* tinfoil-hat secure, it just needs to be reasonably unguessable
* and unique.
*/
- sprintf(sourcebuf, "%d%d%ld",
- ++seq,
- getpid(),
- time(NULL)
+ sprintf(sourcebuf, "%lx",
+ (long) (++seq + getpid() + time(NULL))
);
/* Convert it to base64 so it looks cool */
/*
* Enter a subscription request
*/
-void do_subscribe(char *room, char *email, char *subtype) {
+void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
struct quickroom qrbuf;
FILE *ncfp;
char filename[SIZ];
char token[SIZ];
char confirmation_request[SIZ];
+ char urlroom[SIZ];
if (getroom(&qrbuf, room) != 0) {
cprintf("%d There is no list called '%s'\n", ERROR, room);
return;
}
+ if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
+ cprintf("%d '%s' "
+ "does not accept subscribe/unsubscribe requests.\n",
+ ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
+ return;
+ }
+
listsub_generate_token(token);
begin_critical_section(S_NETCONFIGS);
assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
ncfp = fopen(filename, "a");
if (ncfp != NULL) {
- fprintf(ncfp, "subpending|%s|%s|%s|%ld\n",
+ fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
email,
subtype,
token,
- time(NULL)
+ time(NULL),
+ webpage
);
fclose(ncfp);
}
/* Generate and send the confirmation request */
+ urlesc(urlroom, qrbuf.QRname);
+
snprintf(confirmation_request, sizeof confirmation_request,
+ "Content-type: text/html\n\n"
+ "<HTML><BODY>"
"Someone (probably you) has submitted a request to subscribe\n"
- "<%s> to the '%s' mailing list.\n\n"
- "In order to confirm this subscription request, please\n"
- "point your web browser at the following location:\n\n"
- "http://FIXME.com:FIXME/blah?room=%s&token=%s\n\n"
+ "<%s> to the <B>%s</B> mailing list.<BR><BR>\n"
+ "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
+ "Please click here to confirm this request.</A><BR><BR>\n"
"If this request has been submitted in error and you do not\n"
"wish to receive the '%s' mailing list, simply do nothing,\n"
- "and you will not receive any further mailings.\n",
+ "and you will not receive any further mailings.\n"
+ "</BODY></HTML>\n",
- email, qrbuf.QRname, qrbuf.QRname, token, qrbuf.QRname
+ email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
);
- quickie_message(
+ quickie_message( /* This delivers the message */
"Citadel",
email,
- qrbuf.QRname,
- confirmation_request
+ NULL,
+ confirmation_request,
+ FMT_RFC822
);
cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
-
}
return;
}
+ if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
+ cprintf("%d '%s' "
+ "does not accept subscribe/unsubscribe requests.\n",
+ ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
+ return;
+ }
+
begin_critical_section(S_NETCONFIGS);
assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
ncfp = fopen(filename, "r+");
char email[SIZ];
char subtype[SIZ];
char token[SIZ];
+ char webpage[SIZ];
extract(opr, cmdbuf, 0);
if (!strcasecmp(opr, "subscribe")) {
else {
extract(room, cmdbuf, 1);
extract(email, cmdbuf, 2);
- do_subscribe(room, email, subtype);
+ extract(webpage, cmdbuf, 4);
+ do_subscribe(room, email, subtype, webpage);
}
}
else if (!strcasecmp(opr, "unsubscribe")) {