diff --git a/protected_node.fork.inc b/protected_node.fork.inc index 878e3bf..d40613e 100644 --- a/protected_node.fork.inc +++ b/protected_node.fork.inc @@ -210,15 +210,19 @@ */ function protected_node_enter_any_password_validate($form, &$form_state) { // @todo We do not want to check the global password if there is a local // password (i.e. extract local password instead of comparing!). $nids = protected_node_password_nids(); - - $sql = "SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = '%s' AND nid IN (" . db_placeholders($nids, 'int') . ")"; $passwd = sha1($form['#post']['password']); - // @todo Please convert this statement to the D7 database API syntax. - $nid = db_query_range($sql, array_merge(array($passwd), $nids))->fetchField(); + + $nid = db_query_range('protected_nodes', '') + ->fields(array('nid')) + ->condition('protected_node_passwd', $passwd) + ->condition('nid', $nids, 'IN') + ->execute() + ->fetchField(); + if (empty($nid)) { // Note that global password cannot work here since we wouldn't know where // to send the user otherwise. form_set_error('password', t('Incorrect password!')); } diff --git a/protected_node.module b/protected_node.module index 913e607..30209c2 100644 --- a/protected_node.module +++ b/protected_node.module @@ -335,16 +335,20 @@ if (user_access('bypass password protection') || !module_exists('upload')) { return FALSE; } // Check whether the node linked to this file attachment is protected. - $sql = "SELECT u.nid, n.uid, pn.protected_node_passwd_changed"; - $sql .= " FROM {files} f, {upload} u, {protected_nodes} pn, {node} n"; - $sql .= " WHERE pn.nid = u.nid AND u.nid = n.nid AND f.filename = '%s' AND u.fid = f.fid"; - $sql .= " AND pn.protected_node_is_protected = 1"; - // @todo Please convert this statement to the D7 database API syntax. - $file_info = db_query($sql, $filename)->fetchAssoc(); + $file_info = db_select('upload', 'u') + ->join('files', 'f', 'u.fid = f.fid') + ->join('protected_nodes', 'pn', 'u.nid = pn.nid') + ->join('node', 'n', 'u.nid = n.nid') + ->fields(array('u.nid', 'n.nid', 'pn.protected_node_passwd_changed')) + ->condition('f.filename', $filename) + ->condition('pn.protected_node_is_protected', '1') + ->execute() + ->fetchAssoc(); + if ($file_info === FALSE /* Row doesn't exist, it's not protected */ || ($user->uid && $user->uid == $file_info['uid'])) { /* $user is the author */ return FALSE; } @@ -454,13 +458,18 @@ if ($node->protected_node_is_protected && (user_access('edit any password') || user_access('edit ' . $node->type . ' password'))) { $missing_password = FALSE; if (empty($node->protected_node_passwd)) { // Password missing in database too? - $sql = "SELECT protected_node_passwd FROM {protected_nodes} WHERE nid = %d"; // Getting " " (40 spaces) when empty. - $result = trim(db_query("SELECT protected_node_passwd FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $node->nid))->fetchField()); + $result = db_select('protected_nodes') + ->fields('protected_nodes', array('protected_node_passwd')) + ->condition('nid', $node->nid) + ->execute() + ->fetchField(); + + $result = trim($result); if (empty($result)) { $missing_password = TRUE; } } @@ -692,14 +701,20 @@ $files = file_load_multiple(array(), array('uri' => $uri)); if (count($files)) { $file = reset($files); if ($file->status) { - $query = "SELECT n.nid, n.uid, pn.protected_node_passwd_changed FROM {file_usage} fu, {protected_nodes} pn, {node} n WHERE pn.nid = fu.id"; - $query .= " AND fu.fid = :fid AND pn.nid = n.nid AND n.nid = fu.id AND fu.type = 'node' AND pn.protected_node_is_protected = 1"; + $result = db_select('node', 'n') + ->join('file_usage', 'fu', 'n.nid = fu.id') + ->join('protected_nodes', 'pn', 'n.nid = pn.nid') + ->fields(array('n.nid', 'n.uid', 'pn.protected_node_passwd_changed')) + ->condition('fu.id', 'pn.nid') + ->condition('fu.fid', $file->fid) + ->condition('fu.type', 'node') + ->condition('pn.protected_node_is_protected', '1') + ->execute(); - $result = db_query($query, array(':fid' => $file->fid)); while($file_info = $result->fetchAssoc()) { if($file_info === FALSE || ($user->uid && $user->uid == $file_info['uid'])) { return array(); } @@ -751,11 +766,16 @@ // We first test whether a protected_nodes entry exist so we can use UPDATE // or INSERT accordingly (UPDATE does not always properly report working // with MySQL). // We also retrive nid because protected_node_passwd may exist and be empty. - $result = db_query("SELECT nid, protected_node_passwd, protected_node_emails FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $node->nid))->fetchAssoc(); + $result = db_select('protected_nodes') + ->fields('protected_nodes', array('nid', 'protected_node_passwd', 'protected_node_emails')) + ->condition('nid', $node->nid) + ->execute() + ->fetchAssoc(); + if (!empty($result)) { // Note: the following test prevents the user from using "0" as a password. if (isset($node->protected_node_passwd)) { $changed = $node->protected_node_passwd != $result['protected_node_passwd']; if ($changed) { @@ -859,11 +879,23 @@ if ($protection == PROTECTED_NODE_PROTECTION_NEVER) { // By default the node is not protected, return that. return $default_fields; } - $result = db_query("SELECT protected_node_is_protected, protected_node_passwd, protected_node_passwd_changed, protected_node_show_title, protected_node_emails, protected_node_hint FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $node->nid))->fetchAssoc(); + $result = db_select('protected_nodes') + ->fields('protected_nodes', array( + 'protected_node_is_protected', + 'protected_node_passwd', + 'protected_node_passwd_changed', + 'protected_node_show_title', + 'protected_node_emails', + 'protected_node_hint' + )) + ->condition('nid', $node->nid) + ->execute() + ->fetchAssoc(); + if (!is_array($result)) { // The SELECT failed, use the defaults. $result = $default_fields; } else { @@ -981,26 +1013,27 @@ * Implements hook_db_rewrite_sql(). * * This hook forbids end users from seeing a node they do not otherwise have * access to without a password. */ -function protected_node_db_rewrite_sql($query, $primary_table, $primary_field, $args) { - if ($primary_field != 'nid') { - return; - } - if (user_access('access protected content')) { - return; - } +// function protected_node_db_rewrite_sql($query, $primary_table, $primary_field, $args) { +// if ($primary_field != 'nid') { +// return; +// } +// if (user_access('access protected content')) { +// return; +// } - // Prevent query from finding nodes the current user may not have permission - // to see (i.e. if the user doesn't know the password, then it shouldn't be - // shown). - $join = "LEFT JOIN {protected_nodes} protected_nd ON $primary_table.nid = protected_nd.nid"; - $where = "protected_nd.nid IS NULL"; +// // Prevent query from finding nodes the current user may not have permission +// // to see (i.e. if the user doesn't know the password, then it shouldn't be +// // shown). +// // @todo sql +// $join = "LEFT JOIN {protected_nodes} protected_nd ON $primary_table.nid = protected_nd.nid"; +// $where = "protected_nd.nid IS NULL"; - return array('join' => $join, 'where' => $where); -} +// return array('join' => $join, 'where' => $where); +// } /** * Prevent boost from caching protected nodes. * * @todo @@ -1063,12 +1096,17 @@ return FALSE; } if (empty($node->protected_node_is_protected)) { // Node exists in our table? - $r = db_query("SELECT nid FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $node->nid))->fetchField(); - if ($r) { + $select = db_select('protected_nodes') + ->field('protected_nodes', array('nid')) + ->condition('nid', $node->nid) + ->execute() + ->fetchField(); + + if ($select) { if (empty($passwd)) { // In this case, an empty password is fine. $result = db_update('protected_nodes') ->fields(array( 'protected_node_is_protected' => 1, @@ -1076,30 +1114,36 @@ ->condition('nid', $node->nid) ->execute() !== FALSE; } else { // We have to also update the password in this case. - $sql = "UPDATE {protected_nodes} SET protected_node_is_protected = 1, protected_node_passwd = '%s', protected_node_passwd_changed = %d WHERE nid = %d"; - // @todo Please convert this statement to the D7 database API syntax. - $result = db_query($sql, sha1($passwd), REQUEST_TIME, $node->nid) !== FALSE; + $result = db_update('protected_nodes') + ->fields(array( + 'protected_node_is_protected' => 1, + 'protected_node_passwd' => sha1($passwd), + 'protected_node_passwd_changed' => REQUEST_TIME + )) + ->condition('nid', $node->nid) + ->execute() !== FALSE; } } else { // No entry in the database yet, add it now. if (empty($passwd)) { $passwd = ''; } else { $passwd = sha1($passwd); } - $sql = "INSERT INTO {protected_nodes} (protected_node_is_protected,"; - $sql .= " protected_node_passwd, protected_node_show_title, nid)"; - $sql .= " VALUES (1, '%s', %d, %d)"; - // @todo Please convert this statement to the D7 database API syntax. - $result = db_query($sql, $passwd, - variable_get('protected_node_show_node_titles', FALSE), - $node->nid) !== FALSE; + $result = db_insert('protected_nodes') + ->fields(array( + 'nid' => $node->nid, + 'protected_node_is_protected' => 1, + 'protected_node_passwd' => $passwd, + 'protected_node_show_title' => variable_get('protected_node_show_node_titles', FALSE) + )) + ->execute() !== FALSE; } } else { // The node is already protected, change the password if necessary. if (empty($passwd)) { @@ -1126,20 +1170,24 @@ * * @return boolean * TRUE if the node was protected before the call, FALSE otherwise. */ function protected_node_unset_protected($nid) { - $r = db_query("SELECT protected_node_is_protected FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $nid))->fetchField() == 1; + $result = db_select('protected_nodes') + ->field('protected_nodes', array('protected_node_is_protected')) + ->condition('nid', $nid) + ->execute() + ->fetchField() == 1; db_update('protected_nodes') ->fields(array( 'protected_node_is_protected' => 0, )) ->condition('nid', $nid) ->execute(); - return $r; + return $result; } /** * This method determines the protected flag status for the given node id. * @@ -1155,11 +1203,17 @@ function protected_node_isset_protected($nid) { if (!is_numeric($nid)) { return FALSE; } - return db_query("SELECT protected_node_is_protected FROM {protected_nodes} WHERE nid = :nid", array(':nid' => $nid))->fetchField() == 1; + $result = db_select('protected_nodes') + ->field('protected_nodes', array('protected_node_is_protected')) + ->condition('nid', $nid) + ->execute() + ->fetchField() == 1; + + return $result; } /** * Revoke access to the current used from the specified protected node. * The effect is immediate. diff --git a/protected_node.redirect.inc b/protected_node.redirect.inc index 427d060..2f05f58 100644 --- a/protected_node.redirect.inc +++ b/protected_node.redirect.inc @@ -148,13 +148,19 @@ function protected_node_enterpassword_validate($form, &$form_state) { // @todo We do not want to check the global password if there is a local // password (i.e. extract local password instead of comparing). // @todo The protected_node_nid parameter should be extracted from the // destination URI. - $sql = "SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = '%s' AND nid = %d"; $passwd = sha1($form_state['values']['password']); - $nid = db_query("SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = :protected_node_passwd AND nid = :nid", array(':protected_node_passwd' => $passwd, ':nid' => $form_state['values']['protected_node_nid']))->fetchField(); + + $nid = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('protected_node_passwd', $passwd) + ->condition('nid', $form_state['values']['protected_node_nid']) + ->execute() + ->fetchAssoc(); + if (empty($nid)) { switch (variable_get('protected_node_use_global_password', PROTECTED_NODE_PER_NODE_PASSWORD)) { case PROTECTED_NODE_PER_NODE_AND_GLOBAL_PASSWORD: case PROTECTED_NODE_GLOBAL_PASSWORD: $global_passwd = variable_get('protected_node_global_password', ''); @@ -175,11 +181,17 @@ } if (!empty($nid)) { // The user found a global password. // Was the protected node created by an anonymous user? // If so, prevent the use of any global password. - $created = db_query("SELECT created FROM {node} WHERE nid = :nid AND uid = :uid", array(':nid' => $form_state['values']['protected_node_nid'], ':uid' => 0))->fetchField(); + $created = db_select('node') + ->field('node', array('created')) + ->condition('nid', $form_state['values']['protected_node_nid']) + ->condition('uid', 0) + ->execute() + ->fetchField(); + if ($created) { $nid = FALSE; } } break; diff --git a/protected_node.settings.inc b/protected_node.settings.inc index 6357787..66758b5 100644 --- a/protected_node.settings.inc +++ b/protected_node.settings.inc @@ -243,17 +243,49 @@ * @return array * $form The settings form */ function protected_node_admin_settings() { - $unprotected_count = db_query("SELECT COUNT(n.nid) FROM {node} n LEFT JOIN {protected_nodes} pn ON pn.nid = n.nid WHERE pn.protected_node_is_protected = :protected_node_is_protected OR pn.protected_node_is_protected IS NULL", array(':protected_node_is_protected' => 0))->fetchField(); - $protected_count = db_query("SELECT COUNT(nid) FROM {protected_nodes} WHERE protected_node_is_protected = :protected_node_is_protected", array(':protected_node_is_protected' => 1))->fetchField(); - $title_count = db_query("SELECT COUNT(nid) FROM {protected_nodes} WHERE protected_node_is_protected = :protected_node_is_protected AND protected_node_show_title = :protected_node_show_title", array(':protected_node_is_protected' => 1, ':protected_node_show_title' => 1))->fetchField(); - $global_count = db_query("SELECT COUNT(nid) FROM {protected_nodes} WHERE protected_node_is_protected = :protected_node_is_protected AND protected_node_passwd = :protected_node_passwd", array(':protected_node_is_protected' => 1, ':protected_node_passwd' => ''))->fetchField(); + // Total + $total = db_select('node') + ->fields('node', array('nid')) + ->execute() + ->fetchAll(); + + // Protected + $protected = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('protected_node_is_protected', 1) + ->execute() + ->fetchAll(); + + // Title + $title = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('protected_node_is_protected', 1) + ->condition('protected_node_show_title', 1) + ->execute() + ->fetchAll(); + + // Global + $global = db_select('protected_nodes') + ->fields('protected_nodes', array('nid')) + ->condition('protected_node_is_protected', 1) + ->condition('protected_node_passwd', '') + ->execute() + ->fetchAll(); + + $total_count = count($total); + $protected_count = count($protected); + $unprotected_count = $total_count - $protected_count; + $title_count = count($title); + $hiding_count = $protected_count - $title_count; + $global_count = count($global); + $node_password_count = $protected_count - $global_count; // Any nodes? - if ($protected_count + $unprotected_count > 0) { + if ($total_count > 0) { // Statistics $form['protected_node_stats'] = array( '#type' => 'fieldset', '#title' => t('Protected node statistics'), '#collapsible' => TRUE, @@ -267,11 +299,11 @@ $rows = array(); $rows[] = array( t('Total nodes'), array( - 'data' => $protected_count + $unprotected_count, + 'data' => $total_count, 'style' => 'text-align:right' ), array( 'data' => t('100%'), 'style' => 'text-align:right' @@ -282,22 +314,22 @@ array( 'data' => $unprotected_count, 'style' => 'text-align:right' ), array( - 'data' => round($unprotected_count * 100 / ($unprotected_count + $protected_count), 2) . '%', + 'data' => round($unprotected_count * 100 / ($total_count), 2) . '%', 'style' => 'text-align:right' ), ); $rows[] = array( t('Protected nodes'), array( 'data' => $protected_count, 'style' => 'text-align:right' ), array( - 'data' => round($protected_count * 100 / ($unprotected_count + $protected_count), 2) . '%', + 'data' => round($protected_count * 100 / ($total_count), 2) . '%', 'style' => 'text-align:right' ), ); if ($protected_count > 0) { $rows[] = array( @@ -312,15 +344,15 @@ ), ); $rows[] = array( t('Hiding title'), array( - 'data' => $protected_count - $title_count, + 'data' => $hiding_count, 'style' => 'text-align:right' ), array( - 'data' => round(($protected_count - $title_count) * 100 / $protected_count, 2) . '%', + 'data' => round($hiding_count * 100 / $protected_count, 2) . '%', 'style' => 'text-align:right' ), ); $rows[] = array( t('Global passwords'), @@ -334,15 +366,15 @@ ), ); $rows[] = array( t('Node passwords'), array( - 'data' => $protected_count - $global_count, + 'data' => $node_password_count, 'style' => 'text-align:right' ), array( - 'data' => round(($protected_count - $global_count) * 100 / $protected_count, 2) . '%', + 'data' => round($node_password_count * 100 / $protected_count, 2) . '%', 'style' => 'text-align:right' ), ); } @@ -752,16 +784,20 @@ ->condition('protected_node_is_protected', 0) ->execute(); // Then update the table with ALL the existing nodes and as we're at it // we mark them as protected. - $sql = "INSERT INTO {protected_nodes}"; - $sql .= " (SELECT n.nid, %d AS protected_node_show_title, 1 AS protected_node_is_protected, '' AS protected_node_passwd"; - $sql .= " FROM {node} n LEFT JOIN {protected_nodes} pn ON n.nid = pn.nid"; - $sql .= " WHERE pn.nid IS NULL)"; - // TODO Please convert this statement to the D7 database API syntax. - db_query($sql, $form_state['values']['protected_node_show_node_titles']); + $insert = db_insert('protected_nodes', 'pn'); + $insert->leftjoin('node', 'n', 'n.nid = pn.nid'); + $insert->fields(array( + 'nid' => 'n.nid', + 'protected_node_show_title' => $form_state['values']['protected_node_show_node_titles'], + 'protected_node_is_protected' => '1', + 'protected_node_password' => '', + )); + $insert->condition('pn.nid', NULL); + $insert->execute(); } /** * Make sure all nodes with a password are protected. *