htaccess to block access to the logs
by default, only log warnings
simple config check to see if that folder is writable
warning if changeNoFee is used
warning if setLocked is used
warning if changeAdmin is used
warning if when logging in that IP is different than saved IP
info if a login fails with bad user or password
warning if a user is locked via failed logins
info if an update/etc fails with bad pin
warning if a user is locked via failed pins
info when a pin request is sent
warning when a pin request email doesn't send
warning when trying to request pin reset and incorrect password
info when a twofactor token sent
warning if twofactor email doesn't send
warning when a user tries to request multiple of the same type of token
info when a twofactor token is deleted
warning if a twofactor token fails to delete
warning when an invalid change password token is used
info on successful account update
warning when reset password is called and IP doesn't match saved IP, info otherwise
warning if isAuthenticated falls through and kills a session
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* Renamed configuration array to `smarty` => `cache`
* Added `smarty` => `cache_lifetime` to expire cache files properly
This should be safe to use, be aware that each page request is cached!
That includes any POST/GET calls to the site.
It does help in speeding up the site, up to 100% on some requests. For a
high traffic site it probably makes sense to enable this option with a
low cache lifetime to ensure most recent data.
Addresses #309
* Added 3rd party logger library KLogger
* Adjusted all cronjobs from verbose output to logging
* Added new logs folder for crons to write to
* Added new .gitignore for logs folder data
* Updated blocks class to only fetch blocks with no share_id
* Adjusted findblocks to use no blocks class method
