Move IpCounter to date-based tmpdir storage with daily cleanup

IpCounter files were stored in the cache directory without cleanup,
causing inode exhaustion on busy sites. Files are now stored in
tmp

Move IpCounter to date-based tmpdir storage with daily cleanup

IpCounter files were stored in the cache directory without cleanup,
causing inode exhaustion on busy sites. Files are now stored in
tmpdir/captcha/ip/Y-m-d/ with automatic daily cleanup via indexer.

Also reorganizes FileCookie to tmpdir/captcha/cookie/Y-m-d/ for
consistency and moves timeout config loading into IpCounter constructor.

fixes #146

show more ...

Add exponential timeout for failed login attempts

Introduces a configurable brute-force protection mechanism that enforces
increasing wait times between login attempts. The timeout doubles with
each

Add exponential timeout for failed login attempts

Introduces a configurable brute-force protection mechanism that enforces
increasing wait times between login attempts. The timeout doubles with
each failure (e.g., 5s → 10s → 20s → ...) up to a configurable maximum.

New settings:
- logindenial: Base timeout in seconds (0 to disable)
- logindenial_max: Maximum timeout cap (default 1 hour)

The feature works independently of CAPTCHA protection - failed attempts
are tracked per IP using the existing IpCounter mechanism, and users
are shown the remaining wait time when blocked.

show more ...

added bruteforce protection on login

The new default for protecting the login now takes failed logins from
the originating IP into account.