Added an optional password protection

js/zerobin.js

@@ -18,14 +18,26 @@ sjcl.random.startCollectors();
  *  @param int seconds
  *  @return string
  */
-function secondsToHuman(seconds)
-{
-    if (seconds<60) { var v=Math.floor(seconds); return v+' second'+((v>1)?'s':''); }
-    if (seconds<60*60) { var v=Math.floor(seconds/60); return v+' minute'+((v>1)?'s':''); }
-    if (seconds<60*60*24) { var v=Math.floor(seconds/(60*60)); return v+' hour'+((v>1)?'s':''); }
+function secondsToHuman(seconds) {
+    if (seconds < 60) {
+        var v = Math.floor(seconds);
+        return v + ' second' + ((v > 1) ? 's' : '');
+    }
+    if (seconds < 60 * 60) {
+        var v = Math.floor(seconds / 60);
+        return v + ' minute' + ((v > 1) ? 's' : '');
+    }
+    if (seconds < 60 * 60 * 24) {
+        var v = Math.floor(seconds / (60 * 60));
+        return v + ' hour' + ((v > 1) ? 's' : '');
+    }
     // If less than 2 months, display in days:
-    if (seconds<60*60*24*60) { var v=Math.floor(seconds/(60*60*24)); return v+' day'+((v>1)?'s':''); }
-    var v=Math.floor(seconds/(60*60*24*30)); return v+' month'+((v>1)?'s':'');
+    if (seconds < 60 * 60 * 24 * 60) {
+        var v = Math.floor(seconds / (60 * 60 * 24));
+        return v + ' day' + ((v > 1) ? 's' : '');
+    }
+    var v = Math.floor(seconds / (60 * 60 * 24 * 30));
+    return v + ' month' + ((v > 1) ? 's' : '');
 }
 
 /**
@@ -35,13 +47,10 @@ function secondsToHuman(seconds)
  * @param object associative_array Object to be serialized
  * @return string
  */
-function hashToParameterString(associativeArray)
-{
+function hashToParameterString(associativeArray) {
     var parameterString = ""
-  for (key in associativeArray)
-  {
-    if( parameterString === "" )
-    {
+    for (key in associativeArray) {
+        if (parameterString === "") {
             parameterString = encodeURIComponent(key);
             parameterString += "=" + encodeURIComponent(associativeArray[key]);
         } else {
@@ -61,8 +70,7 @@ function hashToParameterString(associativeArray)
  * @param string parameter_string String containing parameters
  * @return object
  */
-function parameterStringToHash(parameterString)
-{
+function parameterStringToHash(parameterString) {
     var parameterHash = {};
     var parameterArray = parameterString.split("&");
     for (var i = 0; i < parameterArray.length; i++) {
@@ -81,8 +89,7 @@ function parameterStringToHash(parameterString)
  *
  * @return object
  **/
-function getParameterHash()
-{
+function getParameterHash() {
     var hashIndex = window.location.href.indexOf("#");
     if (hashIndex >= 0) {
         return parameterStringToHash(window.location.href.substring(hashIndex + 1));
@@ -116,8 +123,11 @@ function decompress(data) {
  * @return encrypted string data
  */
 function zeroCipher(key, message) {
+    if ($('input#password').val().length == 0) {
         return sjcl.encrypt(key, compress(message));
     }
+    return sjcl.encrypt(key + sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash($("input#password").val())), compress(message));
+}
 
 /**
  *  Decrypt message with key, then decompress.
@@ -127,7 +137,14 @@ function zeroCipher(key, message) {
  *  @return string readable message
  */
 function zeroDecipher(key, data) {
+    if (data != undefined) {
+        try {
             return decompress(sjcl.decrypt(key, data));
+        } catch (err) {
+            var password = prompt("Please enter the password for this paste.", "");
+            return decompress(sjcl.decrypt(key + sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(password)), data));
+        }
+    }
 }
 
 /**
@@ -211,7 +228,8 @@ function displayMessages(key, comments) {
             var cleartext = "[Could not decrypt comment ; Wrong key ?]";
             try {
                 cleartext = zeroDecipher(key, comment.data);
-            } catch(err) { }
+            } catch (err) {
+            }
             var place = $('div#comments');
             // If parent comment exists, display below (CSS will automatically shift it right.)
             var cname = 'div#comment_' + comment.meta.parentid
@@ -232,7 +250,8 @@ function displayMessages(key, comments) {
             // Try to get optional nickname:
             try {
                 divComment.find('span.nickname').text(zeroDecipher(key, comment.meta.nickname));
-            } catch(err) { }
+            } catch (err) {
+            }
             divComment.find('span.commentdate').text('  (' + (new Date(comment.meta.postdate * 1000).toString()) + ')').attr('title', 'CommentID: ' + comment.meta.commentid);
 
             // If an avatar is available, display it.
@@ -285,7 +304,8 @@ function send_comment(parentid) {
     if (nick != '' && nick != 'Optional nickname...') {
         ciphernickname = zeroCipher(pageKey(), nick);
     }
-    var data_to_send = { data:cipherdata,
+    var data_to_send = {
+        data: cipherdata,
         parentid: parentid,
         pasteid: pasteID(),
         nickname: ciphernickname
@@ -320,10 +340,11 @@ function send_data() {
     }
 
     // If sjcl has not collected enough entropy yet, display a message.
-    if (!sjcl.random.isReady())
-    {
+    if (!sjcl.random.isReady()) {
         showStatus('Sending paste (Please move your mouse for more entropy)...', spin = true);
-        sjcl.random.addEventListener('seeded', function(){ send_data(); }); 
+        sjcl.random.addEventListener('seeded', function () {
+            send_data();
+        });
         return;
     }
 
@@ -331,7 +352,8 @@ function send_data() {
 
     var randomkey = sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0);
     var cipherdata = zeroCipher(randomkey, $('textarea#message').val());
-    var data_to_send = { data:           cipherdata,
+    var data_to_send = {
+        data: cipherdata,
         expire: $('select#pasteExpiration').val(),
         burnafterreading: $('input#burnafterreading').is(':checked') ? 1 : 0,
         opendiscussion: $('input#opendiscussion').is(':checked') ? 1 : 0
@@ -400,6 +422,7 @@ function stateNewPaste() {
     $('div#remainingtime').addClass('hidden');
     $('div#burnafterreadingoption').removeClass('hidden');
     $('div#opendisc').removeClass('hidden');
+    $('#password').show();
     $('button#newbutton').removeClass('hidden');
     $('div#pasteresult').addClass('hidden');
     $('textarea#message').text('');
@@ -437,8 +460,7 @@ function stateExistingPaste() {
 
 /** Return raw text
  */
-function rawText()
-{
+function rawText() {
     var paste = $('div#cleartext').html();
     var newDoc = document.open('text/html', 'replace');
     newDoc.write('<pre>' + paste + '</pre>');
@@ -533,10 +555,16 @@ function pageKey() {
     // We will strip any additional data.
 
     // First, strip everything after the equal sign (=) which signals end of base64 string.
-    i = key.indexOf('='); if (i>-1) { key = key.substring(0,i+1); }
+    i = key.indexOf('=');
+    if (i > -1) {
+        key = key.substring(0, i + 1);
+    }
 
     // If the equal sign was not present, some parameters may remain:
-    i = key.indexOf('&'); if (i>-1) { key = key.substring(0,i); }
+    i = key.indexOf('&');
+    if (i > -1) {
+        key = key.substring(0, i);
+    }
 
     // Then add trailing equal sign if it's missing
     if (key.charAt(key.length - 1) !== '=') key += '=';

tpl/page.html

@@ -65,6 +65,7 @@
 						<input type="checkbox" id="opendiscussion" name="opendiscussion" {if="!$OPENDISCUSSION"} disabled="disabled"{/if} />
 						<label for="opendiscussion">Open discussion</label>
 					</div>
+					<input id="password" placeholder="Optional password (recommended)" size="32" />
 				</div>
 				<div id="pasteresult" class="hidden">
 					<div id="deletelink"></div>