#158027 by hunmonk: Login using email address only (alter display via theming). also prevent attributes from being clobbered in the user login form, and some code comment cleanup.

#196553 by hunmonk: LoginToboggan interferes with other modules altering registration form. manually place the registration submit function at the beginning of the submit handlers.

added auto-delete functionality for unvalidated users. a time interval can be set, and users still in the pre-auth role will be automatically purged from the system after the interval, if they are still in the pre-auth role. useful for cleaning up spambot registrations.

#57623 by hunmonk. Bring back set password only option. Add optional 'Immediate login' checkbox to logintoboggan settings page -- user is only logged in automatically if this is enabled.

updated email functionality for 6.x. cleaned up and clarified user help. fix notice. the module has been tested pretty thoroughly, and seems to work w/o problems on 6.x

no validation messages or db operations are necessary when the pre-auth role is set to the auth user.

redirect should always be returned, so users who didn't create their own password are redirected to the front page if no redirect is specified.

#174553 by baldwinlouie, hunmonk: Grammer is incorrect when the password length validation message comes up.

#145727 - Help text positioned in the middle of the login form rather than the top. patch by p_palmer, myself.

#124589 -- Login on Access Denied (403) resets itself when module listing page is submitted. patch by matt@antinomia, gman.

#118517 -- Fix text substitution variables in revalidation e-mail.  patch by Benjamin Melancon and myself.

close XSS attack vectors in themed 'logged in' block, and login block message. some white space removal.

#85185 -- allow uid substitution in redirects. patch by hunmonk. redirects will now take %uid, and subsitute that with the user ID prior to the redirect.

#93104 -- Handling of blocked users. patch by hunmonk. only login users with an active status. also, since all new account creations using the set password option get an active status in the db, it's no longer necessary to add it in dynamically in the auth perm revoke code -- this was causing problems with status display.

#103233 -- Users always get active status even when site is configured to require admin approval on new account creation. patch by inactivist, hunmonk. user status should be set to active during LT registration only if the immediate login feature is enabled -- otherwise fall back to the site settings.

#92361 -- The pre-auth user feature does not work properly. patch by plumbley. since user_load() always includes the authenticated user permission, LT needs to specifically re-check it's possible removal of the role in the load op of hook_user(). this *should* counteract anything which might reset the user object in the page load -- any modules not using user_load to mess with the user object are doing it wrong.  :)

#90503 -- wrong help description at signup. patch by hunmonk. display proper help text based on minimum password length setting.