Mostly [s]printf format fixups

Previously, many servers and services didn't support login by real name
(e.g. issue #469) even if the sysop had that option enabled in SCFG.

Move login control settings from node.ini to system (main.ini -> login)

The 3 node toggle options:
- Allow Login by User Number
- Allow Login by Real Name
- Always Prompt for Password

... have been now moved from SCFG->Nodes->Node x->Toggle Options to
SCFG-System->Toggle Options.

If you upgraded to v3.20a before now, you'll want to double-check these
settings to make sure they're how you want them set. New upgraders that run
upgrade_to_v320.js (e.g. via 'jsexec update') will get these settings migrated
automatically.

Added some error detection/logging to upgrade_to_v320.js when failing to open
.cnf files.

Constified some more user/login related function args and return types.

This addresses issue #459 (Synchronet never allowed SSH-auth via real name)

Also, localize the "valid real name" checking logic into a single new function:
check_realname()

Also resolved some 32 vs 64-bit 'long' issues/ambiguities that have long-remained. :-)

This commit also removes logon.lst file support.

There's a TODO block remaining in js_user.c for setting portions of a user's birthdate (e.g. just the year or month or day).

As Andre pointed out while documenting this setting on the wiki, the option seemed confusing: if a sysop could not login with "system operator access", how could they login at all? Answer: they could not.

This setting used to be called "Allow Remote Sysop Logins", back when there was the concept of a "local login", so setting this option to "No" would mean that user accounts with sysop access could only be used for *local* login. But in Synchronet v3, there's really no such concept as a "local login", so it was changed to just "Allow Sysop Logins" (period) and not a lot of thought given to how/why a sysop would actually set to this "No" or what the implications would be (presumably, nobody ever sets this to "No").

So rather than just get rid if the option altogether, I changed it to mean: an account with sysop access (i.e. level 90+) can still login, but any action that normally requires the system password will not be allowed. This includes the sysop-actions available in the FTP server when authenticating with <user-pass>:<system-pass> as the password. The sysop-user can still authenticate (and login), but none of those sysop-actions will be available to them.

Feature requested (?) by u/jumbotronjim on https://www.reddit.com/r/synchronet/:

If the client connection is from a blocked IP address (in ip[-silent].can), but still manages to get through the web server and websocketservice and have their correct IP address reported via Telnet Location, terminate the connection. Seems dubious.

In preparation for node-spy applications that can support multiple terminal sizes/types (none exist yet). The file is updated whenever there is new/updated information about the client's terminal.

Exposed as JS method: console.term_updated().

This appears to go back to a change Deuce made in 2004 (rev 1.41) where ANSI, COLOR, RIP and WIP user terminal settings were always cleared when logging in via RLogin.

I happened to notice that manually enabling iCE color support wasn't working when logging in via RLogin (the iCE color flag would be cleared every login, but worked fine when logging in via Telnet). Upon investigation, I found that *all* user's manual terminal settings were cleared for either RLogin or SSH logins (copy/pasted bug). So... stop doing that. The method of dynamic terminal capability detection/checking has changed since 2004, so we should not need to mess with the user's misc flags.

This message can be logged when a sysop is prompted for the system password and enters it incorrectly or just disconnects.

So lower the log level to DEBUG. And include the IP address that we searched for too.

automatically revert to Raw/TCP mode. This resolves the issue of users that
connect using modem/serial emulators over TCP that do not actually support Telnet and then either try to transfer files, which usually will not work due to escaped (or unescaped) IAC (0xFF) characters, or the user may be sent Telnet Go Ahead (GA) sequences which may display as periodic garbage in their terminal program.

This seemed like a better solution than having (yet another) dedicated terminal server port for "raw" connections over TCP, though a "raw" port still might not be a bad idea for a future enhancement. RLogin is already super close to "raw", so it's probably not really necessary to have another port configured/listening.

- hot spots are clickable screen areas (e.g. in menus and prompts) that   generate key-strokes
- commands may be from 1 to 127 ASCII-characters in length
- currently using the X10 mouse reporting mode, may change
- all mnemonics strings (~Example) are automatically hot-spots
- The new ~ @-code defines a hot spot
- Any screen-clear operation clears all hot spots
- sbbs now tracks the current screen (cursor position) row
- eliminated the old "tos" (top-of-screen) boolean (row == 0 indicates "tos")
- created an sbbs_t::ungetstr() method
- keep track if in pause (hit a key) prompt, for special mouse behavior

new JS console object:
- row property
- tos property is now read-only (and deprecated)
- new methods:
  add_hotspot()
  clear_hotspots()
  scroll_hotspots()

redrwstr() gets some UTF8 touch-ups as part of this commit. <shrug>

Fixed bug: for RLogin and SSH, if an invalid (e.g. blank) passsword was
provided during the handshake, an "Invalid Logon" would be displayed followed
by a "Passowrord: " prompt, giving the user an opportunity to reenter the
correct password. Only problem: this only worked for sysop accounts. Normal
users would just be disconnected after they entere (any) password, correct
or not.

This bug is very old in the RLogin support and appears to have been copy/pasted
for the SSH Login bit too.

and RLogin attempts.
It looks like someone copy/pasted the wrong lines from login.cpp.

an invalid login for a random (the last read?) user account with a user number
of 0.

(should default to current behavior: Yes). Set to No to not require the system
password while logging in as a system operator (level >= 90). The system
password will be required while logged-on and performing administrative-like
operations.
Added by request from Altere.

Unexpectedly, a ZWNBSP (U+FEFF) received/echoed by the MacOS Terminal while in
the first column causes a subsequent cursor position report to indicate the 2nd
column as the current only. I suppose in some weird world a zero-width
character can can't as a column position. So if the cursor position has moved
less than 2 columns (not exactly 0 columns), then consider it a UTF-8 terminal.
Non-UTF-8 terminals normally move the cursor 3 columns when echoing a UTF-8
encoded ZWNBSP. So to summarize, when echoing a ZWNBSP:

- Non-UTF-8 terminals: moves 3 columns
- MacOS terminal: moves 1 columns
- Other UTF-8 terminals: moves 0 columns

use socket I/O (e.g. sexyz, door32.sys doors, sync-xsdk doors) - not just when
the client is connected via SSH. This solves a number of problems:
- programs that change socket options
- programs that don't support non-CP437 charsets (e.g. PETSCII, UTF-8)
- programs that don't support Telnet-IAC escaping

This greatly simplifies (reduces the need for) input_thread locking.

The passthru_thread now handles chunks of up to 4000 bytes per transfer
between socket and ringbuf, instead of a char at a time, greatly improving the
performance.

(CID) variable, even when the client isn't SEXPOTS.

need that internal for SSH and RLogin support of fast-logons.
So, now, even if logging in via SSH or Rlogin, the sys_status SS_FASTLOGON
flag will be set when the user specifies "!username-or-number" during logon and
then the logon.js can use that to determine what to display (or not) to the
user, during logon.

The QWK logon support ("*username-or-number") is also handled in this new
sbbs_t method: parse_login().

This means the fast_logon_char is no longer configurable (hard-coded to '!')
and the modopts.ini options are going to be parsed by logon.js from the [logon]
section (not the [login] section).

You still must set fast_logon=true in the [logon] section of modopts.ini to
enable the fast-logon option for users.

using the version to determine what's supported (and isn't).

to have the NO_EXASCII (plain-ASCII only) set if the logged in without a
successful auto-terminal-type detection.
And with sbbs_t::term_supports(), we don't need useron.misc to reflect the
auto-detected-terminal-type any longer.

translation from CP437 -> UTF-8 and only when using high-level text output
functions - so the output from native/DOS doors and scripts that use low-level
output methods won't be translated.
UTF-8 is auto-detected (only) at this time during answer (before login) by
sending a ZWNBSP and checking (via ANSI) if the cursor position moved - an
idea "borrowed" from Ozz Nixon (aka SqZ).

This commit requires the new "encode" library (src/encode), so you may need
to perform a cvs checkout to get that module!

Newly supported files: text/menu/*.msg (higher priority than .asc when the
terminal supports IBM extened ASCII, aka CP437). These are the same format
as .asc files (and supported more readily by PabloDraw).
Newly supported files: text/menu/*.seq - native PETSCII files for PETSCII
terminals only. Support in the underlying putmsg() function is still
pending.
Also, the text/*.msg files now supports alternative file formats for
RIP/ANSI/PETSCII, if the files exist.
WIP menu support removal.
The new menu/display file selection priority will be detailed on
wiki.synchro.net, but rest assured, it's backwards compatible with
the previous/old priority with the exception of the removal of WIP support
and HTML support.

So Omegix recently asked in the Synchronet Discussion group whether or not
a PETSCII (Commodore) terminal could be used to access his Synchronet BBS.
Now, the answer is "Yes". :-)
The major issues addressed:

- detecting a PETSCII terminal, solved by assigning specific (configurable):
  TCP ports to be used for incoming PETSCII connections, by default:
  port 64 is for 40-column PETSCII and port 128 is for 80-column PETSCII,
  but if the terminal sends a Telnet Window Size reply (e.g. SyncTERM), then
  either size terminal should fine on either port.
  The port numbers are configurable in the [BBS] section of your sbbs.ini
  file using the new keys: PET40Port (default value: 64) and PET80Port
  (default value: 128). Having these keys set doesn't make make the terminal
  server listen on that additional port - you'll need to add more
  IP:port combinations to one of Interfaces values, example:
    TelnetInterface=71.95.196.34,71.95.196.34:64,71.95.196.34:128
  And you don't have to use Telnet for the PETSCII connections - you could use
  RLogin or SSH instead (or in addition).

- support for terminal widths < 80 columns:
  This was achieved through a combination of text.dat changes (numerous),
  new Ctrl-A and @-codes and new optional terminal-width-specific menu files
  (e.g. text/menu/main.40col.asc)
  A side effect of these changes is actually better support for terminals
  *wider* than 80 columns as well!

- support for terminals that don't expand tabs to spaces (e.g. PETSCII):
  The terminal server now handles tab expansion with a run-time settable
  tab-size (default size: 8)

- conditional access based on PETSCII (or small) terminal use (or not):
  + New PETSCII ARS keyword (boolean)
  + New COLS and ROWS ARS keywords (for terminal width and height requirements)
  + New TERM (string) ARS keyword

New @-codes:
  - WORDWRAP, when placed at the top of a file, enables auto-wordwrap for
              lines longer than the terminal width
  - CENTER, the text following before an end of line will be displayed centered
            on the terminal (whatever the width, in columns)
  - CLEAR, like CLS, except it ignores (doesn't display) a CRLF that follows
  - COLS, current number of terminal columns (width)
  - ROWS, current number of terminal rows (height)
  - TERM, the auto-detected or reported terminal type (e.g. ANSI, TTY, etc.)
  - SYSONLY, toggles "echo" (display) off/back-on for non-sysops
            similar to the Ctrl-A( and ) codes, but more convenient to use
            (and PabloDraw won't strip the @-code from the file like it does
             with Ctrl-A codes it doesn't support)

New Ctrl-A codes:
  - \ conditional new-line/continuation when the terminal width is < 80 cols
      prints the new text.dat string LongLineContinuationPrefix

yesno() will now return true if passed a blank string.
noyes() will now return false if passed a blank string.
getstr()'s input length limiting based on terminal width is more broadly
           applied now (not just when using the K_LINE mode flag).

New JS bbs object method: menu_exists(<base_filename>) returns Boolean
New JS console object property: tabstop (Number)
New JS console object methods: getbyte() and putbyte() to recv/send raw byte
    value with (very little) interpretation/intervention by the terminal server
New JS console object method: creturn() - performs a carriage return
    (or equivalent)
New JS (and C) printfile() mode flag: P_TRUNCATE, causes long lines to be
    truncated, rather than displaying causing a line-wrap.

New text.dat strings:
  - NoAccessTerminal (for ARS check failures)
  - LongLineContinuationPrefix (for breaking long lines for 40col terminals)
  - Scanning (replaces a previously hard-coded "Scanning" string)
  - Done (replaces a previusly hard-coded "Done")
  - Scanned  (when finished scannning, clears the progress bar)

("Node X", user alias, etc.) - so removing a lot of the redundancies.
Also, logging the current timed event code and other prefixes in the
event thread log messages - something I've wanted for a while now.
There might be some redundant "Node X" strings, so if you see some funny
looking log message, please let me know.

userdatdupe() to match the passed login-id (username):
*  This allows more permissive username matching, e.g. if your user name
   is "Analog Kid", you could login with "analogkid", "analog.kid" or
   "analog_kid", which is handy when passing a user name on the command
   line (e.g. to an ssh client) for example.
*  This is the same function used for Telnet logins via exec/login.js

- Using NOTCICE (not INFO) log level.
- Move the protocol name after Node X and remove the colon.

new user signup process with that name (just fall-through to a normal login
prompt).

Over-hauled the ANSI detection a bit too.

code included. As far as I know, no one is using one.

The JS-modeled user object's ip_address and host_name property values did not
reflect the current connection during logon events (JS modules executed during
logon, e.g. logon.js). Moved the initialization of the current user
(sbbs_t::useron) ipaddr and comp field to sbbs_t::logon() rather than when
control returns to sbbs_t::answer(). Removed the (now) redundant saves of these
user fields from answer().