function protected_node_enterpassword_validate in Protected Node 7
Same name and namespace in other branches
- 5 protected_node.module \protected_node_enterpassword_validate()
- 6 protected_node.redirect.inc \protected_node_enterpassword_validate()
- 1.0.x protected_node.redirect.inc \protected_node_enterpassword_validate()
Verify that the user entered the correct password.
For the flood control,
See also
user_login_authenticate_validate().
File
- ./
protected_node.redirect.inc, line 155 - Redirected page callback file for the protected_node module.
Code
function protected_node_enterpassword_validate($form, &$form_state) {
$max_attempt = variable_get('protected_node_failed_password_ip_limit', 50);
$flood_window = variable_get('protected_node_failed_password_ip_window', 3600);
if (!flood_is_allowed('failed_protected_node_attempt_ip', $max_attempt, $flood_window)) {
form_set_error('password', t('Sorry, too many failed password attempts from your IP address. This IP address is temporarily blocked. Try again later.'));
return;
}
// @todo We do not want to check the global password if there is a local
// password (i.e. extract local password instead of comparing).
// @todo The protected_node_nid parameter should be extracted from the
// destination URI.
$sha1_passwd = sha1($form_state['values']['password']);
$sha256_passwd = hash('sha256', $form_state['values']['password']);
$protected_node_nid = $form_state['values']['protected_node_nid'];
$nid = db_select('protected_nodes')
->fields('protected_nodes', array(
'nid',
))
->condition('protected_node_passwd', array(
$sha1_passwd,
$sha256_passwd,
), 'IN')
->condition('nid', $protected_node_nid)
->execute()
->fetchField();
$node = node_load($protected_node_nid);
if (empty($nid)) {
// Global content type password exists ?
switch (variable_get('protected_node_use_global_password', PROTECTED_NODE_PER_NODE_PASSWORD)) {
case PROTECTED_NODE_PER_NODE_AND_GLOBAL_PASSWORD:
case PROTECTED_NODE_GLOBAL_PASSWORD:
$global_passwd = variable_get('protected_node_global_password', '');
if (in_array($global_passwd, array(
$sha1_passwd,
$sha256_passwd,
))) {
$_SESSION['has_entered_global_password'] = 1;
$nid = 1;
}
else {
// This comes last so we avoid loading the node if another password
// matches although that means the main global password has priority
// which may, in the long run, be a problem (but since the result is
// the same, I don't foresee this being a problem at all).
$node_type_passwd = variable_get('protected_node_node_type_password_' . $node->type, '');
if (in_array($node_type_passwd, array(
$sha1_passwd,
$sha256_passwd,
))) {
$nid = 1;
}
}
if (!empty($nid)) {
// The user found a global password.
// Was the protected node created by an anonymous user?
// If so, prevent the use of any global password.
$created = db_select('node')
->fields('node', array(
'created',
))
->condition('nid', $protected_node_nid)
->condition('uid', 0)
->execute()
->fetchField();
if ($created) {
$nid = FALSE;
}
}
break;
}
if (empty($nid)) {
flood_register_event('failed_protected_node_attempt_ip', $flood_window);
form_set_error('password', t('Incorrect password!'));
}
}
}