/** * Displays form that allows to enter different password for dictionary decryption. * If language is not set, function provides form to handle older dictionary files. * @param string $lang language * @since 1.5.1 (sqspell 0.5) */ function sqspell_handle_crypt_panic($lang = false) { if (!sqgetGlobalVar('SCRIPT_NAME', $SCRIPT_NAME, SQ_SERVER)) { $SCRIPT_NAME = ''; } /** * AAAAAAAAAAAH!!!!! OK, ok, breathe! * Let's hope the decryption failed because the user changed his * password. Bring up the option to key in the old password * or wipe the file and start over if everything else fails. * * The _("SquirrelSpell...) line has to be on one line, otherwise * gettext will bork. ;( */ $msg = html_tag('p', "\n" . '<strong>' . _("ATTENTION:") . '</strong><br />' . _("SquirrelSpell was unable to decrypt your personal dictionary. This is most likely due to the fact that you have changed your mailbox password. In order to proceed, you will have to supply your old password so that SquirrelSpell can decrypt your personal dictionary. It will be re-encrypted with your new password after this. If you haven't encrypted your dictionary, then it got mangled and is no longer valid. You will have to delete it and start anew. This is also true if you don't remember your old password -- without it, the encrypted data is no longer accessible."), 'left') . "\n" . ($lang ? html_tag('p', sprintf(_("Your %s dictionary is encrypted with password that differs from your current password."), sm_encode_html_special_chars($lang)), 'left') : '') . '<blockquote>' . "\n" . '<form method="post" onsubmit="return AYS()">' . "\n" . '<input type="hidden" name="MOD" value="crypto_badkey" />' . "\n" . ($lang ? '<input type="hidden" name="dict_lang" value="' . sm_encode_html_special_chars($lang) . '" />' : '<input type="hidden" name="old_setup" value="yes" />') . html_tag('p', "\n" . '<input type="checkbox" name="delete_words" value="ON" id="delete_words" />' . '<label for="delete_words">' . _("Delete my dictionary and start a new one") . '</label><br /><label for="old_key">' . _("Decrypt my dictionary with my old password:"******"text" name="old_key" id="old_key" size="10" />', 'left') . "\n" . '</blockquote>' . "\n" . html_tag('p', "\n" . '<input type="submit" value="' . _("Proceed") . ' >>" />', 'center') . "\n" . '</form>' . "\n"; /** * Add some string vars so they can be i18n'd. */ $msg .= "<script type=\"text/javascript\"><!--\n" . "var ui_choice = \"" . _("You must make a choice") . "\";\n" . "var ui_candel = \"" . _("You can either delete your dictionary or type in the old password. Not both.") . "\";\n" . "var ui_willdel = \"" . _("This will delete your personal dictionary file. Proceed?") . "\";\n" . "//--></script>\n"; /** * See if this happened in the pop-up window or when accessing * the SpellChecker options page. * This is a dirty solution, I agree. * TODO: make this prettier. */ if (strstr($SCRIPT_NAME, "sqspell_options")) { sqspell_makePage(_("Error Decrypting Dictionary"), "decrypt_error.js", $msg); } else { sqspell_makeWindow(null, _("Error Decrypting Dictionary"), "decrypt_error.js", $msg); } exit; }
/** * This function operates the user dictionary. If the format is * clear-text, then it just reads the file and returns it. However, if * the file is encrypted (well, "garbled"), then it tries to decrypt * it, checks whether the decryption was successful, troubleshoots if * not, then returns the clear-text dictionary to the app. * * @return the contents of the user's ".words" file, decrypted if * necessary. */ function sqspell_getWords() { global $SQSPELL_WORDS_FILE, $SQSPELL_CRYPTO; $words = ""; if (file_exists($SQSPELL_WORDS_FILE)) { /** * Gobble it up. */ $fp = fopen($SQSPELL_WORDS_FILE, 'r'); $words = fread($fp, filesize($SQSPELL_WORDS_FILE)); fclose($fp); } /** * Check if this is an encrypted file by looking for * the string "# SquirrelSpell" in it (the crypto * function does that). */ if ($words && !strstr($words, "# SquirrelSpell")) { /** * This file is encrypted or mangled. Try to decrypt it. * If fails, complain loudly. * * $old_key would be a value submitted by one of the modules with * the user's old mailbox password. I admin, this is rather dirty, * but efficient. ;) */ sqgetGlobalVar('key', $key, SQ_COOKIE); sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION); sqgetGlobalVar('old_key', $old_key, SQ_POST); if ($old_key != '') { $clear_key = $old_key; } else { /** * Get user's password (the key). */ $clear_key = OneTimePadDecrypt($key, $onetimepad); } /** * Invoke the decryption routines. */ $words = sqspell_crypto("decrypt", $clear_key, $words); /** * See if decryption failed. */ if ($words == "PANIC") { /** * AAAAAAAAAAAH!!!!! OK, ok, breathe! * Let's hope the decryption failed because the user changed his * password. Bring up the option to key in the old password * or wipe the file and start over if everything else fails. * * The _("SquirrelSpell...) line has to be on one line, otherwise * gettext will bork. ;( */ $msg = html_tag('p', "\n" . '<strong>' . _("ATTENTION:") . '</strong><br />' . _("SquirrelSpell was unable to decrypt your personal dictionary. This is most likely due to the fact that you have changed your mailbox password. In order to proceed, you will have to supply your old password so that SquirrelSpell can decrypt your personal dictionary. It will be re-encrypted with your new password after this. If you haven't encrypted your dictionary, then it got mangled and is no longer valid. You will have to delete it and start anew. This is also true if you don't remember your old password -- without it, the encrypted data is no longer accessible."), 'left') . "\n" . '<blockquote>' . "\n" . '<form method="post" onsubmit="return AYS()">' . "\n" . '<input type="hidden" name="MOD" value="crypto_badkey">' . "\n" . html_tag('p', "\n" . '<input type="checkbox" name="delete_words" value="ON">' . _("Delete my dictionary and start a new one") . '<br />' . _("Decrypt my dictionary with my old password:"******"old_key" size=\\"10\\">', 'left') . "\n" . '</blockquote>' . "\n" . html_tag('p', "\n" . '<input type="submit" value="' . _("Proceed") . ' >>">', 'center') . "\n" . '</form>' . "\n"; /** * Add some string vars so they can be i18n'd. */ $msg .= "<script type='text/javascript'><!--\n" . "var ui_choice = \"" . _("You must make a choice") . "\";\n" . "var ui_candel = \"" . _("You can either delete your dictionary or type in the old password. Not both.") . "\";\n" . "var ui_willdel = \"" . _("This will delete your personal dictionary file. Proceed?") . "\";\n" . "//--></script>\n"; /** * See if this happened in the pop-up window or when accessing * the SpellChecker options page. * This is a dirty solution, I agree. TODO: make this prettier. */ global $SCRIPT_NAME; if (strstr($SCRIPT_NAME, "sqspell_options")) { sqspell_makePage(_("Error Decrypting Dictionary"), "decrypt_error.js", $msg); } else { sqspell_makeWindow(null, _("Error Decrypting Dictionary"), "decrypt_error.js", $msg); } exit; } else { /** * OK! Phew. Set the encryption flag to true so we can later on * encrypt it again before saving to HDD. */ $SQSPELL_CRYPTO = true; } } else { /** * No encryption is/was used. Set $SQSPELL_CRYPTO to false, * in case we have to save the dictionary later. */ $SQSPELL_CRYPTO = false; } /** * Check if we need to upgrade the dictionary from version 0.2.x * This is going away soon. */ if (strstr($words, "Dictionary v0.2")) { $words = sqspell_upgradeWordsFile($words); } return $words; }