+ $save_words='{crypt}'.$save_words;
+ } else {
+ $save_words=$sWords;
+ }
+ setPref($data_dir,$username,'sqspell_dict_'.$lang,$save_words);
+}
+
+/**
+ * Writes user dictionary into the $username.words file, then changes mask
+ * to 0600. If encryption is needed -- does that, too.
+ *
+ * @param $words The contents of the ".words" file to write.
+ * @return void
+ * @since 1.5.1 (sqspell 0.5)
+ * @deprecated
+ */
+function sqspell_writeWords_old($words){
+ global $SQSPELL_WORDS_FILE, $SQSPELL_CRYPTO;
+ /**
+ * if $words is empty, create a template entry by calling the
+ * sqspell_makeDummy() function.
+ */
+ if (!$words){
+ $words=sqspell_makeDummy();
+ }
+ if ($SQSPELL_CRYPTO){
+ /**
+ * User wants to encrypt the file. So be it.
+ * Get the user's password to use as a key.
+ */
+ sqgetGlobalVar('key', $key, SQ_COOKIE);
+ sqgetGlobalVar('onetimepad', $onetimepad, SQ_SESSION);
+
+ $clear_key=OneTimePadDecrypt($key, $onetimepad);
+ /**
+ * Try encrypting it. If fails, scream bloody hell.
+ */
+ $save_words = sqspell_crypto("encrypt", $clear_key, $words);
+ if ($save_words == 'PANIC'){
+ /**
+ * AAAAAAAAH! I'm not handling this yet, since obviously
+ * the admin of the site forgot to compile the MCRYPT support in
+ * when upgrading an existing PHP installation.
+ * I will add a handler for this case later, when I can come up
+ * with some work-around... Right now, do nothing. Let the Admin's
+ * head hurt.. ;)))
+ */
+ /** save some hairs on admin's head and store error message in logs */
+ error_log('SquirrelSpell: php does not have mcrypt support');
+ }
+ } else {
+ $save_words = $words;
+ }
+ /**
+ * Do the actual writing.
+ */
+ $fp=fopen($SQSPELL_WORDS_FILE, "w");
+ fwrite($fp, $save_words);
+ fclose($fp);
+ chmod($SQSPELL_WORDS_FILE, 0600);
+}
+
+/**
+ * Deletes user's dictionary
+ * Function was modified in 1.5.1 (sqspell 0.5). Older function is suffixed
+ * with '_old'
+ * @param string $lang dictionary
+ */
+function sqspell_deleteWords($lang) {
+ global $data_dir, $username;
+ removePref($data_dir,$username,'sqspell_dict_'.$lang);
+}
+
+/**
+ * Deletes user's dictionary when it is corrupted.
+ * @since 1.5.1 (sqspell 0.5)
+ * @deprecated
+ */
+function sqspell_deleteWords_old(){
+ /**
+ * So I open the door to my enemies,
+ * and I ask can we wipe the slate clean,
+ * but they tell me to please go...
+ * uhm... Well, this just erases the user dictionary file.
+ */
+ global $SQSPELL_WORDS_FILE;
+ if (file_exists($SQSPELL_WORDS_FILE)){
+ unlink($SQSPELL_WORDS_FILE);
+ }
+}
+/**
+ * Creates an empty user dictionary for the sake of saving prefs or
+ * whatever.
+ *
+ * @return The template to use when storing the user dictionary.
+ * @deprecated
+ */
+function sqspell_makeDummy(){
+ global $SQSPELL_VERSION, $SQSPELL_APP_DEFAULT;
+ $words = "# SquirrelSpell User Dictionary $SQSPELL_VERSION\n"
+ . "# Last Revision: " . date('Y-m-d')
+ . "\n# LANG: $SQSPELL_APP_DEFAULT\n# End\n";
+ return $words;
+}
+
+/**
+ * This function checks for security attacks. A $MOD variable is
+ * provided in the QUERY_STRING and includes one of the files from the
+ * modules directory ($MOD.mod). See if someone is trying to get out
+ * of the modules directory by providing dots, unicode strings, or
+ * slashes.
+ *
+ * @param string $rMOD the name of the module requested to include.
+ * @return void, since it bails out with an access error if needed.
+ */
+function sqspell_ckMOD($rMOD){
+ if (strstr($rMOD, '.')
+ || strstr($rMOD, '/')
+ || strstr($rMOD, '%')
+ || strstr($rMOD, "\\")){
+ echo _("Invalid URL");
+ exit;
+ }
+}
+
+/**
+ * Used to check internal version of SquirrelSpell dictionary
+ * @param integer $major main version number
+ * @param integer $minor second version number
+ * @return boolean true if stored dictionary version is $major.$minor or newer
+ * @since 1.5.1 (sqspell 0.5)
+ */
+function sqspell_check_version($major,$minor) {
+ global $data_dir, $username;
+ // 0.4 version is internal version number that is used to indicate upgrade from
+ // separate files to generic SquirrelMail prefs storage.
+ $sqspell_version=getPref($data_dir,$username,'sqspell_version','0.4');
+
+ $aVersion=explode('.',$sqspell_version);
+
+ if ($aVersion[0] < $major ||
+ ( $aVersion[0] == $major && $aVersion[1] < $minor)) {
+ return false;
+ }
+ return true;
+}
+
+/**
+ * Displays form that allows to enter different password for dictionary decryption.
+ * If language is not set, function provides form to handle older dictionary files.
+ * @param string $lang language
+ * @since 1.5.1 (sqspell 0.5)
+ */
+function sqspell_handle_crypt_panic($lang=false) {
+ if (! sqgetGlobalVar('SCRIPT_NAME',$SCRIPT_NAME,SQ_SERVER))
+ $SCRIPT_NAME='';
+
+ /**
+ * AAAAAAAAAAAH!!!!! OK, ok, breathe!
+ * Let's hope the decryption failed because the user changed his
+ * password. Bring up the option to key in the old password
+ * or wipe the file and start over if everything else fails.
+ *
+ * The _("SquirrelSpell...) line has to be on one line, otherwise
+ * gettext will bork. ;(
+ */
+ $msg = html_tag( 'p', "\n" .
+ '<strong>' . _("ATTENTION:") . '</strong><br />'
+ . _("SquirrelSpell was unable to decrypt your personal dictionary. This is most likely due to the fact that you have changed your mailbox password. In order to proceed, you will have to supply your old password so that SquirrelSpell can decrypt your personal dictionary. It will be re-encrypted with your new password after this. If you haven't encrypted your dictionary, then it got mangled and is no longer valid. You will have to delete it and start anew. This is also true if you don't remember your old password -- without it, the encrypted data is no longer accessible.") ,
+ 'left' ) . "\n"
+ . (($lang) ? html_tag('p',sprintf(_("Your %s dictionary is encrypted with password that differs from your current password."),
+ sm_encode_html_special_chars($lang)),'left') : '')
+ . '<blockquote>' . "\n"
+ . '<form method="post" onsubmit="return AYS()">' . "\n"
+ . '<input type="hidden" name="MOD" value="crypto_badkey" />' . "\n"
+ . (($lang) ?
+ '<input type="hidden" name="dict_lang" value="'.sm_encode_html_special_chars($lang).'" />' :
+ '<input type="hidden" name="old_setup" value="yes" />')
+ . html_tag( 'p', "\n" .
+ '<input type="checkbox" name="delete_words" value="ON" id="delete_words" />'
+ . '<label for="delete_words">'
+ . _("Delete my dictionary and start a new one")
+ . '</label><br /><label for="old_key">'
+ . _("Decrypt my dictionary with my old password:")
+ . '</label><input type="text" name="old_key" id="old_key" size="10" />' ,
+ 'left' ) . "\n"
+ . '</blockquote>' . "\n"
+ . html_tag( 'p', "\n"
+ . '<input type="submit" value="'
+ . _("Proceed") . ' >>" />' ,
+ 'center' ) . "\n"
+ . '</form>' . "\n";
+ /**
+ * Add some string vars so they can be i18n'd.
+ */
+ $msg .= "<script type=\"text/javascript\"><!--\n"
+ . "var ui_choice = \"" . _("You must make a choice") ."\";\n"
+ . "var ui_candel = \"" . _("You can either delete your dictionary or type in the old password. Not both.") . "\";\n"
+ . "var ui_willdel = \"" . _("This will delete your personal dictionary file. Proceed?") . "\";\n"
+ . "//--></script>\n";
+ /**
+ * See if this happened in the pop-up window or when accessing
+ * the SpellChecker options page.
+ * This is a dirty solution, I agree.
+ * TODO: make this prettier.
+ */
+ if (strstr($SCRIPT_NAME, "sqspell_options")){
+ sqspell_makePage(_("Error Decrypting Dictionary"),
+ "decrypt_error.js", $msg);
+ } else {
+ sqspell_makeWindow(null, _("Error Decrypting Dictionary"),
+ "decrypt_error.js", $msg);
+ }
+ exit;
+}
+
+/**
+ * SquirrelSpell version. Don't modify, since it identifies the format
+ * of the user dictionary files and messing with this can do ugly
+ * stuff. :)
+ * @global string $SQSPELL_VERSION
+ * @deprecated
+ */
+$SQSPELL_VERSION="v0.3.8";