1. 25 Jan, 2022 2 commits
  2. 23 Jan, 2022 12 commits
  3. 22 Jan, 2022 7 commits
    • Rob Swindell's avatar
      Add the 'O' (post using real name) restriction flag. · 927a1494
      Rob Swindell authored
      Oh, QWKnet nodes ('Q' restricted accounts) are impacted by this restriction
      since the poster's name isn't taken from the user account anyway.
    • Rob Swindell's avatar
      Handle duplicate names and aliases better · 55be2129
      Rob Swindell authored
      So some cute user (mine@demon.com) created a new user account on Vertrauen with the alias and real name of "Rob Swindell". Funny.
      Now, duplicate user aliases are already and always forbidden (even those that just vaguely match an existing alias) - everyone expects those to be unique. And we already forbid new user real names to match an existing user alias (check_name() enforces this and we use that when checking new user real names too), however, nothing prevented a new user account's alias from matching another existing user's real name. And this is a problem:
      1. This new/fake user could post a message or send an email/netmail and it would appear to possibly come from the other/original user (we do have options to send mail and post messages using real names)
      2. Received email for real names is supported and if enabled, this second account could be used to intercept mail for the original/first account if it was receiving mail for the original/real user's real name.
      So disallowing a new user's real name to match an existing alias fixes one problem. 
      However, systems *can* be configured to allow duplicate real names (which is convenient for QWKnet accounts, for example) and so we needed another solution for that problem: meet the 'O' restriction. This restriction flag will prevent a user account from posting messages no sub-boards that require real names. New user accounts that have a duplicate real name (the same as another user account's real name), will automatically be assigned the 'O' restriction flag. Systems that don't allow duplicate real names wouldn't have this issue in the first place.
      Scripts that allow the creation of new user accounts might need some updating to match this security logic.
    • Rob Swindell's avatar
      Call can_user_post() rather than manual checks · 9ae0448c
      Rob Swindell authored
      Eliminate some redundant code. Use the userdat lib function provided for this purpose.
    • Rob Swindell's avatar
      Remove some commented-out code · cac09153
      Rob Swindell authored
      Posting restrictions are handled one QWK-message at a time (and have been for a long time). No actual change here.
    • Rob Swindell's avatar
      Fix "Username already taken." validation error (could not happen) · 21b8b2c2
      Rob Swindell authored
      The system.check_name() check *also* verifies that the username is not
      already taken, so we must perform the matchuser() check first in order
      to get the appropriate error message here when trying to use an alias
      (username) that's already taken.
    • Rob Swindell's avatar
      Fix issue that prevent "-syslog" option from being used (on *nix) · c6fde03f
      Rob Swindell authored
      Fixed a couple sprintf() buffer overflow warnings/issues.
    • Rob Swindell's avatar
  4. 20 Jan, 2022 4 commits
  5. 19 Jan, 2022 4 commits
  6. 18 Jan, 2022 5 commits
    • Rob Swindell's avatar
      Don't display "blank" extended description in listings · 6d6925b3
      Rob Swindell authored
      If an extended description contains nothing but Ctrl-A codes and white-space, don't display it in a file listing (in place of the normal short description).
    • Rob Swindell's avatar
      UTF-8 encode/decode support, from martylake · 8df9adb1
      Rob Swindell authored
      Based largley on martylake's provided patch set. By default, assumes
      all IRC messages are UTF-8 encoded and will translate to CP-437 if
      appropriate or send as UTF-8 if the user's terminal supports it.
      Set utf8_support=false in the [irc] section of your ctrl/modopts.ini
      file if you wish to disable this behavior.
    • Rob Swindell's avatar
      A bit of re-sync with actual keys · ce2503ae
      Rob Swindell authored
      Remove JavaScriptContextStack (no longer used).
      Add *Sound keys to the [Global] section.
    • Rob Swindell's avatar
      Fix problem saving HangupSound setting in sbbs.ini · 7effd1d9
      Rob Swindell authored
      Apparent copy/paste error in sbbs_set_sound_settings() - I was wondering why the HangupSound key wasn't saving to the sbbs.ini file from SBBSCTRL.
    • Rob Swindell's avatar
      Provide more help for the "Access to Sub-directories" feature · 3a1929b8
      Rob Swindell authored
      This is an experimental feature that's been in the code for quite a while without any supporting help/docs (there was the original commit message, I'm sure). I'm not sure how much value this feature is without providing automatic access to the *files* within the sub-directories, but there you have it.
  7. 17 Jan, 2022 1 commit
  8. 16 Jan, 2022 5 commits