Found by Coverity.

bitmap_init_mode().

JS_ValueToUint32() for converting to integers where we may need the full 32
bits.

error (e.g. can't convert 2147745800 to an integer), so use
JS_ValueToECMAUint32() rather than JS_ValueToInt32() where we possibly need
a full 32-bit value.

certain Australian timezones.

with logins via SSH or RLogin (handled in answer.cpp). So revert login.js
back to rev 1.17 since the fast-logons are now detected in the login name
parsing in login.cpp's sbbs_t::parse_login() which is used in answer() and
login() - called via bbs.login().

So... if you're writing a login matrix or custom login module where you want
to use a *different* method of detecting/enabling fast logon support, you'll
just need to set the SS_FASTLOGON flag in the JS bbs.sys_status property:
    bbs.sys_status |= SS_FASTLOGON;

This also means that 2 modopts.ini options (fast_logon and
fast_logon_requirments) are now used in logon.js, not login.js, so the section
where you add them is now [logon], not [login]. Got it? Good. :-)

- SS_QWKLOGON
- SS_FASTLOGON

need that internal for SSH and RLogin support of fast-logons.
So, now, even if logging in via SSH or Rlogin, the sys_status SS_FASTLOGON
flag will be set when the user specifies "!username-or-number" during logon and
then the logon.js can use that to determine what to display (or not) to the
user, during logon.

The QWK logon support ("*username-or-number") is also handled in this new
sbbs_t method: parse_login().

This means the fast_logon_char is no longer configurable (hard-coded to '!')
and the modopts.ini options are going to be parsed by logon.js from the [logon]
section (not the [login] section).

You still must set fast_logon=true in the [logon] section of modopts.ini to
enable the fast-logon option for users.

Always parse/strip the fast_logon_char (default: '!') from the login name
/number. This way if users get used to logging in in this fashion, it won't
stimy them if the sysop disables the feature.

Added fast_logon_requirements option (default: blank) which is an optional
ARS to limit fast logon support to specific user-groups.

by setting fast_logon=true in the [login] section of the ctrl/modopts.ini file.
A user can choose a fast logon by prefixing their user name or number with
'!' (configurable via 'fast_logon_char'). This option tells logon.js to
skip the logon menus and logon events.
The logon.js just looks for bbs.fast_logon==true, so if you have your own
method of detecting a fast logon (e.g. a logon matrix menu or a prompt of the
user), then you could just set bbs.fast_logon=true and continue to use the
stock logon.js.

Other ideas (not implemented):
- a minimum security level (or ARS) required to allow fast logons
- a notice to the user that fast logons are available (enabled)
- option to skip logon menus but not logon events, or vice-versa

  MAILW#<num>, MAILP#<num>, SPAMW#<num>

These codes, unlike the colon-variants, can be combined with format modifiers
(e.g. -L, etc.).

inline asm stuff (cl-noasm-defines.patch).

This (of course) revealed an issue with 64-bit systems not building properly
so cl-bn-noasm64-fix.patch fixes this again.

There should no longer be any inline (or out of line) asm, so any more
illegal instruction errors are likely to be the fault of the compiler or
the compiler flags.

size that's being protected in this case, it doesn't *really* matter, but
it's a technical flaw.

Setting user.security.flags[1-4], exemptions, or restrictions to a string value
would result in unexpected modified values:

1. The exiting flags were all based on the current value of flags1 (copy/paste
    error it appears)
2. The set/removed/added flags were all "off-by-one" because str_to_bits()
    treats 'A' as bit-1, not bit-0.

emailval.js is now using this feature and PSI-Jack reported the "interesting"
behavior. :-)

If this value is false (the default), then a validated user's account will
be set to *not* expire.
If this value is true, then a validated user's account expiration status
won't be changed unless the expiration_days_after_validation option is also
set, in which case the expiration date will be reset based on that setting.

Document the new modopts.ini [logon] email_validation option to enable use of
this module.

was based on _finddata_t.attrib value while the value *written* was based on
struct stat.st_mode, and totally incompatible.
Just use the stat/chmod compatible value for both read and write (for all
OSes). If you need the old Windows-centric attribute values (e.g. to determine
"hidden" or "archive" attributes), use file_attrib() instead.

(totally differnet bit values).
So create getfmode() which is a thin wrapper for stat() and can be used to read
a chmod()-comopatible value on all supported OSes.

to do so. Just set email_validation = true in the [logon] section of your
ctrl/modopts.ini file instead.

This function behaves the same as file_attrib() on *nix, but on Windows,
file_mode() returns a *nix/stat style st_mode value (compatible with
file_chmod) while file_attrib() returns the struct _finddata_t 'attrib' value,
which is a quite different value (e.g. indicates Windows/DOS centric file
attributes like "archive", "hidden", etc.) and is *incompatible* with
file_chmod(). So if you're going to modify a file's permissions (mode), use
file_mode() to read them and file_chmod() to save them.

file_attrib() should really only be used on Windows and only for checking for
attributes like "hidden", "archive", etc. (which don't exist on *nix).

"dirs" sub-dir to a sysop-defined directory-specific data directory.

Use require() rather than load() for sbbsdefs.js.

    level_before_validation (default: 50)
    level_after_validation (default: 60)
    flags1_after_validation (default: no change)
    flags2_after_validation (default: no change)
    flags3_after_validation (default: no change)
    flags4_after_validation (default: no change)
    exemptions_after_validation (default: no change)
    restrictions_after_validation (default: no change)
    expiration_days_after_validation (default: no change)

This fixes screen corruption with CTRL-E in 40-column modes.

change the font to CP437.

This prevents weirdness since when changing *to* those modes, the font and
status line setting are silently updated.

write_file_cfg(). I'm pretty sure this fixes the bug introduced in r1.75
(Mar-7-2018) where it would use the directory's custom "data dir" as the
parent of the sub-directory even if it was blank.

So if you're like Mark Lewis and you're getting a bunch of sub-directories
created in your "ctrl" directory when you save changes in SCFG, this is likely
the cause. Only happened if you had both the library's "Parent Directory"
and the "File Transfer Path" of the directory, blank.

Really only useful on *nix since Windows only allows the setting/clearing of
a single mode flag: user-writeable, 0x80, 0200.

directory's file transfer path, the array index usage here could cause a
crash or just garbage to be displayed.

Path" or "Directory File Path".

Remove it.