obvious)

signup process would be started without the current client IP address being
added to the 'failed login attempt' list. This means that brute force login
attempts using SSH or RLogin would usually not be subject to the loginAttempt
delays and logging/filtering settings (in sbbs.ini), since the usernames
attempted (e.g. root, admin) are usually not valid usernames.

More:
- Log failed password attempts before calling badlogin() -which can delay.
- Stop RLogin and SSH password prompt loop immediately if disconnected.
- Log RLogin and SSH passwords used for invalid usernames (when password
  logging is enabled in SCFG).
- Log attempted usernames in quotes (so prepenned or trailing whitespace is more
  obvious)

answer() set online to ON_REMOTE. This should resolve the issue with SSH brute
force password attackers hanging nodes in "new user applying for access".
The actual fix was to remove the set of the online variable to ON_REMOTE
in answer() (it's initialized to this value in the sbbs_t constructor), the
check in getkey() is just for extra paranoia and should not be necessary.

(sans angle brackets), before any "name alias" conversion - in addition to the
current matching (against just the name portion of the recipient address or the
aliased target). This allows external mail processor selection/filtering based
on 'to' address even when using an alias to go to a common user (e.g. user #1).

In printBoards, try to find the most recent non-deleted message to show as 'latest' - reported by Khelair.

Remove previous months from the DB on startup, if they are there - otherwise the DB will become swollen and irritated.

Don't try to read the entire sequence array and then choke on its impressive girth.  Keep working instead.

Recommend updating frame.js and sprite.js.  Corrected an incorrect path with a correction to the correct value so that people can set things up correctly.

the internal useron user_t.
This means adding some bbs.user_sync() calls back in.

Thanks Ragnorok.

been entered and checked.

Favour item.content for import as message body, if it exists.  Replace some HTML entities not caught by html_decode (more needs to be done here, and some if not all of it is derp.)  May cause dupe imports (I suggest only using this on subs that you are willing to pollute, for the time being.)

var GetStrMenu=765;

Set user.number to newuser.number and call user_sync().  login should do
this, so if this works, something is amiss.

This is likely not overly useful however aside from indicating a problem.

there are several control keys which have special use in this mode, but not in
others and Ctrl-Z is in fact different in both modes (raw input vs. undo).
Updated the default ControlKeyMenu text.dat string (e.g. removed Ctrl-S and
Ctrl-Q since they actually have no globally defined use).

Fix Ctrl-Z/Undo so it only redisplays from the correct column/offset.
Note: K_NOECHO mode appears to still have some bugs if/when K_EDIT is also
used (which would be a weird combination of modes).

user.stats is read-only... don't try changing it (this is taken care of
by syste.mnewuser()).
Don't use the newuser object after the user is logged in.