I was trying to be smart by calling the same registration event as 'register'
when doing EmailRegistration. However, that event is so low-bandwidth that plugins
go fingerpoken in all the attributes and call methods on the passed-in action and
things like that.
So, now we just fall back to using the low-level stuff, catch any
exceptions, and feel happy. Some stuff might not work, but it's
generally anti-spam stuff more suited to public sites.
'admin' is a pretty common username that people try when installing;
it was blacklisted because all of our admin panels were at /admin/*,
which would conflict with the admin user's namespace.
Changed the location of all admin panels to /panel/*, blacklisted the
nickname 'panel', and allowed 'admin'. Tested with a fresh install;
seems to work great.
We were bumping into limits on the config format in the Blacklist
plugin. So, added new tables for nickname and homepage blacklists, and
changed the plugin to use those instead of config file (actually,
still uses config file in addition, for compatibility).
First version of blacklist plugin. Replaces custom code in identi.ca's
config.php, which was getting scary and long. Also correctly handles
changed nicknames or URLs in profile settings and using 'forbidden'
URLs in notice text.
