- Using NOTCICE (not INFO) log level.
- Move the protocol name after Node X and remove the colon.

new user signup process with that name (just fall-through to a normal login
prompt).

Over-hauled the ANSI detection a bit too.

code included. As far as I know, no one is using one.

The JS-modeled user object's ip_address and host_name property values did not
reflect the current connection during logon events (JS modules executed during
logon, e.g. logon.js). Moved the initialization of the current user
(sbbs_t::useron) ipaddr and comp field to sbbs_t::logon() rather than when
control returns to sbbs_t::answer(). Removed the (now) redundant saves of these
user fields from answer().

logging in a user. Apparently it's possible to disconnect during an SSH login
and have this function return with useron.number set to a valid user number
even though there was no successful login, leading to undesireable things
happening in logout().

This means moving ssl.o into libsbbs.so and out of libwebsrvr.so.
I'll fix Windows in a minute (?).

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

by msvc debug build and reported via assertion.

signup process would be started without the current client IP address being
added to the 'failed login attempt' list. This means that brute force login
attempts using SSH or RLogin would usually not be subject to the loginAttempt
delays and logging/filtering settings (in sbbs.ini), since the usernames
attempted (e.g. root, admin) are usually not valid usernames.

More:
- Log failed password attempts before calling badlogin() -which can delay.
- Stop RLogin and SSH password prompt loop immediately if disconnected.
- Log RLogin and SSH passwords used for invalid usernames (when password
  logging is enabled in SCFG).
- Log attempted usernames in quotes (so prepenned or trailing whitespace is more
  obvious)

answer() set online to ON_REMOTE. This should resolve the issue with SSH brute
force password attackers hanging nodes in "new user applying for access".
The actual fix was to remove the set of the online variable to ON_REMOTE
in answer() (it's initialized to this value in the sbbs_t constructor), the
check in getkey() is just for extra paranoia and should not be necessary.

not match database and beginning new user sing-up.

the login process a bit (e.g. using Unix 'telnet -a <host>').
Treat login name provided via RLogin, SSH, or Telnet equally (e.g. use in new
user signup by default).
Disable the hard-coded bypassing of netmail address prompts for RLogin
users (there are other ways to accomplish this, e.g. using JS if desired).

- this option has been a default option flag for 10 years
- this option was introduced *before* the RLogin password capability
- Synchronet now always expects the login-ID (alias) to be the 2nd string
received during RLogin connections (called 'server-user-name' in RFC 1282.
* Now storing the complete terminal type/speed string received during RLogin
connection in the bbs.rlogin_terminal property (sbbs_t.rlogin_term in C++).
* bbs.rlogin_gate() is over-hauled:
- arguments are: address, client-user-name, server-user-name, terminal, mode
- if existing JS module assumes this to be: address, server-user-name, password
  those scripts will need to be updated to reflect the correct argument order
- all arguments beyond the first are now optional
- the terminal string can now be passed-in
* Deprecated the telnet gateway option: TG_SENDPASS (the 'password' if desired
to be sent as the 'client-user-name' can be specified as an argument and this
option sent the password as the *second* RLogin string ('server-user-name'),
which was always wrong.
* sbbs_t::telnet() can now accept the terminal string as an optional argument.

ssh session.

Improved Telnet option processing and event execution log output.

string formatting/copy functions and macros.
text/answer.* filenames are now case insensitive on *nix
(now consistent with all other menu files).

answer.cpp:271:15: warning: "/*" within comment
and restore "normal" attributes during ANSI detection (unintentionally
removed by Deuce in rev 1.69). Oh, and -Wall is good. :-)

Updated copyright dates.

make system.matchuserdata return an array of all matches if match_all==true, starting at usernumber if specified. (userdatdupe now takes an additional paremeter)

new ZuulTerm protocol and add an autodetection.

accurate column auto-detection. Wheee!

\e255;255H.
Had the row/col sane-range checking reversed.

response) - using c_escape_str() to convert the response to a log/print
format.

place to do it, but may need some special handling for HTMLterm mode.
Parse columns from ANSI cursor position reports.
Request Telnet "Negotiate Window Size" option during answer since this is more
reliable than ANSI cursor position reporting (especially with terminals that
wrap cursor positioning requests).
Improve validation of ANSI cursor position reports.

Constified the arguments.
Created exascii_to_ascii_char().
Created ctrl_a_to_ascii_char().
strip_ctrl() and prep_file_desc() now takes 2 args.
strip_ctrl(), strip_exascii() and prep_file_desc() now strdup() the input
string and if the dest arg is NULL, returns the allocated and modified copy.
sbbs_t::bputs() now handles ^AZ.
Change Ctrl-A code message network exporting:
1. ^AL, ^A<, ^A[, and ^A] are always translated to ASCII equivalents.
2. ^AZ will terminate the message body prematurely if found.
3. Ex-ASCII (CP437) chars will be translated to ASCII equivalents (rather than
'*') for "ASCII Only" subs.
For import, don't allow Ctrl-AP or Ctrl-AL.
For SBBSecho:
Added support for specifying a link's address on the command-line (e.g. for
use with -h).
Mail server now strips Ctrl-A codes from message bodies for sending via POP3
or SMTP.

comment regarding better validation of ANSI cursor position report response.

hangup/disconnect during the logon process.