• exec/login.js

    From rswindell@VERT to CVS commit on Mon May 9 04:05:15 2016
    exec login.js 1.11 1.12
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv3431

    Modified Files:
    login.js
    Log Message:
    If login_prompts is set in the [login] section of ctrl/modopts.ini, use that value (instead of the hard-coded 10) to limit the number of login prompts displayed before disconnecting the user. A failed password attempt counts as
    "2 prompts".



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ telnet://vert.synchro.net
  • From rswindell@VERT to CVS commit on Fri May 27 04:34:25 2016
    exec login.js 1.12 1.13
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv4637

    Modified Files:
    login.js
    Log Message:
    When a user fails to login using a block name (from name.can), immediately disconnect them (with a message) and log a notice.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ telnet://vert.synchro.net
  • From rswindell@VERT to CVS commit on Tue Dec 6 06:23:32 2016
    exec login.js 1.13 1.14
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv25066

    Modified Files:
    login.js
    Log Message:
    Cut 75% off of the inactivity hang-up timeout when a terminal type (e.g. ANSI) is not auto-detected. These hacking bots and scripts don't support ANSI.


    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ telnet://vert.synchro.net
  • From rswindell@VERT to CVS commit on Tue Nov 28 03:20:39 2017
    exec login.js 1.14 1.15
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv23206

    Modified Files:
    login.js
    Log Message:
    Added more detail to the lost account info (password) email and log
    a message for the sysop.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Mon Oct 22 03:08:53 2018
    exec login.js 1.15 1.16
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv9142

    Modified Files:
    login.js
    Log Message:
    Beautification for smaller (e.g. 40-column) terminals.
    Also, allow the inactivity timeout value for connections without an auto-detected terminal to be set explicitly via modopts.ini
    [login] inactive_hangup = 30 (seconds)
    rather than deriving from the configured inactivity hangup value in SCFG->Nodes.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sat Feb 16 21:09:44 2019
    exec login.js 1.16 1.17
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv3623

    Modified Files:
    login.js
    Log Message:
    Enhancement to the failed login/password-email feature:
    If confirm_email_address = false in the [login] section of modopts.ini, do not ask the user to confirm their email address before sending password.
    Do not display the email address back to the user (in case they did not already know it).
    Send the user a telegram for each failed login attempt (using user alias, not number).
    Send the user a telegram when their account info (password) was requested.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Tue Jul 16 02:30:41 2019
    exec login.js 1.18 1.19
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv27474

    Modified Files:
    login.js
    Log Message:
    2 changes:
    Always parse/strip the fast_logon_char (default: '!') from the login name /number. This way if users get used to logging in in this fashion, it won't stimy them if the sysop disables the feature.

    Added fast_logon_requirements option (default: blank) which is an optional
    ARS to limit fast logon support to specific user-groups.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thu Jan 23 15:48:11 2020
    exec login.js 1.20 1.21
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv28889

    Modified Files:
    login.js
    Log Message:
    Support guest=false in [login] section of modopts.ini


    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to sbbs/master on Sun Sep 20 02:54:45 2020
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/b05b2cc15bc5da16d5da1be6
    Modified Files:
    exec/login.js
    Log Message:
    Re-enable the short inactivity timeout for non-terminal connections (bots)

    As of Oct-25-2018, the NO_EXASCII flag was set in the autoterm variable
    when there was no ANSI terminal auto-detected. This defeated the short inactivity timeout feature of login.js because it was checking specifically
    for a zero-value autoterm.

    So change this logic to check for no ANSI, PETSCII, or UTF-8 (the 3 indicators of a valid terminal) - though I suppose PETSCII is questionable (it's not actually auto-detected, just a non-standard port usually).

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Mar 27 21:57:16 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/35d1f33534a152aa7c46c56c
    Modified Files:
    exec/login.js
    Log Message:
    Run the "inactive_hangup" option through parseInt()

    Just in case it was read as a string (e.g. had a ; comment following the value)

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jan 21 18:28:12 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/e6017a35aa2fecf4d05a4621
    Modified Files:
    exec/login.js
    Log Message:
    Restore stealth legacy login prompt (NN:)

    This old prompt used to be sent for any login scripts (e.g. QWKnet
    via dial-up) that would key off that WWIV-like "name or number"
    (NN:) prompt, but was removed (accidentally?) in commit fedabb0b8f6dfcdc4.

    Send "NN: " and "PW: " (include the trailing space, just in case), and use carriage return to move back (and overwrite) rather than 4 backspaces.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sat Feb 4 20:20:08 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/f5c555808b050bc980af2852
    Modified Files:
    exec/login.js
    Log Message:
    The bare CR is treated as CRLF on PETSCII, so use Ctrl-A[ instead

    We don't do output translation for PETSCII terminals for CR or LF
    chars, so this trick is needed, at least currently, for the NN legacy prompt
    to be properly over-written/invisible for CBM/PETSCII terminals.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on ChromeOS)@VERT to Git commit to main/sbbs/master on Sat Feb 11 13:35:16 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/1b67a35ef4230d8ac379e04a
    Modified Files:
    exec/login.js
    Log Message:
    Use the new (to v3.20) method of checking for login-by-usernumber support

    The old NM_NO_NUM flag is unused/deprecated.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sat Mar 18 14:51:34 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/b91e77719928033321808776
    Modified Files:
    exec/login.js
    Log Message:
    Apply inactive_hangup option (for dumb terminals) using max_socket_inactivity

    this insures that inactive dumb (bot) connections will be disconnected even when using a script (e.g. animated pause prompt) that doesn't time-out.

    Also, if the connected node is the last node (for this sbbs instance), divide the socket inactivity timeout value in half.

    These changes (along with sbbs v3.20) should help with DOS (denial-of-service, not MS-DOS) prevention.

    Mainly for Krueger.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Tue Jul 25 17:02:02 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/7f1525c5bca05030d54a2c40
    Modified Files:
    exec/login.js
    Log Message:
    Enable "use strict" mode in this script - best practice

    Requires hex literals for control chars instead of octal
    (e.g. \x01 instead of \1)

    All stock scripts should be using strict mode, so this was a miss.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Fri Nov 10 20:38:03 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/567753c0f1a7793407dc3566
    Modified Files:
    exec/login.js
    Log Message:
    Only call the re-login support functions if re-logging-in

    These functions were causing enumeration issues with JSDOC builds (before the recent refactor that fixes that enumertion order problem), but
    really these calls should've been conditional anyway.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net