improve wording
hashed password support, and empty password security fix This implements the previously documented hashed password support. While implementing that, I noticed a security hole, which this commit also fixes..
- finish user registration and password request email - make sure a user is in the userdb before assuming they're logged on based on session info (allows deleting uerdb item and invalidating all sessions)