2 * This module handles self-service subscription/unsubscription to mail lists.
4 * Copyright (c) 2002-2009 by the citadel.org team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31 #include <sys/types.h>
33 #if TIME_WITH_SYS_TIME
34 # include <sys/time.h>
38 # include <sys/time.h>
47 #include <libcitadel.h>
50 #include "citserver.h"
56 #include "internet_addressing.h"
57 #include "clientsocket.h"
66 #include "ctdl_module.h"
70 * Generate a randomizationalisticized token to use for authentication of
71 * a subscribe or unsubscribe request.
73 void listsub_generate_token(char *buf) {
77 /* Theo, please sit down and shut up. This key doesn't have to be
78 * tinfoil-hat secure, it just needs to be reasonably unguessable
81 sprintf(sourcebuf, "%lx",
82 (long) (++seq + getpid() + time(NULL))
85 /* Convert it to base64 so it looks cool */
86 CtdlEncodeBase64(buf, sourcebuf, strlen(sourcebuf), 0);
91 * Enter a subscription request
93 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
94 struct ctdlroom qrbuf;
98 char confirmation_request[2048];
100 char urlroom[ROOMNAMELEN];
105 if (CtdlGetRoom(&qrbuf, room) != 0) {
106 cprintf("%d There is no list called '%s'\n", ERROR + ROOM_NOT_FOUND, room);
110 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
112 "does not accept subscribe/unsubscribe requests.\n",
113 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
117 listsub_generate_token(token);
119 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
122 * Make sure the requested address isn't already subscribed
124 begin_critical_section(S_NETCONFIGS);
125 ncfp = fopen(filename, "r");
127 while (fgets(buf, sizeof buf, ncfp) != NULL) {
128 buf[strlen(buf)-1] = 0;
129 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
130 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
131 if ((!strcasecmp(scancmd, "listrecp"))
132 || (!strcasecmp(scancmd, "digestrecp"))) {
133 if (!strcasecmp(scanemail, email)) {
140 end_critical_section(S_NETCONFIGS);
142 if (found_sub != 0) {
143 cprintf("%d '%s' is already subscribed to '%s'.\n",
144 ERROR + ALREADY_EXISTS,
145 email, qrbuf.QRname);
150 * Now add it to the file
152 begin_critical_section(S_NETCONFIGS);
153 ncfp = fopen(filename, "a");
155 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
164 end_critical_section(S_NETCONFIGS);
166 /* Generate and send the confirmation request */
168 urlesc(urlroom, ROOMNAMELEN, qrbuf.QRname);
170 snprintf(confirmation_request, sizeof confirmation_request,
172 "MIME-Version: 1.0\n"
173 "Content-Type: multipart/alternative; boundary=\"__ctdlmultipart__\"\n"
175 "This is a multipart message in MIME format.\n"
177 "--__ctdlmultipart__\n"
178 "Content-type: text/plain\n"
180 "Someone (probably you) has submitted a request to subscribe\n"
181 "<%s> to the '%s' mailing list.\n"
183 "Please go here to confirm this request:\n"
184 " %s?room=%s&token=%s&cmd=confirm \n"
186 "If this request has been submitted in error and you do not\n"
187 "wish to receive the '%s' mailing list, simply do nothing,\n"
188 "and you will not receive any further mailings.\n"
190 "--__ctdlmultipart__\n"
191 "Content-type: text/html\n"
194 "Someone (probably you) has submitted a request to subscribe\n"
195 "<%s> to the <B>%s</B> mailing list.<BR><BR>\n"
196 "Please click here to confirm this request:<BR>\n"
197 "<A HREF=\"%s?room=%s&token=%s&cmd=confirm\">"
198 "%s?room=%s&token=%s&cmd=confirm</A><BR><BR>\n"
199 "If this request has been submitted in error and you do not\n"
200 "wish to receive the '%s' mailing list, simply do nothing,\n"
201 "and you will not receive any further mailings.\n"
204 "--__ctdlmultipart__--\n",
207 webpage, urlroom, token,
211 webpage, urlroom, token,
212 webpage, urlroom, token,
216 quickie_message( /* This delivers the message */
221 confirmation_request,
223 "Please confirm your list subscription"
226 cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
231 * Enter an unsubscription request
233 void do_unsubscribe(char *room, char *email, char *webpage) {
234 struct ctdlroom qrbuf;
239 char confirmation_request[2048];
240 char urlroom[ROOMNAMELEN];
245 if (CtdlGetRoom(&qrbuf, room) != 0) {
246 cprintf("%d There is no list called '%s'\n",
247 ERROR + ROOM_NOT_FOUND, room);
251 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
253 "does not accept subscribe/unsubscribe requests.\n",
254 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
258 listsub_generate_token(token);
260 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
263 * Make sure there's actually a subscription there to remove
265 begin_critical_section(S_NETCONFIGS);
266 ncfp = fopen(filename, "r");
268 while (fgets(buf, sizeof buf, ncfp) != NULL) {
269 buf[strlen(buf)-1] = 0;
270 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
271 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
272 if ((!strcasecmp(scancmd, "listrecp"))
273 || (!strcasecmp(scancmd, "digestrecp"))) {
274 if (!strcasecmp(scanemail, email)) {
281 end_critical_section(S_NETCONFIGS);
283 if (found_sub == 0) {
284 cprintf("%d '%s' is not subscribed to '%s'.\n",
285 ERROR + NO_SUCH_USER,
286 email, qrbuf.QRname);
291 * Ok, now enter the unsubscribe-pending entry.
293 begin_critical_section(S_NETCONFIGS);
294 ncfp = fopen(filename, "a");
296 fprintf(ncfp, "unsubpending|%s|%s|%ld|%s\n",
304 end_critical_section(S_NETCONFIGS);
306 /* Generate and send the confirmation request */
308 urlesc(urlroom, ROOMNAMELEN, qrbuf.QRname);
310 snprintf(confirmation_request, sizeof confirmation_request,
312 "MIME-Version: 1.0\n"
313 "Content-Type: multipart/alternative; boundary=\"__ctdlmultipart__\"\n"
315 "This is a multipart message in MIME format.\n"
317 "--__ctdlmultipart__\n"
318 "Content-type: text/plain\n"
320 "Someone (probably you) has submitted a request to unsubscribe\n"
321 "<%s> from the '%s' mailing list.\n"
323 "Please go here to confirm this request:\n"
324 " %s?room=%s&token=%s&cmd=confirm \n"
326 "If this request has been submitted in error and you do not\n"
327 "wish to unsubscribe from the '%s' mailing list, simply do nothing,\n"
328 "and the request will not be processed.\n"
330 "--__ctdlmultipart__\n"
331 "Content-type: text/html\n"
334 "Someone (probably you) has submitted a request to unsubscribe\n"
335 "<%s> from the <B>%s</B> mailing list.<BR><BR>\n"
336 "Please click here to confirm this request:<BR>\n"
337 "<A HREF=\"%s?room=%s&token=%s&cmd=confirm\">"
338 "%s?room=%s&token=%s&cmd=confirm</A><BR><BR>\n"
339 "If this request has been submitted in error and you do not\n"
340 "wish to unsubscribe from the '%s' mailing list, simply do nothing,\n"
341 "and the request will not be processed.\n"
344 "--__ctdlmultipart__--\n",
347 webpage, urlroom, token,
351 webpage, urlroom, token,
352 webpage, urlroom, token,
356 quickie_message( /* This delivers the message */
361 confirmation_request,
363 "Please confirm your unsubscribe request"
366 cprintf("%d Unubscription noted; confirmation request sent\n", CIT_OK);
371 * Confirm a subscribe/unsubscribe request.
373 void do_confirm(char *room, char *token) {
374 struct ctdlroom qrbuf;
377 char line_token[256];
385 char address_to_unsubscribe[256];
388 char *holdbuf = NULL;
392 strcpy(address_to_unsubscribe, "");
394 if (CtdlGetRoom(&qrbuf, room) != 0) {
395 cprintf("%d There is no list called '%s'\n",
396 ERROR + ROOM_NOT_FOUND, room);
400 if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
402 "does not accept subscribe/unsubscribe requests.\n",
403 ERROR + HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
408 * Now start scanning this room's netconfig file for the
411 assoc_file_name(filename, sizeof filename, &qrbuf, ctdl_netcfg_dir);
412 begin_critical_section(S_NETCONFIGS);
413 ncfp = fopen(filename, "r+");
415 while (line_offset = ftell(ncfp),
416 (fgets(buf, sizeof buf, ncfp) != NULL) ) {
417 buf[strlen(buf)-1] = 0;
418 line_length = strlen(buf);
419 extract_token(cmd, buf, 0, '|', sizeof cmd);
420 if (!strcasecmp(cmd, "subpending")) {
421 extract_token(email, buf, 1, '|', sizeof email);
422 extract_token(subtype, buf, 2, '|', sizeof subtype);
423 extract_token(line_token, buf, 3, '|', sizeof line_token);
424 if (!strcasecmp(token, line_token)) {
425 if (!strcasecmp(subtype, "digest")) {
426 safestrncpy(buf, "digestrecp|", sizeof buf);
429 safestrncpy(buf, "listrecp|", sizeof buf);
433 /* SLEAZY HACK: pad the line out so
434 * it's the same length as the line
437 while (strlen(buf) < line_length) {
440 fseek(ncfp, line_offset, SEEK_SET);
441 fprintf(ncfp, "%s\n", buf);
445 if (!strcasecmp(cmd, "unsubpending")) {
446 extract_token(line_token, buf, 2, '|', sizeof line_token);
447 if (!strcasecmp(token, line_token)) {
448 extract_token(address_to_unsubscribe, buf, 1, '|',
449 sizeof address_to_unsubscribe);
455 end_critical_section(S_NETCONFIGS);
458 * If "address_to_unsubscribe" contains something, then we have to
459 * make another pass at the file, stripping out lines referring to
462 if (!IsEmptyStr(address_to_unsubscribe)) {
463 holdbuf = malloc(SIZ);
464 begin_critical_section(S_NETCONFIGS);
465 ncfp = fopen(filename, "r+");
467 while (line_offset = ftell(ncfp),
468 (fgets(buf, sizeof buf, ncfp) != NULL) ) {
469 buf[strlen(buf)-1]=0;
470 extract_token(scancmd, buf, 0, '|', sizeof scancmd);
471 extract_token(scanemail, buf, 1, '|', sizeof scanemail);
472 if ( (!strcasecmp(scancmd, "listrecp"))
473 && (!strcasecmp(scanemail,
474 address_to_unsubscribe)) ) {
477 else if ( (!strcasecmp(scancmd, "digestrecp"))
478 && (!strcasecmp(scanemail,
479 address_to_unsubscribe)) ) {
482 else if ( (!strcasecmp(scancmd, "subpending"))
483 && (!strcasecmp(scanemail,
484 address_to_unsubscribe)) ) {
487 else if ( (!strcasecmp(scancmd, "unsubpending"))
488 && (!strcasecmp(scanemail,
489 address_to_unsubscribe)) ) {
492 else { /* Not relevant, so *keep* it! */
493 linelen = strlen(buf);
494 holdbuf = realloc(holdbuf,
495 (buflen + linelen + 2) );
496 strcpy(&holdbuf[buflen], buf);
498 strcpy(&holdbuf[buflen], "\n");
504 ncfp = fopen(filename, "w");
506 fwrite(holdbuf, buflen+1, 1, ncfp);
509 end_critical_section(S_NETCONFIGS);
514 * Did we do anything useful today?
517 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
518 CtdlLogPrintf(CTDL_NOTICE,
519 "Mailing list: %s %ssubscribed to %s with token %s\n",
521 (!IsEmptyStr(address_to_unsubscribe)) ? "un" : "",
526 cprintf("%d Invalid token.\n", ERROR + ILLEGAL_VALUE);
534 * process subscribe/unsubscribe requests and confirmations
536 void cmd_subs(char *cmdbuf) {
539 char room[ROOMNAMELEN];
545 extract_token(opr, cmdbuf, 0, '|', sizeof opr);
546 if (!strcasecmp(opr, "subscribe")) {
547 extract_token(subtype, cmdbuf, 3, '|', sizeof subtype);
548 if ( (strcasecmp(subtype, "list"))
549 && (strcasecmp(subtype, "digest")) ) {
550 cprintf("%d Invalid subscription type '%s'\n",
551 ERROR + ILLEGAL_VALUE, subtype);
554 extract_token(room, cmdbuf, 1, '|', sizeof room);
555 extract_token(email, cmdbuf, 2, '|', sizeof email);
556 extract_token(webpage, cmdbuf, 4, '|', sizeof webpage);
557 do_subscribe(room, email, subtype, webpage);
560 else if (!strcasecmp(opr, "unsubscribe")) {
561 extract_token(room, cmdbuf, 1, '|', sizeof room);
562 extract_token(email, cmdbuf, 2, '|', sizeof email);
563 extract_token(webpage, cmdbuf, 3, '|', sizeof webpage);
564 do_unsubscribe(room, email, webpage);
566 else if (!strcasecmp(opr, "confirm")) {
567 extract_token(room, cmdbuf, 1, '|', sizeof room);
568 extract_token(token, cmdbuf, 2, '|', sizeof token);
569 do_confirm(room, token);
572 cprintf("%d Invalid command\n", ERROR + ILLEGAL_VALUE);
580 CTDL_MODULE_INIT(listsub)
584 CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
587 /* return our Subversion id for the Log */