- changed `$receiver_id` to `$receiver_ids`
- sends multiple pms
- returns array of receiver user ids with specific error message on failure or TRUE if message successfully sent
added a new table for login_attempts (in both SQL files)
added 2 config vars `login_attempts`(db) & `remove_successful_attempts`
changed function `reset_login_attempts()` (removed user_id and changed where to ip_address and timestamp from user_id only)
changed function `update_login_attempts()` (removed user_id and changed where to ip_address and timestamp from email/user_id only)
changed function `login()` (removed arguments from changed functions, added abilty to enable/disable removing login attempt after successful login)
- added 2 config vars (`totp_two_step_login_active`, `totp_two_step_login_redirect`)
- changed `login()` to set session data if totp is required and two_step_login is active and skip default
- fixed `control()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- fixed `control()` to check if is_loggedin not with totp verification is required
- changed `is_allowed()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- added 2 functions `verify_user_totp_code($totp_code, $user_id = FALSE)` & `is_totp_required()`
reference to #131 (tutorial follows)
- added config var `use_password_hash`
- added config var `password_hash_algo`
- added config var `password_hash_options`
- added `verify_password()`
- changed `login()` (changed pass check with new the function, added a little skip for pass recreation if password_hash is active)
- changed `hash_password()`
- added `sql/Aauth_v2_BCrypt.sql` with a working password if BCrypt is active
- changed `ver_code` to sha1 hashed timestamp (`remind_password()`)
- removed `user_id` in reset password link (`remind_password()`)
- removed function param `$user_id` (`reset_password()`)
- changed password length to an even number based on config var `min` (`reset_password()`)
- changed `last_login_attempt` value to `Y-m-d H:i:s` from `Y-m-d H:0:0`
- changed `last_login_attempt`-check to check every x minute based on config var (`max_login_attempt_per_minutes`)
- added optional `last_login_attempt` update on login attempt (`update_last_login_attempt`)
- added config var `max_login_attempt_per_minutes`
- added config var `update_last_login_attempt`
- fixed config var info for `max_login_attempt` (`20` to `10`)
REJack
Tobias Fichtner
Terry Lin
suhindra
AnasTHH
Bevin
Emre Akay
scombat
Mathew White
Steve