I created two basic pages and used protected_node to protect them. I set protected_node to use a global password and according to the statistics my pages are protected by the global passwords. However, the password is never accepted. I always see the Incorrect Password message.
If I switch to using a per-node password, even if it's the same password as the global password, protected_node will accept the passwords. However, I have to enter the password for both pages. I really need the persistence feature.
Hacking the code to figure out what is going on, it seems to completely bypass this block of code in protected_node.redirect.inc that begins:
$nid = db_query("SELECT nid FROM {protected_nodes} WHERE protected_node_passwd = :protected_node_passwd AND nid = :nid", array(':protected_node_passwd' => $passwd, ':nid' => $protected_node_nid))->fetchField();
$node = node_load($protected_node_nid);
if (empty($nid)) {
and goes straight to the error message.
I looked in the database and when a global password is used, no passwords are stored with my protected nodes in the protected_nodes table. select nid, protected_node_passwd from protected_nodes
shows my two nodes with empty strings. I'm not sure if that is the expected behavior.
Comment | File | Size | Author |
---|---|---|---|
#10 | global_password_does-2266507-10.patch | 7.05 KB | Grimreaper |
#4 | global_password_does-2266507-4.patch | 4.35 KB | Grimreaper |
#2 | protected_node_remove_sql-2266507.patch | 5.31 KB | Grimreaper |
Comments
Comment #1
GrimreaperHello,
Sorry to respond lately. I will see the problem this weekend.
Thanks to highlight this db_query, I forgot it when I rewrote the queries to use Drupal database query API. There was not the "todo" tag on it.
Comment #2
GrimreaperHello,
The validation function is very weird. I fear to introduce regression by modifiying it.
Meanwhile, I found a solution, define a password for the content type and then the super global password will be taken into account. Very very weird.
So if a maintainer wants me to clean this function ok, I will do it. Otherwise I prefer rewrite this module completely (maybe a 7.x-2.x branch ?). If nobody will touch this function, I will document that trick.
I attach a patch that remove sql query (rewritten with the Drupal API).
I found a variable $sql not used, so I removed it.
I found a lack of test on a variable about email. I got a notice.
Oh, I forget, I witness that the bug exists :)
Thanks for the review.
Comment #3
izus CreditAttribution: izus commentedHi dsoini,
can you please test and confirm #2 in meeting the needs or not.
Thanks
Comment #4
GrimreaperRebasing patch from comment #2.
Comment #5
izus CreditAttribution: izus commenteddo we need selected fields here ?
do we really need to select nid field ? we already have a condition on the nid we want to select
d we really need the created field ?
Comment #6
GrimreaperI didn't focus on the logic and questions about what we need.
I just rewrote the queries to use the Drupal database API.
I prefer focusing on "the great cleaning" later when all the tests will be here. :)
Comment #8
izus CreditAttribution: izus commentedmerged #4 as it seems ok for me and it's the cleanup we are lloking for.
but i'm not closing the issue as i didn't test if this solves it or not.
if you guys dsoini or Grimreaper tested and are ok. we can mark the issue ad fixed.
thanks
Comment #9
GrimreaperNo, the little cleanup has no relation with the issue.
I post the patch in this issue in comment #2, as I discover the queries not using the Drupal database API trying to solve the issue.
It's because there is this issue, that I wanted to first write tests, because I think solving this issue can have a lot of side effects.
Comment #10
GrimreaperHello,
Here is a patch that add tests for global password features and fix the bug, also witnessed by the tests.
I made less modification as possible in protected_node.redirect.inc but I still found this validation function hard to read and understand.
I think it will be necessary to rewrite it when there will be no more bugs.
Comment #12
izus CreditAttribution: izus commentedmerged #11
Thanks