* Adds CSRF protection for multiple pages, see bottom
* Adds User/IP/Date & time to successful login notification
* New config option for sitewide CSRF protection
* Fixed a bug in the contact form
* Lots of cleanup related to CSRF stuff
* Increments config version
* CSRF protection: register, contact, account edit, workers, notifications, and invites
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache
Addresses #1471 and may fix it already if no other changes are required.
Since we are adding more security realted features, we drop the small
login in the header. It will need more workarounds than we'd like and is
already dropped when re-Captcha is enabled.
Security > Convenience :D
When logging in from mobile, there currently is not an indicater to
use email or username. This labels it correctly.
Removed maxlength to allow for lengthier email addresses.
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.
Fixes#1345 once merged.
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
