############################################################## 
##
## MOD Title:		  phpBB Security
##
## MOD Author:		  aUsTiN => austin_inc@hotmail.com
##
## MOD Description:       Please read the Features.txt
##
## MOD Version:           1.0.3
##
## MOD Help:		  http://phpbb-tweaks.com/
## 
## Installation Level:    Easy
##
## Installation Time:     20 Minutes
##
## Files To Edit:    	  14     
##
## Included Files:        12  
##
############################################################## 
############################################################## 
##
## Author Notes: 
##
##
##	Copyright  phpBB-Amod, 2003-2006
##
##	Feel free to see it in action at http://phpbb-amod.com/
##
##	If the copyright is removed or not in place, you WILL NOT
##	receive support. Its a matter of respect to the ones who
##	take the time to give yall these scripts.
##
############################################################## 
##
## MOD History: 
## 
##	Jan 10th 2006 - Version 1.0.3
##		- Read the Docs/Features.txt
## 
##	Mar 20th 2005 - Version 1.0.2
##		- Read the Docs/Features.txt
##
##	Jan 05th 2005 - Version 1.0.1
##      	- Added chr Prevention
##      	- Added file write & file open Prevention
##      	- Recoded usercp_register edits (worked out all issues)
##		- Added Sanity Worm prevention
##		- Added pagination to the caught page
##		- Added the link they used to get banned to the caught page
##		- Highlights ips with red if they have ever posted on your site
## 
##	Dec 10th 2004 - Version 1.0.0
##      	- Beta Released
##
############################################################## 
##
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
##
##############################################################
##
##	Definitions:
##
##		Root: Folder your config.php is located
##		templates/*/: Your template folder (All template folders are suggested)
##		lang_*/: Your current language folder (All lang folders are suggested)
##
##############################################################

-----------------------------------
----[ SQL EXECUTION ]--------------
-----------------------------------

Execute the installer.php, upload it to your root directory
IE: http://yoursite.com/index.php is your site, it needs to be
http://yoursite.com/installer.php. Then point your browser to 
it & run it.

-----------------------------------
----[ UPLOAD FILES ]---------------
-----------------------------------

login_security.php			=>	Root/
admin/admin_security.php		=>	Root/admin/
includes/phpbb_security.php		=>	Root/includes/
language/lang_*/lang_phpbb_security.php	=>	Root/language/lang_*/
templates/subSilver/*			=>	Root/templates/*/
templates/subSilver/admin/*		=>	Root/templates/*/admin/

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

common.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

?>

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_check = phpBBSecurity_Blocks();
	if ($ps_check)
		phpBBSecurity_Ban(phpBBSecurity_IP(), $board_config['phpBBSecurity_auto_ban'], $ps_check);
phpBBSecurity_MaxSessions($board_config['phpBBSecurity_allowed_sessions']);
phpBBSecurity_Guests();
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

login.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

//
// End session management
//

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

			if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
			{

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
		if (md5($password) != $row['user_password'])
			phpBBSecurity_InvalidLogin($row['user_id']);								
			phpBBSecurity_CheckTries($row['user_id']);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

					if( $session_id )
					{

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
						phpBBSecurity_ResetTries($row['user_id']);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

modcp.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

// session id check
if ($sid == '' || $sid != $userdata['session_id'])
{
	message_die(GENERAL_ERROR, 'Invalid_session');
}

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	if ( ($mode == 'delete') && ($confirm) )
		{
	$pass_one = isset($HTTP_POST_VARS['phpBBSecurity_verify']) ? $HTTP_POST_VARS['phpBBSecurity_verify'] : '';
	$pass_two = $userdata['user_password'];
		if (md5($pass_one) != $pass_two)
			message_die(GENERAL_ERROR, $lang['PS_modcp_verify_fail']);
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |		

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

				'MESSAGE_TEXT' => $lang['Confirm_delete_topic'], 

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
				'L_VERIFY'	=> '<br><br><span class="genmed">'. $lang['PS_modcp_verify'] .' <input type="password" class="post" name="phpBBSecurity_verify" value=""></span>',
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/admin_ug_auth.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$user_id = intval($user_id);
$group_id = intval($group_id);
$adv = intval($adv);
$mode = htmlspecialchars($mode);

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
$owner = '2';

	if (isset($HTTP_POST_VARS['submit']))
		{	
		if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
			message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/admin_users.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$html_entities_match = array('#<#', '#>#');
$html_entities_replace = array('&lt;', '&gt;');

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
$owner = '2';

	if (isset($HTTP_POST_VARS['submit']))
		{
	$user_id = intval($HTTP_POST_VARS['id']);
	
		if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
			message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

		$user_allowavatar = ( !empty($HTTP_POST_VARS['user_allowavatar']) ) ? intval( $HTTP_POST_VARS['user_allowavatar'] ) : 0;

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);		
		$locked_status 	= ($_POST['ps_lock']) ? $_POST['ps_lock'] : $HTTP_POST_VARS['ps_lock'];
		$reset_status 	= ($_POST['ps_reset']) ? $_POST['ps_reset'] : $HTTP_POST_VARS['ps_reset'];
		phpBBSecurity_Admin($user_id, $locked_status, $reset_status);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------
#
#
# This should be in the main $template->assign_vars( array, so if you have a mod that adds this
# anywhere else, make sure you put it in the right place.

'USERNAME' => $username,

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====		
			'PS_STATUS'		=> ($this_userdata['phpBBSecurity_login_tries'] >= $board_config['phpBBSecurity_login_limit']) ? $lang['PS_user_status_l'] : $lang['PS_user_status_u'],
			'PS_RESET'		=> $lang['PS_user_reset'],
			'PS_RESET_EXP'	=> $lang['PS_user_reset_exp'],
			'PS_LOCK'		=> $lang['PS_user_lock'],
			'PS_LOCK_EXP'	=> $lang['PS_user_lock_exp'],
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/index.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	$template->set_filenames(array(
		"body" => "admin/index_body.tpl")
	);

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====		
	$secfile = @file('http://phpbb-tweaks.com/secver.txt');
	$msg = '';
	$msg .= '<table align="top" class="forumline" width="100%">';
	$msg .= '	<tr>';
	$msg .= '		<th align="center" valign="middle" class="thTop" width="100%">';
	$msg .= '			phpBB Security Status';
	$msg .= '		</th>';
	$msg .= '	</tr>';
	$msg .= '	<tr>';
	$msg .= '		<td align="left" width="100%" class="row2">';
	$msg .= '			<span class="genmed">';
	if (!$secfile)
		$msg .= 'Sorry, I was unable to get version data at this time. Please try later.';
	
	if ($secfile)
		{
	$newest_ver = $secfile[0];
	$this_ver 	= $board_config['phpBBSecurity_version'];
	
		if ($newest_ver == $this_ver)
			$msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is 
			<b>'. $this_ver .'</b>. So I would have to say you are up to date!';
		else
			$msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is 
			<b>'. $this_ver .'</b>. So I would have to say you need to upgrade ASAP!';
		}
		
	$msg .= '			</span>';
	$msg .= '		</td>';
	$msg .= '	</tr>';
	$msg .= '	<tr>';
	$msg .= '		<th align="center" valign="middle" class="thTop" width="100%">&nbsp;</th>';
	$msg .= '	</tr>';
	$msg .= '</table>';
	echo $msg;
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/functions.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	//
	// Set up style
	//
	if ( !$board_config['override_user_style'] )
	{


-----------------------------------
----[ BEFORE, ADD ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
phpBBSecurity_Elimination($board_config[phpBBSecurity_AdminConfigName()], $board_config[phpBBSecurity_ModConfigName()], $userdata['user_id']);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/page_header.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

//
// The following assigns all _common_ variables that may be used at any point
// in a template.
//

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$template->pparse('overall_header');

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	phpBBSecurity_FinalSet();
	phpBBSecurity_DBBackup();
		
	# Only allow them to login & view profile to update it
	if ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
		$is_valid = TRUE;
	elseif ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
		$is_valid = TRUE;
	else
		$is_valid = '';
		
	if ( (!$is_valid) && (!$gen_simple_header) ) 
		{
		# Make sure they are not a guest
		if ($userdata['user_id'] != ANONYMOUS)
			{
			# Do the check
			if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
				phpBBSecurity_Force();
				
			if ($userdata['phpBBSecurity_force_pw_update'] != 1)
				message_die(GENERAL_ERROR, sprintf($lang['PS_pass_force'], '<a href="profile.'. $phpEx .'?mode=editprofile&amp;infrom=phpBBSecurity&amp;sid='. $userdata['session_id'] .'">', '</a>'));
			}
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/page_tail.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	'TRANSLATION_INFO' => ( isset($lang['TRANSLATION_INFO']) ) ? $lang['TRANSLATION_INFO'] : '',

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.1 =========================================================== |
#====
	'BLOCKED'	=> str_replace('%T%', '<b>'. number_format($board_config['phpBBSecurity_total_attempts']) .'</b>', $lang['PS_blocked_line']),
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/usercp_register.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
$in_from = (isset($HTTP_GET_VARS['infrom'])) ? $HTTP_GET_VARS['infrom'] : $HTTP_POST_VARS['infrom'];
	
	if ( (isset($HTTP_POST_VARS['submit'])) && ($HTTP_POST_VARS['mode'] == 'editprofile') && ($HTTP_POST_VARS['infrom'] == 'phpBBSecurity') )
		{
		if ( (empty($HTTP_POST_VARS['cur_password'])) || (empty($HTTP_POST_VARS['new_password'])) || (empty($HTTP_POST_VARS['password_confirm'])) )
			message_die(GENERAL_ERROR, $lang['PS_pass_force_error']);
		elseif ( ($userdata['user_password'] == md5($HTTP_POST_VARS['cur_password'])) && (isset($HTTP_POST_VARS['new_password'])) )
			{
		$q = "UPDATE ". USERS_TABLE ."
			  SET phpBBSecurity_force_pw_update = '1'
			  WHERE user_id = '". $userdata['user_id'] ."'";
		$db->sql_query($q);
			}
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

//
// Did the user submit? In this case build a query to update the users profile in the DB
//
if ( isset($HTTP_POST_VARS['submit']) )
{
	include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	if ($mode == 'editprofile' || $mode == 'register')
		{
		if ( ($username == $password_confirm) && (isset($board_config['phpBBSecurity_use_password_match'])) )
			{
		$error = TRUE;
		$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_match_error'];
			}
			
		if ( (strlen($password_confirm) < $baord_config['phpBBSecurity_password_min_length']) && (isset($board_config['phpBBSecurity_use_password_length'])) )
			{
		$error = TRUE;
		$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_length_error'];			
			}		
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	if ( !$error )
	{

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	if ($userdata['user_password'] != $pass_check)
		{
	$sessiondata 				= isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : array();
	$sessiondata['autologinid'] = ($sessiondata['autologinid'] == $userdata['user_password']) ? $pass_check : '';
	$sessiondata['userid'] 		= $userdata['user_id'];
	$sessionmethod 				= ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? SESSION_METHOD_COOKIE : SESSION_METHOD_GET;
						
	setcookie($board_config['cookie_name'] .'_data', serialize($sessiondata), (time() + 31536000), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
	setcookie($board_config['cookie_name'] .'_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);		
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$s_hidden_fields .= '<input type="hidden" name="current_email" value="' . $userdata['user_email'] . '" />';

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
		$s_hidden_fields .= ($in_from == 'phpBBSecurity') ? '<input type="hidden" name="infrom" value="phpBBSecurity">' : '';
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

			$sql = "UPDATE " . USERS_TABLE . "

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
	$ps_question 	= ($_POST['PS_question']) 	? $_POST['PS_question'] : $HTTP_POST_VARS['PS_question'];
	$ps_answer 		= ($_POST['PS_answer']) 	? $_POST['PS_answer'] 	: $HTTP_POST_VARS['PS_answer'];
	if ( (isset($HTTP_POST_VARS['submit'])) && ($mode == 'editprofile') )
		phpBBSecurity_Validate($ps_question, $ps_answer, $userdata['user_id'], $mode, '');
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

			if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
			{
				message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
			}

-----------------------------------
----[ BEFORE, ADD ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
	$ps_question 	= ($_POST['PS_question']) 	? $_POST['PS_question'] : $HTTP_POST_VARS['PS_question'];
	$ps_answer 		= ($_POST['PS_answer']) 	? $_POST['PS_answer'] 	: $HTTP_POST_VARS['PS_answer'];
	if ((isset($HTTP_POST_VARS['submit'])) && ($mode == 'register') )
		phpBBSecurity_Validate($ps_question, $ps_answer, $user_id, $mode, 'pre');
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

			if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
			{
				message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
			}

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= | 
#==== Start: == phpBB Security ========================================= | 
#==== v1.0.3 =========================================================== | 
#==== 
   if ( (isset($HTTP_POST_VARS['submit'])) && ($mode == 'register') ) 
      phpBBSecurity_Validate($ps_question, $ps_answer, $user_id, $mode, 'post'); 
#==== 
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === | 
#==== End: ==== phpBB Security ========================================= |    
#======================================================================= | 

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	'USERNAME' => $username,

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====	
		'PS_TITLE'			=> $lang['PS_security_title'],
		'PS_QUESTION'		=> $lang['PS_security_question'],
		'PS_QUESTION_EXP'	=> $lang['PS_security_question_exp'],
		'PS_Q'				=> $userdata['phpBBSecurity_question'],		
		'PS_ANSWER'			=> $lang['PS_security_answer'],
		'PS_ANSWER_EXP'		=> $lang['PS_security_answer_exp'],
		'PS_A'				=> $userdata['phpBBSecurity_answer'],
		'PS_A_EXP'			=> $lang['PS_security_a_exp'],
		'PS_EXP'			=> $lang['PS_profile_explain'],
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/confirm_body.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

</form>

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

{L_VERIFY}

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/overall_footer.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

Powered by <a href="http://www.phpbb.com/"

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------
#
# If you dont want to show the people who get caught:

Protected by phpBB Security  <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br />{BLOCKED}<br />

#
# If you want to show the poeple who get caught:

<a href="login_security.php?phpBBSecurity=caught" class="copyright">Protected</a> by phpBB Security  <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br>{BLOCKED}<br>

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/profile_add_body.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	<!-- END switch_avatar_local_gallery -->
	<!-- END switch_avatar_block -->

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

	<!-- Start: phpBB Security -->
	<tr> 
	  <td class="catSides" colspan="2" height="28">&nbsp;</td>
	</tr>
	<tr> 
		<th class="thSides" colspan="2" height="12" valign="middle">{PS_TITLE}</th>
	</tr>
	<tr>
		<td align="left" class="row2" colspan="2">
			<span class="genmed">
				{PS_EXP}
			</span>
		</td>
	</tr>
	<tr>
		<td align="left" valign="bottom" class="row1">
			<span class="genmed">
				{PS_QUESTION}
			</span>
			<br>
			<span class="gensmall">
				{PS_QUESTION_EXP}
			</span>			
		</td>
		<td align="left" valign="middle" class="row2">
			<input type="text" name="PS_question" value="{PS_Q}" class="post" size="50">
		</td>		
	</tr>
	<tr>
		<td align="left" valign="bottom" class="row1">
			<span class="genmed">
				{PS_ANSWER}
			</span>
			<br>
			<span class="gensmall">
				{PS_ANSWER_EXP}
			</span>			
		</td>
		<td align="left" valign="middle" class="row2">
			<input type="text" name="PS_answer" value="{PS_A}" class="post" size="50">
			<span class="gensmall">
				{PS_A_EXP}
			</span>
		</td>		
	</tr>	
	<!-- End: phpBB Security -->

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/admin/user_edit_body.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	<tr>
	  <td class="row1" colspan="2"><span class="gensmall">{L_SPECIAL_EXPLAIN}</span></td>
	</tr>

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

<!-- Start: phpBB Security -->
	<tr>
		<td class="row1">
			<span class="gen">
				{PS_LOCK}
			</span>
			<br />
			<span class="gensmall">
				{PS_LOCK_EXP}
			</span>			
		</td>
		<td class="row2">
			<span class="gensmall">
				<input type="checkbox" name="ps_lock">  {PS_STATUS}
			</span>
		</td>
	</tr>
	<tr>
		<td class="row1">
			<span class="gen">
				{PS_RESET}
			</span>
			<br />
			<span class="gensmall">
				{PS_RESET_EXP}
			</span>			
		</td>
		<td class="row2">
			<input type="checkbox" name="ps_reset">
		</td>	
	</tr>
<!-- End: phpBB Security -->

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------


#==== Next Step: ======================= |

Configuring your admin popup login. You will need to goto http://www.earthlink.net/cgi-bin/pwgenerator.pl
and encrtpy your password. Take that & whatever username you want to use & open

rename.phpbbsecurity

In your rename.phpbbsecurity, you need to put the login info in there, in the format below

username:password

Keep in mind the password HAS TO BE encoded before you do this, or you will never be able to 
login to your admin panel.

Now that you have the rename.phpbbsecurity file done, onto the next one. Open rename.htaccess
with a text editor of some sort. Find

AuthUserFile "/home/{USERNAME}/public_html/.phpbbsecurity"

and change that to yours. The word "{USERNAME}" is what needs to be changed. Your cPanel username,
FTP username & phpMyAdmin username, is what it needs to be. After you change that line, close 
& save it. Next file, rename2.htaccess. If you already use a .htaccess in your public_html
directory, you will need to edit it. Otherwise we will use the one provided. If you already
have one, open it & add

<Files .phpbbsecurity>
  deny from all
</Files>

then close & save it.

Now that we have prepared all the files, lets put them in place. Upload rename.phpbbsecurity
and rename2.htaccess to your public_html folder. After they are uploaded, rename them.

rename2.htaccess 	: Rename to :		.htaccess
rename.phpbbsecurity	: Rename to :		.phpbbsecurity

Then upload rename.htaccess to your admin/ directory. After its uploaded, rename it.

rename.htaccess		: Rename to :		.htaccess

After you do all that, you will notice the files disappear, this is normal. That part is done.

These are CaSe SeNsItIvE, so when logging in, you need to use the same info you just stored.

#==== Next Step: ======================= |

Goto your administration panel -> .: Security :.

Setup how you want everything to work.

EoM