Releases for LoginToboggan

Changes since DRUPAL-6--1-1:

• #238660 by hunmonk: Allow user admins to re-send validation e-mail. thanks to manoloka for sponsoring the work on this patch.
• #254387 by drewish, hunmonk: Redirecting after access denied doesn't work with language path prefixes. conditionally remove the language prefix if present.
• remove password complexity wish list item -- this was implemented by core in 6.x
• #258353 by hunmonk: clarify set password option -- it's core provided.

Changes since DRUPAL-5--1-2:

• #239136 by hunmonk: remove pre auth, add auth user in object in email validation code.
• #238660 by hunmonk: Allow user admins to re-send validation e-mail. thanks to manoloka for sponsoring the work on this patch.
• #258353 by hunmonk: clarify set password option -- it's core provided.

development snapshot for the 6.x-1.x branch -- new features in the 6.x branch will go in 6.x-2.x

Changes since DRUPAL-6--1-0:

• #76726 by levavie: updated RTL CSS file for 6.x.
• #239136 by hunmonk: remove pre auth, add auth user in $account object in email validation code.
• #239571 by hunmonk: fix broken mailing functionality. Resend validation email code is now properly updated to 6.x, logintoboggan_mail() was not using user saved mail subjects/bodies.

Changes since DRUPAL-5--1-2:

New features

• convert collapsible login block to jquery.
• #110026 -- Invoke hook when validating email. patch by mcarbone, mfb.
• #179512 by hunmonk: make redirect support on all user account creations.
• #179512 by hunmonk: make confirmation redirects work for core email validation as well.
• #57623 by hunmonk. Bring back set password only option. Add optional 'Immediate login' checkbox to logintoboggan settings page -- user is only logged in automatically if this is enabled.
• #197906 by hunmonk: Add description for 'Block type' setting.
• make username/password title/description themable, and don't clobber exiting attributes.
• #196298 by hunmonk: make login/register link themable, and smart about registration options.
• RTL version of LoginTogobban's hebrew translation file
• #227532 by levavie: RTL version of LoginToboggan's CSS file.
• added spanish translation

Bugfixes

• make email confirm textfield the same size as email textfield.
• close XSS attack vectors in themed 'logged in' block, and login block message.
• #118517 -- Fix text substitution variables in revalidation e-mail. patch by Benjamin Melancon and myself.
• #145727 - Help text positioned in the middle of the login form rather than the top. patch by p_palmer, myself.
• #129411 by hunmonk. add pre-auth role to existing roles on registration.
• #174553 by baldwinlouie, hunmonk: Grammer is incorrect when the password length validation message comes up.
• redirect should always be returned, so users who didn't create their own password are redirected to the front page if no redirect is specified.
• by hunmonk, webchick: don't clobber other submit handlers on user registration.
• #196553 by hunmonk: LoginToboggan interferes with other modules altering registration form. manually place the registration submit function at the beginning of the submit handlers.
• #197906 by hunmonk: Add description for 'Block type' setting.
• #198551 by hunmonk: User registration guidelines not on top of registration form. properly re-weight the help text.
• #204383 by hunmonk: User can register with email address -- doc error. removed faulty doc -- users have always been able to register w/ an email address for a username.

Changes since DRUPAL-5--1-1:

• #204600 by hunmonk: theme_lt_username_title can not be overwritten in template.php. replace all hardcoded theme calls with proper calls to theme().
• #221652: preserve query string in logintoboggan_destination().
• clean up validation problems with users changing their username/email to another user's username/email when login w/ email is enabled.
• exclude anon user in matching email validation check.
• #215999 by hunmonk: Login on Access Denied resets itself when module listing page is submitted and there is a module dependency for logintoboggan.
• #215981 by jbc, hunmonk: add INSTALL.txt, clarify login block setting location.

Changes since DRUPAL-4-7--1-1:

• #129411 by hunmonk. add pre-auth role to existing roles on registration.
• #174553 by baldwinlouie, hunmonk: Grammer is incorrect when the password length validation message comes up.
• #179512 by hunmonk: make redirect support on all user account creations.
• #204383 by hunmonk: User can register with email address -- doc error. removed faulty doc -- users have always been able to register w/ an email address for a username. tightened check for usernames that are already taken as email addresses by another user.

Changes since DRUPAL-5--1-0:

• #129411 by hunmonk. add pre-auth role to existing roles on registration.
• #174553 by baldwinlouie, hunmonk: Grammer is incorrect when the password length validation message comes up.
• #179512 by hunmonk: make redirect support work on all user account creations.
• #179512 by hunmonk: make confirmation redirects work for core email validation as well.
• consistent capitalization for module name.
• clean up todo/wishlist.
• clean up formatting/help text in _form_alter().
• use proper auth user constant.
• #196553 by hunmonk, webchick:: LoginToboggan interferes with other modules altering registration form. manually place the registration submit function at the beginning of the submit handlers.
• #197906 by hunmonk: Better install instructions.
• #197906 by hunmonk: Add description for 'Block type' setting.
• make username/password title/description themable, and don't clobber exiting attributes. some comment cleanup.
• get rid of shouting in login form titles/descriptions.
• #196298 by hunmonk: make login/register link themable, and smart about registration options.
• #198551 by hunmonk: User registration guidelines not on top of registration form. properly re-weight the help text.
• #204383 by hunmonk: User can register with email address -- doc error. removed faulty doc -- users have always been able to register w/ an email address for a username. tightened check for usernames that are already taken as email addresses by another user.

This release fixes a potential security vulnerability, though it is practically impossible to exploit. All sites using LoginToboggan should consider upgrading, but this should not be considered an urgent task. Please see DRUPAL-SA-2007-016 for more information.

In addition, this release includes the following bug fixes:

• FIXED: removed unneccessary textfield length for email confirmation
• FIXED: proper destination handling when a login attempt fails.

This release fixes a potential security vulnerability, though it is practically impossible to exploit. All sites using LoginToboggan should consider upgrading, but this should not be considered an urgent task. Please see DRUPAL-SA-2007-016 for more information.

In addition, this release includes the following changes:

• FIXED: login page on access denied setting was getting wiped out upon save of module admin page.
• FIXED: help text positioned in the middle of the login form rather than the top when email confirm feature is enabled.
• FIXED: text substitutions variables in re-validation email.
• ADDED: call user update hook when a user validates their email -- include special 'logintoboggan_email_validated' marker in the user object for the call.

Development release for the DRUPAL-5 branch.

This is the first official 4.7 release of logintoboggan. It has been in use for some time now, and is ready for a release under the new system.

Please see the CVS log for the DRUPAL-4-7 branch for a detailed list of changes.