############################################################## 
## MOD Title:		  phpBB Security - EM Friendly
## MOD Author:		  aUsTiN => austin_inc@hotmail.com
## MOD Description:   Please read the Features.txt
## MOD Version:       1.0.3
##
## MOD Help:		  http://phpbb-tweaks.com/
## 
## Installation Level:    Easy
## Installation Time:     20 Minutes
##
## Files To Edit: 14     
## 		 		  login.php
##				  common.php
##				  modcp.php
##				  admin/admin_ug_auth.php
##				  admin/admin_users.php
##				  admin/index.php
##				  includes/functions.php
##				  includes/page_header.php
##				  includes/page_tail.php
##				  includes/usercp_register.php
##				  language/lang_english/lang_phpbb_security.php
##				  templates/subSilver/confirm_body.tpl
##				  templates/subSilver/overall_footer.tpl
##				  templates/subSilver/profile_add_body.tpl
##				  templates/subSilver/admin/user_edit_body.tpl
##
## Included Files:        12  
##
############################################################## 
## Author Notes: 
##
##	Copyright  phpBB-Amod, 2003-2006
##
##	Feel free to see it in action at http://phpbb-amod.com/
##
##	If the copyright is removed or not in place, you WILL NOT
##	receive support. Its a matter of respect to the ones who
##	take the time to give yall these scripts.
##
############################################################## 
##
## MOD History: 
## 
##	Jan 10th 2006 - Version 1.0.3
##		- Read the Docs/Features.txt
## 
##	Mar 20th 2005 - Version 1.0.2
##		- Read the Docs/Features.txt
##
##	Jan 05th 2005 - Version 1.0.1
##      	- Added chr Prevention
##      	- Added file write & file open Prevention
##      	- Recoded usercp_register edits (worked out all issues)
##		- Added Sanity Worm prevention
##		- Added pagination to the caught page
##		- Added the link they used to get banned to the caught page
##		- Highlights ips with red if they have ever posted on your site
## 
##	Dec 10th 2004 - Version 1.0.0
##      	- Beta Released
##
############################################################## 
##
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
##
##############################################################
#
#-----[ DIY INSTRUCTIONS ]---------
#
Execute the installer.php, upload it to your root directory
IE: http://yoursite.com/index.php is your site, it needs to be
http://yoursite.com/installer.php. Then point your browser to 
it & run it.

==== Next Step: ======================= |

Configuring your admin popup login. You will need to goto http://www.earthlink.net/cgi-bin/pwgenerator.pl
and encrtpy your password. Take that & whatever username you want to use & open

rename.phpbbsecurity

In your rename.phpbbsecurity, you need to put the login info in there, in the format below

username:password

Keep in mind the password HAS TO BE encoded before you do this, or you will never be able to 
login to your admin panel.

Now that you have the rename.phpbbsecurity file done, onto the next one. Open rename.htaccess
with a text editor of some sort. Find

AuthUserFile "/home/{USERNAME}/public_html/.phpbbsecurity"

and change that to yours. The word "{USERNAME}" is what needs to be changed. Your cPanel username,
FTP username & phpMyAdmin username, is what it needs to be. After you change that line, close 
& save it. Next file, rename2.htaccess. If you already use a .htaccess in your public_html
directory, you will need to edit it. Otherwise we will use the one provided. If you already
have one, open it & add

<Files .phpbbsecurity>
  deny from all
</Files>

then close & save it.

Now that we have prepared all the files, lets put them in place. Upload rename.phpbbsecurity
and rename2.htaccess to your public_html folder. After they are uploaded, rename them.

rename2.htaccess 	: Rename to :		.htaccess
rename.phpbbsecurity	: Rename to :		.phpbbsecurity

Then upload rename.htaccess to your admin/ directory. After its uploaded, rename it.

rename.htaccess		: Rename to :		.htaccess

After you do all that, you will notice the files disappear, this is normal. That part is done.

These are CaSe SeNsItIvE, so when logging in, you need to use the same info you just stored.

==== Next Step: ======================= |

Goto your administration panel -> .: Security :.

Setup how you want everything to work.

#
#-----[ COPY ]---------
#
copy root/login_security.php to login_security.php
copy root/admin/admin_security.php to admin/admin_security.php
copy root/includes/phpbb_security.php to includes/phpbb_security.php
copy root/language/lang_english/lang_phpbb_security.php to language/lang_english/lang_phpbb_security.php
copy root/templates/subSilver/*.* to templates/subSilver/*.*
copy root/templates/subSilver/admin/*.* to templates/subSilver/admin/*.*
#
#-----[ OPEN ]---------
#
common.php
#
#-------[ FIND ]-----------------------------
#
?>
#
#-----[ BEFORE, ADD ]---------
#
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_check = phpBBSecurity_Blocks();
if ($ps_check)
	phpBBSecurity_Ban(phpBBSecurity_IP(), $board_config['phpBBSecurity_auto_ban'], $ps_check);
phpBBSecurity_MaxSessions($board_config['phpBBSecurity_allowed_sessions']);
phpBBSecurity_Guests();
#
#-----[ OPEN ]---------
#
login.php
#
#-------[ FIND ]-----------------------------
#
// End session management
//
#
#-----[ AFTER, ADD ]---------
#
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
#
#-------[ FIND ]-----------------------------
#
if( $row['user_level'] != ADMIN && $board_config['board_disable']
#
#-----[ BEFORE, ADD ]---------
#
		if (md5($password) != $row['user_password'])
			phpBBSecurity_InvalidLogin($row['user_id']);								
			phpBBSecurity_CheckTries($row['user_id']);
#
#-------[ FIND ]-----------------------------
#
if( $session_id )
{
#
#-----[ AFTER, ADD ]---------
#
						phpBBSecurity_ResetTries($row['user_id']);
#
#-----[ OPEN ]---------
#
modcp.php
#
#-------[ FIND ]-----------------------------
#
message_die(GENERAL_ERROR, 'Invalid_session');
}
#
#-----[ AFTER, ADD ]---------
#
	if ( ($mode == 'delete') && ($confirm) )
		{
	$pass_one = isset($HTTP_POST_VARS['phpBBSecurity_verify']) ? $HTTP_POST_VARS['phpBBSecurity_verify'] : '';
	$pass_two = $userdata['user_password'];
		if (md5($pass_one) != $pass_two)
			message_die(GENERAL_ERROR, $lang['PS_modcp_verify_fail']);
		}
#
#-------[ FIND ]-----------------------------
#
$lang['Confirm_delete_topic'], 
#
#-----[ AFTER, ADD ]---------
#
				'L_VERIFY'	=> '<br><br><span class="genmed">'. $lang['PS_modcp_verify'] .' <input type="password" class="post" name="phpBBSecurity_verify" value=""></span>',
#
#-----[ OPEN ]---------
#
admin/admin_ug_auth.php
#
#-------[ FIND ]-----------------------------
#
$mode = htmlspecialchars($mode);
#
#-----[ AFTER, ADD ]---------
#
$owner = '2';

if (isset($HTTP_POST_VARS['submit']))
{	
	if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
		message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
}
#
#-----[ OPEN ]---------
#
admin/admin_users.php
#
#-----[ FIND ]---------
#
$html_entities_replace = array('&lt;', '&gt;');
#
#-----[ AFTER, ADD ]---------
#
$owner = '2';

if (isset($HTTP_POST_VARS['submit']))
{
   $user_id = intval($HTTP_POST_VARS['id']);
	
	if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
		message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
}
#
#-----[ FIND ]---------
#

$user_allowavatar = ( !empty
#
#-----[ AFTER, ADD ]---------
#
		include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);		
		$locked_status 	= ($_POST['ps_lock']) ? $_POST['ps_lock'] : $HTTP_POST_VARS['ps_lock'];
		$reset_status 	= ($_POST['ps_reset']) ? $_POST['ps_reset'] : $HTTP_POST_VARS['ps_reset'];
		phpBBSecurity_Admin($user_id, $locked_status, $reset_status);
#
#-----[ FIND ]---------
# This should be in the main $template->assign_vars( array, so if you have a mod that adds this
# anywhere else, make sure you put it in the right place.
#
'USERNAME' => $username,
#
#-----[ BEFORE, ADD ]---------
#
			'PS_STATUS'		=> ($this_userdata['phpBBSecurity_login_tries'] >= $board_config['phpBBSecurity_login_limit']) ? $lang['PS_user_status_l'] : $lang['PS_user_status_u'],
			'PS_RESET'		=> $lang['PS_user_reset'],
			'PS_RESET_EXP'	=> $lang['PS_user_reset_exp'],
			'PS_LOCK'		=> $lang['PS_user_lock'],
			'PS_LOCK_EXP'	=> $lang['PS_user_lock_exp'],
#
#-----[ OPEN ]---------
#
admin/index.php
#
#-----[ FIND ]---------
#
"body" => "admin/index_body.tpl")
);
#
#-----[ AFTER, ADD ]---------
#
	$secfile = @file('http://phpbb-tweaks.com/secver.txt');
	$msg = '';
	$msg .= '<table align="top" class="forumline" width="100%">';
	$msg .= '	<tr>';
	$msg .= '		<th align="center" valign="middle" class="thTop" width="100%">';
	$msg .= '			phpBB Security Status';
	$msg .= '		</th>';
	$msg .= '	</tr>';
	$msg .= '	<tr>';
	$msg .= '		<td align="left" width="100%" class="row2">';
	$msg .= '			<span class="genmed">';
	if (!$secfile)
		$msg .= 'Sorry, I was unable to get version data at this time. Please try later.';
	
	if ($secfile)
		{
	$newest_ver = $secfile[0];
	$this_ver 	= $board_config['phpBBSecurity_version'];
	
		if ($newest_ver == $this_ver)
			$msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is 
			<b>'. $this_ver .'</b>. So I would have to say you are up to date!';
		else
			$msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is 
			<b>'. $this_ver .'</b>. So I would have to say you need to upgrade ASAP!';
		}
		
	$msg .= '			</span>';
	$msg .= '		</td>';
	$msg .= '	</tr>';
	$msg .= '	<tr>';
	$msg .= '		<th align="center" valign="middle" class="thTop" width="100%">&nbsp;</th>';
	$msg .= '	</tr>';
	$msg .= '</table>';
	echo $msg;
#
#-----[ OPEN ]---------
#
includes/functions.php
#
#-----[ FIND ]---------
#
//
// Set up style
#
#-----[ BEFORE, ADD ]----------------
#
	include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
	phpBBSecurity_Elimination($board_config[phpBBSecurity_AdminConfigName()], $board_config[phpBBSecurity_ModConfigName()], $userdata['user_id']);
#
#-----[ OPEN ]---------
#
includes/page_header.php
#
#-----[ FIND ]---------
#
//
// The following assigns all _common_ variables that may be used at any point
#
#-----[ BEFORE, ADD ]---------
#
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
#
#-----[ FIND ]---------
#
$template->pparse('overall_header');
#
#-----[ AFTER, ADD ]---------
#
phpBBSecurity_FinalSet();
phpBBSecurity_DBBackup();
		
// Only allow them to login & view profile to update it
if ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
	$is_valid = TRUE;
elseif ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
	$is_valid = TRUE;
else
	$is_valid = '';
		
if ( (!$is_valid) && (!$gen_simple_header) ) 
{
	// Make sure they are not a guest
	if ($userdata['user_id'] != ANONYMOUS)
	{
		// Do the check
		if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
			phpBBSecurity_Force();
				
		if ($userdata['phpBBSecurity_force_pw_update'] != 1)
			message_die(GENERAL_ERROR, sprintf($lang['PS_pass_force'], '<a href="profile.'. $phpEx .'?mode=editprofile&amp;infrom=phpBBSecurity&amp;sid='. $userdata['session_id'] .'">', '</a>'));
	}
}
#
#-----[ OPEN ]---------
#
includes/page_tail.php
#
#-----[ FIND ]---------
#
'TRANSLATION_INFO' =>
#
#-----[ BEFORE, ADD ]---------
#
	'BLOCKED'	=> str_replace('%T%', '<b>'. number_format($board_config['phpBBSecurity_total_attempts']) .'</b>', $lang['PS_blocked_line']),
#
#-----[ OPEN ]---------
#
includes/usercp_register.php
#
#-----[ FIND ]---------
#
$unhtml_specialchars_replace = array('>', '<', '"', '&');
#
#-----[ AFTER, ADD ]-----------------
#
$in_from = (isset($HTTP_GET_VARS['infrom'])) ? $HTTP_GET_VARS['infrom'] : $HTTP_POST_VARS['infrom'];
	
if ( (isset($HTTP_POST_VARS['submit'])) && ($HTTP_POST_VARS['mode'] == 'editprofile') && ($HTTP_POST_VARS['infrom'] == 'phpBBSecurity') )
{
	if ( (empty($HTTP_POST_VARS['cur_password'])) || (empty($HTTP_POST_VARS['new_password'])) || (empty($HTTP_POST_VARS['password_confirm'])) )
		message_die(GENERAL_ERROR, $lang['PS_pass_force_error']);
	elseif ( ($userdata['user_password'] == md5($HTTP_POST_VARS['cur_password'])) && (isset($HTTP_POST_VARS['new_password'])) )
	{
		$q = "UPDATE ". USERS_TABLE ."
			  SET phpBBSecurity_force_pw_update = '1'
			  WHERE user_id = '". $userdata['user_id'] ."'";
		$db->sql_query($q);
	}
}
#
#-----[ FIND ]---------
#
if ( isset($HTTP_POST_VARS['submit']
{
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
#
#----[ AFTER, ADD ]-----------------
#
	if ($mode == 'editprofile' || $mode == 'register')
	{
		if ( ($username == $password_confirm) && (isset($board_config['phpBBSecurity_use_password_match'])) )
		{
		   $error = TRUE;
		   $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_match_error'];
		}
			
		if ( (strlen($password_confirm) < $baord_config['phpBBSecurity_password_min_length']) && (isset($board_config['phpBBSecurity_use_password_length'])) )
		{
		   $error = TRUE;
		   $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_length_error'];			
		}		
	}
#
#-----[ FIND ]---------
#
if ( !$error )
{

#
#----[ AFTER, ADD ]-----------------
#
	if ($userdata['user_password'] != $pass_check)
	{
	   $sessiondata 				= isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : array();
	   $sessiondata['autologinid'] = ($sessiondata['autologinid'] == $userdata['user_password']) ? $pass_check : '';
	   $sessiondata['userid'] 		= $userdata['user_id'];
	   $sessionmethod 				= ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? SESSION_METHOD_COOKIE : SESSION_METHOD_GET;

	   setcookie($board_config['cookie_name'] .'_data', serialize($sessiondata), (time() + 31536000), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
	   setcookie($board_config['cookie_name'] .'_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);		
	}
# 
#-----[ FIND ]--------- 
# 
$sql = "UPDATE " . USERS_TABLE . " 
# 
#-----[ BEFORE, ADD ]--------- 
# 
   include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx); 
   $ps_question    = ($_POST['PS_question'])    ? $_POST['PS_question'] : $HTTP_POST_VARS['PS_question']; 
   $ps_answer       = ($_POST['PS_answer'])    ? $_POST['PS_answer']    : $HTTP_POST_VARS['PS_answer']; 
   if ( (isset($HTTP_POST_VARS['submit'])) && ($mode == 'editprofile') ) 
      phpBBSecurity_Validate($ps_question, $ps_answer, $userdata['user_id'], $mode, ''); 
# 
#-----[ FIND ]--------- 
# 
if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION) 
{ 
message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql); 
} 
# 
#----[ BEFORE, ADD ]---------------- 
# 
   include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx); 
   $ps_question    = ($_POST['PS_question'])    ? $_POST['PS_question'] : $HTTP_POST_VARS['PS_question']; 
   $ps_answer       = ($_POST['PS_answer'])    ? $_POST['PS_answer']    : $HTTP_POST_VARS['PS_answer']; 
   if ((isset($HTTP_POST_VARS['submit'])) && ($mode == 'register') ) 
      phpBBSecurity_Validate($ps_question, $ps_answer, $user_id, $mode, 'pre'); 
# 
#----[ AFTER, ADD ]----------------- 
# 
   if ( (isset($HTTP_POST_VARS['submit'])) && ($mode == 'register') ) 
      phpBBSecurity_Validate($ps_question, $ps_answer, $user_id, $mode, 'post'); 
# 
#-----[ FIND ]--------- 
# 
$s_hidden_fields .= '<input type="hidden" name="current_email" 
# 
#----[ AFTER, ADD ]----------------- 
# 
      $s_hidden_fields .= ($in_from == 'phpBBSecurity') ? '<input type="hidden" name="infrom" value="phpBBSecurity">' : '';
#
#-----[ FIND ]---------
#
$template->assign_vars(array(
'USERNAME' =>
#
#-----[ AFTER, ADD ]---------
#
		'PS_TITLE'			=> $lang['PS_security_title'],
		'PS_QUESTION'		=> $lang['PS_security_question'],
		'PS_QUESTION_EXP'	=> $lang['PS_security_question_exp'],
		'PS_Q'				=> $userdata['phpBBSecurity_question'],		
		'PS_ANSWER'			=> $lang['PS_security_answer'],
		'PS_ANSWER_EXP'		=> $lang['PS_security_answer_exp'],
		'PS_A'				=> $userdata['phpBBSecurity_answer'],
		'PS_A_EXP'			=> $lang['PS_security_a_exp'],
		'PS_EXP'			=> $lang['PS_profile_explain'],
#
#-----[ OPEN ]---------
#
templates/subSilver/confirm_body.tpl
#
#-----[ FIND ]---------
#
</form>
#
#-----[ IN-LINE FIND ]---------
#
</form>
#
#-----[ IN-LINE BEFORE, ADD ]---------
#
{L_VERIFY}
#
#-----[ OPEN ]---------
#
templates/subSilver/overall_footer.tpl
#
#-----[ FIND ]---------
#
Powered by
#
#-----[ BEFORE, ADD ]---------
# If you dont want to show the people who get caught:
#
<div align="center"><span class="copyright">Protected by phpBB Security  <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br />{BLOCKED}</span></div>
#
# If you want to show the poeple who get caught:
#<a href="login_security.php?phpBBSecurity=caught" class="copyright">Protected</a> by phpBB Security  <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br>{BLOCKED}<br>
#
#-----[ OPEN ]---------
#
templates/subSilver/profile_add_body.tpl
#
#-----[ FIND ]---------
#
<!-- END switch_avatar_block -->
#
#-----[ AFTER, ADD ]---------
#
	<!-- Start: phpBB Security -->
	<tr> 
	  <td class="catSides" colspan="2" height="28">&nbsp;</td>
	</tr>
	<tr> 
		<th class="thSides" colspan="2" height="12" valign="middle">{PS_TITLE}</th>
	</tr>
	<tr>
		<td align="left" class="row2" colspan="2">
			<span class="genmed">
				{PS_EXP}
			</span>
		</td>
	</tr>
	<tr>
		<td align="left" valign="bottom" class="row1">
			<span class="genmed">
				{PS_QUESTION}
			</span>
			<br>
			<span class="gensmall">
				{PS_QUESTION_EXP}
			</span>			
		</td>
		<td align="left" valign="middle" class="row2">
			<input type="text" name="PS_question" value="{PS_Q}" class="post" size="50">
		</td>		
	</tr>
	<tr>
		<td align="left" valign="bottom" class="row1">
			<span class="genmed">
				{PS_ANSWER}
			</span>
			<br>
			<span class="gensmall">
				{PS_ANSWER_EXP}
			</span>			
		</td>
		<td align="left" valign="middle" class="row2">
			<input type="text" name="PS_answer" value="{PS_A}" class="post" size="50">
			<span class="gensmall">
				{PS_A_EXP}
			</span>
		</td>		
	</tr>	
	<!-- End: phpBB Security -->
#
#-----[ OPEN ]---------
#
templates/subSilver/admin/user_edit_body.tpl
#
#-----[ FIND ]---------
#
{L_SPECIAL_EXPLAIN}
</tr>
#
#-----[ AFTER, ADD ]---------
#
<!-- Start: phpBB Security -->
	<tr>
		<td class="row1">
			<span class="gen">
				{PS_LOCK}
			</span>
			<br />
			<span class="gensmall">
				{PS_LOCK_EXP}
			</span>			
		</td>
		<td class="row2">
			<span class="gensmall">
				<input type="checkbox" name="ps_lock">  {PS_STATUS}
			</span>
		</td>
	</tr>
	<tr>
		<td class="row1">
			<span class="gen">
				{PS_RESET}
			</span>
			<br />
			<span class="gensmall">
				{PS_RESET_EXP}
			</span>			
		</td>
		<td class="row2">
			<input type="checkbox" name="ps_reset">
		</td>	
	</tr>
<!-- End: phpBB Security -->
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM