function protected_node_enter_any_password_validate in Protected Node 6
Same name and namespace in other branches
- 7 protected_node.fork.inc \protected_node_enter_any_password_validate()
- 1.0.x protected_node.fork.inc \protected_node_enter_any_password_validate()
Verify that the user entered the correct password.
@note It is correct that the list of nids is a hidden widget and thus it may be tempered with by a hacker. This doesn't matter since we check the password against those and if it is incorrect then the user will simply be sent back to protected page and back to the protected-node page.
@param[in] $form An array representing the protected node form. @param[in,out] $form_state An array representing the current state of the form.
File
- ./
protected_node.fork.inc, line 203 - Redirected page callback file for the protected_node module. This version supports any number of pages instead of a destination.
Code
function protected_node_enter_any_password_validate($form, &$form_state) {
// TODO: we do not want to check the global password if there is a local
// password (i.e. extract local password instead of comparing!)
$nids = protected_node_password_nids();
$sql = "SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = '%s'" . " AND nid IN (" . db_placeholders($nids, 'int') . ")";
$passwd = sha1($form['#post']['password']);
$nid = db_result(db_query_range($sql, array_merge(array(
$passwd,
), $nids), 0, 1));
if (empty($nid)) {
// note that global password cannot work here since we wouldn't know where
// to send the user otherwise
form_set_error('password', t('Incorrect password!'));
}
else {
$form_state['values']['protected_node_selected_nid'] = $nid;
}
}