Apparently this was missed in the original port from Baja to JS of chat_sec.src

via BASIC or DIGEST auth - this clears the client IP from the login attempt
list (as is supposed to happen).
Currently, the JS "login" method does not do this (and a JS login failure does
not get added to the login attempt list).

- Added year to "Time" column
- Changed column headings to be more verbose/descriptive.
- Enable full row select
- Enable multiple item select
- Added "Lookup Hostname" right-click popup menu option (to perform reverse DNS
lookup of IP addrses and display the result in a modal dialog window).
- Added "Filter IP Address" right-click popup menu option to allow immediate
filtering/blocking of the selected IP address(es).

loginAttempt* settings (globally).

edit box.

throttling, logging, and blocking/filtering brute-force user/password hackers.
Failed HTTP digest authentication failures actually log the failure (including
the detailed reason for the failure).
But for some reason, I've only been able to get IE, FF and Chrome to use
BASIC authentication (not digest), so presumably there is a bug somewhere in
regards to support for digest auth.

  obvious)

signup process would be started without the current client IP address being
added to the 'failed login attempt' list. This means that brute force login
attempts using SSH or RLogin would usually not be subject to the loginAttempt
delays and logging/filtering settings (in sbbs.ini), since the usernames
attempted (e.g. root, admin) are usually not valid usernames.

More:
- Log failed password attempts before calling badlogin() -which can delay.
- Stop RLogin and SSH password prompt loop immediately if disconnected.
- Log RLogin and SSH passwords used for invalid usernames (when password
  logging is enabled in SCFG).
- Log attempted usernames in quotes (so prepenned or trailing whitespace is more
  obvious)

answer() set online to ON_REMOTE. This should resolve the issue with SSH brute
force password attackers hanging nodes in "new user applying for access".
The actual fix was to remove the set of the online variable to ON_REMOTE
in answer() (it's initialized to this value in the sbbs_t constructor), the
check in getkey() is just for extra paranoia and should not be necessary.

(sans angle brackets), before any "name alias" conversion - in addition to the
current matching (against just the name portion of the recipient address or the
aliased target). This allows external mail processor selection/filtering based
on 'to' address even when using an alias to go to a common user (e.g. user #1).

In printBoards, try to find the most recent non-deleted message to show as 'latest' - reported by Khelair.

Remove previous months from the DB on startup, if they are there - otherwise the DB will become swollen and irritated.

Don't try to read the entire sequence array and then choke on its impressive girth.  Keep working instead.

Recommend updating frame.js and sprite.js.  Corrected an incorrect path with a correction to the correct value so that people can set things up correctly.

the internal useron user_t.
This means adding some bbs.user_sync() calls back in.

Thanks Ragnorok.

been entered and checked.

Favour item.content for import as message body, if it exists.  Replace some HTML entities not caught by html_decode (more needs to be done here, and some if not all of it is derp.)  May cause dupe imports (I suggest only using this on subs that you are willing to pollute, for the time being.)

var GetStrMenu=765;

Set user.number to newuser.number and call user_sync().  login should do
this, so if this works, something is amiss.

This is likely not overly useful however aside from indicating a problem.