#124589 -- Login on Access Denied (403) resets itself when module listing page is submitted. patch by matt@antinomia, gman.

#118517 -- Fix text substitution variables in revalidation e-mail.  patch by Benjamin Melancon and myself.

close XSS attack vectors in themed 'logged in' block, and login block message. some white space removal.

#85185 -- allow uid substitution in redirects. patch by hunmonk. redirects will now take %uid, and subsitute that with the user ID prior to the redirect.

#93104 -- Handling of blocked users. patch by hunmonk. only login users with an active status. also, since all new account creations using the set password option get an active status in the db, it's no longer necessary to add it in dynamically in the auth perm revoke code -- this was causing problems with status display.

#103233 -- Users always get active status even when site is configured to require admin approval on new account creation. patch by inactivist, hunmonk. user status should be set to active during LT registration only if the immediate login feature is enabled -- otherwise fall back to the site settings.

#92361 -- The pre-auth user feature does not work properly. patch by plumbley. since user_load() always includes the authenticated user permission, LT needs to specifically re-check it's possible removal of the role in the load op of hook_user(). this *should* counteract anything which might reset the user object in the page load -- any modules not using user_load to mess with the user object are doing it wrong.  :)

#90503 -- wrong help description at signup. patch by hunmonk. display proper help text based on minimum password length setting.

admins approving accounts via the admin validation link are no longer logged in as the user after validation. fixed bad call to cache table.

#83273 -- Improve password validation. patch by hunmonk.  make password length validation optional, and configurable by length.

#83273 -- Improve password validation. patch by torne. expand validation to allow all printable non-space characters.

moved all login block functionality to form_alter functions. created a separate logged in block. revamped email login validation check and got rid of custom lt login validation.

can't test for admin accounts based on status--use user_register var instead. no validation email is sent to user when using admin approval--fixed user message. allow site admins using admin approval to use validating url of users waiting for approval.

correcting doc for admin only approval. put a little more detail in the email the admin receives for approving accounts.

fixed login feature for accounts waiting for admin approval.  no need to block them, because they automatically get the LT temp role, which can be permissioned just like the anon role, and which revokes auth perms dynamically. don't print re-send validation link on sites that are admin approval.

updated to new t() approach. fixed some missing t() output filters, and corrected some grammer/code style issues.

switched to a password_confirm form element, and some other small adjustments to make the module compatible with the new instant login option in core.

#76188 -- Clarification on user profile pages.  alter description of user role form item on the user edit page when the selected user is in the pre-auth role, to properly indicate that they are not receiving auth user perms.