* Add they/them as example pronouns on the Edit Profile page and make
the examples clickable to fill them in easily.
* When viewing a photo gallery and you opt-out of explicit, have a link
to your settings page to opt-in.
* Update the rules on the homepage and signup page.
* Add a notice on DM pages about the privacy policy and TOS.
* Refactor the Settings page into a tabbed UI to reduce confusion with
all the different forms and save buttons
* Add a DM Privacy setting to your page
* Update the About page
* Add "Like" buttons to comments and forum posts.
* Make "private" profiles more private (logged-in users see only their profile
pic, display name, and can friend request or message, if they are not approved
friends of the private user)
* Add "logged-out view" visibility setting to profiles: to share a link to your
page on other sites. Opt-in setting - default is login required to view your
public profile page.
* CSRF cookie fix.
* Updated FAQ & Privacy pages.
* Add setting to mark profile as "private"
* If a profile is private you can't see their profile page or user photo
gallery unless you are friends (or admin)
* The Site Gallery never shows pictures from private profiles.
* Add HTML5 drag/drop upload support for photo gallery.
* Suppress SQL logging except in debug mode.
* Clean up extra logs.
Implement block lists. They work like friend lists but are unidirectional,
but take effect in both directions (blocker and blockee can not see one
another on the site -- except admin users can always see all users).
* Profile page says 404
* User gallery says 404
* User search page filters out blocked users
* Compose endpoint blocks sending messages to blocked users (except admin)
* Site Gallery filters photos by blocked (and uncertified) users
* Inbox page hides chat list for blocked users (can still read the chat
history if you have a link to the old thread)
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
* Add "Site Gallery" page showing all public+gallery member photos.
* Add "Certification Required" decorator for gallery and other main pages.
* Add the Certification Photo workflow:
* Users have a checklist on their dashboard to upload a profile pic
and post a certification selfie (two requirements)
* Admins notified by email when a new certification pic comes in.
* Admin can reject (w/ comment) or approve the pic.
* Users can re-upload or delete their pic at the cost of losing
certification status if they make any such changes.
* Users are emailed when their photo is either approved or rejected.
* User Preferences: can now save the explicit pref to your account.
* Explicit photos on user pages and site gallery are hidden if the
current user hasn't opted-in (user can always see their own explicit
photos regardless of the setting)
* If a user is viewing a member gallery and explicit pics are hidden, a
count of the number of explicit pics is shown to inform the user that
more DO exist, they just don't see them. The site gallery does not do
this and simply hides explicit photos.