I replaced the old login system with a more secure one.
Instead of storing cookies containing the username and plaintext password, the password
is submitted once to obtain a session hash, which is valid for a given length of time.
Registering and logging in is now done via an iframe, which prevents custom javascript from having access to the password field.
Site admins need to run the following SQL before updating, or else all of your logins/registrations will fail:
ALTER TABLE `registrations` ADD `session_hash` VARCHAR( 64 ) NOT NULL ,
ADD `expire` BIGINT NOT NULL
Hovering over a queue item will now show the name of the person who added it.
If it was added by a guest, or if it was added while the server was running a previous version, it will show up as "unknown".
This means it is no longer necessary to perform a .htaccess hack if you want nice URLs.
By default, hostname:port/r/channel acts the same as hostname:port/index.html?channel=channel.
Since MySQL is case-insensitive, treating varying cases as unique names was a prroblem.
Existing channels with uppercase names should not be affected as the database lookup finds a match without case sensitivity.
