-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

common.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.2 =========================================================== |
#====					
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_check = phpBBSecurity_Blocks();
	if ($ps_check)
		phpBBSecurity_Ban(phpBBSecurity_IP(), $board_config['phpBBSecurity_auto_ban'], $ps_check);
phpBBSecurity_MaxSessions($board_config['phpBBSecurity_allowed_sessions']);
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
include_once($phpbb_root_path .'includes/phpbb_security.'. $phpEx);
$ps_check = phpBBSecurity_Blocks();
	if ($ps_check)
		phpBBSecurity_Ban(phpBBSecurity_IP(), $board_config['phpBBSecurity_auto_ban'], $ps_check);
phpBBSecurity_MaxSessions($board_config['phpBBSecurity_allowed_sessions']);
phpBBSecurity_Guests();
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

modcp.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

// session id check
if ($sid == '' || $sid != $userdata['session_id'])
{
	message_die(GENERAL_ERROR, 'Invalid_session');
}

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	if ( ($mode == 'delete') && ($confirm) )
		{
	$pass_one = isset($HTTP_POST_VARS['phpBBSecurity_verify']) ? $HTTP_POST_VARS['phpBBSecurity_verify'] : '';
	$pass_two = $userdata['user_password'];
		if (md5($pass_one) != $pass_two)
			message_die(GENERAL_ERROR, $lang['PS_modcp_verify_fail']);
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |		

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

				'MESSAGE_TEXT' => $lang['Confirm_delete_topic'], 

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
				'L_VERIFY'	=> '<br><br><span class="genmed">'. $lang['PS_modcp_verify'] .' <input type="password" class="post" name="phpBBSecurity_verify" value=""></span>',
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/admin_ug_auth.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$user_id = intval($user_id);
$group_id = intval($group_id);
$adv = intval($adv);
$mode = htmlspecialchars($mode);

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
$owner = '2';

	if (isset($HTTP_POST_VARS['submit']))
		{	
		if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
			message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/admin_users.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$html_entities_match = array('#<#', '#>#');
$html_entities_replace = array('&lt;', '&gt;');

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====					
$owner = '2';

	if (isset($HTTP_POST_VARS['submit']))
		{
	$user_id = intval($HTTP_POST_VARS['id']);
	
		if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
			message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

admin/index.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	$template->set_filenames(array(
		"body" => "admin/index_body.tpl")
	);

-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====		
	$secfile = @file('http://phpbb-tweaks.com/secver.txt');
	$msg = '';
	$msg .= '<table align="top" class="forumline" width="100%">';
	$msg .= '	<tr>';
	$msg .= '		<th align="center" valign="middle" class="thTop" width="100%">';
	$msg .= '			phpBB Security Status';
	$msg .= '		</th>';
	$msg .= '	</tr>';
	$msg .= '	<tr>';
	$msg .= '		<td align="left" width="100%" class="row2">';
	$msg .= '			<span class="genmed">';
	if (!$secfile)
		$msg .= 'Sorry, I was unable to get version data at this time. Please try later.';
	
	if ($secfile)
		{
	$newest_ver = $secfile[0];
	$this_ver 	= $board_config['phpBBSecurity_version'];
	
		if ($newest_ver == $this_ver)
			$msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is 
			<b>'. $this_ver .'</b>. So I would have to say you are up to date!';
		else
			$msg .= 'The newest release is <b>'. $newest_ver .'</b>. The version you are using is 
			<b>'. $this_ver .'</b>. So I would have to say you need to upgrade ASAP!';
		}
		
	$msg .= '			</span>';
	$msg .= '		</td>';
	$msg .= '	</tr>';
	$msg .= '	<tr>';
	$msg .= '		<th align="center" valign="middle" class="thTop" width="100%">&nbsp;</th>';
	$msg .= '	</tr>';
	$msg .= '</table>';
	echo $msg;
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/page_header.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.2 =========================================================== |
#====

	phpBBSecurity_Cookies();
	phpBBSecurity_FinalSet();
	phpBBSecurity_DBBackup();
						
	# Only allow them to login & view profile to update it
	if ($_SERVER['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
		$is_valid = TRUE;
	elseif ($_SERVER['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
		$is_valid = TRUE;
	else
		$is_valid = '';
		
	if ( (!$is_valid) && (!$gen_simple_header) ) 
		{
		# Make sure they are not a guest
		if ($userdata['user_id'] != ANONYMOUS)
			{
			# Do the check
			if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
				phpBBSecurity_Force();
			}
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	phpBBSecurity_FinalSet();
	phpBBSecurity_DBBackup();
		
	# Only allow them to login & view profile to update it
	if ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
		$is_valid = TRUE;
	elseif ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
		$is_valid = TRUE;
	else
		$is_valid = '';
		
	if ( (!$is_valid) && (!$gen_simple_header) ) 
		{
		# Make sure they are not a guest
		if ($userdata['user_id'] != ANONYMOUS)
			{
			# Do the check
			if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
				phpBBSecurity_Force();
				
			if ($userdata['phpBBSecurity_force_pw_update'] != 1)
				message_die(GENERAL_ERROR, sprintf($lang['PS_pass_force'], '<a href="profile.'. $phpEx .'?mode=editprofile&amp;infrom=phpBBSecurity&amp;sid='. $userdata['session_id'] .'">', '</a>'));
			}
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

includes/usercp_register.php

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
$in_from = (isset($HTTP_GET_VARS['infrom'])) ? $HTTP_GET_VARS['infrom'] : $HTTP_POST_VARS['infrom'];
	
	if ( (isset($HTTP_POST_VARS['submit'])) && ($HTTP_POST_VARS['mode'] == 'editprofile') && ($HTTP_POST_VARS['infrom'] == 'phpBBSecurity') )
		{
		if ( (empty($HTTP_POST_VARS['cur_password'])) || (empty($HTTP_POST_VARS['new_password'])) || (empty($HTTP_POST_VARS['password_confirm'])) )
			message_die(GENERAL_ERROR, $lang['PS_pass_force_error']);
		elseif ( ($userdata['user_password'] == md5($HTTP_POST_VARS['cur_password'])) && (isset($HTTP_POST_VARS['new_password'])) )
			{
		$q = "UPDATE ". USERS_TABLE ."
			  SET phpBBSecurity_force_pw_update = '1'
			  WHERE user_id = '". $userdata['user_id'] ."'";
		$db->sql_query($q);
			}
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

//
// Did the user submit? In this case build a query to update the users profile in the DB
//
if ( isset($HTTP_POST_VARS['submit']) )
{
	include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	if ($mode == 'editprofile' || $mode == 'register')
		{
		if ( ($username == $password_confirm) && (isset($board_config['phpBBSecurity_use_password_match'])) )
			{
		$error = TRUE;
		$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_match_error'];
			}
			
		if ( (strlen($password_confirm) < $baord_config['phpBBSecurity_password_min_length']) && (isset($board_config['phpBBSecurity_use_password_length'])) )
			{
		$error = TRUE;
		$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['PS_pass_length_error'];			
			}		
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

	if ( !$error )
	{

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
	if ($userdata['user_password'] != $pass_check)
		{
	$sessiondata 				= isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : array();
	$sessiondata['autologinid'] = ($sessiondata['autologinid'] == $userdata['user_password']) ? $pass_check : '';
	$sessiondata['userid'] 		= $userdata['user_id'];
	$sessionmethod 				= ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? SESSION_METHOD_COOKIE : SESSION_METHOD_GET;
						
	setcookie($board_config['cookie_name'] .'_data', serialize($sessiondata), (time() + 31536000), $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
	setcookie($board_config['cookie_name'] .'_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);		
		}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

$s_hidden_fields .= '<input type="hidden" name="current_email" value="' . $userdata['user_email'] . '" />';

-----------------------------------
----[ AFTER, ADD ]-----------------
-----------------------------------

#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
		$s_hidden_fields .= ($in_from == 'phpBBSecurity') ? '<input type="hidden" name="infrom" value="phpBBSecurity">' : '';
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |	
#======================================================================= |

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/confirm_body.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

</form>

-----------------------------------
----[ ADD, BEFORE ]----------------
-----------------------------------

{L_VERIFY}

-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

-----------------------------------
----[ OPEN ]-----------------------
-----------------------------------

templates/*/overall_footer.tpl

-----------------------------------
----[ FIND ]-----------------------
-----------------------------------

#
# If you dont want to show the people who get caught:

Protected by phpBB Security  <a href="http://phpbb-amod.com" class="copyright" target="_blank">phpBB-Amod</a><br />{BLOCKED}<br />

#
# If you want to show the poeple who get caught:

<a href="login_security.php?phpBBSecurity=caught" class="copyright">Protected</a> by phpBB Security  <a href="http://phpbb-amod.com" class="copyright" target="_blank">phpBB-Amod</a><br>{BLOCKED}<br>

-----------------------------------
----[ REPLACE WITH ]---------------
-----------------------------------

#
# If you dont want to show the people who get caught:

Protected by phpBB Security  <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br />{BLOCKED}<br />

#
# If you want to show the poeple who get caught:

<a href="login_security.php?phpBBSecurity=caught" class="copyright">Protected</a> by phpBB Security  <a href="http://phpbb-tweaks.com" class="copyright" target="_blank">phpBB-TweakS</a><br>{BLOCKED}<br>


-----------------------------------
----[ CLOSE & SAVE ]---------------
-----------------------------------

#==== End of file changes

BEFORE YOU OVERWRITE phpbb_security.php, make sure you change

	function phpBBSecurity_AdminConfigName()
		{
		return 'phpBBSecurity_max_admins';
		}
		
	function phpBBSecurity_ModConfigName()
		{
		return 'phpBBSecurity_max_mods';
		}
		
	function phpBBSecurity_UseSpecial()
		{
		return 'phpBBSecurity_use_max';
		}

to the correct names. These 3 need to be changed to what you currently have in your phpbb_security
file. If you dont change these in the new phpbb_security file before you overwrite it, you could
have problems saving some of the fields in the ACP.

#==== UPLOAD & OVERWRITE IF NEEDED

login_security.php			=>	Root/
admin/admin_security.php		=>	Root/admin/
includes/phpbb_security.php		=>	Root/includes/
language/lang_*/lang_phpbb_security.php	=>	Root/language/lang_*/
templates/subSilver/*			=>	Root/templates/*/
templates/subSilver/admin/*		=>	Root/templates/*/admin/

#==== UPGRADE FILES

Upload ps_upgrade.php to your root folder & execute it via browser. 
	IE: http://your-site.com/ps_upgrade.php

Delete ps_upgrade.php from your root folder!


#====
EoM