse_url() is not intended to parse uris
    		// We need to get the top-level domain name anyway... change.
    		$uri = parse_url($uri);
    
    		if ($uri === false || empty($uri['host']))
    		{
    			return false;
    		}
    
    		$uri = trim($uri['host']);
    
    		if ($uri)
    		{
    			// One problem here... the return parameter for the "windows" method is different from what
    			// we expect... this may render this check useless...
    			if (phpbb_checkdnsrr($uri . '.multi.uribl.com.', 'A') === true)
    			{
    				return true;
    			}
    		}
    
    		return false;
    	}
    	*/
    
    	/**
    	* Set/Update a persistent login key
    	*
    	* This method creates or updates a persistent session key. When a user makes
    	* use of persistent (formerly auto-) logins a key is generated and stored in the
    	* DB. When they revisit with the same key it's automatically updated in both the
    	* DB and cookie. Multiple keys may exist for each user representing different
    	* browsers or locations. As with _any_ non-secure-socket no passphrase login this
    	* remains vulnerable to exploit.
    	*/
    	function set_login_key($user_id = false, $key = false, $user_ip = false)
    	{
    		global $config, $db;
    
    		$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
    		$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
    		$key = ($key === false) ? (($this->cookie_data['k']) ? $this->cookie_data['k'] : false) : $key;
    
    		$key_id = unique_id(hexdec(substr($this->session_id, 0, 8)));
    
    		$sql_ary = array(
    			'key_id'		=> (string) md5($key_id),
    			'last_ip'		=> (string) $this->ip,
    			'last_login'	=> (int) time()
    		);
    
    		if (!$key)
    		{
    			$sql_ary += array(
    				'user_id'	=> (int) $user_id
    			);
    		}
    
    		if ($key)
    		{
    			$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . '
    				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
    				WHERE user_id = ' . (int) $user_id . "
    					AND key_id = '" . $db->sql_escape(md5($key)) . "'";
    		}
    		else
    		{
    			$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
    		}
    		$db->sql_query($sql);
    
    		$this->cookie_data['k'] = $key_id;
    
    		return false;
    	}
    
    	/**
    	* Reset all login keys for the specified user
    	*
    	* This method removes all current login keys for a specified (or the current)
    	* user. It will be called on password change to render old keys unusable
    	*/
    	function reset_login_keys($user_id = false)
    	{
    		global $config, $db;
    
    		$user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id;
    
    		$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
    			WHERE user_id = ' . (int) $user_id;
    		$db->sql_query($sql);
    
    		// If the user is logged in, update last visit info first before deleting sessions
    		$sql = 'SELECT session_time, session_page
    			FROM ' . SESSIONS_TABLE . '
    			WHERE session_user_id = ' . (int) $user_id . '
    			ORDER BY session_time DESC';
    		$result = $db->sql_query_limit($sql, 1);
    		$row = $db->sql_fetchrow($result);
    		$db->sql_freeresult($result);
    
    		if ($row)
    		{
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $row['session_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
    				WHERE user_id = " . (int) $user_id;
    			$db->sql_query($sql);
    		}
    
    		// Let's also clear any current sessions for the specified user_id
    		// If it's the current user then we'll leave this session intact
    		$sql_where = 'session_user_id = ' . (int) $user_id;
    		$sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : '';
    
    		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
    			WHERE $sql_where";
    		$db->sql_query($sql);
    
    		// We're changing the password of the current user and they have a key
    		// Lets regenerate it to be safe
    		if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k'])
    		{
    			$this->set_login_key($user_id);
    		}
    	}
    
    
    	/**
    	* Check if the request originated from the same page.
    	* @param bool $check_script_path If true, the path will be checked as well
    	*/
    	function validate_referer($check_script_path = false)
    	{
    		global $config;
    
    		// no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
    		if (empty($this->referer) || empty($this->host))
    		{
    			return true;
    		}
    
    		$host = htmlspecialchars($this->host);
    		$ref = substr($this->referer, strpos($this->referer, '://') + 3);
    
    		if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0)))
    		{
    			return false;
    		}
    		else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '')
    		{
    			$ref = substr($ref, strlen($host));
    			$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
    
    			if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0)
    			{
    				$ref = substr($ref, strlen(":$server_port"));
    			}
    
    			if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0))
    			{
    				return false;
    			}
    		}
    
    		return true;
    	}
    
    
    	function unset_admin()
    	{
    		global $db;
    		$sql = 'UPDATE ' . SESSIONS_TABLE . '
    			SET session_admin = 0
    			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'';
    		$db->sql_query($sql);
    	}
    }
    
    
    /**
    * Base user class
    *
    * This is the overarching class which contains (through session extend)
    * all methods utilised for user functionality during a session.
    *
    * @package phpBB3
    */
    class user extends session
    {
    	var $lang = array();
    	var $help = array();
    	var $theme = array();
    	var $date_format;
    	var $timezone;
    	var $dst;
    
    	var $lang_name = false;
    	var $lang_id = false;
    	var $lang_path;
    	var $img_lang;
    	var $img_array = array();
    
    	// Able to add new options (up to id 31)
    	var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'sig_bbcode' => 15, 'sig_smilies' => 16, 'sig_links' => 17);
    	var $keyvalues = array();
    
    	/**
    	* Constructor to set the lang path
    	*/
    	function user()
    	{
    		global $phpbb_root_path;
    
    		$this->lang_path = $phpbb_root_path . 'language/';
    	}
    
    	/**
    	* Function to set custom language path (able to use directory outside of phpBB)
    	*
    	* @param string $lang_path New language path used.
    	* @access public
    	*/
    	function set_custom_lang_path($lang_path)
    	{
    		$this->lang_path = $lang_path;
    
    		if (substr($this->lang_path, -1) != '/')
    		{
    			$this->lang_path .= '/';
    		}
    	}
    
    	/**
    	* Setup basic user-specific items (style, language, ...)
    	*/
    	function setup($lang_set = false, $style = false)
    	{
    		global $db, $template, $config, $auth, $phpEx, $phpbb_root_path, $cache;
    
    		if ($this->data['user_id'] != ANONYMOUS)
    		{
    			$this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
    
    			$this->date_format = $this->data['user_dateformat'];
    			$this->timezone = $this->data['user_timezone'] * 3600;
    			$this->dst = $this->data['user_dst'] * 3600;
    		}
    		else
    		{
    			$this->lang_name = basename($config['default_lang']);
    			$this->date_format = $config['default_dateformat'];
    			$this->timezone = $config['board_timezone'] * 3600;
    			$this->dst = $config['board_dst'] * 3600;
    
    			/**
    			* If a guest user is surfing, we try to guess his/her language first by obtaining the browser language
    			* If re-enabled we need to make sure only those languages installed are checked
    			* Commented out so we do not loose the code.
    
    			if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
    			{
    				$accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
    
    				foreach ($accept_lang_ary as $accept_lang)
    				{
    					// Set correct format ... guess full xx_YY form
    					$accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2));
    					$accept_lang = basename($accept_lang);
    
    					if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx"))
    					{
    						$this->lang_name = $config['default_lang'] = $accept_lang;
    						break;
    					}
    					else
    					{
    						// No match on xx_YY so try xx
    						$accept_lang = substr($accept_lang, 0, 2);
    						$accept_lang = basename($accept_lang);
    
    						if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx"))
    						{
    							$this->lang_name = $config['default_lang'] = $accept_lang;
    							break;
    						}
    					}
    				}
    			}
    			*/
    		}
    
    		// We include common language file here to not load it every time a custom language file is included
    		$lang = &$this->lang;
    
    		// Do not suppress error if in DEBUG_EXTRA mode
    		$include_result = (defined('DEBUG_EXTRA')) ? (include $this->lang_path . $this->lang_name . "/common.$phpEx") : (@include $this->lang_path . $this->lang_name . "/common.$phpEx");
    
    		if ($include_result === false)
    		{
    			die('Language file ' . $this->lang_path . $this->lang_name . "/common.$phpEx" . " couldn't be opened.");
    		}
    
    		$this->add_lang($lang_set);
    		unset($lang_set);
    
    		if (!empty($_GET['style']) && $auth->acl_get('a_styles') && !defined('ADMIN_START'))
    		{
    			global $SID, $_EXTRA_URL;
    
    			$style = request_var('style', 0);
    			$SID .= '&amp;style=' . $style;
    			$_EXTRA_URL = array('style=' . $style);
    		}
    		else
    		{
    			// Set up style
    			$style = ($style) ? $style : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']);
    		}
    
    		$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
    			FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i
    			WHERE s.style_id = $style
    				AND t.template_id = s.template_id
    				AND c.theme_id = s.theme_id
    				AND i.imageset_id = s.imageset_id";
    		$result = $db->sql_query($sql, 3600);
    		$this->theme = $db->sql_fetchrow($result);
    		$db->sql_freeresult($result);
    
    		// User has wrong style
    		if (!$this->theme && $style == $this->data['user_style'])
    		{
    			$style = $this->data['user_style'] = $config['default_style'];
    
    			$sql = 'UPDATE ' . USERS_TABLE . "
    				SET user_style = $style
    				WHERE user_id = {$this->data['user_id']}";
    			$db->sql_query($sql);
    
    			$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
    				FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i
    				WHERE s.style_id = $style
    					AND t.template_id = s.template_id
    					AND c.theme_id = s.theme_id
    					AND i.imageset_id = s.imageset_id";
    			$result = $db->sql_query($sql, 3600);
    			$this->theme = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    
    		if (!$this->theme)
    		{
    			trigger_error('Could not get style data', E_USER_ERROR);
    		}
    
    		// Now parse the cfg file and cache it
    		$parsed_items = $cache->obtain_cfg_items($this->theme);
    
    		// We are only interested in the theme configuration for now
    		$parsed_items = $parsed_items['theme'];
    
    		$check_for = array(
    			'parse_css_file'	=> (int) 0,
    			'pagination_sep'	=> (string) ', '
    		);
    
    		foreach ($check_for as $key => $default_value)
    		{
    			$this->theme[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value;
    			settype($this->theme[$key], gettype($default_value));
    
    			if (is_string($default_value))
    			{
    				$this->theme[$key] = htmlspecialchars($this->theme[$key]);
    			}
    		}
    
    		// If the style author specified the theme needs to be cached
    		// (because of the used paths and variables) than make sure it is the case.
    		// For example, if the theme uses language-specific images it needs to be stored in db.
    		if (!$this->theme['theme_storedb'] && $this->theme['parse_css_file'])
    		{
    			$this->theme['theme_storedb'] = 1;
    
    			$stylesheet = file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/stylesheet.css");
    			// Match CSS imports
    			$matches = array();
    			preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
    
    			if (sizeof($matches))
    			{
    				$content = '';
    				foreach ($matches[0] as $idx => $match)
    				{
    					if ($content = @file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/" . $matches[1][$idx]))
    					{
    						$content = trim($content);
    					}
    					else
    					{
    						$content = '';
    					}
    					$stylesheet = str_replace($match, $content, $stylesheet);
    				}
    				unset($content);
    			}
    
    			$stylesheet = str_replace('./', 'styles/' . $this->theme['theme_path'] . '/theme/', $stylesheet);
    
    			$sql_ary = array(
    				'theme_data'	=> $stylesheet,
    				'theme_mtime'	=> time(),
    				'theme_storedb'	=> 1
    			);
    
    			$sql = 'UPDATE ' . STYLES_THEME_TABLE . '
    				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
    				WHERE theme_id = ' . $this->theme['theme_id'];
    			$db->sql_query($sql);
    
    			unset($sql_ary);
    		}
    
    		$template->set_template();
    
    		$this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang'];
    
    		// Same query in style.php
    		$sql = 'SELECT *
    			FROM ' . STYLES_IMAGESET_DATA_TABLE . '
    			WHERE imageset_id = ' . $this->theme['imageset_id'] . "
    			AND image_filename <> ''
    			AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";
    		$result = $db->sql_query($sql, 3600);
    
    		$localised_images = false;
    		while ($row = $db->sql_fetchrow($result))
    		{
    			if ($row['image_lang'])
    			{
    				$localised_images = true;
    			}
    
    			$row['image_filename'] = rawurlencode($row['image_filename']);
    			$this->img_array[$row['image_name']] = $row;
    		}
    		$db->sql_freeresult($result);
    
    		// there were no localised images, try to refresh the localised imageset for the user's language
    		if (!$localised_images)
    		{
    			// Attention: this code ignores the image definition list from acp_styles and just takes everything
    			// that the config file contains
    			$sql_ary = array();
    
    			$db->sql_transaction('begin');
    
    			$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . '
    				WHERE imageset_id = ' . $this->theme['imageset_id'] . '
    					AND image_lang = \'' . $db->sql_escape($this->img_lang) . '\'';
    			$result = $db->sql_query($sql);
    
    			if (@file_exists("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg"))
    			{
    				$cfg_data_imageset_data = parse_cfg_file("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg");
    				foreach ($cfg_data_imageset_data as $image_name => $value)
    				{
    					if (strpos($value, '*') !== false)
    					{
    						if (substr($value, -1, 1) === '*')
    						{
    							list($image_filename, $image_height) = explode('*', $value);
    							$image_width = 0;
    						}
    						else
    						{
    							list($image_filename, $image_height, $image_width) = explode('*', $value);
    						}
    					}
    					else
    					{
    						$image_filename = $value;
    						$image_height = $image_width = 0;
    					}
    
    					if (strpos($image_name, 'img_') === 0 && $image_filename)
    					{
    						$image_name = substr($image_name, 4);
    						$sql_ary[] = array(
    							'image_name'		=> (string) $image_name,
    							'image_filename'	=> (string) $image_filename,
    							'image_height'		=> (int) $image_height,
    							'image_width'		=> (int) $image_width,
    							'imageset_id'		=> (int) $this->theme['imageset_id'],
    							'image_lang'		=> (string) $this->img_lang,
    						);
    					}
    				}
    			}
    
    			if (sizeof($sql_ary))
    			{
    				$db->sql_multi_insert(STYLES_IMAGESET_DATA_TABLE, $sql_ary);
    				$db->sql_transaction('commit');
    				$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE);
    
    				add_log('admin', 'LOG_IMAGESET_LANG_REFRESHED', $this->theme['imageset_name'], $this->img_lang);
    			}
    			else
    			{
    				$db->sql_transaction('commit');
    				add_log('admin', 'LOG_IMAGESET_LANG_MISSING', $this->theme['imageset_name'], $this->img_lang);
    			}
    		}
    
    		// Call phpbb_user_session_handler() in case external application want to "bend" some variables or replace classes...
    		// After calling it we continue script execution...
    		phpbb_user_session_handler();
    
    		// If this function got called from the error handler we are finished here.
    		if (defined('IN_ERROR_HANDLER'))
    		{
    			return;
    		}
    
    		// Disable board if the install/ directory is still present
    		// For the brave development army we do not care about this, else we need to comment out this everytime we develop locally
    		if (!defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install'))
    		{
    			// Adjust the message slightly according to the permissions
    			if ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))
    			{
    				$message = 'REMOVE_INSTALL';
    			}
    			else
    			{
    				$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
    			}
    			trigger_error($message);
    		}
    
    		// Is board disabled and user not an admin or moderator?
    		if ($config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
    		{
    			if ($this->data['is_bot'])
    			{
    				send_status_line(503, 'Service Unavailable');
    			}
    
    			$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
    			trigger_error($message);
    		}
    
    		// Is load exceeded?
    		if ($config['limit_load'] && $this->load !== false)
    		{
    			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !defined('IN_ADMIN'))
    			{
    				// Set board disabled to true to let the admins/mods get the proper notification
    				$config['board_disable'] = '1';
    
    				if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
    				{
    					if ($this->data['is_bot'])
    					{
    						send_status_line(503, 'Service Unavailable');
    					}
    					trigger_error('BOARD_UNAVAILABLE');
    				}
    			}
    		}
    
    		if (isset($this->data['session_viewonline']))
    		{
    			// Make sure the user is able to hide his session
    			if (!$this->data['session_viewonline'])
    			{
    				// Reset online status if not allowed to hide the session...
    				if (!$auth->acl_get('u_hideonline'))
    				{
    					$sql = 'UPDATE ' . SESSIONS_TABLE . '
    						SET session_viewonline = 1
    						WHERE session_user_id = ' . $this->data['user_id'];
    					$db->sql_query($sql);
    					$this->data['session_viewonline'] = 1;
    				}
    			}
    			else if (!$this->data['user_allow_viewonline'])
    			{
    				// the user wants to hide and is allowed to  -> cloaking device on.
    				if ($auth->acl_get('u_hideonline'))
    				{
    					$sql = 'UPDATE ' . SESSIONS_TABLE . '
    						SET session_viewonline = 0
    						WHERE session_user_id = ' . $this->data['user_id'];
    					$db->sql_query($sql);
    					$this->data['session_viewonline'] = 0;
    				}
    			}
    		}
    
    
    		// Does the user need to change their password? If so, redirect to the
    		// ucp profile reg_details page ... of course do not redirect if we're already in the ucp
    		if (!defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && !empty($this->data['is_registered']) && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
    		{
    			if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx")
    			{
    				redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&amp;mode=reg_details'));
    			}
    		}
    
    		return;
    	}
    
    	/**
    	* More advanced language substitution
    	* Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms.
    	* Params are the language key and the parameters to be substituted.
    	* This function/functionality is inspired by SHS` and Ashe.
    	*
    	* Example call: <samp>$user->lang('NUM_POSTS_IN_QUEUE', 1);</samp>
    	*/
    	function lang()
    	{
    		$args = func_get_args();
    		$key = $args[0];
    
    		if (is_array($key))
    		{
    			$lang = &$this->lang[array_shift($key)];
    
    			foreach ($key as $_key)
    			{
    				$lang = &$lang[$_key];
    			}
    		}
    		else
    		{
    			$lang = &$this->lang[$key];
    		}
    
    		// Return if language string does not exist
    		if (!isset($lang) || (!is_string($lang) && !is_array($lang)))
    		{
    			return $key;
    		}
    
    		// If the language entry is a string, we simply mimic sprintf() behaviour
    		if (is_string($lang))
    		{
    			if (sizeof($args) == 1)
    			{
    				return $lang;
    			}
    
    			// Replace key with language entry and simply pass along...
    			$args[0] = $lang;
    			return call_user_func_array('sprintf', $args);
    		}
    
    		// It is an array... now handle different nullar/singular/plural forms
    		$key_found = false;
    
    		// We now get the first number passed and will select the key based upon this number
    		for ($i = 1, $num_args = sizeof($args); $i < $num_args; $i++)
    		{
    			if (is_int($args[$i]))
    			{
    				$numbers = array_keys($lang);
    
    				foreach ($numbers as $num)
    				{
    					if ($num > $args[$i])
    					{
    						break;
    					}
    
    					$key_found = $num;
    				}
    				break;
    			}
    		}
    
    		// Ok, let's check if the key was found, else use the last entry (because it is mostly the plural form)
    		if ($key_found === false)
    		{
    			$numbers = array_keys($lang);
    			$key_found = end($numbers);
    		}
    
    		// Use the language string we determined and pass it to sprintf()
    		$args[0] = $lang[$key_found];
    		return call_user_func_array('sprintf', $args);
    	}
    
    	/**
    	* Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion)
    	*
    	* @param mixed $lang_set specifies the language entries to include
    	* @param bool $use_db internal variable for recursion, do not use
    	* @param bool $use_help internal variable for recursion, do not use
    	*
    	* Examples:
    	* <code>
    	* $lang_set = array('posting', 'help' => 'faq');
    	* $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq'))
    	* $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq'))
    	* $lang_set = 'posting'
    	* $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting'))
    	* </code>
    	*/
    	function add_lang($lang_set, $use_db = false, $use_help = false)
    	{
    		global $phpEx;
    
    		if (is_array($lang_set))
    		{
    			foreach ($lang_set as $key => $lang_file)
    			{
    				// Please do not delete this line.
    				// We have to force the type here, else [array] language inclusion will not work
    				$key = (string) $key;
    
    				if ($key == 'db')
    				{
    					$this->add_lang($lang_file, true, $use_help);
    				}
    				else if ($key == 'help')
    				{
    					$this->add_lang($lang_file, $use_db, true);
    				}
    				else if (!is_array($lang_file))
    				{
    					$this->set_lang($this->lang, $this->help, $lang_file, $use_db, $use_help);
    				}
    				else
    				{
    					$this->add_lang($lang_file, $use_db, $use_help);
    				}
    			}
    			unset($lang_set);
    		}
    		else if ($lang_set)
    		{
    			$this->set_lang($this->lang, $this->help, $lang_set, $use_db, $use_help);
    		}
    	}
    
    	/**
    	* Set language entry (called by add_lang)
    	* @access private
    	*/
    	function set_lang(&$lang, &$help, $lang_file, $use_db = false, $use_help = false)
    	{
    		global $phpEx;
    
    		// Make sure the language name is set (if the user setup did not happen it is not set)
    		if (!$this->lang_name)
    		{
    			global $config;
    			$this->lang_name = basename($config['default_lang']);
    		}
    
    		// $lang == $this->lang
    		// $help == $this->help
    		// - add appropriate variables here, name them as they are used within the language file...
    		if (!$use_db)
    		{
    			if ($use_help && strpos($lang_file, '/') !== false)
    			{
    				$language_filename = $this->lang_path . $this->lang_name . '/' . substr($lang_file, 0, stripos($lang_file, '/') + 1) . 'help_' . substr($lang_file, stripos($lang_file, '/') + 1) . '.' . $phpEx;
    			}
    			else
    			{
    				$language_filename = $this->lang_path . $this->lang_name . '/' . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx;
    			}
    
    			if (!file_exists($language_filename))
    			{
    				global $config;
    
    				if ($this->lang_name == 'en')
    				{
    					// The user's selected language is missing the file, the board default's language is missing the file, and the file doesn't exist in /en.
    					$language_filename = str_replace($this->lang_path . 'en', $this->lang_path . $this->data['user_lang'], $language_filename);
    					trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR);
    				}
    				else if ($this->lang_name == basename($config['default_lang']))
    				{
    					// Fall back to the English Language
    					$this->lang_name = 'en';
    					$this->set_lang($lang, $help, $lang_file, $use_db, $use_help);
    				}
    				else if ($this->lang_name == $this->data['user_lang'])
    				{
    					// Fall back to the board default language
    					$this->lang_name = basename($config['default_lang']);
    					$this->set_lang($lang, $help, $lang_file, $use_db, $use_help);
    				}
    
    				// Reset the lang name
    				$this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
    				return;
    			}
    
    			// Do not suppress error if in DEBUG_EXTRA mode
    			$include_result = (defined('DEBUG_EXTRA')) ? (include $language_filename) : (@include $language_filename);
    
    			if ($include_result === false)
    			{
    				trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR);
    			}
    		}
    		else if ($use_db)
    		{
    			// Get Database Language Strings
    			// Put them into $lang if nothing is prefixed, put them into $help if help: is prefixed
    			// For example: help:faq, posting
    		}
    	}
    
    	/**
    	* Format user date
    	*
    	* @param int $gmepoch unix timestamp
    	* @param string $format date format in date() notation. | used to indicate relative dates, for example |d m Y|, h:i is translated to Today, h:i.
    	* @param bool $forcedate force non-relative date format.
    	*
    	* @return mixed translated date
    	*/
    	function format_date($gmepoch, $format = false, $forcedate = false)
    	{
    		static $midnight;
    		static $date_cache;
    
    		$format = (!$format) ? $this->date_format : $format;
    		$now = time();
    		$delta = $now - $gmepoch;
    
    		if (!isset($date_cache[$format]))
    		{
    			// Is the user requesting a friendly date format (i.e. 'Today 12:42')?
    			$date_cache[$format] = array(
    				'is_short'		=> strpos($format, '|'),
    				'format_short'	=> substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1),
    				'format_long'	=> str_replace('|', '', $format),
    				'lang'			=> $this->lang['datetime'],
    			);
    
    			// Short representation of month in format? Some languages use different terms for the long and short format of May
    			if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false))
    			{
    				$date_cache[$format]['lang']['May'] = $this->lang['datetime']['May_short'];
    			}
    		}
    
    		// Zone offset
    		$zone_offset = $this->timezone + $this->dst;
    
    		// Show date <= 1 hour ago as 'xx min ago' but not greater than 60 seconds in the future
    		// A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago'
    		if ($delta <= 3600 && $delta > -60 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO']))
    		{
    			return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60)));
    		}
    
    		if (!$midnight)
    		{
    			list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $zone_offset));
    			$midnight = gmmktime(0, 0, 0, $m, $d, $y) - $zone_offset;
    		}
    
    		if ($date_cache[$format]['is_short'] !== false && !$forcedate && !($gmepoch < $midnight - 86400 || $gmepoch > $midnight + 172800))
    		{
    			$day = false;
    
    			if ($gmepoch > $midnight + 86400)
    			{
    				$day = 'TOMORROW';
    			}
    			else if ($gmepoch > $midnight)
    			{
    				$day = 'TODAY';
    			}
    			else if ($gmepoch > $midnight - 86400)
    			{
    				$day = 'YESTERDAY';
    			}
    
    			if ($day !== false)
    			{
    				return str_replace('||', $this->lang['datetime'][$day], strtr(@gmdate($date_cache[$format]['format_short'], $gmepoch + $zone_offset), $date_cache[$format]['lang']));
    			}
    		}
    
    		return strtr(@gmdate($date_cache[$format]['format_long'], $gmepoch + $zone_offset), $date_cache[$format]['lang']);
    	}
    
    	/**
    	* Get language id currently used by the user
    	*/
    	function get_iso_lang_id()
    	{
    		global $config, $db;
    
    		if (!empty($this->lang_id))
    		{
    			return $this->lang_id;
    		}
    
    		if (!$this->lang_name)
    		{
    			$this->lang_name = $config['default_lang'];
    		}
    
    		$sql = 'SELECT lang_id
    			FROM ' . LANG_TABLE . "
    			WHERE lang_iso = '" . $db->sql_escape($this->lang_name) . "'";
    		$result = $db->sql_query($sql);
    		$this->lang_id = (int) $db->sql_fetchfield('lang_id');
    		$db->sql_freeresult($result);
    
    		return $this->lang_id;
    	}
    
    	/**
    	* Get users profile fields
    	*/
    	function get_profile_fields($user_id)
    	{
    		global $db;
    
    		if (isset($this->profile_fields))
    		{
    			return;
    		}
    
    		$sql = 'SELECT *
    			FROM ' . PROFILE_FIELDS_DATA_TABLE . "
    			WHERE user_id = $user_id";
    		$result = $db->sql_query_limit($sql, 1);
    		$this->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row;
    		$db->sql_freeresult($result);
    	}
    
    	/**
    	* Specify/Get image
    	* $suffix is no longer used - we know it. ;) It is there for backward compatibility.
    	*/
    	function img($img, $alt = '', $width = false, $suffix = '', $type = 'full_tag')
    	{
    		static $imgs;
    		global $phpbb_root_path;
    
    		$img_data = &$imgs[$img];
    
    		if (empty($img_data))
    		{
    			if (!isset($this->img_array[$img]))
    			{
    				// Do not fill the image to let designers decide what to do if the image is empty
    				$img_data = '';
    				return $img_data;
    			}
    
    			// Use URL if told so
    			$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path;
    
    			$path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename'];
    
    			$img_data['src'] = $root_path . $path;
    			$img_data['width'] = $this->img_array[$img]['image_width'];
    			$img_data['height'] = $this->img_array[$img]['image_height'];
    
    			// We overwrite the width and height to the phpbb logo's width
    			// and height here if the contents of the site_logo file are
    			// really equal to the phpbb_logo
    			// This allows us to change the dimensions of the phpbb_logo without
    			// modifying the imageset.cfg and causing a conflict for everyone
    			// who modified it for their custom logo on updating
    			if ($img == 'site_logo' && file_exists($phpbb_root_path . $path))
    			{
    				global $cache;
    
    				$img_file_hashes = $cache->get('imageset_site_logo_md5');
    
    				if ($img_file_hashes === false)
    				{
    					$img_file_hashes = array();
    				}
    
    				$key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang'];
    				if (!isset($img_file_hashes[$key]))
    				{
    					$img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path));
    					$cache->put('imageset_site_logo_md5', $img_file_hashes);
    				}
    
    				$phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10';
    
    				if ($phpbb_logo_hash == $img_file_hashes[$key])
    				{
    					$img_data['width'] = '149';
    					$img_data['height'] = '52';
    				}
    			}
    		}
    
    		$alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt;
    
    		switch ($type)
    		{
    			case 'src':
    				return $img_data['src'];
    			break;
    
    			case 'width':
    				return ($width === false) ? $img_data['width'] : $width;
    			break;
    
    			case 'height':
    				return $img_data['height'];
    			break;
    
    			default:
    				$use_width = ($width === false) ? $img_data['width'] : $width;
    
    				return '<img src="' . $img_data['src'] . '"' . (($use_width) ? ' width="' . $use_width . '"' : '') . (($img_data['height']) ? ' height="' . $img_data['height'] . '"' : '') . ' alt="' . $alt . '" title="' . $alt . '" />';
    			break;
    		}
    	}
    
    	/**
    	* Get option bit field from user options
    	*/
    	function optionget($key, $data = false)
    	{
    		if (!isset($this->keyvalues[$key]))
    		{
    			$var = ($data) ? $data : $this->data['user_options'];
    			$this->keyvalues[$key] = ($var & 1 << $this->keyoptions[$key]) ? true : false;
    		}
    
    		return $this->keyvalues[$key];
    	}
    
    	/**
    	* Set option bit field for user options
    	*/
    	function optionset($key, $value, $data = false)
    	{
    		$var = ($data) ? $data : $this->data['user_options'];
    
    		if ($value && !($var & 1 << $this->keyoptions[$key]))
    		{
    			$var += 1 << $this->keyoptions[$key];
    		}
    		else if (!$value && ($var & 1 << $this->keyoptions[$key]))
    		{
    			$var -= 1 << $this->keyoptions[$key];
    		}
    		else
    		{
    			return ($data) ? $var : false;
    		}
    
    		if (!$data)
    		{
    			$this->data['user_options'] = $var;
    			return true;
    		}
    		else
    		{
    			return $var;
    		}
    	}
    
    	/**
    	* Funtion to make the user leave the NEWLY_REGISTERED system group.
    	* @access public
    	*/
    	function leave_newly_registered()
    	{
    		global $db;
    
    		if (empty($this->data['user_new']))
    		{
    			return false;
    		}
    
    		if (!function_exists('remove_newly_registered'))
    		{
    			global $phpbb_root_path, $phpEx;
    
    			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
    		}
    		if ($group = remove_newly_registered($this->data['user_id'], $this->data))
    		{
    			$this->data['group_id'] = $group;
    
    		}
    		$this->data['user_permissions'] = '';
    		$this->data['user_new'] = 0;
    
    		return true;
    	}
    }
    
    ?>
  10. s***k

    Hast du am Anfang der modifizierten Dateien eventuell ein Leerzeichen oder ist <?php wirklich das erste?
    Würde fast darauf tippen das in der index.php in der ersten Zeile ein Leerzeichen ist.
  11. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    siwek schrieb:
    Hast du am Anfang der modifizierten Dateien eventuell ein Leerzeichen oder ist <?php wirklich das erste?
    Würde fast darauf tippen das in der index.php in der ersten Zeile ein Leerzeichen ist.


    Es beginnt wirklich mit <?php auch wenn das nicht relevant sein sollte. Ich habe die Dateien noch nicht angepackt, also functions.php und session.php.
  12. s***k

    Hast Du mal in Deine index.php geschaut? Die Fehlermeldung mokiert ja Deine index.php

    Diese Seite behandelt auch Deine Fehlermeldung und könnte nützliche Hinweise geben.
    http://www.php-fehlermeldungen.de/topic24.html

    Beitrag zuletzt geändert: 14.2.2012 22:00:44 von siwek
  13. schinkenmedia schrieb:

    Da ich scheinbar kein Downloadvolum mehr habe hier einfach zum kopieren ;)

    functions.php:

    <?php
    /**
    *
    * @package phpBB3
    * @version $Id$
    * @copyright (c) 2005 phpBB Group
    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    *
    */
    
    /**
    * @ignore
    */
    if (!defined('IN_PHPBB'))
    {
    	exit;
    }
    
    // Common global functions
    
    /**
    * set_var
    *
    * Set variable, used by {@link request_var the request_var function}
    *
    * @access private
    */
    function set_var(&$result, $var, $type, $multibyte = false)
    {
    	settype($var, $type);
    	$result = $var;
    
    	if ($type == 'string')
    	{
    		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
    
    		if (!empty($result))
    		{
    			// Make sure multibyte characters are wellformed
    			if ($multibyte)
    			{
    				if (!preg_match('/^./u', $result))
    				{
    					$result = '';
    				}
    			}
    			else
    			{
    				// no multibyte, allow only ASCII (0-127)
    				$result = preg_replace('/[\x80-\xFF]/', '?', $result);
    			}
    		}
    
    		$result = (STRIP) ? stripslashes($result) : $result;
    	}
    }
    
    /**
    * request_var
    *
    * Used to get passed variable
    */
    function request_var($var_name, $default, $multibyte = false, $cookie = false)
    {
    	if (!$cookie && isset($_COOKIE[$var_name]))
    	{
    		if (!isset($_GET[$var_name]) && !isset($_POST[$var_name]))
    		{
    			return (is_array($default)) ? array() : $default;
    		}
    		$_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name];
    	}
    
    	$super_global = ($cookie) ? '_COOKIE' : '_REQUEST';
    	if (!isset($GLOBALS[$super_global][$var_name]) || is_array($GLOBALS[$super_global][$var_name]) != is_array($default))
    	{
    		return (is_array($default)) ? array() : $default;
    	}
    
    	$var = $GLOBALS[$super_global][$var_name];
    	if (!is_array($default))
    	{
    		$type = gettype($default);
    	}
    	else
    	{
    		list($key_type, $type) = each($default);
    		$type = gettype($type);
    		$key_type = gettype($key_type);
    		if ($type == 'array')
    		{
    			reset($default);
    			$default = current($default);
    			list($sub_key_type, $sub_type) = each($default);
    			$sub_type = gettype($sub_type);
    			$sub_type = ($sub_type == 'array') ? 'NULL' : $sub_type;
    			$sub_key_type = gettype($sub_key_type);
    		}
    	}
    
    	if (is_array($var))
    	{
    		$_var = $var;
    		$var = array();
    
    		foreach ($_var as $k => $v)
    		{
    			set_var($k, $k, $key_type);
    			if ($type == 'array' && is_array($v))
    			{
    				foreach ($v as $_k => $_v)
    				{
    					if (is_array($_v))
    					{
    						$_v = null;
    					}
    					set_var($_k, $_k, $sub_key_type, $multibyte);
    					set_var($var[$k][$_k], $_v, $sub_type, $multibyte);
    				}
    			}
    			else
    			{
    				if ($type == 'array' || is_array($v))
    				{
    					$v = null;
    				}
    				set_var($var[$k], $v, $type, $multibyte);
    			}
    		}
    	}
    	else
    	{
    		set_var($var, $var, $type, $multibyte);
    	}
    
    	return $var;
    }
    
    /**
    * Set config value. Creates missing config entry.
    */
    function set_config($config_name, $config_value, $is_dynamic = false)
    {
    	global $db, $cache, $config;
    
    	$sql = 'UPDATE ' . CONFIG_TABLE . "
    		SET config_value = '" . $db->sql_escape($config_value) . "'
    		WHERE config_name = '" . $db->sql_escape($config_name) . "'";
    	$db->sql_query($sql);
    
    	if (!$db->sql_affectedrows() && !isset($config[$config_name]))
    	{
    		$sql = 'INSERT INTO ' . CONFIG_TABLE . ' ' . $db->sql_build_array('INSERT', array(
    			'config_name'	=> $config_name,
    			'config_value'	=> $config_value,
    			'is_dynamic'	=> ($is_dynamic) ? 1 : 0));
    		$db->sql_query($sql);
    	}
    
    	$config[$config_name] = $config_value;
    
    	if (!$is_dynamic)
    	{
    		$cache->destroy('config');
    	}
    }
    
    /**
    * Set dynamic config value with arithmetic operation.
    */
    function set_config_count($config_name, $increment, $is_dynamic = false)
    {
    	global $db, $cache;
    
    	switch ($db->sql_layer)
    	{
    		case 'firebird':
    			// Precision must be from 1 to 18
    			$sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
    		break;
    
    		case 'postgres':
    			// Need to cast to text first for PostgreSQL 7.x
    			$sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
    		break;
    
    		// MySQL, SQlite, mssql, mssql_odbc, oracle
    		default:
    			$sql_update = 'config_value + ' . (int) $increment;
    		break;
    	}
    
    	$db->sql_query('UPDATE ' . CONFIG_TABLE . ' SET config_value = ' . $sql_update . " WHERE config_name = '" . $db->sql_escape($config_name) . "'");
    
    	if (!$is_dynamic)
    	{
    		$cache->destroy('config');
    	}
    }
    
    /**
    * Generates an alphanumeric random string of given length
    *
    * @return string
    */
    function gen_rand_string($num_chars = 8)
    {
    	// [a, z] + [0, 9] = 36
    	return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars);
    }
    
    /**
    * Generates a user-friendly alphanumeric random string of given length
    * We remove 0 and O so users cannot confuse those in passwords etc.
    *
    * @return string
    */
    function gen_rand_string_friendly($num_chars = 8)
    {
    	$rand_str = unique_id();
    
    	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
    	// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
    	$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
    
    	return substr($rand_str, 0, $num_chars);
    }
    
    /**
    * Return unique id
    * @param string $extra additional entropy
    */
    function unique_id($extra = 'c')
    {
    	static $dss_seeded = false;
    	global $config;
    
    	$val = $config['rand_seed'] . microtime();
    	$val = md5($val);
    	$config['rand_seed'] = md5($config['rand_seed'] . $val . $extra);
    
    	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
    	{
    		set_config('rand_seed_last_update', time(), true);
    		set_config('rand_seed', $config['rand_seed'], true);
    		$dss_seeded = true;
    	}
    
    	return substr($val, 4, 16);
    }
    
    /**
    * Wrapper for mt_rand() which allows swapping $min and $max parameters.
    *
    * PHP does not allow us to swap the order of the arguments for mt_rand() anymore.
    * (since PHP 5.3.4, see http://bugs.php.net/46587)
    *
    * @param int $min		Lowest value to be returned
    * @param int $max		Highest value to be returned
    *
    * @return int			Random integer between $min and $max (or $max and $min)
    */
    function phpbb_mt_rand($min, $max)
    {
    	return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max);
    }
    
    /**
    * Return formatted string for filesizes
    *
    * @param int	$value			filesize in bytes
    * @param bool	$string_only	true if language string should be returned
    * @param array	$allowed_units	only allow these units (data array indexes)
    *
    * @return mixed					data array if $string_only is false
    * @author bantu
    */
    function get_formatted_filesize($value, $string_only = true, $allowed_units = false)
    {
    	global $user;
    
    	$available_units = array(
    		'gb' => array(
    			'min' 		=> 1073741824, // pow(2, 30)
    			'index'		=> 3,
    			'si_unit'	=> 'GB',
    			'iec_unit'	=> 'GIB',
    		),
    		'mb' => array(
    			'min'		=> 1048576, // pow(2, 20)
    			'index'		=> 2,
    			'si_unit'	=> 'MB',
    			'iec_unit'	=> 'MIB',
    		),
    		'kb' => array(
    			'min'		=> 1024, // pow(2, 10)
    			'index'		=> 1,
    			'si_unit'	=> 'KB',
    			'iec_unit'	=> 'KIB',
    		),
    		'b' => array(
    			'min'		=> 0,
    			'index'		=> 0,
    			'si_unit'	=> 'BYTES', // Language index
    			'iec_unit'	=> 'BYTES',  // Language index
    		),
    	);
    
    	foreach ($available_units as $si_identifier => $unit_info)
    	{
    		if (!empty($allowed_units) && $si_identifier != 'b' && !in_array($si_identifier, $allowed_units))
    		{
    			continue;
    		}
    
    		if ($value >= $unit_info['min'])
    		{
    			$unit_info['si_identifier'] = $si_identifier;
    
    			break;
    		}
    	}
    	unset($available_units);
    
    	for ($i = 0; $i < $unit_info['index']; $i++)
    	{
    		$value /= 1024;
    	}
    	$value = round($value, 2);
    
    	// Lookup units in language dictionary
    	$unit_info['si_unit'] = (isset($user->lang[$unit_info['si_unit']])) ? $user->lang[$unit_info['si_unit']] : $unit_info['si_unit'];
    	$unit_info['iec_unit'] = (isset($user->lang[$unit_info['iec_unit']])) ? $user->lang[$unit_info['iec_unit']] : $unit_info['iec_unit'];
    
    	// Default to IEC
    	$unit_info['unit'] = $unit_info['iec_unit'];
    
    	if (!$string_only)
    	{
    		$unit_info['value'] = $value;
    
    		return $unit_info;
    	}
    
    	return $value  . ' ' . $unit_info['unit'];
    }
    
    /**
    * Determine whether we are approaching the maximum execution time. Should be called once
    * at the beginning of the script in which it's used.
    * @return	bool	Either true if the maximum execution time is nearly reached, or false
    *					if some time is still left.
    */
    function still_on_time($extra_time = 15)
    {
    	static $max_execution_time, $start_time;
    
    	$time = explode(' ', microtime());
    	$current_time = $time[0] + $time[1];
    
    	if (empty($max_execution_time))
    	{
    		$max_execution_time = (function_exists('ini_get')) ? (int) @ini_get('max_execution_time') : (int) @get_cfg_var('max_execution_time');
    
    		// If zero, then set to something higher to not let the user catch the ten seconds barrier.
    		if ($max_execution_time === 0)
    		{
    			$max_execution_time = 50 + $extra_time;
    		}
    
    		$max_execution_time = min(max(10, ($max_execution_time - $extra_time)), 50);
    
    		// For debugging purposes
    		// $max_execution_time = 10;
    
    		global $starttime;
    		$start_time = (empty($starttime)) ? $current_time : $starttime;
    	}
    
    	return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
    }
    
    /**
    *
    * @version Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)
    *
    * Portable PHP password hashing framework.
    *
    * Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
    * the public domain.
    *
    * There's absolutely no warranty.
    *
    * The homepage URL for this framework is:
    *
    *	http://www.openwall.com/phpass/
    *
    * Please be sure to update the Version line if you edit this file in any way.
    * It is suggested that you leave the main version number intact, but indicate
    * your project name (after the slash) and add your own revision information.
    *
    * Please do not change the "private" password hashing method implemented in
    * here, thereby making your hashes incompatible.  However, if you must, please
    * change the hash type identifier (the "$P$") to something different.
    *
    * Obviously, since this code is in the public domain, the above are not
    * requirements (there can be none), but merely suggestions.
    *
    *
    * Hash the password
    */
    function phpbb_hash($password)
    {
    	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    
    	$random_state = unique_id();
    	$random = '';
    	$count = 6;
    
    	if (($fh = @fopen('/dev/urandom', 'rb')))
    	{
    		$random = fread($fh, $count);
    		fclose($fh);
    	}
    
    	if (strlen($random) < $count)
    	{
    		$random = '';
    
    		for ($i = 0; $i < $count; $i += 16)
    		{
    			$random_state = md5(unique_id() . $random_state);
    			$random .= pack('H*', md5($random_state));
    		}
    		$random = substr($random, 0, $count);
    	}
    
    	$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
    
    	if (strlen($hash) == 34)
    	{
    		return $hash;
    	}
    
    	return md5($password);
    }
    
    /**
    * Check for correct password
    *
    * @param string $password The password in plain text
    * @param string $hash The stored password hash
    *
    * @return bool Returns true if the password is correct, false if not.
    */
    function phpbb_check_hash($password, $hash)
    {
    	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
    	if (strlen($hash) == 34)
    	{
    		return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
    	}
    
    	return (md5($password) === $hash) ? true : false;
    }
    
    /**
    * Generate salt for hash generation
    */
    function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)
    {
    	if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
    	{
    		$iteration_count_log2 = 8;
    	}
    
    	$output = '$H$';
    	$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];
    	$output .= _hash_encode64($input, 6, $itoa64);
    
    	return $output;
    }
    
    /**
    * Encode hash
    */
    function _hash_encode64($input, $count, &$itoa64)
    {
    	$output = '';
    	$i = 0;
    
    	do
    	{
    		$value = ord($input[$i++]);
    		$output .= $itoa64[$value & 0x3f];
    
    		if ($i < $count)
    		{
    			$value |= ord($input[$i]) << 8;
    		}
    
    		$output .= $itoa64[($value >> 6) & 0x3f];
    
    		if ($i++ >= $count)
    		{
    			break;
    		}
    
    		if ($i < $count)
    		{
    			$value |= ord($input[$i]) << 16;
    		}
    
    		$output .= $itoa64[($value >> 12) & 0x3f];
    
    		if ($i++ >= $count)
    		{
    			break;
    		}
    
    		$output .= $itoa64[($value >> 18) & 0x3f];
    	}
    	while ($i < $count);
    
    	return $output;
    }
    
    /**
    * The crypt function/replacement
    */
    function _hash_crypt_private($password, $setting, &$itoa64)
    {
    	$output = '*';
    
    	// Check for correct hash
    	if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')
    	{
    		return $output;
    	}
    
    	$count_log2 = strpos($itoa64, $setting[3]);
    
    	if ($count_log2 < 7 || $count_log2 > 30)
    	{
    		return $output;
    	}
    
    	$count = 1 << $count_log2;
    	$salt = substr($setting, 4, 8);
    
    	if (strlen($salt) != 8)
    	{
    		return $output;
    	}
    
    	/**
    	* We're kind of forced to use MD5 here since it's the only
    	* cryptographic primitive available in all versions of PHP
    	* currently in use.  To implement our own low-level crypto
    	* in PHP would result in much worse performance and
    	* consequently in lower iteration counts and hashes that are
    	* quicker to crack (by non-PHP code).
    	*/
    	if (PHP_VERSION >= 5)
    	{
    		$hash = md5($salt . $password, true);
    		do
    		{
    			$hash = md5($hash . $password, true);
    		}
    		while (--$count);
    	}
    	else
    	{
    		$hash = pack('H*', md5($salt . $password));
    		do
    		{
    			$hash = pack('H*', md5($hash . $password));
    		}
    		while (--$count);
    	}
    
    	$output = substr($setting, 0, 12);
    	$output .= _hash_encode64($hash, 16, $itoa64);
    
    	return $output;
    }
    
    /**
    * Hashes an email address to a big integer
    *
    * @param string $email		Email address
    *
    * @return string			Unsigned Big Integer
    */
    function phpbb_email_hash($email)
    {
    	return sprintf('%u', crc32(strtolower($email))) . strlen($email);
    }
    
    /**
    * Global function for chmodding directories and files for internal use
    *
    * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions.
    * The function determines owner and group from common.php file and sets the same to the provided file.
    * The function uses bit fields to build the permissions.
    * The function sets the appropiate execute bit on directories.
    *
    * Supported constants representing bit fields are:
    *
    * CHMOD_ALL - all permissions (7)
    * CHMOD_READ - read permission (4)
    * CHMOD_WRITE - write permission (2)
    * CHMOD_EXECUTE - execute permission (1)
    *
    * NOTE: The function uses POSIX extension and fileowner()/filegroup() functions. If any of them is disabled, this function tries to build proper permissions, by calling is_readable() and is_writable() functions.
    *
    * @param string	$filename	The file/directory to be chmodded
    * @param int	$perms		Permissions to set
    *
    * @return bool	true on success, otherwise false
    * @author faw, phpBB Group
    */
    function phpbb_chmod($filename, $perms = CHMOD_READ)
    {
    	static $_chmod_info;
    
    	// Return if the file no longer exists.
    	if (!file_exists($filename))
    	{
    		return false;
    	}
    
    	// Determine some common vars
    	if (empty($_chmod_info))
    	{
    		if (!function_exists('fileowner') || !function_exists('filegroup'))
    		{
    			// No need to further determine owner/group - it is unknown
    			$_chmod_info['process'] = false;
    		}
    		else
    		{
    			global $phpbb_root_path, $phpEx;
    
    			// Determine owner/group of common.php file and the filename we want to change here
    			$common_php_owner = @fileowner($phpbb_root_path . 'common.' . $phpEx);
    			$common_php_group = @filegroup($phpbb_root_path . 'common.' . $phpEx);
    
    			// And the owner and the groups PHP is running under.
    			$php_uid = (function_exists('posix_getuid')) ? @posix_getuid() : false;
    			$php_gids = (function_exists('posix_getgroups')) ? @posix_getgroups() : false;
    
    			// If we are unable to get owner/group, then do not try to set them by guessing
    			if (!$php_uid || empty($php_gids) || !$common_php_owner || !$common_php_group)
    			{
    				$_chmod_info['process'] = false;
    			}
    			else
    			{
    				$_chmod_info = array(
    					'process'		=> true,
    					'common_owner'	=> $common_php_owner,
    					'common_group'	=> $common_php_group,
    					'php_uid'		=> $php_uid,
    					'php_gids'		=> $php_gids,
    				);
    			}
    		}
    	}
    
    	if ($_chmod_info['process'])
    	{
    		$file_uid = @fileowner($filename);
    		$file_gid = @filegroup($filename);
    
    		// Change owner
    		if (@chown($filename, $_chmod_info['common_owner']))
    		{
    			clearstatcache();
    			$file_uid = @fileowner($filename);
    		}
    
    		// Change group
    		if (@chgrp($filename, $_chmod_info['common_group']))
    		{
    			clearstatcache();
    			$file_gid = @filegroup($filename);
    		}
    
    		// If the file_uid/gid now match the one from common.php we can process further, else we are not able to change something
    		if ($file_uid != $_chmod_info['common_owner'] || $file_gid != $_chmod_info['common_group'])
    		{
    			$_chmod_info['process'] = false;
    		}
    	}
    
    	// Still able to process?
    	if ($_chmod_info['process'])
    	{
    		if ($file_uid == $_chmod_info['php_uid'])
    		{
    			$php = 'owner';
    		}
    		else if (in_array($file_gid, $_chmod_info['php_gids']))
    		{
    			$php = 'group';
    		}
    		else
    		{
    			// Since we are setting the everyone bit anyway, no need to do expensive operations
    			$_chmod_info['process'] = false;
    		}
    	}
    
    	// We are not able to determine or change something
    	if (!$_chmod_info['process'])
    	{
    		$php = 'other';
    	}
    
    	// Owner always has read/write permission
    	$owner = CHMOD_READ | CHMOD_WRITE;
    	if (is_dir($filename))
    	{
    		$owner |= CHMOD_EXECUTE;
    
    		// Only add execute bit to the permission if the dir needs to be readable
    		if ($perms & CHMOD_READ)
    		{
    			$perms |= CHMOD_EXECUTE;
    		}
    	}
    
    	switch ($php)
    	{
    		case 'owner':
    			$result = @chmod($filename, ($owner << 6) + (0 << 3) + (0 << 0));
    
    			clearstatcache();
    
    			if (is_readable($filename) && phpbb_is_writable($filename))
    			{
    				break;
    			}
    
    		case 'group':
    			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + (0 << 0));
    
    			clearstatcache();
    
    			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename)))
    			{
    				break;
    			}
    
    		case 'other':
    			$result = @chmod($filename, ($owner << 6) + ($perms << 3) + ($perms << 0));
    
    			clearstatcache();
    
    			if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename)))
    			{
    				break;
    			}
    
    		default:
    			return false;
    		break;
    	}
    
    	return $result;
    }
    
    /**
    * Test if a file/directory is writable
    *
    * This function calls the native is_writable() when not running under
    * Windows and it is not disabled.
    *
    * @param string $file Path to perform write test on
    * @return bool True when the path is writable, otherwise false.
    */
    function phpbb_is_writable($file)
    {
    	if (strtolower(substr(PHP_OS, 0, 3)) === 'win' || !function_exists('is_writable'))
    	{
    		if (file_exists($file))
    		{
    			// Canonicalise path to absolute path
    			$file = phpbb_realpath($file);
    
    			if (is_dir($file))
    			{
    				// Test directory by creating a file inside the directory
    				$result = @tempnam($file, 'i_w');
    
    				if (is_string($result) && file_exists($result))
    				{
    					unlink($result);
    
    					// Ensure the file is actually in the directory (returned realpathed)
    					return (strpos($result, $file) === 0) ? true : false;
    				}
    			}
    			else
    			{
    				$handle = @fopen($file, 'r+');
    
    				if (is_resource($handle))
    				{
    					fclose($handle);
    					return true;
    				}
    			}
    		}
    		else
    		{
    			// file does not exist test if we can write to the directory
    			$dir = dirname($file);
    
    			if (file_exists($dir) && is_dir($dir) && phpbb_is_writable($dir))
    			{
    				return true;
    			}
    		}
    
    		return false;
    	}
    	else
    	{
    		return is_writable($file);
    	}
    }
    
    // Compatibility functions
    
    if (!function_exists('array_combine'))
    {
    	/**
    	* A wrapper for the PHP5 function array_combine()
    	* @param array $keys contains keys for the resulting array
    	* @param array $values contains values for the resulting array
    	*
    	* @return Returns an array by using the values from the keys array as keys and the
    	* 	values from the values array as the corresponding values. Returns false if the
    	* 	number of elements for each array isn't equal or if the arrays are empty.
    	*/
    	function array_combine($keys, $values)
    	{
    		$keys = array_values($keys);
    		$values = array_values($values);
    
    		$n = sizeof($keys);
    		$m = sizeof($values);
    		if (!$n || !$m || ($n != $m))
    		{
    			return false;
    		}
    
    		$combined = array();
    		for ($i = 0; $i < $n; $i++)
    		{
    			$combined[$keys[$i]] = $values[$i];
    		}
    		return $combined;
    	}
    }
    
    if (!function_exists('str_split'))
    {
    	/**
    	* A wrapper for the PHP5 function str_split()
    	* @param array $string contains the string to be converted
    	* @param array $split_length contains the length of each chunk
    	*
    	* @return  Converts a string to an array. If the optional split_length parameter is specified,
    	*  	the returned array will be broken down into chunks with each being split_length in length,
    	*  	otherwise each chunk will be one character in length. FALSE is returned if split_length is
    	*  	less than 1. If the split_length length exceeds the length of string, the entire string is
    	*  	returned as the first (and only) array element.
    	*/
    	function str_split($string, $split_length = 1)
    	{
    		if ($split_length < 1)
    		{
    			return false;
    		}
    		else if ($split_length >= strlen($string))
    		{
    			return array($string);
    		}
    		else
    		{
    			preg_match_all('#.{1,' . $split_length . '}#s', $string, $matches);
    			return $matches[0];
    		}
    	}
    }
    
    if (!function_exists('stripos'))
    {
    	/**
    	* A wrapper for the PHP5 function stripos
    	* Find position of first occurrence of a case-insensitive string
    	*
    	* @param string $haystack is the string to search in
    	* @param string $needle is the string to search for
    	*
    	* @return mixed Returns the numeric position of the first occurrence of needle in the haystack string. Unlike strpos(), stripos() is case-insensitive.
    	* Note that the needle may be a string of one or more characters.
    	* If needle is not found, stripos() will return boolean FALSE.
    	*/
    	function stripos($haystack, $needle)
    	{
    		if (preg_match('#' . preg_quote($needle, '#') . '#i', $haystack, $m))
    		{
    			return strpos($haystack, $m[0]);
    		}
    
    		return false;
    	}
    }
    
    /**
    * Checks if a path ($path) is absolute or relative
    *
    * @param string $path Path to check absoluteness of
    * @return boolean
    */
    function is_absolute($path)
    {
    	return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:[/\\\]#i', $path))) ? true : false;
    }
    
    /**
    * @author Chris Smith <chris@project-minerva.org>
    * @copyright 2006 Project Minerva Team
    * @param string $path The path which we should attempt to resolve.
    * @return mixed
    */
    function phpbb_own_realpath($path)
    {
    	// Now to perform funky shizzle
    
    	// Switch to use UNIX slashes
    	$path = str_replace(DIRECTORY_SEPARATOR, '/', $path);
    	$path_prefix = '';
    
    	// Determine what sort of path we have
    	if (is_absolute($path))
    	{
    		$absolute = true;
    
    		if ($path[0] == '/')
    		{
    			// Absolute path, *NIX style
    			$path_prefix = '';
    		}
    		else
    		{
    			// Absolute path, Windows style
    			// Remove the drive letter and colon
    			$path_prefix = $path[0] . ':';
    			$path = substr($path, 2);
    		}
    	}
    	else
    	{
    		// Relative Path
    		// Prepend the current working directory
    		if (function_exists('getcwd'))
    		{
    			// This is the best method, hopefully it is enabled!
    			$path = str_replace(DIRECTORY_SEPARATOR, '/', getcwd()) . '/' . $path;
    			$absolute = true;
    			if (preg_match('#^[a-z]:#i', $path))
    			{
    				$path_prefix = $path[0] . ':';
    				$path = substr($path, 2);
    			}
    			else
    			{
    				$path_prefix = '';
    			}
    		}
    		else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME']))
    		{
    			// Warning: If chdir() has been used this will lie!
    			// Warning: This has some problems sometime (CLI can create them easily)
    			$path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path;
    			$absolute = true;
    			$path_prefix = '';
    		}
    		else
    		{
    			// We have no way of getting the absolute path, just run on using relative ones.
    			$absolute = false;
    			$path_prefix = '.';
    		}
    	}
    
    	// Remove any repeated slashes
    	$path = preg_replace('#/{2,}#', '/', $path);
    
    	// Remove the slashes from the start and end of the path
    	$path = trim($path, '/');
    
    	// Break the string into little bits for us to nibble on
    	$bits = explode('/', $path);
    
    	// Remove any . in the path, renumber array for the loop below
    	$bits = array_values(array_diff($bits, array('.')));
    
    	// Lets get looping, run over and resolve any .. (up directory)
    	for ($i = 0, $max = sizeof($bits); $i < $max; $i++)
    	{
    		// @todo Optimise
    		if ($bits[$i] == '..' )
    		{
    			if (isset($bits[$i - 1]))
    			{
    				if ($bits[$i - 1] != '..')
    				{
    					// We found a .. and we are able to traverse upwards, lets do it!
    					unset($bits[$i]);
    					unset($bits[$i - 1]);
    					$i -= 2;
    					$max -= 2;
    					$bits = array_values($bits);
    				}
    			}
    			else if ($absolute) // ie. !isset($bits[$i - 1]) && $absolute
    			{
    				// We have an absolute path trying to descend above the root of the filesystem
    				// ... Error!
    				return false;
    			}
    		}
    	}
    
    	// Prepend the path prefix
    	array_unshift($bits, $path_prefix);
    
    	$resolved = '';
    
    	$max = sizeof($bits) - 1;
    
    	// Check if we are able to resolve symlinks, Windows cannot.
    	$symlink_resolve = (function_exists('readlink')) ? true : false;
    
    	foreach ($bits as $i => $bit)
    	{
    		if (@is_dir("$resolved/$bit") || ($i == $max && @is_file("$resolved/$bit")))
    		{
    			// Path Exists
    			if ($symlink_resolve && is_link("$resolved/$bit") && ($link = readlink("$resolved/$bit")))
    			{
    				// Resolved a symlink.
    				$resolved = $link . (($i == $max) ? '' : '/');
    				continue;
    			}
    		}
    		else
    		{
    			// Something doesn't exist here!
    			// This is correct realpath() behaviour but sadly open_basedir and safe_mode make this problematic
    			// return false;
    		}
    		$resolved .= $bit . (($i == $max) ? '' : '/');
    	}
    
    	// @todo If the file exists fine and open_basedir only has one path we should be able to prepend it
    	// because we must be inside that basedir, the question is where...
    	// @internal The slash in is_dir() gets around an open_basedir restriction
    	if (!@file_exists($resolved) || (!@is_dir($resolved . '/') && !is_file($resolved)))
    	{
    		return false;
    	}
    
    	// Put the slashes back to the native operating systems slashes
    	$resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved);
    
    	// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
    	if (substr($resolved, -1) == DIRECTORY_SEPARATOR)
    	{
    		return substr($resolved, 0, -1);
    	}
    
    	return $resolved; // We got here, in the end!
    }
    
    if (!function_exists('realpath'))
    {
    	/**
    	* A wrapper for realpath
    	* @ignore
    	*/
    	function phpbb_realpath($path)
    	{
    		return phpbb_own_realpath($path);
    	}
    }
    else
    {
    	/**
    	* A wrapper for realpath
    	*/
    	function phpbb_realpath($path)
    	{
    		$realpath = realpath($path);
    
    		// Strangely there are provider not disabling realpath but returning strange values. :o
    		// We at least try to cope with them.
    		if ($realpath === $path || $realpath === false)
    		{
    			return phpbb_own_realpath($path);
    		}
    
    		// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
    		if (substr($realpath, -1) == DIRECTORY_SEPARATOR)
    		{
    			$realpath = substr($realpath, 0, -1);
    		}
    
    		return $realpath;
    	}
    }
    
    if (!function_exists('htmlspecialchars_decode'))
    {
    	/**
    	* A wrapper for htmlspecialchars_decode
    	* @ignore
    	*/
    	function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT)
    	{
    		return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style)));
    	}
    }
    
    // functions used for building option fields
    
    /**
    * Pick a language, any language ...
    */
    function language_select($default = '')
    {
    	global $db;
    
    	$sql = 'SELECT lang_iso, lang_local_name
    		FROM ' . LANG_TABLE . '
    		ORDER BY lang_english_name';
    	$result = $db->sql_query($sql);
    
    	$lang_options = '';
    	while ($row = $db->sql_fetchrow($result))
    	{
    		$selected = ($row['lang_iso'] == $default) ? ' selected="selected"' : '';
    		$lang_options .= '<option value="' . $row['lang_iso'] . '"' . $selected . '>' . $row['lang_local_name'] . '</option>';
    	}
    	$db->sql_freeresult($result);
    
    	return $lang_options;
    }
    
    /**
    * Pick a template/theme combo,
    */
    function style_select($default = '', $all = false)
    {
    	global $db;
    
    	$sql_where = (!$all) ? 'WHERE style_active = 1 ' : '';
    	$sql = 'SELECT style_id, style_name
    		FROM ' . STYLES_TABLE . "
    		$sql_where
    		ORDER BY style_name";
    	$result = $db->sql_query($sql);
    
    	$style_options = '';
    	while ($row = $db->sql_fetchrow($result))
    	{
    		$selected = ($row['style_id'] == $default) ? ' selected="selected"' : '';
    		$style_options .= '<option value="' . $row['style_id'] . '"' . $selected . '>' . $row['style_name'] . '</option>';
    	}
    	$db->sql_freeresult($result);
    
    	return $style_options;
    }
    
    /**
    * Pick a timezone
    */
    function tz_select($default = '', $truncate = false)
    {
    	global $user;
    
    	$tz_select = '';
    	foreach ($user->lang['tz_zones'] as $offset => $zone)
    	{
    		if ($truncate)
    		{
    			$zone_trunc = truncate_string($zone, 50, 255, false, '...');
    		}
    		else
    		{
    			$zone_trunc = $zone;
    		}
    
    		if (is_numeric($offset))
    		{
    			$selected = ($offset == $default) ? ' selected="selected"' : '';
    			$tz_select .= '<option title="' . $zone . '" value="' . $offset . '"' . $selected . '>' . $zone_trunc . '</option>';
    		}
    	}
    
    	return $tz_select;
    }
    
    // Functions handling topic/post tracking/marking
    
    /**
    * Marks a topic/forum as read
    * Marks a topic as posted to
    *
    * @param int $user_id can only be used with $mode == 'post'
    */
    function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0)
    {
    	global $db, $user, $config;
    
    	if ($mode == 'all')
    	{
    		if ($forum_id === false || !sizeof($forum_id))
    		{
    			if ($config['load_db_lastread'] && $user->data['is_registered'])
    			{
    				// Mark all forums read (index page)
    				$db->sql_query('DELETE FROM ' . TOPICS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
    				$db->sql_query('DELETE FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']}");
    				$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
    			}
    			else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    			{
    				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    				$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    
    				unset($tracking_topics['tf']);
    				unset($tracking_topics['t']);
    				unset($tracking_topics['f']);
    				$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
    
    				$user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);
    				$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics);
    
    				unset($tracking_topics);
    
    				if ($user->data['is_registered'])
    				{
    					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . time() . " WHERE user_id = {$user->data['user_id']}");
    				}
    			}
    		}
    
    		return;
    	}
    	else if ($mode == 'topics')
    	{
    		// Mark all topics in forums read
    		if (!is_array($forum_id))
    		{
    			$forum_id = array($forum_id);
    		}
    
    		// Add 0 to forums array to mark global announcements correctly
    		// $forum_id[] = 0;
    
    		if ($config['load_db_lastread'] && $user->data['is_registered'])
    		{
    			$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . "
    				WHERE user_id = {$user->data['user_id']}
    					AND " . $db->sql_in_set('forum_id', $forum_id);
    			$db->sql_query($sql);
    
    			$sql = 'SELECT forum_id
    				FROM ' . FORUMS_TRACK_TABLE . "
    				WHERE user_id = {$user->data['user_id']}
    					AND " . $db->sql_in_set('forum_id', $forum_id);
    			$result = $db->sql_query($sql);
    
    			$sql_update = array();
    			while ($row = $db->sql_fetchrow($result))
    			{
    				$sql_update[] = (int) $row['forum_id'];
    			}
    			$db->sql_freeresult($result);
    
    			if (sizeof($sql_update))
    			{
    				$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
    					SET mark_time = ' . time() . "
    					WHERE user_id = {$user->data['user_id']}
    						AND " . $db->sql_in_set('forum_id', $sql_update);
    				$db->sql_query($sql);
    			}
    
    			if ($sql_insert = array_diff($forum_id, $sql_update))
    			{
    				$sql_ary = array();
    				foreach ($sql_insert as $f_id)
    				{
    					$sql_ary[] = array(
    						'user_id'	=> (int) $user->data['user_id'],
    						'forum_id'	=> (int) $f_id,
    						'mark_time'	=> time()
    					);
    				}
    
    				$db->sql_multi_insert(FORUMS_TRACK_TABLE, $sql_ary);
    			}
    		}
    		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    		{
    			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
    
    			foreach ($forum_id as $f_id)
    			{
    				$topic_ids36 = (isset($tracking['tf'][$f_id])) ? $tracking['tf'][$f_id] : array();
    
    				if (isset($tracking['tf'][$f_id]))
    				{
    					unset($tracking['tf'][$f_id]);
    				}
    
    				foreach ($topic_ids36 as $topic_id36)
    				{
    					unset($tracking['t'][$topic_id36]);
    				}
    
    				if (isset($tracking['f'][$f_id]))
    				{
    					unset($tracking['f'][$f_id]);
    				}
    
    				$tracking['f'][$f_id] = base_convert(time() - $config['board_startdate'], 10, 36);
    			}
    
    			if (isset($tracking['tf']) && empty($tracking['tf']))
    			{
    				unset($tracking['tf']);
    			}
    
    			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
    			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
    
    			unset($tracking);
    		}
    
    		return;
    	}
    	else if ($mode == 'topic')
    	{
    		if ($topic_id === false || $forum_id === false)
    		{
    			return;
    		}
    
    		if ($config['load_db_lastread'] && $user->data['is_registered'])
    		{
    			$sql = 'UPDATE ' . TOPICS_TRACK_TABLE . '
    				SET mark_time = ' . (($post_time) ? $post_time : time()) . "
    				WHERE user_id = {$user->data['user_id']}
    					AND topic_id = $topic_id";
    			$db->sql_query($sql);
    
    			// insert row
    			if (!$db->sql_affectedrows())
    			{
    				$db->sql_return_on_error(true);
    
    				$sql_ary = array(
    					'user_id'		=> (int) $user->data['user_id'],
    					'topic_id'		=> (int) $topic_id,
    					'forum_id'		=> (int) $forum_id,
    					'mark_time'		=> ($post_time) ? (int) $post_time : time(),
    				);
    
    				$db->sql_query('INSERT INTO ' . TOPICS_TRACK_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    				$db->sql_return_on_error(false);
    			}
    		}
    		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    		{
    			$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
    
    			$topic_id36 = base_convert($topic_id, 10, 36);
    
    			if (!isset($tracking['t'][$topic_id36]))
    			{
    				$tracking['tf'][$forum_id][$topic_id36] = true;
    			}
    
    			$post_time = ($post_time) ? $post_time : time();
    			$tracking['t'][$topic_id36] = base_convert($post_time - $config['board_startdate'], 10, 36);
    
    			// If the cookie grows larger than 10000 characters we will remove the smallest value
    			// This can result in old topics being unread - but most of the time it should be accurate...
    			if (isset($_COOKIE[$config['cookie_name'] . '_track']) && strlen($_COOKIE[$config['cookie_name'] . '_track']) > 10000)
    			{
    				//echo 'Cookie grown too large' . print_r($tracking, true);
    
    				// We get the ten most minimum stored time offsets and its associated topic ids
    				$time_keys = array();
    				for ($i = 0; $i < 10 && sizeof($tracking['t']); $i++)
    				{
    					$min_value = min($tracking['t']);
    					$m_tkey = array_search($min_value, $tracking['t']);
    					unset($tracking['t'][$m_tkey]);
    
    					$time_keys[$m_tkey] = $min_value;
    				}
    
    				// Now remove the topic ids from the array...
    				foreach ($tracking['tf'] as $f_id => $topic_id_ary)
    				{
    					foreach ($time_keys as $m_tkey => $min_value)
    					{
    						if (isset($topic_id_ary[$m_tkey]))
    						{
    							$tracking['f'][$f_id] = $min_value;
    							unset($tracking['tf'][$f_id][$m_tkey]);
    						}
    					}
    				}
    
    				if ($user->data['is_registered'])
    				{
    					$user->data['user_lastmark'] = intval(base_convert(max($time_keys) + $config['board_startdate'], 36, 10));
    					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_lastmark = ' . $user->data['user_lastmark'] . " WHERE user_id = {$user->data['user_id']}");
    				}
    				else
    				{
    					$tracking['l'] = max($time_keys);
    				}
    			}
    
    			$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
    			$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
    		}
    
    		return;
    	}
    	else if ($mode == 'post')
    	{
    		if ($topic_id === false)
    		{
    			return;
    		}
    
    		$use_user_id = (!$user_id) ? $user->data['user_id'] : $user_id;
    
    		if ($config['load_db_track'] && $use_user_id != ANONYMOUS)
    		{
    			$db->sql_return_on_error(true);
    
    			$sql_ary = array(
    				'user_id'		=> (int) $use_user_id,
    				'topic_id'		=> (int) $topic_id,
    				'topic_posted'	=> 1
    			);
    
    			$db->sql_query('INSERT INTO ' . TOPICS_POSTED_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    			$db->sql_return_on_error(false);
    		}
    
    		return;
    	}
    }
    
    /**
    * Get topic tracking info by using already fetched info
    */
    function get_topic_tracking($forum_id, $topic_ids, &$rowset, $forum_mark_time, $global_announce_list = false)
    {
    	global $config, $user;
    
    	$last_read = array();
    
    	if (!is_array($topic_ids))
    	{
    		$topic_ids = array($topic_ids);
    	}
    
    	foreach ($topic_ids as $topic_id)
    	{
    		if (!empty($rowset[$topic_id]['mark_time']))
    		{
    			$last_read[$topic_id] = $rowset[$topic_id]['mark_time'];
    		}
    	}
    
    	$topic_ids = array_diff($topic_ids, array_keys($last_read));
    
    	if (sizeof($topic_ids))
    	{
    		$mark_time = array();
    
    		// Get global announcement info
    		if ($global_announce_list && sizeof($global_announce_list))
    		{
    			if (!isset($forum_mark_time[0]))
    			{
    				global $db;
    
    				$sql = 'SELECT mark_time
    					FROM ' . FORUMS_TRACK_TABLE . "
    					WHERE user_id = {$user->data['user_id']}
    						AND forum_id = 0";
    				$result = $db->sql_query($sql);
    				$row = $db->sql_fetchrow($result);
    				$db->sql_freeresult($result);
    
    				if ($row)
    				{
    					$mark_time[0] = $row['mark_time'];
    				}
    			}
    			else
    			{
    				if ($forum_mark_time[0] !== false)
    				{
    					$mark_time[0] = $forum_mark_time[0];
    				}
    			}
    		}
    
    		if (!empty($forum_mark_time[$forum_id]) && $forum_mark_time[$forum_id] !== false)
    		{
    			$mark_time[$forum_id] = $forum_mark_time[$forum_id];
    		}
    
    		$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user->data['user_lastmark'];
    
    		foreach ($topic_ids as $topic_id)
    		{
    			if ($global_announce_list && isset($global_announce_list[$topic_id]))
    			{
    				$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    			}
    			else
    			{
    				$last_read[$topic_id] = $user_lastmark;
    			}
    		}
    	}
    
    	return $last_read;
    }
    
    /**
    * Get topic tracking info from db (for cookie based tracking only this function is used)
    */
    function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_list = false)
    {
    	global $config, $user;
    
    	$last_read = array();
    
    	if (!is_array($topic_ids))
    	{
    		$topic_ids = array($topic_ids);
    	}
    
    	if ($config['load_db_lastread'] && $user->data['is_registered'])
    	{
    		global $db;
    
    		$sql = 'SELECT topic_id, mark_time
    			FROM ' . TOPICS_TRACK_TABLE . "
    			WHERE user_id = {$user->data['user_id']}
    				AND " . $db->sql_in_set('topic_id', $topic_ids);
    		$result = $db->sql_query($sql);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$last_read[$row['topic_id']] = $row['mark_time'];
    		}
    		$db->sql_freeresult($result);
    
    		$topic_ids = array_diff($topic_ids, array_keys($last_read));
    
    		if (sizeof($topic_ids))
    		{
    			$sql = 'SELECT forum_id, mark_time
    				FROM ' . FORUMS_TRACK_TABLE . "
    				WHERE user_id = {$user->data['user_id']}
    					AND forum_id " .
    					(($global_announce_list && sizeof($global_announce_list)) ? "IN (0, $forum_id)" : "= $forum_id");
    			$result = $db->sql_query($sql);
    
    			$mark_time = array();
    			while ($row = $db->sql_fetchrow($result))
    			{
    				$mark_time[$row['forum_id']] = $row['mark_time'];
    			}
    			$db->sql_freeresult($result);
    
    			$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user->data['user_lastmark'];
    
    			foreach ($topic_ids as $topic_id)
    			{
    				if ($global_announce_list && isset($global_announce_list[$topic_id]))
    				{
    					$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    				}
    				else
    				{
    					$last_read[$topic_id] = $user_lastmark;
    				}
    			}
    		}
    	}
    	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    	{
    		global $tracking_topics;
    
    		if (!isset($tracking_topics) || !sizeof($tracking_topics))
    		{
    			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    		}
    
    		if (!$user->data['is_registered'])
    		{
    			$user_lastmark = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0;
    		}
    		else
    		{
    			$user_lastmark = $user->data['user_lastmark'];
    		}
    
    		foreach ($topic_ids as $topic_id)
    		{
    			$topic_id36 = base_convert($topic_id, 10, 36);
    
    			if (isset($tracking_topics['t'][$topic_id36]))
    			{
    				$last_read[$topic_id] = base_convert($tracking_topics['t'][$topic_id36], 36, 10) + $config['board_startdate'];
    			}
    		}
    
    		$topic_ids = array_diff($topic_ids, array_keys($last_read));
    
    		if (sizeof($topic_ids))
    		{
    			$mark_time = array();
    			if ($global_announce_list && sizeof($global_announce_list))
    			{
    				if (isset($tracking_topics['f'][0]))
    				{
    					$mark_time[0] = base_convert($tracking_topics['f'][0], 36, 10) + $config['board_startdate'];
    				}
    			}
    
    			if (isset($tracking_topics['f'][$forum_id]))
    			{
    				$mark_time[$forum_id] = base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'];
    			}
    
    			$user_lastmark = (isset($mark_time[$forum_id])) ? $mark_time[$forum_id] : $user_lastmark;
    
    			foreach ($topic_ids as $topic_id)
    			{
    				if ($global_announce_list && isset($global_announce_list[$topic_id]))
    				{
    					$last_read[$topic_id] = (isset($mark_time[0])) ? $mark_time[0] : $user_lastmark;
    				}
    				else
    				{
    					$last_read[$topic_id] = $user_lastmark;
    				}
    			}
    		}
    	}
    
    	return $last_read;
    }
    
    /**
    * Get list of unread topics
    *
    * @param int $user_id			User ID (or false for current user)
    * @param string $sql_extra		Extra WHERE SQL statement
    * @param string $sql_sort		ORDER BY SQL sorting statement
    * @param string $sql_limit		Limits the size of unread topics list, 0 for unlimited query
    * @param string $sql_limit_offset  Sets the offset of the first row to search, 0 to search from the start
    *
    * @return array[int][int]		Topic ids as keys, mark_time of topic as value
    */
    function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001, $sql_limit_offset = 0)
    {
    	global $config, $db, $user;
    
    	$user_id = ($user_id === false) ? (int) $user->data['user_id'] : (int) $user_id;
    
    	// Data array we're going to return
    	$unread_topics = array();
    
    	if (empty($sql_sort))
    	{
    		$sql_sort = 'ORDER BY t.topic_last_post_time DESC';
    	}
    
    	if ($config['load_db_lastread'] && $user->data['is_registered'])
    	{
    		// Get list of the unread topics
    		$last_mark = (int) $user->data['user_lastmark'];
    
    		$sql_array = array(
    			'SELECT'		=> 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time',
    
    			'FROM'			=> array(TOPICS_TABLE => 't'),
    
    			'LEFT_JOIN'		=> array(
    				array(
    					'FROM'	=> array(TOPICS_TRACK_TABLE => 'tt'),
    					'ON'	=> "tt.user_id = $user_id AND t.topic_id = tt.topic_id",
    				),
    				array(
    					'FROM'	=> array(FORUMS_TRACK_TABLE => 'ft'),
    					'ON'	=> "ft.user_id = $user_id AND t.forum_id = ft.forum_id",
    				),
    			),
    
    			'WHERE'			=> "
    				 t.topic_last_post_time > $last_mark AND
    				(
    				(tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR
    				(tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR
    				(tt.mark_time IS NULL AND ft.mark_time IS NULL)
    				)
    				$sql_extra
    				$sql_sort",
    		);
    
    		$sql = $db->sql_build_query('SELECT', $sql_array);
    		$result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$topic_id = (int) $row['topic_id'];
    			$unread_topics[$topic_id] = ($row['topic_mark_time']) ? (int) $row['topic_mark_time'] : (($row['forum_mark_time']) ? (int) $row['forum_mark_time'] : $last_mark);
    		}
    		$db->sql_freeresult($result);
    	}
    	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    	{
    		global $tracking_topics;
    
    		if (empty($tracking_topics))
    		{
    			$tracking_topics = request_var($config['cookie_name'] . '_track', '', false, true);
    			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    		}
    
    		if (!$user->data['is_registered'])
    		{
    			$user_lastmark = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0;
    		}
    		else
    		{
    			$user_lastmark = (int) $user->data['user_lastmark'];
    		}
    
    		$sql = 'SELECT t.topic_id, t.forum_id, t.topic_last_post_time
    			FROM ' . TOPICS_TABLE . ' t
    			WHERE t.topic_last_post_time > ' . $user_lastmark . "
    			$sql_extra
    			$sql_sort";
    		$result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$forum_id = (int) $row['forum_id'];
    			$topic_id = (int) $row['topic_id'];
    			$topic_id36 = base_convert($topic_id, 10, 36);
    
    			if (isset($tracking_topics['t'][$topic_id36]))
    			{
    				$last_read = base_convert($tracking_topics['t'][$topic_id36], 36, 10) + $config['board_startdate'];
    
    				if ($row['topic_last_post_time'] > $last_read)
    				{
    					$unread_topics[$topic_id] = $last_read;
    				}
    			}
    			else if (isset($tracking_topics['f'][$forum_id]))
    			{
    				$mark_time = base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'];
    
    				if ($row['topic_last_post_time'] > $mark_time)
    				{
    					$unread_topics[$topic_id] = $mark_time;
    				}
    			}
    			else
    			{
    				$unread_topics[$topic_id] = $user_lastmark;
    			}
    		}
    		$db->sql_freeresult($result);
    	}
    
    	return $unread_topics;
    }
    
    /**
    * Check for read forums and update topic tracking info accordingly
    *
    * @param int $forum_id the forum id to check
    * @param int $forum_last_post_time the forums last post time
    * @param int $f_mark_time the forums last mark time if user is registered and load_db_lastread enabled
    * @param int $mark_time_forum false if the mark time needs to be obtained, else the last users forum mark time
    *
    * @return true if complete forum got marked read, else false.
    */
    function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)
    {
    	global $db, $tracking_topics, $user, $config;
    
    	// Determine the users last forum mark time if not given.
    	if ($mark_time_forum === false)
    	{
    		if ($config['load_db_lastread'] && $user->data['is_registered'])
    		{
    			$mark_time_forum = (!empty($f_mark_time)) ? $f_mark_time : $user->data['user_lastmark'];
    		}
    		else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    		{
    			$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
    			$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
    
    			if (!$user->data['is_registered'])
    			{
    				$user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0;
    			}
    
    			$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark'];
    		}
    	}
    
    	// Check the forum for any left unread topics.
    	// If there are none, we mark the forum as read.
    	if ($config['load_db_lastread'] && $user->data['is_registered'])
    	{
    		if ($mark_time_forum >= $forum_last_post_time)
    		{
    			// We do not need to mark read, this happened before. Therefore setting this to true
    			$row = true;
    		}
    		else
    		{
    			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
    				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
    				WHERE t.forum_id = ' . $forum_id . '
    					AND t.topic_last_post_time > ' . $mark_time_forum . '
    					AND t.topic_moved_id = 0
    					AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)
    				GROUP BY t.forum_id';
    			$result = $db->sql_query_limit($sql, 1);
    			$row = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    	}
    	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
    	{
    		// Get information from cookie
    		$row = false;
    
    		if (!isset($tracking_topics['tf'][$forum_id]))
    		{
    			// We do not need to mark read, this happened before. Therefore setting this to true
    			$row = true;
    		}
    		else
    		{
    			$sql = 'SELECT topic_id
    				FROM ' . TOPICS_TABLE . '
    				WHERE forum_id = ' . $forum_id . '
    					AND topic_last_post_time > ' . $mark_time_forum . '
    					AND topic_moved_id = 0';
    			$result = $db->sql_query($sql);
    
    			$check_forum = $tracking_topics['tf'][$forum_id];
    			$unread = false;
    
    			while ($row = $db->sql_fetchrow($result))
    			{
    				if (!isset($check_forum[base_convert($row['topic_id'], 10, 36)]))
    				{
    					$unread = true;
    					break;
    				}
    			}
    			$db->sql_freeresult($result);
    
    			$row = $unread;
    		}
    	}
    	else
    	{
    		$row = true;
    	}
    
    	if (!$row)
    	{
    		markread('topics', $forum_id);
    		return true;
    	}
    
    	return false;
    }
    
    /**
    * Transform an array into a serialized format
    */
    function tracking_serialize($input)
    {
    	$out = '';
    	foreach ($input as $key => $value)
    	{
    		if (is_array($value))
    		{
    			$out .= $key . ':(' . tracking_serialize($value) . ');';
    		}
    		else
    		{
    			$out .= $key . ':' . $value . ';';
    		}
    	}
    	return $out;
    }
    
    /**
    * Transform a serialized array into an actual array
    */
    function tracking_unserialize($string, $max_depth = 3)
    {
    	$n = strlen($string);
    	if ($n > 10010)
    	{
    		die('Invalid data supplied');
    	}
    	$data = $stack = array();
    	$key = '';
    	$mode = 0;
    	$level = &$data;
    	for ($i = 0; $i < $n; ++$i)
    	{
    		switch ($mode)
    		{
    			case 0:
    				switch ($string[$i])
    				{
    					case ':':
    						$level[$key] = 0;
    						$mode = 1;
    					break;
    					case ')':
    						unset($level);
    						$level = array_pop($stack);
    						$mode = 3;
    					break;
    					default:
    						$key .= $string[$i];
    				}
    			break;
    
    			case 1:
    				switch ($string[$i])
    				{
    					case '(':
    						if (sizeof($stack) >= $max_depth)
    						{
    							die('Invalid data supplied');
    						}
    						$stack[] = &$level;
    						$level[$key] = array();
    						$level = &$level[$key];
    						$key = '';
    						$mode = 0;
    					break;
    					default:
    						$level[$key] = $string[$i];
    						$mode = 2;
    					break;
    				}
    			break;
    
    			case 2:
    				switch ($string[$i])
    				{
    					case ')':
    						unset($level);
    						$level = array_pop($stack);
    						$mode = 3;
    					break;
    					case ';':
    						$key = '';
    						$mode = 0;
    					break;
    					default:
    						$level[$key] .= $string[$i];
    					break;
    				}
    			break;
    
    			case 3:
    				switch ($string[$i])
    				{
    					case ')':
    						unset($level);
    						$level = array_pop($stack);
    					break;
    					case ';':
    						$key = '';
    						$mode = 0;
    					break;
    					default:
    						die('Invalid data supplied');
    					break;
    				}
    			break;
    		}
    	}
    
    	if (sizeof($stack) != 0 || ($mode != 0 && $mode != 3))
    	{
    		die('Invalid data supplied');
    	}
    
    	return $level;
    }
    
    // Pagination functions
    
    /**
    * Pagination routine, generates page number sequence
    * tpl_prefix is for using different pagination blocks at one page
    */
    function generate_pagination($base_url, $num_items, $per_page, $start_item, $add_prevnext_text = false, $tpl_prefix = '')
    {
    	global $template, $user;
    
    	// Make sure $per_page is a valid value
    	$per_page = ($per_page <= 0) ? 1 : $per_page;
    
    	$seperator = '<span class="page-sep">' . $user->lang['COMMA_SEPARATOR'] . '</span>';
    	$total_pages = ceil($num_items / $per_page);
    
    	if ($total_pages == 1 || !$num_items)
    	{
    		return false;
    	}
    
    	$on_page = floor($start_item / $per_page) + 1;
    	$url_delim = (strpos($base_url, '?') === false) ? '?' : ((strpos($base_url, '?') === strlen($base_url) - 1) ? '' : '&amp;');
    
    	$page_string = ($on_page == 1) ? '<strong>1</strong>' : '<a href="' . $base_url . '">1</a>';
    
    	if ($total_pages > 5)
    	{
    		$start_cnt = min(max(1, $on_page - 4), $total_pages - 5);
    		$end_cnt = max(min($total_pages, $on_page + 4), 6);
    
    		$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator;
    
    		for ($i = $start_cnt + 1; $i < $end_cnt; $i++)
    		{
    			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';
    			if ($i < $end_cnt - 1)
    			{
    				$page_string .= $seperator;
    			}
    		}
    
    		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator;
    	}
    	else
    	{
    		$page_string .= $seperator;
    
    		for ($i = 2; $i < $total_pages; $i++)
    		{
    			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';
    			if ($i < $total_pages)
    			{
    				$page_string .= $seperator;
    			}
    		}
    	}
    
    	$page_string .= ($on_page == $total_pages) ? '<strong>' . $total_pages . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($total_pages - 1) * $per_page) . '">' . $total_pages . '</a>';
    
    	if ($add_prevnext_text)
    	{
    		if ($on_page != 1)
    		{
    			$page_string = '<a href="' . $base_url . "{$url_delim}start=" . (($on_page - 2) * $per_page) . '">' . $user->lang['PREVIOUS'] . '</a>&nbsp;&nbsp;' . $page_string;
    		}
    
    		if ($on_page != $total_pages)
    		{
    			$page_string .= '&nbsp;&nbsp;<a href="' . $base_url . "{$url_delim}start=" . ($on_page * $per_page) . '">' . $user->lang['NEXT'] . '</a>';
    		}
    	}
    
    	$template->assign_vars(array(
    		$tpl_prefix . 'BASE_URL'		=> $base_url,
    		'A_' . $tpl_prefix . 'BASE_URL'	=> addslashes($base_url),
    		$tpl_prefix . 'PER_PAGE'		=> $per_page,
    
    		$tpl_prefix . 'PREVIOUS_PAGE'	=> ($on_page == 1) ? '' : $base_url . "{$url_delim}start=" . (($on_page - 2) * $per_page),
    		$tpl_prefix . 'NEXT_PAGE'		=> ($on_page == $total_pages) ? '' : $base_url . "{$url_delim}start=" . ($on_page * $per_page),
    		$tpl_prefix . 'TOTAL_PAGES'		=> $total_pages,
    	));
    
    	return $page_string;
    }
    
    /**
    * Return current page (pagination)
    */
    function on_page($num_items, $per_page, $start)
    {
    	global $template, $user;
    
    	// Make sure $per_page is a valid value
    	$per_page = ($per_page <= 0) ? 1 : $per_page;
    
    	$on_page = floor($start / $per_page) + 1;
    
    	$template->assign_vars(array(
    		'ON_PAGE'		=> $on_page)
    	);
    
    	return sprintf($user->lang['PAGE_OF'], $on_page, max(ceil($num_items / $per_page), 1));
    }
    
    // Server functions (building urls, redirecting...)
    
    /**
    * Append session id to url.
    * This function supports hooks.
    *
    * @param string $url The url the session id needs to be appended to (can have params)
    * @param mixed $params String or array of additional url parameters
    * @param bool $is_amp Is url using &amp; (true) or & (false)
    * @param string $session_id Possibility to use a custom session id instead of the global one
    *
    * Examples:
    * <code>
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1&amp;f=2");
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&amp;f=2');
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2', false);
    * append_sid("{$phpbb_root_path}viewtopic.$phpEx", array('t' => 1, 'f' => 2));
    * </code>
    *
    */
    function append_sid($url, $params = false, $is_amp = true, $session_id = false)
    {
    	global $_SID, $_EXTRA_URL, $phpbb_hook;
    
    	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately.
    	// They could mimic most of what is within this function
    	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id))
    	{
    		if ($phpbb_hook->hook_return(__FUNCTION__))
    		{
    			return $phpbb_hook->hook_return_result(__FUNCTION__);
    		}
    	}
    
    	$params_is_array = is_array($params);
    
    	// Get anchor
    	$anchor = '';
    	if (strpos($url, '#') !== false)
    	{
    		list($url, $anchor) = explode('#', $url, 2);
    		$anchor = '#' . $anchor;
    	}
    	else if (!$params_is_array && strpos($params, '#') !== false)
    	{
    		list($params, $anchor) = explode('#', $params, 2);
    		$anchor = '#' . $anchor;
    	}
    
    	// Handle really simple cases quickly
    	if ($_SID == '' && $session_id === false && empty($_EXTRA_URL) && !$params_is_array && !$anchor)
    	{
    		if ($params === false)
    		{
    			return $url;
    		}
    
    		$url_delim = (strpos($url, '?') === false) ? '?' : (($is_amp) ? '&amp;' : '&');
    		return $url . ($params !== false ? $url_delim. $params : '');
    	}
    
    	// Assign sid if session id is not specified
    	if ($session_id === false)
    	{
    		$session_id = $_SID;
    	}
    
    	$amp_delim = ($is_amp) ? '&amp;' : '&';
    	$url_delim = (strpos($url, '?') === false) ? '?' : $amp_delim;
    
    	// Appending custom url parameter?
    	$append_url = (!empty($_EXTRA_URL)) ? implode($amp_delim, $_EXTRA_URL) : '';
    
    	// Use the short variant if possible ;)
    	if ($params === false)
    	{
    		// Append session id
    		if (!$session_id)
    		{
    			return $url . (($append_url) ? $url_delim . $append_url : '') . $anchor;
    		}
    		else
    		{
    			return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . 'sid=' . $session_id . $anchor;
    		}
    	}
    
    	// Build string if parameters are specified as array
    	if (is_array($params))
    	{
    		$output = array();
    
    		foreach ($params as $key => $item)
    		{
    			if ($item === NULL)
    			{
    				continue;
    			}
    
    			if ($key == '#')
    			{
    				$anchor = '#' . $item;
    				continue;
    			}
    
    			$output[] = $key . '=' . $item;
    		}
    
    		$params = implode($amp_delim, $output);
    	}
    
    	// Append session id and parameters (even if they are empty)
    	// If parameters are empty, the developer can still append his/her parameters without caring about the delimiter
    	return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . $params . ((!$session_id) ? '' : $amp_delim . 'sid=' . $session_id) . $anchor;
    }
    
    /**
    * Generate board url (example: http://www.example.com/phpBB)
    *
    * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
    *
    * @return string the generated board url
    */
    function generate_board_url($without_script_path = false)
    {
    	global $config, $user;
    
    	$server_name = $user->host;
    	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
    
    	// Forcing server vars is the only way to specify/override the protocol
    	if ($config['force_server_vars'] || !$server_name)
    	{
    		$server_protocol = ($config['server_protocol']) ? $config['server_protocol'] : (($config['cookie_secure']) ? 'https://' : 'http://');
    		$server_name = $config['server_name'];
    		$server_port = (int) $config['server_port'];
    		$script_path = $config['script_path'];
    
    		$url = $server_protocol . $server_name;
    		$cookie_secure = $config['cookie_secure'];
    	}
    	else
    	{
    		// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
    		$cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
    		$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
    
    		$script_path = $user->page['root_script_path'];
    	}
    
    	if ($server_port && (($cookie_secure && $server_port <> 443) || (!$cookie_secure && $server_port <> 80)))
    	{
    		// HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true)
    		if (strpos($server_name, ':') === false)
    		{
    			$url .= ':' . $server_port;
    		}
    	}
    
    	if (!$without_script_path)
    	{
    		$url .= $script_path;
    	}
    
    	// Strip / from the end
    	if (substr($url, -1, 1) == '/')
    	{
    		$url = substr($url, 0, -1);
    	}
    
    	return $url;
    }
    
    /**
    * Redirects the user to another page then exits the script nicely
    * This function is intended for urls within the board. It's not meant to redirect to cross-domains.
    *
    * @param string $url The url to redirect to
    * @param bool $return If true, do not redirect but return the sanitized URL. Default is no return.
    * @param bool $disable_cd_check If true, redirect() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
    */
    function redirect($url, $return = false, $disable_cd_check = false)
    {
    	global $db, $cache, $config, $user, $phpbb_root_path;
    
    	$failover_flag = false;
    
    	if (empty($user->lang))
    	{
    		$user->add_lang('common');
    	}
    
    	if (!$return)
    	{
    		garbage_collection();
    	}
    
    	// Make sure no &amp;'s are in, this will break the redirect
    	$url = str_replace('&amp;', '&', $url);
    
    	// Determine which type of redirect we need to handle...
    	$url_parts = @parse_url($url);
    
    	if ($url_parts === false)
    	{
    		// Malformed url, redirect to current page...
    		$url = generate_board_url() . '/' . $user->page['page'];
    	}
    	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
    	{
    		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
    		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
    		{
    			$url = generate_board_url();
    		}
    	}
    	else if ($url[0] == '/')
    	{
    		// Absolute uri, prepend direct url...
    		$url = generate_board_url(true) . $url;
    	}
    	else
    	{
    		// Relative uri
    		$pathinfo = pathinfo($url);
    
    		if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))
    		{
    			$url = str_replace('../', '', $url);
    			$pathinfo = pathinfo($url);
    
    			if (!file_exists($pathinfo['dirname'] . '/'))
    			{
    				// fallback to "last known user page"
    				// at least this way we know the user does not leave the phpBB root
    				$url = generate_board_url() . '/' . $user->page['page'];
    				$failover_flag = true;
    			}
    		}
    
    		if (!$failover_flag)
    		{
    			// Is the uri pointing to the current directory?
    			if ($pathinfo['dirname'] == '.')
    			{
    				$url = str_replace('./', '', $url);
    
    				// Strip / from the beginning
    				if ($url && substr($url, 0, 1) == '/')
    				{
    					$url = substr($url, 1);
    				}
    
    				if ($user->page['page_dir'])
    				{
    					$url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url;
    				}
    				else
    				{
    					$url = generate_board_url() . '/' . $url;
    				}
    			}
    			else
    			{
    				// Used ./ before, but $phpbb_root_path is working better with urls within another root path
    				$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path)));
    				$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname'])));
    				$intersection = array_intersect_assoc($root_dirs, $page_dirs);
    
    				$root_dirs = array_diff_assoc($root_dirs, $intersection);
    				$page_dirs = array_diff_assoc($page_dirs, $intersection);
    
    				$dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
    
    				// Strip / from the end
    				if ($dir && substr($dir, -1, 1) == '/')
    				{
    					$dir = substr($dir, 0, -1);
    				}
    
    				// Strip / from the beginning
    				if ($dir && substr($dir, 0, 1) == '/')
    				{
    					$dir = substr($dir, 1);
    				}
    
    				$url = str_replace($pathinfo['dirname'] . '/', '', $url);
    
    				// Strip / from the beginning
    				if (substr($url, 0, 1) == '/')
    				{
    					$url = substr($url, 1);
    				}
    
    				$url = (!empty($dir) ? $dir . '/' : '') . $url;
    				$url = generate_board_url() . '/' . $url;
    			}
    		}
    	}
    
    	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
    	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
    	{
    		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
    	}
    
    	// Now, also check the protocol and for a valid url the last time...
    	$allowed_protocols = array('http', 'https', 'ftp', 'ftps');
    	$url_parts = parse_url($url);
    
    	if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
    	{
    		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
    	}
    
    	if ($return)
    	{
    		return $url;
    	}
    
    	// Redirect via an HTML form for PITA webservers
    	if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
    	{
    		header('Refresh: 0; URL=' . $url);
    
    		echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
    		echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '" xml:lang="' . $user->lang['USER_LANG'] . '">';
    		echo '<head>';
    		echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
    		echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
    		echo '<title>' . $user->lang['REDIRECT'] . '</title>';
    		echo '</head>';
    		echo '<body>';
    		echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&amp;', $url) . '">', '</a>') . '</div>';
    		echo '</body>';
    		echo '</html>';
    
    		exit;
    	}
    
    	// Behave as per HTTP/1.1 spec for others
    	header('Location: ' . $url);
    	exit;
    }
    
    /**
    * Re-Apply session id after page reloads
    */
    function reapply_sid($url)
    {
    	global $phpEx, $phpbb_root_path;
    
    	if ($url === "index.$phpEx")
    	{
    		return append_sid("index.$phpEx");
    	}
    	else if ($url === "{$phpbb_root_path}index.$phpEx")
    	{
    		return append_sid("{$phpbb_root_path}index.$phpEx");
    	}
    
    	// Remove previously added sid
    	if (strpos($url, 'sid=') !== false)
    	{
    		// All kind of links
    		$url = preg_replace('/(\?)?(&amp;|&)?sid=[a-z0-9]+/', '', $url);
    		// if the sid was the first param, make the old second as first ones
    		$url = preg_replace("/$phpEx(&amp;|&)+?/", "$phpEx?", $url);
    	}
    
    	return append_sid($url);
    }
    
    /**
    * Returns url from the session/current page with an re-appended SID with optionally stripping vars from the url
    */
    function build_url($strip_vars = false)
    {
    	global $user, $phpbb_root_path;
    
    	// Append SID
    	$redirect = append_sid($user->page['page'], false, false);
    
    	// Add delimiter if not there...
    	if (strpos($redirect, '?') === false)
    	{
    		$redirect .= '?';
    	}
    
    	// Strip vars...
    	if ($strip_vars !== false && strpos($redirect, '?') !== false)
    	{
    		if (!is_array($strip_vars))
    		{
    			$strip_vars = array($strip_vars);
    		}
    
    		$query = $_query = array();
    
    		$args = substr($redirect, strpos($redirect, '?') + 1);
    		$args = ($args) ? explode('&', $args) : array();
    		$redirect = substr($redirect, 0, strpos($redirect, '?'));
    
    		foreach ($args as $argument)
    		{
    			$arguments = explode('=', $argument);
    			$key = $arguments[0];
    			unset($arguments[0]);
    
    			if ($key === '')
    			{
    				continue;
    			}
    
    			$query[$key] = implode('=', $arguments);
    		}
    
    		// Strip the vars off
    		foreach ($strip_vars as $strip)
    		{
    			if (isset($query[$strip]))
    			{
    				unset($query[$strip]);
    			}
    		}
    
    		// Glue the remaining parts together... already urlencoded
    		foreach ($query as $key => $value)
    		{
    			$_query[] = $key . '=' . $value;
    		}
    		$query = implode('&', $_query);
    
    		$redirect .= ($query) ? '?' . $query : '';
    	}
    
    	// We need to be cautious here.
    	// On some situations, the redirect path is an absolute URL, sometimes a relative path
    	// For a relative path, let's prefix it with $phpbb_root_path to point to the correct location,
    	// else we use the URL directly.
    	$url_parts = @parse_url($redirect);
    
    	// URL
    	if ($url_parts !== false && !empty($url_parts['scheme']) && !empty($url_parts['host']))
    	{
    		return str_replace('&', '&amp;', $redirect);
    	}
    
    	return $phpbb_root_path . str_replace('&', '&amp;', $redirect);
    }
    
    /**
    * Meta refresh assignment
    * Adds META template variable with meta http tag.
    *
    * @param int $time Time in seconds for meta refresh tag
    * @param string $url URL to redirect to. The url will go through redirect() first before the template variable is assigned
    * @param bool $disable_cd_check If true, meta_refresh() will redirect to an external domain. If false, the redirect point to the boards url if it does not match the current domain. Default is false.
    */
    function meta_refresh($time, $url, $disable_cd_check = false)
    {
    	global $template;
    
    	$url = redirect($url, true, $disable_cd_check);
    	$url = str_replace('&', '&amp;', $url);
    
    	// For XHTML compatibility we change back & to &amp;
    	$template->assign_vars(array(
    		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
    	);
    
    	return $url;
    }
    
    /**
    * Outputs correct status line header.
    *
    * Depending on php sapi one of the two following forms is used:
    *
    * Status: 404 Not Found
    *
    * HTTP/1.x 404 Not Found
    *
    * HTTP version is taken from HTTP_VERSION environment variable,
    * and defaults to 1.0.
    *
    * Sample usage:
    *
    * send_status_line(404, 'Not Found');
    *
    * @param int $code HTTP status code
    * @param string $message Message for the status code
    * @return void
    */
    function send_status_line($code, $message)
    {
    	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
    	{
    		// in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though
    		header("Status: $code $message", true, $code);
    	}
    	else
    	{
    		if (!empty($_SERVER['SERVER_PROTOCOL']))
    		{
    			$version = $_SERVER['SERVER_PROTOCOL'];
    		}
    		else if (!empty($_SERVER['HTTP_VERSION']))
    		{
    			// I cannot remember where I got this from.
    			// This code path may never be reachable in reality.
    			$version = $_SERVER['HTTP_VERSION'];
    		}
    		else
    		{
    			$version = 'HTTP/1.0';
    		}
    		header("$version $code $message", true, $code);
    	}
    }
    
    //Form validation
    
    
    /**
    * Add a secret hash   for use in links/GET requests
    * @param string  $link_name The name of the link; has to match the name used in check_link_hash, otherwise no restrictions apply
    * @return string the hash
    
    */
    function generate_link_hash($link_name)
    {
    	global $user;
    
    	if (!isset($user->data["hash_$link_name"]))
    	{
    		$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
    	}
    
    	return $user->data["hash_$link_name"];
    }
    
    
    /**
    * checks a link hash - for GET requests
    * @param string $token the submitted token
    * @param string $link_name The name of the link
    * @return boolean true if all is fine
    */
    function check_link_hash($token, $link_name)
    {
    	return $token === generate_link_hash($link_name);
    }
    
    /**
    * Add a secret token to the form (requires the S_FORM_TOKEN template variable)
    * @param string  $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
    */
    function add_form_key($form_name)
    {
    	global $config, $template, $user;
    
    	$now = time();
    	$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
    	$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
    
    	$s_fields = build_hidden_fields(array(
    		'creation_time' => $now,
    		'form_token'	=> $token,
    	));
    
    	$template->assign_vars(array(
    		'S_FORM_TOKEN'	=> $s_fields,
    	));
    }
    
    /**
    * Check the form key. Required for all altering actions not secured by confirm_box
    * @param string  $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply
    * @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
    * @param string $return_page The address for the return link
    * @param bool $trigger If true, the function will triger an error when encountering an invalid form
    */
    function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false)
    {
    	global $config, $user;
    
    	if ($timespan === false)
    	{
    		// we enforce a minimum value of half a minute here.
    		$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
    	}
    
    	if (isset($_POST['creation_time']) && isset($_POST['form_token']))
    	{
    		$creation_time	= abs(request_var('creation_time', 0));
    		$token = request_var('form_token', '');
    
    		$diff = time() - $creation_time;
    
    		// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
    		if ($diff && ($diff <= $timespan || $timespan === -1))
    		{
    			$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
    			$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
    
    			if ($key === $token)
    			{
    				return true;
    			}
    		}
    	}
    
    	if ($trigger)
    	{
    		trigger_error($user->lang['FORM_INVALID'] . $return_page);
    	}
    
    	return false;
    }
    
    // Message/Login boxes
    
    /**
    * Build Confirm box
    * @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box
    * @param string $title Title/Message used for confirm box.
    *		message text is _CONFIRM appended to title.
    *		If title cannot be found in user->lang a default one is displayed
    *		If title_CONFIRM cannot be found in user->lang the text given is used.
    * @param string $hidden Hidden variables
    * @param string $html_body Template used for confirm box
    * @param string $u_action Custom form action
    */
    function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
    {
    	global $user, $template, $db;
    	global $phpEx, $phpbb_root_path;
    
    	if (isset($_POST['cancel']))
    	{
    		return false;
    	}
    
    	$confirm = false;
    	if (isset($_POST['confirm']))
    	{
    		// language frontier
    		if ($_POST['confirm'] === $user->lang['YES'])
    		{
    			$confirm = true;
    		}
    	}
    
    	if ($check && $confirm)
    	{
    		$user_id = request_var('confirm_uid', 0);
    		$session_id = request_var('sess', '');
    		$confirm_key = request_var('confirm_key', '');
    
    		if ($user_id != $user->data['user_id'] || $session_id != $user->session_id || !$confirm_key || !$user->data['user_last_confirm_key'] || $confirm_key != $user->data['user_last_confirm_key'])
    		{
    			return false;
    		}
    
    		// Reset user_last_confirm_key
    		$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = ''
    			WHERE user_id = " . $user->data['user_id'];
    		$db->sql_query($sql);
    
    		return true;
    	}
    	else if ($check)
    	{
    		return false;
    	}
    
    	$s_hidden_fields = build_hidden_fields(array(
    		'confirm_uid'	=> $user->data['user_id'],
    		'sess'			=> $user->session_id,
    		'sid'			=> $user->session_id,
    	));
    
    	// generate activation key
    	$confirm_key = gen_rand_string(10);
    
    	if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    	{
    		adm_page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);
    	}
    	else
    	{
    		page_header(((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]), false);
    	}
    
    	$template->set_filenames(array(
    		'body' => $html_body)
    	);
    
    	// If activation key already exist, we better do not re-use the key (something very strange is going on...)
    	if (request_var('confirm_key', ''))
    	{
    		// This should not occur, therefore we cancel the operation to safe the user
    		return false;
    	}
    
    	// re-add sid / transform & to &amp; for user->page (user->page is always using &)
    	$use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&amp;', $user->page['page']);
    	$u_action = reapply_sid($use_page);
    	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;
    
    	$template->assign_vars(array(
    		'MESSAGE_TITLE'		=> (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title],
    		'MESSAGE_TEXT'		=> (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'],
    
    		'YES_VALUE'			=> $user->lang['YES'],
    		'S_CONFIRM_ACTION'	=> $u_action,
    		'S_HIDDEN_FIELDS'	=> $hidden . $s_hidden_fields)
    	);
    
    	$sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "'
    		WHERE user_id = " . $user->data['user_id'];
    	$db->sql_query($sql);
    
    	if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    	{
    		adm_page_footer();
    	}
    	else
    	{
    		page_footer();
    	}
    }
    
    /**
    * Generate login box or verify password
    */
    function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
    {
    	global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
    
    	if (!class_exists('phpbb_captcha_factory'))
    	{
    		include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
    	}
    
    	$err = '';
    
    	// Make sure user->setup() has been called
    	if (empty($user->lang))
    	{
    		$user->setup();
    	}
    
    	// Print out error if user tries to authenticate as an administrator without having the privileges...
    	if ($admin && !$auth->acl_get('a_'))
    	{
    		// Not authd
    		// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
    		if ($user->data['is_registered'])
    		{
    			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    		}
    		trigger_error('NO_AUTH_ADMIN');
    	}
    
    	if (isset($_POST['login']))
    	{
    		// Get credential
    		if ($admin)
    		{
    			$credential = request_var('credential', '');
    
    			if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32)
    			{
    				if ($user->data['is_registered'])
    				{
    					add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    				}
    				trigger_error('NO_AUTH_ADMIN');
    			}
    
    			$password	= request_var('password_' . $credential, '', true);
    		}
    		else
    		{
    			$password	= request_var('password', '', true);
    		}
    
    		$username	= request_var('username', '', true);
    		$autologin	= (!empty($_POST['autologin'])) ? true : false;
    		$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
    		$admin 		= ($admin) ? 1 : 0;
    		$viewonline = ($admin) ? $user->data['session_viewonline'] : $viewonline;
    
    		// Check if the supplied username is equal to the one stored within the database if re-authenticating
    		if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username']))
    		{
    			// We log the attempt to use a different username...
    			add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
    		}
    
    		// If authentication is successful we redirect user to previous page
    		$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
    
    		// If admin authentication and login, we will log if it was a success or not...
    		// We also break the operation on the first non-success login - it could be argued that the user already knows
    		if ($admin)
    		{
    			if ($result['status'] == LOGIN_SUCCESS)
    			{
    				add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
    			}
    			else
    			{
    				// Only log the failed attempt if a real user tried to.
    				// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
    				if ($user->data['is_registered'])
    				{
    					add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
    				}
    			}
    		}
    
    		// The result parameter is always an array, holding the relevant information...
    		if ($result['status'] == LOGIN_SUCCESS)
    		{
    			$redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx");
    			$message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT'];
    			$l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "{$phpbb_root_path}index.$phpEx" || $redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
    
    			// append/replace SID (may change during the session for AOL users)
    			$redirect = reapply_sid($redirect);
    
    			// Special case... the user is effectively banned, but we allow founders to login
    			if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER)
    			{
    				return;
    			}
    
    			$redirect = meta_refresh(3, $redirect);
    			trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
    		}
    
    		// Something failed, determine what...
    		if ($result['status'] == LOGIN_BREAK)
    		{
    			trigger_error($result['error_msg']);
    		}
    
    		// Special cases... determine
    		switch ($result['status'])
    		{
    			case LOGIN_ERROR_ATTEMPTS:
    
    				$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
    				$captcha->init(CONFIRM_LOGIN);
    				// $captcha->reset();
    
    				$template->assign_vars(array(
    					'CAPTCHA_TEMPLATE'			=> $captcha->get_template(),
    				));
    
    				$err = $user->lang[$result['error_msg']];
    			break;
    
    			case LOGIN_ERROR_PASSWORD_CONVERT:
    				$err = sprintf(
    					$user->lang[$result['error_msg']],
    					($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
    					($config['email_enable']) ? '</a>' : '',
    					($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
    					($config['board_contact']) ? '</a>' : ''
    				);
    			break;
    
    			// Username, password, etc...
    			default:
    				$err = $user->lang[$result['error_msg']];
    
    				// Assign admin contact to some error messages
    				if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
    				{
    					$err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
    				}
    
    			break;
    		}
    	}
    
    	// Assign credential for username/password pair
    	$credential = ($admin) ? md5(unique_id()) : false;
    
    	$s_hidden_fields = array(
    		'sid'		=> $user->session_id,
    	);
    
    	if ($redirect)
    	{
    		$s_hidden_fields['redirect'] = $redirect;
    	}
    
    	if ($admin)
    	{
    		$s_hidden_fields['credential'] = $credential;
    	}
    
    	$s_hidden_fields = build_hidden_fields($s_hidden_fields);
    
    	$template->assign_vars(array(
    		'LOGIN_ERROR'		=> $err,
    		'LOGIN_EXPLAIN'		=> $l_explain,
    
    		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '',
    		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
    		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
    		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
    
    		'S_DISPLAY_FULL_LOGIN'	=> ($s_display) ? true : false,
    		'S_HIDDEN_FIELDS' 		=> $s_hidden_fields,
    
    		'S_ADMIN_AUTH'			=> $admin,
    		'USERNAME'				=> ($admin) ? $user->data['username'] : '',
    
    		'USERNAME_CREDENTIAL'	=> 'username',
    		'PASSWORD_CREDENTIAL'	=> ($admin) ? 'password_' . $credential : 'password',
    	));
    
    	page_header($user->lang['LOGIN'], false);
    
    	$template->set_filenames(array(
    		'body' => 'login_body.html')
    	);
    	make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
    
    	page_footer();
    }
    
    /**
    * Generate forum login box
    */
    function login_forum_box($forum_data)
    {
    	global $db, $config, $user, $template, $phpEx;
    
    	$password = request_var('password', '', true);
    
    	$sql = 'SELECT forum_id
    		FROM ' . FORUMS_ACCESS_TABLE . '
    		WHERE forum_id = ' . $forum_data['forum_id'] . '
    			AND user_id = ' . $user->data['user_id'] . "
    			AND session_id = '" . $db->sql_escape($user->session_id) . "'";
    	$result = $db->sql_query($sql);
    	$row = $db->sql_fetchrow($result);
    	$db->sql_freeresult($result);
    
    	if ($row)
    	{
    		return true;
    	}
    
    	if ($password)
    	{
    		// Remove expired authorised sessions
    		$sql = 'SELECT f.session_id
    			FROM ' . FORUMS_ACCESS_TABLE . ' f
    			LEFT JOIN ' . SESSIONS_TABLE . ' s ON (f.session_id = s.session_id)
    			WHERE s.session_id IS NULL';
    		$result = $db->sql_query($sql);
    
    		if ($row = $db->sql_fetchrow($result))
    		{
    			$sql_in = array();
    			do
    			{
    				$sql_in[] = (string) $row['session_id'];
    			}
    			while ($row = $db->sql_fetchrow($result));
    
    			// Remove expired sessions
    			$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
    				WHERE ' . $db->sql_in_set('session_id', $sql_in);
    			$db->sql_query($sql);
    		}
    		$db->sql_freeresult($result);
    
    		if (phpbb_check_hash($password, $forum_data['forum_password']))
    		{
    			$sql_ary = array(
    				'forum_id'		=> (int) $forum_data['forum_id'],
    				'user_id'		=> (int) $user->data['user_id'],
    				'session_id'	=> (string) $user->session_id,
    			);
    
    			$db->sql_query('INSERT INTO ' . FORUMS_ACCESS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    			return true;
    		}
    
    		$template->assign_var('LOGIN_ERROR', $user->lang['WRONG_PASSWORD']);
    	}
    
    	page_header($user->lang['LOGIN'], false);
    
    	$template->assign_vars(array(
    		'S_LOGIN_ACTION'		=> build_url(array('f')),
    		'S_HIDDEN_FIELDS'		=> build_hidden_fields(array('f' => $forum_data['forum_id'])))
    	);
    
    	$template->set_filenames(array(
    		'body' => 'login_forum.html')
    	);
    
    	page_footer();
    }
    
    // Little helpers
    
    /**
    * Little helper for the build_hidden_fields function
    */
    function _build_hidden_fields($key, $value, $specialchar, $stripslashes)
    {
    	$hidden_fields = '';
    
    	if (!is_array($value))
    	{
    		$value = ($stripslashes) ? stripslashes($value) : $value;
    		$value = ($specialchar) ? htmlspecialchars($value, ENT_COMPAT, 'UTF-8') : $value;
    
    		$hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n";
    	}
    	else
    	{
    		foreach ($value as $_key => $_value)
    		{
    			$_key = ($stripslashes) ? stripslashes($_key) : $_key;
    			$_key = ($specialchar) ? htmlspecialchars($_key, ENT_COMPAT, 'UTF-8') : $_key;
    
    			$hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar, $stripslashes);
    		}
    	}
    
    	return $hidden_fields;
    }
    
    /**
    * Build simple hidden fields from array
    *
    * @param array $field_ary an array of values to build the hidden field from
    * @param bool $specialchar if true, keys and values get specialchared
    * @param bool $stripslashes if true, keys and values get stripslashed
    *
    * @return string the hidden fields
    */
    function build_hidden_fields($field_ary, $specialchar = false, $stripslashes = false)
    {
    	$s_hidden_fields = '';
    
    	foreach ($field_ary as $name => $vars)
    	{
    		$name = ($stripslashes) ? stripslashes($name) : $name;
    		$name = ($specialchar) ? htmlspecialchars($name, ENT_COMPAT, 'UTF-8') : $name;
    
    		$s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar, $stripslashes);
    	}
    
    	return $s_hidden_fields;
    }
    
    /**
    * Parse cfg file
    */
    function parse_cfg_file($filename, $lines = false)
    {
    	$parsed_items = array();
    
    	if ($lines === false)
    	{
    		$lines = file($filename);
    	}
    
    	foreach ($lines as $line)
    	{
    		$line = trim($line);
    
    		if (!$line || $line[0] == '#' || ($delim_pos = strpos($line, '=')) === false)
    		{
    			continue;
    		}
    
    		// Determine first occurrence, since in values the equal sign is allowed
    		$key = strtolower(trim(substr($line, 0, $delim_pos)));
    		$value = trim(substr($line, $delim_pos + 1));
    
    		if (in_array($value, array('off', 'false', '0')))
    		{
    			$value = false;
    		}
    		else if (in_array($value, array('on', 'true', '1')))
    		{
    			$value = true;
    		}
    		else if (!trim($value))
    		{
    			$value = '';
    		}
    		else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))
    		{
    			$value = substr($value, 1, sizeof($value)-2);
    		}
    
    		$parsed_items[$key] = $value;
    	}
    
    	return $parsed_items;
    }
    
    /**
    * Add log event
    */
    function add_log()
    {
    	global $db, $user;
    
    	// In phpBB 3.1.x i want to have logging in a class to be able to control it
    	// For now, we need a quite hakish approach to circumvent logging for some actions
    	// @todo implement cleanly
    	if (!empty($GLOBALS['skip_add_log']))
    	{
    		return false;
    	}
    
    	$args = func_get_args();
    
    	$mode			= array_shift($args);
    	$reportee_id	= ($mode == 'user') ? intval(array_shift($args)) : '';
    	$forum_id		= ($mode == 'mod') ? intval(array_shift($args)) : '';
    	$topic_id		= ($mode == 'mod') ? intval(array_shift($args)) : '';
    	$action			= array_shift($args);
    	$data			= (!sizeof($args)) ? '' : serialize($args);
    
    	$sql_ary = array(
    		'user_id'		=> (empty($user->data)) ? ANONYMOUS : $user->data['user_id'],
    		'log_ip'		=> $user->ip,
    		'log_time'		=> time(),
    		'log_operation'	=> $action,
    		'log_data'		=> $data,
    	);
    
    	switch ($mode)
    	{
    		case 'admin':
    			$sql_ary['log_type'] = LOG_ADMIN;
    		break;
    
    		case 'mod':
    			$sql_ary += array(
    				'log_type'	=> LOG_MOD,
    				'forum_id'	=> $forum_id,
    				'topic_id'	=> $topic_id
    			);
    		break;
    
    		case 'user':
    			$sql_ary += array(
    				'log_type'		=> LOG_USERS,
    				'reportee_id'	=> $reportee_id
    			);
    		break;
    
    		case 'critical':
    			$sql_ary['log_type'] = LOG_CRITICAL;
    		break;
    
    		default:
    			return false;
    	}
    
    	$db->sql_query('INSERT INTO ' . LOG_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
    
    	return $db->sql_nextid();
    }
    
    /**
    * Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com)
    */
    function get_backtrace()
    {
    	global $phpbb_root_path;
    
    	$output = '<div style="font-family: monospace;">';
    	$backtrace = debug_backtrace();
    	$path = phpbb_realpath($phpbb_root_path);
    
    	foreach ($backtrace as $number => $trace)
    	{
    		// We skip the first one, because it only shows this file/function
    		if ($number == 0)
    		{
    			continue;
    		}
    
    		// Strip the current directory from path
    		if (empty($trace['file']))
    		{
    			$trace['file'] = '';
    		}
    		else
    		{
    			$trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']);
    			$trace['file'] = substr($trace['file'], 1);
    		}
    		$args = array();
    
    		// If include/require/include_once is not called, do not show arguments - they may contain sensible information
    		if (!in_array($trace['function'], array('include', 'require', 'include_once')))
    		{
    			unset($trace['args']);
    		}
    		else
    		{
    			// Path...
    			if (!empty($trace['args'][0]))
    			{
    				$argument = htmlspecialchars($trace['args'][0]);
    				$argument = str_replace(array($path, '\\'), array('', '/'), $argument);
    				$argument = substr($argument, 1);
    				$args[] = "'{$argument}'";
    			}
    		}
    
    		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
    		$trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];
    
    		$output .= '<br />';
    		$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />';
    		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
    
    		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />';
    	}
    	$output .= '</div>';
    	return $output;
    }
    
    /**
    * This function returns a regular expression pattern for commonly used expressions
    * Use with / as delimiter for email mode and # for url modes
    * mode can be: email|bbcode_htm|url|url_inline|www_url|www_url_inline|relative_url|relative_url_inline|ipv4|ipv6
    */
    function get_preg_expression($mode)
    {
    	switch ($mode)
    	{
    		case 'email':
    			// Regex written by James Watts and Francisco Jose Martin Moreno
    			// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
    			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
    		break;
    
    		case 'bbcode_htm':
    			return array(
    				'#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
    				'#<!\-\- l \-\-><a (?:class="[\w-]+" )?href="(.*?)(?:(&amp;|\?)sid=[0-9a-f]{32})?">.*?</a><!\-\- l \-\->#',
    				'#<!\-\- ([mw]) \-\-><a (?:class="[\w-]+" )?href="(.*?)">.*?</a><!\-\- \1 \-\->#',
    				'#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
    				'#<!\-\- .*? \-\->#s',
    				'#<.*?>#s',
    			);
    		break;
    
    		// Whoa these look impressive!
    		// The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses
    		// can be found in the develop directory
    		case 'ipv4':
    			return '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#';
    		break;
    
    		case 'ipv6':
    			return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i';
    		break;
    
    		case 'url':
    		case 'url_inline':
    			$inline = ($mode == 'url') ? ')' : '';
    			$scheme = ($mode == 'url') ? '[a-z\d+\-.]' : '[a-z\d+]'; // avoid automatic parsing of "word" in "last word.http://..."
    			// generated with regex generation file in the develop folder
    			return "[a-z]$scheme*:/{2}(?:(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
    		break;
    
    		case 'www_url':
    		case 'www_url_inline':
    			$inline = ($mode == 'www_url') ? ')' : '';
    			return "www\.(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})+(?::\d*)?(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
    		break;
    
    		case 'relative_url':
    		case 'relative_url_inline':
    			$inline = ($mode == 'relative_url') ? ')' : '';
    			return "(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
    		break;
    	}
    
    	return '';
    }
    
    /**
    * Generate regexp for naughty words censoring
    * Depends on whether installed PHP version supports unicode properties
    *
    * @param string	$word			word template to be replaced
    * @param bool	$use_unicode	whether or not to take advantage of PCRE supporting unicode
    *
    * @return string $preg_expr		regex to use with word censor
    */
    function get_censor_preg_expression($word, $use_unicode = true)
    {
    	static $unicode_support = null;
    
    	// Check whether PHP version supports unicode properties
    	if (is_null($unicode_support))
    	{
    		$unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
    	}
    
    	// Unescape the asterisk to simplify further conversions
    	$word = str_replace('\*', '*', preg_quote($word, '#'));
    
    	if ($use_unicode && $unicode_support)
    	{
    		// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes
    		$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);
    
    		// Generate the final substitution
    		$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu';
    	}
    	else
    	{
    		// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
    		$word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word);
    
    		// Generate the final substitution
    		$preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu';
    	}
    
    	return $preg_expr;
    }
    
    /**
    * Returns the first block of the specified IPv6 address and as many additional
    * ones as specified in the length paramater.
    * If length is zero, then an empty string is returned.
    * If length is greater than 3 the complete IP will be returned
    */
    function short_ipv6($ip, $length)
    {
    	if ($length < 1)
    	{
    		return '';
    	}
    
    	// extend IPv6 addresses
    	$blocks = substr_count($ip, ':') + 1;
    	if ($blocks < 9)
    	{
    		$ip = str_replace('::', ':' . str_repeat('0000:', 9 - $blocks), $ip);
    	}
    	if ($ip[0] == ':')
    	{
    		$ip = '0000' . $ip;
    	}
    	if ($length < 4)
    	{
    		$ip = implode(':', array_slice(explode(':', $ip), 0, 1 + $length));
    	}
    
    	return $ip;
    }
    
    /**
    * Wrapper for php's checkdnsrr function.
    *
    * @param string $host	Fully-Qualified Domain Name
    * @param string $type	Resource record type to lookup
    *						Supported types are: MX (default), A, AAAA, NS, TXT, CNAME
    *						Other types may work or may not work
    *
    * @return mixed		true if entry found,
    *					false if entry not found,
    *					null if this function is not supported by this environment
    *
    * Since null can also be returned, you probably want to compare the result
    * with === true or === false,
    *
    * @author bantu
    */
    function phpbb_checkdnsrr($host, $type = 'MX')
    {
    	// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
    	if (substr($host, -1) == '.')
    	{
    		$host_fqdn = $host;
    		$host = substr($host, 0, -1);
    	}
    	else
    	{
    		$host_fqdn = $host . '.';
    	}
    	// $host		has format	some.host.example.com
    	// $host_fqdn	has format	some.host.example.com.
    
    	// If we're looking for an A record we can use gethostbyname()
    	if ($type == 'A' && function_exists('gethostbyname'))
    	{
    		return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true;
    	}
    
    	// checkdnsrr() is available on Windows since PHP 5.3,
    	// but until 5.3.3 it only works for MX records
    	// See: http://bugs.php.net/bug.php?id=51844
    
    	// Call checkdnsrr() if
    	// we're looking for an MX record or
    	// we're not on Windows or
    	// we're running a PHP version where #51844 has been fixed
    
    	// checkdnsrr() supports AAAA since 5.0.0
    	// checkdnsrr() supports TXT since 5.2.4
    	if (
    		($type == 'MX' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.3', '>=')) &&
    		($type != 'AAAA' || version_compare(PHP_VERSION, '5.0.0', '>=')) &&
    		($type != 'TXT' || version_compare(PHP_VERSION, '5.2.4', '>=')) &&
    		function_exists('checkdnsrr')
    	)
    	{
    		return checkdnsrr($host_fqdn, $type);
    	}
    
    	// dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows,
    	// but on Windows it does not work reliable for AAAA records before PHP 5.3.1
    
    	// Call dns_get_record() if
    	// we're not looking for an AAAA record or
    	// we're not on Windows or
    	// we're running a PHP version where AAAA lookups work reliable
    	if (
    		($type != 'AAAA' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.1', '>=')) &&
    		function_exists('dns_get_record')
    	)
    	{
    		// dns_get_record() expects an integer as second parameter
    		// We have to convert the string $type to the corresponding integer constant.
    		$type_constant = 'DNS_' . $type;
    		$type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY;
    
    		// dns_get_record() might throw E_WARNING and return false for records that do not exist
    		$resultset = @dns_get_record($host_fqdn, $type_param);
    
    		if (empty($resultset) || !is_array($resultset))
    		{
    			return false;
    		}
    		else if ($type_param == DNS_ANY)
    		{
    			// $resultset is a non-empty array
    			return true;
    		}
    
    		foreach ($resultset as $result)
    		{
    			if (
    				isset($result['host']) && $result['host'] == $host &&
    				isset($result['type']) && $result['type'] == $type
    			)
    			{
    				return true;
    			}
    		}
    
    		return false;
    	}
    
    	// If we're on Windows we can still try to call nslookup via exec() as a last resort
    	if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec'))
    	{
    		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output);
    
    		// If output is empty, the nslookup failed
    		if (empty($output))
    		{
    			return NULL;
    		}
    
    		foreach ($output as $line)
    		{
    			$line = trim($line);
    
    			if (empty($line))
    			{
    				continue;
    			}
    
    			// Squash tabs and multiple whitespaces to a single whitespace.
    			$line = preg_replace('/\s+/', ' ', $line);
    
    			switch ($type)
    			{
    				case 'MX':
    					if (stripos($line, "$host MX") === 0)
    					{
    						return true;
    					}
    				break;
    
    				case 'NS':
    					if (stripos($line, "$host nameserver") === 0)
    					{
    						return true;
    					}
    				break;
    
    				case 'TXT':
    					if (stripos($line, "$host text") === 0)
    					{
    						return true;
    					}
    				break;
    
    				case 'CNAME':
    					if (stripos($line, "$host canonical name") === 0)
    					{
    						return true;
    					}
    
    				default:
    				case 'A':
    				case 'AAAA':
    					if (!empty($host_matches))
    					{
    						// Second line
    						if (stripos($line, "Address: ") === 0)
    						{
    							return true;
    						}
    						else
    						{
    							$host_matches = false;
    						}
    					}
    					else if (stripos($line, "Name: $host") === 0)
    					{
    						// First line
    						$host_matches = true;
    					}
    				break;
    			}
    		}
    
    		return false;
    	}
    
    	return NULL;
    }
    
    // Handler, header and footer
    
    /**
    * Error and message handler, call with trigger_error if reqd
    */
    function msg_handler($errno, $msg_text, $errfile, $errline)
    {
    	global $cache, $db, $auth, $template, $config, $user;
    	global $phpEx, $phpbb_root_path, $msg_title, $msg_long_text;
    
    	// Do not display notices if we suppress them via @
    	if (error_reporting() == 0 && $errno != E_USER_ERROR && $errno != E_USER_WARNING && $errno != E_USER_NOTICE)
    	{
    		return;
    	}
    
    	// Message handler is stripping text. In case we need it, we are possible to define long text...
    	if (isset($msg_long_text) && $msg_long_text && !$msg_text)
    	{
    		$msg_text = $msg_long_text;
    	}
    
    	if (!defined('E_DEPRECATED'))
    	{
    		define('E_DEPRECATED', 8192);
    	}
    
    	switch ($errno)
    	{
    		case E_NOTICE:
    		case E_WARNING:
    
    			// Check the error reporting level and return if the error level does not match
    			// If DEBUG is defined the default level is E_ALL
    			if (($errno & ((defined('DEBUG')) ? E_ALL : error_reporting())) == 0)
    			{
    				return;
    			}
    
    			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
    			{
    				// remove complete path to installation, with the risk of changing backslashes meant to be there
    				$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
    				$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
    				$error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';
    				echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
    
    				// we are writing an image - the user won't see the debug, so let's place it in the log
    				if (defined('IMAGE_OUTPUT') || defined('IN_CRON'))
    				{
    					add_log('critical', 'LOG_IMAGE_GENERATION_ERROR', $errfile, $errline, $msg_text);
    				}
    				// echo '<br /><br />BACKTRACE<br />' . get_backtrace() . '<br />' . "\n";
    			}
    
    			return;
    
    		break;
    
    		case E_USER_ERROR:
    
    			if (!empty($user) && !empty($user->lang))
    			{
    				$msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text;
    				$msg_title = (!isset($msg_title)) ? $user->lang['GENERAL_ERROR'] : ((!empty($user->lang[$msg_title])) ? $user->lang[$msg_title] : $msg_title);
    
    				$l_return_index = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $phpbb_root_path . '">', '</a>');
    				$l_notify = '';
    
    				if (!empty($config['board_contact']))
    				{
    					$l_notify = '<p>' . sprintf($user->lang['NOTIFY_ADMIN_EMAIL'], $config['board_contact']) . '</p>';
    				}
    			}
    			else
    			{
    				$msg_title = 'General Error';
    				$l_return_index = '<a href="' . $phpbb_root_path . '">Return to index page</a>';
    				$l_notify = '';
    
    				if (!empty($config['board_contact']))
    				{
    					$l_notify = '<p>Please notify the board administrator or webmaster: <a href="mailto:' . $config['board_contact'] . '">' . $config['board_contact'] . '</a></p>';
    				}
    			}
    
    			if ((defined('DEBUG') || defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db))
    			{
    				// let's avoid loops
    				$db->sql_return_on_error(true);
    				add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $msg_text);
    				$db->sql_return_on_error(false);
    			}
    
    			// Do not send 200 OK, but service unavailable on errors
    			send_status_line(503, 'Service Unavailable');
    
    			garbage_collection();
    
    			// Try to not call the adm page data...
    
    			echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
    			echo '<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">';
    			echo '<head>';
    			echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
    			echo '<title>' . $msg_title . '</title>';
    			echo '<style type="text/css">' . "\n" . '/* <![CDATA[ */' . "\n";
    			echo '* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } ';
    			echo 'a:link, a:active, a:visited { color: #006699; text-decoration: none; } a:hover { color: #DD6900; text-decoration: underline; } ';
    			echo '#wrap { padding: 0 20px 15px 20px; min-width: 615px; } #page-header { text-align: right; height: 40px; } #page-footer { clear: both; font-size: 1em; text-align: center; } ';
    			echo '.panel { margin: 4px 0; background-color: #FFFFFF; border: solid 1px  #A9B8C2; } ';
    			echo '#errorpage #page-header a { font-weight: bold; line-height: 6em; } #errorpage #content { padding: 10px; } #errorpage #content h1 { line-height: 1.2em; margin-bottom: 0; color: #DF075C; } ';
    			echo '#errorpage #content div { margin-top: 20px; margin-bottom: 5px; border-bottom: 1px solid #CCCCCC; padding-bottom: 5px; color: #333333; font: bold 1.2em "Lucida Grande", Arial, Helvetica, sans-serif; text-decoration: none; line-height: 120%; text-align: left; } ';
    			echo "\n" . '/* ]]> */' . "\n";
    			echo '</style>';
    			echo '</head>';
    			echo '<body id="errorpage">';
    			echo '<div id="wrap">';
    			echo '	<div id="page-header">';
    			echo '		' . $l_return_index;
    			echo '	</div>';
    			echo '	<div id="acp">';
    			echo '	<div class="panel">';
    			echo '		<div id="content">';
    			echo '			<h1>' . $msg_title . '</h1>';
    
    			echo '			<div>' . $msg_text . '</div>';
    
    			echo $l_notify;
    
    			echo '		</div>';
    			echo '	</div>';
    			echo '	</div>';
    			echo '	<div id="page-footer">';
    			echo '		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
    			echo '	</div>';
    			echo '</div>';
    			echo '</body>';
    			echo '</html>';
    
    			exit_handler();
    
    			// On a fatal error (and E_USER_ERROR *is* fatal) we never want other scripts to continue and force an exit here.
    			exit;
    		break;
    
    		case E_USER_WARNING:
    		case E_USER_NOTICE:
    
    			define('IN_ERROR_HANDLER', true);
    
    			if (empty($user->data))
    			{
    				$user->session_begin();
    			}
    
    			// We re-init the auth array to get correct results on login/logout
    			$auth->acl($user->data);
    
    			if (empty($user->lang))
    			{
    				$user->setup();
    			}
    
    			if ($msg_text == 'ERROR_NO_ATTACHMENT' || $msg_text == 'NO_FORUM' || $msg_text == 'NO_TOPIC' || $msg_text == 'NO_USER')
    			{
    				send_status_line(404, 'Not Found');
    			}
    
    			$msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text;
    			$msg_title = (!isset($msg_title)) ? $user->lang['INFORMATION'] : ((!empty($user->lang[$msg_title])) ? $user->lang[$msg_title] : $msg_title);
    
    			if (!defined('HEADER_INC'))
    			{
    				if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    				{
    					adm_page_header($msg_title);
    				}
    				else
    				{
    					page_header($msg_title, false);
    				}
    			}
    
    			$template->set_filenames(array(
    				'body' => 'message_body.html')
    			);
    
    			$template->assign_vars(array(
    				'MESSAGE_TITLE'		=> $msg_title,
    				'MESSAGE_TEXT'		=> $msg_text,
    				'S_USER_WARNING'	=> ($errno == E_USER_WARNING) ? true : false,
    				'S_USER_NOTICE'		=> ($errno == E_USER_NOTICE) ? true : false)
    			);
    
    			// We do not want the cron script to be called on error messages
    			define('IN_CRON', true);
    
    			if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
    			{
    				adm_page_footer();
    			}
    			else
    			{
    				page_footer();
    			}
    
    			exit_handler();
    		break;
    
    		// PHP4 compatibility
    		case E_DEPRECATED:
    			return true;
    		break;
    	}
    
    	// If we notice an error not handled here we pass this back to PHP by returning false
    	// This may not work for all php versions
    	return false;
    }
    
    /**
    * Queries the session table to get information about online guests
    * @param int $item_id Limits the search to the item with this id
    * @param string $item The name of the item which is stored in the session table as session_{$item}_id
    * @return int The number of active distinct guest sessions
    */
    function obtain_guest_count($item_id = 0, $item = 'forum')
    {
    	global $db, $config;
    
    	if ($item_id)
    	{
    		$reading_sql = ' AND s.session_' . $item . '_id = ' . (int) $item_id;
    	}
    	else
    	{
    		$reading_sql = '';
    	}
    	$time = (time() - (intval($config['load_online_time']) * 60));
    
    	// Get number of online guests
    
    	if ($db->sql_layer === 'sqlite')
    	{
    		$sql = 'SELECT COUNT(session_ip) as num_guests
    			FROM (
    				SELECT DISTINCT s.session_ip
    				FROM ' . SESSIONS_TABLE . ' s
    				WHERE s.session_user_id = ' . ANONYMOUS . '
    					AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
    				$reading_sql .
    			')';
    	}
    	else
    	{
    		$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests
    			FROM ' . SESSIONS_TABLE . ' s
    			WHERE s.session_user_id = ' . ANONYMOUS . '
    				AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
    			$reading_sql;
    	}
    	$result = $db->sql_query($sql);
    	$guests_online = (int) $db->sql_fetchfield('num_guests');
    	$db->sql_freeresult($result);
    
    	return $guests_online;
    }
    
    /**
    * Queries the session table to get information about online users
    * @param int $item_id Limits the search to the item with this id
    * @param string $item The name of the item which is stored in the session table as session_{$item}_id
    * @return array An array containing the ids of online, hidden and visible users, as well as statistical info
    */
    function obtain_users_online($item_id = 0, $item = 'forum')
    {
    	global $db, $config, $user;
    
    	$reading_sql = '';
    	if ($item_id !== 0)
    	{
    		$reading_sql = ' AND s.session_' . $item . '_id = ' . (int) $item_id;
    	}
    
    	$online_users = array(
    		'online_users'			=> array(),
    		'hidden_users'			=> array(),
    		'total_online'			=> 0,
    		'visible_online'		=> 0,
    		'hidden_online'			=> 0,
    		'guests_online'			=> 0,
    	);
    
    	if ($config['load_online_guests'])
    	{
    		$online_users['guests_online'] = obtain_guest_count($item_id, $item);
    	}
    
    	// a little discrete magic to cache this for 30 seconds
    	$time = (time() - (intval($config['load_online_time']) * 60));
    
    	$sql = 'SELECT s.session_user_id, s.session_ip, s.session_viewonline
    		FROM ' . SESSIONS_TABLE . ' s
    		WHERE s.session_time >= ' . ($time - ((int) ($time % 30))) .
    			$reading_sql .
    		' AND s.session_user_id <> ' . ANONYMOUS;
    	$result = $db->sql_query($sql);
    
    	while ($row = $db->sql_fetchrow($result))
    	{
    		// Skip multiple sessions for one user
    		if (!isset($online_users['online_users'][$row['session_user_id']]))
    		{
    			$online_users['online_users'][$row['session_user_id']] = (int) $row['session_user_id'];
    			if ($row['session_viewonline'])
    			{
    				$online_users['visible_online']++;
    			}
    			else
    			{
    				$online_users['hidden_users'][$row['session_user_id']] = (int) $row['session_user_id'];
    				$online_users['hidden_online']++;
    			}
    		}
    	}
    	$online_users['total_online'] = $online_users['guests_online'] + $online_users['visible_online'] + $online_users['hidden_online'];
    	$db->sql_freeresult($result);
    
    	return $online_users;
    }
    
    /**
    * Uses the result of obtain_users_online to generate a localized, readable representation.
    * @param mixed $online_users result of obtain_users_online - array with user_id lists for total, hidden and visible users, and statistics
    * @param int $item_id Indicate that the data is limited to one item and not global
    * @param string $item The name of the item which is stored in the session table as session_{$item}_id
    * @return array An array containing the string for output to the template
    */
    function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum')
    {
    	global $config, $db, $user, $auth;
    
    	$user_online_link = $online_userlist = '';
    	// Need caps version of $item for language-strings
    	$item_caps = strtoupper($item);
    
    	if (sizeof($online_users['online_users']))
    	{
    		$sql = 'SELECT username, username_clean, user_id, user_type, user_allow_viewonline, user_colour
    				FROM ' . USERS_TABLE . '
    				WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . '
    				ORDER BY username_clean ASC';
    		$result = $db->sql_query($sql);
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			// User is logged in and therefore not a guest
    			if ($row['user_id'] != ANONYMOUS)
    			{
    				if (isset($online_users['hidden_users'][$row['user_id']]))
    				{
    					$row['username'] = '<em>' . $row['username'] . '</em>';
    				}
    
    				if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline'))
    				{
    					$user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
    					$online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
    				}
    			}
    		}
    		$db->sql_freeresult($result);
    	}
    
    	if (!$online_userlist)
    	{
    		$online_userlist = $user->lang['NO_ONLINE_USERS'];
    	}
    
    	if ($item_id === 0)
    	{
    		$online_userlist = $user->lang['REGISTERED_USERS'] . ' ' . $online_userlist;
    	}
    	else if ($config['load_online_guests'])
    	{
    		$l_online = ($online_users['guests_online'] === 1) ? $user->lang['BROWSING_' . $item_caps . '_GUEST'] : $user->lang['BROWSING_' . $item_caps . '_GUESTS'];
    		$online_userlist = sprintf($l_online, $online_userlist, $online_users['guests_online']);
    	}
    	else
    	{
    		$online_userlist = sprintf($user->lang['BROWSING_' . $item_caps], $online_userlist);
    	}
    	// Build online listing
    	$vars_online = array(
    		'ONLINE'	=> array('total_online', 'l_t_user_s', 0),
    		'REG'		=> array('visible_online', 'l_r_user_s', !$config['load_online_guests']),
    		'HIDDEN'	=> array('hidden_online', 'l_h_user_s', $config['load_online_guests']),
    		'GUEST'		=> array('guests_online', 'l_g_user_s', 0)
    	);
    
    	foreach ($vars_online as $l_prefix => $var_ary)
    	{
    		if ($var_ary[2])
    		{
    			$l_suffix = '_AND';
    		}
    		else
    		{
    			$l_suffix = '';
    		}
    		switch ($online_users[$var_ary[0]])
    		{
    			case 0:
    				${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_ZERO_TOTAL' . $l_suffix];
    			break;
    
    			case 1:
    				${$var_ary[1]} = $user->lang[$l_prefix . '_USER_TOTAL' . $l_suffix];
    			break;
    
    			default:
    				${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_TOTAL' . $l_suffix];
    			break;
    		}
    	}
    	unset($vars_online);
    
    	$l_online_users = sprintf($l_t_user_s, $online_users['total_online']);
    	$l_online_users .= sprintf($l_r_user_s, $online_users['visible_online']);
    	$l_online_users .= sprintf($l_h_user_s, $online_users['hidden_online']);
    
    	if ($config['load_online_guests'])
    	{
    		$l_online_users .= sprintf($l_g_user_s, $online_users['guests_online']);
    	}
    
    
    
    	return array(
    		'online_userlist'	=> $online_userlist,
    		'l_online_users'	=> $l_online_users,
    	);
    }
    
    /**
    * Get option bitfield from custom data
    *
    * @param int	$bit		The bit/value to get
    * @param int	$data		Current bitfield to check
    * @return bool	Returns true if value of constant is set in bitfield, else false
    */
    function phpbb_optionget($bit, $data)
    {
    	return ($data & 1 << (int) $bit) ? true : false;
    }
    
    /**
    * Set option bitfield
    *
    * @param int	$bit		The bit/value to set/unset
    * @param bool	$set		True if option should be set, false if option should be unset.
    * @param int	$data		Current bitfield to change
    *
    * @return int	The new bitfield
    */
    function phpbb_optionset($bit, $set, $data)
    {
    	if ($set && !($data & 1 << $bit))
    	{
    		$data += 1 << $bit;
    	}
    	else if (!$set && ($data & 1 << $bit))
    	{
    		$data -= 1 << $bit;
    	}
    
    	return $data;
    }
    
    /**
    * Login using http authenticate.
    *
    * @param array	$param		Parameter array, see $param_defaults array.
    *
    * @return void
    */
    function phpbb_http_login($param)
    {
    	global $auth, $user;
    	global $config;
    
    	$param_defaults = array(
    		'auth_message'	=> '',
    
    		'autologin'		=> false,
    		'viewonline'	=> true,
    		'admin'			=> false,
    	);
    
    	// Overwrite default values with passed values
    	$param = array_merge($param_defaults, $param);
    
    	// User is already logged in
    	// We will not overwrite his session
    	if (!empty($user->data['is_registered']))
    	{
    		return;
    	}
    
    	// $_SERVER keys to check
    	$username_keys = array(
    		'PHP_AUTH_USER',
    		'Authorization',
    		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
    		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
    		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
    		'AUTH_USER',
    	);
    
    	$password_keys = array(
    		'PHP_AUTH_PW',
    		'REMOTE_PASSWORD',
    		'AUTH_PASSWORD',
    	);
    
    	$username = null;
    	foreach ($username_keys as $k)
    	{
    		if (isset($_SERVER[$k]))
    		{
    			$username = $_SERVER[$k];
    			break;
    		}
    	}
    
    	$password = null;
    	foreach ($password_keys as $k)
    	{
    		if (isset($_SERVER[$k]))
    		{
    			$password = $_SERVER[$k];
    			break;
    		}
    	}
    
    	// Decode encoded information (IIS, CGI, FastCGI etc.)
    	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
    	{
    		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
    	}
    
    	if (!is_null($username) && !is_null($password))
    	{
    		set_var($username, $username, 'string', true);
    		set_var($password, $password, 'string', true);
    
    		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
    
    		if ($auth_result['status'] == LOGIN_SUCCESS)
    		{
    			return;
    		}
    		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
    		{
    			send_status_line(401, 'Unauthorized');
    
    			trigger_error('NOT_AUTHORISED');
    		}
    	}
    
    	// Prepend sitename to auth_message
    	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
    
    	// We should probably filter out non-ASCII characters - RFC2616
    	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
    
    	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
    	send_status_line(401, 'Unauthorized');
    
    	trigger_error('NOT_AUTHORISED');
    }
    
    /**
    * Generate page header
    */
    function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
    {
    	global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path;
    
    	if (defined('HEADER_INC'))
    	{
    		return;
    	}
    
    	define('HEADER_INC', true);
    
    	// gzip_compression
    	if ($config['gzip_compress'])
    	{
    		// to avoid partially compressed output resulting in blank pages in
    		// the browser or error messages, compression is disabled in a few cases:
    		//
    		// 1) if headers have already been sent, this indicates plaintext output
    		//    has been started so further content must not be compressed
    		// 2) the length of the current output buffer is non-zero. This means
    		//    there is already some uncompressed content in this output buffer
    		//    so further output must not be compressed
    		// 3) if more than one level of output buffering is used because we
    		//    cannot test all output buffer level content lengths. One level
    		//    could be caused by php.ini output_buffering. Anything
    		//    beyond that is manual, so the code wrapping phpBB in output buffering
    		//    can easily compress the output itself.
    		//
    		if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)
    		{
    			ob_start('ob_gzhandler');
    		}
    	}
    
    	// Generate logged in/logged out status
    	if ($user->data['user_id'] != ANONYMOUS)
    	{
    		$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id);
    		$l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']);
    	}
    	else
    	{
    		$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login');
    		$l_login_logout = $user->lang['LOGIN'];
    	}
    
    	// Last visit date/time
    	$s_last_visit = ($user->data['user_id'] != ANONYMOUS) ? $user->format_date($user->data['session_last_visit']) : '';
    
    	// Get users online list ... if required
    	$l_online_users = $online_userlist = $l_online_record = $l_online_time = '';
    
    	if ($config['load_online'] && $config['load_online_time'] && $display_online_list)
    	{
    		/**
    		* Load online data:
    		* For obtaining another session column use $item and $item_id in the function-parameter, whereby the column is session_{$item}_id.
    		*/
    		$item_id = max($item_id, 0);
    
    		$online_users = obtain_users_online($item_id, $item);
    		$user_online_strings = obtain_users_online_string($online_users, $item_id, $item);
    
    		$l_online_users = $user_online_strings['l_online_users'];
    		$online_userlist = $user_online_strings['online_userlist'];
    		$total_online_users = $online_users['total_online'];
    
    		if ($total_online_users > $config['record_online_users'])
    		{
    			set_config('record_online_users', $total_online_users, true);
    			set_config('record_online_date', time(), true);
    		}
    
    		$l_online_record = sprintf($user->lang['RECORD_ONLINE_USERS'], $config['record_online_users'], $user->format_date($config['record_online_date'], false, true));
    
    		$l_online_time = ($config['load_online_time'] == 1) ? 'VIEW_ONLINE_TIME' : 'VIEW_ONLINE_TIMES';
    		$l_online_time = sprintf($user->lang[$l_online_time], $config['load_online_time']);
    	}
    
    	$l_privmsgs_text = $l_privmsgs_text_unread = '';
    	$s_privmsg_new = false;
    
    	// Obtain number of new private messages if user is logged in
    	if (!empty($user->data['is_registered']))
    	{
    		if ($user->data['user_new_privmsg'])
    		{
    			$l_message_new = ($user->data['user_new_privmsg'] == 1) ? $user->lang['NEW_PM'] : $user->lang['NEW_PMS'];
    			$l_privmsgs_text = sprintf($l_message_new, $user->data['user_new_privmsg']);
    
    			if (!$user->data['user_last_privmsg'] || $user->data['user_last_privmsg'] > $user->data['session_last_visit'])
    			{
    				$sql = 'UPDATE ' . USERS_TABLE . '
    					SET user_last_privmsg = ' . $user->data['session_last_visit'] . '
    					WHERE user_id = ' . $user->data['user_id'];
    				$db->sql_query($sql);
    
    				$s_privmsg_new = true;
    			}
    			else
    			{
    				$s_privmsg_new = false;
    			}
    		}
    		else
    		{
    			$l_privmsgs_text = $user->lang['NO_NEW_PM'];
    			$s_privmsg_new = false;
    		}
    
    		$l_privmsgs_text_unread = '';
    
    		if ($user->data['user_unread_privmsg'] && $user->data['user_unread_privmsg'] != $user->data['user_new_privmsg'])
    		{
    			$l_message_unread = ($user->data['user_unread_privmsg'] == 1) ? $user->lang['UNREAD_PM'] : $user->lang['UNREAD_PMS'];
    			$l_privmsgs_text_unread = sprintf($l_message_unread, $user->data['user_unread_privmsg']);
    		}
    	}
    
    	$forum_id = request_var('f', 0);
    	$topic_id = request_var('t', 0);
    
    	$s_feed_news = false;
    
    	// Get option for news
    	if ($config['feed_enable'])
    	{
    		$sql = 'SELECT forum_id
    			FROM ' . FORUMS_TABLE . '
    			WHERE ' . $db->sql_bit_and('forum_options', FORUM_OPTION_FEED_NEWS, '<> 0');
    		$result = $db->sql_query_limit($sql, 1, 0, 600);
    		$s_feed_news = (int) $db->sql_fetchfield('forum_id');
    		$db->sql_freeresult($result);
    	}
    
    	// Determine board url - we may need it later
    	$board_url = generate_board_url() . '/';
    	$web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $phpbb_root_path;
    
    	// Which timezone?
    	$tz = ($user->data['user_id'] != ANONYMOUS) ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone']));
    
    	// Send a proper content-language to the output
    	$user_lang = $user->lang['USER_LANG'];
    	if (strpos($user_lang, '-x-') !== false)
    	{
    		$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
    	}
    
    	$s_search_hidden_fields = array();
    	if ($_SID)
    	{
    		$s_search_hidden_fields['sid'] = $_SID;
    	}
    
    	// The following assigns all _common_ variables that may be used at any point in a template.
    	$template->assign_vars(array(
    		'SITENAME'						=> $config['sitename'],
    		'SITE_DESCRIPTION'				=> $config['site_desc'],
    		'PAGE_TITLE'					=> $page_title,
    		'SCRIPT_NAME'					=> str_replace('.' . $phpEx, '', $user->page['page_name']),
    		'LAST_VISIT_DATE'				=> sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit),
    		'LAST_VISIT_YOU'				=> $s_last_visit,
    		'CURRENT_TIME'					=> sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)),
    		'TOTAL_USERS_ONLINE'			=> $l_online_users,
    		'LOGGED_IN_USER_LIST'			=> $online_userlist,
    		'RECORD_USERS'					=> $l_online_record,
    		'PRIVATE_MESSAGE_INFO'			=> $l_privmsgs_text,
    		'PRIVATE_MESSAGE_INFO_UNREAD'	=> $l_privmsgs_text_unread,
    
    		'S_USER_NEW_PRIVMSG'			=> $user->data['user_new_privmsg'],
    		'S_USER_UNREAD_PRIVMSG'			=> $user->data['user_unread_privmsg'],
    		'S_USER_NEW'					=> $user->data['user_new'],
    
    		'SID'				=> $SID,
    		'_SID'				=> $_SID,
    		'SESSION_ID'		=> $user->session_id,
    		'ROOT_PATH'			=> $phpbb_root_path,
    		'BOARD_URL'			=> $board_url,
    
    		'L_LOGIN_LOGOUT'	=> $l_login_logout,
    		'L_INDEX'			=> $user->lang['FORUM_INDEX'],
    		'L_ONLINE_EXPLAIN'	=> $l_online_time,
    
    		'U_PRIVATEMSGS'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
    		'U_RETURN_INBOX'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
    		'U_POPUP_PM'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup'),
    		'UA_POPUP_PM'			=> addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup')),
    		'U_MEMBERLIST'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx"),
    		'U_VIEWONLINE'			=> ($auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) ? append_sid("{$phpbb_root_path}viewonline.$phpEx") : '',
    		'U_LOGIN_LOGOUT'		=> $u_login_logout,
    		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
    		'U_SEARCH'				=> append_sid("{$phpbb_root_path}search.$phpEx"),
    		'U_REGISTER'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
    		'U_PROFILE'				=> append_sid("{$phpbb_root_path}ucp.$phpEx"),
    		'U_MODCP'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", false, true, $user->session_id),
    		'U_FAQ'					=> append_sid("{$phpbb_root_path}faq.$phpEx"),
    		'U_SEARCH_SELF'			=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=egosearch'),
    		'U_SEARCH_NEW'			=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=newposts'),
    		'U_SEARCH_UNANSWERED'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
    		'U_SEARCH_UNREAD'		=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'),
    		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
    		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
    		'U_TEAM'				=> ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'),
    		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
    		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
    		'U_RESTORE_PERMISSIONS'	=> ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
    		'U_FEED'				=> generate_board_url() . "/feed.$phpEx",
    
    		'S_USER_LOGGED_IN'		=> ($user->data['user_id'] != ANONYMOUS) ? true : false,
    		'S_AUTOLOGIN_ENABLED'	=> ($config['allow_autologin']) ? true : false,
    		'S_BOARD_DISABLED'		=> ($config['board_disable']) ? true : false,
    		'S_REGISTERED_USER'		=> (!empty($user->data['is_registered'])) ? true : false,
    		'S_IS_BOT'				=> (!empty($user->data['is_bot'])) ? true : false,
    		'S_USER_PM_POPUP'		=> $user->optionget('popuppm'),
    		'S_USER_LANG'			=> $user_lang,
    		'S_USER_BROWSER'		=> (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
    		'S_USERNAME'			=> $user->data['username'],
    		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
    		'S_CONTENT_FLOW_BEGIN'	=> ($user->lang['DIRECTION'] == 'ltr') ? 'left' : 'right',
    		'S_CONTENT_FLOW_END'	=> ($user->lang['DIRECTION'] == 'ltr') ? 'right' : 'left',
    		'S_CONTENT_ENCODING'	=> 'UTF-8',
    		'S_TIMEZONE'			=> ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''),
    		'S_DISPLAY_ONLINE_LIST'	=> ($l_online_time) ? 1 : 0,
    		'S_DISPLAY_SEARCH'		=> (!$config['load_search']) ? 0 : (isset($auth) ? ($auth->acl_get('u_search') && $auth->acl_getf_global('f_search')) : 1),
    		'S_DISPLAY_PM'			=> ($config['allow_privmsg'] && !empty($user->data['is_registered']) && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
    		'S_DISPLAY_MEMBERLIST'	=> (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0,
    		'S_NEW_PM'				=> ($s_privmsg_new) ? 1 : 0,
    		'S_REGISTER_ENABLED'	=> ($config['require_activation'] != USER_ACTIVATION_DISABLE) ? true : false,
    		'S_FORUM_ID'			=> $forum_id,
    		'S_TOPIC_ID'			=> $topic_id,
    
    		'S_LOGIN_ACTION'		=> ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)),
    		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => build_url())),
    
    		'S_ENABLE_FEEDS'			=> ($config['feed_enable']) ? true : false,
    		'S_ENABLE_FEEDS_OVERALL'	=> ($config['feed_overall']) ? true : false,
    		'S_ENABLE_FEEDS_FORUMS'		=> ($config['feed_overall_forums']) ? true : false,
    		'S_ENABLE_FEEDS_TOPICS'		=> ($config['feed_topics_new']) ? true : false,
    		'S_ENABLE_FEEDS_TOPICS_ACTIVE'	=> ($config['feed_topics_active']) ? true : false,
    		'S_ENABLE_FEEDS_NEWS'		=> ($s_feed_news) ? true : false,
    
    		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
    
    		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
    
    		'T_THEME_PATH'			=> "{$web_path}styles/" . $user->theme['theme_path'] . '/theme',
    		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . $user->theme['template_path'] . '/template',
    		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template',
    		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset',
    		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name,
    		'T_IMAGES_PATH'			=> "{$web_path}images/",
    		'T_SMILIES_PATH'		=> "{$web_path}{$config['smilies_path']}/",
    		'T_AVATAR_PATH'			=> "{$web_path}{$config['avatar_path']}/",
    		'T_AVATAR_GALLERY_PATH'	=> "{$web_path}{$config['avatar_gallery_path']}/",
    		'T_ICONS_PATH'			=> "{$web_path}{$config['icons_path']}/",
    		'T_RANKS_PATH'			=> "{$web_path}{$config['ranks_path']}/",
    		'T_UPLOAD_PATH'			=> "{$web_path}{$config['upload_path']}/",
    		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name),
    		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'],
    
    		'T_THEME_NAME'			=> $user->theme['theme_path'],
    		'T_TEMPLATE_NAME'		=> $user->theme['template_path'],
    		'T_SUPER_TEMPLATE_NAME'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path'],
    		'T_IMAGESET_NAME'		=> $user->theme['imageset_path'],
    		'T_IMAGESET_LANG_NAME'	=> $user->data['user_lang'],
    		'T_IMAGES'				=> 'images',
    		'T_SMILIES'				=> $config['smilies_path'],
    		'T_AVATAR'				=> $config['avatar_path'],
    		'T_AVATAR_GALLERY'		=> $config['avatar_gallery_path'],
    		'T_ICONS'				=> $config['icons_path'],
    		'T_RANKS'				=> $config['ranks_path'],
    		'T_UPLOAD'				=> $config['upload_path'],
    
    		'SITE_LOGO_IMG'			=> $user->img('site_logo'),
    
    		'A_COOKIE_SETTINGS'		=> addslashes('; path=' . $config['cookie_path'] . ((!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']) . ((!$config['cookie_secure']) ? '' : '; secure')),
    	));
    
    	// application/xhtml+xml not used because of IE
    	header('Content-type: text/html; charset=UTF-8');
    
    	header('Cache-Control: private, no-cache="set-cookie"');
    	header('Expires: 0');
    	header('Pragma: no-cache');
    
    	return;
    }
    
    /**
    * Generate page footer
    */
    function page_footer($run_cron = true)
    {
    	global $db, $config, $template, $user, $auth, $cache, $starttime, $phpbb_root_path, $phpEx;
    
    	// Output page creation time
    	if (defined('DEBUG'))
    	{
    		$mtime = explode(' ', microtime());
    		$totaltime = $mtime[0] + $mtime[1] - $starttime;
    
    		if (!empty($_REQUEST['explain']) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))
    		{
    			$db->sql_report('display');
    		}
    
    		$debug_output = sprintf('Time : %.3fs | ' . $db->sql_num_queries() . ' Queries | GZIP : ' . (($config['gzip_compress'] && @extension_loaded('zlib')) ? 'On' : 'Off') . (($user->load) ? ' | Load : ' . $user->load : ''), $totaltime);
    
    		if ($auth->acl_get('a_') && defined('DEBUG_EXTRA'))
    		{
    			if (function_exists('memory_get_usage'))
    			{
    				if ($memory_usage = memory_get_usage())
    				{
    					global $base_memory_usage;
    					$memory_usage -= $base_memory_usage;
    					$memory_usage = get_formatted_filesize($memory_usage);
    
    					$debug_output .= ' | Memory Usage: ' . $memory_usage;
    				}
    			}
    
    			$debug_output .= ' | <a href="' . build_url() . '&amp;explain=1">Explain</a>';
    		}
    	}
    
    	$template->assign_vars(array(
    		'DEBUG_OUTPUT'			=> (defined('DEBUG')) ? $debug_output : '',
    		'TRANSLATION_INFO'		=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
    
    		'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
    	);
    
    	// Call cron-type script
    	$call_cron = false;
    	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])
    	{
    		$call_cron = true;
    		$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
    
    		// Any old lock present?
    		if (!empty($config['cron_lock']))
    		{
    			$cron_time = explode(' ', $config['cron_lock']);
    
    			// If 1 hour lock is present we do not call cron.php
    			if ($cron_time[0] + 3600 >= $time_now)
    			{
    				$call_cron = false;
    			}
    		}
    	}
    
    	// Call cron job?
    	if ($call_cron)
    	{
    		$cron_type = '';
    
    		if ($time_now - $config['queue_interval'] > $config['last_queue_run'] && !defined('IN_ADMIN') && file_exists($phpbb_root_path . 'cache/queue.' . $phpEx))
    		{
    			// Process email queue
    			$cron_type = 'queue';
    		}
    		else if (method_exists($cache, 'tidy') && $time_now - $config['cache_gc'] > $config['cache_last_gc'])
    		{
    			// Tidy the cache
    			$cron_type = 'tidy_cache';
    		}
    		else if ($config['warnings_expire_days'] && ($time_now - $config['warnings_gc'] > $config['warnings_last_gc']))
    		{
    			$cron_type = 'tidy_warnings';
    		}
    		else if ($time_now - $config['database_gc'] > $config['database_last_gc'])
    		{
    			// Tidy the database
    			$cron_type = 'tidy_database';
    		}
    		else if ($time_now - $config['search_gc'] > $config['search_last_gc'])
    		{
    			// Tidy the search
    			$cron_type = 'tidy_search';
    		}
    		else if ($time_now - $config['session_gc'] > $config['session_last_gc'])
    		{
    			$cron_type = 'tidy_sessions';
    		}
    
    		if ($cron_type)
    		{
    			$template->assign_var('RUN_CRON_TASK', '<img src="' . append_sid($phpbb_root_path . 'cron.' . $phpEx, 'cron_type=' . $cron_type) . '" width="1" height="1" alt="cron" />');
    		}
    	}
    
    	$template->display('body');
    
    	garbage_collection();
    	exit_handler();
    }
    
    /**
    * Closing the cache object and the database
    * Cool function name, eh? We might want to add operations to it later
    */
    function garbage_collection()
    {
    	global $cache, $db;
    
    	// Unload cache, must be done before the DB connection if closed
    	if (!empty($cache))
    	{
    		$cache->unload();
    	}
    
    	// Close our DB connection.
    	if (!empty($db))
    	{
    		$db->sql_close();
    	}
    }
    
    /**
    * Handler for exit calls in phpBB.
    * This function supports hooks.
    *
    * Note: This function is called after the template has been outputted.
    */
    function exit_handler()
    {
    	global $phpbb_hook, $config;
    
    	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__))
    	{
    		if ($phpbb_hook->hook_return(__FUNCTION__))
    		{
    			return $phpbb_hook->hook_return_result(__FUNCTION__);
    		}
    	}
    
    	// As a pre-caution... some setups display a blank page if the flush() is not there.
    	(ob_get_level() > 0) ? @ob_flush() : @flush();
    
    	exit;
    }
    
    /**
    * Handler for init calls in phpBB. This function is called in user::setup();
    * This function supports hooks.
    */
    function phpbb_user_session_handler()
    {
    	global $phpbb_hook;
    
    	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__))
    	{
    		if ($phpbb_hook->hook_return(__FUNCTION__))
    		{
    			return $phpbb_hook->hook_return_result(__FUNCTION__);
    		}
    	}
    
    	return;
    }
    
    ?>


    session.php:

    <?php
    /**
    *
    * @package phpBB3
    * @version $Id$
    * @copyright (c) 2005 phpBB Group
    * @license http://opensource.org/licenses/gpl-license.php GNU Public License
    *
    */
    
    /**
    * @ignore
    */
    if (!defined('IN_PHPBB'))
    {
    	exit;
    }
    
    /**
    * Session class
    * @package phpBB3
    */
    class session
    {
    	var $cookie_data = array();
    	var $page = array();
    	var $data = array();
    	var $browser = '';
    	var $forwarded_for = '';
    	var $host = '';
    	var $session_id = '';
    	var $ip = '';
    	var $load = 0;
    	var $time_now = 0;
    	var $update_session_page = true;
    
    	/**
    	* Extract current session page
    	*
    	* @param string $root_path current root path (phpbb_root_path)
    	*/
    	function extract_current_page($root_path)
    	{
    		$page_array = array();
    
    		// First of all, get the request uri...
    		$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
    		$args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&', $_SERVER['QUERY_STRING']) : explode('&', getenv('QUERY_STRING'));
    
    		// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
    		if (!$script_name)
    		{
    			$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
    			$script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name;
    			$page_array['failover'] = 1;
    		}
    
    		// Replace backslashes and doubled slashes (could happen on some proxy setups)
    		$script_name = str_replace(array('\\', '//'), '/', $script_name);
    
    		// Now, remove the sid and let us get a clean query string...
    		$use_args = array();
    
    		// Since some browser do not encode correctly we need to do this with some "special" characters...
    		// " -> %22, ' => %27, < -> %3C, > -> %3E
    		$find = array('"', "'", '<', '>');
    		$replace = array('%22', '%27', '%3C', '%3E');
    
    		foreach ($args as $key => $argument)
    		{
    			if (strpos($argument, 'sid=') === 0)
    			{
    				continue;
    			}
    
    			$use_args[] = str_replace($find, $replace, $argument);
    		}
    		unset($args);
    
    		// The following examples given are for an request uri of {path to the phpbb directory}/adm/index.php?i=10&b=2
    
    		// The current query string
    		$query_string = trim(implode('&', $use_args));
    
    		// basenamed page name (for example: index.php)
    		$page_name = (substr($script_name, -1, 1) == '/') ? '' : basename($script_name);
    		$page_name = urlencode(htmlspecialchars($page_name));
    
    		// current directory within the phpBB root (for example: adm)
    		$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
    		$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
    		$intersection = array_intersect_assoc($root_dirs, $page_dirs);
    
    		$root_dirs = array_diff_assoc($root_dirs, $intersection);
    		$page_dirs = array_diff_assoc($page_dirs, $intersection);
    
    		$page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs);
    
    		if ($page_dir && substr($page_dir, -1, 1) == '/')
    		{
    			$page_dir = substr($page_dir, 0, -1);
    		}
    
    		// Current page from phpBB root (for example: adm/index.php?i=10&b=2)
    		$page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : '');
    
    		// The script path from the webroot to the current directory (for example: /phpBB3/adm/) : always prefixed with / and ends in /
    		$script_path = trim(str_replace('\\', '/', dirname($script_name)));
    
    		// The script path from the webroot to the phpBB root (for example: /phpBB3/)
    		$script_dirs = explode('/', $script_path);
    		array_splice($script_dirs, -sizeof($page_dirs));
    		$root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : '');
    
    		// We are on the base level (phpBB root == webroot), lets adjust the variables a bit...
    		if (!$root_script_path)
    		{
    			$root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path;
    		}
    
    		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
    		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
    
    		$page_array += array(
    			'page_name'			=> $page_name,
    			'page_dir'			=> $page_dir,
    
    			'query_string'		=> $query_string,
    			'script_path'		=> str_replace(' ', '%20', htmlspecialchars($script_path)),
    			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
    
    			'page'				=> $page,
    			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
    		);
    
    		return $page_array;
    	}
    
    	/**
    	* Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.
    	*/
    	function extract_current_hostname()
    	{
    		global $config;
    
    		// Get hostname
    		$host = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
    
    		// Should be a string and lowered
    		$host = (string) strtolower($host);
    
    		// If host is equal the cookie domain or the server name (if config is set), then we assume it is valid
    		if ((isset($config['cookie_domain']) && $host === $config['cookie_domain']) || (isset($config['server_name']) && $host === $config['server_name']))
    		{
    			return $host;
    		}
    
    		// Is the host actually a IP? If so, we use the IP... (IPv4)
    		if (long2ip(ip2long($host)) === $host)
    		{
    			return $host;
    		}
    
    		// Now return the hostname (this also removes any port definition). The http:// is prepended to construct a valid URL, hosts never have a scheme assigned
    		$host = @parse_url('http://' . $host);
    		$host = (!empty($host['host'])) ? $host['host'] : '';
    
    		// Remove any portions not removed by parse_url (#)
    		$host = str_replace('#', '', $host);
    
    		// If, by any means, the host is now empty, we will use a "best approach" way to guess one
    		if (empty($host))
    		{
    			if (!empty($config['server_name']))
    			{
    				$host = $config['server_name'];
    			}
    			else if (!empty($config['cookie_domain']))
    			{
    				$host = (strpos($config['cookie_domain'], '.') === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain'];
    			}
    			else
    			{
    				// Set to OS hostname or localhost
    				$host = (function_exists('php_uname')) ? php_uname('n') : 'localhost';
    			}
    		}
    
    		// It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set)
    		return $host;
    	}
    
    	/**
    	* Start session management
    	*
    	* This is where all session activity begins. We gather various pieces of
    	* information from the client and server. We test to see if a session already
    	* exists. If it does, fine and dandy. If it doesn't we'll go on to create a
    	* new one ... pretty logical heh? We also examine the system load (if we're
    	* running on a system which makes such information readily available) and
    	* halt if it's above an admin definable limit.
    	*
    	* @param bool $update_session_page if true the session page gets updated.
    	*			This can be set to circumvent certain scripts to update the users last visited page.
    	*/
    	function session_begin($update_session_page = true)
    	{
    		global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
    
    		// Give us some basic information
    		$this->time_now				= time();
    		$this->cookie_data			= array('u' => 0, 'k' => '');
    		$this->update_session_page	= $update_session_page;
    		$this->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
    		$this->referer				= (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
    		$this->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']) : '';
    
    		$this->host					= $this->extract_current_hostname();
    		$this->page					= $this->extract_current_page($phpbb_root_path);
    
    		// if the forwarded for header shall be checked we have to validate its contents
    		if ($config['forwarded_for_check'])
    		{
    			$this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));
    
    			// split the list of IPs
    			$ips = explode(' ', $this->forwarded_for);
    			foreach ($ips as $ip)
    			{
    				// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
    				if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
    				{
    					// contains invalid data, don't use the forwarded for header
    					$this->forwarded_for = '';
    					break;
    				}
    			}
    		}
    		else
    		{
    			$this->forwarded_for = '';
    		}
    
    		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
    		{
    			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
    			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
    			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '', false, true);
    
    			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
    			$_SID = (defined('NEED_SID')) ? $this->session_id : '';
    
    			if (empty($this->session_id))
    			{
    				$this->session_id = $_SID = request_var('sid', '');
    				$SID = '?sid=' . $this->session_id;
    				$this->cookie_data = array('u' => 0, 'k' => '');
    			}
    		}
    		else
    		{
    			$this->session_id = $_SID = request_var('sid', '');
    			$SID = '?sid=' . $this->session_id;
    		}
    
    		$_EXTRA_URL = array();
    
    		// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
    		// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
    		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
    		$this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
    
    		// split the list of IPs
    		$ips = explode(' ', trim($this->ip));
    
    		// Default IP if REMOTE_ADDR is invalid
    		$this->ip = '127.0.0.1';
    
    		foreach ($ips as $ip)
    		{
    			if (preg_match(get_preg_expression('ipv4'), $ip))
    			{
    				$this->ip = $ip;
    			}
    			else if (preg_match(get_preg_expression('ipv6'), $ip))
    			{
    				// Quick check for IPv4-mapped address in IPv6
    				if (stripos($ip, '::ffff:') === 0)
    				{
    					$ipv4 = substr($ip, 7);
    
    					if (preg_match(get_preg_expression('ipv4'), $ipv4))
    					{
    						$ip = $ipv4;
    					}
    				}
    
    				$this->ip = $ip;
    			}
    			else
    			{
    				// We want to use the last valid address in the chain
    				// Leave foreach loop when address is invalid
    				break;
    			}
    		}
    
    		$this->load = false;
    
    		// Load limit check (if applicable)
    		if ($config['limit_load'] || $config['limit_search_load'])
    		{
    			if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg'))))
    			{
    				$this->load = array_slice($load, 0, 1);
    				$this->load = floatval($this->load[0]);
    			}
    			else
    			{
    				set_config('limit_load', '0');
    				set_config('limit_search_load', '0');
    			}
    		}
    
    		// Is session_id is set or session_id is set and matches the url param if required
    		if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
    		{
    			$sql = 'SELECT u.*, s.*
    				FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
    				WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'
    					AND u.user_id = s.session_user_id";
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    
    			// Did the session exist in the DB?
    			if (isset($this->data['user_id']))
    			{
    				// Validate IP length according to admin ... enforces an IP
    				// check on bots if admin requires this
    //				$quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
    
    				if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false)
    				{
    					$s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']);
    					$u_ip = short_ipv6($this->ip, $config['ip_check']);
    				}
    				else
    				{
    					$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
    					$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
    				}
    
    				$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
    				$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
    
    				$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
    				$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
    
    				// referer checks
    				// The @ before $config['referer_validation'] suppresses notices present while running the updater
    				$check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH);
    				$referer_valid = true;
    
    				// we assume HEAD and TRACE to be foul play and thus only whitelist GET
    				if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
    				{
    					$referer_valid = $this->validate_referer($check_referer_path);
    				}
    
    				if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid)
    				{
    					$session_expired = false;
    
    					// Check whether the session is still valid if we have one
    					$method = basename(trim($config['auth_method']));
    					include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
    
    					$method = 'validate_session_' . $method;
    					if (function_exists($method))
    					{
    						if (!$method($this->data))
    						{
    							$session_expired = true;
    						}
    					}
    
    					if (!$session_expired)
    					{
    						// Check the session length timeframe if autologin is not enabled.
    						// Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide.
    						if (!$this->data['session_autologin'])
    						{
    							if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60))
    							{
    								$session_expired = true;
    							}
    						}
    						else if (!$config['allow_autologin'] || ($config['max_autologin_time'] && $this->data['session_time'] < $this->time_now - (86400 * (int) $config['max_autologin_time']) + 60))
    						{
    							$session_expired = true;
    						}
    					}
    
    					if (!$session_expired)
    					{
    						// Only update session DB a minute or so after last update or if page changes
    						if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
    						{
    							$sql_ary = array('session_time' => $this->time_now);
    
    							if ($this->update_session_page)
    							{
    								$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
    								$sql_ary['session_forum_id'] = $this->page['forum'];
    							}
    
    							$db->sql_return_on_error(true);
    
    							$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
    								WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
    							$result = $db->sql_query($sql);
    
    							$db->sql_return_on_error(false);
    
    							// If the database is not yet updated, there will be an error due to the session_forum_id
    							// @todo REMOVE for 3.0.2
    							if ($result === false)
    							{
    								unset($sql_ary['session_forum_id']);
    
    								$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
    									WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
    								$db->sql_query($sql);
    							}
    
    							if ($this->data['user_id'] != ANONYMOUS && !empty($config['new_member_post_limit']) && $this->data['user_new'] && $config['new_member_post_limit'] <= $this->data['user_posts'])
    							{
    								$this->leave_newly_registered();
    							}
    						}
    
    						$this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
    						$this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
    						$this->data['user_lang'] = basename($this->data['user_lang']);
    
    						return true;
    					}
    				}
    				else
    				{
    					// Added logging temporarly to help debug bugs...
    					if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS)
    					{
    						if ($referer_valid)
    						{
    							add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for));
    						}
    						else
    						{
    							add_log('critical', 'LOG_REFERER_INVALID', $this->referer);
    						}
    					}
    				}
    			}
    		}
    
    		// If we reach here then no (valid) session exists. So we'll create a new one
    		return $this->session_create();
    	}
    
    	/**
    	* Create a new session
    	*
    	* If upon trying to start a session we discover there is nothing existing we
    	* jump here. Additionally this method is called directly during login to regenerate
    	* the session for the specific user. In this method we carry out a number of tasks;
    	* garbage collection, (search)bot checking, banned user comparison. Basically
    	* though this method will result in a new session for a specific user.
    	*/
    	function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
    	{
    		global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx;
    
    		$this->data = array();
    
    		/* Garbage collection ... remove old sessions updating user information
    		// if necessary. It means (potentially) 11 queries but only infrequently
    		if ($this->time_now > $config['session_last_gc'] + $config['session_gc'])
    		{
    			$this->session_gc();
    		}*/
    
    		// Do we allow autologin on this board? No? Then override anything
    		// that may be requested here
    		if (!$config['allow_autologin'])
    		{
    			$this->cookie_data['k'] = $persist_login = false;
    		}
    
    		/**
    		* Here we do a bot check, oh er saucy! No, not that kind of bot
    		* check. We loop through the list of bots defined by the admin and
    		* see if we have any useragent and/or IP matches. If we do, this is a
    		* bot, act accordingly
    		*/
    		$bot = false;
    		$active_bots = $cache->obtain_bots();
    
    		foreach ($active_bots as $row)
    		{
    			if ($row['bot_agent'] && preg_match('#' . str_replace('\*', '.*?', preg_quote($row['bot_agent'], '#')) . '#i', $this->browser))
    			{
    				$bot = $row['user_id'];
    			}
    
    			// If ip is supplied, we will make sure the ip is matching too...
    			if ($row['bot_ip'] && ($bot || !$row['bot_agent']))
    			{
    				// Set bot to false, then we only have to set it to true if it is matching
    				$bot = false;
    
    				foreach (explode(',', $row['bot_ip']) as $bot_ip)
    				{
    					$bot_ip = trim($bot_ip);
    
    					if (!$bot_ip)
    					{
    						continue;
    					}
    
    					if (strpos($this->ip, $bot_ip) === 0)
    					{
    						$bot = (int) $row['user_id'];
    						break;
    					}
    				}
    			}
    
    			if ($bot)
    			{
    				break;
    			}
    		}
    
    		$method = basename(trim($config['auth_method']));
    		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
    
    		$method = 'autologin_' . $method;
    		if (function_exists($method))
    		{
    			$this->data = $method();
    
    			if (sizeof($this->data))
    			{
    				$this->cookie_data['k'] = '';
    				$this->cookie_data['u'] = $this->data['user_id'];
    			}
    		}
    
    		// If we're presented with an autologin key we'll join against it.
    		// Else if we've been passed a user_id we'll grab data based on that
    		if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data))
    		{
    			$sql = 'SELECT u.*
    				FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
    				WHERE u.user_id = ' . (int) $this->cookie_data['u'] . '
    					AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ")
    					AND k.user_id = u.user_id
    					AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    			$bot = false;
    		}
    		else if ($user_id !== false && !sizeof($this->data))
    		{
    			$this->cookie_data['k'] = '';
    			$this->cookie_data['u'] = $user_id;
    
    			$sql = 'SELECT *
    				FROM ' . USERS_TABLE . '
    				WHERE user_id = ' . (int) $this->cookie_data['u'] . '
    					AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    			$bot = false;
    		}
    
    		// Bot user, if they have a SID in the Request URI we need to get rid of it
    		// otherwise they'll index this page with the SID, duplicate content oh my!
    		if ($bot && isset($_GET['sid']))
    		{
    			send_status_line(301, 'Moved Permanently');
    			redirect(build_url(array('sid')));
    		}
    
    		// If no data was returned one or more of the following occurred:
    		// Key didn't match one in the DB
    		// User does not exist
    		// User is inactive
    		// User is bot
    		if (!sizeof($this->data) || !is_array($this->data))
    		{
    			$this->cookie_data['k'] = '';
    			$this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS;
    
    			if (!$bot)
    			{
    				$sql = 'SELECT *
    					FROM ' . USERS_TABLE . '
    					WHERE user_id = ' . (int) $this->cookie_data['u'];
    			}
    			else
    			{
    				// We give bots always the same session if it is not yet expired.
    				$sql = 'SELECT u.*, s.*
    					FROM ' . USERS_TABLE . ' u
    					LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
    					WHERE u.user_id = ' . (int) $bot;
    			}
    
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    
    		if ($this->data['user_id'] != ANONYMOUS && !$bot)
    		{
    			$this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
    		}
    		else
    		{
    			$this->data['session_last_visit'] = $this->time_now;
    		}
    
    		// Force user id to be integer...
    		$this->data['user_id'] = (int) $this->data['user_id'];
    
    		// At this stage we should have a filled data array, defined cookie u and k data.
    		// data array should contain recent session info if we're a real user and a recent
    		// session exists in which case session_id will also be set
    
    		// Is user banned? Are they excluded? Won't return on ban, exists within method
    		if ($this->data['user_type'] != USER_FOUNDER)
    		{
    			if (!$config['forwarded_for_check'])
    			{
    				$this->check_ban($this->data['user_id'], $this->ip);
    			}
    			else
    			{
    				$ips = explode(' ', $this->forwarded_for);
    				$ips[] = $this->ip;
    				$this->check_ban($this->data['user_id'], $ips);
    			}
    		}
    
    		$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
    		$this->data['is_bot'] = ($bot) ? true : false;
    
    		// If our friend is a bot, we re-assign a previously assigned session
    		if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id'])
    		{
    			// Only assign the current session if the ip, browser and forwarded_for match...
    			if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false)
    			{
    				$s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']);
    				$u_ip = short_ipv6($this->ip, $config['ip_check']);
    			}
    			else
    			{
    				$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
    				$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
    			}
    
    			$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
    			$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
    
    			$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
    			$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
    
    			if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for)
    			{
    				$this->session_id = $this->data['session_id'];
    
    				// Only update session DB a minute or so after last update or if page changes
    				if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
    				{
    					$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
    
    					$sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0);
    
    					if ($this->update_session_page)
    					{
    						$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
    						$sql_ary['session_forum_id'] = $this->page['forum'];
    					}
    
    					$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
    						WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
    					$db->sql_query($sql);
    
    					// Update the last visit time
    					$sql = 'UPDATE ' . USERS_TABLE . '
    						SET user_lastvisit = ' . (int) $this->data['session_time'] . '
    						WHERE user_id = ' . (int) $this->data['user_id'];
    					$db->sql_query($sql);
    				}
    
    				$SID = '?sid=';
    				$_SID = '';
    				return true;
    			}
    			else
    			{
    				// If the ip and browser does not match make sure we only have one bot assigned to one session
    				$db->sql_query('DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $this->data['user_id']);
    			}
    		}
    
    		$session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false;
    		$set_admin = ($set_admin && $this->data['is_registered']) ? true : false;
    
    		// Create or update the session
    		$sql_ary = array(
    			'session_user_id'		=> (int) $this->data['user_id'],
    			'session_start'			=> (int) $this->time_now,
    			'session_last_visit'	=> (int) $this->data['session_last_visit'],
    			'session_time'			=> (int) $this->time_now,
    			'session_browser'		=> (string) trim(substr($this->browser, 0, 149)),
    			'session_forwarded_for'	=> (string) $this->forwarded_for,
    			'session_ip'			=> (string) $this->ip,
    			'session_autologin'		=> ($session_autologin) ? 1 : 0,
    			'session_admin'			=> ($set_admin) ? 1 : 0,
    			'session_viewonline'	=> ($viewonline) ? 1 : 0,
    		);
    
    		if ($this->update_session_page)
    		{
    			$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
    			$sql_ary['session_forum_id'] = $this->page['forum'];
    		}
    
    		$db->sql_return_on_error(true);
    
    		$sql = 'DELETE
    			FROM ' . SESSIONS_TABLE . '
    			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'
    				AND session_user_id = ' . ANONYMOUS;
    
    		if (!defined('IN_ERROR_HANDLER') && (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows()))
    		{
    			// Limit new sessions in 1 minute period (if required)
    			if (empty($this->data['session_time']) && $config['active_sessions'])
    			{
    //				$db->sql_return_on_error(false);
    
    				$sql = 'SELECT COUNT(session_id) AS sessions
    					FROM ' . SESSIONS_TABLE . '
    					WHERE session_time >= ' . ($this->time_now - 60);
    				$result = $db->sql_query($sql);
    				$row = $db->sql_fetchrow($result);
    				$db->sql_freeresult($result);
    
    				if ((int) $row['sessions'] > (int) $config['active_sessions'])
    				{
    					send_status_line(503, 'Service Unavailable');
    					trigger_error('BOARD_UNAVAILABLE');
    				}
    			}
    		}
    
    		// Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
    		// Commented out because it will not allow forums to update correctly
    //		$db->sql_return_on_error(false);
    
    		// Something quite important: session_page always holds the *last* page visited, except for the *first* visit.
    		// We are not able to simply have an empty session_page btw, therefore we need to tell phpBB how to detect this special case.
    		// If the session id is empty, we have a completely new one and will set an "identifier" here. This identifier is able to be checked later.
    		if (empty($this->data['session_id']))
    		{
    			// This is a temporary variable, only set for the very first visit
    			$this->data['session_created'] = true;
    		}
    
    		$this->session_id = $this->data['session_id'] = md5(unique_id());
    
    		$sql_ary['session_id'] = (string) $this->session_id;
    		$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
    		$sql_ary['session_forum_id'] = $this->page['forum'];
    
    		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
    		$db->sql_query($sql);
    
    		$db->sql_return_on_error(false);
    
    		// Regenerate autologin/persistent login key
    		if ($session_autologin)
    		{
    			$this->set_login_key();
    		}
    
    		// refresh data
    		$SID = '?sid=' . $this->session_id;
    		$_SID = $this->session_id;
    		$this->data = array_merge($this->data, $sql_ary);
    
    		if (!$bot)
    		{
    			$cookie_expire = $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000);
    
    			$this->set_cookie('u', $this->cookie_data['u'], $cookie_expire);
    			$this->set_cookie('k', $this->cookie_data['k'], $cookie_expire);
    			$this->set_cookie('sid', $this->session_id, $cookie_expire);
    
    			unset($cookie_expire);
    
    			$sql = 'SELECT COUNT(session_id) AS sessions
    					FROM ' . SESSIONS_TABLE . '
    					WHERE session_user_id = ' . (int) $this->data['user_id'] . '
    					AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
    			$result = $db->sql_query($sql);
    			$row = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    
    			if ((int) $row['sessions'] <= 1 || empty($this->data['user_form_salt']))
    			{
    				$this->data['user_form_salt'] = unique_id();
    				// Update the form key
    				$sql = 'UPDATE ' . USERS_TABLE . '
    					SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\'
    					WHERE user_id = ' . (int) $this->data['user_id'];
    				$db->sql_query($sql);
    			}
    		}
    		else
    		{
    			$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
    
    			// Update the last visit time
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $this->data['session_time'] . '
    				WHERE user_id = ' . (int) $this->data['user_id'];
    			$db->sql_query($sql);
    
    			$SID = '?sid=';
    			$_SID = '';
    		}
    
    		return true;
    	}
    
    	/**
    	* Kills a session
    	*
    	* This method does what it says on the tin. It will delete a pre-existing session.
    	* It resets cookie information (destroying any autologin key within that cookie data)
    	* and update the users information from the relevant session data. It will then
    	* grab guest user information.
    	*/
    	function session_kill($new_session = true)
    	{
    		global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx;
    
    		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
    			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
    				AND session_user_id = " . (int) $this->data['user_id'];
    		$db->sql_query($sql);
    
    		// Allow connecting logout with external auth method logout
    		$method = basename(trim($config['auth_method']));
    		include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
    
    		$method = 'logout_' . $method;
    		if (function_exists($method))
    		{
    			$method($this->data, $new_session);
    		}
    
    		if ($this->data['user_id'] != ANONYMOUS)
    		{
    			// Delete existing session, update last visit info first!
    			if (!isset($this->data['session_time']))
    			{
    				$this->data['session_time'] = time();
    			}
    
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $this->data['session_time'] . '
    				WHERE user_id = ' . (int) $this->data['user_id'];
    			$db->sql_query($sql);
    
    			if ($this->cookie_data['k'])
    			{
    				$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
    					WHERE user_id = ' . (int) $this->data['user_id'] . "
    						AND key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
    				$db->sql_query($sql);
    			}
    
    			// Reset the data array
    			$this->data = array();
    
    			$sql = 'SELECT *
    				FROM ' . USERS_TABLE . '
    				WHERE user_id = ' . ANONYMOUS;
    			$result = $db->sql_query($sql);
    			$this->data = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    
    		$cookie_expire = $this->time_now - 31536000;
    		$this->set_cookie('u', '', $cookie_expire);
    		$this->set_cookie('k', '', $cookie_expire);
    		$this->set_cookie('sid', '', $cookie_expire);
    		unset($cookie_expire);
    
    		$SID = '?sid=';
    		$this->session_id = $_SID = '';
    
    		// To make sure a valid session is created we create one for the anonymous user
    		if ($new_session)
    		{
    			$this->session_create(ANONYMOUS);
    		}
    
    		return true;
    	}
    
    	/**
    	* Session garbage collection
    	*
    	* This looks a lot more complex than it really is. Effectively we are
    	* deleting any sessions older than an admin definable limit. Due to the
    	* way in which we maintain session data we have to ensure we update user
    	* data before those sessions are destroyed. In addition this method
    	* removes autologin key information that is older than an admin defined
    	* limit.
    	*/
    	function session_gc()
    	{
    		global $db, $config, $phpbb_root_path, $phpEx;
    
    		$batch_size = 10;
    
    		if (!$this->time_now)
    		{
    			$this->time_now = time();
    		}
    
    		// Firstly, delete guest sessions
    		$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
    			WHERE session_user_id = ' . ANONYMOUS . '
    				AND session_time < ' . (int) ($this->time_now - $config['session_length']);
    		$db->sql_query($sql);
    
    		// Get expired sessions, only most recent for each user
    		$sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time
    			FROM ' . SESSIONS_TABLE . '
    			WHERE session_time < ' . ($this->time_now - $config['session_length']) . '
    			GROUP BY session_user_id, session_page';
    		$result = $db->sql_query_limit($sql, $batch_size);
    
    		$del_user_id = array();
    		$del_sessions = 0;
    
    		while ($row = $db->sql_fetchrow($result))
    		{
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
    				WHERE user_id = " . (int) $row['session_user_id'];
    			$db->sql_query($sql);
    
    			$del_user_id[] = (int) $row['session_user_id'];
    			$del_sessions++;
    		}
    		$db->sql_freeresult($result);
    
    		if (sizeof($del_user_id))
    		{
    			// Delete expired sessions
    			$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
    				WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
    					AND session_time < ' . ($this->time_now - $config['session_length']);
    			$db->sql_query($sql);
    		}
    
    		if ($del_sessions < $batch_size)
    		{
    			// Less than 10 users, update gc timer ... else we want gc
    			// called again to delete other sessions
    			set_config('session_last_gc', $this->time_now, true);
    
    			if ($config['max_autologin_time'])
    			{
    				$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
    					WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time']));
    				$db->sql_query($sql);
    			}
    
    			// only called from CRON; should be a safe workaround until the infrastructure gets going
    			if (!class_exists('phpbb_captcha_factory'))
    			{
    				include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);
    			}
    			phpbb_captcha_factory::garbage_collect($config['captcha_plugin']);
    
    			$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
    				WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
    			$db->sql_query($sql);
    		}
    
    		return;
    	}
    
    	/**
    	* Sets a cookie
    	*
    	* Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.
    	*
    	* @param string $name		Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.
    	* @param string $cookiedata	The data to hold within the cookie
    	* @param int $cookietime	The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.
    	*/
    	function set_cookie($name, $cookiedata, $cookietime)
    	{
    		global $config;
    
    		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
    		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
    		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
    
    		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
    	}
    
    	/**
    	* Check for banned user
    	*
    	* Checks whether the supplied user is banned by id, ip or email. If no parameters
    	* are passed to the method pre-existing session data is used. If $return is false
    	* this routine does not return on finding a banned user, it outputs a relevant
    	* message and stops execution.
    	*
    	* @param string|array	$user_ips	Can contain a string with one IP or an array of multiple IPs
    	*/
    	function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false)
    	{
    		global $config, $db;
    
    		if (defined('IN_CHECK_BAN'))
    		{
    			return;
    		}
    
    		$banned = false;
    		$cache_ttl = 3600;
    		$where_sql = array();
    
    		$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
    			FROM ' . BANLIST_TABLE . '
    			WHERE ';
    
    		// Determine which entries to check, only return those
    		if ($user_email === false)
    		{
    			$where_sql[] = "ban_email = ''";
    		}
    
    		if ($user_ips === false)
    		{
    			$where_sql[] = "(ban_ip = '' OR ban_exclude = 1)";
    		}
    
    		if ($user_id === false)
    		{
    			$where_sql[] = '(ban_userid = 0 OR ban_exclude = 1)';
    		}
    		else
    		{
    			$cache_ttl = ($user_id == ANONYMOUS) ? 3600 : 0;
    			$_sql = '(ban_userid = ' . $user_id;
    
    			if ($user_email !== false)
    			{
    				$_sql .= " OR ban_email <> ''";
    			}
    
    			if ($user_ips !== false)
    			{
    				$_sql .= " OR ban_ip <> ''";
    			}
    
    			$_sql .= ')';
    
    			$where_sql[] = $_sql;
    		}
    
    		$sql .= (sizeof($where_sql)) ? implode(' AND ', $where_sql) : '';
    		$result = $db->sql_query($sql, $cache_ttl);
    
    		$ban_triggered_by = 'user';
    		while ($row = $db->sql_fetchrow($result))
    		{
    			if ($row['ban_end'] && $row['ban_end'] < time())
    			{
    				continue;
    			}
    
    			$ip_banned = false;
    			if (!empty($row['ban_ip']))
    			{
    				if (!is_array($user_ips))
    				{
    					$ip_banned = preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ips);
    				}
    				else
    				{
    					foreach ($user_ips as $user_ip)
    					{
    						if (preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ip))
    						{
    							$ip_banned = true;
    							break;
    						}
    					}
    				}
    			}
    
    			if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) ||
    				$ip_banned ||
    				(!empty($row['ban_email']) && preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_email'], '#')) . '$#i', $user_email)))
    			{
    				if (!empty($row['ban_exclude']))
    				{
    					$banned = false;
    					break;
    				}
    				else
    				{
    					$banned = true;
    					$ban_row = $row;
    
    					if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id)
    					{
    						$ban_triggered_by = 'user';
    					}
    					else if ($ip_banned)
    					{
    						$ban_triggered_by = 'ip';
    					}
    					else
    					{
    						$ban_triggered_by = 'email';
    					}
    
    					// Don't break. Check if there is an exclude rule for this user
    				}
    			}
    		}
    		$db->sql_freeresult($result);
    
    		if ($banned && !$return)
    		{
    			global $template;
    
    			// If the session is empty we need to create a valid one...
    			if (empty($this->session_id))
    			{
    				// This seems to be no longer needed? - #14971
    //				$this->session_create(ANONYMOUS);
    			}
    
    			// Initiate environment ... since it won't be set at this stage
    			$this->setup();
    
    			// Logout the user, banned users are unable to use the normal 'logout' link
    			if ($this->data['user_id'] != ANONYMOUS)
    			{
    				$this->session_kill();
    			}
    
    			// We show a login box here to allow founders accessing the board if banned by IP
    			if (defined('IN_LOGIN') && $this->data['user_id'] == ANONYMOUS)
    			{
    				global $phpEx;
    
    				$this->setup('ucp');
    				$this->data['is_registered'] = $this->data['is_bot'] = false;
    
    				// Set as a precaution to allow login_box() handling this case correctly as well as this function not being executed again.
    				define('IN_CHECK_BAN', 1);
    
    				login_box("index.$phpEx");
    
    				// The false here is needed, else the user is able to circumvent the ban.
    				$this->session_kill(false);
    			}
    
    			// Ok, we catch the case of an empty session id for the anonymous user...
    			// This can happen if the user is logging in, banned by username and the login_box() being called "again".
    			if (empty($this->session_id) && defined('IN_CHECK_BAN'))
    			{
    				$this->session_create(ANONYMOUS);
    			}
    
    
    			// Determine which message to output
    			$till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : '';
    			$message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
    
    			$message = sprintf($this->lang[$message], $till_date, '<a href="mailto:' . $config['board_contact'] . '">', '</a>');
    			$message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : '';
    			$message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>';
    
    			// To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
    			$this->session_kill(false);
    
    			// A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
    			if (defined('IN_CRON'))
    			{
    				garbage_collection();
    				exit_handler();
    				exit;
    			}
    
    			trigger_error($message);
    		}
    
    		return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned;
    	}
    
    	/**
    	* Check if ip is blacklisted
    	* This should be called only where absolutly necessary
    	*
    	* Only IPv4 (rbldns does not support AAAA records/IPv6 lookups)
    	*
    	* @author satmd (from the php manual)
    	* @param string $mode register/post - spamcop for example is ommitted for posting
    	* @return false if ip is not blacklisted, else an array([checked server], [lookup])
    	*/
    	function check_dnsbl($mode, $ip = false)
    	{
    		if ($ip === false)
    		{
    			$ip = $this->ip;
    		}
    
    		// Neither Spamhaus nor Spamcop supports IPv6 addresses.
    		if (strpos($ip, ':') !== false)
    		{
    			return false;
    		}
    
    		$dnsbl_check = array(
    			'sbl.spamhaus.org'	=> 'http://www.spamhaus.org/query/bl?ip=',
    		);
    
    		if ($mode == 'register')
    		{
    			$dnsbl_check['bl.spamcop.net'] = 'http://spamcop.net/bl.shtml?';
    		}
    
    		if ($ip)
    		{
    			$quads = explode('.', $ip);
    			$reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0];
    
    			// Need to be listed on all servers...
    			$listed = true;
    			$info = array();
    
    			foreach ($dnsbl_check as $dnsbl => $lookup)
    			{
    				if (phpbb_checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true)
    				{
    					$info = array($dnsbl, $lookup . $ip);
    				}
    				else
    				{
    					$listed = false;
    				}
    			}
    
    			if ($listed)
    			{
    				return $info;
    			}
    		}
    
    		return false;
    	}
    
    	/**
    	* Check if URI is blacklisted
    	* This should be called only where absolutly necessary, for example on the submitted website field
    	* This function is not in use at the moment and is only included for testing purposes, it may not work at all!
    	* This means it is untested at the moment and therefore commented out
    	*
    	* @param string $uri URI to check
    	* @return true if uri is on blacklist, else false. Only blacklist is checked (~zero FP), no grey lists
    	function check_uribl($uri)
    	{
    		// Normally parse_url() is not intended to parse uris
    		// We need to get the top-level domain name anyway... change.
    		$uri = parse_url($uri);
    
    		if ($uri === false || empty($uri['host']))
    		{
    			return false;
    		}
    
    		$uri = trim($uri['host']);
    
    		if ($uri)
    		{
    			// One problem here... the return parameter for the "windows" method is different from what
    			// we expect... this may render this check useless...
    			if (phpbb_checkdnsrr($uri . '.multi.uribl.com.', 'A') === true)
    			{
    				return true;
    			}
    		}
    
    		return false;
    	}
    	*/
    
    	/**
    	* Set/Update a persistent login key
    	*
    	* This method creates or updates a persistent session key. When a user makes
    	* use of persistent (formerly auto-) logins a key is generated and stored in the
    	* DB. When they revisit with the same key it's automatically updated in both the
    	* DB and cookie. Multiple keys may exist for each user representing different
    	* browsers or locations. As with _any_ non-secure-socket no passphrase login this
    	* remains vulnerable to exploit.
    	*/
    	function set_login_key($user_id = false, $key = false, $user_ip = false)
    	{
    		global $config, $db;
    
    		$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
    		$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
    		$key = ($key === false) ? (($this->cookie_data['k']) ? $this->cookie_data['k'] : false) : $key;
    
    		$key_id = unique_id(hexdec(substr($this->session_id, 0, 8)));
    
    		$sql_ary = array(
    			'key_id'		=> (string) md5($key_id),
    			'last_ip'		=> (string) $this->ip,
    			'last_login'	=> (int) time()
    		);
    
    		if (!$key)
    		{
    			$sql_ary += array(
    				'user_id'	=> (int) $user_id
    			);
    		}
    
    		if ($key)
    		{
    			$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . '
    				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
    				WHERE user_id = ' . (int) $user_id . "
    					AND key_id = '" . $db->sql_escape(md5($key)) . "'";
    		}
    		else
    		{
    			$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
    		}
    		$db->sql_query($sql);
    
    		$this->cookie_data['k'] = $key_id;
    
    		return false;
    	}
    
    	/**
    	* Reset all login keys for the specified user
    	*
    	* This method removes all current login keys for a specified (or the current)
    	* user. It will be called on password change to render old keys unusable
    	*/
    	function reset_login_keys($user_id = false)
    	{
    		global $config, $db;
    
    		$user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id;
    
    		$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
    			WHERE user_id = ' . (int) $user_id;
    		$db->sql_query($sql);
    
    		// If the user is logged in, update last visit info first before deleting sessions
    		$sql = 'SELECT session_time, session_page
    			FROM ' . SESSIONS_TABLE . '
    			WHERE session_user_id = ' . (int) $user_id . '
    			ORDER BY session_time DESC';
    		$result = $db->sql_query_limit($sql, 1);
    		$row = $db->sql_fetchrow($result);
    		$db->sql_freeresult($result);
    
    		if ($row)
    		{
    			$sql = 'UPDATE ' . USERS_TABLE . '
    				SET user_lastvisit = ' . (int) $row['session_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
    				WHERE user_id = " . (int) $user_id;
    			$db->sql_query($sql);
    		}
    
    		// Let's also clear any current sessions for the specified user_id
    		// If it's the current user then we'll leave this session intact
    		$sql_where = 'session_user_id = ' . (int) $user_id;
    		$sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : '';
    
    		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
    			WHERE $sql_where";
    		$db->sql_query($sql);
    
    		// We're changing the password of the current user and they have a key
    		// Lets regenerate it to be safe
    		if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k'])
    		{
    			$this->set_login_key($user_id);
    		}
    	}
    
    
    	/**
    	* Check if the request originated from the same page.
    	* @param bool $check_script_path If true, the path will be checked as well
    	*/
    	function validate_referer($check_script_path = false)
    	{
    		global $config;
    
    		// no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
    		if (empty($this->referer) || empty($this->host))
    		{
    			return true;
    		}
    
    		$host = htmlspecialchars($this->host);
    		$ref = substr($this->referer, strpos($this->referer, '://') + 3);
    
    		if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0)))
    		{
    			return false;
    		}
    		else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '')
    		{
    			$ref = substr($ref, strlen($host));
    			$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
    
    			if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0)
    			{
    				$ref = substr($ref, strlen(":$server_port"));
    			}
    
    			if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0))
    			{
    				return false;
    			}
    		}
    
    		return true;
    	}
    
    
    	function unset_admin()
    	{
    		global $db;
    		$sql = 'UPDATE ' . SESSIONS_TABLE . '
    			SET session_admin = 0
    			WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\'';
    		$db->sql_query($sql);
    	}
    }
    
    
    /**
    * Base user class
    *
    * This is the overarching class which contains (through session extend)
    * all methods utilised for user functionality during a session.
    *
    * @package phpBB3
    */
    class user extends session
    {
    	var $lang = array();
    	var $help = array();
    	var $theme = array();
    	var $date_format;
    	var $timezone;
    	var $dst;
    
    	var $lang_name = false;
    	var $lang_id = false;
    	var $lang_path;
    	var $img_lang;
    	var $img_array = array();
    
    	// Able to add new options (up to id 31)
    	var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'sig_bbcode' => 15, 'sig_smilies' => 16, 'sig_links' => 17);
    	var $keyvalues = array();
    
    	/**
    	* Constructor to set the lang path
    	*/
    	function user()
    	{
    		global $phpbb_root_path;
    
    		$this->lang_path = $phpbb_root_path . 'language/';
    	}
    
    	/**
    	* Function to set custom language path (able to use directory outside of phpBB)
    	*
    	* @param string $lang_path New language path used.
    	* @access public
    	*/
    	function set_custom_lang_path($lang_path)
    	{
    		$this->lang_path = $lang_path;
    
    		if (substr($this->lang_path, -1) != '/')
    		{
    			$this->lang_path .= '/';
    		}
    	}
    
    	/**
    	* Setup basic user-specific items (style, language, ...)
    	*/
    	function setup($lang_set = false, $style = false)
    	{
    		global $db, $template, $config, $auth, $phpEx, $phpbb_root_path, $cache;
    
    		if ($this->data['user_id'] != ANONYMOUS)
    		{
    			$this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
    
    			$this->date_format = $this->data['user_dateformat'];
    			$this->timezone = $this->data['user_timezone'] * 3600;
    			$this->dst = $this->data['user_dst'] * 3600;
    		}
    		else
    		{
    			$this->lang_name = basename($config['default_lang']);
    			$this->date_format = $config['default_dateformat'];
    			$this->timezone = $config['board_timezone'] * 3600;
    			$this->dst = $config['board_dst'] * 3600;
    
    			/**
    			* If a guest user is surfing, we try to guess his/her language first by obtaining the browser language
    			* If re-enabled we need to make sure only those languages installed are checked
    			* Commented out so we do not loose the code.
    
    			if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
    			{
    				$accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
    
    				foreach ($accept_lang_ary as $accept_lang)
    				{
    					// Set correct format ... guess full xx_YY form
    					$accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2));
    					$accept_lang = basename($accept_lang);
    
    					if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx"))
    					{
    						$this->lang_name = $config['default_lang'] = $accept_lang;
    						break;
    					}
    					else
    					{
    						// No match on xx_YY so try xx
    						$accept_lang = substr($accept_lang, 0, 2);
    						$accept_lang = basename($accept_lang);
    
    						if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx"))
    						{
    							$this->lang_name = $config['default_lang'] = $accept_lang;
    							break;
    						}
    					}
    				}
    			}
    			*/
    		}
    
    		// We include common language file here to not load it every time a custom language file is included
    		$lang = &$this->lang;
    
    		// Do not suppress error if in DEBUG_EXTRA mode
    		$include_result = (defined('DEBUG_EXTRA')) ? (include $this->lang_path . $this->lang_name . "/common.$phpEx") : (@include $this->lang_path . $this->lang_name . "/common.$phpEx");
    
    		if ($include_result === false)
    		{
    			die('Language file ' . $this->lang_path . $this->lang_name . "/common.$phpEx" . " couldn't be opened.");
    		}
    
    		$this->add_lang($lang_set);
    		unset($lang_set);
    
    		if (!empty($_GET['style']) && $auth->acl_get('a_styles') && !defined('ADMIN_START'))
    		{
    			global $SID, $_EXTRA_URL;
    
    			$style = request_var('style', 0);
    			$SID .= '&amp;style=' . $style;
    			$_EXTRA_URL = array('style=' . $style);
    		}
    		else
    		{
    			// Set up style
    			$style = ($style) ? $style : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']);
    		}
    
    		$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
    			FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i
    			WHERE s.style_id = $style
    				AND t.template_id = s.template_id
    				AND c.theme_id = s.theme_id
    				AND i.imageset_id = s.imageset_id";
    		$result = $db->sql_query($sql, 3600);
    		$this->theme = $db->sql_fetchrow($result);
    		$db->sql_freeresult($result);
    
    		// User has wrong style
    		if (!$this->theme && $style == $this->data['user_style'])
    		{
    			$style = $this->data['user_style'] = $config['default_style'];
    
    			$sql = 'UPDATE ' . USERS_TABLE . "
    				SET user_style = $style
    				WHERE user_id = {$this->data['user_id']}";
    			$db->sql_query($sql);
    
    			$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
    				FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i
    				WHERE s.style_id = $style
    					AND t.template_id = s.template_id
    					AND c.theme_id = s.theme_id
    					AND i.imageset_id = s.imageset_id";
    			$result = $db->sql_query($sql, 3600);
    			$this->theme = $db->sql_fetchrow($result);
    			$db->sql_freeresult($result);
    		}
    
    		if (!$this->theme)
    		{
    			trigger_error('Could not get style data', E_USER_ERROR);
    		}
    
    		// Now parse the cfg file and cache it
    		$parsed_items = $cache->obtain_cfg_items($this->theme);
    
    		// We are only interested in the theme configuration for now
    		$parsed_items = $parsed_items['theme'];
    
    		$check_for = array(
    			'parse_css_file'	=> (int) 0,
    			'pagination_sep'	=> (string) ', '
    		);
    
    		foreach ($check_for as $key => $default_value)
    		{
    			$this->theme[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value;
    			settype($this->theme[$key], gettype($default_value));
    
    			if (is_string($default_value))
    			{
    				$this->theme[$key] = htmlspecialchars($this->theme[$key]);
    			}
    		}
    
    		// If the style author specified the theme needs to be cached
    		// (because of the used paths and variables) than make sure it is the case.
    		// For example, if the theme uses language-specific images it needs to be stored in db.
    		if (!$this->theme['theme_storedb'] && $this->theme['parse_css_file'])
    		{
    			$this->theme['theme_storedb'] = 1;
    
    			$stylesheet = file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/stylesheet.css");
    			// Match CSS imports
    			$matches = array();
    			preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
    
    			if (sizeof($matches))
    			{
    				$content = '';
    				foreach ($matches[0] as $idx => $match)
    				{
    					if ($content = @file_get_contents("{$phpbb_root_path}styles/{$this->theme['theme_path']}/theme/" . $matches[1][$idx]))
    					{
    						$content = trim($content);
    					}
    					else
    					{
    						$content = '';
    					}
    					$stylesheet = str_replace($match, $content, $stylesheet);
    				}
    				unset($content);
    			}
    
    			$stylesheet = str_replace('./', 'styles/' . $this->theme['theme_path'] . '/theme/', $stylesheet);
    
    			$sql_ary = array(
    				'theme_data'	=> $stylesheet,
    				'theme_mtime'	=> time(),
    				'theme_storedb'	=> 1
    			);
    
    			$sql = 'UPDATE ' . STYLES_THEME_TABLE . '
    				SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
    				WHERE theme_id = ' . $this->theme['theme_id'];
    			$db->sql_query($sql);
    
    			unset($sql_ary);
    		}
    
    		$template->set_template();
    
    		$this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang'];
    
    		// Same query in style.php
    		$sql = 'SELECT *
    			FROM ' . STYLES_IMAGESET_DATA_TABLE . '
    			WHERE imageset_id = ' . $this->theme['imageset_id'] . "
    			AND image_filename <> ''
    			AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";
    		$result = $db->sql_query($sql, 3600);
    
    		$localised_images = false;
    		while ($row = $db->sql_fetchrow($result))
    		{
    			if ($row['image_lang'])
    			{
    				$localised_images = true;
    			}
    
    			$row['image_filename'] = rawurlencode($row['image_filename']);
    			$this->img_array[$row['image_name']] = $row;
    		}
    		$db->sql_freeresult($result);
    
    		// there were no localised images, try to refresh the localised imageset for the user's language
    		if (!$localised_images)
    		{
    			// Attention: this code ignores the image definition list from acp_styles and just takes everything
    			// that the config file contains
    			$sql_ary = array();
    
    			$db->sql_transaction('begin');
    
    			$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . '
    				WHERE imageset_id = ' . $this->theme['imageset_id'] . '
    					AND image_lang = \'' . $db->sql_escape($this->img_lang) . '\'';
    			$result = $db->sql_query($sql);
    
    			if (@file_exists("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg"))
    			{
    				$cfg_data_imageset_data = parse_cfg_file("{$phpbb_root_path}styles/{$this->theme['imageset_path']}/imageset/{$this->img_lang}/imageset.cfg");
    				foreach ($cfg_data_imageset_data as $image_name => $value)
    				{
    					if (strpos($value, '*') !== false)
    					{
    						if (substr($value, -1, 1) === '*')
    						{
    							list($image_filename, $image_height) = explode('*', $value);
    							$image_width = 0;
    						}
    						else
    						{
    							list($image_filename, $image_height, $image_width) = explode('*', $value);
    						}
    					}
    					else
    					{
    						$image_filename = $value;
    						$image_height = $image_width = 0;
    					}
    
    					if (strpos($image_name, 'img_') === 0 && $image_filename)
    					{
    						$image_name = substr($image_name, 4);
    						$sql_ary[] = array(
    							'image_name'		=> (string) $image_name,
    							'image_filename'	=> (string) $image_filename,
    							'image_height'		=> (int) $image_height,
    							'image_width'		=> (int) $image_width,
    							'imageset_id'		=> (int) $this->theme['imageset_id'],
    							'image_lang'		=> (string) $this->img_lang,
    						);
    					}
    				}
    			}
    
    			if (sizeof($sql_ary))
    			{
    				$db->sql_multi_insert(STYLES_IMAGESET_DATA_TABLE, $sql_ary);
    				$db->sql_transaction('commit');
    				$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE);
    
    				add_log('admin', 'LOG_IMAGESET_LANG_REFRESHED', $this->theme['imageset_name'], $this->img_lang);
    			}
    			else
    			{
    				$db->sql_transaction('commit');
    				add_log('admin', 'LOG_IMAGESET_LANG_MISSING', $this->theme['imageset_name'], $this->img_lang);
    			}
    		}
    
    		// Call phpbb_user_session_handler() in case external application want to "bend" some variables or replace classes...
    		// After calling it we continue script execution...
    		phpbb_user_session_handler();
    
    		// If this function got called from the error handler we are finished here.
    		if (defined('IN_ERROR_HANDLER'))
    		{
    			return;
    		}
    
    		// Disable board if the install/ directory is still present
    		// For the brave development army we do not care about this, else we need to comment out this everytime we develop locally
    		if (!defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install'))
    		{
    			// Adjust the message slightly according to the permissions
    			if ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))
    			{
    				$message = 'REMOVE_INSTALL';
    			}
    			else
    			{
    				$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
    			}
    			trigger_error($message);
    		}
    
    		// Is board disabled and user not an admin or moderator?
    		if ($config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
    		{
    			if ($this->data['is_bot'])
    			{
    				send_status_line(503, 'Service Unavailable');
    			}
    
    			$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
    			trigger_error($message);
    		}
    
    		// Is load exceeded?
    		if ($config['limit_load'] && $this->load !== false)
    		{
    			if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !defined('IN_ADMIN'))
    			{
    				// Set board disabled to true to let the admins/mods get the proper notification
    				$config['board_disable'] = '1';
    
    				if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
    				{
    					if ($this->data['is_bot'])
    					{
    						send_status_line(503, 'Service Unavailable');
    					}
    					trigger_error('BOARD_UNAVAILABLE');
    				}
    			}
    		}
    
    		if (isset($this->data['session_viewonline']))
    		{
    			// Make sure the user is able to hide his session
    			if (!$this->data['session_viewonline'])
    			{
    				// Reset online status if not allowed to hide the session...
    				if (!$auth->acl_get('u_hideonline'))
    				{
    					$sql = 'UPDATE ' . SESSIONS_TABLE . '
    						SET session_viewonline = 1
    						WHERE session_user_id = ' . $this->data['user_id'];
    					$db->sql_query($sql);
    					$this->data['session_viewonline'] = 1;
    				}
    			}
    			else if (!$this->data['user_allow_viewonline'])
    			{
    				// the user wants to hide and is allowed to  -> cloaking device on.
    				if ($auth->acl_get('u_hideonline'))
    				{
    					$sql = 'UPDATE ' . SESSIONS_TABLE . '
    						SET session_viewonline = 0
    						WHERE session_user_id = ' . $this->data['user_id'];
    					$db->sql_query($sql);
    					$this->data['session_viewonline'] = 0;
    				}
    			}
    		}
    
    
    		// Does the user need to change their password? If so, redirect to the
    		// ucp profile reg_details page ... of course do not redirect if we're already in the ucp
    		if (!defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && !empty($this->data['is_registered']) && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
    		{
    			if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx")
    			{
    				redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&amp;mode=reg_details'));
    			}
    		}
    
    		return;
    	}
    
    	/**
    	* More advanced language substitution
    	* Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms.
    	* Params are the language key and the parameters to be substituted.
    	* This function/functionality is inspired by SHS` and Ashe.
    	*
    	* Example call: <samp>$user->lang('NUM_POSTS_IN_QUEUE', 1);</samp>
    	*/
    	function lang()
    	{
    		$args = func_get_args();
    		$key = $args[0];
    
    		if (is_array($key))
    		{
    			$lang = &$this->lang[array_shift($key)];
    
    			foreach ($key as $_key)
    			{
    				$lang = &$lang[$_key];
    			}
    		}
    		else
    		{
    			$lang = &$this->lang[$key];
    		}
    
    		// Return if language string does not exist
    		if (!isset($lang) || (!is_string($lang) && !is_array($lang)))
    		{
    			return $key;
    		}
    
    		// If the language entry is a string, we simply mimic sprintf() behaviour
    		if (is_string($lang))
    		{
    			if (sizeof($args) == 1)
    			{
    				return $lang;
    			}
    
    			// Replace key with language entry and simply pass along...
    			$args[0] = $lang;
    			return call_user_func_array('sprintf', $args);
    		}
    
    		// It is an array... now handle different nullar/singular/plural forms
    		$key_found = false;
    
    		// We now get the first number passed and will select the key based upon this number
    		for ($i = 1, $num_args = sizeof($args); $i < $num_args; $i++)
    		{
    			if (is_int($args[$i]))
    			{
    				$numbers = array_keys($lang);
    
    				foreach ($numbers as $num)
    				{
    					if ($num > $args[$i])
    					{
    						break;
    					}
    
    					$key_found = $num;
    				}
    				break;
    			}
    		}
    
    		// Ok, let's check if the key was found, else use the last entry (because it is mostly the plural form)
    		if ($key_found === false)
    		{
    			$numbers = array_keys($lang);
    			$key_found = end($numbers);
    		}
    
    		// Use the language string we determined and pass it to sprintf()
    		$args[0] = $lang[$key_found];
    		return call_user_func_array('sprintf', $args);
    	}
    
    	/**
    	* Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion)
    	*
    	* @param mixed $lang_set specifies the language entries to include
    	* @param bool $use_db internal variable for recursion, do not use
    	* @param bool $use_help internal variable for recursion, do not use
    	*
    	* Examples:
    	* <code>
    	* $lang_set = array('posting', 'help' => 'faq');
    	* $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq'))
    	* $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq'))
    	* $lang_set = 'posting'
    	* $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting'))
    	* </code>
    	*/
    	function add_lang($lang_set, $use_db = false, $use_help = false)
    	{
    		global $phpEx;
    
    		if (is_array($lang_set))
    		{
    			foreach ($lang_set as $key => $lang_file)
    			{
    				// Please do not delete this line.
    				// We have to force the type here, else [array] language inclusion will not work
    				$key = (string) $key;
    
    				if ($key == 'db')
    				{
    					$this->add_lang($lang_file, true, $use_help);
    				}
    				else if ($key == 'help')
    				{
    					$this->add_lang($lang_file, $use_db, true);
    				}
    				else if (!is_array($lang_file))
    				{
    					$this->set_lang($this->lang, $this->help, $lang_file, $use_db, $use_help);
    				}
    				else
    				{
    					$this->add_lang($lang_file, $use_db, $use_help);
    				}
    			}
    			unset($lang_set);
    		}
    		else if ($lang_set)
    		{
    			$this->set_lang($this->lang, $this->help, $lang_set, $use_db, $use_help);
    		}
    	}
    
    	/**
    	* Set language entry (called by add_lang)
    	* @access private
    	*/
    	function set_lang(&$lang, &$help, $lang_file, $use_db = false, $use_help = false)
    	{
    		global $phpEx;
    
    		// Make sure the language name is set (if the user setup did not happen it is not set)
    		if (!$this->lang_name)
    		{
    			global $config;
    			$this->lang_name = basename($config['default_lang']);
    		}
    
    		// $lang == $this->lang
    		// $help == $this->help
    		// - add appropriate variables here, name them as they are used within the language file...
    		if (!$use_db)
    		{
    			if ($use_help && strpos($lang_file, '/') !== false)
    			{
    				$language_filename = $this->lang_path . $this->lang_name . '/' . substr($lang_file, 0, stripos($lang_file, '/') + 1) . 'help_' . substr($lang_file, stripos($lang_file, '/') + 1) . '.' . $phpEx;
    			}
    			else
    			{
    				$language_filename = $this->lang_path . $this->lang_name . '/' . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx;
    			}
    
    			if (!file_exists($language_filename))
    			{
    				global $config;
    
    				if ($this->lang_name == 'en')
    				{
    					// The user's selected language is missing the file, the board default's language is missing the file, and the file doesn't exist in /en.
    					$language_filename = str_replace($this->lang_path . 'en', $this->lang_path . $this->data['user_lang'], $language_filename);
    					trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR);
    				}
    				else if ($this->lang_name == basename($config['default_lang']))
    				{
    					// Fall back to the English Language
    					$this->lang_name = 'en';
    					$this->set_lang($lang, $help, $lang_file, $use_db, $use_help);
    				}
    				else if ($this->lang_name == $this->data['user_lang'])
    				{
    					// Fall back to the board default language
    					$this->lang_name = basename($config['default_lang']);
    					$this->set_lang($lang, $help, $lang_file, $use_db, $use_help);
    				}
    
    				// Reset the lang name
    				$this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
    				return;
    			}
    
    			// Do not suppress error if in DEBUG_EXTRA mode
    			$include_result = (defined('DEBUG_EXTRA')) ? (include $language_filename) : (@include $language_filename);
    
    			if ($include_result === false)
    			{
    				trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR);
    			}
    		}
    		else if ($use_db)
    		{
    			// Get Database Language Strings
    			// Put them into $lang if nothing is prefixed, put them into $help if help: is prefixed
    			// For example: help:faq, posting
    		}
    	}
    
    	/**
    	* Format user date
    	*
    	* @param int $gmepoch unix timestamp
    	* @param string $format date format in date() notation. | used to indicate relative dates, for example |d m Y|, h:i is translated to Today, h:i.
    	* @param bool $forcedate force non-relative date format.
    	*
    	* @return mixed translated date
    	*/
    	function format_date($gmepoch, $format = false, $forcedate = false)
    	{
    		static $midnight;
    		static $date_cache;
    
    		$format = (!$format) ? $this->date_format : $format;
    		$now = time();
    		$delta = $now - $gmepoch;
    
    		if (!isset($date_cache[$format]))
    		{
    			// Is the user requesting a friendly date format (i.e. 'Today 12:42')?
    			$date_cache[$format] = array(
    				'is_short'		=> strpos($format, '|'),
    				'format_short'	=> substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1),
    				'format_long'	=> str_replace('|', '', $format),
    				'lang'			=> $this->lang['datetime'],
    			);
    
    			// Short representation of month in format? Some languages use different terms for the long and short format of May
    			if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false))
    			{
    				$date_cache[$format]['lang']['May'] = $this->lang['datetime']['May_short'];
    			}
    		}
    
    		// Zone offset
    		$zone_offset = $this->timezone + $this->dst;
    
    		// Show date <= 1 hour ago as 'xx min ago' but not greater than 60 seconds in the future
    		// A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago'
    		if ($delta <= 3600 && $delta > -60 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO']))
    		{
    			return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60)));
    		}
    
    		if (!$midnight)
    		{
    			list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $zone_offset));
    			$midnight = gmmktime(0, 0, 0, $m, $d, $y) - $zone_offset;
    		}
    
    		if ($date_cache[$format]['is_short'] !== false && !$forcedate && !($gmepoch < $midnight - 86400 || $gmepoch > $midnight + 172800))
    		{
    			$day = false;
    
    			if ($gmepoch > $midnight + 86400)
    			{
    				$day = 'TOMORROW';
    			}
    			else if ($gmepoch > $midnight)
    			{
    				$day = 'TODAY';
    			}
    			else if ($gmepoch > $midnight - 86400)
    			{
    				$day = 'YESTERDAY';
    			}
    
    			if ($day !== false)
    			{
    				return str_replace('||', $this->lang['datetime'][$day], strtr(@gmdate($date_cache[$format]['format_short'], $gmepoch + $zone_offset), $date_cache[$format]['lang']));
    			}
    		}
    
    		return strtr(@gmdate($date_cache[$format]['format_long'], $gmepoch + $zone_offset), $date_cache[$format]['lang']);
    	}
    
    	/**
    	* Get language id currently used by the user
    	*/
    	function get_iso_lang_id()
    	{
    		global $config, $db;
    
    		if (!empty($this->lang_id))
    		{
    			return $this->lang_id;
    		}
    
    		if (!$this->lang_name)
    		{
    			$this->lang_name = $config['default_lang'];
    		}
    
    		$sql = 'SELECT lang_id
    			FROM ' . LANG_TABLE . "
    			WHERE lang_iso = '" . $db->sql_escape($this->lang_name) . "'";
    		$result = $db->sql_query($sql);
    		$this->lang_id = (int) $db->sql_fetchfield('lang_id');
    		$db->sql_freeresult($result);
    
    		return $this->lang_id;
    	}
    
    	/**
    	* Get users profile fields
    	*/
    	function get_profile_fields($user_id)
    	{
    		global $db;
    
    		if (isset($this->profile_fields))
    		{
    			return;
    		}
    
    		$sql = 'SELECT *
    			FROM ' . PROFILE_FIELDS_DATA_TABLE . "
    			WHERE user_id = $user_id";
    		$result = $db->sql_query_limit($sql, 1);
    		$this->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row;
    		$db->sql_freeresult($result);
    	}
    
    	/**
    	* Specify/Get image
    	* $suffix is no longer used - we know it. ;) It is there for backward compatibility.
    	*/
    	function img($img, $alt = '', $width = false, $suffix = '', $type = 'full_tag')
    	{
    		static $imgs;
    		global $phpbb_root_path;
    
    		$img_data = &$imgs[$img];
    
    		if (empty($img_data))
    		{
    			if (!isset($this->img_array[$img]))
    			{
    				// Do not fill the image to let designers decide what to do if the image is empty
    				$img_data = '';
    				return $img_data;
    			}
    
    			// Use URL if told so
    			$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path;
    
    			$path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename'];
    
    			$img_data['src'] = $root_path . $path;
    			$img_data['width'] = $this->img_array[$img]['image_width'];
    			$img_data['height'] = $this->img_array[$img]['image_height'];
    
    			// We overwrite the width and height to the phpbb logo's width
    			// and height here if the contents of the site_logo file are
    			// really equal to the phpbb_logo
    			// This allows us to change the dimensions of the phpbb_logo without
    			// modifying the imageset.cfg and causing a conflict for everyone
    			// who modified it for their custom logo on updating
    			if ($img == 'site_logo' && file_exists($phpbb_root_path . $path))
    			{
    				global $cache;
    
    				$img_file_hashes = $cache->get('imageset_site_logo_md5');
    
    				if ($img_file_hashes === false)
    				{
    					$img_file_hashes = array();
    				}
    
    				$key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang'];
    				if (!isset($img_file_hashes[$key]))
    				{
    					$img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path));
    					$cache->put('imageset_site_logo_md5', $img_file_hashes);
    				}
    
    				$phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10';
    
    				if ($phpbb_logo_hash == $img_file_hashes[$key])
    				{
    					$img_data['width'] = '149';
    					$img_data['height'] = '52';
    				}
    			}
    		}
    
    		$alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt;
    
    		switch ($type)
    		{
    			case 'src':
    				return $img_data['src'];
    			break;
    
    			case 'width':
    				return ($width === false) ? $img_data['width'] : $width;
    			break;
    
    			case 'height':
    				return $img_data['height'];
    			break;
    
    			default:
    				$use_width = ($width === false) ? $img_data['width'] : $width;
    
    				return '<img src="' . $img_data['src'] . '"' . (($use_width) ? ' width="' . $use_width . '"' : '') . (($img_data['height']) ? ' height="' . $img_data['height'] . '"' : '') . ' alt="' . $alt . '" title="' . $alt . '" />';
    			break;
    		}
    	}
    
    	/**
    	* Get option bit field from user options
    	*/
    	function optionget($key, $data = false)
    	{
    		if (!isset($this->keyvalues[$key]))
    		{
    			$var = ($data) ? $data : $this->data['user_options'];
    			$this->keyvalues[$key] = ($var & 1 << $this->keyoptions[$key]) ? true : false;
    		}
    
    		return $this->keyvalues[$key];
    	}
    
    	/**
    	* Set option bit field for user options
    	*/
    	function optionset($key, $value, $data = false)
    	{
    		$var = ($data) ? $data : $this->data['user_options'];
    
    		if ($value && !($var & 1 << $this->keyoptions[$key]))
    		{
    			$var += 1 << $this->keyoptions[$key];
    		}
    		else if (!$value && ($var & 1 << $this->keyoptions[$key]))
    		{
    			$var -= 1 << $this->keyoptions[$key];
    		}
    		else
    		{
    			return ($data) ? $var : false;
    		}
    
    		if (!$data)
    		{
    			$this->data['user_options'] = $var;
    			return true;
    		}
    		else
    		{
    			return $var;
    		}
    	}
    
    	/**
    	* Funtion to make the user leave the NEWLY_REGISTERED system group.
    	* @access public
    	*/
    	function leave_newly_registered()
    	{
    		global $db;
    
    		if (empty($this->data['user_new']))
    		{
    			return false;
    		}
    
    		if (!function_exists('remove_newly_registered'))
    		{
    			global $phpbb_root_path, $phpEx;
    
    			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
    		}
    		if ($group = remove_newly_registered($this->data['user_id'], $this->data))
    		{
    			$this->data['group_id'] = $group;
    
    		}
    		$this->data['user_permissions'] = '';
    		$this->data['user_new'] = 0;
    
    		return true;
    	}
    }
    
    ?>


    Ich kann so keinen Fehler entdecken, ich kopiere das jetzt mal in meinen Editor und überprüfe das Gründlich.
    Sorge bitte dafür, dass am ENDE deiner php Datei keine Leerzeichen mehr sind, so zum Beispiel:

    Zeile 2832: $variable
    Zeile 2833: //php schließen
    Zeile 2834: ?>
    Zeile 2835:
    Zeile 2836
  14. thomasba

    Co-Admin Kostenloser Webspace von thomasba

    thomasba hat kostenlosen Webspace.

    Ganz am Anfang des Quellcodes, den der Server ausliefert, erscheinen folgende iframes:
    <iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME>


    Diese wurden an einer Falschen stelle platziert, somit können die Header-Daten nicht mehr geändert werden. Durch ein entfernen entsprechender Zeilen sollte das wieder Klappen.

    Wenn du dich nicht erinnern kann, wann du diese Zeilen eingefügt hast, solltest du beim nächsten mal Dokumentieren, was du gemacht hast ;-)
  15. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    thomasba schrieb:
    Ganz am Anfang des Quellcodes, den der Server ausliefert, erscheinen folgende iframes:
    <iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME>


    Diese wurden an einer Falschen stelle platziert, somit können die Header-Daten nicht mehr geändert werden. Durch ein entfernen entsprechender Zeilen sollte das wieder Klappen.

    Wenn du dich nicht erinnern kann, wann du diese Zeilen eingefügt hast, solltest du beim nächsten mal Dokumentieren, was du gemacht hast ;-)


    Das hab ich nicht eingefügt...
  16. thomasba schrieb:
    Ganz am Anfang des Quellcodes, den der Server ausliefert, erscheinen folgende iframes:
    <iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME>


    Diese wurden an einer Falschen stelle platziert, somit können die Header-Daten nicht mehr geändert werden. Durch ein entfernen entsprechender Zeilen sollte das wieder Klappen.

    Wenn du dich nicht erinnern kann, wann du diese Zeilen eingefügt hast, solltest du beim nächsten mal Dokumentieren, was du gemacht hast ;-)


    Kein Wunder, dass ich keinen Fehler finden konnte in den beiden php Dateien.. Erklärt auch, warum angeblich ein header in erster linie steht, wie die Fehlermeldung sagt...

    PC Own's Handy.... Ich hab keine Entwickler Tools oder so zum Quelltext-anzeigen :(
  17. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    kill-a-teddy schrieb:
    thomasba schrieb:
    Ganz am Anfang des Quellcodes, den der Server ausliefert, erscheinen folgende iframes:
    <iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME><iframe src=http://www.namaste-etnico.it/stata1.html WIDTH=1 HEIGHT=1 frameborder=0></IFRAME>


    Diese wurden an einer Falschen stelle platziert, somit können die Header-Daten nicht mehr geändert werden. Durch ein entfernen entsprechender Zeilen sollte das wieder Klappen.

    Wenn du dich nicht erinnern kann, wann du diese Zeilen eingefügt hast, solltest du beim nächsten mal Dokumentieren, was du gemacht hast ;-)


    Kein Wunder, dass ich keinen Fehler finden konnte in den beiden php Dateien.. Erklärt auch, warum angeblich ein header in erster linie steht, wie die Fehlermeldung sagt...

    PC Own's Handy.... Ich hab keine Entwickler Tools oder so zum Quelltext-anzeigen :(



    wo finde ich die Zeile (die ich nicht gesetzt habe) nun?
  18. thomasba

    Co-Admin Kostenloser Webspace von thomasba

    thomasba hat kostenlosen Webspace.

    schinkenmedia schrieb:
    wo finde ich die Zeile (die ich nicht gesetzt habe) nun?


    Da pragert eine schöne Fehlermeldung:
    [phpBB Debug] PHP Warning: in file /includes/session.php on line 1035: Cannot modify header information - headers already sent by (output started at /index.php:1)


    output started at /index.php:1 → index.php Zeile 1 ;-)

    Das könnte von einem Plugin stammen
  19. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    thomasba schrieb:
    schinkenmedia schrieb:
    wo finde ich die Zeile (die ich nicht gesetzt habe) nun?


    Da pragert eine schöne Fehlermeldung:
    [phpBB Debug] PHP Warning: in file /includes/session.php on line 1035: Cannot modify header information - headers already sent by (output started at /index.php:1)


    output started at /index.php:1 → index.php Zeile 1 ;-)

    Das könnte von einem Plugin stammen



    Ich hab die Zeile jetzt gelöscht, aber es hat noch nichts gebracht. Generell muss man beim phpbb-Forum nach einer änderung den Chache löschen, da ich aber nicht in den Administrationspanel komme, ist der weg ausgeschlossen-oder?
  20. schinkenmedia schrieb:
    Ich hab die Zeile jetzt gelöscht, aber es hat noch nichts gebracht. Generell muss man beim phpbb-Forum nach einer änderung den Chache löschen, da ich aber nicht in den Administrationspanel komme, ist der weg ausgeschlossen-oder?


    Hast du die Datei danach auch neu hoch geladen? Denn der iframe ist noch immer da...
  21. Autor dieses Themas

    schinkenmedia

    Kostenloser Webspace von schinkenmedia

    schinkenmedia hat kostenlosen Webspace.

    kill-a-teddy schrieb:
    schinkenmedia schrieb:
    Ich hab die Zeile jetzt gelöscht, aber es hat noch nichts gebracht. Generell muss man beim phpbb-Forum nach einer änderung den Chache löschen, da ich aber nicht in den Administrationspanel komme, ist der weg ausgeschlossen-oder?


    Hast du die Datei danach auch neu hoch geladen? Denn der iframe ist noch immer da...



    Ich habe sie direkt im filemanager gespeichert...

    Beitrag zuletzt geändert: 14.2.2012 22:39:24 von schinkenmedia
  22. Diskutiere mit und stelle Fragen: Jetzt kostenlos anmelden!

    lima-city: Gratis werbefreier Webspace für deine eigene Homepage

Dir gefällt dieses Thema?

Über lima-city

Login zum Webhosting ohne Werbung!