4 * This module handles self-service subscription/unsubscription to mail lists.
6 * Copyright (C) 2002-2005 by Art Cancro and others.
7 * This code is released under the terms of the GNU General Public License.
20 #include <sys/types.h>
22 #if TIME_WITH_SYS_TIME
23 # include <sys/time.h>
27 # include <sys/time.h>
38 #include "citserver.h"
47 #include "internet_addressing.h"
48 #include "serv_network.h"
49 #include "clientsocket.h"
58 #include "ctdl_module.h"
62 * Generate a randomizationalisticized token to use for authentication of
63 * a subscribe or unsubscribe request.
65 void listsub_generate_token(char *buf) {
69 /* Theo, please sit down and shut up. This key doesn't have to be
70 * tinfoil-hat secure, it just needs to be reasonably unguessable
73 sprintf(sourcebuf, "%lx",
74 (long) (++seq + getpid() + time(NULL))
77 /* Convert it to base64 so it looks cool */
78 CtdlEncodeBase64(buf, sourcebuf, strlen(sourcebuf));
83 * Enter a subscription request
85 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
86 struct ctdlroom qrbuf;
90 char confirmation_request[2048];
92 char urlroom[ROOMNAMELEN];
97 if (getroom(&qrbuf, room) != 0) {
98 cprintf("%d There is no list called '%s'\n", ERROR + ROOM_NOT_FOUND, room);
102 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
104 "does not accept subscribe/unsubscribe requests.\n",
105 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
109 listsub_generate_token(token);
111 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
114 * Make sure the requested address isn't already subscribed
116 begin_critical_section(S_NETCONFIGS);
117 ncfp = fopen(filename, "r");
119 while (fgets(buf, sizeof buf, ncfp) != NULL) {
120 buf[strlen(buf)-1] = 0;
121 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
122 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
123 if ((!strcasecmp(scancmd, "listrecp"))
124 || (!strcasecmp(scancmd, "digestrecp"))) {
125 if (!strcasecmp(scanemail, email)) {
132 end_critical_section(S_NETCONFIGS);
134 if (found_sub != 0) {
135 cprintf("%d '%s' is already subscribed to '%s'.\n",
136 ERROR + ALREADY_EXISTS,
137 email, qrbuf.QRname);
142 * Now add it to the file
144 begin_critical_section(S_NETCONFIGS);
145 ncfp = fopen(filename, "a");
147 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
156 end_critical_section(S_NETCONFIGS);
158 /* Generate and send the confirmation request */
160 urlesc(urlroom, qrbuf.QRname);
162 snprintf(confirmation_request, sizeof confirmation_request,
164 "MIME-Version: 1.0\n"
165 "Content-Type: multipart/alternative; boundary=\"__ctdlmultipart__\"\n"
167 "This is a multipart message in MIME format.\n"
169 "--__ctdlmultipart__\n"
170 "Content-type: text/plain\n"
172 "Someone (probably you) has submitted a request to subscribe\n"
173 "<%s> to the '%s' mailing list.\n"
175 "Please go here to confirm this request:\n"
176 " %s?room=%s&token=%s&cmd=confirm \n"
178 "If this request has been submitted in error and you do not\n"
179 "wish to receive the '%s' mailing list, simply do nothing,\n"
180 "and you will not receive any further mailings.\n"
182 "--__ctdlmultipart__\n"
183 "Content-type: text/html\n"
186 "Someone (probably you) has submitted a request to subscribe\n"
187 "<%s> to the <B>%s</B> mailing list.<BR><BR>\n"
188 "Please click here to confirm this request:<BR>\n"
189 "<A HREF=\"%s?room=%s&token=%s&cmd=confirm\">"
190 "%s?room=%s&token=%s&cmd=confirm</A><BR><BR>\n"
191 "If this request has been submitted in error and you do not\n"
192 "wish to receive the '%s' mailing list, simply do nothing,\n"
193 "and you will not receive any further mailings.\n"
196 "--__ctdlmultipart__--\n",
199 webpage, urlroom, token,
203 webpage, urlroom, token,
204 webpage, urlroom, token,
208 quickie_message( /* This delivers the message */
213 confirmation_request,
215 "Please confirm your list subscription"
218 cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
223 * Enter an unsubscription request
225 void do_unsubscribe(char *room, char *email, char *webpage) {
226 struct ctdlroom qrbuf;
231 char confirmation_request[2048];
232 char urlroom[ROOMNAMELEN];
237 if (getroom(&qrbuf, room) != 0) {
238 cprintf("%d There is no list called '%s'\n",
239 ERROR + ROOM_NOT_FOUND, room);
243 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
245 "does not accept subscribe/unsubscribe requests.\n",
246 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
250 listsub_generate_token(token);
252 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
255 * Make sure there's actually a subscription there to remove
257 begin_critical_section(S_NETCONFIGS);
258 ncfp = fopen(filename, "r");
260 while (fgets(buf, sizeof buf, ncfp) != NULL) {
261 buf[strlen(buf)-1] = 0;
262 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
263 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
264 if ((!strcasecmp(scancmd, "listrecp"))
265 || (!strcasecmp(scancmd, "digestrecp"))) {
266 if (!strcasecmp(scanemail, email)) {
273 end_critical_section(S_NETCONFIGS);
275 if (found_sub == 0) {
276 cprintf("%d '%s' is not subscribed to '%s'.\n",
277 ERROR + NO_SUCH_USER,
278 email, qrbuf.QRname);
283 * Ok, now enter the unsubscribe-pending entry.
285 begin_critical_section(S_NETCONFIGS);
286 ncfp = fopen(filename, "a");
288 fprintf(ncfp, "unsubpending|%s|%s|%ld|%s\n",
296 end_critical_section(S_NETCONFIGS);
298 /* Generate and send the confirmation request */
300 urlesc(urlroom, qrbuf.QRname);
302 snprintf(confirmation_request, sizeof confirmation_request,
304 "MIME-Version: 1.0\n"
305 "Content-Type: multipart/alternative; boundary=\"__ctdlmultipart__\"\n"
307 "This is a multipart message in MIME format.\n"
309 "--__ctdlmultipart__\n"
310 "Content-type: text/plain\n"
312 "Someone (probably you) has submitted a request to unsubscribe\n"
313 "<%s> from the '%s' mailing list.\n"
315 "Please go here to confirm this request:\n"
316 " %s?room=%s&token=%s&cmd=confirm \n"
318 "If this request has been submitted in error and you do not\n"
319 "wish to unsubscribe from the '%s' mailing list, simply do nothing,\n"
320 "and the request will not be processed.\n"
322 "--__ctdlmultipart__\n"
323 "Content-type: text/html\n"
326 "Someone (probably you) has submitted a request to unsubscribe\n"
327 "<%s> from the <B>%s</B> mailing list.<BR><BR>\n"
328 "Please click here to confirm this request:<BR>\n"
329 "<A HREF=\"%s?room=%s&token=%s&cmd=confirm\">"
330 "%s?room=%s&token=%s&cmd=confirm</A><BR><BR>\n"
331 "If this request has been submitted in error and you do not\n"
332 "wish to unsubscribe from the '%s' mailing list, simply do nothing,\n"
333 "and the request will not be processed.\n"
336 "--__ctdlmultipart__--\n",
339 webpage, urlroom, token,
343 webpage, urlroom, token,
344 webpage, urlroom, token,
348 quickie_message( /* This delivers the message */
353 confirmation_request,
355 "Please confirm your unsubscribe request"
358 cprintf("%d Unubscription noted; confirmation request sent\n", CIT_OK);
363 * Confirm a subscribe/unsubscribe request.
365 void do_confirm(char *room, char *token) {
366 struct ctdlroom qrbuf;
369 char line_token[256];
377 char address_to_unsubscribe[256];
380 char *holdbuf = NULL;
384 strcpy(address_to_unsubscribe, "");
386 if (getroom(&qrbuf, room) != 0) {
387 cprintf("%d There is no list called '%s'\n",
388 ERROR + ROOM_NOT_FOUND, room);
392 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
394 "does not accept subscribe/unsubscribe requests.\n",
395 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
400 * Now start scanning this room's netconfig file for the
403 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
404 begin_critical_section(S_NETCONFIGS);
405 ncfp = fopen(filename, "r+");
407 while (line_offset = ftell(ncfp),
408 (fgets(buf, sizeof buf, ncfp) != NULL) ) {
409 buf[strlen(buf)-1] = 0;
410 line_length = strlen(buf);
411 extract_token(cmd, buf, 0, '|', sizeof cmd);
412 if (!strcasecmp(cmd, "subpending")) {
413 extract_token(email, buf, 1, '|', sizeof email);
414 extract_token(subtype, buf, 2, '|', sizeof subtype);
415 extract_token(line_token, buf, 3, '|', sizeof line_token);
416 if (!strcasecmp(token, line_token)) {
417 if (!strcasecmp(subtype, "digest")) {
418 safestrncpy(buf, "digestrecp|", sizeof buf);
421 safestrncpy(buf, "listrecp|", sizeof buf);
425 /* SLEAZY HACK: pad the line out so
426 * it's the same length as the line
429 while (strlen(buf) < line_length) {
432 fseek(ncfp, line_offset, SEEK_SET);
433 fprintf(ncfp, "%s\n", buf);
437 if (!strcasecmp(cmd, "unsubpending")) {
438 extract_token(line_token, buf, 2, '|', sizeof line_token);
439 if (!strcasecmp(token, line_token)) {
440 extract_token(address_to_unsubscribe, buf, 1, '|',
441 sizeof address_to_unsubscribe);
447 end_critical_section(S_NETCONFIGS);
450 * If "address_to_unsubscribe" contains something, then we have to
451 * make another pass at the file, stripping out lines referring to
454 if (strlen(address_to_unsubscribe) > 0) {
455 holdbuf = malloc(SIZ);
456 begin_critical_section(S_NETCONFIGS);
457 ncfp = fopen(filename, "r+");
459 while (line_offset = ftell(ncfp),
460 (fgets(buf, sizeof buf, ncfp) != NULL) ) {
461 buf[strlen(buf)-1]=0;
462 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
463 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
464 if ( (!strcasecmp(scancmd, "listrecp"))
465 && (!strcasecmp(scanemail,
466 address_to_unsubscribe)) ) {
469 else if ( (!strcasecmp(scancmd, "digestrecp"))
470 && (!strcasecmp(scanemail,
471 address_to_unsubscribe)) ) {
474 else if ( (!strcasecmp(scancmd, "subpending"))
475 && (!strcasecmp(scanemail,
476 address_to_unsubscribe)) ) {
479 else if ( (!strcasecmp(scancmd, "unsubpending"))
480 && (!strcasecmp(scanemail,
481 address_to_unsubscribe)) ) {
484 else { /* Not relevant, so *keep* it! */
485 linelen = strlen(buf);
486 holdbuf = realloc(holdbuf,
487 (buflen + linelen + 2) );
488 strcpy(&holdbuf[buflen], buf);
490 strcpy(&holdbuf[buflen], "\n");
496 ncfp = fopen(filename, "w");
498 fwrite(holdbuf, buflen+1, 1, ncfp);
501 end_critical_section(S_NETCONFIGS);
506 * Did we do anything useful today?
509 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
510 lprintf(CTDL_NOTICE, "Mailing list: %s %ssubscribed to %s with token %s\n", email, (strlen(address_to_unsubscribe) > 0) ? "un" : "", room, token);
513 cprintf("%d Invalid token.\n", ERROR + ILLEGAL_VALUE);
521 * process subscribe/unsubscribe requests and confirmations
523 void cmd_subs(char *cmdbuf) {
526 char room[ROOMNAMELEN];
532 extract_token(opr, cmdbuf, 0, '|', sizeof opr);
533 if (!strcasecmp(opr, "subscribe")) {
534 extract_token(subtype, cmdbuf, 3, '|', sizeof subtype);
535 if ( (strcasecmp(subtype, "list"))
536 && (strcasecmp(subtype, "digest")) ) {
537 cprintf("%d Invalid subscription type '%s'\n",
538 ERROR + ILLEGAL_VALUE, subtype);
541 extract_token(room, cmdbuf, 1, '|', sizeof room);
542 extract_token(email, cmdbuf, 2, '|', sizeof email);
543 extract_token(webpage, cmdbuf, 4, '|', sizeof webpage);
544 do_subscribe(room, email, subtype, webpage);
547 else if (!strcasecmp(opr, "unsubscribe")) {
548 extract_token(room, cmdbuf, 1, '|', sizeof room);
549 extract_token(email, cmdbuf, 2, '|', sizeof email);
550 extract_token(webpage, cmdbuf, 3, '|', sizeof webpage);
551 do_unsubscribe(room, email, webpage);
553 else if (!strcasecmp(opr, "confirm")) {
554 extract_token(room, cmdbuf, 1, '|', sizeof room);
555 extract_token(token, cmdbuf, 2, '|', sizeof token);
556 do_confirm(room, token);
559 cprintf("%d Invalid command\n", ERROR + ILLEGAL_VALUE);
567 CTDL_MODULE_INIT(listsub)
569 CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
571 /* return our Subversion id for the Log */