1. 24 Feb, 2022 2 commits
    • Rob Swindell's avatar
      Handle filelength() possibly returning negative value · b1bb5630
      Rob Swindell authored
      CID 349724
    • Rob Swindell's avatar
      Introduced FreeDownloadUserMsg text.dat string · ecbf2a73
      Rob Swindell authored
      Tired of being reminded that you were "awarded 0 credits"  for free downloads? I know I am, so I created another text.dat string (reusing Unused300), for notification of free-download files where no credits are awarded to the uploader. Also updated the default colors of the existing DownloadUserMsg string to have a little more variety.
      Not sure why ftpsrvr.c isn't using user_downloaded_file(). That copy/pasta should be eliminated later.
  2. 23 Feb, 2022 1 commit
    • Rob Swindell's avatar
      Save instant message history (notifications and telegrams) · 0c9513fd
      Rob Swindell authored
      This should address issue (feature request) #196.
      The last 20 sets of displayed messages are stored as data/msgs/<user-num>.last.#.msg. This number is currently hard-coded, but could be configurable in the future. I say "sets" because messages are batched-up and displayed together normally, unless a user is actively polling for new users (e.g. while at the Ctrl-P/PrivateMsg prompt).
      This involved getting rid of some copy/pasta in sbbs_t:getsmsg() as well by creating/using/reusing readsmsg().
  3. 28 Jan, 2022 1 commit
  4. 22 Jan, 2022 1 commit
    • Rob Swindell's avatar
      Handle duplicate names and aliases better · 55be2129
      Rob Swindell authored
      So some cute user (mine@demon.com) created a new user account on Vertrauen with the alias and real name of "Rob Swindell". Funny.
      Now, duplicate user aliases are already and always forbidden (even those that just vaguely match an existing alias) - everyone expects those to be unique. And we already forbid new user real names to match an existing user alias (check_name() enforces this and we use that when checking new user real names too), however, nothing prevented a new user account's alias from matching another existing user's real name. And this is a problem:
      1. This new/fake user could post a message or send an email/netmail and it would appear to possibly come from the other/original user (we do have options to send mail and post messages using real names)
      2. Received email for real names is supported and if enabled, this second account could be used to intercept mail for the original/first account if it was receiving mail for the original/real user's real name.
      So disallowing a new user's real name to match an existing alias fixes one problem. 
      However, systems *can* be configured to allow duplicate real names (which is convenient for QWKnet accounts, for example) and so we needed another solution for that problem: meet the 'O' restriction. This restriction flag will prevent a user account from posting messages no sub-boards that require real names. New user accounts that have a duplicate real name (the same as another user account's real name), will automatically be assigned the 'O' restriction flag. Systems that don't allow duplicate real names wouldn't have this issue in the first place.
      Scripts that allow the creation of new user accounts might need some updating to match this security logic.
  5. 16 Jan, 2022 1 commit
    • Rob Swindell's avatar
      Add direct filebase access from the web server (optional) · 1ab2956b
      Rob Swindell authored
      By setting SCFG->File Options->Web File Virtual Path Prefix to something (e.g. "/files/"), all HTTP or HTTPS requests to the Synchronet Web Server with request paths beginning with this prefix will be interpreted as filebase access requests (with full access control enforcement). This is configured here (in SCFG) rather than, say, the [web] section of sbbs.ini, because I have plans for the terminal server to use this prefix to generate Web-URLs for files to display or email to users.
      Currently, only requests to *files* (for download) are supported (no index generation, file information, etc. and definitely no upload support). Full access control (using HTTP auth, not cookies) is used for libraries and directories with controlled access. Credits are deducted and awarded and uploaders are notified of downloads, as one would expect. Requests to any dynamic-web-content files (e.g. .SSJS, .XJS, etc.) will be treated as static file download requests (no script will be executed).
      I'm reusing the same virtual path parsing logic from the FTP server (moved to the userdat lib), so the virtual path to a file for download would be, for example, http://yourdomain/files/lib/dir-code/filename.ext
      The main motivation for this feature is: FTP-links in email and web pages are just not useful to many users these days and I don't think that sysops should have to rely on a SSJS web UI (e.g. ecWebv4, cool as it is), to provide web-access to the filebases. Using this feature, you can share simpler/shorter web links to your files that will be more enduring.
  6. 21 Sep, 2021 1 commit
  7. 26 Apr, 2021 1 commit
  8. 19 Apr, 2021 2 commits
    • Rob Swindell's avatar
      Let's make that semfile just sound.mute · 9c159494
      Rob Swindell authored
    • Rob Swindell's avatar
      Control sound-mute via semfile (ctrl/sound.muted) rather than sbbs.ini · a88cce19
      Rob Swindell authored
      There was a bug with reloading the configuration files in sbbsctrl where the sound button no longer reflected the truth and the sysop's previous click-state of the button was lost. Rather than going through writing the OPT_MUTE flag to the Options fields of all the sections of the sbbs.ini and then re-loading that file as a result, just do like we did with the sysop chat availability: use a semfile. So much simpler.
      If anyone ever needs instance-specific muting, we can create/check instance/host-specific mute semfiles then. Doubt that'll happen though.
      Also, removed the old sysavail control methods of ntsvcs too.
  9. 17 Apr, 2021 1 commit
    • Rob Swindell's avatar
      Restore the user-to-user file transfer feature · bc883458
      Rob Swindell authored
      I forget who it was that said they were still using this feature in v3.18, but here you go, it's working again (the /D and /U commands). I'm not migrating any file sender/recipient info from v3.18, so only files added after upgrading to this will be downloadable from the "user" directory (if you have one).
      Something that I never implemented before but noticed is missing is the removal (or dereferencing) of user-to-user files that were sent from/to a user that is then deleted. So that's still a TODO item.
  10. 15 Apr, 2021 1 commit
  11. 14 Apr, 2021 1 commit
    • Rob Swindell's avatar
      Refactor putuserrec() · 7db3b623
      Rob Swindell authored
      This started with a Coverity issue (CID 33230) which got me looking at this function and wondering: why is str2 being NUL-terminated here? Why is the length of str2 to be calculated on successive lines? What is with this (long)((long)((long)((long)) typecast?
      This was some of the oldest code in Synchronet (along with a lot of the other functions in this file). I tried to keep as much intact as possible while still improving the logic and readability.
  12. 04 Apr, 2021 1 commit
    • Rob Swindell's avatar
      A poll() failure with EINTR does not mean a socket is closed. · fcf58640
      Rob Swindell authored
      This won't impact Synchronet as it has a separate signal handling
      thread, but we still need to behave properly for processes that
      don't.  I'm also saying that ENOMEM does not indicate a disconnection,
      though it may be better to pretend it was disconnected...
  13. 22 Feb, 2021 1 commit
  14. 18 Feb, 2021 1 commit
  15. 15 Feb, 2021 4 commits
  16. 02 Jan, 2021 1 commit
  17. 17 Dec, 2020 1 commit
    • Michael Long's avatar
      Improvements to linux dosemu support · 0bf85543
      Michael Long authored
      The hardcoded external.bat file has been moved to a templated
      /exec/external.bat which can be modified by the sysop. ENV
      vars are in there to be able to customize as needed. emusetup.bat
      is no longer needed, but still supported. The actual dosemu command line
      is now stored in /exec/dosemulaunch.ini and can be customized for
      fossil or i/o command lines. the keystroke is now only sent for i/o, and
      only sent as \n instead of \r which would trigger undesired behavior in
      certain programs. The above 2 files can also be placed in door dirs
      to override. ansi.com has been removed as it was not needed. default
      external.bat includes cmd lines for share, x00, etc. (user will still
      need to provide these in xtrn/dosutils).
  18. 13 Dec, 2020 3 commits
  19. 02 Dec, 2020 1 commit
    • Rob Swindell's avatar
      C version of chk_ar() now supports the DOS keyword... · 3eaf57fe
      Rob Swindell authored
      The "DOS" ARS keyword was always evaluating to false, on all platforms, for the C version of chk_ar(), which is used for populating JS *_area objects and for the User.compare_ars() implementation.
      Unfortunately, the startup (sbbs.ini) "NO_DOS" option is not recognized here (yet), so it'll report true (e.g. for Win64 or Linux systems with DOSemu) even if/when the NO_DOS option is set.
  20. 24 Nov, 2020 1 commit
  21. 23 Nov, 2020 2 commits
    • Rob Swindell's avatar
      The great C function dependency refactor of 2020 · c6808b3f
      Rob Swindell authored
      The goal of this commit is that: only modules that either are part-of sbbs.dll/libsbbs.so or need to link with/use that library, will #include "sbbs.h" and thus be dependent on its subsequent includes (e.g. cryptlib.h, jsapi.h). This should mean extdeps.mk can be trimmed way down.
      I also removed CVS keyword/comments and trimmed up the boilerplate copyright notice in modified and added source/header files in this commit.
      There is no functional change in behavior in this comment.
    • Rob Swindell's avatar
      My first opportunity to use IS_ALPHANUMERIC ()instead of isalnum() · 5168429f
      Rob Swindell authored
      and I blew it. Here's to learning new tricks.
  22. 21 Nov, 2020 1 commit
    • Rob Swindell's avatar
      Use a more-liberal username matching algorithm · 00c56b2a
      Rob Swindell authored
      - Ignore all non-trailing non-alphanumeric characters when comparing a string against a user's name. Previously, spaces and dots and underscores were mostly-treated as equivalent and white-space was sometimes compressed for comparison purposes (if the user name contained both spaces and dots). This updated algo helps to insure that deliberate or accidental name collisions cannot be created but also aids usability (e.g. users can make some minor cosmetic adjustments to their user name and still be considered the "same user" for most comparison purposes).
      - Terminate the comparison string at an '@' (ignore everything after). This resolves the FAQ of why users can't login with "username@domain" and aides some other username/address matching algorithms (e.g. in the mailserver). '@'s are illegal characters for usernames already.
      Expose the new algorithm via new function matchusername().
      Use the algorithm in matchuser() and lookup_user().
      Unrelated: don't lower-case the 'localuser' part of email addresses in  usermailaddr() - cosmetic only.
  23. 06 Nov, 2020 1 commit
    • Rob Swindell's avatar
      Replace ctype.h function calls with new MSVC-safe XPDEV macros · 8a7b7308
      Rob Swindell authored
      I'm fed-up with MSVC assertions in ctype functions (e.g. isdigit, isprint, isspace, etc.) when called with out-of-range (e.g. negative) values.
      This problem only affects MSVC debug builds, but if you run them (like I do), these things are like little time bombs that can drive you crazy (knocking your board out of service).
      The new macros names are bit more descriptive as well.
  24. 25 Oct, 2020 1 commit
    • Rob Swindell's avatar
      Support manual terminal columns setting per user · 8afac993
      Rob Swindell authored
      The default terminal columns (still 0/auto) can be overridden with the 'L' command from the user defaults menu. 
      Also increased maximum manual terminal rows setting from 99 to 999 - this involved moving the record in user.dat, though the old record value is auto-migrated.
  25. 21 Oct, 2020 1 commit
    • Rob Swindell's avatar
      Treat every login failure with no password available as unique · 1e9d5c2c
      Rob Swindell authored
      When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.
  26. 15 Oct, 2020 1 commit
    • Rob Swindell's avatar
      People don't like YYYY/MM/DD for entering birthdates · 9e6f9042
      Rob Swindell authored
      Can't say I don't blame them, it is a little unnatural. So instead, use either MM/DD/YYYY (the default) or DD/MM/YYYY (European date mode). This required the use of a new @-code: BDATEFMT and the update of a couple of text.dat lines (in next commit).
  27. 04 Oct, 2020 1 commit
    • Rob Swindell's avatar
      New functions to return a user's birthdate in multiple formats · 22e529cd
      Rob Swindell authored
      e.g. MM/DD/YY for drop files that assume that format, or either MM/DD/YY or
      DD/MM/YY (depending on sysop preference) for backwards compatibility in
      expanded @-codes, Guru chat keyword.
      Fixed the birthdate check while logging on to work with new/all birthdate
  28. 03 Oct, 2020 1 commit
  29. 15 Sep, 2020 1 commit
  30. 16 Aug, 2020 2 commits
  31. 01 Aug, 2020 1 commit
    • rswindell's avatar
      Auto-detect non-Telnet connections to the terminal server's Telnet port and · 40d829f2
      rswindell authored
      automatically revert to Raw/TCP mode. This resolves the issue of users that
      connect using modem/serial emulators over TCP that do not actually support Telnet and then either try to transfer files, which usually will not work due to escaped (or unescaped) IAC (0xFF) characters, or the user may be sent Telnet Go Ahead (GA) sequences which may display as periodic garbage in their terminal program.
      This seemed like a better solution than having (yet another) dedicated terminal server port for "raw" connections over TCP, though a "raw" port still might not be a bad idea for a future enhancement. RLogin is already super close to "raw", so it's probably not really necessary to have another port configured/listening.