geozak

For this project it might be right that this is just a all on or all off feature because the most sites don't need to restrict user from accessing with...

About point 1 This is not a change that is necessary inside the framework. The show profile are not meant to part of a final site; they meant to be...

Can we close this thread and then after looking into the code base more bring up a specific issue with security or performance in a section of the code.

This thread is not being productive for any of the parties here. By more specific I mean can you point out what line or section of code is causing this...

Its not being productive because of the attitudes that has been presented. I put an effort it to hopefully turn it productive. I have addressed the usage of MD5 and...

What are we securing here? Literally a rand value that we are generating. If an attacker does crack the hashed value it is literally of no use for anything because...

You could hash them like git commit id hashes. Just take the first 7 or so characters and to prevent collisions when generating the value check if the shorted hash...

Although I am not sure of the necessity of this is either as the user_id is just a pointer to internal information. I haven't seen anything in the huge repo...

What should the default max number of attempts be?

I haven't finished applying the changes with using the database like you asked. I went to hang out with friends so I pushed the code online. I'm going to sleep...