* Fix for ID caching
Rebuilds the cache every time a group or permission is added / deleted (create_perm, delete_perm, create_group, delete_group).
* Fix precache_perms()
* ID-Caching
- Very simple caching mechanism for Group- and Permission-IDS
* Transcations are used in delete-functions
- Added basic transaction-handling to delete_user(), delete_perm() and delete_group();
* Removed some trailing spaces
- removed user get query from DDoS check in
- fixed DDoS protection to update login_attempts if user not exist too
- removed user get query from DDoS/reCAPTCHA check
- fixed DDoS/reCAPTCHA proection to update login_attempts if user not exist too
- added `get_login_attempts()` returns login_attempts as INT (used in `login()`)
- fixed both SQL files
- fixed `list_pms()`
- fixed `delete_pm()`
- updated CHANGELOG
- added abilty to send `system` PM's for `send_pm()` & `send_pms()`
- changed `name` to `username` in aauth_users table
- changed `name` to `username` in all user related functions
- changed `$name` to `$username` in `create_user()` & `update_user()`
- added `user_exist_by_username()`
- changed `user_exist_by_name()` to an alias of `user_exist_by_username()`
- added `pm_cleanup_max_age`-config_var
- added 2 files (`pm_deleted_sender` & `pm_deleted_receiver`) in pm table
- changed `list_pms()` to catch only not deleted pm's
- changed `delete_pm()` now it need a user_id to delete a pm (like `get_pm()`)
- changed `delete_pm()` sender's can now detete pm's from outbox
- changed `count_unread_pms()` it counts now only not deleted pm's.
- added `cleanup_pms()` removes pms older than X defined by `pm_cleanup_max_age`-config_var
- changed `$receiver_id` to `$receiver_ids`
- sends multiple pms
- returns array of receiver user ids with specific error message on failure or TRUE if message successfully sent
added a new table for login_attempts (in both SQL files)
added 2 config vars `login_attempts`(db) & `remove_successful_attempts`
changed function `reset_login_attempts()` (removed user_id and changed where to ip_address and timestamp from user_id only)
changed function `update_login_attempts()` (removed user_id and changed where to ip_address and timestamp from email/user_id only)
changed function `login()` (removed arguments from changed functions, added abilty to enable/disable removing login attempt after successful login)
- added 2 config vars (`totp_two_step_login_active`, `totp_two_step_login_redirect`)
- changed `login()` to set session data if totp is required and two_step_login is active and skip default
- fixed `control()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- fixed `control()` to check if is_loggedin not with totp verification is required
- changed `is_allowed()` to check if totp verification is required, if required then it redirects to `totp_two_step_login_redirect`
- added 2 functions `verify_user_totp_code($totp_code, $user_id = FALSE)` & `is_totp_required()`
reference to #131 (tutorial follows)
joaocustodio
Raphael Jackstadt
Christian Land
Omkar Tapale
Paul Canning