by hunmonk: add an 'Override destination paramter' setting, enabled by default. this gives admins the option to allow LT to force it's redirect paths over a passed destination parameter. related to solving #604492

#604508 by hunmonk: 'Use two e-mail fields on registration form' setting breaks OpenID registrations. this fixes the LT-related problem, but the openid registration process itself may still be broken -- see #216101

#232467 by mfer, benroot, hunmonk: OpenID logins broken when 'Allow users to login using their e-mail address' setting is enabled.

#492486 by mikehostetler: Array merge of user_register_submit function squashes pre-defined user_register_submit functions.

#564062 by Matthew Davidson, hunmonk: Admin created accounts should have password length validation.

#513372 by hunmonk: 'Account activated' email not sent if new user manually removed from pre-auth role.

#368699 by hunmonk: re-send validation link always appears if non-authenticated role is set to auth user.

#413916 by hunmonk, rfay: New users deleted inappropriately.  this fixes the no-so-well-implemented auto user deletion feature -- much more stable and less dangerous now.

#291006 by hunmonk: Email validate link landing page inconsistency. see logintoboggan_update_6001 for details on this change.

#320162 by xurizaemon: LoginToboggan prevents use of spaces in passwords, breaking passphrase functionality.

#291001 by hunmonk: Allow One Time Login To Be Used Only Once. the previous solution was very broken --this one has been more well tested.

#254387 by drewish, hunmonk: Redirecting after access denied doesn't work with language path prefixes. conditionally remove the language prefix if present.

#238660 by hunmonk: Allow user admins to re-send validation e-mail. thanks to manoloka for sponsoring the work on this patch.

#239571 by hunmonk: fix broken mailing functionality. Resend validation email code is now properly updated to 6.x, logintoboggan_mail() was not using user saved mail subjects/bodies.

#204383 by hunmonk: User can register with email address. cleaned up validation code of duplicate username/email for the case where login with email is enabled. ripped out some duplicate code.

#215999 by hunmonk: Login on Access Denied resets itself when module listing page is submitted and there is a module dependency for logintoboggan. broke this check out into a FAPI validation function, and added a check to see if the module checkbox is disabled.

clean up validation problems with users changing their username/email to another user's username/email when login w/ email is enabled.

#204600 by hunmonk: theme_lt_username_title can not be overwritten in template.php. replace all hardcoded theme calls with proper calls to theme().

#204383 by hunmonk: User can register with email address -- doc error. removed faulty doc -- users have always been able to register w/ an email address for a username. tightened check for usernames that are already taken as email addresses by another user.