2 * This module handles self-service subscription/unsubscription to mail lists.
4 * Copyright (c) 2002-2012 by the citadel.org team
6 * This program is open source software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 3.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
24 #include <sys/types.h>
26 #if TIME_WITH_SYS_TIME
27 # include <sys/time.h>
31 # include <sys/time.h>
40 #include <libcitadel.h>
43 #include "citserver.h"
49 #include "internet_addressing.h"
50 #include "clientsocket.h"
52 #include "ctdl_module.h"
55 * Generate a randomizationalisticized token to use for authentication of
56 * a subscribe or unsubscribe request.
58 void listsub_generate_token(char *buf) {
62 /* Theo, please sit down and shut up. This key doesn't have to be
63 * tinfoil-hat secure, it just needs to be reasonably unguessable
66 sprintf(sourcebuf, "%lx",
67 (long) (++seq + getpid() + time(NULL))
70 /* Convert it to base64 so it looks cool */
71 CtdlEncodeBase64(buf, sourcebuf, strlen(sourcebuf), 0);
76 * Enter a subscription request
78 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
79 struct ctdlroom qrbuf;
83 char confirmation_request[2048];
85 char urlroom[ROOMNAMELEN];
90 if (CtdlGetRoom(&qrbuf, room) != 0) {
91 cprintf("%d There is no list called '%s'\n", ERROR + ROOM_NOT_FOUND, room);
95 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
97 "does not accept subscribe/unsubscribe requests.\n",
98 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
102 listsub_generate_token(token);
104 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
107 * Make sure the requested address isn't already subscribed
109 begin_critical_section(S_NETCONFIGS);
110 ncfp = fopen(filename, "r");
112 while (fgets(buf, sizeof buf, ncfp) != NULL) {
113 buf[strlen(buf)-1] = 0;
114 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
115 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
116 if ((!strcasecmp(scancmd, "listrecp"))
117 || (!strcasecmp(scancmd, "digestrecp"))) {
118 if (!strcasecmp(scanemail, email)) {
125 end_critical_section(S_NETCONFIGS);
127 if (found_sub != 0) {
128 cprintf("%d '%s' is already subscribed to '%s'.\n",
129 ERROR + ALREADY_EXISTS,
130 email, qrbuf.QRname);
135 * Now add it to the file
137 begin_critical_section(S_NETCONFIGS);
138 ncfp = fopen(filename, "a");
140 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
149 end_critical_section(S_NETCONFIGS);
151 /* Generate and send the confirmation request */
153 urlesc(urlroom, ROOMNAMELEN, qrbuf.QRname);
155 snprintf(confirmation_request, sizeof confirmation_request,
157 "MIME-Version: 1.0\n"
158 "Content-Type: multipart/alternative; boundary=\"__ctdlmultipart__\"\n"
160 "This is a multipart message in MIME format.\n"
162 "--__ctdlmultipart__\n"
163 "Content-type: text/plain\n"
165 "Someone (probably you) has submitted a request to subscribe\n"
166 "<%s> to the '%s' mailing list.\n"
168 "Please go here to confirm this request:\n"
169 " %s?room=%s&token=%s&cmd=confirm \n"
171 "If this request has been submitted in error and you do not\n"
172 "wish to receive the '%s' mailing list, simply do nothing,\n"
173 "and you will not receive any further mailings.\n"
175 "--__ctdlmultipart__\n"
176 "Content-type: text/html\n"
179 "Someone (probably you) has submitted a request to subscribe\n"
180 "<%s> to the <B>%s</B> mailing list.<BR><BR>\n"
181 "Please click here to confirm this request:<BR>\n"
182 "<A HREF=\"%s?room=%s&token=%s&cmd=confirm\">"
183 "%s?room=%s&token=%s&cmd=confirm</A><BR><BR>\n"
184 "If this request has been submitted in error and you do not\n"
185 "wish to receive the '%s' mailing list, simply do nothing,\n"
186 "and you will not receive any further mailings.\n"
189 "--__ctdlmultipart__--\n",
192 webpage, urlroom, token,
196 webpage, urlroom, token,
197 webpage, urlroom, token,
201 quickie_message( /* This delivers the message */
206 confirmation_request,
208 "Please confirm your list subscription"
211 cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
216 * Enter an unsubscription request
218 void do_unsubscribe(char *room, char *email, char *webpage) {
219 struct ctdlroom qrbuf;
224 char confirmation_request[2048];
225 char urlroom[ROOMNAMELEN];
230 if (CtdlGetRoom(&qrbuf, room) != 0) {
231 cprintf("%d There is no list called '%s'\n",
232 ERROR + ROOM_NOT_FOUND, room);
236 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
238 "does not accept subscribe/unsubscribe requests.\n",
239 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
243 listsub_generate_token(token);
245 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
248 * Make sure there's actually a subscription there to remove
250 begin_critical_section(S_NETCONFIGS);
251 ncfp = fopen(filename, "r");
253 while (fgets(buf, sizeof buf, ncfp) != NULL) {
254 buf[strlen(buf)-1] = 0;
255 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
256 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
257 if ((!strcasecmp(scancmd, "listrecp"))
258 || (!strcasecmp(scancmd, "digestrecp"))) {
259 if (!strcasecmp(scanemail, email)) {
266 end_critical_section(S_NETCONFIGS);
268 if (found_sub == 0) {
269 cprintf("%d '%s' is not subscribed to '%s'.\n",
270 ERROR + NO_SUCH_USER,
271 email, qrbuf.QRname);
276 * Ok, now enter the unsubscribe-pending entry.
278 begin_critical_section(S_NETCONFIGS);
279 ncfp = fopen(filename, "a");
281 fprintf(ncfp, "unsubpending|%s|%s|%ld|%s\n",
289 end_critical_section(S_NETCONFIGS);
291 /* Generate and send the confirmation request */
293 urlesc(urlroom, ROOMNAMELEN, qrbuf.QRname);
295 snprintf(confirmation_request, sizeof confirmation_request,
297 "MIME-Version: 1.0\n"
298 "Content-Type: multipart/alternative; boundary=\"__ctdlmultipart__\"\n"
300 "This is a multipart message in MIME format.\n"
302 "--__ctdlmultipart__\n"
303 "Content-type: text/plain\n"
305 "Someone (probably you) has submitted a request to unsubscribe\n"
306 "<%s> from the '%s' mailing list.\n"
308 "Please go here to confirm this request:\n"
309 " %s?room=%s&token=%s&cmd=confirm \n"
311 "If this request has been submitted in error and you do not\n"
312 "wish to unsubscribe from the '%s' mailing list, simply do nothing,\n"
313 "and the request will not be processed.\n"
315 "--__ctdlmultipart__\n"
316 "Content-type: text/html\n"
319 "Someone (probably you) has submitted a request to unsubscribe\n"
320 "<%s> from the <B>%s</B> mailing list.<BR><BR>\n"
321 "Please click here to confirm this request:<BR>\n"
322 "<A HREF=\"%s?room=%s&token=%s&cmd=confirm\">"
323 "%s?room=%s&token=%s&cmd=confirm</A><BR><BR>\n"
324 "If this request has been submitted in error and you do not\n"
325 "wish to unsubscribe from the '%s' mailing list, simply do nothing,\n"
326 "and the request will not be processed.\n"
329 "--__ctdlmultipart__--\n",
332 webpage, urlroom, token,
336 webpage, urlroom, token,
337 webpage, urlroom, token,
341 quickie_message( /* This delivers the message */
346 confirmation_request,
348 "Please confirm your unsubscribe request"
351 cprintf("%d Unubscription noted; confirmation request sent\n", CIT_OK);
356 * Confirm a subscribe/unsubscribe request.
358 void do_confirm(char *room, char *token) {
359 struct ctdlroom qrbuf;
362 char line_token[256];
367 char email[256] = "";
370 char address_to_unsubscribe[256] = "";
373 char *holdbuf = NULL;
377 if (CtdlGetRoom(&qrbuf, room) != 0) {
378 cprintf("%d There is no list called '%s'\n",
379 ERROR + ROOM_NOT_FOUND, room);
383 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
385 "does not accept subscribe/unsubscribe requests.\n",
386 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
391 * Now start scanning this room's netconfig file for the
394 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
395 begin_critical_section(S_NETCONFIGS);
396 ncfp = fopen(filename, "r+");
398 while (line_offset = ftell(ncfp),
399 (fgets(buf, sizeof buf, ncfp) != NULL) ) {
400 buf[strlen(buf)-1] = 0;
401 line_length = strlen(buf);
402 extract_token(cmd, buf, 0, '|', sizeof cmd);
403 if (!strcasecmp(cmd, "subpending")) {
404 extract_token(email, buf, 1, '|', sizeof email);
405 extract_token(subtype, buf, 2, '|', sizeof subtype);
406 extract_token(line_token, buf, 3, '|', sizeof line_token);
407 if (!strcasecmp(token, line_token)) {
408 if (!strcasecmp(subtype, "digest")) {
409 safestrncpy(buf, "digestrecp|", sizeof buf);
412 safestrncpy(buf, "listrecp|", sizeof buf);
416 /* SLEAZY HACK: pad the line out so
417 * it's the same length as the line
420 while (strlen(buf) < line_length) {
423 fseek(ncfp, line_offset, SEEK_SET);
424 fprintf(ncfp, "%s\n", buf);
428 if (!strcasecmp(cmd, "unsubpending")) {
429 extract_token(line_token, buf, 2, '|', sizeof line_token);
430 if (!strcasecmp(token, line_token)) {
431 extract_token(address_to_unsubscribe, buf, 1, '|',
432 sizeof address_to_unsubscribe);
438 end_critical_section(S_NETCONFIGS);
441 * If "address_to_unsubscribe" contains something, then we have to
442 * make another pass at the file, stripping out lines referring to
445 if (!IsEmptyStr(address_to_unsubscribe)) {
446 holdbuf = malloc(SIZ);
447 begin_critical_section(S_NETCONFIGS);
448 ncfp = fopen(filename, "r+");
450 while (line_offset = ftell(ncfp),
451 (fgets(buf, sizeof buf, ncfp) != NULL) ) {
452 buf[strlen(buf)-1]=0;
453 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
454 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
455 if ( (!strcasecmp(scancmd, "listrecp"))
456 && (!strcasecmp(scanemail,
457 address_to_unsubscribe)) ) {
460 else if ( (!strcasecmp(scancmd, "digestrecp"))
461 && (!strcasecmp(scanemail,
462 address_to_unsubscribe)) ) {
465 else if ( (!strcasecmp(scancmd, "subpending"))
466 && (!strcasecmp(scanemail,
467 address_to_unsubscribe)) ) {
470 else if ( (!strcasecmp(scancmd, "unsubpending"))
471 && (!strcasecmp(scanemail,
472 address_to_unsubscribe)) ) {
475 else { /* Not relevant, so *keep* it! */
476 linelen = strlen(buf);
477 holdbuf = realloc(holdbuf,
478 (buflen + linelen + 2) );
479 strcpy(&holdbuf[buflen], buf);
481 strcpy(&holdbuf[buflen], "\n");
487 ncfp = fopen(filename, "w");
489 fwrite(holdbuf, buflen+1, 1, ncfp);
492 end_critical_section(S_NETCONFIGS);
497 * Did we do anything useful today?
500 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
502 "Mailing list: %s %ssubscribed to %s with token %s\n",
504 (!IsEmptyStr(address_to_unsubscribe)) ? "un" : "",
509 cprintf("%d Invalid token.\n", ERROR + ILLEGAL_VALUE);
517 * process subscribe/unsubscribe requests and confirmations
519 void cmd_subs(char *cmdbuf) {
522 char room[ROOMNAMELEN];
528 extract_token(opr, cmdbuf, 0, '|', sizeof opr);
529 if (!strcasecmp(opr, "subscribe")) {
530 extract_token(subtype, cmdbuf, 3, '|', sizeof subtype);
531 if ( (strcasecmp(subtype, "list"))
532 && (strcasecmp(subtype, "digest")) ) {
533 cprintf("%d Invalid subscription type '%s'\n",
534 ERROR + ILLEGAL_VALUE, subtype);
537 extract_token(room, cmdbuf, 1, '|', sizeof room);
538 extract_token(email, cmdbuf, 2, '|', sizeof email);
539 extract_token(webpage, cmdbuf, 4, '|', sizeof webpage);
540 do_subscribe(room, email, subtype, webpage);
543 else if (!strcasecmp(opr, "unsubscribe")) {
544 extract_token(room, cmdbuf, 1, '|', sizeof room);
545 extract_token(email, cmdbuf, 2, '|', sizeof email);
546 extract_token(webpage, cmdbuf, 3, '|', sizeof webpage);
547 do_unsubscribe(room, email, webpage);
549 else if (!strcasecmp(opr, "confirm")) {
550 extract_token(room, cmdbuf, 1, '|', sizeof room);
551 extract_token(token, cmdbuf, 2, '|', sizeof token);
552 do_confirm(room, token);
555 cprintf("%d Invalid command\n", ERROR + ILLEGAL_VALUE);
563 CTDL_MODULE_INIT(listsub)
567 CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
570 /* return our module name for the log */