function protected_node_nodeapi in Protected Node 6
Same name and namespace in other branches
- 5 protected_node.module \protected_node_nodeapi()
Implementation of hook_nodeapi(). @link http://api.drupal.org/api/function/hook_nodeapi/6
File
- ./
protected_node.module, line 384
Code
function protected_node_nodeapi(&$node, $op, $arg = 0, $page = 0) {
global $user;
// ugly but we want to keep some variables between the validation and insert/update
global $_protected_node_emails;
global $_protected_node_random_passwd;
switch ($op) {
case 'load':
return protected_node_load($node);
case 'validate':
$_protected_node_emails = '';
$_protected_node_random_passwd = '';
if ($node->protected_node_is_protected && (user_access('edit any password') || user_access('edit ' . $node->type . ' password'))) {
$missing_password = FALSE;
if (empty($node->protected_node_passwd)) {
// password missing in database too?
$sql = "SELECT protected_node_passwd FROM {protected_nodes} WHERE nid = %d";
$result = trim(db_result(db_query($sql, $node->nid)));
// getting " " (40 spaces) when empty
if (empty($result)) {
$missing_password = TRUE;
}
}
if (!empty($node->protected_node_emails)) {
if ($node->status) {
// verify each email address
$emails = explode(',', str_replace(array(
"\r",
"\n",
), ',', $node->protected_node_emails));
foreach ($emails as $k => $m) {
$m = trim($m);
if ($m) {
if (!valid_email_address($m)) {
form_error($arg['protected_node']['protected_node_emails'], t('Invalid email address: @m. Please correct this mistake and try again.', array(
'@m' => $m,
)));
unset($emails[$k]);
// unset just in case; should be useless though
}
else {
$emails[$k] = $m;
}
}
else {
// ignore empty entries
unset($emails[$k]);
}
}
$_protected_node_emails = implode(', ', $emails);
if ($_protected_node_emails && $missing_password && variable_get('protected_node_random_password', FALSE)) {
// automatically generate a password for the email (note that means the author won't know the password!)
$_protected_node_random_passwd = user_password();
$missing_password = FALSE;
// not missing anymore
drupal_set_message(t('A random password was generated in order to send the email about this page. Remember that changing the password will prevent users you just emailed from accessing this page.'), 'warning');
}
}
else {
// the node is not published, forget about emails!
form_error($arg['protected_node']['protected_node_emails'], t('Email addresses were specified even though the password is turned off.'));
}
}
if ($missing_password) {
if ($user->uid == 0) {
// if anonymous user, then global password is not an option otherwise
// all the nodes could be edited by all the anonymous users!
$global_password = PROTECTED_NODE_PER_NODE_PASSWORD;
}
else {
$global_password = variable_get('protected_node_use_global_password', PROTECTED_NODE_PER_NODE_PASSWORD);
}
switch ($global_password) {
case PROTECTED_NODE_PER_NODE_PASSWORD:
// $arg is the form in this case
form_error($arg['protected_node']['protected_node_passwd'], t('To protect this page, please enter a password.'));
break;
}
}
}
elseif (isset($node->protected_node_emails) && trim($node->protected_node_emails)) {
form_error($arg['protected_node']['protected_node_emails'], t('No email can be sent by the protected node module when the node is not protected or you do not have permission to set a password.'));
}
break;
case 'insert':
case 'update':
if (user_access('edit any password') || user_access('edit ' . $node->type . ' password')) {
if (!empty($_protected_node_random_passwd)) {
$node->protected_node_passwd = $_protected_node_random_passwd;
}
if (!empty($_protected_node_emails)) {
$node->protected_node_emails = $_protected_node_emails;
}
protected_node_save($node);
if ($node->protected_node_is_protected && !empty($node->protected_node_emails)) {
module_load_include('mail.inc', 'protected_node');
protected_node_send_mail($node);
}
}
break;
case 'view':
if (!empty($node->protected_node_is_protected)) {
// Accessed for search indexing? (usually by cron.php)
if ($node->build_mode == NODE_BUILD_SEARCH_INDEX) {
// "user" could see the node, but at this time, not its contents
// (the current user is Anonymous, so that statement is not exactly true,
// but at the time of the search index building we cannot know who will
// be searching so we let go without the access denied error.)
protected_node_invoke('protected_node_hide', $node);
}
elseif (!user_access('bypass password protection') && !user_access('view protected content')) {
if (!$user->uid && variable_get('cache', CACHE_DISABLED)) {
// prevent caching (do NOT use variable_set() since this is temporary for this session.)
$GLOBALS['conf']['cache'] = CACHE_DISABLED;
}
if ($node->uid !== $user->uid) {
// is there a password?
if (isset($_SESSION['_protected_node']['passwords'][$node->nid])) {
// is password out of date?
$when = $_SESSION['_protected_node']['passwords'][$node->nid];
if ($when <= variable_get('protected_node_session_timelimit', 0) || $when <= $node->protected_node_passwd_changed) {
// this page reset time
unset($_SESSION['_protected_node']['passwords'][$node->nid]);
}
}
if (!isset($_SESSION['_protected_node']['passwords'][$node->nid])) {
if (!user_access('access protected content')) {
// user will never be given access (no drupal_goto() call necessary)
drupal_access_denied();
exit;
}
// user could see the node, but at this time, not its contents
protected_node_invoke('protected_node_hide', $node);
}
}
}
}
break;
case 'delete':
db_query('DELETE FROM {protected_nodes} WHERE nid = %d', $node->nid);
break;
}
}