- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore)
- Add CSRF token generation and validation on all state-changing requests
- Replace random.choices with secrets.choice for all secure code generation
- Add session cookie security headers (HttpOnly, Secure, SameSite)
- Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning
- Add email communications system: templates per event, custom email sending, sent email tracking
- Add staff/organizer profile pages with staff code display
- New DB tables: event_email_templates, sent_emails, user_communications
- New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code
- Expand English translation strings across all new features
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add forgot_password and reset_password templates and routes
- Enhance profile.html with photo crop/zoom functionality
- Add attendee type management to edit_attendee.html
- Update templates styling and layout consistency
- Document database schema in SPEC.md
- Add CLAUDE.md project guidance
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Also update generate_type_code() to accept event_id parameter
for proper per-event uniqueness checking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Display and crop were using inconsistent coordinate systems.
Display now uses: translate(translateX+offsetX, translateY+offsetY) scale(zoomLevel)
Crop uses: srcX = -(offsetX + translateX) / scale
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>