** Version 1.0.4
	- change in the MySQLdb API: insert_id () replaced with lastrowid.
	- Cookie support for GRUF with Plone.
	- In m_USerInfo.dtml, url_quote is added for usernames in link hrefs.

** Version 1.0.3

	- "import" fix in db.py. On some installations this produced import error.

** Version 1.0.2

	- Fix in _doDelUsers () used by GRUF (Thanks to Kai)

** Version 1.0.1

	- __check_connection () was missing in authenticate (). (Thanks to
		Matthias Kleinschmidt).

	- v_userdb.change_user_roles () now filters out system roles, so 
		it doesn't write them into the database - there was a problem with
		Plone calling _doChangeUser (). (Thanks to Matthias Kleinschmidt).

** Version 1.0.0

	- Don't connect () on __setstate__ (), but on the first request. This 
		fixes some performase issues when there are lot of thread creations.

** Version 0.9.2

	- There is a new cfg option AUTO_CREATE_ROLES. It will create all roles
		from user.change_user_roles () that don't exist.

** Version 0.9.2-pre2

	- fixed typo in manage_create_users ()

	- authenticate () works if GRUF passes None as username or password.


** Version 0.9.2-pre1

	- renamed authenticate () to authenticate_main (), and same for 
		authorize () to avoid confusion with corresponding functions of the
		basic user folder. Implemented authenticate () interface function.

	- _getPassword () implemented for the user object, this is needed for GRUF.

	- don't raise an error if adding roles to the parent folder fails in
		mysqlUserFolder creation and role creation.

	- _doAdd/Delete/Change functions are implemented.

	- Now it is possible to create/change user without any roles - 
		manage_users_create () and manage_users_change_roles () are fixed 
		(thanks to Alex).

	- It is also possible to leave anon_create_role empty, so new users created
		with user_create are without roles (thanks to Reale Fabrizio).

	- If MySQLDB returns SERVER_GONE or SERVER_LOST, __do_query () will 
		automaticaly reconnect and reexecute the query without raising an 
		error. 

	- pwe_md5_crypt () looks a bit nicer now. (thanks to Lance Pillay).

	- getClinetAddress () method of Zope 2.7 is now supported. Variable
		REQUEST_RADDR_FIELD is ignored on Zope >= 2.7.

	- validate_domain_spec () changed to work properly with Zope 2.7, 
		REQUEST_RHOST_FIELD removed from cfg.py. Domain spec validation is now
		done by zope function. This means that REQUEST_RADDR_FIELD is always
		ignored for this purpose.

	- implemented hasUsers () method.

** Version 0.9.1

	- docLogin method now receives parameter exception_raised if it is raised
		as an exception. This is needed because in this case, method is 
		displayed inside standard_error_message method (so HTML headers should
		not be included).

	- If exception is raised during query, connection is marked (new DB API 
		function is added: has_errors ()). Main code checks this flag, and
		reconnects in case of errors.

	- MD5 digest support (thanks to Filippo Natali). Password field in the 
		database now has to have length 32.

	- Ignore error if crypt is not avaiable (it is UNIX specific).

	- manage_contents is renamed to manage_main. Add/Delete/Copy/... buttons
		expect this name.

	- Code will now work even if domains specification is None (although it 
		shouldn't be - field is NOT NULL).

** Version 0.9.0

	- Domain specification for users now works.

	- user_* functions are now protected by permissions. There is "Advanced"
		management tab where it is possible to easily setup proxy roles for 
		"ACT" methods.

	- System now supports crypt () passwords. Also, there is a special 
		INVALID_PASSWORD_TYPE which denies authentication.

	- It is now possible not to put expires attribute for cookies so they
		will not be stored when browser exits.

	- Some cfg parameters are now stored in the folder object:
		life, timeout and persistence for session and user cookies,
		logging configuration.

	- Management screen improvements: management screens rearranged;
		fixed warning "manage_main != manage_contents"; after UserEdit submit
		user is return to the user edit screen.

	- Property dtml_user_dir is now visible only during creation, since it
		is not used after.

	- __connect () errors are silently dropped in __setstate__ (). 
		Interface functions	will __connect () if there is a need. Errors are
		handled gracefully where possible in manage functions. New interface
		functions is_connected () is created. 

	- validate () will work without DB connection if VALIDATE_ALWAYS_SUPER is 
		set. Some management screens will work without DB connection - now it
		is possible to change DB parameters when there is no connection.

	- getUserNames () now can filter results based on optional role.

	- Fixed missing "return" when VALIDATE_ONLY_ANONYMOUS is set.

	- DTMLFile is used instead of HTMLFile for management screens. Management 
		DTML methods now use Zope's manage_page_header/footer.

	- manage_addMySQLRoles now calls _addRoles ().

	- Module random is used now instead of whrandom

** Version 0.6.4

	- Function get_path_from_request () now users REQUEST ['URL'] to
		construct request url. (thanks to Stephen Snyder).

	- If tokens have invalid value, they are deleted from the cache. 
		Previously, it was done only for expired tokens.

	- Debug logging improvements.
	 
** Version 0.6.3

	- mysqlUserFolder is now forcing basic authentication on certain ports even
		if cookies are used (so FTP can be used).

	- authorize () calls BasicUserFolder.authorize () now.

	- URL Query string is also passed in login_goto if exception is raised 
		during processing. This means that user will go to the target page 
		including parameters after login.

	- Management screen supports changing roles (thanks to Remi Houdaille).

	- Multiple roles support when creating users (thanks to Remi Houdaille).

	- Other small improvements in management screens.

	- db.py: Tables are unlocked when exception is raised.

	- Size of the username and email fields is increased to 60 in sql 
		creation script. Management dtml methods support now getting field
		sizes from cfg.py

	- New parameter mysql unix socket added.
	
	- CACHE_USER_LIFE decreased to 60 in cfg.py

** Version 0.6.2

	- If roles argument passed in validate is None, assume Anonymous.

	- Users now have role "AUTHENTICATED".

	- Two levels of debug messages.

** Version 0.6.1

	- Cookie path and domain are now configurable.

	- Security options VALIDATE_IGNORE_ROLES and VALIDATE_ONLY_ANONYMOUS.

	- QUERY_STRING is also logged.

	- Changed [] -> () in "unlock tables" call. No more problems with 
		MySQLdb 0.9.0 (thanks to  Albert Ting <alt@sonic.net>).
	
	- Cleared references to manage_cache. Also deleted reconnect option 
		from management screen.

	- Deleting users from the management screen works again.
	

** Version 0.6.0
	
	- User, session and token caching.
	
	- Fixed cookie expiration time string when locale is used. Private
		function is used instead of strftime ().

	- Tokens database now has field Realm. This prevents using a same session
		for different realms.
	
	- Added minimal expiry time for cookies.
	
	- UserDb.refresh_user () now returns status.

** Version 0.5.3
	
	- mysqlUserFolder now works with MySQLdb 0.3.2 (int -> long change). Also
		there should be no more problems with non English characters.
		mysqlUserFolder now uses MySQLdb query parameters.

	- User dtmls now set no-cache headers.

	- Logging table is changed: remote address in now logged. Also, failed
		cookie logging attempts are logged.
		This isn't final logging system, there will be more changes. 

	- user_login (): login_goto_path is passed to docLogin in case of failed
		login.

** Version 0.5.3d1
	
	- Cookie names can use realm, so users can be authenticated by multiple
		folders using different realms.

** Version 0.5.2

	- Session logging. Also, new table Log. This is still experimental,
		meta_type and size doesn't work for some objects. Table is going to
		be changed in future releases.

	- SECURITY: Fix for db.del_user (), user sessions and tokens are now
		deleted, when user is deleted. Please see MySQL database section in
		README.

	- Fix for INSTANCE_HOME installations.
	
	- Fixed error in __get_session_user (): Changing realm can lead to an
		error if there are old sessions.

	- Typing error in __setup_session () fixed.

	- Management interface improvements, thanks to 
		Andre Schubert <andre.schubert@geyer.kabeljournal.de>

	- Documentation updates.

** Version 0.5.1

	- Compliance of User and Session classes with Zope security system
		(Zope 2.2).

	- Changes in the TokenDb API: General (not just cookie) token support.

	- getUser () was not returning completely initialized user object.

	- Cookies: expire them before setting.

	- Session authentication method now checks realm.

	- SECURITY: Bugs fixed in session handling code: there was possibility
		that user was authenticated with UF using different realm.

	- Typing error in use_login (): Session was not terminated when
		authenticated user logs as another user.

	- validate (): Now, Anonymous is not authenticated when http auth is
		used.  In this case, Zope's root user folder should do the
		authentication.

	- getUser () now returns user object that is not wrapped. Don't know why
		zope wants it in this way, but otherwise there are problems.

	- User's miscdata were not deleted when user was deleted.

	- Session and user timeouts are changed.

	- DTML properties screen was not showing correct database name.
		
** Version 0.5.0

	- Complete redesign: session support, Zope 2.2, editable user dtmls.

	- Authentication process is changed.

	- MySQL tables are changed (tables Users and Roles are not changed). 

	- MiscData get function now returns default values for keys that don't
		exist.

