Simple "Access node with unique pin" module

Public

This is the code to create a simple, not so secure "pin" protected node. I was asked to write a simple module that lets one node type have the body field protected by a pin. Keep in mind it was for marketing more so than security. This is the module code I wrote.

Get raw version
php
  1. /**
  2.  * Implements hook_menu().
  3.  */
  4. function mymodule_privatenode_menu() {
  5. $items['api/protectednode/%node'] = array(
  6. 'page callback' => 'get_protectednode',
  7. 'access callback' => TRUE,
  8. 'page arguments' => array(2),
  9. );
  10.  
  11. return $items;
  12. }
  13.  
  14. /**
  15.  * Implements hook_theme().
  16.  * this set ups a template node for the node type titled
  17.  * "Pin Protected Content" and the node tpl file is
  18.  * node--pin_protected_node.tpl.php
  19.  * The node has only two fields. Body field and a field
  20.  * titled field_auth_code that is a simple integer.
  21.  */
  22. function mymodule_privatenode_theme($existing, $type, $theme, $path) {
  23. $theme = array();
  24. $theme['node__pin_protected_content'] = array(
  25. 'render element' => 'content',
  26. 'base hook' => 'node',
  27. 'template' => 'node--pin_protected_content',
  28. 'path' => drupal_get_path('module', 'mymodule_privatenode') . '/templates',
  29. );
  30. return $theme;
  31. }
  32.  
  33. /**
  34.  * Custom function to accept and return "print"
  35.  * the body field of the node.
  36.  */
  37. function get_protectednode($node) {
  38. $output = 'Something went wrong...';
  39.  
  40. if(!empty($_POST['authcode'])) {
  41. $userCode = $_POST['authcode'];
  42. $authCode = NULL;
  43. if(!empty($node->field_auth_code)) {
  44. $authCode = $node->field_auth_code['und'][0]['value'];
  45. if($authCode == $userCode) {
  46. $output = $node->body['und'][0]['value'];
  47. } else {
  48. $output = 'PIN is not valid. Please try again.';
  49. }
  50. } else {
  51. $output = 'Error. Please see site admin.';
  52. }
  53. } else {
  54. $output = 'Error.. You must provide an auth code.';
  55. }
  56.  
  57. print $output;
  58. }

This is the node template code that fires an ajax call to the api endpoint created by the .module file. This should work even if you have more than one node loaded on the same page because the $nid is loaded into each template so that the javascript/ajax works even if two are on the same page at the same time (like if views was used).

Get raw version
php
  1. <div class="row" align="center">
  2. <div class="col-xs-8">
  3. <input id="authcodeUser<?php print $node->nid; ?>" class="form-control" type="tel" placeholder="PIN..." />
  4. </div>
  5. <div class="col-xs-4">
  6. <?php
  7. /* Notes:
  8. */
  9. ?>
  10. <a style="display: block; width: 140px; height: 25px; background: #134E82; padding: 10px; text-align: center; border-radius: 5px; color: white; font-weight: bold;" class="form-submit" href="#" type="submit" id="button-authcode<?php print $node->nid; ?>">Submit</a>
  11. </div>
  12. </div>
  13. <br />
  14. <div id="authSuccess<?php print $node->nid; ?>">
  15.  
  16. </div>
  17.  
  18.  
  19.  
  20. <script>
  21.  
  22. jQuery("#button-authcode<?php print $node->nid; ?>").click(function() {
  23.  
  24. var authCode = document.getElementById("authcodeUser<?php print $node->nid; ?>").value;
  25.  
  26. jQuery.ajax({
  27. url: "<?php print base_path(); ?>api/protectednode/<?php print $node->nid; ?>",
  28. type:"POST",
  29. data: {
  30. "authcode": authCode,
  31. },
  32. success: function(result){
  33. jQuery("#authSuccess<?php print $node->nid; ?>").html(result);
  34. }
  35. });
  36. });
  37.  
  38. </script>