function protected_node_enterpassword_validate in Protected Node 6
Same name and namespace in other branches
- 5 protected_node.module \protected_node_enterpassword_validate()
- 7 protected_node.redirect.inc \protected_node_enterpassword_validate()
- 1.0.x protected_node.redirect.inc \protected_node_enterpassword_validate()
Verify that the user entered the correct password.
File
- ./
protected_node.redirect.inc, line 148 - Redirected page callback file for the protected_node module.
Code
function protected_node_enterpassword_validate($form, &$form_state) {
// TODO: we do not want to check the global password if there is a local
// password (i.e. extract local password instead of comparing!)
// TODO: the protected_node_nid parameter should be extracted from the destination URI
$sql = "SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = '%s' AND nid = %d";
$passwd = sha1($form['#post']['password']);
$nid = db_result(db_query($sql, $passwd, $form_state['values']['protected_node_nid']));
if (empty($nid)) {
switch (variable_get('protected_node_use_global_password', PROTECTED_NODE_PER_NODE_PASSWORD)) {
case PROTECTED_NODE_PER_NODE_AND_GLOBAL_PASSWORD:
case PROTECTED_NODE_GLOBAL_PASSWORD:
$global_passwd = variable_get('protected_node_global_password', '');
if ($global_passwd == $passwd) {
$nid = 1;
}
else {
// this comes last so we avoid loading the node if another password matches
// although that means the main global password has priority which may, in the
// long run, be a problem (but since the result is the same, I don't foresee
// this being a problem at all.)
$node = node_load($form_state['values']['protected_node_nid']);
$node_type_passwd = variable_get('protected_node_node_type_password_' . $node->type, '');
if ($node_type_passwd == $passwd) {
$nid = 1;
}
}
if (!empty($nid)) {
// the user found a global password
// was the protected node created by an anonymous user?
// if so, prevent the use of any global password
$sql = "SELECT created FROM {node} WHERE nid = %d AND uid = 0";
$created = db_result(db_query($sql, $form_state['values']['protected_node_nid']));
if ($created) {
$nid = FALSE;
}
}
break;
}
if (empty($nid)) {
form_set_error('password', t('Incorrect password!'));
}
}
}