The protected node module has global settings found under:
Administer » Site configuration » Protected node
The page starts with statistics to let you know how pages are protected on your website. All the counts include published and unpublished content.
The following field set includes security features. Any settings are secure, it is to allow you to tweak the security functions of the Protected node module to better match your needs.
The default is Per node password. This means the global password is not made available at all. Whether you enter a global password is not significant.
The Per node password or Global password option gives you the ability to protect nodes without having to enter a password each time. This is quite practical if you work with other moderators out of which a small group make use of specific password, and the rest can use the global password.
The Global password only selection entirely removes the need to enter a password on a per node basis. Obviously, this means that all the protected nodes make use of the exact same password. However, if you have a policy that requires you to frequently change the password, that could save your day.
NOTE
The global password is ignored, and the node password is required, if the author of the password is the anonymous user. This is important since many different people can be the anonymous user. In this special case the system always reacts as if this setting was Per node password.
IMPORTANT NOTES
It is important to note that the use of the Global Password is contradictory to using the password fork feature. The password fork expects a different password on each of the node you are trying to access.
Enter the global password twice if you make a selection that require a global password. Note that once you setup a password it cannot be removed from the interface. It will not be necessary to enter the password each time you change the settings.
This field makes use of the Drupal Core JavaScript functions to show you how safe the Global password is (weak, medium, strong, etc.)
By default the module only shows the regular two password fields in a node you are protecting. Both fields must include the same password to be able to save the node.
When this flag is turned on, the Protected node module adds the JavaScript code from Drupal Core that shows the users whether their password is weak, medium or strong.
This can cause some unwanted side effects (conflicts with other modules) so if you run into problems with this feature, turn it off.
When you protect a node, it is expected that the content of the node is secret but to those who know the password.
This flag gives permission to the Protected node module to display the title of the node (for example, with a photo album, it may be fine to show the name to the users so they know that they are trying to access the right album.)
IMPORTANT NOTES
The features in the next field set give you access to Tokens. These tokens can be used to include information about the node in the password form generated by the Protected node module. The tokens can be used to show the entire content of the node! Also, this flag does not prevent you from making use of the [node-title] token.
I introduced a basic email functionality that will send the password to the people listed in the provided box.
Enter the size of the text area used to enter the list of emails.
The size must be a width an X letter followed by the height.
For example: 60x5
Clear this field to remove the email functionality.
WARNING
Remember that spammers love to send emails from other people websites. Make sure to restrict access to this functionality so anonymous users or even the most basic registered users cannot send emails.
By default, the From: parameter is set to the content of the site mail variable.
This field let you enter a different email address (i.e. noreply@m2osw.com)
Enter your own email subject. The system provides a default in case you don't enter your own. You may not like the default and it may not be translated.
The email body that supports tokens. The Protected node module provides a few tokens of its own. In this case, you may particularly interested by the [node-password] token.
Note that like the form, you can use any node token and show anything you want to your users. Be careful.
The list of available tokens is shown at the bottom of the Protected node form field set (i.e. next field set.)
USE AT YOUR OWN RISK!
This option gives permission to the Protected node module to generate a password if you don't enter one when saving the node.
When this flag is off and emails are entered, the user is required to enter a password because the one in the database is encrypted. In other words, we could not send the password to the users listed in the node and the email is likely useless (unless you offer the view protected content permission.)
Whenever a user reaches a node that is protected by a password, one is sent to a form and asked for the top secret password.
That form includes a title, a main description, a field set with another description, the password field, and a submit button. This form can be tweaked as presented below.
This flag can be selected to always show the users a Cancel link next to the Submit button. This is generally a good idea.
By default, the cancel link points back to where the user came from. This only works if the browser sent us a referrer URL when the user first tried to access the protected content. Obviously, if you gave a direct link for your users to enter in their browser, there will be no referrer. Also, many browsers don't give away foreign websites (i.e. if you click on a link on another website that points to one of your pages, then it is likely that your browser will not tell you anything about that foreign website.)
When no referrer was defined, the Cancel link points to your front page.
The title of the page. It supports tokens (i.e. [node-title]).
This description appears right before the password field set. It may be made empty to remove the field.
This description appears inside the password field set, right before the two password text fields.
This is the label appearing before the two passwords. It is not possible to change the other two fields (Password & Confirm password).
Mass actions on nodes in regard to the protected node features. This should be extended to include functions in the Content page, but for now, it's here and always acts on all nodes or a subset defined by the protected flag or existing passwords.
The sub-field sets are there to prevent you from clicking on the wrong button too often. Remember that since these functions are applied against all the nodes of your website, if you don't have a backup, you may lose valuable information.
This version of the module let you clear all the sessions.
NOTES
The function really just saves the current date as the deadline date used to know whether a password was entered a long time ago. For this reason, you will notice that this is extremely fast, even on very large websites.
When you create nodes making use of the Global password and at some point want to remove the Global password functionality. This mass reset passwords is very useful in this case. It sets a node password to all the nodes that were using the Global password.
Note that this function doesn't touch the existing passwords, it only sets passwords where missing.
This function resets all the passwords to make use of the global password. This is useful if you change your mind and decide that all your protected nodes should use the Global password.
Note that to change all the passwords of all your protected nodes, you may first clear them with this action, and then use the Reset passwords action to set the password on all protected nodes. It is one way to change the password on all your nodes, but it's a bit drastic!
WARNING
This erase all the existing passwords. Be very careful when using this action.
This function clears the This <node-type> is protected flag from all your nodes.
This means no more nodes will then be protected. Be very careful with this function!
This function transform your entire website in a protected website. All your nodes will require a password to access them.
Note that special pages (non-nodes) are not currently protected by this module. For example, your contact page, views, PAD file pages, etc. remain publicly accessible.
This action requires you to create a Global password. However, the system will not generate an error if you did not turn on the Global password functionality. It is your responsibility. Without turning on the Global password, all your nodes will be inaccessible since no password can be matched.
If somehow some of your nodes with a password got unprotected, this function can be used to re-protect them.
In a way, this is similar to Protect nodes, but it is limited to nodes that had a password. This means it will not protect nodes that were protected with the Global password.
Note that nodes that have a node type set to Never protected will still not be protected whether they had a password defined or not.