You are here

Home » API reference » W3C Validator 6 » w3c_validator.module

function w3c_validator_init in W3C Validator 6

Implementation of hook_init().

If the token is found in the request headers it's compared the the ones stored in DB.

File

./w3c_validator.module, line 96
W3C Validator proxy.

Code

function w3c_validator_init() {
  global $user;
  $allow_auth = variable_get('w3c_validator_tidy_authenticated', FALSE);
  if (!$allow_auth) {
    return;
  }
  if (!empty($_SERVER['HTTP_W3C_VALIDATOR_TOKEN'])) {
    $token = check_plain($_SERVER['HTTP_W3C_VALIDATOR_TOKEN']);
    watchdog('w3c_validator_site', t('Request to validate private page !url using token @token', array(
      '!url' => url($_GET['q'], array(
        'absolute' => TRUE,
      )),
      '@token' => $token,
    )));
    if ($data = db_fetch_object(db_query("SELECT * FROM {validator_access_tokens} WHERE token = '%s'", $token))) {
      db_query("DELETE FROM {validator_access_tokens} WHERE token = '%s'", $token);
      $expected_token = md5(url($_GET['q'], array(
        'absolute' => TRUE,
      )) . $data->timestamp . $data->rand . $data->uid);
      watchdog('w3c_validator_site', t('Expected token @expected got @token', array(
        '@expected' => $expected_token,
        '@token' => $token,
      )));

      // Do not accept tokens that were created more than 5 seconds ago
      if (time() - $data->timestamp > 5) {
        watchdog('w3c_validator_site', t('Validation access denied, token expired.'));
        return;
      }
      if ($expected_token == $token) {
        watchdog('w3c_validator_site', t('Validation access granted as user %uid to path %path', array(
          '%uid' => $data->uid,
          '%path' => $_GET['q'],
        )));
        $user = user_load($data->uid);
      }
    }
  }
}