Version 1.4.2 release

Important update!
1.4.1 and lower versions have a SQL exploit with the getGroups and getUsers actions. See below for more information.

You can now:

• Get users by IP address [7634729].
• Get users by array [ecf9c20].
• Get user upgrades when grabbing a user [ec3c284].
• Filter threads by discussion_state in getThreads [b874c73].

Other fixes/stuff:

• Fixed SQL injection exploit [00a737a], reported by Julien Ahrens, http://www.rcesecurity.com/, thanks! See BuqTraq.
• Fixed unserialize on editUser [3047503].
• Added discussion_state parameter to createThread [bc7de18].
• Fixed issue with avatars not returning the correct URL [feffe8b].
• Send email on registration if user state is email_confirm [1ec9e71].
• Removed unneeded breaks, the API should now work with PHP7 [fbcf0b1].

Version 1.4.1 release

You can now:

• Search through the forum [2b0f275], [fdd1782] and [9d217a3]
• Login the user from an external website (this would start a session via a browser cookie, see PHP wrapper for example) [b94d45c]
• Get all the available user upgrades and all the active user upgrades of an user [5330874], [b929929], [cd308c5] and [afa06df]
• Upgrade and downgrade an user [34e852c] and [616df34]
• Grab the custom fields of an user/thread/node (via Custom Fields by Waindigo) [3453df3]
• Edit threads (you can't edit the message of the thread yet, but this can be done via editPost instead for now) [0cc8407]
• Edit posts [5bd97cf]
• Delete users [27186b6]

Other fixes/stuff:

• getPost(s) and getThread(s) now return an additional field called "message_html" which contained the BBCode parsed into HTML via XenForo [8d3fe47] and [30a0ed0]
• Added an initial PHP wrapper class that can be used on other projects [c941f55]
• Added a static variable for the default API key, this should make it easier for users to understand how to edit the API key [7373c41]