diff --git a/protected_node.fork.inc b/protected_node.fork.inc index 878e3bf..d40613e 100644 --- a/protected_node.fork.inc +++ b/protected_node.fork.inc @@ -210,15 +210,19 @@ */ function protected_node_enter_any_password_validate($form, &$form_state) { // @todo We do not want to check the global password if there is a local // password (i.e. extract local password instead of comparing!). $nids = protected_node_password_nids(); - - $sql = "SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = '%s' AND nid IN (" . db_placeholders($nids, 'int') . ")"; $passwd = sha1($form['#post']['password']); - // @todo Please convert this statement to the D7 database API syntax. - $nid = db_query_range($sql, array_merge(array($passwd), $nids))->fetchField(); + + $nid = db_query_range('protected_nodes', '') + ->fields(array('nid')) + ->condition('protected_node_passwd', $passwd) + ->condition('nid', $nids, 'IN') + ->execute() + ->fetchField(); + if (empty($nid)) { // Note that global password cannot work here since we wouldn't know where // to send the user otherwise. form_set_error('password', t('Incorrect password!')); } diff --git a/protected_node.module b/protected_node.module index e1de527..21c17b4 100644 --- a/protected_node.module +++ b/protected_node.module @@ -334,61 +334,68 @@ if (user_access('bypass password protection') || !module_exists('upload')) { return FALSE; } // Check whether the node linked to this file attachment is protected. - $sql = "SELECT u.nid, n.uid, pn.protected_node_passwd_changed"; - $sql .= " FROM {files} f, {upload} u, {protected_nodes} pn, {node} n"; - $sql .= " WHERE pn.nid = u.nid AND u.nid = n.nid AND f.filename = '%s' AND u.fid = f.fid"; - $sql .= " AND pn.protected_node_is_protected = 1"; - // @todo Please convert this statement to the D7 database API syntax. - $file_info = db_query($sql, $filename)->fetchAssoc(); - if ($file_info === FALSE /* Row doesn't exist, it's not protected */ - || ($user->uid && $user->uid == $file_info['uid'])) { /* $user is the author */ - return FALSE; - } + $query = db_select('node', 'n'); + $query->join('file_usage', 'fu', 'n.nid = fu.id'); + $query->join('file_managed', 'fm', 'fm.fid = fu.fid'); + $query->join('protected_nodes', 'pn', 'n.nid = pn.nid'); + $query->fields('n', array('nid', 'uid')); + $query->fields('pn', array('protected_node_passwd_changed')); + $query->condition('fu.type', 'node'); + $query->condition('fm.filename', $filename); + $query->condition('pn.protected_node_is_protected', '1'); + $result = $query->execute(); - // Got the global password? - if (isset($_SESSION['_protected_node']['passwords']['global'])) { - $when = $_SESSION['_protected_node']['passwords']['global']; - if ($when > $file_info['protected_node_passwd_changed'] /* this page reset time */ - && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ + foreach ($result as $file_info) { + if ($file_info === FALSE /* Row doesn't exist, it's not protected */ + || ($user->uid && $user->uid == $file_info->uid)) { /* $user is the author */ return FALSE; } - // The session is out of date, we can as well get rid of it now. - unset($_SESSION['_protected_node']['passwords']['global']); - } - else { - // Got the password? - if (isset($_SESSION['_protected_node']['passwords'][$file_info['nid']])) { - $when = $_SESSION['_protected_node']['passwords'][$file_info['nid']]; - if ($when > $file_info['protected_node_passwd_changed'] /* this page reset time */ + + // Got the global password? + if (isset($_SESSION['_protected_node']['passwords']['global'])) { + $when = $_SESSION['_protected_node']['passwords']['global']; + if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ return FALSE; } // The session is out of date, we can as well get rid of it now. - unset($_SESSION['_protected_node']['passwords'][$file_info['nid']]); + unset($_SESSION['_protected_node']['passwords']['global']); } - } - - // Avoid the drupal_goto() if another module anyway forbids access - // to the file. - foreach (module_implements('file_download') as $module) { - // Skip ourself, we already know the answer! - if ($module != 'protected_node') { - $function = $module . '_file_download'; - $result = call_user_func_array($function, array($filename)); - if (isset($result) && $result == -1) { - // This $module forbids the file download, forget it a password won't - // help. - return FALSE; + else { + // Got the password? + if (isset($_SESSION['_protected_node']['passwords'][$file_info->nid])) { + $when = $_SESSION['_protected_node']['passwords'][$file_info->nid]; + if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ + && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ + return FALSE; + } + // The session is out of date, we can as well get rid of it now. + unset($_SESSION['_protected_node']['passwords'][$file_info->nid]); } } - } - // No password, access denied. - return $file_info['nid']; + // Avoid the drupal_goto() if another module anyway forbids access + // to the file. + foreach (module_implements('file_download') as $module) { + // Skip ourself, we already know the answer! + if ($module != 'protected_node') { + $function = $module . '_file_download'; + $result = call_user_func_array($function, array($filename)); + if (isset($result) && $result == -1) { + // This $module forbids the file download, forget it a password won't + // help. + return FALSE; + } + } + } + + // No password, access denied. + return $file_info->nid; + } } /** * Call module implemented functions with a parameter passed as reference @@ -716,31 +723,37 @@ // Private file access for the original files. $files = file_load_multiple(array(), array('uri' => $uri)); if (count($files)) { $file = reset($files); if ($file->status) { - $query = "SELECT n.nid, n.uid, pn.protected_node_passwd_changed FROM {file_usage} fu, {protected_nodes} pn, {node} n WHERE pn.nid = fu.id"; - $query .= " AND fu.fid = :fid AND pn.nid = n.nid AND n.nid = fu.id AND fu.type = 'node' AND pn.protected_node_is_protected = 1"; + $query = db_select('node', 'n'); + $query->join('file_usage', 'fu', 'n.nid = fu.id'); + $query->join('protected_nodes', 'pn', 'n.nid = pn.nid'); + $query->fields('n', array('nid', 'uid')); + $query->fields('pn', array('protected_node_passwd_changed')); + $query->condition('fu.fid', $file->fid); + $query->condition('fu.type', 'node'); + $query->condition('pn.protected_node_is_protected', '1'); + $result = $query->execute(); - $result = db_query($query, array(':fid' => $file->fid)); - while($file_info = $result->fetchAssoc()) { - if($file_info === FALSE || ($user->uid && $user->uid == $file_info['uid'])) { + foreach ($result as $file_info) { + if($file_info === FALSE || ($user->uid && $user->uid == $file_info->uid)) { return array(); } // Got the global password? if (isset($_SESSION['_protected_node']['passwords']['global'])) { $when = $_SESSION['_protected_node']['passwords']['global']; - if ($when > $file_info['protected_node_passwd_changed'] /* this page reset time */ + if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ return array(); } } - elseif (isset($_SESSION['_protected_node']['passwords'][$file_info['nid']])) { - $when = $_SESSION['_protected_node']['passwords'][$file_info['nid']]; - if ($when > $file_info['protected_node_passwd_changed'] /* this page reset time */ + elseif (isset($_SESSION['_protected_node']['passwords'][$file_info->nid])) { + $when = $_SESSION['_protected_node']['passwords'][$file_info->nid]; + if ($when > $file_info->protected_node_passwd_changed /* this page reset time */ && $when > variable_get('protected_node_session_timelimit', 0)) { /* global reset time */ return array(); } } } @@ -794,11 +807,16 @@ // We first test whether a protected_nodes entry exist so we can use UPDATE // or INSERT accordingly (UPDATE does not always properly report working // with MySQL). // We also retrive nid because protected_node_passwd may exist and be empty. - $result = db_query("SELECT nid, protected_node_passwd, protected_node_emails FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $node->nid))->fetchAssoc(); + $result = db_select('protected_nodes') + ->fields('protected_nodes', array('nid', 'protected_node_passwd', 'protected_node_emails')) + ->condition('nid', $node->nid) + ->execute() + ->fetchAssoc(); + if (!empty($result)) { // Note: the following test prevents the user from using "0" as a password. if (isset($node->protected_node_passwd)) { $changed = $node->protected_node_passwd != $result['protected_node_passwd']; if ($changed) { @@ -902,11 +920,23 @@ if ($protection == PROTECTED_NODE_PROTECTION_NEVER) { // By default the node is not protected, return that. return $default_fields; } - $result = db_query("SELECT protected_node_is_protected, protected_node_passwd, protected_node_passwd_changed, protected_node_show_title, protected_node_emails, protected_node_hint FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $node->nid))->fetchAssoc(); + $result = db_select('protected_nodes') + ->fields('protected_nodes', array( + 'protected_node_is_protected', + 'protected_node_passwd', + 'protected_node_passwd_changed', + 'protected_node_show_title', + 'protected_node_emails', + 'protected_node_hint' + )) + ->condition('nid', $node->nid) + ->execute() + ->fetchAssoc(); + if (!is_array($result)) { // The SELECT failed, use the defaults. $result = $default_fields; } else { @@ -1102,12 +1132,17 @@ return FALSE; } if (empty($node->protected_node_is_protected)) { // Node exists in our table? - $r = db_query("SELECT nid FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $node->nid))->fetchField(); - if ($r) { + $select = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('nid', $node->nid) + ->execute() + ->fetchField(); + + if ($select) { if (empty($passwd)) { // In this case, an empty password is fine. $result = db_update('protected_nodes') ->fields(array( 'protected_node_is_protected' => 1, @@ -1115,30 +1150,36 @@ ->condition('nid', $node->nid) ->execute() !== FALSE; } else { // We have to also update the password in this case. - $sql = "UPDATE {protected_nodes} SET protected_node_is_protected = 1, protected_node_passwd = '%s', protected_node_passwd_changed = %d WHERE nid = %d"; - // @todo Please convert this statement to the D7 database API syntax. - $result = db_query($sql, sha1($passwd), REQUEST_TIME, $node->nid) !== FALSE; + $result = db_update('protected_nodes') + ->fields(array( + 'protected_node_is_protected' => 1, + 'protected_node_passwd' => sha1($passwd), + 'protected_node_passwd_changed' => REQUEST_TIME + )) + ->condition('nid', $node->nid) + ->execute() !== FALSE; } } else { // No entry in the database yet, add it now. if (empty($passwd)) { $passwd = ''; } else { $passwd = sha1($passwd); } - $sql = "INSERT INTO {protected_nodes} (protected_node_is_protected,"; - $sql .= " protected_node_passwd, protected_node_show_title, nid)"; - $sql .= " VALUES (1, '%s', %d, %d)"; - // @todo Please convert this statement to the D7 database API syntax. - $result = db_query($sql, $passwd, - variable_get('protected_node_show_node_titles', FALSE), - $node->nid) !== FALSE; + $result = db_insert('protected_nodes') + ->fields(array( + 'nid' => $node->nid, + 'protected_node_is_protected' => 1, + 'protected_node_passwd' => $passwd, + 'protected_node_show_title' => variable_get('protected_node_show_node_titles', FALSE) + )) + ->execute() !== FALSE; } } else { // The node is already protected, change the password if necessary. if (empty($passwd)) { @@ -1165,20 +1206,24 @@ * * @return boolean * TRUE if the node was protected before the call, FALSE otherwise. */ function protected_node_unset_protected($nid) { - $r = db_query("SELECT protected_node_is_protected FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $nid))->fetchField() == 1; - - db_update('protected_nodes') - ->fields(array( - 'protected_node_is_protected' => 0, - )) + $result = db_select('protected_nodes') + ->fields('protected_nodes', array('protected_node_is_protected')) ->condition('nid', $nid) - ->execute(); + ->execute() + ->fetchField() == 1; - return $r; + db_update('protected_nodes') + ->fields(array( + 'protected_node_is_protected' => 0, + )) + ->condition('nid', $nid) + ->execute(); + + return $result; } /** * This method determines the protected flag status for the given node id. * @@ -1194,11 +1239,17 @@ function protected_node_isset_protected($nid) { if (!is_numeric($nid)) { return FALSE; } - return db_query("SELECT protected_node_is_protected FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $nid))->fetchField() == 1; + $result = db_select('protected_nodes') + ->fields('protected_nodes', array('protected_node_is_protected')) + ->condition('nid', $nid) + ->execute() + ->fetchField() == 1; + + return $result; } /** * Revoke access to the current used from the specified protected node. * The effect is immediate. diff --git a/protected_node.settings.inc b/protected_node.settings.inc index 6357787..8f8687a 100644 --- a/protected_node.settings.inc +++ b/protected_node.settings.inc @@ -243,17 +243,49 @@ * @return array * $form The settings form */ function protected_node_admin_settings() { - $unprotected_count = db_query("SELECT COUNT(n.nid) FROM {node} n LEFT JOIN {protected_nodes} pn ON pn.nid = n.nid WHERE pn.protected_node_is_protected = :protected_node_is_protected OR pn.protected_node_is_protected IS NULL", array(':protected_node_is_protected' => 0))->fetchField(); - $protected_count = db_query("SELECT COUNT(nid) FROM {protected_nodes} WHERE protected_node_is_protected = :protected_node_is_protected", array(':protected_node_is_protected' => 1))->fetchField(); - $title_count = db_query("SELECT COUNT(nid) FROM {protected_nodes} WHERE protected_node_is_protected = :protected_node_is_protected AND protected_node_show_title = :protected_node_show_title", array(':protected_node_is_protected' => 1, ':protected_node_show_title' => 1))->fetchField(); - $global_count = db_query("SELECT COUNT(nid) FROM {protected_nodes} WHERE protected_node_is_protected = :protected_node_is_protected AND protected_node_passwd = :protected_node_passwd", array(':protected_node_is_protected' => 1, ':protected_node_passwd' => ''))->fetchField(); + // Total + $total_count = db_select('node') + ->fields('node', array('nid')) + ->countQuery() + ->execute() + ->fetchField(); + + // Protected + $protected_count = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('protected_node_is_protected', 1) + ->countQuery() + ->execute() + ->fetchField(); + + // Title + $title_count = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('protected_node_is_protected', 1) + ->condition('protected_node_show_title', 1) + ->countQuery() + ->execute() + ->fetchField(); + + // Global + $global_count = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('protected_node_is_protected', 1) + ->condition('protected_node_passwd', '') + ->countQuery() + ->execute() + ->fetchField(); + + $unprotected_count = $total_count - $protected_count; + $hiding_count = $protected_count - $title_count; + $node_password_count = $protected_count - $global_count; // Any nodes? - if ($protected_count + $unprotected_count > 0) { + if ($total_count > 0) { // Statistics $form['protected_node_stats'] = array( '#type' => 'fieldset', '#title' => t('Protected node statistics'), '#collapsible' => TRUE, @@ -267,11 +299,11 @@ $rows = array(); $rows[] = array( t('Total nodes'), array( - 'data' => $protected_count + $unprotected_count, + 'data' => $total_count, 'style' => 'text-align:right' ), array( 'data' => t('100%'), 'style' => 'text-align:right' @@ -282,22 +314,22 @@ array( 'data' => $unprotected_count, 'style' => 'text-align:right' ), array( - 'data' => round($unprotected_count * 100 / ($unprotected_count + $protected_count), 2) . '%', + 'data' => round($unprotected_count * 100 / ($total_count), 2) . '%', 'style' => 'text-align:right' ), ); $rows[] = array( t('Protected nodes'), array( 'data' => $protected_count, 'style' => 'text-align:right' ), array( - 'data' => round($protected_count * 100 / ($unprotected_count + $protected_count), 2) . '%', + 'data' => round($protected_count * 100 / ($total_count), 2) . '%', 'style' => 'text-align:right' ), ); if ($protected_count > 0) { $rows[] = array( @@ -312,15 +344,15 @@ ), ); $rows[] = array( t('Hiding title'), array( - 'data' => $protected_count - $title_count, + 'data' => $hiding_count, 'style' => 'text-align:right' ), array( - 'data' => round(($protected_count - $title_count) * 100 / $protected_count, 2) . '%', + 'data' => round($hiding_count * 100 / $protected_count, 2) . '%', 'style' => 'text-align:right' ), ); $rows[] = array( t('Global passwords'), @@ -334,15 +366,15 @@ ), ); $rows[] = array( t('Node passwords'), array( - 'data' => $protected_count - $global_count, + 'data' => $node_password_count, 'style' => 'text-align:right' ), array( - 'data' => round(($protected_count - $global_count) * 100 / $protected_count, 2) . '%', + 'data' => round($node_password_count * 100 / $protected_count, 2) . '%', 'style' => 'text-align:right' ), ); } @@ -750,18 +782,35 @@ 'protected_node_is_protected' => 1, )) ->condition('protected_node_is_protected', 0) ->execute(); - // Then update the table with ALL the existing nodes and as we're at it - // we mark them as protected. - $sql = "INSERT INTO {protected_nodes}"; - $sql .= " (SELECT n.nid, %d AS protected_node_show_title, 1 AS protected_node_is_protected, '' AS protected_node_passwd"; - $sql .= " FROM {node} n LEFT JOIN {protected_nodes} pn ON n.nid = pn.nid"; - $sql .= " WHERE pn.nid IS NULL)"; - // TODO Please convert this statement to the D7 database API syntax. - db_query($sql, $form_state['values']['protected_node_show_node_titles']); + // Add never protected nodes to protected_nodes. + $nodes = db_select('node') + ->fields('node', array('nid')) + ->execute(); + + foreach($nodes as $node) { + $nid = $node->nid; + + $nid_in_protected_node = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('nid', $nid) + ->execute() + ->fetchfield(); + + if (!$nid_in_protected_node) { + // Add the node in protected_nodes + db_insert('protected_nodes') + ->fields(array( + 'nid' => $nid, + 'protected_node_is_protected' => '1', + 'protected_node_show_title' => $form_state['values']['protected_node_show_node_titles'] + )) + ->execute(); + } + } } /** * Make sure all nodes with a password are protected. *