checkout for the moment.

Modified all forms to use the new one.

Changed the file_content_check script to ignore language strings with
variables in their name.

some safe_require calls to be simpler now that better defaults are
available.

robots to move about the site.

while users are browsing around the admin section, as they may have been
made not an admin anymore, or even made into an admin while they were
logged in.

  - Put the change password form in a fieldset.
  - Use password_validate for validation - moves almost all password validation
    into one place.
  - Login forms now check to see if javascript and cookies are enabled, and
    don't even display themselves if they're not available. Added a
    function to generate the necessary js for this.
  - Check for the test cookie being set in login_submit(), and redirect to
    the home page if it's not.
  - Added todo about using new transaction stuff

the URL to draw a login form.

being for internal authentication only. Removed some unnecessary debug
lines.

  - changed auth_check_password_change to just source $USER directly
  - implemented auth_get_authtype_for_institution
  - changed auth_check_password_change to allow any authentication method
    to change the password, if they specify a config url or if they
    implement a method
  - changed change_password_validate to allow any authentication method to
    validate a password
  - changed change_password_submit to allow any authentication method to
    update a password
  - added a register link to the login box
  - inlined the expire/suspended checks, since they only need to be checked
    in one place. Allowed any method to say who is suspended

those things at the appropriate moments. Suspended/expired users can't log
in.

Made sure that password change checking is done in the correct places when
a user has logged in.

Fixed some subtle authentication bugs, such as when a session times out
immediately after logging in, where before the behaviour was undefined.

very intuitive behaviour.

is public. Check for the password having being changed just after the
login_submit function has determined that the user is logged in.

and implementing the change form.

  * Removed three methods that are unused
  * Changed log_dbg calls to log_debug, which is what the function is now
    called
  * Removed language section reference that only adds bloat now there is a
    default
  * Removed a couple of done TODOs
  * Added a function that allows each authentication method to validate
    their own configuration form.

slurping cancel requests from other forms.

and fixed up references to Auth_* classes.

stuff no longer needed.

follow, but also to support the form validation a lot better.

an authentication configuration form for each plugin.
Use redirect() instead of header() and exit.
Use helper function to call a static method when we have the class name in
a variable.
Some better commenting for the login related form functions.

although they may be removed.

Check for whether the system is actually installed instead of checking for
if the version is available, which allows the install to proceed without
the user being bothered by pesky details such as having to log in when no
accounts are available.

Get the auth script from the new location, which will change to
safe_require when I get hold of it.