Issue #3260323 by Grimreaper, meyerrob: Use user password functions for easier...

 * For the flood control, @see user_login_authenticate_validate().

 */

function protected_node_enter_any_password_validate($form, &$form_state) {

  require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

  $max_attempt = variable_get('protected_node_failed_password_ip_limit', 50);

  $flood_window = variable_get('protected_node_failed_password_ip_window', 3600);

  if (!flood_is_allowed('failed_protected_node_attempt_ip', $max_attempt, $flood_window)) {

  // Note that global password cannot work here since we couldn't know where

  // to send the user otherwise.

  $nids = protected_node_get_nids_from_protected_pages_parameter();

  $sha1_passwd = sha1($form_state['values']['password']);

  $sha256_passwd = hash('sha256', $form_state['values']['password']);

  $entered_password = $form_state['values']['password'];

  $sha1_passwd = sha1($entered_password);

  $sha256_passwd = hash('sha256', $entered_password);

  // Get an nid matching the password and nids condition.

  // Arbitrary take the smaller nid.

  $nid = db_select('protected_nodes')

    ->fields('protected_nodes', array('nid'))

    ->condition('protected_node_passwd', array($sha1_passwd, $sha256_passwd), 'IN')

  $stored_passwds = db_select('protected_nodes')

    ->fields('protected_nodes', array('nid', 'protected_node_passwd'))

    ->condition('nid', $nids, 'IN')

    ->orderBy('nid', 'ASC')

    ->range(0, 1)

    ->execute()

    ->fetchField();

    ->fetchAllKeyed();

  if (empty($nid)) {

  $account = new stdClass();

  $detected_nid = '';

  foreach ($stored_passwds as $nid => $stored_passwd) {

    $account->pass = $stored_passwd;

    if (in_array($stored_passwd, array($sha1_passwd, $sha256_passwd)) || user_check_password($entered_password, $account)) {

      $detected_nid = $nid;

      break;

    }

  }

  if (empty($detected_nid)) {

    flood_register_event('failed_protected_node_attempt_ip', $flood_window);

    form_set_error('password', t('Incorrect password!'));

  }

  else {

    // Set a value in $form_state to use in submit.

    $form_state['values']['protected_node_selected_nid'] = $nid;

    $form_state['values']['protected_node_selected_nid'] = $detected_nid;

  }

}

          $changed = FALSE;

        }

        else {

          require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

          $node->protected_node_clear_passwd = $node->protected_node_passwd;

          $node->protected_node_passwd = hash('sha256', $node->protected_node_passwd);

          $node->protected_node_passwd = user_hash_password($node->protected_node_passwd);

        }

      }

    }

      $node->protected_node_passwd = '';

    }

    elseif ($node->protected_node_passwd) {

      require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

      $node->protected_node_clear_passwd = $node->protected_node_passwd;

      $node->protected_node_passwd = hash('sha256', $node->protected_node_passwd);

      $node->protected_node_passwd = user_hash_password($node->protected_node_passwd);

    }

    // We don't need to set the protected_node_passwd_changed since no

    // one has ever entered a password for this node.

          ->execute() !== FALSE;

      }

      else {

        require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

        // We have to also update the password in this case.

        $result = db_update('protected_nodes')

          ->fields(array(

            'protected_node_is_protected' => 1,

            'protected_node_passwd' => hash('sha256', $passwd),

            'protected_node_passwd' => user_hash_password($passwd),

            'protected_node_passwd_changed' => REQUEST_TIME,

          ))

          ->condition('nid', $node->nid)

        $passwd = '';

      }

      else {

        $passwd = hash('sha256', $passwd);

        require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

        $passwd = user_hash_password($passwd);

      }

      $result = db_insert('protected_nodes')

        ->fields(array(

      // It is protected; we're done (the password is not to be changed).

      return TRUE;

    }

    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

    $result = db_update('protected_nodes')

      ->fields(array(

        'protected_node_passwd' => hash('sha256', $passwd),

        'protected_node_passwd' => user_hash_password($passwd),

        'protected_node_passwd_changed' => REQUEST_TIME,

      ))

      ->condition('nid', $node->nid)

 * For the flood control, @see user_login_authenticate_validate().

 */

function protected_node_enterpassword_validate($form, &$form_state) {

  require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

  $max_attempt = variable_get('protected_node_failed_password_ip_limit', 50);

  $flood_window = variable_get('protected_node_failed_password_ip_window', 3600);

  if (!flood_is_allowed('failed_protected_node_attempt_ip', $max_attempt, $flood_window)) {

  // password (i.e. extract local password instead of comparing).

  // @todo The protected_node_nid parameter should be extracted from the

  // destination URI.

  $sha1_passwd = sha1($form_state['values']['password']);

  $sha256_passwd = hash('sha256', $form_state['values']['password']);

  $entered_password = $form_state['values']['password'];

  $sha1_passwd = sha1($entered_password);

  $sha256_passwd = hash('sha256', $entered_password);

  $protected_node_nid = $form_state['values']['protected_node_nid'];

  $nid = db_select('protected_nodes')

    ->fields('protected_nodes', array('nid'))

    ->condition('protected_node_passwd', array($sha1_passwd, $sha256_passwd), 'IN')

  $stored_passwd = db_select('protected_nodes')

    ->fields('protected_nodes', array('protected_node_passwd'))

    ->condition('nid', $protected_node_nid)

    ->execute()

    ->fetchField();

  $account = new stdClass();

  $account->pass = $stored_passwd;

  $nid = '';

  if (in_array($stored_passwd, array($sha1_passwd, $sha256_passwd)) || user_check_password($entered_password, $account)) {

    $nid = $protected_node_nid;

  }

  $node = node_load($protected_node_nid);

  if (empty($nid)) {

    // Global content type password exists ?

      case PROTECTED_NODE_PER_NODE_AND_GLOBAL_PASSWORD:

      case PROTECTED_NODE_GLOBAL_PASSWORD:

        $global_passwd = variable_get('protected_node_global_password', '');

        if (in_array($global_passwd, array($sha1_passwd, $sha256_passwd))) {

        $account = new stdClass();

        $account->pass = $global_passwd;

        if (in_array($global_passwd, array($sha1_passwd, $sha256_passwd)) || user_check_password($entered_password, $account)) {

          $_SESSION['has_entered_global_password'] = 1;

          $nid = 1;

        }

          // which may, in the long run, be a problem (but since the result is

          // the same, I don't foresee this being a problem at all).

          $node_type_passwd = variable_get('protected_node_node_type_password_' . $node->type, '');

          if (in_array($node_type_passwd, array($sha1_passwd, $sha256_passwd))) {

          $account = new stdClass();

          $account->pass = $node_type_passwd;

          if (in_array($node_type_passwd, array($sha1_passwd, $sha256_passwd)) || user_check_password($entered_password, $account)) {

            $nid = 1;

          }

        }

function _protected_node_admin_settings_submit($form, &$form_state) {

  $passwd = $form_state['values']['protected_node_global_password_field'];

  if ($passwd) {

    variable_set('protected_node_global_password', hash('sha256', $passwd));

    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

    variable_set('protected_node_global_password', user_hash_password($passwd));

    unset($form_state['values']['protected_node_global_password_field']);

    variable_del('protected_node_global_password_field');

  }

function protected_node_action_reset_passwords($form, &$form_state) {

  $passwd = $form_state['values']['protected_node_reset_passwords_password'];

  if ($passwd) {

    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

    db_update('protected_nodes')

      ->fields(array(

        'protected_node_passwd' => hash('sha256', $passwd),

        'protected_node_passwd' => user_hash_password($passwd),

      ))

      ->execute();

    variable_set('protected_node_session_timelimit', REQUEST_TIME);

 */

function _protected_node_node_type_validate($form, &$form_state) {

  if (!empty($form_state['values']['protected_node_node_type_password_field'])) {

    $form_state['values']['protected_node_node_type_password'] = hash('sha256', $form_state['values']['protected_node_node_type_password_field']);

    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

    $form_state['values']['protected_node_node_type_password'] = user_hash_password($form_state['values']['protected_node_node_type_password_field']);

  }

  else {

    $node_type = trim($form_state['values']['type']);

   * Test that the password is well hashed when stored.

   */

  public function testHash() {

    $hashed_global_password = hash('sha256', $this->global_password);

    $stored_global_password = variable_get('protected_node_global_password');

    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');

    $account = new stdClass();

    $account->pass = variable_get('protected_node_global_password');

    $this->assertEqual($stored_global_password, $hashed_global_password, "The global password is stored hashed and the value correspond to the global password.", $this->group);

    $this->assertTrue(user_check_password($this->global_password, $account), "The global password is stored hashed and the value correspond to the global password.", $this->group);

  }

  /**