You are here

Home » API reference » Protected Node 6 » protected_node.redirect.inc

function protected_node_enterpassword_validate in Protected Node 6

Same name and namespace in other branches
  1. 5 protected_node.module \protected_node_enterpassword_validate()
  2. 7 protected_node.redirect.inc \protected_node_enterpassword_validate()
  3. 1.0.x protected_node.redirect.inc \protected_node_enterpassword_validate()

Verify that the user entered the correct password.

File

./protected_node.redirect.inc, line 148
Redirected page callback file for the protected_node module.

Code

function protected_node_enterpassword_validate($form, &$form_state) {

  // TODO: we do not want to check the global password if there is a local
  //       password (i.e. extract local password instead of comparing!)
  // TODO: the protected_node_nid parameter should be extracted from the destination URI
  $sql = "SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = '%s' AND nid = %d";
  $passwd = sha1($form['#post']['password']);
  $nid = db_result(db_query($sql, $passwd, $form_state['values']['protected_node_nid']));
  if (empty($nid)) {
    switch (variable_get('protected_node_use_global_password', PROTECTED_NODE_PER_NODE_PASSWORD)) {
      case PROTECTED_NODE_PER_NODE_AND_GLOBAL_PASSWORD:
      case PROTECTED_NODE_GLOBAL_PASSWORD:
        $global_passwd = variable_get('protected_node_global_password', '');
        if ($global_passwd == $passwd) {
          $nid = 1;
        }
        else {

          // this comes last so we avoid loading the node if another password matches
          // although that means the main global password has priority which may, in the
          // long run, be a problem (but since the result is the same, I don't foresee
          // this being a problem at all.)
          $node = node_load($form_state['values']['protected_node_nid']);
          $node_type_passwd = variable_get('protected_node_node_type_password_' . $node->type, '');
          if ($node_type_passwd == $passwd) {
            $nid = 1;
          }
        }
        if (!empty($nid)) {

          // the user found a global password
          // was the protected node created by an anonymous user?
          // if so, prevent the use of any global password
          $sql = "SELECT created FROM {node} WHERE nid = %d AND uid = 0";
          $created = db_result(db_query($sql, $form_state['values']['protected_node_nid']));
          if ($created) {
            $nid = FALSE;
          }
        }
        break;
    }
    if (empty($nid)) {
      form_set_error('password', t('Incorrect password!'));
    }
  }
}