I wouldn't trust session id very much either. Let's think about that. The good thing is that it doesn't prevent 4.3 from being released.
Oh, you're talking active/inactive for individual menu links? That can be either/both.
Are we also offering a toggle for db menus vs html menus?
Oops I thought you were talking about that - I read the post wrong.
I think I added it already...pretty sure...the setting is in the DB...it should be on the admin page too???
Oh. Awesome. I hadn't noticed. Sweet.
I also wonder if we should only check for whitelisted/blacklisted ips on certain pages. It seems a bit overkill to do it on every single page view. Maybe just the login/join/password reset stuff?
Ajax is actually pretty easy, I'll see if I can whip up the username check here in a few minutes.
As for the password strength check, it's almost plug and go if I remember right. I'll look at that too.
I've committed a username check. If you guys like it we can add it to the manual user creation as well.
I merged everything and will take a look.
When you remove the data in the username field it goes to "Unable to check"...we should just remove the message if the field is empty. We should also add this for email. And I would like to deploy this to admin_users.php for the manual add please.
The glogin select is messed up. It always says enabled. I committed a change for this.
What are we doing about more graceful token fails? Do you want this in 43 or is this US5?
Should we turn message notifications on by default? Or off? Do users setup their email settings during setup? If we enable it by default we could run into issues with email failures.
I committed a change to add the manage navigation button to admin.php.
Also: the Help menu in the DB-driven nav is set to logged in only, set this to no, we don't want logged in users to see it, and don't want guests to not have this menu. You also need to add forgot password to this menu.
