You are here

Home » API reference » Protected Node 7 » protected_node.redirect.inc

function protected_node_enterpassword_validate in Protected Node 7

Same name and namespace in other branches
  1. 5 protected_node.module \protected_node_enterpassword_validate()
  2. 6 protected_node.redirect.inc \protected_node_enterpassword_validate()
  3. 1.0.x protected_node.redirect.inc \protected_node_enterpassword_validate()

Verify that the user entered the correct password.

For the flood control,

See also

user_login_authenticate_validate().

File

./protected_node.redirect.inc, line 155
Redirected page callback file for the protected_node module.

Code

function protected_node_enterpassword_validate($form, &$form_state) {
  $max_attempt = variable_get('protected_node_failed_password_ip_limit', 50);
  $flood_window = variable_get('protected_node_failed_password_ip_window', 3600);
  if (!flood_is_allowed('failed_protected_node_attempt_ip', $max_attempt, $flood_window)) {
    form_set_error('password', t('Sorry, too many failed password attempts from your IP address. This IP address is temporarily blocked. Try again later.'));
    return;
  }

  // @todo We do not want to check the global password if there is a local
  // password (i.e. extract local password instead of comparing).
  // @todo The protected_node_nid parameter should be extracted from the
  // destination URI.
  $sha1_passwd = sha1($form_state['values']['password']);
  $sha256_passwd = hash('sha256', $form_state['values']['password']);
  $protected_node_nid = $form_state['values']['protected_node_nid'];
  $nid = db_select('protected_nodes')
    ->fields('protected_nodes', array(
    'nid',
  ))
    ->condition('protected_node_passwd', array(
    $sha1_passwd,
    $sha256_passwd,
  ), 'IN')
    ->condition('nid', $protected_node_nid)
    ->execute()
    ->fetchField();
  $node = node_load($protected_node_nid);
  if (empty($nid)) {

    // Global content type password exists ?
    switch (variable_get('protected_node_use_global_password', PROTECTED_NODE_PER_NODE_PASSWORD)) {
      case PROTECTED_NODE_PER_NODE_AND_GLOBAL_PASSWORD:
      case PROTECTED_NODE_GLOBAL_PASSWORD:
        $global_passwd = variable_get('protected_node_global_password', '');
        if (in_array($global_passwd, array(
          $sha1_passwd,
          $sha256_passwd,
        ))) {
          $_SESSION['has_entered_global_password'] = 1;
          $nid = 1;
        }
        else {

          // This comes last so we avoid loading the node if another password
          // matches although that means the main global password has priority
          // which may, in the long run, be a problem (but since the result is
          // the same, I don't foresee this being a problem at all).
          $node_type_passwd = variable_get('protected_node_node_type_password_' . $node->type, '');
          if (in_array($node_type_passwd, array(
            $sha1_passwd,
            $sha256_passwd,
          ))) {
            $nid = 1;
          }
        }
        if (!empty($nid)) {

          // The user found a global password.
          // Was the protected node created by an anonymous user?
          // If so, prevent the use of any global password.
          $created = db_select('node')
            ->fields('node', array(
            'created',
          ))
            ->condition('nid', $protected_node_nid)
            ->condition('uid', 0)
            ->execute()
            ->fetchField();
          if ($created) {
            $nid = FALSE;
          }
        }
        break;
    }
    if (empty($nid)) {
      flood_register_event('failed_protected_node_attempt_ip', $flood_window);
      form_set_error('password', t('Incorrect password!'));
    }
  }
}