diff --git a/Rocksolid_Light/rocksolid/newsportal.php b/Rocksolid_Light/rocksolid/newsportal.php
index 0607aae..a076a6c 100644
--- a/Rocksolid_Light/rocksolid/newsportal.php
+++ b/Rocksolid_Light/rocksolid/newsportal.php
@@ -1279,20 +1279,54 @@ function group_display_name($gname)
     return $gname;
 }
 
+function verify_logged_in($name) {
+    global $CONFIG, $auth_log;
+
+    $logged_in = false;
+    $ip_pass = false;
+    if (! isset($_SESSION['remote_address'])) {
+        $_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
+        $_SESSION['start_address'] = $_SESSION['remote_address'];
+        $ip_pass = true;
+    } else {
+        if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
+            $ip_pass = false;
+            file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
+        } else {
+            $ip_pass = true;
+            file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
+        }
+    }
+    if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
+        $logged_in = true;
+        file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
+    } else {
+        $logged_in = false;
+        file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
+    }
+    if ($CONFIG['anonuser'] == '1') {
+        $logged_in = false;
+    }
+    return $logged_in ;
+}
+
 function set_user_logged_in_cookies($name, $keys) {
 
     global $debug_log;
-    if( !get_user_config($name, 'encryptionkey')) {
+    $name = trim($name);
+    $name_lc = strtolower($name);
+
+    if( !get_user_config($name_lc, 'encryptionkey')) {
         $key = openssl_random_pseudo_bytes(44);
-        set_user_config($name, 'encryptionkey', base64_encode($key));
+        set_user_config($name_lc, 'encryptionkey', base64_encode($key));
         file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND);
     }
 
-    $name = trim($name);
-            $auth_expire = 14400;
-            $authkey = password_hash($name . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT);
-            $pkey = hash('crc32', get_user_config($name, 'encryptionkey'));
-            set_user_config(strtolower($name), "pkey", $pkey);
+    $auth_expire = 14400;
+    $authkey = password_hash($name_lc . $keys[0] . get_user_config($name, 'encryptionkey'), PASSWORD_DEFAULT);
+    $pkey = hash('crc32', get_user_config($name, 'encryptionkey'));
+    set_user_config(strtolower($name), "pkey", $pkey);
+    $_SESSION['pass'] = true;
 ?>
 <script type="text/javascript">
    if (navigator.cookieEnabled)
diff --git a/Rocksolid_Light/rocksolid/post.php b/Rocksolid_Light/rocksolid/post.php
index 72a3f40..a1d34b7 100644
--- a/Rocksolid_Light/rocksolid/post.php
+++ b/Rocksolid_Light/rocksolid/post.php
@@ -69,13 +69,15 @@ if (! isset($_SESSION['remote_address'])) {
         file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
     } else {
         $ip_pass = true;
+        file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses OK for: " . $name, FILE_APPEND);
     }
 }
 if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
     $logged_in = true;
+    file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS OK for: " . $name, FILE_APPEND);
 } else {
     $logged_in = false;
-    file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION auth expired or not exist for: " . $name, FILE_APPEND);
+    file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION PASS expired or not set: " . $name, FILE_APPEND);
 }
 if ($CONFIG['anonuser'] == '1') {
     $logged_in = false;
@@ -237,6 +239,7 @@ if ($type == "post") {
                 $_SESSION['pass'] = true;
                 $logged_in = true;
                 set_user_logged_in_cookies($name, $keys);
+                file_put_contents($auth_log, "\n" . logging_prefix() . " SET AUTH COOKIES for: " . $name, FILE_APPEND);
             }
         } else {
             // Update cookie times to stay logged in
diff --git a/Rocksolid_Light/rocksolid/search.php b/Rocksolid_Light/rocksolid/search.php
index 42b4ac2..03aa65c 100644
--- a/Rocksolid_Light/rocksolid/search.php
+++ b/Rocksolid_Light/rocksolid/search.php
@@ -166,17 +166,16 @@ $title .= ' - search results for: ' . $_POST['terms'];
 include "head.inc";
 
 // Handle Block poster
+$post_username = trim(strtolower($_POST['username']));
 if (isset($_POST['block_poster'])) {
-    if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
+    if ((password_verify($post_username . $keys[0] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($post_username . $keys[1] . get_user_config($post_username, 'encryptionkey'), $_COOKIE['mail_auth']))) {
         $logged_in = true;
     } else {
-        if (check_bbs_auth($_POST['username'], $_POST['password'])) {
+        if (check_bbs_auth($post_username, $_POST['password'])) {
             if ($ip_pass) {
                 $_SESSION['pass'] = true;
             }
-            $authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
-            $pkey = hash('crc32', get_user_config($_POST['username'], 'encryptionkey'));
-            set_user_config(strtolower($_POST['username']), "pkey", $pkey);
+            set_user_logged_in_cookies($post_username, $keys);
             $logged_in = true;
         }
     }
diff --git a/Rocksolid_Light/spoolnews/mail.php b/Rocksolid_Light/spoolnews/mail.php
index 199aed8..ad624bb 100644
--- a/Rocksolid_Light/spoolnews/mail.php
+++ b/Rocksolid_Light/spoolnews/mail.php
@@ -19,39 +19,6 @@ $logfile = $logdir . '/mail.log';
 $keyfile = $spooldir . '/keys.dat';
 $keys = unserialize(file_get_contents($keyfile));
 
-// How long should cookie allow user to stay logged in?
-// 14400 = 4 hours
-$auth_expire = 14400;
-$logged_in = false;
-if (! isset($_POST['username'])) {
-    $_POST['username'] = $_COOKIE['mail_name'];
-}
-$name = $_POST['username'];
-if (! isset($_POST['password'])) {
-    $_POST['password'] = null;
-}
-if (! isset($_COOKIE['mail_auth'])) {
-    $_COOKIE['mail_auth'] = null;
-}
-if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
-    $logged_in = true;
-} else {
-    if (check_bbs_auth($_POST['username'], $_POST['password'])) {
-        $authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
-        ?>
-<script type="text/javascript">
-       if (navigator.cookieEnabled)
-         var authcookie = "<?php echo $authkey; ?>";
-         var savename = "<?php echo stripslashes($name); ?>";
-	 var auth_expire = "<?php echo $auth_expire; ?>";
-	 var name_expire = "7776000";
-         document.cookie = "mail_auth="+authcookie+"; max-age="+auth_expire+"; path=/";
-         document.cookie = "mail_name="+savename+"; max-age="+name_expire+"; path=/";
-      </script>
-<?php
-        $logged_in = true;
-    }
-}
 $title .= ' - Mail';
 include "head.inc";
 
@@ -105,6 +72,11 @@ if (isset($_POST['username'])) {
         }
     }
 }
+$logged_in = false;
+if(trim($name) != '') {
+    $logged_in = verify_logged_in(trim(strtolower($name)));
+}
+
 if ($logged_in !== true) {
     echo '<table border="0" align="center" cellpadding="0" cellspacing="1">';
     echo '<form name="form1" method="post" action="user.php" enctype="multipart/form-data">';
diff --git a/Rocksolid_Light/spoolnews/upload.php b/Rocksolid_Light/spoolnews/upload.php
index 098a8a8..a930ba1 100644
--- a/Rocksolid_Light/spoolnews/upload.php
+++ b/Rocksolid_Light/spoolnews/upload.php
@@ -13,15 +13,20 @@ $logged_in = false;
 if (! isset($_POST['username'])) {
     $_POST['username'] = $_COOKIE['mail_name'];
 }
-$name = $_POST['username'];
+$name = trim(strtolower($_POST['username']));
+
 if (! isset($_POST['password'])) {
     $_POST['password'] = null;
 }
 if (! isset($_COOKIE['mail_auth'])) {
     $_COOKIE['mail_auth'] = null;
 }
-if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
-    $logged_in = true;
+
+$logged_in = verify_logged_in(trim(strtolower($name)));
+if(!$logged_in) {
+    if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
+        $logged_in = true;
+    }
 }
 
 $title .= ' - Upload file';
diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php
index 92c8948..75294d8 100644
--- a/Rocksolid_Light/spoolnews/user.php
+++ b/Rocksolid_Light/spoolnews/user.php
@@ -69,24 +69,27 @@ $logged_in = false;
 if (! isset($_POST['username'])) {
     $_POST['username'] = $_COOKIE['mail_name'];
 }
-$name = $_POST['username'];
+$name = trim(strtolower($_POST['username']));
 if (! isset($_POST['password'])) {
     $_POST['password'] = null;
 }
 if (! isset($_COOKIE['mail_auth'])) {
     $_COOKIE['mail_auth'] = null;
 }
-if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
-    $logged_in = true;
-} else {
-    if (check_bbs_auth($_POST['username'], $_POST['password'])) {
-        if ($ip_pass) {
-            $_SESSION['pass'] = true;
-        }
-        set_user_logged_in_cookies($name, $keys);
+$logged_in = verify_logged_in(trim(strtolower($_POST['username'])));
+if(!$logged_in) {
+    if ((password_verify($name . $keys[0] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($name . $keys[1] . get_user_config($name, 'encryptionkey'), $_COOKIE['mail_auth']))) {
         $logged_in = true;
     } else {
-        echo 'Authentication Required';
+        if (check_bbs_auth($_POST['username'], $_POST['password'])) {
+            if ($ip_pass) {
+                $_SESSION['pass'] = true;
+            }
+            set_user_logged_in_cookies($name, $keys);
+            $logged_in = true;
+        } else {
+            echo 'Authentication Required';
+        }
     }
 }