It came to my attention today that some firewalls block websocket traffic on port 80. For this reason, I have split out the webserver and socket.io traffic to 2 different ports.
In config.js, IO_PORT is the socket.io port. This should NOT be port 80. WEBSERVER_PORT is the port that the built in webserver will bind to (can be port 80, but this requires root permissions).
You will connect to yourhostname:WEBSERVER_PORT, and use yourhostname:IO_PORT as IO_URL.
Existing installations will have to apply the following SQL:
```sql
ALTER TABLE `registrations` ADD `profile_image` VARCHAR( 255 ) NOT NULL ,
ADD `profile_text` TEXT NOT NULL
```
I replaced the old login system with a more secure one.
Instead of storing cookies containing the username and plaintext password, the password
is submitted once to obtain a session hash, which is valid for a given length of time.
Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field.
Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail:
ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL ,
ADD `expire` BIGINT NOT NULL
Hovering over a queue item will now show the name of the person who added it.
If it was added by a guest, or if it was added while the server was running a previous version, it will show up as "unknown".
This means it is no longer necessary to perform a .htaccess hack if you want nice URLs.
By default, hostname:port/r/channel acts the same as hostname:port/index.html?channel=channel.
Since MySQL is case-insensitive, treating varying cases as unique names was a prroblem.
Existing channels with uppercase names should not be affected as the database lookup finds a match without case sensitivity.