- added 2 config vars (`totp_two_step_login_active`, `totp_two_step_login_redirect`)
- changed `login()` to set session data if totp is required and two_step_login is active and skip default
- fixed `control()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- fixed `control()` to check if is_loggedin not with totp verification is required
- changed `is_allowed()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- added 2 functions `verify_user_totp_code($totp_code, $user_id = FALSE)` & `is_totp_required()`
reference to #131 (tutorial follows)
- added config var `use_password_hash`
- added config var `password_hash_algo`
- added config var `password_hash_options`
- added `verify_password()`
- changed `login()` (changed pass check with new the function, added a little skip for pass recreation if password_hash is active)
- changed `hash_password()`
- added `sql/Aauth_v2_BCrypt.sql` with a working password if BCrypt is active
- changed `last_login_attempt` value to `Y-m-d H:i:s` from `Y-m-d H:0:0`
- changed `last_login_attempt`-check to check every x minute based on config var (`max_login_attempt_per_minutes`)
- added optional `last_login_attempt` update on login attempt (`update_last_login_attempt`)
- added config var `max_login_attempt_per_minutes`
- added config var `update_last_login_attempt`
- fixed config var info for `max_login_attempt` (`20` to `10`)
added `login_with_name` config item
renamed `aauth_error_login_failed` to `aauth_error_login_failed_email` in lang file
added `aauth_error_login_failed_name` in lang file
changed in login function `$email` to `$identifier`
REJack
Steve
tswagger
REJack
Emre Akay
Jacob Tomlinson