Fix long standing bug with the global JS function login():
A few *service.js scripts call this function without a password argument (the second argument), e.g. login("guest"); If there was no guest account (or the guest account had a password assigned), this would result in a failed login attempt as "guest" along with a garbage password (e.g. a floating point number, like 3.7042561) and since it would be a unique garbage password for each login() call without an actual password specified, these login() calls would be counted as unique failed login attempts and potentially cause the client's IP address to be added to the hack.log and even ip.can (IP address filter). As seen on Mortifis' system where VERT was filtereed due to "SUSPECTED NNTP LOGIN HACK ATTEMPT", likely due to the daily sbbslist verifications when just perform a TCP connection and no actual login attempt, but nntpservice.js would still call login("guest") before the client (vert) would be disconnected.
Showing with 7 additions and 6 deletions