to redirect the user to the homepage, which prevents people from
circumventing javascript checks to log in. This check is sort of debatable
over its value, so might be removed later.

fields to be more consistent with forgotpass.php.

preconfigured prefix.

Added a password_validate function for checking if passwords are in valid
form. This might be made into a rule later.

and also to the first field that has an error.

"expiry" for things that time out, with regards to authentication.

on the page. Used by the form API.

  - Put the change password form in a fieldset.
  - Use password_validate for validation - moves almost all password validation
    into one place.
  - Login forms now check to see if javascript and cookies are enabled, and
    don't even display themselves if they're not available. Added a
    function to generate the necessary js for this.
  - Check for the test cookie being set in login_submit(), and redirect to
    the home page if it's not.
  - Added todo about using new transaction stuff

strings).

it in explicitly.

hook it in.