From 920c8d593d2738fa4d1101d644eacb4c1d11b49b Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Tue, 1 Jun 2004 00:36:43 +0000
Subject: [PATCH] * Hmmph.  Do the session cookie as hex instead of base64. 
 There really   are some characters in the base64 set that make HTTP do nasty
 things.

---
 webcit/ChangeLog           |  5 +++++
 webcit/cookie_conversion.c | 33 ++++++++++++++++++++++++++++-----
 2 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index c16faa955..22508c26c 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,8 @@
 $Log$
+Revision 510.7  2004/06/01 00:36:43  ajc
+* Hmmph.  Do the session cookie as hex instead of base64.  There really
+  are some characters in the base64 set that make HTTP do nasty things.
+
 Revision 510.6  2004/05/31 21:43:27  ajc
 * Added "|END" to the session cookie before base64-ing it.  This fixes a
   problem with certain room names causing the webserver to freak out and
@@ -1830,3 +1834,4 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
 
 1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
 	* webserver.c: warning fix
+
diff --git a/webcit/cookie_conversion.c b/webcit/cookie_conversion.c
index 22f0a7d6f..6a4d9f230 100644
--- a/webcit/cookie_conversion.c
+++ b/webcit/cookie_conversion.c
@@ -26,16 +26,33 @@
 typedef unsigned char byte;	      /* Byte type */
 
 /*
- * Pack all session info into one easy-to-digest cookie.  Healthy and delicious!
+ * Pack all session info into one easy-to-digest cookie. Healthy and delicious!
  */
-void stuff_to_cookie(char *cookie, int session, char *user, char *pass, char *room)
+void stuff_to_cookie(char *cookie, int session,
+		char *user, char *pass, char *room)
 {
 	char buf[SIZ];
+	int i;
 
-	sprintf(buf, "%d|%s|%s|%s|END", session, user, pass, room);
-	CtdlEncodeBase64(cookie, buf, strlen(buf));
+	sprintf(buf, "%d|%s|%s|%s|", session, user, pass, room);
+	strcpy(cookie, "");
+	for (i=0; i<strlen(buf); ++i) {
+		sprintf(&cookie[i*2], "%02X", buf[i]);
+	}
 }
 
+int xtoi(char *in, size_t len)
+{
+    int val = 0;
+    while (isxdigit((byte) *in) && (len-- > 0)) {
+	char c = *in++;
+	val <<= 4;
+	val += isdigit((unsigned char)c)
+	    ? (c - '0')
+	    : (tolower((unsigned char)c) - 'a' + 10);
+    }
+    return val;
+}
 
 /*
  * Extract all that fun stuff out of the cookie.
@@ -43,8 +60,14 @@ void stuff_to_cookie(char *cookie, int session, char *user, char *pass, char *ro
 void cookie_to_stuff(char *cookie, int *session, char *user, char *pass, char *room)
 {
 	char buf[SIZ];
+	int i, len;
 
-	CtdlDecodeBase64(buf, cookie, strlen(cookie));
+	strcpy(buf, "");
+	len = strlen(cookie) * 2 ;
+	for (i=0; i<len; ++i) {
+		buf[i] = xtoi(&cookie[i*2], 2);
+		buf[i+1] = 0;
+	}
 
 	if (session != NULL)
 		*session = extract_int(buf, 0);
-- 
2.39.2