15 files changed, 522 insertions, 227 deletions
diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php
index 81676e75fc..fc7cc1a0b1 100644
--- a/phpBB/phpbb/auth/auth.php
+++ b/phpBB/phpbb/auth/auth.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package phpBB3
-* @copyright (c) 2005 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,7 +15,6 @@ namespace phpbb\auth;
 
 /**
 * Permission/Auth class
-* @package phpBB3
 */
 class auth
 {
@@ -205,9 +208,12 @@ class auth
 
 	/**
 	* Get forums with the specified permission setting
-	* if the option is prefixed with !, then the result becomes negated
 	*
-	* @param bool $clean set to true if only values needs to be returned which are set/unset
+	* @param string $opt The permission name to lookup. If prefixed with !, the result is negated.
+	* @param bool	$clean set to true if only values needs to be returned which are set/unset
+	*
+	* @return array Contains the forum ids with the specified permission set to true.
+					This is a nested array: array => forum_id => permission => true
 	*/
 	function acl_getf($opt, $clean = false)
 	{
@@ -921,11 +927,13 @@ class auth
 	*/
 	function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
 	{
-		global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;
+		global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;
+		global $phpbb_dispatcher;
 
-		$method = trim(basename($config['auth_method']));
+		/* @var $provider_collection \phpbb\auth\provider_collection */
+		$provider_collection = $phpbb_container->get('auth.provider_collection');
 
-		$provider = $phpbb_container->get('auth.provider.' . $method);
+		$provider = $provider_collection->get_provider();
 		if ($provider)
 		{
 			$login = $provider->login($username, $password);
@@ -976,6 +984,24 @@ class auth
 				redirect($url);
 			}
 
+			/**
+			 * Event is triggered after checking for valid username and password, and before the actual session creation.
+			 *
+			 * @event core.auth_login_session_create_before
+			 * @var	array	login				Variable containing login array
+			 * @var	bool	admin				Boolean variable whether user is logging into the ACP
+			 * @var	string	username			Username of user to log in
+			 * @var	bool	autologin			Boolean variable signaling whether login is triggered via auto login
+			 * @since 3.1.7-RC1
+			 */
+			$vars = array(
+				'login',
+				'admin',
+				'username',
+				'autologin',
+			);
+			extract($phpbb_dispatcher->trigger_event('core.auth_login_session_create_before', compact($vars)));
+
 			// If login succeeded, we will log the user in... else we pass the login array through...
 			if ($login['status'] == LOGIN_SUCCESS)
 			{
@@ -1040,7 +1066,7 @@ class auth
 		{
 			if (strpos($auth_options, '%') !== false)
 			{
-				$sql_opts = "AND $key " . $db->sql_like_expression(str_replace('%', $db->any_char, $auth_options));
+				$sql_opts = "AND $key " . $db->sql_like_expression(str_replace('%', $db->get_any_char(), $auth_options));
 			}
 			else
 			{
@@ -1071,7 +1097,7 @@ class auth
 				{
 					if (strpos($option, '%') !== false)
 					{
-						$sql[] = $key . ' ' . $db->sql_like_expression(str_replace('%', $db->any_char, $option));
+						$sql[] = $key . ' ' . $db->sql_like_expression(str_replace('%', $db->get_any_char(), $option));
 					}
 					else
 					{
diff --git a/phpBB/phpbb/auth/provider/apache.php b/phpBB/phpbb/auth/provider/apache.php
index 23cdc89829..aa5bf64335 100644
--- a/phpBB/phpbb/auth/provider/apache.php
+++ b/phpBB/phpbb/auth/provider/apache.php
@@ -1,19 +1,21 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\auth\provider;
 
 /**
- * Apache authentication provider for phpBB3
- *
- * @package auth
- */
+* Apache authentication provider for phpBB3
+*/
 class apache extends \phpbb\auth\provider\base
 {
 	/**
@@ -26,15 +28,15 @@ class apache extends \phpbb\auth\provider\base
 	/**
 	 * Apache Authentication Constructor
 	 *
-	 * @param 	\phpbb\db\driver\driver 	$db
-	 * @param 	\phpbb\config\config 		$config
-	 * @param	\phpbb\passwords\manager	$passwords_manager
-	 * @param 	\phpbb\request\request 		$request
-	 * @param 	\phpbb\user 			$user
-	 * @param 	string 				$phpbb_root_path
-	 * @param 	string 				$php_ext
+	 * @param	\phpbb\db\driver\driver_interface 	$db		Database object
+	 * @param	\phpbb\config\config 		$config		Config object
+	 * @param	\phpbb\passwords\manager	$passwords_manager		Passwords Manager object
+	 * @param	\phpbb\request\request 		$request		Request object
+	 * @param	\phpbb\user 			$user		User object
+	 * @param	string 				$phpbb_root_path		Relative path to phpBB root
+	 * @param	string 				$php_ext		PHP file extension
 	 */
-	public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
+	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
 	{
 		$this->db = $db;
 		$this->config = $config;
@@ -135,7 +137,7 @@ class apache extends \phpbb\auth\provider\base
 			return array(
 				'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
 				'error_msg'		=> false,
-				'user_row'		=> user_row_apache($php_auth_user, $php_auth_pw),
+				'user_row'		=> $this->user_row($php_auth_user, $php_auth_pw),
 			);
 		}
 
@@ -183,7 +185,7 @@ class apache extends \phpbb\auth\provider\base
 			}
 
 			// create the user if he does not exist yet
-			user_add(user_row_apache($php_auth_user, $php_auth_pw));
+			user_add($this->user_row($php_auth_user, $php_auth_pw));
 
 			$sql = 'SELECT *
 				FROM ' . USERS_TABLE . "
diff --git a/phpBB/phpbb/auth/provider/base.php b/phpBB/phpbb/auth/provider/base.php
index 78a3289356..dea27ccc25 100644
--- a/phpBB/phpbb/auth/provider/base.php
+++ b/phpBB/phpbb/auth/provider/base.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,8 +15,6 @@ namespace phpbb\auth\provider;
 
 /**
 * Base authentication provider class that all other providers should implement
-*
-* @package auth
 */
 abstract class base implements \phpbb\auth\provider\provider_interface
 {
@@ -59,7 +61,7 @@ abstract class base implements \phpbb\auth\provider\provider_interface
 	/**
 	* {@inheritdoc}
 	*/
-	public function get_auth_link_data()
+	public function get_auth_link_data($user_id = 0)
 	{
 		return;
 	}
diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php
index 6bbbc0be16..1adf85ee05 100644
--- a/phpBB/phpbb/auth/provider/db.php
+++ b/phpBB/phpbb/auth/provider/db.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,10 +15,7 @@ namespace phpbb\auth\provider;
 
 /**
  * Database authentication provider for phpBB3
- *
  * This is for authentication via the integrated user table
- *
- * @package auth
  */
 class db extends \phpbb\auth\provider\base
 {
@@ -26,17 +27,25 @@ class db extends \phpbb\auth\provider\base
 	protected $passwords_manager;
 
 	/**
+	* DI container
+	*
+	* @var \Symfony\Component\DependencyInjection\ContainerInterface
+	*/
+	protected $phpbb_container;
+
+	/**
 	 * Database Authentication Constructor
 	 *
-	 * @param	\phpbb\db\driver\driver		$db
+	 * @param	\phpbb\db\driver\driver_interface		$db
 	 * @param	\phpbb\config\config 		$config
 	 * @param	\phpbb\passwords\manager	$passwords_manager
 	 * @param	\phpbb\request\request		$request
 	 * @param	\phpbb\user			$user
+	 * @param	\Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container
 	 * @param	string				$phpbb_root_path
 	 * @param	string				$php_ext
 	 */
-	public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
+	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext)
 	{
 		$this->db = $db;
 		$this->config = $config;
@@ -45,6 +54,7 @@ class db extends \phpbb\auth\provider\base
 		$this->user = $user;
 		$this->phpbb_root_path = $phpbb_root_path;
 		$this->php_ext = $php_ext;
+		$this->phpbb_container = $phpbb_container;
 	}
 
 	/**
@@ -77,7 +87,7 @@ class db extends \phpbb\auth\provider\base
 
 		$username_clean = utf8_clean_string($username);
 
-		$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
+		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
 			WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
 		$result = $this->db->sql_query($sql);
@@ -113,7 +123,7 @@ class db extends \phpbb\auth\provider\base
 				'username_clean'		=> $username_clean,
 			);
 			$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
-			$result = $this->db->sql_query($sql);
+			$this->db->sql_query($sql);
 		}
 		else
 		{
@@ -145,13 +155,9 @@ class db extends \phpbb\auth\provider\base
 		// Every auth module is able to define what to do by itself...
 		if ($show_captcha)
 		{
-			// Visual Confirmation handling
-			if (!class_exists('phpbb_captcha_factory', false))
-			{
-				include ($this->phpbb_root_path . 'includes/captcha/captcha_factory.' . $this->php_ext);
-			}
-
-			$captcha = \phpbb_captcha_factory::get_instance($this->config['captcha_plugin']);
+			/* @var $captcha_factory \phpbb\captcha\factory */
+			$captcha_factory = $this->phpbb_container->get('captcha.factory');
+			$captcha = $captcha_factory->get_instance($this->config['captcha_plugin']);
 			$captcha->init(CONFIRM_LOGIN);
 			$vc_response = $captcha->validate($row);
 			if ($vc_response)
@@ -169,72 +175,8 @@ class db extends \phpbb\auth\provider\base
 
 		}
 
-		// If the password convert flag is set we need to convert it
-		if ($row['user_pass_convert'])
-		{
-			// enable super globals to get literal value
-			// this is needed to prevent unicode normalization
-			$super_globals_disabled = $this->request->super_globals_disabled();
-			if ($super_globals_disabled)
-			{
-				$this->request->enable_super_globals();
-			}
-
-			// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
-			$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
-			$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
-			$password_new_format = $this->request->variable('password', '', true);
-
-			if ($super_globals_disabled)
-			{
-				$this->request->disable_super_globals();
-			}
-
-			if ($password == $password_new_format)
-			{
-				if (!function_exists('utf8_to_cp1252'))
-				{
-					include($this->phpbb_root_path . 'includes/utf/data/recode_basic.' . $this->php_ext);
-				}
-
-				// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
-				// plain md5 support left in for conversions from other systems.
-				if ((strlen($row['user_password']) == 34 && ($this->passwords_manager->check(md5($password_old_format), $row['user_password']) || $this->passwords_manager->check(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])))
-					|| (strlen($row['user_password']) == 32  && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])))
-				{
-					$hash = $this->passwords_manager->hash($password_new_format);
-
-					// Update the password in the users table to the new format and remove user_pass_convert flag
-					$sql = 'UPDATE ' . USERS_TABLE . '
-						SET user_password = \'' . $this->db->sql_escape($hash) . '\',
-							user_pass_convert = 0
-						WHERE user_id = ' . $row['user_id'];
-					$this->db->sql_query($sql);
-
-					$row['user_pass_convert'] = 0;
-					$row['user_password'] = $hash;
-				}
-				else
-				{
-					// Although we weren't able to convert this password we have to
-					// increase login attempt count to make sure this cannot be exploited
-					$sql = 'UPDATE ' . USERS_TABLE . '
-						SET user_login_attempts = user_login_attempts + 1
-						WHERE user_id = ' . (int) $row['user_id'] . '
-							AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
-					$this->db->sql_query($sql);
-
-					return array(
-						'status'		=> LOGIN_ERROR_PASSWORD_CONVERT,
-						'error_msg'		=> 'LOGIN_ERROR_PASSWORD_CONVERT',
-						'user_row'		=> $row,
-					);
-				}
-			}
-		}
-
 		// Check password ...
-		if (!$row['user_pass_convert'] && $this->passwords_manager->check($password, $row['user_password']))
+		if ($this->passwords_manager->check($password, $row['user_password'], $row))
 		{
 			// Check for old password hash...
 			if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32)
@@ -243,8 +185,7 @@ class db extends \phpbb\auth\provider\base
 
 				// Update the password in the users table to the new format
 				$sql = 'UPDATE ' . USERS_TABLE . "
-					SET user_password = '" . $this->db->sql_escape($hash) . "',
-						user_pass_convert = 0
+					SET user_password = '" . $this->db->sql_escape($hash) . "'
 					WHERE user_id = {$row['user_id']}";
 				$this->db->sql_query($sql);
 
@@ -292,7 +233,7 @@ class db extends \phpbb\auth\provider\base
 		// Give status about wrong password...
 		return array(
 			'status'		=> ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
-			'error_msg'		=> ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD',
+			'error_msg'		=> 'LOGIN_ERROR_PASSWORD',
 			'user_row'		=> $row,
 		);
 	}
diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php
index e92a227e16..c48b771ab0 100644
--- a/phpBB/phpbb/auth/provider/ldap.php
+++ b/phpBB/phpbb/auth/provider/ldap.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,10 +15,7 @@ namespace phpbb\auth\provider;
 
 /**
  * Database authentication provider for phpBB3
- *
  * This is for authentication via the integrated user table
- *
- * @package auth
  */
 class ldap extends \phpbb\auth\provider\base
 {
@@ -28,12 +29,12 @@ class ldap extends \phpbb\auth\provider\base
 	/**
 	 * LDAP Authentication Constructor
 	 *
-	 * @param 	\phpbb\db\driver\driver		$db
-	 * @param 	\phpbb\config\config		$config
-	 * @param	\phpbb\passwords\manager	$passwords_manager
-	 * @param 	\phpbb\user			$user
+	 * @param	\phpbb\db\driver\driver_interface		$db		Database object
+	 * @param	\phpbb\config\config		$config		Config object
+	 * @param	\phpbb\passwords\manager	$passwords_manager		Passwords manager object
+	 * @param	\phpbb\user			$user		User object
 	 */
-	public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user)
+	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user)
 	{
 		$this->db = $db;
 		$this->config = $config;
@@ -288,7 +289,6 @@ class ldap extends \phpbb\auth\provider\base
 	/**
 	 * {@inheritdoc}
 	 */
-
 	public function acp()
 	{
 		// These are fields required in the config table
@@ -305,9 +305,9 @@ class ldap extends \phpbb\auth\provider\base
 		return array(
 			'TEMPLATE_FILE'	=> 'auth_provider_ldap.html',
 			'TEMPLATE_VARS'	=> array(
-				'AUTH_LDAP_DN'			=> $new_config['ldap_base_dn'],
+				'AUTH_LDAP_BASE_DN'		=> $new_config['ldap_base_dn'],
 				'AUTH_LDAP_EMAIL'		=> $new_config['ldap_email'],
-				'AUTH_LDAP_PASSORD'		=> $new_config['ldap_password'],
+				'AUTH_LDAP_PASSORD'		=> $new_config['ldap_password'] !== '' ? '********' : '',
 				'AUTH_LDAP_PORT'		=> $new_config['ldap_port'],
 				'AUTH_LDAP_SERVER'		=> $new_config['ldap_server'],
 				'AUTH_LDAP_UID'			=> $new_config['ldap_uid'],
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index 0128c89248..bfeac2dd32 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -1,28 +1,29 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\auth\provider\oauth;
 
 use OAuth\Common\Consumer\Credentials;
-use OAuth\Common\Http\Uri\Uri;
 
 /**
 * OAuth authentication provider for phpBB3
-*
-* @package auth
 */
 class oauth extends \phpbb\auth\provider\base
 {
 	/**
 	* Database driver
 	*
-	* @var \phpbb\db\driver\driver
+	* @var \phpbb\db\driver\driver_interface
 	*/
 	protected $db;
 
@@ -62,6 +63,13 @@ class oauth extends \phpbb\auth\provider\base
 	protected $auth_provider_oauth_token_storage_table;
 
 	/**
+	* OAuth state table
+	*
+	* @var string
+	*/
+	protected $auth_provider_oauth_state_table;
+
+	/**
 	* OAuth account association table
 	*
 	* @var string
@@ -90,6 +98,13 @@ class oauth extends \phpbb\auth\provider\base
 	protected $current_uri;
 
 	/**
+	* DI container
+	*
+	* @var \Symfony\Component\DependencyInjection\ContainerInterface
+	*/
+	protected $phpbb_container;
+
+	/**
 	* phpBB root path
 	*
 	* @var string
@@ -97,7 +112,7 @@ class oauth extends \phpbb\auth\provider\base
 	protected $phpbb_root_path;
 
 	/**
-	* PHP extenstion
+	* PHP file extension
 	*
 	* @var string
 	*/
@@ -106,19 +121,21 @@ class oauth extends \phpbb\auth\provider\base
 	/**
 	* OAuth Authentication Constructor
 	*
-	* @param	\phpbb\db\driver\driver	$db
+	* @param	\phpbb\db\driver\driver_interface	$db
 	* @param	\phpbb\config\config	$config
 	* @param	\phpbb\passwords\manager	$passwords_manager
 	* @param	\phpbb\request\request_interface	$request
 	* @param	\phpbb\user		$user
 	* @param	string			$auth_provider_oauth_token_storage_table
+	* @param	string			$auth_provider_oauth_state_table
 	* @param	string			$auth_provider_oauth_token_account_assoc
 	* @param	\phpbb\di\service_collection	$service_providers Contains \phpbb\auth\provider\oauth\service_interface
 	* @param	string			$users_table
+	* @param	\Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container
 	* @param	string			$phpbb_root_path
 	* @param	string			$php_ext
 	*/
-	public function __construct(\phpbb\db\driver\driver $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, $phpbb_root_path, $php_ext)
+	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_state_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext)
 	{
 		$this->db = $db;
 		$this->config = $config;
@@ -126,9 +143,11 @@ class oauth extends \phpbb\auth\provider\base
 		$this->request = $request;
 		$this->user = $user;
 		$this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;
+		$this->auth_provider_oauth_state_table = $auth_provider_oauth_state_table;
 		$this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;
 		$this->service_providers = $service_providers;
 		$this->users_table = $users_table;
+		$this->phpbb_container = $phpbb_container;
 		$this->phpbb_root_path = $phpbb_root_path;
 		$this->php_ext = $php_ext;
 	}
@@ -159,7 +178,7 @@ class oauth extends \phpbb\auth\provider\base
 		// Temporary workaround for only having one authentication provider available
 		if (!$this->request->is_set('oauth_service'))
 		{
-			$provider = new \phpbb\auth\provider\db($this->db, $this->config, $this->passwords_manager, $this->request, $this->user, $this->phpbb_root_path, $this->php_ext);
+			$provider = new \phpbb\auth\provider\db($this->db, $this->config, $this->passwords_manager, $this->request, $this->user, $this->phpbb_container, $this->phpbb_root_path, $this->php_ext);
 			return $provider->login($username, $password);
 		}
 
@@ -178,7 +197,7 @@ class oauth extends \phpbb\auth\provider\base
 		// Get the service credentials for the given service
 		$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
 
-		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
 		$query = 'mode=login&login=external&oauth_service=' . $service_name_original;
 		$service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope());
 
@@ -213,7 +232,7 @@ class oauth extends \phpbb\auth\provider\base
 			}
 
 			// Retrieve the user's account
-			$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
+			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
 				FROM ' . $this->users_table . '
 					WHERE user_id = ' . (int) $row['user_id'];
 			$result = $this->db->sql_query($sql);
@@ -222,7 +241,7 @@ class oauth extends \phpbb\auth\provider\base
 
 			if (!$row)
 			{
-				throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');
+				throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');
 			}
 
 			// Update token storage to store the user_id
@@ -276,9 +295,10 @@ class oauth extends \phpbb\auth\provider\base
 	* @param	array	$service_credentials	{@see \phpbb\auth\provider\oauth\oauth::get_service_credentials}
 	* @param	string	$query					The query string of the
 	*											current_uri used in redirection
-	* @param	array	$scope					The scope of the request against
+	* @param	array	$scopes					The scope of the request against
 	*											the api.
 	* @return	\OAuth\Common\Service\ServiceInterface
+	* @throws	\Exception
 	*/
 	protected function get_service($service_name, \phpbb\auth\provider\oauth\token_storage $storage, array $service_credentials, $query, array $scopes = array())
 	{
@@ -296,7 +316,7 @@ class oauth extends \phpbb\auth\provider\base
 
 		if (!$service)
 		{
-			throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED');
+			throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED');
 		}
 
 		return $service;
@@ -445,7 +465,7 @@ class oauth extends \phpbb\auth\provider\base
 	*/
 	protected function link_account_login_link(array $link_data, $service_name)
 	{
-		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
 
 		// Check for an access token, they should have one
 		if (!$storage->has_access_token_by_session($service_name))
@@ -488,7 +508,7 @@ class oauth extends \phpbb\auth\provider\base
 	*/
 	protected function link_account_auth_link(array $link_data, $service_name)
 	{
-		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
 		$query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);
 		$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
 		$scopes = $this->service_providers[$service_name]->get_auth_scope();
@@ -533,7 +553,7 @@ class oauth extends \phpbb\auth\provider\base
 	public function logout($data, $new_session)
 	{
 		// Clear all tokens belonging to the user
-		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
 		$storage->clearAllTokens();
 
 		return;
@@ -542,13 +562,13 @@ class oauth extends \phpbb\auth\provider\base
 	/**
 	* {@inheritdoc}
 	*/
-	public function get_auth_link_data()
+	public function get_auth_link_data($user_id = 0)
 	{
 		$block_vars = array();
 
 		// Get all external accounts tied to the current user
 		$data = array(
-			'user_id' => (int) $this->user->data['user_id'],
+			'user_id' => ($user_id <= 0) ? (int) $this->user->data['user_id'] : (int) $user_id,
 		);
 		$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
 			WHERE ' . $this->db->sql_build_array('SELECT', $data);
@@ -605,17 +625,18 @@ class oauth extends \phpbb\auth\provider\base
 			return 'LOGIN_LINK_MISSING_DATA';
 		}
 
+		// Remove user specified in $link_data if possible
+		$user_id = isset($link_data['user_id']) ? $link_data['user_id'] : $this->user->data['user_id'];
+
 		// Remove the link
 		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
 			WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
-				AND user_id = " . (int) $this->user->data['user_id'];
+				AND user_id = " . (int) $user_id;
 		$this->db->sql_query($sql);
 
 		// Clear all tokens belonging to the user on this servce
 		$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
-		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
 		$storage->clearToken($service_name);
-
-		return;
 	}
 }
diff --git a/phpBB/phpbb/auth/provider/oauth/service/base.php b/phpBB/phpbb/auth/provider/oauth/service/base.php
index 7a144d2f51..6adf64aa30 100644
--- a/phpBB/phpbb/auth/provider/oauth/service/base.php
+++ b/phpBB/phpbb/auth/provider/oauth/service/base.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,8 +15,6 @@ namespace phpbb\auth\provider\oauth\service;
 
 /**
 * Base OAuth abstract class that all OAuth services should implement
-*
-* @package auth
 */
 abstract class base implements \phpbb\auth\provider\oauth\service\service_interface
 {
diff --git a/phpBB/phpbb/auth/provider/oauth/service/bitly.php b/phpBB/phpbb/auth/provider/oauth/service/bitly.php
index b4050033a6..25e731a02c 100644
--- a/phpBB/phpbb/auth/provider/oauth/service/bitly.php
+++ b/phpBB/phpbb/auth/provider/oauth/service/bitly.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,8 +15,6 @@ namespace phpbb\auth\provider\oauth\service;
 
 /**
 * Bitly OAuth service
-*
-* @package auth
 */
 class bitly extends \phpbb\auth\provider\oauth\service\base
 {
diff --git a/phpBB/phpbb/auth/provider/oauth/service/exception.php b/phpBB/phpbb/auth/provider/oauth/service/exception.php
index 3bc93be01e..d3e95bef0d 100644
--- a/phpBB/phpbb/auth/provider/oauth/service/exception.php
+++ b/phpBB/phpbb/auth/provider/oauth/service/exception.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,8 +15,6 @@ namespace phpbb\auth\provider\oauth\service;
 
 /**
 * OAuth service exception class
-*
-* @package auth
 */
 class exception extends \RuntimeException
 {
diff --git a/phpBB/phpbb/auth/provider/oauth/service/facebook.php b/phpBB/phpbb/auth/provider/oauth/service/facebook.php
index 2698be8b18..bb98835e07 100644
--- a/phpBB/phpbb/auth/provider/oauth/service/facebook.php
+++ b/phpBB/phpbb/auth/provider/oauth/service/facebook.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,30 +15,28 @@ namespace phpbb\auth\provider\oauth\service;
 
 /**
 * Facebook OAuth service
-*
-* @package auth
 */
 class facebook extends base
 {
 	/**
 	* phpBB config
 	*
-	* @var phpbb\config\config
+	* @var \phpbb\config\config
 	*/
 	protected $config;
 
 	/**
 	* phpBB request
 	*
-	* @var phpbb\request\request_interface
+	* @var \phpbb\request\request_interface
 	*/
 	protected $request;
 
 	/**
 	* Constructor
 	*
-	* @param	phpbb\config\config					$config
-	* @param	phpbb\request\request_interface 	$request
+	* @param	\phpbb\config\config				$config
+	* @param	\phpbb\request\request_interface 	$request
 	*/
 	public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
 	{
diff --git a/phpBB/phpbb/auth/provider/oauth/service/google.php b/phpBB/phpbb/auth/provider/oauth/service/google.php
index 08cb025c2d..cb9f83a94f 100644
--- a/phpBB/phpbb/auth/provider/oauth/service/google.php
+++ b/phpBB/phpbb/auth/provider/oauth/service/google.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,30 +15,28 @@ namespace phpbb\auth\provider\oauth\service;
 
 /**
 * Google OAuth service
-*
-* @package auth
 */
 class google extends base
 {
 	/**
 	* phpBB config
 	*
-	* @var phpbb\config\config
+	* @var \phpbb\config\config
 	*/
 	protected $config;
 
 	/**
 	* phpBB request
 	*
-	* @var phpbb\request\request_interface
+	* @var \phpbb\request\request_interface
 	*/
 	protected $request;
 
 	/**
 	* Constructor
 	*
-	* @param	phpbb\config\config					$config
-	* @param	phpbb\request\request_interface 	$request
+	* @param	\phpbb\config\config				$config
+	* @param	\phpbb\request\request_interface 	$request
 	*/
 	public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
 	{
diff --git a/phpBB/phpbb/auth/provider/oauth/service/service_interface.php b/phpBB/phpbb/auth/provider/oauth/service/service_interface.php
index eee3a51cac..e84eb247b6 100644
--- a/phpBB/phpbb/auth/provider/oauth/service/service_interface.php
+++ b/phpBB/phpbb/auth/provider/oauth/service/service_interface.php
@@ -1,9 +1,13 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
@@ -11,8 +15,6 @@ namespace phpbb\auth\provider\oauth\service;
 
 /**
 * OAuth service interface
-*
-* @package auth
 */
 interface service_interface
 {
@@ -65,7 +67,7 @@ interface service_interface
 	/**
 	* Sets the external library service provider
 	*
-	* @param	\OAuth\Common\Service\ServiceInterface	$service
+	* @param	\OAuth\Common\Service\ServiceInterface	$service_provider
 	*/
 	public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider);
 }
diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php
index 43574288dc..e922342ef6 100644
--- a/phpBB/phpbb/auth/provider/oauth/token_storage.php
+++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php
@@ -1,32 +1,33 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\auth\provider\oauth;
 
-
 use OAuth\OAuth1\Token\StdOAuth1Token;
 use OAuth\Common\Token\TokenInterface;
 use OAuth\Common\Storage\TokenStorageInterface;
-use OAuth\Common\Storage\Exception\StorageException;
 use OAuth\Common\Storage\Exception\TokenNotFoundException;
+use OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException;
 
 /**
 * OAuth storage wrapper for phpbb's cache
-*
-* @package auth
 */
 class token_storage implements TokenStorageInterface
 {
 	/**
 	* Cache driver.
 	*
-	* @var \phpbb\db\driver\driver
+	* @var \phpbb\db\driver\driver_interface
 	*/
 	protected $db;
 
@@ -42,7 +43,14 @@ class token_storage implements TokenStorageInterface
 	*
 	* @var string
 	*/
-	protected $auth_provider_oauth_table;
+	protected $oauth_token_table;
+
+	/**
+	* OAuth state table
+	*
+	* @var string
+	*/
+	protected $oauth_state_table;
 
 	/**
 	* @var object|TokenInterface
@@ -50,17 +58,24 @@ class token_storage implements TokenStorageInterface
 	protected $cachedToken;
 
 	/**
+	* @var string
+	*/
+	protected $cachedState;
+
+	/**
 	* Creates token storage for phpBB.
 	*
-	* @param	\phpbb\db\driver\driver	$db
+	* @param	\phpbb\db\driver\driver_interface	$db
 	* @param	\phpbb\user		$user
-	* @param	string			$auth_provider_oauth_table
+	* @param	string			$oauth_token_table
+	* @param	string			$oauth_state_table
 	*/
-	public function __construct(\phpbb\db\driver\driver $db, \phpbb\user $user, $auth_provider_oauth_table)
+	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $oauth_token_table, $oauth_state_table)
 	{
 		$this->db = $db;
 		$this->user = $user;
-		$this->auth_provider_oauth_table = $auth_provider_oauth_table;
+		$this->oauth_token_table = $oauth_token_table;
+		$this->oauth_state_table = $oauth_state_table;
 	}
 
 	/**
@@ -104,9 +119,11 @@ class token_storage implements TokenStorageInterface
 			'session_id'	=> $this->user->data['session_id'],
 		);
 
-		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . '
+		$sql = 'INSERT INTO ' . $this->oauth_token_table . '
 			' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
+
+		return $this;
 	}
 
 	/**
@@ -116,7 +133,8 @@ class token_storage implements TokenStorageInterface
 	{
 		$service = $this->get_service_name_for_db($service);
 
-		if ($this->cachedToken) {
+		if ($this->cachedToken)
+		{
 			return true;
 		}
 
@@ -142,7 +160,7 @@ class token_storage implements TokenStorageInterface
 
 		$this->cachedToken = null;
 
-		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
+		$sql = 'DELETE FROM ' . $this->oauth_token_table . '
 			WHERE user_id = ' . (int) $this->user->data['user_id'] . "
 				AND provider = '" . $this->db->sql_escape($service) . "'";
 
@@ -152,6 +170,8 @@ class token_storage implements TokenStorageInterface
 		}
 
 		$this->db->sql_query($sql);
+
+		return $this;
 	}
 
 	/**
@@ -161,7 +181,7 @@ class token_storage implements TokenStorageInterface
 	{
 		$this->cachedToken = null;
 
-		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
+		$sql = 'DELETE FROM ' . $this->oauth_token_table . '
 			WHERE user_id = ' . (int) $this->user->data['user_id'];
 
 		if ((int) $this->user->data['user_id'] === ANONYMOUS)
@@ -170,6 +190,124 @@ class token_storage implements TokenStorageInterface
 		}
 
 		$this->db->sql_query($sql);
+
+		return $this;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function storeAuthorizationState($service, $state)
+	{
+		$service = $this->get_service_name_for_db($service);
+
+		$this->cachedState = $state;
+
+		$data = array(
+			'user_id'		=> (int) $this->user->data['user_id'],
+			'provider'		=> $service,
+			'oauth_state'	=> $state,
+			'session_id'	=> $this->user->data['session_id'],
+		);
+
+		$sql = 'INSERT INTO ' . $this->oauth_state_table . '
+			' . $this->db->sql_build_array('INSERT', $data);
+		$this->db->sql_query($sql);
+
+		return $this;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function hasAuthorizationState($service)
+	{
+		$service = $this->get_service_name_for_db($service);
+
+		if ($this->cachedState)
+		{
+			return true;
+		}
+
+		$data = array(
+			'user_id'	=> (int) $this->user->data['user_id'],
+			'provider'	=> $service,
+		);
+
+		if ((int) $this->user->data['user_id'] === ANONYMOUS)
+		{
+			$data['session_id']	= $this->user->data['session_id'];
+		}
+
+		return (bool) $this->get_state_row($data);
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function retrieveAuthorizationState($service)
+	{
+		$service = $this->get_service_name_for_db($service);
+
+		if ($this->cachedState)
+		{
+			return $this->cachedState;
+		}
+
+		$data = array(
+			'user_id'	=> (int) $this->user->data['user_id'],
+			'provider'	=> $service,
+		);
+
+		if ((int) $this->user->data['user_id'] === ANONYMOUS)
+		{
+			$data['session_id']	= $this->user->data['session_id'];
+		}
+
+		return $this->get_state_row($data);
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function clearAuthorizationState($service)
+	{
+		$service = $this->get_service_name_for_db($service);
+
+		$this->cachedState = null;
+
+		$sql = 'DELETE FROM ' . $this->oauth_state_table . '
+			WHERE user_id = ' . (int) $this->user->data['user_id'] . "
+				AND provider = '" . $this->db->sql_escape($service) . "'";
+
+		if ((int) $this->user->data['user_id'] === ANONYMOUS)
+		{
+			$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
+		}
+
+		$this->db->sql_query($sql);
+
+		return $this;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function clearAllAuthorizationStates()
+	{
+		$this->cachedState = null;
+
+		$sql = 'DELETE FROM ' . $this->oauth_state_table . '
+			WHERE user_id = ' . (int) $this->user->data['user_id'];
+
+		if ((int) $this->user->data['user_id'] === ANONYMOUS)
+		{
+			$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
+		}
+
+		$this->db->sql_query($sql);
+
+		return $this;
 	}
 
 	/**
@@ -184,7 +322,7 @@ class token_storage implements TokenStorageInterface
 			return;
 		}
 
-		$sql = 'UPDATE ' . $this->auth_provider_oauth_table . '
+		$sql = 'UPDATE ' . $this->oauth_token_table . '
 			SET ' . $this->db->sql_build_array('UPDATE', array(
 					'user_id' => (int) $user_id
 				)) . '
@@ -196,6 +334,7 @@ class token_storage implements TokenStorageInterface
 	/**
 	* Checks to see if an access token exists solely by the session_id of the user
 	*
+	* @param	string	$service	The name of the OAuth service
 	* @return	bool	true if they have token, false if they don't
 	*/
 	public function has_access_token_by_session($service)
@@ -216,6 +355,29 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
+	* Checks to see if a state exists solely by the session_id of the user
+	*
+	* @param	string	$service	The name of the OAuth service
+	* @return	bool	true if they have state, false if they don't
+	*/
+	public function has_state_by_session($service)
+	{
+		$service = $this->get_service_name_for_db($service);
+
+		if ($this->cachedState)
+		{
+			return true;
+		}
+
+		$data = array(
+			'session_id'	=> $this->user->data['session_id'],
+			'provider'		=> $service,
+		);
+
+		return (bool) $this->get_state_row($data);
+	}
+
+	/**
 	* A helper function that performs the query for has access token functions
 	*
 	* @param	array	$data
@@ -230,7 +392,8 @@ class token_storage implements TokenStorageInterface
 	{
 		$service = $this->get_service_name_for_db($service);
 
-		if ($this->cachedToken instanceof TokenInterface) {
+		if ($this->cachedToken instanceof TokenInterface)
+		{
 			return $this->cachedToken;
 		}
 
@@ -242,12 +405,30 @@ class token_storage implements TokenStorageInterface
 		return $this->_retrieve_access_token($data);
 	}
 
+	public function retrieve_state_by_session($service)
+	{
+		$service = $this->get_service_name_for_db($service);
+
+		if ($this->cachedState)
+		{
+			return $this->cachedState;
+		}
+
+		$data = array(
+			'session_id'	=> $this->user->data['session_id'],
+			'provider'	=> $service,
+		);
+
+		return $this->_retrieve_state($data);
+	}
+
 	/**
 	* A helper function that performs the query for retrieve access token functions
 	* Also checks if the token is a valid token
 	*
 	* @param	array	$data
 	* @return	mixed
+	* @throws \OAuth\Common\Storage\Exception\TokenNotFoundException
 	*/
 	protected function _retrieve_access_token($data)
 	{
@@ -263,7 +444,7 @@ class token_storage implements TokenStorageInterface
 		// Ensure that the token was serialized/unserialized correctly
 		if (!($token instanceof TokenInterface))
 		{
-			$this->clearToken();
+			$this->clearToken($data['provider']);
 			throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
 		}
 
@@ -272,6 +453,26 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
+	 * A helper function that performs the query for retrieve state functions
+	 *
+	 * @param	array	$data
+	 * @return	mixed
+	 * @throws \OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException
+	 */
+	protected function _retrieve_state($data)
+	{
+		$row = $this->get_state_row($data);
+
+		if (!$row)
+		{
+			throw new AuthorizationStateNotFoundException();
+		}
+
+		$this->cachedState = $row['oauth_state'];
+		return $this->cachedState;
+	}
+
+	/**
 	* A helper function that performs the query for retrieving an access token
 	*
 	* @param	array	$data
@@ -279,7 +480,24 @@ class token_storage implements TokenStorageInterface
 	*/
 	protected function get_access_token_row($data)
 	{
-		$sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . '
+		$sql = 'SELECT oauth_token FROM ' . $this->oauth_token_table . '
+			WHERE ' . $this->db->sql_build_array('SELECT', $data);
+		$result = $this->db->sql_query($sql);
+		$row = $this->db->sql_fetchrow($result);
+		$this->db->sql_freeresult($result);
+
+		return $row;
+	}
+
+	/**
+	 * A helper function that performs the query for retrieving a state
+	 *
+	 * @param	array	$data
+	 * @return	mixed
+	 */
+	protected function get_state_row($data)
+	{
+		$sql = 'SELECT oauth_state FROM ' . $this->oauth_state_table . '
 			WHERE ' . $this->db->sql_build_array('SELECT', $data);
 		$result = $this->db->sql_query($sql);
 		$row = $this->db->sql_fetchrow($result);
diff --git a/phpBB/phpbb/auth/provider/provider_interface.php b/phpBB/phpbb/auth/provider/provider_interface.php
index 946731f52d..35e0f559a1 100644
--- a/phpBB/phpbb/auth/provider/provider_interface.php
+++ b/phpBB/phpbb/auth/provider/provider_interface.php
@@ -1,19 +1,21 @@
 <?php
 /**
 *
-* @package auth
-* @copyright (c) 2013 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
 *
 */
 
 namespace phpbb\auth\provider;
 
 /**
- * The interface authentication provider classes have to implement.
- *
- * @package auth
- */
+* The interface authentication provider classes have to implement.
+*/
 interface provider_interface
 {
 	/**
@@ -146,7 +148,7 @@ interface provider_interface
 	* user_id of an account needed to successfully link an external account to
 	* a forum account.
 	*
-	* @param	array	$link_data	Any data needed to link a phpBB account to
+	* @param	array	$login_link_data	Any data needed to link a phpBB account to
 	*								an external account.
 	* @return	string|null	Returns a string with a language constant if there
 	*						is data missing or null if there is no error.
@@ -164,6 +166,10 @@ interface provider_interface
 	/**
 	* Returns an array of data necessary to build the ucp_auth_link page
 	*
+	* @param int $user_id User ID for whom the data should be retrieved.
+	*						defaults to 0, which is not a valid ID. The method
+	*						should fall back to the current user's ID in this
+	*						case.
 	* @return	array|null	If this function is not implemented on an auth
 	*						provider then it returns null. If it is implemented
 	*						it will return an array of up to four elements of
@@ -179,7 +185,7 @@ interface provider_interface
 	*							'VARS'				=> array(...),
 	*						)
 	*/
-	public function get_auth_link_data();
+	public function get_auth_link_data($user_id = 0);
 
 	/**
 	* Unlinks an external account from a phpBB account.
diff --git a/phpBB/phpbb/auth/provider_collection.php b/phpBB/phpbb/auth/provider_collection.php
new file mode 100644
index 0000000000..8e7e9e2cc1
--- /dev/null
+++ b/phpBB/phpbb/auth/provider_collection.php
@@ -0,0 +1,67 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\auth;
+
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+* Collection of auth providers to be configured at container compile time.
+*/
+class provider_collection extends \phpbb\di\service_collection
+{
+	/** @var \phpbb\config\config phpBB Config */
+	protected $config;
+
+	/**
+	* Constructor
+	*
+	* @param ContainerInterface $container Container object
+	* @param \phpbb\config\config $config phpBB config
+	*/
+	public function __construct(ContainerInterface $container, \phpbb\config\config $config)
+	{
+		$this->container = $container;
+		$this->config = $config;
+	}
+
+	/**
+	* Get an auth provider.
+	*
+	* @param string $provider_name The name of the auth provider
+	* @return object	Default auth provider selected in config if it
+	*			does exist. Otherwise the standard db auth
+	*			provider.
+	* @throws \RuntimeException If neither the auth provider that
+	*			is specified by the phpBB config nor the db
+	*			auth provider exist. The db auth provider
+	*			should always exist in a phpBB installation.
+	*/
+	public function get_provider($provider_name = '')
+	{
+		$provider_name = ($provider_name !== '') ? $provider_name : basename(trim($this->config['auth_method']));
+		if ($this->offsetExists('auth.provider.' . $provider_name))
+		{
+			return $this->offsetGet('auth.provider.' . $provider_name);
+		}
+		// Revert to db auth provider if selected method does not exist
+		else if ($this->offsetExists('auth.provider.db'))
+		{
+			return $this->offsetGet('auth.provider.db');
+		}
+		else
+		{
+			throw new \RuntimeException(sprintf('The authentication provider for the authentication method "%1$s" does not exist. It was not possible to recover from this by reverting to the database authentication provider.', $this->config['auth_method']));
+		}
+	}
+}