You are here

function protected_node_and_attachment in Protected Node 6

Same name and namespace in other branches
  1. 7 protected_node.module \protected_node_and_attachment()
  2. 1.0.x protected_node.module \protected_node_and_attachment()

If gathering an attachment, verify that it is accessible and if not ask for the password.

@param[in] $filename The name of the attachment file.

1 call to protected_node_and_attachment()
protected_node_init in ./protected_node.module
Implementation of hook_init(). @link http://api.drupal.org/api/function/hook_init/6

File

./protected_node.module, line 286

Code

function protected_node_and_attachment($filename) {
  global $user;

  // the upload module glues the attachments and nodes together
  // without that module, we cannot test anything here
  // (it is not required anyway if the user is going to the /node/#
  // page itself.)
  if (user_access('bypass password protection') || !module_exists('upload')) {
    return FALSE;
  }

  // check whether the node linked to this file attachment is protected
  $sql = "SELECT u.nid, n.uid, pn.protected_node_passwd_changed" . " FROM {files} f, {upload} u, {protected_nodes} pn, {node} n" . " WHERE pn.nid = u.nid AND u.nid = n.nid AND f.filename = '%s' AND u.fid = f.fid" . " AND pn.protected_node_is_protected = 1";
  $file_info = db_fetch_array(db_query($sql, $filename));
  if ($file_info === FALSE || $user->uid && $user->uid == $file_info['uid']) {

    // $user is the author
    return FALSE;
  }

  // got the password?
  if (isset($_SESSION['_protected_node']['passwords'][$file_info['nid']])) {
    $when = $_SESSION['_protected_node']['passwords'][$file_info['nid']];
    if ($when > $file_info['protected_node_passwd_changed'] && $when > variable_get('protected_node_session_timelimit', 0)) {

      // global reset time
      return FALSE;
    }

    // the session is out of date, we can as well get rid of it now
    unset($_SESSION['_protected_node']['passwords'][$file_info['nid']]);
  }

  // avoid the drupal_goto() if another module anyway forbids access
  // to the file
  foreach (module_implements('file_download') as $module) {

    // skip ourself, we already know the answer!
    if ($module != 'protected_node') {
      $function = $module . '_file_download';
      $result = call_user_func_array($function, array(
        $filename,
      ));
      if (isset($result) && $result == -1) {

        // this $module forbids the file download, forget it
        // a password won't help
        return FALSE;
      }
    }
  }

  // no password, access denied
  return $file_info['nid'];
}