function protected_node_enter_any_password_validate in Protected Node 7
Same name and namespace in other branches
- 6 protected_node.fork.inc \protected_node_enter_any_password_validate()
- 1.0.x protected_node.fork.inc \protected_node_enter_any_password_validate()
Validate callback.
Verify that the user entered the correct password.
For the flood control,
See also
user_login_authenticate_validate().
File
- ./
protected_node.fork.inc, line 171 - Redirected page callback file for the protected_node module.
Code
function protected_node_enter_any_password_validate($form, &$form_state) {
$max_attempt = variable_get('protected_node_failed_password_ip_limit', 50);
$flood_window = variable_get('protected_node_failed_password_ip_window', 3600);
if (!flood_is_allowed('failed_protected_node_attempt_ip', $max_attempt, $flood_window)) {
form_set_error('password', t('Sorry, too many failed password attempts from your IP address. This IP address is temporarily blocked. Try again later.'));
return;
}
// Note that global password cannot work here since we couldn't know where
// to send the user otherwise.
$nids = protected_node_get_nids_from_protected_pages_parameter();
$sha1_passwd = sha1($form_state['values']['password']);
$sha256_passwd = hash('sha256', $form_state['values']['password']);
// Get an nid matching the password and nids condition.
// Arbitrary take the smaller nid.
$nid = db_select('protected_nodes')
->fields('protected_nodes', array(
'nid',
))
->condition('protected_node_passwd', array(
$sha1_passwd,
$sha256_passwd,
), 'IN')
->condition('nid', $nids, 'IN')
->orderBy('nid', 'ASC')
->range(0, 1)
->execute()
->fetchField();
if (empty($nid)) {
flood_register_event('failed_protected_node_attempt_ip', $flood_window);
form_set_error('password', t('Incorrect password!'));
}
else {
// Set a value in $form_state to use in submit.
$form_state['values']['protected_node_selected_nid'] = $nid;
}
}