I’m moving away from the elder GET/POST background that Rollator was founded upon for authentication – it’s vulnerable to various issues, and, well, I was lazy.

I’ve changed to cookie based authentication now, with the password stored as a salt with a 5 minute timeout, which is localized via $qboffset.

I’m rewriting various routines, and in the mist of creating a ‘super user’ format, which will be the same as qbadmin; similar to root, and sub-users may be added and authenticated via various means.

I need to rewrite the URL uploading function – it’s fairly dependant upon my predefined globals, and, well, it’s pretty dumb.