+//int swf_GetPoint(TAG * t,SPOINT * p) { return 0; }
+//int swf_SetPoint(TAG * t,SPOINT * p) { return 0; }
+
+void swf_SetPassword(TAG * t, const char * password)
+{
+ /* WARNING: crypt_md5 is not reentrant */
+ char salt[3];
+ char* md5string;
+
+#if defined(HAVE_LRAND48) && defined(HAVE_SRAND48) && defined(HAVE_TIME_H) && defined(HAVE_TIME)
+ srand48(time(0));
+ salt[0] = "abcdefghijklmnopqrstuvwxyz0123456789"[lrand48()%36];
+ salt[1] = "abcdefghijklmnopqrstuvwxyz0123456789"[lrand48()%36];
+#else
+ salt[0] = 'l';
+ salt[1] = '8';
+ fprintf(stderr, "rfxswf: Warning- no usable random generator found\n");
+ fprintf(stderr, "Your password will be vulnerable to dictionary attacks\n");
+#endif
+ salt[2] = 0;
+
+ md5string = crypt_md5(password, salt);
+
+ swf_SetU16(t,0);
+ swf_SetString(t, (U8*)md5string);
+}
+
+int swf_VerifyPassword(TAG * t, const char * password)
+{
+ char*md5string1, *md5string2;
+ char*x;
+ char*salt;
+ int n;
+
+ if(t->len >= 5 && t->pos==0 &&
+ t->data[0] == 0 &&
+ t->data[1] == 0) {
+ swf_GetU16(t);
+ } else {
+ printf("%d %d %d %d\n", t->len, t->pos, t->data[0], t->data[1]);
+ }
+
+ md5string1 = swf_GetString(t);
+
+ if(strncmp(md5string1, "$1$",3 )) {
+ fprintf(stderr, "rfxswf: no salt in pw string\n");
+ return 0;
+ }
+ x = strchr(md5string1+3, '$');
+ if(!x) {
+ fprintf(stderr, "rfxswf: invalid salt format in pw string\n");
+ return 0;
+ }
+ n = x-(md5string1+3);
+ salt = (char*)rfx_alloc(n+1);
+ memcpy(salt, md5string1+3, n);
+ salt[n] = 0;
+
+ md5string2 = crypt_md5(password, salt);
+ rfx_free(salt);
+ if(strcmp(md5string1, md5string2) != 0)
+ return 0;
+ return 1;
+}