v2.5.7

• fixed login remember
• removed use_cookies-config_var (unused since reCAPTCHA doesn't use cookie/session)
• changed logout()
• changed is_loggedin() removed wrong session checks
• updated config/aauth.php

For the Users who use it in CI2: CI2 native Support is back.
(Since v2.5.6 Session's tempdata not used anymore for reCAPTCHA, that are not available in CI2)

v2.5.6

• added abilty to set a config for CI's Email Library

v2.5.5

• fixed reCAPTCHA-validation (moved after DDoS check) (@REJack)
• some little fixes with ddos_protection & reCAPTCHA (@REJack)
  • fixed timestamp where in reset_login_attempts(), get_login_attempts() & update_login_attempts()
  • fixed login() removed cookie/session-userdata for reCAPTCHA (if reCAPTCHA needed)
  • fixed login() moved update_login_attempts() before test email/name & password
  • fixed generate_recaptcha_field()

v2.5.4

• DDoS Protections fixes in login() (@REJack)
  • removed user get query from DDoS check in
  • fixed DDoS protection to update login_attempts if user not exist too
  • removed user get query from DDoS/reCAPTCHA check
  • fixed DDoS/reCAPTCHA proection to update login_attempts if user not exist too
  • added get_login_attempts() returns login_attempts as INT (used in login())

v2.5.3

• fixed reCAPTCHA DDoS check

v2.5.2

• fixed error with user_exist_by_name()

v2.5.1

fixed Issue with PM's

• fixed PM's not being decrypted with `list_pms() #145
• fixed get_pm() method to fetch correct PM #145
• fixed delete_pm() method to fetch correct PM #145

v2.5.0

Major Changes:

• BCrypt/PHP's password_hash support requires PHP 5 >= 5.5.0, PHP 7
• Non-user based DDoS check
• removed System Variables
• Language support for Traditional Chinese, Simplified Chinese & German
• PM Encryption and send PM to multiple Users with send_pms()

This is the last Version of with Support for CodeIgniter 2.x!!!

if anyone use the System Variables and want update to v2.5.0 a Compatibility Library is available under https://github.com/REJack/CodeIgniter-Aauth-Compat

Changes:

• changed last_login_attempt value to Y-m-d H:i:s from Y-m-d H:0:0
• changed last_login_attempt-check to check every x minute based on config var (max_login_attempt_per_minutes)
• added optional last_login_attempt update on login attempt (update_last_login_attempt)
• added config var max_login_attempt_per_minutes
• added config var update_last_login_attempt
• fixed config var info for max_login_attempt (20 to 10)
• changed ver_code to sha1 hashed timestamp (remind_password())
• removed user_id in reset password link (remind_password())
• removed function param $user_id (reset_password())
• changed password length to an even number based on config var min (reset_password())
• fixed strtotime params in update_login_attempts
• changed config var update_last_login_attempt to true
• changed get_user_groups() (public groups now visible if checked on guests)
• changed update_login_attempts() (removed config var update_last_login_attempt & optimized if's)
• fixed config var password_hash_algo string to constant and added info link
• is_loggedin() 2 empty lines removed
• control() it hasn't checked if no perm_par was given
• added 2 config vars (totp_two_step_login_active, totp_two_step_login_redirect)
• changed login() to set session data if totp is required and two_step_login is active and skip default
• fixed control() to check if totp verification is required, if required then it redirects to totp_two_step_login_redirect
• fixed control() to check if is_loggedin not with totp verification is required
• changed is_allowed() to check if totp verification is required, if required then it redirects to totp_two_step_login_redirect
• added 2 functions verify_user_totp_code($totp_code, $user_id = FALSE) & is_totp_required()
• added config var info for totp_two_step_login_redirect
• removed aauth_system_variables from SQL files
• removed config var system_variables
• added a new table for login_attempts (in both SQL files)
• added 2 config vars login_attempts(db) & remove_successful_attempts
• changed function reset_login_attempts() (removed user_id and changed where to ip_address and timestamp from user_id only)
• changed function update_login_attempts() (removed user_id and changed where to ip_address and timestamp from email/user_id only)
• changed function login() (removed arguments from changed functions, added abilty to enable/disable removing login attempt after successful login)
• fixed SQL files (now its compatible with MySQL >= 5.7.3)
• added Traditional & Simplified Chinese language file (thanks @terrylinooo)
• added German language file (thanks @tobiasfichtner)
• fixed missing comma in sql files
• SQL files Tested with MySQL v5.7.11
• changed some explanation infos in aauth's config
• fixed explanation info text in aauth config
• added pm_cleanup_max_age-config_var
• added 2 files (pm_deleted_sender & pm_deleted_receiver) in pm table
• changed list_pms() to catch only not deleted pm's
• changed delete_pm() now it need a user_id to delete a pm (like get_pm())
• changed delete_pm() sender's can now detete pm's from outbox
• changed count_unread_pms() it counts now only not deleted pm's.
• added cleanup_pms() removes pms older than X defined by pm_cleanup_max_age-config_var
• changed send_pm() to send_pms()
• added send_pm()
• enhanced send_pm()
  • changed $receiver_id to $receiver_ids
  • sends multiple pms
  • returns array of receiver user ids with specific error message on failure or TRUE if message successfully sent
• added date_created field to aauth_users-table in both SQL files
• changed create_user() to fill date_created on user creation
• added pm_encryption config_var
• added abilty to encrypt PM's in send_pm() & get_pm()
• added function user_exist_by_id used in send_pm()
• added a user_id check in get_pm()
• enhanced get_pm()
  • added $user_id argument between $pm_id & $set_as_true
  • changed set_as_true to set read date only if user_id is equal to receiver's id
• reverted changed count_unread_pms() it counts now only not deleted pm's
• changed delete_pm() if a receiver deletes a pm it updates date_read
• fixed both SQL files
• fixed list_pms()
• fixed delete_pm()
• updated CHANGELOG
• added abilty to send system PM's for send_pm() & send_pms()
• changed name to username in aauth_users table
• changed name to username in all user related functions
• changed $name to $username in create_user() & update_user()
• added user_exist_by_username()
• changed user_exist_by_name() to an alias of user_exist_by_username()
• release prefix changed in library
• changed copyright in library
• fixed usernames in Quick Start-Section

v2.4.7

Sub-Groups added & some enhancements

• added function add_subgroup($group_par, $subgroup_par)
• added function remove_subgroup($group_par, $subgroup_par)
• added function get_subgroups($group_par)
• modified is_group_allowed() to check subgroups
• modified delete_group() to remove subgroups
• added 2 lines for subgroups to english/aauth_lang.php
• added a new table to the database group_to_group
• changed verstion from 2.4.6 to 2.4.7
• verification email sending disabled if a admin is creating a user (#119 improved with @vipinks)
• fixed Quick Start-Section (changed deny to deny_group) (found by #118)
• renamed valid_chars to additional_valid_chars (suggestion by #125)
• added function get_user_vars($user_id) (suggestion by #129)

v2.4.6

added in allow_user & allow_group check if perm exists
added in allow_group check if group exists
changed 'TOTP Code' to 'Authentication Code' in english lang file
Update array clearing for php compatibilities