- added `pm_cleanup_max_age`-config_var
- added 2 files (`pm_deleted_sender` & `pm_deleted_receiver`) in pm table
- changed `list_pms()` to catch only not deleted pm's
- changed `delete_pm()` now it need a user_id to delete a pm (like `get_pm()`)
- changed `delete_pm()` sender's can now detete pm's from outbox
- changed `count_unread_pms()` it counts now only not deleted pm's.
- added `cleanup_pms()` removes pms older than X defined by `pm_cleanup_max_age`-config_var
added a new table for login_attempts (in both SQL files)
added 2 config vars `login_attempts`(db) & `remove_successful_attempts`
changed function `reset_login_attempts()` (removed user_id and changed where to ip_address and timestamp from user_id only)
changed function `update_login_attempts()` (removed user_id and changed where to ip_address and timestamp from email/user_id only)
changed function `login()` (removed arguments from changed functions, added abilty to enable/disable removing login attempt after successful login)
- added 2 config vars (`totp_two_step_login_active`, `totp_two_step_login_redirect`)
- changed `login()` to set session data if totp is required and two_step_login is active and skip default
- fixed `control()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- fixed `control()` to check if is_loggedin not with totp verification is required
- changed `is_allowed()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- added 2 functions `verify_user_totp_code($totp_code, $user_id = FALSE)` & `is_totp_required()`
reference to #131 (tutorial follows)
- added config var `use_password_hash`
- added config var `password_hash_algo`
- added config var `password_hash_options`
- added `verify_password()`
- changed `login()` (changed pass check with new the function, added a little skip for pass recreation if password_hash is active)
- changed `hash_password()`
- added `sql/Aauth_v2_BCrypt.sql` with a working password if BCrypt is active
- changed `last_login_attempt` value to `Y-m-d H:i:s` from `Y-m-d H:0:0`
- changed `last_login_attempt`-check to check every x minute based on config var (`max_login_attempt_per_minutes`)
- added optional `last_login_attempt` update on login attempt (`update_last_login_attempt`)
- added config var `max_login_attempt_per_minutes`
- added config var `update_last_login_attempt`
- fixed config var info for `max_login_attempt` (`20` to `10`)
added `login_with_name` config item
renamed `aauth_error_login_failed` to `aauth_error_login_failed_email` in lang file
added `aauth_error_login_failed_name` in lang file
changed in login function `$email` to `$identifier`
artem
CodeLingoBot
REJack
Steve
tswagger
REJack
Emre Akay