]> git.r.bdr.sh - rbdr/mobius/blobdiff - hotline/transaction_handlers.go
git.r.bdr.sh / rbdr / mobius / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Replace zap logger with slog
[rbdr/mobius] / hotline / transaction_handlers.go
diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go
index ec7910a49fdad6af34d9d5c551ef367934eb4d3e..3accf2c647dad26c9f16ecb8eae486d524cbb85c 100644 (file)
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -6,316 +6,261 @@ import (
        "errors"
        "fmt"
        "gopkg.in/yaml.v3"
        "errors"
        "fmt"
        "gopkg.in/yaml.v3"
-       "io/ioutil"
+       "io"
        "math/big"
        "os"
        "path"
        "math/big"
        "os"
        "path"
+       "path/filepath"
        "sort"
        "strings"
        "time"
 )
 
        "sort"
        "strings"
        "time"
 )
 
+type HandlerFunc func(*ClientConn, *Transaction) ([]Transaction, error)
+
 type TransactionType struct {
 type TransactionType struct {
-       Access         int                                                    // Specifies access privilege required to perform the transaction
-       DenyMsg        string                                                 // The error reply message when user does not have access
-       Handler        func(*ClientConn, *Transaction) ([]Transaction, error) // function for handling the transaction type
-       Name           string                                                 // Name of transaction as it will appear in logging
+       Handler        HandlerFunc // function for handling the transaction type
+       Name           string      // Name of transaction as it will appear in logging
        RequiredFields []requiredField
 }
 
 var TransactionHandlers = map[uint16]TransactionType{
        // Server initiated
        RequiredFields []requiredField
 }
 
 var TransactionHandlers = map[uint16]TransactionType{
        // Server initiated
-       tranChatMsg: {
-               Name: "tranChatMsg",
+       TranChatMsg: {
+               Name: "TranChatMsg",
        },
        // Server initiated
        },
        // Server initiated
-       tranNotifyChangeUser: {
-               Name: "tranNotifyChangeUser",
+       TranNotifyChangeUser: {
+               Name: "TranNotifyChangeUser",
        },
        },
-       tranError: {
-               Name: "tranError",
+       TranError: {
+               Name: "TranError",
        },
        },
-       tranShowAgreement: {
-               Name: "tranShowAgreement",
+       TranShowAgreement: {
+               Name: "TranShowAgreement",
        },
        },
-       tranUserAccess: {
-               Name: "tranUserAccess",
+       TranUserAccess: {
+               Name: "TranUserAccess",
        },
        },
-       tranNotifyDeleteUser: {
-               Name: "tranNotifyDeleteUser",
+       TranNotifyDeleteUser: {
+               Name: "TranNotifyDeleteUser",
        },
        },
-       tranAgreed: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranAgreed",
+       TranAgreed: {
+               Name:    "TranAgreed",
                Handler: HandleTranAgreed,
        },
                Handler: HandleTranAgreed,
        },
-       tranChatSend: {
-               Access:  accessAlwaysAllow,
+       TranChatSend: {
+               Name:    "TranChatSend",
                Handler: HandleChatSend,
                Handler: HandleChatSend,
-               Name:    "tranChatSend",
                RequiredFields: []requiredField{
                        {
                RequiredFields: []requiredField{
                        {
-                               ID:     fieldData,
+                               ID:     FieldData,
                                minLen: 0,
                        },
                },
        },
                                minLen: 0,
                        },
                },
        },
-       tranDelNewsArt: {
-               Access:  accessNewsDeleteArt,
-               DenyMsg: "You are not allowed to delete news articles.",
-               Name:    "tranDelNewsArt",
+       TranDelNewsArt: {
+               Name:    "TranDelNewsArt",
                Handler: HandleDelNewsArt,
        },
                Handler: HandleDelNewsArt,
        },
-       tranDelNewsItem: {
-               Access: accessAlwaysAllow, // Granular access enforced inside the handler
-               // Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
-               // TODO: Implement inside the handler
-               Name:    "tranDelNewsItem",
+       TranDelNewsItem: {
+               Name:    "TranDelNewsItem",
                Handler: HandleDelNewsItem,
        },
                Handler: HandleDelNewsItem,
        },
-       tranDeleteFile: {
-               Access:  accessAlwaysAllow, // Granular access enforced inside the handler
-               Name:    "tranDeleteFile",
+       TranDeleteFile: {
+               Name:    "TranDeleteFile",
                Handler: HandleDeleteFile,
        },
                Handler: HandleDeleteFile,
        },
-       tranDeleteUser: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranDeleteUser",
+       TranDeleteUser: {
+               Name:    "TranDeleteUser",
                Handler: HandleDeleteUser,
        },
                Handler: HandleDeleteUser,
        },
-       tranDisconnectUser: {
-               Access:  accessDisconUser,
-               DenyMsg: "You are not allowed to disconnect users.",
-               Name:    "tranDisconnectUser",
+       TranDisconnectUser: {
+               Name:    "TranDisconnectUser",
                Handler: HandleDisconnectUser,
        },
                Handler: HandleDisconnectUser,
        },
-       tranDownloadFile: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranDownloadFile",
+       TranDownloadFile: {
+               Name:    "TranDownloadFile",
                Handler: HandleDownloadFile,
        },
                Handler: HandleDownloadFile,
        },
-       tranDownloadFldr: {
-               Access:  accessDownloadFile, // There is no specific access flag for folder vs file download
-               DenyMsg: "You are not allowed to download files.",
-               Name:    "tranDownloadFldr",
+       TranDownloadFldr: {
+               Name:    "TranDownloadFldr",
                Handler: HandleDownloadFolder,
        },
                Handler: HandleDownloadFolder,
        },
-       tranGetClientInfoText: {
-               Access:  accessGetClientInfo,
-               DenyMsg: "You are not allowed to get client info",
-               Name:    "tranGetClientInfoText",
-               Handler: HandleGetClientConnInfoText,
+       TranGetClientInfoText: {
+               Name:    "TranGetClientInfoText",
+               Handler: HandleGetClientInfoText,
        },
        },
-       tranGetFileInfo: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranGetFileInfo",
+       TranGetFileInfo: {
+               Name:    "TranGetFileInfo",
                Handler: HandleGetFileInfo,
        },
                Handler: HandleGetFileInfo,
        },
-       tranGetFileNameList: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranGetFileNameList",
+       TranGetFileNameList: {
+               Name:    "TranGetFileNameList",
                Handler: HandleGetFileNameList,
        },
                Handler: HandleGetFileNameList,
        },
-       tranGetMsgs: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranGetMsgs",
+       TranGetMsgs: {
+               Name:    "TranGetMsgs",
                Handler: HandleGetMsgs,
        },
                Handler: HandleGetMsgs,
        },
-       tranGetNewsArtData: {
-               Access:  accessNewsReadArt,
-               DenyMsg: "You are not allowed to read news.",
-               Name:    "tranGetNewsArtData",
+       TranGetNewsArtData: {
+               Name:    "TranGetNewsArtData",
                Handler: HandleGetNewsArtData,
        },
                Handler: HandleGetNewsArtData,
        },
-       tranGetNewsArtNameList: {
-               Access:  accessNewsReadArt,
-               DenyMsg: "You are not allowed to read news.",
-               Name:    "tranGetNewsArtNameList",
+       TranGetNewsArtNameList: {
+               Name:    "TranGetNewsArtNameList",
                Handler: HandleGetNewsArtNameList,
        },
                Handler: HandleGetNewsArtNameList,
        },
-       tranGetNewsCatNameList: {
-               Access:  accessNewsReadArt,
-               DenyMsg: "You are not allowed to read news.",
-               Name:    "tranGetNewsCatNameList",
+       TranGetNewsCatNameList: {
+               Name:    "TranGetNewsCatNameList",
                Handler: HandleGetNewsCatNameList,
        },
                Handler: HandleGetNewsCatNameList,
        },
-       tranGetUser: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranGetUser",
+       TranGetUser: {
+               Name:    "TranGetUser",
                Handler: HandleGetUser,
        },
                Handler: HandleGetUser,
        },
-       tranGetUserNameList: {
-               Access:  accessAlwaysAllow,
+       TranGetUserNameList: {
                Name:    "tranHandleGetUserNameList",
                Handler: HandleGetUserNameList,
        },
                Name:    "tranHandleGetUserNameList",
                Handler: HandleGetUserNameList,
        },
-       tranInviteNewChat: {
-               Access:  accessOpenChat,
-               DenyMsg: "You are not allowed to request private chat.",
-               Name:    "tranInviteNewChat",
+       TranInviteNewChat: {
+               Name:    "TranInviteNewChat",
                Handler: HandleInviteNewChat,
        },
                Handler: HandleInviteNewChat,
        },
-       tranInviteToChat: {
-               Access:  accessOpenChat,
-               DenyMsg: "You are not allowed to request private chat.",
-               Name:    "tranInviteToChat",
+       TranInviteToChat: {
+               Name:    "TranInviteToChat",
                Handler: HandleInviteToChat,
        },
                Handler: HandleInviteToChat,
        },
-       tranJoinChat: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranJoinChat",
+       TranJoinChat: {
+               Name:    "TranJoinChat",
                Handler: HandleJoinChat,
        },
                Handler: HandleJoinChat,
        },
-       tranKeepAlive: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranKeepAlive",
+       TranKeepAlive: {
+               Name:    "TranKeepAlive",
                Handler: HandleKeepAlive,
        },
                Handler: HandleKeepAlive,
        },
-       tranLeaveChat: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranJoinChat",
+       TranLeaveChat: {
+               Name:    "TranJoinChat",
                Handler: HandleLeaveChat,
        },
                Handler: HandleLeaveChat,
        },
-       tranListUsers: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranListUsers",
+       TranListUsers: {
+               Name:    "TranListUsers",
                Handler: HandleListUsers,
        },
                Handler: HandleListUsers,
        },
-       tranMoveFile: {
-               Access:  accessMoveFile,
-               DenyMsg: "You are not allowed to move files.",
-               Name:    "tranMoveFile",
+       TranMoveFile: {
+               Name:    "TranMoveFile",
                Handler: HandleMoveFile,
        },
                Handler: HandleMoveFile,
        },
-       tranNewFolder: {
-               Access:  accessCreateFolder,
-               DenyMsg: "You are not allow to create folders.",
-               Name:    "tranNewFolder",
+       TranNewFolder: {
+               Name:    "TranNewFolder",
                Handler: HandleNewFolder,
        },
                Handler: HandleNewFolder,
        },
-       tranNewNewsCat: {
-               Access:  accessNewsCreateCat,
-               DenyMsg: "You are not allowed to create news categories.",
-               Name:    "tranNewNewsCat",
+       TranNewNewsCat: {
+               Name:    "TranNewNewsCat",
                Handler: HandleNewNewsCat,
        },
                Handler: HandleNewNewsCat,
        },
-       tranNewNewsFldr: {
-               Access:  accessNewsCreateFldr,
-               DenyMsg: "You are not allowed to create news folders.",
-               Name:    "tranNewNewsFldr",
+       TranNewNewsFldr: {
+               Name:    "TranNewNewsFldr",
                Handler: HandleNewNewsFldr,
        },
                Handler: HandleNewNewsFldr,
        },
-       tranNewUser: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranNewUser",
+       TranNewUser: {
+               Name:    "TranNewUser",
                Handler: HandleNewUser,
        },
                Handler: HandleNewUser,
        },
-       tranOldPostNews: {
-               Access:  accessNewsPostArt,
-               DenyMsg: "You are not allowed to post news.",
-               Name:    "tranOldPostNews",
+       TranUpdateUser: {
+               Name:    "TranUpdateUser",
+               Handler: HandleUpdateUser,
+       },
+       TranOldPostNews: {
+               Name:    "TranOldPostNews",
                Handler: HandleTranOldPostNews,
        },
                Handler: HandleTranOldPostNews,
        },
-       tranPostNewsArt: {
-               Access:  accessNewsPostArt,
-               DenyMsg: "You are not allowed to post news articles.",
-               Name:    "tranPostNewsArt",
+       TranPostNewsArt: {
+               Name:    "TranPostNewsArt",
                Handler: HandlePostNewsArt,
        },
                Handler: HandlePostNewsArt,
        },
-       tranRejectChatInvite: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranRejectChatInvite",
+       TranRejectChatInvite: {
+               Name:    "TranRejectChatInvite",
                Handler: HandleRejectChatInvite,
        },
                Handler: HandleRejectChatInvite,
        },
-       tranSendInstantMsg: {
-               Access: accessAlwaysAllow,
-               // Access: accessSendPrivMsg,
-               // DenyMsg: "You are not allowed to send private messages",
-               Name:    "tranSendInstantMsg",
+       TranSendInstantMsg: {
+               Name:    "TranSendInstantMsg",
                Handler: HandleSendInstantMsg,
                RequiredFields: []requiredField{
                        {
                Handler: HandleSendInstantMsg,
                RequiredFields: []requiredField{
                        {
-                               ID:     fieldData,
+                               ID:     FieldData,
                                minLen: 0,
                        },
                        {
                                minLen: 0,
                        },
                        {
-                               ID: fieldUserID,
+                               ID: FieldUserID,
                        },
                },
        },
                        },
                },
        },
-       tranSetChatSubject: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranSetChatSubject",
+       TranSetChatSubject: {
+               Name:    "TranSetChatSubject",
                Handler: HandleSetChatSubject,
        },
                Handler: HandleSetChatSubject,
        },
-       tranMakeFileAlias: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranMakeFileAlias",
+       TranMakeFileAlias: {
+               Name:    "TranMakeFileAlias",
                Handler: HandleMakeAlias,
                RequiredFields: []requiredField{
                Handler: HandleMakeAlias,
                RequiredFields: []requiredField{
-                       {ID: fieldFileName, minLen: 1},
-                       {ID: fieldFilePath, minLen: 1},
-                       {ID: fieldFileNewPath, minLen: 1},
+                       {ID: FieldFileName, minLen: 1},
+                       {ID: FieldFilePath, minLen: 1},
+                       {ID: FieldFileNewPath, minLen: 1},
                },
        },
                },
        },
-       tranSetClientUserInfo: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranSetClientUserInfo",
+       TranSetClientUserInfo: {
+               Name:    "TranSetClientUserInfo",
                Handler: HandleSetClientUserInfo,
        },
                Handler: HandleSetClientUserInfo,
        },
-       tranSetFileInfo: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranSetFileInfo",
+       TranSetFileInfo: {
+               Name:    "TranSetFileInfo",
                Handler: HandleSetFileInfo,
        },
                Handler: HandleSetFileInfo,
        },
-       tranSetUser: {
-               Access:  accessModifyUser,
-               DenyMsg: "You are not allowed to modify accounts.",
-               Name:    "tranSetUser",
+       TranSetUser: {
+               Name:    "TranSetUser",
                Handler: HandleSetUser,
        },
                Handler: HandleSetUser,
        },
-       tranUploadFile: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranUploadFile",
+       TranUploadFile: {
+               Name:    "TranUploadFile",
                Handler: HandleUploadFile,
        },
                Handler: HandleUploadFile,
        },
-       tranUploadFldr: {
-               Access:  accessAlwaysAllow,
-               Name:    "tranUploadFldr",
+       TranUploadFldr: {
+               Name:    "TranUploadFldr",
                Handler: HandleUploadFolder,
        },
                Handler: HandleUploadFolder,
        },
-       tranUserBroadcast: {
-               Access:  accessBroadcast,
-               DenyMsg: "You are not allowed to send broadcast messages.",
-               Name:    "tranUserBroadcast",
+       TranUserBroadcast: {
+               Name:    "TranUserBroadcast",
                Handler: HandleUserBroadcast,
        },
                Handler: HandleUserBroadcast,
        },
+       TranDownloadBanner: {
+               Name:    "TranDownloadBanner",
+               Handler: HandleDownloadBanner,
+       },
 }
 
 func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessSendChat) {
+       if !cc.Authorize(accessSendChat) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
                return res, err
        }
 
        // Truncate long usernames
        trunc := fmt.Sprintf("%13s", cc.UserName)
                res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
                return res, err
        }
 
        // Truncate long usernames
        trunc := fmt.Sprintf("%13s", cc.UserName)
-       formattedMsg := fmt.Sprintf("\r%.14s:  %s", trunc, t.GetField(fieldData).Data)
+       formattedMsg := fmt.Sprintf("\r%.14s:  %s", trunc, t.GetField(FieldData).Data)
 
        // By holding the option key, Hotline chat allows users to send /me formatted messages like:
        // *** Halcyon does stuff
 
        // By holding the option key, Hotline chat allows users to send /me formatted messages like:
        // *** Halcyon does stuff
-       // This is indicated by the presence of the optional field fieldChatOptions in the transaction payload
-       if t.GetField(fieldChatOptions).Data != nil {
-               formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(fieldData).Data)
+       // This is indicated by the presence of the optional field FieldChatOptions set to a value of 1.
+       // Most clients do not send this option for normal chat messages.
+       if t.GetField(FieldChatOptions).Data != nil && bytes.Equal(t.GetField(FieldChatOptions).Data, []byte{0, 1}) {
+               formattedMsg = fmt.Sprintf("\r*** %s %s", cc.UserName, t.GetField(FieldData).Data)
        }
 
        }
 
-       if bytes.Equal(t.GetField(fieldData).Data, []byte("/stats")) {
-               formattedMsg = strings.Replace(cc.Server.Stats.String(), "\n", "\r", -1)
-       }
-
-       chatID := t.GetField(fieldChatID).Data
-       // a non-nil chatID indicates the message belongs to a private chat
-       if chatID != nil {
+       // The ChatID field is used to identify messages as belonging to a private chat.
+       // All clients *except* Frogblast omit this field for public chat, but Frogblast sends a value of 00 00 00 00.
+       chatID := t.GetField(FieldChatID).Data
+       if chatID != nil && !bytes.Equal([]byte{0, 0, 0, 0}, chatID) {
                chatInt := binary.BigEndian.Uint32(chatID)
                privChat := cc.Server.PrivateChats[chatInt]
 
                chatInt := binary.BigEndian.Uint32(chatID)
                privChat := cc.Server.PrivateChats[chatInt]
 
@@ -324,10 +269,10 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
                // send the message to all connected clients of the private chat
                for _, c := range clients {
                        res = append(res, *NewTransaction(
                // send the message to all connected clients of the private chat
                for _, c := range clients {
                        res = append(res, *NewTransaction(
-                               tranChatMsg,
+                               TranChatMsg,
                                c.ID,
                                c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldData, []byte(formattedMsg)),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldData, []byte(formattedMsg)),
                        ))
                }
                return res, err
                        ))
                }
                return res, err
@@ -335,8 +280,8 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 
        for _, c := range sortedClients(cc.Server.Clients) {
                // Filter out clients that do not have the read chat permission
 
        for _, c := range sortedClients(cc.Server.Clients) {
                // Filter out clients that do not have the read chat permission
-               if authorize(c.Account.Access, accessReadChat) {
-                       res = append(res, *NewTransaction(tranChatMsg, c.ID, NewField(fieldData, []byte(formattedMsg))))
+               if c.Authorize(accessReadChat) {
+                       res = append(res, *NewTransaction(TranChatMsg, c.ID, NewField(FieldData, []byte(formattedMsg))))
                }
        }
 
                }
        }
 
@@ -345,6 +290,7 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 
 // HandleSendInstantMsg sends instant message to the user on the current server.
 // Fields used in the request:
 
 // HandleSendInstantMsg sends instant message to the user on the current server.
 // Fields used in the request:
+//
 //     103     User ID
 //     113     Options
 //             One of the following values:
 //     103     User ID
 //     113     Options
 //             One of the following values:
@@ -358,42 +304,65 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 // Fields used in the reply:
 // None
 func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // Fields used in the reply:
 // None
 func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       msg := t.GetField(fieldData)
-       ID := t.GetField(fieldUserID)
+       if !cc.Authorize(accessSendPrivMsg) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to send private messages."))
+               return res, errors.New("user is not allowed to send private messages")
+       }
 
 
-       reply := *NewTransaction(
-               tranServerMsg,
+       msg := t.GetField(FieldData)
+       ID := t.GetField(FieldUserID)
+
+       reply := NewTransaction(
+               TranServerMsg,
                &ID.Data,
                &ID.Data,
-               NewField(fieldData, msg.Data),
-               NewField(fieldUserName, cc.UserName),
-               NewField(fieldUserID, *cc.ID),
-               NewField(fieldOptions, []byte{0, 1}),
+               NewField(FieldData, msg.Data),
+               NewField(FieldUserName, cc.UserName),
+               NewField(FieldUserID, *cc.ID),
+               NewField(FieldOptions, []byte{0, 1}),
        )
 
        )
 
-       // Later versions of Hotline include the original message in the fieldQuotingMsg field so
+       // Later versions of Hotline include the original message in the FieldQuotingMsg field so
        //  the receiving client can display both the received message and what it is in reply to
        //  the receiving client can display both the received message and what it is in reply to
-       if t.GetField(fieldQuotingMsg).Data != nil {
-               reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
+       if t.GetField(FieldQuotingMsg).Data != nil {
+               reply.Fields = append(reply.Fields, NewField(FieldQuotingMsg, t.GetField(FieldQuotingMsg).Data))
        }
 
        }
 
-       res = append(res, reply)
+       id, err := byteToInt(ID.Data)
+       if err != nil {
+               return res, errors.New("invalid client ID")
+       }
+       otherClient, ok := cc.Server.Clients[uint16(id)]
+       if !ok {
+               return res, errors.New("invalid client ID")
+       }
 
 
-       id, _ := byteToInt(ID.Data)
-       otherClient := cc.Server.Clients[uint16(id)]
-       if otherClient == nil {
-               return res, errors.New("ohno")
+       // Check if target user has "Refuse private messages" flag
+       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags)))
+       if flagBitmap.Bit(UserFlagRefusePM) == 1 {
+               res = append(res,
+                       *NewTransaction(
+                               TranServerMsg,
+                               cc.ID,
+                               NewField(FieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")),
+                               NewField(FieldUserName, otherClient.UserName),
+                               NewField(FieldUserID, *otherClient.ID),
+                               NewField(FieldOptions, []byte{0, 2}),
+                       ),
+               )
+       } else {
+               res = append(res, *reply)
        }
 
        // Respond with auto reply if other client has it enabled
        if len(otherClient.AutoReply) > 0 {
                res = append(res,
                        *NewTransaction(
        }
 
        // Respond with auto reply if other client has it enabled
        if len(otherClient.AutoReply) > 0 {
                res = append(res,
                        *NewTransaction(
-                               tranServerMsg,
+                               TranServerMsg,
                                cc.ID,
                                cc.ID,
-                               NewField(fieldData, otherClient.AutoReply),
-                               NewField(fieldUserName, otherClient.UserName),
-                               NewField(fieldUserID, *otherClient.ID),
-                               NewField(fieldOptions, []byte{0, 1}),
+                               NewField(FieldData, otherClient.AutoReply),
+                               NewField(FieldUserName, otherClient.UserName),
+                               NewField(FieldUserID, *otherClient.ID),
+                               NewField(FieldOptions, []byte{0, 1}),
                        ),
                )
        }
                        ),
                )
        }
@@ -404,29 +373,48 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
 }
 
 func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
 
 
-       ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, 0)
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
                return res, err
        }
 
        if err != nil {
                return res, err
        }
 
-       res = append(res, cc.NewReply(t,
-               NewField(fieldFileName, fileName),
-               NewField(fieldFileTypeString, ffo.FlatFileInformationFork.TypeSignature),
-               NewField(fieldFileCreatorString, ffo.FlatFileInformationFork.CreatorSignature),
-               NewField(fieldFileComment, ffo.FlatFileInformationFork.Comment),
-               NewField(fieldFileType, ffo.FlatFileInformationFork.TypeSignature),
-               NewField(fieldFileCreateDate, ffo.FlatFileInformationFork.CreateDate),
-               NewField(fieldFileModifyDate, ffo.FlatFileInformationFork.ModifyDate),
-               NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]),
-       ))
+       fw, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
+       if err != nil {
+               return res, err
+       }
+
+       encodedName, err := txtEncoder.String(fw.name)
+       if err != nil {
+               return res, fmt.Errorf("invalid filepath encoding: %w", err)
+       }
+
+       fields := []Field{
+               NewField(FieldFileName, []byte(encodedName)),
+               NewField(FieldFileTypeString, fw.ffo.FlatFileInformationFork.friendlyType()),
+               NewField(FieldFileCreatorString, fw.ffo.FlatFileInformationFork.friendlyCreator()),
+               NewField(FieldFileType, fw.ffo.FlatFileInformationFork.TypeSignature),
+               NewField(FieldFileCreateDate, fw.ffo.FlatFileInformationFork.CreateDate),
+               NewField(FieldFileModifyDate, fw.ffo.FlatFileInformationFork.ModifyDate),
+       }
+
+       // Include the optional FileComment field if there is a comment.
+       if len(fw.ffo.FlatFileInformationFork.Comment) != 0 {
+               fields = append(fields, NewField(FieldFileComment, fw.ffo.FlatFileInformationFork.Comment))
+       }
+
+       // Include the FileSize field for files.
+       if !bytes.Equal(fw.ffo.FlatFileInformationFork.TypeSignature, []byte{0x66, 0x6c, 0x64, 0x72}) {
+               fields = append(fields, NewField(FieldFileSize, fw.totalSize()))
+       }
+
+       res = append(res, cc.NewReply(t, fields...))
        return res, err
 }
 
 // HandleSetFileInfo updates a file or folder name and/or comment from the Get Info window
        return res, err
 }
 
 // HandleSetFileInfo updates a file or folder name and/or comment from the Get Info window
-// TODO: Implement support for comments
 // Fields used in the request:
 // * 201       File name
 // * 202       File path       Optional
 // Fields used in the request:
 // * 201       File name
 // * 202       File path       Optional
@@ -434,44 +422,91 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 // * 210       File comment    Optional
 // Fields used in the reply:   None
 func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // * 210       File comment    Optional
 // Fields used in the reply:   None
 func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
 
        fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
                return res, err
        }
 
 
        fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
                return res, err
        }
 
-       fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(fieldFileNewName).Data)
+       fi, err := cc.Server.FS.Stat(fullFilePath)
        if err != nil {
        if err != nil {
-               return nil, err
+               return res, err
        }
 
        }
 
-       // fileComment := t.GetField(fieldFileComment).Data
-       fileNewName := t.GetField(fieldFileNewName).Data
+       hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
+       if err != nil {
+               return res, err
+       }
+       if t.GetField(FieldFileComment).Data != nil {
+               switch mode := fi.Mode(); {
+               case mode.IsDir():
+                       if !cc.Authorize(accessSetFolderComment) {
+                               res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for folders."))
+                               return res, err
+                       }
+               case mode.IsRegular():
+                       if !cc.Authorize(accessSetFileComment) {
+                               res = append(res, cc.NewErrReply(t, "You are not allowed to set comments for files."))
+                               return res, err
+                       }
+               }
 
 
-       if fileNewName != nil {
-               fi, err := FS.Stat(fullFilePath)
+               if err := hlFile.ffo.FlatFileInformationFork.setComment(t.GetField(FieldFileComment).Data); err != nil {
+                       return res, err
+               }
+               w, err := hlFile.infoForkWriter()
                if err != nil {
                        return res, err
                }
                if err != nil {
                        return res, err
                }
+               _, err = io.Copy(w, &hlFile.ffo.FlatFileInformationFork)
+               if err != nil {
+                       return res, err
+               }
+       }
+
+       fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(FieldFileNewName).Data)
+       if err != nil {
+               return nil, err
+       }
+
+       fileNewName := t.GetField(FieldFileNewName).Data
+
+       if fileNewName != nil {
                switch mode := fi.Mode(); {
                case mode.IsDir():
                switch mode := fi.Mode(); {
                case mode.IsDir():
-                       if !authorize(cc.Account.Access, accessRenameFolder) {
+                       if !cc.Authorize(accessRenameFolder) {
                                res = append(res, cc.NewErrReply(t, "You are not allowed to rename folders."))
                                return res, err
                        }
                                res = append(res, cc.NewErrReply(t, "You are not allowed to rename folders."))
                                return res, err
                        }
+                       err = os.Rename(fullFilePath, fullNewFilePath)
+                       if os.IsNotExist(err) {
+                               res = append(res, cc.NewErrReply(t, "Cannot rename folder "+string(fileName)+" because it does not exist or cannot be found."))
+                               return res, err
+                       }
                case mode.IsRegular():
                case mode.IsRegular():
-                       if !authorize(cc.Account.Access, accessRenameFile) {
+                       if !cc.Authorize(accessRenameFile) {
                                res = append(res, cc.NewErrReply(t, "You are not allowed to rename files."))
                                return res, err
                        }
                                res = append(res, cc.NewErrReply(t, "You are not allowed to rename files."))
                                return res, err
                        }
-               }
+                       fileDir, err := readPath(cc.Server.Config.FileRoot, filePath, []byte{})
+                       if err != nil {
+                               return nil, err
+                       }
+                       hlFile.name, err = txtDecoder.String(string(fileNewName))
+                       if err != nil {
+                               return res, fmt.Errorf("invalid filepath encoding: %w", err)
+                       }
 
 
-               err = os.Rename(fullFilePath, fullNewFilePath)
-               if os.IsNotExist(err) {
-                       res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
-                       return res, err
+                       err = hlFile.move(fileDir)
+                       if os.IsNotExist(err) {
+                               res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
+                               return res, err
+                       }
+                       if err != nil {
+                               return res, err
+                       }
                }
        }
 
                }
        }
 
@@ -485,35 +520,39 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
 // * 202       File path
 // Fields used in the reply: none
 func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // * 202       File path
 // Fields used in the reply: none
 func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
 
        fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
                return res, err
        }
 
 
        fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
                return res, err
        }
 
-       cc.Server.Logger.Debugw("Delete file", "src", fullFilePath)
+       hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, 0)
+       if err != nil {
+               return res, err
+       }
 
 
-       fi, err := os.Stat(fullFilePath)
+       fi, err := hlFile.dataFile()
        if err != nil {
                res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found."))
                return res, nil
        }
        if err != nil {
                res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found."))
                return res, nil
        }
+
        switch mode := fi.Mode(); {
        case mode.IsDir():
        switch mode := fi.Mode(); {
        case mode.IsDir():
-               if !authorize(cc.Account.Access, accessDeleteFolder) {
+               if !cc.Authorize(accessDeleteFolder) {
                        res = append(res, cc.NewErrReply(t, "You are not allowed to delete folders."))
                        return res, err
                }
        case mode.IsRegular():
                        res = append(res, cc.NewErrReply(t, "You are not allowed to delete folders."))
                        return res, err
                }
        case mode.IsRegular():
-               if !authorize(cc.Account.Access, accessDeleteFile) {
+               if !cc.Authorize(accessDeleteFile) {
                        res = append(res, cc.NewErrReply(t, "You are not allowed to delete files."))
                        return res, err
                }
        }
 
                        res = append(res, cc.NewErrReply(t, "You are not allowed to delete files."))
                        return res, err
                }
        }
 
-       if err := os.RemoveAll(fullFilePath); err != nil {
+       if err := hlFile.delete(); err != nil {
                return res, err
        }
 
                return res, err
        }
 
@@ -523,71 +562,88 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 
 // HandleMoveFile moves files or folders. Note: seemingly not documented
 func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 
 // HandleMoveFile moves files or folders. Note: seemingly not documented
 func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := string(t.GetField(fieldFileName).Data)
-       filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
-       fileNewPath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFileNewPath).Data)
+       fileName := string(t.GetField(FieldFileName).Data)
+
+       filePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data)
+       if err != nil {
+               return res, err
+       }
+
+       fileNewPath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFileNewPath).Data, nil)
+       if err != nil {
+               return res, err
+       }
 
 
-       cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
+       cc.logger.Info("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
+
+       hlFile, err := newFileWrapper(cc.Server.FS, filePath, 0)
+       if err != nil {
+               return res, err
+       }
 
 
-       fp := filePath + "/" + fileName
-       fi, err := os.Stat(fp)
+       fi, err := hlFile.dataFile()
        if err != nil {
        if err != nil {
+               res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
                return res, err
        }
        switch mode := fi.Mode(); {
        case mode.IsDir():
                return res, err
        }
        switch mode := fi.Mode(); {
        case mode.IsDir():
-               if !authorize(cc.Account.Access, accessMoveFolder) {
+               if !cc.Authorize(accessMoveFolder) {
                        res = append(res, cc.NewErrReply(t, "You are not allowed to move folders."))
                        return res, err
                }
        case mode.IsRegular():
                        res = append(res, cc.NewErrReply(t, "You are not allowed to move folders."))
                        return res, err
                }
        case mode.IsRegular():
-               if !authorize(cc.Account.Access, accessMoveFile) {
+               if !cc.Authorize(accessMoveFile) {
                        res = append(res, cc.NewErrReply(t, "You are not allowed to move files."))
                        return res, err
                }
        }
                        res = append(res, cc.NewErrReply(t, "You are not allowed to move files."))
                        return res, err
                }
        }
-
-       err = os.Rename(filePath+"/"+fileName, fileNewPath+"/"+fileName)
-       if os.IsNotExist(err) {
-               res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
+       if err := hlFile.move(fileNewPath); err != nil {
                return res, err
        }
                return res, err
        }
-       if err != nil {
-               return []Transaction{}, err
-       }
-       // TODO: handle other possible errors; e.g. file delete fails due to file permission issue
+       // TODO: handle other possible errors; e.g. fileWrapper delete fails due to fileWrapper permission issue
 
        res = append(res, cc.NewReply(t))
        return res, err
 }
 
 func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 
        res = append(res, cc.NewReply(t))
        return res, err
 }
 
 func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       newFolderPath := cc.Server.Config.FileRoot
-       folderName := string(t.GetField(fieldFileName).Data)
+       if !cc.Authorize(accessCreateFolder) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to create folders."))
+               return res, err
+       }
+       folderName := string(t.GetField(FieldFileName).Data)
 
        folderName = path.Join("/", folderName)
 
 
        folderName = path.Join("/", folderName)
 
-       // fieldFilePath is only present for nested paths
-       if t.GetField(fieldFilePath).Data != nil {
+       var subPath string
+
+       // FieldFilePath is only present for nested paths
+       if t.GetField(FieldFilePath).Data != nil {
                var newFp FilePath
                var newFp FilePath
-               err := newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+               _, err := newFp.Write(t.GetField(FieldFilePath).Data)
                if err != nil {
                        return nil, err
                }
                if err != nil {
                        return nil, err
                }
-               newFolderPath += newFp.String()
+
+               for _, pathItem := range newFp.Items {
+                       subPath = filepath.Join("/", subPath, string(pathItem.Name))
+               }
+       }
+       newFolderPath := path.Join(cc.Server.Config.FileRoot, subPath, folderName)
+       newFolderPath, err = txtDecoder.String(newFolderPath)
+       if err != nil {
+               return res, fmt.Errorf("invalid filepath encoding: %w", err)
        }
        }
-       newFolderPath = path.Join(newFolderPath, folderName)
 
        // TODO: check path and folder name lengths
 
 
        // TODO: check path and folder name lengths
 
-       if _, err := FS.Stat(newFolderPath); !os.IsNotExist(err) {
+       if _, err := cc.Server.FS.Stat(newFolderPath); !os.IsNotExist(err) {
                msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName)
                return []Transaction{cc.NewErrReply(t, msg)}, nil
        }
 
                msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName)
                return []Transaction{cc.NewErrReply(t, msg)}, nil
        }
 
-       // TODO: check for disallowed characters to maintain compatibility for original client
-
-       if err := FS.Mkdir(newFolderPath, 0777); err != nil {
+       if err := cc.Server.FS.Mkdir(newFolderPath, 0777); err != nil {
                msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName)
                return []Transaction{cc.NewErrReply(t, msg)}, nil
        }
                msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName)
                return []Transaction{cc.NewErrReply(t, msg)}, nil
        }
@@ -597,30 +653,38 @@ func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err err
 }
 
 func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       login := DecodeUserString(t.GetField(fieldUserLogin).Data)
-       userName := string(t.GetField(fieldUserName).Data)
+       if !cc.Authorize(accessModifyUser) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
+               return res, err
+       }
 
 
-       newAccessLvl := t.GetField(fieldUserAccess).Data
+       login := string(encodeString(t.GetField(FieldUserLogin).Data))
+       userName := string(t.GetField(FieldUserName).Data)
+
+       newAccessLvl := t.GetField(FieldUserAccess).Data
 
        account := cc.Server.Accounts[login]
 
        account := cc.Server.Accounts[login]
-       account.Access = &newAccessLvl
+       if account == nil {
+               return append(res, cc.NewErrReply(t, "Account not found.")), nil
+       }
        account.Name = userName
        account.Name = userName
+       copy(account.Access[:], newAccessLvl)
 
        // If the password field is cleared in the Hotline edit user UI, the SetUser transaction does
 
        // If the password field is cleared in the Hotline edit user UI, the SetUser transaction does
-       // not include fieldUserPassword
-       if t.GetField(fieldUserPassword).Data == nil {
+       // not include FieldUserPassword
+       if t.GetField(FieldUserPassword).Data == nil {
                account.Password = hashAndSalt([]byte(""))
        }
                account.Password = hashAndSalt([]byte(""))
        }
-       if len(t.GetField(fieldUserPassword).Data) > 1 {
-               account.Password = hashAndSalt(t.GetField(fieldUserPassword).Data)
+
+       if !bytes.Equal([]byte{0}, t.GetField(FieldUserPassword).Data) {
+               account.Password = hashAndSalt(t.GetField(FieldUserPassword).Data)
        }
 
        }
 
-       file := cc.Server.ConfigDir + "Users/" + login + ".yaml"
        out, err := yaml.Marshal(&account)
        if err != nil {
                return res, err
        }
        out, err := yaml.Marshal(&account)
        if err != nil {
                return res, err
        }
-       if err := ioutil.WriteFile(file, out, 0666); err != nil {
+       if err := os.WriteFile(filepath.Join(cc.Server.ConfigDir, "Users", login+".yaml"), out, 0666); err != nil {
                return res, err
        }
 
                return res, err
        }
 
@@ -628,25 +692,25 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
        for _, c := range cc.Server.Clients {
                if c.Account.Login == login {
                        // Note: comment out these two lines to test server-side deny messages
        for _, c := range cc.Server.Clients {
                if c.Account.Login == login {
                        // Note: comment out these two lines to test server-side deny messages
-                       newT := NewTransaction(tranUserAccess, c.ID, NewField(fieldUserAccess, newAccessLvl))
+                       newT := NewTransaction(TranUserAccess, c.ID, NewField(FieldUserAccess, newAccessLvl))
                        res = append(res, *newT)
 
                        res = append(res, *newT)
 
-                       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*c.Flags)))
-                       if authorize(c.Account.Access, accessDisconUser) {
-                               flagBitmap.SetBit(flagBitmap, userFlagAdmin, 1)
+                       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(c.Flags)))
+                       if c.Authorize(accessDisconUser) {
+                               flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 1)
                        } else {
                        } else {
-                               flagBitmap.SetBit(flagBitmap, userFlagAdmin, 0)
+                               flagBitmap.SetBit(flagBitmap, UserFlagAdmin, 0)
                        }
                        }
-                       binary.BigEndian.PutUint16(*c.Flags, uint16(flagBitmap.Int64()))
+                       binary.BigEndian.PutUint16(c.Flags, uint16(flagBitmap.Int64()))
 
                        c.Account.Access = account.Access
 
                        cc.sendAll(
 
                        c.Account.Access = account.Access
 
                        cc.sendAll(
-                               tranNotifyChangeUser,
-                               NewField(fieldUserID, *c.ID),
-                               NewField(fieldUserFlags, *c.Flags),
-                               NewField(fieldUserName, c.UserName),
-                               NewField(fieldUserIconID, *c.Icon),
+                               TranNotifyChangeUser,
+                               NewField(FieldUserID, *c.ID),
+                               NewField(FieldUserFlags, c.Flags),
+                               NewField(FieldUserName, c.UserName),
+                               NewField(FieldUserIconID, c.Icon),
                        )
                }
        }
                        )
                }
        }
@@ -656,65 +720,199 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 }
 
 func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessOpenUser) {
+       if !cc.Authorize(accessOpenUser) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
                return res, err
        }
 
                res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
                return res, err
        }
 
-       account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
+       account := cc.Server.Accounts[string(t.GetField(FieldUserLogin).Data)]
        if account == nil {
                res = append(res, cc.NewErrReply(t, "Account does not exist."))
                return res, err
        }
 
        res = append(res, cc.NewReply(t,
        if account == nil {
                res = append(res, cc.NewErrReply(t, "Account does not exist."))
                return res, err
        }
 
        res = append(res, cc.NewReply(t,
-               NewField(fieldUserName, []byte(account.Name)),
-               NewField(fieldUserLogin, negateString(t.GetField(fieldUserLogin).Data)),
-               NewField(fieldUserPassword, []byte(account.Password)),
-               NewField(fieldUserAccess, *account.Access),
+               NewField(FieldUserName, []byte(account.Name)),
+               NewField(FieldUserLogin, encodeString(t.GetField(FieldUserLogin).Data)),
+               NewField(FieldUserPassword, []byte(account.Password)),
+               NewField(FieldUserAccess, account.Access[:]),
        ))
        return res, err
 }
 
 func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
        ))
        return res, err
 }
 
 func HandleListUsers(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessOpenUser) {
+       if !cc.Authorize(accessOpenUser) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
                return res, err
        }
 
        var userFields []Field
                res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
                return res, err
        }
 
        var userFields []Field
-       // TODO: make order deterministic
        for _, acc := range cc.Server.Accounts {
        for _, acc := range cc.Server.Accounts {
-               userField := acc.MarshalBinary()
-               userFields = append(userFields, NewField(fieldData, userField))
+               b, err := io.ReadAll(acc)
+               if err != nil {
+                       return res, err
+               }
+
+               userFields = append(userFields, NewField(FieldData, b))
        }
 
        res = append(res, cc.NewReply(t, userFields...))
        return res, err
 }
 
        }
 
        res = append(res, cc.NewReply(t, userFields...))
        return res, err
 }
 
+// HandleUpdateUser is used by the v1.5+ multi-user editor to perform account editing for multiple users at a time.
+// An update can be a mix of these actions:
+// * Create user
+// * Delete user
+// * Modify user (including renaming the account login)
+//
+// The Transaction sent by the client includes one data field per user that was modified.  This data field in turn
+// contains another data field encoded in its payload with a varying number of sub fields depending on which action is
+// performed.  This seems to be the only place in the Hotline protocol where a data field contains another data field.
+func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       for _, field := range t.Fields {
+               subFields, err := ReadFields(field.Data[0:2], field.Data[2:])
+               if err != nil {
+                       return res, err
+               }
+
+               // If there's only one subfield, that indicates this is a delete operation for the login in FieldData
+               if len(subFields) == 1 {
+                       if !cc.Authorize(accessDeleteUser) {
+                               res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
+                               return res, err
+                       }
+
+                       login := string(encodeString(getField(FieldData, &subFields).Data))
+                       cc.logger.Info("DeleteUser", "login", login)
+
+                       if err := cc.Server.DeleteUser(login); err != nil {
+                               return res, err
+                       }
+                       continue
+               }
+
+               // login of the account to update
+               var accountToUpdate, loginToRename string
+
+               // If FieldData is included, this is a rename operation where FieldData contains the login of the existing
+               // account and FieldUserLogin contains the new login.
+               if getField(FieldData, &subFields) != nil {
+                       loginToRename = string(encodeString(getField(FieldData, &subFields).Data))
+               }
+               userLogin := string(encodeString(getField(FieldUserLogin, &subFields).Data))
+               if loginToRename != "" {
+                       accountToUpdate = loginToRename
+               } else {
+                       accountToUpdate = userLogin
+               }
+
+               // Check if accountToUpdate has an existing account.  If so, we know we are updating an existing user.
+               if acc, ok := cc.Server.Accounts[accountToUpdate]; ok {
+                       if loginToRename != "" {
+                               cc.logger.Info("RenameUser", "prevLogin", accountToUpdate, "newLogin", userLogin)
+                       } else {
+                               cc.logger.Info("UpdateUser", "login", accountToUpdate)
+                       }
+
+                       // account exists, so this is an update action
+                       if !cc.Authorize(accessModifyUser) {
+                               res = append(res, cc.NewErrReply(t, "You are not allowed to modify accounts."))
+                               return res, nil
+                       }
+
+                       // This part is a bit tricky. There are three possibilities:
+                       // 1) The transaction is intended to update the password.
+                       //        In this case, FieldUserPassword is sent with the new password.
+                       // 2) The transaction is intended to remove the password.
+                       //    In this case, FieldUserPassword is not sent.
+                       // 3) The transaction updates the users access bits, but not the password.
+                       //    In this case, FieldUserPassword is sent with zero as the only byte.
+                       if getField(FieldUserPassword, &subFields) != nil {
+                               newPass := getField(FieldUserPassword, &subFields).Data
+                               if !bytes.Equal([]byte{0}, newPass) {
+                                       acc.Password = hashAndSalt(newPass)
+                               }
+                       } else {
+                               acc.Password = hashAndSalt([]byte(""))
+                       }
+
+                       if getField(FieldUserAccess, &subFields) != nil {
+                               copy(acc.Access[:], getField(FieldUserAccess, &subFields).Data)
+                       }
+
+                       err = cc.Server.UpdateUser(
+                               string(encodeString(getField(FieldData, &subFields).Data)),
+                               string(encodeString(getField(FieldUserLogin, &subFields).Data)),
+                               string(getField(FieldUserName, &subFields).Data),
+                               acc.Password,
+                               acc.Access,
+                       )
+                       if err != nil {
+                               return res, err
+                       }
+               } else {
+                       if !cc.Authorize(accessCreateUser) {
+                               res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
+                               return res, nil
+                       }
+
+                       cc.logger.Info("CreateUser", "login", userLogin)
+
+                       newAccess := accessBitmap{}
+                       copy(newAccess[:], getField(FieldUserAccess, &subFields).Data)
+
+                       // Prevent account from creating new account with greater permission
+                       for i := 0; i < 64; i++ {
+                               if newAccess.IsSet(i) {
+                                       if !cc.Authorize(i) {
+                                               return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), nil
+                                       }
+                               }
+                       }
+
+                       err = cc.Server.NewUser(userLogin, string(getField(FieldUserName, &subFields).Data), string(getField(FieldUserPassword, &subFields).Data), newAccess)
+                       if err != nil {
+                               return append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login.")), nil
+                       }
+               }
+       }
+
+       res = append(res, cc.NewReply(t))
+       return res, err
+}
+
 // HandleNewUser creates a new user account
 func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // HandleNewUser creates a new user account
 func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessCreateUser) {
+       if !cc.Authorize(accessCreateUser) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
                return res, err
        }
 
                res = append(res, cc.NewErrReply(t, "You are not allowed to create new accounts."))
                return res, err
        }
 
-       login := DecodeUserString(t.GetField(fieldUserLogin).Data)
+       login := string(encodeString(t.GetField(FieldUserLogin).Data))
 
 
-       // If the account already exists, reply with an error
+       // If the account already dataFile, reply with an error
        if _, ok := cc.Server.Accounts[login]; ok {
                res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login."))
                return res, err
        }
 
        if _, ok := cc.Server.Accounts[login]; ok {
                res = append(res, cc.NewErrReply(t, "Cannot create account "+login+" because there is already an account with that login."))
                return res, err
        }
 
-       if err := cc.Server.NewUser(
-               login,
-               string(t.GetField(fieldUserName).Data),
-               string(t.GetField(fieldUserPassword).Data),
-               t.GetField(fieldUserAccess).Data,
-       ); err != nil {
-               return []Transaction{}, err
+       newAccess := accessBitmap{}
+       copy(newAccess[:], t.GetField(FieldUserAccess).Data)
+
+       // Prevent account from creating new account with greater permission
+       for i := 0; i < 64; i++ {
+               if newAccess.IsSet(i) {
+                       if !cc.Authorize(i) {
+                               res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself."))
+                               return res, err
+                       }
+               }
+       }
+
+       if err := cc.Server.NewUser(login, string(t.GetField(FieldUserName).Data), string(t.GetField(FieldUserPassword).Data), newAccess); err != nil {
+               res = append(res, cc.NewErrReply(t, "Cannot create account because there is already an account with that login."))
+               return res, err
        }
 
        res = append(res, cc.NewReply(t))
        }
 
        res = append(res, cc.NewReply(t))
@@ -722,13 +920,12 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
 }
 
 func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessDeleteUser) {
+       if !cc.Authorize(accessDeleteUser) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
                res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
-               return res, err
+               return res, nil
        }
 
        }
 
-       // TODO: Handle case where account doesn't exist; e.g. delete race condition
-       login := DecodeUserString(t.GetField(fieldUserLogin).Data)
+       login := string(encodeString(t.GetField(FieldUserLogin).Data))
 
        if err := cc.Server.DeleteUser(login); err != nil {
                return res, err
 
        if err := cc.Server.DeleteUser(login); err != nil {
                return res, err
@@ -740,82 +937,45 @@ func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err er
 
 // HandleUserBroadcast sends an Administrator Message to all connected clients of the server
 func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 
 // HandleUserBroadcast sends an Administrator Message to all connected clients of the server
 func HandleUserBroadcast(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !cc.Authorize(accessBroadcast) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to send broadcast messages."))
+               return res, err
+       }
+
        cc.sendAll(
        cc.sendAll(
-               tranServerMsg,
-               NewField(fieldData, t.GetField(tranGetMsgs).Data),
-               NewField(fieldChatOptions, []byte{0}),
+               TranServerMsg,
+               NewField(FieldData, t.GetField(TranGetMsgs).Data),
+               NewField(FieldChatOptions, []byte{0}),
        )
 
        res = append(res, cc.NewReply(t))
        return res, err
 }
 
        )
 
        res = append(res, cc.NewReply(t))
        return res, err
 }
 
-func byteToInt(bytes []byte) (int, error) {
-       switch len(bytes) {
-       case 2:
-               return int(binary.BigEndian.Uint16(bytes)), nil
-       case 4:
-               return int(binary.BigEndian.Uint32(bytes)), nil
+// HandleGetClientInfoText returns user information for the specific user.
+//
+// Fields used in the request:
+// 103 User ID
+//
+// Fields used in the reply:
+// 102 User name
+// 101 Data            User info text string
+func HandleGetClientInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !cc.Authorize(accessGetClientInfo) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to get client info."))
+               return res, err
        }
 
        }
 
-       return 0, errors.New("unknown byte length")
-}
-
-func HandleGetClientConnInfoText(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       clientID, _ := byteToInt(t.GetField(fieldUserID).Data)
+       clientID, _ := byteToInt(t.GetField(FieldUserID).Data)
 
        clientConn := cc.Server.Clients[uint16(clientID)]
        if clientConn == nil {
 
        clientConn := cc.Server.Clients[uint16(clientID)]
        if clientConn == nil {
-               return res, errors.New("invalid client")
-       }
-
-       // TODO: Implement non-hardcoded values
-       template := `Nickname:   %s
-Name:       %s
-Account:    %s
-Address:    %s
-
--------- File Downloads ---------
-
-%s
-
-------- Folder Downloads --------
-
-None.
-
---------- File Uploads ----------
-
-None.
-
--------- Folder Uploads ---------
-
-None.
-
-------- Waiting Downloads -------
-
-None.
-
-       `
-
-       activeDownloads := clientConn.Transfers[FileDownload]
-       activeDownloadList := "None."
-       for _, dl := range activeDownloads {
-               activeDownloadList += dl.String() + "\n"
+               return append(res, cc.NewErrReply(t, "User not found.")), err
        }
 
        }
 
-       template = fmt.Sprintf(
-               template,
-               clientConn.UserName,
-               clientConn.Account.Name,
-               clientConn.Account.Login,
-               clientConn.Connection.RemoteAddr().String(),
-               activeDownloadList,
-       )
-       template = strings.Replace(template, "\n", "\r", -1)
-
        res = append(res, cc.NewReply(t,
        res = append(res, cc.NewReply(t,
-               NewField(fieldData, []byte(template)),
-               NewField(fieldUserName, clientConn.UserName),
+               NewField(FieldData, []byte(clientConn.String())),
+               NewField(FieldUserName, clientConn.UserName),
        ))
        return res, err
 }
        ))
        return res, err
 }
@@ -827,62 +987,72 @@ func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, e
 }
 
 func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       cc.Agreed = true
-       cc.UserName = t.GetField(fieldUserName).Data
-       *cc.Icon = t.GetField(fieldUserIconID).Data
+       if t.GetField(FieldUserName).Data != nil {
+               if cc.Authorize(accessAnyName) {
+                       cc.UserName = t.GetField(FieldUserName).Data
+               } else {
+                       cc.UserName = []byte(cc.Account.Name)
+               }
+       }
+
+       cc.Icon = t.GetField(FieldUserIconID).Data
 
 
-       options := t.GetField(fieldOptions).Data
+       cc.logger = cc.logger.With("name", string(cc.UserName))
+       cc.logger.Info("Login successful", "clientVersion", fmt.Sprintf("%v", func() int { i, _ := byteToInt(cc.Version); return i }()))
+
+       options := t.GetField(FieldOptions).Data
        optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
 
        optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
 
-       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
+       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
 
        // Check refuse private PM option
        if optBitmap.Bit(refusePM) == 1 {
 
        // Check refuse private PM option
        if optBitmap.Bit(refusePM) == 1 {
-               flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1)
-               binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+               flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, 1)
+               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
        }
 
        // Check refuse private chat option
        if optBitmap.Bit(refuseChat) == 1 {
        }
 
        // Check refuse private chat option
        if optBitmap.Bit(refuseChat) == 1 {
-               flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1)
-               binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+               flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, 1)
+               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
        }
 
        // Check auto response
        if optBitmap.Bit(autoResponse) == 1 {
        }
 
        // Check auto response
        if optBitmap.Bit(autoResponse) == 1 {
-               cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+               cc.AutoReply = t.GetField(FieldAutomaticResponse).Data
        } else {
                cc.AutoReply = []byte{}
        }
 
        } else {
                cc.AutoReply = []byte{}
        }
 
-       cc.notifyOthers(
+       trans := cc.notifyOthers(
                *NewTransaction(
                *NewTransaction(
-                       tranNotifyChangeUser, nil,
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, *cc.Icon),
-                       NewField(fieldUserFlags, *cc.Flags),
+                       TranNotifyChangeUser, nil,
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, *cc.ID),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags),
                ),
        )
                ),
        )
+       res = append(res, trans...)
+
+       if cc.Server.Config.BannerFile != "" {
+               res = append(res, *NewTransaction(TranServerBanner, cc.ID, NewField(FieldBannerType, []byte("JPEG"))))
+       }
 
        res = append(res, cc.NewReply(t))
 
        return res, err
 }
 
 
        res = append(res, cc.NewReply(t))
 
        return res, err
 }
 
-const defaultNewsDateFormat = "Jan02 15:04" // Jun23 20:49
-//  "Mon, 02 Jan 2006 15:04:05 MST"
-
-const defaultNewsTemplate = `From %s (%s):
-
-%s
-
-__________________________________________________________`
-
 // HandleTranOldPostNews updates the flat news
 // Fields used in this request:
 // 101 Data
 func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // HandleTranOldPostNews updates the flat news
 // Fields used in this request:
 // 101 Data
 func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !cc.Authorize(accessNewsPostArt) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to post news."))
+               return res, err
+       }
+
        cc.Server.flatNewsMux.Lock()
        defer cc.Server.flatNewsMux.Unlock()
 
        cc.Server.flatNewsMux.Lock()
        defer cc.Server.flatNewsMux.Unlock()
 
@@ -896,21 +1066,21 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e
                newsTemplate = cc.Server.Config.NewsDelimiter
        }
 
                newsTemplate = cc.Server.Config.NewsDelimiter
        }
 
-       newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(fieldData).Data)
-       newsPost = strings.Replace(newsPost, "\n", "\r", -1)
+       newsPost := fmt.Sprintf(newsTemplate+"\r", cc.UserName, time.Now().Format(newsDateTemplate), t.GetField(FieldData).Data)
+       newsPost = strings.ReplaceAll(newsPost, "\n", "\r")
 
        // update news in memory
        cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
 
        // update news on disk
 
        // update news in memory
        cc.Server.FlatNews = append([]byte(newsPost), cc.Server.FlatNews...)
 
        // update news on disk
-       if err := ioutil.WriteFile(cc.Server.ConfigDir+"MessageBoard.txt", cc.Server.FlatNews, 0644); err != nil {
+       if err := cc.Server.FS.WriteFile(filepath.Join(cc.Server.ConfigDir, "MessageBoard.txt"), cc.Server.FlatNews, 0644); err != nil {
                return res, err
        }
 
        // Notify all clients of updated news
        cc.sendAll(
                return res, err
        }
 
        // Notify all clients of updated news
        cc.sendAll(
-               tranNewMsg,
-               NewField(fieldData, []byte(newsPost)),
+               TranNewMsg,
+               NewField(FieldData, []byte(newsPost)),
        )
 
        res = append(res, cc.NewReply(t))
        )
 
        res = append(res, cc.NewReply(t))
@@ -918,29 +1088,75 @@ func HandleTranOldPostNews(cc *ClientConn, t *Transaction) (res []Transaction, e
 }
 
 func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleDisconnectUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(fieldUserID).Data)]
+       if !cc.Authorize(accessDisconUser) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to disconnect users."))
+               return res, err
+       }
+
+       clientConn := cc.Server.Clients[binary.BigEndian.Uint16(t.GetField(FieldUserID).Data)]
 
 
-       if authorize(clientConn.Account.Access, accessCannotBeDiscon) {
+       if clientConn.Authorize(accessCannotBeDiscon) {
                res = append(res, cc.NewErrReply(t, clientConn.Account.Login+" is not allowed to be disconnected."))
                return res, err
        }
 
                res = append(res, cc.NewErrReply(t, clientConn.Account.Login+" is not allowed to be disconnected."))
                return res, err
        }
 
-       if err := clientConn.Connection.Close(); err != nil {
-               return res, err
+       // If FieldOptions is set, then the client IP is banned in addition to disconnected.
+       // 00 01 = temporary ban
+       // 00 02 = permanent ban
+       if t.GetField(FieldOptions).Data != nil {
+               switch t.GetField(FieldOptions).Data[1] {
+               case 1:
+                       // send message: "You are temporarily banned on this server"
+                       cc.logger.Info("Disconnect & temporarily ban " + string(clientConn.UserName))
+
+                       res = append(res, *NewTransaction(
+                               TranServerMsg,
+                               clientConn.ID,
+                               NewField(FieldData, []byte("You are temporarily banned on this server")),
+                               NewField(FieldChatOptions, []byte{0, 0}),
+                       ))
+
+                       banUntil := time.Now().Add(tempBanDuration)
+                       cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = &banUntil
+               case 2:
+                       // send message: "You are permanently banned on this server"
+                       cc.logger.Info("Disconnect & ban " + string(clientConn.UserName))
+
+                       res = append(res, *NewTransaction(
+                               TranServerMsg,
+                               clientConn.ID,
+                               NewField(FieldData, []byte("You are permanently banned on this server")),
+                               NewField(FieldChatOptions, []byte{0, 0}),
+                       ))
+
+                       cc.Server.banList[strings.Split(clientConn.RemoteAddr, ":")[0]] = nil
+               }
+
+               err := cc.Server.writeBanList()
+               if err != nil {
+                       return res, err
+               }
        }
 
        }
 
-       res = append(res, cc.NewReply(t))
-       return res, err
+       // TODO: remove this awful hack
+       go func() {
+               time.Sleep(1 * time.Second)
+               clientConn.Disconnect()
+       }()
+
+       return append(res, cc.NewReply(t)), err
 }
 
 }
 
+// HandleGetNewsCatNameList returns a list of news categories for a path
+// Fields used in the request:
+// 325 News path       (Optional)
 func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       // Fields used in the request:
-       // 325  News path       (Optional)
-
-       newsPath := t.GetField(fieldNewsPath).Data
-       cc.Server.Logger.Infow("NewsPath: ", "np", string(newsPath))
+       if !cc.Authorize(accessNewsReadArt) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+               return res, err
+       }
 
 
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
        cats := cc.Server.GetNewsCatByPath(pathStrs)
 
        // To store the keys in slice in sorted order
        cats := cc.Server.GetNewsCatByPath(pathStrs)
 
        // To store the keys in slice in sorted order
@@ -957,7 +1173,7 @@ func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction
                cat := cats[k]
                b, _ := cat.MarshalBinary()
                fieldData = append(fieldData, NewField(
                cat := cats[k]
                b, _ := cat.MarshalBinary()
                fieldData = append(fieldData, NewField(
-                       fieldNewsCatListData15,
+                       FieldNewsCatListData15,
                        b,
                ))
        }
                        b,
                ))
        }
@@ -967,13 +1183,18 @@ func HandleGetNewsCatNameList(cc *ClientConn, t *Transaction) (res []Transaction
 }
 
 func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       name := string(t.GetField(fieldNewsCatName).Data)
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       if !cc.Authorize(accessNewsCreateCat) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to create news categories."))
+               return res, err
+       }
+
+       name := string(t.GetField(FieldNewsCatName).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
 
        cats := cc.Server.GetNewsCatByPath(pathStrs)
        cats[name] = NewsCategoryListData15{
                Name:     name,
 
        cats := cc.Server.GetNewsCatByPath(pathStrs)
        cats[name] = NewsCategoryListData15{
                Name:     name,
-               Type:     []byte{0, 3},
+               Type:     [2]byte{0, 3},
                Articles: map[uint32]*NewsArtData{},
                SubCats:  make(map[string]NewsCategoryListData15),
        }
                Articles: map[uint32]*NewsArtData{},
                SubCats:  make(map[string]NewsCategoryListData15),
        }
@@ -985,19 +1206,22 @@ func HandleNewNewsCat(cc *ClientConn, t *Transaction) (res []Transaction, err er
        return res, err
 }
 
        return res, err
 }
 
+// Fields used in the request:
+// 322 News category name
+// 325 News path
 func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       // Fields used in the request:
-       // 322  News category name
-       // 325  News path
-       name := string(t.GetField(fieldFileName).Data)
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       if !cc.Authorize(accessNewsCreateFldr) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to create news folders."))
+               return res, err
+       }
 
 
-       cc.Server.Logger.Infof("Creating new news folder %s", name)
+       name := string(t.GetField(FieldFileName).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
 
        cats := cc.Server.GetNewsCatByPath(pathStrs)
        cats[name] = NewsCategoryListData15{
                Name:     name,
 
        cats := cc.Server.GetNewsCatByPath(pathStrs)
        cats[name] = NewsCategoryListData15{
                Name:     name,
-               Type:     []byte{0, 2},
+               Type:     [2]byte{0, 2},
                Articles: map[uint32]*NewsArtData{},
                SubCats:  make(map[string]NewsCategoryListData15),
        }
                Articles: map[uint32]*NewsArtData{},
                SubCats:  make(map[string]NewsCategoryListData15),
        }
@@ -1008,13 +1232,19 @@ func HandleNewNewsFldr(cc *ClientConn, t *Transaction) (res []Transaction, err e
        return res, err
 }
 
        return res, err
 }
 
+// HandleGetNewsArtData gets the list of article names at the specified news path.
+
 // Fields used in the request:
 // 325 News path       Optional
 // Fields used in the request:
 // 325 News path       Optional
-//
-// Reply fields:
+
+// Fields used in the reply:
 // 321 News article list data  Optional
 func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // 321 News article list data  Optional
 func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       if !cc.Authorize(accessNewsReadArt) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+               return res, err
+       }
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
 
        var cat NewsCategoryListData15
        cats := cc.Server.ThreadedNews.Categories
 
        var cat NewsCategoryListData15
        cats := cc.Server.ThreadedNews.Categories
@@ -1026,71 +1256,83 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
 
        nald := cat.GetNewsArtListData()
 
 
        nald := cat.GetNewsArtListData()
 
-       res = append(res, cc.NewReply(t, NewField(fieldNewsArtListData, nald.Payload())))
+       b, err := io.ReadAll(&nald)
+       if err != nil {
+
+       }
+
+       res = append(res, cc.NewReply(t, NewField(FieldNewsArtListData, b)))
        return res, err
 }
 
        return res, err
 }
 
+// HandleGetNewsArtData requests information about the specific news article.
+// Fields used in the request:
+//
+// Request fields
+// 325 News path
+// 326 News article ID
+// 327 News article data flavor
+//
+// Fields used in the reply:
+// 328 News article title
+// 329 News article poster
+// 330 News article date
+// 331 Previous article ID
+// 332 Next article ID
+// 335 Parent article ID
+// 336 First child article ID
+// 327 News article data flavor        "Should be “text/plain”
+// 333 News article data       Optional (if data flavor is “text/plain”)
 func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       // Request fields
-       // 325  News fp
-       // 326  News article ID
-       // 327  News article data flavor
-
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       if !cc.Authorize(accessNewsReadArt) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
+               return res, err
+       }
 
        var cat NewsCategoryListData15
        cats := cc.Server.ThreadedNews.Categories
 
 
        var cat NewsCategoryListData15
        cats := cc.Server.ThreadedNews.Categories
 
-       for _, fp := range pathStrs {
+       for _, fp := range ReadNewsPath(t.GetField(FieldNewsPath).Data) {
                cat = cats[fp]
                cats = cats[fp].SubCats
        }
                cat = cats[fp]
                cats = cats[fp].SubCats
        }
-       newsArtID := t.GetField(fieldNewsArtID).Data
 
 
-       convertedArtID := binary.BigEndian.Uint16(newsArtID)
+       // The official Hotline clients will send the article ID as 2 bytes if possible, but
+       // some third party clients such as Frogblast and Heildrun will always send 4 bytes
+       convertedID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+       if err != nil {
+               return res, err
+       }
 
 
-       art := cat.Articles[uint32(convertedArtID)]
+       art := cat.Articles[uint32(convertedID)]
        if art == nil {
                res = append(res, cc.NewReply(t))
                return res, err
        }
 
        if art == nil {
                res = append(res, cc.NewReply(t))
                return res, err
        }
 
-       // Reply fields
-       // 328  News article title
-       // 329  News article poster
-       // 330  News article date
-       // 331  Previous article ID
-       // 332  Next article ID
-       // 335  Parent article ID
-       // 336  First child article ID
-       // 327  News article data flavor        "Should be “text/plain”
-       // 333  News article data       Optional (if data flavor is “text/plain”)
-
        res = append(res, cc.NewReply(t,
        res = append(res, cc.NewReply(t,
-               NewField(fieldNewsArtTitle, []byte(art.Title)),
-               NewField(fieldNewsArtPoster, []byte(art.Poster)),
-               NewField(fieldNewsArtDate, art.Date),
-               NewField(fieldNewsArtPrevArt, art.PrevArt),
-               NewField(fieldNewsArtNextArt, art.NextArt),
-               NewField(fieldNewsArtParentArt, art.ParentArt),
-               NewField(fieldNewsArt1stChildArt, art.FirstChildArt),
-               NewField(fieldNewsArtDataFlav, []byte("text/plain")),
-               NewField(fieldNewsArtData, []byte(art.Data)),
+               NewField(FieldNewsArtTitle, []byte(art.Title)),
+               NewField(FieldNewsArtPoster, []byte(art.Poster)),
+               NewField(FieldNewsArtDate, art.Date),
+               NewField(FieldNewsArtPrevArt, art.PrevArt),
+               NewField(FieldNewsArtNextArt, art.NextArt),
+               NewField(FieldNewsArtParentArt, art.ParentArt),
+               NewField(FieldNewsArt1stChildArt, art.FirstChildArt),
+               NewField(FieldNewsArtDataFlav, []byte("text/plain")),
+               NewField(FieldNewsArtData, []byte(art.Data)),
        ))
        return res, err
 }
 
        ))
        return res, err
 }
 
+// HandleDelNewsItem deletes an existing threaded news folder or category from the server.
+// Fields used in the request:
+// 325 News path
+// Fields used in the reply:
+// None
 func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       // Access:              News Delete Folder (37) or News Delete Category (35)
-
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
-
-       // TODO: determine if path is a Folder (Bundle) or Category and check for permission
-
-       cc.Server.Logger.Infof("DelNewsItem %v", pathStrs)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
 
        cats := cc.Server.ThreadedNews.Categories
 
        cats := cc.Server.ThreadedNews.Categories
-
        delName := pathStrs[len(pathStrs)-1]
        if len(pathStrs) > 1 {
                for _, fp := range pathStrs[0 : len(pathStrs)-1] {
        delName := pathStrs[len(pathStrs)-1]
        if len(pathStrs) > 1 {
                for _, fp := range pathStrs[0 : len(pathStrs)-1] {
@@ -1098,26 +1340,40 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e
                }
        }
 
                }
        }
 
+       if cats[delName].Type == [2]byte{0, 3} {
+               if !cc.Authorize(accessNewsDeleteCat) {
+                       return append(res, cc.NewErrReply(t, "You are not allowed to delete news categories.")), nil
+               }
+       } else {
+               if !cc.Authorize(accessNewsDeleteFldr) {
+                       return append(res, cc.NewErrReply(t, "You are not allowed to delete news folders.")), nil
+               }
+       }
+
        delete(cats, delName)
 
        delete(cats, delName)
 
-       err = cc.Server.writeThreadedNews()
-       if err != nil {
+       if err := cc.Server.writeThreadedNews(); err != nil {
                return res, err
        }
 
                return res, err
        }
 
-       // Reply params: none
-       res = append(res, cc.NewReply(t))
-
-       return res, err
+       return append(res, cc.NewReply(t)), nil
 }
 
 func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !cc.Authorize(accessNewsDeleteArt) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to delete news articles."))
+               return res, err
+       }
+
        // Request Fields
        // 325  News path
        // 326  News article ID
        // 337  News article – recursive delete       Delete child articles (1) or not (0)
        // Request Fields
        // 325  News path
        // 326  News article ID
        // 337  News article – recursive delete       Delete child articles (1) or not (0)
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
-       ID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
+       ID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+       if err != nil {
+               return res, err
+       }
 
        // TODO: Delete recursive
        cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
 
        // TODO: Delete recursive
        cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
@@ -1136,31 +1392,43 @@ func HandleDelNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err er
        return res, err
 }
 
        return res, err
 }
 
+// Request fields
+// 325 News path
+// 326 News article ID                                                 ID of the parent article?
+// 328 News article title
+// 334 News article flags
+// 327 News article data flavor                Currently “text/plain”
+// 333 News article data
 func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       // Request fields
-       // 325  News path
-       // 326  News article ID                                                 ID of the parent article?
-       // 328  News article title
-       // 334  News article flags
-       // 327  News article data flavor                Currently “text/plain”
-       // 333  News article data
+       if !cc.Authorize(accessNewsPostArt) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to post news articles."))
+               return res, err
+       }
 
 
-       pathStrs := ReadNewsPath(t.GetField(fieldNewsPath).Data)
+       pathStrs := ReadNewsPath(t.GetField(FieldNewsPath).Data)
        cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
 
        catName := pathStrs[len(pathStrs)-1]
        cat := cats[catName]
 
        cats := cc.Server.GetNewsCatByPath(pathStrs[:len(pathStrs)-1])
 
        catName := pathStrs[len(pathStrs)-1]
        cat := cats[catName]
 
+       artID, err := byteToInt(t.GetField(FieldNewsArtID).Data)
+       if err != nil {
+               return res, err
+       }
+       convertedArtID := uint32(artID)
+       bs := make([]byte, 4)
+       binary.BigEndian.PutUint32(bs, convertedArtID)
+
        newArt := NewsArtData{
        newArt := NewsArtData{
-               Title:         string(t.GetField(fieldNewsArtTitle).Data),
+               Title:         string(t.GetField(FieldNewsArtTitle).Data),
                Poster:        string(cc.UserName),
                Date:          toHotlineTime(time.Now()),
                PrevArt:       []byte{0, 0, 0, 0},
                NextArt:       []byte{0, 0, 0, 0},
                Poster:        string(cc.UserName),
                Date:          toHotlineTime(time.Now()),
                PrevArt:       []byte{0, 0, 0, 0},
                NextArt:       []byte{0, 0, 0, 0},
-               ParentArt:     append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...),
+               ParentArt:     bs,
                FirstChildArt: []byte{0, 0, 0, 0},
                DataFlav:      []byte("text/plain"),
                FirstChildArt: []byte{0, 0, 0, 0},
                DataFlav:      []byte("text/plain"),
-               Data:          string(t.GetField(fieldNewsArtData).Data),
+               Data:          string(t.GetField(FieldNewsArtData).Data),
        }
 
        var keys []int
        }
 
        var keys []int
@@ -1181,9 +1449,9 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e
        }
 
        // Update parent article with first child reply
        }
 
        // Update parent article with first child reply
-       parentID := binary.BigEndian.Uint16(t.GetField(fieldNewsArtID).Data)
+       parentID := convertedArtID
        if parentID != 0 {
        if parentID != 0 {
-               parentArt := cat.Articles[uint32(parentID)]
+               parentArt := cat.Articles[parentID]
 
                if bytes.Equal(parentArt.FirstChildArt, []byte{0, 0, 0, 0}) {
                        binary.BigEndian.PutUint32(parentArt.FirstChildArt, nextID)
 
                if bytes.Equal(parentArt.FirstChildArt, []byte{0, 0, 0, 0}) {
                        binary.BigEndian.PutUint32(parentArt.FirstChildArt, nextID)
@@ -1203,122 +1471,85 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e
 
 // HandleGetMsgs returns the flat news data
 func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 
 // HandleGetMsgs returns the flat news data
 func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessNewsReadArt) {
+       if !cc.Authorize(accessNewsReadArt) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
                return res, err
        }
 
                res = append(res, cc.NewErrReply(t, "You are not allowed to read news."))
                return res, err
        }
 
-       res = append(res, cc.NewReply(t, NewField(fieldData, cc.Server.FlatNews)))
+       res = append(res, cc.NewReply(t, NewField(FieldData, cc.Server.FlatNews)))
 
        return res, err
 }
 
 func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 
        return res, err
 }
 
 func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessDownloadFile) {
+       if !cc.Authorize(accessDownloadFile) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to download files."))
                return res, err
        }
 
                res = append(res, cc.NewErrReply(t, "You are not allowed to download files."))
                return res, err
        }
 
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
-
-       // 2 bytes
-       // transferOptions := t.GetField(fieldFileTransferOptions).Data
-       resumeData := t.GetField(fieldFileResumeData).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
+       resumeData := t.GetField(FieldFileResumeData).Data
 
        var dataOffset int64
        var frd FileResumeData
        if resumeData != nil {
 
        var dataOffset int64
        var frd FileResumeData
        if resumeData != nil {
-               if err := frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data); err != nil {
+               if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil {
                        return res, err
                }
                        return res, err
                }
+               // TODO: handle rsrc fork offset
                dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:]))
        }
 
                dataOffset = int64(binary.BigEndian.Uint32(frd.ForkInfoList[0].DataSize[:]))
        }
 
-       var fp FilePath
-       err = fp.UnmarshalBinary(filePath)
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
                return res, err
        }
 
        if err != nil {
                return res, err
        }
 
-       ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName, dataOffset)
+       hlFile, err := newFileWrapper(cc.Server.FS, fullFilePath, dataOffset)
        if err != nil {
                return res, err
        }
 
        if err != nil {
                return res, err
        }
 
-       transactionRef := cc.Server.NewTransactionRef()
-       data := binary.BigEndian.Uint32(transactionRef)
+       xferSize := hlFile.ffo.TransferSize(0)
 
 
-       ft := &FileTransfer{
-               FileName:        fileName,
-               FilePath:        filePath,
-               ReferenceNumber: transactionRef,
-               Type:            FileDownload,
-       }
+       ft := cc.newFileTransfer(FileDownload, fileName, filePath, xferSize)
 
 
+       // TODO: refactor to remove this
        if resumeData != nil {
                var frd FileResumeData
        if resumeData != nil {
                var frd FileResumeData
-               frd.UnmarshalBinary(t.GetField(fieldFileResumeData).Data)
+               if err := frd.UnmarshalBinary(t.GetField(FieldFileResumeData).Data); err != nil {
+                       return res, err
+               }
                ft.fileResumeData = &frd
        }
 
                ft.fileResumeData = &frd
        }
 
-       cc.Server.FileTransfers[data] = ft
-       cc.Transfers[FileDownload] = append(cc.Transfers[FileDownload], ft)
+       // Optional field for when a HL v1.5+ client requests file preview
+       // Used only for TEXT, JPEG, GIFF, BMP or PICT files
+       // The value will always be 2
+       if t.GetField(FieldFileTransferOptions).Data != nil {
+               ft.options = t.GetField(FieldFileTransferOptions).Data
+               xferSize = hlFile.ffo.FlatFileDataForkHeader.DataSize[:]
+       }
 
        res = append(res, cc.NewReply(t,
 
        res = append(res, cc.NewReply(t,
-               NewField(fieldRefNum, transactionRef),
-               NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
-               NewField(fieldTransferSize, ffo.TransferSize()),
-               NewField(fieldFileSize, ffo.FlatFileDataForkHeader.DataSize[:]),
+               NewField(FieldRefNum, ft.refNum[:]),
+               NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
+               NewField(FieldTransferSize, xferSize),
+               NewField(FieldFileSize, hlFile.ffo.FlatFileDataForkHeader.DataSize[:]),
        ))
 
        return res, err
 }
 
 // Download all files from the specified folder and sub-folders
        ))
 
        return res, err
 }
 
 // Download all files from the specified folder and sub-folders
-// response example
-//
-//     00
-//     01
-//     00 00
-//     00 00 00 11
-//     00 00 00 00
-//     00 00 00 18
-//     00 00 00 18
-//
-//     00 03
-//
-//     00 6c // transfer size
-//     00 04 // len
-//     00 0f d5 ae
-//
-//     00 dc // field Folder item count
-//     00 02 // len
-//     00 02
-//
-//     00 6b // ref number
-//     00 04 // len
-//     00 03 64 b1
 func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       transactionRef := cc.Server.NewTransactionRef()
-       data := binary.BigEndian.Uint32(transactionRef)
-
-       fileTransfer := &FileTransfer{
-               FileName:        t.GetField(fieldFileName).Data,
-               FilePath:        t.GetField(fieldFilePath).Data,
-               ReferenceNumber: transactionRef,
-               Type:            FolderDownload,
-       }
-       cc.Server.FileTransfers[data] = fileTransfer
-       cc.Transfers[FolderDownload] = append(cc.Transfers[FolderDownload], fileTransfer)
-
-       var fp FilePath
-       err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
-       if err != nil {
+       if !cc.Authorize(accessDownloadFile) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to download folders."))
                return res, err
        }
 
                return res, err
        }
 
-       fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(FieldFilePath).Data, t.GetField(FieldFileName).Data)
        if err != nil {
                return res, err
        }
        if err != nil {
                return res, err
        }
@@ -1331,11 +1562,20 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er
        if err != nil {
                return res, err
        }
        if err != nil {
                return res, err
        }
+
+       fileTransfer := cc.newFileTransfer(FolderDownload, t.GetField(FieldFileName).Data, t.GetField(FieldFilePath).Data, transferSize)
+
+       var fp FilePath
+       _, err = fp.Write(t.GetField(FieldFilePath).Data)
+       if err != nil {
+               return res, err
+       }
+
        res = append(res, cc.NewReply(t,
        res = append(res, cc.NewReply(t,
-               NewField(fieldRefNum, transactionRef),
-               NewField(fieldTransferSize, transferSize),
-               NewField(fieldFolderItemCount, itemCount),
-               NewField(fieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
+               NewField(FieldRefNum, fileTransfer.ReferenceNumber),
+               NewField(FieldTransferSize, transferSize),
+               NewField(FieldFolderItemCount, itemCount),
+               NewField(FieldWaitingCount, []byte{0x00, 0x00}), // TODO: Implement waiting count
        ))
        return res, err
 }
        ))
        return res, err
 }
@@ -1348,35 +1588,30 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er
 // 220 Folder item count
 // 204 File transfer options   "Optional Currently set to 1" (TODO: ??)
 func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // 220 Folder item count
 // 204 File transfer options   "Optional Currently set to 1" (TODO: ??)
 func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       transactionRef := cc.Server.NewTransactionRef()
-       data := binary.BigEndian.Uint32(transactionRef)
-
        var fp FilePath
        var fp FilePath
-       if t.GetField(fieldFilePath).Data != nil {
-               if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+       if t.GetField(FieldFilePath).Data != nil {
+               if _, err = fp.Write(t.GetField(FieldFilePath).Data); err != nil {
                        return res, err
                }
        }
 
        // Handle special cases for Upload and Drop Box folders
                        return res, err
                }
        }
 
        // Handle special cases for Upload and Drop Box folders
-       if !authorize(cc.Account.Access, accessUploadAnywhere) {
+       if !cc.Authorize(accessUploadAnywhere) {
                if !fp.IsUploadDir() && !fp.IsDropbox() {
                if !fp.IsUploadDir() && !fp.IsDropbox() {
-                       res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data))))
+                       res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(FieldFileName).Data))))
                        return res, err
                }
        }
 
                        return res, err
                }
        }
 
-       fileTransfer := &FileTransfer{
-               FileName:        t.GetField(fieldFileName).Data,
-               FilePath:        t.GetField(fieldFilePath).Data,
-               ReferenceNumber: transactionRef,
-               Type:            FolderUpload,
-               FolderItemCount: t.GetField(fieldFolderItemCount).Data,
-               TransferSize:    t.GetField(fieldTransferSize).Data,
-       }
-       cc.Server.FileTransfers[data] = fileTransfer
+       fileTransfer := cc.newFileTransfer(FolderUpload,
+               t.GetField(FieldFileName).Data,
+               t.GetField(FieldFilePath).Data,
+               t.GetField(FieldTransferSize).Data,
+       )
+
+       fileTransfer.FolderItemCount = t.GetField(FieldFolderItemCount).Data
 
 
-       res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
+       res = append(res, cc.NewReply(t, NewField(FieldRefNum, fileTransfer.ReferenceNumber)))
        return res, err
 }
 
        return res, err
 }
 
@@ -1388,54 +1623,47 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
 // Used only to resume download, currently has value 2"
 // 108 File transfer size      "Optional used if download is not resumed"
 func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // Used only to resume download, currently has value 2"
 // 108 File transfer size      "Optional used if download is not resumed"
 func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessUploadFile) {
+       if !cc.Authorize(accessUploadFile) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
                return res, err
        }
 
                res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
                return res, err
        }
 
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
-
-       transferOptions := t.GetField(fieldFileTransferOptions).Data
-
-       // TODO: is this field useful for anything?
-       // transferSize := t.GetField(fieldTransferSize).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
+       transferOptions := t.GetField(FieldFileTransferOptions).Data
+       transferSize := t.GetField(FieldTransferSize).Data // not sent for resume
 
        var fp FilePath
        if filePath != nil {
 
        var fp FilePath
        if filePath != nil {
-               if err = fp.UnmarshalBinary(filePath); err != nil {
+               if _, err = fp.Write(filePath); err != nil {
                        return res, err
                }
        }
 
        // Handle special cases for Upload and Drop Box folders
                        return res, err
                }
        }
 
        // Handle special cases for Upload and Drop Box folders
-       if !authorize(cc.Account.Access, accessUploadAnywhere) {
+       if !cc.Authorize(accessUploadAnywhere) {
                if !fp.IsUploadDir() && !fp.IsDropbox() {
                        res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
                        return res, err
                }
        }
                if !fp.IsUploadDir() && !fp.IsDropbox() {
                        res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
                        return res, err
                }
        }
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+       if err != nil {
+               return res, err
+       }
 
 
-       transactionRef := cc.Server.NewTransactionRef()
-       data := binary.BigEndian.Uint32(transactionRef)
-
-       cc.Server.FileTransfers[data] = &FileTransfer{
-               FileName:        fileName,
-               FilePath:        filePath,
-               ReferenceNumber: transactionRef,
-               Type:            FileUpload,
+       if _, err := cc.Server.FS.Stat(fullFilePath); err == nil {
+               res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload because there is already a file named \"%v\".  Try choosing a different name.", string(fileName))))
+               return res, err
        }
 
        }
 
-       replyT := cc.NewReply(t, NewField(fieldRefNum, transactionRef))
+       ft := cc.newFileTransfer(FileUpload, fileName, filePath, transferSize)
 
 
-       // client has requested to resume a partially transfered file
-       if transferOptions != nil {
-               fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
-               if err != nil {
-                       return res, err
-               }
+       replyT := cc.NewReply(t, NewField(FieldRefNum, ft.ReferenceNumber))
 
 
-               fileInfo, err := FS.Stat(fullFilePath + incompleteFileSuffix)
+       // client has requested to resume a partially transferred file
+       if transferOptions != nil {
+               fileInfo, err := cc.Server.FS.Stat(fullFilePath + incompleteFileSuffix)
                if err != nil {
                        return res, err
                }
                if err != nil {
                        return res, err
                }
@@ -1449,7 +1677,9 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 
                b, _ := fileResumeData.BinaryMarshal()
 
 
                b, _ := fileResumeData.BinaryMarshal()
 
-               replyT.Fields = append(replyT.Fields, NewField(fieldFileResumeData, b))
+               ft.TransferSize = offset
+
+               replyT.Fields = append(replyT.Fields, NewField(FieldFileResumeData, b))
        }
 
        res = append(res, replyT)
        }
 
        res = append(res, replyT)
@@ -1457,44 +1687,45 @@ func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
 }
 
 func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       var icon []byte
-       if len(t.GetField(fieldUserIconID).Data) == 4 {
-               icon = t.GetField(fieldUserIconID).Data[2:]
+       if len(t.GetField(FieldUserIconID).Data) == 4 {
+               cc.Icon = t.GetField(FieldUserIconID).Data[2:]
        } else {
        } else {
-               icon = t.GetField(fieldUserIconID).Data
+               cc.Icon = t.GetField(FieldUserIconID).Data
+       }
+       if cc.Authorize(accessAnyName) {
+               cc.UserName = t.GetField(FieldUserName).Data
        }
        }
-       *cc.Icon = icon
-       cc.UserName = t.GetField(fieldUserName).Data
 
        // the options field is only passed by the client versions > 1.2.3.
 
        // the options field is only passed by the client versions > 1.2.3.
-       options := t.GetField(fieldOptions).Data
-
+       options := t.GetField(FieldOptions).Data
        if options != nil {
                optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
        if options != nil {
                optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
-               flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
+               flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(cc.Flags)))
 
 
-               flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM))
-               binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+               flagBitmap.SetBit(flagBitmap, UserFlagRefusePM, optBitmap.Bit(refusePM))
+               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
 
 
-               flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat))
-               binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
+               flagBitmap.SetBit(flagBitmap, UserFlagRefusePChat, optBitmap.Bit(refuseChat))
+               binary.BigEndian.PutUint16(cc.Flags, uint16(flagBitmap.Int64()))
 
                // Check auto response
                if optBitmap.Bit(autoResponse) == 1 {
 
                // Check auto response
                if optBitmap.Bit(autoResponse) == 1 {
-                       cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+                       cc.AutoReply = t.GetField(FieldAutomaticResponse).Data
                } else {
                        cc.AutoReply = []byte{}
                }
        }
 
                } else {
                        cc.AutoReply = []byte{}
                }
        }
 
-       // Notify all clients of updated user info
-       cc.sendAll(
-               tranNotifyChangeUser,
-               NewField(fieldUserID, *cc.ID),
-               NewField(fieldUserIconID, *cc.Icon),
-               NewField(fieldUserFlags, *cc.Flags),
-               NewField(fieldUserName, cc.UserName),
-       )
+       for _, c := range sortedClients(cc.Server.Clients) {
+               res = append(res, *NewTransaction(
+                       TranNotifyChangeUser,
+                       c.ID,
+                       NewField(FieldUserID, *cc.ID),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags),
+                       NewField(FieldUserName, cc.UserName),
+               ))
+       }
 
        return res, err
 }
 
        return res, err
 }
@@ -1511,7 +1742,7 @@ func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err err
 func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
        fullPath, err := readPath(
                cc.Server.Config.FileRoot,
 func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
        fullPath, err := readPath(
                cc.Server.Config.FileRoot,
-               t.GetField(fieldFilePath).Data,
+               t.GetField(FieldFilePath).Data,
                nil,
        )
        if err != nil {
                nil,
        )
        if err != nil {
@@ -1519,19 +1750,19 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e
        }
 
        var fp FilePath
        }
 
        var fp FilePath
-       if t.GetField(fieldFilePath).Data != nil {
-               if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+       if t.GetField(FieldFilePath).Data != nil {
+               if _, err = fp.Write(t.GetField(FieldFilePath).Data); err != nil {
                        return res, err
                }
        }
 
        // Handle special case for drop box folders
                        return res, err
                }
        }
 
        // Handle special case for drop box folders
-       if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) {
-               res = append(res, cc.NewReply(t))
+       if fp.IsDropbox() && !cc.Authorize(accessViewDropBoxes) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to view drop boxes."))
                return res, err
        }
 
                return res, err
        }
 
-       fileNames, err := getFileNameList(fullPath)
+       fileNames, err := getFileNameList(fullPath, cc.Server.Config.IgnoreFiles)
        if err != nil {
                return res, err
        }
        if err != nil {
                return res, err
        }
@@ -1544,38 +1775,61 @@ func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, e
 // =================================
 //     Hotline private chat flow
 // =================================
 // =================================
 //     Hotline private chat flow
 // =================================
-// 1. ClientA sends tranInviteNewChat to server with user ID to invite
+// 1. ClientA sends TranInviteNewChat to server with user ID to invite
 // 2. Server creates new ChatID
 // 2. Server creates new ChatID
-// 3. Server sends tranInviteToChat to invitee
+// 3. Server sends TranInviteToChat to invitee
 // 4. Server replies to ClientA with new Chat ID
 //
 // A dialog box pops up in the invitee client with options to accept or decline the invitation.
 // If Accepted is clicked:
 // 4. Server replies to ClientA with new Chat ID
 //
 // A dialog box pops up in the invitee client with options to accept or decline the invitation.
 // If Accepted is clicked:
-// 1. ClientB sends tranJoinChat with fieldChatID
+// 1. ClientB sends TranJoinChat with FieldChatID
 
 // HandleInviteNewChat invites users to new private chat
 func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 
 // HandleInviteNewChat invites users to new private chat
 func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !cc.Authorize(accessOpenChat) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
+               return res, err
+       }
+
        // Client to Invite
        // Client to Invite
-       targetID := t.GetField(fieldUserID).Data
+       targetID := t.GetField(FieldUserID).Data
        newChatID := cc.Server.NewPrivateChat(cc)
 
        newChatID := cc.Server.NewPrivateChat(cc)
 
-       res = append(res,
-               *NewTransaction(
-                       tranInviteToChat,
-                       &targetID,
-                       NewField(fieldChatID, newChatID),
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-               ),
-       )
+       // Check if target user has "Refuse private chat" flag
+       binary.BigEndian.Uint16(targetID)
+       targetClient := cc.Server.Clients[binary.BigEndian.Uint16(targetID)]
+
+       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(targetClient.Flags)))
+       if flagBitmap.Bit(UserFlagRefusePChat) == 1 {
+               res = append(res,
+                       *NewTransaction(
+                               TranServerMsg,
+                               cc.ID,
+                               NewField(FieldData, []byte(string(targetClient.UserName)+" does not accept private chats.")),
+                               NewField(FieldUserName, targetClient.UserName),
+                               NewField(FieldUserID, *targetClient.ID),
+                               NewField(FieldOptions, []byte{0, 2}),
+                       ),
+               )
+       } else {
+               res = append(res,
+                       *NewTransaction(
+                               TranInviteToChat,
+                               &targetID,
+                               NewField(FieldChatID, newChatID),
+                               NewField(FieldUserName, cc.UserName),
+                               NewField(FieldUserID, *cc.ID),
+                       ),
+               )
+       }
 
        res = append(res,
                cc.NewReply(t,
 
        res = append(res,
                cc.NewReply(t,
-                       NewField(fieldChatID, newChatID),
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, *cc.Icon),
-                       NewField(fieldUserFlags, *cc.Flags),
+                       NewField(FieldChatID, newChatID),
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, *cc.ID),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags),
                ),
        )
 
                ),
        )
 
@@ -1583,27 +1837,32 @@ func HandleInviteNewChat(cc *ClientConn, t *Transaction) (res []Transaction, err
 }
 
 func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !cc.Authorize(accessOpenChat) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to request private chat."))
+               return res, err
+       }
+
        // Client to Invite
        // Client to Invite
-       targetID := t.GetField(fieldUserID).Data
-       chatID := t.GetField(fieldChatID).Data
+       targetID := t.GetField(FieldUserID).Data
+       chatID := t.GetField(FieldChatID).Data
 
        res = append(res,
                *NewTransaction(
 
        res = append(res,
                *NewTransaction(
-                       tranInviteToChat,
+                       TranInviteToChat,
                        &targetID,
                        &targetID,
-                       NewField(fieldChatID, chatID),
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
+                       NewField(FieldChatID, chatID),
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, *cc.ID),
                ),
        )
        res = append(res,
                cc.NewReply(
                        t,
                ),
        )
        res = append(res,
                cc.NewReply(
                        t,
-                       NewField(fieldChatID, chatID),
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, *cc.Icon),
-                       NewField(fieldUserFlags, *cc.Flags),
+                       NewField(FieldChatID, chatID),
+                       NewField(FieldUserName, cc.UserName),
+                       NewField(FieldUserID, *cc.ID),
+                       NewField(FieldUserIconID, cc.Icon),
+                       NewField(FieldUserFlags, cc.Flags),
                ),
        )
 
                ),
        )
 
@@ -1611,7 +1870,7 @@ func HandleInviteToChat(cc *ClientConn, t *Transaction) (res []Transaction, err
 }
 
 func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 }
 
 func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
+       chatID := t.GetField(FieldChatID).Data
        chatInt := binary.BigEndian.Uint32(chatID)
 
        privChat := cc.Server.PrivateChats[chatInt]
        chatInt := binary.BigEndian.Uint32(chatID)
 
        privChat := cc.Server.PrivateChats[chatInt]
@@ -1621,10 +1880,10 @@ func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction,
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
-                               tranChatMsg,
+                               TranChatMsg,
                                c.ID,
                                c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldData, resMsg),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldData, resMsg),
                        ),
                )
        }
                        ),
                )
        }
@@ -1638,38 +1897,41 @@ func HandleRejectChatInvite(cc *ClientConn, t *Transaction) (res []Transaction,
 // * 300       User name with info (Optional)
 // * 300       (more user names with info)
 func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // * 300       User name with info (Optional)
 // * 300       (more user names with info)
 func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
+       chatID := t.GetField(FieldChatID).Data
        chatInt := binary.BigEndian.Uint32(chatID)
 
        privChat := cc.Server.PrivateChats[chatInt]
 
        chatInt := binary.BigEndian.Uint32(chatID)
 
        privChat := cc.Server.PrivateChats[chatInt]
 
-       // Send tranNotifyChatChangeUser to current members of the chat to inform of new user
+       // Send TranNotifyChatChangeUser to current members of the chat to inform of new user
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
-                               tranNotifyChatChangeUser,
+                               TranNotifyChatChangeUser,
                                c.ID,
                                c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldUserName, cc.UserName),
-                               NewField(fieldUserID, *cc.ID),
-                               NewField(fieldUserIconID, *cc.Icon),
-                               NewField(fieldUserFlags, *cc.Flags),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldUserName, cc.UserName),
+                               NewField(FieldUserID, *cc.ID),
+                               NewField(FieldUserIconID, cc.Icon),
+                               NewField(FieldUserFlags, cc.Flags),
                        ),
                )
        }
 
        privChat.ClientConn[cc.uint16ID()] = cc
 
                        ),
                )
        }
 
        privChat.ClientConn[cc.uint16ID()] = cc
 
-       replyFields := []Field{NewField(fieldChatSubject, []byte(privChat.Subject))}
+       replyFields := []Field{NewField(FieldChatSubject, []byte(privChat.Subject))}
        for _, c := range sortedClients(privChat.ClientConn) {
        for _, c := range sortedClients(privChat.ClientConn) {
-               user := User{
+
+               b, err := io.ReadAll(&User{
                        ID:    *c.ID,
                        ID:    *c.ID,
-                       Icon:  *c.Icon,
-                       Flags: *c.Flags,
+                       Icon:  c.Icon,
+                       Flags: c.Flags,
                        Name:  string(c.UserName),
                        Name:  string(c.UserName),
+               })
+               if err != nil {
+                       return res, nil
                }
                }
-
-               replyFields = append(replyFields, NewField(fieldUsernameWithInfo, user.Payload()))
+               replyFields = append(replyFields, NewField(FieldUsernameWithInfo, b))
        }
 
        res = append(res, cc.NewReply(t, replyFields...))
        }
 
        res = append(res, cc.NewReply(t, replyFields...))
@@ -1678,13 +1940,17 @@ func HandleJoinChat(cc *ClientConn, t *Transaction) (res []Transaction, err erro
 
 // HandleLeaveChat is sent from a v1.8+ Hotline client when the user exits a private chat
 // Fields used in the request:
 
 // HandleLeaveChat is sent from a v1.8+ Hotline client when the user exits a private chat
 // Fields used in the request:
-//     * 114   fieldChatID
+//   - 114     FieldChatID
+//
 // Reply is not expected.
 func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // Reply is not expected.
 func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
+       chatID := t.GetField(FieldChatID).Data
        chatInt := binary.BigEndian.Uint32(chatID)
 
        chatInt := binary.BigEndian.Uint32(chatID)
 
-       privChat := cc.Server.PrivateChats[chatInt]
+       privChat, ok := cc.Server.PrivateChats[chatInt]
+       if !ok {
+               return res, nil
+       }
 
        delete(privChat.ClientConn, cc.uint16ID())
 
 
        delete(privChat.ClientConn, cc.uint16ID())
 
@@ -1692,10 +1958,10 @@ func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err err
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
-                               tranNotifyChatDeleteUser,
+                               TranNotifyChatDeleteUser,
                                c.ID,
                                c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldUserID, *cc.ID),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldUserID, *cc.ID),
                        ),
                )
        }
                        ),
                )
        }
@@ -1706,22 +1972,22 @@ func HandleLeaveChat(cc *ClientConn, t *Transaction) (res []Transaction, err err
 // HandleSetChatSubject is sent from a v1.8+ Hotline client when the user sets a private chat subject
 // Fields used in the request:
 // * 114       Chat ID
 // HandleSetChatSubject is sent from a v1.8+ Hotline client when the user sets a private chat subject
 // Fields used in the request:
 // * 114       Chat ID
-// * 115       Chat subject    Chat subject string
+// * 115       Chat subject
 // Reply is not expected.
 func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // Reply is not expected.
 func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       chatID := t.GetField(fieldChatID).Data
+       chatID := t.GetField(FieldChatID).Data
        chatInt := binary.BigEndian.Uint32(chatID)
 
        privChat := cc.Server.PrivateChats[chatInt]
        chatInt := binary.BigEndian.Uint32(chatID)
 
        privChat := cc.Server.PrivateChats[chatInt]
-       privChat.Subject = string(t.GetField(fieldChatSubject).Data)
+       privChat.Subject = string(t.GetField(FieldChatSubject).Data)
 
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
 
        for _, c := range sortedClients(privChat.ClientConn) {
                res = append(res,
                        *NewTransaction(
-                               tranNotifyChatSubject,
+                               TranNotifyChatSubject,
                                c.ID,
                                c.ID,
-                               NewField(fieldChatID, chatID),
-                               NewField(fieldChatSubject, t.GetField(fieldChatSubject).Data),
+                               NewField(FieldChatID, chatID),
+                               NewField(FieldChatSubject, t.GetField(FieldChatSubject).Data),
                        ),
                )
        }
                        ),
                )
        }
@@ -1738,13 +2004,13 @@ func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, er
 // Fields used in the reply:
 // None
 func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
 // Fields used in the reply:
 // None
 func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       if !authorize(cc.Account.Access, accessMakeAlias) {
+       if !cc.Authorize(accessMakeAlias) {
                res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
                return res, err
        }
                res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
                return res, err
        }
-       fileName := t.GetField(fieldFileName).Data
-       filePath := t.GetField(fieldFilePath).Data
-       fileNewPath := t.GetField(fieldFileNewPath).Data
+       fileName := t.GetField(FieldFileName).Data
+       filePath := t.GetField(FieldFilePath).Data
+       fileNewPath := t.GetField(FieldFileNewPath).Data
 
        fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
 
        fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
        if err != nil {
@@ -1756,9 +2022,9 @@ func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err err
                return res, err
        }
 
                return res, err
        }
 
-       cc.Server.Logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
+       cc.logger.Debug("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
 
 
-       if err := FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
+       if err := cc.Server.FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
                res = append(res, cc.NewErrReply(t, "Error creating alias"))
                return res, nil
        }
                res = append(res, cc.NewErrReply(t, "Error creating alias"))
                return res, nil
        }
@@ -1766,3 +2032,27 @@ func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err err
        res = append(res, cc.NewReply(t))
        return res, err
 }
        res = append(res, cc.NewReply(t))
        return res, err
 }
+
+// HandleDownloadBanner handles requests for a new banner from the server
+// Fields used in the request:
+// None
+// Fields used in the reply:
+// 107 FieldRefNum                     Used later for transfer
+// 108 FieldTransferSize       Size of data to be downloaded
+func HandleDownloadBanner(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       fi, err := cc.Server.FS.Stat(filepath.Join(cc.Server.ConfigDir, cc.Server.Config.BannerFile))
+       if err != nil {
+               return res, err
+       }
+
+       ft := cc.newFileTransfer(bannerDownload, []byte{}, []byte{}, make([]byte, 4))
+
+       binary.BigEndian.PutUint32(ft.TransferSize, uint32(fi.Size()))
+
+       res = append(res, cc.NewReply(t,
+               NewField(FieldRefNum, ft.refNum[:]),
+               NewField(FieldTransferSize, ft.TransferSize),
+       ))
+
+       return res, err
+}
Friendship Quest remix of mobius, a hotline server in go #cli