Changing passwords might not be available.

When a user logs in, the password expiry time is checked and compared to
the $conf['auth']['ad']['expirywarn'] setting (in days). If the password
is about to expire in the specified timeframe, a warning is issued on
login.

This patch adds a new method to the adLDAP class for querying domain
parameters.

This fixes password changing operations: password change and user
modification are two different operations on the AD backend - the user
modification should not be done on password only changes.

Now params_toarray() correctly decodes parameters on parsing query
strings

From the release notes: This release fixes a few bugs, including a major URL
parsing bug, where URLs with query strings were parsed incorrectly.

This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid information loss when a user logs in during
editing (eg in another tab).

show accesskey also on actionlink title and add accesskey parameter only if a key is defined (FS#2226)

The login wasn't able to modify the session as it was already closed
earlier.

This patch also executes the correct event when logins via XMLRPC are
done.

patch by Chris Green

If the user is already logged in, a 403 is sent instead now.

This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sending proper
status codes should be implemented when the API implementation
refactoring is done.

unset does not reset the Array's internal pointer which messes up later
calls. array_pop is still much faster than array_splice