The way this now works is, if csrf is enabled:
* Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
* Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* Allow to redirect to referrer page when access is denied
* Logout user and point towards login, add redirect
* Logout user as usual but added save redirects
* Adjusted templates and page codes
This will allow any admin to enable or disable a pool maintenance mode.
Regular users that are still logged in will not be kicked out (yet). New
users that are trying to login and are not admins will be denied access.
Also added registration option to Admin Settings via WebUI. You can now
disable new accounts via web option or configuration setting.
Fixes#259 but also adds an additional feature.
* Added mobile device detection PHP library
* Call PHP library to decide which theme to use
* Added theme as a configuration option into global config
* Selectable Desktop theme (default: mmcFE)
* Selectable Mobile theme (default: mobile)
* Disable mobile theme support entirely
**NOTE**: This requires updates to the `global.inc.php` so please check
the dist file and update your config before filing a new issue!
Addresses #25
* Currently no GUI, use DB access to change the row entry
* Upgraded Database table `accounts` with upgrade SQL
* Updated `admin` field to `is_admin` as boolean
* Modified pages, classes, templates to support is_admin and is_locked
Addresses #147
