Limit chat message size to 8192 bytes

[rbdr/mobius] / hotline / transaction_handlers.go
diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go

index 5a9ea5ef40400ae19dbbe427420d010555c72adb..271f3085d07b683f2225fe88c992beda028b03d9 100644 (file)
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -1,11 +1,13 @@
  package hotline
  
  import (
+       "bufio"
         "bytes"
         "encoding/binary"
-       "errors"
         "fmt"
+       "github.com/davecgh/go-spew/spew"
         "gopkg.in/yaml.v3"
+       "io"
         "math/big"
         "os"
         "path"
@@ -15,276 +17,116 @@ import (
         "time"
  )
  
-type TransactionType struct {
-       Handler        func(*ClientConn, *Transaction) ([]Transaction, error) // function for handling the transaction type
-       Name           string                                                 // Name of transaction as it will appear in logging
-       RequiredFields []requiredField
+// HandlerFunc is the signature of a func to handle a Hotline transaction.
+type HandlerFunc func(*ClientConn, *Transaction) []Transaction
+
+// TransactionHandlers maps a transaction type to a handler function.
+var TransactionHandlers = map[TranType]HandlerFunc{
+       TranAgreed:             HandleTranAgreed,
+       TranChatSend:           HandleChatSend,
+       TranDelNewsArt:         HandleDelNewsArt,
+       TranDelNewsItem:        HandleDelNewsItem,
+       TranDeleteFile:         HandleDeleteFile,
+       TranDeleteUser:         HandleDeleteUser,
+       TranDisconnectUser:     HandleDisconnectUser,
+       TranDownloadFile:       HandleDownloadFile,
+       TranDownloadFldr:       HandleDownloadFolder,
+       TranGetClientInfoText:  HandleGetClientInfoText,
+       TranGetFileInfo:        HandleGetFileInfo,
+       TranGetFileNameList:    HandleGetFileNameList,
+       TranGetMsgs:            HandleGetMsgs,
+       TranGetNewsArtData:     HandleGetNewsArtData,
+       TranGetNewsArtNameList: HandleGetNewsArtNameList,
+       TranGetNewsCatNameList: HandleGetNewsCatNameList,
+       TranGetUser:            HandleGetUser,
+       TranGetUserNameList:    HandleGetUserNameList,
+       TranInviteNewChat:      HandleInviteNewChat,
+       TranInviteToChat:       HandleInviteToChat,
+       TranJoinChat:           HandleJoinChat,
+       TranKeepAlive:          HandleKeepAlive,
+       TranLeaveChat:          HandleLeaveChat,
+       TranListUsers:          HandleListUsers,
+       TranMoveFile:           HandleMoveFile,
+       TranNewFolder:          HandleNewFolder,
+       TranNewNewsCat:         HandleNewNewsCat,
+       TranNewNewsFldr:        HandleNewNewsFldr,
+       TranNewUser:            HandleNewUser,
+       TranUpdateUser:         HandleUpdateUser,
+       TranOldPostNews:        HandleTranOldPostNews,
+       TranPostNewsArt:        HandlePostNewsArt,
+       TranRejectChatInvite:   HandleRejectChatInvite,
+       TranSendInstantMsg:     HandleSendInstantMsg,
+       TranSetChatSubject:     HandleSetChatSubject,
+       TranMakeFileAlias:      HandleMakeAlias,
+       TranSetClientUserInfo:  HandleSetClientUserInfo,
+       TranSetFileInfo:        HandleSetFileInfo,
+       TranSetUser:            HandleSetUser,
+       TranUploadFile:         HandleUploadFile,
+       TranUploadFldr:         HandleUploadFolder,
+       TranUserBroadcast:      HandleUserBroadcast,
+       TranDownloadBanner:     HandleDownloadBanner,
  }
  
-var TransactionHandlers = map[uint16]TransactionType{
-       // Server initiated
-       tranChatMsg: {
-               Name: "tranChatMsg",
-       },
-       // Server initiated
-       tranNotifyChangeUser: {
-               Name: "tranNotifyChangeUser",
-       },
-       tranError: {
-               Name: "tranError",
-       },
-       tranShowAgreement: {
-               Name: "tranShowAgreement",
-       },
-       tranUserAccess: {
-               Name: "tranUserAccess",
-       },
-       tranNotifyDeleteUser: {
-               Name: "tranNotifyDeleteUser",
-       },
-       tranAgreed: {
-               Name:    "tranAgreed",
-               Handler: HandleTranAgreed,
-       },
-       tranChatSend: {
-               Name:    "tranChatSend",
-               Handler: HandleChatSend,
-               RequiredFields: []requiredField{
-                       {
-                               ID:     fieldData,
-                               minLen: 0,
-                       },
-               },
-       },
-       tranDelNewsArt: {
-               Name:    "tranDelNewsArt",
-               Handler: HandleDelNewsArt,
-       },
-       tranDelNewsItem: {
-               Name:    "tranDelNewsItem",
-               Handler: HandleDelNewsItem,
-       },
-       tranDeleteFile: {
-               Name:    "tranDeleteFile",
-               Handler: HandleDeleteFile,
-       },
-       tranDeleteUser: {
-               Name:    "tranDeleteUser",
-               Handler: HandleDeleteUser,
-       },
-       tranDisconnectUser: {
-               Name:    "tranDisconnectUser",
-               Handler: HandleDisconnectUser,
-       },
-       tranDownloadFile: {
-               Name:    "tranDownloadFile",
-               Handler: HandleDownloadFile,
-       },
-       tranDownloadFldr: {
-               Name:    "tranDownloadFldr",
-               Handler: HandleDownloadFolder,
-       },
-       tranGetClientInfoText: {
-               Name:    "tranGetClientInfoText",
-               Handler: HandleGetClientInfoText,
-       },
-       tranGetFileInfo: {
-               Name:    "tranGetFileInfo",
-               Handler: HandleGetFileInfo,
-       },
-       tranGetFileNameList: {
-               Name:    "tranGetFileNameList",
-               Handler: HandleGetFileNameList,
-       },
-       tranGetMsgs: {
-               Name:    "tranGetMsgs",
-               Handler: HandleGetMsgs,
-       },
-       tranGetNewsArtData: {
-               Name:    "tranGetNewsArtData",
-               Handler: HandleGetNewsArtData,
-       },
-       tranGetNewsArtNameList: {
-               Name:    "tranGetNewsArtNameList",
-               Handler: HandleGetNewsArtNameList,
-       },
-       tranGetNewsCatNameList: {
-               Name:    "tranGetNewsCatNameList",
-               Handler: HandleGetNewsCatNameList,
-       },
-       tranGetUser: {
-               Name:    "tranGetUser",
-               Handler: HandleGetUser,
-       },
-       tranGetUserNameList: {
-               Name:    "tranHandleGetUserNameList",
-               Handler: HandleGetUserNameList,
-       },
-       tranInviteNewChat: {
-               Name:    "tranInviteNewChat",
-               Handler: HandleInviteNewChat,
-       },
-       tranInviteToChat: {
-               Name:    "tranInviteToChat",
-               Handler: HandleInviteToChat,
-       },
-       tranJoinChat: {
-               Name:    "tranJoinChat",
-               Handler: HandleJoinChat,
-       },
-       tranKeepAlive: {
-               Name:    "tranKeepAlive",
-               Handler: HandleKeepAlive,
-       },
-       tranLeaveChat: {
-               Name:    "tranJoinChat",
-               Handler: HandleLeaveChat,
-       },
-       tranListUsers: {
-               Name:    "tranListUsers",
-               Handler: HandleListUsers,
-       },
-       tranMoveFile: {
-               Name:    "tranMoveFile",
-               Handler: HandleMoveFile,
-       },
-       tranNewFolder: {
-               Name:    "tranNewFolder",
-               Handler: HandleNewFolder,
-       },
-       tranNewNewsCat: {
-               Name:    "tranNewNewsCat",
-               Handler: HandleNewNewsCat,
-       },
-       tranNewNewsFldr: {
-               Name:    "tranNewNewsFldr",
-               Handler: HandleNewNewsFldr,
-       },
-       tranNewUser: {
-               Name:    "tranNewUser",
-               Handler: HandleNewUser,
-       },
-       tranUpdateUser: {
-               Name:    "tranUpdateUser",
-               Handler: HandleUpdateUser,
-       },
-       tranOldPostNews: {
-               Name:    "tranOldPostNews",
-               Handler: HandleTranOldPostNews,
-       },
-       tranPostNewsArt: {
-               Name:    "tranPostNewsArt",
-               Handler: HandlePostNewsArt,
-       },
-       tranRejectChatInvite: {
-               Name:    "tranRejectChatInvite",
-               Handler: HandleRejectChatInvite,
-       },
-       tranSendInstantMsg: {
-               Name:    "tranSendInstantMsg",
-               Handler: HandleSendInstantMsg,
-               RequiredFields: []requiredField{
-                       {
-                               ID:     fieldData,
-                               minLen: 0,
-                       },
-                       {
-                               ID: fieldUserID,
-                       },
-               },
-       },
-       tranSetChatSubject: {
-               Name:    "tranSetChatSubject",
-               Handler: HandleSetChatSubject,
-       },
-       tranMakeFileAlias: {
-               Name:    "tranMakeFileAlias",
-               Handler: HandleMakeAlias,
-               RequiredFields: []requiredField{
-                       {ID: fieldFileName, minLen: 1},
-                       {ID: fieldFilePath, minLen: 1},
-                       {ID: fieldFileNewPath, minLen: 1},
-               },
-       },
-       tranSetClientUserInfo: {
-               Name:    "tranSetClientUserInfo",
-               Handler: HandleSetClientUserInfo,
-       },
-       tranSetFileInfo: {
-               Name:    "tranSetFileInfo",
-               Handler: HandleSetFileInfo,
-       },
-       tranSetUser: {
-               Name:    "tranSetUser",
-               Handler: HandleSetUser,
-       },
-       tranUploadFile: {
-               Name:    "tranUploadFile",
-               Handler: HandleUploadFile,
-       },
-       tranUploadFldr: {
-               Name:    "tranUploadFldr",
-               Handler: HandleUploadFolder,
-       },
-       tranUserBroadcast: {
-               Name:    "tranUserBroadcast",
-               Handler: HandleUserBroadcast,
-       },
-       tranDownloadBanner: {
-               Name:    "tranDownloadBanner",
-               Handler: HandleDownloadBanner,
-       },
-}
+// The total size of a chat message data field is 8192 bytes.
+const chatMsgLimit = 8192
  
-func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessSendChat) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to participate in chat.")
         }
  
         // Truncate long usernames
-       trunc := fmt.Sprintf("%13s", cc.UserName)
-       formattedMsg := fmt.Sprintf("\r%.14s:  %s", trunc, t.GetField(fieldData).Data)
+       // %13.13s: This means a string that is right-aligned in a field of 13 characters.
+       // If the string is longer than 13 characters, it will be truncated to 13 characters.
+       formattedMsg := fmt.Sprintf("\r%13.13s:  %s", cc.UserName, t.GetField(FieldData).Data)
  
         // By holding the option key, Hotline chat allows users to send /me formatted messages like:
         // *** Halcyon does stuff
-       // This is indicated by the presence of the optional field fieldChatOptions in the transaction payload
-       if t.GetField(fieldChatOptions).Data != nil {
-               formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data)
+       // This is indicated by the presence of the optional field FieldChatOptions set to a value of 1.
+       // Most clients do not send this option for normal chat messages.
+       if t.GetField(FieldChatOptions).Data != nil && bytes.Equal(t.GetField(FieldChatOptions).Data, []byte{0, 1}) {
+               formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(FieldData).Data)
         }
  
-       chatID := t.GetField(fieldChatID).Data
-       // a non-nil chatID indicates the message belongs to a private chat
-       if chatID != nil {
-               chatInt := binary.BigEndian.Uint32(chatID)
-               privChat := cc.Server.PrivateChats[chatInt]
+       // Truncate the message to the limit.  This does not handle the edge case of a string ending on multibyte character.
+       formattedMsg = formattedMsg[:min(len(formattedMsg), chatMsgLimit)]
  
-               clients := sortedClients(privChat.ClientConn)
+       // The ChatID field is used to identify messages as belonging to a private chat.
+       // All clients *except* Frogblast omit this field for public chat, but Frogblast sends a value of 00 00 00 00.
+       chatID := t.GetField(FieldChatID).Data
+       if chatID != nil && !bytes.Equal([]byte{0, 0, 0, 0}, chatID) {
+               privChat := cc.Server.PrivateChats[[4]byte(chatID)]
  
                 // send the message to all connected clients of the private chat
-               for _, c := range clients {
-                       res = append(res, *NewTransaction(
-                               tranChatMsg,
+               for _, c := range privChat.ClientConn {
+                       res = append(res, NewTransaction(
+                               TranChatMsg,
                                 c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldData, []byte(formattedMsg)),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldData, []byte(formattedMsg)),
                         ))
                 }
-               return res, err
+               return res
         }
  
-       for _, c := range sortedClients(cc.Server.Clients) {
-               // Filter out clients that do not have the read chat permission
+       //cc.Server.mux.Lock()
+       for _, c := range cc.Server.Clients {
+               if c == nil || cc.Account == nil {
+                       continue
+               }
+               // Skip clients that do not have the read chat permission.
                 if c.Authorize(accessReadChat) {
-                       res = append(res, *NewTransaction(tranChatMsg, c.ID, NewField(fieldData, []byte(formattedMsg))))
+                       res = append(res, NewTransaction(TranChatMsg, c.ID, NewField(FieldData, []byte(formattedMsg))))
                 }
         }
+       //cc.Server.mux.Unlock()
  
-       return res, err
+       return res
  }
  
  // HandleSendInstantMsg sends instant message to the user on the current server.
  // Fields used in the request:
+//
  //     103     User ID
  //     113     Options
  //             One of the following values:
@@ -297,308 +139,309 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
  //
  // Fields used in the reply:
  // None
-func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessSendPrivMsg) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to send private messages."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to send private messages.")
         }
  
-       msg := t.GetField(fieldData)
-       ID := t.GetField(fieldUserID)
+       msg := t.GetField(FieldData)
+       userID := t.GetField(FieldUserID)
  
         reply := NewTransaction(
-               tranServerMsg,
-               &ID.Data,
-               NewField(fieldData, msg.Data),
-               NewField(fieldUserName, cc.UserName),
-               NewField(fieldUserID, *cc.ID),
-               NewField(fieldOptions, []byte{0, 1}),
+               TranServerMsg,
+               [2]byte(userID.Data),
+               NewField(FieldData, msg.Data),
+               NewField(FieldUserName, cc.UserName),
+               NewField(FieldUserID, cc.ID[:]),
+               NewField(FieldOptions, []byte{0, 1}),
         )
  
-       // Later versions of Hotline include the original message in the fieldQuotingMsg field so
+       // Later versions of Hotline include the original message in the FieldQuotingMsg field so
         //  the receiving client can display both the received message and what it is in reply to
-       if t.GetField(fieldQuotingMsg).Data != nil {
-               reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
+       if t.GetField(FieldQuotingMsg).Data != nil {
+               reply.Fields = append(reply.Fields, NewField(FieldQuotingMsg, t.GetField(FieldQuotingMsg).Data))
         }
  
-       id, _ := byteToInt(ID.Data)
-       otherClient, ok := cc.Server.Clients[uint16(id)]
+       otherClient, ok := cc.Server.Clients[[2]byte(userID.Data)]
         if !ok {
-               return res, errors.New("invalid client ID")
+               return res
         }
  
         // Check if target user has "Refuse private messages" flag
-       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags)))
-       if flagBitmap.Bit(userFLagRefusePChat) == 1 {
+       if otherClient.Flags.IsSet(UserFlagRefusePM) {
                 res = append(res,
-                       *NewTransaction(
-                               tranServerMsg,
+                       NewTransaction(
+                               TranServerMsg,
                                 cc.ID,
-                               NewField(fieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")),
-                               NewField(fieldUserName, otherClient.UserName),
-                               NewField(fieldUserID, *otherClient.ID),
-                               NewField(fieldOptions, []byte{0, 2}),
+                               NewField(FieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")),
+                               NewField(FieldUserName, otherClient.UserName),
+                               NewField(FieldUserID, otherClient.ID[:]),
+                               NewField(FieldOptions, []byte{0, 2}),
                         ),
                 )
         } else {
-               res = append(res, *reply)
+               res = append(res, reply)
         }
  
         // Respond with auto reply if other client has it enabled
         if len(otherClient.AutoReply) > 0 {
                 res = append(res,
-                       *NewTransaction(
-                               tranServerMsg,
+                       NewTransaction(
+                               TranServerMsg,
                                 cc.ID,
-                               NewField(fieldData, otherClient.AutoReply),
-                               NewField(fieldUserName, otherClient.UserName),
-                               NewField(fieldUserID, *otherClient.ID),
-                               NewField(fieldOptions, []byte{0, 1}),
+                               NewField(FieldData, otherClient.AutoReply),
+                               NewField(FieldUserName, otherClient.UserName),
+                               NewField(FieldUserID, otherClient.ID[:]),
+                               NewField(FieldOptions, []byte{0, 1}),
                         ),
                 )
         }
  
-       res = append(res, cc.NewReply(t))
-
-       return res, err
+       return append(res, cc.NewReply(t))
  }
  
-func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
+var fileTypeFLDR = [4]byte{0x66, 0x6c, 0x64, 0x72}
+
+func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction) {
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
  
         fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
-               return res, err
+               return res
         }
  
         fw, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
         if err != nil {
-               return res, err
+               return res
         }
  
-       res = append(res, cc.NewReply(t,
-               NewField(fieldFileName, []byte(fw.name)),
-               NewField(fieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()),
-               NewField(fieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()),
-               NewField(fieldFileComment, fw.ffo.FlatFileInformationFork.Comment),
-               NewField(fieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature),
-               NewField(fieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate),
-               NewField(fieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate),
-               NewField(fieldFileSize, fw.totalSize()),
-       ))
-       return res, err
+       encodedName, err := txtEncoder.String(fw.name)
+       if err != nil {
+               return res
+       }
+
+       fields := []Field{
+               NewField(FieldFileName, []byte(encodedName)),
+               NewField(FieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()),
+               NewField(FieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()),
+               NewField(FieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature[:]),
+               NewField(FieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate[:]),
+               NewField(FieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate[:]),
+       }
+
+       // Include the optional FileComment field if there is a comment.
+       if len(fw.ffo.FlatFileInformationFork.Comment) != 0 {
+               fields = append(fields, NewField(FieldFileComment, fw.ffo.FlatFileInformationFork.Comment))
+       }
+
+       // Include the FileSize field for files.
+       if fw.ffo.FlatFileInformationFork.TypeSignature != fileTypeFLDR {
+               fields = append(fields, NewField(FieldFileSize, fw.totalSize()))
+       }
+
+       res = append(res, cc.NewReply(t, fields...))
+       return res
  }
  
-// HandleSetFileInfo updates a file or folder name and/or comment from the Get Info window
+// HandleSetFileInfo updates a file or folder Name and/or comment from the Get Info window
  // Fields used in the request:
-// * 201       File name
+// * 201       File Name
  // * 202       File path       Optional
-// * 211       File new name   Optional
+// * 211       File new Name   Optional
  // * 210       File comment    Optional
  // Fields used in the reply:   None
-func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
+func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction) {
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
  
         fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
-               return res, err
+               return res
         }
  
         fi, err := cc.Server.FS.Stat(fullFilePath)
         if err != nil {
-               return res, err
+               return res
         }
  
         hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
         if err != nil {
-               return res, err
+               return res
         }
-       if t.GetField(fieldFileComment).Data != nil {
+       if t.GetField(FieldFileComment).Data != nil {
                 switch mode := fi.Mode(); {
                 case mode.IsDir():
                         if !cc.Authorize(accessSetFolderComment) {
-                               res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for folders."))
-                               return res, err
+                               return cc.NewErrReply(t, "You are not allowed to set comments for folders.")
                         }
                 case mode.IsRegular():
                         if !cc.Authorize(accessSetFileComment) {
-                               res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for files."))
-                               return res, err
+                               return cc.NewErrReply(t, "You are not allowed to set comments for files.")
                         }
                 }
  
-               if err := hlFile.ffo.FlatFileInformationFork.setComment(t.GetField(fieldFileComment).Data); err != nil {
-                       return res, err
+               if err := hlFile.ffo.FlatFileInformationFork.setComment(t.GetField(FieldFileComment).Data); err != nil {
+                       return res
                 }
                 w, err := hlFile.infoForkWriter()
                 if err != nil {
-                       return res, err
+                       return res
                 }
-               _, err = w.Write(hlFile.ffo.FlatFileInformationFork.MarshalBinary())
+               _, err = io.Copy(w, &hlFile.ffo.FlatFileInformationFork)
                 if err != nil {
-                       return res, err
+                       return res
                 }
         }
  
-       fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(fieldFileNewName).Data)
+       fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(FieldFileNewName).Data)
         if err != nil {
-               return nil, err
+               return nil
         }
  
-       fileNewName := t.GetField(fieldFileNewName).Data
+       fileNewName := t.GetField(FieldFileNewName).Data
  
         if fileNewName != nil {
                 switch mode := fi.Mode(); {
                 case mode.IsDir():
                         if !cc.Authorize(accessRenameFolder) {
-                               res = append(res, cc.NewErrReply(t, "You are not allowed to rename folders."))
-                               return res, err
+                               return cc.NewErrReply(t, "You are not allowed to rename folders.")
                         }
                         err = os.Rename(fullFilePath, fullNewFilePath)
                         if os.IsNotExist(err) {
-                               res = append(res, cc.NewErrReply(t, "Cannot rename folder "+string(fileName)+" because it does not exist or cannot be found."))
-                               return res, err
+                               return cc.NewErrReply(t, "Cannot rename folder "+string(fileName)+" because it does not exist or cannot be found.")
+
                         }
                 case mode.IsRegular():
                         if !cc.Authorize(accessRenameFile) {
-                               res = append(res, cc.NewErrReply(t, "You are not allowed to rename files."))
-                               return res, err
+                               return cc.NewErrReply(t, "You are not allowed to rename files.")
                         }
                         fileDir, err := readPath(cc.Server.Config.FileRoot, filePath, []byte{})
                         if err != nil {
-                               return nil, err
+                               return nil
                         }
-                       hlFile.name = string(fileNewName)
+                       hlFile.name, err = txtDecoder.String(string(fileNewName))
+                       if err != nil {
+                               return res
+                       }
+
                         err = hlFile.move(fileDir)
                         if os.IsNotExist(err) {
-                               res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
-                               return res, err
+                               return cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found.")
                         }
                         if err != nil {
-                               return res, err
+                               return res
                         }
                 }
         }
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
  // HandleDeleteFile deletes a file or folder
  // Fields used in the request:
-// * 201       File name
+// * 201       File Name
  // * 202       File path
  // Fields used in the reply: none
-func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
+func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction) {
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
  
         fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
-               return res, err
+               return res
         }
  
         hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
         if err != nil {
-               return res, err
+               return res
         }
  
         fi, err := hlFile.dataFile()
         if err != nil {
-               res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found."))
-               return res, nil
+               return cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found.")
         }
  
         switch mode := fi.Mode(); {
         case mode.IsDir():
                 if !cc.Authorize(accessDeleteFolder) {
-                       res = append(res, cc.NewErrReply(t, "You are not allowed to delete folders."))
-                       return res, err
+                       return cc.NewErrReply(t, "You are not allowed to delete folders.")
                 }
         case mode.IsRegular():
                 if !cc.Authorize(accessDeleteFile) {
-                       res = append(res, cc.NewErrReply(t, "You are not allowed to delete files."))
-                       return res, err
+                       return cc.NewErrReply(t, "You are not allowed to delete files.")
                 }
         }
  
         if err := hlFile.delete(); err != nil {
-               return res, err
+               return res
         }
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
  // HandleMoveFile moves files or folders. Note: seemingly not documented
-func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := string(t.GetField(fieldFileName).Data)
+func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction) {
+       fileName := string(t.GetField(FieldFileName).Data)
  
-       filePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
+       filePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data)
         if err != nil {
-               return res, err
+               return res
         }
  
-       fileNewPath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFileNewPath).Data, nil)
+       fileNewPath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFileNewPath).Data, nil)
         if err != nil {
-               return res, err
+               return res
         }
  
-       cc.logger.Infow("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
+       cc.logger.Info("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
  
         hlFile, err := newFileWrapper(cc.Server.FS, filePath, 0)
         if err != nil {
-               return res, err
+               return res
         }
  
         fi, err := hlFile.dataFile()
         if err != nil {
-               res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
-               return res, err
-       }
-       if err != nil {
-               return res, err
+               return cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found.")
         }
         switch mode := fi.Mode(); {
         case mode.IsDir():
                 if !cc.Authorize(accessMoveFolder) {
-                       res = append(res, cc.NewErrReply(t, "You are not allowed to move folders."))
-                       return res, err
+                       return cc.NewErrReply(t, "You are not allowed to move folders.")
                 }
         case mode.IsRegular():
                 if !cc.Authorize(accessMoveFile) {
-                       res = append(res, cc.NewErrReply(t, "You are not allowed to move files."))
-                       return res, err
+                       return cc.NewErrReply(t, "You are not allowed to move files.")
                 }
         }
         if err := hlFile.move(fileNewPath); err != nil {
-               return res, err
+               return res
         }
         // TODO: handle other possible errors; e.g. fileWrapper delete fails due to fileWrapper permission issue
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
-func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessCreateFolder) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to create folders."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to create folders.")
         }
-       folderName := string(t.GetField(fieldFileName).Data)
+       folderName := string(t.GetField(FieldFileName).Data)
  
         folderName = path.Join("/", folderName)
  
         var subPath string
  
-       // fieldFilePath is only present for nested paths
-       if t.GetField(fieldFilePath).Data != nil {
+       // FieldFilePath is only present for nested paths
+       if t.GetField(FieldFilePath).Data != nil {
                 var newFp FilePath
-               _, err := newFp.Write(t.GetField(fieldFilePath).Data)
+               _, err := newFp.Write(t.GetField(FieldFilePath).Data)
                 if err != nil {
-                       return nil, err
+                       return res
                 }
  
                 for _, pathItem := range newFp.Items {
@@ -606,128 +449,127 @@ func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err err
                 }
         }
         newFolderPath := path.Join(cc.Server.Config.FileRoot, subPath, folderName)
+       newFolderPath, err := txtDecoder.String(newFolderPath)
+       if err != nil {
+               return res
+       }
  
-       // TODO: check path and folder name lengths
+       // TODO: check path and folder Name lengths
  
         if _, err := cc.Server.FS.Stat(newFolderPath); !os.IsNotExist(err) {
-               msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName)
-               return []Transaction{cc.NewErrReply(t, msg)}, nil
+               msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that Name.", folderName)
+               return cc.NewErrReply(t, msg)
         }
  
-       // TODO: check for disallowed characters to maintain compatibility for original client
-
         if err := cc.Server.FS.Mkdir(newFolderPath, 0777); err != nil {
                 msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName)
-               return []Transaction{cc.NewErrReply(t, msg)}, nil
+               return cc.NewErrReply(t, msg)
         }
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
-func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessModifyUser) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to modify accounts.")
         }
  
-       login := DecodeUserString(t.GetField(fieldUserLogin).Data)
-       userName := string(t.GetField(fieldUserName).Data)
+       login := string(encodeString(t.GetField(FieldUserLogin).Data))
+       userName := string(t.GetField(FieldUserName).Data)
  
-       newAccessLvl := t.GetField(fieldUserAccess).Data
+       newAccessLvl := t.GetField(FieldUserAccess).Data
  
         account := cc.Server.Accounts[login]
+       if account == nil {
+               return cc.NewErrReply(t, "Account not found.")
+       }
         account.Name = userName
         copy(account.Access[:], newAccessLvl)
  
         // If the password field is cleared in the Hotline edit user UI, the SetUser transaction does
-       // not include fieldUserPassword
-       if t.GetField(fieldUserPassword).Data == nil {
+       // not include FieldUserPassword
+       if t.GetField(FieldUserPassword).Data == nil {
                 account.Password = hashAndSalt([]byte(""))
         }
-       if len(t.GetField(fieldUserPassword).Data) > 1 {
-               account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data)
+
+       if !bytes.Equal([]byte{0}, t.GetField(FieldUserPassword).Data) {
+               account.Password = hashAndSalt(t.GetField(FieldUserPassword).Data)
         }
  
         out, err := yaml.Marshal(&account)
         if err != nil {
-               return res, err
+               return res
         }
         if err := os.WriteFile(filepath.Join(cc.Server.ConfigDir, "Users", login+".yaml"), out, 0666); err != nil {
-               return res, err
+               return res
         }
  
         // Notify connected clients logged in as the user of the new access level
         for _, c := range cc.Server.Clients {
                 if c.Account.Login == login {
-                       // Note: comment out these two lines to test server-side deny messages
-                       newT := NewTransaction(tranUserAccess, c.ID, NewField(fieldUserAccess, newAccessLvl))
-                       res = append(res, *newT)
+                       newT := NewTransaction(TranUserAccess, c.ID, NewField(FieldUserAccess, newAccessLvl))
+                       res = append(res, newT)
  
-                       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags)))
                         if c.Authorize(accessDisconUser) {
-                               flagBitmap.SetBit(flagBitmap, userFlagAdmin, 1)
+                               c.Flags.Set(UserFlagAdmin, 1)
                         } else {
-                               flagBitmap.SetBit(flagBitmap, userFlagAdmin, 0)
+                               c.Flags.Set(UserFlagAdmin, 0)
                         }
-                       binary.BigEndian.PutUint16(c.Flags, uint16(flagBitmap.Int64()))
  
                         c.Account.Access = account.Access
  
                         cc.sendAll(
-                               tranNotifyChangeUser,
-                               NewField(fieldUserID, *c.ID),
-                               NewField(fieldUserFlags, c.Flags),
-                               NewField(fieldUserName, c.UserName),
-                               NewField(fieldUserIconID, c.Icon),
+                               TranNotifyChangeUser,
+                               NewField(FieldUserID, c.ID[:]),
+                               NewField(FieldUserFlags, c.Flags[:]),
+                               NewField(FieldUserName, c.UserName),
+                               NewField(FieldUserIconID, c.Icon),
                         )
                 }
         }
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
-func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessOpenUser) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to view accounts.")
         }
  
-       account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
+       account := cc.Server.Accounts[string(t.GetField(FieldUserLogin).Data)]
         if account == nil {
-               res = append(res, cc.NewErrReply(t, "Account does not exist."))
-               return res, err
+               return cc.NewErrReply(t, "Account does not exist.")
         }
  
         res = append(res, cc.NewReply(t,
-               NewField(fieldUserName, []byte(account.Name)),
-               NewField(fieldUserLogin, negateString(t.GetField(fieldUserLogin).Data)),
-               NewField(fieldUserPassword, []byte(account.Password)),
-               NewField(fieldUserAccess, account.Access[:]),
+               NewField(FieldUserName, []byte(account.Name)),
+               NewField(FieldUserLogin, encodeString(t.GetField(FieldUserLogin).Data)),
+               NewField(FieldUserPassword, []byte(account.Password)),
+               NewField(FieldUserAccess, account.Access[:]),
         ))
-       return res, err
+       return res
  }
  
-func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessOpenUser) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to view accounts.")
         }
  
         var userFields []Field
         for _, acc := range cc.Server.Accounts {
-               b := make([]byte, 0, 100)
-               n, err := acc.Read(b)
+               accCopy := *acc
+               b, err := io.ReadAll(&accCopy)
                 if err != nil {
-                       return res, err
+                       return res
                 }
  
-               userFields = append(userFields, NewField(fieldData, b[:n]))
+               userFields = append(userFields, NewField(FieldData, b))
         }
  
         res = append(res, cc.NewReply(t, userFields...))
-       return res, err
+       return res
  }
  
  // HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time.
@@ -739,171 +581,185 @@ func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err err
  // The Transaction sent by the client includes one data field per user that was modified.  This data field in turn
  // contains another data field encoded in its payload with a varying number of sub fields depending on which action is
  // performed.  This seems to be the only place in the Hotline protocol where a data field contains another data field.
-func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction) {
         for _, field := range t.Fields {
-               subFields, err := ReadFields(field.Data[0:2], field.Data[2:])
-               if err != nil {
-                       return res, err
+               var subFields []Field
+
+               // Create a new scanner for parsing incoming bytes into transaction tokens
+               scanner := bufio.NewScanner(bytes.NewReader(field.Data[2:]))
+               scanner.Split(fieldScanner)
+
+               for i := 0; i < int(binary.BigEndian.Uint16(field.Data[0:2])); i++ {
+                       scanner.Scan()
+
+                       var field Field
+                       if _, err := field.Write(scanner.Bytes()); err != nil {
+                               return res
+                       }
+                       subFields = append(subFields, field)
                 }
  
+               // If there's only one subfield, that indicates this is a delete operation for the login in FieldData
                 if len(subFields) == 1 {
-                       login := DecodeUserString(getField(fieldData, &subFields).Data)
-                       cc.logger.Infow("DeleteUser", "login", login)
-
                         if !cc.Authorize(accessDeleteUser) {
-                               res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
-                               return res, err
+                               return cc.NewErrReply(t, "You are not allowed to delete accounts.")
                         }
  
+                       login := string(encodeString(getField(FieldData, &subFields).Data))
+                       cc.logger.Info("DeleteUser", "login", login)
+
                         if err := cc.Server.DeleteUser(login); err != nil {
-                               return res, err
+                               return res
                         }
                         continue
                 }
  
-               login := DecodeUserString(getField(fieldUserLogin, &subFields).Data)
+               // login of the account to update
+               var accountToUpdate, loginToRename string
+
+               // If FieldData is included, this is a rename operation where FieldData contains the login of the existing
+               // account and FieldUserLogin contains the new login.
+               if getField(FieldData, &subFields) != nil {
+                       loginToRename = string(encodeString(getField(FieldData, &subFields).Data))
+               }
+               userLogin := string(encodeString(getField(FieldUserLogin, &subFields).Data))
+               if loginToRename != "" {
+                       accountToUpdate = loginToRename
+               } else {
+                       accountToUpdate = userLogin
+               }
  
-               // check if the login dataFile; if so, we know we are updating an existing user
-               if acc, ok := cc.Server.Accounts[login]; ok {
-                       cc.logger.Infow("UpdateUser", "login", login)
+               // Check if accountToUpdate has an existing account.  If so, we know we are updating an existing user.
+               if acc, ok := cc.Server.Accounts[accountToUpdate]; ok {
+                       if loginToRename != "" {
+                               cc.logger.Info("RenameUser", "prevLogin", accountToUpdate, "newLogin", userLogin)
+                       } else {
+                               cc.logger.Info("UpdateUser", "login", accountToUpdate)
+                       }
  
-                       // account dataFile, so this is an update action
+                       // account exists, so this is an update action
                         if !cc.Authorize(accessModifyUser) {
-                               res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
-                               return res, err
+                               return cc.NewErrReply(t, "You are not allowed to modify accounts.")
                         }
  
-                       if getField(fieldUserPassword, &subFields) != nil {
-                               newPass := getField(fieldUserPassword, &subFields).Data
-                               acc.Password = hashAndSalt(newPass)
+                       // This part is a bit tricky. There are three possibilities:
+                       // 1) The transaction is intended to update the password.
+                       //        In this case, FieldUserPassword is sent with the new password.
+                       // 2) The transaction is intended to remove the password.
+                       //    In this case, FieldUserPassword is not sent.
+                       // 3) The transaction updates the users access bits, but not the password.
+                       //    In this case, FieldUserPassword is sent with zero as the only byte.
+                       if getField(FieldUserPassword, &subFields) != nil {
+                               newPass := getField(FieldUserPassword, &subFields).Data
+                               if !bytes.Equal([]byte{0}, newPass) {
+                                       acc.Password = hashAndSalt(newPass)
+                               }
                         } else {
                                 acc.Password = hashAndSalt([]byte(""))
                         }
  
-                       if getField(fieldUserAccess, &subFields) != nil {
-                               copy(acc.Access[:], getField(fieldUserAccess, &subFields).Data)
+                       if getField(FieldUserAccess, &subFields) != nil {
+                               copy(acc.Access[:], getField(FieldUserAccess, &subFields).Data)
                         }
  
-                       err = cc.Server.UpdateUser(
-                               DecodeUserString(getField(fieldData, &subFields).Data),
-                               DecodeUserString(getField(fieldUserLogin, &subFields).Data),
-                               string(getField(fieldUserName, &subFields).Data),
+                       err := cc.Server.UpdateUser(
+                               string(encodeString(getField(FieldData, &subFields).Data)),
+                               string(encodeString(getField(FieldUserLogin, &subFields).Data)),
+                               string(getField(FieldUserName, &subFields).Data),
                                 acc.Password,
                                 acc.Access,
                         )
                         if err != nil {
-                               return res, err
+                               return res
                         }
                 } else {
-                       cc.logger.Infow("CreateUser", "login", login)
-
                         if !cc.Authorize(accessCreateUser) {
-                               res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
-                               return res, err
+                               return cc.NewErrReply(t, "You are not allowed to create new accounts.")
                         }
  
+                       cc.logger.Info("CreateUser", "login", userLogin)
+
                         newAccess := accessBitmap{}
-                       copy(newAccess[:], getField(fieldUserAccess, &subFields).Data[:])
+                       copy(newAccess[:], getField(FieldUserAccess, &subFields).Data)
  
                         // Prevent account from creating new account with greater permission
                         for i := 0; i < 64; i++ {
                                 if newAccess.IsSet(i) {
                                         if !cc.Authorize(i) {
-                                               return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err
+                                               return cc.NewErrReply(t, "Cannot create account with more access than yourself.")
                                         }
                                 }
                         }
  
-                       err := cc.Server.NewUser(login, string(getField(fieldUserName, &subFields).Data), string(getField(fieldUserPassword, &subFields).Data), newAccess)
+                       err := cc.Server.NewUser(userLogin, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess)
                         if err != nil {
-                               return []Transaction{}, err
+                               return cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")
                         }
                 }
         }
  
-       res = append(res, cc.NewReply(t))
-       return res, err
+       return append(res, cc.NewReply(t))
  }
  
  // HandleNewUser creates a new user account
-func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessCreateUser) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to create new accounts.")
         }
  
-       login := DecodeUserString(t.GetField(fieldUserLogin).Data)
+       login := string(encodeString(t.GetField(FieldUserLogin).Data))
  
         // If the account already dataFile, reply with an error
         if _, ok := cc.Server.Accounts[login]; ok {
-               res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login."))
-               return res, err
+               return cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login.")
         }
  
         newAccess := accessBitmap{}
-       copy(newAccess[:], t.GetField(fieldUserAccess).Data[:])
+       copy(newAccess[:], t.GetField(FieldUserAccess).Data)
  
         // Prevent account from creating new account with greater permission
         for i := 0; i < 64; i++ {
                 if newAccess.IsSet(i) {
                         if !cc.Authorize(i) {
-                               res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself."))
-                               return res, err
+                               return cc.NewErrReply(t, "Cannot create account with more access than yourself.")
                         }
                 }
         }
  
-       if err := cc.Server.NewUser(login, string(t.GetField(fieldUserName).Data), string(t.GetField(fieldUserPassword).Data), newAccess); err != nil {
-               return []Transaction{}, err
+       if err := cc.Server.NewUser(login, string(t.GetField(FieldUserName).Data), string(t.GetField(FieldUserPassword).Data), newAccess); err != nil {
+               return cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")
         }
  
-       res = append(res, cc.NewReply(t))
-       return res, err
+       return append(res, cc.NewReply(t))
  }
  
-func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessDeleteUser) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to delete accounts.")
         }
  
-       // TODO: Handle case where account doesn't exist; e.g. delete race condition
-       login := DecodeUserString(t.GetField(fieldUserLogin).Data)
+       login := string(encodeString(t.GetField(FieldUserLogin).Data))
  
         if err := cc.Server.DeleteUser(login); err != nil {
-               return res, err
+               return res
         }
  
-       res = append(res, cc.NewReply(t))
-       return res, err
+       return append(res, cc.NewReply(t))
  }
  
  // HandleUserBroadcast sends an Administrator Message to all connected clients of the server
-func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessBroadcast) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to send broadcast messages."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to send broadcast messages.")
         }
  
         cc.sendAll(
-               tranServerMsg,
-               NewField(fieldData, t.GetField(tranGetMsgs).Data),
-               NewField(fieldChatOptions, []byte{0}),
+               TranServerMsg,
+               NewField(FieldData, t.GetField(FieldData).Data),
+               NewField(FieldChatOptions, []byte{0}),
         )
  
-       res = append(res, cc.NewReply(t))
-       return res, err
-}
-
-func byteToInt(bytes []byte) (int, error) {
-       switch len(bytes) {
-       case 2:
-               return int(binary.BigEndian.Uint16(bytes)), nil
-       case 4:
-               return int(binary.BigEndian.Uint32(bytes)), nil
-       }
-
-       return 0, errors.New("unknown byte length")
+       return append(res, cc.NewReply(t))
  }
  
  // HandleGetClientInfoText returns user information for the specific user.
@@ -912,110 +768,88 @@ func byteToInt(bytes []byte) (int, error) {
  // 103 User ID
  //
  // Fields used in the reply:
-// 102 User name
+// 102 User Name
  // 101 Data            User info text string
-func HandleGetClientInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleGetClientInfoText(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessGetClientInfo) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to get client info."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to get client info.")
         }
  
-       clientID, _ := byteToInt(t.GetField(fieldUserID).Data)
+       clientID := t.GetField(FieldUserID).Data
  
-       clientConn := cc.Server.Clients[uint16(clientID)]
+       clientConn := cc.Server.Clients[[2]byte(clientID)]
         if clientConn == nil {
-               return append(res, cc.NewErrReply(t, "User not found.")), err
+               return cc.NewErrReply(t, "User not found.")
         }
  
         res = append(res, cc.NewReply(t,
-               NewField(fieldData, []byte(clientConn.String())),
-               NewField(fieldUserName, clientConn.UserName),
+               NewField(FieldData, []byte(clientConn.String())),
+               NewField(FieldUserName, clientConn.UserName),
         ))
-       return res, err
+       return res
  }
  
-func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       res = append(res, cc.NewReply(t, cc.Server.connectedUsers()...))
-
-       return res, err
+func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction) {
+       return []Transaction{cc.NewReply(t, cc.Server.connectedUsers()...)}
  }
  
-func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       cc.Agreed = true
-
-       if t.GetField(fieldUserName).Data != nil {
+func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction) {
+       if t.GetField(FieldUserName).Data != nil {
                 if cc.Authorize(accessAnyName) {
-                       cc.UserName = t.GetField(fieldUserName).Data
+                       cc.UserName = t.GetField(FieldUserName).Data
                 } else {
                         cc.UserName = []byte(cc.Account.Name)
                 }
         }
  
-       cc.Icon = t.GetField(fieldUserIconID).Data
+       cc.Icon = t.GetField(FieldUserIconID).Data
  
-       cc.logger = cc.logger.With("name", string(cc.UserName))
-       cc.logger.Infow("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }()))
+       cc.logger = cc.logger.With("Name", string(cc.UserName))
+       cc.logger.Info("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }()))
  
-       options := t.GetField(fieldOptions).Data
+       options := t.GetField(FieldOptions).Data
         optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
  
-       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
-
         // Check refuse private PM option
-       if optBitmap.Bit(refusePM) == 1 {
-               flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1)
-               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
-       }
+
+       cc.flagsMU.Lock()
+       defer cc.flagsMU.Unlock()
+       cc.Flags.Set(UserFlagRefusePM, optBitmap.Bit(UserOptRefusePM))
  
         // Check refuse private chat option
-       if optBitmap.Bit(refuseChat) == 1 {
-               flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1)
-               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
-       }
+       cc.Flags.Set(UserFlagRefusePChat, optBitmap.Bit(UserOptRefuseChat))
  
         // Check auto response
-       if optBitmap.Bit(autoResponse) == 1 {
-               cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
-       } else {
-               cc.AutoReply = []byte{}
+       if optBitmap.Bit(UserOptAutoResponse) == 1 {
+               cc.AutoReply = t.GetField(FieldAutomaticResponse).Data
         }
  
         trans := cc.notifyOthers(
-               *NewTransaction(
-                       tranNotifyChangeUser, nil,
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, cc.Icon),
-                       NewField(fieldUserFlags, cc.Flags),
+               NewTransaction(
+                       TranNotifyChangeUser, [2]byte{0, 0},
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, cc.ID[:]),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags[:]),
                 ),
         )
         res = append(res, trans...)
  
         if cc.Server.Config.BannerFile != "" {
-               res = append(res, *NewTransaction(tranServerBanner, cc.ID, NewField(fieldBannerType, []byte("JPEG"))))
+               res = append(res, NewTransaction(TranServerBanner, cc.ID, NewField(FieldBannerType, []byte("JPEG"))))
         }
  
         res = append(res, cc.NewReply(t))
  
-       return res, err
+       return res
  }
  
-const defaultNewsDateFormat = "Jan02 15:04" // Jun23 20:49
-//  "Mon, 02 Jan 2006 15:04:05 MST"
-
-const defaultNewsTemplate = `From %s (%s):
-
-%s
-
-__________________________________________________________`
-
  // HandleTranOldPostNews updates the flat news
  // Fields used in this request:
  // 101 Data
-func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsPostArt) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to post news."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to post news.")
         }
  
         cc.Server.flatNewsMux.Lock()
@@ -1031,72 +865,73 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e
                 newsTemplate = cc.Server.Config.NewsDelimiter
         }
  
-       newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(fieldData).Data)
-       newsPost = strings.Replace(newsPost, "\n", "\r", -1)
+       newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(FieldData).Data)
+       newsPost = strings.ReplaceAll(newsPost, "\n", "\r")
  
         // update news in memory
         cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
  
         // update news on disk
         if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil {
-               return res, err
+               return res
         }
  
         // Notify all clients of updated news
         cc.sendAll(
-               tranNewMsg,
-               NewField(fieldData, []byte(newsPost)),
+               TranNewMsg,
+               NewField(FieldData, []byte(newsPost)),
         )
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
-func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessDisconUser) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to disconnect users."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to disconnect users.")
         }
  
-       clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(fieldUserID).Data)]
+       clientConn := cc.Server.Clients[[2]byte(t.GetField(FieldUserID).Data)]
  
         if clientConn.Authorize(accessCannotBeDiscon) {
-               res = append(res, cc.NewErrReply(t, clientConn.Account.Login+" is not allowed to be disconnected."))
-               return res, err
+               return cc.NewErrReply(t, clientConn.Account.Login+" is not allowed to be disconnected.")
         }
  
-       // If fieldOptions is set, then the client IP is banned in addition to disconnected.
+       // If FieldOptions is set, then the client IP is banned in addition to disconnected.
         // 00 01 = temporary ban
         // 00 02 = permanent ban
-       if t.GetField(fieldOptions).Data != nil {
-               switch t.GetField(fieldOptions).Data[1] {
+       if t.GetField(FieldOptions).Data != nil {
+               switch t.GetField(FieldOptions).Data[1] {
                 case 1:
                         // send message: "You are temporarily banned on this server"
-                       cc.logger.Infow("Disconnect & temporarily ban " + string(clientConn.UserName))
+                       cc.logger.Info("Disconnect & temporarily ban " + string(clientConn.UserName))
  
-                       res = append(res, *NewTransaction(
-                               tranServerMsg,
+                       res = append(res, NewTransaction(
+                               TranServerMsg,
                                 clientConn.ID,
-                               NewField(fieldData, []byte("You are temporarily banned on this server")),
-                               NewField(fieldChatOptions, []byte{0, 0}),
+                               NewField(FieldData, []byte("You are temporarily banned on this server")),
+                               NewField(FieldChatOptions, []byte{0, 0}),
                         ))
  
                         banUntil := time.Now().Add(tempBanDuration)
                         cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = &banUntil
-                       cc.Server.writeBanList()
                 case 2:
                         // send message: "You are permanently banned on this server"
-                       cc.logger.Infow("Disconnect & ban " + string(clientConn.UserName))
+                       cc.logger.Info("Disconnect & ban " + string(clientConn.UserName))
  
-                       res = append(res, *NewTransaction(
-                               tranServerMsg,
+                       res = append(res, NewTransaction(
+                               TranServerMsg,
                                 clientConn.ID,
-                               NewField(fieldData, []byte("You are permanently banned on this server")),
-                               NewField(fieldChatOptions, []byte{0, 0}),
+                               NewField(FieldData, []byte("You are permanently banned on this server")),
+                               NewField(FieldChatOptions, []byte{0, 0}),
                         ))
  
                         cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = nil
-                       cc.Server.writeBanList()
+               }
+
+               err := cc.Server.writeBanList()
+               if err != nil {
+                       return res
                 }
         }
  
@@ -1106,19 +941,18 @@ func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, er
                 clientConn.Disconnect()
         }()
  
-       return append(res, cc.NewReply(t)), err
+       return append(res, cc.NewReply(t))
  }
  
  // HandleGetNewsCatNameList returns a list of news categories for a path
  // Fields used in the request:
  // 325 News path       (Optional)
-func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsReadArt) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to read news.")
         }
  
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
         cats := cc.Server.GetNewsCatByPath(pathStrs)
  
         // To store the keys in slice in sorted order
@@ -1133,80 +967,77 @@ func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction
         var fieldData []Field
         for _, k := range keys {
                 cat := cats[k]
-               b, _ := cat.MarshalBinary()
-               fieldData = append(fieldData, NewField(
-                       fieldNewsCatListData15,
-                       b,
-               ))
+
+               b, _ := io.ReadAll(&cat)
+
+               fieldData = append(fieldData, NewField(FieldNewsCatListData15, b))
         }
  
         res = append(res, cc.NewReply(t, fieldData...))
-       return res, err
+       return res
  }
  
-func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsCreateCat) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to create news categories."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to create news categories.")
         }
  
-       name := string(t.GetField(fieldNewsCatName).Data)
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       name := string(t.GetField(FieldNewsCatName).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
  
         cats := cc.Server.GetNewsCatByPath(pathStrs)
         cats[name] = NewsCategoryListData15{
                 Name:     name,
-               Type:     []byte{0, 3},
+               Type:     [2]byte{0, 3},
                 Articles: map[uint32]*NewsArtData{},
                 SubCats:  make(map[string]NewsCategoryListData15),
         }
  
         if err := cc.Server.writeThreadedNews(); err != nil {
-               return res, err
+               return res
         }
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
  // Fields used in the request:
-// 322 News category name
+// 322 News category Name
  // 325 News path
-func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsCreateFldr) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to create news folders."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to create news folders.")
         }
  
-       name := string(t.GetField(fieldFileName).Data)
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
-
-       cc.logger.Infof("Creating new news folder %s", name)
+       name := string(t.GetField(FieldFileName).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
  
         cats := cc.Server.GetNewsCatByPath(pathStrs)
         cats[name] = NewsCategoryListData15{
                 Name:     name,
-               Type:     []byte{0, 2},
+               Type:     [2]byte{0, 2},
                 Articles: map[uint32]*NewsArtData{},
                 SubCats:  make(map[string]NewsCategoryListData15),
         }
         if err := cc.Server.writeThreadedNews(); err != nil {
-               return res, err
+               return res
         }
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
+// HandleGetNewsArtData gets the list of article names at the specified news path.
+
  // Fields used in the request:
  // 325 News path       Optional
-//
-// Reply fields:
+
+// Fields used in the reply:
  // 321 News article list data  Optional
-func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsReadArt) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to read news.")
         }
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
  
         var cat NewsCategoryListData15
         cats := cc.Server.ThreadedNews.Categories
@@ -1218,63 +1049,70 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
  
         nald := cat.GetNewsArtListData()
  
-       res = append(res, cc.NewReply(t, NewField(fieldNewsArtListData, nald.Payload())))
-       return res, err
+       b, err := io.ReadAll(&nald)
+       if err != nil {
+               return res
+       }
+
+       res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, b)))
+       return res
  }
  
-func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+// HandleGetNewsArtData requests information about the specific news article.
+// Fields used in the request:
+//
+// Request fields
+// 325 News path
+// 326 News article ID
+// 327 News article data flavor
+//
+// Fields used in the reply:
+// 328 News article title
+// 329 News article poster
+// 330 News article date
+// 331 Previous article ID
+// 332 Next article ID
+// 335 Parent article ID
+// 336 First child article ID
+// 327 News article data flavor        "Should be “text/plain”
+// 333 News article data       Optional (if data flavor is “text/plain”)
+func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsReadArt) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to read news.")
         }
  
-       // Request fields
-       // 325  News fp
-       // 326  News article ID
-       // 327  News article data flavor
-
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
-
         var cat NewsCategoryListData15
         cats := cc.Server.ThreadedNews.Categories
  
-       for _, fp := range pathStrs {
+       for _, fp := range ReadNewsPath(t.GetField(FieldNewsPath).Data) {
                 cat = cats[fp]
                 cats = cats[fp].SubCats
         }
-       newsArtID := t.GetField(fieldNewsArtID).Data
  
-       convertedArtID := binary.BigEndian.Uint16(newsArtID)
+       // The official Hotline clients will send the article ID as 2 bytes if possible, but
+       // some third party clients such as Frogblast and Heildrun will always send 4 bytes
+       convertedID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+       if err != nil {
+               return res
+       }
  
-       art := cat.Articles[uint32(convertedArtID)]
+       art := cat.Articles[uint32(convertedID)]
         if art == nil {
-               res = append(res, cc.NewReply(t))
-               return res, err
+               return append(res, cc.NewReply(t))
         }
  
-       // Reply fields
-       // 328  News article title
-       // 329  News article poster
-       // 330  News article date
-       // 331  Previous article ID
-       // 332  Next article ID
-       // 335  Parent article ID
-       // 336  First child article ID
-       // 327  News article data flavor        "Should be “text/plain”
-       // 333  News article data       Optional (if data flavor is “text/plain”)
-
         res = append(res, cc.NewReply(t,
-               NewField(fieldNewsArtTitle, []byte(art.Title)),
-               NewField(fieldNewsArtPoster, []byte(art.Poster)),
-               NewField(fieldNewsArtDate, art.Date),
-               NewField(fieldNewsArtPrevArt, art.PrevArt),
-               NewField(fieldNewsArtNextArt, art.NextArt),
-               NewField(fieldNewsArtParentArt, art.ParentArt),
-               NewField(fieldNewsArt1stChildArt, art.FirstChildArt),
-               NewField(fieldNewsArtDataFlav, []byte("text/plain")),
-               NewField(fieldNewsArtData, []byte(art.Data)),
+               NewField(FieldNewsArtTitle, []byte(art.Title)),
+               NewField(FieldNewsArtPoster, []byte(art.Poster)),
+               NewField(FieldNewsArtDate, art.Date[:]),
+               NewField(FieldNewsArtPrevArt, art.PrevArt[:]),
+               NewField(FieldNewsArtNextArt, art.NextArt[:]),
+               NewField(FieldNewsArtParentArt, art.ParentArt[:]),
+               NewField(FieldNewsArt1stChildArt, art.FirstChildArt[:]),
+               NewField(FieldNewsArtDataFlav, []byte("text/plain")),
+               NewField(FieldNewsArtData, []byte(art.Data)),
         ))
-       return res, err
+       return res
  }
  
  // HandleDelNewsItem deletes an existing threaded news folder or category from the server.
@@ -1282,8 +1120,8 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er
  // 325 News path
  // Fields used in the reply:
  // None
-func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction) {
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
  
         cats := cc.Server.ThreadedNews.Categories
         delName := pathStrs[len(pathStrs)-1]
@@ -1293,37 +1131,40 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e
                 }
         }
  
-       if bytes.Equal(cats[delName].Type, []byte{0, 3}) {
+       if cats[delName].Type == [2]byte{0, 3} {
                 if !cc.Authorize(accessNewsDeleteCat) {
-                       return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil
+                       return cc.NewErrReply(t, "You are not allowed to delete news categories.")
                 }
         } else {
                 if !cc.Authorize(accessNewsDeleteFldr) {
-                       return append(res, cc.NewErrReply(t, "You are not allowed to delete news folders.")), nil
+                       return cc.NewErrReply(t, "You are not allowed to delete news folders.")
                 }
         }
  
         delete(cats, delName)
  
         if err := cc.Server.writeThreadedNews(); err != nil {
-               return res, err
+               return res
         }
  
-       return append(res, cc.NewReply(t)), nil
+       return append(res, cc.NewReply(t))
  }
  
-func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsDeleteArt) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to delete news articles."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to delete news articles.")
+
         }
  
         // Request Fields
         // 325  News path
         // 326  News article ID
         // 337  News article – recursive delete       Delete child articles (1) or not (0)
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
-       ID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
+       ID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+       if err != nil {
+               return res
+       }
  
         // TODO: Delete recursive
         cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
@@ -1335,11 +1176,11 @@ func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err er
  
         cats[catName] = cat
         if err := cc.Server.writeThreadedNews(); err != nil {
-               return res, err
+               return res
         }
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
  // Request fields
@@ -1349,28 +1190,35 @@ func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err er
  // 334 News article flags
  // 327 News article data flavor                Currently “text/plain”
  // 333 News article data
-func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsPostArt) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to post news articles."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to post news articles.")
         }
  
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
         cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
  
         catName := pathStrs[len(pathStrs)-1]
         cat := cats[catName]
  
+       artID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+       if err != nil {
+               return res
+       }
+       convertedArtID := uint32(artID)
+       bs := make([]byte, 4)
+       binary.BigEndian.PutUint32(bs, convertedArtID)
+
+       cc.Server.mux.Lock()
+       defer cc.Server.mux.Unlock()
+
         newArt := NewsArtData{
-               Title:         string(t.GetField(fieldNewsArtTitle).Data),
-               Poster:        string(cc.UserName),
-               Date:          toHotlineTime(time.Now()),
-               PrevArt:       []byte{0, 0, 0, 0},
-               NextArt:       []byte{0, 0, 0, 0},
-               ParentArt:     append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...),
-               FirstChildArt: []byte{0, 0, 0, 0},
-               DataFlav:      []byte("text/plain"),
-               Data:          string(t.GetField(fieldNewsArtData).Data),
+               Title:     string(t.GetField(FieldNewsArtTitle).Data),
+               Poster:    string(cc.UserName),
+               Date:      toHotlineTime(time.Now()),
+               ParentArt: [4]byte(bs),
+               DataFlav:  []byte("text/plain"),
+               Data:      string(t.GetField(FieldNewsArtData).Data),
         }
  
         var keys []int
@@ -1384,19 +1232,19 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e
                 prevID := uint32(keys[len(keys)-1])
                 nextID = prevID + 1
  
-               binary.BigEndian.PutUint32(newArt.PrevArt, prevID)
+               binary.BigEndian.PutUint32(newArt.PrevArt[:], prevID)
  
                 // Set next article ID
-               binary.BigEndian.PutUint32(cat.Articles[prevID].NextArt, nextID)
+               binary.BigEndian.PutUint32(cat.Articles[prevID].NextArt[:], nextID)
         }
  
         // Update parent article with first child reply
-       parentID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
+       parentID := convertedArtID
         if parentID != 0 {
-               parentArt := cat.Articles[uint32(parentID)]
+               parentArt := cat.Articles[parentID]
  
-               if bytes.Equal(parentArt.FirstChildArt, []byte{0, 0, 0, 0}) {
-                       binary.BigEndian.PutUint32(parentArt.FirstChildArt, nextID)
+               if parentArt.FirstChildArt == [4]byte{0, 0, 0, 0} {
+                       binary.BigEndian.PutUint32(parentArt.FirstChildArt[:], nextID)
                 }
         }
  
@@ -1404,40 +1252,37 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e
  
         cats[catName] = cat
         if err := cc.Server.writeThreadedNews(); err != nil {
-               return res, err
+               return res
         }
  
-       res = append(res, cc.NewReply(t))
-       return res, err
+       return append(res, cc.NewReply(t))
  }
  
  // HandleGetMsgs returns the flat news data
-func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessNewsReadArt) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to read news.")
         }
  
-       res = append(res, cc.NewReply(t, NewField(fieldData, cc.Server.FlatNews)))
+       res = append(res, cc.NewReply(t, NewField(FieldData, cc.Server.FlatNews)))
  
-       return res, err
+       return res
  }
  
-func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessDownloadFile) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to download files."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to download files.")
         }
  
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
-       resumeData := t.GetField(fieldFileResumeData).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
+       resumeData := t.GetField(FieldFileResumeData).Data
  
         var dataOffset int64
         var frd FileResumeData
         if resumeData != nil {
-               if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil {
-                       return res, err
+               if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil {
+                       return res
                 }
                 // TODO: handle rsrc fork offset
                 dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:]))
@@ -1445,12 +1290,12 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
  
         fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
-               return res, err
+               return res
         }
  
         hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, dataOffset)
         if err != nil {
-               return res, err
+               return res
         }
  
         xferSize := hlFile.ffo.TransferSize(0)
@@ -1460,8 +1305,8 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
         // TODO: refactor to remove this
         if resumeData != nil {
                 var frd FileResumeData
-               if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil {
-                       return res, err
+               if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil {
+                       return res
                 }
                 ft.fileResumeData = &frd
         }
@@ -1469,146 +1314,140 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
         // Optional field for when a HL v1.5+ client requests file preview
         // Used only for TEXT, JPEG, GIFF, BMP or PICT files
         // The value will always be 2
-       if t.GetField(fieldFileTransferOptions).Data != nil {
-               ft.options = t.GetField(fieldFileTransferOptions).Data
+       if t.GetField(FieldFileTransferOptions).Data != nil {
+               ft.options = t.GetField(FieldFileTransferOptions).Data
                 xferSize = hlFile.ffo.FlatFileDataForkHeader.DataSize[:]
         }
  
         res = append(res, cc.NewReply(t,
-               NewField(fieldRefNum, ft.refNum[:]),
-               NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
-               NewField(fieldTransferSize, xferSize),
-               NewField(fieldFileSize, hlFile.ffo.FlatFileDataForkHeader.DataSize[:]),
+               NewField(FieldRefNum, ft.refNum[:]),
+               NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
+               NewField(FieldTransferSize, xferSize),
+               NewField(FieldFileSize, hlFile.ffo.FlatFileDataForkHeader.DataSize[:]),
         ))
  
-       return res, err
+       return res
  }
  
  // Download all files from the specified folder and sub-folders
-func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessDownloadFile) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to download folders."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to download folders.")
         }
  
-       fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data)
         if err != nil {
-               return res, err
+               return res
         }
  
         transferSize, err := CalcTotalSize(fullFilePath)
         if err != nil {
-               return res, err
+               return res
         }
         itemCount, err := CalcItemCount(fullFilePath)
         if err != nil {
-               return res, err
+               return res
         }
+       spew.Dump(itemCount)
  
-       fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(fieldFileName).Data, t.GetField(fieldFilePath).Data, transferSize)
+       fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(FieldFileName).Data, t.GetField(FieldFilePath).Data, transferSize)
  
         var fp FilePath
-       _, err = fp.Write(t.GetField(fieldFilePath).Data)
+       _, err = fp.Write(t.GetField(FieldFilePath).Data)
         if err != nil {
-               return res, err
+               return res
         }
  
         res = append(res, cc.NewReply(t,
-               NewField(fieldRefNum, fileTransfer.ReferenceNumber),
-               NewField(fieldTransferSize, transferSize),
-               NewField(fieldFolderItemCount, itemCount),
-               NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
+               NewField(FieldRefNum, fileTransfer.refNum[:]),
+               NewField(FieldTransferSize, transferSize),
+               NewField(FieldFolderItemCount, itemCount),
+               NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
         ))
-       return res, err
+       return res
  }
  
  // Upload all files from the local folder and its subfolders to the specified path on the server
  // Fields used in the request
-// 201 File name
+// 201 File Name
  // 202 File path
  // 108 transfer size   Total size of all items in the folder
  // 220 Folder item count
  // 204 File transfer options   "Optional Currently set to 1" (TODO: ??)
-func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction) {
         var fp FilePath
-       if t.GetField(fieldFilePath).Data != nil {
-               if _, err = fp.Write(t.GetField(fieldFilePath).Data); err != nil {
-                       return res, err
+       if t.GetField(FieldFilePath).Data != nil {
+               if _, err := fp.Write(t.GetField(FieldFilePath).Data); err != nil {
+                       return res
                 }
         }
  
         // Handle special cases for Upload and Drop Box folders
         if !cc.Authorize(accessUploadAnywhere) {
                 if !fp.IsUploadDir() && !fp.IsDropbox() {
-                       res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data))))
-                       return res, err
+                       return cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(FieldFileName).Data)))
                 }
         }
  
         fileTransfer := cc.newFileTransfer(FolderUpload,
-               t.GetField(fieldFileName).Data,
-               t.GetField(fieldFilePath).Data,
-               t.GetField(fieldTransferSize).Data,
+               t.GetField(FieldFileName).Data,
+               t.GetField(FieldFilePath).Data,
+               t.GetField(FieldTransferSize).Data,
         )
  
-       fileTransfer.FolderItemCount = t.GetField(fieldFolderItemCount).Data
+       fileTransfer.FolderItemCount = t.GetField(FieldFolderItemCount).Data
  
-       res = append(res, cc.NewReply(t, NewField(fieldRefNum, fileTransfer.ReferenceNumber)))
-       return res, err
+       return append(res, cc.NewReply(t, NewField(FieldRefNum, fileTransfer.refNum[:])))
  }
  
  // HandleUploadFile
  // Fields used in the request:
-// 201 File name
+// 201 File Name
  // 202 File path
  // 204 File transfer options   "Optional
  // Used only to resume download, currently has value 2"
  // 108 File transfer size      "Optional used if download is not resumed"
-func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessUploadFile) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to upload files.")
         }
  
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
-       transferOptions := t.GetField(fieldFileTransferOptions).Data
-       transferSize := t.GetField(fieldTransferSize).Data // not sent for resume
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
+       transferOptions := t.GetField(FieldFileTransferOptions).Data
+       transferSize := t.GetField(FieldTransferSize).Data // not sent for resume
  
         var fp FilePath
         if filePath != nil {
-               if _, err = fp.Write(filePath); err != nil {
-                       return res, err
+               if _, err := fp.Write(filePath); err != nil {
+                       return res
                 }
         }
  
         // Handle special cases for Upload and Drop Box folders
         if !cc.Authorize(accessUploadAnywhere) {
                 if !fp.IsUploadDir() && !fp.IsDropbox() {
-                       res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
-                       return res, err
+                       return cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName)))
                 }
         }
         fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
-               return res, err
+               return res
         }
  
         if _, err := cc.Server.FS.Stat(fullFilePath); err == nil {
-               res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload because there is already a file named \"%v\".  Try choosing a different name.", string(fileName))))
-               return res, err
+               return cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload because there is already a file named \"%v\".  Try choosing a different Name.", string(fileName)))
         }
  
         ft := cc.newFileTransfer(FileUpload, fileName, filePath, transferSize)
  
-       replyT := cc.NewReply(t, NewField(fieldRefNum, ft.ReferenceNumber))
+       replyT := cc.NewReply(t, NewField(FieldRefNum, ft.refNum[:]))
  
         // client has requested to resume a partially transferred file
         if transferOptions != nil {
-
                 fileInfo, err := cc.Server.FS.Stat(fullFilePath + incompleteFileSuffix)
                 if err != nil {
-                       return res, err
+                       return res
                 }
  
                 offset := make([]byte, 4)
@@ -1622,376 +1461,356 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
  
                 ft.TransferSize = offset
  
-               replyT.Fields = append(replyT.Fields, NewField(fieldFileResumeData, b))
+               replyT.Fields = append(replyT.Fields, NewField(FieldFileResumeData, b))
         }
  
         res = append(res, replyT)
-       return res, err
+       return res
  }
  
-func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if len(t.GetField(fieldUserIconID).Data) == 4 {
-               cc.Icon = t.GetField(fieldUserIconID).Data[2:]
+func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction) {
+       if len(t.GetField(FieldUserIconID).Data) == 4 {
+               cc.Icon = t.GetField(FieldUserIconID).Data[2:]
         } else {
-               cc.Icon = t.GetField(fieldUserIconID).Data
+               cc.Icon = t.GetField(FieldUserIconID).Data
         }
         if cc.Authorize(accessAnyName) {
-               cc.UserName = t.GetField(fieldUserName).Data
+               cc.UserName = t.GetField(FieldUserName).Data
         }
  
+       cc.flagsMU.Lock()
+       defer cc.flagsMU.Unlock()
+
         // the options field is only passed by the client versions > 1.2.3.
-       options := t.GetField(fieldOptions).Data
+       options := t.GetField(FieldOptions).Data
         if options != nil {
                 optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
-               flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
+               flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags[:])))
  
-               flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM))
-               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
+               flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, optBitmap.Bit(UserOptRefusePM))
+               binary.BigEndian.PutUint16(cc.Flags[:], uint16(flagBitmap.Int64()))
  
-               flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat))
-               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
+               flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, optBitmap.Bit(UserOptRefuseChat))
+               binary.BigEndian.PutUint16(cc.Flags[:], uint16(flagBitmap.Int64()))
  
                 // Check auto response
-               if optBitmap.Bit(autoResponse) == 1 {
-                       cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+               if optBitmap.Bit(UserOptAutoResponse) == 1 {
+                       cc.AutoReply = t.GetField(FieldAutomaticResponse).Data
                 } else {
                         cc.AutoReply = []byte{}
                 }
         }
  
-       for _, c := range sortedClients(cc.Server.Clients) {
-               res = append(res, *NewTransaction(
-                       tranNotifyChangeUser,
+       for _, c := range cc.Server.Clients {
+               res = append(res, NewTransaction(
+                       TranNotifyChangeUser,
                         c.ID,
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, cc.Icon),
-                       NewField(fieldUserFlags, cc.Flags),
-                       NewField(fieldUserName, cc.UserName),
+                       NewField(FieldUserID, cc.ID[:]),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags[:]),
+                       NewField(FieldUserName, cc.UserName),
                 ))
         }
  
-       return res, err
+       return res
  }
  
  // HandleKeepAlive responds to keepalive transactions with an empty reply
  // * HL 1.9.2 Client sends keepalive msg every 3 minutes
  // * HL 1.2.3 Client doesn't send keepalives
-func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction) {
         res = append(res, cc.NewReply(t))
  
-       return res, err
+       return res
  }
  
-func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction) {
         fullPath, err := readPath(
                 cc.Server.Config.FileRoot,
-               t.GetField(fieldFilePath).Data,
+               t.GetField(FieldFilePath).Data,
                 nil,
         )
         if err != nil {
-               return res, err
+               return res
         }
  
         var fp FilePath
-       if t.GetField(fieldFilePath).Data != nil {
-               if _, err = fp.Write(t.GetField(fieldFilePath).Data); err != nil {
-                       return res, err
+       if t.GetField(FieldFilePath).Data != nil {
+               if _, err = fp.Write(t.GetField(FieldFilePath).Data); err != nil {
+                       return res
                 }
         }
  
         // Handle special case for drop box folders
         if fp.IsDropbox() && !cc.Authorize(accessViewDropBoxes) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to view drop boxes."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to view drop boxes.")
         }
  
         fileNames, err := getFileNameList(fullPath, cc.Server.Config.IgnoreFiles)
         if err != nil {
-               return res, err
+               return res
         }
  
         res = append(res, cc.NewReply(t, fileNames...))
  
-       return res, err
+       return res
  }
  
  // =================================
  //     Hotline private chat flow
  // =================================
-// 1. ClientA sends tranInviteNewChat to server with user ID to invite
+// 1. ClientA sends TranInviteNewChat to server with user ID to invite
  // 2. Server creates new ChatID
-// 3. Server sends tranInviteToChat to invitee
+// 3. Server sends TranInviteToChat to invitee
  // 4. Server replies to ClientA with new Chat ID
  //
  // A dialog box pops up in the invitee client with options to accept or decline the invitation.
  // If Accepted is clicked:
-// 1. ClientB sends tranJoinChat with fieldChatID
+// 1. ClientB sends TranJoinChat with FieldChatID
  
  // HandleInviteNewChat invites users to new private chat
-func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessOpenChat) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to request private chat.")
         }
  
         // Client to Invite
-       targetID := t.GetField(fieldUserID).Data
+       targetID := t.GetField(FieldUserID).Data
         newChatID := cc.Server.NewPrivateChat(cc)
  
         // Check if target user has "Refuse private chat" flag
-       binary.BigEndian.Uint16(targetID)
-       targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)]
-
-       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags)))
-       if flagBitmap.Bit(userFLagRefusePChat) == 1 {
+       targetClient := cc.Server.Clients[[2]byte(targetID)]
+       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags[:])))
+       if flagBitmap.Bit(UserFlagRefusePChat) == 1 {
                 res = append(res,
-                       *NewTransaction(
-                               tranServerMsg,
+                       NewTransaction(
+                               TranServerMsg,
                                 cc.ID,
-                               NewField(fieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")),
-                               NewField(fieldUserName, targetClient.UserName),
-                               NewField(fieldUserID, *targetClient.ID),
-                               NewField(fieldOptions, []byte{0, 2}),
+                               NewField(FieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")),
+                               NewField(FieldUserName, targetClient.UserName),
+                               NewField(FieldUserID, targetClient.ID[:]),
+                               NewField(FieldOptions, []byte{0, 2}),
                         ),
                 )
         } else {
                 res = append(res,
-                       *NewTransaction(
-                               tranInviteToChat,
-                               &targetID,
-                               NewField(fieldChatID, newChatID),
-                               NewField(fieldUserName, cc.UserName),
-                               NewField(fieldUserID, *cc.ID),
+                       NewTransaction(
+                               TranInviteToChat,
+                               [2]byte(targetID),
+                               NewField(FieldChatID, newChatID[:]),
+                               NewField(FieldUserName, cc.UserName),
+                               NewField(FieldUserID, cc.ID[:]),
                         ),
                 )
         }
  
         res = append(res,
                 cc.NewReply(t,
-                       NewField(fieldChatID, newChatID),
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, cc.Icon),
-                       NewField(fieldUserFlags, cc.Flags),
+                       NewField(FieldChatID, newChatID[:]),
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, cc.ID[:]),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags[:]),
                 ),
         )
  
-       return res, err
+       return res
  }
  
-func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessOpenChat) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to request private chat.")
         }
  
         // Client to Invite
-       targetID := t.GetField(fieldUserID).Data
-       chatID := t.GetField(fieldChatID).Data
-
-       res = append(res,
-               *NewTransaction(
-                       tranInviteToChat,
-                       &targetID,
-                       NewField(fieldChatID, chatID),
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
+       targetID := t.GetField(FieldUserID).Data
+       chatID := t.GetField(FieldChatID).Data
+
+       return []Transaction{
+               NewTransaction(
+                       TranInviteToChat,
+                       [2]byte(targetID),
+                       NewField(FieldChatID, chatID),
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, cc.ID[:]),
                 ),
-       )
-       res = append(res,
                 cc.NewReply(
                         t,
-                       NewField(fieldChatID, chatID),
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, cc.Icon),
-                       NewField(fieldUserFlags, cc.Flags),
+                       NewField(FieldChatID, chatID),
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, cc.ID[:]),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags[:]),
                 ),
-       )
-
-       return res, err
+       }
  }
  
-func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
-       chatInt := binary.BigEndian.Uint32(chatID)
-
-       privChat := cc.Server.PrivateChats[chatInt]
-
-       resMsg := append(cc.UserName, []byte(" declined invitation to chat")...)
+func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction) {
+       chatID := [4]byte(t.GetField(FieldChatID).Data)
+       privChat := cc.Server.PrivateChats[chatID]
  
-       for _, c := range sortedClients(privChat.ClientConn) {
+       for _, c := range privChat.ClientConn {
                 res = append(res,
-                       *NewTransaction(
-                               tranChatMsg,
+                       NewTransaction(
+                               TranChatMsg,
                                 c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldData, resMsg),
+                               NewField(FieldChatID, chatID[:]),
+                               NewField(FieldData, append(cc.UserName, []byte(" declined invitation to chat")...)),
                         ),
                 )
         }
  
-       return res, err
+       return res
  }
  
  // HandleJoinChat is sent from a v1.8+ Hotline client when the joins a private chat
  // Fields used in the reply:
  // * 115       Chat subject
-// * 300       User name with info (Optional)
+// * 300       User Name with info (Optional)
  // * 300       (more user names with info)
-func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
-       chatInt := binary.BigEndian.Uint32(chatID)
+func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction) {
+       chatID := t.GetField(FieldChatID).Data
  
-       privChat := cc.Server.PrivateChats[chatInt]
+       privChat := cc.Server.PrivateChats[[4]byte(chatID)]
  
-       // Send tranNotifyChatChangeUser to current members of the chat to inform of new user
-       for _, c := range sortedClients(privChat.ClientConn) {
+       // Send TranNotifyChatChangeUser to current members of the chat to inform of new user
+       for _, c := range privChat.ClientConn {
                 res = append(res,
-                       *NewTransaction(
-                               tranNotifyChatChangeUser,
+                       NewTransaction(
+                               TranNotifyChatChangeUser,
                                 c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldUserName, cc.UserName),
-                               NewField(fieldUserID, *cc.ID),
-                               NewField(fieldUserIconID, cc.Icon),
-                               NewField(fieldUserFlags, cc.Flags),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldUserName, cc.UserName),
+                               NewField(FieldUserID, cc.ID[:]),
+                               NewField(FieldUserIconID, cc.Icon),
+                               NewField(FieldUserFlags, cc.Flags[:]),
                         ),
                 )
         }
  
-       privChat.ClientConn[cc.uint16ID()] = cc
+       privChat.ClientConn[cc.ID] = cc
  
-       replyFields := []Field{NewField(fieldChatSubject, []byte(privChat.Subject))}
-       for _, c := range sortedClients(privChat.ClientConn) {
-               user := User{
-                       ID:    *c.ID,
+       replyFields := []Field{NewField(FieldChatSubject, []byte(privChat.Subject))}
+       for _, c := range privChat.ClientConn {
+               b, err := io.ReadAll(&User{
+                       ID:    c.ID,
                         Icon:  c.Icon,
-                       Flags: c.Flags,
+                       Flags: c.Flags[:],
                         Name:  string(c.UserName),
+               })
+               if err != nil {
+                       return res
                 }
-
-               replyFields = append(replyFields, NewField(fieldUsernameWithInfo, user.Payload()))
+               replyFields = append(replyFields, NewField(FieldUsernameWithInfo, b))
         }
  
         res = append(res, cc.NewReply(t, replyFields...))
-       return res, err
+       return res
  }
  
  // HandleLeaveChat is sent from a v1.8+ Hotline client when the user exits a private chat
  // Fields used in the request:
-//     * 114   fieldChatID
+//   - 114     FieldChatID
+//
  // Reply is not expected.
-func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
-       chatInt := binary.BigEndian.Uint32(chatID)
+func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction) {
+       chatID := t.GetField(FieldChatID).Data
  
-       privChat, ok := cc.Server.PrivateChats[chatInt]
+       privChat, ok := cc.Server.PrivateChats[[4]byte(chatID)]
         if !ok {
-               return res, nil
+               return res
         }
  
-       delete(privChat.ClientConn, cc.uint16ID())
+       delete(privChat.ClientConn, cc.ID)
  
         // Notify members of the private chat that the user has left
-       for _, c := range sortedClients(privChat.ClientConn) {
+       for _, c := range privChat.ClientConn {
                 res = append(res,
-                       *NewTransaction(
-                               tranNotifyChatDeleteUser,
+                       NewTransaction(
+                               TranNotifyChatDeleteUser,
                                 c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldUserID, *cc.ID),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldUserID, cc.ID[:]),
                         ),
                 )
         }
  
-       return res, err
+       return res
  }
  
  // HandleSetChatSubject is sent from a v1.8+ Hotline client when the user sets a private chat subject
  // Fields used in the request:
  // * 114       Chat ID
-// * 115       Chat subject    Chat subject string
+// * 115       Chat subject
  // Reply is not expected.
-func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
-       chatInt := binary.BigEndian.Uint32(chatID)
+func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction) {
+       chatID := t.GetField(FieldChatID).Data
  
-       privChat := cc.Server.PrivateChats[chatInt]
-       privChat.Subject = string(t.GetField(fieldChatSubject).Data)
+       privChat := cc.Server.PrivateChats[[4]byte(chatID)]
+       privChat.Subject = string(t.GetField(FieldChatSubject).Data)
  
-       for _, c := range sortedClients(privChat.ClientConn) {
+       for _, c := range privChat.ClientConn {
                 res = append(res,
-                       *NewTransaction(
-                               tranNotifyChatSubject,
+                       NewTransaction(
+                               TranNotifyChatSubject,
                                 c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldChatSubject, t.GetField(fieldChatSubject).Data),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldChatSubject, t.GetField(FieldChatSubject).Data),
                         ),
                 )
         }
  
-       return res, err
+       return res
  }
  
-// HandleMakeAlias makes a filer alias using the specified path.
+// HandleMakeAlias makes a file alias using the specified path.
  // Fields used in the request:
-// 201 File name
+// 201 File Name
  // 202 File path
  // 212 File new path   Destination path
  //
  // Fields used in the reply:
  // None
-func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction) {
         if !cc.Authorize(accessMakeAlias) {
-               res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
-               return res, err
+               return cc.NewErrReply(t, "You are not allowed to make aliases.")
         }
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
-       fileNewPath := t.GetField(fieldFileNewPath).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
+       fileNewPath := t.GetField(FieldFileNewPath).Data
  
         fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
-               return res, err
+               return res
         }
  
         fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, fileNewPath, fileName)
         if err != nil {
-               return res, err
+               return res
         }
  
-       cc.logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
+       cc.logger.Debug("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
  
         if err := cc.Server.FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
-               res = append(res, cc.NewErrReply(t, "Error creating alias"))
-               return res, nil
+               return cc.NewErrReply(t, "Error creating alias")
         }
  
         res = append(res, cc.NewReply(t))
-       return res, err
+       return res
  }
  
  // HandleDownloadBanner handles requests for a new banner from the server
  // Fields used in the request:
  // None
  // Fields used in the reply:
-// 107 fieldRefNum                     Used later for transfer
-// 108 fieldTransferSize       Size of data to be downloaded
-func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fi, err := cc.Server.FS.Stat(filepath.Join(cc.Server.ConfigDir, cc.Server.Config.BannerFile))
-       if err != nil {
-               return res, err
-       }
-
+// 107 FieldRefNum                     Used later for transfer
+// 108 FieldTransferSize       Size of data to be downloaded
+func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction) {
         ft := cc.newFileTransfer(bannerDownload, []byte{}, []byte{}, make([]byte, 4))
+       binary.BigEndian.PutUint32(ft.TransferSize, uint32(len(cc.Server.banner)))
  
-       binary.BigEndian.PutUint32(ft.TransferSize, uint32(fi.Size()))
-
-       res = append(res, cc.NewReply(t,
-               NewField(fieldRefNum, ft.refNum[:]),
-               NewField(fieldTransferSize, ft.TransferSize),
+       return append(res, cc.NewReply(t,
+               NewField(FieldRefNum, ft.refNum[:]),
+               NewField(FieldTransferSize, ft.TransferSize),
         ))
-
-       return res, err
  }