e.g. User.downlaoded_file() will now publish to the appropriate MQTT topic and changes to system.node_list[] will get published to MQTT.

Replaced _property_ver_list (array of numbers) with _property_ver_list (array
of objects) with a "ver" and (optional) "desc" property. This solves the
enumeration order problem with objects that have both manual and table-based
properties. Object's property tables (arrays of jsSyncPropertySpec) can now
(optionally) contain the property descriptions. For properties defined in this
manner, there will never be another mismatch between ther name/type and
description/version in the jsobjs.html (a problem has re-occurred several
times through the years with nebulous work-arounds).

We still use _property_desc_list arrays for additional (e.g. manually defined)
properties in such objects or just objects that only use one method of
property definition and are not subject to the enumeration order problem.

Fixed numerous typos.

Using more consistent terminology and HTML mark-up.

Some beautification and enhancement of readability, but nothing too major.

Uses the new ctrl/text.??.ini files (just a few words translated so far).
Adds the new "lang" user property (to user.tab and JS User class).
The language code is the 2-3 char (e.g. ISO 639-1) abbreviation of a language.
A "blank" language property value (the default), just means to use the
ctrl/text.dat contents.
User-selected alternate language file is loaded upon logon and in the
built-in/hard-coded user default settings menu.
More on the user default settings menu:
- AutoLogin via IP option ('I') to make room for new (I) Language option.
- The cold-keys menu option was removed to make room for Language option
  (via text.dat change to UserDefaultsHotKey)
- Any options disabled via blank text.dat strings will no longer result in
  supported command keys (that could accidentally be struck with hidden
  consequences/effect)
- The user_settings.js will need similar treatment

text/menu/<lang>/* is where alternate language menu files should be stored

New UserDefaultsLanguage text.dat string (inserted before new PasswordChar
string).

The request from Nightfox and Accession via DOVE-Net was to be able to set
a user's external editor even if there's no user logged-in.

These 2 user class properties in the JS object model were a bit special in
that they *only* wrote to the user database and did not immediately modify
the in-memory copy of the user_t structure, depending on the re-reading of
the user.dat/tab file to re-populate the current user_t structure when needed.
This didn't work if the current user is user #0 (no user).

So, set the current user_t.xedit and user_t.shell accordingly whenever those
JS properties are assigned a value (a string, the appropriate internal code).

No obvious bug fixes here, just future proofing.

So Clang-FreeBSD was warning (in compiles of scfg/scfg*.c by Deuce):
result of comparison of constant 100000 with expression of type 'uint16_t'
(aka 'unsigned short') is always true

Why? Cause a uint16_t's max value is 65535 (less than 100000). Sure we could
have just lowered the UIFC max number of config items to 65535, but that would
have been too easy. And why are these compared-with values of type uint16_t to
begin with? Because most ctrl/*.cnf lists (of configuration items) were
limited to 65535 entries cause ... 16-bit DOS, historically. Now that *.cnf
files aren't used, we could just increase these scfg_t.*_total type sizes from
16 to 32-bits, yeah? The result is this commit.

I went to (signed) int so we could still keep -1 as the special illegal
sub/dir num value (e.g. INVALID_SUB, which is sometimes used to indicate the
email message base). Theoretically, 2 billion configuration items could be
supported in these lists, but SCFG will limit you to 100000 anyway. So there's
a whole lot of s/uint/int in this commit.

I'd be very surprised if this doesn't result in some new GCC/Clang warnings,
but at least the old "comparison of constant 100000" warnings are now gone!

Mostly just bitfield->bit-flags.

No functional change, just a little clean-up.

Mainly capitalization, but some typos and added details. 

Right now, the only preference is reverse mail listings (oldest first
or newest first). These settings are only used when reading "your mail",
not any other kind of mail reading.

bbs.read_mail() now returns the user-adjusted loadmail_mode value and
this allows us to determine the user's preferences and save them after
this function/method is called. A readmail_mod can now return a number
(other than 0) and that will be used as the return value of this method.

sbbs_t::readmail() now does the adjustment of the passed lm_mode before
calling any installed readmail_mod, so if for example, deleted message
viewing is enabled by the sysop, those LM_* flags might be set now in
the argument to the readmail_mod, wherase they never would before.

There is not yet any way for the sysop to set a new user's default
mail_settings, they'll just default to 0 for now.

email_sec.js will get some adjustments to use/store the
user.mail_settings next.

Will track the user's last succsesful file-download transfer rate
in characters (bytes) per second.

I'm not calculating or storing this rate yet, but will be soon. This
will make the file download ETAs more realistic and no longer
hard-coded to 3000 cps (which now defaults to 10000 cps, to keep up
with the times).

New field added to user.tab placed adjacent to the other File xfer stats,
which means the leech attempt counter (likely always 0) was moved to the end
of the user record.

Also resolved some 32 vs 64-bit 'long' issues/ambiguities that have long-remained. :-)

This commit also removes logon.lst file support.

There's a TODO block remaining in js_user.c for setting portions of a user's birthdate (e.g. just the year or month or day).

This can be used to force a close of the user.dat file, if open. Rather than
waiting for an out of scope User to get garbage-collected, this method could
be used to force a close of the user.dat file, if it's open.

Likely fix for the user.dat open file descriptor leak:
If js_CreateUserObject(cx,parent,cfg,"name",...) is called multiple times
(e.g. before login and after login), the successive calls will reuse the
previously allocated JS object and allocated private data memory. However, the
private data memory (which includes the descriptor of an open user.dat file,
if it has been opened), was always zeroed, even if it was being reused. This
would leak open file descriptor.

So any (pre)login scripts or web scripts that use the "user" object (which
is all zeroed-out before login) and then allows a user to subsequently login,
would leak a file descriptor.

When the 'number' property of an instance of User was incremented beyond the last user, the call to fgetuserdat() on subsequent property 'get' operation would fail and zero-out the user structure (including the user number). This resulted in an infinite loop in load/birthdays.js where the user number would go from lastuser to 1 in one operation (u.number++).

Reported by DesotoFireflite (VALHALLA)

Credits and daily free credits are accurate to the byte up to (a maximum) of 18446744073709551615 (that's 18 Exbibytes - 1).

User's upload and download byte stats are now similarly extended in maximum range, but the accuracy is only "to the byte" for values less than 10,000,000,000. Beyond that value, the accuracy declines, but is generally pretty damn accurate (to 4 decimal places beyond the nearest multiple of a power of 1024), so I don't expect that to be an issue. This method of storing upload/download byte stats allowed me to use the same 10-character user record fields in the user.dat file.

As a side-effect of this enhancements:
* User and file credit values are now expressed in multiples of powers of 1024 (e.g. 4.0G rather than 4,294,967,296).
* Free credits per day per security level has now been extended from 32 to 64-bits (to accommodate values >= 4GB).
* adjustuserrec() now longer takes the record length since we can easily determine that automatically and don't need more "sources of truth" that can be out-of-sync (e.g. the U_CDT field length going from 10 to 20 chars with this change).
* setting the stage for locale-dependent thousands-separators (e.g. space instead of comma) - currently still hard-coded to comma
* more/better support for files > 4GB in size (e.g. in the batch download queue)
* user_t ulong fields changed to either uint32_t or uint64_t - I didn't realize how many long/ulong's remained in the code (which are sometmies 32-bit, sometimes 64-bit) - ugh
* Steve's ultoac() function renamed to u32toac() and created a C++ wrapper that still uses the old name, for homage

Users with the 'O' restriction (automatically set if a new user has the same "real name" as another account, and that's allowed by the sysop) will send netmail from their alias and not their real name to prevent impersonation of another user.

It bothered Deuce having a web server setting in scfg_t/SCFG->File Options, so I moved this setting to [web_]startup_t and the sbbs.ini file.

The downside is that file_area.web_file_prefix is no longer available to JS environments outside of the web server and terminal server, but meh, probably not going to use it elsewhere anyway? I can imagine use cases for JSexec scripts to want to generate URLs to filebase files. If that ends up being a need, they'll have to find and parse the "right" sbbs.ini file to determine the vpath prefix. 

This macro has expanded to nothing for a while now and even before, the usage was misguided and unnecessary as explained in this video: https://www.youtube.com/watch?v=cjotPqQxxAY

This won't impact Synchronet as it has a separate signal handling
thread, but we still need to behave properly for processes that
don't.  I'm also saying that ENOMEM does not indicate a disconnection,
though it may be better to pretend it was disconnected...

New JS User.stats properties:
- read_mail_waiting
- unread_mail_waiting
- spam_waiting

New @-codes:
- MAILR (read mail waiting)
- MAILU (unread mail waiting)

And the corresponding MAILR# and MAILU# codes (for non-current user's stats).

Addresses feature request #191.

The default terminal columns (still 0/auto) can be overridden with the 'L' command from the user defaults menu. 

Also increased maximum manual terminal rows setting from 99 to 999 - this involved moving the record in user.dat, though the old record value is auto-migrated.

These allow the easy reading or writing of these sub-field values of the
user.birthdate property. When migrating from the legacy formats (e.g. MM/DD/YY
or DD/MM/YY), it's required to write all 3 properties to get a correct
birthdate/age. Otherwise, "13/31/69" could become "19691/69" (for example)
which isn't going to parse correctly.

property with bit 31 set would result in a user.setting value of 0xffffffff which means the user is both deleted and inactive (all bits are set).
JS_ValueToInt32() does "bad things" when bit-31 is set in the value being converted, use JS_ValueToECMAInt32 or JS_ValueToECMAUint32 instead.

SCFG for Win32 is linked against a load_cfg lib that builds withOUT SCFG defined, so these compiled AR elements were allocated and then many SCFG operations (e.g. copy/paste, create new) would copy the allocated ARs to another configuration and then be subjected to double-free upon exit/clean-up (resulting in exception or crash).
Just get rid of this cruft and some other related RAM-byte-saving hold-overs from the MS-DOS days.

after a file has been successfully (partially or fully) downloaded by a user:
- arguments are [dir-code] [file path or name] [bytes] [count]
Technically, all the argumnets are optional, but if only a bytes or file count
is provided, the old behavior of the method is invoked (just increments
statistics).

This is intended for use by ecWeb's http-based file downloader thing. :-)

'=': conversion from 'time_t' to 'unsigned long', possible loss of data

bbs.get_time_left() instead.

INT32_MAX.

Setting user.security.flags[1-4], exemptions, or restrictions to a string value
would result in unexpected modified values:

1. The exiting flags were all based on the current value of flags1 (copy/paste
    error it appears)
2. The set/removed/added flags were all "off-by-one" because str_to_bits()
    treats 'A' as bit-1, not bit-0.

emailval.js is now using this feature and PSI-Jack reported the "interesting"
behavior. :-)

declaration

Use this in place of JS_GetPrivate() in native class methods that need the
class instance's private data pointer and will do bad things if that pointer
points to something other than what is expected. mcmlxxix (matt) discovered
that using Object.apply(), you can invoke class methods where the 'this'
instance is a different class. This would result in
"Internal Error: No Private Data." or a crash.
So now, gracefully detect this condition and report a meaningful error:
"'<class-name>' instance: No Private Data or Class Mismatch"

Also, important to note: if the method uses JS_THIS_OBJECT to get the JSObject*
to pass to JS_Get*Private, then it must do this *before* it calls JS_SET_RVAL.

From jsapi.h:
 * NB: there is an anti-dependency between JS_CALLEE and JS_SET_RVAL: native
 * methods that may inspect their callee must defer setting their return value
 * until after any such possible inspection. Otherwise the return value will be
 * inspected instead of the callee function object.

The js_crypt*.c files still need this treatment.