There was a bug with reloading the configuration files in sbbsctrl where the sound button no longer reflected the truth and the sysop's previous click-state of the button was lost. Rather than going through writing the OPT_MUTE flag to the Options fields of all the sections of the sbbs.ini and then re-loading that file as a result, just do like we did with the sysop chat availability: use a semfile. So much simpler.

If anyone ever needs instance-specific muting, we can create/check instance/host-specific mute semfiles then. Doubt that'll happen though.

Also, removed the old sysavail control methods of ntsvcs too.

Increment the version in the project file to v3.19a.

This would cause all relative file paths to fail after exporting
settings to .ini file in another directory. Long time bug.

A "hack attempt" sound file is now supported in the Terminal Server, Mail Server,  and Services.

"login" and "logoff" sound files are now supported in the Terminal Server, FTP Server, Web Server, Mail Server, and Services.
This enhancement fixes Issue #157

The following sound files may now be configured in the [Global] section of the ctrl/sbbs.ini file, if desired to set the default sound files for all servers/services in on place:
- AnswerSound
- LoginSound
- LogoutSound
- HangupSound
- HackAttemptSound

This won't impact Synchronet as it has a separate signal handling
thread, but we still need to behave properly for processes that
don't.  I'm also saying that ENOMEM does not indicate a disconnection,
though it may be better to pretend it was disconnected...

The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.

However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).

So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.

This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).

The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.

However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).

So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.

This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).

Don't return an error if the node#/node.cnf file can't be opened for all uses of load_cfg() except from the terminal server. This fixes #214 for Tracker1

The default character set for outbound mail is now auto-determined (when not explicitly specified for a message) between UTF-8, ASCII, and CP437. The [mail] DefaultCharset setting (which fell-back to iso-8859-1 if blank) is no longer "a thing".

Also: specify 8-bit content-transfer-encoding for the (potentially UTF-8 or CP-437) plain text portion of a MIME-encoded message with file attachment (7-bit was wrong) and pass down the text sub-type (e.g. could be "html") for inclusion in the mime-part header (don't assume text/plain, but still use that as default).

Also: log an error when failing to delete an attached file (e.g. from data/file/*.out).

Also, disable the QWK packet creation timeout edit when QWK packet
download support is disabled.

The days of browsers rendering HTML served-up via FTP are over, so remove this feature. This also removes all JavaScript support from the FTP server and that is a bit odd as it was one of the first Synchronet components for which I added JS support.

Removing this feature was pretty painless; much easier than adding it was. The main motivation was less cruft to port to the file base in the works. There should be no more references to 00index.html anywhere at this point. Bye bye cool feature, we'll miss you.

The argument to JS_NewContext that we were allowing to be configured was not the contest stack size, but rather:
"The size, in bytes, of each "stack chunk". This is a memory management tuning parameter which most users should not adjust. 8192 is a good default value." - per Mozilla.

So we're just going to use the suggested default, hard-coded.

Removed the yield line interval (this is a questionable setting anyway).

Also, made the unlimited max-connections display as "N/A" (instead of
"0") in the Terminal Server config dialog.

This fixes the stat() issue on Windows XP/2K3 by allowing sbbs to benefit
from the run-time library updates that Microsoft releases periodically
(like https://www.microsoft.com/en-us/download/details.aspx?id=53840).

For more info on the stat() issue which caused all kinds of sbbs errors
(e.g. creating directories initially, but a lot more):
https://stackoverflow.com/questions/32452777/visual-c-2015-express-stat-not-working-on-windows-xp

Since we are using cryptlib which requires the MSVC runtime DLL anyway
(it is the default build behavior of MSVC), we weren't really gaining
anything from statically linking the CRTL (LIBCMT.LIB). And for some reason,
an up-to-date MSVC2019 still has (links-in) a LIBCMT.LIB file that includes
this stat bug. All the online help resources I found just to seem to suggest
updating the CRTL DLLs (on the target system), with no mention of any fixes
available for the static CRTLs on the build system. But with the no gain
from static linking anyway, I figured it was time to switch to DLL CRTLs.

The debug builds are still statically linking the CRTL for no particular
reason.

Extended node status can (and often does) contain Ctrl-A sequences.
Strip those characters/sequences before putting into the NodeForm->ListView
lines here.

Read and write the Log fonts when importing/exporting sbbsctrl.ini.
Use sbbsctrl*.ini as the default Import Settings file mask.

I noticed on one particular system that Canceling or Completing
the configuration wizard on a fresh install, sbbsctrl.exe would
just shut down (no error dialog or anything, likely a crash of
some kind). Instrumenting StartupTimerTick() didn't reveal anything
useful (it ran to completion).

By changing the method of launching the Configuration Wizard,
I was able to eliminate this observed problem. Now, the StartupTimer
runs twice on a fresh install (just once for a normal startup),
and the second run of the StartupTimerTick starts the configuration
wizard.

I also reverted to the previous behavior of dynamically creating
and destroying the wizard for each use. There's just too much state
information to restore if the config wizard is run a second time.

Also, removed a bunch of old Registry settings readings (v3.10/11
upgrade support) and commented out code.

Eventually, would love to get this entire project divorced from sbbs.h, but
that's a rabbit hole I don't want to go down right now.

Fix naming of the "Run Other JavaScript module" menu item.

to resolve the infinite loop when emulvt.pas received terminal sequences it
doesn't like (e.g. SyncTERM font-transfers).

in v3.4.5.

Copyright year 2020.

Allows sysop to select the .js file from the exec directory, but does not yet
allow them to specify/add any command-line options.