function protected_node_and_attachment in Protected Node 6
Same name and namespace in other branches
- 7 protected_node.module \protected_node_and_attachment()
- 1.0.x protected_node.module \protected_node_and_attachment()
If gathering an attachment, verify that it is accessible and if not ask for the password.
@param[in] $filename The name of the attachment file.
1 call to protected_node_and_attachment()
- protected_node_init in ./
protected_node.module - Implementation of hook_init(). @link http://api.drupal.org/api/function/hook_init/6
File
- ./
protected_node.module, line 286
Code
function protected_node_and_attachment($filename) {
global $user;
// the upload module glues the attachments and nodes together
// without that module, we cannot test anything here
// (it is not required anyway if the user is going to the /node/#
// page itself.)
if (user_access('bypass password protection') || !module_exists('upload')) {
return FALSE;
}
// check whether the node linked to this file attachment is protected
$sql = "SELECT u.nid, n.uid, pn.protected_node_passwd_changed" . " FROM {files} f, {upload} u, {protected_nodes} pn, {node} n" . " WHERE pn.nid = u.nid AND u.nid = n.nid AND f.filename = '%s' AND u.fid = f.fid" . " AND pn.protected_node_is_protected = 1";
$file_info = db_fetch_array(db_query($sql, $filename));
if ($file_info === FALSE || $user->uid && $user->uid == $file_info['uid']) {
// $user is the author
return FALSE;
}
// got the password?
if (isset($_SESSION['_protected_node']['passwords'][$file_info['nid']])) {
$when = $_SESSION['_protected_node']['passwords'][$file_info['nid']];
if ($when > $file_info['protected_node_passwd_changed'] && $when > variable_get('protected_node_session_timelimit', 0)) {
// global reset time
return FALSE;
}
// the session is out of date, we can as well get rid of it now
unset($_SESSION['_protected_node']['passwords'][$file_info['nid']]);
}
// avoid the drupal_goto() if another module anyway forbids access
// to the file
foreach (module_implements('file_download') as $module) {
// skip ourself, we already know the answer!
if ($module != 'protected_node') {
$function = $module . '_file_download';
$result = call_user_func_array($function, array(
$filename,
));
if (isset($result) && $result == -1) {
// this $module forbids the file download, forget it
// a password won't help
return FALSE;
}
}
}
// no password, access denied
return $file_info['nid'];
}