9 files changed, 232 insertions, 89 deletions
diff --git a/phpBB/common.php b/phpBB/common.php
index 1c2668e750..1e319901aa 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -72,11 +72,4 @@ else
 
 include('language/lang_'.$default_lang.'.'.$phpEx);
 
-//
-// Initialise session stuff 
-// See file for more details ...
-//
-
-$userdata = session_pagestart($db, $user_ip, $session_length);
-
 ?>
diff --git a/phpBB/functions/functions.php b/phpBB/functions/functions.php
index cc387ecde0..6345630813 100644
--- a/phpBB/functions/functions.php
+++ b/phpBB/functions/functions.php
@@ -178,6 +178,101 @@ function theme_select($default, $db)
 	return($theme_select);
 }
 
+//
+// Initialise user settings on page load
+//
+function init_userprefs($userdata)
+{
+
+	global $override_user_theme;
+	global $bgcolor, $table_bgcolor, $textcolor, $category_title, $table_header;
+	global $color1, $color2, $header_image, $newtopic_image;
+	global $reply_locked_image, $reply_image, $linkcolor, $vlinkcolor;
+	global $default_lang, $date_format, $sys_timezone;
+
+	if(!$override_user_theme)
+	{
+		if($userdata['user_id'] != ANONYMOUS || $userdata['user_id'] != DELETED)
+		{
+			$theme = setuptheme($userdata["user_theme"]);
+		}
+		else
+		{
+			$theme = setuptheme($default_theme);
+		}
+	}
+	else
+	{
+		$theme = setuptheme($override_user_theme);
+	}
+	if($theme) 
+	{
+		$bgcolor = $theme["bgcolor"];
+		$table_bgcolor = $theme["table_bgcolor"];
+		$textcolor = $theme["textcolor"];
+		$category_title = $theme["category_title"];
+		$table_header = $theme["table_header"];
+		$color1 = $theme["color1"];
+		$color2 = $theme["color2"];
+		$header_image = $theme["header_image"];
+		$newtopic_image = $theme["newtopic_image"];
+		$reply_locked_image = $theme["reply_locked_image"];
+		$reply_image = $theme["reply_image"];
+		$linkcolor = $theme["linkcolor"];
+		$vlinkcolor = $theme["vlinkcolor"];
+	}
+	if($userdata["user_lang"] != "")
+	{
+		$default_lang = $userdata["user_lang"];
+	}
+	if($userdata["user_dateformat"] != "")
+	{
+		$date_format = $userdata["user_dateformat"];
+	}
+	if($userdata["user_timezone"])
+	{
+		$sys_timezone = $userdata["user_timezone"];
+	}
+
+	// Include the appropriate language file ... if it exists.
+	if(!strstr($PHP_SELF, "admin"))
+	{
+		if(file_exists('language/lang_'.$default_lang.'.'.$phpEx))
+		{
+			include('language/lang_'.$default_lang.'.'.$phpEx);
+		}
+	}
+	else
+	{
+		if(strstr($PHP_SELF, "topicadmin"))
+		{
+			include('language/lang_'.$default_lang.'.'.$phpEx);
+		}
+		else
+		{
+			include('../language/lang_'.$default_lang.'.'.$phpEx);
+		}
+	}
+
+	return;
+
+}
+function setuptheme($theme)
+{
+	global $db;
+
+	$sql = "SELECT * 
+		FROM ".THEMES_TABLE." 
+		WHERE theme_id = '$theme'";
+	if(!$result = $db->sql_query($sql))
+		return(0);
+
+	if(!$myrow = $db->sql_fetchrow($result))
+		return(0);
+
+	return($myrow);
+}
+
 function tz_select($default)
 {
 	global $board_tz;
diff --git a/phpBB/functions/sessions.php b/phpBB/functions/sessions.php
index 934f3e725f..01b5e8b7be 100644
--- a/phpBB/functions/sessions.php
+++ b/phpBB/functions/sessions.php
@@ -27,9 +27,10 @@
 // Adds/updates a new session to the database for the given userid.
 // Returns the new session ID on success.
 //
-function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $password = "") 
+function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $password = "") 
 {
 
+	global $db;
 	global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
 	global $HTTP_COOKIE_VARS;
 
@@ -37,52 +38,79 @@ function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $pa
 	$expiry_time = $current_time - $session_length;
 	$int_ip = encode_ip($user_ip);
 
-	if($user_id == ANONYMOUS)
+	//
+	// Initial ban check against IP and userid
+	//
+	$sql = "SELECT ban_ip, ban_userid
+		FROM ".BANLIST_TABLE."
+		WHERE (ban_ip = '$int_ip' OR ban_userid = '$user_id')
+			AND (ban_start < $current_time AND ban_end > $current_time )";
+	$result = $db->sql_query($sql);
+	if (!$result) 
 	{
-		$login = 0;
+		error_die(QUERY_ERROR, "Couldn't obtain ban information.", __LINE__, __FILE__);
 	}
-	
-	$sql = "UPDATE ".SESSIONS_TABLE."
-		SET session_user_id = $user_id, session_time = $current_time, session_logged_in = $login
-		WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].")
-			AND (session_ip = $int_ip)";
-	$result = $db->sql_query($sql);
-	if(!$result || !$db->sql_affectedrows())
+	$ban_info = $db->sql_fetchrow($result);
+
+	//
+	// Check for user and ip ban ...
+	// 
+	if($ban_info['ban_ip'] || $ban_info['ban_userid'])
+	{
+		error_die(AUTH_BANNED);
+	}
+	else
 	{
-		mt_srand( (double) microtime() * 1000000);
-		$session_id = mt_rand();
+		if($user_id == ANONYMOUS)
+		{
+			$login = 0;
+		}
+	
+		$sql = "UPDATE ".SESSIONS_TABLE."
+			SET session_user_id = $user_id, session_time = $current_time, session_page = $page_id, session_logged_in = $login
+			WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].")
+				AND (session_ip = '$int_ip')";
 	
-		$sql = "INSERT INTO ".SESSIONS_TABLE."
-				(session_id, session_user_id, session_time, session_ip, session_logged_in)
-				VALUES
-				($session_id, $user_id, $current_time, $int_ip, $login)";
 		$result = $db->sql_query($sql);
-		if(!$result)
+
+		if(!$result || !$db->sql_affectedrows())
 		{
-			if(DEBUG)
-			{
-				error_die($db, GENERAL_ERROR, "Error creating new session : session_pagestart");
-			}
-			else
+			mt_srand( (double) microtime() * 1000000);
+			$session_id = mt_rand();
+	
+			$sql = "INSERT INTO ".SESSIONS_TABLE."
+					(session_id, session_user_id, session_time, session_ip, session_page, session_logged_in)
+					VALUES
+					($session_id, $user_id, $current_time, '$int_ip', $page_id, $login)";
+			$result = $db->sql_query($sql);
+			if(!$result)
 			{
-				error_die($db, SESSION_CREATE);
+				if(DEBUG)
+				{
+					error_die($db, GENERAL_ERROR, "Error creating new session : session_begin");
+				}
+				else
+				{
+					error_die($db, SESSION_CREATE);
+				}
 			}
+
+			setcookie($cookiename."[sessionid]", $session_id, $session_length);
+		}
+		else
+		{
+			$session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid'];
 		}
 
-		setcookie($cookiename."[sessionid]", $session_id, $session_length, "", "", "");
-	}
-	else
-	{
-		$session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid'];
-	}
+		if(!empty($password) && AUTOLOGON)
+		{
+			setcookie($cookiename."[useridref]", $password, $cookielife);
+		}
+		setcookie($cookiename."[userid]", $user_id, $cookielife);
+		setcookie($cookiename."[sessionstart]", $current_time, $cookielife);
+		setcookie($cookiename."[sessiontime]", $current_time, $session_length);
 
-	if(!empty($password) && AUTOLOGON)
-	{
-		setcookie($cookiename."[useridref]", $password, $cookielife, "", "", "");
 	}
-	setcookie($cookiename."[userid]", $user_id, $cookielife, "", "", "");
-	setcookie($cookiename."[sessionstart]", $current_time, $cookielife, "", "", "");
-	setcookie($cookiename."[sessiontime]", $current_time, $session_length, "", "", "");
 
 	return $session_id;
    
@@ -93,14 +121,13 @@ function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $pa
 // Checks for a given user session, tidies session
 // table and updates user sessions at each page refresh
 //
-function session_pagestart($db, $user_ip, $session_length)
+function session_pagestart($user_ip, $thispage_id, $session_length)
 {
-
+	global $db;
 	global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
 	global $HTTP_COOKIE_VARS;
 
 	unset($userdata);
-
 	$current_time = time();
 	$int_ip = encode_ip($user_ip);
 
@@ -132,9 +159,9 @@ function session_pagestart($db, $user_ip, $session_length)
 		$userid = $HTTP_COOKIE_VARS[$cookiename]['userid'];
 		$sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid
 			FROM ".USERS_TABLE." u
-			LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = $int_ip OR b.ban_userid = u.user_id)
+			LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = '$int_ip' OR b.ban_userid = u.user_id)
 				AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) )
-			LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id  AND s.session_ip = $int_ip )
+			LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id  AND s.session_ip = '$int_ip' )
 			WHERE u.user_id = $userid";
 		$result = $db->sql_query($sql);
 		if (!$result) 
@@ -180,9 +207,9 @@ function session_pagestart($db, $user_ip, $session_length)
 				{
 
 					$sql = "UPDATE ".SESSIONS_TABLE."
-						SET session_time = '$current_time'
+						SET session_time = '$current_time', session_page = '$thispage_id'
 						WHERE (session_id = ".$userdata['session_id'].")
-							AND (session_ip = $int_ip)
+							AND (session_ip = '$int_ip')
 							AND (session_user_id = ".$userdata['user_id'].")";
 					$result = $db->sql_query($sql);
 					if(!$result)
@@ -202,7 +229,7 @@ function session_pagestart($db, $user_ip, $session_length)
 						// Update was success, send current time to cookie
 						// and return userdata
 						//
-						setcookie($cookiename."[sessiontime]", $current_time, $session_length, "", "", "");
+						setcookie($cookiename."[sessiontime]", $current_time, $session_length);
 
 						return $userdata;
 					} // if (affectedrows)
@@ -247,7 +274,7 @@ function session_pagestart($db, $user_ip, $session_length)
 			$password = "";
 			$userdata['session_logged_in'] = 0;
 		}
-		$result = session_begin($db, $userdata['user_id'], $user_ip, $session_length, $autologon, $password);
+		$result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $autologon, $password);
 		if(!$result)
 		{
 			if(DEBUG)
@@ -266,53 +293,21 @@ function session_pagestart($db, $user_ip, $session_length)
 
 		//
 		// No userid cookie exists so we'll
-		// check for an IP ban and set up
-		// a new anonymous session
+		// set up a new anonymous session
 		//
-		$int_ip = encode_ip($user_ip);
-		$sql = "SELECT ban_ip
-			FROM ".BANLIST_TABLE."
-			WHERE ban_ip = $int_ip";
-		$result = $db->sql_query($sql);
-		if (!$result) 
+		$result = session_begin(ANONYMOUS, $user_ip, $thispage_id, $session_length, 0);
+		if(!$result)
 		{
 			if(DEBUG)
 			{
-				error_die($db, GENERAL_ERROR, "Error doing DB query non-userid ban_ip row fetch : session_pagestart");
+				error_die($db, GENERAL_ERROR, "Error creating anonymous session : session_pagestart");
 			}
 			else
 			{
 				error_die($db, SESSION_CREATE);
 			}
 		}
-		$banned_ip = $db->sql_fetchrow($result);
-
-		//
-		// Check for user and ip ban ...
-		// 
-		if($banned_ip['ban_ip'])
-		{
-			error_die($db, BANNED);
-		}
-		else
-		{
-
-			$result = session_begin($db, ANONYMOUS, $user_ip, $session_length);
-			if(!$result)
-			{
-				if(DEBUG)
-				{
-					error_die($db, GENERAL_ERROR, "Error creating anonymous session : session_pagestart");
-				}
-				else
-				{
-					error_die($db, SESSION_CREATE);
-				}
-			}
-			$userdata['session_logged_in'] = 0;
-
-		}
-
+		$userdata['session_logged_in'] = 0;
 	}
 
 	return $userdata;
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 1c51163eb4..f0644b04e9 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -72,6 +72,16 @@ define(POST_USERS_URL, 'u');
 // Session parameters
 define(AUTOLOGON, 0);
 
+// Page numbers for session handling
+define(PAGE_INDEX, 0);
+define(PAGE_LOGIN, -1);
+define(PAGE_SEARCH, -2);
+define(PAGE_REGISTER, -3);
+define(PAGE_PROFILE, -4);
+define(PAGE_VIEWONLINE, -6);
+define(PAGE_VIEWMEMBERS, -7);
+define(PAGE_FAQ, -8);
+
 define('BANLIST_TABLE', $table_prefix.'banlist');
 define('CATEGORIES_TABLE', $table_prefix.'categories');
 define('CONFIG_TABLE', $table_prefix.'config');
diff --git a/phpBB/index.php b/phpBB/index.php
index 3479835749..b8cea3e80c 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -27,6 +27,15 @@ include('common.'.$phpEx);
 $pagetype = "index";
 $page_title = "Forum Index";
 
+//
+// Start session management
+//
+$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
+init_userprefs($userdata);
+//
+// End session management
+//
+
 $total_posts = get_db_stat($db, 'postcount');
 $total_users = get_db_stat($db, 'usercount');
 $newest_userdata = get_db_stat($db, 'newestuser');
diff --git a/phpBB/login.php b/phpBB/login.php
index 1c8d4207c6..789a9f8e04 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -45,7 +45,7 @@ if(isset($HTTP_POST_VARS['submit']) || isset($HTTP_GET_VARS['submit']))
 		{
 			if(md5($password) == $rowresult["user_password"])
 			{
-				$session_id = session_begin($db, $rowresult["user_id"], $user_ip, $session_length, 1, $rowresult["user_password"]);
+				$session_id = session_begin($rowresult["user_id"], $user_ip, PAGE_INDEX, $session_length, 1, $rowresult["user_password"]);
 				if($session_id)
 				{
 					header("Location: index.$phpEx");
diff --git a/phpBB/profile.php b/phpBB/profile.php
index ea8fa05285..0fea4b54a2 100644
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -25,6 +25,15 @@
 include('extension.inc');
 include('common.'.$phpEx);
 
+//
+// Start session management
+//
+$userdata = session_pagestart($user_ip, PAGE_PROFILE, $session_length);
+init_userprefs($userdata);
+//
+// End session management
+//
+
 switch($mode)
 {
 	case 'viewprofile':
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index b631cc8d55..9f8043c561 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -23,9 +23,31 @@
 include('extension.inc');
 include('common.'.$phpEx);
 
+//
+// Obtain which forum id is required
+//
+if(!isset($HTTP_GET_VARS['forum']) && !isset($HTTP_POST_VARS['forum']))  // For backward compatibility
+{
+	$forum_id = ($HTTP_GET_VARS[POST_FORUM_URL]) ? $HTTP_GET_VARS[POST_FORUM_URL] : $HTTP_POST_VARS[POST_FORUM_URL];
+}
+else
+{
+	$forum_id = ($HTTP_GET_VARS['forum']) ? $HTTP_GET_VARS['forum'] : $HTTP_POST_VARS['forum'];
+}
+
 $pagetype = "viewforum";
 $page_title = "View Forum - $forum_name";
 
+//
+// Start session management
+//
+$userdata = session_pagestart($user_ip, $forum_id, $session_length);
+init_userprefs($userdata);
+//
+// End session management
+//
+
+
 // Check if the user has acutally sent a forum ID with his/her request
 // If not give them a nice error page.
 if(isset($forum_id))
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index a88bb6b215..36b85407d9 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -60,6 +60,16 @@ $forum_row = $db->sql_fetchrowset($result);
 $topic_title = $forum_row[0]["topic_title"];
 $forum_id = $forum_row[0]["forum_id"];
 $forum_name = stripslashes($forum_row[0]["forum_name"]);
+
+//
+// Start session management
+//
+$userdata = session_pagestart($user_ip, $forum_id, $session_length);
+init_userprefs($userdata);
+//
+// End session management
+//
+
 for($x = 0; $x < $total_rows; $x++)
 {
 	$moderators[] = array("user_id" => $forum_row[$x]["user_id"],