pages:

- 404
- maintenance
- /logout
- privacy info



unimplemented:

- view friend/blocked/request list
- game stuff:
	- rulesets
	- timer / time limit



website fixes:

- unaccessible when not logged in:
	- /user/* pages
	- /settings
- unaccessible when logged in:
	- /register
	- /login



backend fixes:

- don't include unrated games in rating.py



security measures:

- repeated login prevention
- api rate limiting
- write unit tests
- bind tokens to ip adress (csrf)