Generate listsub token with a hash instead of crypt

diff --git a/citadel/server/modules/listsub/serv_listsub.c b/citadel/server/modules/listsub/serv_listsub.c
index 72d407fef3e4ee56f4451c925d376eeea3801e7e..9eec9646329756e5be07c073cc8d4f9757c9357d 100644 (file)
--- a/citadel/server/modules/listsub/serv_listsub.c
+++ b/citadel/server/modules/listsub/serv_listsub.c
@@ -27,7 +27,6 @@
 #include <sys/wait.h>
 #include <string.h>
 #include <limits.h>
-#include <crypt.h>
 #include <libcitadel.h>
 #include "../../citadel_defs.h"
 #include "../../server.h"
@@ -49,21 +48,12 @@ enum {                              // one of these gets passed to do_subscribe_or_unsubscribe() so it kno
 
 
 // The confirmation token will be generated by combining the room name and email address with the host key,
-// and then generating an encrypted hash of that string.  The encrypted hash is included as part of the
-// confirmation link.
+// and then generating a one-way hash of that string.  The hash is included as part of the confirmation link.
 void generate_confirmation_token(char *token_buf, size_t token_buf_len, char *roomname, char *emailaddr) {
        char string_to_hash[1024];
-       struct crypt_data cd;
-       char *ptr;
 
        snprintf(string_to_hash, sizeof string_to_hash, "%s|%s|%s", roomname, emailaddr, CtdlGetConfigStr("host_key"));
-       memset(&cd, 0, sizeof cd);
-
-       strncpy(token_buf, crypt_r(string_to_hash, "$1$ctdl", &cd), token_buf_len);
-
-       for (ptr=token_buf; *ptr; ++ptr) {
-               if (!isalnum((char)*ptr)) *ptr='X';
-       }
+       snprintf(token_buf, token_buf_len, "%lx",  FourHash(string_to_hash, strlen(string_to_hash)));
 }