ehuggett

My apologies for an ill-conceived request, preventing the use of an insecure relay was not intentional. But I cannot honestly say I would object to it either given that relay...

[sorry, I lost track of time while writing this response. a little too in-depth perhaps] > Active manipulation of http connections is much more involved than simply recording the password...

(context: if/when/after support for remote unencrypted relays is removed) I can't see any way to support only dns/host names which resolve to local addresses, as i can't find a method...

I think we need to make it at least complicated enough not to reject valid input... Any comment(s) on the current regex failing to match - valid IPv4 addresses? (10.1,...

The constant PASSWORD_DEFAULT changing in newer versions of PHP should not cause any problems as the algorithm to use for the password comparison during login is stored with the password...

To be honest, i had not properly considered the implications for installations not being kept up to date or what happens when site admins skip versions (possibly because i never...

There are no conditions that i am aware of which can be used differentiate between plaintext passwords and hashes of passwords with 100% accuracy. For example, the md5 checksum of...

What versions of php are currently supported / known to work and of those which versions does this _**need**_ to be compatible with? (all of them?)

Could be a problem for this? > 1.1 If this minimum version requirement is not acceptable then including the userland implementation would lower the requirement to "PHP >= 5.3.7 OR...

- I have included password_compat - added setPassword to phpListAdminAuthentication (this brake installations with a custom admin_auth plugin?) - password reset now uses setPassword - the config check now uses...