7d7dbe627b
Password hashes are now stored in a TEXT attribute, not limited to 199 symbols. That limitation makes no sense as password hashes are not the kind of information to be indexed. Actually replace crypt() with password_verify() for password checking, current code left password_verify() unused. Only update passwords when they use a different algorithm from the current default. Previously "overwrite" meant rehashing every login. Replace the "argon" boolean option with "algorithm" and "algorithm_options" for better configurability. The default remains whichever is default for PHP's password_hash.
GNU social modules are like plugins but cannot be disabled. Having "mandatory plugins" allows to aggregate together, more logically, some of the core functionality, which makes it easier to find where a particular component was defined.