1. 23 Jan, 2022 10 commits
  2. 22 Jan, 2022 7 commits
    • Rob Swindell's avatar
      Add the 'O' (post using real name) restriction flag. · 927a1494
      Rob Swindell authored
      Oh, QWKnet nodes ('Q' restricted accounts) are impacted by this restriction
      since the poster's name isn't taken from the user account anyway.
      927a1494
    • Rob Swindell's avatar
      Handle duplicate names and aliases better · 55be2129
      Rob Swindell authored
      So some cute user (mine@demon.com) created a new user account on Vertrauen with the alias and real name of "Rob Swindell". Funny.
      
      Now, duplicate user aliases are already and always forbidden (even those that just vaguely match an existing alias) - everyone expects those to be unique. And we already forbid new user real names to match an existing user alias (check_name() enforces this and we use that when checking new user real names too), however, nothing prevented a new user account's alias from matching another existing user's real name. And this is a problem:
      
      1. This new/fake user could post a message or send an email/netmail and it would appear to possibly come from the other/original user (we do have options to send mail and post messages using real names)
      
      2. Received email for real names is supported and if enabled, this second account could be used to intercept mail for the original/first account if it was receiving mail for the original/real user's real name.
      
      So disallowing a new user's real name to match an existing alias fixes one problem. 
      However, systems *can* be configured to allow duplicate real names (which is convenient for QWKnet accounts, for example) and so we needed another solution for that problem: meet the 'O' restriction. This restriction flag will prevent a user account from posting messages no sub-boards that require real names. New user accounts that have a duplicate real name (the same as another user account's real name), will automatically be assigned the 'O' restriction flag. Systems that don't allow duplicate real names wouldn't have this issue in the first place.
      
      Scripts that allow the creation of new user accounts might need some updating to match this security logic.
      55be2129
    • Rob Swindell's avatar
      Call can_user_post() rather than manual checks · 9ae0448c
      Rob Swindell authored
      Eliminate some redundant code. Use the userdat lib function provided for this purpose.
      9ae0448c
    • Rob Swindell's avatar
      Remove some commented-out code · cac09153
      Rob Swindell authored
      Posting restrictions are handled one QWK-message at a time (and have been for a long time). No actual change here.
      cac09153
    • Rob Swindell's avatar
      Fix "Username already taken." validation error (could not happen) · 21b8b2c2
      Rob Swindell authored
      The system.check_name() check *also* verifies that the username is not
      already taken, so we must perform the matchuser() check first in order
      to get the appropriate error message here when trying to use an alias
      (username) that's already taken.
      21b8b2c2
    • Rob Swindell's avatar
      Fix issue that prevent "-syslog" option from being used (on *nix) · c6fde03f
      Rob Swindell authored
      Fixed a couple sprintf() buffer overflow warnings/issues.
      c6fde03f
    • Rob Swindell's avatar
      6fde2a0e
  3. 20 Jan, 2022 4 commits
  4. 19 Jan, 2022 4 commits
  5. 18 Jan, 2022 5 commits
    • Rob Swindell's avatar
      Don't display "blank" extended description in listings · 6d6925b3
      Rob Swindell authored
      If an extended description contains nothing but Ctrl-A codes and white-space, don't display it in a file listing (in place of the normal short description).
      6d6925b3
    • Rob Swindell's avatar
      UTF-8 encode/decode support, from martylake · 8df9adb1
      Rob Swindell authored
      Based largley on martylake's provided patch set. By default, assumes
      all IRC messages are UTF-8 encoded and will translate to CP-437 if
      appropriate or send as UTF-8 if the user's terminal supports it.
      Set utf8_support=false in the [irc] section of your ctrl/modopts.ini
      file if you wish to disable this behavior.
      8df9adb1
    • Rob Swindell's avatar
      A bit of re-sync with actual keys · ce2503ae
      Rob Swindell authored
      Remove JavaScriptContextStack (no longer used).
      Add *Sound keys to the [Global] section.
      ce2503ae
    • Rob Swindell's avatar
      Fix problem saving HangupSound setting in sbbs.ini · 7effd1d9
      Rob Swindell authored
      Apparent copy/paste error in sbbs_set_sound_settings() - I was wondering why the HangupSound key wasn't saving to the sbbs.ini file from SBBSCTRL.
      7effd1d9
    • Rob Swindell's avatar
      Provide more help for the "Access to Sub-directories" feature · 3a1929b8
      Rob Swindell authored
      This is an experimental feature that's been in the code for quite a while without any supporting help/docs (there was the original commit message, I'm sure). I'm not sure how much value this feature is without providing automatic access to the *files* within the sub-directories, but there you have it.
      3a1929b8
  6. 17 Jan, 2022 1 commit
  7. 16 Jan, 2022 8 commits
    • Rob Swindell's avatar
      410974af
    • Rob Swindell's avatar
      Fix printf format issue in previous commit. · 27f8668c
      Rob Swindell authored
      27f8668c
    • Rob Swindell's avatar
      Add JS properties to assist with web-access to filebase · 9f772107
      Rob Swindell authored
      file_area.web_vpath_prefix
      file-metadata-object (return value of FileBase.get()).vpath
      9f772107
    • Rob Swindell's avatar
      Correct JSDOCS for get_path, get_size, and get_time methods · 3e5326e0
      Rob Swindell authored
      These methods also (optionally) accept a file-meta-object as an argument.
      3e5326e0
    • Rob Swindell's avatar
      Add support for web request path aliases (defined in web_alias.ini) · f2858ee6
      Rob Swindell authored
      Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
      /Synchronet/ = /files/main/sbbs/
      for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).
      f2858ee6
    • Rob Swindell's avatar
      Merge branch 'dd_area_choosers_name_collapsing' into 'master' · c5bfe1a0
      Rob Swindell authored
      Now supports message sub-board & file directory name collapsing
      
      See merge request !134
      c5bfe1a0
    • Rob Swindell's avatar
      Add direct filebase access from the web server (optional) · 1ab2956b
      Rob Swindell authored
      By setting SCFG->File Options->Web File Virtual Path Prefix to something (e.g. "/files/"), all HTTP or HTTPS requests to the Synchronet Web Server with request paths beginning with this prefix will be interpreted as filebase access requests (with full access control enforcement). This is configured here (in SCFG) rather than, say, the [web] section of sbbs.ini, because I have plans for the terminal server to use this prefix to generate Web-URLs for files to display or email to users.
      
      Currently, only requests to *files* (for download) are supported (no index generation, file information, etc. and definitely no upload support). Full access control (using HTTP auth, not cookies) is used for libraries and directories with controlled access. Credits are deducted and awarded and uploaders are notified of downloads, as one would expect. Requests to any dynamic-web-content files (e.g. .SSJS, .XJS, etc.) will be treated as static file download requests (no script will be executed).
      
      I'm reusing the same virtual path parsing logic from the FTP server (moved to the userdat lib), so the virtual path to a file for download would be, for example, http://yourdomain/files/lib/dir-code/filename.ext
      
      The main motivation for this feature is: FTP-links in email and web pages are just not useful to many users these days and I don't think that sysops should have to rely on a SSJS web UI (e.g. ecWebv4, cool as it is), to provide web-access to the filebases. Using this feature, you can share simpler/shorter web links to your files that will be more enduring.
      1ab2956b
    • Eric Oulashin's avatar
      Now supports message sub-board & file directory name collapsing, allowing simplified · fc5848eb
      Eric Oulashin authored
      file directory and message sub-board lists for ones with common groups, adding a 3rd
      tier of options.  For example, if you have the following file directory structure:
      BBS files
        DOS: BBS software
        DOS: BBS doors
        DOS: BBS utilities
        Windows: BBS software
        Windows: BBS doors
        Windows: BBS utilities
      
      With directory name collapsing, the selection will be come 3 tiers, as follows:
      BBS files
        DOS
          BBS software
          BBS doors
          BBS utilities
        Windows
          BBS software
          BBS doors
          BBS utilities
      fc5848eb
  8. 14 Jan, 2022 1 commit