Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
After following installation steps, nodes that are protected show the form properly, as well as "Incorrect password" errors. When the correct password is entered, there are no errors or messages, the password form simply shows again.
Affects Drupal 7.43 (although we had the issue on 7.39 also). I actually had the Protected Page module installed and thought maybe I'd try this one, but they both show identical symptoms.
Comments
Comment #2
GrimreaperHello,
Thanks for reporting your issue but I can't reproduce the bug.
I have a Drupal 7.43 installed with the last codebase of protected node and it works with the right password.
Did you try to edit the node to save a new password to test?
Do you have an anti-spam system or maybe a cache system that may interfere with the password form?
Comment #3
joshrps CreditAttribution: joshrps commentedComment #4
joshrps CreditAttribution: joshrps commentedHi! I think it is limited to my install, which is why I tagged it as a "support request" - I have changed the password multiple times with the same results. We do have the cache enabled but I've turned it off in a debugging attempt, but it didn't make any difference.
I looked at the source and made a few "echo 'whatever'"-type statements, and they all seem to fire off correctly; if the password is entered correctly, it makes it to the bottom of the password checking method without triggering an error. Could it be that we have some custom page preprocessing scripts?
Comment #5
GrimreaperHello,
Can you compare the result of hash('sha256', 'your password') and what is stored in your database has hashed password?
Comment #6
joshrps CreditAttribution: joshrps commentedThanks for the help! They match perfectly. It definitely lets me know when the password is wrong.
I've looked into the code a lot, it seems like the module acts as a gate for the content, so before it shows the page, it checks to see if it's protected or not, and once the password is accepted, it simply flows past the check, right? Because it seems to pass through the module correctly, it just seems strange that it shows the form again. Would it be useful if I could determine if the page is reloading or redirecting back to the form after submission?
Comment #7
GrimreaperOk, so, the good password is stored in the database.
As the module use $_SESSION to check if the password has already been entered, do you have a module or a cache system that may interfere with that?
Yes you can check in the hook_init() why the password form is reloaded.
Comment #8
joshrps CreditAttribution: joshrps commentedI am concerned that it is an incompatible module, but it's on a very large site with a lot of modules, so it'll be difficult to debug. I will look through them to make some educated guesses, as well as check in hook_init() to see what's going on. I'll get back to you soon :)
Comment #9
jestith CreditAttribution: jestith commentedJust FYI, I'm seeing this issue also (at http://www.neverend.com/simon-sidekick-audio-short-story) also on Drupal 7.43 and with both this module and the Protected Pages module (only one at a time in use).
Entering the wrong password results in an "incorrect password" notification. Entering the correct password ("simon" for now) puts me back at a page that looks exactly like the original password request page. I agree it could possibly be a conflict with another module, but it would take a long time to disable them all. I've so far eliminated TAC Lite, Redirect, and Webform as possibilities.
Comment #10
GrimreaperHello,
Thanks jestith for the link.
After testing on your site, I think the problem is that after entering the password I don't get the session cookie. So Protected node can't see that I already have entered the password.
Do you have a module that can alter the way Drupal give session cookie? Or is it from your server configuration?
Comment #11
GrimreaperHello,
I close the issue, feel free to re-open if needed.