function protected_node_enterpassword in Protected Node 6
Same name and namespace in other branches
- 5 protected_node.module \protected_node_enterpassword()
- 7 protected_node.redirect.inc \protected_node_enterpassword()
- 1.0.x protected_node.redirect.inc \protected_node_enterpassword()
Create the form asking the end users for the node password.
The function expects two $_GET with variables named: destination and protected_page. The destination is a URL back to the protected page of which the password is being required. The protected_page variable is set to the nid of that protected page (see todo below).
The function accepts a $_GET named 'back'. This is a URL used for the Cancel link shown next to the OKAY button.
@todo The redirection uses a destination and a protected_page parameter. The protected_page can be inferred from the destination since the destination represents a node. We want to remove the use of the protected_page because that could be set to a node nid that has nothing to do with the destination (which is not a security risk, but can make it confusing.)
@todo It would be a good idea to transform this function in a theme() call instead.
1 string reference to 'protected_node_enterpassword'
- protected_node_menu_array in ./
protected_node.settings.inc - Actual implementation of the protected_node_menu() function.
File
- ./
protected_node.redirect.inc, line 28 - Redirected page callback file for the protected_node module.
Code
function protected_node_enterpassword() {
global $user;
// make sure we have a destination and a node nid
// otherwise there is no password to check
// TODO: extract the nid from the destination URI?
if (!isset($_GET['destination']) || empty($_GET['protected_page']) || !is_numeric($_GET['protected_page'])) {
// Illegal call
watchdog('protected_node', 'Illegal call to /protected-node', array(), WATCHDOG_WARNING);
drupal_access_denied();
exit;
}
$node = node_load($_GET['protected_page']);
if (!$node) {
// Illegal node identifier
watchdog('protected_node', 'Invalid nid (@nid) used with /protected-node', array(
'@nid' => $_GET['protected_page'],
), WATCHDOG_WARNING);
drupal_access_denied();
exit;
}
// some variable initialization
$types = node_get_types();
$node_type = $types[$node->type];
$has_token = module_exists('token');
// setup the title of this page
$title = variable_get('protected_node_title', NULL);
if (!empty($title)) {
if ($has_token) {
$title = token_replace($title, 'node', $node);
$title = token_replace($title, 'user', $user);
// in this case other user's data can be introduce in the title
drupal_set_title(filter_xss($title));
}
else {
// only administrators can enter this title
drupal_set_title($title);
}
}
// information appear between the title and the password form
$info = variable_get('protected_node_info', '');
if ($has_token) {
$info = token_replace($info, 'node', $node);
$info = token_replace($info, 'user', $user);
}
$form['protected_node'] = array(
'#value' => $info,
);
// enter the detailed description of the protected node password
$description = variable_get('protected_node_description', '');
if (!$description) {
if ($node->protected_node_show_title) {
// embellish the title with double quotes
$node_title = ' "' . $node_title . '"';
}
else {
$node_title = '';
}
$description = t('The @node_type@node_title you are trying to view is password protected. Please enter the password below to proceed.', array(
'@node_type' => $node_type->name,
'@node_title' => $node_title,
));
}
elseif ($has_token) {
$description = token_replace($description, 'node', $node);
$description = token_replace($description, 'user', $user);
}
$form['protected_node_enterpassword'] = array(
'#type' => 'fieldset',
'#description' => $description,
'#collapsible' => FALSE,
);
// create the password widget
$label = variable_get('protected_node_password_label', '');
if ($label) {
$label = token_replace($label, 'node', $node);
$label = token_replace($label, 'user', $user);
}
else {
$label = t('@node_type password', array(
'@node_type' => $node_type->name,
));
}
$form['protected_node_enterpassword']['password'] = array(
'#type' => 'password',
'#title' => $label,
'#size' => 20,
);
// the node we're working on
$form['protected_node_nid'] = array(
'#type' => 'hidden',
'#value' => $_GET['protected_page'],
);
// add a submit button
$form['protected_node_enterpassword']['submit'] = array(
'#type' => 'submit',
'#value' => t('OK'),
);
// add a cancel link when 'back' is defined (i.e. referer on the previous page)
if (isset($_GET['back'])) {
$cancel = $_GET['back'];
}
elseif (variable_get('protected_node_cancel', 0)) {
$cancel = '<front>';
}
if (!empty($cancel)) {
$form['protected_node_enterpassword']['cancel'] = array(
'#value' => l(t('Cancel'), $cancel),
);
}
return $form;
}